autonomys · DaMandal0rian · Jan 23, 2025 · Jan 23, 2025 · Jan 23, 2025 · Jan 23, 2025
diff --git a/auto-drive/backend.tf b/auto-drive/backend.tf
@@ -0,0 +1,9 @@
+terraform {
+  cloud {
+    organization = "subspace-sre"
+
+    workspaces {
+      name = "auto-drive-aws"
+    }
+  }
+}
diff --git a/auto-drive/db.tf b/auto-drive/db.tf
@@ -0,0 +1,155 @@
+data "aws_caller_identity" "current" {}
+
+################################################################################
+# RDS Module
+################################################################################
+
+module "db" {
+  source = "../templates/terraform/aws/rds/"
+
+  identifier = local.name
+
+  engine                   = "postgres"
+  engine_version           = "16"
+  engine_lifecycle_support = "open-source-rds-extended-support-disabled"
+  family                   = "postgres16" # DB parameter group
+  major_engine_version     = "16"         # DB option group
+  instance_class           = "db.t4g.large"
+
+  allocated_storage     = 50
+  max_allocated_storage = 200
+
+
+  db_name  = "postgres"
+  username = "postgres"
+  port     = 5432
+
+
+  manage_master_user_password_rotation              = true
+  master_user_password_rotate_immediately           = false
+  master_user_password_rotation_schedule_expression = "rate(15 days)"
+
+  multi_az               = true
+  db_subnet_group_name   = module.vpc_rds.database_subnet_group
+  vpc_security_group_ids = [module.security_group.security_group_id]
+
+  maintenance_window              = "Mon:00:00-Mon:03:00"
+  backup_window                   = "03:00-06:00"
+  enabled_cloudwatch_logs_exports = ["postgresql", "upgrade"]
+  create_cloudwatch_log_group     = true
+
+  backup_retention_period = 1
+  skip_final_snapshot     = true
+  deletion_protection     = false
+
+  performance_insights_enabled          = true
+  performance_insights_retention_period = 7
+  create_monitoring_role                = true
+  monitoring_interval                   = 60
+  monitoring_role_name                  = "example-monitoring-role-name"
+  monitoring_role_use_name_prefix       = true
+  monitoring_role_description           = "Description for monitoring role"
+
+  parameters = [
+    {
+      name  = "autovacuum"
+      value = 1
+    },
+    {
+      name  = "client_encoding"
+      value = "utf8"
+    }
+  ]
+
+  tags = local.tags
+  db_option_group_tags = {
+    "Sensitive" = "low"
+  }
+  db_parameter_group_tags = {
+    "Sensitive" = "low"
+  }
+  cloudwatch_log_group_tags = {
+    "Sensitive" = "high"
+  }
+}
+
+################################################################################
+# RDS Automated Backups Replication Module
+################################################################################
+
+provider "aws" {
+  alias  = "region2"
+  region = local.region2
+}
+
+module "kms" {
+  source      = "terraform-aws-modules/kms/aws"
+  version     = "~> 1.0"
+  description = "KMS key for cross region automated backups replication"
+
+  # Aliases
+  aliases                 = [local.name]
+  aliases_use_name_prefix = true
+
+  key_owners = [data.aws_caller_identity.current.arn]
+
+  tags = local.tags
+
+  providers = {
+    aws = aws.region2
+  }
+}
+
+module "db_automated_backups_replication" {
+  source = "../templates/terraform/aws/rds/modules/db_instance_automated_backups_replication"
+
+  source_db_instance_arn = module.db.db_instance_arn
+  kms_key_arn            = module.kms.key_arn
+
+  providers = {
+    aws = aws.region2
+  }
+}
+
+################################################################################
+# Supporting Resources
+################################################################################
+
+module "vpc_rds" {
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "~> 5.0"
+
+  name = local.name
+  cidr = local.vpc_cidr
+
+  azs              = local.azs
+  public_subnets   = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k)]
+  private_subnets  = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 3)]
+  database_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 6)]
+
+  create_database_subnet_group = true
+
+  tags = local.tags
+}
+
+module "security_group" {
+  source  = "terraform-aws-modules/security-group/aws"
+  version = "~> 5.0"
+
+  name        = local.name
+  description = "Auto Drive PostgreSQL security group"
+  vpc_id      = module.vpc_rds.vpc_id
+
+  # ingress
+  ingress_with_cidr_blocks = [
+    {
+      from_port   = 5432
+      to_port     = 5432
+      protocol    = "tcp"
+      description = "PostgreSQL access from within VPC"
+      cidr_blocks = module.vpc_rds.vpc_cidr_block
+    },
+  ]
+
+  tags = local.tags
+}
diff --git a/auto-drive/main.tf b/auto-drive/main.tf
@@ -0,0 +1,204 @@
+provider "aws" {
+  region = var.region
+}
+
+data "aws_availability_zones" "available" {
+  state = "available"
+}
+
+locals {
+  name    = basename(path.cwd)
+  region  = var.region
+  region2 = "us-west-1"
+
+  vpc_cidr = var.vpc_cidr
+  azs      = slice(data.aws_availability_zones.available.names, 0, var.az_count)
+
+  tags = merge(
+    {
+      Name = local.name
+    },
+    var.tags
+  )
+}
+
+################################################################################
+# Auto-Drive VPC
+################################################################################
+
+module "vpc" {
+  source = "../templates/terraform/aws/vpc"
+
+  name            = "${local.name}-vpc"
+  cidr            = var.vpc_cidr
+  azs             = local.azs
+  private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
+  public_subnets  = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
+
+  enable_nat_gateway = true
+  single_nat_gateway = true
+
+  tags = local.tags
+}
+
+################################################################################
+# Auto-Drive Security Group
+################################################################################
+
+resource "aws_security_group" "auto_drive_sg" {
+  name        = "auto_drive_sg"
+  description = "auto drive security group"
+  vpc_id      = var.vpc_cidr
+
+  # Ingress Rules
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+    description = "Allow SSH"
+  }
+
+  ingress {
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+    description = "Allow HTTP"
+  }
+
+  ingress {
+    from_port   = 443
+    to_port     = 443
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+    description = "Allow HTTPS"
+  }
+
+  # Egress Rules
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+    description = "Allow all outbound traffic"
+  }
+
+  tags = {
+    Name = "auto-drive-sg"
+  }
+}
+
+################################################################################
+# AMI Data Source
+################################################################################
+
+data "aws_ami" "ubuntu_amd64" {
+  most_recent = true
+
+  filter {
+    name   = "name"
+    values = ["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*"]
+  }
+
+  filter {
+    name   = "virtualization-type"
+    values = ["hvm"]
+  }
+
+  filter {
+    name   = "architecture"
+    values = ["x86_64"]
+  }
+
+  owners = ["099720109477"]
+}
+
+################################################################################
+# Auto-Drive Instances
+################################################################################
+
+module "ec2_auto_drive" {
+  source = "../templates/terraform/aws/ec2"
+
+  name                        = "${local.name}-backend"
+  count                       = var.auto_drive_instance_count
+  ami                         = data.aws_ami.ubuntu_amd64.id
+  instance_type               = var.auto_drive_instance_type
+  availability_zone           = element(local.azs, count.index % length(local.azs))
+  subnet_id                   = element(module.vpc.private_subnets, count.index % length(module.vpc.private_subnets))
+  vpc_security_group_ids      = [aws_security_group.auto_drive_sg.id]
+  associate_public_ip_address = false # Auto-drive instances use EIPs
+  ignore_ami_changes          = true
+  root_block_device = [
+    {
+      device_name = "/dev/sdf"
+      encrypted   = true
+      volume_type = "gp3"
+      throughput  = 250
+      volume_size = var.auto_drive_root_volume_size
+    }
+  ]
+  volume_tags = merge(
+    { "Name" = "${local.name}-backend-root-volume-${count.index}" },
+    var.tags
+  )
+  tags = merge(local.tags, { Role = "auto-drive" })
+}
+
+################################################################################
+# Gateway Instances
+################################################################################
+
+module "ec2_gateway" {
+  source                      = "../templates/terraform/aws/ec2"
+  name                        = "${local.name}-gateway"
+  count                       = var.gateway_instance_count
+  ami                         = data.aws_ami.ubuntu_amd64.id
+  instance_type               = var.gateway_instance_type
+  availability_zone           = element(local.azs, count.index % length(local.azs))
+  subnet_id                   = element(module.vpc.private_subnets, count.index % length(module.vpc.private_subnets))
+  vpc_security_group_ids      = [aws_security_group.auto_drive_sg.id]
+  associate_public_ip_address = false # Gateway instances use EIPs
+  ignore_ami_changes          = true
+  root_block_device = [
+    {
+      device_name = "/dev/sdf"
+      encrypted   = true
+      volume_type = "gp3"
+      throughput  = 250
+      volume_size = var.gateway_root_volume_size
+    }
+  ]
+  volume_tags = merge(
+    { "Name" = "${local.name}-gateway-root-volume-${count.index}" },
+    var.tags
+  )
+  tags = merge(local.tags, { Role = "gateway" })
+}
+
+################################################################################
+# Elastic IPs for Auto-Drive Instances
+################################################################################
+
+resource "aws_eip" "auto_drive_eip" {
+  count = var.auto_drive_instance_count
+
+  instance = module.ec2_auto_drive[count.index].id
+  tags = {
+    Name = "${local.name}-backend-eip-${count.index}"
+  }
+}
+
+################################################################################
+# Elastic IPs for Gateway Instances
+################################################################################
+
+resource "aws_eip" "gateway_eip" {
+  count = var.gateway_instance_count
+
+  instance = module.ec2_gateway[count.index].id
+  tags = {
+    Name = "${local.name}-gateway-eip-${count.index}"
+  }
+}