This repository has been archived by the owner on May 31, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.tf
92 lines (78 loc) · 1.9 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
terraform {
required_version = "1.3.9"
required_providers {
aws = "~> 4.66.1"
template = "~> 2.2.0"
}
}
locals {
ami_version = "v0.0.1"
}
data "aws_ami" "sec" {
filter {
name = "name"
values = ["cdo-connector*"]
}
filter {
name = "tag:version"
values = [local.ami_version]
}
filter {
name = "architecture"
values = ["x86_64"]
}
owners = ["692314432491"]
most_recent = true
}
resource "aws_security_group" "sec" {
vpc_id = var.vpc_id
name = "${var.env}-${var.instance_name}-sec-sg"
description = "Security Group that allows all egress, and ingress into UDP ports [10025, 10425] and TCP port 10125"
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 10025
to_port = 10025
protocol = "udp"
cidr_blocks = [var.cidr]
}
// netflow
ingress {
from_port = 10425
to_port = 10425
protocol = "udp"
cidr_blocks = [var.cidr]
}
ingress {
from_port = 10125
to_port = 10125
protocol = "tcp"
cidr_blocks = [var.cidr]
}
tags = merge({
Name = "${var.env}-${var.instance_name}-sec-sg"
}, var.tags)
}
data "template_file" "bootstrap" {
template = file("${path.module}/bootstrap_sec.tpl")
vars = {
cdo_bootstrap_data = var.cdo_bootstrap_data
sec_bootstrap_data = var.sec_bootstrap_data
}
}
resource "aws_instance" "sec" {
ami = data.aws_ami.sec.id
instance_type = var.instance_size
iam_instance_profile = aws_iam_instance_profile.sec-ssm-instance-profile.id
tags = merge({
Name = "${var.env}-${var.instance_name}-sec"
AMI_Version = local.ami_version
}, var.tags)
subnet_id = var.subnet_id
vpc_security_group_ids = [aws_security_group.sec.id]
user_data = data.template_file.bootstrap.rendered
}