├── .gitignore ├── environment-variables.tf ├── provider-config.tf ├── provider-variables.tf ├── vpc-variables.tf ├── vpc-config.tf ├── instances-variables.tf ├── subnets-config.tf ├── my_first_vpc_environment.tfvariables ├── route_tables-config.tf ├── instances-config.tf └── security_groups-config.tf /.gitignore: -------------------------------------------------------------------------------- 1 | .idea 2 | -------------------------------------------------------------------------------- /environment-variables.tf: -------------------------------------------------------------------------------- 1 | variable "environment_name" { 2 | default = "undefined-environment" 3 | } 4 | -------------------------------------------------------------------------------- /provider-config.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | access_key = "${var.provider.access_key}" 3 | secret_key = "${var.provider.secret_key}" 4 | region = "${var.provider.region}" 5 | } 6 | -------------------------------------------------------------------------------- /provider-variables.tf: -------------------------------------------------------------------------------- 1 | variable "provider" { 2 | default = { 3 | access_key = "[SECRET]" 4 | secret_key = "[SECRET]" 5 | region = "eu-west-1" 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /vpc-variables.tf: -------------------------------------------------------------------------------- 1 | variable "vpc" { 2 | default = { 3 | owner_id = "unknown" 4 | cidr_block = "10.changeit.0.0/16" 5 | } 6 | } 7 | variable "vpc_public_subnet" { 8 | default = { 9 | cidr_block = "10.changeit.0.0/24" 10 | availability_zone = "changeit" 11 | } 12 | } 13 | variable "vpc_private_subnet" { 14 | default = { 15 | cidr_block = "10.changeit.1.0/24" 16 | availability_zone = "changeit" 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /vpc-config.tf: -------------------------------------------------------------------------------- 1 | resource "aws_vpc" "environment" { 2 | cidr_block = "${var.vpc.cidr_block}" 3 | 4 | tags { 5 | Name = "${var.environment_name}-vpc" 6 | Environment = "${var.environment_name}" 7 | } 8 | } 9 | 10 | resource "aws_internet_gateway" "environment" { 11 | vpc_id = "${aws_vpc.environment.id}" 12 | 13 | tags { 14 | Name = "${var.environment_name}-internet-gateway" 15 | Environment = "${var.environment_name}" 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /instances-variables.tf: -------------------------------------------------------------------------------- 1 | variable "nat" { 2 | default = { 3 | ami_image = "ami-14913f63" 4 | availability_zone = "unknown" 5 | key_name = "unknown" 6 | } 7 | } 8 | 9 | variable "web-proxy" { 10 | default = { 11 | ami_image = "ami-2c90315b" 12 | availability_zone = "unknown" 13 | key_name = "unknown" 14 | } 15 | } 16 | 17 | variable "database" { 18 | default = { 19 | ami_image = "ami-2c90315b" 20 | availability_zone = "unknown" 21 | key_name = "unknown" 22 | } 23 | } 24 | 25 | variable "services" { 26 | default = { 27 | ami_image = "ami-2c90315b" 28 | availability_zone = "unknown" 29 | key_name = "unknown" 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /subnets-config.tf: -------------------------------------------------------------------------------- 1 | resource "aws_subnet" "public-subnet" { 2 | vpc_id = "${aws_vpc.environment.id}" 3 | cidr_block = "${var.vpc_public_subnet.cidr_block}" 4 | availability_zone = "${var.vpc_public_subnet.availability_zone}" 5 | 6 | tags { 7 | Name = "${var.environment_name}-public-subnet" 8 | Environment = "${var.environment_name}" 9 | } 10 | } 11 | 12 | resource "aws_subnet" "private-subnet" { 13 | vpc_id = "${aws_vpc.environment.id}" 14 | cidr_block = "${var.vpc_private_subnet.cidr_block}" 15 | availability_zone = "${var.vpc_private_subnet.availability_zone}" 16 | 17 | tags { 18 | Name = "${var.environment_name}-private-subnet" 19 | Environment = "${var.environment_name}" 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /my_first_vpc_environment.tfvariables: -------------------------------------------------------------------------------- 1 | # Environment name 2 | environment_name = "my_first_vpc_environment" 3 | 4 | # Provider 5 | provider.access_key = "[SECRET]" 6 | provider.secret_key = "[SECRET" 7 | provider.region = "eu-west-1" 8 | 9 | # VPC 10 | vpc.owner_id = "[SECRET]" 11 | vpc.cidr_block = "10.0.0.0/16" 12 | 13 | vpc_public_subnet.cidr_block = "10.0.0.0/24" 14 | vpc_public_subnet.availability_zone = "eu-west-1a" 15 | 16 | vpc_private_subnet.cidr_block = "10.0.1.0/24" 17 | vpc_private_subnet.availability_zone = "eu-west-1a" 18 | 19 | # Instances 20 | nat.key_name = "my_first_vpc_environment" 21 | nat.availability_zone = "eu-west-1a" 22 | 23 | web-proxy.key_name = "my_first_vpc_environment" 24 | web-proxy.availability_zone = "eu-west-1a" 25 | 26 | database.key_name = "my_first_vpc_environment" 27 | database.availability_zone = "eu-west-1a" 28 | 29 | services.key_name = "my_first_vpc_environment" 30 | services.availability_zone = "eu-west-1a" 31 | 32 | 33 | 34 | 35 | -------------------------------------------------------------------------------- /route_tables-config.tf: -------------------------------------------------------------------------------- 1 | resource "aws_route_table" "public-subnet" { 2 | vpc_id = "${aws_vpc.environment.id}" 3 | 4 | route { 5 | cidr_block = "0.0.0.0/0" 6 | gateway_id = "${aws_internet_gateway.environment.id}" 7 | } 8 | 9 | tags { 10 | Name = "${var.environment_name}-public-subnet-route-table" 11 | Environment = "${var.environment_name}" 12 | } 13 | } 14 | 15 | resource "aws_route_table_association" "public-subnet" { 16 | subnet_id = "${aws_subnet.public-subnet.id}" 17 | route_table_id = "${aws_route_table.public-subnet.id}" 18 | } 19 | 20 | resource "aws_route_table" "private-subnet" { 21 | vpc_id = "${aws_vpc.environment.id}" 22 | 23 | route { 24 | cidr_block = "0.0.0.0/0" 25 | instance_id = "${aws_instance.nat.id}" 26 | } 27 | 28 | tags { 29 | Name = "${var.environment_name}-private-subnet-route-table" 30 | Environment = "${var.environment_name}" 31 | } 32 | } 33 | 34 | resource "aws_route_table_association" "private-subnet" { 35 | subnet_id = "${aws_subnet.private-subnet.id}" 36 | route_table_id = "${aws_route_table.private-subnet.id}" 37 | } 38 | -------------------------------------------------------------------------------- /instances-config.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "nat" { 2 | ami = "${var.nat.ami_image}" 3 | availability_zone = "${var.nat.availability_zone}" 4 | instance_type = "t2.micro" 5 | key_name = "${var.nat.key_name}" 6 | security_groups = ["${aws_security_group.nat.id}"] 7 | subnet_id = "${aws_subnet.public-subnet.id}" 8 | associate_public_ip_address = true 9 | source_dest_check = false 10 | 11 | tags { 12 | Name = "${var.environment_name}-nat" 13 | Environment = "${var.environment_name}" 14 | } 15 | } 16 | 17 | resource "aws_eip" "nat" { 18 | instance = "${aws_instance.nat.id}" 19 | vpc = true 20 | } 21 | 22 | resource "aws_instance" "web-proxy" { 23 | ami = "${var.web-proxy.ami_image}" 24 | availability_zone = "${var.web-proxy.availability_zone}" 25 | instance_type = "t2.micro" 26 | key_name = "${var.web-proxy.key_name}" 27 | security_groups = ["${aws_security_group.public.id}"] 28 | subnet_id = "${aws_subnet.public-subnet.id}" 29 | associate_public_ip_address = true 30 | source_dest_check = true 31 | 32 | tags { 33 | Name = "${var.environment_name}-web-proxy" 34 | Environment = "${var.environment_name}" 35 | } 36 | } 37 | 38 | resource "aws_eip" "web-proxy" { 39 | instance = "${aws_instance.web-proxy.id}" 40 | vpc = true 41 | } 42 | 43 | resource "aws_instance" "database" { 44 | ami = "${var.database.ami_image}" 45 | availability_zone = "${var.database.availability_zone}" 46 | instance_type = "t2.micro" 47 | key_name = "${var.database.key_name}" 48 | security_groups = ["${aws_security_group.private.id}"] 49 | subnet_id = "${aws_subnet.private-subnet.id}" 50 | associate_public_ip_address = false 51 | source_dest_check = true 52 | 53 | tags { 54 | Name = "${var.environment_name}-database" 55 | Environment = "${var.environment_name}" 56 | } 57 | } 58 | 59 | resource "aws_instance" "service" { 60 | ami = "${var.services.ami_image}" 61 | availability_zone = "${var.services.availability_zone}" 62 | instance_type = "t2.micro" 63 | key_name = "${var.services.key_name}" 64 | security_groups = ["${aws_security_group.private.id}"] 65 | subnet_id = "${aws_subnet.private-subnet.id}" 66 | associate_public_ip_address = false 67 | source_dest_check = true 68 | count = 3 69 | 70 | tags { 71 | Name = "${var.environment_name}-service-${count.index}" 72 | Environment = "${var.environment_name}" 73 | } 74 | } 75 | -------------------------------------------------------------------------------- /security_groups-config.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "nat" { 2 | name = "${var.environment_name}-nat" 3 | 4 | ingress { 5 | from_port = 22 6 | to_port = 22 7 | protocol = "tcp" 8 | cidr_blocks = ["0.0.0.0/0"] 9 | } 10 | ingress { 11 | from_port = 123 12 | to_port = 123 13 | protocol = "udp" 14 | cidr_blocks = ["0.0.0.0/0"] 15 | } 16 | ingress { 17 | from_port = 80 18 | to_port = 80 19 | protocol = "tcp" 20 | cidr_blocks = ["${var.vpc_private_subnet.cidr_block}"] 21 | } 22 | ingress { 23 | from_port = 443 24 | to_port = 443 25 | protocol = "tcp" 26 | cidr_blocks = ["${var.vpc_private_subnet.cidr_block}"] 27 | } 28 | 29 | egress { 30 | from_port = 123 31 | to_port = 123 32 | protocol = "udp" 33 | cidr_blocks = ["0.0.0.0/0"] 34 | } 35 | egress { 36 | from_port = 80 37 | to_port = 80 38 | protocol = "tcp" 39 | cidr_blocks = ["0.0.0.0/0"] 40 | } 41 | egress { 42 | from_port = 443 43 | to_port = 443 44 | protocol = "tcp" 45 | cidr_blocks = ["0.0.0.0/0"] 46 | } 47 | 48 | vpc_id = "${aws_vpc.environment.id}" 49 | tags { 50 | Name = "${var.environment_name}-nat-security-group" 51 | Environment = "${var.environment_name}" 52 | } 53 | } 54 | 55 | resource "aws_security_group" "public" { 56 | name = "${var.environment_name}-public" 57 | 58 | ingress { 59 | from_port = 22 60 | to_port = 22 61 | protocol = "tcp" 62 | cidr_blocks = ["0.0.0.0/0"] 63 | } 64 | ingress { 65 | from_port = 80 66 | to_port = 80 67 | protocol = "tcp" 68 | cidr_blocks = ["0.0.0.0/0"] 69 | } 70 | ingress { 71 | from_port = 443 72 | to_port = 443 73 | protocol = "tcp" 74 | cidr_blocks = ["0.0.0.0/0"] 75 | } 76 | egress { 77 | from_port = 0 78 | to_port = 0 79 | protocol = "-1" 80 | cidr_blocks = ["0.0.0.0/0"] 81 | } 82 | 83 | vpc_id = "${aws_vpc.environment.id}" 84 | tags { 85 | Name = "${var.environment_name}-public-security-group" 86 | Environment = "${var.environment_name}" 87 | } 88 | } 89 | 90 | resource "aws_security_group" "private" { 91 | name = "${var.environment_name}-private" 92 | 93 | ingress { 94 | from_port = 22 95 | to_port = 22 96 | protocol = "tcp" 97 | cidr_blocks = ["${var.vpc_public_subnet.cidr_block}"] 98 | } 99 | ingress { 100 | from_port = 80 101 | to_port = 80 102 | protocol = "tcp" 103 | cidr_blocks = ["${var.vpc_public_subnet.cidr_block}"] 104 | } 105 | ingress { 106 | from_port = 443 107 | to_port = 443 108 | protocol = "tcp" 109 | cidr_blocks = ["${var.vpc_public_subnet.cidr_block}"] 110 | } 111 | ingress { 112 | from_port = 8080 113 | to_port = 8080 114 | protocol = "tcp" 115 | cidr_blocks = ["${var.vpc_public_subnet.cidr_block}", "${var.vpc_private_subnet.cidr_block}"] 116 | } 117 | egress { 118 | from_port = 0 119 | to_port = 0 120 | protocol = "-1" 121 | cidr_blocks = ["0.0.0.0/0"] 122 | } 123 | 124 | vpc_id = "${aws_vpc.environment.id}" 125 | tags { 126 | Name = "${var.environment_name}-private-security-group" 127 | Environment = "${var.environment_name}" 128 | } 129 | } 130 | --------------------------------------------------------------------------------