Skip to content

Instantly share code, notes, and snippets.

@fionn
Last active September 30, 2020 08:45
Show Gist options
  • Save fionn/4c4cceeefaa8a3b32cbcfd7e49ad9929 to your computer and use it in GitHub Desktop.
Save fionn/4c4cceeefaa8a3b32cbcfd7e49ad9929 to your computer and use it in GitHub Desktop.
VPC with public and private EC2 instances
locals {
common_tags = {
Description = "VPC with public and private EC2 instances",
Env = "dev",
Project = "bastion-vpc"
}
}
resource "aws_vpc" "ami_exp" {
cidr_block = "10.0.0.0/16"
enable_dns_hostnames = true
assign_generated_ipv6_cidr_block = false
tags = local.common_tags
}
resource "aws_internet_gateway" "ami_exp" {
vpc_id = aws_vpc.ami_exp.id
tags = local.common_tags
}
resource "aws_subnet" "restricted" {
cidr_block = cidrsubnet(aws_vpc.ami_exp.cidr_block, 8, 0)
vpc_id = aws_vpc.ami_exp.id
map_public_ip_on_launch = true
}
resource "aws_subnet" "open" {
cidr_block = cidrsubnet(aws_vpc.ami_exp.cidr_block, 8, 1)
vpc_id = aws_vpc.ami_exp.id
map_public_ip_on_launch = true
}
resource "aws_route_table" "internet" {
vpc_id = aws_vpc.ami_exp.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.ami_exp.id
}
tags = local.common_tags
}
resource "aws_route_table_association" "open" {
subnet_id = aws_subnet.open.id
route_table_id = aws_route_table.internet.id
}
resource "aws_route_table_association" "restricted" {
subnet_id = aws_subnet.restricted.id
route_table_id = aws_route_table.internet.id
}
resource "aws_security_group" "allow_internal_ingress" {
name = "allow-internal-ingress"
vpc_id = aws_vpc.ami_exp.id
ingress {
cidr_blocks = [aws_vpc.ami_exp.cidr_block]
from_port = 0
to_port = 0
protocol = "-1"
}
egress {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
to_port = 0
protocol = "-1"
}
}
resource "aws_security_group" "allow_all" {
name = "allow-all"
vpc_id = aws_vpc.ami_exp.id
ingress {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
to_port = 0
protocol = "-1"
}
egress {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
to_port = 0
protocol = "-1"
}
}
data "aws_ami" "arch" {
owners = ["093273469852"] # Uplink Labs
most_recent = true
filter {
name = "name"
values = ["arch-linux-hvm-*"]
}
filter {
name = "root-device-type"
values = ["ebs"]
}
}
resource "aws_instance" "arch" {
ami = data.aws_ami.arch.id
instance_type = "t2.micro"
vpc_security_group_ids = [aws_security_group.allow_all.id]
subnet_id = aws_subnet.open.id
key_name = aws_key_pair.fionn_cb_102.key_name
tags = local.common_tags
}
resource "aws_instance" "arch_prime" {
ami = data.aws_ami.arch.id
instance_type = "t2.micro"
vpc_security_group_ids = [aws_security_group.allow_internal_ingress.id]
subnet_id = aws_subnet.restricted.id
key_name = aws_key_pair.fionn_cb_102.key_name
tags = local.common_tags
}
resource "aws_key_pair" "fionn_cb_102" {
key_name = "fionn-cb-102"
public_key = file("~/.ssh/id_rsa.pub")
}
output "arch" {
description = "Instance IPs and hostname"
value = {
"public_ip" = aws_instance.arch.public_ip
"private_ip" = aws_instance.arch.private_ip
"public_dns" = aws_instance.arch.public_dns
}
}
output "arch_prime" {
description = "Instance IPs and hostname"
value = {
"public_ip" = aws_instance.arch_prime.public_ip
"private_ip" = aws_instance.arch_prime.private_ip
"public_dns" = aws_instance.arch_prime.public_dns
}
}
provider "aws" {
region = var.aws_region
allowed_account_ids = [var.aws_account_id]
profile = var.aws_profile
}
variable "aws_region" {
type = string
default = "ap-northeast-1"
}
variable "aws_account_id" {
type = string
default = "id"
}
variable "aws_profile" {
type = string
default = "profile"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment