175 lines
4.4 KiB
HCL
175 lines
4.4 KiB
HCL
# Create the VPC
|
|
resource "aws_vpc" "vpc" {
|
|
cidr_block = var.vpc_cidr
|
|
enable_dns_hostnames = true
|
|
}
|
|
|
|
# Define the public subnet
|
|
resource "aws_subnet" "public-subnet" {
|
|
vpc_id = aws_vpc.vpc.id
|
|
cidr_block = var.public_subnet_cidr
|
|
}
|
|
|
|
# Define the internet gateway
|
|
resource "aws_internet_gateway" "gw" {
|
|
vpc_id = aws_vpc.vpc.id
|
|
}
|
|
|
|
# Define the public route table
|
|
resource "aws_route_table" "public-rt" {
|
|
vpc_id = aws_vpc.vpc.id
|
|
route {
|
|
cidr_block = "0.0.0.0/0"
|
|
gateway_id = aws_internet_gateway.gw.id
|
|
}
|
|
}
|
|
|
|
# Assign the public route table to the public subnet
|
|
resource "aws_route_table_association" "public-rt-association" {
|
|
subnet_id = aws_subnet.public-subnet.id
|
|
route_table_id = aws_route_table.public-rt.id
|
|
}
|
|
|
|
# Generates a secure private key and encodes it as PEM
|
|
resource "tls_private_key" "key_pair" {
|
|
algorithm = "RSA"
|
|
rsa_bits = 4096
|
|
}
|
|
|
|
# Create the Key Pair
|
|
resource "aws_key_pair" "key_pair" {
|
|
key_name = "${lower(var.app_name)}-${lower(var.app_environment)}-windows-${lower(var.aws_region)}"
|
|
public_key = tls_private_key.key_pair.public_key_openssh
|
|
}
|
|
|
|
# Save file
|
|
resource "local_file" "ssh_key" {
|
|
filename = "${aws_key_pair.key_pair.key_name}.pem"
|
|
content = tls_private_key.key_pair.private_key_pem
|
|
}
|
|
|
|
# Bootstrapping PowerShell Script
|
|
data "template_file" "windows-userdata" {
|
|
template = <<EOF
|
|
<powershell>
|
|
# Rename Machine
|
|
Rename-Computer -NewName "${var.windows_instance_name}" -Force;
|
|
|
|
# Install IIS
|
|
Install-WindowsFeature -name Web-Server -IncludeManagementTools;
|
|
|
|
# Restart machine
|
|
shutdown -r -t 10;
|
|
</powershell>
|
|
EOF
|
|
}
|
|
|
|
# Get latest Windows Server 2012R2 AMI
|
|
data "aws_ami" "windows-2012-r2" {
|
|
most_recent = true
|
|
owners = ["amazon"]
|
|
filter {
|
|
name = "name"
|
|
values = ["Windows_Server-2012-R2_RTM-English-64Bit-Base-*"]
|
|
}
|
|
}
|
|
|
|
# Get latest Windows Server 2016 AMI
|
|
data "aws_ami" "windows-2016" {
|
|
most_recent = true
|
|
owners = ["amazon"]
|
|
filter {
|
|
name = "name"
|
|
values = ["Windows_Server-2016-English-Full-Base*"]
|
|
}
|
|
}
|
|
|
|
# Get latest Windows Server 2019 AMI
|
|
data "aws_ami" "windows-2019" {
|
|
most_recent = true
|
|
owners = ["amazon"]
|
|
filter {
|
|
name = "name"
|
|
values = ["Windows_Server-2019-English-Full-Base*"]
|
|
}
|
|
}
|
|
|
|
# Get latest Windows Server 2022 AMI
|
|
data "aws_ami" "windows-2022" {
|
|
most_recent = true
|
|
owners = ["amazon"]
|
|
filter {
|
|
name = "name"
|
|
values = ["Windows_Server-2022-English-Full-Base*"]
|
|
}
|
|
}
|
|
|
|
# Create EC2 Instance
|
|
resource "aws_instance" "windows-server" {
|
|
ami = data.aws_ami.windows-2022.id
|
|
instance_type = var.windows_instance_type
|
|
subnet_id = aws_subnet.public-subnet.id
|
|
vpc_security_group_ids = [aws_security_group.aws-windows-sg.id]
|
|
associate_public_ip_address = var.windows_associate_public_ip_address
|
|
source_dest_check = false
|
|
key_name = aws_key_pair.key_pair.key_name
|
|
user_data = data.template_file.windows-userdata.rendered
|
|
|
|
# root disk
|
|
root_block_device {
|
|
volume_size = var.windows_root_volume_size
|
|
volume_type = var.windows_root_volume_type
|
|
delete_on_termination = true
|
|
encrypted = true
|
|
}
|
|
|
|
# extra disk
|
|
ebs_block_device {
|
|
device_name = "/dev/xvda"
|
|
volume_size = var.windows_data_volume_size
|
|
volume_type = var.windows_data_volume_type
|
|
encrypted = true
|
|
delete_on_termination = true
|
|
}
|
|
}
|
|
|
|
# Create Elastic IP for the EC2 instance
|
|
resource "aws_eip" "windows-eip" {
|
|
vpc = true
|
|
}
|
|
|
|
# Associate Elastic IP to Windows Server
|
|
resource "aws_eip_association" "windows-eip-association" {
|
|
instance_id = aws_instance.windows-server.id
|
|
allocation_id = aws_eip.windows-eip.id
|
|
}
|
|
|
|
# Define the security group for the Windows server
|
|
resource "aws_security_group" "aws-windows-sg" {
|
|
name = "${lower(var.app_name)}-${var.app_environment}-windows-sg"
|
|
description = "Allow incoming connections"
|
|
vpc_id = aws_vpc.vpc.id
|
|
|
|
ingress {
|
|
from_port = 80
|
|
to_port = 80
|
|
protocol = "tcp"
|
|
cidr_blocks = ["0.0.0.0/0"]
|
|
description = "Allow incoming HTTP connections"
|
|
}
|
|
|
|
ingress {
|
|
from_port = 3389
|
|
to_port = 3389
|
|
protocol = "tcp"
|
|
cidr_blocks = ["0.0.0.0/0"]
|
|
description = "Allow incoming RDP connections"
|
|
}
|
|
|
|
egress {
|
|
from_port = 0
|
|
to_port = 0
|
|
protocol = "-1"
|
|
cidr_blocks = ["0.0.0.0/0"]
|
|
}
|
|
} |