/
main.tf
83 lines (70 loc) · 1.85 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
variable "profile" {
description = "Profile with permissions to provision the AWS resources."
default = "beld"
}
variable "region" {
description = "Region to provision the resources into."
default = "sa-east-1"
}
provider "aws" {
region = "${var.region}"
profile = "${var.profile}"
}
module "networking" {
source = "./networking"
cidr = "10.0.0.0/16"
"az-subnet-mapping" = [
{
name = "subnet1"
az = "sa-east-1a"
cidr = "10.0.0.0/24"
},
{
name = "subnet2"
az = "sa-east-1c"
cidr = "10.0.1.0/24"
},
]
}
# Create a security group that will allow us to both
# SSH into the instance as well as access prometheus
# publicly (note.: you'd not do this in prod - otherwise
# you'd have prometheus publicly exposed).
resource "aws_security_group" "allow-ssh-and-egress" {
name = "main"
description = "Allows SSH traffic into instances as well as all eggress."
vpc_id = "${module.networking.vpc-id}"
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags {
Name = "allow_ssh-all"
}
}
resource "aws_instance" "inst1" {
instance_type = "t2.micro"
ami = "${data.aws_ami.ubuntu.id}"
key_name = "${aws_key_pair.main.id}"
subnet_id = "${module.networking.az-subnet-id-mapping["subnet1"]}"
vpc_security_group_ids = [
"${aws_security_group.allow-ssh-and-egress.id}",
]
}
resource "aws_instance" "inst2" {
instance_type = "t2.micro"
ami = "${data.aws_ami.ubuntu.id}"
key_name = "${aws_key_pair.main.id}"
subnet_id = "${module.networking.az-subnet-id-mapping["subnet2"]}"
vpc_security_group_ids = [
"${aws_security_group.allow-ssh-and-egress.id}",
]
}