NEW: code revised

2020-08-17 12:24:15 +08:00
parent c6928fff02
commit 15ff974790
7 changed files with 141 additions and 17 deletions
@@ -0,0 +1,19 @@
 #!/usr/bin/env bash
 #
 # Usage: gen-statetf.sh <bucket name> <lock table name> <env> <region>
 if [ $# -lt 4 ]; then
  echo "Usage: gen-statetf.sh <bucket name> <lock table name> <env> <region>"
  exit 0
 fi
 cat <<EOF
 terraform {
  backend "s3" {
    encrypt = true
    bucket = "$1"
    dynamodb_table = "$2"
    key    = "$3/terraform.tfstate"
    region = "$4"
  }
 }
 EOF
@@ -4,7 +4,7 @@ resource "random_integer" "suffix" {
 }
 resource "aws_s3_bucket" "state" {
-  bucket        = "tfstate-sandbox-hkex-${random_integer.suffix.result}"
+  bucket        = "tfstate-${var.customer-name}-${var.environment}-${random_integer.suffix.result}"
  force_destroy = true
  tags = var.default-tags
@@ -23,7 +23,7 @@ resource "aws_s3_bucket" "state" {
 }
 resource "aws_dynamodb_table" "statelock" {
-  name           = "tflock-sandbox-HKEX-${random_integer.suffix.result}"
+  name           = "tflock-${var.custoemr-name}-${var.environment}-${random_integer.suffix.result}"
  read_capacity  = 10
  write_capacity = 10
  hash_key       = "LockID"
@@ -13,3 +13,6 @@ variable "default-tags" {}
 variable "vpc-cidr" {
  default = "172.16.0.0/16"
 }
 variable "customer-name" {}
 variable "environment" {}
@@ -0,0 +1,63 @@
 resource "aws_security_group" "sg1" {
  name   = "${var.environment}-${var.project}-sg1"
  vpc_id = module.vpc.vpc_id
  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
  tags = local.default-tags
 }
 resource "aws_key_pair" "keypair1" {
  key_name   = "${var.environment}-${var.project}-key1"
  public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDcDE0MtvSBWcFSDixqirL9CLRO7/AKBQG4B/5MX6eUSUUSijRW4uO7U77ClUnaKCTBw+MTjPGsFs4Oe1PQOzG2IIAxIy3fSCSQT0hWREq3Qtk0BcP7wl5rpS/zC7i7SImikCkMICjuh7F05yiSL9w05lDLTuih6mqGvknaNeVA6ekaLtzLa97CdEdY/Sa4u5SJUEz3Eh13GpU39q/0jcGY+G/JAlrJu1qRrr0qgN9BtrvKPyP2c4S0yxHjzUTwCAGsS+EgKY9iThHTajN+3olz1z2O9e7jJJZ+4NIm7sw3VmMCXDiW9FIa84alDeTPxKxqhWGWr5haOxb95hG/gsJQhRpHBOAq5f2ymHZU0Pn4Wxehw1HpJ7CmiNIAM9vpiRvt4U1h32zc5vS8wzN8+b9RbG2VRU2WAbP6kZnyb2nwYbwTLt8je2KwDo1zK8n2E4hl4S7psapytNq5pJnYYxR09Yi6DneGfXHTJNyghBObiTwVYiwFQy8hdpfDhGnJEgllr5wPEYlBiNOSQsUBgaUrrZwx8lF7CYYlhagtZRQCK5kc3Q5VbdHZ9lmdbfzGzDrjOY+wVZef3pcrTFXE64cU8WaOU/tEbudaT46d1IC0i7tEf7r15udjmZRSMXG/fxY7wFVPBn5VjxLXxeiwRkPbnYTDXcRrVup36uGe/siqYQ== root@sshd-67f5f974fc-nw58w"
 }
 data "aws_ami" "ami1" {
  most_recent = true
  filter {
    name   = "name"
    values = ["amzn2*arm64-gp2"]
  }
  filter {
    name   = "virtualization-type"
    values = ["hvm"]
  }
  owners = ["amazon"]
 }
 resource "aws_instance" "instance1" {
  ami                  = data.aws_ami.ami1.id
  instance_type        = "a1.medium"
  key_name             = aws_key_pair.keypair1.key_name
  vpc_security_group_ids = [aws_security_group.sg1.id]
  subnet_id            = module.vpc.public_subnets[0]
  iam_instance_profile = "AmazonSSMRoleForInstancesQuickSetup"
  tags = merge(
    local.default-tags,
    { "Name" : "${var.environment}-${var.project}-instance01" }
  )
  volume_tags = local.default-tags
  user_data = <<-EOF
    #! /bin/bash
    echo "Hello everyone. Welcome to this demo." > /etc/motd
  EOF
 }
@@ -1,9 +1,9 @@
 terraform {
  backend "s3" {
-    encrypt = true
+    encrypt        = true
-    bucket = "tfstate-sandbox-hkex-5727"
+    bucket         = "tfstate-sandbox-hkex-5727"
    dynamodb_table = "tflock-sandbox-HKEX-5727"
-    key    = "network/terraform.tfstate"
+    key            = "network/terraform.tfstate"
-    region = "ap-southeast-1"
+    region         = "ap-southeast-1"
  }
 }
@@ -1,15 +1,31 @@
 variable "aws_access_key" {}
 variable "aws_secret_key" {}
 variable "aws_region" {}
 provider "aws" {
  access_key = var.aws_access_key
  secret_key = var.aws_secret_key
-  region     = var.aws_region
+  region     = var.aws-region
  version = ">= 2.28.1"
 }
 variable "default-tags" {}
 variable "vpc-cidr" {
  default = "172.16.0.0/16"
 }
 variable aws-region {}
 variable serviceprovider {}
 variable owner {}
 variable project {}
 variable environment {}
 variable application {}
 variable terraformmode {}
 locals {
  default-tags = {
    serviceprovider = "rackspace"
    terraform       = var.terraformmode
    environment     = var.environment
    project         = var.project
    application     = var.application
  }
 }
@@ -1,7 +1,7 @@
 data "aws_availability_zones" "available" {}
 locals {
-  subnet_start = cidrsubnets(var.vpc-cidr,4,4) 
+  subnet_start = cidrsubnets(var.vpc-cidr, 4, 4)
 }
 module "random" {
@@ -10,21 +10,44 @@ module "random" {
 module "vpc" {
  source  = "terraform-aws-modules/vpc/aws"
-  version = "2.6.0"
+  version = "2.47.0"
  name                 = "demo-vpc-${module.random.number}"
  cidr                 = var.vpc-cidr
  azs                  = data.aws_availability_zones.available.names
-  private_subnets 	= cidrsubnets(local.subnet_start[0], 4,4)
+  private_subnets      = cidrsubnets(local.subnet_start[0], 4, 4)
-  public_subnets 	= cidrsubnets(local.subnet_start[1], 4,4)
+  public_subnets       = cidrsubnets(local.subnet_start[1], 4, 4)
  enable_nat_gateway   = false
  single_nat_gateway   = true
  enable_dns_hostnames = true
-  tags = var.default-tags
+  # this is kinda slow
  #  enable_ssm_endpoint              = true
  #  ssm_endpoint_private_dns_enabled = true
  #  ssm_endpoint_security_group_ids  = [aws_security_group.endpoint-sg.id]
  #  ssm_endpoint_subnet_ids          = module.vpc.public_subnets
  tags = local.default-tags
 }
-output "vpc_id" {
+resource "aws_security_group" "endpoint-sg" {
-  value = module.vpc.vpc_id
+  name   = "endpoint-sg"
  vpc_id = module.vpc.vpc_id
  ingress {
    description = "Allow within VPC"
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = [module.vpc.vpc_cidr_block]
  }
  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
  tags = local.default-tags
 }