xpk/example.terraform
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

NEW: code revised

Browse Source
This commit is contained in:
xpk
2020-08-17 12:24:15 +08:00
parent c6928fff02
commit 15ff974790
7 changed files with 141 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files
000-state-setup/gen-statetf.sh
Executable
+19
View File
@@ -0,0 +1,19 @@
#!/usr/bin/env bash
#
# Usage: gen-statetf.sh <bucket name> <lock table name> <env> <region>
if [ $# -lt 4 ]; then
echo "Usage: gen-statetf.sh <bucket name> <lock table name> <env> <region>"
exit 0
fi
cat <<EOF
terraform {
backend "s3" {
encrypt = true
bucket = "$1"
dynamodb_table = "$2"
key = "$3/terraform.tfstate"
region = "$4"
}
}
EOF
000-state-setup/s3-state.tf
+2 -2
View File
@@ -4,7 +4,7 @@ resource "random_integer" "suffix" {
} }
resource "aws_s3_bucket" "state" { resource "aws_s3_bucket" "state" {
bucket = "tfstate-sandbox-hkex-${random_integer.suffix.result}" bucket = "tfstate-${var.customer-name}-${var.environment}-${random_integer.suffix.result}"
force_destroy = true force_destroy = true
tags = var.default-tags tags = var.default-tags
@@ -23,7 +23,7 @@ resource "aws_s3_bucket" "state" {
} }
resource "aws_dynamodb_table" "statelock" { resource "aws_dynamodb_table" "statelock" {
name = "tflock-sandbox-HKEX-${random_integer.suffix.result}" name = "tflock-${var.custoemr-name}-${var.environment}-${random_integer.suffix.result}"
read_capacity = 10 read_capacity = 10
write_capacity = 10 write_capacity = 10
hash_key = "LockID" hash_key = "LockID"
000-state-setup/var-def.tf
+3
View File
@@ -13,3 +13,6 @@ variable "default-tags" {}
variable "vpc-cidr" { variable "vpc-cidr" {
default = "172.16.0.0/16" default = "172.16.0.0/16"
} }
variable "customer-name" {}
variable "environment" {}
ec2/ec2.tf
+63
View File
@@ -0,0 +1,63 @@
resource "aws_security_group" "sg1" {
name = "${var.environment}-${var.project}-sg1"
vpc_id = module.vpc.vpc_id
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = local.default-tags
}
resource "aws_key_pair" "keypair1" {
key_name = "${var.environment}-${var.project}-key1"
public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDcDE0MtvSBWcFSDixqirL9CLRO7/AKBQG4B/5MX6eUSUUSijRW4uO7U77ClUnaKCTBw+MTjPGsFs4Oe1PQOzG2IIAxIy3fSCSQT0hWREq3Qtk0BcP7wl5rpS/zC7i7SImikCkMICjuh7F05yiSL9w05lDLTuih6mqGvknaNeVA6ekaLtzLa97CdEdY/Sa4u5SJUEz3Eh13GpU39q/0jcGY+G/JAlrJu1qRrr0qgN9BtrvKPyP2c4S0yxHjzUTwCAGsS+EgKY9iThHTajN+3olz1z2O9e7jJJZ+4NIm7sw3VmMCXDiW9FIa84alDeTPxKxqhWGWr5haOxb95hG/gsJQhRpHBOAq5f2ymHZU0Pn4Wxehw1HpJ7CmiNIAM9vpiRvt4U1h32zc5vS8wzN8+b9RbG2VRU2WAbP6kZnyb2nwYbwTLt8je2KwDo1zK8n2E4hl4S7psapytNq5pJnYYxR09Yi6DneGfXHTJNyghBObiTwVYiwFQy8hdpfDhGnJEgllr5wPEYlBiNOSQsUBgaUrrZwx8lF7CYYlhagtZRQCK5kc3Q5VbdHZ9lmdbfzGzDrjOY+wVZef3pcrTFXE64cU8WaOU/tEbudaT46d1IC0i7tEf7r15udjmZRSMXG/fxY7wFVPBn5VjxLXxeiwRkPbnYTDXcRrVup36uGe/siqYQ== root@sshd-67f5f974fc-nw58w"
}
data "aws_ami" "ami1" {
most_recent = true
filter {
name = "name"
values = ["amzn2*arm64-gp2"]
}
filter {
name = "virtualization-type"
values = ["hvm"]
}
owners = ["amazon"]
}
resource "aws_instance" "instance1" {
ami = data.aws_ami.ami1.id
instance_type = "a1.medium"
key_name = aws_key_pair.keypair1.key_name
vpc_security_group_ids = [aws_security_group.sg1.id]
subnet_id = module.vpc.public_subnets[0]
iam_instance_profile = "AmazonSSMRoleForInstancesQuickSetup"
tags = merge(
local.default-tags,
{ "Name" : "${var.environment}-${var.project}-instance01" }
)
volume_tags = local.default-tags
user_data = <<-EOF
#! /bin/bash
echo "Hello everyone. Welcome to this demo." > /etc/motd
EOF
}
vpc-subnets/var-def.tf
+20 -4
View File
@@ -1,15 +1,31 @@
variable "aws_access_key" {} variable "aws_access_key" {}
variable "aws_secret_key" {} variable "aws_secret_key" {}
variable "aws_region" {}
provider "aws" { provider "aws" {
access_key = var.aws_access_key access_key = var.aws_access_key
secret_key = var.aws_secret_key secret_key = var.aws_secret_key
region = var.aws_region region = var.aws-region
version = ">= 2.28.1"
} }
variable "default-tags" {}
variable "vpc-cidr" { variable "vpc-cidr" {
default = "172.16.0.0/16" default = "172.16.0.0/16"
} }
variable aws-region {}
variable serviceprovider {}
variable owner {}
variable project {}
variable environment {}
variable application {}
variable terraformmode {}
locals {
default-tags = {
serviceprovider = "rackspace"
terraform = var.terraformmode
environment = var.environment
project = var.project
application = var.application
}
}
vpc-subnets/vpc.tf
+27 -4
View File
@@ -10,7 +10,7 @@ module "random" {
module "vpc" { module "vpc" {
source = "terraform-aws-modules/vpc/aws" source = "terraform-aws-modules/vpc/aws"
version = "2.6.0" version = "2.47.0"
name = "demo-vpc-${module.random.number}" name = "demo-vpc-${module.random.number}"
cidr = var.vpc-cidr cidr = var.vpc-cidr
@@ -21,10 +21,33 @@ module "vpc" {
single_nat_gateway = true single_nat_gateway = true
enable_dns_hostnames = true enable_dns_hostnames = true
tags = var.default-tags # this is kinda slow
# enable_ssm_endpoint = true
# ssm_endpoint_private_dns_enabled = true
# ssm_endpoint_security_group_ids = [aws_security_group.endpoint-sg.id]
# ssm_endpoint_subnet_ids = module.vpc.public_subnets
tags = local.default-tags
} }
output "vpc_id" { resource "aws_security_group" "endpoint-sg" {
value = module.vpc.vpc_id name = "endpoint-sg"
vpc_id = module.vpc.vpc_id
ingress {
description = "Allow within VPC"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = [module.vpc.vpc_cidr_block]
} }
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = local.default-tags
}