Home Explore Help
Register Sign In
AFS
/
xdr-terraform-modules
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: ca86d98e75
Branches Tags
xdr-terraform-m...
/
base
/
palo_alto
/
panorama
/
main.tf

main.tf 2.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172 
  1. # Panorama
    2. 

  2. resource "aws_placement_group" "panorama_group" {
    3. 

  3.   name = "Panorama Placement Group"
    4. 

  4.   strategy = "spread"
    5. 

  5. }
    6. 

  6. 

  7. resource "aws_instance" "panorama" {
    8. 

  8.   count = var.panorama_count
    9. 

  9.   ami = lookup(var.panorama_ami, var.aws_region)
    10. 

  10.   availability_zone = var.azs[count.index % 2]
    11. 

  11.   placement_group = aws_placement_group.panorama_group.id
    12. 

  12.   tenancy = "default"
    13. 

  13.   ebs_optimized = true
    14. 

  14.   disable_api_termination = var.instance_termination_protection
    15. 

  15.   instance_initiated_shutdown_behavior = "stop"
    16. 

  16.   instance_type = var.panorama_instance_type
    17. 

  17.   key_name = var.panorama_key_name
    18. 

  18.   monitoring = false
    19. 

  19.   vpc_security_group_ids = var.panorama_security_group_ids
    20. 

  20.   subnet_id = var.subnet_id_map["management"][count.index % 2]
    21. 

  21.   #associate_public_ip_address = true # causes a recreate on apply if you set this!
    22. 

  22.   private_ip = cidrhost(var.subnet_cidr_map["management"][count.index % 2], 5 + (count.index % 2))
    23. 

  23.   source_dest_check = true
    24. 

  24. 

  25.   tags = merge(
    26. 

  26.     var.standard_tags,
    27. 

  27.     var.tags,
    28. 

  28.     { Name = "xdr-panorama-${count.index}" }
    29. 

  29.   )
    30. 

  30. 

  31.   root_block_device {
    32. 

  32.     volume_type = "gp2"
    33. 

  33.     volume_size = "81"
    34. 

  34.     delete_on_termination = true
    35. 

  35.     encrypted = true
    36. 

  36.     kms_key_id = var.ebs_key
    37. 

  37.   }
    38. 

  38. 

  39.   # The provisioner doesn't do anything
    40. 

  40.   #connection {
    41. 

  41.   #  type = "ssh"
    42. 

  42.   #  user = "admin"
    43. 

  43.   #  private_key = file("~/.ssh/id_rsa") # Use your private key
    44. 

  44.   #  host = aws_eip.management_eip[count.index].public_ip
    45. 

  45.   #} 
    46. 

  46.   #
    47. 

  47.   #provisioner "remote-exec" {
    48. 

  48.   #  # Used by a provisioner
    49. 

  49.   #
    50. 

  50.   #  inline = [
    51. 

  51.   #    "set mgt-config users admin password",
    52. 

  52.   #    "testme",
    53. 

  53.   #    "testme",
    54. 

  54.   #    "commit"
    55. 

  55.   #  ]
    56. 

  56.   #  on_failure = continue
    57. 

  57.   #}
    58. 

  58. }
    59. 

  59. 

  60. # EIP for Management Interface, declared separately so they're easier to preserve
    61. 

  61. resource "aws_eip" "management_eip" {
    62. 

  62.     count = var.panorama_count
    63. 

  63.     vpc = true
    64. 

  64. }
    65. 

  65. 

  66. resource "aws_eip_association" "eip_assoc" {
    67. 

  67.   count = var.panorama_count
    68. 

  68.   instance_id   = aws_instance.panorama[count.index].id
    69. 

  69.   allocation_id = aws_eip.management_eip[count.index].id
    70. 

  70.   private_ip_address = cidrhost(var.subnet_cidr_map["management"][count.index % 2], 5 + (count.index % 2))
    71. 

  71. }
    72. 

  72.