├── .gitignore
├── CODE_OF_CONDUCT.md
├── CONTRIBUTING.md
├── LICENSE
├── README.md
├── images
├── architecture_stack.png
└── architecture_stack.png.license
├── module_1
├── README.md
├── images
│ ├── nginx_page.png
│ ├── nginx_page.png.license
│ ├── one_file_tf.png
│ ├── one_file_tf.png.license
│ ├── terraform_apply.png
│ ├── terraform_apply.png.license
│ ├── terraform_destroy.png
│ ├── terraform_destroy.png.license
│ ├── terraform_init.png
│ ├── terraform_init.png.license
│ ├── terraform_plan.png
│ ├── terraform_plan.png.license
│ ├── terraform_validate.png
│ └── terraform_validate.png.license
└── one_file_tf
│ └── simple_nginx_stack
│ ├── data.tf
│ ├── files
│ └── install_nginx.sh
│ ├── main.tf
│ ├── outputs.tf
│ ├── scripts
│ └── generate_ssh_key.sh
│ └── vars.tf
├── module_2
├── README.md
├── images
│ ├── nginx_page.png
│ ├── nginx_page.png.license
│ ├── terraform_apply.png
│ ├── terraform_apply.png.license
│ ├── terraform_destroy.png
│ ├── terraform_destroy.png.license
│ ├── terraform_init.png
│ ├── terraform_init.png.license
│ ├── terraform_module.png
│ ├── terraform_module.png.license
│ ├── terraform_plan.png
│ └── terraform_plan.png.license
└── modularized_tf
│ ├── environments
│ └── providers
│ │ └── aws
│ │ └── prd
│ │ ├── applications
│ │ └── nginx-sample-stack
│ │ │ ├── data.tf
│ │ │ ├── main.tf
│ │ │ ├── outputs.tf
│ │ │ ├── scripts
│ │ │ └── generate_ssh_key.sh
│ │ │ ├── user_data.sh
│ │ │ └── vars.tf
│ │ ├── environment.tf
│ │ └── infraestructure
│ │ └── vpc
│ │ ├── main.tf
│ │ ├── outputs.tf
│ │ └── vars.tf
│ └── modules
│ └── providers
│ └── aws
│ ├── asg
│ ├── main.tf
│ ├── outputs.tf
│ └── vars.tf
│ ├── elb
│ ├── main.tf
│ ├── outputs.tf
│ └── vars.tf
│ ├── launch_config
│ ├── main.tf
│ ├── outputs.tf
│ └── vars.tf
│ ├── security_group
│ ├── attach_sg_ec2
│ │ ├── main.tf
│ │ ├── outputs.tf
│ │ └── vars.tf
│ ├── create_sg
│ │ ├── main.tf
│ │ ├── outputs.tf
│ │ └── vars.tf
│ └── create_sg_rule
│ │ ├── main.tf
│ │ ├── outputs.tf
│ │ └── vars.tf
│ └── vpc
│ ├── main.tf
│ ├── output.tf
│ └── vars.tf
└── module_3
├── README.md
├── images
├── nginx_page.png
├── nginx_page.png.license
├── terraform_agreggated_module.png
└── terraform_agreggated_module.png.license
└── modularized_tf
├── base_modules
└── providers
│ └── aws
│ ├── asg
│ ├── main.tf
│ ├── outputs.tf
│ └── vars.tf
│ ├── elb
│ ├── main.tf
│ ├── outputs.tf
│ └── vars.tf
│ ├── launch_config
│ ├── main.tf
│ ├── outputs.tf
│ └── vars.tf
│ ├── security_group
│ ├── attach_sg_ec2
│ │ ├── main.tf
│ │ ├── outputs.tf
│ │ └── vars.tf
│ ├── create_sg
│ │ ├── main.tf
│ │ ├── outputs.tf
│ │ └── vars.tf
│ └── create_sg_rule
│ │ ├── main.tf
│ │ ├── outputs.tf
│ │ └── vars.tf
│ └── vpc
│ ├── main.tf
│ ├── output.tf
│ └── vars.tf
├── component_modules
└── nginx-webserver-stack
│ ├── data.tf
│ ├── main.tf
│ ├── outputs.tf
│ └── vars.tf
└── environments
└── providers
└── aws
└── prd
├── applications
└── nginx-sample-stack
│ ├── data.tf
│ ├── main.tf
│ ├── outputs.tf
│ ├── scripts
│ └── generate_ssh_key.sh
│ ├── user_data.sh
│ └── vars.tf
└── environment.tf
/.gitignore:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | # Created by https://www.toptal.com/developers/gitignore/api/terraform
6 | # Edit at https://www.toptal.com/developers/gitignore?templates=terraform
7 |
8 | ### Terraform ###
9 | # Local .terraform directories
10 | **/.terraform/*
11 | id_rsa*
12 | # .tfstate files
13 | *.tfstate
14 | *.tfstate.*
15 |
16 | # Crash log files
17 | crash.log
18 | *.reuse/
19 | # Ignore any .tfvars files that are generated automatically for each Terraform run. Most
20 | # .tfvars files are managed as part of configuration and so should be included in
21 | # version control.
22 | #
23 | # example.tfvars
24 |
25 | # Ignore override files as they are usually used to override resources locally and so
26 | # are not checked in
27 | override.tf
28 | override.tf.json
29 | *_override.tf
30 | *_override.tf.json
31 |
32 | *.terraform.lock.hcl
33 | # Include override files you do wish to add to version control using negated pattern
34 | # !example_override.tf
35 |
36 | # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
37 | # example: *tfplan*
38 |
39 | # End of https://www.toptal.com/developers/gitignore/api/terraform
40 |
--------------------------------------------------------------------------------
/CODE_OF_CONDUCT.md:
--------------------------------------------------------------------------------
1 | ## Code of Conduct
2 | This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct).
3 | For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact
4 | opensource-codeofconduct@amazon.com with any additional questions or comments.
5 |
--------------------------------------------------------------------------------
/CONTRIBUTING.md:
--------------------------------------------------------------------------------
1 | # Contributing Guidelines
2 |
3 | Thank you for your interest in contributing to our project. Whether it's a bug report, new feature, correction, or additional
4 | documentation, we greatly value feedback and contributions from our community.
5 |
6 | Please read through this document before submitting any issues or pull requests to ensure we have all the necessary
7 | information to effectively respond to your bug report or contribution.
8 |
9 |
10 | ## Reporting Bugs/Feature Requests
11 |
12 | We welcome you to use the GitHub issue tracker to report bugs or suggest features.
13 |
14 | When filing an issue, please check existing open, or recently closed, issues to make sure somebody else hasn't already
15 | reported the issue. Please try to include as much information as you can. Details like these are incredibly useful:
16 |
17 | * A reproducible test case or series of steps
18 | * The version of our code being used
19 | * Any modifications you've made relevant to the bug
20 | * Anything unusual about your environment or deployment
21 |
22 |
23 | ## Contributing via Pull Requests
24 | Contributions via pull requests are much appreciated. Before sending us a pull request, please ensure that:
25 |
26 | 1. You are working against the latest source on the *main* branch.
27 | 2. You check existing open, and recently merged, pull requests to make sure someone else hasn't addressed the problem already.
28 | 3. You open an issue to discuss any significant work - we would hate for your time to be wasted.
29 |
30 | To send us a pull request, please:
31 |
32 | 1. Fork the repository.
33 | 2. Modify the source; please focus on the specific change you are contributing. If you also reformat all the code, it will be hard for us to focus on your change.
34 | 3. Ensure local tests pass.
35 | 4. Commit to your fork using clear commit messages.
36 | 5. Send us a pull request, answering any default questions in the pull request interface.
37 | 6. Pay attention to any automated CI failures reported in the pull request, and stay involved in the conversation.
38 |
39 | GitHub provides additional document on [forking a repository](https://help.github.com/articles/fork-a-repo/) and
40 | [creating a pull request](https://help.github.com/articles/creating-a-pull-request/).
41 |
42 |
43 | ## Finding contributions to work on
44 | Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the default GitHub issue labels (enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any 'help wanted' issues is a great place to start.
45 |
46 |
47 | ## Code of Conduct
48 | This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct).
49 | For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact
50 | opensource-codeofconduct@amazon.com with any additional questions or comments.
51 |
52 |
53 | ## Security issue notifications
54 | If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue.
55 |
56 |
57 | ## Licensing
58 |
59 | See the [LICENSE](LICENSE) file for our project's licensing. We will ask you to confirm the licensing of your contribution.
60 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 |
3 | Permission is hereby granted, free of charge, to any person obtaining a copy of
4 | this software and associated documentation files (the "Software"), to deal in
5 | the Software without restriction, including without limitation the rights to
6 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
7 | the Software, and to permit persons to whom the Software is furnished to do so.
8 |
9 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
10 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
11 | FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
12 | COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
13 | IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
14 | CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
15 |
16 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 |
6 |
7 | # Terraform Sample Workshop
8 |
9 | This repository contains hands on content that will guide you through building a simple Web Server stack using terraform in many ways, learn how to code infraestructure with terraform from a simple snippet to a modularized approach
10 |
11 | # Prerequisites
12 |
13 | - [Terraform v0.14 or above](https://www.terraform.io/downloads.html)
14 | - AWS account
15 |
16 | **THIS WORKSHOP WAS TESTED IN US-EAST-1 REGION**
17 |
18 | # Overview of Workshop Labs
19 |
20 | [Module 1](./module_1) - This module is responsible to teach you the basics of Terraform and how to code a simple architecture using Terraform resources.
21 |
22 | [Module 2](./module_2) - This module is responsible to teach you how to create modules in terraform and use them, you will learn how to create re-usable Terraform resources to improve agility when coding infraestructure.
23 |
24 | [Module 3](./module_3) - This module is responsible to teach you how to create another layer of Terraform abstraction using module in module, so you can create patterns and deliver the infraestructre in a much fast and simple way.
25 |
26 | # Stack that will be deployed
27 |
28 |
29 | 
30 |
31 |
32 | So the above stack will be deployed in all the 3 modules of this workshop, but in each module we are going to improve our terraform using best practices.
33 |
34 | ## Start the workshop
35 |
36 | [Click Here to start the first module](./module_1)
37 |
38 | ## Security
39 |
40 | See [CONTRIBUTING](CONTRIBUTING.md#security-issue-notifications) for more information.
41 |
42 | ## License
43 |
44 | This library is licensed under the MIT-0 License. See the LICENSE file.
45 |
46 |
--------------------------------------------------------------------------------
/images/architecture_stack.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws-samples/terraform-sample-workshop/0a265e356a3cf4fd0f15ba821b7bedf712a32239/images/architecture_stack.png
--------------------------------------------------------------------------------
/images/architecture_stack.png.license:
--------------------------------------------------------------------------------
1 | Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 |
3 | SPDX-License-Identifier: MIT-0
--------------------------------------------------------------------------------
/module_1/README.md:
--------------------------------------------------------------------------------
1 |
6 |
7 | # Terraform Sample Workshop Module 1
8 |
9 | In this module you will learn what is Terraform and also learn the basic of how to code a sample **.tf** file to create a stack, it will teach you the basics of Terraform and how to code a simple architecture using Terraform resources.
10 |
11 | # What is Terraform?
12 |
13 | [Terraform](https://www.terraform.io/) is an open-source infrastructure as code software tool that provides a consistent CLI workflow to manage hundreds of cloud services. Terraform codifies cloud APIs into declarative configuration files.
14 |
15 | Write infrastructure as code using declarative configuration files. HashiCorp Configuration Language (HCL) allows for concise descriptions of resources using blocks, arguments, and expressions.
16 |
17 | # Folder structure
18 |
19 | ```
20 | ── one_file_tf
21 | └── simple_nginx_stack
22 | ├── data.tf
23 | ├── files
24 | │ └── install_nginx.sh
25 | ├── main.tf
26 | ├── outputs.tf
27 | └── vars.tf
28 | ```
29 |
30 | [data.tf](one_file_tf/simple_nginx_stack/data.tf) - This is the Data sources file, Data Sources allow data to be fetched or computed for use elsewhere in Terraform configuration. Use of data sources allows a Terraform configuration to make use of information defined outside of Terraform, or defined by another separate Terraform configuration.
31 |
32 | [files/install_nginx.sh](one_file_tf/simple_nginx_stack/files/install_nginx.sh) - This is the shell script that we are going to pass to our code as the User Data of our EC2 that will be provisioned.
33 |
34 | [main.tf](one_file_tf/simple_nginx_stack/main.tf) - This is the file is where resources lives, resources are the most important element in the Terraform language. Each resource block describes one or more infrastructure objects, such as virtual networks, compute instances, or higher-level components such as DNS records.
35 |
36 | [outputs.tf](one_file_tf/simple_nginx_stack/outputs.tf) - Here is where you create the outputs, output values are like the return values of a Terraform module, you can use this outputs for reference later.
37 |
38 | [vars.tf](one_file_tf/simple_nginx_stack/vars.tf) - This file contains all variables that we pass to our resources to create, input variables serve as parameters for a Terraform module, allowing aspects of the module to be customized without altering the module's own source code, and allowing modules to be shared between different configurations.
39 |
40 | It's recommended that you open all the above files and check them to get a better understanding how Terraform works.
41 |
42 | For more information consult the [Official Terraform Documentation](https://www.terraform.io/docs/configuration/index.html)
43 |
44 | # Deploying our first stack
45 |
46 | We are going to deploy our first stack using a simple **one file snippet** of Terraform with all the resources that we will need to provision.
47 |
48 |
49 | 
50 |
51 |
52 |
53 | **ALL THE COMMANDS WILL NEED TO BE RUN INSIDE one_file_tf/simple_nginx_stack/**
54 |
55 | Execute:
56 |
57 | ```shell
58 | cd one_file_tf/simple_nginx_stack/
59 | ```
60 |
61 | Now we need to change the **AWS Bucket** where out Terraform State will be saved. This state is used by Terraform to map real world resources to your configuration, keep track of metadata, and to improve performance for large infrastructures.
62 |
63 | If you don't have a bucket in AWS create one, [How to Create AWS Bucket](https://docs.aws.amazon.com/AmazonS3/latest/gsg/CreatingABucket.html)
64 |
65 | Open **one_file_tf/simple_nginx_stack/main.tf** and do the following:
66 |
67 | ```terraform
68 | terraform {
69 | backend "s3" {
70 | region = "us-east-1"
71 | bucket = ""
72 | key = "terraform/one_file_tf/simple_nginx_stack/main.tf"
73 | encrypt = true
74 | }
75 | }
76 | ```
77 | Now it's time to init our Terraform, init command is used to initialize a working directory containing Terraform configuration files. This is the first command that should be run after writing a new Terraform configuration or cloning an existing one from version control. It is safe to run this command multiple times.
78 |
79 | Execute:
80 |
81 | ```shell
82 | terraform init
83 | ```
84 |
85 |
86 | 
87 |
88 |
89 | Now we are going to create our SSH key and import to AWS, this key we can use to access our EC2 provisioned by Terraform.
90 |
91 | Execute:
92 |
93 | ```
94 | scripts/generate_ssh_key.sh
95 | ```
96 |
97 | The output should be the follow:
98 |
99 | ```
100 | Key imported!
101 | ```
102 |
103 | Let's execute **terraform validate** command validates the configuration files in a directory, referring only to the configuration and not accessing any remote services such as remote state, provider APIs, etc.
104 |
105 | Execute:
106 |
107 | ```shell
108 | terraform validate
109 | ```
110 |
111 |
112 | 
113 |
114 |
115 | Now it's time for **terraform plan**
116 |
117 | The terraform plan command is used to create an execution plan. Terraform performs a refresh, unless explicitly disabled, and then determines what actions are necessary to achieve the desired state specified in the configuration files.
118 |
119 | This command is a convenient way to check whether the execution plan for a set of changes matches your expectations without making any changes to real resources or to the state. For example, terraform plan might be run before committing a change to version control, to create confidence that it will behave as expected.
120 |
121 | Execute:
122 |
123 | ```
124 | terraform plan
125 | ```
126 |
127 | The output will be the resources that we are going to provision or change during the terraform apply phase.
128 |
129 |
130 | 
131 |
132 |
133 | Now let's apply our Terraform
134 |
135 | The **terraform apply** command is used to apply the changes required to reach the desired state of the configuration, or the pre-determined set of actions generated by a terraform plan execution plan.
136 |
137 | Execute:
138 |
139 | ```
140 | terraform apply
141 | ```
142 |
143 | When ask to confirm if you want to apply, type **yes**
144 |
145 | Wait some minutes to apply and the creation of resources.
146 |
147 | The Output should be the follow:
148 |
149 |
150 | 
151 |
152 |
153 | Now it's time to test, wait for 2 or 3 minutes before trying to open the Load Balancer DNS generated above.
154 |
155 | If everything works fine you will see the nginx web page.
156 |
157 |
158 | 
159 |
160 |
161 | Now it's time to destroy our stack using **terraform destroy** command
162 |
163 | The terraform destroy command is used to destroy the Terraform-managed infrastructure.
164 |
165 | Execute:
166 |
167 | ```
168 | terraform destroy
169 | ```
170 |
171 | When ask to confirm if you want to destroy, type **yes**
172 |
173 | The Output should be the follow:
174 |
175 |
176 | 
177 |
178 |
179 | As you can see, this command destroy all the resources that we provisioned before.
180 |
181 | # Completion
182 |
183 | Congratulations, you finished the first module.
184 |
185 | [Click here to go to the next module](../module_2)
--------------------------------------------------------------------------------
/module_1/images/nginx_page.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws-samples/terraform-sample-workshop/0a265e356a3cf4fd0f15ba821b7bedf712a32239/module_1/images/nginx_page.png
--------------------------------------------------------------------------------
/module_1/images/nginx_page.png.license:
--------------------------------------------------------------------------------
1 | Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 |
3 | SPDX-License-Identifier: MIT-0
--------------------------------------------------------------------------------
/module_1/images/one_file_tf.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws-samples/terraform-sample-workshop/0a265e356a3cf4fd0f15ba821b7bedf712a32239/module_1/images/one_file_tf.png
--------------------------------------------------------------------------------
/module_1/images/one_file_tf.png.license:
--------------------------------------------------------------------------------
1 | Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 |
3 | SPDX-License-Identifier: MIT-0
--------------------------------------------------------------------------------
/module_1/images/terraform_apply.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws-samples/terraform-sample-workshop/0a265e356a3cf4fd0f15ba821b7bedf712a32239/module_1/images/terraform_apply.png
--------------------------------------------------------------------------------
/module_1/images/terraform_apply.png.license:
--------------------------------------------------------------------------------
1 | Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 |
3 | SPDX-License-Identifier: MIT-0
--------------------------------------------------------------------------------
/module_1/images/terraform_destroy.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws-samples/terraform-sample-workshop/0a265e356a3cf4fd0f15ba821b7bedf712a32239/module_1/images/terraform_destroy.png
--------------------------------------------------------------------------------
/module_1/images/terraform_destroy.png.license:
--------------------------------------------------------------------------------
1 | Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 |
3 | SPDX-License-Identifier: MIT-0
--------------------------------------------------------------------------------
/module_1/images/terraform_init.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws-samples/terraform-sample-workshop/0a265e356a3cf4fd0f15ba821b7bedf712a32239/module_1/images/terraform_init.png
--------------------------------------------------------------------------------
/module_1/images/terraform_init.png.license:
--------------------------------------------------------------------------------
1 | Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 |
3 | SPDX-License-Identifier: MIT-0
--------------------------------------------------------------------------------
/module_1/images/terraform_plan.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws-samples/terraform-sample-workshop/0a265e356a3cf4fd0f15ba821b7bedf712a32239/module_1/images/terraform_plan.png
--------------------------------------------------------------------------------
/module_1/images/terraform_plan.png.license:
--------------------------------------------------------------------------------
1 | Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 |
3 | SPDX-License-Identifier: MIT-0
--------------------------------------------------------------------------------
/module_1/images/terraform_validate.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws-samples/terraform-sample-workshop/0a265e356a3cf4fd0f15ba821b7bedf712a32239/module_1/images/terraform_validate.png
--------------------------------------------------------------------------------
/module_1/images/terraform_validate.png.license:
--------------------------------------------------------------------------------
1 | Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 |
3 | SPDX-License-Identifier: MIT-0
--------------------------------------------------------------------------------
/module_1/one_file_tf/simple_nginx_stack/data.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
--------------------------------------------------------------------------------
/module_1/one_file_tf/simple_nginx_stack/files/install_nginx.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
4 | #
5 | # SPDX-License-Identifier: MIT-0
6 |
7 | sudo yum update
8 | sudo amazon-linux-extras install nginx1.12
9 | sudo service nginx start
10 | chkconfig nginx on
--------------------------------------------------------------------------------
/module_1/one_file_tf/simple_nginx_stack/main.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | provider "aws" {
6 | region = "us-east-1"
7 | }
8 |
9 | terraform {
10 | backend "s3" {
11 | region = "us-east-1"
12 | bucket = ""
13 | key = "terraform/one_file_tf/simple_nginx_stack/main.tf"
14 | encrypt = true
15 | }
16 | }
17 |
18 | // Provision VPC Stack
19 |
20 | data "aws_availability_zones" "all" {}
21 |
22 | resource "aws_vpc" "vpc" {
23 | cidr_block = var.cidr_vpc
24 |
25 | enable_dns_hostnames = true
26 | enable_dns_support = true
27 | instance_tenancy = "default"
28 |
29 | tags = {
30 | Name = var.vpc_name
31 | }
32 | }
33 |
34 | resource "aws_subnet" "private_subnet" {
35 | vpc_id = aws_vpc.vpc.id
36 | count = var.subnet_count
37 | cidr_block = cidrsubnet(var.cidr_vpc, var.cidr_network_bits, count.index)
38 | availability_zone = element(data.aws_availability_zones.all.names, count.index)
39 | map_public_ip_on_launch = false
40 |
41 | tags = {
42 | Name = "private-${element(data.aws_availability_zones.all.names, count.index)}-subnet"
43 | }
44 |
45 | depends_on = [aws_vpc.vpc]
46 | }
47 |
48 | resource "aws_subnet" "public_subnet" {
49 | vpc_id = aws_vpc.vpc.id
50 | count = var.subnet_count
51 | cidr_block = cidrsubnet(var.cidr_vpc, var.cidr_network_bits, (count.index + length(split(",", lookup(var.azs, var.region)))))
52 | availability_zone = element(data.aws_availability_zones.all.names, count.index)
53 | map_public_ip_on_launch = true
54 |
55 | tags = {
56 | Name = "public-${element(data.aws_availability_zones.all.names, count.index)}-subnet"
57 | }
58 |
59 | depends_on = [aws_vpc.vpc]
60 | }
61 |
62 | resource "aws_internet_gateway" "internet_gateway" {
63 | vpc_id = aws_vpc.vpc.id
64 | depends_on = [aws_vpc.vpc]
65 | }
66 |
67 | resource "aws_eip" "nat_gateway_eip" {
68 | count = var.subnet_count
69 | vpc = true
70 | depends_on = [aws_internet_gateway.internet_gateway]
71 | }
72 |
73 | resource "aws_nat_gateway" "nat_gateway" {
74 | count = 2
75 | allocation_id = aws_eip.nat_gateway_eip.*.id[count.index]
76 | subnet_id = aws_subnet.public_subnet.*.id[count.index]
77 | depends_on = [aws_internet_gateway.internet_gateway, aws_subnet.public_subnet]
78 | }
79 |
80 | resource "aws_route_table" "public" {
81 | vpc_id = aws_vpc.vpc.id
82 |
83 | route {
84 | cidr_block = "0.0.0.0/0"
85 | gateway_id = aws_internet_gateway.internet_gateway.id
86 | }
87 |
88 | tags = {
89 | Name = "route_table_public"
90 | }
91 | }
92 |
93 | resource "aws_route_table" "private" {
94 | count = var.subnet_count
95 | vpc_id = aws_vpc.vpc.id
96 |
97 | route {
98 | cidr_block = "0.0.0.0/0"
99 | nat_gateway_id = element(aws_nat_gateway.nat_gateway.*.id, count.index)
100 | }
101 |
102 | tags = {
103 | Name = "route_table_private"
104 | }
105 | }
106 |
107 | resource "aws_route_table_association" "public_assoc" {
108 | count = length(split(",", lookup(var.azs, var.region)))
109 | subnet_id = element(aws_subnet.public_subnet.*.id, count.index)
110 | route_table_id = aws_route_table.public.id
111 | }
112 |
113 | resource "aws_route_table_association" "private_assoc" {
114 | count = 2
115 | subnet_id = element(aws_subnet.private_subnet.*.id, count.index)
116 | route_table_id = element(aws_route_table.private.*.id, count.index)
117 | }
118 |
119 | resource "aws_route53_zone" "main_zone" {
120 | name = "${var.environment}.${var.zone_name}.internal"
121 |
122 | vpc {
123 | vpc_id = aws_vpc.vpc.id
124 | }
125 | }
126 |
127 | resource "aws_security_group" "vpc_security_group" {
128 | name = "aws-${var.vpc_name}-vpc-sg"
129 | vpc_id = aws_vpc.vpc.id
130 | }
131 |
132 | resource "aws_security_group_rule" "allow_ssh_internal" {
133 | type = "ingress"
134 | from_port = 22
135 | to_port = 22
136 | protocol = "tcp"
137 | cidr_blocks = [var.cidr_vpc]
138 |
139 | security_group_id = aws_security_group.vpc_security_group.id
140 | }
141 |
142 | resource "aws_security_group_rule" "egress_allow_all" {
143 | type = "egress"
144 | from_port = 0
145 | to_port = 65535
146 | protocol = "all"
147 | cidr_blocks = ["0.0.0.0/0"]
148 |
149 | security_group_id = aws_security_group.vpc_security_group.id
150 | }
151 |
152 | // END of VPC
153 |
154 | // One Line terraform to provision ELB + EC2 in ASG with LC and Nginx
155 |
156 | resource "aws_security_group" "lc_sg" {
157 | name = "${var.sg_name}-lc"
158 | description = "Managed by Terraform"
159 | vpc_id = aws_vpc.vpc.id
160 |
161 | egress {
162 | from_port = 0
163 | to_port = 0
164 | protocol = "-1"
165 | cidr_blocks = ["0.0.0.0/0"]
166 | }
167 | }
168 |
169 | resource "aws_security_group_rule" "allow_internal_vpc" {
170 | type = "ingress"
171 | from_port = 80
172 | to_port = 80
173 | protocol = "TCP"
174 | cidr_blocks = ["10.5.0.0/16"]
175 |
176 | security_group_id = aws_security_group.lc_sg.id
177 | }
178 |
179 | resource "aws_launch_configuration" "my_sample_lc" {
180 | name_prefix = "${var.lc_name}-"
181 | image_id = var.ami_id
182 | instance_type = var.instance_type
183 | user_data = file("files/install_nginx.sh")
184 | key_name = var.key_name
185 | security_groups = [aws_security_group.lc_sg.id]
186 |
187 | lifecycle {
188 | create_before_destroy = true
189 | }
190 |
191 | }
192 |
193 | resource "aws_autoscaling_group" "my_sample_asg" {
194 | name = var.asg_name
195 | launch_configuration = aws_launch_configuration.my_sample_lc.name // Reference form above
196 | min_size = 2
197 | desired_capacity = 2
198 | max_size = 4
199 | vpc_zone_identifier = aws_subnet.private_subnet.*.id
200 | health_check_type = "ELB"
201 | load_balancers = [aws_elb.nginx_lb.name] // Add instances below Classic LB
202 |
203 | tag {
204 | key = "Name"
205 | value = "asg-nginx-test"
206 | propagate_at_launch = true
207 | }
208 |
209 | lifecycle {
210 | create_before_destroy = true
211 | }
212 | }
213 |
214 | // LB security Group
215 |
216 | resource "aws_security_group" "lb_sg" {
217 | name = "${var.sg_name}-lb"
218 | description = "Managed by Terraform"
219 | vpc_id = aws_vpc.vpc.id
220 |
221 | egress {
222 | from_port = 0
223 | to_port = 0
224 | protocol = "-1"
225 | cidr_blocks = ["0.0.0.0/0"]
226 | }
227 | }
228 |
229 | resource "aws_security_group_rule" "allow_all" {
230 | type = "ingress"
231 | from_port = 80
232 | to_port = 80
233 | protocol = "TCP"
234 | cidr_blocks = ["0.0.0.0/0"]
235 |
236 | security_group_id = aws_security_group.lb_sg.id
237 | }
238 |
239 | // Classic LoadBalancer for application
240 |
241 | resource "aws_elb" "nginx_lb" {
242 | name = var.lb_name
243 | subnets = aws_subnet.public_subnet.*.id
244 | security_groups = [aws_security_group.lb_sg.id]
245 | idle_timeout = 400
246 | connection_draining = true
247 | connection_draining_timeout = 400
248 | internal = false
249 |
250 | listener {
251 | instance_port = 80
252 | instance_protocol = "http"
253 | lb_port = 80
254 | lb_protocol = "http"
255 | }
256 |
257 | health_check {
258 | healthy_threshold = 2
259 | unhealthy_threshold = 2
260 | timeout = 3
261 | target = "TCP:80"
262 | interval = 30
263 | }
264 |
265 |
266 | }
--------------------------------------------------------------------------------
/module_1/one_file_tf/simple_nginx_stack/outputs.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | output "elb_dns_name" {
6 | value = aws_elb.nginx_lb.dns_name
7 | }
--------------------------------------------------------------------------------
/module_1/one_file_tf/simple_nginx_stack/scripts/generate_ssh_key.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
4 | #
5 | # SPDX-License-Identifier: MIT-0
6 |
7 | echo "Press enter 3 times"
8 |
9 | ssh-keygen
10 |
11 | aws ec2 import-key-pair --key-name "nginx-demo-key" --public-key-material file://./id_rsa.pub
12 |
13 | echo "Key imported!"
14 |
15 |
--------------------------------------------------------------------------------
/module_1/one_file_tf/simple_nginx_stack/vars.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | // VPC Variables
6 |
7 | variable "vpc_name" {
8 | default = "production-vpc"
9 | }
10 |
11 | variable "cidr_vpc" {
12 | default = "10.5.0.0/16"
13 | }
14 |
15 | variable "cidr_network_bits" {
16 | default = "8"
17 | }
18 |
19 | variable "subnet_count" {
20 | default = "2"
21 | }
22 |
23 | variable "azs" {
24 | default = {
25 | "us-east-1" = "us-east-1a,us-east-1b,us-east-1c,us-east-1d"
26 | }
27 | }
28 |
29 | variable "region" {
30 | default = "us-east-1"
31 | }
32 |
33 | variable "zone_name" {
34 | default = "client"
35 | }
36 |
37 | variable "environment" {
38 | default = "dev"
39 | }
40 |
41 | // Stack Variables
42 |
43 | variable "lc_name" {
44 | default = "lc-sample-nginx"
45 | }
46 |
47 | variable "ami_id" {
48 | default = "ami-0be2609ba883822ec"
49 | }
50 |
51 | variable "instance_type" {
52 | default = "t2.micro"
53 | }
54 |
55 | variable "key_name" {
56 | default = "nginx-demo-key"
57 | }
58 |
59 | variable "asg_name" {
60 | default = "sample-nginx-asg"
61 | }
62 |
63 | variable "lb_name" {
64 | default = "my-nginx-lb"
65 | }
66 |
67 | variable "sg_name" {
68 | default = "nginx-stack"
69 | }
--------------------------------------------------------------------------------
/module_2/README.md:
--------------------------------------------------------------------------------
1 |
6 |
7 | # Terraform Sample Workshop Module 2
8 |
9 | This module is responsible to teach you how to create modules in terraform and use them, you will learn how to create re-usable Terraform resources to improve agility when coding infraestructure.
10 |
11 | A module is a container for multiple resources that are used together. Modules can be used to create lightweight abstractions, so that you can describe your infrastructure in terms of its architecture, rather than directly in terms of physical objects.
12 |
13 | **Re-usable modules are defined using all of the same configuration language concepts we use in root modules**
14 |
15 | If you need any further information, check the offical [Terraform Documentation](https://www.terraform.io/docs/modules/index.html)
16 |
17 | # Folder Structure
18 |
19 | ```
20 | ── modularized_tf
21 | ├── environments
22 | │ └── providers
23 | │ └── aws
24 | │ └── prd
25 | │ ├── applications/
26 | │ ├── environment.tf
27 | │ └── infraestructure
28 | │ └── vpc/
29 | └── modules
30 | └── providers
31 | └── aws
32 | ├── asg
33 | ├── elb
34 | ├── launch_config
35 | ├── security_group
36 | │ ├── attach_sg_ec2
37 | │ ├── create_sg
38 | │ └── create_sg_rule
39 | └── vpc
40 | ```
41 |
42 | [environments](modularized_tf/environments) - This folder has the code that is responsible to call the modules, the modules together make a stack.
43 |
44 | [modules](modularized_tf/modules) - This is the folder where the modules are stored, so inside this folder we have the Terraform Resources
45 |
46 | Inside every module and provider environment folder, we have the same structure of files descibred in module 1:
47 |
48 | - output.tf
49 | - main.tf
50 | - vars.tf
51 | - data.tf
52 |
53 | > If you need any information, go back to [module 1](../module_1/) and check it
54 |
55 | # Deploying our stack in a modularized way
56 |
57 | Now we don't have anymore one snippet that create all the AWS resources, we have a snippet that combine many modules to create AWS resources.
58 |
59 | We also splitted the stack in two, it means, two different state files.
60 |
61 | - The **infraestructure/** folder is where the infraestructure components will be created, components that maybe will be used for many stacks or applications, like VPC, Route 53 etc.
62 |
63 | - The **applications/** folder is where our application stack will be created.
64 |
65 |
66 |
67 | 
68 |
69 |
70 | ## Deploying the VPC
71 |
72 | Let's deploy first our VPC, since we need the networking components in order to create our nginx stack.
73 |
74 | Execute:
75 |
76 | ```shell
77 | cd modularized_tf/environments/providers/aws/prd/infraestructure/vpc
78 | ```
79 |
80 | Now we need to change the **AWS Bucket** where out Terraform State will be saved.
81 |
82 | Open **modularized_tf/environments/providers/aws/prd/infraestructure/vpc/main.tf** and do the follow:
83 |
84 | ```terraform
85 | terraform {
86 | backend "s3" {
87 | region = "us-east-1"
88 | bucket = ""
89 | key = "environments/providers/aws/prd/infraestructure/vpc/main.tf"
90 | encrypt = true
91 | }
92 | }
93 | ```
94 | > As you can see the lines of code of the file are very less from the other one, since all the complexity of resource creation is in the module layer
95 |
96 | We are able now to init our Terraform inside our folder, for this run the follow command:
97 |
98 | ```
99 | terraform init
100 | ```
101 |
102 |
103 |
104 |
105 |
106 | > It will initialize the modules
107 |
108 | Now it's time for **terraform plan**
109 |
110 | Execute:
111 |
112 | ```
113 | terraform plan
114 | ```
115 |
116 | The output will be the resources that we are going to provision or change during the terraform apply phase.
117 |
118 |
119 |
120 |
121 |
122 | Now let's apply our Terraform
123 |
124 | Execute:
125 |
126 | ```
127 | terraform apply
128 | ```
129 |
130 | When ask to confirm if you want to apply, type **yes**
131 |
132 | Wait some minutes to apply and the creation of resources.
133 |
134 |
135 |
136 |
137 |
138 | > As you can see, we've created our VPC, since VPC is a shared resource with multiple applications and stacks, we split from the web server stack.
139 |
140 | ## Deploying the Web Server Stack
141 |
142 | Let's deploy now the web server stack that we already deployed in the last module, but now we are using the modularized way approach.
143 |
144 | Execute:
145 |
146 | ```shell
147 | cd modularized_tf/environments/providers/aws/prd/applications/nginx-sample-stack/
148 | ```
149 |
150 | Now we need to change the **AWS Bucket** where out Terraform State will be saved, and also the AWS bucket where the VPC state is saved, since we are using terraform remote state approach to share states between tf stacks.
151 |
152 | The [terraform_remote_state data source](https://www.terraform.io/docs/providers/terraform/d/remote_state.html) retrieves the root module output values from some other Terraform configuration, using the latest state snapshot from the remote backend.
153 |
154 | This data source is built into Terraform, and is always available; you do not need to require or configure a provider in order to use it.
155 |
156 | > In this way we don't need to pass our VPC configuration manually inside tf files.
157 |
158 | Changing web server state:
159 |
160 | Open **modularized_tf/environments/providers/aws/prd/prd/applications/nginx-sample-stack/main.tf** and do the follow:
161 |
162 | ```terraform
163 | terraform {
164 | backend "s3" {
165 | region = "us-east-1"
166 | bucket = ""
167 | key = "environments/providers/aws/prd/applications/nginx-sample-stack/main.tf"
168 | encrypt = true
169 | }
170 | }
171 | ```
172 |
173 | Changing VPC remote state data source:
174 |
175 | Open **modularized_tf/environments/providers/aws/prd/prd/applications/nginx-sample-stack/data.tf** and do the follow:
176 |
177 | ```terraform
178 | // Terraform remote state
179 | data "terraform_remote_state" "vpc" {
180 | backend = "s3"
181 |
182 | config = {
183 | bucket = "" // Your bucket name
184 | key = "environments/providers/aws/prd/infraestructure/vpc/main.tf"
185 | region = "us-east-1"
186 | }
187 | }
188 | ```
189 |
190 | > As you can see it is referencing the VPC state that we created before
191 |
192 | We are able now to init, plan and apply our Terraform inside our folder, for this run the following commands:
193 |
194 | ```
195 | terraform init
196 | ```
197 |
198 | ```
199 | terraform plan
200 | ```
201 |
202 | ```
203 | terraform apply
204 | ```
205 |
206 | Now it's time to test, wait for 2 or 3 minutes before trying to open the Load Balancer DNS generated above.
207 |
208 | If everything works fine you will see the nginx web page.
209 |
210 |
211 |
212 |
213 |
214 | Now it's time to destroy our stack using **terraform destroy** command
215 |
216 | The terraform destroy command is used to destroy the Terraform-managed infrastructure.
217 |
218 | **DO NOT DESTROY THE VPC RESOURCES, ONLY DESTROY THE WEB SERVER STACK, WE ARE GOING TO USE THE SAME VPC IN THE NEXT MODULE**
219 |
220 | Execute:
221 |
222 | ```
223 | terraform destroy
224 | ```
225 |
226 | When ask to confirm if you want to destroy, type **yes**
227 |
228 | The Output should be the follow:
229 |
230 |
231 |
232 |
233 |
234 | As you can see, this command destroy all the resources that we provisioned before.
235 |
236 |
237 | # Completion
238 |
239 | Congratulations, you finished the second module.
240 |
241 | [Click here to go to the next module](../module_3)
242 |
243 |
244 |
245 |
246 |
247 |
--------------------------------------------------------------------------------
/module_2/images/nginx_page.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws-samples/terraform-sample-workshop/0a265e356a3cf4fd0f15ba821b7bedf712a32239/module_2/images/nginx_page.png
--------------------------------------------------------------------------------
/module_2/images/nginx_page.png.license:
--------------------------------------------------------------------------------
1 | Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 |
3 | SPDX-License-Identifier: MIT-0
--------------------------------------------------------------------------------
/module_2/images/terraform_apply.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws-samples/terraform-sample-workshop/0a265e356a3cf4fd0f15ba821b7bedf712a32239/module_2/images/terraform_apply.png
--------------------------------------------------------------------------------
/module_2/images/terraform_apply.png.license:
--------------------------------------------------------------------------------
1 | Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 |
3 | SPDX-License-Identifier: MIT-0
--------------------------------------------------------------------------------
/module_2/images/terraform_destroy.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws-samples/terraform-sample-workshop/0a265e356a3cf4fd0f15ba821b7bedf712a32239/module_2/images/terraform_destroy.png
--------------------------------------------------------------------------------
/module_2/images/terraform_destroy.png.license:
--------------------------------------------------------------------------------
1 | Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 |
3 | SPDX-License-Identifier: MIT-0
--------------------------------------------------------------------------------
/module_2/images/terraform_init.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws-samples/terraform-sample-workshop/0a265e356a3cf4fd0f15ba821b7bedf712a32239/module_2/images/terraform_init.png
--------------------------------------------------------------------------------
/module_2/images/terraform_init.png.license:
--------------------------------------------------------------------------------
1 | Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 |
3 | SPDX-License-Identifier: MIT-0
--------------------------------------------------------------------------------
/module_2/images/terraform_module.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws-samples/terraform-sample-workshop/0a265e356a3cf4fd0f15ba821b7bedf712a32239/module_2/images/terraform_module.png
--------------------------------------------------------------------------------
/module_2/images/terraform_module.png.license:
--------------------------------------------------------------------------------
1 | Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 |
3 | SPDX-License-Identifier: MIT-0
--------------------------------------------------------------------------------
/module_2/images/terraform_plan.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws-samples/terraform-sample-workshop/0a265e356a3cf4fd0f15ba821b7bedf712a32239/module_2/images/terraform_plan.png
--------------------------------------------------------------------------------
/module_2/images/terraform_plan.png.license:
--------------------------------------------------------------------------------
1 | Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 |
3 | SPDX-License-Identifier: MIT-0
--------------------------------------------------------------------------------
/module_2/modularized_tf/environments/providers/aws/prd/applications/nginx-sample-stack/data.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | // Terraform remote statate
6 | data "terraform_remote_state" "vpc" {
7 | backend = "s3"
8 |
9 | config = {
10 | bucket = "" // Your bucket name
11 | key = "environments/providers/aws/prd/infraestructure/vpc/main.tf"
12 | region = "us-east-1"
13 | }
14 | }
--------------------------------------------------------------------------------
/module_2/modularized_tf/environments/providers/aws/prd/applications/nginx-sample-stack/main.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | provider "aws" {
6 | region = module.environment.aws_region
7 | }
8 |
9 | terraform {
10 | backend "s3" {
11 | region = "us-east-1"
12 | bucket = ""
13 | key = "environments/providers/aws/prd/applications/nginx-sample-stack/main.tf"
14 | encrypt = true
15 | }
16 | }
17 |
18 | //Import the constants
19 | module "environment" {
20 | source = "../../"
21 | }
22 |
23 | module "aws_security_group_lb" {
24 | source = "../../../../../../modules/providers/aws/security_group/create_sg"
25 | sg_name = var.sg_name
26 | vpc_id = data.terraform_remote_state.vpc.outputs.vpc_id
27 | }
28 |
29 | module "sg_rules_https" {
30 | source = "../../../../../../modules/providers/aws/security_group/create_sg_rule"
31 | port = 80
32 | protocol = "TCP"
33 | ips_sg_list = var.ips_sg_list
34 | security_group_id = module.aws_security_group_lb.id
35 | }
36 |
37 | module "load_balancer" {
38 | source = "../../../../../../modules/providers/aws/elb"
39 | elb_name = var.elb_name
40 | subnets_ids = data.terraform_remote_state.vpc.outputs.public_subnets
41 | security_groups = module.aws_security_group_lb.id
42 | application_port = 80
43 | }
44 |
45 | module "aws_launch_configuration" {
46 | source = "../../../../../../modules/providers/aws/launch_config"
47 | lc_name = var.lc_name
48 | ami_id = var.ami_id
49 | instance_type = var.instance_type
50 | path_user_data = "./user_data.sh"
51 | security_groups = module.security_group.id
52 | iam_role = var.role_name
53 | key_name = var.key_pair
54 | }
55 |
56 | module "aws_autoscaling_group" {
57 | source = "../../../../../../modules/providers/aws/asg"
58 | asg_name = var.asg_name
59 | associate_elb = "ELB"
60 | load_balancer = [module.load_balancer.elb_name]
61 | health_check_type = "ELB"
62 | lc_name = module.aws_launch_configuration.lc_name
63 | subnets_id = data.terraform_remote_state.vpc.outputs.private_subnets
64 | tag_name = var.asg_name
65 | tag_team = var.team
66 | }
67 |
68 |
69 | module "security_group" {
70 | source = "../../../../../../modules/providers/aws/security_group/create_sg"
71 | sg_name = "wordpress-poc-sg"
72 | vpc_id = data.terraform_remote_state.vpc.outputs.vpc_id
73 | }
74 |
75 | module "add_sg_rule" {
76 | source = "../../../../../../modules/providers/aws/security_group/create_sg_rule"
77 | port = var.ec2_port
78 | ips_sg_list = ["10.5.0.0/16"]
79 | security_group_id = module.security_group.id
80 | }
81 |
--------------------------------------------------------------------------------
/module_2/modularized_tf/environments/providers/aws/prd/applications/nginx-sample-stack/outputs.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | output "elb_dns_name" {
6 | value = module.load_balancer.dns_name
7 | }
--------------------------------------------------------------------------------
/module_2/modularized_tf/environments/providers/aws/prd/applications/nginx-sample-stack/scripts/generate_ssh_key.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
4 | #
5 | # SPDX-License-Identifier: MIT-0
6 |
7 | echo "Press enter 3 times"
8 |
9 | ssh-keygen
10 |
11 | aws ec2 import-key-pair --key-name "nginx-demo-key" --public-key-material file://./id_rsa.pub
12 |
13 | echo "Key imported!"
14 |
15 |
--------------------------------------------------------------------------------
/module_2/modularized_tf/environments/providers/aws/prd/applications/nginx-sample-stack/user_data.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
4 | #
5 | # SPDX-License-Identifier: MIT-0
6 |
7 | sudo yum update
8 | sudo amazon-linux-extras install nginx1.12
9 | sudo service nginx start
10 | chkconfig nginx on
--------------------------------------------------------------------------------
/module_2/modularized_tf/environments/providers/aws/prd/applications/nginx-sample-stack/vars.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | variable "sg_name" {
6 | default = "lc-nginx-module"
7 | }
8 |
9 | variable "ips_sg_list" {
10 | default = ["0.0.0.0/0"]
11 | }
12 |
13 | variable "elb_name" {
14 | default = "lb-nginx-tf-module"
15 | }
16 |
17 |
18 | variable "lc_name" {
19 | default = "lc-nginx-module"
20 | }
21 |
22 | variable "ami_id" {
23 | default = "ami-0be2609ba883822ec"
24 | }
25 |
26 | variable "instance_type" {
27 | default = "t2.micro"
28 | }
29 |
30 | variable "role_name" {
31 | default = ""
32 | }
33 |
34 | variable "key_pair" {
35 | default = "nginx-demo-key"
36 | }
37 |
38 | variable "asg_name" {
39 | default = "nginx-module-asg"
40 | }
41 |
42 | variable "team" {
43 | default = "teste"
44 | }
45 |
46 | variable "ec2_port" {
47 | default = 80
48 | }
49 |
--------------------------------------------------------------------------------
/module_2/modularized_tf/environments/providers/aws/prd/environment.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | output "aws_region" {
6 | value = "us-east-1"
7 | }
8 |
9 | output "public_subnets" {
10 | value = ["", ""]
11 | }
12 |
13 | output "private_subnets" {
14 | value = ["", ""]
15 | }
--------------------------------------------------------------------------------
/module_2/modularized_tf/environments/providers/aws/prd/infraestructure/vpc/main.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | provider "aws" {
6 | region = module.environment.aws_region
7 | }
8 |
9 | terraform {
10 | backend "s3" {
11 | region = "us-east-1"
12 | bucket = ""
13 | key = "environments/providers/aws/prd/infraestructure/vpc/main.tf"
14 | encrypt = true
15 | }
16 | }
17 |
18 | //Import the constants
19 | module "environment" {
20 | source = "../../"
21 | }
22 |
23 | module "default_vpc" {
24 | source = "../../../../../../modules/providers/aws/vpc"
25 | vpc_name = var.vpc_name
26 | cidr_vpc = var.cidr_vpc
27 | environment = "prd"
28 | }
--------------------------------------------------------------------------------
/module_2/modularized_tf/environments/providers/aws/prd/infraestructure/vpc/outputs.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | output "vpc_id" {
6 | value = module.default_vpc.vpc_id
7 | }
8 |
9 | output "public_subnets" {
10 | value = module.default_vpc.public_subnets
11 | }
12 |
13 | output "private_subnets" {
14 | value = module.default_vpc.public_subnets
15 | }
--------------------------------------------------------------------------------
/module_2/modularized_tf/environments/providers/aws/prd/infraestructure/vpc/vars.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | variable "vpc_name" {
6 | default = "production-vpc"
7 | }
8 |
9 | variable "cidr_vpc" {
10 | default = "10.5.0.0/16"
11 | }
--------------------------------------------------------------------------------
/module_2/modularized_tf/modules/providers/aws/asg/main.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | resource "aws_autoscaling_group" "default_asg" {
6 | count = var.associate_elb == "EC2" ? 1 : 0
7 | name = var.asg_name
8 | max_size = var.max_size
9 | min_size = var.min_size
10 | health_check_grace_period = 300
11 | health_check_type = var.health_check_type
12 | desired_capacity = var.desired_capacity
13 | launch_configuration = var.lc_name
14 | vpc_zone_identifier = var.subnets_id
15 |
16 | tags = [{
17 | key = "Name"
18 | value = "${var.tag_name}"
19 | propagate_at_launch = true
20 | },
21 | {
22 | key = "Team"
23 | value = "${var.tag_team}"
24 | propagate_at_launch = true
25 | }]
26 |
27 | lifecycle {
28 | create_before_destroy = true
29 | }
30 | }
31 |
32 | resource "aws_autoscaling_group" "default_asg_elb" {
33 | count = var.associate_elb == "ELB" ? 1 : 0
34 | health_check_type = var.health_check_type
35 | name = var.asg_name
36 | max_size = var.max_size
37 | min_size = var.min_size
38 | health_check_grace_period = var.health_check_grace_period
39 | desired_capacity = var.desired_capacity
40 | launch_configuration = var.lc_name
41 | vpc_zone_identifier = var.subnets_id
42 |
43 | load_balancers = var.load_balancer
44 |
45 | tags = [{
46 | key = "Name"
47 | value = "${var.tag_name}"
48 | propagate_at_launch = true
49 | },
50 | {
51 | key = "Team"
52 | value = "${var.tag_team}"
53 | propagate_at_launch = true
54 | },
55 | ]
56 |
57 | lifecycle {
58 | create_before_destroy = true
59 | }
60 | }
61 |
62 | resource "aws_autoscaling_group" "default_asg_tg" {
63 | count = var.associate_elb == "TG" ? 1 : 0
64 | name = var.asg_name
65 | max_size = var.max_size
66 | min_size = var.min_size
67 | health_check_grace_period = 300
68 | health_check_type = var.health_check_type
69 | desired_capacity = var.desired_capacity
70 | launch_configuration = var.lc_name
71 | vpc_zone_identifier = var.subnets_id
72 | target_group_arns = var.target_group_arns
73 |
74 | tags = [{
75 | key = "Name"
76 | value = "${var.tag_name}"
77 | propagate_at_launch = true
78 | }]
79 |
80 | lifecycle {
81 | create_before_destroy = true
82 | }
83 | }
84 |
--------------------------------------------------------------------------------
/module_2/modularized_tf/modules/providers/aws/asg/outputs.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | output "asg_name" {
6 | value = aws_autoscaling_group.default_asg.*.name
7 | }
8 |
--------------------------------------------------------------------------------
/module_2/modularized_tf/modules/providers/aws/asg/vars.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | variable "asg_name" {}
6 |
7 | variable "max_size" {
8 | default = "1"
9 | }
10 |
11 | variable "min_size" {
12 | default = "1"
13 | }
14 |
15 | variable "health_check_grace_period" {
16 | default = 300
17 | }
18 |
19 | variable "desired_capacity" {
20 | default = "1"
21 | }
22 |
23 | variable "lc_name" {}
24 |
25 | variable "subnets_id" {
26 | type = list(string)
27 | }
28 |
29 | variable "tag_name" {}
30 |
31 | variable "tag_team" {}
32 |
33 | variable "load_balancer" {
34 | type = list(string)
35 | default = []
36 | }
37 |
38 | variable "health_check_type" {}
39 |
40 | variable "associate_elb" {}
41 |
42 | variable "target_group_arns" {
43 | default = []
44 | }
45 |
--------------------------------------------------------------------------------
/module_2/modularized_tf/modules/providers/aws/elb/main.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | resource "aws_elb" "default_elb" {
6 | name = var.elb_name
7 | subnets = var.subnets_ids
8 | security_groups = ["${var.security_groups}"]
9 | internal = var.internal
10 | idle_timeout = var.idle_timeout
11 | connection_draining = var.connection_draining
12 | connection_draining_timeout = var.connection_draining_timeout
13 |
14 | listener {
15 | instance_port = var.application_port
16 | instance_protocol = "http"
17 | lb_port = 80
18 | lb_protocol = "http"
19 | }
20 |
21 | health_check {
22 | healthy_threshold = 5
23 | unhealthy_threshold = 5
24 | timeout = 3
25 | target = var.healthcheck
26 | interval = 30
27 | }
28 | }
29 |
--------------------------------------------------------------------------------
/module_2/modularized_tf/modules/providers/aws/elb/outputs.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | output "elb_name" {
6 | value = aws_elb.default_elb.name
7 | }
8 |
9 | output "dns_name" {
10 | value = aws_elb.default_elb.dns_name
11 | }
12 |
--------------------------------------------------------------------------------
/module_2/modularized_tf/modules/providers/aws/elb/vars.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | variable "elb_name" {}
6 |
7 | variable "subnets_ids" {
8 | default = []
9 | }
10 |
11 | variable "application_port" {}
12 |
13 | variable "security_groups" {
14 | default = []
15 | }
16 |
17 | variable "internal" {
18 | default = false
19 | }
20 |
21 | variable "idle_timeout" {
22 | default = 400
23 | }
24 |
25 | variable "connection_draining" {
26 | default = false
27 | }
28 |
29 | variable "connection_draining_timeout" {
30 | default = 300
31 | }
32 |
33 | variable "healthcheck" {
34 | default = "TCP:80"
35 | }
--------------------------------------------------------------------------------
/module_2/modularized_tf/modules/providers/aws/launch_config/main.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | resource "aws_launch_configuration" "default_lc" {
6 | name_prefix = var.lc_name
7 | image_id = var.ami_id
8 | instance_type = var.instance_type
9 |
10 | user_data = data.template_file.user_data.rendered
11 | security_groups = ["${var.security_groups}"]
12 | iam_instance_profile = var.iam_role
13 | key_name = var.key_name
14 |
15 | lifecycle {
16 | create_before_destroy = true
17 | }
18 |
19 | root_block_device {
20 | volume_type = "gp2"
21 | volume_size = var.root_volume_size
22 | }
23 | }
24 |
25 | data "template_file" "user_data" {
26 | template = file("${var.path_user_data}")
27 | }
28 |
--------------------------------------------------------------------------------
/module_2/modularized_tf/modules/providers/aws/launch_config/outputs.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | output "lc_name" {
6 | value = aws_launch_configuration.default_lc.name
7 | }
8 |
--------------------------------------------------------------------------------
/module_2/modularized_tf/modules/providers/aws/launch_config/vars.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | variable "lc_name" {}
6 |
7 | variable "ami_id" {}
8 |
9 | variable "instance_type" {
10 | default = "t2.medium"
11 | }
12 |
13 | variable "path_user_data" {}
14 |
15 | variable "security_groups" {}
16 |
17 | variable "iam_role" {}
18 |
19 | variable "key_name" {}
20 |
21 | variable "root_volume_size" {
22 | default = 30
23 | }
24 |
--------------------------------------------------------------------------------
/module_2/modularized_tf/modules/providers/aws/security_group/attach_sg_ec2/main.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | resource "aws_network_interface_sg_attachment" "sg_attachment" {
6 | security_group_id = var.sg_id
7 | network_interface_id = var.primary_network_interface_id
8 | }
9 |
--------------------------------------------------------------------------------
/module_2/modularized_tf/modules/providers/aws/security_group/attach_sg_ec2/outputs.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
--------------------------------------------------------------------------------
/module_2/modularized_tf/modules/providers/aws/security_group/attach_sg_ec2/vars.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | variable "sg_id" {}
6 |
7 | variable "primary_network_interface_id" {}
8 |
--------------------------------------------------------------------------------
/module_2/modularized_tf/modules/providers/aws/security_group/create_sg/main.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | resource "aws_security_group" "default" {
6 | name = "${var.sg_name}-sg"
7 | description = "Managed by Terraform"
8 | vpc_id = var.vpc_id
9 |
10 | egress {
11 | from_port = 0
12 | to_port = 0
13 | protocol = "-1"
14 | cidr_blocks = ["0.0.0.0/0"]
15 | }
16 | }
17 |
--------------------------------------------------------------------------------
/module_2/modularized_tf/modules/providers/aws/security_group/create_sg/outputs.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | output "id" {
6 | value = aws_security_group.default.id
7 | }
8 |
--------------------------------------------------------------------------------
/module_2/modularized_tf/modules/providers/aws/security_group/create_sg/vars.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | variable "sg_name" {}
6 |
7 | variable "vpc_id" {}
8 |
--------------------------------------------------------------------------------
/module_2/modularized_tf/modules/providers/aws/security_group/create_sg_rule/main.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | resource "aws_security_group_rule" "allow_all" {
6 | type = "ingress"
7 | from_port = var.port
8 | to_port = var.port
9 | protocol = var.protocol
10 | cidr_blocks = var.ips_sg_list
11 |
12 | security_group_id = var.security_group_id
13 | }
14 |
--------------------------------------------------------------------------------
/module_2/modularized_tf/modules/providers/aws/security_group/create_sg_rule/outputs.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
--------------------------------------------------------------------------------
/module_2/modularized_tf/modules/providers/aws/security_group/create_sg_rule/vars.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | variable "port" {}
6 |
7 | variable "protocol" {
8 | default = "tcp"
9 | }
10 |
11 | variable "ips_sg_list" {
12 | type = list(string)
13 | }
14 |
15 | variable "security_group_id" {}
16 |
--------------------------------------------------------------------------------
/module_2/modularized_tf/modules/providers/aws/vpc/main.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | data "aws_availability_zones" "all" {}
6 |
7 | resource "aws_vpc" "vpc" {
8 | cidr_block = var.cidr_vpc
9 |
10 | enable_dns_hostnames = true
11 | enable_dns_support = true
12 | instance_tenancy = "default"
13 |
14 | tags = {
15 | Name = var.vpc_name
16 | }
17 | }
18 |
19 | resource "aws_subnet" "private_subnet" {
20 | vpc_id = aws_vpc.vpc.id
21 | count = var.subnet_count
22 | cidr_block = cidrsubnet(var.cidr_vpc, var.cidr_network_bits, count.index)
23 | availability_zone = element(data.aws_availability_zones.all.names, count.index)
24 | map_public_ip_on_launch = false
25 |
26 | tags = {
27 | Name = "private-${element(data.aws_availability_zones.all.names, count.index)}-subnet"
28 | }
29 |
30 | depends_on = [aws_vpc.vpc]
31 | }
32 |
33 | resource "aws_subnet" "public_subnet" {
34 | vpc_id = aws_vpc.vpc.id
35 | count = var.subnet_count
36 | cidr_block = cidrsubnet(var.cidr_vpc, var.cidr_network_bits, (count.index + length(split(",", lookup(var.azs, var.region)))))
37 | availability_zone = element(data.aws_availability_zones.all.names, count.index)
38 | map_public_ip_on_launch = true
39 |
40 | tags = {
41 | Name = "public-${element(data.aws_availability_zones.all.names, count.index)}-subnet"
42 | }
43 |
44 | depends_on = [aws_vpc.vpc]
45 | }
46 |
47 | resource "aws_internet_gateway" "internet_gateway" {
48 | vpc_id = aws_vpc.vpc.id
49 | depends_on = [aws_vpc.vpc]
50 | }
51 |
52 | resource "aws_eip" "nat_gateway_eip" {
53 | count = var.subnet_count
54 | vpc = true
55 | depends_on = [aws_internet_gateway.internet_gateway]
56 | }
57 |
58 | resource "aws_nat_gateway" "nat_gateway" {
59 | count = 2
60 | allocation_id = aws_eip.nat_gateway_eip.*.id[count.index]
61 | subnet_id = aws_subnet.public_subnet.*.id[count.index]
62 | depends_on = [aws_internet_gateway.internet_gateway, aws_subnet.public_subnet]
63 | }
64 |
65 | resource "aws_route_table" "public" {
66 | vpc_id = aws_vpc.vpc.id
67 |
68 | route {
69 | cidr_block = "0.0.0.0/0"
70 | gateway_id = aws_internet_gateway.internet_gateway.id
71 | }
72 |
73 | tags = {
74 | Name = "route_table_public"
75 | }
76 | }
77 |
78 | resource "aws_route_table" "private" {
79 | count = var.subnet_count
80 | vpc_id = aws_vpc.vpc.id
81 |
82 | route {
83 | cidr_block = "0.0.0.0/0"
84 | nat_gateway_id = element(aws_nat_gateway.nat_gateway.*.id, count.index)
85 | }
86 |
87 | tags = {
88 | Name = "route_table_private"
89 | }
90 | }
91 |
92 | resource "aws_route_table_association" "public_assoc" {
93 | count = length(split(",", lookup(var.azs, var.region)))
94 | subnet_id = element(aws_subnet.public_subnet.*.id, count.index)
95 | route_table_id = aws_route_table.public.id
96 | }
97 |
98 | resource "aws_route_table_association" "private_assoc" {
99 | count = 2
100 | subnet_id = element(aws_subnet.private_subnet.*.id, count.index)
101 | route_table_id = element(aws_route_table.private.*.id, count.index)
102 | }
103 |
104 | resource "aws_route53_zone" "main_zone" {
105 | name = "${var.environment}.${var.zone_name}.internal"
106 |
107 | vpc {
108 | vpc_id = aws_vpc.vpc.id
109 | }
110 | }
111 |
112 | resource "aws_security_group" "vpc_security_group" {
113 | name = "aws-${var.vpc_name}-vpc-sg"
114 | vpc_id = aws_vpc.vpc.id
115 | }
116 |
117 | resource "aws_security_group_rule" "allow_ssh_internal" {
118 | type = "ingress"
119 | from_port = 22
120 | to_port = 22
121 | protocol = "tcp"
122 | cidr_blocks = [var.cidr_vpc]
123 |
124 | security_group_id = aws_security_group.vpc_security_group.id
125 | }
126 |
127 | resource "aws_security_group_rule" "egress_allow_all" {
128 | type = "egress"
129 | from_port = 0
130 | to_port = 65535
131 | protocol = "all"
132 | cidr_blocks = ["0.0.0.0/0"]
133 |
134 | security_group_id = aws_security_group.vpc_security_group.id
135 | }
136 |
--------------------------------------------------------------------------------
/module_2/modularized_tf/modules/providers/aws/vpc/output.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | output "vpc_id" {
6 | value = aws_vpc.vpc.id
7 | }
8 |
9 | output "zone_id" {
10 | value = aws_route53_zone.main_zone.zone_id
11 | }
12 |
13 | output "public_subnets" {
14 | value = aws_subnet.public_subnet.*.id
15 | }
16 |
17 | output "private_subnets" {
18 | value = aws_subnet.private_subnet.*.id
19 | }
20 |
21 | output "vpc_security_group" {
22 | value = aws_security_group.vpc_security_group.id
23 | }
24 |
25 | output "route_table_public" {
26 | value = aws_route_table.public.id
27 | }
28 |
29 | output "route_table_private" {
30 | value = aws_route_table.private.*.id
31 | }
32 |
33 | output "nat_gateway_eip" {
34 | value = "[${join(",", aws_subnet.public_subnet.*.id)}]"
35 | }
36 |
--------------------------------------------------------------------------------
/module_2/modularized_tf/modules/providers/aws/vpc/vars.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | variable "vpc_name" {
6 | default = "dev"
7 | }
8 |
9 | variable "cidr_vpc" {
10 | default = "172.16.0.0/16"
11 | }
12 |
13 | variable "cidr_network_bits" {
14 | default = "8"
15 | }
16 |
17 | variable "subnet_count" {
18 | default = "2"
19 | }
20 |
21 | variable "azs" {
22 | default = {
23 | "us-east-1" = "us-east-1a,us-east-1b,us-east-1c,us-east-1d"
24 | }
25 | }
26 |
27 | variable "region" {
28 | default = "us-east-1"
29 | }
30 |
31 | variable "zone_name" {
32 | default = "client"
33 | }
34 |
35 | variable "environment" {
36 | default = "dev"
37 | }
38 |
--------------------------------------------------------------------------------
/module_3/README.md:
--------------------------------------------------------------------------------
1 |
6 |
7 | # Terraform Sample Workshop Module 3
8 |
9 | This module is responsible to teach you how to create other layer of abstraction, using module in module configuration, this enables you to create patterns for your stacks and write much less code reusing whats has already been written.
10 |
11 | > A module is a container for multiple resources that are used together. Modules can be used to create lightweight abstractions, so that you can describe your infrastructure in terms of its architecture, rather than directly in terms of physical objects.
12 |
13 | # Folder Structure
14 |
15 | ```
16 | └── modularized_tf
17 | ├── base_modules
18 | │ └── providers
19 | │ └── aws
20 | │ ├── asg/
21 | │ ├── elb/
22 | │ ├── launch_config/
23 | │ ├── security_group
24 | │ │ ├── attach_sg_ec2/
25 | │ │ ├── create_sg/
26 | │ │ └── create_sg_rule/
27 | │ └── vpc
28 | ├── component_modules
29 | │ └── nginx-webserver-stack/
30 | └── environments
31 | └── providers
32 | └── aws
33 | └── prd
34 | ├── applications
35 | │ └── nginx-sample-stack
36 | │ ├── scripts/
37 | └── environment.tf
38 | ```
39 |
40 | [environments](modularized_tf/environments) - This folder has the code that is responsible to call the modules, the modules together make a stack.
41 |
42 | [base_modules](modularized_tf/modules) - This is the folder where the modules are stored, so inside this folder we have the Terraform Resources.
43 |
44 | [component_modules](modularized_tf/component_modules) - This is the folder where module in module is stored, so inside this folder we have the combined modules to create our stack with patterns and pre-defined configurations.
45 |
46 | Inside every module and provider environment folder, we have the same structure of files descibred in module 1:
47 |
48 | - output.tf
49 | - main.tf
50 | - vars.tf
51 | - data.tf
52 |
53 | > If you need any information, go back to [module 1](../module_1/) and check it
54 |
55 | # Deploying our stack in a module in module way
56 |
57 | Now we don't have anymore one snippet that call the all the modules and create all the AWS resources, we have a snippet that calls a unique "big module" that combine many modules and patterns to create AWS resources.
58 |
59 |
60 | 
61 |
62 |
63 | Open the **base_modules/** folder and check it, you will see that is much similar to the file that we used in module 2.
64 |
65 | ## Deploying the Web Server Stack
66 |
67 | Let's deploy now the web server stack that we already deployed in the last module, but now we are using the module in module approach.
68 |
69 | Execute:
70 |
71 | ```shell
72 | cd modularized_tf/environments/providers/aws/prd/applications/nginx-sample-stack/
73 | ```
74 | > Don't forget to go to the module_3 folder before running the command above
75 |
76 | Now we need to change the **AWS Bucket** where out Terraform State will be saved, and also the AWS bucket where the VPC state is saved, since we are using terraform remote state approach to share states between tf stacks.
77 |
78 | The [terraform_remote_state data source](https://www.terraform.io/docs/providers/terraform/d/remote_state.html) retrieves the root module output values from some other Terraform configuration, using the latest state snapshot from the remote backend.
79 |
80 | This data source is built into Terraform, and is always available; you do not need to require or configure a provider in order to use it.
81 |
82 | > In this way we don't need to pass our VPC configuration manually inside tf files.
83 |
84 | Changing web server state:
85 |
86 | Open **modularized_tf/environments/providers/aws/prd/prd/applications/nginx-sample-stack/main.tf** and do the follow:
87 |
88 | ```terraform
89 | terraform {
90 | backend "s3" {
91 | region = "us-east-1"
92 | bucket = ""
93 | key = "environments/providers/aws/prd/applications/nginx-sample-stack/main.tf"
94 | encrypt = true
95 | }
96 | }
97 | ```
98 |
99 | Changing VPC remote state data source:
100 |
101 | Open **modularized_tf/environments/providers/aws/prd/prd/applications/nginx-sample-stack/data.tf** and do the follow:
102 |
103 | ```terraform
104 | // Terraform remote statate
105 | data "terraform_remote_state" "vpc" {
106 | backend = "s3"
107 |
108 | config = {
109 | bucket = "" // Your bucket name
110 | key = "environments/providers/aws/prd/infraestructure/vpc/main.tf"
111 | region = "us-east-1"
112 | }
113 | }
114 | ```
115 |
116 | > As you can see it is referencing the VPC state that we created in module 2
117 |
118 | Open the [main.tf](modularized_tf/environments/providers/aws/prd/prd/applications/nginx-sample-stack/main.tf) file again, as you can see it is much smaller than the file that we used in module 2, all the complexity of patterns stays in the middle layer (Component module) and the most default resources stays in the base layer (Base modules), in this way you can create component modules from the base modules letting the base modules as default as possible.
119 |
120 | We are able now to init, plan and apply our Terraform inside our folder, for this run the following commands:
121 |
122 | ```
123 | terraform init
124 | ```
125 |
126 | ```
127 | terraform plan
128 | ```
129 |
130 | ```
131 | terraform apply
132 | ```
133 |
134 | Now it's time to test, wait for 2 or 3 minutes before trying to open the Load Balancer DNS generated above.
135 |
136 | If everything works fine you will see the nginx web page.
137 |
138 |
139 |
140 |
141 |
142 | Now it's time to destroy our stack using **terraform destroy** command
143 |
144 | The terraform destroy command is used to destroy the Terraform-managed infrastructure.
145 |
146 | > We will need to destroy also the VPC created in the module 2
147 |
148 | First let's destroy the Web Server stack.
149 |
150 | Execute:
151 |
152 | ```
153 | terraform destroy
154 | ```
155 |
156 | When ask to confirm if you want to destroy, type **yes**
157 |
158 | Now go to module 2 VPC folder.
159 |
160 | Execute:
161 |
162 | ```shell
163 | cd ../../../../../../../../module_2/modularized_tf/environments/providers/aws/prd/infraestructure/vpc
164 | ```
165 |
166 | And execute:
167 |
168 | ```
169 | terraform destroy
170 | ```
171 |
172 | When ask to confirm if you want to destroy, type **yes**.
173 |
174 | Done!
175 |
176 | # Workshop Completion
177 |
178 | Congratulations, you've completed the Terraform Sample Workshop, where you learned the basics of Terraform, commands, module structure, remote state and other important things.
179 |
180 | For further information consult the full [Terraform documentation](https://www.terraform.io/intro/index.html)
--------------------------------------------------------------------------------
/module_3/images/nginx_page.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws-samples/terraform-sample-workshop/0a265e356a3cf4fd0f15ba821b7bedf712a32239/module_3/images/nginx_page.png
--------------------------------------------------------------------------------
/module_3/images/nginx_page.png.license:
--------------------------------------------------------------------------------
1 | Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 |
3 | SPDX-License-Identifier: MIT-0
--------------------------------------------------------------------------------
/module_3/images/terraform_agreggated_module.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws-samples/terraform-sample-workshop/0a265e356a3cf4fd0f15ba821b7bedf712a32239/module_3/images/terraform_agreggated_module.png
--------------------------------------------------------------------------------
/module_3/images/terraform_agreggated_module.png.license:
--------------------------------------------------------------------------------
1 | Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 |
3 | SPDX-License-Identifier: MIT-0
--------------------------------------------------------------------------------
/module_3/modularized_tf/base_modules/providers/aws/asg/main.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | resource "aws_autoscaling_group" "default_asg" {
6 | count = var.associate_elb == "EC2" ? 1 : 0
7 | name = var.asg_name
8 | max_size = var.max_size
9 | min_size = var.min_size
10 | health_check_grace_period = 300
11 | health_check_type = var.health_check_type
12 | desired_capacity = var.desired_capacity
13 | launch_configuration = var.lc_name
14 | vpc_zone_identifier = var.subnets_id
15 |
16 | tags = [{
17 | key = "Name"
18 | value = "${var.tag_name}"
19 | propagate_at_launch = true
20 | },
21 | {
22 | key = "Team"
23 | value = "${var.tag_team}"
24 | propagate_at_launch = true
25 | }]
26 |
27 | lifecycle {
28 | create_before_destroy = true
29 | }
30 | }
31 |
32 | resource "aws_autoscaling_group" "default_asg_elb" {
33 | count = var.associate_elb == "ELB" ? 1 : 0
34 | health_check_type = var.health_check_type
35 | name = var.asg_name
36 | max_size = var.max_size
37 | min_size = var.min_size
38 | health_check_grace_period = var.health_check_grace_period
39 | desired_capacity = var.desired_capacity
40 | launch_configuration = var.lc_name
41 | vpc_zone_identifier = var.subnets_id
42 |
43 | load_balancers = var.load_balancer
44 |
45 | tags = [{
46 | key = "Name"
47 | value = "${var.tag_name}"
48 | propagate_at_launch = true
49 | },
50 | {
51 | key = "Team"
52 | value = "${var.tag_team}"
53 | propagate_at_launch = true
54 | },
55 | ]
56 |
57 | lifecycle {
58 | create_before_destroy = true
59 | }
60 | }
61 |
62 | resource "aws_autoscaling_group" "default_asg_tg" {
63 | count = var.associate_elb == "TG" ? 1 : 0
64 | name = var.asg_name
65 | max_size = var.max_size
66 | min_size = var.min_size
67 | health_check_grace_period = 300
68 | health_check_type = var.health_check_type
69 | desired_capacity = var.desired_capacity
70 | launch_configuration = var.lc_name
71 | vpc_zone_identifier = var.subnets_id
72 | target_group_arns = var.target_group_arns
73 |
74 | tags = [{
75 | key = "Name"
76 | value = "${var.tag_name}"
77 | propagate_at_launch = true
78 | }]
79 |
80 | lifecycle {
81 | create_before_destroy = true
82 | }
83 | }
84 |
--------------------------------------------------------------------------------
/module_3/modularized_tf/base_modules/providers/aws/asg/outputs.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | output "asg_name" {
6 | value = aws_autoscaling_group.default_asg.*.name
7 | }
8 |
--------------------------------------------------------------------------------
/module_3/modularized_tf/base_modules/providers/aws/asg/vars.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | variable "asg_name" {}
6 |
7 | variable "max_size" {
8 | default = "1"
9 | }
10 |
11 | variable "min_size" {
12 | default = "1"
13 | }
14 |
15 | variable "health_check_grace_period" {
16 | default = 300
17 | }
18 |
19 | variable "desired_capacity" {
20 | default = "1"
21 | }
22 |
23 | variable "lc_name" {}
24 |
25 | variable "subnets_id" {
26 | type = list(string)
27 | }
28 |
29 | variable "tag_name" {}
30 |
31 | variable "tag_team" {}
32 |
33 | variable "load_balancer" {
34 | type = list(string)
35 | default = []
36 | }
37 |
38 | variable "health_check_type" {}
39 |
40 | variable "associate_elb" {}
41 |
42 | variable "target_group_arns" {
43 | default = []
44 | }
45 |
--------------------------------------------------------------------------------
/module_3/modularized_tf/base_modules/providers/aws/elb/main.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | resource "aws_elb" "default_elb" {
6 | name = var.elb_name
7 | subnets = var.subnets_ids
8 | security_groups = ["${var.security_groups}"]
9 | internal = var.internal
10 | idle_timeout = var.idle_timeout
11 | connection_draining = var.connection_draining
12 | connection_draining_timeout = var.connection_draining_timeout
13 |
14 | listener {
15 | instance_port = var.application_port
16 | instance_protocol = "http"
17 | lb_port = 80
18 | lb_protocol = "http"
19 | }
20 |
21 | health_check {
22 | healthy_threshold = 5
23 | unhealthy_threshold = 5
24 | timeout = 3
25 | target = var.healthcheck
26 | interval = 30
27 | }
28 | }
29 |
--------------------------------------------------------------------------------
/module_3/modularized_tf/base_modules/providers/aws/elb/outputs.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | output "elb_name" {
6 | value = aws_elb.default_elb.name
7 | }
8 |
9 | output "dns_name" {
10 | value = aws_elb.default_elb.dns_name
11 | }
12 |
--------------------------------------------------------------------------------
/module_3/modularized_tf/base_modules/providers/aws/elb/vars.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | variable "elb_name" {}
6 |
7 | variable "subnets_ids" {
8 | default = []
9 | }
10 |
11 | variable "application_port" {}
12 |
13 | variable "security_groups" {
14 | default = []
15 | }
16 |
17 | variable "internal" {
18 | default = false
19 | }
20 |
21 | variable "idle_timeout" {
22 | default = 400
23 | }
24 |
25 | variable "connection_draining" {
26 | default = false
27 | }
28 |
29 | variable "connection_draining_timeout" {
30 | default = 300
31 | }
32 |
33 | variable "healthcheck" {
34 | default = "TCP:80"
35 | }
--------------------------------------------------------------------------------
/module_3/modularized_tf/base_modules/providers/aws/launch_config/main.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | resource "aws_launch_configuration" "default_lc" {
6 | name_prefix = var.lc_name
7 | image_id = var.ami_id
8 | instance_type = var.instance_type
9 |
10 | user_data = data.template_file.user_data.rendered
11 | security_groups = ["${var.security_groups}"]
12 | iam_instance_profile = var.iam_role
13 | key_name = var.key_name
14 |
15 | lifecycle {
16 | create_before_destroy = true
17 | }
18 |
19 | root_block_device {
20 | volume_type = "gp2"
21 | volume_size = var.root_volume_size
22 | }
23 | }
24 |
25 | data "template_file" "user_data" {
26 | template = file("${var.path_user_data}")
27 | }
28 |
--------------------------------------------------------------------------------
/module_3/modularized_tf/base_modules/providers/aws/launch_config/outputs.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | output "lc_name" {
6 | value = aws_launch_configuration.default_lc.name
7 | }
8 |
--------------------------------------------------------------------------------
/module_3/modularized_tf/base_modules/providers/aws/launch_config/vars.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | variable "lc_name" {}
6 |
7 | variable "ami_id" {}
8 |
9 | variable "instance_type" {
10 | default = "t2.medium"
11 | }
12 |
13 | variable "path_user_data" {}
14 |
15 | variable "security_groups" {}
16 |
17 | variable "iam_role" {}
18 |
19 | variable "key_name" {}
20 |
21 | variable "root_volume_size" {
22 | default = 30
23 | }
24 |
--------------------------------------------------------------------------------
/module_3/modularized_tf/base_modules/providers/aws/security_group/attach_sg_ec2/main.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | resource "aws_network_interface_sg_attachment" "sg_attachment" {
6 | security_group_id = var.sg_id
7 | network_interface_id = var.primary_network_interface_id
8 | }
9 |
--------------------------------------------------------------------------------
/module_3/modularized_tf/base_modules/providers/aws/security_group/attach_sg_ec2/outputs.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
--------------------------------------------------------------------------------
/module_3/modularized_tf/base_modules/providers/aws/security_group/attach_sg_ec2/vars.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | variable "sg_id" {}
6 |
7 | variable "primary_network_interface_id" {}
8 |
--------------------------------------------------------------------------------
/module_3/modularized_tf/base_modules/providers/aws/security_group/create_sg/main.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | resource "aws_security_group" "default" {
6 | name = "${var.sg_name}-sg"
7 | description = "Managed by Terraform"
8 | vpc_id = var.vpc_id
9 |
10 | egress {
11 | from_port = 0
12 | to_port = 0
13 | protocol = "-1"
14 | cidr_blocks = ["0.0.0.0/0"]
15 | }
16 | }
17 |
--------------------------------------------------------------------------------
/module_3/modularized_tf/base_modules/providers/aws/security_group/create_sg/outputs.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | output "id" {
6 | value = aws_security_group.default.id
7 | }
8 |
--------------------------------------------------------------------------------
/module_3/modularized_tf/base_modules/providers/aws/security_group/create_sg/vars.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | variable "sg_name" {}
6 |
7 | variable "vpc_id" {}
8 |
--------------------------------------------------------------------------------
/module_3/modularized_tf/base_modules/providers/aws/security_group/create_sg_rule/main.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | resource "aws_security_group_rule" "allow_all" {
6 | type = "ingress"
7 | from_port = var.port
8 | to_port = var.port
9 | protocol = var.protocol
10 | cidr_blocks = var.ips_sg_list
11 |
12 | security_group_id = var.security_group_id
13 | }
14 |
--------------------------------------------------------------------------------
/module_3/modularized_tf/base_modules/providers/aws/security_group/create_sg_rule/outputs.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
--------------------------------------------------------------------------------
/module_3/modularized_tf/base_modules/providers/aws/security_group/create_sg_rule/vars.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | variable "port" {}
6 |
7 | variable "protocol" {
8 | default = "tcp"
9 | }
10 |
11 | variable "ips_sg_list" {
12 | type = list(string)
13 | }
14 |
15 | variable "security_group_id" {}
16 |
--------------------------------------------------------------------------------
/module_3/modularized_tf/base_modules/providers/aws/vpc/main.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | data "aws_availability_zones" "all" {}
6 |
7 | resource "aws_vpc" "vpc" {
8 | cidr_block = var.cidr_vpc
9 |
10 | enable_dns_hostnames = true
11 | enable_dns_support = true
12 | instance_tenancy = "default"
13 |
14 | tags = {
15 | Name = var.vpc_name
16 | }
17 | }
18 |
19 | resource "aws_subnet" "private_subnet" {
20 | vpc_id = aws_vpc.vpc.id
21 | count = var.subnet_count
22 | cidr_block = cidrsubnet(var.cidr_vpc, var.cidr_network_bits, count.index)
23 | availability_zone = element(data.aws_availability_zones.all.names, count.index)
24 | map_public_ip_on_launch = false
25 |
26 | tags = {
27 | Name = "private-${element(data.aws_availability_zones.all.names, count.index)}-subnet"
28 | }
29 |
30 | depends_on = [aws_vpc.vpc]
31 | }
32 |
33 | resource "aws_subnet" "public_subnet" {
34 | vpc_id = aws_vpc.vpc.id
35 | count = var.subnet_count
36 | cidr_block = cidrsubnet(var.cidr_vpc, var.cidr_network_bits, (count.index + length(split(",", lookup(var.azs, var.region)))))
37 | availability_zone = element(data.aws_availability_zones.all.names, count.index)
38 | map_public_ip_on_launch = true
39 |
40 | tags = {
41 | Name = "public-${element(data.aws_availability_zones.all.names, count.index)}-subnet"
42 | }
43 |
44 | depends_on = [aws_vpc.vpc]
45 | }
46 |
47 | resource "aws_internet_gateway" "internet_gateway" {
48 | vpc_id = aws_vpc.vpc.id
49 | depends_on = [aws_vpc.vpc]
50 | }
51 |
52 | resource "aws_eip" "nat_gateway_eip" {
53 | count = var.subnet_count
54 | vpc = true
55 | depends_on = [aws_internet_gateway.internet_gateway]
56 | }
57 |
58 | resource "aws_nat_gateway" "nat_gateway" {
59 | count = 2
60 | allocation_id = aws_eip.nat_gateway_eip.*.id[count.index]
61 | subnet_id = aws_subnet.public_subnet.*.id[count.index]
62 | depends_on = [aws_internet_gateway.internet_gateway, aws_subnet.public_subnet]
63 | }
64 |
65 | resource "aws_route_table" "public" {
66 | vpc_id = aws_vpc.vpc.id
67 |
68 | route {
69 | cidr_block = "0.0.0.0/0"
70 | gateway_id = aws_internet_gateway.internet_gateway.id
71 | }
72 |
73 | tags = {
74 | Name = "route_table_public"
75 | }
76 | }
77 |
78 | resource "aws_route_table" "private" {
79 | count = var.subnet_count
80 | vpc_id = aws_vpc.vpc.id
81 |
82 | route {
83 | cidr_block = "0.0.0.0/0"
84 | nat_gateway_id = element(aws_nat_gateway.nat_gateway.*.id, count.index)
85 | }
86 |
87 | tags = {
88 | Name = "route_table_private"
89 | }
90 | }
91 |
92 | resource "aws_route_table_association" "public_assoc" {
93 | count = length(split(",", lookup(var.azs, var.region)))
94 | subnet_id = element(aws_subnet.public_subnet.*.id, count.index)
95 | route_table_id = aws_route_table.public.id
96 | }
97 |
98 | resource "aws_route_table_association" "private_assoc" {
99 | count = 2
100 | subnet_id = element(aws_subnet.private_subnet.*.id, count.index)
101 | route_table_id = element(aws_route_table.private.*.id, count.index)
102 | }
103 |
104 | resource "aws_route53_zone" "main_zone" {
105 | name = "${var.environment}.${var.zone_name}.internal"
106 |
107 | vpc {
108 | vpc_id = aws_vpc.vpc.id
109 | }
110 | }
111 |
112 | resource "aws_security_group" "vpc_security_group" {
113 | name = "aws-${var.vpc_name}-vpc-sg"
114 | vpc_id = aws_vpc.vpc.id
115 | }
116 |
117 | resource "aws_security_group_rule" "allow_ssh_internal" {
118 | type = "ingress"
119 | from_port = 22
120 | to_port = 22
121 | protocol = "tcp"
122 | cidr_blocks = [var.cidr_vpc]
123 |
124 | security_group_id = aws_security_group.vpc_security_group.id
125 | }
126 |
127 | resource "aws_security_group_rule" "egress_allow_all" {
128 | type = "egress"
129 | from_port = 0
130 | to_port = 65535
131 | protocol = "all"
132 | cidr_blocks = ["0.0.0.0/0"]
133 |
134 | security_group_id = aws_security_group.vpc_security_group.id
135 | }
136 |
--------------------------------------------------------------------------------
/module_3/modularized_tf/base_modules/providers/aws/vpc/output.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | output "vpc_id" {
6 | value = aws_vpc.vpc.id
7 | }
8 |
9 | output "zone_id" {
10 | value = aws_route53_zone.main_zone.zone_id
11 | }
12 |
13 | output "public_subnets" {
14 | value = aws_subnet.public_subnet.*.id
15 | }
16 |
17 | output "private_subnets" {
18 | value = aws_subnet.private_subnet.*.id
19 | }
20 |
21 | output "vpc_security_group" {
22 | value = aws_security_group.vpc_security_group.id
23 | }
24 |
25 | output "route_table_public" {
26 | value = aws_route_table.public.id
27 | }
28 |
29 | output "route_table_private" {
30 | value = aws_route_table.private.*.id
31 | }
32 |
33 | output "nat_gateway_eip" {
34 | value = "[${join(",", aws_subnet.public_subnet.*.id)}]"
35 | }
36 |
--------------------------------------------------------------------------------
/module_3/modularized_tf/base_modules/providers/aws/vpc/vars.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | variable "vpc_name" {
6 | default = "dev"
7 | }
8 |
9 | variable "cidr_vpc" {
10 | default = "172.16.0.0/16"
11 | }
12 |
13 | variable "cidr_network_bits" {
14 | default = "8"
15 | }
16 |
17 | variable "subnet_count" {
18 | default = "2"
19 | }
20 |
21 | variable "azs" {
22 | default = {
23 | "us-east-1" = "us-east-1a,us-east-1b,us-east-1c,us-east-1d"
24 | }
25 | }
26 |
27 | variable "region" {
28 | default = "us-east-1"
29 | }
30 |
31 | variable "zone_name" {
32 | default = "client"
33 | }
34 |
35 | variable "environment" {
36 | default = "dev"
37 | }
38 |
--------------------------------------------------------------------------------
/module_3/modularized_tf/component_modules/nginx-webserver-stack/data.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
--------------------------------------------------------------------------------
/module_3/modularized_tf/component_modules/nginx-webserver-stack/main.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | module "aws_security_group_lb" {
6 | source = "../../base_modules/providers/aws/security_group/create_sg"
7 | sg_name = var.sg_name
8 | vpc_id = var.vpc_id
9 | }
10 |
11 | module "sg_rules_https" {
12 | source = "../../base_modules/providers/aws/security_group/create_sg_rule"
13 | port = 80
14 | protocol = "TCP"
15 | ips_sg_list = var.ips_sg_list
16 | security_group_id = module.aws_security_group_lb.id
17 | }
18 |
19 | module "load_balancer" {
20 | source = "../../base_modules/providers/aws/elb"
21 | elb_name = var.elb_name
22 | subnets_ids = var.public_subnets
23 | security_groups = module.aws_security_group_lb.id
24 | application_port = 80
25 | }
26 |
27 | module "aws_launch_configuration" {
28 | source = "../../base_modules/providers/aws/launch_config"
29 | lc_name = var.lc_name
30 | ami_id = var.ami_id
31 | instance_type = var.instance_type
32 | path_user_data = var.user_data_path
33 | security_groups = module.security_group.id
34 | iam_role = var.role_name
35 | key_name = var.key_pair
36 | }
37 |
38 | module "aws_autoscaling_group" {
39 | source = "../../base_modules/providers/aws/asg"
40 | asg_name = var.asg_name
41 | associate_elb = "ELB"
42 | load_balancer = [module.load_balancer.elb_name]
43 | health_check_type = "ELB"
44 | lc_name = module.aws_launch_configuration.lc_name
45 | subnets_id = var.private_subnets
46 | tag_name = var.asg_name
47 | tag_team = var.team
48 | }
49 |
50 |
51 | module "security_group" {
52 | source = "../../base_modules/providers/aws/security_group/create_sg"
53 | sg_name = "wordpress-poc-sg"
54 | vpc_id = var.vpc_id
55 | }
56 |
57 | module "add_sg_rule" {
58 | source = "../../base_modules/providers/aws/security_group/create_sg_rule"
59 | port = var.ec2_port
60 | ips_sg_list = ["10.5.0.0/16"]
61 | security_group_id = module.security_group.id
62 | }
63 |
--------------------------------------------------------------------------------
/module_3/modularized_tf/component_modules/nginx-webserver-stack/outputs.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | output "elb_dns_name" {
6 | value = module.load_balancer.dns_name
7 | }
--------------------------------------------------------------------------------
/module_3/modularized_tf/component_modules/nginx-webserver-stack/vars.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | variable "sg_name" {
6 | default = "lc-nginx-module"
7 | }
8 |
9 | variable "ips_sg_list" {
10 | default = ["0.0.0.0/0"]
11 | }
12 |
13 | variable "elb_name" {
14 | default = "lb-nginx-tf-module"
15 | }
16 |
17 |
18 | variable "lc_name" {
19 | default = "lc-nginx-module"
20 | }
21 |
22 | variable "ami_id" {
23 | default = "ami-0be2609ba883822ec"
24 | }
25 |
26 | variable "instance_type" {
27 | default = "t2.micro"
28 | }
29 |
30 | variable "role_name" {
31 | default = ""
32 | }
33 |
34 | variable "key_pair" {
35 | default = "nginx-demo-key"
36 | }
37 |
38 | variable "asg_name" {
39 | default = "nginx-module-asg"
40 | }
41 |
42 | variable "team" {
43 | default = "teste"
44 | }
45 |
46 | variable "ec2_port" {
47 | default = 80
48 | }
49 |
50 | variable "vpc_id" {}
51 |
52 | variable "public_subnets" {}
53 |
54 | variable "private_subnets" {}
55 |
56 | variable "user_data_path" {}
--------------------------------------------------------------------------------
/module_3/modularized_tf/environments/providers/aws/prd/applications/nginx-sample-stack/data.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | // Terraform remote statate
6 | data "terraform_remote_state" "vpc" {
7 | backend = "s3"
8 |
9 | config = {
10 | bucket = "" // Your bucket name
11 | key = "environments/providers/aws/prd/infraestructure/vpc/main.tf"
12 | region = "us-east-1"
13 | }
14 | }
--------------------------------------------------------------------------------
/module_3/modularized_tf/environments/providers/aws/prd/applications/nginx-sample-stack/main.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | provider "aws" {
6 | region = module.environment.aws_region
7 | }
8 |
9 | terraform {
10 | backend "s3" {
11 | region = "us-east-1"
12 | bucket = ""
13 | key = "environments/providers/aws/prd/applications/nginx-sample-stack/main.tf"
14 | encrypt = true
15 | }
16 | }
17 |
18 | //Import the constants
19 | module "environment" {
20 | source = "../../"
21 | }
22 |
23 | module "nginx_sample_stack" {
24 | source = "../../../../../../component_modules/nginx-webserver-stack"
25 | vpc_id = data.terraform_remote_state.vpc.outputs.vpc_id
26 | public_subnets = data.terraform_remote_state.vpc.outputs.public_subnets
27 | private_subnets = data.terraform_remote_state.vpc.outputs.private_subnets
28 | user_data_path = "./user_data.sh"
29 | }
--------------------------------------------------------------------------------
/module_3/modularized_tf/environments/providers/aws/prd/applications/nginx-sample-stack/outputs.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | output "elb_dns_name" {
6 | value = module.nginx_sample_stack.elb_dns_name
7 | }
--------------------------------------------------------------------------------
/module_3/modularized_tf/environments/providers/aws/prd/applications/nginx-sample-stack/scripts/generate_ssh_key.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
4 | #
5 | # SPDX-License-Identifier: MIT-0
6 |
7 | echo "Press enter 3 times"
8 |
9 | ssh-keygen
10 |
11 | aws ec2 import-key-pair --key-name "nginx-demo-key" --public-key-material file://./id_rsa.pub
12 |
13 | echo "Key imported!"
14 |
15 |
--------------------------------------------------------------------------------
/module_3/modularized_tf/environments/providers/aws/prd/applications/nginx-sample-stack/user_data.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
4 | #
5 | # SPDX-License-Identifier: MIT-0
6 |
7 | sudo yum update
8 | sudo amazon-linux-extras install nginx1.12
9 | sudo service nginx start
10 | chkconfig nginx on
--------------------------------------------------------------------------------
/module_3/modularized_tf/environments/providers/aws/prd/applications/nginx-sample-stack/vars.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | variable "sg_name" {
6 | default = "lc-nginx-module"
7 | }
8 |
9 | variable "ips_sg_list" {
10 | default = ["0.0.0.0/0"]
11 | }
12 |
13 | variable "elb_name" {
14 | default = "lb-nginx-tf-module"
15 | }
16 |
17 |
18 | variable "lc_name" {
19 | default = "lc-nginx-module"
20 | }
21 |
22 | variable "ami_id" {
23 | default = "ami-0be2609ba883822ec"
24 | }
25 |
26 | variable "instance_type" {
27 | default = "t2.micro"
28 | }
29 |
30 | variable "role_name" {
31 | default = ""
32 | }
33 |
34 | variable "key_pair" {
35 | default = "nginx-demo-key"
36 | }
37 |
38 | variable "asg_name" {
39 | default = "nginx-module-asg"
40 | }
41 |
42 | variable "team" {
43 | default = "teste"
44 | }
45 |
46 | variable "ec2_port" {
47 | default = 80
48 | }
49 |
--------------------------------------------------------------------------------
/module_3/modularized_tf/environments/providers/aws/prd/environment.tf:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | #
3 | # SPDX-License-Identifier: MIT-0
4 |
5 | output "aws_region" {
6 | value = "us-east-1"
7 | }
8 |
9 | output "public_subnets" {
10 | value = ["", ""]
11 | }
12 |
13 | output "private_subnets" {
14 | value = ["", ""]
15 | }
--------------------------------------------------------------------------------