paulcdejean/one.tf

## one.tf
provider "aws" {
  region = "us-east-1"
}

resource "aws_vpc" "vpc" {
  cidr_block = "10.0.0.0/16"
  tags = {
    Name = "oauthexample"
  }
}

resource "aws_subnet" "nat" {
  vpc_id            = aws_vpc.vpc.id
  cidr_block        = "10.0.0.0/24"
  availability_zone = "us-east-1a"
  tags = {
    Name = "oauthexample_nat"
  }
}

resource "aws_subnet" "bastion" {
  vpc_id            = aws_vpc.vpc.id
  cidr_block        = "10.0.1.0/24"
  availability_zone = "us-east-1a"
  tags = {
    Name = "oauthexample_bastion"
  }
}

resource "aws_subnet" "lb" {
  vpc_id            = aws_vpc.vpc.id
  cidr_block        = "10.0.2.0/24"
  availability_zone = "us-east-1a"
  tags = {
    Name = "oauthexample_lb"
  }
}

resource "aws_subnet" "prom" {
  vpc_id            = aws_vpc.vpc.id
  cidr_block        = "10.0.3.0/24"
  availability_zone = "us-east-1a"
  tags = {
    Name = "oauthexample_prom"
  }
}

resource "aws_internet_gateway" "igw" {
  vpc_id = aws_vpc.vpc.id

  tags = {
    Name = "oauthexample_igw"
  }
}

resource "aws_route_table" "public" {
  vpc_id = aws_vpc.vpc.id

  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = aws_internet_gateway.igw.id
  }

  tags = {
    Name = "oauthexample_public"
  }
}

resource "aws_route_table_association" "bastion" {
  subnet_id      = aws_subnet.bastion.id
  route_table_id = aws_route_table.public.id
}

resource "aws_security_group" "bastion" {
  name        = "oauthexample-bastion"
  description = "launch-wizard-1 created 2019-12-23T15:23:25.365-06:00"
  vpc_id      = aws_vpc.vpc.id
}

resource "aws_security_group_rule" "bastion" {
  security_group_id = aws_security_group.bastion.id
  type              = "ingress"
  cidr_blocks       = ["0.0.0.0/0"]
  protocol          = "tcp"
  from_port         = 22
  to_port           = 22
}

resource "aws_security_group_rule" "bastion-1" {
  security_group_id = aws_security_group.bastion.id
  type              = "egress"
  cidr_blocks       = ["0.0.0.0/0"]
  protocol          = "all"
  from_port         = 0
  to_port           = 0
}

data "aws_iam_policy_document" "ec2_assume_role_policy" {
  statement {
    actions = ["sts:AssumeRole"]

    principals {
      type        = "Service"
      identifiers = ["ec2.amazonaws.com"]
    }
  }
}

resource "aws_iam_role" "ec2admin" {
  name               = "ec2admin"
  assume_role_policy = data.aws_iam_policy_document.ec2_assume_role_policy.json
  description        = "Allows EC2 instances to administer AWS services on your behalf."
  tags = {
    Name = "ec2admin"
  }
}

resource "aws_iam_role_policy_attachment" "attach_admin_to_ec2admin" {
  role       = aws_iam_role.ec2admin.name
  policy_arn = "arn:aws:iam::aws:policy/AdministratorAccess"
}


resource "aws_iam_instance_profile" "ec2admin" {
  name = "ec2admin"
  role = aws_iam_role.ec2admin.name
}

resource "aws_instance" "bastion" {
  ami                         = "ami-0c830793775595d4b"
  instance_type               = "t2.medium"
  subnet_id                   = aws_subnet.bastion.id
  associate_public_ip_address = true
  vpc_security_group_ids      = [aws_security_group.bastion.id]
  key_name                    = "worklaptop"
  iam_instance_profile        = aws_iam_instance_profile.ec2admin.name

  root_block_device {
    volume_size = 30
    volume_type = "gp2"
  }

  tags = {
    Name = "oauthexample bastion"
  }
}
	provider "aws" {
	region = "us-east-1"
	}

	resource "aws_vpc" "vpc" {
	cidr_block = "10.0.0.0/16"
	tags = {
	Name = "oauthexample"
	}
	}

	resource "aws_subnet" "nat" {
	vpc_id = aws_vpc.vpc.id
	cidr_block = "10.0.0.0/24"
	availability_zone = "us-east-1a"
	tags = {
	Name = "oauthexample_nat"
	}
	}

	resource "aws_subnet" "bastion" {
	vpc_id = aws_vpc.vpc.id
	cidr_block = "10.0.1.0/24"
	availability_zone = "us-east-1a"
	tags = {
	Name = "oauthexample_bastion"
	}
	}

	resource "aws_subnet" "lb" {
	vpc_id = aws_vpc.vpc.id
	cidr_block = "10.0.2.0/24"
	availability_zone = "us-east-1a"
	tags = {
	Name = "oauthexample_lb"
	}
	}

	resource "aws_subnet" "prom" {
	vpc_id = aws_vpc.vpc.id
	cidr_block = "10.0.3.0/24"
	availability_zone = "us-east-1a"
	tags = {
	Name = "oauthexample_prom"
	}
	}

	resource "aws_internet_gateway" "igw" {
	vpc_id = aws_vpc.vpc.id

	tags = {
	Name = "oauthexample_igw"
	}
	}

	resource "aws_route_table" "public" {
	vpc_id = aws_vpc.vpc.id

	route {
	cidr_block = "0.0.0.0/0"
	gateway_id = aws_internet_gateway.igw.id
	}

	tags = {
	Name = "oauthexample_public"
	}
	}

	resource "aws_route_table_association" "bastion" {
	subnet_id = aws_subnet.bastion.id
	route_table_id = aws_route_table.public.id
	}

	resource "aws_security_group" "bastion" {
	name = "oauthexample-bastion"
	description = "launch-wizard-1 created 2019-12-23T15:23:25.365-06:00"
	vpc_id = aws_vpc.vpc.id
	}

	resource "aws_security_group_rule" "bastion" {
	security_group_id = aws_security_group.bastion.id
	type = "ingress"
	cidr_blocks = ["0.0.0.0/0"]
	protocol = "tcp"
	from_port = 22
	to_port = 22
	}

	resource "aws_security_group_rule" "bastion-1" {
	security_group_id = aws_security_group.bastion.id
	type = "egress"
	cidr_blocks = ["0.0.0.0/0"]
	protocol = "all"
	from_port = 0
	to_port = 0
	}

	data "aws_iam_policy_document" "ec2_assume_role_policy" {
	statement {
	actions = ["sts:AssumeRole"]

	principals {
	type = "Service"
	identifiers = ["ec2.amazonaws.com"]
	}
	}
	}

	resource "aws_iam_role" "ec2admin" {
	name = "ec2admin"
	assume_role_policy = data.aws_iam_policy_document.ec2_assume_role_policy.json
	description = "Allows EC2 instances to administer AWS services on your behalf."
	tags = {
	Name = "ec2admin"
	}
	}

	resource "aws_iam_role_policy_attachment" "attach_admin_to_ec2admin" {
	role = aws_iam_role.ec2admin.name
	policy_arn = "arn:aws:iam::aws:policy/AdministratorAccess"
	}


	resource "aws_iam_instance_profile" "ec2admin" {
	name = "ec2admin"
	role = aws_iam_role.ec2admin.name
	}

	resource "aws_instance" "bastion" {
	ami = "ami-0c830793775595d4b"
	instance_type = "t2.medium"
	subnet_id = aws_subnet.bastion.id
	associate_public_ip_address = true
	vpc_security_group_ids = [aws_security_group.bastion.id]
	key_name = "worklaptop"
	iam_instance_profile = aws_iam_instance_profile.ec2admin.name

	root_block_device {
	volume_size = 30
	volume_type = "gp2"
	}

	tags = {
	Name = "oauthexample bastion"
	}
	}