Initial commit of Terraform config to build AMS/livefeed demos on AWS

Author: jgrevich

.gitignore

@@ -0,0 +1,4 @@
+.DS_Store
+.terraform
+terraform.tfstate
+terraform.tfstate.backup

cloud-init.sh

@@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+
+echo "add public keys to authorized_keys"
+
+read -r -d '' public_keys <<'EOF'
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1Te88nbLhOWlvjPJ8Ig4ZnNcfBrCb6Q5OaKOEhvaJ/xNm6ZjqcAo4tF0UklTyLAFwAb08E9ibE2lyu7BEq307q8v7yyu6n/L8riJraEVltLre+ZWBRCCZkts/EhnFjiRxSJ+3rZXLxAGCDStHC6X1dlZu9d50KH/GDBXEBYMCsMUdWd57DFLHZALg0CpSlkNCijzdD1mxjRu9bh7HfXYE9421UzswfPyuPC5bUM1uctYhD4muDq4PHmw2VpCSHVRuSmDUeTVPpg/PI4YJ7zBxIdu32hB2CaG6VMRWDUX7dDR1tjtK3jDuC8OOhAB9Fl6nv7Grp9GPQzKfP5SsAIxv jgrevich
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDpJR60jRCwIWLylRj1NPweE9r6KB4W6Nvh2VSgpt64mJrNNBITpaN7EJt6TTHVJzVfGjdZdrc34mJEH9Jh8xzFH51IlIjcPoq4FgtU2D1fyWL8KL+TpmXefcHeQYGkJv5qBf1Glg8laEjgCZ+7j//Jqm9Brg2tKULkDVxy8S/kD7dfh4VWFa7mKfgAZfnEwSW0FYHB9bhTDUJQGR6sHcN057ACFxO1JZbB6be/OssgKrzhJGaVyFJuKUwKUqaeTzJkuRqO/SgCvQnzx+I6eKofjCgi9HI4OhsNjlURJOW93t2aHt7j6g5H1UZeeyMVt6RmsLg/+Jtws/aM2K9bJLMYB1BB0B5rl1Q5FZ5FNsC5CdbwcBxSnTWkjfw9YGjlrCtQy70sNJ+evxjfVAcKnDVlzqGU1z6eZiiNgFubrLAsPip0HRbqTUCDtiwoTvciy+Ik/ywQlsa0Z0rmnrVhK4c8/GLXJUtU6s5oJ3iBZcUY6jTMC18JdL+eQbcOE1AQXxp25D52mF89syXufh1ZoZWYLTx3Q27/ZQv1tXFFi5sGDEGPHKFkW55PBREu8go9LlX4+9UXAdGkXFnvW41Hao8in6BuHDnERPF3k9rHd/uF5KECBujZp9OAdGDg+nD5XZ6lGNNg7f1+4ihBAGweoS7pDoZFgRvXLPXcw36Ly+rEQ== [email protected]
+EOF
+
+echo $public_keys >> /home/ubuntu/.ssh/authorized_keys
+
+echo "install docker"
+export DEBIAN_FRONTEND=noninteractive
+sudo snap install -y docker
+sudo apt update
+sudo apt install -y docker.io 
+
+echo "start and enable docker on restart"
+sudo systemctl start docker
+sudo systemctl enable docker
+
+echo "add ubuntu user to docker group so docker can be used without sudo"
+sudo usermod -aG docker ubuntu
+
+echo "create a new shell with the ubuntu user and updated group"
+sudo su - ubuntu
+
+echo "clone dockerized AMS"
+git clone https://github.com/veriskope/docker-adobe-media-server.git
+
+echo "build AMS container"
+cd docker-adobe-media-server
+docker build --tag=ams .
+echo "start container and map ports"
+docker run -p 80:80 -p 443:443 -p 1111:1111 -p 1935:1935 --name ams -d ams
+
+echo "docker install and setup is done"

ec2.tf

@@ -0,0 +1,71 @@
+# https://cloud-images.ubuntu.com/locator/ec2/
+# ubuntu 18.04 lts hvm:instance-store ami-04aa802b835dec952
+# ubuntu 18.04 lts hvm:ebs-ssd ami-06d51e91cea0dac8d 
+
+resource "aws_instance" "ams_5015" {
+  ami                         = "ami-06d51e91cea0dac8d"
+  instance_type               = "t2.micro"
+  key_name                    = "${aws_key_pair.default.key_name}"
+  subnet_id                   = "${aws_subnet.ams_a.id}"
+  user_data                   = "${file("cloud-init.sh")}"
+  vpc_security_group_ids      = ["${aws_security_group.ams.id}"]
+}
+
+resource "aws_eip" "ams_5015" {
+  instance = "${aws_instance.ams_5015.id}"
+}
+
+output "ams_5015_public_dns" {
+  value = "${aws_eip.ams_5015.public_dns}"
+}
+
+output "ams_5015_public_ip" {
+  value = "${aws_eip.ams_5015.public_ip}"
+}
+
+resource "aws_instance" "ams_demo" {
+  ami                         = "ami-06d51e91cea0dac8d"
+  instance_type               = "t2.micro"
+  key_name                    = "${aws_key_pair.default.key_name}"
+  subnet_id                   = "${aws_subnet.ams_a.id}"
+  user_data                   = "${file("cloud-init.sh")}"
+  vpc_security_group_ids      = ["${aws_security_group.ams.id}"]
+}
+
+resource "aws_eip" "ams_demo" {
+  instance = "${aws_instance.ams_demo.id}"
+}
+
+output "ams_demo_public_dns" {
+  value = "${aws_eip.ams_demo.public_dns}"
+}
+
+output "ams_demo_public_ip" {
+  value = "${aws_eip.ams_demo.public_ip}"
+}
+
+resource "aws_instance" "livefeed_demo" {
+  ami                         = "ami-06d51e91cea0dac8d"
+  instance_type               = "t2.micro"
+  key_name                    = "${aws_key_pair.default.key_name}"
+  subnet_id                   = "${aws_subnet.ams_a.id}"
+  user_data                   = "${file("livefeed-cloud-init.sh")}"
+  vpc_security_group_ids      = ["${aws_security_group.ams.id}"]
+}
+
+resource "aws_eip" "livefeed_demo" {
+  instance = "${aws_instance.livefeed_demo.id}"
+}
+
+output "livefeed_demo_public_dns" {
+  value = "${aws_eip.livefeed_demo.public_dns}"
+}
+
+output "livefeed_demo_public_ip" {
+  value = "${aws_eip.livefeed_demo.public_ip}"
+}
+
+resource "aws_key_pair" "default" {
+  key_name   = "default ssh key"
+  public_key = "${var.ssh_public_key}"
+}

livefeed-cloud-init.sh

@@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+
+echo "add public keys to authorized_keys"
+
+read -r -d '' public_keys <<'EOF'
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1Te88nbLhOWlvjPJ8Ig4ZnNcfBrCb6Q5OaKOEhvaJ/xNm6ZjqcAo4tF0UklTyLAFwAb08E9ibE2lyu7BEq307q8v7yyu6n/L8riJraEVltLre+ZWBRCCZkts/EhnFjiRxSJ+3rZXLxAGCDStHC6X1dlZu9d50KH/GDBXEBYMCsMUdWd57DFLHZALg0CpSlkNCijzdD1mxjRu9bh7HfXYE9421UzswfPyuPC5bUM1uctYhD4muDq4PHmw2VpCSHVRuSmDUeTVPpg/PI4YJ7zBxIdu32hB2CaG6VMRWDUX7dDR1tjtK3jDuC8OOhAB9Fl6nv7Grp9GPQzKfP5SsAIxv jgrevich
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDpJR60jRCwIWLylRj1NPweE9r6KB4W6Nvh2VSgpt64mJrNNBITpaN7EJt6TTHVJzVfGjdZdrc34mJEH9Jh8xzFH51IlIjcPoq4FgtU2D1fyWL8KL+TpmXefcHeQYGkJv5qBf1Glg8laEjgCZ+7j//Jqm9Brg2tKULkDVxy8S/kD7dfh4VWFa7mKfgAZfnEwSW0FYHB9bhTDUJQGR6sHcN057ACFxO1JZbB6be/OssgKrzhJGaVyFJuKUwKUqaeTzJkuRqO/SgCvQnzx+I6eKofjCgi9HI4OhsNjlURJOW93t2aHt7j6g5H1UZeeyMVt6RmsLg/+Jtws/aM2K9bJLMYB1BB0B5rl1Q5FZ5FNsC5CdbwcBxSnTWkjfw9YGjlrCtQy70sNJ+evxjfVAcKnDVlzqGU1z6eZiiNgFubrLAsPip0HRbqTUCDtiwoTvciy+Ik/ywQlsa0Z0rmnrVhK4c8/GLXJUtU6s5oJ3iBZcUY6jTMC18JdL+eQbcOE1AQXxp25D52mF89syXufh1ZoZWYLTx3Q27/ZQv1tXFFi5sGDEGPHKFkW55PBREu8go9LlX4+9UXAdGkXFnvW41Hao8in6BuHDnERPF3k9rHd/uF5KECBujZp9OAdGDg+nD5XZ6lGNNg7f1+4ihBAGweoS7pDoZFgRvXLPXcw36Ly+rEQ== [email protected]
+EOF
+
+echo $public_keys >> /home/ubuntu/.ssh/authorized_keys
+
+echo "install docker"
+export DEBIAN_FRONTEND=noninteractive
+sudo snap install -y docker
+sudo apt update
+sudo apt install -y docker.io 
+
+echo "start and enable docker on restart"
+sudo systemctl start docker
+sudo systemctl enable docker
+
+echo "add ubuntu user to docker group so docker can be used without sudo"
+sudo usermod -aG docker ubuntu
+
+echo "create a new shell with the ubuntu user and updated group"
+sudo su - ubuntu
+
+echo "clone livefeed demo"
+git clone https://github.com/veriskope/docker-adobe-media-server.git
+
+echo "build livefeed container"
+# cd docker-adobe-media-server
+# docker build --tag=ams .
+echo "start container and map ports"
+# docker run -p 80:80 -p 443:443 -p 1111:1111 -p 1935:1935 --name ams -d ams
+
+echo "docker install and setup is done"

main.tf

@@ -0,0 +1,34 @@
+# Configure the AWS Providers
+provider "aws" {
+  version = "~> 2.0"
+  region  = "us-west-2"
+  alias = "usw2"
+}
+
+provider "aws" {
+  version = "~> 2.0"
+  region  = "eu-west-2"
+  alias = "euw2"
+}
+
+# Bucket initially created using AWS CLI
+#
+# aws s3api create-bucket --bucket ams-terraform-backend-store \
+#    --region us-west-2 \
+#    --create-bucket-configuration \
+#    LocationConstraint=us-west-2
+#
+# aws s3api put-bucket-encryption \
+#     --bucket ams-terraform-backend-store \
+#     --server-side-encryption-configuration={\"Rules\":[{\"ApplyServerSideEncryptionByDefault\":{\"SSEAlgorithm\":\"AES256\"}}]}
+#
+
+data "terraform_remote_state" "s3" {
+  backend = "s3"
+  config = {
+    bucket  = "ams-terraform-backend-store"
+    encrypt = true
+    key     = "terraform/terraform.tfstate"
+    region  = "us-west-2"
+  }
+}

variables.tf

@@ -0,0 +1,4 @@
+variable "ssh_public_key" {
+    description = "SSH key used to login to server until we have a proper base image that includes the necessary keys"
+    default = ""
+}

vpc.tf

@@ -0,0 +1,91 @@
+resource "aws_internet_gateway" "default" {
+  vpc_id = "${aws_vpc.default.id}"
+}
+
+resource "aws_route" "default" {
+    route_table_id = "${aws_vpc.default.main_route_table_id}"
+    destination_cidr_block = "0.0.0.0/0"
+    gateway_id = "${aws_internet_gateway.default.id}"
+}
+
+resource "aws_security_group" "ams" {
+  name = "ams"
+  description = "Base security group for AMS instances"
+  vpc_id = "${aws_vpc.default.id}"
+
+  egress {
+    description = "allow egress to anywhere"
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  # allow SSH in from anywhere
+  ingress {
+    description = "allow SSH in from anywhere"
+    protocol    = "tcp"
+    from_port   = 22
+    to_port     = 22
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  ingress {
+    description = "allow HTTP in from anywhere"
+    protocol    = "tcp"
+    from_port   = 80
+    to_port     = 80
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  ingress {
+    description = "allow HTTPS in from anywhere"
+    protocol    = "tcp"
+    from_port   = 443
+    to_port     = 443
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  ingress {
+    description = "allow AMS Admin RTMP in from anywhere"
+    protocol    = "tcp"
+    from_port   = 1111
+    to_port     = 1111
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  ingress {
+    description = "allow RTMP streams in from anywhere"
+    protocol    = "tcp"
+    from_port   = 1935
+    to_port     = 1935
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  # allow ICMP within VPC
+  ingress {
+    protocol  = "icmp"
+    from_port = -1
+    to_port   = -1
+    cidr_blocks = ["${aws_vpc.default.cidr_block}"]
+  }
+
+  egress {
+    protocol  = "icmp"
+    from_port = -1
+    to_port   = -1
+    cidr_blocks = ["${aws_vpc.default.cidr_block}"]
+  }
+}
+
+resource "aws_subnet" "ams_a" {
+  vpc_id            = "${aws_vpc.default.id}"
+  cidr_block        = "192.168.0.0/24"
+  availability_zone = "us-west-2a"
+}
+
+resource "aws_vpc" "default" {
+  cidr_block = "192.168.0.0/16"
+  enable_dns_support = true
+  enable_dns_hostnames = true
+}