apsYF50b

· 6 years ago · Apr 21, 2019, 08:06 AM
1provider "aws" {
2  access_key = "<REDACTED>"
3  secret_key = "<REDACTED>"
4  region     = "us-east-1"
5}
6
7resource "aws_vpc" "vpc-demo" {
8  cidr_block           = "10.0.0.0/24"
9  enable_dns_hostnames = true
10  enable_dns_support   = true
11  instance_tenancy     = "default"
12
13  tags {
14    "Name"     = "vpc-demo"
15    "ambiente" = "demo"
16  }
17}
18
19# Internet Gateway            
20resource "aws_internet_gateway" "ig-demo" {
21  vpc_id = "${aws_vpc.vpc-demo.id}"
22
23  tags {
24    "Name"     = "demo"
25    "ambiente" = "demo"
26  }
27}
28
29# Route Table                 
30resource "aws_route_table" "rt-demo" {
31  vpc_id = "${aws_vpc.vpc-demo.id}"
32
33  route {
34    cidr_block = "0.0.0.0/0"
35    gateway_id = "${aws_internet_gateway.ig-demo.id}"
36  }
37
38  tags {
39    "Name"     = "rt-demo"
40    "ambiente" = "demo"
41  }
42}
43
44resource "aws_main_route_table_association" "rtma-demo" {
45  vpc_id         = "${aws_vpc.vpc-demo.id}"
46  route_table_id = "${aws_route_table.rt-demo.id}"
47}
48
49# Configura o default security group da vpc para bloquear todo trafego egress
50resource "aws_default_security_group" "default" {
51  vpc_id = "${aws_vpc.vpc-demo.id}"
52
53  ingress {
54    from_port   = -1
55    to_port     = -1
56    protocol    = "icmp"
57    cidr_blocks = ["0.0.0.0/0"]
58    description = "acesso icmp ping"
59  }
60
61  egress {
62    from_port   = 0
63    to_port     = 0
64    protocol    = "-1"
65    cidr_blocks = ["0.0.0.0/0"]
66    description = "all"
67  }
68
69  tags {
70    "Name"     = "vpc-default"
71    "ambiente" = "demo"
72  }
73}
74
75resource "aws_subnet" "subnet-demo" {
76  vpc_id                  = "${aws_vpc.vpc-demo.id}"
77  cidr_block              = "10.0.0.0/24"
78  availability_zone       = "us-east-1c"
79  map_public_ip_on_launch = false
80
81  tags {
82    "Name"     = "sn-demo"
83    "ambiente" = "demo"
84  }
85}
86
87resource "aws_security_group" "sg-demo" {
88  name        = "demo"
89  description = "demo-web-ssh-icmp"
90  vpc_id      = "${aws_vpc.vpc-demo.id}"
91
92  tags {
93    "Name"     = "sg-demo"
94    "ambiente" = "demo"
95  }
96
97  ingress {
98    from_port   = 80
99    to_port     = 80
100    protocol    = "tcp"
101    cidr_blocks = ["0.0.0.0/0"]
102    description = "acesso http porta 80"
103  }
104
105  ingress {
106    from_port   = 22
107    to_port     = 22
108    protocol    = "tcp"
109    cidr_blocks = ["0.0.0.0/0"]
110    description = "acesso ssh porta 22"
111  }
112
113  ingress {
114    from_port   = -1
115    to_port     = -1
116    protocol    = "icmp"
117    cidr_blocks = ["0.0.0.0/0"]
118    description = "acesso icmp ping"
119  }
120
121  egress {
122    from_port   = 0
123    to_port     = 0
124    protocol    = "-1"
125    cidr_blocks = ["0.0.0.0/0"]
126    description = "all"
127  }
128}
129
130resource "aws_instance" "web-demo" {
131  ami               = "ami-0a313d6098716f372"
132  availability_zone = "us-east-1c"
133  ebs_optimized     = false
134  instance_type     = "t2.micro"
135  monitoring        = false
136  key_name          = "terraform-user"
137  subnet_id         = "${aws_subnet.subnet-demo.id}"
138
139  vpc_security_group_ids = ["${aws_security_group.sg-demo.id}"]
140
141  associate_public_ip_address = true
142
143  private_ip        = "10.0.0.156"
144  source_dest_check = true
145  count             = "1"
146
147  root_block_device {
148    volume_type           = "gp2"
149    volume_size           = 10
150    delete_on_termination = true
151  }
152
153  #user_data = "${file("install.sh")}"
154  #user_data = "${file("${path.module}/install.sh")}"
155  user_data = "sudo touch /var/log/oi.txt"
156  #user_data_base64 =  "${base64encode(file("${path.module}/install.sh"))}"
157
158  tags {
159    "ambiente" = "demo"
160    "Name"     = "web-demo-${count.index}"
161  }
162}