diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/.terraform.lock.hcl b/environments/swarms-aws-agent-api/dev/us-east-1/.terraform.lock.hcl index 4ae256b..20cd0a1 100644 --- a/environments/swarms-aws-agent-api/dev/us-east-1/.terraform.lock.hcl +++ b/environments/swarms-aws-agent-api/dev/us-east-1/.terraform.lock.hcl @@ -18,3 +18,25 @@ provider "registry.opentofu.org/hashicorp/aws" { "zh:e76cd202b03749f3082b0cbe849fd2e731cf3f9a6aa994d2d629602c3aede36c", ] } + +provider "registry.opentofu.org/hashicorp/cloudflare" { + version = "4.48.0" + hashes = [ + "h1:ePGvSurmlqOCkD761vkhRmz7bsK36/EnIvx2Xy8TdXo=", + "zh:04c0a49c2b23140b2f21cfd0d52f9798d70d3bdae3831613e156aabe519bbc6c", + "zh:185f21b4834ba63e8df1f84aa34639d8a7e126429a4007bb5f9ad82f2602a997", + "zh:234724f52cb4c0c3f7313d3b2697caef26d921d134f26ae14801e7afac522f7b", + "zh:38a56fcd1b3e40706af995611c977816543b53f1e55fe2720944aae2b6828fcb", + "zh:419938f5430fc78eff933470aefbf94a460a478f867cf7761a3dea177b4eb153", + "zh:4b46d92bfde1deab7de7ba1a6bbf4ba7c711e4fd925341ddf09d4cc28dae03d8", + "zh:537acd4a31c752f1bae305ba7190f60b71ad1a459f22d464f3f914336c9e919f", + "zh:5ff36b005aad07697dd0b30d4f0c35dbcdc30dc52b41722552060792fa87ce04", + "zh:635c5ee419daea098060f794d9d7d999275301181e49562c4e4c08f043076937", + "zh:859277c330d61f91abe9e799389467ca11b77131bf34bedbef52f8da68b2bb49", + "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f", + "zh:927dfdb8d9aef37ead03fceaa29e87ba076a3dd24e19b6cefdbb0efe9987ff8c", + "zh:bbf2226f07f6b1e721877328e69ded4b64f9c196634d2e2429e3cfabbe41e532", + "zh:daeed873d6f38604232b46ee4a5830c85d195b967f8dbcafe2fcffa98daf9c5f", + "zh:f8f2fc4646c1ba44085612fa7f4dbb7cbcead43b4e661f2b98ddfb4f68afc758", + ] +} diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/Readme.md b/environments/swarms-aws-agent-api/dev/us-east-1/Readme.md index 4f57e60..144ec90 100644 --- a/environments/swarms-aws-agent-api/dev/us-east-1/Readme.md +++ b/environments/swarms-aws-agent-api/dev/us-east-1/Readme.md @@ -1,3 +1,10 @@ +# Done + 1. create vpc +2. create iam roles and users +3. create asg and alb and route53 and acm + +# Todo + +1. create cognito pool 2. create ami -4. create iam roles and users diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/cloudflare.tf b/environments/swarms-aws-agent-api/dev/us-east-1/cloudflare.tf new file mode 100644 index 0000000..e066b4a --- /dev/null +++ b/environments/swarms-aws-agent-api/dev/us-east-1/cloudflare.tf @@ -0,0 +1,4 @@ +#provider "cloudflare" { +# api_token = var.cloudflare_api_token +#} +#export CLOUDFLARE_API_TOKEN=`cat ~/.cloudflare` diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/Readme.md b/environments/swarms-aws-agent-api/dev/us-east-1/components/Readme.md index b9e7c04..92f42ec 100644 --- a/environments/swarms-aws-agent-api/dev/us-east-1/components/Readme.md +++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/Readme.md @@ -2,21 +2,24 @@ ## Phase 1 0. create standard vpc with a private network to host ec2, -this uses a natgw that costs money bhttps://aws.amazon.com/vpc/pricing/ -0.45 so we will put the intances in public for now and use security groups to limit access. +this uses a natgw that costs money https://aws.amazon.com/vpc/pricing/ +so we will put the intances in public for now and use security groups to limit access. 1. create minimal ec2 instance in machine_image -terraform (later packer) for ubuntu python uvicorn fastapi nginx systemd server with custom git modules +terraform for ubuntu python uvicorn fastapi nginx systemd server with custom git modules 2. create minimal ec2 ami from instance in machine_image 3. create autoscaling_group of size 1 for image 4. create application load balancer +5. create dns_entry -send users back to server via sticky sessions or some id. -5. create dns_entry -6. create cognito user pool for login +# todo + +1. alb sticky sessions :send users back to server via sticky sessions or some id. +2. create cognito user pool for login 7. create work_queue 8. create lambda_workers on queue 9. create resource_launchers to create new resources. +10. packer ami for ubuntu python uvicorn fastapi nginx systemd server with custom git modules diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf index a2ff758..6c06194 100644 --- a/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf +++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf @@ -1,19 +1,16 @@ # variable "provider_alias" { # type = any # } - +variable security_group_id {} # = local.name variable name {} # = local.name +variable domain_name {} # = local.name variable vpc_id {} #= module.vpc.vpc_id -variable subnets {} #= module.vpc.public_subnets - -provider "aws" { - region = local.region -} +#variable subnets {} #= module.vpc.public_subnets +variable public_subnets {} #= module.vpc.public_subnets data "aws_availability_zones" "available" {} locals { - region = "eu-west-1" name = "ex-${basename(path.cwd)}" vpc_cidr = "10.0.0.0/16" @@ -26,602 +23,133 @@ locals { } } -################################################################## -# Application Load Balancer -################################################################## - - module "alb" { -# provider = var.provider_alias source = "terraform-aws-modules/alb/aws" version = "9.12.0" - - name = var.name # local.name + name = "${var.name}-api" # local.name vpc_id = var.vpc_id # module.vpc.vpc_id subnets = var.public_subnets # module.vpc.public_subnets - - # For example only - #enable_deletion_protection = false - - # Security Group - security_group_ingress_rules = { - all_http = { - from_port = 80 - to_port = 80 - ip_protocol = "tcp" - description = "HTTP web traffic" - cidr_ipv4 = "0.0.0.0/0" - } - all_https = { - from_port = 443 - to_port = 443 - ip_protocol = "tcp" - description = "HTTPS web traffic" - cidr_ipv4 = "0.0.0.0/0" - } - } - security_group_egress_rules = { - all = { - ip_protocol = "-1" - cidr_ipv4 = module.vpc.vpc_cidr_block - } - } - -# access_logs = { -# bucket = module.log_bucket.s3_bucket_id -# prefix = "access-logs" -# } - -# connection_logs = { -# bucket = module.log_bucket.s3_bucket_id -# enabled = true -# prefix = "connection-logs" -# } - + enable_deletion_protection = false + create_security_group=false + security_groups = [var.security_group_id] client_keep_alive = 7200 - - # listeners = { - # ex-http-https-redirect = { - # port = 80 - # protocol = "HTTP" - # redirect = { - # port = "443" - # protocol = "HTTPS" - # status_code = "HTTP_301" - # } - - # rules = { - # ex-fixed-response = { - # priority = 3 - # actions = [{ - # type = "fixed-response" - # content_type = "text/plain" - # status_code = 200 - # message_body = "This is a fixed response" - # }] - - # conditions = [{ - # http_header = { - # http_header_name = "x-Gimme-Fixed-Response" - # values = ["yes", "please", "right now"] - # } - # }] - # } - - # ex-weighted-forward = { - # priority = 4 - # actions = [{ - # type = "weighted-forward" - # target_groups = [ - # { - # target_group_key = "ex-lambda-with-trigger" - # weight = 2 - # }, - # { - # target_group_key = "ex-instance" - # weight = 1 - # } - # ] - # stickiness = { - # enabled = true - # duration = 3600 - # } - # }] - - # conditions = [{ - # query_string = { - # key = "weighted" - # value = "true" - # } - # }] - # } - - # ex-redirect = { - # priority = 5000 - # actions = [{ - # type = "redirect" - # status_code = "HTTP_302" - # host = "www.youtube.com" - # path = "/watch" - # query = "v=dQw4w9WgXcQ" - # protocol = "HTTPS" - # }] - - # conditions = [{ - # query_string = [{ - # key = "video" - # value = "random" - # }, - # { - # key = "image" - # value = "next" - # }] - # }] - # } - # } - # } - - # ex-http-weighted-target = { - # port = 81 - # protocol = "HTTP" - # weighted_forward = { - # target_groups = [ - # { - # target_group_key = "ex-lambda-with-trigger" - # weight = 60 - # }, - # { - # target_group_key = "ex-instance" - # weight = 40 - # } - # ] - # } - # } - - # ex-fixed-response = { - # port = 82 - # protocol = "HTTP" - # fixed_response = { - # content_type = "text/plain" - # message_body = "Fixed message" - # status_code = "200" - # } - # } - - # ex-https = { - # port = 443 - # protocol = "HTTPS" - # ssl_policy = "ELBSecurityPolicy-TLS13-1-2-Res-2021-06" - # certificate_arn = module.acm.acm_certificate_arn - # additional_certificate_arns = [module.wildcard_cert.acm_certificate_arn] - - # forward = { - # target_group_key = "ex-instance" - # } - - # rules = { - # ex-cognito = { - # actions = [ - # { - # type = "authenticate-cognito" - # on_unauthenticated_request = "authenticate" - # session_cookie_name = "session-${local.name}" - # session_timeout = 3600 - # user_pool_arn = aws_cognito_user_pool.this.arn - # user_pool_client_id = aws_cognito_user_pool_client.this.id - # user_pool_domain = aws_cognito_user_pool_domain.this.domain - # }, - # { - # type = "forward" - # target_group_key = "ex-instance" - # } - # ] - - # conditions = [{ - # path_pattern = { - # values = ["/some/auth/required/route"] - # } - # }] - # } - - # ex-fixed-response = { - # priority = 3 - # actions = [{ - # type = "fixed-response" - # content_type = "text/plain" - # status_code = 200 - # message_body = "This is a fixed response" - # }] - - # conditions = [{ - # http_header = { - # http_header_name = "x-Gimme-Fixed-Response" - # values = ["yes", "please", "right now"] - # } - # }] - # } - - # ex-weighted-forward = { - # priority = 4 - # actions = [{ - # type = "weighted-forward" - # target_groups = [ - # { - # target_group_key = "ex-instance" - # weight = 2 - # }, - # { - # target_group_key = "ex-lambda-with-trigger" - # weight = 1 - # } - # ] - # stickiness = { - # enabled = true - # duration = 3600 - # } - # }] - - # conditions = [{ - # query_string = { - # key = "weighted" - # value = "true" - # }, - # path_pattern = { - # values = ["/some/path"] - # } - # }] - # } - - # ex-redirect = { - # priority = 5000 - # actions = [{ - # type = "redirect" - # status_code = "HTTP_302" - # host = "www.youtube.com" - # path = "/watch" - # query = "v=dQw4w9WgXcQ" - # protocol = "HTTPS" - # }] - - # conditions = [{ - # query_string = { - # key = "video" - # value = "random" - # } - # }] - # } - # } - # } - - # ex-cognito = { - # port = 444 - # protocol = "HTTPS" - # certificate_arn = module.acm.acm_certificate_arn - - # authenticate_cognito = { - # authentication_request_extra_params = { - # display = "page" - # prompt = "login" - # } - # on_unauthenticated_request = "authenticate" - # session_cookie_name = "session-${local.name}" - # session_timeout = 3600 - # user_pool_arn = aws_cognito_user_pool.this.arn - # user_pool_client_id = aws_cognito_user_pool_client.this.id - # user_pool_domain = aws_cognito_user_pool_domain.this.domain - # } - - # forward = { - # target_group_key = "ex-instance" - # } - - # rules = { - # ex-oidc = { - # priority = 2 - - # actions = [ - # { - # type = "authenticate-oidc" - # authentication_request_extra_params = { - # display = "page" - # prompt = "login" - # } - # authorization_endpoint = "https://${var.domain_name}/auth" - # client_id = "client_id" - # client_secret = "client_secret" - # issuer = "https://${var.domain_name}" - # token_endpoint = "https://${var.domain_name}/token" - # user_info_endpoint = "https://${var.domain_name}/user_info" - # }, - # { - # type = "forward" - # target_group_key = "ex-lambda-with-trigger" - # } - # ] - - # conditions = [{ - # host_header = { - # values = ["foobar.com"] - # } - # }] - # } - # } - # } - - # ex-oidc = { - # port = 445 - # protocol = "HTTPS" - # certificate_arn = module.acm.acm_certificate_arn - # action_type = "authenticate-oidc" - # authenticate_oidc = { - # authentication_request_extra_params = { - # display = "page" - # prompt = "login" - # } - # authorization_endpoint = "https://${var.domain_name}/auth" - # client_id = "client_id" - # client_secret = "client_secret" - # issuer = "https://${var.domain_name}" - # token_endpoint = "https://${var.domain_name}/token" - # user_info_endpoint = "https://${var.domain_name}/user_info" - # } - - # forward = { - # target_group_key = "ex-instance" - # } - # } - # } - - # target_groups = { - # ex-instance = { - # name_prefix = "h1" - # protocol = "HTTP" - # port = 80 - # target_type = "instance" - # deregistration_delay = 10 - # load_balancing_algorithm_type = "weighted_random" - # load_balancing_anomaly_mitigation = "on" - # load_balancing_cross_zone_enabled = false - - # target_group_health = { - # dns_failover = { - # minimum_healthy_targets_count = 2 - # } - # unhealthy_state_routing = { - # minimum_healthy_targets_percentage = 50 - # } - # } - - # health_check = { - # enabled = true - # interval = 30 - # path = "/healthz" - # port = "traffic-port" - # healthy_threshold = 3 - # unhealthy_threshold = 3 - # timeout = 6 - # protocol = "HTTP" - # matcher = "200-399" - # } - - # protocol_version = "HTTP1" - # target_id = aws_instance.this.id - # port = 80 - # tags = { - # InstanceTargetGroupTag = "baz" - # } - # } - - # ex-lambda-with-trigger = { - # name_prefix = "l1-" - # target_type = "lambda" - # lambda_multi_value_headers_enabled = true - # target_id = module.lambda_with_allowed_triggers.lambda_function_arn - # } - - # ex-lambda-without-trigger = { - # name_prefix = "l2-" - # target_type = "lambda" - # target_id = module.lambda_without_allowed_triggers.lambda_function_arn - # attach_lambda_permission = true - # } - # } - - # additional_target_group_attachments = { - # ex-instance-other = { - # target_group_key = "ex-instance" - # target_type = "instance" - # target_id = aws_instance.other.id - # port = "80" - # } - # } - - # # Route53 Record(s) - # route53_records = { - # A = { - # name = local.name - # type = "A" - # zone_id = data.aws_route53_zone.this.id - # } - # AAAA = { - # name = local.name - # type = "AAAA" - # zone_id = data.aws_route53_zone.this.id - # } - # } - tags = local.tags } -#module "alb_disabled" { -# source = "../../"# -# -# create = false -#} - -# ################################################################################ -# # Using packaged function from Lambda module -# ################################################################################ - -# locals { -# package_url = "https://raw.githubusercontent.com/terraform-aws-modules/terraform-aws-lambda/master/examples/fixtures/python3.8-zip/existing_package.zip" -# downloaded = "downloaded_package_${md5(local.package_url)}.zip" -# } - -# resource "null_resource" "download_package" { -# triggers = { -# downloaded = local.downloaded -# } - -# provisioner "local-exec" { -# command = "curl -L -o ${local.downloaded} ${local.package_url}" -# } -# } - -# module "lambda_with_allowed_triggers" { -# source = "terraform-aws-modules/lambda/aws" -# version = "~> 6.0" - -# function_name = "${local.name}-with-allowed-triggers" -# description = "My awesome lambda function (with allowed triggers)" -# handler = "index.lambda_handler" -# runtime = "python3.8" - -# publish = true -# create_package = false -# local_existing_package = local.downloaded - -# allowed_triggers = { -# AllowExecutionFromELB = { -# service = "elasticloadbalancing" -# source_arn = module.alb.target_groups["ex-lambda-with-trigger"].arn -# } -# } - -# depends_on = [null_resource.download_package] -# } - -# module "lambda_without_allowed_triggers" { -# source = "terraform-aws-modules/lambda/aws" -# version = "~> 6.0" - -# function_name = "${local.name}-without-allowed-triggers" -# description = "My awesome lambda function (without allowed triggers)" -# handler = "index.lambda_handler" -# runtime = "python3.8" - -# publish = true -# create_package = false -# local_existing_package = local.downloaded - -# # Allowed triggers will be managed by ALB module -# allowed_triggers = {} - -# depends_on = [null_resource.download_package] -# } - -# ################################################################################ -# # Supporting resources -# ################################################################################ - -# module "vpc" { -# source = "terraform-aws-modules/vpc/aws" -# version = "~> 5.0" - -# name = local.name -# cidr = local.vpc_cidr - -# azs = local.azs -# private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)] -# public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)] - -# tags = local.tags -# } - -# data "aws_route53_zone" "this" { -# name = var.domain_name -# } - -# module "acm" { -# source = "terraform-aws-modules/acm/aws" -# version = "~> 4.0" - -# domain_name = var.domain_name -# zone_id = data.aws_route53_zone.this.id -# } - -# module "wildcard_cert" { -# source = "terraform-aws-modules/acm/aws" -# version = "~> 4.0" - -# domain_name = "*.${var.domain_name}" -# zone_id = data.aws_route53_zone.this.id -# } - -# data "aws_ssm_parameter" "al2" { -# name = "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2" -# } - -# resource "aws_instance" "this" { -# ami = data.aws_ssm_parameter.al2.value -# instance_type = "t3.nano" -# subnet_id = element(module.vpc.private_subnets, 0) -# } - -# resource "aws_instance" "other" { -# ami = data.aws_ssm_parameter.al2.value -# instance_type = "t3.nano" -# subnet_id = element(module.vpc.private_subnets, 0) -# } - -# ################################################################## -# # AWS Cognito User Pool -# ################################################################## +resource "aws_route53_zone" "primary" { + name = var.domain_name +} -# resource "aws_cognito_user_pool" "this" { -# name = "user-pool-${local.name}" -# } +resource "aws_route53_record" "api-cname" { + zone_id = aws_route53_zone.primary.zone_id + name = "us-east-1.${var.domain_name}" + type = "CNAME" + ttl = 5 -# resource "aws_cognito_user_pool_client" "this" { -# name = "user-pool-client-${local.name}" -# user_pool_id = aws_cognito_user_pool.this.id -# generate_secret = true -# allowed_oauth_flows = ["code", "implicit"] -# callback_urls = ["https://${var.domain_name}/callback"] -# allowed_oauth_scopes = ["email", "openid"] -# allowed_oauth_flows_user_pool_client = true -# } +# weighted_routing_policy { +# weight = 10 +# } + #set_identifier = "dev" + records = [ + module.alb.dns_name + ] +} -# resource "random_string" "this" { -# length = 5 -# upper = false -# special = false -# } +data "cloudflare_zone" "zone" { + #type = "full" + name = "introspector.meme" + account_id = "0ceffbadd0a04623896f5317a1e40d94" +} -# resource "aws_cognito_user_pool_domain" "this" { -# domain = "${local.name}-${random_string.this.result}" -# user_pool_id = aws_cognito_user_pool.this.id -# } +resource "cloudflare_record" "aws-ns-record" { + count = "${length(aws_route53_zone.primary.name_servers)}" + #domain = "${var.domain_name}" + name = var.domain_name + zone_id = data.cloudflare_zone.zone.id + content = "${element(aws_route53_zone.primary.name_servers, count.index)}" + type = "NS" + priority = 1 +} -#module# "log_bucket" { -# source = "terraform-aws-modules/s3-bucket/aws" -# version = "~> 3.0" +module "acm" { +# count = 0 + source = "terraform-aws-modules/acm/aws" + version = "~> 4.0" + domain_name = var.domain_name + zone_id = aws_route53_zone.primary.zone_id + subject_alternative_names = [ + "*.${var.domain_name}" + ] +} -# bucket_prefix = "${local.name}-logs-" -# acl = "log-delivery-write" +## now we just lift the listener code +resource "aws_lb_listener" "this" { + port = 443 + protocol = "HTTPS" + ssl_policy = "ELBSecurityPolicy-TLS13-1-2-Res-2021-06" + certificate_arn = module.acm.acm_certificate_arn + load_balancer_arn = module.alb.arn + #additional_certificate_arns = [module.wildcard_cert.acm_certificate_arn] + # #forward = { + # #target_group_key = "ex-swarms-instance" + # target_group_arn = "ex-swarms-instance" + # #target_group = [] + + default_action { + target_group_arn =aws_lb_target_group.this.arn + #module.alb.target_groups["ex-lambda-with-trigger"].arn + #length(try(default_action.value.target_groups, [])) > 0 ? null : try(default_action.value.arn, aws_lb_target_group.this[default_action.value.target_group_key].arn, null) + type = "forward" + } +} -# # For example only -# force_destroy = true -# control_object_ownership = true -# object_ownership = "ObjectWriter" +resource "aws_lb_target_group" "this" { + name_prefix = "swarms" + protocol = "HTTP" + port = 80 + target_type = "instance" + vpc_id = var.vpc_id + deregistration_delay = 10 + #load_balancing_algorithm_type = "weighted_random" + #load_balancing_anomaly_mitigation = "on" + #load_balancing_cross_zone_enabled = false + protocol_version = "HTTP1" + # + health_check { + path = "/v1/docs" # the docs api + enabled = true + healthy_threshold = 10 + interval = 130 + port = "traffic-port" + protocol = "HTTP" + timeout = 120 + unhealthy_threshold = 10 + } + +# stickiness { +# cookie_duration = 86400 +# enabled = true +# type = "lb_cookie" +# } + +} -# attach_elb_log_delivery_policy = true # Required for ALB logs -# attach_lb_log_delivery_policy = true # Required for ALB/NLB logs +output zone_id { + value = aws_route53_zone.primary.zone_id +} -# attach_deny_insecure_transport_policy = true -# attach_require_latest_tls_policy = true +output zone { + value = aws_route53_zone.primary +} +output alb_target_group_arn { + value = aws_lb_target_group.this.arn +} -# tags = local.tags -# } +output dns { + value = module.alb.dns_name +} +output cname { + value = aws_route53_record.api-cname.fqdn +} diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf index 3e398f0..bb78a6e 100644 --- a/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf +++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf @@ -1,4 +1,6 @@ -variable security_group_id {} +variable target_group_arn{} +#variable security_group_id {} +variable name {} variable instance_type { # default = "t3.micro" } @@ -12,13 +14,13 @@ variable image_id { variable vpc_id { default = "vpc-04f28c9347af48b55" } -provider "aws" { - region = "us-east-1" -} +#provider "aws" { +# region = "us-east-1" +#} locals { ami = "ami-0e2c8caa4b6378d8c" - name = "swarms" + # name = "swarms" region = "us-east-1" ec2_subnet_id = "subnet-057c90cfe7b2e5646" @@ -32,12 +34,12 @@ locals { } resource "aws_iam_instance_profile" "ssm" { - name = "ssm-${local.name}" + name = "ssm-${var.name}" role = aws_iam_role.ssm.name tags = local.tags } resource "aws_iam_role" "ssm" { - name = "ssm-${local.name}" + name = "ssm-${var.name}" tags = local.tags assume_role_policy = jsonencode({ @@ -58,16 +60,14 @@ resource "aws_iam_role" "ssm" { module "autoscaling" { source = "terraform-aws-modules/autoscaling/aws" version = "8.0.0" - name = local.name - + name = var.name + health_check_type = "EC2" desired_capacity = 1 max_size = 5 min_size = 1 create_launch_template = false - #launch_template_name = "complete-${local.name}" - #launch_template_description = "Complete launch template example" update_default_version = true launch_template_id = var.launch_template_id @@ -83,7 +83,7 @@ module "autoscaling" { device_index = 0 delete_on_termination = true description = "interface1" - security_groups = [var.security_group_id] +# security_groups = [var.security_group_id] } ] instance_type = var.instance_type @@ -91,7 +91,7 @@ module "autoscaling" { create_iam_instance_profile = true - iam_role_name = "ssm-${local.name}" + iam_role_name = "ssm-${var.name}" iam_role_path = "/ec2/" iam_role_description = "SSM IAM role for swarms" iam_role_tags = { @@ -102,4 +102,12 @@ module "autoscaling" { AmazonSSMManagedInstanceCore = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" } + # target_group_arn = + traffic_source_attachments = { + ex-alb = { + traffic_source_identifier = var.target_group_arn + traffic_source_type = "elbv2" # default + } + } + } diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/launch_template/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/launch_template/main.tf index 1833dc9..b823712 100644 --- a/environments/swarms-aws-agent-api/dev/us-east-1/components/launch_template/main.tf +++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/launch_template/main.tf @@ -1,4 +1,7 @@ variable security_group_id {} +variable name { + default = "swarms" +} variable vpc_id { default = "vpc-04f28c9347af48b55" } @@ -6,51 +9,42 @@ variable vpc_id { variable key_name { default = "mdupont-deployer-key" } -variable instance_type { - # default = "t3.micro" -} - -provider "aws" { - region = "us-east-1" -} +# dont use this +variable instance_type {} locals { ami = "ami-0e2c8caa4b6378d8c" - name = "swarms" +# name = "swarms" region = "us-east-1" ec2_subnet_id = "subnet-057c90cfe7b2e5646" vpc_id = "vpc-04f28c9347af48b55" iam_instance_profile_name = "swarms-20241213150629570500000003" tags = { project="swarms" + instance_type = var.instance_type + name = var.name } } resource "aws_launch_template" "ec2_launch_template" { - name_prefix = "${local.name}-launch-template-" + name_prefix = "${var.name}-launch-template-" image_id = local.ami - # instance_type = "t3.large" key_name = var.key_name - instance_type = var.instance_type#"t3.micro" -# vpc_security_group_ids = [var.security_group_id] + instance_type = var.instance_type network_interfaces { associate_public_ip_address = true delete_on_termination = true security_groups = [var.security_group_id] } - + iam_instance_profile { name = local.iam_instance_profile_name #aws_iam_instance_profile.ec2_instance_profile.name } - -# key_name = "your-key-pair" # Replace with your key pair name - lifecycle { create_before_destroy = true } - block_device_mappings { device_name = "/dev/sda1" ebs { diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/security/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/security/main.tf index 779a1b1..796614a 100644 --- a/environments/swarms-aws-agent-api/dev/us-east-1/components/security/main.tf +++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/security/main.tf @@ -18,8 +18,8 @@ module "asg_sg" { source = "terraform-aws-modules/security-group/aws" version = "~> 5.0" - name = local.name - description = "A security group" + name = "${local.name}-external" + description = "external group" vpc_id = var.vpc_id ingress_cidr_blocks = ["0.0.0.0/0"] @@ -34,90 +34,32 @@ module "asg_sg" { tags = local.tags } +module "asg_sg_internal" { + source = "terraform-aws-modules/security-group/aws" + version = "~> 5.0" + + name = "${local.name}-internal" + description = "An internal security group" + vpc_id = var.vpc_id + # see ~/2024/12/13/terraform-aws-security-group/examples/complete/main.tf + ingress_with_source_security_group_id = [ + { + rule = "http-80-tcp", + # only allow from load balancer for security + source_security_group_id = module.asg_sg.security_group_id + } + ] + egress_rules = ["all-all"] + + tags = local.tags +} + output "security_group_id" { value = module.asg_sg.security_group_id } +output "internal_security_group_id" { + value = module.asg_sg_internal.security_group_id +} -# tofu state show module.security.module.asg_sg.aws_security_group.this_name_prefix[0] -# resource "aws_security_group" "this_name_prefix" { -# arn = "arn:aws:ec2:us-east-1:767503528736:security-group/sg-03c9752b62d0bcfe4" -# description = "A security group" -# egress = [ -# { -# cidr_blocks = [ -# "0.0.0.0/0", -# ] -# description = "All protocols" -# from_port = 0 -# ipv6_cidr_blocks = [ -# "::/0", -# ] -# prefix_list_ids = [] -# protocol = "-1" -# security_groups = [] -# self = false -# to_port = 0 -# }, -# ] -# id = "sg-03c9752b62d0bcfe4" -# ingress = [ -# { -# cidr_blocks = [ -# "0.0.0.0/0", -# ] -# description = "HTTP" -# from_port = 80 -# ipv6_cidr_blocks = [] -# prefix_list_ids = [] -# protocol = "tcp" -# security_groups = [] -# self = false -# to_port = 80 -# }, -# { -# cidr_blocks = [ -# "0.0.0.0/0", -# ] -# description = "HTTPS" -# from_port = 443 -# ipv6_cidr_blocks = [] -# prefix_list_ids = [] -# protocol = "tcp" -# security_groups = [] -# self = false -# to_port = 443 -# }, -# { -# cidr_blocks = [ -# "0.0.0.0/0", -# ] -# description = "SSH" -# from_port = 22 -# ipv6_cidr_blocks = [] -# prefix_list_ids = [] -# protocol = "tcp" -# security_groups = [] -# self = false -# to_port = 22 -# }, -# ] -# name = "swarms-20241214133959057000000001" -# name_prefix = "swarms-" -# owner_id = "767503528736" -# revoke_rules_on_delete = false -# tags = { -# "Name" = "swarms" -# "project" = "swarms" -# } -# tags_all = { -# "Name" = "swarms" -# "project" = "swarms" -# } -# vpc_id = "vpc-04f28c9347af48b55" -# timeouts { -# create = "10m" -# delete = "15m" -# } -# } diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf index 423543a..629d942 100644 --- a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf +++ b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf @@ -1,10 +1,12 @@ locals { # instance_type = "t3.large" - instance_type = "t3.medium" + # instance_type = "t3.medium" ami = "ami-0e2c8caa4b6378d8c" name = "swarms" region = "us-east-1" - ec2_subnet_id = "subnet-057c90cfe7b2e5646" + domain = "api.introspector.meme" + ec2_public_subnet_id_1 = "subnet-057c90cfe7b2e5646" # swarms-public-us-east-1a + ec2_public_subnet_id_2 = "subnet-05d8aef1f71b5fe22" # b vpc_id = "vpc-04f28c9347af48b55" tags = { project="swarms" @@ -19,18 +21,60 @@ module "kp" { source = "./components/keypairs" } -module "lt" { - instance_type = local.instance_type - security_group_id = module.security.security_group_id +# module "lt" { +# instance_type = local.instance_type +# security_group_id = module.security.security_group_id +# source = "./components/launch_template" +# } + +# module "asg" { +# source = "./components/autoscaling_group" +# name="swarms" +# security_group_id = module.security.security_group_id +# instance_type = local.instance_type +# launch_template_id = module.lt.launch_template_id +# } + +variable "instance_types" { + type = list(string) + default = [ + # "t4g.nano", "t3a.nano", "t3.nano", "t2.nano", + # "t4g.micro", "t3a.micro", "t3.micro", "t2.micro", "t1.micro", + #"t4g.small", "t3a.small", + #"t3.small", + #"t2.small", not working + # "t2.medium" # + "t3.medium" + ] +} + +module "lt_dynamic" { + for_each = toset(var.instance_types) + instance_type = each.key + name = "swarms-size-${each.key}" + security_group_id = module.security.internal_security_group_id source = "./components/launch_template" } +module "alb" { + source = "./components/application_load_balancer" + domain_name = local.domain + security_group_id = module.security.security_group_id # allowed to talk to internal + public_subnets = [ + local.ec2_public_subnet_id_1, + local.ec2_public_subnet_id_2 ] + vpc_id = local.vpc_id + name = local.name +} -module "asg" { - source = "./components/autoscaling_group" - security_group_id = module.security.security_group_id - instance_type = local.instance_type - launch_template_id = module.lt.launch_template_id +module "asg_dynamic" { + for_each = toset(var.instance_types) + source = "./components/autoscaling_group" +# security_group_id = module.security.internal_security_group_id + instance_type = each.key + name = "swarms-size-${each.key}" + launch_template_id = module.lt_dynamic[each.key].launch_template_id + target_group_arn = module.alb.alb_target_group_arn } # module "alb" { @@ -41,10 +85,14 @@ module "asg" { # │ -output launch_template_id { - value = module.lt.launch_template_id -} +#output launch_template_id { +# value = module.lt.launch_template_id +#} output security_group_id { value = module.security.security_group_id } + +output alb { + value = module.alb +}