Merge pull request 'Reimplementation worked. all nonscript issues fixed and some changes introduced' (#1) from test-1-reimplementation into master
Reviewed-on: Madmin/HC-vault-on-aws-FORK#1
This commit is contained in:
commit
0af8349c53
|
@ -4,8 +4,8 @@
|
||||||
resource "aws_instance" "bastion" {
|
resource "aws_instance" "bastion" {
|
||||||
count = var.operator_mode ? 1 : 0
|
count = var.operator_mode ? 1 : 0
|
||||||
|
|
||||||
ami = var.use_lastest_ami ? data.aws_ssm_parameter.latest_ami.value : "ami-0323c3dd2da7fb37d"
|
ami = var.use_latest_ami ? data.aws_ssm_parameter.latest_ami.value : var.ami_id
|
||||||
instance_type = "t2.micro"
|
instance_type = var.bastion_instance_type
|
||||||
key_name = var.ec2_key_pair_name
|
key_name = var.ec2_key_pair_name
|
||||||
vpc_security_group_ids = [aws_security_group.bastion.id]
|
vpc_security_group_ids = [aws_security_group.bastion.id]
|
||||||
subnet_id = aws_subnet.public[0].id
|
subnet_id = aws_subnet.public[0].id
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
# EC2 Data
|
# EC2 Data
|
||||||
|
|
||||||
data "aws_ssm_parameter" "latest_ami" {
|
data "aws_ssm_parameter" "latest_ami" {
|
||||||
name = "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2"
|
name = "/aws/service/debian/release/12/latest/amd64"
|
||||||
}
|
}
|
|
@ -1,7 +1,7 @@
|
||||||
# EC2 Launch Template
|
# EC2 Launch Template
|
||||||
resource "aws_launch_template" "vault_instance" {
|
resource "aws_launch_template" "vault_instance" {
|
||||||
name_prefix = "${var.main_project_tag}-lt-"
|
name_prefix = "${var.main_project_tag}-lt-"
|
||||||
image_id = var.use_lastest_ami ? data.aws_ssm_parameter.latest_ami.value : "ami-0323c3dd2da7fb37d"
|
image_id = var.use_latest_ami ? data.aws_ssm_parameter.latest_ami.value : var.ami_id
|
||||||
instance_type = var.vault_instance_type
|
instance_type = var.vault_instance_type
|
||||||
key_name = var.ec2_key_pair_name
|
key_name = var.ec2_key_pair_name
|
||||||
vpc_security_group_ids = [aws_security_group.vault_instance.id]
|
vpc_security_group_ids = [aws_security_group.vault_instance.id]
|
||||||
|
|
22
providers.tf
22
providers.tf
|
@ -1,4 +1,20 @@
|
||||||
provider "aws" {
|
terraform {
|
||||||
region = var.aws_default_region
|
required_version = ">= 1.0"
|
||||||
profile = var.aws_profile
|
required_providers {
|
||||||
|
aws = {
|
||||||
|
source = "hashicorp/aws"
|
||||||
|
version = "~> 5.38.0"
|
||||||
|
}
|
||||||
|
random = {
|
||||||
|
source = "hashicorp/random"
|
||||||
|
version = "~> 3.5"
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
provider "aws" {
|
||||||
|
region = var.aws_default_region
|
||||||
|
profile = var.aws_profile
|
||||||
|
}
|
||||||
|
|
||||||
|
provider "random" {
|
||||||
|
}
|
|
@ -8,6 +8,9 @@ ec2_key_pair_name = "vault_key_pair"
|
||||||
|
|
||||||
### OPTIONAL VARIABLES
|
### OPTIONAL VARIABLES
|
||||||
|
|
||||||
|
# Use latest ami id
|
||||||
|
# use_latest_ami = false
|
||||||
|
|
||||||
# Version
|
# Version
|
||||||
# vault_version = "1.15.5"
|
# vault_version = "1.15.5"
|
||||||
|
|
||||||
|
|
16
variables.tf
16
variables.tf
|
@ -46,6 +46,12 @@ variable "vault_version" {
|
||||||
default = "1.15.5"
|
default = "1.15.5"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
variable "bastion_instance_type" {
|
||||||
|
description = "The EC2 instance size of the bastion server."
|
||||||
|
type = string
|
||||||
|
default = "t3.micro"
|
||||||
|
}
|
||||||
|
|
||||||
# Operator Mode
|
# Operator Mode
|
||||||
## Turning this on will enable NAT and Bastion to access the Vault Instances
|
## Turning this on will enable NAT and Bastion to access the Vault Instances
|
||||||
|
|
||||||
|
@ -152,12 +158,18 @@ variable "vault_instance_count" {
|
||||||
|
|
||||||
# EC2 - AMI
|
# EC2 - AMI
|
||||||
|
|
||||||
variable "use_lastest_ami" {
|
variable "use_latest_ami" {
|
||||||
description = "Whether or not to use the latest version of Amazon Linux 2. Defaults to false and uses a version that is known to work with this deployment."
|
description = "Whether or not to use the latest version. Defaults to false and uses a version that is known to work with this deployment."
|
||||||
type = bool
|
type = bool
|
||||||
default = false
|
default = false
|
||||||
}
|
}
|
||||||
|
|
||||||
|
variable "ami_id" {
|
||||||
|
description = "The AMI ID to use for the Vault instances. Defaults to Debian 12 x86_64."
|
||||||
|
type = string
|
||||||
|
default = "ami-0506d6d51f1916a96"
|
||||||
|
}
|
||||||
|
|
||||||
# DynamoDB
|
# DynamoDB
|
||||||
|
|
||||||
variable "dynamodb_table_name" {
|
variable "dynamodb_table_name" {
|
||||||
|
|
Loading…
Reference in New Issue