From 92a450927df73dba5db7b8cef379760617428bc9 Mon Sep 17 00:00:00 2001 From: shockrah Date: Fri, 3 Dec 2021 21:25:51 -0800 Subject: [PATCH] - Removing tons of complexity and removing cost overall ! Down to just 2 public servers for now because why tf now servers --- infra/alpha.tf | 3 ++- infra/beta.tf | 2 +- infra/eip.tf | 22 +++++++--------------- infra/gamma.tf | 29 ----------------------------- infra/gateway.tf | 13 ------------- infra/route-table.tf | 24 +++--------------------- infra/security-groups.tf | 30 ++---------------------------- infra/sigma.tf | 34 ---------------------------------- infra/subnet.tf | 12 ------------ 9 files changed, 15 insertions(+), 154 deletions(-) delete mode 100644 infra/gamma.tf delete mode 100644 infra/sigma.tf diff --git a/infra/alpha.tf b/infra/alpha.tf index cc273b6..71e5bc3 100644 --- a/infra/alpha.tf +++ b/infra/alpha.tf @@ -22,10 +22,11 @@ resource "aws_instance" "alpha" { private_ip = "10.0.1.10" security_groups = [ aws_security_group.general_web_req.id, - aws_security_group.internal_ssh_recv.id + aws_security_group.remote_ssh_rec.id ] subnet_id = aws_subnet.crete_subnet.id tags = { Name = "Alpha Host" + Description = "Docker host with chatbots mostly" } } diff --git a/infra/beta.tf b/infra/beta.tf index ef33e93..04d4ee8 100644 --- a/infra/beta.tf +++ b/infra/beta.tf @@ -20,7 +20,7 @@ resource "aws_instance" "beta" { private_ip = "10.0.1.11" security_groups = [ aws_security_group.general_web_req.id, - aws_security_group.internal_ssh_recv.id + aws_security_group.remote_ssh_rec.id ] subnet_id = aws_subnet.crete_subnet.id diff --git a/infra/eip.tf b/infra/eip.tf index 9be52bc..c91a760 100644 --- a/infra/eip.tf +++ b/infra/eip.tf @@ -1,25 +1,17 @@ -resource "aws_eip" "sigma_eip" { - instance = aws_instance.sigma.id +resource "aws_eip" "alpha_eip" { + instance = aws_instance.alpha.id vpc = true tags = { - Name = "Sigma(Web Load Balancer) EIP" + Name = "Alpha EIP" } } -# It's important to note that this instance is not going to up all the time -resource "aws_eip" "gamma_eip" { - instance = aws_instance.gamma.id + +resource "aws_eip" "beta_eip" { vpc = true + instance = aws_instance.beta.id tags = { - Name = "Ansible host Elastic IP" - } -} - -# This EIP is reserved for the NAT gateway which lives in Olympus -resource "aws_eip" "demeter_eip" { - vpc = true - tags = { - Name = "NAT Gateway EIP" + Name = "Beta EIP" } } diff --git a/infra/gamma.tf b/infra/gamma.tf deleted file mode 100644 index ff7cb9b..0000000 --- a/infra/gamma.tf +++ /dev/null @@ -1,29 +0,0 @@ -variable "gamma_ssh_key_name" {} -variable "gamma_public_key_path" {} - -variable "gamma_instance_type" {} -variable "gamma_ami_id" {} - -resource "aws_key_pair" "gamma_ssh" { - key_name = var.gamma_ssh_key_name - public_key = file(var.gamma_public_key_path) -} - -resource "aws_instance" "gamma" { - ami = var.gamma_ami_id - instance_type = var.gamma_instance_type - - key_name = var.gamma_ssh_key_name - - private_ip = "10.0.2.10" - - security_groups = [ - aws_security_group.gamma_sec.id, - aws_security_group.general_web_req.id - ] - subnet_id = aws_subnet.olympus_subnet.id - tags = { - Name = "Gamma Host" - } -} - diff --git a/infra/gateway.tf b/infra/gateway.tf index 1776077..4a809f9 100644 --- a/infra/gateway.tf +++ b/infra/gateway.tf @@ -6,16 +6,3 @@ resource "aws_internet_gateway" "athens_internet_gateway" { Name = "Athens Common Internet Gateway in Olypmus" } } - -# NAT lives in the public subnet because it has an EIP -# which is the main requirement to be situated in Olympus -resource "aws_nat_gateway" "crete_nat_gateway" { - allocation_id = aws_eip.demeter_eip.id - subnet_id = aws_subnet.olympus_subnet.id - - tags = { - Name = "Demeter - Crete's NAT located in Olympus" - } - # Ensure this resource is created after the internet gateway - depends_on = [aws_internet_gateway.athens_internet_gateway] -} diff --git a/infra/route-table.tf b/infra/route-table.tf index 99a8f7c..36f65ad 100644 --- a/infra/route-table.tf +++ b/infra/route-table.tf @@ -1,5 +1,5 @@ # NOTE: local traffic route is implied and does not need to be specified -resource "aws_route_table" "olympus_route_table" { +resource "aws_route_table" "crete_route_table" { vpc_id = aws_vpc.athens_vpc.id route { cidr_block = "0.0.0.0/0" @@ -7,28 +7,10 @@ resource "aws_route_table" "olympus_route_table" { } tags = { - Name = "Olympush IGW Route Table" + Name = "Crete IGW Route Table" } } -resource "aws_route_table_association" "olympus_gateway_association" { - subnet_id = aws_subnet.olympus_subnet.id - route_table_id = aws_route_table.olympus_route_table.id -} - - -# Here we route crete's traffic to the nat -# NOTE: The NAT is actually located in Olympus because it has an EIP -resource "aws_route_table" "crete_route_table" { - vpc_id = aws_vpc.athens_vpc.id - route { - cidr_block = "0.0.0.0/0" - nat_gateway_id = aws_nat_gateway.crete_nat_gateway.id - } - tags = { - Name = "Crete NAT Route Table" - } -} -resource "aws_route_table_association" "crete_nat_association" { +resource "aws_route_table_association" "crete_gateway_association" { subnet_id = aws_subnet.crete_subnet.id route_table_id = aws_route_table.crete_route_table.id } diff --git a/infra/security-groups.tf b/infra/security-groups.tf index 7a7fdd4..e8ab64e 100644 --- a/infra/security-groups.tf +++ b/infra/security-groups.tf @@ -37,40 +37,14 @@ resource "aws_security_group" "general_web_req" { } } -resource "aws_security_group" "internal_ssh_recv" { +resource "aws_security_group" "remote_ssh_rec" { name = "Athens Internal SSH RECV" vpc_id = aws_vpc.athens_vpc.id ingress { - cidr_blocks = [var.athens_cidr] + cidr_blocks = ["0.0.0.0/0"] from_port = 22 to_port = 22 protocol = "tcp" } } -# Main role: SSH host/dev box(not to be up 24/7) -# Note this one is kinda special because the dev box -# itself is _kinda_ special(?) -resource "aws_security_group" "gamma_sec" { - name = "Athens Gamma Sec" - vpc_id = aws_vpc.athens_vpc.id - ingress { - cidr_blocks = ["0.0.0.0/0"] - from_port = 22 - to_port = 22 - protocol = "tcp" - } - egress { - cidr_blocks = [ var.crete_cidr, var.olympus_cidr] - from_port = 22 - to_port = 22 - protocol = "tcp" - } - # Again this is for APT to update repo's when needed - egress { - cidr_blocks = ["0.0.0.0/0"] - from_port = 443 - to_port = 443 - protocol = "tcp" - } -} diff --git a/infra/sigma.tf b/infra/sigma.tf deleted file mode 100644 index 2b71efe..0000000 --- a/infra/sigma.tf +++ /dev/null @@ -1,34 +0,0 @@ -# Sigma is the system that sits between the internally hosted web services -# and the outside world it's job is basically to act as a router for -# outside incoming traffic and the web servers - -variable "sigma_ssh_key_name" {} -variable "sigma_public_key_path" {} - -variable "sigma_instance_type" {} -variable "sigma_ami_id" {} - -resource "aws_key_pair" "sigma_ssh" { - key_name = var.sigma_ssh_key_name - public_key = file(var.sigma_public_key_path) -} - -resource "aws_instance" "sigma" { - ami = var.sigma_ami_id - instance_type = var.sigma_instance_type - - key_name = var.sigma_ssh_key_name - - private_ip = "10.0.2.11" - security_groups = [ - aws_security_group.internal_ssh_recv.id, - aws_security_group.general_web_req.id, - ] - - subnet_id = aws_subnet.olympus_subnet.id - - tags = { - Name = "Sigma Host" - } -} - diff --git a/infra/subnet.tf b/infra/subnet.tf index 00b5b2b..6a57806 100644 --- a/infra/subnet.tf +++ b/infra/subnet.tf @@ -1,5 +1,4 @@ # This script represents the subnet structure for Crete(primary subnet) -variable "olympus_cidr" {} variable "crete_cidr" {} variable "athens_availability_zone" {} @@ -15,14 +14,3 @@ resource "aws_subnet" "crete_subnet" { Name = "Crete Subnet - Internal" } } - -# Olympus will be the subnet that contains any/all public facing services -resource "aws_subnet" "olympus_subnet" { - vpc_id = aws_vpc.athens_vpc.id - # 10.0.2.0/24 - cidr_block = var.olympus_cidr - - tags = { - Name = "Olympus Subnet - Public Facing" - } -}