empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 08:55:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
889247eeb3
fleet/terraform/byo-vpc/main.tf
Zachary Winnerman a23ce1b0a2
Dogfood changes (#9763) 
# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
  - For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-02-09 00:20:57 -05:00

125 lines
4.6 KiB
HCL
Raw Blame History

module "byo-db" {
source = "./byo-db"
vpc_id = var.vpc_config.vpc_id
fleet_config = merge(var.fleet_config, {
database = {
address = module.rds.cluster_endpoint
database = "fleet"
user = "fleet"
password_secret_arn = module.secrets-manager-1.secret_arns["${var.rds_config.name}-database-password"]
}
redis = {
address = "${module.redis.endpoint}:${module.redis.port}"
}
networking = {
subnets = var.vpc_config.networking.subnets
}
})
ecs_cluster = var.ecs_cluster
migration_config = var.migration_config
alb_config = var.alb_config
}
resource "random_password" "rds" {
length = 16
special = true
override_special = "!#$%&*()-_=+[]{}<>:?"
}
module "rds" {
source = "terraform-aws-modules/rds-aurora/aws"
version = "7.6.0"
name = var.rds_config.name
engine = "aurora-mysql"
engine_version = var.rds_config.engine_version
instance_class = var.rds_config.instance_class
instances = {
one = {}
two = {}
}
vpc_id = var.vpc_config.vpc_id
subnets = var.rds_config.subnets
allowed_security_groups = concat(tolist(module.byo-db.byo-ecs.non_circular.security_groups), var.rds_config.allowed_security_groups)
allowed_cidr_blocks = var.rds_config.allowed_cidr_blocks
storage_encrypted = true
apply_immediately = var.rds_config.apply_immediately
monitoring_interval = var.rds_config.monitoring_interval
db_parameter_group_name = var.rds_config.db_parameter_group_name == null ? aws_db_parameter_group.main[0].id : var.rds_config.db_parameter_group_name
db_cluster_parameter_group_name = var.rds_config.db_cluster_parameter_group_name == null ? aws_rds_cluster_parameter_group.main[0].id : var.rds_config.db_cluster_parameter_group_name
enabled_cloudwatch_logs_exports = var.rds_config.enabled_cloudwatch_logs_exports
master_username = var.rds_config.master_username
master_password = random_password.rds.result
database_name = "fleet"
skip_final_snapshot = true
snapshot_identifier = var.rds_config.snapshot_identifier
}
data "aws_subnet" "redis" {
for_each = toset(var.redis_config.subnets)
id = each.value
}
module "redis" {
source = "cloudposse/elasticache-redis/aws"
version = "0.48.0"
name = var.redis_config.name
replication_group_id = var.redis_config.replication_group_id == null ? var.redis_config.name : var.redis_config.replication_group_id
elasticache_subnet_group_name = var.redis_config.elasticache_subnet_group_name == null ? var.redis_config.name : var.redis_config.elasticache_subnet_group_name
availability_zones = var.redis_config.availability_zones
vpc_id = var.vpc_config.vpc_id
description = "Fleet Redis"
#allowed_security_group_ids = concat(var.redis_config.allowed_security_group_ids, module.byo-db.ecs.security_group)
subnets = var.redis_config.subnets
cluster_size = var.redis_config.cluster_size
instance_type = var.redis_config.instance_type
apply_immediately = var.redis_config.apply_immediately
automatic_failover_enabled = var.redis_config.automatic_failover_enabled
engine_version = var.redis_config.engine_version
family = var.redis_config.family
at_rest_encryption_enabled = var.redis_config.at_rest_encryption_enabled
transit_encryption_enabled = var.redis_config.transit_encryption_enabled
parameter = var.redis_config.parameter
additional_security_group_rules = [{
type = "ingress"
from_port = 0
to_port = 65535
protocol = "tcp"
cidr_blocks = ["10.0.0.0/8"]
}]
}
module "secrets-manager-1" {
source = "lgallard/secrets-manager/aws"
version = "0.6.1"
secrets = {
"${var.rds_config.name}-database-password" = {
description = "fleet-database-password"
recovery_window_in_days = 0
secret_string = module.rds.cluster_master_password
},
}
}
resource "aws_db_parameter_group" "main" {
count = var.rds_config.db_parameter_group_name == null ? 1 : 0
name = var.rds_config.name
family = "aurora-mysql8.0"
description = "fleet"
}
resource "aws_rds_cluster_parameter_group" "main" {
count = var.rds_config.db_cluster_parameter_group_name == null ? 1 : 0
name = var.rds_config.name
family = "aurora-mysql8.0"
description = "fleet"
}
Reference in New Issue View Git Blame Copy Permalink