Skip to content

Instantly share code, notes, and snippets.

@aaroncaito

aaroncaito/terraform.tf

Last active December 14, 2016 06:38
Show Gist options
  • Save aaroncaito/b924be2a7040065b93b6159eec5d0906 to your computer and use it in GitHub Desktop.
Save aaroncaito/b924be2a7040065b93b6159eec5d0906 to your computer and use it in GitHub Desktop.
Download ZIP
snippet for app stack for 1 environment for nayrb1523@reddit
Raw
terraform.tf
```
# DEMO TO SHOW RESOURCE RELATIONSHIPS
## NOT TO BE USED WITHOUT SIGNIFICANT CHANGES
- Complete resource requirements
- Don't use inline rules for security groups as you'll have circular dependencies
- Probably use a lot more variables with settings files per environment
- Make pod blocks and turn them into re-usable module
- Make vpc&zone as module as well
- Newer terraform handles lists better, better ways to do stuff
```
provider "aws" {}
resource "aws_vpc" "default" {}
#
# public zone
resource "aws_internet_gateway" "default" {
vpc_id = "${aws_vpc.default.id}"
}
resource "aws_route_table" "public" {
vpc_id = "${aws_vpc.default.id}"
}
resource "aws_route" "public_igw" {
route_table_id = "${aws_route_table.public.id}"
destination_cidr = "0.0.0.0/0"
gateway_id = "${aws_internet_gatway.default.id}"
}
resource "aws_subnet" "public" {
vpc_id = "${aws_vpc.default.id}"
count = "${length(compact(split(",", var.public_subnets)))}"
availability_zone = "${element(split(",", var.azs), count.index)}"
cidr_block = "${element(split(",", var.public_subnets), count.index)}"
}
resource "aws_route_table_association" "public" {
count = "${length(compact(split(",", var.public_subnets)))}"
subnet_id = "${element(aws_subnet.public.*.id, count.index)}"
route_table_id = "${aws_route_table.public.id}"
}
#
# private zone - defined as no route to igw
resource "aws_route_table" "private" {
vpc_id = "${aws_vpc.default.id}"
}
resource "aws_subnet" "private" {
vpc_id = "${aws_vpc.default.id}"
count = "${length(compact(split(",", var.private_subnets)))}"
availability_zone = "${element(split(",", var.azs), count.index)}"
cidr_block = "${element(split(",", var.private_subnets), count.index)}"
}
resource "aws_route_table_association" "private" {
count = "${length(compact(split(",", var.private_subnets)))}"
subnet_id = "${element(aws_subnet.private.*.id, count.index)}"
route_table_id = "${aws_route_table.private.id}"
}
#
# stack generic resources - good place to put common iam policies etc
resource "aws_security_group" "default" {}
resource "aws_iam_policy" "default" {}
#
# pod:web
data "template_file" "web" {}
resource "aws_iam_role" "web" {assume_role_policy}
resource "aws_iam_instance_profile" "web" { roles = ["${aws_iam_role.web.name}"] }
resource "aws_security_group" "web_elb" {
ingress {
cidr_blocks = ["${var.cidr_allowed_public_ingress}"] # in prod likely ["0.0.0.0/0"], in dev limit to trusted
}
}
resource "aws_elb" "web" {
internal = "false"
subnets = ["${aws_subnet.public.id.*.id}"]
security_groups = ["${aws_security_group.web_elb.id}"]
}
resource "aws_security_group" "web" {
ingress {
security_groups = ["${aws_security_group.web_elb.id}"]
}
egress {
security_groups = ["${aws_security_group.app.id}"]
}
egress {
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "aws_launch_configuration" "web" {
iam_instance_profile = "${aws_iam_instance_profile.web.id}"
user_data = "${data.template_file.web.rendered}"
security_groups = [
"${aws_security_group.default.id}",
"${aws_security_group.web.id}"
]
}
resource "aws_autoscale_group" "web" {
availability_zone = "${element(split(",", var.azs), count.index)}"
launch_configuration = "${aws_launch_configuration.web.name}"
vpc_zone_identifier = ["${aws_subnet.public.id.*.id}"]
load_balancers = ["${aws_elb.web.id}"]
}
resource "aws_route53_record" "web" {
records = ["${aws_elb.web.name}"]
}
#
# pod:app
data "template_file" "app" {}
resource "aws_iam_role" "app" {assume_role_policy}
resource "aws_iam_instance_profile" "app" { roles = ["${aws_iam_role.app.name}"] }
resource "aws_security_group" "app_elb" {
ingress {
security_groups = ["${aws_security_group.app.id}"]
}
}
resource "aws_elb" "app" {
internal = "false"
subnets = ["${aws_subnet.public.id.*.id}"]
security_groups = ["${aws_security_group.app_elb.id}"]
}
resource "aws_security_group" "app" {
egress {
security_groups = [
"${aws_security_group.web.id}",
"${aws_security_groups.db.id}"
]
}
}
resource "aws_launch_configuration" "app" {
iam_instance_profile = "${aws_iam_instance_profile.app.id}"
user_data = "${data.template_file.app.rendered}"
security_groups = [
"${aws_security_group.default.id}",
"${aws_security_group.app.id}"
]
}
resource "aws_autoscale_group" "app" {
availability_zone = "${element(split(",", var.azs), count.index)}"
launch_configuration = "${aws_launch_configuration.app.name}"
vpc_zone_identifier = ["${aws_subnet.private.id.*.id}"]
load_balancers = ["${aws_elb.app.id}"]
}
#
# pod:db
data "template_file" "db" {}
resource "aws_iam_role" "db" {assume_role_policy}
resource "aws_iam_instance_profile" "db" { roles = ["${aws_iam_role.db.name}"] }
resource "aws_security_group" "db" {
ingress {
security_groups = ["${aws_security_group.app.id}"]
}
egress {
security_groups = ["${aws_security_group.app.id}"]
}
}
resource "aws_launch_configuration" "db" {
iam_instance_profile = "${aws_iam_instance_profile.db.id}"
user_data = "${data.template_file.db.rendered}"
security_groups = [
"${aws_security_group.default.id}",
"${aws_security_group.db.id}"
]
}
resource "aws_autoscale_group" "db" {
availability_zone = "${element(split(",", var.azs), count.index)}"
launch_configuration = "${aws_launch_configuration.db.name}"
vpc_zone_identifier = ["${aws_subnet.private.id.*.id}"]
load_balancers = ["${aws_elb.db.id}"]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment