[GitHub] afalko commented on a change in pull request #920: Provide an Ansible playbook for AWS with documentation (WIP)

Tue, 28 Nov 2017 10:22:51 -0800 

afalko commented on a change in pull request #920: Provide an Ansible playbook 
for AWS with documentation (WIP)
URL: https://github.com/apache/incubator-pulsar/pull/920#discussion_r153579568
 
 

 ##########
 File path: ansible/provision-pulsar-aws.tf
 ##########
 @@ -0,0 +1,117 @@
+variable "public_key_path" {
+  description = <<DESCRIPTION
+Path to the SSH public key to be used for authentication.
+Ensure this keypair is added to your local SSH agent so provisioners can
+connect.
+
+Example: ~/.ssh/terraform.pub
+DESCRIPTION
+}
+
+variable "key_name" {
+  description = "Desired name of AWS key pair"
+}
+
+variable "region" {
+    default = "us-west-2"
+}
+
+variable "ami" {
+    default = "ami-9fa343e7" // RHEL-7.4
+}
+
+provider "aws" {
+    region     = "${var.region}"
+}
+
+# Create a VPC to launch our instances into
+resource "aws_vpc" "pulsar_vpc" {
+  cidr_block = "10.0.0.0/16"
+
+  tags {
+      Name = "Pulsar-VPC"
+  }
+}
+
+# Create an internet gateway to give our subnet access to the outside world
+resource "aws_internet_gateway" "default" {
+  vpc_id = "${aws_vpc.pulsar_vpc.id}"
+}
+
+# Grant the VPC internet access on its main route table
+resource "aws_route" "internet_access" {
+  route_table_id         = "${aws_vpc.pulsar_vpc.main_route_table_id}"
+  destination_cidr_block = "0.0.0.0/0"
+  gateway_id             = "${aws_internet_gateway.default.id}"
+}
+
+# Create a subnet to launch our instances into
+resource "aws_subnet" "pulsar_subnet" {
+  vpc_id                  = "${aws_vpc.pulsar_vpc.id}"
+  cidr_block              = "10.0.0.0/24"
+  map_public_ip_on_launch = true
+}
+
+resource "aws_security_group" "pulsar_security_group" {
+  name        = "terraform"
+  vpc_id      = "${aws_vpc.pulsar_vpc.id}"
+
+  # SSH access from anywhere
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  # All ports open within the VPC
+  ingress {
 
 Review comment:
   Best practice is to open only the required ports; even within the VPC

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

Reply via email to