├── .gitignore ├── README.md ├── _config.yml ├── aws ├── task-000-initialization-setup │ ├── .ReadMe_images │ │ ├── Add_user_screen.png │ │ ├── group_creation_screen.png │ │ └── review_screen.png │ └── ReadMe.md ├── task-001-vars-provider-ec2-dataSources │ ├── .ReadMe_images │ │ └── instance_details_screen.png │ ├── 00-vars.tf │ ├── 02-provider.tf │ ├── 05-instance.tf │ ├── ReadMe.md │ └── versions.tf ├── task-002-defaultVPC-sbnt-sg-kp-ec2 │ ├── 00-var.tf │ ├── 05-vpc.tf │ ├── 15-subnet.tf │ ├── 25-security-group.tf │ ├── 30-keypair.tf │ ├── 35-ec2-instance.tf │ └── README.md ├── task-003-defaultVPC-kp-sbnt-sg-ec2-script │ ├── .ReadMe_images │ │ ├── ec2_details_screen.png │ │ └── nginx_on_browser.png │ ├── 00-vars.tf │ ├── 05-provider.tf │ ├── 07-vpc.tf │ ├── 10-key-pair.tf │ ├── 15-subnet.tf │ ├── 20-security-group.tf │ ├── 25-instance.tf │ ├── ReadMe.md │ ├── script.sh │ └── versions.tf ├── task-004-vars-provider-ec2-output │ ├── 00-vars.tf │ ├── 05-provider.tf │ ├── 10-instance.tf │ ├── ReadMe.md │ ├── private_ips.txt │ └── versions.tf ├── task-005-vars-provider-ec2-remoteStateInS3 │ ├── .ReadMe_images │ │ ├── s3-bucket-creation-screen.png │ │ └── terraform-remote-state-on-s3.png │ ├── 00-vars.tf │ ├── 05-provider.tf │ ├── 10-instance.tf │ ├── 15-backend.tf │ ├── ReadMe.md │ └── versions.tf ├── task-006-defaultVPC-defaultSbnt-modules-kp │ ├── 00-vars.tf │ ├── 05-provider.tf │ ├── 10-default_vpc.tf │ ├── 15-modules.tf │ ├── 20-key.tf │ ├── ReadMe.md │ ├── mykey │ ├── mykey.pub │ └── versions.tf ├── task-007-customVPC-igw-sbnt-rt-sg-kp-ec2 │ ├── .README_images │ │ ├── CIDR_created_VPC.png │ │ ├── ec2_instance_screen.png │ │ ├── instance_tag_screen.png │ │ ├── internet_gateway_screen.png │ │ ├── login_ec2_dashboard.png │ │ ├── network_acl_screen.png │ │ ├── resources_screen.png │ │ ├── route_table_association.png │ │ ├── route_table_screen.png │ │ ├── security_groups_screen.png │ │ ├── subnet_screen.png │ │ ├── volumes_screen.png │ │ └── vpc_screen.png │ ├── 00-var.tf │ ├── 05-vpc.tf │ ├── 10-igw.tf │ ├── 15-subnet.tf │ ├── 20-route-tables.tf │ ├── 25-security-group.tf │ ├── 30-keypair.tf │ ├── 35-ec2-instance.tf │ ├── README.md │ └── versions.tf ├── task-008-customVPC-3PriSbnts-3PubSbnts-nat-igw-rt │ ├── 00-vars.tf │ ├── 05-provider.tf │ ├── 15-vpc.tf │ ├── 20-nat.tf │ ├── ReadMe.md │ └── versions.tf ├── task-009-customVPC-3PriSbnts-3PubSbnts-nat-igw-rt-ec2-ebs │ ├── 00-vars.tf │ ├── 05-provider.tf │ ├── 15-vpc.tf │ ├── 16-securitygroup.tf │ ├── 17-key.tf │ ├── 20-nat.tf │ ├── 25-instance.tf │ ├── ReadMe.md │ └── versions.tf ├── task-010-customVPC-3PriSbnts-3PubSbnts-nat-igw-rt-ec2-ebs-withMount │ ├── 00-vars.tf │ ├── 05-provider.tf │ ├── 15-vpc.tf │ ├── 16-securitygroup.tf │ ├── 17-key.tf │ ├── 20-nat.tf │ ├── 22-cloudinit.tf │ ├── 25-instance.tf │ ├── ReadMe.md │ ├── scripts │ │ ├── init.cfg │ │ └── volumes.sh │ └── versions.tf ├── task-011-route53 │ ├── 00-vars.tf │ ├── 05-provider.tf │ ├── 250-r53-devopslink_zone.tf │ ├── 30-output.tf │ ├── ReadMe.md │ └── versions.tf ├── task-012-rds-vpc-ec2 │ ├── 00-vars.tf │ ├── 05-provider.tf │ ├── 15-vpc.tf │ ├── 17-key.tf │ ├── 18-securitygroup.tf │ ├── 20-instance.tf │ ├── 25-rds.tf │ ├── 30-output.tf │ ├── ReadMe.md │ └── versions.tf ├── task-013-IAM │ ├── 00-vars.tf │ ├── 05-provider.tf │ ├── 10-iam.tf │ ├── ReadMe.md │ └── versions.tf ├── task-014-IAM-roles-s3-upload-to-s3 │ ├── 00-vars.tf │ ├── 05-provider.tf │ ├── 10-iam.tf │ ├── 15-vpc.tf │ ├── 17-key.tf │ ├── 18-securitygroup.tf │ ├── 20-instance.tf │ ├── 25-s3.tf │ ├── 30-output.tf │ ├── ReadMe.md │ └── versions.tf ├── task-015-autoscaling-cloudwatchAlarm-ec2-launchConfiguration │ ├── 00-vars.tf │ ├── 05-provider.tf │ ├── 15-vpc.tf │ ├── 17-key.tf │ ├── 18-securitygroup.tf │ ├── 20-autoscalingpolicy.tf │ ├── 25-autoscaling.tf │ ├── 30-sns.tf │ ├── ReadMe.md │ └── versions.tf ├── task-016-ELB-autoscaling │ ├── 00-vars.tf │ ├── 05-provider.tf │ ├── 15-vpc.tf │ ├── 17-key.tf │ ├── 18-securitygroup.tf │ ├── 19-elb.tf │ ├── 20-autoscaling.tf │ ├── 30-output.tf │ ├── ReadMe.md │ └── versions.tf ├── task-017-Elastic-Beanstalk │ ├── 00-vars.tf │ ├── 05-provider.tf │ ├── 10-iam.tf │ ├── 15-vpc.tf │ ├── 17-key.tf │ ├── 18-securitygroup.tf │ ├── 25-rds.tf │ ├── 28-elasticbeanstalk.tf │ ├── 30-output.tf │ ├── README │ ├── ReadMe.md │ └── versions.tf ├── task-018-create-ECR-repo │ ├── 00-vars.tf │ ├── 05-provider.tf │ ├── 15-ecr.tf │ ├── ReadMe.md │ ├── output.tf │ └── versions.tf ├── task-019-ECS │ ├── 00-vars.tf │ ├── 05-provider.tf │ ├── 10-iam.tf │ ├── 15-vpc.tf │ ├── 17-key.tf │ ├── 18-securitygroup.tf │ ├── 20-ecr.tf │ ├── 25-ecs.tf │ ├── 28-myapp.tf │ ├── 30-output.tf │ ├── templates │ │ └── app.json.tpl │ └── versions.tf ├── task-020-s3-iam-using-modules │ ├── ReadMe.md │ └── s3-bucket.tf ├── task-021-k8s-cluster-typhoon │ ├── .ReadMe_images │ │ ├── auto-scaling-groups.png │ │ ├── instances-created.png │ │ ├── launch-configuration.png │ │ ├── lb-created.png │ │ ├── r53-records.png │ │ ├── route-tables.png │ │ ├── subnets-created.png │ │ ├── target-groups-health.png │ │ ├── target-groups.png │ │ └── vpc-created.png │ ├── 00-vars.tf │ ├── 05-provider.tf │ ├── 25-cluster.tf │ ├── 30-output.tf │ └── ReadMe.md ├── task-022-route53-ec2 │ ├── .ReadMe_images │ │ ├── ec2-instance.png │ │ ├── hosted-zone-window.png │ │ └── nameservers-config-window.png │ ├── 00-vars.tf │ ├── 05-instance.tf │ ├── 05-provider.tf │ ├── 10-route53.tf │ ├── 250-r53-devopslink_zone.tf │ ├── 30-output.tf │ ├── ReadMe.md │ └── versions.tf ├── task-023-terragrunt-ec2 │ ├── 00-vars.tf │ ├── 05-provider.tf │ ├── 10-ec2.tf │ ├── ReadMe.md │ └── run.sh ├── task-024-certificate-manager │ └── ReadMe.md ├── task-025-terragrunt-iam-user │ ├── 00-vars.tf │ ├── 05-provider.tf │ ├── 10-iam-user.tf │ ├── ReadMe.md │ └── run.sh ├── task-026-terragrunt-s3-bucket │ ├── 00-vars.tf │ ├── 05-provider.tf │ ├── 10-s3-bucket.tf │ ├── ReadMe.md │ ├── hello.txt │ └── run.sh └── task-027-terragrunt-cdn │ ├── 00-vars.tf │ ├── 05-provider.tf │ ├── 10-cdn.tf │ ├── ReadMe.md │ ├── index.html │ ├── run.sh │ └── secret.tfvars.example ├── credentials.txt.example ├── task-000-commands └── ReadMe.md ├── task-001-doc-references └── ReadMe.md └── task-002-tutorial-links └── ReadMe.md /.gitignore: -------------------------------------------------------------------------------- 1 | # Created by .ignore support plugin (hsz.mobi) 2 | .idea/ 3 | .aws-credentials 4 | .terraform 5 | *terraform.tfvars 6 | *.tfstate 7 | *.tfstate.backup 8 | *.terraform.tfstate.lock.info 9 | credentials.txt 10 | .terraform.lock.hcl 11 | *.tfvars 12 | 13 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # terraform-kitchen 2 | 3 | - [commands](task-000-commands/ReadMe.md) 4 | - [terraform doc references](task-001-doc-references/ReadMe.md) 5 | - [task-002-tutorial-links](task-002-tutorial-links/ReadMe.md) 6 | 7 | ## AWS 8 | 9 | - [task-000, initialization-setup](aws/task-000-initialization-setup) 10 | - [task-001, vars, provider, ec2, dataSources](aws/task-001-vars-provider-ec2-dataSources) 11 | - [task-002, default, vpc, subnet, security group, keypair, ec2](aws/task-002-defaultVPC-sbnt-sg-kp-ec2) 12 | - [task-003, default vpc, subnet, security group, keypair, ec2, script](aws/task-003-defaultVPC-kp-sbnt-sg-ec2-script) 13 | - [task-004, vars, provider, ec2, output](aws/task-004-vars-provider-ec2-output) 14 | - [task-005, vars, provider, ec2, terraformRemoteStateInS3](aws/task-005-vars-provider-ec2-remoteStateInS3) 15 | - [task-006-defaultVPC-defaultSbnt-modules-kp](aws/task-006-defaultVPC-defaultSbnt-modules-kp) 16 | - [task-007-customVPC-igw-sbnt-rt-sg-kp-ec2](aws/task-007-customVPC-igw-sbnt-rt-sg-kp-ec2) 17 | - [task-008-customVPC-3PriSbnts-3PubSbnts-nat-igw-rt](aws/task-008-customVPC-3PriSbnts-3PubSbnts-nat-igw-rt) 18 | - [task-009-customVPC-3PriSbnts-3PubSbnts-nat-igw-rt-ec2-ebs](aws/task-009-customVPC-3PriSbnts-3PubSbnts-nat-igw-rt-ec2-ebs) 19 | - [task-010-customVPC-3PriSbnts-3PubSbnts-nat-igw-rt-ec2-ebs-withMount/versions.tf](aws/task-010-customVPC-3PriSbnts-3PubSbnts-nat-igw-rt-ec2-ebs-withMount) 20 | - [task-011-route53](aws/task-011-route53) 21 | - [task-012-rds-vpc-ec2](aws/task-012-rds-vpc-ec2) 22 | - [task-013-IAM](aws/task-013-IAM) 23 | - [task-014-IAM-roles-s3-upload-to-s3](aws/task-014-IAM-roles-s3-upload-to-s3) 24 | - [task-015-autoscaling-cloudwatchAlarm-ec2-launchConfiguration](aws/task-015-autoscaling-cloudwatchAlarm-ec2-launchConfiguration) 25 | - [task-016-ELB-autoscaling](aws/task-016-ELB-autoscaling) 26 | - [task-017-Elastic-Beanstalk](aws/task-017-Elastic-Beanstalk) 27 | - [task-018-create-ECR-repo](aws/task-018-create-ECR-repo) 28 | - [IN-PROGRESS-task19-ECS-example](aws/task-019-ECS) 29 | - [task-020-s3-iam-using-modules](aws/task-020-s3-iam-using-modules) 30 | - [task-021-k8s-using-typhoon](aws/task-021-k8s-cluster-typhoon) 31 | - [task-022-route53-ec2](aws/task-022-route53-ec2) 32 | - [task-024-certificate-manager](aws/task-024-certificate-manager) 33 | 34 | ### Terragrunt Implementation 35 | 36 | - [task-023-terragrunt-ec2](aws/task-023-terragrunt-ec2) 37 | - [task-025-terragrunt-iam-user](aws/task-025-terragrunt-iam-user) 38 | - [task-026-terragrunt-s3-bucket](aws/task-026-terragrunt-s3-bucket) 39 | - [task-027-terragrunt-cdn](aws/task-027-terragrunt-cdn) 40 | 41 | 42 | ### Frequently visited 43 | - [Amazon EC2 AMI Locator](http://cloud-images.ubuntu.com/locator/ec2/) 44 | 45 | 46 | -------------------------------------------------------------------------------- /_config.yml: -------------------------------------------------------------------------------- 1 | theme: jekyll-theme-hacker -------------------------------------------------------------------------------- /aws/task-000-initialization-setup/.ReadMe_images/Add_user_screen.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codeaprendiz/learn_terraform/eda51b8c8c077fbea5b79cc0082441b710c44ebd/aws/task-000-initialization-setup/.ReadMe_images/Add_user_screen.png -------------------------------------------------------------------------------- /aws/task-000-initialization-setup/.ReadMe_images/group_creation_screen.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codeaprendiz/learn_terraform/eda51b8c8c077fbea5b79cc0082441b710c44ebd/aws/task-000-initialization-setup/.ReadMe_images/group_creation_screen.png -------------------------------------------------------------------------------- /aws/task-000-initialization-setup/.ReadMe_images/review_screen.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codeaprendiz/learn_terraform/eda51b8c8c077fbea5b79cc0082441b710c44ebd/aws/task-000-initialization-setup/.ReadMe_images/review_screen.png -------------------------------------------------------------------------------- /aws/task-000-initialization-setup/ReadMe.md: -------------------------------------------------------------------------------- 1 | # Initialization Setup 2 | 3 | - Create a user `terraform` by navigating _Login to AWS_ -> _IAM_ -> _Users_ -> _Add User_ 4 | 5 | ![](.ReadMe_images/Add_user_screen.png) 6 | 7 | - Create a group `terraform-administrators` 8 | 9 | ![](.ReadMe_images/group_creation_screen.png) 10 | 11 | - Review screen 12 | 13 | ![](.ReadMe_images/review_screen.png) 14 | 15 | - Download the `credentials.csv` containing `Access key ID` and `Secret access key` 16 | 17 | - These values can be used in the following ways 18 | 19 | 1) Export the values of `Access key ID` and `Secret access key` as showing below in your 20 | current shell. 21 | 22 | ```bash 23 | export AWS_ACCESS_KEY_ID=YOUR_ACCESS_KEY_ID 24 | export AWS_SECRET_ACCESS_KEY=YOUR_SECRET_ACCESS_KEY 25 | ``` 26 | 27 | - Now you can run the `terrform` commands in the same shell session. 28 | 29 | 2) Add these values to the file `terraform.tfvars` in project directory DEFINATELY ADD IT TO `.gitignore` 30 | file. NEVER NEVER NEVER commit `terraform.tfvars` this file to git repository (as it contains you access 31 | key id and secret access key) 32 | 33 | ```bash 34 | $ cat terraform.tfvars 35 | AWS_ACCESS_KEY = "YOUR_ACCESS_KEY_ID" 36 | AWS_SECRET_KEY = "YOUR_SECRET_ACCESS_KEY" 37 | ``` 38 | 39 | - Now while running `terraform` commands you will have to pass this file as argument at the end like 40 | shown below 41 | ```bash 42 | $ terraform apply -var-file=../../terraform.tfvars 43 | ``` 44 | 45 | 46 | # Configuring AWS CLI 47 | 48 | ```bash 49 | $ aws configure 50 | AWS Access Key ID [None]: ********************** 51 | AWS Secret Access Key [None]: ************************ 52 | Default region name [None]: us-east-1 53 | Default output format [None]: 54 | ``` -------------------------------------------------------------------------------- /aws/task-001-vars-provider-ec2-dataSources/.ReadMe_images/instance_details_screen.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codeaprendiz/learn_terraform/eda51b8c8c077fbea5b79cc0082441b710c44ebd/aws/task-001-vars-provider-ec2-dataSources/.ReadMe_images/instance_details_screen.png -------------------------------------------------------------------------------- /aws/task-001-vars-provider-ec2-dataSources/00-vars.tf: -------------------------------------------------------------------------------- 1 | variable "AWS_ACCESS_KEY" { 2 | } 3 | 4 | variable "AWS_SECRET_KEY" { 5 | } 6 | 7 | variable "AWS_REGION" { 8 | default = "us-east-1" 9 | } 10 | 11 | variable "instance_type" { 12 | description = "type for aws EC2 instance" 13 | default = "t2.micro" 14 | } 15 | 16 | 17 | 18 | -------------------------------------------------------------------------------- /aws/task-001-vars-provider-ec2-dataSources/02-provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | access_key = var.AWS_ACCESS_KEY 3 | secret_key = var.AWS_SECRET_KEY 4 | region = var.AWS_REGION 5 | } 6 | 7 | -------------------------------------------------------------------------------- /aws/task-001-vars-provider-ec2-dataSources/05-instance.tf: -------------------------------------------------------------------------------- 1 | data "aws_ami" "ubuntu" { 2 | most_recent = true 3 | 4 | filter { 5 | name = "name" 6 | values = ["ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*"] 7 | } 8 | 9 | filter { 10 | name = "virtualization-type" 11 | values = ["hvm"] 12 | } 13 | 14 | owners = ["099720109477"] # Canonical 15 | } 16 | 17 | resource "aws_instance" "web" { 18 | ami = data.aws_ami.ubuntu.id 19 | instance_type = "t2.micro" 20 | 21 | tags = { 22 | Name = "HelloWorld" 23 | } 24 | } -------------------------------------------------------------------------------- /aws/task-001-vars-provider-ec2-dataSources/ReadMe.md: -------------------------------------------------------------------------------- 1 | ## OBJECTIVE : 2 | - To create an EC2 instance using resource 3 | - To use the data source [aws_ami](https://www.terraform.io/docs/providers/aws/d/ami.html) to get the AMI ID 4 | of the instance we want to create 5 | 6 | 7 | 8 | ## The following commands will be executed. 9 | 10 | - Initialization 11 | 12 | ```bash 13 | $ terraform init -var-file=../../terraform.tfvars 14 | ``` 15 | 16 | - Planning 17 | 18 | ```bash 19 | $ terraform plan -var-file=../../terraform.tfvars 20 | ... 21 | Plan: 1 to add, 0 to change, 0 to destroy. 22 | ... 23 | ``` 24 | 25 | - Apply 26 | ```bash 27 | $ terraform apply -var-file=../../terraform.tfvars 28 | ... 29 | Enter a value: yes 30 | ... 31 | Apply complete! Resources: 1 added, 0 changed, 0 destroyed. 32 | ``` 33 | 34 | - Verifying the instance created by logging into the console 35 | 36 | ![](.ReadMe_images/instance_details_screen.png) 37 | 38 | 39 | - Destroy 40 | ```bash 41 | $ terraform destroy -var-file=../../terraform.tfvars 42 | ... 43 | Enter a value: yes 44 | ... 45 | Destroy complete! Resources: 1 destroyed. 46 | ``` -------------------------------------------------------------------------------- /aws/task-001-vars-provider-ec2-dataSources/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /aws/task-002-defaultVPC-sbnt-sg-kp-ec2/00-var.tf: -------------------------------------------------------------------------------- 1 | // from ENV 2 | 3 | 4 | 5 | variable "availability_zone" { 6 | description = "availability zone to create subnet" 7 | default = "us-east-2a" 8 | } 9 | variable "public_key_path" { 10 | description = "Public key path" 11 | default = "~/.ssh/id_rsa.pub" 12 | } 13 | variable "instance_ami" { 14 | description = "AMI for aws EC2 instance" 15 | default = "ami-0cf31d971a3ca20d6" 16 | } 17 | variable "instance_type" { 18 | description = "type for aws EC2 instance" 19 | default = "t2.micro" 20 | } 21 | variable "environment_tag" { 22 | description = "Environment tag" 23 | default = "Production" 24 | } -------------------------------------------------------------------------------- /aws/task-002-defaultVPC-sbnt-sg-kp-ec2/05-vpc.tf: -------------------------------------------------------------------------------- 1 | 2 | 3 | //https://www.terraform.io/docs/providers/aws/r/default_vpc.html 4 | 5 | resource "aws_default_vpc" "default" { 6 | tags = { 7 | Name = "Default VPC" 8 | } 9 | } 10 | 11 | -------------------------------------------------------------------------------- /aws/task-002-defaultVPC-sbnt-sg-kp-ec2/15-subnet.tf: -------------------------------------------------------------------------------- 1 | // https://www.terraform.io/docs/providers/aws/r/default_subnet.html 2 | 3 | resource "aws_default_subnet" "default_az1" { 4 | availability_zone = var.availability_zone 5 | 6 | tags = { 7 | Name = "Default subnet for us-east-2a" 8 | } 9 | } -------------------------------------------------------------------------------- /aws/task-002-defaultVPC-sbnt-sg-kp-ec2/25-security-group.tf: -------------------------------------------------------------------------------- 1 | // Once we have our networking setup ready, we need to create an EC2 instance in which we can SSH using port 22. 2 | // For this, we first need to create a security group which can be attached to our EC2 instance while creation. 3 | 4 | resource "aws_security_group" "sg_22" { 5 | name = "sg_22" 6 | vpc_id = aws_default_vpc.default.id 7 | ingress { 8 | from_port = 22 9 | to_port = 22 10 | protocol = "tcp" 11 | cidr_blocks = ["0.0.0.0/0"] 12 | } 13 | ingress { 14 | from_port = 443 15 | to_port = 443 16 | protocol = "tcp" 17 | cidr_blocks = ["0.0.0.0/0"] 18 | } 19 | ingress { 20 | from_port = 80 21 | to_port = 80 22 | protocol = "tcp" 23 | 24 | cidr_blocks = ["0.0.0.0/0"] 25 | } 26 | egress { 27 | from_port = 0 28 | to_port = 0 29 | protocol = "-1" 30 | cidr_blocks = ["0.0.0.0/0"] 31 | } 32 | tags = { 33 | Environment = var.environment_tag 34 | } 35 | } -------------------------------------------------------------------------------- /aws/task-002-defaultVPC-sbnt-sg-kp-ec2/30-keypair.tf: -------------------------------------------------------------------------------- 1 | // Let’s create a key pair which we are going to use to SSH on our EC2 2 | 3 | resource "aws_key_pair" "ec2key" { 4 | key_name = "publicKey" 5 | public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDLmviSRpF6tvGLpMExQZ94I9mqhVtINyjH1rEeDwSPB+1v00P608klF++uhRvREUyNID/i2w1cwjOi9H1isoZNoVaSKdiVIqEIp2HaIhTtKTo+NqVCdIeQXnwK2bS/OeIVScYn6YZjPAcWgMk0GH1q9zIn+sz1own3QxD4qysvoqN5bD9BxsDboLxKw803jJlcjRiSrdWbmEOoIXrEbv9t99ZxsYLIDIDZJskiAcvqKEywt+dRpvM/49c3pJ5JVluNNJypTObM2GI4piC1TcOL6xMgs+UsbDgEsHPYHXZnYENX/GGXYJcdDITCtMHap8O33EvOh5piIXHF6kQEgXDRCE61AEWnHQeGERJtTqlCiBAUUDNzAHt9UjZJVmioLJ+vLeW9M3KjUCh5MWxZ7hIJ7xvLxermNlRahzTlaGLhvkiyoaUyuh+qhpBIfCv7lioLaagv9jegc6AErMqDGFgPieJh479z+QqagPODwP0UB0jt07b7V/3csImEiy1aKY2wOQriXCkcAnSvKuAuiT2a2gOfPMJlzVd8hLrA2f5YuLWLm8p8rLXvkNSJ8YKNbQx1z5pII9R54YEOixjgp9bDNJL39ekrxlzLj72gpWg+AF+FFVNJ4gfZDjBSxUbkPhox7jhIV4DOCvc6W5uLkCXe62R9aNn1/Hkxcq99eoen1w== codeaprendiz@gmail.com" 6 | } -------------------------------------------------------------------------------- /aws/task-002-defaultVPC-sbnt-sg-kp-ec2/35-ec2-instance.tf: -------------------------------------------------------------------------------- 1 | // Once everything is ready, let us start an EC2 instance within our public subnet with created key pair and security group. 2 | 3 | data "aws_ami" "ubuntu-bionic-latest" { 4 | most_recent = true 5 | 6 | filter { 7 | name = "name" 8 | values = [ 9 | "ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-*" 10 | ] 11 | } 12 | 13 | filter { 14 | name = "virtualization-type" 15 | values = ["hvm"] 16 | } 17 | 18 | owners = ["099720109477"] # Canonical 19 | } 20 | 21 | 22 | // Login with ubuntu@PUBLIC_IP 23 | resource "aws_instance" "web" { 24 | ami = data.aws_ami.ubuntu-bionic-latest.id 25 | instance_type = var.instance_type 26 | subnet_id = aws_default_subnet.default_az1.id 27 | vpc_security_group_ids = [aws_security_group.sg_22.id] 28 | key_name = aws_key_pair.ec2key.key_name 29 | 30 | tags = { 31 | Name = "DroneCI" 32 | } 33 | } 34 | 35 | -------------------------------------------------------------------------------- /aws/task-002-defaultVPC-sbnt-sg-kp-ec2/README.md: -------------------------------------------------------------------------------- 1 | ## OBJECTIVE : 2 | - To use the default VPC with attached internet gateway. 3 | - Use the default subnet. 4 | - Create security group (for ssh) and keypair (for ssh) 5 | - Start ubuntu instance and login into the instance. 6 | 7 | #### Before executing you should have created AWS_ACCESS_KEY_ID AND AWS_SECRET_ACCESS_KEY with administrative privileges. 8 | 9 | - Export the keys in your current shell by using following commands 10 | 11 | ```bash 12 | export AWS_ACCESS_KEY_ID=YOUR_ACCESS_KEY_ID 13 | export AWS_SECRET_ACCESS_KEY=YOUR_SECRET_ACCESS_KEY 14 | ``` 15 | 16 | #### The following sequence of commands will be executed. 17 | > terraform init 18 | 19 | ```bash 20 | $ terraform init 21 | ``` 22 | 23 | > terraform plan 24 | ```bash 25 | $ terraform plan 26 | provider.aws.region 27 | The region where AWS operations will take place. Examples 28 | are us-east-1, us-west-2, etc. 29 | 30 | Enter a value: us-east-2 31 | . 32 | . 33 | . 34 | Plan: 5 to add, 0 to change, 0 to destroy. 35 | 36 | ------------------------------------------------------------------------ 37 | ``` 38 | 39 | > terraform apply 40 | 41 | ```bash 42 | $ terraform apply 43 | . 44 | . 45 | . 46 | Apply complete! Resources: 5 added, 0 changed, 0 destroyed. 47 | ``` 48 | 49 | - Login into the instance 50 | ```bash 51 | $ ssh ubuntu@3.12.166.210 52 | . 53 | . 54 | . 55 | ubuntu@ip-172-31-7-16:~$ 56 | ``` -------------------------------------------------------------------------------- /aws/task-003-defaultVPC-kp-sbnt-sg-ec2-script/.ReadMe_images/ec2_details_screen.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codeaprendiz/learn_terraform/eda51b8c8c077fbea5b79cc0082441b710c44ebd/aws/task-003-defaultVPC-kp-sbnt-sg-ec2-script/.ReadMe_images/ec2_details_screen.png -------------------------------------------------------------------------------- /aws/task-003-defaultVPC-kp-sbnt-sg-ec2-script/.ReadMe_images/nginx_on_browser.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codeaprendiz/learn_terraform/eda51b8c8c077fbea5b79cc0082441b710c44ebd/aws/task-003-defaultVPC-kp-sbnt-sg-ec2-script/.ReadMe_images/nginx_on_browser.png -------------------------------------------------------------------------------- /aws/task-003-defaultVPC-kp-sbnt-sg-ec2-script/00-vars.tf: -------------------------------------------------------------------------------- 1 | variable "AWS_ACCESS_KEY" { 2 | } 3 | 4 | variable "AWS_SECRET_KEY" { 5 | } 6 | 7 | variable "AWS_REGION" { 8 | default = "us-east-1" 9 | } 10 | 11 | variable "availability_zone" { 12 | description = "availability zone to create subnet" 13 | default = "us-east-1a" 14 | } 15 | 16 | variable "instance_type" { 17 | description = "type for aws EC2 instance" 18 | default = "t2.micro" 19 | } 20 | 21 | 22 | variable "PATH_TO_PRIVATE_KEY" { 23 | description = "Private key path" 24 | default = "~/.ssh/id_rsa" 25 | } 26 | 27 | variable "PATH_TO_PUBLIC_KEY" { 28 | description = "Public key path" 29 | default = "~/.ssh/id_rsa.pub" 30 | } 31 | 32 | 33 | variable "INSTANCE_USERNAME" { 34 | default = "ubuntu" 35 | } 36 | 37 | variable "environment_tag" { 38 | description = "Environment tag" 39 | default = "Development" 40 | } 41 | 42 | 43 | 44 | -------------------------------------------------------------------------------- /aws/task-003-defaultVPC-kp-sbnt-sg-ec2-script/05-provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | access_key = var.AWS_ACCESS_KEY 3 | secret_key = var.AWS_SECRET_KEY 4 | region = var.AWS_REGION 5 | } 6 | 7 | -------------------------------------------------------------------------------- /aws/task-003-defaultVPC-kp-sbnt-sg-ec2-script/07-vpc.tf: -------------------------------------------------------------------------------- 1 | 2 | 3 | //https://www.terraform.io/docs/providers/aws/r/default_vpc.html 4 | 5 | resource "aws_default_vpc" "default" { 6 | tags = { 7 | Name = "Default VPC" 8 | } 9 | } 10 | 11 | -------------------------------------------------------------------------------- /aws/task-003-defaultVPC-kp-sbnt-sg-ec2-script/10-key-pair.tf: -------------------------------------------------------------------------------- 1 | resource "aws_key_pair" "mykey" { 2 | key_name = "mykey" 3 | public_key = file(var.PATH_TO_PUBLIC_KEY) 4 | } -------------------------------------------------------------------------------- /aws/task-003-defaultVPC-kp-sbnt-sg-ec2-script/15-subnet.tf: -------------------------------------------------------------------------------- 1 | // https://www.terraform.io/docs/providers/aws/r/default_subnet.html 2 | 3 | resource "aws_default_subnet" "default_az1" { 4 | availability_zone = var.availability_zone 5 | 6 | tags = { 7 | Name = "Default subnet for us-east-1a" 8 | } 9 | } -------------------------------------------------------------------------------- /aws/task-003-defaultVPC-kp-sbnt-sg-ec2-script/20-security-group.tf: -------------------------------------------------------------------------------- 1 | // Once we have our networking setup ready, we need to create an EC2 instance in which we can SSH using port 22. 2 | // For this, we first need to create a security group which can be attached to our EC2 instance while creation. 3 | 4 | resource "aws_security_group" "sg_22" { 5 | name = "sg_22" 6 | vpc_id = aws_default_vpc.default.id 7 | ingress { 8 | from_port = 22 9 | to_port = 22 10 | protocol = "tcp" 11 | cidr_blocks = ["0.0.0.0/0"] 12 | } 13 | ingress { 14 | from_port = 443 15 | to_port = 443 16 | protocol = "tcp" 17 | cidr_blocks = ["0.0.0.0/0"] 18 | } 19 | ingress { 20 | from_port = 80 21 | to_port = 80 22 | protocol = "tcp" 23 | 24 | cidr_blocks = ["0.0.0.0/0"] 25 | } 26 | egress { 27 | from_port = 0 28 | to_port = 0 29 | protocol = "-1" 30 | cidr_blocks = ["0.0.0.0/0"] 31 | } 32 | tags = { 33 | Environment = var.environment_tag 34 | } 35 | } -------------------------------------------------------------------------------- /aws/task-003-defaultVPC-kp-sbnt-sg-ec2-script/25-instance.tf: -------------------------------------------------------------------------------- 1 | data "aws_ami" "ubuntu" { 2 | most_recent = true 3 | 4 | filter { 5 | name = "name" 6 | values = ["ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*"] 7 | } 8 | 9 | filter { 10 | name = "virtualization-type" 11 | values = ["hvm"] 12 | } 13 | 14 | owners = ["099720109477"] # Canonical 15 | } 16 | 17 | resource "aws_instance" "web" { 18 | ami = data.aws_ami.ubuntu.id 19 | instance_type = "t2.micro" 20 | key_name = aws_key_pair.mykey.key_name 21 | subnet_id = aws_default_subnet.default_az1.id 22 | vpc_security_group_ids = [aws_security_group.sg_22.id] 23 | provisioner "file" { 24 | source = "script.sh" 25 | destination = "/tmp/script.sh" 26 | } 27 | 28 | provisioner "remote-exec" { 29 | inline = [ 30 | "chmod +x /tmp/script.sh", 31 | "sudo /tmp/script.sh", 32 | ] 33 | } 34 | connection { 35 | host = coalesce(self.public_ip, self.private_ip) 36 | type = "ssh" 37 | user = var.INSTANCE_USERNAME 38 | private_key = file(var.PATH_TO_PRIVATE_KEY) 39 | } 40 | tags = { 41 | Name = "HelloWorld" 42 | } 43 | } -------------------------------------------------------------------------------- /aws/task-003-defaultVPC-kp-sbnt-sg-ec2-script/ReadMe.md: -------------------------------------------------------------------------------- 1 | ## OBJECTIVE : 2 | - To use the default VPC with attached internet gateway. 3 | - Use the default subnet. 4 | - Create security group (for ssh, for http default port 80) and keypair (for ssh) 5 | - Start ubuntu instance and login into the instance. 6 | - Copy custom script `script.sh` to the instance and execute it 7 | - Install nginx via `script.sh` execution. Visit the public of instance and check if nginx is installed. 8 | 9 | 10 | ### Initialization 11 | 12 | ```bash 13 | $ terraform init 14 | ... 15 | ``` 16 | 17 | ### Plan 18 | ```bash 19 | $ terraform plan -var-file=../../terraform.tfvars 20 | Refreshing Terraform state in-memory prior to plan.. 21 | ... 22 | Plan: 5 to add, 0 to change, 0 to destroy. 23 | ... 24 | ``` 25 | 26 | ### Apply 27 | 28 | ```bash 29 | $ terraform apply -var-file=../../terraform.tfvars 30 | data.aws_ami.ubuntu: Refreshing state... 31 | ... 32 | Enter a value: yes 33 | ... 34 | aws_security_group.sg_22: Creation complete after 9s [id=sg-09aa504274998a975] 35 | aws_instance.web: Creating... 36 | ... 37 | aws_instance.web: Still creating... [30s elapsed] 38 | aws_instance.web: Provisioning with 'file'... 39 | aws_instance.web: Still creating... [40s elapsed] 40 | aws_instance.web: Provisioning with 'remote-exec'... 41 | aws_instance.web (remote-exec): Connecting to remote host via SSH... 42 | aws_instance.web (remote-exec): Host: 3.82.139.227 43 | aws_instance.web (remote-exec): User: ubuntu 44 | aws_instance.web (remote-exec): Password: false 45 | aws_instance.web (remote-exec): Private key: true 46 | aws_instance.web (remote-exec): Certificate: false 47 | aws_instance.web (remote-exec): SSH Agent: true 48 | aws_instance.web (remote-exec): Checking Host Key: false 49 | aws_instance.web (remote-exec): Connected! 50 | aws_instance.web (remote-exec): 0% [Working] 51 | ... 52 | aws_instance.web (remote-exec): 100% [Connecting to security.ubuntu.com] 53 | ... 54 | aws_instance.web (remote-exec): The following extra packages will be installed: 55 | aws_instance.web (remote-exec): fontconfig-config fonts-dejavu-core libfontconfig1 libgd3 libjbig0 56 | aws_instance.web (remote-exec): libjpeg-turbo8 libjpeg8 libtiff5 libvpx1 libxpm4 libxslt1.1 nginx-common 57 | aws_instance.web (remote-exec): nginx-core 58 | ... 59 | Apply complete! Resources: 5 added, 0 changed, 0 destroyed. 60 | ``` 61 | 62 | ### Login into console and Verifying 63 | 64 | - EC2 instance screen 65 | ![](.ReadMe_images/ec2_details_screen.png) 66 | 67 | 68 | - Visiting the Public IP and check if nginx is running 69 | 70 | ![](.ReadMe_images/nginx_on_browser.png) 71 | 72 | 73 | - Logging into the instance 74 | ```bash 75 | $ ssh ubuntu@3.82.139.227 76 | ... 77 | ubuntu@ip-172-31-82-175:~$ 78 | ubuntu@ip-172-31-82-175:~$ ps -ef | grep nginx 79 | root 2143 1 0 21:24 ? 00:00:00 nginx: master process /usr/sbin/nginx 80 | www-data 2144 2143 0 21:24 ? 00:00:00 nginx: worker process 81 | www-data 2145 2143 0 21:24 ? 00:00:00 nginx: worker process 82 | www-data 2146 2143 0 21:24 ? 00:00:00 nginx: worker process 83 | www-data 2147 2143 0 21:24 ? 00:00:00 nginx: worker process 84 | ``` 85 | 86 | ### Destroying resources 87 | ```bash 88 | $ terraform destroy -var-file=../../terraform.tfvars 89 | ... 90 | Destroy complete! Resources: 5 destroyed. 91 | ``` -------------------------------------------------------------------------------- /aws/task-003-defaultVPC-kp-sbnt-sg-ec2-script/script.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # sleep until instance is ready 4 | until [[ -f /var/lib/cloud/instance/boot-finished ]]; do 5 | sleep 1 6 | done 7 | 8 | # install nginx 9 | apt-get update 10 | apt-get -y install nginx 11 | 12 | # make sure nginx is started 13 | service nginx start 14 | -------------------------------------------------------------------------------- /aws/task-003-defaultVPC-kp-sbnt-sg-ec2-script/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /aws/task-004-vars-provider-ec2-output/00-vars.tf: -------------------------------------------------------------------------------- 1 | variable "AWS_ACCESS_KEY" { 2 | } 3 | 4 | variable "AWS_SECRET_KEY" { 5 | } 6 | 7 | variable "AWS_REGION" { 8 | default = "us-east-1" 9 | } 10 | 11 | variable "instance_type" { 12 | description = "type for aws EC2 instance" 13 | default = "t2.micro" 14 | } 15 | 16 | 17 | -------------------------------------------------------------------------------- /aws/task-004-vars-provider-ec2-output/05-provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | access_key = var.AWS_ACCESS_KEY 3 | secret_key = var.AWS_SECRET_KEY 4 | region = var.AWS_REGION 5 | } 6 | 7 | -------------------------------------------------------------------------------- /aws/task-004-vars-provider-ec2-output/10-instance.tf: -------------------------------------------------------------------------------- 1 | data "aws_ami" "ubuntu" { 2 | most_recent = true 3 | 4 | filter { 5 | name = "name" 6 | values = ["ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*"] 7 | } 8 | 9 | filter { 10 | name = "virtualization-type" 11 | values = ["hvm"] 12 | } 13 | 14 | owners = ["099720109477"] # Canonical 15 | } 16 | 17 | resource "aws_instance" "web" { 18 | ami = data.aws_ami.ubuntu.id 19 | instance_type = "t2.micro" 20 | 21 | provisioner "local-exec" { 22 | command = "echo ${aws_instance.web.private_ip} >> private_ips.txt" 23 | } 24 | tags = { 25 | Name = "HelloWorld" 26 | } 27 | } 28 | 29 | 30 | output "ip" { 31 | value = aws_instance.web.public_ip 32 | } 33 | 34 | -------------------------------------------------------------------------------- /aws/task-004-vars-provider-ec2-output/ReadMe.md: -------------------------------------------------------------------------------- 1 | ## OBJECTIVE : 2 | - To create an EC2 instance. 3 | - Saving the private IP of provisioned instance in local file `private_ips.txt` 4 | - 'Output' the public IP of the instance on the console 5 | 6 | 7 | 8 | ## The following commands will be executed. 9 | 10 | - Initialization 11 | 12 | ```bash 13 | $ terraform init -var-file=../../terraform.tfvars 14 | ``` 15 | 16 | - Planning 17 | 18 | ```bash 19 | $ terraform plan -var-file=../../terraform.tfvars 20 | ... 21 | Plan: 1 to add, 0 to change, 0 to destroy. 22 | ... 23 | ``` 24 | 25 | - Apply 26 | ```bash 27 | $ terraform apply -var-file=../../terraform.tfvars 28 | ... 29 | Enter a value: yes 30 | ... 31 | aws_instance.web: Provisioning with 'local-exec'... 32 | aws_instance.web (local-exec): Executing: ["/bin/sh" "-c" "echo 172.31.84.47 >> private_ips.txt"] 33 | aws_instance.web: Creation complete after 32s [id=i-05cea08cdcea5a334] 34 | 35 | ... 36 | Apply complete! Resources: 1 added, 0 changed, 0 destroyed. 37 | 38 | Outputs: 39 | 40 | ip = 54.242.130.22 41 | 42 | $ cat private_ips.txt 43 | 172.31.84.47 44 | ``` 45 | 46 | 47 | 48 | - Destroy 49 | ```bash 50 | $ terraform destroy -var-file=../../terraform.tfvars 51 | ... 52 | Enter a value: yes 53 | ... 54 | Destroy complete! Resources: 1 destroyed. 55 | ``` -------------------------------------------------------------------------------- /aws/task-004-vars-provider-ec2-output/private_ips.txt: -------------------------------------------------------------------------------- 1 | 172.31.84.47 2 | -------------------------------------------------------------------------------- /aws/task-004-vars-provider-ec2-output/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /aws/task-005-vars-provider-ec2-remoteStateInS3/.ReadMe_images/s3-bucket-creation-screen.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codeaprendiz/learn_terraform/eda51b8c8c077fbea5b79cc0082441b710c44ebd/aws/task-005-vars-provider-ec2-remoteStateInS3/.ReadMe_images/s3-bucket-creation-screen.png -------------------------------------------------------------------------------- /aws/task-005-vars-provider-ec2-remoteStateInS3/.ReadMe_images/terraform-remote-state-on-s3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codeaprendiz/learn_terraform/eda51b8c8c077fbea5b79cc0082441b710c44ebd/aws/task-005-vars-provider-ec2-remoteStateInS3/.ReadMe_images/terraform-remote-state-on-s3.png -------------------------------------------------------------------------------- /aws/task-005-vars-provider-ec2-remoteStateInS3/00-vars.tf: -------------------------------------------------------------------------------- 1 | variable "AWS_ACCESS_KEY" { 2 | } 3 | 4 | variable "AWS_SECRET_KEY" { 5 | } 6 | 7 | variable "AWS_REGION" { 8 | default = "us-east-1" 9 | } 10 | 11 | variable "instance_type" { 12 | description = "type for aws EC2 instance" 13 | default = "t2.micro" 14 | } 15 | 16 | 17 | -------------------------------------------------------------------------------- /aws/task-005-vars-provider-ec2-remoteStateInS3/05-provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | access_key = var.AWS_ACCESS_KEY 3 | secret_key = var.AWS_SECRET_KEY 4 | region = var.AWS_REGION 5 | } 6 | 7 | -------------------------------------------------------------------------------- /aws/task-005-vars-provider-ec2-remoteStateInS3/10-instance.tf: -------------------------------------------------------------------------------- 1 | data "aws_ami" "ubuntu" { 2 | most_recent = true 3 | 4 | filter { 5 | name = "name" 6 | values = ["ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*"] 7 | } 8 | 9 | filter { 10 | name = "virtualization-type" 11 | values = ["hvm"] 12 | } 13 | 14 | owners = ["099720109477"] # Canonical 15 | } 16 | 17 | resource "aws_instance" "web" { 18 | ami = data.aws_ami.ubuntu.id 19 | instance_type = "t2.micro" 20 | 21 | tags = { 22 | Name = "HelloWorld" 23 | } 24 | } 25 | 26 | 27 | 28 | -------------------------------------------------------------------------------- /aws/task-005-vars-provider-ec2-remoteStateInS3/15-backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "s3" { 3 | bucket = "terraform-kitchen-remote-state" 4 | key = "terraform-remote-state-key" 5 | } 6 | } -------------------------------------------------------------------------------- /aws/task-005-vars-provider-ec2-remoteStateInS3/ReadMe.md: -------------------------------------------------------------------------------- 1 | ## OBJECTIVE : 2 | - To create an EC2 instance. 3 | - Save the remote state in an S3 bucket created manually. 4 | 5 | ## First manually create an S3 bucket by following steps 6 | 7 | - Step1) 8 | 9 | ![](.ReadMe_images/s3-bucket-creation-screen.png) 10 | 11 | 12 | ## The following commands will be executed. 13 | 14 | - Initialization 15 | 16 | Before running `terraform init` you will have to run `aws configure` 17 | ```bash 18 | $ aws configure 19 | AWS Access Key ID [None]: YOUR_ACCESS_KEY_ID 20 | AWS Secret Access Key [None]: YOUR_SECRET_ACCESS_KEY 21 | Default region name [None]: us-east-1 22 | Default output format [None]: 23 | ``` 24 | 25 | 26 | ```bash 27 | $ terraform init 28 | Initializing the backend... 29 | region 30 | The region of the S3 bucket. 31 | 32 | Enter a value: us-east-1 33 | 34 | 35 | Successfully configured the backend "s3"! Terraform will automatically 36 | use this backend unless the backend configuration changes. 37 | ... 38 | ``` 39 | 40 | - Planning 41 | 42 | ```bash 43 | $ terraform plan -var-file=../../terraform.tfvars 44 | ... 45 | Plan: 1 to add, 0 to change, 0 to destroy. 46 | ... 47 | ``` 48 | 49 | - Apply 50 | ```bash 51 | $ terraform apply -var-file=../../terraform.tfvars 52 | ... 53 | Enter a value: yes 54 | ... 55 | Apply complete! Resources: 1 added, 0 changed, 0 destroyed. 56 | ``` 57 | 58 | 59 | - Login and check if the remote state has been stored in the S3 bucket with the key `terraform-remote-state-key` 60 | 61 | ![](.ReadMe_images/terraform-remote-state-on-s3.png) 62 | 63 | 64 | - Destroy 65 | ```bash 66 | $ terraform destroy -var-file=../../terraform.tfvars 67 | ... 68 | Enter a value: yes 69 | ... 70 | Destroy complete! Resources: 1 destroyed. 71 | ``` -------------------------------------------------------------------------------- /aws/task-005-vars-provider-ec2-remoteStateInS3/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /aws/task-006-defaultVPC-defaultSbnt-modules-kp/00-vars.tf: -------------------------------------------------------------------------------- 1 | variable "AWS_REGION" { 2 | default = "us-east-1" 3 | } 4 | 5 | variable "PATH_TO_PRIVATE_KEY" { 6 | description = "Private key path" 7 | default = "mykey" 8 | } 9 | 10 | variable "PATH_TO_PUBLIC_KEY" { 11 | description = "Public key path" 12 | default = "mykey.pub" 13 | } 14 | 15 | 16 | -------------------------------------------------------------------------------- /aws/task-006-defaultVPC-defaultSbnt-modules-kp/05-provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.AWS_REGION 3 | } 4 | 5 | -------------------------------------------------------------------------------- /aws/task-006-defaultVPC-defaultSbnt-modules-kp/10-default_vpc.tf: -------------------------------------------------------------------------------- 1 | # these resources are added to provide the vpc_id and subnets to the consul module 2 | # aws_default_* are resources that terraform doesn't creat, rather adopt 3 | 4 | # default VPC 5 | resource "aws_default_vpc" "default" { 6 | tags = { 7 | Name = "Default VPC" 8 | } 9 | } 10 | 11 | # default subnets 12 | resource "aws_default_subnet" "default_az1" { 13 | availability_zone = "${var.AWS_REGION}a" 14 | 15 | tags = { 16 | Name = "Default subnet for ${var.AWS_REGION}a" 17 | } 18 | } 19 | 20 | resource "aws_default_subnet" "default_az2" { 21 | availability_zone = "${var.AWS_REGION}b" 22 | 23 | tags = { 24 | Name = "Default subnet for ${var.AWS_REGION}b" 25 | } 26 | } 27 | 28 | resource "aws_default_subnet" "default_az3" { 29 | availability_zone = "${var.AWS_REGION}c" 30 | 31 | tags = { 32 | Name = "Default subnet for ${var.AWS_REGION}c" 33 | } 34 | } 35 | 36 | -------------------------------------------------------------------------------- /aws/task-006-defaultVPC-defaultSbnt-modules-kp/15-modules.tf: -------------------------------------------------------------------------------- 1 | //After you run 'terraform get' the module will get downloaded in .terraform directory 2 | // Note that the module requires a set of input variables like key_name, key_path etc, does the task. You can output values as well. 3 | 4 | 5 | 6 | module "consul" { 7 | source = "github.com/wardviaene/terraform-consul-module.git?ref=terraform-0.12" 8 | key_name = aws_key_pair.mykey.key_name 9 | key_path = var.PATH_TO_PRIVATE_KEY 10 | region = var.AWS_REGION 11 | vpc_id = aws_default_vpc.default.id 12 | subnets = { 13 | "0" = aws_default_subnet.default_az1.id 14 | "1" = aws_default_subnet.default_az2.id 15 | "2" = aws_default_subnet.default_az3.id 16 | } 17 | } 18 | 19 | output "consul-output" { 20 | value = module.consul.server_address 21 | } 22 | 23 | -------------------------------------------------------------------------------- /aws/task-006-defaultVPC-defaultSbnt-modules-kp/20-key.tf: -------------------------------------------------------------------------------- 1 | resource "aws_key_pair" "mykey" { 2 | key_name = "mykey" 3 | public_key = file(var.PATH_TO_PUBLIC_KEY) 4 | } 5 | 6 | -------------------------------------------------------------------------------- /aws/task-006-defaultVPC-defaultSbnt-modules-kp/ReadMe.md: -------------------------------------------------------------------------------- 1 | ## Objective 2 | - Default VPC and Default Availability Zones (a, b, c) created 3 | - Using a [module](https://www.terraform.io/docs/configuration/modules.html) in terraform. 4 | The module will take some inputs and achieve some functionality. 5 | 6 | ## Steps 7 | 8 | - Generate the keys (the ones commited are for sample only) 9 | ```bash 10 | $ ssh-keygen -f mykey 11 | ``` 12 | 13 | - Run the following to download the module to your local 14 | ```bash 15 | $ terraform get 16 | Downloading github.com/wardviaene/terraform-consul-module.git?ref=terraform-0.12 for consul... 17 | - consul in .terraform/modules/consul 18 | ``` 19 | 20 | 21 | - Module that will get downloaded after this would be 22 | ```bash 23 | $ cd .terraform 24 | $ tree 25 | . 26 | └── modules 27 | ├── consul 28 | │   ├── README.md 29 | │   ├── consul.tf 30 | │   ├── outputs.tf 31 | │   ├── shared 32 | │   │   └── scripts 33 | │   │   ├── debian_consul.service 34 | │   │   ├── debian_upstart.conf 35 | │   │   ├── install.sh 36 | │   │   ├── ip_tables.sh 37 | │   │   ├── rhel_consul.service 38 | │   │   ├── rhel_upstart.conf 39 | │   │   └── service.sh 40 | │   └── variables.tf 41 | └── modules.json 42 | 43 | ``` 44 | 45 | 46 | - Plan 47 | ```bash 48 | terraform plan -var-file=../../terraform.tfvars 49 | ``` 50 | 51 | - Apply 52 | ```bash 53 | terraform apply -var-file=../../terraform.tfvars 54 | ``` 55 | 56 | - You can login into the instance using mykey 57 | ```bash 58 | $ ssh -i mykey ubuntu@54.87.20.78 59 | . 60 | . 61 | . 62 | ubuntu@ip-172-31-39-91:~$ 63 | ``` 64 | 65 | 66 | - Destroy 67 | ```bash 68 | terraform destroy -var-file=../../terraform.tfvars 69 | ``` -------------------------------------------------------------------------------- /aws/task-006-defaultVPC-defaultSbnt-modules-kp/mykey: -------------------------------------------------------------------------------- 1 | -----BEGIN OPENSSH PRIVATE KEY----- 2 | b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn 3 | 4 | . 5 | . 6 | . 7 | . 8 | 4L5w98yGDRxEN5MAAAAoYW5raXRzaW5naHJhdGhpQEFua2l0cy1NYWNCb29rLVByby5sb2 9 | NhbAECAw== 10 | -----END OPENSSH PRIVATE KEY----- 11 | -------------------------------------------------------------------------------- /aws/task-006-defaultVPC-defaultSbnt-modules-kp/mykey.pub: -------------------------------------------------------------------------------- 1 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3Ip6NTP164LpnIQdvTI0m4guovOhDsyiam+MqpXbXbW3HGHzV608knoPtwJ3k40CDvD0+Wh5323iT69ZcXxSBgkK6dt3Wl/W1Za2VYM3Y7yZdixnwrjP4xcp+ZF3TAnyhNAE17XFArw4av2WjErLqMiS58qli+eaBL2OR5aMIHs6vzarYn/mErWkkGnfKm1TlRhtqOgF8R+k8o8hG3uh37dxgPpP8uUuNWNzs0uQF821rEKIcLjpHVxwQRgEj5nQT4oJUeGoo0AaaExfjhQ5JXb+BVxLckMFPVqEzlt1KWYBm0zTIGUsp74flbTglSvjh9Q2Nhs10XajfTBLOaPf9 ankitsinghrathi@Ankits-MacBook-Pro.local 2 | -------------------------------------------------------------------------------- /aws/task-006-defaultVPC-defaultSbnt-modules-kp/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /aws/task-007-customVPC-igw-sbnt-rt-sg-kp-ec2/.README_images/CIDR_created_VPC.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codeaprendiz/learn_terraform/eda51b8c8c077fbea5b79cc0082441b710c44ebd/aws/task-007-customVPC-igw-sbnt-rt-sg-kp-ec2/.README_images/CIDR_created_VPC.png -------------------------------------------------------------------------------- /aws/task-007-customVPC-igw-sbnt-rt-sg-kp-ec2/.README_images/ec2_instance_screen.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codeaprendiz/learn_terraform/eda51b8c8c077fbea5b79cc0082441b710c44ebd/aws/task-007-customVPC-igw-sbnt-rt-sg-kp-ec2/.README_images/ec2_instance_screen.png -------------------------------------------------------------------------------- /aws/task-007-customVPC-igw-sbnt-rt-sg-kp-ec2/.README_images/instance_tag_screen.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codeaprendiz/learn_terraform/eda51b8c8c077fbea5b79cc0082441b710c44ebd/aws/task-007-customVPC-igw-sbnt-rt-sg-kp-ec2/.README_images/instance_tag_screen.png -------------------------------------------------------------------------------- /aws/task-007-customVPC-igw-sbnt-rt-sg-kp-ec2/.README_images/internet_gateway_screen.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codeaprendiz/learn_terraform/eda51b8c8c077fbea5b79cc0082441b710c44ebd/aws/task-007-customVPC-igw-sbnt-rt-sg-kp-ec2/.README_images/internet_gateway_screen.png -------------------------------------------------------------------------------- /aws/task-007-customVPC-igw-sbnt-rt-sg-kp-ec2/.README_images/login_ec2_dashboard.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codeaprendiz/learn_terraform/eda51b8c8c077fbea5b79cc0082441b710c44ebd/aws/task-007-customVPC-igw-sbnt-rt-sg-kp-ec2/.README_images/login_ec2_dashboard.png -------------------------------------------------------------------------------- /aws/task-007-customVPC-igw-sbnt-rt-sg-kp-ec2/.README_images/network_acl_screen.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codeaprendiz/learn_terraform/eda51b8c8c077fbea5b79cc0082441b710c44ebd/aws/task-007-customVPC-igw-sbnt-rt-sg-kp-ec2/.README_images/network_acl_screen.png -------------------------------------------------------------------------------- /aws/task-007-customVPC-igw-sbnt-rt-sg-kp-ec2/.README_images/resources_screen.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codeaprendiz/learn_terraform/eda51b8c8c077fbea5b79cc0082441b710c44ebd/aws/task-007-customVPC-igw-sbnt-rt-sg-kp-ec2/.README_images/resources_screen.png -------------------------------------------------------------------------------- /aws/task-007-customVPC-igw-sbnt-rt-sg-kp-ec2/.README_images/route_table_association.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codeaprendiz/learn_terraform/eda51b8c8c077fbea5b79cc0082441b710c44ebd/aws/task-007-customVPC-igw-sbnt-rt-sg-kp-ec2/.README_images/route_table_association.png -------------------------------------------------------------------------------- /aws/task-007-customVPC-igw-sbnt-rt-sg-kp-ec2/.README_images/route_table_screen.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codeaprendiz/learn_terraform/eda51b8c8c077fbea5b79cc0082441b710c44ebd/aws/task-007-customVPC-igw-sbnt-rt-sg-kp-ec2/.README_images/route_table_screen.png -------------------------------------------------------------------------------- /aws/task-007-customVPC-igw-sbnt-rt-sg-kp-ec2/.README_images/security_groups_screen.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codeaprendiz/learn_terraform/eda51b8c8c077fbea5b79cc0082441b710c44ebd/aws/task-007-customVPC-igw-sbnt-rt-sg-kp-ec2/.README_images/security_groups_screen.png -------------------------------------------------------------------------------- /aws/task-007-customVPC-igw-sbnt-rt-sg-kp-ec2/.README_images/subnet_screen.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codeaprendiz/learn_terraform/eda51b8c8c077fbea5b79cc0082441b710c44ebd/aws/task-007-customVPC-igw-sbnt-rt-sg-kp-ec2/.README_images/subnet_screen.png -------------------------------------------------------------------------------- /aws/task-007-customVPC-igw-sbnt-rt-sg-kp-ec2/.README_images/volumes_screen.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codeaprendiz/learn_terraform/eda51b8c8c077fbea5b79cc0082441b710c44ebd/aws/task-007-customVPC-igw-sbnt-rt-sg-kp-ec2/.README_images/volumes_screen.png -------------------------------------------------------------------------------- /aws/task-007-customVPC-igw-sbnt-rt-sg-kp-ec2/.README_images/vpc_screen.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codeaprendiz/learn_terraform/eda51b8c8c077fbea5b79cc0082441b710c44ebd/aws/task-007-customVPC-igw-sbnt-rt-sg-kp-ec2/.README_images/vpc_screen.png -------------------------------------------------------------------------------- /aws/task-007-customVPC-igw-sbnt-rt-sg-kp-ec2/00-var.tf: -------------------------------------------------------------------------------- 1 | // from ENV 2 | 3 | variable "cidr_vpc" { 4 | description = "CIDR block for the VPC" 5 | default = "10.1.0.0/16" 6 | } 7 | variable "cidr_subnet" { 8 | description = "CIDR block for the subnet" 9 | default = "10.1.0.0/24" 10 | } 11 | variable "availability_zone" { 12 | description = "availability zone to create subnet" 13 | default = "us-east-2a" 14 | } 15 | variable "public_key_path" { 16 | description = "Public key path" 17 | default = "~/.ssh/id_rsa.pub" 18 | } 19 | variable "instance_ami" { 20 | description = "AMI for aws EC2 instance" 21 | default = "ami-0cf31d971a3ca20d6" 22 | } 23 | variable "instance_type" { 24 | description = "type for aws EC2 instance" 25 | default = "t2.micro" 26 | } 27 | variable "environment_tag" { 28 | description = "Environment tag" 29 | default = "Production" 30 | } -------------------------------------------------------------------------------- /aws/task-007-customVPC-igw-sbnt-rt-sg-kp-ec2/05-vpc.tf: -------------------------------------------------------------------------------- 1 | //We are going to create VPC with defined CIDR block, enable DNS support and DNS hostnames so each instance can have a DNS name along with IP address. 2 | 3 | // https://www.terraform.io/docs/providers/aws/r/vpc.html 4 | 5 | resource "aws_vpc" "vpc" { 6 | cidr_block = var.cidr_vpc 7 | enable_dns_support = true 8 | enable_dns_hostnames = true 9 | tags = { 10 | Environment = var.environment_tag 11 | } 12 | } 13 | 14 | -------------------------------------------------------------------------------- /aws/task-007-customVPC-igw-sbnt-rt-sg-kp-ec2/10-igw.tf: -------------------------------------------------------------------------------- 1 | //Internet gateway needs to be added inside VPC which can be used by subnet to access the internet from inside. 2 | resource "aws_internet_gateway" "igw" { 3 | vpc_id = aws_vpc.vpc.id 4 | tags = { 5 | Environment = var.environment_tag 6 | } 7 | } -------------------------------------------------------------------------------- /aws/task-007-customVPC-igw-sbnt-rt-sg-kp-ec2/15-subnet.tf: -------------------------------------------------------------------------------- 1 | // The subnet is added inside VPC with its own CIDR block which is a subset of VPC CIDR block inside given availability zone. 2 | 3 | resource "aws_subnet" "subnet_public" { 4 | vpc_id = aws_vpc.vpc.id 5 | cidr_block = var.cidr_subnet 6 | map_public_ip_on_launch = "true" 7 | availability_zone = var.availability_zone 8 | tags = { 9 | Environment = var.environment_tag 10 | } 11 | } -------------------------------------------------------------------------------- /aws/task-007-customVPC-igw-sbnt-rt-sg-kp-ec2/20-route-tables.tf: -------------------------------------------------------------------------------- 1 | // Route table needs to be added which uses internet gateway to access the internet. 2 | 3 | resource "aws_route_table" "rtb_public" { 4 | vpc_id = aws_vpc.vpc.id 5 | route { 6 | cidr_block = "0.0.0.0/0" 7 | gateway_id = aws_internet_gateway.igw.id 8 | } 9 | tags = { 10 | Environment = var.environment_tag 11 | } 12 | } 13 | 14 | // Once route table is created, we need to associate it with the subnet to make our subnet public. 15 | 16 | resource "aws_route_table_association" "rta_subnet_public" { 17 | subnet_id = aws_subnet.subnet_public.id 18 | route_table_id = aws_route_table.rtb_public.id 19 | } -------------------------------------------------------------------------------- /aws/task-007-customVPC-igw-sbnt-rt-sg-kp-ec2/25-security-group.tf: -------------------------------------------------------------------------------- 1 | // Once we have our networking setup ready, we need to create an EC2 instance in which we can SSH using port 22. 2 | // For this, we first need to create a security group which can be attached to our EC2 instance while creation. 3 | 4 | resource "aws_security_group" "sg_22" { 5 | name = "sg_22" 6 | vpc_id = aws_vpc.vpc.id 7 | ingress { 8 | from_port = 22 9 | to_port = 22 10 | protocol = "tcp" 11 | cidr_blocks = ["0.0.0.0/0"] 12 | } 13 | egress { 14 | from_port = 0 15 | to_port = 0 16 | protocol = "-1" 17 | cidr_blocks = ["0.0.0.0/0"] 18 | } 19 | tags = { 20 | Environment = var.environment_tag 21 | } 22 | } -------------------------------------------------------------------------------- /aws/task-007-customVPC-igw-sbnt-rt-sg-kp-ec2/30-keypair.tf: -------------------------------------------------------------------------------- 1 | // Let’s create a key pair which we are going to use to SSH on our EC2 2 | 3 | resource "aws_key_pair" "ec2key" { 4 | key_name = "publicKey" 5 | public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDLmviSRpF6tvGLpMExQZ94I9mqhVtINyjH1rEeDwSPB+1v00P608klF++uhRvREUyNID/i2w1cwjOi9H1isoZNoVaSKdiVIqEIp2HaIhTtKTo+NqVCdIeQXnwK2bS/OeIVScYn6YZjPAcWgMk0GH1q9zIn+sz1own3QxD4qysvoqN5bD9BxsDboLxKw803jJlcjRiSrdWbmEOoIXrEbv9t99ZxsYLIDIDZJskiAcvqKEywt+dRpvM/49c3pJ5JVluNNJypTObM2GI4piC1TcOL6xMgs+UsbDgEsHPYHXZnYENX/GGXYJcdDITCtMHap8O33EvOh5piIXHF6kQEgXDRCE61AEWnHQeGERJtTqlCiBAUUDNzAHt9UjZJVmioLJ+vLeW9M3KjUCh5MWxZ7hIJ7xvLxermNlRahzTlaGLhvkiyoaUyuh+qhpBIfCv7lioLaagv9jegc6AErMqDGFgPieJh479z+QqagPODwP0UB0jt07b7V/3csImEiy1aKY2wOQriXCkcAnSvKuAuiT2a2gOfPMJlzVd8hLrA2f5YuLWLm8p8rLXvkNSJ8YKNbQx1z5pII9R54YEOixjgp9bDNJL39ekrxlzLj72gpWg+AF+FFVNJ4gfZDjBSxUbkPhox7jhIV4DOCvc6W5uLkCXe62R9aNn1/Hkxcq99eoen1w== codeaprendiz@gmail.com" 6 | } -------------------------------------------------------------------------------- /aws/task-007-customVPC-igw-sbnt-rt-sg-kp-ec2/35-ec2-instance.tf: -------------------------------------------------------------------------------- 1 | // Once everything is ready, let us start an EC2 instance within our public subnet with created key pair and security group. 2 | 3 | //Login with ec2_user@PUBLIC_IP 4 | resource "aws_instance" "testInstance" { 5 | ami = var.instance_ami 6 | instance_type = var.instance_type 7 | subnet_id = aws_subnet.subnet_public.id 8 | vpc_security_group_ids = [aws_security_group.sg_22.id] 9 | key_name = aws_key_pair.ec2key.key_name 10 | tags = { 11 | Environment = var.environment_tag 12 | } 13 | } -------------------------------------------------------------------------------- /aws/task-007-customVPC-igw-sbnt-rt-sg-kp-ec2/README.md: -------------------------------------------------------------------------------- 1 | ## OBJECTIVE : 2 | - To set up a custom VPC with given CIDR with attached internet gateway. 3 | - Associate a subnet (with subset CIDR) to the VPC. 4 | - Create route-tables to make the subnet public 5 | - Create security group (for ssh) and keypair (for ssh) 6 | - Start EC2 instance in public subnet and login into the instance. 7 | 8 | #### Before executing you should have created AWS_ACCESS_KEY_ID AND AWS_SECRET_ACCESS_KEY with administrative privileges. 9 | 10 | - Export the keys in your current shell by using following commands 11 | 12 | ```bash 13 | export AWS_ACCESS_KEY_ID=YOUR_ACCESS_KEY_ID 14 | export AWS_SECRET_ACCESS_KEY=YOUR_SECRET_ACCESS_KEY 15 | ``` 16 | 17 | #### The following sequence of commands will be executed. 18 | > terraform init 19 | 20 | ```bash 21 | $ terraform init 22 | Initializing the backend... 23 | . 24 | . 25 | . 26 | commands will detect it and remind you to do so if necessary. 27 | ``` 28 | 29 | 30 | > terraform plan 31 | 32 | ```bash 33 | $ terraform plan 34 | provider.aws.region 35 | . 36 | . 37 | . 38 | "terraform apply" is subsequently run. 39 | ``` 40 | 41 | > terraform apply 42 | 43 | ```bash 44 | $ terraform apply 45 | provider.aws.region 46 | . 47 | . 48 | . 49 | Plan: 8 to add, 0 to change, 0 to destroy. 50 | 51 | Do you want to perform these actions? 52 | Terraform will perform the actions described above. 53 | Only 'yes' will be accepted to approve. 54 | 55 | Enter a value: yes 56 | . 57 | . 58 | . 59 | Apply complete! Resources: 8 added, 0 changed, 0 destroyed. 60 | ``` 61 | 62 | 63 | 64 | - Now login into the instance 65 | 66 | ```bash 67 | $ ssh ec2-user@3.14.246.44 68 | The authenticity of host '3.14.246.44 (3.14.246.44)' can't be established. 69 | ECDSA key fingerprint is SHA256:B0bvqitocFpOItQbzZkFCXBrZV9xdb3b0VRwb/Ked0s. 70 | Are you sure you want to continue connecting (yes/no)? yes 71 | Warning: Permanently added '3.14.246.44' (ECDSA) to the list of known hosts. 72 | 73 | __| __|_ ) 74 | _| ( / Amazon Linux 2 AMI 75 | ___|\___|___| 76 | 77 | https://aws.amazon.com/amazon-linux-2/ 78 | 48 package(s) needed for security, out of 336 available 79 | Run "sudo yum update" to apply all updates. 80 | [ec2-user@ip-10-1-0-247 ~]$ 81 | ``` 82 | 83 | - To destroy the resources 84 | > terraform destroy 85 | 86 | ```bash 87 | $ terraform destroy 88 | . 89 | . 90 | . 91 | Destroy complete! Resources: 8 destroyed. 92 | ``` 93 | 94 | 95 | #### Now let's login into the console and check 96 | 97 | - VPC screen 98 | 99 | ![](.README_images/vpc_screen.png) 100 | 101 | - CIDR in VPC 102 | 103 | ![](.README_images/CIDR_created_VPC.png) 104 | 105 | - Internet Gateways 106 | 107 | ![](.README_images/internet_gateway_screen.png) 108 | 109 | - Subnet created 110 | 111 | ![](.README_images/subnet_screen.png) 112 | 113 | - Route table association 114 | 115 | ![](.README_images/route_table_association.png) 116 | 117 | - Network ACLs 118 | 119 | ![](.README_images/network_acl_screen.png) 120 | 121 | - Route Tables 122 | 123 | ![](.README_images/route_table_screen.png) 124 | 125 | - Login EC2 dashboard 126 | 127 | ![](.README_images/login_ec2_dashboard.png) 128 | 129 | - EC2 instance screen 130 | 131 | ![](.README_images/ec2_instance_screen.png) 132 | 133 | - Instance Tag 134 | 135 | ![](.README_images/instance_tag_screen.png) 136 | 137 | - Security groups 138 | 139 | ![](.README_images/security_groups_screen.png) 140 | 141 | - Volumes Screen 142 | 143 | ![](.README_images/volumes_screen.png) 144 | 145 | 146 | - Finally Resources Screen 147 | 148 | ![](.README_images/resources_screen.png) 149 | 150 | 151 | 152 | 153 | 154 | -------------------------------------------------------------------------------- /aws/task-007-customVPC-igw-sbnt-rt-sg-kp-ec2/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /aws/task-008-customVPC-3PriSbnts-3PubSbnts-nat-igw-rt/00-vars.tf: -------------------------------------------------------------------------------- 1 | variable "AWS_REGION" { 2 | default = "us-east-1" 3 | } 4 | 5 | variable "PATH_TO_PRIVATE_KEY" { 6 | default = "~/.ssh/id_rsa" 7 | } 8 | 9 | variable "PATH_TO_PUBLIC_KEY" { 10 | default = "~/.ssh/id_rsa.pub" 11 | } 12 | 13 | -------------------------------------------------------------------------------- /aws/task-008-customVPC-3PriSbnts-3PubSbnts-nat-igw-rt/05-provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.AWS_REGION 3 | } 4 | 5 | -------------------------------------------------------------------------------- /aws/task-008-customVPC-3PriSbnts-3PubSbnts-nat-igw-rt/15-vpc.tf: -------------------------------------------------------------------------------- 1 | # Internet VPC 2 | resource "aws_vpc" "main" { 3 | cidr_block = "10.0.0.0/16" 4 | instance_tenancy = "default" 5 | enable_dns_support = "true" 6 | enable_dns_hostnames = "true" 7 | enable_classiclink = "false" 8 | tags = { 9 | Name = "main" 10 | } 11 | } 12 | 13 | # Subnets 14 | resource "aws_subnet" "main-public-1" { 15 | vpc_id = aws_vpc.main.id 16 | cidr_block = "10.0.1.0/24" 17 | map_public_ip_on_launch = "true" 18 | availability_zone = "us-east-1a" 19 | 20 | tags = { 21 | Name = "main-public-1" 22 | } 23 | } 24 | 25 | resource "aws_subnet" "main-public-2" { 26 | vpc_id = aws_vpc.main.id 27 | cidr_block = "10.0.2.0/24" 28 | map_public_ip_on_launch = "true" 29 | availability_zone = "us-east-1b" 30 | 31 | tags = { 32 | Name = "main-public-2" 33 | } 34 | } 35 | 36 | resource "aws_subnet" "main-public-3" { 37 | vpc_id = aws_vpc.main.id 38 | cidr_block = "10.0.3.0/24" 39 | map_public_ip_on_launch = "true" 40 | availability_zone = "us-east-1c" 41 | 42 | tags = { 43 | Name = "main-public-3" 44 | } 45 | } 46 | 47 | resource "aws_subnet" "main-private-1" { 48 | vpc_id = aws_vpc.main.id 49 | cidr_block = "10.0.4.0/24" 50 | map_public_ip_on_launch = "false" 51 | availability_zone = "us-east-1a" 52 | 53 | tags = { 54 | Name = "main-private-1" 55 | } 56 | } 57 | 58 | resource "aws_subnet" "main-private-2" { 59 | vpc_id = aws_vpc.main.id 60 | cidr_block = "10.0.5.0/24" 61 | map_public_ip_on_launch = "false" 62 | availability_zone = "us-east-1b" 63 | 64 | tags = { 65 | Name = "main-private-2" 66 | } 67 | } 68 | 69 | resource "aws_subnet" "main-private-3" { 70 | vpc_id = aws_vpc.main.id 71 | cidr_block = "10.0.6.0/24" 72 | map_public_ip_on_launch = "false" 73 | availability_zone = "us-east-1c" 74 | 75 | tags = { 76 | Name = "main-private-3" 77 | } 78 | } 79 | 80 | # Internet GW 81 | resource "aws_internet_gateway" "main-gw" { 82 | vpc_id = aws_vpc.main.id 83 | 84 | tags = { 85 | Name = "main" 86 | } 87 | } 88 | 89 | # route tables 90 | resource "aws_route_table" "main-public" { 91 | vpc_id = aws_vpc.main.id 92 | route { 93 | cidr_block = "0.0.0.0/0" 94 | gateway_id = aws_internet_gateway.main-gw.id 95 | } 96 | 97 | tags = { 98 | Name = "main-public-1" 99 | } 100 | } 101 | 102 | # route associations public 103 | resource "aws_route_table_association" "main-public-1-a" { 104 | subnet_id = aws_subnet.main-public-1.id 105 | route_table_id = aws_route_table.main-public.id 106 | } 107 | 108 | resource "aws_route_table_association" "main-public-2-a" { 109 | subnet_id = aws_subnet.main-public-2.id 110 | route_table_id = aws_route_table.main-public.id 111 | } 112 | 113 | resource "aws_route_table_association" "main-public-3-a" { 114 | subnet_id = aws_subnet.main-public-3.id 115 | route_table_id = aws_route_table.main-public.id 116 | } 117 | 118 | -------------------------------------------------------------------------------- /aws/task-008-customVPC-3PriSbnts-3PubSbnts-nat-igw-rt/20-nat.tf: -------------------------------------------------------------------------------- 1 | # nat gw 2 | resource "aws_eip" "nat" { 3 | vpc = true 4 | } 5 | 6 | resource "aws_nat_gateway" "nat-gw" { 7 | allocation_id = aws_eip.nat.id 8 | subnet_id = aws_subnet.main-public-1.id 9 | depends_on = [aws_internet_gateway.main-gw] 10 | } 11 | 12 | # VPC setup for NAT 13 | resource "aws_route_table" "main-private" { 14 | vpc_id = aws_vpc.main.id 15 | route { 16 | cidr_block = "0.0.0.0/0" 17 | nat_gateway_id = aws_nat_gateway.nat-gw.id 18 | } 19 | 20 | tags = { 21 | Name = "main-private-1" 22 | } 23 | } 24 | 25 | # route associations private 26 | resource "aws_route_table_association" "main-private-1-a" { 27 | subnet_id = aws_subnet.main-private-1.id 28 | route_table_id = aws_route_table.main-private.id 29 | } 30 | 31 | resource "aws_route_table_association" "main-private-2-a" { 32 | subnet_id = aws_subnet.main-private-2.id 33 | route_table_id = aws_route_table.main-private.id 34 | } 35 | 36 | resource "aws_route_table_association" "main-private-3-a" { 37 | subnet_id = aws_subnet.main-private-3.id 38 | route_table_id = aws_route_table.main-private.id 39 | } 40 | 41 | -------------------------------------------------------------------------------- /aws/task-008-customVPC-3PriSbnts-3PubSbnts-nat-igw-rt/ReadMe.md: -------------------------------------------------------------------------------- 1 | ## Objective 2 | 3 | 1) To create a custom VPC with CIDR block 10.0.0.0/16 4 | 2) To create 3 public subnets (main-public-1, main-public-2, main-public-3). Accordingly choose their CIDR blocks. 5 | 3) To create 3 private subnets (main-private-1, main-private-2, main-private-3). Accordingly choose their CIDR blocks. 6 | 4) To create an internet gateway resource 7 | 5) To create a main-public route table to have a route to internet (0.0.0.0/0) via the internet gateway and associate this route table to all the 3 public subnets. 8 | 6) To create an elastic IP, NAT gateway and associate that elastic IP with NAT gateway 9 | 7) To create a private route table to have a route to internet (0.0.0.0/0) via the NAT gateway. Associate this private route table to all the 3 private subnets. 10 | 11 | 12 | ## Lets Begin 13 | 14 | 15 | 16 | - init 17 | ```bash 18 | terraform init 19 | ``` 20 | 21 | - plan 22 | ```bash 23 | $ terraform plan -var-file=../../terraform.tfvars 24 | . 25 | . 26 | . 27 | Plan: 18 to add, 0 to change, 0 to destroy. 28 | ``` 29 | 30 | 31 | - apply 32 | ```bash 33 | $ terraform apply -var-file=../../terraform.tfvars 34 | . 35 | . 36 | . 37 | Apply complete! Resources: 18 added, 0 changed, 0 destroyed. 38 | ``` 39 | 40 | - destroy 41 | ```bash 42 | $ terraform destroy -var-file=../../terraform.tfvars 43 | 44 | Destroy complete! Resources: 18 destroyed. 45 | ``` -------------------------------------------------------------------------------- /aws/task-008-customVPC-3PriSbnts-3PubSbnts-nat-igw-rt/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /aws/task-009-customVPC-3PriSbnts-3PubSbnts-nat-igw-rt-ec2-ebs/00-vars.tf: -------------------------------------------------------------------------------- 1 | variable "AWS_REGION" { 2 | default = "us-east-1" 3 | } 4 | 5 | variable "PATH_TO_PRIVATE_KEY" { 6 | default = "~/.ssh/id_rsa" 7 | } 8 | 9 | variable "PATH_TO_PUBLIC_KEY" { 10 | default = "~/.ssh/id_rsa.pub" 11 | } 12 | 13 | variable "AMIS" { 14 | type = map(string) 15 | default = { 16 | us-east-1 = "ami-13be557e" 17 | us-west-2 = "ami-06b94666" 18 | eu-west-1 = "ami-844e0bf7" 19 | } 20 | } -------------------------------------------------------------------------------- /aws/task-009-customVPC-3PriSbnts-3PubSbnts-nat-igw-rt-ec2-ebs/05-provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.AWS_REGION 3 | } 4 | 5 | -------------------------------------------------------------------------------- /aws/task-009-customVPC-3PriSbnts-3PubSbnts-nat-igw-rt-ec2-ebs/15-vpc.tf: -------------------------------------------------------------------------------- 1 | # Internet VPC 2 | resource "aws_vpc" "main" { 3 | cidr_block = "10.0.0.0/16" 4 | instance_tenancy = "default" 5 | enable_dns_support = "true" 6 | enable_dns_hostnames = "true" 7 | enable_classiclink = "false" 8 | tags = { 9 | Name = "main" 10 | } 11 | } 12 | 13 | # Subnets 14 | resource "aws_subnet" "main-public-1" { 15 | vpc_id = aws_vpc.main.id 16 | cidr_block = "10.0.1.0/24" 17 | map_public_ip_on_launch = "true" 18 | availability_zone = "us-east-1a" 19 | 20 | tags = { 21 | Name = "main-public-1" 22 | } 23 | } 24 | 25 | resource "aws_subnet" "main-public-2" { 26 | vpc_id = aws_vpc.main.id 27 | cidr_block = "10.0.2.0/24" 28 | map_public_ip_on_launch = "true" 29 | availability_zone = "us-east-1b" 30 | 31 | tags = { 32 | Name = "main-public-2" 33 | } 34 | } 35 | 36 | resource "aws_subnet" "main-public-3" { 37 | vpc_id = aws_vpc.main.id 38 | cidr_block = "10.0.3.0/24" 39 | map_public_ip_on_launch = "true" 40 | availability_zone = "us-east-1c" 41 | 42 | tags = { 43 | Name = "main-public-3" 44 | } 45 | } 46 | 47 | resource "aws_subnet" "main-private-1" { 48 | vpc_id = aws_vpc.main.id 49 | cidr_block = "10.0.4.0/24" 50 | map_public_ip_on_launch = "false" 51 | availability_zone = "us-east-1a" 52 | 53 | tags = { 54 | Name = "main-private-1" 55 | } 56 | } 57 | 58 | resource "aws_subnet" "main-private-2" { 59 | vpc_id = aws_vpc.main.id 60 | cidr_block = "10.0.5.0/24" 61 | map_public_ip_on_launch = "false" 62 | availability_zone = "us-east-1b" 63 | 64 | tags = { 65 | Name = "main-private-2" 66 | } 67 | } 68 | 69 | resource "aws_subnet" "main-private-3" { 70 | vpc_id = aws_vpc.main.id 71 | cidr_block = "10.0.6.0/24" 72 | map_public_ip_on_launch = "false" 73 | availability_zone = "us-east-1c" 74 | 75 | tags = { 76 | Name = "main-private-3" 77 | } 78 | } 79 | 80 | # Internet GW 81 | resource "aws_internet_gateway" "main-gw" { 82 | vpc_id = aws_vpc.main.id 83 | 84 | tags = { 85 | Name = "main" 86 | } 87 | } 88 | 89 | # route tables 90 | resource "aws_route_table" "main-public" { 91 | vpc_id = aws_vpc.main.id 92 | route { 93 | cidr_block = "0.0.0.0/0" 94 | gateway_id = aws_internet_gateway.main-gw.id 95 | } 96 | 97 | tags = { 98 | Name = "main-public-1" 99 | } 100 | } 101 | 102 | # route associations public 103 | resource "aws_route_table_association" "main-public-1-a" { 104 | subnet_id = aws_subnet.main-public-1.id 105 | route_table_id = aws_route_table.main-public.id 106 | } 107 | 108 | resource "aws_route_table_association" "main-public-2-a" { 109 | subnet_id = aws_subnet.main-public-2.id 110 | route_table_id = aws_route_table.main-public.id 111 | } 112 | 113 | resource "aws_route_table_association" "main-public-3-a" { 114 | subnet_id = aws_subnet.main-public-3.id 115 | route_table_id = aws_route_table.main-public.id 116 | } 117 | 118 | -------------------------------------------------------------------------------- /aws/task-009-customVPC-3PriSbnts-3PubSbnts-nat-igw-rt-ec2-ebs/16-securitygroup.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "allow-ssh" { 2 | vpc_id = aws_vpc.main.id 3 | name = "allow-ssh" 4 | description = "security group that allows ssh and all egress traffic" 5 | egress { 6 | from_port = 0 7 | to_port = 0 8 | protocol = "-1" 9 | cidr_blocks = ["0.0.0.0/0"] 10 | } 11 | 12 | ingress { 13 | from_port = 22 14 | to_port = 22 15 | protocol = "tcp" 16 | cidr_blocks = ["0.0.0.0/0"] 17 | } 18 | tags = { 19 | Name = "allow-ssh" 20 | } 21 | } 22 | 23 | -------------------------------------------------------------------------------- /aws/task-009-customVPC-3PriSbnts-3PubSbnts-nat-igw-rt-ec2-ebs/17-key.tf: -------------------------------------------------------------------------------- 1 | resource "aws_key_pair" "mykeypair" { 2 | key_name = "mykeypair" 3 | public_key = file(var.PATH_TO_PUBLIC_KEY) 4 | } 5 | 6 | -------------------------------------------------------------------------------- /aws/task-009-customVPC-3PriSbnts-3PubSbnts-nat-igw-rt-ec2-ebs/20-nat.tf: -------------------------------------------------------------------------------- 1 | # nat gw 2 | resource "aws_eip" "nat" { 3 | vpc = true 4 | } 5 | 6 | resource "aws_nat_gateway" "nat-gw" { 7 | allocation_id = aws_eip.nat.id 8 | subnet_id = aws_subnet.main-public-1.id 9 | depends_on = [aws_internet_gateway.main-gw] 10 | } 11 | 12 | # VPC setup for NAT 13 | resource "aws_route_table" "main-private" { 14 | vpc_id = aws_vpc.main.id 15 | route { 16 | cidr_block = "0.0.0.0/0" 17 | nat_gateway_id = aws_nat_gateway.nat-gw.id 18 | } 19 | 20 | tags = { 21 | Name = "main-private-1" 22 | } 23 | } 24 | 25 | # route associations private 26 | resource "aws_route_table_association" "main-private-1-a" { 27 | subnet_id = aws_subnet.main-private-1.id 28 | route_table_id = aws_route_table.main-private.id 29 | } 30 | 31 | resource "aws_route_table_association" "main-private-2-a" { 32 | subnet_id = aws_subnet.main-private-2.id 33 | route_table_id = aws_route_table.main-private.id 34 | } 35 | 36 | resource "aws_route_table_association" "main-private-3-a" { 37 | subnet_id = aws_subnet.main-private-3.id 38 | route_table_id = aws_route_table.main-private.id 39 | } 40 | 41 | -------------------------------------------------------------------------------- /aws/task-009-customVPC-3PriSbnts-3PubSbnts-nat-igw-rt-ec2-ebs/25-instance.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "example" { 2 | ami = var.AMIS[var.AWS_REGION] 3 | instance_type = "t2.micro" 4 | 5 | # the VPC subnet 6 | subnet_id = aws_subnet.main-public-1.id 7 | 8 | # the security group 9 | vpc_security_group_ids = [aws_security_group.allow-ssh.id] 10 | 11 | # the public SSH key 12 | key_name = aws_key_pair.mykeypair.key_name 13 | } 14 | 15 | resource "aws_ebs_volume" "ebs-volume-1" { 16 | availability_zone = "us-east-1a" 17 | size = 10 18 | type = "gp2" 19 | 20 | tags = { 21 | Name = "custom ebs volume" 22 | } 23 | } 24 | 25 | resource "aws_volume_attachment" "ebs-volume-1-attachment" { 26 | device_name = "/dev/xvdh" 27 | volume_id = aws_ebs_volume.ebs-volume-1.id 28 | instance_id = aws_instance.example.id 29 | } 30 | 31 | -------------------------------------------------------------------------------- /aws/task-009-customVPC-3PriSbnts-3PubSbnts-nat-igw-rt-ec2-ebs/ReadMe.md: -------------------------------------------------------------------------------- 1 | ## Objective 2 | 3 | 1) To create a custom VPC with CIDR block 10.0.0.0/16 4 | 2) To create 3 public subnets (main-public-1, main-public-2, main-public-3). Accordingly choose their CIDR blocks. 5 | 3) To create 3 private subnets (main-private-1, main-private-2, main-private-3). Accordingly choose their CIDR blocks. 6 | 4) To create an internet gateway resource 7 | 5) To create a main-public route table to have a route to internet (0.0.0.0/0) via the internet gateway and associate this route table to all the 3 public subnets. 8 | 6) To create an elastic IP, NAT gateway and associate that elastic IP with NAT gateway 9 | 7) To create a private route table to have a route to internet (0.0.0.0/0) via the NAT gateway. Associate this private route table to all the 3 private subnets. 10 | 8) To launch an EC2 instance in the main-public-1 subnet. To login into this instance, check its private IP and routes. 11 | 9) Attach an aws_ebs_volume to this instance. 12 | 13 | 14 | ## Lets Begin 15 | 16 | 17 | 18 | - init 19 | ```bash 20 | terraform init 21 | ``` 22 | 23 | - plan 24 | ```bash 25 | $ terraform plan -var-file=../../terraform.tfvars 26 | . 27 | . 28 | . 29 | Plan: 21 to add, 0 to change, 0 to destroy. 30 | ``` 31 | 32 | 33 | - apply 34 | ```bash 35 | $ terraform apply -var-file=../../terraform.tfvars 36 | . 37 | . 38 | . 39 | Apply complete! Resources: 21 added, 0 changed, 0 destroyed. 40 | ``` 41 | 42 | 43 | - login into the instance so created. Note the private IP after login. 44 | ```bash 45 | $ ssh -i ~/.ssh/id_rsa ubuntu@3.94.171.138 46 | . 47 | . 48 | . 49 | ubuntu@ip-10-0-1-132:~$ 50 | ``` 51 | 52 | - private IP of logged in instance 53 | ```bash 54 | ubuntu@ip-10-0-1-132:~$ ifconfig | egrep inet 55 | inet addr:10.0.1.132 Bcast:10.0.1.255 Mask:255.255.255.0 56 | ``` 57 | 58 | - routes inside the logged in instance 59 | ```bash 60 | ubuntu@ip-10-0-1-132:~$ route -n 61 | Kernel IP routing table 62 | Destination Gateway Genmask Flags Metric Ref Use Iface 63 | 0.0.0.0 10.0.1.1 0.0.0.0 UG 0 0 0 eth0 64 | 10.0.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 65 | ``` 66 | 67 | - check the volumes inside the logged in instance 68 | ```bash 69 | ubuntu@ip-10-0-1-157:~$ df -h 70 | Filesystem Size Used Avail Use% Mounted on 71 | udev 491M 0 491M 0% /dev 72 | tmpfs 100M 3.1M 97M 4% /run 73 | /dev/xvda1 7.8G 885M 6.5G 12% / 74 | tmpfs 496M 0 496M 0% /dev/shm 75 | tmpfs 5.0M 0 5.0M 0% /run/lock 76 | tmpfs 496M 0 496M 0% /sys/fs/cgroup 77 | tmpfs 100M 0 100M 0% /run/user/1000 78 | ``` 79 | 80 | - creating an ext4 file system on /dev/xvdh 81 | ```bash 82 | ubuntu@ip-10-0-1-157:~$ sudo su 83 | 84 | root@ip-10-0-1-157:/home/ubuntu# mkfs.ext4 /dev/xvdh 85 | mke2fs 1.42.13 (17-May-2015) 86 | Creating filesystem with 2621440 4k blocks and 655360 inodes 87 | Filesystem UUID: 94cb34d3-469a-4fc0-9237-a39736ff14e9 88 | Superblock backups stored on blocks: 89 | 32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632 90 | 91 | Allocating group tables: done 92 | Writing inode tables: done 93 | Creating journal (32768 blocks): done 94 | Writing superblocks and filesystem accounting information: done 95 | 96 | root@ip-10-0-1-157:/home/ubuntu# 97 | ``` 98 | 99 | - mounting the filesystem we created to /data 100 | ```bash 101 | root@ip-10-0-1-157:/home/ubuntu# mkdir -p /data 102 | root@ip-10-0-1-157:/home/ubuntu# mount /dev/xvdh /data 103 | ``` 104 | 105 | - check the file system you added using `df -h` command 106 | ```bash 107 | Filesystem Size Used Avail Use% Mounted on 108 | udev 491M 0 491M 0% /dev 109 | tmpfs 100M 3.1M 97M 4% /run 110 | /dev/xvda1 7.8G 884M 6.5G 12% / 111 | tmpfs 496M 0 496M 0% /dev/shm 112 | tmpfs 5.0M 0 5.0M 0% /run/lock 113 | tmpfs 496M 0 496M 0% /sys/fs/cgroup 114 | tmpfs 100K 0 100K 0% /run/lxcfs/controllers 115 | tmpfs 100M 0 100M 0% /run/user/1000 116 | /dev/xvdh 9.8G 23M 9.2G 1% /data 117 | ``` 118 | 119 | 120 | - This volume will go away when the machine is rebooted. So let's add it in `/etc/fstab` 121 | ```bash 122 | root@ip-10-0-1-157:/home/ubuntu# cat /etc/fstab 123 | LABEL=cloudimg-rootfs / ext4 defaults,discard 0 0 124 | /dev/xvdh /data ext4 defaults 0 0 125 | ``` 126 | 127 | - destroy 128 | ```bash 129 | $ terraform destroy -var-file=../../terraform.tfvars 130 | 131 | Destroy complete! Resources: 21 destroyed. 132 | ``` -------------------------------------------------------------------------------- /aws/task-009-customVPC-3PriSbnts-3PubSbnts-nat-igw-rt-ec2-ebs/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /aws/task-010-customVPC-3PriSbnts-3PubSbnts-nat-igw-rt-ec2-ebs-withMount/00-vars.tf: -------------------------------------------------------------------------------- 1 | variable "AWS_REGION" { 2 | default = "us-east-1" 3 | } 4 | 5 | variable "PATH_TO_PRIVATE_KEY" { 6 | default = "~/.ssh/id_rsa" 7 | } 8 | 9 | variable "PATH_TO_PUBLIC_KEY" { 10 | default = "~/.ssh/id_rsa.pub" 11 | } 12 | 13 | variable "AMIS" { 14 | type = map(string) 15 | default = { 16 | us-east-1 = "ami-13be557e" 17 | us-west-2 = "ami-06b94666" 18 | eu-west-1 = "ami-844e0bf7" 19 | } 20 | } 21 | 22 | variable "INSTANCE_DEVICE_NAME" { 23 | default = "/dev/xvdh" 24 | } -------------------------------------------------------------------------------- /aws/task-010-customVPC-3PriSbnts-3PubSbnts-nat-igw-rt-ec2-ebs-withMount/05-provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.AWS_REGION 3 | } 4 | 5 | -------------------------------------------------------------------------------- /aws/task-010-customVPC-3PriSbnts-3PubSbnts-nat-igw-rt-ec2-ebs-withMount/15-vpc.tf: -------------------------------------------------------------------------------- 1 | # Internet VPC 2 | resource "aws_vpc" "main" { 3 | cidr_block = "10.0.0.0/16" 4 | instance_tenancy = "default" 5 | enable_dns_support = "true" 6 | enable_dns_hostnames = "true" 7 | enable_classiclink = "false" 8 | tags = { 9 | Name = "main" 10 | } 11 | } 12 | 13 | # Subnets 14 | resource "aws_subnet" "main-public-1" { 15 | vpc_id = aws_vpc.main.id 16 | cidr_block = "10.0.1.0/24" 17 | map_public_ip_on_launch = "true" 18 | availability_zone = "us-east-1a" 19 | 20 | tags = { 21 | Name = "main-public-1" 22 | } 23 | } 24 | 25 | resource "aws_subnet" "main-public-2" { 26 | vpc_id = aws_vpc.main.id 27 | cidr_block = "10.0.2.0/24" 28 | map_public_ip_on_launch = "true" 29 | availability_zone = "us-east-1b" 30 | 31 | tags = { 32 | Name = "main-public-2" 33 | } 34 | } 35 | 36 | resource "aws_subnet" "main-public-3" { 37 | vpc_id = aws_vpc.main.id 38 | cidr_block = "10.0.3.0/24" 39 | map_public_ip_on_launch = "true" 40 | availability_zone = "us-east-1c" 41 | 42 | tags = { 43 | Name = "main-public-3" 44 | } 45 | } 46 | 47 | resource "aws_subnet" "main-private-1" { 48 | vpc_id = aws_vpc.main.id 49 | cidr_block = "10.0.4.0/24" 50 | map_public_ip_on_launch = "false" 51 | availability_zone = "us-east-1a" 52 | 53 | tags = { 54 | Name = "main-private-1" 55 | } 56 | } 57 | 58 | resource "aws_subnet" "main-private-2" { 59 | vpc_id = aws_vpc.main.id 60 | cidr_block = "10.0.5.0/24" 61 | map_public_ip_on_launch = "false" 62 | availability_zone = "us-east-1b" 63 | 64 | tags = { 65 | Name = "main-private-2" 66 | } 67 | } 68 | 69 | resource "aws_subnet" "main-private-3" { 70 | vpc_id = aws_vpc.main.id 71 | cidr_block = "10.0.6.0/24" 72 | map_public_ip_on_launch = "false" 73 | availability_zone = "us-east-1c" 74 | 75 | tags = { 76 | Name = "main-private-3" 77 | } 78 | } 79 | 80 | # Internet GW 81 | resource "aws_internet_gateway" "main-gw" { 82 | vpc_id = aws_vpc.main.id 83 | 84 | tags = { 85 | Name = "main" 86 | } 87 | } 88 | 89 | # route tables 90 | resource "aws_route_table" "main-public" { 91 | vpc_id = aws_vpc.main.id 92 | route { 93 | cidr_block = "0.0.0.0/0" 94 | gateway_id = aws_internet_gateway.main-gw.id 95 | } 96 | 97 | tags = { 98 | Name = "main-public-1" 99 | } 100 | } 101 | 102 | # route associations public 103 | resource "aws_route_table_association" "main-public-1-a" { 104 | subnet_id = aws_subnet.main-public-1.id 105 | route_table_id = aws_route_table.main-public.id 106 | } 107 | 108 | resource "aws_route_table_association" "main-public-2-a" { 109 | subnet_id = aws_subnet.main-public-2.id 110 | route_table_id = aws_route_table.main-public.id 111 | } 112 | 113 | resource "aws_route_table_association" "main-public-3-a" { 114 | subnet_id = aws_subnet.main-public-3.id 115 | route_table_id = aws_route_table.main-public.id 116 | } 117 | 118 | -------------------------------------------------------------------------------- /aws/task-010-customVPC-3PriSbnts-3PubSbnts-nat-igw-rt-ec2-ebs-withMount/16-securitygroup.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "allow-ssh" { 2 | vpc_id = aws_vpc.main.id 3 | name = "allow-ssh" 4 | description = "security group that allows ssh and all egress traffic" 5 | egress { 6 | from_port = 0 7 | to_port = 0 8 | protocol = "-1" 9 | cidr_blocks = ["0.0.0.0/0"] 10 | } 11 | 12 | ingress { 13 | from_port = 22 14 | to_port = 22 15 | protocol = "tcp" 16 | cidr_blocks = ["0.0.0.0/0"] 17 | } 18 | tags = { 19 | Name = "allow-ssh" 20 | } 21 | } 22 | 23 | -------------------------------------------------------------------------------- /aws/task-010-customVPC-3PriSbnts-3PubSbnts-nat-igw-rt-ec2-ebs-withMount/17-key.tf: -------------------------------------------------------------------------------- 1 | resource "aws_key_pair" "mykeypair" { 2 | key_name = "mykeypair" 3 | public_key = file(var.PATH_TO_PUBLIC_KEY) 4 | } 5 | 6 | -------------------------------------------------------------------------------- /aws/task-010-customVPC-3PriSbnts-3PubSbnts-nat-igw-rt-ec2-ebs-withMount/20-nat.tf: -------------------------------------------------------------------------------- 1 | # nat gw 2 | resource "aws_eip" "nat" { 3 | vpc = true 4 | } 5 | 6 | resource "aws_nat_gateway" "nat-gw" { 7 | allocation_id = aws_eip.nat.id 8 | subnet_id = aws_subnet.main-public-1.id 9 | depends_on = [aws_internet_gateway.main-gw] 10 | } 11 | 12 | # VPC setup for NAT 13 | resource "aws_route_table" "main-private" { 14 | vpc_id = aws_vpc.main.id 15 | route { 16 | cidr_block = "0.0.0.0/0" 17 | nat_gateway_id = aws_nat_gateway.nat-gw.id 18 | } 19 | 20 | tags = { 21 | Name = "main-private-1" 22 | } 23 | } 24 | 25 | # route associations private 26 | resource "aws_route_table_association" "main-private-1-a" { 27 | subnet_id = aws_subnet.main-private-1.id 28 | route_table_id = aws_route_table.main-private.id 29 | } 30 | 31 | resource "aws_route_table_association" "main-private-2-a" { 32 | subnet_id = aws_subnet.main-private-2.id 33 | route_table_id = aws_route_table.main-private.id 34 | } 35 | 36 | resource "aws_route_table_association" "main-private-3-a" { 37 | subnet_id = aws_subnet.main-private-3.id 38 | route_table_id = aws_route_table.main-private.id 39 | } 40 | 41 | -------------------------------------------------------------------------------- /aws/task-010-customVPC-3PriSbnts-3PubSbnts-nat-igw-rt-ec2-ebs-withMount/22-cloudinit.tf: -------------------------------------------------------------------------------- 1 | data "template_file" "init-script" { 2 | template = file("scripts/init.cfg") 3 | vars = { 4 | REGION = var.AWS_REGION 5 | } 6 | } 7 | 8 | data "template_file" "shell-script" { 9 | template = file("scripts/volumes.sh") 10 | vars = { 11 | DEVICE = var.INSTANCE_DEVICE_NAME 12 | } 13 | } 14 | 15 | // https://www.terraform.io/docs/providers/template/d/cloudinit_config.html 16 | //Cloud-init is a commonly-used startup configuration utility for cloud compute instances. 17 | //It accepts configuration via provider-specific user data mechanisms, such as user_data for Amazon EC2 18 | 19 | data "template_cloudinit_config" "cloudinit-example" { 20 | gzip = false 21 | base64_encode = false 22 | 23 | part { 24 | filename = "init.cfg" 25 | content_type = "text/cloud-config" 26 | content = data.template_file.init-script.rendered 27 | } 28 | 29 | part { 30 | content_type = "text/x-shellscript" 31 | content = data.template_file.shell-script.rendered 32 | } 33 | } 34 | 35 | -------------------------------------------------------------------------------- /aws/task-010-customVPC-3PriSbnts-3PubSbnts-nat-igw-rt-ec2-ebs-withMount/25-instance.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "example" { 2 | ami = var.AMIS[var.AWS_REGION] 3 | instance_type = "t2.micro" 4 | 5 | # the VPC subnet 6 | subnet_id = aws_subnet.main-public-1.id 7 | 8 | # the security group 9 | vpc_security_group_ids = [aws_security_group.allow-ssh.id] 10 | 11 | # the public SSH key 12 | key_name = aws_key_pair.mykeypair.key_name 13 | 14 | # user data 15 | user_data = data.template_cloudinit_config.cloudinit-example.rendered 16 | } 17 | 18 | resource "aws_ebs_volume" "ebs-volume-1" { 19 | availability_zone = "us-east-1a" 20 | size = 10 21 | type = "gp2" 22 | 23 | tags = { 24 | Name = "custom ebs volume" 25 | } 26 | } 27 | 28 | resource "aws_volume_attachment" "ebs-volume-1-attachment" { 29 | device_name = var.INSTANCE_DEVICE_NAME 30 | volume_id = aws_ebs_volume.ebs-volume-1.id 31 | instance_id = aws_instance.example.id 32 | skip_destroy = true # skip destroy to avoid issues with terraform destroy 33 | } 34 | 35 | -------------------------------------------------------------------------------- /aws/task-010-customVPC-3PriSbnts-3PubSbnts-nat-igw-rt-ec2-ebs-withMount/ReadMe.md: -------------------------------------------------------------------------------- 1 | ## Objective 2 | 3 | 1) To create a custom VPC with CIDR block 10.0.0.0/16 4 | 2) To create 3 public subnets (main-public-1, main-public-2, main-public-3). Accordingly choose their CIDR blocks. 5 | 3) To create 3 private subnets (main-private-1, main-private-2, main-private-3). Accordingly choose their CIDR blocks. 6 | 4) To create an internet gateway resource 7 | 5) To create a main-public route table to have a route to internet (0.0.0.0/0) via the internet gateway and associate this route table to all the 3 public subnets. 8 | 6) To create an elastic IP, NAT gateway and associate that elastic IP with NAT gateway 9 | 7) To create a private route table to have a route to internet (0.0.0.0/0) via the NAT gateway. Associate this private route table to all the 3 private subnets. 10 | 8) To launch an EC2 instance in the main-public-1 subnet. To login into this instance, check its private IP and routes. 11 | 9) Attach an aws_ebs_volume to this instance. 12 | 10) If there is no data on the ebs_volume you just mount it as an empty one. If there is data ont the ebs volume, you just mount it without formatting. 13 | 14 | 15 | ## Lets Begin 16 | 17 | 18 | 19 | - init 20 | ```bash 21 | terraform init 22 | ``` 23 | 24 | - plan 25 | ```bash 26 | $ terraform plan -var-file=../../terraform.tfvars 27 | . 28 | . 29 | . 30 | Plan: 23 to add, 0 to change, 0 to destroy. 31 | ``` 32 | 33 | 34 | - apply 35 | ```bash 36 | $ terraform apply -var-file=../../terraform.tfvars 37 | . 38 | . 39 | . 40 | Apply complete! Resources: 23 added, 0 changed, 0 destroyed. 41 | ``` 42 | 43 | 44 | - login into the instance so created. Note the private IP after login. 45 | ```bash 46 | $ ssh -i ~/.ssh/id_rsa ubuntu@54.224.116.49 47 | . 48 | . 49 | . 50 | ubuntu@ip-10-0-1-123:~$ 51 | ``` 52 | 53 | - private IP of logged in instance 54 | ```bash 55 | ubuntu@ip-10-0-1-123:~$ ifconfig | egrep inet 56 | inet addr:10.0.1.123 Bcast:10.0.1.255 Mask:255.255.255.0 57 | inet6 addr: fe80::107c:cfff:feec:aae7/64 Scope:Link 58 | inet addr:127.0.0.1 Mask:255.0.0.0 59 | inet6 addr: ::1/128 Scope:Host 60 | ``` 61 | 62 | - routes inside the logged in instance 63 | ```bash 64 | $ route -n 65 | Kernel IP routing table 66 | Destination Gateway Genmask Flags Metric Ref Use Iface 67 | 0.0.0.0 10.0.1.1 0.0.0.0 UG 0 0 0 eth0 68 | 10.0.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 69 | ``` 70 | 71 | - check the volumes inside the logged in instance 72 | ```bash 73 | ubuntu@ip-10-0-1-123:~$ df -h 74 | Filesystem Size Used Avail Use% Mounted on 75 | udev 491M 0 491M 0% /dev 76 | tmpfs 100M 4.3M 95M 5% /run 77 | /dev/xvda1 7.8G 1.5G 6.0G 20% / 78 | tmpfs 496M 0 496M 0% /dev/shm 79 | tmpfs 5.0M 0 5.0M 0% /run/lock 80 | tmpfs 496M 0 496M 0% /sys/fs/cgroup 81 | /dev/mapper/data-volume1 9.8G 23M 9.2G 1% /data 82 | tmpfs 100M 0 100M 0% /run/user/1000 83 | ``` 84 | 85 | 86 | 87 | - Check the entry in `/etc/fstab` 88 | ```bash 89 | ubuntu@ip-10-0-1-123:~$ cat /etc/fstab 90 | LABEL=cloudimg-rootfs / ext4 defaults,discard 0 0 91 | /dev/data/volume1 /data ext4 defaults 0 0 92 | ``` 93 | 94 | - destroy 95 | ```bash 96 | $ terraform destroy -var-file=../../terraform.tfvars 97 | 98 | Destroy complete! Resources: 23 destroyed. 99 | ``` -------------------------------------------------------------------------------- /aws/task-010-customVPC-3PriSbnts-3PubSbnts-nat-igw-rt-ec2-ebs-withMount/scripts/init.cfg: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | 3 | # we will upgrade the repo and also upgrade all 4 | repo_update: true 5 | repo_upgrade: all 6 | 7 | # we will install the following package in ubuntu 8 | packages: 9 | - lvm2 10 | 11 | output: 12 | all: '| tee -a /var/log/cloud-init-output.log' 13 | -------------------------------------------------------------------------------- /aws/task-010-customVPC-3PriSbnts-3PubSbnts-nat-igw-rt-ec2-ebs-withMount/scripts/volumes.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -ex 4 | 5 | # this will refresh the lvm state that we installed using init.cfg 6 | vgchange -ay 7 | 8 | 9 | # it will check wether we already have a file system or not. If not then we will create. If it has then it will not format it. 10 | DEVICE_FS=`blkid -o value -s TYPE ${DEVICE} || echo ""` 11 | if [ "`echo -n $DEVICE_FS`" == "" ] ; then 12 | # wait for the device to be attached 13 | DEVICENAME=`echo "${DEVICE}" | awk -F '/' '{print $3}'` 14 | DEVICEEXISTS='' 15 | while [[ -z $DEVICEEXISTS ]]; do 16 | echo "checking $DEVICENAME" 17 | DEVICEEXISTS=`lsblk |grep "$DEVICENAME" |wc -l` 18 | if [[ $DEVICEEXISTS != "1" ]]; then 19 | sleep 15 20 | fi 21 | done 22 | pvcreate ${DEVICE} 23 | vgcreate data ${DEVICE} 24 | lvcreate --name volume1 -l 100%FREE data 25 | mkfs.ext4 /dev/data/volume1 26 | fi 27 | mkdir -p /data 28 | echo '/dev/data/volume1 /data ext4 defaults 0 0' >> /etc/fstab 29 | mount /data 30 | 31 | # install docker 32 | curl https://get.docker.com | bash 33 | -------------------------------------------------------------------------------- /aws/task-010-customVPC-3PriSbnts-3PubSbnts-nat-igw-rt-ec2-ebs-withMount/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /aws/task-011-route53/00-vars.tf: -------------------------------------------------------------------------------- 1 | variable "AWS_REGION" { 2 | default = "us-east-1" 3 | } 4 | 5 | variable "domain_mydevops_link" { 6 | default = "k118.tk" 7 | } 8 | -------------------------------------------------------------------------------- /aws/task-011-route53/05-provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.AWS_REGION 3 | } 4 | 5 | -------------------------------------------------------------------------------- /aws/task-011-route53/250-r53-devopslink_zone.tf: -------------------------------------------------------------------------------- 1 | ###_____ ___ _ _ _____ 2 | ##|__ / / _ \ | \ | | | ____| 3 | ####/ / | | | | | \| | | _| 4 | ###/ /_ | |_| | | |\ | | |___ 5 | ##/____| \___/ |_| \_| |_____| 6 | 7 | resource "aws_route53_zone" "devopslink-public-zone" { 8 | name = var.domain_mydevops_link 9 | comment = "${var.domain_mydevops_link} public zone" 10 | provider = aws 11 | } -------------------------------------------------------------------------------- /aws/task-011-route53/30-output.tf: -------------------------------------------------------------------------------- 1 | output "devopslink-public-zone-id" { 2 | value = aws_route53_zone.devopslink-public-zone.zone_id 3 | } 4 | 5 | output "devopslink-name-servers" { 6 | value = aws_route53_zone.devopslink-public-zone.name_servers 7 | } 8 | 9 | 10 | -------------------------------------------------------------------------------- /aws/task-011-route53/ReadMe.md: -------------------------------------------------------------------------------- 1 | ## Objective 2 | 3 | 4 | 5 | 1) To create a hosted zone and get the list of name servers 6 | 7 | 8 | 9 | 10 | - Init 11 | 12 | ```bash 13 | $ terraform init 14 | ``` 15 | 16 | - Plan 17 | 18 | ``` 19 | $ terraform plan 20 | 21 | Apply complete! Resources: 1 added, 0 changed, 0 destroyed. 22 | . 23 | . 24 | . 25 | ``` 26 | 27 | 28 | - Apply 29 | ```bash 30 | $ terraform apply 31 | . 32 | . 33 | . 34 | Apply complete! Resources: 1 added, 0 changed, 0 destroyed. 35 | 36 | Outputs: 37 | 38 | devopslink-name-servers = [ 39 | "ns-****.awsdns-11.org", 40 | "ns-****.awsdns-55.co.uk", 41 | "ns-*****.awsdns-42.com", 42 | "ns-*****.awsdns-07.net", 43 | ] 44 | devopslink-public-zone-id = Z030********************ZYUV 45 | 46 | ``` 47 | 48 | -------------------------------------------------------------------------------- /aws/task-011-route53/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /aws/task-012-rds-vpc-ec2/00-vars.tf: -------------------------------------------------------------------------------- 1 | variable "AWS_REGION" { 2 | default = "us-east-1" 3 | } 4 | 5 | variable "PATH_TO_PRIVATE_KEY" { 6 | default = "~/.ssh/id_rsa" 7 | } 8 | 9 | variable "PATH_TO_PUBLIC_KEY" { 10 | default = "~/.ssh/id_rsa.pub" 11 | } 12 | 13 | 14 | variable "AMIS" { 15 | type = map(string) 16 | default = { 17 | us-east-1 = "ami-13be557e" 18 | us-west-2 = "ami-06b94666" 19 | eu-west-1 = "ami-844e0bf7" 20 | } 21 | } 22 | 23 | variable "RDS_PASSWORD" { 24 | } 25 | 26 | -------------------------------------------------------------------------------- /aws/task-012-rds-vpc-ec2/05-provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.AWS_REGION 3 | } 4 | 5 | -------------------------------------------------------------------------------- /aws/task-012-rds-vpc-ec2/15-vpc.tf: -------------------------------------------------------------------------------- 1 | # Internet VPC 2 | resource "aws_vpc" "main" { 3 | cidr_block = "10.0.0.0/16" 4 | instance_tenancy = "default" 5 | enable_dns_support = "true" 6 | enable_dns_hostnames = "true" 7 | enable_classiclink = "false" 8 | tags = { 9 | Name = "main" 10 | } 11 | } 12 | 13 | # Subnets 14 | resource "aws_subnet" "main-public-1" { 15 | vpc_id = aws_vpc.main.id 16 | cidr_block = "10.0.1.0/24" 17 | map_public_ip_on_launch = "true" 18 | availability_zone = "us-east-1a" 19 | 20 | tags = { 21 | Name = "main-public-1" 22 | } 23 | } 24 | 25 | resource "aws_subnet" "main-public-2" { 26 | vpc_id = aws_vpc.main.id 27 | cidr_block = "10.0.2.0/24" 28 | map_public_ip_on_launch = "true" 29 | availability_zone = "us-east-1b" 30 | 31 | tags = { 32 | Name = "main-public-2" 33 | } 34 | } 35 | 36 | resource "aws_subnet" "main-public-3" { 37 | vpc_id = aws_vpc.main.id 38 | cidr_block = "10.0.3.0/24" 39 | map_public_ip_on_launch = "true" 40 | availability_zone = "us-east-1c" 41 | 42 | tags = { 43 | Name = "main-public-3" 44 | } 45 | } 46 | 47 | resource "aws_subnet" "main-private-1" { 48 | vpc_id = aws_vpc.main.id 49 | cidr_block = "10.0.4.0/24" 50 | map_public_ip_on_launch = "false" 51 | availability_zone = "us-east-1a" 52 | 53 | tags = { 54 | Name = "main-private-1" 55 | } 56 | } 57 | 58 | resource "aws_subnet" "main-private-2" { 59 | vpc_id = aws_vpc.main.id 60 | cidr_block = "10.0.5.0/24" 61 | map_public_ip_on_launch = "false" 62 | availability_zone = "us-east-1b" 63 | 64 | tags = { 65 | Name = "main-private-2" 66 | } 67 | } 68 | 69 | resource "aws_subnet" "main-private-3" { 70 | vpc_id = aws_vpc.main.id 71 | cidr_block = "10.0.6.0/24" 72 | map_public_ip_on_launch = "false" 73 | availability_zone = "us-east-1c" 74 | 75 | tags = { 76 | Name = "main-private-3" 77 | } 78 | } 79 | 80 | # Internet GW 81 | resource "aws_internet_gateway" "main-gw" { 82 | vpc_id = aws_vpc.main.id 83 | 84 | tags = { 85 | Name = "main" 86 | } 87 | } 88 | 89 | # route tables 90 | resource "aws_route_table" "main-public" { 91 | vpc_id = aws_vpc.main.id 92 | route { 93 | cidr_block = "0.0.0.0/0" 94 | gateway_id = aws_internet_gateway.main-gw.id 95 | } 96 | 97 | tags = { 98 | Name = "main-public-1" 99 | } 100 | } 101 | 102 | # route associations public 103 | resource "aws_route_table_association" "main-public-1-a" { 104 | subnet_id = aws_subnet.main-public-1.id 105 | route_table_id = aws_route_table.main-public.id 106 | } 107 | 108 | resource "aws_route_table_association" "main-public-2-a" { 109 | subnet_id = aws_subnet.main-public-2.id 110 | route_table_id = aws_route_table.main-public.id 111 | } 112 | 113 | resource "aws_route_table_association" "main-public-3-a" { 114 | subnet_id = aws_subnet.main-public-3.id 115 | route_table_id = aws_route_table.main-public.id 116 | } 117 | 118 | -------------------------------------------------------------------------------- /aws/task-012-rds-vpc-ec2/17-key.tf: -------------------------------------------------------------------------------- 1 | resource "aws_key_pair" "mykeypair" { 2 | key_name = "mykeypair" 3 | public_key = file(var.PATH_TO_PUBLIC_KEY) 4 | } 5 | 6 | -------------------------------------------------------------------------------- /aws/task-012-rds-vpc-ec2/18-securitygroup.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "example-instance" { 2 | vpc_id = aws_vpc.main.id 3 | name = "allow-ssh" 4 | description = "security group that allows ssh and all egress traffic" 5 | egress { 6 | from_port = 0 7 | to_port = 0 8 | protocol = "-1" 9 | cidr_blocks = ["0.0.0.0/0"] 10 | } 11 | 12 | ingress { 13 | from_port = 22 14 | to_port = 22 15 | protocol = "tcp" 16 | cidr_blocks = ["0.0.0.0/0"] 17 | } 18 | tags = { 19 | Name = "example-instance" 20 | } 21 | } 22 | 23 | resource "aws_security_group" "allow-mariadb" { 24 | vpc_id = aws_vpc.main.id 25 | name = "allow-mariadb" 26 | description = "allow-mariadb" 27 | ingress { 28 | from_port = 3306 29 | to_port = 3306 30 | protocol = "tcp" 31 | // If the connection comes from an instance that has the following securiy group attached , it will be allowed 32 | security_groups = [aws_security_group.example-instance.id] # allowing access from our example instance 33 | } 34 | egress { 35 | from_port = 0 36 | to_port = 0 37 | protocol = "-1" 38 | cidr_blocks = ["0.0.0.0/0"] 39 | self = true 40 | } 41 | tags = { 42 | Name = "allow-mariadb" 43 | } 44 | } 45 | 46 | -------------------------------------------------------------------------------- /aws/task-012-rds-vpc-ec2/20-instance.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "example" { 2 | ami = var.AMIS[var.AWS_REGION] 3 | instance_type = "t2.micro" 4 | 5 | # the VPC subnet 6 | subnet_id = aws_subnet.main-public-1.id 7 | 8 | # the security group 9 | vpc_security_group_ids = [aws_security_group.example-instance.id] 10 | 11 | # the public SSH key 12 | key_name = aws_key_pair.mykeypair.key_name 13 | } 14 | 15 | -------------------------------------------------------------------------------- /aws/task-012-rds-vpc-ec2/25-rds.tf: -------------------------------------------------------------------------------- 1 | resource "aws_db_subnet_group" "mariadb-subnet" { 2 | name = "mariadb-subnet" 3 | description = "RDS subnet group" 4 | // the instance will be set up in these two subnets 5 | subnet_ids = [aws_subnet.main-private-1.id, aws_subnet.main-private-2.id] 6 | } 7 | 8 | resource "aws_db_parameter_group" "mariadb-parameters" { 9 | name = "mariadb-parameters" 10 | family = "mariadb10.1" 11 | description = "MariaDB parameter group" 12 | 13 | parameter { 14 | name = "max_allowed_packet" 15 | value = "16777216" 16 | } 17 | } 18 | 19 | resource "aws_db_instance" "mariadb" { 20 | allocated_storage = 100 # 100 GB of storage, gives us more IOPS than a lower number 21 | engine = "mariadb" 22 | engine_version = "10.1.14" 23 | instance_class = "db.t2.small" # use micro if you want to use the free tier 24 | identifier = "mariadb" 25 | name = "mariadb" 26 | username = "root" # username 27 | password = var.RDS_PASSWORD # password 28 | db_subnet_group_name = aws_db_subnet_group.mariadb-subnet.name 29 | parameter_group_name = aws_db_parameter_group.mariadb-parameters.name 30 | multi_az = "false" # set to true to have high availability: 2 instances synchronized with each other 31 | vpc_security_group_ids = [aws_security_group.allow-mariadb.id] 32 | storage_type = "gp2" 33 | backup_retention_period = 30 # how long you’re going to keep your backups 34 | availability_zone = aws_subnet.main-private-1.availability_zone # prefered AZ 35 | skip_final_snapshot = true # skip final snapshot when doing terraform destroy 36 | tags = { 37 | Name = "mariadb-instance" 38 | } 39 | } 40 | 41 | -------------------------------------------------------------------------------- /aws/task-012-rds-vpc-ec2/30-output.tf: -------------------------------------------------------------------------------- 1 | output "instance" { 2 | value = aws_instance.example.public_ip 3 | } 4 | 5 | output "rds" { 6 | value = aws_db_instance.mariadb.endpoint 7 | } 8 | 9 | -------------------------------------------------------------------------------- /aws/task-012-rds-vpc-ec2/ReadMe.md: -------------------------------------------------------------------------------- 1 | ## Objective 2 | 3 | 4 | 1) To spin up an RDS instance in private subnet in a VPC. 5 | 2) To spin up an ec2 instance in public subnet in same VPC 6 | 3) Access to the RDS is allowed only from the instance which is in public subnet. 7 | 8 | 9 | - Init 10 | 11 | ```bash 12 | $ terraform init 13 | ``` 14 | 15 | - Plan 16 | 17 | ``` 18 | $ terraform plan -var-file=../../terraform.tfvars 19 | $ terraform plan -var-file=../../terraform.tfvars 20 | var.RDS_PASSWORD 21 | Enter a value: testpassword 22 | . 23 | . 24 | . 25 | Plan: 19 to add, 0 to change, 0 to destroy. 26 | . 27 | . 28 | . 29 | ``` 30 | 31 | 32 | - Apply 33 | ```bash 34 | $ terraform apply -var-file=../../terraform.tfvars 35 | var.RDS_PASSWORD 36 | Enter a value: testpassword 37 | . 38 | . 39 | . 40 | Apply complete! Resources: 19 added, 0 changed, 0 destroyed. 41 | 42 | Outputs: 43 | 44 | instance = 3.84.29.14 45 | rds = mariadb.cqxustccju3j.us-east-1.rds.amazonaws.com:3306 46 | 47 | ``` 48 | 49 | 50 | - Login into the instance 51 | ```bash 52 | $ ssh ubuntu@3.84.29.14 53 | ubuntu@ip-10-0-1-52:~$ 54 | ``` 55 | 56 | - Install mysql-client 57 | ```bash 58 | ubuntu@ip-10-0-1-52:~$ sudo apt update 59 | ubuntu@ip-10-0-1-52:~$ sudo apt install mysql-client 60 | ``` 61 | 62 | - Login into the Database 63 | ```bash 64 | ubuntu@ip-10-0-1-18:~$ mysql -u root -h mariadb.cqxustccju3j.us-east-1.rds.amazonaws.com -p 65 | Enter password: 66 | Welcome to the MySQL monitor. Commands end with ; or \g. 67 | Your MySQL connection id is 9 68 | Server version: 5.5.5-10.1.14-MariaDB MariaDB Server 69 | 70 | Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved. 71 | 72 | Oracle is a registered trademark of Oracle Corporation and/or its 73 | affiliates. Other names may be trademarks of their respective 74 | owners. 75 | 76 | Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. 77 | 78 | mysql> 79 | mysql> show databases; 80 | +--------------------+ 81 | | Database | 82 | +--------------------+ 83 | | information_schema | 84 | | innodb | 85 | | mariadb | 86 | | mysql | 87 | | performance_schema | 88 | +--------------------+ 89 | 5 rows in set (0.00 sec) 90 | 91 | mysql> 92 | 93 | ``` 94 | 95 | 96 | - Note that the DB hostname resolves to internal IP address 97 | ```bash 98 | ubuntu@ip-10-0-1-18:~$ nslookup mariadb.cqxustccju3j.us-east-1.rds.amazonaws.com 99 | Server: 10.0.0.2 100 | Address: 10.0.0.2#53 101 | 102 | Non-authoritative answer: 103 | Name: mariadb.cqxustccju3j.us-east-1.rds.amazonaws.com 104 | Address: 10.0.4.48 105 | ``` 106 | 107 | 108 | - Finally Destroy 109 | ```bash 110 | $ terraform destroy -var-file=../../terraform.tfvars 111 | . 112 | . 113 | . 114 | 115 | Destroy complete! Resources: 19 destroyed. 116 | 117 | ``` -------------------------------------------------------------------------------- /aws/task-012-rds-vpc-ec2/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /aws/task-013-IAM/00-vars.tf: -------------------------------------------------------------------------------- 1 | variable "AWS_REGION" { 2 | default = "us-east-1" 3 | } 4 | 5 | -------------------------------------------------------------------------------- /aws/task-013-IAM/05-provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.AWS_REGION 3 | } 4 | 5 | -------------------------------------------------------------------------------- /aws/task-013-IAM/10-iam.tf: -------------------------------------------------------------------------------- 1 | # group definition 2 | resource "aws_iam_group" "administrators" { 3 | name = "administrators" 4 | } 5 | 6 | resource "aws_iam_policy_attachment" "administrators-attach" { 7 | name = "administrators-attach" 8 | groups = [aws_iam_group.administrators.name] 9 | policy_arn = "arn:aws:iam::aws:policy/AdministratorAccess" 10 | } 11 | 12 | # user 13 | resource "aws_iam_user" "admin1" { 14 | name = "admin1" 15 | } 16 | 17 | resource "aws_iam_user" "admin2" { 18 | name = "admin2" 19 | } 20 | 21 | resource "aws_iam_group_membership" "administrators-users" { 22 | name = "administrators-users" 23 | users = [ 24 | aws_iam_user.admin1.name, 25 | aws_iam_user.admin2.name, 26 | ] 27 | group = aws_iam_group.administrators.name 28 | } 29 | 30 | output "warning" { 31 | value = "WARNING: make sure you're not using the AdministratorAccess policy for other users/groups/roles. If this is the case, don't run terraform destroy, but manually unlink the created resources" 32 | } 33 | 34 | -------------------------------------------------------------------------------- /aws/task-013-IAM/ReadMe.md: -------------------------------------------------------------------------------- 1 | ## Objective 2 | 3 | 4 | 1) To create a group `administrators` 5 | 2) To create two users `admin1` and `admin2` and add them to the group. 6 | 3) To attach policy `AdministratorAccess` to the group. 7 | 8 | 9 | - Init 10 | 11 | ```bash 12 | $ terraform init 13 | ``` 14 | 15 | - Plan 16 | 17 | ``` 18 | $ terraform plan 19 | . 20 | . 21 | . 22 | Plan: 5 to add, 0 to change, 0 to destroy. 23 | . 24 | . 25 | . 26 | ``` 27 | 28 | 29 | - Apply 30 | ```bash 31 | $ terraform apply 32 | 33 | . 34 | . 35 | . 36 | Apply complete! Resources: 5 added, 0 changed, 0 destroyed. 37 | 38 | Outputs: 39 | 40 | warning = WARNING: make sure you're not using the AdministratorAccess policy for other users/groups/roles. If this is the case, don't run terraform destroy, but manually unlink the created resources 41 | ``` 42 | 43 | 44 | 45 | - Destroy 46 | ```bash 47 | $ terraform destroy 48 | Destroy complete! Resources: 5 destroyed. 49 | ``` -------------------------------------------------------------------------------- /aws/task-013-IAM/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /aws/task-014-IAM-roles-s3-upload-to-s3/00-vars.tf: -------------------------------------------------------------------------------- 1 | variable "AWS_REGION" { 2 | default = "us-east-1" 3 | } 4 | 5 | variable "PATH_TO_PRIVATE_KEY" { 6 | default = "~/.ssh/id_rsa" 7 | } 8 | 9 | variable "PATH_TO_PUBLIC_KEY" { 10 | default = "~/.ssh/id_rsa.pub" 11 | } 12 | 13 | 14 | variable "AMIS" { 15 | type = map(string) 16 | default = { 17 | us-east-1 = "ami-13be557e" 18 | us-west-2 = "ami-06b94666" 19 | eu-west-1 = "ami-844e0bf7" 20 | } 21 | } 22 | 23 | -------------------------------------------------------------------------------- /aws/task-014-IAM-roles-s3-upload-to-s3/05-provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.AWS_REGION 3 | } 4 | 5 | -------------------------------------------------------------------------------- /aws/task-014-IAM-roles-s3-upload-to-s3/10-iam.tf: -------------------------------------------------------------------------------- 1 | // Provides an IAM role. 2 | resource "aws_iam_role" "s3-mybucket-role" { 3 | name = "s3-mybucket-role" 4 | assume_role_policy = < test.txt 42 | ``` 43 | 44 | 45 | - Finally, the moment we have been waiting for! Upload an object to S3. 46 | ```bash 47 | root@ip-10-0-1-59:/home/ubuntu# aws s3 cp test.txt s3://mybucket-codeaprendiz-26071994/test.txt 48 | upload: ./test.txt to s3://mybucket-codeaprendiz-26071994/test.txt 49 | ``` 50 | 51 | 52 | 53 | - How is it happening 54 | ```bash 55 | 56 | root@ip-10-0-1-59:/home/ubuntu# curl http://169.254.169.254/latest/meta-data/iam/security-credentials/s3-mybucket-role 57 | { 58 | "Code" : "Success", 59 | "LastUpdated" : "2020-05-22T11:28:17Z", 60 | "Type" : "AWS-HMAC", 61 | "AccessKeyId" : "ASIATFSX4L6LIOMILB7H", 62 | "SecretAccessKey" : "H5gVzrPzH3L1Cv8NBGEgdEOFqxAjOEYm0y5vrEia", 63 | "Token" : "IQ8************VjEOz//////////wEaCXVzLWVhc3QtMSJIME4ieN40Ha************************==", 64 | "Expiration" : "2020-05-22T17:49:20Z" 65 | } 66 | ``` 67 | 68 | 69 | - Now download the file from s3 and see the contents 70 | ```bash 71 | ubuntu@ip-10-0-1-59:~$ aws s3 cp s3://mybucket-codeaprendiz-26071994/test.txt newfile.txt 72 | download: s3://mybucket-codeaprendiz-26071994/test.txt to ./newfile.txt 73 | ubuntu@ip-10-0-1-59:~$ cat ./newfile.txt 74 | this is sample text to be uploaded to S3 75 | ``` 76 | 77 | - Note, you have not be able to access this file via public internet because the bucket is private. 78 | 79 | 80 | - destroy. You will need to empty the bucket via console for terraform destroy to work on s3 as well. 81 | ```bash 82 | $ terraform destroy 83 | Destroy complete! Resources: 19 destroyed. 84 | 85 | ``` 86 | -------------------------------------------------------------------------------- /aws/task-014-IAM-roles-s3-upload-to-s3/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /aws/task-015-autoscaling-cloudwatchAlarm-ec2-launchConfiguration/00-vars.tf: -------------------------------------------------------------------------------- 1 | variable "AWS_REGION" { 2 | default = "us-east-1" 3 | } 4 | 5 | variable "PATH_TO_PRIVATE_KEY" { 6 | default = "~/.ssh/id_rsa" 7 | } 8 | 9 | variable "PATH_TO_PUBLIC_KEY" { 10 | default = "~/.ssh/id_rsa.pub" 11 | } 12 | 13 | variable "AMIS" { 14 | type = map(string) 15 | default = { 16 | us-east-1 = "ami-13be557e" 17 | us-west-2 = "ami-06b94666" 18 | eu-west-1 = "ami-844e0bf7" 19 | } 20 | } 21 | 22 | -------------------------------------------------------------------------------- /aws/task-015-autoscaling-cloudwatchAlarm-ec2-launchConfiguration/05-provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.AWS_REGION 3 | } 4 | 5 | -------------------------------------------------------------------------------- /aws/task-015-autoscaling-cloudwatchAlarm-ec2-launchConfiguration/15-vpc.tf: -------------------------------------------------------------------------------- 1 | # Internet VPC 2 | resource "aws_vpc" "main" { 3 | cidr_block = "10.0.0.0/16" 4 | instance_tenancy = "default" 5 | enable_dns_support = "true" 6 | enable_dns_hostnames = "true" 7 | enable_classiclink = "false" 8 | tags = { 9 | Name = "main" 10 | } 11 | } 12 | 13 | # Subnets 14 | resource "aws_subnet" "main-public-1" { 15 | vpc_id = aws_vpc.main.id 16 | cidr_block = "10.0.1.0/24" 17 | map_public_ip_on_launch = "true" 18 | availability_zone = "us-east-1a" 19 | 20 | tags = { 21 | Name = "main-public-1" 22 | } 23 | } 24 | 25 | resource "aws_subnet" "main-public-2" { 26 | vpc_id = aws_vpc.main.id 27 | cidr_block = "10.0.2.0/24" 28 | map_public_ip_on_launch = "true" 29 | availability_zone = "us-east-1b" 30 | 31 | tags = { 32 | Name = "main-public-2" 33 | } 34 | } 35 | 36 | resource "aws_subnet" "main-public-3" { 37 | vpc_id = aws_vpc.main.id 38 | cidr_block = "10.0.3.0/24" 39 | map_public_ip_on_launch = "true" 40 | availability_zone = "us-east-1c" 41 | 42 | tags = { 43 | Name = "main-public-3" 44 | } 45 | } 46 | 47 | resource "aws_subnet" "main-private-1" { 48 | vpc_id = aws_vpc.main.id 49 | cidr_block = "10.0.4.0/24" 50 | map_public_ip_on_launch = "false" 51 | availability_zone = "us-east-1a" 52 | 53 | tags = { 54 | Name = "main-private-1" 55 | } 56 | } 57 | 58 | resource "aws_subnet" "main-private-2" { 59 | vpc_id = aws_vpc.main.id 60 | cidr_block = "10.0.5.0/24" 61 | map_public_ip_on_launch = "false" 62 | availability_zone = "us-east-1b" 63 | 64 | tags = { 65 | Name = "main-private-2" 66 | } 67 | } 68 | 69 | resource "aws_subnet" "main-private-3" { 70 | vpc_id = aws_vpc.main.id 71 | cidr_block = "10.0.6.0/24" 72 | map_public_ip_on_launch = "false" 73 | availability_zone = "us-east-1c" 74 | 75 | tags = { 76 | Name = "main-private-3" 77 | } 78 | } 79 | 80 | # Internet GW 81 | resource "aws_internet_gateway" "main-gw" { 82 | vpc_id = aws_vpc.main.id 83 | 84 | tags = { 85 | Name = "main" 86 | } 87 | } 88 | 89 | # route tables 90 | resource "aws_route_table" "main-public" { 91 | vpc_id = aws_vpc.main.id 92 | route { 93 | cidr_block = "0.0.0.0/0" 94 | gateway_id = aws_internet_gateway.main-gw.id 95 | } 96 | 97 | tags = { 98 | Name = "main-public-1" 99 | } 100 | } 101 | 102 | # route associations public 103 | resource "aws_route_table_association" "main-public-1-a" { 104 | subnet_id = aws_subnet.main-public-1.id 105 | route_table_id = aws_route_table.main-public.id 106 | } 107 | 108 | resource "aws_route_table_association" "main-public-2-a" { 109 | subnet_id = aws_subnet.main-public-2.id 110 | route_table_id = aws_route_table.main-public.id 111 | } 112 | 113 | resource "aws_route_table_association" "main-public-3-a" { 114 | subnet_id = aws_subnet.main-public-3.id 115 | route_table_id = aws_route_table.main-public.id 116 | } 117 | 118 | -------------------------------------------------------------------------------- /aws/task-015-autoscaling-cloudwatchAlarm-ec2-launchConfiguration/17-key.tf: -------------------------------------------------------------------------------- 1 | resource "aws_key_pair" "mykeypair" { 2 | key_name = "mykeypair" 3 | public_key = file(var.PATH_TO_PUBLIC_KEY) 4 | lifecycle { 5 | ignore_changes = [public_key] 6 | } 7 | } 8 | 9 | -------------------------------------------------------------------------------- /aws/task-015-autoscaling-cloudwatchAlarm-ec2-launchConfiguration/18-securitygroup.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "allow-ssh" { 2 | vpc_id = aws_vpc.main.id 3 | name = "allow-ssh" 4 | description = "security group that allows ssh and all egress traffic" 5 | egress { 6 | from_port = 0 7 | to_port = 0 8 | protocol = "-1" 9 | cidr_blocks = ["0.0.0.0/0"] 10 | } 11 | 12 | ingress { 13 | from_port = 22 14 | to_port = 22 15 | protocol = "tcp" 16 | cidr_blocks = ["0.0.0.0/0"] 17 | } 18 | tags = { 19 | Name = "allow-ssh" 20 | } 21 | } 22 | 23 | -------------------------------------------------------------------------------- /aws/task-015-autoscaling-cloudwatchAlarm-ec2-launchConfiguration/20-autoscalingpolicy.tf: -------------------------------------------------------------------------------- 1 | # scale up alarm 2 | 3 | // Provides an AutoScaling Scaling Policy resource. 4 | 5 | resource "aws_autoscaling_policy" "example-cpu-policy" { 6 | name = "example-cpu-policy" 7 | autoscaling_group_name = aws_autoscaling_group.example-autoscaling.name 8 | adjustment_type = "ChangeInCapacity" 9 | scaling_adjustment = "1" 10 | cooldown = "300" 11 | policy_type = "SimpleScaling" 12 | } 13 | 14 | // Provides a CloudWatch Metric Alarm resource. 15 | 16 | resource "aws_cloudwatch_metric_alarm" "example-cpu-alarm" { 17 | alarm_name = "example-cpu-alarm" 18 | alarm_description = "example-cpu-alarm" 19 | comparison_operator = "GreaterThanOrEqualToThreshold" 20 | evaluation_periods = "2" 21 | metric_name = "CPUUtilization" 22 | namespace = "AWS/EC2" 23 | period = "120" 24 | statistic = "Average" 25 | threshold = "30" 26 | 27 | dimensions = { 28 | "AutoScalingGroupName" = aws_autoscaling_group.example-autoscaling.name 29 | } 30 | 31 | actions_enabled = true 32 | alarm_actions = [aws_autoscaling_policy.example-cpu-policy.arn] 33 | } 34 | 35 | # scale down alarm 36 | resource "aws_autoscaling_policy" "example-cpu-policy-scaledown" { 37 | name = "example-cpu-policy-scaledown" 38 | autoscaling_group_name = aws_autoscaling_group.example-autoscaling.name 39 | adjustment_type = "ChangeInCapacity" 40 | scaling_adjustment = "-1" 41 | cooldown = "300" 42 | policy_type = "SimpleScaling" 43 | } 44 | 45 | resource "aws_cloudwatch_metric_alarm" "example-cpu-alarm-scaledown" { 46 | alarm_name = "example-cpu-alarm-scaledown" 47 | alarm_description = "example-cpu-alarm-scaledown" 48 | comparison_operator = "LessThanOrEqualToThreshold" 49 | evaluation_periods = "2" 50 | metric_name = "CPUUtilization" 51 | namespace = "AWS/EC2" 52 | period = "120" 53 | statistic = "Average" 54 | threshold = "5" 55 | 56 | dimensions = { 57 | "AutoScalingGroupName" = aws_autoscaling_group.example-autoscaling.name 58 | } 59 | 60 | actions_enabled = true 61 | alarm_actions = [aws_autoscaling_policy.example-cpu-policy-scaledown.arn] 62 | } 63 | 64 | -------------------------------------------------------------------------------- /aws/task-015-autoscaling-cloudwatchAlarm-ec2-launchConfiguration/25-autoscaling.tf: -------------------------------------------------------------------------------- 1 | // Provides a resource to create a new launch configuration, used for autoscaling groups. 2 | resource "aws_launch_configuration" "example-launchconfig" { 3 | name_prefix = "example-launchconfig" 4 | image_id = var.AMIS[var.AWS_REGION] 5 | instance_type = "t2.micro" 6 | key_name = aws_key_pair.mykeypair.key_name 7 | security_groups = [aws_security_group.allow-ssh.id] 8 | } 9 | 10 | // Provides an AutoScaling Group resource. 11 | resource "aws_autoscaling_group" "example-autoscaling" { 12 | name = "example-autoscaling" 13 | vpc_zone_identifier = [aws_subnet.main-public-1.id, aws_subnet.main-public-2.id] 14 | launch_configuration = aws_launch_configuration.example-launchconfig.name 15 | min_size = 1 16 | max_size = 2 17 | health_check_grace_period = 300 18 | health_check_type = "EC2" 19 | force_delete = true 20 | 21 | tag { 22 | key = "Name" 23 | value = "ec2 instance" 24 | propagate_at_launch = true 25 | } 26 | } 27 | 28 | -------------------------------------------------------------------------------- /aws/task-015-autoscaling-cloudwatchAlarm-ec2-launchConfiguration/30-sns.tf: -------------------------------------------------------------------------------- 1 | // Provides an SNS topic resource 2 | 3 | resource "aws_sns_topic" "example-sns" { 4 | name = "sg-sns" 5 | display_name = "example ASG SNS topic" 6 | } 7 | 8 | //Provides an AutoScaling Group with Notification support, via SNS Topics. Each of the notifications 9 | //map to a Notification Configuration inside Amazon Web Services, and are applied to each AutoScaling Group you supply. 10 | resource "aws_autoscaling_notification" "example-notify" { 11 | group_names = [aws_autoscaling_group.example-autoscaling.name] 12 | topic_arn = aws_sns_topic.example-sns.arn 13 | notifications = [ 14 | "autoscaling:EC2_INSTANCE_LAUNCH", 15 | "autoscaling:EC2_INSTANCE_TERMINATE", 16 | "autoscaling:EC2_INSTANCE_LAUNCH_ERROR" 17 | ] 18 | } 19 | -------------------------------------------------------------------------------- /aws/task-015-autoscaling-cloudwatchAlarm-ec2-launchConfiguration/ReadMe.md: -------------------------------------------------------------------------------- 1 | ## Objective 2 | 3 | 1) To make an autoscaling group with 4 | ```hcl-terraform 5 | min_size = 1 // min instance required 6 | max_size = 2 // max instance required 7 | ``` 8 | 2) To have an autoscaling policy `example-cpu-policy` of type `Simple scaling`. 9 | 10 | 3) Choose an Amazon CloudWatch alarm `example-cpu-alarm` to associate with this policy. The alarm will 11 | automatically execute the policy when its threshold is breached 12 | 13 | 4) `example-cpu-alarm` breaches the alarm threshold: CPUUtilization >= 30 for 2 consecutive periods of 120 seconds 14 | for the metric dimensions AutoScalingGroupName = example-autoscaling 15 | - Take the action: Add 1 capacity units 16 | - And then wait: 300 seconds before allowing another scaling activity 17 | 18 | 5) Similarly have a scale down policy `example-cpu-policy-scaledown` of type `Simple scaling`. 19 | 20 | 6) `example-cpu-alarm-scaledown` breaches the alarm threshold: CPUUtilization <= 5 for 2 consecutive periods of 120 seconds 21 | for the metric dimensions AutoScalingGroupName = example-autoscaling 22 | - Take the action: Remove 1 capacity units 23 | - And then wait: 300 seconds before allowing another scaling activity 24 | 25 | 7) You can test all these scenarios by installing `stress` on the first instance. 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | ### Let's Start 35 | 36 | - init 37 | ```bash 38 | terraform init 39 | ``` 40 | 41 | 42 | - plan 43 | ```bash 44 | terraform plan 45 | Plan: 22 to add, 0 to change, 0 to destroy. 46 | ``` 47 | 48 | 49 | - apply 50 | ```bash 51 | $ terraform apply 52 | Apply complete! Resources: 22 added, 0 changed, 0 destroyed. 53 | ``` 54 | 55 | - Get the public IP from the console and login to the instance. Note that there will be only one instance for now. 56 | 57 | ```bash 58 | $ ssh ubuntu@34.207.94.36 59 | 60 | ubuntu@ip-10-0-1-196:~$ 61 | ``` 62 | 63 | - Now install `stress` on this instance. 64 | ```bash 65 | ubuntu@ip-10-0-1-196:~$ sudo su 66 | root@ip-10-0-1-196:/home/ubuntu# apt update 67 | root@ip-10-0-1-196:/home/ubuntu# apt-get install stress 68 | ``` 69 | 70 | - Now let's timeout this instance and check if our auto scaling policy works good enough. 71 | 72 | ```bash 73 | root@ip-10-0-1-196:/home/ubuntu# stress --cpu 2 --timeout 300 74 | stress: info: [11505] dispatching hogs: 2 cpu, 0 io, 0 vm, 0 hdd 75 | stress: info: [11505] successful run completed in 300s 76 | root@ip-10-0-1-196:/home/ubuntu# 77 | ``` 78 | 79 | - Now wait for 5 minutes and see if the new instance spins up. The `example-cpu-alarm` alarm will 80 | go in state `In alarm` and a new instance would spin up according to our autoscaling policy. 81 | 82 | - Now wait for 5 more minutes and see that the `example-cpu-alarm-scaledown` alarm would go in 83 | `In alarm` state and one of the instances would be brought down by our scale-down policy. 84 | 85 | 86 | - Once you have witnessed this holy with your own eyes! You can destroy the resources. 87 | 88 | 89 | ```bash 90 | terraform destroy 91 | Destroy complete! Resources: 22 destroyed. 92 | 93 | ``` -------------------------------------------------------------------------------- /aws/task-015-autoscaling-cloudwatchAlarm-ec2-launchConfiguration/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /aws/task-016-ELB-autoscaling/00-vars.tf: -------------------------------------------------------------------------------- 1 | variable "AWS_REGION" { 2 | default = "us-east-1" 3 | } 4 | 5 | variable "PATH_TO_PRIVATE_KEY" { 6 | default = "~/.ssh/id_rsa" 7 | } 8 | 9 | variable "PATH_TO_PUBLIC_KEY" { 10 | default = "~/.ssh/id_rsa.pub" 11 | } 12 | 13 | variable "AMIS" { 14 | type = map(string) 15 | default = { 16 | us-east-1 = "ami-13be557e" 17 | us-west-2 = "ami-06b94666" 18 | eu-west-1 = "ami-844e0bf7" 19 | } 20 | } 21 | 22 | -------------------------------------------------------------------------------- /aws/task-016-ELB-autoscaling/05-provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.AWS_REGION 3 | } 4 | 5 | -------------------------------------------------------------------------------- /aws/task-016-ELB-autoscaling/15-vpc.tf: -------------------------------------------------------------------------------- 1 | # Internet VPC 2 | resource "aws_vpc" "main" { 3 | cidr_block = "10.0.0.0/16" 4 | instance_tenancy = "default" 5 | enable_dns_support = "true" 6 | enable_dns_hostnames = "true" 7 | enable_classiclink = "false" 8 | tags = { 9 | Name = "main" 10 | } 11 | } 12 | 13 | # Subnets 14 | resource "aws_subnet" "main-public-1" { 15 | vpc_id = aws_vpc.main.id 16 | cidr_block = "10.0.1.0/24" 17 | map_public_ip_on_launch = "true" 18 | availability_zone = "us-east-1a" 19 | 20 | tags = { 21 | Name = "main-public-1" 22 | } 23 | } 24 | 25 | resource "aws_subnet" "main-public-2" { 26 | vpc_id = aws_vpc.main.id 27 | cidr_block = "10.0.2.0/24" 28 | map_public_ip_on_launch = "true" 29 | availability_zone = "us-east-1b" 30 | 31 | tags = { 32 | Name = "main-public-2" 33 | } 34 | } 35 | 36 | resource "aws_subnet" "main-public-3" { 37 | vpc_id = aws_vpc.main.id 38 | cidr_block = "10.0.3.0/24" 39 | map_public_ip_on_launch = "true" 40 | availability_zone = "us-east-1c" 41 | 42 | tags = { 43 | Name = "main-public-3" 44 | } 45 | } 46 | 47 | resource "aws_subnet" "main-private-1" { 48 | vpc_id = aws_vpc.main.id 49 | cidr_block = "10.0.4.0/24" 50 | map_public_ip_on_launch = "false" 51 | availability_zone = "us-east-1a" 52 | 53 | tags = { 54 | Name = "main-private-1" 55 | } 56 | } 57 | 58 | resource "aws_subnet" "main-private-2" { 59 | vpc_id = aws_vpc.main.id 60 | cidr_block = "10.0.5.0/24" 61 | map_public_ip_on_launch = "false" 62 | availability_zone = "us-east-1b" 63 | 64 | tags = { 65 | Name = "main-private-2" 66 | } 67 | } 68 | 69 | resource "aws_subnet" "main-private-3" { 70 | vpc_id = aws_vpc.main.id 71 | cidr_block = "10.0.6.0/24" 72 | map_public_ip_on_launch = "false" 73 | availability_zone = "us-east-1c" 74 | 75 | tags = { 76 | Name = "main-private-3" 77 | } 78 | } 79 | 80 | # Internet GW 81 | resource "aws_internet_gateway" "main-gw" { 82 | vpc_id = aws_vpc.main.id 83 | 84 | tags = { 85 | Name = "main" 86 | } 87 | } 88 | 89 | # route tables 90 | resource "aws_route_table" "main-public" { 91 | vpc_id = aws_vpc.main.id 92 | route { 93 | cidr_block = "0.0.0.0/0" 94 | gateway_id = aws_internet_gateway.main-gw.id 95 | } 96 | 97 | tags = { 98 | Name = "main-public-1" 99 | } 100 | } 101 | 102 | # route associations public 103 | resource "aws_route_table_association" "main-public-1-a" { 104 | subnet_id = aws_subnet.main-public-1.id 105 | route_table_id = aws_route_table.main-public.id 106 | } 107 | 108 | resource "aws_route_table_association" "main-public-2-a" { 109 | subnet_id = aws_subnet.main-public-2.id 110 | route_table_id = aws_route_table.main-public.id 111 | } 112 | 113 | resource "aws_route_table_association" "main-public-3-a" { 114 | subnet_id = aws_subnet.main-public-3.id 115 | route_table_id = aws_route_table.main-public.id 116 | } 117 | 118 | -------------------------------------------------------------------------------- /aws/task-016-ELB-autoscaling/17-key.tf: -------------------------------------------------------------------------------- 1 | resource "aws_key_pair" "mykeypair" { 2 | key_name = "mykeypair" 3 | public_key = file(var.PATH_TO_PUBLIC_KEY) 4 | lifecycle { 5 | ignore_changes = [public_key] 6 | } 7 | } 8 | 9 | -------------------------------------------------------------------------------- /aws/task-016-ELB-autoscaling/18-securitygroup.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "myinstance" { 2 | vpc_id = aws_vpc.main.id 3 | name = "myinstance" 4 | description = "security group for my instance" 5 | egress { 6 | from_port = 0 7 | to_port = 0 8 | protocol = "-1" 9 | cidr_blocks = ["0.0.0.0/0"] 10 | } 11 | 12 | ingress { 13 | from_port = 22 14 | to_port = 22 15 | protocol = "tcp" 16 | cidr_blocks = ["0.0.0.0/0"] 17 | } 18 | 19 | ingress { 20 | from_port = 80 21 | to_port = 80 22 | protocol = "tcp" 23 | security_groups = [aws_security_group.elb-securitygroup.id] 24 | } 25 | 26 | tags = { 27 | Name = "myinstance" 28 | } 29 | } 30 | 31 | resource "aws_security_group" "elb-securitygroup" { 32 | vpc_id = aws_vpc.main.id 33 | name = "elb" 34 | description = "security group for load balancer" 35 | egress { 36 | from_port = 0 37 | to_port = 0 38 | protocol = "-1" 39 | cidr_blocks = ["0.0.0.0/0"] 40 | } 41 | 42 | ingress { 43 | from_port = 80 44 | to_port = 80 45 | protocol = "tcp" 46 | cidr_blocks = ["0.0.0.0/0"] 47 | } 48 | tags = { 49 | Name = "elb" 50 | } 51 | } 52 | 53 | -------------------------------------------------------------------------------- /aws/task-016-ELB-autoscaling/19-elb.tf: -------------------------------------------------------------------------------- 1 | resource "aws_elb" "my-elb" { 2 | name = "my-elb" 3 | subnets = [aws_subnet.main-public-1.id, aws_subnet.main-public-2.id] 4 | security_groups = [aws_security_group.elb-securitygroup.id] 5 | listener { 6 | instance_port = 80 7 | instance_protocol = "http" 8 | lb_port = 80 9 | lb_protocol = "http" 10 | } 11 | health_check { 12 | healthy_threshold = 2 13 | unhealthy_threshold = 2 14 | timeout = 3 15 | target = "HTTP:80/" 16 | interval = 30 17 | } 18 | 19 | cross_zone_load_balancing = true 20 | connection_draining = true 21 | connection_draining_timeout = 400 22 | tags = { 23 | Name = "my-elb" 24 | } 25 | } 26 | 27 | -------------------------------------------------------------------------------- /aws/task-016-ELB-autoscaling/20-autoscaling.tf: -------------------------------------------------------------------------------- 1 | resource "aws_launch_configuration" "example-launchconfig" { 2 | name_prefix = "example-launchconfig" 3 | image_id = var.AMIS[var.AWS_REGION] 4 | instance_type = "t2.micro" 5 | key_name = aws_key_pair.mykeypair.key_name 6 | security_groups = [aws_security_group.myinstance.id] 7 | user_data = "#!/bin/bash\napt-get update\napt-get -y install nginx\nMYIP=`ifconfig | grep 'addr:10' | awk '{ print $2 }' | cut -d ':' -f2`\necho 'this is: '$MYIP > /var/www/html/index.html\nservice nginx start" 8 | lifecycle { 9 | create_before_destroy = true 10 | } 11 | } 12 | 13 | resource "aws_autoscaling_group" "example-autoscaling" { 14 | name = "example-autoscaling" 15 | vpc_zone_identifier = [aws_subnet.main-public-1.id, aws_subnet.main-public-2.id] 16 | launch_configuration = aws_launch_configuration.example-launchconfig.name 17 | min_size = 2 18 | max_size = 2 19 | health_check_grace_period = 300 20 | health_check_type = "ELB" 21 | load_balancers = [aws_elb.my-elb.name] 22 | force_delete = true 23 | 24 | tag { 25 | key = "Name" 26 | value = "ec2 instance" 27 | propagate_at_launch = true 28 | } 29 | } 30 | 31 | -------------------------------------------------------------------------------- /aws/task-016-ELB-autoscaling/30-output.tf: -------------------------------------------------------------------------------- 1 | output "ELB" { 2 | value = aws_elb.my-elb.dns_name 3 | } 4 | 5 | -------------------------------------------------------------------------------- /aws/task-016-ELB-autoscaling/ReadMe.md: -------------------------------------------------------------------------------- 1 | ## Objective 2 | 3 | - To create a load balancer 4 | - with Port Configuration - 80 (HTTP) forwarding to 80 (HTTP) 5 | - Should be available in 2 availability zones (us-east-1a and us-east-1b) 6 | - it can receive HTTP traffic over TCP protocol on port 80 from any source 0.0.0.0/0 7 | - Ping Target : HTTP:80/ 8 | 9 | - To create an autoscaling group with 10 | - Min : 2 11 | - Max : 2 12 | - Desired Capacity : 2 13 | - health_check_grace_period : 300 14 | - health_check_type : "ELB" 15 | - attach a launch configuration to it which spins up an EC2 t2.micro instance and runs nginx on port 80. 16 | Run a script to show the IP of the instance when hit on port 80. 17 | - It should only respond to traffic which it receives on port 80 from the load balancer. 18 | 19 | 20 | ### Let's Begin 21 | 22 | 23 | - init 24 | ```bash 25 | $ terraform init 26 | ``` 27 | 28 | - plan 29 | ```bash 30 | $ terraform plan 31 | Plan: 18 to add, 0 to change, 0 to destroy. 32 | ``` 33 | 34 | - apply 35 | ```bash 36 | terraform apply 37 | Apply complete! Resources: 18 added, 0 changed, 0 destroyed. 38 | 39 | Outputs: 40 | 41 | ELB = my-elb-2112550202.us-east-1.elb.amazonaws.com 42 | ``` 43 | 44 | 45 | - Now you can check the ELB external address by using the following command 46 | ```bash 47 | $ host my-elb-2112550202.us-east-1.elb.amazonaws.com 48 | my-elb-2112550202.us-east-1.elb.amazonaws.com has address 3.210.52.31 49 | ``` 50 | 51 | - To check if the load balancing is happening, use the following 52 | ```bash 53 | $ curl my-elb-2112550202.us-east-1.elb.amazonaws.com 54 | this is: 10.0.1.228 55 | 56 | 57 | $ curl my-elb-2112550202.us-east-1.elb.amazonaws.com 58 | this is: 10.0.1.228 59 | ``` 60 | 61 | 62 | - Destroy 63 | ```bash 64 | $ terraform destroy 65 | Destroy complete! Resources: 18 destroyed. 66 | ``` 67 | 68 | -------------------------------------------------------------------------------- /aws/task-016-ELB-autoscaling/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /aws/task-017-Elastic-Beanstalk/00-vars.tf: -------------------------------------------------------------------------------- 1 | variable "AWS_REGION" { 2 | default = "us-east-1" 3 | } 4 | 5 | variable "PATH_TO_PRIVATE_KEY" { 6 | default = "~/.ssh/id_rsa" 7 | } 8 | 9 | variable "PATH_TO_PUBLIC_KEY" { 10 | default = "~/.ssh/id_rsa.pub" 11 | } 12 | 13 | variable "RDS_PASSWORD" { 14 | } 15 | 16 | -------------------------------------------------------------------------------- /aws/task-017-Elastic-Beanstalk/05-provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.AWS_REGION 3 | } 4 | 5 | -------------------------------------------------------------------------------- /aws/task-017-Elastic-Beanstalk/10-iam.tf: -------------------------------------------------------------------------------- 1 | # iam roles 2 | resource "aws_iam_role" "app-ec2-role" { 3 | name = "app-ec2-role" 4 | assume_role_policy = < http://app-prod.eba-eqp6suud.us-east-1.elasticbeanstalk.com/ 34 | 35 | 36 | 37 | - destroy 38 | ```bash 39 | $ terraform destroy 40 | ``` 41 | 42 | -------------------------------------------------------------------------------- /aws/task-017-Elastic-Beanstalk/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /aws/task-018-create-ECR-repo/00-vars.tf: -------------------------------------------------------------------------------- 1 | variable "AWS_REGION" { 2 | default = "us-east-1" 3 | } 4 | 5 | -------------------------------------------------------------------------------- /aws/task-018-create-ECR-repo/05-provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.AWS_REGION 3 | } 4 | 5 | -------------------------------------------------------------------------------- /aws/task-018-create-ECR-repo/15-ecr.tf: -------------------------------------------------------------------------------- 1 | resource "aws_ecr_repository" "myapp" { 2 | name = "myapp" 3 | } 4 | 5 | -------------------------------------------------------------------------------- /aws/task-018-create-ECR-repo/ReadMe.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | ## Configuring AWS CLI 4 | 5 | ```bash 6 | $ aws configure 7 | AWS Access Key ID [None]: ********************** 8 | AWS Secret Access Key [None]: ************************ 9 | Default region name [None]: us-east-1 10 | Default output format [None]: 11 | ``` 12 | 13 | 14 | 15 | ## Login to ECR, create Repo and Push image 16 | 17 | [Link](https://docs.aws.amazon.com/AmazonECR/latest/userguide/getting-started-cli.html) 18 | 19 | ```bash 20 | $ aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin ****************.dkr.ecr.us-east-1.amazonaws.com 21 | Login Succeeded 22 | ``` 23 | 24 | - Create a repository. After executing this command you can visit the console and check if the 25 | repository was created. 26 | ```bash 27 | aws ecr create-repository \ 28 | --repository-name node-application \ 29 | --image-scanning-configuration scanOnPush=true \ 30 | --region us-east-1 31 | ``` 32 | 33 | 34 | - Build a docker image with corresponding tag 35 | ```bash 36 | docker build -t *****************.dkr.ecr.us-east-1.amazonaws.com/node-application:latest . 37 | ``` 38 | 39 | - Push the image 40 | ```bash 41 | docker push ****************.dkr.ecr.us-east-1.amazonaws.com/node-application:latest 42 | ``` 43 | 44 | 45 | ## Implementing the changes using terraform 46 | 47 | - init 48 | 49 | ```bash 50 | $ terraform init 51 | ``` 52 | 53 | 54 | - plan 55 | ```bash 56 | $ terraform plan 57 | Plan: 1 to add, 0 to change, 0 to destroy. 58 | 59 | ``` 60 | 61 | - apply 62 | ```bash 63 | $ terraform apply 64 | Apply complete! Resources: 1 added, 0 changed, 0 destroyed. 65 | 66 | Outputs: 67 | 68 | myapp-repository-URL = *************.dkr.ecr.us-east-1.amazonaws.com/myapp 69 | 70 | ``` -------------------------------------------------------------------------------- /aws/task-018-create-ECR-repo/output.tf: -------------------------------------------------------------------------------- 1 | output "myapp-repository-URL" { 2 | value = aws_ecr_repository.myapp.repository_url 3 | } 4 | 5 | -------------------------------------------------------------------------------- /aws/task-018-create-ECR-repo/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /aws/task-019-ECS/00-vars.tf: -------------------------------------------------------------------------------- 1 | variable "AWS_REGION" { 2 | default = "us-east-1" 3 | } 4 | 5 | variable "PATH_TO_PRIVATE_KEY" { 6 | default = "~/.ssh/id_rsa" 7 | } 8 | 9 | variable "PATH_TO_PUBLIC_KEY" { 10 | default = "~/.ssh/id_rsa.pub" 11 | } 12 | 13 | variable "ECS_INSTANCE_TYPE" { 14 | default = "t2.micro" 15 | } 16 | 17 | variable "ECS_AMIS" { 18 | type = map(string) 19 | default = { 20 | us-east-1 = "ami-1924770e" 21 | us-west-2 = "ami-56ed4936" 22 | eu-west-1 = "ami-c8337dbb" 23 | } 24 | } 25 | 26 | # Full List: http://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html 27 | -------------------------------------------------------------------------------- /aws/task-019-ECS/05-provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.AWS_REGION 3 | } 4 | 5 | -------------------------------------------------------------------------------- /aws/task-019-ECS/10-iam.tf: -------------------------------------------------------------------------------- 1 | # ecs ec2 role 2 | resource "aws_iam_role" "ecs-ec2-role" { 3 | name = "ecs-ec2-role" 4 | assume_role_policy = < 2m21s v1.18.5 56 | ip-10-0-2-187 Ready 3m39s v1.18.5 57 | ``` 58 | 59 | - Check the pods in kube-system namespace 60 | ```bash 61 | ✗ kubectl get pods -n kube-system 62 | NAME READY STATUS RESTARTS AGE 63 | calico-node-7w5jp 1/1 Running 0 8m23s 64 | calico-node-s25vl 1/1 Running 0 7m5s 65 | coredns-857c875bc7-k52vl 1/1 Running 0 8m31s 66 | coredns-857c875bc7-qgb6q 1/1 Running 0 8m31s 67 | kube-apiserver-ip-10-0-2-187 1/1 Running 0 7m1s 68 | kube-controller-manager-ip-10-0-2-187 1/1 Running 0 7m41s 69 | kube-proxy-476dh 1/1 Running 1 8m23s 70 | kube-proxy-rvkwf 1/1 Running 1 7m5s 71 | kube-scheduler-ip-10-0-2-187 1/1 Running 0 7m13s 72 | ``` 73 | 74 | - Route53 Records which got created in the hosted zone `k118.tk` 75 | ![](.ReadMe_images/r53-records.png) 76 | 77 | 78 | - Instances created 79 | ![](.ReadMe_images/instances-created.png) 80 | 81 | - Load Balancer Created 82 | ![](.ReadMe_images/lb-created.png) 83 | 84 | 85 | - Target Groups 86 | ![](.ReadMe_images/target-groups.png) 87 | 88 | ![](.ReadMe_images/target-groups-health.png) 89 | 90 | 91 | - Launch Configuration 92 | ![](.ReadMe_images/launch-configuration.png) 93 | 94 | - Autoscaling groups created 95 | ![](.ReadMe_images/auto-scaling-groups.png) 96 | 97 | - VPC Created 98 | ![](.ReadMe_images/vpc-created.png) 99 | 100 | - Subnets Created 101 | ![](.ReadMe_images/subnets-created.png) 102 | 103 | - Route Tables 104 | ![](.ReadMe_images/route-tables.png) 105 | 106 | -------------------------------------------------------------------------------- /aws/task-022-route53-ec2/.ReadMe_images/ec2-instance.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codeaprendiz/learn_terraform/eda51b8c8c077fbea5b79cc0082441b710c44ebd/aws/task-022-route53-ec2/.ReadMe_images/ec2-instance.png -------------------------------------------------------------------------------- /aws/task-022-route53-ec2/.ReadMe_images/hosted-zone-window.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codeaprendiz/learn_terraform/eda51b8c8c077fbea5b79cc0082441b710c44ebd/aws/task-022-route53-ec2/.ReadMe_images/hosted-zone-window.png -------------------------------------------------------------------------------- /aws/task-022-route53-ec2/.ReadMe_images/nameservers-config-window.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codeaprendiz/learn_terraform/eda51b8c8c077fbea5b79cc0082441b710c44ebd/aws/task-022-route53-ec2/.ReadMe_images/nameservers-config-window.png -------------------------------------------------------------------------------- /aws/task-022-route53-ec2/00-vars.tf: -------------------------------------------------------------------------------- 1 | variable "AWS_REGION" { 2 | default = "us-east-1" 3 | } 4 | 5 | variable "domain_mydevops_link" { 6 | default = "codeaprendiz.tk" 7 | } 8 | 9 | variable "instance_type" { 10 | description = "type for aws EC2 instance" 11 | default = "t2.micro" 12 | } -------------------------------------------------------------------------------- /aws/task-022-route53-ec2/05-instance.tf: -------------------------------------------------------------------------------- 1 | data "aws_ami" "ubuntu" { 2 | most_recent = true 3 | 4 | filter { 5 | name = "name" 6 | values = ["ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*"] 7 | } 8 | 9 | filter { 10 | name = "virtualization-type" 11 | values = ["hvm"] 12 | } 13 | 14 | owners = ["099720109477"] # Canonical 15 | } 16 | 17 | resource "aws_instance" "web" { 18 | ami = data.aws_ami.ubuntu.id 19 | instance_type = "t2.micro" 20 | 21 | tags = { 22 | Name = "HelloWorld" 23 | } 24 | } 25 | 26 | -------------------------------------------------------------------------------- /aws/task-022-route53-ec2/05-provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.AWS_REGION 3 | } 4 | 5 | -------------------------------------------------------------------------------- /aws/task-022-route53-ec2/10-route53.tf: -------------------------------------------------------------------------------- 1 | resource "aws_route53_record" "server1-record" { 2 | zone_id = aws_route53_zone.devopslink-public-zone.zone_id 3 | name = "server1.codeaprendiz.tk" 4 | type = "A" 5 | ttl = "300" 6 | records = [aws_instance.web.public_ip] 7 | } 8 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /aws/task-022-route53-ec2/250-r53-devopslink_zone.tf: -------------------------------------------------------------------------------- 1 | ###_____ ___ _ _ _____ 2 | ##|__ / / _ \ | \ | | | ____| 3 | ####/ / | | | | | \| | | _| 4 | ###/ /_ | |_| | | |\ | | |___ 5 | ##/____| \___/ |_| \_| |_____| 6 | 7 | resource "aws_route53_zone" "devopslink-public-zone" { 8 | name = var.domain_mydevops_link 9 | comment = "${var.domain_mydevops_link} public zone" 10 | provider = aws 11 | } -------------------------------------------------------------------------------- /aws/task-022-route53-ec2/30-output.tf: -------------------------------------------------------------------------------- 1 | output "devopslink-public-zone-id" { 2 | value = aws_route53_zone.devopslink-public-zone.zone_id 3 | } 4 | 5 | output "devopslink-name-servers" { 6 | value = aws_route53_zone.devopslink-public-zone.name_servers 7 | } 8 | 9 | 10 | -------------------------------------------------------------------------------- /aws/task-022-route53-ec2/ReadMe.md: -------------------------------------------------------------------------------- 1 | ## Objective 2 | 3 | 1) To create a DNS "A" record which is pointing to the EC2 instance created in default VPC default subnet. 4 | 2) When we do nslookup to the "A" record like `server1.codeaprendiz.tk`, it should resolve the public IP of the instance. 5 | 6 | ### PRE-REQUISITE 7 | 1) First we need to own a domain. So go to the link [https://my.freenom.com/](https://my.freenom.com/) and register a domain. 8 | I registered `codeaprendiz.tk` 9 | 10 | 11 | - Init 12 | 13 | ```bash 14 | $ terraform init 15 | ``` 16 | 17 | - Plan 18 | 19 | ``` 20 | $ terraform plan 21 | 22 | Apply complete! Resources: 3 added, 0 changed, 0 destroyed. 23 | . 24 | . 25 | . 26 | ``` 27 | 28 | 29 | - Apply 30 | ```bash 31 | $ terraform apply 32 | . 33 | Apply complete! Resources: 3 added, 0 changed, 0 destroyed. 34 | 35 | Outputs: 36 | 37 | devopslink-name-servers = [ 38 | "ns-1512.awsdns-61.org", 39 | "ns-163.awsdns-20.com", 40 | "ns-2026.awsdns-61.co.uk", 41 | "ns-904.awsdns-49.net", 42 | ] 43 | devopslink-public-zone-id = Z10390782TEJ7ISXDVZ22 44 | ``` 45 | 46 | - Once applied. You will be able to see the hosted zone as follows 47 | 48 | ![](.ReadMe_images/hosted-zone-window.png) 49 | 50 | - And the EC2 instance as well 51 | 52 | ![](.ReadMe_images/ec2-instance.png) 53 | 54 | 55 | 56 | - Now you go the list of nameserver in the output. These nameservers know to what IP address our `A` record `server1.codeaprendiz.tk` resolves to. 57 | So we will need to go back to [https://my.freenom.com/](https://my.freenom.com/) and manage the domain `codeaprendiz.tk` (specifically go to 58 | Management Tools -> Nameservers) and give the list of these nameservers there so it know where to look. Once this is completed. 59 | 60 | ![](.ReadMe_images/nameservers-config-window.png) 61 | 62 | 63 | ```bash 64 | $ nslookup server1.codeaprendiz.tk 65 | Server: 127.0.0.53 66 | Address: 127.0.0.53#53 67 | 68 | Non-authoritative answer: 69 | Name: server1.codeaprendiz.tk 70 | Address: 54.91.128.126 71 | 72 | $ dig server1.codeaprendiz.tk 73 | 74 | ; <<>> DiG 9.11.3-1ubuntu1.12-Ubuntu <<>> server1.codeaprendiz.tk 75 | ;; global options: +cmd 76 | ;; Got answer: 77 | ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12751 78 | ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 79 | 80 | ;; OPT PSEUDOSECTION: 81 | ; EDNS: version: 0, flags:; udp: 65494 82 | ;; QUESTION SECTION: 83 | ;server1.codeaprendiz.tk. IN A 84 | 85 | ;; ANSWER SECTION: 86 | server1.codeaprendiz.tk. 300 IN A 54.91.128.126 87 | 88 | ;; Query time: 149 msec 89 | ;; SERVER: 127.0.0.53#53(127.0.0.53) 90 | ;; WHEN: Sat Aug 08 00:42:49 +04 2020 91 | ;; MSG SIZE rcvd: 68 92 | ``` 93 | 94 | -------------------------------------------------------------------------------- /aws/task-022-route53-ec2/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /aws/task-023-terragrunt-ec2/00-vars.tf: -------------------------------------------------------------------------------- 1 | variable "region" { 2 | default = "eu-west-1" 3 | } 4 | -------------------------------------------------------------------------------- /aws/task-023-terragrunt-ec2/05-provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.region 3 | } 4 | 5 | locals { 6 | awsregion = var.region 7 | } 8 | -------------------------------------------------------------------------------- /aws/task-023-terragrunt-ec2/10-ec2.tf: -------------------------------------------------------------------------------- 1 | data "aws_ami" "ubuntu" { 2 | most_recent = true 3 | 4 | filter { 5 | name = "name" 6 | values = ["ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*"] 7 | } 8 | 9 | filter { 10 | name = "virtualization-type" 11 | values = ["hvm"] 12 | } 13 | 14 | owners = ["099720109477"] # Canonical 15 | } 16 | 17 | resource "aws_instance" "web" { 18 | ami = data.aws_ami.ubuntu.id 19 | instance_type = "t2.micro" 20 | 21 | tags = { 22 | Name = "HelloWorld" 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /aws/task-023-terragrunt-ec2/ReadMe.md: -------------------------------------------------------------------------------- 1 | ### Use Terragrunt to create an EC2 instance in default VPC 2 | 3 | - Versions 4 | ```bash 5 | $ terraform --version 6 | Terraform v0.14.4 7 | 8 | Your version of Terraform is out of date! The latest version 9 | is 0.14.5. You can update by downloading from https://www.terraform.io/downloads.html 10 | 11 | $ terragrunt -version 12 | terragrunt version v0.27.1 13 | ``` 14 | 15 | 16 | - Run the following. Initialization 17 | ```bash 18 | $ chmod 755 run.sh 19 | $ ./run.sh init 20 | ``` 21 | 22 | - Plan 23 | ```bash 24 | $ ./run.sh plan 25 | . 26 | Plan: 1 to add, 0 to change, 0 to destroy. 27 | ``` 28 | 29 | - Applying the changes 30 | ```bash 31 | $ ./run.sh apply 32 | . 33 | + create 34 | . 35 | Apply complete! Resources: 1 added, 0 changed, 0 destroyed. 36 | ``` 37 | 38 | - Destroy the changes 39 | ```bash 40 | $ ./run.sh destroy 41 | . 42 | Destroy complete! Resources: 1 destroyed. 43 | ``` -------------------------------------------------------------------------------- /aws/task-023-terragrunt-ec2/run.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | my_dir="$(dirname "$0")" 3 | credential_file="${my_dir}/../../credentials.txt" 4 | profile="personal" 5 | AWS_SHARED_CREDENTIALS_FILE="${credential_file}" AWS_PROFILE="${profile}" terraform "$@" 6 | -------------------------------------------------------------------------------- /aws/task-024-certificate-manager/ReadMe.md: -------------------------------------------------------------------------------- 1 | ### Objective : Create a private certificate for your Domain using AWS Certificate Manager 2 | 3 | #### PRE-REQUISITE 4 | - You own a domain for example in following case I own - `ankitrathi.info` 5 | ![](https://github.com/codeaprendiz/_assets/blob/master/terraform-kitchen/task-024-certificate-manager/route53_dashboard.png) 6 | 7 | ![](https://github.com/codeaprendiz/_assets/blob/master/terraform-kitchen/task-024-certificate-manager/route53_dashboard_registered_domains.png) 8 | 9 | - You should also have a default hosted zone 10 | ![](https://github.com/codeaprendiz/_assets/blob/master/terraform-kitchen/task-024-certificate-manager/route53_hosted_zones.png) 11 | 12 | 13 | #### Let's Begin 14 | - Go to AWS Certificate Manager 15 | 16 | - Choose the region as `us-east-1` 17 | ```bash 18 | ### WHY 19 | Error: error creating CloudFront Distribution: InvalidViewerCertificate: The specified SSL certificate doesn't exist, isn't in us-east-1 region, isn't valid, or doesn't include a valid certificate chain. 20 | status code: 400, request id: ***** 21 | ``` 22 | 23 | - Click on `Get started` 24 | 25 | ![](https://github.com/codeaprendiz/_assets/blob/master/terraform-kitchen/task-024-certificate-manager/cert_manager_provision_certificates.png) 26 | 27 | 28 | - Now choose `Request a public certificate` and click on `Request a certificate` 29 | 30 | ![](https://github.com/codeaprendiz/_assets/blob/master/terraform-kitchen/task-024-certificate-manager/cert_manager_request_a_public_certificate.png) 31 | 32 | 33 | 34 | 35 | - Now add the following domain names (assuming that you own the first domain, for which you are creating the public certificate) 36 | - ankitrathi.info 37 | - *.ankitrathi.info 38 | 39 | ![](https://github.com/codeaprendiz/_assets/blob/master/terraform-kitchen/task-024-certificate-manager/cert_manager_add_domain_names.png) 40 | 41 | - Choose the validation method as `DNS Validation` and hit next 42 | 43 | ![](https://github.com/codeaprendiz/_assets/blob/master/terraform-kitchen/task-024-certificate-manager/cert_manager_select_validation_method.png) 44 | 45 | - Give tags if required 46 | 47 | - Review and confirm 48 | 49 | ![](https://github.com/codeaprendiz/_assets/blob/master/terraform-kitchen/task-024-certificate-manager/cert_manager_review.png) 50 | 51 | 52 | - Now click on the `Create record in Route 53` for creating the records for validation 53 | 54 | ![](https://github.com/codeaprendiz/_assets/blob/master/terraform-kitchen/task-024-certificate-manager/cert_manager_validation.png) 55 | 56 | ![](https://github.com/codeaprendiz/_assets/blob/master/terraform-kitchen/task-024-certificate-manager/cert_manager_create_record_in_route_53.png) 57 | 58 | You will see a success message. Finally click on continue. 59 | 60 | - Now you will see that the `Validation` is in pending state 61 | 62 | - Wait for sometime and you should see `Validation Complete`. Meanwhile you can go to Route 53 and check the two CNAMES you just added 63 | 64 | 65 | ![](https://github.com/codeaprendiz/_assets/blob/master/terraform-kitchen/task-024-certificate-manager/cert_manager_validation_success.png) 66 | 67 | - Now you can use the certificate `ARN` visible on the above screen where-ever you need. 68 | It will be of following type 69 | ```bash 70 | arn:aws:acm:us-east-1:***********:certificate/*****-****-****-****-******** 71 | ``` 72 | 73 | 74 | 75 | 76 | -------------------------------------------------------------------------------- /aws/task-025-terragrunt-iam-user/00-vars.tf: -------------------------------------------------------------------------------- 1 | variable "region" { 2 | default = "eu-west-1" 3 | } 4 | -------------------------------------------------------------------------------- /aws/task-025-terragrunt-iam-user/05-provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.region 3 | } 4 | 5 | locals { 6 | awsregion = var.region 7 | } 8 | -------------------------------------------------------------------------------- /aws/task-025-terragrunt-iam-user/10-iam-user.tf: -------------------------------------------------------------------------------- 1 | data "aws_s3_bucket" "test-backup-bucket" { 2 | bucket = "test-dev-backup-bucket" 3 | } 4 | 5 | module "test-backup-bucket-user" { 6 | source = "git::https://github.com/cloudposse/terraform-aws-iam-s3-user.git?ref=master" 7 | namespace = "test" 8 | stage = "dev" 9 | name = "backup-bucket-admin-user" 10 | s3_actions = [ 11 | "s3:GetObject", 12 | "s3:ListBucket", 13 | "s3:GetBucketLocation" 14 | ] 15 | s3_resources = [ 16 | "${data.aws_s3_bucket.test-backup-bucket.arn}/*", 17 | data.aws_s3_bucket.test-backup-bucket.arn 18 | ] 19 | } 20 | 21 | output "aws-developer-access-key" { 22 | sensitive = true 23 | value = module.test-backup-bucket-user.access_key_id 24 | } 25 | 26 | output "aws-developer-secret-key" { 27 | sensitive = true 28 | value = module.test-backup-bucket-user.secret_access_key 29 | } 30 | 31 | 32 | 33 | 34 | -------------------------------------------------------------------------------- /aws/task-025-terragrunt-iam-user/ReadMe.md: -------------------------------------------------------------------------------- 1 | ### Create an IAM user who will have certain defined access to the S3 bucket 2 | 3 | 4 | - Terraform and Terragrunt versions 5 | ```bash 6 | $ terraform --version 7 | Terraform v0.14.4 8 | 9 | Your version of Terraform is out of date! The latest version 10 | is 0.14.5. You can update by downloading from https://www.terraform.io/downloads.html 11 | 12 | $ terragrunt -version 13 | terragrunt version v0.27.1 14 | ``` 15 | 16 | 17 | - Run the following. Initialization 18 | ```bash 19 | $ chmod 755 run.sh 20 | $ ./run.sh init 21 | ``` 22 | 23 | - Plan 24 | ```bash 25 | $ ./run.sh plan 26 | ``` 27 | 28 | - Applying the changes 29 | ```bash 30 | $ ./run.sh apply 31 | ``` 32 | 33 | - Destroy the changes 34 | ```bash 35 | $ ./run.sh destroy 36 | ``` 37 | 38 | - List objects in bucket 39 | ```bash 40 | $ AWS_ACCESS_KEY_ID= AWS_SECRET_ACCESS_KEY= aws s3 ls s3://test-dev-backup-bucket 41 | 2021-01-25 12:58:10 6 hello.txt 42 | ``` 43 | 44 | - Remove objects from bucket 45 | ```bash 46 | $ AWS_ACCESS_KEY_ID= AWS_SECRET_ACCESS_KEY= aws s3 rm s3://test-dev-backup-bucket/hello.txt 47 | delete failed: s3://test-dev-backup-bucket/hello.txt An error occurred (AccessDenied) when calling the DeleteObject operation: Access Denied 48 | ``` 49 | -------------------------------------------------------------------------------- /aws/task-025-terragrunt-iam-user/run.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | my_dir="$(dirname "$0")" 3 | credential_file="${my_dir}/../../credentials.txt" 4 | profile="personal" 5 | AWS_SHARED_CREDENTIALS_FILE="${credential_file}" AWS_PROFILE="${profile}" terraform "$@" 6 | -------------------------------------------------------------------------------- /aws/task-026-terragrunt-s3-bucket/00-vars.tf: -------------------------------------------------------------------------------- 1 | variable "region" { 2 | default = "eu-west-1" 3 | } 4 | -------------------------------------------------------------------------------- /aws/task-026-terragrunt-s3-bucket/05-provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.region 3 | } 4 | 5 | locals { 6 | awsregion = var.region 7 | } 8 | -------------------------------------------------------------------------------- /aws/task-026-terragrunt-s3-bucket/10-s3-bucket.tf: -------------------------------------------------------------------------------- 1 | module "s3_bucket" { 2 | source = "git::https://github.com/cloudposse/terraform-aws-s3-bucket.git?ref=master" 3 | enabled = true 4 | user_enabled = true 5 | versioning_enabled = false 6 | allowed_bucket_actions = ["s3:*"] 7 | name = "backup-bucket" 8 | stage = "dev" 9 | namespace = "test" 10 | 11 | } 12 | 13 | output "aws-s3-bucket-url" { 14 | sensitive = true 15 | value = module.s3_bucket.bucket_domain_name 16 | } 17 | 18 | output "aws-admin-access-key" { 19 | sensitive = true 20 | value = module.s3_bucket.access_key_id 21 | } 22 | 23 | output "aws-admin-secret-key" { 24 | sensitive = true 25 | value = module.s3_bucket.secret_access_key 26 | } 27 | -------------------------------------------------------------------------------- /aws/task-026-terragrunt-s3-bucket/ReadMe.md: -------------------------------------------------------------------------------- 1 | #### We will create S3 bucket using cloudposse module. We will also have IAM user which will have admin priviledges on S3 bucket 2 | 3 | - Terraform and Terragrunt versions 4 | ```bash 5 | $ terraform --version 6 | Terraform v0.14.4 7 | 8 | Your version of Terraform is out of date! The latest version 9 | is 0.14.5. You can update by downloading from https://www.terraform.io/downloads.html 10 | 11 | $ terragrunt -version 12 | terragrunt version v0.27.1 13 | ``` 14 | 15 | 16 | - Run the following. Initialization 17 | ```bash 18 | $ chmod 755 run.sh 19 | $ ./run.sh init 20 | ``` 21 | 22 | - Plan 23 | ```bash 24 | $ ./run.sh plan 25 | ``` 26 | 27 | - Applying the changes 28 | ```bash 29 | $ ./run.sh apply 30 | ``` 31 | 32 | - Destroy the changes 33 | ```bash 34 | $ ./run.sh destroy 35 | ``` 36 | 37 | 38 | - Uploading object 39 | ```bash 40 | AWS_ACCESS_KEY_ID= AWS_SECRET_ACCESS_KEY= aws s3 cp hello.txt s3://test-dev-backup-bucket/hello.txt 41 | upload: ./hello.txt to s3://test-dev-backup-bucket/hello.txt 42 | ``` 43 | 44 | - Get the object 45 | ```bash 46 | $ AWS_ACCESS_KEY_ID= AWS_SECRET_ACCESS_KEY= aws s3 cp s3://test-dev-backup-bucket/hello.txt . 47 | download: s3://test-dev-backup-bucket/hello.txt to ./hello.txt 48 | ``` 49 | 50 | - list files 51 | ```bash 52 | $ AWS_ACCESS_KEY_ID= AWS_SECRET_ACCESS_KEY= aws s3 ls s3://test-dev-backup-bucket/hello.txt 53 | 2021-01-25 12:39:54 12 hello.txt 54 | ``` 55 | 56 | - Delete the object 57 | ```bash 58 | $ AWS_ACCESS_KEY_ID= AWS_SECRET_ACCESS_KEY= aws s3 rm s3://test-dev-backup-bucket/hello.txt 59 | delete: s3://test-dev-backup-bucket/hello.txt 60 | ``` 61 | 62 | 63 | -------------------------------------------------------------------------------- /aws/task-026-terragrunt-s3-bucket/hello.txt: -------------------------------------------------------------------------------- 1 | hello world 2 | -------------------------------------------------------------------------------- /aws/task-026-terragrunt-s3-bucket/run.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | my_dir="$(dirname "$0")" 3 | credential_file="${my_dir}/../../credentials.txt" 4 | profile="personal" 5 | AWS_SHARED_CREDENTIALS_FILE="${credential_file}" AWS_PROFILE="${profile}" terraform "$@" 6 | -------------------------------------------------------------------------------- /aws/task-027-terragrunt-cdn/00-vars.tf: -------------------------------------------------------------------------------- 1 | variable "region" { 2 | default = "eu-west-1" 3 | } 4 | 5 | 6 | variable "public_hosted_zone_id" { 7 | description = "ID of the Public Hosted Zone" 8 | type = string 9 | sensitive = true 10 | } 11 | 12 | 13 | variable "private_certificate_arn" { 14 | description = "ARN of the private certificate issued by AWS Certificate Manager" 15 | type = string 16 | sensitive = true 17 | } 18 | -------------------------------------------------------------------------------- /aws/task-027-terragrunt-cdn/05-provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.region 3 | } 4 | 5 | locals { 6 | awsregion = var.region 7 | } 8 | -------------------------------------------------------------------------------- /aws/task-027-terragrunt-cdn/10-cdn.tf: -------------------------------------------------------------------------------- 1 | module "cf-s3-test" { 2 | source = "git::https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn.git?ref=0.41.0" 3 | namespace = "backend" 4 | stage = "dev" 5 | name = "test" 6 | 7 | ## If you want to create alias name for accessing objects cached by cloud front. Note you will need to create the CNAME yourself. 8 | // aliases = [ 9 | // "test-test-dev.ankitrathi.info" 10 | // ] 11 | wait_for_deployment = false 12 | compress = true 13 | ipv6_enabled = true 14 | 15 | parent_zone_id = var.public_hosted_zone_id 16 | acm_certificate_arn = var.private_certificate_arn 17 | use_regional_s3_endpoint = true 18 | origin_force_destroy = true 19 | cors_allowed_headers = [ 20 | "*" 21 | ] 22 | cors_allowed_methods = [ 23 | "GET", 24 | "HEAD", 25 | "PUT" 26 | ] 27 | logging_enabled = false 28 | 29 | 30 | min_ttl = 86400 31 | default_ttl = 604800 32 | max_ttl = 31536000 33 | 34 | } 35 | 36 | resource "aws_s3_bucket_object" "cf-s3-test" { 37 | bucket = module.cf-s3-test.s3_bucket 38 | key = "index.html" 39 | source = "${path.module}/index.html" 40 | content_type = "text/html" 41 | etag = md5(file("${path.module}/index.html")) 42 | } 43 | 44 | 45 | module "s3-user-test" { 46 | source = "git::https://github.com/cloudposse/terraform-aws-iam-s3-user.git?ref=0.14.1" 47 | namespace = "backend" 48 | stage = "dev" 49 | name = "test" 50 | s3_actions = [ 51 | "s3:GetBucketLocation", 52 | "s3:ListAllMyBuckets", 53 | "s3:ListBucket", 54 | "s3:PutObject", 55 | "s3:PutObjectAcl", 56 | "s3:GetObjectAcl", 57 | "s3:GetObjectVersion", 58 | "s3:DeleteObject", 59 | "s3:DeleteObjectVersion" 60 | ] 61 | s3_resources = [ 62 | module.cf-s3-test.s3_bucket_arn, 63 | "${module.cf-s3-test.s3_bucket_arn}/*", 64 | ] 65 | 66 | depends_on = [ 67 | module.cf-s3-test 68 | ] 69 | } 70 | 71 | output "cf-s3-test-name" { 72 | value = module.cf-s3-test.s3_bucket 73 | } 74 | 75 | output "cf-s3-test-domain-name" { 76 | value = module.cf-s3-test.s3_bucket_domain_name 77 | } 78 | 79 | output "s3-user-test-username" { 80 | value = module.s3-user-test.user_name 81 | } 82 | 83 | output "s3-user-test-access-id" { 84 | sensitive = true 85 | value = module.s3-user-test.access_key_id 86 | } 87 | 88 | output "s3-user-test-secret-key" { 89 | sensitive = true 90 | value = module.s3-user-test.secret_access_key 91 | } 92 | -------------------------------------------------------------------------------- /aws/task-027-terragrunt-cdn/ReadMe.md: -------------------------------------------------------------------------------- 1 | ### Objective : Create a CDN using cloudposse module and ensure that sensitive variables are hidden 2 | 3 | #### Pre-requisite 4 | - Update values of in `secret.tfvars` as per your configuration (take reference from secret.tfvars.example) 5 | - [Hosted Zone (default hosted zone would do)](../task-011-route53) 6 | - You should own a domain (like in this case I own `ankitrathi.info`) 7 | - [Create a private Certificate for your domain in us-east-1](../task-024-certificate-manager) 8 | 9 | 10 | #### Let's Begin 11 | 12 | - Terraform and Terragrunt versions 13 | ```bash 14 | $ terraform --version 15 | Terraform v0.14.4 16 | 17 | Your version of Terraform is out of date! The latest version 18 | is 0.14.5. You can update by downloading from https://www.terraform.io/downloads.html 19 | 20 | $ terragrunt -version 21 | terragrunt version v0.27.1 22 | ``` 23 | 24 | - Initialize 25 | ```bash 26 | $ ./run.sh init 27 | ``` 28 | 29 | - Plan 30 | ```bash 31 | $ ./run.sh plan -var-file="secret.tfvars" 32 | . 33 | 34 | Plan: 8 to add, 0 to change, 0 to destroy. 35 | 36 | Changes to Outputs: 37 | + cf-s3-test-domain-name = (known after apply) 38 | + cf-s3-test-name = (known after apply) 39 | + s3-user-test-access-id = (sensitive value) 40 | + s3-user-test-secret-key = (sensitive value) 41 | + s3-user-test-username = "backend-dev-test" 42 | 43 | ``` 44 | 45 | - Apply the changes 46 | ```bash 47 | $ ./run.sh apply -var-file="secret.tfvars" 48 | . 49 | Apply complete! Resources: 8 added, 0 changed, 0 destroyed. 50 | 51 | Outputs: 52 | 53 | cf-s3-test-domain-name = "backend-dev-test-origin.s3.eu-west-1.amazonaws.com" 54 | cf-s3-test-name = "backend-dev-test-origin" 55 | s3-user-test-access-id = 56 | s3-user-test-secret-key = 57 | s3-user-test-username = "backend-dev-test" 58 | ``` 59 | 60 | ### Screenshots 61 | 62 | ![](https://github.com/codeaprendiz/_assets/blob/master/terraform-kitchen/task-027-terragrunt-cdn/cdn_home.png) 63 | 64 | ![](https://github.com/codeaprendiz/_assets/blob/master/terraform-kitchen/task-027-terragrunt-cdn/cdn_general_tab.png) 65 | 66 | ![](https://github.com/codeaprendiz/_assets/blob/master/terraform-kitchen/task-027-terragrunt-cdn/cdn_origin_and_origin_groups.png) 67 | 68 | ![](https://github.com/codeaprendiz/_assets/blob/master/terraform-kitchen/task-027-terragrunt-cdn/cdn_behaviour.png) 69 | 70 | ![](https://github.com/codeaprendiz/_assets/blob/master/terraform-kitchen/task-027-terragrunt-cdn/cdn_its_working.png) 71 | 72 | - You can also validate using the curl command 73 | ```bash 74 | $ curl https://d3a656hcndx1gu.cloudfront.net/ 75 | 76 | 77 | 78 | 79 | Working! 80 | 81 | 82 |

Congratulations! Your CDN is Working!

83 | 84 | 85 | ``` 86 | 87 | - Also checkout the nslookup output 88 | ```bash 89 | $ nslookup d3a656hcndx1gu.cloudfront.net 90 | Server: 213.42.20.20 91 | Address: 213.42.20.20#53 92 | 93 | Non-authoritative answer: 94 | Name: d3a656hcndx1gu.cloudfront.net 95 | Address: 13.33.93.127 96 | Name: d3a656hcndx1gu.cloudfront.net 97 | Address: 13.33.93.55 98 | Name: d3a656hcndx1gu.cloudfront.net 99 | Address: 13.33.93.52 100 | Name: d3a656hcndx1gu.cloudfront.net 101 | Address: 13.33.93.35 102 | ``` 103 | 104 | 105 | - Now to destroy the resources 106 | ```bash 107 | $ ./run.sh destroy -var-file="secret.tfvars" 108 | . 109 | Destroy complete! Resources: 8 destroyed. 110 | ``` 111 | -------------------------------------------------------------------------------- /aws/task-027-terragrunt-cdn/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Working! 6 | 7 | 8 |

Congratulations! Your CDN is Working!

9 | 10 | 11 | -------------------------------------------------------------------------------- /aws/task-027-terragrunt-cdn/run.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | my_dir="$(dirname "$0")" 3 | credential_file="${my_dir}/../../credentials.txt" 4 | profile="personal" 5 | AWS_SHARED_CREDENTIALS_FILE="${credential_file}" AWS_PROFILE="${profile}" terraform "$@" 6 | -------------------------------------------------------------------------------- /aws/task-027-terragrunt-cdn/secret.tfvars.example: -------------------------------------------------------------------------------- 1 | public_hosted_zone_id = "" 2 | private_certificate_arn = "" -------------------------------------------------------------------------------- /credentials.txt.example: -------------------------------------------------------------------------------- 1 | [personal] 2 | aws_access_key_id = "********************" 3 | aws_secret_access_key = "******************" 4 | region = "eu-west-1" -------------------------------------------------------------------------------- /task-001-doc-references/ReadMe.md: -------------------------------------------------------------------------------- 1 | # Terraform Doc References 2 | 3 | - [data sources](https://www.terraform.io/docs/configuration/data-sources.html) 4 | - [aws_ami](https://www.terraform.io/docs/providers/aws/d/ami.html) 5 | - [template_cloudinit_config](https://www.terraform.io/docs/providers/template/d/cloudinit_config.html) 6 | - [template_file](https://www.terraform.io/docs/providers/template/d/file.html) 7 | - [provider](https://www.terraform.io/docs/providers/index.html) 8 | - [aws](https://www.terraform.io/docs/providers/aws/index.html) 9 | - [modules](https://www.terraform.io/docs/configuration/modules.html) 10 | - [resources](https://www.terraform.io/docs/configuration/resources.html) 11 | - [aws_autoscaling_group](https://www.terraform.io/docs/providers/aws/r/autoscaling_group.html) 12 | - [aws_autoscaling_policy](https://www.terraform.io/docs/providers/aws/r/autoscaling_policy.html) 13 | - [aws_autoscaling_notification](https://www.terraform.io/docs/providers/aws/r/autoscaling_notification.html) 14 | - [aws_cloudwatch_metric_alarm](https://www.terraform.io/docs/providers/aws/r/cloudwatch_metric_alarm.html) 15 | - [aws_db_instance](https://www.terraform.io/docs/providers/aws/r/db_instance.html) 16 | - [aws_db_parameter_group](https://www.terraform.io/docs/providers/aws/r/db_parameter_group.html) 17 | - [aws_db_subnet_group](https://www.terraform.io/docs/providers/aws/r/db_subnet_group.html) 18 | - [aws_default_subnet](https://www.terraform.io/docs/providers/aws/r/default_subnet.html) 19 | - [aws_default_vpc](https://www.terraform.io/docs/providers/aws/r/default_vpc.html) 20 | - [aws_ebs_volume](https://www.terraform.io/docs/providers/aws/r/ebs_volume.html) 21 | - [aws_eip](https://www.terraform.io/docs/providers/aws/r/eip.html) 22 | - [aws_iam_group](https://www.terraform.io/docs/providers/aws/r/iam_group.html) 23 | - [aws_iam_group_membership](https://www.terraform.io/docs/providers/aws/r/iam_group_membership.html) 24 | - [aws_iam_instance_profile](https://www.terraform.io/docs/providers/aws/r/iam_instance_profile.html) 25 | - [aws_iam_policy_attachment](https://www.terraform.io/docs/providers/aws/r/iam_policy_attachment.html) 26 | - [aws_iam_role](https://www.terraform.io/docs/providers/aws/r/iam_role.html) 27 | - [aws_iam_role_policy](https://www.terraform.io/docs/providers/aws/r/iam_role_policy.html) 28 | - [aws_iam_user](https://www.terraform.io/docs/providers/aws/r/iam_user.html) 29 | - [aws_instance](https://www.terraform.io/docs/providers/aws/r/instance.html) 30 | - [aws_internet_gateway](https://www.terraform.io/docs/providers/aws/r/internet_gateway.html) 31 | - [aws_key_pair](https://www.terraform.io/docs/providers/aws/r/key_pair.html) 32 | - [aws_launch_configuration](https://www.terraform.io/docs/providers/aws/r/launch_configuration.html) 33 | - [aws_nat_gateway](https://www.terraform.io/docs/providers/aws/r/nat_gateway.html) 34 | - [aws_route53_zone](https://www.terraform.io/docs/providers/aws/r/route53_zone.html) 35 | - [aws_route53_record](https://www.terraform.io/docs/providers/aws/r/route53_record.html) 36 | - [aws_route_table](https://www.terraform.io/docs/providers/aws/r/route_table.html) 37 | - [aws_route_table_association](https://www.terraform.io/docs/providers/aws/r/route_table_association.html) 38 | - [aws_security_group](https://www.terraform.io/docs/providers/aws/r/security_group.html) 39 | - [aws_sns_topic](https://www.terraform.io/docs/providers/aws/r/sns_topic.html) 40 | - [aws_subnet](https://www.terraform.io/docs/providers/aws/r/subnet.html) 41 | - [aws_volume_attachment](https://www.terraform.io/docs/providers/aws/r/volume_attachment.html) 42 | - [aws_vpc](https://www.terraform.io/docs/providers/aws/r/vpc.html) 43 | - variables 44 | - [input variables](https://www.terraform.io/docs/configuration/variables.html) 45 | 46 | 47 | 48 | -------------------------------------------------------------------------------- /task-002-tutorial-links/ReadMe.md: -------------------------------------------------------------------------------- 1 | 2 | ### Tutorial Links 3 | 4 | [learn.hashicorp.com/terraform](https://learn.hashicorp.com/terraform) 5 | [tutorials/terraform/sensitive-variables](https://learn.hashicorp.com/tutorials/terraform/sensitive-variables) 6 | --------------------------------------------------------------------------------