github.com/swisspost/terratest@v0.0.0-20230214120104-7ec6de2e1ae0/examples/terraform-ssh-password-example/main.tf (about) 1 # --------------------------------------------------------------------------------------------------------------------- 2 # PIN TERRAFORM VERSION TO >= 0.12 3 # The examples have been upgraded to 0.12 syntax 4 # --------------------------------------------------------------------------------------------------------------------- 5 6 terraform { 7 # This module is now only being tested with Terraform 0.13.x. However, to make upgrading easier, we are setting 8 # 0.12.26 as the minimum version, as that version added support for required_providers with source URLs, making it 9 # forwards compatible with 0.13.x code. 10 required_version = ">= 0.12.26" 11 } 12 13 # --------------------------------------------------------------------------------------------------------------------- 14 # DEPLOY AN EC2 INSTANCE THAT ALLOWS CONNECTIONS VIA SSH 15 # See test/terraform_ssh_password_example.go for how to write automated tests for this code. 16 # --------------------------------------------------------------------------------------------------------------------- 17 18 provider "aws" { 19 region = var.aws_region 20 } 21 22 # --------------------------------------------------------------------------------------------------------------------- 23 # DEPLOY THE EC2 INSTANCE WITH A PUBLIC IP 24 # --------------------------------------------------------------------------------------------------------------------- 25 26 resource "aws_instance" "example_public" { 27 ami = data.aws_ami.ubuntu.id 28 instance_type = var.instance_type 29 user_data = data.template_file.user_data.rendered 30 31 vpc_security_group_ids = [ 32 aws_security_group.example.id, 33 ] 34 35 # This EC2 Instance has a public IP and will be accessible directly from the public Internet 36 associate_public_ip_address = "true" 37 38 tags = { 39 Name = "${var.instance_name}-public" 40 } 41 } 42 43 # --------------------------------------------------------------------------------------------------------------------- 44 # CREATE A SECURITY GROUP TO CONTROL WHAT REQUESTS CAN GO IN AND OUT OF THE EC2 INSTANCE 45 # --------------------------------------------------------------------------------------------------------------------- 46 47 resource "aws_security_group" "example" { 48 name = var.instance_name 49 50 egress { 51 from_port = 0 52 to_port = 0 53 protocol = "-1" 54 cidr_blocks = ["0.0.0.0/0"] 55 } 56 57 ingress { 58 from_port = var.ssh_port 59 to_port = var.ssh_port 60 protocol = "tcp" 61 62 # To keep this example simple, we allow incoming SSH requests from any IP. In real-world usage, you should only 63 # allow SSH requests from trusted servers, such as a bastion host or VPN server. 64 cidr_blocks = ["0.0.0.0/0"] 65 } 66 } 67 68 # --------------------------------------------------------------------------------------------------------------------- 69 # SET UP A TEMPLATE AROUND THE USER DATA SCRIPT 70 # --------------------------------------------------------------------------------------------------------------------- 71 72 data "template_file" "user_data" { 73 template = file("${path.module}/user_data.sh") 74 75 vars = { 76 terratest_password = var.terratest_password 77 } 78 } 79 80 # --------------------------------------------------------------------------------------------------------------------- 81 # LOOK UP THE LATEST UBUNTU AMI 82 # --------------------------------------------------------------------------------------------------------------------- 83 84 data "aws_ami" "ubuntu" { 85 most_recent = "true" 86 owners = ["099720109477"] # Canonical 87 88 filter { 89 name = "virtualization-type" 90 values = ["hvm"] 91 } 92 93 filter { 94 name = "architecture" 95 values = ["x86_64"] 96 } 97 98 filter { 99 name = "image-type" 100 values = ["machine"] 101 } 102 103 filter { 104 name = "name" 105 values = ["ubuntu/images/hvm-ssd/ubuntu-*-amd64-server-*"] 106 } 107 } 108