├── .gitignore ├── aws_ami.tf ├── main_script.tf ├── user_data.tpl ├── user_data.tpl.back └── variables.tf /.gitignore: -------------------------------------------------------------------------------- 1 | # Local .terraform directories 2 | **/.terraform/* 3 | 4 | # Terraform lockfile 5 | .terraform.lock.hcl 6 | .terraform 7 | *.hcl 8 | # .tfstate files 9 | *.tfstate 10 | *.tfstate.* 11 | 12 | # Crash log files 13 | crash.log 14 | .vscode 15 | 16 | # Exclude all .tfvars files, which are likely to contain sentitive data, such as 17 | # password, private keys, and other secrets. These should not be part of version 18 | # control as they are data points which are potentially sensitive and subject 19 | # to change depending on the environment. 20 | *.tfvars 21 | 22 | # Ignore override files as they are usually used to override resources locally and so 23 | # are not checked in 24 | override.tf 25 | override.tf.json 26 | *_override.tf 27 | *_override.tf.json 28 | 29 | # Ignore CLI configuration files 30 | .terraformrc 31 | terraform.rc 32 | 33 | *.zip -------------------------------------------------------------------------------- /aws_ami.tf: -------------------------------------------------------------------------------- 1 | data "aws_ami" "linux2" { 2 | most_recent = true 3 | owners = ["amazon"] 4 | 5 | filter { 6 | name = "name" 7 | values = ["amzn2-ami-hvm-*-x86_64-gp2"] 8 | } 9 | 10 | 11 | filter { 12 | name = "virtualization-type" 13 | values = ["hvm"] 14 | } 15 | } 16 | 17 | 18 | -------------------------------------------------------------------------------- /main_script.tf: -------------------------------------------------------------------------------- 1 | # provider "aws" { 2 | 3 | # region = var.region 4 | # shared_credentials_file = var.shared_credentials_file 5 | # } 6 | 7 | 8 | # Create VPC 9 | resource "aws_vpc" "prod-vpc" { 10 | cidr_block = var.VPC_cidr 11 | enable_dns_support = "true" #gives you an internal domain name 12 | enable_dns_hostnames = "true" #gives you an internal host name 13 | enable_classiclink = "false" 14 | instance_tenancy = "default" 15 | 16 | 17 | } 18 | 19 | # Create Public Subnet for EC2 20 | resource "aws_subnet" "prod-subnet-public-1" { 21 | vpc_id = aws_vpc.prod-vpc.id 22 | cidr_block = var.subnet1_cidr 23 | map_public_ip_on_launch = "true" //it makes this a public subnet 24 | availability_zone = var.AZ1 25 | 26 | } 27 | 28 | # Create Private subnet for RDS 29 | resource "aws_subnet" "prod-subnet-private-1" { 30 | vpc_id = aws_vpc.prod-vpc.id 31 | cidr_block = var.subnet2_cidr 32 | map_public_ip_on_launch = "false" //it makes private subnet 33 | availability_zone = var.AZ2 34 | 35 | } 36 | 37 | # Create second Private subnet for RDS 38 | resource "aws_subnet" "prod-subnet-private-2" { 39 | vpc_id = aws_vpc.prod-vpc.id 40 | cidr_block = var.subnet3_cidr 41 | map_public_ip_on_launch = "false" //it makes private subnet 42 | availability_zone = var.AZ3 43 | 44 | } 45 | 46 | 47 | 48 | # Create IGW for internet connection 49 | resource "aws_internet_gateway" "prod-igw" { 50 | vpc_id = aws_vpc.prod-vpc.id 51 | 52 | } 53 | 54 | # Creating Route table 55 | resource "aws_route_table" "prod-public-crt" { 56 | vpc_id = aws_vpc.prod-vpc.id 57 | 58 | route { 59 | //associated subnet can reach everywhere 60 | cidr_block = "0.0.0.0/0" 61 | //CRT uses this IGW to reach internet 62 | gateway_id = aws_internet_gateway.prod-igw.id 63 | } 64 | 65 | 66 | } 67 | 68 | 69 | # Associating route tabe to public subnet 70 | resource "aws_route_table_association" "prod-crta-public-subnet-1" { 71 | subnet_id = aws_subnet.prod-subnet-public-1.id 72 | route_table_id = aws_route_table.prod-public-crt.id 73 | } 74 | 75 | 76 | 77 | //security group for EC2 78 | 79 | resource "aws_security_group" "ec2_allow_rule" { 80 | 81 | 82 | ingress { 83 | description = "HTTPS" 84 | from_port = 443 85 | to_port = 443 86 | protocol = "tcp" 87 | cidr_blocks = ["0.0.0.0/0"] 88 | } 89 | 90 | ingress { 91 | description = "HTTP" 92 | from_port = 80 93 | to_port = 80 94 | protocol = "tcp" 95 | cidr_blocks = ["0.0.0.0/0"] 96 | } 97 | 98 | ingress { 99 | description = "MYSQL" 100 | from_port = 3306 101 | to_port = 3306 102 | protocol = "tcp" 103 | cidr_blocks = ["0.0.0.0/0"] 104 | } 105 | 106 | ingress { 107 | description = "SSH" 108 | from_port = 22 109 | to_port = 22 110 | protocol = "tcp" 111 | cidr_blocks = ["0.0.0.0/0"] 112 | } 113 | ingress { 114 | description = "HTTPS" 115 | from_port = 8080 116 | to_port = 8080 117 | protocol = "tcp" 118 | cidr_blocks = ["0.0.0.0/0"] 119 | } 120 | 121 | egress { 122 | from_port = 0 123 | to_port = 0 124 | protocol = "-1" 125 | cidr_blocks = ["0.0.0.0/0"] 126 | } 127 | vpc_id = aws_vpc.prod-vpc.id 128 | tags = { 129 | Name = "allow ssh,http,https" 130 | } 131 | } 132 | 133 | 134 | # Security group for RDS 135 | resource "aws_security_group" "RDS_allow_rule" { 136 | vpc_id = aws_vpc.prod-vpc.id 137 | ingress { 138 | from_port = 3306 139 | to_port = 3306 140 | protocol = "tcp" 141 | security_groups = ["${aws_security_group.ec2_allow_rule.id}"] 142 | } 143 | # Allow all outbound traffic. 144 | egress { 145 | from_port = 0 146 | to_port = 0 147 | protocol = "-1" 148 | cidr_blocks = ["0.0.0.0/0"] 149 | } 150 | tags = { 151 | Name = "allow ec2" 152 | } 153 | 154 | } 155 | 156 | # Create RDS Subnet group 157 | resource "aws_db_subnet_group" "RDS_subnet_grp" { 158 | subnet_ids = ["${aws_subnet.prod-subnet-private-1.id}", "${aws_subnet.prod-subnet-private-2.id}"] 159 | } 160 | 161 | # Create RDS instance 162 | resource "aws_db_instance" "wordpressdb" { 163 | allocated_storage = 10 164 | engine = "mysql" 165 | engine_version = "5.7" 166 | instance_class = var.instance_class 167 | db_subnet_group_name = aws_db_subnet_group.RDS_subnet_grp.id 168 | vpc_security_group_ids = ["${aws_security_group.RDS_allow_rule.id}"] 169 | db_name = var.MYSQL_DATABASE 170 | username = var.MYSQL_USERNAME 171 | password = var.MYSQL_PASSWORD 172 | # db = var.MYSQL_HOST 173 | # database = var.MYSQL_HOST 174 | skip_final_snapshot = true 175 | } 176 | 177 | # change USERDATA varible value after grabbing RDS endpoint info 178 | # data "template_file" "user_data" { 179 | # template = file("./user_data.tpl") 180 | # vars = { 181 | # MYSQL_USERNAME = var.MYSQL_USERNAME 182 | # MYSQL_PASSWORD = var.MYSQL_PASSWORD 183 | # MYSQL_DATABASE = var.MYSQL_DATABASE 184 | # MYSQL_HOST = var.MYSQL_HOST 185 | # db_RDS = aws_db_instance.wordpressdb.endpoint 186 | # } 187 | # } 188 | data "template_file" "user_data" { 189 | # template = file("./user_data.tpl") 190 | template = file("./user_data.tpl") 191 | vars = { 192 | db_username = var.MYSQL_USERNAME 193 | db_user_password = var.MYSQL_PASSWORD 194 | db_name = var.MYSQL_DATABASE 195 | db_RDS = aws_db_instance.wordpressdb.endpoint 196 | } 197 | } 198 | 199 | 200 | # Create EC2 ( only after RDS is provisioned) 201 | resource "aws_instance" "wordpressec2" { 202 | ami = data.aws_ami.linux2.id 203 | instance_type = var.instance_type 204 | subnet_id = aws_subnet.prod-subnet-public-1.id 205 | security_groups = ["${aws_security_group.ec2_allow_rule.id}"] 206 | # user_data = data.template_file.user_data.rendered 207 | # key_name = aws_key_pair.mykey-pair.id 208 | user_data = data.template_file.user_data.rendered 209 | #babak 210 | # key_name = var.key_name 211 | tags = { 212 | Name = "Wordpress.web" 213 | } 214 | 215 | depends_on = [aws_db_instance.wordpressdb] 216 | } 217 | 218 | // Sends your public key to the instance 219 | # resource "aws_key_pair" "mykey-pair" { 220 | # key_name = "mykey-pair" 221 | # public_key = file(var.PUBLIC_KEY_PATH) 222 | # } 223 | 224 | # creating Elastic IP for EC2 225 | resource "aws_eip" "eip" { 226 | instance = aws_instance.wordpressec2.id 227 | 228 | } 229 | 230 | output "IP" { 231 | value = aws_eip.eip.public_ip 232 | } 233 | output "RDS-Endpoint" { 234 | value = aws_db_instance.wordpressdb.endpoint 235 | } 236 | 237 | # output "INFO" { 238 | # value = "AWS Resources and Wordpress has been provisioned. Go to http://${aws_eip.eip.public_ip}" 239 | # } 240 | 241 | # resource "null_resource" "Wordpress_Installation_Waiting" { 242 | # connection { 243 | # type = "ssh" 244 | # user = var.IsUbuntu ? "ubuntu" : "ec2-user" 245 | # private_key = file(var.PRIV_KEY_PATH) 246 | # host = aws_eip.eip.public_ip 247 | # } 248 | 249 | 250 | # provisioner "remote-exec" { 251 | # inline = ["sudo tail -f -n0 /var/log/cloud-init-output.log| grep -q 'WordPress Installed'"] 252 | 253 | # } 254 | # } 255 | 256 | 257 | 258 | 259 | 260 | 261 | 262 | ################################ 263 | ## wordpressec2 output 264 | ################################ 265 | 266 | output "wordpressec2_arn" { 267 | value = aws_instance.wordpressec2.arn 268 | sensitive = false 269 | } 270 | output "wordpressec2_private_dns" { 271 | value = aws_instance.wordpressec2.private_dns 272 | sensitive = false 273 | } 274 | output "wordpressec2_public_dns" { 275 | value = aws_instance.wordpressec2.public_dns 276 | sensitive = false 277 | } 278 | output "wordpressec2_public_ip" { 279 | value = aws_instance.wordpressec2.public_ip 280 | sensitive = false 281 | } -------------------------------------------------------------------------------- /user_data.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | db_username=${db_username} 3 | db_user_password=${db_user_password} 4 | db_name=${db_name} 5 | db_RDS=${db_RDS} 6 | 7 | 8 | sudo yum update -y 9 | sudo yum install -y polkit 10 | sudo yum install -y git 11 | git clone git@github.com:amir-akhavans/ecs-project.git 12 | sudo yum install -y htop 13 | mv ecs-project/* ./ 14 | 15 | mv ./docker/web/Dockerfile ./ 16 | sudo yum install -y docker 17 | sudo systemctl enable docker.service 18 | sudo systemctl start docker.service 19 | sudo docker build -t fixably . 20 | sudo docker run -e MYSQL_DATABASE=$db_name -e MYSQL_USERNAME=$db_username -e MYSQL_PASSWORD=$db_user_password -e MYSQL_HOST=$db_RDS --name project -p 8080:80 fixably 21 | -------------------------------------------------------------------------------- /user_data.tpl.back: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | 4 | # database_name = var.database_name 5 | # database_password = var.database_password 6 | # database_user = var.database_user 7 | 8 | # - MYSQL_PASSWORD=${MYSQL_PASSWORD} 9 | # - MYSQL_DATABASE=${MYSQL_DATABASE} 10 | # - MYSQL_HOST=${MYSQL_HOST} 11 | # - MYSQL_USERNAME=${MYSQL_USERNAME} 12 | 13 | sudo yum update -y 14 | 15 | #sudo yum install -y httpd 16 | #sudo yum install -y mysql 17 | 18 | # sudo systemctl start httpd 19 | # sudo usermod -a -G apache ec2-user 20 | 21 | sudo yum install -y git 22 | #cd /var/www/html 23 | 24 | sudo git clone https://github.com/amir-akhavans/ecs-project.git 25 | #sudo mv ./public /var/www/html 26 | sudo mv ./ecs-project/docker/web/Dockerfile ./ 27 | sudo mv ecs-project/* ./ 28 | rm -R ecs-project 29 | 30 | sudo yum install -y docker 31 | 32 | sudo systemctl enable docker.service 33 | sudo systemctl start docker.service 34 | sudo docker build -t fixably . 35 | sudo docker run -e MYSQL_DATABASE="hello" -e MYSQL_USERNAME="root" -e MYSQL_PASSWORD="12345678" -e MYSQL_HOST="mysql" --name project -p 80:80 fixably 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | # # variable will be populated by terraform template 45 | # db_username=${db_username} 46 | # db_user_password=${db_user_password} 47 | # db_name=${db_name} 48 | # db_RDS=${db_RDS} 49 | # # install LAMP Server 50 | # yum update -y 51 | # #install apache server and mysql client 52 | # yum install -y httpd 53 | # yum install -y mysql 54 | 55 | 56 | # #first enable php7.xx from amazon-linux-extra and install it 57 | 58 | # amazon-linux-extras enable php7.4 59 | # yum clean metadata 60 | # yum install -y php php-{pear,cgi,common,curl,mbstring,gd,mysqlnd,gettext,bcmath,json,xml,fpm,intl,zip,imap,devel} 61 | # #install imagick extension 62 | # yum -y install gcc ImageMagick ImageMagick-devel ImageMagick-perl 63 | # pecl install imagick 64 | # chmod 755 /usr/lib64/php/modules/imagick.so 65 | # cat <>/etc/php.d/20-imagick.ini 66 | 67 | # extension=imagick 68 | 69 | # EOF 70 | 71 | # systemctl restart php-fpm.service 72 | 73 | 74 | 75 | 76 | # systemctl start httpd 77 | 78 | 79 | # # Change OWNER and permission of directory /var/www 80 | # usermod -a -G apache ec2-user 81 | # chown -R ec2-user:apache /var/www 82 | # find /var/www -type d -exec chmod 2775 {} \; 83 | # find /var/www -type f -exec chmod 0664 {} \; 84 | 85 | 86 | # # #**********************Installing Wordpress manually********************************* 87 | # # # Download wordpress package and extract 88 | # # wget https://wordpress.org/latest.tar.gz 89 | # # tar -xzf latest.tar.gz 90 | # # cp -r wordpress/* /var/www/html/ 91 | # # # Create wordpress configuration file and update database value 92 | # # cd /var/www/html 93 | # # cp wp-config-sample.php wp-config.php 94 | # # sed -i "s/database_name_here/$db_name/g" wp-config.php 95 | # # sed -i "s/username_here/$db_username/g" wp-config.php 96 | # # sed -i "s/password_here/$db_user_password/g" wp-config.php 97 | # # sed -i "s/localhost/$db_RDS/g" wp-config.php 98 | # # cat <>/var/www/html/wp-config.php 99 | # # define( 'FS_METHOD', 'direct' ); 100 | # # define('WP_MEMORY_LIMIT', '128M'); 101 | # # EOF 102 | 103 | # #**********************Installing Wordpress using WP CLI********************************* 104 | # curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar 105 | # chmod +x wp-cli.phar 106 | # mv wp-cli.phar /usr/local/bin/wp 107 | # wp core download --path=/var/www/html --allow-root 108 | # wp config create --dbname=$db_name --dbuser=$db_username --dbpass=$db_user_password --dbhost=$db_RDS --path=/var/www/html --allow-root --extra-php </,/<\/Directory>/ s/AllowOverride None/AllowOverride all/' /etc/httpd/conf/httpd.conf 122 | 123 | # #Make apache autostart and restart apache 124 | # systemctl enable httpd.service 125 | # systemctl restart httpd.service 126 | # echo WordPress Installed 127 | 128 | -------------------------------------------------------------------------------- /variables.tf: -------------------------------------------------------------------------------- 1 | 2 | variable "MYSQL_USERNAME" { 3 | default = "root" 4 | } 5 | 6 | variable "MYSQL_PASSWORD" { 7 | default = "12345678" 8 | } 9 | 10 | variable "MYSQL_DATABASE" { 11 | default = "hello" 12 | } 13 | 14 | # variable "MYSQL_HOST" { 15 | # default = "mysql" 16 | # } 17 | 18 | variable "region" { 19 | default = "eu-west-1" 20 | } 21 | 22 | 23 | # variable "shared_credentials_file" { 24 | # default = 25 | # } 26 | variable "IsUbuntu" { 27 | type = bool 28 | default = false 29 | 30 | } 31 | variable "AZ1" { 32 | default = "eu-west-1a" 33 | } 34 | variable "AZ2" { 35 | default = "eu-west-1b" 36 | } 37 | variable "AZ3" { 38 | default = "eu-west-1c" 39 | } 40 | variable "VPC_cidr" { 41 | default = "10.0.0.0/16" 42 | } 43 | variable "subnet1_cidr" { 44 | default = "10.0.1.0/24" 45 | } 46 | variable "subnet2_cidr" { 47 | default = "10.0.2.0/24" 48 | } 49 | variable "subnet3_cidr" { 50 | default = "10.0.3.0/24" 51 | } 52 | variable "instance_type" { 53 | default = "t2.micro" 54 | } 55 | variable "instance_class" { 56 | default = "db.t2.micro" 57 | } 58 | # variable "PUBLIC_KEY_PATH" { 59 | # default = 60 | # } 61 | # variable "PRIV_KEY_PATH" {} 62 | 63 | ################################################################ 64 | # babak 65 | ################################################################ 66 | variable "key_name" { 67 | default = "Demo2" 68 | } --------------------------------------------------------------------------------