-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.tf
86 lines (70 loc) · 2.16 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
/* Start with adding the local variables, which will be used throughout the script ami-id of the instance */
locals {
ami_id = "ami-09e67e426f25ce0d7"
vpc_id = "vpc-"
ssh_user = "ubuntu"
key_name = "capkey" # the name should match with the name on cloud
instance_count = 3
private_key_path = "/home/ubuntu/Capstone-K8S-Infra/capkey.pem"
}
/* Declare the provider and other required information linked with it, access key, secret key and token as per AWS
(Any cloud provider you are using) */
provider "aws" {
region = "us-east-1"
access_key = "key"
secret_key = "key"
token = "token"
}
/* [4.1] Creating a security group with the name of k8saccess and setting ingress egress security rules, it will automatically use the vac id from variables declared in local. */
resource "aws_security_group" "k8saccess" {
name = "cap_access"
vpc_id = local.vpc_id
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
# Resource creation using local variables - ami, security group and key.
resource "aws_instance" "web" {
count = local.instance_count
ami = local.ami_id
instance_type = "t2.medium"
associate_public_ip_address = "true"
vpc_security_group_ids =[aws_security_group.k8saccess.id]
key_name = local.key_name
tags = {
Name = "cap-ec2"
}
/* Setting up connection as we want to use ssh for Ansible configurations to run. Again using local variables for host ip, user name, and security key */
connection {
type = "ssh"
host = self.public_ip
user = local.ssh_user
private_key = file(local.private_key_path)
timeout = "4m"
}
# Just to confirm whether our remote access is working
provisioner "remote-exec" {
inline = [
"hostname"
]
}
/* copying the remote machine ip to our local machine into my hosts file using local-exec */
provisioner "local-exec" {
command = "echo ${self.public_ip} >> myhosts"
}
}