deoxxa/vpc.tf

## vpc.tf
provider "aws" {
  access_key = ""
  secret_key = ""
  region = "ap-southeast-2"
}

resource "aws_vpc" "main" {
  cidr_block = "172.22.0.0/16"
}

resource "aws_internet_gateway" "gw" {
  vpc_id = "${aws_vpc.main.id}"
}

resource "aws_subnet" "public" {
  vpc_id = "${aws_vpc.main.id}"
  cidr_block = "172.22.255.0/24"
}

resource "aws_subnet" "private" {
  vpc_id = "${aws_vpc.main.id}"
  cidr_block = "172.22.0.0/20"
}

resource "aws_route_table" "public" {
  vpc_id = "${aws_vpc.main.id}"
  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = "${aws_internet_gateway.gw.id}"
  }
}

resource "aws_route_table" "private" {
  vpc_id = "${aws_vpc.main.id}"
  route {
    cidr_block = "0.0.0.0/0"
    instance_id = "${aws_instance.nat.id}"
  }
}

resource "aws_route_table_association" "public" {
  subnet_id = "${aws_subnet.public.id}"
  route_table_id = "${aws_route_table.public.id}"
}

resource "aws_route_table_association" "private" {
  subnet_id = "${aws_subnet.private.id}"
  route_table_id = "${aws_route_table.private.id}"
}

resource "aws_security_group" "bastion" {
  vpc_id = "${aws_vpc.main.id}"
  name = "bastion"
  description = "Bastion"

  ingress {
    protocol = "tcp"
    from_port = 22
    to_port = 22
    cidr_blocks = ["0.0.0.0/0"]
  }
}

resource "aws_security_group" "nat" {
  vpc_id = "${aws_vpc.main.id}"
  name = "nat"
  description = "NAT"

  ingress {
    protocol = "icmp"
    from_port = 0
    to_port = -1
    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    protocol = "icmp"
    from_port = 8
    to_port = -1
    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    protocol = -1
    from_port = 0
    to_port = 0
    security_groups = [
      "${aws_security_group.front.id}",
      "${aws_security_group.middle.id}",
      "${aws_security_group.back.id}",
    ]
  }
}

resource "aws_security_group" "front" {
  vpc_id = "${aws_vpc.main.id}"
  name = "front"
  description = "Front"

  ingress {
    protocol = -1
    from_port = 0
    to_port = 0
    security_groups = ["${aws_security_group.bastion.id}"]
  }

  ingress {
    protocol = "icmp"
    from_port = 0
    to_port = -1
    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    protocol = "icmp"
    from_port = 8
    to_port = -1
    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    protocol = "tcp"
    from_port = 80
    to_port = 80
    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    protocol = "tcp"
    from_port = 443
    to_port = 443
    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    protocol = "tcp"
    from_port = 1000
    to_port = 65535
    cidr_blocks = ["0.0.0.0/0"]
  }
}

resource "aws_security_group" "middle" {
  vpc_id = "${aws_vpc.main.id}"
  name = "middle"
  description = "Middle"

  ingress {
    protocol = -1
    from_port = 0
    to_port = 0
    security_groups = ["${aws_security_group.bastion.id}"]
  }

  ingress {
    protocol = -1
    from_port = 0
    to_port = 0
    security_groups = ["${aws_security_group.front.id}"]
  }
}

resource "aws_security_group" "back" {
  vpc_id = "${aws_vpc.main.id}"
  name = "back"
  description = "Back"

  ingress {
    protocol = -1
    from_port = 0
    to_port = 0
    security_groups = ["${aws_security_group.bastion.id}"]
  }

  ingress {
    protocol = -1
    from_port = 0
    to_port = 0
    security_groups = ["${aws_security_group.middle.id}"]
  }
}

resource "aws_instance" "nat" {
  vpc_id = "${aws_vpc.main.id}"
  ami = "ami-3bae3201"
  instance_type = "t1.micro"
  subnet_id = "${aws_subnet.public.id}"
  associate_public_ip_address = true
  key_name = conrad
  security_groups = [
    "${aws_security_group.nat.id}",
    "${aws_security_group.bastion.id}",
  ]
}

resource "aws_instance" "proxy" {
  vpc_id = "${aws_vpc.main.id}"
  ami = "ami-3bae3201"
  instance_type = "t1.micro"
  subnet_id = "${aws_subnet.public.id}"
  associate_public_ip_address = true
  key_name = conrad
  security_groups = [
    "${aws_security_group.front.id}",
  ]
}

resource "aws_instance" "compute" {
  vpc_id = "${aws_vpc.main.id}"
  ami = "ami-3bae3201"
  instance_type = "t1.micro"
  subnet_id = "${aws_subnet.private.id}"
  security_groups = [
    "${aws_security_group.middle.id}",
  ]

  count = 2
}
	provider "aws" {
	access_key = ""
	secret_key = ""
	region = "ap-southeast-2"
	}

	resource "aws_vpc" "main" {
	cidr_block = "172.22.0.0/16"
	}

	resource "aws_internet_gateway" "gw" {
	vpc_id = "${aws_vpc.main.id}"
	}

	resource "aws_subnet" "public" {
	vpc_id = "${aws_vpc.main.id}"
	cidr_block = "172.22.255.0/24"
	}

	resource "aws_subnet" "private" {
	vpc_id = "${aws_vpc.main.id}"
	cidr_block = "172.22.0.0/20"
	}

	resource "aws_route_table" "public" {
	vpc_id = "${aws_vpc.main.id}"
	route {
	cidr_block = "0.0.0.0/0"
	gateway_id = "${aws_internet_gateway.gw.id}"
	}
	}

	resource "aws_route_table" "private" {
	vpc_id = "${aws_vpc.main.id}"
	route {
	cidr_block = "0.0.0.0/0"
	instance_id = "${aws_instance.nat.id}"
	}
	}

	resource "aws_route_table_association" "public" {
	subnet_id = "${aws_subnet.public.id}"
	route_table_id = "${aws_route_table.public.id}"
	}

	resource "aws_route_table_association" "private" {
	subnet_id = "${aws_subnet.private.id}"
	route_table_id = "${aws_route_table.private.id}"
	}

	resource "aws_security_group" "bastion" {
	vpc_id = "${aws_vpc.main.id}"
	name = "bastion"
	description = "Bastion"

	ingress {
	protocol = "tcp"
	from_port = 22
	to_port = 22
	cidr_blocks = ["0.0.0.0/0"]
	}
	}

	resource "aws_security_group" "nat" {
	vpc_id = "${aws_vpc.main.id}"
	name = "nat"
	description = "NAT"

	ingress {
	protocol = "icmp"
	from_port = 0
	to_port = -1
	cidr_blocks = ["0.0.0.0/0"]
	}

	ingress {
	protocol = "icmp"
	from_port = 8
	to_port = -1
	cidr_blocks = ["0.0.0.0/0"]
	}

	ingress {
	protocol = -1
	from_port = 0
	to_port = 0
	security_groups = [
	"${aws_security_group.front.id}",
	"${aws_security_group.middle.id}",
	"${aws_security_group.back.id}",
	]
	}
	}

	resource "aws_security_group" "front" {
	vpc_id = "${aws_vpc.main.id}"
	name = "front"
	description = "Front"

	ingress {
	protocol = -1
	from_port = 0
	to_port = 0
	security_groups = ["${aws_security_group.bastion.id}"]
	}

	ingress {
	protocol = "icmp"
	from_port = 0
	to_port = -1
	cidr_blocks = ["0.0.0.0/0"]
	}

	ingress {
	protocol = "icmp"
	from_port = 8
	to_port = -1
	cidr_blocks = ["0.0.0.0/0"]
	}

	ingress {
	protocol = "tcp"
	from_port = 80
	to_port = 80
	cidr_blocks = ["0.0.0.0/0"]
	}

	ingress {
	protocol = "tcp"
	from_port = 443
	to_port = 443
	cidr_blocks = ["0.0.0.0/0"]
	}

	ingress {
	protocol = "tcp"
	from_port = 1000
	to_port = 65535
	cidr_blocks = ["0.0.0.0/0"]
	}
	}

	resource "aws_security_group" "middle" {
	vpc_id = "${aws_vpc.main.id}"
	name = "middle"
	description = "Middle"

	ingress {
	protocol = -1
	from_port = 0
	to_port = 0
	security_groups = ["${aws_security_group.bastion.id}"]
	}

	ingress {
	protocol = -1
	from_port = 0
	to_port = 0
	security_groups = ["${aws_security_group.front.id}"]
	}
	}

	resource "aws_security_group" "back" {
	vpc_id = "${aws_vpc.main.id}"
	name = "back"
	description = "Back"

	ingress {
	protocol = -1
	from_port = 0
	to_port = 0
	security_groups = ["${aws_security_group.bastion.id}"]
	}

	ingress {
	protocol = -1
	from_port = 0
	to_port = 0
	security_groups = ["${aws_security_group.middle.id}"]
	}
	}

	resource "aws_instance" "nat" {
	vpc_id = "${aws_vpc.main.id}"
	ami = "ami-3bae3201"
	instance_type = "t1.micro"
	subnet_id = "${aws_subnet.public.id}"
	associate_public_ip_address = true
	key_name = conrad
	security_groups = [
	"${aws_security_group.nat.id}",
	"${aws_security_group.bastion.id}",
	]
	}

	resource "aws_instance" "proxy" {
	vpc_id = "${aws_vpc.main.id}"
	ami = "ami-3bae3201"
	instance_type = "t1.micro"
	subnet_id = "${aws_subnet.public.id}"
	associate_public_ip_address = true
	key_name = conrad
	security_groups = [
	"${aws_security_group.front.id}",
	]
	}

	resource "aws_instance" "compute" {
	vpc_id = "${aws_vpc.main.id}"
	ami = "ami-3bae3201"
	instance_type = "t1.micro"
	subnet_id = "${aws_subnet.private.id}"
	security_groups = [
	"${aws_security_group.middle.id}",
	]

	count = 2
	}