Scribd
Upload
8 views

terraform scripts

This document is a Terraform configuration script for deploying a SailPoint IIQ application on AWS using EKS. It includes the creation of an S3 bucket for state management, IAM roles for the EKS cluster and worker nodes, an EKS cluster, an RDS database, and Kubernetes resources such as deployments and services. Additionally, it sets up auto-scaling for the application and outputs the service URL for access.

Uploaded by

satish_metahorizon
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
8 views

terraform scripts

This document is a Terraform configuration script for deploying a SailPoint IIQ application on AWS using EKS. It includes the creation of an S3 bucket for state management, IAM roles for the EKS cluster and worker nodes, an EKS cluster, an RDS database, and Kubernetes resources such as deployments and services. Additionally, it sets up auto-scaling for the application and outputs the service URL for access.

Uploaded by

satish_metahorizon
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 3

provider "aws" {

region = "us-east-1" # Change to your desired region


}

# Create an S3 bucket for Terraform state (optional, for production use)


resource "aws_s3_bucket" "terraform_state" {
bucket = "sailpoint-iiq-terraform-state"
acl = "private"
}

# Create IAM Role for EKS Cluster


resource "aws_iam_role" "eks_role" {
name = "eks-cluster-role"

assume_role_policy = jsonencode({
Version = "2012-10-17"
Statement = [{
Action = "sts:AssumeRole"
Effect = "Allow"
Principal = { Service = "eks.amazonaws.com" }
}]
})
}

resource "aws_iam_role_policy_attachment" "eks_cluster_policy" {


role = aws_iam_role.eks_role.name
policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
}

# Create an EKS Cluster


resource "aws_eks_cluster" "sailpoint_cluster" {
name = "sailpoint-iiq-cluster"
role_arn = aws_iam_role.eks_role.arn

vpc_config {
subnet_ids = ["subnet-abc123", "subnet-def456"] # Replace with your actual
subnet IDs
}
}

# Create IAM Role for Worker Nodes


resource "aws_iam_role" "eks_worker_role" {
name = "eks-worker-role"
assume_role_policy = jsonencode({
Version = "2012-10-17"
Statement = [{
Action = "sts:AssumeRole"
Effect = "Allow"
Principal = { Service = "ec2.amazonaws.com" }
}]
})
}

resource "aws_iam_role_policy_attachment" "worker_node_policy" {


role = aws_iam_role.eks_worker_role.name
policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy"
}

# Create an Auto Scaling Group for Worker Nodes


resource "aws_eks_node_group" "sailpoint_nodes" {
cluster_name = aws_eks_cluster.sailpoint_cluster.name
node_role_arn = aws_iam_role.eks_worker_role.arn
subnet_ids = ["subnet-abc123", "subnet-def456"]
instance_types = ["t3.medium"]
scaling_config {
desired_size = 2
max_size = 5
min_size = 2
}
}

# Create an RDS Database for SailPoint IIQ


resource "aws_db_instance" "sailpoint_db" {
identifier = "sailpoint-db"
engine = "mysql" # Change to PostgreSQL if needed
instance_class = "db.t3.medium"
allocated_storage = 20
username = "iiquser"
password = "ChangeMe123!" # Store securely using AWS Secrets Manager
publicly_accessible = false
skip_final_snapshot = true
}

# Deploy SailPoint IIQ on Kubernetes


resource "kubernetes_deployment" "sailpoint_iiq" {
metadata {
name = "sailpoint-iiq"
labels = { app = "sailpoint-iiq" }
}
spec {
replicas = 2
selector { match_labels = { app = "sailpoint-iiq" } }
template {
metadata { labels = { app = "sailpoint-iiq" } }
spec {
container {
image = "your-docker-repo/sailpoint-iiq:latest"
name = "sailpoint-iiq"
port { container_port = 8080 }
env {
name = "DB_HOST"
value = aws_db_instance.sailpoint_db.address
}
}
}
}
}
}

# Create Kubernetes LoadBalancer Service for SailPoint IIQ


resource "kubernetes_service" "sailpoint_service" {
metadata {
name = "sailpoint-iiq-service"
}
spec {
selector = { app = "sailpoint-iiq" }
port {
port = 80
target_port = 8080
}
type = "LoadBalancer"
}
}

# Enable Auto-scaling
resource "kubernetes_horizontal_pod_autoscaler" "sailpoint_hpa" {
metadata {
name = "sailpoint-iiq-hpa"
}
spec {
scale_target_ref {
kind = "Deployment"
name = kubernetes_deployment.sailpoint_iiq.metadata[0].name
api_version = "apps/v1"
}
min_replicas = 2
max_replicas = 5
target_cpu_utilization_percentage = 50
}
}

output "sailpoint_url" {
value =
kubernetes_service.sailpoint_service.status[0].load_balancer[0].ingress[0].hostname
}

You might also like