update multi-region

Sellix · Nov 21, 2021 · 16a1719 · 16a1719
1 parent 3021714
commit 16a1719
Show file tree

Hide file tree

Showing 14 changed files with 152 additions and 47 deletions.
diff --git a/README.md b/README.md
@@ -14,17 +14,24 @@ AWS Elastic Beanstalk infrastructure for Sellix's [web-app](https://sellix.io),
 
 ### Apply
 
-Initialize Environment
+1. Initialize Environment
 
 `export ENV={environment}`
 
-AWS IAM (optional, see main.tf)
+2. Initialize TFVARS
+
+`mv terraform.tfvars.example.json terraform.tfvars.json`
+
+then edit
+
+3. Edit Providers according to desired Regions in main.tf
+4. AWS IAM (optional, see main.tf)
 ```
 export AWS_ACCESS_KEY=""
 export AWS_SECRET_KEY=""
 ```
 
-Terraform Apply
+5. Terraform Apply
 
 ```
 terraform init

diff --git a/beanstalk.tf → beanstalk/beanstalk.tf b/beanstalk.tf → beanstalk/beanstalk.tf
@@ -1,9 +1,16 @@
+data "aws_elastic_beanstalk_solution_stack" "nodejs" {
+  most_recent = true
+
+  name_regex = "^64bit Amazon Linux (.*) running Node.js ${var.nodejs_version != null ?
+  var.nodejs_version : "(.*)"}$"
+}
+
 resource "aws_elastic_beanstalk_environment" "sellix-web-app-environment" {
   name                   = local.tags["Project"]
   application            = aws_elastic_beanstalk_application.sellix-web-app.name
   tier                   = "WebServer"
   wait_for_ready_timeout = "20m"
-  solution_stack_name    = "64bit Amazon Linux 2 v5.4.8 running Node.js 12"
+  solution_stack_name    = data.aws_elastic_beanstalk_solution_stack.nodejs.name
   setting {
     namespace = "aws:elasticbeanstalk:monitoring"
     name      = "Automatically Terminate Unhealthy Instances"

diff --git a/chatbot.tf → beanstalk/chatbot.tf b/chatbot.tf → beanstalk/chatbot.tf
@@ -11,7 +11,7 @@ data "terraform_remote_state" "sellix-web-app-chatbot-terraform-state" {
 }
 
 resource "aws_codestarnotifications_notification_rule" "sellix-web-app-codestarnotifications" {
-  name        = "${local.tags["Project"]}-${local.aws_region}-chatbot"
+  name        = "${local.tags["Project"]}-${var.aws_region}-chatbot"
   detail_type = "BASIC"
   resource    = aws_codepipeline.sellix-web-app-codepipeline.arn
   status      = "ENABLED"

diff --git a/iam.tf → beanstalk/iam.tf b/iam.tf → beanstalk/iam.tf
@@ -28,7 +28,7 @@ data "aws_iam_policy_document" "sellix-web-app-elb-policy-document" {
       "s3:PutObject",
     ]
     resources = [
-      "arn:aws:s3:::${local.tags["Project"]}-${local.aws_region}-elb-logs/*"
+      "arn:aws:s3:::${local.tags["Project"]}-${var.aws_region}-elb-logs/*"
     ]
     principals {
       type        = "AWS"
@@ -168,27 +168,27 @@ data "aws_elb_service_account" "sellix-web-app-elb-service" {
 }
 
 resource "aws_iam_role" "sellix-web-app-codepipeline-role" {
-  name               = "${local.tags["Project"]}-${local.aws_region}-codepipeline-role"
+  name               = "${local.tags["Project"]}-${var.aws_region}-codepipeline-role"
   assume_role_policy = data.aws_iam_policy_document.sellix-web-app-service-policy-document.json
 }
 
 resource "aws_iam_role" "sellix-web-app-service-role" {
-  name               = "${local.tags["Project"]}-${local.aws_region}-service-role"
+  name               = "${local.tags["Project"]}-${var.aws_region}-service-role"
   assume_role_policy = data.aws_iam_policy_document.sellix-web-app-service-policy-document.json
 }
 
 resource "aws_iam_role" "sellix-web-app-ec2-role" {
-  name               = "${local.tags["Project"]}-${local.aws_region}-ec2-role"
+  name               = "${local.tags["Project"]}-${var.aws_region}-ec2-role"
   assume_role_policy = data.aws_iam_policy_document.sellix-web-app-ec2-policy-document.json
 }
 
 resource "aws_iam_instance_profile" "sellix-web-app-ec2-instance-profile" {
-  name = "${local.tags["Project"]}-${local.aws_region}-ec2-instance-profile"
+  name = "${local.tags["Project"]}-${var.aws_region}-ec2-instance-profile"
   role = aws_iam_role.sellix-web-app-ec2-role.name
 }
 
 resource "aws_iam_role_policy" "sellix-web-app-codepipeline-policy" {
-  name   = "${local.tags["Project"]}-${local.aws_region}-codepipeline-policy"
+  name   = "${local.tags["Project"]}-${var.aws_region}-codepipeline-policy"
   role   = aws_iam_role.sellix-web-app-codepipeline-role.id
   policy = <<EOF
 {
@@ -230,36 +230,36 @@ EOF
 }
 
 resource "aws_iam_role_policy" "sellix-web-app-service-sns-policy" {
-  name   = "${local.tags["Project"]}-${local.aws_region}-service-sns-policy"
+  name   = "${local.tags["Project"]}-${var.aws_region}-service-sns-policy"
   role   = aws_iam_role.sellix-web-app-service-role.id
   policy = data.aws_iam_policy_document.sellix-web-app-service-sns-policy-document.json
 }
 
 resource "aws_iam_role_policy" "sellix-web-app-default-policy" {
-  name   = "${local.tags["Project"]}-${local.aws_region}-default-policy"
+  name   = "${local.tags["Project"]}-${var.aws_region}-default-policy"
   role   = aws_iam_role.sellix-web-app-ec2-role.id
   policy = data.aws_iam_policy_document.sellix-web-app-default-policy-document.json
 }
 
 resource "aws_iam_role" "sellix-web-app-codebuild-role" {
-  name               = "${local.tags["Project"]}-${local.aws_region}-codebuild-role"
+  name               = "${local.tags["Project"]}-${var.aws_region}-codebuild-role"
   assume_role_policy = data.aws_iam_policy_document.sellix-web-app-codebuild-assumerole-policy-document.json
 }
 
 resource "aws_iam_policy" "sellix-web-app-codebuild-permissions-policy" {
-  name   = "${local.tags["Project"]}-${local.aws_region}-codebuild-permissions-policy"
+  name   = "${local.tags["Project"]}-${var.aws_region}-codebuild-permissions-policy"
   path   = "/service-role/"
   policy = data.aws_iam_policy_document.sellix-web-app-codebuild-permissions-policy-document.json
 }
 
 resource "aws_iam_policy" "sellix-web-app-codebuild-policy" {
-  name        = "${local.tags["Project"]}-${local.aws_region}-codebuild-policy"
+  name        = "${local.tags["Project"]}-${var.aws_region}-codebuild-policy"
   description = "CodeBuild access policy"
   policy      = data.aws_iam_policy_document.sellix-web-app-codebuild-policy-document.json
 }
 
 resource "aws_iam_policy" "sellix-web-app-codebuild-codestar-connection-policy" {
-  name        = "${local.tags["Project"]}-${local.aws_region}-codebuild-codestar-connection-policy"
+  name        = "${local.tags["Project"]}-${var.aws_region}-codebuild-codestar-connection-policy"
   description = "CodeBuild CodeStar Connection policy"
   policy      = data.aws_iam_policy_document.sellix-web-app-codebuild-codestar-connection-policy-document.json
 }

diff --git a/locals.tf → beanstalk/locals.tf b/locals.tf → beanstalk/locals.tf
@@ -3,19 +3,16 @@ data "aws_availability_zones" "available" {
 }
 
 locals {
-  workspace_infos = split("$", terraform.workspace)
-  aws_region      = local.workspace_infos[1]
-  workspace       = local.workspace_infos[0]
   tags = {
-    "Project"     = "sellix-web-app-v2-${local.workspace}"
-    "Environment" = local.workspace
+    "Project"     = "sellix-web-app-v2-${terraform.workspace}"
+    "Environment" = terraform.workspace
   }
   env = {
     ELASTIC_BEANSTALK_PORT = 8080
     DOMAIN                 = local.production ? "sellix.io" : "sellix.gg"
     ENVIRONMENT            = local.production ? "production" : "staging"
   }
-  production = contains(["prod"], substr(local.workspace, 0, 4)) ? true : false
+  production = contains(["prod"], substr(terraform.workspace, 0, 4)) ? true : false
   notification_topic_arn = { for s in aws_elastic_beanstalk_environment.sellix-web-app-environment.all_settings :
   s.name => s.value if s.namespace == "aws:elasticbeanstalk:sns:topics" && s.name == "Notification Topic ARN" }
   availability_zones = [data.aws_availability_zones.available.names[0], data.aws_availability_zones.available.names[1]]
@@ -218,7 +215,7 @@ locals {
     {
       namespace = "aws:elbv2:listener:443"
       name      = "SSLCertificateArns"
-      value     = local.production ? var.ssl_arn[local.aws_region]["production"] : var.ssl_arn[local.aws_region]["staging"]
+      value     = local.production ? var.ssl_arn[var.aws_region]["production"] : var.ssl_arn[var.aws_region]["staging"]
     },
     {
       namespace = "aws:elbv2:loadbalancer"

diff --git a/beanstalk/main.tf b/beanstalk/main.tf
@@ -0,0 +1,14 @@
+terraform {
+  required_version = ">= 0.13"
+  required_providers {
+    aws = {
+      "source" = "hashicorp/aws"
+    }
+    github = {
+      source = "integrations/github"
+    }
+    random = {
+      source = "hashicorp/random"
+    }
+  }
+}
diff --git a/outputs.tf → beanstalk/outputs.tf b/outputs.tf → beanstalk/outputs.tf
diff --git a/pipeline.tf → beanstalk/pipeline.tf b/pipeline.tf → beanstalk/pipeline.tf
diff --git a/s3.tf → beanstalk/s3.tf b/s3.tf → beanstalk/s3.tf
@@ -1,19 +1,19 @@
 resource "aws_s3_bucket" "sellix-web-app-codepipeline-s3-bucket" {
-  bucket = "${local.tags["Project"]}-${local.aws_region}-codepipeline"
+  bucket = "${local.tags["Project"]}-${var.aws_region}-codepipeline"
   acl    = "private"
   tags = merge({
-    "Name" = "${local.tags["Project"]}-${local.aws_region}-codepipeline-s3-bucket"
+    "Name" = "${local.tags["Project"]}-${var.aws_region}-codepipeline-s3-bucket"
     },
     local.tags
   )
 }
 
 resource "aws_s3_bucket" "sellix-web-app-elb-logs" {
-  bucket = "${local.tags["Project"]}-${local.aws_region}-elb-logs"
+  bucket = "${local.tags["Project"]}-${var.aws_region}-elb-logs"
   acl    = "private"
   policy = join("", data.aws_iam_policy_document.sellix-web-app-elb-policy-document.*.json)
   tags = merge({
-    "Name" = "${local.tags["Project"]}-${local.aws_region}-elb-logs"
+    "Name" = "${local.tags["Project"]}-${var.aws_region}-elb-logs"
     },
     local.tags
   )

diff --git a/security.tf → beanstalk/security.tf b/security.tf → beanstalk/security.tf
@@ -14,7 +14,7 @@ resource "aws_security_group" "sellix-web-app-security-group" {
     from_port   = 0
     to_port     = 0
     protocol    = -1
-    cidr_blocks = ["0.0.0.0/0"] # rlly needed?
+    cidr_blocks = ["0.0.0.0/0"]
   }
   tags = merge({
     "Name" = "${local.tags["Project"]}-security-group"

diff --git a/beanstalk/variables.tf b/beanstalk/variables.tf
@@ -0,0 +1,49 @@
+resource "aws_key_pair" "sellix-web-app-keypair" {
+  key_name   = "${local.tags["Project"]}-keypair"
+  public_key = file(var.public_key_path)
+  lifecycle {
+    ignore_changes = [public_key]
+  }
+}
+
+variable "aws_access_key" {
+  default = null
+}
+
+variable "aws_secret_key" {
+  default = null
+}
+
+variable "aws_region" {
+  default = null
+}
+
+variable "public_key_path" {
+  description = "ssh key"
+  default     = "~/.ssh/id_rsa.pub"
+}
+
+variable "nodejs_version" {
+  description = "Beanstalk Node.js Version"
+  default     = null
+}
+
+variable "main_cidr_block" {
+  description = "main cidr"
+  default     = "172.18.0.0/16"
+}
+
+variable "github_opts" {
+  description = "GitHub Repo Name && Organization"
+  default     = {}
+}
+
+variable "ssl_arn" {
+  description = "SSL Certificate ARN"
+  default     = {}
+}
+
+variable "codestar_connection_arn" {
+  description = "CodeStar Connection ARN"
+  default     = null
+}
diff --git a/vpc.tf → beanstalk/vpc.tf b/vpc.tf → beanstalk/vpc.tf
diff --git a/main.tf b/main.tf
@@ -4,12 +4,6 @@ terraform {
     aws = {
       "source" = "hashicorp/aws"
     }
-    github = {
-      source = "integrations/github"
-    }
-    random = {
-      source = "hashicorp/random"
-    }
   }
   backend "s3" {
     profile        = "sellix-terraform"
@@ -22,8 +16,53 @@ terraform {
 }
 
 provider "aws" {
+  alias      = "eu-west-1"
   profile    = "sellix-terraform"
-  region     = local.aws_region
+  region     = "eu-west-1"
   access_key = var.aws_access_key
   secret_key = var.aws_secret_key
+}
+
+provider "aws" {
+  alias      = "us-east-1"
+  profile    = "sellix-terraform"
+  region     = "us-east-1"
+  access_key = var.aws_access_key
+  secret_key = var.aws_secret_key
+}
+
+module "eu-west-1" {
+  source = "./beanstalk"
+  providers = {
+    aws = aws.eu-west-1
+  }
+  aws_access_key          = var.aws_access_key
+  aws_secret_key          = var.aws_secret_key
+  nodejs_version          = var.nodejs_version
+  aws_region              = "eu-west-1"
+  github_opts             = var.github_opts
+  ssl_arn                 = var.ssl_arn
+  codestar_connection_arn = var.codestar_connection_arn
+}
+
+module "us-east-1" {
+  source = "./beanstalk"
+  providers = {
+    aws = aws.us-east-1
+  }
+  aws_access_key          = var.aws_access_key
+  aws_secret_key          = var.aws_secret_key
+  aws_region              = "us-east-1"
+  nodejs_version          = var.nodejs_version
+  github_opts             = var.github_opts
+  ssl_arn                 = var.ssl_arn
+  codestar_connection_arn = var.codestar_connection_arn
+}
+
+output "eu-west-1_eb-cname" {
+  value = module.eu-west-1.eb_cname
+}
+
+output "us-east-1_eb-cname" {
+  value = module.us-east-1.eb_cname
 }
diff --git a/variables.tf b/variables.tf
@@ -1,11 +1,3 @@
-resource "aws_key_pair" "sellix-web-app-keypair" {
-  key_name   = "${local.tags["Project"]}-keypair"
-  public_key = file(var.public_key_path)
-  lifecycle {
-    ignore_changes = [public_key]
-  }
-}
-
 variable "aws_access_key" {
   default = null
 }
@@ -14,9 +6,9 @@ variable "aws_secret_key" {
   default = null
 }
 
-variable "public_key_path" {
-  description = "ssh key"
-  default     = "~/.ssh/id_rsa.pub"
+variable "nodejs_version" {
+  description = "Beanstalk Node.js Version"
+  default     = null
 }
 
 variable "main_cidr_block" {