├── .DS_Store ├── .gitignore ├── .vscode └── sftp.json ├── aws_assignment ├── .DS_Store ├── backend.tf ├── cloudinit.tf ├── elb.tf ├── html_content.html ├── instance.tf ├── key.tf ├── nat.tf ├── output.tf ├── provider.tf ├── s3.tf ├── scripts │ ├── init.cfg │ └── volumes_software.sh ├── securitygroup.tf ├── vars.tf ├── versions.tf └── vpc.tf ├── demo-1 ├── graph.svg ├── instance.tf ├── provider.tf ├── vars.tf └── versions.tf ├── demo-10_RDS ├── instance.tf ├── key.tf ├── nat.tf ├── output.tf ├── provider.tf ├── rds.tf ├── securitygroup.tf ├── vars.tf ├── versions.tf └── vpc.tf ├── demo-11_userdata ├── cloudinit.tf ├── instance.tf ├── key.tf ├── provider.tf ├── scripts │ ├── init.cfg │ └── volumes.sh ├── securitygroup.tf ├── vars.tf ├── versions.tf └── vpc.tf ├── demo-12-autoscaling ├── autoscaling.tf ├── autoscalingpolicy.tf ├── key.tf ├── provider.tf ├── securitygroup.tf ├── vars.tf ├── versions.tf └── vpc.tf ├── demo-13-ELB ├── autoscaling.tf ├── elb.tf ├── key.tf ├── output.tf ├── provider.tf ├── securitygroup.tf ├── vars.tf ├── versions.tf └── vpc.tf ├── demo-2-remote_state ├── backend.tf ├── instance.tf ├── private_ips.txt ├── provider.tf ├── vars.tf └── versions.tf ├── demo-3_output ├── instance.tf ├── provider.tf ├── vars.tf └── versions.tf ├── demo-4_provisioner ├── instance.tf ├── provider.tf ├── script.sh ├── vars.tf └── versions.tf ├── demo-5_modules ├── default_vpc.tf ├── key.tf ├── modules.tf ├── provider.tf ├── vars.tf └── versions.tf ├── demo-5_remote_modules ├── default_vpc.tf ├── key.tf ├── modules.tf ├── provider.tf ├── vars.tf └── versions.tf ├── demo-5b_local_modules ├── .DS_Store ├── consul-cluster │ ├── README.md │ ├── consul.tf │ ├── outputs.tf │ ├── shared │ │ └── scripts │ │ │ ├── debian_consul.service │ │ │ ├── debian_upstart.conf │ │ │ ├── install.sh │ │ │ ├── ip_tables.sh │ │ │ ├── rhel_consul.service │ │ │ ├── rhel_upstart.conf │ │ │ └── service.sh │ └── variables.tf ├── default_vpc.tf ├── key.tf ├── module.tf ├── module │ ├── .DS_Store │ └── consul-cluster │ │ ├── .DS_Store │ │ ├── README.md │ │ ├── consul.tf │ │ ├── outputs.tf │ │ ├── shared │ │ └── scripts │ │ │ ├── debian_consul.service │ │ │ ├── debian_upstart.conf │ │ │ ├── install.sh │ │ │ ├── ip_tables.sh │ │ │ ├── rhel_consul.service │ │ │ ├── rhel_upstart.conf │ │ │ └── service.sh │ │ └── variables.tf ├── provider.tf ├── vars.tf └── versions.tf ├── demo-6_datasource ├── provider.tf ├── securitygroup.tf ├── vars.tf └── versions.tf ├── demo-7_vpc ├── nat.tf ├── provider.tf ├── vars.tf ├── versions.tf └── vpc.tf ├── demo-8-vpc_with_ec2 ├── instance.tf ├── key.tf ├── nat.tf ├── provider.tf ├── securitygroup.tf ├── vars.tf ├── versions.tf └── vpc.tf ├── demo-9_EBS ├── instance.tf ├── key.tf ├── nat.tf ├── provider.tf ├── securitygroup.tf ├── vars.tf ├── versions.tf └── vpc.tf ├── demo-IAM_roles ├── iam.tf ├── instance.tf ├── key.tf ├── output.tf ├── provider.tf ├── s3.tf ├── securitygroup.tf ├── vars.tf ├── versions.tf └── vpc.tf ├── demo-IAM_users_and_groups ├── iam.tf ├── provider.tf ├── vars.tf └── versions.tf ├── docker-demo-1 ├── ecr.tf ├── output.tf ├── provider.tf ├── vars.tf └── versions.tf ├── docker-demo-2 ├── ecr.tf ├── ecs.tf ├── iam.tf ├── key.tf ├── myapp.tf ├── output.tf ├── provider.tf ├── securitygroup.tf ├── templates │ └── app.json.tpl ├── vars.tf ├── versions.tf └── vpc.tf ├── first-steps ├── instance.tf └── versions.tf ├── migrate_demo ├── cloud.tf ├── instance.tf └── versions.tf ├── packer-demo ├── amivar.tf ├── build-and-launch.sh ├── instance.tf ├── key.tf ├── packer-example.json ├── provider.tf ├── scripts │ └── install_software.sh ├── securitygroup.tf ├── vars.tf ├── versions.tf └── vpc.tf └── test.txt /.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AndrewProgramming/learn_terraform_from_scratch/e38075aab21b31002ebaac1efbd887e7125fd89c/.DS_Store -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | plugins/ 2 | .terraform/ 3 | *tfvars 4 | .DS_Store/ 5 | *tfstate* 6 | *mykey* 7 | *.pub -------------------------------------------------------------------------------- /.vscode/sftp.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "My Server", 3 | "host": "devops-box", 4 | "protocol": "sftp", 5 | "port": 22, 6 | "username": "vagrant", 7 | "remotePath": "/home/vagrant/ad/terraform_study", 8 | "uploadOnSave": true, 9 | "privateKeyPath": "~/.ssh/id_rsa" 10 | } 11 | 12 | -------------------------------------------------------------------------------- /aws_assignment/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AndrewProgramming/learn_terraform_from_scratch/e38075aab21b31002ebaac1efbd887e7125fd89c/aws_assignment/.DS_Store -------------------------------------------------------------------------------- /aws_assignment/backend.tf: -------------------------------------------------------------------------------- 1 | #use AWS s3 for remote state 2 | terraform { 3 | backend "s3" { 4 | bucket = "terraform-remote-state-aws-assignment" 5 | key = "terraform/demo-remote-state" 6 | region = "ap-southeast-1" 7 | } 8 | } -------------------------------------------------------------------------------- /aws_assignment/cloudinit.tf: -------------------------------------------------------------------------------- 1 | data "template_file" "init-script" { 2 | template = file("scripts/init.cfg") 3 | vars = { 4 | REGION = var.AWS_REGION 5 | } 6 | } 7 | 8 | data "template_file" "shell-script" { 9 | template = file("scripts/volumes_software.sh") 10 | vars = { 11 | DEVICE = var.INSTANCE_DEVICE_NAME 12 | } 13 | } 14 | 15 | 16 | data "template_cloudinit_config" "cloudinit-example" { 17 | gzip = false 18 | base64_encode = false 19 | 20 | part { 21 | filename = "init.cfg" 22 | content_type = "text/cloud-config" 23 | content = data.template_file.init-script.rendered 24 | } 25 | 26 | part { 27 | content_type = "text/x-shellscript" 28 | content = data.template_file.shell-script.rendered 29 | } 30 | } 31 | 32 | -------------------------------------------------------------------------------- /aws_assignment/elb.tf: -------------------------------------------------------------------------------- 1 | resource "aws_elb" "my-elb" { 2 | name = "my-elb" 3 | subnets = [aws_subnet.main-public-1.id, aws_subnet.main-public-2.id] 4 | security_groups = [aws_security_group.elb-securitygroup.id] 5 | listener { 6 | instance_port = 80 7 | instance_protocol = "http" 8 | lb_port = 80 9 | lb_protocol = "http" 10 | } 11 | health_check { 12 | healthy_threshold = 2 13 | unhealthy_threshold = 2 14 | timeout = 3 15 | target = "HTTP:80/" 16 | interval = 30 17 | } 18 | 19 | cross_zone_load_balancing = true 20 | connection_draining = true 21 | connection_draining_timeout = 400 22 | tags = { 23 | Name = "my-elb" 24 | } 25 | instances = ["${aws_instance.example.id}"] 26 | 27 | } 28 | 29 | -------------------------------------------------------------------------------- /aws_assignment/html_content.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | AWS Assignment 1 6 | 7 | 8 | 9 |

Hello AWS World

10 | 11 |

This case use terraform for IaC and for soruce code please checkout the attachement

12 | 13 |

S3 Links

14 |

screen-shot1

15 | 16 |

screen-shot2

17 | 18 |

screen-shot3

19 | 20 | 21 |

screen-shot4-1

22 | 23 |

screen-shot4-2

24 | 25 |

screen-shot5

26 | 27 |

screen-shot6

28 | 29 |

screen-shot7

30 | 31 | 32 | -------------------------------------------------------------------------------- /aws_assignment/instance.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "example" { 2 | ami = var.AMIS[var.AWS_REGION] 3 | instance_type = var.INSTANCE_TYPE 4 | 5 | # the VPC subnet 6 | subnet_id = aws_subnet.main-public-1.id 7 | 8 | # the security group 9 | vpc_security_group_ids = [aws_security_group.myinstance.id] 10 | 11 | # the public SSH key 12 | key_name = aws_key_pair.mykeypair.key_name 13 | 14 | # user data 15 | user_data = data.template_cloudinit_config.cloudinit-example.rendered 16 | 17 | provisioner "file" { 18 | source = "html_content.html" 19 | destination = "/tmp/html_content.html" 20 | } 21 | 22 | # provisioner "remote-exec" { 23 | # inline = [ 24 | # "chmod +x /tmp/script.sh", 25 | # "sudo sed -i -e 's/\r$//' /tmp/script.sh", # Remove the spurious CR characters. 26 | # "sudo /tmp/script.sh", 27 | # ] 28 | # } 29 | connection { 30 | host = coalesce(self.public_ip, self.private_ip) 31 | type = "ssh" 32 | user = var.INSTANCE_USERNAME 33 | private_key = file(var.PATH_TO_PRIVATE_KEY) 34 | } 35 | 36 | tags = { 37 | Name = "aws-assignment-1" 38 | } 39 | } 40 | 41 | resource "aws_ebs_volume" "ebs-volume-1" { 42 | availability_zone = "ap-southeast-1a" 43 | size = 1 44 | type = "gp2" 45 | tags = { 46 | Name = "extra volume data" 47 | } 48 | } 49 | 50 | resource "aws_volume_attachment" "ebs-volume-1-attachment" { 51 | device_name = "/dev/xvdh" 52 | volume_id = aws_ebs_volume.ebs-volume-1.id 53 | instance_id = aws_instance.example.id 54 | skip_destroy = true # skip destroy to avoid issues with terraform destroy 55 | } 56 | 57 | 58 | resource "aws_eip" "lb" { 59 | instance = aws_instance.example.id 60 | vpc = true 61 | } -------------------------------------------------------------------------------- /aws_assignment/key.tf: -------------------------------------------------------------------------------- 1 | resource "aws_key_pair" "mykeypair" { 2 | key_name = "mykeypair_aws" 3 | public_key = file(var.PATH_TO_PUBLIC_KEY) 4 | } 5 | 6 | -------------------------------------------------------------------------------- /aws_assignment/nat.tf: -------------------------------------------------------------------------------- 1 | # nat gw 2 | resource "aws_eip" "nat" { 3 | vpc = true 4 | } 5 | 6 | resource "aws_nat_gateway" "nat-gw" { 7 | allocation_id = aws_eip.nat.id 8 | subnet_id = aws_subnet.main-public-1.id 9 | depends_on = [aws_internet_gateway.main-gw] 10 | } 11 | 12 | # VPC setup for NAT 13 | resource "aws_route_table" "main-private" { 14 | vpc_id = aws_vpc.main.id 15 | route { 16 | cidr_block = "0.0.0.0/0" 17 | nat_gateway_id = aws_nat_gateway.nat-gw.id 18 | } 19 | 20 | tags = { 21 | Name = "main-private-1" 22 | } 23 | } 24 | 25 | # route associations private 26 | resource "aws_route_table_association" "main-private-1-a" { 27 | subnet_id = aws_subnet.main-private-1.id 28 | route_table_id = aws_route_table.main-private.id 29 | } 30 | 31 | resource "aws_route_table_association" "main-private-2-a" { 32 | subnet_id = aws_subnet.main-private-2.id 33 | route_table_id = aws_route_table.main-private.id 34 | } 35 | 36 | 37 | -------------------------------------------------------------------------------- /aws_assignment/output.tf: -------------------------------------------------------------------------------- 1 | output "ELB" { 2 | value = aws_elb.my-elb.dns_name 3 | } -------------------------------------------------------------------------------- /aws_assignment/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.AWS_REGION 3 | } 4 | 5 | -------------------------------------------------------------------------------- /aws_assignment/s3.tf: -------------------------------------------------------------------------------- 1 | resource "aws_s3_bucket" "aws_assignment" { 2 | bucket = "my-tf-test-bucket-fagljlkjandrew" 3 | acl = "public-read" 4 | 5 | tags = { 6 | Name = "My bucket" 7 | Environment = "Dev" 8 | } 9 | 10 | versioning { 11 | enabled = true 12 | } 13 | } -------------------------------------------------------------------------------- /aws_assignment/scripts/init.cfg: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | 3 | repo_update: true 4 | repo_upgrade: all 5 | 6 | packages: 7 | - lvm2 8 | 9 | output: 10 | all: '| tee -a /var/log/cloud-init-output.log' 11 | -------------------------------------------------------------------------------- /aws_assignment/scripts/volumes_software.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -ex 4 | 5 | vgchange -ay 6 | 7 | DEVICE_FS=`blkid -o value -s TYPE ${DEVICE} || echo ""` 8 | if [ "`echo -n $DEVICE_FS`" == "" ] ; then 9 | # wait for the device to be attached 10 | DEVICENAME=`echo "${DEVICE}" | awk -F '/' '{print $3}'` 11 | DEVICEEXISTS='' 12 | while [[ -z $DEVICEEXISTS ]]; do 13 | echo "checking $DEVICENAME" 14 | DEVICEEXISTS=`lsblk |grep "$DEVICENAME" |wc -l` 15 | if [[ $DEVICEEXISTS != "1" ]]; then 16 | sleep 15 17 | fi 18 | done 19 | pvcreate ${DEVICE} 20 | vgcreate data ${DEVICE} 21 | lvcreate --name volume1 -l 100%FREE data 22 | mkfs.ext4 /dev/data/volume1 23 | fi 24 | mkdir -p /data 25 | echo '/dev/data/volume1 /data ext4 defaults 0 0' >> /etc/fstab 26 | mount /data 27 | 28 | # provision software 29 | sudo apt-get update 30 | sudo apt-get -y install nginx 31 | 32 | # sudo rm /var/www/html/index.nginx-debian.html 33 | # sudo mv /tmp/html_content.html /var/www/html/index.nginx-debian.html 34 | 35 | 36 | sudo mv /tmp/html_content.html /data/index.html 37 | sudo sed -i '41d' /etc/nginx/sites-available/default 38 | sudo sed -i '41 a root /data;' /etc/nginx/sites-available/default 39 | # make sure nginx is started 40 | sudo service nginx restart 41 | -------------------------------------------------------------------------------- /aws_assignment/securitygroup.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "myinstance" { 2 | vpc_id = aws_vpc.main.id 3 | name = "myinstance" 4 | description = "security group for my instance" 5 | egress { 6 | from_port = 0 7 | to_port = 0 8 | protocol = "-1" 9 | cidr_blocks = ["0.0.0.0/0"] 10 | } 11 | 12 | ingress { 13 | from_port = 22 14 | to_port = 22 15 | protocol = "tcp" 16 | cidr_blocks = ["0.0.0.0/0"] 17 | } 18 | 19 | ingress { 20 | from_port = 80 21 | to_port = 80 22 | protocol = "tcp" 23 | security_groups = [aws_security_group.elb-securitygroup.id] 24 | } 25 | 26 | tags = { 27 | Name = "myinstance" 28 | } 29 | } 30 | 31 | resource "aws_security_group" "elb-securitygroup" { 32 | vpc_id = aws_vpc.main.id 33 | name = "elb" 34 | description = "security group for load balancer" 35 | egress { 36 | from_port = 0 37 | to_port = 0 38 | protocol = "-1" 39 | cidr_blocks = ["0.0.0.0/0"] 40 | } 41 | 42 | ingress { 43 | from_port = 80 44 | to_port = 80 45 | protocol = "tcp" 46 | cidr_blocks = ["0.0.0.0/0"] 47 | } 48 | tags = { 49 | Name = "elb" 50 | } 51 | } 52 | 53 | 54 | 55 | -------------------------------------------------------------------------------- /aws_assignment/vars.tf: -------------------------------------------------------------------------------- 1 | variable "AWS_REGION" { 2 | default = "ap-southeast-1" 3 | } 4 | 5 | variable "INSTANCE_TYPE" { 6 | default = "t2.micro" 7 | } 8 | 9 | variable "PATH_TO_PRIVATE_KEY" { 10 | default = "mykey" 11 | } 12 | 13 | variable "PATH_TO_PUBLIC_KEY" { 14 | default = "mykey.pub" 15 | } 16 | variable "INSTANCE_USERNAME" { 17 | default = "ubuntu" 18 | } 19 | 20 | variable "INSTANCE_DEVICE_NAME" { 21 | default = "/dev/xvdh" 22 | } 23 | 24 | variable "AMIS" { 25 | type = map(string) 26 | default = { 27 | ap-southeast-1 = "ami-04dfc6348dc03c931" 28 | us-west-2 = "ami-06b94666" 29 | eu-west-1 = "ami-844e0bf7" 30 | } 31 | } 32 | 33 | 34 | 35 | -------------------------------------------------------------------------------- /aws_assignment/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /aws_assignment/vpc.tf: -------------------------------------------------------------------------------- 1 | # Internet VPC 2 | resource "aws_vpc" "main" { 3 | cidr_block = "10.0.0.0/16" 4 | instance_tenancy = "default" 5 | enable_dns_support = "true" 6 | enable_dns_hostnames = "true" 7 | enable_classiclink = "false" 8 | tags = { 9 | Name = "main" 10 | } 11 | } 12 | 13 | # Subnets 14 | resource "aws_subnet" "main-public-1" { 15 | vpc_id = aws_vpc.main.id 16 | cidr_block = "10.0.1.0/24" 17 | map_public_ip_on_launch = "true" 18 | availability_zone = "ap-southeast-1a" 19 | 20 | tags = { 21 | Name = "main-public-1" 22 | } 23 | } 24 | 25 | resource "aws_subnet" "main-public-2" { 26 | vpc_id = aws_vpc.main.id 27 | cidr_block = "10.0.2.0/24" 28 | map_public_ip_on_launch = "true" 29 | availability_zone = "ap-southeast-1b" 30 | 31 | tags = { 32 | Name = "main-public-2" 33 | } 34 | } 35 | 36 | 37 | resource "aws_subnet" "main-private-1" { 38 | vpc_id = aws_vpc.main.id 39 | cidr_block = "10.0.4.0/24" 40 | map_public_ip_on_launch = "false" 41 | availability_zone = "ap-southeast-1a" 42 | 43 | tags = { 44 | Name = "main-private-1" 45 | } 46 | } 47 | 48 | resource "aws_subnet" "main-private-2" { 49 | vpc_id = aws_vpc.main.id 50 | cidr_block = "10.0.5.0/24" 51 | map_public_ip_on_launch = "false" 52 | availability_zone = "ap-southeast-1b" 53 | 54 | tags = { 55 | Name = "main-private-2" 56 | } 57 | } 58 | 59 | 60 | # Internet GW 61 | resource "aws_internet_gateway" "main-gw" { 62 | vpc_id = aws_vpc.main.id 63 | 64 | tags = { 65 | Name = "main" 66 | } 67 | } 68 | 69 | # route tables 70 | resource "aws_route_table" "main-public" { 71 | vpc_id = aws_vpc.main.id 72 | route { 73 | cidr_block = "0.0.0.0/0" 74 | gateway_id = aws_internet_gateway.main-gw.id 75 | } 76 | 77 | tags = { 78 | Name = "main-public-1" 79 | } 80 | } 81 | 82 | # route associations public 83 | resource "aws_route_table_association" "main-public-1-a" { 84 | subnet_id = aws_subnet.main-public-1.id 85 | route_table_id = aws_route_table.main-public.id 86 | } 87 | 88 | resource "aws_route_table_association" "main-public-2-a" { 89 | subnet_id = aws_subnet.main-public-2.id 90 | route_table_id = aws_route_table.main-public.id 91 | } -------------------------------------------------------------------------------- /demo-1/graph.svg: -------------------------------------------------------------------------------- 1 | 2 | 4 | 6 | 7 | 9 | 10 | %3 11 | 12 | 13 | [root] aws_instance.example 14 | 15 | aws_instance.example 16 | 17 | 18 | [root] provider.aws 19 | 20 | provider.aws 21 | 22 | 23 | [root] aws_instance.example->[root] provider.aws 24 | 25 | 26 | 27 | 28 | [root] var.AMIS 29 | 30 | 31 | 32 | var.AMIS 33 | 34 | 35 | [root] aws_instance.example->[root] var.AMIS 36 | 37 | 38 | 39 | 40 | [root] var.INSTANCE_TYPE 41 | 42 | 43 | 44 | var.INSTANCE_TYPE 45 | 46 | 47 | [root] aws_instance.example->[root] var.INSTANCE_TYPE 48 | 49 | 50 | 51 | 52 | [root] var.AWS_ACCESS_KEY 53 | 54 | 55 | 56 | var.AWS_ACCESS_KEY 57 | 58 | 59 | [root] provider.aws->[root] var.AWS_ACCESS_KEY 60 | 61 | 62 | 63 | 64 | [root] var.AWS_REGION 65 | 66 | 67 | 68 | var.AWS_REGION 69 | 70 | 71 | [root] provider.aws->[root] var.AWS_REGION 72 | 73 | 74 | 75 | 76 | [root] var.AWS_SECRET_KEY 77 | 78 | 79 | 80 | var.AWS_SECRET_KEY 81 | 82 | 83 | [root] provider.aws->[root] var.AWS_SECRET_KEY 84 | 85 | 86 | 87 | 88 | [root] meta.count-boundary (EachMode fixup) 89 | 90 | [root] meta.count-boundary (EachMode fixup) 91 | 92 | 93 | [root] meta.count-boundary (EachMode fixup)->[root] aws_instance.example 94 | 95 | 96 | 97 | 98 | [root] provider.aws (close) 99 | 100 | [root] provider.aws (close) 101 | 102 | 103 | [root] provider.aws (close)->[root] aws_instance.example 104 | 105 | 106 | 107 | 108 | [root] root 109 | 110 | [root] root 111 | 112 | 113 | [root] root->[root] meta.count-boundary (EachMode fixup) 114 | 115 | 116 | 117 | 118 | [root] root->[root] provider.aws (close) 119 | 120 | 121 | 122 | 123 | 124 | -------------------------------------------------------------------------------- /demo-1/instance.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "example" { 2 | ami = var.AMIS[var.AWS_REGION] 3 | instance_type = var.INSTANCE_TYPE 4 | } 5 | 6 | -------------------------------------------------------------------------------- /demo-1/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | access_key = var.AWS_ACCESS_KEY 3 | secret_key = var.AWS_SECRET_KEY 4 | region = var.AWS_REGION 5 | } 6 | 7 | -------------------------------------------------------------------------------- /demo-1/vars.tf: -------------------------------------------------------------------------------- 1 | variable "AWS_ACCESS_KEY" { 2 | } 3 | 4 | variable "AWS_SECRET_KEY" { 5 | } 6 | 7 | variable "AWS_REGION" { 8 | default = "eu-west-1" 9 | } 10 | 11 | variable "AMIS" { 12 | type = map(string) 13 | default = { 14 | us-east-1 = "ami-13be557e" 15 | us-west-2 = "ami-06b94666" 16 | eu-west-1 = "ami-089cc16f7f08c4457" 17 | } 18 | } 19 | 20 | variable INSTANCE_TYPE { 21 | default = "t2.micro" 22 | } 23 | 24 | -------------------------------------------------------------------------------- /demo-1/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /demo-10_RDS/instance.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "example" { 2 | ami = var.AMIS[var.AWS_REGION] 3 | instance_type = "t2.micro" 4 | 5 | # the VPC subnet 6 | subnet_id = aws_subnet.main-public-1.id 7 | 8 | # the security group 9 | vpc_security_group_ids = [aws_security_group.allow-ssh.id] 10 | 11 | # the public SSH key 12 | key_name = aws_key_pair.mykeypair.key_name 13 | } 14 | 15 | resource "aws_ebs_volume" "ebs-volume-1" { 16 | availability_zone = "eu-west-1a" 17 | size = 20 18 | type = "gp2" 19 | tags = { 20 | Name = "extra volume data" 21 | } 22 | } 23 | 24 | resource "aws_volume_attachment" "ebs-volume-1-attachment" { 25 | device_name = "/dev/xvdh" 26 | volume_id = aws_ebs_volume.ebs-volume-1.id 27 | instance_id = aws_instance.example.id 28 | } 29 | -------------------------------------------------------------------------------- /demo-10_RDS/key.tf: -------------------------------------------------------------------------------- 1 | resource "aws_key_pair" "mykeypair" { 2 | key_name = "mykeypair" 3 | public_key = file(var.PATH_TO_PUBLIC_KEY) 4 | } 5 | 6 | -------------------------------------------------------------------------------- /demo-10_RDS/nat.tf: -------------------------------------------------------------------------------- 1 | # nat gw 2 | resource "aws_eip" "nat" { 3 | vpc = true 4 | } 5 | 6 | resource "aws_nat_gateway" "nat-gw" { 7 | allocation_id = aws_eip.nat.id 8 | subnet_id = aws_subnet.main-public-1.id 9 | depends_on = [aws_internet_gateway.main-gw] 10 | } 11 | 12 | # VPC setup for NAT 13 | resource "aws_route_table" "main-private" { 14 | vpc_id = aws_vpc.main.id 15 | route { 16 | cidr_block = "0.0.0.0/0" 17 | nat_gateway_id = aws_nat_gateway.nat-gw.id 18 | } 19 | 20 | tags = { 21 | Name = "main-private-1" 22 | } 23 | } 24 | 25 | # route associations private 26 | resource "aws_route_table_association" "main-private-1-a" { 27 | subnet_id = aws_subnet.main-private-1.id 28 | route_table_id = aws_route_table.main-private.id 29 | } 30 | 31 | resource "aws_route_table_association" "main-private-2-a" { 32 | subnet_id = aws_subnet.main-private-2.id 33 | route_table_id = aws_route_table.main-private.id 34 | } 35 | 36 | 37 | -------------------------------------------------------------------------------- /demo-10_RDS/output.tf: -------------------------------------------------------------------------------- 1 | output "instance" { 2 | value = aws_instance.example.public_ip 3 | } 4 | 5 | output "rds" { 6 | value = aws_db_instance.mariadb.endpoint 7 | } 8 | 9 | -------------------------------------------------------------------------------- /demo-10_RDS/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.AWS_REGION 3 | } 4 | 5 | -------------------------------------------------------------------------------- /demo-10_RDS/rds.tf: -------------------------------------------------------------------------------- 1 | resource "aws_db_subnet_group" "mariadb-subnet" { 2 | name = "mariadb-subnet" 3 | description = "RDS subnet group" 4 | subnet_ids = [aws_subnet.main-private-1.id, aws_subnet.main-private-2.id] 5 | } 6 | 7 | resource "aws_db_parameter_group" "mariadb-parameters" { 8 | name = "mariadb-parameters" 9 | family = "mariadb10.1" 10 | description = "MariaDB parameter group" 11 | 12 | parameter { 13 | name = "max_allowed_packet" 14 | value = "16777216" 15 | } 16 | } 17 | 18 | resource "aws_db_instance" "mariadb" { 19 | allocated_storage = 100 # 100 GB of storage, gives us more IOPS than a lower number 20 | engine = "mariadb" 21 | engine_version = "10.1.14" 22 | instance_class = "db.t2.small" # use micro if you want to use the free tier 23 | identifier = "mariadb" 24 | name = "mariadb" 25 | username = "root" # username 26 | password = var.RDS_PASSWORD # password 27 | db_subnet_group_name = aws_db_subnet_group.mariadb-subnet.name 28 | parameter_group_name = aws_db_parameter_group.mariadb-parameters.name 29 | multi_az = "false" # set to true to have high availability: 2 instances synchronized with each other 30 | vpc_security_group_ids = [aws_security_group.allow-mariadb.id] 31 | storage_type = "gp2" 32 | backup_retention_period = 30 # how long you’re going to keep your backups 33 | availability_zone = aws_subnet.main-private-1.availability_zone # prefered AZ 34 | skip_final_snapshot = true # skip final snapshot when doing terraform destroy 35 | tags = { 36 | Name = "mariadb-instance" 37 | } 38 | } 39 | 40 | -------------------------------------------------------------------------------- /demo-10_RDS/securitygroup.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "allow-ssh" { 2 | vpc_id = aws_vpc.main.id 3 | name = "allow-ssh" 4 | description = "security group that allows ssh and all egress traffic" 5 | egress { 6 | from_port = 0 7 | to_port = 0 8 | protocol = "-1" 9 | cidr_blocks = ["0.0.0.0/0"] 10 | } 11 | 12 | ingress { 13 | from_port = 22 14 | to_port = 22 15 | protocol = "tcp" 16 | cidr_blocks = ["0.0.0.0/0"] 17 | } 18 | tags = { 19 | Name = "allow-ssh" 20 | } 21 | } 22 | 23 | resource "aws_security_group" "allow-mariadb" { 24 | vpc_id = aws_vpc.main.id 25 | name = "allow-mariadb" 26 | description = "allow-mariadb" 27 | ingress { 28 | from_port = 3306 29 | to_port = 3306 30 | protocol = "tcp" 31 | security_groups = [aws_security_group.allow-ssh.id] # allowing access from our example instance 32 | } 33 | egress { 34 | from_port = 0 35 | to_port = 0 36 | protocol = "-1" 37 | cidr_blocks = ["0.0.0.0/0"] 38 | self = true 39 | } 40 | tags = { 41 | Name = "allow-mariadb" 42 | } 43 | } 44 | 45 | -------------------------------------------------------------------------------- /demo-10_RDS/vars.tf: -------------------------------------------------------------------------------- 1 | variable "AWS_REGION" { 2 | default = "eu-west-1" 3 | } 4 | 5 | variable "PATH_TO_PRIVATE_KEY" { 6 | default = "mykey" 7 | } 8 | 9 | variable "PATH_TO_PUBLIC_KEY" { 10 | default = "mykey.pub" 11 | } 12 | 13 | variable "AMIS" { 14 | type = map(string) 15 | default = { 16 | us-east-1 = "ami-13be557e" 17 | us-west-2 = "ami-06b94666" 18 | eu-west-1 = "ami-844e0bf7" 19 | } 20 | } 21 | 22 | variable "RDS_PASSWORD" { 23 | } 24 | 25 | -------------------------------------------------------------------------------- /demo-10_RDS/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /demo-10_RDS/vpc.tf: -------------------------------------------------------------------------------- 1 | # Internet VPC 2 | resource "aws_vpc" "main" { 3 | cidr_block = "10.0.0.0/16" 4 | instance_tenancy = "default" 5 | enable_dns_support = "true" 6 | enable_dns_hostnames = "true" 7 | enable_classiclink = "false" 8 | tags = { 9 | Name = "main" 10 | } 11 | } 12 | 13 | # Subnets 14 | resource "aws_subnet" "main-public-1" { 15 | vpc_id = aws_vpc.main.id 16 | cidr_block = "10.0.1.0/24" 17 | map_public_ip_on_launch = "true" 18 | availability_zone = "eu-west-1a" 19 | 20 | tags = { 21 | Name = "main-public-1" 22 | } 23 | } 24 | 25 | resource "aws_subnet" "main-public-2" { 26 | vpc_id = aws_vpc.main.id 27 | cidr_block = "10.0.2.0/24" 28 | map_public_ip_on_launch = "true" 29 | availability_zone = "eu-west-1b" 30 | 31 | tags = { 32 | Name = "main-public-2" 33 | } 34 | } 35 | 36 | 37 | resource "aws_subnet" "main-private-1" { 38 | vpc_id = aws_vpc.main.id 39 | cidr_block = "10.0.4.0/24" 40 | map_public_ip_on_launch = "false" 41 | availability_zone = "eu-west-1a" 42 | 43 | tags = { 44 | Name = "main-private-1" 45 | } 46 | } 47 | 48 | resource "aws_subnet" "main-private-2" { 49 | vpc_id = aws_vpc.main.id 50 | cidr_block = "10.0.5.0/24" 51 | map_public_ip_on_launch = "false" 52 | availability_zone = "eu-west-1b" 53 | 54 | tags = { 55 | Name = "main-private-2" 56 | } 57 | } 58 | 59 | 60 | # Internet GW 61 | resource "aws_internet_gateway" "main-gw" { 62 | vpc_id = aws_vpc.main.id 63 | 64 | tags = { 65 | Name = "main" 66 | } 67 | } 68 | 69 | # route tables 70 | resource "aws_route_table" "main-public" { 71 | vpc_id = aws_vpc.main.id 72 | route { 73 | cidr_block = "0.0.0.0/0" 74 | gateway_id = aws_internet_gateway.main-gw.id 75 | } 76 | 77 | tags = { 78 | Name = "main-public-1" 79 | } 80 | } 81 | 82 | # route associations public 83 | resource "aws_route_table_association" "main-public-1-a" { 84 | subnet_id = aws_subnet.main-public-1.id 85 | route_table_id = aws_route_table.main-public.id 86 | } 87 | 88 | resource "aws_route_table_association" "main-public-2-a" { 89 | subnet_id = aws_subnet.main-public-2.id 90 | route_table_id = aws_route_table.main-public.id 91 | } -------------------------------------------------------------------------------- /demo-11_userdata/cloudinit.tf: -------------------------------------------------------------------------------- 1 | data "template_file" "init-script" { 2 | template = file("scripts/init.cfg") 3 | vars = { 4 | REGION = var.AWS_REGION 5 | } 6 | } 7 | 8 | data "template_file" "shell-script" { 9 | template = file("scripts/volumes.sh") 10 | vars = { 11 | DEVICE = var.INSTANCE_DEVICE_NAME 12 | } 13 | } 14 | 15 | data "template_cloudinit_config" "cloudinit-example" { 16 | gzip = false 17 | base64_encode = false 18 | 19 | part { 20 | filename = "init.cfg" 21 | content_type = "text/cloud-config" 22 | content = data.template_file.init-script.rendered 23 | } 24 | 25 | part { 26 | content_type = "text/x-shellscript" 27 | content = data.template_file.shell-script.rendered 28 | } 29 | } 30 | 31 | -------------------------------------------------------------------------------- /demo-11_userdata/instance.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "example" { 2 | ami = var.AMIS[var.AWS_REGION] 3 | instance_type = "t2.micro" 4 | 5 | # the VPC subnet 6 | subnet_id = aws_subnet.main-public-1.id 7 | 8 | # the security group 9 | vpc_security_group_ids = [aws_security_group.allow-ssh.id] 10 | 11 | # the public SSH key 12 | key_name = aws_key_pair.mykeypair.key_name 13 | 14 | # # user data 15 | user_data = data.template_cloudinit_config.cloudinit-example.rendered 16 | } 17 | 18 | 19 | resource "aws_ebs_volume" "ebs-volume-1" { 20 | availability_zone = "eu-west-1a" 21 | size = 20 22 | type = "gp2" 23 | tags = { 24 | Name = "extra volume data" 25 | } 26 | } 27 | 28 | resource "aws_volume_attachment" "ebs-volume-1-attachment" { 29 | device_name = var.INSTANCE_DEVICE_NAME 30 | volume_id = aws_ebs_volume.ebs-volume-1.id 31 | instance_id = aws_instance.example.id 32 | skip_destroy = true # skip destroy to avoid issues with terraform destroy 33 | } 34 | 35 | -------------------------------------------------------------------------------- /demo-11_userdata/key.tf: -------------------------------------------------------------------------------- 1 | resource "aws_key_pair" "mykeypair" { 2 | key_name = "mykeypair" 3 | public_key = file(var.PATH_TO_PUBLIC_KEY) 4 | } 5 | 6 | -------------------------------------------------------------------------------- /demo-11_userdata/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.AWS_REGION 3 | } 4 | 5 | -------------------------------------------------------------------------------- /demo-11_userdata/scripts/init.cfg: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | 3 | repo_update: true 4 | repo_upgrade: all 5 | 6 | packages: 7 | - lvm2 8 | 9 | output: 10 | all: '| tee -a /var/log/cloud-init-output.log' 11 | -------------------------------------------------------------------------------- /demo-11_userdata/scripts/volumes.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -ex 4 | vgchange -ay 5 | 6 | DEVICE_FS=`blkid -o value -s TYPE ${DEVICE} || echo ""` 7 | if [ "`echo -n $DEVICE_FS`" == "" ] ; then 8 | # wait for the device to be attached 9 | DEVICENAME=`echo "${DEVICE}" | awk -F '/' '{print $3}'` 10 | DEVICEEXISTS='' 11 | while [[ -z $DEVICEEXISTS ]]; do 12 | echo "checking $DEVICENAME" 13 | DEVICEEXISTS=`lsblk |grep "$DEVICENAME" |wc -l` 14 | if [[ $DEVICEEXISTS != "1" ]]; then 15 | sleep 15 16 | fi 17 | done 18 | pvcreate ${DEVICE} 19 | vgcreate data ${DEVICE} 20 | lvcreate --name volume1 -l 100%FREE data 21 | mkfs.ext4 /dev/data/volume1 22 | fi 23 | mkdir -p /data 24 | echo '/dev/data/volume1 /data ext4 defaults 0 0' >> /etc/fstab 25 | mount /data -------------------------------------------------------------------------------- /demo-11_userdata/securitygroup.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "allow-ssh" { 2 | vpc_id = aws_vpc.main.id 3 | name = "allow-ssh" 4 | description = "security group that allows ssh and all egress traffic" 5 | egress { 6 | from_port = 0 7 | to_port = 0 8 | protocol = "-1" 9 | cidr_blocks = ["0.0.0.0/0"] 10 | } 11 | 12 | ingress { 13 | from_port = 22 14 | to_port = 22 15 | protocol = "tcp" 16 | cidr_blocks = ["0.0.0.0/0"] 17 | } 18 | tags = { 19 | Name = "allow-ssh" 20 | } 21 | } 22 | 23 | -------------------------------------------------------------------------------- /demo-11_userdata/vars.tf: -------------------------------------------------------------------------------- 1 | variable "AWS_REGION" { 2 | default = "eu-west-1" 3 | } 4 | 5 | variable "PATH_TO_PRIVATE_KEY" { 6 | default = "mykey" 7 | } 8 | 9 | variable "PATH_TO_PUBLIC_KEY" { 10 | default = "mykey.pub" 11 | } 12 | 13 | variable "AMIS" { 14 | type = map(string) 15 | default = { 16 | us-east-1 = "ami-13be557e" 17 | us-west-2 = "ami-06b94666" 18 | eu-west-1 = "ami-844e0bf7" 19 | } 20 | } 21 | 22 | variable "INSTANCE_DEVICE_NAME" { 23 | default = "/dev/xvdh" 24 | } 25 | 26 | -------------------------------------------------------------------------------- /demo-11_userdata/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /demo-11_userdata/vpc.tf: -------------------------------------------------------------------------------- 1 | # Internet VPC 2 | resource "aws_vpc" "main" { 3 | cidr_block = "10.0.0.0/16" 4 | instance_tenancy = "default" 5 | enable_dns_support = "true" 6 | enable_dns_hostnames = "true" 7 | enable_classiclink = "false" 8 | tags = { 9 | Name = "main" 10 | } 11 | } 12 | 13 | # Subnets 14 | resource "aws_subnet" "main-public-1" { 15 | vpc_id = aws_vpc.main.id 16 | cidr_block = "10.0.1.0/24" 17 | map_public_ip_on_launch = "true" 18 | availability_zone = "eu-west-1a" 19 | 20 | tags = { 21 | Name = "main-public-1" 22 | } 23 | } 24 | 25 | resource "aws_subnet" "main-public-2" { 26 | vpc_id = aws_vpc.main.id 27 | cidr_block = "10.0.2.0/24" 28 | map_public_ip_on_launch = "true" 29 | availability_zone = "eu-west-1b" 30 | 31 | tags = { 32 | Name = "main-public-2" 33 | } 34 | } 35 | 36 | 37 | resource "aws_subnet" "main-private-1" { 38 | vpc_id = aws_vpc.main.id 39 | cidr_block = "10.0.4.0/24" 40 | map_public_ip_on_launch = "false" 41 | availability_zone = "eu-west-1a" 42 | 43 | tags = { 44 | Name = "main-private-1" 45 | } 46 | } 47 | 48 | resource "aws_subnet" "main-private-2" { 49 | vpc_id = aws_vpc.main.id 50 | cidr_block = "10.0.5.0/24" 51 | map_public_ip_on_launch = "false" 52 | availability_zone = "eu-west-1b" 53 | 54 | tags = { 55 | Name = "main-private-2" 56 | } 57 | } 58 | 59 | 60 | # Internet GW 61 | resource "aws_internet_gateway" "main-gw" { 62 | vpc_id = aws_vpc.main.id 63 | 64 | tags = { 65 | Name = "main" 66 | } 67 | } 68 | 69 | # route tables 70 | resource "aws_route_table" "main-public" { 71 | vpc_id = aws_vpc.main.id 72 | route { 73 | cidr_block = "0.0.0.0/0" 74 | gateway_id = aws_internet_gateway.main-gw.id 75 | } 76 | 77 | tags = { 78 | Name = "main-public-1" 79 | } 80 | } 81 | 82 | # route associations public 83 | resource "aws_route_table_association" "main-public-1-a" { 84 | subnet_id = aws_subnet.main-public-1.id 85 | route_table_id = aws_route_table.main-public.id 86 | } 87 | 88 | resource "aws_route_table_association" "main-public-2-a" { 89 | subnet_id = aws_subnet.main-public-2.id 90 | route_table_id = aws_route_table.main-public.id 91 | } -------------------------------------------------------------------------------- /demo-12-autoscaling/autoscaling.tf: -------------------------------------------------------------------------------- 1 | resource "aws_launch_configuration" "example-launchconfig" { 2 | name_prefix = "example-launchconfig" 3 | image_id = var.AMIS[var.AWS_REGION] 4 | instance_type = "t2.micro" 5 | key_name = aws_key_pair.mykeypair.key_name 6 | security_groups = [aws_security_group.allow-ssh.id] 7 | } 8 | 9 | resource "aws_autoscaling_group" "example-autoscaling" { 10 | name = "example-autoscaling" 11 | vpc_zone_identifier = [aws_subnet.main-public-1.id, aws_subnet.main-public-2.id] 12 | launch_configuration = aws_launch_configuration.example-launchconfig.name 13 | min_size = 1 14 | max_size = 2 15 | health_check_grace_period = 300 16 | health_check_type = "EC2" 17 | force_delete = true 18 | 19 | tag { 20 | key = "Name" 21 | value = "ec2 instance" 22 | propagate_at_launch = true 23 | } 24 | } 25 | 26 | -------------------------------------------------------------------------------- /demo-12-autoscaling/autoscalingpolicy.tf: -------------------------------------------------------------------------------- 1 | # scale up alarm 2 | 3 | resource "aws_autoscaling_policy" "example-cpu-policy" { 4 | name = "example-cpu-policy" 5 | autoscaling_group_name = aws_autoscaling_group.example-autoscaling.name 6 | adjustment_type = "ChangeInCapacity" 7 | scaling_adjustment = "1" 8 | cooldown = "300" 9 | policy_type = "SimpleScaling" 10 | } 11 | 12 | resource "aws_cloudwatch_metric_alarm" "example-cpu-alarm" { 13 | alarm_name = "example-cpu-alarm" 14 | alarm_description = "example-cpu-alarm" 15 | comparison_operator = "GreaterThanOrEqualToThreshold" 16 | evaluation_periods = "2" 17 | metric_name = "CPUUtilization" 18 | namespace = "AWS/EC2" 19 | period = "120" 20 | statistic = "Average" 21 | threshold = "30" 22 | 23 | dimensions = { 24 | "AutoScalingGroupName" = aws_autoscaling_group.example-autoscaling.name 25 | } 26 | 27 | actions_enabled = true 28 | alarm_actions = [aws_autoscaling_policy.example-cpu-policy.arn] 29 | } 30 | 31 | # scale down alarm 32 | resource "aws_autoscaling_policy" "example-cpu-policy-scaledown" { 33 | name = "example-cpu-policy-scaledown" 34 | autoscaling_group_name = aws_autoscaling_group.example-autoscaling.name 35 | adjustment_type = "ChangeInCapacity" 36 | scaling_adjustment = "-1" 37 | cooldown = "300" 38 | policy_type = "SimpleScaling" 39 | } 40 | 41 | resource "aws_cloudwatch_metric_alarm" "example-cpu-alarm-scaledown" { 42 | alarm_name = "example-cpu-alarm-scaledown" 43 | alarm_description = "example-cpu-alarm-scaledown" 44 | comparison_operator = "LessThanOrEqualToThreshold" 45 | evaluation_periods = "2" 46 | metric_name = "CPUUtilization" 47 | namespace = "AWS/EC2" 48 | period = "120" 49 | statistic = "Average" 50 | threshold = "5" 51 | 52 | dimensions = { 53 | "AutoScalingGroupName" = aws_autoscaling_group.example-autoscaling.name 54 | } 55 | 56 | actions_enabled = true 57 | alarm_actions = [aws_autoscaling_policy.example-cpu-policy-scaledown.arn] 58 | } 59 | 60 | -------------------------------------------------------------------------------- /demo-12-autoscaling/key.tf: -------------------------------------------------------------------------------- 1 | resource "aws_key_pair" "mykeypair" { 2 | key_name = "mykeypair" 3 | public_key = file(var.PATH_TO_PUBLIC_KEY) 4 | lifecycle { 5 | ignore_changes = [public_key] 6 | } 7 | } 8 | 9 | -------------------------------------------------------------------------------- /demo-12-autoscaling/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.AWS_REGION 3 | } 4 | 5 | -------------------------------------------------------------------------------- /demo-12-autoscaling/securitygroup.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "allow-ssh" { 2 | vpc_id = aws_vpc.main.id 3 | name = "allow-ssh" 4 | description = "security group that allows ssh and all egress traffic" 5 | egress { 6 | from_port = 0 7 | to_port = 0 8 | protocol = "-1" 9 | cidr_blocks = ["0.0.0.0/0"] 10 | } 11 | 12 | ingress { 13 | from_port = 22 14 | to_port = 22 15 | protocol = "tcp" 16 | cidr_blocks = ["0.0.0.0/0"] 17 | } 18 | tags = { 19 | Name = "allow-ssh" 20 | } 21 | } 22 | 23 | -------------------------------------------------------------------------------- /demo-12-autoscaling/vars.tf: -------------------------------------------------------------------------------- 1 | variable "AWS_REGION" { 2 | default = "eu-west-1" 3 | } 4 | 5 | variable "PATH_TO_PRIVATE_KEY" { 6 | default = "mykey" 7 | } 8 | 9 | variable "PATH_TO_PUBLIC_KEY" { 10 | default = "mykey.pub" 11 | } 12 | 13 | variable "AMIS" { 14 | type = map(string) 15 | default = { 16 | us-east-1 = "ami-13be557e" 17 | us-west-2 = "ami-06b94666" 18 | eu-west-1 = "ami-844e0bf7" 19 | } 20 | } 21 | 22 | -------------------------------------------------------------------------------- /demo-12-autoscaling/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /demo-12-autoscaling/vpc.tf: -------------------------------------------------------------------------------- 1 | # Internet VPC 2 | resource "aws_vpc" "main" { 3 | cidr_block = "10.0.0.0/16" 4 | instance_tenancy = "default" 5 | enable_dns_support = "true" 6 | enable_dns_hostnames = "true" 7 | enable_classiclink = "false" 8 | tags = { 9 | Name = "main" 10 | } 11 | } 12 | 13 | # Subnets 14 | resource "aws_subnet" "main-public-1" { 15 | vpc_id = aws_vpc.main.id 16 | cidr_block = "10.0.1.0/24" 17 | map_public_ip_on_launch = "true" 18 | availability_zone = "eu-west-1a" 19 | 20 | tags = { 21 | Name = "main-public-1" 22 | } 23 | } 24 | 25 | resource "aws_subnet" "main-public-2" { 26 | vpc_id = aws_vpc.main.id 27 | cidr_block = "10.0.2.0/24" 28 | map_public_ip_on_launch = "true" 29 | availability_zone = "eu-west-1b" 30 | 31 | tags = { 32 | Name = "main-public-2" 33 | } 34 | } 35 | 36 | 37 | resource "aws_subnet" "main-private-1" { 38 | vpc_id = aws_vpc.main.id 39 | cidr_block = "10.0.4.0/24" 40 | map_public_ip_on_launch = "false" 41 | availability_zone = "eu-west-1a" 42 | 43 | tags = { 44 | Name = "main-private-1" 45 | } 46 | } 47 | 48 | resource "aws_subnet" "main-private-2" { 49 | vpc_id = aws_vpc.main.id 50 | cidr_block = "10.0.5.0/24" 51 | map_public_ip_on_launch = "false" 52 | availability_zone = "eu-west-1b" 53 | 54 | tags = { 55 | Name = "main-private-2" 56 | } 57 | } 58 | 59 | 60 | # Internet GW 61 | resource "aws_internet_gateway" "main-gw" { 62 | vpc_id = aws_vpc.main.id 63 | 64 | tags = { 65 | Name = "main" 66 | } 67 | } 68 | 69 | # route tables 70 | resource "aws_route_table" "main-public" { 71 | vpc_id = aws_vpc.main.id 72 | route { 73 | cidr_block = "0.0.0.0/0" 74 | gateway_id = aws_internet_gateway.main-gw.id 75 | } 76 | 77 | tags = { 78 | Name = "main-public-1" 79 | } 80 | } 81 | 82 | # route associations public 83 | resource "aws_route_table_association" "main-public-1-a" { 84 | subnet_id = aws_subnet.main-public-1.id 85 | route_table_id = aws_route_table.main-public.id 86 | } 87 | 88 | resource "aws_route_table_association" "main-public-2-a" { 89 | subnet_id = aws_subnet.main-public-2.id 90 | route_table_id = aws_route_table.main-public.id 91 | } -------------------------------------------------------------------------------- /demo-13-ELB/autoscaling.tf: -------------------------------------------------------------------------------- 1 | resource "aws_launch_configuration" "example-launchconfig" { 2 | name_prefix = "example-launchconfig" 3 | image_id = var.AMIS[var.AWS_REGION] 4 | instance_type = "t2.micro" 5 | key_name = aws_key_pair.mykeypair.key_name 6 | security_groups = [aws_security_group.myinstance.id] 7 | user_data = "#!/bin/bash\napt-get update\napt-get -y install net-tools nginx\nMYIP=`ifconfig | grep -E '(inet 10)|(addr:10)' | awk '{ print $2 }' | cut -d ':' -f2`\necho 'this is: '$MYIP > /var/www/html/index.html" 8 | lifecycle { 9 | create_before_destroy = true 10 | } 11 | } 12 | 13 | resource "aws_autoscaling_group" "example-autoscaling" { 14 | name = "example-autoscaling" 15 | vpc_zone_identifier = [aws_subnet.main-public-1.id, aws_subnet.main-public-2.id] 16 | launch_configuration = aws_launch_configuration.example-launchconfig.name 17 | min_size = 2 18 | max_size = 2 19 | health_check_grace_period = 300 20 | health_check_type = "ELB" 21 | load_balancers = [aws_elb.my-elb.name] 22 | force_delete = true 23 | 24 | tag { 25 | key = "Name" 26 | value = "ec2 instance" 27 | propagate_at_launch = true 28 | } 29 | } 30 | 31 | -------------------------------------------------------------------------------- /demo-13-ELB/elb.tf: -------------------------------------------------------------------------------- 1 | resource "aws_elb" "my-elb" { 2 | name = "my-elb" 3 | subnets = [aws_subnet.main-public-1.id, aws_subnet.main-public-2.id] 4 | security_groups = [aws_security_group.elb-securitygroup.id] 5 | listener { 6 | instance_port = 80 7 | instance_protocol = "http" 8 | lb_port = 80 9 | lb_protocol = "http" 10 | } 11 | health_check { 12 | healthy_threshold = 2 13 | unhealthy_threshold = 2 14 | timeout = 3 15 | target = "HTTP:80/" 16 | interval = 30 17 | } 18 | 19 | cross_zone_load_balancing = true 20 | connection_draining = true 21 | connection_draining_timeout = 400 22 | tags = { 23 | Name = "my-elb" 24 | } 25 | } 26 | 27 | -------------------------------------------------------------------------------- /demo-13-ELB/key.tf: -------------------------------------------------------------------------------- 1 | resource "aws_key_pair" "mykeypair" { 2 | key_name = "mykeypair" 3 | public_key = file(var.PATH_TO_PUBLIC_KEY) 4 | lifecycle { 5 | ignore_changes = [public_key] 6 | } 7 | } 8 | 9 | -------------------------------------------------------------------------------- /demo-13-ELB/output.tf: -------------------------------------------------------------------------------- 1 | output "ELB" { 2 | value = aws_elb.my-elb.dns_name 3 | } 4 | 5 | -------------------------------------------------------------------------------- /demo-13-ELB/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.AWS_REGION 3 | } 4 | 5 | -------------------------------------------------------------------------------- /demo-13-ELB/securitygroup.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "myinstance" { 2 | vpc_id = aws_vpc.main.id 3 | name = "myinstance" 4 | description = "security group for my instance" 5 | egress { 6 | from_port = 0 7 | to_port = 0 8 | protocol = "-1" 9 | cidr_blocks = ["0.0.0.0/0"] 10 | } 11 | 12 | ingress { 13 | from_port = 22 14 | to_port = 22 15 | protocol = "tcp" 16 | cidr_blocks = ["0.0.0.0/0"] 17 | } 18 | 19 | ingress { 20 | from_port = 80 21 | to_port = 80 22 | protocol = "tcp" 23 | security_groups = [aws_security_group.elb-securitygroup.id] 24 | } 25 | 26 | tags = { 27 | Name = "myinstance" 28 | } 29 | } 30 | 31 | resource "aws_security_group" "elb-securitygroup" { 32 | vpc_id = aws_vpc.main.id 33 | name = "elb" 34 | description = "security group for load balancer" 35 | egress { 36 | from_port = 0 37 | to_port = 0 38 | protocol = "-1" 39 | cidr_blocks = ["0.0.0.0/0"] 40 | } 41 | 42 | ingress { 43 | from_port = 80 44 | to_port = 80 45 | protocol = "tcp" 46 | cidr_blocks = ["0.0.0.0/0"] 47 | } 48 | tags = { 49 | Name = "elb" 50 | } 51 | } 52 | 53 | -------------------------------------------------------------------------------- /demo-13-ELB/vars.tf: -------------------------------------------------------------------------------- 1 | variable "AWS_REGION" { 2 | default = "eu-west-1" 3 | } 4 | 5 | variable "PATH_TO_PRIVATE_KEY" { 6 | default = "mykey" 7 | } 8 | 9 | variable "PATH_TO_PUBLIC_KEY" { 10 | default = "mykey.pub" 11 | } 12 | 13 | variable "AMIS" { 14 | type = map(string) 15 | default = { 16 | us-east-1 = "ami-13be557e" 17 | us-west-2 = "ami-06b94666" 18 | eu-west-1 = "ami-844e0bf7" 19 | } 20 | } 21 | 22 | -------------------------------------------------------------------------------- /demo-13-ELB/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /demo-13-ELB/vpc.tf: -------------------------------------------------------------------------------- 1 | # Internet VPC 2 | resource "aws_vpc" "main" { 3 | cidr_block = "10.0.0.0/16" 4 | instance_tenancy = "default" 5 | enable_dns_support = "true" 6 | enable_dns_hostnames = "true" 7 | enable_classiclink = "false" 8 | tags = { 9 | Name = "main" 10 | } 11 | } 12 | 13 | # Subnets 14 | resource "aws_subnet" "main-public-1" { 15 | vpc_id = aws_vpc.main.id 16 | cidr_block = "10.0.1.0/24" 17 | map_public_ip_on_launch = "true" 18 | availability_zone = "eu-west-1a" 19 | 20 | tags = { 21 | Name = "main-public-1" 22 | } 23 | } 24 | 25 | resource "aws_subnet" "main-public-2" { 26 | vpc_id = aws_vpc.main.id 27 | cidr_block = "10.0.2.0/24" 28 | map_public_ip_on_launch = "true" 29 | availability_zone = "eu-west-1b" 30 | 31 | tags = { 32 | Name = "main-public-2" 33 | } 34 | } 35 | 36 | 37 | resource "aws_subnet" "main-private-1" { 38 | vpc_id = aws_vpc.main.id 39 | cidr_block = "10.0.4.0/24" 40 | map_public_ip_on_launch = "false" 41 | availability_zone = "eu-west-1a" 42 | 43 | tags = { 44 | Name = "main-private-1" 45 | } 46 | } 47 | 48 | resource "aws_subnet" "main-private-2" { 49 | vpc_id = aws_vpc.main.id 50 | cidr_block = "10.0.5.0/24" 51 | map_public_ip_on_launch = "false" 52 | availability_zone = "eu-west-1b" 53 | 54 | tags = { 55 | Name = "main-private-2" 56 | } 57 | } 58 | 59 | 60 | # Internet GW 61 | resource "aws_internet_gateway" "main-gw" { 62 | vpc_id = aws_vpc.main.id 63 | 64 | tags = { 65 | Name = "main" 66 | } 67 | } 68 | 69 | # route tables 70 | resource "aws_route_table" "main-public" { 71 | vpc_id = aws_vpc.main.id 72 | route { 73 | cidr_block = "0.0.0.0/0" 74 | gateway_id = aws_internet_gateway.main-gw.id 75 | } 76 | 77 | tags = { 78 | Name = "main-public-1" 79 | } 80 | } 81 | 82 | # route associations public 83 | resource "aws_route_table_association" "main-public-1-a" { 84 | subnet_id = aws_subnet.main-public-1.id 85 | route_table_id = aws_route_table.main-public.id 86 | } 87 | 88 | resource "aws_route_table_association" "main-public-2-a" { 89 | subnet_id = aws_subnet.main-public-2.id 90 | route_table_id = aws_route_table.main-public.id 91 | } -------------------------------------------------------------------------------- /demo-2-remote_state/backend.tf: -------------------------------------------------------------------------------- 1 | #use AWS s3 for remote state 2 | terraform { 3 | backend "s3" { 4 | bucket = "terraform-remote-state-4" 5 | key = "terraform/demo-2-remote-state" 6 | region = "ap-northeast-2" 7 | } 8 | } -------------------------------------------------------------------------------- /demo-2-remote_state/instance.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "example" { 2 | ami = var.AMIS[var.AWS_REGION] 3 | instance_type = "t2.micro" 4 | provisioner "local-exec" { 5 | command = "echo ${aws_instance.example.private_ip} >> private_ips.txt" 6 | } 7 | } 8 | 9 | output "ip" { 10 | value = aws_instance.example.public_ip 11 | description = "demo for output" 12 | sensitive = true 13 | } 14 | 15 | -------------------------------------------------------------------------------- /demo-2-remote_state/private_ips.txt: -------------------------------------------------------------------------------- 1 | 172.31.40.124 2 | 172.31.38.3 3 | -------------------------------------------------------------------------------- /demo-2-remote_state/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.AWS_REGION 3 | } 4 | 5 | -------------------------------------------------------------------------------- /demo-2-remote_state/vars.tf: -------------------------------------------------------------------------------- 1 | variable "AWS_REGION" { 2 | default = "ap-northeast-2" 3 | } 4 | 5 | variable "AMIS" { 6 | type = map(string) 7 | default = { 8 | ap-northeast-2 = "ami-0d777f54156eae7d9" 9 | us-east-1 = "ami-13be557e" 10 | us-west-2 = "ami-06b94666" 11 | eu-west-1 = "ami-844e0bf7" 12 | } 13 | } 14 | 15 | -------------------------------------------------------------------------------- /demo-2-remote_state/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /demo-3_output/instance.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "example" { 2 | ami = var.AMIS[var.AWS_REGION] 3 | instance_type = "t2.micro" 4 | } 5 | 6 | output "ip" { 7 | value = aws_instance.example.public_ip 8 | } 9 | 10 | -------------------------------------------------------------------------------- /demo-3_output/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | access_key = var.AWS_ACCESS_KEY 3 | secret_key = var.AWS_SECRET_KEY 4 | region = var.AWS_REGION 5 | } 6 | 7 | -------------------------------------------------------------------------------- /demo-3_output/vars.tf: -------------------------------------------------------------------------------- 1 | variable "AWS_ACCESS_KEY" { 2 | } 3 | 4 | variable "AWS_SECRET_KEY" { 5 | } 6 | 7 | variable "AWS_REGION" { 8 | default = "ap-northeast-2" 9 | } 10 | 11 | variable "AMIS" { 12 | type = map(string) 13 | default = { 14 | ap-northeast-2 = "ami-0d777f54156eae7d9" 15 | us-east-1 = "ami-13be557e" 16 | us-west-2 = "ami-06b94666" 17 | eu-west-1 = "ami-844e0bf7" 18 | } 19 | } 20 | 21 | 22 | -------------------------------------------------------------------------------- /demo-3_output/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /demo-4_provisioner/instance.tf: -------------------------------------------------------------------------------- 1 | resource "aws_key_pair" "mykey" { 2 | key_name = "mykey" 3 | public_key = file(var.PATH_TO_PUBLIC_KEY) 4 | } 5 | 6 | resource "aws_instance" "example" { 7 | ami = var.AMIS[var.AWS_REGION] 8 | instance_type = "t2.micro" 9 | key_name = aws_key_pair.mykey.key_name 10 | 11 | provisioner "file" { 12 | source = "script.sh" 13 | destination = "/tmp/script.sh" 14 | } 15 | provisioner "remote-exec" { 16 | inline = [ 17 | "chmod +x /tmp/script.sh", 18 | "sudo sed -i -e 's/\r$//' /tmp/script.sh", # Remove the spurious CR characters. 19 | "sudo /tmp/script.sh", 20 | ] 21 | } 22 | connection { 23 | host = coalesce(self.public_ip, self.private_ip) 24 | type = "ssh" 25 | user = var.INSTANCE_USERNAME 26 | private_key = file(var.PATH_TO_PRIVATE_KEY) 27 | } 28 | } 29 | 30 | output "ip" { 31 | value = aws_instance.example.public_ip 32 | description = "demo for output" 33 | } 34 | 35 | -------------------------------------------------------------------------------- /demo-4_provisioner/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.AWS_REGION 3 | } 4 | 5 | -------------------------------------------------------------------------------- /demo-4_provisioner/script.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # sleep until instance is ready 4 | until [[ -f /var/lib/cloud/instance/boot-finished ]]; do 5 | sleep 1 6 | done 7 | 8 | # install nginx 9 | apt-get update 10 | apt-get -y install nginx 11 | 12 | # make sure nginx is started 13 | service nginx start 14 | -------------------------------------------------------------------------------- /demo-4_provisioner/vars.tf: -------------------------------------------------------------------------------- 1 | 2 | 3 | variable "AWS_REGION" { 4 | default = "ap-northeast-2" 5 | } 6 | 7 | variable "AMIS" { 8 | type = map(string) 9 | default = { 10 | ap-northeast-2 = "ami-0d777f54156eae7d9" 11 | us-east-1 = "ami-13be557e" 12 | us-west-2 = "ami-06b94666" 13 | eu-west-1 = "ami-844e0bf7" 14 | } 15 | } 16 | 17 | variable "PATH_TO_PRIVATE_KEY" { 18 | default = "mykey" 19 | } 20 | 21 | variable "PATH_TO_PUBLIC_KEY" { 22 | default = "mykey.pub" 23 | } 24 | 25 | variable "INSTANCE_USERNAME" { 26 | default = "ubuntu" 27 | } 28 | 29 | -------------------------------------------------------------------------------- /demo-4_provisioner/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /demo-5_modules/default_vpc.tf: -------------------------------------------------------------------------------- 1 | # these resources are added to provide the vpc_id and subnets to the consul module 2 | # aws_default_* are resources that terraform doesn't creat, rather adopt 3 | # See https://www.terraform.io/docs/providers/aws/r/default_vpc.html for more info 4 | 5 | # default VPC 6 | resource "aws_default_vpc" "default" { 7 | tags = { 8 | Name = "Default VPC" 9 | } 10 | } 11 | 12 | # default subnets 13 | resource "aws_default_subnet" "default_az1" { 14 | availability_zone = "${var.AWS_REGION}a" 15 | 16 | tags = { 17 | Name = "Default subnet for ${var.AWS_REGION}a" 18 | } 19 | } 20 | 21 | resource "aws_default_subnet" "default_az2" { 22 | availability_zone = "${var.AWS_REGION}b" 23 | 24 | tags = { 25 | Name = "Default subnet for ${var.AWS_REGION}b" 26 | } 27 | } 28 | 29 | resource "aws_default_subnet" "default_az3" { 30 | availability_zone = "${var.AWS_REGION}c" 31 | 32 | tags = { 33 | Name = "Default subnet for ${var.AWS_REGION}c" 34 | } 35 | } 36 | 37 | -------------------------------------------------------------------------------- /demo-5_modules/key.tf: -------------------------------------------------------------------------------- 1 | resource "aws_key_pair" "mykey" { 2 | key_name = "mykey" 3 | public_key = file(var.PATH_TO_PUBLIC_KEY) 4 | } 5 | 6 | -------------------------------------------------------------------------------- /demo-5_modules/modules.tf: -------------------------------------------------------------------------------- 1 | module "consul" { 2 | source = "github.com/wardviaene/terraform-consul-module.git?ref=terraform-0.12" 3 | key_name = aws_key_pair.mykey.key_name 4 | key_path = var.PATH_TO_PRIVATE_KEY 5 | region = var.AWS_REGION 6 | vpc_id = aws_default_vpc.default.id 7 | subnets = { 8 | "0" = aws_default_subnet.default_az1.id 9 | "1" = aws_default_subnet.default_az2.id 10 | "2" = aws_default_subnet.default_az3.id 11 | } 12 | } 13 | 14 | output "consul-output" { 15 | value = module.consul.server_address 16 | } 17 | 18 | -------------------------------------------------------------------------------- /demo-5_modules/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.AWS_REGION 3 | } 4 | 5 | -------------------------------------------------------------------------------- /demo-5_modules/vars.tf: -------------------------------------------------------------------------------- 1 | variable "AWS_REGION" { 2 | default = "ap-northeast-2" 3 | } 4 | 5 | variable "PATH_TO_PRIVATE_KEY" { 6 | default = "mykey" 7 | } 8 | 9 | variable "PATH_TO_PUBLIC_KEY" { 10 | default = "mykey.pub" 11 | } 12 | 13 | -------------------------------------------------------------------------------- /demo-5_modules/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /demo-5_remote_modules/default_vpc.tf: -------------------------------------------------------------------------------- 1 | # these resources are added to provide the vpc_id and subnets to the consul module 2 | # aws_default_* are resources that terraform doesn't creat, rather adopt 3 | # See https://www.terraform.io/docs/providers/aws/r/default_vpc.html for more info 4 | 5 | # default VPC 6 | resource "aws_default_vpc" "default" { 7 | tags = { 8 | Name = "Default VPC" 9 | } 10 | } 11 | 12 | # default subnets 13 | resource "aws_default_subnet" "default_az1" { 14 | availability_zone = "${var.AWS_REGION}a" 15 | 16 | tags = { 17 | Name = "Default subnet for ${var.AWS_REGION}a" 18 | } 19 | } 20 | 21 | resource "aws_default_subnet" "default_az2" { 22 | availability_zone = "${var.AWS_REGION}b" 23 | 24 | tags = { 25 | Name = "Default subnet for ${var.AWS_REGION}b" 26 | } 27 | } 28 | 29 | resource "aws_default_subnet" "default_az3" { 30 | availability_zone = "${var.AWS_REGION}c" 31 | 32 | tags = { 33 | Name = "Default subnet for ${var.AWS_REGION}c" 34 | } 35 | } 36 | 37 | -------------------------------------------------------------------------------- /demo-5_remote_modules/key.tf: -------------------------------------------------------------------------------- 1 | resource "aws_key_pair" "mykey" { 2 | key_name = "mykey" 3 | public_key = file(var.PATH_TO_PUBLIC_KEY) 4 | } 5 | 6 | -------------------------------------------------------------------------------- /demo-5_remote_modules/modules.tf: -------------------------------------------------------------------------------- 1 | module "consul" { 2 | source = "github.com/AndrewProgramming/terraform_tutrial_code_modules" 3 | key_name = aws_key_pair.mykey.key_name 4 | key_path = var.PATH_TO_PRIVATE_KEY 5 | region = var.AWS_REGION 6 | vpc_id = aws_default_vpc.default.id 7 | subnets = { 8 | "0" = aws_default_subnet.default_az1.id 9 | "1" = aws_default_subnet.default_az2.id 10 | "2" = aws_default_subnet.default_az3.id 11 | } 12 | } 13 | 14 | output "consul-output" { 15 | value = module.consul.server_address 16 | } 17 | 18 | -------------------------------------------------------------------------------- /demo-5_remote_modules/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.AWS_REGION 3 | } 4 | 5 | -------------------------------------------------------------------------------- /demo-5_remote_modules/vars.tf: -------------------------------------------------------------------------------- 1 | variable "AWS_REGION" { 2 | default = "ap-northeast-2" 3 | } 4 | 5 | variable "PATH_TO_PRIVATE_KEY" { 6 | default = "mykey" 7 | } 8 | 9 | variable "PATH_TO_PUBLIC_KEY" { 10 | default = "mykey.pub" 11 | } 12 | 13 | -------------------------------------------------------------------------------- /demo-5_remote_modules/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /demo-5b_local_modules/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AndrewProgramming/learn_terraform_from_scratch/e38075aab21b31002ebaac1efbd887e7125fd89c/demo-5b_local_modules/.DS_Store -------------------------------------------------------------------------------- /demo-5b_local_modules/consul-cluster/README.md: -------------------------------------------------------------------------------- 1 | # Consul terraform module 2 | * consul AWS code As github repository for terraform 3 | -------------------------------------------------------------------------------- /demo-5b_local_modules/consul-cluster/consul.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "server" { 2 | ami = "${lookup(var.ami, "${var.region}-${var.platform}")}" 3 | instance_type = "${var.instance_type}" 4 | key_name = "${var.key_name}" 5 | count = "${var.servers}" 6 | security_groups = ["${aws_security_group.consul.id}"] 7 | subnet_id = "${lookup(var.subnets, count.index % var.servers)}" 8 | 9 | connection { 10 | user = "${lookup(var.user, var.platform)}" 11 | private_key = "${file("${var.key_path}")}" 12 | } 13 | 14 | #Instance tags 15 | tags { 16 | Name = "${var.tagName}-${count.index}" 17 | ConsulRole = "Server" 18 | } 19 | 20 | provisioner "file" { 21 | source = "${path.module}/shared/scripts/${lookup(var.service_conf, var.platform)}" 22 | destination = "/tmp/${lookup(var.service_conf_dest, var.platform)}" 23 | } 24 | 25 | 26 | provisioner "remote-exec" { 27 | inline = [ 28 | "echo ${var.servers} > /tmp/consul-server-count", 29 | "echo ${aws_instance.server.0.private_ip} > /tmp/consul-server-addr", 30 | ] 31 | } 32 | 33 | provisioner "remote-exec" { 34 | scripts = [ 35 | "${path.module}/shared/scripts/install.sh", 36 | "${path.module}/shared/scripts/service.sh", 37 | "${path.module}/shared/scripts/ip_tables.sh", 38 | ] 39 | } 40 | } 41 | 42 | resource "aws_security_group" "consul" { 43 | name = "consul_${var.platform}" 44 | description = "Consul internal traffic + maintenance." 45 | vpc_id = "${var.vpc_id}" 46 | 47 | // These are for internal traffic 48 | ingress { 49 | from_port = 0 50 | to_port = 65535 51 | protocol = "tcp" 52 | self = true 53 | } 54 | 55 | ingress { 56 | from_port = 0 57 | to_port = 65535 58 | protocol = "udp" 59 | self = true 60 | } 61 | 62 | // These are for maintenance 63 | ingress { 64 | from_port = 22 65 | to_port = 22 66 | protocol = "tcp" 67 | cidr_blocks = ["0.0.0.0/0"] 68 | } 69 | 70 | // This is for outbound internet access 71 | egress { 72 | from_port = 0 73 | to_port = 0 74 | protocol = "-1" 75 | cidr_blocks = ["0.0.0.0/0"] 76 | } 77 | } 78 | -------------------------------------------------------------------------------- /demo-5b_local_modules/consul-cluster/outputs.tf: -------------------------------------------------------------------------------- 1 | output "server_address" { 2 | value = "${aws_instance.server.0.public_dns}" 3 | } 4 | -------------------------------------------------------------------------------- /demo-5b_local_modules/consul-cluster/shared/scripts/debian_consul.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=consul agent 3 | Requires=network-online.target 4 | After=network-online.target 5 | 6 | [Service] 7 | EnvironmentFile=-/etc/sysconfig/consul 8 | Restart=on-failure 9 | ExecStart=/usr/local/bin/consul agent $CONSUL_FLAGS -config-dir=/etc/systemd/system/consul.d 10 | ExecReload=/bin/kill -HUP $MAINPID 11 | 12 | [Install] 13 | WantedBy=multi-user.target 14 | -------------------------------------------------------------------------------- /demo-5b_local_modules/consul-cluster/shared/scripts/debian_upstart.conf: -------------------------------------------------------------------------------- 1 | description "Consul agent" 2 | 3 | start on started networking 4 | stop on runlevel [!2345] 5 | 6 | respawn 7 | # This is to avoid Upstart re-spawning the process upon `consul leave` 8 | normal exit 0 INT 9 | 10 | script 11 | if [ -f "/etc/service/consul" ]; then 12 | . /etc/service/consul 13 | fi 14 | 15 | # Get the local IP 16 | BIND=`ifconfig eth0 | grep "inet addr" | awk '{ print substr($2,6) }'` 17 | 18 | exec /usr/local/bin/consul agent \ 19 | -config-dir="/etc/consul.d" \ 20 | -bind=$BIND \ 21 | ${CONSUL_FLAGS} \ 22 | >>/var/log/consul.log 2>&1 23 | end script 24 | 25 | -------------------------------------------------------------------------------- /demo-5b_local_modules/consul-cluster/shared/scripts/install.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | 4 | echo "Installing dependencies..." 5 | if [ -x "$(command -v apt-get)" ]; then 6 | sudo su -s /bin/bash -c 'sleep 30 && apt-get update && apt-get install unzip' root 7 | else 8 | sudo yum update -y 9 | sudo yum install -y unzip wget 10 | fi 11 | 12 | 13 | echo "Fetching Consul..." 14 | CONSUL=1.0.0 15 | cd /tmp 16 | wget https://releases.hashicorp.com/consul/${CONSUL}/consul_${CONSUL}_linux_amd64.zip -O consul.zip --quiet 17 | 18 | echo "Installing Consul..." 19 | unzip consul.zip >/dev/null 20 | chmod +x consul 21 | sudo mv consul /usr/local/bin/consul 22 | sudo mkdir -p /opt/consul/data 23 | 24 | # Read from the file we created 25 | SERVER_COUNT=$(cat /tmp/consul-server-count | tr -d '\n') 26 | CONSUL_JOIN=$(cat /tmp/consul-server-addr | tr -d '\n') 27 | 28 | # Write the flags to a temporary file 29 | cat >/tmp/consul_flags << EOF 30 | CONSUL_FLAGS="-server -bootstrap-expect=${SERVER_COUNT} -join=${CONSUL_JOIN} -data-dir=/opt/consul/data" 31 | EOF 32 | 33 | if [ -f /tmp/upstart.conf ]; 34 | then 35 | echo "Installing Upstart service..." 36 | sudo mkdir -p /etc/consul.d 37 | sudo mkdir -p /etc/service 38 | sudo chown root:root /tmp/upstart.conf 39 | sudo mv /tmp/upstart.conf /etc/init/consul.conf 40 | sudo chmod 0644 /etc/init/consul.conf 41 | sudo mv /tmp/consul_flags /etc/service/consul 42 | sudo chmod 0644 /etc/service/consul 43 | else 44 | echo "Installing Systemd service..." 45 | sudo mkdir -p /etc/sysconfig 46 | sudo mkdir -p /etc/systemd/system/consul.d 47 | sudo chown root:root /tmp/consul.service 48 | sudo mv /tmp/consul.service /etc/systemd/system/consul.service 49 | sudo mv /tmp/consul*json /etc/systemd/system/consul.d/ || echo 50 | sudo chmod 0644 /etc/systemd/system/consul.service 51 | sudo mv /tmp/consul_flags /etc/sysconfig/consul 52 | sudo chown root:root /etc/sysconfig/consul 53 | sudo chmod 0644 /etc/sysconfig/consul 54 | fi 55 | -------------------------------------------------------------------------------- /demo-5b_local_modules/consul-cluster/shared/scripts/ip_tables.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | 4 | sudo iptables -I INPUT -s 0/0 -p tcp --dport 8300 -j ACCEPT 5 | sudo iptables -I INPUT -s 0/0 -p tcp --dport 8301 -j ACCEPT 6 | sudo iptables -I INPUT -s 0/0 -p tcp --dport 8302 -j ACCEPT 7 | sudo iptables -I INPUT -s 0/0 -p tcp --dport 8400 -j ACCEPT 8 | 9 | if [ -d /etc/sysconfig ]; then 10 | sudo iptables-save | sudo tee /etc/sysconfig/iptables 11 | else 12 | sudo iptables-save | sudo tee /etc/iptables.rules 13 | fi 14 | -------------------------------------------------------------------------------- /demo-5b_local_modules/consul-cluster/shared/scripts/rhel_consul.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=consul agent 3 | Requires=network-online.target 4 | After=network-online.target 5 | 6 | [Service] 7 | EnvironmentFile=-/etc/sysconfig/consul 8 | Restart=on-failure 9 | ExecStart=/usr/local/bin/consul agent $CONSUL_FLAGS -config-dir=/etc/systemd/system/consul.d 10 | ExecReload=/bin/kill -HUP $MAINPID 11 | 12 | [Install] 13 | WantedBy=multi-user.target 14 | -------------------------------------------------------------------------------- /demo-5b_local_modules/consul-cluster/shared/scripts/rhel_upstart.conf: -------------------------------------------------------------------------------- 1 | description "Consul agent" 2 | 3 | start on started network 4 | stop on runlevel [!2345] 5 | 6 | respawn 7 | # This is to avoid Upstart re-spawning the process upon `consul leave` 8 | normal exit 0 INT 9 | 10 | script 11 | if [ -f "/etc/service/consul" ]; then 12 | . /etc/service/consul 13 | fi 14 | 15 | # Make sure to use all our CPUs, because Consul can block a scheduler thread 16 | export GOMAXPROCS=`nproc` 17 | 18 | # Get the public IP 19 | BIND=`ifconfig eth0 | grep "inet addr" | awk '{ print substr($2,6) }'` 20 | 21 | exec /usr/local/bin/consul agent \ 22 | -config-dir="/etc/consul.d" \ 23 | -bind=$BIND \ 24 | ${CONSUL_FLAGS} \ 25 | >>/var/log/consul.log 2>&1 26 | end script 27 | -------------------------------------------------------------------------------- /demo-5b_local_modules/consul-cluster/shared/scripts/service.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | 4 | echo "Starting Consul..." 5 | if [ -x "$(command -v systemctl)" ]; then 6 | echo "using systemctl" 7 | sudo systemctl enable consul.service 8 | sudo systemctl start consul 9 | else 10 | echo "using upstart" 11 | sudo start consul 12 | fi 13 | -------------------------------------------------------------------------------- /demo-5b_local_modules/consul-cluster/variables.tf: -------------------------------------------------------------------------------- 1 | variable "platform" { 2 | default = "ubuntu" 3 | description = "The OS Platform" 4 | } 5 | 6 | variable "user" { 7 | default = { 8 | ubuntu = "ubuntu" 9 | rhel6 = "ec2-user" 10 | centos6 = "centos" 11 | centos7 = "centos" 12 | rhel7 = "ec2-user" 13 | } 14 | } 15 | 16 | variable "ami" { 17 | description = "AWS AMI Id, if you change, make sure it is compatible with instance type, not all AMIs allow all instance types " 18 | 19 | default = { 20 | ap-south-1-ubuntu = "ami-08a5e367" 21 | us-east-1-ubuntu = "ami-d651b8ac" 22 | ap-northeast-1-ubuntu = "ami-8422ebe2" 23 | eu-west-1-ubuntu = "ami-17d11e6e" 24 | ap-southeast-1-ubuntu = "ami-e6d3a585" 25 | ca-central-1-ubuntu = "ami-e59c2581" 26 | us-west-1-ubuntu = "ami-2d5c6d4d" 27 | eu-central-1-ubuntu = "ami-5a922335" 28 | sa-east-1-ubuntu = "ami-a3e39ecf" 29 | ap-southeast-2-ubuntu = "ami-391ff95b" 30 | eu-west-2-ubuntu = "ami-e1f2e185" 31 | ap-northeast-2-ubuntu = "ami-0f6fb461" 32 | us-west-2-ubuntu = "ami-ecc63a94" 33 | us-east-2-ubuntu = "ami-9686a4f3" 34 | us-east-1-rhel6 = "ami-0d28fe66" 35 | us-east-2-rhel6 = "ami-aff2a9ca" 36 | us-west-2-rhel6 = "ami-3d3c0a0d" 37 | us-east-1-centos6 = "ami-57cd8732" 38 | us-east-2-centos6 = "ami-c299c2a7" 39 | us-west-2-centos6 = "ami-1255b321" 40 | us-east-1-rhel7 = "ami-2051294a" 41 | us-east-2-rhel7 = "ami-0a33696f" 42 | us-west-2-rhel7 = "ami-775e4f16" 43 | us-east-1-centos7 = "ami-6d1c2007" 44 | us-east-2-centos7 = "ami-6a2d760f" 45 | us-west-1-centos7 = "ami-af4333cf" 46 | } 47 | } 48 | 49 | variable "service_conf" { 50 | default = { 51 | ubuntu = "debian_consul.service" 52 | rhel6 = "rhel_upstart.conf" 53 | centos6 = "rhel_upstart.conf" 54 | centos7 = "rhel_consul.service" 55 | rhel7 = "rhel_consul.service" 56 | } 57 | } 58 | 59 | variable "service_conf_dest" { 60 | default = { 61 | ubuntu = "consul.service" 62 | rhel6 = "upstart.conf" 63 | centos6 = "upstart.conf" 64 | centos7 = "consul.service" 65 | rhel7 = "consul.service" 66 | } 67 | } 68 | 69 | variable "key_name" { 70 | description = "SSH key name in your AWS account for AWS instances." 71 | } 72 | 73 | variable "key_path" { 74 | description = "Path to the private key specified by key_name." 75 | } 76 | 77 | variable "region" { 78 | default = "us-east-1" 79 | description = "The region of AWS, for AMI lookups." 80 | } 81 | 82 | variable "servers" { 83 | default = "3" 84 | description = "The number of Consul servers to launch." 85 | } 86 | 87 | variable "instance_type" { 88 | default = "t2.micro" 89 | description = "AWS Instance type, if you change, make sure it is compatible with AMI, not all AMIs allow all instance types " 90 | } 91 | 92 | variable "tagName" { 93 | default = "consul" 94 | description = "Name tag for the servers" 95 | } 96 | 97 | variable "subnets" { 98 | type = "map" 99 | description = "map of subnets to deploy your infrastructure in, must have as many keys as your server count (default 3), -var 'subnets={\"0\"=\"subnet-12345\",\"1\"=\"subnets-23456\"}' " 100 | } 101 | 102 | variable "vpc_id" { 103 | type = "string" 104 | description = "ID of the VPC to use - in case your account doesn't have default VPC" 105 | } -------------------------------------------------------------------------------- /demo-5b_local_modules/default_vpc.tf: -------------------------------------------------------------------------------- 1 | # these resources are added to provide the vpc_id and subnets to the consul module 2 | # aws_default_* are resources that terraform doesn't creat, rather adopt 3 | # See https://www.terraform.io/docs/providers/aws/r/default_vpc.html for more info 4 | 5 | # default VPC 6 | resource "aws_default_vpc" "default" { 7 | tags = { 8 | Name = "Default VPC" 9 | } 10 | } 11 | 12 | # default subnets 13 | resource "aws_default_subnet" "default_az1" { 14 | availability_zone = "${var.AWS_REGION}a" 15 | 16 | tags = { 17 | Name = "Default subnet for ${var.AWS_REGION}a" 18 | } 19 | } 20 | 21 | resource "aws_default_subnet" "default_az2" { 22 | availability_zone = "${var.AWS_REGION}b" 23 | 24 | tags = { 25 | Name = "Default subnet for ${var.AWS_REGION}b" 26 | } 27 | } 28 | 29 | resource "aws_default_subnet" "default_az3" { 30 | availability_zone = "${var.AWS_REGION}c" 31 | 32 | tags = { 33 | Name = "Default subnet for ${var.AWS_REGION}c" 34 | } 35 | } 36 | 37 | -------------------------------------------------------------------------------- /demo-5b_local_modules/key.tf: -------------------------------------------------------------------------------- 1 | resource "aws_key_pair" "mykey" { 2 | key_name = "mykey" 3 | public_key = file(var.PATH_TO_PUBLIC_KEY) 4 | } 5 | 6 | -------------------------------------------------------------------------------- /demo-5b_local_modules/module.tf: -------------------------------------------------------------------------------- 1 | module "consul" { 2 | source = "./module/consul-cluster" 3 | key_name = aws_key_pair.mykey.key_name 4 | key_path = var.PATH_TO_PRIVATE_KEY 5 | region = var.AWS_REGION 6 | vpc_id = aws_default_vpc.default.id 7 | subnets = { 8 | "0" = aws_default_subnet.default_az1.id 9 | "1" = aws_default_subnet.default_az2.id 10 | "2" = aws_default_subnet.default_az3.id 11 | } 12 | } 13 | 14 | output "consul-output" { 15 | value = module.consul.server_address 16 | } -------------------------------------------------------------------------------- /demo-5b_local_modules/module/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AndrewProgramming/learn_terraform_from_scratch/e38075aab21b31002ebaac1efbd887e7125fd89c/demo-5b_local_modules/module/.DS_Store -------------------------------------------------------------------------------- /demo-5b_local_modules/module/consul-cluster/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AndrewProgramming/learn_terraform_from_scratch/e38075aab21b31002ebaac1efbd887e7125fd89c/demo-5b_local_modules/module/consul-cluster/.DS_Store -------------------------------------------------------------------------------- /demo-5b_local_modules/module/consul-cluster/README.md: -------------------------------------------------------------------------------- 1 | # Consul terraform module 2 | * consul AWS code As github repository for terraform 3 | * See https://registry.terraform.io/modules/hashicorp/consul/aws/0.6.0/submodules/consul-cluster 4 | -------------------------------------------------------------------------------- /demo-5b_local_modules/module/consul-cluster/consul.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "server" { 2 | ami = var.ami["${var.region}-${var.platform}"] 3 | instance_type = var.instance_type 4 | key_name = var.key_name 5 | count = var.servers 6 | security_groups = [aws_security_group.consul.id] 7 | subnet_id = var.subnets[count.index % var.servers] 8 | 9 | connection { 10 | host = coalesce(self.public_ip, self.private_ip) 11 | type = "ssh" 12 | user = var.user[var.platform] 13 | private_key = file(var.key_path) 14 | } 15 | 16 | #Instance tags 17 | tags = { 18 | Name = "${var.tagName}-${count.index}" 19 | ConsulRole = "Server" 20 | } 21 | 22 | provisioner "file" { 23 | source = "${path.module}/shared/scripts/${var.service_conf[var.platform]}" 24 | destination = "/tmp/${var.service_conf_dest[var.platform]}" 25 | } 26 | 27 | provisioner "remote-exec" { 28 | inline = [ 29 | "echo ${var.servers} > /tmp/consul-server-count", 30 | "echo ${aws_instance.server[0].private_ip} > /tmp/consul-server-addr", 31 | ] 32 | } 33 | 34 | provisioner "remote-exec" { 35 | scripts = [ 36 | "${path.module}/shared/scripts/install.sh", 37 | "${path.module}/shared/scripts/service.sh", 38 | "${path.module}/shared/scripts/ip_tables.sh", 39 | ] 40 | } 41 | } 42 | 43 | resource "aws_security_group" "consul" { 44 | name = "consul_${var.platform}" 45 | description = "Consul internal traffic + maintenance." 46 | vpc_id = var.vpc_id 47 | 48 | // These are for internal traffic 49 | ingress { 50 | from_port = 0 51 | to_port = 65535 52 | protocol = "tcp" 53 | self = true 54 | } 55 | 56 | ingress { 57 | from_port = 0 58 | to_port = 65535 59 | protocol = "udp" 60 | self = true 61 | } 62 | 63 | // These are for maintenance 64 | ingress { 65 | from_port = 22 66 | to_port = 22 67 | protocol = "tcp" 68 | cidr_blocks = ["0.0.0.0/0"] 69 | } 70 | 71 | // This is for outbound internet access 72 | egress { 73 | from_port = 0 74 | to_port = 0 75 | protocol = "-1" 76 | cidr_blocks = ["0.0.0.0/0"] 77 | } 78 | } 79 | 80 | -------------------------------------------------------------------------------- /demo-5b_local_modules/module/consul-cluster/outputs.tf: -------------------------------------------------------------------------------- 1 | output "server_address" { 2 | value = aws_instance.server[0].public_dns 3 | } 4 | 5 | -------------------------------------------------------------------------------- /demo-5b_local_modules/module/consul-cluster/shared/scripts/debian_consul.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=consul agent 3 | Requires=network-online.target 4 | After=network-online.target 5 | 6 | [Service] 7 | EnvironmentFile=-/etc/sysconfig/consul 8 | Restart=on-failure 9 | ExecStart=/usr/local/bin/consul agent $CONSUL_FLAGS -config-dir=/etc/systemd/system/consul.d 10 | ExecReload=/bin/kill -HUP $MAINPID 11 | 12 | [Install] 13 | WantedBy=multi-user.target 14 | -------------------------------------------------------------------------------- /demo-5b_local_modules/module/consul-cluster/shared/scripts/debian_upstart.conf: -------------------------------------------------------------------------------- 1 | description "Consul agent" 2 | 3 | start on started networking 4 | stop on runlevel [!2345] 5 | 6 | respawn 7 | # This is to avoid Upstart re-spawning the process upon `consul leave` 8 | normal exit 0 INT 9 | 10 | script 11 | if [ -f "/etc/service/consul" ]; then 12 | . /etc/service/consul 13 | fi 14 | 15 | # Get the local IP 16 | BIND=`ifconfig eth0 | grep "inet addr" | awk '{ print substr($2,6) }'` 17 | 18 | exec /usr/local/bin/consul agent \ 19 | -config-dir="/etc/consul.d" \ 20 | -bind=$BIND \ 21 | ${CONSUL_FLAGS} \ 22 | >>/var/log/consul.log 2>&1 23 | end script 24 | 25 | -------------------------------------------------------------------------------- /demo-5b_local_modules/module/consul-cluster/shared/scripts/install.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | 4 | echo "Installing dependencies..." 5 | if [ -x "$(command -v apt-get)" ]; then 6 | sudo su -s /bin/bash -c 'sleep 30 && apt-get update && apt-get install unzip' root 7 | else 8 | sudo yum update -y 9 | sudo yum install -y unzip wget 10 | fi 11 | 12 | 13 | echo "Fetching Consul..." 14 | CONSUL=1.0.0 15 | cd /tmp 16 | wget https://releases.hashicorp.com/consul/${CONSUL}/consul_${CONSUL}_linux_amd64.zip -O consul.zip --quiet 17 | 18 | echo "Installing Consul..." 19 | unzip consul.zip >/dev/null 20 | chmod +x consul 21 | sudo mv consul /usr/local/bin/consul 22 | sudo mkdir -p /opt/consul/data 23 | 24 | # Read from the file we created 25 | SERVER_COUNT=$(cat /tmp/consul-server-count | tr -d '\n') 26 | CONSUL_JOIN=$(cat /tmp/consul-server-addr | tr -d '\n') 27 | 28 | # Write the flags to a temporary file 29 | cat >/tmp/consul_flags << EOF 30 | CONSUL_FLAGS="-server -bootstrap-expect=${SERVER_COUNT} -join=${CONSUL_JOIN} -data-dir=/opt/consul/data" 31 | EOF 32 | 33 | if [ -f /tmp/upstart.conf ]; 34 | then 35 | echo "Installing Upstart service..." 36 | sudo mkdir -p /etc/consul.d 37 | sudo mkdir -p /etc/service 38 | sudo chown root:root /tmp/upstart.conf 39 | sudo mv /tmp/upstart.conf /etc/init/consul.conf 40 | sudo chmod 0644 /etc/init/consul.conf 41 | sudo mv /tmp/consul_flags /etc/service/consul 42 | sudo chmod 0644 /etc/service/consul 43 | else 44 | echo "Installing Systemd service..." 45 | sudo mkdir -p /etc/sysconfig 46 | sudo mkdir -p /etc/systemd/system/consul.d 47 | sudo chown root:root /tmp/consul.service 48 | sudo mv /tmp/consul.service /etc/systemd/system/consul.service 49 | sudo mv /tmp/consul*json /etc/systemd/system/consul.d/ || echo 50 | sudo chmod 0644 /etc/systemd/system/consul.service 51 | sudo mv /tmp/consul_flags /etc/sysconfig/consul 52 | sudo chown root:root /etc/sysconfig/consul 53 | sudo chmod 0644 /etc/sysconfig/consul 54 | fi 55 | -------------------------------------------------------------------------------- /demo-5b_local_modules/module/consul-cluster/shared/scripts/ip_tables.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | 4 | sudo iptables -I INPUT -s 0/0 -p tcp --dport 8300 -j ACCEPT 5 | sudo iptables -I INPUT -s 0/0 -p tcp --dport 8301 -j ACCEPT 6 | sudo iptables -I INPUT -s 0/0 -p tcp --dport 8302 -j ACCEPT 7 | sudo iptables -I INPUT -s 0/0 -p tcp --dport 8400 -j ACCEPT 8 | 9 | if [ -d /etc/sysconfig ]; then 10 | sudo iptables-save | sudo tee /etc/sysconfig/iptables 11 | else 12 | sudo iptables-save | sudo tee /etc/iptables.rules 13 | fi 14 | -------------------------------------------------------------------------------- /demo-5b_local_modules/module/consul-cluster/shared/scripts/rhel_consul.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=consul agent 3 | Requires=network-online.target 4 | After=network-online.target 5 | 6 | [Service] 7 | EnvironmentFile=-/etc/sysconfig/consul 8 | Restart=on-failure 9 | ExecStart=/usr/local/bin/consul agent $CONSUL_FLAGS -config-dir=/etc/systemd/system/consul.d 10 | ExecReload=/bin/kill -HUP $MAINPID 11 | 12 | [Install] 13 | WantedBy=multi-user.target 14 | -------------------------------------------------------------------------------- /demo-5b_local_modules/module/consul-cluster/shared/scripts/rhel_upstart.conf: -------------------------------------------------------------------------------- 1 | description "Consul agent" 2 | 3 | start on started network 4 | stop on runlevel [!2345] 5 | 6 | respawn 7 | # This is to avoid Upstart re-spawning the process upon `consul leave` 8 | normal exit 0 INT 9 | 10 | script 11 | if [ -f "/etc/service/consul" ]; then 12 | . /etc/service/consul 13 | fi 14 | 15 | # Make sure to use all our CPUs, because Consul can block a scheduler thread 16 | export GOMAXPROCS=`nproc` 17 | 18 | # Get the public IP 19 | BIND=`ifconfig eth0 | grep "inet addr" | awk '{ print substr($2,6) }'` 20 | 21 | exec /usr/local/bin/consul agent \ 22 | -config-dir="/etc/consul.d" \ 23 | -bind=$BIND \ 24 | ${CONSUL_FLAGS} \ 25 | >>/var/log/consul.log 2>&1 26 | end script 27 | -------------------------------------------------------------------------------- /demo-5b_local_modules/module/consul-cluster/shared/scripts/service.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | 4 | echo "Starting Consul..." 5 | if [ -x "$(command -v systemctl)" ]; then 6 | echo "using systemctl" 7 | sudo systemctl enable consul.service 8 | sudo systemctl start consul 9 | else 10 | echo "using upstart" 11 | sudo start consul 12 | fi 13 | -------------------------------------------------------------------------------- /demo-5b_local_modules/module/consul-cluster/variables.tf: -------------------------------------------------------------------------------- 1 | variable "platform" { 2 | default = "ubuntu" 3 | description = "The OS Platform" 4 | } 5 | 6 | variable "user" { 7 | default = { 8 | ubuntu = "ubuntu" 9 | rhel6 = "ec2-user" 10 | centos6 = "centos" 11 | centos7 = "centos" 12 | rhel7 = "ec2-user" 13 | } 14 | } 15 | 16 | variable "ami" { 17 | description = "AWS AMI Id, if you change, make sure it is compatible with instance type, not all AMIs allow all instance types " 18 | 19 | default = { 20 | ap-south-1-ubuntu = "ami-08a5e367" 21 | us-east-1-ubuntu = "ami-d651b8ac" 22 | ap-northeast-1-ubuntu = "ami-8422ebe2" 23 | eu-west-1-ubuntu = "ami-17d11e6e" 24 | ap-southeast-1-ubuntu = "ami-e6d3a585" 25 | ca-central-1-ubuntu = "ami-e59c2581" 26 | us-west-1-ubuntu = "ami-2d5c6d4d" 27 | eu-central-1-ubuntu = "ami-5a922335" 28 | sa-east-1-ubuntu = "ami-a3e39ecf" 29 | ap-southeast-2-ubuntu = "ami-391ff95b" 30 | eu-west-2-ubuntu = "ami-e1f2e185" 31 | ap-northeast-2-ubuntu = "ami-0f6fb461" 32 | us-west-2-ubuntu = "ami-ecc63a94" 33 | us-east-2-ubuntu = "ami-9686a4f3" 34 | us-east-1-rhel6 = "ami-0d28fe66" 35 | us-east-2-rhel6 = "ami-aff2a9ca" 36 | us-west-2-rhel6 = "ami-3d3c0a0d" 37 | us-east-1-centos6 = "ami-57cd8732" 38 | us-east-2-centos6 = "ami-c299c2a7" 39 | us-west-2-centos6 = "ami-1255b321" 40 | us-east-1-rhel7 = "ami-2051294a" 41 | us-east-2-rhel7 = "ami-0a33696f" 42 | us-west-2-rhel7 = "ami-775e4f16" 43 | us-east-1-centos7 = "ami-6d1c2007" 44 | us-east-2-centos7 = "ami-6a2d760f" 45 | us-west-1-centos7 = "ami-af4333cf" 46 | } 47 | } 48 | 49 | variable "service_conf" { 50 | default = { 51 | ubuntu = "debian_consul.service" 52 | rhel6 = "rhel_upstart.conf" 53 | centos6 = "rhel_upstart.conf" 54 | centos7 = "rhel_consul.service" 55 | rhel7 = "rhel_consul.service" 56 | } 57 | } 58 | 59 | variable "service_conf_dest" { 60 | default = { 61 | ubuntu = "consul.service" 62 | rhel6 = "upstart.conf" 63 | centos6 = "upstart.conf" 64 | centos7 = "consul.service" 65 | rhel7 = "consul.service" 66 | } 67 | } 68 | 69 | variable "key_name" { 70 | description = "SSH key name in your AWS account for AWS instances." 71 | } 72 | 73 | variable "key_path" { 74 | description = "Path to the private key specified by key_name." 75 | } 76 | 77 | variable "region" { 78 | default = "us-east-1" 79 | description = "The region of AWS, for AMI lookups." 80 | } 81 | 82 | variable "servers" { 83 | default = "3" 84 | description = "The number of Consul servers to launch." 85 | } 86 | 87 | variable "instance_type" { 88 | default = "t2.micro" 89 | description = "AWS Instance type, if you change, make sure it is compatible with AMI, not all AMIs allow all instance types " 90 | } 91 | 92 | variable "tagName" { 93 | default = "consul" 94 | description = "Name tag for the servers" 95 | } 96 | 97 | variable "subnets" { 98 | type = map(string) 99 | description = "map of subnets to deploy your infrastructure in, must have as many keys as your server count (default 3), -var 'subnets={\"0\"=\"subnet-12345\",\"1\"=\"subnets-23456\"}' " 100 | } 101 | 102 | variable "vpc_id" { 103 | type = string 104 | description = "ID of the VPC to use - in case your account doesn't have default VPC" 105 | } 106 | 107 | -------------------------------------------------------------------------------- /demo-5b_local_modules/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.AWS_REGION 3 | } 4 | 5 | -------------------------------------------------------------------------------- /demo-5b_local_modules/vars.tf: -------------------------------------------------------------------------------- 1 | variable "AWS_REGION" { 2 | default = "ap-northeast-2" 3 | } 4 | 5 | variable "PATH_TO_PRIVATE_KEY" { 6 | default = "mykey" 7 | } 8 | 9 | variable "PATH_TO_PUBLIC_KEY" { 10 | default = "mykey.pub" 11 | } 12 | 13 | -------------------------------------------------------------------------------- /demo-5b_local_modules/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /demo-6_datasource/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.AWS_REGION 3 | } 4 | 5 | -------------------------------------------------------------------------------- /demo-6_datasource/securitygroup.tf: -------------------------------------------------------------------------------- 1 | data "aws_ip_ranges" "european_ec2" { 2 | regions = ["eu-west-1"] 3 | services = ["ec2"] 4 | } 5 | 6 | resource "aws_security_group" "from_europe" { 7 | name = "from_europe" 8 | 9 | ingress { 10 | from_port = "443" 11 | to_port = "443" 12 | protocol = "tcp" 13 | cidr_blocks = data.aws_ip_ranges.european_ec2.cidr_blocks 14 | } 15 | tags = { 16 | CreateDate = data.aws_ip_ranges.european_ec2.create_date 17 | SyncToken = data.aws_ip_ranges.european_ec2.sync_token 18 | } 19 | } 20 | 21 | -------------------------------------------------------------------------------- /demo-6_datasource/vars.tf: -------------------------------------------------------------------------------- 1 | variable "AWS_REGION" { 2 | default = "ap-northeast-2" 3 | } 4 | 5 | variable "AMIS" { 6 | type = map(string) 7 | default = { 8 | ap-northeast-2 = "ami-0d777f54156eae7d9" 9 | us-east-1 = "ami-13be557e" 10 | us-west-2 = "ami-06b94666" 11 | eu-west-1 = "ami-844e0bf7" 12 | } 13 | } 14 | 15 | -------------------------------------------------------------------------------- /demo-6_datasource/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /demo-7_vpc/nat.tf: -------------------------------------------------------------------------------- 1 | # nat gw 2 | resource "aws_eip" "nat" { 3 | vpc = true 4 | } 5 | 6 | resource "aws_nat_gateway" "nat-gw" { 7 | allocation_id = aws_eip.nat.id 8 | subnet_id = aws_subnet.main-public-1.id 9 | depends_on = [aws_internet_gateway.main-gw] 10 | } 11 | 12 | # VPC setup for NAT 13 | resource "aws_route_table" "main-private" { 14 | vpc_id = aws_vpc.main.id 15 | route { 16 | cidr_block = "0.0.0.0/0" 17 | nat_gateway_id = aws_nat_gateway.nat-gw.id 18 | } 19 | 20 | tags = { 21 | Name = "main-private-1" 22 | } 23 | } 24 | 25 | # route associations private 26 | resource "aws_route_table_association" "main-private-1-a" { 27 | subnet_id = aws_subnet.main-private-1.id 28 | route_table_id = aws_route_table.main-private.id 29 | } 30 | 31 | resource "aws_route_table_association" "main-private-2-a" { 32 | subnet_id = aws_subnet.main-private-2.id 33 | route_table_id = aws_route_table.main-private.id 34 | } 35 | 36 | 37 | -------------------------------------------------------------------------------- /demo-7_vpc/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.AWS_REGION 3 | } 4 | 5 | -------------------------------------------------------------------------------- /demo-7_vpc/vars.tf: -------------------------------------------------------------------------------- 1 | variable "AWS_REGION" { 2 | default = "eu-west-1" 3 | } 4 | 5 | variable "PATH_TO_PRIVATE_KEY" { 6 | default = "mykey" 7 | } 8 | 9 | variable "PATH_TO_PUBLIC_KEY" { 10 | default = "mykey.pub" 11 | } 12 | 13 | -------------------------------------------------------------------------------- /demo-7_vpc/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /demo-7_vpc/vpc.tf: -------------------------------------------------------------------------------- 1 | # Internet VPC 2 | resource "aws_vpc" "main" { 3 | cidr_block = "10.0.0.0/16" 4 | instance_tenancy = "default" 5 | enable_dns_support = "true" 6 | enable_dns_hostnames = "true" 7 | enable_classiclink = "false" 8 | tags = { 9 | Name = "main" 10 | } 11 | } 12 | 13 | # Subnets 14 | resource "aws_subnet" "main-public-1" { 15 | vpc_id = aws_vpc.main.id 16 | cidr_block = "10.0.1.0/24" 17 | map_public_ip_on_launch = "true" 18 | availability_zone = "eu-west-1a" 19 | 20 | tags = { 21 | Name = "main-public-1" 22 | } 23 | } 24 | 25 | resource "aws_subnet" "main-public-2" { 26 | vpc_id = aws_vpc.main.id 27 | cidr_block = "10.0.2.0/24" 28 | map_public_ip_on_launch = "true" 29 | availability_zone = "eu-west-1b" 30 | 31 | tags = { 32 | Name = "main-public-2" 33 | } 34 | } 35 | 36 | 37 | resource "aws_subnet" "main-private-1" { 38 | vpc_id = aws_vpc.main.id 39 | cidr_block = "10.0.4.0/24" 40 | map_public_ip_on_launch = "false" 41 | availability_zone = "eu-west-1a" 42 | 43 | tags = { 44 | Name = "main-private-1" 45 | } 46 | } 47 | 48 | resource "aws_subnet" "main-private-2" { 49 | vpc_id = aws_vpc.main.id 50 | cidr_block = "10.0.5.0/24" 51 | map_public_ip_on_launch = "false" 52 | availability_zone = "eu-west-1b" 53 | 54 | tags = { 55 | Name = "main-private-2" 56 | } 57 | } 58 | 59 | 60 | # Internet GW 61 | resource "aws_internet_gateway" "main-gw" { 62 | vpc_id = aws_vpc.main.id 63 | 64 | tags = { 65 | Name = "main" 66 | } 67 | } 68 | 69 | # route tables 70 | resource "aws_route_table" "main-public" { 71 | vpc_id = aws_vpc.main.id 72 | route { 73 | cidr_block = "0.0.0.0/0" 74 | gateway_id = aws_internet_gateway.main-gw.id 75 | } 76 | 77 | tags = { 78 | Name = "main-public-1" 79 | } 80 | } 81 | 82 | # route associations public 83 | resource "aws_route_table_association" "main-public-1-a" { 84 | subnet_id = aws_subnet.main-public-1.id 85 | route_table_id = aws_route_table.main-public.id 86 | } 87 | 88 | resource "aws_route_table_association" "main-public-2-a" { 89 | subnet_id = aws_subnet.main-public-2.id 90 | route_table_id = aws_route_table.main-public.id 91 | } 92 | -------------------------------------------------------------------------------- /demo-8-vpc_with_ec2/instance.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "example" { 2 | ami = var.AMIS[var.AWS_REGION] 3 | instance_type = "t2.micro" 4 | 5 | # the VPC subnet 6 | subnet_id = aws_subnet.main-public-1.id 7 | 8 | # the security group 9 | vpc_security_group_ids = [aws_security_group.allow-ssh.id] 10 | 11 | # the public SSH key 12 | key_name = aws_key_pair.mykeypair.key_name 13 | 14 | } 15 | 16 | 17 | -------------------------------------------------------------------------------- /demo-8-vpc_with_ec2/key.tf: -------------------------------------------------------------------------------- 1 | resource "aws_key_pair" "mykeypair" { 2 | key_name = "mykeypair" 3 | public_key = file(var.PATH_TO_PUBLIC_KEY) 4 | } 5 | 6 | -------------------------------------------------------------------------------- /demo-8-vpc_with_ec2/nat.tf: -------------------------------------------------------------------------------- 1 | # nat gw 2 | resource "aws_eip" "nat" { 3 | vpc = true 4 | } 5 | 6 | resource "aws_nat_gateway" "nat-gw" { 7 | allocation_id = aws_eip.nat.id 8 | subnet_id = aws_subnet.main-public-1.id 9 | depends_on = [aws_internet_gateway.main-gw] 10 | } 11 | 12 | # VPC setup for NAT 13 | resource "aws_route_table" "main-private" { 14 | vpc_id = aws_vpc.main.id 15 | route { 16 | cidr_block = "0.0.0.0/0" 17 | nat_gateway_id = aws_nat_gateway.nat-gw.id 18 | } 19 | 20 | tags = { 21 | Name = "main-private-1" 22 | } 23 | } 24 | 25 | # route associations private 26 | resource "aws_route_table_association" "main-private-1-a" { 27 | subnet_id = aws_subnet.main-private-1.id 28 | route_table_id = aws_route_table.main-private.id 29 | } 30 | 31 | resource "aws_route_table_association" "main-private-2-a" { 32 | subnet_id = aws_subnet.main-private-2.id 33 | route_table_id = aws_route_table.main-private.id 34 | } 35 | 36 | 37 | -------------------------------------------------------------------------------- /demo-8-vpc_with_ec2/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.AWS_REGION 3 | } 4 | 5 | -------------------------------------------------------------------------------- /demo-8-vpc_with_ec2/securitygroup.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "allow-ssh" { 2 | vpc_id = aws_vpc.main.id 3 | name = "allow-ssh" 4 | description = "security group that allows ssh and all egress traffic" 5 | egress { 6 | from_port = 0 7 | to_port = 0 8 | protocol = "-1" 9 | cidr_blocks = ["0.0.0.0/0"] 10 | } 11 | 12 | ingress { 13 | from_port = 22 14 | to_port = 22 15 | protocol = "tcp" 16 | cidr_blocks = ["0.0.0.0/0"] 17 | } 18 | tags = { 19 | Name = "allow-ssh" 20 | } 21 | } 22 | 23 | -------------------------------------------------------------------------------- /demo-8-vpc_with_ec2/vars.tf: -------------------------------------------------------------------------------- 1 | variable "AWS_REGION" { 2 | default = "eu-west-1" 3 | } 4 | 5 | variable "PATH_TO_PRIVATE_KEY" { 6 | default = "mykey" 7 | } 8 | 9 | variable "PATH_TO_PUBLIC_KEY" { 10 | default = "mykey.pub" 11 | } 12 | 13 | variable "AMIS" { 14 | type = map(string) 15 | default = { 16 | us-east-1 = "ami-13be557e" 17 | us-west-2 = "ami-06b94666" 18 | eu-west-1 = "ami-844e0bf7" 19 | } 20 | } 21 | 22 | -------------------------------------------------------------------------------- /demo-8-vpc_with_ec2/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /demo-8-vpc_with_ec2/vpc.tf: -------------------------------------------------------------------------------- 1 | # Internet VPC 2 | resource "aws_vpc" "main" { 3 | cidr_block = "10.0.0.0/16" 4 | instance_tenancy = "default" 5 | enable_dns_support = "true" 6 | enable_dns_hostnames = "true" 7 | enable_classiclink = "false" 8 | tags = { 9 | Name = "main" 10 | } 11 | } 12 | 13 | # Subnets 14 | resource "aws_subnet" "main-public-1" { 15 | vpc_id = aws_vpc.main.id 16 | cidr_block = "10.0.1.0/24" 17 | map_public_ip_on_launch = "true" 18 | availability_zone = "eu-west-1a" 19 | 20 | tags = { 21 | Name = "main-public-1" 22 | } 23 | } 24 | 25 | resource "aws_subnet" "main-public-2" { 26 | vpc_id = aws_vpc.main.id 27 | cidr_block = "10.0.2.0/24" 28 | map_public_ip_on_launch = "true" 29 | availability_zone = "eu-west-1b" 30 | 31 | tags = { 32 | Name = "main-public-2" 33 | } 34 | } 35 | 36 | 37 | resource "aws_subnet" "main-private-1" { 38 | vpc_id = aws_vpc.main.id 39 | cidr_block = "10.0.4.0/24" 40 | map_public_ip_on_launch = "false" 41 | availability_zone = "eu-west-1a" 42 | 43 | tags = { 44 | Name = "main-private-1" 45 | } 46 | } 47 | 48 | resource "aws_subnet" "main-private-2" { 49 | vpc_id = aws_vpc.main.id 50 | cidr_block = "10.0.5.0/24" 51 | map_public_ip_on_launch = "false" 52 | availability_zone = "eu-west-1b" 53 | 54 | tags = { 55 | Name = "main-private-2" 56 | } 57 | } 58 | 59 | 60 | # Internet GW 61 | resource "aws_internet_gateway" "main-gw" { 62 | vpc_id = aws_vpc.main.id 63 | 64 | tags = { 65 | Name = "main" 66 | } 67 | } 68 | 69 | # route tables 70 | resource "aws_route_table" "main-public" { 71 | vpc_id = aws_vpc.main.id 72 | route { 73 | cidr_block = "0.0.0.0/0" 74 | gateway_id = aws_internet_gateway.main-gw.id 75 | } 76 | 77 | tags = { 78 | Name = "main-public-1" 79 | } 80 | } 81 | 82 | # route associations public 83 | resource "aws_route_table_association" "main-public-1-a" { 84 | subnet_id = aws_subnet.main-public-1.id 85 | route_table_id = aws_route_table.main-public.id 86 | } 87 | 88 | resource "aws_route_table_association" "main-public-2-a" { 89 | subnet_id = aws_subnet.main-public-2.id 90 | route_table_id = aws_route_table.main-public.id 91 | } 92 | -------------------------------------------------------------------------------- /demo-9_EBS/instance.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "example" { 2 | ami = var.AMIS[var.AWS_REGION] 3 | instance_type = "t2.micro" 4 | 5 | # the VPC subnet 6 | subnet_id = aws_subnet.main-public-1.id 7 | 8 | # the security group 9 | vpc_security_group_ids = [aws_security_group.allow-ssh.id] 10 | 11 | # the public SSH key 12 | key_name = aws_key_pair.mykeypair.key_name 13 | } 14 | 15 | resource "aws_ebs_volume" "ebs-volume-1" { 16 | availability_zone = "eu-west-1a" 17 | size = 20 18 | type = "gp2" 19 | tags = { 20 | Name = "extra volume data" 21 | } 22 | } 23 | 24 | resource "aws_volume_attachment" "ebs-volume-1-attachment" { 25 | device_name = "/dev/xvdh" 26 | volume_id = aws_ebs_volume.ebs-volume-1.id 27 | instance_id = aws_instance.example.id 28 | } 29 | 30 | -------------------------------------------------------------------------------- /demo-9_EBS/key.tf: -------------------------------------------------------------------------------- 1 | resource "aws_key_pair" "mykeypair" { 2 | key_name = "mykeypair" 3 | public_key = file(var.PATH_TO_PUBLIC_KEY) 4 | } 5 | 6 | -------------------------------------------------------------------------------- /demo-9_EBS/nat.tf: -------------------------------------------------------------------------------- 1 | # nat gw 2 | resource "aws_eip" "nat" { 3 | vpc = true 4 | } 5 | 6 | resource "aws_nat_gateway" "nat-gw" { 7 | allocation_id = aws_eip.nat.id 8 | subnet_id = aws_subnet.main-public-1.id 9 | depends_on = [aws_internet_gateway.main-gw] 10 | } 11 | 12 | # VPC setup for NAT 13 | resource "aws_route_table" "main-private" { 14 | vpc_id = aws_vpc.main.id 15 | route { 16 | cidr_block = "0.0.0.0/0" 17 | nat_gateway_id = aws_nat_gateway.nat-gw.id 18 | } 19 | 20 | tags = { 21 | Name = "main-private-1" 22 | } 23 | } 24 | 25 | # route associations private 26 | resource "aws_route_table_association" "main-private-1-a" { 27 | subnet_id = aws_subnet.main-private-1.id 28 | route_table_id = aws_route_table.main-private.id 29 | } 30 | 31 | resource "aws_route_table_association" "main-private-2-a" { 32 | subnet_id = aws_subnet.main-private-2.id 33 | route_table_id = aws_route_table.main-private.id 34 | } 35 | 36 | 37 | -------------------------------------------------------------------------------- /demo-9_EBS/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.AWS_REGION 3 | } 4 | 5 | -------------------------------------------------------------------------------- /demo-9_EBS/securitygroup.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "allow-ssh" { 2 | vpc_id = aws_vpc.main.id 3 | name = "allow-ssh" 4 | description = "security group that allows ssh and all egress traffic" 5 | egress { 6 | from_port = 0 7 | to_port = 0 8 | protocol = "-1" 9 | cidr_blocks = ["0.0.0.0/0"] 10 | } 11 | 12 | ingress { 13 | from_port = 22 14 | to_port = 22 15 | protocol = "tcp" 16 | cidr_blocks = ["0.0.0.0/0"] 17 | } 18 | tags = { 19 | Name = "allow-ssh" 20 | } 21 | } 22 | 23 | -------------------------------------------------------------------------------- /demo-9_EBS/vars.tf: -------------------------------------------------------------------------------- 1 | variable "AWS_REGION" { 2 | default = "eu-west-1" 3 | } 4 | 5 | variable "PATH_TO_PRIVATE_KEY" { 6 | default = "mykey" 7 | } 8 | 9 | variable "PATH_TO_PUBLIC_KEY" { 10 | default = "mykey.pub" 11 | } 12 | 13 | variable "AMIS" { 14 | type = map(string) 15 | default = { 16 | us-east-1 = "ami-13be557e" 17 | us-west-2 = "ami-06b94666" 18 | eu-west-1 = "ami-844e0bf7" 19 | } 20 | } 21 | 22 | -------------------------------------------------------------------------------- /demo-9_EBS/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /demo-9_EBS/vpc.tf: -------------------------------------------------------------------------------- 1 | # Internet VPC 2 | resource "aws_vpc" "main" { 3 | cidr_block = "10.0.0.0/16" 4 | instance_tenancy = "default" 5 | enable_dns_support = "true" 6 | enable_dns_hostnames = "true" 7 | enable_classiclink = "false" 8 | tags = { 9 | Name = "main" 10 | } 11 | } 12 | 13 | # Subnets 14 | resource "aws_subnet" "main-public-1" { 15 | vpc_id = aws_vpc.main.id 16 | cidr_block = "10.0.1.0/24" 17 | map_public_ip_on_launch = "true" 18 | availability_zone = "eu-west-1a" 19 | 20 | tags = { 21 | Name = "main-public-1" 22 | } 23 | } 24 | 25 | resource "aws_subnet" "main-public-2" { 26 | vpc_id = aws_vpc.main.id 27 | cidr_block = "10.0.2.0/24" 28 | map_public_ip_on_launch = "true" 29 | availability_zone = "eu-west-1b" 30 | 31 | tags = { 32 | Name = "main-public-2" 33 | } 34 | } 35 | 36 | 37 | resource "aws_subnet" "main-private-1" { 38 | vpc_id = aws_vpc.main.id 39 | cidr_block = "10.0.4.0/24" 40 | map_public_ip_on_launch = "false" 41 | availability_zone = "eu-west-1a" 42 | 43 | tags = { 44 | Name = "main-private-1" 45 | } 46 | } 47 | 48 | resource "aws_subnet" "main-private-2" { 49 | vpc_id = aws_vpc.main.id 50 | cidr_block = "10.0.5.0/24" 51 | map_public_ip_on_launch = "false" 52 | availability_zone = "eu-west-1b" 53 | 54 | tags = { 55 | Name = "main-private-2" 56 | } 57 | } 58 | 59 | 60 | # Internet GW 61 | resource "aws_internet_gateway" "main-gw" { 62 | vpc_id = aws_vpc.main.id 63 | 64 | tags = { 65 | Name = "main" 66 | } 67 | } 68 | 69 | # route tables 70 | resource "aws_route_table" "main-public" { 71 | vpc_id = aws_vpc.main.id 72 | route { 73 | cidr_block = "0.0.0.0/0" 74 | gateway_id = aws_internet_gateway.main-gw.id 75 | } 76 | 77 | tags = { 78 | Name = "main-public-1" 79 | } 80 | } 81 | 82 | # route associations public 83 | resource "aws_route_table_association" "main-public-1-a" { 84 | subnet_id = aws_subnet.main-public-1.id 85 | route_table_id = aws_route_table.main-public.id 86 | } 87 | 88 | resource "aws_route_table_association" "main-public-2-a" { 89 | subnet_id = aws_subnet.main-public-2.id 90 | route_table_id = aws_route_table.main-public.id 91 | } -------------------------------------------------------------------------------- /demo-IAM_roles/iam.tf: -------------------------------------------------------------------------------- 1 | resource "aws_iam_role" "s3-mybucket-role" { 2 | name = "s3-mybucket-role" 3 | assume_role_policy = < amivar.tf 5 | terraform init 6 | terraform apply 7 | -------------------------------------------------------------------------------- /packer-demo/instance.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "example" { 2 | ami = var.AMI_ID 3 | instance_type = "t2.micro" 4 | 5 | # the VPC subnet 6 | subnet_id = aws_subnet.main-public-1.id 7 | 8 | # the security group 9 | vpc_security_group_ids = [aws_security_group.example-instance.id] 10 | 11 | # the public SSH key 12 | key_name = aws_key_pair.mykeypair.key_name 13 | } 14 | 15 | -------------------------------------------------------------------------------- /packer-demo/key.tf: -------------------------------------------------------------------------------- 1 | resource "aws_key_pair" "mykeypair" { 2 | key_name = "mykeypair" 3 | public_key = file(var.PATH_TO_PUBLIC_KEY) 4 | } 5 | 6 | -------------------------------------------------------------------------------- /packer-demo/packer-example.json: -------------------------------------------------------------------------------- 1 | { 2 | "variables": { 3 | "aws_access_key": "", 4 | "aws_secret_key": "" 5 | }, 6 | "builders": [{ 7 | "type": "amazon-ebs", 8 | "access_key": "{{user `aws_access_key`}}", 9 | "secret_key": "{{user `aws_secret_key`}}", 10 | "region": "eu-west-1", 11 | "source_ami": "ami-09652a7c0d6ff41a3", 12 | "instance_type": "t2.micro", 13 | "ssh_username": "ubuntu", 14 | "ami_name": "packer-example {{timestamp}}" 15 | }], 16 | "provisioners": [{ 17 | "type": "shell", 18 | "scripts": [ "scripts/install_software.sh" ], 19 | "execute_command": "{{ .Vars }} sudo -E sh '{{ .Path }}'", 20 | "pause_before": "10s" 21 | }] 22 | } 23 | -------------------------------------------------------------------------------- /packer-demo/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.AWS_REGION 3 | } 4 | 5 | -------------------------------------------------------------------------------- /packer-demo/scripts/install_software.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | apt-get update 3 | apt-get install -y nginx docker.io vim lvm2 4 | -------------------------------------------------------------------------------- /packer-demo/securitygroup.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "example-instance" { 2 | vpc_id = aws_vpc.main.id 3 | name = "allow-ssh" 4 | description = "security group that allows ssh and all egress traffic" 5 | egress { 6 | from_port = 0 7 | to_port = 0 8 | protocol = "-1" 9 | cidr_blocks = ["0.0.0.0/0"] 10 | } 11 | 12 | ingress { 13 | from_port = 22 14 | to_port = 22 15 | protocol = "tcp" 16 | cidr_blocks = ["0.0.0.0/0"] 17 | } 18 | tags = { 19 | Name = "example-instance" 20 | } 21 | } 22 | 23 | -------------------------------------------------------------------------------- /packer-demo/vars.tf: -------------------------------------------------------------------------------- 1 | variable "AWS_REGION" { 2 | default = "eu-west-1" 3 | } 4 | 5 | variable "PATH_TO_PRIVATE_KEY" { 6 | default = "mykey" 7 | } 8 | 9 | variable "PATH_TO_PUBLIC_KEY" { 10 | default = "mykey.pub" 11 | } 12 | 13 | -------------------------------------------------------------------------------- /packer-demo/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /packer-demo/vpc.tf: -------------------------------------------------------------------------------- 1 | # Internet VPC 2 | resource "aws_vpc" "main" { 3 | cidr_block = "10.0.0.0/16" 4 | instance_tenancy = "default" 5 | enable_dns_support = "true" 6 | enable_dns_hostnames = "true" 7 | enable_classiclink = "false" 8 | tags = { 9 | Name = "main" 10 | } 11 | } 12 | 13 | # Subnets 14 | resource "aws_subnet" "main-public-1" { 15 | vpc_id = aws_vpc.main.id 16 | cidr_block = "10.0.1.0/24" 17 | map_public_ip_on_launch = "true" 18 | availability_zone = "eu-west-1a" 19 | 20 | tags = { 21 | Name = "main-public-1" 22 | } 23 | } 24 | 25 | resource "aws_subnet" "main-public-2" { 26 | vpc_id = aws_vpc.main.id 27 | cidr_block = "10.0.2.0/24" 28 | map_public_ip_on_launch = "true" 29 | availability_zone = "eu-west-1b" 30 | 31 | tags = { 32 | Name = "main-public-2" 33 | } 34 | } 35 | 36 | 37 | resource "aws_subnet" "main-private-1" { 38 | vpc_id = aws_vpc.main.id 39 | cidr_block = "10.0.4.0/24" 40 | map_public_ip_on_launch = "false" 41 | availability_zone = "eu-west-1a" 42 | 43 | tags = { 44 | Name = "main-private-1" 45 | } 46 | } 47 | 48 | resource "aws_subnet" "main-private-2" { 49 | vpc_id = aws_vpc.main.id 50 | cidr_block = "10.0.5.0/24" 51 | map_public_ip_on_launch = "false" 52 | availability_zone = "eu-west-1b" 53 | 54 | tags = { 55 | Name = "main-private-2" 56 | } 57 | } 58 | 59 | 60 | # Internet GW 61 | resource "aws_internet_gateway" "main-gw" { 62 | vpc_id = aws_vpc.main.id 63 | 64 | tags = { 65 | Name = "main" 66 | } 67 | } 68 | 69 | # route tables 70 | resource "aws_route_table" "main-public" { 71 | vpc_id = aws_vpc.main.id 72 | route { 73 | cidr_block = "0.0.0.0/0" 74 | gateway_id = aws_internet_gateway.main-gw.id 75 | } 76 | 77 | tags = { 78 | Name = "main-public-1" 79 | } 80 | } 81 | 82 | # route associations public 83 | resource "aws_route_table_association" "main-public-1-a" { 84 | subnet_id = aws_subnet.main-public-1.id 85 | route_table_id = aws_route_table.main-public.id 86 | } 87 | 88 | resource "aws_route_table_association" "main-public-2-a" { 89 | subnet_id = aws_subnet.main-public-2.id 90 | route_table_id = aws_route_table.main-public.id 91 | } -------------------------------------------------------------------------------- /test.txt: -------------------------------------------------------------------------------- 1 | 1234 --------------------------------------------------------------------------------