Skip to content

Instantly share code, notes, and snippets.

@Almad Almad/project.tf
Last active Jun 12, 2020

Embed
What would you like to do?
A Simple AWS Site With Terraform
terraform {
backend "s3" {
bucket = "almad-terraform-states"
key = "mywebapp/state"
region = "eu-central-1"
}
}
provider "aws" {
version = "~> 2.0"
region = "eu-central-1"
}
locals {
internet_cidr = "0.0.0.0/0"
az = "eu-central-1b"
secondary_az = "eu-central-1a"
}
variable "RDS_PASSWORD" {}
variable "public_key_path" {}
variable "private_key_path" {}
resource "aws_key_pair" "mycomputer" {
key_name = "mycomputer"
public_key = chomp(file(var.public_key_path))
}
resource "aws_vpc"mywebsite_prod" {
cidr_block = "192.168.0.0/16"
instance_tenancy = "default"
enable_dns_support = "true"
enable_dns_hostnames = "true"
}
resource "aws_subnet" "mywebsite_prod" {
availability_zone = local.az
vpc_id = aws_vpc.mywebsite_prod.id
cidr_block = "192.168.1.0/24"
map_public_ip_on_launch = true
}
resource "aws_subnet" "mywebsite_secondary_az" {
availability_zone = local.secondary_az
vpc_id = aws_vpc.mywebsite_prod.id
cidr_block = "192.168.2.0/24"
map_public_ip_on_launch = true
}
resource "aws_internet_gateway" "mywebsite_prod" {
vpc_id = aws_vpc.mywebsite_prod.id
}
resource "aws_route_table" "mywebsite_prod" {
vpc_id = aws_vpc.mywebsite_prod.id
route {
cidr_block = local.internet_cidr
gateway_id = aws_internet_gateway.mywebsite_prod.id
}
}
resource "aws_route_table_association" "mywebsite_prod" {
subnet_id = aws_subnet.mywebsite_prod.id
route_table_id = aws_route_table.mywebsite_prod.id
}
resource "aws_network_acl" "mywebsite_prod" {
vpc_id = aws_vpc.mywebsite_prod.id
subnet_ids = [ aws_subnet.mywebsite_prod.id ]
ingress {
protocol = "all"
rule_no = 100
action = "allow"
cidr_block = local.internet_cidr
from_port = 0
to_port = 0
}
egress {
protocol = "all"
rule_no = 100
action = "allow"
cidr_block = local.internet_cidr
from_port = 0
to_port = 0
}
}
resource "aws_security_group" "mywebsite" {
name = "sg_mywebsite"
description = "SG for mywebsite"
vpc_id = aws_vpc.mywebsite_prod.id
ingress {
description = "SSH from the world"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = [local.internet_cidr]
}
ingress {
description = "HTTP from the world"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = [local.internet_cidr]
}
ingress {
description = "RDS from the world (because secondary usage from Heroku)"
from_port = 3306
to_port = 3306
protocol = "tcp"
cidr_blocks = [local.internet_cidr]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = [local.internet_cidr]
}
}
resource "aws_db_subnet_group" "mywebsite_mysql" {
name = "mywebsite-mysql-subnet"
description = "RDS subnet group"
subnet_ids = [aws_subnet.mywebsite_prod.id, aws_subnet.mywebsite_secondary_az.id]
}
resource "aws_db_instance" "mysql" {
availability_zone = local.az
allocated_storage = 20
engine = "mysql"
engine_version = "5.7"
instance_class = "db.t3.micro"
identifier = "mywebsite-mysql"
name = "mywebsite"
username = "root"
password = var.RDS_PASSWORD
parameter_group_name = "default.mysql5.7"
skip_final_snapshot = true
final_snapshot_identifier = "mywebsite-mysql-snap"
publicly_accessible = true
multi_az = "false"
db_subnet_group_name = aws_db_subnet_group.mywebsite_mysql.name
vpc_security_group_ids = [aws_security_group.mywebsite.id]
storage_type = "standard"
}
resource "aws_eip" "mywebsite" {
instance = aws_instance.mywebsite.id
vpc = true
depends_on = [aws_internet_gateway.mywebsite_prod, aws_instance.mywebsite]
}
resource "aws_instance" "mywebsite" {
ami = "ami-123456"
instance_type = "t2.nano"
key_name = aws_key_pair.penpen.key_name
availability_zone = local.az
associate_public_ip_address = true
vpc_security_group_ids = [aws_security_group.mywebsite.id]
subnet_id = aws_subnet.mywebsite_prod.id
root_block_device {
volume_type = "standard"
volume_size = 4
delete_on_termination = true
}
connection {
type = "ssh"
user = "root"
private_key = chomp(file(var.private_key_path))
host = self.public_ip
}
provisioner "file" {
source = "etc/services/run"
destination = "/etc/service/mywebsite.example/run"
}
provisioner "file" {
source = "etc/lighttpd.conf"
destination = "/etc/lighttpd/lighttpd.conf"
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.