mirror of
https://github.com/karpathy/nanochat.git
synced 2026-05-10 18:00:17 +00:00
b381933c3b
Add reusable Terraform modules and per-environment configs (dev/uat/prod) in us-west-2 covering: VPC (3 AZ public/private), EKS 1.29 with IRSA and ALB/EBS/EFS CSI add-ons, RDS PostgreSQL 15, four ECR repos, IAM roles (EKS node, ALB controller IRSA, GitHub Actions OIDC), Route53 + ACM for samosachaat.art, and EFS for model weights. State backend on S3 (samosachaat-terraform-state) with DynamoDB lock table. terraform validate passes for dev, uat, and prod. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
88 lines
2.0 KiB
HCL
88 lines
2.0 KiB
HCL
terraform {
|
|
required_version = ">= 1.5.0"
|
|
required_providers {
|
|
aws = {
|
|
source = "hashicorp/aws"
|
|
version = ">= 5.0"
|
|
}
|
|
random = {
|
|
source = "hashicorp/random"
|
|
version = ">= 3.5"
|
|
}
|
|
}
|
|
}
|
|
|
|
resource "random_password" "db" {
|
|
length = 32
|
|
special = true
|
|
override_special = "!#$%&*()-_=+[]{}<>:?"
|
|
}
|
|
|
|
resource "aws_security_group" "db" {
|
|
name = "${var.identifier}-rds-sg"
|
|
description = "PostgreSQL access for samosaChaat from EKS nodes only"
|
|
vpc_id = var.vpc_id
|
|
|
|
ingress {
|
|
description = "PostgreSQL from EKS nodes"
|
|
from_port = 5432
|
|
to_port = 5432
|
|
protocol = "tcp"
|
|
security_groups = [var.eks_node_security_group_id]
|
|
}
|
|
|
|
egress {
|
|
from_port = 0
|
|
to_port = 0
|
|
protocol = "-1"
|
|
cidr_blocks = ["0.0.0.0/0"]
|
|
}
|
|
|
|
tags = var.tags
|
|
}
|
|
|
|
module "db" {
|
|
source = "terraform-aws-modules/rds/aws"
|
|
version = "~> 6.0"
|
|
|
|
identifier = var.identifier
|
|
|
|
engine = "postgres"
|
|
engine_version = "15"
|
|
family = "postgres15"
|
|
major_engine_version = "15"
|
|
instance_class = var.instance_class
|
|
|
|
allocated_storage = var.allocated_storage
|
|
max_allocated_storage = var.max_allocated_storage
|
|
storage_encrypted = true
|
|
|
|
db_name = var.db_name
|
|
username = var.db_username
|
|
password = random_password.db.result
|
|
port = 5432
|
|
|
|
manage_master_user_password = false
|
|
|
|
multi_az = var.multi_az
|
|
db_subnet_group_name = null
|
|
subnet_ids = var.private_subnet_ids
|
|
create_db_subnet_group = true
|
|
vpc_security_group_ids = [aws_security_group.db.id]
|
|
|
|
publicly_accessible = false
|
|
|
|
backup_retention_period = 7
|
|
backup_window = "03:00-04:00"
|
|
maintenance_window = "Mon:04:00-Mon:05:00"
|
|
|
|
skip_final_snapshot = var.skip_final_snapshot
|
|
deletion_protection = var.deletion_protection
|
|
|
|
performance_insights_enabled = true
|
|
create_monitoring_role = true
|
|
monitoring_interval = 60
|
|
|
|
tags = var.tags
|
|
}
|