Provisioning an EC2 Instance Inside a VPC
In this section I will provision a new VPC and create an EC2 instance inside it. I will also create a security group to SSH into this EC2 instance.
First let's create a file with the name vars.tf,
variable "AWS_REGION" {
default = "eu-west-1"
}
variable "PATH_TO_PRIVATE_KEY" {
default = "mykey"
}
variable "PATH_TO_PUBLIC_KEY" {
default = "mykey.pub"
}
variable "AMIS" {
type = map(string)
default = {
us-east-1 = "ami-13be557e"
us-west-2 = "ami-06b94666"
eu-west-1 = "ami-844e0bf7"
}
}Then let's create a file with the name provider.tf,
provider "aws" {
region = var.AWS_REGION
}Next a file with the name key.tf,
resource "aws_key_pair" "mykeypair" {
key_name = "mykeypair"
public_key = file(var.PATH_TO_PUBLIC_KEY)
}Then let's create a file with the name vpc.tf,
# Internet VPC
resource "aws_vpc" "main" {
cidr_block = "10.0.0.0/16"
instance_tenancy = "default"
enable_dns_support = "true"
enable_dns_hostnames = "true"
enable_classiclink = "false"
tags = {
Name = "main"
}
}
# Subnets
resource "aws_subnet" "main-public-1" {
vpc_id = aws_vpc.main.id
cidr_block = "10.0.1.0/24"
map_public_ip_on_launch = "true"
availability_zone = "eu-west-1a"
tags = {
Name = "main-public-1"
}
}
resource "aws_subnet" "main-public-2" {
vpc_id = aws_vpc.main.id
cidr_block = "10.0.2.0/24"
map_public_ip_on_launch = "true"
availability_zone = "eu-west-1b"
tags = {
Name = "main-public-2"
}
}
resource "aws_subnet" "main-public-3" {
vpc_id = aws_vpc.main.id
cidr_block = "10.0.3.0/24"
map_public_ip_on_launch = "true"
availability_zone = "eu-west-1c"
tags = {
Name = "main-public-3"
}
}
resource "aws_subnet" "main-private-1" {
vpc_id = aws_vpc.main.id
cidr_block = "10.0.4.0/24"
map_public_ip_on_launch = "false"
availability_zone = "eu-west-1a"
tags = {
Name = "main-private-1"
}
}
resource "aws_subnet" "main-private-2" {
vpc_id = aws_vpc.main.id
cidr_block = "10.0.5.0/24"
map_public_ip_on_launch = "false"
availability_zone = "eu-west-1b"
tags = {
Name = "main-private-2"
}
}
resource "aws_subnet" "main-private-3" {
vpc_id = aws_vpc.main.id
cidr_block = "10.0.6.0/24"
map_public_ip_on_launch = "false"
availability_zone = "eu-west-1c"
tags = {
Name = "main-private-3"
}
}
# Internet GW
resource "aws_internet_gateway" "main-gw" {
vpc_id = aws_vpc.main.id
tags = {
Name = "main"
}
}
# route tables
resource "aws_route_table" "main-public" {
vpc_id = aws_vpc.main.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.main-gw.id
}
tags = {
Name = "main-public-1"
}
}
# route associations public
resource "aws_route_table_association" "main-public-1-a" {
subnet_id = aws_subnet.main-public-1.id
route_table_id = aws_route_table.main-public.id
}
resource "aws_route_table_association" "main-public-2-a" {
subnet_id = aws_subnet.main-public-2.id
route_table_id = aws_route_table.main-public.id
}
resource "aws_route_table_association" "main-public-3-a" {
subnet_id = aws_subnet.main-public-3.id
route_table_id = aws_route_table.main-public.id
}Next a file with the name securitygroup.tf,
resource "aws_security_group" "allow-ssh" {
vpc_id = aws_vpc.main.id
name = "allow-ssh"
description = "security group that allows ssh and all egress traffic"
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "allow-ssh"
}
}Finally a file with the name instance.tf,
resource "aws_instance" "example" {
ami = var.AMIS[var.AWS_REGION]
instance_type = "t2.micro"
# the VPC subnet
subnet_id = aws_subnet.main-public-1.id
# the security group
vpc_security_group_ids = [aws_security_group.allow-ssh.id]
# the public SSH key
key_name = aws_key_pair.mykeypair.key_name
}Last updated