From 7e7f8f9f7378758b3bed306bac0cac2a3769c9ac Mon Sep 17 00:00:00 2001 From: mike dupont Date: Sat, 14 Dec 2024 10:26:15 -0500 Subject: [PATCH 01/13] many sizes --- .../components/autoscaling_group/main.tf | 6 +++--- .../dev/us-east-1/main.tf | 19 ++++++++++++++++++- 2 files changed, 21 insertions(+), 4 deletions(-) diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf index 3e398f0..0dad0a8 100644 --- a/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf +++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf @@ -12,9 +12,9 @@ variable image_id { variable vpc_id { default = "vpc-04f28c9347af48b55" } -provider "aws" { - region = "us-east-1" -} +#provider "aws" { +# region = "us-east-1" +#} locals { ami = "ami-0e2c8caa4b6378d8c" diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf index 423543a..10e56ea 100644 --- a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf +++ b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf @@ -25,7 +25,6 @@ module "lt" { source = "./components/launch_template" } - module "asg" { source = "./components/autoscaling_group" security_group_id = module.security.security_group_id @@ -33,6 +32,24 @@ module "asg" { launch_template_id = module.lt.launch_template_id } +variable "instance_types" { + type = list(string) + default = [ + "t4g.nano", "t3a.nano", "t3.nano", "t2.nano", + "t4g.micro", "t3a.micro", "t3.micro", "t2.micro", "t1.micro", + "t4g.small", "t3a.small", "t3.small", "t2.small", + # t2.medium t3.medium + ] +} + +module "asg_dynamic" { + for_each = toset(var.instance_types) + source = "./components/autoscaling_group" + security_group_id = module.security.security_group_id + instance_type = each.key + launch_template_id = module.lt.launch_template_id +} + # module "alb" { # # count = 0 # source = "./components/application_load_balancer" From 7f40ba18430ae8c36e1b263cb54edfe50ad3a410 Mon Sep 17 00:00:00 2001 From: mike dupont Date: Sat, 14 Dec 2024 11:05:35 -0500 Subject: [PATCH 02/13] now creating more sizes --- .../components/autoscaling_group/main.tf | 13 ++++----- .../components/launch_template/main.tf | 28 ++++++++----------- .../dev/us-east-1/main.tf | 12 +++++++- 3 files changed, 28 insertions(+), 25 deletions(-) diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf index 0dad0a8..a13b3a8 100644 --- a/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf +++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf @@ -1,4 +1,5 @@ variable security_group_id {} +variable name {} variable instance_type { # default = "t3.micro" } @@ -18,7 +19,7 @@ variable vpc_id { locals { ami = "ami-0e2c8caa4b6378d8c" - name = "swarms" + # name = "swarms" region = "us-east-1" ec2_subnet_id = "subnet-057c90cfe7b2e5646" @@ -32,12 +33,12 @@ locals { } resource "aws_iam_instance_profile" "ssm" { - name = "ssm-${local.name}" + name = "ssm-${var.name}" role = aws_iam_role.ssm.name tags = local.tags } resource "aws_iam_role" "ssm" { - name = "ssm-${local.name}" + name = "ssm-${var.name}" tags = local.tags assume_role_policy = jsonencode({ @@ -58,7 +59,7 @@ resource "aws_iam_role" "ssm" { module "autoscaling" { source = "terraform-aws-modules/autoscaling/aws" version = "8.0.0" - name = local.name + name = var.name desired_capacity = 1 @@ -66,8 +67,6 @@ module "autoscaling" { min_size = 1 create_launch_template = false - #launch_template_name = "complete-${local.name}" - #launch_template_description = "Complete launch template example" update_default_version = true launch_template_id = var.launch_template_id @@ -91,7 +90,7 @@ module "autoscaling" { create_iam_instance_profile = true - iam_role_name = "ssm-${local.name}" + iam_role_name = "ssm-${var.name}" iam_role_path = "/ec2/" iam_role_description = "SSM IAM role for swarms" iam_role_tags = { diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/launch_template/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/launch_template/main.tf index 1833dc9..b823712 100644 --- a/environments/swarms-aws-agent-api/dev/us-east-1/components/launch_template/main.tf +++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/launch_template/main.tf @@ -1,4 +1,7 @@ variable security_group_id {} +variable name { + default = "swarms" +} variable vpc_id { default = "vpc-04f28c9347af48b55" } @@ -6,51 +9,42 @@ variable vpc_id { variable key_name { default = "mdupont-deployer-key" } -variable instance_type { - # default = "t3.micro" -} - -provider "aws" { - region = "us-east-1" -} +# dont use this +variable instance_type {} locals { ami = "ami-0e2c8caa4b6378d8c" - name = "swarms" +# name = "swarms" region = "us-east-1" ec2_subnet_id = "subnet-057c90cfe7b2e5646" vpc_id = "vpc-04f28c9347af48b55" iam_instance_profile_name = "swarms-20241213150629570500000003" tags = { project="swarms" + instance_type = var.instance_type + name = var.name } } resource "aws_launch_template" "ec2_launch_template" { - name_prefix = "${local.name}-launch-template-" + name_prefix = "${var.name}-launch-template-" image_id = local.ami - # instance_type = "t3.large" key_name = var.key_name - instance_type = var.instance_type#"t3.micro" -# vpc_security_group_ids = [var.security_group_id] + instance_type = var.instance_type network_interfaces { associate_public_ip_address = true delete_on_termination = true security_groups = [var.security_group_id] } - + iam_instance_profile { name = local.iam_instance_profile_name #aws_iam_instance_profile.ec2_instance_profile.name } - -# key_name = "your-key-pair" # Replace with your key pair name - lifecycle { create_before_destroy = true } - block_device_mappings { device_name = "/dev/sda1" ebs { diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf index 10e56ea..b638bae 100644 --- a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf +++ b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf @@ -27,6 +27,7 @@ module "lt" { module "asg" { source = "./components/autoscaling_group" + name="swarms" security_group_id = module.security.security_group_id instance_type = local.instance_type launch_template_id = module.lt.launch_template_id @@ -42,12 +43,21 @@ variable "instance_types" { ] } +module "lt_dynamic" { + for_each = toset(var.instance_types) + instance_type = each.key + name = "swarms-size-${each.key}" + security_group_id = module.security.security_group_id + source = "./components/launch_template" +} + module "asg_dynamic" { for_each = toset(var.instance_types) source = "./components/autoscaling_group" security_group_id = module.security.security_group_id instance_type = each.key - launch_template_id = module.lt.launch_template_id + name = "swarms-size-${each.key}" + launch_template_id = module.lt_dynamic[each.key].launch_template_id } # module "alb" { From 107ae6a3d1f2d9bd5f0269dc9c6b30c5a57fd272 Mon Sep 17 00:00:00 2001 From: mike dupont Date: Sat, 14 Dec 2024 11:36:52 -0500 Subject: [PATCH 03/13] removing too small --- .../swarms-aws-agent-api/dev/us-east-1/main.tf | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf index b638bae..eb17126 100644 --- a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf +++ b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf @@ -36,10 +36,12 @@ module "asg" { variable "instance_types" { type = list(string) default = [ - "t4g.nano", "t3a.nano", "t3.nano", "t2.nano", - "t4g.micro", "t3a.micro", "t3.micro", "t2.micro", "t1.micro", - "t4g.small", "t3a.small", "t3.small", "t2.small", - # t2.medium t3.medium + # "t4g.nano", "t3a.nano", "t3.nano", "t2.nano", + # "t4g.micro", "t3a.micro", "t3.micro", "t2.micro", "t1.micro", + #"t4g.small", "t3a.small", + "t3.small", + #"t2.small", not working + "t2.medium" # "t3.medium" ] } From 68c39a9f993f2f59556000168baf9f4509475bee Mon Sep 17 00:00:00 2001 From: mike dupont Date: Sun, 15 Dec 2024 21:51:06 -0500 Subject: [PATCH 04/13] alb --- .../application_load_balancer/main.tf | 172 ++++++++---------- .../dev/us-east-1/main.tf | 52 ++++-- 2 files changed, 106 insertions(+), 118 deletions(-) diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf index a2ff758..85a5934 100644 --- a/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf +++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf @@ -3,17 +3,14 @@ # } variable name {} # = local.name +variable domain_name {} # = local.name variable vpc_id {} #= module.vpc.vpc_id -variable subnets {} #= module.vpc.public_subnets - -provider "aws" { - region = local.region -} +#variable subnets {} #= module.vpc.public_subnets +variable public_subnets {} #= module.vpc.public_subnets data "aws_availability_zones" "available" {} locals { - region = "eu-west-1" name = "ex-${basename(path.cwd)}" vpc_cidr = "10.0.0.0/16" @@ -30,12 +27,9 @@ locals { # Application Load Balancer ################################################################## - module "alb" { -# provider = var.provider_alias source = "terraform-aws-modules/alb/aws" version = "9.12.0" - name = var.name # local.name vpc_id = var.vpc_id # module.vpc.vpc_id subnets = var.public_subnets # module.vpc.public_subnets @@ -63,9 +57,43 @@ module "alb" { security_group_egress_rules = { all = { ip_protocol = "-1" - cidr_ipv4 = module.vpc.vpc_cidr_block + cidr_ipv4 = "0.0.0.0/32" #module.vpc.vpc_cidr_block } } + client_keep_alive = 7200 + target_groups = { + # ex-swarms-instance = { + # name_prefix = "swarms" + # protocol = "HTTP" + # port = 80 + # target_type = "instance" + # #deregistration_delay = 10 + # #load_balancing_algorithm_type = "weighted_random" + # #load_balancing_anomaly_mitigation = "on" + # #load_balancing_cross_zone_enabled = false + # #protocol_version = "HTTP1" + # #target_id = "aws_instance.this.id" + # #tags = { + # # InstanceTargetGroupTag = "swarms" + # #} + # } + } + # listeners = { + # ex-https = { + # port = 443 + # protocol = "HTTPS" + # #ssl_policy = "ELBSecurityPolicy-TLS13-1-2-Res-2021-06" + # certificate_arn = module.acm.acm_certificate_arn + # #additional_certificate_arns = [module.wildcard_cert.acm_certificate_arn] + # #forward = { + # #target_group_key = "ex-swarms-instance" + # target_group_arn = "ex-swarms-instance" + # #target_group = [] + # #} + # } + # } + tags = local.tags +} # access_logs = { # bucket = module.log_bucket.s3_bucket_id @@ -78,19 +106,16 @@ module "alb" { # prefix = "connection-logs" # } - client_keep_alive = 7200 - - # listeners = { - # ex-http-https-redirect = { - # port = 80 - # protocol = "HTTP" - # redirect = { - # port = "443" - # protocol = "HTTPS" - # status_code = "HTTP_301" - # } - - # rules = { + # ex-http-https-redirect = { + # port = 80 + # protocol = "HTTP" + # redirect = { + # port = "443" + # protocol = "HTTPS" + # status_code = "HTTP_301" + # } + # } + # rules = { # ex-fixed-response = { # priority = 3 # actions = [{ @@ -99,7 +124,6 @@ module "alb" { # status_code = 200 # message_body = "This is a fixed response" # }] - # conditions = [{ # http_header = { # http_header_name = "x-Gimme-Fixed-Response" @@ -107,7 +131,6 @@ module "alb" { # } # }] # } - # ex-weighted-forward = { # priority = 4 # actions = [{ @@ -127,7 +150,6 @@ module "alb" { # duration = 3600 # } # }] - # conditions = [{ # query_string = { # key = "weighted" @@ -135,7 +157,6 @@ module "alb" { # } # }] # } - # ex-redirect = { # priority = 5000 # actions = [{ @@ -146,7 +167,6 @@ module "alb" { # query = "v=dQw4w9WgXcQ" # protocol = "HTTPS" # }] - # conditions = [{ # query_string = [{ # key = "video" @@ -160,7 +180,6 @@ module "alb" { # } # } # } - # ex-http-weighted-target = { # port = 81 # protocol = "HTTP" @@ -177,7 +196,6 @@ module "alb" { # ] # } # } - # ex-fixed-response = { # port = 82 # protocol = "HTTP" @@ -187,18 +205,6 @@ module "alb" { # status_code = "200" # } # } - - # ex-https = { - # port = 443 - # protocol = "HTTPS" - # ssl_policy = "ELBSecurityPolicy-TLS13-1-2-Res-2021-06" - # certificate_arn = module.acm.acm_certificate_arn - # additional_certificate_arns = [module.wildcard_cert.acm_certificate_arn] - - # forward = { - # target_group_key = "ex-instance" - # } - # rules = { # ex-cognito = { # actions = [ @@ -216,14 +222,12 @@ module "alb" { # target_group_key = "ex-instance" # } # ] - # conditions = [{ # path_pattern = { # values = ["/some/auth/required/route"] # } # }] # } - # ex-fixed-response = { # priority = 3 # actions = [{ @@ -232,7 +236,6 @@ module "alb" { # status_code = 200 # message_body = "This is a fixed response" # }] - # conditions = [{ # http_header = { # http_header_name = "x-Gimme-Fixed-Response" @@ -240,7 +243,6 @@ module "alb" { # } # }] # } - # ex-weighted-forward = { # priority = 4 # actions = [{ @@ -260,7 +262,6 @@ module "alb" { # duration = 3600 # } # }] - # conditions = [{ # query_string = { # key = "weighted" @@ -271,7 +272,6 @@ module "alb" { # } # }] # } - # ex-redirect = { # priority = 5000 # actions = [{ @@ -282,7 +282,6 @@ module "alb" { # query = "v=dQw4w9WgXcQ" # protocol = "HTTPS" # }] - # conditions = [{ # query_string = { # key = "video" @@ -291,13 +290,10 @@ module "alb" { # }] # } # } - # } - # ex-cognito = { # port = 444 # protocol = "HTTPS" # certificate_arn = module.acm.acm_certificate_arn - # authenticate_cognito = { # authentication_request_extra_params = { # display = "page" @@ -310,15 +306,12 @@ module "alb" { # user_pool_client_id = aws_cognito_user_pool_client.this.id # user_pool_domain = aws_cognito_user_pool_domain.this.domain # } - # forward = { # target_group_key = "ex-instance" # } - # rules = { # ex-oidc = { # priority = 2 - # actions = [ # { # type = "authenticate-oidc" @@ -338,7 +331,6 @@ module "alb" { # target_group_key = "ex-lambda-with-trigger" # } # ] - # conditions = [{ # host_header = { # values = ["foobar.com"] @@ -347,7 +339,6 @@ module "alb" { # } # } # } - # ex-oidc = { # port = 445 # protocol = "HTTPS" @@ -365,24 +356,11 @@ module "alb" { # token_endpoint = "https://${var.domain_name}/token" # user_info_endpoint = "https://${var.domain_name}/user_info" # } - # forward = { # target_group_key = "ex-instance" # } # } # } - - # target_groups = { - # ex-instance = { - # name_prefix = "h1" - # protocol = "HTTP" - # port = 80 - # target_type = "instance" - # deregistration_delay = 10 - # load_balancing_algorithm_type = "weighted_random" - # load_balancing_anomaly_mitigation = "on" - # load_balancing_cross_zone_enabled = false - # target_group_health = { # dns_failover = { # minimum_healthy_targets_count = 2 @@ -391,7 +369,6 @@ module "alb" { # minimum_healthy_targets_percentage = 50 # } # } - # health_check = { # enabled = true # interval = 30 @@ -402,23 +379,13 @@ module "alb" { # timeout = 6 # protocol = "HTTP" # matcher = "200-399" - # } - - # protocol_version = "HTTP1" - # target_id = aws_instance.this.id - # port = 80 - # tags = { - # InstanceTargetGroupTag = "baz" - # } - # } - + # } # ex-lambda-with-trigger = { # name_prefix = "l1-" # target_type = "lambda" # lambda_multi_value_headers_enabled = true # target_id = module.lambda_with_allowed_triggers.lambda_function_arn # } - # ex-lambda-without-trigger = { # name_prefix = "l2-" # target_type = "lambda" @@ -426,7 +393,6 @@ module "alb" { # attach_lambda_permission = true # } # } - # additional_target_group_attachments = { # ex-instance-other = { # target_group_key = "ex-instance" @@ -435,7 +401,6 @@ module "alb" { # port = "80" # } # } - # # Route53 Record(s) # route53_records = { # A = { @@ -450,8 +415,6 @@ module "alb" { # } # } - tags = local.tags -} #module "alb_disabled" { # source = "../../"# @@ -538,18 +501,6 @@ module "alb" { # tags = local.tags # } -# data "aws_route53_zone" "this" { -# name = var.domain_name -# } - -# module "acm" { -# source = "terraform-aws-modules/acm/aws" -# version = "~> 4.0" - -# domain_name = var.domain_name -# zone_id = data.aws_route53_zone.this.id -# } - # module "wildcard_cert" { # source = "terraform-aws-modules/acm/aws" # version = "~> 4.0" @@ -621,7 +572,28 @@ module "alb" { # attach_deny_insecure_transport_policy = true # attach_require_latest_tls_policy = true - # tags = local.tags -# } +#} + +resource "aws_route53_zone" "primary" { + name = var.domain_name +} + +module "acm" { + source = "terraform-aws-modules/acm/aws" + version = "~> 4.0" + domain_name = var.domain_name + zone_id = aws_route53_zone.primary.zone_id +} + +output zone_id { + value = aws_route53_zone.primary.zone_id +} + +output zone { + value = aws_route53_zone.primary +} +output alb_target_group { + value = module.alb +} diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf index eb17126..291ccee 100644 --- a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf +++ b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf @@ -4,7 +4,9 @@ locals { ami = "ami-0e2c8caa4b6378d8c" name = "swarms" region = "us-east-1" - ec2_subnet_id = "subnet-057c90cfe7b2e5646" + domain = "api.introspector.meme" + ec2_public_subnet_id_1 = "subnet-057c90cfe7b2e5646" # swarms-public-us-east-1a + ec2_public_subnet_id_2 = "subnet-05d8aef1f71b5fe22" # b vpc_id = "vpc-04f28c9347af48b55" tags = { project="swarms" @@ -19,19 +21,19 @@ module "kp" { source = "./components/keypairs" } -module "lt" { - instance_type = local.instance_type - security_group_id = module.security.security_group_id - source = "./components/launch_template" -} +# module "lt" { +# instance_type = local.instance_type +# security_group_id = module.security.security_group_id +# source = "./components/launch_template" +# } -module "asg" { - source = "./components/autoscaling_group" - name="swarms" - security_group_id = module.security.security_group_id - instance_type = local.instance_type - launch_template_id = module.lt.launch_template_id -} +# module "asg" { +# source = "./components/autoscaling_group" +# name="swarms" +# security_group_id = module.security.security_group_id +# instance_type = local.instance_type +# launch_template_id = module.lt.launch_template_id +# } variable "instance_types" { type = list(string) @@ -39,9 +41,9 @@ variable "instance_types" { # "t4g.nano", "t3a.nano", "t3.nano", "t2.nano", # "t4g.micro", "t3a.micro", "t3.micro", "t2.micro", "t1.micro", #"t4g.small", "t3a.small", - "t3.small", +# "t3.small", #"t2.small", not working - "t2.medium" # "t3.medium" +# "t2.medium" # "t3.medium" ] } @@ -53,6 +55,16 @@ module "lt_dynamic" { source = "./components/launch_template" } +module "alb" { + source = "./components/application_load_balancer" + domain_name = local.domain + public_subnets = [ + local.ec2_public_subnet_id_1, + local.ec2_public_subnet_id_2 ] + vpc_id = local.vpc_id + name = local.name +} + module "asg_dynamic" { for_each = toset(var.instance_types) source = "./components/autoscaling_group" @@ -70,10 +82,14 @@ module "asg_dynamic" { # │ -output launch_template_id { - value = module.lt.launch_template_id -} +#output launch_template_id { +# value = module.lt.launch_template_id +#} output security_group_id { value = module.security.security_group_id } + +output alb { + value = module.alb +} From 790bb6beeecc2e369df6fef06fd3ef3ad33ef59a Mon Sep 17 00:00:00 2001 From: mike dupont Date: Sun, 15 Dec 2024 22:08:22 -0500 Subject: [PATCH 05/13] create tg --- .../application_load_balancer/main.tf | 197 +++++++++++++++++- 1 file changed, 188 insertions(+), 9 deletions(-) diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf index 85a5934..a4530b9 100644 --- a/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf +++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf @@ -80,15 +80,6 @@ module "alb" { } # listeners = { # ex-https = { - # port = 443 - # protocol = "HTTPS" - # #ssl_policy = "ELBSecurityPolicy-TLS13-1-2-Res-2021-06" - # certificate_arn = module.acm.acm_certificate_arn - # #additional_certificate_arns = [module.wildcard_cert.acm_certificate_arn] - # #forward = { - # #target_group_key = "ex-swarms-instance" - # target_group_arn = "ex-swarms-instance" - # #target_group = [] # #} # } # } @@ -587,6 +578,192 @@ module "acm" { zone_id = aws_route53_zone.primary.zone_id } +## now we just lift the listener code +resource "aws_lb_listener" "this" { + port = 443 + protocol = "HTTPS" + ssl_policy = "ELBSecurityPolicy-TLS13-1-2-Res-2021-06" + certificate_arn = module.acm.acm_certificate_arn + load_balancer_arn = module.alb.arn + #additional_certificate_arns = [module.wildcard_cert.acm_certificate_arn] + # #forward = { + # #target_group_key = "ex-swarms-instance" + # target_group_arn = "ex-swarms-instance" + # #target_group = [] + + default_action { + target_group_arn =aws_lb_target_group.this.arn + #module.alb.target_groups["ex-lambda-with-trigger"].arn + #length(try(default_action.value.target_groups, [])) > 0 ? null : try(default_action.value.arn, aws_lb_target_group.this[default_action.value.target_group_key].arn, null) + type = "forward" + } + + # dynamic "default_action" { + # for_each = try([each.value.weighted_forward], []) + # content { + # forward { + # dynamic "target_group" { + # for_each = try(default_action.value.target_groups, []) + # content { + # arn = try(target_group.value.arn, aws_lb_target_group.this[target_group.value.target_group_key].arn, null) + # weight = try(target_group.value.weight, null) + # } + # } + # dynamic "stickiness" { + # for_each = try([default_action.value.stickiness], []) + # content { + # duration = try(stickiness.value.duration, 60) + # enabled = try(stickiness.value.enabled, null) + # } + # } + # } + # order = try(default_action.value.order, null) + # type = "forward" + # } + # } + # dynamic "default_action" { + # for_each = try([each.value.redirect], []) + # content { + # order = try(default_action.value.order, null) + # redirect { + # host = try(default_action.value.host, null) + # path = try(default_action.value.path, null) + # port = try(default_action.value.port, null) + # protocol = try(default_action.value.protocol, null) + # query = try(default_action.value.query, null) + # status_code = default_action.value.status_code + # } + # type = "redirect" + # } + # } +# load_balancer_arn = aws_lb.this[0].arn +# port = try(each.value.port, var.default_port) +# protocol = try(each.value.protocol, var.default_protocol) +# ssl_policy = contains(["HTTPS", "TLS"], try(each.value.protocol, var.default_protocol)) ? try(each.value.ssl_policy, "ELBSecurityPolicy-TLS13-1-2-Res-2021-06") : try(each.value.ssl_policy, null) +# tcp_idle_timeout_seconds = try(each.value.tcp_idle_timeout_seconds, null) +# tags = merge(local.tags, try(each.value.tags, {})) +} + + + +resource "aws_lb_target_group" "this" { + name_prefix = "swarms" + protocol = "HTTP" + port = 80 + target_type = "instance" + vpc_id = var.vpc_id + deregistration_delay = 10 + load_balancing_algorithm_type = "weighted_random" + load_balancing_anomaly_mitigation = "on" + load_balancing_cross_zone_enabled = false + protocol_version = "HTTP1" + # #target_id = "aws_instance.this.id" + # #tags = { + # # InstanceTargetGroupTag = "swarms" + # #} + # } + +# for_each = { for k, v in var.target_groups : k => v if local.create } +# connection_termination = try(each.value.connection_termination, null) +# deregistration_delay = try(each.value.deregistration_delay, null) + + # dynamic "health_check" { + # for_each = try([each.value.health_check], []) + + # content { + # enabled = try(health_check.value.enabled, null) + # healthy_threshold = try(health_check.value.healthy_threshold, null) + # interval = try(health_check.value.interval, null) + # matcher = try(health_check.value.matcher, null) + # path = try(health_check.value.path, null) + # port = try(health_check.value.port, null) + # protocol = try(health_check.value.protocol, null) + # timeout = try(health_check.value.timeout, null) + # unhealthy_threshold = try(health_check.value.unhealthy_threshold, null) + # } + # } + + # ip_address_type = try(each.value.ip_address_type, null) + # lambda_multi_value_headers_enabled = try(each.value.lambda_multi_value_headers_enabled, null) + # load_balancing_algorithm_type = try(each.value.load_balancing_algorithm_type, null) + # load_balancing_anomaly_mitigation = try(each.value.load_balancing_anomaly_mitigation, null) + # load_balancing_cross_zone_enabled = try(each.value.load_balancing_cross_zone_enabled, null) + # name = try(each.value.name, null) + # name_prefix = try(each.value.name_prefix, null) + # port = try(each.value.target_type, null) == "lambda" ? null : try(each.value.port, var.default_port) + # preserve_client_ip = try(each.value.preserve_client_ip, null) + # protocol = try(each.value.target_type, null) == "lambda" ? null : try(each.value.protocol, var.default_protocol) + # protocol_version = try(each.value.protocol_version, null) + # proxy_protocol_v2 = try(each.value.proxy_protocol_v2, null) + # slow_start = try(each.value.slow_start, null) + + # dynamic "stickiness" { + # for_each = try([each.value.stickiness], []) + + # content { + # cookie_duration = try(stickiness.value.cookie_duration, null) + # cookie_name = try(stickiness.value.cookie_name, null) + # enabled = try(stickiness.value.enabled, true) + # type = var.load_balancer_type == "network" ? "source_ip" : stickiness.value.type + # } + # } + + # dynamic "target_failover" { + # for_each = try(each.value.target_failover, []) + + # content { + # on_deregistration = target_failover.value.on_deregistration + # on_unhealthy = target_failover.value.on_unhealthy + # } + # } + + # dynamic "target_group_health" { + # for_each = try([each.value.target_group_health], []) + + # content { + + # dynamic "dns_failover" { + # for_each = try([target_group_health.value.dns_failover], []) + + # content { + # minimum_healthy_targets_count = try(dns_failover.value.minimum_healthy_targets_count, null) + # minimum_healthy_targets_percentage = try(dns_failover.value.minimum_healthy_targets_percentage, null) + # } + # } + + # dynamic "unhealthy_state_routing" { + # for_each = try([target_group_health.value.unhealthy_state_routing], []) + + # content { + # minimum_healthy_targets_count = try(unhealthy_state_routing.value.minimum_healthy_targets_count, null) + # minimum_healthy_targets_percentage = try(unhealthy_state_routing.value.minimum_healthy_targets_percentage, null) + # } + # } + # } + # } + + # dynamic "target_health_state" { + # for_each = try([each.value.target_health_state], []) + # content { + # enable_unhealthy_connection_termination = try(target_health_state.value.enable_unhealthy_connection_termination, true) + # unhealthy_draining_interval = try(target_health_state.value.unhealthy_draining_interval, null) + # } + # } + + # target_type = try(each.value.target_type, null) + # vpc_id = try(each.value.vpc_id, var.vpc_id) + + # tags = merge(local.tags, try(each.value.tags, {})) + + # lifecycle { + # create_before_destroy = true + # } +} + + + + + output zone_id { value = aws_route53_zone.primary.zone_id } @@ -597,3 +774,5 @@ output zone { output alb_target_group { value = module.alb } + + From 8c102138f7373be597dd2f0fe5334e18b871e0b9 Mon Sep 17 00:00:00 2001 From: mike dupont Date: Sun, 15 Dec 2024 22:09:30 -0500 Subject: [PATCH 06/13] create tg --- .../dev/us-east-1/components/application_load_balancer/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf index a4530b9..8a17f4d 100644 --- a/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf +++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf @@ -772,7 +772,7 @@ output zone { value = aws_route53_zone.primary } output alb_target_group { - value = module.alb + value = aws_lb_target_group.this.arn } From bb62580ac4d8ef1d5eb75f8f03ad0a3e90d86713 Mon Sep 17 00:00:00 2001 From: mike dupont Date: Sun, 15 Dec 2024 22:15:03 -0500 Subject: [PATCH 07/13] applied --- .../dev/us-east-1/components/application_load_balancer/main.tf | 2 +- .../dev/us-east-1/components/autoscaling_group/main.tf | 3 ++- environments/swarms-aws-agent-api/dev/us-east-1/main.tf | 1 + 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf index 8a17f4d..f313ad5 100644 --- a/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf +++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf @@ -771,7 +771,7 @@ output zone_id { output zone { value = aws_route53_zone.primary } -output alb_target_group { +output alb_target_group_arn { value = aws_lb_target_group.this.arn } diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf index a13b3a8..7218d7a 100644 --- a/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf +++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf @@ -1,3 +1,4 @@ +variable target_group_arn{} variable security_group_id {} variable name {} variable instance_type { @@ -22,7 +23,7 @@ locals { # name = "swarms" region = "us-east-1" ec2_subnet_id = "subnet-057c90cfe7b2e5646" - + target_group_arn = var.target_group_arn #iam_instance_profile_name = "swarms-20241213150629570500000003" iam_instance_profile_arn = aws_iam_instance_profile.ssm.arn tags = { diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf index 291ccee..6a333b3 100644 --- a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf +++ b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf @@ -72,6 +72,7 @@ module "asg_dynamic" { instance_type = each.key name = "swarms-size-${each.key}" launch_template_id = module.lt_dynamic[each.key].launch_template_id + target_group_arn = module.alb.alb_target_group_arn } # module "alb" { From f9d0d563a2a811903880a71dddce4ec93a9d298d Mon Sep 17 00:00:00 2001 From: mike dupont Date: Sun, 15 Dec 2024 22:44:15 -0500 Subject: [PATCH 08/13] group coming online --- .../dev/us-east-1/components/autoscaling_group/main.tf | 10 +++++++++- .../swarms-aws-agent-api/dev/us-east-1/main.tf | 2 +- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf index 7218d7a..e644aec 100644 --- a/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf +++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf @@ -23,7 +23,7 @@ locals { # name = "swarms" region = "us-east-1" ec2_subnet_id = "subnet-057c90cfe7b2e5646" - target_group_arn = var.target_group_arn + #iam_instance_profile_name = "swarms-20241213150629570500000003" iam_instance_profile_arn = aws_iam_instance_profile.ssm.arn tags = { @@ -102,4 +102,12 @@ module "autoscaling" { AmazonSSMManagedInstanceCore = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" } + # target_group_arn = + traffic_source_attachments = { + ex-alb = { + traffic_source_identifier = var.target_group_arn + traffic_source_type = "elbv2" # default + } + } + } diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf index 6a333b3..49e90dc 100644 --- a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf +++ b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf @@ -41,7 +41,7 @@ variable "instance_types" { # "t4g.nano", "t3a.nano", "t3.nano", "t2.nano", # "t4g.micro", "t3a.micro", "t3.micro", "t2.micro", "t1.micro", #"t4g.small", "t3a.small", -# "t3.small", + "t3.small", #"t2.small", not working # "t2.medium" # "t3.medium" ] From a135fe8743c6a9d0710ccfda7e6d5eb5c0ada7ba Mon Sep 17 00:00:00 2001 From: mike dupont Date: Mon, 16 Dec 2024 09:05:24 -0500 Subject: [PATCH 09/13] plan --- .../application_load_balancer/main.tf | 3 +- .../dev/us-east-1/components/security/main.tf | 104 ++++-------------- .../dev/us-east-1/main.tf | 3 +- 3 files changed, 26 insertions(+), 84 deletions(-) diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf index f313ad5..50c1a0f 100644 --- a/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf +++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf @@ -34,8 +34,7 @@ module "alb" { vpc_id = var.vpc_id # module.vpc.vpc_id subnets = var.public_subnets # module.vpc.public_subnets - # For example only - #enable_deletion_protection = false + enable_deletion_protection = false # Security Group security_group_ingress_rules = { diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/security/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/security/main.tf index 779a1b1..738dd9f 100644 --- a/environments/swarms-aws-agent-api/dev/us-east-1/components/security/main.tf +++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/security/main.tf @@ -34,90 +34,32 @@ module "asg_sg" { tags = local.tags } +module "asg_sg_internal" { + source = "terraform-aws-modules/security-group/aws" + version = "~> 5.0" + + name = local.name + description = "An internal security group" + vpc_id = var.vpc_id + # see ~/2024/12/13/terraform-aws-security-group/examples/complete/main.tf + ingress_with_source_security_group_id = [ + { + rule = "http-80-tcp", + # only allow from load balancer for security + source_security_group_id = module.asg_sg.security_group_id + } + ] + egress_rules = ["all-all"] + + tags = local.tags +} + output "security_group_id" { value = module.asg_sg.security_group_id } +output "internal_security_group_id" { + value = module.asg_sg_internal.security_group_id +} -# tofu state show module.security.module.asg_sg.aws_security_group.this_name_prefix[0] -# resource "aws_security_group" "this_name_prefix" { -# arn = "arn:aws:ec2:us-east-1:767503528736:security-group/sg-03c9752b62d0bcfe4" -# description = "A security group" -# egress = [ -# { -# cidr_blocks = [ -# "0.0.0.0/0", -# ] -# description = "All protocols" -# from_port = 0 -# ipv6_cidr_blocks = [ -# "::/0", -# ] -# prefix_list_ids = [] -# protocol = "-1" -# security_groups = [] -# self = false -# to_port = 0 -# }, -# ] -# id = "sg-03c9752b62d0bcfe4" -# ingress = [ -# { -# cidr_blocks = [ -# "0.0.0.0/0", -# ] -# description = "HTTP" -# from_port = 80 -# ipv6_cidr_blocks = [] -# prefix_list_ids = [] -# protocol = "tcp" -# security_groups = [] -# self = false -# to_port = 80 -# }, -# { -# cidr_blocks = [ -# "0.0.0.0/0", -# ] -# description = "HTTPS" -# from_port = 443 -# ipv6_cidr_blocks = [] -# prefix_list_ids = [] -# protocol = "tcp" -# security_groups = [] -# self = false -# to_port = 443 -# }, -# { -# cidr_blocks = [ -# "0.0.0.0/0", -# ] -# description = "SSH" -# from_port = 22 -# ipv6_cidr_blocks = [] -# prefix_list_ids = [] -# protocol = "tcp" -# security_groups = [] -# self = false -# to_port = 22 -# }, -# ] -# name = "swarms-20241214133959057000000001" -# name_prefix = "swarms-" -# owner_id = "767503528736" -# revoke_rules_on_delete = false -# tags = { -# "Name" = "swarms" -# "project" = "swarms" -# } -# tags_all = { -# "Name" = "swarms" -# "project" = "swarms" -# } -# vpc_id = "vpc-04f28c9347af48b55" -# timeouts { -# create = "10m" -# delete = "15m" -# } -# } diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf index 49e90dc..acc88dc 100644 --- a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf +++ b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf @@ -58,6 +58,7 @@ module "lt_dynamic" { module "alb" { source = "./components/application_load_balancer" domain_name = local.domain + security_group_id = module.security.security_group_id # allowed to talk to internal public_subnets = [ local.ec2_public_subnet_id_1, local.ec2_public_subnet_id_2 ] @@ -68,7 +69,7 @@ module "alb" { module "asg_dynamic" { for_each = toset(var.instance_types) source = "./components/autoscaling_group" - security_group_id = module.security.security_group_id + security_group_id = module.security.internal_security_group_id instance_type = each.key name = "swarms-size-${each.key}" launch_template_id = module.lt_dynamic[each.key].launch_template_id From b5616199e17d3f492c91c2e5ae7eef3c278781e6 Mon Sep 17 00:00:00 2001 From: mike dupont Date: Mon, 16 Dec 2024 10:26:31 -0500 Subject: [PATCH 10/13] wip --- .../dev/us-east-1/.terraform.lock.hcl | 22 +++++++ .../dev/us-east-1/cloudflare.tf | 4 ++ .../application_load_balancer/main.tf | 63 ++++++++++++------- .../dev/us-east-1/components/security/main.tf | 6 +- 4 files changed, 69 insertions(+), 26 deletions(-) create mode 100644 environments/swarms-aws-agent-api/dev/us-east-1/cloudflare.tf diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/.terraform.lock.hcl b/environments/swarms-aws-agent-api/dev/us-east-1/.terraform.lock.hcl index 4ae256b..20cd0a1 100644 --- a/environments/swarms-aws-agent-api/dev/us-east-1/.terraform.lock.hcl +++ b/environments/swarms-aws-agent-api/dev/us-east-1/.terraform.lock.hcl @@ -18,3 +18,25 @@ provider "registry.opentofu.org/hashicorp/aws" { "zh:e76cd202b03749f3082b0cbe849fd2e731cf3f9a6aa994d2d629602c3aede36c", ] } + +provider "registry.opentofu.org/hashicorp/cloudflare" { + version = "4.48.0" + hashes = [ + "h1:ePGvSurmlqOCkD761vkhRmz7bsK36/EnIvx2Xy8TdXo=", + "zh:04c0a49c2b23140b2f21cfd0d52f9798d70d3bdae3831613e156aabe519bbc6c", + "zh:185f21b4834ba63e8df1f84aa34639d8a7e126429a4007bb5f9ad82f2602a997", + "zh:234724f52cb4c0c3f7313d3b2697caef26d921d134f26ae14801e7afac522f7b", + "zh:38a56fcd1b3e40706af995611c977816543b53f1e55fe2720944aae2b6828fcb", + "zh:419938f5430fc78eff933470aefbf94a460a478f867cf7761a3dea177b4eb153", + "zh:4b46d92bfde1deab7de7ba1a6bbf4ba7c711e4fd925341ddf09d4cc28dae03d8", + "zh:537acd4a31c752f1bae305ba7190f60b71ad1a459f22d464f3f914336c9e919f", + "zh:5ff36b005aad07697dd0b30d4f0c35dbcdc30dc52b41722552060792fa87ce04", + "zh:635c5ee419daea098060f794d9d7d999275301181e49562c4e4c08f043076937", + "zh:859277c330d61f91abe9e799389467ca11b77131bf34bedbef52f8da68b2bb49", + "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f", + "zh:927dfdb8d9aef37ead03fceaa29e87ba076a3dd24e19b6cefdbb0efe9987ff8c", + "zh:bbf2226f07f6b1e721877328e69ded4b64f9c196634d2e2429e3cfabbe41e532", + "zh:daeed873d6f38604232b46ee4a5830c85d195b967f8dbcafe2fcffa98daf9c5f", + "zh:f8f2fc4646c1ba44085612fa7f4dbb7cbcead43b4e661f2b98ddfb4f68afc758", + ] +} diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/cloudflare.tf b/environments/swarms-aws-agent-api/dev/us-east-1/cloudflare.tf new file mode 100644 index 0000000..e066b4a --- /dev/null +++ b/environments/swarms-aws-agent-api/dev/us-east-1/cloudflare.tf @@ -0,0 +1,4 @@ +#provider "cloudflare" { +# api_token = var.cloudflare_api_token +#} +#export CLOUDFLARE_API_TOKEN=`cat ~/.cloudflare` diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf index 50c1a0f..888bb58 100644 --- a/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf +++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf @@ -1,7 +1,7 @@ # variable "provider_alias" { # type = any # } - +variable security_group_id {} # = local.name variable name {} # = local.name variable domain_name {} # = local.name variable vpc_id {} #= module.vpc.vpc_id @@ -37,28 +37,30 @@ module "alb" { enable_deletion_protection = false # Security Group - security_group_ingress_rules = { - all_http = { - from_port = 80 - to_port = 80 - ip_protocol = "tcp" - description = "HTTP web traffic" - cidr_ipv4 = "0.0.0.0/0" - } - all_https = { - from_port = 443 - to_port = 443 - ip_protocol = "tcp" - description = "HTTPS web traffic" - cidr_ipv4 = "0.0.0.0/0" - } - } - security_group_egress_rules = { - all = { - ip_protocol = "-1" - cidr_ipv4 = "0.0.0.0/32" #module.vpc.vpc_cidr_block - } - } + # security_group_ingress_rules = { + # all_http = { + # from_port = 80 + # to_port = 80 + # ip_protocol = "tcp" + # description = "HTTP web traffic" + # cidr_ipv4 = "0.0.0.0/0" + # } + # all_https = { + # from_port = 443 + # to_port = 443 + # ip_protocol = "tcp" + # description = "HTTPS web traffic" + # cidr_ipv4 = "0.0.0.0/0" + # } + # } + # security_group_egress_rules = { + # all = { + # ip_protocol = "-1" + # cidr_ipv4 = "0.0.0.0/32" #module.vpc.vpc_cidr_block + # } + # } + create_security_group=false + security_groups = [var.security_group_id] client_keep_alive = 7200 target_groups = { # ex-swarms-instance = { @@ -569,8 +571,23 @@ module "alb" { resource "aws_route53_zone" "primary" { name = var.domain_name } +data "cloudflare_zone" "zone" { + #type = "full" + name = "introspector.meme" + account_id = "0ceffbadd0a04623896f5317a1e40d94" +} +resource "cloudflare_record" "aws-ns-record" { + count = "${length(aws_route53_zone.primary.name_servers)}" + #domain = "${var.domain_name}" + name = var.domain_name + zone_id = data.cloudflare_zone.zone.id + content = "${element(aws_route53_zone.primary.name_servers, count.index)}" + type = "NS" + priority = 1 +} module "acm" { +# count = 0 source = "terraform-aws-modules/acm/aws" version = "~> 4.0" domain_name = var.domain_name diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/security/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/security/main.tf index 738dd9f..796614a 100644 --- a/environments/swarms-aws-agent-api/dev/us-east-1/components/security/main.tf +++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/security/main.tf @@ -18,8 +18,8 @@ module "asg_sg" { source = "terraform-aws-modules/security-group/aws" version = "~> 5.0" - name = local.name - description = "A security group" + name = "${local.name}-external" + description = "external group" vpc_id = var.vpc_id ingress_cidr_blocks = ["0.0.0.0/0"] @@ -38,7 +38,7 @@ module "asg_sg_internal" { source = "terraform-aws-modules/security-group/aws" version = "~> 5.0" - name = local.name + name = "${local.name}-internal" description = "An internal security group" vpc_id = var.vpc_id # see ~/2024/12/13/terraform-aws-security-group/examples/complete/main.tf From 7e4cf291fc811bf5d36f8ab748f659617cac42be Mon Sep 17 00:00:00 2001 From: mike dupont Date: Mon, 16 Dec 2024 11:37:46 -0500 Subject: [PATCH 11/13] update --- .../application_load_balancer/main.tf | 698 +----------------- 1 file changed, 20 insertions(+), 678 deletions(-) diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf index 888bb58..e4de884 100644 --- a/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf +++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf @@ -23,554 +23,44 @@ locals { } } -################################################################## -# Application Load Balancer -################################################################## - module "alb" { source = "terraform-aws-modules/alb/aws" version = "9.12.0" name = var.name # local.name vpc_id = var.vpc_id # module.vpc.vpc_id subnets = var.public_subnets # module.vpc.public_subnets - enable_deletion_protection = false - - # Security Group - # security_group_ingress_rules = { - # all_http = { - # from_port = 80 - # to_port = 80 - # ip_protocol = "tcp" - # description = "HTTP web traffic" - # cidr_ipv4 = "0.0.0.0/0" - # } - # all_https = { - # from_port = 443 - # to_port = 443 - # ip_protocol = "tcp" - # description = "HTTPS web traffic" - # cidr_ipv4 = "0.0.0.0/0" - # } - # } - # security_group_egress_rules = { - # all = { - # ip_protocol = "-1" - # cidr_ipv4 = "0.0.0.0/32" #module.vpc.vpc_cidr_block - # } - # } create_security_group=false security_groups = [var.security_group_id] client_keep_alive = 7200 - target_groups = { - # ex-swarms-instance = { - # name_prefix = "swarms" - # protocol = "HTTP" - # port = 80 - # target_type = "instance" - # #deregistration_delay = 10 - # #load_balancing_algorithm_type = "weighted_random" - # #load_balancing_anomaly_mitigation = "on" - # #load_balancing_cross_zone_enabled = false - # #protocol_version = "HTTP1" - # #target_id = "aws_instance.this.id" - # #tags = { - # # InstanceTargetGroupTag = "swarms" - # #} - # } - } - # listeners = { - # ex-https = { - # #} - # } - # } tags = local.tags } -# access_logs = { -# bucket = module.log_bucket.s3_bucket_id -# prefix = "access-logs" -# } - -# connection_logs = { -# bucket = module.log_bucket.s3_bucket_id -# enabled = true -# prefix = "connection-logs" -# } - - # ex-http-https-redirect = { - # port = 80 - # protocol = "HTTP" - # redirect = { - # port = "443" - # protocol = "HTTPS" - # status_code = "HTTP_301" - # } - # } - # rules = { - # ex-fixed-response = { - # priority = 3 - # actions = [{ - # type = "fixed-response" - # content_type = "text/plain" - # status_code = 200 - # message_body = "This is a fixed response" - # }] - # conditions = [{ - # http_header = { - # http_header_name = "x-Gimme-Fixed-Response" - # values = ["yes", "please", "right now"] - # } - # }] - # } - # ex-weighted-forward = { - # priority = 4 - # actions = [{ - # type = "weighted-forward" - # target_groups = [ - # { - # target_group_key = "ex-lambda-with-trigger" - # weight = 2 - # }, - # { - # target_group_key = "ex-instance" - # weight = 1 - # } - # ] - # stickiness = { - # enabled = true - # duration = 3600 - # } - # }] - # conditions = [{ - # query_string = { - # key = "weighted" - # value = "true" - # } - # }] - # } - # ex-redirect = { - # priority = 5000 - # actions = [{ - # type = "redirect" - # status_code = "HTTP_302" - # host = "www.youtube.com" - # path = "/watch" - # query = "v=dQw4w9WgXcQ" - # protocol = "HTTPS" - # }] - # conditions = [{ - # query_string = [{ - # key = "video" - # value = "random" - # }, - # { - # key = "image" - # value = "next" - # }] - # }] - # } - # } - # } - # ex-http-weighted-target = { - # port = 81 - # protocol = "HTTP" - # weighted_forward = { - # target_groups = [ - # { - # target_group_key = "ex-lambda-with-trigger" - # weight = 60 - # }, - # { - # target_group_key = "ex-instance" - # weight = 40 - # } - # ] - # } - # } - # ex-fixed-response = { - # port = 82 - # protocol = "HTTP" - # fixed_response = { - # content_type = "text/plain" - # message_body = "Fixed message" - # status_code = "200" - # } - # } - # rules = { - # ex-cognito = { - # actions = [ - # { - # type = "authenticate-cognito" - # on_unauthenticated_request = "authenticate" - # session_cookie_name = "session-${local.name}" - # session_timeout = 3600 - # user_pool_arn = aws_cognito_user_pool.this.arn - # user_pool_client_id = aws_cognito_user_pool_client.this.id - # user_pool_domain = aws_cognito_user_pool_domain.this.domain - # }, - # { - # type = "forward" - # target_group_key = "ex-instance" - # } - # ] - # conditions = [{ - # path_pattern = { - # values = ["/some/auth/required/route"] - # } - # }] - # } - # ex-fixed-response = { - # priority = 3 - # actions = [{ - # type = "fixed-response" - # content_type = "text/plain" - # status_code = 200 - # message_body = "This is a fixed response" - # }] - # conditions = [{ - # http_header = { - # http_header_name = "x-Gimme-Fixed-Response" - # values = ["yes", "please", "right now"] - # } - # }] - # } - # ex-weighted-forward = { - # priority = 4 - # actions = [{ - # type = "weighted-forward" - # target_groups = [ - # { - # target_group_key = "ex-instance" - # weight = 2 - # }, - # { - # target_group_key = "ex-lambda-with-trigger" - # weight = 1 - # } - # ] - # stickiness = { - # enabled = true - # duration = 3600 - # } - # }] - # conditions = [{ - # query_string = { - # key = "weighted" - # value = "true" - # }, - # path_pattern = { - # values = ["/some/path"] - # } - # }] - # } - # ex-redirect = { - # priority = 5000 - # actions = [{ - # type = "redirect" - # status_code = "HTTP_302" - # host = "www.youtube.com" - # path = "/watch" - # query = "v=dQw4w9WgXcQ" - # protocol = "HTTPS" - # }] - # conditions = [{ - # query_string = { - # key = "video" - # value = "random" - # } - # }] - # } - # } - # ex-cognito = { - # port = 444 - # protocol = "HTTPS" - # certificate_arn = module.acm.acm_certificate_arn - # authenticate_cognito = { - # authentication_request_extra_params = { - # display = "page" - # prompt = "login" - # } - # on_unauthenticated_request = "authenticate" - # session_cookie_name = "session-${local.name}" - # session_timeout = 3600 - # user_pool_arn = aws_cognito_user_pool.this.arn - # user_pool_client_id = aws_cognito_user_pool_client.this.id - # user_pool_domain = aws_cognito_user_pool_domain.this.domain - # } - # forward = { - # target_group_key = "ex-instance" - # } - # rules = { - # ex-oidc = { - # priority = 2 - # actions = [ - # { - # type = "authenticate-oidc" - # authentication_request_extra_params = { - # display = "page" - # prompt = "login" - # } - # authorization_endpoint = "https://${var.domain_name}/auth" - # client_id = "client_id" - # client_secret = "client_secret" - # issuer = "https://${var.domain_name}" - # token_endpoint = "https://${var.domain_name}/token" - # user_info_endpoint = "https://${var.domain_name}/user_info" - # }, - # { - # type = "forward" - # target_group_key = "ex-lambda-with-trigger" - # } - # ] - # conditions = [{ - # host_header = { - # values = ["foobar.com"] - # } - # }] - # } - # } - # } - # ex-oidc = { - # port = 445 - # protocol = "HTTPS" - # certificate_arn = module.acm.acm_certificate_arn - # action_type = "authenticate-oidc" - # authenticate_oidc = { - # authentication_request_extra_params = { - # display = "page" - # prompt = "login" - # } - # authorization_endpoint = "https://${var.domain_name}/auth" - # client_id = "client_id" - # client_secret = "client_secret" - # issuer = "https://${var.domain_name}" - # token_endpoint = "https://${var.domain_name}/token" - # user_info_endpoint = "https://${var.domain_name}/user_info" - # } - # forward = { - # target_group_key = "ex-instance" - # } - # } - # } - # target_group_health = { - # dns_failover = { - # minimum_healthy_targets_count = 2 - # } - # unhealthy_state_routing = { - # minimum_healthy_targets_percentage = 50 - # } - # } - # health_check = { - # enabled = true - # interval = 30 - # path = "/healthz" - # port = "traffic-port" - # healthy_threshold = 3 - # unhealthy_threshold = 3 - # timeout = 6 - # protocol = "HTTP" - # matcher = "200-399" - # } - # ex-lambda-with-trigger = { - # name_prefix = "l1-" - # target_type = "lambda" - # lambda_multi_value_headers_enabled = true - # target_id = module.lambda_with_allowed_triggers.lambda_function_arn - # } - # ex-lambda-without-trigger = { - # name_prefix = "l2-" - # target_type = "lambda" - # target_id = module.lambda_without_allowed_triggers.lambda_function_arn - # attach_lambda_permission = true - # } - # } - # additional_target_group_attachments = { - # ex-instance-other = { - # target_group_key = "ex-instance" - # target_type = "instance" - # target_id = aws_instance.other.id - # port = "80" - # } - # } - # # Route53 Record(s) - # route53_records = { - # A = { - # name = local.name - # type = "A" - # zone_id = data.aws_route53_zone.this.id - # } - # AAAA = { - # name = local.name - # type = "AAAA" - # zone_id = data.aws_route53_zone.this.id - # } - # } - - -#module "alb_disabled" { -# source = "../../"# -# -# create = false -#} - -# ################################################################################ -# # Using packaged function from Lambda module -# ################################################################################ - -# locals { -# package_url = "https://raw.githubusercontent.com/terraform-aws-modules/terraform-aws-lambda/master/examples/fixtures/python3.8-zip/existing_package.zip" -# downloaded = "downloaded_package_${md5(local.package_url)}.zip" -# } - -# resource "null_resource" "download_package" { -# triggers = { -# downloaded = local.downloaded -# } - -# provisioner "local-exec" { -# command = "curl -L -o ${local.downloaded} ${local.package_url}" -# } -# } - -# module "lambda_with_allowed_triggers" { -# source = "terraform-aws-modules/lambda/aws" -# version = "~> 6.0" - -# function_name = "${local.name}-with-allowed-triggers" -# description = "My awesome lambda function (with allowed triggers)" -# handler = "index.lambda_handler" -# runtime = "python3.8" - -# publish = true -# create_package = false -# local_existing_package = local.downloaded - -# allowed_triggers = { -# AllowExecutionFromELB = { -# service = "elasticloadbalancing" -# source_arn = module.alb.target_groups["ex-lambda-with-trigger"].arn -# } -# } - -# depends_on = [null_resource.download_package] -# } - -# module "lambda_without_allowed_triggers" { -# source = "terraform-aws-modules/lambda/aws" -# version = "~> 6.0" - -# function_name = "${local.name}-without-allowed-triggers" -# description = "My awesome lambda function (without allowed triggers)" -# handler = "index.lambda_handler" -# runtime = "python3.8" - -# publish = true -# create_package = false -# local_existing_package = local.downloaded - -# # Allowed triggers will be managed by ALB module -# allowed_triggers = {} - -# depends_on = [null_resource.download_package] -# } - -# ################################################################################ -# # Supporting resources -# ################################################################################ - -# module "vpc" { -# source = "terraform-aws-modules/vpc/aws" -# version = "~> 5.0" - -# name = local.name -# cidr = local.vpc_cidr - -# azs = local.azs -# private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)] -# public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)] - -# tags = local.tags -# } - -# module "wildcard_cert" { -# source = "terraform-aws-modules/acm/aws" -# version = "~> 4.0" - -# domain_name = "*.${var.domain_name}" -# zone_id = data.aws_route53_zone.this.id -# } - -# data "aws_ssm_parameter" "al2" { -# name = "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2" -# } - -# resource "aws_instance" "this" { -# ami = data.aws_ssm_parameter.al2.value -# instance_type = "t3.nano" -# subnet_id = element(module.vpc.private_subnets, 0) -# } - -# resource "aws_instance" "other" { -# ami = data.aws_ssm_parameter.al2.value -# instance_type = "t3.nano" -# subnet_id = element(module.vpc.private_subnets, 0) -# } - -# ################################################################## -# # AWS Cognito User Pool -# ################################################################## - -# resource "aws_cognito_user_pool" "this" { -# name = "user-pool-${local.name}" -# } - -# resource "aws_cognito_user_pool_client" "this" { -# name = "user-pool-client-${local.name}" -# user_pool_id = aws_cognito_user_pool.this.id -# generate_secret = true -# allowed_oauth_flows = ["code", "implicit"] -# callback_urls = ["https://${var.domain_name}/callback"] -# allowed_oauth_scopes = ["email", "openid"] -# allowed_oauth_flows_user_pool_client = true -# } - -# resource "random_string" "this" { -# length = 5 -# upper = false -# special = false -# } - -# resource "aws_cognito_user_pool_domain" "this" { -# domain = "${local.name}-${random_string.this.result}" -# user_pool_id = aws_cognito_user_pool.this.id -# } +resource "aws_route53_zone" "primary" { + name = var.domain_name +} -#module# "log_bucket" { -# source = "terraform-aws-modules/s3-bucket/aws" -# version = "~> 3.0" -# bucket_prefix = "${local.name}-logs-" -# acl = "log-delivery-write" +# name = var.domain_name -# # For example only -# force_destroy = true +resource "aws_route53_record" "api-cname" { + zone_id = aws_route53_zone.primary.zone_id + name = "us-east-1.${var.domain_name}" + type = "CNAME" + ttl = 5 -# control_object_ownership = true -# object_ownership = "ObjectWriter" + weighted_routing_policy { + weight = 10 + } -# attach_elb_log_delivery_policy = true # Required for ALB logs -# attach_lb_log_delivery_policy = true # Required for ALB/NLB logs + set_identifier = "dev" + records = [ + module.alb.dns_name + ] +} -# attach_deny_insecure_transport_policy = true -# attach_require_latest_tls_policy = true -# tags = local.tags -#} -resource "aws_route53_zone" "primary" { - name = var.domain_name -} data "cloudflare_zone" "zone" { #type = "full" name = "introspector.meme" @@ -592,6 +82,9 @@ module "acm" { version = "~> 4.0" domain_name = var.domain_name zone_id = aws_route53_zone.primary.zone_id + subject_alternative_names = [ + "*.${var.domain_name}" + ] } ## now we just lift the listener code @@ -613,55 +106,9 @@ resource "aws_lb_listener" "this" { #length(try(default_action.value.target_groups, [])) > 0 ? null : try(default_action.value.arn, aws_lb_target_group.this[default_action.value.target_group_key].arn, null) type = "forward" } - - # dynamic "default_action" { - # for_each = try([each.value.weighted_forward], []) - # content { - # forward { - # dynamic "target_group" { - # for_each = try(default_action.value.target_groups, []) - # content { - # arn = try(target_group.value.arn, aws_lb_target_group.this[target_group.value.target_group_key].arn, null) - # weight = try(target_group.value.weight, null) - # } - # } - # dynamic "stickiness" { - # for_each = try([default_action.value.stickiness], []) - # content { - # duration = try(stickiness.value.duration, 60) - # enabled = try(stickiness.value.enabled, null) - # } - # } - # } - # order = try(default_action.value.order, null) - # type = "forward" - # } - # } - # dynamic "default_action" { - # for_each = try([each.value.redirect], []) - # content { - # order = try(default_action.value.order, null) - # redirect { - # host = try(default_action.value.host, null) - # path = try(default_action.value.path, null) - # port = try(default_action.value.port, null) - # protocol = try(default_action.value.protocol, null) - # query = try(default_action.value.query, null) - # status_code = default_action.value.status_code - # } - # type = "redirect" - # } - # } -# load_balancer_arn = aws_lb.this[0].arn -# port = try(each.value.port, var.default_port) -# protocol = try(each.value.protocol, var.default_protocol) -# ssl_policy = contains(["HTTPS", "TLS"], try(each.value.protocol, var.default_protocol)) ? try(each.value.ssl_policy, "ELBSecurityPolicy-TLS13-1-2-Res-2021-06") : try(each.value.ssl_policy, null) -# tcp_idle_timeout_seconds = try(each.value.tcp_idle_timeout_seconds, null) -# tags = merge(local.tags, try(each.value.tags, {})) } - resource "aws_lb_target_group" "this" { name_prefix = "swarms" protocol = "HTTP" @@ -673,113 +120,8 @@ resource "aws_lb_target_group" "this" { load_balancing_anomaly_mitigation = "on" load_balancing_cross_zone_enabled = false protocol_version = "HTTP1" - # #target_id = "aws_instance.this.id" - # #tags = { - # # InstanceTargetGroupTag = "swarms" - # #} - # } - -# for_each = { for k, v in var.target_groups : k => v if local.create } -# connection_termination = try(each.value.connection_termination, null) -# deregistration_delay = try(each.value.deregistration_delay, null) - - # dynamic "health_check" { - # for_each = try([each.value.health_check], []) - - # content { - # enabled = try(health_check.value.enabled, null) - # healthy_threshold = try(health_check.value.healthy_threshold, null) - # interval = try(health_check.value.interval, null) - # matcher = try(health_check.value.matcher, null) - # path = try(health_check.value.path, null) - # port = try(health_check.value.port, null) - # protocol = try(health_check.value.protocol, null) - # timeout = try(health_check.value.timeout, null) - # unhealthy_threshold = try(health_check.value.unhealthy_threshold, null) - # } - # } - - # ip_address_type = try(each.value.ip_address_type, null) - # lambda_multi_value_headers_enabled = try(each.value.lambda_multi_value_headers_enabled, null) - # load_balancing_algorithm_type = try(each.value.load_balancing_algorithm_type, null) - # load_balancing_anomaly_mitigation = try(each.value.load_balancing_anomaly_mitigation, null) - # load_balancing_cross_zone_enabled = try(each.value.load_balancing_cross_zone_enabled, null) - # name = try(each.value.name, null) - # name_prefix = try(each.value.name_prefix, null) - # port = try(each.value.target_type, null) == "lambda" ? null : try(each.value.port, var.default_port) - # preserve_client_ip = try(each.value.preserve_client_ip, null) - # protocol = try(each.value.target_type, null) == "lambda" ? null : try(each.value.protocol, var.default_protocol) - # protocol_version = try(each.value.protocol_version, null) - # proxy_protocol_v2 = try(each.value.proxy_protocol_v2, null) - # slow_start = try(each.value.slow_start, null) - - # dynamic "stickiness" { - # for_each = try([each.value.stickiness], []) - - # content { - # cookie_duration = try(stickiness.value.cookie_duration, null) - # cookie_name = try(stickiness.value.cookie_name, null) - # enabled = try(stickiness.value.enabled, true) - # type = var.load_balancer_type == "network" ? "source_ip" : stickiness.value.type - # } - # } - - # dynamic "target_failover" { - # for_each = try(each.value.target_failover, []) - - # content { - # on_deregistration = target_failover.value.on_deregistration - # on_unhealthy = target_failover.value.on_unhealthy - # } - # } - - # dynamic "target_group_health" { - # for_each = try([each.value.target_group_health], []) - - # content { - - # dynamic "dns_failover" { - # for_each = try([target_group_health.value.dns_failover], []) - - # content { - # minimum_healthy_targets_count = try(dns_failover.value.minimum_healthy_targets_count, null) - # minimum_healthy_targets_percentage = try(dns_failover.value.minimum_healthy_targets_percentage, null) - # } - # } - - # dynamic "unhealthy_state_routing" { - # for_each = try([target_group_health.value.unhealthy_state_routing], []) - - # content { - # minimum_healthy_targets_count = try(unhealthy_state_routing.value.minimum_healthy_targets_count, null) - # minimum_healthy_targets_percentage = try(unhealthy_state_routing.value.minimum_healthy_targets_percentage, null) - # } - # } - # } - # } - - # dynamic "target_health_state" { - # for_each = try([each.value.target_health_state], []) - # content { - # enable_unhealthy_connection_termination = try(target_health_state.value.enable_unhealthy_connection_termination, true) - # unhealthy_draining_interval = try(target_health_state.value.unhealthy_draining_interval, null) - # } - # } - - # target_type = try(each.value.target_type, null) - # vpc_id = try(each.value.vpc_id, var.vpc_id) - - # tags = merge(local.tags, try(each.value.tags, {})) - - # lifecycle { - # create_before_destroy = true - # } } - - - - output zone_id { value = aws_route53_zone.primary.zone_id } From 1cf229557fc04a9996f3d40bd20ffac6b6a4e988 Mon Sep 17 00:00:00 2001 From: mike dupont Date: Mon, 16 Dec 2024 12:28:59 -0500 Subject: [PATCH 12/13] health check --- .../application_load_balancer/main.tf | 47 +++++++++++++------ .../components/autoscaling_group/main.tf | 6 +-- .../dev/us-east-1/main.tf | 4 +- 3 files changed, 38 insertions(+), 19 deletions(-) diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf index e4de884..6c06194 100644 --- a/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf +++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf @@ -26,7 +26,7 @@ locals { module "alb" { source = "terraform-aws-modules/alb/aws" version = "9.12.0" - name = var.name # local.name + name = "${var.name}-api" # local.name vpc_id = var.vpc_id # module.vpc.vpc_id subnets = var.public_subnets # module.vpc.public_subnets enable_deletion_protection = false @@ -40,32 +40,27 @@ resource "aws_route53_zone" "primary" { name = var.domain_name } - -# name = var.domain_name - resource "aws_route53_record" "api-cname" { zone_id = aws_route53_zone.primary.zone_id name = "us-east-1.${var.domain_name}" type = "CNAME" ttl = 5 - weighted_routing_policy { - weight = 10 - } - - set_identifier = "dev" +# weighted_routing_policy { +# weight = 10 +# } + #set_identifier = "dev" records = [ module.alb.dns_name ] } - - data "cloudflare_zone" "zone" { #type = "full" name = "introspector.meme" account_id = "0ceffbadd0a04623896f5317a1e40d94" } + resource "cloudflare_record" "aws-ns-record" { count = "${length(aws_route53_zone.primary.name_servers)}" #domain = "${var.domain_name}" @@ -116,10 +111,28 @@ resource "aws_lb_target_group" "this" { target_type = "instance" vpc_id = var.vpc_id deregistration_delay = 10 - load_balancing_algorithm_type = "weighted_random" - load_balancing_anomaly_mitigation = "on" - load_balancing_cross_zone_enabled = false + #load_balancing_algorithm_type = "weighted_random" + #load_balancing_anomaly_mitigation = "on" + #load_balancing_cross_zone_enabled = false protocol_version = "HTTP1" + # + health_check { + path = "/v1/docs" # the docs api + enabled = true + healthy_threshold = 10 + interval = 130 + port = "traffic-port" + protocol = "HTTP" + timeout = 120 + unhealthy_threshold = 10 + } + +# stickiness { +# cookie_duration = 86400 +# enabled = true +# type = "lb_cookie" +# } + } output zone_id { @@ -133,4 +146,10 @@ output alb_target_group_arn { value = aws_lb_target_group.this.arn } +output dns { + value = module.alb.dns_name +} +output cname { + value = aws_route53_record.api-cname.fqdn +} diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf index e644aec..bb78a6e 100644 --- a/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf +++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf @@ -1,5 +1,5 @@ variable target_group_arn{} -variable security_group_id {} +#variable security_group_id {} variable name {} variable instance_type { # default = "t3.micro" @@ -62,7 +62,7 @@ module "autoscaling" { version = "8.0.0" name = var.name - + health_check_type = "EC2" desired_capacity = 1 max_size = 5 min_size = 1 @@ -83,7 +83,7 @@ module "autoscaling" { device_index = 0 delete_on_termination = true description = "interface1" - security_groups = [var.security_group_id] +# security_groups = [var.security_group_id] } ] instance_type = var.instance_type diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf index acc88dc..744dcc3 100644 --- a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf +++ b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf @@ -51,7 +51,7 @@ module "lt_dynamic" { for_each = toset(var.instance_types) instance_type = each.key name = "swarms-size-${each.key}" - security_group_id = module.security.security_group_id + security_group_id = module.security.internal_security_group_id source = "./components/launch_template" } @@ -69,7 +69,7 @@ module "alb" { module "asg_dynamic" { for_each = toset(var.instance_types) source = "./components/autoscaling_group" - security_group_id = module.security.internal_security_group_id +# security_group_id = module.security.internal_security_group_id instance_type = each.key name = "swarms-size-${each.key}" launch_template_id = module.lt_dynamic[each.key].launch_template_id From c6fd42cd730a1f68b233e7e54b15f009e0c4cf2e Mon Sep 17 00:00:00 2001 From: mike dupont Date: Mon, 16 Dec 2024 12:43:25 -0500 Subject: [PATCH 13/13] update --- .../swarms-aws-agent-api/dev/us-east-1/Readme.md | 9 ++++++++- .../dev/us-east-1/components/Readme.md | 15 +++++++++------ .../swarms-aws-agent-api/dev/us-east-1/main.tf | 7 ++++--- 3 files changed, 21 insertions(+), 10 deletions(-) diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/Readme.md b/environments/swarms-aws-agent-api/dev/us-east-1/Readme.md index 4f57e60..144ec90 100644 --- a/environments/swarms-aws-agent-api/dev/us-east-1/Readme.md +++ b/environments/swarms-aws-agent-api/dev/us-east-1/Readme.md @@ -1,3 +1,10 @@ +# Done + 1. create vpc +2. create iam roles and users +3. create asg and alb and route53 and acm + +# Todo + +1. create cognito pool 2. create ami -4. create iam roles and users diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/Readme.md b/environments/swarms-aws-agent-api/dev/us-east-1/components/Readme.md index b9e7c04..92f42ec 100644 --- a/environments/swarms-aws-agent-api/dev/us-east-1/components/Readme.md +++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/Readme.md @@ -2,21 +2,24 @@ ## Phase 1 0. create standard vpc with a private network to host ec2, -this uses a natgw that costs money bhttps://aws.amazon.com/vpc/pricing/ -0.45 so we will put the intances in public for now and use security groups to limit access. +this uses a natgw that costs money https://aws.amazon.com/vpc/pricing/ +so we will put the intances in public for now and use security groups to limit access. 1. create minimal ec2 instance in machine_image -terraform (later packer) for ubuntu python uvicorn fastapi nginx systemd server with custom git modules +terraform for ubuntu python uvicorn fastapi nginx systemd server with custom git modules 2. create minimal ec2 ami from instance in machine_image 3. create autoscaling_group of size 1 for image 4. create application load balancer +5. create dns_entry -send users back to server via sticky sessions or some id. -5. create dns_entry -6. create cognito user pool for login +# todo + +1. alb sticky sessions :send users back to server via sticky sessions or some id. +2. create cognito user pool for login 7. create work_queue 8. create lambda_workers on queue 9. create resource_launchers to create new resources. +10. packer ami for ubuntu python uvicorn fastapi nginx systemd server with custom git modules diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf index 744dcc3..629d942 100644 --- a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf +++ b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf @@ -1,6 +1,6 @@ locals { # instance_type = "t3.large" - instance_type = "t3.medium" + # instance_type = "t3.medium" ami = "ami-0e2c8caa4b6378d8c" name = "swarms" region = "us-east-1" @@ -41,9 +41,10 @@ variable "instance_types" { # "t4g.nano", "t3a.nano", "t3.nano", "t2.nano", # "t4g.micro", "t3a.micro", "t3.micro", "t2.micro", "t1.micro", #"t4g.small", "t3a.small", - "t3.small", + #"t3.small", #"t2.small", not working -# "t2.medium" # "t3.medium" + # "t2.medium" # + "t3.medium" ] }