feat: provisioner remote ssh

tkdn · Mar 9, 2024 · edc15ce · edc15ce
1 parent 306b7de
commit edc15ce
Show file tree

Hide file tree

Showing 2 changed files with 64 additions and 2 deletions.
diff --git a/ch8.production-grade-infrastructure/examples/provisioner/.terraform.lock.hcl b/ch8.production-grade-infrastructure/examples/provisioner/.terraform.lock.hcl
diff --git a/ch8.production-grade-infrastructure/examples/provisioner/main.tf b/ch8.production-grade-infrastructure/examples/provisioner/main.tf
@@ -13,11 +13,54 @@ provider "aws" {
   region = "ap-northeast-1"
 }
 
+resource "aws_security_group" "instance" {
+  ingress {
+    from_port = 22
+    to_port   = 22
+    protocol  = "tcp"
+
+    # 現実では信頼できるIPやサブネットマスクを指定し接続を許可、ここでは簡易的すぎる
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+# 現実ではTerraformと別でSSH鍵を管理すべきだが、簡易的にプライベートキーを作成
+resource "tls_private_key" "example" {
+  algorithm = "RSA"
+  rsa_bits  = 4096
+}
+
+resource "aws_key_pair" "generated_key" {
+  public_key = tls_private_key.example.public_key_openssh
+}
+
 resource "aws_instance" "example" {
-  ami           = "ami-019d9da0f68cbf7c0"
-  instance_type = "t2.micro"
+  ami                    = data.aws_ami.ubuntu.id
+  instance_type          = "t2.micro"
+  vpc_security_group_ids = [aws_security_group.instance.id]
 
   provisioner "local-exec" {
     command = "echo \"hello, world  from $(uname -smp)\""
   }
+
+  provisioner "remote-exec" {
+    inline = ["echo \"hello, world  from $(uname -smp)\""]
+  }
+
+  connection {
+    type        = "ssh"
+    host        = self.public_ip
+    user        = "ubuntu"
+    private_key = tls_private_key.example.private_key_pem
+  }
+}
+
+data "aws_ami" "ubuntu" {
+  most_recent = true
+  owners      = ["099720109477"]
+
+  filter {
+    name   = "name"
+    values = ["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*"]
+  }
 }