├── .editorconfig
├── .gitignore
├── Makefile
├── README.md
├── ansible
    ├── Vagrantfile
    ├── group_vars
    │   └── all.yml
    ├── hosts
    ├── playbooks
    │   ├── roles
    │   └── wordpress.yml
    ├── requirements.yml
    └── roles
    │   ├── adriagalin.wordpress
    │       ├── .travis.yml
    │       ├── README.md
    │       ├── defaults
    │       │   └── main.yml
    │       ├── handlers
    │       │   └── main.yml
    │       ├── meta
    │       │   └── main.yml
    │       ├── tasks
    │       │   ├── apache.yml
    │       │   ├── install-prerequisites.yml
    │       │   ├── main.yml
    │       │   ├── mysql.yml
    │       │   ├── nginx.yml
    │       │   ├── postgresql.yml
    │       │   └── wordpress.yml
    │       ├── templates
    │       │   ├── apache.wordpress.conf.j2
    │       │   ├── docker.entrypoint.sh.j2
    │       │   ├── nginx.wordpress.conf.j2
    │       │   └── wp-config.php.j2
    │       ├── tests
    │       │   ├── inventory
    │       │   └── test.yml
    │       └── vars
    │       │   └── main.yml
    │   └── yatesr.timezone
    │       ├── README.md
    │       ├── defaults
    │           └── main.yml
    │       ├── meta
    │           ├── .galaxy_install_info
    │           └── main.yml
    │       ├── tasks
    │           ├── main.yml
    │           └── timezone.yml
    │       ├── templates
    │           ├── timezone-Debian.j2
    │           └── timezone-RedHat.j2
    │       └── vars
    │           ├── Debian.yml
    │           └── RedHat.yml
├── packer-wordpress.json
├── scripts
    ├── ansible.sh
    └── cleanup.sh
└── terraform
    ├── environments
        └── eu-west
        │   ├── infra-graph.svg
        │   ├── infra.graph
        │   ├── main.tf
        │   ├── outputs.tf
        │   ├── services.tf
        │   └── variables.tf
    └── modules
        ├── balancers
            └── elb
            │   ├── main.tf
            │   └── outputs.tf
        ├── ecr-repository
            └── main.tf
        ├── ecs-cluster
            ├── ecs
            │   └── main.tf
            ├── efs
            │   └── main.tf
            ├── instances
            │   ├── main.tf
            │   └── user_data.sh
            ├── main.tf
            ├── outputs.tf
            └── service-wordpress
            │   ├── main.tf
            │   ├── task-definitions
            │       └── service.json
            │   └── variables.tf
        ├── iam
            ├── instance_profile
            │   └── main.tf
            ├── role
            │   └── main.tf
            └── role_policy
            │   └── main.tf
        ├── network
            ├── network.tf
            ├── outputs.tf
            ├── subnet
            │   ├── outputs.tf
            │   ├── private.tf
            │   ├── public.tf
            │   ├── subnet.tf
            │   └── variables.tf
            ├── variables.tf
            └── vpc
            │   ├── main.tf
            │   ├── outputs.tf
            │   └── variables.tf
        ├── rds
            ├── main.tf
            ├── outputs.tf
            └── variables.tf
        └── security-groups
            ├── rule
                └── main.tf
            └── sg
                └── main.tf


/.editorconfig:
--------------------------------------------------------------------------------
 1 | # editorconfig.org
 2 | 
 3 | ; indicate this is the root of the project
 4 | root = true
 5 | 
 6 | ###########################################################
 7 | ; common
 8 | ###########################################################
 9 | 
10 | [*]
11 | charset = utf-8
12 | 
13 | end_of_line = LF
14 | insert_final_newline = true
15 | trim_trailing_whitespace = true
16 | 
17 | indent_style = space
18 | indent_size = 2
19 | 
20 | ###########################################################
21 | ; make
22 | ###########################################################
23 | 
24 | [{Makefile,makefile,**.mk}]
25 | indent_style = tab
26 | 
27 | ###########################################################
28 | ; markdown
29 | ###########################################################
30 | 
31 | [*.md]
32 | trim_trailing_whitespace = false
33 | 
34 | ###########################################################
35 | ; golang
36 | ###########################################################
37 | 
38 | [*.go]
39 | indent_style = tab
40 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
 1 | 
 2 | # Created by https://www.gitignore.io/api/osx,vim,linux,packer,ansible,terraform,visualstudiocode
 3 | 
 4 | ### Ansible ###
 5 | *.retry
 6 | 
 7 | ### Linux ###
 8 | *~
 9 | 
10 | # temporary files which can be created if a process still has a handle open of a deleted file
11 | .fuse_hidden*
12 | 
13 | # KDE directory preferences
14 | .directory
15 | 
16 | # Linux trash folder which might appear on any partition or disk
17 | .Trash-*
18 | 
19 | # .nfs files are created when an open file is removed but is still being accessed
20 | .nfs*
21 | 
22 | ### OSX ###
23 | *.DS_Store
24 | .AppleDouble
25 | .LSOverride
26 | 
27 | # Icon must end with two \r
28 | Icon
29 | 
30 | # Thumbnails
31 | ._*
32 | 
33 | # Files that might appear in the root of a volume
34 | .DocumentRevisions-V100
35 | .fseventsd
36 | .Spotlight-V100
37 | .TemporaryItems
38 | .Trashes
39 | .VolumeIcon.icns
40 | .com.apple.timemachine.donotpresent
41 | 
42 | # Directories potentially created on remote AFP share
43 | .AppleDB
44 | .AppleDesktop
45 | Network Trash Folder
46 | Temporary Items
47 | .apdisk
48 | 
49 | ### Packer ###
50 | # Cache objects
51 | packer_cache/
52 | 
53 | # For built boxes
54 | *.box
55 | 
56 | ### Terraform ###
57 | # Compiled files
58 | *.tfstate
59 | *.tfstate.backup
60 | 
61 | # Module directory
62 | .terraform/
63 | 
64 | ### Terraform Patch ###
65 | *.tfvars
66 | ### Vim ###
67 | # swap
68 | [._]*.s[a-v][a-z]
69 | [._]*.sw[a-p]
70 | [._]s[a-v][a-z]
71 | [._]sw[a-p]
72 | # session
73 | Session.vim
74 | # temporary
75 | .netrwhist
76 | # auto-generated tag files
77 | tags
78 | 
79 | ### VisualStudioCode ###
80 | .vscode/*
81 | !.vscode/settings.json
82 | !.vscode/tasks.json
83 | !.vscode/launch.json
84 | !.vscode/extensions.json
85 | 
86 | ### Vagrant ###
87 | .vagrant/
88 | 
89 | # End of https://www.gitignore.io/api/osx,vim,linux,packer,ansible,terraform,visualstudiocode
90 | 


--------------------------------------------------------------------------------
/Makefile:
--------------------------------------------------------------------------------
 1 | IMAGE:=wordpress
 2 | VERSION:=latest
 3 | SERVICE:=wordpress
 4 | ANSIBLE_ROLES_PATH:=ansible/roles
 5 | AWS_PROFILE:=default
 6 | AWS_REGION:=eu-west-1
 7 | TERRAFORM_PATH:=terraform/environments/eu-west
 8 | TERRARUNNER=cd $(TERRAFORM_PATH) && terraform
 9 | 
10 | .PHONY: check
11 | check:
12 | 	ansible --version
13 | 	terraform --version
14 | 	packer --version
15 | 	docker --version
16 | 
17 | .PHONY: ansible-requirements ansible-syntax-check
18 | ansible-requirements:
19 | 	ansible-galaxy install -p $(ANSIBLE_ROLES_PATH) -r ansible/requirements.yml
20 | ansible-syntax-check:
21 | 	ANSIBLE_ROLES_PATH=$(ANSIBLE_ROLES_PATH) ansible-playbook --syntax-check ansible/playbooks/*.yml
22 | 
23 | .PHONY: build validate
24 | build: ansible-syntax-check
25 | 	DOCKER_REPOSITORY=`$(TERRARUNNER) output ecr_repository` IMAGE_VERSION=$(VERSION) packer build packer-wordpress.json
26 | 
27 | validate:
28 | 	packer validate ./packer-wordpress.json
29 | 
30 | .PHONY: run exec
31 | run:
32 | 	docker run --rm -it $(IMAGE)
33 | 
34 | exec:
35 | 	docker run --rm -it $(IMAGE) bash
36 | 
37 | .PHONY: plan apply destroy get create-registry create-all wordpress
38 | plan: get
39 | 	@$(TERRARUNNER) plan
40 | 
41 | apply: get
42 | 	@$(TERRARUNNER) apply
43 | 
44 | destroy: check-env
45 | 	@$(TERRARUNNER) destroy
46 | 
47 | get: check-env
48 | 	@$(TERRARUNNER) get
49 | 
50 | create-registry: check-env
51 | 	@$(TERRARUNNER) apply -target=module.ecs_registry
52 | 	@$(TERRARUNNER) output ecr_repository
53 | 
54 | create-all: check-env get create-registry build
55 | 	@$(TERRARUNNER) apply
56 | 	@echo "Wait few minutes and then go to:"
57 | 	@$(TERRARUNNER) output elb_dns
58 | 
59 | wordpress: check-env
60 | 	@$(TERRARUNNER) apply -target=module.wordpress_service -var 'service_image_tag=$(VERSION)'
61 | 
62 | check-env: guard-AWS_DEFAULT_PROFILE guard-AWS_DEFAULT_REGION
63 | guard-%:
64 | 	@ if [ "${${*}}" = "" ]; then \
65 | 			echo "Environment variable $* not set"; \
66 | 			exit 1; \
67 | 	fi
68 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # Wordpress Stack using Ansible, Packer, Docker, Terraform and AWS
  2 | 
  3 | ## Goal
  4 | 
  5 | The goal is to setup a wordpress container on an ECS cluster using tools like terraform, packer and ansible. This wordpress will use RDS as a database.
  6 | 
  7 | ## Questions
  8 | 
  9 | ### What you have done?
 10 | 
 11 | First up I built the docker image with Packer docker builder using local shell provisioner, ansible-local provisioner and docker post-processor to upload the image to private docker registry aka AWS ECR. This image contains wordpress files with apache2 as a webserver. In addition, it has an entrypoint that copies files to the EFS folder at the first time if necessary, then populate DB config and wpSalt through environment variables. Resulting from the build I get a docker image that can run apache2 with wordpress configuration. Also, I used vagrant to do some ansible tests.
 12 | 
 13 | Afterwards, I’ve done a terraform configuration that creates a AWS ECS cluster in EU-WEST region with base infrastructure components and auto scaling groups configuration using ECS optimized AMI that comes with the ecs agent already installed, ELB was going to load balance wordpress docker containers, RDS for database and Elastic File System which gives me a low latency NFS mount.
 14 | 
 15 | A Wordpress dockerized service runs in a specific port on every container instance and it has mounted an EFS folder. I have splitted the components with modules that will allow me or others to reuse them for other projects or create more environments (Needs more work to achieve 100% of that). I have created a provisioning task for the Wordpress service to deploy without downtime.
 16 | 
 17 | Finally to run the whole stack, I have created a Makefile with some commands that make it easier to manage each part. Using the Makefile the entire platform can be created with a single command.
 18 | 
 19 | ### How run your project?
 20 | 
 21 | **Note:** Tested on Mac OS X system.
 22 | 
 23 | 1. Create or use existing IAM user with API access. Or sign up to [AWS account](https://aws.amazon.com/) and create user with API access.
 24 | 
 25 | 2. Clone the repo.
 26 |     ```bash
 27 |     git clone repo_url
 28 |     ```
 29 | 
 30 | 3. Install packer, terraform, ansible, awscli and docker.
 31 |      ```bash
 32 |      brew install packer terraform ansible awscli
 33 |      ```
 34 |     For the moment I writing this, I used the following versions:
 35 |     - packer: 1.0.2
 36 |     - terraform: 0.9.11
 37 |     - ansible: 2.3.1.0
 38 |     - awscli: 1.11.117
 39 | 
 40 | 4. Install Docker following this link: [Docker for Mac](https://docs.docker.com/docker-for-mac/install/)
 41 | 
 42 | 5. When everything is ready, check the versions with this command:
 43 |     ```bash
 44 |     make check
 45 |     ```
 46 | 
 47 | 6. Set AWS environment variables or use awscli profile option.
 48 |     ```bash
 49 |     export AWS_ACCESS_KEY_ID="anaccesskey"
 50 |     export AWS_SECRET_ACCESS_KEY="asecretkey"
 51 |     export AWS_DEFAULT_REGION="eu-west-1"
 52 |     ```
 53 |     or
 54 |     ```bash
 55 |     export AWS_DEFAULT_REGION="eu-west-1"
 56 |     export AWS_DEFAULT_PROFILE=default
 57 |     ```
 58 | 
 59 |     If you needed more info follow this links:
 60 |     - [AWSCLI](http://docs.aws.amazon.com/es_es/cli/latest/userguide/cli-chap-getting-started.html)
 61 |     - [TERRAFORM AWS PROVIDERS](https://www.terraform.io/docs/providers/aws/index.html)
 62 | 
 63 | 7. At this point, run this command to create the platform stack and deploy the wordpress service:
 64 |     ```bash
 65 |     make create-all
 66 |     ```
 67 | 
 68 |     Wait a few minutes for positive health checks and open a browser with the ELB url provided. Then, you will see the wp-admin install interface.
 69 | 
 70 |     If you needed to update the image you can do the following:
 71 |     ```bash
 72 |     make build VERSION=IMAGE_TAG
 73 |     make wordpress VERSION=IMAGE_TAG
 74 |     ```
 75 |     ***IMAGE_TAG** can be a commit short hash (git rev-parse --short HEAD)
 76 | 
 77 | 8. Finally, execute this command to tear down the infrastructure:
 78 |     ```bash
 79 |     make destroy
 80 |     ```
 81 | 
 82 | ### How components interact between each over?
 83 | 
 84 | Firstly, I set up an ECR registry for docker images. Then, I built the packer template based on Ubuntu 16.04 docker image with 4 provisioners; a local shell script that install Ansible roles, then a shell script that installs Ansible, also an Ansible playbook that sets up the timezone and installs wordpress, and finally a cleanup shell script that removes ansible and clears off unused ansible tmp files to save a few space in the resulting docker image. The docker post-processor generate a tagged image and then upload to ECR registry.
 85 | 
 86 | Next, I have created VPC with 3 public subnets and 3 private subnets in different availability zones. The public subnets have a routing table that points to the Internet Gateway. The private subnets have a routing table to get the outgoing internet connection for ec2 container instances through 3 NAT Gateways with elastic ip, set up it in public subnets. I made ELB security group which allows incoming traffic on port 80 and outbound traffic from private network on port 80. An EFS security group to allow connection of NFS points on container instances. An ECS security group which handles incoming traffic from public and private subnets on port 80 and open port 22 for testing purposes. Also, it allows all outgoing traffic. Then I deployed a single RDS instance with security group that only permit traffic from private subnet on port 3306.
 87 | 
 88 | There are two IAM roles: one for EC2 instances and another one for the ECS services. EC2 instances role has permissions to interact with ECS cluster, such as register itself when a server started or read EFS information. ECS services role have permissions to register/unregister services from ELB, etc. Container instances need to be launched with an EC2 instance IAM role that authenticates to the account and provides the required resource permissions.
 89 | 
 90 | Next, the ECS cluster has a NFS folder mounted for each instance of the specific subnet, and auto scaling group for the ec2 container instances that are booted on private subnet so they are not externally accessible. This setup allows to scale the system up or down simply by changing the values in terraform configuration or automatically following auto scaling group policies.
 91 | 
 92 | An ELB will load balance the http request to EC2 container instances on port 80 across multiple availability zones. When the instances are loaded and joined to the cluster using  the init script, and service configuration runs a valid container (if required), and the ELB health checks are going well, the ELB register the instance on it, and allows external traffic to the service. Note that, I statically allocate port numbers. This means I can only run one container of this service per instance per port.
 93 | 
 94 | Finally, I have a wordpress service setting that launch a specific wordpress image, which was generated with packer and ansible. Also, it has a wordpress database hostname where it gets the url from rds module.
 95 | 
 96 | To summarize, inbound traffic is routed through an ELB exposed to the internet and forwarded to their ECS service and containers.
 97 | 
 98 | Here are the components I used to configure a container cluster infrastructure and the Wordpress service:
 99 | 
100 | - VPC (/16 ip address range)
101 | - Internet gateway (interface between VPC and the internet).
102 | - 3 public subnet and NAT gateways in 3 availability zone .
103 | - 3 private subnet in 3 availability zone for ecs instances with auto scaling group.
104 | - Elastic ips for nat gateways.
105 | - Route tables and route tables association for subnets.
106 | - Security groups for accessing and/or blocking ELB, container instances, EFS, public and private subnets communications.
107 | - IAM policies, roles and instance profiles.
108 |  - ECS: cluster, instances role, services role, container instances in different availability zones in private subnet with auto scaling group configured and security group, running ECS agent.
109 | - ELB to distribute traffic between container instances.
110 | - EFS file system.
111 | - RDS instance.
112 | - ECR repository
113 | - Wordpress service task definition.
114 | 
115 | ### What problems did you have?
116 | 
117 | I had the following problems:
118 | 
119 | - Classic Elastic Load Balancing, allows only a single container attached per instance per elb in the same port. With Application Load Balancing, multiple tasks per container instance can be used, but it only allows http, https, websockets connections (Need to improve that).
120 | - Every time that I run terraform, terraform shows that the aws_route_table (for example: module.private_subnet_az3.aws_route_table.route_table) changes. I need more time to research on this issue.
121 | - Occasionally, the instances do not have internet because the gateway is not provisioned on time. With modulable infrastructure "depends_on" option is difficult to configure it to achieve more module decoupling. See this issue: https://github.com/hashicorp/terraform/issues/10462. I need time to improve this for example adding terraform null_resource resource that allows me add depends_on with module or do some code refactor. At the moment, I did some workaround in user_data script, adding sleep command, etc. Check [here.](https://github.com/adriagalin/ecs-ansible-packer-terraform-wordpress/blob/master/terraform/modules/ecs-cluster/instances/user_data.sh#L9)
122 | - When ec2 instance is provisioned, it executes an init script with some tasks that sometimes the EFS folder is not mounted. To solve this, I checked instance metadata to know the EFS state using curl. Check [here.](https://github.com/adriagalin/ecs-ansible-packer-terraform-wordpress/blob/master/terraform/modules/ecs-cluster/instances/user_data.sh#L58)
123 | - Sometimes, it is difficult to find the root of the problem due to the lack of details provided by AWS through Terraform.
124 | 
125 | ### How you would have done things to have the best HA/automated architecture?
126 | 
127 | I designed the architecture thinking about HA and fault tolerance in many parts. So, scalability and elasticity is built in most of the layers in this architecture. Note that EFS, ELB, S3 and Cloudfront are designed for HA and fault tolerance  by default provided by Amazon.
128 | First, I will add a CI/CD pipeline for the entire platform. Test every part of the platform with "servespec" and generate and deploy new versions of the EC2 instances and wordpress images automatically via pull request. I will add all wp-config file variable as environment variables  (12factor manifesto at point 3).
129 | 
130 | For the infrastructure, to achieve the best performance in the HA/automated platform, I just need to change some things because AWS provides some services with HA and fault tolerance that I do not need maintain. So, the ELB, with cross-zone enable, can keep its capacity automatically depending upon the traffic and instance healthy, and direct requests across multiple availability zones.
131 | The ECS orchestration layer also kills a container when health checks are failing and a new one is launched to replace it. I will add S3 with CDN for fast delivery for user and public static assets. For wordpress storage I used EFS which provides a distributed file system with fault tolerance and HA for wp core files. Wordpress ec2 container instances are launched across multiple availability zones, and they can be scaled out and down depending upon the traffic with auto scaling group policies and cloudwatch metrics. It’s important to separate different components to decouple infrastructure, so you can scaled independently.
132 | 
133 | The biggest pain is the RDS so, I need to migrate RDS instance to RDS master-standby architecture deploying standby instance in different availability zone and create specific subnet for this tier to isolate from ec2 containers subnet. Also, I would add read replicas in different availability zones for read scalability. With this architecture I can increase the number of read replicas in different AZs, manually or implementing a tool for that, during peaks to improve performance reads. Further, I will add a database caching with elasticache to reduce latency and increase throughput for reads and leaves the database to handle more important traffic. For wordpress service task add auto scaling group.
134 | 
135 | Keep in mind that wordpress [is not designed to take advantage of multiple database instances](https://codex.wordpress.org/HyperDB), so I will need to extend it with a plugin. Now, all parts of this architecture are highly available. I think this architecture is not the best, even when applying some improvements and/or iterating some part of it, it will never be perfect.
136 | 
137 | ### Share with us any ideas you have in mind to improve this kind of infrastructure.
138 | 
139 | - Using Vault to store and share sensitive data like DB and third party API passwords.
140 | - Create a base infrastructure with remote state. Wordpress service has their remote state too. With this structure I can use datasource to get information from base infra only changing wordpress service state. The state will be stored and managed separately from the code in order to work with multiple people on the stack, and for each environment. Remotes stage can will be saved on S3.
141 | - Enable [Amazon EC2 Run Command](http://docs.aws.amazon.com/AmazonECS/latest/developerguide/ec2-run-command.html) feature to securely and remotely manage the configuration. With this option, I don’t need SSH and I can audited every command.
142 | - Or use bastion host with ssh or vpn.
143 | - Configure cloudwatch alarms. For example, monitor EFS storage burst credits. Or automatically restarting failed AWS EC2 instances. Or disk space monitoring.
144 | - Add ALB for serving multiple container on the same balancer, otherwise I need 1 ELB for service. I can use internal proxy service but if I can use cloud providers services to delegate these problems I can reduce the platform complexity.
145 | - Enable auto scaling policies (add aws_cloudwatch_metric_alarm and aws_appautoscaling_policy).
146 | - Storing configuration information in a private bucket in Amazon S3 or hashicorp vault to get information when instances are created.
147 | 
148 | - Add Route 53 for domains.
149 | - Add internal dns with route53 to communicate between services.
150 | - Add SSL termination.
151 | - Add CDN or ElasticCache for page caching.
152 | - Store user media on S3 and distributed via Cloudfront.
153 | - Add SES for sending emails.
154 | - Add another database (elasticache for example) for user sessions.
155 | - Add cron docker service for wordpress tasks or scheduled service.
156 | - Add cloudwatch logs.
157 | - Add subnet convention for ip address range.
158 | - Add serverspec test for checking every packer build and kitchen-terraform for terraform code.
159 | - Apply 12factor manifesto.
160 | 
161 | - Create a generic packer template that I can pass different params to create different image services (more dynamic).
162 | - Use a custom-made base image with this preconfigured images I just need a little extra configuration per-image and I can drastically cut down image provisioning time.
163 | - Use alpine for small image size.
164 | - Remove unnecessary files from image.
165 | - Create docker image label from commit on packer post-processor.
166 | - Tweaking container resource assignments.
167 | - Refactor modules to gain dynamism.
168 | - Try to set up the instances/images stateless. Now it's almost ready.
169 | - Add description and tags like environment to improve better readability.
170 | 
171 | ## Bonus
172 | 
173 | >Tomorrow we want to put this project in production. What would be your advices and choices to achieve that.
174 | >Regarding the infrastructure itself and also external services like the >monitoring, ...
175 | 
176 | If you plan on using this project in a production environment, keep in mind that this platform only serves 1 wordpress site and it hasn’t all the part in HA.
177 | 
178 | Firstly, configure a custom domain name for your environment and add ssl termination on ELB.
179 | Review the security to protect the EC2 instance metadata endpoints, the IAM role exposes it. Additionally, save all configuration variables and credentials in a secret place like hashicorp vault or S3 with permissions. Use instance profiles and ecs task roles to define a good granularity and credential lifetime. Add AWS policies at the container-level, not at the instance-level for better control who/which can access.
180 | 
181 | For logging, you would need to push all logs like ECS agent and instance logs to CloudWatch Log. Or if you want better searchs, use external service like Logentries or a customized ELK stack. Also, analyze logs and react when some alert conditions are activated.
182 | 
183 | For monitoring, you would need to configure a monitor service that collects and tracks metrics, sets alarms on and automatically react to changes in your AWS resources. To make sure you get notified when containers start failing, you need to listen to events from ECS. In addition, you can monitor logs adding alerts for example with two alarms that watch the load in the instances of the environment and are triggered if the load is too high or too low. When an alarm is triggered, auto scaling group scales up or down in response. Cloudwatch or Datadog service are good for that. You need constantly to monitor for unexpected state changes and retry operations. Using a service like uptimerobot, pingdom, etc to know what customers are seeing as end users: do they have bad latency? Do they have errors?
184 | 
185 | For maintenance, you will need to configure periodic dumps/snapshots of the database and file data that will be saved in a S3 private bucket. Also, planificate a recovery plan.
186 | 
187 | As discussed above, you would need to add CI/CD pipeline to provide a good path for deploying in production. CI/CD with rolling deployments: setting deployment_minimum_healthy_percent at 50% on wordpress service task, having at least 2 minimum EC2 instances available. You can create Jenkins pipeline or use your current Concourse CI.
188 | 
189 | When you need to upgrade the current RDS instance to RDS mater-standby is not mandatory to add read replicas at the first time, firstly analyze the metrics, and then you can see when is the best moment to add them, so you will save costs.
190 | 


--------------------------------------------------------------------------------
/ansible/Vagrantfile:
--------------------------------------------------------------------------------
 1 | Vagrant.configure(2) do |config|
 2 |   config.vm.box = "ubuntu/xenial64"
 3 | 
 4 |   config.vm.provider "virtualbox" do |vb|
 5 |     vb.memory = 1024
 6 |     vb.cpus = 1
 7 |   end
 8 | 
 9 |   config.vm.define :phpbase, primary: true do |web|
10 |     web.vm.network "private_network", ip: "172.28.128.3"
11 |     web.vm.provision "main", type: "ansible" do |ansible|
12 |       ansible.verbose = "-v"
13 |       ansible.playbook = "playbooks/wordpress.yml"
14 |     end
15 |   end
16 | 
17 | end
18 | 


--------------------------------------------------------------------------------
/ansible/group_vars/all.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | ag_wordpress:
 3 |   version: 4.8
 4 |   checksum: sha1:3738189a1f37a03fb9cb087160b457d7a641ccb4
 5 |   phpversion: 7.1
 6 |   phprepo: ppa:ondrej/php
 7 |   basedir: /var/www/html/wordpress
 8 |   apache: true
 9 |   nginx: false
10 |   servername: localhost
11 |   docker_env: true
12 |   disable_ftp: true
13 | 
14 | ag_wordpress_apache:
15 |   servername: localhost
16 |   serveralias: localhost
17 |   external_load_balancer: true
18 |   custom_template: apache.wordpress.conf.j2
19 | 
20 | ag_wordpress_database:
21 |   driver: mysql
22 |   hostname: localhost
23 |   dbname: wordpress
24 |   username: wordpress
25 |   password: s3cr3ts3cr3t
26 |   port: null
27 |   prefix: null
28 | 


--------------------------------------------------------------------------------
/ansible/hosts:
--------------------------------------------------------------------------------
1 | [all]
2 | 127.0.0.1
3 | 


--------------------------------------------------------------------------------
/ansible/playbooks/roles:
--------------------------------------------------------------------------------
1 | ../roles


--------------------------------------------------------------------------------
/ansible/playbooks/wordpress.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - hosts: all
3 |   become: yes
4 | 
5 |   roles:
6 |     - yatesr.timezone
7 |     - adriagalin.wordpress
8 | 


--------------------------------------------------------------------------------
/ansible/requirements.yml:
--------------------------------------------------------------------------------
1 | - src: yatesr.timezone
2 | 


--------------------------------------------------------------------------------
/ansible/roles/adriagalin.wordpress/.travis.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | language: python
 3 | python: "2.7"
 4 | 
 5 | # Use the new container infrastructure
 6 | sudo: false
 7 | 
 8 | # Install ansible
 9 | addons:
10 |   apt:
11 |     packages:
12 |     - python-pip
13 | 
14 | install:
15 |   # Install ansible
16 |   - pip install ansible
17 | 
18 |   # Check ansible version
19 |   - ansible --version
20 | 
21 |   # Create ansible.cfg with correct roles_path
22 |   - printf '[defaults]\nroles_path=../' >ansible.cfg
23 | 
24 | script:
25 |   # Basic role syntax check
26 |   - ansible-playbook tests/test.yml -i tests/inventory --syntax-check
27 | 
28 | notifications:
29 |   webhooks: https://galaxy.ansible.com/api/v1/notifications/


--------------------------------------------------------------------------------
/ansible/roles/adriagalin.wordpress/README.md:
--------------------------------------------------------------------------------
 1 | Role Name
 2 | =========
 3 | 
 4 | A brief description of the role goes here.
 5 | 
 6 | Requirements
 7 | ------------
 8 | 
 9 | Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
10 | 
11 | Role Variables
12 | --------------
13 | 
14 | A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
15 | 
16 | Dependencies
17 | ------------
18 | 
19 | A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
20 | 
21 | Example Playbook
22 | ----------------
23 | 
24 | Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
25 | 
26 | ```
27 | - hosts: servers
28 |   roles:
29 |      - { role: username.rolename, x: 42 }
30 | ```
31 | 
32 | License
33 | -------
34 | 
35 | BSD
36 | 
37 | Author Information
38 | ------------------
39 | 
40 | An optional section for the role authors to include contact information, or a website (HTML is not allowed).


--------------------------------------------------------------------------------
/ansible/roles/adriagalin.wordpress/defaults/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | # defaults file for adriagalin.wordpress
 3 | ag_wordpress:
 4 |   version: 4.8
 5 |   checksum: sha1:3738189a1f37a03fb9cb087160b457d7a641ccb4
 6 |   phpversion: 7.1
 7 |   phprepo: ppa:ondrej/php
 8 |   basedir: /var/www/html/wordpress
 9 |   apache: yes
10 |   nginx: no
11 |   servername: localhost
12 |   docker_env: false
13 |   disable_ftp: true
14 | 
15 | ag_wordpress_apache:
16 |   servername: localhost
17 |   serveralias: localhost
18 |   external_load_balancer: false
19 |   custom_template: apache.wordpress.conf.j2 #path for the custom template
20 | 
21 | ag_wordpress_nginx:
22 |   servername: localhost
23 |   serveralias: localhost
24 |   external_load_balancer: false
25 |   custom_template: nginx.wordpress.conf.j2 #path for the custom template
26 | 
27 | # pgsql
28 | ag_wordpress_database:
29 |   driver: mysql
30 |   hostname: localhost
31 |   dbname: wordpress
32 |   username: random
33 |   password: secret
34 |   port: null
35 |   prefix: null
36 | 
37 | ag_wordpress_database_pgsql:
38 |   install: false
39 |   version: 9.6
40 |   external: false
41 | 
42 | ag_wordpress_database_mysql:
43 |   install: false
44 |   version: 5.7
45 |   external: false
46 | 


--------------------------------------------------------------------------------
/ansible/roles/adriagalin.wordpress/handlers/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | # handlers file for adriagalin.wordpress
 3 | 
 4 | - name: restart-apache2
 5 |   service: name=apache2 state=restarted
 6 | 
 7 | - name: reload-apache2
 8 |   service: name=apache2 state=reloaded
 9 | 
10 | - name: reload-nginx
11 |   service: name=nginx state=reloaded
12 | 
13 | - name: restart-php-fpm
14 |   service: name="php{{ ag_wordpress.phpversion }}-fpm" state=restarted
15 | 
16 | - name: restart-nginx
17 |   service: name=nginx state=restarted
18 | 


--------------------------------------------------------------------------------
/ansible/roles/adriagalin.wordpress/meta/main.yml:
--------------------------------------------------------------------------------
  1 | galaxy_info:
  2 |   author: your name
  3 |   description: your description
  4 |   company: your company (optional)
  5 | 
  6 |   # If the issue tracker for your role is not on github, uncomment the
  7 |   # next line and provide a value
  8 |   # issue_tracker_url: http://example.com/issue/tracker
  9 | 
 10 |   # Some suggested licenses:
 11 |   # - BSD (default)
 12 |   # - MIT
 13 |   # - GPLv2
 14 |   # - GPLv3
 15 |   # - Apache
 16 |   # - CC-BY
 17 |   license: license (GPLv2, CC-BY, etc)
 18 | 
 19 |   min_ansible_version: 1.2
 20 | 
 21 |   # Optionally specify the branch Galaxy will use when accessing the GitHub
 22 |   # repo for this role. During role install, if no tags are available,
 23 |   # Galaxy will use this branch. During import Galaxy will access files on
 24 |   # this branch. If travis integration is cofigured, only notification for this
 25 |   # branch will be accepted. Otherwise, in all cases, the repo's default branch
 26 |   # (usually master) will be used.
 27 |   #github_branch:
 28 | 
 29 |   #
 30 |   # Below are all platforms currently available. Just uncomment
 31 |   # the ones that apply to your role. If you don't see your
 32 |   # platform on this list, let us know and we'll get it added!
 33 |   #
 34 |   #platforms:
 35 |   #- name: EL
 36 |   #  versions:
 37 |   #  - all
 38 |   #  - 5
 39 |   #  - 6
 40 |   #  - 7
 41 |   #- name: GenericUNIX
 42 |   #  versions:
 43 |   #  - all
 44 |   #  - any
 45 |   #- name: OpenBSD
 46 |   #  versions:
 47 |   #  - all
 48 |   #  - 5.6
 49 |   #  - 5.7
 50 |   #  - 5.8
 51 |   #  - 5.9
 52 |   #  - 6.0
 53 |   #- name: Fedora
 54 |   #  versions:
 55 |   #  - all
 56 |   #  - 16
 57 |   #  - 17
 58 |   #  - 18
 59 |   #  - 19
 60 |   #  - 20
 61 |   #  - 21
 62 |   #  - 22
 63 |   #  - 23
 64 |   #- name: opensuse
 65 |   #  versions:
 66 |   #  - all
 67 |   #  - 12.1
 68 |   #  - 12.2
 69 |   #  - 12.3
 70 |   #  - 13.1
 71 |   #  - 13.2
 72 |   #- name: MacOSX
 73 |   #  versions:
 74 |   #  - all
 75 |   #  - 10.10
 76 |   #  - 10.11
 77 |   #  - 10.12
 78 |   #  - 10.7
 79 |   #  - 10.8
 80 |   #  - 10.9
 81 |   #- name: IOS
 82 |   #  versions:
 83 |   #  - all
 84 |   #  - any
 85 |   #- name: Solaris
 86 |   #  versions:
 87 |   #  - all
 88 |   #  - 10
 89 |   #  - 11.0
 90 |   #  - 11.1
 91 |   #  - 11.2
 92 |   #  - 11.3
 93 |   #- name: SmartOS
 94 |   #  versions:
 95 |   #  - all
 96 |   #  - any
 97 |   #- name: eos
 98 |   #  versions:
 99 |   #  - all
100 |   #  - Any
101 |   #- name: Windows
102 |   #  versions:
103 |   #  - all
104 |   #  - 2012R2
105 |   #- name: Amazon
106 |   #  versions:
107 |   #  - all
108 |   #  - 2013.03
109 |   #  - 2013.09
110 |   #- name: GenericBSD
111 |   #  versions:
112 |   #  - all
113 |   #  - any
114 |   #- name: Junos
115 |   #  versions:
116 |   #  - all
117 |   #  - any
118 |   #- name: FreeBSD
119 |   #  versions:
120 |   #  - all
121 |   #  - 10.0
122 |   #  - 10.1
123 |   #  - 10.2
124 |   #  - 10.3
125 |   #  - 8.0
126 |   #  - 8.1
127 |   #  - 8.2
128 |   #  - 8.3
129 |   #  - 8.4
130 |   #  - 9.0
131 |   #  - 9.1
132 |   #  - 9.1
133 |   #  - 9.2
134 |   #  - 9.3
135 |   #- name: Ubuntu
136 |   #  versions:
137 |   #  - all
138 |   #  - lucid
139 |   #  - maverick
140 |   #  - natty
141 |   #  - oneiric
142 |   #  - precise
143 |   #  - quantal
144 |   #  - raring
145 |   #  - saucy
146 |   #  - trusty
147 |   #  - utopic
148 |   #  - vivid
149 |   #  - wily
150 |   #  - xenial
151 |   #- name: SLES
152 |   #  versions:
153 |   #  - all
154 |   #  - 10SP3
155 |   #  - 10SP4
156 |   #  - 11
157 |   #  - 11SP1
158 |   #  - 11SP2
159 |   #  - 11SP3
160 |   #  - 11SP4
161 |   #  - 12
162 |   #  - 12SP1
163 |   #- name: GenericLinux
164 |   #  versions:
165 |   #  - all
166 |   #  - any
167 |   #- name: NXOS
168 |   #  versions:
169 |   #  - all
170 |   #  - any
171 |   #- name: Debian
172 |   #  versions:
173 |   #  - all
174 |   #  - etch
175 |   #  - jessie
176 |   #  - lenny
177 |   #  - sid
178 |   #  - squeeze
179 |   #  - stretch
180 |   #  - wheezy
181 | 
182 |   galaxy_tags: []
183 |     # List tags for your role here, one per line. A tag is
184 |     # a keyword that describes and categorizes the role.
185 |     # Users find roles by searching for tags. Be sure to
186 |     # remove the '[]' above if you add tags to this list.
187 |     #
188 |     # NOTE: A tag is limited to a single word comprised of
189 |     # alphanumeric characters. Maximum 20 tags per role.
190 | 
191 | dependencies: []
192 |   # List your role dependencies here, one per line.
193 |   # Be sure to remove the '[]' above if you add dependencies
194 |   # to this list.


--------------------------------------------------------------------------------
/ansible/roles/adriagalin.wordpress/tasks/apache.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | - name: wordpress | Remove nginx if exists
 3 |   apt:
 4 |     name: nginx*
 5 |     state: absent
 6 | 
 7 | - name: wordpress | Install apache2
 8 |   apt:
 9 |     name: "{{ item }}"
10 |     state: latest
11 |     update_cache: yes
12 |   with_items:
13 |     - apache2
14 |     - "libapache2-mod-php{{ ag_wordpress.phpversion }}"
15 | 
16 | - name: wordpress | a2enmod rewrite
17 |   command: a2enmod rewrite
18 |   args:
19 |     creates: /etc/apache2/mods-enabled/rewrite.load
20 |   notify: restart-apache2
21 | 
22 | - name: wordpress | Set apache's wordpress.conf
23 |   template:
24 |     src: "{{ ag_wordpress_apache.custom_template|default('apache.wordpress.conf.j2') }}"
25 |     dest: /etc/apache2/sites-available/wordpress.conf
26 |     owner: root
27 |     group: www-data
28 |     mode: 0644
29 |     backup: yes
30 |   notify: reload-apache2
31 | 
32 | - name: wordpress | a2ensite wordpress
33 |   command: a2ensite wordpress.conf
34 |   args:
35 |     creates: /etc/apache2/sites-enabled/wordpress.conf
36 |   notify: reload-apache2
37 | 
38 | - name: wordpress | a2dissite 000-default
39 |   command: /usr/sbin/a2dissite 000-default
40 |   notify: reload-apache2
41 | 


--------------------------------------------------------------------------------
/ansible/roles/adriagalin.wordpress/tasks/install-prerequisites.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | - name: wordpress | Install application prerequisites
 3 |   apt:
 4 |     name: "{{ item }}"
 5 |     state: latest
 6 |     update_cache: yes
 7 |   with_items:
 8 |     - curl
 9 |     - python-software-properties
10 |     - software-properties-common
11 |     - python-apt
12 | 
13 | - name: wordpress | Add php repository
14 |   apt_repository:
15 |     repo: "{{ ag_wordpress.phprepo }}"
16 |     state: present
17 |     update_cache: yes
18 | 
19 | - name: wordpress | Install php
20 |   apt:
21 |     name: "php{{ ag_wordpress.phpversion }}"
22 |     state: latest
23 |     update_cache: yes
24 | 
25 | - name: wordpress | Install php base packages
26 |   apt:
27 |     name: "{{ item }}"
28 |     state: present
29 |     update_cache: yes
30 |   with_items:
31 |     - php-pear
32 |     - php-apcu
33 |     - php-db
34 |     - php{{ ag_wordpress.phpversion }}-mcrypt
35 |     - php{{ ag_wordpress.phpversion }}-cli
36 |     - php{{ ag_wordpress.phpversion }}-intl
37 |     - php{{ ag_wordpress.phpversion }}-readline
38 |     - php{{ ag_wordpress.phpversion }}-xml
39 |     - php{{ ag_wordpress.phpversion }}-mbstring
40 |     - php{{ ag_wordpress.phpversion }}-gd
41 |     - php{{ ag_wordpress.phpversion }}-dev
42 | 
43 | - name: wordpress | Set php client version
44 |   file: src=/usr/bin/php{{ ag_wordpress.phpversion }} dest=/etc/alternatives/php state=link force=yes
45 | 
46 | - name: wordpress | Install php mysql packages
47 |   apt: name=php-mysql state=present update_cache=yes
48 |   when: ag_wordpress_database.driver == "mysql"
49 | 
50 | - name: wordpress | Install php postgresql packages
51 |   apt: name=php{{ ag_wordpress.phpversion }}-pgsql state=present update_cache=yes
52 |   when: ag_wordpress_database.driver == "pgsql"
53 | 


--------------------------------------------------------------------------------
/ansible/roles/adriagalin.wordpress/tasks/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | # tasks file for adriagalin.wordpress
 3 | - include: install-prerequisites.yml
 4 | 
 5 | - include: mysql.yml
 6 |   when: (ag_wordpress_database_mysql.install or ag_wordpress_database_mysql.external) and not ag_wordpress_database_pgsql.install
 7 | 
 8 | - include: postgresql.yml
 9 |   when: (ag_wordpress_database_pgsql.install or ag_wordpress_database_pgsql.external) and not ag_wordpress_database_mysql.install
10 | 
11 | - include: apache.yml
12 |   when: ag_wordpress.apache and not ag_wordpress.nginx
13 | 
14 | - include: nginx.yml
15 |   when: ag_wordpress.nginx and not ag_wordpress.apache
16 | 
17 | - include: wordpress.yml
18 | 


--------------------------------------------------------------------------------
/ansible/roles/adriagalin.wordpress/tasks/mysql.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | - name: wordpress | Install mysql client
 3 |   apt:
 4 |     name: mysql-client-{{ ag_wordpress_database_mysql.version }}
 5 |     state: latest
 6 |     update_cache: yes
 7 |   when: ag_wordpress_database_mysql.external or ag_wordpress_database_mysql.install
 8 | 
 9 | - name: wordpress | Install mysql server
10 |   apt:
11 |     name: mysql-{{ ag_wordpress_database_pgsql.version }}
12 |     state: latest
13 |     update_cache: yes
14 |   with_items:
15 |     - mysql-server-{{ ag_wordpress_database_mysql.version }}
16 |     - mysql-common
17 |   when: not ag_wordpress_database_mysql.external and ag_wordpress_database_mysql.install
18 | 
19 | - name: wordpress | Update mysql root password for all root accounts
20 |   mysql_user:
21 |     name: root
22 |     host: "{{ item }}"
23 |     password: "root"
24 |     priv: "*.*:ALL,GRANT"
25 |   with_items:
26 |     - "{{ ansible_hostname }}"
27 |     - 127.0.0.1
28 |     - ::1
29 |     - localhost
30 |   when: not ag_wordpress_database_mysql.external and ag_wordpress_database_mysql.install
31 | 
32 | - name: wordpress | Create wordpress mysql database
33 |   mysql_db:
34 |     name: "{{ ag_wordpress_database.dbname }}"
35 |     state: present
36 |   when: not ag_wordpress_database_mysql.external and ag_wordpress_database_mysql.install
37 | 
38 | - name: wordpress | Create wordpress mysql user
39 |   mysql_user:
40 |     name: "{{ ag_wordpress_database.username }}"
41 |     password: "{{ ag_wordpress_database.secret }}"
42 |     priv: "{{ ag_wordpress_database.dbname }}.*:ALL"
43 |     state: present
44 |     append_privs: yes
45 |   when: not ag_wordpress_database_mysql.external and ag_wordpress_database_mysql.install
46 | 


--------------------------------------------------------------------------------
/ansible/roles/adriagalin.wordpress/tasks/nginx.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | - name: wordpress | Remove apache2 if exists
 3 |   apt:
 4 |     name: apache2*
 5 |     state: absent
 6 | 
 7 | - name: Ensure APT official nginx key
 8 |   apt_key:
 9 |     url: http://nginx.org/keys/nginx_signing.key
10 |   #when: ansible_os_family == 'Debian'
11 | 
12 | - name: wordpress | Ensure APT official nginx repository (mainline)
13 |   apt_repository:
14 |     repo: "deb http://nginx.org/packages/mainline/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} nginx"
15 |   #when: ansible_os_family == 'Debian'
16 | 
17 | - name: wordpress | Install php-fpm
18 |   apt:
19 |     name: "php{{ ag_wordpress.phpversion }}-fpm"
20 |     state: present
21 |     update_cache: yes
22 | 
23 | - name: wordpress | Install nginx
24 |   apt:
25 |     name: "{{ item }}"
26 |     state: latest
27 |     update_cache: yes
28 |   with_items:
29 |     - python-selinux
30 |     - nginx
31 | 
32 | - name: wordpress | Ensure php5-fpm cgi.fix_pathinfo=0
33 |   lineinfile:
34 |     dest: "/etc/php/{{ ag_wordpress.phpversion }}/fpm/php.ini"
35 |     regexp: '^(.*)cgi.fix_pathinfo='
36 |     line: cgi.fix_pathinfo=0
37 |   notify:
38 |     - restart-php-fpm
39 |     - restart-nginx
40 | 
41 | - name: wordpress | Ensure php5-fpm default pool
42 |   lineinfile:
43 |     dest: "/etc/php/{{ ag_wordpress.phpversion }}/fpm/pool.d/www.conf"
44 |     regexp: '^(.*)listen.owner ='
45 |     line: listen.owner = nginx
46 |   notify:
47 |     - restart-php-fpm
48 |     - restart-nginx
49 | 
50 | - name: wordpress | Ensure php5-fpm default pool
51 |   lineinfile:
52 |     dest: "/etc/php/{{ ag_wordpress.phpversion }}/fpm/pool.d/www.conf"
53 |     regexp: '^(.*)listen.group ='
54 |     line: listen.group = nginx
55 |   notify:
56 |     - restart-php-fpm
57 |     - restart-nginx
58 | 
59 | - name: wordpress | Ensure php5-fpm default pool
60 |   lineinfile:
61 |     dest: "/etc/php/{{ ag_wordpress.phpversion }}/fpm/pool.d/www.conf"
62 |     regexp: '^(.*)listen.mode ='
63 |     line: listen.mode = 0666
64 |   notify:
65 |     - restart-php-fpm
66 |     - restart-nginx
67 | 
68 | - name: wordpress | Set nginx wordpress.conf
69 |   template:
70 |     src: "{{ ag_wordpress_nginx.custom_template|default('nginx.wordpress.conf.j2') }}"
71 |     dest: /etc/nginx/conf.d/wordpress.conf
72 |     owner: root
73 |     group: www-data
74 |     mode: 0644
75 |     backup: yes
76 |   notify: reload-nginx
77 | 


--------------------------------------------------------------------------------
/ansible/roles/adriagalin.wordpress/tasks/postgresql.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | - name: wordpress | Install postgresql client
 3 |   apt:
 4 |     name: postgresql-client-{{ ag_wordpress_database_pgsql.version }}
 5 |     state: latest
 6 |     update_cache: yes
 7 |   when: ag_wordpress_database_pgsql.external or ag_wordpress_database_pgsql.install
 8 | 
 9 | - name: wordpress | Install postgresql server
10 |   apt:
11 |     name: postgresql-{{ ag_wordpress_database_pgsql.version }}
12 |     state: latest
13 |     update_cache: yes
14 |   when: not ag_wordpress_database_pgsql.external and ag_wordpress_database_pgsql.install
15 | 
16 | - name: catchet | Update postgresql root password for all root accounts
17 |   postgresql_user:
18 |     name: root
19 |     host: "{{ item }}"
20 |     password: "root"
21 |     priv: "*.*:ALL,GRANT"
22 |   with_items:
23 |     - "{{ ansible_hostname }}"
24 |     - 127.0.0.1
25 |     - ::1
26 |     - localhost
27 |   when: not ag_wordpress_database_pgsql.external and ag_wordpress_database_pgsql.install
28 | 
29 | - name: wordpress | Create wordpress postgresql database
30 |   postgresql_db:
31 |     name: "{{ ag_wordpress_database.dbname }}"
32 |     encoding: "UTF-8"
33 |     state: present
34 |   when: not ag_wordpress_database_pgsql.external and ag_wordpress_database_pgsql.install
35 | 
36 | - name: wordpress | Create wordpress postgresql user
37 |   postgresql_user:
38 |     db: "{{ ag_wordpress_database.dbname }}"
39 |     name: "{{ ag_wordpress_database.username }}"
40 |     password: "{{ ag_wordpress_database.secret }}"
41 |     priv: "ALL"
42 |     state: present
43 |   when: not ag_wordpress_database_pgsql.external and ag_wordpress_database_pgsql.install
44 | 


--------------------------------------------------------------------------------
/ansible/roles/adriagalin.wordpress/tasks/wordpress.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | - name: wordpress | Download the wordpress source
 3 |   get_url:
 4 |     url: "https://wordpress.org/wordpress-{{ ag_wordpress.version }}.tar.gz"
 5 |     dest: /tmp/wordpress.tar.gz
 6 |     validate_certs: no
 7 |     checksum: "{{ ag_wordpress.checksum }}"
 8 | 
 9 | - name: wordpress | Create base wordpress dir
10 |   file:
11 |     path: "{{ ag_wordpress.basedir }}"
12 |     owner: www-data
13 |     group: www-data
14 |     recurse: yes
15 |     state: directory
16 | 
17 | - name: wordpress | Create base wordpress dir
18 |   file:
19 |     path: "/tmp/wordpress"
20 |     owner: www-data
21 |     group: www-data
22 |     recurse: yes
23 |     state: directory
24 |   when: ag_wordpress.docker_env
25 | 
26 | - name: wordpress | Extract wordpress
27 |   command: /bin/tar xvf /tmp/wordpress.tar.gz -C {{ ag_wordpress.basedir }} --strip-components=1 creates={{ ag_wordpress.basedir }}/index.php
28 |   when: not ag_wordpress.docker_env
29 | 
30 | - name: wordpress | Extract wordpress
31 |   command: /bin/tar xvf /tmp/wordpress.tar.gz -C /tmp/wordpress --strip-components=1 creates=/tmp/wordpress/index.php
32 |   when: ag_wordpress.docker_env
33 | 
34 | - name: wordpress | Removed tmp wordpress dir
35 |   file:
36 |     path: /tmp/wordpress.tar.gz
37 |     state: absent
38 | 
39 | - name: wordpress | Get random salts
40 |   local_action: command curl https://api.wordpress.org/secret-key/1.1/salt/
41 |   register: "ag_wordpress_salt"
42 | 
43 | - name: wordpress | Set wordpress.conf
44 |   template:
45 |     src: "wp-config.php.j2"
46 |     dest: "{{ ag_wordpress.basedir }}/wp-config.php"
47 |     owner: www-data
48 |     group: www-data
49 |   notify: restart-apache2
50 |   when: not ag_wordpress.docker_env
51 | 
52 | - name: wordpress | Set wordpress.conf
53 |   template:
54 |     src: "wp-config.php.j2"
55 |     dest: "/tmp/wordpress/wp-config.php"
56 |     owner: www-data
57 |     group: www-data
58 |   notify: restart-apache2
59 |   when: ag_wordpress.docker_env
60 | 
61 | - name: wordpress | Set docker entrypoint
62 |   template:
63 |     src: "docker.entrypoint.sh.j2"
64 |     dest: "/opt/entrypoint.sh"
65 |     owner: root
66 |     group: root
67 |     mode: '777'
68 |   when: ag_wordpress.docker_env
69 | 


--------------------------------------------------------------------------------
/ansible/roles/adriagalin.wordpress/templates/apache.wordpress.conf.j2:
--------------------------------------------------------------------------------
 1 | <VirtualHost *:80>
 2 |     ServerName {{ ag_wordpress_apache.servername }}
 3 |     ServerAlias {{ ag_wordpress_apache.serveralias }}
 4 |     # Make this the same as ServerName
 5 |     DocumentRoot "{{ ag_wordpress.basedir }}"
 6 |     ErrorLog /var/log/apache2/error.log
 7 |     CustomLog /var/log/apache2/access.log combined
 8 | 
 9 | {% if ag_wordpress_apache.external_load_balancer %}
10 |     SetEnvIf X-Forwarded-Proto https HTTPS=on
11 |     RedirectMatch 200 /health
12 | {% endif %}
13 | 
14 |     <Directory "{{ ag_wordpress.basedir }}">
15 |         Require all granted
16 |         Options Indexes FollowSymLinks
17 |         AllowOverride All
18 |         Order allow,deny
19 |         Allow from all
20 |     </Directory>
21 | </VirtualHost>
22 | 


--------------------------------------------------------------------------------
/ansible/roles/adriagalin.wordpress/templates/docker.entrypoint.sh.j2:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | set -e
 3 | 
 4 | # copy wordpress files if it's necessary
 5 | test -f {{ ag_wordpress.basedir }}/index.php || mv /tmp/wordpress/* {{ ag_wordpress.basedir }}
 6 | 
 7 | # set wordpress base permissions
 8 | chown www-data:www-data -R {{ ag_wordpress.basedir }}
 9 | find {{ ag_wordpress.basedir }} -type d -exec chmod 755 {} \;
10 | find {{ ag_wordpress.basedir }} -type f -exec chmod 644 {} \;
11 | # allows wordpress to manage wp-config.php file
12 | chmod 660 {{ ag_wordpress.basedir }}/wp-config.php
13 | # allows wordpress to manage wp-content
14 | chown www-data:www-data -R {{ ag_wordpress.basedir }}/wp-content
15 | find {{ ag_wordpress.basedir }}/wp-content -type d -exec chmod 755 {} \;
16 | find {{ ag_wordpress.basedir }}/wp-content -type f -exec chmod 644 {} \;
17 | 
18 | # set db config
19 | sed -i "s|define('DB_HOST', 'localhost');|define('DB_HOST', '$WORDPRESS_DB_HOST');|;" "{{ ag_wordpress.basedir }}/wp-config.php"
20 | sed -i "s|define('DB_NAME', 'database_name_here');|define('DB_NAME', '$WORDPRESS_DB_NAME');|;" "{{ ag_wordpress.basedir }}/wp-config.php"
21 | sed -i "s|define('DB_USER', 'username_here');|define('DB_USER', '$WORDPRESS_DB_USER');|;" "{{ ag_wordpress.basedir }}/wp-config.php"
22 | sed -i "s|define('DB_PASSWORD', 'password_here');|define('DB_PASSWORD', '$WORDPRESS_DB_PASSWORD');|;" "{{ ag_wordpress.basedir }}/wp-config.php"
23 | 
24 | exec "$@"
25 | 


--------------------------------------------------------------------------------
/ansible/roles/adriagalin.wordpress/templates/nginx.wordpress.conf.j2:
--------------------------------------------------------------------------------
 1 | server {
 2 |     server_name  {{ ag_wordpress_nginx.servername }};
 3 |     listen 80;
 4 | 
 5 |     root "{{ ag_wordpress.basedir }}";
 6 |     index index.php;
 7 | 
 8 | {% if ag_wordpress_nginx.external_load_balancer %}
 9 |     location /health {
10 |         access_log off;
11 |         return 200 'A-OK!';
12 |         add_header Content-Type text/plain;
13 |     }
14 | {% endif %}
15 | 
16 |     location / {
17 |       try_files $uri /index.php$is_args$args;
18 |     }
19 | 
20 |     location ~ \.php$ {
21 |                 include fastcgi_params;
22 |                 fastcgi_pass unix:/var/run/php/php{{ ag_wordpress.phpversion }}-fpm.sock;
23 |                 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
24 |                 fastcgi_index index.php;
25 |                 fastcgi_keep_conn on;
26 |                 add_header Strict-Transport-Security max-age=15768000;
27 |     }
28 | }
29 | 


--------------------------------------------------------------------------------
/ansible/roles/adriagalin.wordpress/templates/wp-config.php.j2:
--------------------------------------------------------------------------------
  1 | <?php
  2 | /**
  3 |  * The base configuration for WordPress
  4 |  *
  5 |  * The wp-config.php creation script uses this file during the
  6 |  * installation. You don't have to use the web site, you can
  7 |  * copy this file to "wp-config.php" and fill in the values.
  8 |  *
  9 |  * This file contains the following configurations:
 10 |  *
 11 |  * * MySQL settings
 12 |  * * Secret keys
 13 |  * * Database table prefix
 14 |  * * ABSPATH
 15 |  *
 16 |  * @link https://codex.wordpress.org/Editing_wp-config.php
 17 |  *
 18 |  * @package WordPress
 19 |  */
 20 | 
 21 | // ** MySQL settings - You can get this info from your web host ** //
 22 | /** The name of the database for WordPress */
 23 | {% if ag_wordpress.docker_env %}
 24 | define('DB_NAME', 'database_name_here');
 25 | {% else %}
 26 | define('DB_NAME', '{{ ag_wordpress_database.dbname }}');
 27 | {% endif %}
 28 | 
 29 | /** MySQL database username */
 30 | {% if ag_wordpress.docker_env %}
 31 | define('DB_USER', 'username_here');
 32 | {% else %}
 33 | define('DB_USER', '{{ ag_wordpress_database.username }}');
 34 | {% endif %}
 35 | 
 36 | /** MySQL database password */
 37 | {% if ag_wordpress.docker_env %}
 38 | define('DB_PASSWORD', 'password_here');
 39 | {% else %}
 40 | define('DB_PASSWORD', '{{ ag_wordpress_database.password }}');
 41 | {% endif %}
 42 | 
 43 | /** MySQL hostname */
 44 | {% if ag_wordpress.docker_env %}
 45 | define('DB_HOST', 'localhost');
 46 | {% else %}
 47 | define('DB_HOST', '{{ ag_wordpress_database.hostname }}');
 48 | {% endif %}
 49 | 
 50 | /** Disable FTP */
 51 | {% if ag_wordpress.disable_ftp %}
 52 | define('FS_METHOD', 'direct');
 53 | define('FTP_BASE', '{{ ag_wordpress.basedir }}/');
 54 | define('FTP_CONTENT_DIR', '{{ ag_wordpress.basedir }}/wp-content/');
 55 | define('FTP_PLUGIN_DIR ', '{{ ag_wordpress.basedir }}/plugins/');
 56 | {% endif %}
 57 | 
 58 | /** Database Charset to use in creating database tables. */
 59 | define('DB_CHARSET', 'utf8');
 60 | 
 61 | /** The Database Collate type. Don't change this if in doubt. */
 62 | define('DB_COLLATE', '');
 63 | 
 64 | /**#@+
 65 |  * Authentication Unique Keys and Salts.
 66 |  *
 67 |  * Change these to different unique phrases!
 68 |  * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
 69 |  * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
 70 |  *
 71 |  * @since 2.6.0
 72 |  */
 73 | {{ ag_wordpress_salt.stdout }}
 74 | 
 75 | /**#@-*/
 76 | 
 77 | /**
 78 |  * WordPress Database Table prefix.
 79 |  *
 80 |  * You can have multiple installations in one database if you give each
 81 |  * a unique prefix. Only numbers, letters, and underscores please!
 82 |  */
 83 | $table_prefix  = 'wp_';
 84 | 
 85 | /**
 86 |  * For developers: WordPress debugging mode.
 87 |  *
 88 |  * Change this to true to enable the display of notices during development.
 89 |  * It is strongly recommended that plugin and theme developers use WP_DEBUG
 90 |  * in their development environments.
 91 |  *
 92 |  * For information on other constants that can be used for debugging,
 93 |  * visit the Codex.
 94 |  *
 95 |  * @link https://codex.wordpress.org/Debugging_in_WordPress
 96 |  */
 97 | define('WP_DEBUG', false);
 98 | 
 99 | /* That's all, stop editing! Happy blogging. */
100 | 
101 | /** Absolute path to the WordPress directory. */
102 | if ( !defined('ABSPATH') )
103 | 	define('ABSPATH', dirname(__FILE__) . '/');
104 | 
105 | /** Sets up WordPress vars and included files. */
106 | require_once(ABSPATH . 'wp-settings.php');
107 | 


--------------------------------------------------------------------------------
/ansible/roles/adriagalin.wordpress/tests/inventory:
--------------------------------------------------------------------------------
1 | localhost


--------------------------------------------------------------------------------
/ansible/roles/adriagalin.wordpress/tests/test.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - hosts: localhost
3 |   remote_user: root
4 |   roles:
5 |     - adriagalin.wordpress
6 | 


--------------------------------------------------------------------------------
/ansible/roles/adriagalin.wordpress/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # vars file for adriagalin.wordpress
3 | 


--------------------------------------------------------------------------------
/ansible/roles/yatesr.timezone/README.md:
--------------------------------------------------------------------------------
 1 | Role Name
 2 | ========
 3 | 
 4 | timezone
 5 | 
 6 | Role Variables
 7 | --------------
 8 | ```
 9 | 
10 | # Default timezone.  Must be a valid tz database time zone.
11 | timezone: UTC
12 | 
13 | ```
14 | 
15 | Example Playbook
16 | -------------------------
17 | ### playbook.yml
18 | 
19 | ```
20 | 
21 | ---
22 | - hosts: all
23 |   roles:
24 |   - timezone
25 | 
26 |   vars:
27 |    timezone: America/New_York
28 | 
29 | ```
30 | 
31 | License
32 | -------
33 | 
34 | Apache 2.0
35 | 
36 | Author Information
37 | ------------------
38 | 
39 | Ryan Yates
40 | 


--------------------------------------------------------------------------------
/ansible/roles/yatesr.timezone/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Default timezone
3 | timezone: UTC
4 | 


--------------------------------------------------------------------------------
/ansible/roles/yatesr.timezone/meta/.galaxy_install_info:
--------------------------------------------------------------------------------
1 | {install_date: 'Thu Jul 13 11:33:10 2017', version: 1.0.0}
2 | 


--------------------------------------------------------------------------------
/ansible/roles/yatesr.timezone/meta/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | galaxy_info:
 3 |   author: Ryan Yates
 4 |   description: Role for managing timezone.
 5 |   company:
 6 |   license: license (Apache 2.0)
 7 |   min_ansible_version: 1.9
 8 |   platforms:
 9 |   - name: Ubuntu
10 |     versions:
11 |     - precise
12 |     - trusty
13 |   - name: Debian
14 |     versions:
15 |     - squeeze
16 |     - wheezy
17 |     - jessie
18 |   - name: EL
19 |     versions:
20 |     - 6
21 |     - 7
22 |   - name: Fedora
23 |     versions:
24 |     - 19
25 |     - 20
26 |   categories:
27 |   - system
28 | dependencies: []


--------------------------------------------------------------------------------
/ansible/roles/yatesr.timezone/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - include: timezone.yml
3 | 


--------------------------------------------------------------------------------
/ansible/roles/yatesr.timezone/tasks/timezone.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | - include_vars: "{{ item }}"
 3 |   with_first_found:
 4 |    - "../vars/{{ ansible_distribution }}.yml"
 5 |    - "../vars/{{ ansible_os_family }}.yml"
 6 |   tags: ['timezone']
 7 | 
 8 | - name: Install tzdata for Debian based distros
 9 |   apt: name={{timezone_package}}
10 |        update_cache=yes
11 |        cache_valid_time=86400
12 |        state=present
13 |   when: ansible_os_family == 'Debian'
14 |   tags: ['timezone']
15 |   become: yes
16 | 
17 | - name: Install tzdata for RedHat based distros
18 |   yum: name={{timezone_package}}
19 |        state=present
20 |   when: ansible_os_family == 'RedHat'
21 |   tags: ['timezone']
22 |   become: yes
23 | 
24 | - name: Set timezone config
25 |   template: src="timezone-{{ansible_os_family}}.j2"
26 |             dest={{timezone_file}}
27 |   tags: ['timezone']
28 |   become: yes
29 | 
30 | - name: Set link to localtime
31 |   file: state=link
32 |         src={{zoneinfo_dir}}{{timezone}}
33 |         dest={{localtime_file}}
34 |         force=yes
35 |   tags: ['timezone']
36 |   become: yes
37 | 


--------------------------------------------------------------------------------
/ansible/roles/yatesr.timezone/templates/timezone-Debian.j2:
--------------------------------------------------------------------------------
1 | {{timezone}}
2 | 


--------------------------------------------------------------------------------
/ansible/roles/yatesr.timezone/templates/timezone-RedHat.j2:
--------------------------------------------------------------------------------
1 | ZONE="{{timezone}}"
2 | 


--------------------------------------------------------------------------------
/ansible/roles/yatesr.timezone/vars/Debian.yml:
--------------------------------------------------------------------------------
1 | ---
2 | timezone_package: 'tzdata'
3 | zoneinfo_dir: '/usr/share/zoneinfo/'
4 | localtime_file: '/etc/localtime'
5 | timezone_file: '/etc/timezone'
6 | timezone_config: 'timezone-Debian.j2'
7 | 


--------------------------------------------------------------------------------
/ansible/roles/yatesr.timezone/vars/RedHat.yml:
--------------------------------------------------------------------------------
1 | ---
2 | timezone_package: 'tzdata'
3 | zoneinfo_dir: '/usr/share/zoneinfo/'
4 | localtime_file: '/etc/localtime'
5 | timezone_file: '/etc/sysconfig/clock'
6 | timezone_config: 'timezone-RedHat.j2'
7 | 


--------------------------------------------------------------------------------
/packer-wordpress.json:
--------------------------------------------------------------------------------
 1 | {
 2 | 	"variables": {
 3 |     "aws_access_key_id": "{{env `AWS_ACCESS_KEY_ID`}}",
 4 |     "aws_secret_access_key": "{{env `AWS_SECRET_ACCESS_KEY`}}",
 5 | 		"ansible_version": "2.3.1.0",
 6 | 		"ansible_playbook_dir": "ansible",
 7 | 		"ansible_playbook_file": "ansible/playbooks/wordpress.yml",
 8 | 		"docker_base_image": "ubuntu:16.04",
 9 |     "docker_repository": "{{env `DOCKER_REPOSITORY`}}",
10 | 		"docker_image_version": "{{env `IMAGE_VERSION`}}",
11 |     "wordpress_version": "4.8"
12 | 	},
13 | 	"builders":[{
14 | 		"type": "docker",
15 | 		"image": "{{user `docker_base_image`}}",
16 | 		"commit": true,
17 |     "changes": [
18 |       "ENTRYPOINT [\"/opt/entrypoint.sh\"]",
19 |       "CMD [\"apachectl\", \"-D\",  \"FOREGROUND\"]"
20 |     ]
21 | 	}],
22 | 	"provisioners": [
23 |     {
24 |       "type": "shell-local",
25 |       "command": "make ansible-requirements"
26 |     },
27 | 		{
28 | 			"type": "shell",
29 | 			"script": "scripts/ansible.sh"
30 | 		},
31 | 		{
32 | 			"type": "ansible-local",
33 | 			"playbook_dir": "{{user `ansible_playbook_dir`}}",
34 | 			"playbook_file": "{{user `ansible_playbook_file`}}",
35 |       "staging_directory": "/tmp/ansible",
36 | 			"extra_arguments": [ "-vv --extra-vars \"ag_wordpress.version={{user `wordpress_version`}}\"" ]
37 | 		},
38 |     {
39 |       "type": "shell",
40 |       "script": "scripts/cleanup.sh"
41 |     }
42 | 	],
43 | 	"post-processors": [
44 | 		[
45 | 			{
46 | 				"type": "docker-tag",
47 | 				"repository": "{{user `docker_repository`}}",
48 | 				"tag": "{{user `docker_image_version`}}"
49 | 			},
50 |       {
51 |         "type": "docker-push",
52 |         "ecr_login": true,
53 |         "aws_access_key": "{{user `aws_access_key_id`}}",
54 |         "aws_secret_key": "{{user `aws_secret_access_key`}}",
55 |         "login_server": "https://{{user `docker_repository`}}"
56 |       }
57 | 		]
58 | 	]
59 | }
60 | 


--------------------------------------------------------------------------------
/scripts/ansible.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | 
3 | echo "packer: install Ansible"
4 | apt-get install -yq update
5 | apt-get install -yq software-properties-common
6 | apt-add-repository ppa:ansible/ansible
7 | apt-get -yq update
8 | apt-get install -yq ansible
9 | 


--------------------------------------------------------------------------------
/scripts/cleanup.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | echo "packer: uninstall Ansible and remove PPA"
 4 | apt-get -y -qq remove --purge ansible
 5 | apt-add-repository --remove ppa:ansible/ansible
 6 | apt-get -y -qq autoremove
 7 | apt-get -y -qq clean
 8 | 
 9 | echo "packer: delete unneeded files"
10 | rm -f /tmp/ansible/*.sh > /dev/null
11 | rm -rf /tmp/ansible > /dev/null
12 | 


--------------------------------------------------------------------------------
/terraform/environments/eu-west/infra.graph:
--------------------------------------------------------------------------------
  1 | digraph {
  2 | 	compound = "true"
  3 | 	newrank = "true"
  4 | 	subgraph "root" {
  5 | 		"[root] module.ecs_cluster.module.ecs.aws_ecs_cluster.main" [label = "module.ecs_cluster.module.ecs.aws_ecs_cluster.main", shape = "box"]
  6 | 		"[root] module.ecs_cluster.module.ecs.provider.aws" [label = "module.ecs_cluster.module.ecs.provider.aws", shape = "diamond"]
  7 | 		"[root] module.ecs_cluster.module.ecs_instances.aws_autoscaling_group.ecs_cluster" [label = "module.ecs_cluster.module.ecs_instances.aws_autoscaling_group.ecs_cluster", shape = "box"]
  8 | 		"[root] module.ecs_cluster.module.ecs_instances.aws_launch_configuration.ecs_instance" [label = "module.ecs_cluster.module.ecs_instances.aws_launch_configuration.ecs_instance", shape = "box"]
  9 | 		"[root] module.ecs_cluster.module.ecs_instances.data.template_file.user_data" [label = "module.ecs_cluster.module.ecs_instances.data.template_file.user_data", shape = "box"]
 10 | 		"[root] module.ecs_cluster.module.ecs_instances.provider.aws" [label = "module.ecs_cluster.module.ecs_instances.provider.aws", shape = "diamond"]
 11 | 		"[root] module.ecs_cluster.module.ecs_instances.provider.template" [label = "module.ecs_cluster.module.ecs_instances.provider.template", shape = "diamond"]
 12 | 		"[root] module.ecs_cluster.module.efs.aws_efs_file_system.main" [label = "module.ecs_cluster.module.efs.aws_efs_file_system.main", shape = "box"]
 13 | 		"[root] module.ecs_cluster.module.efs.aws_efs_mount_target.main" [label = "module.ecs_cluster.module.efs.aws_efs_mount_target.main", shape = "box"]
 14 | 		"[root] module.ecs_cluster.module.efs.provider.aws" [label = "module.ecs_cluster.module.efs.provider.aws", shape = "diamond"]
 15 | 		"[root] module.ecs_cluster.module.iam_ecs_instances_profile.aws_iam_instance_profile.main" [label = "module.ecs_cluster.module.iam_ecs_instances_profile.aws_iam_instance_profile.main", shape = "box"]
 16 | 		"[root] module.ecs_cluster.module.iam_ecs_instances_profile.provider.aws" [label = "module.ecs_cluster.module.iam_ecs_instances_profile.provider.aws", shape = "diamond"]
 17 | 		"[root] module.ecs_cluster.module.iam_ecs_instances_role.aws_iam_role.main" [label = "module.ecs_cluster.module.iam_ecs_instances_role.aws_iam_role.main", shape = "box"]
 18 | 		"[root] module.ecs_cluster.module.iam_ecs_instances_role.provider.aws" [label = "module.ecs_cluster.module.iam_ecs_instances_role.provider.aws", shape = "diamond"]
 19 | 		"[root] module.ecs_cluster.module.iam_ecs_instances_role_policy.aws_iam_role_policy.main" [label = "module.ecs_cluster.module.iam_ecs_instances_role_policy.aws_iam_role_policy.main", shape = "box"]
 20 | 		"[root] module.ecs_cluster.module.iam_ecs_instances_role_policy.provider.aws" [label = "module.ecs_cluster.module.iam_ecs_instances_role_policy.provider.aws", shape = "diamond"]
 21 | 		"[root] module.ecs_cluster.module.iam_ecs_service_role.aws_iam_role.main" [label = "module.ecs_cluster.module.iam_ecs_service_role.aws_iam_role.main", shape = "box"]
 22 | 		"[root] module.ecs_cluster.module.iam_ecs_service_role.provider.aws" [label = "module.ecs_cluster.module.iam_ecs_service_role.provider.aws", shape = "diamond"]
 23 | 		"[root] module.ecs_cluster.module.iam_ecs_services_role_policy.aws_iam_role_policy.main" [label = "module.ecs_cluster.module.iam_ecs_services_role_policy.aws_iam_role_policy.main", shape = "box"]
 24 | 		"[root] module.ecs_cluster.module.iam_ecs_services_role_policy.provider.aws" [label = "module.ecs_cluster.module.iam_ecs_services_role_policy.provider.aws", shape = "diamond"]
 25 | 		"[root] module.ecs_cluster.provider.aws (disabled)" [label = "module.ecs_cluster.provider.aws", shape = "diamond"]
 26 | 		"[root] module.ecs_cluster.provider.template (disabled)" [label = "module.ecs_cluster.provider.template", shape = "diamond"]
 27 | 		"[root] module.ecs_registry.aws_ecr_repository.main" [label = "module.ecs_registry.aws_ecr_repository.main", shape = "box"]
 28 | 		"[root] module.ecs_registry.provider.aws" [label = "module.ecs_registry.provider.aws", shape = "diamond"]
 29 | 		"[root] module.elb.aws_elb.main" [label = "module.elb.aws_elb.main", shape = "box"]
 30 | 		"[root] module.elb.provider.aws" [label = "module.elb.provider.aws", shape = "diamond"]
 31 | 		"[root] module.private_subnet_az1.aws_eip.nat_gateway_ip" [label = "module.private_subnet_az1.aws_eip.nat_gateway_ip", shape = "box"]
 32 | 		"[root] module.private_subnet_az1.aws_nat_gateway.nat_gateway" [label = "module.private_subnet_az1.aws_nat_gateway.nat_gateway", shape = "box"]
 33 | 		"[root] module.private_subnet_az1.aws_route_table.route_table" [label = "module.private_subnet_az1.aws_route_table.route_table", shape = "box"]
 34 | 		"[root] module.private_subnet_az1.aws_route_table.route_table_main_gateway" [label = "module.private_subnet_az1.aws_route_table.route_table_main_gateway", shape = "box"]
 35 | 		"[root] module.private_subnet_az1.aws_route_table_association.route_table_association" [label = "module.private_subnet_az1.aws_route_table_association.route_table_association", shape = "box"]
 36 | 		"[root] module.private_subnet_az1.aws_route_table_association.route_table_association_main_gateway" [label = "module.private_subnet_az1.aws_route_table_association.route_table_association_main_gateway", shape = "box"]
 37 | 		"[root] module.private_subnet_az1.aws_subnet.subnet" [label = "module.private_subnet_az1.aws_subnet.subnet", shape = "box"]
 38 | 		"[root] module.private_subnet_az1.provider.aws" [label = "module.private_subnet_az1.provider.aws", shape = "diamond"]
 39 | 		"[root] module.private_subnet_az2.aws_eip.nat_gateway_ip" [label = "module.private_subnet_az2.aws_eip.nat_gateway_ip", shape = "box"]
 40 | 		"[root] module.private_subnet_az2.aws_nat_gateway.nat_gateway" [label = "module.private_subnet_az2.aws_nat_gateway.nat_gateway", shape = "box"]
 41 | 		"[root] module.private_subnet_az2.aws_route_table.route_table" [label = "module.private_subnet_az2.aws_route_table.route_table", shape = "box"]
 42 | 		"[root] module.private_subnet_az2.aws_route_table.route_table_main_gateway" [label = "module.private_subnet_az2.aws_route_table.route_table_main_gateway", shape = "box"]
 43 | 		"[root] module.private_subnet_az2.aws_route_table_association.route_table_association" [label = "module.private_subnet_az2.aws_route_table_association.route_table_association", shape = "box"]
 44 | 		"[root] module.private_subnet_az2.aws_route_table_association.route_table_association_main_gateway" [label = "module.private_subnet_az2.aws_route_table_association.route_table_association_main_gateway", shape = "box"]
 45 | 		"[root] module.private_subnet_az2.aws_subnet.subnet" [label = "module.private_subnet_az2.aws_subnet.subnet", shape = "box"]
 46 | 		"[root] module.private_subnet_az2.provider.aws" [label = "module.private_subnet_az2.provider.aws", shape = "diamond"]
 47 | 		"[root] module.private_subnet_az3.aws_eip.nat_gateway_ip" [label = "module.private_subnet_az3.aws_eip.nat_gateway_ip", shape = "box"]
 48 | 		"[root] module.private_subnet_az3.aws_nat_gateway.nat_gateway" [label = "module.private_subnet_az3.aws_nat_gateway.nat_gateway", shape = "box"]
 49 | 		"[root] module.private_subnet_az3.aws_route_table.route_table" [label = "module.private_subnet_az3.aws_route_table.route_table", shape = "box"]
 50 | 		"[root] module.private_subnet_az3.aws_route_table.route_table_main_gateway" [label = "module.private_subnet_az3.aws_route_table.route_table_main_gateway", shape = "box"]
 51 | 		"[root] module.private_subnet_az3.aws_route_table_association.route_table_association" [label = "module.private_subnet_az3.aws_route_table_association.route_table_association", shape = "box"]
 52 | 		"[root] module.private_subnet_az3.aws_route_table_association.route_table_association_main_gateway" [label = "module.private_subnet_az3.aws_route_table_association.route_table_association_main_gateway", shape = "box"]
 53 | 		"[root] module.private_subnet_az3.aws_subnet.subnet" [label = "module.private_subnet_az3.aws_subnet.subnet", shape = "box"]
 54 | 		"[root] module.private_subnet_az3.provider.aws" [label = "module.private_subnet_az3.provider.aws", shape = "diamond"]
 55 | 		"[root] module.public_subnet_az1.aws_eip.nat_gateway_ip" [label = "module.public_subnet_az1.aws_eip.nat_gateway_ip", shape = "box"]
 56 | 		"[root] module.public_subnet_az1.aws_nat_gateway.nat_gateway" [label = "module.public_subnet_az1.aws_nat_gateway.nat_gateway", shape = "box"]
 57 | 		"[root] module.public_subnet_az1.aws_route_table.route_table" [label = "module.public_subnet_az1.aws_route_table.route_table", shape = "box"]
 58 | 		"[root] module.public_subnet_az1.aws_route_table.route_table_main_gateway" [label = "module.public_subnet_az1.aws_route_table.route_table_main_gateway", shape = "box"]
 59 | 		"[root] module.public_subnet_az1.aws_route_table_association.route_table_association" [label = "module.public_subnet_az1.aws_route_table_association.route_table_association", shape = "box"]
 60 | 		"[root] module.public_subnet_az1.aws_route_table_association.route_table_association_main_gateway" [label = "module.public_subnet_az1.aws_route_table_association.route_table_association_main_gateway", shape = "box"]
 61 | 		"[root] module.public_subnet_az1.aws_subnet.subnet" [label = "module.public_subnet_az1.aws_subnet.subnet", shape = "box"]
 62 | 		"[root] module.public_subnet_az1.provider.aws" [label = "module.public_subnet_az1.provider.aws", shape = "diamond"]
 63 | 		"[root] module.public_subnet_az2.aws_eip.nat_gateway_ip" [label = "module.public_subnet_az2.aws_eip.nat_gateway_ip", shape = "box"]
 64 | 		"[root] module.public_subnet_az2.aws_nat_gateway.nat_gateway" [label = "module.public_subnet_az2.aws_nat_gateway.nat_gateway", shape = "box"]
 65 | 		"[root] module.public_subnet_az2.aws_route_table.route_table" [label = "module.public_subnet_az2.aws_route_table.route_table", shape = "box"]
 66 | 		"[root] module.public_subnet_az2.aws_route_table.route_table_main_gateway" [label = "module.public_subnet_az2.aws_route_table.route_table_main_gateway", shape = "box"]
 67 | 		"[root] module.public_subnet_az2.aws_route_table_association.route_table_association" [label = "module.public_subnet_az2.aws_route_table_association.route_table_association", shape = "box"]
 68 | 		"[root] module.public_subnet_az2.aws_route_table_association.route_table_association_main_gateway" [label = "module.public_subnet_az2.aws_route_table_association.route_table_association_main_gateway", shape = "box"]
 69 | 		"[root] module.public_subnet_az2.aws_subnet.subnet" [label = "module.public_subnet_az2.aws_subnet.subnet", shape = "box"]
 70 | 		"[root] module.public_subnet_az2.provider.aws" [label = "module.public_subnet_az2.provider.aws", shape = "diamond"]
 71 | 		"[root] module.public_subnet_az3.aws_eip.nat_gateway_ip" [label = "module.public_subnet_az3.aws_eip.nat_gateway_ip", shape = "box"]
 72 | 		"[root] module.public_subnet_az3.aws_nat_gateway.nat_gateway" [label = "module.public_subnet_az3.aws_nat_gateway.nat_gateway", shape = "box"]
 73 | 		"[root] module.public_subnet_az3.aws_route_table.route_table" [label = "module.public_subnet_az3.aws_route_table.route_table", shape = "box"]
 74 | 		"[root] module.public_subnet_az3.aws_route_table.route_table_main_gateway" [label = "module.public_subnet_az3.aws_route_table.route_table_main_gateway", shape = "box"]
 75 | 		"[root] module.public_subnet_az3.aws_route_table_association.route_table_association" [label = "module.public_subnet_az3.aws_route_table_association.route_table_association", shape = "box"]
 76 | 		"[root] module.public_subnet_az3.aws_route_table_association.route_table_association_main_gateway" [label = "module.public_subnet_az3.aws_route_table_association.route_table_association_main_gateway", shape = "box"]
 77 | 		"[root] module.public_subnet_az3.aws_subnet.subnet" [label = "module.public_subnet_az3.aws_subnet.subnet", shape = "box"]
 78 | 		"[root] module.public_subnet_az3.provider.aws" [label = "module.public_subnet_az3.provider.aws", shape = "diamond"]
 79 | 		"[root] module.security_group_ecs_group_egress_rule_allow_all.aws_security_group_rule.main" [label = "module.security_group_ecs_group_egress_rule_allow_all.aws_security_group_rule.main", shape = "box"]
 80 | 		"[root] module.security_group_ecs_group_egress_rule_allow_all.provider.aws" [label = "module.security_group_ecs_group_egress_rule_allow_all.provider.aws", shape = "diamond"]
 81 | 		"[root] module.security_group_ecs_group_rule_allow_22.aws_security_group_rule.main" [label = "module.security_group_ecs_group_rule_allow_22.aws_security_group_rule.main", shape = "box"]
 82 | 		"[root] module.security_group_ecs_group_rule_allow_22.provider.aws" [label = "module.security_group_ecs_group_rule_allow_22.provider.aws", shape = "diamond"]
 83 | 		"[root] module.security_group_ecs_group_rule_allow_80.aws_security_group_rule.main" [label = "module.security_group_ecs_group_rule_allow_80.aws_security_group_rule.main", shape = "box"]
 84 | 		"[root] module.security_group_ecs_group_rule_allow_80.provider.aws" [label = "module.security_group_ecs_group_rule_allow_80.provider.aws", shape = "diamond"]
 85 | 		"[root] module.security_group_ecs_instances.aws_security_group.main" [label = "module.security_group_ecs_instances.aws_security_group.main", shape = "box"]
 86 | 		"[root] module.security_group_ecs_instances.provider.aws" [label = "module.security_group_ecs_instances.provider.aws", shape = "diamond"]
 87 | 		"[root] module.security_group_efs.aws_security_group.main" [label = "module.security_group_efs.aws_security_group.main", shape = "box"]
 88 | 		"[root] module.security_group_efs.provider.aws" [label = "module.security_group_efs.provider.aws", shape = "diamond"]
 89 | 		"[root] module.security_group_efs_group_rule_allow_2049.aws_security_group_rule.main" [label = "module.security_group_efs_group_rule_allow_2049.aws_security_group_rule.main", shape = "box"]
 90 | 		"[root] module.security_group_efs_group_rule_allow_2049.provider.aws" [label = "module.security_group_efs_group_rule_allow_2049.provider.aws", shape = "diamond"]
 91 | 		"[root] module.security_group_elb.aws_security_group.main" [label = "module.security_group_elb.aws_security_group.main", shape = "box"]
 92 | 		"[root] module.security_group_elb.provider.aws" [label = "module.security_group_elb.provider.aws", shape = "diamond"]
 93 | 		"[root] module.security_group_elb_group_rule_allow_80.aws_security_group_rule.main" [label = "module.security_group_elb_group_rule_allow_80.aws_security_group_rule.main", shape = "box"]
 94 | 		"[root] module.security_group_elb_group_rule_allow_80.provider.aws" [label = "module.security_group_elb_group_rule_allow_80.provider.aws", shape = "diamond"]
 95 | 		"[root] module.security_group_elb_group_rule_egress.aws_security_group_rule.main" [label = "module.security_group_elb_group_rule_egress.aws_security_group_rule.main", shape = "box"]
 96 | 		"[root] module.security_group_elb_group_rule_egress.provider.aws" [label = "module.security_group_elb_group_rule_egress.provider.aws", shape = "diamond"]
 97 | 		"[root] module.vpc.aws_internet_gateway.main" [label = "module.vpc.aws_internet_gateway.main", shape = "box"]
 98 | 		"[root] module.vpc.aws_vpc.main" [label = "module.vpc.aws_vpc.main", shape = "box"]
 99 | 		"[root] module.vpc.provider.aws" [label = "module.vpc.provider.aws", shape = "diamond"]
100 | 		"[root] module.wordpress_rds.aws_db_instance.rds" [label = "module.wordpress_rds.aws_db_instance.rds", shape = "box"]
101 | 		"[root] module.wordpress_rds.aws_db_subnet_group.rds" [label = "module.wordpress_rds.aws_db_subnet_group.rds", shape = "box"]
102 | 		"[root] module.wordpress_rds.aws_security_group.rds" [label = "module.wordpress_rds.aws_security_group.rds", shape = "box"]
103 | 		"[root] module.wordpress_rds.provider.aws" [label = "module.wordpress_rds.provider.aws", shape = "diamond"]
104 | 		"[root] module.wordpress_service.aws_ecs_service.main" [label = "module.wordpress_service.aws_ecs_service.main", shape = "box"]
105 | 		"[root] module.wordpress_service.aws_ecs_task_definition.wordpress" [label = "module.wordpress_service.aws_ecs_task_definition.wordpress", shape = "box"]
106 | 		"[root] module.wordpress_service.data.template_file.wordpress_task" [label = "module.wordpress_service.data.template_file.wordpress_task", shape = "box"]
107 | 		"[root] module.wordpress_service.provider.aws" [label = "module.wordpress_service.provider.aws", shape = "diamond"]
108 | 		"[root] module.wordpress_service.provider.template" [label = "module.wordpress_service.provider.template", shape = "diamond"]
109 | 		"[root] provider.aws (disabled)" [label = "provider.aws", shape = "diamond"]
110 | 		"[root] provider.template (disabled)" [label = "provider.template", shape = "diamond"]
111 | 		"[root] meta.count-boundary (count boundary fixup)" -> "[root] module.ecs_cluster.module.ecs_instances.aws_autoscaling_group.ecs_cluster"
112 | 		"[root] meta.count-boundary (count boundary fixup)" -> "[root] module.ecs_cluster.module.efs.aws_efs_mount_target.main"
113 | 		"[root] meta.count-boundary (count boundary fixup)" -> "[root] module.ecs_cluster.module.iam_ecs_instances_profile.output.name"
114 | 		"[root] meta.count-boundary (count boundary fixup)" -> "[root] module.ecs_cluster.module.iam_ecs_instances_role.output.arn"
115 | 		"[root] meta.count-boundary (count boundary fixup)" -> "[root] module.ecs_cluster.module.iam_ecs_instances_role.output.name"
116 | 		"[root] meta.count-boundary (count boundary fixup)" -> "[root] module.ecs_cluster.module.iam_ecs_instances_role_policy.output.id"
117 | 		"[root] meta.count-boundary (count boundary fixup)" -> "[root] module.ecs_cluster.module.iam_ecs_instances_role_policy.output.name"
118 | 		"[root] meta.count-boundary (count boundary fixup)" -> "[root] module.ecs_cluster.module.iam_ecs_service_role.output.name"
119 | 		"[root] meta.count-boundary (count boundary fixup)" -> "[root] module.ecs_cluster.module.iam_ecs_services_role_policy.output.id"
120 | 		"[root] meta.count-boundary (count boundary fixup)" -> "[root] module.ecs_cluster.module.iam_ecs_services_role_policy.output.name"
121 | 		"[root] meta.count-boundary (count boundary fixup)" -> "[root] module.ecs_cluster.output.ecs_service_role_id"
122 | 		"[root] meta.count-boundary (count boundary fixup)" -> "[root] module.ecs_registry.output.arn"
123 | 		"[root] meta.count-boundary (count boundary fixup)" -> "[root] module.ecs_registry.output.id"
124 | 		"[root] meta.count-boundary (count boundary fixup)" -> "[root] module.elb.output.elb_id"
125 | 		"[root] meta.count-boundary (count boundary fixup)" -> "[root] module.elb.output.elb_zone_id"
126 | 		"[root] meta.count-boundary (count boundary fixup)" -> "[root] module.private_subnet_az1.aws_route_table_association.route_table_association"
127 | 		"[root] meta.count-boundary (count boundary fixup)" -> "[root] module.private_subnet_az1.aws_route_table_association.route_table_association_main_gateway"
128 | 		"[root] meta.count-boundary (count boundary fixup)" -> "[root] module.private_subnet_az2.aws_route_table_association.route_table_association"
129 | 		"[root] meta.count-boundary (count boundary fixup)" -> "[root] module.private_subnet_az2.aws_route_table_association.route_table_association_main_gateway"
130 | 		"[root] meta.count-boundary (count boundary fixup)" -> "[root] module.private_subnet_az3.aws_route_table_association.route_table_association"
131 | 		"[root] meta.count-boundary (count boundary fixup)" -> "[root] module.private_subnet_az3.aws_route_table_association.route_table_association_main_gateway"
132 | 		"[root] meta.count-boundary (count boundary fixup)" -> "[root] module.public_subnet_az1.aws_route_table_association.route_table_association"
133 | 		"[root] meta.count-boundary (count boundary fixup)" -> "[root] module.public_subnet_az1.aws_route_table_association.route_table_association_main_gateway"
134 | 		"[root] meta.count-boundary (count boundary fixup)" -> "[root] module.public_subnet_az2.aws_route_table_association.route_table_association"
135 | 		"[root] meta.count-boundary (count boundary fixup)" -> "[root] module.public_subnet_az2.aws_route_table_association.route_table_association_main_gateway"
136 | 		"[root] meta.count-boundary (count boundary fixup)" -> "[root] module.public_subnet_az3.aws_route_table_association.route_table_association"
137 | 		"[root] meta.count-boundary (count boundary fixup)" -> "[root] module.public_subnet_az3.aws_route_table_association.route_table_association_main_gateway"
138 | 		"[root] meta.count-boundary (count boundary fixup)" -> "[root] module.security_group_ecs_group_egress_rule_allow_all.aws_security_group_rule.main"
139 | 		"[root] meta.count-boundary (count boundary fixup)" -> "[root] module.security_group_ecs_group_rule_allow_22.aws_security_group_rule.main"
140 | 		"[root] meta.count-boundary (count boundary fixup)" -> "[root] module.security_group_ecs_group_rule_allow_80.aws_security_group_rule.main"
141 | 		"[root] meta.count-boundary (count boundary fixup)" -> "[root] module.security_group_efs_group_rule_allow_2049.aws_security_group_rule.main"
142 | 		"[root] meta.count-boundary (count boundary fixup)" -> "[root] module.security_group_elb_group_rule_allow_80.aws_security_group_rule.main"
143 | 		"[root] meta.count-boundary (count boundary fixup)" -> "[root] module.security_group_elb_group_rule_egress.aws_security_group_rule.main"
144 | 		"[root] meta.count-boundary (count boundary fixup)" -> "[root] module.vpc.output.aws_vpc_cidr_block"
145 | 		"[root] meta.count-boundary (count boundary fixup)" -> "[root] module.wordpress_rds.output.db_instance_id"
146 | 		"[root] meta.count-boundary (count boundary fixup)" -> "[root] module.wordpress_rds.output.db_security_group"
147 | 		"[root] meta.count-boundary (count boundary fixup)" -> "[root] module.wordpress_rds.output.subnet_group"
148 | 		"[root] meta.count-boundary (count boundary fixup)" -> "[root] module.wordpress_service.aws_ecs_service.main"
149 | 		"[root] meta.count-boundary (count boundary fixup)" -> "[root] output.ecr_repository"
150 | 		"[root] meta.count-boundary (count boundary fixup)" -> "[root] output.elb_dns"
151 | 		"[root] module.ecs_cluster.module.ecs.aws_ecs_cluster.main" -> "[root] module.ecs_cluster.module.ecs.provider.aws"
152 | 		"[root] module.ecs_cluster.module.ecs.aws_ecs_cluster.main" -> "[root] module.ecs_cluster.module.ecs.var.name"
153 | 		"[root] module.ecs_cluster.module.ecs.output.aws_ecs_cluster_main_id" -> "[root] module.ecs_cluster.module.ecs.aws_ecs_cluster.main"
154 | 		"[root] module.ecs_cluster.module.ecs.provider.aws" -> "[root] module.ecs_cluster.provider.aws (disabled)"
155 | 		"[root] module.ecs_cluster.module.ecs.var.name" -> "[root] module.ecs_cluster.var.ecs_cluster_name"
156 | 		"[root] module.ecs_cluster.module.ecs_instances.aws_autoscaling_group.ecs_cluster" -> "[root] module.ecs_cluster.module.ecs_instances.aws_launch_configuration.ecs_instance"
157 | 		"[root] module.ecs_cluster.module.ecs_instances.aws_autoscaling_group.ecs_cluster" -> "[root] module.ecs_cluster.module.ecs_instances.var.aws_autoscaling_group_desired_capacity"
158 | 		"[root] module.ecs_cluster.module.ecs_instances.aws_autoscaling_group.ecs_cluster" -> "[root] module.ecs_cluster.module.ecs_instances.var.aws_autoscaling_group_health_check_grace_period"
159 | 		"[root] module.ecs_cluster.module.ecs_instances.aws_autoscaling_group.ecs_cluster" -> "[root] module.ecs_cluster.module.ecs_instances.var.aws_autoscaling_group_health_check_type"
160 | 		"[root] module.ecs_cluster.module.ecs_instances.aws_autoscaling_group.ecs_cluster" -> "[root] module.ecs_cluster.module.ecs_instances.var.aws_autoscaling_group_max_size"
161 | 		"[root] module.ecs_cluster.module.ecs_instances.aws_autoscaling_group.ecs_cluster" -> "[root] module.ecs_cluster.module.ecs_instances.var.aws_autoscaling_group_min_size"
162 | 		"[root] module.ecs_cluster.module.ecs_instances.aws_autoscaling_group.ecs_cluster" -> "[root] module.ecs_cluster.module.ecs_instances.var.aws_autoscaling_group_name"
163 | 		"[root] module.ecs_cluster.module.ecs_instances.aws_autoscaling_group.ecs_cluster" -> "[root] module.ecs_cluster.module.ecs_instances.var.aws_autoscaling_group_subnet_ids"
164 | 		"[root] module.ecs_cluster.module.ecs_instances.aws_launch_configuration.ecs_instance" -> "[root] module.ecs_cluster.module.ecs_instances.data.template_file.user_data"
165 | 		"[root] module.ecs_cluster.module.ecs_instances.aws_launch_configuration.ecs_instance" -> "[root] module.ecs_cluster.module.ecs_instances.provider.aws"
166 | 		"[root] module.ecs_cluster.module.ecs_instances.aws_launch_configuration.ecs_instance" -> "[root] module.ecs_cluster.module.ecs_instances.var.launch_configuration_ami_id"
167 | 		"[root] module.ecs_cluster.module.ecs_instances.aws_launch_configuration.ecs_instance" -> "[root] module.ecs_cluster.module.ecs_instances.var.launch_configuration_instance_profile"
168 | 		"[root] module.ecs_cluster.module.ecs_instances.aws_launch_configuration.ecs_instance" -> "[root] module.ecs_cluster.module.ecs_instances.var.launch_configuration_instance_type"
169 | 		"[root] module.ecs_cluster.module.ecs_instances.aws_launch_configuration.ecs_instance" -> "[root] module.ecs_cluster.module.ecs_instances.var.launch_configuration_prefix_name"
170 | 		"[root] module.ecs_cluster.module.ecs_instances.aws_launch_configuration.ecs_instance" -> "[root] module.ecs_cluster.module.ecs_instances.var.launch_configuration_security_groups_ids"
171 | 		"[root] module.ecs_cluster.module.ecs_instances.data.template_file.user_data" -> "[root] module.ecs_cluster.module.ecs_instances.provider.template"
172 | 		"[root] module.ecs_cluster.module.ecs_instances.data.template_file.user_data" -> "[root] module.ecs_cluster.module.ecs_instances.var.ecs_cluster_name"
173 | 		"[root] module.ecs_cluster.module.ecs_instances.data.template_file.user_data" -> "[root] module.ecs_cluster.module.ecs_instances.var.efs_name"
174 | 		"[root] module.ecs_cluster.module.ecs_instances.data.template_file.user_data" -> "[root] module.ecs_cluster.module.ecs_instances.var.service_data_dir"
175 | 		"[root] module.ecs_cluster.module.ecs_instances.provider.aws" -> "[root] module.ecs_cluster.provider.aws (disabled)"
176 | 		"[root] module.ecs_cluster.module.ecs_instances.provider.template" -> "[root] module.ecs_cluster.provider.template (disabled)"
177 | 		"[root] module.ecs_cluster.module.ecs_instances.var.aws_autoscaling_group_desired_capacity" -> "[root] module.ecs_cluster.var.ecs_aws_autoscaling_group_desired_capacity"
178 | 		"[root] module.ecs_cluster.module.ecs_instances.var.aws_autoscaling_group_max_size" -> "[root] module.ecs_cluster.var.ecs_aws_autoscaling_group_max_size"
179 | 		"[root] module.ecs_cluster.module.ecs_instances.var.aws_autoscaling_group_min_size" -> "[root] module.ecs_cluster.var.ecs_aws_autoscaling_group_min_size"
180 | 		"[root] module.ecs_cluster.module.ecs_instances.var.aws_autoscaling_group_name" -> "[root] module.ecs_cluster.var.ecs_aws_autoscaling_group_name"
181 | 		"[root] module.ecs_cluster.module.ecs_instances.var.aws_autoscaling_group_subnet_ids" -> "[root] module.ecs_cluster.var.ecs_aws_autoscaling_group_subnet_ids"
182 | 		"[root] module.ecs_cluster.module.ecs_instances.var.ecs_cluster_name" -> "[root] module.ecs_cluster.var.ecs_cluster_name"
183 | 		"[root] module.ecs_cluster.module.ecs_instances.var.efs_name" -> "[root] module.ecs_cluster.var.ecs_efs_name"
184 | 		"[root] module.ecs_cluster.module.ecs_instances.var.launch_configuration_ami_id" -> "[root] module.ecs_cluster.var.ecs_launch_configuration_ami_id"
185 | 		"[root] module.ecs_cluster.module.ecs_instances.var.launch_configuration_instance_profile" -> "[root] module.ecs_cluster.module.iam_ecs_instances_profile.output.id"
186 | 		"[root] module.ecs_cluster.module.ecs_instances.var.launch_configuration_prefix_name" -> "[root] module.ecs_cluster.var.ecs_launch_configuration_prefix_name"
187 | 		"[root] module.ecs_cluster.module.ecs_instances.var.launch_configuration_security_groups_ids" -> "[root] module.ecs_cluster.var.ecs_launch_configuration_security_groups_ids"
188 | 		"[root] module.ecs_cluster.module.ecs_instances.var.service_data_dir" -> "[root] module.ecs_cluster.var.ecs_service_data_dir"
189 | 		"[root] module.ecs_cluster.module.efs.aws_efs_file_system.main" -> "[root] module.ecs_cluster.module.efs.provider.aws"
190 | 		"[root] module.ecs_cluster.module.efs.aws_efs_file_system.main" -> "[root] module.ecs_cluster.module.efs.var.creation_token"
191 | 		"[root] module.ecs_cluster.module.efs.aws_efs_file_system.main" -> "[root] module.ecs_cluster.module.efs.var.performance_mode"
192 | 		"[root] module.ecs_cluster.module.efs.aws_efs_file_system.main" -> "[root] module.ecs_cluster.module.efs.var.tag_name"
193 | 		"[root] module.ecs_cluster.module.efs.aws_efs_mount_target.main" -> "[root] module.ecs_cluster.module.efs.aws_efs_file_system.main"
194 | 		"[root] module.ecs_cluster.module.efs.aws_efs_mount_target.main" -> "[root] module.ecs_cluster.module.efs.var.security_groups"
195 | 		"[root] module.ecs_cluster.module.efs.aws_efs_mount_target.main" -> "[root] module.ecs_cluster.module.efs.var.subnets_count"
196 | 		"[root] module.ecs_cluster.module.efs.aws_efs_mount_target.main" -> "[root] module.ecs_cluster.module.efs.var.subnets_ids"
197 | 		"[root] module.ecs_cluster.module.efs.provider.aws" -> "[root] module.ecs_cluster.provider.aws (disabled)"
198 | 		"[root] module.ecs_cluster.module.efs.var.creation_token" -> "[root] module.ecs_cluster.var.efs_creation_token"
199 | 		"[root] module.ecs_cluster.module.efs.var.security_groups" -> "[root] module.ecs_cluster.var.efs_security_groups"
200 | 		"[root] module.ecs_cluster.module.efs.var.subnets_count" -> "[root] module.ecs_cluster.var.efs_subnets_count"
201 | 		"[root] module.ecs_cluster.module.efs.var.subnets_ids" -> "[root] module.ecs_cluster.var.efs_subnets_ids"
202 | 		"[root] module.ecs_cluster.module.efs.var.tag_name" -> "[root] module.ecs_cluster.var.efs_tag_name"
203 | 		"[root] module.ecs_cluster.module.iam_ecs_instances_profile.aws_iam_instance_profile.main" -> "[root] module.ecs_cluster.module.iam_ecs_instances_profile.provider.aws"
204 | 		"[root] module.ecs_cluster.module.iam_ecs_instances_profile.aws_iam_instance_profile.main" -> "[root] module.ecs_cluster.module.iam_ecs_instances_profile.var.name"
205 | 		"[root] module.ecs_cluster.module.iam_ecs_instances_profile.aws_iam_instance_profile.main" -> "[root] module.ecs_cluster.module.iam_ecs_instances_profile.var.role"
206 | 		"[root] module.ecs_cluster.module.iam_ecs_instances_profile.output.id" -> "[root] module.ecs_cluster.module.iam_ecs_instances_profile.aws_iam_instance_profile.main"
207 | 		"[root] module.ecs_cluster.module.iam_ecs_instances_profile.output.name" -> "[root] module.ecs_cluster.module.iam_ecs_instances_profile.aws_iam_instance_profile.main"
208 | 		"[root] module.ecs_cluster.module.iam_ecs_instances_profile.provider.aws" -> "[root] module.ecs_cluster.provider.aws (disabled)"
209 | 		"[root] module.ecs_cluster.module.iam_ecs_instances_profile.var.name" -> "[root] module.ecs_cluster.var.ecs_cluster_name"
210 | 		"[root] module.ecs_cluster.module.iam_ecs_instances_profile.var.role" -> "[root] module.ecs_cluster.module.iam_ecs_instances_role.output.id"
211 | 		"[root] module.ecs_cluster.module.iam_ecs_instances_role.aws_iam_role.main" -> "[root] module.ecs_cluster.module.iam_ecs_instances_role.provider.aws"
212 | 		"[root] module.ecs_cluster.module.iam_ecs_instances_role.aws_iam_role.main" -> "[root] module.ecs_cluster.module.iam_ecs_instances_role.var.assume_role_policy"
213 | 		"[root] module.ecs_cluster.module.iam_ecs_instances_role.aws_iam_role.main" -> "[root] module.ecs_cluster.module.iam_ecs_instances_role.var.name"
214 | 		"[root] module.ecs_cluster.module.iam_ecs_instances_role.output.arn" -> "[root] module.ecs_cluster.module.iam_ecs_instances_role.aws_iam_role.main"
215 | 		"[root] module.ecs_cluster.module.iam_ecs_instances_role.output.id" -> "[root] module.ecs_cluster.module.iam_ecs_instances_role.aws_iam_role.main"
216 | 		"[root] module.ecs_cluster.module.iam_ecs_instances_role.output.name" -> "[root] module.ecs_cluster.module.iam_ecs_instances_role.aws_iam_role.main"
217 | 		"[root] module.ecs_cluster.module.iam_ecs_instances_role.provider.aws" -> "[root] module.ecs_cluster.provider.aws (disabled)"
218 | 		"[root] module.ecs_cluster.module.iam_ecs_instances_role.var.name" -> "[root] module.ecs_cluster.var.ecs_cluster_name"
219 | 		"[root] module.ecs_cluster.module.iam_ecs_instances_role_policy.aws_iam_role_policy.main" -> "[root] module.ecs_cluster.module.iam_ecs_instances_role_policy.provider.aws"
220 | 		"[root] module.ecs_cluster.module.iam_ecs_instances_role_policy.aws_iam_role_policy.main" -> "[root] module.ecs_cluster.module.iam_ecs_instances_role_policy.var.name"
221 | 		"[root] module.ecs_cluster.module.iam_ecs_instances_role_policy.aws_iam_role_policy.main" -> "[root] module.ecs_cluster.module.iam_ecs_instances_role_policy.var.policy"
222 | 		"[root] module.ecs_cluster.module.iam_ecs_instances_role_policy.aws_iam_role_policy.main" -> "[root] module.ecs_cluster.module.iam_ecs_instances_role_policy.var.role_id"
223 | 		"[root] module.ecs_cluster.module.iam_ecs_instances_role_policy.output.id" -> "[root] module.ecs_cluster.module.iam_ecs_instances_role_policy.aws_iam_role_policy.main"
224 | 		"[root] module.ecs_cluster.module.iam_ecs_instances_role_policy.output.name" -> "[root] module.ecs_cluster.module.iam_ecs_instances_role_policy.aws_iam_role_policy.main"
225 | 		"[root] module.ecs_cluster.module.iam_ecs_instances_role_policy.provider.aws" -> "[root] module.ecs_cluster.provider.aws (disabled)"
226 | 		"[root] module.ecs_cluster.module.iam_ecs_instances_role_policy.var.name" -> "[root] module.ecs_cluster.var.ecs_cluster_name"
227 | 		"[root] module.ecs_cluster.module.iam_ecs_instances_role_policy.var.role_id" -> "[root] module.ecs_cluster.module.iam_ecs_instances_role.output.id"
228 | 		"[root] module.ecs_cluster.module.iam_ecs_service_role.aws_iam_role.main" -> "[root] module.ecs_cluster.module.iam_ecs_service_role.provider.aws"
229 | 		"[root] module.ecs_cluster.module.iam_ecs_service_role.aws_iam_role.main" -> "[root] module.ecs_cluster.module.iam_ecs_service_role.var.assume_role_policy"
230 | 		"[root] module.ecs_cluster.module.iam_ecs_service_role.aws_iam_role.main" -> "[root] module.ecs_cluster.module.iam_ecs_service_role.var.name"
231 | 		"[root] module.ecs_cluster.module.iam_ecs_service_role.output.arn" -> "[root] module.ecs_cluster.module.iam_ecs_service_role.aws_iam_role.main"
232 | 		"[root] module.ecs_cluster.module.iam_ecs_service_role.output.id" -> "[root] module.ecs_cluster.module.iam_ecs_service_role.aws_iam_role.main"
233 | 		"[root] module.ecs_cluster.module.iam_ecs_service_role.output.name" -> "[root] module.ecs_cluster.module.iam_ecs_service_role.aws_iam_role.main"
234 | 		"[root] module.ecs_cluster.module.iam_ecs_service_role.provider.aws" -> "[root] module.ecs_cluster.provider.aws (disabled)"
235 | 		"[root] module.ecs_cluster.module.iam_ecs_service_role.var.name" -> "[root] module.ecs_cluster.var.ecs_cluster_name"
236 | 		"[root] module.ecs_cluster.module.iam_ecs_services_role_policy.aws_iam_role_policy.main" -> "[root] module.ecs_cluster.module.iam_ecs_services_role_policy.provider.aws"
237 | 		"[root] module.ecs_cluster.module.iam_ecs_services_role_policy.aws_iam_role_policy.main" -> "[root] module.ecs_cluster.module.iam_ecs_services_role_policy.var.name"
238 | 		"[root] module.ecs_cluster.module.iam_ecs_services_role_policy.aws_iam_role_policy.main" -> "[root] module.ecs_cluster.module.iam_ecs_services_role_policy.var.policy"
239 | 		"[root] module.ecs_cluster.module.iam_ecs_services_role_policy.aws_iam_role_policy.main" -> "[root] module.ecs_cluster.module.iam_ecs_services_role_policy.var.role_id"
240 | 		"[root] module.ecs_cluster.module.iam_ecs_services_role_policy.output.id" -> "[root] module.ecs_cluster.module.iam_ecs_services_role_policy.aws_iam_role_policy.main"
241 | 		"[root] module.ecs_cluster.module.iam_ecs_services_role_policy.output.name" -> "[root] module.ecs_cluster.module.iam_ecs_services_role_policy.aws_iam_role_policy.main"
242 | 		"[root] module.ecs_cluster.module.iam_ecs_services_role_policy.provider.aws" -> "[root] module.ecs_cluster.provider.aws (disabled)"
243 | 		"[root] module.ecs_cluster.module.iam_ecs_services_role_policy.var.name" -> "[root] module.ecs_cluster.var.ecs_cluster_name"
244 | 		"[root] module.ecs_cluster.module.iam_ecs_services_role_policy.var.role_id" -> "[root] module.ecs_cluster.module.iam_ecs_service_role.output.id"
245 | 		"[root] module.ecs_cluster.output.ecs_cluster_id" -> "[root] module.ecs_cluster.module.ecs.output.aws_ecs_cluster_main_id"
246 | 		"[root] module.ecs_cluster.output.ecs_service_role_arn" -> "[root] module.ecs_cluster.module.iam_ecs_service_role.output.arn"
247 | 		"[root] module.ecs_cluster.output.ecs_service_role_id" -> "[root] module.ecs_cluster.module.iam_ecs_service_role.output.id"
248 | 		"[root] module.ecs_cluster.provider.aws (disabled)" -> "[root] provider.aws (disabled)"
249 | 		"[root] module.ecs_cluster.provider.template (disabled)" -> "[root] provider.template (disabled)"
250 | 		"[root] module.ecs_cluster.var.ecs_aws_autoscaling_group_subnet_ids" -> "[root] module.private_subnet_az1.output.aws_subnet_id"
251 | 		"[root] module.ecs_cluster.var.ecs_aws_autoscaling_group_subnet_ids" -> "[root] module.private_subnet_az2.output.aws_subnet_id"
252 | 		"[root] module.ecs_cluster.var.ecs_aws_autoscaling_group_subnet_ids" -> "[root] module.private_subnet_az3.output.aws_subnet_id"
253 | 		"[root] module.ecs_cluster.var.ecs_cluster_name" -> "[root] var.name"
254 | 		"[root] module.ecs_cluster.var.ecs_efs_name" -> "[root] var.name"
255 | 		"[root] module.ecs_cluster.var.ecs_launch_configuration_prefix_name" -> "[root] var.name"
256 | 		"[root] module.ecs_cluster.var.ecs_launch_configuration_security_groups_ids" -> "[root] module.security_group_ecs_instances.output.aws_security_group_id"
257 | 		"[root] module.ecs_cluster.var.ecs_launch_configuration_security_groups_ids" -> "[root] module.security_group_efs.output.aws_security_group_id"
258 | 		"[root] module.ecs_cluster.var.efs_creation_token" -> "[root] var.name"
259 | 		"[root] module.ecs_cluster.var.efs_security_groups" -> "[root] module.security_group_efs.output.aws_security_group_id"
260 | 		"[root] module.ecs_cluster.var.efs_subnets_ids" -> "[root] module.private_subnet_az1.output.aws_subnet_id"
261 | 		"[root] module.ecs_cluster.var.efs_subnets_ids" -> "[root] module.private_subnet_az2.output.aws_subnet_id"
262 | 		"[root] module.ecs_cluster.var.efs_subnets_ids" -> "[root] module.private_subnet_az3.output.aws_subnet_id"
263 | 		"[root] module.ecs_cluster.var.efs_tag_name" -> "[root] var.name"
264 | 		"[root] module.ecs_registry.aws_ecr_repository.main" -> "[root] module.ecs_registry.provider.aws"
265 | 		"[root] module.ecs_registry.aws_ecr_repository.main" -> "[root] module.ecs_registry.var.name"
266 | 		"[root] module.ecs_registry.output.arn" -> "[root] module.ecs_registry.aws_ecr_repository.main"
267 | 		"[root] module.ecs_registry.output.id" -> "[root] module.ecs_registry.aws_ecr_repository.main"
268 | 		"[root] module.ecs_registry.output.url" -> "[root] module.ecs_registry.aws_ecr_repository.main"
269 | 		"[root] module.ecs_registry.provider.aws" -> "[root] provider.aws (disabled)"
270 | 		"[root] module.elb.aws_elb.main" -> "[root] module.elb.provider.aws"
271 | 		"[root] module.elb.aws_elb.main" -> "[root] module.elb.var.name"
272 | 		"[root] module.elb.aws_elb.main" -> "[root] module.elb.var.security_group_ids"
273 | 		"[root] module.elb.aws_elb.main" -> "[root] module.elb.var.subnet_ids"
274 | 		"[root] module.elb.output.elb_dns_name" -> "[root] module.elb.aws_elb.main"
275 | 		"[root] module.elb.output.elb_id" -> "[root] module.elb.aws_elb.main"
276 | 		"[root] module.elb.output.elb_name" -> "[root] module.elb.aws_elb.main"
277 | 		"[root] module.elb.output.elb_zone_id" -> "[root] module.elb.aws_elb.main"
278 | 		"[root] module.elb.provider.aws" -> "[root] provider.aws (disabled)"
279 | 		"[root] module.elb.var.name" -> "[root] var.name"
280 | 		"[root] module.elb.var.security_group_ids" -> "[root] module.security_group_elb.output.aws_security_group_id"
281 | 		"[root] module.elb.var.subnet_ids" -> "[root] module.public_subnet_az1.output.aws_subnet_id"
282 | 		"[root] module.elb.var.subnet_ids" -> "[root] module.public_subnet_az2.output.aws_subnet_id"
283 | 		"[root] module.elb.var.subnet_ids" -> "[root] module.public_subnet_az3.output.aws_subnet_id"
284 | 		"[root] module.private_subnet_az1.aws_eip.nat_gateway_ip" -> "[root] module.private_subnet_az1.provider.aws"
285 | 		"[root] module.private_subnet_az1.aws_eip.nat_gateway_ip" -> "[root] module.private_subnet_az1.var.create_nat_gateway"
286 | 		"[root] module.private_subnet_az1.aws_nat_gateway.nat_gateway" -> "[root] module.private_subnet_az1.aws_eip.nat_gateway_ip"
287 | 		"[root] module.private_subnet_az1.aws_nat_gateway.nat_gateway" -> "[root] module.private_subnet_az1.aws_subnet.subnet"
288 | 		"[root] module.private_subnet_az1.aws_nat_gateway.nat_gateway" -> "[root] module.private_subnet_az1.var.nat_gateway_subnet_id"
289 | 		"[root] module.private_subnet_az1.aws_route_table.route_table" -> "[root] module.private_subnet_az1.aws_nat_gateway.nat_gateway"
290 | 		"[root] module.private_subnet_az1.aws_route_table.route_table" -> "[root] module.private_subnet_az1.var.route_table_cidr_block"
291 | 		"[root] module.private_subnet_az1.aws_route_table.route_table_main_gateway" -> "[root] module.private_subnet_az1.provider.aws"
292 | 		"[root] module.private_subnet_az1.aws_route_table.route_table_main_gateway" -> "[root] module.private_subnet_az1.var.create_nat_gateway"
293 | 		"[root] module.private_subnet_az1.aws_route_table.route_table_main_gateway" -> "[root] module.private_subnet_az1.var.route_table_cidr_block"
294 | 		"[root] module.private_subnet_az1.aws_route_table.route_table_main_gateway" -> "[root] module.private_subnet_az1.var.route_table_gateway_id"
295 | 		"[root] module.private_subnet_az1.aws_route_table.route_table_main_gateway" -> "[root] module.private_subnet_az1.var.tag_name"
296 | 		"[root] module.private_subnet_az1.aws_route_table.route_table_main_gateway" -> "[root] module.private_subnet_az1.var.vpc_id"
297 | 		"[root] module.private_subnet_az1.aws_route_table_association.route_table_association" -> "[root] module.private_subnet_az1.aws_route_table.route_table"
298 | 		"[root] module.private_subnet_az1.aws_route_table_association.route_table_association_main_gateway" -> "[root] module.private_subnet_az1.aws_route_table.route_table_main_gateway"
299 | 		"[root] module.private_subnet_az1.aws_route_table_association.route_table_association_main_gateway" -> "[root] module.private_subnet_az1.aws_subnet.subnet"
300 | 		"[root] module.private_subnet_az1.aws_subnet.subnet" -> "[root] module.private_subnet_az1.provider.aws"
301 | 		"[root] module.private_subnet_az1.aws_subnet.subnet" -> "[root] module.private_subnet_az1.var.map_public_ip_on_launch"
302 | 		"[root] module.private_subnet_az1.aws_subnet.subnet" -> "[root] module.private_subnet_az1.var.subnet_cidr"
303 | 		"[root] module.private_subnet_az1.aws_subnet.subnet" -> "[root] module.private_subnet_az1.var.subnet_zone"
304 | 		"[root] module.private_subnet_az1.aws_subnet.subnet" -> "[root] module.private_subnet_az1.var.tag_name"
305 | 		"[root] module.private_subnet_az1.aws_subnet.subnet" -> "[root] module.private_subnet_az1.var.vpc_id"
306 | 		"[root] module.private_subnet_az1.output.aws_subnet_cidr_block" -> "[root] module.private_subnet_az1.aws_subnet.subnet"
307 | 		"[root] module.private_subnet_az1.output.aws_subnet_id" -> "[root] module.private_subnet_az1.aws_subnet.subnet"
308 | 		"[root] module.private_subnet_az1.provider.aws" -> "[root] provider.aws (disabled)"
309 | 		"[root] module.private_subnet_az1.var.nat_gateway_subnet_id" -> "[root] module.public_subnet_az1.output.aws_subnet_id"
310 | 		"[root] module.private_subnet_az1.var.tag_name" -> "[root] var.name"
311 | 		"[root] module.private_subnet_az1.var.vpc_id" -> "[root] module.vpc.output.aws_vpc_id"
312 | 		"[root] module.private_subnet_az2.aws_eip.nat_gateway_ip" -> "[root] module.private_subnet_az2.provider.aws"
313 | 		"[root] module.private_subnet_az2.aws_eip.nat_gateway_ip" -> "[root] module.private_subnet_az2.var.create_nat_gateway"
314 | 		"[root] module.private_subnet_az2.aws_nat_gateway.nat_gateway" -> "[root] module.private_subnet_az2.aws_eip.nat_gateway_ip"
315 | 		"[root] module.private_subnet_az2.aws_nat_gateway.nat_gateway" -> "[root] module.private_subnet_az2.aws_subnet.subnet"
316 | 		"[root] module.private_subnet_az2.aws_nat_gateway.nat_gateway" -> "[root] module.private_subnet_az2.var.nat_gateway_subnet_id"
317 | 		"[root] module.private_subnet_az2.aws_route_table.route_table" -> "[root] module.private_subnet_az2.aws_nat_gateway.nat_gateway"
318 | 		"[root] module.private_subnet_az2.aws_route_table.route_table" -> "[root] module.private_subnet_az2.var.route_table_cidr_block"
319 | 		"[root] module.private_subnet_az2.aws_route_table.route_table_main_gateway" -> "[root] module.private_subnet_az2.provider.aws"
320 | 		"[root] module.private_subnet_az2.aws_route_table.route_table_main_gateway" -> "[root] module.private_subnet_az2.var.create_nat_gateway"
321 | 		"[root] module.private_subnet_az2.aws_route_table.route_table_main_gateway" -> "[root] module.private_subnet_az2.var.route_table_cidr_block"
322 | 		"[root] module.private_subnet_az2.aws_route_table.route_table_main_gateway" -> "[root] module.private_subnet_az2.var.route_table_gateway_id"
323 | 		"[root] module.private_subnet_az2.aws_route_table.route_table_main_gateway" -> "[root] module.private_subnet_az2.var.tag_name"
324 | 		"[root] module.private_subnet_az2.aws_route_table.route_table_main_gateway" -> "[root] module.private_subnet_az2.var.vpc_id"
325 | 		"[root] module.private_subnet_az2.aws_route_table_association.route_table_association" -> "[root] module.private_subnet_az2.aws_route_table.route_table"
326 | 		"[root] module.private_subnet_az2.aws_route_table_association.route_table_association_main_gateway" -> "[root] module.private_subnet_az2.aws_route_table.route_table_main_gateway"
327 | 		"[root] module.private_subnet_az2.aws_route_table_association.route_table_association_main_gateway" -> "[root] module.private_subnet_az2.aws_subnet.subnet"
328 | 		"[root] module.private_subnet_az2.aws_subnet.subnet" -> "[root] module.private_subnet_az2.provider.aws"
329 | 		"[root] module.private_subnet_az2.aws_subnet.subnet" -> "[root] module.private_subnet_az2.var.map_public_ip_on_launch"
330 | 		"[root] module.private_subnet_az2.aws_subnet.subnet" -> "[root] module.private_subnet_az2.var.subnet_cidr"
331 | 		"[root] module.private_subnet_az2.aws_subnet.subnet" -> "[root] module.private_subnet_az2.var.subnet_zone"
332 | 		"[root] module.private_subnet_az2.aws_subnet.subnet" -> "[root] module.private_subnet_az2.var.tag_name"
333 | 		"[root] module.private_subnet_az2.aws_subnet.subnet" -> "[root] module.private_subnet_az2.var.vpc_id"
334 | 		"[root] module.private_subnet_az2.output.aws_subnet_cidr_block" -> "[root] module.private_subnet_az2.aws_subnet.subnet"
335 | 		"[root] module.private_subnet_az2.output.aws_subnet_id" -> "[root] module.private_subnet_az2.aws_subnet.subnet"
336 | 		"[root] module.private_subnet_az2.provider.aws" -> "[root] provider.aws (disabled)"
337 | 		"[root] module.private_subnet_az2.var.nat_gateway_subnet_id" -> "[root] module.public_subnet_az2.output.aws_subnet_id"
338 | 		"[root] module.private_subnet_az2.var.tag_name" -> "[root] var.name"
339 | 		"[root] module.private_subnet_az2.var.vpc_id" -> "[root] module.vpc.output.aws_vpc_id"
340 | 		"[root] module.private_subnet_az3.aws_eip.nat_gateway_ip" -> "[root] module.private_subnet_az3.provider.aws"
341 | 		"[root] module.private_subnet_az3.aws_eip.nat_gateway_ip" -> "[root] module.private_subnet_az3.var.create_nat_gateway"
342 | 		"[root] module.private_subnet_az3.aws_nat_gateway.nat_gateway" -> "[root] module.private_subnet_az3.aws_eip.nat_gateway_ip"
343 | 		"[root] module.private_subnet_az3.aws_nat_gateway.nat_gateway" -> "[root] module.private_subnet_az3.aws_subnet.subnet"
344 | 		"[root] module.private_subnet_az3.aws_nat_gateway.nat_gateway" -> "[root] module.private_subnet_az3.var.nat_gateway_subnet_id"
345 | 		"[root] module.private_subnet_az3.aws_route_table.route_table" -> "[root] module.private_subnet_az3.aws_nat_gateway.nat_gateway"
346 | 		"[root] module.private_subnet_az3.aws_route_table.route_table" -> "[root] module.private_subnet_az3.var.route_table_cidr_block"
347 | 		"[root] module.private_subnet_az3.aws_route_table.route_table_main_gateway" -> "[root] module.private_subnet_az3.provider.aws"
348 | 		"[root] module.private_subnet_az3.aws_route_table.route_table_main_gateway" -> "[root] module.private_subnet_az3.var.create_nat_gateway"
349 | 		"[root] module.private_subnet_az3.aws_route_table.route_table_main_gateway" -> "[root] module.private_subnet_az3.var.route_table_cidr_block"
350 | 		"[root] module.private_subnet_az3.aws_route_table.route_table_main_gateway" -> "[root] module.private_subnet_az3.var.route_table_gateway_id"
351 | 		"[root] module.private_subnet_az3.aws_route_table.route_table_main_gateway" -> "[root] module.private_subnet_az3.var.tag_name"
352 | 		"[root] module.private_subnet_az3.aws_route_table.route_table_main_gateway" -> "[root] module.private_subnet_az3.var.vpc_id"
353 | 		"[root] module.private_subnet_az3.aws_route_table_association.route_table_association" -> "[root] module.private_subnet_az3.aws_route_table.route_table"
354 | 		"[root] module.private_subnet_az3.aws_route_table_association.route_table_association_main_gateway" -> "[root] module.private_subnet_az3.aws_route_table.route_table_main_gateway"
355 | 		"[root] module.private_subnet_az3.aws_route_table_association.route_table_association_main_gateway" -> "[root] module.private_subnet_az3.aws_subnet.subnet"
356 | 		"[root] module.private_subnet_az3.aws_subnet.subnet" -> "[root] module.private_subnet_az3.provider.aws"
357 | 		"[root] module.private_subnet_az3.aws_subnet.subnet" -> "[root] module.private_subnet_az3.var.map_public_ip_on_launch"
358 | 		"[root] module.private_subnet_az3.aws_subnet.subnet" -> "[root] module.private_subnet_az3.var.subnet_cidr"
359 | 		"[root] module.private_subnet_az3.aws_subnet.subnet" -> "[root] module.private_subnet_az3.var.subnet_zone"
360 | 		"[root] module.private_subnet_az3.aws_subnet.subnet" -> "[root] module.private_subnet_az3.var.tag_name"
361 | 		"[root] module.private_subnet_az3.aws_subnet.subnet" -> "[root] module.private_subnet_az3.var.vpc_id"
362 | 		"[root] module.private_subnet_az3.output.aws_subnet_cidr_block" -> "[root] module.private_subnet_az3.aws_subnet.subnet"
363 | 		"[root] module.private_subnet_az3.output.aws_subnet_id" -> "[root] module.private_subnet_az3.aws_subnet.subnet"
364 | 		"[root] module.private_subnet_az3.provider.aws" -> "[root] provider.aws (disabled)"
365 | 		"[root] module.private_subnet_az3.var.nat_gateway_subnet_id" -> "[root] module.public_subnet_az3.output.aws_subnet_id"
366 | 		"[root] module.private_subnet_az3.var.tag_name" -> "[root] var.name"
367 | 		"[root] module.private_subnet_az3.var.vpc_id" -> "[root] module.vpc.output.aws_vpc_id"
368 | 		"[root] module.public_subnet_az1.aws_eip.nat_gateway_ip" -> "[root] module.public_subnet_az1.provider.aws"
369 | 		"[root] module.public_subnet_az1.aws_eip.nat_gateway_ip" -> "[root] module.public_subnet_az1.var.create_nat_gateway"
370 | 		"[root] module.public_subnet_az1.aws_nat_gateway.nat_gateway" -> "[root] module.public_subnet_az1.aws_eip.nat_gateway_ip"
371 | 		"[root] module.public_subnet_az1.aws_nat_gateway.nat_gateway" -> "[root] module.public_subnet_az1.aws_subnet.subnet"
372 | 		"[root] module.public_subnet_az1.aws_nat_gateway.nat_gateway" -> "[root] module.public_subnet_az1.var.nat_gateway_subnet_id"
373 | 		"[root] module.public_subnet_az1.aws_route_table.route_table" -> "[root] module.public_subnet_az1.aws_nat_gateway.nat_gateway"
374 | 		"[root] module.public_subnet_az1.aws_route_table.route_table" -> "[root] module.public_subnet_az1.var.route_table_cidr_block"
375 | 		"[root] module.public_subnet_az1.aws_route_table.route_table_main_gateway" -> "[root] module.public_subnet_az1.provider.aws"
376 | 		"[root] module.public_subnet_az1.aws_route_table.route_table_main_gateway" -> "[root] module.public_subnet_az1.var.create_nat_gateway"
377 | 		"[root] module.public_subnet_az1.aws_route_table.route_table_main_gateway" -> "[root] module.public_subnet_az1.var.route_table_cidr_block"
378 | 		"[root] module.public_subnet_az1.aws_route_table.route_table_main_gateway" -> "[root] module.public_subnet_az1.var.route_table_gateway_id"
379 | 		"[root] module.public_subnet_az1.aws_route_table.route_table_main_gateway" -> "[root] module.public_subnet_az1.var.tag_name"
380 | 		"[root] module.public_subnet_az1.aws_route_table.route_table_main_gateway" -> "[root] module.public_subnet_az1.var.vpc_id"
381 | 		"[root] module.public_subnet_az1.aws_route_table_association.route_table_association" -> "[root] module.public_subnet_az1.aws_route_table.route_table"
382 | 		"[root] module.public_subnet_az1.aws_route_table_association.route_table_association_main_gateway" -> "[root] module.public_subnet_az1.aws_route_table.route_table_main_gateway"
383 | 		"[root] module.public_subnet_az1.aws_route_table_association.route_table_association_main_gateway" -> "[root] module.public_subnet_az1.aws_subnet.subnet"
384 | 		"[root] module.public_subnet_az1.aws_subnet.subnet" -> "[root] module.public_subnet_az1.provider.aws"
385 | 		"[root] module.public_subnet_az1.aws_subnet.subnet" -> "[root] module.public_subnet_az1.var.map_public_ip_on_launch"
386 | 		"[root] module.public_subnet_az1.aws_subnet.subnet" -> "[root] module.public_subnet_az1.var.subnet_cidr"
387 | 		"[root] module.public_subnet_az1.aws_subnet.subnet" -> "[root] module.public_subnet_az1.var.subnet_zone"
388 | 		"[root] module.public_subnet_az1.aws_subnet.subnet" -> "[root] module.public_subnet_az1.var.tag_name"
389 | 		"[root] module.public_subnet_az1.aws_subnet.subnet" -> "[root] module.public_subnet_az1.var.vpc_id"
390 | 		"[root] module.public_subnet_az1.output.aws_subnet_cidr_block" -> "[root] module.public_subnet_az1.aws_subnet.subnet"
391 | 		"[root] module.public_subnet_az1.output.aws_subnet_id" -> "[root] module.public_subnet_az1.aws_subnet.subnet"
392 | 		"[root] module.public_subnet_az1.provider.aws" -> "[root] provider.aws (disabled)"
393 | 		"[root] module.public_subnet_az1.var.route_table_gateway_id" -> "[root] module.vpc.output.aws_internet_gateway_id"
394 | 		"[root] module.public_subnet_az1.var.tag_name" -> "[root] var.name"
395 | 		"[root] module.public_subnet_az1.var.vpc_id" -> "[root] module.vpc.output.aws_vpc_id"
396 | 		"[root] module.public_subnet_az2.aws_eip.nat_gateway_ip" -> "[root] module.public_subnet_az2.provider.aws"
397 | 		"[root] module.public_subnet_az2.aws_eip.nat_gateway_ip" -> "[root] module.public_subnet_az2.var.create_nat_gateway"
398 | 		"[root] module.public_subnet_az2.aws_nat_gateway.nat_gateway" -> "[root] module.public_subnet_az2.aws_eip.nat_gateway_ip"
399 | 		"[root] module.public_subnet_az2.aws_nat_gateway.nat_gateway" -> "[root] module.public_subnet_az2.aws_subnet.subnet"
400 | 		"[root] module.public_subnet_az2.aws_nat_gateway.nat_gateway" -> "[root] module.public_subnet_az2.var.nat_gateway_subnet_id"
401 | 		"[root] module.public_subnet_az2.aws_route_table.route_table" -> "[root] module.public_subnet_az2.aws_nat_gateway.nat_gateway"
402 | 		"[root] module.public_subnet_az2.aws_route_table.route_table" -> "[root] module.public_subnet_az2.var.route_table_cidr_block"
403 | 		"[root] module.public_subnet_az2.aws_route_table.route_table_main_gateway" -> "[root] module.public_subnet_az2.provider.aws"
404 | 		"[root] module.public_subnet_az2.aws_route_table.route_table_main_gateway" -> "[root] module.public_subnet_az2.var.create_nat_gateway"
405 | 		"[root] module.public_subnet_az2.aws_route_table.route_table_main_gateway" -> "[root] module.public_subnet_az2.var.route_table_cidr_block"
406 | 		"[root] module.public_subnet_az2.aws_route_table.route_table_main_gateway" -> "[root] module.public_subnet_az2.var.route_table_gateway_id"
407 | 		"[root] module.public_subnet_az2.aws_route_table.route_table_main_gateway" -> "[root] module.public_subnet_az2.var.tag_name"
408 | 		"[root] module.public_subnet_az2.aws_route_table.route_table_main_gateway" -> "[root] module.public_subnet_az2.var.vpc_id"
409 | 		"[root] module.public_subnet_az2.aws_route_table_association.route_table_association" -> "[root] module.public_subnet_az2.aws_route_table.route_table"
410 | 		"[root] module.public_subnet_az2.aws_route_table_association.route_table_association_main_gateway" -> "[root] module.public_subnet_az2.aws_route_table.route_table_main_gateway"
411 | 		"[root] module.public_subnet_az2.aws_route_table_association.route_table_association_main_gateway" -> "[root] module.public_subnet_az2.aws_subnet.subnet"
412 | 		"[root] module.public_subnet_az2.aws_subnet.subnet" -> "[root] module.public_subnet_az2.provider.aws"
413 | 		"[root] module.public_subnet_az2.aws_subnet.subnet" -> "[root] module.public_subnet_az2.var.map_public_ip_on_launch"
414 | 		"[root] module.public_subnet_az2.aws_subnet.subnet" -> "[root] module.public_subnet_az2.var.subnet_cidr"
415 | 		"[root] module.public_subnet_az2.aws_subnet.subnet" -> "[root] module.public_subnet_az2.var.subnet_zone"
416 | 		"[root] module.public_subnet_az2.aws_subnet.subnet" -> "[root] module.public_subnet_az2.var.tag_name"
417 | 		"[root] module.public_subnet_az2.aws_subnet.subnet" -> "[root] module.public_subnet_az2.var.vpc_id"
418 | 		"[root] module.public_subnet_az2.output.aws_subnet_cidr_block" -> "[root] module.public_subnet_az2.aws_subnet.subnet"
419 | 		"[root] module.public_subnet_az2.output.aws_subnet_id" -> "[root] module.public_subnet_az2.aws_subnet.subnet"
420 | 		"[root] module.public_subnet_az2.provider.aws" -> "[root] provider.aws (disabled)"
421 | 		"[root] module.public_subnet_az2.var.route_table_gateway_id" -> "[root] module.vpc.output.aws_internet_gateway_id"
422 | 		"[root] module.public_subnet_az2.var.tag_name" -> "[root] var.name"
423 | 		"[root] module.public_subnet_az2.var.vpc_id" -> "[root] module.vpc.output.aws_vpc_id"
424 | 		"[root] module.public_subnet_az3.aws_eip.nat_gateway_ip" -> "[root] module.public_subnet_az3.provider.aws"
425 | 		"[root] module.public_subnet_az3.aws_eip.nat_gateway_ip" -> "[root] module.public_subnet_az3.var.create_nat_gateway"
426 | 		"[root] module.public_subnet_az3.aws_nat_gateway.nat_gateway" -> "[root] module.public_subnet_az3.aws_eip.nat_gateway_ip"
427 | 		"[root] module.public_subnet_az3.aws_nat_gateway.nat_gateway" -> "[root] module.public_subnet_az3.aws_subnet.subnet"
428 | 		"[root] module.public_subnet_az3.aws_nat_gateway.nat_gateway" -> "[root] module.public_subnet_az3.var.nat_gateway_subnet_id"
429 | 		"[root] module.public_subnet_az3.aws_route_table.route_table" -> "[root] module.public_subnet_az3.aws_nat_gateway.nat_gateway"
430 | 		"[root] module.public_subnet_az3.aws_route_table.route_table" -> "[root] module.public_subnet_az3.var.route_table_cidr_block"
431 | 		"[root] module.public_subnet_az3.aws_route_table.route_table_main_gateway" -> "[root] module.public_subnet_az3.provider.aws"
432 | 		"[root] module.public_subnet_az3.aws_route_table.route_table_main_gateway" -> "[root] module.public_subnet_az3.var.create_nat_gateway"
433 | 		"[root] module.public_subnet_az3.aws_route_table.route_table_main_gateway" -> "[root] module.public_subnet_az3.var.route_table_cidr_block"
434 | 		"[root] module.public_subnet_az3.aws_route_table.route_table_main_gateway" -> "[root] module.public_subnet_az3.var.route_table_gateway_id"
435 | 		"[root] module.public_subnet_az3.aws_route_table.route_table_main_gateway" -> "[root] module.public_subnet_az3.var.tag_name"
436 | 		"[root] module.public_subnet_az3.aws_route_table.route_table_main_gateway" -> "[root] module.public_subnet_az3.var.vpc_id"
437 | 		"[root] module.public_subnet_az3.aws_route_table_association.route_table_association" -> "[root] module.public_subnet_az3.aws_route_table.route_table"
438 | 		"[root] module.public_subnet_az3.aws_route_table_association.route_table_association_main_gateway" -> "[root] module.public_subnet_az3.aws_route_table.route_table_main_gateway"
439 | 		"[root] module.public_subnet_az3.aws_route_table_association.route_table_association_main_gateway" -> "[root] module.public_subnet_az3.aws_subnet.subnet"
440 | 		"[root] module.public_subnet_az3.aws_subnet.subnet" -> "[root] module.public_subnet_az3.provider.aws"
441 | 		"[root] module.public_subnet_az3.aws_subnet.subnet" -> "[root] module.public_subnet_az3.var.map_public_ip_on_launch"
442 | 		"[root] module.public_subnet_az3.aws_subnet.subnet" -> "[root] module.public_subnet_az3.var.subnet_cidr"
443 | 		"[root] module.public_subnet_az3.aws_subnet.subnet" -> "[root] module.public_subnet_az3.var.subnet_zone"
444 | 		"[root] module.public_subnet_az3.aws_subnet.subnet" -> "[root] module.public_subnet_az3.var.tag_name"
445 | 		"[root] module.public_subnet_az3.aws_subnet.subnet" -> "[root] module.public_subnet_az3.var.vpc_id"
446 | 		"[root] module.public_subnet_az3.output.aws_subnet_cidr_block" -> "[root] module.public_subnet_az3.aws_subnet.subnet"
447 | 		"[root] module.public_subnet_az3.output.aws_subnet_id" -> "[root] module.public_subnet_az3.aws_subnet.subnet"
448 | 		"[root] module.public_subnet_az3.provider.aws" -> "[root] provider.aws (disabled)"
449 | 		"[root] module.public_subnet_az3.var.route_table_gateway_id" -> "[root] module.vpc.output.aws_internet_gateway_id"
450 | 		"[root] module.public_subnet_az3.var.tag_name" -> "[root] var.name"
451 | 		"[root] module.public_subnet_az3.var.vpc_id" -> "[root] module.vpc.output.aws_vpc_id"
452 | 		"[root] module.security_group_ecs_group_egress_rule_allow_all.aws_security_group_rule.main" -> "[root] module.security_group_ecs_group_egress_rule_allow_all.provider.aws"
453 | 		"[root] module.security_group_ecs_group_egress_rule_allow_all.aws_security_group_rule.main" -> "[root] module.security_group_ecs_group_egress_rule_allow_all.var.cidr_blocks"
454 | 		"[root] module.security_group_ecs_group_egress_rule_allow_all.aws_security_group_rule.main" -> "[root] module.security_group_ecs_group_egress_rule_allow_all.var.from_port"
455 | 		"[root] module.security_group_ecs_group_egress_rule_allow_all.aws_security_group_rule.main" -> "[root] module.security_group_ecs_group_egress_rule_allow_all.var.protocol"
456 | 		"[root] module.security_group_ecs_group_egress_rule_allow_all.aws_security_group_rule.main" -> "[root] module.security_group_ecs_group_egress_rule_allow_all.var.security_group_id"
457 | 		"[root] module.security_group_ecs_group_egress_rule_allow_all.aws_security_group_rule.main" -> "[root] module.security_group_ecs_group_egress_rule_allow_all.var.to_port"
458 | 		"[root] module.security_group_ecs_group_egress_rule_allow_all.aws_security_group_rule.main" -> "[root] module.security_group_ecs_group_egress_rule_allow_all.var.type"
459 | 		"[root] module.security_group_ecs_group_egress_rule_allow_all.provider.aws" -> "[root] provider.aws (disabled)"
460 | 		"[root] module.security_group_ecs_group_egress_rule_allow_all.var.security_group_id" -> "[root] module.security_group_ecs_instances.output.aws_security_group_id"
461 | 		"[root] module.security_group_ecs_group_rule_allow_22.aws_security_group_rule.main" -> "[root] module.security_group_ecs_group_rule_allow_22.provider.aws"
462 | 		"[root] module.security_group_ecs_group_rule_allow_22.aws_security_group_rule.main" -> "[root] module.security_group_ecs_group_rule_allow_22.var.cidr_blocks"
463 | 		"[root] module.security_group_ecs_group_rule_allow_22.aws_security_group_rule.main" -> "[root] module.security_group_ecs_group_rule_allow_22.var.from_port"
464 | 		"[root] module.security_group_ecs_group_rule_allow_22.aws_security_group_rule.main" -> "[root] module.security_group_ecs_group_rule_allow_22.var.protocol"
465 | 		"[root] module.security_group_ecs_group_rule_allow_22.aws_security_group_rule.main" -> "[root] module.security_group_ecs_group_rule_allow_22.var.security_group_id"
466 | 		"[root] module.security_group_ecs_group_rule_allow_22.aws_security_group_rule.main" -> "[root] module.security_group_ecs_group_rule_allow_22.var.to_port"
467 | 		"[root] module.security_group_ecs_group_rule_allow_22.aws_security_group_rule.main" -> "[root] module.security_group_ecs_group_rule_allow_22.var.type"
468 | 		"[root] module.security_group_ecs_group_rule_allow_22.provider.aws" -> "[root] provider.aws (disabled)"
469 | 		"[root] module.security_group_ecs_group_rule_allow_22.var.cidr_blocks" -> "[root] module.private_subnet_az1.output.aws_subnet_cidr_block"
470 | 		"[root] module.security_group_ecs_group_rule_allow_22.var.cidr_blocks" -> "[root] module.private_subnet_az2.output.aws_subnet_cidr_block"
471 | 		"[root] module.security_group_ecs_group_rule_allow_22.var.cidr_blocks" -> "[root] module.private_subnet_az3.output.aws_subnet_cidr_block"
472 | 		"[root] module.security_group_ecs_group_rule_allow_22.var.cidr_blocks" -> "[root] module.public_subnet_az1.output.aws_subnet_cidr_block"
473 | 		"[root] module.security_group_ecs_group_rule_allow_22.var.cidr_blocks" -> "[root] module.public_subnet_az2.output.aws_subnet_cidr_block"
474 | 		"[root] module.security_group_ecs_group_rule_allow_22.var.cidr_blocks" -> "[root] module.public_subnet_az3.output.aws_subnet_cidr_block"
475 | 		"[root] module.security_group_ecs_group_rule_allow_22.var.security_group_id" -> "[root] module.security_group_ecs_instances.output.aws_security_group_id"
476 | 		"[root] module.security_group_ecs_group_rule_allow_80.aws_security_group_rule.main" -> "[root] module.security_group_ecs_group_rule_allow_80.provider.aws"
477 | 		"[root] module.security_group_ecs_group_rule_allow_80.aws_security_group_rule.main" -> "[root] module.security_group_ecs_group_rule_allow_80.var.cidr_blocks"
478 | 		"[root] module.security_group_ecs_group_rule_allow_80.aws_security_group_rule.main" -> "[root] module.security_group_ecs_group_rule_allow_80.var.from_port"
479 | 		"[root] module.security_group_ecs_group_rule_allow_80.aws_security_group_rule.main" -> "[root] module.security_group_ecs_group_rule_allow_80.var.protocol"
480 | 		"[root] module.security_group_ecs_group_rule_allow_80.aws_security_group_rule.main" -> "[root] module.security_group_ecs_group_rule_allow_80.var.security_group_id"
481 | 		"[root] module.security_group_ecs_group_rule_allow_80.aws_security_group_rule.main" -> "[root] module.security_group_ecs_group_rule_allow_80.var.to_port"
482 | 		"[root] module.security_group_ecs_group_rule_allow_80.aws_security_group_rule.main" -> "[root] module.security_group_ecs_group_rule_allow_80.var.type"
483 | 		"[root] module.security_group_ecs_group_rule_allow_80.provider.aws" -> "[root] provider.aws (disabled)"
484 | 		"[root] module.security_group_ecs_group_rule_allow_80.var.security_group_id" -> "[root] module.security_group_ecs_instances.output.aws_security_group_id"
485 | 		"[root] module.security_group_ecs_instances.aws_security_group.main" -> "[root] module.security_group_ecs_instances.provider.aws"
486 | 		"[root] module.security_group_ecs_instances.aws_security_group.main" -> "[root] module.security_group_ecs_instances.var.name"
487 | 		"[root] module.security_group_ecs_instances.aws_security_group.main" -> "[root] module.security_group_ecs_instances.var.vpc_id"
488 | 		"[root] module.security_group_ecs_instances.output.aws_security_group_id" -> "[root] module.security_group_ecs_instances.aws_security_group.main"
489 | 		"[root] module.security_group_ecs_instances.provider.aws" -> "[root] provider.aws (disabled)"
490 | 		"[root] module.security_group_ecs_instances.var.name" -> "[root] var.name"
491 | 		"[root] module.security_group_ecs_instances.var.vpc_id" -> "[root] module.vpc.output.aws_vpc_id"
492 | 		"[root] module.security_group_efs.aws_security_group.main" -> "[root] module.security_group_efs.provider.aws"
493 | 		"[root] module.security_group_efs.aws_security_group.main" -> "[root] module.security_group_efs.var.name"
494 | 		"[root] module.security_group_efs.aws_security_group.main" -> "[root] module.security_group_efs.var.vpc_id"
495 | 		"[root] module.security_group_efs.output.aws_security_group_id" -> "[root] module.security_group_efs.aws_security_group.main"
496 | 		"[root] module.security_group_efs.provider.aws" -> "[root] provider.aws (disabled)"
497 | 		"[root] module.security_group_efs.var.name" -> "[root] var.name"
498 | 		"[root] module.security_group_efs.var.vpc_id" -> "[root] module.vpc.output.aws_vpc_id"
499 | 		"[root] module.security_group_efs_group_rule_allow_2049.aws_security_group_rule.main" -> "[root] module.security_group_efs_group_rule_allow_2049.provider.aws"
500 | 		"[root] module.security_group_efs_group_rule_allow_2049.aws_security_group_rule.main" -> "[root] module.security_group_efs_group_rule_allow_2049.var.cidr_blocks"
501 | 		"[root] module.security_group_efs_group_rule_allow_2049.aws_security_group_rule.main" -> "[root] module.security_group_efs_group_rule_allow_2049.var.from_port"
502 | 		"[root] module.security_group_efs_group_rule_allow_2049.aws_security_group_rule.main" -> "[root] module.security_group_efs_group_rule_allow_2049.var.protocol"
503 | 		"[root] module.security_group_efs_group_rule_allow_2049.aws_security_group_rule.main" -> "[root] module.security_group_efs_group_rule_allow_2049.var.security_group_id"
504 | 		"[root] module.security_group_efs_group_rule_allow_2049.aws_security_group_rule.main" -> "[root] module.security_group_efs_group_rule_allow_2049.var.to_port"
505 | 		"[root] module.security_group_efs_group_rule_allow_2049.aws_security_group_rule.main" -> "[root] module.security_group_efs_group_rule_allow_2049.var.type"
506 | 		"[root] module.security_group_efs_group_rule_allow_2049.provider.aws" -> "[root] provider.aws (disabled)"
507 | 		"[root] module.security_group_efs_group_rule_allow_2049.var.cidr_blocks" -> "[root] module.private_subnet_az1.output.aws_subnet_cidr_block"
508 | 		"[root] module.security_group_efs_group_rule_allow_2049.var.cidr_blocks" -> "[root] module.private_subnet_az2.output.aws_subnet_cidr_block"
509 | 		"[root] module.security_group_efs_group_rule_allow_2049.var.cidr_blocks" -> "[root] module.private_subnet_az3.output.aws_subnet_cidr_block"
510 | 		"[root] module.security_group_efs_group_rule_allow_2049.var.security_group_id" -> "[root] module.security_group_efs.output.aws_security_group_id"
511 | 		"[root] module.security_group_elb.aws_security_group.main" -> "[root] module.security_group_elb.provider.aws"
512 | 		"[root] module.security_group_elb.aws_security_group.main" -> "[root] module.security_group_elb.var.name"
513 | 		"[root] module.security_group_elb.aws_security_group.main" -> "[root] module.security_group_elb.var.vpc_id"
514 | 		"[root] module.security_group_elb.output.aws_security_group_id" -> "[root] module.security_group_elb.aws_security_group.main"
515 | 		"[root] module.security_group_elb.provider.aws" -> "[root] provider.aws (disabled)"
516 | 		"[root] module.security_group_elb.var.name" -> "[root] var.name"
517 | 		"[root] module.security_group_elb.var.vpc_id" -> "[root] module.vpc.output.aws_vpc_id"
518 | 		"[root] module.security_group_elb_group_rule_allow_80.aws_security_group_rule.main" -> "[root] module.security_group_elb_group_rule_allow_80.provider.aws"
519 | 		"[root] module.security_group_elb_group_rule_allow_80.aws_security_group_rule.main" -> "[root] module.security_group_elb_group_rule_allow_80.var.cidr_blocks"
520 | 		"[root] module.security_group_elb_group_rule_allow_80.aws_security_group_rule.main" -> "[root] module.security_group_elb_group_rule_allow_80.var.from_port"
521 | 		"[root] module.security_group_elb_group_rule_allow_80.aws_security_group_rule.main" -> "[root] module.security_group_elb_group_rule_allow_80.var.protocol"
522 | 		"[root] module.security_group_elb_group_rule_allow_80.aws_security_group_rule.main" -> "[root] module.security_group_elb_group_rule_allow_80.var.security_group_id"
523 | 		"[root] module.security_group_elb_group_rule_allow_80.aws_security_group_rule.main" -> "[root] module.security_group_elb_group_rule_allow_80.var.to_port"
524 | 		"[root] module.security_group_elb_group_rule_allow_80.aws_security_group_rule.main" -> "[root] module.security_group_elb_group_rule_allow_80.var.type"
525 | 		"[root] module.security_group_elb_group_rule_allow_80.provider.aws" -> "[root] provider.aws (disabled)"
526 | 		"[root] module.security_group_elb_group_rule_allow_80.var.security_group_id" -> "[root] module.security_group_elb.output.aws_security_group_id"
527 | 		"[root] module.security_group_elb_group_rule_egress.aws_security_group_rule.main" -> "[root] module.security_group_elb_group_rule_egress.provider.aws"
528 | 		"[root] module.security_group_elb_group_rule_egress.aws_security_group_rule.main" -> "[root] module.security_group_elb_group_rule_egress.var.cidr_blocks"
529 | 		"[root] module.security_group_elb_group_rule_egress.aws_security_group_rule.main" -> "[root] module.security_group_elb_group_rule_egress.var.from_port"
530 | 		"[root] module.security_group_elb_group_rule_egress.aws_security_group_rule.main" -> "[root] module.security_group_elb_group_rule_egress.var.protocol"
531 | 		"[root] module.security_group_elb_group_rule_egress.aws_security_group_rule.main" -> "[root] module.security_group_elb_group_rule_egress.var.security_group_id"
532 | 		"[root] module.security_group_elb_group_rule_egress.aws_security_group_rule.main" -> "[root] module.security_group_elb_group_rule_egress.var.to_port"
533 | 		"[root] module.security_group_elb_group_rule_egress.aws_security_group_rule.main" -> "[root] module.security_group_elb_group_rule_egress.var.type"
534 | 		"[root] module.security_group_elb_group_rule_egress.provider.aws" -> "[root] provider.aws (disabled)"
535 | 		"[root] module.security_group_elb_group_rule_egress.var.cidr_blocks" -> "[root] module.private_subnet_az1.output.aws_subnet_cidr_block"
536 | 		"[root] module.security_group_elb_group_rule_egress.var.cidr_blocks" -> "[root] module.private_subnet_az2.output.aws_subnet_cidr_block"
537 | 		"[root] module.security_group_elb_group_rule_egress.var.cidr_blocks" -> "[root] module.private_subnet_az3.output.aws_subnet_cidr_block"
538 | 		"[root] module.security_group_elb_group_rule_egress.var.security_group_id" -> "[root] module.security_group_elb.output.aws_security_group_id"
539 | 		"[root] module.vpc.aws_internet_gateway.main" -> "[root] module.vpc.aws_vpc.main"
540 | 		"[root] module.vpc.aws_vpc.main" -> "[root] module.vpc.provider.aws"
541 | 		"[root] module.vpc.aws_vpc.main" -> "[root] module.vpc.var.enable_dns_hostnames"
542 | 		"[root] module.vpc.aws_vpc.main" -> "[root] module.vpc.var.tag_name"
543 | 		"[root] module.vpc.aws_vpc.main" -> "[root] module.vpc.var.vpc_cidr"
544 | 		"[root] module.vpc.output.aws_internet_gateway_id" -> "[root] module.vpc.aws_internet_gateway.main"
545 | 		"[root] module.vpc.output.aws_vpc_cidr_block" -> "[root] module.vpc.aws_vpc.main"
546 | 		"[root] module.vpc.output.aws_vpc_id" -> "[root] module.vpc.aws_vpc.main"
547 | 		"[root] module.vpc.provider.aws" -> "[root] provider.aws (disabled)"
548 | 		"[root] module.vpc.var.tag_name" -> "[root] var.name"
549 | 		"[root] module.wordpress_rds.aws_db_instance.rds" -> "[root] module.wordpress_rds.aws_db_subnet_group.rds"
550 | 		"[root] module.wordpress_rds.aws_db_instance.rds" -> "[root] module.wordpress_rds.aws_security_group.rds"
551 | 		"[root] module.wordpress_rds.aws_db_instance.rds" -> "[root] module.wordpress_rds.var.allocated_storage"
552 | 		"[root] module.wordpress_rds.aws_db_instance.rds" -> "[root] module.wordpress_rds.var.db_password"
553 | 		"[root] module.wordpress_rds.aws_db_instance.rds" -> "[root] module.wordpress_rds.var.db_username"
554 | 		"[root] module.wordpress_rds.aws_db_instance.rds" -> "[root] module.wordpress_rds.var.engine"
555 | 		"[root] module.wordpress_rds.aws_db_instance.rds" -> "[root] module.wordpress_rds.var.engine_version"
556 | 		"[root] module.wordpress_rds.aws_db_instance.rds" -> "[root] module.wordpress_rds.var.identifier"
557 | 		"[root] module.wordpress_rds.aws_db_instance.rds" -> "[root] module.wordpress_rds.var.instance_class"
558 | 		"[root] module.wordpress_rds.aws_db_instance.rds" -> "[root] module.wordpress_rds.var.parameter_group_name"
559 | 		"[root] module.wordpress_rds.aws_db_subnet_group.rds" -> "[root] module.wordpress_rds.provider.aws"
560 | 		"[root] module.wordpress_rds.aws_db_subnet_group.rds" -> "[root] module.wordpress_rds.var.db_name"
561 | 		"[root] module.wordpress_rds.aws_db_subnet_group.rds" -> "[root] module.wordpress_rds.var.subnet_ids"
562 | 		"[root] module.wordpress_rds.aws_security_group.rds" -> "[root] module.wordpress_rds.provider.aws"
563 | 		"[root] module.wordpress_rds.aws_security_group.rds" -> "[root] module.wordpress_rds.var.db_name"
564 | 		"[root] module.wordpress_rds.aws_security_group.rds" -> "[root] module.wordpress_rds.var.ingress_cidr_blocks"
565 | 		"[root] module.wordpress_rds.aws_security_group.rds" -> "[root] module.wordpress_rds.var.ingress_from_port"
566 | 		"[root] module.wordpress_rds.aws_security_group.rds" -> "[root] module.wordpress_rds.var.ingress_to_port"
567 | 		"[root] module.wordpress_rds.aws_security_group.rds" -> "[root] module.wordpress_rds.var.ingress_to_protocol"
568 | 		"[root] module.wordpress_rds.aws_security_group.rds" -> "[root] module.wordpress_rds.var.vpc_id"
569 | 		"[root] module.wordpress_rds.output.db_instance_address" -> "[root] module.wordpress_rds.aws_db_instance.rds"
570 | 		"[root] module.wordpress_rds.output.db_instance_id" -> "[root] module.wordpress_rds.aws_db_instance.rds"
571 | 		"[root] module.wordpress_rds.output.db_security_group" -> "[root] module.wordpress_rds.aws_security_group.rds"
572 | 		"[root] module.wordpress_rds.output.subnet_group" -> "[root] module.wordpress_rds.aws_db_subnet_group.rds"
573 | 		"[root] module.wordpress_rds.provider.aws" -> "[root] provider.aws (disabled)"
574 | 		"[root] module.wordpress_rds.var.ingress_cidr_blocks" -> "[root] module.private_subnet_az1.output.aws_subnet_cidr_block"
575 | 		"[root] module.wordpress_rds.var.ingress_cidr_blocks" -> "[root] module.private_subnet_az2.output.aws_subnet_cidr_block"
576 | 		"[root] module.wordpress_rds.var.ingress_cidr_blocks" -> "[root] module.private_subnet_az3.output.aws_subnet_cidr_block"
577 | 		"[root] module.wordpress_rds.var.subnet_ids" -> "[root] module.private_subnet_az1.output.aws_subnet_id"
578 | 		"[root] module.wordpress_rds.var.subnet_ids" -> "[root] module.private_subnet_az2.output.aws_subnet_id"
579 | 		"[root] module.wordpress_rds.var.subnet_ids" -> "[root] module.private_subnet_az3.output.aws_subnet_id"
580 | 		"[root] module.wordpress_rds.var.vpc_id" -> "[root] module.vpc.output.aws_vpc_id"
581 | 		"[root] module.wordpress_service.aws_ecs_service.main" -> "[root] module.wordpress_service.aws_ecs_task_definition.wordpress"
582 | 		"[root] module.wordpress_service.aws_ecs_service.main" -> "[root] module.wordpress_service.var.cluster_id"
583 | 		"[root] module.wordpress_service.aws_ecs_service.main" -> "[root] module.wordpress_service.var.container_name"
584 | 		"[root] module.wordpress_service.aws_ecs_service.main" -> "[root] module.wordpress_service.var.container_port"
585 | 		"[root] module.wordpress_service.aws_ecs_service.main" -> "[root] module.wordpress_service.var.desired_count"
586 | 		"[root] module.wordpress_service.aws_ecs_service.main" -> "[root] module.wordpress_service.var.elb_name"
587 | 		"[root] module.wordpress_service.aws_ecs_service.main" -> "[root] module.wordpress_service.var.iam_role_arn"
588 | 		"[root] module.wordpress_service.aws_ecs_service.main" -> "[root] module.wordpress_service.var.minimum_healthy_percent"
589 | 		"[root] module.wordpress_service.aws_ecs_service.main" -> "[root] module.wordpress_service.var.name"
590 | 		"[root] module.wordpress_service.aws_ecs_task_definition.wordpress" -> "[root] module.wordpress_service.data.template_file.wordpress_task"
591 | 		"[root] module.wordpress_service.aws_ecs_task_definition.wordpress" -> "[root] module.wordpress_service.provider.aws"
592 | 		"[root] module.wordpress_service.aws_ecs_task_definition.wordpress" -> "[root] module.wordpress_service.var.task_definition_family_name"
593 | 		"[root] module.wordpress_service.aws_ecs_task_definition.wordpress" -> "[root] module.wordpress_service.var.task_definition_volume_name"
594 | 		"[root] module.wordpress_service.aws_ecs_task_definition.wordpress" -> "[root] module.wordpress_service.var.task_definition_volume_path"
595 | 		"[root] module.wordpress_service.data.template_file.wordpress_task" -> "[root] module.wordpress_service.provider.template"
596 | 		"[root] module.wordpress_service.data.template_file.wordpress_task" -> "[root] module.wordpress_service.var.service_command"
597 | 		"[root] module.wordpress_service.data.template_file.wordpress_task" -> "[root] module.wordpress_service.var.service_container_path"
598 | 		"[root] module.wordpress_service.data.template_file.wordpress_task" -> "[root] module.wordpress_service.var.service_container_port"
599 | 		"[root] module.wordpress_service.data.template_file.wordpress_task" -> "[root] module.wordpress_service.var.service_cpu"
600 | 		"[root] module.wordpress_service.data.template_file.wordpress_task" -> "[root] module.wordpress_service.var.service_essential"
601 | 		"[root] module.wordpress_service.data.template_file.wordpress_task" -> "[root] module.wordpress_service.var.service_host_port"
602 | 		"[root] module.wordpress_service.data.template_file.wordpress_task" -> "[root] module.wordpress_service.var.service_image_tag"
603 | 		"[root] module.wordpress_service.data.template_file.wordpress_task" -> "[root] module.wordpress_service.var.service_memory"
604 | 		"[root] module.wordpress_service.data.template_file.wordpress_task" -> "[root] module.wordpress_service.var.service_name"
605 | 		"[root] module.wordpress_service.data.template_file.wordpress_task" -> "[root] module.wordpress_service.var.service_protocol"
606 | 		"[root] module.wordpress_service.data.template_file.wordpress_task" -> "[root] module.wordpress_service.var.service_repository_url"
607 | 		"[root] module.wordpress_service.data.template_file.wordpress_task" -> "[root] module.wordpress_service.var.service_source_volume"
608 | 		"[root] module.wordpress_service.data.template_file.wordpress_task" -> "[root] module.wordpress_service.var.wordpress_db_host"
609 | 		"[root] module.wordpress_service.data.template_file.wordpress_task" -> "[root] module.wordpress_service.var.wordpress_db_name"
610 | 		"[root] module.wordpress_service.data.template_file.wordpress_task" -> "[root] module.wordpress_service.var.wordpress_db_password"
611 | 		"[root] module.wordpress_service.data.template_file.wordpress_task" -> "[root] module.wordpress_service.var.wordpress_db_user"
612 | 		"[root] module.wordpress_service.provider.aws" -> "[root] provider.aws (disabled)"
613 | 		"[root] module.wordpress_service.provider.template" -> "[root] provider.template (disabled)"
614 | 		"[root] module.wordpress_service.var.cluster_id" -> "[root] module.ecs_cluster.output.ecs_cluster_id"
615 | 		"[root] module.wordpress_service.var.elb_name" -> "[root] module.elb.output.elb_name"
616 | 		"[root] module.wordpress_service.var.iam_role_arn" -> "[root] module.ecs_cluster.output.ecs_service_role_arn"
617 | 		"[root] module.wordpress_service.var.service_repository_url" -> "[root] module.ecs_registry.output.url"
618 | 		"[root] module.wordpress_service.var.wordpress_db_host" -> "[root] module.wordpress_rds.output.db_instance_address"
619 | 		"[root] output.ecr_repository" -> "[root] module.ecs_registry.output.url"
620 | 		"[root] output.elb_dns" -> "[root] module.elb.output.elb_dns_name"
621 | 		"[root] provider.aws (close)" -> "[root] module.ecs_cluster.module.ecs_instances.aws_autoscaling_group.ecs_cluster"
622 | 		"[root] provider.aws (close)" -> "[root] module.ecs_cluster.module.efs.aws_efs_mount_target.main"
623 | 		"[root] provider.aws (close)" -> "[root] module.ecs_cluster.module.iam_ecs_instances_role_policy.aws_iam_role_policy.main"
624 | 		"[root] provider.aws (close)" -> "[root] module.ecs_cluster.module.iam_ecs_services_role_policy.aws_iam_role_policy.main"
625 | 		"[root] provider.aws (close)" -> "[root] module.private_subnet_az1.aws_route_table_association.route_table_association"
626 | 		"[root] provider.aws (close)" -> "[root] module.private_subnet_az1.aws_route_table_association.route_table_association_main_gateway"
627 | 		"[root] provider.aws (close)" -> "[root] module.private_subnet_az2.aws_route_table_association.route_table_association"
628 | 		"[root] provider.aws (close)" -> "[root] module.private_subnet_az2.aws_route_table_association.route_table_association_main_gateway"
629 | 		"[root] provider.aws (close)" -> "[root] module.private_subnet_az3.aws_route_table_association.route_table_association"
630 | 		"[root] provider.aws (close)" -> "[root] module.private_subnet_az3.aws_route_table_association.route_table_association_main_gateway"
631 | 		"[root] provider.aws (close)" -> "[root] module.public_subnet_az1.aws_route_table_association.route_table_association"
632 | 		"[root] provider.aws (close)" -> "[root] module.public_subnet_az1.aws_route_table_association.route_table_association_main_gateway"
633 | 		"[root] provider.aws (close)" -> "[root] module.public_subnet_az2.aws_route_table_association.route_table_association"
634 | 		"[root] provider.aws (close)" -> "[root] module.public_subnet_az2.aws_route_table_association.route_table_association_main_gateway"
635 | 		"[root] provider.aws (close)" -> "[root] module.public_subnet_az3.aws_route_table_association.route_table_association"
636 | 		"[root] provider.aws (close)" -> "[root] module.public_subnet_az3.aws_route_table_association.route_table_association_main_gateway"
637 | 		"[root] provider.aws (close)" -> "[root] module.security_group_ecs_group_egress_rule_allow_all.aws_security_group_rule.main"
638 | 		"[root] provider.aws (close)" -> "[root] module.security_group_ecs_group_rule_allow_22.aws_security_group_rule.main"
639 | 		"[root] provider.aws (close)" -> "[root] module.security_group_ecs_group_rule_allow_80.aws_security_group_rule.main"
640 | 		"[root] provider.aws (close)" -> "[root] module.security_group_efs_group_rule_allow_2049.aws_security_group_rule.main"
641 | 		"[root] provider.aws (close)" -> "[root] module.security_group_elb_group_rule_allow_80.aws_security_group_rule.main"
642 | 		"[root] provider.aws (close)" -> "[root] module.security_group_elb_group_rule_egress.aws_security_group_rule.main"
643 | 		"[root] provider.aws (close)" -> "[root] module.wordpress_service.aws_ecs_service.main"
644 | 		"[root] provider.template (close)" -> "[root] module.ecs_cluster.module.ecs_instances.data.template_file.user_data"
645 | 		"[root] provider.template (close)" -> "[root] module.wordpress_service.data.template_file.wordpress_task"
646 | 		"[root] root" -> "[root] meta.count-boundary (count boundary fixup)"
647 | 		"[root] root" -> "[root] provider.aws (close)"
648 | 		"[root] root" -> "[root] provider.template (close)"
649 | 	}
650 | }
651 | 
652 | 


--------------------------------------------------------------------------------
/terraform/environments/eu-west/main.tf:
--------------------------------------------------------------------------------
  1 | -// TODO: Add tfvars file with all variables
  2 | module "network" {
  3 |   source = "../../modules/network"
  4 |   cidr_block = "12.0.0.0/16"
  5 |   cluster_name = "${var.cluster_name}"
  6 |   cluster_id = "${var.cluster_id}"
  7 | 
  8 |   public_subnet_name = "public"
  9 |   public_subnets_az_count = 3
 10 |   public_subnets = ["12.0.0.0/24", "12.0.1.0/24", "12.0.2.0/24"]
 11 |   public_subnets_azs = ["eu-west-1a", "eu-west-1b", "eu-west-1c"]
 12 | 
 13 |   private_subnet_name = "private"
 14 |   private_subnets_az_count = 3
 15 |   private_subnets = ["12.0.5.0/24", "12.0.6.0/24", "12.0.7.0/24"]
 16 |   private_subnets_azs = ["eu-west-1a", "eu-west-1b", "eu-west-1c"]
 17 | 
 18 | }
 19 | 
 20 | /* START SG ------------------------------- */
 21 | // TODO: Add more specific security group and more customizable module: ecs (only ingress), elb (only egress), ec2 (ingress, egress), rds, etc
 22 | module "security_group_elb" {
 23 |   source = "../../modules/security-groups/sg"
 24 |   name = "${var.cluster_name}-elb-sg"
 25 |   vpc_id = "${module.network.vpc_id}"
 26 | }
 27 | 
 28 | module "security_group_elb_group_rule_allow_80" {
 29 |   source = "../../modules/security-groups/rule"
 30 |   type = "ingress"
 31 |   from_port = 80
 32 |   to_port = 80
 33 |   protocol = "tcp"
 34 |   cidr_blocks = ["0.0.0.0/0"]
 35 |   security_group_id = "${module.security_group_elb.aws_security_group_id}"
 36 | }
 37 | 
 38 | module "security_group_elb_group_rule_egress" {
 39 |   source = "../../modules/security-groups/rule"
 40 |   type = "egress"
 41 |   from_port = 80
 42 |   to_port = 80
 43 |   protocol = "tcp"
 44 |   cidr_blocks = ["0.0.0.0/0"]
 45 |   security_group_id = "${module.security_group_elb.aws_security_group_id}"
 46 | }
 47 | 
 48 | module "security_group_efs" {
 49 |   source = "../../modules/security-groups/sg"
 50 |   name = "${var.cluster_name}-efs-sg"
 51 |   vpc_id = "${module.network.vpc_id}"
 52 | }
 53 | 
 54 | module "security_group_efs_group_rule_allow_2049" {
 55 |   source = "../../modules/security-groups/rule"
 56 |   type = "ingress"
 57 |   from_port = 2049
 58 |   to_port = 2049
 59 |   protocol = "tcp"
 60 |   cidr_blocks = ["${module.network.private_subnet_cidr_blocks}"]
 61 |   security_group_id = "${module.security_group_efs.aws_security_group_id}"
 62 | }
 63 | 
 64 | module "security_group_ecs_instances" {
 65 |   source = "../../modules/security-groups/sg"
 66 |   name = "${var.cluster_name}-ecs-sg"
 67 |   vpc_id = "${module.network.vpc_id}"
 68 | }
 69 | 
 70 | module "security_group_ecs_group_rule_allow_80" {
 71 |   source = "../../modules/security-groups/rule"
 72 |   type = "ingress"
 73 |   from_port = 80
 74 |   to_port = 80
 75 |   protocol = "tcp"
 76 |   cidr_blocks = ["0.0.0.0/0"]
 77 |   security_group_id = "${module.security_group_ecs_instances.aws_security_group_id}"
 78 | }
 79 | 
 80 | module "security_group_ecs_group_egress_rule_allow_all" {
 81 |   source = "../../modules/security-groups/rule"
 82 |   type = "egress"
 83 |   from_port = 0
 84 |   to_port = 65535
 85 |   protocol = "-1"
 86 |   cidr_blocks = ["0.0.0.0/0"]
 87 |   security_group_id = "${module.security_group_ecs_instances.aws_security_group_id}"
 88 | }
 89 | /* END SG --------------------------------- */
 90 | 
 91 | /* START RDS ------------------------------- */
 92 | module "wordpress_rds" {
 93 |   source = "../../modules/rds"
 94 |   subnet_ids = ["${module.network.private_subnet_ids}"]
 95 |   identifier = "wordpress-rds"
 96 |   allocated_storage = 5
 97 |   engine = "mysql"
 98 |   engine_version = "5.7.17"
 99 |   instance_class = "db.t2.micro"
100 |   db_name = "wordpress"
101 |   db_username = "wordpress"
102 |   db_password = "s3cr3ts3cr3t"
103 |   parameter_group_name = "default.mysql5.7"
104 |   vpc_id = "${module.network.vpc_id}"
105 |   ingress_from_port = 3306
106 |   ingress_to_port = 3306
107 |   ingress_to_protocol = "tcp"
108 |   ingress_cidr_blocks = ["${module.network.private_subnet_cidr_blocks}"]
109 | }
110 | /* END RDS --------------------------------- */
111 | 
112 | /* START ECS ------------------------------- */
113 | module "ecs_registry" {
114 |   source = "../../modules/ecr-repository"
115 |   name = "wordpress"
116 | }
117 | 
118 | module "ecs_cluster" {
119 |   source = "../../modules/ecs-cluster"
120 |   ecs_cluster_name = "${var.cluster_name}"
121 | 
122 |   efs_creation_token = "${var.cluster_name}"
123 |   efs_tag_name = "${var.cluster_name}-efs"
124 |   efs_subnets_ids = ["${module.network.private_subnet_ids}"]
125 |   efs_subnets_count = 3
126 |   efs_security_groups = ["${module.security_group_efs.aws_security_group_id}"]
127 | 
128 |   ecs_efs_name = "${var.cluster_name}-efs"
129 |   ecs_service_data_dir = "/var/www/html/wordpress/" # /var/www/html/efs-mount-point/
130 |   ecs_launch_configuration_prefix_name = "${var.cluster_name}"
131 |   ecs_launch_configuration_ami_id = "ami-809f84e6"
132 |   ecs_launch_configuration_security_groups_ids = ["${module.security_group_ecs_instances.aws_security_group_id}","${module.security_group_efs.aws_security_group_id}"]
133 | 
134 |   ecs_aws_autoscaling_group_availability_zones = [
135 |     "eu-west-1a",
136 |     "eu-west-1b",
137 |     "eu-west-1c",
138 |   ]
139 |   ecs_aws_autoscaling_group_name = "ecs-demo-instances"
140 |   ecs_aws_autoscaling_group_subnet_ids = ["${module.network.private_subnet_ids}"]
141 |   ecs_aws_autoscaling_group_min_size = 2
142 |   ecs_aws_autoscaling_group_max_size = 5
143 |   ecs_aws_autoscaling_group_desired_capacity  = 2
144 | }
145 | /* END ECS --------------------------------- */
146 | 
147 | /* START ELB ------------------------------- */
148 | module "elb" {
149 |   source = "../../modules/balancers/elb"
150 |   name = "${var.cluster_name}-elb"
151 |   subnet_ids = ["${module.network.public_subnet_ids}"]
152 |   security_group_ids = ["${module.security_group_elb.aws_security_group_id}"]
153 | }
154 | /* START ELB ------------------------------- */
155 | 


--------------------------------------------------------------------------------
/terraform/environments/eu-west/outputs.tf:
--------------------------------------------------------------------------------
1 | output "ecr_repository" {
2 |   value = "${module.ecs_registry.url}"
3 | }
4 | 
5 | output "elb_dns" {
6 |   value = "${module.elb.elb_dns_name}"
7 | }
8 | 


--------------------------------------------------------------------------------
/terraform/environments/eu-west/services.tf:
--------------------------------------------------------------------------------
 1 | // TODO: Create generic services, add terraform remote state and then gets iam_role_service, cluster ecs, rds etc
 2 | // TODO: Add tfvars file with all variables
 3 | variable "service_image_tag" { default = "latest" }
 4 | 
 5 | module "wordpress_service" {
 6 |   source = "../../modules/ecs-cluster/service-wordpress"
 7 |   name = "wordpress"
 8 |   desired_count = 2
 9 |   cluster_id = "${module.ecs_cluster.ecs_cluster_id}"
10 |   iam_role_arn = "${module.ecs_cluster.ecs_service_role_arn}"
11 |   elb_name = "${module.elb.elb_name}"
12 |   container_name = "wordpress"
13 |   container_port = 80
14 | 
15 |   task_definition_family_name = "wordpress"
16 |   task_definition_volume_name = "efs-data"
17 |   task_definition_volume_path = "/var/www/html/wordpress/"
18 | 
19 |   service_name = "wordpress"
20 |   service_essential = true
21 |   service_memory = 300
22 |   service_cpu = 400
23 |   service_repository_url = "${module.ecs_registry.url}"
24 |   service_image_tag = "${var.service_image_tag}"
25 |   service_command = "apachectl -D FOREGROUND"
26 |   service_container_path = "/var/www/html/wordpress/"
27 |   service_source_volume = "efs-data"
28 |   service_host_port = 80
29 |   service_container_port = 80
30 |   service_protocol = "tcp"
31 |   wordpress_db_host = "${module.wordpress_rds.db_instance_address}"
32 |   wordpress_db_name = "wordpress"
33 |   wordpress_db_user = "wordpress"
34 |   wordpress_db_password = "s3cr3ts3cr3t"
35 | }
36 | 


--------------------------------------------------------------------------------
/terraform/environments/eu-west/variables.tf:
--------------------------------------------------------------------------------
 1 | variable "cluster_name" {
 2 |   type = "string"
 3 |   description = "Name of the cluster"
 4 | }
 5 | 
 6 | variable "cluster_id" {
 7 |   type = "string"
 8 |   description = "Id of the cluster"
 9 | }
10 | 


--------------------------------------------------------------------------------
/terraform/modules/balancers/elb/main.tf:
--------------------------------------------------------------------------------
 1 | variable "name" {}
 2 | variable "subnet_ids" { type = "list" }
 3 | variable "security_group_ids" { type = "list" }
 4 | # variable "instance_ids" {}
 5 | # variable "ssl_certificate_id" {}
 6 | 
 7 | // TODO: More customizable module
 8 | resource "aws_elb" "main" {
 9 |   name = "${var.name}"
10 |   subnets = ["${var.subnet_ids}"]
11 |   security_groups = ["${var.security_group_ids}"]
12 | 
13 |   listener {
14 |     instance_port = 80
15 |     instance_protocol = "http"
16 |     lb_port = 80
17 |     lb_protocol = "http"
18 |   }
19 | 
20 |   health_check {
21 |     healthy_threshold = 10
22 |     unhealthy_threshold = 2
23 |     timeout = 5
24 |     target = "HTTP:80/health"
25 |     interval = 30
26 |   }
27 | 
28 |   //instances = ["${split(",", var.instance_ids)}"]
29 | 
30 |   cross_zone_load_balancing = true
31 |   idle_timeout = 60
32 |   connection_draining = true
33 |   connection_draining_timeout = 300
34 | 
35 |   tags {
36 |     Name = "${var.name}"
37 |   }
38 | }
39 | 


--------------------------------------------------------------------------------
/terraform/modules/balancers/elb/outputs.tf:
--------------------------------------------------------------------------------
 1 | output "elb_dns_name" {
 2 |   value = "${aws_elb.main.dns_name}"
 3 | }
 4 | output "elb_zone_id" {
 5 |   value = "${aws_elb.main.zone_id}"
 6 | }
 7 | output "elb_id" {
 8 |   value = "${aws_elb.main.id}"
 9 | }
10 | output "elb_name" {
11 |   value = "${aws_elb.main.name}"
12 | }
13 | 


--------------------------------------------------------------------------------
/terraform/modules/ecr-repository/main.tf:
--------------------------------------------------------------------------------
 1 | variable "name" { default = "default" }
 2 | 
 3 | resource "aws_ecr_repository" "main" {
 4 |   name = "${var.name}"
 5 | }
 6 | 
 7 | output "arn" {
 8 |   value = "${aws_ecr_repository.main.arn}"
 9 | }
10 | output "id" {
11 |   value = "${aws_ecr_repository.main.registry_id}"
12 | }
13 | output "url" {
14 |   value = "${aws_ecr_repository.main.repository_url}"
15 | }
16 | 


--------------------------------------------------------------------------------
/terraform/modules/ecs-cluster/ecs/main.tf:
--------------------------------------------------------------------------------
 1 | variable "name" { default = "default" }
 2 | 
 3 | resource "aws_ecs_cluster" "main" {
 4 |   name = "${var.name}"
 5 | }
 6 | 
 7 | output "aws_ecs_cluster_main_id" {
 8 |   value = "${aws_ecs_cluster.main.id}"
 9 | }
10 | 


--------------------------------------------------------------------------------
/terraform/modules/ecs-cluster/efs/main.tf:
--------------------------------------------------------------------------------
 1 | variable "creation_token" {}
 2 | variable "performance_mode" { default = "generalPurpose" }
 3 | variable "tag_name" { default = "data" }
 4 | variable "subnets_count" {}
 5 | variable "subnets_ids" { type = "list" } // Normally private subnets
 6 | variable "security_groups" { type = "list" }
 7 | 
 8 | 
 9 | resource "aws_efs_file_system" "main" {
10 |   creation_token = "${var.creation_token}"
11 |   performance_mode = "${var.performance_mode}"
12 | 
13 |   tags {
14 |     Name = "${var.tag_name}"
15 |   }
16 | }
17 | 
18 | resource "aws_efs_mount_target" "main" {
19 |   count = "${var.subnets_count}"
20 |   file_system_id = "${aws_efs_file_system.main.id}"
21 |   subnet_id = "${element(var.subnets_ids, count.index)}"
22 |   security_groups = ["${var.security_groups}"]
23 | }
24 | 


--------------------------------------------------------------------------------
/terraform/modules/ecs-cluster/instances/main.tf:
--------------------------------------------------------------------------------
 1 | variable "ecs_cluster_name" {}
 2 | variable "service_data_dir" {}
 3 | variable "efs_name" {}
 4 | 
 5 | variable "launch_configuration_prefix_name" {}
 6 | variable "launch_configuration_ami_id" {}
 7 | variable "launch_configuration_instance_type" { default = "t2.micro" }
 8 | variable "launch_configuration_instance_profile" {}
 9 | variable "launch_configuration_security_groups_ids" { type = "list" }
10 | 
11 | variable "aws_autoscaling_group_availability_zones" { default = [] }
12 | variable "aws_autoscaling_group_name" {}
13 | variable "aws_autoscaling_group_subnet_ids" { default = [] }
14 | variable "aws_autoscaling_group_min_size" { default = 1 }
15 | variable "aws_autoscaling_group_max_size" { default = 5 }
16 | variable "aws_autoscaling_group_health_check_grace_period" { default = 300 }
17 | variable "aws_autoscaling_group_health_check_type" { default = "ELB" } //EC2
18 | variable "aws_autoscaling_group_desired_capacity" { default = 1 }
19 | 
20 | // TODO: Add data search resource for AMI: https://www.terraform.io/docs/providers/aws/d/ami.html
21 | 
22 | data "template_file" "user_data" {
23 |   template = "${file("${path.module}/user_data.sh")}"
24 |   vars {
25 |     ecs_cluster_name = "${var.ecs_cluster_name}"
26 |     efs_name = "${var.efs_name}"
27 |     service_data_dir = "${var.service_data_dir}"
28 |   }
29 | }
30 | 
31 | resource "aws_launch_configuration" "ecs_instance" {
32 |   name_prefix = "${var.launch_configuration_prefix_name}-"
33 |   image_id = "${var.launch_configuration_ami_id}"
34 |   instance_type = "${var.launch_configuration_instance_type}"
35 | 
36 |   iam_instance_profile = "${var.launch_configuration_instance_profile}"
37 | 
38 |   security_groups = ["${var.launch_configuration_security_groups_ids}"]
39 | 
40 |   user_data = "${data.template_file.user_data.rendered}"
41 | 
42 |   lifecycle {
43 |     create_before_destroy = true
44 |   }
45 | }
46 | 
47 | // TODO: aws_placement_group
48 | resource "aws_autoscaling_group" "ecs_cluster" {
49 |   name = "${var.aws_autoscaling_group_name}"
50 |   max_size = "${var.aws_autoscaling_group_max_size}"
51 |   min_size = "${var.aws_autoscaling_group_min_size}"
52 |   health_check_grace_period = "${var.aws_autoscaling_group_health_check_grace_period}"
53 |   health_check_type         = "${var.aws_autoscaling_group_health_check_type}"
54 |   desired_capacity          = "${var.aws_autoscaling_group_desired_capacity}"
55 | 
56 |   launch_configuration = "${aws_launch_configuration.ecs_instance.name}"
57 | 
58 |   vpc_zone_identifier = ["${var.aws_autoscaling_group_subnet_ids}"]
59 | 
60 |   tag {
61 |     key = "Name"
62 |     value = "${var.aws_autoscaling_group_name}"
63 |     propagate_at_launch = true
64 |   }
65 | 
66 |   lifecycle {
67 |     create_before_destroy = true
68 |     # ignore_changes = ["image_id"] # TODO: review
69 |   }
70 |   // TODO: Add more configuration options.
71 | }
72 | // TODO: Add AWS autoscaling policies: UP, DOWN, etc.
73 | // TODO: Add AWS cloudwatch metrics alarms.
74 | 


--------------------------------------------------------------------------------
/terraform/modules/ecs-cluster/instances/user_data.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # Note: get from amazon docs:
 4 | # https://aws.amazon.com/es/blogs/compute/using-amazon-efs-to-persist-data-from-amazon-ecs-containers/
 5 | # http://docs.aws.amazon.com/efs/latest/ug/getting-started.html
 6 | 
 7 | # Logging
 8 | exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1
 9 | sleep 30 # workaround -> nat dependency. TODO: fix modules dependencies
10 | #Join the default ECS cluster
11 | echo ECS_CLUSTER=${ecs_cluster_name} >> /etc/ecs/ecs.config
12 | PATH=$PATH:/usr/local/bin
13 | # Instance should be added to an security group that allows HTTP outbound
14 | yum -y update
15 | #Install jq, a JSON parser
16 | yum -y install jq
17 | #Install NFS client
18 | if ! rpm -qa | grep -qw nfs-utils; then
19 |     yum -y install nfs-utils
20 | fi
21 | if ! rpm -qa | grep -qw python27; then
22 | 	yum -y install python27
23 | fi
24 | #Install pip
25 | yum -y install bind-utils
26 | yum -y install python27-pip
27 | pip install --upgrade pip
28 | #Install awscli
29 | /usr/local/bin/pip install awscli
30 | #Upgrade to the latest version of the awscli
31 | /usr/local/bin/pip install --upgrade awscli
32 | #Add support for EFS to the CLI configuration
33 | aws configure set preview.efs true
34 | #Get region of EC2 from instance metadata
35 | EC2_AVAIL_ZONE=`curl -s http://169.254.169.254/latest/meta-data/placement/availability-zone`
36 | EC2_REGION="`echo \"$EC2_AVAIL_ZONE\" | sed -e 's:\([0-9][0-9]*\)[a-z]*\$:\\1:'`"
37 | #Create mount point
38 | #mkdir /mnt/efs
39 | mkdir -p ${service_data_dir}
40 | chown ec2-user:ec2-user ${service_data_dir}
41 | #Get EFS FileSystemID attribute
42 | #Instance needs to be added to a EC2 role that give the instance at least read access to EFS
43 | EFS_FILE_SYSTEM_ID=`/usr/local/bin/aws efs describe-file-systems --region $EC2_REGION | jq '.FileSystems[]' | jq 'select(.Name=="${efs_name}")' | jq -r '.FileSystemId'`
44 | #Check to see if the variable is set. If not, then exit.
45 | if [ -z "$EFS_FILE_SYSTEM_ID" ]; then
46 | 	echo "ERROR: variable not set" 1> /etc/efssetup.log
47 | 	exit
48 | fi
49 | #Instance needs to be a member of security group that allows 2049 inbound/outbound
50 | #The security group that the instance belongs to has to be added to EFS file system configuration
51 | #Create variables for source and target
52 | DIR_SRC=$EC2_AVAIL_ZONE.$EFS_FILE_SYSTEM_ID.efs.$EC2_REGION.amazonaws.com
53 | DIR_TGT=${service_data_dir}
54 | EFS_FILE_SYSTEM_ID=``
55 | 
56 | # EFS check section
57 | EFS_STATE="unknown"
58 | until [ "$EFS_STATE" == "available" ]; do
59 |   EFS_STATE=$(aws efs describe-file-systems \
60 |     --region $EC2_REGION | jq '.FileSystems[]' | jq 'select(.Name=="${efs_name}")' | jq -r '.LifeCycleState')
61 | 
62 |   sleep 5
63 | done
64 | 
65 | EFS_IP=$DIR_SRC
66 | ip=`dig +short $EFS_IP`
67 | until [ "$ip" ]; do
68 |     sleep 5
69 |     ip=`dig +short $EFS_IP`
70 | done
71 | 
72 | #Mount EFS file system
73 | mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 $DIR_SRC:/ $DIR_TGT
74 | #Backup fstab
75 | cp -p /etc/fstab /etc/fstab.back-$(date +%F)
76 | #Append line to fstab
77 | echo -e "$DIR_SRC:/ \t\t $DIR_TGT \t\t nfs4 \t\t nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,_netdev \t\t 0 \t\t 0" | tee -a /etc/fstab
78 | 
79 | #ECS-Optimized AMI filesystem mount will not propagate to the Docker daemon until it's restarted
80 | #because the Docker daemon's mount namespace is unshared from the host's at launch.
81 | service docker restart
82 | stop ecs
83 | start ecs
84 | 


--------------------------------------------------------------------------------
/terraform/modules/ecs-cluster/main.tf:
--------------------------------------------------------------------------------
  1 | variable "ecs_cluster_name" {}
  2 | variable "ecs_efs_name" {}
  3 | variable "ecs_service_data_dir" {}
  4 | variable "efs_creation_token" {}
  5 | variable "efs_tag_name" {}
  6 | variable "efs_subnets_count" {}
  7 | variable "efs_subnets_ids" { type = "list" }
  8 | variable "efs_security_groups" { type = "list" }
  9 | 
 10 | variable "ecs_launch_configuration_prefix_name" {}
 11 | variable "ecs_launch_configuration_ami_id" {}
 12 | variable "ecs_launch_configuration_security_groups_ids" { type = "list" }
 13 | 
 14 | variable "ecs_aws_autoscaling_group_availability_zones" { type = "list" }
 15 | variable "ecs_aws_autoscaling_group_name" {}
 16 | variable "ecs_aws_autoscaling_group_subnet_ids" { type = "list" }
 17 | variable "ecs_aws_autoscaling_group_min_size" {}
 18 | variable "ecs_aws_autoscaling_group_max_size" {}
 19 | variable "ecs_aws_autoscaling_group_desired_capacity" {}
 20 | 
 21 | // TODO: add conditionals to improve reusability
 22 | 
 23 | module "ecs" {
 24 |   source = "./ecs"
 25 |   name = "${var.ecs_cluster_name}"
 26 | }
 27 | 
 28 | module "efs" {
 29 |   source = "./efs"
 30 |   creation_token = "${var.efs_creation_token}"
 31 |   tag_name = "${var.efs_tag_name}"
 32 |   subnets_count = "${var.efs_subnets_count}"
 33 |   subnets_ids = ["${var.efs_subnets_ids}"]
 34 |   security_groups = ["${var.efs_security_groups}"]
 35 | }
 36 | 
 37 | module "ecs_instances" {
 38 |   source = "./instances"
 39 | 
 40 |   ecs_cluster_name = "${var.ecs_cluster_name}"
 41 |   efs_name = "${var.ecs_efs_name}"
 42 |   service_data_dir = "${var.ecs_service_data_dir}"
 43 | 
 44 |   launch_configuration_prefix_name = "${var.ecs_launch_configuration_prefix_name}"
 45 |   launch_configuration_ami_id = "${var.ecs_launch_configuration_ami_id}"
 46 |   launch_configuration_instance_profile = "${module.iam_ecs_instances_profile.id}"
 47 |   launch_configuration_security_groups_ids = ["${var.ecs_launch_configuration_security_groups_ids}"]
 48 | 
 49 |   aws_autoscaling_group_availability_zones = ["${var.ecs_aws_autoscaling_group_availability_zones}"]
 50 |   aws_autoscaling_group_name = "${var.ecs_aws_autoscaling_group_name}"
 51 |   aws_autoscaling_group_subnet_ids = ["${var.ecs_aws_autoscaling_group_subnet_ids}"]
 52 |   aws_autoscaling_group_min_size = "${var.ecs_aws_autoscaling_group_min_size}"
 53 |   aws_autoscaling_group_max_size = "${var.ecs_aws_autoscaling_group_max_size}"
 54 |   aws_autoscaling_group_health_check_grace_period = 300
 55 |   aws_autoscaling_group_health_check_type = "ELB"
 56 |   aws_autoscaling_group_desired_capacity = "${var.ecs_aws_autoscaling_group_desired_capacity}"
 57 | }
 58 | 
 59 | module "iam_ecs_instances_role" {
 60 |   source = "../iam/role"
 61 |   name = "${var.ecs_cluster_name}-ecs-instances-role"
 62 |   assume_role_policy = <<EOF
 63 | {
 64 |   "Version": "2012-10-17",
 65 |   "Statement": [
 66 |     {
 67 |       "Action": "sts:AssumeRole",
 68 |       "Principal": {
 69 |         "Service": "ec2.amazonaws.com"
 70 |       },
 71 |       "Effect": "Allow",
 72 |       "Sid": ""
 73 |     }
 74 |   ]
 75 | }
 76 | EOF
 77 | }
 78 | 
 79 | module "iam_ecs_instances_role_policy" {
 80 |   source = "../iam/role_policy"
 81 |   name = "${var.ecs_cluster_name}-ecs-instances-role-policy"
 82 |   role_id = "${module.iam_ecs_instances_role.id}"
 83 |   policy = <<EOF
 84 | {
 85 |   "Version": "2012-10-17",
 86 |   "Statement": [
 87 |     {
 88 |       "Effect": "Allow",
 89 |       "Action": [
 90 |         "ecs:CreateCluster",
 91 |         "ecs:DeregisterContainerInstance",
 92 |         "ecs:DiscoverPollEndpoint",
 93 |         "ecs:Poll",
 94 |         "ecs:RegisterContainerInstance",
 95 |         "ecs:StartTelemetrySession",
 96 |         "ecs:UpdateContainerInstancesState",
 97 |         "ecs:Submit*",
 98 |         "ecr:GetAuthorizationToken",
 99 |         "ecr:BatchCheckLayerAvailability",
100 |         "ecr:GetDownloadUrlForLayer",
101 |         "ecr:BatchGetImage",
102 |         "logs:CreateLogStream",
103 |         "logs:PutLogEvents",
104 |         "elasticfilesystem:DescribeFileSystems"
105 |       ],
106 |       "Resource": "*"
107 |     }
108 |   ]
109 | }
110 | EOF
111 | }
112 | 
113 | module "iam_ecs_instances_profile" {
114 |   source = "../iam/instance_profile"
115 |   name = "${var.ecs_cluster_name}-ecs-instances-role-policy"
116 |   role = "${module.iam_ecs_instances_role.id}"
117 | }
118 | 
119 | module "iam_ecs_service_role" {
120 |   source = "../iam/role"
121 |   name = "${var.ecs_cluster_name}-ecs-service-role"
122 |   assume_role_policy = <<EOF
123 | {
124 |   "Version": "2012-10-17",
125 |   "Statement": [
126 |     {
127 |       "Action": "sts:AssumeRole",
128 |       "Principal": {
129 |         "Service": "ecs.amazonaws.com"
130 |       },
131 |       "Effect": "Allow",
132 |       "Sid": ""
133 |     }
134 |   ]
135 | }
136 | EOF
137 | }
138 | 
139 | module "iam_ecs_services_role_policy" {
140 |   source = "../iam/role_policy"
141 |   name = "${var.ecs_cluster_name}-ecs-services-instances-role-policy"
142 |   role_id = "${module.iam_ecs_service_role.id}"
143 |   policy = <<EOF
144 | {
145 |   "Version": "2012-10-17",
146 |   "Statement": [
147 |     {
148 |       "Effect": "Allow",
149 |       "Action": [
150 |         "ec2:AuthorizeSecurityGroupIngress",
151 |         "ec2:Describe*",
152 |         "elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
153 |         "elasticloadbalancing:Describe*",
154 |         "elasticloadbalancing:RegisterInstancesWithLoadBalancer"
155 |       ],
156 |       "Resource": "*"
157 |     }
158 |   ]
159 | }
160 | EOF
161 | }
162 | 


--------------------------------------------------------------------------------
/terraform/modules/ecs-cluster/outputs.tf:
--------------------------------------------------------------------------------
 1 | output "ecs_cluster_id" {
 2 |   value = "${module.ecs.aws_ecs_cluster_main_id}"
 3 | }
 4 | output "ecs_service_role_id" {
 5 |   value = "${module.iam_ecs_service_role.id}"
 6 | }
 7 | output "ecs_service_role_arn" {
 8 |   value = "${module.iam_ecs_service_role.arn}"
 9 | }
10 | 


--------------------------------------------------------------------------------
/terraform/modules/ecs-cluster/service-wordpress/main.tf:
--------------------------------------------------------------------------------
 1 | data "template_file" "wordpress_task" {
 2 |   template = "${file("${path.module}/task-definitions/service.json")}"
 3 |   vars {
 4 |     name = "${var.service_name}"
 5 |     essential = "${var.service_essential}"
 6 |     memory = "${var.service_memory}"
 7 |     cpu = "${var.service_cpu}"
 8 |     repository_url = "${var.service_repository_url}"
 9 |     image_tag = "${var.service_image_tag}"
10 |     command = "${var.service_command}"
11 |     container_path = "${var.service_container_path}"
12 |     source_volume = "${var.service_source_volume}"
13 |     host_port = "${var.service_host_port}"
14 |     container_port = "${var.service_container_port}"
15 |     protocol = "${var.service_protocol}"
16 |     wordpress_db_host = "${var.wordpress_db_host}"
17 |     wordpress_db_name = "${var.wordpress_db_name}"
18 |     wordpress_db_user = "${var.wordpress_db_user}"
19 |     wordpress_db_password = "${var.wordpress_db_password}"
20 |   }
21 | }
22 | 
23 | resource "aws_ecs_task_definition" "wordpress" {
24 |   family = "${var.task_definition_family_name}"
25 |   container_definitions = "${data.template_file.wordpress_task.rendered}"
26 |   volume {
27 |     name = "${var.task_definition_volume_name}"
28 |     host_path = "${var.task_definition_volume_path}"
29 |   }
30 |   // TODO: placement_constraints and add other options.
31 | }
32 | 
33 | resource "aws_ecs_service" "main" {
34 |     name = "${var.name}"
35 |     cluster = "${var.cluster_id}"
36 |     task_definition = "${aws_ecs_task_definition.wordpress.arn}"
37 |     desired_count = "${var.desired_count}"
38 |     deployment_minimum_healthy_percent = "${var.minimum_healthy_percent}"
39 |     iam_role = "${var.iam_role_arn}"
40 | 
41 |     load_balancer {
42 |         elb_name = "${var.elb_name}"
43 |         container_name = "${var.container_name}"
44 |         container_port = "${var.container_port}"
45 |     }
46 | 
47 |     // TODO:   iam_role        = "${aws_iam_role.foo.arn}" depends_on      = ["aws_iam_role_policy.foo"]
48 |     // TODO: placement_strategy
49 |     // TODO: placement_constraints
50 |     // TODO: Add logs
51 |     // TODO: Add healthy checks
52 |     // TODO: Add ALB conditional
53 | }
54 | 


--------------------------------------------------------------------------------
/terraform/modules/ecs-cluster/service-wordpress/task-definitions/service.json:
--------------------------------------------------------------------------------
 1 | [
 2 |   {
 3 |     "name": "${name}",
 4 |     "essential": true,
 5 |     "memory": ${memory},
 6 |     "cpu": ${cpu},
 7 |     "image": "${repository_url}:${image_tag}",
 8 |     "command": [
 9 |       "apachectl", "-D", "FOREGROUND"
10 |     ],
11 |     "environment": [
12 |       { "name": "WORDPRESS_DB_HOST", "value": "${wordpress_db_host}" },
13 |       { "name": "WORDPRESS_DB_NAME", "value": "${wordpress_db_name}" },
14 |       { "name": "WORDPRESS_DB_USER", "value": "${wordpress_db_user}" },
15 |       { "name": "WORDPRESS_DB_PASSWORD", "value": "${wordpress_db_password}" }
16 |     ],
17 |     "mountPoints": [
18 |       {
19 |         "ContainerPath": "${container_path}",
20 |         "SourceVolume": "${source_volume}",
21 |         "ReadOnly": false
22 |       }
23 |     ],
24 |     "portMappings": [
25 |       {
26 |         "hostPort": ${host_port},
27 |         "containerPort": ${container_port},
28 |         "protocol": "${protocol}"
29 |       }
30 |     ]
31 |   }
32 | ]
33 | 


--------------------------------------------------------------------------------
/terraform/modules/ecs-cluster/service-wordpress/variables.tf:
--------------------------------------------------------------------------------
 1 | variable "name" {}
 2 | variable "desired_count" { default = 1 }
 3 | variable "minimum_healthy_percent" { default = 50 }
 4 | variable "cluster_id" {}
 5 | variable "iam_role_arn" {}
 6 | variable "elb_name" {}
 7 | variable "container_name" {}
 8 | variable "container_port" { default = 80 }
 9 | 
10 | variable "task_definition_family_name" {}
11 | variable "task_definition_volume_name" { default = "efs-data" }
12 | variable "task_definition_volume_path" { default = "/mnt/efs/data" }
13 | 
14 | variable "service_name" {}
15 | variable "service_essential" { default = true }
16 | variable "service_memory" { default = 1024 }
17 | variable "service_cpu" { default = 1024 }
18 | variable "service_repository_url" {}
19 | variable "service_image_tag" { }
20 | variable "service_command" { }
21 | variable "service_container_path" { default = "/var/www/html/" }
22 | variable "service_source_volume" {}
23 | variable "service_host_port" { default = 80 }
24 | variable "service_container_port" { default = 80 }
25 | variable "service_protocol" { default = "tcp" }
26 | variable "wordpress_db_host" {}
27 | variable "wordpress_db_name" {}
28 | variable "wordpress_db_user" {}
29 | variable "wordpress_db_password" {}
30 | 


--------------------------------------------------------------------------------
/terraform/modules/iam/instance_profile/main.tf:
--------------------------------------------------------------------------------
 1 | variable "name" {}
 2 | variable "role" {}
 3 | 
 4 | resource "aws_iam_instance_profile" "main" {
 5 |   name = "${var.name}"
 6 |   role = "${var.role}"
 7 | }
 8 | 
 9 | output "id" {
10 |   value = "${aws_iam_instance_profile.main.id}"
11 | }
12 | output "name" {
13 |   value = "${aws_iam_instance_profile.main.name}"
14 | }
15 | 


--------------------------------------------------------------------------------
/terraform/modules/iam/role/main.tf:
--------------------------------------------------------------------------------
 1 | variable "name" {}
 2 | variable "assume_role_policy" {}
 3 | 
 4 | resource "aws_iam_role" "main" {
 5 |   name = "${var.name}"
 6 |   assume_role_policy = "${var.assume_role_policy}"
 7 | }
 8 | 
 9 | output "id" {
10 |   value = "${aws_iam_role.main.id}"
11 | }
12 | output "arn" {
13 |   value = "${aws_iam_role.main.arn}"
14 | }
15 | output "name" {
16 |   value = "${aws_iam_role.main.name}"
17 | }
18 | 


--------------------------------------------------------------------------------
/terraform/modules/iam/role_policy/main.tf:
--------------------------------------------------------------------------------
 1 | variable "name" {}
 2 | variable "role_id" {}
 3 | variable "policy" {}
 4 | 
 5 | resource "aws_iam_role_policy" "main" {
 6 |   name = "${var.name}"
 7 |   role = "${var.role_id}"
 8 |   policy = "${var.policy}"
 9 | }
10 | 
11 | output "id" {
12 |   value = "${aws_iam_role_policy.main.id}"
13 | }
14 | output "name" {
15 |   value = "${aws_iam_role_policy.main.name}"
16 | }
17 | 


--------------------------------------------------------------------------------
/terraform/modules/network/network.tf:
--------------------------------------------------------------------------------
 1 | module "vpc" {
 2 |   source = "vpc"
 3 |   cidr_block = "${var.cidr_block}"
 4 |   cluster_name = "${var.cluster_name}"
 5 |   cluster_id = "${var.cluster_id}"
 6 | }
 7 | 
 8 | module "public_subnets" {
 9 |   source = "subnet"
10 |   vpc_id = "${module.vpc.vpc_id}"
11 |   vpc_cidr_block = "${module.vpc.cidr_block}"
12 |   internet_gateway_id = "${module.vpc.internet_gateway_id}"
13 |   subnet_name = "${var.public_subnet_name}"
14 |   subnets_az_count = "${var.public_subnets_az_count}" // TODO: add extra az
15 |   is_public = "${var.public_is_public}"
16 |   subnets = ["${var.public_subnets}"]
17 |   subnets_azs = ["${var.public_subnets_azs}"]
18 |   cluster_name = "${var.cluster_name}"
19 |   cluster_id = "${var.cluster_id}"
20 | }
21 | 
22 | module "private_subnets" {
23 |   source = "subnet"
24 |   vpc_id = "${module.vpc.vpc_id}"
25 |   vpc_cidr_block = "${module.vpc.cidr_block}"
26 |   subnet_name = "${var.private_subnet_name}"
27 |   subnets_az_count = "${var.private_subnets_az_count}" // TODO: add extra az
28 |   is_public = "${var.private_is_public}"
29 |   subnets = ["${var.private_subnets}"]
30 |   subnets_azs = ["${var.private_subnets_azs}"]
31 |   cluster_name = "${var.cluster_name}"
32 |   cluster_id = "${var.cluster_id}"
33 |   nat_gateway_ids = ["${module.public_subnets.nat_gateway_ids}"]
34 | }
35 | 


--------------------------------------------------------------------------------
/terraform/modules/network/outputs.tf:
--------------------------------------------------------------------------------
 1 | output "vpc_id" {
 2 |   value = "${module.vpc.vpc_id}"
 3 | }
 4 | 
 5 | output "public_subnet_ids" {
 6 |   value = "${module.public_subnets.subnet_ids}"
 7 | }
 8 | 
 9 | output "public_subnet_cidr_blocks" {
10 |   value = "${module.public_subnets.subnet_cidr_blocks}"
11 | }
12 | 
13 | output "nat_gateway_ids" {
14 |   value = "${module.public_subnets.nat_gateway_ids}"
15 | }
16 | 
17 | output "private_subnet_ids" {
18 |   value = "${module.private_subnets.subnet_ids}"
19 | }
20 | 
21 | output "private_subnet_cidr_blocks" {
22 |   value = "${module.private_subnets.subnet_cidr_blocks}"
23 | }
24 | 


--------------------------------------------------------------------------------
/terraform/modules/network/subnet/outputs.tf:
--------------------------------------------------------------------------------
 1 | output "subnet_ids" {
 2 |   value = ["${aws_subnet.subnet.*.id}"]
 3 | }
 4 | 
 5 | output "subnet_cidr_blocks" {
 6 |   value = ["${aws_subnet.subnet.*.cidr_block}"]
 7 | }
 8 | 
 9 | output "nat_gateway_ids" {
10 |   value = ["${split(",", var.is_public ? join(",", aws_nat_gateway.nat_gateway.*.id) : "")}"]
11 | }
12 | 


--------------------------------------------------------------------------------
/terraform/modules/network/subnet/private.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_route_table" "private" {
 2 |   count = "${var.is_public ? 0 : var.subnets_az_count}"
 3 |   vpc_id = "${var.vpc_id}"
 4 | 
 5 |   tags = "${merge(map(
 6 |     "Name", "${var.cluster_name}-${var.subnet_name}-${var.subnets_azs[count.index]}",
 7 |     "Cluster", "${var.cluster_id}"
 8 |   ), var.extra_tags)}"
 9 | }
10 | 
11 | resource "aws_route" "to_nat_gateway" {
12 |   count = "${var.is_public ? 0 : var.subnets_az_count}"
13 |   route_table_id         = "${aws_route_table.private.*.id[count.index]}"
14 |   destination_cidr_block = "0.0.0.0/0"
15 |   nat_gateway_id         = "${element(var.nat_gateway_ids, count.index)}"
16 |   depends_on             = ["aws_route_table.private"]
17 | }
18 | 
19 | resource "aws_route_table_association" "private_routing" {
20 |   count = "${var.is_public ? 0 : var.subnets_az_count}"
21 |   route_table_id = "${aws_route_table.private.*.id[count.index]}"
22 |   subnet_id      = "${aws_subnet.subnet.*.id[count.index]}"
23 | }
24 | 


--------------------------------------------------------------------------------
/terraform/modules/network/subnet/public.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_route_table" "public" {
 2 |   count = "${var.is_public}"
 3 |   vpc_id = "${var.vpc_id}"
 4 | 
 5 |   tags = "${merge(map(
 6 |     "Name", "${var.cluster_name}-${var.subnet_name}",
 7 |     "Cluster", "${var.cluster_id}"
 8 |   ), var.extra_tags)}"
 9 | }
10 | 
11 | resource "aws_main_route_table_association" "main_routing" {
12 |   count = "${var.is_public}"
13 |   vpc_id = "${var.vpc_id}"
14 |   route_table_id = "${aws_route_table.public.id}"
15 | }
16 | 
17 | resource "aws_route" "main_gateway_route" {
18 |   count = "${var.is_public}"
19 |   destination_cidr_block = "0.0.0.0/0"
20 |   route_table_id = "${aws_route_table.public.id}"
21 |   gateway_id = "${var.internet_gateway_id}"
22 | }
23 | 
24 | resource "aws_route_table_association" "public_routing" {
25 |   count = "${var.is_public ? "${length(var.subnets) > 1 ? length(var.subnets) : var.subnets_az_count}" : 0}"
26 |   route_table_id = "${aws_route_table.public.id}"
27 |   subnet_id = "${aws_subnet.subnet.*.id[count.index]}"
28 | }
29 | 
30 | resource "aws_eip" "nat_gateway_eip" {
31 |   count = "${var.is_public ? length(var.subnets) : 0}"
32 |   vpc = true
33 | }
34 | 
35 | resource "aws_nat_gateway" "nat_gateway" {
36 |   count = "${var.is_public ? var.subnets_az_count : 0}"
37 |   allocation_id = "${aws_eip.nat_gateway_eip.*.id[count.index]}"
38 |   subnet_id = "${aws_subnet.subnet.*.id[count.index]}"
39 | }
40 | 


--------------------------------------------------------------------------------
/terraform/modules/network/subnet/subnet.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_subnet" "subnet" {
 2 |   count = "${length(var.subnets) > 1 ? length(var.subnets) : var.subnets_az_count}"
 3 | 
 4 |   vpc_id = "${var.vpc_id}"
 5 | 
 6 |   cidr_block = "${length(var.subnets) > 1 ?
 7 |     "${element(var.subnets, count.index)}" :
 8 |     "${cidrsubnet(var.vpc_cidr_block, 6, count.index)}"
 9 |   }"
10 | 
11 |   availability_zone = "${var.subnets_azs[count.index]}"
12 | 
13 |   map_public_ip_on_launch = "${var.map_public_ip_on_launch}"
14 | 
15 |   tags = "${merge(map(
16 |     "Name", "${var.cluster_name}-${var.subnet_name}-${var.subnets_azs[count.index]}",
17 |     "Cluster", "${var.cluster_id}"
18 |   ), var.extra_tags)}"
19 | }
20 | 


--------------------------------------------------------------------------------
/terraform/modules/network/subnet/variables.tf:
--------------------------------------------------------------------------------
 1 | variable "vpc_id" {
 2 |   type = "string"
 3 | }
 4 | 
 5 | variable "vpc_cidr_block" {
 6 |   type = "string"
 7 | }
 8 | 
 9 | variable "map_public_ip_on_launch" {
10 |   default = true
11 | }
12 | 
13 | variable "nat_gateway_ids" {
14 |   type = "list"
15 |   default = []
16 | }
17 | 
18 | variable "is_public" {
19 |   default = false
20 | }
21 | 
22 | variable "internet_gateway_id" {
23 |   type = "string"
24 |   default = ""
25 | }
26 | 
27 | variable "subnet_name" {
28 |   type = "string"
29 | }
30 | 
31 | variable "subnets_az_count" {
32 |   type = "string"
33 | }
34 | 
35 | variable "subnets" {
36 |   type = "list"
37 | }
38 | 
39 | variable "subnets_azs" {
40 |   type = "list"
41 | }
42 | 
43 | variable "cluster_name" {
44 |   type = "string"
45 | }
46 | 
47 | variable "cluster_id" {
48 |   type = "string"
49 | }
50 | 
51 | variable "extra_tags" {
52 |   type = "map"
53 |   default = {}
54 | }
55 | 


--------------------------------------------------------------------------------
/terraform/modules/network/variables.tf:
--------------------------------------------------------------------------------
 1 | variable "cidr_block" {
 2 |   type = "string"
 3 | }
 4 | 
 5 | variable "cluster_name" {
 6 |   type = "string"
 7 | }
 8 | 
 9 | variable "cluster_id" {
10 |   type = "string"
11 | }
12 | 
13 | variable "public_subnet_name" {
14 |   type = "string"
15 | }
16 | 
17 | variable "public_subnets_az_count" {
18 |   type = "string"
19 | }
20 | 
21 | variable "public_is_public" {
22 |   default = true
23 | }
24 | 
25 | variable "public_subnets" {
26 |   type = "list"
27 | }
28 | 
29 | variable "public_subnets_azs" {
30 |   type = "list"
31 | }
32 | 
33 | variable "private_subnet_name" {
34 |   type = "string"
35 | }
36 | 
37 | variable "private_subnets_az_count" {
38 |   type = "string"
39 | }
40 | 
41 | variable "private_is_public" {
42 |   default = false
43 | }
44 | 
45 | variable "private_subnets" {
46 |   type = "list"
47 | }
48 | 
49 | variable "private_subnets_azs" {
50 |   type = "list"
51 | }
52 | 


--------------------------------------------------------------------------------
/terraform/modules/network/vpc/main.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_vpc" "vpc" {
 2 |   cidr_block = "${var.cidr_block}"
 3 |   enable_dns_hostnames = "${var.enable_dns_hostnames}"
 4 |   tags = "${merge(map(
 5 |     "Name", "${var.cluster_name}-vpc",
 6 |     "Cluster", "${var.cluster_id}"
 7 |   ), var.extra_tags)}"
 8 | }
 9 | 
10 | resource "aws_internet_gateway" "igw" {
11 |   vpc_id = "${aws_vpc.vpc.id}"
12 |   tags = "${merge(map(
13 |     "Name", "${var.cluster_name}-igw",
14 |     "Cluster", "${var.cluster_id}"
15 |   ), var.extra_tags)}"
16 | }
17 | 


--------------------------------------------------------------------------------
/terraform/modules/network/vpc/outputs.tf:
--------------------------------------------------------------------------------
 1 | output "vpc_id" {
 2 |   value = "${aws_vpc.vpc.id}"
 3 | }
 4 | 
 5 | output "cidr_block" {
 6 |   value = "${aws_vpc.vpc.cidr_block}"
 7 | }
 8 | 
 9 | output "internet_gateway_id" {
10 |   value = "${aws_internet_gateway.igw.id}"
11 | }
12 | 


--------------------------------------------------------------------------------
/terraform/modules/network/vpc/variables.tf:
--------------------------------------------------------------------------------
 1 | variable "cidr_block" {
 2 |   type = "string"
 3 | }
 4 | 
 5 | variable "enable_dns_hostnames" {
 6 |   default = true
 7 | }
 8 | 
 9 | variable "cluster_name" {
10 |   type = "string"
11 | }
12 | 
13 | variable "cluster_id" {
14 |   type = "string"
15 | }
16 | 
17 | variable "extra_tags" {
18 |   type = "map"
19 |   default = {}
20 | }
21 | 


--------------------------------------------------------------------------------
/terraform/modules/rds/main.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_security_group" "rds" {
 2 |   name = "${var.db_name} - rds sg"
 3 |   vpc_id = "${var.vpc_id}"
 4 |   ingress {
 5 |       from_port = "${var.ingress_from_port}"
 6 |       to_port = "${var.ingress_to_port}"
 7 |       protocol = "${var.ingress_to_protocol}"
 8 |       cidr_blocks = ["${var.ingress_cidr_blocks}"]
 9 |   }
10 |   egress {
11 |       from_port = 1024
12 |       to_port = 65535
13 |       protocol = "tcp"
14 |       cidr_blocks = ["0.0.0.0/0"]
15 |   }
16 |   tags {
17 |     Name = "Allow RDS"
18 |   }
19 | }
20 | 
21 | resource "aws_db_subnet_group" "rds" {
22 |   name       = "${var.db_name} rds subnet group"
23 |   subnet_ids = ["${var.subnet_ids}"]
24 |   tags {
25 |     Name = "${var.db_name}"
26 |   }
27 | }
28 | 
29 | resource "aws_db_instance" "rds" {
30 |   identifier = "${var.identifier}"
31 |   allocated_storage = "${var.allocated_storage}"
32 |   engine = "${var.engine}"
33 |   engine_version = "${var.engine_version}"
34 |   instance_class = "${var.instance_class}"
35 |   name = "${var.db_name}"
36 |   username = "${var.db_username}"
37 |   password = "${var.db_password}"
38 |   vpc_security_group_ids = ["${aws_security_group.rds.id}"]
39 |   db_subnet_group_name = "${aws_db_subnet_group.rds.id}"
40 |   parameter_group_name = "${var.parameter_group_name}"
41 |   skip_final_snapshot = true
42 |   tags {
43 |     Name = "${var.db_name}"
44 |   }
45 |   depends_on = ["aws_security_group.rds"]
46 | }
47 | 


--------------------------------------------------------------------------------
/terraform/modules/rds/outputs.tf:
--------------------------------------------------------------------------------
 1 | output "subnet_group" {
 2 |   value = "${aws_db_subnet_group.rds.name}"
 3 | }
 4 | output "db_instance_id" {
 5 |   value = "${aws_db_instance.rds.id}"
 6 | }
 7 | output "db_instance_address" {
 8 |   value = "${aws_db_instance.rds.address}"
 9 | }
10 | output "db_security_group" {
11 |   value = "${aws_security_group.rds.id}"
12 | }
13 | 


--------------------------------------------------------------------------------
/terraform/modules/rds/variables.tf:
--------------------------------------------------------------------------------
 1 | variable "subnet_ids" { type = "list" }
 2 | variable "identifier" {}
 3 | variable "allocated_storage" { default = 5 }
 4 | variable "engine" { default = "mysql" }
 5 | variable "engine_version" { default = "5.7.17" }
 6 | variable "instance_class" { default = "db.t2.micro" }
 7 | variable "db_name" {}
 8 | variable "db_username" {}
 9 | variable "db_password" {}
10 | variable "parameter_group_name" { default = "default.mysql5.7" }
11 | variable "vpc_id" {}
12 | variable "ingress_from_port" {}
13 | variable "ingress_to_port" {}
14 | variable "ingress_to_protocol" {}
15 | variable "ingress_cidr_blocks" { type = "list" }
16 | 


--------------------------------------------------------------------------------
/terraform/modules/security-groups/rule/main.tf:
--------------------------------------------------------------------------------
 1 | variable "type" { default = "ingress" }
 2 | variable "from_port" { default = 0 }
 3 | variable "to_port" { default = 0 }
 4 | variable "protocol" { default = "tcp" }
 5 | variable "cidr_blocks" { type = "list" }
 6 | variable "security_group_id" {}
 7 | variable "source_security_group_id" { default = "" }
 8 | variable "use_cidr_blocks" { default = true }
 9 | variable "use_source_security_group" { default = false }
10 | 
11 | 
12 | resource "aws_security_group_rule" "main" {
13 |   type              = "${var.type}"
14 |   from_port         = "${var.from_port}"
15 |   to_port           = "${var.to_port}"
16 |   protocol          = "${var.protocol}"
17 |   cidr_blocks       = ["${var.cidr_blocks}"]
18 |   security_group_id = "${var.security_group_id}"
19 | }
20 | 


--------------------------------------------------------------------------------
/terraform/modules/security-groups/sg/main.tf:
--------------------------------------------------------------------------------
 1 | variable "name" {}
 2 | variable "vpc_id" {}
 3 | 
 4 | resource "aws_security_group" "main" {
 5 |   name        = "${var.name}"
 6 |   vpc_id      = "${var.vpc_id}"
 7 | 
 8 |   tags {
 9 |     Name   = "${var.name}"
10 |   }
11 | }
12 | 
13 | output "aws_security_group_id" {
14 |   value = "${aws_security_group.main.id}"
15 | }
16 | 


--------------------------------------------------------------------------------