! Baseline Terraform configuration(no EIP yet)

Major components are scripted out here however a
gateway + EIP still need to be configured for full
base level infra "doneness"
This commit is contained in:
shockrah 2021-11-24 20:44:32 -08:00
parent 96d08fa4ab
commit 8f5ff2aff3
7 changed files with 148 additions and 0 deletions

1
.gitignore vendored
View File

@ -2,3 +2,4 @@ msg
*.swp *.swp
infra/.terraform infra/.terraform
infra/.terraform.lock.hcl infra/.terraform.lock.hcl
infra/terraform.tfvars

27
infra/alpha.tf Normal file
View File

@ -0,0 +1,27 @@
# Alpha is our primary server that we use for bots which basically
# serve services that I personally run
variable "alpha_ssh_key_name" {}
variable "alpha_public_key_path" {}
variable "alpha_instance_type" {}
variable "alpha_ami_id" {}
resource "aws_key_pair" "alpha_ssh" {
key_name = var.alpha_ssh_key_name
public_key = var.alpha_public_key_path
}
resource "aws_instance" "alpha" {
ami = var.alpha_ami_id
instance_type = var.alpha_instance_type
key_name = var.alpha_ssh_key_name
security_groups = [
aws_security_group.basic_web_sec.id,
aws_security_group.internal_ssh_recv.id
]
subnet_id = aws_subnet.crete_subnet.id
}

26
infra/beta.tf Normal file
View File

@ -0,0 +1,26 @@
# This module defines the beta server instance which
variable "beta_ssh_key_name" {}
variable "beta_public_key_path" {}
variable "beta_instance_type" {}
variable "beta_ami_id" {}
resource "aws_key_pair" "beta_ssh" {
key_name = var.beta_public_key_path
public_key = var.beta_public_key_path
}
resource "aws_instance" "beta" {
ami = var.beta_ami_id
instance_type = var.beta_instance_type
key_name = var.beta_public_key_path
security_groups = [
aws_security_group.basic_web_sec.id,
aws_security_group.internal_ssh_recv.id
]
subnet_id = aws_subnet.crete_subnet.id
}

11
infra/provider.tf Normal file
View File

@ -0,0 +1,11 @@
variable "aws_key" {}
variable "aws_secret" {}
variable "aws_region" {}
variable "ami_id" {}
provider "aws" {
access_key = var.aws_key
secret_key = var.aws_secret
region = var.aws_region
max_retries = 1
}

56
infra/security-groups.tf Normal file
View File

@ -0,0 +1,56 @@
# Here are general definitions for security rulesets
resource "aws_security_group" "basic_web_sec" {
name = "General web server ruleset"
description = "Allowing strictly web traffic"
# Intake of web requests(only serving TLS enabled traffic)
ingress {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
to_port = 443
protocol = "tcp"
}
# WARN: Due to the usage of debian based images this rule
# is effectively required in order to properly update
# the system as apt mostly talks over port 443(maybe port 80 too?)
egress {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
to_port = 443
protocol = "tcp"
}
}
resource "aws_security_group" "internal_ssh_recv" {
ingress {
cidr_blocks = [var.crete_cidr]
from_port = 22
to_port = 22
protocol = "tcp"
}
}
# Main role: SSH host/dev box(not to be up 24/7)
# Note this one is kinda special because the dev box
# itself is _kinda_ special(?)
resource "aws_security_group" "gamma_sec" {
ingress {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
to_port = 22
protocol = "tcp"
}
egress {
cidr_blocks = [ var.crete_cidr ]
from_port = 22
to_port = 22
protocol = "tcp"
}
# Again this is for APT to update repo's when needed
egress {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
to_port = 443
protocol = "tcp"
}
}

15
infra/subnet.tf Normal file
View File

@ -0,0 +1,15 @@
# This script represents the subnet structure for Crete(primary subnet)
variable "crete_cidr" {}
variable "athens_availability_zone" {}
resource "aws_subnet" "crete_subnet" {
vpc_id = aws_vpc.athens_vpc.id
cidr_block = var.crete_cidr
availability_zone = var.athens_availability_zone
tags = {
Name = "Create Subnet"
}
}

12
infra/vpc.tf Normal file
View File

@ -0,0 +1,12 @@
variable "athens_cidr" {}
resource "aws_vpc" "athens_vpc" {
cidr_block = var.athens_cidr
enable_dns_support = true
enable_dns_hostnames = true
tags = {
Name = "Project Athens VPC"
}
}