Before building project set input variables!
- copy them to ~/.bashrc and reopen your terminal
- OR run them in CLI before run terraform command
They look like:
export TF_VAR_region=us-west-1
export PKR_VAR_region=$TF_VAR_region
export TF_VAR_domain_name=domain.com
export TF_VAR_db_name=wordpress
export TF_VAR_db_username=admin
export TF_VAR_db_password=Passw0RDforDataBase
Run command
bash build.sh
Run command:
bash destroy.sh
Module is published at Terraform Registry (https://registry.terraform.io/modules/rus777777/vpc-t1/aws/latest) :
module "vpc-t1" {
source = "rus777777/vpc-t1/aws"
...
}
Source code is in the
[email protected]:rus777777/terraform-aws-vpc-t1.git
Project description
-
Project tasks:
- create infrustructure architecture
- the size of the resources (could be parameterized)
- determine dependencies between groups
- flexibility of the code
- make regionless dependency
- deploy into another region with a few clicks
- resources should not depend on specific region
-
Team communication:
- How to negotatate with groups inside team
- chat channel (telegram)
- zoom
- etc
- which backends we use
- How to negotatate with groups inside team
- Team leader
- VPC group
- RDS group
- ASG group
-
Current infrastructure of our Project - Anelia will share later
-
create primitive model (prototype) of our project to negotiate beetwen groups
- make base for other groups - RDS, ASG should not wait
- VPC organise as a Terraform mudule
- module published in Terraform Registry for public use
VPC
- 3 public subnets
- 3 private subnets
- 1 GW
- (depend on parameter) NAT GW
- RDS instanse - was created as simple model for testing connection
- Linked with our VPC
- DB/Login/Password is stored in env (also worked with Parameter Store - commented in code).
- RDS resides in private subnets, not accessible from Internet.
- Security Group is allow to access to port 3306
- using resources Aurora cluster
- publish in Route53:
- writer.yourdomain.com
- reader1.yourdomain.com
- reader2.yourdomain.com
- reader3.yourdomain.com
-
Launchned in our VPC
-
Packer - for making golden image for ASG
- code not depend on region - automative use our region
- use Amazon Linux 2
-
ASG template - automaticale choose latest golden image
- use templatefile() for dynamic create file with needed parameters
-
userdata
- automative script to startup Wordpress and connect to DB
-
ELB in public sunbets
-
ASG in private subnets
-
Security groups:
- ELB accessable from Internet
- ASG accessable from ALB
-
wordpress is accessable through ALB by address wordpress.yourdomain.com
-
we successfully made this project
- flexibility of the code
- deploy into another region with a few clicks
- expirience 3-tire architecture
- undestood every stage of the project, correlation between groups
-
what we learn from this project
-
how many time (hours) team members contribute to project
Markdown Cheatsheet
https://github.com/tchapi/markdown-cheatsheet/blob/master/README.md
Reference architecture
https://docs.aws.amazon.com/whitepapers/latest/best-practices-wordpress/reference-architecture.html