joejulian/main.tf

## main.tf
# Specify the provider and access details
provider "aws" {
  region = "${var.aws_region}"
}

data "aws_ami" "centos" {
owners      = ["679593333241"]
most_recent = true
  filter {
      name   = "name"
      values = ["CentOS Linux 7 x86_64 HVM EBS *"]
  }

  filter {
      name   = "architecture"
      values = ["x86_64"]
  }

  filter {
      name   = "root-device-type"
      values = ["ebs"]
  }
}

# Create a VPC to launch our instances into
resource "aws_vpc" "default" {
  cidr_block = "10.0.0.0/16"
}

# Create an internet gateway to give our subnet access to the outside world
resource "aws_internet_gateway" "default" {
  vpc_id = "${aws_vpc.default.id}"
}

# Grant the VPC internet access on its main route table
resource "aws_route" "internet_access" {
  route_table_id         = "${aws_vpc.default.main_route_table_id}"
  destination_cidr_block = "0.0.0.0/0"
  gateway_id             = "${aws_internet_gateway.default.id}"
}

# Create a subnet to launch our instances into
resource "aws_subnet" "default" {
  vpc_id                  = "${aws_vpc.default.id}"
  cidr_block              = "10.0.1.0/24"
  map_public_ip_on_launch = true
}

# A security group for the ELB so it is accessible via the web
resource "aws_security_group" "elb" {
  name        = "terraform_example_elb"
  description = "Used in the terraform"
  vpc_id      = "${aws_vpc.default.id}"

  # HTTP access from anywhere
  ingress {
    from_port   = 6443
    to_port     = 6443
    protocol    = "tcp"
    cidr_blocks = ["50.35.106.192/32"]
  }

  # outbound internet access
  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

# Our default security group to access
# the instances over SSH and HTTP
resource "aws_security_group" "default" {
  name        = "terraform_example"
  description = "Used in the terraform"
  vpc_id      = "${aws_vpc.default.id}"

  # SSH access from anywhere
  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["50.35.106.192/32"]
  }

  # HTTP access from the VPC
  ingress {
    from_port   = 6443
    to_port     = 6443
    protocol    = "tcp"
    cidr_blocks = ["10.0.0.0/16"]
  }

  # outbound internet access
  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

resource "aws_elb" "control" {
  name = "terraform-example-elb"

  subnets         = ["${aws_subnet.default.id}"]
  security_groups = ["${aws_security_group.elb.id}"]
  instances       = ["${aws_instance.control.*.id}"]

  listener {
    instance_port     = 6443
    instance_protocol = "http"
    lb_port           = 6443
    lb_protocol       = "http"
  }
}

resource "aws_key_pair" "auth" {
  key_name   = "${var.key_name}"
  public_key = "${file(var.public_key_path)}"
}

resource "aws_instance" "control" {
  # The connection block tells our provisioner how to
  # communicate with the resource (instance)
  connection {
    # The default username for our AMI
    user = "centos"

    # The connection will use the local SSH agent for authentication.
  }

  instance_type = "t2.micro"

  # Lookup the correct AMI based on the region
  # we specified
  ami = "${data.aws_ami.centos.id}"

  # The name of our SSH keypair we created above.
  key_name = "${aws_key_pair.auth.id}"

  # Our Security group to allow HTTP and SSH access
  vpc_security_group_ids = ["${aws_security_group.default.id}"]

  # We're going to launch into the same subnet as our ELB. In a production
  # environment it's more common to have a separate private subnet for
  # backend instances.
  subnet_id = "${aws_subnet.default.id}"
}

resource "aws_instance" "workers" {
  # The connection block tells our provisioner how to
  # communicate with the resource (instance)
  connection {
    # The default username for our AMI
    user = "centos"

    # The connection will use the local SSH agent for authentication.
  }

  instance_type = "t2.micro"

  # Lookup the correct AMI based on the region
  # we specified
  ami = "${data.aws_ami.centos.id}"

  # The name of our SSH keypair we created above.
  key_name = "${aws_key_pair.auth.id}"

  # Our Security group to allow HTTP and SSH access
  vpc_security_group_ids = ["${aws_security_group.default.id}"]

  # We're going to launch into the same subnet as our ELB. In a production
  # environment it's more common to have a separate private subnet for
  # backend instances.
  subnet_id = "${aws_subnet.default.id}"

  count=3
}


## outputs.tf
output "master_address" {
  value = "${aws_instance.control.*.public_ip}"
}
output "worker_address" {
  value = "${aws_instance.workers.*.public_ip}"
}

## variables.tf
variable "public_key_path" {
  description = <<DESCRIPTION
Path to the SSH public key to be used for authentication.
Ensure this keypair is added to your local SSH agent so provisioners can
connect.

Example: ~/.ssh/terraform.pub
DESCRIPTION
}

variable "key_name" {
  description = "Desired name of AWS key pair"
}

variable "aws_region" {
  description = "AWS region to launch servers."
  default     = "us-west-2"
}

# Ubuntu Precise 12.04 LTS (x64)
variable "aws_amis" {
  default = {
    eu-west-1 = "ami-674cbc1e"
    us-east-1 = "ami-1d4e7a66"
    us-west-1 = "ami-969ab1f6"
    us-west-2 = "ami-8803e0f0"
  }
}
	# Specify the provider and access details
	provider "aws" {
	region = "${var.aws_region}"
	}

	data "aws_ami" "centos" {
	owners = ["679593333241"]
	most_recent = true
	filter {
	name = "name"
	values = ["CentOS Linux 7 x86_64 HVM EBS *"]
	}

	filter {
	name = "architecture"
	values = ["x86_64"]
	}

	filter {
	name = "root-device-type"
	values = ["ebs"]
	}
	}

	# Create a VPC to launch our instances into
	resource "aws_vpc" "default" {
	cidr_block = "10.0.0.0/16"
	}

	# Create an internet gateway to give our subnet access to the outside world
	resource "aws_internet_gateway" "default" {
	vpc_id = "${aws_vpc.default.id}"
	}

	# Grant the VPC internet access on its main route table
	resource "aws_route" "internet_access" {
	route_table_id = "${aws_vpc.default.main_route_table_id}"
	destination_cidr_block = "0.0.0.0/0"
	gateway_id = "${aws_internet_gateway.default.id}"
	}

	# Create a subnet to launch our instances into
	resource "aws_subnet" "default" {
	vpc_id = "${aws_vpc.default.id}"
	cidr_block = "10.0.1.0/24"
	map_public_ip_on_launch = true
	}

	# A security group for the ELB so it is accessible via the web
	resource "aws_security_group" "elb" {
	name = "terraform_example_elb"
	description = "Used in the terraform"
	vpc_id = "${aws_vpc.default.id}"

	# HTTP access from anywhere
	ingress {
	from_port = 6443
	to_port = 6443
	protocol = "tcp"
	cidr_blocks = ["50.35.106.192/32"]
	}

	# outbound internet access
	egress {
	from_port = 0
	to_port = 0
	protocol = "-1"
	cidr_blocks = ["0.0.0.0/0"]
	}
	}

	# Our default security group to access
	# the instances over SSH and HTTP
	resource "aws_security_group" "default" {
	name = "terraform_example"
	description = "Used in the terraform"
	vpc_id = "${aws_vpc.default.id}"

	# SSH access from anywhere
	ingress {
	from_port = 22
	to_port = 22
	protocol = "tcp"
	cidr_blocks = ["50.35.106.192/32"]
	}

	# HTTP access from the VPC
	ingress {
	from_port = 6443
	to_port = 6443
	protocol = "tcp"
	cidr_blocks = ["10.0.0.0/16"]
	}

	# outbound internet access
	egress {
	from_port = 0
	to_port = 0
	protocol = "-1"
	cidr_blocks = ["0.0.0.0/0"]
	}
	}

	resource "aws_elb" "control" {
	name = "terraform-example-elb"

	subnets = ["${aws_subnet.default.id}"]
	security_groups = ["${aws_security_group.elb.id}"]
	instances = ["${aws_instance.control.*.id}"]

	listener {
	instance_port = 6443
	instance_protocol = "http"
	lb_port = 6443
	lb_protocol = "http"
	}
	}

	resource "aws_key_pair" "auth" {
	key_name = "${var.key_name}"
	public_key = "${file(var.public_key_path)}"
	}

	resource "aws_instance" "control" {
	# The connection block tells our provisioner how to
	# communicate with the resource (instance)
	connection {
	# The default username for our AMI
	user = "centos"

	# The connection will use the local SSH agent for authentication.
	}

	instance_type = "t2.micro"

	# Lookup the correct AMI based on the region
	# we specified
	ami = "${data.aws_ami.centos.id}"

	# The name of our SSH keypair we created above.
	key_name = "${aws_key_pair.auth.id}"

	# Our Security group to allow HTTP and SSH access
	vpc_security_group_ids = ["${aws_security_group.default.id}"]

	# We're going to launch into the same subnet as our ELB. In a production
	# environment it's more common to have a separate private subnet for
	# backend instances.
	subnet_id = "${aws_subnet.default.id}"
	}

	resource "aws_instance" "workers" {
	# The connection block tells our provisioner how to
	# communicate with the resource (instance)
	connection {
	# The default username for our AMI
	user = "centos"

	# The connection will use the local SSH agent for authentication.
	}

	instance_type = "t2.micro"

	# Lookup the correct AMI based on the region
	# we specified
	ami = "${data.aws_ami.centos.id}"

	# The name of our SSH keypair we created above.
	key_name = "${aws_key_pair.auth.id}"

	# Our Security group to allow HTTP and SSH access
	vpc_security_group_ids = ["${aws_security_group.default.id}"]

	# We're going to launch into the same subnet as our ELB. In a production
	# environment it's more common to have a separate private subnet for
	# backend instances.
	subnet_id = "${aws_subnet.default.id}"

	count=3
	}
	output "master_address" {
	value = "${aws_instance.control.*.public_ip}"
	}
	output "worker_address" {
	value = "${aws_instance.workers.*.public_ip}"
	}
	variable "public_key_path" {
	description = <<DESCRIPTION
	Path to the SSH public key to be used for authentication.
	Ensure this keypair is added to your local SSH agent so provisioners can
	connect.

	Example: ~/.ssh/terraform.pub
	DESCRIPTION
	}

	variable "key_name" {
	description = "Desired name of AWS key pair"
	}

	variable "aws_region" {
	description = "AWS region to launch servers."
	default = "us-west-2"
	}

	# Ubuntu Precise 12.04 LTS (x64)
	variable "aws_amis" {
	default = {
	eu-west-1 = "ami-674cbc1e"
	us-east-1 = "ami-1d4e7a66"
	us-west-1 = "ami-969ab1f6"
	us-west-2 = "ami-8803e0f0"
	}
	}