Initial commit

Author: int128

.gitignore

@@ -0,0 +1 @@
+.terraform/

README.md

@@ -0,0 +1,5 @@
+# terraform-aws-nat-instance
+
+This is a Terraform module which provisions a NAT instance using an auto scaling group and spot request.
+
+

main.tf

@@ -0,0 +1,92 @@
+resource "aws_security_group" "this" {
+  name_prefix = var.name
+  vpc_id      = var.vpc_id
+}
+
+resource "aws_security_group_rule" "this_egress" {
+  security_group_id = aws_security_group.this.id
+  type              = "egress"
+  cidr_blocks       = ["0.0.0.0/0"]
+  from_port         = 0
+  to_port           = 65535
+  protocol          = "tcp"
+}
+
+resource "aws_security_group_rule" "this_ingress" {
+  security_group_id = aws_security_group.this.id
+  type              = "ingress"
+  cidr_blocks       = var.private_subnets_cidr_blocks
+  from_port         = 0
+  to_port           = 65535
+  protocol          = "tcp"
+}
+
+resource "aws_launch_template" "this" {
+  name_prefix = var.name
+  image_id    = var.image_id
+  iam_instance_profile {
+    arn = aws_iam_instance_profile.this.arn
+  }
+  network_interfaces {
+    associate_public_ip_address = true
+    security_groups             = [aws_security_group.this.id]
+  }
+}
+
+resource "aws_autoscaling_group" "this" {
+  name_prefix         = var.name
+  desired_capacity    = 1
+  min_size            = 1
+  max_size            = 1
+  vpc_zone_identifier = var.public_subnets
+
+  mixed_instances_policy {
+    instances_distribution {
+      on_demand_percentage_above_base_capacity = 0
+    }
+    launch_template {
+      launch_template_specification {
+        launch_template_id = aws_launch_template.this.id
+        version            = "$Latest"
+      }
+      dynamic "override" {
+        for_each = var.instance_types
+        content {
+          instance_type = override.value
+        }
+      }
+    }
+  }
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_iam_instance_profile" "this" {
+  name_prefix = var.name
+  role        = aws_iam_role.this.name
+}
+
+resource "aws_iam_role" "this" {
+  name_prefix        = var.name
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "ec2.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy_attachment" "this_ssm" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
+  role       = aws_iam_role.this.name
+}

variables.tf

@@ -0,0 +1,34 @@
+variable "name" {
+  description = "Name of this NAT instance"
+}
+
+variable "vpc_id" {
+  description = "ID of the VPC"
+}
+
+variable "public_subnets" {
+  description = "List of ID of the public subnets"
+}
+
+variable "private_subnets_cidr_blocks" {
+  description = "List of CIDR blocks of the private subnets"
+}
+
+variable "image_id" {
+  description = "AMI of the NAT instance"
+  # amzn-ami-vpc-nat-hvm-2018.03.0.20181116-x86_64-ebs
+  default = "ami-0b840e8a1ce4cdf15"
+}
+
+variable "instance_types" {
+  description = "Candidates of instance type of the NAT instance"
+  default     = ["t3.nano", "t3a.nano"]
+}
+
+variable "volume_size" {
+  default = "8"
+}
+
+variable "volume_type" {
+  default = "gp2"
+}