data/aws: move the masters to the private subnets

wking · Jan 26, 2019 · 6add0ab · 6add0ab
1 parent d5e184b
commit 6add0ab
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 3 deletions.
diff --git a/data/data/aws/main.tf b/data/data/aws/main.tf
@@ -46,7 +46,7 @@ module "masters" {
   root_volume_iops         = "${var.aws_master_root_volume_iops}"
   root_volume_size         = "${var.aws_master_root_volume_size}"
   root_volume_type         = "${var.aws_master_root_volume_type}"
-  subnet_ids               = "${module.vpc.public_subnet_ids}"
+  subnet_ids               = "${module.vpc.private_subnet_ids}"
   target_group_arns        = "${module.vpc.aws_lb_target_group_arns}"
   target_group_arns_length = "${module.vpc.aws_lb_target_group_arns_length}"
   ec2_ami                  = "${var.aws_ec2_ami_override}"

diff --git a/data/data/aws/master/main.tf b/data/data/aws/master/main.tf
@@ -85,8 +85,7 @@ resource "aws_instance" "master" {
   subnet_id            = "${element(var.subnet_ids, count.index)}"
   user_data            = "${var.user_data_ign}"
 
-  vpc_security_group_ids      = ["${var.master_sg_ids}"]
-  associate_public_ip_address = true
+  vpc_security_group_ids = ["${var.master_sg_ids}"]
 
   lifecycle {
     # Ignore changes in the AMI which force recreation of the resource. This

diff --git a/data/data/aws/vpc/outputs.tf b/data/data/aws/vpc/outputs.tf
@@ -6,6 +6,10 @@ output "public_subnet_ids" {
   value = "${local.public_subnet_ids}"
 }
 
+output "private_subnet_ids" {
+  value = "${local.private_subnet_ids}"
+}
+
 output "etcd_sg_id" {
   value = "${aws_security_group.etcd.id}"
 }