CD2H gitForager

pivotal-cf/terraforming-aws

Name: terraforming-aws

Owner: Pivotal Cloud Foundry

Description: use terraform, deploy yourself a pcf

Created: 2016-10-06 19:07:18.0

Updated: 2018-05-23 18:58:29.0

Pushed: 2018-05-23 20:38:00.0

Homepage:

Size: 104

Language: HCL

GitHub Committers

User	Most Recent Commit	# Commits

Other Committers

User	Email	Most Recent Commit	# Commits

README

How Does One Use This?

What Does This Do?

A booted ops-manager plus a whole BOATLOAD of other goodies, including:

Friendly DNS entries brought to you by Route53
An RDS
A VPC, with security groups
A whole mess of s3 buckets (5 in total - for all your storage needs)
An amazing NAT Box
SSH/HTTPS/TCP ELBs
An IAM User
Tagged resources

Looking to setup a different IAAS

We have have other terraform templates to help you!

azure
gcp

This list will be updated when more infrastructures come along.

Prerequisites

 update
 install terraform

AWS Permissions

AmazonEC2FullAccess
AmazonRDSFullAccess
AmazonRoute53FullAccess
AmazonS3FullAccess
AmazonVPCFullAccess
IAMFullAccess
AWSKeyManagementServicePowerUser

Notes

You can choose whether you would like an RDS or not. By default we have rds_instance_count set to 0 but setting it to 1 will deploy an RDS.

RDS instances take FOREVER to deploy, keep that in mind.

Var File

Copy the stub content below into a file called terraform.tfvars and put it in the root of this project. These vars will be used when you run terraform apply. You should fill in the stub values with the correct content.

name           = "some-environment-name"
ss_key         = "access-key-id"
et_key         = "secret-access-key"
on             = "us-west-1"
lability_zones = ["us-west-1a", "us-west-1c"]
manager_ami    = "ami-4f291f2f"
instance_count = 1
suffix         = "example.com"
cidr           = "10.0.0.0/16"

cert = <<EOF
-BEGIN CERTIFICATE-----
 cert
-END CERTIFICATE-----


private_key = <<EOF
-BEGIN RSA PRIVATE KEY-----
 cert private key
-END RSA PRIVATE KEY-----


               = {
Team = "Dev"
Project = "WebApp3"

Variables

env_name: (required) An arbitrary unique name for namespacing resources
access_key (required) Your Amazon access_key, used for deployment
secret_key: (required) Your Amazon secret_key, also used for deployment
region: (required) Region you want to deploy your resources to
availability_zones: (required) List of AZs you want to deploy to
dns_suffix: (required) Domain to add environment subdomain to
hosted_zone: (optional) Parent domain already managed by Route53. If specified, the DNS records will be added to this Route53 zone instead of a new zone.
ssl_cert: (optional) SSL certificate for HTTP load balancer configuration. Required unless ssl_ca_cert is specified.
ssl_private_key: (optional) Private key for above SSL certificate. Required unless ssl_ca_cert is specified.
ssl_ca_cert: (optional) SSL CA certificate used to generate self-signed HTTP load balancer certificate. Required unless ssl_cert is specified.
ssl_ca_private_key: (optional) Private key for above SSL CA certificate. Required unless ssl_cert is specified.
tags: (optional) A map of AWS tags that are applied to the created resources. By default, the following tags are set: Application = Cloud Foundry, Environment = $env_name
vpc_cidr: (optional) Internal CIDR block for the AWS VPC. Defaults to 10.0.0.0/16.

Ops Manager (optional)

ops_manager: (default: true) Set to false if you don't want an Ops Manager
ops_manager_ami: (optional) Ops Manager AMI, get the right AMI according to your region from the AWS guide downloaded from Pivotal Network
optional_ops_manager: (default: false) Set to true if you want an additional Ops Manager (useful for testing upgrades)
optional_ops_manager_ami: (optional) Additional Ops Manager AMI, get the right AMI according to your region from the AWS guide downloaded from Pivotal Network
ops_manager_instance_type: (default: m4.large) Ops Manager instance type

RDS (optional)

rds_instance_count: (default: 0) Whether or not you would like an RDS for your deployment
rds_instance_class: (default: db.m4.large) Size of the RDS to deploy
rds_db_username: (default: admin) Username for RDS authentication

Isolation Segments (optional)

create_isoseg_resources (optional) Set to 1 to create HTTP load-balancer across 3 zones for isolation segments.
isoseg_ssl_cert: (optional) SSL certificate for Iso Seg HTTP load balancer configuration. Required unless isoseg_ssl_ca_cert is specified.
isoseg_ssl_private_key: (optional) Private key for above SSL certificate. Required unless isoseg_ssl_ca_cert is specified.
isoseg_ssl_ca_cert: (optional) SSL CA certificate used to generate self-signed Iso Seg HTTP load balancer certificate. Required unless isoseg_ssl_cert is specified.
isoseg_ssl_ca_private_key: (optional) Private key for above SSL CA certificate. Required unless isoseg_ssl_cert is specified.

Running

Note: please make sure you have created the terraform.tfvars file above as mentioned.

Standing up environment

aform init
aform plan -out=plan
aform apply plan

Tearing down environment

aform destroy

This work is supported by the National Institutes of Health's National Center for Advancing Translational Sciences, Grant Number U24TR002306. This work is solely the responsibility of the creators and does not necessarily represent the official views of the National Institutes of Health.