Skip to content

Instantly share code, notes, and snippets.

@jeffbyrnes
Last active August 9, 2016 19:24
Show Gist options
  • Save jeffbyrnes/4c4fb2e1398915a5e0bd8c5bba77dba0 to your computer and use it in GitHub Desktop.
Save jeffbyrnes/4c4fb2e1398915a5e0bd8c5bba77dba0 to your computer and use it in GitHub Desktop.
Dark Sky Terraform configs
provider "aws" {
region = "us-east-1"
profile = "darksky"
}
data "aws_ami" "ubuntu_1604_hvm_ebs" {
most_recent = true
filter {
name = "name"
values = ["ubuntu/images/*/ubuntu-*-16.04*"]
}
filter {
name = "root-device-type"
values = ["ebs"]
}
filter {
name = "virtualization-type"
values = ["hvm"]
}
owners = ["099720109477"]
}
data "aws_ami" "ubuntu_1604_hvm_instance" {
most_recent = true
filter {
name = "name"
values = ["ubuntu/images/*/ubuntu-*-16.04*"]
}
filter {
name = "root-device-type"
values = ["instance-store"]
}
filter {
name = "virtualization-type"
values = ["hvm"]
}
owners = ["099720109477"]
}
resource "aws_key_pair" "ds_aws_dev" {
key_name = "ds_aws_dev"
public_key = "${file("~/.ssh/ds_aws_dev.pub")}"
}
resource "aws_key_pair" "ds_travis_ci" {
key_name = "ds_travis_ci"
public_key = "${file("~/.ssh/ds_travis_ci.pub")}"
}
resource "aws_vpc" "stage" {
cidr_block = "172.0.0.0/16"
tags {
Name = "stage-vpc"
Env = "stage"
}
}
resource "aws_internet_gateway" "stage" {
vpc_id = "${aws_vpc.stage.id}"
tags {
Name = "stage-igw"
Env = "stage"
}
}
# NAT
resource "aws_eip" "stage-nat" {
vpc = true
tags {
Name = "stage-nat-eip"
Env = "stage"
}
}
resource "aws_nat_gateway" "stage" {
allocation_id = "${aws_eip.stage-nat.id}"
subnet_id = "${aws_subnet.public.id}"
depends_on = ["aws_internet_gateway.stage"]
tags {
Name = "stage-nat"
Env = "stage"
}
}
# Public subnets
resource "aws_subnet" "stage-us-east-1b-public" {
vpc_id = "${aws_vpc.stage.id}"
cidr_block = "172.0.0.0/24"
availability_zone = "us-east-1b"
tags {
Name = "stage-us-east-1b-public"
Env = "stage"
}
}
# Routing table for public subnets
resource "aws_route_table" "stage-us-east-1-public" {
vpc_id = "${aws_vpc.stage.id}"
route {
cidr_block = "0.0.0.0/0"
gateway_id = "${aws_internet_gateway.stage.id}"
}
tags {
Name = "stage-us-east-1-public"
Env = "stage"
}
}
resource "aws_route_table_association" "stage-us-east-1b-public" {
subnet_id = "${aws_subnet.stage-us-east-1b-public.id}"
route_table_id = "${aws_route_table.stage-us-east-1-public.id}"
tags {
Name = "stage-us-east-1b-public"
Env = "stage"
}
}
# Private subnets
resource "aws_subnet" "stage-us-east-1b-private" {
vpc_id = "${aws_vpc.stage.id}"
cidr_block = "172.0.1.0/24"
availability_zone = "us-east-1b"
tags {
Name = "stage-us-east-1b-private"
Env = "stage"
}
}
# Routing table for private subnets
resource "aws_route_table" "stage-us-east-1-private" {
vpc_id = "${aws_vpc.stage.id}"
route {
cidr_block = "0.0.0.0/0"
gateway_id = "${aws_nat_gateway.stage-nat.id}"
}
tags {
Name = "stage-us-east-1-private"
Env = "stage"
}
}
resource "aws_route_table_association" "stage-us-east-1b-private" {
subnet_id = "${aws_subnet.stage-us-east-1b-private.id}"
route_table_id = "${aws_route_table.stage-us-east-1-private.id}"
tags {
Name = "stage-us-east-1b-private"
Env = "stage"
}
}
# Bastion
# Allow SSH traffic from the internet
resource "aws_security_group" "stage-bastion" {
name = "stage-bastion"
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
vpc_id = "${aws_vpc.stage.id}"
tags {
Name = "stage-bastion"
Env = "stage"
}
}
resource "aws_instance" "stage-bastion" {
ami = "${data.aws_ami.ubuntu_1604_hvm_ebs.id}"
instance_type = "t2.micro"
key_name = "${aws_key_pair.ds_aws_dev.id}"
security_groups = ["${aws_security_group.stage-bastion.id}"]
subnet_id = "${aws_subnet.stage-us-east-1b-public.id}"
tags {
Name = "stage-bastion"
Env = "stage"
}
}
resource "aws_eip" "stage-bastion" {
instance = "${aws_instance.stage-bastion.id}"
vpc = true
tags {
Name = "stage-bastion-eip"
Env = "stage"
}
}
# Default stage VPC security group
# Set default stage VPC access
resource "aws_security_group" "stage-default" {
name = "stage-default"
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
vpc_id = "${aws_vpc.stage.id}"
tags {
Name = "stage-default"
Env = "stage"
}
}
# Example AWS instance
resource "aws_instance" "stage-example-1b-1" {
provisioner "chef" {
node_name = "stage-example-1b-1"
environment = "stage"
run_list = ["ds_base"]
secret_key = "${file("~/.chef/ds_encrypted_data_bag_secret")}"
server_url = "https://api.chef.io/organizations/darksky"
validation_client_name = "darksky"
}
ami = "${data.aws_ami.ubuntu_1604_hvm_ebs.id}"
instance_type = "t2.micro"
key_name = "${aws_key_pair.ds_aws_dev.id}"
subnet_id = "${aws_subnet.stage-us-east-1b-private.id}"
tags {
Name = "stage-example-1b-1"
Env = "stage"
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment