-
Notifications
You must be signed in to change notification settings - Fork 15
Expand file tree
/
Copy pathcompute.tf
More file actions
131 lines (109 loc) · 3.17 KB
/
compute.tf
File metadata and controls
131 lines (109 loc) · 3.17 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
# compute file deploying ec2 instances placed in vpc/subnets created with network.tf
#get appropriate AMI ID
data "aws_ami" "ubuntu" {
owners = ["099720109477"] #canonical user ID
most_recent = true
filter {
name = "name"
values = ["ubuntu/images/hvm-ssd/ubuntu-focal*"]
}
filter {
name = "architecture"
values = ["x86_64"]
}
}
# deploy a jump host / Bastion
resource "aws_instance" "bastion" {
ami = data.aws_ami.ubuntu.id
instance_type = var.instance_type
subnet_id = var.pub_sub1_id
vpc_security_group_ids = var.bastion_sg_id
associate_public_ip_address = true
key_name = var.ssh_key
tags = {
Name = "Bastion Host"
type = "bastionhost"
}
connection {
host = self.public_ip
user = var.instance_user
type = "ssh"
private_key = file(var.key_loc)
}
provisioner "remote-exec" {
inline = [
"sudo wget https://raw.githubusercontent.com/MihaMarkocic/cloudservices/master/AWS/web_application_firewall/init_files/bastion_init.sh",
"sudo chmod 774 bastion_init.sh",
"sudo ./bastion_init.sh"
]
}
}
# deploy webserver in public subnet 1
resource "aws_instance" "webserver1" {
ami = data.aws_ami.ubuntu.id
instance_type = var.instance_type
subnet_id = var.pub_sub1_id
vpc_security_group_ids = var.webserver_sg_id
associate_public_ip_address = true
key_name = var.ssh_key
tags = {
Name = "Webserver1"
type = "webserver"
}
connection {
bastion_host = aws_instance.bastion.public_ip
bastion_private_key = file(var.key_loc)
host = self.private_ip
user = var.instance_user
type = "ssh"
private_key = file(var.key_loc)
}
provisioner "remote-exec" {
inline = [
"sudo wget https://raw.githubusercontent.com/MihaMarkocic/cloudservices/master/AWS/web_application_firewall/init_files/webserver_init.sh",
"sudo chmod 774 webserver_init.sh",
"sudo ./webserver_init.sh ${aws_instance.webserver1.tags.Name}"
]
}
}
# deploy webserver in public subnet 2
resource "aws_instance" "webserver2" {
ami = data.aws_ami.ubuntu.id
instance_type = var.instance_type
subnet_id = var.pub_sub2_id
vpc_security_group_ids = var.webserver_sg_id
associate_public_ip_address = true
key_name = var.ssh_key
tags = {
Name = "Webserver2"
type = "webserver"
}
connection {
bastion_host = aws_instance.bastion.public_ip
bastion_private_key = file(var.key_loc)
host = self.private_ip
user = var.instance_user
type = "ssh"
private_key = file(var.key_loc)
}
provisioner "remote-exec" {
inline = [
"sudo wget https://raw.githubusercontent.com/MihaMarkocic/cloudservices/master/AWS/web_application_firewall/init_files/webserver_init.sh",
"sudo chmod 774 webserver_init.sh",
"sudo ./webserver_init.sh ${aws_instance.webserver2.tags.Name}"
]
}
}
# deploy database in private subnet
resource "aws_instance" "database" {
ami = data.aws_ami.ubuntu.id
instance_type = var.instance_type
subnet_id = var.prvt_sub1_id
vpc_security_group_ids = var.database_sg_id
associate_public_ip_address = false
key_name = var.ssh_key
tags = {
Name = "Database"
type = "database"
}
}