# Create the VPC resource "aws_vpc" "vpc" { cidr_block = var.vpc_cidr enable_dns_hostnames = true } # Define the public subnet resource "aws_subnet" "public-subnet" { vpc_id = aws_vpc.vpc.id cidr_block = var.public_subnet_cidr } # Define the internet gateway resource "aws_internet_gateway" "gw" { vpc_id = aws_vpc.vpc.id } # Define the public route table resource "aws_route_table" "public-rt" { vpc_id = aws_vpc.vpc.id route { cidr_block = "0.0.0.0/0" gateway_id = aws_internet_gateway.gw.id } } # Assign the public route table to the public subnet resource "aws_route_table_association" "public-rt-association" { subnet_id = aws_subnet.public-subnet.id route_table_id = aws_route_table.public-rt.id } # Generates a secure private key and encodes it as PEM resource "tls_private_key" "key_pair" { algorithm = "RSA" rsa_bits = 4096 } # Create the Key Pair resource "aws_key_pair" "key_pair" { key_name = "${lower(var.app_name)}-${lower(var.app_environment)}-windows-${lower(var.aws_region)}" public_key = tls_private_key.key_pair.public_key_openssh } # Save file resource "local_file" "ssh_key" { filename = "${aws_key_pair.key_pair.key_name}.pem" content = tls_private_key.key_pair.private_key_pem } # Bootstrapping PowerShell Script data "template_file" "windows-userdata" { template = < # Rename Machine Rename-Computer -NewName "${var.windows_instance_name}" -Force; # Install IIS Install-WindowsFeature -name Web-Server -IncludeManagementTools; # Restart machine shutdown -r -t 10; EOF } # Get latest Windows Server 2012R2 AMI data "aws_ami" "windows-2012-r2" { most_recent = true owners = ["amazon"] filter { name = "name" values = ["Windows_Server-2012-R2_RTM-English-64Bit-Base-*"] } } # Get latest Windows Server 2016 AMI data "aws_ami" "windows-2016" { most_recent = true owners = ["amazon"] filter { name = "name" values = ["Windows_Server-2016-English-Full-Base*"] } } # Get latest Windows Server 2019 AMI data "aws_ami" "windows-2019" { most_recent = true owners = ["amazon"] filter { name = "name" values = ["Windows_Server-2019-English-Full-Base*"] } } # Get latest Windows Server 2022 AMI data "aws_ami" "windows-2022" { most_recent = true owners = ["amazon"] filter { name = "name" values = ["Windows_Server-2022-English-Full-Base*"] } } # Create EC2 Instance resource "aws_instance" "windows-server" { ami = data.aws_ami.windows-2022.id instance_type = var.windows_instance_type subnet_id = aws_subnet.public-subnet.id vpc_security_group_ids = [aws_security_group.aws-windows-sg.id] associate_public_ip_address = var.windows_associate_public_ip_address source_dest_check = false key_name = aws_key_pair.key_pair.key_name user_data = data.template_file.windows-userdata.rendered # root disk root_block_device { volume_size = var.windows_root_volume_size volume_type = var.windows_root_volume_type delete_on_termination = true encrypted = true } # extra disk ebs_block_device { device_name = "/dev/xvda" volume_size = var.windows_data_volume_size volume_type = var.windows_data_volume_type encrypted = true delete_on_termination = true } } # Create Elastic IP for the EC2 instance resource "aws_eip" "windows-eip" { vpc = true } # Associate Elastic IP to Windows Server resource "aws_eip_association" "windows-eip-association" { instance_id = aws_instance.windows-server.id allocation_id = aws_eip.windows-eip.id } # Define the security group for the Windows server resource "aws_security_group" "aws-windows-sg" { name = "${lower(var.app_name)}-${var.app_environment}-windows-sg" description = "Allow incoming connections" vpc_id = aws_vpc.vpc.id ingress { from_port = 80 to_port = 80 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] description = "Allow incoming HTTP connections" } ingress { from_port = 3389 to_port = 3389 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] description = "Allow incoming RDP connections" } egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } }