Home Verkennen Help
Registreren Inloggen
AFS
/
xdr-terraform-modules
2
0
Vork 0
Bestanden Issues 0 Pull-aanvragen 0 Wiki
Boom: 82b8d76a53
Aftakkingen Labels
xdr-terraform-m...
/
base
/
github
/
github_servers.tf

github_servers.tf 2.5 KB
Geschiedenis Ruwe

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172 
  1. # Rather than pass in the aws security group, we just look it up. This will
    2. 

  2. # probably be useful other places, as well.
    3. 

  3. data "aws_security_group" "typical-host" {
    4. 

  4.   name   = "typical-host"
    5. 

  5.   vpc_id = var.vpc_id
    6. 

  6. }
    7. 

  7. 

  8. # Use the default EBS key
    9. 

  9. data "aws_kms_key" "ebs-key" {
    10. 

  10.   key_id = "alias/ebs_root_encrypt_decrypt"
    11. 

  11. }
    12. 

  12. 

  13. resource "aws_instance" "ghe" {
    14. 

  14.   count = local.instance_count
    15. 

  15. 

  16.   ami                                  = aws_ami_copy.github.id
    17. 

  17.   instance_type                        = var.environment == "prod" ? "c5.4xlarge" : "r5a.4xlarge"
    18. 

  18.   subnet_id                            = var.private_subnets[count.index]
    19. 

  19.   vpc_security_group_ids               = [data.aws_security_group.typical-host.id, aws_security_group.ghe_server.id]
    20. 

  20.   associate_public_ip_address          = false
    21. 

  21.   ebs_optimized                        = true
    22. 

  22.   tenancy                              = "default"
    23. 

  23.   disable_api_termination              = var.instance_termination_protection
    24. 

  24.   instance_initiated_shutdown_behavior = "stop"
    25. 

  25.   key_name                             = "msoc-build"
    26. 

  26.   monitoring                           = false # checkov:skip=CKV_AWS_126:Detailed monitoring not needed at this time
    27. 

  27.   iam_instance_profile                 = module.instance_profile.profile_id
    28. 

  28. 

  29.   metadata_options {
    30. 

  30.     http_endpoint = "enabled"
    31. 

  31.     http_tokens   = "required"
    32. 

  32.   }
    33. 

  33. 

  34.   # single space to disable default module behavior
    35. 

  35.   root_block_device {
    36. 

  36.     volume_size           = 200
    37. 

  37.     volume_type           = "gp3"
    38. 

  38.     iops                  = 3000
    39. 

  39.     delete_on_termination = true
    40. 

  40.     encrypted             = true
    41. 

  41.     kms_key_id            = data.aws_kms_key.ebs-key.arn
    42. 

  42.   }
    43. 

  43. 

  44.   ebs_block_device {
    45. 

  45.     # github data
    46. 

  46.     # Note: Not in AMI
    47. 

  47.     device_name           = "/dev/xvdf"
    48. 

  48.     volume_size           = 500
    49. 

  49.     delete_on_termination = true
    50. 

  50.     encrypted             = true
    51. 

  51.     kms_key_id            = data.aws_kms_key.ebs-key.arn
    52. 

  52.     volume_type           = "gp3"
    53. 

  53.     iops                  = 3000
    54. 

  54.   }
    55. 

  55. 

  56.   tags        = merge(local.standard_tags, var.tags, var.instance_tags, { Name = format("%s-%s", "github-enterprise", count.index) })
    57. 

  57.   volume_tags = merge(local.standard_tags, var.tags, { Name = format("%s-%s", "github-enterprise", count.index) })
    58. 

  58. }
    59. 

  59. 

  60. # Would need this a second time if count > 0
    61. 

  61. module "private_dns_record_ghe_backup_0" {
    62. 

  62.   source = "../../submodules/dns/private_A_record"
    63. 

  63. 

  64.   name            = format("%s-%s", "github-enterprise", 0)
    65. 

  65.   ip_addresses    = [aws_instance.ghe[0].private_ip]
    66. 

  66.   dns_info        = var.dns_info
    67. 

  67.   reverse_enabled = var.reverse_enabled
    68. 

  68. 

  69.   providers = {
    70. 

  70.     aws.c2 = aws.c2
    71. 

  71.   }
    72. 

  72. }
    73.