ResiLien
/
terraform
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

examples: modernize aws-two-tier 

* Set up a VPC instead of assuming EC2 classic
 * Set up a keypair instead of requiring one be created beforehand;
   this fixes #1567
 * Use SSH Agent for authentication instead of explicit private key.
This commit is contained in:
Paul Hinze 2015-12-02 17:39:24 -06:00
parent 81f7fb1e6f
commit 3f5997a6c1
2 changed files with 92 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

101
examples/aws-two-tier/main.tf
View File

@ -3,19 +3,35 @@ provider "aws" {
region = "${var.aws_region}" region = "${var.aws_region}"
} }
# Our default security group to access # Create a VPC to launch our instances into
# the instances over SSH and HTTP resource "aws_vpc" "default" {
resource "aws_security_group" "default" { cidr_block = "10.0.0.0/16"
name = "terraform_example" }
description = "Used in the terraform"
# SSH access from anywhere # Create an internet gateway to give our subnet access to the outside world
ingress { resource "aws_internet_gateway" "default" {
from_port = 22 vpc_id = "${aws_vpc.default.id}"
to_port = 22 }
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"] # Grant the VPC internet access on its main route table
} resource "aws_route" "internet_access" {
route_table_id = "${aws_vpc.default.main_route_table_id}"
destination_cidr_block = "0.0.0.0/0"
gateway_id = "${aws_internet_gateway.default.id}"
}
# Create a subnet to launch our instances into
resource "aws_subnet" "default" {
vpc_id = "${aws_vpc.default.id}"
cidr_block = "10.0.1.0/24"
map_public_ip_on_launch = true
}
# A security group for the ELB so it is accessible via the web
resource "aws_security_group" "elb" {
name = "terraform_example_elb"
description = "Used in the terraform"
vpc_id = "${aws_vpc.default.id}"
# HTTP access from anywhere # HTTP access from anywhere
ingress { ingress {
@ -34,12 +50,45 @@ resource "aws_security_group" "default" {
} }
} }
# Our default security group to access
# the instances over SSH and HTTP
resource "aws_security_group" "default" {
name = "terraform_example"
description = "Used in the terraform"
vpc_id = "${aws_vpc.default.id}"
# SSH access from anywhere
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
# HTTP access from the VPC
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["10.0.0.0/16"]
}
# outbound internet access
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "aws_elb" "web" { resource "aws_elb" "web" {
name = "terraform-example-elb" name = "terraform-example-elb"
# The same availability zone as our instance subnets = ["${aws_subnet.default.id}"]
availability_zones = ["${aws_instance.web.availability_zone}"] security_groups = ["${aws_security_group.elb.id}"]
instances = ["${aws_instance.web.id}"]
listener { listener {
instance_port = 80 instance_port = 80
@ -48,10 +97,12 @@ resource "aws_elb" "web" {
lb_protocol = "http" lb_protocol = "http"
} }
# The instance is registered automatically
instances = ["${aws_instance.web.id}"]
} }
resource "aws_key_pair" "auth" {
key_name = "tf-aws-two-tier-example"
public_key = "${file(var.public_key_path)}"
}
resource "aws_instance" "web" { resource "aws_instance" "web" {
# The connection block tells our provisioner how to # The connection block tells our provisioner how to
@ -60,8 +111,7 @@ resource "aws_instance" "web" {
# The default username for our AMI # The default username for our AMI
user = "ubuntu" user = "ubuntu"
# The path to your keyfile # The connection will use the local SSH agent for authentication.
key_file = "${var.key_path}"
} }
instance_type = "m1.small" instance_type = "m1.small"
@ -70,15 +120,16 @@ resource "aws_instance" "web" {
# we specified # we specified
ami = "${lookup(var.aws_amis, var.aws_region)}" ami = "${lookup(var.aws_amis, var.aws_region)}"
# The name of our SSH keypair you've created and downloaded # The name of our SSH keypair we created above.
# from the AWS console. key_name = "${aws_key_pair.auth.id}"
#
# https://console.aws.amazon.com/ec2/v2/home?region=us-west-2#KeyPairs:
#
key_name = "${var.key_name}"
# Our Security group to allow HTTP and SSH access # Our Security group to allow HTTP and SSH access
security_groups = ["${aws_security_group.default.name}"] vpc_security_group_ids = ["${aws_security_group.default.id}"]
# We're going to launch into the same subnet as our ELB. In a production
# environment it's more common to have a separate private subnet for
# backend instances.
subnet_id = "${aws_subnet.default.id}"
# We run a remote provisioner on the instance after creating it. # We run a remote provisioner on the instance after creating it.
# In this case, we just install nginx and start it. By default, # In this case, we just install nginx and start it. By default,

12
examples/aws-two-tier/variables.tf
View File

@ -1,9 +1,11 @@
variable "key_name" { variable "public_key_path" {
description = "Name of the SSH keypair to use in AWS." description = <<DESCRIPTION
} Path to the SSH public key to be used for authentication.
Ensure this keypair is added to your local SSH agent so provisioners can
connect.
variable "key_path" { Example: ~/.ssh/id_rsa.pub
description = "Path to the private portion of the SSH key specified." DESCRIPTION
} }
variable "aws_region" { variable "aws_region" {