102 lines
3.5 KiB
HCL
102 lines
3.5 KiB
HCL
# this is a terraform file "*.tf"
|
|
# lines starting with # are comments
|
|
# terraform is now "commercial/proprietary" hence we go with drop replacement opentofu (free software)
|
|
# Opentofu/Terraform work by writing "resources" that one wants to be created
|
|
# those resources can then
|
|
# a) be easily planned + applyed (i.e. created)
|
|
# # tofu plan -out ourplan
|
|
# # tofu apply outplan
|
|
# b) be as easily removed/deletet/destroyed
|
|
# # tofu destroy
|
|
#
|
|
# now the list of resources we would need if we make an EC2 instance
|
|
|
|
|
|
|
|
# RESOURCE 1) an "aws_key_pair", as we now it suffices to provide our public ssh-key
|
|
# as clearly we are capable of localy having a ssh-keypair setup
|
|
# or more likely even we have an ssh-agent already setup that has several
|
|
# of our ssh-keys already there. hence
|
|
# we use `ssh-add -L` command ot get the public part
|
|
resource "aws_key_pair" "our_public_ssh_key" {
|
|
|
|
# the name for the resource
|
|
key_name = "our_public_ssh_key"
|
|
|
|
# this part we fill in here:
|
|
public_key = "ssh-rsa AAAAB.............(fill in here the result of `ssh-add -L`"
|
|
|
|
}
|
|
|
|
|
|
|
|
# RESOURCE 2) an "aws_security_group" is like the rules what network connections are
|
|
# allowed for the "aws_instance" we use this resource with
|
|
resource "aws_security_group" "our_security_group" {
|
|
|
|
# rules about incoming network connections to the instance
|
|
ingress {
|
|
# allowed port(s) starting form this port number
|
|
from_port = 22
|
|
# allowed ports(s) up to this port number (here is is only SSH port 22)
|
|
to_port = 22
|
|
# the allowed protocol (i.e we allow TCP, hence prob. we are unable to ICMP ping the box)
|
|
protocol = "tcp"
|
|
# the allowed ip origins this rule applies to (0.0.0.0/0) is all ipv4 addresses "everyone"
|
|
cidr_blocks = ["0.0.0.0/0"]
|
|
}
|
|
|
|
# same can be done for limiting outgoing connections that come from
|
|
# the associated instanc
|
|
egress {
|
|
# same as above, just for outgoing
|
|
from_port = 0
|
|
to_port = 0
|
|
protocol = "-1"
|
|
cidr_blocks = ["0.0.0.0/0"]
|
|
ipv6_cidr_blocks = ["::/0"]
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
# RESOURCE 3) the "aws_instance" this is what sets up 1xinstance
|
|
#
|
|
resource "aws_instance" "ubuntu-on-t4g-nano" {
|
|
|
|
# First thing to select it the "image" (amazon machine image)
|
|
# that we want to use with our instance. (via `aws ec2 decribe-images` you will
|
|
# get a large JSON back with all images existing)
|
|
# the image we use is
|
|
# "ami-07034695835d8f3bd" is arm64 amazon ubuntu 22.04 minimal
|
|
# because ubuntu is good for testing + arm64 is the architecture of "t4g.nano" instance_type
|
|
ami = "ami-07034695835d8f3bd"
|
|
|
|
# We select the type of instance we want
|
|
# t4g.nano is cheapest hourly rate at 0.0048 USD per hour or 3.45 USD per month
|
|
# on demand pricing
|
|
# this instance type is 0.5GiB memory + 2 vCPU,
|
|
instance_type = "t4g.nano"
|
|
|
|
# clearly we want to be able to access it via ssh, hence our key is reverenced
|
|
# the one we created as "RESOURCE 1)
|
|
key_name = "our_public_ssh_key"
|
|
|
|
# Also we now use the "aws_security_group" of RESOURCE 2) above
|
|
vpc_security_group_ids = [aws_security_group.our_security_group.id]
|
|
|
|
}
|
|
|
|
|
|
# OUTPUT
|
|
# yes this is not a resource, but an output it allows us that
|
|
# the `tofu apply ourplan` command prints directly some resulting
|
|
# info (in our case the ipv4 of the machine (needed for ssh)
|
|
output "instance_ip" {
|
|
description = "The public ip for ssh access"
|
|
value = aws_instance.ubuntu-on-t4g-nano.public_ip
|
|
}
|
|
|
|
|
|
|