2023-11-12 16:50:05 -08:00
|
|
|
|
|
|
|
|
|
|
|
provider "aws" {
|
|
|
|
region = local.aws_region
|
|
|
|
}
|
|
|
|
|
2024-01-18 18:14:17 -08:00
|
|
|
resource "random_pet" "name" {}
|
2023-11-12 16:50:05 -08:00
|
|
|
|
2024-01-20 14:38:00 -08:00
|
|
|
data "http" "myip" {
|
|
|
|
url = "http://ipv4.icanhazip.com"
|
|
|
|
}
|
|
|
|
|
2023-11-12 16:50:05 -08:00
|
|
|
module "vpc" {
|
|
|
|
source = "terraform-aws-modules/vpc/aws"
|
|
|
|
|
|
|
|
name = "social-vpc"
|
|
|
|
cidr = "10.42.0.0/16"
|
|
|
|
|
|
|
|
azs = [ "${local.aws_region}a" ] # XXX probably a better way to pick AZs
|
|
|
|
private_subnets = [ "10.42.0.0/20" ]
|
|
|
|
public_subnets = [ "10.42.16.0/20" ]
|
|
|
|
|
|
|
|
enable_nat_gateway = false # nat gateways cost money and who has any of that?
|
|
|
|
enable_vpn_gateway = false
|
|
|
|
}
|
|
|
|
|
2024-02-09 05:48:45 -08:00
|
|
|
resource "aws_iam_role" "social" {
|
|
|
|
name = "social_role"
|
|
|
|
assume_role_policy = data.aws_iam_policy_document.assume_role_policy.json
|
|
|
|
path = "/"
|
|
|
|
description = "instance role for social server"
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "aws_iam_instance_profile" "social" {
|
|
|
|
name = "social_profile"
|
|
|
|
role = aws_iam_role.social.name
|
|
|
|
path = "/"
|
|
|
|
}
|
|
|
|
|
2023-11-12 16:50:05 -08:00
|
|
|
resource "aws_instance" "social" {
|
|
|
|
ami = data.aws_ami.ubuntu.id
|
|
|
|
instance_type = local.instance_type
|
|
|
|
subnet_id = module.vpc.public_subnets.0
|
|
|
|
key_name = aws_key_pair.key.key_name
|
2024-02-09 05:48:45 -08:00
|
|
|
iam_instance_profile = aws_iam_instance_profile.social.name
|
2023-11-12 16:50:05 -08:00
|
|
|
|
|
|
|
vpc_security_group_ids = [ module.sg.security_group_id ]
|
|
|
|
|
|
|
|
user_data = <<EOF
|
|
|
|
#!/bin/bash
|
|
|
|
set -e
|
|
|
|
sudo snap install amazon-ssm-agent --classic
|
|
|
|
sudo apt-get -y --no-install-recommends install ansible
|
|
|
|
EOF
|
|
|
|
|
2024-02-01 16:52:27 -08:00
|
|
|
root_block_device {
|
|
|
|
volume_size = 70
|
|
|
|
volume_type = "gp3"
|
|
|
|
}
|
|
|
|
|
2023-11-12 16:50:05 -08:00
|
|
|
tags = { Name = "social" }
|
2024-01-19 17:33:17 -08:00
|
|
|
lifecycle {
|
|
|
|
ignore_changes = [ ami ]
|
|
|
|
}
|
2023-11-12 16:50:05 -08:00
|
|
|
}
|
|
|
|
|
|
|
|
resource "aws_eip" "social" {
|
|
|
|
domain = "vpc"
|
|
|
|
instance = aws_instance.social.id
|
|
|
|
}
|
|
|
|
|
|
|
|
module "sg" {
|
|
|
|
source = "terraform-aws-modules/security-group/aws"
|
|
|
|
|
|
|
|
name = "social"
|
|
|
|
description = "social SG"
|
|
|
|
vpc_id = module.vpc.vpc_id
|
|
|
|
|
|
|
|
egress_rules = [ "all-all" ]
|
|
|
|
|
|
|
|
ingress_with_cidr_blocks = [
|
2024-01-20 19:06:00 -08:00
|
|
|
{
|
|
|
|
rule = "http-80-tcp"
|
|
|
|
cidr_blocks = "0.0.0.0/0"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
rule = "https-443-tcp"
|
2024-01-22 19:27:29 -08:00
|
|
|
cidr_blocks = "${chomp(data.http.myip.response_body)}/32"
|
2024-01-20 19:06:00 -08:00
|
|
|
}
|
2023-11-12 16:50:05 -08:00
|
|
|
]
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "aws_key_pair" "key" {
|
|
|
|
key_name = "social"
|
|
|
|
public_key = local.public_key
|
|
|
|
}
|
|
|
|
|
|
|
|
data "aws_ami" "ubuntu" {
|
|
|
|
most_recent = true
|
|
|
|
|
|
|
|
filter {
|
|
|
|
name = "name"
|
|
|
|
values = ["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-arm64-server-*"]
|
|
|
|
}
|
|
|
|
|
|
|
|
filter {
|
|
|
|
name = "virtualization-type"
|
|
|
|
values = ["hvm"]
|
|
|
|
}
|
|
|
|
|
|
|
|
owners = ["099720109477"] # Canonical
|
|
|
|
}
|
|
|
|
|