├── README.md
├── alb
    ├── main.tf
    ├── outputs.tf
    └── variables.tf
├── auto_scaling
    ├── main.tf
    └── variables.tf
├── cloudtrail
    ├── main.tf
    └── variables.tf
├── cloudwatch
    ├── main.tf
    └── variables.tf
├── config
    └── main.tf
├── ec2
    ├── main.tf
    ├── outputs.tf
    ├── userdata.tpl
    └── variables.tf
├── iam
    ├── main.tf
    ├── outputs.tf
    └── variables.tf
├── introduction_to_terraform
    └── main.tf
├── kms
    ├── main.tf
    └── variables.tf
├── main.tf
├── rds
    ├── main.tf
    └── variables.tf
├── route53
    ├── main.tf
    └── variables.tf
├── s3
    ├── main.tf
    └── variables.tf
├── sns
    ├── main.tf
    ├── outputs.tf
    └── variables.tf
├── transit_gateway
    ├── main.tf
    ├── outputs.tf
    └── variables.tf
└── vpc
    ├── main.tf
    ├── outputs.tf
    └── variables.tf


/README.md:
--------------------------------------------------------------------------------
1 | #### 21_days_of_aws_using_terraform
2 | 


--------------------------------------------------------------------------------
/alb/main.tf:
--------------------------------------------------------------------------------
 1 | provider "aws" {
 2 |   region = "us-west-2"
 3 | }
 4 | 
 5 | resource "aws_lb_target_group" "my-target-group" {
 6 |   health_check {
 7 |     interval            = 10
 8 |     path                = "/"
 9 |     protocol            = "HTTP"
10 |     timeout             = 5
11 |     healthy_threshold   = 5
12 |     unhealthy_threshold = 2
13 |   }
14 | 
15 |   name        = "my-test-tg"
16 |   port        = 80
17 |   protocol    = "HTTP"
18 |   target_type = "instance"
19 |   vpc_id      = "${var.vpc_id}"
20 | }
21 | 
22 | /*resource "aws_lb_target_group_attachment" "my-alb-target-group-attachment1" {
23 |   target_group_arn = "${aws_lb_target_group.my-target-group.arn}"
24 |   target_id        = "${var.instance1_id}"
25 |   port             = 80
26 | }
27 | 
28 | resource "aws_lb_target_group_attachment" "my-alb-target-group-attachment2" {
29 |   target_group_arn = "${aws_lb_target_group.my-target-group.arn}"
30 |   target_id        = "${var.instance2_id}"
31 |   port             = 80
32 | }*/
33 | 
34 | resource "aws_lb" "my-aws-alb" {
35 |   name     = "my-test-alb"
36 |   internal = false
37 | 
38 |   security_groups = [
39 |     "${aws_security_group.my-alb-sg.id}",
40 |   ]
41 | 
42 |   subnets = [
43 |     "${var.subnet1}",
44 |     "${var.subnet2}",
45 |   ]
46 | 
47 |   tags = {
48 |     Name = "my-test-alb"
49 |   }
50 | 
51 |   ip_address_type    = "ipv4"
52 |   load_balancer_type = "application"
53 | }
54 | 
55 | resource "aws_lb_listener" "my-test-alb-listner" {
56 |   load_balancer_arn = "${aws_lb.my-aws-alb.arn}"
57 |   port              = 80
58 |   protocol          = "HTTP"
59 | 
60 |   default_action {
61 |     type             = "forward"
62 |     target_group_arn = "${aws_lb_target_group.my-target-group.arn}"
63 |   }
64 | }
65 | 
66 | resource "aws_security_group" "my-alb-sg" {
67 |   name   = "my-alb-sg"
68 |   vpc_id = "${var.vpc_id}"
69 | }
70 | 
71 | resource "aws_security_group_rule" "inbound_ssh" {
72 |   from_port         = 22
73 |   protocol          = "tcp"
74 |   security_group_id = "${aws_security_group.my-alb-sg.id}"
75 |   to_port           = 22
76 |   type              = "ingress"
77 |   cidr_blocks       = ["0.0.0.0/0"]
78 | }
79 | 
80 | resource "aws_security_group_rule" "inbound_http" {
81 |   from_port         = 80
82 |   protocol          = "tcp"
83 |   security_group_id = "${aws_security_group.my-alb-sg.id}"
84 |   to_port           = 80
85 |   type              = "ingress"
86 |   cidr_blocks       = ["0.0.0.0/0"]
87 | }
88 | 
89 | resource "aws_security_group_rule" "outbound_all" {
90 |   from_port         = 0
91 |   protocol          = "-1"
92 |   security_group_id = "${aws_security_group.my-alb-sg.id}"
93 |   to_port           = 0
94 |   type              = "egress"
95 |   cidr_blocks       = ["0.0.0.0/0"]
96 | }
97 | 


--------------------------------------------------------------------------------
/alb/outputs.tf:
--------------------------------------------------------------------------------
1 | output "alb_dns_name" {
2 |   value = "${aws_lb.my-aws-alb.dns_name}"
3 | }
4 | 
5 | output "alb_target_group_arn" {
6 |   value = "${aws_lb_target_group.my-target-group.arn}"
7 | }
8 | 


--------------------------------------------------------------------------------
/alb/variables.tf:
--------------------------------------------------------------------------------
1 | variable "vpc_id" {}
2 | 
3 | /*variable "instance1_id" {}
4 | variable "instance2_id" {}*/
5 | variable "subnet1" {}
6 | 
7 | variable "subnet2" {}
8 | 


--------------------------------------------------------------------------------
/auto_scaling/main.tf:
--------------------------------------------------------------------------------
 1 | provider "aws" {
 2 |   region = "us-west-2"
 3 | }
 4 | 
 5 | resource "aws_launch_configuration" "my-test-launch-config" {
 6 |   image_id        = "ami-01ed306a12b7d1c96"
 7 |   instance_type   = "t2.micro"
 8 |   security_groups = ["${aws_security_group.my-asg-sg.id}"]
 9 | 
10 |   user_data = <<-EOF
11 |               #!/bin/bash
12 |               yum -y install httpd
13 |               echo "Hello, from Terraform" > /var/www/html/index.html
14 |               service httpd start
15 |               chkconfig httpd on
16 |               EOF
17 | 
18 |   lifecycle {
19 |     create_before_destroy = true
20 |   }
21 | }
22 | 
23 | resource "aws_autoscaling_group" "example" {
24 |   launch_configuration = "${aws_launch_configuration.my-test-launch-config.name}"
25 |   vpc_zone_identifier  = ["${var.subnet1}","${var.subnet2 }"]
26 |   target_group_arns    = ["${var.target_group_arn}"]
27 |   health_check_type    = "ELB"
28 | 
29 |   min_size = 2
30 |   max_size = 10
31 | 
32 |   tag {
33 |     key                 = "Name"
34 |     value               = "my-test-asg"
35 |     propagate_at_launch = true
36 |   }
37 | }
38 | 
39 | resource "aws_security_group" "my-asg-sg" {
40 |   name   = "my-asg-sg"
41 |   vpc_id = "${var.vpc_id}"
42 | }
43 | 
44 | resource "aws_security_group_rule" "inbound_ssh" {
45 |   from_port         = 22
46 |   protocol          = "tcp"
47 |   security_group_id = "${aws_security_group.my-asg-sg.id}"
48 |   to_port           = 22
49 |   type              = "ingress"
50 |   cidr_blocks       = ["0.0.0.0/0"]
51 | }
52 | 
53 | resource "aws_security_group_rule" "inbound_http" {
54 |   from_port         = 80
55 |   protocol          = "tcp"
56 |   security_group_id = "${aws_security_group.my-asg-sg.id}"
57 |   to_port           = 80
58 |   type              = "ingress"
59 |   cidr_blocks       = ["0.0.0.0/0"]
60 | }
61 | 
62 | resource "aws_security_group_rule" "outbound_all" {
63 |   from_port         = 0
64 |   protocol          = "-1"
65 |   security_group_id = "${aws_security_group.my-asg-sg.id}"
66 |   to_port           = 0
67 |   type              = "egress"
68 |   cidr_blocks       = ["0.0.0.0/0"]
69 | }
70 | 


--------------------------------------------------------------------------------
/auto_scaling/variables.tf:
--------------------------------------------------------------------------------
 1 | variable "vpc_id" {}
 2 | 
 3 | 
 4 | variable "target_group_arn" {}
 5 | 
 6 | variable "subnet1" {}
 7 | variable "subnet2" {}
 8 | 
 9 | 
10 | 


--------------------------------------------------------------------------------
/cloudtrail/main.tf:
--------------------------------------------------------------------------------
 1 | provider "aws" {
 2 |   region = "us-west-2"
 3 | }
 4 | 
 5 | resource "aws_cloudtrail" "my-demo-cloudtrail" {
 6 |   name                          = "${var.cloudtrail_name}"
 7 |   s3_bucket_name                = "${aws_s3_bucket.s3_bucket_name.id}"
 8 |   include_global_service_events = true
 9 |   is_multi_region_trail         = true
10 |   enable_log_file_validation    = true
11 | }
12 | 
13 | resource "aws_s3_bucket" "s3_bucket_name" {
14 |   bucket = "${var.s3_bucket_name}"
15 | 
16 |   policy = <<POLICY
17 | {
18 |   "Version": "2012-10-17",
19 |   "Statement": [
20 | {
21 |    "Sid": "AWSCloudTrailAclCheck",
22 |    "Effect": "Allow",
23 |    "Principal": {
24 |       "Service": "cloudtrail.amazonaws.com"
25 | },
26 |  "Action": "s3:GetBucketAcl",
27 |  "Resource": "arn:aws:s3:::s3-cloudtrail-bucket-with-terraform-code"
28 | },
29 | {
30 | "Sid": "AWSCloudTrailWrite",
31 | "Effect": "Allow",
32 | "Principal": {
33 |   "Service": "cloudtrail.amazonaws.com"
34 | },
35 | "Action": "s3:PutObject",
36 | "Resource": "arn:aws:s3:::s3-cloudtrail-bucket-with-terraform-code/*",
37 | "Condition": {
38 |   "StringEquals": {
39 |      "s3:x-amz-acl": "bucket-owner-full-control"
40 |   }
41 | }
42 |   }
43 |   ]
44 |   }
45 |   POLICY
46 | }
47 | 


--------------------------------------------------------------------------------
/cloudtrail/variables.tf:
--------------------------------------------------------------------------------
1 | variable "cloudtrail_name" {}
2 | variable "s3_bucket_name" {}
3 | 


--------------------------------------------------------------------------------
/cloudwatch/main.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_cloudwatch_metric_alarm" "cpu-utilization" {
 2 |   alarm_name          = "high-cpu-utilization-alarm"
 3 |   comparison_operator = "GreaterThanOrEqualToThreshold"
 4 |   evaluation_periods  = "2"
 5 |   metric_name         = "CPUUtilization"
 6 |   namespace           = "AWS/EC2"
 7 |   period              = "120"
 8 |   statistic           = "Average"
 9 |   threshold           = "80"
10 |   alarm_description   = "This metric monitors ec2 cpu utilization"
11 |   alarm_actions       = ["${var.sns_topic}"]
12 | 
13 |   dimensions = {
14 |     InstanceId = "${var.instance_id}"
15 |   }
16 | }
17 | 
18 | resource "aws_cloudwatch_metric_alarm" "instance-health-check" {
19 |   alarm_name          = "instance-health-check"
20 |   comparison_operator = "GreaterThanOrEqualToThreshold"
21 |   evaluation_periods  = "1"
22 |   metric_name         = "StatusCheckFailed"
23 |   namespace           = "AWS/EC2"
24 |   period              = "120"
25 |   statistic           = "Average"
26 |   threshold           = "1"
27 |   alarm_description   = "This metric monitors ec2 health status"
28 |   alarm_actions       = ["${var.sns_topic}"]
29 | 
30 |   dimensions = {
31 |     InstanceId = "${var.instance_id}"
32 |   }
33 | }
34 | 


--------------------------------------------------------------------------------
/cloudwatch/variables.tf:
--------------------------------------------------------------------------------
1 | variable "sns_topic" {}
2 | 
3 | variable "instance_id" {}
4 | 


--------------------------------------------------------------------------------
/config/main.tf:
--------------------------------------------------------------------------------
  1 | provider "aws" {
  2 |   region = "us-west-2"
  3 | }
  4 | 
  5 | resource "aws_iam_role" "my-config" {
  6 |   name = "config-example"
  7 | 
  8 |   assume_role_policy = <<POLICY
  9 | {
 10 |   "Version": "2012-10-17",
 11 |   "Statement": [
 12 |     {
 13 |       "Action": "sts:AssumeRole",
 14 |       "Principal": {
 15 |         "Service": "config.amazonaws.com"
 16 |       },
 17 |       "Effect": "Allow",
 18 |       "Sid": ""
 19 |     }
 20 |   ]
 21 | }
 22 | POLICY
 23 | }
 24 | 
 25 | resource "aws_iam_role_policy_attachment" "my-config" {
 26 |   role       = "${aws_iam_role.my-config.name}"
 27 |   policy_arn = "arn:aws:iam::aws:policy/service-role/AWSConfigRole"
 28 | }
 29 | 
 30 | resource "aws_s3_bucket" "my-config" {
 31 |   bucket = "config-bucket-for-my-test-project"
 32 |   acl    = "private"
 33 | 
 34 |   versioning {
 35 |     enabled = true
 36 |   }
 37 | 
 38 |   lifecycle {
 39 |     prevent_destroy = true
 40 |   }
 41 | }
 42 | 
 43 | resource "aws_config_configuration_recorder" "my-config" {
 44 |   name     = "config-example"
 45 |   role_arn = "${aws_iam_role.my-config.arn}"
 46 | 
 47 |   recording_group {
 48 |     all_supported                 = true
 49 |     include_global_resource_types = true
 50 |   }
 51 | }
 52 | 
 53 | resource "aws_config_delivery_channel" "my-config" {
 54 |   name           = "config-example"
 55 |   s3_bucket_name = "${aws_s3_bucket.my-config.bucket}"
 56 | 
 57 |   depends_on = ["aws_config_configuration_recorder.my-config"]
 58 | }
 59 | 
 60 | resource "aws_config_configuration_recorder_status" "config" {
 61 |   name       = "${aws_config_configuration_recorder.my-config.name}"
 62 |   is_enabled = true
 63 | 
 64 |   depends_on = ["aws_config_delivery_channel.my-config"]
 65 | }
 66 | 
 67 | resource "aws_config_config_rule" "instances_in_vpc" {
 68 |   name = "instances_in_vpc"
 69 | 
 70 |   source {
 71 |     owner             = "AWS"
 72 |     source_identifier = "INSTANCES_IN_VPC"
 73 |   }
 74 | 
 75 |   depends_on = ["aws_config_configuration_recorder.my-config"]
 76 | }
 77 | 
 78 | resource "aws_config_config_rule" "cloud_trail_enabled" {
 79 |   name = "cloud_trail_enabled"
 80 | 
 81 |   source {
 82 |     owner             = "AWS"
 83 |     source_identifier = "CLOUD_TRAIL_ENABLED"
 84 |   }
 85 | 
 86 |   input_parameters = <<EOF
 87 | {
 88 |   "s3BucketName": "cloudwatch-to-s3-logs"
 89 | }
 90 | EOF
 91 | 
 92 |   depends_on = ["aws_config_configuration_recorder.my-config"]
 93 | }
 94 | 
 95 | resource "aws_config_config_rule" "s3_bucket_versioning_enabled" {
 96 |   name = "s3_bucket_versioning_enabled"
 97 | 
 98 |   source {
 99 |     owner             = "AWS"
100 |     source_identifier = "S3_BUCKET_VERSIONING_ENABLED"
101 |   }
102 | 
103 |   depends_on = ["aws_config_configuration_recorder.my-config"]
104 | }
105 | 
106 | resource "aws_config_config_rule" "desired_instance_type" {
107 |   name = "desired_instance_type"
108 | 
109 |   "source" {
110 |     owner             = "AWS"
111 |     source_identifier = "DESIRED_INSTANCE_TYPE"
112 |   }
113 | 
114 |   input_parameters = <<EOF
115 | {
116 |   "alarmActionRequired" : "t2.micro"
117 | }
118 | EOF
119 | 
120 |   depends_on = ["aws_config_configuration_recorder.my-config"]
121 | }


--------------------------------------------------------------------------------
/ec2/main.tf:
--------------------------------------------------------------------------------
 1 | provider "aws" {
 2 |   region = "us-west-2"
 3 | }
 4 | 
 5 | data "aws_availability_zones" "available" {}
 6 | 
 7 | data "aws_ami" "centos" {
 8 |   owners      = ["679593333241"]
 9 |   most_recent = true
10 | 
11 |   filter {
12 |     name   = "name"
13 |     values = ["CentOS Linux 7 x86_64 HVM EBS *"]
14 |   }
15 | 
16 |   filter {
17 |     name   = "architecture"
18 |     values = ["x86_64"]
19 |   }
20 | 
21 |   filter {
22 |     name   = "root-device-type"
23 |     values = ["ebs"]
24 |   }
25 | }
26 | 
27 | resource "aws_key_pair" "mytest-key" {
28 |   key_name   = "my-test-terraform-key-new1"
29 |   public_key = "${file(var.my_public_key)}"
30 | }
31 | 
32 | data "template_file" "init" {
33 |   template = "${file("${path.module}/userdata.tpl")}"
34 | }
35 | 
36 | resource "aws_instance" "my-test-instance" {
37 |   count                  = 2
38 |   ami                    = "${data.aws_ami.centos.id}"
39 |   instance_type          = "${var.instance_type}"
40 |   key_name               = "${aws_key_pair.mytest-key.id}"
41 |   vpc_security_group_ids = ["${var.security_group}"]
42 |   subnet_id              = "${element(var.subnets, count.index )}"
43 |   user_data              = "${data.template_file.init.rendered}"
44 | 
45 |   tags = {
46 |     Name = "my-instance-${count.index + 1}"
47 |   }
48 | }
49 | 
50 | resource "aws_ebs_volume" "my-test-ebs" {
51 |   count             = 2
52 |   availability_zone = "${data.aws_availability_zones.available.names[count.index]}"
53 |   size              = 1
54 |   type              = "gp2"
55 | }
56 | 
57 | resource "aws_volume_attachment" "my-vol-attach" {
58 |   count        = 2
59 |   device_name  = "/dev/xvdh"
60 |   instance_id  = "${aws_instance.my-test-instance.*.id[count.index]}"
61 |   volume_id    = "${aws_ebs_volume.my-test-ebs.*.id[count.index]}"
62 |   force_detach = true
63 | }
64 | 


--------------------------------------------------------------------------------
/ec2/outputs.tf:
--------------------------------------------------------------------------------
 1 | output "instance_id" {
 2 |   value = "${element(aws_instance.my-test-instance.*.id, 1)}"
 3 | }
 4 | 
 5 | /*
 6 | output "instance2_id" {
 7 |   value = "${element(aws_instance.my-test-instance.*.id, 2)}"
 8 | }
 9 | */
10 | 
11 | output "server_ip" {
12 |   value = "${join(",",aws_instance.my-test-instance.*.public_ip)}"
13 | }
14 | 
15 | /*
16 | output "instance_id" {
17 |   value = "${aws_instance.my-test-instance.*.id}"
18 | }*/
19 | 
20 | 


--------------------------------------------------------------------------------
/ec2/userdata.tpl:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | mkfs.ext4 /dev/xvdh
3 | mount /dev/xvdh /mnt
4 | echo /dev/xvdh /mnt defaults,nofail 0 2 >> /etc/fstab
5 | 
6 | yum -y install httpd
7 | echo "this is coming from terraform" >> /var/www/html/index.html
8 | service httpd start
9 | chkconfig httpd on


--------------------------------------------------------------------------------
/ec2/variables.tf:
--------------------------------------------------------------------------------
 1 | variable "my_public_key" {}
 2 | 
 3 | variable "instance_type" {}
 4 | 
 5 | variable "security_group" {}
 6 | 
 7 | variable "subnets" {
 8 |   type = "list"
 9 | }
10 | 


--------------------------------------------------------------------------------
/iam/main.tf:
--------------------------------------------------------------------------------
 1 | provider "aws" {
 2 |   region = "us-west-2"
 3 | }
 4 | 
 5 | resource "aws_iam_user" "my-test-user" {
 6 |   name  = "${element(var.username,count.index)}"
 7 |   count = "${length(var.username)}"
 8 | }
 9 | 
10 | resource "aws_iam_role_policy" "my-test-policy" {
11 |   name = "my-test-iam-policy"
12 |   role = "${aws_iam_role.my-test-iam-role.id}"
13 | 
14 |   policy = <<EOF
15 | {
16 |     "Version": "2012-10-17",
17 |     "Statement": [
18 |         {
19 |             "Sid": "VisualEditor0",
20 |             "Effect": "Allow",
21 |             "Action": [
22 |                 "cloudwatch:PutMetricData",
23 |                 "ec2:DescribeTags",
24 |                 "logs:PutLogEvents",
25 |                 "logs:DescribeLogStreams",
26 |                 "logs:DescribeLogGroups",
27 |                 "logs:CreateLogStream",
28 |                 "logs:CreateLogGroup"
29 |             ],
30 |             "Resource": "*"
31 |         }
32 |     ]
33 | }
34 | EOF
35 | }
36 | 
37 | resource "aws_iam_role" "my-test-iam-role" {
38 |   name = "my-test-iam-role"
39 | 
40 |   assume_role_policy = <<EOF
41 | {
42 | "Version": "2012-10-17",
43 | "Statement": [
44 | {
45 | "Action": "sts:AssumeRole",
46 | "Principal": {
47 |  "Service": "ec2.amazonaws.com"
48 | },
49 | "Effect": "Allow"
50 | }
51 | ]
52 | }
53 | EOF
54 | 
55 |   tags = {
56 |     tag-key = "my-test-iam-role"
57 |   }
58 | }
59 | 
60 | resource "aws_iam_instance_profile" "my-test-iam-instance-profile" {
61 |   name = "my-test-iam-instance-profile"
62 |   role = "${aws_iam_role.my-test-iam-role.name}"
63 | }
64 | 


--------------------------------------------------------------------------------
/iam/outputs.tf:
--------------------------------------------------------------------------------
1 | output "aws_iam_user" {
2 |   value = "${aws_iam_user.my-test-user.0.arn}"
3 | }


--------------------------------------------------------------------------------
/iam/variables.tf:
--------------------------------------------------------------------------------
1 | variable "username" {
2 |   type = "list"
3 | }
4 | 


--------------------------------------------------------------------------------
/introduction_to_terraform/main.tf:
--------------------------------------------------------------------------------
 1 | provider "aws" {
 2 |   region = "us-west-2"
 3 | }
 4 | 
 5 | resource "aws_security_group" "examplesg" {
 6 |   name        = "my-example-sg"
 7 |   description = "Allow ssh traffic"
 8 | 
 9 |   ingress {
10 |     from_port   = 22
11 |     to_port     = 22
12 |     protocol    = "tcp"
13 |     cidr_blocks = ["0.0.0.0/0"]
14 |   }
15 | 
16 |   egress {
17 |     from_port   = 0
18 |     to_port     = 0
19 |     protocol    = "-1"
20 |     cidr_blocks = ["0.0.0.0/0"]
21 |   }
22 | }
23 | 
24 | resource "aws_instance" "ec2_instance" {
25 |   ami                    = "ami-01ed306a12b7d1c96"
26 |   instance_type          = "t2.micro"
27 |   vpc_security_group_ids = ["${aws_security_group.examplesg.id}"]
28 |   key_name               = "${aws_key_pair.examplekp.id}"
29 | 
30 |   tags = {
31 |     Name = "my-first-webserver-dev"
32 |   }
33 | }
34 | 
35 | resource "aws_key_pair" "examplekp" {
36 |   key_name   = "my-example-key"
37 |   public_key = ""
38 | }
39 | 


--------------------------------------------------------------------------------
/kms/main.tf:
--------------------------------------------------------------------------------
 1 | provider "aws" {
 2 |   region = "us-west-2"
 3 | }
 4 | 
 5 | resource "aws_kms_key" "my-kms-key" {
 6 |   description         = "My KMS Keys for Data Encryption"
 7 |   enable_key_rotation = true
 8 | 
 9 |   tags = {
10 |     Name = "my-kms-keys"
11 |   }
12 | 
13 |   policy = <<EOF
14 | {
15 |     "Id": "key-consolepolicy-3",
16 |     "Version": "2012-10-17",
17 |     "Statement": [
18 |         {
19 |             "Sid": "Enable IAM User Permissions",
20 |             "Effect": "Allow",
21 |             "Principal": {
22 |                 "AWS": "${var.user_arn}"
23 |             },
24 |             "Action": "kms:*",
25 |             "Resource": "*"
26 |         },
27 |         {
28 |             "Sid": "Allow access for Key Administrators",
29 |             "Effect": "Allow",
30 |             "Principal": {
31 |                 "AWS": "${var.user_arn}"
32 |             },
33 |             "Action": [
34 |                 "kms:Create*",
35 |                 "kms:Describe*",
36 |                 "kms:Enable*",
37 |                 "kms:List*",
38 |                 "kms:Put*",
39 |                 "kms:Update*",
40 |                 "kms:Revoke*",
41 |                 "kms:Disable*",
42 |                 "kms:Get*",
43 |                 "kms:Delete*",
44 |                 "kms:TagResource",
45 |                 "kms:UntagResource",
46 |                 "kms:ScheduleKeyDeletion",
47 |                 "kms:CancelKeyDeletion"
48 |             ],
49 |             "Resource": "*"
50 |         },
51 |         {
52 |             "Sid": "Allow use of the key",
53 |             "Effect": "Allow",
54 |             "Principal": {
55 |                 "AWS": "${var.user_arn}"
56 |             },
57 |             "Action": [
58 |                 "kms:Encrypt",
59 |                 "kms:Decrypt",
60 |                 "kms:ReEncrypt*",
61 |                 "kms:GenerateDataKey*",
62 |                 "kms:DescribeKey"
63 |             ],
64 |             "Resource": "*"
65 |         },
66 |         {
67 |             "Sid": "Allow attachment of persistent resources",
68 |             "Effect": "Allow",
69 |             "Principal": {
70 |                 "AWS": "${var.user_arn}"
71 |             },
72 |             "Action": [
73 |                 "kms:CreateGrant",
74 |                 "kms:ListGrants",
75 |                 "kms:RevokeGrant"
76 |             ],
77 |             "Resource": "*",
78 |             "Condition": {
79 |                 "Bool": {
80 |                     "kms:GrantIsForAWSResource": "true"
81 |                 }
82 |             }
83 |         }
84 |     ]
85 | }
86 | EOF
87 | }
88 | 
89 | resource "aws_kms_alias" "smc-kms-alias" {
90 |   target_key_id = "${aws_kms_key.my-kms-key.key_id}"
91 |   name          = "alias/my-terraform-final-encryption-key"
92 | }


--------------------------------------------------------------------------------
/kms/variables.tf:
--------------------------------------------------------------------------------
1 | variable "user_arn" {
2 | }


--------------------------------------------------------------------------------
/main.tf:
--------------------------------------------------------------------------------
 1 | provider "aws" {
 2 |   region = "us-west-2"
 3 | }
 4 | 
 5 | module "vpc" {
 6 |   source          = "./vpc"
 7 |   vpc_cidr        = "10.0.0.0/16"
 8 |   public_cidrs    = ["10.0.1.0/24", "10.0.2.0/24"]
 9 |   private_cidrs   = ["10.0.3.0/24", "10.0.4.0/24"]
10 |   transit_gateway = "${module.transit_gateway.transit_gateway}"
11 | }
12 | 
13 | module "ec2" {
14 |   source         = "./ec2"
15 |   my_public_key  = "/tmp/id_rsa.pub"
16 |   instance_type  = "t2.micro"
17 |   security_group = "${module.vpc.security_group}"
18 |   subnets        = "${module.vpc.public_subnets}"
19 | }
20 | 
21 | module "alb" {
22 |   source = "./alb"
23 |   vpc_id = "${module.vpc.vpc_id}"
24 | 
25 |   /*  instance1_id = "${module.ec2.instance1_id}"
26 |       instance2_id = "${module.ec2.instance2_id}"*/
27 |   subnet1 = "${module.vpc.subnet1}"
28 | 
29 |   subnet2 = "${module.vpc.subnet2}"
30 | }
31 | 
32 | module "auto_scaling" {
33 |   source           = "./auto_scaling"
34 |   vpc_id           = "${module.vpc.vpc_id}"
35 |   subnet1          = "${module.vpc.subnet1}"
36 |   subnet2          = "${module.vpc.subnet2}"
37 |   target_group_arn = "${module.alb.alb_target_group_arn}"
38 | }
39 | 
40 | module "sns_topic" {
41 |   source       = "./sns"
42 |   alarms_email = "plakhera2019@gmail.com"
43 | }
44 | 
45 | module "cloudwatch" {
46 |   source      = "./cloudwatch"
47 |   sns_topic   = "${module.sns_topic.sns_arn}"
48 |   instance_id = "${module.ec2.instance_id}"
49 | }
50 | 
51 | module "rds" {
52 |   source      = "./rds"
53 |   db_instance = "db.t2.micro"
54 |   rds_subnet1 = "${module.vpc.private_subnet1}"
55 |   rds_subnet2 = "${module.vpc.private_subnet2}"
56 |   vpc_id      = "${module.vpc.vpc_id}"
57 | }
58 | 
59 | module "route53" {
60 |   source   = "./route53"
61 |   hostname = ["test1", "test2"]
62 |   arecord  = ["10.0.1.11", "10.0.1.12"]
63 |   vpc_id   = "${module.vpc.vpc_id}"
64 | }
65 | 
66 | module "iam" {
67 |   source   = "./iam"
68 |   username = ["plakhera1", "prashant", "pankaj"]
69 | }
70 | 
71 | module "s3" {
72 |   source         = "./s3"
73 |   s3_bucket_name = "21-days-of-aws-using-terraform"
74 | }
75 | 
76 | module "cloudtrail" {
77 |   source          = "./cloudtrail"
78 |   cloudtrail_name = "my-demo-cloudtrail-terraform"
79 |   s3_bucket_name  = "s3-cloudtrail-bucket-with-terraform-code"
80 | }
81 | 
82 | module "transit_gateway" {
83 |   source         = "./transit_gateway"
84 |   vpc_id         = "${module.vpc.vpc_id}"
85 |   public_subnet1 = "${module.vpc.subnet1}"
86 |   public_subnet2 = "${module.vpc.subnet2}"
87 | }
88 | 
89 | module "kms" {
90 |   source   = "./kms"
91 |   user_arn = "${module.iam.aws_iam_user}"
92 | }
93 | 


--------------------------------------------------------------------------------
/rds/main.tf:
--------------------------------------------------------------------------------
 1 | provider "aws" {
 2 |   region = "us-west-2"
 3 | }
 4 | 
 5 | resource "aws_db_instance" "my-test-sql" {
 6 |   instance_class          = "${var.db_instance}"
 7 |   engine                  = "mysql"
 8 |   engine_version          = "5.7"
 9 |   multi_az                = true
10 |   storage_type            = "gp2"
11 |   allocated_storage       = 20
12 |   name                    = "mytestrds"
13 |   username                = "admin"
14 |   password                = "admin123"
15 |   apply_immediately       = "true"
16 |   backup_retention_period = 10
17 |   backup_window           = "09:46-10:16"
18 |   db_subnet_group_name    = "${aws_db_subnet_group.my-rds-db-subnet.name}"
19 |   vpc_security_group_ids  = ["${aws_security_group.my-rds-sg.id}"]
20 | }
21 | 
22 | resource "aws_db_subnet_group" "my-rds-db-subnet" {
23 |   name       = "my-rds-db-subnet"
24 |   subnet_ids = ["${var.rds_subnet1}", "${var.rds_subnet2}"]
25 | }
26 | 
27 | resource "aws_security_group" "my-rds-sg" {
28 |   name   = "my-rds-sg"
29 |   vpc_id = "${var.vpc_id}"
30 | }
31 | 
32 | resource "aws_security_group_rule" "my-rds-sg-rule" {
33 |   from_port         = 3306
34 |   protocol          = "tcp"
35 |   security_group_id = "${aws_security_group.my-rds-sg.id}"
36 |   to_port           = 3306
37 |   type              = "ingress"
38 |   cidr_blocks       = ["0.0.0.0/0"]
39 | }
40 | 
41 | resource "aws_security_group_rule" "outbound_rule" {
42 |   from_port         = 0
43 |   protocol          = "-1"
44 |   security_group_id = "${aws_security_group.my-rds-sg.id}"
45 |   to_port           = 0
46 |   type              = "egress"
47 |   cidr_blocks       = ["0.0.0.0/0"]
48 | }
49 | 
50 | /*
51 | data "aws_kms_secret" "rds" {
52 |   secret {
53 |     name = "db-password"
54 |     payload = "AQICAHibS2rwth4UleeAxsSEfxgwqkPtD0jzkRM/Ez91Y7cbvwEHP2YRcuplZp/H7GqmIuXVAAAAZjBkBgkqhkiG9w0BBwagVzBVAgEAMFAGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMps5PwT/x3nCnBMfTAgEQgCNd+Y6q9KBZbIX8JZlqP7EDErQLuaBLh6mKaYBz+5blxWstwQ=="
55 |   }
56 | }
57 | */
58 | 
59 | 


--------------------------------------------------------------------------------
/rds/variables.tf:
--------------------------------------------------------------------------------
1 | variable "rds_subnet1" {}
2 | variable "rds_subnet2" {}
3 | variable "db_instance" {}
4 | variable "vpc_id" {}
5 | 


--------------------------------------------------------------------------------
/route53/main.tf:
--------------------------------------------------------------------------------
 1 | provider "aws" {
 2 |   region = "us-west-2"
 3 | }
 4 | 
 5 | resource "aws_route53_zone" "my-test-zone" {
 6 |   name = "example.com"
 7 | 
 8 |   vpc {
 9 |     vpc_id = "${var.vpc_id}"
10 |   }
11 | }
12 | 
13 | resource "aws_route53_record" "my-example-record" {
14 |   count   = "${length(var.hostname)}"
15 |   name    = "${element(var.hostname,count.index )}"
16 |   records = ["${element(var.arecord,count.index )}"]
17 |   zone_id = "${aws_route53_zone.my-test-zone.id}"
18 |   type    = "A"
19 |   ttl     = "300"
20 | }
21 | 


--------------------------------------------------------------------------------
/route53/variables.tf:
--------------------------------------------------------------------------------
 1 | variable "vpc_id" {}
 2 | 
 3 | variable "hostname" {
 4 |   type = "list"
 5 | }
 6 | 
 7 | variable "arecord" {
 8 |   type = "list"
 9 | }
10 | 


--------------------------------------------------------------------------------
/s3/main.tf:
--------------------------------------------------------------------------------
 1 | provider "aws" {
 2 |   region = "us-west-2"
 3 | }
 4 | 
 5 | resource "random_id" "my-random-id" {
 6 |   byte_length = 2
 7 | }
 8 | 
 9 | resource "aws_s3_bucket" "my-test-bucket" {
10 |   bucket = "${var.s3_bucket_name}-${random_id.my-random-id.dec}"
11 |   acl    = "private"
12 | 
13 |   versioning {
14 |     enabled = true
15 |   }
16 | 
17 |   lifecycle_rule {
18 |     enabled = true
19 | 
20 |     transition {
21 |       storage_class = "STANDARD_IA"
22 |       days          = 30
23 |     }
24 |   }
25 | 
26 |   tags = {
27 |     Name = "21-days-of-aws-using-terraform"
28 |   }
29 | }
30 | 


--------------------------------------------------------------------------------
/s3/variables.tf:
--------------------------------------------------------------------------------
1 | variable "s3_bucket_name" {}
2 | 


--------------------------------------------------------------------------------
/sns/main.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_sns_topic" "my-test-alarm" {
 2 |   name = "my-test-alarms-topic"
 3 | 
 4 |   delivery_policy = <<EOF
 5 | {
 6 |   "http": {
 7 |     "defaultHealthyRetryPolicy": {
 8 |       "minDelayTarget": 20,
 9 |       "maxDelayTarget": 20,
10 |       "numRetries": 3,
11 |       "numMaxDelayRetries": 0,
12 |       "numNoDelayRetries": 0,
13 |       "numMinDelayRetries": 0,
14 |       "backoffFunction": "linear"
15 |     },
16 |     "disableSubscriptionOverrides": false,
17 |     "defaultThrottlePolicy": {
18 |       "maxReceivesPerSecond": 1
19 |     }
20 |   }
21 | }
22 | EOF
23 | 
24 |   provisioner "local-exec" {
25 |     command = "aws sns subscribe --topic-arn ${self.arn} --protocol email --notification-endpoint ${var.alarms_email}"
26 |   }
27 | }
28 | 


--------------------------------------------------------------------------------
/sns/outputs.tf:
--------------------------------------------------------------------------------
1 | output "sns_arn" {
2 |   value = "${aws_sns_topic.my-test-alarm.arn}"
3 | }
4 | 


--------------------------------------------------------------------------------
/sns/variables.tf:
--------------------------------------------------------------------------------
1 | variable "alarms_email" {}
2 | 


--------------------------------------------------------------------------------
/transit_gateway/main.tf:
--------------------------------------------------------------------------------
 1 | provider "aws" {
 2 |   region = "us-west-2"
 3 | }
 4 | 
 5 | resource "aws_ec2_transit_gateway" "my-test-tgw" {
 6 |   description                     = "my-test-transit-gateway"
 7 |   amazon_side_asn                 = 64512
 8 |   auto_accept_shared_attachments  = "disable"
 9 |   default_route_table_association = "enable"
10 |   default_route_table_propagation = "enable"
11 |   dns_support                     = "enable"
12 |   vpn_ecmp_support                = "enable"
13 | 
14 |   tags = {
15 |     Name = "my-test-transit-gateway"
16 |   }
17 | }
18 | 
19 | resource "aws_ec2_transit_gateway_vpc_attachment" "my-test-transit-gateway-attachment" {
20 |   transit_gateway_id = "${aws_ec2_transit_gateway.my-test-tgw.id}"
21 |   vpc_id             = "${var.vpc_id}"
22 |   dns_support        = "enable"
23 | 
24 |   subnet_ids = [
25 |     "${var.public_subnet1}",
26 |     "${var.public_subnet2}",
27 |   ]
28 | 
29 |   tags =  {
30 |     Name = "my-test-tgw-vpc-attachment"
31 |   }
32 | }
33 | 


--------------------------------------------------------------------------------
/transit_gateway/outputs.tf:
--------------------------------------------------------------------------------
1 | output "transit_gateway" {
2 |   value = "${aws_ec2_transit_gateway.my-test-tgw.id}"
3 | }
4 | 


--------------------------------------------------------------------------------
/transit_gateway/variables.tf:
--------------------------------------------------------------------------------
1 | variable "vpc_id" {}
2 | variable "public_subnet1" {}
3 | variable "public_subnet2" {}
4 | 


--------------------------------------------------------------------------------
/vpc/main.tf:
--------------------------------------------------------------------------------
  1 | provider "aws" {
  2 |   region = "us-west-2"
  3 | }
  4 | 
  5 | # Query all avilable Availibility Zone
  6 | data "aws_availability_zones" "available" {}
  7 | 
  8 | # VPC Creation
  9 | 
 10 | resource "aws_vpc" "main" {
 11 |   cidr_block           = "${var.vpc_cidr}"
 12 |   enable_dns_hostnames = true
 13 |   enable_dns_support   = true
 14 | 
 15 |   tags = {
 16 |     Name = "my-new-test-terraform-vpc"
 17 |   }
 18 | }
 19 | 
 20 | # Creating Internet Gateway
 21 | 
 22 | resource "aws_internet_gateway" "gw" {
 23 |   vpc_id = "${aws_vpc.main.id}"
 24 | 
 25 |   tags = {
 26 |     Name = "my-test-igw"
 27 |   }
 28 | }
 29 | 
 30 | # Public Route Table
 31 | 
 32 | resource "aws_route_table" "public_route" {
 33 |   vpc_id = "${aws_vpc.main.id}"
 34 | 
 35 |   route {
 36 |     cidr_block = "0.0.0.0/0"
 37 |     gateway_id = "${aws_internet_gateway.gw.id}"
 38 |   }
 39 | 
 40 |   tags = {
 41 |     Name = "my-test-public-route"
 42 |   }
 43 | }
 44 | 
 45 | # Private Route Table
 46 | 
 47 | resource "aws_default_route_table" "private_route" {
 48 |   default_route_table_id = "${aws_vpc.main.default_route_table_id}"
 49 | 
 50 |   route {
 51 |     nat_gateway_id = "${aws_nat_gateway.my-test-nat-gateway.id}"
 52 |     cidr_block     = "0.0.0.0/0"
 53 |   }
 54 | 
 55 |   tags = {
 56 |     Name = "my-private-route-table"
 57 |   }
 58 | }
 59 | 
 60 | # Public Subnet
 61 | resource "aws_subnet" "public_subnet" {
 62 |   count                   = 2
 63 |   cidr_block              = "${var.public_cidrs[count.index]}"
 64 |   vpc_id                  = "${aws_vpc.main.id}"
 65 |   map_public_ip_on_launch = true
 66 |   availability_zone       = "${data.aws_availability_zones.available.names[count.index]}"
 67 | 
 68 |   tags = {
 69 |     Name = "my-test-public-subnet.${count.index + 1}"
 70 |   }
 71 | }
 72 | 
 73 | # Private Subnet
 74 | resource "aws_subnet" "private_subnet" {
 75 |   count             = 2
 76 |   cidr_block        = "${var.private_cidrs[count.index]}"
 77 |   vpc_id            = "${aws_vpc.main.id}"
 78 |   availability_zone = "${data.aws_availability_zones.available.names[count.index]}"
 79 | 
 80 |   tags = {
 81 |     Name = "my-test-private-subnet.${count.index + 1}"
 82 |   }
 83 | }
 84 | 
 85 | # Associate Public Subnet with Public Route Table
 86 | resource "aws_route_table_association" "public_subnet_assoc" {
 87 |   count          = 2
 88 |   route_table_id = "${aws_route_table.public_route.id}"
 89 |   subnet_id      = "${aws_subnet.public_subnet.*.id[count.index]}"
 90 |   depends_on     = ["aws_route_table.public_route", "aws_subnet.public_subnet"]
 91 | }
 92 | 
 93 | # Associate Private Subnet with Private Route Table
 94 | resource "aws_route_table_association" "private_subnet_assoc" {
 95 |   count          = 2
 96 |   route_table_id = "${aws_default_route_table.private_route.id}"
 97 |   subnet_id      = "${aws_subnet.private_subnet.*.id[count.index]}"
 98 |   depends_on     = ["aws_default_route_table.private_route", "aws_subnet.private_subnet"]
 99 | }
100 | 
101 | # Security Group Creation
102 | resource "aws_security_group" "test_sg" {
103 |   name   = "my-test-sg"
104 |   vpc_id = "${aws_vpc.main.id}"
105 | }
106 | 
107 | # Ingress Security Port 22
108 | resource "aws_security_group_rule" "ssh_inbound_access" {
109 |   from_port         = 22
110 |   protocol          = "tcp"
111 |   security_group_id = "${aws_security_group.test_sg.id}"
112 |   to_port           = 22
113 |   type              = "ingress"
114 |   cidr_blocks       = ["0.0.0.0/0"]
115 | }
116 | 
117 | resource "aws_security_group_rule" "http_inbound_access" {
118 |   from_port         = 80
119 |   protocol          = "tcp"
120 |   security_group_id = "${aws_security_group.test_sg.id}"
121 |   to_port           = 80
122 |   type              = "ingress"
123 |   cidr_blocks       = ["0.0.0.0/0"]
124 | }
125 | 
126 | # All OutBound Access
127 | resource "aws_security_group_rule" "all_outbound_access" {
128 |   from_port         = 0
129 |   protocol          = "-1"
130 |   security_group_id = "${aws_security_group.test_sg.id}"
131 |   to_port           = 0
132 |   type              = "egress"
133 |   cidr_blocks       = ["0.0.0.0/0"]
134 | }
135 | 
136 | resource "aws_eip" "my-test-eip" {
137 |   vpc = true
138 | }
139 | 
140 | resource "aws_nat_gateway" "my-test-nat-gateway" {
141 |   allocation_id = "${aws_eip.my-test-eip.id}"
142 |   subnet_id     = "${aws_subnet.public_subnet.0.id}"
143 | }
144 | 
145 | # Adding Route for Transit Gateway
146 | 
147 | resource "aws_route" "my-tgw-route" {
148 |   route_table_id         = "${aws_route_table.public_route.id}"
149 |   destination_cidr_block = "0.0.0.0/0"
150 |   transit_gateway_id     = "${var.transit_gateway}"
151 | }
152 | 


--------------------------------------------------------------------------------
/vpc/outputs.tf:
--------------------------------------------------------------------------------
 1 | output "public_subnets" {
 2 |   value = "${aws_subnet.public_subnet.*.id}"
 3 | }
 4 | 
 5 | output "security_group" {
 6 |   value = "${aws_security_group.test_sg.id}"
 7 | }
 8 | 
 9 | output "vpc_id" {
10 |   value = "${aws_vpc.main.id}"
11 | }
12 | 
13 | output "subnet1" {
14 |   value = "${element(aws_subnet.public_subnet.*.id, 1 )}"
15 | }
16 | 
17 | output "subnet2" {
18 |   value = "${element(aws_subnet.public_subnet.*.id, 2 )}"
19 | }
20 | 
21 | output "private_subnet1" {
22 |   value = "${element(aws_subnet.private_subnet.*.id, 1 )}"
23 | }
24 | 
25 | output "private_subnet2" {
26 |   value = "${element(aws_subnet.private_subnet.*.id, 2 )}"
27 | }
28 | 


--------------------------------------------------------------------------------
/vpc/variables.tf:
--------------------------------------------------------------------------------
 1 | variable "vpc_cidr" {}
 2 | 
 3 | variable "public_cidrs" {
 4 |   type = "list"
 5 | }
 6 | 
 7 | variable "private_cidrs" {
 8 |   type = "list"
 9 | }
10 | 
11 | variable "transit_gateway" {}
12 | 


--------------------------------------------------------------------------------