feat: added proxy and reverse nat

terraform/main.tf

@@ -0,0 +1,65 @@
+data "aws_vpc" "main" {
+  tags = { Name = "Main" }
+}
+
+data "aws_subnet" "public" {
+  tags = { SubnetOf = "Main", SubnetType = "Public" }
+}
+
+# An instance profile for access via AWS SSM.
+data "aws_iam_instance_profile" "ssm" {
+  name = "SSMInstanceProfile"
+}
+
+data "aws_security_group" "public" {
+  tags = { GroupOf = "Main", GroupType = "Public" }
+}
+
+data "aws_route_table" "public" {
+  tags = { TableOf = "Main", TableType = "Public" }
+}
+
+# Give the private subnet full access to the internet, too.
+module "fck-nat" {
+  source = "RaJiska/fck-nat/aws"
+
+  name          = "NatInstance"
+  vpc_id        = data.aws_vpc.main.id
+  subnet_id     = data.aws_subnet.public.id
+  instance_type = "t4g.nano"
+
+  update_route_table = true
+  route_table_id     = data.aws_route_table.public.id
+
+  tags = {
+    Name = "Codebase: Nat"
+  }
+}
+
+# An elastic IP, so if the reverse proxy is modified, the route tables won't.
+resource "aws_eip" "public" {
+  instance = aws_instance.proxy.id
+  domain   = "vpc"
+}
+
+# The reverse proxy.
+resource "aws_instance" "proxy" {
+  ami                    = "ami-0adec96dc0cdc7bca"
+  instance_type          = "t4g.nano"
+  subnet_id              = data.aws_subnet.public.id
+  vpc_security_group_ids = [data.aws_security_group.public.id]
+
+  user_data                   = file("install.sh")
+  user_data_replace_on_change = true
+
+  iam_instance_profile = data.aws_iam_instance_profile.ssm.name
+
+  root_block_device {
+    volume_type = "gp3"
+    volume_size = 8
+  }
+
+  tags = {
+    Name = "Codebase: Reverse Proxy"
+  }
+}