-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.tf
189 lines (158 loc) · 4.25 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
terraform {
required_providers {
aws = {
source = "hashicorp/aws",
version = "~> 4.16"
}
}
required_version = ">=1.2.0"
}
provider "aws" {
region = "us-east-1"
}
# Creates VPC
resource "aws_vpc" "my_vpc" {
cidr_block = var.vpc_cidr_block[0]
tags = {
Name = "my_vpc"
}
}
# Creates Subnets within the VPC
resource "aws_subnet" "sbn" {
count = length(var.availability_zones)
vpc_id = aws_vpc.my_vpc.id
cidr_block = cidrsubnet(aws_vpc.my_vpc.cidr_block, 2, count.index)
availability_zone = var.availability_zones[count.index]
tags = {
Name = "crdb_demo-sbn-${var.availability_zones[count.index]}"
}
}
# Creates security groups within the VPC
resource "aws_security_group" "tf_sg" {
name = "security group managed by terraform"
description = "security group managed by terraform"
vpc_id = aws_vpc.my_vpc.id
ingress {
description = "SSH"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = var.vpc_cidr_block
}
ingress {
description = "internode and load balancer connection"
from_port = 26257
to_port = 26257
protocol = "tcp"
self = true
}
ingress {
description = "Local to cockroach db host connection"
from_port = 26257
to_port = 26257
protocol = "tcp"
cidr_blocks = var.vpc_cidr_block
}
ingress {
description = "dbconsole"
from_port = 8080
to_port = 8080
protocol = "tcp"
cidr_blocks = var.vpc_cidr_block
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
}
tags = {
Name = "tf_sg"
}
}
# Creates Internet Gateway
resource "aws_internet_gateway" "igw" {
vpc_id = aws_vpc.my_vpc.id
tags = {
Name = "crdb_demo_igw"
}
}
# Creates Route Table
resource "aws_route_table" "route_table" {
vpc_id = aws_vpc.my_vpc.id
tags = {
Name = "crdb_demo_route"
}
}
# Creates Routes
resource "aws_route" "igw_pub_route" {
route_table_id = aws_route_table.route_table.id
destination_cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.igw.id
}
# Creates Route table association
resource "aws_route_table_association" "sbn_association" {
count = length(var.availability_zones)
subnet_id = aws_subnet.sbn[count.index].id
route_table_id = aws_route_table.route_table.id
}
# Creates the cockroach nodes, to change count of nodes change count variable
resource "aws_instance" "cockroachdb-node" {
count = var.instance_count
ami = "ami-026b57f3c383c2eec"
instance_type = "m6a.large"
subnet_id = aws_subnet.sbn[count.index].id
associate_public_ip_address = true
security_groups = [aws_security_group.tf_sg.id]
key_name = var.key_name
# root block device is instance store - not encrypted or backed up, if needed then use ebs volume
root_block_device {
volume_size = 150
volume_type = "gp3"
}
tags = {
Name = "${var.instance_name}-${count.index + 1}"
}
}
# Creates AWS load balancer
resource "aws_lb" "my-nlb-demo" {
name = "my-nlb-demo"
internal = true
load_balancer_type = "network"
subnets = [for subnet in aws_subnet.sbn : subnet.id]
tags = {
Name = "my-nlb-demo"
}
}
# Creates a target group
resource "aws_lb_target_group" "my_target_group" {
name = "my-nlb-tg"
target_type = "instance"
port = 26257
protocol = "TCP"
vpc_id = aws_vpc.my_vpc.id
health_check {
protocol = "HTTP"
path = "/health?ready=1"
}
tags = {
Name = "my_target_group"
}
}
# network load balancer listener port forwarded
resource "aws_lb_listener" "lb_listener" {
load_balancer_arn = aws_lb.my-nlb-demo.arn
port = "26257"
protocol = "TCP"
default_action {
type = "forward"
target_group_arn = aws_lb_target_group.my_target_group.arn
}
}
# target group attachment
resource "aws_lb_target_group_attachment" "tg_attach" {
count = var.instance_count
target_group_arn = aws_lb_target_group.my_target_group.arn
target_id = aws_instance.cockroachdb-node[count.index].id
}