From 88e74674c3c53989f7c487be9c08cfdfebe3edff Mon Sep 17 00:00:00 2001
From: Javier Aguirre <javi@javaguirre.net>
Date: Tue, 25 Feb 2020 19:15:37 +0100
Subject: [PATCH] Feature/create infra backend s3 (#1)

* Added backend specific config and wordpress for proimplant

* Added output for wordpress proimplant
---
 CHANGELOG.md                   | 15 ++++++
 terraform/backend/provider.tf  |  6 +++
 terraform/backend/resources.tf | 29 ++++++++++
 terraform/backend/terraform.tf |  3 ++
 terraform/backend/variables.tf | 11 ++++
 terraform/outputs.tf           |  4 ++
 terraform/proimplant.tf        | 16 ++++++
 terraform/resources.tf         | 99 ++++++++++++++++++++++++++++++++++
 terraform/terraform.tf         | 95 +++-----------------------------
 terraform/variables.tf         |  9 ++--
 10 files changed, 196 insertions(+), 91 deletions(-)
 create mode 100644 CHANGELOG.md
 create mode 100644 terraform/backend/provider.tf
 create mode 100644 terraform/backend/resources.tf
 create mode 100644 terraform/backend/terraform.tf
 create mode 100644 terraform/backend/variables.tf
 create mode 100644 terraform/proimplant.tf
 create mode 100644 terraform/resources.tf

diff --git a/CHANGELOG.md b/CHANGELOG.md
new file mode 100644
index 0000000..661a556
--- /dev/null
+++ b/CHANGELOG.md
@@ -0,0 +1,15 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+## [2020.02.25]
+
+### Added
+
+- Separate AWS Backend s3 config for Terraform from the rest
+- Add new WordPress machine for testing Proimplant
diff --git a/terraform/backend/provider.tf b/terraform/backend/provider.tf
new file mode 100644
index 0000000..f1a2d92
--- /dev/null
+++ b/terraform/backend/provider.tf
@@ -0,0 +1,6 @@
+provider "aws" {
+  version = "~> 2.42"
+  access_key = var.aws_access_key
+  secret_key = var.aws_secret_key
+  region  = var.aws_region
+}
diff --git a/terraform/backend/resources.tf b/terraform/backend/resources.tf
new file mode 100644
index 0000000..ccb49e3
--- /dev/null
+++ b/terraform/backend/resources.tf
@@ -0,0 +1,29 @@
+resource "aws_s3_bucket" "terraform_state" {
+    bucket = "tnp-infra"
+
+    lifecycle {
+        prevent_destroy = true
+    }
+
+    versioning {
+        enabled = true
+    }
+
+    server_side_encryption_configuration {
+        rule {
+            apply_server_side_encryption_by_default {
+                sse_algorithm = "AES256"
+            }
+        }
+    }
+}
+
+resource "aws_dynamodb_table" "terraform_locks" {
+    name = "tnp-infra-locks"
+    billing_mode = "PAY_PER_REQUEST"
+    hash_key = "LockID"
+    attribute {
+        name = "LockID"
+        type = "S"
+    }
+}
diff --git a/terraform/backend/terraform.tf b/terraform/backend/terraform.tf
new file mode 100644
index 0000000..d9b6f79
--- /dev/null
+++ b/terraform/backend/terraform.tf
@@ -0,0 +1,3 @@
+terraform {
+  required_version = ">= 0.12"
+}
diff --git a/terraform/backend/variables.tf b/terraform/backend/variables.tf
new file mode 100644
index 0000000..bfa7ec0
--- /dev/null
+++ b/terraform/backend/variables.tf
@@ -0,0 +1,11 @@
+variable "aws_region" {
+  default = "eu-west-1"
+}
+
+variable "aws_access_key" {
+  default = ""
+}
+
+variable "aws_secret_key" {
+  default = ""
+}
diff --git a/terraform/outputs.tf b/terraform/outputs.tf
index f9eeab1..3020fed 100644
--- a/terraform/outputs.tf
+++ b/terraform/outputs.tf
@@ -5,3 +5,7 @@ output "prestashop-staging" {
 output "prestashop-production" {
   value = "ssh ${aws_instance.prestashop_production.public_ip}:22"
 }
+
+output "proimplant-wordpress" {
+  value = "ssh ${aws_instance.proimplant_wordpress.public_ip}:22"
+}
diff --git a/terraform/proimplant.tf b/terraform/proimplant.tf
new file mode 100644
index 0000000..71c1aa3
--- /dev/null
+++ b/terraform/proimplant.tf
@@ -0,0 +1,16 @@
+resource "aws_instance" "proimplant_wordpress" {
+  ami           = "ami-06206646e9f976074"  # WordPress from Bitnami
+  instance_type = var.ec2_size
+  key_name      = var.key_name
+
+  vpc_security_group_ids = [
+    aws_security_group.web.id,
+    aws_security_group.ssh.id,
+    aws_security_group.egress-tls.id,
+    aws_security_group.ping-ICMP.id
+  ]
+
+  tags = {
+    Name = "proimplant-wordpress"
+  }
+}
diff --git a/terraform/resources.tf b/terraform/resources.tf
new file mode 100644
index 0000000..1a368be
--- /dev/null
+++ b/terraform/resources.tf
@@ -0,0 +1,99 @@
+resource "aws_instance" "prestashop_staging" {
+  ami           = var.ami
+  instance_type = var.ec2_size
+  key_name      = var.prestashop_key_name
+
+  vpc_security_group_ids = [
+    aws_security_group.web.id,
+    aws_security_group.ssh.id,
+    aws_security_group.egress-tls.id,
+    aws_security_group.ping-ICMP.id
+  ]
+
+  tags = {
+    Name = "prestashop-staging"
+  }
+}
+
+resource "aws_instance" "prestashop_production" {
+  ami           = var.ami
+  instance_type = var.ec2_size
+  key_name      = var.prestashop_key_name
+
+  vpc_security_group_ids = [
+    aws_security_group.web.id,
+    aws_security_group.ssh.id,
+    aws_security_group.egress-tls.id,
+    aws_security_group.ping-ICMP.id
+  ]
+
+  tags = {
+    Name = "prestashop-production"
+  }
+}
+
+resource "aws_security_group" "web" {
+  name        = "default-web-prestashop"
+  description = "Security group for web that allows web traffic from internet"
+
+  ingress {
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  ingress {
+    from_port   = 443
+    to_port     = 443
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_security_group" "ssh" {
+  name        = "default-ssh-prestashop"
+  description = "Security group for nat instances that allows SSH and VPN traffic from internet"
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_security_group" "egress-tls" {
+  name        = "default-egress-tls-prestashop"
+  description = "Default security group that allows inbound and outbound traffic from all instances in the VPC"
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_security_group" "ping-ICMP" {
+  name        = "default-ping-prestashop"
+  description = "Default security group that allows to ping the instance"
+
+  ingress {
+    from_port        = -1
+    to_port          = -1
+    protocol         = "icmp"
+    cidr_blocks      = ["0.0.0.0/0"]
+    ipv6_cidr_blocks = ["::/0"]
+  }
+}
+
+resource "aws_dynamodb_table" "terraform_locks" {
+    name = "tnp-infra-locks"
+    billing_mode = "PAY_PER_REQUEST"
+    hash_key = "LockID"
+    attribute {
+        name = "LockID"
+        type = "S"
+    }
+}
diff --git a/terraform/terraform.tf b/terraform/terraform.tf
index b63b449..35995fc 100644
--- a/terraform/terraform.tf
+++ b/terraform/terraform.tf
@@ -1,89 +1,10 @@
-resource "aws_instance" "prestashop_staging" {
-  ami           = var.ami
-  instance_type = var.ec2_size
-  key_name      = var.key_name
-
-  vpc_security_group_ids = [
-    aws_security_group.web.id,
-    aws_security_group.ssh.id,
-    aws_security_group.egress-tls.id,
-    aws_security_group.ping-ICMP.id
-  ]
-
-  tags = {
-    Name = "prestashop-staging"
-  }
-}
-
-resource "aws_instance" "prestashop_production" {
-  ami           = var.ami
-  instance_type = var.ec2_size
-  key_name      = var.key_name
-
-  vpc_security_group_ids = [
-    aws_security_group.web.id,
-    aws_security_group.ssh.id,
-    aws_security_group.egress-tls.id,
-    aws_security_group.ping-ICMP.id
-  ]
-
-  tags = {
-    Name = "prestashop-production"
-  }
-}
-
-resource "aws_security_group" "web" {
-  name        = "default-web-prestashop"
-  description = "Security group for web that allows web traffic from internet"
-
-  ingress {
-    from_port   = 80
-    to_port     = 80
-    protocol    = "tcp"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-
-  ingress {
-    from_port   = 443
-    to_port     = 443
-    protocol    = "tcp"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-}
-
-resource "aws_security_group" "ssh" {
-  name        = "default-ssh-prestashop"
-  description = "Security group for nat instances that allows SSH and VPN traffic from internet"
-
-  ingress {
-    from_port   = 22
-    to_port     = 22
-    protocol    = "tcp"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-}
-
-resource "aws_security_group" "egress-tls" {
-  name        = "default-egress-tls-prestashop"
-  description = "Default security group that allows inbound and outbound traffic from all instances in the VPC"
-
-  egress {
-    from_port   = 0
-    to_port     = 0
-    protocol    = "-1"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-}
-
-resource "aws_security_group" "ping-ICMP" {
-  name        = "default-ping-prestashop"
-  description = "Default security group that allows to ping the instance"
-
-  ingress {
-    from_port        = -1
-    to_port          = -1
-    protocol         = "icmp"
-    cidr_blocks      = ["0.0.0.0/0"]
-    ipv6_cidr_blocks = ["::/0"]
+terraform {
+  required_version = ">= 0.12"
+  backend "s3" {
+    bucket = "tnp-infra"
+    key = "global/terraform.tfstate"
+    region = "eu-central-1"
+    dynamodb_table = "tnp-infra-locks"
+    encrypt = true
   }
 }
diff --git a/terraform/variables.tf b/terraform/variables.tf
index 5e1cae6..578b77e 100644
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@@ -6,6 +6,11 @@ variable "region" {
   default = "eu-west-1"
 }
 
+variable "prestashop_key_name" {
+  default = "javaguirre-tnp"
+  description = "The first machines we deployed had an specific key pair we maintain now"
+}
+
 variable "key_name" {
   default = "javaguirre-tnp"
 }
@@ -18,10 +23,6 @@ variable "aws_secret_key" {
   default = ""
 }
 
-variable "instance" {
-  default = "t2.micro"
-}
-
 variable "instance_count" {
   default = "1"
 }