This repository has been archived by the owner on Sep 16, 2019. It is now read-only.
/
main.tf
66 lines (54 loc) · 1.65 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
# ------------------------------------------------------------------------------
# Resources
# ------------------------------------------------------------------------------
data "aws_region" "current" {}
resource "aws_eip" "main" {}
data "template_file" "main" {
template = "${file("${path.module}/cloud-config.yml")}"
vars {
authorized_keys = "${jsonencode(var.authorized_keys)}"
aws_region = "${data.aws_region.current.name}"
elastic_ip = "${aws_eip.main.public_ip}"
pem_bucket = "${var.pem_bucket}"
pem_path = "${var.pem_path}"
}
}
data "aws_iam_policy_document" "permissions" {
statement {
effect = "Allow"
actions = [
"ec2:AssociateAddress",
]
resources = ["*"]
}
statement {
effect = "Allow"
actions = [
"s3:GetObject",
]
resources = ["arn:aws:s3:::${var.pem_bucket}/${var.pem_path}"]
}
}
module "asg" {
source = "telia-oss/asg/aws"
version = "0.1.1"
name_prefix = "${var.name_prefix}-bastion"
user_data = "${data.template_file.main.rendered}"
vpc_id = "${var.vpc_id}"
subnet_ids = "${var.subnet_ids}"
min_size = "1"
max_size = "1"
instance_type = "${var.instance_type}"
instance_ami = "${var.instance_ami}"
instance_key = ""
instance_policy = "${data.aws_iam_policy_document.permissions.json}"
tags = "${var.tags}"
}
resource "aws_security_group_rule" "ingress" {
security_group_id = "${module.asg.security_group_id}"
type = "ingress"
protocol = "tcp"
from_port = 22
to_port = 22
cidr_blocks = ["${var.authorized_cidr}"]
}