├── .gitignore ├── LICENSE ├── README.md ├── assets └── architecture-diagram.gif ├── eks ├── argocd-helm.tf ├── backend.tf ├── gather.tf ├── helm-lb-controller.tf ├── kubernetes-sa-lb-controller.tf ├── main.tf ├── prometheus.tf └── variables.tf ├── module ├── eks │ ├── gather.tf │ ├── iam.tf │ ├── main.tf │ ├── output.tf │ └── variables.tf └── vpc-ec2 │ ├── ec2.tf │ ├── gather.tf │ ├── iam.tf │ ├── variables.tf │ └── vpc.tf ├── variables.tfvars └── vpc-ec2 ├── backend.tf ├── main.tf ├── variables.tf └── variables.tfvars /.gitignore: -------------------------------------------------------------------------------- 1 | .terraform* 2 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2024 Aman Pathak 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # 🚀 AWS EKS Cluster with ArgoCD, Prometheus, and More - Terraform Project 2 | [![LinkedIn](https://img.shields.io/badge/Connect%20with%20me%20on-LinkedIn-blue.svg)](https://www.linkedin.com/in/aman-devops/) 3 | [![Discord](https://img.shields.io/badge/Discord-7289DA?style=for-the-badge&logo=discord&logoColor=white)](https://discord.com/invite/jdzF8kTtw2) 4 | [![Medium](https://img.shields.io/badge/Medium-12100E?style=for-the-badge&logo=medium&logoColor=white)](https://medium.com/@amanpathakdevops) 5 | [![GitHub](https://img.shields.io/github/stars/AmanPathak-DevOps.svg?style=social)](https://github.com/AmanPathak-DevOps) 6 | [![Serverless](https://img.shields.io/badge/Serverless-%E2%9A%A1%EF%B8%8F-blueviolet)](https://www.serverless.com) 7 | [![AWS](https://img.shields.io/badge/AWS-%F0%9F%9B%A1-orange)](https://aws.amazon.com) 8 | [![Terraform](https://img.shields.io/badge/Terraform-%E2%9C%A8-lightgrey)](https://www.terraform.io) 9 | 10 | Welcome to the Terraform project repository for setting up a fully functional, private AWS EKS cluster integrated with essential tools like ArgoCD, Prometheus, and Grafana. This repository provides everything you need to deploy and manage a secure and scalable Kubernetes environment on AWS. 11 | 12 | ## 🌟 Overview 13 | 14 | This project automates the provisioning of a private EKS cluster on AWS, along with the deployment of key Kubernetes management and monitoring tools using Terraform and Helm. The infrastructure is designed to be robust, allowing you to easily manage, scale, and monitor your Kubernetes resources. 15 | 16 | ### Key Features: 17 | - **Private EKS Cluster**: A secure EKS setup running within a private VPC. 18 | - **Infrastructure as Code**: Automated deployment using Terraform, ensuring repeatability and scalability. 19 | - **Helm Integration**: Deployment of ArgoCD, Prometheus, and Grafana using Helm charts. 20 | - **Modular Design**: The project is structured into reusable modules for easier management and customization. 21 | 22 | ### Architecture Diagram 23 | ![Architecture Diagram](./assets/architecture-diagram.gif) 24 | 25 | ## 🚀 Getting Started 26 | 27 | ### Prerequisites 28 | 29 | Before you begin, ensure you have the following installed: 30 | 31 | - **Terraform**: Infrastructure as Code tool to automate deployment. 32 | - **AWS CLI**: To interact with your AWS account. 33 | - **Kubectl**: Kubernetes command-line tool. 34 | - **Helm**: Kubernetes package manager. 35 | 36 | ### Quickstart 37 | 38 | 1. **Clone the Repository**: 39 | ```bash 40 | git clone https://github.com/your-repo/eks-terraform-project.git 41 | cd eks-terraform-project 42 | 43 | 2. **Deploy VPC and EC2: Run the following commands to deploy the VPC and an EC2 instance**: 44 | ```bash 45 | terraform init 46 | terraform validate 47 | terraform plan -var-file=variables.tfvars 48 | terraform apply -auto-approve -var-file=variables.tfvars 49 | 50 | 3. **Deploy EKS Cluster and Tools: After setting up the VPC and EC2, run the following commands to deploy the EKS cluster and tools**: 51 | ```bash 52 | terraform init 53 | terraform validate 54 | terraform plan -var-file=variables.tfvars 55 | terraform apply -auto-approve -var-file=variables.tfvars 56 | 57 | 4. **Access Deployed Resources: Use kubectl to interact with your EKS cluster and the deployed tools (ArgoCD, Prometheus, Grafana, etc.).** 58 | 59 | ### 📖 Detailed Guide 60 | 61 | For a complete step-by-step guide, including screenshots and detailed explanations, please refer to the [blog post](https://amanpathakdevops.medium.com/). This post covers all the necessary steps to successfully implement this project. 62 | 63 | ## Contributing 64 | We welcome contributions! If you have ideas for enhancements or find any issues, please open a pull request or file an issue. 65 | 66 | ## License 67 | This project is licensed under the [MIT License](LICENSE). 68 | 69 | ## Contact 70 | 71 | If you have any questions, suggestions, or feedback, please feel free to join the [Discord Server](https://lnkd.in/dsEdxpst). -------------------------------------------------------------------------------- /assets/architecture-diagram.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AmanPathak-DevOps/EKS-ArgoCD-AWS-LB-Controller-Terraform/64b055bda924b666f81e0c2a2f9f2dc0f0434b51/assets/architecture-diagram.gif -------------------------------------------------------------------------------- /eks/argocd-helm.tf: -------------------------------------------------------------------------------- 1 | resource "helm_release" "argocd" { 2 | name = "argocd" 3 | repository = "https://argoproj.github.io/argo-helm" 4 | chart = "argo-cd" 5 | version = "5.24.1" 6 | namespace = "argocd" 7 | create_namespace = true 8 | set { 9 | name = "server.service.type" 10 | value = "LoadBalancer" 11 | } 12 | 13 | set { 14 | name = "server.ingress.enabled" 15 | value = "false" 16 | } 17 | 18 | depends_on = [ 19 | helm_release.aws_load_balancer_controller 20 | ] 21 | } -------------------------------------------------------------------------------- /eks/backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = "~> 1.9.5" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.49.0" 7 | } 8 | kubernetes = { 9 | source = "hashicorp/kubernetes" 10 | version = "2.31.0" 11 | } 12 | helm = { 13 | source = "hashicorp/helm" 14 | version = "~> 2.10.0" 15 | } 16 | } 17 | backend "s3" { 18 | bucket = "my-ews-baket1" 19 | region = "us-east-1" 20 | key = "eks/terraform.tfstate" 21 | dynamodb_table = "Lock-Files" 22 | encrypt = true 23 | } 24 | } 25 | 26 | provider "aws" { 27 | region = var.aws-region 28 | } 29 | 30 | provider "kubernetes" { 31 | host = data.aws_eks_cluster.eks-cluster.endpoint 32 | cluster_ca_certificate = base64decode(data.aws_eks_cluster.eks-cluster.certificate_authority.0.data) 33 | token = data.aws_eks_cluster_auth.eks-cluster-auth.token 34 | exec { 35 | api_version = "client.authentication.k8s.io/v1beta1" 36 | args = ["eks", "get-token", "--cluster-name", var.cluster-name] 37 | command = "aws" 38 | } 39 | } 40 | 41 | provider "helm" { 42 | kubernetes { 43 | host = data.aws_eks_cluster.eks-cluster.endpoint 44 | cluster_ca_certificate = base64decode(data.aws_eks_cluster.eks-cluster.certificate_authority[0].data) 45 | token = data.aws_eks_cluster_auth.eks-cluster-auth.token 46 | exec { 47 | api_version = "client.authentication.k8s.io/v1beta1" 48 | args = ["eks", "get-token", "--cluster-name", var.cluster-name] 49 | command = "aws" 50 | } 51 | } 52 | } -------------------------------------------------------------------------------- /eks/gather.tf: -------------------------------------------------------------------------------- 1 | data "aws_eks_cluster" "eks-cluster" { 2 | name = "${local.env}-${local.org}-${var.cluster-name}" 3 | 4 | depends_on = [module.eks] 5 | } 6 | 7 | 8 | data "aws_eks_cluster_auth" "eks-cluster-auth" { 9 | name = "${local.env}-${local.org}-${var.cluster-name}" 10 | } -------------------------------------------------------------------------------- /eks/helm-lb-controller.tf: -------------------------------------------------------------------------------- 1 | resource "helm_release" "aws_load_balancer_controller" { 2 | name = "aws-load-balancer-controller" 3 | repository = "https://aws.github.io/eks-charts" 4 | chart = "aws-load-balancer-controller" 5 | version = "1.4.1" 6 | namespace = "aws-loadbalancer-controller" 7 | create_namespace = true 8 | set { 9 | name = "clusterName" 10 | value = "${local.env}-${local.org}-${var.cluster-name}" 11 | } 12 | 13 | set { 14 | name = "serviceAccount.create" 15 | value = "true" 16 | } 17 | 18 | set { 19 | name = "serviceAccount.name" 20 | value = "aws-load-balancer-controller" 21 | } 22 | 23 | depends_on = [ 24 | kubernetes_service_account.lb-controller, 25 | ] 26 | } -------------------------------------------------------------------------------- /eks/kubernetes-sa-lb-controller.tf: -------------------------------------------------------------------------------- 1 | resource "aws_iam_role" "lb-controller-role" { 2 | name = "example" 3 | description = "EKS service account role" 4 | 5 | assume_role_policy = jsonencode({ 6 | Version = "2012-10-17" 7 | Statement = [ 8 | { 9 | Action = "sts:AssumeRoleWithWebIdentity" 10 | Effect = "Allow" 11 | Principal = { 12 | Federated = module.eks.oidc-arn 13 | } 14 | Condition = { 15 | StringEquals = { 16 | "${module.eks.oidc-url}:sub" = "system:serviceaccount:default:example" 17 | } 18 | } 19 | } 20 | ] 21 | }) 22 | } 23 | 24 | resource "aws_iam_policy" "load_balancer_controller" { 25 | name = "LoadBalancerControllerPolicy" 26 | description = "Policy for AWS LoadBalancerController" 27 | 28 | policy = jsonencode({ 29 | Version = "2012-10-17" 30 | Statement = [ 31 | { 32 | Action = [ 33 | "ec2:DescribeAccountAttributes", 34 | "ec2:DescribeAddresses", 35 | "ec2:DescribeAvailabilityZones", 36 | "ec2:DescribeInternetGateways", 37 | "ec2:DescribeVpcs", 38 | "ec2:DescribeVpcPeeringConnections", 39 | "ec2:DescribeSubnets", 40 | "ec2:DescribeSecurityGroups", 41 | "ec2:DescribeInstances", 42 | "ec2:DescribeNetworkInterfaces", 43 | "ec2:DescribeTags", 44 | "ec2:GetCoipPoolUsage", 45 | "ec2:DescribeCoipPools", 46 | "elasticloadbalancing:DescribeLoadBalancers", 47 | "elasticloadbalancing:DescribeLoadBalancerAttributes", 48 | "elasticloadbalancing:DescribeListeners", 49 | "elasticloadbalancing:DescribeListenerCertificates", 50 | "elasticloadbalancing:DescribeSSLPolicies", 51 | "elasticloadbalancing:DescribeRules", 52 | "elasticloadbalancing:DescribeTargetGroups", 53 | "elasticloadbalancing:DescribeTargetGroupAttributes", 54 | "elasticloadbalancing:DescribeTargetHealth", 55 | "elasticloadbalancing:DescribeTags" 56 | ] 57 | Resource = "*" 58 | Effect = "Allow" 59 | } 60 | ] 61 | }) 62 | } 63 | 64 | resource "aws_iam_role_policy_attachment" "lb-controller-policy-attachment" { 65 | role = aws_iam_role.lb-controller-role.name 66 | policy_arn = aws_iam_policy.load_balancer_controller.arn 67 | } 68 | 69 | # Create the service account 70 | resource "kubernetes_service_account" "lb-controller" { 71 | metadata { 72 | name = "aws-load-balancer-controller" 73 | namespace = "default" 74 | annotations = { 75 | "eks.amazonaws.com/role-arn" = aws_iam_role.lb-controller-role.arn 76 | } 77 | } 78 | 79 | depends_on = [ 80 | aws_iam_role_policy_attachment.lb-controller-policy-attachment, 81 | ] 82 | } 83 | -------------------------------------------------------------------------------- /eks/main.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | org = "medium" 3 | env = var.env 4 | } 5 | 6 | module "eks" { 7 | source = "../module/eks" 8 | 9 | env = var.env 10 | aws-region = var.aws-region 11 | cluster-name = "${local.env}-${local.org}-${var.cluster-name}" 12 | vpc-name = "${local.env}-${local.org}-${var.vpc-name}" 13 | igw-name = "${local.env}-${local.org}-${var.igw-name}" 14 | pub-subnet-count = var.pub-subnet-count 15 | pub-cidr-block = var.pub-cidr-block 16 | pub-availability-zone = var.pub-availability-zone 17 | pub-sub-name = "${local.env}-${local.org}-${var.pub-sub-name}" 18 | pri-subnet-count = var.pri-subnet-count 19 | pri-cidr-block = var.pri-cidr-block 20 | pri-availability-zone = var.pri-availability-zone 21 | pri-sub-name = "${local.env}-${local.org}-${var.pri-sub-name}" 22 | public-rt-name = "${local.env}-${local.org}-${var.public-rt-name}" 23 | private-rt-name = "${local.env}-${local.org}-${var.private-rt-name}" 24 | eip-name = "${local.env}-${local.org}-${var.eip-name}" 25 | ngw-name = "${local.env}-${local.org}-${var.ngw-name}" 26 | eks-sg = var.eks-sg 27 | 28 | is_eks_role_enabled = true 29 | is_eks_nodegroup_role_enabled = true 30 | ondemand_instance_types = var.ondemand_instance_types 31 | spot_instance_types = var.spot_instance_types 32 | desired_capacity_on_demand = var.desired_capacity_on_demand 33 | min_capacity_on_demand = var.min_capacity_on_demand 34 | max_capacity_on_demand = var.max_capacity_on_demand 35 | desired_capacity_spot = var.desired_capacity_spot 36 | min_capacity_spot = var.min_capacity_spot 37 | max_capacity_spot = var.max_capacity_spot 38 | is-eks-cluster-enabled = var.is-eks-cluster-enabled 39 | cluster-version = var.cluster-version 40 | endpoint-private-access = var.endpoint-private-access 41 | endpoint-public-access = var.endpoint-public-access 42 | 43 | addons = var.addons 44 | } -------------------------------------------------------------------------------- /eks/prometheus.tf: -------------------------------------------------------------------------------- 1 | resource "helm_release" "prometheus-helm" { 2 | name = "prometheus" 3 | repository = "https://prometheus-community.github.io/helm-charts" 4 | chart = "kube-prometheus-stack" 5 | version = "62.3.1" 6 | namespace = "prometheus" 7 | create_namespace = true 8 | 9 | timeout = 2000 10 | 11 | set { 12 | name = "podSecurityPolicy.enabled" 13 | value = true 14 | } 15 | 16 | set { 17 | name = "server.persistentVolume.enabled" 18 | value = true 19 | } 20 | 21 | set { 22 | name = "grafana.service.type" 23 | value = "LoadBalancer" 24 | } 25 | 26 | set { 27 | name = "prometheus.service.type" 28 | value = "LoadBalancer" 29 | } 30 | 31 | depends_on = [helm_release.argocd] 32 | } -------------------------------------------------------------------------------- /eks/variables.tf: -------------------------------------------------------------------------------- 1 | variable "aws-region" {} 2 | variable "env" {} 3 | variable "cluster-name" {} 4 | variable "vpc-cidr-block" {} 5 | variable "vpc-name" {} 6 | variable "igw-name" {} 7 | variable "pub-subnet-count" {} 8 | variable "pub-cidr-block" { 9 | type = list(string) 10 | } 11 | variable "pub-availability-zone" { 12 | type = list(string) 13 | } 14 | variable "pub-sub-name" {} 15 | variable "pri-subnet-count" {} 16 | variable "pri-cidr-block" { 17 | type = list(string) 18 | } 19 | variable "pri-availability-zone" { 20 | type = list(string) 21 | } 22 | variable "pri-sub-name" {} 23 | variable "public-rt-name" {} 24 | variable "private-rt-name" {} 25 | variable "eip-name" {} 26 | variable "ngw-name" {} 27 | variable "eks-sg" {} 28 | 29 | 30 | # EKS 31 | variable "is-eks-cluster-enabled" {} 32 | variable "cluster-version" {} 33 | variable "endpoint-private-access" {} 34 | variable "endpoint-public-access" {} 35 | variable "ondemand_instance_types" { 36 | default = ["t3a.medium"] 37 | } 38 | 39 | variable "spot_instance_types" {} 40 | variable "desired_capacity_on_demand" {} 41 | variable "min_capacity_on_demand" {} 42 | variable "max_capacity_on_demand" {} 43 | variable "desired_capacity_spot" {} 44 | variable "min_capacity_spot" {} 45 | variable "max_capacity_spot" {} 46 | variable "addons" { 47 | type = list(object({ 48 | name = string 49 | version = string 50 | })) 51 | } -------------------------------------------------------------------------------- /module/eks/gather.tf: -------------------------------------------------------------------------------- 1 | data "tls_certificate" "eks-certificate" { 2 | url = aws_eks_cluster.eks[0].identity[0].oidc[0].issuer 3 | } 4 | 5 | data "aws_iam_policy_document" "eks_oidc_assume_role_policy" { 6 | statement { 7 | actions = ["sts:AssumeRoleWithWebIdentity"] 8 | effect = "Allow" 9 | 10 | condition { 11 | test = "StringEquals" 12 | variable = "${replace(aws_iam_openid_connect_provider.eks-oidc.url, "https://", "")}:sub" 13 | values = ["system:serviceaccount:default:aws-test"] 14 | } 15 | 16 | principals { 17 | identifiers = [aws_iam_openid_connect_provider.eks-oidc.arn] 18 | type = "Federated" 19 | } 20 | } 21 | } 22 | 23 | data "aws_vpc" "vpc" { 24 | filter { 25 | name = "tag:Name" 26 | values = [var.vpc-name] 27 | } 28 | } 29 | 30 | data "aws_subnets" "private_subnets" { 31 | filter { 32 | name = "vpc-id" 33 | values = [data.aws_vpc.vpc.id] 34 | } 35 | 36 | filter { 37 | name = "tag:kubernetes.io/role/internal-elb" 38 | values = ["1"] 39 | } 40 | 41 | filter { 42 | name = "tag:Env" 43 | values = [var.env] 44 | } 45 | } 46 | 47 | 48 | 49 | data "aws_security_group" "eks-cluster-sg" { 50 | name = var.eks-sg 51 | 52 | # filter { 53 | # name = "vpc-id" 54 | # values = [data.aws_vpc.vpc.id] 55 | # } 56 | 57 | # filter { 58 | # name = "tag:Env" 59 | # values = [var.env] 60 | # } 61 | } 62 | -------------------------------------------------------------------------------- /module/eks/iam.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | cluster_name = var.cluster-name 3 | } 4 | 5 | resource "random_integer" "random_suffix" { 6 | min = 1000 7 | max = 9999 8 | } 9 | 10 | resource "aws_iam_role" "eks-cluster-role" { 11 | count = var.is_eks_role_enabled ? 1 : 0 12 | name = "${local.cluster_name}-role-${random_integer.random_suffix.result}" 13 | 14 | assume_role_policy = jsonencode({ 15 | Version = "2012-10-17" 16 | Statement = [{ 17 | Effect = "Allow" 18 | Principal = { 19 | Service = "eks.amazonaws.com" 20 | } 21 | Action = "sts:AssumeRole" 22 | }] 23 | }) 24 | } 25 | 26 | resource "aws_iam_role_policy_attachment" "AmazonEKSClusterPolicy" { 27 | count = var.is_eks_role_enabled ? 1 : 0 28 | policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy" 29 | role = aws_iam_role.eks-cluster-role[count.index].name 30 | } 31 | 32 | resource "aws_iam_role" "eks-nodegroup-role" { 33 | count = var.is_eks_nodegroup_role_enabled ? 1 : 0 34 | name = "${local.cluster_name}-nodegroup-role-${random_integer.random_suffix.result}" 35 | 36 | assume_role_policy = jsonencode({ 37 | Version = "2012-10-17" 38 | Statement = [{ 39 | Action = "sts:AssumeRole" 40 | Effect = "Allow" 41 | Principal = { 42 | Service = "ec2.amazonaws.com" 43 | } 44 | }] 45 | }) 46 | } 47 | 48 | resource "aws_iam_role_policy_attachment" "eks-AmazonWorkerNodePolicy" { 49 | count = var.is_eks_nodegroup_role_enabled ? 1 : 0 50 | policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy" 51 | role = aws_iam_role.eks-nodegroup-role[count.index].name 52 | } 53 | 54 | resource "aws_iam_role_policy_attachment" "eks-AmazonEKS_CNI_Policy" { 55 | count = var.is_eks_nodegroup_role_enabled ? 1 : 0 56 | policy_arn = "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy" 57 | role = aws_iam_role.eks-nodegroup-role[count.index].name 58 | } 59 | resource "aws_iam_role_policy_attachment" "eks-AmazonEC2ContainerRegistryReadOnly" { 60 | count = var.is_eks_nodegroup_role_enabled ? 1 : 0 61 | policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" 62 | role = aws_iam_role.eks-nodegroup-role[count.index].name 63 | } 64 | 65 | # OIDC 66 | resource "aws_iam_role" "eks_oidc" { 67 | assume_role_policy = data.aws_iam_policy_document.eks_oidc_assume_role_policy.json 68 | name = "eks-oidc" 69 | } 70 | 71 | resource "aws_iam_policy" "eks-oidc-policy" { 72 | name = "test-policy" 73 | 74 | policy = jsonencode({ 75 | Statement = [{ 76 | Action = [ 77 | "s3:ListAllMyBuckets", 78 | "s3:GetBucketLocation", 79 | "*" 80 | ] 81 | Effect = "Allow" 82 | Resource = "*" 83 | }] 84 | Version = "2012-10-17" 85 | }) 86 | } 87 | 88 | resource "aws_iam_role_policy_attachment" "eks-oidc-policy-attach" { 89 | role = aws_iam_role.eks_oidc.name 90 | policy_arn = aws_iam_policy.eks-oidc-policy.arn 91 | } -------------------------------------------------------------------------------- /module/eks/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_eks_cluster" "eks" { 2 | 3 | count = var.is-eks-cluster-enabled == true ? 1 : 0 4 | name = var.cluster-name 5 | role_arn = aws_iam_role.eks-cluster-role[count.index].arn 6 | version = var.cluster-version 7 | 8 | vpc_config { 9 | subnet_ids = data.aws_subnets.private_subnets.ids 10 | endpoint_private_access = var.endpoint-private-access 11 | endpoint_public_access = var.endpoint-public-access 12 | security_group_ids = [data.aws_security_group.eks-cluster-sg.id] 13 | } 14 | 15 | 16 | access_config { 17 | authentication_mode = "CONFIG_MAP" 18 | bootstrap_cluster_creator_admin_permissions = true 19 | } 20 | 21 | tags = { 22 | Name = var.cluster-name 23 | Env = var.env 24 | } 25 | } 26 | 27 | # OIDC Provider 28 | resource "aws_iam_openid_connect_provider" "eks-oidc" { 29 | client_id_list = ["sts.amazonaws.com"] 30 | thumbprint_list = [data.tls_certificate.eks-certificate.certificates[0].sha1_fingerprint] 31 | url = data.tls_certificate.eks-certificate.url 32 | } 33 | 34 | 35 | # AddOns for EKS Cluster 36 | resource "aws_eks_addon" "eks-addons" { 37 | for_each = { for idx, addon in var.addons : idx => addon } 38 | cluster_name = aws_eks_cluster.eks[0].name 39 | addon_name = each.value.name 40 | addon_version = each.value.version 41 | 42 | depends_on = [ 43 | aws_eks_node_group.ondemand-node, 44 | aws_eks_node_group.spot-node 45 | ] 46 | } 47 | 48 | # NodeGroups 49 | resource "aws_eks_node_group" "ondemand-node" { 50 | cluster_name = aws_eks_cluster.eks[0].name 51 | node_group_name = "${var.cluster-name}-on-demand-nodes" 52 | 53 | node_role_arn = aws_iam_role.eks-nodegroup-role[0].arn 54 | 55 | scaling_config { 56 | desired_size = var.desired_capacity_on_demand 57 | min_size = var.min_capacity_on_demand 58 | max_size = var.max_capacity_on_demand 59 | } 60 | 61 | 62 | subnet_ids = data.aws_subnets.private_subnets.ids 63 | 64 | instance_types = var.ondemand_instance_types 65 | capacity_type = "ON_DEMAND" 66 | labels = { 67 | type = "ondemand" 68 | } 69 | 70 | update_config { 71 | max_unavailable = 1 72 | } 73 | tags = { 74 | "Name" = "${var.cluster-name}-ondemand-nodes" 75 | } 76 | 77 | depends_on = [aws_eks_cluster.eks] 78 | } 79 | 80 | resource "aws_eks_node_group" "spot-node" { 81 | cluster_name = aws_eks_cluster.eks[0].name 82 | node_group_name = "${var.cluster-name}-spot-nodes" 83 | 84 | node_role_arn = aws_iam_role.eks-nodegroup-role[0].arn 85 | 86 | scaling_config { 87 | desired_size = var.desired_capacity_spot 88 | min_size = var.min_capacity_spot 89 | max_size = var.max_capacity_spot 90 | } 91 | 92 | 93 | subnet_ids = data.aws_subnets.private_subnets.ids 94 | 95 | instance_types = var.spot_instance_types 96 | capacity_type = "SPOT" 97 | 98 | update_config { 99 | max_unavailable = 1 100 | } 101 | tags = { 102 | "Name" = "${var.cluster-name}-spot-nodes" 103 | } 104 | labels = { 105 | type = "spot" 106 | lifecycle = "spot" 107 | } 108 | disk_size = 50 109 | 110 | depends_on = [aws_eks_cluster.eks] 111 | } -------------------------------------------------------------------------------- /module/eks/output.tf: -------------------------------------------------------------------------------- 1 | output "eks-cluster-endpoint" { 2 | value = aws_eks_cluster.eks[0].endpoint 3 | } 4 | 5 | output "private_subnet_ids" { 6 | value = data.aws_subnets.private_subnets.ids 7 | } 8 | 9 | 10 | output "eks-cluster-ca" { 11 | value = base64decode(aws_eks_cluster.eks[0].certificate_authority[0].data) 12 | } 13 | 14 | output "oidc-arn" { 15 | value = aws_iam_openid_connect_provider.eks-oidc.arn 16 | } 17 | 18 | output "oidc-url" { 19 | value = aws_iam_openid_connect_provider.eks-oidc.url 20 | } 21 | -------------------------------------------------------------------------------- /module/eks/variables.tf: -------------------------------------------------------------------------------- 1 | variable "vpc-name" {} 2 | variable "env" {} 3 | variable "aws-region" {} 4 | variable "cluster-name" {} 5 | variable "igw-name" {} 6 | variable "pub-subnet-count" {} 7 | variable "pub-cidr-block" { 8 | type = list(string) 9 | } 10 | variable "pub-availability-zone" { 11 | type = list(string) 12 | } 13 | variable "pub-sub-name" {} 14 | variable "pri-subnet-count" {} 15 | variable "pri-cidr-block" { 16 | type = list(string) 17 | } 18 | variable "pri-availability-zone" { 19 | type = list(string) 20 | } 21 | variable "pri-sub-name" {} 22 | variable "public-rt-name" {} 23 | variable "private-rt-name" {} 24 | variable "eip-name" {} 25 | variable "ngw-name" {} 26 | variable "eks-sg" {} 27 | 28 | #IAM 29 | variable "is_eks_role_enabled" { 30 | type = bool 31 | } 32 | variable "is_eks_nodegroup_role_enabled" { 33 | type = bool 34 | } 35 | 36 | # EKS 37 | variable "is-eks-cluster-enabled" {} 38 | variable "cluster-version" {} 39 | variable "endpoint-private-access" {} 40 | variable "endpoint-public-access" {} 41 | variable "addons" { 42 | type = list(object({ 43 | name = string 44 | version = string 45 | })) 46 | } 47 | variable "ondemand_instance_types" {} 48 | variable "spot_instance_types" {} 49 | variable "desired_capacity_on_demand" {} 50 | variable "min_capacity_on_demand" {} 51 | variable "max_capacity_on_demand" {} 52 | variable "desired_capacity_spot" {} 53 | variable "min_capacity_spot" {} 54 | variable "max_capacity_spot" {} -------------------------------------------------------------------------------- /module/vpc-ec2/ec2.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "ec2" { 2 | ami = data.aws_ami.ami.id 3 | instance_type = "t2.micro" 4 | availability_zone = "us-east-2a" 5 | iam_instance_profile = aws_iam_instance_profile.ec2-instance-profile.id 6 | subnet_id = aws_subnet.public-subnet[0].id 7 | vpc_security_group_ids = [aws_security_group.ec2-sg.id] 8 | 9 | root_block_device { 10 | volume_size = 30 11 | } 12 | 13 | tags = { 14 | Name = "eks-server-deploy" 15 | } 16 | 17 | user_data = <<-EOF 18 | #!/bin/bash 19 | sudo apt install unzip -y 20 | sudo apt-get update && sudo apt-get install -y gnupg software-properties-common 21 | wget -O- https://apt.releases.hashicorp.com/gpg | \ 22 | gpg --dearmor | \ 23 | sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg > /dev/null 24 | gpg --no-default-keyring \ 25 | --keyring /usr/share/keyrings/hashicorp-archive-keyring.gpg \ 26 | --fingerprint 27 | echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] \ 28 | https://apt.releases.hashicorp.com $(lsb_release -cs) main" | \ 29 | sudo tee /etc/apt/sources.list.d/hashicorp.list 30 | sudo apt update 31 | sudo apt-get install terraform -y 32 | curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" 33 | unzip awscliv2.zip 34 | sudo ./aws/install 35 | curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" 36 | curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl.sha256" 37 | sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl 38 | EOF 39 | } -------------------------------------------------------------------------------- /module/vpc-ec2/gather.tf: -------------------------------------------------------------------------------- 1 | data "aws_ami" "ami" { 2 | most_recent = true 3 | 4 | filter { 5 | name = "name" 6 | values = ["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*"] 7 | } 8 | 9 | owners = ["099720109477"] 10 | } -------------------------------------------------------------------------------- /module/vpc-ec2/iam.tf: -------------------------------------------------------------------------------- 1 | resource "aws_iam_role" "iam-role" { 2 | name = var.ec2-iam-role 3 | assume_role_policy = jsonencode({ 4 | Version = "2012-10-17" 5 | Statement = [ 6 | { 7 | Action = "sts:AssumeRole" 8 | Effect = "Allow" 9 | Sid = "" 10 | Principal = { 11 | Service = "ec2.amazonaws.com" 12 | } 13 | }, 14 | ] 15 | }) 16 | } 17 | 18 | resource "aws_iam_role_policy" "iam-role-policy" { 19 | name = var.ec2-iam-role-policy 20 | role = aws_iam_role.iam-role.id 21 | 22 | policy = jsonencode({ 23 | Version = "2012-10-17" 24 | Statement = [ 25 | { 26 | Action = [ 27 | "ssm:DescribeAssociation", 28 | "ssm:GetDeployablePatchSnapshotForInstance", 29 | "ssm:GetDocument", 30 | "ssm:DescribeDocument", 31 | "ssm:GetManifest", 32 | "ssm:GetParameter", 33 | "ssm:GetParameters", 34 | "ssm:ListAssociations", 35 | "ssm:ListInstanceAssociations", 36 | "ssm:PutInventory", 37 | "ssm:PutComplianceItems", 38 | "ssm:PutConfigurePackageResult", 39 | "ssm:UpdateAssociationStatus", 40 | "ssm:UpdateInstanceAssociationStatus", 41 | "ssm:UpdateInstanceInformation", 42 | "ssmmessages:CreateControlChannel", 43 | "ssmmessages:CreateDataChannel", 44 | "ssmmessages:OpenControlChannel", 45 | "ssmmessages:OpenDataChannel", 46 | "ec2messages:AcknowledgeMessage", 47 | "ec2messages:DeleteMessage", 48 | "ec2messages:FailMessage", 49 | "ec2messages:GetEndpoint", 50 | "ec2messages:GetMessages", 51 | "ec2messages:SendReply" 52 | ] 53 | Effect = "Allow" 54 | Resource = "*" 55 | }, 56 | { 57 | Effect: "Allow", 58 | Action: [ 59 | "ec2messages:AcknowledgeMessage", 60 | "ec2messages:DeleteMessage", 61 | "ec2messages:FailMessage", 62 | "ec2messages:GetEndpoint", 63 | "ec2messages:GetMessages", 64 | "ec2messages:SendReply" 65 | ], 66 | Resource: "*" 67 | } 68 | ] 69 | }) 70 | } 71 | 72 | resource "aws_iam_instance_profile" "ec2-instance-profile" { 73 | name = var.ec2-iam-instance-profile 74 | role = aws_iam_role.iam-role.name 75 | } -------------------------------------------------------------------------------- /module/vpc-ec2/variables.tf: -------------------------------------------------------------------------------- 1 | variable "cluster-name" {} 2 | variable "cidr-block" {} 3 | variable "vpc-name" {} 4 | variable "env" {} 5 | variable "igw-name" {} 6 | variable "pub-subnet-count" {} 7 | variable "pub-cidr-block" { 8 | type = list(string) 9 | } 10 | variable "pub-availability-zone" { 11 | type = list(string) 12 | } 13 | variable "pub-sub-name" {} 14 | variable "pri-subnet-count" {} 15 | variable "pri-cidr-block" { 16 | type = list(string) 17 | } 18 | variable "pri-availability-zone" { 19 | type = list(string) 20 | } 21 | variable "pri-sub-name" {} 22 | variable "public-rt-name" {} 23 | variable "private-rt-name" {} 24 | variable "eip-name" {} 25 | variable "ngw-name" {} 26 | variable "eks-sg" {} 27 | variable "ec2-sg" {} 28 | 29 | # IAM 30 | variable "ec2-iam-role" {} 31 | variable "ec2-iam-role-policy" {} 32 | variable "ec2-iam-instance-profile" {} 33 | 34 | # EC2 35 | variable "ec2-name" {} -------------------------------------------------------------------------------- /module/vpc-ec2/vpc.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | cluster-name = var.cluster-name 3 | } 4 | 5 | resource "aws_vpc" "vpc" { 6 | cidr_block = var.cidr-block 7 | instance_tenancy = "default" 8 | enable_dns_hostnames = true 9 | enable_dns_support = true 10 | 11 | tags = { 12 | Name = var.vpc-name 13 | Env = var.env 14 | 15 | } 16 | } 17 | 18 | resource "aws_internet_gateway" "igw" { 19 | vpc_id = aws_vpc.vpc.id 20 | 21 | tags = { 22 | Name = var.igw-name 23 | env = var.env 24 | "kubernetes.io/cluster/${local.cluster-name}" = "owned" 25 | } 26 | 27 | depends_on = [aws_vpc.vpc] 28 | } 29 | 30 | resource "aws_subnet" "public-subnet" { 31 | count = var.pub-subnet-count 32 | vpc_id = aws_vpc.vpc.id 33 | cidr_block = element(var.pub-cidr-block, count.index) 34 | availability_zone = element(var.pub-availability-zone, count.index) 35 | map_public_ip_on_launch = true 36 | 37 | tags = { 38 | Name = "${var.pub-sub-name}-${count.index + 1}" 39 | Env = var.env 40 | "kubernetes.io/cluster/${local.cluster-name}" = "owned" 41 | "kubernetes.io/role/elb" = "1" 42 | } 43 | 44 | depends_on = [aws_vpc.vpc, 45 | ] 46 | } 47 | 48 | resource "aws_subnet" "private-subnet" { 49 | count = var.pri-subnet-count 50 | vpc_id = aws_vpc.vpc.id 51 | cidr_block = element(var.pri-cidr-block, count.index) 52 | availability_zone = element(var.pri-availability-zone, count.index) 53 | map_public_ip_on_launch = false 54 | 55 | tags = { 56 | Name = "${var.pri-sub-name}-${count.index + 1}" 57 | Env = var.env 58 | "kubernetes.io/cluster/${local.cluster-name}" = "owned" 59 | "kubernetes.io/role/internal-elb" = "1" 60 | } 61 | 62 | depends_on = [aws_vpc.vpc, 63 | ] 64 | } 65 | 66 | 67 | resource "aws_route_table" "public-rt" { 68 | vpc_id = aws_vpc.vpc.id 69 | 70 | route { 71 | cidr_block = "0.0.0.0/0" 72 | gateway_id = aws_internet_gateway.igw.id 73 | } 74 | 75 | tags = { 76 | Name = var.public-rt-name 77 | env = var.env 78 | } 79 | 80 | depends_on = [aws_vpc.vpc 81 | ] 82 | } 83 | 84 | resource "aws_route_table_association" "name" { 85 | count = 3 86 | route_table_id = aws_route_table.public-rt.id 87 | subnet_id = aws_subnet.public-subnet[count.index].id 88 | 89 | depends_on = [aws_vpc.vpc, 90 | aws_subnet.public-subnet 91 | ] 92 | } 93 | 94 | resource "aws_eip" "ngw-eip" { 95 | domain = "vpc" 96 | 97 | tags = { 98 | Name = var.eip-name 99 | } 100 | 101 | depends_on = [aws_vpc.vpc 102 | ] 103 | 104 | } 105 | 106 | resource "aws_nat_gateway" "ngw" { 107 | allocation_id = aws_eip.ngw-eip.id 108 | subnet_id = aws_subnet.public-subnet[0].id 109 | 110 | tags = { 111 | Name = var.ngw-name 112 | } 113 | 114 | depends_on = [aws_vpc.vpc, 115 | aws_eip.ngw-eip 116 | ] 117 | } 118 | 119 | resource "aws_route_table" "private-rt" { 120 | vpc_id = aws_vpc.vpc.id 121 | 122 | route { 123 | cidr_block = "0.0.0.0/0" 124 | nat_gateway_id = aws_nat_gateway.ngw.id 125 | } 126 | 127 | tags = { 128 | Name = var.private-rt-name 129 | env = var.env 130 | } 131 | 132 | depends_on = [aws_vpc.vpc, 133 | ] 134 | } 135 | 136 | resource "aws_route_table_association" "private-rt-association" { 137 | count = 3 138 | route_table_id = aws_route_table.private-rt.id 139 | subnet_id = aws_subnet.private-subnet[count.index].id 140 | 141 | depends_on = [aws_vpc.vpc, 142 | aws_subnet.private-subnet 143 | ] 144 | } 145 | 146 | resource "aws_security_group" "eks-cluster-sg" { 147 | name = var.eks-sg 148 | description = "Allow 443 from Jump Server only" 149 | 150 | vpc_id = aws_vpc.vpc.id 151 | 152 | ingress { 153 | from_port = 443 154 | to_port = 443 155 | protocol = "tcp" 156 | cidr_blocks = ["0.0.0.0/0"] // It should be specific IP range 157 | } 158 | 159 | egress { 160 | from_port = 0 161 | to_port = 0 162 | protocol = "-1" 163 | cidr_blocks = ["0.0.0.0/0"] 164 | } 165 | 166 | tags = { 167 | Name = var.eks-sg 168 | } 169 | } 170 | 171 | resource "aws_security_group" "ec2-sg" { 172 | name = var.ec2-sg 173 | description = "Allow 443 from Jump Server only" 174 | 175 | vpc_id = aws_vpc.vpc.id 176 | 177 | ingress { 178 | from_port = 22 179 | to_port = 22 180 | protocol = "tcp" 181 | cidr_blocks = ["0.0.0.0/0"] // It should be specific IP range 182 | } 183 | 184 | egress { 185 | from_port = 0 186 | to_port = 0 187 | protocol = "-1" 188 | cidr_blocks = ["0.0.0.0/0"] 189 | } 190 | 191 | tags = { 192 | Name = var.eks-sg 193 | } 194 | } -------------------------------------------------------------------------------- /variables.tfvars: -------------------------------------------------------------------------------- 1 | env = "dev" 2 | aws-region = "us-east-2" 3 | vpc-cidr-block = "10.16.0.0/16" 4 | vpc-name = "vpc" 5 | igw-name = "igw" 6 | pub-subnet-count = 3 7 | pub-cidr-block = ["10.16.0.0/20", "10.16.16.0/20", "10.16.32.0/20"] 8 | pub-availability-zone = ["us-east-2a", "us-east-2b", "us-east-2c"] 9 | pub-sub-name = "subnet-public" 10 | pri-subnet-count = 3 11 | pri-cidr-block = ["10.16.128.0/20", "10.16.144.0/20", "10.16.160.0/20"] 12 | pri-availability-zone = ["us-east-2a", "us-east-2b", "us-east-2c"] 13 | pri-sub-name = "subnet-private" 14 | public-rt-name = "public-route-table" 15 | private-rt-name = "private-route-table" 16 | eip-name = "elasticip-ngw" 17 | ngw-name = "ngw" 18 | eks-sg = "eks-sg" 19 | ec2-sg = "ec2-sg" 20 | 21 | # EKS 22 | is-eks-cluster-enabled = true 23 | cluster-version = "1.29" 24 | cluster-name = "eks-cluster" 25 | endpoint-private-access = true 26 | endpoint-public-access = false 27 | ondemand_instance_types = ["t3a.medium"] 28 | spot_instance_types = ["c5a.large", "c5a.xlarge", "m5a.large", "m5a.xlarge", "c5.large", "m5.large", "t3a.large", "t3a.xlarge", "t3a.medium"] 29 | desired_capacity_on_demand = "1" 30 | min_capacity_on_demand = "1" 31 | max_capacity_on_demand = "5" 32 | desired_capacity_spot = "1" 33 | min_capacity_spot = "1" 34 | max_capacity_spot = "10" 35 | addons = [ 36 | { 37 | name = "vpc-cni", 38 | version = "v1.18.1-eksbuild.1" 39 | }, 40 | { 41 | name = "coredns" 42 | version = "v1.11.1-eksbuild.9" 43 | }, 44 | { 45 | name = "kube-proxy" 46 | version = "v1.29.3-eksbuild.2" 47 | }, 48 | { 49 | name = "aws-ebs-csi-driver" 50 | version = "v1.30.0-eksbuild.1" 51 | } 52 | # Add more addons as needed 53 | ] 54 | 55 | # IAM 56 | ec2-iam-role = "ec2-ssm-role" 57 | ec2-iam-role-policy = "ec2-ssm-role-policy" 58 | ec2-iam-instance-profile = "ec2-ssm-instance-profile" 59 | 60 | # EC2 61 | ec2-name = "eks-deploy-server" -------------------------------------------------------------------------------- /vpc-ec2/backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = "~> 1.9.5" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.49.0" 7 | } 8 | kubernetes = { 9 | source = "hashicorp/kubernetes" 10 | version = "2.31.0" 11 | } 12 | } 13 | backend "s3" { 14 | bucket = "my-ews-baket1" 15 | region = "us-east-1" 16 | key = "vpc/terraform.tfstate" 17 | dynamodb_table = "Lock-Files" 18 | encrypt = true 19 | } 20 | } 21 | 22 | provider "aws" { 23 | region = var.aws-region 24 | } -------------------------------------------------------------------------------- /vpc-ec2/main.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | org = "medium" 3 | env = var.env 4 | } 5 | 6 | module "vpc-ec2" { 7 | source = "../module/vpc-ec2" 8 | 9 | env = var.env 10 | cluster-name = "${local.env}-${local.org}-${var.cluster-name}" 11 | cidr-block = var.vpc-cidr-block 12 | vpc-name = "${local.env}-${local.org}-${var.vpc-name}" 13 | igw-name = "${local.env}-${local.org}-${var.igw-name}" 14 | pub-subnet-count = var.pub-subnet-count 15 | pub-cidr-block = var.pub-cidr-block 16 | pub-availability-zone = var.pub-availability-zone 17 | pub-sub-name = "${local.env}-${local.org}-${var.pub-sub-name}" 18 | pri-subnet-count = var.pri-subnet-count 19 | pri-cidr-block = var.pri-cidr-block 20 | pri-availability-zone = var.pri-availability-zone 21 | pri-sub-name = "${local.env}-${local.org}-${var.pri-sub-name}" 22 | public-rt-name = "${local.env}-${local.org}-${var.public-rt-name}" 23 | private-rt-name = "${local.env}-${local.org}-${var.private-rt-name}" 24 | eip-name = "${local.env}-${local.org}-${var.eip-name}" 25 | ngw-name = "${local.env}-${local.org}-${var.ngw-name}" 26 | eks-sg = var.eks-sg 27 | ec2-sg = var.ec2-sg 28 | 29 | ec2-iam-role = var.ec2-iam-role 30 | ec2-iam-role-policy = var.ec2-iam-role-policy 31 | ec2-iam-instance-profile = var.ec2-iam-instance-profile 32 | 33 | ec2-name = var.ec2-name 34 | 35 | } -------------------------------------------------------------------------------- /vpc-ec2/variables.tf: -------------------------------------------------------------------------------- 1 | variable "aws-region" {} 2 | variable "env" {} 3 | variable "cluster-name" {} 4 | variable "vpc-cidr-block" {} 5 | variable "vpc-name" {} 6 | variable "igw-name" {} 7 | variable "pub-subnet-count" {} 8 | variable "pub-cidr-block" { 9 | type = list(string) 10 | } 11 | variable "pub-availability-zone" { 12 | type = list(string) 13 | } 14 | variable "pub-sub-name" {} 15 | variable "pri-subnet-count" {} 16 | variable "pri-cidr-block" { 17 | type = list(string) 18 | } 19 | variable "pri-availability-zone" { 20 | type = list(string) 21 | } 22 | variable "pri-sub-name" {} 23 | variable "public-rt-name" {} 24 | variable "private-rt-name" {} 25 | variable "eip-name" {} 26 | variable "ngw-name" {} 27 | variable "eks-sg" {} 28 | variable "ec2-sg" {} 29 | 30 | # IAM 31 | variable "ec2-iam-role" {} 32 | variable "ec2-iam-role-policy" {} 33 | variable "ec2-iam-instance-profile" {} 34 | 35 | # EC2 36 | variable "ec2-name" {} -------------------------------------------------------------------------------- /vpc-ec2/variables.tfvars: -------------------------------------------------------------------------------- 1 | env = "dev" 2 | aws-region = "us-east-1" 3 | vpc-cidr-block = "10.16.0.0/16" 4 | vpc-name = "vpc" 5 | igw-name = "igw" 6 | pub-subnet-count = 3 7 | pub-cidr-block = ["10.16.0.0/20", "10.16.16.0/20", "10.16.32.0/20"] 8 | pub-availability-zone = ["us-east-1a", "us-east-1b", "us-east-1c"] 9 | pub-sub-name = "subnet-public" 10 | pri-subnet-count = 3 11 | pri-cidr-block = ["10.16.128.0/20", "10.16.144.0/20", "10.16.160.0/20"] 12 | pri-availability-zone = ["us-east-1a", "us-east-1b", "us-east-1c"] 13 | pri-sub-name = "subnet-private" 14 | public-rt-name = "public-route-table" 15 | private-rt-name = "private-route-table" 16 | eip-name = "elasticip-ngw" 17 | ngw-name = "ngw" 18 | eks-sg = "eks-sg" --------------------------------------------------------------------------------