github.com/nathanielks/terraform@v0.6.1-0.20170509030759-13e1a62319dc/examples/aws-two-tier/main.tf (about) 1 # Specify the provider and access details 2 provider "aws" { 3 region = "${var.aws_region}" 4 } 5 6 # Create a VPC to launch our instances into 7 resource "aws_vpc" "default" { 8 cidr_block = "10.0.0.0/16" 9 } 10 11 # Create an internet gateway to give our subnet access to the outside world 12 resource "aws_internet_gateway" "default" { 13 vpc_id = "${aws_vpc.default.id}" 14 } 15 16 # Grant the VPC internet access on its main route table 17 resource "aws_route" "internet_access" { 18 route_table_id = "${aws_vpc.default.main_route_table_id}" 19 destination_cidr_block = "0.0.0.0/0" 20 gateway_id = "${aws_internet_gateway.default.id}" 21 } 22 23 # Create a subnet to launch our instances into 24 resource "aws_subnet" "default" { 25 vpc_id = "${aws_vpc.default.id}" 26 cidr_block = "10.0.1.0/24" 27 map_public_ip_on_launch = true 28 } 29 30 # A security group for the ELB so it is accessible via the web 31 resource "aws_security_group" "elb" { 32 name = "terraform_example_elb" 33 description = "Used in the terraform" 34 vpc_id = "${aws_vpc.default.id}" 35 36 # HTTP access from anywhere 37 ingress { 38 from_port = 80 39 to_port = 80 40 protocol = "tcp" 41 cidr_blocks = ["0.0.0.0/0"] 42 } 43 44 # outbound internet access 45 egress { 46 from_port = 0 47 to_port = 0 48 protocol = "-1" 49 cidr_blocks = ["0.0.0.0/0"] 50 } 51 } 52 53 # Our default security group to access 54 # the instances over SSH and HTTP 55 resource "aws_security_group" "default" { 56 name = "terraform_example" 57 description = "Used in the terraform" 58 vpc_id = "${aws_vpc.default.id}" 59 60 # SSH access from anywhere 61 ingress { 62 from_port = 22 63 to_port = 22 64 protocol = "tcp" 65 cidr_blocks = ["0.0.0.0/0"] 66 } 67 68 # HTTP access from the VPC 69 ingress { 70 from_port = 80 71 to_port = 80 72 protocol = "tcp" 73 cidr_blocks = ["10.0.0.0/16"] 74 } 75 76 # outbound internet access 77 egress { 78 from_port = 0 79 to_port = 0 80 protocol = "-1" 81 cidr_blocks = ["0.0.0.0/0"] 82 } 83 } 84 85 resource "aws_elb" "web" { 86 name = "terraform-example-elb" 87 88 subnets = ["${aws_subnet.default.id}"] 89 security_groups = ["${aws_security_group.elb.id}"] 90 instances = ["${aws_instance.web.id}"] 91 92 listener { 93 instance_port = 80 94 instance_protocol = "http" 95 lb_port = 80 96 lb_protocol = "http" 97 } 98 } 99 100 resource "aws_key_pair" "auth" { 101 key_name = "${var.key_name}" 102 public_key = "${file(var.public_key_path)}" 103 } 104 105 resource "aws_instance" "web" { 106 # The connection block tells our provisioner how to 107 # communicate with the resource (instance) 108 connection { 109 # The default username for our AMI 110 user = "ubuntu" 111 112 # The connection will use the local SSH agent for authentication. 113 } 114 115 instance_type = "m1.small" 116 117 # Lookup the correct AMI based on the region 118 # we specified 119 ami = "${lookup(var.aws_amis, var.aws_region)}" 120 121 # The name of our SSH keypair we created above. 122 key_name = "${aws_key_pair.auth.id}" 123 124 # Our Security group to allow HTTP and SSH access 125 vpc_security_group_ids = ["${aws_security_group.default.id}"] 126 127 # We're going to launch into the same subnet as our ELB. In a production 128 # environment it's more common to have a separate private subnet for 129 # backend instances. 130 subnet_id = "${aws_subnet.default.id}" 131 132 # We run a remote provisioner on the instance after creating it. 133 # In this case, we just install nginx and start it. By default, 134 # this should be on port 80 135 provisioner "remote-exec" { 136 inline = [ 137 "sudo apt-get -y update", 138 "sudo apt-get -y install nginx", 139 "sudo service nginx start", 140 ] 141 } 142 }