├── .circleci └── config.yml ├── .github └── workflows │ └── terraform.yml ├── .gitignore ├── Modularized └── Terraform-Modularized │ ├── EC2-Instance │ ├── backend.tf │ ├── gather.tf │ ├── main.tf │ └── provider.tf │ ├── IAM-Roles │ ├── backend.tf │ ├── policy.json │ ├── policy.tf │ ├── provider.tf │ ├── role.json │ └── role.tf │ ├── Jenkinsfile │ ├── Lambda-Function │ ├── backend.tf │ ├── code.zip │ ├── lambda.tf │ ├── policy.json │ ├── policy.tf │ ├── provider.tf │ ├── role.json │ └── role.tf │ ├── Modules │ ├── Terraform-EC2 │ │ ├── main.tf │ │ └── variables.tf │ ├── Terraform-Lambda │ │ ├── main.tf │ │ └── variables.tf │ ├── Terraform-S3Bucket │ │ ├── main.tf │ │ └── variables.tf │ ├── Terraform-SNS │ │ ├── main.tf │ │ └── varaibles.tf │ └── Terraform-VPC │ │ ├── main.tf │ │ └── variables.tf │ ├── S3-Bucket │ ├── backend.tf │ ├── main.tf │ └── provider.tf │ ├── SNS-Topic │ ├── backend.tf │ └── main.tf │ ├── VPC-Networking │ ├── backend.tf │ ├── main.tf │ └── provider.tf │ ├── dev.tfvars │ └── variables.tf ├── Non-Modularized ├── ALB-EC2 │ ├── Attach-Target-Group-to-EC2.tf │ ├── Instance.tf │ ├── Internet-Gateway.tf │ ├── Load-Balancer-Listener.tf │ ├── Load-Balancer.tf │ ├── Route-Table-Association.tf │ ├── Route-Table.tf │ ├── Security-Group.tf │ ├── Subnet.tf │ ├── Target-Group.tf │ ├── VPC.tf │ ├── backend.tf │ ├── data.tf │ └── provider.tf ├── API-Gateway-POST │ ├── API-GW.tf │ ├── backend.tf │ ├── code.zip │ ├── iam-policy.json │ ├── iam-policy.tf │ ├── iam-role.json │ ├── iam-role.tf │ ├── lambda-function.tf │ ├── provider.tf │ └── variables.tf ├── ASG-ELB │ ├── AutoScaling.tf │ ├── Launch-Configuration.tf │ ├── backend.tf │ ├── elb.tf │ ├── instance.tf │ ├── provider.tf │ └── vpc.tf ├── ASG-LB │ ├── AutoScaling.tf │ ├── Launch-Configuration.tf │ ├── backend.tf │ ├── elb.tf │ ├── instance.tf │ ├── provider.tf │ └── vpc.tf ├── AWS-Cost-Reporting │ ├── DateTime.zip │ ├── README.md │ ├── assets │ │ └── AWS-Infra.gif │ ├── backend.tf │ ├── eventbridge-rule.tf │ ├── lambda-function.tf │ ├── lambda-layers.tf │ ├── policy.json │ ├── policy.tf │ ├── provider.tf │ ├── python-code.zip │ ├── role.json │ ├── role.tf │ └── ses.tf ├── AWS-Glue-S3 │ ├── backend.tf │ └── provider.tf ├── AWS-Serverless-Project │ ├── README.md │ ├── amplify_app.tf │ ├── api-gateway.tf │ ├── assets │ │ └── Serverless.gif │ ├── backend.tf │ ├── dynamodb.tf │ ├── enable-cors-apigw.tf │ ├── iam-policy.tf │ ├── iam-role.tf │ ├── lambda-permission.tf │ ├── lambda.tf │ ├── variables.tf │ └── variables.tfvars ├── Auto-Scaling │ ├── Modules │ │ ├── backend.tf │ │ └── main.tf │ └── Resources │ │ └── main.tf ├── Cloudwatch-Alarm-Lambda-Failure-Pattern-Mail │ ├── backend.tf │ ├── cloudwatchlog.tf │ ├── code.zip │ ├── iam-policy.json │ ├── iam-policy.tf │ ├── iam-role.json │ ├── iam-role.tf │ ├── index.js │ ├── index.zip │ ├── lambda.tf │ ├── provider.tf │ ├── sns-topic.tf │ ├── triggered-lambda.tf │ └── variable.tf ├── Cloudwatch-Alarm-Lambda-Failure-SQS │ ├── backend.tf │ ├── cloudwatch.tf │ ├── code.zip │ ├── iam-policy.json │ ├── iam-policy.tf │ ├── iam-role.json │ ├── iam-role.tf │ ├── lambda.tf │ ├── provider.tf │ ├── sns.tf │ └── sqs.tf ├── Cloudwatch-Alarm-Lambda-Failure │ ├── backend.tf │ ├── cloudwatch.tf │ ├── code.zip │ ├── iam-policy.json │ ├── iam-policy.tf │ ├── iam-role.json │ ├── iam-role.tf │ ├── lambda.tf │ ├── provider.tf │ └── variable.tf ├── DynamoDB-Streams-With-New-Lambda-Trigger │ ├── backend.tf │ ├── code.py │ ├── code.zip │ ├── create-table.tf │ ├── iam-policy.json │ ├── iam-policy.tf │ ├── iam-role.json │ ├── iam-role.tf │ ├── lambda_function.tf │ ├── provider.tf │ └── trigger.tf ├── DynamoDB │ ├── backend.tf │ ├── create-table.tf │ └── provider.tf ├── EBS-Snapshot-Cost-Optimization │ ├── README.md │ ├── assets │ │ └── AWS-Infra-Diagram.gif │ ├── backend.tf │ ├── ebs_snapshot_cost_optimization.py │ ├── ebs_snapshot_cost_optimization.zip │ ├── iam-policy.json │ ├── iam-policy.tf │ ├── iam-role.json │ ├── iam-role.tf │ ├── lambda.tf │ └── variables.tf ├── EC2-Instance-With-SG │ ├── backend.tf │ └── main.tf ├── EC2-Instance │ ├── backend.tf │ ├── iam-policy.json │ ├── iam-policy.tf │ ├── iam-role.json │ ├── iam-role.tf │ └── main.tf ├── EC2-Snapshot │ ├── Modules │ │ ├── backend.tf │ │ └── main.tf │ └── Resources │ │ ├── ebs-attachment.tf │ │ ├── ebs-snapshot.tf │ │ ├── ebs-volume.tf │ │ ├── instance.tf │ │ ├── security-group.tf │ │ └── vpc.tf ├── ECS-Fargate │ ├── Load-Balancer.tf │ ├── Security-Group.tf │ ├── Target-Group.tf │ ├── backend.tf │ ├── ecs-cluster.tf │ ├── ecs-service.tf │ ├── ecs-taskdefiniton.tf │ ├── iam-policy.json │ ├── iam-policy.tf │ ├── iam-role.json │ ├── iam-role.tf │ ├── provider.tf │ └── vpc.tf ├── Health-Check │ ├── EC2-Instance.tf │ ├── Internet-Gateway.tf │ ├── Route-Table-Association.tf │ ├── Route-Table.tf │ ├── Target-Group.tf │ ├── VPC.tf │ ├── backend.tf │ ├── provider.tf │ ├── security-group.tf │ └── subnet.tf ├── Image-Recognistion-using-Amazon-Rekognition │ ├── ImageRekognition.zip │ ├── README.md │ ├── assets │ │ └── AmazonRekognition.gif │ ├── backend.tf │ ├── iam-policy.json │ ├── iam-policy.tf │ ├── iam-role.json │ ├── iam-roles.tf │ ├── lambda-function.tf │ ├── s3-bucket.tf │ ├── sns-topic.tf │ └── variables.tf ├── Jenkinsfile ├── Lambda-Function │ ├── backend.tf │ ├── code │ │ ├── hello.py │ │ └── hello.zip │ ├── data-archiving.tf │ ├── iampolicy.tf │ ├── iamrole.tf │ ├── lambda_function.tf │ ├── lambda_policy.json │ ├── lambda_role.json │ └── provider.tf ├── Module-S3-Bucket │ ├── backend.tf │ ├── main.tf │ └── provider.tf ├── Module-VPC │ ├── backend.tf │ ├── main.tf │ └── provider.tf ├── Modules-EC2 │ ├── EC2 │ │ ├── backend.tf │ │ └── main.tf │ └── Module │ │ ├── main.tf │ │ ├── subnet.tf │ │ ├── variables.tf │ │ └── vpc.tf ├── Resize-Image-Using-LambdaFunction-S3-SNS │ ├── CreateThumbnail.zip │ ├── README.md │ ├── assets │ │ └── AWS-Infra.gif │ ├── backend.tf │ ├── iampolicy.tf │ ├── iamrole.tf │ ├── lambda-function.tf │ ├── lambda_policy.json │ ├── lambda_role.json │ ├── provider.tf │ ├── s3-bucket.tf │ ├── sns.tf │ ├── test-event.json │ └── variables.tf ├── S3-Static-Website │ ├── 2109_the_card │ │ ├── ABOUT THIS TEMPLATE.txt │ │ ├── css │ │ │ ├── bootstrap.min.css │ │ │ ├── magnific-popup.css │ │ │ └── tooplate-style.css │ │ ├── img │ │ │ ├── 01.jpg │ │ │ ├── 02.jpg │ │ │ ├── 03.jpg │ │ │ ├── 04.jpg │ │ │ ├── 05.jpg │ │ │ ├── 06.jpg │ │ │ ├── 07.jpg │ │ │ ├── 08.jpg │ │ │ ├── 09.jpg │ │ │ ├── 10.jpg │ │ │ ├── 11.jpg │ │ │ ├── 12.jpg │ │ │ ├── bar-code.jpg │ │ │ ├── photo-02.jpg │ │ │ ├── photo-03.jpg │ │ │ ├── photo-04.jpg │ │ │ └── photo-05.jpg │ │ ├── index.html │ │ ├── js │ │ │ ├── background.cycle.js │ │ │ ├── jquery-1.11.0.min.js │ │ │ └── jquery.magnific-popup.min.js │ │ └── slick │ │ │ ├── ajax-loader.gif │ │ │ ├── config.rb │ │ │ ├── fonts │ │ │ ├── slick.eot │ │ │ ├── slick.svg │ │ │ ├── slick.ttf │ │ │ └── slick.woff │ │ │ ├── slick-theme.css │ │ │ ├── slick-theme.less │ │ │ ├── slick-theme.scss │ │ │ ├── slick.css │ │ │ ├── slick.js │ │ │ ├── slick.less │ │ │ ├── slick.min.js │ │ │ └── slick.scss │ ├── README.md │ ├── assets │ │ └── AWS-Infra-Diagram.gif │ ├── backend.tf │ ├── bucket-creation.tf │ ├── certificate.tf │ ├── cloudfront-distribution.tf │ ├── provider.tf │ ├── route53.tf │ └── variables.tf ├── SecurityGroup-EC2 │ ├── backend.tf │ └── main.tf ├── Simple-RDS-Instance │ ├── backend.tf │ ├── provider.tf │ └── rds.tf ├── Three-Tier-Application │ ├── AMI-Creation.pkr.hcl │ ├── AutoScaling-group.tf │ ├── README.md │ ├── assets │ │ └── Three-Tier-Architecture.gif │ ├── backend.tf │ ├── certificate-manager.tf │ ├── cloudfront.tf │ ├── elb.tf │ ├── iam-policy.json │ ├── iam-policy.tf │ ├── iam-role.json │ ├── iam-role.tf │ ├── launch-configuration.tf │ ├── provider.tf │ ├── rds.tf │ ├── route53.tf │ ├── s3-bucket.tf │ ├── security-group.tf │ ├── variables.tf │ ├── vpc.tf │ └── waf.tf ├── Trigger-Lambda-Using-EventBridge │ ├── backend.tf │ ├── code.zip │ ├── eventbridge.tf │ ├── iam-policy.json │ ├── iam-policy.tf │ ├── iam-role.json │ ├── iam-role.tf │ ├── lambda.tf │ └── provider.tf ├── Two-Tier-Architecture │ ├── README.md │ ├── bloody-sweet │ │ ├── README.md │ │ ├── assets │ │ │ └── Two-Tier-Architecture.gif │ │ ├── backend.tf │ │ ├── main.tf │ │ ├── variables.tf │ │ └── variables.tfvars │ └── modules │ │ ├── alb-tg │ │ ├── gather.tf │ │ ├── main.tf │ │ └── variables.tf │ │ ├── aws-autoscaling │ │ ├── deploy.sh │ │ ├── gather.tf │ │ ├── main.tf │ │ └── variable.tf │ │ ├── aws-iam │ │ ├── iam-instance-profile.tf │ │ ├── iam-policy.json │ │ ├── iam-policy.tf │ │ ├── iam-role.json │ │ ├── iam-role.tf │ │ └── variables.tf │ │ ├── aws-rds │ │ ├── gather.tf │ │ ├── main.tf │ │ └── variables.tf │ │ ├── aws-vpc │ │ ├── main.tf │ │ └── variables.tf │ │ ├── aws-waf-cdn-acm-route53 │ │ ├── acm.tf │ │ ├── cdn.tf │ │ ├── gather.tf │ │ ├── route53.tf │ │ ├── variables.tf │ │ └── waf.tf │ │ └── security-group │ │ ├── gather.tf │ │ ├── main.tf │ │ └── variable.tf ├── VPC-Networking │ ├── backend.tf │ ├── main.tf │ └── variables.tf └── VPC │ ├── backend.tf │ ├── create-vpc.tf │ ├── provider.tf │ └── variables.tf ├── README.md ├── SECURITY.md └── delete-script.sh /.circleci/config.yml: -------------------------------------------------------------------------------- 1 | version: 2.1 2 | 3 | jobs: 4 | deploy: 5 | docker: 6 | - image: hashicorp/terraform:latest 7 | environment: 8 | AWS_DEFAULT_REGION: "us-east-1" 9 | steps: 10 | - checkout 11 | - run: 12 | name: Set up AWS credentials 13 | command: echo AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY > ~/.env 14 | - run: 15 | name: Initializing the Terraform code 16 | command: | 17 | cd ./Non-Modularized/AWS-Serverless-Project 18 | terraform init 19 | - run: 20 | name: Terraform Plan 21 | command: | 22 | cd ./Non-Modularized/AWS-Serverless-Project 23 | terraform plan -var-file variables.tfvars 24 | - run: 25 | name: Terraform Apply 26 | command: | 27 | cd ./Non-Modularized/AWS-Serverless-Project 28 | terraform apply --auto-approve -var-file=variables.tfvars 29 | 30 | destroy: 31 | docker: 32 | - image: hashicorp/terraform:latest 33 | environment: 34 | AWS_DEFAULT_REGION: "us-east-1" 35 | steps: 36 | - checkout 37 | - run: 38 | name: Set up AWS credentials 39 | command: echo AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY > ~/.env 40 | - run: 41 | name: Initializing the Terraform code 42 | command: | 43 | cd ./Non-Modularized/AWS-Serverless-Project 44 | terraform init 45 | - run: 46 | name: Terraform Destroy 47 | command: | 48 | cd ./Non-Modularized/AWS-Serverless-Project 49 | terraform destroy --auto-approve -var-file variables.tfvars 50 | 51 | workflows: 52 | version: 2 53 | build-and-deploy: 54 | jobs: 55 | - deploy 56 | 57 | destroy-infrastructure: 58 | jobs: 59 | - destroy -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AmanPathak-DevOps/Terraform-for-AWS/2376bd4bdae9dcfe64ca01333b8c84f947c168e1/.gitignore -------------------------------------------------------------------------------- /Modularized/Terraform-Modularized/EC2-Instance/backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "s3" { 3 | bucket = "my-ews-baket1" 4 | region = "us-east-1" 5 | key = "Modularized/EC2-Instance/terraform.tfstate" 6 | dynamodb_table = "Lock-Files" 7 | encrypt = true 8 | } 9 | required_version = ">=0.13.0" 10 | required_providers { 11 | aws = { 12 | version = ">= 2.7.0" 13 | source = "hashicorp/aws" 14 | } 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /Modularized/Terraform-Modularized/EC2-Instance/gather.tf: -------------------------------------------------------------------------------- 1 | data "aws_ami" "ami" { 2 | most_recent = true 3 | owners = ["099720109477"] 4 | filter { 5 | name = "name" 6 | values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"] 7 | } 8 | filter { 9 | name = "virtualization-type" 10 | values = ["hvm"] 11 | } 12 | } 13 | 14 | 15 | data "aws_subnet" "public-subnet" { 16 | tags = { 17 | Name = "Public-Networking" 18 | } 19 | } 20 | 21 | data "aws_security_group" "sg" { 22 | tags = { 23 | Name = "SecurityGroup-Networking" 24 | } 25 | } -------------------------------------------------------------------------------- /Modularized/Terraform-Modularized/EC2-Instance/main.tf: -------------------------------------------------------------------------------- 1 | module "ec2-instance" { 2 | source = "../Modules/Terraform-EC2" 3 | 4 | is_instance_enabled = var.is_instance_enabled 5 | instance_count = 1 6 | ec2_image = data.aws_ami.ami.id 7 | aws_instance_type = var.aws_instance_type 8 | subnet_id = data.aws_subnet.public-subnet.id 9 | security_group = [data.aws_security_group.sg.id] 10 | instance_name = var.instance_name 11 | key_name = var.key_name 12 | ssm_parameter_store_file_name = "/${var.instance_name}/${var.key_name}.pem" 13 | ssm_parameter_store_description = "Instance Pem file for ${var.instance_name} Instance" 14 | ssm_parameter_store_type = "SecureString" 15 | ssm_parameter_store_file_path = file("${path.module}/${var.key_name}.pem") 16 | # delete_file_command = "rm -f ${path.module}/${var.key_name}.pem" 17 | } -------------------------------------------------------------------------------- /Modularized/Terraform-Modularized/EC2-Instance/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.region 3 | } -------------------------------------------------------------------------------- /Modularized/Terraform-Modularized/IAM-Roles/backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "s3" { 3 | bucket = "my-ews-baket1" 4 | region = "us-east-1" 5 | key = "Modularized/IAM-Roles/terraform.tfstate" 6 | dynamodb_table = "Lock-Files" 7 | encrypt = true 8 | } 9 | required_version = ">=0.13.0" 10 | required_providers { 11 | aws = { 12 | version = ">= 2.7.0" 13 | source = "hashicorp/aws" 14 | } 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /Modularized/Terraform-Modularized/IAM-Roles/policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "logs:CreateLogGroup", 8 | "logs:CreateLogStream", 9 | "logs:PutLogEvents", 10 | "sns:*" 11 | ], 12 | "Resource": "*" 13 | } 14 | ] 15 | } 16 | 17 | -------------------------------------------------------------------------------- /Modularized/Terraform-Modularized/IAM-Roles/policy.tf: -------------------------------------------------------------------------------- 1 | resource "aws_iam_role_policy" "iam-policy" { 2 | name = var.policy_name 3 | role = aws_iam_role.iam-role.id 4 | policy = file("${path.module}/${var.policy_file}") 5 | } -------------------------------------------------------------------------------- /Modularized/Terraform-Modularized/IAM-Roles/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "us-east-1" 3 | } -------------------------------------------------------------------------------- /Modularized/Terraform-Modularized/IAM-Roles/role.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Principal": { 7 | "Service": "lambda.amazonaws.com" 8 | }, 9 | "Action": "sts:AssumeRole" 10 | } 11 | ] 12 | } -------------------------------------------------------------------------------- /Modularized/Terraform-Modularized/IAM-Roles/role.tf: -------------------------------------------------------------------------------- 1 | resource "aws_iam_role" "iam-role" { 2 | name = var.role_name 3 | assume_role_policy = file("${path.module}/${var.role_policy_file}") 4 | } -------------------------------------------------------------------------------- /Modularized/Terraform-Modularized/Lambda-Function/backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "s3" { 3 | bucket = "my-ews-baket1" 4 | region = "us-east-1" 5 | key = "Modularized/Lambda-Function/terraform.tfstate" 6 | dynamodb_table = "Lock-Files" 7 | encrypt = true 8 | } 9 | required_version = ">=0.13.0" 10 | required_providers { 11 | aws = { 12 | version = ">= 2.7.0" 13 | source = "hashicorp/aws" 14 | } 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /Modularized/Terraform-Modularized/Lambda-Function/code.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AmanPathak-DevOps/Terraform-for-AWS/2376bd4bdae9dcfe64ca01333b8c84f947c168e1/Modularized/Terraform-Modularized/Lambda-Function/code.zip -------------------------------------------------------------------------------- /Modularized/Terraform-Modularized/Lambda-Function/lambda.tf: -------------------------------------------------------------------------------- 1 | module "lambda-for-SNS" { 2 | source = "../Modules/Terraform-Lambda" 3 | 4 | is_enabled = 1 // To disable the lambda override with 0 5 | lambdafile_count = 1 6 | function = var.functionname 7 | lambda_function_name = var.lambdafunctionname 8 | runtime-for-lambda = var.lambda-runtime 9 | handler-for-lambda = var.lambda-handler 10 | code-for-lambda = var.handler-code 11 | role-for-lambda = aws_iam_role.iam-role.arn // var.role-lambda variable approach not working because it needs the direct arn so the alternative of this "data" 12 | timeout-for-lambda = var.timout-lambda 13 | memory-size-for-lambda = var.memory-size 14 | 15 | lambda_env = { 16 | ENV = var.sdlc_env 17 | } 18 | } 19 | 20 | 21 | -------------------------------------------------------------------------------- /Modularized/Terraform-Modularized/Lambda-Function/policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "logs:CreateLogGroup", 8 | "logs:CreateLogStream", 9 | "logs:PutLogEvents", 10 | "sns:*" 11 | ], 12 | "Resource": "*" 13 | } 14 | ] 15 | } 16 | 17 | -------------------------------------------------------------------------------- /Modularized/Terraform-Modularized/Lambda-Function/policy.tf: -------------------------------------------------------------------------------- 1 | resource "aws_iam_role_policy" "iam-policy" { 2 | name = "AWS-Lambda-Role-S3-New" 3 | role = aws_iam_role.iam-role.id 4 | policy = file("${path.module}/policy.json") 5 | } -------------------------------------------------------------------------------- /Modularized/Terraform-Modularized/Lambda-Function/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "us-east-1" 3 | } -------------------------------------------------------------------------------- /Modularized/Terraform-Modularized/Lambda-Function/role.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Principal": { 7 | "Service": "lambda.amazonaws.com" 8 | }, 9 | "Action": "sts:AssumeRole" 10 | } 11 | ] 12 | } -------------------------------------------------------------------------------- /Modularized/Terraform-Modularized/Lambda-Function/role.tf: -------------------------------------------------------------------------------- 1 | resource "aws_iam_role" "iam-role" { 2 | name = "iam-role-lambda-api-gateway" 3 | assume_role_policy = file("${path.module}/role.json") 4 | } -------------------------------------------------------------------------------- /Modularized/Terraform-Modularized/Modules/Terraform-EC2/variables.tf: -------------------------------------------------------------------------------- 1 | variable "is_private_key_enabled" { 2 | default = 1 3 | } 4 | variable "private_key_count" { 5 | default = 1 6 | } 7 | variable "is_key_pair_enabled" { 8 | default = 1 9 | } 10 | variable "key_pair_count" { 11 | default = 1 12 | } 13 | variable "key_name" {} 14 | variable "is_bucket_enable" { 15 | default = 1 16 | } 17 | variable "is_paramter_store_enabled" { 18 | default = 1 19 | } 20 | variable "paramter_store_count" { 21 | default = 1 22 | } 23 | variable "ssm_parameter_store_file_name" {} 24 | variable "ssm_parameter_store_description" {} 25 | variable "ssm_parameter_store_type" {} 26 | variable "ssm_parameter_store_file_path" {} 27 | variable "bucket_count" { 28 | default = 1 29 | } 30 | variable "bucket_name" { 31 | default = "bucket-para-pem" 32 | } 33 | variable "is_instance_enabled" {} 34 | variable "instance_count" {} 35 | variable "ec2_image" {} 36 | variable "aws_instance_type" {} 37 | variable "subnet_id" {} 38 | variable "security_group" {} 39 | variable "instance_name" {} -------------------------------------------------------------------------------- /Modularized/Terraform-Modularized/Modules/Terraform-Lambda/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_lambda_function" "lamda-1" { 2 | count = "${var.is_enabled == 1 ? var.lambdafile_count : 0}" 3 | function_name = "${var.function}_${var.lambda_function_name}" 4 | handler = "${var.handler-for-lambda}" 5 | runtime = "${var.runtime-for-lambda}" 6 | filename = "${var.code-for-lambda}" 7 | source_code_hash = filebase64sha256(var.code-for-lambda) 8 | role = "${var.role-for-lambda}" 9 | timeout = "${var.timeout-for-lambda}" 10 | memory_size = "${var.memory-size-for-lambda}" 11 | 12 | environment { 13 | variables = var.lambda_env 14 | } 15 | } -------------------------------------------------------------------------------- /Modularized/Terraform-Modularized/Modules/Terraform-Lambda/variables.tf: -------------------------------------------------------------------------------- 1 | variable "is_enabled" {} 2 | variable "function" {} 3 | variable "lambda_function_name" {} 4 | variable "lambdafile_count" {} 5 | variable "code-for-lambda" {} 6 | variable "runtime-for-lambda" {} 7 | variable "handler-for-lambda" {} 8 | variable "role-for-lambda" {} 9 | variable "timeout-for-lambda" {} 10 | variable "memory-size-for-lambda" {} 11 | variable "lambda_env" {} -------------------------------------------------------------------------------- /Modularized/Terraform-Modularized/Modules/Terraform-S3Bucket/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_s3_bucket" "s3-bucket" { 2 | count = "${var.is_enable == 1 ? var.s3bucket_count : 0}" 3 | bucket = var.bucket 4 | force_destroy = var.force_destroy 5 | 6 | tags = { 7 | Environment = var.environment 8 | } 9 | } 10 | 11 | resource "aws_s3_bucket_acl" "bucket_acl" { 12 | count = 1 13 | bucket = aws_s3_bucket.s3-bucket[count.index].id 14 | acl = var.bucket_acl 15 | } 16 | -------------------------------------------------------------------------------- /Modularized/Terraform-Modularized/Modules/Terraform-S3Bucket/variables.tf: -------------------------------------------------------------------------------- 1 | variable "is_enable" {} 2 | variable "s3bucket_count" {} 3 | variable "bucket" {} 4 | variable "force_destroy" {} 5 | variable "environment" {} 6 | 7 | variable "bucket_acl" { 8 | default = "private" 9 | } -------------------------------------------------------------------------------- /Modularized/Terraform-Modularized/Modules/Terraform-SNS/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_sns_topic" "sns-topic" { 2 | count = "${var.is_sns_enable == 1 ? var.sns_topic_count : 0 }" 3 | 4 | name = var.sns_topic_name 5 | } 6 | 7 | resource "aws_sns_topic_subscription" "sns-subscription" { 8 | count = "${var.is_sns_enable == 1 && var.is_sns_subscription_enable == 1 ? var.sns_subscription_count : 0 }" 9 | 10 | topic_arn = aws_sns_topic.sns-topic[count.index].arn 11 | protocol = var.protocol_sns_subscription 12 | endpoint = var.endpoint_protocol 13 | } -------------------------------------------------------------------------------- /Modularized/Terraform-Modularized/Modules/Terraform-SNS/varaibles.tf: -------------------------------------------------------------------------------- 1 | variable "is_sns_enable" {} 2 | variable "sns_topic_count" {} 3 | variable "sns_topic_name" {} 4 | 5 | variable "is_sns_subscription_enable" {} 6 | variable "sns_subscription_count" {} 7 | variable "protocol_sns_subscription" {} 8 | variable "endpoint_protocol" {} -------------------------------------------------------------------------------- /Modularized/Terraform-Modularized/Modules/Terraform-VPC/variables.tf: -------------------------------------------------------------------------------- 1 | variable "is_vpc_enable" {} 2 | variable "vpc_count" {} 3 | variable "cidr_block" {} 4 | variable "tenancy" {} 5 | variable "dns_hostname" {} 6 | variable "vpc_name" {} 7 | 8 | variable "is_gateway_enable" {} 9 | variable "gateway_count" {} 10 | variable "internet_gateway_name" {} 11 | 12 | variable "is_public_subnet_enable" {} 13 | variable "public_subnet_count" {} 14 | variable "subnet_cidr1" {} 15 | variable "zone1" {} 16 | variable "public_ip" {} 17 | variable "subnet_name1" {} 18 | 19 | variable "is_private_subnet_enable" {} 20 | variable "private_subnet_count" {} 21 | variable "subnet_cidr2" {} 22 | variable "zone2" {} 23 | variable "subnet_name2" {} 24 | variable "private_ip" {} 25 | 26 | variable "is_rt_enable" {} 27 | variable "rt_count" {} 28 | variable "public_route" {} 29 | variable "route_table_name" {} 30 | 31 | variable "is_rta_enable" {} 32 | variable "rta_count" {} 33 | 34 | variable "is_aws_security_group_enable" {} 35 | variable "security_group_count" {} 36 | variable "from_port1" {} 37 | variable "to_port1" {} 38 | variable "from_port2" {} 39 | variable "to_port2" {} 40 | variable "security_group_name" {} 41 | -------------------------------------------------------------------------------- /Modularized/Terraform-Modularized/S3-Bucket/backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "s3" { 3 | bucket = "my-ews-baket1" 4 | region = "us-east-1" 5 | key = "Modularized/S3-Bucket/terraform.tfstate" 6 | dynamodb_table = "Lock-Files" 7 | encrypt = true 8 | } 9 | required_version = ">=0.13.0" 10 | required_providers { 11 | aws = { 12 | version = ">= 2.7.0" 13 | source = "hashicorp/aws" 14 | } 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /Modularized/Terraform-Modularized/S3-Bucket/main.tf: -------------------------------------------------------------------------------- 1 | module "s3-bucket" { 2 | source = "../Modules/Terraform-S3Bucket" 3 | 4 | is_enable = var.is_bucket_enabled 5 | s3bucket_count = 1 6 | bucket = var.bucket_name 7 | force_destroy = var.force_destroy 8 | environment = var.env 9 | } -------------------------------------------------------------------------------- /Modularized/Terraform-Modularized/S3-Bucket/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.region 3 | } -------------------------------------------------------------------------------- /Modularized/Terraform-Modularized/SNS-Topic/backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "s3" { 3 | bucket = "my-ews-baket1" 4 | region = "us-east-1" 5 | key = "Modularized/SNS-Topic/terraform.tfstate" 6 | dynamodb_table = "Lock-Files" 7 | encrypt = true 8 | } 9 | required_version = ">=0.13.0" 10 | required_providers { 11 | aws = { 12 | version = ">= 2.7.0" 13 | source = "hashicorp/aws" 14 | } 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /Modularized/Terraform-Modularized/SNS-Topic/main.tf: -------------------------------------------------------------------------------- 1 | module "sns-topic" { 2 | source = "../Modules/Terraform-SNS" 3 | 4 | is_sns_enable = var.is_enable 5 | sns_topic_count = 1 6 | sns_topic_name = var.topic_name 7 | 8 | is_sns_subscription_enable = var.is_subscription_enable 9 | sns_subscription_count = 1 10 | protocol_sns_subscription = var.protocol_subscription 11 | endpoint_protocol = var.endpoint 12 | } -------------------------------------------------------------------------------- /Modularized/Terraform-Modularized/VPC-Networking/backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "s3" { 3 | bucket = "my-ews-baket1" 4 | region = "us-east-1" 5 | key = "Modularized/VPC-Networking/terraform.tfstate" 6 | dynamodb_table = "Lock-Files" 7 | encrypt = true 8 | } 9 | required_version = ">=0.13.0" 10 | required_providers { 11 | aws = { 12 | version = ">= 2.7.0" 13 | source = "hashicorp/aws" 14 | } 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /Modularized/Terraform-Modularized/VPC-Networking/main.tf: -------------------------------------------------------------------------------- 1 | module "vpc" { 2 | source = "../Modules/Terraform-VPC" 3 | 4 | is_vpc_enable = var.is_enable_vpc 5 | vpc_count = 1 6 | cidr_block = var.cidr_block_vpc 7 | tenancy = var.instance_tenancy_vpc 8 | dns_hostname = var.dns 9 | vpc_name = var.name_vpc 10 | 11 | is_gateway_enable = var.is_enable_ig 12 | gateway_count = 1 13 | internet_gateway_name = var.gateway_name 14 | 15 | is_public_subnet_enable = var.is_subnet_enable_public 16 | public_subnet_count = 1 17 | subnet_cidr1 = var.public_cidr 18 | zone1 = var.az1 19 | public_ip = var.map_public_ip 20 | subnet_name1 = var.public_subnet 21 | 22 | is_private_subnet_enable = var.is_subnet_enable_private 23 | private_subnet_count = 1 24 | subnet_cidr2 = var.private_cidr 25 | zone2 = var.az2 26 | private_ip = var.map_private_ip 27 | subnet_name2 = var.private_subnet 28 | 29 | is_rt_enable = var.is_enable_rt 30 | rt_count = 1 31 | public_route = var.route_public 32 | route_table_name = var.rt_name 33 | 34 | is_rta_enable = var.is_enable_rta 35 | rta_count = 1 36 | 37 | is_aws_security_group_enable = var.is_sg_enable 38 | security_group_count = 1 39 | from_port1 = var.from_port1 40 | to_port1 = var.to_port1 41 | from_port2 = var.from_port2 42 | to_port2 = var.to_port2 43 | security_group_name = var.sg_name 44 | } -------------------------------------------------------------------------------- /Modularized/Terraform-Modularized/VPC-Networking/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.region 3 | } -------------------------------------------------------------------------------- /Modularized/Terraform-Modularized/dev.tfvars: -------------------------------------------------------------------------------- 1 | region = "us-east-1" 2 | 3 | # EC2-Instance 4 | is_instance_enabled = 1 5 | aws_instance_type = "t2.micro" 6 | instance_name = "Ubuntu-Networking" 7 | security_group = "SecurityGroup-Networking" 8 | key_name = "instance-key" 9 | 10 | # IAM-Roles 11 | role_name = "iam-role-lambda" 12 | role_policy_file = "role.json" 13 | 14 | policy_name = "AWS-Lambda-Role" 15 | policy_file = "policy.json" 16 | 17 | # Lambda-Function 18 | is_lambda_enabled = 0 19 | functionname = "lambda" 20 | lambdafunctionname = "-for-SNS" 21 | lambda-runtime = "python3.8" 22 | lambda-handler = "code.lambda_handler" 23 | handler-code = "code.zip" 24 | role-lambda = aws_iam_role.iam-role.arn 25 | timout-lambda = "120" 26 | memory-size = "128" 27 | sdlc_env = "dev" 28 | 29 | 30 | # S3-Bucket 31 | is_bucket_enabled = 1 32 | bucket_name = "the-far-est-baket" 33 | force_destroy = true 34 | env = "Development" 35 | 36 | 37 | # VPC-Networking 38 | is_enable_vpc = 1 39 | cidr_block_vpc = "10.0.0.0/16" 40 | instance_tenancy_vpc = "default" 41 | dns = true 42 | name_vpc = "VPC-Networking" 43 | 44 | is_enable_ig = 1 45 | gateway_name = "IG-Networking" 46 | 47 | is_subnet_enable_public = 1 48 | public_cidr = "10.0.1.0/24" 49 | az1 = "us-east-1a" 50 | map_public_ip = true 51 | public_subnet = "Public-Networking" 52 | 53 | is_subnet_enable_private = 1 54 | private_cidr = "10.0.2.0/24" 55 | az2 = "us-east-1b" 56 | map_private_ip = false 57 | private_subnet = "Private-Networking" 58 | 59 | is_enable_rt = 1 60 | route_public = "0.0.0.0/0" 61 | rt_name = "RT-Networking" 62 | 63 | is_enable_rta = 1 64 | 65 | is_sg_enable = 1 66 | from_port1 = 22 67 | to_port1 = 22 68 | from_port2 = 80 69 | to_port2 = 80 70 | sg_name = "SecurityGroup-Networking" 71 | 72 | 73 | # SNS-Topic 74 | is_enable = 1 75 | topic_name = "SNS-Modularized" 76 | 77 | is_subscription_enable = 1 78 | protocol_subscription = "email" 79 | endpoint = "avigautam63@gmail.com" -------------------------------------------------------------------------------- /Modularized/Terraform-Modularized/variables.tf: -------------------------------------------------------------------------------- 1 | # Global 2 | 3 | variable "region" {} 4 | 5 | #EC2-Instance 6 | 7 | variable "is_instance_enabled" {} 8 | variable "aws_instance_type" {} 9 | variable "instance_name" {} 10 | variable "key_name" {} 11 | 12 | # variable "public_subnet" {} 13 | variable "security_group" {} 14 | 15 | #IAM-Roles 16 | 17 | variable "role_name" {} 18 | variable "role_policy_file" {} 19 | 20 | variable "policy_name" {} 21 | variable "policy_file" {} 22 | 23 | # Lambda-Function 24 | 25 | variable "is_lambda_enabled" {} 26 | variable "functionname" {} 27 | variable "lambdafunctionname" {} 28 | variable "lambda-runtime" {} 29 | variable "lambda-handler" {} 30 | variable "handler-code" {} 31 | variable "timout-lambda" {} 32 | variable "memory-size" {} 33 | variable "sdlc_env" {} 34 | 35 | # S3-Bucket 36 | 37 | variable "is_bucket_enabled" {} 38 | variable "bucket_name" {} 39 | variable "force_destroy" {} 40 | variable "env" {} 41 | 42 | # SNS-Bucket 43 | 44 | variable "is_enable" {} 45 | variable "topic_name" {} 46 | 47 | 48 | variable "is_subscription_enable" {} 49 | variable "protocol_subscription" {} 50 | variable "endpoint" {} 51 | 52 | # VPC-Networking 53 | 54 | variable "is_enable_vpc" {} 55 | variable "cidr_block_vpc" {} 56 | variable "instance_tenancy_vpc" {} 57 | variable "dns" {} 58 | variable "name_vpc" {} 59 | 60 | variable "is_enable_ig" {} 61 | variable "gateway_name" {} 62 | 63 | variable "is_subnet_enable_public" {} 64 | variable "public_cidr" {} 65 | variable "az1" {} 66 | variable "map_public_ip" {} 67 | variable "public_subnet" {} 68 | 69 | variable "is_subnet_enable_private" {} 70 | variable "private_cidr" {} 71 | variable "az2" {} 72 | variable "map_private_ip" {} 73 | variable "private_subnet" {} 74 | 75 | variable "is_enable_rt" {} 76 | variable "route_public" {} 77 | variable "rt_name" {} 78 | 79 | variable "is_enable_rta" {} 80 | 81 | variable "is_sg_enable" {} 82 | variable "from_port1" {} 83 | variable "to_port1" {} 84 | variable "from_port2" {} 85 | variable "to_port2" {} 86 | variable "sg_name" {} -------------------------------------------------------------------------------- /Non-Modularized/ALB-EC2/Attach-Target-Group-to-EC2.tf: -------------------------------------------------------------------------------- 1 | 2 | # Attaching Target Groups to EC2 3 | resource "aws_lb_target_group_attachment" "TG-Attachment" { 4 | target_group_arn = aws_lb_target_group.TG.arn 5 | target_id = aws_instance.EC2-One.id 6 | port = 80 7 | } 8 | 9 | 10 | # Attaching Target Groups to EC2-Two 11 | resource "aws_lb_target_group_attachment" "TG-Attachment2" { 12 | target_group_arn = aws_lb_target_group.TG.arn 13 | target_id = aws_instance.EC2-Two.id 14 | port = 80 15 | } 16 | 17 | -------------------------------------------------------------------------------- /Non-Modularized/ALB-EC2/Instance.tf: -------------------------------------------------------------------------------- 1 | # Creating EC2 Instance 1 2 | 3 | resource "aws_instance" "EC2-One" { 4 | ami = "ami-03ededff12e34e59e" 5 | instance_type = "t2.micro" 6 | key_name = "AmanPathak" 7 | subnet_id = aws_subnet.subnet1.id 8 | security_groups = [aws_security_group.security_group.id] 9 | user_data = <<-EOF 10 | #!/bin/bash 11 | yum install httpd -y 12 | echo "Hey!!! I am $(hostname -f)" > /var/www/html/index.html 13 | service httpd start 14 | chkconfig httpd on 15 | EOF 16 | tags = { 17 | Name = "Aman-EC2-1" 18 | } 19 | 20 | } 21 | 22 | # Creating EC2 Instance 2 23 | 24 | resource "aws_instance" "EC2-Two" { 25 | ami = "ami-03ededff12e34e59e" 26 | instance_type = "t2.micro" 27 | key_name = "AmanPathak" 28 | subnet_id = aws_subnet.subnet2.id 29 | security_groups = [aws_security_group.security_group.id] 30 | user_data = <<-EOF 31 | #!/bin/bash 32 | yum install httpd -y 33 | echo "Hey!!! I am $(hostname -f)" > /var/www/html/index.html 34 | service httpd start 35 | chkconfig httpd on 36 | EOF 37 | 38 | tags = { 39 | Name = "Aman-EC2-2" 40 | } 41 | } -------------------------------------------------------------------------------- /Non-Modularized/ALB-EC2/Internet-Gateway.tf: -------------------------------------------------------------------------------- 1 | 2 | # Creating Internet Gateway 3 | 4 | resource "aws_internet_gateway" "Aman-IG" { 5 | vpc_id = aws_vpc.vpc.id 6 | 7 | tags = { 8 | Name = "Aman-IG" 9 | } 10 | } -------------------------------------------------------------------------------- /Non-Modularized/ALB-EC2/Load-Balancer-Listener.tf: -------------------------------------------------------------------------------- 1 | 2 | # Create Load Balancer Listener 3 | 4 | resource "aws_lb_listener" "Aman-LB-Listener" { 5 | load_balancer_arn = aws_lb.Load-Balancer.arn 6 | port = 80 7 | protocol = "HTTP" 8 | 9 | default_action { 10 | type = "forward" 11 | target_group_arn = aws_lb_target_group.TG.arn 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /Non-Modularized/ALB-EC2/Load-Balancer.tf: -------------------------------------------------------------------------------- 1 | # Creating Load Balancer 2 | 3 | resource "aws_lb" "Load-Balancer" { 4 | name = "Load-Balancer" 5 | internal = false 6 | security_groups = [aws_security_group.security_group.id] 7 | subnets = [aws_subnet.subnet1.id, aws_subnet.subnet2.id] 8 | load_balancer_type = "application" 9 | ip_address_type = "ipv4" 10 | } -------------------------------------------------------------------------------- /Non-Modularized/ALB-EC2/Route-Table-Association.tf: -------------------------------------------------------------------------------- 1 | # Assocaiting Route Table Association 1 2 | 3 | resource "aws_route_table_association" "RT-Association1" { 4 | subnet_id = aws_subnet.subnet1.id 5 | route_table_id = aws_route_table.Aman-RT.id 6 | } 7 | 8 | # Association Route Table Association 2 9 | 10 | resource "aws_route_table_association" "RT-Association2" { 11 | subnet_id = aws_subnet.subnet2.id 12 | route_table_id = aws_route_table.Aman-RT.id 13 | } -------------------------------------------------------------------------------- /Non-Modularized/ALB-EC2/Route-Table.tf: -------------------------------------------------------------------------------- 1 | 2 | # Creating Route Table 3 | 4 | resource "aws_route_table" "Aman-RT" { 5 | vpc_id = aws_vpc.vpc.id 6 | route { 7 | cidr_block = "0.0.0.0/0" 8 | gateway_id = aws_internet_gateway.Aman-IG.id 9 | } 10 | tags = { 11 | Name = "Aman-RT" 12 | } 13 | } -------------------------------------------------------------------------------- /Non-Modularized/ALB-EC2/Security-Group.tf: -------------------------------------------------------------------------------- 1 | # Creating Security Group 2 | 3 | resource "aws_security_group" "security_group" { 4 | vpc_id = aws_vpc.vpc.id 5 | name = "HTTP" 6 | description = "Protocol Type HTTP" 7 | ingress { 8 | from_port = 80 9 | to_port = 80 10 | protocol = "tcp" 11 | cidr_blocks = ["0.0.0.0/0"] 12 | } 13 | 14 | egress { 15 | from_port = 0 16 | to_port = 0 17 | protocol = "-1" 18 | cidr_blocks = ["0.0.0.0/0"] 19 | ipv6_cidr_blocks = ["::/0"] 20 | } 21 | 22 | tags = { 23 | Name = "Aman-SG" 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /Non-Modularized/ALB-EC2/Subnet.tf: -------------------------------------------------------------------------------- 1 | 2 | # Creating Subnet 1 3 | 4 | 5 | resource "aws_subnet" "subnet1" { 6 | vpc_id = aws_vpc.vpc.id 7 | availability_zone = "us-east-1a" 8 | cidr_block = "10.0.1.0/24" 9 | map_public_ip_on_launch = true 10 | 11 | tags = { 12 | Name = "Aman-Subnet1" 13 | } 14 | } 15 | 16 | 17 | # Creating Subnet 2 18 | 19 | resource "aws_subnet" "subnet2" { 20 | vpc_id = aws_vpc.vpc.id 21 | cidr_block = "10.0.2.0/24" 22 | availability_zone = "us-east-1b" 23 | map_public_ip_on_launch = true 24 | 25 | tags = { 26 | Name = "Aman-Subnet2" 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /Non-Modularized/ALB-EC2/Target-Group.tf: -------------------------------------------------------------------------------- 1 | 2 | # Creating Target Group 3 | 4 | resource "aws_lb_target_group" "TG" { 5 | health_check { 6 | interval = 10 7 | path = "/" 8 | protocol = "HTTP" 9 | timeout = 5 10 | healthy_threshold = 5 11 | unhealthy_threshold = 2 12 | } 13 | name = "TG" 14 | port = 80 15 | protocol = "HTTP" 16 | vpc_id = aws_vpc.vpc.id 17 | 18 | tags = { 19 | Name = "Aman-TG" 20 | } 21 | } -------------------------------------------------------------------------------- /Non-Modularized/ALB-EC2/VPC.tf: -------------------------------------------------------------------------------- 1 | # Creating VPC 2 | 3 | resource "aws_vpc" "vpc" { 4 | cidr_block = "10.0.0.0/16" 5 | enable_dns_hostnames = true 6 | 7 | tags = { 8 | Name = "Aman-VPC" 9 | } 10 | } -------------------------------------------------------------------------------- /Non-Modularized/ALB-EC2/backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "s3" { 3 | bucket = "my-ews-baket1" 4 | region = "us-east-1" 5 | key = "Non-Modularized/ALB-EC2/terraform.tfstate" 6 | dynamodb_table = "Lock-Files" 7 | encrypt = true 8 | } 9 | required_version = ">=0.13.0" 10 | required_providers { 11 | aws = { 12 | version = ">= 2.7.0" 13 | source = "hashicorp/aws" 14 | } 15 | } 16 | } -------------------------------------------------------------------------------- /Non-Modularized/ALB-EC2/data.tf: -------------------------------------------------------------------------------- 1 | output "cidr_block" { 2 | value = aws_vpc.vpc.cidr_block 3 | } 4 | output "Vpc-ID" { 5 | value = aws_vpc.vpc.id 6 | } 7 | 8 | output "subnet-1-cidr_block" { 9 | value = aws_subnet.subnet1.cidr_block 10 | } 11 | 12 | output "subnet-1-id" { 13 | value = aws_subnet.subnet1.id 14 | } 15 | 16 | output "subnet-2-cidr_block" { 17 | value = aws_subnet.subnet2.cidr_block 18 | } 19 | 20 | output "subnet-2-id" { 21 | value = aws_subnet.subnet2.id 22 | } 23 | 24 | output "EC2-Instance1" { 25 | value = aws_instance.EC2-One.id 26 | } 27 | 28 | output "EC2-Instance2" { 29 | value = aws_instance.EC2-Two.id 30 | } 31 | 32 | output "Security-Group" { 33 | value = aws_security_group.security_group.id 34 | } 35 | 36 | output "Target-Group" { 37 | value = aws_lb_target_group.TG.arn 38 | } 39 | 40 | output "Load-Balancer" { 41 | value = aws_lb.Load-Balancer.id 42 | } 43 | 44 | output "subnet1" { 45 | value = element(aws_subnet.subnet1.*.id, 1) 46 | } 47 | 48 | output "subnet2" { 49 | value = element(aws_subnet.subnet2.*.id, 2) 50 | } -------------------------------------------------------------------------------- /Non-Modularized/ALB-EC2/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "us-east-1" 3 | # access_key = var.AWS_ACCESS_KEY_ID 4 | # secret_access_key = var.AWS_SECRET_ACCESS_KEY 5 | } -------------------------------------------------------------------------------- /Non-Modularized/API-Gateway-POST/backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "s3" { 3 | bucket = "my-ews-baket1" 4 | region = "us-east-1" 5 | key = "Non-Modularized/API-Gateway-POST/terraform.tfstate" 6 | dynamodb_table = "Lock-Files" 7 | encrypt = true 8 | } 9 | required_version = ">=0.13.0" 10 | required_providers { 11 | aws = { 12 | version = ">= 2.7.0" 13 | source = "hashicorp/aws" 14 | } 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /Non-Modularized/API-Gateway-POST/code.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AmanPathak-DevOps/Terraform-for-AWS/2376bd4bdae9dcfe64ca01333b8c84f947c168e1/Non-Modularized/API-Gateway-POST/code.zip -------------------------------------------------------------------------------- /Non-Modularized/API-Gateway-POST/iam-policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "logs:CreateLogGroup", 8 | "logs:CreateLogStream", 9 | "logs:PutLogEvents" 10 | ], 11 | "Resource": "*" 12 | } 13 | ] 14 | } -------------------------------------------------------------------------------- /Non-Modularized/API-Gateway-POST/iam-policy.tf: -------------------------------------------------------------------------------- 1 | resource "aws_iam_role_policy" "iam-policy" { 2 | name = "cloudwatch-policy" 3 | role = aws_iam_role.iam-role.id 4 | policy = file("${path.module}/iam-policy.json") 5 | } -------------------------------------------------------------------------------- /Non-Modularized/API-Gateway-POST/iam-role.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Principal": { 7 | "Service": "lambda.amazonaws.com" 8 | }, 9 | "Action": "sts:AssumeRole" 10 | } 11 | ] 12 | } -------------------------------------------------------------------------------- /Non-Modularized/API-Gateway-POST/iam-role.tf: -------------------------------------------------------------------------------- 1 | resource "aws_iam_role" "iam-role" { 2 | name = "iam-role-lambda-api-gateway" 3 | assume_role_policy = file("${path.module}/iam-role.json") 4 | } -------------------------------------------------------------------------------- /Non-Modularized/API-Gateway-POST/lambda-function.tf: -------------------------------------------------------------------------------- 1 | resource "aws_lambda_function" "lambda-function" { 2 | filename = "${path.module}/code.zip" 3 | function_name = "api-gw-lambda" 4 | role = aws_iam_role.iam-role.arn 5 | handler = "code.lambda_handler" 6 | runtime = "python3.9" 7 | } -------------------------------------------------------------------------------- /Non-Modularized/API-Gateway-POST/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "us-east-1" 3 | } -------------------------------------------------------------------------------- /Non-Modularized/API-Gateway-POST/variables.tf: -------------------------------------------------------------------------------- 1 | variable "AWS_REGION" { 2 | default = "" 3 | type = string 4 | sensitive = true 5 | } 6 | variable "AWS_ACCOUNT_ID" { 7 | default = "" 8 | type = string 9 | sensitive = true 10 | } 11 | -------------------------------------------------------------------------------- /Non-Modularized/ASG-ELB/Launch-Configuration.tf: -------------------------------------------------------------------------------- 1 | 2 | 3 | resource "aws_launch_configuration" "LC" { 4 | name = "LC" 5 | image_id = aws_ami_from_instance.AMI-Aman.id 6 | instance_type = "t2.micro" 7 | key_name = "Aman-Pathak" 8 | security_groups = [aws_security_group.custom-instance-sg.id] 9 | user_data = <<-EOF 10 | #!/bin/bash 11 | apt update 12 | apt upgrade 13 | apt-get -y install net-tools nginx 14 | cd /var/www/html 15 | sudo wget https://www.tooplate.com/zip-templates/2106_soft_landing.zip 16 | sudo apt install unzip 17 | sudo unzip 2106_soft_landing.zip 18 | sudo rm -rf 2106_soft_landing.zip index.nginx-debian.html 19 | cd 2106_soft_landing/ 20 | sudo mv index.html ../ 21 | sudo mv css ../ 22 | sudo mv fonts ../ 23 | sudo mv images js ../ 24 | sudo rm -rf 2106_soft_landing/ 25 | 26 | EOF 27 | lifecycle { 28 | create_before_destroy = true 29 | } 30 | } -------------------------------------------------------------------------------- /Non-Modularized/ASG-ELB/backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "s3" { 3 | bucket = "my-ews-baket1" 4 | region = "us-east-1" 5 | key = "Non-Modularized/ASG-ELB/terraform.tfstate" 6 | dynamodb_table = "Lock-Files" 7 | encrypt = true 8 | } 9 | required_version = ">=0.13.0" 10 | required_providers { 11 | aws = { 12 | version = ">= 2.7.0" 13 | source = "hashicorp/aws" 14 | } 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /Non-Modularized/ASG-ELB/elb.tf: -------------------------------------------------------------------------------- 1 | # resource "aws_lb" "custom-nlb" { 2 | 3 | # } 4 | 5 | 6 | resource "aws_elb" "custom-elb" { 7 | name = "custom-elb" 8 | subnets = [aws_subnet.public-subnet-1.id, aws_subnet.public-subnet-2.id] 9 | security_groups = [aws_security_group.custom-elb-sg.id] 10 | 11 | listener { 12 | instance_port = 80 13 | instance_protocol = "http" 14 | lb_port = 80 15 | lb_protocol = "http" 16 | } 17 | 18 | health_check { 19 | healthy_threshold = 2 20 | unhealthy_threshold = 2 21 | timeout = 3 22 | target = "HTTP:80/" 23 | interval = 30 24 | } 25 | 26 | cross_zone_load_balancing = true 27 | connection_draining = true 28 | connection_draining_timeout = 400 29 | 30 | tags = { 31 | Name = "custom-elb" 32 | } 33 | } 34 | 35 | 36 | resource "aws_security_group" "custom-elb-sg" { 37 | name = "custom-elb-sg" 38 | vpc_id = aws_vpc.vpc.id 39 | 40 | egress { 41 | from_port = 0 42 | to_port = 0 43 | protocol = "-1" 44 | cidr_blocks = ["0.0.0.0/0"] 45 | } 46 | ingress { 47 | from_port = 80 48 | to_port = 80 49 | protocol = "tcp" 50 | cidr_blocks = ["0.0.0.0/0"] 51 | } 52 | 53 | ingress { 54 | from_port = 22 55 | to_port = 22 56 | protocol = "tcp" 57 | cidr_blocks = ["0.0.0.0/0"] 58 | } 59 | 60 | tags = { 61 | Name = "custom-elb-sg" 62 | } 63 | } 64 | 65 | 66 | resource "aws_security_group" "custom-instance-sg" { 67 | vpc_id = aws_vpc.vpc.id 68 | name = "custom-instance-sg" 69 | egress { 70 | from_port = 0 71 | to_port = 0 72 | protocol = "-1" 73 | cidr_blocks = ["0.0.0.0/0"] 74 | } 75 | 76 | ingress { 77 | from_port = 22 78 | to_port = 22 79 | protocol = "tcp" 80 | security_groups = [aws_security_group.custom-elb-sg.id] 81 | cidr_blocks = ["0.0.0.0/0"] 82 | } 83 | ingress { 84 | from_port = 80 85 | to_port = 80 86 | protocol = "tcp" 87 | security_groups = [aws_security_group.custom-elb-sg.id] 88 | cidr_blocks = ["0.0.0.0/0"] 89 | } 90 | tags = { 91 | Name = "custom-instance-sg" 92 | } 93 | } -------------------------------------------------------------------------------- /Non-Modularized/ASG-ELB/instance.tf: -------------------------------------------------------------------------------- 1 | # resource "aws_security_group" "SG" { 2 | # name = "SG" 3 | # vpc_id = aws_vpc.vpc.id 4 | # ingress { 5 | # from_port = 22 6 | # to_port = 22 7 | # protocol = "tcp" 8 | # cidr_blocks = ["0.0.0.0/0"] 9 | # } 10 | 11 | # ingress { 12 | # from_port = 80 13 | # to_port = 80 14 | # protocol = "tcp" 15 | # cidr_blocks = ["0.0.0.0/0"] 16 | # } 17 | # egress { 18 | # from_port = 0 19 | # to_port = 0 20 | # protocol = "-1" 21 | # cidr_blocks = ["0.0.0.0/0"] 22 | # } 23 | # } 24 | 25 | 26 | resource "aws_instance" "EC2" { 27 | ami = "ami-09d56f8956ab235b3" 28 | instance_type = "t2.micro" 29 | key_name = "Aman-Pathak" 30 | subnet_id = aws_subnet.public-subnet-1.id 31 | tags = { 32 | Name = "EC2" 33 | } 34 | } 35 | 36 | resource "aws_ami_from_instance" "AMI-Aman" { 37 | source_instance_id = aws_instance.EC2.id 38 | name = "AMI-Aman" 39 | } 40 | -------------------------------------------------------------------------------- /Non-Modularized/ASG-ELB/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "us-east-1" 3 | } -------------------------------------------------------------------------------- /Non-Modularized/ASG-ELB/vpc.tf: -------------------------------------------------------------------------------- 1 | # Creating VPC with some other configures and the CIDR block will be provided by the variables.tf file and the CIDR block is 10.0.0.0/16 2 | resource "aws_vpc" "vpc" { 3 | cidr_block = "10.0.0.0/16" 4 | instance_tenancy = "default" 5 | enable_dns_hostnames = true 6 | 7 | tags = { 8 | Name = "Aman-VPC" 9 | } 10 | } 11 | 12 | # Creating Internet Gateway and attached to the Created VPC by vpc_id 13 | resource "aws_internet_gateway" "gateway" { 14 | vpc_id = aws_vpc.vpc.id 15 | 16 | tags = { 17 | Name = "Aman-Gateway" 18 | } 19 | } 20 | 21 | 22 | # Creating Public Subnet and attached to the Created VPC in the availability zone us-east-1a and map_public_ip is true 23 | # which means that the Subnet assigned as Public IP Address, by default it is false 24 | 25 | resource "aws_subnet" "public-subnet-1" { 26 | vpc_id = aws_vpc.vpc.id 27 | cidr_block = "10.0.1.0/24" 28 | availability_zone = "us-east-1a" 29 | map_public_ip_on_launch = true 30 | 31 | tags = { 32 | Name = "Public-Subnet-1" 33 | } 34 | } 35 | 36 | 37 | # Creating Public Subnet 2nd and attached to the Created VPC in the availability zone us-east-1b and map_public_ip is also true to make subnet as Public IP 38 | 39 | resource "aws_subnet" "public-subnet-2" { 40 | vpc_id = aws_vpc.vpc.id 41 | cidr_block = "10.0.2.0/24" 42 | availability_zone = "us-east-1b" 43 | map_public_ip_on_launch = true 44 | 45 | tags = { 46 | Name = "Public-Subnet-2" 47 | } 48 | } 49 | 50 | # Creating Route by attached to the Created VPC and add Public route 51 | 52 | 53 | resource "aws_route_table" "route_table" { 54 | vpc_id = aws_vpc.vpc.id 55 | route { 56 | cidr_block = "0.0.0.0/0" 57 | gateway_id = aws_internet_gateway.gateway.id 58 | } 59 | } 60 | 61 | 62 | # Associate Public Subnet 1 to Public Route Table 63 | 64 | resource "aws_route_table_association" "route-table-association1" { 65 | subnet_id = aws_subnet.public-subnet-1.id 66 | route_table_id = aws_route_table.route_table.id 67 | } 68 | 69 | # Associate Public Subnet 2 to Public Route Table 70 | 71 | resource "aws_route_table_association" "route-table-association2" { 72 | subnet_id = aws_subnet.public-subnet-2.id 73 | route_table_id = aws_route_table.route_table.id 74 | } -------------------------------------------------------------------------------- /Non-Modularized/ASG-LB/Launch-Configuration.tf: -------------------------------------------------------------------------------- 1 | resource "aws_launch_configuration" "LC" { 2 | name = "LC" 3 | image_id = aws_ami_from_instance.AMI-Aman.id 4 | instance_type = "t2.micro" 5 | key_name = "AmanPathak" 6 | security_groups = [aws_security_group.custom-instance-sg.id] 7 | user_data = <<-EOF 8 | #!/bin/bash 9 | apt update 10 | apt upgrade 11 | apt-get -y install net-tools nginx 12 | cd /var/www/html 13 | wget https://www.tooplate.com/zip-templates/2106_soft_landing.zip 14 | apt install unzip 15 | unzip 2106_soft_landing.zip 16 | rm -rf 2106_soft_landing.zip index.nginx-debian.html 17 | cd 2106_soft_landing/ 18 | mv index.html css fonts images js ../ 19 | rm -rf 2106_soft_landing/ 20 | EOF 21 | lifecycle { 22 | create_before_destroy = true 23 | } 24 | } -------------------------------------------------------------------------------- /Non-Modularized/ASG-LB/backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "s3" { 3 | bucket = "my-ews-baket1" 4 | region = "us-east-1" 5 | key = "Non-Modularized/ASG-LB/terraform.tfstate" 6 | dynamodb_table = "Lock-Files" 7 | encrypt = true 8 | } 9 | required_version = ">=0.13.0" 10 | required_providers { 11 | aws = { 12 | version = ">= 2.7.0" 13 | source = "hashicorp/aws" 14 | } 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /Non-Modularized/ASG-LB/instance.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "EC2" { 2 | ami = "ami-09d56f8956ab235b3" 3 | instance_type = "t2.micro" 4 | key_name = "AmanPathak" 5 | subnet_id = aws_subnet.public-subnet-1.id 6 | tags = { 7 | Name = "EC2" 8 | } 9 | } 10 | 11 | resource "aws_ami_from_instance" "AMI-Aman" { 12 | source_instance_id = aws_instance.EC2.id 13 | name = "AMI-Aman" 14 | } 15 | -------------------------------------------------------------------------------- /Non-Modularized/ASG-LB/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "us-east-1" 3 | } -------------------------------------------------------------------------------- /Non-Modularized/ASG-LB/vpc.tf: -------------------------------------------------------------------------------- 1 | # Creating VPC with some other configures and the CIDR block will be provided by the variables.tf file and the CIDR block is 10.0.0.0/16 2 | resource "aws_vpc" "vpc" { 3 | cidr_block = "10.0.0.0/16" 4 | instance_tenancy = "default" 5 | enable_dns_hostnames = true 6 | 7 | tags = { 8 | Name = "Aman-VPC" 9 | } 10 | } 11 | 12 | # Creating Internet Gateway and attached to the Created VPC by vpc_id 13 | resource "aws_internet_gateway" "gateway" { 14 | vpc_id = aws_vpc.vpc.id 15 | 16 | tags = { 17 | Name = "Aman-Gateway" 18 | } 19 | } 20 | 21 | 22 | # Creating Public Subnet and attached to the Created VPC in the availability zone us-east-1a and map_public_ip is true 23 | # which means that the Subnet assigned as Public IP Address, by default it is false 24 | 25 | resource "aws_subnet" "public-subnet-1" { 26 | vpc_id = aws_vpc.vpc.id 27 | cidr_block = "10.0.1.0/24" 28 | availability_zone = "us-east-1a" 29 | map_public_ip_on_launch = true 30 | 31 | tags = { 32 | Name = "Public-Subnet-1" 33 | } 34 | } 35 | 36 | 37 | # Creating Public Subnet 2nd and attached to the Created VPC in the availability zone us-east-1b and map_public_ip is also true to make subnet as Public IP 38 | 39 | resource "aws_subnet" "public-subnet-2" { 40 | vpc_id = aws_vpc.vpc.id 41 | cidr_block = "10.0.2.0/24" 42 | availability_zone = "us-east-1b" 43 | map_public_ip_on_launch = true 44 | 45 | tags = { 46 | Name = "Public-Subnet-2" 47 | } 48 | } 49 | 50 | # Creating Route by attached to the Created VPC and add Public route 51 | 52 | 53 | resource "aws_route_table" "route_table" { 54 | vpc_id = aws_vpc.vpc.id 55 | route { 56 | cidr_block = "0.0.0.0/0" 57 | gateway_id = aws_internet_gateway.gateway.id 58 | } 59 | } 60 | 61 | 62 | # Associate Public Subnet 1 to Public Route Table 63 | 64 | resource "aws_route_table_association" "route-table-association1" { 65 | subnet_id = aws_subnet.public-subnet-1.id 66 | route_table_id = aws_route_table.route_table.id 67 | } 68 | 69 | # Associate Public Subnet 2 to Public Route Table 70 | 71 | resource "aws_route_table_association" "route-table-association2" { 72 | subnet_id = aws_subnet.public-subnet-2.id 73 | route_table_id = aws_route_table.route_table.id 74 | } -------------------------------------------------------------------------------- /Non-Modularized/AWS-Cost-Reporting/DateTime.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AmanPathak-DevOps/Terraform-for-AWS/2376bd4bdae9dcfe64ca01333b8c84f947c168e1/Non-Modularized/AWS-Cost-Reporting/DateTime.zip -------------------------------------------------------------------------------- /Non-Modularized/AWS-Cost-Reporting/assets/AWS-Infra.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AmanPathak-DevOps/Terraform-for-AWS/2376bd4bdae9dcfe64ca01333b8c84f947c168e1/Non-Modularized/AWS-Cost-Reporting/assets/AWS-Infra.gif -------------------------------------------------------------------------------- /Non-Modularized/AWS-Cost-Reporting/backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "s3" { 3 | bucket = "my-ews-baket1" 4 | region = "us-east-1" 5 | key = "Non-Modularized/AWS-Cost-Reporting/terraform.tfstate" 6 | dynamodb_table = "Lock-Files" 7 | encrypt = true 8 | } 9 | required_version = ">=0.13.0" 10 | required_providers { 11 | aws = { 12 | version = ">= 2.7.0" 13 | source = "hashicorp/aws" 14 | } 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /Non-Modularized/AWS-Cost-Reporting/eventbridge-rule.tf: -------------------------------------------------------------------------------- 1 | resource "aws_cloudwatch_event_rule" "eventbridge_rule" { 2 | name = "eventbridge-rule-lambda" 3 | description = "EventBridge rule to trigger Lambda on the 1st of the month at 8:00 PM IST each year" 4 | schedule_expression = "cron(0 15 1 * ? *)" 5 | } 6 | 7 | resource "aws_cloudwatch_event_target" "eventbrdige_target" { 8 | target_id = "Lambda-function" 9 | rule = aws_cloudwatch_event_rule.eventbridge_rule.name 10 | arn = aws_lambda_function.cost-reporting-lambda.arn 11 | } -------------------------------------------------------------------------------- /Non-Modularized/AWS-Cost-Reporting/lambda-function.tf: -------------------------------------------------------------------------------- 1 | resource "aws_lambda_function" "cost-reporting-lambda" { 2 | filename = "python-code.zip" 3 | function_name = "AWS-Cost-Reporting-Lambda" 4 | role = aws_iam_role.iam-role.arn 5 | layers = ["arn:aws:lambda:us-east-1:336392948345:layer:AWSSDKPandas-Python39:8", aws_lambda_layer_version.Datetime-layer.arn] 6 | handler = "python-code.lambda_handler" 7 | runtime = "python3.9" 8 | source_code_hash = filebase64sha256("python-code.zip") 9 | 10 | # TFSec Suggested 11 | tracing_config { 12 | mode = "Active" 13 | } 14 | } 15 | 16 | resource "aws_lambda_permission" "eventbridge-permission" { 17 | statement_id = "AllowEventBridgeInvoke" 18 | action = "lambda:InvokeFunction" 19 | function_name = aws_lambda_function.cost-reporting-lambda.function_name 20 | principal = "events.amazonaws.com" 21 | source_arn = aws_cloudwatch_event_rule.eventbridge_rule.arn 22 | } -------------------------------------------------------------------------------- /Non-Modularized/AWS-Cost-Reporting/lambda-layers.tf: -------------------------------------------------------------------------------- 1 | resource "aws_lambda_layer_version" "Datetime-layer" { 2 | filename = "${path.module}/DateTime.zip" 3 | layer_name = "DateTime-Package" 4 | compatible_runtimes = ["python3.9", "python3.10"] 5 | compatible_architectures = ["x86_64"] 6 | } -------------------------------------------------------------------------------- /Non-Modularized/AWS-Cost-Reporting/policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "logs:CreateLogGroup", 8 | "logs:CreateLogStream", 9 | "logs:PutLogEvents", 10 | "ce:GetCostAndUsage", 11 | "ses:*" 12 | ], 13 | "Resource": "*" 14 | } 15 | ] 16 | } 17 | 18 | -------------------------------------------------------------------------------- /Non-Modularized/AWS-Cost-Reporting/policy.tf: -------------------------------------------------------------------------------- 1 | resource "aws_iam_role_policy" "iam-policy" { 2 | name = "AWS-Lambda-Role-Policy-SES-CostExplorer" 3 | role = aws_iam_role.iam-role.id 4 | policy = file("${path.module}/policy.json") 5 | } -------------------------------------------------------------------------------- /Non-Modularized/AWS-Cost-Reporting/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "us-east-1" 3 | } -------------------------------------------------------------------------------- /Non-Modularized/AWS-Cost-Reporting/python-code.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AmanPathak-DevOps/Terraform-for-AWS/2376bd4bdae9dcfe64ca01333b8c84f947c168e1/Non-Modularized/AWS-Cost-Reporting/python-code.zip -------------------------------------------------------------------------------- /Non-Modularized/AWS-Cost-Reporting/role.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Principal": { 7 | "Service": "lambda.amazonaws.com" 8 | }, 9 | "Action": "sts:AssumeRole" 10 | } 11 | ] 12 | } -------------------------------------------------------------------------------- /Non-Modularized/AWS-Cost-Reporting/role.tf: -------------------------------------------------------------------------------- 1 | resource "aws_iam_role" "iam-role" { 2 | name = "iam-role-lambda-AWS-Cost-Reporting-Lambda" 3 | assume_role_policy = file("${path.module}/role.json") 4 | } -------------------------------------------------------------------------------- /Non-Modularized/AWS-Cost-Reporting/ses.tf: -------------------------------------------------------------------------------- 1 | resource "aws_ses_email_identity" "send-mail" { 2 | email = "mailid@gmail.com" 3 | } 4 | 5 | resource "aws_ses_email_identity" "receiver-mail" { 6 | email = "mailid@gmail.com" 7 | } 8 | 9 | 10 | -------------------------------------------------------------------------------- /Non-Modularized/AWS-Glue-S3/backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "s3" { 3 | bucket = "my-ews-baket1" 4 | region = "us-east-1" 5 | key = "Non-Modularized/AWS-Glue-S3/terraform.tfstate" 6 | dynamodb_table = "Lock-Files" 7 | encrypt = true 8 | } 9 | required_version = ">=0.13.0" 10 | required_providers { 11 | aws = { 12 | version = ">= 2.7.0" 13 | source = "hashicorp/aws" 14 | } 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /Non-Modularized/AWS-Glue-S3/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "us-east-1" 3 | } -------------------------------------------------------------------------------- /Non-Modularized/AWS-Serverless-Project/amplify_app.tf: -------------------------------------------------------------------------------- 1 | resource "aws_amplify_app" "my_amplify_app" { 2 | name = var.app_name 3 | repository = var.app_repo 4 | 5 | iam_service_role_arn = aws_iam_role.iam_role_amplify.arn 6 | 7 | depends_on = [aws_api_gateway_deployment.student_api_deployment] 8 | } 9 | 10 | 11 | resource "aws_amplify_branch" "master" { 12 | app_id = aws_amplify_app.my_amplify_app.id 13 | branch_name = var.app_branch 14 | 15 | depends_on = [ aws_amplify_app.my_amplify_app ] 16 | } 17 | 18 | resource "aws_amplify_domain_association" "example" { 19 | app_id = aws_amplify_app.my_amplify_app.id 20 | domain_name = var.app_domain_name 21 | 22 | sub_domain { 23 | branch_name = aws_amplify_branch.master.branch_name 24 | prefix = "" 25 | } 26 | 27 | sub_domain { 28 | branch_name = aws_amplify_branch.master.branch_name 29 | prefix = "www" 30 | } 31 | 32 | wait_for_verification = true 33 | 34 | depends_on = [aws_amplify_app.my_amplify_app] 35 | } 36 | -------------------------------------------------------------------------------- /Non-Modularized/AWS-Serverless-Project/assets/Serverless.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AmanPathak-DevOps/Terraform-for-AWS/2376bd4bdae9dcfe64ca01333b8c84f947c168e1/Non-Modularized/AWS-Serverless-Project/assets/Serverless.gif -------------------------------------------------------------------------------- /Non-Modularized/AWS-Serverless-Project/backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "s3" { 3 | bucket = "my-ews-baket1" 4 | region = "us-east-1" 5 | key = "Non-Modularized/AWS-Serverless-Project/terraform.tfstate" 6 | dynamodb_table = "Lock-Files" 7 | encrypt = true 8 | } 9 | required_version = ">=0.13.0" 10 | required_providers { 11 | aws = { 12 | version = ">= 2.7.0" 13 | source = "hashicorp/aws" 14 | } 15 | } 16 | } -------------------------------------------------------------------------------- /Non-Modularized/AWS-Serverless-Project/dynamodb.tf: -------------------------------------------------------------------------------- 1 | resource "aws_dynamodb_table" "Student-Details-db" { 2 | name = var.db_table_name 3 | read_capacity = 10 4 | write_capacity = 10 5 | hash_key = "ID" 6 | 7 | attribute { 8 | name = "ID" 9 | type = "S" 10 | } 11 | 12 | tags = { 13 | Name = "Production-DB" 14 | } 15 | } -------------------------------------------------------------------------------- /Non-Modularized/AWS-Serverless-Project/enable-cors-apigw.tf: -------------------------------------------------------------------------------- 1 | resource "aws_api_gateway_method" "options_method" { 2 | rest_api_id = aws_api_gateway_rest_api.lambda_api.id 3 | resource_id = aws_api_gateway_resource.add_student_resource.id 4 | http_method = "OPTIONS" 5 | authorization = "NONE" 6 | api_key_required = false 7 | } 8 | 9 | 10 | 11 | 12 | resource "aws_api_gateway_integration" "options_integration" { 13 | rest_api_id = aws_api_gateway_rest_api.lambda_api.id 14 | resource_id = aws_api_gateway_resource.add_student_resource.id 15 | http_method = "OPTIONS" 16 | passthrough_behavior = "WHEN_NO_MATCH" 17 | type = "MOCK" 18 | 19 | request_templates = { 20 | "application/json" : "{\"statusCode\": 200}" 21 | } 22 | depends_on = [aws_api_gateway_method.options_method] 23 | } 24 | 25 | 26 | 27 | 28 | resource "aws_api_gateway_method_response" "options_response_200" { 29 | rest_api_id = aws_api_gateway_rest_api.lambda_api.id 30 | resource_id = aws_api_gateway_resource.add_student_resource.id 31 | http_method = aws_api_gateway_method.options_method.http_method 32 | status_code = "200" 33 | 34 | response_parameters = { 35 | "method.response.header.Access-Control-Allow-Origin" = true 36 | "method.response.header.Access-Control-Allow-Methods" = true 37 | "method.response.header.Access-Control-Allow-Headers" = true 38 | } 39 | 40 | response_models = { 41 | "application/json" = "Empty" 42 | } 43 | } 44 | 45 | resource "aws_api_gateway_integration_response" "options_integration_response" { 46 | rest_api_id = aws_api_gateway_rest_api.lambda_api.id 47 | resource_id = aws_api_gateway_resource.add_student_resource.id 48 | http_method = aws_api_gateway_method.options_method.http_method 49 | status_code = "200" 50 | 51 | response_parameters = { 52 | "method.response.header.Access-Control-Allow-Headers" = "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'" 53 | "method.response.header.Access-Control-Allow-Methods" = "'POST,OPTIONS'" 54 | "method.response.header.Access-Control-Allow-Origin" = "'*'" 55 | } 56 | 57 | depends_on = [aws_api_gateway_method_response.options_response_200] 58 | } -------------------------------------------------------------------------------- /Non-Modularized/AWS-Serverless-Project/iam-policy.tf: -------------------------------------------------------------------------------- 1 | resource "aws_iam_role_policy" "lambda-policy" { 2 | name = var.policy-1 3 | role = aws_iam_role.iam_role_lambda.id 4 | 5 | 6 | policy = jsonencode({ 7 | Version = "2012-10-17" 8 | Statement = [ 9 | { 10 | Action = [ 11 | "logs:CreateLogStream", 12 | "logs:PutLogEvents", 13 | "dynamodb:PutItem", 14 | "dynamodb:DeleteItem", 15 | "dynamodb:GetItem", 16 | "dynamodb:Scan", 17 | "dynamodb:Query", 18 | "dynamodb:UpdateItem" 19 | ] 20 | Effect = "Allow" 21 | Resource = "*" 22 | }, 23 | ] 24 | }) 25 | } 26 | 27 | resource "aws_iam_role_policy" "amplify-policy" { 28 | name = var.policy-2 29 | role = aws_iam_role.iam_role_amplify.id 30 | 31 | 32 | policy = jsonencode({ 33 | Version = "2012-10-17" 34 | Statement = [ 35 | { 36 | Action = [ 37 | "logs:CreateLogStream", 38 | "logs:PutLogEvents", 39 | "logs:CreateLogGroup", 40 | "logs:DescribeLogGroups", 41 | "codecommit:GitPull" 42 | ] 43 | Effect = "Allow" 44 | Resource = "*" 45 | }, 46 | ] 47 | }) 48 | } -------------------------------------------------------------------------------- /Non-Modularized/AWS-Serverless-Project/iam-role.tf: -------------------------------------------------------------------------------- 1 | resource "aws_iam_role" "iam_role_lambda" { 2 | name = var.role-1 3 | 4 | assume_role_policy = jsonencode({ 5 | Version = "2012-10-17" 6 | Statement = [ 7 | { 8 | Action = "sts:AssumeRole" 9 | Effect = "Allow" 10 | Sid = "" 11 | Principal = { 12 | Service = "lambda.amazonaws.com" 13 | } 14 | }, 15 | ] 16 | }) 17 | 18 | tags = { 19 | tag-key = "tag-value" 20 | } 21 | } 22 | 23 | resource "aws_iam_role" "iam_role_amplify" { 24 | name = var.role-2 25 | assume_role_policy = jsonencode({ 26 | Version = "2012-10-17" 27 | Statement = [ 28 | { 29 | Action = "sts:AssumeRole" 30 | Effect = "Allow" 31 | Sid = "" 32 | Principal = { 33 | Service = "amplify.amazonaws.com" 34 | } 35 | }, 36 | ] 37 | }) 38 | 39 | tags = { 40 | tag-key = "tag-value" 41 | } 42 | } -------------------------------------------------------------------------------- /Non-Modularized/AWS-Serverless-Project/lambda-permission.tf: -------------------------------------------------------------------------------- 1 | resource "aws_lambda_permission" "apigw" { 2 | statement_id = "AllowAPIGatewayInvoke" 3 | action = "lambda:InvokeFunction" 4 | function_name = aws_lambda_function.GET_lambda.function_name 5 | principal = "apigateway.amazonaws.com" 6 | source_arn = "${aws_api_gateway_rest_api.lambda_api.execution_arn}/*/GET/getStudent" 7 | 8 | depends_on = [aws_api_gateway_deployment.student_api_deployment] 9 | } 10 | 11 | resource "aws_lambda_permission" "apigw2" { 12 | statement_id = "AllowAPIGatewayInvoke" 13 | action = "lambda:InvokeFunction" 14 | function_name = aws_lambda_function.POST_lambda.function_name 15 | principal = "apigateway.amazonaws.com" 16 | source_arn = "${aws_api_gateway_rest_api.lambda_api.execution_arn}/*/POST/addStudent" 17 | 18 | depends_on = [aws_api_gateway_deployment.student_api_deployment] 19 | } 20 | -------------------------------------------------------------------------------- /Non-Modularized/AWS-Serverless-Project/lambda.tf: -------------------------------------------------------------------------------- 1 | resource "aws_lambda_function" "GET_lambda" { 2 | function_name = var.function_name_GET 3 | role = aws_iam_role.iam_role_lambda.arn 4 | handler = var.GET_lambda_handler 5 | runtime = var.lambda_runtime 6 | timeout = var.lambda_timeout 7 | memory_size = var.lambda_memory_size 8 | s3_bucket = var.bucket_name 9 | s3_key = var.GET_function_file 10 | } 11 | 12 | resource "aws_lambda_function" "POST_lambda" { 13 | function_name = var.function_name_POST 14 | role = aws_iam_role.iam_role_lambda.arn 15 | handler = var.POST_lambda_handler 16 | runtime = var.lambda_runtime 17 | timeout = var.lambda_timeout 18 | memory_size = var.lambda_memory_size 19 | s3_bucket = var.bucket_name 20 | s3_key = var.POST_function_file 21 | } -------------------------------------------------------------------------------- /Non-Modularized/AWS-Serverless-Project/variables.tf: -------------------------------------------------------------------------------- 1 | variable "app_name" {} 2 | variable "app_repo" {} 3 | variable "app_branch" {} 4 | variable "app_domain_name" {} 5 | variable "db_table_name" {} 6 | variable "function_name_GET" {} 7 | variable "bucket_name" {} 8 | variable "GET_function_file" {} 9 | variable "function_name_POST" {} 10 | variable "POST_function_file" {} 11 | variable "GET_lambda_handler" {} 12 | variable "POST_lambda_handler" {} 13 | variable "lambda_runtime" {} 14 | variable "lambda_timeout" {} 15 | variable "lambda_memory_size" {} 16 | variable "rest_api_name" {} 17 | variable "rest_api_description" {} 18 | variable "api_resource_one" {} 19 | variable "api_resource_two" {} 20 | variable "role-1" {} 21 | variable "role-2" {} 22 | variable "policy-1" {} 23 | variable "policy-2" {} 24 | -------------------------------------------------------------------------------- /Non-Modularized/AWS-Serverless-Project/variables.tfvars: -------------------------------------------------------------------------------- 1 | app_name = "serverless-amplify-app" 2 | app_repo = "https://git-codecommit.us-east-1.amazonaws.com/v1/repos/Serverless-Project" 3 | app_branch = "master" 4 | app_domain_name = "amanpathakdevops.study" 5 | db_table_name = "Student-Details" 6 | function_name_GET = "GET-lambda" 7 | bucket_name = "lambda-code6576453" 8 | GET_function_file = "GET.zip" 9 | function_name_POST = "POST-lambda" 10 | POST_function_file = "POST.zip" 11 | GET_lambda_handler = "GETmethod.lambda_handler" 12 | POST_lambda_handler = "POSTmethod.lambda_handler" 13 | lambda_runtime = "python3.10" 14 | lambda_memory_size = 128 15 | lambda_timeout = 60 16 | rest_api_name = "Student-API-Gateway-Lambda" 17 | rest_api_description = "Student API Gateway For Lambda" 18 | api_resource_one = "addStudent" 19 | api_resource_two = "getStudent" 20 | role-1 = "lambda-role" 21 | role-2 = "amplify-role" 22 | policy-1 = "lambda-policy" 23 | policy-2 = "amplify-policy" -------------------------------------------------------------------------------- /Non-Modularized/Auto-Scaling/Modules/backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "s3" { 3 | bucket = "my-ews-baket1" 4 | region = "us-east-1" 5 | key = "Non-Modularized/Auto-Scaling/terraform.tfstate" 6 | dynamodb_table = "Lock-Files" 7 | encrypt = true 8 | } 9 | required_version = ">=0.13.0" 10 | required_providers { 11 | aws = { 12 | version = ">= 2.7.0" 13 | source = "hashicorp/aws" 14 | } 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /Non-Modularized/Auto-Scaling/Modules/main.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "us-east-1" 3 | } 4 | module "ASG" { 5 | source = "../Resources/" 6 | } -------------------------------------------------------------------------------- /Non-Modularized/Cloudwatch-Alarm-Lambda-Failure-Pattern-Mail/backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "s3" { 3 | bucket = "my-ews-baket1" 4 | region = "us-east-1" 5 | key = "Non-Modularized/Cloudwatch-Alarm-Lambda-Failure-Pattern-Mail/terraform.tfstate" 6 | dynamodb_table = "Lock-Files" 7 | encrypt = true 8 | } 9 | required_version = ">=0.13.0" 10 | required_providers { 11 | aws = { 12 | version = ">= 2.7.0" 13 | source = "hashicorp/aws" 14 | } 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /Non-Modularized/Cloudwatch-Alarm-Lambda-Failure-Pattern-Mail/cloudwatchlog.tf: -------------------------------------------------------------------------------- 1 | data "aws_cloudwatch_log_group" "default-lambda-SNS1" { 2 | name = "/aws/lambda/${aws_lambda_function.lambda-SNS.function_name}" 3 | } 4 | resource "aws_cloudwatch_log_subscription_filter" "test_lambdafunction_logfilter-lambda-SNS1" { 5 | name = "test_lambdafunction_logfilter" 6 | log_group_name = data.aws_cloudwatch_log_group.default-lambda-SNS1.name 7 | filter_pattern = "?ERROR" 8 | destination_arn = aws_lambda_function.triggered-lambda.arn 9 | depends_on = [aws_lambda_permission.default-lambda-SNS1] 10 | } 11 | resource "aws_lambda_permission" "default-lambda-SNS1" { 12 | action = "lambda:InvokeFunction" 13 | function_name = aws_lambda_function.triggered-lambda.function_name 14 | principal = "logs.us-east-1.amazonaws.com" 15 | source_arn = "${data.aws_cloudwatch_log_group.default-lambda-SNS1.arn}:*" 16 | } 17 | 18 | 19 | 20 | data "aws_cloudwatch_log_group" "default-lambda-SNS2" { 21 | name = "/aws/lambda/${aws_lambda_function.lambda-SNS1.function_name}" 22 | } 23 | resource "aws_cloudwatch_log_subscription_filter" "test_lambdafunction_logfilter-lambda-SNS2" { 24 | name = "test_lambdafunction_logfilter" 25 | log_group_name = data.aws_cloudwatch_log_group.default-lambda-SNS2.name 26 | filter_pattern = "?ERROR" 27 | destination_arn = aws_lambda_function.triggered-lambda.arn 28 | depends_on = [aws_lambda_permission.default-lambda-SNS2] 29 | } 30 | resource "aws_lambda_permission" "default-lambda-SNS2" { 31 | action = "lambda:InvokeFunction" 32 | function_name = aws_lambda_function.triggered-lambda.function_name 33 | principal = "logs.us-east-1.amazonaws.com" 34 | source_arn = "${data.aws_cloudwatch_log_group.default-lambda-SNS2.arn}:*" 35 | } 36 | -------------------------------------------------------------------------------- /Non-Modularized/Cloudwatch-Alarm-Lambda-Failure-Pattern-Mail/code.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AmanPathak-DevOps/Terraform-for-AWS/2376bd4bdae9dcfe64ca01333b8c84f947c168e1/Non-Modularized/Cloudwatch-Alarm-Lambda-Failure-Pattern-Mail/code.zip -------------------------------------------------------------------------------- /Non-Modularized/Cloudwatch-Alarm-Lambda-Failure-Pattern-Mail/iam-policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "sns:*", 8 | "cloudwatch:*", 9 | "logs:*", 10 | "iam:GetPolicy", 11 | "iam:GetPolicyVersion", 12 | "iam:GetRole" 13 | ], 14 | "Resource": "*" 15 | } 16 | ] 17 | } -------------------------------------------------------------------------------- /Non-Modularized/Cloudwatch-Alarm-Lambda-Failure-Pattern-Mail/iam-policy.tf: -------------------------------------------------------------------------------- 1 | resource "aws_iam_role_policy" "iam-policy" { 2 | name = "AWS-Lambda-Role-S3-New" 3 | role = aws_iam_role.iam-role.id 4 | policy = file("${path.module}/iam-policy.json") 5 | } -------------------------------------------------------------------------------- /Non-Modularized/Cloudwatch-Alarm-Lambda-Failure-Pattern-Mail/iam-role.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Sid": "", 7 | "Principal": { 8 | "Service": "lambda.amazonaws.com" 9 | }, 10 | "Action": "sts:AssumeRole" 11 | } 12 | ] 13 | } -------------------------------------------------------------------------------- /Non-Modularized/Cloudwatch-Alarm-Lambda-Failure-Pattern-Mail/iam-role.tf: -------------------------------------------------------------------------------- 1 | resource "aws_iam_role" "iam-role" { 2 | name = "iam-role-lambda-api-gateway" 3 | assume_role_policy = file("${path.module}/iam-role.json") 4 | } -------------------------------------------------------------------------------- /Non-Modularized/Cloudwatch-Alarm-Lambda-Failure-Pattern-Mail/index.js: -------------------------------------------------------------------------------- 1 | var zlib = require('zlib'); 2 | 3 | var AWS = require('aws-sdk'); 4 | 5 | // Set region 6 | 7 | AWS.config.update({ region: 'us-east-1' }); 8 | 9 | 10 | 11 | /* 12 | 13 | * This handler is used to received log data from cloud watch log stream. 14 | 15 | */ 16 | 17 | exports.handler = (input, context) => { 18 | 19 | var payload = new Buffer(input.awslogs.data, 'base64'); 20 | 21 | zlib.gunzip(payload, function (e, result) { 22 | 23 | if (e) { 24 | 25 | 26 | 27 | console.log("Error occured while executing error br_icsdev_delmgr_lambda_error_publisher:", e); 28 | 29 | } else { 30 | 31 | result = JSON.parse(result.toString()); 32 | 33 | let mailBody = "\n\rHi,\n\rApplication Log, please take action on the following error:\n\r"; 34 | 35 | mailBody += "Date: " + result.logEvents["0"].message; 36 | 37 | 38 | 39 | // Create publish parameters 40 | 41 | var params = { 42 | 43 | Message: mailBody, /* required */ 44 | 45 | TopicArn: 'arn:aws:sns:us-east-1:728738226157:sns-topic-for-S3' /* required */ 46 | 47 | }; 48 | 49 | 50 | 51 | // Create promise and SNS service object 52 | 53 | var publishTextPromise = new AWS.SNS().publish(params).promise(); 54 | 55 | 56 | 57 | // Handle promise's fulfilled/rejected states 58 | 59 | publishTextPromise.then( 60 | 61 | function (data) { 62 | 63 | console.log(`Message ${params.Message} sent to the topic ${params.TopicArn}`); 64 | 65 | console.log("MessageID is " + data.MessageId); 66 | 67 | }).catch( 68 | 69 | function (err) { 70 | 71 | console.error(err, err.stack); 72 | 73 | }); 74 | 75 | 76 | 77 | } 78 | 79 | }); 80 | 81 | } -------------------------------------------------------------------------------- /Non-Modularized/Cloudwatch-Alarm-Lambda-Failure-Pattern-Mail/index.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AmanPathak-DevOps/Terraform-for-AWS/2376bd4bdae9dcfe64ca01333b8c84f947c168e1/Non-Modularized/Cloudwatch-Alarm-Lambda-Failure-Pattern-Mail/index.zip -------------------------------------------------------------------------------- /Non-Modularized/Cloudwatch-Alarm-Lambda-Failure-Pattern-Mail/lambda.tf: -------------------------------------------------------------------------------- 1 | # Creating lambda function 2 | resource "aws_lambda_function" "lambda-SNS" { 3 | filename = "code.zip" 4 | function_name = "lambda-for-SNS" 5 | role = aws_iam_role.iam-role.arn 6 | handler = "code.lambda_handler" 7 | runtime = "python3.8" 8 | } 9 | 10 | # Creating lambda function 11 | resource "aws_lambda_function" "lambda-SNS1" { 12 | filename = "code.zip" 13 | function_name = "lambda-for-SNS1" 14 | role = aws_iam_role.iam-role.arn 15 | handler = "code.lambda_handler" 16 | runtime = "python3.8" 17 | } 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | -------------------------------------------------------------------------------- /Non-Modularized/Cloudwatch-Alarm-Lambda-Failure-Pattern-Mail/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "us-east-1" 3 | } -------------------------------------------------------------------------------- /Non-Modularized/Cloudwatch-Alarm-Lambda-Failure-Pattern-Mail/sns-topic.tf: -------------------------------------------------------------------------------- 1 | # Creating SNS Topic 2 | resource "aws_sns_topic" "topic-sns" { 3 | name = "sns-topic-for-S3" 4 | } 5 | 6 | # Creating Subscription for the SNS Topics 7 | resource "aws_sns_topic_subscription" "subscription" { 8 | topic_arn = aws_sns_topic.topic-sns.arn 9 | protocol = "email" 10 | endpoint = var.ENDPOINT 11 | } 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | -------------------------------------------------------------------------------- /Non-Modularized/Cloudwatch-Alarm-Lambda-Failure-Pattern-Mail/triggered-lambda.tf: -------------------------------------------------------------------------------- 1 | resource "aws_lambda_function" "triggered-lambda" { 2 | filename = "index.zip" 3 | function_name = "triggered-lambda" 4 | role = aws_iam_role.iam-role.arn 5 | handler = "index.handler" 6 | runtime = "nodejs14.x" 7 | } -------------------------------------------------------------------------------- /Non-Modularized/Cloudwatch-Alarm-Lambda-Failure-Pattern-Mail/variable.tf: -------------------------------------------------------------------------------- 1 | variable "ENDPOINT" { 2 | default = "" 3 | type = string 4 | sensitive = true 5 | } -------------------------------------------------------------------------------- /Non-Modularized/Cloudwatch-Alarm-Lambda-Failure-SQS/backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "s3" { 3 | bucket = "my-ews-baket1" 4 | region = "us-east-1" 5 | key = "Non-Modularized/Cloudwatch-Alarm-Lambda-Failure-SQS/terraform.tfstate" 6 | dynamodb_table = "Lock-Files" 7 | encrypt = true 8 | } 9 | required_version = ">=0.13.0" 10 | required_providers { 11 | aws = { 12 | version = ">= 2.7.0" 13 | source = "hashicorp/aws" 14 | } 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /Non-Modularized/Cloudwatch-Alarm-Lambda-Failure-SQS/cloudwatch.tf: -------------------------------------------------------------------------------- 1 | resource "aws_cloudwatch_metric_alarm" "activeMqCheck_alarm" { 2 | alarm_name = "ActiveMqCheckStatusCheck" 3 | comparison_operator = "GreaterThanThreshold" 4 | evaluation_periods = "1" 5 | metric_name = "Errors" 6 | namespace = "AWS/Lambda" 7 | period = "60" 8 | statistic = "Sum" 9 | threshold = "0" 10 | alarm_description = "This metric monitors status of activeMQ" 11 | insufficient_data_actions = [] 12 | actions_enabled = "true" 13 | alarm_actions = [aws_sns_topic.topic-sns.arn] 14 | 15 | dimensions = { 16 | FunctionName = "${modules.aws_lambda_function.lambda-2.function_name}" 17 | } 18 | } -------------------------------------------------------------------------------- /Non-Modularized/Cloudwatch-Alarm-Lambda-Failure-SQS/code.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AmanPathak-DevOps/Terraform-for-AWS/2376bd4bdae9dcfe64ca01333b8c84f947c168e1/Non-Modularized/Cloudwatch-Alarm-Lambda-Failure-SQS/code.zip -------------------------------------------------------------------------------- /Non-Modularized/Cloudwatch-Alarm-Lambda-Failure-SQS/iam-policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "sns:*", 8 | "cloudwatch:*", 9 | "logs:*", 10 | "iam:GetPolicy", 11 | "iam:GetPolicyVersion", 12 | "iam:GetRole", 13 | "sqs:*" 14 | ], 15 | "Resource": "*" 16 | } 17 | ] 18 | } 19 | -------------------------------------------------------------------------------- /Non-Modularized/Cloudwatch-Alarm-Lambda-Failure-SQS/iam-policy.tf: -------------------------------------------------------------------------------- 1 | resource "aws_iam_role_policy" "iam-policy" { 2 | name = "AWS-Lambda-Role-S3-New" 3 | role = aws_iam_role.iam-role.id 4 | policy = file("${path.module}/iam-policy.json") 5 | } -------------------------------------------------------------------------------- /Non-Modularized/Cloudwatch-Alarm-Lambda-Failure-SQS/iam-role.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Principal": { 7 | "Service": "lambda.amazonaws.com" 8 | }, 9 | "Action": "sts:AssumeRole" 10 | } 11 | ] 12 | } -------------------------------------------------------------------------------- /Non-Modularized/Cloudwatch-Alarm-Lambda-Failure-SQS/iam-role.tf: -------------------------------------------------------------------------------- 1 | resource "aws_iam_role" "iam-role" { 2 | name = "iam-role-lambda-api-gateway" 3 | assume_role_policy = file("${path.module}/iam-role.json") 4 | } -------------------------------------------------------------------------------- /Non-Modularized/Cloudwatch-Alarm-Lambda-Failure-SQS/lambda.tf: -------------------------------------------------------------------------------- 1 | # Creating lambda function 2 | resource "aws_lambda_function" "lambda-2" { 3 | filename = "code.zip" 4 | function_name = "lambda-for-SNS" 5 | role = aws_iam_role.iam-role.arn 6 | handler = "code.lambda_handler" 7 | runtime = "python3.8" 8 | } 9 | 10 | 11 | 12 | resource "aws_lambda_function_event_invoke_config" "example" { 13 | function_name = aws_lambda_function.lambda-2.function_name 14 | destination_config { 15 | on_failure { 16 | destination = aws_sqs_queue.sqs-queue.arn 17 | } 18 | } 19 | } 20 | 21 | 22 | 23 | 24 | 25 | 26 | -------------------------------------------------------------------------------- /Non-Modularized/Cloudwatch-Alarm-Lambda-Failure-SQS/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "us-east-1" 3 | } -------------------------------------------------------------------------------- /Non-Modularized/Cloudwatch-Alarm-Lambda-Failure-SQS/sns.tf: -------------------------------------------------------------------------------- 1 | # Creating SNS Topic 2 | resource "aws_sns_topic" "topic-sns" { 3 | name = "sns-topic-for-S3" 4 | } 5 | 6 | # Creating Subscription for the SNS Topics 7 | resource "aws_sns_topic_subscription" "subscription" { 8 | topic_arn = aws_sns_topic.topic-sns.arn 9 | protocol = "sqs" 10 | endpoint = aws_sqs_queue.sqs-queue.arn 11 | } -------------------------------------------------------------------------------- /Non-Modularized/Cloudwatch-Alarm-Lambda-Failure-SQS/sqs.tf: -------------------------------------------------------------------------------- 1 | resource "aws_sqs_queue" "sqs-queue" { 2 | name = "New-SQS" 3 | delay_seconds = 90 4 | max_message_size = 2048 5 | message_retention_seconds = 86400 6 | receive_wait_time_seconds = 0 7 | 8 | tags = { 9 | Environment = "Dev" 10 | } 11 | } -------------------------------------------------------------------------------- /Non-Modularized/Cloudwatch-Alarm-Lambda-Failure/backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "s3" { 3 | bucket = "my-ews-baket1" 4 | region = "us-east-1" 5 | key = "Non-Modularized/Cloudwatch-Alarm-Lambda-Failure/terraform.tfstate" 6 | dynamodb_table = "Lock-Files" 7 | encrypt = true 8 | } 9 | required_version = ">=0.13.0" 10 | required_providers { 11 | aws = { 12 | version = ">= 2.7.0" 13 | source = "hashicorp/aws" 14 | } 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /Non-Modularized/Cloudwatch-Alarm-Lambda-Failure/cloudwatch.tf: -------------------------------------------------------------------------------- 1 | resource "aws_cloudwatch_metric_alarm" "activeMqCheck_alarm" { 2 | alarm_name = "ActiveMqCheckStatusCheck" 3 | comparison_operator = "GreaterThanThreshold" 4 | evaluation_periods = "1" 5 | metric_name = "Errors" 6 | namespace = "AWS/Lambda" 7 | period = "60" 8 | statistic = "Sum" 9 | threshold = "0" 10 | alarm_description = "This metric monitors status of activeMQ" 11 | insufficient_data_actions = [] 12 | actions_enabled = "true" 13 | alarm_actions = [aws_sns_topic.topic-sns.arn] 14 | 15 | dimensions = { 16 | FunctionName = aws_lambda_function.lambda-2.function_name 17 | } 18 | } -------------------------------------------------------------------------------- /Non-Modularized/Cloudwatch-Alarm-Lambda-Failure/code.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AmanPathak-DevOps/Terraform-for-AWS/2376bd4bdae9dcfe64ca01333b8c84f947c168e1/Non-Modularized/Cloudwatch-Alarm-Lambda-Failure/code.zip -------------------------------------------------------------------------------- /Non-Modularized/Cloudwatch-Alarm-Lambda-Failure/iam-policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "sns:*", 8 | "cloudwatch:*", 9 | "logs:*", 10 | "iam:GetPolicy", 11 | "iam:GetPolicyVersion", 12 | "iam:GetRole" 13 | ], 14 | "Resource": "*" 15 | } 16 | ] 17 | } -------------------------------------------------------------------------------- /Non-Modularized/Cloudwatch-Alarm-Lambda-Failure/iam-policy.tf: -------------------------------------------------------------------------------- 1 | resource "aws_iam_role_policy" "iam-policy" { 2 | name = "AWS-Lambda-Role-S3-New" 3 | role = aws_iam_role.iam-role.id 4 | policy = file("${path.module}/iam-policy.json") 5 | } -------------------------------------------------------------------------------- /Non-Modularized/Cloudwatch-Alarm-Lambda-Failure/iam-role.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Principal": { 7 | "Service": "lambda.amazonaws.com" 8 | }, 9 | "Action": "sts:AssumeRole" 10 | } 11 | ] 12 | } -------------------------------------------------------------------------------- /Non-Modularized/Cloudwatch-Alarm-Lambda-Failure/iam-role.tf: -------------------------------------------------------------------------------- 1 | resource "aws_iam_role" "iam-role" { 2 | name = "iam-role-lambda-api-gateway" 3 | assume_role_policy = file("${path.module}/iam-role.json") 4 | } -------------------------------------------------------------------------------- /Non-Modularized/Cloudwatch-Alarm-Lambda-Failure/lambda.tf: -------------------------------------------------------------------------------- 1 | # Creating lambda function 2 | resource "aws_lambda_function" "lambda-2" { 3 | filename = "code.zip" 4 | function_name = "lambda-for-SNS" 5 | role = aws_iam_role.iam-role.arn 6 | # layers = [aws_lambda_layer_version.layer.arn] 7 | handler = "code.lambda_handler" 8 | runtime = "python3.8" 9 | } 10 | 11 | # Creating SNS Topic 12 | resource "aws_sns_topic" "topic-sns" { 13 | name = "sns-topic-for-S3" 14 | } 15 | 16 | # Creating Subscription for the SNS Topics 17 | resource "aws_sns_topic_subscription" "subscription" { 18 | topic_arn = aws_sns_topic.topic-sns.arn 19 | protocol = "email" 20 | endpoint = var.ENDPOINT 21 | } 22 | 23 | 24 | resource "aws_lambda_function_event_invoke_config" "example" { 25 | function_name = aws_lambda_function.lambda-2.function_name 26 | destination_config { 27 | on_failure { 28 | destination = aws_sns_topic.topic-sns.arn 29 | } 30 | } 31 | } 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | -------------------------------------------------------------------------------- /Non-Modularized/Cloudwatch-Alarm-Lambda-Failure/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "us-east-1" 3 | } -------------------------------------------------------------------------------- /Non-Modularized/Cloudwatch-Alarm-Lambda-Failure/variable.tf: -------------------------------------------------------------------------------- 1 | variable "ENDPOINT" { 2 | default = "" 3 | type = string 4 | sensitive = true 5 | } -------------------------------------------------------------------------------- /Non-Modularized/DynamoDB-Streams-With-New-Lambda-Trigger/backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "s3" { 3 | bucket = "my-ews-baket1" 4 | region = "us-east-1" 5 | key = "Non-Modularized/DynamoDB-Streams-With-Lambda-Trigger/terraform.tfstate" 6 | dynamodb_table = "Lock-Files" 7 | encrypt = true 8 | } 9 | required_version = ">=0.13.0" 10 | required_providers { 11 | aws = { 12 | version = ">= 2.7.0" 13 | source = "hashicorp/aws" 14 | } 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /Non-Modularized/DynamoDB-Streams-With-New-Lambda-Trigger/code.py: -------------------------------------------------------------------------------- 1 | import json 2 | 3 | print('Loading function') 4 | 5 | 6 | def lambda_handler(event, context): 7 | #print("Received event: " + json.dumps(event, indent=2)) 8 | for record in event['Records']: 9 | print(record['eventID']) 10 | print(record['eventName']) 11 | print("DynamoDB Record: " + json.dumps(record['dynamodb'], indent=2)) 12 | return 'Successfully processed {} records.'.format(len(event['Records'])) 13 | -------------------------------------------------------------------------------- /Non-Modularized/DynamoDB-Streams-With-New-Lambda-Trigger/code.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AmanPathak-DevOps/Terraform-for-AWS/2376bd4bdae9dcfe64ca01333b8c84f947c168e1/Non-Modularized/DynamoDB-Streams-With-New-Lambda-Trigger/code.zip -------------------------------------------------------------------------------- /Non-Modularized/DynamoDB-Streams-With-New-Lambda-Trigger/create-table.tf: -------------------------------------------------------------------------------- 1 | resource "aws_dynamodb_table" "dynamodb-table" { 2 | name = "GameScore" 3 | billing_mode = "PROVISIONED" 4 | read_capacity = 5 5 | write_capacity = 5 6 | stream_enabled = true 7 | stream_view_type = "NEW_AND_OLD_IMAGES" 8 | hash_key = "Name" 9 | range_key = "Score" 10 | attribute { 11 | name = "Name" 12 | type = "S" 13 | } 14 | 15 | attribute { 16 | name = "Score" 17 | type = "N" 18 | } 19 | } -------------------------------------------------------------------------------- /Non-Modularized/DynamoDB-Streams-With-New-Lambda-Trigger/iam-policy.tf: -------------------------------------------------------------------------------- 1 | resource "aws_iam_role_policy" "iam-policy" { 2 | name = "iam-policy-lambdad" 3 | role = aws_iam_role.iam-role.id 4 | policy = file("${path.module}/iam-policy.json") 5 | } -------------------------------------------------------------------------------- /Non-Modularized/DynamoDB-Streams-With-New-Lambda-Trigger/iam-role.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Action": "sts:AssumeRole", 6 | "Principal": { 7 | "Service": "lambda.amazonaws.com" 8 | }, 9 | "Effect": "Allow", 10 | "Sid": "" 11 | } 12 | ] 13 | } -------------------------------------------------------------------------------- /Non-Modularized/DynamoDB-Streams-With-New-Lambda-Trigger/iam-role.tf: -------------------------------------------------------------------------------- 1 | resource "aws_iam_role" "iam-role" { 2 | name = "iam-role-lambdad" 3 | assume_role_policy = file("${path.module}/iam-role.json") 4 | } -------------------------------------------------------------------------------- /Non-Modularized/DynamoDB-Streams-With-New-Lambda-Trigger/lambda_function.tf: -------------------------------------------------------------------------------- 1 | resource "aws_lambda_function" "lambda-function" { 2 | filename = "${path.module}/code.zip" 3 | function_name = "dynamodb-lambda" 4 | role = aws_iam_role.iam-role.arn 5 | handler = "code.lambda_handler" 6 | runtime = "python3.9" 7 | } 8 | 9 | 10 | -------------------------------------------------------------------------------- /Non-Modularized/DynamoDB-Streams-With-New-Lambda-Trigger/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "us-east-1" 3 | } -------------------------------------------------------------------------------- /Non-Modularized/DynamoDB-Streams-With-New-Lambda-Trigger/trigger.tf: -------------------------------------------------------------------------------- 1 | resource "aws_lambda_event_source_mapping" "example" { 2 | event_source_arn = aws_dynamodb_table.dynamodb-table.stream_arn 3 | function_name = aws_lambda_function.lambda-function.arn 4 | starting_position = "LATEST" 5 | } 6 | -------------------------------------------------------------------------------- /Non-Modularized/DynamoDB/backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "s3" { 3 | bucket = "my-ews-baket1" 4 | region = "us-east-1" 5 | key = "Non-Modularized/DynamoDB/terraform.tfstate" 6 | dynamodb_table = "Lock-Files" 7 | encrypt = true 8 | } 9 | required_version = ">=0.13.0" 10 | required_providers { 11 | aws = { 12 | version = ">= 2.7.0" 13 | source = "hashicorp/aws" 14 | } 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /Non-Modularized/DynamoDB/create-table.tf: -------------------------------------------------------------------------------- 1 | resource "aws_dynamodb_table" "basic-db-table" { 2 | name = "Votes" 3 | billing_mode = "PROVISIONED" 4 | read_capacity = 20 5 | write_capacity = 20 6 | hash_key = "UserId" 7 | range_key = "ElectionTitle" 8 | 9 | attribute { 10 | name = "UserId" 11 | type = "S" 12 | } 13 | 14 | attribute { 15 | name = "ElectionTitle" 16 | type = "S" 17 | } 18 | 19 | attribute { 20 | name = "Number_of_Votes" 21 | type = "N" 22 | } 23 | 24 | ttl { 25 | attribute_name = "TimeToExist" 26 | enabled = false 27 | } 28 | 29 | global_secondary_index { 30 | name = "Election_Vote" 31 | hash_key = "ElectionTitle" 32 | range_key = "Number_of_Votes" 33 | write_capacity = 10 34 | read_capacity = 10 35 | projection_type = "INCLUDE" 36 | non_key_attributes = ["UserId"] 37 | } 38 | 39 | tags = { 40 | Name = "dynamodb-table-1" 41 | Environment = "production" 42 | } 43 | 44 | } -------------------------------------------------------------------------------- /Non-Modularized/DynamoDB/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "us-east-1" 3 | } -------------------------------------------------------------------------------- /Non-Modularized/EBS-Snapshot-Cost-Optimization/assets/AWS-Infra-Diagram.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AmanPathak-DevOps/Terraform-for-AWS/2376bd4bdae9dcfe64ca01333b8c84f947c168e1/Non-Modularized/EBS-Snapshot-Cost-Optimization/assets/AWS-Infra-Diagram.gif -------------------------------------------------------------------------------- /Non-Modularized/EBS-Snapshot-Cost-Optimization/backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "s3" { 3 | bucket = "my-ews-baket1" 4 | region = "us-east-1" 5 | key = "Non-Modularized/VPC-Networking/terraform.tfstate" 6 | dynamodb_table = "Lock-Files" 7 | encrypt = true 8 | } 9 | required_version = ">=0.13.0" 10 | required_providers { 11 | aws = { 12 | version = ">= 2.7.0" 13 | source = "hashicorp/aws" 14 | } 15 | } 16 | } -------------------------------------------------------------------------------- /Non-Modularized/EBS-Snapshot-Cost-Optimization/ebs_snapshot_cost_optimization.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AmanPathak-DevOps/Terraform-for-AWS/2376bd4bdae9dcfe64ca01333b8c84f947c168e1/Non-Modularized/EBS-Snapshot-Cost-Optimization/ebs_snapshot_cost_optimization.zip -------------------------------------------------------------------------------- /Non-Modularized/EBS-Snapshot-Cost-Optimization/iam-policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "ec2:DescribeInstances", 8 | "ec2:DeleteSnapshot", 9 | "ec2:DescribeSnapshots", 10 | "ec2:DescribeVolumes" 11 | ], 12 | "Resource": "*" 13 | } 14 | ] 15 | } -------------------------------------------------------------------------------- /Non-Modularized/EBS-Snapshot-Cost-Optimization/iam-policy.tf: -------------------------------------------------------------------------------- 1 | resource "aws_iam_role_policy" "policy-for-cost-optimization" { 2 | name = "iam-policy-${var.lambda-function-name}" 3 | role = aws_iam_role.role-for-cost-optimization.id 4 | policy = file("${path.module}/iam-policy.json") 5 | } -------------------------------------------------------------------------------- /Non-Modularized/EBS-Snapshot-Cost-Optimization/iam-role.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Action": "sts:AssumeRole", 6 | "Principal": { 7 | "Service": "lambda.amazonaws.com" 8 | }, 9 | "Effect": "Allow", 10 | "Sid": "" 11 | } 12 | ] 13 | } -------------------------------------------------------------------------------- /Non-Modularized/EBS-Snapshot-Cost-Optimization/iam-role.tf: -------------------------------------------------------------------------------- 1 | resource "aws_iam_role" "role-for-cost-optimization" { 2 | name = "iam-role-${var.lambda-function-name}" 3 | assume_role_policy = file("${path.module}/iam-role.json") 4 | } -------------------------------------------------------------------------------- /Non-Modularized/EBS-Snapshot-Cost-Optimization/lambda.tf: -------------------------------------------------------------------------------- 1 | resource "aws_lambda_function" "cost-reporting-lambda" { 2 | filename = "python-code.zip" 3 | function_name = var.lambda-function-name 4 | role = aws_iam_role.role-for-cost-optimization.arn 5 | handler = "ebs_snapshot_cost_optimization.lambda_handler" 6 | timeout = 10 7 | memory_size = 128 8 | runtime = "python3.10" 9 | source_code_hash = filebase64sha256("ebs_snapshot_cost_optimization.zip") 10 | } -------------------------------------------------------------------------------- /Non-Modularized/EBS-Snapshot-Cost-Optimization/variables.tf: -------------------------------------------------------------------------------- 1 | variable "lambda-function-name" { 2 | default = "EBS-Snapshot-Cost-Optimization-lambda" 3 | } -------------------------------------------------------------------------------- /Non-Modularized/EC2-Instance-With-SG/backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "s3" { 3 | bucket = "my-ews-baket1" 4 | region = "us-east-1" 5 | key = "Non-Modularized/Ec2-Instance-With-SG/terraform.tfstate" 6 | dynamodb_table = "Lock-Files" 7 | encrypt = true 8 | } 9 | required_version = ">=0.13.0" 10 | required_providers { 11 | aws = { 12 | version = ">= 2.7.0" 13 | source = "hashicorp/aws" 14 | } 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /Non-Modularized/EC2-Instance/backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "s3" { 3 | bucket = "my-ews-baket1" 4 | region = "us-east-1" 5 | key = "Non-Modularized/EC2-Instance/terraform.tfstate" 6 | dynamodb_table = "Lock-Files" 7 | encrypt = true 8 | } 9 | required_version = ">=0.13.0" 10 | required_providers { 11 | aws = { 12 | version = ">= 2.7.0" 13 | source = "hashicorp/aws" 14 | } 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /Non-Modularized/EC2-Instance/iam-policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "sns:*", 8 | "cloudwatch:*", 9 | "logs:*", 10 | "iam:GetPolicy", 11 | "iam:GetPolicyVersion", 12 | "iam:GetRole" 13 | ], 14 | "Resource": "*" 15 | } 16 | ] 17 | } -------------------------------------------------------------------------------- /Non-Modularized/EC2-Instance/iam-policy.tf: -------------------------------------------------------------------------------- 1 | resource "aws_iam_role_policy" "iam-policy" { 2 | name = "AWS-Lambda-Role-S3-New" 3 | role = aws_iam_role.iam-role.id 4 | policy = file("${path.module}/iam-policy.json") 5 | } -------------------------------------------------------------------------------- /Non-Modularized/EC2-Instance/iam-role.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Principal": { 7 | "Service": "lambda.amazonaws.com" 8 | }, 9 | "Action": "sts:AssumeRole" 10 | } 11 | ] 12 | } -------------------------------------------------------------------------------- /Non-Modularized/EC2-Instance/iam-role.tf: -------------------------------------------------------------------------------- 1 | resource "aws_iam_role" "iam-role" { 2 | name = "role-for-ec2" 3 | assume_role_policy = file("${path.module}/iam-role.json") 4 | } -------------------------------------------------------------------------------- /Non-Modularized/EC2-Instance/main.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "us-east-1" 3 | } 4 | 5 | resource "aws_instance" "ec2" { 6 | ami = "ami-007855ac798b5175e" 7 | instance_type = "t2.micro" 8 | tags = { 9 | name = "Aman-EC2" 10 | } 11 | key_name = "AmanPathak" 12 | 13 | metadata_options { 14 | http_tokens = "required" 15 | } 16 | 17 | 18 | root_block_device { 19 | volume_type = "gp2" 20 | delete_on_termination = true 21 | encrypted = true 22 | } 23 | } -------------------------------------------------------------------------------- /Non-Modularized/EC2-Snapshot/Modules/backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "s3" { 3 | bucket = "my-ews-baket1" 4 | region = "us-east-1" 5 | key = "Non-Modularized/EC2-Snapshot/terraform.tfstate" 6 | dynamodb_table = "Lock-Files" 7 | encrypt = true 8 | } 9 | required_version = ">=0.13.0" 10 | required_providers { 11 | aws = { 12 | version = ">= 2.7.0" 13 | source = "hashicorp/aws" 14 | } 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /Non-Modularized/EC2-Snapshot/Modules/main.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "us-east-1" 3 | } 4 | 5 | module "EBS" { 6 | source = "../Resources/" 7 | } -------------------------------------------------------------------------------- /Non-Modularized/EC2-Snapshot/Resources/ebs-attachment.tf: -------------------------------------------------------------------------------- 1 | resource "aws_volume_attachment" "volume-attachment" { 2 | device_name = "/dev/sdh" 3 | volume_id = aws_ebs_volume.volume.id 4 | instance_id = aws_instance.EC2.id 5 | } 6 | 7 | 8 | -------------------------------------------------------------------------------- /Non-Modularized/EC2-Snapshot/Resources/ebs-snapshot.tf: -------------------------------------------------------------------------------- 1 | resource "aws_ebs_snapshot" "ebs-snapshot" { 2 | volume_id = aws_ebs_volume.volume.id 3 | 4 | tags = { 5 | Name = "ebs-snapshot" 6 | } 7 | } -------------------------------------------------------------------------------- /Non-Modularized/EC2-Snapshot/Resources/ebs-volume.tf: -------------------------------------------------------------------------------- 1 | resource "aws_ebs_volume" "volume" { 2 | availability_zone = "us-east-1a" 3 | size = 30 4 | } -------------------------------------------------------------------------------- /Non-Modularized/EC2-Snapshot/Resources/instance.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "EC2" { 2 | ami = "ami-09d56f8956ab235b3" 3 | instance_type = "t2.micro" 4 | key_name = "Aman-Pathak" 5 | subnet_id = aws_subnet.Public-Subnet1.id 6 | security_groups = [aws_security_group.SG.id] 7 | user_data = <<-EOF 8 | #!/bin/bash 9 | apt update 10 | apt upgrade 11 | apt-get -y install net-tools nginx 12 | cd /var/www/html 13 | wget https://www.tooplate.com/zip-templates/2106_soft_landing.zip 14 | apt install unzip 15 | unzip 2106_soft_landing.zip 16 | rm -rf 2106_soft_landing.zip index.nginx-debian.html 17 | cd 2106_soft_landing/ 18 | mv index.html css fonts images js ../ 19 | rm -rf 2106_soft_landing/ 20 | EOF 21 | availability_zone = "us-east-1a" 22 | tags = { 23 | Name = "EC2" 24 | } 25 | } -------------------------------------------------------------------------------- /Non-Modularized/EC2-Snapshot/Resources/security-group.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "SG" { 2 | name = "SG" 3 | vpc_id = aws_vpc.vpc.id 4 | ingress { 5 | from_port = 22 6 | to_port = 80 7 | protocol = "tcp" 8 | cidr_blocks = ["0.0.0.0/0"] 9 | } 10 | egress { 11 | from_port = 0 12 | to_port = 0 13 | protocol = "-1" 14 | cidr_blocks = ["0.0.0.0/0"] 15 | } 16 | } -------------------------------------------------------------------------------- /Non-Modularized/EC2-Snapshot/Resources/vpc.tf: -------------------------------------------------------------------------------- 1 | resource "aws_vpc" "vpc" { 2 | cidr_block = "10.0.0.0/16" 3 | enable_dns_hostnames = true 4 | 5 | tags = { 6 | Name = "vpc" 7 | } 8 | } 9 | 10 | resource "aws_subnet" "Public-Subnet1" { 11 | vpc_id = aws_vpc.vpc.id 12 | availability_zone = "us-east-1a" 13 | cidr_block = "10.0.1.0/24" 14 | map_public_ip_on_launch = true 15 | tags = { 16 | Name = "Public-Subnet1" 17 | } 18 | } 19 | 20 | 21 | resource "aws_internet_gateway" "IG" { 22 | vpc_id = aws_vpc.vpc.id 23 | 24 | tags = { 25 | Name = "IG" 26 | } 27 | } 28 | 29 | resource "aws_route_table" "RT" { 30 | vpc_id = aws_vpc.vpc.id 31 | route { 32 | gateway_id = aws_internet_gateway.IG.id 33 | cidr_block = "0.0.0.0/0" 34 | } 35 | } 36 | 37 | resource "aws_route_table_association" "RT-Association1" { 38 | subnet_id = aws_subnet.Public-Subnet1.id 39 | route_table_id = aws_route_table.RT.id 40 | } 41 | -------------------------------------------------------------------------------- /Non-Modularized/ECS-Fargate/Load-Balancer.tf: -------------------------------------------------------------------------------- 1 | resource "aws_lb" "LB" { 2 | name = "Main-LB" 3 | internal = false 4 | load_balancer_type = "application" 5 | security_groups = [aws_security_group.SG.id] 6 | subnets = [aws_subnet.subnet1.id, aws_subnet.subnet2.id] 7 | 8 | tags = { 9 | Name = "Main-LB" 10 | } 11 | } 12 | 13 | resource "aws_alb_listener" "Listener" { 14 | load_balancer_arn = aws_lb.LB.id 15 | port = "80" 16 | protocol = "HTTP" 17 | 18 | default_action { 19 | target_group_arn = aws_lb_target_group.TG.id 20 | type = "forward" 21 | } 22 | } -------------------------------------------------------------------------------- /Non-Modularized/ECS-Fargate/Security-Group.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "SG" { 2 | name = "Main-SG" 3 | description = "Allow Port 80" 4 | vpc_id = aws_vpc.vpc.id 5 | 6 | ingress { 7 | from_port = 80 8 | to_port = 80 9 | protocol = "tcp" 10 | cidr_blocks = ["0.0.0.0/0"] 11 | } 12 | 13 | egress { 14 | from_port = 0 15 | to_port = 0 16 | protocol = "-1" 17 | cidr_blocks = ["0.0.0.0/0"] 18 | } 19 | 20 | tags = { 21 | Name = "Main-SG" 22 | } 23 | } -------------------------------------------------------------------------------- /Non-Modularized/ECS-Fargate/Target-Group.tf: -------------------------------------------------------------------------------- 1 | resource "aws_lb_target_group" "TG" { 2 | name = "Main-TG" 3 | port = "80" 4 | protocol = "HTTP" 5 | target_type = "ip" 6 | vpc_id = aws_vpc.vpc.id 7 | 8 | tags = { 9 | Name = "Main-TG" 10 | } 11 | } -------------------------------------------------------------------------------- /Non-Modularized/ECS-Fargate/backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "s3" { 3 | bucket = "my-ews-baket1" 4 | region = "us-east-1" 5 | key = "Non-Modularized/ECS-Fargate/terraform.tfstate" 6 | dynamodb_table = "Lock-Files" 7 | encrypt = true 8 | } 9 | required_version = ">=0.13.0" 10 | required_providers { 11 | aws = { 12 | version = ">= 2.7.0" 13 | source = "hashicorp/aws" 14 | } 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /Non-Modularized/ECS-Fargate/ecs-cluster.tf: -------------------------------------------------------------------------------- 1 | resource "aws_ecs_cluster" "ECS" { 2 | name = "Main-Cluster" 3 | 4 | tags = { 5 | Name = "Main-Cluster" 6 | } 7 | } -------------------------------------------------------------------------------- /Non-Modularized/ECS-Fargate/ecs-service.tf: -------------------------------------------------------------------------------- 1 | resource "aws_ecs_service" "ECS-Service" { 2 | name = "First-Service" 3 | launch_type = "FARGATE" 4 | platform_version = "LATEST" 5 | cluster = aws_ecs_cluster.ECS.id 6 | task_definition = aws_ecs_task_definition.TD.arn 7 | scheduling_strategy = "REPLICA" 8 | desired_count = 2 9 | deployment_minimum_healthy_percent = 100 10 | deployment_maximum_percent = 200 11 | depends_on = [aws_alb_listener.Listener, aws_iam_role.iam-role] 12 | 13 | 14 | load_balancer { 15 | target_group_arn = aws_lb_target_group.TG.arn 16 | container_name = "main-container" 17 | container_port = 80 18 | } 19 | 20 | 21 | network_configuration { 22 | assign_public_ip = true 23 | security_groups = [aws_security_group.SG.id] 24 | subnets = [aws_subnet.subnet1.id, aws_subnet.subnet2.id] 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /Non-Modularized/ECS-Fargate/ecs-taskdefiniton.tf: -------------------------------------------------------------------------------- 1 | resource "aws_ecs_task_definition" "TD" { 2 | family = "Nginx-TD" 3 | requires_compatibilities = ["FARGATE"] 4 | execution_role_arn = aws_iam_role.iam-role.arn 5 | network_mode = "awsvpc" 6 | cpu = 1024 7 | memory = 2048 8 | container_definitions = jsonencode([ 9 | { 10 | name = "main-container" 11 | image = "728738226157.dkr.ecr.us-east-1.amazonaws.com/nginx-images" 12 | cpu = 1024 13 | memory = 2048 14 | essential = true 15 | portMappings = [ 16 | { 17 | containerPort = 80 18 | hostPort = 80 19 | } 20 | ] 21 | } 22 | ]) 23 | } 24 | 25 | 26 | data "aws_ecs_task_definition" "TD" { 27 | task_definition = aws_ecs_task_definition.TD.family 28 | } -------------------------------------------------------------------------------- /Non-Modularized/ECS-Fargate/iam-policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "ecr:GetAuthorizationToken", 8 | "ecr:BatchCheckLayerAvailability", 9 | "ecr:GetDownloadUrlForLayer", 10 | "ecr:BatchGetImage", 11 | "logs:CreateLogStream", 12 | "logs:PutLogEvents" 13 | ], 14 | "Resource": "*" 15 | } 16 | ] 17 | } -------------------------------------------------------------------------------- /Non-Modularized/ECS-Fargate/iam-policy.tf: -------------------------------------------------------------------------------- 1 | resource "aws_iam_role_policy" "iam-policy" { 2 | name = "AWS-ECS-Execution-Role" 3 | role = aws_iam_role.iam-role.id 4 | policy = file("${path.module}/iam-policy.json") 5 | } -------------------------------------------------------------------------------- /Non-Modularized/ECS-Fargate/iam-role.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2008-10-17", 3 | "Statement": [ 4 | { 5 | "Sid": "", 6 | "Effect": "Allow", 7 | "Principal": { 8 | "Service": "ecs-tasks.amazonaws.com" 9 | }, 10 | "Action": "sts:AssumeRole" 11 | } 12 | ] 13 | } -------------------------------------------------------------------------------- /Non-Modularized/ECS-Fargate/iam-role.tf: -------------------------------------------------------------------------------- 1 | resource "aws_iam_role" "iam-role" { 2 | name = "iam-role-ECS-Execution" 3 | assume_role_policy = file("${path.module}/iam-role.json") 4 | } 5 | -------------------------------------------------------------------------------- /Non-Modularized/ECS-Fargate/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "us-east-1" 3 | } -------------------------------------------------------------------------------- /Non-Modularized/ECS-Fargate/vpc.tf: -------------------------------------------------------------------------------- 1 | resource "aws_vpc" "vpc" { 2 | cidr_block = "10.0.0.0/16" 3 | 4 | tags = { 5 | Name = "Main-VPC" 6 | } 7 | } 8 | 9 | resource "aws_subnet" "subnet1" { 10 | vpc_id = aws_vpc.vpc.id 11 | cidr_block = "10.0.1.0/24" 12 | map_public_ip_on_launch = true 13 | availability_zone = "us-east-1a" 14 | 15 | tags = { 16 | Name = "Main-Subnet1" 17 | } 18 | } 19 | 20 | 21 | resource "aws_subnet" "subnet2" { 22 | vpc_id = aws_vpc.vpc.id 23 | cidr_block = "10.0.2.0/24" 24 | map_public_ip_on_launch = true 25 | availability_zone = "us-east-1b" 26 | 27 | tags = { 28 | Name = "Main-Subnet2" 29 | } 30 | } 31 | 32 | resource "aws_internet_gateway" "IG" { 33 | vpc_id = aws_vpc.vpc.id 34 | 35 | tags = { 36 | Name = "Main-Internet-Gateway" 37 | } 38 | } 39 | 40 | 41 | resource "aws_route_table" "RT" { 42 | vpc_id = aws_vpc.vpc.id 43 | route { 44 | cidr_block = "0.0.0.0/0" 45 | gateway_id = aws_internet_gateway.IG.id 46 | } 47 | } 48 | 49 | 50 | resource "aws_route_table_association" "RTA1" { 51 | subnet_id = aws_subnet.subnet1.id 52 | route_table_id = aws_route_table.RT.id 53 | } 54 | 55 | 56 | resource "aws_route_table_association" "RTA2" { 57 | subnet_id = aws_subnet.subnet2.id 58 | route_table_id = aws_route_table.RT.id 59 | } 60 | 61 | -------------------------------------------------------------------------------- /Non-Modularized/Health-Check/EC2-Instance.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "EC2" { 2 | ami = "ami-04505e74c0741db8d" 3 | instance_type = "t2.micro" 4 | count = 2 5 | key_name = "Pathak-SahaB" 6 | vpc_security_group_ids = [aws_security_group.Security-Group.id] 7 | user_data = <<-EOF 8 | #!/bin/bash 9 | sudo apt update 10 | sudo apt install openjdk-1-jdk 11 | sudo useradd -m -U -d /opt/tomcat -s /bin/false tomcat 12 | wget https://www-eu.apache.org/dist/tomcat/tomcat-9/v${VERSION}/bin/apache-tomcat-${VERSION}.tar.gz -P /tmp 13 | wget https://www-eu.apache.org/dist/tomcat/tomcat-9/v${VERSION}/bin/apache-tomcat-${VERSION}.tar.gz -P /tmp 14 | sudo tar -xf /tmp/apache-tomcat-${VERSION}.tar.gz -C /opt/tomcat/ 15 | sudo ln -s /opt/tomcat/apache-tomcat-${VERSION} /opt/tomcat/latest 16 | sudo chown -R tomcat: /opt/tomcat 17 | EOF 18 | 19 | } -------------------------------------------------------------------------------- /Non-Modularized/Health-Check/Internet-Gateway.tf: -------------------------------------------------------------------------------- 1 | resource "aws_internet_gateway" "IG" { 2 | vpc_id = aws_vpc.vpc.id 3 | 4 | tags = { 5 | Name = "Aman-IG" 6 | } 7 | } -------------------------------------------------------------------------------- /Non-Modularized/Health-Check/Route-Table-Association.tf: -------------------------------------------------------------------------------- 1 | resource "aws_route_table_association" "RT-Association1" { 2 | subnet_id = aws_subnet.subnet1.id 3 | route_table_id = aws_route_table.RT.id 4 | } 5 | 6 | resource "aws_route_table_association" "RT-Association2" { 7 | subnet_id = aws_subnet.subnet2.id 8 | route_table_id = aws_route_table.RT 9 | } -------------------------------------------------------------------------------- /Non-Modularized/Health-Check/Route-Table.tf: -------------------------------------------------------------------------------- 1 | resource "aws_route_table" "RT" { 2 | vpc_id = aws_vpc.vpc.id 3 | route { 4 | cidr_block = "0.0.0.0/0" 5 | gateway_id = aws_internet_gateway.IG.id 6 | } 7 | } -------------------------------------------------------------------------------- /Non-Modularized/Health-Check/Target-Group.tf: -------------------------------------------------------------------------------- 1 | resource "aws_lb_target_group" "TG" { 2 | health_check { 3 | interval = 10 4 | path = "/" 5 | protocol = "HTTP" 6 | timeout = 5 7 | healthy_threshold = 5 8 | unhealthy_threshold = 2 9 | } 10 | name = "Aman-TG" 11 | port = 8080 12 | protocol = "tcp" 13 | vpc_id = aws_vpc.vpc.id 14 | 15 | tags = { 16 | Name = "Aman-TG" 17 | } 18 | } -------------------------------------------------------------------------------- /Non-Modularized/Health-Check/VPC.tf: -------------------------------------------------------------------------------- 1 | resource "aws_vpc" "vpc" { 2 | cidr_block = "10.0.0.0/16" 3 | enable_dns_hostnames = true 4 | tags = { 5 | Name = "Aman-VPC" 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /Non-Modularized/Health-Check/backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "s3" { 3 | bucket = "my-ews-baket1" 4 | region = "us-east-1" 5 | key = "Non-Modularized/Health-Check/terraform.tfstate" 6 | dynamodb_table = "Lock-Files" 7 | encrypt = true 8 | } 9 | required_version = ">=0.13.0" 10 | required_providers { 11 | aws = { 12 | version = ">= 2.7.0" 13 | source = "hashicorp/aws" 14 | } 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /Non-Modularized/Health-Check/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "us-east-1" 3 | } 4 | -------------------------------------------------------------------------------- /Non-Modularized/Health-Check/security-group.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "Security-Group" { 2 | vpc_id = aws_vpc.vpc.id 3 | 4 | ingress { 5 | from_port = 8080 6 | to_port = 8080 7 | protocol = "tcp" 8 | cidr_blocks = ["0.0.0.0/0"] 9 | } 10 | 11 | egress { 12 | from_port = 0 13 | to_port = 0 14 | protocol = "tcp" 15 | cidr_blocks = ["0.0.0.0/16"] 16 | ipv6_cidr_blocks = ["::/0"] 17 | } 18 | 19 | tags = { 20 | Name = "Aman-SG" 21 | } 22 | } -------------------------------------------------------------------------------- /Non-Modularized/Health-Check/subnet.tf: -------------------------------------------------------------------------------- 1 | resource "aws_subnet" "subnet1" { 2 | cidr_block = "10.0.1.0/24" 3 | map_public_ip_on_launch = true 4 | vpc_id = aws_vpc.vpc.id 5 | 6 | tags = { 7 | Name = "Subnet-1" 8 | } 9 | } 10 | 11 | resource "aws_subnet" "subnet2" { 12 | cidr_block = "10.0.2.0/24" 13 | map_public_ip_on_launch = true 14 | vpc_id = aws_vpc.vpc.id 15 | 16 | tags = { 17 | Name = "Subnet-2" 18 | } 19 | } -------------------------------------------------------------------------------- /Non-Modularized/Image-Recognistion-using-Amazon-Rekognition/ImageRekognition.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AmanPathak-DevOps/Terraform-for-AWS/2376bd4bdae9dcfe64ca01333b8c84f947c168e1/Non-Modularized/Image-Recognistion-using-Amazon-Rekognition/ImageRekognition.zip -------------------------------------------------------------------------------- /Non-Modularized/Image-Recognistion-using-Amazon-Rekognition/assets/AmazonRekognition.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AmanPathak-DevOps/Terraform-for-AWS/2376bd4bdae9dcfe64ca01333b8c84f947c168e1/Non-Modularized/Image-Recognistion-using-Amazon-Rekognition/assets/AmazonRekognition.gif -------------------------------------------------------------------------------- /Non-Modularized/Image-Recognistion-using-Amazon-Rekognition/backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "s3" { 3 | bucket = "my-ews-baket1" 4 | region = "us-east-1" 5 | key = "Non-Modularized/Lambda-S3-Trigger-With-SNS-Topic/terraform.tfstate" 6 | dynamodb_table = "Lock-Files" 7 | encrypt = true 8 | } 9 | required_version = ">=0.13.0" 10 | required_providers { 11 | aws = { 12 | version = ">= 2.7.0" 13 | source = "hashicorp/aws" 14 | } 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /Non-Modularized/Image-Recognistion-using-Amazon-Rekognition/iam-policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "logs:CreateLogStream", 8 | "logs:CreateLogGroup", 9 | "logs:PutLogEvents", 10 | "rekognition:*", 11 | "s3:*", 12 | "s3-object-lambda:*", 13 | "sns:*" 14 | ], 15 | "Resource": "*" 16 | } 17 | ] 18 | } -------------------------------------------------------------------------------- /Non-Modularized/Image-Recognistion-using-Amazon-Rekognition/iam-policy.tf: -------------------------------------------------------------------------------- 1 | resource "aws_iam_role_policy" "policy-for-image-rekognition" { 2 | name = "iam-policy-${var.lambda-function-name}" 3 | role = aws_iam_role.role-for-image-rekognition.id 4 | policy = file("${path.module}/iam-policy.json") 5 | } -------------------------------------------------------------------------------- /Non-Modularized/Image-Recognistion-using-Amazon-Rekognition/iam-role.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Action": "sts:AssumeRole", 6 | "Principal": { 7 | "Service": "lambda.amazonaws.com" 8 | }, 9 | "Effect": "Allow", 10 | "Sid": "" 11 | } 12 | ] 13 | } -------------------------------------------------------------------------------- /Non-Modularized/Image-Recognistion-using-Amazon-Rekognition/iam-roles.tf: -------------------------------------------------------------------------------- 1 | resource "aws_iam_role" "role-for-image-rekognition" { 2 | name = "iam-role-${var.lambda-function-name}" 3 | assume_role_policy = file("${path.module}/iam-role.json") 4 | } -------------------------------------------------------------------------------- /Non-Modularized/Image-Recognistion-using-Amazon-Rekognition/lambda-function.tf: -------------------------------------------------------------------------------- 1 | resource "aws_lambda_function" "image-rekognition-lambda" { 2 | filename = "ImageRekognition.zip" 3 | function_name = var.lambda-function-name 4 | role = aws_iam_role.role-for-image-rekognition.arn 5 | handler = "ImageRekognition.lambda_handler" 6 | runtime = "python3.9" 7 | timeout = 10 8 | memory_size = 128 9 | source_code_hash = filebase64sha256("ImageRekognition.zip") 10 | environment { 11 | variables = { 12 | BUCKET_NAME = aws_s3_bucket.image-need-to-compare.id 13 | SNS_TOPIC_ARN = aws_sns_topic.image-rekognition-sns.arn 14 | } 15 | } 16 | } 17 | 18 | resource "aws_lambda_permission" "image-rekognition-lambda-permission" { 19 | statement_id = "AllowS3Invoke" 20 | action = "lambda:InvokeFunction" 21 | function_name = aws_lambda_function.image-rekognition-lambda.id 22 | principal = "s3.amazonaws.com" 23 | source_arn = "arn:aws:s3:::${aws_s3_bucket.image-need-to-compare.id}" 24 | } 25 | 26 | resource "aws_s3_bucket_notification" "bucket_notification" { 27 | bucket = aws_s3_bucket.image-need-to-compare.id 28 | 29 | lambda_function { 30 | lambda_function_arn = aws_lambda_function.image-rekognition-lambda.arn 31 | events = ["s3:ObjectCreated:*"] 32 | filter_prefix = "" 33 | filter_suffix = "" 34 | } 35 | 36 | depends_on = [aws_lambda_permission.image-rekognition-lambda-permission] 37 | } -------------------------------------------------------------------------------- /Non-Modularized/Image-Recognistion-using-Amazon-Rekognition/s3-bucket.tf: -------------------------------------------------------------------------------- 1 | # Creating bucket to store the images and will trigger the lambda function to compare the stores images 2 | resource "aws_s3_bucket" "image-need-to-compare" { 3 | bucket = var.s3-bucket-lambda-code 4 | lifecycle { 5 | prevent_destroy = false 6 | } 7 | 8 | force_destroy = true 9 | } -------------------------------------------------------------------------------- /Non-Modularized/Image-Recognistion-using-Amazon-Rekognition/sns-topic.tf: -------------------------------------------------------------------------------- 1 | resource "aws_sns_topic" "image-rekognition-sns" { 2 | name = var.sns-name 3 | } 4 | 5 | resource "aws_sns_topic_subscription" "image-rekognition-sns-subscription" { 6 | topic_arn = aws_sns_topic.image-rekognition-sns.arn 7 | protocol = "email" 8 | endpoint = var.mail-id 9 | } -------------------------------------------------------------------------------- /Non-Modularized/Image-Recognistion-using-Amazon-Rekognition/variables.tf: -------------------------------------------------------------------------------- 1 | variable "s3-bucket-lambda-code" { 2 | default = "image-rekognition125865" 3 | type = string 4 | } 5 | 6 | variable "lambda-function-name" { 7 | default = "Image-Rekognition-Lambda" 8 | type = string 9 | } 10 | 11 | variable "sns-name" { 12 | default = "image-rekognition-SNS-Topic" 13 | type = string 14 | } 15 | 16 | variable "mail-id" { 17 | default = "mailid@gmail.com" 18 | type = string 19 | } -------------------------------------------------------------------------------- /Non-Modularized/Lambda-Function/backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "s3" { 3 | bucket = "my-ews-baket1" 4 | region = "us-east-1" 5 | key = "Non-Modularized/Lambda-Function/terraform.tfstate" 6 | dynamodb_table = "Lock-Files" 7 | encrypt = true 8 | } 9 | required_version = ">=0.13.0" 10 | required_providers { 11 | aws = { 12 | version = ">= 2.7.0" 13 | source = "hashicorp/aws" 14 | } 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /Non-Modularized/Lambda-Function/code/hello.py: -------------------------------------------------------------------------------- 1 | import json 2 | 3 | print('Loading function') 4 | 5 | 6 | def lambda_handler(event, context): 7 | #print("Received event: " + json.dumps(event, indent=2)) 8 | print("value1 = " + event['key1']) 9 | print("value2 = " + event['key2']) 10 | print("value3 = " + event['key3']) 11 | return event['key1'] # Echo back the first key value 12 | #raise Exception('Something went wrong') -------------------------------------------------------------------------------- /Non-Modularized/Lambda-Function/code/hello.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AmanPathak-DevOps/Terraform-for-AWS/2376bd4bdae9dcfe64ca01333b8c84f947c168e1/Non-Modularized/Lambda-Function/code/hello.zip -------------------------------------------------------------------------------- /Non-Modularized/Lambda-Function/data-archiving.tf: -------------------------------------------------------------------------------- 1 | data "archive_file" "zip-python-code" { 2 | type = "zip" 3 | source_dir = "${path.module}/code/" 4 | output_path = "${path.module}/code/hello.zip" 5 | } -------------------------------------------------------------------------------- /Non-Modularized/Lambda-Function/iampolicy.tf: -------------------------------------------------------------------------------- 1 | resource "aws_iam_role_policy" "iam-policy-aman" { 2 | name = "iam-policy-aman" 3 | role = aws_iam_role.lambda-aman-role2.id 4 | policy = file("${path.module}/lambda_policy.json") 5 | } -------------------------------------------------------------------------------- /Non-Modularized/Lambda-Function/iamrole.tf: -------------------------------------------------------------------------------- 1 | resource "aws_iam_role" "lambda-aman-role2" { 2 | name = "lambda-aman-role2" 3 | assume_role_policy = file("${path.module}/lambda_role.json") 4 | } 5 | -------------------------------------------------------------------------------- /Non-Modularized/Lambda-Function/lambda_function.tf: -------------------------------------------------------------------------------- 1 | resource "aws_lambda_function" "lambda-python2" { 2 | filename = "${path.module}/code/hello.zip" 3 | function_name = "lambda-python2" 4 | role = aws_iam_role.lambda-aman-role2.arn 5 | handler = "hello.lambda_handler" 6 | runtime = "python3.9" 7 | } -------------------------------------------------------------------------------- /Non-Modularized/Lambda-Function/lambda_policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Action": [ 6 | "logs:CreateLogGroup", 7 | "logs:CreateLogStream", 8 | "logs:PutLogEvents" 9 | ], 10 | "Resource": "arn:aws:logs:*:*:*", 11 | "Effect": "Allow" 12 | } 13 | ] 14 | } -------------------------------------------------------------------------------- /Non-Modularized/Lambda-Function/lambda_role.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Action": "sts:AssumeRole", 6 | "Principal": { 7 | "Service": "lambda.amazonaws.com" 8 | }, 9 | "Effect": "Allow", 10 | "Sid": "" 11 | } 12 | ] 13 | } -------------------------------------------------------------------------------- /Non-Modularized/Lambda-Function/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "us-east-1" 3 | } 4 | -------------------------------------------------------------------------------- /Non-Modularized/Module-S3-Bucket/backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "s3" { 3 | bucket = "my-ews-baket1" 4 | region = "us-east-1" 5 | key = "Non-Modularized/Module-S3-Bucket/terraform.tfstate" 6 | dynamodb_table = "Lock-Files" 7 | encrypt = true 8 | } 9 | required_version = ">=0.13.0" 10 | required_providers { 11 | aws = { 12 | version = ">= 2.7.0" 13 | source = "hashicorp/aws" 14 | } 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /Non-Modularized/Module-S3-Bucket/main.tf: -------------------------------------------------------------------------------- 1 | module "s3-bucket_example_complete" { 2 | source = "terraform-aws-modules/s3-bucket/aws//examples/complete" 3 | version = "3.6.0" 4 | } -------------------------------------------------------------------------------- /Non-Modularized/Module-S3-Bucket/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "us-east-1" 3 | } -------------------------------------------------------------------------------- /Non-Modularized/Module-VPC/backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "s3" { 3 | bucket = "my-ews-baket1" 4 | region = "us-east-1" 5 | key = "Non-Modularized/Module-VPC/terraform.tfstate" 6 | dynamodb_table = "Lock-Files" 7 | encrypt = true 8 | } 9 | required_version = ">=0.13.0" 10 | required_providers { 11 | aws = { 12 | version = ">= 2.7.0" 13 | source = "hashicorp/aws" 14 | } 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /Non-Modularized/Module-VPC/main.tf: -------------------------------------------------------------------------------- 1 | module "vpc_example_complete-vpc" { 2 | source = "terraform-aws-modules/vpc/aws//examples/complete-vpc" 3 | version = "3.18.1" 4 | } -------------------------------------------------------------------------------- /Non-Modularized/Module-VPC/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "us-east-1" 3 | } -------------------------------------------------------------------------------- /Non-Modularized/Modules-EC2/EC2/backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "s3" { 3 | bucket = "my-ews-baket1" 4 | region = "us-east-1" 5 | key = "Non-Modularized/Modules-EC2/terraform.tfstate" 6 | dynamodb_table = "Lock-Files" 7 | encrypt = true 8 | } 9 | required_version = ">=0.13.0" 10 | required_providers { 11 | aws = { 12 | version = ">= 2.7.0" 13 | source = "hashicorp/aws" 14 | } 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /Non-Modularized/Modules-EC2/EC2/main.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "us-east-1" 3 | } 4 | 5 | module "Instance-Creation" { 6 | source = "../EC2/" 7 | } -------------------------------------------------------------------------------- /Non-Modularized/Modules-EC2/Module/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.12" 3 | } 4 | resource "aws_instance" "EC2" { 5 | ami = var.ami 6 | instance_type = "t2.micro" 7 | key_name = var.key 8 | subnet_id = aws_subnet.subnet.id 9 | tags = { 10 | Name = "Aman-EC2" 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /Non-Modularized/Modules-EC2/Module/subnet.tf: -------------------------------------------------------------------------------- 1 | resource "aws_subnet" "subnet" { 2 | vpc_id = aws_vpc.vpc.id 3 | cidr_block = var.subnet_cidr_block 4 | availability_zone = "us-east-1a" 5 | map_public_ip_on_launch = true 6 | tags = { 7 | Name = "Aman-Subnet" 8 | } 9 | } -------------------------------------------------------------------------------- /Non-Modularized/Modules-EC2/Module/variables.tf: -------------------------------------------------------------------------------- 1 | variable "ami" { 2 | type = string 3 | default = "ami-0f9fc25dd2506cf6d" 4 | } 5 | variable "key" { 6 | type = string 7 | default = "Pathak-SahaB" 8 | } 9 | variable "cidr_block" { 10 | type = string 11 | default = "10.0.0.0/16" 12 | } 13 | variable "subnet_cidr_block" { 14 | type = string 15 | default = "10.0.1.0/24" 16 | } 17 | -------------------------------------------------------------------------------- /Non-Modularized/Modules-EC2/Module/vpc.tf: -------------------------------------------------------------------------------- 1 | resource "aws_vpc" "vpc" { 2 | cidr_block = var.cidr_block 3 | enable_dns_hostnames = true 4 | tags = { 5 | Name = "Aman-VPC" 6 | } 7 | } -------------------------------------------------------------------------------- /Non-Modularized/Resize-Image-Using-LambdaFunction-S3-SNS/CreateThumbnail.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AmanPathak-DevOps/Terraform-for-AWS/2376bd4bdae9dcfe64ca01333b8c84f947c168e1/Non-Modularized/Resize-Image-Using-LambdaFunction-S3-SNS/CreateThumbnail.zip -------------------------------------------------------------------------------- /Non-Modularized/Resize-Image-Using-LambdaFunction-S3-SNS/assets/AWS-Infra.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AmanPathak-DevOps/Terraform-for-AWS/2376bd4bdae9dcfe64ca01333b8c84f947c168e1/Non-Modularized/Resize-Image-Using-LambdaFunction-S3-SNS/assets/AWS-Infra.gif -------------------------------------------------------------------------------- /Non-Modularized/Resize-Image-Using-LambdaFunction-S3-SNS/backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "s3" { 3 | bucket = "my-ews-baket1" 4 | region = "us-east-1" 5 | key = "Non-Modularized/Lambda-Trigger-With-S3/terraform.tfstate" 6 | dynamodb_table = "Lock-Files" 7 | encrypt = true 8 | } 9 | required_version = ">=0.13.0" 10 | required_providers { 11 | aws = { 12 | version = ">= 2.7.0" 13 | source = "hashicorp/aws" 14 | } 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /Non-Modularized/Resize-Image-Using-LambdaFunction-S3-SNS/iampolicy.tf: -------------------------------------------------------------------------------- 1 | resource "aws_iam_role_policy" "iam-policy" { 2 | name = "lambda-policy-Resize-Image" 3 | role = aws_iam_role.lambda-role.id 4 | policy = file("${path.module}/lambda_policy.json") 5 | } 6 | 7 | -------------------------------------------------------------------------------- /Non-Modularized/Resize-Image-Using-LambdaFunction-S3-SNS/iamrole.tf: -------------------------------------------------------------------------------- 1 | resource "aws_iam_role" "lambda-role" { 2 | name = "lambda-role-Resize-Image" 3 | assume_role_policy = file("${path.module}/lambda_role.json") 4 | } 5 | -------------------------------------------------------------------------------- /Non-Modularized/Resize-Image-Using-LambdaFunction-S3-SNS/lambda-function.tf: -------------------------------------------------------------------------------- 1 | resource "aws_lambda_function" "resize-lambda-function" { 2 | filename = "CreateThumbnail.zip" 3 | function_name = "Image-Resizing-Lambda" 4 | role = aws_iam_role.lambda-role.arn 5 | layers = ["arn:aws:lambda:us-east-1:770693421928:layer:Klayers-p39-pillow:1"] 6 | handler = "CreateThumbnail.handler" 7 | runtime = "python3.9" 8 | timeout = 60 9 | memory_size = 256 10 | source_code_hash = base64sha256(filebase64sha256("CreateThumbnail.zip")) 11 | environment { 12 | variables = { 13 | Topic_Arn = aws_sns_topic.Resized-Image-SNS.arn 14 | S3_Bucket = aws_s3_bucket.image-resized.id 15 | } 16 | } 17 | } 18 | 19 | resource "aws_lambda_permission" "trigger-lambda" { 20 | statement_id = "AllowS3Invoke" 21 | action = "lambda:InvokeFunction" 22 | function_name = aws_lambda_function.resize-lambda-function.id 23 | principal = "s3.amazonaws.com" 24 | source_arn = "arn:aws:s3:::${aws_s3_bucket.image-need-to-resize.id}" 25 | } 26 | 27 | resource "aws_s3_bucket_notification" "bucket_notification" { 28 | bucket = aws_s3_bucket.image-need-to-resize.id 29 | 30 | lambda_function { 31 | lambda_function_arn = aws_lambda_function.resize-lambda-function.arn 32 | events = ["s3:ObjectCreated:*"] 33 | filter_prefix = "" 34 | filter_suffix = "" 35 | } 36 | 37 | depends_on = [aws_lambda_permission.trigger-lambda] 38 | } -------------------------------------------------------------------------------- /Non-Modularized/Resize-Image-Using-LambdaFunction-S3-SNS/lambda_policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "logs:CreateLogStream", 8 | "logs:CreateLogGroup", 9 | "logs:PutLogEvents", 10 | "s3:*", 11 | "s3-object-lambda:*", 12 | "sns:*" 13 | ], 14 | "Resource": "*" 15 | } 16 | ] 17 | } -------------------------------------------------------------------------------- /Non-Modularized/Resize-Image-Using-LambdaFunction-S3-SNS/lambda_role.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Action": "sts:AssumeRole", 6 | "Principal": { 7 | "Service": "lambda.amazonaws.com" 8 | }, 9 | "Effect": "Allow", 10 | "Sid": "" 11 | } 12 | ] 13 | } -------------------------------------------------------------------------------- /Non-Modularized/Resize-Image-Using-LambdaFunction-S3-SNS/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "us-east-1" 3 | } -------------------------------------------------------------------------------- /Non-Modularized/Resize-Image-Using-LambdaFunction-S3-SNS/s3-bucket.tf: -------------------------------------------------------------------------------- 1 | # Creating bucket to store the images and will trigger the lambda function to resize the store image 2 | resource "aws_s3_bucket" "image-need-to-resize" { 3 | bucket = var.s3-bucket-lambda-code 4 | lifecycle { 5 | prevent_destroy = false 6 | } 7 | 8 | force_destroy = true 9 | } 10 | # In above bucket, upload the Image yourself after doing apply for all the services 11 | 12 | 13 | # Creating bucekt to store the resized image after lambda function triggered 14 | resource "aws_s3_bucket" "image-resized" { 15 | bucket = var.s3-bucket-dest 16 | lifecycle { 17 | prevent_destroy = false 18 | } 19 | 20 | force_destroy = true 21 | } 22 | -------------------------------------------------------------------------------- /Non-Modularized/Resize-Image-Using-LambdaFunction-S3-SNS/sns.tf: -------------------------------------------------------------------------------- 1 | # Creating SNS Topic to notify the concerned person when the Image has been resized 2 | resource "aws_sns_topic" "Resized-Image-SNS" { 3 | name = var.sns-name 4 | } 5 | 6 | # Adding email endpoint to concerned person will get notification via email 7 | resource "aws_sns_topic_subscription" "Resized-Image-SNS-Subscription" { 8 | topic_arn = aws_sns_topic.Resized-Image-SNS.arn 9 | protocol = "email" 10 | endpoint = var.mail-id 11 | } -------------------------------------------------------------------------------- /Non-Modularized/Resize-Image-Using-LambdaFunction-S3-SNS/test-event.json: -------------------------------------------------------------------------------- 1 | { 2 | "Records": [ 3 | { 4 | "eventVersion": "2.0", 5 | "eventSource": "aws:s3", 6 | "awsRegion": "us-east-1", 7 | "eventTime": "1970-01-01T00:00:00.000Z", 8 | "eventName": "ObjectCreated:Put", 9 | "userIdentity": { 10 | "principalId": "EXAMPLE" 11 | }, 12 | "requestParameters": { 13 | "sourceIPAddress": "127.0.0.1" 14 | }, 15 | "responseElements": { 16 | "x-amz-request-id": "EXAMPLE123456789", 17 | "x-amz-id-2": "EXAMPLE123/5678abcdefghijklambdaisawesome/mnopqrstuvwxyzABCDEFGH" 18 | }, 19 | "s3": { 20 | "s3SchemaVersion": "1.0", 21 | "configurationId": "testConfigRule", 22 | "bucket": { 23 | "name": "non-resized-image158658", 24 | "ownerIdentity": { 25 | "principalId": "EXAMPLE" 26 | }, 27 | "arn": "arn:aws:s3:::non-resized-image158658" 28 | }, 29 | "object": { 30 | "key": "roshan-mohammed-O_jdx6EeZRA-unsplash.jpg", 31 | "size": 1024, 32 | "eTag": "0123456789abcdef0123456789abcdef", 33 | "sequencer": "0A1B2C3D4E5F678901" 34 | } 35 | } 36 | } 37 | ] 38 | } -------------------------------------------------------------------------------- /Non-Modularized/Resize-Image-Using-LambdaFunction-S3-SNS/variables.tf: -------------------------------------------------------------------------------- 1 | variable "s3-bucket-lambda-code" { 2 | default = "non-resized-image158658" 3 | type = string 4 | } 5 | 6 | variable "s3-bucket-dest" { 7 | default = "resized-images022055553" 8 | type = string 9 | } 10 | 11 | variable "sns-name" { 12 | default = "Resized-Image-SNS-Topic" 13 | type = string 14 | } 15 | 16 | variable "mail-id" { 17 | default = "mailid@gmail.com" 18 | type = string 19 | } -------------------------------------------------------------------------------- /Non-Modularized/S3-Static-Website/2109_the_card/ABOUT THIS TEMPLATE.txt: -------------------------------------------------------------------------------- 1 | Tooplate.com HTML Templates 2 | 3 | You can feel free to edit and use this template for any purpose (personal or business or commercial) of your website. You can modify text and images to suit your own website or client websites. 4 | 5 | You are NOT allowed to re-distribute our template file for any reason on your template sites or template collection sites. 6 | 7 | You can put a screenshot and a link back to our template page. That is helpful for us. 8 | 9 | THANK YOU -------------------------------------------------------------------------------- /Non-Modularized/S3-Static-Website/2109_the_card/img/01.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AmanPathak-DevOps/Terraform-for-AWS/2376bd4bdae9dcfe64ca01333b8c84f947c168e1/Non-Modularized/S3-Static-Website/2109_the_card/img/01.jpg -------------------------------------------------------------------------------- /Non-Modularized/S3-Static-Website/2109_the_card/img/02.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AmanPathak-DevOps/Terraform-for-AWS/2376bd4bdae9dcfe64ca01333b8c84f947c168e1/Non-Modularized/S3-Static-Website/2109_the_card/img/02.jpg -------------------------------------------------------------------------------- /Non-Modularized/S3-Static-Website/2109_the_card/img/03.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AmanPathak-DevOps/Terraform-for-AWS/2376bd4bdae9dcfe64ca01333b8c84f947c168e1/Non-Modularized/S3-Static-Website/2109_the_card/img/03.jpg -------------------------------------------------------------------------------- /Non-Modularized/S3-Static-Website/2109_the_card/img/04.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AmanPathak-DevOps/Terraform-for-AWS/2376bd4bdae9dcfe64ca01333b8c84f947c168e1/Non-Modularized/S3-Static-Website/2109_the_card/img/04.jpg -------------------------------------------------------------------------------- /Non-Modularized/S3-Static-Website/2109_the_card/img/05.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AmanPathak-DevOps/Terraform-for-AWS/2376bd4bdae9dcfe64ca01333b8c84f947c168e1/Non-Modularized/S3-Static-Website/2109_the_card/img/05.jpg -------------------------------------------------------------------------------- /Non-Modularized/S3-Static-Website/2109_the_card/img/06.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AmanPathak-DevOps/Terraform-for-AWS/2376bd4bdae9dcfe64ca01333b8c84f947c168e1/Non-Modularized/S3-Static-Website/2109_the_card/img/06.jpg -------------------------------------------------------------------------------- /Non-Modularized/S3-Static-Website/2109_the_card/img/07.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AmanPathak-DevOps/Terraform-for-AWS/2376bd4bdae9dcfe64ca01333b8c84f947c168e1/Non-Modularized/S3-Static-Website/2109_the_card/img/07.jpg -------------------------------------------------------------------------------- /Non-Modularized/S3-Static-Website/2109_the_card/img/08.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AmanPathak-DevOps/Terraform-for-AWS/2376bd4bdae9dcfe64ca01333b8c84f947c168e1/Non-Modularized/S3-Static-Website/2109_the_card/img/08.jpg -------------------------------------------------------------------------------- /Non-Modularized/S3-Static-Website/2109_the_card/img/09.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AmanPathak-DevOps/Terraform-for-AWS/2376bd4bdae9dcfe64ca01333b8c84f947c168e1/Non-Modularized/S3-Static-Website/2109_the_card/img/09.jpg -------------------------------------------------------------------------------- /Non-Modularized/S3-Static-Website/2109_the_card/img/10.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AmanPathak-DevOps/Terraform-for-AWS/2376bd4bdae9dcfe64ca01333b8c84f947c168e1/Non-Modularized/S3-Static-Website/2109_the_card/img/10.jpg -------------------------------------------------------------------------------- /Non-Modularized/S3-Static-Website/2109_the_card/img/11.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AmanPathak-DevOps/Terraform-for-AWS/2376bd4bdae9dcfe64ca01333b8c84f947c168e1/Non-Modularized/S3-Static-Website/2109_the_card/img/11.jpg -------------------------------------------------------------------------------- /Non-Modularized/S3-Static-Website/2109_the_card/img/12.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AmanPathak-DevOps/Terraform-for-AWS/2376bd4bdae9dcfe64ca01333b8c84f947c168e1/Non-Modularized/S3-Static-Website/2109_the_card/img/12.jpg -------------------------------------------------------------------------------- /Non-Modularized/S3-Static-Website/2109_the_card/img/bar-code.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AmanPathak-DevOps/Terraform-for-AWS/2376bd4bdae9dcfe64ca01333b8c84f947c168e1/Non-Modularized/S3-Static-Website/2109_the_card/img/bar-code.jpg -------------------------------------------------------------------------------- /Non-Modularized/S3-Static-Website/2109_the_card/img/photo-02.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AmanPathak-DevOps/Terraform-for-AWS/2376bd4bdae9dcfe64ca01333b8c84f947c168e1/Non-Modularized/S3-Static-Website/2109_the_card/img/photo-02.jpg -------------------------------------------------------------------------------- /Non-Modularized/S3-Static-Website/2109_the_card/img/photo-03.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AmanPathak-DevOps/Terraform-for-AWS/2376bd4bdae9dcfe64ca01333b8c84f947c168e1/Non-Modularized/S3-Static-Website/2109_the_card/img/photo-03.jpg -------------------------------------------------------------------------------- /Non-Modularized/S3-Static-Website/2109_the_card/img/photo-04.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AmanPathak-DevOps/Terraform-for-AWS/2376bd4bdae9dcfe64ca01333b8c84f947c168e1/Non-Modularized/S3-Static-Website/2109_the_card/img/photo-04.jpg -------------------------------------------------------------------------------- /Non-Modularized/S3-Static-Website/2109_the_card/img/photo-05.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AmanPathak-DevOps/Terraform-for-AWS/2376bd4bdae9dcfe64ca01333b8c84f947c168e1/Non-Modularized/S3-Static-Website/2109_the_card/img/photo-05.jpg -------------------------------------------------------------------------------- /Non-Modularized/S3-Static-Website/2109_the_card/slick/ajax-loader.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AmanPathak-DevOps/Terraform-for-AWS/2376bd4bdae9dcfe64ca01333b8c84f947c168e1/Non-Modularized/S3-Static-Website/2109_the_card/slick/ajax-loader.gif -------------------------------------------------------------------------------- /Non-Modularized/S3-Static-Website/2109_the_card/slick/config.rb: -------------------------------------------------------------------------------- 1 | css_dir = "." 2 | sass_dir = "." 3 | images_dir = "." 4 | fonts_dir = "fonts" 5 | relative_assets = true 6 | 7 | output_style = :compact 8 | line_comments = false 9 | 10 | preferred_syntax = :scss -------------------------------------------------------------------------------- /Non-Modularized/S3-Static-Website/2109_the_card/slick/fonts/slick.eot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AmanPathak-DevOps/Terraform-for-AWS/2376bd4bdae9dcfe64ca01333b8c84f947c168e1/Non-Modularized/S3-Static-Website/2109_the_card/slick/fonts/slick.eot -------------------------------------------------------------------------------- /Non-Modularized/S3-Static-Website/2109_the_card/slick/fonts/slick.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Generated by Fontastic.me 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /Non-Modularized/S3-Static-Website/2109_the_card/slick/fonts/slick.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AmanPathak-DevOps/Terraform-for-AWS/2376bd4bdae9dcfe64ca01333b8c84f947c168e1/Non-Modularized/S3-Static-Website/2109_the_card/slick/fonts/slick.ttf -------------------------------------------------------------------------------- /Non-Modularized/S3-Static-Website/2109_the_card/slick/fonts/slick.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AmanPathak-DevOps/Terraform-for-AWS/2376bd4bdae9dcfe64ca01333b8c84f947c168e1/Non-Modularized/S3-Static-Website/2109_the_card/slick/fonts/slick.woff -------------------------------------------------------------------------------- /Non-Modularized/S3-Static-Website/2109_the_card/slick/slick.less: -------------------------------------------------------------------------------- 1 | /* Slider */ 2 | 3 | .slick-slider { 4 | position: relative; 5 | display: block; 6 | box-sizing: border-box; 7 | -webkit-touch-callout: none; 8 | -webkit-user-select: none; 9 | -khtml-user-select: none; 10 | -moz-user-select: none; 11 | -ms-user-select: none; 12 | user-select: none; 13 | -ms-touch-action: pan-y; 14 | touch-action: pan-y; 15 | -webkit-tap-highlight-color: transparent; 16 | } 17 | .slick-list { 18 | position: relative; 19 | overflow: hidden; 20 | display: block; 21 | margin: 0; 22 | padding: 0; 23 | 24 | &:focus { 25 | outline: none; 26 | } 27 | 28 | &.dragging { 29 | cursor: pointer; 30 | cursor: hand; 31 | } 32 | } 33 | .slick-slider .slick-track, 34 | .slick-slider .slick-list { 35 | -webkit-transform: translate3d(0, 0, 0); 36 | -moz-transform: translate3d(0, 0, 0); 37 | -ms-transform: translate3d(0, 0, 0); 38 | -o-transform: translate3d(0, 0, 0); 39 | transform: translate3d(0, 0, 0); 40 | } 41 | 42 | .slick-track { 43 | position: relative; 44 | left: 0; 45 | top: 0; 46 | display: block; 47 | margin-left: auto; 48 | margin-right: auto; 49 | 50 | &:before, 51 | &:after { 52 | content: ""; 53 | display: table; 54 | } 55 | 56 | &:after { 57 | clear: both; 58 | } 59 | 60 | .slick-loading & { 61 | visibility: hidden; 62 | } 63 | } 64 | .slick-slide { 65 | float: left; 66 | height: 100%; 67 | min-height: 1px; 68 | [dir="rtl"] & { 69 | float: right; 70 | } 71 | img { 72 | display: block; 73 | } 74 | &.slick-loading img { 75 | display: none; 76 | } 77 | 78 | display: none; 79 | 80 | &.dragging img { 81 | pointer-events: none; 82 | } 83 | 84 | .slick-initialized & { 85 | display: block; 86 | } 87 | 88 | .slick-loading & { 89 | visibility: hidden; 90 | } 91 | 92 | .slick-vertical & { 93 | display: block; 94 | height: auto; 95 | border: 1px solid transparent; 96 | } 97 | } 98 | .slick-arrow.slick-hidden { 99 | display: none; 100 | } 101 | -------------------------------------------------------------------------------- /Non-Modularized/S3-Static-Website/2109_the_card/slick/slick.scss: -------------------------------------------------------------------------------- 1 | /* Slider */ 2 | 3 | .slick-slider { 4 | position: relative; 5 | display: block; 6 | box-sizing: border-box; 7 | -webkit-touch-callout: none; 8 | -webkit-user-select: none; 9 | -khtml-user-select: none; 10 | -moz-user-select: none; 11 | -ms-user-select: none; 12 | user-select: none; 13 | -ms-touch-action: pan-y; 14 | touch-action: pan-y; 15 | -webkit-tap-highlight-color: transparent; 16 | } 17 | .slick-list { 18 | position: relative; 19 | overflow: hidden; 20 | display: block; 21 | margin: 0; 22 | padding: 0; 23 | 24 | &:focus { 25 | outline: none; 26 | } 27 | 28 | &.dragging { 29 | cursor: pointer; 30 | cursor: hand; 31 | } 32 | } 33 | .slick-slider .slick-track, 34 | .slick-slider .slick-list { 35 | -webkit-transform: translate3d(0, 0, 0); 36 | -moz-transform: translate3d(0, 0, 0); 37 | -ms-transform: translate3d(0, 0, 0); 38 | -o-transform: translate3d(0, 0, 0); 39 | transform: translate3d(0, 0, 0); 40 | } 41 | 42 | .slick-track { 43 | position: relative; 44 | left: 0; 45 | top: 0; 46 | display: block; 47 | margin-left: auto; 48 | margin-right: auto; 49 | 50 | &:before, 51 | &:after { 52 | content: ""; 53 | display: table; 54 | } 55 | 56 | &:after { 57 | clear: both; 58 | } 59 | 60 | .slick-loading & { 61 | visibility: hidden; 62 | } 63 | } 64 | .slick-slide { 65 | float: left; 66 | height: 100%; 67 | min-height: 1px; 68 | [dir="rtl"] & { 69 | float: right; 70 | } 71 | img { 72 | display: block; 73 | } 74 | &.slick-loading img { 75 | display: none; 76 | } 77 | 78 | display: none; 79 | 80 | &.dragging img { 81 | pointer-events: none; 82 | } 83 | 84 | .slick-initialized & { 85 | display: block; 86 | } 87 | 88 | .slick-loading & { 89 | visibility: hidden; 90 | } 91 | 92 | .slick-vertical & { 93 | display: block; 94 | height: auto; 95 | border: 1px solid transparent; 96 | } 97 | } 98 | .slick-arrow.slick-hidden { 99 | display: none; 100 | } 101 | -------------------------------------------------------------------------------- /Non-Modularized/S3-Static-Website/assets/AWS-Infra-Diagram.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AmanPathak-DevOps/Terraform-for-AWS/2376bd4bdae9dcfe64ca01333b8c84f947c168e1/Non-Modularized/S3-Static-Website/assets/AWS-Infra-Diagram.gif -------------------------------------------------------------------------------- /Non-Modularized/S3-Static-Website/backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "s3" { 3 | bucket = "my-ews-baket1" 4 | region = "us-east-1" 5 | key = "Non-Modularized/S3-Static-Website/terraform.tfstate" 6 | dynamodb_table = "Lock-Files" 7 | encrypt = true 8 | } 9 | required_version = ">=0.13.0" 10 | required_providers { 11 | aws = { 12 | version = ">= 2.7.0" 13 | source = "hashicorp/aws" 14 | } 15 | } 16 | } -------------------------------------------------------------------------------- /Non-Modularized/S3-Static-Website/bucket-creation.tf: -------------------------------------------------------------------------------- 1 | # Creating S3 bucket and apply force destroy So, when going to destroy it won't throw error 'Bucket is not empty' 2 | resource "aws_s3_bucket" "s3-bucket" { 3 | bucket = var.bucket-name 4 | force_destroy = true 5 | lifecycle { 6 | prevent_destroy = false 7 | } 8 | } 9 | 10 | # Using null resource to push all the files in one time instead of sending one by one 11 | resource "null_resource" "upload-to-S3" { 12 | provisioner "local-exec" { 13 | command = "aws s3 sync ${path.module}/2109_the_card s3://${aws_s3_bucket.s3-bucket.id}" 14 | } 15 | } 16 | 17 | # Keeping S3 bucket private 18 | resource "aws_s3_bucket_public_access_block" "webiste_bucket_access" { 19 | bucket = aws_s3_bucket.s3-bucket.id 20 | block_public_acls = true 21 | block_public_policy = true 22 | ignore_public_acls = true 23 | restrict_public_buckets = true 24 | } 25 | 26 | # This Terraform code defines an IAM policy document that allows CloudFront to access objects in the S3 bucket 27 | data "aws_iam_policy_document" "website_bucket" { 28 | statement { 29 | actions = ["s3:GetObject"] 30 | resources = ["${aws_s3_bucket.s3-bucket.arn}/*"] 31 | principals { 32 | type = "Service" 33 | identifiers = ["cloudfront.amazonaws.com"] 34 | } 35 | condition { 36 | test = "StringEquals" 37 | variable = "aws:SourceArn" 38 | values = [aws_cloudfront_distribution.cdn_static_website.arn] 39 | } 40 | } 41 | } 42 | 43 | # Creating the S3 policy and applying it for the S3 bucket 44 | resource "aws_s3_bucket_policy" "website_bucket_policy" { 45 | bucket = aws_s3_bucket.s3-bucket.id 46 | policy = data.aws_iam_policy_document.website_bucket.json 47 | } -------------------------------------------------------------------------------- /Non-Modularized/S3-Static-Website/certificate.tf: -------------------------------------------------------------------------------- 1 | # ACM certificate resource with the domain name and DNS validation method, supporting subject alternative names 2 | resource "aws_acm_certificate" "cert" { 3 | provider = aws.use_default_region 4 | domain_name = var.domain-name 5 | validation_method = "DNS" 6 | subject_alternative_names = [var.domain-name] 7 | 8 | lifecycle { 9 | create_before_destroy = true 10 | } 11 | } 12 | 13 | # ACM certificate validation resource using the certificate ARN and a list of validation record FQDNs. 14 | resource "aws_acm_certificate_validation" "cert" { 15 | provider = aws.use_default_region 16 | certificate_arn = aws_acm_certificate.cert.arn 17 | validation_record_fqdns = [for record in aws_route53_record.cert_validation : record.fqdn] 18 | } -------------------------------------------------------------------------------- /Non-Modularized/S3-Static-Website/cloudfront-distribution.tf: -------------------------------------------------------------------------------- 1 | # CloudFront distribution with S3 origin, HTTPS redirect, IPv6 enabled, no cache, and ACM SSL certificate. 2 | resource "aws_cloudfront_distribution" "cdn_static_website" { 3 | enabled = true 4 | is_ipv6_enabled = true 5 | default_root_object = "index.html" 6 | 7 | origin { 8 | domain_name = aws_s3_bucket.s3-bucket.bucket_regional_domain_name 9 | origin_id = "my-s3-origin" 10 | origin_access_control_id = aws_cloudfront_origin_access_control.default.id 11 | } 12 | 13 | default_cache_behavior { 14 | min_ttl = 0 15 | default_ttl = 0 16 | max_ttl = 0 17 | viewer_protocol_policy = "redirect-to-https" 18 | 19 | allowed_methods = ["GET", "HEAD", "OPTIONS"] 20 | cached_methods = ["GET", "HEAD"] 21 | target_origin_id = "my-s3-origin" 22 | 23 | forwarded_values { 24 | query_string = false 25 | cookies { 26 | forward = "none" 27 | } 28 | } 29 | } 30 | 31 | restrictions { 32 | geo_restriction { 33 | locations = [] 34 | restriction_type = "none" 35 | } 36 | } 37 | 38 | viewer_certificate { 39 | acm_certificate_arn = aws_acm_certificate.cert.arn 40 | ssl_support_method = "sni-only" 41 | minimum_protocol_version = "TLSv1.2_2021" 42 | } 43 | } 44 | 45 | # CloudFront origin access control for S3 origin type with always signing using sigv4 protocol 46 | resource "aws_cloudfront_origin_access_control" "default" { 47 | name = "cloudfront OAC" 48 | description = "description OAC" 49 | origin_access_control_origin_type = "s3" 50 | signing_behavior = "always" 51 | signing_protocol = "sigv4" 52 | } 53 | 54 | # Output the CloudFront distribution URL using the domain name of the cdn_static_website resource. 55 | output "cloudfront_url" { 56 | value = aws_cloudfront_distribution.cdn_static_website.domain_name 57 | } 58 | 59 | -------------------------------------------------------------------------------- /Non-Modularized/S3-Static-Website/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "us-east-1" 3 | alias = "use_default_region" 4 | } -------------------------------------------------------------------------------- /Non-Modularized/S3-Static-Website/route53.tf: -------------------------------------------------------------------------------- 1 | # AWS Route53 zone data source with the domain name and private zone set to false 2 | data "aws_route53_zone" "zone" { 3 | provider = aws.use_default_region 4 | name = var.domain-name 5 | private_zone = false 6 | } 7 | 8 | # AWS Route53 record resource for certificate validation with dynamic for_each loop and properties for name, records, type, zone_id, and ttl. 9 | resource "aws_route53_record" "cert_validation" { 10 | provider = aws.use_default_region 11 | for_each = { 12 | for dvo in aws_acm_certificate.cert.domain_validation_options : dvo.domain_name => { 13 | name = dvo.resource_record_name 14 | record = dvo.resource_record_value 15 | type = dvo.resource_record_type 16 | } 17 | } 18 | 19 | allow_overwrite = true 20 | name = each.value.name 21 | records = [each.value.record] 22 | type = each.value.type 23 | zone_id = data.aws_route53_zone.zone.zone_id 24 | ttl = 60 25 | } 26 | 27 | # AWS Route53 record resource for the "www" subdomain. The record uses an "A" type record and an alias to the AWS CloudFront distribution with the specified domain name and hosted zone ID. The target health evaluation is set to false. 28 | resource "aws_route53_record" "www" { 29 | zone_id = data.aws_route53_zone.zone.id 30 | name = "www.${var.domain-name}" 31 | type = "A" 32 | 33 | alias { 34 | name = aws_cloudfront_distribution.cdn_static_website.domain_name 35 | zone_id = aws_cloudfront_distribution.cdn_static_website.hosted_zone_id 36 | evaluate_target_health = false 37 | } 38 | } 39 | 40 | # AWS Route53 record resource for the apex domain (root domain) with an "A" type record. The record uses an alias to the AWS CloudFront distribution with the specified domain name and hosted zone ID. The target health evaluation is set to false. 41 | resource "aws_route53_record" "apex" { 42 | zone_id = data.aws_route53_zone.zone.id 43 | name = var.domain-name 44 | type = "A" 45 | 46 | alias { 47 | name = aws_cloudfront_distribution.cdn_static_website.domain_name 48 | zone_id = aws_cloudfront_distribution.cdn_static_website.hosted_zone_id 49 | evaluate_target_health = false 50 | } 51 | } -------------------------------------------------------------------------------- /Non-Modularized/S3-Static-Website/variables.tf: -------------------------------------------------------------------------------- 1 | # S3 bucket name 2 | variable "bucket-name" { 3 | default = "everyone-is-cool-065407" 4 | } 5 | 6 | # Domain name that you have registered 7 | variable "domain-name" { 8 | default = "example.com" // Modify as per your domain name 9 | } -------------------------------------------------------------------------------- /Non-Modularized/SecurityGroup-EC2/backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "s3" { 3 | bucket = "my-ews-baket1" 4 | region = "us-east-1" 5 | key = "Non-Modularized/SecurityGroup-EC2/terraform.tfstate" 6 | dynamodb_table = "Lock-Files" 7 | encrypt = true 8 | } 9 | required_version = ">=0.13.0" 10 | required_providers { 11 | aws = { 12 | version = ">= 2.7.0" 13 | source = "hashicorp/aws" 14 | } 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /Non-Modularized/SecurityGroup-EC2/main.tf: -------------------------------------------------------------------------------- 1 | variable "access_key" { 2 | type = string 3 | } 4 | 5 | variable "secret_key" { 6 | type = string 7 | } 8 | 9 | provider "aws" { 10 | region = "us-east-1" 11 | } 12 | 13 | resource "aws_vpc" "vpc" { 14 | cidr_block = "10.0.0.0/16" 15 | tags = { 16 | Name = "aman-vpc" 17 | } 18 | } 19 | 20 | 21 | 22 | # Creating the Security group with HTTP protocol type 23 | resource "aws_security_group" "allow_tls" { 24 | name = "allow_tls" 25 | description = "Allow TLS inbound traffic" 26 | vpc_id = aws_vpc.vpc.id 27 | 28 | ingress { 29 | from_port = 80 30 | to_port = 80 31 | protocol = "tcp" 32 | cidr_blocks = [aws_vpc.vpc.cidr_block] 33 | # ipv6_cidr_blocks = ["::/0"] 34 | } 35 | 36 | 37 | egress { 38 | from_port = 0 39 | to_port = 0 40 | protocol = "-1" 41 | cidr_blocks = ["0.0.0.0/0"] 42 | ipv6_cidr_blocks = ["::/0"] 43 | } 44 | 45 | tags = { 46 | Name = "allow_tls" 47 | } 48 | } 49 | 50 | 51 | -------------------------------------------------------------------------------- /Non-Modularized/Simple-RDS-Instance/backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "s3" { 3 | bucket = "my-ews-baket1" 4 | region = "us-east-1" 5 | key = "Non-Modularized/Simple-RDS-Instance/terraform.tfstate" 6 | dynamodb_table = "Lock-Files" 7 | encrypt = true 8 | } 9 | required_version = ">=0.13.0" 10 | required_providers { 11 | aws = { 12 | version = ">= 2.7.0" 13 | source = "hashicorp/aws" 14 | } 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /Non-Modularized/Simple-RDS-Instance/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "us-east-1" 3 | } -------------------------------------------------------------------------------- /Non-Modularized/Simple-RDS-Instance/rds.tf: -------------------------------------------------------------------------------- 1 | resource "aws_db_instance" "db-instance" { 2 | allocated_storage = 10 3 | db_name = "rdsone" 4 | engine = "mysql" 5 | engine_version = "5.7" 6 | instance_class = "db.t2.micro" 7 | username = "username1" 8 | password = "username123" 9 | parameter_group_name = "default.mysql5.7" 10 | skip_final_snapshot = true 11 | } -------------------------------------------------------------------------------- /Non-Modularized/Three-Tier-Application/AMI-Creation.pkr.hcl: -------------------------------------------------------------------------------- 1 | # This will help you to create the AMI on AWS, Here we have created Ubuntu AMI 2 | # To run this use command, 'terraform packer build AMI-Creation.pkr.hcl' 3 | variable "ami_id" { 4 | type = string 5 | default = "ami-053b0d53c279acc90" 6 | } 7 | 8 | locals { 9 | app_name = "AMI" 10 | } 11 | 12 | source "amazon-ebs" "ami" { 13 | ami_name = "New-${local.app_name}" 14 | instance_type = "t2.micro" 15 | region = "us-east-1" 16 | source_ami = "${var.ami_id}" 17 | ssh_username = "ubuntu" 18 | 19 | tags = { 20 | Environment = "Development" 21 | Name = "New-${local.app_name}" 22 | } 23 | } 24 | 25 | build { 26 | sources = ["source.amazon-ebs.ami"] 27 | } -------------------------------------------------------------------------------- /Non-Modularized/Three-Tier-Application/assets/Three-Tier-Architecture.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AmanPathak-DevOps/Terraform-for-AWS/2376bd4bdae9dcfe64ca01333b8c84f947c168e1/Non-Modularized/Three-Tier-Application/assets/Three-Tier-Architecture.gif -------------------------------------------------------------------------------- /Non-Modularized/Three-Tier-Application/backend.tf: -------------------------------------------------------------------------------- 1 | # To Store the Terraform state file on AWS S3 bucket and implement state locking through DynamoDB 2 | # You can create your own bucket and DynamoDB and replace the name with your bucket and DynamoDB table 3 | terraform { 4 | backend "s3" { 5 | bucket = "my-ews-baket1" 6 | region = "us-east-1" 7 | key = "Non-Modularized/Three-Tier-Architecture/terraform.tfstate" 8 | dynamodb_table = "Lock-Files" 9 | encrypt = true 10 | } 11 | required_version = ">=0.13.0" 12 | required_providers { 13 | aws = { 14 | version = ">= 2.7.0" 15 | source = "hashicorp/aws" 16 | } 17 | } 18 | } -------------------------------------------------------------------------------- /Non-Modularized/Three-Tier-Application/certificate-manager.tf: -------------------------------------------------------------------------------- 1 | # 9 ACM certificate resource with the domain name and DNS validation method, supporting subject alternative names 2 | resource "aws_acm_certificate" "cert" { 3 | provider = aws.use_default_region 4 | domain_name = var.domain-name 5 | validation_method = "DNS" 6 | subject_alternative_names = [var.domain-name, "www.${var.domain-name}"] 7 | 8 | lifecycle { 9 | create_before_destroy = true 10 | } 11 | } 12 | 13 | # ACM certificate validation resource using the certificate ARN and a list of validation record FQDNs. 14 | resource "aws_acm_certificate_validation" "cert" { 15 | provider = aws.use_default_region 16 | certificate_arn = aws_acm_certificate.cert.arn 17 | validation_record_fqdns = [for record in aws_route53_record.cert_validation : record.fqdn] 18 | } 19 | -------------------------------------------------------------------------------- /Non-Modularized/Three-Tier-Application/cloudfront.tf: -------------------------------------------------------------------------------- 1 | # 11 To Provide low-latency to the User, We are creating Cloudfront Distribution in which Certficate Manager and WEB ACLs are added. 2 | resource "aws_cloudfront_distribution" "cdn-web-elb-distribution" { 3 | origin { 4 | domain_name = aws_lb.web-elb.dns_name 5 | origin_id = "my-web-alb" 6 | 7 | custom_origin_config { 8 | http_port = 80 9 | https_port = 443 10 | origin_protocol_policy = "http-only" 11 | origin_ssl_protocols = ["TLSv1.2"] 12 | } 13 | 14 | } 15 | 16 | aliases = [var.domain-name, "www.${var.domain-name}"] 17 | enabled = true 18 | is_ipv6_enabled = true 19 | comment = "CDN ALB Distribution" 20 | price_class = "PriceClass_100" 21 | 22 | default_cache_behavior { 23 | allowed_methods = ["GET", "HEAD", "OPTIONS"] 24 | cached_methods = ["GET", "HEAD"] 25 | target_origin_id = "my-web-alb" 26 | 27 | forwarded_values { 28 | query_string = false 29 | headers = ["*"] 30 | cookies { 31 | forward = "none" 32 | } 33 | 34 | } 35 | compress = true 36 | viewer_protocol_policy = "redirect-to-https" 37 | } 38 | 39 | restrictions { 40 | geo_restriction { 41 | restriction_type = "none" 42 | } 43 | } 44 | 45 | viewer_certificate { 46 | acm_certificate_arn = aws_acm_certificate.cert.arn 47 | ssl_support_method = "sni-only" 48 | minimum_protocol_version = "TLSv1.2_2021" 49 | } 50 | 51 | web_acl_id = aws_wafv2_web_acl.web_acl.arn 52 | 53 | tags = { 54 | Name = var.cdn-name 55 | } 56 | 57 | depends_on = [aws_acm_certificate_validation.cert, aws_wafv2_web_acl.web_acl] 58 | } 59 | -------------------------------------------------------------------------------- /Non-Modularized/Three-Tier-Application/iam-policy.tf: -------------------------------------------------------------------------------- 1 | # 3 Attach Role with created policy 2 | # Policy content file in iam-policy.json file 3 | 4 | resource "aws_iam_role_policy" "iam-policy" { 5 | name = "SSM-S3-Policy-Permission" 6 | role = aws_iam_role.iam-role.id 7 | policy = file("${path.module}/iam-policy.json") 8 | } -------------------------------------------------------------------------------- /Non-Modularized/Three-Tier-Application/iam-role.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Principal": { 7 | "Service": "ec2.amazonaws.com" 8 | }, 9 | "Action": "sts:AssumeRole" 10 | } 11 | ] 12 | } -------------------------------------------------------------------------------- /Non-Modularized/Three-Tier-Application/iam-role.tf: -------------------------------------------------------------------------------- 1 | # 2 Create IAM Role for EC2 through SSM Manager 2 | # Role file content in iam-role.json file 3 | 4 | resource "aws_iam_role" "iam-role" { 5 | name = "EC2-SSM-S3-Permissions" 6 | assume_role_policy = file("${path.module}/iam-role.json") 7 | } 8 | 9 | resource "aws_iam_instance_profile" "test_profile" { 10 | name = "test_profile" 11 | role = aws_iam_role.iam-role.name 12 | } -------------------------------------------------------------------------------- /Non-Modularized/Three-Tier-Application/launch-configuration.tf: -------------------------------------------------------------------------------- 1 | # 6 Creating Launch Configuration for Web-Tier, Make sure to add your custom AMI or AWS Ubuntu AMI. I have used Ubuntu 22.04 AMI. So, do accordingly 2 | resource "aws_launch_configuration" "Web-LC" { 3 | name = "Web-LC" 4 | image_id = "ami-0b8e413243acd6d7b" 5 | instance_type = "t2.micro" 6 | security_groups = [aws_security_group.Web-SG.id] 7 | iam_instance_profile = aws_iam_instance_profile.test_profile.arn 8 | lifecycle { 9 | create_before_destroy = true 10 | } 11 | } 12 | 13 | # Creating Launch Configuration for App-Tier, Make sure to add your custom AMI or AWS Ubuntu AMI. I have used Ubuntu 22.04 AMI. So, do accordingly 14 | resource "aws_launch_configuration" "App-LC" { 15 | name = "App-LC" 16 | image_id = "ami-0dd705465e0cd0516" 17 | instance_type = "t2.micro" 18 | security_groups = [aws_security_group.App-SG.id] 19 | iam_instance_profile = aws_iam_instance_profile.test_profile.arn 20 | lifecycle { 21 | create_before_destroy = true 22 | } 23 | } 24 | 25 | -------------------------------------------------------------------------------- /Non-Modularized/Three-Tier-Application/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "us-east-1" 3 | alias = "use_default_region" 4 | } -------------------------------------------------------------------------------- /Non-Modularized/Three-Tier-Application/rds.tf: -------------------------------------------------------------------------------- 1 | # 8 Creating DB subnet group for RDS Instances 2 | resource "aws_db_subnet_group" "db_subnet_group" { 3 | name = "rds-subnet-group" 4 | subnet_ids = [aws_subnet.private-subnet3.id, aws_subnet.private-subnet4.id] 5 | } 6 | 7 | 8 | # Creating Aurora RDS Cluster, username and password used only for practice, otherwise follow DevOps best practices to keep it secret 9 | resource "aws_rds_cluster" "aurora_cluster" { 10 | cluster_identifier = "aurora-cluster" 11 | engine = "aurora-mysql" 12 | engine_version = "8.0.mysql_aurora.3.02.2" 13 | master_username = var.rds-username 14 | master_password = var.rds-pwd 15 | backup_retention_period = 7 16 | preferred_backup_window = "07:00-09:00" 17 | skip_final_snapshot = true 18 | database_name = var.db-name 19 | port = 3306 20 | db_subnet_group_name = aws_db_subnet_group.db_subnet_group.name 21 | vpc_security_group_ids = [aws_security_group.Database-SG.id] 22 | tags = { 23 | Name = var.rds-name 24 | } 25 | } 26 | 27 | # Creating RDS Cluster instance 28 | resource "aws_rds_cluster_instance" "primary_instance" { 29 | cluster_identifier = aws_rds_cluster.aurora_cluster.id 30 | identifier = "primary-instance" 31 | instance_class = "db.r5.large" 32 | engine = aws_rds_cluster.aurora_cluster.engine 33 | engine_version = aws_rds_cluster.aurora_cluster.engine_version 34 | } 35 | 36 | # Creating RDS Read Replica Instance 37 | resource "aws_rds_cluster_instance" "read_replica_instance" { 38 | count = 1 39 | cluster_identifier = aws_rds_cluster.aurora_cluster.id 40 | identifier = "read-replica-instance-${count.index}" 41 | instance_class = "db.r5.large" # Choose an appropriate instance class 42 | engine = aws_rds_cluster.aurora_cluster.engine 43 | 44 | depends_on = [aws_rds_cluster_instance.primary_instance] 45 | } -------------------------------------------------------------------------------- /Non-Modularized/Three-Tier-Application/s3-bucket.tf: -------------------------------------------------------------------------------- 1 | # 13 Here, We are creating S3 bucket and uploading our code to the S3 bucket. The source code is in the repository itself. 2 | resource "aws_s3_bucket" "s3-bucket" { 3 | bucket = var.bucket-name 4 | } 5 | 6 | resource "aws_s3_bucket_public_access_block" "public-access-block" { 7 | bucket = aws_s3_bucket.s3-bucket.id 8 | 9 | block_public_acls = true 10 | block_public_policy = true 11 | ignore_public_acls = true 12 | restrict_public_buckets = true 13 | } 14 | 15 | resource "aws_s3_object" "object" { 16 | 17 | for_each = fileset("./aws-three-tier-web-architecture-workshop", "**/*") 18 | 19 | 20 | bucket = aws_s3_bucket.s3-bucket.id 21 | key = "aws-three-tier-web-architecture-workshop/${each.key}" 22 | source = "./aws-three-tier-web-architecture-workshop/${each.key}" 23 | 24 | etag = filemd5("./aws-three-tier-web-architecture-workshop/${each.key}") 25 | } -------------------------------------------------------------------------------- /Non-Modularized/Three-Tier-Application/variables.tf: -------------------------------------------------------------------------------- 1 | variable "vpc-name" { 2 | default = "Three-tier-VPC" 3 | } 4 | 5 | variable "ig-name" { 6 | default = "Three-tier-IG" 7 | } 8 | 9 | variable "eip1-name" { 10 | default = "Nat-IP1" 11 | } 12 | 13 | variable "eip2-name" { 14 | default = "NAT-IP2" 15 | } 16 | 17 | variable "public-subnet1" { 18 | default = "Web-Server1" 19 | } 20 | 21 | variable "public-subnet2" { 22 | default = "Web-Server2" 23 | } 24 | 25 | variable "private-subnet1" { 26 | default = "App-Server1" 27 | } 28 | 29 | variable "private-subnet2" { 30 | default = "App-Server2" 31 | } 32 | 33 | variable "private-subnet3" { 34 | default = "Database-Server1" 35 | } 36 | 37 | variable "private-subnet4" { 38 | default = "Database-Server2" 39 | } 40 | 41 | variable "ng1-name" { 42 | default = "NAT-GW1" 43 | } 44 | 45 | variable "ng2-name" { 46 | default = "NAT-GW2" 47 | } 48 | 49 | variable "public-rt1" { 50 | default = "Public-RT1" 51 | } 52 | 53 | variable "public-rt2" { 54 | default = "Public-RT2" 55 | } 56 | 57 | variable "private-rt1" { 58 | default = "Private-RT1" 59 | } 60 | 61 | variable "private-rt2" { 62 | default = "Private-RT2" 63 | } 64 | 65 | variable "private-rt3" { 66 | default = "Private-RT3" 67 | } 68 | 69 | variable "private-rt4" { 70 | default = "Private-RT4" 71 | } 72 | 73 | variable "rds-username" { 74 | default = "admin" 75 | } 76 | 77 | variable "rds-pwd" { 78 | default = "Aman1234" 79 | } 80 | 81 | variable "db-name" { 82 | default = "OnlineShopping" 83 | } 84 | 85 | variable "rds-name" { 86 | default = "Three-Tier-RDS" 87 | } 88 | 89 | variable "domain-name" { 90 | default = "tanishqa.tech" 91 | } 92 | 93 | variable "cdn-name" { 94 | default = "CDN-Web-ALB-Distribution" 95 | } 96 | 97 | variable "web_acl_name" { 98 | default = "MyWebACL" 99 | } 100 | 101 | variable "bucket-name" { 102 | default = "three-tier-bucket343234" 103 | } -------------------------------------------------------------------------------- /Non-Modularized/Three-Tier-Application/waf.tf: -------------------------------------------------------------------------------- 1 | # 10 Creating Web Application Firewall(WAF) to keep our Application highliy safe and secure. 2 | # We have created one rule where any user if try to access our Application through TOR browser or any VPN, then the user will not be able to access the Application 3 | resource "aws_wafv2_web_acl" "web_acl" { 4 | name = var.web_acl_name 5 | scope = "CLOUDFRONT" 6 | default_action { 7 | allow {} 8 | } 9 | 10 | rule { 11 | name = "AWSManagedRulesAnonymousIpList" 12 | priority = 0 13 | 14 | override_action { 15 | none {} 16 | } 17 | 18 | visibility_config { 19 | cloudwatch_metrics_enabled = false 20 | metric_name = "BlockIPRuleMetrics" 21 | sampled_requests_enabled = false 22 | } 23 | 24 | statement { 25 | managed_rule_group_statement { 26 | name = "AWSManagedRulesAnonymousIpList" 27 | vendor_name = "AWS" 28 | rule_action_override { 29 | action_to_use { 30 | count {} 31 | } 32 | 33 | name = "SizeRestrictions_QUERYSTRING" 34 | } 35 | 36 | rule_action_override { 37 | action_to_use { 38 | count {} 39 | } 40 | 41 | name = "NoUserAgent_HEADER" 42 | } 43 | } 44 | } 45 | } 46 | 47 | 48 | visibility_config { 49 | cloudwatch_metrics_enabled = false 50 | metric_name = "BlockIPRuleMetrics" 51 | sampled_requests_enabled = false 52 | } 53 | } -------------------------------------------------------------------------------- /Non-Modularized/Trigger-Lambda-Using-EventBridge/backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "s3" { 3 | bucket = "my-ews-baket1" 4 | region = "us-east-1" 5 | key = "Non-Modularized/Trigger-Lambda-Using-EventBridge/terraform.tfstate" 6 | dynamodb_table = "Lock-Files" 7 | encrypt = true 8 | } 9 | required_version = ">=0.13.0" 10 | required_providers { 11 | aws = { 12 | version = ">= 2.7.0" 13 | source = "hashicorp/aws" 14 | } 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /Non-Modularized/Trigger-Lambda-Using-EventBridge/code.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AmanPathak-DevOps/Terraform-for-AWS/2376bd4bdae9dcfe64ca01333b8c84f947c168e1/Non-Modularized/Trigger-Lambda-Using-EventBridge/code.zip -------------------------------------------------------------------------------- /Non-Modularized/Trigger-Lambda-Using-EventBridge/eventbridge.tf: -------------------------------------------------------------------------------- 1 | resource "aws_cloudwatch_event_rule" "every_five_minutes" { 2 | name = "every-five-minutes" 3 | description = "Fires every five minutes" 4 | schedule_expression = "rate(15 minutes)" 5 | } 6 | 7 | resource "aws_cloudwatch_event_target" "check_foo_every_five_minutes" { 8 | rule = aws_cloudwatch_event_rule.every_five_minutes.name 9 | target_id = "lambda-1" 10 | arn = aws_lambda_function.lambda-1.arn 11 | } 12 | 13 | resource "aws_lambda_permission" "allow_cloudwatch_to_call_check_foo" { 14 | statement_id = "AllowExecutionFromCloudWatch" 15 | action = "lambda:InvokeFunction" 16 | function_name = aws_lambda_function.lambda-1.function_name 17 | principal = "events.amazonaws.com" 18 | source_arn = aws_cloudwatch_event_rule.every_five_minutes.arn 19 | } 20 | -------------------------------------------------------------------------------- /Non-Modularized/Trigger-Lambda-Using-EventBridge/iam-policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "sns:*", 8 | "cloudwatch:*", 9 | "logs:*", 10 | "iam:GetPolicy", 11 | "iam:GetPolicyVersion", 12 | "iam:GetRole" 13 | ], 14 | "Resource": "*" 15 | } 16 | ] 17 | } -------------------------------------------------------------------------------- /Non-Modularized/Trigger-Lambda-Using-EventBridge/iam-policy.tf: -------------------------------------------------------------------------------- 1 | resource "aws_iam_role_policy" "iam-policy" { 2 | name = "AWS-Lambda-Role-S3-New" 3 | role = aws_iam_role.iam-role.id 4 | policy = file("${path.module}/iam-policy.json") 5 | } -------------------------------------------------------------------------------- /Non-Modularized/Trigger-Lambda-Using-EventBridge/iam-role.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Sid": "", 7 | "Principal": { 8 | "Service": "lambda.amazonaws.com" 9 | }, 10 | "Action": "sts:AssumeRole" 11 | } 12 | ] 13 | } -------------------------------------------------------------------------------- /Non-Modularized/Trigger-Lambda-Using-EventBridge/iam-role.tf: -------------------------------------------------------------------------------- 1 | resource "aws_iam_role" "iam-role" { 2 | name = "iam-role-lambda" 3 | assume_role_policy = file("${path.module}/iam-role.json") 4 | } -------------------------------------------------------------------------------- /Non-Modularized/Trigger-Lambda-Using-EventBridge/lambda.tf: -------------------------------------------------------------------------------- 1 | # Creating lambda function 2 | resource "aws_lambda_function" "lambda-1" { 3 | filename = "code.zip" 4 | function_name = "lambda-for-EventBridge" 5 | role = aws_iam_role.iam-role.arn 6 | handler = "code.lambda_handler" 7 | runtime = "python3.8" 8 | } 9 | 10 | 11 | 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /Non-Modularized/Trigger-Lambda-Using-EventBridge/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "us-east-1" 3 | } -------------------------------------------------------------------------------- /Non-Modularized/Two-Tier-Architecture/bloody-sweet/assets/Two-Tier-Architecture.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AmanPathak-DevOps/Terraform-for-AWS/2376bd4bdae9dcfe64ca01333b8c84f947c168e1/Non-Modularized/Two-Tier-Architecture/bloody-sweet/assets/Two-Tier-Architecture.gif -------------------------------------------------------------------------------- /Non-Modularized/Two-Tier-Architecture/bloody-sweet/backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "s3" { 3 | bucket = "my-ews-baket1" 4 | region = "us-east-1" 5 | key = "Non-Modularized/Two-Tier-Architecture/terraform.tfstate" 6 | dynamodb_table = "Lock-Files" 7 | encrypt = true 8 | } 9 | required_version = ">=0.13.0" 10 | required_providers { 11 | aws = { 12 | version = ">= 2.7.0" 13 | source = "hashicorp/aws" 14 | } 15 | } 16 | } -------------------------------------------------------------------------------- /Non-Modularized/Two-Tier-Architecture/bloody-sweet/variables.tf: -------------------------------------------------------------------------------- 1 | # VPC 2 | variable "VPC-NAME" {} 3 | variable "VPC-CIDR" {} 4 | variable "IGW-NAME" {} 5 | variable "PUBLIC-CIDR1" {} 6 | variable "PUBLIC-SUBNET1" {} 7 | variable "PUBLIC-CIDR2" {} 8 | variable "PUBLIC-SUBNET2" {} 9 | variable "PRIVATE-CIDR1" {} 10 | variable "PRIVATE-SUBNET1" {} 11 | variable "PRIVATE-CIDR2" {} 12 | variable "PRIVATE-SUBNET2" {} 13 | variable "EIP-NAME1" {} 14 | variable "EIP-NAME2" {} 15 | variable "NGW-NAME1" {} 16 | variable "NGW-NAME2" {} 17 | variable "PUBLIC-RT-NAME1" {} 18 | variable "PUBLIC-RT-NAME2" {} 19 | variable "PRIVATE-RT-NAME1" {} 20 | variable "PRIVATE-RT-NAME2" {} 21 | 22 | # SECURITY GROUP 23 | variable "ALB-SG-NAME" {} 24 | variable "WEB-SG-NAME" {} 25 | variable "DB-SG-NAME" {} 26 | 27 | # RDS 28 | variable "SG-NAME" {} 29 | variable "RDS-USERNAME" {} 30 | variable "RDS-PWD" {} 31 | variable "DB-NAME" {} 32 | variable "RDS-NAME" {} 33 | 34 | 35 | 36 | # ALB 37 | variable "TG-NAME" {} 38 | variable "ALB-NAME" {} 39 | 40 | # IAM 41 | variable "IAM-ROLE" {} 42 | variable "IAM-POLICY" {} 43 | variable "INSTANCE-PROFILE-NAME" {} 44 | 45 | # AUTOSCALING 46 | variable "AMI-NAME" {} 47 | variable "LAUNCH-TEMPLATE-NAME" {} 48 | variable "ASG-NAME" {} 49 | 50 | # CLOUDFFRONT 51 | variable "DOMAIN-NAME" {} 52 | variable "CDN-NAME" {} 53 | 54 | # WAF 55 | variable "WEB-ACL-NAME" {} 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | # variable "" {} 68 | # variable "" {} 69 | # variable "" {} 70 | # variable "" {} 71 | # variable "" {} 72 | # variable "" {} 73 | # variable "" {} 74 | # variable "" {} 75 | # variable "" {} 76 | # variable "" {} -------------------------------------------------------------------------------- /Non-Modularized/Two-Tier-Architecture/bloody-sweet/variables.tfvars: -------------------------------------------------------------------------------- 1 | # VPC 2 | VPC-NAME = "Two-Tier-VPC" 3 | VPC-CIDR = "10.0.0.0/16" 4 | IGW-NAME = "Two-Tier-Interet-Gateway" 5 | PUBLIC-CIDR1 = "10.0.1.0/24" 6 | PUBLIC-SUBNET1 = "Two-Tier-Public-Subnet1" 7 | PUBLIC-CIDR2 = "10.0.2.0/24" 8 | PUBLIC-SUBNET2 = "Two-Tier-Public-Subnet2" 9 | PRIVATE-CIDR1 = "10.0.3.0/24" 10 | PRIVATE-SUBNET1 = "Two-Tier-Private-Subnet1" 11 | PRIVATE-CIDR2 = "10.0.4.0/24" 12 | PRIVATE-SUBNET2 = "Two-Tier-Private-Subnet2" 13 | EIP-NAME1 = "Two-Tier-Elastic-IP1" 14 | EIP-NAME2 = "Two-Tier-Elastic-IP2" 15 | NGW-NAME1 = "Two-Tier-NAT1" 16 | NGW-NAME2 = "Two-Tier-NAT2" 17 | PUBLIC-RT-NAME1 = "Two-Tier-Public-Route-table1" 18 | PUBLIC-RT-NAME2 = "Two-Tier-Public-Route-table2" 19 | PRIVATE-RT-NAME1 = "Two-Tier-Private-Route-table1" 20 | PRIVATE-RT-NAME2 = "Two-Tier-Private-Route-table2" 21 | 22 | # SECURITY GROUP 23 | ALB-SG-NAME = "Two-Tier-alb-sg" 24 | WEB-SG-NAME = "Two-Tier-web-sg" 25 | DB-SG-NAME = "Two-Tier-db-sg" 26 | 27 | # RDS 28 | SG-NAME = "two-tier-rds-sg" 29 | RDS-USERNAME = "admin" 30 | RDS-PWD = "Admin1234" 31 | DB-NAME = "mydb" 32 | RDS-NAME = "Two-Tier-RDS" 33 | 34 | # ALB 35 | TG-NAME = "Web-TG" 36 | ALB-NAME = "Web-elb" 37 | 38 | # IAM 39 | IAM-ROLE = "iam-role-for-ec2-SSM" 40 | IAM-POLICY = "iam-policy-for-ec2-SSM" 41 | INSTANCE-PROFILE-NAME = "iam-instance-profile-for-ec2-SSM" 42 | 43 | # AUTOSCALING 44 | AMI-NAME = "New-AMI" 45 | LAUNCH-TEMPLATE-NAME = "Web-template" 46 | ASG-NAME = "Two-Tier-ASG" 47 | 48 | 49 | # CLOUDFRONT 50 | DOMAIN-NAME = "amanpathakdevops.study" 51 | CDN-NAME = "Two-Tier-CDN" 52 | 53 | # WAF 54 | WEB-ACL-NAME = "Two-Tier-WAF" -------------------------------------------------------------------------------- /Non-Modularized/Two-Tier-Architecture/modules/alb-tg/gather.tf: -------------------------------------------------------------------------------- 1 | data "aws_subnet" "public-subnet1" { 2 | filter { 3 | name = "tag:Name" 4 | values = [var.public-subnet-name1] 5 | } 6 | } 7 | 8 | data "aws_subnet" "public-subnet2" { 9 | filter { 10 | name = "tag:Name" 11 | values = [var.public-subnet-name2] 12 | } 13 | } 14 | 15 | data "aws_security_group" "web-alb-sg" { 16 | filter { 17 | name = "tag:Name" 18 | values = [var.web-alb-sg-name] 19 | } 20 | } 21 | 22 | data "aws_vpc" "vpc" { 23 | filter { 24 | name = "tag:Name" 25 | values = [var.vpc-name] 26 | } 27 | } -------------------------------------------------------------------------------- /Non-Modularized/Two-Tier-Architecture/modules/alb-tg/main.tf: -------------------------------------------------------------------------------- 1 | # Creating ALB for Web Tier 2 | resource "aws_lb" "web-elb" { 3 | name = var.alb-name 4 | internal = false 5 | load_balancer_type = "application" 6 | subnets = [data.aws_subnet.public-subnet1.id, data.aws_subnet.public-subnet2.id] 7 | security_groups = [data.aws_security_group.web-alb-sg.id] 8 | ip_address_type = "ipv4" 9 | enable_deletion_protection = false 10 | tags = { 11 | Name = var.alb-name 12 | } 13 | } 14 | 15 | # Creating Target Group for Web-Tier 16 | resource "aws_lb_target_group" "web-tg" { 17 | name = var.tg-name 18 | health_check { 19 | enabled = true 20 | interval = 10 21 | path = "/" 22 | protocol = "HTTP" 23 | timeout = 5 24 | healthy_threshold = 5 25 | unhealthy_threshold = 2 26 | } 27 | target_type = "instance" 28 | port = 80 29 | protocol = "HTTP" 30 | vpc_id = data.aws_vpc.vpc.id 31 | 32 | tags = { 33 | Name = var.tg-name 34 | } 35 | 36 | lifecycle { 37 | prevent_destroy = false 38 | } 39 | depends_on = [ aws_lb.web-elb ] 40 | } 41 | 42 | 43 | # Creating ALB listener with port 80 and attaching it to Web-Tier Target Group 44 | resource "aws_lb_listener" "web-alb-listener" { 45 | load_balancer_arn = aws_lb.web-elb.arn 46 | port = 80 47 | protocol = "HTTP" 48 | 49 | default_action { 50 | type = "forward" 51 | target_group_arn = aws_lb_target_group.web-tg.arn 52 | } 53 | 54 | depends_on = [ aws_lb.web-elb ] 55 | } -------------------------------------------------------------------------------- /Non-Modularized/Two-Tier-Architecture/modules/alb-tg/variables.tf: -------------------------------------------------------------------------------- 1 | variable "public-subnet-name1" {} 2 | variable "public-subnet-name2" {} 3 | variable "web-alb-sg-name" {} 4 | variable "alb-name" {} 5 | variable "tg-name" {} 6 | variable "vpc-name" {} -------------------------------------------------------------------------------- /Non-Modularized/Two-Tier-Architecture/modules/aws-autoscaling/deploy.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | apt-get update -y 4 | apt-get upgrade -y 5 | apt-get -y install nginx 6 | cd /var/www/html 7 | wget https://www.tooplate.com/zip-templates/2135_mini_finance.zip 8 | apt install unzip 9 | unzip 2135_mini_finance.zip 10 | rm -rf 2135_mini_finance.zip index.nginx-debian.html 11 | cd 2135_mini_finance/ 12 | mv * ../ 13 | rm -rf 2135_mini_finance/ 14 | systemctl enable nginx 15 | systemctl restart nginx 16 | apt install mysql-server -y -------------------------------------------------------------------------------- /Non-Modularized/Two-Tier-Architecture/modules/aws-autoscaling/gather.tf: -------------------------------------------------------------------------------- 1 | data "aws_ami" "ami" { 2 | most_recent = true 3 | 4 | filter { 5 | name = "name" 6 | values = ["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*"] 7 | } 8 | 9 | owners = ["099720109477"] 10 | } 11 | 12 | data "aws_security_group" "web-sg" { 13 | filter { 14 | name = "tag:Name" 15 | values = [var.web-sg-name] 16 | } 17 | } 18 | 19 | data "aws_subnet" "public-subnet1" { 20 | filter { 21 | name = "tag:Name" 22 | values = [var.public-subnet-name1] 23 | } 24 | } 25 | 26 | data "aws_subnet" "public-subnet2" { 27 | filter { 28 | name = "tag:Name" 29 | values = [var.public-subnet-name2] 30 | } 31 | } 32 | 33 | data "aws_lb_target_group" "tg" { 34 | tags = { 35 | Name = var.tg-name 36 | } 37 | } 38 | 39 | data "aws_iam_instance_profile" "instance-profile" { 40 | name = var.instance-profile-name 41 | } -------------------------------------------------------------------------------- /Non-Modularized/Two-Tier-Architecture/modules/aws-autoscaling/variable.tf: -------------------------------------------------------------------------------- 1 | variable "ami_name" {} 2 | variable "launch-template-name" {} 3 | variable "web-sg-name" {} 4 | variable "tg-name" {} 5 | variable "iam-role" {} 6 | variable "public-subnet-name1" {} 7 | variable "public-subnet-name2" {} 8 | variable "instance-profile-name" {} 9 | variable "asg-name" {} -------------------------------------------------------------------------------- /Non-Modularized/Two-Tier-Architecture/modules/aws-iam/iam-instance-profile.tf: -------------------------------------------------------------------------------- 1 | resource "aws_iam_instance_profile" "test_profile" { 2 | name = var.instance-profile-name 3 | role = aws_iam_role.iam-role.name 4 | } -------------------------------------------------------------------------------- /Non-Modularized/Two-Tier-Architecture/modules/aws-iam/iam-policy.tf: -------------------------------------------------------------------------------- 1 | resource "aws_iam_role_policy" "iam-policy" { 2 | name = var.iam-policy 3 | role = aws_iam_role.iam-role.id 4 | policy = file("${path.module}/iam-policy.json") 5 | } -------------------------------------------------------------------------------- /Non-Modularized/Two-Tier-Architecture/modules/aws-iam/iam-role.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Principal": { 7 | "Service": "ec2.amazonaws.com" 8 | }, 9 | "Action": "sts:AssumeRole" 10 | } 11 | ] 12 | } -------------------------------------------------------------------------------- /Non-Modularized/Two-Tier-Architecture/modules/aws-iam/iam-role.tf: -------------------------------------------------------------------------------- 1 | resource "aws_iam_role" "iam-role" { 2 | name = var.iam-role 3 | assume_role_policy = file("${path.module}/iam-role.json") 4 | } -------------------------------------------------------------------------------- /Non-Modularized/Two-Tier-Architecture/modules/aws-iam/variables.tf: -------------------------------------------------------------------------------- 1 | variable "iam-role" {} 2 | variable "iam-policy" {} 3 | variable "instance-profile-name" {} -------------------------------------------------------------------------------- /Non-Modularized/Two-Tier-Architecture/modules/aws-rds/gather.tf: -------------------------------------------------------------------------------- 1 | data "aws_subnet" "private-subnet1" { 2 | filter { 3 | name = "tag:Name" 4 | values = [var.private-subnet-name1] 5 | } 6 | } 7 | 8 | data "aws_subnet" "private-subnet2" { 9 | filter { 10 | name = "tag:Name" 11 | values = [var.private-subnet-name2] 12 | } 13 | } 14 | 15 | data "aws_security_group" "db-sg" { 16 | filter { 17 | name = "tag:Name" 18 | values = [var.db-sg-name] 19 | } 20 | } -------------------------------------------------------------------------------- /Non-Modularized/Two-Tier-Architecture/modules/aws-rds/main.tf: -------------------------------------------------------------------------------- 1 | # 8 Creating DB subnet group for RDS Instances 2 | resource "aws_db_subnet_group" "db_subnet_group" { 3 | name = var.sg-name 4 | subnet_ids = [data.aws_subnet.private-subnet1.id, data.aws_subnet.private-subnet2.id] 5 | } 6 | 7 | 8 | # Creating Aurora RDS Cluster, username and password used only for practice, otherwise follow DevOps best practices to keep it secret 9 | resource "aws_rds_cluster" "aurora_cluster" { 10 | cluster_identifier = "aurora-cluster" 11 | engine = "aurora-mysql" 12 | engine_version = "8.0.mysql_aurora.3.02.2" 13 | master_username = var.rds-username 14 | master_password = var.rds-pwd 15 | backup_retention_period = 7 16 | preferred_backup_window = "07:00-09:00" 17 | skip_final_snapshot = true 18 | database_name = var.db-name 19 | port = 3306 20 | db_subnet_group_name = aws_db_subnet_group.db_subnet_group.name 21 | vpc_security_group_ids = [data.aws_security_group.db-sg.id] 22 | tags = { 23 | Name = var.rds-name 24 | } 25 | } 26 | 27 | # Creating RDS Cluster instance 28 | resource "aws_rds_cluster_instance" "primary_instance" { 29 | cluster_identifier = aws_rds_cluster.aurora_cluster.id 30 | identifier = "primary-instance" 31 | instance_class = "db.r5.large" 32 | engine = aws_rds_cluster.aurora_cluster.engine 33 | engine_version = aws_rds_cluster.aurora_cluster.engine_version 34 | } 35 | 36 | # Creating RDS Read Replica Instance 37 | resource "aws_rds_cluster_instance" "read_replica_instance" { 38 | count = 1 39 | cluster_identifier = aws_rds_cluster.aurora_cluster.id 40 | identifier = "read-replica-instance-${count.index}" 41 | instance_class = "db.r5.large" 42 | engine = aws_rds_cluster.aurora_cluster.engine 43 | 44 | depends_on = [aws_rds_cluster_instance.primary_instance] 45 | } -------------------------------------------------------------------------------- /Non-Modularized/Two-Tier-Architecture/modules/aws-rds/variables.tf: -------------------------------------------------------------------------------- 1 | variable "sg-name" {} 2 | variable "private-subnet-name1" {} 3 | variable "private-subnet-name2" {} 4 | variable "db-sg-name" {} 5 | variable "rds-username" {} 6 | variable "rds-pwd" {} 7 | variable "db-name" {} 8 | variable "rds-name" {} -------------------------------------------------------------------------------- /Non-Modularized/Two-Tier-Architecture/modules/aws-vpc/variables.tf: -------------------------------------------------------------------------------- 1 | variable "vpc-name" {} 2 | variable "vpc-cidr" {} 3 | variable "igw-name" {} 4 | variable "public-cidr1" {} 5 | variable "public-subnet1" {} 6 | variable "public-cidr2" {} 7 | variable "public-subnet2" {} 8 | variable "private-cidr1" {} 9 | variable "private-subnet1" {} 10 | variable "private-cidr2" {} 11 | variable "private-subnet2" {} 12 | variable "eip-name1" {} 13 | variable "eip-name2" {} 14 | 15 | variable "ngw-name1" {} 16 | variable "ngw-name2" {} 17 | variable "public-rt-name1" {} 18 | variable "public-rt-name2" {} 19 | variable "private-rt-name1" {} 20 | variable "private-rt-name2" {} 21 | -------------------------------------------------------------------------------- /Non-Modularized/Two-Tier-Architecture/modules/aws-waf-cdn-acm-route53/acm.tf: -------------------------------------------------------------------------------- 1 | resource "aws_acm_certificate" "cert" { 2 | domain_name = var.domain-name 3 | validation_method = "DNS" 4 | subject_alternative_names = [var.domain-name, "www.${var.domain-name}"] 5 | 6 | lifecycle { 7 | create_before_destroy = true 8 | } 9 | } 10 | 11 | # ACM certificate validation resource using the certificate ARN and a list of validation record FQDNs. 12 | resource "aws_acm_certificate_validation" "cert" { 13 | certificate_arn = aws_acm_certificate.cert.arn 14 | validation_record_fqdns = [for record in aws_route53_record.cert_validation : record.fqdn] 15 | } -------------------------------------------------------------------------------- /Non-Modularized/Two-Tier-Architecture/modules/aws-waf-cdn-acm-route53/cdn.tf: -------------------------------------------------------------------------------- 1 | resource "aws_cloudfront_distribution" "cdn-web-elb-distribution" { 2 | origin { 3 | domain_name = data.aws_lb.web-alb.dns_name 4 | origin_id = "my-web-alb" 5 | 6 | custom_origin_config { 7 | http_port = 80 8 | https_port = 443 9 | origin_protocol_policy = "http-only" 10 | origin_ssl_protocols = ["TLSv1.2"] 11 | } 12 | 13 | } 14 | 15 | aliases = [var.domain-name, "www.${var.domain-name}"] 16 | enabled = true 17 | is_ipv6_enabled = true 18 | comment = "CDN ALB Distribution" 19 | price_class = "PriceClass_100" 20 | 21 | default_cache_behavior { 22 | allowed_methods = ["GET", "HEAD", "OPTIONS"] 23 | cached_methods = ["GET", "HEAD"] 24 | target_origin_id = "my-web-alb" 25 | 26 | forwarded_values { 27 | query_string = false 28 | headers = ["*"] 29 | cookies { 30 | forward = "none" 31 | } 32 | 33 | } 34 | compress = true 35 | viewer_protocol_policy = "redirect-to-https" 36 | } 37 | 38 | restrictions { 39 | geo_restriction { 40 | restriction_type = "none" 41 | } 42 | } 43 | 44 | viewer_certificate { 45 | acm_certificate_arn = aws_acm_certificate.cert.arn 46 | ssl_support_method = "sni-only" 47 | minimum_protocol_version = "TLSv1.2_2021" 48 | } 49 | 50 | web_acl_id = aws_wafv2_web_acl.web_acl.arn 51 | 52 | tags = { 53 | Name = var.cdn-name 54 | } 55 | 56 | depends_on = [aws_acm_certificate_validation.cert] 57 | } -------------------------------------------------------------------------------- /Non-Modularized/Two-Tier-Architecture/modules/aws-waf-cdn-acm-route53/gather.tf: -------------------------------------------------------------------------------- 1 | data "aws_route53_zone" "zone" { 2 | name = var.domain-name 3 | private_zone = false 4 | } 5 | 6 | data "aws_lb" "web-alb" { 7 | name = var.alb-name 8 | } -------------------------------------------------------------------------------- /Non-Modularized/Two-Tier-Architecture/modules/aws-waf-cdn-acm-route53/route53.tf: -------------------------------------------------------------------------------- 1 | # AWS Route53 record resource for certificate validation with dynamic for_each loop and properties for name, records, type, zone_id, and ttl. 2 | resource "aws_route53_record" "cert_validation" { 3 | for_each = { 4 | for dvo in aws_acm_certificate.cert.domain_validation_options : dvo.domain_name => { 5 | name = dvo.resource_record_name 6 | record = dvo.resource_record_value 7 | type = dvo.resource_record_type 8 | } 9 | } 10 | 11 | allow_overwrite = true 12 | name = each.value.name 13 | records = [each.value.record] 14 | type = each.value.type 15 | zone_id = data.aws_route53_zone.zone.zone_id 16 | ttl = 60 17 | } 18 | 19 | 20 | # AWS Route53 record resource for the "www" subdomain. The record uses an "A" type record and an alias to the AWS CloudFront distribution with the specified domain name and hosted zone ID. The target health evaluation is set to false. 21 | resource "aws_route53_record" "www" { 22 | zone_id = data.aws_route53_zone.zone.id 23 | name = "www.${var.domain-name}" 24 | type = "A" 25 | 26 | alias { 27 | name = aws_cloudfront_distribution.cdn-web-elb-distribution.domain_name 28 | zone_id = aws_cloudfront_distribution.cdn-web-elb-distribution.hosted_zone_id 29 | evaluate_target_health = false 30 | } 31 | } 32 | 33 | # AWS Route53 record resource for the apex domain (root domain) with an "A" type record. The record uses an alias to the AWS CloudFront distribution with the specified domain name and hosted zone ID. The target health evaluation is set to false. 34 | resource "aws_route53_record" "apex" { 35 | zone_id = data.aws_route53_zone.zone.id 36 | name = var.domain-name 37 | type = "A" 38 | 39 | alias { 40 | name = aws_cloudfront_distribution.cdn-web-elb-distribution.domain_name 41 | zone_id = aws_cloudfront_distribution.cdn-web-elb-distribution.hosted_zone_id 42 | evaluate_target_health = false 43 | } 44 | } -------------------------------------------------------------------------------- /Non-Modularized/Two-Tier-Architecture/modules/aws-waf-cdn-acm-route53/variables.tf: -------------------------------------------------------------------------------- 1 | variable "domain-name" {} 2 | variable "cdn-name" {} 3 | variable "alb-name" {} 4 | variable "web_acl_name" {} -------------------------------------------------------------------------------- /Non-Modularized/Two-Tier-Architecture/modules/aws-waf-cdn-acm-route53/waf.tf: -------------------------------------------------------------------------------- 1 | # We have created one rule where any user if try to access our Application through TOR browser or any VPN, then the user will not be able to access the Application 2 | resource "aws_wafv2_web_acl" "web_acl" { 3 | name = var.web_acl_name 4 | scope = "CLOUDFRONT" 5 | default_action { 6 | allow {} 7 | } 8 | 9 | rule { 10 | name = "AWSManagedRulesAnonymousIpList" 11 | priority = 0 12 | 13 | override_action { 14 | none {} 15 | } 16 | 17 | visibility_config { 18 | cloudwatch_metrics_enabled = false 19 | metric_name = "BlockIPRuleMetrics" 20 | sampled_requests_enabled = false 21 | } 22 | 23 | statement { 24 | managed_rule_group_statement { 25 | name = "AWSManagedRulesAnonymousIpList" 26 | vendor_name = "AWS" 27 | rule_action_override { 28 | action_to_use { 29 | count {} 30 | } 31 | 32 | name = "SizeRestrictions_QUERYSTRING" 33 | } 34 | 35 | rule_action_override { 36 | action_to_use { 37 | count {} 38 | } 39 | 40 | name = "NoUserAgent_HEADER" 41 | } 42 | } 43 | } 44 | } 45 | 46 | 47 | visibility_config { 48 | cloudwatch_metrics_enabled = false 49 | metric_name = "BlockIPRuleMetrics" 50 | sampled_requests_enabled = false 51 | } 52 | } -------------------------------------------------------------------------------- /Non-Modularized/Two-Tier-Architecture/modules/security-group/gather.tf: -------------------------------------------------------------------------------- 1 | data "aws_vpc" "vpc" { 2 | filter { 3 | name = "tag:Name" 4 | values = [var.vpc-name] 5 | } 6 | } -------------------------------------------------------------------------------- /Non-Modularized/Two-Tier-Architecture/modules/security-group/variable.tf: -------------------------------------------------------------------------------- 1 | variable "vpc-name" {} 2 | variable "alb-sg-name" {} 3 | variable "web-sg-name" {} 4 | variable "db-sg-name" {} -------------------------------------------------------------------------------- /Non-Modularized/VPC-Networking/backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "s3" { 3 | bucket = "my-ews-baket1" 4 | region = "us-east-1" 5 | key = "Non-Modularized/VPC-Networking/terraform.tfstate" 6 | dynamodb_table = "Lock-Files" 7 | encrypt = true 8 | } 9 | required_version = ">=0.13.0" 10 | required_providers { 11 | aws = { 12 | version = ">= 2.7.0" 13 | source = "hashicorp/aws" 14 | } 15 | } 16 | } -------------------------------------------------------------------------------- /Non-Modularized/VPC-Networking/variables.tf: -------------------------------------------------------------------------------- 1 | variable "vpc-cidr-block" { 2 | default = "10.0.0.0/24" 3 | type = string 4 | } 5 | 6 | variable "vpc-name" { 7 | default = "vpc-web" 8 | type = string 9 | } 10 | 11 | variable "igw-name" { 12 | default = "web-internet-gateway" 13 | type = string 14 | } 15 | 16 | 17 | variable "subnet-cidr-block" { 18 | default = "10.0.0.0/25" 19 | type = string 20 | } 21 | 22 | variable "public-subnet-name" { 23 | default = "public-subnet-web" 24 | type = string 25 | } 26 | 27 | variable "subnet2-cidr-block" { 28 | default = "10.0.0.128/25" 29 | type = string 30 | } 31 | 32 | variable "private-subnet-name" { 33 | default = "private-subnet-web" 34 | } 35 | 36 | variable "eip-name" { 37 | default = "eip-web" 38 | } 39 | 40 | variable "ngw-name" { 41 | default = "ngw-web" 42 | } 43 | 44 | variable "public-rt1-name" { 45 | default = "Public-Route-table" 46 | } 47 | 48 | variable "private-rt1-name" { 49 | default = "Private-Route-table" 50 | } 51 | 52 | variable "sg-name" { 53 | default = "web-sg-name" 54 | type = string 55 | } 56 | 57 | variable "ami-id" { 58 | default = "ami-053b0d53c279acc90" 59 | } 60 | 61 | variable "key-name" { 62 | default = "AmanPathak" 63 | } 64 | 65 | variable "instance1-name" { 66 | default = "Web-Server" 67 | } 68 | 69 | variable "instance2-name" { 70 | default = "Database-Server" 71 | } -------------------------------------------------------------------------------- /Non-Modularized/VPC/backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "s3" { 3 | bucket = "my-ews-baket1" 4 | region = "us-east-1" 5 | key = "Non-Modularized/VPC/terraform.tfstate" 6 | dynamodb_table = "Lock-Files" 7 | encrypt = true 8 | } 9 | required_version = ">=0.13.0" 10 | required_providers { 11 | aws = { 12 | version = ">= 2.7.0" 13 | source = "hashicorp/aws" 14 | } 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /Non-Modularized/VPC/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "us-east-1" 3 | } -------------------------------------------------------------------------------- /Non-Modularized/VPC/variables.tf: -------------------------------------------------------------------------------- 1 | # Creating Variable and pass the default value for the cidr block for VPC Creation 2 | 3 | variable "cidr-block" { 4 | default = "10.0.0.0/16" 5 | description = "VPC-cidr" 6 | type = string 7 | } 8 | 9 | 10 | # Creating Variable and pass the default value for the cidr block for Public Subnet 1 11 | variable "public-subnet-1a" { 12 | default = "10.0.0.0/24" 13 | description = "VPC-Pub-Subnet-1" 14 | type = string 15 | } 16 | 17 | # Creating Variable and pass the default value for the cidr block for Public Subnet 2 18 | variable "public-subnet-2a" { 19 | default = "10.0.1.0/24" 20 | description = "VPC-Pub-Subnet-2" 21 | type = string 22 | } 23 | 24 | # Creating Variable and pass the default value for the cidr block for Private Subnet 1 25 | variable "private-subnet-1a" { 26 | default = "10.0.2.0/24" 27 | description = "VPC-Pri-Subnet-1" 28 | type = string 29 | } 30 | 31 | # Creating Variable and pass the default value for the cidr block for Private Subnet 2 32 | variable "private-subnet-2a" { 33 | default = "10.0.3.0/24" 34 | description = "VPC-Pri-Subnet-2" 35 | type = string 36 | } 37 | 38 | # Creating Variable and pass the default value for the cidr block for Private Subnet 3 39 | variable "private-subnet-3a" { 40 | default = "10.0.4.0/24" 41 | description = "VPC-Pri-Subnet-3" 42 | type = string 43 | } 44 | 45 | # Creating Variable and pass the default value for the cidr block for Private Subnet 4 46 | variable "private-subnet-4a" { 47 | default = "10.0.5.0/24" 48 | description = "VPC-Pri-Subnet-4" 49 | type = string 50 | } 51 | 52 | 53 | -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | # Security Policy 2 | 3 | ## Supported Versions 4 | 5 | Use this section to tell people about which versions of your project are 6 | currently being supported with security updates. 7 | 8 | | Version | Supported | 9 | | ------- | ------------------ | 10 | | 5.1.x | :white_check_mark: | 11 | | 5.0.x | :x: | 12 | | 4.0.x | :white_check_mark: | 13 | | < 4.0 | :x: | 14 | 15 | ## Reporting a Vulnerability 16 | 17 | Use this section to tell people how to report a vulnerability. 18 | 19 | Tell them where to go, how often they can expect to get an update on a 20 | reported vulnerability, what to expect if the vulnerability is accepted or 21 | declined, etc. 22 | -------------------------------------------------------------------------------- /delete-script.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | 3 | find . -type d -name ".ter*" -exec rm -rf {} +; 4 | find . -type f -name ".ter*" -exec rm -rf {} +; 5 | #find . -type d -name "ter*" -exec rm -rf {} +; 6 | #find . -type f -name "ter*" -exec rm -rf {} +; 7 | --------------------------------------------------------------------------------