hauleth/bastion.tf Secret

## bastion.tf
variable "vpc_id" {}
variable "key_name" {}

variable "instance_type" {
  default = "t2.micro"
}

variable "ami" {
  default = "ami-dde2debb"
}

variable "public_subnet_id" {}

variable "public_subnet_cidr_block" {}

variable "private_subnet_cidr_blocks" {
  type = "list"
}

resource "aws_security_group" "bastion" {
  name        = "bastion"
  description = "Allow SSH traffic from the internet"

  vpc_id = "${var.vpc_id}"

  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port = 0
    to_port   = 0
    protocol  = "-1"

    cidr_blocks = [
      "0.0.0.0/0",
    ]
  }
}

resource "aws_instance" "bastion" {
  ami                         = "${var.ami}"
  instance_type               = "${var.instance_type}"
  key_name                    = "${var.key_name}"
  vpc_security_group_ids      = ["${aws_security_group.bastion.id}"]
  subnet_id                   = "${var.public_subnet_id}"
  associate_public_ip_address = true

  tags {
    Name = "bastion"
  }
}

resource "aws_security_group" "allow_bastion" {
  name = "allow-access-from-bastion"

  vpc_id = "${var.vpc_id}"
}

resource "aws_security_group_rule" "ssh" {
  security_group_id        = "${aws_security_group.allow_bastion.id}"
  type                     = "ingress"
  from_port                = 22
  to_port                  = 22
  protocol                 = "tcp"
  source_security_group_id = "${aws_security_group.bastion.id}"
}

resource "aws_eip" "bastion" {
  instance = "${aws_instance.bastion.id}"
  vpc      = true
}

output "security_group_id" {
  value = "${aws_security_group.allow_bastion.id}"
}

output "public_ip" {
  value = "${aws_eip.bastion.public_ip}"
}

## cluster.tf
resource "aws_instance" "consul" {
  ami           = "${var.ami}"
  instance_type = "${var.instance_type}"
  subnet_id     = "${var.private_subnet_id}"

  key_name = "${var.key_name}"

  count = 3

  connection {
    type        = "ssh"
    user        = "ubuntu"
    private_key = "${var.private_key}"

    bastion_host = "${var.bastion_host}"
  }

  vpc_security_group_ids = [
    "${var.bastion_sgr}",
  ]

  tags {
    App                      = "consul"
    Name                     = "consul-${count.index}"
    Env = "${var.env}"
    consul_server_datacenter = "eu-west-1"
  }

  #
  # Consul
  #
  provisioner "remote-exec" {
    inline = ["${data.template_file.install_consul_server.rendered}"]
  }
}
variable "env" {}

variable "instance_type" {
  default = "t2.micro"
}

variable "ami" {
  default = "ami-dde2debb"
}

variable "count" {
  description = "Nomad cluster size"
  default     = 3
}

variable "public_subnet_id" {}
variable "private_subnet_id" {}

variable "bastion_host" {
  default = ""
}

variable "key_name" {}
variable "private_key" {}
variable "bastion_sgr" {}

resource "aws_elb" "balancer" {
  name    = "${var.env}-nomad-cluster-elb"
  subnets = ["${var.public_subnet_id}"]

  instances = ["${aws_instance.nomad.*.id}"]

  listener {
    instance_port     = 9999
    instance_protocol = "tcp"
    lb_port           = 80
    lb_protocol       = "tcp"
  }
}

resource "aws_security_group" "elb" {
  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
}
resource "aws_instance" "nomad" {
  ami           = "${var.ami}"
  instance_type = "${var.instance_type}"
  subnet_id     = "${var.private_subnet_id}"

  key_name = "${var.key_name}"

  count = 3

  connection {
    type        = "ssh"
    user        = "ubuntu"
    private_key = "${var.private_key}"

    bastion_host = "${var.bastion_host}"
  }

  vpc_security_group_ids = [
    "${var.bastion_sgr}",
  ]

  tags {
    App  = "nomad"
    Name = "${var.env}-nomad-${count.index}"
  }
}
data "template_file" "install_consul_client" {
  template = "${file("${path.module}/consul/provision-client.sh.tpl")}"

  vars {
    region          = "eu-west-1"
    instance_id_url = "http://169.254.169.254/2014-02-25/meta-data/instance-id"
  }
}

data "template_file" "install_consul_server" {
  template = "${file("${path.module}/consul/provision-server.sh.tpl")}"

  vars {
    region              = "eu-west-1"
    consul_server_nodes = 3
    instance_id_url     = "http://169.254.169.254/2014-02-25/meta-data/instance-id"
  }
}
resource "aws_instance" "vault" {
  ami           = "${var.ami}"
  instance_type = "${var.instance_type}"
  subnet_id     = "${var.private_subnet_id}"

  key_name = "${var.key_name}"

  count = 2

  connection {
    type        = "ssh"
    user        = "ubuntu"
    private_key = "${var.private_key}"

    bastion_host = "${var.bastion_host}"
  }

  vpc_security_group_ids = [
    "${var.bastion_sgr}",
  ]

  tags {
    App  = "vault"
    Name = "${var.env}-vault-${count.index}"
  }
}

## main.tf
module "network" {
  source = "github.com/terraform-community-modules/tf_aws_vpc"

  name = "${var.env}"
  cidr = "10.66.0.0/16"
  public_subnets = ["10.66.1.0/24"]
  private_subnets = ["10.66.101.0/24"]
  azs = ["${data.aws_availability_zones.all.names}"]
  enable_dns_hostnames = true
  enable_nat_gateway = true
  map_public_ip_on_launch = true

  tags = {
    Env = "${var.env}"
  }
}

module "bastion" {
  source = "modules/bastion"

  vpc_id           = "${module.network.vpc_id}"
  key_name         = "default"
  public_subnet_id = "${module.network.public_subnet_id}"

  public_subnet_cidr_block   = "${module.network.public_subnet_cidr_block}"
  private_subnet_cidr_blocks = ["${module.network.private_subnet_cidr_blocks}"]
}

resource "aws_route53_record" "bastion" {
  zone_id = "${module.dns_zone.id}"
  name    = "bastion"
  type    = "A"
  ttl     = 60
  records = ["${module.bastion.public_ip}"]
}

module "cluster" {
  source = "modules/cluster"

  env               = "${var.env}"
  public_subnet_id  = "${module.network.public_subnet_id}"
  private_subnet_id = "${module.network.private_subnet_ids[0]}"

  bastion_host = "${module.bastion.public_ip}"
  bastion_sgr  = "${module.bastion.security_group_id}"
  key_name     = "default"
  private_key  = "${file("secrets/default.pem")}"
}
	variable "vpc_id" {}
	variable "key_name" {}

	variable "instance_type" {
	default = "t2.micro"
	}

	variable "ami" {
	default = "ami-dde2debb"
	}

	variable "public_subnet_id" {}

	variable "public_subnet_cidr_block" {}

	variable "private_subnet_cidr_blocks" {
	type = "list"
	}

	resource "aws_security_group" "bastion" {
	name = "bastion"
	description = "Allow SSH traffic from the internet"

	vpc_id = "${var.vpc_id}"

	ingress {
	from_port = 22
	to_port = 22
	protocol = "tcp"
	cidr_blocks = ["0.0.0.0/0"]
	}

	egress {
	from_port = 0
	to_port = 0
	protocol = "-1"

	cidr_blocks = [
	"0.0.0.0/0",
	]
	}
	}

	resource "aws_instance" "bastion" {
	ami = "${var.ami}"
	instance_type = "${var.instance_type}"
	key_name = "${var.key_name}"
	vpc_security_group_ids = ["${aws_security_group.bastion.id}"]
	subnet_id = "${var.public_subnet_id}"
	associate_public_ip_address = true

	tags {
	Name = "bastion"
	}
	}

	resource "aws_security_group" "allow_bastion" {
	name = "allow-access-from-bastion"

	vpc_id = "${var.vpc_id}"
	}

	resource "aws_security_group_rule" "ssh" {
	security_group_id = "${aws_security_group.allow_bastion.id}"
	type = "ingress"
	from_port = 22
	to_port = 22
	protocol = "tcp"
	source_security_group_id = "${aws_security_group.bastion.id}"
	}

	resource "aws_eip" "bastion" {
	instance = "${aws_instance.bastion.id}"
	vpc = true
	}

	output "security_group_id" {
	value = "${aws_security_group.allow_bastion.id}"
	}

	output "public_ip" {
	value = "${aws_eip.bastion.public_ip}"
	}
	resource "aws_instance" "consul" {
	ami = "${var.ami}"
	instance_type = "${var.instance_type}"
	subnet_id = "${var.private_subnet_id}"

	key_name = "${var.key_name}"

	count = 3

	connection {
	type = "ssh"
	user = "ubuntu"
	private_key = "${var.private_key}"

	bastion_host = "${var.bastion_host}"
	}

	vpc_security_group_ids = [
	"${var.bastion_sgr}",
	]

	tags {
	App = "consul"
	Name = "consul-${count.index}"
	Env = "${var.env}"
	consul_server_datacenter = "eu-west-1"
	}

	#
	# Consul
	#
	provisioner "remote-exec" {
	inline = ["${data.template_file.install_consul_server.rendered}"]
	}
	}
	variable "env" {}

	variable "instance_type" {
	default = "t2.micro"
	}

	variable "ami" {
	default = "ami-dde2debb"
	}

	variable "count" {
	description = "Nomad cluster size"
	default = 3
	}

	variable "public_subnet_id" {}
	variable "private_subnet_id" {}

	variable "bastion_host" {
	default = ""
	}

	variable "key_name" {}
	variable "private_key" {}
	variable "bastion_sgr" {}

	resource "aws_elb" "balancer" {
	name = "${var.env}-nomad-cluster-elb"
	subnets = ["${var.public_subnet_id}"]

	instances = ["${aws_instance.nomad.*.id}"]

	listener {
	instance_port = 9999
	instance_protocol = "tcp"
	lb_port = 80
	lb_protocol = "tcp"
	}
	}

	resource "aws_security_group" "elb" {
	ingress {
	from_port = 80
	to_port = 80
	protocol = "tcp"
	cidr_blocks = ["0.0.0.0/0"]
	}
	}
	resource "aws_instance" "nomad" {
	ami = "${var.ami}"
	instance_type = "${var.instance_type}"
	subnet_id = "${var.private_subnet_id}"

	key_name = "${var.key_name}"

	count = 3

	connection {
	type = "ssh"
	user = "ubuntu"
	private_key = "${var.private_key}"

	bastion_host = "${var.bastion_host}"
	}

	vpc_security_group_ids = [
	"${var.bastion_sgr}",
	]

	tags {
	App = "nomad"
	Name = "${var.env}-nomad-${count.index}"
	}
	}
	data "template_file" "install_consul_client" {
	template = "${file("${path.module}/consul/provision-client.sh.tpl")}"

	vars {
	region = "eu-west-1"
	instance_id_url = "http://169.254.169.254/2014-02-25/meta-data/instance-id"
	}
	}

	data "template_file" "install_consul_server" {
	template = "${file("${path.module}/consul/provision-server.sh.tpl")}"

	vars {
	region = "eu-west-1"
	consul_server_nodes = 3
	instance_id_url = "http://169.254.169.254/2014-02-25/meta-data/instance-id"
	}
	}
	resource "aws_instance" "vault" {
	ami = "${var.ami}"
	instance_type = "${var.instance_type}"
	subnet_id = "${var.private_subnet_id}"

	key_name = "${var.key_name}"

	count = 2

	connection {
	type = "ssh"
	user = "ubuntu"
	private_key = "${var.private_key}"

	bastion_host = "${var.bastion_host}"
	}

	vpc_security_group_ids = [
	"${var.bastion_sgr}",
	]

	tags {
	App = "vault"
	Name = "${var.env}-vault-${count.index}"
	}
	}
	module "network" {
	source = "github.com/terraform-community-modules/tf_aws_vpc"

	name = "${var.env}"
	cidr = "10.66.0.0/16"
	public_subnets = ["10.66.1.0/24"]
	private_subnets = ["10.66.101.0/24"]
	azs = ["${data.aws_availability_zones.all.names}"]
	enable_dns_hostnames = true
	enable_nat_gateway = true
	map_public_ip_on_launch = true

	tags = {
	Env = "${var.env}"
	}
	}

	module "bastion" {
	source = "modules/bastion"

	vpc_id = "${module.network.vpc_id}"
	key_name = "default"
	public_subnet_id = "${module.network.public_subnet_id}"

	public_subnet_cidr_block = "${module.network.public_subnet_cidr_block}"
	private_subnet_cidr_blocks = ["${module.network.private_subnet_cidr_blocks}"]
	}

	resource "aws_route53_record" "bastion" {
	zone_id = "${module.dns_zone.id}"
	name = "bastion"
	type = "A"
	ttl = 60
	records = ["${module.bastion.public_ip}"]
	}

	module "cluster" {
	source = "modules/cluster"

	env = "${var.env}"
	public_subnet_id = "${module.network.public_subnet_id}"
	private_subnet_id = "${module.network.private_subnet_ids[0]}"

	bastion_host = "${module.bastion.public_ip}"
	bastion_sgr = "${module.bastion.security_group_id}"
	key_name = "default"
	private_key = "${file("secrets/default.pem")}"
	}