github.com/darmach/terratest@v0.34.8-0.20210517103231-80931f95e3ff/examples/terraform-ssh-example/main.tf

github.com/darmach/terratest@v0.34.8-0.20210517103231-80931f95e3ff/examples/terraform-ssh-example/main.tf (about)

     1  # ---------------------------------------------------------------------------------------------------------------------
     2  # PIN TERRAFORM VERSION TO >= 0.12
     3  # The examples have been upgraded to 0.12 syntax
     4  # ---------------------------------------------------------------------------------------------------------------------
     5  
     6  terraform {
     7    # This module is now only being tested with Terraform 0.13.x. However, to make upgrading easier, we are setting
     8    # 0.12.26 as the minimum version, as that version added support for required_providers with source URLs, making it
     9    # forwards compatible with 0.13.x code.
    10    required_version = ">= 0.12.26"
    11  }
    12  
    13  # ---------------------------------------------------------------------------------------------------------------------
    14  # DEPLOY TWO EC2 INSTANCES THAT ALLOWS CONNECTIONS VIA SSH
    15  # See test/terraform_ssh_example.go for how to write automated tests for this code.
    16  # ---------------------------------------------------------------------------------------------------------------------
    17  
    18  provider "aws" {
    19    region = var.aws_region
    20  }
    21  
    22  # ---------------------------------------------------------------------------------------------------------------------
    23  # DEPLOY THE EC2 INSTANCE WITH A PUBLIC IP
    24  # ---------------------------------------------------------------------------------------------------------------------
    25  
    26  resource "aws_instance" "example_public" {
    27    ami                    = data.aws_ami.ubuntu.id
    28    instance_type          = var.instance_type
    29    vpc_security_group_ids = [aws_security_group.example.id]
    30    key_name               = var.key_pair_name
    31  
    32    # This EC2 Instance has a public IP and will be accessible directly from the public Internet
    33    associate_public_ip_address = true
    34  
    35    tags = {
    36      Name = "${var.instance_name}-public"
    37    }
    38  }
    39  
    40  # ---------------------------------------------------------------------------------------------------------------------
    41  # DEPLOY THE EC2 INSTANCE WITH A PRIVATE IP
    42  # ---------------------------------------------------------------------------------------------------------------------
    43  
    44  resource "aws_instance" "example_private" {
    45    ami                    = data.aws_ami.ubuntu.id
    46    instance_type          = var.instance_type
    47    vpc_security_group_ids = [aws_security_group.example.id]
    48    key_name               = var.key_pair_name
    49  
    50    # This EC2 Instance has a private IP and will be accessible only from within the VPC
    51    associate_public_ip_address = false
    52  
    53    tags = {
    54      Name = "${var.instance_name}-private"
    55    }
    56  }
    57  
    58  # ---------------------------------------------------------------------------------------------------------------------
    59  # CREATE A SECURITY GROUP TO CONTROL WHAT REQUESTS CAN GO IN AND OUT OF THE EC2 INSTANCES
    60  # ---------------------------------------------------------------------------------------------------------------------
    61  
    62  resource "aws_security_group" "example" {
    63    name = var.instance_name
    64  
    65    egress {
    66      from_port   = 0
    67      to_port     = 0
    68      protocol    = "-1"
    69      cidr_blocks = ["0.0.0.0/0"]
    70    }
    71  
    72    ingress {
    73      from_port = var.ssh_port
    74      to_port   = var.ssh_port
    75      protocol  = "tcp"
    76  
    77      # To keep this example simple, we allow incoming SSH requests from any IP. In real-world usage, you should only
    78      # allow SSH requests from trusted servers, such as a bastion host or VPN server.
    79      cidr_blocks = ["0.0.0.0/0"]
    80    }
    81  }
    82  
    83  # ---------------------------------------------------------------------------------------------------------------------
    84  # LOOK UP THE LATEST UBUNTU AMI
    85  # ---------------------------------------------------------------------------------------------------------------------
    86  
    87  data "aws_ami" "ubuntu" {
    88    most_recent = true
    89    owners      = ["099720109477"] # Canonical
    90  
    91    filter {
    92      name   = "virtualization-type"
    93      values = ["hvm"]
    94    }
    95  
    96    filter {
    97      name   = "architecture"
    98      values = ["x86_64"]
    99    }
   100  
   101    filter {
   102      name   = "image-type"
   103      values = ["machine"]
   104    }
   105  
   106    filter {
   107      name   = "name"
   108      values = ["ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-*"]
   109    }
   110  }
   111