X-Git-Url: http://git.squeep.com/?p=awsible;a=blobdiff_plain;f=infrastructure%2Fmodules%2Fvpcaccess-stack%2Fmain.tf;fp=infrastructure%2Fmodules%2Fvpcaccess-stack%2Fmain.tf;h=30f4375ed3ade8ae238500ce9fe41e49f4e3e8e8;hp=0000000000000000000000000000000000000000;hb=8576668075ca95e44481d9c9ed29d7e6af024bdc;hpb=933c48ff1e134168de3aaa2d20e4d43c13d04928

diff --git a/infrastructure/modules/vpcaccess-stack/main.tf b/infrastructure/modules/vpcaccess-stack/main.tf
new file mode 100644
index 0000000..30f4375
--- /dev/null
+++ b/infrastructure/modules/vpcaccess-stack/main.tf
@@ -0,0 +1,94 @@
+resource "aws_eip" "vpn" {
+	count = 1
+	vpc = true
+}
+
+resource "aws_security_group" "vpn" {
+	vpc_id = "${var.vpc_id}"
+	name = "${var.name}-vpn"
+	description = "Allow VPN traffic."
+}
+
+resource "aws_security_group_rule" "vpn-out-all" {
+	security_group_id = "${aws_security_group.vpn.id}"
+	type = "egress"
+	from_port = 0
+	to_port = 0
+	protocol = "all"
+	cidr_blocks = ["0.0.0.0/0"]
+}
+
+resource "aws_security_group_rule" "vpn-in-user" {
+	security_group_id = "${aws_security_group.vpn.id}"
+	type = "ingress"
+	from_port = 1195
+	to_port = 1195
+	protocol = "tcp"
+	cidr_blocks = ["0.0.0.0/0"]
+}
+
+resource "aws_security_group_rule" "vpn-in-bridge" {
+	security_group_id = "${aws_security_group.vpn.id}"
+	type = "ingress"
+	from_port = 1194
+	to_port = 1194
+	protocol = "udp"
+	cidr_blocks = ["0.0.0.0/0"]
+}
+
+resource "aws_security_group_rule" "vpn-in-bastion" {
+	security_group_id = "${aws_security_group.vpn.id}"
+	type = "ingress"
+	from_port = 22
+	to_port = 22
+	protocol = "tcp"
+	cidr_blocks = ["0.0.0.0/0"]
+}
+
+resource "aws_elb" "default" {
+	count = "${var.vpcaccess_elb}"
+	name = "${var.name}-int-elb"
+	subnets = ["${var.subnet_ids}"]
+	internal = true
+	listener {
+		lb_port = 22
+		lb_protocol = "tcp"
+		instance_port = 22
+		instance_protocol = "tcp"
+	}
+	health_check {
+		healthy_threshold = 3
+		unhealthy_threshold = 2
+		interval = 30
+		timeout = 5
+		target = "TCP:1195"
+	}
+	idle_timeout = 600
+	tags {
+		module = "${var.name}"
+		phase = "${var.environment}"
+	}
+}
+
+module "asg-stack" {
+	source = "../modules/tf_aws_asg_stack"
+	vpc_id = "${var.vpc_id}"
+	acct_name = "${var.acct_name}"
+	notification_arns = ["${var.notification_arns}"]
+	module = "${var.name}"
+	phase = "${var.environment}"
+	instance_type = "${var.instance_type}"
+	key_name = "${var.key_name}"
+	public_ips = true
+	subnet_ids = ["${var.subnet_ids}"]
+	iam_policy_arns = ["${var.role_policy_arns}"]
+	security_group_ids = ["${concat(var.security_group_ids, list(aws_security_group.vpn.id))}"]
+	max_size = 1
+	min_size = 0
+	iam_allow_actions = [
+        "ec2:AssociateAddress",
+		"ec2:ModifyInstanceAttribute",
+		"ec2:ModifyNetworkInterfaceAttribute"
+	]
+	elbs = ["${var.vpcaccess_elb ? aws_elb.default.id : ""}"]
+}