-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.tf
91 lines (77 loc) · 2.52 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
# Retrieve information of an existing IBM Cloud Infrastructure image as a read-only data source.
data "ibm_is_image" "vsi_image" {
name = var.vsi_image_name
}
# Retrieve information about an existing IBM resource group as a read-only data source.
data "ibm_resource_group" "group" {
name = var.resource_group_name
}
# Create a Virtual Private Cloud (VPC).
resource "ibm_is_vpc" "vpc" {
name = "${var.basename}-vpc"
resource_group = data.ibm_resource_group.group.id
}
# Create a Virtual Private Cloud (VPC) Subnet in one region.
resource "ibm_is_subnet" "subnet" {
name = "${var.basename}-subnet"
vpc = ibm_is_vpc.vpc.id
zone = "${var.region}-1"
resource_group = data.ibm_resource_group.group.id
total_ipv4_address_count = 16
}
# Create a Virtual Private Cloud (VPC) Security Group that will be applied to a VSI Network Interface.
resource "ibm_is_security_group" "group" {
name = "${var.basename}-group"
resource_group = data.ibm_resource_group.group.id
vpc = ibm_is_vpc.vpc.id
}
# Create a Virtual Private Cloud (VPC) Security Group rule for allowing port 80 (http) egress.
resource "ibm_is_security_group_rule" "tcp_80" {
group = ibm_is_security_group.group.id
direction = "outbound"
remote = "0.0.0.0/0"
tcp {
port_min = 80
port_max = 80
}
}
# Create a Virtual Private Cloud (VPC) Security Group rule for allowing port 443 (https) egress.
resource "ibm_is_security_group_rule" "tcp_443" {
group = ibm_is_security_group.group.id
direction = "outbound"
remote = "0.0.0.0/0"
tcp {
port_min = 443
port_max = 443
}
}
# Create a Virtual Private Cloud (VPC) Security Group rule for allowing port 53 (dns) egress.
resource "ibm_is_security_group_rule" "tcp_53" {
group = ibm_is_security_group.group.id
direction = "outbound"
remote = "0.0.0.0/0"
tcp {
port_min = 53
port_max = 53
}
}
# Create a Virtual Private Cloud (VPC) Security Group rule for allowing port 53 (dns) egress.
resource "ibm_is_security_group_rule" "udp_443" {
group = ibm_is_security_group.group.id
direction = "outbound"
remote = "0.0.0.0/0"
udp {
port_min = 53
port_max = 53
}
}
# Create a Virtual Private Cloud (VPC) Security Group rule for allowing port 22 (ssh) ingress.
resource "ibm_is_security_group_rule" "ssh" {
group = ibm_is_security_group.group.id
direction = "inbound"
remote = "0.0.0.0/0"
tcp {
port_min = 22
port_max = 22
}
}