Created
August 8, 2014 14:40
-
-
Save deoxxa/30e39f14b36b2a4b01ce to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
provider "aws" { | |
access_key = "" | |
secret_key = "" | |
region = "ap-southeast-2" | |
} | |
resource "aws_vpc" "main" { | |
cidr_block = "172.22.0.0/16" | |
} | |
resource "aws_internet_gateway" "gw" { | |
vpc_id = "${aws_vpc.main.id}" | |
} | |
resource "aws_subnet" "public" { | |
vpc_id = "${aws_vpc.main.id}" | |
cidr_block = "172.22.255.0/24" | |
} | |
resource "aws_subnet" "private" { | |
vpc_id = "${aws_vpc.main.id}" | |
cidr_block = "172.22.0.0/20" | |
} | |
resource "aws_route_table" "public" { | |
vpc_id = "${aws_vpc.main.id}" | |
route { | |
cidr_block = "0.0.0.0/0" | |
gateway_id = "${aws_internet_gateway.gw.id}" | |
} | |
} | |
resource "aws_route_table" "private" { | |
vpc_id = "${aws_vpc.main.id}" | |
route { | |
cidr_block = "0.0.0.0/0" | |
instance_id = "${aws_instance.nat.id}" | |
} | |
} | |
resource "aws_route_table_association" "public" { | |
subnet_id = "${aws_subnet.public.id}" | |
route_table_id = "${aws_route_table.public.id}" | |
} | |
resource "aws_route_table_association" "private" { | |
subnet_id = "${aws_subnet.private.id}" | |
route_table_id = "${aws_route_table.private.id}" | |
} | |
resource "aws_security_group" "bastion" { | |
vpc_id = "${aws_vpc.main.id}" | |
name = "bastion" | |
description = "Bastion" | |
ingress { | |
protocol = "tcp" | |
from_port = 22 | |
to_port = 22 | |
cidr_blocks = ["0.0.0.0/0"] | |
} | |
} | |
resource "aws_security_group" "nat" { | |
vpc_id = "${aws_vpc.main.id}" | |
name = "nat" | |
description = "NAT" | |
ingress { | |
protocol = "icmp" | |
from_port = 0 | |
to_port = -1 | |
cidr_blocks = ["0.0.0.0/0"] | |
} | |
ingress { | |
protocol = "icmp" | |
from_port = 8 | |
to_port = -1 | |
cidr_blocks = ["0.0.0.0/0"] | |
} | |
ingress { | |
protocol = -1 | |
from_port = 0 | |
to_port = 0 | |
security_groups = [ | |
"${aws_security_group.front.id}", | |
"${aws_security_group.middle.id}", | |
"${aws_security_group.back.id}", | |
] | |
} | |
} | |
resource "aws_security_group" "front" { | |
vpc_id = "${aws_vpc.main.id}" | |
name = "front" | |
description = "Front" | |
ingress { | |
protocol = -1 | |
from_port = 0 | |
to_port = 0 | |
security_groups = ["${aws_security_group.bastion.id}"] | |
} | |
ingress { | |
protocol = "icmp" | |
from_port = 0 | |
to_port = -1 | |
cidr_blocks = ["0.0.0.0/0"] | |
} | |
ingress { | |
protocol = "icmp" | |
from_port = 8 | |
to_port = -1 | |
cidr_blocks = ["0.0.0.0/0"] | |
} | |
ingress { | |
protocol = "tcp" | |
from_port = 80 | |
to_port = 80 | |
cidr_blocks = ["0.0.0.0/0"] | |
} | |
ingress { | |
protocol = "tcp" | |
from_port = 443 | |
to_port = 443 | |
cidr_blocks = ["0.0.0.0/0"] | |
} | |
ingress { | |
protocol = "tcp" | |
from_port = 1000 | |
to_port = 65535 | |
cidr_blocks = ["0.0.0.0/0"] | |
} | |
} | |
resource "aws_security_group" "middle" { | |
vpc_id = "${aws_vpc.main.id}" | |
name = "middle" | |
description = "Middle" | |
ingress { | |
protocol = -1 | |
from_port = 0 | |
to_port = 0 | |
security_groups = ["${aws_security_group.bastion.id}"] | |
} | |
ingress { | |
protocol = -1 | |
from_port = 0 | |
to_port = 0 | |
security_groups = ["${aws_security_group.front.id}"] | |
} | |
} | |
resource "aws_security_group" "back" { | |
vpc_id = "${aws_vpc.main.id}" | |
name = "back" | |
description = "Back" | |
ingress { | |
protocol = -1 | |
from_port = 0 | |
to_port = 0 | |
security_groups = ["${aws_security_group.bastion.id}"] | |
} | |
ingress { | |
protocol = -1 | |
from_port = 0 | |
to_port = 0 | |
security_groups = ["${aws_security_group.middle.id}"] | |
} | |
} | |
resource "aws_instance" "nat" { | |
vpc_id = "${aws_vpc.main.id}" | |
ami = "ami-3bae3201" | |
instance_type = "t1.micro" | |
subnet_id = "${aws_subnet.public.id}" | |
associate_public_ip_address = true | |
key_name = conrad | |
security_groups = [ | |
"${aws_security_group.nat.id}", | |
"${aws_security_group.bastion.id}", | |
] | |
} | |
resource "aws_instance" "proxy" { | |
vpc_id = "${aws_vpc.main.id}" | |
ami = "ami-3bae3201" | |
instance_type = "t1.micro" | |
subnet_id = "${aws_subnet.public.id}" | |
associate_public_ip_address = true | |
key_name = conrad | |
security_groups = [ | |
"${aws_security_group.front.id}", | |
] | |
} | |
resource "aws_instance" "compute" { | |
vpc_id = "${aws_vpc.main.id}" | |
ami = "ami-3bae3201" | |
instance_type = "t1.micro" | |
subnet_id = "${aws_subnet.private.id}" | |
security_groups = [ | |
"${aws_security_group.middle.id}", | |
] | |
count = 2 | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment