Terraform docker splunk deployment

src/Answer.King.Api/Answer.King.Api.csproj

@@ -18,7 +18,7 @@
   <ItemGroup>
     <PackageReference Include="AWS.Logger.AspNetCore" Version="3.3.0" />
     <PackageReference Include="AWS.Logger.SeriLog" Version="3.2.0" />
-    <PackageReference Include="AWSSDK.CloudWatchLogs" Version="3.7.104.33" />
+    <PackageReference Include="AWSSDK.CloudWatchLogs" Version="3.7.104.40" />
     <PackageReference Include="AWSSDK.Extensions.NETCore.Setup" Version="3.7.5" />
     <PackageReference Include="FluentValidation.AspNetCore" Version="11.2.2" />
     <PackageReference Include="Serilog" Version="2.12.0" />

src/Answer.King.Api/packages.lock.json

@@ -27,11 +27,11 @@
       },
       "AWSSDK.CloudWatchLogs": {
         "type": "Direct",
-        "requested": "[3.7.104.33, )",
-        "resolved": "3.7.104.33",
-        "contentHash": "IkG8APzfnH54VfIC8qUwDuuotsOd8kJ4FlXuUspzr9JA6V1QkXTiNHvEfooNnMP5UlFMKLMea1lZbDs8zBDDTw==",
+        "requested": "[3.7.104.40, )",
+        "resolved": "3.7.104.40",
+        "contentHash": "KDl4kHFiTkjGwtU31dgUbhS/ouYRHk/qftZZs+SR3rnR4lQFduvRYN/zWUUppti6MC1XT6uA7JTbE7UzEqjrkQ==",
         "dependencies": {
-          "AWSSDK.Core": "[3.7.105.19, 4.0.0)"
+          "AWSSDK.Core": "[3.7.106.4, 4.0.0)"
         }
       },
       "AWSSDK.Extensions.NETCore.Setup": {
@@ -211,8 +211,8 @@
       },
       "AWSSDK.Core": {
         "type": "Transitive",
-        "resolved": "3.7.105.19",
-        "contentHash": "RHSJu4gmQMvqGdxcNVNWglueXGFma+d6n3MUvWsMieosLbWvFq3TzCkeNF0Zmf69iUxNTHTWv+zoYNsFygZk+g=="
+        "resolved": "3.7.106.4",
+        "contentHash": "U+U7j0k5NxXXjjD9yxsVN5MjRpYlTSMyaDjLqwJaaeoFhycdkJ81t3Baret6VBwIGMmYpjAerk79vLAhvwU5Wg=="
       },
       "FluentValidation": {
         "type": "Transitive",

terraform/launch-config.tf

@@ -27,6 +27,7 @@ data "template_file" "user_data" {
 resource "aws_launch_configuration" "ecs_launch_config" {
     #checkov:skip=CKV_AWS_79:TODO: Disable the Instance Metadata Service or enable it with proper configuration (v2)
     #checkov:skip=CKV_AWS_8:TODO: Encrypt volume in future security ticket
+    #checkov:skip=CKV_AWS_315:TODO: Look into aws autoscaling if necessary
     image_id             = data.aws_ami.ecs_ami.id
     iam_instance_profile = aws_iam_instance_profile.ecs_instance_profile.name
     security_groups      = [aws_security_group.ecs_sg.id]
@@ -40,6 +41,7 @@ resource "aws_launch_configuration" "ecs_launch_config" {
 }
 
 resource "aws_autoscaling_group" "failure_analysis_ecs_asg" {
+    #checkov:skip=CKV_AWS_315:TODO: Look into aws autoscaling if necessary
     name                      = "${var.project_name}-auto-scaling-group"
     launch_configuration      = aws_launch_configuration.ecs_launch_config.name
     vpc_zone_identifier       = [

terraform/splunk/ec2/main.tf

@@ -0,0 +1,92 @@
+terraform {
+  required_version = "~> 1.3"
+
+  required_providers {
+    tls = {
+      source  = "hashicorp/tls"
+      version = ">= 4.0.4"
+    }
+  }
+}
+
+resource "aws_iam_instance_profile" "instance_profile" {
+  name = "${var.project_name}-ec2-monitoring-and-setup"
+  role = aws_iam_role.instance_role.name
+}
+
+resource "aws_iam_role" "instance_role" {
+  name               = "${var.project_name}-ec2-monitoring-and-setup"
+  assume_role_policy = <<-EOF
+  {
+    "Version": "2012-10-17",
+    "Statement": [
+      {
+        "Action": ["sts:AssumeRole"],
+        "Effect": "Allow",
+        "Principal": {
+          "Service": ["ec2.amazonaws.com"]
+        }
+      }
+    ]
+  }
+  EOF
+}
+
+resource "aws_iam_role_policy_attachment" "instance_role" {
+  for_each = toset([
+    "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM",
+    "arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy"
+  ])
+  role       = aws_iam_role.instance_role.name
+  policy_arn = each.value
+}
+
+resource "tls_private_key" "private_key" {
+  algorithm = "RSA"
+  rsa_bits  = 4096
+}
+
+resource "aws_key_pair" "key_pair" {
+  key_name   = "${var.project_name}-key-pair"
+  public_key = tls_private_key.private_key.public_key_openssh
+}
+
+resource "aws_instance" "ec2" {
+  instance_type = var.ec2_instance_type
+  key_name      = aws_key_pair.key_pair.key_name
+  ami           = var.ami_id
+  metadata_options {
+    http_endpoint = "enabled"
+    http_tokens = "required"
+  }
+  root_block_device {
+    encrypted = true
+  }
+
+  availability_zone           = var.availability_zone
+  subnet_id                   = var.subnet_id
+  vpc_security_group_ids      = var.vpc_security_group_ids
+  associate_public_ip_address = var.associate_public_ip_address
+
+  iam_instance_profile = aws_iam_instance_profile.instance_profile.name
+
+  user_data                   = var.user_data
+  user_data_replace_on_change = var.user_data_replace_on_change
+
+  tags = {
+    Name  = "${var.project_name}-ec2"
+    Owner = var.owner
+  }
+}
+
+resource "aws_eip" "public_elastic_ip" {
+  count = var.needs_elastic_ip == true ? 1 : 0
+
+  instance = aws_instance.ec2.id
+  vpc      = true
+
+  tags = {
+    Name  = "${var.project_name}-public-elastic-ip"
+    Owner = var.owner
+  }
+}

terraform/splunk/ec2/output.tf

@@ -0,0 +1,9 @@
+output "instance_public_ip_address" {
+  value       = aws_instance.ec2.public_ip
+  description = "This outputs the public IP associated with the EC2 instance. Note that this ouput will be the same as the elastic IP if `needs_elastic_ip` is set to `true`. This output is of type `string`."
+}
+
+output "ec2_id" {
+  value       = aws_instance.ec2.id
+  description = "This outputs the ID of the EC2 instance."
+}

terraform/splunk/ec2/variables.tf

@@ -0,0 +1,65 @@
+/*
+  MANDATORY VARIABLES
+*/
+variable "project_name" {
+  type        = string
+  description = "This is used to label the resources of the module."
+}
+
+variable "owner" {
+  type        = string
+  description = "This is used to specify the owner of the resources in this module."
+}
+
+variable "ami_id" {
+  type        = string
+  description = "This is the id of the ami image used for the ec2 instance."
+}
+
+variable "availability_zone" {
+  type        = string
+  description = "This is the availability zone you want the ec2 instance to be created in."
+}
+
+variable "subnet_id" {
+  type        = string
+  description = "This is the id of the subnet you want the ec2 instance to be created in."
+}
+
+variable "vpc_security_group_ids" {
+  type        = list(string)
+  description = "This is a list of ids that specifies the security groups you want your EC2 to be in. If you do not wish to specify a security group for your module then please set this value to an empty list"
+}
+
+/*
+  OPTIONAL VARIABLES
+*/
+variable "ec2_instance_type" {
+  type        = string
+  default     = "t2.micro"
+  description = "This is the type of EC2 instance you want."
+}
+
+variable "associate_public_ip_address" {
+  type        = bool
+  default     = true
+  description = "This is a boolean value indicating if a public IP address should be associated with the EC2 instance."
+}
+
+variable "user_data" {
+  type        = string
+  default     = ""
+  description = "This allows bash scripts and command line commands to be specified and run in the EC2 instance when launched. Do not pass gzip-compressed data via this argument."
+}
+
+variable "needs_elastic_ip" {
+  type        = bool
+  default     = false
+  description = "This is a boolean value indicating whether an elastic IP should be generated and associated with the EC2 instance."
+}
+
+variable "user_data_replace_on_change" {
+  type        = bool
+  default     = true
+  description = "This value indicates whether changes to the `user_data` value triggers a rebuild of the EC2 instance."
+}

terraform/splunk/splunk-backend.tf

@@ -0,0 +1,51 @@
+terraform {
+  backend "s3" {
+    bucket          = "answerking-splunk-terraform"
+    key             = "answerking-splunk-terraform.tfstate"
+    region          = "eu-west-2"
+    dynamodb_table  = "answerking-splunk-terraform-state"
+  }
+}
+
+/*
+resource "aws_s3_bucket" "terraform_backend_bucket" {
+  bucket = "answerking-splunk-terraform"
+
+  tags = {
+    Name = "answerking-splunk-terraform"
+  }
+}
+
+resource "aws_s3_bucket_acl" "terraform_backend_bucket_acl" {
+  bucket = aws_s3_bucket.terraform_backend_bucket.id
+  acl    = "private"
+}
+
+resource "aws_s3_bucket_public_access_block" "terraform_backend_bucket_public_access_block" {
+  bucket = aws_s3_bucket.terraform_backend_bucket.id
+
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true
+}
+
+resource "aws_s3_bucket_versioning" "terraform_backend_bucket_versioning" {
+  bucket = aws_s3_bucket.terraform_backend_bucket.id
+  versioning_configuration {
+    status = "Enabled"
+  }
+}
+
+resource "aws_dynamodb_table" "terraform_backend_state" {
+ name           = "answerking-splunk-terraform-state"
+ read_capacity  = 20
+ write_capacity = 20
+ hash_key       = "LockID"
+
+ attribute {
+   name = "LockID"
+   type = "S"
+ }
+}
+*/

terraform/splunk/splunk-providers.tf

@@ -0,0 +1,5 @@
+#aws provider here
+provider "aws" {
+  region                      = "eu-west-2"
+  skip_credentials_validation = true
+}

terraform/splunk/splunk-variables.tf

@@ -0,0 +1,23 @@
+variable "splunk_project_name" {
+  type = string
+  description = "Splunk Project Name"
+  default = "answerking-splunk-instance"
+}
+
+variable "splunk_project_owner" {
+  type = string
+  description = "Splunk Resource Owner"
+  default = "answerking"
+}
+
+variable "dns_base_domain_name" {
+  type        = string
+  description = "DNS Base Domain Name"
+  default     = "answerking.co.uk"
+}
+
+variable "dns_splunk_domain_name" {
+  type = string
+  description = "Splunk Domain Name"
+  default = "splunk.answerking.co.uk"
+}