Feat: create QED isolated AWS deployments using terraform workspaces

BBVA · Apr 2, 2019 · e563f63 · e563f63
1 parent 218289f
commit e563f63
Show file tree

Hide file tree

Showing 10 changed files with 55 additions and 17 deletions.
diff --git a/deploy/aws/main.tf b/deploy/aws/main.tf
@@ -24,7 +24,7 @@ data "aws_iam_policy_document" "CloudWatchLogsFullAccess-assume-role-policy" {
 }
 
 resource "aws_iam_role" "CloudWatchLogsFullAccess" {
-  name               = "CloudWatchLogsFullAccess"
+  name               = "CloudWatchLogsFullAccess-${terraform.workspace}"
   assume_role_policy = "${data.aws_iam_policy_document.CloudWatchLogsFullAccess-assume-role-policy.json}"
 }
 
@@ -34,7 +34,7 @@ resource "aws_iam_role_policy_attachment" "CloudWatchLogsFullAccess-attach" {
 }
 
 resource "aws_iam_instance_profile" "qed-profile" {
-  name = "qed-profile"
+  name = "qed-profile-${terraform.workspace}"
   role = "${aws_iam_role.CloudWatchLogsFullAccess.name}"
 }
 

diff --git a/deploy/aws/modules/agent/main.tf b/deploy/aws/modules/agent/main.tf
@@ -46,5 +46,6 @@ resource "aws_instance" "qed-agent" {
     Name = "${format("${var.name}-%01d", count.index)}"
     Role = "${var.role}"
     DAM_OnOff = "NO"
+    Workspace = "${terraform.workspace}"
   }
 }
diff --git a/deploy/aws/modules/inmemory_storage/main.tf b/deploy/aws/modules/inmemory_storage/main.tf
@@ -46,5 +46,6 @@ resource "aws_instance" "inmemory-storage" {
     Name = "qed-${var.name}"
     Role = "${var.role}"
     DAM_OnOff = "NO"
+    Workspace = "${terraform.workspace}"
   }
 }
diff --git a/deploy/aws/modules/prometheus/main.tf b/deploy/aws/modules/prometheus/main.tf
@@ -53,5 +53,6 @@ resource "aws_instance" "prometheus" {
     Name = "qed-prometheus"
     Role = "${var.role}"
     DAM_OnOff = "NO"
+    Workspace = "${terraform.workspace}"
   }
 }
diff --git a/deploy/aws/modules/qed/main.tf b/deploy/aws/modules/qed/main.tf
@@ -53,5 +53,6 @@ resource "aws_instance" "qed-server" {
     Name = "${format("${var.name}-%01d", count.index)}"
     Role = "${var.role}"
     DAM_OnOff = "NO"
+    Workspace = "${terraform.workspace}"
   }
 }
diff --git a/deploy/aws/modules/riot/main.tf b/deploy/aws/modules/riot/main.tf
@@ -45,6 +45,7 @@ resource "aws_instance" "riot" {
   tags {
     Name = "qed-riot"
     Role = "${var.role}"
-    DAM_OnOff = "NO"    
+    DAM_OnOff = "NO"
+    Workspace = "${terraform.workspace}"
   }
 }
diff --git a/deploy/aws/network.tf b/deploy/aws/network.tf
@@ -23,7 +23,7 @@ resource "aws_vpc" "qed" {
   cidr_block           = "${var.vpc_cidr}"
 
   tags = {
-    Name = "QED"
+    Name = "QED-${terraform.workspace}"
   }
 }
 
@@ -33,15 +33,15 @@ resource "aws_subnet" "qed" {
   map_public_ip_on_launch = true
 
   tags = {
-    Name = "QED"
+    Name = "QED-${terraform.workspace}"
   }
 }
 
 resource "aws_internet_gateway" "qed" {
   vpc_id = "${aws_vpc.qed.id}"
 
   tags = {
-    Name = "QED"
+    Name = "QED-${terraform.workspace}"
   }
 }
 
@@ -56,7 +56,7 @@ resource "aws_vpc_dhcp_options" "qed" {
   domain_name_servers = ["AmazonProvidedDNS"]
 
   tags = {
-    Name = "QED"
+    Name = "QED-${terraform.workspace}"
   }
 }
 
@@ -65,12 +65,12 @@ resource "aws_vpc_dhcp_options_association" "qed" {
   dhcp_options_id = "${aws_vpc_dhcp_options.qed.id}"
 }
 
-data "aws_cloudwatch_log_group" "qed" {
-  name = "qed"
+resource "aws_cloudwatch_log_group" "qed" {
+  name = "qed-${terraform.workspace}"
 }
 
 resource "aws_iam_role" "qed" {
-  name = "qed"
+  name = "qed-${terraform.workspace}"
 
   assume_role_policy = <<EOF
 {
@@ -95,22 +95,22 @@ resource "aws_iam_role_policy_attachment" "qed" {
 }
 
 resource "aws_flow_log" "qed" {
-  log_destination = "${data.aws_cloudwatch_log_group.qed.arn}"
+  log_destination = "${aws_cloudwatch_log_group.qed.arn}"
   iam_role_arn    = "${aws_iam_role.qed.arn}"
   vpc_id          = "${aws_vpc.qed.id}"
   traffic_type    = "ALL"
 }
 
 resource "aws_key_pair" "qed" {
-  key_name   = "qed"
+  key_name   = "qed-${terraform.workspace}"
   public_key = "${file("${var.keypath}.pub")}"
 }
 
 module "security_group" {
   source  = "terraform-aws-modules/security-group/aws"
   version = "2.11.0"
 
-  name        = "qed"
+  name        = "qed-${terraform.workspace}"
   description = "Security group for QED usage"
   vpc_id      = "${aws_vpc.qed.id}"
 
@@ -180,7 +180,7 @@ module "prometheus_security_group" {
   source  = "terraform-aws-modules/security-group/aws"
   version = "2.11.0"
 
-  name        = "prometheus"
+  name        = "prometheus-${terraform.workspace}"
   description = "Security group for Prometheus/Grafana usage"
   vpc_id      = "${aws_vpc.qed.id}"
 

diff --git a/deploy/aws/pre-build/bucket.tf b/deploy/aws/pre-build/bucket.tf
@@ -1,3 +1,18 @@
+/*
+   Copyright 2018-2019 Banco Bilbao Vizcaya Argentaria, S.A.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
 terraform {
   required_version = ">= 0.11.11"
 }
@@ -15,7 +30,6 @@ resource "aws_kms_key" "bucket-key" {
 
 resource "aws_s3_bucket" "terraform-qed-cluster" {
   bucket = "terraform-qed-cluster"
-
   versioning {
     enabled = true
   }

diff --git a/deploy/aws/usage.md b/deploy/aws/usage.md
@@ -7,11 +7,9 @@
 * Terraform (go get github.com/hashicorp/terraform)
 
 ## Init 
-
 ```
 $ export GO111MODULE=on
 $ terraform init -backend-config "profile=${your_aws_profile}"
-
 ```
 
 ## Bandaid
@@ -20,6 +18,12 @@ If terraform misbehaves, give it a gentle nudge like this:
 $ terraform init -backend-config "profile=${your_aws_profile} -reconfigure"
 ```
 
+## Testing purposes: create an isolated workspace
+```
+$ terraform workspace new <workspace_name>
+$ terraform select <workspace_name>
+```
+
 ## Deploy
 ```
 $ terraform apply -auto-approve 

diff --git a/deploy/aws/variables.tf b/deploy/aws/variables.tf
@@ -1,3 +1,18 @@
+/*
+   Copyright 2018-2019 Banco Bilbao Vizcaya Argentaria, S.A.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
 variable "aws_profile" {
   default = "bbva-labs"
 }