Initial commit

.gitignore

@@ -0,0 +1,8 @@
+# terraform
+terraform.tfvars
+
+.terraform
+terraform.tfstate
+terraform.tfstate.backup
+.terraform.tfstate.lock.info
+.terraform.lock.hcl

modules/bastion_host/main.tf

@@ -0,0 +1,65 @@
+data "aws_ami" "amazon-linux" {
+  most_recent = true
+
+  filter {
+    name   = "name"
+    values = ["amzn2-ami-*-gp2"]
+  }
+
+  filter {
+    name   = "architecture"
+    values = ["x86_64"]
+  }
+
+  filter {
+    name   = "virtualization-type"
+    values = ["hvm"]
+  }
+
+  owners = ["amazon"]
+}
+
+resource "aws_security_group" "this" {
+  name = "bastion-host-sg"
+
+  vpc_id = var.VPC_ID
+
+  ingress {
+    description = "SSH"
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_network_interface" "this" {
+  subnet_id = var.SUBNET_ID
+  security_groups = [aws_security_group.this.id]
+
+  tags = {
+    Name = "bastion-host-nic"
+  }
+}
+
+resource "aws_instance" "this" {
+  ami           = data.aws_ami.amazon-linux.id
+  instance_type = var.INSTANCE_TYPE
+  key_name = var.KEY_NAME
+
+  network_interface {
+    network_interface_id = aws_network_interface.this.id
+    device_index         = 0
+  }
+
+  tags = {
+    Name = var.INSTANCE_NAME
+  }
+}

modules/bastion_host/outputs.tf

@@ -0,0 +1,11 @@
+output "bastion_host_name" {
+  value = aws_instance.this.id
+}
+
+output "bastion_host_private_ip" {
+  value = aws_instance.this.private_ip
+}
+
+output "bastion_host_public_ip" {
+  value = aws_instance.this.public_ip
+}

modules/bastion_host/variables.tf

@@ -0,0 +1,20 @@
+variable "VPC_ID" {
+  type = string
+}
+
+variable "SUBNET_ID" {
+  type = string
+}
+
+variable "INSTANCE_TYPE" {
+  type = string
+  default = "t2.micro"
+}
+
+variable "INSTANCE_NAME" {
+  type = string
+}
+
+variable "KEY_NAME" {
+  type = string
+}

modules/vpc_data/main.tf

@@ -0,0 +1,41 @@
+data "aws_vpc" "vpc" {
+  tags = {
+    Name = var.VPC_NAME
+  }
+}
+
+data "aws_subnets" "private_subnets" {
+  filter {
+    name   = "vpc-id"
+    values = [data.aws_vpc.vpc.id]
+  }
+
+  filter {
+    name   = "tag:Name"
+    values = ["${var.VPC_NAME}-private*"]
+  }
+}
+
+data "aws_subnets" "public_subnets" {
+  filter {
+    name   = "vpc-id"
+    values = [data.aws_vpc.vpc.id]
+  }
+
+  filter {
+    name   = "tag:Name"
+    values = ["${var.VPC_NAME}-public*"]
+  }
+}
+
+data "aws_subnet" "bastion_host_subnet" {
+  filter {
+    name   = "vpc-id"
+    values = [data.aws_vpc.vpc.id]
+  }
+
+  filter {
+    name   = "tag:Name"
+    values = ["${var.VPC_NAME}-public-${var.BASTION_HOST_AZ}"]
+  }
+}

modules/vpc_data/outputs.tf

@@ -0,0 +1,15 @@
+output "vpc" {
+  value = data.aws_vpc.vpc
+}
+
+output "public_subnets" {
+  value = data.aws_subnets.public_subnets
+}
+
+output "private_subnets" {
+  value = data.aws_subnets.private_subnets
+}
+
+output "bastion_host_subnet" {
+  value = data.aws_subnet.bastion_host_subnet
+}

modules/vpc_data/variables.tf

@@ -0,0 +1,7 @@
+variable "VPC_NAME" {
+  type = string
+}
+
+variable "BASTION_HOST_AZ" {
+  type = string
+}

prod/main.tf

@@ -0,0 +1,46 @@
+provider "aws" {
+  profile = "default"
+  region  = var.REGION
+}
+
+# Create VPC with NAT Gateway and route tables
+module "vpc" {
+  source = "terraform-aws-modules/vpc/aws"
+  version = "3.14.2"
+
+  name = var.DEMO_VPC_NAME
+  cidr = var.DEMO_VPC_CIDR
+
+  azs             = var.DEMO_VPC_AVAILABILITY_ZONES
+  private_subnets = var.DEMO_VPC_PRIVATE_SUBNET_CIDRS
+  public_subnets  = var.DEMO_VPC_PUBLIC_SUBNET_CIDRS
+
+  enable_nat_gateway = true
+  single_nat_gateway = true
+  one_nat_gateway_per_az = false
+
+  tags = {
+    Terraform = "true"
+    Project = var.PROJECT_TAG
+  }
+}
+
+# Get VPC data
+module "vpc_data" {
+  depends_on = [module.vpc]
+  source = "../modules/vpc_data"
+
+  VPC_NAME = var.DEMO_VPC_NAME
+  BASTION_HOST_AZ = var.DEMO_BASTION_HOST_AZ
+}
+
+# Create bastion host
+module "bastion_host" {
+  source = "../modules/bastion_host"
+
+  VPC_ID        = module.vpc_data.vpc.id
+  SUBNET_ID     = module.vpc_data.bastion_host_subnet.id
+  INSTANCE_TYPE = var.DEMO_BASTION_HOST_TYPE
+  INSTANCE_NAME = var.DEMO_BASTION_HOST_NAME
+  KEY_NAME      = var.DEMO_BASTION_HOST_KEY_NAME
+}

prod/outputs.tf

@@ -0,0 +1,23 @@
+output "demo_vpc_id" {
+  value       = module.vpc_data.vpc.id
+}
+
+output "public_subnets" {
+  value = module.vpc_data.public_subnets.ids
+}
+
+output "private_subnets" {
+  value = module.vpc_data.private_subnets.ids
+}
+
+output "demo_bastion_host_subnet_id" {
+  value       = module.vpc_data.bastion_host_subnet.id
+}
+
+output "demo_bastion_host_private_ip" {
+  value = module.bastion_host.bastion_host_private_ip
+}
+
+output "demo_bastion_host_public_ip" {
+  value = module.bastion_host.bastion_host_public_ip
+}

prod/variables.tf

@@ -0,0 +1,49 @@
+# General
+variable "REGION" {
+  type    = string
+  default = "eu-west-3"
+}
+
+variable "PROJECT_TAG" {
+  type = string
+}
+
+# DEMO_VPC (network, network_data)
+variable "DEMO_VPC_NAME" {
+  type = string
+}
+
+variable "DEMO_VPC_CIDR" {
+  type    = string
+  default = "10.0.0.0/24"
+}
+
+variable "DEMO_VPC_AVAILABILITY_ZONES" {
+  type = list(string)
+}
+
+variable "DEMO_VPC_PRIVATE_SUBNET_CIDRS" {
+  type = list(string)
+}
+
+variable "DEMO_VPC_PUBLIC_SUBNET_CIDRS" {
+  type = list(string)
+}
+
+# Bastion host (bastion_host)
+variable "DEMO_BASTION_HOST_TYPE" {
+  type    = string
+  default = "t2.micro"
+}
+
+variable "DEMO_BASTION_HOST_NAME" {
+  type = string
+}
+
+variable "DEMO_BASTION_HOST_KEY_NAME" {
+  type = string
+}
+
+variable "DEMO_BASTION_HOST_AZ" {
+  type = string
+}

prod/versions.tf

@@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 3"
+    }
+  }
+}