Created
February 8, 2017 22:17
-
-
Save elbuo8/73b132184381ac068d2c7dfbe52bc7a3 to your computer and use it in GitHub Desktop.
Compose Blog Sample
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| provider "aws" { | |
| region = "us-east-1" # feel free to adjust | |
| } | |
| module "vpc" { | |
| source = "github.com/segmentio/stack//vpc" | |
| name = "my-test-vpc" | |
| environment = "staging" | |
| cidr = "10.30.0.0/16" | |
| internal_subnets = ["10.30.0.0/24"] | |
| external_subnets = ["10.30.100.0/24"] | |
| availability_zones = ["us-east-1a"] # ensure it matches the one for your provider | |
| } | |
| module "bastion" { | |
| source = "github.com/segmentio/stack//bastion" | |
| region = "us-east-1" # make sure it matches the one for the provider | |
| environment = "staging" | |
| key_name = "my awesome key" # upload this in the AWS console | |
| vpc_id = "${module.vpc.id}" | |
| subnet_id = "${module.vpc.external_subnets[0]}" | |
| security_groups = "${aws_security_group.bastion.id}" | |
| } | |
| resource "aws_security_group" "bastion" { | |
| name = "bastion" | |
| description = "Allow SSH traffic to bastion" | |
| vpc_id = "${module.vpc.id}" | |
| ingress { | |
| from_port = 22 | |
| to_port = 22 | |
| protocol = "tcp" | |
| cidr_blocks = ["0.0.0.0/0"] | |
| } | |
| egress { | |
| from_port = 0 | |
| to_port = 0 | |
| protocol = "-1" | |
| cidr_blocks = ["0.0.0.0/0"] | |
| } | |
| lifecycle { | |
| create_before_destroy = true | |
| } | |
| } | |
| resource "aws_instance" "instance" { | |
| ami = "ami-0b33d91d" # Amazon Linux AMI | |
| key_name = "my awesome key" | |
| instance_type = "t2.nano" | |
| subnet_id = "${module.vpc.internal_subnets[0]}" | |
| vpc_security_group_ids = ["${aws_security_group.instance.id}"] | |
| associate_public_ip_address = false | |
| tags { | |
| Name = "ComposeIPWhitelisted" | |
| } | |
| } | |
| resource "aws_security_group" "instance" { | |
| name = "instance" | |
| description = "Allow SSH traffic from bastion" | |
| vpc_id = "${module.vpc.id}" | |
| ingress { | |
| from_port = 22 | |
| to_port = 22 | |
| protocol = "tcp" | |
| security_groups = ["${aws_security_group.bastion.id}"] # only the bastion SG can access me :) | |
| } | |
| egress { | |
| from_port = 0 | |
| to_port = 0 | |
| protocol = "-1" | |
| cidr_blocks = ["0.0.0.0/0"] | |
| } | |
| lifecycle { | |
| create_before_destroy = true | |
| } | |
| } | |
| output "bastion-ip" { | |
| value = "${module.bastion.external_ip}" | |
| } | |
| output "nat-ips" { | |
| value = "${module.vpc.internal_nat_ips}" | |
| } | |
| output "instance-ip" { | |
| value = "${aws_instance.instance.private_ip}" | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
thank you for this very useful file