masto-aio/terraform/main.tf

113 lines
2.4 KiB
HCL

provider "aws" {
region = local.aws_region
}
resource "random_pet" "name" {}
data "http" "myip" {
url = "http://ipv4.icanhazip.com"
}
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
name = "social-vpc"
cidr = "10.42.0.0/16"
azs = [ "${local.aws_region}a" ] # XXX probably a better way to pick AZs
private_subnets = [ "10.42.0.0/20" ]
public_subnets = [ "10.42.16.0/20" ]
enable_nat_gateway = false # nat gateways cost money and who has any of that?
enable_vpn_gateway = false
}
resource "aws_iam_role" "social" {
name = "social_role"
assume_role_policy = data.aws_iam_policy_document.assume_role_policy.json
path = "/"
description = "instance role for social server"
}
resource "aws_iam_instance_profile" "social" {
name = "social_profile"
role = aws_iam_role.social.name
path = "/"
}
resource "aws_instance" "social" {
ami = data.aws_ami.ubuntu.id
instance_type = local.instance_type
subnet_id = module.vpc.public_subnets.0
key_name = aws_key_pair.key.key_name
iam_instance_profile = aws_iam_instance_profile.social.name
vpc_security_group_ids = [ module.sg.security_group_id ]
user_data = <<EOF
#!/bin/bash
set -e
sudo snap install amazon-ssm-agent --classic
sudo apt-get -y --no-install-recommends install ansible
EOF
root_block_device {
volume_size = 70
volume_type = "gp3"
}
tags = { Name = "social" }
lifecycle {
ignore_changes = [ ami ]
}
}
resource "aws_eip" "social" {
domain = "vpc"
instance = aws_instance.social.id
}
module "sg" {
source = "terraform-aws-modules/security-group/aws"
name = "social"
description = "social SG"
vpc_id = module.vpc.vpc_id
egress_rules = [ "all-all" ]
ingress_with_cidr_blocks = [
{
rule = "http-80-tcp"
cidr_blocks = "0.0.0.0/0"
},
{
rule = "https-443-tcp"
cidr_blocks = "${chomp(data.http.myip.response_body)}/32"
}
]
}
resource "aws_key_pair" "key" {
key_name = "social"
public_key = local.public_key
}
data "aws_ami" "ubuntu" {
most_recent = true
filter {
name = "name"
values = ["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-arm64-server-*"]
}
filter {
name = "virtualization-type"
values = ["hvm"]
}
owners = ["099720109477"] # Canonical
}