Created
November 23, 2017 15:27
-
-
Save anonymous/1676c86276180db150713c548740809c to your computer and use it in GitHub Desktop.
Terraform module for creating base AWS stack with public/private subnets and bastion
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<mxfile userAgent="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.75 Safari/537.36" version="7.7.3" editor="www.draw.io" type="device"><diagram id="1efb825e-c161-e8a9-f07a-7441f1efd2a9" name="Page-1">7VzbUuM4EP2avFKW5esjAYadqtktamerduaJUmLhaMexUrISYL5+JVtK7EiBhAiHi6GYiVv3c7pbrZZhBC/mD9cMLWZ/0gwXI9/LHkbwcuT7aQrFv1Lw2AiSOGoEOSNZIwIbwXfyGyuhp6RLkuGqU5FTWnCy6AqntCzxlHdkiDF63612R4vuqAuUY0PwfYoKU/ovyfhMrcKPN/I/MMlnemQQpU3JBE1/5YwuSzXeyId39VdTPEe6L7XQaoYyet8SwasRvGCU8ubT/OECFxJaDVvT7suO0vW8GS75Pg2gmscKFUusp1xPjD9qMOrlYNkAjOAYsaniS5AFxxmqZnWZfKg4o7/wBS0oq5tCr/4SJXekKLS8pKVoPs4ZyoiY5pa46UOjLgAZm2tSy1xhxvFDS6TWeI3pHHP2KKqoUg23UsdAPd5vuI0TJZu1efV0TaQUKl93vQFVfFC47sAYfgqMwy7GwLOA7FtATn0XGKcGxmiFSIEmpCBczvK3XLrvXbwQemCD/kuYXobRQdDLDm8Q55iVQpiIqQRWQsTMcXFDK8IJlTWnoiss+hlLQojwVN+2Kkwo53QuV1CQ3NriXBVwunDDeJCGXcrD0KAcxLFJeeK5oDzZk/LxQLkzyqEXn5LyaE/KzwfKnVEOQHpCytPIoBJnIlZTj5TxGc1piYqrjXS8IVuyO+PzQnGLHwj/IcVnoXr6qSoJfNjjD11NPvzc1JOPN5gRMXuJdd3gP8z5o1IitORUiDaT+UYl+nVfzfTlnHeGaEpU0SWb6loKY45YjlU1GNp5YrhAnKy6/R+DuR68ZWaL5aQg09GFPzr3quWkFHN6ayHMe7ClEICuLSVmkASCyLQlGDuwpcCg9a/zf4TgGnF8jx4NRjuktaxIHFoWssr8IZenvzN0X8Gz1WJ6WyJ+m6vOumTWbjQJYbCb0XfBXwQ7/AWRyV9giXFdHCPSoGdP6L0NTwhP6QnNo5vyhP7gBo8IKeDWwSEBe7pBnWc5ypDC1zGkeLclbYznZzvE6NmSglNakrn5DDGFmyOZ392T+o0pgOUULjS3EislZT6SCV66XLyQWOtxzErsJs96wJlM4OaB+v/3yn3QzblBYMm52eIRAFxQb+bchnjyQNuNTxdP+mbqf6DvwDgmiU9Hn2/QdxxjC8zmpKoEmJXJ1mV6Hgfgaee6HskFsmHQ3dT0wauFLLQgqwPLo5Dd477m/SILt/aMXpE1g8APhGwIT4ismbIzkG1FYvusc327jia6B+/J9QPYtVnh4I31A73hddwhDM4cYADB8xgcpF3Tgi6zHTtX1J9epX4HVr2qFqqhb9GqyAGiru11RRhfouJ2wchKBAa3bwRhEHUhjpP+IDYN96sMW+rTsJtQjKj+nonFnsD74FisibCeDcTWIZuLfS3tet84MDjUyaM2h7F/PIf6baf+MrNvIp9kuaLatUM4TydZbqgalzIaErNHJWa7W3ikTea5XJKbGw5zd/kMdpSadtSkVnqwIzOFM9iRi81o64XDnu0IGKR9BjvSOc22IQU92REwk2mDITkwpBCc0pDAh86xbecrosA89rxWvgK4Pqu/KWS3c2x9IhuYOvs3XUozPQpf1vTxIdP4UdJ9HSGMzTT+a50dY5OuCapqLMRgtDK3jQPP/hVH5RRbjOJQ5liz8J3EzUmW1ZGEJq7Ad9xC27qeA+b8rTfQIbQwZzE0nZk9hjnzXeQP5MG271/69GCJuTdID9a8TtBko/2okKqVkZX4mMuP90RMy4/QXPqEclItdAyq64pRW9UtPXhn9beoJ368elzVnWrh1deje/aGqopOiYj/shq0enL7teQzUrWCRnuro135rUrrH5sKfCWvYLmNMPR5d2Czdfpa/9pRW3lDi/I68OeJeXk4KO+gvPsrL4QnVF7zvmdQ3kF591deEASnU17zTuBtKO/X60F336Hu2n5L/NV01zxMDLo76O6Lg4ZedTd2pLu6WrVApa63rc/tsr31y9bxgarvbNynrMTZILsMap8BBjs74GT5inYmHjd/BqYua/2pHXj1Pw==</diagram></mxfile> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
provider "aws" { | |
region = "${var.region}" | |
} | |
data "aws_availability_zones" "available" {} | |
// network | |
resource "aws_vpc" "main" { | |
cidr_block = "${var.vpc_cidr}" | |
enable_dns_support = true | |
enable_dns_hostnames = true | |
tags { | |
Name = "${var.tag_name}-vpc" | |
} | |
} | |
resource "aws_internet_gateway" "main" { | |
vpc_id = "${aws_vpc.main.id}" | |
tags { | |
Name = "${var.tag_name}-internetgateway" | |
} | |
} | |
resource "aws_subnet" "public" { | |
count = "${var.az_count}" | |
cidr_block = "${cidrsubnet(aws_vpc.main.cidr_block, 8, count.index)}" | |
vpc_id = "${aws_vpc.main.id}" | |
availability_zone = "${data.aws_availability_zones.available.names[count.index]}" | |
map_public_ip_on_launch = true | |
tags { | |
Name = "${var.tag_name}-subnet" | |
} | |
} | |
resource "aws_subnet" "private" { | |
count = "${var.az_count}" | |
cidr_block = "${cidrsubnet(aws_vpc.main.cidr_block, 8, count.index + 5)}" | |
vpc_id = "${aws_vpc.main.id}" | |
availability_zone = "${data.aws_availability_zones.available.names[count.index]}" | |
tags { | |
Name = "${var.tag_name}-subnet" | |
} | |
} | |
# network/routing/public | |
resource "aws_route_table" "public" { | |
vpc_id = "${aws_vpc.main.id}" | |
tags { | |
Name = "${var.tag_name}-routetable" | |
} | |
} | |
resource "aws_route" "public" { | |
route_table_id = "${aws_route_table.public.id}" | |
destination_cidr_block = "0.0.0.0/0" | |
gateway_id = "${aws_internet_gateway.main.id}" | |
} | |
resource "aws_route_table_association" "public" { | |
count = "${var.az_count}" | |
route_table_id = "${aws_route_table.public.id}" | |
subnet_id = "${element(aws_subnet.public.*.id, count.index)}" | |
} | |
# network/routing/private | |
resource "aws_eip" "private" { | |
count = "${var.az_count}" | |
vpc = true | |
} | |
resource "aws_nat_gateway" "private" { | |
count = "${var.az_count}" | |
allocation_id = "${element(aws_eip.private.*.id, count.index)}" | |
subnet_id = "${element(aws_subnet.public.*.id, count.index)}" | |
} | |
resource "aws_route_table" "private" { | |
count = "${var.az_count}" | |
vpc_id = "${aws_vpc.main.id}" | |
tags { | |
Name = "${var.tag_name}-routetable" | |
} | |
} | |
resource "aws_route" "private" { | |
count = "${var.az_count}" | |
route_table_id = "${element(aws_route_table.private.*.id, count.index)}" | |
destination_cidr_block = "0.0.0.0/0" | |
nat_gateway_id = "${element(aws_nat_gateway.private.*.id, count.index)}" | |
} | |
resource "aws_route_table_association" "private" { | |
count = "${var.az_count}" | |
route_table_id = "${element(aws_route_table.private.*.id, count.index)}" | |
subnet_id = "${element(aws_subnet.private.*.id, count.index)}" | |
} | |
# bastion | |
resource "aws_launch_configuration" "bastion" { | |
image_id = "${lookup(var.amis, var.region)}" | |
instance_type = "t2.nano" | |
enable_monitoring = false | |
associate_public_ip_address = true | |
key_name = "${var.bastion_key_name}" | |
security_groups = [ | |
"${aws_security_group.bastion.id}" | |
] | |
} | |
resource "aws_autoscaling_group" "bastion" { | |
launch_configuration = "${aws_launch_configuration.bastion.name}" | |
max_size = 1 | |
min_size = 1 | |
desired_capacity = 1 | |
vpc_zone_identifier = [ | |
"${aws_subnet.public.*.id}" | |
] | |
tag { | |
key = "Name" | |
propagate_at_launch = true | |
value = "${var.tag_name}-bastion" | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
output "amis" { | |
value = "${var.amis}" | |
} | |
output "ubuntus" { | |
value = "${var.ubuntus}" | |
} | |
output "vpc_id" { | |
value = "${aws_vpc.main.id}" | |
} | |
output "public_subnets_ids" { | |
value = "${aws_subnet.public.*.id}" | |
} | |
output "private_subnets_ids" { | |
value = "${aws_subnet.private.*.id}" | |
} | |
output "bastion_security_group_id" { | |
value = "${aws_security_group.bastion.id}" | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
resource "aws_security_group" "bastion" { | |
vpc_id = "${aws_vpc.main.id}" | |
name = "${var.tag_name}-bastion" | |
ingress { | |
from_port = 22 | |
to_port = 22 | |
protocol = "tcp" | |
cidr_blocks = [ | |
"${var.op_ip}/32" | |
] | |
} | |
egress { | |
protocol = -1 | |
cidr_blocks = [ | |
"0.0.0.0/0" | |
] | |
from_port = 0 | |
to_port = 0 | |
} | |
tags { | |
Name = "${var.tag_name}-bastion" | |
} | |
} | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
variable "op_ip" { | |
description = "WAN IP address of an operator's workstation" | |
} | |
variable "region" { | |
description = "Region where the resources are to be created" | |
} | |
variable "vpc_cidr" { | |
description = "CIDR of a new VPC" | |
} | |
variable "bastion_key_name" { | |
description = "Name of key pair to use to secure the bastion host" | |
} | |
variable "tag_name" { | |
description = "Name that will be added to tags on resources" | |
} | |
variable "az_count" { | |
description = "Number of AZs to cover in a given AWS region" | |
} | |
variable "amis" { | |
type = "map" | |
description = "Map of Amazon Linux images, keyed by region" | |
default = { | |
"eu-west-1" = "ami-01ccc867" | |
"eu-west-2" = "ami-b6daced2" | |
} | |
} | |
variable "ubuntus" { | |
type = "map" | |
description = "Map of Ubuntu images, keyed by region" | |
default = { | |
"eu-west-1" = "ami-6d48500b" | |
"eu-west-2" = "ami-cc7066a8" | |
} | |
} | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment