52 lines
1.7 KiB
HCL
52 lines
1.7 KiB
HCL
resource "aws_key_pair" "xpk-kp1" {
|
|
public_key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGiM5WTFNTa31Cm5CmOcw493T9vQ3GxeHP1AjfcomhHK kn@ism"
|
|
tags = local.default-tags
|
|
}
|
|
|
|
module "headdesk-ec2" {
|
|
source = "../../modules/compute/ec2"
|
|
|
|
additional_tags = {}
|
|
# Rocky9 ARM
|
|
ami-id = "ami-0f516dde04bd55b1a"
|
|
asso-eip = true
|
|
# setting to false requires replacement during terraform apply
|
|
asso-public-ip = true
|
|
default-tags = local.default-tags
|
|
ebs-encrypted = true
|
|
instance-name = "${local.resource-prefix}-mailwww"
|
|
instance-type = "t4g.small"
|
|
key-name = aws_key_pair.xpk-kp1.key_name
|
|
root-volume-size = 30
|
|
security-groups = module.headdesk-sg.sg-ids
|
|
subnet-id = module.vpc-subnet.public-subnet-ids[1]
|
|
}
|
|
|
|
module "headdesk-sg" {
|
|
source = "../../modules/compute/security-groups"
|
|
|
|
security-groups = [
|
|
{
|
|
name = "WebAccess"
|
|
description = "Public web access"
|
|
rules = [
|
|
[1, "tcp", "0.0.0.0/0", "80", "80", "ingress", "web"],
|
|
[2, "tcp", "0.0.0.0/0", "443", "443", "ingress", "web"],
|
|
[3, "tcp", "0.0.0.0/0", "25", "25", "ingress", "mail"],
|
|
[4, "tcp", "0.0.0.0/0", "587", "587", "ingress", "mail"],
|
|
[5, "tcp", "0.0.0.0/0", "11993", "11993", "ingress", "mail"],
|
|
[6, "-1", "0.0.0.0/0", "0", "0", "egress", "Allow outbound traffic"],
|
|
[7, "tcp", "0.0.0.0/0", "2201", "2201", "ingress", "ssh"]
|
|
]
|
|
},
|
|
{
|
|
name = "MgmtAccess"
|
|
description = "Allow management access"
|
|
rules = [
|
|
[1, "tcp", "223.18.148.85/32", "22", "22", "ingress", "xpk"]
|
|
]
|
|
}
|
|
]
|
|
tags = local.default-tags
|
|
vpc-id = module.vpc-subnet.vpc_id
|
|
} |