Feature/aziz 10022024 nbs6 standalone (#159)

* added nbs6 standalone tf * updated inputs.tfvars.tpl --------- Co-authored-by: akhamraev-ignw <[email protected]>
CDCgov · Oct 3, 2024 · 64a0615 · 64a0615
1 parent d23a0cd
commit 64a0615
Show file tree

Hide file tree

Showing 8 changed files with 739 additions and 0 deletions.
diff --git a/terraform/aws/samples/NBS6_standalone/dns.tf b/terraform/aws/samples/NBS6_standalone/dns.tf
@@ -0,0 +1,23 @@
+# Serial: 2024081301
+
+# #locals on whether to create route53 hosted zone
+# locals {
+#   #If create_route53_hosted_zone == true set value to 1 and create CSM, otherwise do not create
+#   hosted_zone_count = var.create_route53_hosted_zone ? 1 : 0
+# }
+
+module "dns" {
+  source = "git::https://github.com/CDCgov/NEDSS-Infrastructure.git//terraform/aws/development-infrastructure/dns?ref=v1.2.14"
+  #source  = "../../../../NEDSS-Infrastructure/terraform/aws/development-infrastructure/dns"
+
+  domain_name     = var.domain_name
+  sub_domain_name = var.sub_domain_name
+  modern_vpc_id   = module.legacy-vpc.vpc_id
+  legacy_vpc_id   = module.legacy-vpc.vpc_id
+  # nbs_db_host_name    = module.nbs-legacy.nbs_db_address
+  nbs_db_host_name    = module.rds.nbs_db_address
+  nbs_db_dns          = var.nbs_db_dns
+  tags                = var.tags
+  hosted-zone-iam-arn = var.hosted-zone-iam-arn
+  hosted-zone-id      = var.hosted-zone-id
+}
diff --git a/terraform/aws/samples/NBS6_standalone/ebs.tf b/terraform/aws/samples/NBS6_standalone/ebs.tf
@@ -0,0 +1,7 @@
+# Serial: 2024081301
+
+module "ebs" {
+  source = "git::https://github.com/CDCgov/NEDSS-Infrastructure.git//terraform/aws/development-infrastructure/ebs?ref=v1.2.14"
+  #source  = "../../../../NEDSS-Infrastructure/terraform/aws/development-infrastructure/ebs"
+
+}
diff --git a/terraform/aws/samples/NBS6_standalone/inputs.tfvars.tpl b/terraform/aws/samples/NBS6_standalone/inputs.tfvars.tpl
@@ -0,0 +1,82 @@
+# Account variables
+# updated github global secrets to remove single quoting
+#
+#
+# Search and replace SITE_NAME and EXAMPLE_DOMAIN
+# OCTET2a, OCTET2b, OCTET2shared
+# search for all other EXAMPLE
+#
+
+# Non-module specific variables
+target_account_id = "EXAMPLE_ACCOUNT_ID"
+resource_prefix   = "EXAMPLE_RESOURCE_PREFIX" # highly recommend using snake case for naming (e.g. this-is-snake-case)
+kms_arn_shared_services_bucket = "arn:aws:kms:us-east-1:EXAMPLE_SHARED_SERVICES_ACCOUNT:key/123456-789"
+
+
+# Legacy Infrastructure (grab all of these from existing environment)
+# VPC Variables
+# legacy-name                   = "cdc-nbs-legacy-vpc"
+legacy-cidr                       = "10.OCTET2b.0.0/16"
+# legacy-vpc-id                     = "vpc-LEGACY-EXAMPLE"
+# legacy_vpc_private_route_table_id = "rtb-PRIVATE-EXAMPLE"
+# legacy_vpc_public_route_table_id  = "rtb-PUBLIC-EXAMPLE"
+legacy-azs                    = ["us-east-1a", "us-east-1b"]
+legacy-private_subnets        = ["10.OCTET2b.1.0/24", "10.OCTET2b.3.0/24"]
+legacy-public_subnets         = ["10.OCTET2b.2.0/24", "10.OCTET2b.4.0/24"]
+
+
+legacy-create_igw             = true
+legacy-enable_nat_gateway     = true
+legacy-single_nat_gateway     = true
+legacy-one_nat_gateway_per_az = false
+legacy-enable_dns_hostnames   = true
+legacy-enable_dns_support     = true
+load_balancer_internal        = false
+
+# Tags
+tags = {
+  "Project"     = "NBS"
+  "Environment" = "EXAMPLE_ENVIRONMENT"
+  "Owner"       = "CDC"
+  "Terraform"   = "true"
+}
+
+
+
+# Classic on container
+#deploy_on_ecs          = true
+deploy_on_ecs         = false
+deploy_alb_dns_record = true
+docker_image          = "quay.io/us-cdcgov/cdc-nbs-modernization/nbs6:6.0.15.1"
+#docker_image           = "${var.shared_services_accountid}.dkr.ecr.${data.aws_region.current.name}.amazonaws.com/cdc-nbs-legacy/nbs6:latest"
+nbs_github_release_tag = "latest"
+
+# May generate error when Route53 zone is hosted in another AWS account
+hosted-zone-id = "EXAMPLE_HOSTED_ZONE_ID" 
+zone_id = ""
+
+# Classic EC2 instance
+ami                    = "ami-093693792d26e4373"
+instance_type          = "m5.large"
+ec2_key_name           = "cdc-nbs-ec2-EXAMPLE_SITE_NAME"
+# This needs to change for local environment EXAMPLE_CIDR 
+shared_vpc_cidr_block  = "10.1.0.0/16"
+db_instance_type       = "db.m6i.large"
+db_snapshot_identifier = "cdc-nbs-legacy-rds-mssql-60151-20231103"
+route53_url_name       = "app-classic.EXAMPLE_SITE_NAME.nbspreview.com"
+create_cert            = true
+artifacts_bucket_name  = "cdc-nbs-shared-software"
+deployment_package_key = "wildfly-10.0.0.Final-6.0.15.1.zip"
+# XXX - mossc - is this still used or are we doing something with resource
+# prefix?????
+nbs_db_dns = "nbs-db"
+
+domain_name = "EXAMPLE_SITE_NAME.nbspreview.com"
+sub_domain_name = "EXAMPLE_SITE_NAME"
+
+#use_ecr_pull_through_cache=true 
+external_cidr_blocks = []
+
+################################################################
+
+
diff --git a/terraform/aws/samples/NBS6_standalone/nbs-legacy-vpc.tf b/terraform/aws/samples/NBS6_standalone/nbs-legacy-vpc.tf
@@ -0,0 +1,31 @@
+# Serial: 2024081301
+
+# VPC for legacy application components
+module "legacy-vpc" {
+
+  source = "git::https://github.com/CDCgov/NEDSS-Infrastructure.git//terraform/aws/app-infrastructure/vpc?ref=v1.2.14"
+
+  #source      = "../../../../NEDSS-Infrastructure/terraform/aws/app-infrastructure/vpc"
+  # SAMPLES
+  #source      = "../app-infrastructure/vpc"
+
+  # instead of doing this we will build classic specific resource_prefix
+  # can still be overridden with name
+  # name            = var.legacy-name
+  # name            = "${var.resource_prefix}-classic"
+  resource_prefix = "${var.resource_prefix}-classic"
+
+  cidr            = var.legacy-cidr
+  azs             = var.legacy-azs
+  private_subnets = var.legacy-private_subnets
+  public_subnets  = var.legacy-public_subnets
+
+  create_igw             = var.legacy-create_igw
+  enable_nat_gateway     = var.legacy-enable_nat_gateway
+  single_nat_gateway     = var.legacy-single_nat_gateway
+  one_nat_gateway_per_az = var.legacy-one_nat_gateway_per_az
+
+  enable_dns_hostnames = var.legacy-enable_dns_hostnames
+  enable_dns_support   = var.legacy-enable_dns_support
+
+}
diff --git a/terraform/aws/samples/NBS6_standalone/nbs-legacy.tf b/terraform/aws/samples/NBS6_standalone/nbs-legacy.tf
@@ -0,0 +1,74 @@
+# Serial: 2024081301
+
+locals {
+  zone_id    = try(module.dns.zone_id["${module.dns.registered_domain_name}"], var.zone_id)
+  lb_subnets = var.load_balancer_internal ? module.legacy-vpc.private_subnets : module.legacy-vpc.public_subnets
+}
+
+data "aws_region" "current" {}
+
+module "nbs-legacy" {
+
+  source = "git::https://github.com/CDCgov/NEDSS-Infrastructure.git//terraform/aws/development-infrastructure/nbs-legacy?ref=v1.2.14"
+
+  #source  = "../../../../NEDSS-Infrastructure/terraform/aws/development-infrastructure/nbs-legacy"
+
+  #docker_image           = "${var.shared_services_accountid}.dkr.ecr.${data.aws_region.current.name}.amazonaws.com/${var.docker_image}"
+  docker_image = var.docker_image
+
+  deploy_on_ecs          = var.deploy_on_ecs
+  deploy_alb_dns_record  = var.deploy_alb_dns_record
+  nbs_github_release_tag = var.nbs_github_release_tag
+  ecs_cpu                = var.ecs_cpu
+  ecs_memory             = var.ecs_memory
+  ecs_subnets            = module.legacy-vpc.private_subnets
+  subnet_ids             = module.legacy-vpc.private_subnets
+  vpc_id                 = module.legacy-vpc.vpc_id
+
+  # nbs6_ingress_vpc_cidr_blocks = [var.modern-cidr, var.legacy-cidr, var.shared_vpc_cidr_block]
+  nbs6_ingress_vpc_cidr_blocks = [var.legacy-cidr, var.shared_vpc_cidr_block]
+
+  nbs6_rdp_cidr_block          = [var.shared_vpc_cidr_block]
+
+  # was using fixed naming for legacy 
+  # resource_prefix              = "cdc-nbs-legacy"
+  # instead of doing this we will build "prefix" with resource_prefix
+  # name            = var.legacy-name
+  #resource_prefix             = var.classic_resource_prefix
+  resource_prefix = "${var.resource_prefix}-classic"
+
+  # conditional use dns if created or input zone_id otherwise
+  zone_id          = local.zone_id
+  route53_url_name = var.route53_url_name
+  tags             = var.tags
+  domain_name      = var.domain_name
+  create_cert      = var.create_cert
+
+  artifacts_bucket_name          = var.artifacts_bucket_name
+  deployment_package_key         = var.deployment_package_key
+  nbs_db_dns                     = module.dns.nbs_db_dns
+  kms_arn_shared_services_bucket = var.kms_arn_shared_services_bucket
+
+  ## load balancer
+  # use locals to pick private or public
+  load_balancer_subnet_ids = local.lb_subnets
+  load_balancer_type       = var.load_balancer_type
+  internal                 = var.load_balancer_internal
+
+  ### Only for EC2
+  instance_type = var.instance_type
+  ami           = var.ami
+  ec2_key_name  = var.ec2_key_name
+  #enable_user_data = var.ec2_enable_user_data
+
+  # delete these from future version if not used
+  # public_subnet_ids      = module.legacy-vpc.public_subnets
+  # legacy_vpc_id          = module.legacy-vpc.vpc_id
+  # modern_vpc_id          = module.modernization-vpc.vpc_id
+  # shared_vpc_cidr_block  = var.shared_vpc_cidr_block
+  # legacy_resource_prefix = "cdc-nbs-legacy"
+  # ec2_key_name           = var.ec2_key_name
+  # db_instance_type       = var.db_instance_type
+  # db_snapshot_identifier = var.db_snapshot_identifier
+  # ignore_tags            = var.ignore_tags
+}
diff --git a/terraform/aws/samples/NBS6_standalone/rds.tf b/terraform/aws/samples/NBS6_standalone/rds.tf
@@ -0,0 +1,20 @@
+# Serial: 2024081301
+
+module "rds" {
+
+  source = "git::https://github.com/CDCgov/NEDSS-Infrastructure.git//terraform/aws/development-infrastructure/rds?ref=v1.2.14"
+
+  #source  = "../../../../NEDSS-Infrastructure/terraform/aws/development-infrastructure/rds"
+
+  db_instance_type            = var.db_instance_type
+  db_snapshot_identifier      = var.db_snapshot_identifier
+  private_subnet_ids          = module.legacy-vpc.private_subnets
+  manage_master_user_password = var.manage_master_user_password
+  app_security_group_id       = module.nbs-legacy.security_group_id
+  # ingress_vpc_cidr_blocks     = "${var.modern-cidr},${var.legacy-cidr},${var.shared_vpc_cidr_block}"
+  ingress_vpc_cidr_blocks     = "${var.legacy-cidr},${var.shared_vpc_cidr_block}"
+
+  vpc_id                      = module.legacy-vpc.vpc_id
+  resource_prefix             = var.resource_prefix
+
+}
diff --git a/terraform/aws/samples/NBS6_standalone/terraform.tf.tpl b/terraform/aws/samples/NBS6_standalone/terraform.tf.tpl
@@ -0,0 +1,32 @@
+# Serial: 2024032001
+
+# new file breaks out providers and backend from main.tf
+# but will cause a problem if corresponding lines are not removed from
+# main.tf (make sure s3 key matches in preexisting accounts
+
+terraform {
+  required_providers {
+    aws = {
+      source = "hashicorp/aws"
+    }
+  }
+
+  # Precreate(d) s3 bucket named "cdc-nbs-sandbox-terraform"
+  backend "s3" {
+    encrypt = true
+    #change following 2 lines and comment this one
+    bucket = "cdc-nbs-terraform-<EXAMPLE_ACCOUNT_NUM>"
+    key    = "cdc-nbs-SITE_NAME-modern/infrastructure-artifacts"
+    region = "us-east-1"
+  }
+}
+
+# provider "aws" {
+#   assume_role {
+#     role_arn     = "arn:aws:iam::${var.target_account_id}:role/cdc-terraform-user-cross-account-role"
+#     session_name = "deploy-base-infrastructure"
+#   }
+#   ignore_tags {
+#     keys = ["cdc-nbs:schedule", "InstanceScheduler-LastAction", "cdc-nbs:owner", "cdc-nbs:principal-Id"]
+#   }
+# }