Add example

Author: int128

.gitignore

@@ -1 +1,3 @@
 .terraform/
+.terraform.*
+*.tfstate

README.md

@@ -46,6 +46,8 @@ module "nat" {
 Now create an EC2 instance in the private subnet to verify the NAT configuration.
 Open the [AWS Systems Manager Session Manager](https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html), log in to the instance and make sure you have external access from the instance.
 
+See also the [example](example/).
+
 
 ## How it works
 

example/README.md

@@ -0,0 +1,31 @@
+# Example of terraform-aws-nat-instance
+
+Provision the stack.
+
+```console
+% terraform init
+
+% terraform apply
+...
+Plan: 37 to add, 0 to change, 0 to destroy.
+
+Do you want to perform these actions?
+  Terraform will perform the actions described above.
+  Only 'yes' will be accepted to approve.
+
+  Enter a value: yes
+...
+Apply complete! Resources: 37 added, 0 changed, 0 destroyed.
+```
+
+Make sure you can access an instance in the private subnet.
+
+```console
+% aws ssm start-session --region us-west-2 --target i-01d945b895167862a
+```
+
+You can completely destroy the stack.
+
+```console
+% terraform destroy
+```

example/example.tf

@@ -0,0 +1,88 @@
+provider "aws" {
+  region = "us-west-2"
+}
+
+module "vpc" {
+  source = "terraform-aws-modules/vpc/aws"
+
+  name                 = "example"
+  cidr                 = "172.18.0.0/16"
+  azs                  = ["us-west-2a", "us-west-2b", "us-west-2c"]
+  private_subnets      = ["172.18.64.0/20", "172.18.80.0/20", "172.18.96.0/20"]
+  public_subnets       = ["172.18.128.0/20", "172.18.144.0/20", "172.18.160.0/20"]
+  enable_dns_hostnames = true
+}
+
+module "nat" {
+  source = "../"
+
+  name                        = "example"
+  vpc_id                      = module.vpc.vpc_id
+  public_subnet               = module.vpc.public_subnets[0]
+  private_subnets_cidr_blocks = module.vpc.private_subnets_cidr_blocks
+  private_route_table_ids     = module.vpc.private_route_table_ids
+}
+
+# instance in the private subnet
+resource "aws_instance" "private_instance" {
+  ami                  = data.aws_ami.amazon_linux_2.id
+  instance_type        = "t3.micro"
+  iam_instance_profile = aws_iam_instance_profile.private_instance.name
+  subnet_id            = module.vpc.private_subnets[0]
+
+  tags = {
+    Name = "Example of terraform-aws-nat-instance"
+  }
+}
+
+# AMI of the latest Amazon Linux 2 
+data "aws_ami" "amazon_linux_2" {
+  most_recent = true
+  owners      = ["amazon"]
+  filter {
+    name   = "architecture"
+    values = ["x86_64"]
+  }
+  filter {
+    name   = "root-device-type"
+    values = ["ebs"]
+  }
+  filter {
+    name   = "name"
+    values = ["amzn2-ami-hvm-*"]
+  }
+  filter {
+    name   = "virtualization-type"
+    values = ["hvm"]
+  }
+  filter {
+    name   = "block-device-mapping.volume-type"
+    values = ["gp2"]
+  }
+}
+
+resource "aws_iam_instance_profile" "private_instance" {
+  role = aws_iam_role.private_instance.name
+}
+
+resource "aws_iam_role" "private_instance" {
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "ec2.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy_attachment" "ssm" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
+  role       = aws_iam_role.private_instance.name
+}