122 lines
2.7 KiB
HCL
122 lines
2.7 KiB
HCL
resource "aws_key_pair" "titanium" {
|
|
key_name = "titanium"
|
|
public_key = file(var.ssh_public_key_file)
|
|
}
|
|
|
|
resource "aws_vpc" "embassy" {
|
|
# whatever
|
|
cidr_block = "172.32.0.0/16"
|
|
}
|
|
|
|
resource "aws_subnet" "embassy" {
|
|
vpc_id = aws_vpc.embassy.id
|
|
cidr_block = cidrsubnet(aws_vpc.embassy.cidr_block, 8, 1)
|
|
availability_zone = "us-west-2a"
|
|
}
|
|
|
|
resource "aws_internet_gateway" "embassy" {
|
|
vpc_id = aws_vpc.embassy.id
|
|
}
|
|
|
|
resource "aws_security_group" "embassy" {
|
|
vpc_id = aws_vpc.embassy.id
|
|
|
|
ingress {
|
|
from_port = 22
|
|
to_port = 22
|
|
protocol = "tcp"
|
|
cidr_blocks = ["0.0.0.0/0"]
|
|
}
|
|
|
|
# wireguard
|
|
ingress {
|
|
from_port = 51820
|
|
to_port = 51820
|
|
protocol = "udp"
|
|
cidr_blocks = ["0.0.0.0/0"]
|
|
}
|
|
|
|
# everything else
|
|
ingress {
|
|
from_port = 10000
|
|
to_port = 40000
|
|
protocol = "tcp"
|
|
cidr_blocks = ["0.0.0.0/0"]
|
|
}
|
|
|
|
ingress {
|
|
from_port = 10000
|
|
to_port = 40000
|
|
protocol = "udp"
|
|
cidr_blocks = ["0.0.0.0/0"]
|
|
}
|
|
|
|
egress {
|
|
from_port = 0
|
|
to_port = 0
|
|
protocol = "-1"
|
|
cidr_blocks = ["0.0.0.0/0"]
|
|
}
|
|
}
|
|
|
|
resource "aws_route_table" "embassy" {
|
|
vpc_id = aws_vpc.embassy.id
|
|
|
|
route {
|
|
cidr_block = "0.0.0.0/0"
|
|
gateway_id = aws_internet_gateway.embassy.id
|
|
}
|
|
}
|
|
|
|
resource "aws_route_table_association" "embassy_assoc" {
|
|
subnet_id = aws_subnet.embassy.id
|
|
route_table_id = aws_route_table.embassy.id
|
|
}
|
|
|
|
resource "aws_network_interface" "embassy" {
|
|
subnet_id = aws_subnet.embassy.id
|
|
# Required for private_ip_list
|
|
private_ip_list_enabled = true
|
|
# private_ips aren't ordered meaning this NIC and its dependent resources may
|
|
# be re-created upon changing the number of IPs.
|
|
# private_ip_list, however, _is_ ordered, hence why we use it over private_ips
|
|
private_ip_list = [
|
|
for i in range(var.ip_count) : cidrhost(aws_subnet.embassy.cidr_block, i + 32)
|
|
]
|
|
security_groups = [aws_security_group.embassy.id]
|
|
}
|
|
|
|
resource "aws_instance" "embassy" {
|
|
ami = "ami-00c257e12d6828491"
|
|
instance_type = "t2.micro"
|
|
|
|
availability_zone = aws_subnet.embassy.availability_zone
|
|
key_name = aws_key_pair.titanium.key_name
|
|
|
|
network_interface {
|
|
network_interface_id = aws_network_interface.embassy.id
|
|
device_index = 0
|
|
}
|
|
|
|
tags = {
|
|
Name = "embassy-01"
|
|
}
|
|
}
|
|
|
|
resource "aws_eip" "eip" {
|
|
count = var.ip_count
|
|
}
|
|
|
|
resource "aws_eip_association" "eip_assoc" {
|
|
count = var.ip_count
|
|
network_interface_id = aws_network_interface.embassy.id
|
|
allocation_id = aws_eip.eip[count.index].id
|
|
private_ip_address = aws_network_interface.embassy.private_ip_list[count.index]
|
|
}
|
|
|
|
resource "ansible_host" "embassy" {
|
|
# any of the public ips will work
|
|
name = aws_eip.eip[0].public_ip
|
|
groups = ["embassy"]
|
|
}
|