Skip to content
This repository has been archived by the owner on Jul 11, 2023. It is now read-only.

New example: Confluence #304

wants to merge 1 commit into
base: master
Choose a base branch

New example: Confluence #304

wants to merge 1 commit into from


Copy link

@Magicloud Magicloud commented Mar 1, 2020

The example runs Confluence Docker image in a single node ASG, with a RDS, and two ALBs (internal and external). The ALBs have domain names set, and TLS cert (from ACM).


name: Pull request template
about: Make a PR to terraform-aws-foundation

Please include the following in your PR:

Please also note that these are not hard requirements, but merely serve to define
what maintainers are looking for in PR's. Including these will more likely lead
to your PR being reviewed and accepted.

  • Update the changelog
  • Make sure that modules and files are documented. This can be done inside the module and files.
  • Make sure that new modules directories contain a basic file.
  • Make sure that the module is added to tests/
  • Make sure that the linting passes on CI.
  • Make sure that there is an up to date example for your code:
    - For new modules this would entail example code for how to use the module or some explanation in the module readme.
    - For new examples please provide a README explaining how to run the example. It's also ideal to provide a basic makefile to use the example as well.
  • Make sure that there is a manual CI trigger that can test the deployment.

@Magicloud Magicloud requested a review from ketzacoatl March 1, 2020 00:05
@Magicloud Magicloud closed this Mar 1, 2020
@Magicloud Magicloud reopened this Mar 1, 2020
@Magicloud Magicloud changed the title Enable attach ELB to single node ASG. New example: Confluence Mar 1, 2020
@Magicloud Magicloud force-pushed the confluence branch 5 times, most recently from f0378d7 to 0b468b2 Compare March 1, 2020 02:41
Copy link


@Magicloud Magicloud force-pushed the confluence branch 3 times, most recently from e35629b to 25f16a7 Compare March 3, 2020 15:25
Copy link
Contributor Author


  # data.template_file.docker_compose will be read during apply
  # (config refers to values not yet known)
 <= data "template_file" "docker_compose"  {
      + id       = (known after apply)
      + rendered = (known after apply)
      + template = <<~EOT
            version: "3.7"
                image: atlassian/confluence-server
                  - "${http_port}:8090"
                  - /data/confluence:/var/atlassian/application-data/confluence
                  - ATL_JDBC_URL=jdbc:postgresql://${db_host}:5432/${db_db}
                  - ATL_JDBC_USER=${db_user}
                  - ATL_JDBC_PASSWORD='${db_pass}'
                  - ATL_DB_TYPE=postgresql
      + vars     = {
          + "db_db"     = "confluence"
          + "db_host"   = (known after apply)
          + "db_pass"   = "Fpco!234"
          + "db_user"   = "confluence"
          + "http_port" = "80"

  # aws_acm_certificate.cert will be created
  + resource "aws_acm_certificate" "cert" {
      + arn                       = (known after apply)
      + domain_name               = (known after apply)
      + domain_validation_options = (known after apply)
      + id                        = (known after apply)
      + subject_alternative_names = (known after apply)
      + validation_emails         = (known after apply)
      + validation_method         = "DNS"

  # aws_acm_certificate_validation.validation will be created
  + resource "aws_acm_certificate_validation" "validation" {
      + certificate_arn         = (known after apply)
      + id                      = (known after apply)
      + validation_record_fqdns = (known after apply)

  # aws_autoscaling_attachment.asg_ext_alb will be created
  + resource "aws_autoscaling_attachment" "asg_ext_alb" {
      + alb_target_group_arn   = (known after apply)
      + autoscaling_group_name = (known after apply)
      + id                     = (known after apply)

  # aws_autoscaling_attachment.asg_int_alb will be created
  + resource "aws_autoscaling_attachment" "asg_int_alb" {
      + alb_target_group_arn   = (known after apply)
      + autoscaling_group_name = (known after apply)
      + id                     = (known after apply)

  # aws_route53_record.cert_validation_ext will be created
  + resource "aws_route53_record" "cert_validation_ext" {
      + allow_overwrite = (known after apply)
      + fqdn            = (known after apply)
      + id              = (known after apply)
      + name            = (known after apply)
      + records         = (known after apply)
      + ttl             = 60
      + type            = (known after apply)
      + zone_id         = "Z962O7HXEQOHW"

  # aws_route53_record.cert_validation_int will be created
  + resource "aws_route53_record" "cert_validation_int" {
      + allow_overwrite = (known after apply)
      + fqdn            = (known after apply)
      + id              = (known after apply)
      + name            = (known after apply)
      + records         = (known after apply)
      + ttl             = 60
      + type            = (known after apply)
      + zone_id         = "Z962O7HXEQOHW"

  # aws_route53_record.ext will be created
  + resource "aws_route53_record" "ext" {
      + allow_overwrite = (known after apply)
      + fqdn            = (known after apply)
      + id              = (known after apply)
      + name            = ""
      + type            = "A"
      + zone_id         = "Z962O7HXEQOHW"

      + alias {
          + evaluate_target_health = true
          + name                   = (known after apply)
          + zone_id                = (known after apply)

  # will be created
  + resource "aws_route53_record" "int" {
      + allow_overwrite = (known after apply)
      + fqdn            = (known after apply)
      + id              = (known after apply)
      + name            = ""
      + type            = "A"
      + zone_id         = "Z962O7HXEQOHW"

      + alias {
          + evaluate_target_health = true
          + name                   = (known after apply)
          + zone_id                = (known after apply)

  # aws_security_group_rule.asg_ext_alb_http_port_sg_rule will be created
  + resource "aws_security_group_rule" "asg_ext_alb_http_port_sg_rule" {
      + description              = "HTTP ingress for ext ALB"
      + from_port                = 80
      + id                       = (known after apply)
      + protocol                 = "tcp"
      + security_group_id        = (known after apply)
      + self                     = false
      + source_security_group_id = (known after apply)
      + to_port                  = 80
      + type                     = "ingress"

  # aws_security_group_rule.asg_int_alb_http_port_sg_rule will be created
  + resource "aws_security_group_rule" "asg_int_alb_http_port_sg_rule" {
      + description              = "HTTP ingress for int ALB"
      + from_port                = 80
      + id                       = (known after apply)
      + protocol                 = "tcp"
      + security_group_id        = (known after apply)
      + self                     = false
      + source_security_group_id = (known after apply)
      + to_port                  = 80
      + type                     = "ingress"

  # aws_security_group_rule.rds_sg_rule will be created
  + resource "aws_security_group_rule" "rds_sg_rule" {
      + description              = "PGSQL ingress for RDS"
      + from_port                = 5432
      + id                       = (known after apply)
      + protocol                 = "tcp"
      + security_group_id        = (known after apply)
      + self                     = false
      + source_security_group_id = (known after apply)
      + to_port                  = 5432
      + type                     = "ingress"

  # will be read during apply
  # (config refers to values not yet known)
 <= data "aws_subnet" "server-subnet"  {
      + arn                             = (known after apply)
      + assign_ipv6_address_on_creation = (known after apply)
      + availability_zone               = (known after apply)
      + availability_zone_id            = (known after apply)
      + cidr_block                      = (known after apply)
      + default_for_az                  = (known after apply)
      + id                              = (known after apply)
      + ipv6_cidr_block                 = (known after apply)
      + ipv6_cidr_block_association_id  = (known after apply)
      + map_public_ip_on_launch         = (known after apply)
      + owner_id                        = (known after apply)
      + state                           = (known after apply)
      + tags                            = (known after apply)
      + vpc_id                          = (known after apply)

  # module.asg-sg.aws_security_group.main will be created
  + resource "aws_security_group" "main" {
      + arn                    = (known after apply)
      + description            = "SG for ASG"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = "asg-sg"
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "Name" = "asg-sg"
      + vpc_id                 = (known after apply)

  # module.asg-to-world.aws_security_group_rule.open_egress will be created
  + resource "aws_security_group_rule" "open_egress" {
      + cidr_blocks              = [
          + "",
      + description              = "OPEN egress, all ports, all protocols"
      + from_port                = 0
      + id                       = (known after apply)
      + protocol                 = "-1"
      + security_group_id        = (known after apply)
      + self                     = false
      + source_security_group_id = (known after apply)
      + to_port                  = 0
      + type                     = "egress"

  # will be created
  + resource "aws_dlm_lifecycle_policy" "ebs-lifecycle-policy" {
      + arn                = (known after apply)
      + description        = "DLM lifecycle policy"
      + execution_role_arn = (known after apply)
      + id                 = (known after apply)
      + state              = "ENABLED"

      + policy_details {
          + resource_types = [
              + "VOLUME",
          + target_tags    = (known after apply)

          + schedule {
              + copy_tags   = true
              + name        = "confluence One week of daily snapshots"
              + tags_to_add = {
                  + "SnapshotCreator" = "DLM lifecycle"

              + create_rule {
                  + interval      = 24
                  + interval_unit = "HOURS"
                  + times         = [
                      + "23:45",

              + retain_rule {
                  + count = 14

  # will be created
  + resource "aws_iam_role" "dlm_lifecycle_role" {
      + arn                   = (known after apply)
      + assume_role_policy    = jsonencode(
              + Statement = [
                  + {
                      + Action    = "sts:AssumeRole"
                      + Effect    = "Allow"
                      + Principal = {
                          + Service = ""
                      + Sid       = ""
              + Version   = "2012-10-17"
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + max_session_duration  = 3600
      + name                  = "dlm-lifecycle-role"
      + path                  = "/"
      + unique_id             = (known after apply)

  # will be created
  + resource "aws_iam_role_policy" "dlm_lifecycle_policy" {
      + id     = (known after apply)
      + name   = "dlm-lifecycle-policy"
      + policy = jsonencode(
              + Statement = [
                  + {
                      + Action   = [
                          + "ec2:CreateSnapshot",
                          + "ec2:DeleteSnapshot",
                          + "ec2:DescribeVolumes",
                          + "ec2:DescribeSnapshots",
                      + Effect   = "Allow"
                      + Resource = "*"
                  + {
                      + Action   = [
                          + "ec2:CreateTags",
                      + Effect   = "Allow"
                      + Resource = "arn:aws:ec2:*::snapshot/*"
              + Version   = "2012-10-17"
      + role   = (known after apply)

  # module.ext-alb.aws_lb.alb will be created
  + resource "aws_lb" "alb" {
      + arn                        = (known after apply)
      + arn_suffix                 = (known after apply)
      + dns_name                   = (known after apply)
      + enable_deletion_protection = false
      + enable_http2               = true
      + id                         = (known after apply)
      + idle_timeout               = 60
      + internal                   = false
      + ip_address_type            = (known after apply)
      + load_balancer_type         = "application"
      + name                       = "confluence-ext-alb"
      + security_groups            = (known after apply)
      + subnets                    = (known after apply)
      + vpc_id                     = (known after apply)
      + zone_id                    = (known after apply)

      + subnet_mapping {
          + allocation_id = (known after apply)
          + subnet_id     = (known after apply)

  # module.ext-alb.aws_security_group.alb_sg will be created
  + resource "aws_security_group" "alb_sg" {
      + arn                    = (known after apply)
      + description            = "Managed by Terraform"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = (known after apply)
      + name_prefix            = "confluence-ext-alb_sb"
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + vpc_id                 = (known after apply)

  # module.ext-alb-to-asg.aws_security_group_rule.open_egress will be created
  + resource "aws_security_group_rule" "open_egress" {
      + cidr_blocks              = [
          + "",
      + description              = "OPEN egress, all ports, all protocols"
      + from_port                = 0
      + id                       = (known after apply)
      + protocol                 = "-1"
      + security_group_id        = (known after apply)
      + self                     = false
      + source_security_group_id = (known after apply)
      + to_port                  = 0
      + type                     = "egress"

  # will be created
  + resource "aws_lb_listener" "lb-listener" {
      + arn               = (known after apply)
      + certificate_arn   = (known after apply)
      + id                = (known after apply)
      + load_balancer_arn = (known after apply)
      + port              = 443
      + protocol          = "HTTPS"
      + ssl_policy        = "ELBSecurityPolicy-2016-08"

      + default_action {
          + order            = (known after apply)
          + target_group_arn = (known after apply)
          + type             = "forward"

  # will be created
  + resource "aws_lb_target_group" "lb-tg" {
      + arn                                = (known after apply)
      + arn_suffix                         = (known after apply)
      + deregistration_delay               = 300
      + id                                 = (known after apply)
      + lambda_multi_value_headers_enabled = false
      + name                               = "confluence-ext-https-tg"
      + port                               = 80
      + protocol                           = "HTTP"
      + proxy_protocol_v2                  = false
      + slow_start                         = 0
      + target_type                        = "instance"
      + vpc_id                             = (known after apply)

      + health_check {
          + enabled             = (known after apply)
          + healthy_threshold   = (known after apply)
          + interval            = (known after apply)
          + matcher             = (known after apply)
          + path                = (known after apply)
          + port                = (known after apply)
          + protocol            = (known after apply)
          + timeout             = (known after apply)
          + unhealthy_threshold = (known after apply)

      + stickiness {
          + cookie_duration = (known after apply)
          + enabled         = (known after apply)
          + type            = (known after apply)

  # module.ext_alb_http_port_sg_rule.aws_security_group_rule.tcp_ingress[0] will be created
  + resource "aws_security_group_rule" "tcp_ingress" {
      + cidr_blocks              = [
          + "",
      + description              = "HTTP ingress for ALB (tcp)"
      + from_port                = 80
      + id                       = (known after apply)
      + protocol                 = "tcp"
      + security_group_id        = (known after apply)
      + self                     = false
      + source_security_group_id = (known after apply)
      + to_port                  = 80
      + type                     = "ingress"

  # module.ext_alb_https_port_sg_rule.aws_security_group_rule.tcp_ingress[0] will be created
  + resource "aws_security_group_rule" "tcp_ingress" {
      + cidr_blocks              = [
          + "",
      + description              = "HTTPS ingress for ALB (tcp)"
      + from_port                = 443
      + id                       = (known after apply)
      + protocol                 = "tcp"
      + security_group_id        = (known after apply)
      + self                     = false
      + source_security_group_id = (known after apply)
      + to_port                  = 443
      + type                     = "ingress"

  # will be created
  + resource "aws_lb_listener" "lb-listener" {
      + arn               = (known after apply)
      + id                = (known after apply)
      + load_balancer_arn = (known after apply)
      + port              = 80
      + protocol          = "HTTP"
      + ssl_policy        = (known after apply)

      + default_action {
          + order = (known after apply)
          + type  = "redirect"

          + redirect {
              + host        = "#{host}"
              + path        = "/#{path}"
              + port        = "443"
              + protocol    = "HTTPS"
              + query       = "#{query}"
              + status_code = "HTTP_301"

  # will be created
  + resource "aws_lb" "alb" {
      + arn                        = (known after apply)
      + arn_suffix                 = (known after apply)
      + dns_name                   = (known after apply)
      + enable_deletion_protection = false
      + enable_http2               = true
      + id                         = (known after apply)
      + idle_timeout               = 60
      + internal                   = true
      + ip_address_type            = (known after apply)
      + load_balancer_type         = "application"
      + name                       = "confluence-int-alb"
      + security_groups            = (known after apply)
      + subnets                    = (known after apply)
      + vpc_id                     = (known after apply)
      + zone_id                    = (known after apply)

      + subnet_mapping {
          + allocation_id = (known after apply)
          + subnet_id     = (known after apply)

  # will be created
  + resource "aws_security_group" "alb_sg" {
      + arn                    = (known after apply)
      + description            = "Managed by Terraform"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = (known after apply)
      + name_prefix            = "confluence-int-alb_sb"
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + vpc_id                 = (known after apply)

  # will be created
  + resource "aws_security_group_rule" "open_egress" {
      + cidr_blocks              = [
          + "",
      + description              = "OPEN egress, all ports, all protocols"
      + from_port                = 0
      + id                       = (known after apply)
      + protocol                 = "-1"
      + security_group_id        = (known after apply)
      + self                     = false
      + source_security_group_id = (known after apply)
      + to_port                  = 0
      + type                     = "egress"

  # will be created
  + resource "aws_lb_listener" "lb-listener" {
      + arn               = (known after apply)
      + certificate_arn   = (known after apply)
      + id                = (known after apply)
      + load_balancer_arn = (known after apply)
      + port              = 443
      + protocol          = "HTTPS"
      + ssl_policy        = "ELBSecurityPolicy-2016-08"

      + default_action {
          + order            = (known after apply)
          + target_group_arn = (known after apply)
          + type             = "forward"

  # will be created
  + resource "aws_lb_target_group" "lb-tg" {
      + arn                                = (known after apply)
      + arn_suffix                         = (known after apply)
      + deregistration_delay               = 300
      + id                                 = (known after apply)
      + lambda_multi_value_headers_enabled = false
      + name                               = "confluence-int-https-tg"
      + port                               = 80
      + protocol                           = "HTTP"
      + proxy_protocol_v2                  = false
      + slow_start                         = 0
      + target_type                        = "instance"
      + vpc_id                             = (known after apply)

      + health_check {
          + enabled             = (known after apply)
          + healthy_threshold   = (known after apply)
          + interval            = (known after apply)
          + matcher             = (known after apply)
          + path                = (known after apply)
          + port                = (known after apply)
          + protocol            = (known after apply)
          + timeout             = (known after apply)
          + unhealthy_threshold = (known after apply)

      + stickiness {
          + cookie_duration = (known after apply)
          + enabled         = (known after apply)
          + type            = (known after apply)

  # module.int_alb_http_port_sg_rule.aws_security_group_rule.tcp_ingress[0] will be created
  + resource "aws_security_group_rule" "tcp_ingress" {
      + cidr_blocks              = [
          + "",
      + description              = "HTTP ingress for ALB (tcp)"
      + from_port                = 80
      + id                       = (known after apply)
      + protocol                 = "tcp"
      + security_group_id        = (known after apply)
      + self                     = false
      + source_security_group_id = (known after apply)
      + to_port                  = 80
      + type                     = "ingress"

  # module.int_alb_https_port_sg_rule.aws_security_group_rule.tcp_ingress[0] will be created
  + resource "aws_security_group_rule" "tcp_ingress" {
      + cidr_blocks              = [
          + "",
      + description              = "HTTPS ingress for ALB (tcp)"
      + from_port                = 443
      + id                       = (known after apply)
      + protocol                 = "tcp"
      + security_group_id        = (known after apply)
      + self                     = false
      + source_security_group_id = (known after apply)
      + to_port                  = 443
      + type                     = "ingress"

  # will be created
  + resource "aws_lb_listener" "lb-listener" {
      + arn               = (known after apply)
      + id                = (known after apply)
      + load_balancer_arn = (known after apply)
      + port              = 80
      + protocol          = "HTTP"
      + ssl_policy        = (known after apply)

      + default_action {
          + order = (known after apply)
          + type  = "redirect"

          + redirect {
              + host        = "#{host}"
              + path        = "/#{path}"
              + port        = "443"
              + protocol    = "HTTPS"
              + query       = "#{query}"
              + status_code = "HTTP_301"

  # module.rds.aws_db_instance.default will be created
  + resource "aws_db_instance" "default" {
      + address                               = (known after apply)
      + allocated_storage                     = 20
      + apply_immediately                     = (known after apply)
      + arn                                   = (known after apply)
      + auto_minor_version_upgrade            = true
      + availability_zone                     = (known after apply)
      + backup_retention_period               = 7
      + backup_window                         = (known after apply)
      + ca_cert_identifier                    = (known after apply)
      + character_set_name                    = (known after apply)
      + copy_tags_to_snapshot                 = false
      + db_subnet_group_name                  = (known after apply)
      + delete_automated_backups              = true
      + endpoint                              = (known after apply)
      + engine                                = "postgres"
      + engine_version                        = "11"
      + hosted_zone_id                        = (known after apply)
      + id                                    = (known after apply)
      + identifier                            = (known after apply)
      + identifier_prefix                     = "confluence"
      + instance_class                        = "db.m5.xlarge"
      + kms_key_id                            = (known after apply)
      + license_model                         = (known after apply)
      + maintenance_window                    = (known after apply)
      + monitoring_interval                   = 30
      + monitoring_role_arn                   = (known after apply)
      + multi_az                              = true
      + name                                  = "confluence"
      + option_group_name                     = (known after apply)
      + parameter_group_name                  = (known after apply)
      + password                              = (sensitive value)
      + performance_insights_enabled          = false
      + performance_insights_kms_key_id       = (known after apply)
      + performance_insights_retention_period = (known after apply)
      + port                                  = (known after apply)
      + publicly_accessible                   = false
      + replicas                              = (known after apply)
      + resource_id                           = (known after apply)
      + skip_final_snapshot                   = false
      + status                                = (known after apply)
      + storage_type                          = "gp2"
      + timezone                              = (known after apply)
      + username                              = "confluence"
      + vpc_security_group_ids                = (known after apply)

  # module.rds.aws_db_subnet_group.rds_private_subnet will be created
  + resource "aws_db_subnet_group" "rds_private_subnet" {
      + arn         = (known after apply)
      + description = "Managed by Terraform"
      + id          = (known after apply)
      + name        = (known after apply)
      + name_prefix = (known after apply)
      + subnet_ids  = (known after apply)

  # module.rds.aws_iam_role.rds_enhanced_monitoring will be created
  + resource "aws_iam_role" "rds_enhanced_monitoring" {
      + arn                   = (known after apply)
      + assume_role_policy    = jsonencode(
              + Statement = [
                  + {
                      + Action    = "sts:AssumeRole"
                      + Effect    = "Allow"
                      + Principal = {
                          + Service = ""
                      + Sid       = ""
              + Version   = "2012-10-17"
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + max_session_duration  = 3600
      + name                  = (known after apply)
      + name_prefix           = "confluence"
      + path                  = "/"
      + unique_id             = (known after apply)

  # module.rds.aws_iam_role_policy_attachment.rds_enhanced_monitoring will be created
  + resource "aws_iam_role_policy_attachment" "rds_enhanced_monitoring" {
      + id         = (known after apply)
      + policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole"
      + role       = (known after apply)

  # module.rds-sg.aws_security_group.main will be created
  + resource "aws_security_group" "main" {
      + arn                    = (known after apply)
      + description            = "SG for RDS"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = "rds-sg"
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "Name" = "rds-sg"
      + vpc_id                 = (known after apply)

  # module.ssh-port-sg-rule.aws_security_group_rule.tcp_ingress[0] will be created
  + resource "aws_security_group_rule" "tcp_ingress" {
      + cidr_blocks              = [
          + "",
      + description              = "SSH from anywhere, for debug. (tcp)"
      + from_port                = 22
      + id                       = (known after apply)
      + protocol                 = "tcp"
      + security_group_id        = (known after apply)
      + self                     = false
      + source_security_group_id = (known after apply)
      + to_port                  = 22
      + type                     = "ingress"

  # will be read during apply
  # (config refers to values not yet known)
 <= data "template_file" "init_snippet"  {
      + id       = (known after apply)
      + rendered = (known after apply)
      + template = <<~EOT
            # start snippet - attach EBS volume
            export AWS_DEFAULT_REGION=${region}
            INSTANCE_ID="$(wget -O- || curl"
            echo "${log_prefix} will attach $${VOLUME_ID} via the AWS API in ${region}"
            while ! aws ec2 attach-volume                     \
                      --volume-id "$${VOLUME_ID}"     \
                      --instance-id "$${INSTANCE_ID}" \
                      --device '${device_path}'; do
              echo "Attaching command failed to run. Retrying."
              sleep '${wait_interval}'
            echo "${log_prefix} $${VOLUME_ID} attached."
            vol_id="$(echo "$${VOLUME_ID}" | tr -d '-')"
            while [ ! -e /dev/disk/by-id/*-Amazon_Elastic_Block_Store_$${vol_id} ]; do
              sleep '${wait_interval}' 
            dev_id="$(ls /dev/disk/by-id/*-Amazon_Elastic_Block_Store_$${vol_id} | head -1)"
            dev_name="/dev/$(readlink "$${dev_id}" | tr / '\n' | tail -1)"
            [ "$${dev_name}" == "${device_path}" ] || ln -s "$${dev_name}" "${device_path}"
      + vars     = {
          + "device_path"   = "/dev/xvdf"
          + "init_prefix"   = ""
          + "init_suffix"   = ""
          + "log_level"     = "info"
          + "log_prefix"    = "OPS: "
          + "region"        = "ap-northeast-1"
          + "volume_id"     = (known after apply)
          + "wait_interval" = "5"

  # module.asg.module.instance_profile.aws_iam_instance_profile.profile will be created
  + resource "aws_iam_instance_profile" "profile" {
      + arn         = (known after apply)
      + create_date = (known after apply)
      + id          = (known after apply)
      + name        = (known after apply)
      + name_prefix = (known after apply)
      + path        = "/"
      + role        = (known after apply)
      + roles       = (known after apply)
      + unique_id   = (known after apply)

  # module.asg.module.instance_profile.aws_iam_role.role will be created
  + resource "aws_iam_role" "role" {
      + arn                   = (known after apply)
      + assume_role_policy    = jsonencode(
              + Statement = [
                  + {
                      + Action    = "sts:AssumeRole"
                      + Effect    = "Allow"
                      + Principal = {
                          + Service = ""
                      + Sid       = ""
              + Version   = "2012-10-17"
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + max_session_duration  = 3600
      + name                  = (known after apply)
      + path                  = "/"
      + unique_id             = (known after apply)

  # module.asg.module.server.aws_autoscaling_group.cluster will be created
  + resource "aws_autoscaling_group" "cluster" {
      + arn                       = (known after apply)
      + availability_zones        = (known after apply)
      + default_cooldown          = (known after apply)
      + desired_capacity          = (known after apply)
      + force_delete              = true
      + health_check_grace_period = 300
      + health_check_type         = "EC2"
      + id                        = (known after apply)
      + launch_configuration      = (known after apply)
      + load_balancers            = (known after apply)
      + max_size                  = 1
      + metrics_granularity       = "1Minute"
      + min_size                  = 1
      + name                      = (known after apply)
      + name_prefix               = (known after apply)
      + protect_from_scale_in     = false
      + service_linked_role_arn   = (known after apply)
      + tags                      = [
          + (known after apply),
      + target_group_arns         = (known after apply)
      + termination_policies      = []
      + vpc_zone_identifier       = (known after apply)
      + wait_for_capacity_timeout = "10m"

  # module.asg.module.server.aws_launch_configuration.cluster will be created
  + resource "aws_launch_configuration" "cluster" {
      + arn                         = (known after apply)
      + associate_public_ip_address = false
      + ebs_optimized               = (known after apply)
      + enable_monitoring           = true
      + iam_instance_profile        = (known after apply)
      + id                          = (known after apply)
      + image_id                    = "ami-045f38c93733dd48d"
      + instance_type               = "m5.xlarge"
      + key_name                    = "shida-tokyo"
      + name                        = (known after apply)
      + security_groups             = (known after apply)
      + user_data                   = (known after apply)

      + ebs_block_device {
          + delete_on_termination = (known after apply)
          + device_name           = (known after apply)
          + encrypted             = (known after apply)
          + iops                  = (known after apply)
          + no_device             = (known after apply)
          + snapshot_id           = (known after apply)
          + volume_size           = (known after apply)
          + volume_type           = (known after apply)

      + root_block_device {
          + delete_on_termination = true
          + encrypted             = false
          + iops                  = (known after apply)
          + volume_size           = 8
          + volume_type           = "gp2"

  # will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "attach_ebs_policy_doc"  {
      + id   = (known after apply)
      + json = (known after apply)

      + statement {
          + actions   = [
              + "ec2:AttachVolume",
              + "ec2:DetachVolume",
          + effect    = "Allow"
          + resources = [
              + "arn:aws:ec2:ap-northeast-1:793514493597:instance/*",
              + (known after apply),

  # module.asg.module.service-data.aws_ebs_volume.main will be created
  + resource "aws_ebs_volume" "main" {
      + arn               = (known after apply)
      + availability_zone = (known after apply)
      + encrypted         = true
      + id                = (known after apply)
      + iops              = (known after apply)
      + kms_key_id        = (known after apply)
      + size              = 50
      + snapshot_id       = (known after apply)
      + tags              = (known after apply)
      + type              = "gp2"

  # module.asg.module.service-data.aws_iam_policy.attach_ebs will be created
  + resource "aws_iam_policy" "attach_ebs" {
      + arn    = (known after apply)
      + id     = (known after apply)
      + name   = (known after apply)
      + path   = "/"
      + policy = (known after apply)

  # module.asg.module.service-data.aws_iam_role_policy_attachment.attach_ebs will be created
  + resource "aws_iam_role_policy_attachment" "attach_ebs" {
      + id         = (known after apply)
      + policy_arn = (known after apply)
      + role       = (known after apply)

  #[0] will be read during apply
  # (config refers to values not yet known)
 <= data "aws_subnet" "public"  {
      + arn                             = (known after apply)
      + assign_ipv6_address_on_creation = (known after apply)
      + availability_zone               = (known after apply)
      + availability_zone_id            = (known after apply)
      + cidr_block                      = (known after apply)
      + default_for_az                  = (known after apply)
      + id                              = (known after apply)
      + ipv6_cidr_block                 = (known after apply)
      + ipv6_cidr_block_association_id  = (known after apply)
      + map_public_ip_on_launch         = (known after apply)
      + owner_id                        = (known after apply)
      + state                           = (known after apply)
      + tags                            = (known after apply)
      + vpc_id                          = (known after apply)

  #[1] will be read during apply
  # (config refers to values not yet known)
 <= data "aws_subnet" "public"  {
      + arn                             = (known after apply)
      + assign_ipv6_address_on_creation = (known after apply)
      + availability_zone               = (known after apply)
      + availability_zone_id            = (known after apply)
      + cidr_block                      = (known after apply)
      + default_for_az                  = (known after apply)
      + id                              = (known after apply)
      + ipv6_cidr_block                 = (known after apply)
      + ipv6_cidr_block_association_id  = (known after apply)
      + map_public_ip_on_launch         = (known after apply)
      + owner_id                        = (known after apply)
      + state                           = (known after apply)
      + tags                            = (known after apply)
      + vpc_id                          = (known after apply)

  # module.vpc.module.nat-gateway.aws_eip.nat[0] will be created
  + resource "aws_eip" "nat" {
      + allocation_id     = (known after apply)
      + association_id    = (known after apply)
      + domain            = (known after apply)
      + id                = (known after apply)
      + instance          = (known after apply)
      + network_interface = (known after apply)
      + private_dns       = (known after apply)
      + private_ip        = (known after apply)
      + public_dns        = (known after apply)
      + public_ip         = (known after apply)
      + public_ipv4_pool  = (known after apply)
      + vpc               = true

  # module.vpc.module.nat-gateway.aws_eip.nat[1] will be created
  + resource "aws_eip" "nat" {
      + allocation_id     = (known after apply)
      + association_id    = (known after apply)
      + domain            = (known after apply)
      + id                = (known after apply)
      + instance          = (known after apply)
      + network_interface = (known after apply)
      + private_dns       = (known after apply)
      + private_ip        = (known after apply)
      + public_dns        = (known after apply)
      + public_ip         = (known after apply)
      + public_ipv4_pool  = (known after apply)
      + vpc               = true

  # module.vpc.module.nat-gateway.aws_nat_gateway.nat[0] will be created
  + resource "aws_nat_gateway" "nat" {
      + allocation_id        = (known after apply)
      + id                   = (known after apply)
      + network_interface_id = (known after apply)
      + private_ip           = (known after apply)
      + public_ip            = (known after apply)
      + subnet_id            = (known after apply)
      + tags                 = {
          + "Name" = "confluence-01"

  # module.vpc.module.nat-gateway.aws_nat_gateway.nat[1] will be created
  + resource "aws_nat_gateway" "nat" {
      + allocation_id        = (known after apply)
      + id                   = (known after apply)
      + network_interface_id = (known after apply)
      + private_ip           = (known after apply)
      + public_ip            = (known after apply)
      + subnet_id            = (known after apply)
      + tags                 = {
          + "Name" = "confluence-02"

  # module.vpc.module.nat-gateway.aws_route.private_nat_gateway[0] will be created
  + resource "aws_route" "private_nat_gateway" {
      + destination_cidr_block     = ""
      + destination_prefix_list_id = (known after apply)
      + egress_only_gateway_id     = (known after apply)
      + gateway_id                 = (known after apply)
      + id                         = (known after apply)
      + instance_id                = (known after apply)
      + instance_owner_id          = (known after apply)
      + nat_gateway_id             = (known after apply)
      + network_interface_id       = (known after apply)
      + origin                     = (known after apply)
      + route_table_id             = (known after apply)
      + state                      = (known after apply)

  # module.vpc.module.nat-gateway.aws_route.private_nat_gateway[1] will be created
  + resource "aws_route" "private_nat_gateway" {
      + destination_cidr_block     = ""
      + destination_prefix_list_id = (known after apply)
      + egress_only_gateway_id     = (known after apply)
      + gateway_id                 = (known after apply)
      + id                         = (known after apply)
      + instance_id                = (known after apply)
      + instance_owner_id          = (known after apply)
      + nat_gateway_id             = (known after apply)
      + network_interface_id       = (known after apply)
      + origin                     = (known after apply)
      + route_table_id             = (known after apply)
      + state                      = (known after apply)

  # module.vpc.module.nat-gateway.aws_route_table.private[0] will be created
  + resource "aws_route_table" "private" {
      + id               = (known after apply)
      + owner_id         = (known after apply)
      + propagating_vgws = (known after apply)
      + route            = (known after apply)
      + tags             = {
          + "Name" = "confluence-private-00"
      + vpc_id           = (known after apply)

  # module.vpc.module.nat-gateway.aws_route_table.private[1] will be created
  + resource "aws_route_table" "private" {
      + id               = (known after apply)
      + owner_id         = (known after apply)
      + propagating_vgws = (known after apply)
      + route            = (known after apply)
      + tags             = {
          + "Name" = "confluence-private-01"
      + vpc_id           = (known after apply)

  # module.vpc.module.nat-gateway.aws_route_table_association.private-rta[0] will be created
  + resource "aws_route_table_association" "private-rta" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)

  # module.vpc.module.nat-gateway.aws_route_table_association.private-rta[1] will be created
  + resource "aws_route_table_association" "private-rta" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)

  # module.vpc.module.private-subnets.aws_subnet.main[0] will be created
  + resource "aws_subnet" "main" {
      + arn                             = (known after apply)
      + assign_ipv6_address_on_creation = false
      + availability_zone               = "ap-northeast-1a"
      + availability_zone_id            = (known after apply)
      + cidr_block                      = ""
      + id                              = (known after apply)
      + ipv6_cidr_block                 = (known after apply)
      + ipv6_cidr_block_association_id  = (known after apply)
      + map_public_ip_on_launch         = false
      + owner_id                        = (known after apply)
      + tags                            = {
          + "Name" = "confluence-private-01-ap-northeast-1a"
      + vpc_id                          = (known after apply)

  # module.vpc.module.private-subnets.aws_subnet.main[1] will be created
  + resource "aws_subnet" "main" {
      + arn                             = (known after apply)
      + assign_ipv6_address_on_creation = false
      + availability_zone               = "ap-northeast-1c"
      + availability_zone_id            = (known after apply)
      + cidr_block                      = ""
      + id                              = (known after apply)
      + ipv6_cidr_block                 = (known after apply)
      + ipv6_cidr_block_association_id  = (known after apply)
      + map_public_ip_on_launch         = false
      + owner_id                        = (known after apply)
      + tags                            = {
          + "Name" = "confluence-private-02-ap-northeast-1c"
      + vpc_id                          = (known after apply)

  # module.vpc.module.public-gateway.aws_internet_gateway.public will be created
  + resource "aws_internet_gateway" "public" {
      + id       = (known after apply)
      + owner_id = (known after apply)
      + tags     = {
          + "Name" = "confluence-public"
      + vpc_id   = (known after apply)

  # module.vpc.module.public-gateway.aws_route.public will be created
  + resource "aws_route" "public" {
      + destination_cidr_block     = ""
      + destination_prefix_list_id = (known after apply)
      + egress_only_gateway_id     = (known after apply)
      + gateway_id                 = (known after apply)
      + id                         = (known after apply)
      + instance_id                = (known after apply)
      + instance_owner_id          = (known after apply)
      + nat_gateway_id             = (known after apply)
      + network_interface_id       = (known after apply)
      + origin                     = (known after apply)
      + route_table_id             = (known after apply)
      + state                      = (known after apply)

  # module.vpc.module.public-gateway.aws_route_table.public will be created
  + resource "aws_route_table" "public" {
      + id               = (known after apply)
      + owner_id         = (known after apply)
      + propagating_vgws = (known after apply)
      + route            = (known after apply)
      + tags             = {
          + "Name" = "confluence-public-public"
      + vpc_id           = (known after apply)

  # module.vpc.module.public-gateway.aws_route_table_association.public[0] will be created
  + resource "aws_route_table_association" "public" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)

  # module.vpc.module.public-gateway.aws_route_table_association.public[1] will be created
  + resource "aws_route_table_association" "public" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)

  # module.vpc.module.public-subnets.aws_subnet.main[0] will be created
  + resource "aws_subnet" "main" {
      + arn                             = (known after apply)
      + assign_ipv6_address_on_creation = false
      + availability_zone               = "ap-northeast-1a"
      + availability_zone_id            = (known after apply)
      + cidr_block                      = ""
      + id                              = (known after apply)
      + ipv6_cidr_block                 = (known after apply)
      + ipv6_cidr_block_association_id  = (known after apply)
      + map_public_ip_on_launch         = true
      + owner_id                        = (known after apply)
      + tags                            = {
          + "Name" = "confluence-public-01-ap-northeast-1a"
      + vpc_id                          = (known after apply)

  # module.vpc.module.public-subnets.aws_subnet.main[1] will be created
  + resource "aws_subnet" "main" {
      + arn                             = (known after apply)
      + assign_ipv6_address_on_creation = false
      + availability_zone               = "ap-northeast-1c"
      + availability_zone_id            = (known after apply)
      + cidr_block                      = ""
      + id                              = (known after apply)
      + ipv6_cidr_block                 = (known after apply)
      + ipv6_cidr_block_association_id  = (known after apply)
      + map_public_ip_on_launch         = true
      + owner_id                        = (known after apply)
      + tags                            = {
          + "Name" = "confluence-public-02-ap-northeast-1c"
      + vpc_id                          = (known after apply)

  # module.vpc.module.vpc.aws_vpc.main will be created
  + resource "aws_vpc" "main" {
      + arn                              = (known after apply)
      + assign_generated_ipv6_cidr_block = false
      + cidr_block                       = ""
      + default_network_acl_id           = (known after apply)
      + default_route_table_id           = (known after apply)
      + default_security_group_id        = (known after apply)
      + dhcp_options_id                  = (known after apply)
      + enable_classiclink               = (known after apply)
      + enable_classiclink_dns_support   = (known after apply)
      + enable_dns_hostnames             = true
      + enable_dns_support               = true
      + id                               = (known after apply)
      + instance_tenancy                 = "default"
      + ipv6_association_id              = (known after apply)
      + ipv6_cidr_block                  = (known after apply)
      + main_route_table_id              = (known after apply)
      + owner_id                         = (known after apply)
      + tags                             = {
          + "Name" = "confluence"

  # module.vpc.module.vpc.aws_vpc_dhcp_options.main will be created
  + resource "aws_vpc_dhcp_options" "main" {
      + domain_name         = "ap-northeast-1.compute.internal"
      + domain_name_servers = [
          + "AmazonProvidedDNS",
      + id                  = (known after apply)
      + ntp_servers         = []
      + owner_id            = (known after apply)
      + tags                = {
          + "Name" = "confluence"

  # module.vpc.module.vpc.aws_vpc_dhcp_options_association.main will be created
  + resource "aws_vpc_dhcp_options_association" "main" {
      + dhcp_options_id = (known after apply)
      + id              = (known after apply)
      + vpc_id          = (known after apply)

Plan: 67 to add, 0 to change, 0 to destroy.

Copy link
Contributor Author

WebUI seen.
Screenshot_2020-03-04 Get apps - Confluence

Copy link

@ketzacoatl ketzacoatl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.


Copy link

@ketzacoatl ketzacoatl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to get the dependent PRs merged and update the references in this PR.

@Magicloud Magicloud force-pushed the confluence branch 3 times, most recently from 25f16a7 to 03552c9 Compare March 6, 2020 02:59
Copy link

@Magicloud please review/update.

Copy link
Contributor Author

@ketzacoatl The module ref in this example are all fixed. The example itself is ready to merge.

The example runs Confluence Docker image in a single node ASG, with a RDS, and two ALBs (internal and external). The ALBs have domain names set, and TLS cert (from ACM).
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
None yet
None yet

Successfully merging this pull request may close these issues.

3 participants