resource "aws_vpc" "epicyon_vpc" {
cidr_block = var.vpc_cidr_block
tags = {
Name = "epicyon_vpc"
}
}
resource "aws_subnet" "epicyon_subnet" {
vpc_id = aws_vpc.epicyon_vpc.id
cidr_block = var.subnet_cidr
tags = {
Name = "epicyon_subnet"
}
}
resource "aws_internet_gateway" "epicyon_gw" {
vpc_id = aws_vpc.epicyon_vpc.id
tags = {
Name = "epicyon_gw"
}
}
resource "aws_route_table" "epicyon_route_table" {
vpc_id = aws_vpc.epicyon_vpc.id
route {
cidr_block = var.route_cidr_block
gateway_id = aws_internet_gateway.epicyon_gw.id
}
}
resource "aws_route_table_association" "epicyon_route_table_association" {
subnet_id = aws_subnet.epicyon_subnet.id
route_table_id = aws_route_table.epicyon_route_table.id
}
resource "aws_security_group" "epicyon_sg" {
name = "epicyon_sg"
description = "Allow all incoming traffic"
vpc_id = aws_vpc.epicyon_vpc.id
dynamic "ingress" {
for_each = toset(var.domain == "" ? [8080] : [80, 443])
content {
cidr_blocks = [
"0.0.0.0/0"
]
from_port = ingress.value
to_port = ingress.value
protocol = "tcp"
}
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
data "aws_ami" "ubuntu" {
most_recent = true
filter {
name = "name"
values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"]
}
filter {
name = "virtualization-type"
values = ["hvm"]
}
owners = ["099720109477"]
}
resource "aws_instance" "epicyon_web" {
ami = data.aws_ami.ubuntu.id
iam_instance_profile = aws_iam_instance_profile.epicyon_instance_profile.id
instance_type = var.instance_type
associate_public_ip_address = true
subnet_id = aws_subnet.epicyon_subnet.id
vpc_security_group_ids = [aws_security_group.epicyon_sg.id]
key_name = var.key_name
tags = {
Name = "epicyon_web"
}
}
resource "aws_route53_record" "epicyon_route53" {
zone_id = var.zone_id
name = var.domain
type = "A"
ttl = 300
records = [aws_instance.epicyon_web.public_ip]
depends_on = [aws_instance.epicyon_web]
}
resource "aws_iam_role" "epicyon_iam_role" {
name = "epicyon_iam_role"
assume_role_policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = "sts:AssumeRole"
Effect = "Allow"
Sid = ""
Principal = {
Service = "ec2.amazonaws.com"
}
},
]
})
resource "aws_iam_instance_profile" "epicyon_instance_profile" {
name = var.profile
role = aws_iam_role.epicyon_role.id
}
resource "aws_iam_policy_attachment" "epicyon" {
name = format("%s-attachment", epicyon)
roles = [aws_iam_role.epicyon_role.id]
policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
}
resource "aws_eip" "epicyon" {
instance = aws_instance.epicyon_web.id
vpc = true
}
resource "aws_eip_association" "epicyon" {
instance_id = aws_instance.epicyon_web.id
allocation_id = aws_eip.elastic.id
}
resource "null_resource" "null_resource_epicyon" {
depends_on=[aws_route53_record.epicyon_route53]
triggers = {
id = timestamp()
}
connection {
agent = false
type = "ssh"
host = [aws_instance.epicyon_web.public_ip]
private_key = file(var.private_key)
user = "ubuntu"
}
provisioner "file" {
source = "./templates/startup.sh"
destination = "~/startup.sh"
}
provisioner "remote-exec" {
inline = [
"chmod +x ~/startup.sh",
"export domain=${var.epicyon_domain}",
"export email=${var.email}",
"bash ~/startup.sh"
]
}
}