Initial commit

582fc51c · A-Gordon · 582fc51c · 582fc51c · 582fc51c · 582fc51c
Commit 582fc51c authored Oct 28, 2016 by A-Gordon
Hide whitespace changes
Inline Side-by-side

Showing with 152 additions and 0 deletions

.gitlab-ci.yml .gitlab-ci.yml +12 -0

README.md README.md +24 -0

main.tf main.tf +93 -0

userdata.yml userdata.yml +23 -0

No files found.
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
+image: alpine:latest
+
+variables:
+  TERRAFORM_URL: "https://releases.hashicorp.com/terraform/0.7.1/terraform_0.7.1_linux_amd64.zip"
+
+before_script:
+  - apk update && apk add ca-certificates && update-ca-certificates && apk add openssl
+  - wget -O /tmp/terraform.zip $TERRAFORM_URL
+  - unzip /tmp/terraform.zip -d /usr/local/bin 
+
+test:
+  script: terraform validate
--- a/README.md
+++ b/README.md
+tf_mod_aws_bastion
+==============
+A Terraform module for creating an auto scaling group for a bastion. 
+The module generates the launch configuration, the auto scaling group and two autoscaling policies. 
+
+1.) Adding a module resource to your template, e.g. `main.tf`
+
+```
+module "asg" {
+  source = "../../../../steamhaus/tf_mod_aws_ec2"
+
+  lc_name = "${var.name}-app-lc-"
+  ami_id = "${data.aws_ami.app.id}"
+  iam_instance_profile = "${module.cloudwatch_logs.profile_id}"
+  key_name = "Bastion"
+  security_groups = ["${aws_security_group.app.id}"]
+  user_data = "${data.template_file.userdata_app.rendered}"
+
+  asg_name = "${var.name}-app"
+  load_balancers = ["${module.elb.elb_id}"]
+  vpc_zone_identifier = ["${module.vpc.private_subnets}"]
+}
+```
\ No newline at end of file
--- a/main.tf
+++ b/main.tf
+variable "availability_zones" {
+  description = "List of availability zone in which the ECS cluster should reside"
+  type        = "list"
+}
+
+variable "vpc_id" {
+  description = "ID of the VPC in which the ECS cluster should reside"
+}
+
+variable "subnet_ids" {
+  description = "List of subnets in which the ECS cluster should reside"
+  type        = "list"
+}
+
+variable "image_id" {
+  description = "AMI Image ID"
+  default     = "ami-7abd0209"
+}
+
+variable "instance_type" {
+  description = "The instance type to use, e.g t2.small"
+  default     = "t2.micro"
+}
+
+variable "key_name" {
+  description = "SSH key name to use"
+  default     = "Bastion"
+}
+
+resource "aws_security_group" "bastion" {
+  name        = "Bastion"
+  vpc_id      = "${var.vpc_id}"
+  description = "Allows traffic from and to the Bastion EC2 instance"
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = -1
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  lifecycle { create_before_destroy = true }
+}
+
+data "template_file" "userdata" {
+  template = "${file("${path.module}/userdata.yml")}"
+  vars {}
+}
+
+resource "aws_launch_configuration" "bastion" {
+  name_prefix = "${format("%s-", "Bastion")}"
+
+  image_id             = "${var.image_id}"
+  instance_type        = "${var.instance_type}"
+  key_name             = "${var.key_name}"
+  security_groups      = ["${aws_security_group.bastion.id}"]
+  user_data            = "${data.template_file.userdata.rendered}"
+
+  lifecycle { create_before_destroy = true }
+}
+
+resource "aws_autoscaling_group" "bastion" {
+  name                 = "Bastion - ${aws_launch_configuration.bastion.name}"
+  availability_zones   = ["${var.availability_zones}"]
+  vpc_zone_identifier  = ["${var.subnet_ids}"]
+  launch_configuration = "${aws_launch_configuration.bastion.id}"
+  min_size             = "1"
+  max_size             = "1"
+  desired_capacity     = "1"
+
+  tag {
+    key = "Name"
+    value = "Bastion"
+    propagate_at_launch = true
+  }
+
+  lifecycle { create_before_destroy = true }
+}
+
+#############################################################################################################
+# Outputs
+#############################################################################################################
+output "security_group" {
+    value = "${aws_security_group.bastion.id}"
+}
\ No newline at end of file
--- a/userdata.yml
+++ b/userdata.yml
+#cloud-config
+users:
+  - default
+  - name: steamhaus
+    sudo: ALL=(ALL) NOPASSWD:ALL
+
+runcmd:
+  - [ yum, install, wget, -y ]
+  - [ ls, -l, / ]
+  - [ mkdir, -p, /home/steamhaus/bin ]
+  - [ mkdir, -p, /home/steamhaus/.ssh ]
+  - [ wget, --no-check-certificate, 'https://gist.githubusercontent.com/chrisfu/87b642951aadafa62b99/raw/sh_pubkey_update.sh', -O, /home/steamhaus/bin/sh_pubkey_update.sh ]
+  - [ sed, -i, 's/`whoami`/steamhaus/g', /home/steamhaus/bin/sh_pubkey_update.sh ]
+  - [ chmod, 755, /home/steamhaus/bin/sh_pubkey_update.sh ]
+  - [ chmod, 700, /home/steamhaus/.ssh ]
+  - [ /home/steamhaus/bin/sh_pubkey_update.sh ]
+  - [ chown, -R, 'steamhaus:', /home/steamhaus/ ]
+
+write_files:
+  - owner: root:root
+    path: /var/spool/cron/steamhaus
+    content: 0 1 * * * /home/steamhaus/bin/sh_pubkey_update.sh >/dev/null 2>&1
\ No newline at end of file