github.com/outbrain/consul@v1.4.5/terraform/aws/consul.tf (about)

     1  resource "aws_instance" "server" {
     2    ami             = "${lookup(var.ami, "${var.region}-${var.platform}")}"
     3    instance_type   = "${var.instance_type}"
     4    key_name        = "${var.key_name}"
     5    count           = "${var.servers}"
     6    security_groups = ["${aws_security_group.consul.id}"]
     7    subnet_id       = "${lookup(var.subnets, count.index % var.servers)}"
     8  
     9    connection {
    10      user        = "${lookup(var.user, var.platform)}"
    11      private_key = "${file("${var.key_path}")}"
    12    }
    13  
    14    #Instance tags
    15    tags {
    16      Name       = "${var.tagName}-${count.index}"
    17      ConsulRole = "Server"
    18    }
    19  
    20    provisioner "file" {
    21      source      = "${path.module}/../shared/scripts/${lookup(var.service_conf, var.platform)}"
    22      destination = "/tmp/${lookup(var.service_conf_dest, var.platform)}"
    23    }
    24  
    25    provisioner "remote-exec" {
    26      inline = [
    27        "echo ${var.servers} > /tmp/consul-server-count",
    28        "echo ${aws_instance.server.0.private_ip} > /tmp/consul-server-addr",
    29      ]
    30    }
    31  
    32    provisioner "remote-exec" {
    33      scripts = [
    34        "${path.module}/../shared/scripts/install.sh",
    35        "${path.module}/../shared/scripts/service.sh",
    36        "${path.module}/../shared/scripts/ip_tables.sh",
    37      ]
    38    }
    39  }
    40  
    41  resource "aws_security_group" "consul" {
    42    name        = "consul_${var.platform}"
    43    description = "Consul internal traffic + maintenance."
    44    vpc_id      = "${var.vpc_id}"
    45  
    46    // These are for internal traffic
    47    ingress {
    48      from_port = 0
    49      to_port   = 65535
    50      protocol  = "tcp"
    51      self      = true
    52    }
    53  
    54    ingress {
    55      from_port = 0
    56      to_port   = 65535
    57      protocol  = "udp"
    58      self      = true
    59    }
    60  
    61    // These are for maintenance
    62    ingress {
    63      from_port   = 22
    64      to_port     = 22
    65      protocol    = "tcp"
    66      cidr_blocks = ["0.0.0.0/0"]
    67    }
    68  
    69    // This is for outbound internet access
    70    egress {
    71      from_port   = 0
    72      to_port     = 0
    73      protocol    = "-1"
    74      cidr_blocks = ["0.0.0.0/0"]
    75    }
    76  }