118 lines
2.3 KiB
HCL
118 lines
2.3 KiB
HCL
|
|
|
|
# [X] aws provider
|
|
# [/] random pet
|
|
# not needed w/o s3 bucket
|
|
# [/] s3 bucket
|
|
# [/] use pet name!
|
|
# n/a
|
|
# [X] vpc
|
|
# [/] tls private key
|
|
# [X] aws key pair
|
|
# [/] aws key local file
|
|
# [X] instance
|
|
# [ ] "myip"
|
|
# [X] sg
|
|
# [X] EIP
|
|
# [X] iam_instance_profile
|
|
# [X] iam_role
|
|
# [X] policydoc
|
|
# [X] policy
|
|
# [X] policy attachment
|
|
# [X] iam policy data
|
|
# [ ] route53 records
|
|
# [/] adminpass for nextcloud
|
|
# [ ] outputs:
|
|
# [ ] instance ID
|
|
# [ ] public IP
|
|
# [ ] name servers
|
|
# [ ] bucket
|
|
# [ ] myip
|
|
|
|
|
|
provider "aws" {
|
|
region = local.aws_region
|
|
}
|
|
|
|
#resource "random_pet" "name" ()
|
|
|
|
module "vpc" {
|
|
source = "terraform-aws-modules/vpc/aws"
|
|
|
|
name = "social-vpc"
|
|
cidr = "10.42.0.0/16"
|
|
|
|
azs = [ "${local.aws_region}a" ] # XXX probably a better way to pick AZs
|
|
private_subnets = [ "10.42.0.0/20" ]
|
|
public_subnets = [ "10.42.16.0/20" ]
|
|
|
|
enable_nat_gateway = false # nat gateways cost money and who has any of that?
|
|
enable_vpn_gateway = false
|
|
}
|
|
|
|
resource "aws_instance" "social" {
|
|
ami = data.aws_ami.ubuntu.id
|
|
instance_type = local.instance_type
|
|
subnet_id = module.vpc.public_subnets.0
|
|
key_name = aws_key_pair.key.key_name
|
|
iam_instance_profile = aws_iam_instance_profile.ssm.name
|
|
|
|
vpc_security_group_ids = [ module.sg.security_group_id ]
|
|
|
|
user_data = <<EOF
|
|
#!/bin/bash
|
|
set -e
|
|
sudo snap install amazon-ssm-agent --classic
|
|
sudo apt-get -y --no-install-recommends install ansible
|
|
EOF
|
|
|
|
tags = { Name = "social" }
|
|
}
|
|
|
|
resource "aws_eip" "social" {
|
|
domain = "vpc"
|
|
instance = aws_instance.social.id
|
|
}
|
|
|
|
module "sg" {
|
|
source = "terraform-aws-modules/security-group/aws"
|
|
|
|
name = "social"
|
|
description = "social SG"
|
|
vpc_id = module.vpc.vpc_id
|
|
|
|
egress_rules = [ "all-all" ]
|
|
|
|
ingress_with_cidr_blocks = [
|
|
# {
|
|
# rule = "http-80-tcp"
|
|
# cidr_blocks = "0.0.0.0/0"
|
|
# },
|
|
# {
|
|
# },
|
|
# {
|
|
# }
|
|
]
|
|
}
|
|
|
|
resource "aws_key_pair" "key" {
|
|
key_name = "social"
|
|
public_key = local.public_key
|
|
}
|
|
|
|
data "aws_ami" "ubuntu" {
|
|
most_recent = true
|
|
|
|
filter {
|
|
name = "name"
|
|
values = ["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-arm64-server-*"]
|
|
}
|
|
|
|
filter {
|
|
name = "virtualization-type"
|
|
values = ["hvm"]
|
|
}
|
|
|
|
owners = ["099720109477"] # Canonical
|
|
}
|
|
|