diff --git a/scripts/terraform_pre_commit.sh b/scripts/terraform_pre_commit.sh --- a/scripts/terraform_pre_commit.sh +++ b/scripts/terraform_pre_commit.sh @@ -6,7 +6,7 @@ echo "Formatting terraform..." terraform fmt -recursive -for cfg in dev remote; do +for cfg in dev remote self-host; do pushd "$cfg" >/dev/null echo "Validating '$cfg' terraform configuration..." terraform validate diff --git a/services/terraform/self-host/.gitignore b/services/terraform/self-host/.gitignore new file mode 100644 --- /dev/null +++ b/services/terraform/self-host/.gitignore @@ -0,0 +1,35 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* +.terraform.lock.hcl + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc diff --git a/services/terraform/self-host/aws_vpc.tf b/services/terraform/self-host/aws_vpc.tf new file mode 100644 --- /dev/null +++ b/services/terraform/self-host/aws_vpc.tf @@ -0,0 +1,46 @@ +# VPC +resource "aws_vpc" "default" { + cidr_block = "172.31.0.0/16" + enable_dns_support = true + enable_dns_hostnames = true +} + +# Public Subnets +resource "aws_subnet" "public_a" { + vpc_id = aws_vpc.default.id + cidr_block = "172.31.0.0/20" + availability_zone = "us-east-2a" + map_public_ip_on_launch = true +} + +resource "aws_subnet" "public_b" { + vpc_id = aws_vpc.default.id + cidr_block = "172.31.16.0/20" + availability_zone = "us-east-2b" + map_public_ip_on_launch = true +} + +# Internet Gateway +resource "aws_internet_gateway" "default" { + vpc_id = aws_vpc.default.id +} + +# Route Table for Internet Gateway +resource "aws_route_table" "public_igw_route_table" { + vpc_id = aws_vpc.default.id + + route { + cidr_block = "0.0.0.0/0" + gateway_id = aws_internet_gateway.default.id + } +} + +resource "aws_route_table_association" "public_a_igw_route_association" { + subnet_id = aws_subnet.public_a.id + route_table_id = aws_route_table.public_igw_route_table.id +} + +resource "aws_route_table_association" "public_b_igw_route_association" { + subnet_id = aws_subnet.public_b.id + route_table_id = aws_route_table.public_igw_route_table.id +} diff --git a/services/terraform/self-host/main.tf b/services/terraform/self-host/main.tf new file mode 100644 --- /dev/null +++ b/services/terraform/self-host/main.tf @@ -0,0 +1,18 @@ +terraform { + backend "s3" { + region = "us-east-2" + key = "terraform.tfstate" + bucket = "self-host-keyserver-terraform" + encrypt = true + } +} + +provider "aws" { + region = "us-east-2" + + default_tags { + tags = { + managed_by = "terraform" + } + } +} diff --git a/services/terraform/self-host/providers.tf b/services/terraform/self-host/providers.tf new file mode 100644 --- /dev/null +++ b/services/terraform/self-host/providers.tf @@ -0,0 +1,8 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 5.7.0" + } + } +}