├── lb2 ├── aws.tf ├── aws-data.tf ├── vars-main.tf ├── data-params-cluster.tf ├── data-eks-cluster.tf ├── aws_iam_policy-lb2.tf ├── notused │ ├── cleanup.sh │ ├── cleanup-man.sh │ └── install.sh ├── null_policy.tf ├── null_post_policy.tf ├── null_destoy.tf ├── helm_loadbalancer.tf └── post-policy.sh ├── .bastion ├── aws.tf ├── aws-data.tf ├── vars-main.tf ├── data-params-net.tf ├── README.md ├── data-eks-vpc.tf ├── sg-rule.tf └── c9.tf ├── extra ├── sampleapp2 │ ├── 2048_ingresses.yaml │ ├── aws.tf │ ├── aws-data.tf │ ├── vars-main.tf │ ├── k8s.tf │ ├── README.md │ ├── subvar.sh │ ├── 2048_namespace1.yml │ ├── 2048_namespace2.yml │ ├── do-app-push.sh │ ├── 2048_service1.yml │ ├── 2048_service2.yml │ ├── deploy-app.sh │ ├── sampleapp-namespace.tf │ ├── delete-app.sh │ ├── 2048_ingress1.yml │ ├── 2048_ingress2.yml │ ├── 2048_deployment-ng1.yml │ ├── 2048_deployment-ng2.yml │ ├── app-setup.sh │ ├── sampleapp-service.tf │ ├── 2048_ingress.yml.orig │ └── sampleapp_ingresses.tf ├── .karpenter │ ├── aws.tf │ ├── aws-data.tf │ ├── vars-main.tf │ ├── data-params-setup.tf │ ├── var-karpenter-version.tf │ ├── data.tf │ ├── templates │ │ ├── bottlerocket-userdata.toml.tpl │ │ └── values.yaml.tpl │ ├── tags.tf │ ├── null-provisioner.tf │ ├── helm.tf │ ├── install.sh │ ├── launch_template.tf │ └── var-karpenter.tf ├── .observability │ ├── aws.tf │ ├── aws-data.tf │ ├── vars-main.tf │ ├── data-params.tf │ └── main.tf ├── eks-cidr2 │ ├── aws.tf │ ├── aws-data.tf │ ├── vars-main.tf │ ├── data-params-net.tf │ ├── data-params-cluster.tf │ ├── data-eks-cluster.tf │ ├── data-subnet-p.tf │ ├── reannotate-nodes.sh │ └── null-cidr.tf ├── fargate │ ├── aws.tf │ ├── aws-data.tf │ ├── vars-main.tf │ ├── data-params-net.tf │ ├── data-params-setup.tf │ ├── data-params-cluster.tf │ ├── data-eks-cluster.tf │ ├── logging-policy.tf │ ├── data-subnet-i.tf │ ├── logging-permissions.json │ ├── fargate_profile.tf │ └── fargate-execution-role.tf ├── fargateapp │ ├── aws.tf │ ├── aws-data.tf │ ├── vars-main.tf │ ├── k8s.tf │ ├── sampleapp-namespace.tf │ ├── cli-test.sh │ ├── sampleapp-service.tf │ ├── README.md │ ├── configmap-logging.tf │ └── sampleapp-deployment.tf ├── nodeg2 │ ├── aws.tf │ ├── aws-data.tf │ ├── vars-main.tf │ ├── data-params-iam.tf │ ├── data-params-net.tf │ ├── data-params-cluster.tf │ ├── data-eks-cluster.tf │ ├── ssm-param-ami.tf │ ├── launch_template.tf │ ├── user_data.tf │ ├── outputs.tf │ └── nodeg2.tf ├── .app-mesh │ ├── aws-data.tf │ ├── data-eks-cluster.tf │ ├── appmesh-system-namespace.tf │ ├── k8s.tf │ ├── aws_iam_policy-appmesh.tf │ ├── null_policy.tf │ ├── null_post_policy.tf │ ├── null_destoy.tf │ ├── helm_loadbalancer.tf │ └── aws.tf └── .karpenter-provisioner │ ├── 01-provisioner.sh │ ├── 02-workload.sh │ └── annotate.sh ├── tf-setup ├── aws.tf ├── aws-data.tf ├── vars-main.tf ├── dot-terraform.rc ├── generated │ ├── backend-iam.tf │ ├── backend-net.tf │ ├── backend-c9net.tf │ ├── backend-cicd.tf │ ├── backend-cluster.tf │ ├── backend-eks-cidr.tf │ ├── backend-k8scicd.tf │ ├── backend-nodeg.tf │ ├── backend-tf-setup.tf │ ├── backend-sampleapp.tf │ └── data-params.tf ├── kms.tf ├── rand.tf ├── output.tf ├── remotes │ ├── remote-iam.tf.sav │ ├── remote-net.tf.sav │ ├── remote-nodeg.tf.sav │ ├── remote-cluster.tf.sav │ └── remote-tf-setup.tf.sav ├── null_resource.tf ├── dynamodb-tables.tf └── s3-bucket.tf ├── net ├── aws-data.tf ├── .notused │ ├── setup.sh │ └── post-fix-vpc.sh ├── vars-main.tf ├── backend-net.tf ├── data-params-setup.tf ├── aws_security_group__sg-eks-cicd.tf ├── aws_internet_gateway__eks-cicd.tf ├── sg-rules.tf ├── aws_eip__eipalloc-cicd-natgw.tf ├── aws_route_table_association__rtbassoc-i1.tf ├── aws_route_table_association__rtbassoc-i2.tf ├── aws_route_table_association__rtbassoc-i3.tf ├── aws_route_table_association__rtbassoc-p2.tf ├── aws_route_table_association__rtbassoc-p3.tf ├── aws_route_table_association__rtbassoc-p1.tf ├── aws_vpc_ipv4_cidr_block_association__vpc-cidr-assoc.tf ├── aws_nat_gateway__eks-cicd.tf ├── aws_route_table__rtb-p1.tf ├── aws_route_table__rtb-p2.tf ├── aws_route_table__rtb-p3.tf ├── aws_route_table_association__public1.tf ├── aws_route_table_association__private1.tf ├── aws_security_group__allnodes-sg.tf ├── aws_route_table__rtb-isol.tf ├── aws_security_group__cluster-sg.tf ├── aws_vpc__eks-cicd.tf ├── vpc-cluster.tf ├── aws_subnet__eks-cicd-public1.tf ├── aws_subnet__eks-cicd-private1.tf ├── aws_route_table__public1.tf └── aws_route_table__private1.tf ├── c9net ├── aws-data.tf ├── vars-main.tf ├── data-params-net.tf ├── backend-c9net.tf ├── data-defvpc.tf ├── data-cicdvpc.tf ├── data-sg-cicd.tf ├── data-rtb-cicd.tf ├── def-route-add.tf ├── def-peering.tf ├── cicd-peering.tf ├── cicd-route-add.tf ├── sg-rule-def.tf ├── data-sg-c9-instance.tf └── sg-rule-cicd.tf ├── cicd ├── vars-main.tf ├── backend-cicd.tf ├── data-params-net.tf ├── data-params-setup.tf ├── var-karpenter-version.tf ├── data-aws.tf ├── data_kms_alias_s3.tf ├── data_subnet_cicd.tf ├── data-cicdvpc.tf ├── ecr-pull-through.tf ├── data-eks-vpc.tf ├── data-sg-cicd.tf ├── aws_codecommit_repository__eksworkshop-app.tf ├── saved │ ├── get-bucket-name.sh │ ├── aws_ecr_repository__nginx.tf │ ├── aws_ecr_repository__busybox.tf │ ├── aws_ecr_repository__aws-cli.tf │ ├── auth-cicd.sh │ └── aws_ecr_repository__sample-app.tf ├── aws_iam_user.git-user.tf ├── aws_iam_role_policy_attachment__codebuild-eks-cicd-build-app-service-role__CodeBuildBasePolicy-eks-cicd-build-app-eu-west-1.tf ├── aws_iam_role_policy_attachment__codebuild-eks-cicd-build-app-service-role__CodeBuildVpcPolicy-eks-cicd-build-app-eu-west-1.tf ├── aws_iam_role_policy_attachment__AWSCodePipelineServiceRole-eu-west-1-pipe-eksworkshop-app__AWSCodePipelineServiceRole-pipe-eksworkshop-app.tf ├── aws_iam_role_policy_attachment__codebuild-eks-cicd-build-app-service-role__AdministratorAccess.tf ├── null-load_ecr.tf ├── aws_iam_role__codebuild-eks-cicd-build-app-service-role.tf ├── aws_iam_role__AWSCodePipelineServiceRole-pipe-eksworkshop-app.tf ├── load_ecr.sh └── aws_iam_policy__CodeBuildVpcPolicy-eks-cicd-build-app.tf ├── cluster ├── vars-main.tf ├── data-params-iam.tf ├── data-params-net.tf ├── backend-cluster.tf ├── data-params-setup.tf ├── data-aws.tf ├── cni.json ├── data-kms.tf ├── test.sh ├── aws_eks_idp.tf ├── cluster-sg-rule.tf ├── auth.sh ├── aws_eks-addons.tf ├── null_resource.tf ├── aws_eks_cluster__cluster.tf ├── aws_iam_openid_connect_provider.tf.sav └── ssm-params-cluster.tf ├── iam ├── vars-main.tf ├── backend-iam.tf ├── data-params-setup.tf ├── aws_key_pair__eksworkshop.tf ├── aws_iam_role_policy_attachment__cluster-ServiceRole-AmazonEKSClusterPolicy.tf ├── aws_iam_role_policy_attachment__nodegroup-NodeInstanceRole-AmazonEKSWorkerNodePolicy.tf ├── aws_iam_role_policy_attachment__nodegroup-NodeInstanceRole-CloudWatchAgentServerPolicy.tf ├── aws_iam_role_policy_attachment__cluster-ServiceRole-AmazonEKSVPCResourceController.tf ├── aws_iam_role_policy_attachment__nodegroup-NodeInstanceRole-AmazonEKS_CNI_Policy.tf ├── aws_iam_role_policy_attachment__nodegroup-NodeInstanceRole-AmazonSSMManagedInstanceCore.tf ├── aws_iam_role_policy_attachment__nodegroup-NodeInstanceRole-AmazonEC2ContainerRegistryReadOnly.tf ├── aws_iam_role_policy__cluster-ServiceRole__PolicyCloudWatchMetrics.tf ├── aws_iam_role_policy__cluster-ServiceRole-PolicyELBPermissions.tf ├── aws_iam_role_policy__nodegroup-NodeInstanceRole-PolicyEFS.tf ├── aws_iam_role_policy__nodegroup-NodeInstanceRole-PolicyCertManagerGetChange.tf ├── aws_iam_role__cluster-ServiceRole.tf ├── aws_iam_role__nodegroup-NodeInstanceRole.tf ├── aws_iam_role_policy__nodegroup-NodeInstanceRole-PolicyCertManagerHostedZones.tf ├── aws_iam_role_policy__nodegroup-NodeInstanceRole-PolicyCertManagerChangeSet.tf ├── ssm-params-iam.tf ├── aws_iam_role_policy__nodegroup-NodeInstanceRole-PolicyEFSEC2.tf ├── aws_iam_role_policy__nodegroup-NodeInstanceRole-PolicyAutoScaling.tf └── aws_iam_role_policy__nodegroup-NodeInstanceRole-PolicyEBS.tf ├── nodeg ├── vars-main.tf ├── data-params-iam.tf ├── data-params-net.tf ├── vars-dynamodb.tf.sav ├── backend-nodeg.tf ├── data-params-setup.tf ├── data-params-cluster.tf ├── data-aws.tf ├── data-eks-cluster.tf ├── ssm-param-ami.tf ├── data-subnet-i.tf ├── null_resource.tf ├── auth-cicd.sh ├── aws_eks-addons.tf.sav ├── reannotate-nodes.sh ├── user_data.tf ├── c9-auth.sh ├── null_annotate.tf ├── outputs.tf ├── launch_template.tf └── aws_eks_node_group_ng1.tf ├── sampleapp ├── vars-main.tf ├── vars-dynamodb.tf.sav ├── backend-sampleapp.tf ├── notused │ ├── deploy-ingress.sh │ ├── subvar.sh │ ├── 2048_namespace.yml │ ├── delete-ingress.sh │ ├── deploy-app.sh │ ├── 2048_service.yml │ ├── delete-app.sh │ ├── auth-cicd.sh │ ├── null-auth-cicd.tf │ ├── 2048_ingress.yml │ └── 2048_deployment.yml ├── k8s.tf ├── do-app-push.sh ├── sampleapp-namespace.tf ├── cleanup.sh ├── README.md ├── sampleapp-service.tf ├── null-cleanup.tf ├── app-setup.sh └── sampleapp-ingress.tf ├── primer ├── .gitignore ├── challenge-1 │ ├── data-vpc.tf │ ├── data-sg-def.tf │ ├── data-sg-10-1.tf │ ├── data-vpc-10-1.tf │ ├── vars.tf │ ├── outputs.tf │ ├── data-subnet.tf │ ├── data-instance.tf │ ├── data-instance-10-1.tf │ ├── data-subnet-priv-10-1.tf │ ├── rt-entries.tf │ ├── def-rtb.tf │ ├── data_mytgw.tf │ ├── rt-entries-10-1.tf │ ├── rtb-10-1.tf │ ├── aws.tf │ ├── mysgingress-icmp.tf │ ├── mysg10ingress-icmp.tf │ ├── deftgw-attach.tf │ └── labsol.sh ├── tflab2 │ ├── az.tf │ ├── mysg.tf │ ├── my-eip.tf │ ├── user_data.sh │ ├── igw.tf │ ├── nat_gateway.tf │ ├── my-pubrtassociation.tf │ ├── my-privrtassociation.tf │ ├── variables.tf │ ├── ami.tf │ ├── vpc.tf │ ├── mysgrule-egress-all.tf │ ├── mysgingress-80.tf │ ├── aws.tf │ ├── mysgingress-icmp.tf │ ├── rtb2-igw.tf │ ├── rtb1-natgw-tgw.tf │ └── subnets.tf ├── tflab1-complete │ ├── az.tf │ ├── my-eip.tf │ ├── vpc-192.168.tf │ ├── aws.tf │ └── subnets.tf ├── autogen-tf.sh └── tflab1 │ └── aws.tf ├── .DS_Store ├── .notused ├── eks-cidr │ ├── data-aws.tf │ ├── data-eks-cluster.tf │ ├── .notused │ │ ├── data-vpc-cicd.tf │ │ ├── reannotate-nodes.sh │ │ └── start-node.sh │ ├── data-subnet-i.tf │ ├── null-cidr.tf │ └── cni-cycle-nodes.sh ├── addons │ ├── cni.json │ ├── aws_eks-addons2.tf.sav │ └── aws_eks-addons.tf ├── c9-stack │ └── cycle.sh ├── trust.json ├── switch.sh ├── resize-osdisk.sh └── iam-profile.sh ├── git ├── cleanup.sh └── test.sh ├── common-files ├── aws-data.tf ├── var-karpenter-version.tf ├── data-params-iam.tf ├── data-params-cluster.tf ├── data-params-setup.tf ├── vars-main.tf └── aws.tf ├── CODE_OF_CONDUCT.md ├── Dockerfile ├── .aws-staff ├── docker-push.sh ├── build-all.sh ├── test-primer.sh ├── build-to-nodeg.sh └── destroy-everything.sh ├── README.md ├── LICENSE ├── .gitignore └── check /lb2/aws.tf: -------------------------------------------------------------------------------- 1 | ../common-files/aws.tf -------------------------------------------------------------------------------- /.bastion/aws.tf: -------------------------------------------------------------------------------- 1 | ../common-files/aws.tf -------------------------------------------------------------------------------- /extra/sampleapp2/2048_ingresses.yaml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tf-setup/aws.tf: -------------------------------------------------------------------------------- 1 | ../common-files/aws.tf -------------------------------------------------------------------------------- /lb2/aws-data.tf: -------------------------------------------------------------------------------- 1 | ../common-files/aws-data.tf -------------------------------------------------------------------------------- /net/aws-data.tf: -------------------------------------------------------------------------------- 1 | ../common-files/aws-data.tf -------------------------------------------------------------------------------- /.bastion/aws-data.tf: -------------------------------------------------------------------------------- 1 | ../common-files/aws-data.tf -------------------------------------------------------------------------------- /c9net/aws-data.tf: -------------------------------------------------------------------------------- 1 | ../common-files/aws-data.tf -------------------------------------------------------------------------------- /c9net/vars-main.tf: -------------------------------------------------------------------------------- 1 | ../common-files/vars-main.tf -------------------------------------------------------------------------------- /cicd/vars-main.tf: -------------------------------------------------------------------------------- 1 | ../common-files/vars-main.tf -------------------------------------------------------------------------------- /cluster/vars-main.tf: -------------------------------------------------------------------------------- 1 | ../common-files/vars-main.tf -------------------------------------------------------------------------------- /extra/.karpenter/aws.tf: -------------------------------------------------------------------------------- 1 | ../../common-files/aws.tf -------------------------------------------------------------------------------- /extra/.observability/aws.tf: -------------------------------------------------------------------------------- 1 | ../../tf-setup/aws.tf -------------------------------------------------------------------------------- /extra/eks-cidr2/aws.tf: -------------------------------------------------------------------------------- 1 | ../../common-files/aws.tf -------------------------------------------------------------------------------- /extra/fargate/aws.tf: -------------------------------------------------------------------------------- 1 | ../../common-files/aws.tf -------------------------------------------------------------------------------- /extra/fargateapp/aws.tf: -------------------------------------------------------------------------------- 1 | ../../common-files/aws.tf -------------------------------------------------------------------------------- /extra/nodeg2/aws.tf: -------------------------------------------------------------------------------- 1 | ../../common-files/aws.tf -------------------------------------------------------------------------------- /extra/sampleapp2/aws.tf: -------------------------------------------------------------------------------- 1 | ../../common-files/aws.tf -------------------------------------------------------------------------------- /iam/vars-main.tf: -------------------------------------------------------------------------------- 1 | ../common-files/vars-main.tf -------------------------------------------------------------------------------- /lb2/vars-main.tf: -------------------------------------------------------------------------------- 1 | ../common-files/vars-main.tf -------------------------------------------------------------------------------- /net/.notused/setup.sh: -------------------------------------------------------------------------------- 1 | init/gen-backend.sh 2 | -------------------------------------------------------------------------------- /net/vars-main.tf: -------------------------------------------------------------------------------- 1 | ../common-files/vars-main.tf -------------------------------------------------------------------------------- /nodeg/vars-main.tf: -------------------------------------------------------------------------------- 1 | ../common-files/vars-main.tf -------------------------------------------------------------------------------- /tf-setup/aws-data.tf: -------------------------------------------------------------------------------- 1 | ../common-files/aws-data.tf -------------------------------------------------------------------------------- /.bastion/vars-main.tf: -------------------------------------------------------------------------------- 1 | ../common-files/vars-main.tf -------------------------------------------------------------------------------- /extra/.app-mesh/aws-data.tf: -------------------------------------------------------------------------------- 1 | ../../tf-setup/aws-data.tf -------------------------------------------------------------------------------- /sampleapp/vars-main.tf: -------------------------------------------------------------------------------- 1 | ../common-files/vars-main.tf -------------------------------------------------------------------------------- /tf-setup/vars-main.tf: -------------------------------------------------------------------------------- 1 | ../common-files/vars-main.tf -------------------------------------------------------------------------------- /c9net/data-params-net.tf: -------------------------------------------------------------------------------- 1 | ../common-files/data-params-net.tf -------------------------------------------------------------------------------- /cicd/backend-cicd.tf: -------------------------------------------------------------------------------- 1 | ../tf-setup/generated/backend-cicd.tf -------------------------------------------------------------------------------- /cicd/data-params-net.tf: -------------------------------------------------------------------------------- 1 | ../common-files/data-params-net.tf -------------------------------------------------------------------------------- /extra/.karpenter/aws-data.tf: -------------------------------------------------------------------------------- 1 | ../../common-files/aws-data.tf -------------------------------------------------------------------------------- /extra/.observability/aws-data.tf: -------------------------------------------------------------------------------- 1 | ../../tf-setup/aws-data.tf -------------------------------------------------------------------------------- /extra/eks-cidr2/aws-data.tf: -------------------------------------------------------------------------------- 1 | ../../common-files/aws-data.tf -------------------------------------------------------------------------------- /extra/fargate/aws-data.tf: -------------------------------------------------------------------------------- 1 | ../../common-files/aws-data.tf -------------------------------------------------------------------------------- /extra/fargate/vars-main.tf: -------------------------------------------------------------------------------- 1 | ../../common-files/vars-main.tf -------------------------------------------------------------------------------- /extra/fargateapp/aws-data.tf: -------------------------------------------------------------------------------- 1 | ../../common-files/aws-data.tf -------------------------------------------------------------------------------- /extra/nodeg2/aws-data.tf: -------------------------------------------------------------------------------- 1 | ../../common-files/aws-data.tf -------------------------------------------------------------------------------- /extra/nodeg2/vars-main.tf: -------------------------------------------------------------------------------- 1 | ../../common-files/vars-main.tf -------------------------------------------------------------------------------- /extra/sampleapp2/aws-data.tf: -------------------------------------------------------------------------------- 1 | ../../common-files/aws-data.tf -------------------------------------------------------------------------------- /iam/backend-iam.tf: -------------------------------------------------------------------------------- 1 | ../tf-setup/generated/backend-iam.tf -------------------------------------------------------------------------------- /net/backend-net.tf: -------------------------------------------------------------------------------- 1 | ../tf-setup/generated/backend-net.tf -------------------------------------------------------------------------------- /nodeg/data-params-iam.tf: -------------------------------------------------------------------------------- 1 | ../common-files/data-params-iam.tf -------------------------------------------------------------------------------- /nodeg/data-params-net.tf: -------------------------------------------------------------------------------- 1 | ../common-files/data-params-net.tf -------------------------------------------------------------------------------- /nodeg/vars-dynamodb.tf.sav: -------------------------------------------------------------------------------- 1 | ../tf-setup/vars-dynamodb.tf -------------------------------------------------------------------------------- /sampleapp/vars-dynamodb.tf.sav: -------------------------------------------------------------------------------- 1 | ../tf-setup/vars-dynamodb.tf -------------------------------------------------------------------------------- /.bastion/data-params-net.tf: -------------------------------------------------------------------------------- 1 | ../common-files/data-params-net.tf -------------------------------------------------------------------------------- /c9net/backend-c9net.tf: -------------------------------------------------------------------------------- 1 | ../tf-setup/generated/backend-c9net.tf -------------------------------------------------------------------------------- /cicd/data-params-setup.tf: -------------------------------------------------------------------------------- 1 | ../common-files/data-params-setup.tf -------------------------------------------------------------------------------- /cluster/data-params-iam.tf: -------------------------------------------------------------------------------- 1 | ../common-files/data-params-iam.tf -------------------------------------------------------------------------------- /cluster/data-params-net.tf: -------------------------------------------------------------------------------- 1 | ../common-files/data-params-net.tf -------------------------------------------------------------------------------- /extra/.karpenter/vars-main.tf: -------------------------------------------------------------------------------- 1 | ../../common-files/vars-main.tf -------------------------------------------------------------------------------- /extra/.observability/vars-main.tf: -------------------------------------------------------------------------------- 1 | ../../tf-setup/vars-main.tf -------------------------------------------------------------------------------- /extra/eks-cidr2/vars-main.tf: -------------------------------------------------------------------------------- 1 | ../../common-files/vars-main.tf -------------------------------------------------------------------------------- /extra/fargateapp/vars-main.tf: -------------------------------------------------------------------------------- 1 | ../../common-files/vars-main.tf -------------------------------------------------------------------------------- /extra/sampleapp2/vars-main.tf: -------------------------------------------------------------------------------- 1 | ../../common-files/vars-main.tf -------------------------------------------------------------------------------- /iam/data-params-setup.tf: -------------------------------------------------------------------------------- 1 | ../common-files/data-params-setup.tf -------------------------------------------------------------------------------- /net/data-params-setup.tf: -------------------------------------------------------------------------------- 1 | ../common-files/data-params-setup.tf -------------------------------------------------------------------------------- /nodeg/backend-nodeg.tf: -------------------------------------------------------------------------------- 1 | ../tf-setup/generated/backend-nodeg.tf -------------------------------------------------------------------------------- /nodeg/data-params-setup.tf: -------------------------------------------------------------------------------- 1 | ../common-files/data-params-setup.tf -------------------------------------------------------------------------------- /cluster/backend-cluster.tf: -------------------------------------------------------------------------------- 1 | ../tf-setup/generated/backend-cluster.tf -------------------------------------------------------------------------------- /cluster/data-params-setup.tf: -------------------------------------------------------------------------------- 1 | ../common-files/data-params-setup.tf -------------------------------------------------------------------------------- /extra/nodeg2/data-params-iam.tf: -------------------------------------------------------------------------------- 1 | ../../common-files/data-params-iam.tf -------------------------------------------------------------------------------- /extra/nodeg2/data-params-net.tf: -------------------------------------------------------------------------------- 1 | ../../common-files/data-params-net.tf -------------------------------------------------------------------------------- /lb2/data-params-cluster.tf: -------------------------------------------------------------------------------- 1 | ../common-files/data-params-cluster.tf -------------------------------------------------------------------------------- /nodeg/data-params-cluster.tf: -------------------------------------------------------------------------------- 1 | ../common-files/data-params-cluster.tf -------------------------------------------------------------------------------- /primer/.gitignore: -------------------------------------------------------------------------------- 1 | .terraform 2 | terraform* 3 | test/.terraform 4 | -------------------------------------------------------------------------------- /cicd/var-karpenter-version.tf: -------------------------------------------------------------------------------- 1 | ../common-files/var-karpenter-version.tf -------------------------------------------------------------------------------- /extra/eks-cidr2/data-params-net.tf: -------------------------------------------------------------------------------- 1 | ../../common-files/data-params-net.tf -------------------------------------------------------------------------------- /extra/fargate/data-params-net.tf: -------------------------------------------------------------------------------- 1 | ../../common-files/data-params-net.tf -------------------------------------------------------------------------------- /extra/fargate/data-params-setup.tf: -------------------------------------------------------------------------------- 1 | ../../common-files/data-params-setup.tf -------------------------------------------------------------------------------- /sampleapp/backend-sampleapp.tf: -------------------------------------------------------------------------------- 1 | ../tf-setup/generated/backend-sampleapp.tf -------------------------------------------------------------------------------- /c9net/data-defvpc.tf: -------------------------------------------------------------------------------- 1 | data "aws_vpc" "vpc-default" { 2 | default = true 3 | } -------------------------------------------------------------------------------- /extra/.karpenter/data-params-setup.tf: -------------------------------------------------------------------------------- 1 | ../../common-files/data-params-setup.tf -------------------------------------------------------------------------------- /extra/.observability/data-params.tf: -------------------------------------------------------------------------------- 1 | ../../tf-setup/generated/data-params.tf -------------------------------------------------------------------------------- /extra/fargate/data-params-cluster.tf: -------------------------------------------------------------------------------- 1 | ../../common-files/data-params-cluster.tf -------------------------------------------------------------------------------- /extra/nodeg2/data-params-cluster.tf: -------------------------------------------------------------------------------- 1 | ../../common-files/data-params-cluster.tf -------------------------------------------------------------------------------- /sampleapp/notused/deploy-ingress.sh: -------------------------------------------------------------------------------- 1 | kubectl apply -f 2048_ingress.yml 2 | -------------------------------------------------------------------------------- /extra/eks-cidr2/data-params-cluster.tf: -------------------------------------------------------------------------------- 1 | ../../common-files/data-params-cluster.tf -------------------------------------------------------------------------------- /sampleapp/k8s.tf: -------------------------------------------------------------------------------- 1 | provider "kubernetes" { 2 | config_path = "~/.kube/config" 3 | } -------------------------------------------------------------------------------- /tf-setup/dot-terraform.rc: -------------------------------------------------------------------------------- 1 | plugin_cache_dir = "$HOME/.terraform.d/plugin-cache" -------------------------------------------------------------------------------- /.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-eks-code/HEAD/.DS_Store -------------------------------------------------------------------------------- /extra/.karpenter/var-karpenter-version.tf: -------------------------------------------------------------------------------- 1 | ../../common-files/var-karpenter-version.tf -------------------------------------------------------------------------------- /primer/challenge-1/data-vpc.tf: -------------------------------------------------------------------------------- 1 | data "aws_vpc" "dvpc" { 2 | default = true 3 | } 4 | -------------------------------------------------------------------------------- /cicd/data-aws.tf: -------------------------------------------------------------------------------- 1 | data "aws_region" "current" {} 2 | data "aws_caller_identity" "current" {} -------------------------------------------------------------------------------- /cicd/data_kms_alias_s3.tf: -------------------------------------------------------------------------------- 1 | data "aws_kms_alias" "s3" { 2 | name = "alias/aws/s3" 3 | } 4 | -------------------------------------------------------------------------------- /cluster/data-aws.tf: -------------------------------------------------------------------------------- 1 | data "aws_region" "current" {} 2 | data "aws_caller_identity" "current" {} -------------------------------------------------------------------------------- /extra/sampleapp2/k8s.tf: -------------------------------------------------------------------------------- 1 | provider "kubernetes" { 2 | config_path = "~/.kube/config" 3 | } -------------------------------------------------------------------------------- /nodeg/data-aws.tf: -------------------------------------------------------------------------------- 1 | data "aws_region" "current" {} 2 | data "aws_caller_identity" "current" {} -------------------------------------------------------------------------------- /primer/tflab2/az.tf: -------------------------------------------------------------------------------- 1 | data "aws_availability_zones" "az" { 2 | state = "available" 3 | } 4 | -------------------------------------------------------------------------------- /cluster/cni.json: -------------------------------------------------------------------------------- 1 | { 2 | "env":{ 3 | "AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG": "true" 4 | } 5 | } -------------------------------------------------------------------------------- /extra/sampleapp2/README.md: -------------------------------------------------------------------------------- 1 | kubectl describe deployment -n kube-system aws-load-balancer-controller -------------------------------------------------------------------------------- /primer/challenge-1/data-sg-def.tf: -------------------------------------------------------------------------------- 1 | data "aws_security_group" "defsg" { 2 | id = var.sgid 3 | } -------------------------------------------------------------------------------- /.notused/eks-cidr/data-aws.tf: -------------------------------------------------------------------------------- 1 | data "aws_region" "current" {} 2 | data "aws_caller_identity" "current" {} -------------------------------------------------------------------------------- /primer/challenge-1/data-sg-10-1.tf: -------------------------------------------------------------------------------- 1 | data "aws_security_group" "sg_10_1" { 2 | id = var.sgid_10_1 3 | } -------------------------------------------------------------------------------- /primer/tflab1-complete/az.tf: -------------------------------------------------------------------------------- 1 | data "aws_availability_zones" "az" { 2 | state = "available" 3 | } 4 | -------------------------------------------------------------------------------- /extra/sampleapp2/subvar.sh: -------------------------------------------------------------------------------- 1 | sed 's/\ACCOUNT_ID'"/$ACCOUNT_ID/g" | \ 2 | sed 's/\AWS_REGION'"/$AWS_REGION/g" -------------------------------------------------------------------------------- /primer/challenge-1/data-vpc-10-1.tf: -------------------------------------------------------------------------------- 1 | data "aws_vpc" "vpc-10-1" { 2 | cidr_block = "10.1.0.0/16" 3 | } 4 | -------------------------------------------------------------------------------- /sampleapp/notused/subvar.sh: -------------------------------------------------------------------------------- 1 | sed 's/\ACCOUNT_ID'"/$ACCOUNT_ID/g" | \ 2 | sed 's/\AWS_REGION'"/$AWS_REGION/g" -------------------------------------------------------------------------------- /tf-setup/generated/backend-iam.tf: -------------------------------------------------------------------------------- 1 | # Will be populated by gen-backend.sh - called by null_resource.gen_backend -------------------------------------------------------------------------------- /tf-setup/generated/backend-net.tf: -------------------------------------------------------------------------------- 1 | # Will be populated by gen-backend.sh - called by null_resource.gen_backend -------------------------------------------------------------------------------- /.notused/addons/cni.json: -------------------------------------------------------------------------------- 1 | { 2 | "env":{ 3 | "AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG": "true" 4 | } 5 | 6 | 7 | } -------------------------------------------------------------------------------- /tf-setup/generated/backend-c9net.tf: -------------------------------------------------------------------------------- 1 | # Will be populated by gen-backend.sh - called by null_resource.gen_backend -------------------------------------------------------------------------------- /tf-setup/generated/backend-cicd.tf: -------------------------------------------------------------------------------- 1 | # Will be populated by gen-backend.sh - called by null_resource.gen_backend -------------------------------------------------------------------------------- /tf-setup/generated/backend-cluster.tf: -------------------------------------------------------------------------------- 1 | # Will be populated by gen-backend.sh - called by null_resource.gen_backend -------------------------------------------------------------------------------- /tf-setup/generated/backend-eks-cidr.tf: -------------------------------------------------------------------------------- 1 | # Will be populated by gen-backend.sh - called by null_resource.gen_backend -------------------------------------------------------------------------------- /tf-setup/generated/backend-k8scicd.tf: -------------------------------------------------------------------------------- 1 | # Will be populated by gen-backend.sh - called by null_resource.gen_backend -------------------------------------------------------------------------------- /tf-setup/generated/backend-nodeg.tf: -------------------------------------------------------------------------------- 1 | # Will be populated by gen-backend.sh - called by null_resource.gen_backend -------------------------------------------------------------------------------- /tf-setup/generated/backend-tf-setup.tf: -------------------------------------------------------------------------------- 1 | # Will be populated by gen-backend.sh - called by null_resource.gen_backend -------------------------------------------------------------------------------- /cluster/data-kms.tf: -------------------------------------------------------------------------------- 1 | data "aws_kms_key" "ekskey" { 2 | 3 | key_id = data.aws_ssm_parameter.tf-eks-keyid.value 4 | } -------------------------------------------------------------------------------- /tf-setup/generated/backend-sampleapp.tf: -------------------------------------------------------------------------------- 1 | # Will be populated by gen-backend.sh - called by null_resource.gen_backend -------------------------------------------------------------------------------- /extra/sampleapp2/2048_namespace1.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: game1-2048 6 | -------------------------------------------------------------------------------- /extra/sampleapp2/2048_namespace2.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: game2-2048 6 | -------------------------------------------------------------------------------- /sampleapp/notused/2048_namespace.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: game-2048 6 | -------------------------------------------------------------------------------- /primer/challenge-1/vars.tf: -------------------------------------------------------------------------------- 1 | variable "rtbid" {} 2 | variable "rtbid_10_1" {} 3 | variable "sgid" {} 4 | variable "sgid_10_1" {} -------------------------------------------------------------------------------- /extra/fargateapp/k8s.tf: -------------------------------------------------------------------------------- 1 | 2 | provider "kubernetes" { 3 | # Configuration options 4 | config_path = "~/.kube/config" 5 | } -------------------------------------------------------------------------------- /primer/challenge-1/outputs.tf: -------------------------------------------------------------------------------- 1 | #output "vpc_security_group_id" { 2 | # value = data.aws_instance.c9.vpc_security_group_ids 3 | #} -------------------------------------------------------------------------------- /git/cleanup.sh: -------------------------------------------------------------------------------- 1 | aws iam delete-user --user-name git-user 2 | aws codecommit delete-repository --repository-name eksworkshop-app 3 | 4 | 5 | -------------------------------------------------------------------------------- /lb2/data-eks-cluster.tf: -------------------------------------------------------------------------------- 1 | data "aws_eks_cluster" "eks_cluster" { 2 | name = nonsensitive(data.aws_ssm_parameter.cluster-name.value) 3 | } 4 | 5 | -------------------------------------------------------------------------------- /cicd/data_subnet_cicd.tf: -------------------------------------------------------------------------------- 1 | data "aws_subnet" "cicd" { 2 | 3 | filter { 4 | name = "tag:workshop" 5 | values = ["cicd-private1"] 6 | } 7 | } -------------------------------------------------------------------------------- /extra/nodeg2/data-eks-cluster.tf: -------------------------------------------------------------------------------- 1 | data "aws_eks_cluster" "eks_cluster" { 2 | name = nonsensitive(data.aws_ssm_parameter.cluster-name.value) 3 | } 4 | -------------------------------------------------------------------------------- /primer/challenge-1/data-subnet.tf: -------------------------------------------------------------------------------- 1 | data "aws_subnet" "c9subnet" { 2 | id = data.aws_instance.c9.subnet_id 3 | vpc_id = data.aws_vpc.dvpc.id 4 | } -------------------------------------------------------------------------------- /extra/fargate/data-eks-cluster.tf: -------------------------------------------------------------------------------- 1 | data "aws_eks_cluster" "eks_cluster" { 2 | name = nonsensitive(data.aws_ssm_parameter.cluster-name.value) 3 | } 4 | 5 | -------------------------------------------------------------------------------- /nodeg/data-eks-cluster.tf: -------------------------------------------------------------------------------- 1 | data "aws_eks_cluster" "eks_cluster" { 2 | name = nonsensitive(data.aws_ssm_parameter.cluster-name.value) 3 | } 4 | 5 | 6 | -------------------------------------------------------------------------------- /primer/challenge-1/data-instance.tf: -------------------------------------------------------------------------------- 1 | data "aws_instance" "c9" { 2 | filter { 3 | name = "vpc-id" 4 | values = [data.aws_vpc.dvpc.id] 5 | } 6 | } -------------------------------------------------------------------------------- /.notused/eks-cidr/data-eks-cluster.tf: -------------------------------------------------------------------------------- 1 | data "aws_eks_cluster" "eks_cluster" { 2 | name = data.terraform_remote_state.cluster.outputs.cluster-name 3 | } 4 | 5 | -------------------------------------------------------------------------------- /cicd/data-cicdvpc.tf: -------------------------------------------------------------------------------- 1 | data "aws_vpc" "cicd" { 2 | default = false 3 | filter { 4 | name = "tag:workshop" 5 | values = ["eks-cicd"] 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /extra/.app-mesh/data-eks-cluster.tf: -------------------------------------------------------------------------------- 1 | data "aws_eks_cluster" "eks_cluster" { 2 | name = data.terraform_remote_state.cluster.outputs.cluster-name 3 | } 4 | 5 | -------------------------------------------------------------------------------- /extra/eks-cidr2/data-eks-cluster.tf: -------------------------------------------------------------------------------- 1 | data "aws_eks_cluster" "eks_cluster" { 2 | name = nonsensitive(data.aws_ssm_parameter.cluster-name.value) 3 | } 4 | 5 | -------------------------------------------------------------------------------- /.notused/eks-cidr/.notused/data-vpc-cicd.tf: -------------------------------------------------------------------------------- 1 | data "aws_vpc" "vpc-cicd" { 2 | filter { 3 | name = "tag:workshop" 4 | values = ["eks-cicd"] 5 | } 6 | } 7 | -------------------------------------------------------------------------------- /sampleapp/do-app-push.sh: -------------------------------------------------------------------------------- 1 | # envoke 2 | cd eksworkshop-app 3 | cp ../*.tf . 4 | cp ../buildspec.yml . 5 | git add --all && git commit -m "Initial commit." && git push 6 | -------------------------------------------------------------------------------- /cicd/ecr-pull-through.tf: -------------------------------------------------------------------------------- 1 | resource "aws_ecr_pull_through_cache_rule" "aws" { 2 | ecr_repository_prefix = "aws" 3 | upstream_registry_url = "public.ecr.aws" 4 | } 5 | 6 | -------------------------------------------------------------------------------- /common-files/aws-data.tf: -------------------------------------------------------------------------------- 1 | data "aws_region" "current" {} 2 | data "aws_caller_identity" "current" {} 3 | data "aws_availability_zones" "az" { 4 | state = "available" 5 | } -------------------------------------------------------------------------------- /extra/sampleapp2/do-app-push.sh: -------------------------------------------------------------------------------- 1 | # envoke 2 | cd eksworkshop-app 3 | cp ../*.yml . 4 | cp ../subvar.sh . 5 | git add --all && git commit -m "Initial commit." && git push 6 | -------------------------------------------------------------------------------- /.notused/c9-stack/cycle.sh: -------------------------------------------------------------------------------- 1 | aws cloudformation delete-stack --stack-name mytest 2 | sleep 4 3 | aws cloudformation create-stack --template-body file://c9.json --stack-name mytest -------------------------------------------------------------------------------- /primer/challenge-1/data-instance-10-1.tf: -------------------------------------------------------------------------------- 1 | data "aws_instance" "instance-10-1" { 2 | filter { 3 | name = "vpc-id" 4 | values = [data.aws_vpc.vpc-10-1.id] 5 | } 6 | } -------------------------------------------------------------------------------- /primer/tflab1-complete/my-eip.tf: -------------------------------------------------------------------------------- 1 | resource "aws_eip" "my-eip" { 2 | public_ipv4_pool = "amazon" 3 | tags = {} 4 | domain = "vpc" 5 | timeouts {} 6 | } -------------------------------------------------------------------------------- /common-files/var-karpenter-version.tf: -------------------------------------------------------------------------------- 1 | variable "karpenter_version" { 2 | description = "Karpenter Version" 3 | default = "0.23.0" 4 | type = string 5 | } 6 | 7 | -------------------------------------------------------------------------------- /primer/tflab2/mysg.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "mysg" { 2 | count = var.mycount 3 | description = "SG-inbound" 4 | vpc_id = aws_vpc.VPC[count.index].id 5 | } 6 | -------------------------------------------------------------------------------- /primer/challenge-1/data-subnet-priv-10-1.tf: -------------------------------------------------------------------------------- 1 | data "aws_subnet" "inst-10-1-subnet" { 2 | id = data.aws_instance.instance-10-1.subnet_id 3 | vpc_id = data.aws_vpc.vpc-10-1.id 4 | } -------------------------------------------------------------------------------- /sampleapp/notused/delete-ingress.sh: -------------------------------------------------------------------------------- 1 | cat 2048_ingress.yml | sed 's=alb.ingress.kubernetes.io/target-type: ip=alb.ingress.kubernetes.io/target-type: instance=g' | kubectl delete -f - 2 | -------------------------------------------------------------------------------- /tf-setup/kms.tf: -------------------------------------------------------------------------------- 1 | resource "aws_kms_key" "ekskey" { 2 | description = format("EKS KMS Key 2 %s", var.cluster-name) 3 | } 4 | 5 | output "keyid" { 6 | value = aws_kms_key.ekskey.key_id 7 | } -------------------------------------------------------------------------------- /nodeg/ssm-param-ami.tf: -------------------------------------------------------------------------------- 1 | data "aws_ssm_parameter" "eksami" { 2 | name = format("/aws/service/eks/optimized-ami/%s/amazon-linux-2/recommended/image_id", data.aws_eks_cluster.eks_cluster.version) 3 | } -------------------------------------------------------------------------------- /primer/tflab2/my-eip.tf: -------------------------------------------------------------------------------- 1 | resource "aws_eip" "my-eip" { 2 | count = var.mycount 3 | public_ipv4_pool = "amazon" 4 | tags = {} 5 | domain = "vpc" 6 | timeouts {} 7 | } 8 | -------------------------------------------------------------------------------- /extra/nodeg2/ssm-param-ami.tf: -------------------------------------------------------------------------------- 1 | data "aws_ssm_parameter" "eksami" { 2 | name = format("/aws/service/eks/optimized-ami/%s/amazon-linux-2/recommended/image_id", data.aws_eks_cluster.eks_cluster.version) 3 | } -------------------------------------------------------------------------------- /tf-setup/rand.tf: -------------------------------------------------------------------------------- 1 | # generate a random id used thoughout this build 2 | resource "random_id" "id1" { 3 | byte_length = 8 4 | } 5 | 6 | output "tfid" { 7 | value = random_id.id1.hex 8 | } 9 | 10 | -------------------------------------------------------------------------------- /sampleapp/notused/deploy-app.sh: -------------------------------------------------------------------------------- 1 | kubectl apply -f 2048_namespace.yml 2 | cat 2048_deployment.yml | ./subvar.sh | kubectl apply -f - 3 | kubectl apply -f 2048_service.yml 4 | kubectl apply -f 2048_ingress.yml 5 | -------------------------------------------------------------------------------- /sampleapp/sampleapp-namespace.tf: -------------------------------------------------------------------------------- 1 | resource "kubernetes_namespace" "game-2048" { 2 | metadata { 3 | name = "game-2048" 4 | } 5 | 6 | timeouts { 7 | delete = "20m" 8 | } 9 | } 10 | 11 | -------------------------------------------------------------------------------- /.bastion/README.md: -------------------------------------------------------------------------------- 1 | No network connectivity! 2 | 3 | ---- 4 | 5 | zip code to public s3 bucket 6 | unzip 7 | 8 | ----- 9 | 10 | provision tfsetup 11 | provision net stuff 12 | provision .bastion 13 | 14 | -------------------------------------------------------------------------------- /cicd/data-eks-vpc.tf: -------------------------------------------------------------------------------- 1 | data "aws_vpc" "eks-vpc" { 2 | default = false 3 | id = data.aws_ssm_parameter.eks-vpc.value 4 | #filter { 5 | # name = "tag:workshop" 6 | # values = ["eks-cicd"] 7 | #} 8 | } -------------------------------------------------------------------------------- /extra/fargateapp/sampleapp-namespace.tf: -------------------------------------------------------------------------------- 1 | resource "kubernetes_namespace" "fargate1" { 2 | metadata { 3 | name = "fargate1" 4 | } 5 | 6 | timeouts { 7 | delete = "20m" 8 | } 9 | } 10 | 11 | -------------------------------------------------------------------------------- /iam/aws_key_pair__eksworkshop.tf: -------------------------------------------------------------------------------- 1 | resource "aws_key_pair" "eksworkshop" { 2 | key_name = format("%s-eksworkshop",data.aws_ssm_parameter.tf-eks-id.value) 3 | public_key = file("~/.ssh/id_rsa.pub") 4 | } 5 | 6 | -------------------------------------------------------------------------------- /.bastion/data-eks-vpc.tf: -------------------------------------------------------------------------------- 1 | data "aws_vpc" "eks-vpc" { 2 | default = false 3 | id = data.aws_ssm_parameter.eks-vpc.value 4 | #filter { 5 | # name = "tag:workshop" 6 | # values = ["eks-cicd"] 7 | #} 8 | } -------------------------------------------------------------------------------- /cluster/test.sh: -------------------------------------------------------------------------------- 1 | # local exec in cluster renders this redundant 2 | resp=$(aws eks describe-cluster --name $1) 3 | endp=$(echo $resp | jq -r .cluster.endpoint | cut -f3 -d'/') 4 | #nslookup $endp 5 | nmap $endp -Pn -p 443 -------------------------------------------------------------------------------- /extra/.karpenter/data.tf: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | 4 | data "aws_eks_cluster" "eks" { 5 | name = var.cluster-name 6 | } 7 | 8 | -------------------------------------------------------------------------------- /c9net/data-cicdvpc.tf: -------------------------------------------------------------------------------- 1 | data "aws_vpc" "vpc-cicd" { 2 | default = false 3 | id = data.aws_ssm_parameter.cicd-vpc.value 4 | #filter { 5 | # name = "tag:workshop" 6 | # values = ["eks-cicd"] 7 | #} 8 | } 9 | -------------------------------------------------------------------------------- /extra/.app-mesh/appmesh-system-namespace.tf: -------------------------------------------------------------------------------- 1 | resource "kubernetes_namespace" "appmesh-system" { 2 | metadata { 3 | name = "appmesh-system" 4 | } 5 | 6 | timeouts { 7 | delete = "20m" 8 | } 9 | } 10 | 11 | -------------------------------------------------------------------------------- /extra/fargateapp/cli-test.sh: -------------------------------------------------------------------------------- 1 | kubectl create deployment demo-app --image=$ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/aws/nginx/nginx -n fargate1 2 | kubectl create deployment demo-app --image=public.ecr.aws/nginx/nginx -n fargate1 -------------------------------------------------------------------------------- /cicd/data-sg-cicd.tf: -------------------------------------------------------------------------------- 1 | data "aws_security_group" "cicd" { 2 | vpc_id = data.aws_vpc.cicd.id 3 | filter { 4 | name = "tag:workshop" 5 | values = ["eks-cicd"] 6 | } 7 | } 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /extra/.app-mesh/k8s.tf: -------------------------------------------------------------------------------- 1 | provider "kubernetes" { 2 | config_path = "~/.kube/config" 3 | } 4 | } 5 | 6 | 7 | provider "helm" { 8 | kubernetes { 9 | config_path = "~/.kube/config" 10 | } 11 | } 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /c9net/data-sg-cicd.tf: -------------------------------------------------------------------------------- 1 | data "aws_security_group" "cicd-sg" { 2 | vpc_id = data.aws_vpc.vpc-cicd.id 3 | filter { 4 | name = "tag:workshop" 5 | values = ["eks-cicd"] 6 | } 7 | } 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /primer/tflab2/user_data.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | yum update -y 3 | curl https://gist.githubusercontent.com/AntonioFeijaoUK/d8533a71e5ecff2971f6859a7be426da/raw/3d0930004b937f6dd7f273021218327b 4 | 7129d609/aws-ec2-userdata-landing-webpage.sh | bash 5 | -------------------------------------------------------------------------------- /c9net/data-rtb-cicd.tf: -------------------------------------------------------------------------------- 1 | data "aws_route_table" "cicd-rtb" { 2 | vpc_id = data.aws_vpc.vpc-cicd.id 3 | filter { 4 | name = "tag:Name" 5 | values = ["rtb-eks-cicd-priv1"] 6 | } 7 | } 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /primer/challenge-1/rt-entries.tf: -------------------------------------------------------------------------------- 1 | resource "aws_route" "route-10-0" { 2 | route_table_id = data.aws_route_table.defrt.id 3 | destination_cidr_block = "10.0.0.0/8" 4 | transit_gateway_id = data.aws_ec2_transit_gateway.mytgw.id 5 | } 6 | 7 | -------------------------------------------------------------------------------- /net/aws_security_group__sg-eks-cicd.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "eks-cicd-sg" { 2 | description = "eks-cicd all" 3 | vpc_id = aws_vpc.vpc-cicd.id 4 | tags = { 5 | "Name" = "eks-cicd-all" 6 | "workshop" = "eks-cicd" 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /primer/challenge-1/def-rtb.tf: -------------------------------------------------------------------------------- 1 | data "aws_route_table" "defrt" { 2 | #subnet_id=data.aws_subnet.c9subnet.id 3 | #filter { 4 | # values = [ data.aws_subnet.c9subnet.id ] 5 | ## name = "association.subnet-id" 6 | #} 7 | route_table_id = var.rtbid 8 | } -------------------------------------------------------------------------------- /primer/challenge-1/data_mytgw.tf: -------------------------------------------------------------------------------- 1 | data "aws_ec2_transit_gateway" "mytgw" { 2 | filter { 3 | name = "options.amazon-side-asn" 4 | values = ["64512"] 5 | } 6 | filter { 7 | name = "state" 8 | values = ["available"] 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /primer/challenge-1/rt-entries-10-1.tf: -------------------------------------------------------------------------------- 1 | resource "aws_route" "route-172-31" { 2 | route_table_id = data.aws_route_table.rtb-10-1.id 3 | destination_cidr_block = "172.31.0.0/16" 4 | transit_gateway_id = data.aws_ec2_transit_gateway.mytgw.id 5 | } 6 | -------------------------------------------------------------------------------- /primer/challenge-1/rtb-10-1.tf: -------------------------------------------------------------------------------- 1 | data "aws_route_table" "rtb-10-1" { 2 | #subnet_id=data.aws_subnet.c9subnet.id 3 | #filter { 4 | # values = [ data.aws_subnet.c9subnet.id ] 5 | ## name = "association.subnet-id" 6 | #} 7 | route_table_id = var.rtbid_10_1 8 | } -------------------------------------------------------------------------------- /cicd/aws_codecommit_repository__eksworkshop-app.tf: -------------------------------------------------------------------------------- 1 | resource "aws_codecommit_repository" "eksworkshop-app" { 2 | repository_name = format("eksworkshop-app-%s",nonsensitive(data.aws_ssm_parameter.tf-eks-id.value)) 3 | description = "This is the Sample App Repository" 4 | } -------------------------------------------------------------------------------- /c9net/def-route-add.tf: -------------------------------------------------------------------------------- 1 | resource "aws_route" "rt-def" { 2 | route_table_id = data.aws_vpc.vpc-default.main_route_table_id 3 | destination_cidr_block = data.aws_ssm_parameter.eks-cidr.value 4 | vpc_peering_connection_id = aws_vpc_peering_connection.def-peer.id 5 | } -------------------------------------------------------------------------------- /primer/tflab2/igw.tf: -------------------------------------------------------------------------------- 1 | # File generated by aws2tf see https://github.com/aws-samples/aws2tf 2 | # aws_internet_gateway.igw-06fcd611034e99d14: 3 | resource "aws_internet_gateway" "myigw" { 4 | count = var.mycount 5 | tags = {} 6 | vpc_id = aws_vpc.VPC[count.index].id 7 | } 8 | -------------------------------------------------------------------------------- /cicd/saved/get-bucket-name.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Exit if any of the intermediate steps fail 3 | set -e 4 | t2=`date +%s%N` 5 | t1=`hostname | cut -f1 -d'.'` 6 | BUCKET_NAME=`printf "codep-tfeks-%s-%s" $t1 $t2 | awk '{print tolower($0)}'` 7 | jq -n --arg bn "$BUCKET_NAME" '{"Name":$bn}' -------------------------------------------------------------------------------- /tf-setup/output.tf: -------------------------------------------------------------------------------- 1 | output "region" { 2 | value = aws_s3_bucket.terraform_state[*].region 3 | description = "The name of the region" 4 | } 5 | 6 | output "s3_bucket" { 7 | value = aws_s3_bucket.terraform_state[*].bucket 8 | description = "The ARN of the S3 bucket" 9 | } -------------------------------------------------------------------------------- /tf-setup/remotes/remote-iam.tf.sav: -------------------------------------------------------------------------------- 1 | data "terraform_remote_state" "iam" { 2 | 3 | backend = "s3" 4 | config = { 5 | bucket = format("tf-state-workshop-%s", var.tfid) 6 | region = data.aws_region.current.name 7 | key = "terraform/terraform_locks_iam.tfstate" 8 | } 9 | } -------------------------------------------------------------------------------- /tf-setup/remotes/remote-net.tf.sav: -------------------------------------------------------------------------------- 1 | data "terraform_remote_state" "net" { 2 | 3 | backend = "s3" 4 | config = { 5 | bucket = format("tf-state-workshop-%s", var.tfid) 6 | region = data.aws_region.current.name 7 | key = "terraform/terraform_locks_net.tfstate" 8 | } 9 | } -------------------------------------------------------------------------------- /tf-setup/remotes/remote-nodeg.tf.sav: -------------------------------------------------------------------------------- 1 | data "terraform_remote_state" "nodeg" { 2 | 3 | backend = "s3" 4 | config = { 5 | bucket = format("tf-state-workshop-%s", var.tfid) 6 | region = data.aws_region.current.name 7 | key = "terraform/terraform_locks_nodeg.tfstate" 8 | } 9 | } -------------------------------------------------------------------------------- /tf-setup/remotes/remote-cluster.tf.sav: -------------------------------------------------------------------------------- 1 | data "terraform_remote_state" "cluster" { 2 | 3 | backend = "s3" 4 | config = { 5 | bucket = format("tf-state-workshop-%s", var.tfid) 6 | region = data.aws_region.current.name 7 | key = "terraform/terraform_locks_cluster.tfstate" 8 | } 9 | } -------------------------------------------------------------------------------- /tf-setup/remotes/remote-tf-setup.tf.sav: -------------------------------------------------------------------------------- 1 | data "terraform_remote_state" "tf-setup" { 2 | backend = "s3" 3 | config = { 4 | bucket = format("tf-state-workshop-%s", var.tfid) 5 | region = data.aws_region.current.name 6 | key = "terraform/terraform_locks_tf-setup.tfstate" 7 | } 8 | } -------------------------------------------------------------------------------- /c9net/def-peering.tf: -------------------------------------------------------------------------------- 1 | resource "aws_vpc_peering_connection" "def-peer" { 2 | peer_vpc_id = data.aws_ssm_parameter.eks-vpc.value 3 | vpc_id = data.aws_vpc.vpc-default.id 4 | auto_accept = true 5 | } 6 | 7 | output "peerid" { 8 | value = aws_vpc_peering_connection.def-peer.id 9 | } 10 | -------------------------------------------------------------------------------- /nodeg/data-subnet-i.tf: -------------------------------------------------------------------------------- 1 | data "aws_subnet" "i1" { 2 | id = data.aws_ssm_parameter.sub-isol1.value 3 | } 4 | 5 | data "aws_subnet" "i2" { 6 | id = data.aws_ssm_parameter.sub-isol2.value 7 | 8 | } 9 | 10 | data "aws_subnet" "i3" { 11 | id = data.aws_ssm_parameter.sub-isol3.value 12 | 13 | } -------------------------------------------------------------------------------- /.notused/trust.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Principal": { 7 | "Service": "ec2.amazonaws.com" 8 | }, 9 | "Action": "sts:AssumeRole" 10 | } 11 | ] 12 | } -------------------------------------------------------------------------------- /c9net/cicd-peering.tf: -------------------------------------------------------------------------------- 1 | resource "aws_vpc_peering_connection" "cicd-peer" { 2 | peer_vpc_id = data.aws_ssm_parameter.eks-vpc.value 3 | vpc_id = data.aws_vpc.vpc-cicd.id 4 | auto_accept = true 5 | } 6 | 7 | output "cicdpeerid" { 8 | value = aws_vpc_peering_connection.cicd-peer.id 9 | } 10 | -------------------------------------------------------------------------------- /extra/fargate/logging-policy.tf: -------------------------------------------------------------------------------- 1 | resource "aws_iam_policy" "eks-fargate-logging-policy" { 2 | name = format("eks-fargate-log-policy-%s",data.aws_ssm_parameter.tf-eks-id.value) 3 | path = "/" 4 | description = "eks-fargate-logging-policy" 5 | policy = file("logging-permissions.json") 6 | } -------------------------------------------------------------------------------- /sampleapp/cleanup.sh: -------------------------------------------------------------------------------- 1 | userid=$(aws iam list-service-specific-credentials --user-name git-user | jq -r .ServiceSpecificCredentials[0].ServiceSpecificCredentialId) 2 | if [ "$userid" != "null" ]; then 3 | aws iam delete-service-specific-credential --service-specific-credential-id $userid --user-name git-user 4 | fi -------------------------------------------------------------------------------- /extra/fargate/data-subnet-i.tf: -------------------------------------------------------------------------------- 1 | data "aws_subnet" "i1" { 2 | id = data.aws_ssm_parameter.sub-isol1.value 3 | } 4 | 5 | data "aws_subnet" "i2" { 6 | id = data.aws_ssm_parameter.sub-isol2.value 7 | 8 | } 9 | 10 | data "aws_subnet" "i3" { 11 | id = data.aws_ssm_parameter.sub-isol3.value 12 | 13 | } -------------------------------------------------------------------------------- /lb2/aws_iam_policy-lb2.tf: -------------------------------------------------------------------------------- 1 | resource "aws_iam_policy" "load-balancer-policy" { 2 | depends_on = [null_resource.policy] 3 | name = "AWSLoadBalancerControllerIAMPolicy" 4 | path = "/" 5 | description = "AWS LoadBalancer Controller IAM Policy" 6 | 7 | policy = file("iam_policy.json") 8 | 9 | } -------------------------------------------------------------------------------- /net/aws_internet_gateway__eks-cicd.tf: -------------------------------------------------------------------------------- 1 | # File generated by aws2tf see https://github.com/aws-samples/aws2tf 2 | # aws_internet_gateway.igw-02c295b01d50c9d3e: 3 | resource "aws_internet_gateway" "igw-02c295b01d50c9d3e" { 4 | tags = { 5 | "Name" = "igw-eks-cicd" 6 | } 7 | vpc_id = aws_vpc.vpc-cicd.id 8 | } 9 | -------------------------------------------------------------------------------- /net/sg-rules.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group_rule" "eks-ssl" { 2 | type = "ingress" 3 | from_port = 443 4 | to_port = 443 5 | protocol = "tcp" 6 | cidr_blocks = [aws_vpc.cluster.cidr_block] 7 | security_group_id = aws_security_group.cluster-sg.id 8 | } 9 | -------------------------------------------------------------------------------- /extra/.app-mesh/aws_iam_policy-appmesh.tf: -------------------------------------------------------------------------------- 1 | resource "aws_iam_policy" "appmesh-policy" { 2 | depends_on = [null_resource.policy] 3 | name = "AWSAppMeshK8sControllerIAMPolicy" 4 | path = "/" 5 | description = "AWS AppMesh Controller IAM Policy" 6 | 7 | policy = file("iam-policy.json") 8 | 9 | } -------------------------------------------------------------------------------- /extra/fargate/logging-permissions.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [{ 4 | "Effect": "Allow", 5 | "Action": [ 6 | "logs:CreateLogStream", 7 | "logs:CreateLogGroup", 8 | "logs:DescribeLogStreams", 9 | "logs:PutLogEvents" 10 | ], 11 | "Resource": "*" 12 | }] 13 | } 14 | -------------------------------------------------------------------------------- /extra/sampleapp2/2048_service1.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | namespace: game1-2048 5 | name: service1-2048 6 | spec: 7 | ports: 8 | - port: 80 9 | targetPort: 80 10 | protocol: TCP 11 | type: NodePort 12 | selector: 13 | app.kubernetes.io/name: app1-2048 14 | -------------------------------------------------------------------------------- /extra/sampleapp2/2048_service2.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | namespace: game2-2048 5 | name: service2-2048 6 | spec: 7 | ports: 8 | - port: 80 9 | targetPort: 80 10 | protocol: TCP 11 | type: NodePort 12 | selector: 13 | app.kubernetes.io/name: app2-2048 14 | -------------------------------------------------------------------------------- /sampleapp/notused/2048_service.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | namespace: game-2048 5 | name: service-2048 6 | spec: 7 | ports: 8 | - port: 80 9 | targetPort: 80 10 | protocol: TCP 11 | type: NodePort 12 | selector: 13 | app.kubernetes.io/name: app-2048 14 | -------------------------------------------------------------------------------- /.bastion/sg-rule.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group_rule" "eks-ssl" { 2 | type = "ingress" 3 | from_port = 443 4 | to_port = 443 5 | protocol = "tcp" 6 | cidr_blocks = [data.aws_vpc.eks-vpc.cidr_block] 7 | security_group_id = data.aws_ssm_parameter.net-cluster-sg.value 8 | } -------------------------------------------------------------------------------- /extra/sampleapp2/deploy-app.sh: -------------------------------------------------------------------------------- 1 | kubectl apply -f 2048_namespace1.yml 2 | kubectl apply -f 2048_namespace2.yml 3 | cat 2048_deployment-ng1.yml | ./subvar.sh | kubectl apply -f - 4 | cat 2048_deployment-ng2.yml | ./subvar.sh | kubectl apply -f - 5 | kubectl apply -f 2048_service1.yml 6 | kubectl apply -f 2048_service2.yml 7 | 8 | -------------------------------------------------------------------------------- /sampleapp/README.md: -------------------------------------------------------------------------------- 1 | kubectl describe deployment -n kube-system aws-load-balancer-controller 2 | 3 | kubectl describe ingress -n game-2048 4 | 5 | kubectl get ingress -A 6 | 7 | Takes about 7minutes to appear in console - 8minutes to be "ready" 8 | 9 | $ nslookup lbdns 10 | $ curl lbdns 11 | 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /extra/.karpenter/templates/bottlerocket-userdata.toml.tpl: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | 4 | [settings.kubernetes] 5 | api-server = "${ cluster_endpoint }" 6 | cluster-certificate = "${ cluster_ca_certificate }" 7 | cluster-name = "${ cluster_name }" -------------------------------------------------------------------------------- /net/aws_eip__eipalloc-cicd-natgw.tf: -------------------------------------------------------------------------------- 1 | # File generated by aws2tf see https://github.com/aws-samples/aws2tf 2 | # aws_eip.eipalloc-052dd24eaa93ed064: 3 | resource "aws_eip" "eipalloc-052dd24eaa93ed064" { 4 | public_ipv4_pool = "amazon" 5 | tags = {} 6 | vpc = true 7 | 8 | timeouts {} 9 | } 10 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | ## Code of Conduct 2 | This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct). 3 | For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact 4 | opensource-codeofconduct@amazon.com with any additional questions or comments. 5 | -------------------------------------------------------------------------------- /net/aws_route_table_association__rtbassoc-i1.tf: -------------------------------------------------------------------------------- 1 | # File generated by aws2tf see https://github.com/aws-samples/aws2tf 2 | # aws_route_table_association.rtbassoc-0b44c68881df61a18: 3 | resource "aws_route_table_association" "rtbassoc-i1" { 4 | route_table_id = aws_route_table.rtb-i.id 5 | subnet_id = aws_subnet.subnet-i1.id 6 | } 7 | -------------------------------------------------------------------------------- /net/aws_route_table_association__rtbassoc-i2.tf: -------------------------------------------------------------------------------- 1 | # File generated by aws2tf see https://github.com/aws-samples/aws2tf 2 | # aws_route_table_association.rtbassoc-049d94408cba62cca: 3 | resource "aws_route_table_association" "rtbassoc-i2" { 4 | route_table_id = aws_route_table.rtb-i.id 5 | subnet_id = aws_subnet.subnet-i2.id 6 | } 7 | -------------------------------------------------------------------------------- /net/aws_route_table_association__rtbassoc-i3.tf: -------------------------------------------------------------------------------- 1 | # File generated by aws2tf see https://github.com/aws-samples/aws2tf 2 | # aws_route_table_association.rtbassoc-08fc27d0456901ef8: 3 | resource "aws_route_table_association" "rtbassoc-i3" { 4 | route_table_id = aws_route_table.rtb-i.id 5 | subnet_id = aws_subnet.subnet-i3.id 6 | } 7 | -------------------------------------------------------------------------------- /net/aws_route_table_association__rtbassoc-p2.tf: -------------------------------------------------------------------------------- 1 | # File generated by aws2tf see https://github.com/aws-samples/aws2tf 2 | # aws_route_table_association.rtbassoc-0c3e14aeb276186c2: 3 | resource "aws_route_table_association" "rtbassoc-p2" { 4 | route_table_id = aws_route_table.rtb-p2.id 5 | subnet_id = aws_subnet.subnet-p2.id 6 | } 7 | -------------------------------------------------------------------------------- /net/aws_route_table_association__rtbassoc-p3.tf: -------------------------------------------------------------------------------- 1 | # File generated by aws2tf see https://github.com/aws-samples/aws2tf 2 | # aws_route_table_association.rtbassoc-0eb5ebf6fd5e14e09: 3 | resource "aws_route_table_association" "rtbassoc-p3" { 4 | route_table_id = aws_route_table.rtb-p3.id 5 | subnet_id = aws_subnet.subnet-p3.id 6 | } 7 | -------------------------------------------------------------------------------- /net/aws_route_table_association__rtbassoc-p1.tf: -------------------------------------------------------------------------------- 1 | # File generated by aws2tf see https://github.com/aws-samples/aws2tf 2 | # aws_route_table_association.rtbassoc-029eb518ff8c1739a: 3 | resource "aws_route_table_association" "rtbassoc-p1" { 4 | route_table_id = aws_route_table.rtb-p1.id 5 | subnet_id = aws_subnet.subnet-p1.id 6 | } 7 | 8 | -------------------------------------------------------------------------------- /cicd/aws_iam_user.git-user.tf: -------------------------------------------------------------------------------- 1 | resource "aws_iam_user" "git-user" { 2 | name = "git-user" 3 | 4 | 5 | tags = { 6 | workshop = "eks-cicd" 7 | } 8 | } 9 | 10 | 11 | resource "aws_iam_user_policy_attachment" "git-attach" { 12 | user = aws_iam_user.git-user.name 13 | policy_arn = "arn:aws:iam::aws:policy/AWSCodeCommitPowerUser" 14 | } -------------------------------------------------------------------------------- /net/aws_vpc_ipv4_cidr_block_association__vpc-cidr-assoc.tf: -------------------------------------------------------------------------------- 1 | # File generated by aws2tf see https://github.com/aws-samples/aws2tf 2 | # aws_vpc_ipv4_cidr_block_association.vpc-cidr-assoc: 3 | resource "aws_vpc_ipv4_cidr_block_association" "vpc-cidr-assoc" { 4 | cidr_block = "100.64.0.0/16" 5 | vpc_id = aws_vpc.cluster.id 6 | 7 | timeouts {} 8 | } 9 | -------------------------------------------------------------------------------- /primer/tflab2/nat_gateway.tf: -------------------------------------------------------------------------------- 1 | # File generated by aws2tf see https://github.com/aws-samples/aws2tf 2 | # aws_nat_gateway.nat-070132f292c79b9d6: 3 | resource "aws_nat_gateway" "mynatgw" { 4 | count = var.mycount 5 | allocation_id = aws_eip.my-eip[count.index].id 6 | subnet_id = aws_subnet.mypubsubnet[count.index].id 7 | tags = {} 8 | } 9 | -------------------------------------------------------------------------------- /lb2/notused/cleanup.sh: -------------------------------------------------------------------------------- 1 | kubectl describe deployment -n kube-system aws-load-balancer-controller 2 | helm list -A 3 | echo "Remove helm deployment" 4 | helm delete aws-load-balancer-controller -n kube-system 5 | echo "Remove CRD" 6 | kubectl delete -f crds.yaml 7 | #aws iam delete-policy --policy-arnarn:aws:iam::$AWS_ACCOUNT:policy/AWSLoadBalancerControllerIAMPolicy 8 | -------------------------------------------------------------------------------- /cluster/aws_eks_idp.tf: -------------------------------------------------------------------------------- 1 | resource "aws_eks_identity_provider_config" "oidc" { 2 | cluster_name = aws_eks_cluster.cluster.name 3 | 4 | oidc { 5 | client_id = "sts.amazonaws.com" 6 | identity_provider_config_name = aws_eks_cluster.cluster.name 7 | issuer_url = aws_eks_cluster.cluster.identity.0.oidc.0.issuer 8 | } 9 | } -------------------------------------------------------------------------------- /net/aws_nat_gateway__eks-cicd.tf: -------------------------------------------------------------------------------- 1 | # File generated by aws2tf see https://github.com/aws-samples/aws2tf 2 | # aws_nat_gateway.nat-07b271e3a84d0d94a: 3 | resource "aws_nat_gateway" "nat-cicd" { 4 | allocation_id = aws_eip.eipalloc-052dd24eaa93ed064.id 5 | subnet_id = aws_subnet.subnet-cicd-public1.id 6 | tags = { 7 | "Name" = "ngw-eks-cicd" 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /net/aws_route_table__rtb-p1.tf: -------------------------------------------------------------------------------- 1 | # File generated by aws2tf see https://github.com/aws-samples/aws2tf 2 | # aws_route_table.rtb-041267f0474c24068: 3 | resource "aws_route_table" "rtb-p1" { 4 | propagating_vgws = [] 5 | route = [] 6 | tags = { 7 | "Name" = "eks-cluster/PrivateRouteTableEUWEST1A" 8 | 9 | } 10 | vpc_id = aws_vpc.cluster.id 11 | } 12 | -------------------------------------------------------------------------------- /net/aws_route_table__rtb-p2.tf: -------------------------------------------------------------------------------- 1 | # File generated by aws2tf see https://github.com/aws-samples/aws2tf 2 | # aws_route_table.rtb-0102c621469c344cd: 3 | resource "aws_route_table" "rtb-p2" { 4 | propagating_vgws = [] 5 | route = [] 6 | tags = { 7 | "Name" = "eks-cluster/PrivateRouteTableEUWEST1B" 8 | 9 | } 10 | vpc_id = aws_vpc.cluster.id 11 | } 12 | -------------------------------------------------------------------------------- /net/aws_route_table__rtb-p3.tf: -------------------------------------------------------------------------------- 1 | # File generated by aws2tf see https://github.com/aws-samples/aws2tf 2 | # aws_route_table.rtb-0939e7f3ae6e7b829: 3 | resource "aws_route_table" "rtb-p3" { 4 | propagating_vgws = [] 5 | route = [] 6 | tags = { 7 | "Name" = "eks-cluster/PrivateRouteTableEUWEST1C" 8 | 9 | } 10 | vpc_id = aws_vpc.cluster.id 11 | } 12 | -------------------------------------------------------------------------------- /net/aws_route_table_association__public1.tf: -------------------------------------------------------------------------------- 1 | # File generated by aws2tf see https://github.com/aws-samples/aws2tf 2 | # aws_route_table_association.rtbassoc-024cb38ce64e85194: 3 | resource "aws_route_table_association" "rtbassoc-024cb38ce64e85194" { 4 | route_table_id = aws_route_table.rtb-0c9df3106b9e1bca9.id 5 | subnet_id = aws_subnet.subnet-cicd-public1.id 6 | } 7 | -------------------------------------------------------------------------------- /net/aws_route_table_association__private1.tf: -------------------------------------------------------------------------------- 1 | # File generated by aws2tf see https://github.com/aws-samples/aws2tf 2 | # aws_route_table_association.rtbassoc-04310374909657ddd: 3 | resource "aws_route_table_association" "rtbassoc-04310374909657ddd" { 4 | route_table_id = aws_route_table.rtb-0fe5311ff86579482.id 5 | subnet_id = aws_subnet.subnet-00cc72ac5b0b79dd4.id 6 | } 7 | -------------------------------------------------------------------------------- /sampleapp/notused/delete-app.sh: -------------------------------------------------------------------------------- 1 | set +e 2 | echo "Deleting an Ingress takes ~8 minutes ......" 3 | date 4 | cat 2048_ingress.yml | sed 's=alb.ingress.kubernetes.io/target-type: ip=alb.ingress.kubernetes.io/target-type: instance=g' | kubectl delete -f - 5 | kubectl delete -f 2048_service.yml 6 | kubectl delete -f 2048_deployment.yml 7 | kubectl delete -f 2048_namespace.yml 8 | set -e -------------------------------------------------------------------------------- /common-files/data-params-iam.tf: -------------------------------------------------------------------------------- 1 | data "aws_ssm_parameter" "cluster_service_role_arn" { 2 | name = "/workshop/tf-eks/cluster_service_role_arn" 3 | } 4 | 5 | data "aws_ssm_parameter" "nodegroup_role_arn" { 6 | name = "/workshop/tf-eks/nodegroup_role_arn" 7 | } 8 | 9 | data "aws_ssm_parameter" "key_name" { 10 | name = "/workshop/tf-eks/key_name" 11 | } 12 | -------------------------------------------------------------------------------- /extra/.karpenter/tags.tf: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | 4 | resource "aws_ec2_tag" "karpenter_tags" { 5 | for_each = data.aws_eks_cluster.eks.vpc_config.0.subnet_ids 6 | resource_id = each.value 7 | key = format("kubernetes.io/cluster/%s", var.cluster-name) 8 | value = "true" 9 | } -------------------------------------------------------------------------------- /iam/aws_iam_role_policy_attachment__cluster-ServiceRole-AmazonEKSClusterPolicy.tf: -------------------------------------------------------------------------------- 1 | # File generated by aws2tf see https://github.com/aws-samples/aws2tf 2 | 3 | resource "aws_iam_role_policy_attachment" "eks-cluster-ServiceRole__AmazonEKSClusterPolicy" { 4 | policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy" 5 | role = aws_iam_role.eks-cluster-ServiceRole.id 6 | } 7 | -------------------------------------------------------------------------------- /net/aws_security_group__allnodes-sg.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "allnodes-sg" { 2 | description = "Communication between all nodes in the cluster" 3 | vpc_id = aws_vpc.cluster.id 4 | tags = { 5 | "Name" = format("eks-%s-cluster/ClusterSharedNodeSecurityGroup", data.aws_ssm_parameter.tf-eks-cluster-name.value) 6 | "Label" = "TF-EKS All Nodes Comms" 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /primer/tflab1-complete/vpc-192.168.tf: -------------------------------------------------------------------------------- 1 | resource "aws_vpc" "VPC-192-168" { 2 | assign_generated_ipv6_cidr_block = false 3 | cidr_block = "192.168.0.0/16" 4 | enable_dns_hostnames = false 5 | enable_dns_support = true 6 | instance_tenancy = "default" 7 | tags = { 8 | "Name" = "VPC-192-168" 9 | } 10 | } -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | # busybox uclibc - staic compile clib 2 | FROM --platform=linux/amd64 busybox:uclibc AS build-env 3 | RUN mkdir tfekscode-bin 4 | RUN cd tfekscode-bin 5 | WORKDIR /tfekscode-bin 6 | ADD terraform-eks-code/bin /tfekscode-bin 7 | #scratch - needs dummy executable to at least return nothing 8 | #FROM scratch 9 | #WORKDIR / 10 | #COPY --from=build-env /tfekscode /tfekscode 11 | -------------------------------------------------------------------------------- /extra/sampleapp2/sampleapp-namespace.tf: -------------------------------------------------------------------------------- 1 | resource "kubernetes_namespace" "game1-2048" { 2 | metadata { 3 | name = "game1-2048" 4 | } 5 | 6 | timeouts { 7 | delete = "20m" 8 | } 9 | } 10 | 11 | resource "kubernetes_namespace" "game2-2048" { 12 | metadata { 13 | name = "game2-2048" 14 | } 15 | 16 | timeouts { 17 | delete = "20m" 18 | } 19 | } 20 | 21 | -------------------------------------------------------------------------------- /primer/tflab2/my-pubrtassociation.tf: -------------------------------------------------------------------------------- 1 | # File generated by aws2tf see https://github.com/aws-samples/aws2tf 2 | # aws_route_table_association.rtbassoc-01b2fe2ddfac5825c: 3 | resource "aws_route_table_association" "myrtbassociation" { 4 | count = var.mycount 5 | route_table_id = aws_route_table.rtb2-igw[count.index].id 6 | subnet_id = aws_subnet.mypubsubnet[count.index].id 7 | } 8 | -------------------------------------------------------------------------------- /primer/tflab2/my-privrtassociation.tf: -------------------------------------------------------------------------------- 1 | # File generated by aws2tf see https://github.com/aws-samples/aws2tf 2 | # aws_route_table_association.rtbassoc-01b2fe2ddfac5825c: 3 | resource "aws_route_table_association" "myrtbassociation2" { 4 | count = var.mycount 5 | route_table_id = aws_route_table.rtb1-natgw-tgw[count.index].id 6 | subnet_id = aws_subnet.myprivsubnet[count.index].id 7 | } 8 | -------------------------------------------------------------------------------- /.aws-staff/docker-push.sh: -------------------------------------------------------------------------------- 1 | docker image rm tfekscode 2 | typ=$(uname -s) 3 | if [[ $typ == "Linux" ]]; then 4 | cd ~/environment 5 | cp tfekscode/bin/Dockerfile . 6 | fi 7 | if [[ $typ == "Darwin" ]]; then 8 | cd ../.. 9 | fi 10 | docker build . -t tfekscode --platform amd64 11 | docker tag tfekscode:latest public.ecr.aws/awsandy/tfekscode 12 | docker push public.ecr.aws/awsandy/tfekscode 13 | -------------------------------------------------------------------------------- /cluster/cluster-sg-rule.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group_rule" "eks-add-clustersg" { 2 | type = "ingress" 3 | from_port = 0 4 | to_port = 0 5 | protocol = "-1" 6 | source_security_group_id = aws_eks_cluster.cluster.vpc_config[0].cluster_security_group_id 7 | security_group_id = data.aws_ssm_parameter.net-cluster-sg.value 8 | } 9 | -------------------------------------------------------------------------------- /cicd/saved/aws_ecr_repository__nginx.tf: -------------------------------------------------------------------------------- 1 | resource "aws_ecr_repository" "nginx" { 2 | name = "nginx" 3 | image_tag_mutability = "IMMUTABLE" 4 | force_delete = true 5 | image_scanning_configuration { 6 | scan_on_push = true 7 | } 8 | encryption_configuration { 9 | encryption_type = "KMS" 10 | kms_key = data.aws_ssm_parameter.tf-eks-keyid.value 11 | } 12 | } -------------------------------------------------------------------------------- /cicd/aws_iam_role_policy_attachment__codebuild-eks-cicd-build-app-service-role__CodeBuildBasePolicy-eks-cicd-build-app-eu-west-1.tf: -------------------------------------------------------------------------------- 1 | 2 | resource "aws_iam_role_policy_attachment" "codebuild-eks-cicd-build-app-service-role__CodeBuildBasePolicy-eks-cicd-build-app" { 3 | policy_arn = aws_iam_policy.CodeBuildBasePolicy-eks-cicd-build-app.arn 4 | role = aws_iam_role.codebuild-eks-cicd-build-app-service-role.id 5 | } 6 | -------------------------------------------------------------------------------- /cicd/aws_iam_role_policy_attachment__codebuild-eks-cicd-build-app-service-role__CodeBuildVpcPolicy-eks-cicd-build-app-eu-west-1.tf: -------------------------------------------------------------------------------- 1 | 2 | resource "aws_iam_role_policy_attachment" "codebuild-eks-cicd-build-app-service-role__CodeBuildVpcPolicy-eks-cicd-build-app" { 3 | policy_arn = aws_iam_policy.CodeBuildVpcPolicy-eks-cicd-build-app.arn 4 | role = aws_iam_role.codebuild-eks-cicd-build-app-service-role.id 5 | } 6 | -------------------------------------------------------------------------------- /cicd/saved/aws_ecr_repository__busybox.tf: -------------------------------------------------------------------------------- 1 | resource "aws_ecr_repository" "busybox" { 2 | name = "busybox" 3 | image_tag_mutability = "IMMUTABLE" 4 | force_delete = true 5 | image_scanning_configuration { 6 | scan_on_push = true 7 | } 8 | encryption_configuration { 9 | encryption_type = "KMS" 10 | kms_key = data.aws_ssm_parameter.tf-eks-keyid.value 11 | } 12 | } -------------------------------------------------------------------------------- /iam/aws_iam_role_policy_attachment__nodegroup-NodeInstanceRole-AmazonEKSWorkerNodePolicy.tf: -------------------------------------------------------------------------------- 1 | # File generated by aws2tf see https://github.com/aws-samples/aws2tf 2 | resource "aws_iam_role_policy_attachment" "eks-nodegroup-ng-ma-NodeInstanceRole__AmazonEKSWorkerNodePolicy" { 3 | policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy" 4 | role = aws_iam_role.eks-nodegroup-ng-ma-NodeInstanceRole.id 5 | } 6 | -------------------------------------------------------------------------------- /tf-setup/null_resource.tf: -------------------------------------------------------------------------------- 1 | resource "null_resource" "gen_backend" { 2 | triggers = { 3 | always_run = timestamp() 4 | } 5 | depends_on = [aws_dynamodb_table.terraform_locks,aws_s3_bucket_server_side_encryption_configuration.terraform_state] 6 | provisioner "local-exec" { 7 | when = create 8 | command = < /tmp/aws-auth-patch.yml 5 | # 6 | kubectl patch configmap/aws-auth -n kube-system --patch "$(cat /tmp/aws-auth-patch.yml)" 7 | # -------------------------------------------------------------------------------- /nodeg/null_resource.tf: -------------------------------------------------------------------------------- 1 | resource "null_resource" "gen_cluster_auth" { 2 | triggers = { 3 | always_run = timestamp() 4 | } 5 | depends_on = [aws_eks_node_group.ng1] 6 | provisioner "local-exec" { 7 | on_failure = fail 8 | when = create 9 | interpreter = ["/bin/bash", "-c"] 10 | command = < /tmp/aws-auth-patch.yml 7 | # 8 | kubectl patch configmap/aws-auth -n kube-system --patch "$(cat /tmp/aws-auth-patch.yml)" 9 | # -------------------------------------------------------------------------------- /cicd/saved/auth-cicd.sh: -------------------------------------------------------------------------------- 1 | test -n "$ACCOUNT_ID" && echo ACCOUNT_ID is "$ACCOUNT_ID" || "echo ACCOUNT_ID is not set && exit" 2 | # get the workshop id from SSM 3 | WSID=$(aws ssm get-parameter --name /workshop/tf-eks/id --query Parameter.Value --output text) 4 | ROLE=" - rolearn: arn:aws:iam::$ACCOUNT_ID:role/$WSID-codebuild-eks-service-role\n username: build\n groups:\n - system:masters" 5 | # 6 | kubectl get -n kube-system configmap/aws-auth -o yaml | awk "/mapRoles: \|/{print;print \"$ROLE\";next}1" > /tmp/aws-auth-patch.yml 7 | # 8 | kubectl patch configmap/aws-auth -n kube-system --patch "$(cat /tmp/aws-auth-patch.yml)" 9 | # -------------------------------------------------------------------------------- /primer/challenge-1/mysgingress-icmp.tf: -------------------------------------------------------------------------------- 1 | # File generated by aws2tf see https://github.com/aws-samples/aws2tf 2 | # aws_security_group_rule.sg-0c991999e3313704a-2: 3 | resource "aws_security_group_rule" "mydefsgingress-icmp" { 4 | 5 | cidr_blocks = [ 6 | #for avpc in var.aws_vpc : 7 | #lookup(var.aws_cidr, avpc) 8 | "10.0.0.0/8" 9 | ] 10 | from_port = -1 11 | ipv6_cidr_blocks = [] 12 | prefix_list_ids = [] 13 | protocol = "icmp" 14 | security_group_id = data.aws_security_group.defsg.id 15 | self = false 16 | to_port = -1 17 | type = "ingress" 18 | } 19 | -------------------------------------------------------------------------------- /c9net/sg-rule-def.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group_rule" "sg-def-22" { 2 | type = "ingress" 3 | from_port = 443 4 | to_port = 443 5 | protocol = "tcp" 6 | cidr_blocks = [data.aws_ssm_parameter.eks-cidr.value] 7 | security_group_id = data.aws_security_group.c9sg.id 8 | } 9 | 10 | resource "aws_security_group_rule" "sg-def-eks-all" { 11 | type = "ingress" 12 | from_port = 22 13 | to_port = 22 14 | protocol = "tcp" 15 | cidr_blocks = [data.aws_ssm_parameter.eks-cidr.value] 16 | security_group_id = data.aws_security_group.c9sg.id 17 | } -------------------------------------------------------------------------------- /extra/sampleapp2/2048_ingress1.yml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | namespace: game1-2048 5 | name: ingress-1-2048 6 | annotations: 7 | kubernetes.io/ingress.class: alb 8 | alb.ingress.kubernetes.io/scheme: internal 9 | alb.ingress.kubernetes.io/target-type: ip 10 | alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 8080}]' 11 | alb.ingress.kubernetes.io/group.name: my-team.group1 12 | 13 | spec: 14 | rules: 15 | - http: 16 | paths: 17 | - path: /app1 18 | backend: 19 | serviceName: service1-2048 20 | servicePort: 80 21 | -------------------------------------------------------------------------------- /extra/sampleapp2/2048_ingress2.yml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | namespace: game2-2048 5 | name: ingress-2-2048 6 | annotations: 7 | kubernetes.io/ingress.class: alb 8 | alb.ingress.kubernetes.io/scheme: internal 9 | alb.ingress.kubernetes.io/target-type: ip 10 | alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 8080}]' 11 | alb.ingress.kubernetes.io/group.name: my-team.group1 12 | 13 | spec: 14 | rules: 15 | - http: 16 | paths: 17 | - path: /app2 18 | backend: 19 | serviceName: service2-2048 20 | servicePort: 80 21 | -------------------------------------------------------------------------------- /sampleapp/notused/2048_ingress.yml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | namespace: game-2048 5 | name: ingress-2048 6 | annotations: 7 | alb.ingress.kubernetes.io/scheme: internal 8 | alb.ingress.kubernetes.io/target-type: ip 9 | alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 8080}]' 10 | 11 | spec: 12 | ingressClassName: alb 13 | rules: 14 | - http: 15 | paths: 16 | - path: / 17 | pathType: Prefix 18 | backend: 19 | service: 20 | name: "service-2048" 21 | port: 22 | number: 80 -------------------------------------------------------------------------------- /extra/.karpenter-provisioner/01-provisioner.sh: -------------------------------------------------------------------------------- 1 | cat < Log groups > fluent-bit-eks-fargate 18 | 19 | ``` 20 | 2022-02-23T17:04:24.484+00:00 21 | 22 | { 23 | "log":"2022-02-23T17:04:24.484397174Z stdout F 127.0.0.1 - - [23/Feb/2022:17:04:24 +0000] \"GET / HTTP/1.1\" 200 615 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.102 Safari/537.36\" \"81.96.210.11\"" 24 | } 25 | ``` 26 | 27 | etc. 28 | 29 | -------------------------------------------------------------------------------- /extra/.app-mesh/helm_loadbalancer.tf: -------------------------------------------------------------------------------- 1 | 2 | 3 | resource "helm_release" "appmesh-controller" { 4 | name = "appmesh-controller" 5 | depends_on=[null_resource.post-policy] 6 | 7 | repository = "https://aws.github.io/eks-charts" 8 | chart = "appmesh-controller" 9 | namespace = "kube-system" 10 | 11 | set { 12 | name = "clusterName" 13 | value = data.aws_eks_cluster.eks_cluster.name 14 | } 15 | 16 | set { 17 | name = "serviceAccount.name" 18 | value = "appmesh-controller" 19 | } 20 | 21 | set { 22 | name = "image.repository" 23 | value = format("602401143452.dkr.ecr.%s.amazonaws.com/amazon/appmesh-controller",var.region) 24 | } 25 | 26 | } 27 | 28 | -------------------------------------------------------------------------------- /iam/aws_iam_role_policy__cluster-ServiceRole__PolicyCloudWatchMetrics.tf: -------------------------------------------------------------------------------- 1 | # File generated by aws2tf see https://github.com/aws-samples/aws2tf 2 | resource "aws_iam_role_policy" "eks-cluster-ServiceRole__eks-cluster-PolicyCloudWatchMetrics" { 3 | name = format("%s-eks-cluster-PolicyCloudWatchMetrics",data.aws_ssm_parameter.tf-eks-id.value) 4 | policy = jsonencode( 5 | { 6 | Statement = [ 7 | { 8 | Action = [ 9 | "cloudwatch:PutMetricData", 10 | ] 11 | Effect = "Allow" 12 | Resource = "*" 13 | }, 14 | ] 15 | Version = "2012-10-17" 16 | } 17 | ) 18 | role = aws_iam_role.eks-cluster-ServiceRole.id 19 | } 20 | -------------------------------------------------------------------------------- /nodeg/aws_eks-addons.tf.sav: -------------------------------------------------------------------------------- 1 | resource "aws_eks_addon" "kube-proxy" { 2 | #depends_on = [aws_eks_node_group.ng1] 3 | cluster_name = data.aws_ssm_parameter.tf-eks-cluster-name.value 4 | addon_name = "kube-proxy" 5 | addon_version = "v1.23.15-eksbuild.1" 6 | } 7 | 8 | resource "aws_eks_addon" "coredns" { 9 | depends_on = [aws_eks_node_group.ng1] 10 | cluster_name = data.aws_ssm_parameter.tf-eks-cluster-name.value 11 | addon_name = "coredns" 12 | configuration_values = "{\"replicaCount\":2,\"resources\":{\"limits\":{\"cpu\":\"100m\",\"memory\":\"150Mi\"},\"requests\":{\"cpu\":\"100m\",\"memory\":\"150Mi\"}}}" 13 | addon_version = "v1.8.7-eksbuild.3" 14 | } -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ## Terraform EKS workshop code 2 | 3 | This code repo is intended to be used with the public AWS workshop: 4 | 5 | https://tf-eks-workshop.workshop.aws/ 6 | 7 | 8 | The intent is to build a private EKS cluster with some sample application just using Terraform (no "eksctl" !). 9 | 10 | The workshop also does not (deliberately) use any of the available Terraform modules for VPC's or EKS. The idea being you can take this code into your own module structure as you see fit. 11 | 12 | Much of the workshops Terraform code was originally created by the author's (awsandy) other notable tool: 13 | 14 | https://github.com/aws-samples/aws2tf 15 | 16 | ----- 17 | 18 | Contributions and comments are welcome. 19 | 20 | 21 | 22 | -------------------------------------------------------------------------------- /primer/challenge-1/deftgw-attach.tf: -------------------------------------------------------------------------------- 1 | # File generated by aws2tf see https://github.com/aws-samples/aws2tf 2 | # aws_ec2_transit_gateway_vpc_attachment.tgw-attach-008c183cdff3e83ca: 3 | resource "aws_ec2_transit_gateway_vpc_attachment" "deftgw-attach" { 4 | dns_support = "enable" 5 | ipv6_support = "disable" 6 | subnet_ids = [ 7 | data.aws_instance.c9.subnet_id 8 | ] 9 | tags = { 10 | "Name" = "TGW-att-to-defvpc" 11 | } 12 | transit_gateway_default_route_table_association = true 13 | transit_gateway_default_route_table_propagation = true 14 | transit_gateway_id = data.aws_ec2_transit_gateway.mytgw.id 15 | vpc_id = data.aws_vpc.dvpc.id 16 | } 17 | -------------------------------------------------------------------------------- /cluster/null_resource.tf: -------------------------------------------------------------------------------- 1 | resource "null_resource" "gen_cluster_auth" { 2 | triggers = { 3 | always_run = timestamp() 4 | } 5 | #depends_on = [aws_eks_cluster.cluster] 6 | depends_on = [aws_eks_addon.vpc-cni] 7 | provisioner "local-exec" { 8 | on_failure = fail 9 | when = create 10 | interpreter = ["/bin/bash", "-c"] 11 | command = < /tmp/me.txt 12 | yum install -y amazon-ssm-agent 13 | echo "yum'd agent" >> /tmp/me.txt 14 | yum update -y 15 | systemctl enable amazon-ssm-agent && systemctl start amazon-ssm-agent 16 | date >> /tmp/me.txt 17 | 18 | --==MYBOUNDARY==-- 19 | USERDATA 20 | } -------------------------------------------------------------------------------- /.notused/switch.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | sudo yum -y -q install jq > /dev/null 3 | profile_name="eksworkshop-admin" 4 | instance_id=$(curl -sS http://169.254.169.254/latest/meta-data/instance-id) 5 | ipa=$(aws ec2 describe-instances --instance-ids $instance_id --query Reservations[].Instances[].IamInstanceProfile | jq -r .[].Arn) 6 | iip=$(aws ec2 describe-iam-instance-profile-associations --filters "Name=instance-id,Values=$instance_id" --query IamInstanceProfileAssociations[].AssociationId | jq -r .[]) 7 | if aws ec2 replace-iam-instance-profile-association --iam-instance-profile "Name=$profile_name" --association-id $iip; then 8 | echo "Profile associated successfully." 9 | else 10 | echo "ERROR: Encountered error associating instance profile eksworkshop-admin with Cloud9 environment" 11 | fi -------------------------------------------------------------------------------- /extra/nodeg2/user_data.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | eks-node-private-userdata = < /tmp/me.txt 12 | yum install -y amazon-ssm-agent 13 | yum update -y 14 | echo "yum'd agent" >> /tmp/me.txt 15 | systemctl enable amazon-ssm-agent && systemctl start amazon-ssm-agent 16 | date >> /tmp/me.txt 17 | 18 | --==MYBOUNDARY==-- 19 | USERDATA 20 | } -------------------------------------------------------------------------------- /lb2/null_post_policy.tf: -------------------------------------------------------------------------------- 1 | resource "null_resource" "post-policy" { 2 | depends_on = [aws_iam_policy.load-balancer-policy] 3 | triggers = { 4 | always_run = timestamp() 5 | } 6 | provisioner "local-exec" { 7 | on_failure = fail 8 | interpreter = ["/bin/bash", "-c"] 9 | when = create 10 | command = < patch.yaml 15 | data: 16 | mapUsers: | 17 | - userarn: ${rolearn} 18 | username: admin 19 | groups: 20 | - system:masters 21 | EOF 22 | kubectl get configmap -n kube-system aws-auth -o yaml > aws-auth.yaml 23 | cat patch.yaml >> aws-auth.yaml 24 | kubectl apply -f aws-auth.yaml 25 | -------------------------------------------------------------------------------- /primer/tflab2/rtb2-igw.tf: -------------------------------------------------------------------------------- 1 | # File generated by aws2tf see https://github.com/aws-samples/aws2tf 2 | # aws_route_table.rtb-07745c715a366341d: 3 | resource "aws_route_table" "rtb2-igw" { 4 | count = var.mycount 5 | propagating_vgws = [] 6 | route = [ 7 | { 8 | cidr_block = "0.0.0.0/0" 9 | egress_only_gateway_id = "" 10 | gateway_id = aws_internet_gateway.myigw[count.index].id 11 | instance_id = null 12 | ipv6_cidr_block = null 13 | nat_gateway_id = "" 14 | network_interface_id = "" 15 | transit_gateway_id = "" 16 | vpc_peering_connection_id = "" 17 | "local_gateway_id" = "" 18 | "vpc_endpoint_id" = "" 19 | carrier_gateway_id = "" 20 | destination_prefix_list_id = "" 21 | core_network_arn = "" 22 | }, 23 | ] 24 | tags = {} 25 | vpc_id = aws_vpc.VPC[count.index].id 26 | } 27 | -------------------------------------------------------------------------------- /net/aws_route_table__private1.tf: -------------------------------------------------------------------------------- 1 | # File generated by aws2tf see https://github.com/aws-samples/aws2tf 2 | # aws_route_table.rtb-0fe5311ff86579482: 3 | resource "aws_route_table" "rtb-0fe5311ff86579482" { 4 | propagating_vgws = [] 5 | route = [ 6 | { 7 | carrier_gateway_id = "" 8 | cidr_block = "0.0.0.0/0" 9 | destination_prefix_list_id = "" 10 | egress_only_gateway_id = "" 11 | gateway_id = "" 12 | instance_id = null 13 | ipv6_cidr_block = null 14 | local_gateway_id = "" 15 | nat_gateway_id = aws_nat_gateway.nat-cicd.id 16 | network_interface_id = "" 17 | transit_gateway_id = "" 18 | vpc_peering_connection_id = "" 19 | vpc_endpoint_id = "" 20 | core_network_arn = "" 21 | }, 22 | ] 23 | tags = { 24 | "Name" = "rtb-eks-cicd-priv1" 25 | } 26 | vpc_id = aws_vpc.vpc-cicd.id 27 | } 28 | -------------------------------------------------------------------------------- /primer/tflab2/rtb1-natgw-tgw.tf: -------------------------------------------------------------------------------- 1 | # File generated by aws2tf see https://github.com/aws-samples/aws2tf 2 | # aws_route_table.rtb-040377d3dcbd24da0: 3 | resource "aws_route_table" "rtb1-natgw-tgw" { 4 | count = var.mycount 5 | propagating_vgws = [] 6 | route = [ 7 | { 8 | cidr_block = "0.0.0.0/0" 9 | egress_only_gateway_id = "" 10 | gateway_id = "" 11 | instance_id = null 12 | ipv6_cidr_block = null 13 | nat_gateway_id = aws_nat_gateway.mynatgw[count.index].id 14 | network_interface_id = "" 15 | transit_gateway_id = "" 16 | vpc_peering_connection_id = "" 17 | local_gateway_id = "" 18 | vpc_endpoint_id = "" 19 | carrier_gateway_id = "" 20 | destination_prefix_list_id = "" 21 | core_network_arn = "" 22 | }, 23 | ] 24 | tags = {} 25 | vpc_id = aws_vpc.VPC[count.index].id 26 | } 27 | -------------------------------------------------------------------------------- /.aws-staff/build-all.sh: -------------------------------------------------------------------------------- 1 | echo "circa 45 minutes ..." 2 | rm -f build.log 3 | date >> build.log 4 | cur=`pwd` 5 | cd ~/environment/tfekscode/lb2 6 | curl -o iam_policy.json https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.5.0/docs/install/iam_policy.json -s 7 | cd $cur 8 | buildok=1 9 | #orig 10 | dirs="tf-setup net iam c9net cicd cluster nodeg lb2 sampleapp extra/nodeg2 extra/eks-cidr2 extra/sampleapp2 extra/fargate extra/fargateapp" 11 | for i in `echo $dirs`;do 12 | ./build-stage.sh $i 2>&1 | tee -a build.log 13 | grep Error: build.log 14 | if [[ $? -eq 0 ]];then 15 | echo "Error: in build.log" 16 | exit 17 | fi 18 | done 19 | date >> build.log 20 | 21 | echo "Some post build verifications" 22 | echo "Should have at least 23 pods running in total" 23 | rc=$(kubectl get pods -A | grep Running | wc -l) 24 | if [ $rc -lt 23 ]; then 25 | echo "ERROR: Found only $rc pods running - expected 23" 26 | else 27 | echo "PASSED: running pod count $rc" 28 | fi 29 | 30 | -------------------------------------------------------------------------------- /primer/tflab2/subnets.tf: -------------------------------------------------------------------------------- 1 | resource "aws_subnet" "myprivsubnet" { 2 | count = var.mycount 3 | assign_ipv6_address_on_creation = false 4 | availability_zone = data.aws_availability_zones.az.names[0] 5 | cidr_block = format("10.%s.4.0/24", count.index + 1) 6 | map_public_ip_on_launch = false 7 | tags = { 8 | "Name" = format("Priv subnet 10-%s-4-0", count.index + 1) 9 | } 10 | vpc_id = aws_vpc.VPC[count.index].id 11 | 12 | timeouts {} 13 | } 14 | 15 | resource "aws_subnet" "mypubsubnet" { 16 | count = var.mycount 17 | assign_ipv6_address_on_creation = false 18 | availability_zone = data.aws_availability_zones.az.names[0] 19 | cidr_block = format("10.%s.1.0/24", count.index + 1) 20 | map_public_ip_on_launch = false 21 | tags = { 22 | "Name" = format("Pub subnet 10-%s-1-0", count.index + 1) 23 | } 24 | vpc_id = aws_vpc.VPC[count.index].id 25 | 26 | timeouts {} 27 | } 28 | -------------------------------------------------------------------------------- /extra/.app-mesh/aws.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | # specify minimum version of Terraform 3 | required_version = "> 1.4.2" 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | # Lock version to prevent unexpected problems 8 | version = "4.63.0" 9 | } 10 | null = { 11 | source = "hashicorp/null" 12 | version = "~> 3.1.0" 13 | } 14 | external = { 15 | source = "hashicorp/external" 16 | version = "~> 2.1.0" 17 | } 18 | kubernetes = { 19 | source = "hashicorp/kubernetes" 20 | version = "2.17.0" 21 | } 22 | helm = { 23 | source = "hashicorp/helm" 24 | version = "~> 2.4.1" 25 | } 26 | local = { 27 | source = "hashicorp/local" 28 | version = "~> 2.1.0" 29 | } 30 | 31 | } 32 | } 33 | 34 | # specify local directory for AWS credentials 35 | provider "aws" { 36 | region = var.region 37 | shared_credentials_files = ["~/.aws/credentials"] 38 | profile = var.profile 39 | } 40 | provider "null" {} 41 | provider "external" {} -------------------------------------------------------------------------------- /.notused/resize-osdisk.sh: -------------------------------------------------------------------------------- 1 | pip3 install --user --upgrade boto3 > /dev/null 2 | export instance_id=$(curl -s http://169.254.169.254/latest/meta-data/instance-id) 3 | echo "Resizing OS disk" 4 | python3 -c "import boto3 5 | import os 6 | from botocore.exceptions import ClientError 7 | ec2 = boto3.client('ec2') 8 | print('instance_id=' + os.getenv('instance_id')) 9 | volume_info = ec2.describe_volumes( 10 | Filters=[ 11 | { 12 | 'Name': 'attachment.instance-id', 13 | 'Values': [ 14 | os.getenv('instance_id') 15 | ] 16 | } 17 | ] 18 | ) 19 | volume_id = volume_info['Volumes'][0]['VolumeId'] 20 | print('volume_id=' + volume_id) 21 | try: 22 | resize = ec2.modify_volume( 23 | VolumeId=volume_id, 24 | Size=30 25 | ) 26 | print('Resized to 30GB') 27 | except ClientError as e: 28 | if e.response['Error']['Code'] == 'InvalidParameterValue': 29 | print('ERROR MESSAGE: {}'.format(e))" 30 | if [ $? -eq 0 ]; then 31 | echo "Rebooting ...." 32 | sudo reboot 33 | fi 34 | 35 | -------------------------------------------------------------------------------- /extra/fargateapp/configmap-logging.tf: -------------------------------------------------------------------------------- 1 | resource "kubernetes_namespace" "aws-observability" { 2 | 3 | metadata { 4 | annotations = {} 5 | labels = { 6 | "aws-observability" = "enabled" 7 | } 8 | name = "aws-observability" 9 | } 10 | 11 | timeouts {} 12 | } 13 | 14 | resource "kubernetes_config_map" "aws-observability__aws-logging" { 15 | binary_data = {} 16 | data = { 17 | "output.conf" = <<-EOT 18 | [OUTPUT] 19 | Name cloudwatch 20 | Match * 21 | region ${data.aws_region.current.name} 22 | log_group_name fluent-bit-eks-fargate 23 | log_stream_prefix fargate1- 24 | auto_create_group true 25 | sts_endpoint https://sts.${data.aws_region.current.name}.amazonaws.com 26 | endpoint https://logs.${data.aws_region.current.name}.amazonaws.com 27 | EOT 28 | } 29 | 30 | metadata { 31 | name = "aws-logging" 32 | namespace = kubernetes_namespace.aws-observability.id 33 | } 34 | } -------------------------------------------------------------------------------- /common-files/aws.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | # specify minimum version of Terraform 3 | required_version = "> 1.4.0" 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | # Lock version to prevent unexpected problems 8 | version = "4.65.0" 9 | } 10 | null = { 11 | source = "hashicorp/null" 12 | version = "~> 3.1.0" 13 | } 14 | external = { 15 | source = "hashicorp/external" 16 | version = "~> 2.1.0" 17 | } 18 | kubernetes = { 19 | source = "hashicorp/kubernetes" 20 | version = "2.17.0" 21 | } 22 | helm = { 23 | source = "hashicorp/helm" 24 | version = "~> 2.4.1" 25 | } 26 | local = { 27 | source = "hashicorp/local" 28 | version = "~> 2.1.0" 29 | } 30 | 31 | } 32 | } 33 | 34 | # specify local directory for AWS credentials 35 | provider "aws" { 36 | region = var.region 37 | shared_credentials_files = ["~/.aws/credentials"] 38 | profile = var.profile 39 | } 40 | provider "null" {} 41 | provider "external" {} 42 | 43 | 44 | 45 | -------------------------------------------------------------------------------- /iam/aws_iam_role_policy__nodegroup-NodeInstanceRole-PolicyAutoScaling.tf: -------------------------------------------------------------------------------- 1 | # File generated by aws2tf see https://github.com/aws-samples/aws2tf 2 | resource "aws_iam_role_policy" "eks-nodegroup-ng-ma-NodeInstanceRole-1GFKA1037E1XO__eks-nodegroup-ng-maneksami2-PolicyAutoScaling" { 3 | name = format("%s-eks-nodegroup-ng-maneksami2-PolicyAutoScaling",data.aws_ssm_parameter.tf-eks-id.value) 4 | policy = jsonencode( 5 | { 6 | Statement = [ 7 | { 8 | Action = [ 9 | "autoscaling:DescribeAutoScalingGroups", 10 | "autoscaling:DescribeAutoScalingInstances", 11 | "autoscaling:DescribeLaunchConfigurations", 12 | "autoscaling:DescribeTags", 13 | "autoscaling:SetDesiredCapacity", 14 | "autoscaling:TerminateInstanceInAutoScalingGroup", 15 | "ec2:DescribeLaunchTemplateVersions", 16 | ] 17 | Effect = "Allow" 18 | Resource = "*" 19 | }, 20 | ] 21 | Version = "2012-10-17" 22 | } 23 | ) 24 | role = aws_iam_role.eks-nodegroup-ng-ma-NodeInstanceRole.id 25 | } 26 | -------------------------------------------------------------------------------- /extra/sampleapp2/2048_ingress.yml.orig: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | namespace: game-2048 5 | name: ingress-2048 6 | annotations: 7 | kubernetes.io/ingress.class: alb 8 | alb.ingress.kubernetes.io/scheme: internal 9 | alb.ingress.kubernetes.io/target-type: ip 10 | alb.ingress.kubernetes.io/actions.forward-single-tg: > 11 | {"type":"forward","forwardConfig":{"targetGroups":[{"serviceName":"service1-2048","servicePort":"80","weight":100}],"targetGroupStickinessConfig":{"enabled":true,"durationSeconds":200}}} 12 | alb.ingress.kubernetes.io/actions.app2-redirect: > 13 | {"Type": "redirect", "RedirectConfig": { "Protocol": "HTTP", "Port": "80", "Path": "/app2", "Query": "#{query}", "StatusCode": "HTTP_301"}} 14 | spec: 15 | rules: 16 | - http: 17 | paths: 18 | - path: /app1 19 | backend: 20 | serviceName: forward-single-tg 21 | servicePort: use-annotation 22 | - path: /app2 23 | backend: 24 | serviceName: service2-2048 25 | servicePort: 80 -------------------------------------------------------------------------------- /lb2/notused/install.sh: -------------------------------------------------------------------------------- 1 | 2 | #aws iam create-policy --policy-name AWSLoadBalancerControllerIAMPolicy --policy-document file://iam-policy.json 3 | #curl -o iam-policy.json https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/main/docs/install/iam_policy.json 4 | 5 | 6 | eksctl utils associate-iam-oidc-provider --region eu-west-1 --cluster mycluster1 --approve 7 | # helm chart does this if you let it 8 | eksctl create iamserviceaccount --cluster mycluster1 --namespace=kube-system --name=aws-load-balancer-controller --attach-policy-arn=arn:aws:iam::566972129213:policy/AWSLoadBalancerControllerIAMPolicy --approve 9 | #helm repo add eks https://aws.github.io/eks-charts 10 | 11 | kubectl apply -k "github.com/aws/eks-charts/stable/aws-load-balancer-controller//crds?ref=master" 12 | 13 | helm upgrade -i aws-load-balancer-controller eks/aws-load-balancer-controller -n kube-system --set clusterName=mycluster1 --set serviceAccount.create=false --set serviceAccount.name=aws-load-balancer-controller --set image.repository=602401143452.dkr.ecr.eu-west-1.amazonaws.com/amazon/aws-load-balancer-controller -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Local .terraform directories 2 | **/.terraform/* 3 | **/bin/* 4 | # .tfstate files 5 | *.tfstate 6 | *.tfstate.* 7 | *.DS_Store 8 | 9 | # Crash log files 10 | crash.log 11 | 12 | # Ignore any .tfvars files that are generated automatically for each Terraform run. Most 13 | # .tfvars files are managed as part of configuration and so should be included in 14 | # version control. 15 | # 16 | # example.tfvars 17 | 18 | # Ignore override files as they are usually used to override resources locally and so 19 | # are not checked in 20 | override.tf 21 | override.tf.json 22 | *_override.tf 23 | *_override.tf.json 24 | 25 | # Include override files you do wish to add to version control using negated pattern 26 | # 27 | # !example_override.tf 28 | 29 | # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan 30 | # example: *tfplan* 31 | *tfplan* 32 | terraform* 33 | kubectl* 34 | **/old/* 35 | **/aws/* 36 | **/sw/* 37 | jq 38 | **/*.old 39 | **/net-v2/* 40 | **/notused/* 41 | 42 | **/.terraform.lock.hcl 43 | extra/.observability/priv-vars.tf 44 | .DS_Store 45 | docker-extract.sh 46 | .DS_Store 47 | Private.md 48 | .DS_Store 49 | -------------------------------------------------------------------------------- /extra/.observability/main.tf: -------------------------------------------------------------------------------- 1 | module "eks_observability_accelerator" { 2 | source = "github.com/aws-observability/terraform-aws-observability-accelerator?ref=v1.5.0" 3 | aws_region = data.aws_region.current.name 4 | eks_cluster_id = data.aws_ssm_parameter.tf-eks-cluster-name.value 5 | enable_managed_prometheus = true 6 | enable_managed_grafana = false 7 | managed_grafana_workspace_id = var.grafana_id 8 | grafana_api_key = var.grafana_api_key 9 | } 10 | 11 | module "workloads_infra" { 12 | source = "github.com/aws-observability/terraform-aws-observability-accelerator/workloads/infra?ref=v1.5.0a" 13 | 14 | eks_cluster_id = data.aws_ssm_parameter.tf-eks-cluster-name.value 15 | 16 | dashboards_folder_id = module.eks_observability_accelerator.grafana_dashboards_folder_id 17 | managed_prometheus_workspace_id = module.eks_observability_accelerator.managed_prometheus_workspace_id 18 | 19 | managed_prometheus_workspace_endpoint = module.eks_observability_accelerator.managed_prometheus_workspace_endpoint 20 | managed_prometheus_workspace_region = module.eks_observability_accelerator.managed_prometheus_workspace_region 21 | } -------------------------------------------------------------------------------- /.notused/eks-cidr/null-cidr.tf: -------------------------------------------------------------------------------- 1 | resource "null_resource" "cidr" { 2 | triggers = { 3 | always_run = timestamp() 4 | } 5 | provisioner "local-exec" { 6 | on_failure = fail 7 | when = create 8 | interpreter = ["/bin/bash", "-c"] 9 | command = < /dev/null 13 | rc=0 14 | terraform state list 2> /dev/null | grep aws_ > /dev/null 15 | if [ $? -eq 0 ]; then 16 | rc=$(terraform state list | wc -l ) 17 | fi 18 | # array elements in hetre so special rule 19 | if [ "$i" == "tf-setup" ] && [ $rc -ge 12 ]; then echo "$rc in tf state expected 12 so skipping build ..." && continue; fi 20 | if [ $rc -ge $tobuild ]; then echo "$rc in tf state expected $tobuild so skipping build ..." && continue; fi 21 | 22 | terraform plan -out tfplan -no-color 23 | terraform apply tfplan -no-color 24 | rc=$(terraform state list | wc -l) 25 | 26 | 27 | if [ $rc -lt $tobuild ]; then echo "only $rc in tf state expected $tobuild" && break; fi 28 | echo "Passed $i tests" 29 | 30 | echo "Destroying $i" 31 | terraform destroy -auto-approve 32 | rm -rf .terraform* 33 | cd $cur 34 | date 35 | 36 | done 37 | 38 | 39 | -------------------------------------------------------------------------------- /extra/nodeg2/outputs.tf: -------------------------------------------------------------------------------- 1 | # 2 | # Outputs 3 | # 4 | 5 | locals { 6 | config-map-aws-auth = < ${az}-pod-netconfig2.yaml 13 | apiVersion: crd.k8s.amazonaws.com/v1alpha1 14 | kind: ENIConfig 15 | metadata: 16 | name: ${az}-pod-netconfig2 17 | spec: 18 | subnet: ${subid} 19 | securityGroups: 20 | - ${sg0} 21 | EOF 22 | kubectl apply -f ${az}-pod-netconfig2.yaml 23 | kubectl annotate node ${nn} k8s.amazonaws.com/eniConfig=${az}-pod-netconfig2 --overwrite 24 | 25 | done -------------------------------------------------------------------------------- /extra/.karpenter/launch_template.tf: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | 4 | data "aws_ssm_parameter" "bottlerocket_ami" { 5 | name = "/aws/service/bottlerocket/aws-k8s-${nonsensitive(data.aws_ssm_parameter.tf-eks-version.value)}/x86_64/latest/image_id" 6 | } 7 | 8 | # Need to create custom Launch Template to use Bottlerocket - https://github.com/aws/karpenter/issues/923 9 | resource "aws_launch_template" "bottlerocket" { 10 | name = "${var.cluster-name}-karpenter-bottlerocket" 11 | 12 | image_id = data.aws_ssm_parameter.bottlerocket_ami.value 13 | 14 | iam_instance_profile { 15 | name = aws_iam_instance_profile.karpenter_node.name 16 | } 17 | 18 | vpc_security_group_ids = [ 19 | data.aws_eks_cluster.eks.vpc_config.0.cluster_security_group_id 20 | ] 21 | 22 | metadata_options { 23 | http_endpoint = "enabled" 24 | http_tokens = "required" 25 | http_put_response_hop_limit = 2 26 | } 27 | 28 | user_data = base64encode(templatefile( 29 | "${path.module}/templates/bottlerocket-userdata.toml.tpl", 30 | { 31 | "cluster_endpoint" = data.aws_eks_cluster.eks.endpoint, 32 | "cluster_ca_certificate" = data.aws_eks_cluster.eks.certificate_authority[0].data 33 | "cluster_name" = var.cluster-name, 34 | } 35 | )) 36 | } -------------------------------------------------------------------------------- /.notused/iam-profile.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | rolen="eksworkshop-admin" 3 | profile_name="eksworkshop-admin" 4 | aws iam create-role --role-name $rolen --assume-role-policy-document file://trust.json 5 | aws iam create-policy --policy-name tfeks --policy-document file://policy.json 6 | parn=$(aws iam list-policies --scope Local | jq -r '.Policies[] | select(.PolicyName=="tfeks").Arn') 7 | aws iam attach-role-policy --role-name $rolen --policy-arn arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore 8 | aws iam attach-role-policy --role-name $rolen --policy-arn $parn 9 | aws iam create-instance-profile --instance-profile-name $profile_name 10 | aws iam add-role-to-instance-profile --instance-profile-name $profile_name --role-name $rolen 11 | instance_id=$(curl -sS http://169.254.169.254/latest/meta-data/instance-id) 12 | ipa=$(aws ec2 describe-instances --instance-ids $instance_id --query Reservations[].Instances[].IamInstanceProfile | jq -r .[].Arn) 13 | iip=$(aws ec2 describe-iam-instance-profile-associations --filters "Name=instance-id,Values=$instance_id" --query IamInstanceProfileAssociations[].AssociationId | jq -r .[]) 14 | if aws ec2 replace-iam-instance-profile-association --iam-instance-profile "Name=$profile_name" --association-id $iip; then 15 | echo "Profile associated successfully." 16 | else 17 | echo "ERROR: Encountered error associating instance profile eksworkshop-admin with Cloud9 environment" 18 | fi -------------------------------------------------------------------------------- /extra/fargate/fargate-execution-role.tf: -------------------------------------------------------------------------------- 1 | # File generated by aws2tf see https://github.com/aws-samples/aws2tf 2 | 3 | resource "aws_iam_role" "FargatePodExecutionRole" { 4 | assume_role_policy = jsonencode( 5 | { 6 | Statement = [ 7 | { 8 | Action = "sts:AssumeRole" 9 | Effect = "Allow" 10 | Principal = { 11 | Service = [ 12 | "eks.amazonaws.com", 13 | "eks-fargate-pods.amazonaws.com", 14 | ] 15 | } 16 | }, 17 | ] 18 | Version = "2012-10-17" 19 | } 20 | ) 21 | force_detach_policies = false 22 | max_session_duration = 3600 23 | name = format("%s-eks-FargatePodExecutionRole",data.aws_eks_cluster.eks_cluster.name) 24 | path = "/" 25 | tags = { 26 | "Name" = format("%s-cluster/FargatePodExecutionRole",data.aws_eks_cluster.eks_cluster.name) 27 | } 28 | } 29 | 30 | 31 | resource "aws_iam_role_policy_attachment" "AmazonEKSFargatePodExecutionRolePolicy" { 32 | policy_arn = "arn:aws:iam::aws:policy/AmazonEKSFargatePodExecutionRolePolicy" 33 | role = aws_iam_role.FargatePodExecutionRole.id 34 | } 35 | 36 | ## attach logging policy 37 | resource "aws_iam_role_policy_attachment" "eks-fargate-logging-policy" { 38 | policy_arn = aws_iam_policy.eks-fargate-logging-policy.arn 39 | role = aws_iam_role.FargatePodExecutionRole.id 40 | } -------------------------------------------------------------------------------- /nodeg/outputs.tf: -------------------------------------------------------------------------------- 1 | # 2 | # Outputs 3 | # 4 | 5 | locals { 6 | config-map-aws-auth = < /dev/null 28 | terraform destroy -auto-approve 29 | cd $cur 30 | date 31 | done 32 | echo "Pass 1 cli based actions ..." 33 | echo "pass 2 ...." 34 | for i in $dirs; do 35 | cd $cur 36 | cd ../$i 37 | echo "**** Destroying in $i ****" 38 | terraform destroy -auto-approve 2&> /dev/null 39 | rm -f tfplan terraform* 40 | rm -rf .terraform 41 | cd $cur 42 | date 43 | done 44 | dirs="tf-setup" 45 | for i in $dirs; do 46 | cd ../$i 47 | echo "**** Destroying in $i ****" 48 | terraform destroy -auto-approve > /dev/null 49 | rm -f tfplan terraform* 50 | rm -rf .terraform 51 | cd $cur 52 | date 53 | done 54 | echo "Done" 55 | 56 | exit --------------------------------------------------------------------------------