jeffbyrnes/common.tf

## common.tf
provider "aws" {
  region  = "us-east-1"
  profile = "darksky"
}

data "aws_ami" "ubuntu_1604_hvm_ebs" {
  most_recent = true
  filter {
    name   = "name"
    values = ["ubuntu/images/*/ubuntu-*-16.04*"]
  }
  filter {
    name   = "root-device-type"
    values = ["ebs"]
  }
  filter {
    name   = "virtualization-type"
    values = ["hvm"]
  }
  owners = ["099720109477"]
}

data "aws_ami" "ubuntu_1604_hvm_instance" {
  most_recent = true
  filter {
    name   = "name"
    values = ["ubuntu/images/*/ubuntu-*-16.04*"]
  }
  filter {
    name   = "root-device-type"
    values = ["instance-store"]
  }
  filter {
    name   = "virtualization-type"
    values = ["hvm"]
  }
  owners = ["099720109477"]
}

resource "aws_key_pair" "ds_aws_dev" {
  key_name   = "ds_aws_dev"
  public_key = "${file("~/.ssh/ds_aws_dev.pub")}"
}

resource "aws_key_pair" "ds_travis_ci" {
  key_name   = "ds_travis_ci"
  public_key = "${file("~/.ssh/ds_travis_ci.pub")}"
}

resource "aws_vpc" "stage" {
  cidr_block = "172.0.0.0/16"

  tags {
    Name = "stage-vpc"
    Env  = "stage"
  }
}

resource "aws_internet_gateway" "stage" {
  vpc_id = "${aws_vpc.stage.id}"

  tags {
    Name = "stage-igw"
    Env  = "stage"
  }
}

# NAT

resource "aws_eip" "stage-nat" {
  vpc = true

  tags {
    Name = "stage-nat-eip"
    Env  = "stage"
  }
}

resource "aws_nat_gateway" "stage" {
  allocation_id = "${aws_eip.stage-nat.id}"
  subnet_id     = "${aws_subnet.public.id}"
  depends_on    = ["aws_internet_gateway.stage"]

  tags {
    Name = "stage-nat"
    Env  = "stage"
  }
}

# Public subnets

resource "aws_subnet" "stage-us-east-1b-public" {
  vpc_id = "${aws_vpc.stage.id}"

  cidr_block        = "172.0.0.0/24"
  availability_zone = "us-east-1b"

  tags {
    Name = "stage-us-east-1b-public"
    Env  = "stage"
  }
}

# Routing table for public subnets

resource "aws_route_table" "stage-us-east-1-public" {
  vpc_id = "${aws_vpc.stage.id}"

  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = "${aws_internet_gateway.stage.id}"
  }

  tags {
    Name = "stage-us-east-1-public"
    Env  = "stage"
  }
}

resource "aws_route_table_association" "stage-us-east-1b-public" {
  subnet_id      = "${aws_subnet.stage-us-east-1b-public.id}"
  route_table_id = "${aws_route_table.stage-us-east-1-public.id}"

  tags {
    Name = "stage-us-east-1b-public"
    Env  = "stage"
  }
}

# Private subnets

resource "aws_subnet" "stage-us-east-1b-private" {
  vpc_id = "${aws_vpc.stage.id}"

  cidr_block        = "172.0.1.0/24"
  availability_zone = "us-east-1b"

  tags {
    Name = "stage-us-east-1b-private"
    Env  = "stage"
  }
}

# Routing table for private subnets

resource "aws_route_table" "stage-us-east-1-private" {
  vpc_id = "${aws_vpc.stage.id}"

  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = "${aws_nat_gateway.stage-nat.id}"
  }

  tags {
    Name = "stage-us-east-1-private"
    Env  = "stage"
  }
}

resource "aws_route_table_association" "stage-us-east-1b-private" {
  subnet_id      = "${aws_subnet.stage-us-east-1b-private.id}"
  route_table_id = "${aws_route_table.stage-us-east-1-private.id}"

  tags {
    Name = "stage-us-east-1b-private"
    Env  = "stage"
  }
}

# Bastion
# Allow SSH traffic from the internet

resource "aws_security_group" "stage-bastion" {
  name = "stage-bastion"

  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  vpc_id = "${aws_vpc.stage.id}"

  tags {
    Name = "stage-bastion"
    Env  = "stage"
  }
}

resource "aws_instance" "stage-bastion" {
  ami             = "${data.aws_ami.ubuntu_1604_hvm_ebs.id}"
  instance_type   = "t2.micro"
  key_name        = "${aws_key_pair.ds_aws_dev.id}"
  security_groups = ["${aws_security_group.stage-bastion.id}"]
  subnet_id       = "${aws_subnet.stage-us-east-1b-public.id}"

  tags {
    Name = "stage-bastion"
    Env  = "stage"
  }
}

resource "aws_eip" "stage-bastion" {
  instance = "${aws_instance.stage-bastion.id}"
  vpc      = true

  tags {
    Name = "stage-bastion-eip"
    Env  = "stage"
  }
}

# Default stage VPC security group
# Set default stage VPC access

resource "aws_security_group" "stage-default" {
  name = "stage-default"

  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  vpc_id = "${aws_vpc.stage.id}"

  tags {
    Name = "stage-default"
    Env  = "stage"
  }
}

# Example AWS instance

resource "aws_instance" "stage-example-1b-1" {
  provisioner "chef" {
    node_name              = "stage-example-1b-1"
    environment            = "stage"
    run_list               = ["ds_base"]
    secret_key             = "${file("~/.chef/ds_encrypted_data_bag_secret")}"
    server_url             = "https://api.chef.io/organizations/darksky"
    validation_client_name = "darksky"
  }
  ami           = "${data.aws_ami.ubuntu_1604_hvm_ebs.id}"
  instance_type = "t2.micro"
  key_name      = "${aws_key_pair.ds_aws_dev.id}"
  subnet_id     = "${aws_subnet.stage-us-east-1b-private.id}"

  tags {
    Name = "stage-example-1b-1"
    Env  = "stage"
  }
}
	provider "aws" {
	region = "us-east-1"
	profile = "darksky"
	}

	data "aws_ami" "ubuntu_1604_hvm_ebs" {
	most_recent = true
	filter {
	name = "name"
	values = ["ubuntu/images//ubuntu--16.04*"]
	}
	filter {
	name = "root-device-type"
	values = ["ebs"]
	}
	filter {
	name = "virtualization-type"
	values = ["hvm"]
	}
	owners = ["099720109477"]
	}

	data "aws_ami" "ubuntu_1604_hvm_instance" {
	most_recent = true
	filter {
	name = "name"
	values = ["ubuntu/images//ubuntu--16.04*"]
	}
	filter {
	name = "root-device-type"
	values = ["instance-store"]
	}
	filter {
	name = "virtualization-type"
	values = ["hvm"]
	}
	owners = ["099720109477"]
	}

	resource "aws_key_pair" "ds_aws_dev" {
	key_name = "ds_aws_dev"
	public_key = "${file("~/.ssh/ds_aws_dev.pub")}"
	}

	resource "aws_key_pair" "ds_travis_ci" {
	key_name = "ds_travis_ci"
	public_key = "${file("~/.ssh/ds_travis_ci.pub")}"
	}

	resource "aws_vpc" "stage" {
	cidr_block = "172.0.0.0/16"

	tags {
	Name = "stage-vpc"
	Env = "stage"
	}
	}

	resource "aws_internet_gateway" "stage" {
	vpc_id = "${aws_vpc.stage.id}"

	tags {
	Name = "stage-igw"
	Env = "stage"
	}
	}

	# NAT

	resource "aws_eip" "stage-nat" {
	vpc = true

	tags {
	Name = "stage-nat-eip"
	Env = "stage"
	}
	}

	resource "aws_nat_gateway" "stage" {
	allocation_id = "${aws_eip.stage-nat.id}"
	subnet_id = "${aws_subnet.public.id}"
	depends_on = ["aws_internet_gateway.stage"]

	tags {
	Name = "stage-nat"
	Env = "stage"
	}
	}

	# Public subnets

	resource "aws_subnet" "stage-us-east-1b-public" {
	vpc_id = "${aws_vpc.stage.id}"

	cidr_block = "172.0.0.0/24"
	availability_zone = "us-east-1b"

	tags {
	Name = "stage-us-east-1b-public"
	Env = "stage"
	}
	}

	# Routing table for public subnets

	resource "aws_route_table" "stage-us-east-1-public" {
	vpc_id = "${aws_vpc.stage.id}"

	route {
	cidr_block = "0.0.0.0/0"
	gateway_id = "${aws_internet_gateway.stage.id}"
	}

	tags {
	Name = "stage-us-east-1-public"
	Env = "stage"
	}
	}

	resource "aws_route_table_association" "stage-us-east-1b-public" {
	subnet_id = "${aws_subnet.stage-us-east-1b-public.id}"
	route_table_id = "${aws_route_table.stage-us-east-1-public.id}"

	tags {
	Name = "stage-us-east-1b-public"
	Env = "stage"
	}
	}

	# Private subnets

	resource "aws_subnet" "stage-us-east-1b-private" {
	vpc_id = "${aws_vpc.stage.id}"

	cidr_block = "172.0.1.0/24"
	availability_zone = "us-east-1b"

	tags {
	Name = "stage-us-east-1b-private"
	Env = "stage"
	}
	}

	# Routing table for private subnets

	resource "aws_route_table" "stage-us-east-1-private" {
	vpc_id = "${aws_vpc.stage.id}"

	route {
	cidr_block = "0.0.0.0/0"
	gateway_id = "${aws_nat_gateway.stage-nat.id}"
	}

	tags {
	Name = "stage-us-east-1-private"
	Env = "stage"
	}
	}

	resource "aws_route_table_association" "stage-us-east-1b-private" {
	subnet_id = "${aws_subnet.stage-us-east-1b-private.id}"
	route_table_id = "${aws_route_table.stage-us-east-1-private.id}"

	tags {
	Name = "stage-us-east-1b-private"
	Env = "stage"
	}
	}

	# Bastion
	# Allow SSH traffic from the internet

	resource "aws_security_group" "stage-bastion" {
	name = "stage-bastion"

	ingress {
	from_port = 22
	to_port = 22
	protocol = "tcp"
	cidr_blocks = ["0.0.0.0/0"]
	}

	vpc_id = "${aws_vpc.stage.id}"

	tags {
	Name = "stage-bastion"
	Env = "stage"
	}
	}

	resource "aws_instance" "stage-bastion" {
	ami = "${data.aws_ami.ubuntu_1604_hvm_ebs.id}"
	instance_type = "t2.micro"
	key_name = "${aws_key_pair.ds_aws_dev.id}"
	security_groups = ["${aws_security_group.stage-bastion.id}"]
	subnet_id = "${aws_subnet.stage-us-east-1b-public.id}"

	tags {
	Name = "stage-bastion"
	Env = "stage"
	}
	}

	resource "aws_eip" "stage-bastion" {
	instance = "${aws_instance.stage-bastion.id}"
	vpc = true

	tags {
	Name = "stage-bastion-eip"
	Env = "stage"
	}
	}

	# Default stage VPC security group
	# Set default stage VPC access

	resource "aws_security_group" "stage-default" {
	name = "stage-default"

	ingress {
	from_port = 22
	to_port = 22
	protocol = "tcp"
	cidr_blocks = ["0.0.0.0/0"]
	}

	vpc_id = "${aws_vpc.stage.id}"

	tags {
	Name = "stage-default"
	Env = "stage"
	}
	}

	# Example AWS instance

	resource "aws_instance" "stage-example-1b-1" {
	provisioner "chef" {
	node_name = "stage-example-1b-1"
	environment = "stage"
	run_list = ["ds_base"]
	secret_key = "${file("~/.chef/ds_encrypted_data_bag_secret")}"
	server_url = "https://api.chef.io/organizations/darksky"
	validation_client_name = "darksky"
	}
	ami = "${data.aws_ami.ubuntu_1604_hvm_ebs.id}"
	instance_type = "t2.micro"
	key_name = "${aws_key_pair.ds_aws_dev.id}"
	subnet_id = "${aws_subnet.stage-us-east-1b-private.id}"

	tags {
	Name = "stage-example-1b-1"
	Env = "stage"
	}
	}