55 lines
1.4 KiB
HCL
55 lines
1.4 KiB
HCL
locals {
|
|
# The IP block for the VPC.
|
|
vpc_cidr = "10.0.0.0/16"
|
|
|
|
# Here is the domain name changes.
|
|
domain_name = "maximhutz.com"
|
|
}
|
|
|
|
data "aws_availability_zones" "all" {}
|
|
|
|
# The main VPC.
|
|
module "vpc" {
|
|
source = "terraform-aws-modules/vpc/aws"
|
|
|
|
name = "Main"
|
|
cidr = local.vpc_cidr
|
|
|
|
azs = [data.aws_availability_zones.all.names[0]]
|
|
private_subnets = [cidrsubnet(local.vpc_cidr, 8, 0)]
|
|
public_subnets = [cidrsubnet(local.vpc_cidr, 8, 4)]
|
|
|
|
private_subnet_tags = { SubnetOf = "Main", SubnetType = "Private" }
|
|
public_subnet_tags = { SubnetOf = "Main", SubnetType = "Public" }
|
|
|
|
map_public_ip_on_launch = true
|
|
enable_dns_hostnames = true
|
|
enable_dns_support = true
|
|
}
|
|
|
|
# Only allow HTTP(s) and SSH traffic. Allow full access to internet.
|
|
resource "aws_security_group" "public_access" {
|
|
vpc_id = module.vpc.vpc_id
|
|
}
|
|
|
|
resource "aws_vpc_security_group_ingress_rule" "ingress" {
|
|
for_each = toset(["80", "443", "22", "2222", "81", "8080", "4321", "1234"])
|
|
|
|
security_group_id = aws_security_group.public_access.id
|
|
|
|
from_port = each.value
|
|
to_port = each.value
|
|
ip_protocol = "tcp"
|
|
cidr_ipv4 = "0.0.0.0/0"
|
|
}
|
|
|
|
resource "aws_vpc_security_group_egress_rule" "egress" {
|
|
for_each = toset(["-1"])
|
|
|
|
security_group_id = aws_security_group.public_access.id
|
|
|
|
from_port = each.value
|
|
to_port = each.value
|
|
ip_protocol = "-1"
|
|
cidr_ipv4 = "0.0.0.0/0"
|
|
} |