bradgignac/main.tf

## main.tf
/* Providers */

provider "aws" {
  region = "us-west-2"
}

/* Variables */

variable "name" {
  default = "XXXXX"
}

variable "availability_zones" {
  default = ["us-west-2a", "us-west-2b"]
}

variable "cidr_block" {
  default = "10.0.0.0/16"
}

/* Data Sources */

data "aws_ami" "ubuntu" {
  owners = ["099720109477"]
  filter {
    name = "name"
    values = ["ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-*"]
  }
  filter {
    name = "virtualization-type"
    values = ["hvm"]
  }
  most_recent = true
}

/* VPC */

resource "aws_vpc" "main" {
  cidr_block = "${var.cidr_block}"

  tags {
    Name = "${var.name}"
  }
}

resource "aws_subnet" "public" {
  vpc_id = "${aws_vpc.main.id}"
  availability_zone = "${var.availability_zones[count.index]}"
  cidr_block = "${cidrsubnet(var.cidr_block, 8, count.index * 2)}"
  map_public_ip_on_launch = true
  count = "${length(var.availability_zones)}"

  tags {
    Name = "${format("${var.name}-public-%02d", count.index + 1)}"
  }
}

resource "aws_internet_gateway" "main" {
  vpc_id = "${aws_vpc.main.id}"

  tags {
    Name = "${var.name}"
  }
}

resource "aws_route_table" "public" {
  vpc_id = "${aws_vpc.main.id}"
  tags {
    Name = "${var.name}-public-00"
  }
}

resource "aws_route" "igw" {
  route_table_id = "${aws_route_table.public.id}"
  gateway_id = "${aws_internet_gateway.main.id}"
  destination_cidr_block = "0.0.0.0/0"
}

resource "aws_route_table_association" "public" {
  subnet_id = "${aws_subnet.public.*.id[count.index]}"
  route_table_id = "${aws_route_table.public.id}"
  count = "${length(var.availability_zones)}"
}

/* Security Groups */

resource "aws_security_group" "app_server" {
  name_prefix = "${var.name}-app-server-"
  vpc_id = "${aws_vpc.main.id}"

  tags = {
    Name = "${var.name}-app-server"
  }
}

resource "aws_security_group_rule" "app_server_self" {
  type = "ingress"
  from_port = 0
  to_port = 0
  protocol = "-1"
  self = true
  security_group_id = "${aws_security_group.app_server.id}"
}

resource "aws_security_group_rule" "app_server_ssh" {
  type = "ingress"
  from_port = 22
  to_port = 22
  protocol = "tcp"
  cidr_blocks = ["0.0.0.0/0"]
  security_group_id = "${aws_security_group.app_server.id}"
}

resource "aws_security_group_rule" "app_server_http" {
  type = "ingress"
  from_port = 3000
  to_port = 3000
  protocol = "tcp"
  source_security_group_id = "${aws_security_group.alb.id}"
  security_group_id = "${aws_security_group.app_server.id}"
}

resource "aws_security_group_rule" "app_server_egress" {
  type = "egress"
  from_port = 0
  to_port = 0
  protocol = "-1"
  cidr_blocks = ["0.0.0.0/0"]
  security_group_id = "${aws_security_group.app_server.id}"
}

resource "aws_security_group" "alb" {
  name_prefix = "${var.name}-alb-"
  vpc_id = "${aws_vpc.main.id}"

  tags = {
    Name = "${var.name}-alb"
  }
}

resource "aws_security_group_rule" "alb_http" {
  type = "ingress"
  from_port = 80
  to_port = 80
  protocol = "tcp"
  cidr_blocks = ["0.0.0.0/0"]
  security_group_id = "${aws_security_group.alb.id}"
}

resource "aws_security_group_rule" "alb_https" {
  type = "ingress"
  from_port = 443
  to_port = 443
  protocol = "tcp"
  cidr_blocks = ["0.0.0.0/0"]
  security_group_id = "${aws_security_group.alb.id}"
}

resource "aws_security_group_rule" "alb_app_server" {
  type = "egress"
  from_port = 3000
  to_port = 3000
  protocol = "tcp"
  source_security_group_id = "${aws_security_group.app_server.id}"
  security_group_id = "${aws_security_group.alb.id}"
}

resource "aws_security_group_rule" "alb_egress" {
  type = "egress"
  from_port = 0
  to_port = 0
  protocol = "-1"
  cidr_blocks = ["0.0.0.0/0"]
  security_group_id = "${aws_security_group.alb.id}"
}

/* Application Server */

resource "aws_key_pair" "bootstrap" {
  key_name = "bootstrap"
  public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDW1h3gWoHkOV50ng3w0PvidOf3Qb7vrEB9PoPii+CN2UxXtg30wjFR+EB5HNVyI0X6j08umO1CM1xeW27Dhd5iqccj9ic5uZaBYYWyzTVg/ufgUH+AUMFm1ABp3ZYdAp7pDULnkQTAqpBauwIF09cJN0xH0JyzGQ/ATNSzfH6lBO0WIxKqQtR/YNI5C3m5UunJMMd/WCJy567uXRabidJDPF8qBYJ7k0sI8EfLAztGbmyy6v+srk0ZNE+ygOoqvkkkEqP29yqLgTCb5zaAP6EqMtnnFEcG6RG2AcPsX2JUOzxdaDLX0iV6odUqHSLzAjf3/wiD5EQ318DoF+0LByj3"
}


resource "aws_iam_role" "app_server" {
  name = "${var.name}"
  assume_role_policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "ec2.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
EOF
}

resource "aws_iam_instance_profile" "app_server" {
  name = "${var.name}"
  roles = ["${aws_iam_role.app_server.name}"]
}

resource "aws_instance" "app_server" {
  instance_type = "t2.micro"
  ami = "${data.aws_ami.ubuntu.id}"
  subnet_id = "${aws_subnet.public.0.id}"
  vpc_security_group_ids = ["${aws_security_group.app_server.id}"]
  iam_instance_profile = "${aws_iam_instance_profile.app_server.name}"
  key_name = "${aws_key_pair.bootstrap.key_name}"
  monitoring = true

  root_block_device {
    volume_type = "standard"
    volume_size = "30"
    delete_on_termination = false
  }

  tags {
    Name = "${var.name}-app-01"
  }
}

/* TODO: Autorecovery */

/* Load Balancer */

/* ALB */
/* ALB Attachment */
	/* Providers */

	provider "aws" {
	region = "us-west-2"
	}

	/* Variables */

	variable "name" {
	default = "XXXXX"
	}

	variable "availability_zones" {
	default = ["us-west-2a", "us-west-2b"]
	}

	variable "cidr_block" {
	default = "10.0.0.0/16"
	}

	/* Data Sources */

	data "aws_ami" "ubuntu" {
	owners = ["099720109477"]
	filter {
	name = "name"
	values = ["ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-*"]
	}
	filter {
	name = "virtualization-type"
	values = ["hvm"]
	}
	most_recent = true
	}

	/* VPC */

	resource "aws_vpc" "main" {
	cidr_block = "${var.cidr_block}"

	tags {
	Name = "${var.name}"
	}
	}

	resource "aws_subnet" "public" {
	vpc_id = "${aws_vpc.main.id}"
	availability_zone = "${var.availability_zones[count.index]}"
	cidr_block = "${cidrsubnet(var.cidr_block, 8, count.index * 2)}"
	map_public_ip_on_launch = true
	count = "${length(var.availability_zones)}"

	tags {
	Name = "${format("${var.name}-public-%02d", count.index + 1)}"
	}
	}

	resource "aws_internet_gateway" "main" {
	vpc_id = "${aws_vpc.main.id}"

	tags {
	Name = "${var.name}"
	}
	}

	resource "aws_route_table" "public" {
	vpc_id = "${aws_vpc.main.id}"
	tags {
	Name = "${var.name}-public-00"
	}
	}

	resource "aws_route" "igw" {
	route_table_id = "${aws_route_table.public.id}"
	gateway_id = "${aws_internet_gateway.main.id}"
	destination_cidr_block = "0.0.0.0/0"
	}

	resource "aws_route_table_association" "public" {
	subnet_id = "${aws_subnet.public.*.id[count.index]}"
	route_table_id = "${aws_route_table.public.id}"
	count = "${length(var.availability_zones)}"
	}

	/* Security Groups */

	resource "aws_security_group" "app_server" {
	name_prefix = "${var.name}-app-server-"
	vpc_id = "${aws_vpc.main.id}"

	tags = {
	Name = "${var.name}-app-server"
	}
	}

	resource "aws_security_group_rule" "app_server_self" {
	type = "ingress"
	from_port = 0
	to_port = 0
	protocol = "-1"
	self = true
	security_group_id = "${aws_security_group.app_server.id}"
	}

	resource "aws_security_group_rule" "app_server_ssh" {
	type = "ingress"
	from_port = 22
	to_port = 22
	protocol = "tcp"
	cidr_blocks = ["0.0.0.0/0"]
	security_group_id = "${aws_security_group.app_server.id}"
	}

	resource "aws_security_group_rule" "app_server_http" {
	type = "ingress"
	from_port = 3000
	to_port = 3000
	protocol = "tcp"
	source_security_group_id = "${aws_security_group.alb.id}"
	security_group_id = "${aws_security_group.app_server.id}"
	}

	resource "aws_security_group_rule" "app_server_egress" {
	type = "egress"
	from_port = 0
	to_port = 0
	protocol = "-1"
	cidr_blocks = ["0.0.0.0/0"]
	security_group_id = "${aws_security_group.app_server.id}"
	}

	resource "aws_security_group" "alb" {
	name_prefix = "${var.name}-alb-"
	vpc_id = "${aws_vpc.main.id}"

	tags = {
	Name = "${var.name}-alb"
	}
	}

	resource "aws_security_group_rule" "alb_http" {
	type = "ingress"
	from_port = 80
	to_port = 80
	protocol = "tcp"
	cidr_blocks = ["0.0.0.0/0"]
	security_group_id = "${aws_security_group.alb.id}"
	}

	resource "aws_security_group_rule" "alb_https" {
	type = "ingress"
	from_port = 443
	to_port = 443
	protocol = "tcp"
	cidr_blocks = ["0.0.0.0/0"]
	security_group_id = "${aws_security_group.alb.id}"
	}

	resource "aws_security_group_rule" "alb_app_server" {
	type = "egress"
	from_port = 3000
	to_port = 3000
	protocol = "tcp"
	source_security_group_id = "${aws_security_group.app_server.id}"
	security_group_id = "${aws_security_group.alb.id}"
	}

	resource "aws_security_group_rule" "alb_egress" {
	type = "egress"
	from_port = 0
	to_port = 0
	protocol = "-1"
	cidr_blocks = ["0.0.0.0/0"]
	security_group_id = "${aws_security_group.alb.id}"
	}

	/* Application Server */

	resource "aws_key_pair" "bootstrap" {
	key_name = "bootstrap"
	public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDW1h3gWoHkOV50ng3w0PvidOf3Qb7vrEB9PoPii+CN2UxXtg30wjFR+EB5HNVyI0X6j08umO1CM1xeW27Dhd5iqccj9ic5uZaBYYWyzTVg/ufgUH+AUMFm1ABp3ZYdAp7pDULnkQTAqpBauwIF09cJN0xH0JyzGQ/ATNSzfH6lBO0WIxKqQtR/YNI5C3m5UunJMMd/WCJy567uXRabidJDPF8qBYJ7k0sI8EfLAztGbmyy6v+srk0ZNE+ygOoqvkkkEqP29yqLgTCb5zaAP6EqMtnnFEcG6RG2AcPsX2JUOzxdaDLX0iV6odUqHSLzAjf3/wiD5EQ318DoF+0LByj3"
	}


	resource "aws_iam_role" "app_server" {
	name = "${var.name}"
	assume_role_policy = <<EOF
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Action": "sts:AssumeRole",
	"Principal": {
	"Service": "ec2.amazonaws.com"
	},
	"Effect": "Allow",
	"Sid": ""
	}
	]
	}
	EOF
	}

	resource "aws_iam_instance_profile" "app_server" {
	name = "${var.name}"
	roles = ["${aws_iam_role.app_server.name}"]
	}

	resource "aws_instance" "app_server" {
	instance_type = "t2.micro"
	ami = "${data.aws_ami.ubuntu.id}"
	subnet_id = "${aws_subnet.public.0.id}"
	vpc_security_group_ids = ["${aws_security_group.app_server.id}"]
	iam_instance_profile = "${aws_iam_instance_profile.app_server.name}"
	key_name = "${aws_key_pair.bootstrap.key_name}"
	monitoring = true

	root_block_device {
	volume_type = "standard"
	volume_size = "30"
	delete_on_termination = false
	}

	tags {
	Name = "${var.name}-app-01"
	}
	}

	/* TODO: Autorecovery */

	/* Load Balancer */

	/* ALB */
	/* ALB Attachment */