Using Terraform how to get EC2 to reference a Cloudformation Datomic instance

Question

Given the Datomic Cloudformation template (described here and here ), I can deploy a Datomic instance in AWS. I can also use Terraform to automate this.

Using Terraform, how do we put a load balancer in front of the instance in that instance in the Cloudformation template?

Using Terraform, how do we put a Route53 domain name in front of the Datomic instance (or load balancer) in the Cloudformation template?

The Datomic Cloudformation template looks like this:

cf.json

{"Resources":
 {"LaunchGroup":
  {"Type":"AWS::AutoScaling::AutoScalingGroup",
   "Properties":
   {"MinSize":{"Ref":"GroupSize"},
    "Tags":
    [{"Key":"Name",
      "Value":{"Ref":"AWS::StackName"},
      "PropagateAtLaunch":"true"}],
    "MaxSize":{"Ref":"GroupSize"},
    "AvailabilityZones":{"Fn::GetAZs":""},
    "LaunchConfigurationName":{"Ref":"LaunchConfig"}}},
  "LaunchConfig":
  {"Type":"AWS::AutoScaling::LaunchConfiguration",
   "Properties":
   {"ImageId":
    {"Fn::FindInMap":
     ["AWSRegionArch2AMI", {"Ref":"AWS::Region"},
      {"Fn::FindInMap":
       ["AWSInstanceType2Arch", {"Ref":"InstanceType"}, "Arch"]}]},
    "UserData":
    {"Fn::Base64":
     {"Fn::Join":
      ["\n",
       ["exec > >(tee \/var\/log\/user-data.log|logger -t user-data -s 2>\/dev\/console) 2>&1",
        {"Fn::Join":["=", ["export XMX", {"Ref":"Xmx"}]]},
        {"Fn::Join":["=", ["export JAVA_OPTS", {"Ref":"JavaOpts"}]]},
        {"Fn::Join":
         ["=",
          ["export DATOMIC_DEPLOY_BUCKET",
           {"Ref":"DatomicDeployBucket"}]]},
        {"Fn::Join":
         ["=", ["export DATOMIC_VERSION", {"Ref":"DatomicVersion"}]]},
        "cd \/datomic", "cat <<EOF >aws.properties",
        "host=`curl http:\/\/169.254.169.254\/latest\/meta-data\/local-ipv4`",
        "alt-host=`curl http:\/\/169.254.169.254\/latest\/meta-data\/public-ipv4`",
        "aws-dynamodb-region=us-east-1\naws-transactor-role=datomic-aws-transactor-10\naws-peer-role=datomic-aws-peer-10\nprotocol=ddb\nmemory-index-max=256m\nport=4334\nmemory-index-threshold=32m\nobject-cache-max=128m\nlicense-key=\naws-dynamodb-table=your-system-name",
        "EOF", "chmod 744 aws.properties",
        "AWS_ACCESS_KEY_ID=\"${DATOMIC_READ_DEPLOY_ACCESS_KEY_ID}\" AWS_SECRET_ACCESS_KEY=\"${DATOMIC_READ_DEPLOY_AWS_SECRET_KEY}\" aws s3 cp \"s3:\/\/${DATOMIC_DEPLOY_BUCKET}\/${DATOMIC_VERSION}\/startup.sh\" startup.sh",
        "chmod 500 startup.sh", ".\/startup.sh"]]}},
    "InstanceType":{"Ref":"InstanceType"},
    "InstanceMonitoring":{"Ref":"InstanceMonitoring"},
    "SecurityGroups":{"Ref":"SecurityGroups"},
    "IamInstanceProfile":{"Ref":"InstanceProfile"},
    "BlockDeviceMappings":
    [{"DeviceName":"\/dev\/sdb", "VirtualName":"ephemeral0"}]}}},
 "Mappings":
 {"AWSInstanceType2Arch":
  {"m3.large":{"Arch":"64h"},
   "c4.8xlarge":{"Arch":"64h"},
   "t2.2xlarge":{"Arch":"64h"},
   "c3.large":{"Arch":"64h"},
   "hs1.8xlarge":{"Arch":"64h"},
   "i2.xlarge":{"Arch":"64h"},
   "r4.4xlarge":{"Arch":"64h"},
   "m1.small":{"Arch":"64p"},
   "m4.large":{"Arch":"64h"},
   "m4.xlarge":{"Arch":"64h"},
   "c3.8xlarge":{"Arch":"64h"},
   "m1.xlarge":{"Arch":"64p"},
   "cr1.8xlarge":{"Arch":"64h"},
   "m4.10xlarge":{"Arch":"64h"},
   "i3.8xlarge":{"Arch":"64h"},
   "m3.2xlarge":{"Arch":"64h"},
   "r4.large":{"Arch":"64h"},
   "c4.xlarge":{"Arch":"64h"},
   "t2.medium":{"Arch":"64h"},
   "t2.xlarge":{"Arch":"64h"},
   "c4.large":{"Arch":"64h"},
   "c3.2xlarge":{"Arch":"64h"},
   "m4.2xlarge":{"Arch":"64h"},
   "i3.2xlarge":{"Arch":"64h"},
   "m2.2xlarge":{"Arch":"64p"},
   "c4.2xlarge":{"Arch":"64h"},
   "cc2.8xlarge":{"Arch":"64h"},
   "hi1.4xlarge":{"Arch":"64p"},
   "m4.4xlarge":{"Arch":"64h"},
   "i3.16xlarge":{"Arch":"64h"},
   "r3.4xlarge":{"Arch":"64h"},
   "m1.large":{"Arch":"64p"},
   "m2.4xlarge":{"Arch":"64p"},
   "c3.4xlarge":{"Arch":"64h"},
   "r3.large":{"Arch":"64h"},
   "c4.4xlarge":{"Arch":"64h"},
   "r3.xlarge":{"Arch":"64h"},
   "m2.xlarge":{"Arch":"64p"},
   "r4.16xlarge":{"Arch":"64h"},
   "t2.large":{"Arch":"64h"},
   "m3.xlarge":{"Arch":"64h"},
   "i2.4xlarge":{"Arch":"64h"},
   "r4.8xlarge":{"Arch":"64h"},
   "i3.large":{"Arch":"64h"},
   "r3.8xlarge":{"Arch":"64h"},
   "c1.medium":{"Arch":"64p"},
   "r4.2xlarge":{"Arch":"64h"},
   "i2.8xlarge":{"Arch":"64h"},
   "m3.medium":{"Arch":"64h"},
   "r3.2xlarge":{"Arch":"64h"},
   "m1.medium":{"Arch":"64p"},
   "i3.4xlarge":{"Arch":"64h"},
   "m4.16xlarge":{"Arch":"64h"},
   "i3.xlarge":{"Arch":"64h"},
   "r4.xlarge":{"Arch":"64h"},
   "c1.xlarge":{"Arch":"64p"},
   "t1.micro":{"Arch":"64p"},
   "c3.xlarge":{"Arch":"64h"},
   "i2.2xlarge":{"Arch":"64h"},
   "t2.small":{"Arch":"64h"}},
  "AWSRegionArch2AMI":
  {"ap-northeast-1":{"64p":"ami-eb494d8c", "64h":"ami-81f7cde6"},
   "ap-northeast-2":{"64p":"ami-6eb66a00", "64h":"ami-f594489b"},
   "ca-central-1":{"64p":"ami-204bf744", "64h":"ami-5e5be73a"},
   "us-east-2":{"64p":"ami-5b42643e", "64h":"ami-896c4aec"},
   "eu-west-2":{"64p":"ami-e52d3a81", "64h":"ami-55091e31"},
   "us-west-1":{"64p":"ami-97cbebf7", "64h":"ami-442a0a24"},
   "ap-southeast-1":{"64p":"ami-db1492b8", "64h":"ami-3e90165d"},
   "us-west-2":{"64p":"ami-daa5c6ba", "64h":"ami-cb5030ab"},
   "eu-central-1":{"64p":"ami-f3f02b9c", "64h":"ami-d564bcba"},
   "us-east-1":{"64p":"ami-7f5f1e69", "64h":"ami-da5110cc"},
   "eu-west-1":{"64p":"ami-66001700", "64h":"ami-77465211"},
   "ap-southeast-2":{"64p":"ami-32cbdf51", "64h":"ami-66647005"},
   "ap-south-1":{"64p":"ami-82126eed", "64h":"ami-723c401d"},
   "sa-east-1":{"64p":"ami-afd7b9c3", "64h":"ami-ab9af4c7"}}},
 "Parameters":
 {"InstanceType":
  {"Description":"Type of EC2 instance to launch",
   "Type":"String",
   "Default":"c3.large"},
  "InstanceProfile":
  {"Description":"Preexisting IAM role \/ instance profile",
   "Type":"String",
   "Default":"datomic-aws-transactor-10"},
  "Xmx":
  {"Description":"Xmx setting for the JVM",
   "Type":"String",
   "AllowedPattern":"\\d+[GgMm]",
   "Default":"2625m"},
  "GroupSize":
  {"Description":"Size of machine group",
   "Type":"String",
   "Default":"1"},
  "InstanceMonitoring":
  {"Description":"Detailed monitoring for store instances?",
   "Type":"String",
   "Default":"true"},
  "JavaOpts":
  {"Description":"Options passed to Java launcher",
   "Type":"String",
   "Default":""},
  "SecurityGroups":
  {"Description":"Preexisting security groups.",
   "Type":"CommaDelimitedList",
   "Default":"datomic"},
  "DatomicDeployBucket":
  {"Type":"String",
   "Default":"deploy-a0dbc565-faf2-4760-9b7e-29a8e45f428e"},
  "DatomicVersion":{"Type":"String", "Default":"0.9.5561.50"}},
 "Description":"Datomic Transactor Template"}

samples/cf-template.properties

#################################################################
# AWS instance and group settings
#################################################################

# required
# AWS instance type. See http://aws.amazon.com/ec2/instance-types/ for
# a list of legal instance types.
aws-instance-type=c3.large

# required, see http://docs.amazonwebservices.com/general/latest/gr/rande.html#ddb_region
aws-region=us-east-1

# required
# Enable detailed monitoring of AWS instances.
aws-instance-monitoring=true

# required
# Set group size >1 to create a standby pool for High Availability.
aws-autoscaling-group-size=1

# required, default = 70% of AWS instance RAM
# Passed to java launcher via -Xmx
java-xmx=

#################################################################
# Java VM options
#
# If you set the java-opts property, it will entirely replace the
# value used by bin/transactor, which you should consult as a
# starting point if you are configuring GC.
#
# Note that the single-quoting is necessary due to the whitespace
# between options.
#################################################################
# java-opts='-XX:+UseConcMarkSweepGC -XX:+UseParNewGC -XX:+CMSParallelRemarkEnabled -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly'

#################################################################
# security settings
#
# You must specify at least one of aws-ingress-grops or
# aws-ingress-cidrs to allows peers to connect!
#################################################################
# required
# The transactor needs to run in a security group that opens the
# transactor port to legal peers. If you specify a security group,
# `bin/transactor ensure-cf ...` will ensure that security group
# allows ingress on the transactor port.
aws-security-group=datomic

# Comma-delimited list of security groups. Security group syntax:
#    group-name or aws-account-id:group-name
aws-ingress-groups=datomic

# Comma-delimited list of CIDRS.
# aws-ingress-cidrs=0.0.0.0/0

#################################################################
# datomic deployment settings
#################################################################
# required, default = VERSION number of Datomic you deploy from
# Which Datomic version to run.
datomic-version=

# required
# download Datomic from this bucket on startup. You typically will not change this.
datomic-deploy-s3-bucket=some-value

Answer 1

Unless you can't easily avoid it, I wouldn't recommend mixing Cloudformation with Terraform because it's going to make it a pain to do a lot of things. Normally I'd only recommend it for things such as the rare occurrences that Cloudformation covers a resource but not Terraform.

If you do need to do this you should be in luck because your Cloudformation template adds a tag to the autoscaling group with your instance(s) in that you can use to then link a load balancer to the autoscaling group and have the instances attach themselves to the load balancer as they are created (and detach when they are being deleted).

Unfortunately the Cloudformation template doesn't simply output the autoscaling group name so you'll probably need to do this in two separate terraform apply actions (probably keeping the configuration in separate folders).

Assuming something like this for your Cloudformation stack:

resource "aws_cloudformation_stack" "datomic" {
  name = "datomic-stack"
...
}

Then a minimal example looks something like this:

data "aws_autoscaling_groups" "datomic" {
  filter {
    name = "key"
    values = ["AWS::StackName"]
  }

  filter {
    name = "value"
    values = ["datomic-stack"]
  }
}

resource "aws_lb_target_group" "datomic" {
  name     = "datomic-lb-tg"
  port     = 80
  protocol = "HTTP"
  vpc_id   = "${var.vpc_id}"
}

resource "aws_lb" "datomic" {
  name            = "datomic-lb"
  internal        = false
  security_groups = ["${var.security_group_id}"]
  subnets         = ["${var.subnet_id"]
}

resource "aws_autoscaling_attachment" "asg_attachment" {
  autoscaling_group_name = "${data.aws_autoscaling_groups.datomic.names[0]}"
  alb_target_group_arn   = "${aws_alb_target_group.datomic.arn}"
}


resource "aws_lb_listener" "datomic" {
  load_balancer_arn = "${aws_lb.datomic.arn}"
  port              = "80"
  protocol          = "HTTP"

  default_action {
    target_group_arn = "${aws_lb_target_group.datomic.arn}"
    type             = "forward"
  }
}

The above config will find the autoscaling group created by the Cloudformation template and then attach it to an application load balancer that listens for HTTP traffic and forwards HTTP traffic to the Datomic instances.

It's trivial from here to add a Route53 record to the load balancer but because your instances are in an autoscaling group you can't easily add Route53 records for these instances (and probably shouldn't need to).