brandonros · September 24, 2022 18:29
diff --git a/aws-ec2.tf b/aws-ec2.tf
 /*
 export AWS_ACCESS_KEY_ID="..."
 export AWS_SECRET_ACCESS_KEY="..."
 export AWS_DEFAULT_REGION="eu-central-1"
 export TF_VAR_public_key=$(ssh-keygen -y -f ../assets/ssh-private-key.pem)
 */

 terraform {
  required_providers {
    aws = {
      source = "hashicorp/aws"
      version = "4.31.0"
    }
  }
 }

 provider "aws" {

 }

 variable "public_key" {
    type = string
 }

 data "aws_vpc" "vpc" {
    default = true
 }

 data "aws_security_group" "default-security-group" {
    vpc_id = data.aws_vpc.vpc.id
    name = "default"
 }

 data "aws_subnet" "subnet" {
    vpc_id = data.aws_vpc.vpc.id
    availability_zone = "eu-central-1b"
 }

 resource "aws_key_pair" "key-pair" {
  key_name   = "foobar"
  public_key = var.public_key
 }

 resource "aws_security_group" "secondary-security-group" {
    name        = "secondary-security-group"
    description = "secondary-security-group"
    egress      = [
        {
            cidr_blocks      = [
                "0.0.0.0/0",
            ]
            description      = ""
            from_port        = 0
            ipv6_cidr_blocks = []
            prefix_list_ids  = []
            protocol         = "-1"
            security_groups  = []
            self             = false
            to_port          = 0
        },
    ]
    ingress     = [
        # allow tcp port 22 (ssh)
        {
            cidr_blocks      = [
                "0.0.0.0/0",
            ]
            description      = ""
            from_port        = 22
            ipv6_cidr_blocks = []
            prefix_list_ids  = []
            protocol         = "tcp"
            security_groups  = []
            self             = false
            to_port          = 22
        },
        # allow tcp port 443 (https)
        {
            cidr_blocks      = [
                "0.0.0.0/0",
            ]
            description      = ""
            from_port        = 443
            ipv6_cidr_blocks = []
            prefix_list_ids  = []
            protocol         = "tcp"
            security_groups  = []
            self             = false
            to_port          = 443
        },
        # allow tcp port 80 (http)
        {
            cidr_blocks      = [
                "0.0.0.0/0",
            ]
            description      = ""
            from_port        = 80
            ipv6_cidr_blocks = []
            prefix_list_ids  = []
            protocol         = "tcp"
            security_groups  = []
            self             = false
            to_port          = 80
        },
        # allow tcp port 3000 (api server?)
        {
            cidr_blocks      = [
                "0.0.0.0/0",
            ]
            description      = ""
            from_port        = 3000
            ipv6_cidr_blocks = []
            prefix_list_ids  = []
            protocol         = "tcp"
            security_groups  = []
            self             = false
            to_port          = 3000
        },
    ]
    tags        = {}
    tags_all    = {}
    vpc_id      = data.aws_vpc.vpc.id
    timeouts {}
 }

 data "aws_ami" "amazon-linux" {
  most_recent = true

  filter {
    name   = "name"
    values = ["amzn2-ami-kernel-*"]
  }

  filter {
    name   = "root-device-type"
    values = ["ebs"]
  }

  filter {
    name   = "architecture"
    values = ["x86_64"]
  }

  filter {
    name   = "virtualization-type"
    values = ["hvm"]
  }

  filter {
    name   = "block-device-mapping.volume-type"
    values = ["gp2"]
  }

  owners = ["amazon"]
 }

 // implies aws_network_interface + aws_volume_attachment + aws_ebs_volume + aws_network_interface_attachment
 resource "aws_instance" "ec2-instance" {
    ami                                  = data.aws_ami.amazon-linux.id
    associate_public_ip_address          = true
    availability_zone                    = data.aws_subnet.subnet.availability_zone
    disable_api_stop                     = false
    disable_api_termination              = false
    ebs_optimized                        = false
    get_password_data                    = false
    hibernation                          = false
    instance_initiated_shutdown_behavior = "stop"
    instance_type                        = "t2.micro"
    ipv6_addresses                       = []
    key_name                             = aws_key_pair.key-pair.key_name
    monitoring                           = false
    secondary_private_ips                = []
    source_dest_check                    = true
    subnet_id                            = data.aws_subnet.subnet.id
    tags                                 = {
        "Name" = "foobar"
    }
    tags_all                             = {
        "Name" = "foobar"
    }
    tenancy                              = "default"
    vpc_security_group_ids               = [
        data.aws_security_group.default-security-group.id,
        aws_security_group.secondary-security-group.id
    ]

    capacity_reservation_specification {
        capacity_reservation_preference = "open"
    }

    credit_specification {
        cpu_credits = "standard"
    }

    enclave_options {
        enabled = false
    }

    maintenance_options {
        auto_recovery = "default"
    }

    metadata_options {
        http_endpoint               = "enabled"
        http_put_response_hop_limit = 1
        http_tokens                 = "optional"
        instance_metadata_tags      = "disabled"
    }

    private_dns_name_options {
        enable_resource_name_dns_a_record    = true
        enable_resource_name_dns_aaaa_record = false
        hostname_type                        = "ip-name"
    }

    root_block_device {
        delete_on_termination = true
        encrypted             = false
        tags                  = {}
        volume_size           = 30
        volume_type           = "gp2"
    }

    timeouts {}
 }

 output "instance_hostname" {
    value = aws_instance.ec2-instance.public_dns
 }
	/*
	export AWS_ACCESS_KEY_ID="..."
	export AWS_SECRET_ACCESS_KEY="..."
	export AWS_DEFAULT_REGION="eu-central-1"
	export TF_VAR_public_key=$(ssh-keygen -y -f ../assets/ssh-private-key.pem)
	*/

	terraform {
	required_providers {
	aws = {
	source = "hashicorp/aws"
	version = "4.31.0"
	}
	}
	}

	provider "aws" {

	}

	variable "public_key" {
	type = string
	}

	data "aws_vpc" "vpc" {
	default = true
	}

	data "aws_security_group" "default-security-group" {
	vpc_id = data.aws_vpc.vpc.id
	name = "default"
	}

	data "aws_subnet" "subnet" {
	vpc_id = data.aws_vpc.vpc.id
	availability_zone = "eu-central-1b"
	}

	resource "aws_key_pair" "key-pair" {
	key_name = "foobar"
	public_key = var.public_key
	}

	resource "aws_security_group" "secondary-security-group" {
	name = "secondary-security-group"
	description = "secondary-security-group"
	egress = [
	{
	cidr_blocks = [
	"0.0.0.0/0",
	]
	description = ""
	from_port = 0
	ipv6_cidr_blocks = []
	prefix_list_ids = []
	protocol = "-1"
	security_groups = []
	self = false
	to_port = 0
	},
	]
	ingress = [
	# allow tcp port 22 (ssh)
	{
	cidr_blocks = [
	"0.0.0.0/0",
	]
	description = ""
	from_port = 22
	ipv6_cidr_blocks = []
	prefix_list_ids = []
	protocol = "tcp"
	security_groups = []
	self = false
	to_port = 22
	},
	# allow tcp port 443 (https)
	{
	cidr_blocks = [
	"0.0.0.0/0",
	]
	description = ""
	from_port = 443
	ipv6_cidr_blocks = []
	prefix_list_ids = []
	protocol = "tcp"
	security_groups = []
	self = false
	to_port = 443
	},
	# allow tcp port 80 (http)
	{
	cidr_blocks = [
	"0.0.0.0/0",
	]
	description = ""
	from_port = 80
	ipv6_cidr_blocks = []
	prefix_list_ids = []
	protocol = "tcp"
	security_groups = []
	self = false
	to_port = 80
	},
	# allow tcp port 3000 (api server?)
	{
	cidr_blocks = [
	"0.0.0.0/0",
	]
	description = ""
	from_port = 3000
	ipv6_cidr_blocks = []
	prefix_list_ids = []
	protocol = "tcp"
	security_groups = []
	self = false
	to_port = 3000
	},
	]
	tags = {}
	tags_all = {}
	vpc_id = data.aws_vpc.vpc.id
	timeouts {}
	}

	data "aws_ami" "amazon-linux" {
	most_recent = true

	filter {
	name = "name"
	values = ["amzn2-ami-kernel-*"]
	}

	filter {
	name = "root-device-type"
	values = ["ebs"]
	}

	filter {
	name = "architecture"
	values = ["x86_64"]
	}

	filter {
	name = "virtualization-type"
	values = ["hvm"]
	}

	filter {
	name = "block-device-mapping.volume-type"
	values = ["gp2"]
	}

	owners = ["amazon"]
	}

	// implies aws_network_interface + aws_volume_attachment + aws_ebs_volume + aws_network_interface_attachment
	resource "aws_instance" "ec2-instance" {
	ami = data.aws_ami.amazon-linux.id
	associate_public_ip_address = true
	availability_zone = data.aws_subnet.subnet.availability_zone
	disable_api_stop = false
	disable_api_termination = false
	ebs_optimized = false
	get_password_data = false
	hibernation = false
	instance_initiated_shutdown_behavior = "stop"
	instance_type = "t2.micro"
	ipv6_addresses = []
	key_name = aws_key_pair.key-pair.key_name
	monitoring = false
	secondary_private_ips = []
	source_dest_check = true
	subnet_id = data.aws_subnet.subnet.id
	tags = {
	"Name" = "foobar"
	}
	tags_all = {
	"Name" = "foobar"
	}
	tenancy = "default"
	vpc_security_group_ids = [
	data.aws_security_group.default-security-group.id,
	aws_security_group.secondary-security-group.id
	]

	capacity_reservation_specification {
	capacity_reservation_preference = "open"
	}

	credit_specification {
	cpu_credits = "standard"
	}

	enclave_options {
	enabled = false
	}

	maintenance_options {
	auto_recovery = "default"
	}

	metadata_options {
	http_endpoint = "enabled"
	http_put_response_hop_limit = 1
	http_tokens = "optional"
	instance_metadata_tags = "disabled"
	}

	private_dns_name_options {
	enable_resource_name_dns_a_record = true
	enable_resource_name_dns_aaaa_record = false
	hostname_type = "ip-name"
	}

	root_block_device {
	delete_on_termination = true
	encrypted = false
	tags = {}
	volume_size = 30
	volume_type = "gp2"
	}

	timeouts {}
	}

	output "instance_hostname" {
	value = aws_instance.ec2-instance.public_dns
	}