aashish-fiftyfive
/
infra-assessment
відгалужено від LiveLike/infra-assessment


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126
							region = "us-east-1"

cidr_block = "10.0.0.0/16"

public_subnet_az   = ["us-east-1a", "us-east-1b"]
public_subnet_cidr = ["10.0.0.0/20", "10.0.16.0/20"]

private_subnet_az   = "us-east-1b"
private_subnet_cidr = "10.0.32.0/20"

tags = {
  "Infra" = "LiveLike"
}

ingress_alb_sg_rule = {
  inbound_80 = {
    from_port   = 80
    to_port     = 80
    protocol    = "TCP"
    cidr_blocks = ["0.0.0.0/0"]
  },

  inbound_443 = {
    from_port   = 443
    to_port     = 443
    protocol    = "TCP"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

egress_alb_sg_rule = {
  ec2_egress = {
    from_port = 0
    to_port   = 0
    protocol  = "-1"
  }
}

ingress_ec2_sg_rule = {
  alb_ingress = {
    from_port = 0
    to_port   = 0
    protocol  = "-1"
  },
  allow_ssh_from_vpc = {
    from_port   = 22
    to_port     = 22
    protocol    = "TCP"
    cidr_blocks = ["10.0.0.0/16"]
  }
}

egress_ec2_sg_rule = {
  egress_80 = {
    from_port   = 80
    to_port     = 80
    protocol    = "TCP"
    cidr_blocks = ["0.0.0.0/0"]
  },
  egress_443 = {
    from_port   = 443
    to_port     = 443
    protocol    = "TCP"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

ec2_alb_target_group = {
  name                 = "ec2-alb-target-group"
  port                 = 80
  protocol             = "HTTP"
  deregistration_delay = "60"
}

alb_listener = {
  # redirect_80 = {
  #   port        = "80"
  #   protocol    = "HTTP"
  #   action_type = "redirect"

  #   redirect = {
  #     status_code = "HTTP_301"
  #     port        = "443"
  #     protocol    = "HTTPS"
  #   }
  # },
  # listener_443 = {
  #   port            = "443"
  #   protocol        = "HTTPS"
  #   ssl_policy      = "ELBSecurityPolicy-TLS13-1-2-2021-06"
  #   certificate_arn = ""
  #   action_type     = "forward"
  # }

  listener_80 = {
    port        = "80"
    protocol    = "HTTP"
    action_type = "forward"
  }
}

alb_ec2 = {
  name                       = "alb-for-ec2"
  enable_deletion_protection = false
  internal                   = false
  load_balancer_type         = "application"
}

ec2_launch_template = {
  name            = "ec2-launch-template"
  device_name     = "/dev/sda1"
  ebs_volume_size = 20
  ebs_volume_type = "gp3"
  instance_type   = "t3.micro"
  ebs_optimized   = true
  key_name        = "livelike"
}

ec2_autoscaling_group = {
  name                      = "ec2-autoscaling-group"
  min_size                  = 1
  max_size                  = 2
  desired_capacity          = 1
  default_cooldown          = 60
  health_check_grace_period = 120
}