davidhamann/main.tf

## main.tf
variable "provider_profile" { type = string }
variable "provider_region" { type = string }
variable "instance_type" { type = string }

variable "ssh_source_ips" { type = list(string) }
variable "ami_id" { type = string }
variable "key" { type = tuple([string, string]) }

variable "dns_name" { type = string }
variable "zone_id" { type = string }
variable "cert_email" { type = string }

variable "fmsadmin_user" { type = string }
variable "fmsadmin_pass" { type = string }
variable "fmsadmin_pin" { type = string }
variable "installer_url" { type = string }

provider "aws" {
  profile    = var.provider_profile
  region     = var.provider_region
}

resource "aws_eip" "fms_ip" {}

resource "aws_route53_record" "dns_record" {
  zone_id = var.zone_id
  name    = var.dns_name
  type    = "A"
  ttl     = "300"
  records = [aws_eip.fms_ip.public_ip]
}

resource "aws_instance" "fmserver" {
  ami           = var.ami_id
  instance_type = var.instance_type
  key_name        = var.key[0]
  security_groups = [aws_security_group.ssh_fms_in_all_egress.name]
}

resource "aws_security_group" "ssh_fms_in_all_egress" {
  name        = "ssh_fms"
  description = "Allow for SSH and FMS access"

  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = var.ssh_source_ips
  }
  ingress {
    from_port   = 5003
    to_port     = 5003
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]  # maybe change this
  }
  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]  # maybe change this
  }
  ingress {
    from_port   = 443
    to_port     = 443
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]  # maybe change this
  }
  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}


resource "aws_eip_association" "assoc_and_setup" {
  instance_id   = aws_instance.fmserver.id
  allocation_id = aws_eip.fms_ip.id
  depends_on = [aws_route53_record.dns_record]

  provisioner "remote-exec" {
    inline = [
        "sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm -y",
        "sudo yum install certbot -y",
        "sudo certbot certonly --standalone -d ${var.dns_name} -m ${var.cert_email} --agree-tos -n",
        "sudo yum install wget -y",
        "wget ${var.installer_url}",
        "sudo yum install filemaker_server*.rpm -y",
        join("", [
          "sleep 25; ",
          "while [ -z $(systemctl show fmshelper -p SubState | grep 'SubState=running') ]; ",
          "do echo 'Waiting for FMS to be ready...'; sleep 2; done"
        ]),
        "fmsadmin resetpw -p ${var.fmsadmin_pass} -z ${var.fmsadmin_pin}",
        join("", [
            "sudo sh -c 'fmsadmin certificate import $(realpath /etc/letsencrypt/live/${var.dns_name}/cert.pem) ",
            "--keyfile $(realpath /etc/letsencrypt/live/${var.dns_name}/privkey.pem) ",
            "--intermediateCA $(realpath /etc/letsencrypt/live/${var.dns_name}/fullchain.pem) ",
            "-y -u ${var.fmsadmin_user} -p ${var.fmsadmin_pass}'"
          ]),
        "fmsadmin restart server -y -u ${var.fmsadmin_user} -p ${var.fmsadmin_pass}"
    ]
    connection {
      type        = "ssh"
      user        = "centos"
      private_key = file(var.key[1])
      host        = aws_eip.fms_ip.public_ip
    }
  }
}

resource "null_resource" "open_fm" {
  depends_on = [aws_eip_association.assoc_and_setup]
  provisioner "local-exec" {
    command = "open fmp://${var.dns_name}/FMServer_Sample"
  }
}

output "fms_instance" {
  value = "${var.dns_name}"
}

## terraform.tfvars
# (you probably want to change most values here)

# aws
provider_profile = "terraform"
provider_region = "eu-central-1"
instance_type = "t2.medium"

ssh_source_ips = ["0.0.0.0/0"]
ami_id = "ami-0e8286b71b81c3cc1" # helpful: http://cavaliercoder.com/blog/finding-the-latest-centos-ami.html
key = ["terraform", "~/.ssh/terraform.pem"]

# dns
zone_id = "ABCDE"
cert_email = "test@example.com"

# fms
fmsadmin_user = "admin"
fmsadmin_pass = "insecure"
fmsadmin_pin = "1234"
installer_url = "https://downloads.claris.com/esd/filemaker_server-19.0.1-22.x86_64.rpm" # usually pretty slow from outside US; recommended to host it yourself
	variable "provider_profile" { type = string }
	variable "provider_region" { type = string }
	variable "instance_type" { type = string }

	variable "ssh_source_ips" { type = list(string) }
	variable "ami_id" { type = string }
	variable "key" { type = tuple([string, string]) }

	variable "dns_name" { type = string }
	variable "zone_id" { type = string }
	variable "cert_email" { type = string }

	variable "fmsadmin_user" { type = string }
	variable "fmsadmin_pass" { type = string }
	variable "fmsadmin_pin" { type = string }
	variable "installer_url" { type = string }

	provider "aws" {
	profile = var.provider_profile
	region = var.provider_region
	}

	resource "aws_eip" "fms_ip" {}

	resource "aws_route53_record" "dns_record" {
	zone_id = var.zone_id
	name = var.dns_name
	type = "A"
	ttl = "300"
	records = [aws_eip.fms_ip.public_ip]
	}

	resource "aws_instance" "fmserver" {
	ami = var.ami_id
	instance_type = var.instance_type
	key_name = var.key[0]
	security_groups = [aws_security_group.ssh_fms_in_all_egress.name]
	}

	resource "aws_security_group" "ssh_fms_in_all_egress" {
	name = "ssh_fms"
	description = "Allow for SSH and FMS access"

	ingress {
	from_port = 22
	to_port = 22
	protocol = "tcp"
	cidr_blocks = var.ssh_source_ips
	}
	ingress {
	from_port = 5003
	to_port = 5003
	protocol = "tcp"
	cidr_blocks = ["0.0.0.0/0"] # maybe change this
	}
	ingress {
	from_port = 80
	to_port = 80
	protocol = "tcp"
	cidr_blocks = ["0.0.0.0/0"] # maybe change this
	}
	ingress {
	from_port = 443
	to_port = 443
	protocol = "tcp"
	cidr_blocks = ["0.0.0.0/0"] # maybe change this
	}
	egress {
	from_port = 0
	to_port = 0
	protocol = "-1"
	cidr_blocks = ["0.0.0.0/0"]
	}
	}


	resource "aws_eip_association" "assoc_and_setup" {
	instance_id = aws_instance.fmserver.id
	allocation_id = aws_eip.fms_ip.id
	depends_on = [aws_route53_record.dns_record]

	provisioner "remote-exec" {
	inline = [
	"sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm -y",
	"sudo yum install certbot -y",
	"sudo certbot certonly --standalone -d ${var.dns_name} -m ${var.cert_email} --agree-tos -n",
	"sudo yum install wget -y",
	"wget ${var.installer_url}",
	"sudo yum install filemaker_server*.rpm -y",
	join("", [
	"sleep 25; ",
	"while [ -z $(systemctl show fmshelper -p SubState \| grep 'SubState=running') ]; ",
	"do echo 'Waiting for FMS to be ready...'; sleep 2; done"
	]),
	"fmsadmin resetpw -p ${var.fmsadmin_pass} -z ${var.fmsadmin_pin}",
	join("", [
	"sudo sh -c 'fmsadmin certificate import $(realpath /etc/letsencrypt/live/${var.dns_name}/cert.pem) ",
	"--keyfile $(realpath /etc/letsencrypt/live/${var.dns_name}/privkey.pem) ",
	"--intermediateCA $(realpath /etc/letsencrypt/live/${var.dns_name}/fullchain.pem) ",
	"-y -u ${var.fmsadmin_user} -p ${var.fmsadmin_pass}'"
	]),
	"fmsadmin restart server -y -u ${var.fmsadmin_user} -p ${var.fmsadmin_pass}"
	]
	connection {
	type = "ssh"
	user = "centos"
	private_key = file(var.key[1])
	host = aws_eip.fms_ip.public_ip
	}
	}
	}

	resource "null_resource" "open_fm" {
	depends_on = [aws_eip_association.assoc_and_setup]
	provisioner "local-exec" {
	command = "open fmp://${var.dns_name}/FMServer_Sample"
	}
	}

	output "fms_instance" {
	value = "${var.dns_name}"
	}
	# (you probably want to change most values here)

	# aws
	provider_profile = "terraform"
	provider_region = "eu-central-1"
	instance_type = "t2.medium"

	ssh_source_ips = ["0.0.0.0/0"]
	ami_id = "ami-0e8286b71b81c3cc1" # helpful: http://cavaliercoder.com/blog/finding-the-latest-centos-ami.html
	key = ["terraform", "~/.ssh/terraform.pem"]

	# dns
	zone_id = "ABCDE"
	cert_email = "test@example.com"

	# fms
	fmsadmin_user = "admin"
	fmsadmin_pass = "insecure"
	fmsadmin_pin = "1234"
	installer_url = "https://downloads.claris.com/esd/filemaker_server-19.0.1-22.x86_64.rpm" # usually pretty slow from outside US; recommended to host it yourself