-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.tf
87 lines (77 loc) · 2.22 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
### VPC ###
module "vpc" {
source = "./modules/vpc"
prefix = var.shared_prefix
vpc_cidr = var.vpc_cidr
}
### SUBNETS ###
module "public_subnet" {
source = "./modules/subnet"
prefix = var.shared_prefix
subnet_cidr = local.subnet["public"]["cidr_block"]
type = "public"
availability_zone = local.subnet["public"]["availability_zone"]
vpc_id = module.vpc.vpc_id
igw_id = module.vpc.igw_id
create_ngw = true
}
module "private_subnet" {
source = "./modules/subnet"
prefix = var.shared_prefix
subnet_cidr = local.subnet["private"]["cidr_block"]
type = "private"
availability_zone = local.subnet["private"]["availability_zone"]
vpc_id = module.vpc.vpc_id
ngw_id = module.public_subnet.ngw_id
}
### SECURITY GROUPS ###
module "public_ec2_sg" {
source = "./modules/sg"
prefix = var.shared_prefix
name = var.ec2_sg["public"]["name"]
vpc_id = module.vpc.vpc_id
vpc_ingress = var.ec2_sg["public"]["vpc_ingress"]
vpc_egress = var.ec2_sg["public"]["vpc_egress"]
}
module "private_ec2_sg" {
source = "./modules/sg"
prefix = var.shared_prefix
name = var.ec2_sg["private"]["name"]
vpc_id = module.vpc.vpc_id
sg_ingress = [
merge(var.ec2_sg["private"]["sg_ingress"]["http"], {
source_security_group_id = module.public_ec2_sg.id
})
]
vpc_egress = var.ec2_sg["private"]["vpc_egress"]
}
module "public_instance" {
source = "./modules/instance"
prefix = "${var.shared_prefix}-public"
subnet_id = module.public_subnet.subnet_id
sg_ids = [module.public_ec2_sg.id]
user_data = templatefile(
"${path.module}/user_data.tpl", {
type = "public"
}
)
}
module "private_instance" {
source = "./modules/instance"
enable_public_ip = false
prefix = "${var.shared_prefix}-private"
subnet_id = module.private_subnet.subnet_id
sg_ids = [module.private_ec2_sg.id]
user_data = templatefile(
"${path.module}/user_data.tpl", {
type = "private"
}
)
key_name = module.public_instance.key_name
}
output public_ec2_ip {
value = module.public_instance.public_ip
}
output public_ec2_ssh_command {
value = "ssh -i terraform-getting-started-public-key.pem ec2-user@${module.public_instance.public_ip}"
}