Update terraform to accept ssh communication

81b23d04 · Kenneth · c9e7c247 · 81b23d04 · 81b23d04 · 81b23d04
Commit 81b23d04 authored 3 months ago by Kenneth
--- a/README.md
+++ b/README.md
@@ -86,6 +86,18 @@ Dans le terminal, se placer au niveau de app.py
 flask app.py 
 ```
+## DUMP d'une base locale 
+```
+pg_dump -h localhost -U postgres -d mydb -v -f ~/Cours_Architecture_logiciel/web_app/mydb.dump
+```
+Aller sur le fichier .dump et faite 
+il est nécessaire de retrouver le endpoint sur RDs
+```
+pg_restore -h kennethhugo-dev-rds-instance.cx4q20s8stp5.eu-west-3.rds.amazonaws.com -U postgres -f mydb.dump
+```
 ## Sitographie 
 https://medium.com/@samanthasalustri/why-pipenv-is-the-preferred-virtual-environment-tool-for-python-316bc54a5f13

--- a/terraform_VPC/Kenneth_Hugo.tfplan
+++ b/terraform_VPC/Kenneth_Hugo.tfplan
--- a/terraform_VPC/main.tf
+++ b/terraform_VPC/main.tf
@@ -43,6 +43,67 @@ data "aws_vpc" "this" {
  }
 }
+data "aws_subnet" "public" {
+  filter {
+    name   = "tag:Name"
+    values = ["PUBLIC_SUBNET"]
+  }
+}
+data "aws_subnet" "private-a" {
+  filter {
+    name   = "tag:Name"
+    values = ["PRIVATE_SUBNET_A"]
+  }
+}
+data "aws_subnet" "private-b" {
+  filter {
+    name   = "tag:Name"
+    values = ["PRIVATE_SUBNET_B"]
+  }
+}
+data "aws_vpc" "selected" {
+  filter {
+    name   = "tag:Name"
+    values = ["VPC"]
+  }
+}
+resource "aws_key_pair" "ec2" {
+   key_name   = lower("${var.identifiant}_key")
+   public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCdgUoVRIPCQHlBoaz6UfrvQ4gw2sxeV3PIgCmCSXUW+I9beSfrBs4ELbiuUsV33Y8rKRNQBxa60+J0bEwNtIXRARN7bfdVmukoIJ/LBPcj1XzjmcVE4RJCxSRQbiMYnbUG6Ps5m1sMXsGf0WoPuXIsYoRKHa4QtcqSqqm/G/BW4a0Kvwdfww2dYCKhNoniSPAnDGPowQpGzTc3nvO/ED7polY9T1b6kqaw5WSCWic/qUfgJ2Lxn+bus72vgelhqZhFSqJgTL2e3xPmqtmrUO/4U2kjF3YH120syEfvQFIg/PozQqfkupbDPB1Cx7/1ThZLpJT5Dv1I/kCuZQuNNZj7"
+}
+resource "aws_security_group" "ec2" {
+  name        = "${var.identifiant}_SG_EC2"
+  description = "ec2 Security Group"
+  vpc_id      = data.aws_vpc.selected.id
+  tags        = { Name = "${var.identifiant}_SG_EC2" }
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+resource "aws_security_group_rule" "allow_ec2_to_bastion" {
+  type                     = "ingress"
+  from_port                = 22
+  to_port                  = 22
+  protocol                 = "tcp"
+  source_security_group_id = data.aws_security_group.bastion.id
+  security_group_id        = aws_security_group.ec2.id
+}
+resource "aws_security_group_rule" "ssh_api_from_bastion" {
+  type                     = "ingress"
+  from_port                = 22
+  to_port                  = 22
+  protocol                 = "tcp"
+  source_security_group_id = data.aws_security_group.bastion.id
+  security_group_id        = aws_security_group.sg_api.id
+  description              = "SSH from Bastion to API"
+}
 ####################################
 # Subnets (A et B) - 2 AZ différentes
 ####################################
@@ -82,16 +143,16 @@ resource "aws_security_group" "sg_client" {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
-    cidr_blocks = [var.my_ip] 
+    security_groups  = [data.aws_security_group.bastion.id]
-    # var.my_ip = "0.0.0.0/0" par défaut, ou votre IP
+    //cidr_blocks = [] 
  }
-  # Autorise tout en sortie
+  # Autorise l'API en sortie 
  egress {
-    from_port   = 0
+    from_port   = 80
-    to_port     = 0
+    to_port     = 80
-    protocol    = -1
+    protocol    = "tcp"
-    cidr_blocks = ["0.0.0.0/0"]
  }
  tags = {
@@ -109,14 +170,17 @@ resource "aws_security_group" "sg_api" {
    from_port              = 5000
    to_port                = 5000
    protocol               = "tcp"
-    security_groups        = [aws_security_group.sg_client.id]
+    security_groups        = [aws_security_group.sg_client.id,data.aws_security_group.bastion.id]
  }
+    # ON autorise la connexion vers le RDS 
  egress {
-    from_port   = 0
+    description = "Allow traffic to RDS (5432)"
-    to_port     = 0
+    from_port   = 5432
-    protocol    = -1
+    to_port     = 5432
+    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
+    /*data.aws.subnet.private_subnet_a.cidr_blocks*/
  }
  tags = {
@@ -134,7 +198,7 @@ resource "aws_security_group" "sg_rds" {
    from_port       = 5432
    to_port         = 5432
    protocol        = "tcp"
-    security_groups = [aws_security_group.sg_api.id]
+    security_groups = [aws_security_group.sg_api.id, data.aws_security_group.bastion.id]
  }
  egress {
@@ -149,6 +213,13 @@ resource "aws_security_group" "sg_rds" {
  }
 }
+data "aws_security_group" "bastion" {
+  filter {
+    name   = "tag:Name"
+    values = ["SG_BASTION_EC2"]
+  }
+}
 ####################################
 # Instances EC2 : Client et API
 ####################################
@@ -172,6 +243,7 @@ data "aws_ami" "amazon_linux_2" {
 resource "aws_instance" "client" {
  ami                    = data.aws_ami.amazon_linux_2.id
  instance_type          = "t2.micro"
+  key_name               = aws_key_pair.ec2.id
  # On la met, par exemple, dans le subnet A
  subnet_id              = aws_subnet.private_subnet_a.id
@@ -186,6 +258,7 @@ resource "aws_instance" "client" {
 resource "aws_instance" "api" {
  ami                    = data.aws_ami.amazon_linux_2.id
  instance_type          = "t2.micro"
+    key_name               = aws_key_pair.ec2.id
  # On peut la mettre aussi dans le subnet A (ou B, au choix)
  subnet_id              = aws_subnet.private_subnet_a.id
@@ -212,15 +285,22 @@ resource "aws_db_subnet_group" "this" {
    Name = upper("${var.identifiant}_${terraform.workspace}_RDS_SUBNET_GROUP")
  }
 }
+variable "db_name" {
+  type        = string
+  description = "Nom de la base de données RDS"
+  default     = "mydb_hk"
+}
-/*
 resource "aws_db_instance" "mydb" {
  allocated_storage    = 5
  engine               = "postgres"
  engine_version       = "14.15"
-  instance_class       = "db.t2.micro"
+  instance_class       = "db.t3.micro"
  username             = "postgres"
+  db_name                 =  "mydb_HK"
  password             = "mysecretpassword"
+  multi_az = false
+  identifier = lower("${var.identifiant}-${terraform.workspace}-RDS-INSTANCE")
  skip_final_snapshot  = true
  db_subnet_group_name = aws_db_subnet_group.this.name
@@ -231,4 +311,3 @@ resource "aws_db_instance" "mydb" {
    Name = upper("${var.identifiant}_${terraform.workspace}_RDS_INSTANCE")
  }
 }
-*/
\ No newline at end of file
--- a/terraform_VPC/terraform.tfstate.d/DEV/terraform.tfstate
+++ b/terraform_VPC/terraform.tfstate.d/DEV/terraform.tfstate
--- a/terraform_VPC/terraform.tfstate.d/DEV/terraform.tfstate.backup
+++ b/terraform_VPC/terraform.tfstate.d/DEV/terraform.tfstate.backup