feat: add terraform

Author: risv1

.gitignore

@@ -92,3 +92,6 @@ yarn-error.log*
 *.tsbuildinfo
 next-env.d.ts
 
+# terraform
+.terraform
+.terraform.lock.hcl

infra/main.tf

@@ -0,0 +1,5 @@
+aws_access_key =
+aws_secret_key =
+aws_session_token =
+db_username =
+db_password =

terraform/credentials.tfvars.example

@@ -0,0 +1,63 @@
+provider "aws" {
+  region     = var.aws_region
+  access_key = var.aws_access_key
+  secret_key = var.aws_secret_key
+  token = var.aws_session_token
+}
+
+module "security_group" {
+  source        = "./modules/security_group"
+  sg_name       = "marai-database-sg"
+  sg_description = "Security group for RDS and ElastiCache"
+  vpc_id        = var.vpc_id
+  
+  ingress_rules = [
+    {
+      from_port   = 5432
+      to_port     = 5432
+      protocol    = "tcp"
+      cidr_blocks = var.allowed_cidr_blocks
+      description = "Allow PostgreSQL access"
+    },
+    {
+      from_port   = 6379
+      to_port     = 6379
+      protocol    = "tcp"
+      cidr_blocks = var.allowed_cidr_blocks
+      description = "Allow Redis access"
+    }
+  ]
+}
+
+module "ec2" {
+  source        = "./modules/ec2"
+  aws_region    = var.aws_region
+  ami           = var.ami
+  instance_type = var.instance_type
+  subnet_id     = var.subnet_id
+  key_name      = var.key_name
+  security_group_ids = [module.security_group.sg_id]
+}
+
+module "s3" {
+  source            = "./modules/s3"
+  bucket_name       = var.s3_bucket_name
+  environment       = var.environment
+  enable_versioning = var.enable_versioning
+}
+
+module "rds" {
+  source               = "./modules/rds"
+  db_identifier        = var.db_identifier
+  db_engine            = var.db_engine
+  db_engine_version    = var.db_engine_version
+  db_instance_class    = var.db_instance_class
+  db_allocated_storage = var.db_allocated_storage
+  db_username          = var.db_username
+  db_password          = var.db_password
+  parameter_group_name = "default.${var.db_engine}${var.db_engine_version}"
+  subnet_group_name    = var.db_subnet_group_name
+  subnet_ids           = var.rds_subnet_ids
+  security_group_ids   = [module.security_group.sg_id]
+  multi_az             = var.db_multi_az
+}

terraform/main.tf

@@ -0,0 +1,17 @@
+resource "aws_instance" "this" {
+  ami           = var.ami
+  instance_type = var.instance_type
+  subnet_id     = var.subnet_id
+  key_name      = var.key_name
+  vpc_security_group_ids = var.security_group_ids
+
+  root_block_device {
+    volume_type = "gp3"
+    volume_size = 30
+    encrypted   = true
+  }
+
+  tags = {
+    Name = "marai-instance"
+  }
+}

terraform/modules/ec2/main.tf

@@ -0,0 +1,11 @@
+output "id" {
+  value = aws_instance.this.id
+}
+
+output "public_ip" {
+  value = aws_instance.this.public_ip
+}
+
+output "private_ip" {
+  value = aws_instance.this.private_ip
+}

terraform/modules/ec2/outputs.tf

@@ -0,0 +1,30 @@
+variable "aws_region" {
+  description = "AWS region"
+  type        = string
+}
+
+variable "ami" {
+  description = "AMI ID for the EC2 instance"
+  type        = string
+}
+
+variable "instance_type" {
+  description = "EC2 instance type"
+  type        = string
+}
+
+variable "subnet_id" {
+  description = "Subnet ID for EC2 instance"
+  type        = string
+}
+
+variable "key_name" {
+  description = "SSH key name"
+  type        = string
+}
+
+variable "security_group_ids" {
+  description = "Security group IDs for EC2 instance"
+  type        = list(string)
+  default     = []
+}

terraform/modules/ec2/variables.tf

@@ -0,0 +1,30 @@
+resource "aws_db_subnet_group" "this" {
+  name       = var.subnet_group_name
+  subnet_ids = var.subnet_ids
+
+  tags = {
+    Name = var.subnet_group_name
+  }
+}
+
+resource "aws_db_instance" "this" {
+  identifier              = var.db_identifier
+  engine                  = var.db_engine
+  engine_version          = var.db_engine_version
+  instance_class          = var.db_instance_class
+  allocated_storage       = var.db_allocated_storage
+  storage_type            = "gp2"
+  storage_encrypted       = true
+  username                = var.db_username
+  password                = var.db_password
+  parameter_group_name    = var.parameter_group_name
+  db_subnet_group_name    = aws_db_subnet_group.this.name
+  vpc_security_group_ids  = var.security_group_ids
+  multi_az                = var.multi_az
+  backup_retention_period = 7
+  skip_final_snapshot     = true
+  
+  tags = {
+    Name = var.db_identifier
+  }
+}

terraform/modules/rds/main.tf

@@ -0,0 +1,11 @@
+output "endpoint" {
+  value = aws_db_instance.this.endpoint
+}
+
+output "address" {
+  value = aws_db_instance.this.address
+}
+
+output "port" {
+  value = aws_db_instance.this.port
+}

terraform/modules/rds/outputs.tf

@@ -0,0 +1,62 @@
+variable "db_identifier" {
+  description = "RDS instance identifier"
+  type        = string
+}
+
+variable "db_engine" {
+  description = "RDS database engine"
+  type        = string
+}
+
+variable "db_engine_version" {
+  description = "RDS database engine version"
+  type        = string
+}
+
+variable "db_instance_class" {
+  description = "RDS instance class"
+  type        = string
+}
+
+variable "db_allocated_storage" {
+  description = "RDS allocated storage in GB"
+  type        = number
+}
+
+variable "db_username" {
+  description = "RDS master username"
+  type        = string
+  sensitive   = true
+}
+
+variable "db_password" {
+  description = "RDS master password"
+  type        = string
+  sensitive   = true
+}
+
+variable "parameter_group_name" {
+  description = "RDS parameter group name"
+  type        = string
+}
+
+variable "subnet_group_name" {
+  description = "RDS subnet group name"
+  type        = string
+}
+
+variable "subnet_ids" {
+  description = "Subnet IDs for RDS"
+  type        = list(string)
+}
+
+variable "security_group_ids" {
+  description = "Security group IDs for RDS"
+  type        = list(string)
+}
+
+variable "multi_az" {
+  description = "Enable multi-AZ deployment"
+  type        = bool
+  default     = false
+}