e5069332e5
Infrastructure components: - VPC with single public subnet (10.0.0.0/16) - Security group (SSH/HTTP/HTTPS from anywhere) - EC2 instance (t3.medium, Ubuntu 24.04, 30GB encrypted gp3) - S3 bucket for backups (versioned, encrypted) - IAM role with S3FullAccess for EC2 - Route 53 DNS (gitea.poll-streams.com → EC2) - Ed25519 SSH key generation via Terraform
48 lines
1017 B
HCL
48 lines
1017 B
HCL
# Security Group for EC2
|
|
module "security_group" {
|
|
source = "terraform-aws-modules/security-group/aws"
|
|
version = "6.0.0"
|
|
|
|
name = "${var.project_name}-ec2-sg"
|
|
description = "Security group for EC2 instance"
|
|
vpc_id = module.vpc.vpc_id
|
|
|
|
ingress_rules = {
|
|
ssh = {
|
|
from_port = 22
|
|
to_port = 22
|
|
ip_protocol = "tcp"
|
|
description = "SSH from anywhere"
|
|
cidr_ipv4 = "0.0.0.0/0"
|
|
}
|
|
http = {
|
|
from_port = 80
|
|
to_port = 80
|
|
ip_protocol = "tcp"
|
|
description = "HTTP from anywhere"
|
|
cidr_ipv4 = "0.0.0.0/0"
|
|
}
|
|
https = {
|
|
from_port = 443
|
|
to_port = 443
|
|
ip_protocol = "tcp"
|
|
description = "HTTPS from anywhere"
|
|
cidr_ipv4 = "0.0.0.0/0"
|
|
}
|
|
}
|
|
|
|
egress_rules = {
|
|
all = {
|
|
from_port = 0
|
|
to_port = 0
|
|
ip_protocol = "-1"
|
|
description = "Allow all outbound"
|
|
cidr_ipv4 = "0.0.0.0/0"
|
|
}
|
|
}
|
|
|
|
tags = {
|
|
Name = "${var.project_name}-ec2-sg"
|
|
}
|
|
}
|