Added the start of the terraform piece for air-gap development.

dea0ac59 · Eric Goode · 621ca5cd · dea0ac59 · dea0ac59
Commit dea0ac59 authored 3 years ago by Eric Goode
--- a/docs/airgap/developer/terraform/README.tf
+++ b/docs/airgap/developer/terraform/README.tf
+Terraform that creates a new VPC and two subnets. One subnet is public the other is airgapped except for access to/from the public subnet. This allows for a jump box or other resources to be easily moved in and out of the public subnet for setting up your development environment for the private subnet.
+
--- a/docs/airgap/developer/terraform/main.tf
+++ b/docs/airgap/developer/terraform/main.tf
 # Locals
 locals {
-  az = "${format("%s%s", var.region_id, "a")}"
+  az = format("%s%s", var.region_id, "a")
 }

 # Provider
 provider "aws" {
-  profile = "${var.profile_id}"
-  region  = "${var.region_id}"
+  profile = var.profile_id
+  region  = var.region_id
 }

 # Vpc
@@ -15,15 +15,15 @@ resource "aws_vpc" "airgap_vpc" {
  enable_dns_hostnames = true

  tags = {
-    Name = "${var.cluster_id}-vpc"
+    Name = "${var.cluster_id}-${random_string.random.result}-vpc"
  }
 }

 # Public subnet
 resource "aws_subnet" "public" {
-  vpc_id = "${aws_vpc.airgap_vpc.id}"
+  vpc_id = aws_vpc.airgap_vpc.id
  cidr_block = "10.0.0.0/24"
-  availability_zone = "${local.az}"
+  availability_zone = local.az

  tags = {
    Name = "airgap-public-subnet"
@@ -32,7 +32,7 @@ resource "aws_subnet" "public" {

 # Igw
 resource "aws_internet_gateway" "airgap_vpc_igw" {
-  vpc_id = "${aws_vpc.airgap_vpc.id}"
+  vpc_id = aws_vpc.airgap_vpc.id

  tags = {
    Name = "airgap-igw"
@@ -41,11 +41,11 @@ resource "aws_internet_gateway" "airgap_vpc_igw" {

 # Public route table
 resource "aws_route_table" "airgap_vpc_region_public" {
-    vpc_id = "${aws_vpc.airgap_vpc.id}"
+    vpc_id = aws_vpc.airgap_vpc.id

    route {
        cidr_block = "0.0.0.0/0"
-        gateway_id = "${aws_internet_gateway.airgap_vpc_igw.id}"
+        gateway_id = aws_internet_gateway.airgap_vpc_igw.id
    }

    tags = {
@@ -55,15 +55,15 @@ resource "aws_route_table" "airgap_vpc_region_public" {

 # Public route table associations
 resource "aws_route_table_association" "airgap_vpc_region_public" {
-    subnet_id = "${aws_subnet.public.id}"
-    route_table_id = "${aws_route_table.airgap_vpc_region_public.id}"
+    subnet_id = aws_subnet.public.id
+    route_table_id = aws_route_table.airgap_vpc_region_public.id
 }

 # Private subnet
 resource "aws_subnet" "private" {
-  vpc_id     = "${aws_vpc.airgap_vpc.id}"
+  vpc_id     = aws_vpc.airgap_vpc.id
  cidr_block = "10.0.2.0/24"
-  availability_zone = "${local.az}"
+  availability_zone = local.az

  tags = {
    Name = "airgap-private-subnet"
@@ -72,7 +72,7 @@ resource "aws_subnet" "private" {

 # Private routing table
 resource "aws_route_table" "airgap_vpc_region_private" {
-    vpc_id = "${aws_vpc.airgap_vpc.id}"
+    vpc_id = aws_vpc.airgap_vpc.id

    tags = {
        Name = "airgap-private-rt"
@@ -81,27 +81,35 @@ resource "aws_route_table" "airgap_vpc_region_private" {

 # Private routing table association
 resource "aws_route_table_association" "airgap_vpc_region_private" {
-    subnet_id = "${aws_subnet.private.id}"
-    route_table_id = "${aws_route_table.airgap_vpc_region_private.id}"
+    subnet_id = aws_subnet.private.id
+    route_table_id = aws_route_table.airgap_vpc_region_private.id
 }

 # Output
-output "connection_details" {
-  value = <<EOF
+#output "connection_details" {
+#  value = <<EOF

-    Use the following to connect to the bootstrap node and enjoy the ride...
+#    Use the following to connect to the bootstrap node and enjoy the ride...

-    ssh -J ${var.image_username}@${aws_instance.staging_instance.public_ip} ${var.image_username}@${aws_instance.bootstrap_instance.private_ip}
+ #   ssh -J ${var.image_username}@${aws_instance.staging_instance.public_ip} ${var.image_username}@${aws_instance.bootstrap_instance.private_ip}

-  EOF
-}
+#  EOF
+#}

-output "public_ip" {
-  description = "List of public IP addresses assigned to the instances, if applicable"
-  value       = "${aws_instance.staging_instance.*.public_ip}"
-}
+#output "public_ip" {
+#  description = "List of public IP addresses assigned to the instances, if applicable"
+#  value       = "${aws_instance.staging_instance.*.public_ip}"
+#}
+
+#output "private_ip" {
+#  description = "List of private IP addresses assigned to the instances, if applicable"
+#  value       = "${aws_instance.bootstrap_instance.*.private_ip}"
+#}
+
+output "follow_up" {
+    value = <<EOF
+    
+    Nothing to see here but I have finished.

-output "private_ip" {
-  description = "List of private IP addresses assigned to the instances, if applicable"
-  value       = "${aws_instance.bootstrap_instance.*.private_ip}"
+    EOF
 }