diff --git a/terragrunt/accounts/docs-rs-staging/docs-rs/terragrunt.hcl b/terragrunt/accounts/docs-rs-staging/docs-rs/terragrunt.hcl index f35a8b951..139ee948b 100644 --- a/terragrunt/accounts/docs-rs-staging/docs-rs/terragrunt.hcl +++ b/terragrunt/accounts/docs-rs-staging/docs-rs/terragrunt.hcl @@ -25,4 +25,6 @@ inputs = { private_subnet_ids = dependency.vpc.outputs.private_subnets domain = "docs-rs-staging.rust-lang.net" bastion_security_group_id = dependency.vpc.outputs.bastion_security_group_id + min_num_builder_instances = 1 + max_num_builder_instances = 1 } diff --git a/terragrunt/modules/docs-rs/builder.tf b/terragrunt/modules/docs-rs/builder.tf index c32942b60..4a4f1ad50 100644 --- a/terragrunt/modules/docs-rs/builder.tf +++ b/terragrunt/modules/docs-rs/builder.tf @@ -1,5 +1,57 @@ -// The instance profile the builder will assume when communicating with -// other AWS services. +// The autoscaling group for the builder + +resource "aws_autoscaling_group" "builder" { + name = "docs-rs-builder" + vpc_zone_identifier = var.cluster_config.subnet_ids + max_size = var.max_num_builder_instances + min_size = var.min_num_builder_instances + # Let the instances get warm + default_instance_warmup = 60 + + launch_template { + id = aws_launch_template.builder.id + version = "$Latest" + } +} + +resource "aws_launch_template" "builder" { + name_prefix = "builder" + image_id = data.aws_ami.builder.id + instance_type = "t2.large" + + network_interfaces { + associate_public_ip_address = true + security_groups = [aws_security_group.builder.id] + } + + iam_instance_profile { + arn = aws_iam_instance_profile.builder.arn + } + + block_device_mappings { + device_name = "/dev/sda1" + + ebs { + volume_size = 64 + delete_on_termination = true + } + } + + tag_specifications { + resource_type = "instance" + + tags = { + Name = "docs-rs-builder" + } + } +} + +data "aws_ami" "builder" { + most_recent = true + name_regex = "^docs-rs-builder-*" +} + +// The instance profile the builder will assume when communicating with s3 resource "aws_iam_instance_profile" "builder" { name = "builder" @@ -47,3 +99,41 @@ resource "aws_iam_role_policy" "builder_s3" { ] }) } + +// Security group allowing all egress and ssh ingress from the bastion instance +resource "aws_security_group" "builder" { + vpc_id = var.cluster_config.vpc_id + name = "docs-rs-builder" + description = "Access rules for the docs-rs builder." + + // SSH access from the bastion instance + ingress { + from_port = 22 + to_port = 22 + protocol = "tcp" + description = "SSH access from bastion" + security_groups = [aws_security_group.web.id] + } + + // Allow outgoing connections + + egress { + from_port = 0 + to_port = 0 + protocol = -1 + cidr_blocks = ["0.0.0.0/0"] + description = "Allow all IPv4 egress traffic." + } + + egress { + from_port = 0 + to_port = 0 + protocol = -1 + ipv6_cidr_blocks = ["::/0"] + description = "Allow all IPv6 egress traffic." + } + + tags = { + Name = "docs-rs-builder" + } +} diff --git a/terragrunt/modules/docs-rs/variables.tf b/terragrunt/modules/docs-rs/variables.tf index 65714ebd5..3c17a208d 100644 --- a/terragrunt/modules/docs-rs/variables.tf +++ b/terragrunt/modules/docs-rs/variables.tf @@ -29,3 +29,13 @@ variable "cluster_config" { }) description = "The configuration for the cluster this is running in" } + +variable "min_num_builder_instances" { + type = number + description = "The minimum number of builder instances there should be" +} + +variable "max_num_builder_instances" { + type = number + description = "The maximum number of builder instances there should be" +}