phillhocking/cloudinit.yml

## cloudinit.yml
#cloud-config
packages:
  - apt-transport-https
  - ca-certificates
  - curl
  - gnupg-agent
  - software-properties-common
  - git

# create the docker group
groups:
  - docker

# Install Docker, for production, consider pinning to stable versions
runcmd:
  - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
  - add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
  - apt-get update -y
  - apt-get install -y docker-ce=5:20.10.1~3-0~ubuntu-bionic docker-ce-cli=5:20.10.1~3-0~ubuntu-bionic containerd.io=1.4.3-1 docker-compose=1.17.1-2
  - systemctl start docker
  - systemctl enable docker
  - chown -R ubuntu:ubuntu /home/ubuntu
  - bash /home/ubuntu/netbox.sh

# Add default auto created user to docker group
system_info:
  default_user:
    name: ubuntu
    groups: [docker]

# Enable ipv4 forwarding, required on CIS hardened machines
# Install netbox-docker and render docker-compose.override.yml
write_files:
  - path: /etc/sysctl.d/enabled_ipv4_forwarding.conf
    content: |
      net.ipv4.conf.all.forwarding=1
  - path: /home/ubuntu/netbox.sh
    permissions: '0755'
    owner: ubuntu:ubuntu
    content: |
      #!/bin/bash

      git clone -b release https://github.com/netbox-community/netbox-docker.git
      cd netbox-docker
      git checkout tags/1.0.2 -b 1.0.2-branch
      tee docker-compose.override.yml <<EOF
      version: '3.4'
      services:
        netbox:
          ports:
            - 80:8080
      EOF
      docker-compose pull
      docker-compose up -d

## main.tf
provider "aws" {
  region     = var.aws_region
  access_key = var.access_key
  secret_key = var.secret_key
}

data "aws_ami" "ubuntu" {
  most_recent = true

  filter {
    name   = "name"
    values = ["ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-20201211.1"]
  }

  filter {
    name   = "virtualization-type"
    values = ["hvm"]
  }

  owners = ["099720109477"] # Canonical
}

data "template_file" "deploy" {
  template = file("cloudinit.yml")

}

resource "aws_instance" "netbox_prod" {
  ami                    = data.aws_ami.ubuntu.id
  instance_type          = "t2.micro"
  key_name               = var.key_name
  vpc_security_group_ids = [aws_security_group.netbox_prod.id]
  user_data              = data.template_file.deploy.rendered
  tags = {
    Name = "netbox-prod"
  }
}

## outputs.tf
output "public_ip" {
  description = "List of public IP addresses assigned to the instances, if applicable"
  value       = aws_instance.netbox_prod.public_ip
}

## security_groups.tf
resource "aws_security_group" "netbox_prod" {
  name        = "netbox-prod"
  description = "Allow SSH inbound , all HTTP inbound, and all outbound traffic"

  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = [var.management_cidr_block]
  }

  # These hardcoded values come from the Terraform Cloud API described at https://www.terraform.io/docs/cloud/api/ip-ranges.html so the provisioner blocks can run
  # These may be subject to change

  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

## variables.tf
variable "access_key" {}
variable "secret_key" {}
variable "management_cidr_block" {}
variable "key_name" {
  default = "terraform"
}

variable "aws_region" {
  default = "us-west-2"
}
	#cloud-config
	packages:
	- apt-transport-https
	- ca-certificates
	- curl
	- gnupg-agent
	- software-properties-common
	- git

	# create the docker group
	groups:
	- docker

	# Install Docker, for production, consider pinning to stable versions
	runcmd:
	- curl -fsSL https://download.docker.com/linux/ubuntu/gpg \| apt-key add -
	- add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
	- apt-get update -y
	- apt-get install -y docker-ce=5:20.10.1~3-0~ubuntu-bionic docker-ce-cli=5:20.10.1~3-0~ubuntu-bionic containerd.io=1.4.3-1 docker-compose=1.17.1-2
	- systemctl start docker
	- systemctl enable docker
	- chown -R ubuntu:ubuntu /home/ubuntu
	- bash /home/ubuntu/netbox.sh

	# Add default auto created user to docker group
	system_info:
	default_user:
	name: ubuntu
	groups: [docker]

	# Enable ipv4 forwarding, required on CIS hardened machines
	# Install netbox-docker and render docker-compose.override.yml
	write_files:
	- path: /etc/sysctl.d/enabled_ipv4_forwarding.conf
	content: \|
	net.ipv4.conf.all.forwarding=1
	- path: /home/ubuntu/netbox.sh
	permissions: '0755'
	owner: ubuntu:ubuntu
	content: \|
	#!/bin/bash

	git clone -b release https://github.com/netbox-community/netbox-docker.git
	cd netbox-docker
	git checkout tags/1.0.2 -b 1.0.2-branch
	tee docker-compose.override.yml <<EOF
	version: '3.4'
	services:
	netbox:
	ports:
	- 80:8080
	EOF
	docker-compose pull
	docker-compose up -d
	provider "aws" {
	region = var.aws_region
	access_key = var.access_key
	secret_key = var.secret_key
	}

	data "aws_ami" "ubuntu" {
	most_recent = true

	filter {
	name = "name"
	values = ["ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-20201211.1"]
	}

	filter {
	name = "virtualization-type"
	values = ["hvm"]
	}

	owners = ["099720109477"] # Canonical
	}

	data "template_file" "deploy" {
	template = file("cloudinit.yml")

	}

	resource "aws_instance" "netbox_prod" {
	ami = data.aws_ami.ubuntu.id
	instance_type = "t2.micro"
	key_name = var.key_name
	vpc_security_group_ids = [aws_security_group.netbox_prod.id]
	user_data = data.template_file.deploy.rendered
	tags = {
	Name = "netbox-prod"
	}
	}
	output "public_ip" {
	description = "List of public IP addresses assigned to the instances, if applicable"
	value = aws_instance.netbox_prod.public_ip
	}
	resource "aws_security_group" "netbox_prod" {
	name = "netbox-prod"
	description = "Allow SSH inbound , all HTTP inbound, and all outbound traffic"

	ingress {
	from_port = 22
	to_port = 22
	protocol = "tcp"
	cidr_blocks = [var.management_cidr_block]
	}

	# These hardcoded values come from the Terraform Cloud API described at https://www.terraform.io/docs/cloud/api/ip-ranges.html so the provisioner blocks can run
	# These may be subject to change

	ingress {
	from_port = 80
	to_port = 80
	protocol = "tcp"
	cidr_blocks = ["0.0.0.0/0"]
	}

	egress {
	from_port = 0
	to_port = 0
	protocol = "-1"
	cidr_blocks = ["0.0.0.0/0"]
	}
	}
	variable "access_key" {}
	variable "secret_key" {}
	variable "management_cidr_block" {}
	variable "key_name" {
	default = "terraform"
	}

	variable "aws_region" {
	default = "us-west-2"
	}