forked from gruntwork-io/terratest
-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.tf
118 lines (95 loc) · 3.81 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
# ---------------------------------------------------------------------------------------------------------------------
# DEPLOY AN INSTANCE, THEN TRIGGER A PROVISIONER
# See test/terraform_ssh_example.go for how to write automated tests for this code.
# ---------------------------------------------------------------------------------------------------------------------
provider "aws" {
region = "${var.aws_region}"
}
# ---------------------------------------------------------------------------------------------------------------------
# DEPLOY THE EC2 INSTANCE WITH A PUBLIC IP
# ---------------------------------------------------------------------------------------------------------------------
resource "aws_instance" "example_public" {
ami = "${data.aws_ami.ubuntu.id}"
instance_type = "t2.micro"
vpc_security_group_ids = ["${aws_security_group.example.id}"]
key_name = "${var.key_pair_name}"
# This EC2 Instance has a public IP and will be accessible directly from the public Internet
associate_public_ip_address = true
tags {
Name = "${var.instance_name}-public"
}
}
# ---------------------------------------------------------------------------------------------------------------------
# CREATE A SECURITY GROUP TO CONTROL WHAT REQUESTS CAN GO IN AND OUT OF THE EC2 INSTANCES
# ---------------------------------------------------------------------------------------------------------------------
resource "aws_security_group" "example" {
name = "${var.instance_name}"
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = "${var.ssh_port}"
to_port = "${var.ssh_port}"
protocol = "tcp"
# To keep this example simple, we allow incoming SSH requests from any IP. In real-world usage, you should only
# allow SSH requests from trusted servers, such as a bastion host or VPN server.
cidr_blocks = ["0.0.0.0/0"]
}
}
# ---------------------------------------------------------------------------------------------------------------------
# Provision the server using remote-exec
# ---------------------------------------------------------------------------------------------------------------------
resource "null_resource" "example_provisioner" {
triggers {
public_ip = "${aws_instance.example_public.public_ip}"
}
connection {
type = "ssh"
host = "${aws_instance.example_public.public_ip}"
user = "${var.ssh_user}"
port = "${var.ssh_port}"
agent = true
}
// copy our example script to the server
provisioner "file" {
source = "files/get-public-ip.sh"
destination = "/tmp/get-public-ip.sh"
}
// change permissions to executable and pipe its output into a new file
provisioner "remote-exec" {
inline = [
"chmod +x /tmp/get-public-ip.sh",
"/tmp/get-public-ip.sh > /tmp/public-ip",
]
}
provisioner "local-exec" {
# copy the public-ip file back to CWD, which will be tested
command = "scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null ${var.ssh_user}@${aws_instance.example_public.public_ip}:/tmp/public-ip public-ip"
}
}
# ---------------------------------------------------------------------------------------------------------------------
# LOOK UP THE LATEST UBUNTU AMI
# ---------------------------------------------------------------------------------------------------------------------
data "aws_ami" "ubuntu" {
most_recent = true
owners = ["099720109477"] # Canonical
filter {
name = "virtualization-type"
values = ["hvm"]
}
filter {
name = "architecture"
values = ["x86_64"]
}
filter {
name = "image-type"
values = ["machine"]
}
filter {
name = "name"
values = ["ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-*"]
}
}