diff options
Diffstat (limited to 'terraform')
| -rw-r--r-- | terraform/iam.tf | 28 | ||||
| -rw-r--r-- | terraform/sg.tf | 27 | ||||
| -rw-r--r-- | terraform/variables.tf | 4 |
3 files changed, 59 insertions, 0 deletions
diff --git a/terraform/iam.tf b/terraform/iam.tf new file mode 100644 index 0000000..0286993 --- /dev/null +++ b/terraform/iam.tf @@ -0,0 +1,28 @@ +resource "aws_iam_role" "sensyne_demo_cluster" { + name = "sensyne_demo_eks_cluster" + + assume_role_policy = <<POLICY +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Service": "eks.amazonaws.com" + }, + "Action": "sts:AssumeRole" + } + ] +} +POLICY +} + +resource "aws_iam_role_policy_attachment" "demo_cluster_AmazonEKSClusterPolicy" { + policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy" + role = "${aws_iam_role.sensyne_demo_cluster.name}" +} + +resource "aws_iam_role_policy_attachment" "demo_cluster_AmazonEKSServicePolicy" { + policy_arn = "arn:aws:iam::aws:policy/AmazonEKSServicePolicy" + role = "${aws_iam_role.sensyne_demo_cluster.name}" +} diff --git a/terraform/sg.tf b/terraform/sg.tf new file mode 100644 index 0000000..6aff1d6 --- /dev/null +++ b/terraform/sg.tf @@ -0,0 +1,27 @@ +resource "aws_security_group" "sensyne_demo_cluster" { + name = "sensyne-demo-cluster-sg" + description = "Cluster communication with worker nodes" + vpc_id = "${aws_vpc.sensyne_demo_vpc.id}" + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } + + tags = { + Name = "sensyne_demo_cluster_sg" + } +} + +resource "aws_security_group_rule" "sensyne_demo_cluster_remote_access" { + cidr_blocks = ["81.187.12.210/32"] + description = "Allow external comms with cluster" + from_port = 443 + protocol = "tcp" + security_group_id = "${aws_security_group.sensyne_demo_cluster.id}" + to_port = 443 + type = "ingress" +} + diff --git a/terraform/variables.tf b/terraform/variables.tf index 0347ba8..646b635 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -25,3 +25,7 @@ variable "vpc_cidr" { variable "vpc_name" { default = "sensyne_demo" } + +variable "cluster_name" { + default = "sensyne_demo_cluster" +} |