65 lines
1.5 KiB
HCL
65 lines
1.5 KiB
HCL
data "aws_vpc" "main" {
|
|
tags = { Name = "Main" }
|
|
}
|
|
|
|
data "aws_subnet" "public" {
|
|
tags = { SubnetOf = "Main", SubnetType = "Public" }
|
|
}
|
|
|
|
# An instance profile for access via AWS SSM.
|
|
data "aws_iam_instance_profile" "ssm" {
|
|
name = "SSMInstanceProfile"
|
|
}
|
|
|
|
data "aws_security_group" "public" {
|
|
tags = { GroupOf = "Main", GroupType = "Public" }
|
|
}
|
|
|
|
data "aws_route_table" "public" {
|
|
tags = { TableOf = "Main", TableType = "Public" }
|
|
}
|
|
|
|
# Give the private subnet full access to the internet, too.
|
|
module "fck-nat" {
|
|
source = "RaJiska/fck-nat/aws"
|
|
|
|
name = "NatInstance"
|
|
vpc_id = data.aws_vpc.main.id
|
|
subnet_id = data.aws_subnet.public.id
|
|
instance_type = "t4g.nano"
|
|
|
|
update_route_table = true
|
|
route_table_id = data.aws_route_table.public.id
|
|
|
|
tags = {
|
|
Name = "Codebase: Nat"
|
|
}
|
|
}
|
|
|
|
# An elastic IP, so if the reverse proxy is modified, the route tables won't.
|
|
resource "aws_eip" "public" {
|
|
instance = aws_instance.proxy.id
|
|
domain = "vpc"
|
|
}
|
|
|
|
# The reverse proxy.
|
|
resource "aws_instance" "proxy" {
|
|
ami = "ami-0adec96dc0cdc7bca"
|
|
instance_type = "t4g.nano"
|
|
subnet_id = data.aws_subnet.public.id
|
|
vpc_security_group_ids = [data.aws_security_group.public.id]
|
|
|
|
user_data = file("install.sh")
|
|
user_data_replace_on_change = true
|
|
|
|
iam_instance_profile = data.aws_iam_instance_profile.ssm.name
|
|
|
|
root_block_device {
|
|
volume_type = "gp3"
|
|
volume_size = 8
|
|
}
|
|
|
|
tags = {
|
|
Name = "Codebase: Reverse Proxy"
|
|
}
|
|
} |