├── terraform
    ├── .gitignore
    ├── iam-instance-profile.tf
    ├── outputs.tf
    ├── iam-policy.tf
    ├── terraform.tf
    ├── iam-role.tf
    ├── jumphost.tf
    ├── variables.tf
    ├── vpc.tf
    └── install-tools.sh
├── .github
    └── workflows
    │   └── terraform.yml
└── README.md


/terraform/.gitignore:
--------------------------------------------------------------------------------
1 | .terraform
2 | 


--------------------------------------------------------------------------------
/terraform/iam-instance-profile.tf:
--------------------------------------------------------------------------------
1 | resource "aws_iam_instance_profile" "instance-profile" {
2 |   name = "Jumphost-instance-profile"
3 |   role = aws_iam_role.iam-role.name
4 | }


--------------------------------------------------------------------------------
/terraform/outputs.tf:
--------------------------------------------------------------------------------
1 | output "region" {
2 |     description = "Jumphost Server region"
3 |     value = var.region
4 | }
5 | output "jumphost_public_ip" {
6 |   description = "Public IP address of the EC2 jumphost"
7 |   value       = aws_instance.ec2.public_ip
8 | }


--------------------------------------------------------------------------------
/terraform/iam-policy.tf:
--------------------------------------------------------------------------------
1 | resource "aws_iam_role_policy_attachment" "iam-policy" {
2 |   role = aws_iam_role.iam-role.name
3 |   # Just for testing purpose, don't try to give administrator access in production
4 |   policy_arn = "arn:aws:iam::aws:policy/AdministratorAccess"
5 | }


--------------------------------------------------------------------------------
/terraform/terraform.tf:
--------------------------------------------------------------------------------
 1 | terraform {
 2 |   required_providers {
 3 |     aws = {
 4 |         source = "hashicorp/aws"
 5 |         version = ">= 5.25.0"
 6 |     }
 7 |   }
 8 | 
 9 |   backend "s3" {
10 |     bucket = "cloudcore007"
11 |     key    = "terraform.tfstate"
12 |     region = "us-east-1"
13 |   }
14 | 
15 |   required_version = ">= 1.6.3"
16 | }


--------------------------------------------------------------------------------
/terraform/iam-role.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_iam_role" "iam-role" {
 2 |   name               = var.iam-role
 3 |   assume_role_policy = <<EOF
 4 | {
 5 |   "Version": "2012-10-17",
 6 |   "Statement": [
 7 |     {
 8 |       "Effect": "Allow",
 9 |       "Principal": {
10 |         "Service": "ec2.amazonaws.com"
11 |       },
12 |       "Action": "sts:AssumeRole"
13 |     }
14 |   ]
15 | }
16 | EOF
17 | }


--------------------------------------------------------------------------------
/terraform/jumphost.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_instance" "ec2" {
 2 |   ami                    = var.ami_id
 3 |   instance_type          = var.instance_type
 4 |   key_name               = var.key_name
 5 |   subnet_id              = aws_subnet.public-subnet.id
 6 |   vpc_security_group_ids = [aws_security_group.security-group.id]
 7 |   iam_instance_profile = aws_iam_instance_profile.instance-profile.name
 8 |   root_block_device {
 9 |     volume_size = 30
10 |   }
11 |   user_data = templatefile("./install-tools.sh", {})
12 | 
13 |   tags = {
14 |     Name = var.instance_name
15 |   }
16 | }


--------------------------------------------------------------------------------
/terraform/variables.tf:
--------------------------------------------------------------------------------
 1 | variable "region" {
 2 |   description = "AWS region"
 3 |   type = string
 4 |   default = "us-east-1"
 5 | }
 6 | 
 7 | variable "vpc-name" {
 8 |   description = "VPC Name for our Jumphost server"
 9 |   type = string
10 |   default = "Jumphost-vpc"
11 | }
12 | 
13 | variable "igw-name" {
14 |   description = "Internet Gate Way Name for our Jumphost server"
15 |   type = string
16 |   default = "Jumphost-igw"
17 | }
18 | 
19 | variable "subnet-name" {
20 |   description = "Subnet Name for our Jumphost server"
21 |   type = string
22 |   default = "Jumphost-subnet"
23 | }
24 | 
25 | variable "rt-name" {
26 |   description = "Route Table Name for our Jumphost server"
27 |   type = string
28 |   default = "Jumphost-rt"
29 | }
30 | 
31 | variable "sg-name" {
32 |   description = "Security Group for our Jumphost server"
33 |   type = string
34 |   default = "Jumphost-sg"
35 | }
36 | 
37 | 
38 | variable "iam-role" {
39 |   description = "IAM Role for the Jumphost Server"
40 |   type = string
41 |   default = "Jumphost-iam-role"
42 | }
43 | 
44 | variable "ami_id" {
45 |   description = "AMI ID for the EC2 instance"
46 |   type        = string
47 |   default     = "ami-0c7217cdde317cfec" // Replace with the latest AMI ID for your region
48 | }
49 | 
50 | variable "instance_type" {
51 |   description = "EC2 instance type"
52 |   type        = string
53 |   default     = "t2.large"
54 | }
55 | 
56 | variable "key_name" {
57 |   description = "EC2 keypair"
58 |   type        = string
59 |   default     = "gitopskey"
60 | }
61 | 
62 | variable "instance_name" {
63 |   description = "EC2 Instance name for the jumphost server"
64 |   type        = string
65 |   default     = "Jumphost-server"
66 | }
67 | #


--------------------------------------------------------------------------------
/terraform/vpc.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_vpc" "vpc" {
 2 |   cidr_block = "10.0.0.0/16"
 3 | 
 4 |   tags = {
 5 |     Name = var.vpc-name
 6 |   }
 7 | }
 8 | 
 9 | resource "aws_internet_gateway" "igw" {
10 |   vpc_id = aws_vpc.vpc.id
11 | 
12 |   tags = {
13 |     Name = var.igw-name
14 |   }
15 | }
16 | 
17 | resource "aws_subnet" "public-subnet" {
18 |   vpc_id                  = aws_vpc.vpc.id
19 |   cidr_block              = "10.0.1.0/24"
20 |   availability_zone       = "us-east-1a"
21 |   map_public_ip_on_launch = true
22 | 
23 |   tags = {
24 |     Name = var.subnet-name
25 |   }
26 | }
27 | 
28 | resource "aws_route_table" "rt" {
29 |   vpc_id = aws_vpc.vpc.id
30 |   route {
31 |     cidr_block = "0.0.0.0/0"
32 |     gateway_id = aws_internet_gateway.igw.id
33 |   }
34 | 
35 |   tags = {
36 |     Name = var.rt-name
37 |   }
38 | }
39 | 
40 | resource "aws_route_table_association" "rt-association" {
41 |   route_table_id = aws_route_table.rt.id
42 |   subnet_id      = aws_subnet.public-subnet.id
43 | }
44 | 
45 | resource "aws_security_group" "security-group" {
46 |   vpc_id      = aws_vpc.vpc.id
47 |   description = "Allowing Jenkins, Sonarqube, SSH Access"
48 | 
49 |   ingress = [
50 |     for port in [22, 8080, 9000, 9090, 80] : {
51 |       description      = "TLS from VPC"
52 |       from_port        = port
53 |       to_port          = port
54 |       protocol         = "tcp"
55 |       ipv6_cidr_blocks = ["::/0"]
56 |       self             = false
57 |       prefix_list_ids  = []
58 |       security_groups  = []
59 |       cidr_blocks      = ["0.0.0.0/0"]
60 |     }
61 |   ]
62 | 
63 |   egress {
64 |     from_port   = 0
65 |     to_port     = 0
66 |     protocol    = "-1"
67 |     cidr_blocks = ["0.0.0.0/0"]
68 |   }
69 | 
70 |   tags = {
71 |     Name = var.sg-name
72 |   }
73 | }


--------------------------------------------------------------------------------
/.github/workflows/terraform.yml:
--------------------------------------------------------------------------------
 1 | name: Cloudcore IAC
 2 | 
 3 | on:
 4 |     push:
 5 |       branches: 
 6 |         - master
 7 |       paths: 
 8 |         - terraform/**
 9 |     pull_request:
10 |       branches: 
11 |         - master
12 |       paths: 
13 |         - terraform/**
14 | env:
15 |     # credentials for deployment to AWS
16 |     AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
17 |     AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
18 |     # S3 bucket for the terraform state. 
19 |     BUCKET_TF_STATE: ${{ secrets.BUCKET_TF_STATE }}
20 |     AWS_REGION: us-east-1
21 | 
22 | jobs:
23 |     terraform:
24 |         name: "Apply terraform code changes"
25 |         runs-on: ubuntu-latest
26 |         defaults:
27 |             run:
28 |                 shell: bash
29 |                 working-directory: ./terraform
30 |         steps:
31 |         - name: Checkout source code 
32 |           uses: actions/checkout@v4
33 | 
34 |         - name: Setup Terraform with specified version on the runner
35 |           uses: hashicorp/setup-terraform@v3
36 | 
37 |         - name: Terraform Init
38 |           id: init
39 |           run: terraform init -backend-config "bucket=$BUCKET_TF_STATE"
40 | 
41 |         - name: Terraform Format
42 |           id: fmt
43 |           run: terraform fmt -check
44 |           continue-on-error: true 
45 | 
46 |         - name: Terraform Validate
47 |           id: validate
48 |           run: terraform validate
49 | 
50 |         - name: Terraform Plan
51 |           id: plan
52 |           run: terraform plan -no-color -input=false -out planfile
53 |           continue-on-error: true 
54 | 
55 |         - name: Terraform Plan Status 
56 |           if: steps.plan.outcome == 'failure'
57 |           run: exit 1
58 | 
59 |         - name: Terraform Apply
60 |           id: apply
61 |           if: github.ref == 'refs/heads/master' && github.event_name == 'push'
62 |           run: terraform apply -auto-approve -input=false -parallelism=1 planfile
63 | 
64 | 
65 | 
66 | 
67 |         


--------------------------------------------------------------------------------
/terraform/install-tools.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | # For Ubuntu 22.04
 3 | 
 4 | set -e # Exit script immediately on first error.
 5 | 
 6 | # Log all output to file
 7 | exec >> /var/log/init-script.log 2>&1
 8 | 
 9 | echo "Starting initialization script..."
10 | 
11 | # Update system
12 | sudo apt update -y
13 | 
14 | # Install Docker 
15 | sudo apt install docker.io -y
16 | sudo usermod -aG docker ubuntu
17 | sudo systemctl enable --now docker 
18 | 
19 | # Wait for Docker to initialize
20 | sleep 10
21 | 
22 | # Install AWS CLI
23 | curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
24 | sudo apt install unzip -y
25 | unzip awscliv2.zip
26 | sudo ./aws/install
27 | 
28 | # Install Kubectl
29 | sudo apt update
30 | sudo apt install curl -y
31 | sudo curl -LO "https://dl.k8s.io/release/v1.28.4/bin/linux/amd64/kubectl"
32 | sudo chmod +x kubectl
33 | sudo mv kubectl /usr/local/bin/
34 | kubectl version --client
35 | 
36 | # Install eksctl
37 | curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp
38 | sudo mv /tmp/eksctl /usr/local/bin
39 | eksctl version
40 | 
41 | # Install Terraform
42 | wget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
43 | echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
44 | sudo apt update
45 | sudo apt install terraform -y
46 | 
47 | # Install Trivy
48 | sudo apt-get install wget apt-transport-https gnupg lsb-release -y
49 | wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
50 | echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list
51 | sudo apt update
52 | sudo apt install trivy -y
53 | 
54 | # Install Argo CD with Kubectl
55 | kubectl create namespace argocd
56 | kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.4.7/manifests/install.yaml
57 | sudo apt install jq -y
58 | 
59 | # Installing Helm
60 | sudo snap install helm --classic
61 | 
62 | # Adding Helm repositories
63 | 
64 | helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
65 | helm repo add grafana https://grafana.github.io/helm-charts
66 | helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
67 | helm repo update
68 | 
69 | # Install Prometheus
70 | helm install prometheus prometheus-community/kube-prometheus-stack --namespace monitoring --create-namespace
71 | 
72 | # Install Grafana
73 | helm install grafana grafana/grafana --namespace monitoring --create-namespace
74 | 
75 | # Install ingress-nginx
76 | helm install ingress-nginx ingress-nginx/ingress-nginx
77 | 
78 | echo "Initialization script completed successfully."
79 | 
80 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | ![Terraform Version](https://img.shields.io/badge/Terraform-1.7.3-blue.svg)
  2 | # Terraform Configuration for AWS EKS Cluster
  3 | 
  4 | ## Overview
  5 | - This Terraform configuration sets up an AWS EKS (Elastic Kubernetes Service) Cluster.
  6 | - It includes configurations for providers, variables, main settings, a VPC, an EKS cluster, and outputs.
  7 | 
  8 | ## Requirements
  9 | - Terraform v1.6.3 or higher.
 10 | - AWS Provider version ~> 5.25.0.
 11 | - Additional providers: `random` (~> 3.5.1), `tls` (~> 4.0.4), `time` (~> 0.10.0), `cloudinit` (~> 2.3.2), `kubernetes` (>= 2.23.2).
 12 | 
 13 | ## Setup
 14 | - Backend: AWS S3 for state management.
 15 |   - Bucket: Specified in configuration (replace `<bucket-name>` with actual bucket name).
 16 |   - Key: `terraform.tfstate`.
 17 |   - Region: `us-east-1`.
 18 | 
 19 | ## Configuration Files
 20 | 1. `variables.tf`: Defines variables like AWS region and cluster name.
 21 |    - Default region: `us-east-1`.
 22 |    - Default cluster name: `quizapp-eks`.
 23 | 2. `main.tf`: Configures the Kubernetes and AWS providers.
 24 |    - Sets up the connection to the EKS cluster.
 25 | 3. `vpc.tf`: Sets up the VPC for the EKS cluster.
 26 |    - CIDR block: `10.20.0.0/16`.
 27 |    - Configures both private and public subnets.
 28 | 4. `eks-cluster.tf`: Configures the EKS cluster.
 29 |    - Cluster version: `1.29`.
 30 |    - Node groups: master and worker with specified instance types and sizes.
 31 | 5. `outputs.tf`: Outputs the cluster name, endpoint, region, and security group ID.
 32 | 
 33 | ## Usage
 34 | - Initialize Terraform: `terraform init`.
 35 | - Validate Terraform code: `terraform validate`.
 36 | - Plan Terraform: `terraform plan`.
 37 | - Apply configuration: `terraform apply`.
 38 | - Validate outputs after successful apply.
 39 | 
 40 | ## Notes
 41 | - Replace placeholder values (like `<bucket-name>`) with actual values.
 42 | - Ensure you have appropriate AWS permissions.
 43 | 
 44 | 
 45 | ## Additional Information 
 46 | 
 47 | # Terraform & AWS CLI Installation
 48 | 
 49 | ## A) Prerequisites
 50 | - Install Terraform CLI
 51 | - Install AWS CLI
 52 | - Install VS Code Editor - recommended for this course
 53 | - Install HashiCorp Terraform plugin for VS Code - recommended
 54 | 
 55 | 
 56 | ## B) MACOS - Terraform Install
 57 | - [Download Terraform MAC](https://www.terraform.io/downloads.html)
 58 | - [Install CLI](https://learn.hashicorp.com/tutorials/terraform/install-cli)
 59 | - Unzip the package
 60 | ```
 61 | # Copy binary zip file to a folder
 62 | mkdir /Users/<YOUR-USER>/Documents/terraform-install
 63 | COPY Package to "terraform-install" folder
 64 | 
 65 | # Unzip
 66 | unzip <PACKAGE-NAME>
 67 | unzip terraform_1.0.10_darwin_amd64.zip
 68 | 
 69 | # Copy terraform binary to /usr/local/bin
 70 | echo $PATH
 71 | mv terraform /usr/local/bin
 72 | 
 73 | # Verify Version
 74 | terraform version
 75 | 
 76 | # To Uninstall Terraform (NOT REQUIRED)
 77 | rm -rf /usr/local/bin/terraform
 78 | ```
 79 | 
 80 | ## C) MACOS - Install VSCode Editor and terraform plugin
 81 | - [Microsoft Visual Studio Code Editor](https://code.visualstudio.com/download)
 82 | - [Hashicorp Terraform Plugin for VS Code](https://marketplace.visualstudio.com/items?itemName=HashiCorp.terraform)
 83 | 
 84 | 
 85 | ### D) MACOS - Install AWS CLI
 86 | - [AWS CLI Install](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html)
 87 | - [Install AWS CLI - MAC](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-mac.html#cliv2-mac-install-cmd)
 88 | 
 89 | ```
 90 | # Install AWS CLI V2
 91 | curl "https://awscli.amazonaws.com/AWSCLIV2.pkg" -o "AWSCLIV2.pkg"
 92 | sudo installer -pkg AWSCLIV2.pkg -target /
 93 | which aws
 94 | aws --version
 95 | 
 96 | # Uninstall AWS CLI V2 (NOT REQUIRED)
 97 | which aws
 98 | ls -l /usr/local/bin/aws
 99 | sudo rm /usr/local/bin/aws
100 | sudo rm /usr/local/bin/aws_completer
101 | sudo rm -rf /usr/local/aws-cli
102 | ```
103 | 
104 | 
105 | ## E) MACOS - Configure AWS Credentials
106 | - **Pre-requisite:** Should have AWS Account.
107 |   - [Create an AWS Account](https://portal.aws.amazon.com/billing/signup?nc2=h_ct&src=header_signup&redirect_url=https%3A%2F%2Faws.amazon.com%2Fregistration-confirmation#/start)
108 | 
109 | - **Role**:
110 | -If your terraform server is in the cloud, then create a role and attach the role to your server.
111 | 
112 | 
113 | - Generate Security Credential s using AWS Management Console
114 |   - Go to Services -> IAM -> Users -> "Your-Admin-User" -> Security Credentials -> Create Access Key
115 | - Configure AWS credentials using SSH Terminal on your local desktop
116 | 
117 | # **Configure AWS Credentials in command line**
118 | ```
119 | $ aws configure
120 | AWS Access Key ID [None]: AKIASUF7DEFKSIAWMZ7K
121 | AWS Secret Access Key [None]: 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
122 | Default region name [None]: us-west-2
123 | Default output format [None]: json
124 | 
125 | # Verify if we are able list S3 buckets
126 | aws s3 ls
127 | ```
128 | - Verify the AWS Credentials Profile
129 | ```
130 | cat $HOME/.aws/credentials
131 | ```
132 | #**Command to reset your AWS credentials incase of a credentials error**:
133 | 
134 | $ for var in AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN AWS_SECURITY_TOKEN ; do eval unset $var ; done
135 | 
136 | ## F) Windows OS - Terraform & AWS CLI Install
137 | - [Download Terraform](https://www.terraform.io/downloads.html)
138 | - [Install CLI](https://learn.hashicorp.com/tutorials/terraform/install-cli)
139 | - Unzip the package
140 | - Create new folder `binaries`
141 | - Copy the `terraform.exe` to a `binaries`
142 | - Set PATH in windows
143 |    **How to set the windows path: Windows 8/10**
144 |           In Search, search for and then select:
145 |           System (Control Panel)
146 |           Click the Advanced system settings link.
147 |           Click Environment Variables.
148 |           In the section System Variables find the PATH environment variable and select it.
149 |           Click Edit. If the PATH environment variable does not exist, click New.
150 |           In the Edit System Variable (or New System Variable) window, specify the value of the PATH environment variable.
151 |           Click OK. Close all remaining windows by clicking OK.
152 | 
153 | - Install [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html)
154 | 
155 | ## Terraform install on windows using a packet manager
156 | -Install terraform on windows using the windows package manager(Use powershell and install as administrator).
157 |     **$ choco install terraform**
158 | 
159 | ## G) Linux OS - Terraform & AWS CLI Install
160 | - [Download Terraform](https://www.terraform.io/downloads.html)
161 | - [Linux OS - Terraform Install](https://learn.hashicorp.com/tutorials/terraform/install-cli)
162 | 
163 | # Install Terraform on Ubuntu:
164 |      $sudo apt-get update && sudo apt-get install -y gnupg software-properties-common curl
165 |      $curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -
166 |      $sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
167 |      $sudo apt-get update && sudo apt-get install terraform
168 | 
169 | # Install Terraform on RHEL:
170 |       **Install aws cli**
171 |       sudo yum update -y
172 |       sudo yum install curl unzip wget -y  
173 |       curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
174 |       unzip awscliv2.zip
175 |       sudo ./aws/install
176 | 
177 |       **Install Terraform**
178 |       a) *Download binary*
179 |       sudo yum update -y
180 |       sudo yum install wget unzip -y
181 |       sudo wget https://releases.hashicorp.com/terraform/1.4.4/terraform_1.1.4_linux_amd64.zip
182 |       sudo unzip terraform_1.1.4_linux_amd64.zip -d /usr/local/bin
183 |       terraform -v
184 | 
185 |       b) *Install from hashicorp repo*
186 |      sudo yum install -y yum-utils
187 |      sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo
188 |      sudo yum -y install terraform
189 | 


--------------------------------------------------------------------------------