Open Magicloud opened 4 years ago
Example:
Plan
# data.template_file.docker_compose will be read during apply
# (config refers to values not yet known)
<= data "template_file" "docker_compose" {
+ id = (known after apply)
+ rendered = (known after apply)
+ template = <<~EOT
version: "3.7"
services:
confluence:
image: atlassian/confluence-server
ports:
- "${http_port}:8090"
volumes:
- /data/confluence:/var/atlassian/application-data/confluence
environment:
- ATL_JDBC_URL=jdbc:postgresql://${db_host}:5432/${db_db}
- ATL_JDBC_USER=${db_user}
- ATL_JDBC_PASSWORD='${db_pass}'
- ATL_DB_TYPE=postgresql
EOT
+ vars = {
+ "db_db" = "confluence"
+ "db_host" = (known after apply)
+ "db_pass" = "Fpco!234"
+ "db_user" = "confluence"
+ "http_port" = "80"
}
}
# aws_acm_certificate.cert will be created
+ resource "aws_acm_certificate" "cert" {
+ arn = (known after apply)
+ domain_name = (known after apply)
+ domain_validation_options = (known after apply)
+ id = (known after apply)
+ subject_alternative_names = (known after apply)
+ validation_emails = (known after apply)
+ validation_method = "DNS"
}
# aws_acm_certificate_validation.validation will be created
+ resource "aws_acm_certificate_validation" "validation" {
+ certificate_arn = (known after apply)
+ id = (known after apply)
+ validation_record_fqdns = (known after apply)
}
# aws_autoscaling_attachment.asg_ext_alb will be created
+ resource "aws_autoscaling_attachment" "asg_ext_alb" {
+ alb_target_group_arn = (known after apply)
+ autoscaling_group_name = (known after apply)
+ id = (known after apply)
}
# aws_autoscaling_attachment.asg_int_alb will be created
+ resource "aws_autoscaling_attachment" "asg_int_alb" {
+ alb_target_group_arn = (known after apply)
+ autoscaling_group_name = (known after apply)
+ id = (known after apply)
}
# aws_route53_record.cert_validation_ext will be created
+ resource "aws_route53_record" "cert_validation_ext" {
+ allow_overwrite = (known after apply)
+ fqdn = (known after apply)
+ id = (known after apply)
+ name = (known after apply)
+ records = (known after apply)
+ ttl = 60
+ type = (known after apply)
+ zone_id = "Z962O7HXEQOHW"
}
# aws_route53_record.cert_validation_int will be created
+ resource "aws_route53_record" "cert_validation_int" {
+ allow_overwrite = (known after apply)
+ fqdn = (known after apply)
+ id = (known after apply)
+ name = (known after apply)
+ records = (known after apply)
+ ttl = 60
+ type = (known after apply)
+ zone_id = "Z962O7HXEQOHW"
}
# aws_route53_record.ext will be created
+ resource "aws_route53_record" "ext" {
+ allow_overwrite = (known after apply)
+ fqdn = (known after apply)
+ id = (known after apply)
+ name = "c-e.dev-sandbox.fpcomplete.com"
+ type = "A"
+ zone_id = "Z962O7HXEQOHW"
+ alias {
+ evaluate_target_health = true
+ name = (known after apply)
+ zone_id = (known after apply)
}
}
# aws_route53_record.int will be created
+ resource "aws_route53_record" "int" {
+ allow_overwrite = (known after apply)
+ fqdn = (known after apply)
+ id = (known after apply)
+ name = "c-i.dev-sandbox.fpcomplete.com"
+ type = "A"
+ zone_id = "Z962O7HXEQOHW"
+ alias {
+ evaluate_target_health = true
+ name = (known after apply)
+ zone_id = (known after apply)
}
}
# aws_security_group_rule.asg_ext_alb_http_port_sg_rule will be created
+ resource "aws_security_group_rule" "asg_ext_alb_http_port_sg_rule" {
+ description = "HTTP ingress for ext ALB"
+ from_port = 80
+ id = (known after apply)
+ protocol = "tcp"
+ security_group_id = (known after apply)
+ self = false
+ source_security_group_id = (known after apply)
+ to_port = 80
+ type = "ingress"
}
# aws_security_group_rule.asg_int_alb_http_port_sg_rule will be created
+ resource "aws_security_group_rule" "asg_int_alb_http_port_sg_rule" {
+ description = "HTTP ingress for int ALB"
+ from_port = 80
+ id = (known after apply)
+ protocol = "tcp"
+ security_group_id = (known after apply)
+ self = false
+ source_security_group_id = (known after apply)
+ to_port = 80
+ type = "ingress"
}
# aws_security_group_rule.rds_sg_rule will be created
+ resource "aws_security_group_rule" "rds_sg_rule" {
+ description = "PGSQL ingress for RDS"
+ from_port = 5432
+ id = (known after apply)
+ protocol = "tcp"
+ security_group_id = (known after apply)
+ self = false
+ source_security_group_id = (known after apply)
+ to_port = 5432
+ type = "ingress"
}
# module.asg.data.aws_subnet.server-subnet will be read during apply
# (config refers to values not yet known)
<= data "aws_subnet" "server-subnet" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = (known after apply)
+ availability_zone = (known after apply)
+ availability_zone_id = (known after apply)
+ cidr_block = (known after apply)
+ default_for_az = (known after apply)
+ id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ map_public_ip_on_launch = (known after apply)
+ owner_id = (known after apply)
+ state = (known after apply)
+ tags = (known after apply)
+ vpc_id = (known after apply)
}
# module.asg-sg.aws_security_group.main will be created
+ resource "aws_security_group" "main" {
+ arn = (known after apply)
+ description = "SG for ASG"
+ egress = (known after apply)
+ id = (known after apply)
+ ingress = (known after apply)
+ name = "asg-sg"
+ owner_id = (known after apply)
+ revoke_rules_on_delete = false
+ tags = {
+ "Name" = "asg-sg"
}
+ vpc_id = (known after apply)
}
# module.asg-to-world.aws_security_group_rule.open_egress will be created
+ resource "aws_security_group_rule" "open_egress" {
+ cidr_blocks = [
+ "0.0.0.0/0",
]
+ description = "OPEN egress, all ports, all protocols"
+ from_port = 0
+ id = (known after apply)
+ protocol = "-1"
+ security_group_id = (known after apply)
+ self = false
+ source_security_group_id = (known after apply)
+ to_port = 0
+ type = "egress"
}
# module.data-backup.aws_dlm_lifecycle_policy.ebs-lifecycle-policy will be created
+ resource "aws_dlm_lifecycle_policy" "ebs-lifecycle-policy" {
+ arn = (known after apply)
+ description = "DLM lifecycle policy"
+ execution_role_arn = (known after apply)
+ id = (known after apply)
+ state = "ENABLED"
+ policy_details {
+ resource_types = [
+ "VOLUME",
]
+ target_tags = (known after apply)
+ schedule {
+ copy_tags = true
+ name = "confluence One week of daily snapshots"
+ tags_to_add = {
+ "SnapshotCreator" = "DLM lifecycle"
}
+ create_rule {
+ interval = 24
+ interval_unit = "HOURS"
+ times = [
+ "23:45",
]
}
+ retain_rule {
+ count = 14
}
}
}
}
# module.data-backup.aws_iam_role.dlm_lifecycle_role will be created
+ resource "aws_iam_role" "dlm_lifecycle_role" {
+ arn = (known after apply)
+ assume_role_policy = jsonencode(
{
+ Statement = [
+ {
+ Action = "sts:AssumeRole"
+ Effect = "Allow"
+ Principal = {
+ Service = "dlm.amazonaws.com"
}
+ Sid = ""
},
]
+ Version = "2012-10-17"
}
)
+ create_date = (known after apply)
+ force_detach_policies = false
+ id = (known after apply)
+ max_session_duration = 3600
+ name = "dlm-lifecycle-role"
+ path = "/"
+ unique_id = (known after apply)
}
# module.data-backup.aws_iam_role_policy.dlm_lifecycle_policy will be created
+ resource "aws_iam_role_policy" "dlm_lifecycle_policy" {
+ id = (known after apply)
+ name = "dlm-lifecycle-policy"
+ policy = jsonencode(
{
+ Statement = [
+ {
+ Action = [
+ "ec2:CreateSnapshot",
+ "ec2:DeleteSnapshot",
+ "ec2:DescribeVolumes",
+ "ec2:DescribeSnapshots",
]
+ Effect = "Allow"
+ Resource = "*"
},
+ {
+ Action = [
+ "ec2:CreateTags",
]
+ Effect = "Allow"
+ Resource = "arn:aws:ec2:*::snapshot/*"
},
]
+ Version = "2012-10-17"
}
)
+ role = (known after apply)
}
# module.ext-alb.aws_lb.alb will be created
+ resource "aws_lb" "alb" {
+ arn = (known after apply)
+ arn_suffix = (known after apply)
+ dns_name = (known after apply)
+ enable_deletion_protection = false
+ enable_http2 = true
+ id = (known after apply)
+ idle_timeout = 60
+ internal = false
+ ip_address_type = (known after apply)
+ load_balancer_type = "application"
+ name = "confluence-ext-alb"
+ security_groups = (known after apply)
+ subnets = (known after apply)
+ vpc_id = (known after apply)
+ zone_id = (known after apply)
+ subnet_mapping {
+ allocation_id = (known after apply)
+ subnet_id = (known after apply)
}
}
# module.ext-alb.aws_security_group.alb_sg will be created
+ resource "aws_security_group" "alb_sg" {
+ arn = (known after apply)
+ description = "Managed by Terraform"
+ egress = (known after apply)
+ id = (known after apply)
+ ingress = (known after apply)
+ name = (known after apply)
+ name_prefix = "confluence-ext-alb_sb"
+ owner_id = (known after apply)
+ revoke_rules_on_delete = false
+ vpc_id = (known after apply)
}
# module.ext-alb-to-asg.aws_security_group_rule.open_egress will be created
+ resource "aws_security_group_rule" "open_egress" {
+ cidr_blocks = [
+ "0.0.0.0/0",
]
+ description = "OPEN egress, all ports, all protocols"
+ from_port = 0
+ id = (known after apply)
+ protocol = "-1"
+ security_group_id = (known after apply)
+ self = false
+ source_security_group_id = (known after apply)
+ to_port = 0
+ type = "egress"
}
# module.ext-forwarder.aws_lb_listener.lb-listener will be created
+ resource "aws_lb_listener" "lb-listener" {
+ arn = (known after apply)
+ certificate_arn = (known after apply)
+ id = (known after apply)
+ load_balancer_arn = (known after apply)
+ port = 443
+ protocol = "HTTPS"
+ ssl_policy = "ELBSecurityPolicy-2016-08"
+ default_action {
+ order = (known after apply)
+ target_group_arn = (known after apply)
+ type = "forward"
}
}
# module.ext-forwarder.aws_lb_target_group.lb-tg will be created
+ resource "aws_lb_target_group" "lb-tg" {
+ arn = (known after apply)
+ arn_suffix = (known after apply)
+ deregistration_delay = 300
+ id = (known after apply)
+ lambda_multi_value_headers_enabled = false
+ name = "confluence-ext-https-tg"
+ port = 80
+ protocol = "HTTP"
+ proxy_protocol_v2 = false
+ slow_start = 0
+ target_type = "instance"
+ vpc_id = (known after apply)
+ health_check {
+ enabled = (known after apply)
+ healthy_threshold = (known after apply)
+ interval = (known after apply)
+ matcher = (known after apply)
+ path = (known after apply)
+ port = (known after apply)
+ protocol = (known after apply)
+ timeout = (known after apply)
+ unhealthy_threshold = (known after apply)
}
+ stickiness {
+ cookie_duration = (known after apply)
+ enabled = (known after apply)
+ type = (known after apply)
}
}
# module.ext_alb_http_port_sg_rule.aws_security_group_rule.tcp_ingress[0] will be created
+ resource "aws_security_group_rule" "tcp_ingress" {
+ cidr_blocks = [
+ "0.0.0.0/0",
]
+ description = "HTTP ingress for ALB (tcp)"
+ from_port = 80
+ id = (known after apply)
+ protocol = "tcp"
+ security_group_id = (known after apply)
+ self = false
+ source_security_group_id = (known after apply)
+ to_port = 80
+ type = "ingress"
}
# module.ext_alb_https_port_sg_rule.aws_security_group_rule.tcp_ingress[0] will be created
+ resource "aws_security_group_rule" "tcp_ingress" {
+ cidr_blocks = [
+ "0.0.0.0/0",
]
+ description = "HTTPS ingress for ALB (tcp)"
+ from_port = 443
+ id = (known after apply)
+ protocol = "tcp"
+ security_group_id = (known after apply)
+ self = false
+ source_security_group_id = (known after apply)
+ to_port = 443
+ type = "ingress"
}
# module.ext_redirector.aws_lb_listener.lb-listener will be created
+ resource "aws_lb_listener" "lb-listener" {
+ arn = (known after apply)
+ id = (known after apply)
+ load_balancer_arn = (known after apply)
+ port = 80
+ protocol = "HTTP"
+ ssl_policy = (known after apply)
+ default_action {
+ order = (known after apply)
+ type = "redirect"
+ redirect {
+ host = "#{host}"
+ path = "/#{path}"
+ port = "443"
+ protocol = "HTTPS"
+ query = "#{query}"
+ status_code = "HTTP_301"
}
}
}
# module.int-alb.aws_lb.alb will be created
+ resource "aws_lb" "alb" {
+ arn = (known after apply)
+ arn_suffix = (known after apply)
+ dns_name = (known after apply)
+ enable_deletion_protection = false
+ enable_http2 = true
+ id = (known after apply)
+ idle_timeout = 60
+ internal = true
+ ip_address_type = (known after apply)
+ load_balancer_type = "application"
+ name = "confluence-int-alb"
+ security_groups = (known after apply)
+ subnets = (known after apply)
+ vpc_id = (known after apply)
+ zone_id = (known after apply)
+ subnet_mapping {
+ allocation_id = (known after apply)
+ subnet_id = (known after apply)
}
}
# module.int-alb.aws_security_group.alb_sg will be created
+ resource "aws_security_group" "alb_sg" {
+ arn = (known after apply)
+ description = "Managed by Terraform"
+ egress = (known after apply)
+ id = (known after apply)
+ ingress = (known after apply)
+ name = (known after apply)
+ name_prefix = "confluence-int-alb_sb"
+ owner_id = (known after apply)
+ revoke_rules_on_delete = false
+ vpc_id = (known after apply)
}
# module.int-alb-to-asg.aws_security_group_rule.open_egress will be created
+ resource "aws_security_group_rule" "open_egress" {
+ cidr_blocks = [
+ "0.0.0.0/0",
]
+ description = "OPEN egress, all ports, all protocols"
+ from_port = 0
+ id = (known after apply)
+ protocol = "-1"
+ security_group_id = (known after apply)
+ self = false
+ source_security_group_id = (known after apply)
+ to_port = 0
+ type = "egress"
}
# module.int-forwarder.aws_lb_listener.lb-listener will be created
+ resource "aws_lb_listener" "lb-listener" {
+ arn = (known after apply)
+ certificate_arn = (known after apply)
+ id = (known after apply)
+ load_balancer_arn = (known after apply)
+ port = 443
+ protocol = "HTTPS"
+ ssl_policy = "ELBSecurityPolicy-2016-08"
+ default_action {
+ order = (known after apply)
+ target_group_arn = (known after apply)
+ type = "forward"
}
}
# module.int-forwarder.aws_lb_target_group.lb-tg will be created
+ resource "aws_lb_target_group" "lb-tg" {
+ arn = (known after apply)
+ arn_suffix = (known after apply)
+ deregistration_delay = 300
+ id = (known after apply)
+ lambda_multi_value_headers_enabled = false
+ name = "confluence-int-https-tg"
+ port = 80
+ protocol = "HTTP"
+ proxy_protocol_v2 = false
+ slow_start = 0
+ target_type = "instance"
+ vpc_id = (known after apply)
+ health_check {
+ enabled = (known after apply)
+ healthy_threshold = (known after apply)
+ interval = (known after apply)
+ matcher = (known after apply)
+ path = (known after apply)
+ port = (known after apply)
+ protocol = (known after apply)
+ timeout = (known after apply)
+ unhealthy_threshold = (known after apply)
}
+ stickiness {
+ cookie_duration = (known after apply)
+ enabled = (known after apply)
+ type = (known after apply)
}
}
# module.int_alb_http_port_sg_rule.aws_security_group_rule.tcp_ingress[0] will be created
+ resource "aws_security_group_rule" "tcp_ingress" {
+ cidr_blocks = [
+ "192.168.0.0/16",
]
+ description = "HTTP ingress for ALB (tcp)"
+ from_port = 80
+ id = (known after apply)
+ protocol = "tcp"
+ security_group_id = (known after apply)
+ self = false
+ source_security_group_id = (known after apply)
+ to_port = 80
+ type = "ingress"
}
# module.int_alb_https_port_sg_rule.aws_security_group_rule.tcp_ingress[0] will be created
+ resource "aws_security_group_rule" "tcp_ingress" {
+ cidr_blocks = [
+ "192.168.0.0/16",
]
+ description = "HTTPS ingress for ALB (tcp)"
+ from_port = 443
+ id = (known after apply)
+ protocol = "tcp"
+ security_group_id = (known after apply)
+ self = false
+ source_security_group_id = (known after apply)
+ to_port = 443
+ type = "ingress"
}
# module.int_redirector.aws_lb_listener.lb-listener will be created
+ resource "aws_lb_listener" "lb-listener" {
+ arn = (known after apply)
+ id = (known after apply)
+ load_balancer_arn = (known after apply)
+ port = 80
+ protocol = "HTTP"
+ ssl_policy = (known after apply)
+ default_action {
+ order = (known after apply)
+ type = "redirect"
+ redirect {
+ host = "#{host}"
+ path = "/#{path}"
+ port = "443"
+ protocol = "HTTPS"
+ query = "#{query}"
+ status_code = "HTTP_301"
}
}
}
# module.rds.aws_db_instance.default will be created
+ resource "aws_db_instance" "default" {
+ address = (known after apply)
+ allocated_storage = 20
+ apply_immediately = (known after apply)
+ arn = (known after apply)
+ auto_minor_version_upgrade = true
+ availability_zone = (known after apply)
+ backup_retention_period = 7
+ backup_window = (known after apply)
+ ca_cert_identifier = (known after apply)
+ character_set_name = (known after apply)
+ copy_tags_to_snapshot = false
+ db_subnet_group_name = (known after apply)
+ delete_automated_backups = true
+ endpoint = (known after apply)
+ engine = "postgres"
+ engine_version = "11"
+ hosted_zone_id = (known after apply)
+ id = (known after apply)
+ identifier = (known after apply)
+ identifier_prefix = "confluence"
+ instance_class = "db.m5.xlarge"
+ kms_key_id = (known after apply)
+ license_model = (known after apply)
+ maintenance_window = (known after apply)
+ monitoring_interval = 30
+ monitoring_role_arn = (known after apply)
+ multi_az = true
+ name = "confluence"
+ option_group_name = (known after apply)
+ parameter_group_name = (known after apply)
+ password = (sensitive value)
+ performance_insights_enabled = false
+ performance_insights_kms_key_id = (known after apply)
+ performance_insights_retention_period = (known after apply)
+ port = (known after apply)
+ publicly_accessible = false
+ replicas = (known after apply)
+ resource_id = (known after apply)
+ skip_final_snapshot = false
+ status = (known after apply)
+ storage_type = "gp2"
+ timezone = (known after apply)
+ username = "confluence"
+ vpc_security_group_ids = (known after apply)
}
# module.rds.aws_db_subnet_group.rds_private_subnet will be created
+ resource "aws_db_subnet_group" "rds_private_subnet" {
+ arn = (known after apply)
+ description = "Managed by Terraform"
+ id = (known after apply)
+ name = (known after apply)
+ name_prefix = (known after apply)
+ subnet_ids = (known after apply)
}
# module.rds.aws_iam_role.rds_enhanced_monitoring will be created
+ resource "aws_iam_role" "rds_enhanced_monitoring" {
+ arn = (known after apply)
+ assume_role_policy = jsonencode(
{
+ Statement = [
+ {
+ Action = "sts:AssumeRole"
+ Effect = "Allow"
+ Principal = {
+ Service = "monitoring.rds.amazonaws.com"
}
+ Sid = ""
},
]
+ Version = "2012-10-17"
}
)
+ create_date = (known after apply)
+ force_detach_policies = false
+ id = (known after apply)
+ max_session_duration = 3600
+ name = (known after apply)
+ name_prefix = "confluence"
+ path = "/"
+ unique_id = (known after apply)
}
# module.rds.aws_iam_role_policy_attachment.rds_enhanced_monitoring will be created
+ resource "aws_iam_role_policy_attachment" "rds_enhanced_monitoring" {
+ id = (known after apply)
+ policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole"
+ role = (known after apply)
}
# module.rds-sg.aws_security_group.main will be created
+ resource "aws_security_group" "main" {
+ arn = (known after apply)
+ description = "SG for RDS"
+ egress = (known after apply)
+ id = (known after apply)
+ ingress = (known after apply)
+ name = "rds-sg"
+ owner_id = (known after apply)
+ revoke_rules_on_delete = false
+ tags = {
+ "Name" = "rds-sg"
}
+ vpc_id = (known after apply)
}
# module.ssh-port-sg-rule.aws_security_group_rule.tcp_ingress[0] will be created
+ resource "aws_security_group_rule" "tcp_ingress" {
+ cidr_blocks = [
+ "0.0.0.0/0",
]
+ description = "SSH from anywhere, for debug. (tcp)"
+ from_port = 22
+ id = (known after apply)
+ protocol = "tcp"
+ security_group_id = (known after apply)
+ self = false
+ source_security_group_id = (known after apply)
+ to_port = 22
+ type = "ingress"
}
# module.asg.module.init-attach-ebs.data.template_file.init_snippet will be read during apply
# (config refers to values not yet known)
<= data "template_file" "init_snippet" {
+ id = (known after apply)
+ rendered = (known after apply)
+ template = <<~EOT
# start snippet - attach EBS volume
${init_prefix}
export AWS_DEFAULT_REGION=${region}
VOLUME_ID=${volume_id}
INSTANCE_ID="$(wget -O- http://169.254.169.254/latest/meta-data/instance-id || curl http://169.254.169.254/latest/meta-data/instance-id)"
echo "${log_prefix} will attach $${VOLUME_ID} via the AWS API in ${region}"
while ! aws ec2 attach-volume \
--volume-id "$${VOLUME_ID}" \
--instance-id "$${INSTANCE_ID}" \
--device '${device_path}'; do
echo "Attaching command failed to run. Retrying."
sleep '${wait_interval}'
done
echo "${log_prefix} $${VOLUME_ID} attached."
vol_id="$(echo "$${VOLUME_ID}" | tr -d '-')"
while [ ! -e /dev/disk/by-id/*-Amazon_Elastic_Block_Store_$${vol_id} ]; do
sleep '${wait_interval}'
done
dev_id="$(ls /dev/disk/by-id/*-Amazon_Elastic_Block_Store_$${vol_id} | head -1)"
dev_name="/dev/$(readlink "$${dev_id}" | tr / '\n' | tail -1)"
[ "$${dev_name}" == "${device_path}" ] || ln -s "$${dev_name}" "${device_path}"
${init_suffix}
EOT
+ vars = {
+ "device_path" = "/dev/xvdf"
+ "init_prefix" = ""
+ "init_suffix" = ""
+ "log_level" = "info"
+ "log_prefix" = "OPS: "
+ "region" = "ap-northeast-1"
+ "volume_id" = (known after apply)
+ "wait_interval" = "5"
}
}
# module.asg.module.instance_profile.aws_iam_instance_profile.profile will be created
+ resource "aws_iam_instance_profile" "profile" {
+ arn = (known after apply)
+ create_date = (known after apply)
+ id = (known after apply)
+ name = (known after apply)
+ name_prefix = (known after apply)
+ path = "/"
+ role = (known after apply)
+ roles = (known after apply)
+ unique_id = (known after apply)
}
# module.asg.module.instance_profile.aws_iam_role.role will be created
+ resource "aws_iam_role" "role" {
+ arn = (known after apply)
+ assume_role_policy = jsonencode(
{
+ Statement = [
+ {
+ Action = "sts:AssumeRole"
+ Effect = "Allow"
+ Principal = {
+ Service = "ec2.amazonaws.com"
}
+ Sid = ""
},
]
+ Version = "2012-10-17"
}
)
+ create_date = (known after apply)
+ force_detach_policies = false
+ id = (known after apply)
+ max_session_duration = 3600
+ name = (known after apply)
+ path = "/"
+ unique_id = (known after apply)
}
# module.asg.module.server.aws_autoscaling_group.cluster will be created
+ resource "aws_autoscaling_group" "cluster" {
+ arn = (known after apply)
+ availability_zones = (known after apply)
+ default_cooldown = (known after apply)
+ desired_capacity = (known after apply)
+ force_delete = true
+ health_check_grace_period = 300
+ health_check_type = "EC2"
+ id = (known after apply)
+ launch_configuration = (known after apply)
+ load_balancers = (known after apply)
+ max_size = 1
+ metrics_granularity = "1Minute"
+ min_size = 1
+ name = (known after apply)
+ name_prefix = (known after apply)
+ protect_from_scale_in = false
+ service_linked_role_arn = (known after apply)
+ tags = [
+ (known after apply),
]
+ target_group_arns = (known after apply)
+ termination_policies = []
+ vpc_zone_identifier = (known after apply)
+ wait_for_capacity_timeout = "10m"
}
# module.asg.module.server.aws_launch_configuration.cluster will be created
+ resource "aws_launch_configuration" "cluster" {
+ arn = (known after apply)
+ associate_public_ip_address = false
+ ebs_optimized = (known after apply)
+ enable_monitoring = true
+ iam_instance_profile = (known after apply)
+ id = (known after apply)
+ image_id = "ami-045f38c93733dd48d"
+ instance_type = "m5.xlarge"
+ key_name = "shida-tokyo"
+ name = (known after apply)
+ security_groups = (known after apply)
+ user_data = (known after apply)
+ ebs_block_device {
+ delete_on_termination = (known after apply)
+ device_name = (known after apply)
+ encrypted = (known after apply)
+ iops = (known after apply)
+ no_device = (known after apply)
+ snapshot_id = (known after apply)
+ volume_size = (known after apply)
+ volume_type = (known after apply)
}
+ root_block_device {
+ delete_on_termination = true
+ encrypted = false
+ iops = (known after apply)
+ volume_size = 8
+ volume_type = "gp2"
}
}
# module.asg.module.service-data.data.aws_iam_policy_document.attach_ebs_policy_doc will be read during apply
# (config refers to values not yet known)
<= data "aws_iam_policy_document" "attach_ebs_policy_doc" {
+ id = (known after apply)
+ json = (known after apply)
+ statement {
+ actions = [
+ "ec2:AttachVolume",
+ "ec2:DetachVolume",
]
+ effect = "Allow"
+ resources = [
+ "arn:aws:ec2:ap-northeast-1:793514493597:instance/*",
+ (known after apply),
]
}
}
# module.asg.module.service-data.aws_ebs_volume.main will be created
+ resource "aws_ebs_volume" "main" {
+ arn = (known after apply)
+ availability_zone = (known after apply)
+ encrypted = true
+ id = (known after apply)
+ iops = (known after apply)
+ kms_key_id = (known after apply)
+ size = 50
+ snapshot_id = (known after apply)
+ tags = (known after apply)
+ type = "gp2"
}
# module.asg.module.service-data.aws_iam_policy.attach_ebs will be created
+ resource "aws_iam_policy" "attach_ebs" {
+ arn = (known after apply)
+ id = (known after apply)
+ name = (known after apply)
+ path = "/"
+ policy = (known after apply)
}
# module.asg.module.service-data.aws_iam_role_policy_attachment.attach_ebs will be created
+ resource "aws_iam_role_policy_attachment" "attach_ebs" {
+ id = (known after apply)
+ policy_arn = (known after apply)
+ role = (known after apply)
}
# module.vpc.module.nat-gateway.data.aws_subnet.public[0] will be read during apply
# (config refers to values not yet known)
<= data "aws_subnet" "public" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = (known after apply)
+ availability_zone = (known after apply)
+ availability_zone_id = (known after apply)
+ cidr_block = (known after apply)
+ default_for_az = (known after apply)
+ id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ map_public_ip_on_launch = (known after apply)
+ owner_id = (known after apply)
+ state = (known after apply)
+ tags = (known after apply)
+ vpc_id = (known after apply)
}
# module.vpc.module.nat-gateway.data.aws_subnet.public[1] will be read during apply
# (config refers to values not yet known)
<= data "aws_subnet" "public" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = (known after apply)
+ availability_zone = (known after apply)
+ availability_zone_id = (known after apply)
+ cidr_block = (known after apply)
+ default_for_az = (known after apply)
+ id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ map_public_ip_on_launch = (known after apply)
+ owner_id = (known after apply)
+ state = (known after apply)
+ tags = (known after apply)
+ vpc_id = (known after apply)
}
# module.vpc.module.nat-gateway.aws_eip.nat[0] will be created
+ resource "aws_eip" "nat" {
+ allocation_id = (known after apply)
+ association_id = (known after apply)
+ domain = (known after apply)
+ id = (known after apply)
+ instance = (known after apply)
+ network_interface = (known after apply)
+ private_dns = (known after apply)
+ private_ip = (known after apply)
+ public_dns = (known after apply)
+ public_ip = (known after apply)
+ public_ipv4_pool = (known after apply)
+ vpc = true
}
# module.vpc.module.nat-gateway.aws_eip.nat[1] will be created
+ resource "aws_eip" "nat" {
+ allocation_id = (known after apply)
+ association_id = (known after apply)
+ domain = (known after apply)
+ id = (known after apply)
+ instance = (known after apply)
+ network_interface = (known after apply)
+ private_dns = (known after apply)
+ private_ip = (known after apply)
+ public_dns = (known after apply)
+ public_ip = (known after apply)
+ public_ipv4_pool = (known after apply)
+ vpc = true
}
# module.vpc.module.nat-gateway.aws_nat_gateway.nat[0] will be created
+ resource "aws_nat_gateway" "nat" {
+ allocation_id = (known after apply)
+ id = (known after apply)
+ network_interface_id = (known after apply)
+ private_ip = (known after apply)
+ public_ip = (known after apply)
+ subnet_id = (known after apply)
+ tags = {
+ "Name" = "confluence-01"
}
}
# module.vpc.module.nat-gateway.aws_nat_gateway.nat[1] will be created
+ resource "aws_nat_gateway" "nat" {
+ allocation_id = (known after apply)
+ id = (known after apply)
+ network_interface_id = (known after apply)
+ private_ip = (known after apply)
+ public_ip = (known after apply)
+ subnet_id = (known after apply)
+ tags = {
+ "Name" = "confluence-02"
}
}
# module.vpc.module.nat-gateway.aws_route.private_nat_gateway[0] will be created
+ resource "aws_route" "private_nat_gateway" {
+ destination_cidr_block = "0.0.0.0/0"
+ destination_prefix_list_id = (known after apply)
+ egress_only_gateway_id = (known after apply)
+ gateway_id = (known after apply)
+ id = (known after apply)
+ instance_id = (known after apply)
+ instance_owner_id = (known after apply)
+ nat_gateway_id = (known after apply)
+ network_interface_id = (known after apply)
+ origin = (known after apply)
+ route_table_id = (known after apply)
+ state = (known after apply)
}
# module.vpc.module.nat-gateway.aws_route.private_nat_gateway[1] will be created
+ resource "aws_route" "private_nat_gateway" {
+ destination_cidr_block = "0.0.0.0/0"
+ destination_prefix_list_id = (known after apply)
+ egress_only_gateway_id = (known after apply)
+ gateway_id = (known after apply)
+ id = (known after apply)
+ instance_id = (known after apply)
+ instance_owner_id = (known after apply)
+ nat_gateway_id = (known after apply)
+ network_interface_id = (known after apply)
+ origin = (known after apply)
+ route_table_id = (known after apply)
+ state = (known after apply)
}
# module.vpc.module.nat-gateway.aws_route_table.private[0] will be created
+ resource "aws_route_table" "private" {
+ id = (known after apply)
+ owner_id = (known after apply)
+ propagating_vgws = (known after apply)
+ route = (known after apply)
+ tags = {
+ "Name" = "confluence-private-00"
}
+ vpc_id = (known after apply)
}
# module.vpc.module.nat-gateway.aws_route_table.private[1] will be created
+ resource "aws_route_table" "private" {
+ id = (known after apply)
+ owner_id = (known after apply)
+ propagating_vgws = (known after apply)
+ route = (known after apply)
+ tags = {
+ "Name" = "confluence-private-01"
}
+ vpc_id = (known after apply)
}
# module.vpc.module.nat-gateway.aws_route_table_association.private-rta[0] will be created
+ resource "aws_route_table_association" "private-rta" {
+ id = (known after apply)
+ route_table_id = (known after apply)
+ subnet_id = (known after apply)
}
# module.vpc.module.nat-gateway.aws_route_table_association.private-rta[1] will be created
+ resource "aws_route_table_association" "private-rta" {
+ id = (known after apply)
+ route_table_id = (known after apply)
+ subnet_id = (known after apply)
}
# module.vpc.module.private-subnets.aws_subnet.main[0] will be created
+ resource "aws_subnet" "main" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = "ap-northeast-1a"
+ availability_zone_id = (known after apply)
+ cidr_block = "192.168.100.0/24"
+ id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ map_public_ip_on_launch = false
+ owner_id = (known after apply)
+ tags = {
+ "Name" = "confluence-private-01-ap-northeast-1a"
}
+ vpc_id = (known after apply)
}
# module.vpc.module.private-subnets.aws_subnet.main[1] will be created
+ resource "aws_subnet" "main" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = "ap-northeast-1c"
+ availability_zone_id = (known after apply)
+ cidr_block = "192.168.101.0/24"
+ id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ map_public_ip_on_launch = false
+ owner_id = (known after apply)
+ tags = {
+ "Name" = "confluence-private-02-ap-northeast-1c"
}
+ vpc_id = (known after apply)
}
# module.vpc.module.public-gateway.aws_internet_gateway.public will be created
+ resource "aws_internet_gateway" "public" {
+ id = (known after apply)
+ owner_id = (known after apply)
+ tags = {
+ "Name" = "confluence-public"
}
+ vpc_id = (known after apply)
}
# module.vpc.module.public-gateway.aws_route.public will be created
+ resource "aws_route" "public" {
+ destination_cidr_block = "0.0.0.0/0"
+ destination_prefix_list_id = (known after apply)
+ egress_only_gateway_id = (known after apply)
+ gateway_id = (known after apply)
+ id = (known after apply)
+ instance_id = (known after apply)
+ instance_owner_id = (known after apply)
+ nat_gateway_id = (known after apply)
+ network_interface_id = (known after apply)
+ origin = (known after apply)
+ route_table_id = (known after apply)
+ state = (known after apply)
}
# module.vpc.module.public-gateway.aws_route_table.public will be created
+ resource "aws_route_table" "public" {
+ id = (known after apply)
+ owner_id = (known after apply)
+ propagating_vgws = (known after apply)
+ route = (known after apply)
+ tags = {
+ "Name" = "confluence-public-public"
}
+ vpc_id = (known after apply)
}
# module.vpc.module.public-gateway.aws_route_table_association.public[0] will be created
+ resource "aws_route_table_association" "public" {
+ id = (known after apply)
+ route_table_id = (known after apply)
+ subnet_id = (known after apply)
}
# module.vpc.module.public-gateway.aws_route_table_association.public[1] will be created
+ resource "aws_route_table_association" "public" {
+ id = (known after apply)
+ route_table_id = (known after apply)
+ subnet_id = (known after apply)
}
# module.vpc.module.public-subnets.aws_subnet.main[0] will be created
+ resource "aws_subnet" "main" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = "ap-northeast-1a"
+ availability_zone_id = (known after apply)
+ cidr_block = "192.168.0.0/24"
+ id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ map_public_ip_on_launch = true
+ owner_id = (known after apply)
+ tags = {
+ "Name" = "confluence-public-01-ap-northeast-1a"
}
+ vpc_id = (known after apply)
}
# module.vpc.module.public-subnets.aws_subnet.main[1] will be created
+ resource "aws_subnet" "main" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = "ap-northeast-1c"
+ availability_zone_id = (known after apply)
+ cidr_block = "192.168.1.0/24"
+ id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ map_public_ip_on_launch = true
+ owner_id = (known after apply)
+ tags = {
+ "Name" = "confluence-public-02-ap-northeast-1c"
}
+ vpc_id = (known after apply)
}
# module.vpc.module.vpc.aws_vpc.main will be created
+ resource "aws_vpc" "main" {
+ arn = (known after apply)
+ assign_generated_ipv6_cidr_block = false
+ cidr_block = "192.168.0.0/16"
+ default_network_acl_id = (known after apply)
+ default_route_table_id = (known after apply)
+ default_security_group_id = (known after apply)
+ dhcp_options_id = (known after apply)
+ enable_classiclink = (known after apply)
+ enable_classiclink_dns_support = (known after apply)
+ enable_dns_hostnames = true
+ enable_dns_support = true
+ id = (known after apply)
+ instance_tenancy = "default"
+ ipv6_association_id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ main_route_table_id = (known after apply)
+ owner_id = (known after apply)
+ tags = {
+ "Name" = "confluence"
}
}
# module.vpc.module.vpc.aws_vpc_dhcp_options.main will be created
+ resource "aws_vpc_dhcp_options" "main" {
+ domain_name = "ap-northeast-1.compute.internal"
+ domain_name_servers = [
+ "AmazonProvidedDNS",
]
+ id = (known after apply)
+ ntp_servers = []
+ owner_id = (known after apply)
+ tags = {
+ "Name" = "confluence"
}
}
# module.vpc.module.vpc.aws_vpc_dhcp_options_association.main will be created
+ resource "aws_vpc_dhcp_options_association" "main" {
+ dhcp_options_id = (known after apply)
+ id = (known after apply)
+ vpc_id = (known after apply)
}
Plan: 67 to add, 0 to change, 0 to destroy.
WebUI seen.
@Magicloud please review/update.
@ketzacoatl The module ref in this example are all fixed. The example itself is ready to merge.
The example runs Confluence Docker image in a single node ASG, with a RDS, and two ALBs (internal and external). The ALBs have domain names set, and TLS cert (from ACM).
Deps:
290
301
303
305
307
288
name: Pull request template about: Make a PR to terraform-aws-foundation
Please include the following in your PR:
Please also note that these are not hard requirements, but merely serve to define what maintainers are looking for in PR's. Including these will more likely lead to your PR being reviewed and accepted.
modules
this would entail example code for how to use the module or some explanation in the module readme.