-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.tf
139 lines (111 loc) · 3.5 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
// VPC (the network), essentially all of the resources will live
// within here. VPC = Network (kinda)
resource "aws_vpc" "the_vpc" {
cidr_block = "10.123.0.0/16"
enable_dns_hostnames = true
enable_dns_support = true
tags = {
name = "dev-vpc"
}
}
// Subnets are used for faster data transfer between nodes
// as well as an additional layer of security
// 4 Types of subnets...
// Public
// Private
// VPN-only
// Isolated
resource "aws_subnet" "my_public_subnet" {
vpc_id = aws_vpc.the_vpc.id
cidr_block = "10.123.1.0/24"
map_public_ip_on_launch = true
availability_zone = "us-east-1a"
tags = {
name = "dev-public"
}
}
// An internet gateway provides a target for the routing table
// to allow internet traffic to flow within the VPC.
// If VPC is configured with IPv4, it performs the NAT
// (Network Address Translation) auto, IPv6 does not need NAT
resource "aws_internet_gateway" "my_internet_gateway" {
vpc_id = aws_vpc.the_vpc.id
tags = {
name = "dev-igw"
}
}
// A resource that directs traffic within the VPC
resource "aws_route_table" "my_route_table" {
vpc_id = aws_vpc.the_vpc.id
tags = {
name = "dev-route-table"
}
}
// The "road" between the route table and internet gateway.
// We can see that with would logically need both variables
// to connect them together.
// "0.0.0.0/0" Allows the subnet to access the internet
// via the internet gateway
resource "aws_route" "my_route" {
route_table_id = aws_route_table.my_route_table.id
destination_cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.my_internet_gateway.id
}
// This is creating an association between our subnet
// and our routing table. This can actually happen by default,
// but here we are declaring it explicitly.
resource "aws_route_table_association" "my_route_association" {
subnet_id = aws_subnet.my_public_subnet.id
route_table_id = aws_route_table.my_route_table.id
}
// Security groups are pretty much firewalls. You can create
// multiple security groups, but the less you have the better.
// Ingress = incoming, Egress = exiting
resource "aws_security_group" "my_sg" {
name = "dev-sg"
description = "dev security group"
vpc_id = aws_vpc.the_vpc.id
ingress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
// Resource to locate the local ssh keypair
resource "aws_key_pair" "my_keypair" {
key_name = "my_keypair"
public_key = file("~/.ssh/vpckey.pub")
}
// The acutal EC2 instance. This is the host within the network
// where the acutal work will be performed. Can be loaded up
// with scripts such as Docker containers to host API or
// databases for storing data
resource "aws_instance" "dev_node" {
instance_type = "t2.micro"
ami = data.aws_ami.server_ami.id
key_name = aws_key_pair.my_keypair.id
vpc_security_group_ids = [aws_security_group.my_sg.id]
subnet_id = aws_subnet.my_public_subnet.id
user_data = file("userdata.tpl")
root_block_device {
volume_size = 10
}
tags = {
name = "dev node"
}
provisioner "local-exec" {
command = templatefile("${var.host_os}-ssh-config.tpl", {
hostname = self.public_ip,
user = "ubuntu",
identityfile = "~/.ssh/vpckey"
})
interpreter = ["bash", "-c"]
}
}