Add complete SACC v4 infrastructure project

- Terraform modules: VPC, EC2, RDS, S3, CloudFront, Route53, Lambda, IAM, Security Groups - Ansible playbooks for server configuration - Scripts: create-test-environment.sh, destroy-test-environment.sh, validate-environment.sh - Documentation: README, QUICKSTART, AGENTS - Jenkins pipeline for automated deployment - Jenkins pipeline for environment destruction
2026-06-03 04:39:01 +00:00
commit 71be2abd2e
27 changed files with 6424 additions and 0 deletions
@@ -0,0 +1,339 @@
+# =============================================================================
+# SACC v4 - Entorno TEST en Cuenta 668889063715
+# =============================================================================
+# DUPLICA la infraestructura de produccion usando los modulos PRODUCCION
+# probados de terraform-sacc4/
+#
+# IMPORTANTE: Este archivo usa los modulos de produccion para garantizar
+# que el entorno de test sea IDENTICO al de produccion.
+#
+# Uso:
+#   1. cp terraform.tfvars.example terraform.tfvars
+#   2. Editar terraform.tfvars con valores reales
+#   3. terraform init
+#   4. terraform plan
+#   5. terraform apply
+# =============================================================================
+
+terraform {
+  required_version = ">= 1.5.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.0"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = "~> 3.0"
+    }
+  }
+
+  # Backend S3 para estado (bucket creado por bootstrap)
+  backend "s3" {
+    bucket         = "sacc4-terraform-state-test-668889063715"
+    key            = "sacc4-test/infrastructure/terraform.tfstate"
+    region         = "mx-central-1"
+    encrypt        = true
+    dynamodb_table = "sacc4-terraform-locks-test-668889063715"
+  }
+}
+
+# Provider AWS - Región Mexico (mx-central-1)
+provider "aws" {
+  region = var.aws_region
+
+  default_tags {
+    tags = {
+      Project     = "sacc4"
+      Environment = "test"
+      ManagedBy   = "terraform"
+      Owner       = "infra-team"
+      AccountId   = "668889063715"
+      CostCenter  = "test-environment"
+    }
+  }
+}
+
+# Provider AWS para ACM (us-east-1 requerido por CloudFront)
+provider "aws" {
+  alias  = "us_east_1"
+  region = "us-east-1"
+
+  default_tags {
+    tags = {
+      Project     = "sacc4"
+      Environment = "test"
+      ManagedBy   = "terraform"
+    }
+  }
+}
+
+# =============================================================================
+# DATOS
+# =============================================================================
+
+data "aws_caller_identity" "current" {}
+data "aws_region" "current" {}
+
+# =============================================================================
+# LOCALES
+# =============================================================================
+
+locals {
+  name_prefix = "${var.project_name}-test"
+  common_tags = {
+    Project   = var.project_name
+    Environment = "test"
+    ManagedBy = "terraform"
+  }
+}
+
+# =============================================================================
+# MODULOS DE INFRAESTRUCTURA (usando modulos de produccion)
+# =============================================================================
+
+module "vpc" {
+  source = "../../../../terraform-sacc4/modules/vpc"
+
+  name_prefix          = local.name_prefix
+  vpc_cidr             = var.vpc_cidr
+  availability_zones   = var.availability_zones
+  public_subnet_cidrs  = var.public_subnet_cidrs
+  private_subnet_cidrs = var.private_subnet_cidrs
+  tags                 = local.common_tags
+}
+
+module "security_groups" {
+  source = "../../../../terraform-sacc4/modules/security-groups"
+
+  name_prefix       = local.name_prefix
+  vpc_id            = module.vpc.vpc_id
+  vpc_cidr          = module.vpc.vpc_cidr
+  ssh_allowed_cidrs = var.ssh_allowed_cidrs
+  tags              = local.common_tags
+}
+
+module "iam" {
+  source = "../../../../terraform-sacc4/modules/iam"
+
+  name_prefix = local.name_prefix
+  tags        = local.common_tags
+}
+
+module "ec2" {
+  source = "../../../../terraform-sacc4/modules/ec2"
+
+  name_prefix           = local.name_prefix
+  instance_type         = var.ec2_instance_type
+  ami                   = var.ec2_ami
+  subnet_id             = module.vpc.public_subnet_ids[0]
+  security_group_ids    = [module.security_groups.ec2_security_group_id]
+  root_volume_size      = var.ec2_root_volume_size
+  root_volume_type      = var.ec2_root_volume_type
+  root_volume_encrypted = var.ec2_root_volume_encrypted
+  thoth_public_key      = var.thoth_public_key
+  osiris_public_key     = var.osiris_public_key
+  rds_endpoint          = module.rds.rds_endpoint
+  rds_db_name           = var.rds_db_name
+  rds_app_username      = "sacc_app_user"
+  rds_app_password      = var.rds_master_password
+  tags                  = local.common_tags
+}
+
+module "rds" {
+  source = "../../../../terraform-sacc4/modules/rds"
+
+  name_prefix             = local.name_prefix
+  instance_class          = var.rds_instance_class
+  engine                  = var.rds_engine
+  engine_version          = var.rds_engine_version
+  allocated_storage       = var.rds_allocated_storage
+  max_allocated_storage   = var.rds_max_allocated_storage
+  db_name                 = var.rds_db_name
+  master_username         = var.rds_master_username
+  master_password         = var.rds_master_password
+  backup_retention_period = var.rds_backup_retention_period
+  backup_window           = var.rds_backup_window
+  maintenance_window      = var.rds_maintenance_window
+  subnet_ids              = module.vpc.private_subnet_ids
+  security_group_ids      = [module.security_groups.rds_security_group_id]
+  enable_replica          = false
+  tags                    = local.common_tags
+}
+
+module "lambda_scheduler" {
+  source = "../../../../terraform-sacc4/modules/lambda-scheduler"
+  count  = var.enable_scheduling ? 1 : 0
+
+  name_prefix         = local.name_prefix
+  ec2_instance_id     = module.ec2.instance_id
+  rds_instance_id     = module.rds.db_instance_identifier
+  schedule_timezone   = var.schedule_timezone
+  schedule_start_cron = var.schedule_start_cron
+  schedule_stop_cron  = var.schedule_stop_cron
+  lambda_role_arn     = module.iam.lambda_scheduler_role_arn
+  scheduler_role_arn  = module.iam.eventbridge_scheduler_role_arn
+  tags                = local.common_tags
+}
+
+module "s3_cloudfront" {
+  source = "../../../../terraform-sacc4/modules/s3-cloudfront"
+
+  name_prefix            = local.name_prefix
+  bucket_name            = var.frontend_bucket_name
+  cloudfront_price_class = var.cloudfront_price_class
+  enable_logging         = var.enable_cloudfront_logging
+  domain_name            = var.domain_name
+  tags                   = local.common_tags
+}
+
+module "route53" {
+  source = "../../../../terraform-sacc4/modules/route53"
+
+  name_prefix        = local.name_prefix
+  domain_name        = var.domain_name
+  api_subdomain      = var.api_subdomain
+  api_public_ip      = module.ec2.public_ip
+  cloudfront_domain  = module.s3_cloudfront.cloudfront_domain_name
+  cloudfront_zone_id = module.s3_cloudfront.cloudfront_hosted_zone_id
+  tags               = local.common_tags
+}
+
+# =============================================================================
+# OUTPUTS
+# =============================================================================
+
+output "vpc_id" {
+  description = "ID de la VPC creada"
+  value       = module.vpc.vpc_id
+}
+
+output "public_subnet_ids" {
+  description = "IDs de subnets publicas"
+  value       = module.vpc.public_subnet_ids
+}
+
+output "private_subnet_ids" {
+  description = "IDs de subnets privadas"
+  value       = module.vpc.private_subnet_ids
+}
+
+output "ec2_instance_id" {
+  description = "ID de la instancia EC2"
+  value       = module.ec2.instance_id
+}
+
+output "ec2_public_ip" {
+  description = "IP publica de la instancia EC2"
+  value       = module.ec2.public_ip
+}
+
+output "ec2_private_ip" {
+  description = "IP privada de la instancia EC2"
+  value       = module.ec2.private_ip
+}
+
+output "rds_endpoint" {
+  description = "Endpoint de la base de datos RDS"
+  value       = module.rds.rds_endpoint
+  sensitive   = true
+}
+
+output "rds_port" {
+  description = "Puerto de la base de datos RDS"
+  value       = module.rds.rds_port
+}
+
+output "rds_db_name" {
+  description = "Nombre de la base de datos"
+  value       = module.rds.db_name
+}
+
+output "frontend_bucket_name" {
+  description = "Nombre del bucket S3 del frontend"
+  value       = module.s3_cloudfront.bucket_name
+}
+
+output "cloudfront_domain_name" {
+  description = "Dominio de CloudFront"
+  value       = module.s3_cloudfront.cloudfront_domain_name
+}
+
+output "cloudfront_distribution_id" {
+  description = "ID de la distribucion CloudFront"
+  value       = module.s3_cloudfront.distribution_id
+}
+
+output "api_gateway_url" {
+  description = "URL del API Gateway"
+  value       = "https://${var.api_subdomain}"
+}
+
+output "frontend_url" {
+  description = "URL del frontend"
+  value       = "https://${var.domain_name}"
+}
+
+output "lambda_start_function_name" {
+  description = "Nombre de la funcion Lambda de inicio"
+  value       = var.enable_scheduling ? module.lambda_scheduler[0].start_function_name : null
+}
+
+output "lambda_stop_function_name" {
+  description = "Nombre de la funcion Lambda de apagado"
+  value       = var.enable_scheduling ? module.lambda_scheduler[0].stop_function_name : null
+}
+
+output "route53_api_record" {
+  description = "Nombre del registro DNS para API"
+  value       = module.route53.api_record_name
+}
+
+output "route53_frontend_record" {
+  description = "Nombre del registro DNS para frontend"
+  value       = module.route53.frontend_record_name
+}
+
+output "route53_zone_id" {
+  description = "ID de la zona Route53"
+  value       = module.route53.hosted_zone_id
+}
+
+output "ansible_inventory" {
+  description = "Inventario Ansible generado dinamicamente"
+  value       = <<-EOT
+[sacc4-test]
+${module.ec2.public_ip} ansible_user=ubuntu ansible_ssh_private_key_file=~/.ssh/sacc4-test-key.pem
+
+[sacc4-test:vars]
+ansible_python_interpreter=/usr/bin/python3
+environment=test
+db_endpoint=${module.rds.rds_endpoint}
+s3_bucket=${module.s3_cloudfront.bucket_name}
+cloudfront_domain=${module.s3_cloudfront.cloudfront_domain_name}
+EOT
+  sensitive   = false
+}
+
+output "deployment_commands" {
+  description = "Comandos para desplegar la aplicacion"
+  value       = <<-EOT
+# =============================================================================
+# COMANDOS POST-DESPLIEGUE - SACC v4 TEST
+# =============================================================================
+# Conectar a la instancia
+ssh -i ~/.ssh/sacc4-test-key.pem ubuntu@${module.ec2.public_ip}
+
+# Verificar servicios
+ssh -i ~/.ssh/sacc4-test-key.pem ubuntu@${module.ec2.public_ip} "sudo systemctl status nginx"
+ssh -i ~/.ssh/sacc4-test-key.pem ubuntu@${module.ec2.public_ip} "sudo systemctl status api-sacc4-*"
+
+# Verificar health checks
+ssh -i ~/.ssh/sacc4-test-key.pem ubuntu@${module.ec2.public_ip} "curl -s http://localhost:8080/actuator/health"
+ssh -i ~/.ssh/sacc4-test-key.pem ubuntu@${module.ec2.public_ip} "curl -s http://localhost:8081/actuator/health"
+
+# Base de datos
+mysql -h ${module.rds.rds_endpoint} -u sacc_app_user -p -e "SELECT 1;"
+EOT
+}
@@ -0,0 +1,98 @@
+# =============================================================================
+# VARIABLES DE ENTORNO TEST - SACC v4
+# Cuenta AWS: 668889063715
+# =============================================================================
+
+# =============================================================================
+# GENERALES
+# =============================================================================
+
+aws_region   = "mx-central-1"
+environment  = "test"
+project_name = "sacc4"
+
+# =============================================================================
+# DOMINIO Y DNS
+# =============================================================================
+
+# Dominio principal para el entorno de test
+# NOTA: Asegurate de que este dominio exista en Route53 de la cuenta 668889063715
+domain_name   = "test-sacc.ccsoft.mx"
+api_subdomain = "api.test-sacc.ccsoft.mx"
+
+# =============================================================================
+# NETWORKING
+# =============================================================================
+
+# CIDR que NO choque con produccion (10.2.0.0/16) ni otros entornos
+vpc_cidr             = "10.3.0.0/16"
+availability_zones   = ["mx-central-1a", "mx-central-1b"]
+public_subnet_cidrs  = ["10.3.1.0/24", "10.3.2.0/24"]
+private_subnet_cidrs = ["10.3.10.0/24", "10.3.11.0/24"]
+
+# =============================================================================
+# EC2 CONFIGURATION
+# =============================================================================
+
+ec2_instance_type         = "t3.small"
+ec2_ami                   = "ami-0f553e2869648134e"
+ec2_root_volume_size      = 8
+ec2_root_volume_type      = "gp2"
+ec2_root_volume_encrypted = true
+
+# SSH - RESTRINGIR a tu IP publica o rangos de oficina/VPN
+# Ejemplo: ["203.0.113.0/24"] para oficina, ["10.8.0.0/24"] para VPN
+# WARNING: [] vacio usa solo VPC CIDR (mas seguro)
+ssh_allowed_cidrs = []
+
+# Llaves SSH publicas para acceso
+# Generar par de llaves: ssh-keygen -t ed25519 -f sacc4-test-key -C "sacc4-test"
+thoth_public_key  = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII/RcJmEYOBpfq1tSLltV1pyNB55l1jA2zYr5ZNJ0f41 thoth@ccsoft"
+osiris_public_key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFo6CycfgIuCCSVZbhuPwqlAVDxY8YWb1xpvpqxSzMjR osiris@ccsoft"
+
+# =============================================================================
+# RDS CONFIGURATION
+# =============================================================================
+
+rds_instance_class        = "db.t3.micro"
+rds_engine                = "mariadb"
+rds_engine_version        = "10.11.16"
+rds_allocated_storage     = 20
+rds_max_allocated_storage = 100
+rds_db_name               = "ccsoft_sacc4_test"
+rds_master_username       = "sacc_admin_test"
+rds_master_password       = "CambiarEstaPassword123!Segura"
+
+rds_backup_retention_period = 7
+rds_backup_window           = "03:00-04:00"
+rds_maintenance_window      = "Mon:04:00-Mon:05:00"
+
+# =============================================================================
+# SCHEDULING (apagado automatico para ahorrar costos en test)
+# =============================================================================
+
+enable_scheduling   = true
+schedule_timezone   = "America/Mexico_City"
+schedule_start_cron = "cron(0 13 ? * MON-FRI *)"
+schedule_stop_cron  = "cron(0 0 ? * TUE-SAT *)"
+
+# =============================================================================
+# FRONTEND (S3 + CloudFront)
+# =============================================================================
+
+# Nombre unico global del bucket S3
+frontend_bucket_name = "sacc4-frontend-test-668889063715"
+
+cloudfront_price_class    = "PriceClass_100"
+enable_cloudfront_logging = false
+
+# =============================================================================
+# TAGS COMUNES
+# =============================================================================
+
+common_tags = {
+  Project   = "proyectosacc"
+  ManagedBy = "terraform"
+  Team      = "infra"
+  Purpose   = "test-environment"
+}
@@ -0,0 +1,222 @@
+# =============================================================================
+# VARIABLES - Entorno TEST SACC v4
+# =============================================================================
+
+variable "aws_region" {
+  description = "Region AWS para despliegue"
+  type        = string
+  default     = "mx-central-1"
+}
+
+variable "environment" {
+  description = "Ambiente (test)"
+  type        = string
+  default     = "test"
+}
+
+variable "project_name" {
+  description = "Nombre del proyecto"
+  type        = string
+  default     = "sacc4"
+}
+
+variable "domain_name" {
+  description = "Dominio principal"
+  type        = string
+  default     = "test-sacc.ccsoft.mx"
+}
+
+variable "api_subdomain" {
+  description = "Subdominio para API"
+  type        = string
+  default     = "api.test-sacc.ccsoft.mx"
+}
+
+variable "vpc_cidr" {
+  description = "CIDR block para VPC"
+  type        = string
+  default     = "10.3.0.0/16"
+}
+
+variable "availability_zones" {
+  description = "Zonas de disponibilidad"
+  type        = list(string)
+  default     = ["mx-central-1a", "mx-central-1b"]
+}
+
+variable "public_subnet_cidrs" {
+  description = "CIDRs para subnets publicas"
+  type        = list(string)
+  default     = ["10.3.1.0/24", "10.3.2.0/24"]
+}
+
+variable "private_subnet_cidrs" {
+  description = "CIDRs para subnets privadas"
+  type        = list(string)
+  default     = ["10.3.10.0/24", "10.3.11.0/24"]
+}
+
+variable "ec2_instance_type" {
+  description = "Tipo de instancia EC2"
+  type        = string
+  default     = "t3.small"
+}
+
+variable "ec2_ami" {
+  description = "AMI ID de Ubuntu 22.04 LTS en mx-central-1"
+  type        = string
+  default     = "ami-0f553e2869648134e"
+}
+
+variable "ec2_root_volume_size" {
+  description = "Tamanio del volumen root en GB"
+  type        = number
+  default     = 8
+}
+
+variable "ec2_root_volume_type" {
+  description = "Tipo de volumen root"
+  type        = string
+  default     = "gp2"
+}
+
+variable "ec2_root_volume_encrypted" {
+  description = "Volumen encriptado"
+  type        = bool
+  default     = true
+}
+
+variable "ssh_allowed_cidrs" {
+  description = "Lista de CIDRs permitidos para SSH"
+  type        = list(string)
+  default     = []
+}
+
+variable "rds_instance_class" {
+  description = "Clase de instancia RDS"
+  type        = string
+  default     = "db.t3.micro"
+}
+
+variable "rds_engine" {
+  description = "Motor de base de datos"
+  type        = string
+  default     = "mariadb"
+}
+
+variable "rds_engine_version" {
+  description = "Version del motor"
+  type        = string
+  default     = "10.11.16"
+}
+
+variable "rds_allocated_storage" {
+  description = "Almacenamiento asignado en GB"
+  type        = number
+  default     = 20
+}
+
+variable "rds_max_allocated_storage" {
+  description = "Almacenamiento maximo para autoscaling"
+  type        = number
+  default     = 100
+}
+
+variable "rds_db_name" {
+  description = "Nombre de la base de datos"
+  type        = string
+  default     = "ccsoft_sacc4_test"
+}
+
+variable "rds_master_username" {
+  description = "Usuario master de RDS"
+  type        = string
+  default     = "sacc_admin_test"
+  sensitive   = true
+}
+
+variable "rds_master_password" {
+  description = "Contrasena master de RDS"
+  type        = string
+  sensitive   = true
+}
+
+variable "rds_backup_retention_period" {
+  description = "Periodo de retencion de backups en dias"
+  type        = number
+  default     = 7
+}
+
+variable "rds_backup_window" {
+  description = "Ventana de backup"
+  type        = string
+  default     = "03:00-04:00"
+}
+
+variable "rds_maintenance_window" {
+  description = "Ventana de mantenimiento"
+  type        = string
+  default     = "Mon:04:00-Mon:05:00"
+}
+
+variable "enable_scheduling" {
+  description = "Habilitar scheduling horario"
+  type        = bool
+  default     = true
+}
+
+variable "schedule_timezone" {
+  description = "Zona horaria"
+  type        = string
+  default     = "America/Mexico_City"
+}
+
+variable "schedule_start_cron" {
+  description = "Expresion cron para inicio"
+  type        = string
+  default     = "cron(0 13 ? * MON-FRI *)"
+}
+
+variable "schedule_stop_cron" {
+  description = "Expresion cron para apagado"
+  type        = string
+  default     = "cron(0 0 ? * TUE-SAT *)"
+}
+
+variable "frontend_bucket_name" {
+  description = "Nombre del bucket S3"
+  type        = string
+  default     = "sacc4-frontend-test-668889063715"
+}
+
+variable "cloudfront_price_class" {
+  description = "Clase de precio de CloudFront"
+  type        = string
+  default     = "PriceClass_100"
+}
+
+variable "enable_cloudfront_logging" {
+  description = "Habilitar logging de CloudFront"
+  type        = bool
+  default     = false
+}
+
+variable "thoth_public_key" {
+  description = "Llave publica SSH para thoth"
+  type        = string
+}
+
+variable "osiris_public_key" {
+  description = "Llave publica SSH para osiris"
+  type        = string
+}
+
+variable "common_tags" {
+  description = "Tags comunes"
+  type        = map(string)
+  default = {
+    Project   = "proyectosacc"
+    ManagedBy = "terraform"
+    Team      = "infra"
+  }
+}