From a77016d67c9b8f51de5a8f116112e08f2daf05dc Mon Sep 17 00:00:00 2001
From: Benjamin Edwards <edwards.benw@gmail.com>
Date: Mon, 27 Nov 2023 16:39:36 -0500
Subject: [PATCH] Dogfood Free (#15326)

Creating free.fleetdm.com hosted in the same terraform workspace as
dogfood and thus will be controlled by dogfood deploys
---
 .../aws-tf-module/.terraform.lock.hcl         |   4 +
 .../dogfood/terraform/aws-tf-module/free.tf   | 133 ++++++++++++++++++
 2 files changed, 137 insertions(+)
 create mode 100644 infrastructure/dogfood/terraform/aws-tf-module/free.tf

diff --git a/infrastructure/dogfood/terraform/aws-tf-module/.terraform.lock.hcl b/infrastructure/dogfood/terraform/aws-tf-module/.terraform.lock.hcl
index c5efc0ad5c..ab6d0f5c9d 100644
--- a/infrastructure/dogfood/terraform/aws-tf-module/.terraform.lock.hcl
+++ b/infrastructure/dogfood/terraform/aws-tf-module/.terraform.lock.hcl
@@ -4,6 +4,7 @@
 provider "registry.terraform.io/hashicorp/archive" {
   version = "2.4.0"
   hashes = [
+    "h1:EtN1lnoHoov3rASpgGmh6zZ/W6aRCTgKC7iMwvFY1yc=",
     "h1:cJokkjeH1jfpG4QEHdRx0t2j8rr52H33A7C/oX73Ok4=",
     "zh:18e408596dd53048f7fc8229098d0e3ad940b92036a24287eff63e2caec72594",
     "zh:392d4216ecd1a1fd933d23f4486b642a8480f934c13e2cae3c13b6b6a7e34a7b",
@@ -25,6 +26,7 @@ provider "registry.terraform.io/hashicorp/aws" {
   constraints = ">= 2.67.0, >= 3.0.0, >= 4.6.0, >= 4.8.0, >= 4.9.0, >= 4.18.0, >= 4.27.0, >= 4.30.0, >= 4.40.0, >= 5.0.0, ~> 5.0"
   hashes = [
     "h1:McIRw8larBNW5TeXxyiWd8fD55oj1szEbMOuSQOSDBs=",
+    "h1:UkBMGEScvNP+9JDzKXGrgj931LngYpIB8TBBUY+mvdg=",
     "zh:11a4062491e574c8e96b6bc7ced67b5e9338ccfa068223fc9042f9e1e7eda47a",
     "zh:4331f85aeb22223ab656d04b48337a033f44f02f685c8def604c4f8f4687d10f",
     "zh:915d6c996390736709f7ac7582cd41418463cfc07696218af6fea4a282df744a",
@@ -47,6 +49,7 @@ provider "registry.terraform.io/hashicorp/external" {
   version     = "2.3.2"
   constraints = ">= 1.0.0"
   hashes = [
+    "h1:7F6FVQh7OcCgIH3YEJg1SJDSb1CU4qrCtGuI2EBHnL8=",
     "h1:cy50n4q+Ir4GYppAfuYhQbBJVxMZbJUlIvM6FVK2axs=",
     "zh:020bf652739ecd841d696e6c1b85ce7dd803e9177136df8fb03aa08b87365389",
     "zh:0c7ea5a1cbf2e01a8627b8a84df69c93683f39fe947b288e958e72b9d12a827f",
@@ -89,6 +92,7 @@ provider "registry.terraform.io/hashicorp/null" {
   constraints = ">= 2.0.0"
   hashes = [
     "h1:IMVAUHKoydFrlPrl9OzasDnw/8ntZFerCC9iXw1rXQY=",
+    "h1:zT1ZbegaAYHwQa+QwIFugArWikRJI9dqohj8xb0GY88=",
     "zh:3248aae6a2198f3ec8394218d05bd5e42be59f43a3a7c0b71c66ec0df08b69e7",
     "zh:32b1aaa1c3013d33c245493f4a65465eab9436b454d250102729321a44c8ab9a",
     "zh:38eff7e470acb48f66380a73a5c7cdd76cc9b9c9ba9a7249c7991488abe22fe3",
diff --git a/infrastructure/dogfood/terraform/aws-tf-module/free.tf b/infrastructure/dogfood/terraform/aws-tf-module/free.tf
new file mode 100644
index 0000000000..a162ee0523
--- /dev/null
+++ b/infrastructure/dogfood/terraform/aws-tf-module/free.tf
@@ -0,0 +1,133 @@
+locals {
+  customer_free = "${local.customer}-free"
+  extra_environment_variables_free = {
+    FLEET_LOGGING_DEBUG                        = "true"
+    FLEET_LOGGING_JSON                         = "true"
+    FLEET_LOGGING_TRACING_ENABLED              = "true"
+    FLEET_LOGGING_TRACING_TYPE                 = "elasticapm"
+    FLEET_MYSQL_MAX_OPEN_CONNS                 = "25"
+    FLEET_VULNERABILITIES_DATABASES_PATH       = "/home/fleet"
+    FLEET_OSQUERY_ENABLE_ASYNC_HOST_PROCESSING = "false"
+    ELASTIC_APM_SERVER_URL                     = var.elastic_url
+    ELASTIC_APM_SECRET_TOKEN                   = var.elastic_token
+    ELASTIC_APM_SERVICE_NAME                   = "dogfood-free"
+  }
+}
+
+module "free" {
+  source = "github.com/fleetdm/fleet//terraform/byo-vpc?ref=tf-mod-byo-vpc-v1.7.1"
+  vpc_config = {
+    name   = local.customer_free
+    vpc_id = module.main.vpc.vpc_id
+    networking = {
+      subnets = module.main.vpc.private_subnets
+    }
+  }
+  rds_config = {
+    name                = local.customer_free
+    snapshot_identifier = "arn:aws:rds:us-east-2:611884880216:cluster-snapshot:a2023-03-06-pre-migration"
+    db_parameters = {
+      # 8mb up from 262144 (256k) default
+      sort_buffer_size = 8388608
+    }
+    # VPN
+    allowed_cidr_blocks = ["10.255.1.0/24", "10.255.2.0/24", "10.255.3.0/24"]
+    subnets             = module.main.vpc.database_subnets
+  }
+  redis_config = {
+    name = local.customer_free
+    log_delivery_configuration = [
+      {
+        destination      = "dogfood-free-redis-logs"
+        destination_type = "cloudwatch-logs"
+        log_format       = "json"
+        log_type         = "engine-log"
+      }
+    ]
+    subnets                       = module.main.vpc.elasticache_subnets
+    elasticache_subnet_group_name = module.main.vpc.elasticache_subnet_group_name
+    allowed_cidrs                 = module.main.vpc.private_subnets_cidr_blocks
+    availability_zones            = ["us-east-2a", "us-east-2b", "us-east-2c"]
+  }
+  ecs_cluster = {
+    cluster_name = local.customer_free
+  }
+  fleet_config = {
+    image               = "fleetdm/fleet:v4.40.0"
+    family              = local.customer_free
+    security_group_name = local.customer_free
+    awslogs = {
+      name      = local.customer_free
+      retention = 365
+    }
+    iam = {
+      role = {
+        name        = "${local.customer_free}-role"
+        policy_name = "${local.customer_free}-iam-policy"
+      }
+      execution = {
+        name        = "${local.customer_free}-execution-role"
+        policy_name = "${local.customer_free}-iam-policy-execution"
+      }
+    }
+    extra_iam_policies          = module.ses-free.fleet_extra_iam_policies
+    extra_environment_variables = merge(module.ses-free.fleet_extra_environment_variables, local.extra_environment_variables_free)
+  }
+  alb_config = {
+    name            = local.customer_free
+    certificate_arn = module.acm-free.acm_certificate_arn
+    subnets         = module.main.vpc.public_subnets
+    access_logs = {
+      bucket  = module.logging_alb.log_s3_bucket_id
+      prefix  = local.customer_free
+      enabled = true
+    }
+  }
+}
+
+module "acm-free" {
+  source  = "terraform-aws-modules/acm/aws"
+  version = "4.3.1"
+
+  domain_name = "free.fleetdm.com"
+  zone_id     = aws_route53_zone.free.id
+
+  wait_for_validation = true
+}
+
+resource "aws_route53_zone" "free" {
+  name = "free.fleetdm.com"
+}
+
+resource "aws_route53_record" "free" {
+  zone_id = aws_route53_zone.free.id
+  name    = "free.fleetdm.com"
+  type    = "A"
+
+  alias {
+    name                   = module.free.byo-db.alb.lb_dns_name
+    zone_id                = module.free.byo-db.alb.lb_zone_id
+    evaluate_target_health = true
+  }
+}
+
+module "ses-free" {
+  source  = "github.com/fleetdm/fleet//terraform/addons/ses?ref=tf-mod-addon-ses-v1.0.0"
+  zone_id = aws_route53_zone.free.zone_id
+  domain  = "free.fleetdm.com"
+}
+
+module "waf-free" {
+  source = "github.com/fleetdm/fleet//terraform/addons/waf-alb?ref=tf-mod-addon-waf-alb-v1.0.0"
+  name   = local.customer_free
+  lb_arn = module.free.byo-db.alb.lb_arn
+}
+
+module "migrations_free" {
+  source                   = "github.com/fleetdm/fleet//terraform/addons/migrations?ref=tf-mod-addon-migrations-v1.0.0"
+  ecs_cluster              = module.free.byo-db.byo-ecs.service.cluster
+  task_definition          = module.free.byo-db.byo-ecs.task_definition.family
+  task_definition_revision = module.free.byo-db.byo-ecs.task_definition.revision
+  subnets                  = module.free.byo-db.byo-ecs.service.network_configuration[0].subnets
+  security_groups          = module.free.byo-db.byo-ecs.service.network_configuration[0].security_groups
+}
\ No newline at end of file