123 lines
3.2 KiB
HCL
123 lines
3.2 KiB
HCL
terraform {
|
|
|
|
required_version = ">= 0.13"
|
|
|
|
required_providers {
|
|
aws = {
|
|
source = "hashicorp/aws"
|
|
version = ">= 3.49.0"
|
|
}
|
|
}
|
|
}
|
|
|
|
provider "aws" {
|
|
|
|
region = var.region
|
|
access_key = var.aws_provider_access_key
|
|
secret_key = var.aws_provider_access_secret
|
|
|
|
alias = "myaws"
|
|
|
|
}
|
|
|
|
resource "random_password" "password" {
|
|
length = 16
|
|
special = true
|
|
override_special = "_!"
|
|
min_numeric = 1
|
|
upper = true
|
|
lower = true
|
|
number = true
|
|
min_lower = 2
|
|
min_upper = 2
|
|
min_special = 2
|
|
}
|
|
|
|
locals {
|
|
provid5 = substr(var.provision_id, 0, 5)
|
|
vpc_id = (var.region == "eu-west-1") ? var.vpc_id_eu : (var.region == "us-east-1") ? var.vpc_id_us : var.vpc_id_ap
|
|
subnet_ids = (var.region == "eu-west-1") ? var.subnet_ids_eu : (var.region == "us-east-1") ? var.subnet_ids_us : var.subnet_ids_ap
|
|
port = "5439"
|
|
tags = {
|
|
QMI_user = var.user_id
|
|
ProvID = var.provision_id
|
|
}
|
|
}
|
|
|
|
module "security_group" {
|
|
# SGs created here as Ports differ per Engine. Only Azure Firewall IPs added for now.
|
|
source = "terraform-aws-modules/security-group/aws"
|
|
version = "~> 4.3"
|
|
|
|
providers = {
|
|
aws = aws.myaws
|
|
}
|
|
|
|
name = "${var.provision_id}-SG"
|
|
description = "${var.provision_id}-SG"
|
|
vpc_id = local.vpc_id
|
|
|
|
|
|
# ingress
|
|
|
|
ingress_cidr_blocks = ["52.249.189.38/32", "13.67.39.86/32", "20.67.110.207/32", "14.98.59.168/29", "182.74.33.8/29", "188.65.156.32/28", "212.73.252.96/29", "194.90.96.176/29", "213.57.84.160/29", "4.4.97.104/29", "206.196.17.32/27", "18.205.71.36/32", "18.232.32.199/32", "34.237.68.254/32", "34.247.21.179/32", "52.31.212.214/32", "54.154.95.18/32", "13.210.43.241/32", "13.236.104.42/32", "13.236.206.172/32"]
|
|
|
|
ingress_with_cidr_blocks = [
|
|
{
|
|
from_port = local.port
|
|
to_port = local.port
|
|
protocol = "tcp"
|
|
description = "Redshift"
|
|
|
|
},
|
|
]
|
|
|
|
# egress
|
|
|
|
egress_cidr_blocks = ["52.249.189.38/32", "13.67.39.86/32", "20.67.110.207/32", "14.98.59.168/29", "182.74.33.8/29", "188.65.156.32/28", "212.73.252.96/29", "194.90.96.176/29", "213.57.84.160/29", "4.4.97.104/29", "206.196.17.32/27", "18.205.71.36/32", "18.232.32.199/32", "34.237.68.254/32", "34.247.21.179/32", "52.31.212.214/32", "54.154.95.18/32", "13.210.43.241/32", "13.236.104.42/32", "13.236.206.172/32"]
|
|
|
|
|
|
egress_with_cidr_blocks = [
|
|
{
|
|
from_port = local.port
|
|
to_port = local.port
|
|
protocol = "tcp"
|
|
description = "Redshift"
|
|
|
|
},
|
|
]
|
|
|
|
tags = local.tags
|
|
}
|
|
|
|
module "redshift" {
|
|
|
|
providers = {
|
|
aws = aws.myaws
|
|
}
|
|
|
|
source = "terraform-aws-modules/redshift/aws"
|
|
version = "~> 3.0"
|
|
|
|
cluster_identifier = "qmi-${var.provision_id}"
|
|
cluster_node_type = "dc2.large" #"dc1.large"
|
|
cluster_number_of_nodes = 1
|
|
|
|
cluster_database_name = var.cluster_database_name
|
|
cluster_master_username = var.cluster_master_username
|
|
cluster_master_password = random_password.password.result
|
|
|
|
# Group parameters
|
|
#wlm_json_configuration = "[{\"query_concurrency\": 5}]"
|
|
|
|
# DB Subnet Group Inputs
|
|
subnets = local.subnet_ids
|
|
vpc_security_group_ids = [module.security_group.security_group_id]
|
|
publicly_accessible = true
|
|
|
|
# IAM Roles
|
|
#cluster_iam_roles = ["arn:aws:iam::225367859851:role/developer"]
|
|
|
|
tags = local.tags
|
|
|
|
} |