├── log └── .keep ├── storage └── .keep ├── tmp └── .keep ├── vendor └── .keep ├── lib ├── assets │ └── .keep └── tasks │ └── .keep ├── public ├── favicon.ico ├── apple-touch-icon.png ├── apple-touch-icon-precomposed.png ├── robots.txt ├── 500.html ├── 422.html └── 404.html ├── test ├── helpers │ └── .keep ├── mailers │ └── .keep ├── models │ └── .keep ├── system │ └── .keep ├── controllers │ └── .keep ├── fixtures │ ├── .keep │ └── files │ │ └── .keep ├── integration │ └── .keep ├── application_system_test_case.rb ├── channels │ └── application_cable │ │ └── connection_test.rb └── test_helper.rb ├── app ├── assets │ ├── images │ │ └── .keep │ ├── config │ │ └── manifest.js │ └── stylesheets │ │ └── application.css ├── models │ ├── concerns │ │ └── .keep │ └── application_record.rb ├── controllers │ ├── concerns │ │ └── .keep │ ├── application_controller.rb │ ├── home_controller.rb │ └── application_controller.rb.assets ├── views │ ├── layouts │ │ ├── mailer.text.erb │ │ ├── mailer.html.erb │ │ └── application.html.erb │ └── home │ │ └── index.html.erb ├── helpers │ └── application_helper.rb ├── channels │ └── application_cable │ │ ├── channel.rb │ │ └── connection.rb ├── mailers │ └── application_mailer.rb ├── javascript │ ├── channels │ │ ├── index.js │ │ └── consumer.js │ └── packs │ │ └── application.js └── jobs │ └── application_job.rb ├── .browserslistrc ├── .ruby-version ├── versions.tf ├── outputs.tf ├── config ├── webpack │ ├── environment.js │ ├── test.js │ ├── production.js │ └── development.js ├── spring.rb ├── environment.rb ├── environment.rb.assets ├── routes.rb ├── initializers │ ├── mime_types.rb │ ├── filter_parameter_logging.rb │ ├── application_controller_renderer.rb │ ├── cookies_serializer.rb │ ├── backtrace_silencers.rb │ ├── wrap_parameters.rb │ ├── assets.rb │ ├── inflections.rb │ └── content_security_policy.rb ├── boot.rb ├── cable.yml ├── credentials.yml.enc ├── environments │ ├── production.rb.assets │ ├── test.rb │ ├── development.rb │ └── production.rb ├── application.rb ├── application.rb.assets ├── database.yml ├── locales │ └── en.yml ├── storage.yml ├── puma.rb └── webpacker.yml ├── config.ru ├── modules ├── rds │ ├── output.tf │ ├── variables.tf │ └── main.tf ├── code_pipeline │ ├── policies │ │ ├── codebuild_role.json │ │ ├── codepipeline_role.json │ │ ├── codebuild_policy.json │ │ └── codepipeline.json │ ├── variables.tf │ ├── buildspec.yml │ └── main.tf ├── ecs │ ├── policies │ │ ├── ecs-role.json │ │ ├── ecs-autoscale-role.json │ │ ├── ecs-task-execution-role.json │ │ ├── ecs-execution-role-policy.json │ │ ├── ecs-autoscale-role-policy.json │ │ └── ecs-service-role.json │ ├── outputs.tf │ ├── tasks │ │ ├── db_migrate_task_definition.json │ │ └── web_task_definition.json │ ├── variable.tf │ └── main.tf └── networking │ ├── output.tf │ ├── variables.tf │ └── main.tf ├── Rakefile ├── bin ├── rake ├── rails ├── yarn ├── webpack ├── webpack-dev-server ├── spring ├── setup └── bundle ├── Rakefile.assets ├── postcss.config.js ├── entrypoint.sh ├── db └── seeds.rb ├── package.json ├── terraform_rsa.pub ├── docker-compose.yml ├── pipeline.tf ├── production.tfvars ├── staging.tfvars ├── variables.tf ├── .gitignore ├── Dockerfile ├── babel.config.js ├── deploy.tf ├── Gemfile ├── README.md └── Gemfile.lock /log/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /storage/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tmp/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /vendor/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /lib/assets/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /lib/tasks/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /public/favicon.ico: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /test/helpers/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /test/mailers/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /test/models/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /test/system/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /app/assets/images/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /test/controllers/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /test/fixtures/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /test/integration/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /.browserslistrc: -------------------------------------------------------------------------------- 1 | defaults 2 | -------------------------------------------------------------------------------- /.ruby-version: -------------------------------------------------------------------------------- 1 | ruby-2.6.3 2 | -------------------------------------------------------------------------------- /app/models/concerns/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /public/apple-touch-icon.png: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /test/fixtures/files/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /app/controllers/concerns/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /public/apple-touch-icon-precomposed.png: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /app/views/layouts/mailer.text.erb: -------------------------------------------------------------------------------- 1 | <%= yield %> 2 | -------------------------------------------------------------------------------- /app/helpers/application_helper.rb: -------------------------------------------------------------------------------- 1 | module ApplicationHelper 2 | end 3 | -------------------------------------------------------------------------------- /versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /outputs.tf: -------------------------------------------------------------------------------- 1 | output "alb_dns_name" { 2 | value = module.ecs.alb_dns_name 3 | } 4 | 5 | -------------------------------------------------------------------------------- /app/assets/config/manifest.js: -------------------------------------------------------------------------------- 1 | //= link_tree ../images 2 | //= link_directory ../stylesheets .css 3 | -------------------------------------------------------------------------------- /app/controllers/application_controller.rb: -------------------------------------------------------------------------------- 1 | class ApplicationController < ActionController::Base 2 | end 3 | -------------------------------------------------------------------------------- /app/controllers/home_controller.rb: -------------------------------------------------------------------------------- 1 | class HomeController < ApplicationController 2 | def index;end 3 | end -------------------------------------------------------------------------------- /app/controllers/application_controller.rb.assets: -------------------------------------------------------------------------------- 1 | class ApplicationController < ActionController::Base 2 | end 3 | -------------------------------------------------------------------------------- /app/models/application_record.rb: -------------------------------------------------------------------------------- 1 | class ApplicationRecord < ActiveRecord::Base 2 | self.abstract_class = true 3 | end 4 | -------------------------------------------------------------------------------- /config/webpack/environment.js: -------------------------------------------------------------------------------- 1 | const { environment } = require('@rails/webpacker') 2 | 3 | module.exports = environment 4 | -------------------------------------------------------------------------------- /public/robots.txt: -------------------------------------------------------------------------------- 1 | # See https://www.robotstxt.org/robotstxt.html for documentation on how to use the robots.txt file 2 | -------------------------------------------------------------------------------- /app/channels/application_cable/channel.rb: -------------------------------------------------------------------------------- 1 | module ApplicationCable 2 | class Channel < ActionCable::Channel::Base 3 | end 4 | end 5 | -------------------------------------------------------------------------------- /config/spring.rb: -------------------------------------------------------------------------------- 1 | Spring.watch( 2 | ".ruby-version", 3 | ".rbenv-vars", 4 | "tmp/restart.txt", 5 | "tmp/caching-dev.txt" 6 | ) 7 | -------------------------------------------------------------------------------- /app/channels/application_cable/connection.rb: -------------------------------------------------------------------------------- 1 | module ApplicationCable 2 | class Connection < ActionCable::Connection::Base 3 | end 4 | end 5 | -------------------------------------------------------------------------------- /app/mailers/application_mailer.rb: -------------------------------------------------------------------------------- 1 | class ApplicationMailer < ActionMailer::Base 2 | default from: 'from@example.com' 3 | layout 'mailer' 4 | end 5 | -------------------------------------------------------------------------------- /config.ru: -------------------------------------------------------------------------------- 1 | # This file is used by Rack-based servers to start the application. 2 | 3 | require_relative 'config/environment' 4 | 5 | run Rails.application 6 | -------------------------------------------------------------------------------- /config/environment.rb: -------------------------------------------------------------------------------- 1 | # Load the Rails application. 2 | require_relative 'application' 3 | 4 | # Initialize the Rails application. 5 | Rails.application.initialize! 6 | -------------------------------------------------------------------------------- /config/environment.rb.assets: -------------------------------------------------------------------------------- 1 | # Load the Rails application. 2 | require_relative 'application' 3 | 4 | # Initialize the Rails application. 5 | Rails.application.initialize! 6 | -------------------------------------------------------------------------------- /modules/rds/output.tf: -------------------------------------------------------------------------------- 1 | output "rds_address" { 2 | value = "${aws_db_instance.rds.address}" 3 | } 4 | 5 | output "db_access_sg_id" { 6 | value = "${aws_security_group.db_access_sg.id}" 7 | } -------------------------------------------------------------------------------- /config/webpack/test.js: -------------------------------------------------------------------------------- 1 | process.env.NODE_ENV = process.env.NODE_ENV || 'development' 2 | 3 | const environment = require('./environment') 4 | 5 | module.exports = environment.toWebpackConfig() 6 | -------------------------------------------------------------------------------- /config/routes.rb: -------------------------------------------------------------------------------- 1 | Rails.application.routes.draw do 2 | # For details on the DSL available within this file, see https://guides.rubyonrails.org/routing.html 3 | get '/', :to => 'home#index' 4 | end 5 | -------------------------------------------------------------------------------- /config/webpack/production.js: -------------------------------------------------------------------------------- 1 | process.env.NODE_ENV = process.env.NODE_ENV || 'production' 2 | 3 | const environment = require('./environment') 4 | 5 | module.exports = environment.toWebpackConfig() 6 | -------------------------------------------------------------------------------- /config/initializers/mime_types.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Add new mime types for use in respond_to blocks: 4 | # Mime::Type.register "text/richtext", :rtf 5 | -------------------------------------------------------------------------------- /config/webpack/development.js: -------------------------------------------------------------------------------- 1 | process.env.NODE_ENV = process.env.NODE_ENV || 'development' 2 | 3 | const environment = require('./environment') 4 | 5 | module.exports = environment.toWebpackConfig() 6 | -------------------------------------------------------------------------------- /test/application_system_test_case.rb: -------------------------------------------------------------------------------- 1 | require "test_helper" 2 | 3 | class ApplicationSystemTestCase < ActionDispatch::SystemTestCase 4 | driven_by :selenium, using: :chrome, screen_size: [1400, 1400] 5 | end 6 | -------------------------------------------------------------------------------- /config/boot.rb: -------------------------------------------------------------------------------- 1 | ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../Gemfile', __dir__) 2 | 3 | require 'bundler/setup' # Set up gems listed in the Gemfile. 4 | require 'bootsnap/setup' # Speed up boot time by caching expensive operations. 5 | -------------------------------------------------------------------------------- /config/initializers/filter_parameter_logging.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Configure sensitive parameters which will be filtered from the log file. 4 | Rails.application.config.filter_parameters += [:password] 5 | -------------------------------------------------------------------------------- /Rakefile: -------------------------------------------------------------------------------- 1 | # Add your own tasks in files placed in lib/tasks ending in .rake, 2 | # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake. 3 | 4 | require_relative 'config/application' 5 | 6 | Rails.application.load_tasks 7 | -------------------------------------------------------------------------------- /app/javascript/channels/index.js: -------------------------------------------------------------------------------- 1 | // Load all the channels within this directory and all subdirectories. 2 | // Channel files must be named *_channel.js. 3 | 4 | const channels = require.context('.', true, /_channel\.js$/) 5 | channels.keys().forEach(channels) 6 | -------------------------------------------------------------------------------- /app/views/home/index.html.erb: -------------------------------------------------------------------------------- 1 |

2 | Hi, Rails app is running successfully
3 |
4 | AWS Infrastructure for this app is spin using terraform, docker and AWS codebuild

5 | 6 | Random Environment variable value: <%=ENV['RABBIT_NAME']%> 7 | 8 |

-------------------------------------------------------------------------------- /bin/rake: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | begin 3 | load File.expand_path('../spring', __FILE__) 4 | rescue LoadError => e 5 | raise unless e.message.include?('spring') 6 | end 7 | require_relative '../config/boot' 8 | require 'rake' 9 | Rake.application.run 10 | -------------------------------------------------------------------------------- /config/cable.yml: -------------------------------------------------------------------------------- 1 | development: 2 | adapter: async 3 | 4 | test: 5 | adapter: test 6 | 7 | production: 8 | adapter: redis 9 | url: <%= ENV.fetch("REDIS_URL") { "redis://localhost:6379/1" } %> 10 | channel_prefix: ruby_on_rails_terraform_production 11 | -------------------------------------------------------------------------------- /Rakefile.assets: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env rake 2 | # Add your own tasks in files placed in lib/tasks ending in .rake, 3 | # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake. 4 | 5 | require_relative 'config/application' 6 | 7 | Rails.application.load_tasks 8 | -------------------------------------------------------------------------------- /config/initializers/application_controller_renderer.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # ActiveSupport::Reloader.to_prepare do 4 | # ApplicationController.renderer.defaults.merge!( 5 | # http_host: 'example.org', 6 | # https: false 7 | # ) 8 | # end 9 | -------------------------------------------------------------------------------- /modules/code_pipeline/policies/codebuild_role.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Principal": { 7 | "Service": "codebuild.amazonaws.com" 8 | }, 9 | "Action": "sts:AssumeRole" 10 | } 11 | ] 12 | } -------------------------------------------------------------------------------- /modules/ecs/policies/ecs-role.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2008-10-17", 3 | "Statement": [ 4 | { 5 | "Action": "sts:AssumeRole", 6 | "Principal": { 7 | "Service": ["ecs.amazonaws.com", "ec2.amazonaws.com"] 8 | }, 9 | "Effect": "Allow" 10 | } 11 | ] 12 | } -------------------------------------------------------------------------------- /postcss.config.js: -------------------------------------------------------------------------------- 1 | module.exports = { 2 | plugins: [ 3 | require('postcss-import'), 4 | require('postcss-flexbugs-fixes'), 5 | require('postcss-preset-env')({ 6 | autoprefixer: { 7 | flexbox: 'no-2009' 8 | }, 9 | stage: 3 10 | }) 11 | ] 12 | } 13 | -------------------------------------------------------------------------------- /config/initializers/cookies_serializer.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Specify a serializer for the signed and encrypted cookie jars. 4 | # Valid options are :json, :marshal, and :hybrid. 5 | Rails.application.config.action_dispatch.cookies_serializer = :json 6 | -------------------------------------------------------------------------------- /modules/code_pipeline/policies/codepipeline_role.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Principal": { 7 | "Service": "codepipeline.amazonaws.com" 8 | }, 9 | "Action": "sts:AssumeRole" 10 | } 11 | ] 12 | } -------------------------------------------------------------------------------- /modules/ecs/policies/ecs-autoscale-role.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Principal": { 7 | "Service": "application-autoscaling.amazonaws.com" 8 | }, 9 | "Action": "sts:AssumeRole" 10 | } 11 | ] 12 | } -------------------------------------------------------------------------------- /bin/rails: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | begin 3 | load File.expand_path('../spring', __FILE__) 4 | rescue LoadError => e 5 | raise unless e.message.include?('spring') 6 | end 7 | APP_PATH = File.expand_path('../config/application', __dir__) 8 | require_relative '../config/boot' 9 | require 'rails/commands' 10 | -------------------------------------------------------------------------------- /modules/ecs/policies/ecs-task-execution-role.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Sid": "", 6 | "Effect": "Allow", 7 | "Principal": { 8 | "Service": "ecs-tasks.amazonaws.com" 9 | }, 10 | "Action": "sts:AssumeRole" 11 | } 12 | ] 13 | } -------------------------------------------------------------------------------- /app/javascript/channels/consumer.js: -------------------------------------------------------------------------------- 1 | // Action Cable provides the framework to deal with WebSockets in Rails. 2 | // You can generate new channels where WebSocket features live using the `rails generate channel` command. 3 | 4 | import { createConsumer } from "@rails/actioncable" 5 | 6 | export default createConsumer() 7 | -------------------------------------------------------------------------------- /app/jobs/application_job.rb: -------------------------------------------------------------------------------- 1 | class ApplicationJob < ActiveJob::Base 2 | # Automatically retry jobs that encountered a deadlock 3 | # retry_on ActiveRecord::Deadlocked 4 | 5 | # Most jobs are safe to ignore if the underlying records are no longer available 6 | # discard_on ActiveJob::DeserializationError 7 | end 8 | -------------------------------------------------------------------------------- /app/views/layouts/mailer.html.erb: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 8 | 9 | 10 | 11 | <%= yield %> 12 | 13 | 14 | -------------------------------------------------------------------------------- /entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | # Remove a potentially pre-existing server.pid for Rails. 5 | rm -f /paper_scammer_docker/tmp/pids/server.pid 6 | 7 | bundle exec rake db:create 8 | bundle exec rake db:migrate 9 | 10 | # Then exec the container's main process (what's set as CMD in the Dockerfile). 11 | exec "$@" 12 | -------------------------------------------------------------------------------- /test/channels/application_cable/connection_test.rb: -------------------------------------------------------------------------------- 1 | require "test_helper" 2 | 3 | class ApplicationCable::ConnectionTest < ActionCable::Connection::TestCase 4 | # test "connects with cookies" do 5 | # cookies.signed[:user_id] = 42 6 | # 7 | # connect 8 | # 9 | # assert_equal connection.user_id, "42" 10 | # end 11 | end 12 | -------------------------------------------------------------------------------- /bin/yarn: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | APP_ROOT = File.expand_path('..', __dir__) 3 | Dir.chdir(APP_ROOT) do 4 | begin 5 | exec "yarnpkg", *ARGV 6 | rescue Errno::ENOENT 7 | $stderr.puts "Yarn executable was not detected in the system." 8 | $stderr.puts "Download Yarn at https://yarnpkg.com/en/docs/install" 9 | exit 1 10 | end 11 | end 12 | -------------------------------------------------------------------------------- /db/seeds.rb: -------------------------------------------------------------------------------- 1 | # This file should contain all the record creation needed to seed the database with its default values. 2 | # The data can then be loaded with the rails db:seed command (or created alongside the database with db:setup). 3 | # 4 | # Examples: 5 | # 6 | # movies = Movie.create([{ name: 'Star Wars' }, { name: 'Lord of the Rings' }]) 7 | # Character.create(name: 'Luke', movie: movies.first) 8 | -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "ruby_on_rails_terraform", 3 | "private": true, 4 | "dependencies": { 5 | "@rails/actioncable": "^6.0.0-alpha", 6 | "@rails/activestorage": "^6.0.0-alpha", 7 | "@rails/ujs": "^6.0.0-alpha", 8 | "@rails/webpacker": "4.2.2", 9 | "turbolinks": "^5.2.0" 10 | }, 11 | "version": "0.1.0", 12 | "devDependencies": { 13 | "webpack-dev-server": "^3.10.1" 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /terraform_rsa.pub: -------------------------------------------------------------------------------- 1 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCk4Z2c/3Xsf6vCgYb5lbL7N4vRJ/jPGP08ObOxqSHeFwhL3W03gQg9MFKTHBtAV0n5hpR1JJSPc41OsJTCR/sfCjkiRqpa7pBNrFMMwzb6mffcC4up5ZxZCo4N9ADGR/Zp+ZlmRQBosJ4YaGID+VsORz9sc+CZ9bXc3/v1szew7A3FIKELkrOZdalp5gDSdqM/zBsxvaO12765Mm8X5Rb8t0//Hl9fYod5j0y9Msh9kwJRDZK10Fvx/ST0tQvIEPsGz0tepNMhTpatC4RqKsmqrBqamnmDywl/Lm5HIl346e+c8zvVD1XHS5fezxi6tRQ7BtoWJcoSGwWDbLHyZPG3 ajay@ajay-Lenovo-ideapad-330-15ICH 2 | -------------------------------------------------------------------------------- /app/views/layouts/application.html.erb: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | RubyOnRailsTerraform 5 | <%= csrf_meta_tags %> 6 | <%= csp_meta_tag %> 7 | 8 | <%= stylesheet_link_tag 'application', media: 'all', 'data-turbolinks-track': 'reload' %> 9 | <%= javascript_pack_tag 'application', 'data-turbolinks-track': 'reload' %> 10 | 11 | 12 | 13 | <%= yield %> 14 | 15 | 16 | -------------------------------------------------------------------------------- /test/test_helper.rb: -------------------------------------------------------------------------------- 1 | ENV['RAILS_ENV'] ||= 'test' 2 | require_relative '../config/environment' 3 | require 'rails/test_help' 4 | 5 | class ActiveSupport::TestCase 6 | # Run tests in parallel with specified workers 7 | parallelize(workers: :number_of_processors) 8 | 9 | # Setup all fixtures in test/fixtures/*.yml for all tests in alphabetical order. 10 | fixtures :all 11 | 12 | # Add more helper methods to be used by all tests here... 13 | end 14 | -------------------------------------------------------------------------------- /config/initializers/backtrace_silencers.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces. 4 | # Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ } 5 | 6 | # You can also remove all the silencers if you're trying to debug a problem that might stem from framework code. 7 | # Rails.backtrace_cleaner.remove_silencers! 8 | -------------------------------------------------------------------------------- /modules/ecs/policies/ecs-execution-role-policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "ecr:GetAuthorizationToken", 8 | "ecr:BatchCheckLayerAvailability", 9 | "ecr:GetDownloadUrlForLayer", 10 | "ecr:BatchGetImage", 11 | "logs:CreateLogStream", 12 | "logs:PutLogEvents" 13 | ], 14 | "Resource": "*" 15 | } 16 | ] 17 | } -------------------------------------------------------------------------------- /modules/networking/output.tf: -------------------------------------------------------------------------------- 1 | output "vpc_id" { 2 | value = "${aws_vpc.vpc.id}" 3 | } 4 | 5 | output "public_subnets_id" { 6 | value = "${aws_subnet.public_subnet.*.id}" 7 | } 8 | 9 | output "private_subnets_id" { 10 | value = "${aws_subnet.private_subnet.*.id}" 11 | } 12 | 13 | output "default_sg_id" { 14 | value = "${aws_security_group.default.id}" 15 | } 16 | 17 | output "security_groups_ids" { 18 | value = ["${aws_security_group.default.id}"] 19 | } -------------------------------------------------------------------------------- /config/credentials.yml.enc: -------------------------------------------------------------------------------- 1 | zVROM5v3HuhXqYzGc1iLeuE8iJy//c4I1xoVG4+xtm7RKFzyBUFqkh1wFw6ucTFMNiR9D5eXrGrePesEwceQsYADRoESEam8GxjAtpD6+bX/PHiOgPShfPEttKUqS7We3wKs2jbNQKoWLkj2uTWPbEsuMIpnxPIgtTC+LAcnSvlYFfy1mvUYhJqK5x2s7+DT7rSAzeGOmRw+7mf4I2gbedRkzG3XjLHPpMvLcS7uazqN+xz300XWQ5WW/qn8/t8r3PHxltuaIXVXexQ8FrTMrnTI0iw7QUDT2sl20zv51kN7RHJkkvZEByEpa/NSwoHSXt9uQ/hOCqSuYth/M/EmLlN+Ibl1CMz/YVICQR0qnCQqI5nXzJy7366yuq9gxMIz99KR6ugg8V70Gvf5rOefZ+j717YtZBTqwGwL--/08R1IIDCF0A+vSR--OEEVE4I6GSDe1zGnB07Ufg== -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | services: 3 | db: 4 | image: postgres:10 5 | ports: 6 | - "5432:5432" 7 | volumes: 8 | - ./tmp/db:/var/lib/postgresql/data 9 | web: 10 | build: . 11 | command: bash -c "rm -f tmp/pids/server.pid && bundle exec rails s -p 3000 -b '0.0.0.0'" 12 | volumes: 13 | - .:/rails_terraform_docker 14 | ports: 15 | - "3000:3000" 16 | links: 17 | - "db:db" 18 | depends_on: 19 | - db 20 | -------------------------------------------------------------------------------- /bin/webpack: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | 3 | ENV["RAILS_ENV"] ||= ENV["RACK_ENV"] || "development" 4 | ENV["NODE_ENV"] ||= "development" 5 | 6 | require "pathname" 7 | ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile", 8 | Pathname.new(__FILE__).realpath) 9 | 10 | require "bundler/setup" 11 | 12 | require "webpacker" 13 | require "webpacker/webpack_runner" 14 | 15 | APP_ROOT = File.expand_path("..", __dir__) 16 | Dir.chdir(APP_ROOT) do 17 | Webpacker::WebpackRunner.run(ARGV) 18 | end 19 | -------------------------------------------------------------------------------- /modules/ecs/policies/ecs-autoscale-role-policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "ecs:DescribeServices", 8 | "ecs:UpdateService" 9 | ], 10 | "Resource": [ 11 | "*" 12 | ] 13 | }, 14 | { 15 | "Effect": "Allow", 16 | "Action": [ 17 | "cloudwatch:DescribeAlarms" 18 | ], 19 | "Resource": [ 20 | "*" 21 | ] 22 | } 23 | ] 24 | } -------------------------------------------------------------------------------- /modules/ecs/policies/ecs-service-role.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "elasticloadbalancing:Describe*", 8 | "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", 9 | "elasticloadbalancing:RegisterInstancesWithLoadBalancer", 10 | "ec2:Describe*", 11 | "ec2:AuthorizeSecurityGroupIngress" 12 | ], 13 | "Resource": [ 14 | "*" 15 | ] 16 | } 17 | ] 18 | } -------------------------------------------------------------------------------- /bin/webpack-dev-server: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | 3 | ENV["RAILS_ENV"] ||= ENV["RACK_ENV"] || "development" 4 | ENV["NODE_ENV"] ||= "development" 5 | 6 | require "pathname" 7 | ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile", 8 | Pathname.new(__FILE__).realpath) 9 | 10 | require "bundler/setup" 11 | 12 | require "webpacker" 13 | require "webpacker/dev_server_runner" 14 | 15 | APP_ROOT = File.expand_path("..", __dir__) 16 | Dir.chdir(APP_ROOT) do 17 | Webpacker::DevServerRunner.run(ARGV) 18 | end 19 | -------------------------------------------------------------------------------- /config/environments/production.rb.assets: -------------------------------------------------------------------------------- 1 | Rails.application.configure do 2 | # Disable Rails's static asset server (Apache or nginx will already do this) 3 | config.serve_static_files = true 4 | 5 | # Compress JavaScripts and CSS 6 | config.assets.js_compressor = :uglifier 7 | 8 | # Don't fallback to assets pipeline if a precompiled asset is missed 9 | config.assets.compile = false 10 | 11 | # Generate digests for assets URLs 12 | config.assets.digest = true 13 | 14 | config.eager_load = true 15 | config.log_level = :info 16 | end 17 | -------------------------------------------------------------------------------- /pipeline.tf: -------------------------------------------------------------------------------- 1 | module "code_pipeline" { 2 | source = "./modules/code_pipeline" 3 | repository_url = module.ecs.repository_url 4 | region = var.region 5 | ecs_service_name = module.ecs.service_name 6 | ecs_cluster_name = module.ecs.cluster_name 7 | run_task_subnet_id = element(module.networking.private_subnets_id, 0) 8 | run_task_security_group_ids = concat([module.rds.db_access_sg_id, module.ecs.security_group_id], module.networking.security_groups_ids) 9 | } 10 | 11 | -------------------------------------------------------------------------------- /config/initializers/wrap_parameters.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # This file contains settings for ActionController::ParamsWrapper which 4 | # is enabled by default. 5 | 6 | # Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array. 7 | ActiveSupport.on_load(:action_controller) do 8 | wrap_parameters format: [:json] 9 | end 10 | 11 | # To enable root element in JSON for ActiveRecord objects. 12 | # ActiveSupport.on_load(:active_record) do 13 | # self.include_root_in_json = true 14 | # end 15 | -------------------------------------------------------------------------------- /bin/spring: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | 3 | # This file loads Spring without using Bundler, in order to be fast. 4 | # It gets overwritten when you run the `spring binstub` command. 5 | 6 | unless defined?(Spring) 7 | require 'rubygems' 8 | require 'bundler' 9 | 10 | lockfile = Bundler::LockfileParser.new(Bundler.default_lockfile.read) 11 | spring = lockfile.specs.detect { |spec| spec.name == 'spring' } 12 | if spring 13 | Gem.use_paths Gem.dir, Bundler.bundle_path.to_s, *Gem.path 14 | gem 'spring', spring.version 15 | require 'spring/binstub' 16 | end 17 | end 18 | -------------------------------------------------------------------------------- /modules/ecs/outputs.tf: -------------------------------------------------------------------------------- 1 | output "repository_url" { 2 | value = "${aws_ecr_repository.rails_terraform_app.repository_url}" 3 | } 4 | 5 | output "cluster_name" { 6 | value = "${aws_ecs_cluster.cluster.name}" 7 | } 8 | 9 | output "service_name" { 10 | value = "${aws_ecs_service.web.name}" 11 | } 12 | 13 | output "alb_dns_name" { 14 | value = "${aws_alb.alb_rails-terraform.dns_name}" 15 | } 16 | 17 | output "alb_zone_id" { 18 | value = "${aws_alb.alb_rails-terraform.zone_id}" 19 | } 20 | 21 | output "security_group_id" { 22 | value = "${aws_security_group.ecs_service.id}" 23 | } -------------------------------------------------------------------------------- /production.tfvars: -------------------------------------------------------------------------------- 1 | region = "us-east-1" 2 | domain = "railsterraform.com" 3 | 4 | /* rds */ 5 | database_name = "railsterraform_production" 6 | database_username = "railsterraform" 7 | database_password = "myawesomepasswordproduction" 8 | 9 | /* secret key */ 10 | secret_key_base = "8d412aee3ceaa494fe1c276f5f7e524b9e33f649c03690e689e5b36a0cf4ce2a6f50024bc31f276c22b668e619d61a42b79f5e595759f377a8fa373e2907f41e" 11 | 12 | rabbit_name = "Yo Yo Singh" 13 | environment = "production" 14 | 15 | availability_zones = ["us-east-1a", "us-east-1b"] 16 | -------------------------------------------------------------------------------- /staging.tfvars: -------------------------------------------------------------------------------- 1 | region = "ap-south-1" 2 | domain = "railsterraform.com" 3 | 4 | /* rds */ 5 | database_name = "railsterraform_production" 6 | database_username = "railsterraform" 7 | database_password = "myawesomepasswordproduction" 8 | 9 | /* secret key */ 10 | secret_key_base = "8d412aee3ceaa494fe1c276f5f7e524b9e33f649c03690e689e5b36a0cf4ce2a6f50024bc31f276c22b668e619d61a42b79f5e595759f377a8fa373e2907f41e" 11 | 12 | rabbit_name = "Yo Yo Singh" 13 | environment = "production" 14 | 15 | availability_zones = ["ap-south-1a", "ap-south-1b"] 16 | -------------------------------------------------------------------------------- /config/initializers/assets.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Version of your assets, change this if you want to expire all your assets. 4 | Rails.application.config.assets.version = '1.0' 5 | 6 | # Add additional assets to the asset load path. 7 | # Rails.application.config.assets.paths << Emoji.images_path 8 | # Add Yarn node_modules folder to the asset load path. 9 | Rails.application.config.assets.paths << Rails.root.join('node_modules') 10 | 11 | # Precompile additional assets. 12 | # application.js, application.css, and all non-JS/CSS in the app/assets 13 | # folder are already added. 14 | # Rails.application.config.assets.precompile += %w( admin.js admin.css ) 15 | -------------------------------------------------------------------------------- /modules/code_pipeline/variables.tf: -------------------------------------------------------------------------------- 1 | variable "repository_url" { 2 | description = "The url of the ECR repository" 3 | } 4 | 5 | variable "region" { 6 | description = "The region to use" 7 | } 8 | 9 | variable "ecs_cluster_name" { 10 | description = "The cluster that we will deploy" 11 | } 12 | 13 | variable "ecs_service_name" { 14 | description = "The ECS service that will be deployed" 15 | } 16 | 17 | variable "run_task_subnet_id" { 18 | type = "string" 19 | description = "The subnet Id where single run task will be executed" 20 | } 21 | 22 | variable "run_task_security_group_ids" { 23 | type = "list" 24 | description = "The security group Ids attached where the single run task will be executed" 25 | } -------------------------------------------------------------------------------- /config/initializers/inflections.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Add new inflection rules using the following format. Inflections 4 | # are locale specific, and you may define rules for as many different 5 | # locales as you wish. All of these examples are active by default: 6 | # ActiveSupport::Inflector.inflections(:en) do |inflect| 7 | # inflect.plural /^(ox)$/i, '\1en' 8 | # inflect.singular /^(ox)en/i, '\1' 9 | # inflect.irregular 'person', 'people' 10 | # inflect.uncountable %w( fish sheep ) 11 | # end 12 | 13 | # These inflection rules are supported but not enabled by default: 14 | # ActiveSupport::Inflector.inflections(:en) do |inflect| 15 | # inflect.acronym 'RESTful' 16 | # end 17 | -------------------------------------------------------------------------------- /config/application.rb: -------------------------------------------------------------------------------- 1 | require_relative 'boot' 2 | 3 | require 'rails/all' 4 | 5 | # Require the gems listed in Gemfile, including any gems 6 | # you've limited to :test, :development, or :production. 7 | Bundler.require(*Rails.groups) 8 | 9 | module RubyOnRailsTerraform 10 | class Application < Rails::Application 11 | # Initialize configuration defaults for originally generated Rails version. 12 | config.load_defaults 6.0 13 | 14 | # Settings in config/environments/* take precedence over those specified here. 15 | # Application configuration can go into files in config/initializers 16 | # -- all .rb files in that directory are automatically loaded after loading 17 | # the framework and any gems in your application. 18 | end 19 | end 20 | -------------------------------------------------------------------------------- /modules/networking/variables.tf: -------------------------------------------------------------------------------- 1 | variable "vpc_cidr" { 2 | description = "The CIDR block of the vpc" 3 | } 4 | 5 | variable "public_subnets_cidr" { 6 | type = "list" 7 | description = "The CIDR block for the public subnet" 8 | } 9 | 10 | variable "private_subnets_cidr" { 11 | type = "list" 12 | description = "The CIDR block for the private subnet" 13 | } 14 | 15 | variable "environment" { 16 | description = "The environment" 17 | } 18 | 19 | variable "region" { 20 | description = "The region to launch the bastion host" 21 | } 22 | 23 | variable "availability_zones" { 24 | type = "list" 25 | description = "The az that the resources will be launched" 26 | } 27 | 28 | variable "key_name" { 29 | description = "The public key for the bastion host" 30 | } -------------------------------------------------------------------------------- /app/assets/stylesheets/application.css: -------------------------------------------------------------------------------- 1 | /* 2 | * This is a manifest file that'll be compiled into application.css, which will include all the files 3 | * listed below. 4 | * 5 | * Any CSS and SCSS file within this directory, lib/assets/stylesheets, or any plugin's 6 | * vendor/assets/stylesheets directory can be referenced here using a relative path. 7 | * 8 | * You're free to add application-wide styles to this file and they'll appear at the bottom of the 9 | * compiled file so the styles you add here take precedence over styles defined in any other CSS/SCSS 10 | * files in this directory. Styles in this file should be added after the last require_* statement. 11 | * It is generally better to create a new file per style scope. 12 | * 13 | *= require_tree . 14 | *= require_self 15 | */ 16 | -------------------------------------------------------------------------------- /app/javascript/packs/application.js: -------------------------------------------------------------------------------- 1 | // This file is automatically compiled by Webpack, along with any other files 2 | // present in this directory. You're encouraged to place your actual application logic in 3 | // a relevant structure within app/javascript and only use these pack files to reference 4 | // that code so it'll be compiled. 5 | 6 | require("@rails/ujs").start() 7 | require("turbolinks").start() 8 | require("@rails/activestorage").start() 9 | require("channels") 10 | 11 | 12 | // Uncomment to copy all static images under ../images to the output folder and reference 13 | // them with the image_pack_tag helper in views (e.g <%= image_pack_tag 'rails.png' %>) 14 | // or the `imagePath` JavaScript helper below. 15 | // 16 | // const images = require.context('../images', true) 17 | // const imagePath = (name) => images(name, true) 18 | -------------------------------------------------------------------------------- /modules/ecs/tasks/db_migrate_task_definition.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "name": "db-migrate", 4 | "image": "${image}", 5 | "command": ["bundle", "exec", "rake", "db:migrate"], 6 | "memory": 300, 7 | "logConfiguration": { 8 | "logDriver": "awslogs", 9 | "options": { 10 | "awslogs-group": "${log_group}", 11 | "awslogs-region": "${region}", 12 | "awslogs-stream-prefix": "db_migrate" 13 | } 14 | }, 15 | "environment": [ 16 | { 17 | "name": "RAILS_ENV", 18 | "value": "production" 19 | }, 20 | { 21 | "name": "DATABASE_URL", 22 | "value": "${database_url}" 23 | }, 24 | { 25 | "name": "SECRET_KEY_BASE", 26 | "value": "${secret_key_base}" 27 | }, 28 | { 29 | "name": "RAILS_LOG_TO_STDOUT", 30 | "value": "true" 31 | } 32 | ] 33 | } 34 | ] 35 | -------------------------------------------------------------------------------- /variables.tf: -------------------------------------------------------------------------------- 1 | variable "region" { 2 | description = "Region that the instances will be created" 3 | } 4 | 5 | /*==== 6 | environment specific variables 7 | ======*/ 8 | 9 | variable "database_name" { 10 | description = "The database name for Production" 11 | } 12 | 13 | variable "database_username" { 14 | description = "The username for the Production database" 15 | } 16 | 17 | variable "database_password" { 18 | description = "The user password for the Production database" 19 | } 20 | 21 | variable "secret_key_base" { 22 | description = "The Rails secret key for production" 23 | } 24 | 25 | variable "domain" { 26 | default = "The domain of your application" 27 | } 28 | 29 | variable "rabbit_name" { 30 | description = "A random environment" 31 | } 32 | 33 | variable "environment" { 34 | description = "Environment for the application" 35 | } 36 | 37 | variable "availability_zones" { 38 | type = "list" 39 | } -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # See https://help.github.com/articles/ignoring-files for more about ignoring files. 2 | # 3 | # If you find yourself ignoring temporary files generated by your text editor 4 | # or operating system, you probably want to add a global ignore instead: 5 | # git config --global core.excludesfile '~/.gitignore_global' 6 | 7 | # Ignore bundler config. 8 | /.bundle 9 | 10 | # Ignore the default SQLite database. 11 | /db/*.sqlite3 12 | /db/*.sqlite3-journal 13 | 14 | # Ignore all logfiles and tempfiles. 15 | /log/* 16 | /tmp/* 17 | !/log/.keep 18 | !/tmp/.keep 19 | 20 | # Ignore uploaded files in development. 21 | /storage/* 22 | !/storage/.keep 23 | 24 | /public/assets 25 | .byebug_history 26 | 27 | # Ignore master key for decrypting credentials and more. 28 | /config/master.key 29 | 30 | /public/packs 31 | /public/packs-test 32 | /node_modules 33 | /yarn-error.log 34 | yarn-debug.log* 35 | .yarn-integrity 36 | .terraform/* -------------------------------------------------------------------------------- /modules/rds/variables.tf: -------------------------------------------------------------------------------- 1 | variable "environment" { 2 | description = "The environment" 3 | } 4 | 5 | variable "subnet_ids" { 6 | type = "list" 7 | description = "Subnet ids" 8 | } 9 | 10 | variable "vpc_id" { 11 | description = "The VPC id" 12 | } 13 | 14 | //variable "allowed_security_group_id" { 15 | // description = "The allowed security group id to connect on RDS" 16 | //} 17 | 18 | variable "allocated_storage" { 19 | default = "20" 20 | description = "The storage size in GB" 21 | } 22 | 23 | variable "instance_class" { 24 | description = "The instance type" 25 | } 26 | 27 | variable "multi_az" { 28 | default = false 29 | description = "Muti-az allowed?" 30 | } 31 | 32 | variable "database_name" { 33 | description = "The database name" 34 | } 35 | 36 | variable "database_username" { 37 | description = "The username of the database" 38 | } 39 | 40 | variable "database_password" { 41 | description = "The password of the database" 42 | } -------------------------------------------------------------------------------- /modules/code_pipeline/policies/codebuild_policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Resource": [ 7 | "*" 8 | ], 9 | "Action": [ 10 | "logs:CreateLogGroup", 11 | "logs:CreateLogStream", 12 | "logs:PutLogEvents", 13 | "ecr:GetAuthorizationToken", 14 | "ecr:InitiateLayerUpload", 15 | "ecr:UploadLayerPart", 16 | "ecr:CompleteLayerUpload", 17 | "ecr:BatchCheckLayerAvailability", 18 | "ecr:PutImage", 19 | "ecs:RunTask", 20 | "iam:PassRole" 21 | ] 22 | }, 23 | { 24 | "Effect":"Allow", 25 | "Action": [ 26 | "s3:GetObject", 27 | "s3:GetObjectVersion", 28 | "s3:GetBucketVersioning", 29 | "s3:List*", 30 | "s3:PutObject" 31 | ], 32 | "Resource": [ 33 | "${aws_s3_bucket_arn}", 34 | "${aws_s3_bucket_arn}/*" 35 | ] 36 | } 37 | ] 38 | } -------------------------------------------------------------------------------- /config/application.rb.assets: -------------------------------------------------------------------------------- 1 | 2 | require File.expand_path('../boot', __FILE__) 3 | 4 | 5 | require 'rails/all' 6 | 7 | # Require the gems listed in Gemfile, including any gems 8 | # you've limited to :test, :development, or :production. 9 | Bundler.require(*Rails.groups) 10 | 11 | module RailsTerraform 12 | class Application < Rails::Application 13 | 14 | config.logger = Logger.new(STDOUT) 15 | 16 | # Enable the asset pipeline 17 | config.assets.enabled = true 18 | 19 | # Disable application initialization during asset compilation 20 | # https://devcenter.heroku.com/articles/rails-asset-pipeline 21 | config.assets.initialize_on_precompile = false 22 | 23 | # Settings in config/environments/* take precedence over those specified here. 24 | # Application configuration can go into files in config/initializers 25 | # -- all .rb files in that directory are automatically loaded after loading 26 | # the framework and any gems in your application. 27 | end 28 | end 29 | -------------------------------------------------------------------------------- /config/database.yml: -------------------------------------------------------------------------------- 1 | # SQLite version 3.x 2 | # gem install sqlite3 3 | # 4 | # Ensure the SQLite 3 gem is defined in your Gemfile 5 | # gem 'sqlite3' 6 | # 7 | default: &default 8 | adapter: postgresql 9 | encoding: unicode 10 | pool: <%= ENV.fetch("RAILS_MAX_THREADS") { 5 } %> 11 | timeout: 5000 12 | #host: db 13 | host: localhost 14 | username: postgres 15 | password: 16 | # user: gnpsllco_papaer 17 | # password: sharma@123 18 | 19 | development: 20 | <<: *default 21 | database: rails_terraform_development 22 | #paper_scammer_development 23 | # user: postgres 24 | # password: sharma@123 25 | 26 | # Warning: The database defined as "test" will be erased and 27 | # re-generated from your development database when you run "rake". 28 | # Do not set this db to the same as development or production. 29 | test: 30 | <<: *default 31 | database: rails_terraform_test 32 | # user: postgres 33 | # password: sharma@123 34 | 35 | production: 36 | url: <%= ENV['DATABASE_URL'] %> -------------------------------------------------------------------------------- /config/locales/en.yml: -------------------------------------------------------------------------------- 1 | # Files in the config/locales directory are used for internationalization 2 | # and are automatically loaded by Rails. If you want to use locales other 3 | # than English, add the necessary files in this directory. 4 | # 5 | # To use the locales, use `I18n.t`: 6 | # 7 | # I18n.t 'hello' 8 | # 9 | # In views, this is aliased to just `t`: 10 | # 11 | # <%= t('hello') %> 12 | # 13 | # To use a different locale, set it with `I18n.locale`: 14 | # 15 | # I18n.locale = :es 16 | # 17 | # This would use the information in config/locales/es.yml. 18 | # 19 | # The following keys must be escaped otherwise they will not be retrieved by 20 | # the default I18n backend: 21 | # 22 | # true, false, on, off, yes, no 23 | # 24 | # Instead, surround them with single quotes. 25 | # 26 | # en: 27 | # 'true': 'foo' 28 | # 29 | # To learn more, please read the Rails Internationalization guide 30 | # available at https://guides.rubyonrails.org/i18n.html. 31 | 32 | en: 33 | hello: "Hello world" 34 | -------------------------------------------------------------------------------- /modules/ecs/tasks/web_task_definition.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "name": "web", 4 | "image": "${image}", 5 | "portMappings": [ 6 | { 7 | "containerPort": 80, 8 | "hostPort": 80 9 | } 10 | ], 11 | "memory": 300, 12 | "networkMode": "awsvpc", 13 | "logConfiguration": { 14 | "logDriver": "awslogs", 15 | "options": { 16 | "awslogs-group": "${log_group}", 17 | "awslogs-region": "${region}", 18 | "awslogs-stream-prefix": "web" 19 | } 20 | }, 21 | "environment": [ 22 | { 23 | "name": "RAILS_ENV", 24 | "value": "production" 25 | }, 26 | { 27 | "name": "DATABASE_URL", 28 | "value": "${database_url}" 29 | }, 30 | { 31 | "name": "SECRET_KEY_BASE", 32 | "value": "${secret_key_base}" 33 | }, 34 | { 35 | "name": "PORT", 36 | "value": "80" 37 | }, 38 | { 39 | "name": "RAILS_LOG_TO_STDOUT", 40 | "value": "true" 41 | }, 42 | { 43 | "name": "RAILS_SERVE_STATIC_FILES", 44 | "value": "true" 45 | } 46 | ] 47 | } 48 | ] 49 | -------------------------------------------------------------------------------- /modules/ecs/variable.tf: -------------------------------------------------------------------------------- 1 | variable "environment" { 2 | description = "The environment" 3 | } 4 | 5 | variable "vpc_id" { 6 | description = "The VPC id" 7 | } 8 | 9 | variable "availability_zones" { 10 | type = "list" 11 | description = "The azs to use" 12 | } 13 | 14 | variable "security_groups_ids" { 15 | type = "list" 16 | description = "The SGs to use" 17 | } 18 | 19 | variable "subnets_ids" { 20 | type = "list" 21 | description = "The private subnets to use" 22 | } 23 | 24 | variable "public_subnet_ids" { 25 | type = "list" 26 | description = "The private subnets to use" 27 | } 28 | 29 | variable "database_endpoint" { 30 | description = "The database endpoint" 31 | } 32 | 33 | variable "database_username" { 34 | description = "The database username" 35 | } 36 | 37 | variable "database_password" { 38 | description = "The database password" 39 | } 40 | 41 | variable "database_name" { 42 | description = "The database that the app will use" 43 | } 44 | 45 | variable "repository_name" { 46 | description = "The name of the repisitory" 47 | } 48 | 49 | variable "secret_key_base" { 50 | description = "The secret key base to use in the app" 51 | } -------------------------------------------------------------------------------- /bin/setup: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | require 'fileutils' 3 | 4 | # path to your application root. 5 | APP_ROOT = File.expand_path('..', __dir__) 6 | 7 | def system!(*args) 8 | system(*args) || abort("\n== Command #{args} failed ==") 9 | end 10 | 11 | FileUtils.chdir APP_ROOT do 12 | # This script is a way to setup or update your development environment automatically. 13 | # This script is idempotent, so that you can run it at anytime and get an expectable outcome. 14 | # Add necessary setup steps to this file. 15 | 16 | puts '== Installing dependencies ==' 17 | system! 'gem install bundler --conservative' 18 | system('bundle check') || system!('bundle install') 19 | 20 | # Install JavaScript dependencies 21 | # system('bin/yarn') 22 | 23 | # puts "\n== Copying sample files ==" 24 | # unless File.exist?('config/database.yml') 25 | # FileUtils.cp 'config/database.yml.sample', 'config/database.yml' 26 | # end 27 | 28 | puts "\n== Preparing database ==" 29 | system! 'bin/rails db:prepare' 30 | 31 | puts "\n== Removing old logs and tempfiles ==" 32 | system! 'bin/rails log:clear tmp:clear' 33 | 34 | puts "\n== Restarting application server ==" 35 | system! 'bin/rails restart' 36 | end 37 | -------------------------------------------------------------------------------- /config/storage.yml: -------------------------------------------------------------------------------- 1 | test: 2 | service: Disk 3 | root: <%= Rails.root.join("tmp/storage") %> 4 | 5 | local: 6 | service: Disk 7 | root: <%= Rails.root.join("storage") %> 8 | 9 | # Use rails credentials:edit to set the AWS secrets (as aws:access_key_id|secret_access_key) 10 | # amazon: 11 | # service: S3 12 | # access_key_id: <%= Rails.application.credentials.dig(:aws, :access_key_id) %> 13 | # secret_access_key: <%= Rails.application.credentials.dig(:aws, :secret_access_key) %> 14 | # region: us-east-1 15 | # bucket: your_own_bucket 16 | 17 | # Remember not to checkin your GCS keyfile to a repository 18 | # google: 19 | # service: GCS 20 | # project: your_project 21 | # credentials: <%= Rails.root.join("path/to/gcs.keyfile") %> 22 | # bucket: your_own_bucket 23 | 24 | # Use rails credentials:edit to set the Azure Storage secret (as azure_storage:storage_access_key) 25 | # microsoft: 26 | # service: AzureStorage 27 | # storage_account_name: your_account_name 28 | # storage_access_key: <%= Rails.application.credentials.dig(:azure_storage, :storage_access_key) %> 29 | # container: your_container_name 30 | 31 | # mirror: 32 | # service: Mirror 33 | # primary: local 34 | # mirrors: [ amazon, google, microsoft ] 35 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ruby:2.5.3 2 | 3 | ENV PATH /root/.yarn/bin:$PATH 4 | 5 | ARG build_without 6 | ARG rails_env 7 | RUN apt-get update -qq && apt-get install -y binutils curl git gnupg cmake python python-dev postgresql-client supervisor tar tzdata 8 | RUN apt-get install -y apt-transport-https apt-utils 9 | RUN curl -sL https://deb.nodesource.com/setup_10.x | bash - && apt-get install -y nodejs 10 | RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - 11 | RUN echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list 12 | RUN apt-get update && apt-get install -y yarn 13 | RUN mkdir /rails_terraform_docker 14 | COPY . /rails_terraform_docker 15 | WORKDIR /rails_terraform_docker 16 | 17 | RUN gem install bundler -v 2.0.2 18 | 19 | RUN bundle install 20 | RUN yarn install 21 | 22 | RUN RAILS_ENV=production NODE_ENV=production SECRET_KEY_BASE=not_set OLD_AWS_SECRET_ACCESS_KEY=not_set OLD_AWS_ACCESS_KEY_ID=not_set bundle exec rake assets:precompile 23 | 24 | # Add a script to be executed every time the container starts. 25 | COPY entrypoint.sh /usr/bin/ 26 | RUN chmod +x /usr/bin/entrypoint.sh 27 | ENTRYPOINT ["entrypoint.sh"] 28 | EXPOSE 3000 29 | 30 | # Start the main process. 31 | CMD ["rails", "server", "-b", "0.0.0.0"] -------------------------------------------------------------------------------- /modules/code_pipeline/buildspec.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | phases: 4 | pre_build: 5 | commands: 6 | - pip install awscli --upgrade --user 7 | - echo `aws --version` 8 | - echo Logging in to Amazon ECR... 9 | - $(aws ecr get-login --region ${region} --no-include-email) 10 | - REPOSITORY_URI=${repository_url} 11 | - IMAGE_TAG=$(echo $CODEBUILD_RESOLVED_SOURCE_VERSION | cut -c 1-7) 12 | - echo Entered the pre_build phase... 13 | build: 14 | commands: 15 | - echo Build started on `date` 16 | - echo Building the Docker image... 17 | - docker build --build-arg build_without="development test" --build-arg rails_env="production" -t $REPOSITORY_URI:latest . 18 | - docker tag $REPOSITORY_URI:latest $REPOSITORY_URI:$IMAGE_TAG 19 | post_build: 20 | commands: 21 | - echo Build completed on `date` 22 | - echo Pushing the Docker images... 23 | - docker push $REPOSITORY_URI:latest 24 | - docker push $REPOSITORY_URI:$IMAGE_TAG 25 | - echo Writing image definitions file... 26 | - printf '[{"name":"web","imageUri":"%s"}]' $REPOSITORY_URI:$IMAGE_TAG > imagedefinitions.json 27 | - echo upgrading db-migrate task definitions 28 | - aws ecs run-task --launch-type FARGATE --cluster ${cluster_name} --task-definition production_db_migrate --network-configuration "awsvpcConfiguration={subnets=[${subnet_id}],securityGroups=[${security_group_ids}]}" 29 | artifacts: 30 | files: imagedefinitions.json -------------------------------------------------------------------------------- /config/initializers/content_security_policy.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Define an application-wide content security policy 4 | # For further information see the following documentation 5 | # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy 6 | 7 | # Rails.application.config.content_security_policy do |policy| 8 | # policy.default_src :self, :https 9 | # policy.font_src :self, :https, :data 10 | # policy.img_src :self, :https, :data 11 | # policy.object_src :none 12 | # policy.script_src :self, :https 13 | # policy.style_src :self, :https 14 | # # If you are using webpack-dev-server then specify webpack-dev-server host 15 | # policy.connect_src :self, :https, "http://localhost:3035", "ws://localhost:3035" if Rails.env.development? 16 | 17 | # # Specify URI for violation reports 18 | # # policy.report_uri "/csp-violation-report-endpoint" 19 | # end 20 | 21 | # If you are using UJS then enable automatic nonce generation 22 | # Rails.application.config.content_security_policy_nonce_generator = -> request { SecureRandom.base64(16) } 23 | 24 | # Set the nonce only to specific directives 25 | # Rails.application.config.content_security_policy_nonce_directives = %w(script-src) 26 | 27 | # Report CSP violations to a specified URI 28 | # For further information see the following documentation: 29 | # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only 30 | # Rails.application.config.content_security_policy_report_only = true 31 | -------------------------------------------------------------------------------- /config/puma.rb: -------------------------------------------------------------------------------- 1 | # Puma can serve each request in a thread from an internal thread pool. 2 | # The `threads` method setting takes two numbers: a minimum and maximum. 3 | # Any libraries that use thread pools should be configured to match 4 | # the maximum value specified for Puma. Default is set to 5 threads for minimum 5 | # and maximum; this matches the default thread size of Active Record. 6 | # 7 | max_threads_count = ENV.fetch("RAILS_MAX_THREADS") { 5 } 8 | min_threads_count = ENV.fetch("RAILS_MIN_THREADS") { max_threads_count } 9 | threads min_threads_count, max_threads_count 10 | 11 | # Specifies the `port` that Puma will listen on to receive requests; default is 3000. 12 | # 13 | port ENV.fetch("PORT") { 3000 } 14 | 15 | # Specifies the `environment` that Puma will run in. 16 | # 17 | environment ENV.fetch("RAILS_ENV") { "development" } 18 | 19 | # Specifies the `pidfile` that Puma will use. 20 | pidfile ENV.fetch("PIDFILE") { "tmp/pids/server.pid" } 21 | 22 | # Specifies the number of `workers` to boot in clustered mode. 23 | # Workers are forked web server processes. If using threads and workers together 24 | # the concurrency of the application would be max `threads` * `workers`. 25 | # Workers do not work on JRuby or Windows (both of which do not support 26 | # processes). 27 | # 28 | # workers ENV.fetch("WEB_CONCURRENCY") { 2 } 29 | 30 | # Use the `preload_app!` method when specifying a `workers` number. 31 | # This directive tells Puma to first boot the application and load code 32 | # before forking the application. This takes advantage of Copy On Write 33 | # process behavior so workers use less memory. 34 | # 35 | # preload_app! 36 | 37 | # Allow puma to be restarted by `rails restart` command. 38 | plugin :tmp_restart 39 | -------------------------------------------------------------------------------- /public/500.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | We're sorry, but something went wrong (500) 5 | 6 | 55 | 56 | 57 | 58 | 59 |
60 |
61 |

We're sorry, but something went wrong.

62 |
63 |

If you are the application owner check the logs for more information.

64 |
65 | 66 | 67 | -------------------------------------------------------------------------------- /public/422.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | The change you wanted was rejected (422) 5 | 6 | 55 | 56 | 57 | 58 | 59 |
60 |
61 |

The change you wanted was rejected.

62 |

Maybe you tried to change something you didn't have access to.

63 |
64 |

If you are the application owner check the logs for more information.

65 |
66 | 67 | 68 | -------------------------------------------------------------------------------- /public/404.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | The page you were looking for doesn't exist (404) 5 | 6 | 55 | 56 | 57 | 58 | 59 |
60 |
61 |

The page you were looking for doesn't exist.

62 |

You may have mistyped the address or the page may have moved.

63 |
64 |

If you are the application owner check the logs for more information.

65 |
66 | 67 | 68 | -------------------------------------------------------------------------------- /babel.config.js: -------------------------------------------------------------------------------- 1 | module.exports = function(api) { 2 | var validEnv = ['development', 'test', 'production'] 3 | var currentEnv = api.env() 4 | var isDevelopmentEnv = api.env('development') 5 | var isProductionEnv = api.env('production') 6 | var isTestEnv = api.env('test') 7 | 8 | if (!validEnv.includes(currentEnv)) { 9 | throw new Error( 10 | 'Please specify a valid `NODE_ENV` or ' + 11 | '`BABEL_ENV` environment variables. Valid values are "development", ' + 12 | '"test", and "production". Instead, received: ' + 13 | JSON.stringify(currentEnv) + 14 | '.' 15 | ) 16 | } 17 | 18 | return { 19 | presets: [ 20 | isTestEnv && [ 21 | '@babel/preset-env', 22 | { 23 | targets: { 24 | node: 'current' 25 | } 26 | } 27 | ], 28 | (isProductionEnv || isDevelopmentEnv) && [ 29 | '@babel/preset-env', 30 | { 31 | forceAllTransforms: true, 32 | useBuiltIns: 'entry', 33 | corejs: 3, 34 | modules: false, 35 | exclude: ['transform-typeof-symbol'] 36 | } 37 | ] 38 | ].filter(Boolean), 39 | plugins: [ 40 | 'babel-plugin-macros', 41 | '@babel/plugin-syntax-dynamic-import', 42 | isTestEnv && 'babel-plugin-dynamic-import-node', 43 | '@babel/plugin-transform-destructuring', 44 | [ 45 | '@babel/plugin-proposal-class-properties', 46 | { 47 | loose: true 48 | } 49 | ], 50 | [ 51 | '@babel/plugin-proposal-object-rest-spread', 52 | { 53 | useBuiltIns: true 54 | } 55 | ], 56 | [ 57 | '@babel/plugin-transform-runtime', 58 | { 59 | helpers: false, 60 | regenerator: true, 61 | corejs: false 62 | } 63 | ], 64 | [ 65 | '@babel/plugin-transform-regenerator', 66 | { 67 | async: false 68 | } 69 | ] 70 | ].filter(Boolean) 71 | } 72 | } 73 | -------------------------------------------------------------------------------- /deploy.tf: -------------------------------------------------------------------------------- 1 | /*==== 2 | Variables used across all modules 3 | ======*/ 4 | locals { 5 | availability_zones = var.availability_zones 6 | } 7 | 8 | provider "aws" { 9 | region = var.region 10 | access_key = "******************************" 11 | secret_key = "******************************" 12 | } 13 | 14 | resource "aws_key_pair" "key" { 15 | key_name = "production_key" 16 | public_key = file("terraform_rsa.pub") 17 | } 18 | 19 | module "networking" { 20 | source = "./modules/networking" 21 | environment = var.environment 22 | vpc_cidr = "10.0.0.0/16" 23 | public_subnets_cidr = ["10.0.1.0/24", "10.0.2.0/24"] 24 | private_subnets_cidr = ["10.0.10.0/24", "10.0.20.0/24"] 25 | region = var.region 26 | availability_zones = local.availability_zones 27 | key_name = "production_key" 28 | } 29 | 30 | module "rds" { 31 | source = "./modules/rds" 32 | environment = var.environment 33 | allocated_storage = "20" 34 | database_name = var.database_name 35 | database_username = var.database_username 36 | database_password = var.database_password 37 | subnet_ids = module.networking.private_subnets_id 38 | vpc_id = module.networking.vpc_id 39 | instance_class = "db.t2.micro" 40 | } 41 | 42 | module "ecs" { 43 | source = "./modules/ecs" 44 | environment = var.environment 45 | vpc_id = module.networking.vpc_id 46 | availability_zones = local.availability_zones 47 | repository_name = "rails_terraform/production" 48 | subnets_ids = module.networking.private_subnets_id 49 | public_subnet_ids = module.networking.public_subnets_id 50 | security_groups_ids = concat([module.rds.db_access_sg_id], module.networking.security_groups_ids) 51 | database_endpoint = module.rds.rds_address 52 | database_name = var.database_name 53 | database_username = var.database_username 54 | database_password = var.database_password 55 | secret_key_base = var.secret_key_base 56 | } 57 | 58 | -------------------------------------------------------------------------------- /config/environments/test.rb: -------------------------------------------------------------------------------- 1 | # The test environment is used exclusively to run your application's 2 | # test suite. You never need to work with it otherwise. Remember that 3 | # your test database is "scratch space" for the test suite and is wiped 4 | # and recreated between test runs. Don't rely on the data there! 5 | 6 | Rails.application.configure do 7 | # Settings specified here will take precedence over those in config/application.rb. 8 | 9 | config.cache_classes = false 10 | 11 | # Do not eager load code on boot. This avoids loading your whole application 12 | # just for the purpose of running a single test. If you are using a tool that 13 | # preloads Rails for running tests, you may have to set it to true. 14 | config.eager_load = false 15 | 16 | # Configure public file server for tests with Cache-Control for performance. 17 | config.public_file_server.enabled = true 18 | config.public_file_server.headers = { 19 | 'Cache-Control' => "public, max-age=#{1.hour.to_i}" 20 | } 21 | 22 | # Show full error reports and disable caching. 23 | config.consider_all_requests_local = true 24 | config.action_controller.perform_caching = false 25 | config.cache_store = :null_store 26 | 27 | # Raise exceptions instead of rendering exception templates. 28 | config.action_dispatch.show_exceptions = false 29 | 30 | # Disable request forgery protection in test environment. 31 | config.action_controller.allow_forgery_protection = false 32 | 33 | # Store uploaded files on the local file system in a temporary directory. 34 | config.active_storage.service = :test 35 | 36 | config.action_mailer.perform_caching = false 37 | 38 | # Tell Action Mailer not to deliver emails to the real world. 39 | # The :test delivery method accumulates sent emails in the 40 | # ActionMailer::Base.deliveries array. 41 | config.action_mailer.delivery_method = :test 42 | 43 | # Print deprecation notices to the stderr. 44 | config.active_support.deprecation = :stderr 45 | 46 | # Raises error for missing translations. 47 | # config.action_view.raise_on_missing_translations = true 48 | end 49 | -------------------------------------------------------------------------------- /Gemfile: -------------------------------------------------------------------------------- 1 | source 'https://rubygems.org' 2 | git_source(:github) { |repo| "https://github.com/#{repo}.git" } 3 | 4 | ruby '2.5.3' 5 | 6 | # Bundle edge Rails instead: gem 'rails', github: 'rails/rails' 7 | gem 'rails', '~> 6.0.0' 8 | # Use sqlite3 as the database for Active Record 9 | gem 'sqlite3', '~> 1.4' 10 | # Use Puma as the app server 11 | gem 'puma', '~> 3.11' 12 | # Use SCSS for stylesheets 13 | gem 'sass-rails', '~> 5' 14 | # Transpile app-like JavaScript. Read more: https://github.com/rails/webpacker 15 | gem 'webpacker', '~> 4.0' 16 | # Turbolinks makes navigating your web application faster. Read more: https://github.com/turbolinks/turbolinks 17 | gem 'turbolinks', '~> 5' 18 | # Build JSON APIs with ease. Read more: https://github.com/rails/jbuilder 19 | gem 'jbuilder', '~> 2.7' 20 | # Use Redis adapter to run Action Cable in production 21 | # gem 'redis', '~> 4.0' 22 | # Use Active Model has_secure_password 23 | # gem 'bcrypt', '~> 3.1.7' 24 | 25 | # Use Active Storage variant 26 | # gem 'image_processing', '~> 1.2' 27 | 28 | # Reduces boot times through caching; required in config/boot.rb 29 | gem 'bootsnap', '>= 1.4.2', require: false 30 | 31 | group :development, :test do 32 | # Call 'byebug' anywhere in the code to stop execution and get a debugger console 33 | gem 'byebug', platforms: [:mri, :mingw, :x64_mingw] 34 | end 35 | 36 | group :development do 37 | # Access an interactive console on exception pages or by calling 'console' anywhere in the code. 38 | gem 'web-console', '>= 3.3.0' 39 | gem 'listen', '>= 3.0.5', '< 3.2' 40 | # Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring 41 | gem 'spring' 42 | gem 'spring-watcher-listen', '~> 2.0.0' 43 | end 44 | 45 | group :test do 46 | # Adds support for Capybara system testing and selenium driver 47 | gem 'capybara', '>= 2.15' 48 | gem 'selenium-webdriver' 49 | # Easy installation and use of web drivers to run system tests with browsers 50 | gem 'webdrivers' 51 | end 52 | 53 | # Windows does not include zoneinfo files, so bundle the tzinfo-data gem 54 | gem 'tzinfo-data', platforms: [:mingw, :mswin, :x64_mingw, :jruby] 55 | gem 'pg' -------------------------------------------------------------------------------- /config/webpacker.yml: -------------------------------------------------------------------------------- 1 | # Note: You must restart bin/webpack-dev-server for changes to take effect 2 | 3 | default: &default 4 | source_path: app/javascript 5 | source_entry_path: packs 6 | public_root_path: public 7 | public_output_path: packs 8 | cache_path: tmp/cache/webpacker 9 | check_yarn_integrity: false 10 | webpack_compile_output: true 11 | 12 | # Additional paths webpack should lookup modules 13 | # ['app/assets', 'engine/foo/app/assets'] 14 | resolved_paths: [] 15 | 16 | # Reload manifest.json on all requests so we reload latest compiled packs 17 | cache_manifest: false 18 | 19 | # Extract and emit a css file 20 | extract_css: false 21 | 22 | static_assets_extensions: 23 | - .jpg 24 | - .jpeg 25 | - .png 26 | - .gif 27 | - .tiff 28 | - .ico 29 | - .svg 30 | - .eot 31 | - .otf 32 | - .ttf 33 | - .woff 34 | - .woff2 35 | 36 | extensions: 37 | - .mjs 38 | - .js 39 | - .sass 40 | - .scss 41 | - .css 42 | - .module.sass 43 | - .module.scss 44 | - .module.css 45 | - .png 46 | - .svg 47 | - .gif 48 | - .jpeg 49 | - .jpg 50 | 51 | development: 52 | <<: *default 53 | compile: true 54 | 55 | # Verifies that correct packages and versions are installed by inspecting package.json, yarn.lock, and node_modules 56 | check_yarn_integrity: true 57 | 58 | # Reference: https://webpack.js.org/configuration/dev-server/ 59 | dev_server: 60 | https: false 61 | host: localhost 62 | port: 3035 63 | public: localhost:3035 64 | hmr: false 65 | # Inline should be set to true if using HMR 66 | inline: true 67 | overlay: true 68 | compress: true 69 | disable_host_check: true 70 | use_local_ip: false 71 | quiet: false 72 | pretty: false 73 | headers: 74 | 'Access-Control-Allow-Origin': '*' 75 | watch_options: 76 | ignored: '**/node_modules/**' 77 | 78 | 79 | test: 80 | <<: *default 81 | compile: true 82 | 83 | # Compile test packs to a separate directory 84 | public_output_path: packs-test 85 | 86 | production: 87 | <<: *default 88 | 89 | # Production depends on precompilation of packs prior to booting for performance. 90 | compile: false 91 | 92 | # Extract and emit a css file 93 | extract_css: true 94 | 95 | # Cache manifest.json for performance 96 | cache_manifest: true 97 | -------------------------------------------------------------------------------- /modules/rds/main.tf: -------------------------------------------------------------------------------- 1 | /*==== 2 | RDS 3 | ======*/ 4 | 5 | /* subnet used by rds */ 6 | resource "aws_db_subnet_group" "rds_subnet_group" { 7 | name = "${var.environment}-rds-subnet-group" 8 | description = "RDS subnet group" 9 | subnet_ids = "${var.subnet_ids}" 10 | tags = { 11 | Environment = "${var.environment}" 12 | } 13 | } 14 | 15 | /* Security Group for resources that want to access the Database */ 16 | resource "aws_security_group" "db_access_sg" { 17 | vpc_id = "${var.vpc_id}" 18 | name = "${var.environment}-db-access-sg" 19 | description = "Allow access to RDS" 20 | 21 | tags = { 22 | Name = "${var.environment}-db-access-sg" 23 | Environment = "${var.environment}" 24 | } 25 | } 26 | 27 | resource "aws_security_group" "rds_sg" { 28 | name = "${var.environment}-rds-sg" 29 | description = "${var.environment} Security Group" 30 | vpc_id = "${var.vpc_id}" 31 | tags = { 32 | Name = "${var.environment}-rds-sg" 33 | Environment = "${var.environment}" 34 | } 35 | 36 | // allows traffic from the SG itself 37 | ingress { 38 | from_port = 0 39 | to_port = 0 40 | protocol = "-1" 41 | self = true 42 | } 43 | 44 | //allow traffic for TCP 5432 45 | ingress { 46 | from_port = 5432 47 | to_port = 5432 48 | protocol = "tcp" 49 | security_groups = ["${aws_security_group.db_access_sg.id}"] 50 | } 51 | 52 | // outbound internet access 53 | egress { 54 | from_port = 0 55 | to_port = 0 56 | protocol = "-1" 57 | cidr_blocks = ["0.0.0.0/0"] 58 | } 59 | } 60 | 61 | resource "aws_db_instance" "rds" { 62 | identifier = "${var.environment}-database" 63 | allocated_storage = "${var.allocated_storage}" 64 | engine = "postgres" 65 | engine_version = "9.6.6" 66 | instance_class = "${var.instance_class}" 67 | multi_az = "${var.multi_az}" 68 | name = "${var.database_name}" 69 | username = "${var.database_username}" 70 | password = "${var.database_password}" 71 | db_subnet_group_name = "${aws_db_subnet_group.rds_subnet_group.id}" 72 | vpc_security_group_ids = ["${aws_security_group.rds_sg.id}"] 73 | skip_final_snapshot = true 74 | #snapshot_identifier = "rds-${var.environment}-snapshot" 75 | tags = { 76 | Environment = "${var.environment}" 77 | } 78 | } -------------------------------------------------------------------------------- /config/environments/development.rb: -------------------------------------------------------------------------------- 1 | Rails.application.configure do 2 | # Settings specified here will take precedence over those in config/application.rb. 3 | 4 | # In the development environment your application's code is reloaded on 5 | # every request. This slows down response time but is perfect for development 6 | # since you don't have to restart the web server when you make code changes. 7 | config.cache_classes = false 8 | 9 | # Do not eager load code on boot. 10 | config.eager_load = false 11 | 12 | # Show full error reports. 13 | config.consider_all_requests_local = true 14 | 15 | # Enable/disable caching. By default caching is disabled. 16 | # Run rails dev:cache to toggle caching. 17 | if Rails.root.join('tmp', 'caching-dev.txt').exist? 18 | config.action_controller.perform_caching = true 19 | config.action_controller.enable_fragment_cache_logging = true 20 | 21 | config.cache_store = :memory_store 22 | config.public_file_server.headers = { 23 | 'Cache-Control' => "public, max-age=#{2.days.to_i}" 24 | } 25 | else 26 | config.action_controller.perform_caching = false 27 | 28 | config.cache_store = :null_store 29 | end 30 | 31 | # Store uploaded files on the local file system (see config/storage.yml for options). 32 | config.active_storage.service = :local 33 | 34 | # Don't care if the mailer can't send. 35 | config.action_mailer.raise_delivery_errors = false 36 | 37 | config.action_mailer.perform_caching = false 38 | 39 | # Print deprecation notices to the Rails logger. 40 | config.active_support.deprecation = :log 41 | 42 | # Raise an error on page load if there are pending migrations. 43 | config.active_record.migration_error = :page_load 44 | 45 | # Highlight code that triggered database queries in logs. 46 | config.active_record.verbose_query_logs = true 47 | 48 | # Debug mode disables concatenation and preprocessing of assets. 49 | # This option may cause significant delays in view rendering with a large 50 | # number of complex assets. 51 | config.assets.debug = true 52 | 53 | # Suppress logger output for asset requests. 54 | config.assets.quiet = true 55 | 56 | # Raises error for missing translations. 57 | # config.action_view.raise_on_missing_translations = true 58 | 59 | # Use an evented file watcher to asynchronously detect changes in source code, 60 | # routes, locales, etc. This feature depends on the listen gem. 61 | config.file_watcher = ActiveSupport::EventedFileUpdateChecker 62 | end 63 | -------------------------------------------------------------------------------- /modules/code_pipeline/policies/codepipeline.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect":"Allow", 6 | "Action": [ 7 | "s3:GetObject", 8 | "s3:GetObjectVersion", 9 | "s3:GetBucketVersioning", 10 | "s3:List*", 11 | "s3:PutObject" 12 | ], 13 | "Resource": [ 14 | "${aws_s3_bucket_arn}", 15 | "${aws_s3_bucket_arn}/*" 16 | ] 17 | }, 18 | { 19 | "Effect": "Allow", 20 | "Action": [ 21 | "codebuild:BatchGetBuilds", 22 | "codebuild:StartBuild" 23 | ], 24 | "Resource": "*" 25 | }, 26 | { 27 | "Action": [ 28 | "ecs:*", 29 | "events:DescribeRule", 30 | "events:DeleteRule", 31 | "events:ListRuleNamesByTarget", 32 | "events:ListTargetsByRule", 33 | "events:PutRule", 34 | "events:PutTargets", 35 | "events:RemoveTargets", 36 | "iam:ListAttachedRolePolicies", 37 | "iam:ListInstanceProfiles", 38 | "iam:ListRoles", 39 | "logs:CreateLogGroup", 40 | "logs:DescribeLogGroups", 41 | "logs:FilterLogEvents" 42 | ], 43 | "Resource": "*", 44 | "Effect": "Allow" 45 | }, 46 | { 47 | "Action": "iam:PassRole", 48 | "Effect": "Allow", 49 | "Resource": [ 50 | "*" 51 | ], 52 | "Condition": { 53 | "StringLike": { 54 | "iam:PassedToService": "ecs-tasks.amazonaws.com" 55 | } 56 | } 57 | }, 58 | { 59 | "Action": "iam:PassRole", 60 | "Effect": "Allow", 61 | "Resource": [ 62 | "arn:aws:iam::*:role/ecsInstanceRole*" 63 | ], 64 | "Condition": { 65 | "StringLike": { 66 | "iam:PassedToService": [ 67 | "ec2.amazonaws.com", 68 | "ec2.amazonaws.com.cn" 69 | ] 70 | } 71 | } 72 | }, 73 | { 74 | "Action": "iam:PassRole", 75 | "Effect": "Allow", 76 | "Resource": [ 77 | "arn:aws:iam::*:role/ecsAutoscaleRole*" 78 | ], 79 | "Condition": { 80 | "StringLike": { 81 | "iam:PassedToService": [ 82 | "application-autoscaling.amazonaws.com", 83 | "application-autoscaling.amazonaws.com.cn" 84 | ] 85 | } 86 | } 87 | }, 88 | { 89 | "Effect": "Allow", 90 | "Action": "iam:CreateServiceLinkedRole", 91 | "Resource": "*", 92 | "Condition": { 93 | "StringLike": { 94 | "iam:AWSServiceName": [ 95 | "ecs.amazonaws.com", 96 | "spot.amazonaws.com", 97 | "spotfleet.amazonaws.com" 98 | ] 99 | } 100 | } 101 | } 102 | ] 103 | } -------------------------------------------------------------------------------- /bin/bundle: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | # frozen_string_literal: true 3 | 4 | # 5 | # This file was generated by Bundler. 6 | # 7 | # The application 'bundle' is installed as part of a gem, and 8 | # this file is here to facilitate running it. 9 | # 10 | 11 | require "rubygems" 12 | 13 | m = Module.new do 14 | module_function 15 | 16 | def invoked_as_script? 17 | File.expand_path($0) == File.expand_path(__FILE__) 18 | end 19 | 20 | def env_var_version 21 | ENV["BUNDLER_VERSION"] 22 | end 23 | 24 | def cli_arg_version 25 | return unless invoked_as_script? # don't want to hijack other binstubs 26 | return unless "update".start_with?(ARGV.first || " ") # must be running `bundle update` 27 | bundler_version = nil 28 | update_index = nil 29 | ARGV.each_with_index do |a, i| 30 | if update_index && update_index.succ == i && a =~ Gem::Version::ANCHORED_VERSION_PATTERN 31 | bundler_version = a 32 | end 33 | next unless a =~ /\A--bundler(?:[= ](#{Gem::Version::VERSION_PATTERN}))?\z/ 34 | bundler_version = $1 || ">= 0.a" 35 | update_index = i 36 | end 37 | bundler_version 38 | end 39 | 40 | def gemfile 41 | gemfile = ENV["BUNDLE_GEMFILE"] 42 | return gemfile if gemfile && !gemfile.empty? 43 | 44 | File.expand_path("../../Gemfile", __FILE__) 45 | end 46 | 47 | def lockfile 48 | lockfile = 49 | case File.basename(gemfile) 50 | when "gems.rb" then gemfile.sub(/\.rb$/, gemfile) 51 | else "#{gemfile}.lock" 52 | end 53 | File.expand_path(lockfile) 54 | end 55 | 56 | def lockfile_version 57 | return unless File.file?(lockfile) 58 | lockfile_contents = File.read(lockfile) 59 | return unless lockfile_contents =~ /\n\nBUNDLED WITH\n\s{2,}(#{Gem::Version::VERSION_PATTERN})\n/ 60 | Regexp.last_match(1) 61 | end 62 | 63 | def bundler_version 64 | @bundler_version ||= begin 65 | env_var_version || cli_arg_version || 66 | lockfile_version || "#{Gem::Requirement.default}.a" 67 | end 68 | end 69 | 70 | def load_bundler! 71 | ENV["BUNDLE_GEMFILE"] ||= gemfile 72 | 73 | # must dup string for RG < 1.8 compatibility 74 | activate_bundler(bundler_version.dup) 75 | end 76 | 77 | def activate_bundler(bundler_version) 78 | if Gem::Version.correct?(bundler_version) && Gem::Version.new(bundler_version).release < Gem::Version.new("2.0") 79 | bundler_version = "< 2" 80 | end 81 | gem_error = activation_error_handling do 82 | gem "bundler", bundler_version 83 | end 84 | return if gem_error.nil? 85 | require_error = activation_error_handling do 86 | require "bundler/version" 87 | end 88 | return if require_error.nil? && Gem::Requirement.new(bundler_version).satisfied_by?(Gem::Version.new(Bundler::VERSION)) 89 | warn "Activating bundler (#{bundler_version}) failed:\n#{gem_error.message}\n\nTo install the version of bundler this project requires, run `gem install bundler -v '#{bundler_version}'`" 90 | exit 42 91 | end 92 | 93 | def activation_error_handling 94 | yield 95 | nil 96 | rescue StandardError, LoadError => e 97 | e 98 | end 99 | end 100 | 101 | m.load_bundler! 102 | 103 | if m.invoked_as_script? 104 | load Gem.bin_path("bundler", "bundle") 105 | end 106 | -------------------------------------------------------------------------------- /modules/code_pipeline/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_s3_bucket" "source" { 2 | bucket = "rails-terraform-experiment-source" 3 | acl = "private" 4 | force_destroy = true 5 | } 6 | 7 | resource "aws_iam_role" "codepipeline_role" { 8 | name = "codepipeline-role" 9 | 10 | assume_role_policy = "${file("${path.module}/policies/codepipeline_role.json")}" 11 | } 12 | 13 | /* policies */ 14 | data "template_file" "codepipeline_policy" { 15 | template = "${file("${path.module}/policies/codepipeline.json")}" 16 | 17 | vars = { 18 | aws_s3_bucket_arn = "${aws_s3_bucket.source.arn}" 19 | } 20 | } 21 | 22 | resource "aws_iam_role_policy" "codepipeline_policy" { 23 | name = "codepipeline_policy" 24 | role = "${aws_iam_role.codepipeline_role.id}" 25 | policy = "${data.template_file.codepipeline_policy.rendered}" 26 | } 27 | 28 | /* 29 | /* CodeBuild 30 | */ 31 | resource "aws_iam_role" "codebuild_role" { 32 | name = "codebuild-role" 33 | assume_role_policy = "${file("${path.module}/policies/codebuild_role.json")}" 34 | } 35 | 36 | data "template_file" "codebuild_policy" { 37 | template = "${file("${path.module}/policies/codebuild_policy.json")}" 38 | 39 | vars = { 40 | aws_s3_bucket_arn = "${aws_s3_bucket.source.arn}" 41 | } 42 | } 43 | 44 | resource "aws_iam_role_policy" "codebuild_policy" { 45 | name = "codebuild-policy" 46 | role = "${aws_iam_role.codebuild_role.id}" 47 | policy = "${data.template_file.codebuild_policy.rendered}" 48 | } 49 | 50 | data "template_file" "buildspec" { 51 | template = "${file("${path.module}/buildspec.yml")}" 52 | 53 | vars = { 54 | repository_url = "${var.repository_url}" 55 | region = "${var.region}" 56 | cluster_name = "${var.ecs_cluster_name}" 57 | subnet_id = "${var.run_task_subnet_id}" 58 | security_group_ids = "${join(",", var.run_task_security_group_ids)}" 59 | } 60 | } 61 | 62 | 63 | resource "aws_codebuild_project" "rails_terraform_build" { 64 | name = "rails_terraform-codebuild" 65 | build_timeout = "10" 66 | service_role = "${aws_iam_role.codebuild_role.arn}" 67 | 68 | artifacts { 69 | type = "CODEPIPELINE" 70 | } 71 | 72 | environment { 73 | compute_type = "BUILD_GENERAL1_SMALL" 74 | // https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-available.html 75 | image = "aws/codebuild/docker:1.12.1" 76 | type = "LINUX_CONTAINER" 77 | privileged_mode = true 78 | } 79 | 80 | source { 81 | type = "CODEPIPELINE" 82 | buildspec = "${data.template_file.buildspec.rendered}" 83 | } 84 | } 85 | 86 | /* CodePipeline */ 87 | 88 | resource "aws_codepipeline" "pipeline" { 89 | name = "rails_terraform-pipeline" 90 | role_arn = "${aws_iam_role.codepipeline_role.arn}" 91 | 92 | artifact_store { 93 | location = "${aws_s3_bucket.source.bucket}" 94 | type = "S3" 95 | } 96 | 97 | stage { 98 | name = "Source" 99 | 100 | action { 101 | name = "Source" 102 | category = "Source" 103 | owner = "ThirdParty" 104 | provider = "GitHub" 105 | version = "1" 106 | output_artifacts = ["source"] 107 | 108 | configuration = { 109 | Owner = "ajays1991" 110 | Repo = "rails_terraform" 111 | Branch = "master" 112 | OAuthToken = "******************************" 113 | } 114 | } 115 | } 116 | 117 | stage { 118 | name = "Build" 119 | 120 | action { 121 | name = "Build" 122 | category = "Build" 123 | owner = "AWS" 124 | provider = "CodeBuild" 125 | version = "1" 126 | input_artifacts = ["source"] 127 | output_artifacts = ["imagedefinitions"] 128 | 129 | configuration = { 130 | ProjectName = "rails_terraform-codebuild" 131 | } 132 | } 133 | } 134 | 135 | stage { 136 | name = "Production" 137 | 138 | action { 139 | name = "Deploy" 140 | category = "Deploy" 141 | owner = "AWS" 142 | provider = "ECS" 143 | input_artifacts = ["imagedefinitions"] 144 | version = "1" 145 | 146 | configuration = { 147 | ClusterName = "${var.ecs_cluster_name}" 148 | ServiceName = "${var.ecs_service_name}" 149 | FileName = "imagedefinitions.json" 150 | } 151 | } 152 | } 153 | } -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Ruby on Rails deployment using Terraform, Docker, AWS Codepipeline 2 | 3 | ### Resources 4 | 5 | - Terraform https://www.terraform.io 6 | - Docker https://www.docker.com/ 7 | - AWS Codepipeline https://aws.amazon.com/codepipeline/ 8 | 9 | ### System Installation 10 | 11 | #### Install Terraform 12 | 13 | Install terraform using the this link [https://learn.hashicorp.com/terraform/getting-started/install.html](https://learn.hashicorp.com/terraform/getting-started/install.html) 14 | 15 | #### You don't need local installation of docker as docker build will be run on AWS codepipeline server using buildspec. 16 | 17 | ### Github access Token 18 | 19 | Generate a new personal github token following the steps from [this link](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line#creating-a-token) 20 | 21 | Paste the token genrated in modules/copepipeline/main.tf at the following line 22 | Also add owner for the repository you want to deploy along with repository namd and branch. 23 | AWS code build created using terraform will read the repository owner, name, brnach from the following to run AWS code build using this source. 24 | 25 | ``` 26 | configuration = { 27 | Owner = "owner_of_repo" 28 | Repo = "repo_name" 29 | Branch = "branch_of_repo" 30 | OAuthToken = "***********token*********" 31 | } 32 | 33 | ``` 34 | 35 | ### Deploying application to AWS 36 | 37 | In deploy.tf set access_key and secret_key for AWS account. 38 | 39 | ``` 40 | provider "aws" { 41 | region = var.region 42 | access_key = "**********************" 43 | secret_key = "**********************" 44 | } 45 | ``` 46 | 47 | ### Switch environment to deploy to aws 48 | 49 | In application root folder create `.tfvars` file for staging, production, testing environment. Define all variables in `variables.tf` file and specify value for each variable in `.tfvars` file for each environment. 50 | 51 | For example, in `variables.tf` file define variables as follows 52 | 53 | ``` 54 | variable "region" { 55 | description = "Region that the instances will be created" 56 | } 57 | 58 | /*==== 59 | environment specific variables 60 | ======*/ 61 | 62 | variable "database_name" { 63 | description = "The database name for Production" 64 | } 65 | 66 | variable "database_username" { 67 | description = "The username for the Production database" 68 | } 69 | 70 | variable "database_password" { 71 | description = "The user password for the Production database" 72 | } 73 | 74 | variable "secret_key_base" { 75 | description = "The Rails secret key for production" 76 | } 77 | 78 | variable "domain" { 79 | default = "The domain of your application" 80 | } 81 | 82 | variable "rabbit_name" { 83 | description = "A random environment" 84 | } 85 | 86 | variable "environment" { 87 | description = "Environment for the application" 88 | } 89 | 90 | variable "availability_zones" { 91 | type = "list" 92 | } 93 | ``` 94 | 95 | And in `production.tfvars` or `staging.tfvars` the value for each variable can be set. 96 | For example in `production.tfvars` 97 | 98 | ``` 99 | region = "us-east-1" 100 | domain = "railsterraform.com" 101 | 102 | /* rds */ 103 | database_name = "railsterraform_production" 104 | database_username = "railsterraform" 105 | database_password = "myawesomepasswordproduction" 106 | 107 | /* secret key */ 108 | secret_key_base = "8d412aee3ceaa494fe1c276f5f7e524b9e33f649c03690e689e5b36a0cf4ce2a6f50024bc31f276c22b668e619d61a42b79f5e595759f377a8fa373e2907f41e" 109 | 110 | rabbit_name = "Yo Yo Singh" 111 | environment = "production" 112 | 113 | availability_zones = ["us-east-1a", "us-east-1b"] 114 | 115 | ``` 116 | 117 | After this setup run the following command in project root 118 | `$ terraform init` 119 | 120 | After successfully installing the terraform plugins run the plan command. When running the plan command pass `--var-file` argument to command with value of the `.tfvars` file you want to run for. 121 | For example to deploy the application to `staging` environment run the following command 122 | 123 | `$ terraform plan --var-file=staging.tfvars` 124 | 125 | After successfully creating the plan run the following command 126 | 127 | `$ terraform apply --var-file=staging.tfvars` 128 | 129 | This will start creating your AWS infrastructure for the application and will success with providing url for the application loadbalancer using the following command 130 | 131 | `$ terraform output alb_dns_name` 132 | -------------------------------------------------------------------------------- /modules/networking/main.tf: -------------------------------------------------------------------------------- 1 | /*==== 2 | The VPC 3 | ======*/ 4 | 5 | resource "aws_vpc" "vpc" { 6 | cidr_block = "${var.vpc_cidr}" 7 | enable_dns_hostnames = true 8 | enable_dns_support = true 9 | 10 | tags = { 11 | Name = "${var.environment}-vpc" 12 | Environment = "${var.environment}" 13 | } 14 | } 15 | 16 | /*==== 17 | Subnets 18 | ======*/ 19 | 20 | /* Internet gateway for the public subnet */ 21 | resource "aws_internet_gateway" "ig" { 22 | vpc_id = "${aws_vpc.vpc.id}" 23 | 24 | tags = { 25 | Name = "${var.environment}-igw" 26 | Environment = "${var.environment}" 27 | } 28 | } 29 | 30 | /* Elastic IP for NAT */ 31 | resource "aws_eip" "nat_eip" { 32 | vpc = true 33 | depends_on = ["aws_internet_gateway.ig"] 34 | } 35 | 36 | /* NAT */ 37 | resource "aws_nat_gateway" "nat" { 38 | allocation_id = "${aws_eip.nat_eip.id}" 39 | subnet_id = "${element(aws_subnet.public_subnet.*.id, 0)}" 40 | depends_on = ["aws_internet_gateway.ig"] 41 | 42 | tags = { 43 | Name = "${var.environment}-${element(var.availability_zones, 1)}-nat" 44 | Environment = "${var.environment}" 45 | } 46 | } 47 | 48 | /* Public subnet */ 49 | resource "aws_subnet" "public_subnet" { 50 | vpc_id = "${aws_vpc.vpc.id}" 51 | count = "${length(var.public_subnets_cidr)}" 52 | cidr_block = "${element(var.public_subnets_cidr, count.index)}" 53 | availability_zone = "${element(var.availability_zones, count.index)}" 54 | map_public_ip_on_launch = true 55 | 56 | tags = { 57 | Name = "${var.environment}-${element(var.availability_zones, count.index)}-public-subnet" 58 | Environment = "${var.environment}" 59 | } 60 | } 61 | 62 | /* Private subnet */ 63 | resource "aws_subnet" "private_subnet" { 64 | vpc_id = "${aws_vpc.vpc.id}" 65 | count = "${length(var.private_subnets_cidr)}" 66 | cidr_block = "${element(var.private_subnets_cidr, count.index)}" 67 | availability_zone = "${element(var.availability_zones, count.index)}" 68 | map_public_ip_on_launch = false 69 | 70 | tags = { 71 | Name = "${var.environment}-${element(var.availability_zones, count.index)}-private-subnet" 72 | Environment = "${var.environment}" 73 | } 74 | } 75 | 76 | /* Routing table for private subnet */ 77 | resource "aws_route_table" "private" { 78 | vpc_id = "${aws_vpc.vpc.id}" 79 | 80 | tags = { 81 | Name = "${var.environment}-private-route-table" 82 | Environment = "${var.environment}" 83 | } 84 | } 85 | 86 | /* Routing table for public subnet */ 87 | resource "aws_route_table" "public" { 88 | vpc_id = "${aws_vpc.vpc.id}" 89 | 90 | tags = { 91 | Name = "${var.environment}-public-route-table" 92 | Environment = "${var.environment}" 93 | } 94 | } 95 | 96 | resource "aws_route" "public_internet_gateway" { 97 | route_table_id = "${aws_route_table.public.id}" 98 | destination_cidr_block = "0.0.0.0/0" 99 | gateway_id = "${aws_internet_gateway.ig.id}" 100 | } 101 | 102 | resource "aws_route" "private_nat_gateway" { 103 | route_table_id = "${aws_route_table.private.id}" 104 | destination_cidr_block = "0.0.0.0/0" 105 | nat_gateway_id = "${aws_nat_gateway.nat.id}" 106 | } 107 | 108 | /* Route table associations */ 109 | resource "aws_route_table_association" "public" { 110 | count = "${length(var.public_subnets_cidr)}" 111 | subnet_id = "${element(aws_subnet.public_subnet.*.id, count.index)}" 112 | route_table_id = "${aws_route_table.public.id}" 113 | } 114 | 115 | resource "aws_route_table_association" "private" { 116 | count = "${length(var.private_subnets_cidr)}" 117 | subnet_id = "${element(aws_subnet.private_subnet.*.id, count.index)}" 118 | route_table_id = "${aws_route_table.private.id}" 119 | } 120 | 121 | /*==== 122 | VPC's Default Security Group 123 | ======*/ 124 | resource "aws_security_group" "default" { 125 | name = "${var.environment}-default-sg" 126 | description = "Default security group to allow inbound/outbound from the VPC" 127 | vpc_id = "${aws_vpc.vpc.id}" 128 | depends_on = ["aws_vpc.vpc"] 129 | 130 | ingress { 131 | from_port = "0" 132 | to_port = "0" 133 | protocol = "-1" 134 | self = true 135 | } 136 | 137 | egress { 138 | from_port = "0" 139 | to_port = "0" 140 | protocol = "-1" 141 | self = "true" 142 | } 143 | 144 | tags = { 145 | Environment = "${var.environment}" 146 | } 147 | } 148 | -------------------------------------------------------------------------------- /config/environments/production.rb: -------------------------------------------------------------------------------- 1 | Rails.application.configure do 2 | # Settings specified here will take precedence over those in config/application.rb. 3 | 4 | # Code is not reloaded between requests. 5 | config.cache_classes = true 6 | 7 | # Eager load code on boot. This eager loads most of Rails and 8 | # your application in memory, allowing both threaded web servers 9 | # and those relying on copy on write to perform better. 10 | # Rake tasks automatically ignore this option for performance. 11 | config.eager_load = true 12 | 13 | # Full error reports are disabled and caching is turned on. 14 | config.consider_all_requests_local = false 15 | config.action_controller.perform_caching = true 16 | 17 | # Ensures that a master key has been made available in either ENV["RAILS_MASTER_KEY"] 18 | # or in config/master.key. This key is used to decrypt credentials (and other encrypted files). 19 | # config.require_master_key = true 20 | 21 | # Disable serving static files from the `/public` folder by default since 22 | # Apache or NGINX already handles this. 23 | config.public_file_server.enabled = ENV['RAILS_SERVE_STATIC_FILES'].present? 24 | 25 | # Compress CSS using a preprocessor. 26 | # config.assets.css_compressor = :sass 27 | 28 | # Do not fallback to assets pipeline if a precompiled asset is missed. 29 | config.assets.compile = false 30 | 31 | # Enable serving of images, stylesheets, and JavaScripts from an asset server. 32 | # config.action_controller.asset_host = 'http://assets.example.com' 33 | 34 | # Specifies the header that your server uses for sending files. 35 | # config.action_dispatch.x_sendfile_header = 'X-Sendfile' # for Apache 36 | # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX 37 | 38 | # Store uploaded files on the local file system (see config/storage.yml for options). 39 | config.active_storage.service = :local 40 | 41 | # Mount Action Cable outside main process or domain. 42 | # config.action_cable.mount_path = nil 43 | # config.action_cable.url = 'wss://example.com/cable' 44 | # config.action_cable.allowed_request_origins = [ 'http://example.com', /http:\/\/example.*/ ] 45 | 46 | # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. 47 | # config.force_ssl = true 48 | 49 | # Use the lowest log level to ensure availability of diagnostic information 50 | # when problems arise. 51 | config.log_level = :debug 52 | 53 | # Prepend all log lines with the following tags. 54 | config.log_tags = [ :request_id ] 55 | 56 | # Use a different cache store in production. 57 | # config.cache_store = :mem_cache_store 58 | 59 | # Use a real queuing backend for Active Job (and separate queues per environment). 60 | # config.active_job.queue_adapter = :resque 61 | # config.active_job.queue_name_prefix = "ruby_on_rails_terraform_production" 62 | 63 | config.action_mailer.perform_caching = false 64 | 65 | # Ignore bad email addresses and do not raise email delivery errors. 66 | # Set this to true and configure the email server for immediate delivery to raise delivery errors. 67 | # config.action_mailer.raise_delivery_errors = false 68 | 69 | # Enable locale fallbacks for I18n (makes lookups for any locale fall back to 70 | # the I18n.default_locale when a translation cannot be found). 71 | config.i18n.fallbacks = true 72 | 73 | # Send deprecation notices to registered listeners. 74 | config.active_support.deprecation = :notify 75 | 76 | # Use default logging formatter so that PID and timestamp are not suppressed. 77 | config.log_formatter = ::Logger::Formatter.new 78 | 79 | # Use a different logger for distributed setups. 80 | # require 'syslog/logger' 81 | # config.logger = ActiveSupport::TaggedLogging.new(Syslog::Logger.new 'app-name') 82 | 83 | if ENV["RAILS_LOG_TO_STDOUT"].present? 84 | logger = ActiveSupport::Logger.new(STDOUT) 85 | logger.formatter = config.log_formatter 86 | config.logger = ActiveSupport::TaggedLogging.new(logger) 87 | end 88 | 89 | # Do not dump schema after migrations. 90 | config.active_record.dump_schema_after_migration = false 91 | 92 | # Inserts middleware to perform automatic connection switching. 93 | # The `database_selector` hash is used to pass options to the DatabaseSelector 94 | # middleware. The `delay` is used to determine how long to wait after a write 95 | # to send a subsequent read to the primary. 96 | # 97 | # The `database_resolver` class is used by the middleware to determine which 98 | # database is appropriate to use based on the time delay. 99 | # 100 | # The `database_resolver_context` class is used by the middleware to set 101 | # timestamps for the last write to the primary. The resolver uses the context 102 | # class timestamps to determine how long to wait before reading from the 103 | # replica. 104 | # 105 | # By default Rails will store a last write timestamp in the session. The 106 | # DatabaseSelector middleware is designed as such you can define your own 107 | # strategy for connection switching and pass that into the middleware through 108 | # these configuration options. 109 | # config.active_record.database_selector = { delay: 2.seconds } 110 | # config.active_record.database_resolver = ActiveRecord::Middleware::DatabaseSelector::Resolver 111 | # config.active_record.database_resolver_context = ActiveRecord::Middleware::DatabaseSelector::Resolver::Session 112 | end 113 | -------------------------------------------------------------------------------- /Gemfile.lock: -------------------------------------------------------------------------------- 1 | GEM 2 | remote: https://rubygems.org/ 3 | specs: 4 | actioncable (6.0.2.1) 5 | actionpack (= 6.0.2.1) 6 | nio4r (~> 2.0) 7 | websocket-driver (>= 0.6.1) 8 | actionmailbox (6.0.2.1) 9 | actionpack (= 6.0.2.1) 10 | activejob (= 6.0.2.1) 11 | activerecord (= 6.0.2.1) 12 | activestorage (= 6.0.2.1) 13 | activesupport (= 6.0.2.1) 14 | mail (>= 2.7.1) 15 | actionmailer (6.0.2.1) 16 | actionpack (= 6.0.2.1) 17 | actionview (= 6.0.2.1) 18 | activejob (= 6.0.2.1) 19 | mail (~> 2.5, >= 2.5.4) 20 | rails-dom-testing (~> 2.0) 21 | actionpack (6.0.2.1) 22 | actionview (= 6.0.2.1) 23 | activesupport (= 6.0.2.1) 24 | rack (~> 2.0, >= 2.0.8) 25 | rack-test (>= 0.6.3) 26 | rails-dom-testing (~> 2.0) 27 | rails-html-sanitizer (~> 1.0, >= 1.2.0) 28 | actiontext (6.0.2.1) 29 | actionpack (= 6.0.2.1) 30 | activerecord (= 6.0.2.1) 31 | activestorage (= 6.0.2.1) 32 | activesupport (= 6.0.2.1) 33 | nokogiri (>= 1.8.5) 34 | actionview (6.0.2.1) 35 | activesupport (= 6.0.2.1) 36 | builder (~> 3.1) 37 | erubi (~> 1.4) 38 | rails-dom-testing (~> 2.0) 39 | rails-html-sanitizer (~> 1.1, >= 1.2.0) 40 | activejob (6.0.2.1) 41 | activesupport (= 6.0.2.1) 42 | globalid (>= 0.3.6) 43 | activemodel (6.0.2.1) 44 | activesupport (= 6.0.2.1) 45 | activerecord (6.0.2.1) 46 | activemodel (= 6.0.2.1) 47 | activesupport (= 6.0.2.1) 48 | activestorage (6.0.2.1) 49 | actionpack (= 6.0.2.1) 50 | activejob (= 6.0.2.1) 51 | activerecord (= 6.0.2.1) 52 | marcel (~> 0.3.1) 53 | activesupport (6.0.2.1) 54 | concurrent-ruby (~> 1.0, >= 1.0.2) 55 | i18n (>= 0.7, < 2) 56 | minitest (~> 5.1) 57 | tzinfo (~> 1.1) 58 | zeitwerk (~> 2.2) 59 | addressable (2.7.0) 60 | public_suffix (>= 2.0.2, < 5.0) 61 | bindex (0.8.1) 62 | bootsnap (1.4.5) 63 | msgpack (~> 1.0) 64 | builder (3.2.4) 65 | byebug (11.0.1) 66 | capybara (3.29.0) 67 | addressable 68 | mini_mime (>= 0.1.3) 69 | nokogiri (~> 1.8) 70 | rack (>= 1.6.0) 71 | rack-test (>= 0.6.3) 72 | regexp_parser (~> 1.5) 73 | xpath (~> 3.2) 74 | childprocess (3.0.0) 75 | concurrent-ruby (1.1.5) 76 | crass (1.0.5) 77 | erubi (1.9.0) 78 | ffi (1.11.3) 79 | globalid (0.4.2) 80 | activesupport (>= 4.2.0) 81 | i18n (1.7.0) 82 | concurrent-ruby (~> 1.0) 83 | jbuilder (2.9.1) 84 | activesupport (>= 4.2.0) 85 | listen (3.1.5) 86 | rb-fsevent (~> 0.9, >= 0.9.4) 87 | rb-inotify (~> 0.9, >= 0.9.7) 88 | ruby_dep (~> 1.2) 89 | loofah (2.4.0) 90 | crass (~> 1.0.2) 91 | nokogiri (>= 1.5.9) 92 | mail (2.7.1) 93 | mini_mime (>= 0.1.1) 94 | marcel (0.3.3) 95 | mimemagic (~> 0.3.2) 96 | method_source (0.9.2) 97 | mimemagic (0.3.3) 98 | mini_mime (1.0.2) 99 | mini_portile2 (2.4.0) 100 | minitest (5.13.0) 101 | msgpack (1.3.1) 102 | nio4r (2.5.2) 103 | nokogiri (1.10.7) 104 | mini_portile2 (~> 2.4.0) 105 | pg (1.1.4) 106 | public_suffix (4.0.1) 107 | puma (3.12.2) 108 | rack (2.0.8) 109 | rack-proxy (0.6.5) 110 | rack 111 | rack-test (1.1.0) 112 | rack (>= 1.0, < 3) 113 | rails (6.0.2.1) 114 | actioncable (= 6.0.2.1) 115 | actionmailbox (= 6.0.2.1) 116 | actionmailer (= 6.0.2.1) 117 | actionpack (= 6.0.2.1) 118 | actiontext (= 6.0.2.1) 119 | actionview (= 6.0.2.1) 120 | activejob (= 6.0.2.1) 121 | activemodel (= 6.0.2.1) 122 | activerecord (= 6.0.2.1) 123 | activestorage (= 6.0.2.1) 124 | activesupport (= 6.0.2.1) 125 | bundler (>= 1.3.0) 126 | railties (= 6.0.2.1) 127 | sprockets-rails (>= 2.0.0) 128 | rails-dom-testing (2.0.3) 129 | activesupport (>= 4.2.0) 130 | nokogiri (>= 1.6) 131 | rails-html-sanitizer (1.3.0) 132 | loofah (~> 2.3) 133 | railties (6.0.2.1) 134 | actionpack (= 6.0.2.1) 135 | activesupport (= 6.0.2.1) 136 | method_source 137 | rake (>= 0.8.7) 138 | thor (>= 0.20.3, < 2.0) 139 | rake (13.0.1) 140 | rb-fsevent (0.10.3) 141 | rb-inotify (0.10.0) 142 | ffi (~> 1.0) 143 | regexp_parser (1.6.0) 144 | ruby_dep (1.5.0) 145 | rubyzip (2.0.0) 146 | sass (3.7.4) 147 | sass-listen (~> 4.0.0) 148 | sass-listen (4.0.0) 149 | rb-fsevent (~> 0.9, >= 0.9.4) 150 | rb-inotify (~> 0.9, >= 0.9.7) 151 | sass-rails (5.1.0) 152 | railties (>= 5.2.0) 153 | sass (~> 3.1) 154 | sprockets (>= 2.8, < 4.0) 155 | sprockets-rails (>= 2.0, < 4.0) 156 | tilt (>= 1.1, < 3) 157 | selenium-webdriver (3.142.6) 158 | childprocess (>= 0.5, < 4.0) 159 | rubyzip (>= 1.2.2) 160 | spring (2.1.0) 161 | spring-watcher-listen (2.0.1) 162 | listen (>= 2.7, < 4.0) 163 | spring (>= 1.2, < 3.0) 164 | sprockets (3.7.2) 165 | concurrent-ruby (~> 1.0) 166 | rack (> 1, < 3) 167 | sprockets-rails (3.2.1) 168 | actionpack (>= 4.0) 169 | activesupport (>= 4.0) 170 | sprockets (>= 3.0.0) 171 | sqlite3 (1.4.2) 172 | thor (1.0.1) 173 | thread_safe (0.3.6) 174 | tilt (2.0.10) 175 | turbolinks (5.2.1) 176 | turbolinks-source (~> 5.2) 177 | turbolinks-source (5.2.0) 178 | tzinfo (1.2.5) 179 | thread_safe (~> 0.1) 180 | web-console (4.0.1) 181 | actionview (>= 6.0.0) 182 | activemodel (>= 6.0.0) 183 | bindex (>= 0.4.0) 184 | railties (>= 6.0.0) 185 | webdrivers (4.1.3) 186 | nokogiri (~> 1.6) 187 | rubyzip (>= 1.3.0) 188 | selenium-webdriver (>= 3.0, < 4.0) 189 | webpacker (4.2.2) 190 | activesupport (>= 4.2) 191 | rack-proxy (>= 0.6.1) 192 | railties (>= 4.2) 193 | websocket-driver (0.7.1) 194 | websocket-extensions (>= 0.1.0) 195 | websocket-extensions (0.1.4) 196 | xpath (3.2.0) 197 | nokogiri (~> 1.8) 198 | zeitwerk (2.2.2) 199 | 200 | PLATFORMS 201 | ruby 202 | 203 | DEPENDENCIES 204 | bootsnap (>= 1.4.2) 205 | byebug 206 | capybara (>= 2.15) 207 | jbuilder (~> 2.7) 208 | listen (>= 3.0.5, < 3.2) 209 | pg 210 | puma (~> 3.11) 211 | rails (~> 6.0.0) 212 | sass-rails (~> 5) 213 | selenium-webdriver 214 | spring 215 | spring-watcher-listen (~> 2.0.0) 216 | sqlite3 (~> 1.4) 217 | turbolinks (~> 5) 218 | tzinfo-data 219 | web-console (>= 3.3.0) 220 | webdrivers 221 | webpacker (~> 4.0) 222 | 223 | RUBY VERSION 224 | ruby 2.6.3p62 225 | 226 | BUNDLED WITH 227 | 2.0.2 228 | -------------------------------------------------------------------------------- /modules/ecs/main.tf: -------------------------------------------------------------------------------- 1 | 2 | /*==== 3 | Cloudwatch Log Group 4 | ======*/ 5 | resource "aws_cloudwatch_log_group" "rails_terraform" { 6 | name = "rails_terraform" 7 | 8 | tags = { 9 | Environment = "${var.environment}" 10 | Application = "rails_terraform" 11 | } 12 | } 13 | 14 | /*==== 15 | ECR repository to store our Docker images 16 | ======*/ 17 | resource "aws_ecr_repository" "rails_terraform_app" { 18 | name = "${var.repository_name}" 19 | } 20 | 21 | /*==== 22 | ECS cluster 23 | ======*/ 24 | resource "aws_ecs_cluster" "cluster" { 25 | name = "${var.environment}-ecs-cluster" 26 | } 27 | 28 | /*==== 29 | ECS task definitions 30 | ======*/ 31 | 32 | /* the task definition for the web service */ 33 | data "template_file" "web_task" { 34 | template = "${file("${path.module}/tasks/web_task_definition.json")}" 35 | 36 | vars = { 37 | image = "${aws_ecr_repository.rails_terraform_app.repository_url}" 38 | secret_key_base = "${var.secret_key_base}" 39 | database_url = "postgresql://${var.database_username}:${var.database_password}@${var.database_endpoint}:5432/${var.database_name}?encoding=utf8&pool=40" 40 | log_group = "${aws_cloudwatch_log_group.rails_terraform.name}" 41 | } 42 | } 43 | 44 | resource "aws_ecs_task_definition" "web" { 45 | family = "${var.environment}_web" 46 | container_definitions = "${data.template_file.web_task.rendered}" 47 | requires_compatibilities = ["FARGATE"] 48 | network_mode = "awsvpc" 49 | cpu = "256" 50 | memory = "512" 51 | execution_role_arn = "${aws_iam_role.ecs_execution_role.arn}" 52 | task_role_arn = "${aws_iam_role.ecs_execution_role.arn}" 53 | } 54 | 55 | /* the task definition for the db migration */ 56 | data "template_file" "db_migrate_task" { 57 | template = "${file("${path.module}/tasks/db_migrate_task_definition.json")}" 58 | 59 | vars = { 60 | image = "${aws_ecr_repository.rails_terraform_app.repository_url}" 61 | secret_key_base = "${var.secret_key_base}" 62 | database_url = "postgresql://${var.database_username}:${var.database_password}@${var.database_endpoint}:5432/${var.database_name}?encoding=utf8&pool=40" 63 | log_group = "rails_terraform" 64 | } 65 | } 66 | 67 | resource "aws_ecs_task_definition" "db_migrate" { 68 | family = "${var.environment}_db_migrate" 69 | container_definitions = "${data.template_file.db_migrate_task.rendered}" 70 | requires_compatibilities = ["FARGATE"] 71 | network_mode = "awsvpc" 72 | cpu = "256" 73 | memory = "512" 74 | execution_role_arn = "${aws_iam_role.ecs_execution_role.arn}" 75 | task_role_arn = "${aws_iam_role.ecs_execution_role.arn}" 76 | } 77 | 78 | /*==== 79 | App Load Balancer 80 | ======*/ 81 | resource "random_id" "target_group_sufix" { 82 | byte_length = 2 83 | } 84 | 85 | resource "aws_alb_target_group" "alb_target_group" { 86 | name = "${var.environment}-alb-target-group-${random_id.target_group_sufix.hex}" 87 | port = 80 88 | protocol = "HTTP" 89 | vpc_id = "${var.vpc_id}" 90 | target_type = "ip" 91 | 92 | lifecycle { 93 | create_before_destroy = true 94 | } 95 | } 96 | 97 | /* security group for ALB */ 98 | resource "aws_security_group" "web_inbound_sg" { 99 | name = "${var.environment}-web-inbound-sg" 100 | description = "Allow HTTP from Anywhere into ALB" 101 | vpc_id = "${var.vpc_id}" 102 | 103 | ingress { 104 | from_port = 80 105 | to_port = 80 106 | protocol = "tcp" 107 | cidr_blocks = ["0.0.0.0/0"] 108 | } 109 | 110 | ingress { 111 | from_port = 8 112 | to_port = 0 113 | protocol = "icmp" 114 | cidr_blocks = ["0.0.0.0/0"] 115 | } 116 | 117 | egress { 118 | from_port = 0 119 | to_port = 0 120 | protocol = "-1" 121 | cidr_blocks = ["0.0.0.0/0"] 122 | } 123 | 124 | tags = { 125 | Name = "${var.environment}-web-inbound-sg" 126 | } 127 | } 128 | 129 | resource "aws_alb" "alb_rails-terraform" { 130 | name = "${var.environment}-alb-rails-terraform" 131 | subnets = "${var.public_subnet_ids}" 132 | security_groups = "${concat(var.security_groups_ids, [aws_security_group.web_inbound_sg.id])}" 133 | 134 | tags = { 135 | Name = "${var.environment}-alb-rails_terraform" 136 | Environment = "${var.environment}" 137 | } 138 | } 139 | 140 | resource "aws_alb_listener" "rails_terraform" { 141 | load_balancer_arn = "${aws_alb.alb_rails-terraform.arn}" 142 | port = "80" 143 | protocol = "HTTP" 144 | depends_on = ["aws_alb_target_group.alb_target_group"] 145 | 146 | default_action { 147 | target_group_arn = "${aws_alb_target_group.alb_target_group.arn}" 148 | type = "forward" 149 | } 150 | } 151 | 152 | /* 153 | * IAM service role 154 | */ 155 | data "aws_iam_policy_document" "ecs_service_role" { 156 | statement { 157 | effect = "Allow" 158 | actions = ["sts:AssumeRole"] 159 | principals { 160 | type = "Service" 161 | identifiers = ["ecs.amazonaws.com"] 162 | } 163 | } 164 | } 165 | 166 | resource "aws_iam_role" "ecs_role" { 167 | name = "ecs_role" 168 | assume_role_policy = "${data.aws_iam_policy_document.ecs_service_role.json}" 169 | } 170 | 171 | data "aws_iam_policy_document" "ecs_service_policy" { 172 | statement { 173 | effect = "Allow" 174 | resources = ["*"] 175 | actions = [ 176 | "elasticloadbalancing:Describe*", 177 | "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", 178 | "elasticloadbalancing:RegisterInstancesWithLoadBalancer", 179 | "ec2:Describe*", 180 | "ec2:AuthorizeSecurityGroupIngress" 181 | ] 182 | } 183 | } 184 | 185 | /* ecs service scheduler role */ 186 | resource "aws_iam_role_policy" "ecs_service_role_policy" { 187 | name = "ecs_service_role_policy" 188 | #policy = "${file("${path.module}/policies/ecs-service-role.json")}" 189 | policy = "${data.aws_iam_policy_document.ecs_service_policy.json}" 190 | role = "${aws_iam_role.ecs_role.id}" 191 | } 192 | 193 | /* role that the Amazon ECS container agent and the Docker daemon can assume */ 194 | resource "aws_iam_role" "ecs_execution_role" { 195 | name = "ecs_task_execution_role" 196 | assume_role_policy = "${file("${path.module}/policies/ecs-task-execution-role.json")}" 197 | } 198 | 199 | resource "aws_iam_role_policy" "ecs_execution_role_policy" { 200 | name = "ecs_execution_role_policy" 201 | policy = "${file("${path.module}/policies/ecs-execution-role-policy.json")}" 202 | role = "${aws_iam_role.ecs_execution_role.id}" 203 | } 204 | 205 | /*==== 206 | ECS service 207 | ======*/ 208 | 209 | /* Security Group for ECS */ 210 | resource "aws_security_group" "ecs_service" { 211 | vpc_id = "${var.vpc_id}" 212 | name = "${var.environment}-ecs-service-sg" 213 | description = "Allow egress from container" 214 | 215 | egress { 216 | from_port = 0 217 | to_port = 0 218 | protocol = "-1" 219 | cidr_blocks = ["0.0.0.0/0"] 220 | } 221 | 222 | ingress { 223 | from_port = 8 224 | to_port = 0 225 | protocol = "icmp" 226 | cidr_blocks = ["0.0.0.0/0"] 227 | } 228 | 229 | tags = { 230 | Name = "${var.environment}-ecs-service-sg" 231 | Environment = "${var.environment}" 232 | } 233 | } 234 | 235 | /* Simply specify the family to find the latest ACTIVE revision in that family */ 236 | data "aws_ecs_task_definition" "web" { 237 | task_definition = "${aws_ecs_task_definition.web.family}" 238 | depends_on = [ "aws_ecs_task_definition.web" ] 239 | } 240 | 241 | resource "aws_ecs_service" "web" { 242 | name = "${var.environment}-web" 243 | task_definition = "${aws_ecs_task_definition.web.family}:${max("${aws_ecs_task_definition.web.revision}", "${data.aws_ecs_task_definition.web.revision}")}" 244 | desired_count = 2 245 | launch_type = "FARGATE" 246 | cluster = "${aws_ecs_cluster.cluster.id}" 247 | depends_on = ["aws_iam_role_policy.ecs_service_role_policy", "aws_alb_target_group.alb_target_group"] 248 | 249 | network_configuration { 250 | security_groups = "${concat(var.security_groups_ids, [aws_security_group.ecs_service.id])}" 251 | subnets = "${var.subnets_ids}" 252 | } 253 | 254 | load_balancer { 255 | target_group_arn = "${aws_alb_target_group.alb_target_group.arn}" 256 | container_name = "web" 257 | container_port = "80" 258 | } 259 | 260 | #depends_on = ["aws_alb_target_group.alb_target_group"] 261 | } 262 | 263 | 264 | /*==== 265 | Auto Scaling for ECS 266 | ======*/ 267 | 268 | resource "aws_iam_role" "ecs_autoscale_role" { 269 | name = "${var.environment}_ecs_autoscale_role" 270 | assume_role_policy = "${file("${path.module}/policies/ecs-autoscale-role.json")}" 271 | } 272 | resource "aws_iam_role_policy" "ecs_autoscale_role_policy" { 273 | name = "ecs_autoscale_role_policy" 274 | policy = "${file("${path.module}/policies/ecs-autoscale-role-policy.json")}" 275 | role = "${aws_iam_role.ecs_autoscale_role.id}" 276 | } 277 | 278 | resource "aws_appautoscaling_target" "target" { 279 | service_namespace = "ecs" 280 | resource_id = "service/${aws_ecs_cluster.cluster.name}/${aws_ecs_service.web.name}" 281 | scalable_dimension = "ecs:service:DesiredCount" 282 | role_arn = "${aws_iam_role.ecs_autoscale_role.arn}" 283 | min_capacity = 2 284 | max_capacity = 4 285 | } 286 | 287 | resource "aws_appautoscaling_policy" "up" { 288 | name = "${var.environment}_scale_up" 289 | service_namespace = "ecs" 290 | resource_id = "service/${aws_ecs_cluster.cluster.name}/${aws_ecs_service.web.name}" 291 | scalable_dimension = "ecs:service:DesiredCount" 292 | 293 | 294 | step_scaling_policy_configuration { 295 | adjustment_type = "ChangeInCapacity" 296 | cooldown = 60 297 | metric_aggregation_type = "Maximum" 298 | 299 | step_adjustment { 300 | metric_interval_lower_bound = 0 301 | scaling_adjustment = 1 302 | } 303 | } 304 | 305 | depends_on = ["aws_appautoscaling_target.target"] 306 | } 307 | 308 | resource "aws_appautoscaling_policy" "down" { 309 | name = "${var.environment}_scale_down" 310 | service_namespace = "ecs" 311 | resource_id = "service/${aws_ecs_cluster.cluster.name}/${aws_ecs_service.web.name}" 312 | scalable_dimension = "ecs:service:DesiredCount" 313 | 314 | step_scaling_policy_configuration { 315 | adjustment_type = "ChangeInCapacity" 316 | cooldown = 60 317 | metric_aggregation_type = "Maximum" 318 | 319 | step_adjustment { 320 | metric_interval_lower_bound = 0 321 | scaling_adjustment = -1 322 | } 323 | } 324 | 325 | depends_on = ["aws_appautoscaling_target.target"] 326 | } 327 | 328 | /* metric used for auto scale */ 329 | resource "aws_cloudwatch_metric_alarm" "service_cpu_high" { 330 | alarm_name = "${var.environment}_rails_terraform_web_cpu_utilization_high" 331 | comparison_operator = "GreaterThanOrEqualToThreshold" 332 | evaluation_periods = "2" 333 | metric_name = "CPUUtilization" 334 | namespace = "AWS/ECS" 335 | period = "60" 336 | statistic = "Maximum" 337 | threshold = "85" 338 | 339 | dimensions = { 340 | ClusterName = "${aws_ecs_cluster.cluster.name}" 341 | ServiceName = "${aws_ecs_service.web.name}" 342 | } 343 | 344 | alarm_actions = ["${aws_appautoscaling_policy.up.arn}"] 345 | ok_actions = ["${aws_appautoscaling_policy.down.arn}"] 346 | } 347 | 348 | --------------------------------------------------------------------------------