Initial commit

Author: github-classroom[bot]

.csse6400/bin/clean_repository.sh

@@ -0,0 +1,27 @@
+#!/bin/bash
+#
+# Ensure that students have not committed inappropriate files for a Git repository.
+
+# The following files are not allowed in a Git repository.
+ILLEGAL_FILES=(.DS_Store .localized .DS_Store? ._* .Spotlight-V100 .Trashes Thumbs.db ehthumbs.db desktop.ini)
+ILLEGAL_FILES+=(*.pyc *.pyo *.exe *.dll *.so *.a *.o *.obj *.lib)
+ILLEGAL_FILES+=(__pycache__ *.class *.jar *.war *.rar)
+ILLEGAL_FILES+=(*.sqlite *.sqlite3 *.sqlite-journal *.db *.db-journal)
+ILLEGAL_FILES+=(credentials .terraform)
+
+failed=0
+for file in "${ILLEGAL_FILES[@]}"; do
+    matches=$(git ls-files "${file}" 2>/dev/null)
+    if [[ -n "${matches}" ]]; then
+        echo "Found illegal file: ${matches}"
+        failed=1
+    fi
+done
+
+if [ $failed -eq 1 ]; then
+    echo "FAIL: Found illegal files in repository."
+    echo "These files should not be committed to Git repositories - it is a good practice to add them to a .gitignore file."
+    echo "Please remove these files and try again."
+    exit 1
+fi
+

.csse6400/bin/validate_structure.sh

@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# Validate that the repository has the following structure:
+# -- README.md
+# -- main.tf
+# -- db.tf
+# -- ecs.tf
+# -- autoscaling.tf
+# -- lb.tf
+# -- k6.js
+#
+
+failed=0
+for file in README.md main.tf db.tf ecs.tf autoscaling.tf lb.tf k6.js; do
+    if [ ! -f "$file" ]; then
+        echo "FAIL: Missing $file"
+        failed=1
+    fi
+done
+
+if [ $failed -eq 1 ]; then
+    echo "Repository structure is not valid. Please fix the errors above."
+    exit 1
+fi
+

.github/workflows/classroom.yml

@@ -0,0 +1,41 @@
+# AWS credentials file
+credentials
+
+# Default Terrform .gitignore
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version 
+# control as they are data points which are potentially sensitive and subject 
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+
+# Ignore Apple .DS_store files
+**/.DS_Store

.gitignore

@@ -0,0 +1,9 @@
+# CSSE6400 Week 6 Practical
+
+Deploying our TaskOverflow application to ECS with a load balancer on AWS using Terraform.
+
+Please see the [instructions](https://csse6400.uqcloud.net/practicals/week06.pdf) for more details.
+
+Update this README file with appropriate information about your project, including how to run it.
+
+There are [resources](https://www.makeareadme.com) available to help you write a good README file.

README.md

@@ -0,0 +1,41 @@
+resource "aws_db_instance" "taskoverflow_database" {
+  allocated_storage      = 20
+  max_allocated_storage  = 1000
+  engine                 = "postgres"
+  engine_version         = "14"
+  instance_class         = "db.t4g.micro"
+  db_name                = "taskoverflow"
+  username               = local.database_username
+  password               = local.database_password
+  parameter_group_name   = "default.postgres14"
+  skip_final_snapshot    = true
+  vpc_security_group_ids = [aws_security_group.taskoverflow_database.id]
+  publicly_accessible    = true
+  tags = {
+    Name = "taskoverflow_database"
+  }
+}
+
+resource "aws_security_group" "taskoverflow_database" {
+  name        = "taskoverflow_database"
+  description = "Allow inbound Postgres traffic"
+
+  ingress {
+    from_port        = 5432
+    to_port          = 5432
+    protocol         = "tcp"
+    cidr_blocks      = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port        = 0
+    to_port          = 0
+    protocol         = "-1"
+    cidr_blocks      = ["0.0.0.0/0"]
+    ipv6_cidr_blocks = ["::/0"]
+  }
+
+  tags = {
+    Name = "taskoverflow_db_security_group"
+  }
+}

db.tf

@@ -0,0 +1,90 @@
+resource "aws_ecs_cluster" "taskoverflow" {
+  name = "taskoverflow"
+}
+
+resource "aws_ecs_task_definition" "taskoverflow" {
+  family                   = "taskoverflow"
+  network_mode             = "awsvpc"
+  requires_compatibilities = ["FARGATE"]
+  cpu                      = 1024
+  memory                   = 2048
+  execution_role_arn       = data.aws_iam_role.lab.arn
+
+  container_definitions = <<DEFINITION
+[
+  {
+    "image": "${local.image}",
+    "cpu": 1024,
+    "memory": 2048,
+    "name": "taskoverflow",
+    "networkMode": "awsvpc",
+    "portMappings": [
+      {
+        "containerPort": 6400,
+        "hostPort": 6400
+      }
+    ],
+    "environment": [
+      {
+        "name": "SQLALCHEMY_DATABASE_URI",
+        "value": "postgresql://${local.database_username}:${local.database_password}@${aws_db_instance.taskoverflow_database.address}:${aws_db_instance.taskoverflow_database.port}/${aws_db_instance.taskoverflow_database.db_name}"
+      }
+    ],
+    "logConfiguration": {
+      "logDriver": "awslogs",
+      "options": {
+        "awslogs-group": "/taskoverflow/db",
+        "awslogs-region": "us-east-1",
+        "awslogs-stream-prefix": "ecs",
+        "awslogs-create-group": "true"
+      }
+    }
+  }
+]
+DEFINITION
+}
+
+resource "aws_ecs_service" "taskoverflow" {
+  name            = "taskoverflow"
+  cluster         = aws_ecs_cluster.taskoverflow.id
+  task_definition = aws_ecs_task_definition.taskoverflow.arn
+  desired_count   = 1
+  launch_type     = "FARGATE"
+
+  network_configuration {
+    subnets             = data.aws_subnets.private.ids
+    security_groups     = [aws_security_group.taskoverflow.id]
+    assign_public_ip    = true
+  }
+
+}
+
+resource "aws_security_group" "taskoverflow" {
+  name = "taskoverflow"
+  description = "TaskOverflow Security Group"
+
+  ingress {
+    from_port = 6400
+    to_port = 6400
+    protocol = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  ingress {
+    from_port = 22
+    to_port = 22
+    protocol = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port = 0
+    to_port = 0
+    protocol = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  tags = {
+    Name = "taskoverflow_security_group"
+  }
+}

ecs.tf

@@ -0,0 +1,42 @@
+terraform {
+    required_providers {
+        aws = {
+            source  = "hashicorp/aws"
+            version = "~> 5.0"
+        }
+    }
+}
+
+provider "aws" {
+    region = "us-east-1"
+    shared_credentials_files = ["./credentials"]
+    default_tags {
+        tags = {
+            Course       = "CSSE6400"
+            Name         = "TaskOverflow"
+            Automation   = "Terraform"
+        }
+    }
+}
+
+locals {
+    image = "ghcr.io/csse6400/taskoverflow:latest"
+    database_username = "administrator"
+    database_password = "VerySecurePassword123XYZ"
+}
+
+data "aws_iam_role" "lab" {
+  name = "LabRole"
+}
+
+data "aws_vpc" "default" {
+    default = true
+}
+
+data "aws_subnets" "private" {
+  filter {
+    name   = "vpc-id"
+    values = [data.aws_vpc.default.id]
+  }
+}
+