github.com/hazelops/ize@v1.1.12-0.20230915191306-97d7c0e48f11/examples/bastion-tunnel-monorepo/.ize/env/testnut/main.tf

github.com/hazelops/ize@v1.1.12-0.20230915191306-97d7c0e48f11/examples/bastion-tunnel-monorepo/.ize/env/testnut/main.tf (about)

     1  resource "aws_key_pair" "root" {
     2    key_name   = var.ec2_key_pair_name
     3    public_key = var.ssh_public_key
     4  
     5    lifecycle {
     6      ignore_changes = [
     7        public_key
     8      ]
     9    }
    10  }
    11  
    12  module "vpc" {
    13    source  = "terraform-aws-modules/vpc/aws"
    14    version = "~> 3.0"
    15  
    16    name = "${var.env}-vpc"
    17    cidr = "10.0.0.0/16"
    18  
    19    azs = [
    20      "us-east-1a"
    21    ]
    22    public_subnets = [
    23      "10.0.1.0/24"
    24    ]
    25  
    26    private_subnets = [
    27      "10.0.2.0/24"
    28    ]
    29  
    30    manage_default_network_acl = true
    31    default_network_acl_name   = "${var.env}-${var.namespace}"
    32  
    33  }
    34  
    35  module "nat_instance" {
    36    source                 = "hazelops/ec2-nat/aws"
    37    version                = "~> 2.0"
    38    enabled                = true
    39    env                    = var.env
    40    vpc_id                 = module.vpc.vpc_id
    41    allowed_cidr_blocks    = [module.vpc.vpc_cidr_block]
    42    public_subnets         = module.vpc.public_subnets
    43    private_route_table_id = module.vpc.private_route_table_ids[0]
    44    ec2_key_pair_name      = local.key_name
    45  }
    46  
    47  resource "aws_security_group" "default_permissive" {
    48    name        = "${var.env}-default-permissive"
    49    vpc_id      = module.vpc.vpc_id
    50    description = "Managed by Terraform"
    51  
    52    ingress {
    53      protocol    = -1
    54      from_port   = 0
    55      to_port     = 0
    56      cidr_blocks = ["0.0.0.0/0"]
    57    }
    58  
    59    egress {
    60      protocol    = -1
    61      from_port   = 0
    62      to_port     = 0
    63      cidr_blocks = ["0.0.0.0/0"]
    64    }
    65  
    66    tags = {
    67      Terraform = "true"
    68      Env       = var.env
    69      Name      = "${var.env}-default-permissive"
    70    }
    71  }
    72  
    73  module "ec2_profile" {
    74    source      = "terraform-aws-modules/ecs/aws//modules/ecs-instance-profile"
    75    version     = "~> 2.0"
    76    name        = "${var.env}-${var.namespace}"
    77    include_ssm = true
    78  }
    79  
    80  module "bastion" {
    81    source  = "hazelops/ec2-openvpn-connector/aws"
    82    version = "~>0.2"
    83  
    84    vpn_enabled         = false
    85    env                 = var.env
    86    vpc_id              = module.vpc.vpc_id
    87    allowed_cidr_blocks = [module.vpc.vpc_cidr_block]
    88    private_subnets     = module.vpc.private_subnets
    89    ec2_key_pair_name   = local.key_name
    90    ssh_forward_rules = [
    91      "LocalForward 32084 info.cern.ch:80"
    92    ]
    93  }