Skip to content

Instantly share code, notes, and snippets.

@deoxxa
Created August 8, 2014 14:40
Show Gist options
  • Save deoxxa/30e39f14b36b2a4b01ce to your computer and use it in GitHub Desktop.
Save deoxxa/30e39f14b36b2a4b01ce to your computer and use it in GitHub Desktop.
provider "aws" {
access_key = ""
secret_key = ""
region = "ap-southeast-2"
}
resource "aws_vpc" "main" {
cidr_block = "172.22.0.0/16"
}
resource "aws_internet_gateway" "gw" {
vpc_id = "${aws_vpc.main.id}"
}
resource "aws_subnet" "public" {
vpc_id = "${aws_vpc.main.id}"
cidr_block = "172.22.255.0/24"
}
resource "aws_subnet" "private" {
vpc_id = "${aws_vpc.main.id}"
cidr_block = "172.22.0.0/20"
}
resource "aws_route_table" "public" {
vpc_id = "${aws_vpc.main.id}"
route {
cidr_block = "0.0.0.0/0"
gateway_id = "${aws_internet_gateway.gw.id}"
}
}
resource "aws_route_table" "private" {
vpc_id = "${aws_vpc.main.id}"
route {
cidr_block = "0.0.0.0/0"
instance_id = "${aws_instance.nat.id}"
}
}
resource "aws_route_table_association" "public" {
subnet_id = "${aws_subnet.public.id}"
route_table_id = "${aws_route_table.public.id}"
}
resource "aws_route_table_association" "private" {
subnet_id = "${aws_subnet.private.id}"
route_table_id = "${aws_route_table.private.id}"
}
resource "aws_security_group" "bastion" {
vpc_id = "${aws_vpc.main.id}"
name = "bastion"
description = "Bastion"
ingress {
protocol = "tcp"
from_port = 22
to_port = 22
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "aws_security_group" "nat" {
vpc_id = "${aws_vpc.main.id}"
name = "nat"
description = "NAT"
ingress {
protocol = "icmp"
from_port = 0
to_port = -1
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
protocol = "icmp"
from_port = 8
to_port = -1
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
protocol = -1
from_port = 0
to_port = 0
security_groups = [
"${aws_security_group.front.id}",
"${aws_security_group.middle.id}",
"${aws_security_group.back.id}",
]
}
}
resource "aws_security_group" "front" {
vpc_id = "${aws_vpc.main.id}"
name = "front"
description = "Front"
ingress {
protocol = -1
from_port = 0
to_port = 0
security_groups = ["${aws_security_group.bastion.id}"]
}
ingress {
protocol = "icmp"
from_port = 0
to_port = -1
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
protocol = "icmp"
from_port = 8
to_port = -1
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
protocol = "tcp"
from_port = 80
to_port = 80
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
protocol = "tcp"
from_port = 443
to_port = 443
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
protocol = "tcp"
from_port = 1000
to_port = 65535
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "aws_security_group" "middle" {
vpc_id = "${aws_vpc.main.id}"
name = "middle"
description = "Middle"
ingress {
protocol = -1
from_port = 0
to_port = 0
security_groups = ["${aws_security_group.bastion.id}"]
}
ingress {
protocol = -1
from_port = 0
to_port = 0
security_groups = ["${aws_security_group.front.id}"]
}
}
resource "aws_security_group" "back" {
vpc_id = "${aws_vpc.main.id}"
name = "back"
description = "Back"
ingress {
protocol = -1
from_port = 0
to_port = 0
security_groups = ["${aws_security_group.bastion.id}"]
}
ingress {
protocol = -1
from_port = 0
to_port = 0
security_groups = ["${aws_security_group.middle.id}"]
}
}
resource "aws_instance" "nat" {
vpc_id = "${aws_vpc.main.id}"
ami = "ami-3bae3201"
instance_type = "t1.micro"
subnet_id = "${aws_subnet.public.id}"
associate_public_ip_address = true
key_name = conrad
security_groups = [
"${aws_security_group.nat.id}",
"${aws_security_group.bastion.id}",
]
}
resource "aws_instance" "proxy" {
vpc_id = "${aws_vpc.main.id}"
ami = "ami-3bae3201"
instance_type = "t1.micro"
subnet_id = "${aws_subnet.public.id}"
associate_public_ip_address = true
key_name = conrad
security_groups = [
"${aws_security_group.front.id}",
]
}
resource "aws_instance" "compute" {
vpc_id = "${aws_vpc.main.id}"
ami = "ami-3bae3201"
instance_type = "t1.micro"
subnet_id = "${aws_subnet.private.id}"
security_groups = [
"${aws_security_group.middle.id}",
]
count = 2
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment