├── .gitignore ├── 01-iam ├── iam-policy │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── iam-role │ ├── README.md │ ├── ec2-policy.json │ ├── ec2-role.json │ ├── main.tf │ ├── outputs.tf │ ├── terraform.tfvars │ ├── variables.tf │ └── versions.tf └── iam-user │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── 02-ec2 ├── 02-ec2-fundamentals │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── user-data-httpd.sh │ ├── variables.tf │ └── versions.tf ├── ec2-ebs │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf └── ec2-instance │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── 03-rds ├── rds-main │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf └── rds-replica │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── 04-s3bucket └── s3bucket-bucket │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── 05-route53 ├── route53-failover │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── route53-geolocation │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf └── route53-weighted │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── 17-lb └── lb-alb │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── 25-efs └── efs-storage │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── LICENSE ├── README.md ├── assets ├── terraform-aws.png └── terraform-aws2.jpeg └── modules ├── 01-iam ├── iam-policy │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── iam-role │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf └── iam-user │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── 02-ec2 ├── ec2-ebs │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── ec2-fundamentals │ ├── MODULES │ ├── local.tf │ ├── main.tf │ ├── outputs.tf │ ├── user-data-httpd.sh │ ├── variables.tf │ └── versions.tf └── ec2-instance │ ├── README.md │ ├── ec2-user-data.sh │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── 03-rds └── rds-main │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── 04-s3bucket ├── README.md └── s3bucket-bucket │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── 05-route53 └── route53-main │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── 17-lb └── lb-alb │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf └── 25-efs └── efs-storage ├── README.md ├── main.tf ├── outputs.tf ├── variables.tf └── versions.tf /.gitignore: -------------------------------------------------------------------------------- 1 | # Local .terraform directories 2 | **/.terraform/* 3 | *.lock.hcl 4 | # .tfstate files 5 | *.tfstate 6 | *.tfstate.* 7 | .vscode 8 | # Crash log files 9 | crash.log 10 | 11 | # Ignore any .tfvars files that are generated automatically for each Terraform run. Most 12 | # .tfvars files are managed as part of configuration and so should be included in 13 | # version control. 14 | # 15 | # example.tfvars 16 | 17 | # Ignore override files as they are usually used to override resources locally and so 18 | # are not checked in 19 | override.tf 20 | override.tf.json 21 | *_override.tf 22 | *_override.tf.json 23 | 24 | # Include override files you do wish to add to version control using negated pattern 25 | # 26 | # !example_override.tf 27 | 28 | # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan 29 | # example: *tfplan* 30 | -------------------------------------------------------------------------------- /01-iam/iam-policy/README.md: -------------------------------------------------------------------------------- 1 | ## Usage 2 | 3 | To run this example you need to execute: 4 | 5 | ```sh 6 | $ terraform init 7 | $ terraform plan 8 | $ terraform apply 9 | ``` 10 | 11 | -------------------------------------------------------------------------------- /01-iam/iam-policy/main.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.region 3 | } 4 | 5 | module "iam_policy" { 6 | source = "../../modules/01-iam/iam-policy" 7 | 8 | name = var.name 9 | path = var.path 10 | description = "S3 bucket Read-Only policy" 11 | 12 | policy = <> /etc/resolv.conf 5 | sudo yum update -y 6 | sudo yum install -y httpd 7 | sudo systemctl start httpd 8 | sudo systemctl enable httpd 9 | sudo echo "

Hello World from $(hostname -f)

" > /var/www/html/index.html 10 | -------------------------------------------------------------------------------- /02-ec2/02-ec2-fundamentals/variables.tf: -------------------------------------------------------------------------------- 1 | variable "region" { 2 | description = "region eu-east-1" 3 | type = string 4 | default = "us-east-1" 5 | } 6 | variable "instance_type" { 7 | description = "Instance type" 8 | type = string 9 | default = "t2.micro" 10 | } 11 | variable "public_key" { 12 | description = "Public Key" 13 | type = string 14 | } 15 | -------------------------------------------------------------------------------- /02-ec2/02-ec2-fundamentals/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = ">= 4.0.0" 7 | } 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /02-ec2/ec2-ebs/README.md: -------------------------------------------------------------------------------- 1 | ## Usage 2 | 3 | To run this example you need to execute: 4 | 5 | ```sh 6 | $ terraform init 7 | $ terraform plan 8 | $ terraform apply 9 | ``` -------------------------------------------------------------------------------- /02-ec2/ec2-ebs/main.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.region 3 | } 4 | 5 | module "ec2-instance" { 6 | source = "../../modules/02-ec2/ec2-instance" 7 | instance_type = var.instance_type 8 | instance_name = var.instance_name 9 | ami = var.ami 10 | 11 | } 12 | 13 | module "ebs-volume" { 14 | source = "../../modules/02-ec2/ec2-ebs" 15 | ebs_device_name = var.ebs_device_name 16 | ebs_vol_size = var.ebs_vol_size 17 | encrypt_ebs = var.encrypt_ebs 18 | 19 | instance_id = module.ec2-instance.ec2-instance-id 20 | availability_zone = module.ec2-instance.ec2-instance-az 21 | } -------------------------------------------------------------------------------- /02-ec2/ec2-ebs/outputs.tf: -------------------------------------------------------------------------------- 1 | output "ebs-vol-arn" { 2 | value = module.ebs-volume.ebs-vol-arn 3 | description = "EBS Volume ARN" 4 | } 5 | 6 | output "ebs-vol-size" { 7 | value = module.ebs-volume.ebs-vol-size 8 | description = "EBS Volume Size" 9 | } 10 | 11 | output "ebs-vol-type" { 12 | value = module.ebs-volume.ebs-vol-type 13 | description = "EBS Volume Type" 14 | } 15 | 16 | output "ebs-vol-az" { 17 | value = module.ebs-volume.ebs-vol-az 18 | description = "EBS Volume Availability Zone" 19 | } -------------------------------------------------------------------------------- /02-ec2/ec2-ebs/variables.tf: -------------------------------------------------------------------------------- 1 | # --------------------------------------------------------------------------------------------------------------------- 2 | # OPTIONAL PARAMETERS 3 | # These parameters have reasonable defaults. 4 | # --------------------------------------------------------------------------------------------------------------------- 5 | 6 | variable "ebs_device_name" { 7 | description = "Name of EBS Device" 8 | type = string 9 | default = "/dev/sdh" 10 | } 11 | 12 | variable "ebs_vol_size" { 13 | description = "EBS Volume Size" 14 | type = number 15 | default = 2 16 | } 17 | 18 | variable "region" { 19 | type = string 20 | default = "us-east-1" 21 | } 22 | 23 | variable "instance_type" { 24 | description = "Default Instance Type" 25 | type = string 26 | default = "t2.micro" 27 | } 28 | 29 | variable "ami" { 30 | description = "Default Amazon Machine Image Type(AMI)" 31 | type = string 32 | default = "ami-05fa00d4c63e32376" 33 | } 34 | 35 | variable "instance_name" { 36 | description = "Default Instance Name" 37 | type = string 38 | default = "ec2_instance_default" 39 | } 40 | 41 | variable "encrypt_ebs" { 42 | description = "EBS Encryption Status" 43 | type = bool 44 | default = true 45 | } -------------------------------------------------------------------------------- /02-ec2/ec2-ebs/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = ">= 4.0" 8 | } 9 | } 10 | } -------------------------------------------------------------------------------- /02-ec2/ec2-instance/README.md: -------------------------------------------------------------------------------- 1 | ## Usage 2 | 3 | To run this example you need to execute: 4 | 5 | ```sh 6 | $ terraform init 7 | $ terraform plan 8 | $ terraform apply 9 | ``` -------------------------------------------------------------------------------- /02-ec2/ec2-instance/main.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.region 3 | } 4 | 5 | module "ec2-instance" { 6 | source = "../../modules/02-ec2/ec2-instance" 7 | instance_type = var.instance_type 8 | instance_name = var.instance_name 9 | ami = var.ami 10 | number_of_instances = var.number_of_instances 11 | 12 | use_elastic_ip = true 13 | 14 | } -------------------------------------------------------------------------------- /02-ec2/ec2-instance/outputs.tf: -------------------------------------------------------------------------------- 1 | output "ec2-instance-ipv4" { 2 | value = module.ec2-instance.ec2-instance-ipv4 3 | description = "IPV4 of created ec2-instance" 4 | } 5 | 6 | output "ec2-instance-id" { 7 | value = module.ec2-instance.ec2-instance-id 8 | description = "ID of created ec2-instance" 9 | } 10 | 11 | output "ec2-instance-name" { 12 | value = module.ec2-instance.ec2-instance-name 13 | description = "Name of created ec2-instance" 14 | } 15 | 16 | output "ec2-instance-dns" { 17 | value = module.ec2-instance.ec2-instance-dns 18 | description = "Public dns of created ec2-instance" 19 | } 20 | 21 | output "ec2-elastic-address" { 22 | value = module.ec2-instance.ec2-elastic-address 23 | description = "Elastic ip address" 24 | } 25 | 26 | output "ec2-security-group-id" { 27 | value = module.ec2-instance.ec2-security-group-id 28 | description = "The EC2 Security Group ID" 29 | } -------------------------------------------------------------------------------- /02-ec2/ec2-instance/variables.tf: -------------------------------------------------------------------------------- 1 | # --------------------------------------------------------------------------------------------------------------------- 2 | # OPTIONAL PARAMETERS 3 | # These parameters have reasonable defaults. 4 | # --------------------------------------------------------------------------------------------------------------------- 5 | 6 | variable "region" { 7 | type = string 8 | default = "us-east-1" 9 | } 10 | 11 | variable "instance_type" { 12 | description = "Default Instance Type" 13 | type = string 14 | default = "t2.micro" 15 | } 16 | 17 | variable "ami" { 18 | description = "Default Amazon Machine Image Type(AMI)" 19 | type = string 20 | default = "ami-05fa00d4c63e32376" 21 | } 22 | 23 | variable "instance_name" { 24 | description = "Default Instance Name" 25 | type = string 26 | default = "ec2_instance_default" 27 | } 28 | 29 | variable "number_of_instances" { 30 | description = "Numbe of Instances" 31 | type = number 32 | default = 1 33 | } -------------------------------------------------------------------------------- /02-ec2/ec2-instance/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = ">= 4.0" 8 | } 9 | } 10 | } -------------------------------------------------------------------------------- /03-rds/rds-main/README.md: -------------------------------------------------------------------------------- 1 | ## Usage 2 | 3 | To run this example you need to execute: 4 | 5 | ```sh 6 | $ terraform init 7 | $ terraform plan 8 | $ terraform apply 9 | ``` -------------------------------------------------------------------------------- /03-rds/rds-main/main.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.region 3 | } 4 | 5 | module "rds-main" { 6 | source = "../../modules/03-rds/rds-main" 7 | identifier = "my-new-rds" 8 | instance_class = "db.t2.micro" 9 | username = "admin" 10 | password = "adminadmin" 11 | 12 | allocated_storage = var.allocated_storage 13 | max_allocated_storage = var.max_allocated_storage 14 | 15 | backup_retention_period = var.backup_retention_period 16 | 17 | skip_final_snapshot = var.skip_final_snapshot 18 | 19 | multi_az = var.multi_az 20 | 21 | storage_encrypted = var.storage_encrypted 22 | 23 | engine = var.engine 24 | 25 | engine_version = var.engine_version 26 | 27 | apply_immediately = var.apply_immediately 28 | 29 | apply_method = var.apply_method 30 | } -------------------------------------------------------------------------------- /03-rds/rds-main/outputs.tf: -------------------------------------------------------------------------------- 1 | output "rds-vol-name" { 2 | value = module.rds-main.rds-vol-name 3 | description = "RDS Volume Name" 4 | } 5 | 6 | output "rds-vol-id" { 7 | value = module.rds-main.rds-vol-id 8 | description = "RDS Volume ID" 9 | } 10 | 11 | output "rds-vol-address" { 12 | value = module.rds-main.rds-vol-address 13 | description = "RDS Volume Address" 14 | } 15 | 16 | output "rds-vol-engine" { 17 | value = module.rds-main.rds-vol-engine 18 | description = "RDS Volume Engine" 19 | } 20 | 21 | output "rds-vol-engine-version" { 22 | value = module.rds-main.rds-vol-engine 23 | description = "RDS Volume Engine Version" 24 | } -------------------------------------------------------------------------------- /03-rds/rds-main/variables.tf: -------------------------------------------------------------------------------- 1 | # --------------------------------------------------------------------------------------------------------------------- 2 | # OPTIONAL PARAMETERS 3 | # These parameters have reasonable defaults. 4 | # --------------------------------------------------------------------------------------------------------------------- 5 | 6 | variable "region" { 7 | type = string 8 | default = "us-east-1" 9 | } 10 | 11 | variable "allocated_storage" { 12 | description = "Allocated Storage For DB Instance In GB" 13 | type = number 14 | default = 5 15 | } 16 | 17 | variable "max_allocated_storage" { 18 | description = "When Configured, The Upper Limit To Which Amazon RDS Can Automatically Scale The Storage of The DB Instance" 19 | type = number 20 | default = 10 21 | } 22 | 23 | variable "backup_retention_period" { 24 | description = "The Days To Retain Backups For. Must Be Between 0 And 35" 25 | type = number 26 | default = 1 27 | } 28 | 29 | variable "skip_final_snapshot" { 30 | description = < 3 | 4 |

5 | 6 | # Terraform AWS Solution Architect (TASA) 7 | 8 | If you want to learn aws solution architect, you need to start it as a code and kill all the topics,So let's stop talking and start rolling the ball. 9 | 10 | - [01-IAM]() In Progress 11 | - [IAM-policy](https://github.com/devopshobbies/terraform-aws-solution-architect/tree/main/01-iam/iam-policy) 12 | - [IAM-role] In Progress 13 | - [IAM-user](https://github.com/devopshobbies/terraform-aws-solution-architect/tree/main/01-iam/iam-user) 14 | - [02-EC2]() In Progress 15 | - [03-RDS]() In Progress 16 | - [04-S3bucket]() In Progress 17 | - [05-Route53]() In Progress 18 | - [06-CloudFront]() In Progress 19 | - [07-SNS]() In Progress 20 | - [08-ECS]() In Progress 21 | - [09-EKS]() In Progress 22 | - [10-ECR]() In Progress 23 | - [11-CloudWatch]() In Progress 24 | - [12-VPC]() In Progress 25 | - [13-Redshift]() In Progress 26 | - [14-Glue]() In Progress 27 | - [15-MSK]() In Progress 28 | - [16-Neptune]() In Progress 29 | - [17-LB]() In Progress 30 | - [ALB]() In Progress 31 | - [NLB]() In Progress 32 | - [GWLB]() In Progress 33 | - [18-ASG]() In Progress 34 | - [19-SG]() In Progress 35 | - [20-KMS]() In Progress 36 | - [21-cloudtrail]() In Progress 37 | - [22-waf]() In Progress 38 | - [23-SQS]() In Progress 39 | - [24-ACM]() In Progress 40 | - [25-EFS]() In Progress 41 | -------------------------------------------------------------------------------- /assets/terraform-aws.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/devopshobbies/terraform-aws-solution-architect/51c4859d99bf9cab461b2b7b5bd43c78a51d2fcb/assets/terraform-aws.png -------------------------------------------------------------------------------- /assets/terraform-aws2.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/devopshobbies/terraform-aws-solution-architect/51c4859d99bf9cab461b2b7b5bd43c78a51d2fcb/assets/terraform-aws2.jpeg -------------------------------------------------------------------------------- /modules/01-iam/iam-policy/README.md: -------------------------------------------------------------------------------- 1 | # IAM Module 2 | This Module introduces one main components: 3 | - IAM Policy 4 | 5 | ### Requirements 6 | |Name|Version| 7 | |----|-------| 8 | |terraform| >=1.0| 9 | |aws|>=4.0| 10 | 11 | ### Providers 12 | |Name|Version| 13 | |----|-------| 14 | |aws|>=4.0| 15 | 16 | ### Modules 17 | None 18 | 19 | ### Resources 20 | |Name|Type| 21 | |----|----| 22 | |aws_iam_policy.policy|resource| 23 | 24 | 25 | ### Inputs 26 | |Name|Description|Type|Default|Required| 27 | |----|-----------|----|-------|--------| 28 | | create_policy|Whether to create the IAM policy|bool|true|no| 29 | |description | The description of the policy | string | "IAM Policy" | no| 30 | |name | The name of the policy| string | "" | no| 31 | |path | The path of the policy in IAM |string | "/" | no| 32 | |policy |The path of the policy in IAM (tpl file) | string | ""| no| 33 | |tags | A map of tags to add to all resources. map(string) | {}| no| 34 | 35 | 36 | 37 | ### Outputs 38 | |Name|Description| 39 | |----|-------| 40 | |description | The description of the policy| 41 | |id |The policy's ID| 42 | |name | The name of the policy| 43 | |path | The path of the policy in IAM| 44 | |policy | The policy document| -------------------------------------------------------------------------------- /modules/01-iam/iam-policy/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_iam_policy" "policy" { 2 | count = var.create_policy ? 1 : 0 3 | 4 | name = var.name 5 | path = var.path 6 | description = var.description 7 | 8 | policy = var.policy 9 | 10 | tags = var.tags 11 | } -------------------------------------------------------------------------------- /modules/01-iam/iam-policy/outputs.tf: -------------------------------------------------------------------------------- 1 | output "id" { 2 | description = "The policy's ID" 3 | value = one(aws_iam_policy.policy[*].id) 4 | } 5 | 6 | output "description" { 7 | description = "The description of the policy" 8 | value = one(aws_iam_policy.policy[*].description) 9 | } 10 | 11 | output "name" { 12 | description = "The name of the policy" 13 | value = one(aws_iam_policy.policy[*].name) 14 | } 15 | 16 | output "path" { 17 | description = "The path of the policy in IAM" 18 | value = one(aws_iam_policy.policy[*].path) 19 | } 20 | 21 | output "policy" { 22 | description = "The policy document" 23 | value = one(aws_iam_policy.policy[*].policy) 24 | } -------------------------------------------------------------------------------- /modules/01-iam/iam-policy/variables.tf: -------------------------------------------------------------------------------- 1 | ### IF VARS ### 2 | variable "create_policy" { 3 | description = "Whether to create the IAM policy" 4 | type = bool 5 | default = true 6 | } 7 | ### IF VARS ### 8 | 9 | variable "name" { 10 | description = "The name of the policy" 11 | type = string 12 | default = "" 13 | } 14 | 15 | variable "path" { 16 | description = "The path of the policy in IAM" 17 | type = string 18 | default = "/" 19 | } 20 | 21 | variable "description" { 22 | description = "The description of the policy" 23 | type = string 24 | default = "IAM Policy" 25 | } 26 | 27 | variable "policy" { 28 | description = "The path of the policy in IAM (tpl file)" 29 | type = string 30 | default = "" 31 | } 32 | 33 | variable "tags" { 34 | description = "A map of tags to add to all resources." 35 | type = map(string) 36 | default = { 37 | created_by = "Terraform" 38 | } 39 | } -------------------------------------------------------------------------------- /modules/01-iam/iam-policy/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = ">= 4.0" 8 | } 9 | } 10 | } -------------------------------------------------------------------------------- /modules/01-iam/iam-role/README.md: -------------------------------------------------------------------------------- 1 | # IAM Module 2 | This Module introduces 2 main components: 3 | - IAM Users 4 | - IAM Groups 5 | - IAM Role 6 | ### Requirements 7 | |Name|Version| 8 | |----|-------| 9 | |terraform| >=1.0| 10 | |aws|>=4.0| 11 | 12 | ### Providers 13 | |Name|Version| 14 | |----|-------| 15 | |aws|>=4.0| 16 | 17 | ### Modules 18 | None 19 | 20 | ### Resources 21 | |Name|Type| 22 | |----|----| 23 | |aws_iam_access_key.dvhb|resource| 24 | |aws_iam_user.dvhb|resource| 25 | |aws_iam_user_login_profile.dvhb|resource| 26 | |aws_iam_group.dvhb|resource| 27 | |aws_iam_group_membership.dvhb|resource| 28 | 29 | ### Inputs 30 | |Name|Description|Type|Default|Required| 31 | |----|-----------|----|-------|--------| 32 | |create_user|Whether to create the IAM user|bool|true|yes| 33 | |create_iam_user_login_profile|Whether to create IAM user login profile|bool|true|no| 34 | |create_iam_access_key|Whether to create IAM access key|bool|true|no| 35 | |password_reset_required|Whether the user should be forced to reset the generated password on first login|bool|false|no| 36 | |username|Username to create|string|n/a|yes| 37 | |group|Group to create|string|n/a|yes| 38 | |path|Path in which to create the user|string|/|yes| 39 | |pgp_key|Either a base-64 encoded PGP public key, or a keybase username in the form `keybase:username`. Used to encrypt password and access key|string|n/a|no| 40 | |password_length|The length of the generated password|int|20|no| 41 | |tags|A map of tags to add to all resources|string|n/a|no| 42 | 43 | 44 | 45 | ### Outputs 46 | |Name|Description| 47 | |----|-------| 48 | |iam_user_name|Created user| 49 | |iam_password|Randomly generated password| 50 | |iam_user_accesskey|print the Access_Key of user if available| 51 | |iam_user_secret|print the Secret_Key of user if available| 52 | |iam_group_name|the group which the user belongs to| 53 | -------------------------------------------------------------------------------- /modules/01-iam/iam-role/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_iam_role" "ec2_role" { 2 | name = "ec2-role" 3 | assume_role_policy = "${file("ec2-role.json")}" 4 | } 5 | resource "aws_iam_policy" "ec2_policy" { 6 | name = "ec2-policy" 7 | description = "A ec2 policy" 8 | policy = "${file("ec2-policy.json")}" 9 | } 10 | resource "aws_iam_role_policy_attachment" "ec2-attach" { 11 | role = aws_iam_role.ec2_role.name 12 | policy_arn = aws_iam_policy.ec2_policy.arn 13 | } 14 | resource "aws_iam_instance_profile" "ec2_profile" { 15 | name = "ec2-profile" 16 | role = aws_iam_role.ec2_role.name 17 | } 18 | resource "aws_instance" "web" { 19 | ami = var.ami 20 | instance_type = var.instance_type 21 | iam_instance_profile = aws_iam_instance_profile.ec2_profile.name 22 | vpc_security_group_ids = [aws_security_group.main_role.id] 23 | key_name= "aws_key_role" 24 | tags = { 25 | Name = var.instance_name 26 | } 27 | } 28 | // Secure the EC2 29 | resource "aws_security_group" "main_role" { 30 | name = "Main Role Security Group" 31 | description = "Main Role Security Group" 32 | tags = { 33 | Name = "MAIN Role Security Group" 34 | } 35 | } 36 | // SSH can only be accessed from the WWW network (0.0.0.0/0) 37 | resource "aws_security_group_rule" "ssh" { 38 | type = "ingress" 39 | from_port = 22 40 | to_port = 22 41 | protocol = "tcp" 42 | cidr_blocks = ["0.0.0.0/0"] 43 | security_group_id = aws_security_group.main_role.id 44 | } 45 | resource "aws_key_pair" "deployer" { 46 | key_name = "aws_key_role" 47 | public_key = var.public_key 48 | } -------------------------------------------------------------------------------- /modules/01-iam/iam-role/outputs.tf: -------------------------------------------------------------------------------- 1 | output "id" { 2 | description = "The ID of the instance" 3 | value = aws_instance.web.id 4 | } 5 | output "private_dns" { 6 | description = "The private DNS name assigned to the instance. Can only be used inside the Amazon EC2, and only available if you've enabled DNS hostnames for your VPC" 7 | value = aws_instance.web.private_dns 8 | } 9 | output "public_dns" { 10 | description = "The public DNS name assigned to the instance. For EC2-VPC, this is only available if you've enabled DNS hostnames for your VPC" 11 | value = aws_instance.web.public_dns 12 | } 13 | output "public_ip" { 14 | description = "The public IP address assigned to the instance, if applicable. NOTE: If you are using an aws_eip with your instance, you should refer to the EIP's address directly and not use `public_ip` as this field will change after the EIP is attached" 15 | value = aws_instance.web.public_ip 16 | } 17 | output "private_ip" { 18 | description = "The private IP address assigned to the instance." 19 | value = aws_instance.web.private_ip 20 | } 21 | output "aws_iam_instance_profile_name" { 22 | description = "aws_iam_instance_profile name" 23 | value = aws_iam_instance_profile.ec2_profile.name 24 | } 25 | output "aws_iam_instance_profile_id" { 26 | description = "aws_iam_instance_profile id" 27 | value = aws_iam_instance_profile.ec2_profile.id 28 | } 29 | output "aws_iam_instance_profile_role" { 30 | description = "aws_iam_instance_profile role" 31 | value = aws_iam_instance_profile.ec2_profile.role 32 | } 33 | output "aws_security_group_id" { 34 | description = "aws_security_group id" 35 | value = aws_security_group.main_role.id 36 | } 37 | output "aws_security_group_name" { 38 | description = "aws_security_group name" 39 | value = aws_security_group.main_role.name 40 | } 41 | output "aws_security_group_ingress" { 42 | description = "aws_security_group ingress" 43 | value = aws_security_group.main_role.ingress 44 | } 45 | output "aws_key_pair" { 46 | description = "aws_key_pair public_key" 47 | value = aws_key_pair.deployer 48 | } 49 | -------------------------------------------------------------------------------- /modules/01-iam/iam-role/variables.tf: -------------------------------------------------------------------------------- 1 | variable "instance_type" { 2 | description = "instance_type" 3 | type = string 4 | default = "t2.micro" 5 | } 6 | variable "ami" { 7 | description = "AMI" 8 | type = string 9 | default = "ami-05fa00d4c63e32376" 10 | } 11 | variable "instance_name" { 12 | description = "instance_name" 13 | type = string 14 | default = "iam role" 15 | } 16 | variable "public_key" { 17 | description = "Public Key" 18 | type = string 19 | default = "" 20 | } 21 | -------------------------------------------------------------------------------- /modules/01-iam/iam-role/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = ">= 4.0.0" 8 | } 9 | } 10 | } -------------------------------------------------------------------------------- /modules/01-iam/iam-user/README.md: -------------------------------------------------------------------------------- 1 | # IAM Module 2 | This Module introduces 2 main components: 3 | - IAM Users 4 | - IAM Groups 5 | 6 | ### Requirements 7 | |Name|Version| 8 | |----|-------| 9 | |terraform| >=1.0| 10 | |aws|>=4.0| 11 | 12 | ### Providers 13 | |Name|Version| 14 | |----|-------| 15 | |aws|>=4.0| 16 | 17 | ### Modules 18 | None 19 | 20 | ### Resources 21 | |Name|Type| 22 | |----|----| 23 | |aws_iam_access_key.dvhb|resource| 24 | |aws_iam_user.dvhb|resource| 25 | |aws_iam_user_login_profile.dvhb|resource| 26 | |aws_iam_group.dvhb|resource| 27 | |aws_iam_group_membership.dvhb|resource| 28 | 29 | ### Inputs 30 | |Name|Description|Type|Default|Required| 31 | |----|-----------|----|-------|--------| 32 | |create_user|Whether to create the IAM user|bool|true|yes| 33 | |create_iam_user_login_profile|Whether to create IAM user login profile|bool|true|no| 34 | |create_iam_access_key|Whether to create IAM access key|bool|true|no| 35 | |password_reset_required|Whether the user should be forced to reset the generated password on first login|bool|false|no| 36 | |username|Username to create|string|n/a|yes| 37 | |group|Group to create|string|n/a|yes| 38 | |path|Path in which to create the user|string|/|yes| 39 | |pgp_key|Either a base-64 encoded PGP public key, or a keybase username in the form `keybase:username`. Used to encrypt password and access key|string|n/a|no| 40 | |password_length|The length of the generated password|int|20|no| 41 | |tags|A map of tags to add to all resources|string|n/a|no| 42 | 43 | 44 | 45 | ### Outputs 46 | |Name|Description| 47 | |----|-------| 48 | |iam_user_name|Created user| 49 | |iam_password|Randomly generated password| 50 | |iam_user_accesskey|print the Access_Key of user if available| 51 | |iam_user_secret|print the Secret_Key of user if available| 52 | |iam_group_name|the group which the user belongs to| -------------------------------------------------------------------------------- /modules/01-iam/iam-user/main.tf: -------------------------------------------------------------------------------- 1 | # Definition of IAM Users and Groups 2 | resource "aws_iam_user" "dvhb" { 3 | count = var.create_user ? 1 : 0 4 | 5 | name = var.username 6 | path = var.path 7 | tags = var.tags 8 | } 9 | 10 | resource "aws_iam_user_login_profile" "dvhb" { 11 | count = var.create_user && var.create_iam_user_login_profile ? 1 : 0 12 | 13 | user = aws_iam_user.dvhb[0].name 14 | pgp_key = var.pgp_key 15 | password_length = var.password_length 16 | password_reset_required = var.password_reset_required 17 | } 18 | 19 | resource "aws_iam_access_key" "dvhb" { 20 | count = var.create_user && var.create_iam_access_key ? 1 : 0 21 | 22 | user = aws_iam_user.dvhb[0].name 23 | pgp_key = var.pgp_key 24 | } 25 | 26 | resource "aws_iam_group" "dvhb" { 27 | 28 | name = var.group 29 | } 30 | 31 | resource "aws_iam_group_membership" "dvhb" { 32 | 33 | name = "dvhb-group" 34 | 35 | users = [ 36 | aws_iam_user.dvhb[0].name 37 | ] 38 | 39 | group = aws_iam_group.dvhb.name 40 | } 41 | -------------------------------------------------------------------------------- /modules/01-iam/iam-user/outputs.tf: -------------------------------------------------------------------------------- 1 | output "iam_user_name" { 2 | value = one(aws_iam_user.dvhb[*].name) 3 | } 4 | 5 | output "iam_user_password" { 6 | value = one(aws_iam_user_login_profile.dvhb[*].password) 7 | } 8 | 9 | output "iam_user_accesskey" { 10 | value = one(aws_iam_access_key.dvhb[*].id) 11 | } 12 | 13 | output "iam_user_secret" { 14 | value = one(aws_iam_access_key.dvhb[*].secret) 15 | sensitive = true 16 | } 17 | 18 | output "iam_group_name" { 19 | value = one(aws_iam_group.dvhb[*].name) 20 | } -------------------------------------------------------------------------------- /modules/01-iam/iam-user/variables.tf: -------------------------------------------------------------------------------- 1 | ### IF VARS ### 2 | variable "create_user" { 3 | description = "Whether to create the IAM user" 4 | type = bool 5 | default = true 6 | } 7 | variable "create_iam_user_login_profile" { 8 | description = "Whether to create IAM user login profile" 9 | type = bool 10 | default = true 11 | } 12 | 13 | variable "create_iam_access_key" { 14 | description = "Whether to create IAM access key" 15 | type = bool 16 | default = true 17 | } 18 | 19 | variable "password_reset_required" { 20 | description = "Whether the user should be forced to reset the generated password on first login." 21 | type = bool 22 | default = false 23 | } 24 | ###### 25 | 26 | variable "username" { 27 | type = string 28 | default = "dvh_user01" 29 | description = "Username to create" 30 | } 31 | 32 | variable "group" { 33 | type = string 34 | default = "dvhb_group01" 35 | description = "Group to create" 36 | } 37 | 38 | variable "owner" { 39 | type = string 40 | default = "Morteza.Rahimi" 41 | description = "The Owner of the user" 42 | } 43 | 44 | variable "path" { 45 | type = string 46 | default = "/" 47 | description = "Path in which to create the user" 48 | } 49 | 50 | variable "pgp_key" { 51 | description = "Either a base-64 encoded PGP public key, or a keybase username in the form `keybase:username`. Used to encrypt password and access key." 52 | type = string 53 | default = "" 54 | } 55 | 56 | variable "password_length" { 57 | description = "The length of the generated password" 58 | type = number 59 | default = 20 60 | } 61 | 62 | variable "tags" { 63 | description = "A map of tags to add to all resources." 64 | type = map(string) 65 | default = { 66 | created_by = "Terraform" 67 | } 68 | } 69 | -------------------------------------------------------------------------------- /modules/01-iam/iam-user/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = ">= 4.0" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /modules/02-ec2/ec2-ebs/README.md: -------------------------------------------------------------------------------- 1 | ## Requirements 2 | 3 | | Name | Version | 4 | |------|---------| 5 | |terraform| >= 1.0 | 6 | |aws| >= 4.0 | 7 | 8 | ## Providers 9 | 10 | | Name | Version | 11 | |------|---------| 12 | |aws| >= 4.0 | 13 | 14 | ## Modules 15 | 16 | No modules. 17 | 18 | ## Resources 19 | 20 | | Name | Type | 21 | |------|------| 22 | |aws_ebs_volume.ebs_vol| resource | 23 | |aws_volume_attachment.ebs_vol_att| resource | 24 | 25 | ## Inputs 26 | 27 | | Name | Description | Type | Default | Required | 28 | |------|-------------|------|---------|:--------:| 29 | |availability\_zone| EBS Availability Zone (Must Be Same As EC2 AZ) | `string` | n/a | yes | 30 | |ebs\_device\_name| Name of EBS Device | `string` | n/a | yes | 31 | |ebs\_vol\_size| EBS Volume Size | `number` | n/a | yes | 32 | |encrypt\_ebs| EBS Encryption Status | `bool` | n/a | yes | 33 | |instance\_id| Corresponding Instance ID For EBS | `string` | n/a | yes | 34 | 35 | ## Outputs 36 | 37 | | Name | Description | 38 | |------|-------------| 39 | |ebs-vol-arn| EBS Volume ARN | 40 | |ebs-vol-az| EBS Volume Availability Zone | 41 | |ebs-vol-size| EBS Volume Size | 42 | |ebs-vol-type| EBS Volume Type | -------------------------------------------------------------------------------- /modules/02-ec2/ec2-ebs/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_volume_attachment" "ebs_vol_att" { 2 | device_name = var.ebs_device_name 3 | instance_id = var.instance_id 4 | 5 | volume_id = aws_ebs_volume.ebs_vol.id 6 | } 7 | 8 | resource "aws_ebs_volume" "ebs_vol" { 9 | 10 | availability_zone = var.availability_zone 11 | size = var.ebs_vol_size 12 | encrypted = var.encrypt_ebs 13 | } -------------------------------------------------------------------------------- /modules/02-ec2/ec2-ebs/outputs.tf: -------------------------------------------------------------------------------- 1 | output "ebs-vol-arn" { 2 | value = aws_ebs_volume.ebs_vol.arn 3 | description = "EBS Volume ARN" 4 | } 5 | 6 | output "ebs-vol-size" { 7 | value = aws_ebs_volume.ebs_vol.size 8 | description = "EBS Volume Size" 9 | } 10 | 11 | output "ebs-vol-type" { 12 | value = aws_ebs_volume.ebs_vol.type 13 | description = "EBS Volume Type" 14 | } 15 | 16 | output "ebs-vol-az" { 17 | value = aws_ebs_volume.ebs_vol.availability_zone 18 | description = "EBS Volume Availability Zone" 19 | } -------------------------------------------------------------------------------- /modules/02-ec2/ec2-ebs/variables.tf: -------------------------------------------------------------------------------- 1 | # --------------------------------------------------------------------------------------------------------------------- 2 | # REQUIRED PARAMETERS 3 | # You must provide a value for each of these parameters. 4 | # --------------------------------------------------------------------------------------------------------------------- 5 | 6 | variable "ebs_device_name" { 7 | description = "Name of EBS Device" 8 | type = string 9 | } 10 | 11 | variable "instance_id" { 12 | description = "Corresponding Instance ID For EBS" 13 | type = string 14 | } 15 | 16 | variable "ebs_vol_size" { 17 | description = "EBS Volume Size" 18 | type = number 19 | } 20 | 21 | variable "availability_zone" { 22 | description = "EBS Availability Zone (Must Be Same As EC2 AZ)" 23 | type = string 24 | } 25 | 26 | variable "encrypt_ebs" { 27 | description = "EBS Encryption Status" 28 | type = bool 29 | } 30 | -------------------------------------------------------------------------------- /modules/02-ec2/ec2-ebs/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = ">= 4.0" 8 | } 9 | } 10 | } -------------------------------------------------------------------------------- /modules/02-ec2/ec2-fundamentals/MODULES: -------------------------------------------------------------------------------- 1 | - -------------------------------------------------------------------------------- /modules/02-ec2/ec2-fundamentals/local.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | ingress_rules = [{ 3 | port = 443 4 | description = "Ingress rules for port 443" 5 | protocol = "tcp" 6 | }, 7 | { 8 | port = 80 9 | description = "Ingree rules for port 80" 10 | protocol = "tcp" 11 | 12 | }, 13 | { 14 | port = -1 15 | description = "ICMP PROTOCOL" 16 | protocol = "icmp" 17 | 18 | }, 19 | 20 | { 21 | port = 22 22 | description = "SSH" 23 | protocol = "tcp" 24 | 25 | }, 26 | ] 27 | } 28 | 29 | locals { 30 | egress_rules = [{ 31 | port = 0 32 | protocol = "-1" 33 | } 34 | ] 35 | } 36 | -------------------------------------------------------------------------------- /modules/02-ec2/ec2-fundamentals/main.tf: -------------------------------------------------------------------------------- 1 | data "aws_ami" "amazon-linux-2" { 2 | most_recent = true 3 | filter { 4 | name = "owner-alias" 5 | values = ["amazon"] 6 | } 7 | filter { 8 | name = "name" 9 | values = ["amzn2-ami-kernel-5.10-hvm-*-x86_64-gp2"] 10 | } 11 | } 12 | resource "aws_instance" "web" { 13 | for_each = var.ec2_deployments 14 | ami = data.aws_ami.amazon-linux-2.id 15 | instance_type = each.value.instance_type 16 | vpc_security_group_ids = [aws_security_group.main.id] 17 | key_name = "aws_key" 18 | user_data = file("user-data-httpd.sh") 19 | tags = { 20 | Name = each.key 21 | } 22 | depends_on = [ 23 | aws_security_group.main 24 | ] 25 | } 26 | resource "aws_security_group" "main" { 27 | name = "Main Security Group" 28 | description = "Main Security Group" 29 | dynamic "ingress" { 30 | for_each = local.ingress_rules 31 | content { 32 | description = ingress.value.description 33 | from_port = ingress.value.port 34 | to_port = ingress.value.port 35 | protocol = ingress.value.protocol 36 | cidr_blocks = ["0.0.0.0/0"] 37 | } 38 | } 39 | dynamic "egress" { 40 | for_each = local.egress_rules 41 | content { 42 | from_port = egress.value.port 43 | to_port = egress.value.port 44 | protocol = egress.value.protocol 45 | cidr_blocks = ["0.0.0.0/0"] 46 | } 47 | } 48 | tags = { 49 | Name = "MAIN Security Group" 50 | } 51 | } 52 | resource "aws_key_pair" "deployer" { 53 | key_name = "aws_key" 54 | public_key = var.public_key 55 | } 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | # ingress { 80 | # description = "TLS from VPC" 81 | # from_port = 443 82 | # to_port = 443 83 | # protocol = "tcp" 84 | # cidr_blocks = ["0.0.0.0/0"] 85 | # } 86 | # ingress { 87 | # description = "ICMP from VPC" 88 | # from_port = -1 89 | # to_port = -1 90 | # protocol = "icmp" 91 | # cidr_blocks = ["0.0.0.0/0"] 92 | # } 93 | 94 | # ingress { 95 | # description = "HTTP from VPC" 96 | # from_port = 80 97 | # to_port = 80 98 | # protocol = "tcp" 99 | # cidr_blocks = ["0.0.0.0/0"] 100 | # } 101 | # ingress { 102 | # description = "SSH from VPC" 103 | # from_port = 22 104 | # to_port = 22 105 | # protocol = "tcp" 106 | # cidr_blocks = ["0.0.0.0/0"] 107 | # } 108 | -------------------------------------------------------------------------------- /modules/02-ec2/ec2-fundamentals/outputs.tf: -------------------------------------------------------------------------------- 1 | output "id" { 2 | description = "The ID of the instance" 3 | value = { for k, v in aws_instance.web : k => v.id } 4 | } 5 | output "private_dns" { 6 | description = "The private DNS name assigned to the instance. Can only be used inside the Amazon EC2, and only available if you've enabled DNS hostnames for your VPC" 7 | value = { for k, v in aws_instance.web : k => v.private_dns } 8 | } 9 | output "public_dns" { 10 | description = "The public DNS name assigned to the instance. For EC2-VPC, this is only available if you've enabled DNS hostnames for your VPC" 11 | value = { for k, v in aws_instance.web : k => v.public_dns } 12 | } 13 | output "public_ip" { 14 | description = "The public IP address assigned to the instance, if applicable. NOTE: If you are using an aws_eip with your instance, you should refer to the EIP's address directly and not use `public_ip` as this field will change after the EIP is attached" 15 | value = { for k, v in aws_instance.web : k => v.public_ip } 16 | } 17 | output "private_ip" { 18 | description = "The private IP address assigned to the instance." 19 | value = { for k, v in aws_instance.web : k => v.private_ip } 20 | } 21 | output "aws_security_group_name" { 22 | description = "aws_security_group name" 23 | value = aws_security_group.main.name 24 | } 25 | output "aws_security_group_ingress" { 26 | description = "aws_security_group ingress" 27 | value = aws_security_group.main.ingress 28 | } 29 | output "aws_security_group_id" { 30 | description = "aws_security_group id" 31 | value = aws_security_group.main.id 32 | } 33 | output "aws_key_pair" { 34 | description = "aws_key_pair public_key" 35 | value = aws_key_pair.deployer 36 | } -------------------------------------------------------------------------------- /modules/02-ec2/ec2-fundamentals/user-data-httpd.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Use this for your user data (script from top to bottom) 3 | # install httpd (Linux 2 version) 4 | sudo yum update -y 5 | sudo yum install -y httpd 6 | sudo systemctl start httpd 7 | sudo systemctl enable httpd 8 | sudo echo "

Hello World from $(hostname -f)

" > /var/www/html/index.html 9 | -------------------------------------------------------------------------------- /modules/02-ec2/ec2-fundamentals/variables.tf: -------------------------------------------------------------------------------- 1 | variable "ec2_deployments" { 2 | type = map(any) 3 | default = { 4 | "web" = { 5 | "region" = "us-east-1" 6 | "instance_type" = "t2.micro" 7 | } 8 | # "app" = { 9 | # "region" = "us-east-1" 10 | # "instance_type" = "t2.micro" 11 | # }, 12 | # "backend" = { 13 | # "region" = "us-east-1" 14 | # "instance_type" = "t2.micro" 15 | # } 16 | } 17 | } 18 | variable "instance_name" { 19 | description = "instance name" 20 | type = string 21 | default = "ec2-fundamentals" 22 | } 23 | variable "public_key" { 24 | description = "Public Key" 25 | type = string 26 | default = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSD1Sg+QrJ11fAFnXxO7BhboPGCqJg+0tHg96F00lt5LdCoewkcb78SMLXmkaoktJP8RvTxVzbo+C/9HyF40WZl8um+XW31WDFTclyIFJj2+gsv8JXI6NuxE2knQhgvWHKfrojstPFcHuVTm9VQgKwf7nPO6fPC4WNGCSwcQwnmoLrk72DKrHSEN4i3REoxSEjuk0p7LYyNYHRY7bPI2uvS9QpUm0KX2ygS+BzVb0x/q8gg6oBcdUX4r96CqMdT70V1hataqH5BTI8fUH31WZaP7ExDBv7TtH9Rz11lcAdehVJkv4n0HZGxhpEk/iRTEaP3W/IEYNtsp2mgINpIHM9 root@Admin" 27 | } 28 | -------------------------------------------------------------------------------- /modules/02-ec2/ec2-fundamentals/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = ">= 4.0.0" 7 | } 8 | } 9 | } 10 | 11 | -------------------------------------------------------------------------------- /modules/02-ec2/ec2-instance/README.md: -------------------------------------------------------------------------------- 1 | ## Requirements 2 | 3 | | Name | Version | 4 | |------|---------| 5 | |terraform| >= 1.0 | 6 | |aws| >= 4.0 | 7 | 8 | ## Providers 9 | 10 | | Name | Version | 11 | |------|---------| 12 | |aws| >= 4.0 | 13 | |template| n/a | 14 | 15 | ## Modules 16 | 17 | No modules. 18 | 19 | ## Resources 20 | 21 | | Name | Type | 22 | |------|------| 23 | |aws_eip.ec2-eip| resource | 24 | |aws_eip_association.ec2-eip-association| resource | 25 | |aws_instance.ec2-instance| resource | 26 | |aws_security_group.ec2-sg| resource | 27 | |aws_security_group_rule.allow_all_outbound| resource | 28 | |aws_security_group_rule.allow_ssh_inbound| resource | 29 | |template_file.user_data| data source | 30 | 31 | ## Inputs 32 | 33 | | Name | Description | Type | Default | Required | 34 | |------|-------------|------|---------|:--------:| 35 | |ami| Default Amazon Machine Image Type(AMI) | `string` | n/a | yes | 36 | |instance\_name| Default Instance Name | `string` | n/a | yes | 37 | |instance\_type| Default Instance Type | `string` | n/a | yes | 38 | |number\_of\_instances| Numbe of Instances | `number` | `1` | no | 39 | |use\_elastic\_ip| Default Usage of Elastic IP | `bool` | `false` | no | 40 | |use\_user\_data| Use User Data Status | `bool` | `false` | no | 41 | 42 | ## Outputs 43 | 44 | | Name | Description | 45 | |------|-------------| 46 | |ec2-elastic-address| Elastic ip address | 47 | |ec2-instance-dns| Public DNS of Created EC2-Instance | 48 | |ec2-instance-id| ID of Created EC2-Instance | 49 | |ec2-instance-ipv4| IPV4 of Created EC2-Instance | 50 | |ec2-instance-name| Name of Created EC2-Instance | 51 | |ec2-security-group-id| The EC2 Security Group ID | -------------------------------------------------------------------------------- /modules/02-ec2/ec2-instance/ec2-user-data.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Use this for your user data (script from top to bottom) 3 | # install httpd (Linux 2 version) 4 | yum update -y 5 | yum install -y httpd 6 | systemctl start httpd 7 | systemctl enable httpd 8 | echo "

Hello World from $(hostname -f)

" > /var/www/html/index.html -------------------------------------------------------------------------------- /modules/02-ec2/ec2-instance/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "ec2-instance" { 2 | ami = var.ami 3 | instance_type = var.instance_type 4 | 5 | count = var.number_of_instances 6 | user_data = var.use_user_data ? data.template_file.user_data.rendered : null 7 | 8 | vpc_security_group_ids = [ 9 | aws_security_group.ec2-sg.id 10 | ] 11 | 12 | 13 | root_block_device { 14 | delete_on_termination = true 15 | } 16 | 17 | tags = { 18 | Name = var.instance_name 19 | } 20 | 21 | } 22 | 23 | data "template_file" "user_data" { 24 | template = file("${path.module}/ec2-user-data.sh") 25 | } 26 | 27 | resource "aws_eip" "ec2-eip" { 28 | count = var.use_elastic_ip ? var.number_of_instances : 0 29 | vpc = true 30 | } 31 | 32 | resource "aws_eip_association" "ec2-eip-association" { 33 | count = var.use_elastic_ip ? var.number_of_instances : 0 34 | 35 | instance_id = aws_instance.ec2-instance[count.index].id 36 | allocation_id = aws_eip.ec2-eip[count.index].id 37 | } 38 | 39 | resource "aws_security_group" "ec2-sg" { 40 | name = "${var.instance_name}-sg" 41 | } 42 | 43 | resource "aws_security_group_rule" "allow_ssh_inbound" { 44 | type = "ingress" 45 | security_group_id = aws_security_group.ec2-sg.id 46 | 47 | from_port = local.http_port 48 | to_port = local.http_port 49 | protocol = local.tcp_protocol 50 | cidr_blocks = local.all_ips 51 | } 52 | 53 | resource "aws_security_group_rule" "allow_all_outbound" { 54 | type = "egress" 55 | security_group_id = aws_security_group.ec2-sg.id 56 | 57 | from_port = local.any_port 58 | to_port = local.any_port 59 | protocol = local.any_protocol 60 | cidr_blocks = local.all_ips 61 | } 62 | 63 | 64 | locals { 65 | http_port = 80 66 | any_port = 0 67 | any_protocol = "-1" 68 | tcp_protocol = "tcp" 69 | all_ips = ["0.0.0.0/0"] 70 | } -------------------------------------------------------------------------------- /modules/02-ec2/ec2-instance/outputs.tf: -------------------------------------------------------------------------------- 1 | output "ec2-instance-ipv4" { 2 | value = var.use_elastic_ip ? aws_eip.ec2-eip.*.public_ip : aws_instance.ec2-instance.*.public_ip 3 | description = "IPV4 of Created EC2-Instance" 4 | } 5 | 6 | output "ec2-instance-id" { 7 | value = aws_instance.ec2-instance.*.id 8 | description = "ID of Created EC2-Instance" 9 | } 10 | 11 | output "ec2-instance-name" { 12 | value = aws_instance.ec2-instance.*.tags 13 | description = "Name of Created EC2-Instance" 14 | } 15 | 16 | output "ec2-instance-dns" { 17 | value = aws_instance.ec2-instance.*.public_dns 18 | description = "Public DNS of Created EC2-Instance" 19 | } 20 | 21 | output "ec2-elastic-address" { 22 | description = "Elastic IP Address" 23 | value = [for eip_info in aws_eip.ec2-eip : eip_info.address] 24 | } 25 | 26 | output "ec2-security-group-id" { 27 | value = aws_security_group.ec2-sg.id 28 | description = "The EC2 Security Group ID" 29 | } -------------------------------------------------------------------------------- /modules/02-ec2/ec2-instance/variables.tf: -------------------------------------------------------------------------------- 1 | # --------------------------------------------------------------------------------------------------------------------- 2 | # REQUIRED PARAMETERS 3 | # You must provide a value for each of these parameters. 4 | # --------------------------------------------------------------------------------------------------------------------- 5 | 6 | variable "instance_type" { 7 | description = "Default Instance Type" 8 | type = string 9 | } 10 | 11 | variable "ami" { 12 | description = "Default Amazon Machine Image Type(AMI)" 13 | type = string 14 | } 15 | 16 | variable "instance_name" { 17 | description = "Default Instance Name" 18 | type = string 19 | } 20 | 21 | # --------------------------------------------------------------------------------------------------------------------- 22 | # OPTIONAL PARAMETERS 23 | # These parameters have reasonable defaults. 24 | # --------------------------------------------------------------------------------------------------------------------- 25 | 26 | variable "use_elastic_ip" { 27 | description = "Default Usage of Elastic IP" 28 | type = bool 29 | default = false 30 | } 31 | 32 | variable "number_of_instances" { 33 | description = "Numbe of Instances" 34 | type = number 35 | default = 1 36 | } 37 | 38 | variable "use_user_data" { 39 | description = "Use User Data Status" 40 | type = bool 41 | default = false 42 | } -------------------------------------------------------------------------------- /modules/02-ec2/ec2-instance/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = ">= 4.0" 8 | } 9 | } 10 | } -------------------------------------------------------------------------------- /modules/03-rds/rds-main/README.md: -------------------------------------------------------------------------------- 1 | ## Requirements 2 | 3 | | Name | Version | 4 | |------|---------| 5 | |terraform| >= 1.0 | 6 | |aws| >= 4.0 | 7 | 8 | ## Providers 9 | 10 | | Name | Version | 11 | |------|---------| 12 | |aws| >= 4.0 | 13 | 14 | ## Modules 15 | 16 | No modules. 17 | 18 | ## Resources 19 | 20 | | Name | Type | 21 | |------|------| 22 | |aws_db_instance.db_instance| resource | 23 | |aws_db_parameter_group.db_param| resource | 24 | 25 | ## Inputs 26 | 27 | | Name | Description | Type | Default | Required | 28 | |------|-------------|------|---------|:--------:| 29 | |allocated\_storage| Allocated Storage For DB Instance In GB | `number` | `5` | no | 30 | |allow\_major\_version\_upgrade| Indicates That Major Version Upgrades Are Allowed | `bool` | `false` | no | 31 | |apply\_immediately| Specifies Whether Any Database Modifications Are Applied Immediately, Or During The Next Maintenance Window | `string` | `"8.0.30"` | no | 32 | |apply\_method| (Optional) 'immediate' (Default), Or 'pending-reboot'. Some Engines Can'T Apply Some Parameters Without A Reboot, And You Will Need To Specify 'pending-reboot' Here | `string` | `"immediate"` | no | 33 | |auto\_minor\_version\_upgrade| Indicates That Minor Engine Upgrades Will Be Applied Automatically To The DB Instance During The Maintenance Window | `bool` | `true` | no | 34 | |availability\_zone| RDS Availability Zone | `string` | `null` | no | 35 | |backup\_retention\_period| The Days To Retain Backups For. Must Be Between 0 And 35 | `number` | `0` | no | 36 | |blue\_green\_update| Enables Low-Downtime Updates Using RDS's Blue/Green Deployments | `bool` | `false` | no | 37 | |create\_db\_param| Specifies Whether DB Parameter Group Is Created | `bool` | `false` | no | 38 | |deletion\_protection| If The DB Instance Should Have Deletion Protection Enabled | `bool` | `false` | no | 39 | |engine| The Database Engine To Use | `string` | `"mysql"` | no | 40 | |engine\_version| The Engine Version To Use | `string` | `"8.0.30"` | no | 41 | |family| The Family Of The DB Parameter Group | `string` | `"mysql8.0"` | no | 42 | |identifier| The Name of The RDS Instance | `string` | n/a | yes | 43 | |instance\_class| The Instance Type of The RDS Instance | `string` | n/a | yes | 44 | |max\_allocated\_storage| When Configured, The Upper Limit To Which Amazon RDS Can Automatically Scale The Storage of The DB Instance | `number` | `10` | no | 45 | |multi\_az| Specifies If The RDS Instance Is Multi-Az | `bool` | `false` | no | 46 | |parameters| Parameter Group | `list(map(string))` | `[]` | no | 47 | |password| Password For The Master DB User | `string` | `null` | no | 48 | |publicly\_accessible| Bool To Control If Instance Is Publicly Accessible | `bool` | `false` | no | 49 | |replicate\_source\_db| Specifies That This Resource Is A Replicate Database, And To Use This Value As The Source Database | `string` | `null` | no | 50 | | skip\_final\_snapshot| Determines Whether A Final Db Snapshot Is Created Before The Db Instance Is Deleted.
If True Is Specified, No Dbsnapshot Is Created.
If False Is Specified, A Db Snapshot Is Created Before The Db Instance Is Deleted | `bool` | `false` | no | 51 | |storage\_encrypted| Specifies Whether The DB Instance Is Encrypted | `bool` | `false` | no | 52 | |username| Username For The Master DB User | `string` | `null` | no | 53 | 54 | ## Outputs 55 | 56 | | Name | Description | 57 | |------|-------------| 58 | |rds-vol-address| RDS Volume Address | 59 | |rds-vol-engine| RDS Volume Engine | 60 | |rds-vol-engine-version| RDS Volume Engine Version | 61 | |rds-vol-id| RDS Volume ID | 62 | |rds-vol-name| RDS Volume Name | 63 | |rds-vol-replica-mode| RDS Volume Replica Mode | 64 | |rds-vol-replica-source-db| RDS Volume Source DB | 65 | |rds-vol-replicas| RDS Volume Replicas | -------------------------------------------------------------------------------- /modules/03-rds/rds-main/main.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | username = var.replicate_source_db != null ? null : var.username 3 | password = var.replicate_source_db != null ? null : var.password 4 | engine = var.replicate_source_db != null ? null : var.engine 5 | engine_version = var.replicate_source_db != null ? null : var.engine_version 6 | } 7 | 8 | resource "aws_db_parameter_group" "db_param" { 9 | count = var.create_db_param ? 1 : 0 10 | name = "rds-terraform-group" 11 | family = var.family 12 | 13 | dynamic "parameter" { 14 | for_each = var.parameters 15 | content { 16 | name = parameter.value.name 17 | value = parameter.value.value 18 | apply_method = var.apply_method 19 | } 20 | } 21 | 22 | lifecycle { 23 | create_before_destroy = true 24 | } 25 | } 26 | 27 | 28 | resource "aws_db_instance" "db_instance" { 29 | identifier = var.identifier 30 | instance_class = var.instance_class 31 | 32 | allocated_storage = var.allocated_storage 33 | max_allocated_storage = var.max_allocated_storage 34 | 35 | engine = local.engine 36 | engine_version = local.engine_version 37 | 38 | username = local.username 39 | password = local.password 40 | 41 | publicly_accessible = var.publicly_accessible 42 | skip_final_snapshot = var.skip_final_snapshot 43 | 44 | allow_major_version_upgrade = var.allow_major_version_upgrade 45 | auto_minor_version_upgrade = var.auto_minor_version_upgrade 46 | 47 | parameter_group_name = try(aws_db_parameter_group.db_param[0].name, "") 48 | 49 | availability_zone = var.multi_az ? null : var.availability_zone 50 | 51 | backup_retention_period = var.backup_retention_period 52 | 53 | deletion_protection = var.deletion_protection 54 | 55 | multi_az = var.multi_az 56 | 57 | storage_encrypted = var.storage_encrypted 58 | 59 | apply_immediately = var.apply_immediately 60 | 61 | replicate_source_db = var.replicate_source_db 62 | 63 | blue_green_update { 64 | 65 | enabled = var.blue_green_update 66 | 67 | } 68 | } -------------------------------------------------------------------------------- /modules/03-rds/rds-main/outputs.tf: -------------------------------------------------------------------------------- 1 | output "rds-vol-name" { 2 | value = aws_db_instance.db_instance.db_name 3 | description = "RDS Volume Name" 4 | } 5 | 6 | output "rds-vol-id" { 7 | value = aws_db_instance.db_instance.id 8 | description = "RDS Volume ID" 9 | } 10 | 11 | output "rds-vol-address" { 12 | value = aws_db_instance.db_instance.address 13 | description = "RDS Volume Address" 14 | } 15 | 16 | output "rds-vol-engine" { 17 | value = aws_db_instance.db_instance.engine 18 | description = "RDS Volume Engine" 19 | } 20 | 21 | output "rds-vol-engine-version" { 22 | value = aws_db_instance.db_instance.engine_version 23 | description = "RDS Volume Engine Version" 24 | } 25 | 26 | output "rds-vol-replicas" { 27 | value = aws_db_instance.db_instance.replicas 28 | description = "RDS Volume Replicas" 29 | } 30 | 31 | output "rds-vol-replica-mode" { 32 | value = aws_db_instance.db_instance.replica_mode 33 | description = "RDS Volume Replica Mode" 34 | } 35 | 36 | output "rds-vol-replica-source-db" { 37 | value = aws_db_instance.db_instance.replicate_source_db 38 | description = "RDS Volume Source DB" 39 | } -------------------------------------------------------------------------------- /modules/03-rds/rds-main/variables.tf: -------------------------------------------------------------------------------- 1 | # --------------------------------------------------------------------------------------------------------------------- 2 | # REQUIRED PARAMETERS 3 | # You must provide a value for each of these parameters. 4 | # --------------------------------------------------------------------------------------------------------------------- 5 | 6 | variable "identifier" { 7 | description = "The Name of The RDS Instance" 8 | type = string 9 | 10 | } 11 | 12 | variable "instance_class" { 13 | description = "The Instance Type of The RDS Instance" 14 | type = string 15 | } 16 | 17 | # --------------------------------------------------------------------------------------------------------------------- 18 | # OPTIONAL PARAMETERS 19 | # These parameters have reasonable defaults. 20 | # --------------------------------------------------------------------------------------------------------------------- 21 | 22 | variable "username" { 23 | description = "Username For The Master DB User" 24 | type = string 25 | default = null 26 | } 27 | 28 | variable "password" { 29 | description = "Password For The Master DB User" 30 | type = string 31 | default = null 32 | sensitive = true 33 | } 34 | 35 | variable "allocated_storage" { 36 | description = "Allocated Storage For DB Instance In GB" 37 | type = number 38 | default = 5 39 | } 40 | 41 | variable "publicly_accessible" { 42 | description = "Bool To Control If Instance Is Publicly Accessible" 43 | type = bool 44 | default = false 45 | } 46 | 47 | variable "max_allocated_storage" { 48 | description = "When Configured, The Upper Limit To Which Amazon RDS Can Automatically Scale The Storage of The DB Instance" 49 | type = number 50 | default = 10 51 | } 52 | 53 | variable "allow_major_version_upgrade" { 54 | description = "Indicates That Major Version Upgrades Are Allowed" 55 | type = bool 56 | default = false 57 | } 58 | 59 | variable "auto_minor_version_upgrade" { 60 | description = "Indicates That Minor Engine Upgrades Will Be Applied Automatically To The DB Instance During The Maintenance Window" 61 | type = bool 62 | default = true 63 | } 64 | 65 | variable "availability_zone" { 66 | description = "RDS Availability Zone" 67 | type = string 68 | default = null 69 | } 70 | 71 | variable "backup_retention_period" { 72 | description = "The Days To Retain Backups For. Must Be Between 0 And 35" 73 | type = number 74 | default = 0 75 | } 76 | 77 | variable "blue_green_update" { 78 | description = "Enables Low-Downtime Updates Using RDS's Blue/Green Deployments" 79 | type = bool 80 | default = false 81 | } 82 | 83 | variable "skip_final_snapshot" { 84 | description = <= 1.0 | 6 | |aws| >= 4.0 | 7 | 8 | ## Providers 9 | 10 | | Name | Version | 11 | |------|---------| 12 | |aws| >= 4.0 | 13 | 14 | ## Modules 15 | 16 | No modules. 17 | 18 | ## Resources 19 | 20 | | Name | Type | 21 | |------|------| 22 | |aws_s3_bucket.s3-bucket| resource | 23 | |aws_s3_bucket_accelerate_configuration.s3-bucket-accelerate-config| resource | 24 | |aws_s3_bucket_acl.s3-bukcet-acl| resource | 25 | |aws_s3_bucket_lifecycle_configuration.s3-bucket-lifecycle| resource | 26 | |aws_s3_bucket_logging.s3-bucket-log| resource | 27 | |aws_s3_bucket_object_lock_configuration.s3-bucket-object-lock| resource | 28 | |aws_s3_bucket_request_payment_configuration.s3-bucket-payment| resource | 29 | |aws_s3_bucket_server_side_encryption_configuration.s3-bucket-sse-kms| resource | 30 | |aws_s3_bucket_versioning.s3-bucket-versioning| resource | 31 | 32 | ## Inputs 33 | 34 | | Name | Description | Type | Default | Required | 35 | |------|-------------|------|---------|:--------:| 36 | |acceleration\_status| (Optional) Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended. | `string` | `null` | no | 37 | |acl| (Optional) The canned ACL to apply. Conflicts with `grant` | `string` | `null` | no | 38 | |bucket| (Optional, Forces New Resource) The Name Of The Bucket. If Omitted, Terraform Will Assign A Random, Unique Name | `string` | `"my-bucket"` | no | 39 | |bucket\_prefix| (Optional, Forces New Resource) Creates A Unique Bucket Name Beginning With The Specified Prefix. Conflicts With Bucket | `string` | `null` | no | 40 | |create\_bucket| Controls If S3 Bucket Should Be Created | `bool` | `true` | no | 41 | |expected\_bucket\_owner| The account ID of the expected bucket owner | `string` | `null` | no | 42 | |force\_destroy| (Optional, Default:False ) A Boolean That Indicates All Objects Should Be Deleted From The Bucket So That The Bucket Can Be Destroyed Without Error. These Objects Are Not Recoverable | `bool` | `false` | no | 43 | | lifecycle\_rule| List of maps containing configuration of object lifecycle management. | `any` | `[]` | no | 44 | |logging| Map containing access bucket logging configuration. | `map(string)` | `{}` | no | 45 | | object\_lock\_configuration| Map containing S3 object locking configuration. | `any` | `{}` | no | 46 | |object\_lock\_enabled| Whether S3 Bucket Should Have An Object Lock Configuration Enabled | `bool` | `false` | no | 47 | |request\_payer| (Optional) Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information. | `string` | `null` | no | 48 | | server\_side\_encryption\_configuration| Map containing server-side encryption configuration. | `any` | `{}` | no | 49 | |versioning| Map containing versioning configuration. | `map(string)` | `{}` | no | 50 | 51 | ## Outputs 52 | 53 | | Name | Description | 54 | |------|-------------| 55 | |s3\_bucket\_arn| The ARN of the bucket. Will be of format arn:aws:s3:::bucketname. | 56 | |s3\_bucket\_bucket\_domain\_name| The bucket domain name. Will be of format bucketname.s3.amazonaws.com. | 57 | |s3\_bucket\_hosted\_zone\_id| The Route 53 Hosted Zone ID for this bucket's region. | 58 | |s3\_bucket\_id| The name of the bucket. | 59 | |s3\_bucket\_region| The AWS region this bucket resides in. | -------------------------------------------------------------------------------- /modules/04-s3bucket/s3bucket-bucket/main.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | lifecycle_rules = try(jsondecode(var.lifecycle_rule), var.lifecycle_rule) 3 | } 4 | 5 | resource "aws_s3_bucket" "s3-bucket" { 6 | count = var.create_bucket ? 1 : 0 7 | 8 | bucket = var.bucket 9 | bucket_prefix = var.bucket_prefix 10 | 11 | force_destroy = var.force_destroy 12 | object_lock_enabled = var.object_lock_enabled 13 | } 14 | 15 | resource "aws_s3_bucket_object_lock_configuration" "s3-bucket-object-lock" { 16 | count = var.create_bucket && var.object_lock_enabled && try(var.object_lock_configuration.rule.default_retention, null) != null ? 1 : 0 17 | 18 | bucket = aws_s3_bucket.s3-bucket[0].id 19 | expected_bucket_owner = var.expected_bucket_owner 20 | 21 | rule { 22 | default_retention { 23 | mode = var.object_lock_configuration.rule.default_retention.mode 24 | days = try(var.object_lock_configuration.rule.default_retention.days, null) 25 | years = try(var.object_lock_configuration.rule.default_retention.years, null) 26 | } 27 | } 28 | } 29 | 30 | resource "aws_s3_bucket_logging" "s3-bucket-log" { 31 | count = var.create_bucket && length(keys(var.logging)) > 0 ? 1 : 0 32 | 33 | bucket = aws_s3_bucket.s3-bucket[0].id 34 | 35 | target_bucket = var.logging["target_bucket"] 36 | target_prefix = try(var.logging["target_prefix"], null) 37 | } 38 | 39 | resource "aws_s3_bucket_acl" "s3-bukcet-acl" { 40 | count = var.create_bucket && (var.acl != null && var.acl != "null") ? 1 : 0 41 | 42 | bucket = aws_s3_bucket.s3-bucket[0].id 43 | expected_bucket_owner = var.expected_bucket_owner 44 | 45 | acl = var.acl == "null" ? null : var.acl 46 | 47 | } 48 | 49 | resource "aws_s3_bucket_versioning" "s3-bucket-versioning" { 50 | count = var.create_bucket && length(keys(var.versioning)) > 0 ? 1 : 0 51 | 52 | bucket = aws_s3_bucket.s3-bucket[0].id 53 | expected_bucket_owner = var.expected_bucket_owner 54 | mfa = try(var.versioning["mfa"], null) 55 | 56 | versioning_configuration { 57 | # Valid values: "Enabled" or "Suspended" 58 | status = try(tobool(var.versioning["status"]) ? "Enabled" : "Suspended", title(lower(var.versioning["status"])), null) 59 | 60 | # Valid values: "Enabled" or "Disabled" 61 | mfa_delete = try(tobool(var.versioning["mfa_delete"]) ? "Enabled" : "Disabled", title(lower(var.versioning["mfa_delete"])), null) 62 | } 63 | } 64 | 65 | resource "aws_s3_bucket_server_side_encryption_configuration" "s3-bucket-sse-kms" { 66 | count = var.create_bucket && length(keys(var.server_side_encryption_configuration)) > 0 ? 1 : 0 67 | 68 | bucket = aws_s3_bucket.s3-bucket[0].id 69 | expected_bucket_owner = var.expected_bucket_owner 70 | 71 | dynamic "rule" { 72 | for_each = try(flatten([var.server_side_encryption_configuration["rule"]]), []) 73 | 74 | content { 75 | bucket_key_enabled = try(rule.value.bucket_key_enabled, null) 76 | 77 | dynamic "apply_server_side_encryption_by_default" { 78 | for_each = try([rule.value.apply_server_side_encryption_by_default], []) 79 | 80 | content { 81 | sse_algorithm = apply_server_side_encryption_by_default.value.sse_algorithm 82 | kms_master_key_id = try(apply_server_side_encryption_by_default.value.kms_master_key_id, null) 83 | } 84 | } 85 | } 86 | } 87 | } 88 | 89 | resource "aws_s3_bucket_accelerate_configuration" "s3-bucket-accelerate-config" { 90 | count = var.create_bucket && var.acceleration_status != null ? 1 : 0 91 | 92 | bucket = aws_s3_bucket.s3-bucket[0].id 93 | expected_bucket_owner = var.expected_bucket_owner 94 | 95 | # Valid values: "Enabled" or "Suspended" 96 | status = title(lower(var.acceleration_status)) 97 | } 98 | 99 | resource "aws_s3_bucket_request_payment_configuration" "s3-bucket-payment" { 100 | count = var.create_bucket && var.request_payer != null ? 1 : 0 101 | 102 | bucket = aws_s3_bucket.s3-bucket[0].id 103 | expected_bucket_owner = var.expected_bucket_owner 104 | 105 | # Valid values: "BucketOwner" or "Requester" 106 | payer = lower(var.request_payer) == "requester" ? "Requester" : "BucketOwner" 107 | } 108 | 109 | resource "aws_s3_bucket_lifecycle_configuration" "s3-bucket-lifecycle" { 110 | count = var.create_bucket && length(local.lifecycle_rules) > 0 ? 1 : 0 111 | 112 | bucket = aws_s3_bucket.s3-bucket[0].id 113 | expected_bucket_owner = var.expected_bucket_owner 114 | 115 | dynamic "rule" { 116 | for_each = local.lifecycle_rules 117 | 118 | content { 119 | id = try(rule.value.id, null) 120 | status = try(rule.value.enabled ? "Enabled" : "Disabled", tobool(rule.value.status) ? "Enabled" : "Disabled", title(lower(rule.value.status))) 121 | 122 | # Max 1 block 123 | dynamic "abort_incomplete_multipart_upload" { 124 | for_each = try([rule.value.abort_incomplete_multipart_upload_days], []) 125 | 126 | content { 127 | days_after_initiation = try(rule.value.abort_incomplete_multipart_upload_days, null) 128 | } 129 | } 130 | 131 | 132 | # Max 1 block 133 | dynamic "expiration" { 134 | for_each = try(flatten([rule.value.expiration]), []) 135 | 136 | content { 137 | date = try(expiration.value.date, null) 138 | days = try(expiration.value.days, null) 139 | expired_object_delete_marker = try(expiration.value.expired_object_delete_marker, null) 140 | } 141 | } 142 | 143 | # Several blocks 144 | dynamic "transition" { 145 | for_each = try(flatten([rule.value.transition]), []) 146 | 147 | content { 148 | date = try(transition.value.date, null) 149 | days = try(transition.value.days, null) 150 | storage_class = transition.value.storage_class 151 | } 152 | } 153 | 154 | # Max 1 block 155 | dynamic "noncurrent_version_expiration" { 156 | for_each = try(flatten([rule.value.noncurrent_version_expiration]), []) 157 | 158 | content { 159 | newer_noncurrent_versions = try(noncurrent_version_expiration.value.newer_noncurrent_versions, null) 160 | noncurrent_days = try(noncurrent_version_expiration.value.days, noncurrent_version_expiration.value.noncurrent_days, null) 161 | } 162 | } 163 | 164 | # Several blocks 165 | dynamic "noncurrent_version_transition" { 166 | for_each = try(flatten([rule.value.noncurrent_version_transition]), []) 167 | 168 | content { 169 | newer_noncurrent_versions = try(noncurrent_version_transition.value.newer_noncurrent_versions, null) 170 | noncurrent_days = try(noncurrent_version_transition.value.days, noncurrent_version_transition.value.noncurrent_days, null) 171 | storage_class = noncurrent_version_transition.value.storage_class 172 | } 173 | } 174 | 175 | # Max 1 block - filter - without any key arguments or tags 176 | dynamic "filter" { 177 | for_each = length(try(flatten([rule.value.filter]), [])) == 0 ? [true] : [] 178 | 179 | content { 180 | # prefix = "" 181 | } 182 | } 183 | 184 | # Max 1 block - filter - with one key argument or a single tag 185 | dynamic "filter" { 186 | for_each = [for v in try(flatten([rule.value.filter]), []) : v if max(length(keys(v)), length(try(rule.value.filter.tags, rule.value.filter.tag, []))) == 1] 187 | 188 | content { 189 | object_size_greater_than = try(filter.value.object_size_greater_than, null) 190 | object_size_less_than = try(filter.value.object_size_less_than, null) 191 | prefix = try(filter.value.prefix, null) 192 | 193 | dynamic "tag" { 194 | for_each = try(filter.value.tags, filter.value.tag, []) 195 | 196 | content { 197 | key = tag.key 198 | value = tag.value 199 | } 200 | } 201 | } 202 | } 203 | 204 | # Max 1 block - filter - with more than one key arguments or multiple tags 205 | dynamic "filter" { 206 | for_each = [for v in try(flatten([rule.value.filter]), []) : v if max(length(keys(v)), length(try(rule.value.filter.tags, rule.value.filter.tag, []))) > 1] 207 | 208 | content { 209 | and { 210 | object_size_greater_than = try(filter.value.object_size_greater_than, null) 211 | object_size_less_than = try(filter.value.object_size_less_than, null) 212 | prefix = try(filter.value.prefix, null) 213 | tags = try(filter.value.tags, filter.value.tag, null) 214 | } 215 | } 216 | } 217 | } 218 | } 219 | 220 | # Must have bucket versioning enabled first 221 | depends_on = [aws_s3_bucket_versioning.s3-bucket-versioning] 222 | } -------------------------------------------------------------------------------- /modules/04-s3bucket/s3bucket-bucket/outputs.tf: -------------------------------------------------------------------------------- 1 | output "s3_bucket_id" { 2 | description = "The name of the bucket." 3 | value = try(aws_s3_bucket.s3-bucket[0].id, "") 4 | } 5 | 6 | output "s3_bucket_arn" { 7 | description = "The ARN of the bucket. Will be of format arn:aws:s3:::bucketname." 8 | value = try(aws_s3_bucket.s3-bucket[0].arn, "") 9 | } 10 | 11 | output "s3_bucket_bucket_domain_name" { 12 | description = "The bucket domain name. Will be of format bucketname.s3.amazonaws.com." 13 | value = try(aws_s3_bucket.s3-bucket[0].bucket_domain_name, "") 14 | } 15 | 16 | output "s3_bucket_hosted_zone_id" { 17 | description = "The Route 53 Hosted Zone ID for this bucket's region." 18 | value = try(aws_s3_bucket.s3-bucket[0].hosted_zone_id, "") 19 | } 20 | 21 | output "s3_bucket_region" { 22 | description = "The AWS region this bucket resides in." 23 | value = try(aws_s3_bucket.s3-bucket[0].region, "") 24 | } -------------------------------------------------------------------------------- /modules/04-s3bucket/s3bucket-bucket/variables.tf: -------------------------------------------------------------------------------- 1 | # --------------------------------------------------------------------------------------------------------------------- 2 | # OPTIONAL PARAMETERS 3 | # These parameters have reasonable defaults. 4 | # --------------------------------------------------------------------------------------------------------------------- 5 | 6 | variable "bucket" { 7 | description = "(Optional, Forces New Resource) The Name Of The Bucket. If Omitted, Terraform Will Assign A Random, Unique Name" 8 | type = string 9 | default = "my-bucket" 10 | } 11 | 12 | variable "bucket_prefix" { 13 | description = "(Optional, Forces New Resource) Creates A Unique Bucket Name Beginning With The Specified Prefix. Conflicts With Bucket" 14 | type = string 15 | default = null 16 | } 17 | 18 | variable "create_bucket" { 19 | description = "Controls If S3 Bucket Should Be Created" 20 | type = bool 21 | default = true 22 | } 23 | 24 | variable "force_destroy" { 25 | description = "(Optional, Default:False ) A Boolean That Indicates All Objects Should Be Deleted From The Bucket So That The Bucket Can Be Destroyed Without Error. These Objects Are Not Recoverable" 26 | type = bool 27 | default = false 28 | } 29 | 30 | variable "object_lock_enabled" { 31 | description = "Whether S3 Bucket Should Have An Object Lock Configuration Enabled" 32 | type = bool 33 | default = false 34 | } 35 | 36 | variable "expected_bucket_owner" { 37 | description = "The account ID of the expected bucket owner" 38 | type = string 39 | default = null 40 | } 41 | 42 | variable "object_lock_configuration" { 43 | description = "Map containing S3 object locking configuration." 44 | type = any 45 | default = {} 46 | } 47 | 48 | variable "logging" { 49 | description = "Map containing access bucket logging configuration." 50 | type = map(string) 51 | default = {} 52 | } 53 | 54 | variable "acl" { 55 | description = "(Optional) The canned ACL to apply. Conflicts with `grant`" 56 | type = string 57 | default = null 58 | } 59 | 60 | variable "versioning" { 61 | description = "Map containing versioning configuration." 62 | type = map(string) 63 | default = {} 64 | } 65 | 66 | variable "server_side_encryption_configuration" { 67 | description = "Map containing server-side encryption configuration." 68 | type = any 69 | default = {} 70 | } 71 | 72 | variable "acceleration_status" { 73 | description = "(Optional) Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended." 74 | type = string 75 | default = null 76 | } 77 | 78 | variable "request_payer" { 79 | description = "(Optional) Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information." 80 | type = string 81 | default = null 82 | } 83 | 84 | variable "lifecycle_rule" { 85 | description = "List of maps containing configuration of object lifecycle management." 86 | type = any 87 | default = [] 88 | } -------------------------------------------------------------------------------- /modules/04-s3bucket/s3bucket-bucket/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = ">= 4.0" 8 | } 9 | } 10 | } -------------------------------------------------------------------------------- /modules/05-route53/route53-main/README.md: -------------------------------------------------------------------------------- 1 | ## Requirements 2 | 3 | | Name | Version | 4 | |------|---------| 5 | |terraform| >= 1.0 | 6 | |aws| >= 4.0 | 7 | 8 | ## Providers 9 | 10 | | Name | Version | 11 | |------|---------| 12 | |aws| >= 4.0 | 13 | 14 | ## Modules 15 | 16 | No modules. 17 | 18 | ## Resources 19 | 20 | | Name | Type | 21 | |------|------| 22 | |aws_route53_record.route_record| resource | 23 | |aws_route53_zone.hosted_zone_public| resource | 24 | 25 | ## Inputs 26 | 27 | | Name | Description | Type | Default | Required | 28 | |------|-------------|------|---------|:--------:| 29 | |config\_list| List of Configs For Route53 Resource | `any` | n/a | yes | 30 | |force\_destroy| Whether To Destroy All Records (Possibly Managed Outside Of Terraform) In The Zone When Destroying The Zone | `bool` | `false` | no | 31 | |hosted\_zone\_name| This Is The Name of The Hosted Zone | `string` | `"testterrafromhostedzone.com"` | no | 32 | |record\_name| The Name of The Record | `string` | `"test"` | no | 33 | |record\_type| The Record Type. Valid Values Are 'A', 'Aaaa', 'Caa', 'Cname', 'Mx', 'Naptr', 'Ns', 'Ptr', 'Soa', 'Spf', 'Srv' And 'Txt' | `string` | `"A"` | no | 34 | |records\_list| List of Records | `list(string)` | 
[
  ""
]
| no | 35 | |routing\_policy\_type| The Type of Routing Policy | `string` | `""` | no | 36 | |ttl| The TTL of The Record | `number` | `300` | no | 37 | 38 | ## Outputs 39 | 40 | | Name | Description | 41 | |------|-------------| 42 | |route-record-name| Route53 Record Name | 43 | |route-record-ttl| Route53 TTL | 44 | |route-records| Route53 Records | -------------------------------------------------------------------------------- /modules/05-route53/route53-main/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_route53_zone" "hosted_zone_public" { 2 | name = var.hosted_zone_name 3 | 4 | force_destroy = var.force_destroy 5 | } 6 | 7 | resource "aws_route53_record" "route_record" { 8 | for_each = { for k, v in var.config_list : k => v} 9 | 10 | zone_id = aws_route53_zone.hosted_zone_public.zone_id 11 | name = "${each.value.record_name}.${each.value.hosted_zone_name}" 12 | 13 | type = each.value.record_type 14 | ttl = each.value.ttl 15 | records = try(each.value.records_list, null) 16 | set_identifier = try(each.value.identifier, null) 17 | health_check_id = lookup(each.value, "health_check_id", null) 18 | 19 | dynamic "failover_routing_policy" { 20 | for_each = var.routing_policy_type == "failover" ? [true] : [] 21 | 22 | content { 23 | type = each.value.failover_routing_policy.type 24 | } 25 | } 26 | 27 | dynamic "weighted_routing_policy" { 28 | for_each = var.routing_policy_type == "weighted" ? [true] : [] 29 | 30 | content { 31 | weight = each.value.weighted_routing_policy.weight 32 | } 33 | } 34 | 35 | dynamic "geolocation_routing_policy" { 36 | for_each = var.routing_policy_type == "geolocation" ? [true] : [] 37 | 38 | content { 39 | continent = lookup(each.value.geolocation_routing_policy, "continent", null) 40 | country = lookup(each.value.geolocation_routing_policy, "country", "*") 41 | } 42 | } 43 | } -------------------------------------------------------------------------------- /modules/05-route53/route53-main/outputs.tf: -------------------------------------------------------------------------------- 1 | output "route-record-name" { 2 | value = [for route_info in aws_route53_record.route_record : route_info.name] 3 | description = "Route53 Record Name" 4 | } 5 | 6 | output "route-records" { 7 | value = [for route_info in aws_route53_record.route_record : route_info.records] 8 | description = "Route53 Records" 9 | } 10 | 11 | output "route-record-ttl" { 12 | value = [for route_info in aws_route53_record.route_record : route_info.ttl] 13 | description = "Route53 TTL" 14 | } -------------------------------------------------------------------------------- /modules/05-route53/route53-main/variables.tf: -------------------------------------------------------------------------------- 1 | # --------------------------------------------------------------------------------------------------------------------- 2 | # REQUIRED PARAMETERS 3 | # You must provide a value for each of these parameters. 4 | # --------------------------------------------------------------------------------------------------------------------- 5 | 6 | variable "config_list" { 7 | description = "List of Configs For Route53 Resource" 8 | type = any 9 | } 10 | 11 | # --------------------------------------------------------------------------------------------------------------------- 12 | # OPTIONAL PARAMETERS 13 | # These parameters have reasonable defaults. 14 | # --------------------------------------------------------------------------------------------------------------------- 15 | 16 | variable "hosted_zone_name" { 17 | description = "This Is The Name of The Hosted Zone" 18 | type = string 19 | default = "testterrafromhostedzone.com" 20 | } 21 | 22 | variable "force_destroy" { 23 | description = "Whether To Destroy All Records (Possibly Managed Outside Of Terraform) In The Zone When Destroying The Zone" 24 | type = bool 25 | default = false 26 | } 27 | 28 | variable "record_name" { 29 | description = "The Name of The Record" 30 | type = string 31 | default = "test" 32 | } 33 | 34 | variable "record_type" { 35 | description = "The Record Type. Valid Values Are 'A', 'Aaaa', 'Caa', 'Cname', 'Mx', 'Naptr', 'Ns', 'Ptr', 'Soa', 'Spf', 'Srv' And 'Txt'" 36 | type = string 37 | default = "A" 38 | } 39 | 40 | variable "records_list" { 41 | description = "List of Records" 42 | type = list(string) 43 | default = [""] 44 | } 45 | 46 | variable "ttl" { 47 | description = "The TTL of The Record" 48 | type = number 49 | default = 300 50 | } 51 | 52 | variable "routing_policy_type" { 53 | description = "The Type of Routing Policy" 54 | type = string 55 | default = "" 56 | } -------------------------------------------------------------------------------- /modules/05-route53/route53-main/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = ">= 4.0" 8 | } 9 | } 10 | } -------------------------------------------------------------------------------- /modules/17-lb/lb-alb/README.md: -------------------------------------------------------------------------------- 1 | ## Requirements 2 | 3 | | Name | Version | 4 | |------|---------| 5 | |terraform| >= 1.0 | 6 | |aws| >= 4.0 | 7 | 8 | ## Providers 9 | 10 | | Name | Version | 11 | |------|---------| 12 | |aws| >= 4.0 | 13 | 14 | ## Modules 15 | 16 | No modules. 17 | 18 | ## Resources 19 | 20 | | Name | Type | 21 | |------|------| 22 | |aws_lb.lb| resource | 23 | |aws_lb_listener.lb_listener| resource | 24 | 25 | ## Inputs 26 | 27 | | Name | Description | Type | Default | Required | 28 | |------|-------------|------|---------|:--------:| 29 | |alb\_name| The Name To Use For This ALB | `string` | n/a | yes | 30 | |security\_group\_id| The Security Group | `any` | n/a | yes | 31 | |subnet\_ids| The Subnet IDs To Deploy | `list(string)` | n/a | yes | 32 | 33 | ## Outputs 34 | 35 | | Name | Description | 36 | |------|-------------| 37 | |alb\_dns\_name| The Domain Name of The Load Balancer | 38 | |alb\_http\_listener\_arn| The ARN of The HTTP Listener | -------------------------------------------------------------------------------- /modules/17-lb/lb-alb/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_lb" "lb" { 2 | name = var.alb_name 3 | internal = false 4 | load_balancer_type = "application" 5 | security_groups = [var.security_group_id] 6 | subnets = var.subnet_ids 7 | 8 | enable_deletion_protection = false 9 | tags = { 10 | Environment = "elb-example" 11 | } 12 | 13 | } 14 | 15 | resource "aws_lb_listener" "lb_listener_http" { 16 | load_balancer_arn = aws_lb.lb.arn 17 | port = local.http_port 18 | protocol = "HTTP" 19 | 20 | # By default, return a simple 404 page 21 | default_action { 22 | type = "fixed-response" 23 | 24 | fixed_response { 25 | content_type = "text/plain" 26 | message_body = "404: page not found" 27 | status_code = 404 28 | } 29 | } 30 | } 31 | 32 | locals { 33 | http_port = 80 34 | } -------------------------------------------------------------------------------- /modules/17-lb/lb-alb/outputs.tf: -------------------------------------------------------------------------------- 1 | output "alb_dns_name" { 2 | value = aws_lb.lb.dns_name 3 | description = "The domain name of the load balancer" 4 | } 5 | 6 | output "alb_http_listener_arn" { 7 | value = aws_lb_listener.lb_listener_http.arn 8 | description = "The ARN of the HTTP listener" 9 | } -------------------------------------------------------------------------------- /modules/17-lb/lb-alb/variables.tf: -------------------------------------------------------------------------------- 1 | # --------------------------------------------------------------------------------------------------------------------- 2 | # REQUIRED PARAMETERS 3 | # You must provide a value for each of these parameters. 4 | # --------------------------------------------------------------------------------------------------------------------- 5 | 6 | variable "alb_name" { 7 | description = "The Name To Use For This ALB" 8 | type = string 9 | } 10 | 11 | variable "subnet_ids" { 12 | description = "The Subnet IDs To Deploy" 13 | type = list(string) 14 | } 15 | 16 | variable "security_group_id" { 17 | description = "The Security Group" 18 | type = any 19 | } -------------------------------------------------------------------------------- /modules/17-lb/lb-alb/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = ">= 4.0" 8 | } 9 | } 10 | } -------------------------------------------------------------------------------- /modules/25-efs/efs-storage/README.md: -------------------------------------------------------------------------------- 1 | ## Requirements 2 | 3 | | Name | Version | 4 | |------|---------| 5 | |terraform| >= 1.0 | 6 | |aws| >= 4.0 | 7 | 8 | ## Providers 9 | 10 | | Name | Version | 11 | |------|---------| 12 | |aws| >= 4.0 | 13 | 14 | ## Modules 15 | 16 | No modules. 17 | 18 | ## Resources 19 | 20 | | Name | Type | 21 | |------|------| 22 | |aws_efs_file_system.efs_fs| resource | 23 | 24 | ## Inputs 25 | 26 | | Name | Description | Type | Default | Required | 27 | |------|-------------|------|---------|:--------:| 28 | |availability\_zone\_name| Avalability zone name (used for one zone efs). | `string` | `null` | no | 29 | |encryption| EFS encryption status. | `bool` | n/a | yes | 30 | |infrequent\_access\_transition\_dur| How long it takes to transition files to the IA storage class. | `string` | n/a | yes | 31 | |performance\_mode| The file system performance mode. | `string` | `"generalPurpose"` | no | 32 | |provisioned\_throughput\_in\_mibps\_val| The throughput, measured in MiB/s, that you want to provision for the file system. | `number` | `10` | no | 33 | |tag\_name| EFS tag name. | `string` | n/a | yes | 34 | |throughput\_mode| Throughput mode for the file system. | `string` | `"provisioned"` | no | 35 | |token\_name| A unique name used as reference when creating the Elastic File System to ensure idempotent file system creation. | `string` | n/a | yes | 36 | 37 | ## Outputs 38 | 39 | | Name | Description | 40 | |------|-------------| 41 | |efs\_availability\_zone\_name| Availability zone name | 42 | |efs\_encryption\_status| Encryption status | 43 | |efs\_lifecycle\_policy| Lifecycle policy | 44 | |efs\_performance\_mode| Performance mode | 45 | |efs\_throughput\_mode| Throughput mode | 46 | |efs\_token\_name| Token name | -------------------------------------------------------------------------------- /modules/25-efs/efs-storage/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_efs_file_system" "efs_fs" { 2 | creation_token = var.token_name 3 | availability_zone_name = var.availability_zone_name 4 | 5 | encrypted = var.encryption 6 | throughput_mode = var.throughput_mode 7 | 8 | performance_mode = var.performance_mode 9 | 10 | provisioned_throughput_in_mibps = var.throughput_mode == "provisioned" ? var.provisioned_throughput_in_mibps_val : null 11 | 12 | lifecycle_policy { 13 | transition_to_ia = var.infrequent_access_transition_dur 14 | } 15 | 16 | tags = { 17 | Name = var.tag_name 18 | } 19 | 20 | } -------------------------------------------------------------------------------- /modules/25-efs/efs-storage/outputs.tf: -------------------------------------------------------------------------------- 1 | output "efs_availability_zone_name" { 2 | description = "Availability zone name" 3 | value = aws_efs_file_system.efs_fs.availability_zone_name 4 | } 5 | 6 | output "efs_token_name" { 7 | description = "Token name" 8 | value = aws_efs_file_system.efs_fs.creation_token 9 | } 10 | 11 | output "efs_encryption_status" { 12 | description = "Encryption status" 13 | value = aws_efs_file_system.efs_fs.encrypted 14 | } 15 | 16 | output "efs_lifecycle_policy" { 17 | description = "Lifecycle policy" 18 | value = aws_efs_file_system.efs_fs.lifecycle_policy 19 | } 20 | 21 | output "efs_performance_mode" { 22 | description = "Performance mode" 23 | value = aws_efs_file_system.efs_fs.performance_mode 24 | } 25 | 26 | output "efs_throughput_mode" { 27 | description = "Throughput mode" 28 | value = aws_efs_file_system.efs_fs.throughput_mode 29 | } -------------------------------------------------------------------------------- /modules/25-efs/efs-storage/variables.tf: -------------------------------------------------------------------------------- 1 | # --------------------------------------------------------------------------------------------------------------------- 2 | # OPTIONAL PARAMETERS 3 | # These parameters have reasonable defaults. 4 | # --------------------------------------------------------------------------------------------------------------------- 5 | 6 | variable "availability_zone_name" { 7 | description = "Avalability zone name (used for one zone efs)." 8 | type = string 9 | default = null 10 | } 11 | 12 | variable "performance_mode" { 13 | description = "The file system performance mode." 14 | type = string 15 | default = "generalPurpose" 16 | } 17 | 18 | variable "throughput_mode" { 19 | description = "Throughput mode for the file system." 20 | type = string 21 | default = "provisioned" 22 | } 23 | 24 | variable "provisioned_throughput_in_mibps_val" { 25 | description = "The throughput, measured in MiB/s, that you want to provision for the file system." 26 | type = number 27 | default = 10 28 | } 29 | 30 | # --------------------------------------------------------------------------------------------------------------------- 31 | # REQUIRED PARAMETERS 32 | # You must provide a value for each of these parameters. 33 | # --------------------------------------------------------------------------------------------------------------------- 34 | 35 | variable "token_name" { 36 | description = "A unique name used as reference when creating the Elastic File System to ensure idempotent file system creation." 37 | type = string 38 | } 39 | 40 | variable "encryption" { 41 | description = "EFS encryption status." 42 | type = bool 43 | } 44 | 45 | variable "infrequent_access_transition_dur" { 46 | description = "How long it takes to transition files to the IA storage class." 47 | type = string 48 | } 49 | 50 | variable "tag_name" { 51 | description = "EFS tag name." 52 | type = string 53 | } -------------------------------------------------------------------------------- /modules/25-efs/efs-storage/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = ">= 4.0" 8 | } 9 | } 10 | } --------------------------------------------------------------------------------