postgres-ai
diff --git a/‎docker-compose.yml‎
Lines changed: 29 additions & 10 deletions b/‎docker-compose.yml‎
Lines changed: 29 additions & 10 deletions
diff --git a/‎terraform/README.md‎
Lines changed: 92 additions & 0 deletions b/‎terraform/README.md‎
Lines changed: 92 additions & 0 deletions
diff --git a/‎terraform/aws/.gitignore‎
Lines changed: 33 additions & 0 deletions b/‎terraform/aws/.gitignore‎
Lines changed: 33 additions & 0 deletions
diff --git a/‎terraform/aws/QUICKSTART.md‎
Lines changed: 121 additions & 0 deletions b/‎terraform/aws/QUICKSTART.md‎
Lines changed: 121 additions & 0 deletions
@@ -26,7 +26,14 @@ services:
       POSTGRES_DB: target_database
       POSTGRES_USER: postgres
       POSTGRES_PASSWORD: postgres
-    command: ["postgres", "-c", "shared_preload_libraries=pg_stat_statements", "-c", "pg_stat_statements.track=all"]
+    command:
+      [
+        "postgres",
+        "-c",
+        "shared_preload_libraries=pg_stat_statements",
+        "-c",
+        "pg_stat_statements.track=all",
+      ]
     ports:
       - "55432:5432"
     volumes:
@@ -57,18 +64,24 @@ services:
       - ./config/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml
       - prometheus_data:/prometheus
     command:
-      - '--config.file=/etc/prometheus/prometheus.yml'
-      - '--storage.tsdb.path=/prometheus'
-      - '--web.console.libraries=/etc/prometheus/console_libraries'
-      - '--web.console.templates=/etc/prometheus/consoles'
-      - '--storage.tsdb.retention.time=200h'
-      - '--web.enable-lifecycle'
+      - "--config.file=/etc/prometheus/prometheus.yml"
+      - "--storage.tsdb.path=/prometheus"
+      - "--web.console.libraries=/etc/prometheus/console_libraries"
+      - "--web.console.templates=/etc/prometheus/consoles"
+      - "--storage.tsdb.retention.time=200h"
+      - "--web.enable-lifecycle"
 
   # PGWatch Instance 1 - Monitoring service (Postgres sink)
   pgwatch-postgres:
     image: cybertecpostgresql/pgwatch:3
     container_name: pgwatch-postgres
-    command: ["--sources=/etc/pgwatch/sources.yml", "--metrics=/etc/pgwatch/metrics.yml", "--sink=postgresql://pgwatch:pgwatchadmin@sink-postgres:5432/measurements", "--web-addr=:8080"]
+    command:
+      [
+        "--sources=/etc/pgwatch/sources.yml",
+        "--metrics=/etc/pgwatch/metrics.yml",
+        "--sink=postgresql://pgwatch:pgwatchadmin@sink-postgres:5432/measurements",
+        "--web-addr=:8080",
+      ]
     ports:
       - "58080:8080"
     depends_on:
@@ -83,7 +96,13 @@ services:
   pgwatch-prometheus:
     image: cybertecpostgresql/pgwatch:3
     container_name: pgwatch-prometheus
-    command: ["--sources=/etc/pgwatch/sources.yml", "--metrics=/etc/pgwatch/metrics.yml", "--sink=prometheus://0.0.0.0:9091/pgwatch", "--web-addr=:8089"]
+    command:
+      [
+        "--sources=/etc/pgwatch/sources.yml",
+        "--metrics=/etc/pgwatch/metrics.yml",
+        "--sink=prometheus://0.0.0.0:9091/pgwatch",
+        "--web-addr=:8089",
+      ]
     ports:
       - "58089:8089"
       - "59091:9091"
@@ -101,7 +120,7 @@ services:
     container_name: grafana-with-datasources
     environment:
       GF_SECURITY_ADMIN_USER: monitor
-      GF_SECURITY_ADMIN_PASSWORD: demo
+      GF_SECURITY_ADMIN_PASSWORD: ${GF_SECURITY_ADMIN_PASSWORD:-demo}
       GF_INSTALL_PLUGINS: yesoreyeram-infinity-datasource
     ports:
       - "3000:3000"
 
@@ -0,0 +1,92 @@
+# Terraform deployment modules
+
+Infrastructure as Code modules for deploying postgres_ai monitoring to cloud providers.
+
+## Available modules
+
+### AWS (EC2)
+Single EC2 instance deployment with Docker Compose.
+
+- **Path**: `aws/`
+- **Architecture**: Single EC2 instance with Docker Compose
+- **Best for**: Small to medium deployments (1-10 databases)
+- **Documentation**: [aws/README.md](aws/README.md)
+
+### GCP (Coming soon)
+Deploy to Google Cloud Platform using Compute Engine or Cloud Run.
+
+### Azure (Coming soon)
+Deploy to Microsoft Azure using Virtual Machines or Container Instances.
+
+## Quick start
+
+### AWS deployment
+
+```bash
+cd terraform/aws
+
+# Copy example variables
+cp terraform.tfvars.example terraform.tfvars
+
+# Edit variables with your settings
+vim terraform.tfvars
+
+# Initialize Terraform
+terraform init
+
+# Review the plan
+terraform plan
+
+# Deploy infrastructure (takes 5-10 minutes)
+terraform apply
+```
+
+## Architecture overview
+
+The AWS deployment creates:
+
+1. **Compute**
+   - Single EC2 instance (t3.medium default)
+   - Ubuntu 22.04 LTS (Jammy) with Docker and Docker Compose
+   - Systemd service for automatic startup
+
+2. **Storage**
+   - EBS volume for persistent data
+   - Automated snapshots available via AWS Backup
+
+3. **Networking**
+   - VPC with public subnet
+   - Security Group with restricted access
+   - Optional Elastic IP for stable addressing
+
+4. **Monitoring stack**
+   - Runs docker-compose from cloned repository
+   - Grafana accessible on port 3000
+
+## Security considerations
+
+- EC2 instance in public subnet (can be changed to private with bastion)
+- Security groups restrict access to SSH and Grafana only
+- All data encrypted at rest (EBS encryption)
+- Recommended: Use AWS Systems Manager Session Manager instead of SSH
+- Recommended: Restrict `allowed_cidr_blocks` to your office/VPN IP
+
+## Instance types
+
+Recommended instance types based on workload:
+
+- **t3.medium**: 2 vCPU, 4 GiB RAM - suitable for 1-3 databases (default)
+- **t3.large**: 2 vCPU, 8 GiB RAM - suitable for 3-10 databases
+- **t3.xlarge**: 4 vCPU, 16 GiB RAM - suitable for 10+ databases
+
+Additional options:
+- Use Spot Instances for non-critical workloads (subject to interruption)
+- Disable Elastic IP if stable address not required
+
+## Support
+
+For issues or questions:
+- Open an issue on GitLab
+- Contact PostgresAI support
+- Check documentation at https://postgres.ai
+
@@ -0,0 +1,33 @@
+# Terraform files
+*.tfstate
+*.tfstate.*
+*.tfvars
+!terraform.tfvars.example
+.terraform/
+.terraform.lock.hcl
+crash.log
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+tfplan
+plan.log
+
+# OS files
+.DS_Store
+Thumbs.db
+
+# IDE files
+.idea/
+.vscode/
+*.swp
+*.swo
+*~
+
+# Backup files
+*.bak
+*.backup
+
+# SSH keys
+*.pem
+*.key
@@ -0,0 +1,121 @@
+# Quick start
+
+## Prerequisites
+
+```bash
+# Create SSH key
+aws ec2 create-key-pair --key-name postgres-ai-key \
+  --query 'KeyMaterial' --output text > ~/.ssh/postgres-ai-key.pem
+chmod 400 ~/.ssh/postgres-ai-key.pem
+
+# Configure AWS credentials
+aws configure
+```
+
+## Configure
+
+```bash
+cd terraform/aws
+
+# Copy example config
+cp terraform.tfvars.example terraform.tfvars
+vim terraform.tfvars
+```
+
+Uncomment and set all required parameters:
+- `ssh_key_name` - your AWS SSH key name
+- `aws_region` - AWS region
+- `environment` - environment name
+- `instance_type` - EC2 instance type (e.g., t3.medium)
+- `data_volume_size` - data disk size in GiB
+- `data_volume_type` / `root_volume_type` - volume types (gp3, st1, sc1)
+- `allowed_ssh_cidr` / `allowed_cidr_blocks` - CIDR blocks for access
+- `use_elastic_ip` - allocate Elastic IP (true/false)
+- `grafana_password` - Grafana admin password
+- `postgres_ai_version` - git branch/tag (optional, defaults to "main")
+
+## Add monitoring instances
+
+Edit `terraform.tfvars` to add PostgreSQL instances to monitor:
+
+```hcl
+monitoring_instances = [
+  {
+    name        = "prod-db"
+    conn_str    = "postgresql://monitor:pass@db.example.com:5432/postgres"
+    environment = "production"
+    cluster     = "main"
+    node_name   = "primary"
+  }
+]
+```
+
+## Deploy
+
+```bash
+# Initialize and validate
+terraform init
+terraform validate
+
+# Review changes
+terraform plan
+
+# Deploy
+terraform apply
+
+# Get access info
+terraform output grafana_url
+terraform output ssh_command
+```
+
+## Access
+
+```bash
+# Grafana dashboard
+open $(terraform output -raw grafana_url)
+# Login: monitor / <password from terraform.tfvars>
+
+# SSH
+ssh -i ~/.ssh/postgres-ai-key.pem ubuntu@$(terraform output -raw external_ip)
+```
+
+## Operations
+
+```bash
+# View logs
+ssh ubuntu@IP "sudo cat /var/log/user-data.log"
+
+# Restart services
+ssh ubuntu@IP "sudo systemctl restart postgres-ai"
+
+# Destroy
+terraform destroy
+```
+
+## Troubleshooting
+
+```bash
+# Check installation log
+ssh ubuntu@IP "sudo cat /var/log/user-data.log"
+
+# Check service status
+ssh ubuntu@IP "sudo systemctl status postgres-ai"
+
+# Check containers
+ssh ubuntu@IP "sudo docker ps"
+```
+
+## Security notes
+
+Credentials (passwords, connection strings) are stored in `terraform.tfstate` in plain text. For one-off/dev deployments this is acceptable if you clean up after `terraform destroy`:
+
+```bash
+terraform destroy
+rm -rf .terraform/ terraform.tfstate*
+```
+
+For production deployments, consider:
+- Using environment variables: `export TF_VAR_grafana_password=...`
+- Remote state with encryption (S3 + encryption)
+- Configuring monitoring instances manually after deployment
+