Skip to content

Instantly share code, notes, and snippets.

@solarce

solarce/hcl2yaml.py

Last active August 29, 2015 14:15
Show Gist options
  • Save solarce/39d634fe5f6b3ae494c6 to your computer and use it in GitHub Desktop.
Save solarce/39d634fe5f6b3ae494c6 to your computer and use it in GitHub Desktop.
Download ZIP
Terraform template (HCL) to YAML in Python
Raw
hcl2yaml.py
#!/usr/bin/python
# need to pip install pyhcl pyyaml
import sys, yaml, hcl
filename = sys.argv[1]
print("Reading", filename)
with open(filename, 'r') as fp:
obj = hcl.load(fp)
print("Converting to yaml")
bar = yaml.safe_dump(obj,default_flow_style=False)
print(bar)
print("Done.")
Raw
hcl_example_run.sh
2143 ◯ : python hcl2yaml.py socorro.tf ⏎
Reading socorro.tf
{'provider': {'aws': {'region': '${var.region}', 'secret_key': '${var.secret_key}', 'access_key': '${var.access_key}'}}, 'resource': {'aws_elb': {'elb_for_webheads': {'security_grou
ps': ['${aws_security_group.internet_to_elb__http.id}'], 'availability_zones': ['${aws_instance.webheads.*.availability_zone}'], 'instances': ['${aws_instance.webheads.*.id}'], 'lis
tener': {'instance_port': 80, 'instance_protocol': 'http', 'lb_port': 80, 'lb_protocol': 'http'}, 'name': 'elb-for-webheads'}}, 'aws_instance': {'admin_host': {'security_groups': ['
${aws_security_group.internet_to_any__ssh.name}', '${aws_security_group.private_to_private__any.name}'], 'instance_type': 't2.micro', 'count': 1, 'key_name': '${lookup(var.ssh_key_n
ame, var.region)}', 'ami': '${lookup(var.base_ami, var.region)}'}}, 'aws_security_group': {'internet_to_snowflakes__http': {'description': 'Allow HTTP access to some oddball nodes.', 'ingress': {'protocol': 'tcp', 'from_port': 80, 'to_port': 80, 'cidr_blocks': ['0.0.0.0/0']}, 'name': 'internet_to_snowflakes__http'}}}}
Converting to yaml
provider:
aws:
access_key: ${var.access_key}
region: ${var.region}
secret_key: ${var.secret_key}
resource:
aws_elb:
elb_for_webheads:
availability_zones:
- ${aws_instance.webheads.*.availability_zone}
instances:
- ${aws_instance.webheads.*.id}
listener:
instance_port: 80
instance_protocol: http
lb_port: 80
lb_protocol: http
name: elb-for-webheads
security_groups:
- ${aws_security_group.internet_to_elb__http.id}
aws_instance:
admin_host:
ami: ${lookup(var.base_ami, var.region)}
count: 1
instance_type: t2.micro
key_name: ${lookup(var.ssh_key_name, var.region)}
security_groups:
- ${aws_security_group.internet_to_any__ssh.name}
- ${aws_security_group.private_to_private__any.name}
aws_security_group:
internet_to_snowflakes__http:
description: Allow HTTP access to some oddball nodes.
ingress:
cidr_blocks:
- 0.0.0.0/0
from_port: 80
protocol: tcp
to_port: 80
name: internet_to_snowflakes__http
Done.
Raw
socorro.tf
provider "aws" {
region = "${var.region}"
access_key = "${var.access_key}"
secret_key = "${var.secret_key}"
}
# This is potentially dangerous; may require review.
resource "aws_security_group" "private_to_private__any" {
name = "private_to_private__any"
description = "Allow all private traffic."
ingress {
from_port = 0
to_port = 65535
protocol = "tcp"
cidr_blocks = [
"172.0.0.0/16"
]
}
ingress {
from_port = 0
to_port = 65535
protocol = "udp"
cidr_blocks = [
"172.0.0.0/16"
]
}
ingress {
from_port = "-1"
to_port = "-1"
protocol = "icmp"
cidr_blocks = [
"172.0.0.0/16"
]
}
}
resource "aws_security_group" "internet_to_any__ssh" {
name = "internet_to_any__ssh"
description = "Allow (alt) SSH to any given node."
ingress {
from_port = "${var.alt_ssh_port}"
to_port = "${var.alt_ssh_port}"
protocol = "tcp"
cidr_blocks = [
"0.0.0.0/0"
]
}
}
resource "aws_security_group" "internet_to_elb__http" {
name = "internet_to_elb__http"
description = "Allow incoming traffic from Internet to HTTP(S) on ELBs."
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = [
"0.0.0.0/0"
]
}
ingress {
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = [
"0.0.0.0/0"
]
}
}
resource "aws_security_group" "elb_to_webheads__http" {
name = "elb_to_webheads__http"
description = "Allow HTTP(S) from ELBs to webheads."
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
security_groups = [
"${aws_security_group.internet_to_elb__http.id}"
]
}
ingress {
from_port = 443
to_port = 443
protocol = "tcp"
security_groups = [
"${aws_security_group.internet_to_elb__http.id}"
]
}
}
resource "aws_security_group" "internet_to_snowflakes__http" {
name = "internet_to_snowflakes__http"
description = "Allow HTTP access to some oddball nodes."
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = [
"0.0.0.0/0"
]
}
}
resource "aws_elb" "elb_for_collectors" {
name = "elb-for-collectors"
availability_zones = [
"${aws_instance.collectors.*.availability_zone}"
]
listener {
instance_port = 80
instance_protocol = "http"
lb_port = 80
lb_protocol = "http"
}
/* Requires SSLCertificateId
listener {
instance_port = 443
instance_protocol = "https"
lb_port = 443
lb_protocol = "https"
}
*/
# Sit in front of the collectors.
instances = [
"${aws_instance.collectors.*.id}"
]
security_groups = [
"${aws_security_group.internet_to_elb__http.id}"
]
}
resource "aws_elb" "elb_for_webheads" {
name = "elb-for-webheads"
availability_zones = [
"${aws_instance.webheads.*.availability_zone}"
]
listener {
instance_port = 80
instance_protocol = "http"
lb_port = 80
lb_protocol = "http"
}
/* Requires SSLCertificateId
listener {
instance_port = 443
instance_protocol = "https"
lb_port = 443
lb_protocol = "https"
}
*/
# Sit in front of the webheads.
instances = [
"${aws_instance.webheads.*.id}"
]
security_groups = [
"${aws_security_group.internet_to_elb__http.id}"
]
}
resource "aws_instance" "webheads" {
ami = "${lookup(var.base_ami, var.region)}"
instance_type = "t2.micro"
key_name = "${lookup(var.ssh_key_name, var.region)}"
count = 1
security_groups = [
"${aws_security_group.elb_to_webheads__http.name}",
"${aws_security_group.internet_to_any__ssh.name}",
"${aws_security_group.private_to_private__any.name}"
]
provisioner "remote-exec" {
connection {
user = "centos"
key_file = "${lookup(var.ssh_key_file, var.region)}"
port = "${var.alt_ssh_port}"
}
inline = [
"sudo sh -c 'echo web_server > /var/www/html/index.html'",
"sudo systemctl start httpd"
]
}
}
resource "aws_instance" "collectors" {
ami = "${lookup(var.base_ami, var.region)}"
instance_type = "t2.micro"
key_name = "${lookup(var.ssh_key_name, var.region)}"
count = 1
security_groups = [
"${aws_security_group.elb_to_webheads__http.name}",
"${aws_security_group.internet_to_any__ssh.name}",
"${aws_security_group.private_to_private__any.name}"
]
provisioner "remote-exec" {
connection {
user = "centos"
key_file = "${lookup(var.ssh_key_file, var.region)}"
port = "${var.alt_ssh_port}"
}
inline = [
"sudo sh -c 'echo collector > /var/www/html/index.html'",
"sudo systemctl start httpd"
]
}
}
resource "aws_instance" "processors" {
ami = "${lookup(var.base_ami, var.region)}"
instance_type = "t2.micro"
key_name = "${lookup(var.ssh_key_name, var.region)}"
count = 1
security_groups = [
"${aws_security_group.internet_to_any__ssh.name}",
"${aws_security_group.private_to_private__any.name}"
]
}
resource "aws_instance" "middleware" {
ami = "${lookup(var.base_ami, var.region)}"
instance_type = "t2.micro"
key_name = "${lookup(var.ssh_key_name, var.region)}"
count = 1
security_groups = [
"${aws_security_group.internet_to_any__ssh.name}",
"${aws_security_group.private_to_private__any.name}"
]
}
resource "aws_instance" "rabbitmq" {
ami = "${lookup(var.base_ami, var.region)}"
instance_type = "t2.micro"
key_name = "${lookup(var.ssh_key_name, var.region)}"
count = 1
security_groups = [
"${aws_security_group.internet_to_any__ssh.name}",
"${aws_security_group.private_to_private__any.name}"
]
}
resource "aws_instance" "elasticsearch" {
ami = "${lookup(var.base_ami, var.region)}"
instance_type = "t2.micro"
key_name = "${lookup(var.ssh_key_name, var.region)}"
count = 1
security_groups = [
"${aws_security_group.internet_to_any__ssh.name}",
"${aws_security_group.private_to_private__any.name}"
]
}
resource "aws_instance" "postgres" {
ami = "${lookup(var.base_ami, var.region)}"
instance_type = "t2.micro"
key_name = "${lookup(var.ssh_key_name, var.region)}"
count = 1
security_groups = [
"${aws_security_group.internet_to_any__ssh.name}",
"${aws_security_group.private_to_private__any.name}"
]
}
resource "aws_instance" "crash-analysis" {
ami = "${lookup(var.base_ami, var.region)}"
instance_type = "t2.micro"
key_name = "${lookup(var.ssh_key_name, var.region)}"
count = 1
security_groups = [
"${aws_security_group.internet_to_any__ssh.name}",
"${aws_security_group.internet_to_snowflakes__http.name}",
"${aws_security_group.private_to_private__any.name}"
]
}
resource "aws_instance" "symbolapi" {
ami = "${lookup(var.base_ami, var.region)}"
instance_type = "t2.micro"
key_name = "${lookup(var.ssh_key_name, var.region)}"
count = 1
security_groups = [
"${aws_security_group.internet_to_any__ssh.name}",
"${aws_security_group.internet_to_snowflakes__http.name}",
"${aws_security_group.private_to_private__any.name}"
]
}
resource "aws_instance" "admin_host" {
ami = "${lookup(var.base_ami, var.region)}"
instance_type = "t2.micro"
key_name = "${lookup(var.ssh_key_name, var.region)}"
count = 1
security_groups = [
"${aws_security_group.internet_to_any__ssh.name}",
"${aws_security_group.private_to_private__any.name}"
]
}
@phrawzty
Copy link

Oddly, this script (rev 9331932) fails to parse this TCF config:

$ wc -l main.tf
     295 main.tf
$ ./2yaml.py main.tf | wc -l
      43

@EntropyWorks
Copy link

I don't know HCL or Terraform but I think the resource lines should to be changed.

resource "aws_security_group" "private_to_private__any"

change the order to

resource  "private_to_private__any" "aws_security_group"

If you do that the output is closer in line numbers...

hcl2yaml.py socorro-fixed.tf | wc -l
     197

@EntropyWorks
Copy link 

--- socorro.tf  2015-02-24 16:11:55.000000000 -0800
+++ socorro-fixed.tf    2015-02-24 17:46:51.000000000 -0800
@@ -5,7 +5,7 @@
 }

 # This is potentially dangerous; may require review.
-resource "aws_security_group" "private_to_private__any" {
+resource "private_to_private__any" "aws_security_group" {
     name = "private_to_private__any"
     description = "Allow all private traffic."
     ingress {
@@ -34,7 +34,7 @@
     }
 }

-resource "aws_security_group" "internet_to_any__ssh" {
+resource "internet_to_any__ssh" "aws_security_group" {
     name = "internet_to_any__ssh"
     description = "Allow (alt) SSH to any given node."
     ingress {
@@ -45,7 +45,7 @@
     }
 }

-resource "aws_security_group" "internet_to_elb__http" {
+resource "internet_to_elb__http" "aws_security_group" {
     name = "internet_to_elb__http"
     description = "Allow incoming traffic from Internet to HTTP(S) on ELBs."
     ingress {
@@ -66,7 +66,7 @@
     }
 }

-resource "aws_security_group" "elb_to_webheads__http" {
+resource "elb_to_webheads__http" "aws_security_group" {
     name = "elb_to_webheads__http"
     description = "Allow HTTP(S) from ELBs to webheads."
     ingress {
@@ -87,7 +87,7 @@
     }
 }

-resource "aws_security_group" "internet_to_snowflakes__http" {
+resource "internet_to_snowflakes__http" "aws_security_group" {
     name = "internet_to_snowflakes__http"
     description = "Allow HTTP access to some oddball nodes."
     ingress {
@@ -100,7 +100,7 @@
     }
 }

-resource "aws_elb" "elb_for_collectors" {
+resource "elb_for_collectors" "aws_elb" {
     name = "elb-for-collectors"
     availability_zones = [
         "${aws_instance.collectors.*.availability_zone}"
@@ -128,7 +128,7 @@
     ]
 }

-resource "aws_elb" "elb_for_webheads" {
+resource "elb_for_webheads" "aws_elb" {
     name = "elb-for-webheads"
     availability_zones = [
         "${aws_instance.webheads.*.availability_zone}"
@@ -156,7 +156,7 @@
     ]
 }

-resource "aws_instance" "webheads" {
+resource "webheads" "aws_instance" {
     ami = "${lookup(var.base_ami, var.region)}"
     instance_type = "t2.micro"
     key_name = "${lookup(var.ssh_key_name, var.region)}"
@@ -179,7 +179,7 @@
     }
 }

-resource "aws_instance" "collectors" {
+resource "collectors" "aws_instance" {
     ami = "${lookup(var.base_ami, var.region)}"
     instance_type = "t2.micro"
     key_name = "${lookup(var.ssh_key_name, var.region)}"
@@ -202,7 +202,7 @@
     }
 }

-resource "aws_instance" "processors" {
+resource "processors" "aws_instance" {
     ami = "${lookup(var.base_ami, var.region)}"
     instance_type = "t2.micro"
     key_name = "${lookup(var.ssh_key_name, var.region)}"
@@ -213,7 +213,7 @@
     ]
 }

-resource "aws_instance" "middleware" {
+resource "middleware" "aws_instance" {
     ami = "${lookup(var.base_ami, var.region)}"
     instance_type = "t2.micro"
     key_name = "${lookup(var.ssh_key_name, var.region)}"
@@ -224,7 +224,7 @@
     ]
 }

-resource "aws_instance" "rabbitmq" {
+resource "rabbitmq" "aws_instance" {
     ami = "${lookup(var.base_ami, var.region)}"
     instance_type = "t2.micro"
     key_name = "${lookup(var.ssh_key_name, var.region)}"
@@ -235,7 +235,7 @@
     ]
 }

-resource "aws_instance" "elasticsearch" {
+resource "elasticsearch" "aws_instance" {
     ami = "${lookup(var.base_ami, var.region)}"
     instance_type = "t2.micro"
     key_name = "${lookup(var.ssh_key_name, var.region)}"
@@ -246,7 +246,7 @@
     ]
 }

-resource "aws_instance" "postgres" {
+resource "postgres" "aws_instance" {
     ami = "${lookup(var.base_ami, var.region)}"
     instance_type = "t2.micro"
     key_name = "${lookup(var.ssh_key_name, var.region)}"
@@ -257,7 +257,7 @@
     ]
 }

-resource "aws_instance" "crash-analysis" {
+resource "crash-analysis" "aws_instance" {
     ami = "${lookup(var.base_ami, var.region)}"
     instance_type = "t2.micro"
     key_name = "${lookup(var.ssh_key_name, var.region)}"
@@ -269,7 +269,7 @@
     ]
 }

-resource "aws_instance" "symbolapi" {
+resource "symbolapi" "aws_instance" {
     ami = "${lookup(var.base_ami, var.region)}"
     instance_type = "t2.micro"
     key_name = "${lookup(var.ssh_key_name, var.region)}"
@@ -281,7 +281,7 @@
     ]
 }

-resource "aws_instance" "admin_host" {
+resource "admin_host" "aws_instance" {
     ami = "${lookup(var.base_ami, var.region)}"
     instance_type = "t2.micro"
     key_name = "${lookup(var.ssh_key_name, var.region)}"

@EntropyWorks
Copy link 

provider:
  aws:
    access_key: ${var.access_key}
    region: ${var.region}
    secret_key: ${var.secret_key}
resource:
  admin_host:
    aws_instance:
      ami: ${lookup(var.base_ami, var.region)}
      count: 1
      instance_type: t2.micro
      key_name: ${lookup(var.ssh_key_name, var.region)}
      security_groups:
      - ${aws_security_group.internet_to_any__ssh.name}
      - ${aws_security_group.private_to_private__any.name}
  collectors:
    aws_instance:
      ami: ${lookup(var.base_ami, var.region)}
      count: 1
      instance_type: t2.micro
      key_name: ${lookup(var.ssh_key_name, var.region)}
      provisioner:
        remote-exec:
          connection:
            key_file: ${lookup(var.ssh_key_file, var.region)}
            port: ${var.alt_ssh_port}
            user: centos
          inline:
          - sudo sh -c 'echo collector > /var/www/html/index.html'
          - sudo systemctl start httpd
      security_groups:
      - ${aws_security_group.elb_to_webheads__http.name}
      - ${aws_security_group.internet_to_any__ssh.name}
      - ${aws_security_group.private_to_private__any.name}
  crash-analysis:
    aws_instance:
      ami: ${lookup(var.base_ami, var.region)}
      count: 1
      instance_type: t2.micro
      key_name: ${lookup(var.ssh_key_name, var.region)}
      security_groups:
      - ${aws_security_group.internet_to_any__ssh.name}
      - ${aws_security_group.internet_to_snowflakes__http.name}
      - ${aws_security_group.private_to_private__any.name}
  elasticsearch:
    aws_instance:
      ami: ${lookup(var.base_ami, var.region)}
      count: 1
      instance_type: t2.micro
      key_name: ${lookup(var.ssh_key_name, var.region)}
      security_groups:
      - ${aws_security_group.internet_to_any__ssh.name}
      - ${aws_security_group.private_to_private__any.name}
  elb_for_collectors:
    aws_elb:
      availability_zones:
      - ${aws_instance.collectors.*.availability_zone}
      instances:
      - ${aws_instance.collectors.*.id}
      listener:
        instance_port: 80
        instance_protocol: http
        lb_port: 80
        lb_protocol: http
      name: elb-for-collectors
      security_groups:
      - ${aws_security_group.internet_to_elb__http.id}
  elb_for_webheads:
    aws_elb:
      availability_zones:
      - ${aws_instance.webheads.*.availability_zone}
      instances:
      - ${aws_instance.webheads.*.id}
      listener:
        instance_port: 80
        instance_protocol: http
        lb_port: 80
        lb_protocol: http
      name: elb-for-webheads
      security_groups:
      - ${aws_security_group.internet_to_elb__http.id}
  elb_to_webheads__http:
    aws_security_group:
      description: Allow HTTP(S) from ELBs to webheads.
      ingress:
        from_port: 443
        protocol: tcp
        security_groups:
        - ${aws_security_group.internet_to_elb__http.id}
        to_port: 443
      name: elb_to_webheads__http
  internet_to_any__ssh:
    aws_security_group:
      description: Allow (alt) SSH to any given node.
      ingress:
        cidr_blocks:
        - 0.0.0.0/0
        from_port: ${var.alt_ssh_port}
        protocol: tcp
        to_port: ${var.alt_ssh_port}
      name: internet_to_any__ssh
  internet_to_elb__http:
    aws_security_group:
      description: Allow incoming traffic from Internet to HTTP(S) on ELBs.
      ingress:
        cidr_blocks:
        - 0.0.0.0/0
        from_port: 443
        protocol: tcp
        to_port: 443
      name: internet_to_elb__http
  internet_to_snowflakes__http:
    aws_security_group:
      description: Allow HTTP access to some oddball nodes.
      ingress:
        cidr_blocks:
        - 0.0.0.0/0
        from_port: 80
        protocol: tcp
        to_port: 80
      name: internet_to_snowflakes__http
  middleware:
    aws_instance:
      ami: ${lookup(var.base_ami, var.region)}
      count: 1
      instance_type: t2.micro
      key_name: ${lookup(var.ssh_key_name, var.region)}
      security_groups:
      - ${aws_security_group.internet_to_any__ssh.name}
      - ${aws_security_group.private_to_private__any.name}
  postgres:
    aws_instance:
      ami: ${lookup(var.base_ami, var.region)}
      count: 1
      instance_type: t2.micro
      key_name: ${lookup(var.ssh_key_name, var.region)}
      security_groups:
      - ${aws_security_group.internet_to_any__ssh.name}
      - ${aws_security_group.private_to_private__any.name}
  private_to_private__any:
    aws_security_group:
      description: Allow all private traffic.
      ingress:
        cidr_blocks:
        - 172.0.0.0/16
        from_port: '-1'
        protocol: icmp
        to_port: '-1'
      name: private_to_private__any
  processors:
    aws_instance:
      ami: ${lookup(var.base_ami, var.region)}
      count: 1
      instance_type: t2.micro
      key_name: ${lookup(var.ssh_key_name, var.region)}
      security_groups:
      - ${aws_security_group.internet_to_any__ssh.name}
      - ${aws_security_group.private_to_private__any.name}
  rabbitmq:
    aws_instance:
      ami: ${lookup(var.base_ami, var.region)}
      count: 1
      instance_type: t2.micro
      key_name: ${lookup(var.ssh_key_name, var.region)}
      security_groups:
      - ${aws_security_group.internet_to_any__ssh.name}
      - ${aws_security_group.private_to_private__any.name}
  symbolapi:
    aws_instance:
      ami: ${lookup(var.base_ami, var.region)}
      count: 1
      instance_type: t2.micro
      key_name: ${lookup(var.ssh_key_name, var.region)}
      security_groups:
      - ${aws_security_group.internet_to_any__ssh.name}
      - ${aws_security_group.internet_to_snowflakes__http.name}
      - ${aws_security_group.private_to_private__any.name}
  webheads:
    aws_instance:
      ami: ${lookup(var.base_ami, var.region)}
      count: 1
      instance_type: t2.micro
      key_name: ${lookup(var.ssh_key_name, var.region)}
      provisioner:
        remote-exec:
          connection:
            key_file: ${lookup(var.ssh_key_file, var.region)}
            port: ${var.alt_ssh_port}
            user: centos
          inline:
          - sudo sh -c 'echo web_server > /var/www/html/index.html'
          - sudo systemctl start httpd
      security_groups:
      - ${aws_security_group.elb_to_webheads__http.name}
      - ${aws_security_group.internet_to_any__ssh.name}
      - ${aws_security_group.private_to_private__any.name}

@EntropyWorks
Copy link

and from the above YAML to JSON..

{
  "provider": {
    "aws": {
      "access_key": "${var.access_key}",
      "region": "${var.region}",
      "secret_key": "${var.secret_key}"
    }
  },
  "resource": {
    "admin_host": {
      "aws_instance": {
        "ami": "${lookup(var.base_ami, var.region)}",
        "count": 1,
        "instance_type": "t2.micro",
        "key_name": "${lookup(var.ssh_key_name, var.region)}",
        "security_groups": [
          "${aws_security_group.internet_to_any__ssh.name}",
          "${aws_security_group.private_to_private__any.name}"
        ]
      }
    },
    "collectors": {
      "aws_instance": {
        "ami": "${lookup(var.base_ami, var.region)}",
        "count": 1,
        "instance_type": "t2.micro",
        "key_name": "${lookup(var.ssh_key_name, var.region)}",
        "provisioner": {
          "remote-exec": {
            "connection": {
              "key_file": "${lookup(var.ssh_key_file, var.region)}",
              "port": "${var.alt_ssh_port}",
              "user": "centos"
            },
            "inline": [
              "sudo sh -c 'echo collector > /var/www/html/index.html'",
              "sudo systemctl start httpd"
            ]
          }
        },
        "security_groups": [
          "${aws_security_group.elb_to_webheads__http.name}",
          "${aws_security_group.internet_to_any__ssh.name}",
          "${aws_security_group.private_to_private__any.name}"
        ]
      }
    },
    "crash-analysis": {
      "aws_instance": {
        "ami": "${lookup(var.base_ami, var.region)}",
        "count": 1,
        "instance_type": "t2.micro",
        "key_name": "${lookup(var.ssh_key_name, var.region)}",
        "security_groups": [
          "${aws_security_group.internet_to_any__ssh.name}",
          "${aws_security_group.internet_to_snowflakes__http.name}",
          "${aws_security_group.private_to_private__any.name}"
        ]
      }
    },
    "elasticsearch": {
      "aws_instance": {
        "ami": "${lookup(var.base_ami, var.region)}",
        "count": 1,
        "instance_type": "t2.micro",
        "key_name": "${lookup(var.ssh_key_name, var.region)}",
        "security_groups": [
          "${aws_security_group.internet_to_any__ssh.name}",
          "${aws_security_group.private_to_private__any.name}"
        ]
      }
    },
    "elb_for_collectors": {
      "aws_elb": {
        "availability_zones": [
          "${aws_instance.collectors.*.availability_zone}"
        ],
        "instances": [
          "${aws_instance.collectors.*.id}"
        ],
        "listener": {
          "instance_port": 80,
          "instance_protocol": "http",
          "lb_port": 80,
          "lb_protocol": "http"
        },
        "name": "elb-for-collectors",
        "security_groups": [
          "${aws_security_group.internet_to_elb__http.id}"
        ]
      }
    },
    "elb_for_webheads": {
      "aws_elb": {
        "availability_zones": [
          "${aws_instance.webheads.*.availability_zone}"
        ],
        "instances": [
          "${aws_instance.webheads.*.id}"
        ],
        "listener": {
          "instance_port": 80,
          "instance_protocol": "http",
          "lb_port": 80,
          "lb_protocol": "http"
        },
        "name": "elb-for-webheads",
        "security_groups": [
          "${aws_security_group.internet_to_elb__http.id}"
        ]
      }
    },
    "elb_to_webheads__http": {
      "aws_security_group": {
        "description": "Allow HTTP(S) from ELBs to webheads.",
        "ingress": {
          "from_port": 443,
          "protocol": "tcp",
          "security_groups": [
            "${aws_security_group.internet_to_elb__http.id}"
          ],
          "to_port": 443
        },
        "name": "elb_to_webheads__http"
      }
    },
    "internet_to_any__ssh": {
      "aws_security_group": {
        "description": "Allow (alt) SSH to any given node.",
        "ingress": {
          "cidr_blocks": [
            "0.0.0.0/0"
          ],
          "from_port": "${var.alt_ssh_port}",
          "protocol": "tcp",
          "to_port": "${var.alt_ssh_port}"
        },
        "name": "internet_to_any__ssh"
      }
    },
    "internet_to_elb__http": {
      "aws_security_group": {
        "description": "Allow incoming traffic from Internet to HTTP(S) on ELBs.",
        "ingress": {
          "cidr_blocks": [
            "0.0.0.0/0"
          ],
          "from_port": 443,
          "protocol": "tcp",
          "to_port": 443
        },
        "name": "internet_to_elb__http"
      }
    },
    "internet_to_snowflakes__http": {
      "aws_security_group": {
        "description": "Allow HTTP access to some oddball nodes.",
        "ingress": {
          "cidr_blocks": [
            "0.0.0.0/0"
          ],
          "from_port": 80,
          "protocol": "tcp",
          "to_port": 80
        },
        "name": "internet_to_snowflakes__http"
      }
    },
    "middleware": {
      "aws_instance": {
        "ami": "${lookup(var.base_ami, var.region)}",
        "count": 1,
        "instance_type": "t2.micro",
        "key_name": "${lookup(var.ssh_key_name, var.region)}",
        "security_groups": [
          "${aws_security_group.internet_to_any__ssh.name}",
          "${aws_security_group.private_to_private__any.name}"
        ]
      }
    },
    "postgres": {
      "aws_instance": {
        "ami": "${lookup(var.base_ami, var.region)}",
        "count": 1,
        "instance_type": "t2.micro",
        "key_name": "${lookup(var.ssh_key_name, var.region)}",
        "security_groups": [
          "${aws_security_group.internet_to_any__ssh.name}",
          "${aws_security_group.private_to_private__any.name}"
        ]
      }
    },
    "private_to_private__any": {
      "aws_security_group": {
        "description": "Allow all private traffic.",
        "ingress": {
          "cidr_blocks": [
            "172.0.0.0/16"
          ],
          "from_port": "-1",
          "protocol": "icmp",
          "to_port": "-1"
        },
        "name": "private_to_private__any"
      }
    },
    "processors": {
      "aws_instance": {
        "ami": "${lookup(var.base_ami, var.region)}",
        "count": 1,
        "instance_type": "t2.micro",
        "key_name": "${lookup(var.ssh_key_name, var.region)}",
        "security_groups": [
          "${aws_security_group.internet_to_any__ssh.name}",
          "${aws_security_group.private_to_private__any.name}"
        ]
      }
    },
    "rabbitmq": {
      "aws_instance": {
        "ami": "${lookup(var.base_ami, var.region)}",
        "count": 1,
        "instance_type": "t2.micro",
        "key_name": "${lookup(var.ssh_key_name, var.region)}",
        "security_groups": [
          "${aws_security_group.internet_to_any__ssh.name}",
          "${aws_security_group.private_to_private__any.name}"
        ]
      }
    },
    "symbolapi": {
      "aws_instance": {
        "ami": "${lookup(var.base_ami, var.region)}",
        "count": 1,
        "instance_type": "t2.micro",
        "key_name": "${lookup(var.ssh_key_name, var.region)}",
        "security_groups": [
          "${aws_security_group.internet_to_any__ssh.name}",
          "${aws_security_group.internet_to_snowflakes__http.name}",
          "${aws_security_group.private_to_private__any.name}"
        ]
      }
    },
    "webheads": {
      "aws_instance": {
        "ami": "${lookup(var.base_ami, var.region)}",
        "count": 1,
        "instance_type": "t2.micro",
        "key_name": "${lookup(var.ssh_key_name, var.region)}",
        "provisioner": {
          "remote-exec": {
            "connection": {
              "key_file": "${lookup(var.ssh_key_file, var.region)}",
              "port": "${var.alt_ssh_port}",
              "user": "centos"
            },
            "inline": [
              "sudo sh -c 'echo web_server > /var/www/html/index.html'",
              "sudo systemctl start httpd"
            ]
          }
        },
        "security_groups": [
          "${aws_security_group.elb_to_webheads__http.name}",
          "${aws_security_group.internet_to_any__ssh.name}",
          "${aws_security_group.private_to_private__any.name}"
        ]
      }
    }
  }
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment