github.com/erriapo/terraform@v0.6.12-0.20160203182612-0340ea72354f/examples/aws-two-tier/main.tf (about) 1 # Specify the provider and access details 2 provider "aws" { 3 region = "${var.aws_region}" 4 } 5 6 # Create a VPC to launch our instances into 7 resource "aws_vpc" "default" { 8 cidr_block = "10.0.0.0/16" 9 } 10 11 # Create an internet gateway to give our subnet access to the outside world 12 resource "aws_internet_gateway" "default" { 13 vpc_id = "${aws_vpc.default.id}" 14 } 15 16 # Grant the VPC internet access on its main route table 17 resource "aws_route" "internet_access" { 18 route_table_id = "${aws_vpc.default.main_route_table_id}" 19 destination_cidr_block = "0.0.0.0/0" 20 gateway_id = "${aws_internet_gateway.default.id}" 21 } 22 23 # Create a subnet to launch our instances into 24 resource "aws_subnet" "default" { 25 vpc_id = "${aws_vpc.default.id}" 26 cidr_block = "10.0.1.0/24" 27 map_public_ip_on_launch = true 28 } 29 30 # A security group for the ELB so it is accessible via the web 31 resource "aws_security_group" "elb" { 32 name = "terraform_example_elb" 33 description = "Used in the terraform" 34 vpc_id = "${aws_vpc.default.id}" 35 36 # HTTP access from anywhere 37 ingress { 38 from_port = 80 39 to_port = 80 40 protocol = "tcp" 41 cidr_blocks = ["0.0.0.0/0"] 42 } 43 44 # outbound internet access 45 egress { 46 from_port = 0 47 to_port = 0 48 protocol = "-1" 49 cidr_blocks = ["0.0.0.0/0"] 50 } 51 } 52 53 # Our default security group to access 54 # the instances over SSH and HTTP 55 resource "aws_security_group" "default" { 56 name = "terraform_example" 57 description = "Used in the terraform" 58 vpc_id = "${aws_vpc.default.id}" 59 60 # SSH access from anywhere 61 ingress { 62 from_port = 22 63 to_port = 22 64 protocol = "tcp" 65 cidr_blocks = ["0.0.0.0/0"] 66 } 67 68 # HTTP access from the VPC 69 ingress { 70 from_port = 80 71 to_port = 80 72 protocol = "tcp" 73 cidr_blocks = ["10.0.0.0/16"] 74 } 75 76 # outbound internet access 77 egress { 78 from_port = 0 79 to_port = 0 80 protocol = "-1" 81 cidr_blocks = ["0.0.0.0/0"] 82 } 83 } 84 85 86 resource "aws_elb" "web" { 87 name = "terraform-example-elb" 88 89 subnets = ["${aws_subnet.default.id}"] 90 security_groups = ["${aws_security_group.elb.id}"] 91 instances = ["${aws_instance.web.id}"] 92 93 listener { 94 instance_port = 80 95 instance_protocol = "http" 96 lb_port = 80 97 lb_protocol = "http" 98 } 99 100 } 101 102 resource "aws_key_pair" "auth" { 103 key_name = "${var.key_name}" 104 public_key = "${file(var.public_key_path)}" 105 } 106 107 resource "aws_instance" "web" { 108 # The connection block tells our provisioner how to 109 # communicate with the resource (instance) 110 connection { 111 # The default username for our AMI 112 user = "ubuntu" 113 114 # The connection will use the local SSH agent for authentication. 115 } 116 117 instance_type = "m1.small" 118 119 # Lookup the correct AMI based on the region 120 # we specified 121 ami = "${lookup(var.aws_amis, var.aws_region)}" 122 123 # The name of our SSH keypair we created above. 124 key_name = "${aws_key_pair.auth.id}" 125 126 # Our Security group to allow HTTP and SSH access 127 vpc_security_group_ids = ["${aws_security_group.default.id}"] 128 129 # We're going to launch into the same subnet as our ELB. In a production 130 # environment it's more common to have a separate private subnet for 131 # backend instances. 132 subnet_id = "${aws_subnet.default.id}" 133 134 # We run a remote provisioner on the instance after creating it. 135 # In this case, we just install nginx and start it. By default, 136 # this should be on port 80 137 provisioner "remote-exec" { 138 inline = [ 139 "sudo apt-get -y update", 140 "sudo apt-get -y install nginx", 141 "sudo service nginx start" 142 ] 143 } 144 }