Last active
October 5, 2020 07:34
-
-
Save gravcat/677bf0889e38b3a4c4518cd6c61717f9 to your computer and use it in GitHub Desktop.
create ec2 instance with supporting resources and security rules
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
############################# | |
# ec2 instance | |
############################# | |
resource "aws_instance" "my-cool-instance" { | |
count = 1 | |
ami = "${lookup(var.ami, var.region)}" | |
instance_type = "t2.micro" | |
key_name = "${var.key_pair_name}" | |
ebs_optimized = true | |
monitoring = true | |
vpc_security_group_ids = ["${module.sg_allow_ssh_in.this_security_group_id}", "${module.sg_allow_all_out.this_security_group_id}", "${module.sg_allow_web_in.this_security_group_id}"] | |
associate_public_ip_address = true | |
subnet_id = "${module.vpc.public_subnets[0]}" | |
# os disk | |
root_block_device { | |
volume_size = "50" | |
} | |
# tags (to provide name) | |
tags = { | |
Name = "ec2-${count.index}" | |
} | |
} | |
############################# | |
# ebs vols and attach | |
############################# | |
resource "aws_ebs_volume" "data" { | |
availability_zone = "${aws_instance.my-cool-instance.availability_zone}" | |
type = "gp2" | |
size = 128 | |
encrypted = true | |
} | |
resource "aws_volume_attachment" "ebs_att" { | |
device_name = "/dev/sdh" | |
volume_id = "${aws_ebs_volume.data.id}" | |
instance_id = "${aws_instance.my-cool-instance.id}" | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
module "sg_allow_ssh_in" { | |
source = "github.com/terraform-aws-modules/terraform-aws-security-group//modules/ssh" | |
name = "sg_allow_ssh_in" | |
description = "Security group with SSH ports open publicly" | |
vpc_id = "${module.vpc.vpc_id}" | |
ingress_cidr_blocks = ["0.0.0.0/0"] | |
} | |
module "sg_allow_web_in" { | |
source = "github.com/terraform-aws-modules/terraform-aws-security-group//modules/web" | |
name = "sg_allow_web_in" | |
description = "Security group with web server ports open publicly" | |
vpc_id = "${module.vpc.vpc_id}" | |
ingress_cidr_blocks = ["0.0.0.0/0"] | |
} | |
module "sg_allow_postgresql_in" { | |
source = "github.com/terraform-aws-modules/terraform-aws-security-group//modules/postgresql" | |
name = "sg_allow_postgresql_in" | |
description = "Security group with PostgreSQL ports open to private subnets" | |
vpc_id = "${module.vpc.vpc_id}" | |
ingress_cidr_blocks = ["10.0.1.0/24"] | |
} | |
module "sg_allow_all_out" { | |
source = "github.com/terraform-aws-modules/terraform-aws-security-group" | |
name = "sg_allow_all_out" | |
description = "Security group with all outgoing traffic enabled" | |
vpc_id = "${module.vpc.vpc_id}" | |
egress_cidr_blocks = ["0.0.0.0/0"] | |
egress_rules = ["all-all"] | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
variable "ami" { | |
type = "map" | |
# amazon linux (ubuntu) | |
default = { | |
us-east-1 = "ami-1853ac65" # virginia | |
us-west-1 = "ami-bf5540df" # north cali | |
eu-central-1 = "ami-ac442ac3" # germany | |
ap-southeast-2 = "ami-43874721" # australia | |
} | |
} | |
variable "region" { | |
default = "us-east-1" | |
} | |
variable "key_pair_name" { | |
default = "my_cool_key_file" | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
module "vpc" { | |
source = "github.com/terraform-aws-modules/terraform-aws-vpc" | |
name = "dev-vpc" | |
cidr = "10.0.0.0/16" | |
azs = ["us-east-1a", "us-east-1b", "us-east-1c"] | |
private_subnets = ["10.0.1.0/24"] | |
public_subnets = ["10.0.101.0/24"] | |
database_subnets = ["10.0.10.0/24", "10.0.11.0/24", "10.0.12.0/24"] | |
enable_nat_gateway = true | |
enable_vpn_gateway = true | |
enable_dns_support = true | |
enable_dns_hostnames = true | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment