- Removing tons of complexity and removing cost overall
! Down to just 2 public servers for now because why tf now servers
This commit is contained in:
parent
ffbd1ceee5
commit
92a450927d
@ -22,10 +22,11 @@ resource "aws_instance" "alpha" {
|
|||||||
private_ip = "10.0.1.10"
|
private_ip = "10.0.1.10"
|
||||||
security_groups = [
|
security_groups = [
|
||||||
aws_security_group.general_web_req.id,
|
aws_security_group.general_web_req.id,
|
||||||
aws_security_group.internal_ssh_recv.id
|
aws_security_group.remote_ssh_rec.id
|
||||||
]
|
]
|
||||||
subnet_id = aws_subnet.crete_subnet.id
|
subnet_id = aws_subnet.crete_subnet.id
|
||||||
tags = {
|
tags = {
|
||||||
Name = "Alpha Host"
|
Name = "Alpha Host"
|
||||||
|
Description = "Docker host with chatbots mostly"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -20,7 +20,7 @@ resource "aws_instance" "beta" {
|
|||||||
private_ip = "10.0.1.11"
|
private_ip = "10.0.1.11"
|
||||||
security_groups = [
|
security_groups = [
|
||||||
aws_security_group.general_web_req.id,
|
aws_security_group.general_web_req.id,
|
||||||
aws_security_group.internal_ssh_recv.id
|
aws_security_group.remote_ssh_rec.id
|
||||||
]
|
]
|
||||||
|
|
||||||
subnet_id = aws_subnet.crete_subnet.id
|
subnet_id = aws_subnet.crete_subnet.id
|
||||||
|
22
infra/eip.tf
22
infra/eip.tf
@ -1,25 +1,17 @@
|
|||||||
resource "aws_eip" "sigma_eip" {
|
resource "aws_eip" "alpha_eip" {
|
||||||
instance = aws_instance.sigma.id
|
instance = aws_instance.alpha.id
|
||||||
vpc = true
|
vpc = true
|
||||||
tags = {
|
tags = {
|
||||||
Name = "Sigma(Web Load Balancer) EIP"
|
Name = "Alpha EIP"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
# It's important to note that this instance is not going to up all the time
|
|
||||||
resource "aws_eip" "gamma_eip" {
|
resource "aws_eip" "beta_eip" {
|
||||||
instance = aws_instance.gamma.id
|
|
||||||
vpc = true
|
vpc = true
|
||||||
|
instance = aws_instance.beta.id
|
||||||
tags = {
|
tags = {
|
||||||
Name = "Ansible host Elastic IP"
|
Name = "Beta EIP"
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
# This EIP is reserved for the NAT gateway which lives in Olympus
|
|
||||||
resource "aws_eip" "demeter_eip" {
|
|
||||||
vpc = true
|
|
||||||
tags = {
|
|
||||||
Name = "NAT Gateway EIP"
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1,29 +0,0 @@
|
|||||||
variable "gamma_ssh_key_name" {}
|
|
||||||
variable "gamma_public_key_path" {}
|
|
||||||
|
|
||||||
variable "gamma_instance_type" {}
|
|
||||||
variable "gamma_ami_id" {}
|
|
||||||
|
|
||||||
resource "aws_key_pair" "gamma_ssh" {
|
|
||||||
key_name = var.gamma_ssh_key_name
|
|
||||||
public_key = file(var.gamma_public_key_path)
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "aws_instance" "gamma" {
|
|
||||||
ami = var.gamma_ami_id
|
|
||||||
instance_type = var.gamma_instance_type
|
|
||||||
|
|
||||||
key_name = var.gamma_ssh_key_name
|
|
||||||
|
|
||||||
private_ip = "10.0.2.10"
|
|
||||||
|
|
||||||
security_groups = [
|
|
||||||
aws_security_group.gamma_sec.id,
|
|
||||||
aws_security_group.general_web_req.id
|
|
||||||
]
|
|
||||||
subnet_id = aws_subnet.olympus_subnet.id
|
|
||||||
tags = {
|
|
||||||
Name = "Gamma Host"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
@ -6,16 +6,3 @@ resource "aws_internet_gateway" "athens_internet_gateway" {
|
|||||||
Name = "Athens Common Internet Gateway in Olypmus"
|
Name = "Athens Common Internet Gateway in Olypmus"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
# NAT lives in the public subnet because it has an EIP
|
|
||||||
# which is the main requirement to be situated in Olympus
|
|
||||||
resource "aws_nat_gateway" "crete_nat_gateway" {
|
|
||||||
allocation_id = aws_eip.demeter_eip.id
|
|
||||||
subnet_id = aws_subnet.olympus_subnet.id
|
|
||||||
|
|
||||||
tags = {
|
|
||||||
Name = "Demeter - Crete's NAT located in Olympus"
|
|
||||||
}
|
|
||||||
# Ensure this resource is created after the internet gateway
|
|
||||||
depends_on = [aws_internet_gateway.athens_internet_gateway]
|
|
||||||
}
|
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
# NOTE: local traffic route is implied and does not need to be specified
|
# NOTE: local traffic route is implied and does not need to be specified
|
||||||
resource "aws_route_table" "olympus_route_table" {
|
resource "aws_route_table" "crete_route_table" {
|
||||||
vpc_id = aws_vpc.athens_vpc.id
|
vpc_id = aws_vpc.athens_vpc.id
|
||||||
route {
|
route {
|
||||||
cidr_block = "0.0.0.0/0"
|
cidr_block = "0.0.0.0/0"
|
||||||
@ -7,28 +7,10 @@ resource "aws_route_table" "olympus_route_table" {
|
|||||||
}
|
}
|
||||||
|
|
||||||
tags = {
|
tags = {
|
||||||
Name = "Olympush IGW Route Table"
|
Name = "Crete IGW Route Table"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
resource "aws_route_table_association" "olympus_gateway_association" {
|
resource "aws_route_table_association" "crete_gateway_association" {
|
||||||
subnet_id = aws_subnet.olympus_subnet.id
|
|
||||||
route_table_id = aws_route_table.olympus_route_table.id
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
# Here we route crete's traffic to the nat
|
|
||||||
# NOTE: The NAT is actually located in Olympus because it has an EIP
|
|
||||||
resource "aws_route_table" "crete_route_table" {
|
|
||||||
vpc_id = aws_vpc.athens_vpc.id
|
|
||||||
route {
|
|
||||||
cidr_block = "0.0.0.0/0"
|
|
||||||
nat_gateway_id = aws_nat_gateway.crete_nat_gateway.id
|
|
||||||
}
|
|
||||||
tags = {
|
|
||||||
Name = "Crete NAT Route Table"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
resource "aws_route_table_association" "crete_nat_association" {
|
|
||||||
subnet_id = aws_subnet.crete_subnet.id
|
subnet_id = aws_subnet.crete_subnet.id
|
||||||
route_table_id = aws_route_table.crete_route_table.id
|
route_table_id = aws_route_table.crete_route_table.id
|
||||||
}
|
}
|
||||||
|
@ -37,40 +37,14 @@ resource "aws_security_group" "general_web_req" {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_security_group" "internal_ssh_recv" {
|
resource "aws_security_group" "remote_ssh_rec" {
|
||||||
name = "Athens Internal SSH RECV"
|
name = "Athens Internal SSH RECV"
|
||||||
vpc_id = aws_vpc.athens_vpc.id
|
vpc_id = aws_vpc.athens_vpc.id
|
||||||
ingress {
|
ingress {
|
||||||
cidr_blocks = [var.athens_cidr]
|
cidr_blocks = ["0.0.0.0/0"]
|
||||||
from_port = 22
|
from_port = 22
|
||||||
to_port = 22
|
to_port = 22
|
||||||
protocol = "tcp"
|
protocol = "tcp"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
# Main role: SSH host/dev box(not to be up 24/7)
|
|
||||||
# Note this one is kinda special because the dev box
|
|
||||||
# itself is _kinda_ special(?)
|
|
||||||
resource "aws_security_group" "gamma_sec" {
|
|
||||||
name = "Athens Gamma Sec"
|
|
||||||
vpc_id = aws_vpc.athens_vpc.id
|
|
||||||
ingress {
|
|
||||||
cidr_blocks = ["0.0.0.0/0"]
|
|
||||||
from_port = 22
|
|
||||||
to_port = 22
|
|
||||||
protocol = "tcp"
|
|
||||||
}
|
|
||||||
egress {
|
|
||||||
cidr_blocks = [ var.crete_cidr, var.olympus_cidr]
|
|
||||||
from_port = 22
|
|
||||||
to_port = 22
|
|
||||||
protocol = "tcp"
|
|
||||||
}
|
|
||||||
# Again this is for APT to update repo's when needed
|
|
||||||
egress {
|
|
||||||
cidr_blocks = ["0.0.0.0/0"]
|
|
||||||
from_port = 443
|
|
||||||
to_port = 443
|
|
||||||
protocol = "tcp"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
@ -1,34 +0,0 @@
|
|||||||
# Sigma is the system that sits between the internally hosted web services
|
|
||||||
# and the outside world it's job is basically to act as a router for
|
|
||||||
# outside incoming traffic and the web servers
|
|
||||||
|
|
||||||
variable "sigma_ssh_key_name" {}
|
|
||||||
variable "sigma_public_key_path" {}
|
|
||||||
|
|
||||||
variable "sigma_instance_type" {}
|
|
||||||
variable "sigma_ami_id" {}
|
|
||||||
|
|
||||||
resource "aws_key_pair" "sigma_ssh" {
|
|
||||||
key_name = var.sigma_ssh_key_name
|
|
||||||
public_key = file(var.sigma_public_key_path)
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "aws_instance" "sigma" {
|
|
||||||
ami = var.sigma_ami_id
|
|
||||||
instance_type = var.sigma_instance_type
|
|
||||||
|
|
||||||
key_name = var.sigma_ssh_key_name
|
|
||||||
|
|
||||||
private_ip = "10.0.2.11"
|
|
||||||
security_groups = [
|
|
||||||
aws_security_group.internal_ssh_recv.id,
|
|
||||||
aws_security_group.general_web_req.id,
|
|
||||||
]
|
|
||||||
|
|
||||||
subnet_id = aws_subnet.olympus_subnet.id
|
|
||||||
|
|
||||||
tags = {
|
|
||||||
Name = "Sigma Host"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
@ -1,5 +1,4 @@
|
|||||||
# This script represents the subnet structure for Crete(primary subnet)
|
# This script represents the subnet structure for Crete(primary subnet)
|
||||||
variable "olympus_cidr" {}
|
|
||||||
variable "crete_cidr" {}
|
variable "crete_cidr" {}
|
||||||
variable "athens_availability_zone" {}
|
variable "athens_availability_zone" {}
|
||||||
|
|
||||||
@ -15,14 +14,3 @@ resource "aws_subnet" "crete_subnet" {
|
|||||||
Name = "Crete Subnet - Internal"
|
Name = "Crete Subnet - Internal"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
# Olympus will be the subnet that contains any/all public facing services
|
|
||||||
resource "aws_subnet" "olympus_subnet" {
|
|
||||||
vpc_id = aws_vpc.athens_vpc.id
|
|
||||||
# 10.0.2.0/24
|
|
||||||
cidr_block = var.olympus_cidr
|
|
||||||
|
|
||||||
tags = {
|
|
||||||
Name = "Olympus Subnet - Public Facing"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
Loading…
Reference in New Issue
Block a user