progress

airbytehq · michel-tricot · Jan 27, 2021 · Jan 21, 2021 · Jan 21, 2021 · Jan 21, 2021
commit 099ec178994ae91966a4626a34a49fd2ab9f8404
diff --git a/terraform/aws/main.tf b/terraform/aws/main.tf
@@ -1,3 +1,29 @@
+variable "name" {
+  type = string
+  default = "demo"
+}
+
+variable "vpc" {
+  type = string
+  default = "vpc-0e436274"
+}
+
+variable "subnets" {
+  default = [
+    "subnet-8a7d68ed",
+    "subnet-2f45e062",
+    "subnet-2eca9310",
+    "subnet-cf8393e1",
+    "subnet-64f0e638",
+    "subnet-e9f33ce7"
+  ]
+}
+
+variable "certificate" {
+  type = string
+  default = "arn:aws:acm:us-east-1:168714685353:certificate/c762da95-be91-466d-a9f0-1c22f449ae0d"
+}
+
 terraform {
   required_providers {
     aws = {
@@ -27,25 +53,9 @@ data "aws_ami" "amazon-linux-2" {
   }
 }
 
-resource "aws_security_group" "airbyte-app" {
-  name        = "airbyte-app"
-  description = "Allow traffic to the airbyte app"
-
-  ingress {
-    description = "https"
-    from_port   = 443
-    to_port     = 443
-    protocol    = "tcp"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-
-  ingress {
-    description = "http"
-    from_port   = 80
-    to_port     = 80
-    protocol    = "tcp"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
+resource "aws_security_group" "airbyte-instance-sg" {
+  name        = "${var.name}-airbyte-instance-sg"
+  description = "Allow traffic to the airbyte instance"
 
   ingress {
     description = "http-webapp"
@@ -77,23 +87,89 @@ resource "aws_security_group" "airbyte-app" {
     protocol    = "-1"
     cidr_blocks = ["0.0.0.0/0"]
   }
-
-  tags = {
-    Name = "airbyte-app"
-  }
 }
 
-resource "aws_instance" "airbyte-app" {
+resource "aws_instance" "airbyte-instance" {
   instance_type = "t3.medium"
   ami           = data.aws_ami.amazon-linux-2.id
 
-  security_groups = [aws_security_group.airbyte-app.name]
+  security_groups = [aws_security_group.airbyte-instance-sg.name]
 
   key_name = "airbyte-app"
 
   user_data = file("${path.module}/init.sh")
 
   tags = {
-    Name = "airbyte-app"
+    Name = "${var.name}-airbyte-app"
+  }
+}
+
+resource "aws_security_group" "airbyte-alb-sg" {
+  name        = "${var.name}-airbyte-alb-sg"
+  description = "Allow traffic to the elb"
+
+  ingress {
+    description = "https"
+    from_port   = 443
+    to_port     = 443
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_lb" "airbyte-alb" {
+  enable_deletion_protection = true
+
+  name               = "${var.name}-airbyte-alb"
+
+  internal           = false
+  load_balancer_type = "application"
+  security_groups    = [aws_security_group.airbyte-alb-sg.id]
+  subnets = var.subnets
+}
+
+resource "aws_lb_target_group" "airbyte-webapp" {
+  name     = "${var.name}-airbyte-webapp-tg"
+  port     = 8000
+  protocol = "HTTP"
+  vpc_id = var.vpc
+}
+
+resource "aws_lb_target_group_attachment" "airbyte-webapp" {
+  target_group_arn = aws_lb_target_group.airbyte-webapp.arn
+  target_id        = aws_instance.airbyte-instance.id
+  port             = 8000
+}
+
+resource "aws_lb_target_group" "airbyte-api" {
+  name     = "${var.name}-airbyte-api-tg"
+  port     = 8001
+  protocol = "HTTP"
+  vpc_id = var.vpc
+}
+
+resource "aws_lb_target_group_attachment" "airbyte-api" {
+  target_group_arn = aws_lb_target_group.airbyte-api.arn
+  target_id        = aws_instance.airbyte-instance.id
+  port             = 8001
+}
+
+resource "aws_lb_listener" "airbyte-app" {
+  load_balancer_arn = aws_lb.airbyte-alb.arn
+  port              = "443"
+  protocol          = "HTTPS"
+  ssl_policy        = "ELBSecurityPolicy-2016-08"
+  certificate_arn   = var.certificate
+
+  default_action {
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.airbyte-webapp.arn
   }
 }