Merge pull request #187 from XinFinOrg/XIN-293-add-more-terraform-managed-resources

Xin 293 add more terraform managed resources

cicd/devnet/terraform/efs.tf

@@ -0,0 +1,39 @@
+
+# EFS
+resource "aws_efs_file_system" "devnet_efs" {
+   creation_token = "efs"
+   performance_mode = "generalPurpose"
+   throughput_mode = "bursting"
+   encrypted = "true"
+   tags = {
+       Name = "TfDevnetEfs"
+   }
+ }
+
+resource "aws_efs_mount_target" "devnet_efs_efs_mount_target" {
+  file_system_id = aws_efs_file_system.devnet_efs.id
+  subnet_id      = aws_subnet.devnet_subnet.id
+  security_groups = [aws_security_group.devnet_efs_security_group.id]
+}
+
+resource "aws_efs_access_point" "devnet_efs_access_point" {
+  file_system_id = aws_efs_file_system.devnet_efs.id
+  for_each = var.devnet_node_kyes
+  root_directory {
+    path = "/${each.key}/database"
+    creation_info {
+      owner_gid = 1001
+      owner_uid = 1001
+      permissions = 777
+    }
+  }
+  posix_user {
+    gid = 1001
+    uid = 1001
+    secondary_gids = [0]
+  }
+  
+  tags = {
+       Name = "TfDevnetEfsAccessPoint-${each.key}"
+   }
+}

cicd/devnet/terraform/main.tf

@@ -75,4 +75,78 @@ resource "aws_route_table" "devnet_route_table" {
 resource "aws_route_table_association" "devnet_route_table_association" {
   subnet_id      = aws_subnet.devnet_subnet.id
   route_table_id = aws_route_table.devnet_route_table.id
-}
+}
+
+resource "aws_default_security_group" "devnet_xdcnode_security_group" {
+  vpc_id = aws_vpc.devnet_vpc.id
+
+  ingress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = -1
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  tags = {
+    Name = "TfDevnetNode"
+  }
+}
+
+resource "aws_security_group" "devnet_efs_security_group" {
+  name = "TfDevnetEfsSecurityGroup"
+  description = "Allow HTTP in and out of devnet EFS"
+  vpc_id = aws_vpc.devnet_vpc.id
+
+  ingress {
+    from_port   = 2049
+    to_port     = 2049
+    protocol    = "TCP"
+    security_groups = [aws_default_security_group.devnet_xdcnode_security_group.id]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  tags = {
+    Name = "TfDevnetEfs"
+  }
+}
+
+# IAM policies
+
+data "aws_iam_policy_document" "xdc_ecs_tasks_execution_role" {
+  statement {
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      type        = "Service"
+      identifiers = ["ecs-tasks.amazonaws.com"]
+    }
+  }
+}
+
+# Create the role
+resource "aws_iam_role" "devnet_xdc_ecs_tasks_execution_role" {
+  name               = "devnet-xdc-ecs-task-execution-role"
+  assume_role_policy = "${data.aws_iam_policy_document.xdc_ecs_tasks_execution_role.json}"
+}
+
+# Attached the AWS managed policies to the new role
+resource "aws_iam_role_policy_attachment" "devnet_xdc_ecs_tasks_execution_role" {
+  for_each = toset([
+    "arn:aws:iam::aws:policy/AmazonElasticFileSystemClientFullAccess", 
+    "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy",
+    "arn:aws:iam::aws:policy/AmazonElasticFileSystemsUtils"
+  ])
+  role       = aws_iam_role.devnet_xdc_ecs_tasks_execution_role.name
+  policy_arn = each.value
+}

cicd/devnet/terraform/variables.tf

@@ -0,0 +1,19 @@
+variable "devnet_node_kyes" {
+  description = "Array of nodes keys."
+  type        = map(any)
+  
+  /**
+    Below is the list of private keys you need to specify. It follows the pattern of 
+    {{Name of the node}}: {
+      pk: {{Value of the node private key}},
+      ... any other configuration we want to pass.
+    }
+    Note: No `n` is allowed in the node name
+  **/
+  default = {
+    xdc-1 = {
+      pk  = "3efdb44088929167487da052125162b48d8d54fe8f7b7db11b5d5cc3b9a1c14b",
+      isChaosNode = false # This is a placeholder, config not supported yet
+    }
+  }
+}