github.com/darmach/terratest@v0.34.8-0.20210517103231-80931f95e3ff/examples/terraform-asg-scp-example/main.tf (about) 1 # --------------------------------------------------------------------------------------------------------------------- 2 # PIN TERRAFORM VERSION TO >= 0.12 3 # The examples have been upgraded to 0.12 syntax 4 # --------------------------------------------------------------------------------------------------------------------- 5 6 terraform { 7 # This module is now only being tested with Terraform 0.13.x. However, to make upgrading easier, we are setting 8 # 0.12.26 as the minimum version, as that version added support for required_providers with source URLs, making it 9 # forwards compatible with 0.13.x code. 10 required_version = ">= 0.12.26" 11 } 12 13 # --------------------------------------------------------------------------------------------------------------------- 14 # DEPLOY AN ASG WITH ONE INSTANCE THAT ALLOWS CONNECTIONS VIA SSH 15 # See test/terraform_scp_example.go for how to write automated tests for this code. 16 # --------------------------------------------------------------------------------------------------------------------- 17 18 provider "aws" { 19 region = var.aws_region 20 } 21 22 # --------------------------------------------------------------------------------------------------------------------- 23 # DEPLOY AN ASG WITH ONE NODE TO TEST HOW WE CAN SCP FROM THE EC2 INSTANCE IN THIS ASG 24 # --------------------------------------------------------------------------------------------------------------------- 25 26 resource "aws_launch_template" "sample_launch_template" { 27 name_prefix = var.instance_name 28 image_id = data.aws_ami.ubuntu.id 29 instance_type = var.instance_type 30 vpc_security_group_ids = [aws_security_group.example.id] 31 key_name = var.key_pair_name 32 } 33 34 resource "aws_autoscaling_group" "sample_asg" { 35 vpc_zone_identifier = data.aws_subnet_ids.default_subnets.ids 36 37 desired_capacity = 1 38 max_size = 1 39 min_size = 1 40 41 launch_template { 42 id = aws_launch_template.sample_launch_template.id 43 version = "$Latest" 44 } 45 } 46 47 # --------------------------------------------------------------------------------------------------------------------- 48 # CREATE A SECURITY GROUP TO CONTROL WHAT REQUESTS CAN GO IN AND OUT OF THE EC2 INSTANCES 49 # --------------------------------------------------------------------------------------------------------------------- 50 51 resource "aws_security_group" "example" { 52 name = var.instance_name 53 54 egress { 55 from_port = 0 56 to_port = 0 57 protocol = "-1" 58 cidr_blocks = ["0.0.0.0/0"] 59 } 60 61 ingress { 62 from_port = var.ssh_port 63 to_port = var.ssh_port 64 protocol = "tcp" 65 66 # To keep this example simple, we allow incoming SSH requests from any IP. In real-world usage, you should only 67 # allow SSH requests from trusted servers, such as a bastion host or VPN server. 68 cidr_blocks = ["0.0.0.0/0"] 69 } 70 } 71 72 # --------------------------------------------------------------------------------------------------------------------- 73 # LOOK UP THE LATEST UBUNTU AMI 74 # --------------------------------------------------------------------------------------------------------------------- 75 76 data "aws_ami" "ubuntu" { 77 most_recent = true 78 owners = ["099720109477"] # Canonical 79 80 filter { 81 name = "virtualization-type" 82 values = ["hvm"] 83 } 84 85 filter { 86 name = "architecture" 87 values = ["x86_64"] 88 } 89 90 filter { 91 name = "image-type" 92 values = ["machine"] 93 } 94 95 filter { 96 name = "name" 97 values = ["ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-*"] 98 } 99 } 100 101 data "aws_vpc" "default" { 102 default = true 103 } 104 105 data "aws_subnet_ids" "default_subnets" { 106 vpc_id = data.aws_vpc.default.id 107 } 108