github.com/weaveworks/common@v0.0.0-20230728070032-dd9e68f319d5/tools/provisioning/aws/main.tf (about) 1 # Specify the provider and access details 2 provider "aws" { 3 # Access key, secret key and region are sourced from environment variables or input arguments -- see README.md 4 region = "${var.aws_dc}" 5 } 6 7 resource "aws_security_group" "allow_ssh" { 8 name = "${var.name}_allow_ssh" 9 description = "AWS security group to allow SSH-ing onto AWS EC2 instances (created using Terraform)." 10 11 # Open TCP port for SSH: 12 ingress { 13 from_port = 22 14 to_port = 22 15 protocol = "tcp" 16 cidr_blocks = ["${var.client_ip}/32"] 17 } 18 19 tags { 20 Name = "${var.name}_allow_ssh" 21 App = "${var.app}" 22 CreatedBy = "terraform" 23 } 24 } 25 26 resource "aws_security_group" "allow_docker" { 27 name = "${var.name}_allow_docker" 28 description = "AWS security group to allow communication with Docker on AWS EC2 instances (created using Terraform)." 29 30 # Open TCP port for Docker: 31 ingress { 32 from_port = 2375 33 to_port = 2375 34 protocol = "tcp" 35 cidr_blocks = ["${var.client_ip}/32"] 36 } 37 38 tags { 39 Name = "${var.name}_allow_docker" 40 App = "${var.app}" 41 CreatedBy = "terraform" 42 } 43 } 44 45 resource "aws_security_group" "allow_weave" { 46 name = "${var.name}_allow_weave" 47 description = "AWS security group to allow communication with Weave on AWS EC2 instances (created using Terraform)." 48 49 # Open TCP port for Weave: 50 ingress { 51 from_port = 12375 52 to_port = 12375 53 protocol = "tcp" 54 cidr_blocks = ["${var.client_ip}/32"] 55 } 56 57 tags { 58 Name = "${var.name}_allow_weave" 59 App = "${var.app}" 60 CreatedBy = "terraform" 61 } 62 } 63 64 resource "aws_security_group" "allow_private_ingress" { 65 name = "${var.name}_allow_private_ingress" 66 description = "AWS security group to allow all private ingress traffic on AWS EC2 instances (created using Terraform)." 67 68 # Full inbound local network access on both TCP and UDP 69 ingress { 70 from_port = 0 71 to_port = 0 72 protocol = "-1" 73 cidr_blocks = ["${var.aws_vpc_cidr_block}"] 74 } 75 76 tags { 77 Name = "${var.name}_allow_private_ingress" 78 App = "${var.app}" 79 CreatedBy = "terraform" 80 } 81 } 82 83 resource "aws_security_group" "allow_all_egress" { 84 name = "${var.name}_allow_all_egress" 85 description = "AWS security group to allow all egress traffic on AWS EC2 instances (created using Terraform)." 86 87 # Full outbound internet access on both TCP and UDP 88 egress { 89 from_port = 0 90 to_port = 0 91 protocol = "-1" 92 cidr_blocks = ["0.0.0.0/0"] 93 } 94 95 tags { 96 Name = "${var.name}_allow_all_egress" 97 App = "${var.app}" 98 CreatedBy = "terraform" 99 } 100 } 101 102 resource "aws_instance" "tf_test_vm" { 103 instance_type = "${var.aws_size}" 104 count = "${var.num_hosts}" 105 106 # Lookup the correct AMI based on the region we specified 107 ami = "${lookup(var.aws_amis, var.aws_dc)}" 108 109 key_name = "${var.aws_public_key_name}" 110 111 security_groups = [ 112 "${aws_security_group.allow_ssh.name}", 113 "${aws_security_group.allow_docker.name}", 114 "${aws_security_group.allow_weave.name}", 115 "${aws_security_group.allow_private_ingress.name}", 116 "${aws_security_group.allow_all_egress.name}", 117 ] 118 119 # Wait for machine to be SSH-able: 120 provisioner "remote-exec" { 121 inline = ["exit"] 122 123 connection { 124 type = "ssh" 125 126 # Lookup the correct username based on the AMI we specified 127 user = "${lookup(var.aws_usernames, "${lookup(var.aws_amis, var.aws_dc)}")}" 128 private_key = "${file("${var.aws_private_key_path}")}" 129 } 130 } 131 132 tags { 133 Name = "${var.name}-${count.index}" 134 App = "${var.app}" 135 CreatedBy = "terraform" 136 } 137 }