Initial infra with a couple of example machines and island

2019-12-09 12:39:21 +02:00 · 2019-12-09 12:39:21 +02:00 · e88660840e
parent 34c2ff6bb6
commit e88660840e
6 changed files with 171 additions and 0 deletions
--- a/envs/os_compatability/aws_keys/.gitignore
+++ b/envs/os_compatability/aws_keys/.gitignore
@ -0,0 +1,4 @@
+# Ignore everything in this directory
+*
+# Except this file
+!.gitignore
--- a/envs/os_compatability/terraform/config.tf
+++ b/envs/os_compatability/terraform/config.tf
@ -0,0 +1,5 @@
+provider "aws" {
+  version = "~> 2.0"
+  region  = "eu-central-1"
+  shared_credentials_file = "../aws_keys/accessKeys"
+}
--- a/envs/os_compatability/terraform/infra.tf
+++ b/envs/os_compatability/terraform/infra.tf
@ -0,0 +1,92 @@
+resource "aws_vpc" "os_compat_vpc" {
+  cidr_block = "10.0.0.0/24"
+  enable_dns_support = true
+  tags = {
+    Name = "os_compat_vpc"
+  }
+}
+
+resource "aws_internet_gateway" "os_compat_gateway" {
+  vpc_id = "${aws_vpc.os_compat_vpc.id}"
+
+  tags = {
+    Name = "os_compat_gateway"
+  }
+}
+
+// create routing table which points to the internet gateway
+resource "aws_route_table" "os_compat_route" {
+  vpc_id = "${aws_vpc.os_compat_vpc.id}"
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = "${aws_internet_gateway.os_compat_gateway.id}"
+  }
+
+  tags = {
+    Name = "os_compat_route"
+  }
+}
+
+// associate the routing table with the subnet
+resource "aws_route_table_association" "subnet-association" {
+  subnet_id      = "${aws_subnet.main.id}"
+  route_table_id = "${aws_route_table.os_compat_route.id}"
+}
+
+resource "aws_subnet" "main" {
+  vpc_id     = "${aws_vpc.os_compat_vpc.id}"
+  cidr_block = "10.0.0.0/24"
+
+  tags = {
+    Name = "Main"
+  }
+}
+
+resource "aws_security_group" "os_compat_islad" {
+  name        = "os_compat_island"
+  description = "Allow remote access to the island"
+  vpc_id      = "${aws_vpc.os_compat_vpc.id}"
+
+  ingress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  tags = {
+    Name = "os_compat_island"
+  }
+}
+
+resource "aws_security_group" "os_compat_instance" {
+  name        = "os_compat_instance"
+  description = "Disables remote access to vulnerable instances"
+  vpc_id      = "${aws_vpc.os_compat_vpc.id}"
+
+  ingress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  tags = {
+    Name = "os_compat_instance"
+  }
+}
--- a/envs/os_compatability/terraform/instance_template/main.tf
+++ b/envs/os_compatability/terraform/instance_template/main.tf
@ -0,0 +1,12 @@
+resource "aws_instance" "os_test_machine" {
+  ami           = "${var.ami}"
+  instance_type = "t2.micro"
+  private_ip = "${var.ip}"
+  subnet_id = "${data.aws_subnet.main.id}"
+  key_name = "os_compat"
+  tags = {
+    Name = "${var.name}"
+  }
+  security_groups = ["${data.aws_security_group.os_compat_instance.id}"]
+  associate_public_ip_address = false
+}
--- a/envs/os_compatability/terraform/instance_template/variables.tf
+++ b/envs/os_compatability/terraform/instance_template/variables.tf
@ -0,0 +1,17 @@
+variable "ami" {type=string}
+variable "ip" {type=string}
+variable "name" {type=string}
+variable "env_vars" {
+  type = object({
+    subnet_id = string
+    security_group_id = string
+  })
+}
+
+data "aws_subnet" "main" {
+  id = "${var.env_vars.subnet_id}"
+}
+
+data "aws_security_group" "os_compat_instance" {
+  id = "${var.env_vars.security_group_id}"
+}
--- a/envs/os_compatability/terraform/instances.tf
+++ b/envs/os_compatability/terraform/instances.tf
@ -0,0 +1,41 @@
+resource "aws_instance" "island" {
+  ami           = "ami-01cc9554aa0b4c00e"
+  instance_type = "t2.micro"
+  private_ip = "10.0.0.251"
+  subnet_id = "${aws_subnet.main.id}"
+  key_name = "os_compat"
+  tags = {
+    Name = "os_compat_ISLAND"
+  }
+  security_groups = ["${aws_security_group.os_compat_islad.id}"]
+  associate_public_ip_address = true
+  root_block_device {
+    volume_size           = "30"
+    volume_type           = "standard"
+    delete_on_termination = true
+  }
+  #associate_public_ip_address = false
+}
+
+locals {
+  env_vars = {
+    subnet_id = "${aws_subnet.main.id}"
+    security_group_id = "${aws_security_group.os_compat_instance.id}"
+  }
+}
+
+module "ubuntu_12" {
+  source = "./instance_template"
+  name = "ubuntu_12"
+  ami = "ami-003d0b1d"
+  ip = "10.0.0.6"
+  env_vars = "${local.env_vars}"
+}
+
+module "ubuntu_14" {
+  source = "./instance_template"
+  name = "ubuntu_14"
+  ami = "ami-067ee10914e74ffee"
+  ip = "10.0.0.7"
+  env_vars = "${local.env_vars}"
+}