EC2

resource "tls_private_key" "pk" { algorithm = "RSA" rsa_bits = 4096 } resource "aws_key_pair" "key_pair" { key_name = "wsi-key" public_key = tls_private_key.pk.public_key_openssh } resource "local_file" "ssh_key" { filename = "wsi-key.pem" content = tls_private_key.pk.private_key_pem } resource "aws_security_group" "bastion_sg" { name = "wsi-bastion-sg" vpc_id = aws_vpc.main.id ingress { protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] from_port = "22" to_port = "22" } ingress { protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] from_port = "8080" to_port = "8080" } egress { protocol = "-1" cidr_blocks = ["0.0.0.0/0"] from_port = "0" to_port = "0" } tags = { Name = "wsi-bastion-sg" } } resource "aws_security_group" "wsi_app_sg" { name = "wsi-app-sg" vpc_id = aws_vpc.main.id ingress { protocol = "tcp" security_groups = [aws_security_group.bastion_sg.id, aws_security_group.alb_sg.id] from_port = "22" to_port = "22" } ingress { protocol = "tcp" security_groups = [aws_security_group.bastion_sg.id, aws_security_group.alb_sg.id] from_port = "8080" to_port = "8080" } egress { protocol = "-1" cidr_blocks = ["0.0.0.0/0"] from_port = "0" to_port = "0" } tags = { Name = "wsi-app-sg" } } resource "aws_security_group" "alb_sg" { name = "wsi-alb-sg" vpc_id = aws_vpc.main.id ingress { protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] from_port = "80" to_port = "80" } egress { protocol = "-1" cidr_blocks = ["0.0.0.0/0"] from_port = "0" to_port = "0" } tags = { Name = "wsi-alb-sg" } } resource "aws_instance" "bastion_ec2" { ami = "ami-070e986143a3041b6" instance_type = "t3.small" subnet_id = aws_subnet.public_a.id iam_instance_profile = aws_iam_instance_profile.wsi-bastion-profile.name key_name = aws_key_pair.key_pair.key_name associate_public_ip_address = true vpc_security_group_ids = [ aws_security_group.bastion_sg.id ] tags = { Name = "wsi-bastion" } user_data = file("./bastion-userdata.sh") } resource "aws_instance" "wsi_app" { ami = "ami-070e986143a3041b6" instance_type = "c5.large" count = 2 subnet_id = aws_subnet.private_a.id iam_instance_profile = aws_iam_instance_profile.wsi-app-profile.name key_name = aws_key_pair.key_pair.key_name associate_public_ip_address = false vpc_security_group_ids = [ aws_security_group.wsi_app_sg.id ] tags = { Name = "wsi-app" "wsi:deploy:group" = "wsi" } user_data = file("./wsi-app-userdata.sh") }