127 lines
3.2 KiB
HCL
127 lines
3.2 KiB
HCL
terraform {
|
|
|
|
required_version = ">= 0.14"
|
|
|
|
required_providers {
|
|
aws = {
|
|
source = "hashicorp/aws"
|
|
version = ">= 6.0.0"
|
|
}
|
|
}
|
|
}
|
|
|
|
locals {
|
|
s3_prefix = "redshift/qmi-${var.provision_id}"
|
|
provid5 = substr(var.provision_id, 0, 5)
|
|
vpc_id = (var.region == "eu-west-1") ? var.vpc_id_eu : (var.region == "us-east-1") ? var.vpc_id_us : var.vpc_id_ap
|
|
subnet_ids = (var.region == "eu-west-1") ? var.subnet_ids_eu : (var.region == "us-east-1") ? var.subnet_ids_us : var.subnet_ids_ap
|
|
port = "5439"
|
|
tags = {
|
|
Deployment = "QMI PoC"
|
|
"Cost Center" = "3100"
|
|
QMI_user = var.user_id
|
|
ProvID = var.provision_id
|
|
Name = "qmi-${var.provision_id}"
|
|
Owner = var.user_id
|
|
forced_destroy = var.forced_destroy
|
|
}
|
|
}
|
|
|
|
module "fw-ips" {
|
|
source = "git::https://gitlab.com/qmi/qmi-cloud-tf-modules.git//databases/firewall_ips"
|
|
}
|
|
|
|
resource "aws_security_group" "allow_tls" {
|
|
name = "${var.provision_id}-SG"
|
|
description = "${var.provision_id}-SG"
|
|
vpc_id = local.vpc_id
|
|
|
|
tags = local.tags
|
|
}
|
|
|
|
resource "aws_security_group" "allow_tls_2" {
|
|
name = "${var.provision_id}-SG2"
|
|
description = "${var.provision_id}-SG2"
|
|
vpc_id = local.vpc_id
|
|
|
|
tags = local.tags
|
|
}
|
|
|
|
resource "aws_vpc_security_group_ingress_rule" "allow_tls_ipv4" {
|
|
for_each = toset(module.fw-ips.cidr_blocks)
|
|
|
|
security_group_id = aws_security_group.allow_tls.id
|
|
|
|
cidr_ipv4 = each.key
|
|
from_port = local.port
|
|
ip_protocol = "tcp"
|
|
to_port = local.port
|
|
description = "Redshift"
|
|
}
|
|
|
|
resource "aws_vpc_security_group_ingress_rule" "allow_tls_ipv4_2" {
|
|
for_each = toset(module.fw-ips.cidr_blocks_others)
|
|
|
|
security_group_id = aws_security_group.allow_tls_2.id
|
|
|
|
cidr_ipv4 = each.key
|
|
from_port = local.port
|
|
ip_protocol = "tcp"
|
|
to_port = local.port
|
|
description = "Redshift"
|
|
}
|
|
|
|
resource "aws_vpc_security_group_egress_rule" "allow_tls_ipv4" {
|
|
|
|
for_each = toset(module.fw-ips.cidr_blocks)
|
|
|
|
security_group_id = aws_security_group.allow_tls.id
|
|
|
|
cidr_ipv4 = each.key
|
|
from_port = local.port
|
|
ip_protocol = "tcp"
|
|
to_port = local.port
|
|
description = "Redshift"
|
|
}
|
|
|
|
resource "aws_vpc_security_group_egress_rule" "allow_tls_ipv_2" {
|
|
|
|
for_each = toset(module.fw-ips.cidr_blocks_others)
|
|
|
|
security_group_id = aws_security_group.allow_tls_2.id
|
|
|
|
cidr_ipv4 = each.key
|
|
from_port = local.port
|
|
ip_protocol = "tcp"
|
|
to_port = local.port
|
|
description = "Redshift"
|
|
}
|
|
|
|
module "qmi-s3-bucket" {
|
|
|
|
source = "git::https://gitlab.com/qmi/qmi-cloud-tf-modules.git//s3-bucket"
|
|
|
|
provision_id = var.provision_id
|
|
user_id = var.user_id
|
|
|
|
forced_destroy = var.forced_destroy
|
|
}
|
|
|
|
|
|
resource "aws_redshift_cluster" "qmi" {
|
|
cluster_identifier = "qmi-${var.provision_id}"
|
|
database_name = var.cluster_database_name
|
|
master_username = var.cluster_master_username
|
|
master_password = random_password.password.result
|
|
node_type = "dc2.large"
|
|
cluster_type = "single-node"
|
|
|
|
vpc_security_group_ids = [aws_security_group.allow_tls.id, aws_security_group.allow_tls_2.id]
|
|
|
|
publicly_accessible = true
|
|
|
|
tags = local.tags
|
|
}
|
|
|
|
|