jpsecher · February 20, 2016 18:54
diff --git a/mywebapp.tf b/mywebapp.tf
 variable "aws_key_name" {
  description = "Name of the SSH keypair to use in AWS."
 }

 variable "safe_ips" {
  description = "Comma-separated string of CIDR blocks for trusted IPs."
 }

 variable "pem_file" {
  description = "Local SSH key that matches AWS key."
 }

 variable "aws_region" {
  description = "AWS region to launch servers."
  default = "eu-west-1"
 }

 variable "aws_amis" {
  description = "dockerhost AMI for each region."
  default = {
    # TODO: how do we automatically update the AMI id?
    "eu-west-1" = "ami-f763d584"
  }
 }

 provider "aws" {
  profile = "mycompany"
  region = "${var.aws_region}"
 }

 resource "aws_security_group" "dockerctrl" {
  name = "http_open-ssh_docker_safe"
  description = "SSH & Docker & HTTP from anywhere"
  # SSH access from safe IPs.
  ingress {
    from_port = 22
    to_port = 22
    protocol = "tcp"
    cidr_blocks = ["${split(",", var.safe_ips)}"]
  }
  # Docker Daemon Remote access from safe IPs.
  ingress {
    from_port = 2375
    to_port = 2375
    protocol = "tcp"
    cidr_blocks = ["${split(",", var.safe_ips)}"]
  }
  # HTTP access from anywhere.
  ingress {
    from_port = 80
    to_port = 80
    protocol = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
  # Outbound internet access.
  egress {
    from_port = 0
    to_port = 0
    protocol = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
 }

 resource "aws_instance" "dockerhost" {
  ami = "${lookup(var.aws_amis, var.aws_region)}"
  instance_type = "t2.micro"
  security_groups = ["${aws_security_group.dockerctrl.name}"]
  key_name = "${var.aws_key_name}"
  provisioner "file" {
    source = "../provision/open-remote-tcp-control-of-docker"
    destination = "/tmp/open-remote-tcp-control-of-docker"
    connection {
      user = "ubuntu"
      private_key = "${var.pem_file}"
    }
  }
  provisioner "remote-exec" {
    inline = [
        "sudo sh /tmp/open-remote-tcp-control-of-docker",
        "sudo restart docker"
    ]
    connection {
      user = "ubuntu"
      private_key = "${var.pem_file}"
    }
  }
  tags {
    Name = "mycompany"
  }
 }

 provider "docker" {
  host = "tcp://${aws_instance.dockerhost.ip}:2375/"
 }

 resource "docker_image" "mywebapp" {
  name = "mycompany/mywebapp"
 }

 resource "docker_container" "mywebapp" {
  name = "my-web-app"
  image = "${docker_image.mywebapp.latest}"
  ports {
    internal = 3000
    external = 80
  }
 }
	variable "aws_key_name" {
	description = "Name of the SSH keypair to use in AWS."
	}

	variable "safe_ips" {
	description = "Comma-separated string of CIDR blocks for trusted IPs."
	}

	variable "pem_file" {
	description = "Local SSH key that matches AWS key."
	}

	variable "aws_region" {
	description = "AWS region to launch servers."
	default = "eu-west-1"
	}

	variable "aws_amis" {
	description = "dockerhost AMI for each region."
	default = {
	# TODO: how do we automatically update the AMI id?
	"eu-west-1" = "ami-f763d584"
	}
	}

	provider "aws" {
	profile = "mycompany"
	region = "${var.aws_region}"
	}

	resource "aws_security_group" "dockerctrl" {
	name = "http_open-ssh_docker_safe"
	description = "SSH & Docker & HTTP from anywhere"
	# SSH access from safe IPs.
	ingress {
	from_port = 22
	to_port = 22
	protocol = "tcp"
	cidr_blocks = ["${split(",", var.safe_ips)}"]
	}
	# Docker Daemon Remote access from safe IPs.
	ingress {
	from_port = 2375
	to_port = 2375
	protocol = "tcp"
	cidr_blocks = ["${split(",", var.safe_ips)}"]
	}
	# HTTP access from anywhere.
	ingress {
	from_port = 80
	to_port = 80
	protocol = "tcp"
	cidr_blocks = ["0.0.0.0/0"]
	}
	# Outbound internet access.
	egress {
	from_port = 0
	to_port = 0
	protocol = "-1"
	cidr_blocks = ["0.0.0.0/0"]
	}
	}

	resource "aws_instance" "dockerhost" {
	ami = "${lookup(var.aws_amis, var.aws_region)}"
	instance_type = "t2.micro"
	security_groups = ["${aws_security_group.dockerctrl.name}"]
	key_name = "${var.aws_key_name}"
	provisioner "file" {
	source = "../provision/open-remote-tcp-control-of-docker"
	destination = "/tmp/open-remote-tcp-control-of-docker"
	connection {
	user = "ubuntu"
	private_key = "${var.pem_file}"
	}
	}
	provisioner "remote-exec" {
	inline = [
	"sudo sh /tmp/open-remote-tcp-control-of-docker",
	"sudo restart docker"
	]
	connection {
	user = "ubuntu"
	private_key = "${var.pem_file}"
	}
	}
	tags {
	Name = "mycompany"
	}
	}

	provider "docker" {
	host = "tcp://${aws_instance.dockerhost.ip}:2375/"
	}

	resource "docker_image" "mywebapp" {
	name = "mycompany/mywebapp"
	}

	resource "docker_container" "mywebapp" {
	name = "my-web-app"
	image = "${docker_image.mywebapp.latest}"
	ports {
	internal = 3000
	external = 80
	}
	}