Merge pull request #18 from Aswin-Vijayan/master

techiescamp · web-flow · commit 783705b5e6a4 · 2023-07-27T14:27:55.000+05:30
[CD-5][Changes] - Made required changes in alb, asg and iam policy
diff --git a/README.md b/README.md
@@ -22,20 +22,56 @@ terraform destroy \
     -backend-config="dynamodb_table=terraform-state-lock"
 ```
 
-## RDS Provisioning
+#### RDS Provisioning
 
 cd into the `environments/dev/rds` directory and run the following commands:
 
+1. Init Terraform in the directory `environments/dev/rds`
+
 ```
 terraform init
+```
+2. To preview the changes in code
 
+```
 terraform plan -var-file=../../../vars/dev/rds.tfvars
+```
+3. To apply the changes
 
+```
 terraform apply -var-file=../../../vars/dev/rds.tfvars
+```
+4. To destroy the resources created using the code
 
+```
 terraform destroy -var-file=../../../vars/dev/rds.tfvars
 ```
 
+### ALB and ASG Provisioning
+
+cd into the `environments/dev/alb-asg` directory and run the following commands:
+
+1. Init Terraform in the directory `environments/dev/alb-asg`
+
+```
+terraform init
+```
+2. To preview the changes in code
+
+```
+terraform plan -var-file=../../../vars/dev/alb-asg.tfvars
+```
+3. To apply the changes
+
+```
+terraform apply -var-file=../../../vars/dev/alb-asg.tfvars
+```
+4. To destroy the resources created using the code
+
+```
+terraform destroy -var-file=../../../vars/dev/alb-asg.tfvars
+```
+
 ## EC2 Instance Provisioning
 
 1. Navigate to the `environment/dev` folder:
diff --git a/environments/dev/alb-asg/main.tf b/environments/dev/alb-asg/main.tf
@@ -4,7 +4,10 @@ provider "aws" {
 
 module "iam-policy" {
   source                          = "../../../modules/iam-policy"
-  instance_role                   = var.instance_role
+  owner                           = var.owner
+  environment                     = var.environment
+  cost_center                     = var.cost_center
+  application                     = var.application
 }
 
 module "alb-sg" {
@@ -14,7 +17,7 @@ module "alb-sg" {
   environment                     = var.environment
   owner                           = var.owner
   cost_center                     = var.cost_center
-  application                     = var.application
+  application                     ="${var.application}-alb"
   vpc_id                          = var.vpc_id
   ingress_from_port               = var.alb_ingress_from_port
   ingress_to_port                 = var.alb_ingress_to_port
@@ -32,7 +35,7 @@ module "alb" {
   internal                        = var.internal
   loadbalancer_type               = var.loadbalancer_type
   vpc_id                          = var.vpc_id
-  subnets                         = var.subnets
+  alb_subnets                     = var.alb_subnets
   target_group_port               = var.target_group_port
   target_group_protocol           = var.target_group_protocol
   target_type                     = var.target_type
@@ -75,13 +78,11 @@ module "instance-sg" {
 
 module "asg" {
   source                          = "../../../modules/asg"
-  instance_profile                = var.instance_profile
-  instance_role                   = var.instance_role
   ami_id                          = var.ami_id
   instance_type                   = var.instance_type
   key_name                        = var.key_name
   vpc_id                          = var.vpc_id
-  subnets                         = var.subnets
+  asg_subnets                     = var.asg_subnets
   public_access                   = var.public_access
   user_data                       = var.user_data
   max_size                        = var.max_size
@@ -92,7 +93,7 @@ module "asg" {
   environment                     = var.environment
   cost_center                     = var.cost_center
   application                     = var.application
-  alb_target_group_arn            = module.alb.lb_target_group_arn
+  alb_target_group_arn            = module.alb.alb_target_group_arn
   iam_role                        = module.iam-policy.iam_role
   security_group_ids              = module.instance-sg.security_group_ids
   tags = {
diff --git a/environments/dev/alb-asg/variables.tf b/environments/dev/alb-asg/variables.tf
@@ -9,16 +9,6 @@ variable "region" {
   description = "Region of the alb-asg"
 }
 
-variable "instance_profile" {
-  description = "Instance profile for the instance which the instance role is associated with"
-  type        = string
-}
-
-variable "instance_role" {
-  description = "Instance role for the instance"
-  type        = string
-}
-
 variable "internal" {
   description = "Whether the load balancer is internal or not"
   type        = bool
@@ -29,6 +19,11 @@ variable "loadbalancer_type" {
   type        = string
 }
 
+variable "alb_subnets" {
+  description = "A list of subnet IDs to use for the resources."
+  type        = list(string)
+}
+
 variable "target_group_port" {
   description = "Target group port"
   type        = number
@@ -120,7 +115,7 @@ variable "vpc_id" {
   description = "The ID of the VPC to use for the resources."
 }
 
-variable "subnets" {
+variable "asg_subnets" {
   description = "A list of subnet IDs to use for the resources."
   type        = list(string)
 }
@@ -221,9 +216,6 @@ variable "egress_protocol" {
   type        = list(any)
 }
 
-#####
-
-
 variable "alb_ingress_cidr_block" {
   type        = list(string)
   description = "CIDR blocks for EC2 security group ingress rules"
diff --git a/environments/dev/iam-policies/alb-asg.json b/environments/dev/iam-policies/alb-asg.json
diff --git a/modules/alb/main.tf b/modules/alb/main.tf
@@ -1,14 +1,14 @@
-resource "aws_lb" "application_load_balancer" {
-  name               = "${var.environment}-${var.application}-lb"
+resource "aws_alb" "application_load_balancer" {
+  name               = "${var.environment}-${var.application}-alb"
   internal           = var.internal
   load_balancer_type = var.loadbalancer_type
 
-  subnets         = var.subnets
+  subnets         = var.alb_subnets
   security_groups = var.security_group_ids
 
   tags = merge(
     {
-      Name        = "${var.environment}-${var.application}-lb",
+      Name        = "${var.environment}-${var.application}-alb",
       Environment = var.environment,
       Owner       = var.owner,
       CostCenter  = var.cost_center,
@@ -18,7 +18,7 @@ resource "aws_lb" "application_load_balancer" {
   )
 }
 
-resource "aws_lb_target_group" "alb_tg" {
+resource "aws_alb_target_group" "alb_tg" {
   name_prefix = "alb-tg"
   port        = var.target_group_port
   protocol    = var.target_group_protocol
@@ -39,7 +39,7 @@ resource "aws_lb_target_group" "alb_tg" {
 
   tags = merge(
     {
-      Name        = "${var.environment}-${var.application}-lb-target-group"
+      Name        = "${var.environment}-${var.application}-alb-target-group"
       Environment = var.environment,
       Owner       = var.owner,
       CostCenter  = var.cost_center,
@@ -49,13 +49,13 @@ resource "aws_lb_target_group" "alb_tg" {
   )
 }
 
-resource "aws_lb_listener" "application_listener" {
-  load_balancer_arn = aws_lb.application_load_balancer.arn
+resource "aws_alb_listener" "application_listener" {
+  load_balancer_arn = aws_alb.application_load_balancer.arn
   port              = var.listener_port
   protocol          = var.listener_protocol
 
   default_action {
-    target_group_arn = aws_lb_target_group.alb_tg.arn
+    target_group_arn = aws_alb_target_group.alb_tg.arn
     type             = var.listener_type
   }
 }
diff --git a/modules/alb/outputs.tf b/modules/alb/outputs.tf
@@ -1,9 +1,9 @@
 output "load_balancer_dns_name" {
   description = "LoadBalancer dns name"
-  value = aws_lb.application_load_balancer.dns_name
+  value = aws_alb.application_load_balancer.dns_name
 }
 
-output "lb_target_group_arn" {
-  description = "LB Target Grouparn"
-  value = aws_lb_target_group.alb_tg.arn
+output "alb_target_group_arn" {
+  description = "ALB Target Grouparn"
+  value = aws_alb_target_group.alb_tg.arn
 }
diff --git a/modules/alb/variables.tf b/modules/alb/variables.tf
@@ -29,7 +29,7 @@ variable "vpc_id" {
   description = "The ID of the VPC to use for the resources."
 }
 
-variable "subnets" {
+variable "alb_subnets" {
   description = "A list of subnet IDs to use for the resources."
   type        = list(string)
 }
diff --git a/modules/asg/main.tf b/modules/asg/main.tf
@@ -6,7 +6,7 @@ locals {
 }
 
 resource "aws_iam_instance_profile" "instance_profile" {
-  name = var.instance_profile
+  name = "${var.environment}-${var.application}-instance_profile"
 
   role = var.iam_role
 }
@@ -18,7 +18,7 @@ resource "aws_launch_template" "application_lt" {
   key_name      = var.key_name
 
   iam_instance_profile {
-    name = var.instance_profile
+    name = "${var.environment}-${var.application}-instance_profile"
   }
 
   network_interfaces {
@@ -35,7 +35,7 @@ resource "aws_autoscaling_group" "application_asg" {
   max_size            = var.max_size
   min_size            = var.min_size
   desired_capacity    = var.desired_capacity
-  vpc_zone_identifier = var.subnets
+  vpc_zone_identifier = var.asg_subnets
 
   launch_template {
     id      = aws_launch_template.application_lt.id
diff --git a/modules/asg/variables.tf b/modules/asg/variables.tf
@@ -4,13 +4,8 @@ variable "tags" {
   description = "Extra tags to attach to the alb-asg resources"
 }
 
-variable "instance_profile" {
-  description = "Instance profile for the instance which the instance role is associated with"
-  type        = string
-}
-
-variable "instance_role" {
-  description = "Instance role for the instance"
+variable "iam_role" {
+  description = "IAM role for the instance"
   type        = string
 }
 
@@ -34,7 +29,7 @@ variable "vpc_id" {
   description = "The ID of the VPC to use for the resources."
 }
 
-variable "subnets" {
+variable "asg_subnets" {
   description = "A list of subnet IDs to use for the resources."
   type        = list(string)
 }
@@ -98,8 +93,3 @@ variable "alb_target_group_arn" {
   description = "load balancer target group arn"
   type        = string
 }
-
-variable "iam_role" {
-  description = "iam role name"
-  type        = string
-}
diff --git a/modules/iam-policy/main.tf b/modules/iam-policy/main.tf
@@ -1,5 +1,5 @@
 resource "aws_iam_role" "iam_role" {
-  name = var.instance_role
+  name = "${var.environment}-${var.application}-iam-role"
   assume_role_policy = jsonencode({
     Version = "2012-10-17"
     Statement = [
@@ -12,11 +12,21 @@ resource "aws_iam_role" "iam_role" {
       }
     ]
   })
+  tags = merge(
+    {
+      Name        = "${var.environment}-${var.application}-iam-role",
+      Environment = var.environment,
+      Owner       = var.owner,
+      CostCenter  = var.cost_center,
+      Application = var.application
+    },
+    var.tags
+  )
 }
 
 resource "aws_iam_policy" "iam_policy" {
-  name = "iam_policy"
-  policy = file("${path.module}../../../environments/dev/file/lb-asg.json")
+  name = "${var.environment}-${var.application}-iam-policy"
+  policy = file("${path.module}../../../environments/dev/iam-policies/alb-asg.json")
 }
 
 resource "aws_iam_role_policy_attachment" "iam_role_policy_attachment" {
diff --git a/modules/iam-policy/variables.tf b/modules/iam-policy/variables.tf
@@ -1,4 +1,25 @@
-variable "instance_role" {
-  description = "Instance role for the instance"
+variable "tags" {
+  default     = {}
+  type        = map(string)
+  description = "Extra tags to attach to the iam-policy"
+}
+
+variable "owner" {
   type        = string
+  description = "Name of owner"
+}
+
+variable "environment" {
+  type        = string
+  description = "The environment name for the resources."
+}
+
+variable "cost_center" {
+  type        = string
+  description = "Name of cost-center for this alb-asg"
+}
+
+variable "application" {
+  type        = string
+  description = "Name of the application"
 }
diff --git a/vars/dev/alb-asg.tfvars b/vars/dev/alb-asg.tfvars

Original file line number	Diff line number	Diff line change
`@@ -1,9 +1,9 @@`
`1`	`1`	`output "load_balancer_dns_name" {`
`2`	`2`	`description = "LoadBalancer dns name"`
`3`		`- value = aws_lb.application_load_balancer.dns_name`
	`3`	`+ value = aws_alb.application_load_balancer.dns_name`
`4`	`4`	`}`
`5`	`5`
`6`		`-output "lb_target_group_arn" {`
`7`		`- description = "LB Target Grouparn"`
`8`		`- value = aws_lb_target_group.alb_tg.arn`
	`6`	`+output "alb_target_group_arn" {`
	`7`	`+ description = "ALB Target Grouparn"`
	`8`	`+ value = aws_alb_target_group.alb_tg.arn`
`9`	`9`	`}`
Original file line number	Diff line number	Diff line change
`@@ -29,7 +29,7 @@ variable "vpc_id" {`
`29`	`29`	`description = "The ID of the VPC to use for the resources."`
`30`	`30`	`}`
`31`	`31`
`32`		`-variable "subnets" {`
	`32`	`+variable "alb_subnets" {`
`33`	`33`	`description = "A list of subnet IDs to use for the resources."`
`34`	`34`	`type = list(string)`
`35`	`35`	`}`
Original file line number	Diff line number	Diff line change
`@@ -4,13 +4,8 @@ variable "tags" {`
`4`	`4`	`description = "Extra tags to attach to the alb-asg resources"`
`5`	`5`	`}`
`6`	`6`
`7`		`-variable "instance_profile" {`
`8`		`- description = "Instance profile for the instance which the instance role is associated with"`
`9`		`- type = string`
`10`		`-}`
`11`		`-`
`12`		`-variable "instance_role" {`
`13`		`- description = "Instance role for the instance"`
	`7`	`+variable "iam_role" {`
	`8`	`+ description = "IAM role for the instance"`
`14`	`9`	`type = string`
`15`	`10`	`}`
`16`	`11`
`@@ -34,7 +29,7 @@ variable "vpc_id" {`
`34`	`29`	`description = "The ID of the VPC to use for the resources."`
`35`	`30`	`}`
`36`	`31`
`37`		`-variable "subnets" {`
	`32`	`+variable "asg_subnets" {`
`38`	`33`	`description = "A list of subnet IDs to use for the resources."`
`39`	`34`	`type = list(string)`
`40`	`35`	`}`
`@@ -98,8 +93,3 @@ variable "alb_target_group_arn" {`
`98`	`93`	`description = "load balancer target group arn"`
`99`	`94`	`type = string`
`100`	`95`	`}`
`101`		`-`
`102`		`-variable "iam_role" {`
`103`		`- description = "iam role name"`
`104`		`- type = string`
`105`		`-}`