Skip to content

Instantly share code, notes, and snippets.

@njofce
Created August 30, 2020 08:12
Show Gist options
  • Save njofce/2513eb37bf0e97494bdada17e0ae0123 to your computer and use it in GitHub Desktop.
Save njofce/2513eb37bf0e97494bdada17e0ae0123 to your computer and use it in GitHub Desktop.
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
}
}
}
provider "aws" {
profile = "Encite"
region = "us-east-1"
}
provider "aws" {
alias = "eu"
profile = "Encite"
region = "eu-central-1"
}
provider "aws" {
alias = "ap"
profile = "Encite"
region = "ap-northeast-1"
}
resource "aws_vpc" "custom-vpc-1" {
provider = aws
cidr_block = "10.0.0.0/16"
enable_dns_support = true
enable_dns_hostnames = true
}
resource "aws_vpc" "custom-vpc-2" {
provider = aws.eu
cidr_block = "10.0.0.0/16"
enable_dns_support = true
enable_dns_hostnames = true
}
resource "aws_vpc" "custom-vpc-3" {
provider = aws.ap
cidr_block = "10.0.0.0/16"
enable_dns_support = true
enable_dns_hostnames = true
}
resource "aws_subnet" "custom-subnet-1" {
provider = aws
cidr_block = "10.0.1.0/24"
vpc_id = aws_vpc.custom-vpc-1.id
map_public_ip_on_launch = true
}
resource "aws_subnet" "custom-subnet-2" {
provider = aws.eu
cidr_block = "10.0.1.0/24"
vpc_id = aws_vpc.custom-vpc-2.id
map_public_ip_on_launch = true
}
resource "aws_subnet" "custom-subnet-3" {
provider = aws.ap
cidr_block = "10.0.1.0/24"
vpc_id = aws_vpc.custom-vpc-3.id
map_public_ip_on_launch = true
}
resource "aws_internet_gateway" "custom-igw-1" {
provider = aws
vpc_id = aws_vpc.custom-vpc-1.id
}
resource "aws_internet_gateway" "custom-igw-2" {
provider = aws.eu
vpc_id = aws_vpc.custom-vpc-2.id
}
resource "aws_internet_gateway" "custom-igw-3" {
provider = aws.ap
vpc_id = aws_vpc.custom-vpc-3.id
}
resource "aws_route_table" "custom-rt1" {
provider = aws
vpc_id = aws_vpc.custom-vpc-1.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.custom-igw-1.id
}
}
resource "aws_route_table" "custom-rt2" {
provider = aws.eu
vpc_id = aws_vpc.custom-vpc-2.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.custom-igw-2.id
}
}
resource "aws_route_table" "custom-rt3" {
provider = aws.ap
vpc_id = aws_vpc.custom-vpc-3.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.custom-igw-3.id
}
}
resource "aws_route_table_association" "custom-rt-association-1" {
provider = aws
route_table_id = aws_route_table.custom-rt1.id
subnet_id = aws_subnet.custom-subnet-1.id
}
resource "aws_route_table_association" "custom-rt-association-2" {
provider = aws.eu
route_table_id = aws_route_table.custom-rt2.id
subnet_id = aws_subnet.custom-subnet-2.id
}
resource "aws_route_table_association" "custom-rt-association-3" {
provider = aws.ap
route_table_id = aws_route_table.custom-rt3.id
subnet_id = aws_subnet.custom-subnet-3.id
}
variable "ingress-rules" {
default = {
"http-ingress" = {
description = "For HTTP"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
},
"ssh-ingress" = {
description = "For SSH"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
}
type = map(object({
description = string
from_port = number
to_port = number
protocol = string
cidr_blocks = list(string)
}))
}
variable "egress-rules" {
default = {
"all-egress" = {
description = "All"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
type = map(object({
description = string
from_port = number
to_port = number
protocol = string
cidr_blocks = list(string)
}))
}
resource "aws_security_group" "custom-sg1" {
provider = aws
name = "allow_http_and_ssh"
description = "Allow HTTP and SSH traffic"
vpc_id = aws_vpc.custom-vpc-1.id
dynamic "ingress" {
for_each = var.ingress-rules
content {
description = lookup(ingress.value, "description", null)
from_port = lookup(ingress.value, "from_port", null)
to_port = lookup(ingress.value, "to_port", null)
protocol = lookup(ingress.value, "protocol", null)
cidr_blocks = lookup(ingress.value, "cidr_blocks", null)
}
}
dynamic "egress" {
for_each = var.egress-rules
content {
description = lookup(egress.value, "description", null)
from_port = lookup(egress.value, "from_port", null)
to_port = lookup(egress.value, "to_port", null)
protocol = lookup(egress.value, "protocol", null)
cidr_blocks = lookup(egress.value, "cidr_blocks", null)
}
}
}
resource "aws_security_group" "custom-sg2" {
provider = aws.eu
name = "allow_http_and_ssh"
description = "Allow HTTP and SSH traffic"
vpc_id = aws_vpc.custom-vpc-2.id
dynamic "ingress" {
for_each = var.ingress-rules
content {
description = lookup(ingress.value, "description", null)
from_port = lookup(ingress.value, "from_port", null)
to_port = lookup(ingress.value, "to_port", null)
protocol = lookup(ingress.value, "protocol", null)
cidr_blocks = lookup(ingress.value, "cidr_blocks", null)
}
}
dynamic "egress" {
for_each = var.egress-rules
content {
description = lookup(egress.value, "description", null)
from_port = lookup(egress.value, "from_port", null)
to_port = lookup(egress.value, "to_port", null)
protocol = lookup(egress.value, "protocol", null)
cidr_blocks = lookup(egress.value, "cidr_blocks", null)
}
}
}
resource "aws_security_group" "custom-sg3" {
provider = aws.ap
name = "allow_http_and_ssh"
description = "Allow HTTP and SSH traffic"
dynamic "ingress" {
for_each = var.ingress-rules
content {
description = lookup(ingress.value, "description", null)
from_port = lookup(ingress.value, "from_port", null)
to_port = lookup(ingress.value, "to_port", null)
protocol = lookup(ingress.value, "protocol", null)
cidr_blocks = lookup(ingress.value, "cidr_blocks", null)
}
}
dynamic "egress" {
for_each = var.egress-rules
content {
description = lookup(egress.value, "description", null)
from_port = lookup(egress.value, "from_port", null)
to_port = lookup(egress.value, "to_port", null)
protocol = lookup(egress.value, "protocol", null)
cidr_blocks = lookup(egress.value, "cidr_blocks", null)
}
}
}
resource "aws_key_pair" "custom-kp1" {
provider = aws
key_name = "terraform-keys2"
public_key = "ssh-rsa XT3RdHf7oZcdjPjf0OYSvDHk/WNMvkjF0FMoW+RBtakDyMLFJxIlXqI3lAiwk173n65AlBn1gQ3hgpMT/IgTZLJg6EluyjgL4heyVRuAedh3dBjNHkucRKSCfcNQVFVIeJbAbWG0JJbmVwLIa/JWY+YPyXlYpSqCwCicRcZXea1e6p+TX5GZvKn+MO/rIFRIXbEFIPDIV1nEivj7HW4hADLTIPA1CjGAqaVbqr65Xr4sbpDl0KvDha+uPjueMjKOV93A6a/RUIP5EftZ40cIR2oqu7GH677R5f19GtK6yHfUBlzCbclBlVnrMYWEEBFiG3dIQv55cDs97u9iyeSLqcde2OX4ZEhjb5PH7YOtG8AS0qbu1Y70RG2UgDa3Bv5AcT673mw0ab3kXtUjng1d05eC6pA+voW5jxV/g4a3ESlGtnD029jpfl6vaz53cjL4ml+JXRRgnBVMb= x@Nasis-MacBook-Pro.local"
}
resource "aws_key_pair" "custom-kp2" {
provider = aws.eu
key_name = "terraform-keys2"
public_key = "ssh-rsa XT3RdHf7oZcdjPjf0OYSvDHk/WNMvkjF0FMoW+RBtakDyMLFJxIlXqI3lAiwk173n65AlBn1gQ3hgpMT/IgTZLJg6EluyjgL4heyVRuAedh3dBjNHkucRKSCfcNQVFVIeJbAbWG0JJbmVwLIa/JWY+YPyXlYpSqCwCicRcZXea1e6p+TX5GZvKn+MO/rIFRIXbEFIPDIV1nEivj7HW4hADLTIPA1CjGAqaVbqr65Xr4sbpDl0KvDha+uPjueMjKOV93A6a/RUIP5EftZ40cIR2oqu7GH677R5f19GtK6yHfUBlzCbclBlVnrMYWEEBFiG3dIQv55cDs97u9iyeSLqcde2OX4ZEhjb5PH7YOtG8AS0qbu1Y70RG2UgDa3Bv5AcT673mw0ab3kXtUjng1d05eC6pA+voW5jxV/g4a3ESlGtnD029jpfl6vaz53cjL4ml+JXRRgnBVMb= x@Nasis-MacBook-Pro.local"
}
resource "aws_key_pair" "custom-kp3" {
provider = aws.ap
key_name = "terraform-keys2"
public_key = "ssh-rsa XT3RdHf7oZcdjPjf0OYSvDHk/WNMvkjF0FMoW+RBtakDyMLFJxIlXqI3lAiwk173n65AlBn1gQ3hgpMT/IgTZLJg6EluyjgL4heyVRuAedh3dBjNHkucRKSCfcNQVFVIeJbAbWG0JJbmVwLIa/JWY+YPyXlYpSqCwCicRcZXea1e6p+TX5GZvKn+MO/rIFRIXbEFIPDIV1nEivj7HW4hADLTIPA1CjGAqaVbqr65Xr4sbpDl0KvDha+uPjueMjKOV93A6a/RUIP5EftZ40cIR2oqu7GH677R5f19GtK6yHfUBlzCbclBlVnrMYWEEBFiG3dIQv55cDs97u9iyeSLqcde2OX4ZEhjb5PH7YOtG8AS0qbu1Y70RG2UgDa3Bv5AcT673mw0ab3kXtUjng1d05eC6pA+voW5jxV/g4a3ESlGtnD029jpfl6vaz53cjL4ml+JXRRgnBVMb= x@Nasis-MacBook-Pro.local"
}
resource "aws_instance" "custom-ec2-1" {
provider = aws
ami = "ami-02354e95b39ca8dec"
instance_type = "t2.micro"
key_name = aws_key_pair.custom-kp1.key_name
subnet_id = aws_subnet.custom-subnet-1.id
security_groups = [aws_security_group.custom-sg1.id]
user_data = ""
}
resource "aws_instance" "custom-ec2-2" {
provider = aws.eu
ami = "ami-0c115dbd34c69a004"
instance_type = "t2.micro"
key_name = aws_key_pair.custom-kp2.key_name
subnet_id = aws_subnet.custom-subnet-2.id
security_groups = [aws_security_group.custom-sg2.id]
user_data = ""
}
resource "aws_instance" "custom-ec2-3" {
provider = aws.ap
ami = "ami-0cc75a8978fbbc969"
instance_type = "t2.micro"
key_name = aws_key_pair.custom-kp3.key_name
subnet_id = aws_subnet.custom-subnet-3.id
security_groups = [aws_security_group.custom-sg3.id]
user_data = ""
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment