1syo · June 16, 2016 09:40
diff --git a/awf.tf b/awf.tf
 provider "aws" {}

 #
 # VPC
 #
 resource "aws_vpc" "vpc" {
  cidr_block = "10.10.0.0/16"
  instance_tenancy = "default"
  enable_dns_hostnames = true

  tags {
    Name = "vpc"
  }
 }

 resource "aws_internet_gateway" "gateway" {
  vpc_id = "${aws_vpc.vpc.id}"

  tags {
    Name = "gateway"
  }
 }

 resource "aws_route_table" "route_table" {
  vpc_id = "${aws_vpc.vpc.id}"

  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = "${aws_internet_gateway.gateway.id}"
  }

  tags {
    Name = "route_table"
  }
 }

 resource "aws_subnet" "public_subnet" {
  vpc_id = "${aws_vpc.vpc.id}"
  cidr_block = "10.10.1.0/24"
  availability_zone = "ap-northeast-1a"
  map_public_ip_on_launch = true

  tags {
    Name = "public_subnet"
  }
 }

 resource "aws_route_table_association" "route_table_association" {
  subnet_id = "${aws_subnet.public_subnet.id}"
  route_table_id = "${aws_route_table.route_table.id}"
 }


 #
 # ネットワークACL
 #

 #
 # プロダクション向けネットワークACL
 #
 resource "aws_network_acl" "public_network_acl" {
  vpc_id = "${aws_vpc.vpc.id}"
  subnet_ids = [
    "${aws_subnet.public_subnet.id}"
  ]

  ingress {
    rule_no = 100
    protocol = "tcp"
    action = "allow"
    from_port = 80
    to_port = 80
    cidr_block = "0.0.0.0/0"
  }

  ingress {
    rule_no = 110
    protocol = "tcp"
    action = "allow"
    from_port = 443
    to_port = 443
    cidr_block = "0.0.0.0/0"
  }

  ingress {
    rule_no = 120
    protocol = "tcp"
    action = "allow"
    from_port = 22
    to_port = 22
    cidr_block = "0.0.0.0/0"
  }

  ingress {
    rule_no = 130
    protocol = "tcp"
    action = "allow"
    from_port = 1024
    to_port = 65535
    cidr_block = "0.0.0.0/0"
  }

  egress {
    rule_no = 100
    protocol = "-1"
    action = "allow"
    from_port = 0
    to_port = 0
    cidr_block = "0.0.0.0/0"
  }

  tags {
    Name = "public_network_acl"
  }
 }


 #
 # セキュリティグループ
 #

 resource "aws_security_group" "security_group_elb" {
  vpc_id = "${aws_vpc.vpc.id}"
  name = "security_group_elb"
  description = "security_group_elb"

  ingress {
    from_port = 80
    to_port = 80
    protocol = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    from_port = 443
    to_port = 443
    protocol = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port = 0
    to_port = 0
    protocol = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }

  tags {
    Name = "security_group_elb"
  }
 }

 resource "aws_security_group" "security_group_ec2" {
  vpc_id = "${aws_vpc.vpc.id}"
  name = "security_group_ec2"
  description = "security_group_ec2"

  ingress {
    from_port = 22
    to_port = 22
    protocol = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    from_port = 80
    to_port = 80
    protocol = "tcp"
    security_groups = [
      "${aws_security_group.security_group_elb.id}"
    ]
  }

  ingress {
    from_port = 443
    to_port = 443
    protocol = "tcp"
    security_groups = [
      "${aws_security_group.security_group_elb.id}"
    ]
  }

  egress {
    from_port = 0
    to_port = 0
    protocol = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }

  tags {
    Name = "security_group_ec2"
  }
 }

 #
 # EC2インスタンス
 #
 resource "aws_instance" "ec2" {
  ami = "ami-a21529cc"
  instance_type = "t2.micro"
  key_name = "AWS_Book_Key"
  availability_zone = "ap-northeast-1a"
  subnet_id = "${aws_subnet.public_subnet.id}"
  disable_api_termination = true
  vpc_security_group_ids = [
    "${aws_security_group.security_group_ec2.id}"
  ]
  root_block_device {
    volume_type = "gp2"
    volume_size = 20
  }
  tags {
    Name = "sandbox"
  }
 }

 #
 # ELB
 #
 resource "aws_elb" "elb" {
  name = "elb"
  security_groups = [
    "${aws_security_group.security_group_elb.id}"
  ]
  subnets = [
    "${aws_subnet.public_subnet.id}"
  ]

  listener {
    instance_port = 80
    instance_protocol = "http"
    lb_port = 80
    lb_protocol = "http"
  }

  health_check {
    healthy_threshold = 10
    unhealthy_threshold = 2
    timeout = 5
    target = "HTTP:80/"
    interval = 6
  }

  instances = [
    "${aws_instance.ec2.id}"
  ]

  idle_timeout = 400
  connection_draining = true
  connection_draining_timeout = 400

  tags {
    Name = "elb"
  }
 }


 #
 # cloudfront
 #
 resource "aws_cloudfront_distribution" "cloudfront_distribution" {
  #
  # Distribution
  #
  price_class = "PriceClass_All"
  # web_acl_id = "None"
  aliases = ["sandbox.1syo.net", "test.1syo.net"]
  viewer_certificate {
    cloudfront_default_certificate = true
  }
  default_root_object = "index.html"
  #logging_config {
  #}
  comment = "Some comment"
  enabled = true

  #
  # Origings
  #
  origin {
    domain_name = "${aws_elb.elb.dns_name}"
    #origing_path = ""
    origin_id = "elb"

    custom_origin_config {
      origin_ssl_protocols = ["TLSv1", "TLSv1.1", "TLSv1.2"]
      origin_protocol_policy = "match-viewer"
      http_port = 80
      https_port = 443
    }
  }

  #
  # Behavior
  #
  default_cache_behavior {
    # origin_path = "*"
    target_origin_id = "elb"
    viewer_protocol_policy = "allow-all"
    allowed_methods  = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
    cached_methods   = ["GET", "HEAD"]

    forwarded_values {
      headers = ["*"]
      cookies {
        forward = "all"
      }
      query_string = true
    }

    min_ttl = 0
    default_ttl = 0
    max_ttl = 0
  }

  cache_behavior {
    path_pattern = "/assets/*"
    target_origin_id = "elb"
    viewer_protocol_policy = "allow-all"
    allowed_methods = ["GET", "HEAD"]
    cached_methods = ["GET", "HEAD"]

    forwarded_values {
      headers = ["Host", "Authorization"]
      cookies {
        forward = "none"
      }
      query_string = true
    }

    min_ttl = 0
    max_ttl = 31536000
    default_ttl = 86400
  }

  #
  # Error Response
  #
  custom_error_response {
    error_code = 400
    # response_page_path =
    error_caching_min_ttl = 0
  }

  custom_error_response {
    error_code = 403
    # response_page_path =
    error_caching_min_ttl = 0
  }

  custom_error_response {
    error_code = 404
    # response_page_path =
    error_caching_min_ttl = 0
  }

  custom_error_response {
    error_code = 405
    # response_page_path =
    error_caching_min_ttl = 0
  }

  custom_error_response {
    error_code = 414
    # response_page_path =
    error_caching_min_ttl = 0
  }

  custom_error_response {
    error_code = 416
    # response_page_path =
    error_caching_min_ttl = 0
  }

  custom_error_response {
    error_code = 500
    # response_page_path =
    error_caching_min_ttl = 0
  }

  custom_error_response {
    error_code = 501
    # response_page_path =
    error_caching_min_ttl = 0
  }

  custom_error_response {
    error_code = 502
    # response_page_path =
    error_caching_min_ttl = 0
  }

  custom_error_response {
    error_code = 503
    # response_page_path =
    error_caching_min_ttl = 0
  }

  custom_error_response {
    error_code = 504
    # response_page_path =
    error_caching_min_ttl = 0
  }

  #
  # Restriction
  #
  restrictions {
    geo_restriction {
      restriction_type = "whitelist"
      locations = ["JP"]
    }
  }
 }
	provider "aws" {}

	#
	# VPC
	#
	resource "aws_vpc" "vpc" {
	cidr_block = "10.10.0.0/16"
	instance_tenancy = "default"
	enable_dns_hostnames = true

	tags {
	Name = "vpc"
	}
	}

	resource "aws_internet_gateway" "gateway" {
	vpc_id = "${aws_vpc.vpc.id}"

	tags {
	Name = "gateway"
	}
	}

	resource "aws_route_table" "route_table" {
	vpc_id = "${aws_vpc.vpc.id}"

	route {
	cidr_block = "0.0.0.0/0"
	gateway_id = "${aws_internet_gateway.gateway.id}"
	}

	tags {
	Name = "route_table"
	}
	}

	resource "aws_subnet" "public_subnet" {
	vpc_id = "${aws_vpc.vpc.id}"
	cidr_block = "10.10.1.0/24"
	availability_zone = "ap-northeast-1a"
	map_public_ip_on_launch = true

	tags {
	Name = "public_subnet"
	}
	}

	resource "aws_route_table_association" "route_table_association" {
	subnet_id = "${aws_subnet.public_subnet.id}"
	route_table_id = "${aws_route_table.route_table.id}"
	}


	#
	# ネットワークACL
	#

	#
	# プロダクション向けネットワークACL
	#
	resource "aws_network_acl" "public_network_acl" {
	vpc_id = "${aws_vpc.vpc.id}"
	subnet_ids = [
	"${aws_subnet.public_subnet.id}"
	]

	ingress {
	rule_no = 100
	protocol = "tcp"
	action = "allow"
	from_port = 80
	to_port = 80
	cidr_block = "0.0.0.0/0"
	}

	ingress {
	rule_no = 110
	protocol = "tcp"
	action = "allow"
	from_port = 443
	to_port = 443
	cidr_block = "0.0.0.0/0"
	}

	ingress {
	rule_no = 120
	protocol = "tcp"
	action = "allow"
	from_port = 22
	to_port = 22
	cidr_block = "0.0.0.0/0"
	}

	ingress {
	rule_no = 130
	protocol = "tcp"
	action = "allow"
	from_port = 1024
	to_port = 65535
	cidr_block = "0.0.0.0/0"
	}

	egress {
	rule_no = 100
	protocol = "-1"
	action = "allow"
	from_port = 0
	to_port = 0
	cidr_block = "0.0.0.0/0"
	}

	tags {
	Name = "public_network_acl"
	}
	}


	#
	# セキュリティグループ
	#

	resource "aws_security_group" "security_group_elb" {
	vpc_id = "${aws_vpc.vpc.id}"
	name = "security_group_elb"
	description = "security_group_elb"

	ingress {
	from_port = 80
	to_port = 80
	protocol = "tcp"
	cidr_blocks = ["0.0.0.0/0"]
	}

	ingress {
	from_port = 443
	to_port = 443
	protocol = "tcp"
	cidr_blocks = ["0.0.0.0/0"]
	}

	egress {
	from_port = 0
	to_port = 0
	protocol = "-1"
	cidr_blocks = ["0.0.0.0/0"]
	}

	tags {
	Name = "security_group_elb"
	}
	}

	resource "aws_security_group" "security_group_ec2" {
	vpc_id = "${aws_vpc.vpc.id}"
	name = "security_group_ec2"
	description = "security_group_ec2"

	ingress {
	from_port = 22
	to_port = 22
	protocol = "tcp"
	cidr_blocks = ["0.0.0.0/0"]
	}

	ingress {
	from_port = 80
	to_port = 80
	protocol = "tcp"
	security_groups = [
	"${aws_security_group.security_group_elb.id}"
	]
	}

	ingress {
	from_port = 443
	to_port = 443
	protocol = "tcp"
	security_groups = [
	"${aws_security_group.security_group_elb.id}"
	]
	}

	egress {
	from_port = 0
	to_port = 0
	protocol = "-1"
	cidr_blocks = ["0.0.0.0/0"]
	}

	tags {
	Name = "security_group_ec2"
	}
	}

	#
	# EC2インスタンス
	#
	resource "aws_instance" "ec2" {
	ami = "ami-a21529cc"
	instance_type = "t2.micro"
	key_name = "AWS_Book_Key"
	availability_zone = "ap-northeast-1a"
	subnet_id = "${aws_subnet.public_subnet.id}"
	disable_api_termination = true
	vpc_security_group_ids = [
	"${aws_security_group.security_group_ec2.id}"
	]
	root_block_device {
	volume_type = "gp2"
	volume_size = 20
	}
	tags {
	Name = "sandbox"
	}
	}

	#
	# ELB
	#
	resource "aws_elb" "elb" {
	name = "elb"
	security_groups = [
	"${aws_security_group.security_group_elb.id}"
	]
	subnets = [
	"${aws_subnet.public_subnet.id}"
	]

	listener {
	instance_port = 80
	instance_protocol = "http"
	lb_port = 80
	lb_protocol = "http"
	}

	health_check {
	healthy_threshold = 10
	unhealthy_threshold = 2
	timeout = 5
	target = "HTTP:80/"
	interval = 6
	}

	instances = [
	"${aws_instance.ec2.id}"
	]

	idle_timeout = 400
	connection_draining = true
	connection_draining_timeout = 400

	tags {
	Name = "elb"
	}
	}


	#
	# cloudfront
	#
	resource "aws_cloudfront_distribution" "cloudfront_distribution" {
	#
	# Distribution
	#
	price_class = "PriceClass_All"
	# web_acl_id = "None"
	aliases = ["sandbox.1syo.net", "test.1syo.net"]
	viewer_certificate {
	cloudfront_default_certificate = true
	}
	default_root_object = "index.html"
	#logging_config {
	#}
	comment = "Some comment"
	enabled = true

	#
	# Origings
	#
	origin {
	domain_name = "${aws_elb.elb.dns_name}"
	#origing_path = ""
	origin_id = "elb"

	custom_origin_config {
	origin_ssl_protocols = ["TLSv1", "TLSv1.1", "TLSv1.2"]
	origin_protocol_policy = "match-viewer"
	http_port = 80
	https_port = 443
	}
	}

	#
	# Behavior
	#
	default_cache_behavior {
	# origin_path = "*"
	target_origin_id = "elb"
	viewer_protocol_policy = "allow-all"
	allowed_methods = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
	cached_methods = ["GET", "HEAD"]

	forwarded_values {
	headers = ["*"]
	cookies {
	forward = "all"
	}
	query_string = true
	}

	min_ttl = 0
	default_ttl = 0
	max_ttl = 0
	}

	cache_behavior {
	path_pattern = "/assets/*"
	target_origin_id = "elb"
	viewer_protocol_policy = "allow-all"
	allowed_methods = ["GET", "HEAD"]
	cached_methods = ["GET", "HEAD"]

	forwarded_values {
	headers = ["Host", "Authorization"]
	cookies {
	forward = "none"
	}
	query_string = true
	}

	min_ttl = 0
	max_ttl = 31536000
	default_ttl = 86400
	}

	#
	# Error Response
	#
	custom_error_response {
	error_code = 400
	# response_page_path =
	error_caching_min_ttl = 0
	}

	custom_error_response {
	error_code = 403
	# response_page_path =
	error_caching_min_ttl = 0
	}

	custom_error_response {
	error_code = 404
	# response_page_path =
	error_caching_min_ttl = 0
	}

	custom_error_response {
	error_code = 405
	# response_page_path =
	error_caching_min_ttl = 0
	}

	custom_error_response {
	error_code = 414
	# response_page_path =
	error_caching_min_ttl = 0
	}

	custom_error_response {
	error_code = 416
	# response_page_path =
	error_caching_min_ttl = 0
	}

	custom_error_response {
	error_code = 500
	# response_page_path =
	error_caching_min_ttl = 0
	}

	custom_error_response {
	error_code = 501
	# response_page_path =
	error_caching_min_ttl = 0
	}

	custom_error_response {
	error_code = 502
	# response_page_path =
	error_caching_min_ttl = 0
	}

	custom_error_response {
	error_code = 503
	# response_page_path =
	error_caching_min_ttl = 0
	}

	custom_error_response {
	error_code = 504
	# response_page_path =
	error_caching_min_ttl = 0
	}

	#
	# Restriction
	#
	restrictions {
	geo_restriction {
	restriction_type = "whitelist"
	locations = ["JP"]
	}
	}
	}