windows-ec2/main.tf

118 lines
3.1 KiB
Terraform
Raw Normal View History

2024-11-11 07:55:08 +00:00
# Create the VPC
resource "aws_vpc" "vpc" {
cidr_block = var.vpc_cidr
enable_dns_hostnames = true
}
# Define the public subnet
resource "aws_subnet" "public-subnet" {
vpc_id = aws_vpc.vpc.id
cidr_block = var.public_subnet_cidr
}
# Define the internet gateway
resource "aws_internet_gateway" "gw" {
vpc_id = aws_vpc.vpc.id
}
# Define the public route table
resource "aws_route_table" "public-rt" {
vpc_id = aws_vpc.vpc.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.gw.id
}
}
# Assign the public route table to the public subnet
resource "aws_route_table_association" "public-rt-association" {
subnet_id = aws_subnet.public-subnet.id
route_table_id = aws_route_table.public-rt.id
}
# Bootstrapping PowerShell Script
data "template_file" "windows-userdata" {
template = <<EOF
<powershell>
# Rename Machine
Rename-Computer -NewName "${var.windows_instance_name}" -Force;
# Install IIS
Install-WindowsFeature -name Web-Server -IncludeManagementTools;
# Restart machine
shutdown -r -t 10;
</powershell>
EOF
}
# Create EC2 Instance
resource "aws_instance" "windows-server" {
ami = data.aws_ami.windows-2019.id
instance_type = var.windows_instance_type
subnet_id = aws_subnet.public-subnet.id
vpc_security_group_ids = [aws_security_group.aws-windows-sg.id]
associate_public_ip_address = var.windows_associate_public_ip_address
source_dest_check = false
key_name = aws_key_pair.key_pair.key_name
user_data = data.template_file.windows-userdata.rendered
# root disk
root_block_device {
volume_size = var.windows_root_volume_size
volume_type = var.windows_root_volume_type
delete_on_termination = true
encrypted = true
}
# extra disk
ebs_block_device {
device_name = "/dev/xvda"
volume_size = var.windows_data_volume_size
volume_type = var.windows_data_volume_type
encrypted = true
delete_on_termination = true
}
}
# Create Elastic IP for the EC2 instance
resource "aws_eip" "windows-eip" {
vpc = true
}
# Associate Elastic IP to Windows Server
resource "aws_eip_association" "windows-eip-association" {
instance_id = aws_instance.windows-server.id
allocation_id = aws_eip.windows-eip.id
}
# Define the security group for the Windows server
resource "aws_security_group" "aws-windows-sg" {
name = "${lower(var.app_name)}-${var.app_environment}-windows-sg"
description = "Allow incoming connections"
vpc_id = aws_vpc.vpc.id
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
description = "Allow incoming HTTP connections"
}
ingress {
from_port = 3389
to_port = 3389
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
description = "Allow incoming RDP connections"
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}