github.com/terraform-modules-krish/terratest@v0.29.0/examples/terraform-asg-scp-example/main.tf (about) 1 # --------------------------------------------------------------------------------------------------------------------- 2 # PIN TERRAFORM VERSION TO >= 0.12 3 # The examples have been upgraded to 0.12 syntax 4 # --------------------------------------------------------------------------------------------------------------------- 5 6 terraform { 7 required_version = ">= 0.12" 8 } 9 10 # --------------------------------------------------------------------------------------------------------------------- 11 # DEPLOY AN ASG WITH ONE INSTANCE THAT ALLOWS CONNECTIONS VIA SSH 12 # See test/terraform_scp_example.go for how to write automated tests for this code. 13 # --------------------------------------------------------------------------------------------------------------------- 14 15 provider "aws" { 16 region = var.aws_region 17 } 18 19 # --------------------------------------------------------------------------------------------------------------------- 20 # DEPLOY AN ASG WITH ONE NODE TO TEST HOW WE CAN SCP FROM THE EC2 INSTANCE IN THIS ASG 21 # --------------------------------------------------------------------------------------------------------------------- 22 23 resource "aws_launch_template" "sample_launch_template" { 24 name_prefix = var.instance_name 25 image_id = data.aws_ami.ubuntu.id 26 instance_type = "t2.micro" 27 vpc_security_group_ids = [aws_security_group.example.id] 28 key_name = var.key_pair_name 29 } 30 31 resource "aws_autoscaling_group" "sample_asg" { 32 vpc_zone_identifier = data.aws_subnet_ids.default_subnets.ids 33 34 desired_capacity = 1 35 max_size = 1 36 min_size = 1 37 38 launch_template { 39 id = aws_launch_template.sample_launch_template.id 40 version = "$Latest" 41 } 42 } 43 44 # --------------------------------------------------------------------------------------------------------------------- 45 # CREATE A SECURITY GROUP TO CONTROL WHAT REQUESTS CAN GO IN AND OUT OF THE EC2 INSTANCES 46 # --------------------------------------------------------------------------------------------------------------------- 47 48 resource "aws_security_group" "example" { 49 name = var.instance_name 50 51 egress { 52 from_port = 0 53 to_port = 0 54 protocol = "-1" 55 cidr_blocks = ["0.0.0.0/0"] 56 } 57 58 ingress { 59 from_port = var.ssh_port 60 to_port = var.ssh_port 61 protocol = "tcp" 62 63 # To keep this example simple, we allow incoming SSH requests from any IP. In real-world usage, you should only 64 # allow SSH requests from trusted servers, such as a bastion host or VPN server. 65 cidr_blocks = ["0.0.0.0/0"] 66 } 67 } 68 69 # --------------------------------------------------------------------------------------------------------------------- 70 # LOOK UP THE LATEST UBUNTU AMI 71 # --------------------------------------------------------------------------------------------------------------------- 72 73 data "aws_ami" "ubuntu" { 74 most_recent = true 75 owners = ["099720109477"] # Canonical 76 77 filter { 78 name = "virtualization-type" 79 values = ["hvm"] 80 } 81 82 filter { 83 name = "architecture" 84 values = ["x86_64"] 85 } 86 87 filter { 88 name = "image-type" 89 values = ["machine"] 90 } 91 92 filter { 93 name = "name" 94 values = ["ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-*"] 95 } 96 } 97 98 data "aws_vpc" "default" { 99 default = true 100 } 101 102 data "aws_subnet_ids" "default_subnets" { 103 vpc_id = data.aws_vpc.default.id 104 } 105