-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.tf
144 lines (113 loc) · 2.95 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "5.19.0"
}
}
}
#############
# Variables #
#############
variable "region" {
description = "AWS region"
type = string
default = "us-east-1"
}
variable "key_name" {
description = "Key name for SSH access - hardcoded for demonstration purposes"
type = string
default = "test"
}
variable "vpc_id" {
description = "The VPC ID — hardcoded for demonstration purposes"
type = string
default = "vpc-139b3769" # default VPC
}
variable "ami" {
description = "The AMI output from packer — hardcoded for demonstration purposes"
type = string
default = "ami-0d2957906d48b28b1"
}
#############
# Providers #
#############
provider "aws" {
region = var.region
}
##########
# Locals #
##########
locals {
tags = {
repo = "traefik-test"
}
}
################
# Data sources #
################
data "aws_vpc" "default" {
id = var.vpc_id
}
#############
# Resources #
#############
# Consider more restrictive security group rules
resource "aws_security_group" "allow_all" {
description = "Allow all public traffic"
vpc_id = data.aws_vpc.default.id
ingress {
description = "Allow all inbound public traffic"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
}
egress {
description = "Allow all outbound public traffic"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
}
tags = local.tags
}
# TODO(kevinwang): Side quest to understand EBS usage
# resource "aws_ebs_volume" "shared-storage" {
# availability_zone = "us-east-1a"
# size = 10
# tags = local.tags
# }
# TODO(kevinwang): Side quest to understand EBS usage
# resource "aws_volume_attachment" "ebs_att" {
# device_name = "/dev/sdh"
# volume_id = aws_ebs_volume.shared-storage.id
# instance_id = aws_instance.nomad-leader.id
# }
resource "aws_instance" "nomad-leader" {
ami = var.ami
instance_type = "t2.large"
key_name = var.key_name
vpc_security_group_ids = [aws_security_group.allow_all.id]
tags = local.tags
}
###########
# Outputs #
###########
output "nomad_acl_bootstrap_reminder" {
value = <<EOT
################################################
# Reminder to bootstrap ACLs on initial launch #
################################################
export NOMAD_ADDR=http://${aws_instance.nomad-leader.public_ip}:4646
export NOMAD_TOKEN=$(nomad acl bootstrap -json | jq -r '.SecretID')
export NOMAD_VAR_token_for_traefik=$NOMAD_TOKEN
######################
# SSH Helper command #
######################
ssh -i ~/Downloads/test.pem ec2-user@${aws_instance.nomad-leader.public_dns}
EOT
description = "convenience command to bootstrap ACLs"
}