-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.tf
151 lines (126 loc) · 3.3 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
terraform {
required_version = "~> 1.9"
backend "s3" {
bucket = "terraform-aws-init-bucket"
key = "cloudform/terraform.tfstate"
dynamodb_table = "TerraformLockTable"
region = "eu-west-3"
profile = "my_admin"
}
}
provider "aws" {
region = local.region
profile = "my_admin"
}
locals {
proj = "cloud-drive"
region = "eu-west-3" # Paris
user = "ubuntu"
default_ami = "ami-09d83d8d719da9808" # Ubuntu
default_instance_type = "t3a.small"
default_public_key = join(".", [local.proj, "pub"]) // will return "key_name.pub"
drive_subdomain = join(".", ["drive", var.apex_domain])
tags = {
Name = local.proj
}
}
resource "aws_vpc" "default" {
cidr_block = "10.0.0.0/16"
tags = local.tags
}
resource "aws_internet_gateway" "default" {
vpc_id = aws_vpc.default.id
tags = local.tags
}
resource "aws_route_table" "public" {
vpc_id = aws_vpc.default.id
tags = local.tags
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.default.id
}
}
resource "aws_route_table_association" "public" {
route_table_id = aws_route_table.public.id
subnet_id = aws_subnet.public.id
}
resource "aws_subnet" "public" {
cidr_block = "10.0.1.0/24"
vpc_id = aws_vpc.default.id
map_public_ip_on_launch = true
tags = local.tags
}
resource "aws_key_pair" "default" {
key_name = local.proj
public_key = file(join("/", [pathexpand("~/.ssh"), local.default_public_key]))
}
resource "aws_security_group" "default" {
vpc_id = aws_vpc.default.id
tags = local.tags
name = "Default SG"
ingress {
from_port = 22
protocol = "tcp"
to_port = 22
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 443
protocol = "tcp"
to_port = 443
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 80
protocol = "tcp"
to_port = 80
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
protocol = "-1"
to_port = 0
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "aws_eip" "ip" {
instance = aws_instance.public.id
tags = local.tags
depends_on = [aws_instance.public]
lifecycle {
prevent_destroy = true
}
}
resource "aws_instance" "public" {
ami = local.default_ami
instance_type = local.default_instance_type
subnet_id = aws_subnet.public.id
key_name = aws_key_pair.default.key_name
vpc_security_group_ids = [aws_security_group.default.id]
root_block_device {
volume_type = "gp3"
volume_size = 25
encrypted = true
}
tags = local.tags
connection {
# The default username for our AMI
user = local.user
host = self.public_ip
# The connection will use the local SSH agent for authentication.
}
provisioner "local-exec" {
command = "ANSIBLE_HOST_KEY_CHECKING=False sleep 120 && ansible-playbook -i \"${self.public_ip},\" -u \"${local.user}\" provision.yml"
working_dir = "./ansible"
}
}
data "aws_route53_zone" "primary" {
name = var.apex_domain
}
resource "aws_route53_record" "drive_A" {
name = local.drive_subdomain
type = "A"
ttl = 86400
zone_id = data.aws_route53_zone.primary.zone_id
records = [aws_eip.ip.public_ip]
}