-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathaws-resources.tf
170 lines (120 loc) · 3.83 KB
/
aws-resources.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
//
// AWS resources setup
//
resource "aws_vpc" "default" {
cidr_block = "10.2.0.0/16"
enable_dns_hostnames = true #provides internal host name
tags = {
Name = format("%s-%s", var.name, "vpc")
}
}
resource "aws_subnet" "public" {
vpc_id = aws_vpc.default.id
cidr_block = "10.2.0.0/24"
map_public_ip_on_launch = "true" //it makes this a public subnet - use false to make it private
tags = {
Name = format("%s-%s", var.name, "public")
}
}
resource "aws_internet_gateway" "public" {
vpc_id = aws_vpc.default.id
tags = {
Name = format("%s-%s", var.name, "igtw")
}
}
resource "aws_route_table" "public" {
vpc_id = aws_vpc.default.id
tags = {
Name = format("%s-%s", var.name, "public-routes")
}
}
//route table uses this internet gateway to reach internet
resource "aws_route" "internet_gateway" {
route_table_id = aws_route_table.public.id
destination_cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.public.id
}
resource "aws_route_table_association" "public" {
subnet_id = aws_subnet.public.id
route_table_id = aws_route_table.public.id
}
resource "aws_main_route_table_association" "public" {
vpc_id = aws_vpc.default.id
route_table_id = aws_route_table.public.id
}
resource "aws_security_group" "pg-allowed" {
vpc_id = aws_vpc.default.id
name = format("%s-%s", var.name, "pg-sg")
// postgres
ingress {
from_port = 5432
to_port = 5433
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = format("%s-%s", var.name, "pg-sg")
}
}
resource "aws_security_group" "ssh-allowed" {
vpc_id = aws_vpc.default.id
name = format("%s-%s", var.name, "ssh-sg")
egress {
from_port = 0
to_port = 0
protocol = -1
cidr_blocks = ["0.0.0.0/0"]
}
// ssh
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
// This means, all ip address are allowed to ssh !
// Don't do it in production
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = format("%s-%s", var.name, "ssh-sg")
}
}
resource "aws_vpc_endpoint" "heroku-pg-privatelink" {
vpc_id = aws_vpc.default.id
service_name = file("${heroku_addon.private_postgres_example.name}.txt")
vpc_endpoint_type = "Interface"
subnet_ids = [ "${aws_subnet.public.id}" ]
security_group_ids = [ "${aws_security_group.pg-allowed.id}" ]
depends_on = [ null_resource.private_postgres_endpoint_service ] // the aws_vpc_endpoint cannot be created until the heroku endpoint service is not available
}
resource "aws_instance" "ubuntu-ec2" {
ami = var.aws-ami
instance_type = "t2.micro"
# VPC
subnet_id = aws_subnet.public.id
# Security Group
vpc_security_group_ids = [ "${aws_security_group.ssh-allowed.id}" ]
# Add a public ip address
associate_public_ip_address = true
# the Public SSH key
key_name = aws_key_pair.ec2-key-pair.id
# postgresql installation
provisioner "remote-exec" {
inline = [
"sudo apt-get -qq update && sudo apt-get install -y curl ca-certificates",
"curl -s https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -",
"sudo sh -c 'echo \"deb http://apt.postgresql.org/pub/repos/apt/ $(lsb_release -cs)-pgdg main\" > /etc/apt/sources.list.d/pgdg.list'",
"sudo apt-get -qq update",
"sudo apt-get install -y postgresql-client-10"
]
connection {
user = var.ec2_user
private_key = file(var.ssh_private_key_filepath)
host = self.public_ip
}
}
}
// public key for ec2 instance
resource "aws_key_pair" "ec2-key-pair" {
key_name = format("%s-%s", var.name, "ec2-key-pair")
public_key = var.ssh_public_key
}