- Removing tons of complexity and removing cost overall

! Down to just 2 public servers for now because why tf now servers
This commit is contained in:
shockrah 2021-12-03 21:25:51 -08:00
parent ffbd1ceee5
commit 92a450927d
9 changed files with 15 additions and 154 deletions

View File

@ -22,10 +22,11 @@ resource "aws_instance" "alpha" {
private_ip = "10.0.1.10" private_ip = "10.0.1.10"
security_groups = [ security_groups = [
aws_security_group.general_web_req.id, aws_security_group.general_web_req.id,
aws_security_group.internal_ssh_recv.id aws_security_group.remote_ssh_rec.id
] ]
subnet_id = aws_subnet.crete_subnet.id subnet_id = aws_subnet.crete_subnet.id
tags = { tags = {
Name = "Alpha Host" Name = "Alpha Host"
Description = "Docker host with chatbots mostly"
} }
} }

View File

@ -20,7 +20,7 @@ resource "aws_instance" "beta" {
private_ip = "10.0.1.11" private_ip = "10.0.1.11"
security_groups = [ security_groups = [
aws_security_group.general_web_req.id, aws_security_group.general_web_req.id,
aws_security_group.internal_ssh_recv.id aws_security_group.remote_ssh_rec.id
] ]
subnet_id = aws_subnet.crete_subnet.id subnet_id = aws_subnet.crete_subnet.id

View File

@ -1,25 +1,17 @@
resource "aws_eip" "sigma_eip" { resource "aws_eip" "alpha_eip" {
instance = aws_instance.sigma.id instance = aws_instance.alpha.id
vpc = true vpc = true
tags = { tags = {
Name = "Sigma(Web Load Balancer) EIP" Name = "Alpha EIP"
} }
} }
# It's important to note that this instance is not going to up all the time
resource "aws_eip" "gamma_eip" { resource "aws_eip" "beta_eip" {
instance = aws_instance.gamma.id
vpc = true vpc = true
instance = aws_instance.beta.id
tags = { tags = {
Name = "Ansible host Elastic IP" Name = "Beta EIP"
}
}
# This EIP is reserved for the NAT gateway which lives in Olympus
resource "aws_eip" "demeter_eip" {
vpc = true
tags = {
Name = "NAT Gateway EIP"
} }
} }

View File

@ -1,29 +0,0 @@
variable "gamma_ssh_key_name" {}
variable "gamma_public_key_path" {}
variable "gamma_instance_type" {}
variable "gamma_ami_id" {}
resource "aws_key_pair" "gamma_ssh" {
key_name = var.gamma_ssh_key_name
public_key = file(var.gamma_public_key_path)
}
resource "aws_instance" "gamma" {
ami = var.gamma_ami_id
instance_type = var.gamma_instance_type
key_name = var.gamma_ssh_key_name
private_ip = "10.0.2.10"
security_groups = [
aws_security_group.gamma_sec.id,
aws_security_group.general_web_req.id
]
subnet_id = aws_subnet.olympus_subnet.id
tags = {
Name = "Gamma Host"
}
}

View File

@ -6,16 +6,3 @@ resource "aws_internet_gateway" "athens_internet_gateway" {
Name = "Athens Common Internet Gateway in Olypmus" Name = "Athens Common Internet Gateway in Olypmus"
} }
} }
# NAT lives in the public subnet because it has an EIP
# which is the main requirement to be situated in Olympus
resource "aws_nat_gateway" "crete_nat_gateway" {
allocation_id = aws_eip.demeter_eip.id
subnet_id = aws_subnet.olympus_subnet.id
tags = {
Name = "Demeter - Crete's NAT located in Olympus"
}
# Ensure this resource is created after the internet gateway
depends_on = [aws_internet_gateway.athens_internet_gateway]
}

View File

@ -1,5 +1,5 @@
# NOTE: local traffic route is implied and does not need to be specified # NOTE: local traffic route is implied and does not need to be specified
resource "aws_route_table" "olympus_route_table" { resource "aws_route_table" "crete_route_table" {
vpc_id = aws_vpc.athens_vpc.id vpc_id = aws_vpc.athens_vpc.id
route { route {
cidr_block = "0.0.0.0/0" cidr_block = "0.0.0.0/0"
@ -7,28 +7,10 @@ resource "aws_route_table" "olympus_route_table" {
} }
tags = { tags = {
Name = "Olympush IGW Route Table" Name = "Crete IGW Route Table"
} }
} }
resource "aws_route_table_association" "olympus_gateway_association" { resource "aws_route_table_association" "crete_gateway_association" {
subnet_id = aws_subnet.olympus_subnet.id
route_table_id = aws_route_table.olympus_route_table.id
}
# Here we route crete's traffic to the nat
# NOTE: The NAT is actually located in Olympus because it has an EIP
resource "aws_route_table" "crete_route_table" {
vpc_id = aws_vpc.athens_vpc.id
route {
cidr_block = "0.0.0.0/0"
nat_gateway_id = aws_nat_gateway.crete_nat_gateway.id
}
tags = {
Name = "Crete NAT Route Table"
}
}
resource "aws_route_table_association" "crete_nat_association" {
subnet_id = aws_subnet.crete_subnet.id subnet_id = aws_subnet.crete_subnet.id
route_table_id = aws_route_table.crete_route_table.id route_table_id = aws_route_table.crete_route_table.id
} }

View File

@ -37,40 +37,14 @@ resource "aws_security_group" "general_web_req" {
} }
} }
resource "aws_security_group" "internal_ssh_recv" { resource "aws_security_group" "remote_ssh_rec" {
name = "Athens Internal SSH RECV" name = "Athens Internal SSH RECV"
vpc_id = aws_vpc.athens_vpc.id vpc_id = aws_vpc.athens_vpc.id
ingress { ingress {
cidr_blocks = [var.athens_cidr] cidr_blocks = ["0.0.0.0/0"]
from_port = 22 from_port = 22
to_port = 22 to_port = 22
protocol = "tcp" protocol = "tcp"
} }
} }
# Main role: SSH host/dev box(not to be up 24/7)
# Note this one is kinda special because the dev box
# itself is _kinda_ special(?)
resource "aws_security_group" "gamma_sec" {
name = "Athens Gamma Sec"
vpc_id = aws_vpc.athens_vpc.id
ingress {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
to_port = 22
protocol = "tcp"
}
egress {
cidr_blocks = [ var.crete_cidr, var.olympus_cidr]
from_port = 22
to_port = 22
protocol = "tcp"
}
# Again this is for APT to update repo's when needed
egress {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
to_port = 443
protocol = "tcp"
}
}

View File

@ -1,34 +0,0 @@
# Sigma is the system that sits between the internally hosted web services
# and the outside world it's job is basically to act as a router for
# outside incoming traffic and the web servers
variable "sigma_ssh_key_name" {}
variable "sigma_public_key_path" {}
variable "sigma_instance_type" {}
variable "sigma_ami_id" {}
resource "aws_key_pair" "sigma_ssh" {
key_name = var.sigma_ssh_key_name
public_key = file(var.sigma_public_key_path)
}
resource "aws_instance" "sigma" {
ami = var.sigma_ami_id
instance_type = var.sigma_instance_type
key_name = var.sigma_ssh_key_name
private_ip = "10.0.2.11"
security_groups = [
aws_security_group.internal_ssh_recv.id,
aws_security_group.general_web_req.id,
]
subnet_id = aws_subnet.olympus_subnet.id
tags = {
Name = "Sigma Host"
}
}

View File

@ -1,5 +1,4 @@
# This script represents the subnet structure for Crete(primary subnet) # This script represents the subnet structure for Crete(primary subnet)
variable "olympus_cidr" {}
variable "crete_cidr" {} variable "crete_cidr" {}
variable "athens_availability_zone" {} variable "athens_availability_zone" {}
@ -15,14 +14,3 @@ resource "aws_subnet" "crete_subnet" {
Name = "Crete Subnet - Internal" Name = "Crete Subnet - Internal"
} }
} }
# Olympus will be the subnet that contains any/all public facing services
resource "aws_subnet" "olympus_subnet" {
vpc_id = aws_vpc.athens_vpc.id
# 10.0.2.0/24
cidr_block = var.olympus_cidr
tags = {
Name = "Olympus Subnet - Public Facing"
}
}