Update dependencies in /apps/start-stop-ec2-instances

Bump axios from 0.21.4 to 1.6.8 Bump follow-redirects from 1.15.4 to 1.15.6 Bump jose from 4.10.3 to 4.15.5 Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
nanlabs · May 6, 2024 · a396638 · a396638
1 parent 9b61754
commit a396638
Show file tree

Hide file tree

Showing 31 changed files with 367 additions and 476 deletions.
diff --git a/README.md b/README.md
@@ -66,14 +66,14 @@ Once you have chosen the infrastructure module you want to use, move to the modu
 
 ## Live Infrastructure
 
-The `live` directory houses our live infrastructure. This is where you'll find our Terraform variables, backend configuration, and Terraform root modules.
+The `live` directory houses our live infrastructure components. This is where you'll find our Terraform variables, backend configuration, and Terraform root modules.
 
-It is recommended to create a separate directory for each environment (e.g., `dev`, `staging`, `prod`) and region (e.g., `us-east-1`, `us-west-2`, `eu-west-1`). This allows you to easily manage and deploy your infrastructure.
+It is recommended to create a separate directory for each domain that you want to manage with Terraform. For example, you could have a `core-networking` directory for managing your VPC, subnets, and security groups, and a `common-infra` directory for managing your RDS instances, S3 buckets, and other shared resources.
 
-| Module                                                                           | Description                                           |
-| :------------------------------------------------------------------------------- | :---------------------------------------------------- |
-| [Prod App Infrastructure (us-west-2)](./live/prod/us-west-2/app/README.md)       | Terraform root module for our prod infrastructure.    |
-| [Staging App Infrastructure (us-west-2)](./live/staging/us-west-2/app/README.md) | Terraform root module for our staging infrastructure. |
+| Module                                                                | Description                                                                                                              |
+| :-------------------------------------------------------------------- | :----------------------------------------------------------------------------------------------------------------------- |
+| [Common Infrastructure](./live/common-infra/README.md)                | Terraform module for managing common infrastructure components such as VPC, subnets, security groups, and RDS instances. |
+| [Terraform Backend Configuration](./live/terraform-backend/README.md) | Terraform module for setting up the S3 backend.                                                                          |
 
 ## Terraform Modules
 

diff --git a/live/prod/us-west-2/app/.terraform.lock.hcl → live/common-infra/.terraform.lock.hcl b/live/prod/us-west-2/app/.terraform.lock.hcl → live/common-infra/.terraform.lock.hcl
diff --git a/live/prod/us-west-2/app/README.md → live/common-infra/README.md b/live/prod/us-west-2/app/README.md → live/common-infra/README.md
@@ -1,75 +1,92 @@
-# Prod Infrastructure (us-west-2)
+# Common Infrastructure
 
-🏢 This directory contains the infrastructure as code for our cloud infrastructure. It provides a ready-to-use Terraform module with various features. Follow the steps below to get started.
+🏢 This directory contains the Terraform configuration for our core cloud infrastructure. It provides a ready-to-use Terraform module with essential services and security features.
 
 ## Features
 
-- ✨ Ready to use Root Terraform module!
-- 🗄️ Store Terraform state in an S3 bucket with a DynamoDB table for locking.
-- 🌐 VPC with public and private subnets (application and database subnets) in three availability zones.
-- 🔒 Security groups for bastion host and database.
-- 🔑 Bastion host to access private resources.
-- 🐘 RDS Postgres instance and other database resources.
-- 🔒 AWS Secrets Manager to store database credentials.
-- 🔧 SSM Parameter Store to store parameters such as VPC ID, Subnet IDs, etc.
+- ✨ Comprehensive Root Terraform module for quick deployment.
+- 🗄️ Configured to use an external S3 bucket for Terraform state management with a DynamoDB table for state locking.
+- 🌐 Highly available VPC setup with public and private subnets across multiple availability zones.
+- 🔒 Configured security groups for bastion hosts and databases.
+- 🔑 Bastion host setup for secure access to internal services.
+- 🐘 RDS Postgres setup for reliable database services.
+- 🔒 Utilization of AWS Secrets Manager for secure storage of database credentials.
+- 🔧 Use of SSM Parameter Store for managing network and service parameters.
 
 ## Prerequisites
 
-- [Terraform](https://www.terraform.io/downloads.html)
-- [TFswitch](https://tfswitch.warrensbox.com/)
+- [Terraform](https://www.terraform.io/downloads.html) for infrastructure provisioning.
+- [TFswitch](https://tfswitch.warrensbox.com/) to switch between Terraform versions easily.
 
 ## Setup
 
-1. Switch to the correct Terraform version
+1. **Set Terraform Version:**
 
-```sh
-tfswitch
-```
+   Ensure you are using the correct Terraform version:
 
-2. Initialize the Terraform working directory:
+   ```sh
+   tfswitch
+   ```
 
-```sh
-terraform init
-```
+2. **Check the Terraform Backend Configuration:**
 
-## Deploy
+   Verify that the backend configuration is set correctly in the `backend.tf` file.
 
-1. Plan the deployment:
+   ```hcl
+   terraform {
+     required_version = ">= 1.0.0"
 
-```sh
-terraform plan -out ./prod.tfplan
-```
+     backend "s3" {
+       region         = "us-west-2"
+       bucket         = "terraform-state"
+       key            = "terraform.tfstate"
+       dynamodb_table = "terraform-state-lock"
+       profile        = ""
+       role_arn       = ""
+       encrypt        = "true"
+     }
+   }
 
-2. Apply the deployment:
+   ```
 
-```sh
-terraform apply ./prod.tfplan
-```
+   Replace the placeholder values with the actual bucket name, key, region, and DynamoDB table name.
 
-### First Time Deployment?
+3. **Initialize Terraform:**
 
-If this is the first time you are deploying, a file called `s3-backend.tf` will be created. This file configures the backend for Terraform, using S3 to store the state of our infrastructure.
+   Initialize the working directory with the required providers and modules:
 
-Run the following command to copy the state to the S3 bucket:
+   ```sh
+   terraform init
+   ```
 
-```sh
-terraform init -force-copy
-```
+4. **Workspace Management:**
 
-Push the `s3-backend.tf` file to the repository:
+   Select or create a new workspace tailored to your deployment environment:
 
-```sh
-git add s3-backend.tf && git commit -m "Add s3-backend.tf file"
-git push
-```
+   ```sh
+   # Switch to the another workspace or create it if it doesn't exist
+   terraform workspace select -or-create prod
+   ```
 
-## Destroy
+## Deploy
 
-To destroy the infrastructure, run the following command:
+🚀 **Deployment Instructions:**
 
-```sh
-terraform destroy
-```
+1. **Plan Your Deployment:**
+
+   Review and verify the deployment plan:
+
+   ```sh
+   terraform plan -var-file ./configs/prod.tfvars -out=prod.tfplan
+   ```
+
+2. **Execute the Plan:**
+
+   Apply the planned configuration to provision the infrastructure:
+
+   ```sh
+   terraform apply "prod.tfplan"
+   ```
 
 ## Post Deployment Steps
 
@@ -193,6 +210,16 @@ You can now execute SQL commands to test the database setup. For example:
 
 These steps will help you verify the successful setup of the database and ensure that the necessary connections and configurations are in place.
 
+## Destroy
+
+💣 **NOTE:** In this example, we are using the `prod` environment and the `us-west-2` region. Modify these values according to your environment and region.
+
+To destroy the infrastructure, run the following command:
+
+```sh
+terraform destroy -var-file ./configs/prod.tfvars
+```
+
 ## Module Documentation
 
 The module documentation is generated with [terraform-docs](https://github.com/terraform-docs/terraform-docs) by running the following command from the module directory:

diff --git a/live/prod/us-west-2/app/backend.tf → live/common-infra/backend.tf b/live/prod/us-west-2/app/backend.tf → live/common-infra/backend.tf
@@ -6,14 +6,16 @@ module "terraform_state_backend" {
   source  = "cloudposse/tfstate-backend/aws"
   version = "1.1.1"
 
-  name        = module.label.name
-  namespace   = module.label.namespace
-  environment = module.label.environment
-  attributes  = ["state"]
+  # Avoid creating anything within if we are not in the workspace "default" and "prod".
+  enabled = contains(["default", "prod"], terraform.workspace)
+
+  name       = module.label.name
+  namespace  = module.label.namespace
+  attributes = ["state"]
 
   terraform_backend_config_file_path = "."
   terraform_backend_config_file_name = "s3-backend.tf"
-  terraform_state_file               = "${module.label.id}.tfstate"
+  terraform_state_file               = "${module.label.namespace}-${module.label.name}.tfstate"
 
   bucket_enabled   = true
   dynamodb_enabled = true

diff --git a/live/prod/us-west-2/app/bastion.tf → live/common-infra/bastion.tf b/live/prod/us-west-2/app/bastion.tf → live/common-infra/bastion.tf
@@ -1,30 +1,30 @@
-locals {
-  bastion = {
-    enable = true
-  }
+variable "enable_bastion" {
+  type        = bool
+  description = "Enable bastion host"
+  default     = false
 }
 
 module "bastion" {
-  count = local.bastion.enable ? 1 : 0
+  count = var.enable_bastion ? 1 : 0
 
-  source                       = "../../../../modules/bastion"
+  source                       = "../../modules/bastion"
   name                         = "${module.label.id}-bastion"
   vpc_id                       = module.vpc.vpc_id
   subnets                      = module.vpc.public_subnets
   associate_public_ip_address  = true
-  associate_elastic_ip_address = true
+  associate_elastic_ip_address = false
   tags                         = module.label.tags
 }
 
 output "bastion_instance_id" {
-  value = local.bastion.enable ? module.bastion[0].instance_id : null
+  value = var.enable_bastion ? module.bastion[0].instance_id : null
 }
 
 output "bastion_instance_profile" {
-  value = local.bastion.enable ? module.bastion[0].instance_profile : null
+  value = var.enable_bastion ? module.bastion[0].instance_profile : null
 }
 
 output "ssm_parameter_bastion_ssh_key" {
   description = "name of the ssm parameter for the bastion ssh key"
-  value       = local.bastion.enable ? module.bastion[0].ssm_parameter_ssh_key : null
+  value       = var.enable_bastion ? module.bastion[0].ssm_parameter_ssh_key : null
 }
diff --git a/live/common-infra/configs/prod.tfvars b/live/common-infra/configs/prod.tfvars
@@ -0,0 +1,20 @@
+# General settings
+
+region      = "us-west-2"
+name        = "core"
+namespace   = "nan"
+environment = "prod"
+tags = {
+  "Terraform"   = "true"
+  "Environment" = "prod"
+}
+
+# AWS settings
+
+vpc_cidr_block = "10.0.0.0/16"
+enable_bastion = false
+
+# RDS Database settings
+
+example_db_name            = "example"
+example_db_master_username = "root"
diff --git a/live/common-infra/configs/staging.tfvars b/live/common-infra/configs/staging.tfvars
@@ -0,0 +1,20 @@
+# General settings
+
+region      = "us-west-2"
+name        = "core"
+namespace   = "nan"
+environment = "prod"
+tags = {
+  "Terraform"   = "true"
+  "Environment" = "prod"
+}
+
+# AWS settings
+
+vpc_cidr_block = "10.0.0.0/16"
+enable_bastion = false
+
+# RDS Database settings
+
+example_db_name            = "example"
+example_db_master_username = "root"
diff --git a/live/common-infra/context.tf b/live/common-infra/context.tf
@@ -0,0 +1,54 @@
+variable "name" {
+  description = "Name to use for servers, tags, etc"
+  type        = string
+  default     = "name"
+}
+
+variable "namespace" {
+  description = "Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp'"
+  type        = string
+  default     = "development"
+}
+
+variable "environment" {
+  description = "Environment, e.g. 'prod', 'staging', 'dev', 'pre-prod', 'UAT'"
+  type        = string
+  default     = "development"
+}
+
+variable "stage" {
+  description = "Stage, e.g. 'build', 'test', 'deploy', 'release'"
+  type        = string
+  # not required, so no default
+  default = null
+}
+
+variable "tags" {
+  description = "Any extra tags to assign to objects"
+  type        = map(any)
+  default     = {}
+}
+
+data "aws_caller_identity" "aws" {}
+
+locals {
+  tf_tags = {
+    Terraform = true,
+    By        = data.aws_caller_identity.aws.arn
+  }
+}
+
+// Keep labels, tags consistent
+module "label" {
+  source  = "cloudposse/label/null"
+  version = "0.25.0"
+
+  name        = var.name
+  environment = var.environment
+  namespace   = var.namespace
+  stage       = var.stage
+
+  delimiter   = "-"
+  label_order = ["namespace", "environment", "stage", "name", "attributes"]
+  tags        = merge(var.tags, local.tf_tags)
+}
diff --git a/live/prod/us-west-2/app/docs/MODULE.md → live/common-infra/docs/MODULE.md b/live/prod/us-west-2/app/docs/MODULE.md → live/common-infra/docs/MODULE.md
@@ -16,11 +16,11 @@
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_bastion"></a> [bastion](#module\_bastion) | ../../../../modules/bastion | n/a |
-| <a name="module_exampledb"></a> [exampledb](#module\_exampledb) | ../../../../modules/rds | n/a |
+| <a name="module_bastion"></a> [bastion](#module\_bastion) | ../../modules/bastion | n/a |
+| <a name="module_exampledb"></a> [exampledb](#module\_exampledb) | ../../modules/rds | n/a |
 | <a name="module_label"></a> [label](#module\_label) | cloudposse/label/null | 0.25.0 |
 | <a name="module_terraform_state_backend"></a> [terraform\_state\_backend](#module\_terraform\_state\_backend) | cloudposse/tfstate-backend/aws | 1.1.1 |
-| <a name="module_vpc"></a> [vpc](#module\_vpc) | ../../../../modules/vpc | n/a |
+| <a name="module_vpc"></a> [vpc](#module\_vpc) | ../../modules/vpc | n/a |
 
 ## Resources
 
@@ -30,7 +30,18 @@
 
 ## Inputs
 
-No inputs.
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_enable_bastion"></a> [enable\_bastion](#input\_enable\_bastion) | Enable bastion host | `bool` | `false` | no |
+| <a name="input_environment"></a> [environment](#input\_environment) | Environment, e.g. 'prod', 'staging', 'dev', 'pre-prod', 'UAT' | `string` | `"development"` | no |
+| <a name="input_example_db_master_username"></a> [example\_db\_master\_username](#input\_example\_db\_master\_username) | The username for the master DB user | `string` | `"root"` | no |
+| <a name="input_example_db_name"></a> [example\_db\_name](#input\_example\_db\_name) | The name of the database to create | `string` | `"mydb"` | no |
+| <a name="input_name"></a> [name](#input\_name) | Name to use for servers, tags, etc | `string` | `"name"` | no |
+| <a name="input_namespace"></a> [namespace](#input\_namespace) | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `"development"` | no |
+| <a name="input_region"></a> [region](#input\_region) | AWS region | `string` | `"us-west-2"` | no |
+| <a name="input_stage"></a> [stage](#input\_stage) | Stage, e.g. 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | Any extra tags to assign to objects | `map(any)` | `{}` | no |
+| <a name="input_vpc_cidr_block"></a> [vpc\_cidr\_block](#input\_vpc\_cidr\_block) | CIDR block for the VPC | `string` | `"10.0.0.0/16"` | no |
 
 ## Outputs