!+ Sigma Instance
This will be the web host reverse proxy (for alpha & beta) !+ More sec groups for port 80 for apt's request fallback Only because Apt blows * Renaming sec-group::basic_web_sec -> sec-group::general_web_req Should be clearer w/ this rename
This commit is contained in:
parent
6579935310
commit
82d039369c
@ -20,7 +20,7 @@ resource "aws_instance" "alpha" {
|
|||||||
key_name = var.alpha_ssh_key_name
|
key_name = var.alpha_ssh_key_name
|
||||||
|
|
||||||
security_groups = [
|
security_groups = [
|
||||||
aws_security_group.basic_web_sec.id,
|
aws_security_group.general_web_req.id,
|
||||||
aws_security_group.internal_ssh_recv.id
|
aws_security_group.internal_ssh_recv.id
|
||||||
]
|
]
|
||||||
subnet_id = aws_subnet.crete_subnet.id
|
subnet_id = aws_subnet.crete_subnet.id
|
||||||
|
@ -18,7 +18,7 @@ resource "aws_instance" "beta" {
|
|||||||
key_name = var.beta_public_key_path
|
key_name = var.beta_public_key_path
|
||||||
|
|
||||||
security_groups = [
|
security_groups = [
|
||||||
aws_security_group.basic_web_sec.id,
|
aws_security_group.general_web_req.id,
|
||||||
aws_security_group.internal_ssh_recv.id
|
aws_security_group.internal_ssh_recv.id
|
||||||
]
|
]
|
||||||
|
|
||||||
|
18
infra/eip.tf
18
infra/eip.tf
@ -1,9 +1,17 @@
|
|||||||
# Beta will basically always be the static web server
|
resource "aws_eip" "sigma_eip" {
|
||||||
# hence why we explicitly setup an EIP for it alone like this
|
instance = aws_instance.sigma.id
|
||||||
resource "aws_eip" "beta_eip" {
|
|
||||||
instance = aws_instance.beta.id
|
|
||||||
vpc = true
|
vpc = true
|
||||||
tags = {
|
tags = {
|
||||||
Name = "Beta Elastic IP"
|
Name = "Sigma(Web Load Balancer) EIP"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# It's important to note that this instance is not going to up all the time
|
||||||
|
resource "aws_eip" "gamma_eip" {
|
||||||
|
instance = aws_instance.gamma.id
|
||||||
|
vpc = true
|
||||||
|
tags = {
|
||||||
|
Name = "Ansible host Elastic IP"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@ -16,5 +16,9 @@ resource "aws_instance" "gamma" {
|
|||||||
key_name = var.gamma_ssh_key_name
|
key_name = var.gamma_ssh_key_name
|
||||||
|
|
||||||
security_groups = [ aws_security_group.gamma_sec.id ]
|
security_groups = [ aws_security_group.gamma_sec.id ]
|
||||||
|
subnet_id = aws_subnet.crete_subnet.id
|
||||||
|
tags = {
|
||||||
|
Name = "Gamma Host"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
# Here are general definitions for security rulesets
|
# Here are general definitions for security rulesets
|
||||||
|
|
||||||
resource "aws_security_group" "basic_web_sec" {
|
resource "aws_security_group" "general_web_req" {
|
||||||
name = "Athens General web server ruleset"
|
name = "Athens General web server ruleset"
|
||||||
description = "Allowing strictly web traffic"
|
description = "Allowing strictly web traffic"
|
||||||
vpc_id = aws_vpc.athens_vpc.id
|
vpc_id = aws_vpc.athens_vpc.id
|
||||||
@ -11,6 +11,12 @@ resource "aws_security_group" "basic_web_sec" {
|
|||||||
to_port = 443
|
to_port = 443
|
||||||
protocol = "tcp"
|
protocol = "tcp"
|
||||||
}
|
}
|
||||||
|
ingress {
|
||||||
|
cidr_blocks = ["0.0.0.0/0"]
|
||||||
|
from_port = 80
|
||||||
|
to_port = 80
|
||||||
|
protocol = "tcp"
|
||||||
|
}
|
||||||
# WARN: Due to the usage of debian based images this rule
|
# WARN: Due to the usage of debian based images this rule
|
||||||
# is effectively required in order to properly update
|
# is effectively required in order to properly update
|
||||||
# the system as apt mostly talks over port 443(maybe port 80 too?)
|
# the system as apt mostly talks over port 443(maybe port 80 too?)
|
||||||
@ -20,6 +26,15 @@ resource "aws_security_group" "basic_web_sec" {
|
|||||||
to_port = 443
|
to_port = 443
|
||||||
protocol = "tcp"
|
protocol = "tcp"
|
||||||
}
|
}
|
||||||
|
# WARN: like 99% certrain apt falls back to port 80 on occasion
|
||||||
|
# which means we kinda need egress in to not break when requesting
|
||||||
|
# from shitty repos ...
|
||||||
|
egress {
|
||||||
|
cidr_blocks = ["0.0.0.0/0"]
|
||||||
|
from_port = 80
|
||||||
|
to_port = 80
|
||||||
|
protocol = "tcp"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_security_group" "internal_ssh_recv" {
|
resource "aws_security_group" "internal_ssh_recv" {
|
||||||
|
33
infra/sigma.tf
Normal file
33
infra/sigma.tf
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
# Sigma is the system that sits between the internally hosted web services
|
||||||
|
# and the outside world it's job is basically to act as a router for
|
||||||
|
# outside incoming traffic and the web servers
|
||||||
|
|
||||||
|
variable "sigma_ssh_key_name" {}
|
||||||
|
variable "sigma_public_key_path" {}
|
||||||
|
|
||||||
|
variable "sigma_instance_type" {}
|
||||||
|
variable "sigma_ami_id" {}
|
||||||
|
|
||||||
|
resource "aws_key_pair" "sigma_ssh" {
|
||||||
|
key_name = var.sigma_ssh_key_name
|
||||||
|
public_key = file(var.sigma_public_key_path)
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "aws_instance" "sigma" {
|
||||||
|
ami = var.sigma_ami_id
|
||||||
|
instance_type = var.sigma_instance_type
|
||||||
|
|
||||||
|
key_name = var.sigma_ssh_key_name
|
||||||
|
|
||||||
|
security_groups = [
|
||||||
|
aws_security_group.internal_ssh_recv.id,
|
||||||
|
aws_security_group.general_web_req.id,
|
||||||
|
]
|
||||||
|
|
||||||
|
subnet_id = aws_subnet.crete_subnet.id
|
||||||
|
|
||||||
|
tags = {
|
||||||
|
Name = "Sigma Host"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user