mikamboo/README.md

## README.md

      
    Raw
  

              README.md
            
          
    Créer une machine bastion en 2 minutes gâce à Terraform sur le cloud.
Using AWS

Nécessite d'avoir installé AWS-cli et configuré un compte de service dédié (AMI Programmatic Access sur le portail AWS).
Exemple de config présente sur système où on a installé TF (~/.aws)
[terraform]
 aws_access_key_id=XXXXXXXXXXXXXXX
 aws_secret_access_key=ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ

Install terraform

NOTE: see install_tf.sh script file bellow
chmod +x install_tf.sh
./install_tf.sh
Create SSH keys

mkdir ssh-keys
cd ssh-keys
ssh-keygen -t rsa -f id_rsa_aws

  
## aws-ec2.tf
provider "aws" {
  access_key = "XXXXXXXXXXXXXX"
  secret_key = "ZZZZZZZZZZZZZZZZZZZZZZZZZ"
  region     = "eu-west-3"
}

resource "aws_instance" "srv1" {
  ami = "ami-8ee056f3"
  instance_type = "t2.micro"
  key_name = "aws-ssh-key"
  tags {
    Name = "srv1"
  }
  security_groups = ["${aws_security_group.sg_serveurs.name}"]
  #Make post install script in postinstall.yml
  #user_data = "${file("postinstall.yml")}"
}

# SSH key
resource "aws_key_pair" "sshdeploy" {
  key_name   = "aws-ssh-key"
  public_key = "ssh-rsa ... PUBLIC KEY..."
}

resource "aws_default_vpc" "default" {
   tags = {
     Name = "Default VPC"
   }
 }

# SSH security group
resource "aws_security_group" "sg_ssh" {
  name = "sg_ssh"
  vpc_id      = "${aws_default_vpc.default.id}"
  description = "Permettre le SSH depuis mon IP"
  ingress {
    from_port = 22
    to_port   = 22
    protocol  = "tcp"
    cidr_blocks = ["1.2.3.4/32"]
  }
  egress {
    from_port = 0
    to_port   = 0
    protocol  = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

## install_tf.sh
#/bin/bash

TF_VERSION=0.12.28
cd /usr/local/bin/
wget -O terraform.zip https://releases.hashicorp.com/terraform/${TF_VERSION}/terraform_${TF_VERSION}_linux_amd64.zip
unzip terraform_0.12.8_linux_amd64.zip
chmod ugo+x terraform
sudo mv terraform /usr/local/bin/
rm -rf terraform.zip
terraform version

## main.tf
# Configure the AWS Provider
provider "aws" {
  profile = "terraform"
  region  = "eu-west-3"
}

# Create a C9 instance
resource "aws_cloud9_environment_ec2" "example" {
  instance_type = "t2.micro"
  name          = "bastion"
}
	provider "aws" {
	access_key = "XXXXXXXXXXXXXX"
	secret_key = "ZZZZZZZZZZZZZZZZZZZZZZZZZ"
	region = "eu-west-3"
	}

	resource "aws_instance" "srv1" {
	ami = "ami-8ee056f3"
	instance_type = "t2.micro"
	key_name = "aws-ssh-key"
	tags {
	Name = "srv1"
	}
	security_groups = ["${aws_security_group.sg_serveurs.name}"]
	#Make post install script in postinstall.yml
	#user_data = "${file("postinstall.yml")}"
	}

	# SSH key
	resource "aws_key_pair" "sshdeploy" {
	key_name = "aws-ssh-key"
	public_key = "ssh-rsa ... PUBLIC KEY..."
	}

	resource "aws_default_vpc" "default" {
	tags = {
	Name = "Default VPC"
	}
	}

	# SSH security group
	resource "aws_security_group" "sg_ssh" {
	name = "sg_ssh"
	vpc_id = "${aws_default_vpc.default.id}"
	description = "Permettre le SSH depuis mon IP"
	ingress {
	from_port = 22
	to_port = 22
	protocol = "tcp"
	cidr_blocks = ["1.2.3.4/32"]
	}
	egress {
	from_port = 0
	to_port = 0
	protocol = "-1"
	cidr_blocks = ["0.0.0.0/0"]
	}
	}
	#/bin/bash

	TF_VERSION=0.12.28
	cd /usr/local/bin/
	wget -O terraform.zip https://releases.hashicorp.com/terraform/${TF_VERSION}/terraform_${TF_VERSION}_linux_amd64.zip
	unzip terraform_0.12.8_linux_amd64.zip
	chmod ugo+x terraform
	sudo mv terraform /usr/local/bin/
	rm -rf terraform.zip
	terraform version
	# Configure the AWS Provider
	provider "aws" {
	profile = "terraform"
	region = "eu-west-3"
	}

	# Create a C9 instance
	resource "aws_cloud9_environment_ec2" "example" {
	instance_type = "t2.micro"
	name = "bastion"
	}