bastion instance and actually associate subnets to the route tables
This commit is contained in:
parent
074dab50a8
commit
2087b9fd0c
|
@ -0,0 +1,18 @@
|
||||||
|
# Bastion Server
|
||||||
|
# Only active if operator mode is turned on. Use this to SSH into
|
||||||
|
|
||||||
|
resource "aws_instance" "bastion" {
|
||||||
|
count = var.operator_mode ? 1 : 0
|
||||||
|
|
||||||
|
ami = var.use_lastest_ami ? data.aws_ssm_parameter.latest_ami.value : "ami-0323c3dd2da7fb37d"
|
||||||
|
instance_type = "t2.micro"
|
||||||
|
key_name = var.ec2_key_pair_name
|
||||||
|
vpc_security_group_ids = [aws_security_group.bastion.id]
|
||||||
|
subnet_id = aws_subnet.public[0].id
|
||||||
|
associate_public_ip_address = true
|
||||||
|
|
||||||
|
tags = merge(
|
||||||
|
{ "Name" = "${var.main_project_tag}-bastion"},
|
||||||
|
{ "Project" = var.main_project_tag }
|
||||||
|
)
|
||||||
|
}
|
|
@ -0,0 +1,5 @@
|
||||||
|
# EC2 Data
|
||||||
|
|
||||||
|
data "aws_ssm_parameter" "latest_ami" {
|
||||||
|
name = "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2"
|
||||||
|
}
|
15
variables.tf
15
variables.tf
|
@ -82,6 +82,21 @@ variable "dynamodb_table_name" {
|
||||||
default = "vault_storage"
|
default = "vault_storage"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# EC2 - General
|
||||||
|
|
||||||
|
variable "ec2_key_pair_name" {
|
||||||
|
description = "Name of an existing EC2 Key Pair that exists in the same region as your vault deployment. Needs to be made separately."
|
||||||
|
type = string
|
||||||
|
}
|
||||||
|
|
||||||
|
# EC2 - Bastion
|
||||||
|
|
||||||
|
variable "use_lastest_ami" {
|
||||||
|
description = "Whether or not to use the latest version of Amazon Linux 2. Defaults to false and uses a version that is known to work with this deployment."
|
||||||
|
type = bool
|
||||||
|
default = false
|
||||||
|
}
|
||||||
|
|
||||||
# SSL Certificate for HTTPS Access
|
# SSL Certificate for HTTPS Access
|
||||||
|
|
||||||
variable "domain_name" {
|
variable "domain_name" {
|
||||||
|
|
24
vpc.tf
24
vpc.tf
|
@ -185,6 +185,30 @@ resource "aws_subnet" "private" {
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
# Route Table Associations
|
||||||
|
|
||||||
|
## Public Subnet Route Associations
|
||||||
|
resource "aws_route_table_association" "public" {
|
||||||
|
count = var.vpc_public_subnet_count
|
||||||
|
|
||||||
|
subnet_id = element(aws_subnet.public.*.id, count.index)
|
||||||
|
route_table_id = aws_route_table.public.id
|
||||||
|
}
|
||||||
|
|
||||||
|
## Private Subnet Route Associations
|
||||||
|
resource "aws_route_table_association" "private" {
|
||||||
|
count = var.vpc_private_subnet_count
|
||||||
|
|
||||||
|
subnet_id = element(aws_subnet.private.*.id, count.index)
|
||||||
|
route_table_id = aws_route_table.private.id
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# VPC Endpoints
|
# VPC Endpoints
|
||||||
// Make safe calls to KMS and DynamoDB without leaving the VPC. Because #awsthings. C'mon. This should be default without these things.
|
// Make safe calls to KMS and DynamoDB without leaving the VPC. Because #awsthings. C'mon. This should be default without these things.
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue