From 0e1eefe5651319db45efa957963d315c29dfaa3e Mon Sep 17 00:00:00 2001 From: Josh Gubler Date: Tue, 7 Apr 2020 16:45:45 -0600 Subject: [PATCH] update acs-info --- README.md | 5 ++--- examples/module/example.tf | 7 +++---- main.tf | 29 ++++++++++++----------------- variables.tf | 7 +------ 4 files changed, 18 insertions(+), 30 deletions(-) diff --git a/README.md b/README.md index 7745bcf..b4aadc9 100644 --- a/README.md +++ b/README.md @@ -37,7 +37,7 @@ provider "aws" { } module "bastion" { - source = "github.com/byu-oit/terraform-aws-bastion.git?ref=v1.1.2" + source = "github.com/byu-oit/terraform-aws-bastion.git?ref=v1.2.0" env = "prd" vpc_vpn_to_campus = true netid = "mynetid" @@ -72,8 +72,7 @@ The bastion is really intended to be ephemeral (spin it up, use it, tear it down ## Input | Name | Type |Description | Default Value | | --- | --- | --- | --- | -| dept_abbr| string | AWS Account department abbreviation (e.g. oit, trn) | oit | -| env | string | Environment of the AWS Account (for finding the shared VPC and tagging the bastion) (e.g. dev, prd)| | +| env | string | Environment (for tagging the bastion) (e.g. dev, prd)| | | vpc_vpn_to_campus | bool | Set to true if the bastion needs to be in the VPC that has VPN access to campus | false | | netid | string | Your Net ID (for naming the bastion) | | | public_key | string | Public SSH Key (e.g. \"ssh-rsa AA....Qw== comment\"). | | diff --git a/examples/module/example.tf b/examples/module/example.tf index 165cd67..d4514c5 100644 --- a/examples/module/example.tf +++ b/examples/module/example.tf @@ -4,12 +4,11 @@ provider "aws" { } module "bastion" { - source = "github.com/byu-oit/terraform-aws-bastion.git?ref=v1.1.2" - #source = "../../" - dept_abbr = "ces" + source = "github.com/byu-oit/terraform-aws-bastion.git?ref=v1.2.0" + #source = "../../" env = "dev" vpc_vpn_to_campus = false - netid = "mynetid" + netid = "jgubler" public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCwWVPlHpRiXGBmB/VG6PUeJ/Ev+Y39n5PBI4DW3ZMDT1g32nEUjzKtxK6KwVzYFQBhReMO2ry4uSTiNIzuOtHk/OCfcdPc8wbW3RlHBgbqs6p7DfYRJAXJCnWEjovijaVY0lyL4+7/YuprZwBaA2NfUIRN8UwVxZck3ULMnCK6BKog0UAE9NQZ9Z0vAtgLYPo9eVJEuGrxEszN29X+4Fl6u3T8x0XQ9EoMWU4YNwKfzBIof3th9Cbv4+FlEKpOFYuCc5vB2NPotalN8phEUqnvtsDkmCLAop6+MrUlnNNYIzmh2RLeqDF+M/ZnX8xb+V/mT9vARVcdcYCxKYeyXLvT example" #ingress_cidrs = ["128.187.112.21/32"] # optional (defaults to BYU Campus) #subnet_type = "private" # optional (defaults to public) (if anything other than "public", you'll need to use another bastion, vpn, etc. to ssh in.) diff --git a/main.tf b/main.tf index bf03e3c..d51626c 100644 --- a/main.tf +++ b/main.tf @@ -6,19 +6,11 @@ terraform { } module "acs" { - source = "github.com/byu-oit/terraform-aws-acs-info.git?ref=v1.2.2" - dept_abbr = var.dept_abbr - env = var.env + source = "github.com/byu-oit/terraform-aws-acs-info.git?ref=v2.1.0" vpc_vpn_to_campus = var.vpc_vpn_to_campus } -resource "aws_instance" "bastion" { - ami = "ami-0c5204531f799e0c6" - instance_type = "t2.micro" - key_name = aws_key_pair.key.key_name - subnet_id = module.acs["${var.subnet_type}_subnet_ids"][0] - vpc_security_group_ids = [aws_security_group.sg.id] - +locals { tags = { Name = "${var.netid}-bastion" app = "${var.netid}-bastion" @@ -27,10 +19,20 @@ resource "aws_instance" "bastion" { } } +resource "aws_instance" "bastion" { + ami = "ami-0c5204531f799e0c6" + instance_type = "t2.micro" + key_name = aws_key_pair.key.key_name + subnet_id = module.acs["${var.subnet_type}_subnet_ids"][0] + vpc_security_group_ids = [aws_security_group.sg.id] + tags = local.tags +} + resource "aws_security_group" "sg" { name = "${var.netid}-bastion" description = "${var.netid}-bastion" vpc_id = module.acs.vpc.id + tags = local.tags ingress { from_port = 22 @@ -45,13 +47,6 @@ resource "aws_security_group" "sg" { protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } - - tags = { - Name = "${var.netid}-bastion" - app = "${var.netid}-bastion" - env = var.env - data-sensitivity = "internal" - } } resource "aws_key_pair" "key" { diff --git a/variables.tf b/variables.tf index bec97ab..e808f08 100644 --- a/variables.tf +++ b/variables.tf @@ -1,11 +1,6 @@ -variable "dept_abbr" { - type = string - default = "oit" - description = "Abbreviation of the department type of account (e.g. oit, trn), defaults to oit." -} variable "env" { type = string - description = "Account environment (for finding the shared VPC and tagging the bastion) (e.g. dev, prd)." + description = "Environment (for tagging the bastion) (e.g. dev, prd)." } variable "vpc_vpn_to_campus" {