Last active
October 3, 2022 22:17
-
-
Save tbeyer567/d5a6c081ae949ac612cc8bddfa1dc807 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| provider "aws" { | |
| region = var.region | |
| } | |
| resource "aws_vpc" "main" { | |
| cidr_block = var.vpc_cidr_block | |
| enable_dns_hostnames = true | |
| tags = { | |
| Name = var.vpc_name | |
| } | |
| } | |
| resource "aws_key_pair" "vault" { | |
| key_name = var.machine_key_name | |
| public_key = var.pub_key | |
| } | |
| resource "aws_subnet" "subnet01" { | |
| vpc_id = aws_vpc.main.id | |
| cidr_block = var.subnet01_cidr_block | |
| availability_zone = var.subnet01_az | |
| map_public_ip_on_launch = var.map_public_ip_on_launch | |
| tags = { | |
| Name = var.subnet01_name | |
| } | |
| } | |
| resource "aws_subnet" "subnet02" { | |
| vpc_id = aws_vpc.main.id | |
| cidr_block = var.subnet02_cidr_block | |
| availability_zone = var.subnet02_az | |
| map_public_ip_on_launch = var.map_public_ip_on_launch | |
| tags = { | |
| Name = var.subnet02_name | |
| } | |
| } | |
| resource "aws_subnet" "subnet03" { | |
| vpc_id = aws_vpc.main.id | |
| cidr_block = var.subnet03_cidr_block | |
| availability_zone = var.subnet03_az | |
| map_public_ip_on_launch = var.map_public_ip_on_launch | |
| tags = { | |
| Name = var.subnet03_name | |
| } | |
| } | |
| resource "aws_internet_gateway" "gw" { | |
| vpc_id = aws_vpc.main.id | |
| tags = { | |
| Name = var.internet_gateway_name | |
| } | |
| } | |
| resource "aws_route_table" "main" { | |
| vpc_id = aws_vpc.main.id | |
| route { | |
| cidr_block = "0.0.0.0/0" | |
| gateway_id = aws_internet_gateway.gw.id | |
| } | |
| } | |
| resource "aws_kms_key" "unseal" { | |
| description = "Vault KMS autounseal" | |
| deletion_window_in_days = var.unseal_key_deletion_window | |
| } | |
| resource "aws_secretsmanager_secret" "license" { | |
| name = "vault-license" | |
| } | |
| resource "aws_secretsmanager_secret_version" "license" { | |
| secret_id = aws_secretsmanager_secret.license.id | |
| secret_string = file("files/license.hclic") | |
| } | |
| resource "aws_secretsmanager_secret" "cert" { | |
| name = "vault-cert" | |
| } | |
| resource "aws_secretsmanager_secret_version" "cert" { | |
| secret_id = aws_secretsmanager_secret.cert.id | |
| secret_string = file("files/cert.pem") | |
| } | |
| resource "aws_secretsmanager_secret" "key" { | |
| name = "vault-key" | |
| } | |
| resource "aws_secretsmanager_secret_version" "key" { | |
| secret_id = aws_secretsmanager_secret.key.id | |
| secret_string = file("files/key.pem") | |
| } | |
| resource "aws_secretsmanager_secret" "ca" { | |
| name = "vault-ca" | |
| } | |
| resource "aws_secretsmanager_secret_version" "ca" { | |
| secret_id = aws_secretsmanager_secret.ca.id | |
| secret_string = file("files/ca.pem") | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| variable "region" { | |
| description = "AWS region to deploy to" | |
| type = string | |
| default = "us-west-2" | |
| } | |
| variable "vpc_cidr_block" { | |
| description = "CIDR block allocated to VPC" | |
| type = string | |
| default = "10.0.0.0/16" | |
| } | |
| variable "pub_key" { | |
| description = "SSH public key" | |
| type = string | |
| } | |
| variable "vpc_name" { | |
| description = "VPC name in AWS" | |
| type = string | |
| } | |
| variable "machine_key_name" { | |
| description = "Name for SSH key pair" | |
| type = string | |
| default = " | |
| } | |
| variable "unseal_key_deletion_window" { | |
| description = "Deletion window, in days, to protect unseal key" | |
| type = number | |
| default = 7 | |
| } | |
| variable "map_public_ip_on_launch" { | |
| description = "Automatically assign public ip addresses to machines" | |
| type = bool | |
| default = false | |
| } | |
| variable "internet_gateway_name" { | |
| description = "Name of internet gateway attached to VPC." | |
| type = string | |
| default = "InternetGateway" | |
| } | |
| # subnet01 vars | |
| variable "subnet01_cidr_block" { | |
| description = "CIDR block for subnet01 must be subset of VPC CIDR block" | |
| type = string | |
| default = "10.0.1.0/24" | |
| } | |
| variable "subnet01_az" { | |
| description = "Availability Zone for subnet01" | |
| type = string | |
| default = "us-west-2a" | |
| } | |
| variable "subnet01_name" { | |
| description = "Name of first subnet to be deployed." | |
| type = string | |
| default = "subnet01" | |
| } | |
| # subnet02 vars | |
| variable "subnet02_cidr_block" { | |
| description = "CIDR block for subnet02 must be subset of VPC CIDR block" | |
| type = string | |
| default = "10.0.2.0/24" | |
| } | |
| variable "subnet02_az" { | |
| description = "Availability Zone for subnet02" | |
| type = string | |
| default = "us-west-2b" | |
| } | |
| variable "subnet02_name" { | |
| description = "Name of second subnet to be deployed." | |
| type = string | |
| default = "subnet01" | |
| } | |
| # subnet03 vars | |
| variable "subnet03_cidr_block" { | |
| description = "CIDR block for subnet03 must be subset of VPC CIDR block" | |
| type = string | |
| default = "10.0.3.0/24" | |
| } | |
| variable "subnet03_az" { | |
| description = "Availability Zone for subnet03" | |
| type = string | |
| default = "us-west-2c" | |
| } | |
| variable "subnet03_name" { | |
| description = "Name of third subnet to be deployed." | |
| type = string | |
| default = "subnet03" | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment