Создать правила фаервола
#
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 3.27"
}
}
}
provider "aws" {
profile = "default"
region = "eu-central-1"
}
resource "aws_security_group" "external-egress" {
name = "external-egress"
description = "external-egress"
egress = [
{
description = "all"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = []
prefix_list_ids = []
security_groups = []
self = false
}
]
}
resource "aws_security_group" "external-ingress" {
name = "external-ingress"
description = "external-ingress"
ingress = [
{
description = "ssh"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = []
prefix_list_ids = []
security_groups = []
self = false
},
{
description = "https"
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = []
prefix_list_ids = []
security_groups = []
self = false
},
{
description = "http"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = []
prefix_list_ids = []
security_groups = []
self = false
}
]
}
Создать инстанс EC2
#
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 3.27"
}
}
}
provider "aws" {
profile = "default"
region = "eu-central-1"
}
resource "aws_instance" "external" {
provisioner "local-exec" {
command = "echo ${aws_instance.external.public_ip} > ../ansible/hosts"
}
ami = "ami-0d527b8c289b4af7f"
instance_type = "t3a.large"
availability_zone = "eu-central-1a"
key_name = aws_key_pair.external.key_name
vpc_security_group_ids = [
aws_security_group.external-ingress.id,
aws_security_group.external-egress.id
]
}
resource "aws_key_pair" "external" {
key_name = "external-key"
public_key = "ssh-ed25519 KEY"
}
resource "null_resource" "makehosts" {
provisioner "local-exec" {
command = "echo ${aws_instance.external.public_ip} > ../ansible/hosts"
}
}