diff --git a/examples/confluence/README.md b/examples/confluence/README.md new file mode 100644 index 00000000..1ba8f1c3 --- /dev/null +++ b/examples/confluence/README.md @@ -0,0 +1,3 @@ +# Confluence + +Showing pratical usage of a fully functional website, from HTTPS frontend to Postgres backend. diff --git a/examples/confluence/docker-compose.tpl b/examples/confluence/docker-compose.tpl new file mode 100644 index 00000000..8da8e495 --- /dev/null +++ b/examples/confluence/docker-compose.tpl @@ -0,0 +1,13 @@ +version: "3.7" +services: + confluence: + image: atlassian/confluence-server + ports: + - "${http_port}:8090" + volumes: + - /data/confluence:/var/atlassian/application-data/confluence + environment: + - ATL_JDBC_URL=jdbc:postgresql://${db_host}:5432/${db_db} + - ATL_JDBC_USER=${db_user} + - ATL_JDBC_PASSWORD='${db_pass}' + - ATL_DB_TYPE=postgresql diff --git a/examples/confluence/main.tf b/examples/confluence/main.tf new file mode 100644 index 00000000..97f329ee --- /dev/null +++ b/examples/confluence/main.tf @@ -0,0 +1,314 @@ +variable "region" { + type = string + description = "AWS region to run the example" +} +variable "ssh_key" { + type = string + description = "AWS SSH key name for instance" +} +variable "db_password" { + type = string + description = "Password for RDS" +} +variable "base_domain" { + type = string + description = "Base domain name for internal and external FQDN, with the last dot" +} + +data "aws_availability_zones" "azs" {} + +data "aws_route53_zone" "sandbox" { + name = var.base_domain + private_zone = false +} + +module "vpc" { + source = "fpco/foundation/aws//modules/vpc-scenario-2" + azs = data.aws_availability_zones.azs.names + cidr = "192.168.0.0/16" + name_prefix = "confluence" + private_subnet_cidrs = ["192.168.100.0/24", "192.168.101.0/24"] + public_subnet_cidrs = ["192.168.0.0/24", "192.168.1.0/24"] + region = var.region +} + +module "centos" { + source = "fpco/foundation/aws//modules/ami-centos" + release = "7" +} + +module "asg-sg" { + source = "fpco/foundation/aws//modules/security-group-base" + name = "asg-sg" + description = "SG for ASG" + vpc_id = module.vpc.vpc_id +} + +module "asg-to-world" { + source = "fpco/foundation/aws//modules/open-egress-sg" + security_group_id = module.asg-sg.id +} + +module "ssh-port-sg-rule" { + source = "fpco/foundation/aws//modules/single-port-sg" + security_group_id = module.asg-sg.id + cidr_blocks = ["0.0.0.0/0"] + port = 22 + description = "SSH from anywhere, for debug." +} + +resource "aws_security_group_rule" "asg_int_alb_http_port_sg_rule" { + security_group_id = module.asg-sg.id + from_port = 80 + to_port = 80 + type = "ingress" + protocol = "TCP" + description = "HTTP ingress for int ALB" + source_security_group_id = module.int-alb.security_group_id +} + +resource "aws_security_group_rule" "asg_ext_alb_http_port_sg_rule" { + security_group_id = module.asg-sg.id + from_port = 80 + to_port = 80 + type = "ingress" + protocol = "TCP" + description = "HTTP ingress for ext ALB" + source_security_group_id = module.ext-alb.security_group_id +} + +module "asg" { + source = "git::ssh://git@github.com/fpco/terraform-aws-foundation//modules/single-node-asg?ref=lb-asg" + ami = module.centos.id + instance_type = "m5.xlarge" + key_name = var.ssh_key + name_prefix = "confluence" + name_suffix = "" + region = var.region + security_group_ids = [module.asg-sg.id] + subnet_id = module.vpc.private_subnet_ids[0] + public_ip = false + data_volume_size = 50 + init_prefix = < /tmp/docker-compose.yml <