Add complete SACC v4 infrastructure project

- Terraform modules: VPC, EC2, RDS, S3, CloudFront, Route53, Lambda, IAM, Security Groups - Ansible playbooks for server configuration - Scripts: create-test-environment.sh, destroy-test-environment.sh, validate-environment.sh - Documentation: README, QUICKSTART, AGENTS - Jenkins pipeline for automated deployment - Jenkins pipeline for environment destruction
2026-06-03 04:39:01 +00:00
commit 71be2abd2e
27 changed files with 6424 additions and 0 deletions
@@ -0,0 +1,42 @@
+variable "ami_id" {}
+variable "instance_type" { default = "t3.small" }
+variable "subnet_id" {}
+variable "security_group_ids" { type = list(string) }
+variable "key_name" {}
+variable "environment" {}
+variable "associate_public_ip" { default = true }
+variable "user_data" { default = "" }
+variable "iam_instance_profile" { default = "" }
+
+resource "aws_instance" "main" {
+  ami                    = var.ami_id
+  instance_type          = var.instance_type
+  subnet_id              = var.subnet_id
+  vpc_security_group_ids = var.security_group_ids
+  key_name               = var.key_name
+  associate_public_ip_address = var.associate_public_ip
+  user_data              = var.user_data
+  iam_instance_profile   = var.iam_instance_profile
+  
+  root_block_device {
+    volume_size           = 8
+    volume_type           = "gp2"
+    encrypted             = true
+    delete_on_termination = true
+  }
+  
+  tags = {
+    Name        = "sacc4-ec2-${var.environment}"
+    Environment = var.environment
+  }
+}
+
+resource "aws_eip" "main" {
+  instance = aws_instance.main.id
+  domain   = "vpc"
+  tags     = { Name = "sacc4-eip-${var.environment}" }
+}
+
+output "instance_id" { value = aws_instance.main.id }
+output "public_ip" { value = aws_eip.main.public_ip }
+output "private_ip" { value = aws_instance.main.private_ip }
@@ -0,0 +1,54 @@
+variable "environment" {}
+variable "account_id" {}
+
+resource "aws_iam_role" "ec2_role" {
+  name = "sacc4-ec2-role-${var.environment}"
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [{
+      Action = "sts:AssumeRole"
+      Effect = "Allow"
+      Principal = { Service = "ec2.amazonaws.com" }
+    }]
+  })
+}
+
+resource "aws_iam_role_policy" "ec2_policy" {
+  name = "sacc4-ec2-policy-${var.environment}"
+  role = aws_iam_role.ec2_role.id
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Effect = "Allow"
+        Action = [
+          "s3:GetObject",
+          "s3:PutObject",
+          "s3:ListBucket"
+        ]
+        Resource = [
+          "arn:aws:s3:::sacc4-*",
+          "arn:aws:s3:::sacc4-*/*"
+        ]
+      },
+      {
+        Effect = "Allow"
+        Action = [
+          "logs:CreateLogGroup",
+          "logs:CreateLogStream",
+          "logs:PutLogEvents"
+        ]
+        Resource = "arn:aws:logs:*:*:log-group:/sacc4/*"
+      }
+    ]
+  })
+}
+
+resource "aws_iam_instance_profile" "ec2_profile" {
+  name = "sacc4-ec2-profile-${var.environment}"
+  role = aws_iam_role.ec2_role.name
+}
+
+output "ec2_instance_profile_name" {
+  value = aws_iam_instance_profile.ec2_profile.name
+}
@@ -0,0 +1,48 @@
+variable "subnet_ids" { type = list(string) }
+variable "security_group_id" {}
+variable "db_name" {}
+variable "db_username" {}
+variable "db_password" { sensitive = true }
+variable "instance_class" { default = "db.t3.micro" }
+variable "allocated_storage" { default = 20 }
+variable "environment" {}
+
+resource "aws_db_subnet_group" "main" {
+  name       = "sacc4-rds-subnet-${var.environment}"
+  subnet_ids = var.subnet_ids
+  tags       = { Name = "sacc4-rds-subnet-${var.environment}" }
+}
+
+resource "aws_db_instance" "main" {
+  identifier           = "sacc4-${var.environment}"
+  engine               = "mariadb"
+  engine_version       = "10.11.16"
+  instance_class       = var.instance_class
+  allocated_storage    = var.allocated_storage
+  storage_type         = "gp2"
+  storage_encrypted    = true
+  
+  db_name  = var.db_name
+  username = var.db_username
+  password = var.db_password
+  
+  db_subnet_group_name   = aws_db_subnet_group.main.name
+  vpc_security_group_ids = [var.security_group_id]
+  
+  publicly_accessible    = false
+  skip_final_snapshot    = true
+  backup_retention_period = 7
+  backup_window          = "00:01-00:31"
+  
+  tags = {
+    Name        = "sacc4-rds-${var.environment}"
+    Environment = var.environment
+  }
+}
+
+output "endpoint" {
+  value     = aws_db_instance.main.endpoint
+  sensitive = true
+}
+
+output "db_name" { value = aws_db_instance.main.db_name }
@@ -0,0 +1,80 @@
+variable "vpc_id" {}
+variable "environment" {}
+variable "my_ip" {}
+
+resource "aws_security_group" "ec2" {
+  name        = "sacc4-ec2-sg-${var.environment}"
+  description = "Security group para instancia EC2 SACC4"
+  vpc_id      = var.vpc_id
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = [var.my_ip]
+    description = "SSH desde IP autorizada"
+  }
+
+  ingress {
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+    description = "HTTP"
+  }
+
+  ingress {
+    from_port   = 443
+    to_port     = 443
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+    description = "HTTPS"
+  }
+
+  ingress {
+    from_port   = 8080
+    to_port     = 8085
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.main.cidr_block]
+    description = "APIs internas"
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  tags = { Name = "sacc4-ec2-sg-${var.environment}" }
+}
+
+resource "aws_security_group" "rds" {
+  name        = "sacc4-rds-sg-${var.environment}"
+  description = "Security group para RDS MariaDB"
+  vpc_id      = var.vpc_id
+
+  ingress {
+    from_port       = 3306
+    to_port         = 3306
+    protocol        = "tcp"
+    security_groups = [aws_security_group.ec2.id]
+    description     = "MariaDB desde EC2"
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  tags = { Name = "sacc4-rds-sg-${var.environment}" }
+}
+
+resource "aws_vpc" "main" {
+  cidr_block = "10.3.0.0/16"
+}
+
+output "ec2_sg_id" { value = aws_security_group.ec2.id }
+output "rds_sg_id" { value = aws_security_group.rds.id }
@@ -0,0 +1,51 @@
+variable "vpc_cidr" {}
+variable "environment" {}
+variable "availability_zones" { type = list(string) }
+
+resource "aws_vpc" "main" {
+  cidr_block           = var.vpc_cidr
+  enable_dns_hostnames = true
+  enable_dns_support   = true
+  tags = { Name = "sacc4-vpc-${var.environment}" }
+}
+
+resource "aws_internet_gateway" "main" {
+  vpc_id = aws_vpc.main.id
+  tags   = { Name = "sacc4-igw-${var.environment}" }
+}
+
+resource "aws_subnet" "public" {
+  count                   = 2
+  vpc_id                  = aws_vpc.main.id
+  cidr_block              = cidrsubnet(var.vpc_cidr, 8, count.index + 1)
+  availability_zone       = var.availability_zones[count.index]
+  map_public_ip_on_launch = true
+  tags = { Name = "sacc4-public-${count.index + 1}-${var.environment}" }
+}
+
+resource "aws_subnet" "private" {
+  count             = 2
+  vpc_id            = aws_vpc.main.id
+  cidr_block        = cidrsubnet(var.vpc_cidr, 8, count.index + 11)
+  availability_zone = var.availability_zones[count.index]
+  tags = { Name = "sacc4-private-${count.index + 1}-${var.environment}" }
+}
+
+resource "aws_route_table" "public" {
+  vpc_id = aws_vpc.main.id
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.main.id
+  }
+  tags = { Name = "sacc4-public-rt-${var.environment}" }
+}
+
+resource "aws_route_table_association" "public" {
+  count          = 2
+  subnet_id      = aws_subnet.public[count.index].id
+  route_table_id = aws_route_table.public.id
+}
+
+output "vpc_id" { value = aws_vpc.main.id }
+output "public_subnet_ids" { value = aws_subnet.public[*].id }
+output "private_subnet_ids" { value = aws_subnet.private[*].id }