├── modules
├── 04-s3bucket
│ ├── README.md
│ └── s3bucket-bucket
│ │ ├── versions.tf
│ │ ├── outputs.tf
│ │ ├── variables.tf
│ │ ├── README.md
│ │ └── main.tf
├── 02-ec2
│ ├── ec2-fundamentals
│ │ ├── MODULES
│ │ ├── versions.tf
│ │ ├── user-data-httpd.sh
│ │ ├── local.tf
│ │ ├── variables.tf
│ │ ├── outputs.tf
│ │ └── main.tf
│ ├── ec2-ebs
│ │ ├── versions.tf
│ │ ├── main.tf
│ │ ├── outputs.tf
│ │ ├── variables.tf
│ │ └── README.md
│ └── ec2-instance
│ │ ├── versions.tf
│ │ ├── ec2-user-data.sh
│ │ ├── outputs.tf
│ │ ├── variables.tf
│ │ ├── README.md
│ │ └── main.tf
├── 03-rds
│ └── rds-main
│ │ ├── versions.tf
│ │ ├── outputs.tf
│ │ ├── main.tf
│ │ ├── README.md
│ │ └── variables.tf
├── 17-lb
│ └── lb-alb
│ │ ├── versions.tf
│ │ ├── outputs.tf
│ │ ├── variables.tf
│ │ ├── main.tf
│ │ └── README.md
├── 01-iam
│ ├── iam-policy
│ │ ├── versions.tf
│ │ ├── main.tf
│ │ ├── outputs.tf
│ │ ├── variables.tf
│ │ └── README.md
│ ├── iam-role
│ │ ├── versions.tf
│ │ ├── variables.tf
│ │ ├── main.tf
│ │ ├── README.md
│ │ └── outputs.tf
│ └── iam-user
│ │ ├── versions.tf
│ │ ├── outputs.tf
│ │ ├── main.tf
│ │ ├── README.md
│ │ └── variables.tf
├── 25-efs
│ └── efs-storage
│ │ ├── versions.tf
│ │ ├── main.tf
│ │ ├── outputs.tf
│ │ ├── README.md
│ │ └── variables.tf
└── 05-route53
│ └── route53-main
│ ├── versions.tf
│ ├── outputs.tf
│ ├── main.tf
│ ├── README.md
│ └── variables.tf
├── assets
├── terraform-aws.png
└── terraform-aws2.jpeg
├── 17-lb
└── lb-alb
│ ├── README.md
│ ├── versions.tf
│ ├── outputs.tf
│ ├── variables.tf
│ └── main.tf
├── 02-ec2
├── 02-ec2-fundamentals
│ ├── README.md
│ ├── versions.tf
│ ├── main.tf
│ ├── variables.tf
│ ├── user-data-httpd.sh
│ └── outputs.tf
├── ec2-ebs
│ ├── README.md
│ ├── versions.tf
│ ├── outputs.tf
│ ├── main.tf
│ └── variables.tf
└── ec2-instance
│ ├── README.md
│ ├── versions.tf
│ ├── main.tf
│ ├── outputs.tf
│ └── variables.tf
├── 03-rds
├── rds-main
│ ├── README.md
│ ├── versions.tf
│ ├── outputs.tf
│ ├── main.tf
│ └── variables.tf
└── rds-replica
│ ├── README.md
│ ├── versions.tf
│ ├── outputs.tf
│ ├── main.tf
│ └── variables.tf
├── 25-efs
└── efs-storage
│ ├── README.md
│ ├── versions.tf
│ ├── main.tf
│ ├── outputs.tf
│ └── variables.tf
├── 04-s3bucket
└── s3bucket-bucket
│ ├── README.md
│ ├── versions.tf
│ ├── variables.tf
│ ├── outputs.tf
│ └── main.tf
├── 05-route53
├── route53-failover
│ ├── README.md
│ ├── versions.tf
│ ├── outputs.tf
│ ├── variables.tf
│ └── main.tf
├── route53-weighted
│ ├── README.md
│ ├── versions.tf
│ ├── outputs.tf
│ ├── variables.tf
│ └── main.tf
└── route53-geolocation
│ ├── README.md
│ ├── versions.tf
│ ├── outputs.tf
│ ├── variables.tf
│ └── main.tf
├── 01-iam
├── iam-policy
│ ├── README.md
│ ├── versions.tf
│ ├── variables.tf
│ ├── outputs.tf
│ └── main.tf
├── iam-role
│ ├── README.md
│ ├── versions.tf
│ ├── main.tf
│ ├── ec2-role.json
│ ├── variables.tf
│ ├── terraform.tfvars
│ ├── ec2-policy.json
│ └── outputs.tf
└── iam-user
│ ├── README.md
│ ├── versions.tf
│ ├── variables.tf
│ ├── main.tf
│ └── outputs.tf
├── .gitignore
├── LICENSE
└── README.md
/modules/04-s3bucket/README.md:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/modules/02-ec2/ec2-fundamentals/MODULES:
--------------------------------------------------------------------------------
1 | -
--------------------------------------------------------------------------------
/assets/terraform-aws.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/devopshobbies/terraform-aws-solution-architect/HEAD/assets/terraform-aws.png
--------------------------------------------------------------------------------
/assets/terraform-aws2.jpeg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/devopshobbies/terraform-aws-solution-architect/HEAD/assets/terraform-aws2.jpeg
--------------------------------------------------------------------------------
/17-lb/lb-alb/README.md:
--------------------------------------------------------------------------------
1 | ## Usage
2 |
3 | To run this example you need to execute:
4 |
5 | ```sh
6 | $ terraform init
7 | $ terraform plan
8 | $ terraform apply
9 | ```
--------------------------------------------------------------------------------
/02-ec2/02-ec2-fundamentals/README.md:
--------------------------------------------------------------------------------
1 | ## Usage
2 | To run this example you need to execute:
3 | ```sh
4 | $ terraform init
5 | $ terraform plan
6 | $ terraform apply
7 | ```
--------------------------------------------------------------------------------
/02-ec2/ec2-ebs/README.md:
--------------------------------------------------------------------------------
1 | ## Usage
2 |
3 | To run this example you need to execute:
4 |
5 | ```sh
6 | $ terraform init
7 | $ terraform plan
8 | $ terraform apply
9 | ```
--------------------------------------------------------------------------------
/03-rds/rds-main/README.md:
--------------------------------------------------------------------------------
1 | ## Usage
2 |
3 | To run this example you need to execute:
4 |
5 | ```sh
6 | $ terraform init
7 | $ terraform plan
8 | $ terraform apply
9 | ```
--------------------------------------------------------------------------------
/03-rds/rds-replica/README.md:
--------------------------------------------------------------------------------
1 | ## Usage
2 |
3 | To run this example you need to execute:
4 |
5 | ```sh
6 | $ terraform init
7 | $ terraform plan
8 | $ terraform apply
9 | ```
--------------------------------------------------------------------------------
/25-efs/efs-storage/README.md:
--------------------------------------------------------------------------------
1 | ## Usage
2 |
3 | To run this example you need to execute:
4 |
5 | ```sh
6 | $ terraform init
7 | $ terraform plan
8 | $ terraform apply
9 | ```
--------------------------------------------------------------------------------
/02-ec2/ec2-instance/README.md:
--------------------------------------------------------------------------------
1 | ## Usage
2 |
3 | To run this example you need to execute:
4 |
5 | ```sh
6 | $ terraform init
7 | $ terraform plan
8 | $ terraform apply
9 | ```
--------------------------------------------------------------------------------
/04-s3bucket/s3bucket-bucket/README.md:
--------------------------------------------------------------------------------
1 | ## Usage
2 |
3 | To run this example you need to execute:
4 |
5 | ```sh
6 | $ terraform init
7 | $ terraform plan
8 | $ terraform apply
9 | ```
--------------------------------------------------------------------------------
/05-route53/route53-failover/README.md:
--------------------------------------------------------------------------------
1 | ## Usage
2 |
3 | To run this example you need to execute:
4 |
5 | ```sh
6 | $ terraform init
7 | $ terraform plan
8 | $ terraform apply
9 | ```
--------------------------------------------------------------------------------
/05-route53/route53-weighted/README.md:
--------------------------------------------------------------------------------
1 | ## Usage
2 |
3 | To run this example you need to execute:
4 |
5 | ```sh
6 | $ terraform init
7 | $ terraform plan
8 | $ terraform apply
9 | ```
--------------------------------------------------------------------------------
/05-route53/route53-geolocation/README.md:
--------------------------------------------------------------------------------
1 | ## Usage
2 |
3 | To run this example you need to execute:
4 |
5 | ```sh
6 | $ terraform init
7 | $ terraform plan
8 | $ terraform apply
9 | ```
--------------------------------------------------------------------------------
/01-iam/iam-policy/README.md:
--------------------------------------------------------------------------------
1 | ## Usage
2 |
3 | To run this example you need to execute:
4 |
5 | ```sh
6 | $ terraform init
7 | $ terraform plan
8 | $ terraform apply
9 | ```
10 |
11 |
--------------------------------------------------------------------------------
/01-iam/iam-role/README.md:
--------------------------------------------------------------------------------
1 | ## Usage
2 |
3 | To run this example you need to execute:
4 |
5 | ```sh
6 | $ terraform init
7 | $ terraform plan
8 | $ terraform apply
9 | ```
10 |
11 |
--------------------------------------------------------------------------------
/01-iam/iam-user/README.md:
--------------------------------------------------------------------------------
1 | ## Usage
2 |
3 | To run this example you need to execute:
4 |
5 | ```sh
6 | $ terraform init
7 | $ terraform plan
8 | $ terraform apply
9 | ```
10 |
11 |
--------------------------------------------------------------------------------
/02-ec2/ec2-ebs/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 1.0"
3 |
4 | required_providers {
5 | aws = {
6 | source = "hashicorp/aws"
7 | version = ">= 4.0"
8 | }
9 | }
10 | }
--------------------------------------------------------------------------------
/17-lb/lb-alb/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 1.0"
3 |
4 | required_providers {
5 | aws = {
6 | source = "hashicorp/aws"
7 | version = ">= 4.0"
8 | }
9 | }
10 | }
--------------------------------------------------------------------------------
/01-iam/iam-policy/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 1.0"
3 |
4 | required_providers {
5 | aws = {
6 | source = "hashicorp/aws"
7 | version = ">= 4.0"
8 | }
9 | }
10 | }
--------------------------------------------------------------------------------
/01-iam/iam-role/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 1.0"
3 |
4 | required_providers {
5 | aws = {
6 | source = "hashicorp/aws"
7 | version = ">= 4.0.0"
8 | }
9 | }
10 | }
--------------------------------------------------------------------------------
/02-ec2/ec2-instance/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 1.0"
3 |
4 | required_providers {
5 | aws = {
6 | source = "hashicorp/aws"
7 | version = ">= 4.0"
8 | }
9 | }
10 | }
--------------------------------------------------------------------------------
/03-rds/rds-main/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 1.0"
3 |
4 | required_providers {
5 | aws = {
6 | source = "hashicorp/aws"
7 | version = ">= 4.0"
8 | }
9 | }
10 | }
--------------------------------------------------------------------------------
/03-rds/rds-replica/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 1.0"
3 |
4 | required_providers {
5 | aws = {
6 | source = "hashicorp/aws"
7 | version = ">= 4.0"
8 | }
9 | }
10 | }
--------------------------------------------------------------------------------
/25-efs/efs-storage/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 1.0"
3 |
4 | required_providers {
5 | aws = {
6 | source = "hashicorp/aws"
7 | version = ">= 4.0"
8 | }
9 | }
10 | }
--------------------------------------------------------------------------------
/01-iam/iam-user/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 1.0"
3 |
4 | required_providers {
5 | aws = {
6 | source = "hashicorp/aws"
7 | version = ">= 4.0"
8 | }
9 | }
10 | }
11 |
--------------------------------------------------------------------------------
/modules/02-ec2/ec2-ebs/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 1.0"
3 |
4 | required_providers {
5 | aws = {
6 | source = "hashicorp/aws"
7 | version = ">= 4.0"
8 | }
9 | }
10 | }
--------------------------------------------------------------------------------
/modules/03-rds/rds-main/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 1.0"
3 |
4 | required_providers {
5 | aws = {
6 | source = "hashicorp/aws"
7 | version = ">= 4.0"
8 | }
9 | }
10 | }
--------------------------------------------------------------------------------
/modules/17-lb/lb-alb/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 1.0"
3 |
4 | required_providers {
5 | aws = {
6 | source = "hashicorp/aws"
7 | version = ">= 4.0"
8 | }
9 | }
10 | }
--------------------------------------------------------------------------------
/02-ec2/02-ec2-fundamentals/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 1.0"
3 | required_providers {
4 | aws = {
5 | source = "hashicorp/aws"
6 | version = ">= 4.0.0"
7 | }
8 | }
9 | }
10 |
--------------------------------------------------------------------------------
/04-s3bucket/s3bucket-bucket/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 1.0"
3 |
4 | required_providers {
5 | aws = {
6 | source = "hashicorp/aws"
7 | version = ">= 4.0"
8 | }
9 | }
10 | }
--------------------------------------------------------------------------------
/05-route53/route53-failover/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 1.0"
3 |
4 | required_providers {
5 | aws = {
6 | source = "hashicorp/aws"
7 | version = ">= 4.0"
8 | }
9 | }
10 | }
--------------------------------------------------------------------------------
/05-route53/route53-weighted/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 1.0"
3 |
4 | required_providers {
5 | aws = {
6 | source = "hashicorp/aws"
7 | version = ">= 4.0"
8 | }
9 | }
10 | }
--------------------------------------------------------------------------------
/modules/01-iam/iam-policy/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 1.0"
3 |
4 | required_providers {
5 | aws = {
6 | source = "hashicorp/aws"
7 | version = ">= 4.0"
8 | }
9 | }
10 | }
--------------------------------------------------------------------------------
/modules/01-iam/iam-role/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 1.0"
3 |
4 | required_providers {
5 | aws = {
6 | source = "hashicorp/aws"
7 | version = ">= 4.0.0"
8 | }
9 | }
10 | }
--------------------------------------------------------------------------------
/modules/01-iam/iam-user/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 1.0"
3 |
4 | required_providers {
5 | aws = {
6 | source = "hashicorp/aws"
7 | version = ">= 4.0"
8 | }
9 | }
10 | }
11 |
--------------------------------------------------------------------------------
/modules/02-ec2/ec2-instance/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 1.0"
3 |
4 | required_providers {
5 | aws = {
6 | source = "hashicorp/aws"
7 | version = ">= 4.0"
8 | }
9 | }
10 | }
--------------------------------------------------------------------------------
/modules/25-efs/efs-storage/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 1.0"
3 |
4 | required_providers {
5 | aws = {
6 | source = "hashicorp/aws"
7 | version = ">= 4.0"
8 | }
9 | }
10 | }
--------------------------------------------------------------------------------
/01-iam/iam-role/main.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 | region = var.region
3 | }
4 | module "iam_role" {
5 | source = "../../modules/01-iam/iam-role"
6 | instance_type = var.instance_type
7 | public_key = var.public_key
8 | }
9 |
--------------------------------------------------------------------------------
/05-route53/route53-geolocation/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 1.0"
3 |
4 | required_providers {
5 | aws = {
6 | source = "hashicorp/aws"
7 | version = ">= 4.0"
8 | }
9 | }
10 | }
--------------------------------------------------------------------------------
/modules/05-route53/route53-main/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 1.0"
3 |
4 | required_providers {
5 | aws = {
6 | source = "hashicorp/aws"
7 | version = ">= 4.0"
8 | }
9 | }
10 | }
--------------------------------------------------------------------------------
/modules/02-ec2/ec2-fundamentals/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 1.0"
3 | required_providers {
4 | aws = {
5 | source = "hashicorp/aws"
6 | version = ">= 4.0.0"
7 | }
8 | }
9 | }
10 |
11 |
--------------------------------------------------------------------------------
/modules/04-s3bucket/s3bucket-bucket/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 1.0"
3 |
4 | required_providers {
5 | aws = {
6 | source = "hashicorp/aws"
7 | version = ">= 4.0"
8 | }
9 | }
10 | }
--------------------------------------------------------------------------------
/02-ec2/02-ec2-fundamentals/main.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 | region = var.region
3 | }
4 | module "iam_ec2_fundamentals" {
5 | source = "../../modules/02-ec2/ec2-fundamentals"
6 | # instance_type = var.instance_type
7 | public_key = var.public_key
8 | }
--------------------------------------------------------------------------------
/modules/01-iam/iam-policy/main.tf:
--------------------------------------------------------------------------------
1 | resource "aws_iam_policy" "policy" {
2 | count = var.create_policy ? 1 : 0
3 |
4 | name = var.name
5 | path = var.path
6 | description = var.description
7 |
8 | policy = var.policy
9 |
10 | tags = var.tags
11 | }
--------------------------------------------------------------------------------
/01-iam/iam-user/variables.tf:
--------------------------------------------------------------------------------
1 | variable "username" {
2 | type = string
3 | default = "my-user"
4 | }
5 |
6 | variable "group" {
7 | type = string
8 | default = "my-group"
9 | }
10 |
11 | variable "password_reset_required" {
12 | type = bool
13 | default = true
14 | }
15 |
--------------------------------------------------------------------------------
/17-lb/lb-alb/outputs.tf:
--------------------------------------------------------------------------------
1 | output "alb_dns_name" {
2 | value = module.alb.alb_dns_name
3 | description = "The domain name of the load balancer"
4 | }
5 |
6 | output "alb_http_listener_arn" {
7 | value = module.alb.alb_http_listener_arn
8 | description = "The ARN of the HTTP listener"
9 | }
--------------------------------------------------------------------------------
/modules/17-lb/lb-alb/outputs.tf:
--------------------------------------------------------------------------------
1 | output "alb_dns_name" {
2 | value = aws_lb.lb.dns_name
3 | description = "The domain name of the load balancer"
4 | }
5 |
6 | output "alb_http_listener_arn" {
7 | value = aws_lb_listener.lb_listener_http.arn
8 | description = "The ARN of the HTTP listener"
9 | }
--------------------------------------------------------------------------------
/01-iam/iam-user/main.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 | region = "us-east-1"
3 | }
4 |
5 | module "iam_user" {
6 | source = "../../modules/01-iam/iam-user"
7 |
8 | username = var.username
9 | group = var.group
10 | password_reset_required = var.password_reset_required
11 | }
12 |
--------------------------------------------------------------------------------
/01-iam/iam-role/ec2-role.json:
--------------------------------------------------------------------------------
1 | {
2 | "Version": "2012-10-17",
3 | "Statement": [
4 | {
5 | "Action": "sts:AssumeRole",
6 | "Principal": {
7 | "Service": "ec2.amazonaws.com"
8 | },
9 | "Effect": "Allow",
10 | "Sid": ""
11 | }
12 | ]
13 | }
14 |
--------------------------------------------------------------------------------
/modules/02-ec2/ec2-instance/ec2-user-data.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # Use this for your user data (script from top to bottom)
3 | # install httpd (Linux 2 version)
4 | yum update -y
5 | yum install -y httpd
6 | systemctl start httpd
7 | systemctl enable httpd
8 | echo "Hello World from $(hostname -f)
" > /var/www/html/index.html
--------------------------------------------------------------------------------
/modules/02-ec2/ec2-fundamentals/user-data-httpd.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # Use this for your user data (script from top to bottom)
3 | # install httpd (Linux 2 version)
4 | sudo yum update -y
5 | sudo yum install -y httpd
6 | sudo systemctl start httpd
7 | sudo systemctl enable httpd
8 | sudo echo "Hello World from $(hostname -f)
" > /var/www/html/index.html
9 |
--------------------------------------------------------------------------------
/02-ec2/ec2-instance/main.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 | region = var.region
3 | }
4 |
5 | module "ec2-instance" {
6 | source = "../../modules/02-ec2/ec2-instance"
7 | instance_type = var.instance_type
8 | instance_name = var.instance_name
9 | ami = var.ami
10 | number_of_instances = var.number_of_instances
11 |
12 | use_elastic_ip = true
13 |
14 | }
--------------------------------------------------------------------------------
/25-efs/efs-storage/main.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 | region = var.region
3 | }
4 |
5 | module "efs_storage" {
6 | source = "../../modules/25-efs/efs-storage"
7 |
8 | token_name = var.token_name
9 | encryption = var.encryption
10 |
11 | infrequent_access_transition_dur = var.infrequent_access_transition_dur
12 | tag_name = var.tag_name
13 |
14 | }
--------------------------------------------------------------------------------
/01-iam/iam-policy/variables.tf:
--------------------------------------------------------------------------------
1 | variable "region" {
2 | type = string
3 | default = "us-east-1"
4 | }
5 |
6 | variable "name" {
7 | description = "The name of the policy"
8 | type = string
9 | default = "My-policy"
10 | }
11 |
12 | variable "path" {
13 | description = "The name of the policy"
14 | type = string
15 | default = "/"
16 | }
17 |
--------------------------------------------------------------------------------
/02-ec2/02-ec2-fundamentals/variables.tf:
--------------------------------------------------------------------------------
1 | variable "region" {
2 | description = "region eu-east-1"
3 | type = string
4 | default = "us-east-1"
5 | }
6 | variable "instance_type" {
7 | description = "Instance type"
8 | type = string
9 | default = "t2.micro"
10 | }
11 | variable "public_key" {
12 | description = "Public Key"
13 | type = string
14 | }
15 |
--------------------------------------------------------------------------------
/modules/02-ec2/ec2-ebs/main.tf:
--------------------------------------------------------------------------------
1 | resource "aws_volume_attachment" "ebs_vol_att" {
2 | device_name = var.ebs_device_name
3 | instance_id = var.instance_id
4 |
5 | volume_id = aws_ebs_volume.ebs_vol.id
6 | }
7 |
8 | resource "aws_ebs_volume" "ebs_vol" {
9 |
10 | availability_zone = var.availability_zone
11 | size = var.ebs_vol_size
12 | encrypted = var.encrypt_ebs
13 | }
--------------------------------------------------------------------------------
/01-iam/iam-role/variables.tf:
--------------------------------------------------------------------------------
1 | variable "region" {
2 | description = "region eu-east-1"
3 | type = string
4 | default = "us-east-1"
5 | }
6 | variable "instance_type" {
7 | description = "instance_type"
8 | type = string
9 | default = "t2.micro"
10 | }
11 | variable "public_key" {
12 | description = "Public Key"
13 | type = string
14 | # default = ""
15 | }
--------------------------------------------------------------------------------
/02-ec2/02-ec2-fundamentals/user-data-httpd.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # Use this for your user data (script from top to bottom)
3 | # install httpd (Linux 2 version)
4 | sudo echo "nameserver 8.8.8.8" >> /etc/resolv.conf
5 | sudo yum update -y
6 | sudo yum install -y httpd
7 | sudo systemctl start httpd
8 | sudo systemctl enable httpd
9 | sudo echo "Hello World from $(hostname -f)
" > /var/www/html/index.html
10 |
--------------------------------------------------------------------------------
/01-iam/iam-role/terraform.tfvars:
--------------------------------------------------------------------------------
1 | public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSD1Sg+QrJ11fAFnXxO7BhboPGCqJg+0tHg96F00lt5LdCoewkcb78SMLXmkaoktJP8RvTxVzbo+C/9HyF40WZl8um+XW31WDFTclyIFJj2+gsv8JXI6NuxE2knQhgvWHKfrojstPFcHuVTm9VQgKwf7nPO6fPC4WNGCSwcQwnmoLrk72DKrHSEN4i3REoxSEjuk0p7LYyNYHRY7bPI2uvS9QpUm0KX2ygS+BzVb0x/q8gg6oBcdUX4r96CqMdT70V1hataqH5BTI8fUH31WZaP7ExDBv7TtH9Rz11lcAdehVJkv4n0HZGxhpEk/iRTEaP3W/IEYNtsp2mgINpIHM9 root@Admin"
2 |
--------------------------------------------------------------------------------
/05-route53/route53-failover/outputs.tf:
--------------------------------------------------------------------------------
1 | output "route-record-name" {
2 | value = module.route53-main.route-record-name
3 | description = "Route53 Record Name"
4 | }
5 |
6 | output "route-records" {
7 | value = module.route53-main.route-records
8 | description = "Route53 Records"
9 | }
10 |
11 | output "route-record-ttl" {
12 | value = module.route53-main.route-record-ttl
13 | description = "Route53 TTL"
14 | }
--------------------------------------------------------------------------------
/05-route53/route53-weighted/outputs.tf:
--------------------------------------------------------------------------------
1 | output "route-record-name" {
2 | value = module.route53-main.route-record-name
3 | description = "Route53 Record Name"
4 | }
5 |
6 | output "route-records" {
7 | value = module.route53-main.route-records
8 | description = "Route53 Records"
9 | }
10 |
11 | output "route-record-ttl" {
12 | value = module.route53-main.route-record-ttl
13 | description = "Route53 TTL"
14 | }
--------------------------------------------------------------------------------
/05-route53/route53-geolocation/outputs.tf:
--------------------------------------------------------------------------------
1 | output "route-record-name" {
2 | value = module.route53-main.route-record-name
3 | description = "Route53 Record Name"
4 | }
5 |
6 | output "route-records" {
7 | value = module.route53-main.route-records
8 | description = "Route53 Records"
9 | }
10 |
11 | output "route-record-ttl" {
12 | value = module.route53-main.route-record-ttl
13 | description = "Route53 TTL"
14 | }
--------------------------------------------------------------------------------
/modules/01-iam/iam-role/variables.tf:
--------------------------------------------------------------------------------
1 | variable "instance_type" {
2 | description = "instance_type"
3 | type = string
4 | default = "t2.micro"
5 | }
6 | variable "ami" {
7 | description = "AMI"
8 | type = string
9 | default = "ami-05fa00d4c63e32376"
10 | }
11 | variable "instance_name" {
12 | description = "instance_name"
13 | type = string
14 | default = "iam role"
15 | }
16 | variable "public_key" {
17 | description = "Public Key"
18 | type = string
19 | default = ""
20 | }
21 |
--------------------------------------------------------------------------------
/01-iam/iam-role/ec2-policy.json:
--------------------------------------------------------------------------------
1 | {
2 | "Version": "2012-10-17",
3 | "Statement": [
4 | {
5 | "Effect": "Allow",
6 | "Action": [
7 | "iam:GenerateCredentialReport",
8 | "iam:GenerateServiceLastAccessedDetails",
9 | "iam:Get*",
10 | "iam:List*",
11 | "iam:SimulateCustomPolicy",
12 | "iam:SimulatePrincipalPolicy"
13 | ],
14 | "Resource": "*"
15 | }
16 | ]
17 | }
--------------------------------------------------------------------------------
/modules/01-iam/iam-user/outputs.tf:
--------------------------------------------------------------------------------
1 | output "iam_user_name" {
2 | value = one(aws_iam_user.dvhb[*].name)
3 | }
4 |
5 | output "iam_user_password" {
6 | value = one(aws_iam_user_login_profile.dvhb[*].password)
7 | }
8 |
9 | output "iam_user_accesskey" {
10 | value = one(aws_iam_access_key.dvhb[*].id)
11 | }
12 |
13 | output "iam_user_secret" {
14 | value = one(aws_iam_access_key.dvhb[*].secret)
15 | sensitive = true
16 | }
17 |
18 | output "iam_group_name" {
19 | value = one(aws_iam_group.dvhb[*].name)
20 | }
--------------------------------------------------------------------------------
/02-ec2/ec2-ebs/outputs.tf:
--------------------------------------------------------------------------------
1 | output "ebs-vol-arn" {
2 | value = module.ebs-volume.ebs-vol-arn
3 | description = "EBS Volume ARN"
4 | }
5 |
6 | output "ebs-vol-size" {
7 | value = module.ebs-volume.ebs-vol-size
8 | description = "EBS Volume Size"
9 | }
10 |
11 | output "ebs-vol-type" {
12 | value = module.ebs-volume.ebs-vol-type
13 | description = "EBS Volume Type"
14 | }
15 |
16 | output "ebs-vol-az" {
17 | value = module.ebs-volume.ebs-vol-az
18 | description = "EBS Volume Availability Zone"
19 | }
--------------------------------------------------------------------------------
/modules/02-ec2/ec2-ebs/outputs.tf:
--------------------------------------------------------------------------------
1 | output "ebs-vol-arn" {
2 | value = aws_ebs_volume.ebs_vol.arn
3 | description = "EBS Volume ARN"
4 | }
5 |
6 | output "ebs-vol-size" {
7 | value = aws_ebs_volume.ebs_vol.size
8 | description = "EBS Volume Size"
9 | }
10 |
11 | output "ebs-vol-type" {
12 | value = aws_ebs_volume.ebs_vol.type
13 | description = "EBS Volume Type"
14 | }
15 |
16 | output "ebs-vol-az" {
17 | value = aws_ebs_volume.ebs_vol.availability_zone
18 | description = "EBS Volume Availability Zone"
19 | }
--------------------------------------------------------------------------------
/modules/05-route53/route53-main/outputs.tf:
--------------------------------------------------------------------------------
1 | output "route-record-name" {
2 | value = [for route_info in aws_route53_record.route_record : route_info.name]
3 | description = "Route53 Record Name"
4 | }
5 |
6 | output "route-records" {
7 | value = [for route_info in aws_route53_record.route_record : route_info.records]
8 | description = "Route53 Records"
9 | }
10 |
11 | output "route-record-ttl" {
12 | value = [for route_info in aws_route53_record.route_record : route_info.ttl]
13 | description = "Route53 TTL"
14 | }
--------------------------------------------------------------------------------
/modules/25-efs/efs-storage/main.tf:
--------------------------------------------------------------------------------
1 | resource "aws_efs_file_system" "efs_fs" {
2 | creation_token = var.token_name
3 | availability_zone_name = var.availability_zone_name
4 |
5 | encrypted = var.encryption
6 | throughput_mode = var.throughput_mode
7 |
8 | performance_mode = var.performance_mode
9 |
10 | provisioned_throughput_in_mibps = var.throughput_mode == "provisioned" ? var.provisioned_throughput_in_mibps_val : null
11 |
12 | lifecycle_policy {
13 | transition_to_ia = var.infrequent_access_transition_dur
14 | }
15 |
16 | tags = {
17 | Name = var.tag_name
18 | }
19 |
20 | }
--------------------------------------------------------------------------------
/01-iam/iam-policy/outputs.tf:
--------------------------------------------------------------------------------
1 | output "id" {
2 | description = "The policy ID"
3 | value = module.iam_policy.id
4 | }
5 |
6 | output "description" {
7 | description = "The description of the policy"
8 | value = module.iam_policy.description
9 | }
10 |
11 | output "name" {
12 | description = "The name of the policy"
13 | value = module.iam_policy.name
14 | }
15 |
16 | output "path" {
17 | description = "The path of the policy in IAM"
18 | value = module.iam_policy.path
19 | }
20 |
21 | output "policy" {
22 | description = "The policy document"
23 | value = module.iam_policy.policy
24 | }
--------------------------------------------------------------------------------
/02-ec2/ec2-ebs/main.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 | region = var.region
3 | }
4 |
5 | module "ec2-instance" {
6 | source = "../../modules/02-ec2/ec2-instance"
7 | instance_type = var.instance_type
8 | instance_name = var.instance_name
9 | ami = var.ami
10 |
11 | }
12 |
13 | module "ebs-volume" {
14 | source = "../../modules/02-ec2/ec2-ebs"
15 | ebs_device_name = var.ebs_device_name
16 | ebs_vol_size = var.ebs_vol_size
17 | encrypt_ebs = var.encrypt_ebs
18 |
19 | instance_id = module.ec2-instance.ec2-instance-id
20 | availability_zone = module.ec2-instance.ec2-instance-az
21 | }
--------------------------------------------------------------------------------
/01-iam/iam-policy/main.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 | region = var.region
3 | }
4 |
5 | module "iam_policy" {
6 | source = "../../modules/01-iam/iam-policy"
7 |
8 | name = var.name
9 | path = var.path
10 | description = "S3 bucket Read-Only policy"
11 |
12 | policy = <= 1.0 |
6 | |aws| >= 4.0 |
7 |
8 | ## Providers
9 |
10 | | Name | Version |
11 | |------|---------|
12 | |aws| >= 4.0 |
13 |
14 | ## Modules
15 |
16 | No modules.
17 |
18 | ## Resources
19 |
20 | | Name | Type |
21 | |------|------|
22 | |aws_lb.lb| resource |
23 | |aws_lb_listener.lb_listener| resource |
24 |
25 | ## Inputs
26 |
27 | | Name | Description | Type | Default | Required |
28 | |------|-------------|------|---------|:--------:|
29 | |alb\_name| The Name To Use For This ALB | `string` | n/a | yes |
30 | |security\_group\_id| The Security Group | `any` | n/a | yes |
31 | |subnet\_ids| The Subnet IDs To Deploy | `list(string)` | n/a | yes |
32 |
33 | ## Outputs
34 |
35 | | Name | Description |
36 | |------|-------------|
37 | |alb\_dns\_name| The Domain Name of The Load Balancer |
38 | |alb\_http\_listener\_arn| The ARN of The HTTP Listener |
--------------------------------------------------------------------------------
/modules/01-iam/iam-policy/variables.tf:
--------------------------------------------------------------------------------
1 | ### IF VARS ###
2 | variable "create_policy" {
3 | description = "Whether to create the IAM policy"
4 | type = bool
5 | default = true
6 | }
7 | ### IF VARS ###
8 |
9 | variable "name" {
10 | description = "The name of the policy"
11 | type = string
12 | default = ""
13 | }
14 |
15 | variable "path" {
16 | description = "The path of the policy in IAM"
17 | type = string
18 | default = "/"
19 | }
20 |
21 | variable "description" {
22 | description = "The description of the policy"
23 | type = string
24 | default = "IAM Policy"
25 | }
26 |
27 | variable "policy" {
28 | description = "The path of the policy in IAM (tpl file)"
29 | type = string
30 | default = ""
31 | }
32 |
33 | variable "tags" {
34 | description = "A map of tags to add to all resources."
35 | type = map(string)
36 | default = {
37 | created_by = "Terraform"
38 | }
39 | }
--------------------------------------------------------------------------------
/modules/02-ec2/ec2-instance/outputs.tf:
--------------------------------------------------------------------------------
1 | output "ec2-instance-ipv4" {
2 | value = var.use_elastic_ip ? aws_eip.ec2-eip.*.public_ip : aws_instance.ec2-instance.*.public_ip
3 | description = "IPV4 of Created EC2-Instance"
4 | }
5 |
6 | output "ec2-instance-id" {
7 | value = aws_instance.ec2-instance.*.id
8 | description = "ID of Created EC2-Instance"
9 | }
10 |
11 | output "ec2-instance-name" {
12 | value = aws_instance.ec2-instance.*.tags
13 | description = "Name of Created EC2-Instance"
14 | }
15 |
16 | output "ec2-instance-dns" {
17 | value = aws_instance.ec2-instance.*.public_dns
18 | description = "Public DNS of Created EC2-Instance"
19 | }
20 |
21 | output "ec2-elastic-address" {
22 | description = "Elastic IP Address"
23 | value = [for eip_info in aws_eip.ec2-eip : eip_info.address]
24 | }
25 |
26 | output "ec2-security-group-id" {
27 | value = aws_security_group.ec2-sg.id
28 | description = "The EC2 Security Group ID"
29 | }
--------------------------------------------------------------------------------
/02-ec2/ec2-instance/variables.tf:
--------------------------------------------------------------------------------
1 | # ---------------------------------------------------------------------------------------------------------------------
2 | # OPTIONAL PARAMETERS
3 | # These parameters have reasonable defaults.
4 | # ---------------------------------------------------------------------------------------------------------------------
5 |
6 | variable "region" {
7 | type = string
8 | default = "us-east-1"
9 | }
10 |
11 | variable "instance_type" {
12 | description = "Default Instance Type"
13 | type = string
14 | default = "t2.micro"
15 | }
16 |
17 | variable "ami" {
18 | description = "Default Amazon Machine Image Type(AMI)"
19 | type = string
20 | default = "ami-05fa00d4c63e32376"
21 | }
22 |
23 | variable "instance_name" {
24 | description = "Default Instance Name"
25 | type = string
26 | default = "ec2_instance_default"
27 | }
28 |
29 | variable "number_of_instances" {
30 | description = "Numbe of Instances"
31 | type = number
32 | default = 1
33 | }
--------------------------------------------------------------------------------
/modules/01-iam/iam-user/main.tf:
--------------------------------------------------------------------------------
1 | # Definition of IAM Users and Groups
2 | resource "aws_iam_user" "dvhb" {
3 | count = var.create_user ? 1 : 0
4 |
5 | name = var.username
6 | path = var.path
7 | tags = var.tags
8 | }
9 |
10 | resource "aws_iam_user_login_profile" "dvhb" {
11 | count = var.create_user && var.create_iam_user_login_profile ? 1 : 0
12 |
13 | user = aws_iam_user.dvhb[0].name
14 | pgp_key = var.pgp_key
15 | password_length = var.password_length
16 | password_reset_required = var.password_reset_required
17 | }
18 |
19 | resource "aws_iam_access_key" "dvhb" {
20 | count = var.create_user && var.create_iam_access_key ? 1 : 0
21 |
22 | user = aws_iam_user.dvhb[0].name
23 | pgp_key = var.pgp_key
24 | }
25 |
26 | resource "aws_iam_group" "dvhb" {
27 |
28 | name = var.group
29 | }
30 |
31 | resource "aws_iam_group_membership" "dvhb" {
32 |
33 | name = "dvhb-group"
34 |
35 | users = [
36 | aws_iam_user.dvhb[0].name
37 | ]
38 |
39 | group = aws_iam_group.dvhb.name
40 | }
41 |
--------------------------------------------------------------------------------
/modules/02-ec2/ec2-fundamentals/variables.tf:
--------------------------------------------------------------------------------
1 | variable "ec2_deployments" {
2 | type = map(any)
3 | default = {
4 | "web" = {
5 | "region" = "us-east-1"
6 | "instance_type" = "t2.micro"
7 | }
8 | # "app" = {
9 | # "region" = "us-east-1"
10 | # "instance_type" = "t2.micro"
11 | # },
12 | # "backend" = {
13 | # "region" = "us-east-1"
14 | # "instance_type" = "t2.micro"
15 | # }
16 | }
17 | }
18 | variable "instance_name" {
19 | description = "instance name"
20 | type = string
21 | default = "ec2-fundamentals"
22 | }
23 | variable "public_key" {
24 | description = "Public Key"
25 | type = string
26 | default = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSD1Sg+QrJ11fAFnXxO7BhboPGCqJg+0tHg96F00lt5LdCoewkcb78SMLXmkaoktJP8RvTxVzbo+C/9HyF40WZl8um+XW31WDFTclyIFJj2+gsv8JXI6NuxE2knQhgvWHKfrojstPFcHuVTm9VQgKwf7nPO6fPC4WNGCSwcQwnmoLrk72DKrHSEN4i3REoxSEjuk0p7LYyNYHRY7bPI2uvS9QpUm0KX2ygS+BzVb0x/q8gg6oBcdUX4r96CqMdT70V1hataqH5BTI8fUH31WZaP7ExDBv7TtH9Rz11lcAdehVJkv4n0HZGxhpEk/iRTEaP3W/IEYNtsp2mgINpIHM9 root@Admin"
27 | }
28 |
--------------------------------------------------------------------------------
/25-efs/efs-storage/variables.tf:
--------------------------------------------------------------------------------
1 | # ---------------------------------------------------------------------------------------------------------------------
2 | # OPTIONAL PARAMETERS
3 | # These parameters have reasonable defaults.
4 | # ---------------------------------------------------------------------------------------------------------------------
5 | variable "region" {
6 | type = string
7 | default = "us-east-1"
8 | }
9 |
10 | variable "token_name" {
11 | description = "A unique name used as reference when creating the Elastic File System to ensure idempotent file system creation."
12 | type = string
13 | default = "my_efs_token_name"
14 | }
15 |
16 | variable "encryption" {
17 | description = "EFS encryption status."
18 | type = bool
19 | default = true
20 | }
21 |
22 | variable "infrequent_access_transition_dur" {
23 | description = "How long it takes to transition files to the IA storage class."
24 | type = string
25 | default = "AFTER_30_DAYS"
26 | }
27 |
28 | variable "tag_name" {
29 | description = "EFS tag name."
30 | type = string
31 | default = "new_efs_storage"
32 | }
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | MIT License
2 |
3 | Copyright (c) 2022 DevOps Hobbies
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 |
--------------------------------------------------------------------------------
/modules/02-ec2/ec2-ebs/README.md:
--------------------------------------------------------------------------------
1 | ## Requirements
2 |
3 | | Name | Version |
4 | |------|---------|
5 | |terraform| >= 1.0 |
6 | |aws| >= 4.0 |
7 |
8 | ## Providers
9 |
10 | | Name | Version |
11 | |------|---------|
12 | |aws| >= 4.0 |
13 |
14 | ## Modules
15 |
16 | No modules.
17 |
18 | ## Resources
19 |
20 | | Name | Type |
21 | |------|------|
22 | |aws_ebs_volume.ebs_vol| resource |
23 | |aws_volume_attachment.ebs_vol_att| resource |
24 |
25 | ## Inputs
26 |
27 | | Name | Description | Type | Default | Required |
28 | |------|-------------|------|---------|:--------:|
29 | |availability\_zone| EBS Availability Zone (Must Be Same As EC2 AZ) | `string` | n/a | yes |
30 | |ebs\_device\_name| Name of EBS Device | `string` | n/a | yes |
31 | |ebs\_vol\_size| EBS Volume Size | `number` | n/a | yes |
32 | |encrypt\_ebs| EBS Encryption Status | `bool` | n/a | yes |
33 | |instance\_id| Corresponding Instance ID For EBS | `string` | n/a | yes |
34 |
35 | ## Outputs
36 |
37 | | Name | Description |
38 | |------|-------------|
39 | |ebs-vol-arn| EBS Volume ARN |
40 | |ebs-vol-az| EBS Volume Availability Zone |
41 | |ebs-vol-size| EBS Volume Size |
42 | |ebs-vol-type| EBS Volume Type |
--------------------------------------------------------------------------------
/modules/03-rds/rds-main/outputs.tf:
--------------------------------------------------------------------------------
1 | output "rds-vol-name" {
2 | value = aws_db_instance.db_instance.db_name
3 | description = "RDS Volume Name"
4 | }
5 |
6 | output "rds-vol-id" {
7 | value = aws_db_instance.db_instance.id
8 | description = "RDS Volume ID"
9 | }
10 |
11 | output "rds-vol-address" {
12 | value = aws_db_instance.db_instance.address
13 | description = "RDS Volume Address"
14 | }
15 |
16 | output "rds-vol-engine" {
17 | value = aws_db_instance.db_instance.engine
18 | description = "RDS Volume Engine"
19 | }
20 |
21 | output "rds-vol-engine-version" {
22 | value = aws_db_instance.db_instance.engine_version
23 | description = "RDS Volume Engine Version"
24 | }
25 |
26 | output "rds-vol-replicas" {
27 | value = aws_db_instance.db_instance.replicas
28 | description = "RDS Volume Replicas"
29 | }
30 |
31 | output "rds-vol-replica-mode" {
32 | value = aws_db_instance.db_instance.replica_mode
33 | description = "RDS Volume Replica Mode"
34 | }
35 |
36 | output "rds-vol-replica-source-db" {
37 | value = aws_db_instance.db_instance.replicate_source_db
38 | description = "RDS Volume Source DB"
39 | }
--------------------------------------------------------------------------------
/modules/01-iam/iam-policy/README.md:
--------------------------------------------------------------------------------
1 | # IAM Module
2 | This Module introduces one main components:
3 | - IAM Policy
4 |
5 | ### Requirements
6 | |Name|Version|
7 | |----|-------|
8 | |terraform| >=1.0|
9 | |aws|>=4.0|
10 |
11 | ### Providers
12 | |Name|Version|
13 | |----|-------|
14 | |aws|>=4.0|
15 |
16 | ### Modules
17 | None
18 |
19 | ### Resources
20 | |Name|Type|
21 | |----|----|
22 | |aws_iam_policy.policy|resource|
23 |
24 |
25 | ### Inputs
26 | |Name|Description|Type|Default|Required|
27 | |----|-----------|----|-------|--------|
28 | | create_policy|Whether to create the IAM policy|bool|true|no|
29 | |description | The description of the policy | string | "IAM Policy" | no|
30 | |name | The name of the policy| string | "" | no|
31 | |path | The path of the policy in IAM |string | "/" | no|
32 | |policy |The path of the policy in IAM (tpl file) | string | ""| no|
33 | |tags | A map of tags to add to all resources. map(string) | {}| no|
34 |
35 |
36 |
37 | ### Outputs
38 | |Name|Description|
39 | |----|-------|
40 | |description | The description of the policy|
41 | |id |The policy's ID|
42 | |name | The name of the policy|
43 | |path | The path of the policy in IAM|
44 | |policy | The policy document|
--------------------------------------------------------------------------------
/02-ec2/ec2-ebs/variables.tf:
--------------------------------------------------------------------------------
1 | # ---------------------------------------------------------------------------------------------------------------------
2 | # OPTIONAL PARAMETERS
3 | # These parameters have reasonable defaults.
4 | # ---------------------------------------------------------------------------------------------------------------------
5 |
6 | variable "ebs_device_name" {
7 | description = "Name of EBS Device"
8 | type = string
9 | default = "/dev/sdh"
10 | }
11 |
12 | variable "ebs_vol_size" {
13 | description = "EBS Volume Size"
14 | type = number
15 | default = 2
16 | }
17 |
18 | variable "region" {
19 | type = string
20 | default = "us-east-1"
21 | }
22 |
23 | variable "instance_type" {
24 | description = "Default Instance Type"
25 | type = string
26 | default = "t2.micro"
27 | }
28 |
29 | variable "ami" {
30 | description = "Default Amazon Machine Image Type(AMI)"
31 | type = string
32 | default = "ami-05fa00d4c63e32376"
33 | }
34 |
35 | variable "instance_name" {
36 | description = "Default Instance Name"
37 | type = string
38 | default = "ec2_instance_default"
39 | }
40 |
41 | variable "encrypt_ebs" {
42 | description = "EBS Encryption Status"
43 | type = bool
44 | default = true
45 | }
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 |
2 |
3 | 
4 |
5 |
6 | # Terraform AWS Solution Architect (TASA)
7 |
8 | If you want to learn aws solution architect, you need to start it as a code and kill all the topics,So let's stop talking and start rolling the ball.
9 |
10 | - [01-IAM]() In Progress
11 | - [IAM-policy](https://github.com/devopshobbies/terraform-aws-solution-architect/tree/main/01-iam/iam-policy)
12 | - [IAM-role] In Progress
13 | - [IAM-user](https://github.com/devopshobbies/terraform-aws-solution-architect/tree/main/01-iam/iam-user)
14 | - [02-EC2]() In Progress
15 | - [03-RDS]() In Progress
16 | - [04-S3bucket]() In Progress
17 | - [05-Route53]() In Progress
18 | - [06-CloudFront]() In Progress
19 | - [07-SNS]() In Progress
20 | - [08-ECS]() In Progress
21 | - [09-EKS]() In Progress
22 | - [10-ECR]() In Progress
23 | - [11-CloudWatch]() In Progress
24 | - [12-VPC]() In Progress
25 | - [13-Redshift]() In Progress
26 | - [14-Glue]() In Progress
27 | - [15-MSK]() In Progress
28 | - [16-Neptune]() In Progress
29 | - [17-LB]() In Progress
30 | - [ALB]() In Progress
31 | - [NLB]() In Progress
32 | - [GWLB]() In Progress
33 | - [18-ASG]() In Progress
34 | - [19-SG]() In Progress
35 | - [20-KMS]() In Progress
36 | - [21-cloudtrail]() In Progress
37 | - [22-waf]() In Progress
38 | - [23-SQS]() In Progress
39 | - [24-ACM]() In Progress
40 | - [25-EFS]() In Progress
41 |
--------------------------------------------------------------------------------
/03-rds/rds-replica/main.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 | region = var.region
3 | }
4 |
5 | module "rds-main" {
6 | source = "../../modules/03-rds/rds-main"
7 | identifier = "my-new-rds"
8 | instance_class = "db.t2.micro"
9 | username = "admin"
10 | password = "adminadmin"
11 |
12 | allocated_storage = var.allocated_storage
13 | max_allocated_storage = var.max_allocated_storage
14 |
15 | backup_retention_period = var.backup_retention_period
16 |
17 | skip_final_snapshot = var.skip_final_snapshot
18 |
19 | multi_az = var.multi_az
20 |
21 | storage_encrypted = var.storage_encrypted
22 |
23 | engine = var.engine
24 |
25 | engine_version = var.engine_version
26 |
27 | apply_immediately = var.apply_immediately
28 |
29 | apply_method = var.apply_method
30 | }
31 |
32 | module "rds-replica" {
33 | source = "../../modules/03-rds/rds-main"
34 | identifier = "my-new-rds-replica"
35 | instance_class = "db.t2.micro"
36 |
37 | allocated_storage = var.allocated_storage
38 | max_allocated_storage = var.max_allocated_storage
39 |
40 | backup_retention_period = var.backup_retention_period
41 |
42 | skip_final_snapshot = var.skip_final_snapshot
43 |
44 | multi_az = var.multi_az
45 |
46 | storage_encrypted = var.storage_encrypted
47 |
48 | apply_immediately = var.apply_immediately
49 |
50 | apply_method = var.apply_method
51 |
52 | replicate_source_db = module.rds-main.rds-vol-id
53 | }
--------------------------------------------------------------------------------
/modules/02-ec2/ec2-instance/variables.tf:
--------------------------------------------------------------------------------
1 | # ---------------------------------------------------------------------------------------------------------------------
2 | # REQUIRED PARAMETERS
3 | # You must provide a value for each of these parameters.
4 | # ---------------------------------------------------------------------------------------------------------------------
5 |
6 | variable "instance_type" {
7 | description = "Default Instance Type"
8 | type = string
9 | }
10 |
11 | variable "ami" {
12 | description = "Default Amazon Machine Image Type(AMI)"
13 | type = string
14 | }
15 |
16 | variable "instance_name" {
17 | description = "Default Instance Name"
18 | type = string
19 | }
20 |
21 | # ---------------------------------------------------------------------------------------------------------------------
22 | # OPTIONAL PARAMETERS
23 | # These parameters have reasonable defaults.
24 | # ---------------------------------------------------------------------------------------------------------------------
25 |
26 | variable "use_elastic_ip" {
27 | description = "Default Usage of Elastic IP"
28 | type = bool
29 | default = false
30 | }
31 |
32 | variable "number_of_instances" {
33 | description = "Numbe of Instances"
34 | type = number
35 | default = 1
36 | }
37 |
38 | variable "use_user_data" {
39 | description = "Use User Data Status"
40 | type = bool
41 | default = false
42 | }
--------------------------------------------------------------------------------
/modules/05-route53/route53-main/main.tf:
--------------------------------------------------------------------------------
1 | resource "aws_route53_zone" "hosted_zone_public" {
2 | name = var.hosted_zone_name
3 |
4 | force_destroy = var.force_destroy
5 | }
6 |
7 | resource "aws_route53_record" "route_record" {
8 | for_each = { for k, v in var.config_list : k => v}
9 |
10 | zone_id = aws_route53_zone.hosted_zone_public.zone_id
11 | name = "${each.value.record_name}.${each.value.hosted_zone_name}"
12 |
13 | type = each.value.record_type
14 | ttl = each.value.ttl
15 | records = try(each.value.records_list, null)
16 | set_identifier = try(each.value.identifier, null)
17 | health_check_id = lookup(each.value, "health_check_id", null)
18 |
19 | dynamic "failover_routing_policy" {
20 | for_each = var.routing_policy_type == "failover" ? [true] : []
21 |
22 | content {
23 | type = each.value.failover_routing_policy.type
24 | }
25 | }
26 |
27 | dynamic "weighted_routing_policy" {
28 | for_each = var.routing_policy_type == "weighted" ? [true] : []
29 |
30 | content {
31 | weight = each.value.weighted_routing_policy.weight
32 | }
33 | }
34 |
35 | dynamic "geolocation_routing_policy" {
36 | for_each = var.routing_policy_type == "geolocation" ? [true] : []
37 |
38 | content {
39 | continent = lookup(each.value.geolocation_routing_policy, "continent", null)
40 | country = lookup(each.value.geolocation_routing_policy, "country", "*")
41 | }
42 | }
43 | }
--------------------------------------------------------------------------------
/17-lb/lb-alb/variables.tf:
--------------------------------------------------------------------------------
1 | # ---------------------------------------------------------------------------------------------------------------------
2 | # OPTIONAL PARAMETERS
3 | # These parameters have reasonable defaults.
4 | # ---------------------------------------------------------------------------------------------------------------------
5 |
6 | variable "region" {
7 | type = string
8 | default = "us-east-1"
9 | }
10 |
11 | variable "instance_type" {
12 | description = "Default Instance Type"
13 | type = string
14 | default = "t2.micro"
15 | }
16 |
17 | variable "ami" {
18 | description = "Default Amazon Machine Image Type(AMI)"
19 | type = string
20 | default = "ami-05fa00d4c63e32376"
21 | }
22 |
23 | variable "instance_name" {
24 | description = "Default Instance Name"
25 | type = string
26 | default = "ec2_instance_default"
27 | }
28 |
29 | variable "number_of_instances" {
30 | description = "Numbe of Instances"
31 | type = number
32 | default = 3
33 | }
34 |
35 | variable "server_port" {
36 | description = "The port the server will use for HTTP requests"
37 | type = number
38 | default = 80
39 | }
40 |
41 | variable "alb_name" {
42 | description = "The name to use for this ALB"
43 | type = string
44 | default = "elb-alb"
45 | }
46 |
47 | variable "use_user_data" {
48 | description = "Use User Data Status"
49 | type = bool
50 | default = true
51 | }
--------------------------------------------------------------------------------
/05-route53/route53-weighted/main.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 | region = "us-east-1"
3 | }
4 |
5 | module "ec2-instance" {
6 | source = "../../modules/02-ec2/ec2-instance"
7 | instance_type = "t2.micro"
8 | instance_name = "ec2_instance_default"
9 | ami = "ami-05fa00d4c63e32376"
10 | number_of_instances = 2
11 |
12 | use_elastic_ip = true
13 |
14 | }
15 |
16 | module "route53-main" {
17 | source = "../../modules/05-route53/route53-main"
18 |
19 | force_destroy = var.force_destroy
20 |
21 | hosted_zone_name = var.hosted_zone_name
22 |
23 | routing_policy_type = "weighted"
24 |
25 | config_list = [
26 | {
27 | record_name = var.record_name
28 | record_type = "A"
29 | hosted_zone_name = var.hosted_zone_name
30 |
31 | identifier = "weighted-primary"
32 | ttl = 300
33 |
34 | records_list = [module.ec2-instance.ec2-instance-ipv4[0]]
35 |
36 | alias = {
37 | name = var.hosted_zone_name
38 | }
39 | weighted_routing_policy = {
40 | weight = 80
41 | }
42 | },
43 | {
44 | record_name = var.record_name
45 | record_type = "A"
46 | hosted_zone_name = var.hosted_zone_name
47 |
48 | identifier = "weighted-secondary"
49 | ttl = 600
50 |
51 | records_list = [module.ec2-instance.ec2-instance-ipv4[1]]
52 |
53 | weighted_routing_policy = {
54 | weight = 20
55 | }
56 | }
57 | ]
58 | }
--------------------------------------------------------------------------------
/05-route53/route53-geolocation/main.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 | region = "us-east-1"
3 | }
4 |
5 | module "ec2-instance" {
6 | source = "../../modules/02-ec2/ec2-instance"
7 | instance_type = "t2.micro"
8 | instance_name = "ec2_instance_default"
9 | ami = "ami-05fa00d4c63e32376"
10 | number_of_instances = 2
11 |
12 | use_elastic_ip = true
13 |
14 | }
15 |
16 | module "route53-main" {
17 | source = "../../modules/05-route53/route53-main"
18 |
19 | force_destroy = var.force_destroy
20 |
21 | hosted_zone_name = var.hosted_zone_name
22 |
23 | routing_policy_type = "geolocation"
24 |
25 | config_list = [
26 | {
27 | record_name = var.record_name
28 | record_type = "A"
29 | hosted_zone_name = var.hosted_zone_name
30 |
31 | identifier = "geolocation-primary"
32 | ttl = 300
33 |
34 | records_list = [module.ec2-instance.ec2-instance-ipv4[0]]
35 |
36 | alias = {
37 | name = var.hosted_zone_name
38 | }
39 | geolocation_routing_policy = {
40 | continent = "EU"
41 | }
42 | },
43 | {
44 | record_name = var.record_name
45 | record_type = "A"
46 | hosted_zone_name = var.hosted_zone_name
47 |
48 | identifier = "geolocation-secondary"
49 | ttl = 600
50 |
51 | records_list = [module.ec2-instance.ec2-instance-ipv4[1]]
52 |
53 | geolocation_routing_policy = {
54 | continent = "NA"
55 | }
56 | }
57 | ]
58 | }
--------------------------------------------------------------------------------
/modules/05-route53/route53-main/README.md:
--------------------------------------------------------------------------------
1 | ## Requirements
2 |
3 | | Name | Version |
4 | |------|---------|
5 | |terraform| >= 1.0 |
6 | |aws| >= 4.0 |
7 |
8 | ## Providers
9 |
10 | | Name | Version |
11 | |------|---------|
12 | |aws| >= 4.0 |
13 |
14 | ## Modules
15 |
16 | No modules.
17 |
18 | ## Resources
19 |
20 | | Name | Type |
21 | |------|------|
22 | |aws_route53_record.route_record| resource |
23 | |aws_route53_zone.hosted_zone_public| resource |
24 |
25 | ## Inputs
26 |
27 | | Name | Description | Type | Default | Required |
28 | |------|-------------|------|---------|:--------:|
29 | |config\_list| List of Configs For Route53 Resource | `any` | n/a | yes |
30 | |force\_destroy| Whether To Destroy All Records (Possibly Managed Outside Of Terraform) In The Zone When Destroying The Zone | `bool` | `false` | no |
31 | |hosted\_zone\_name| This Is The Name of The Hosted Zone | `string` | `"testterrafromhostedzone.com"` | no |
32 | |record\_name| The Name of The Record | `string` | `"test"` | no |
33 | |record\_type| The Record Type. Valid Values Are 'A', 'Aaaa', 'Caa', 'Cname', 'Mx', 'Naptr', 'Ns', 'Ptr', 'Soa', 'Spf', 'Srv' And 'Txt' | `string` | `"A"` | no |
34 | |records\_list| List of Records | `list(string)` | [
""
]
| no |
35 | |routing\_policy\_type| The Type of Routing Policy | `string` | `""` | no |
36 | |ttl| The TTL of The Record | `number` | `300` | no |
37 |
38 | ## Outputs
39 |
40 | | Name | Description |
41 | |------|-------------|
42 | |route-record-name| Route53 Record Name |
43 | |route-record-ttl| Route53 TTL |
44 | |route-records| Route53 Records |
--------------------------------------------------------------------------------
/01-iam/iam-role/outputs.tf:
--------------------------------------------------------------------------------
1 | output "instance_id" {
2 | description = "IP of the EC2 instance"
3 | value = module.iam_role.id
4 | }
5 | output "instance_private_dns" {
6 | description = "IP of the EC2 instance"
7 | value = module.iam_role.private_dns
8 | }
9 | output "instance_public_ip" {
10 | description = "IP of the EC2 instance"
11 | value = module.iam_role.public_ip
12 | }
13 | output "instance_private_ip" {
14 | description = "IP of the EC2 instance"
15 | value = module.iam_role.private_ip
16 | }
17 | output "aws_iam_instance_profile_name" {
18 | description = "aws_iam_instance_profile name"
19 | value = module.iam_role.aws_iam_instance_profile_name
20 | }
21 | output "aws_iam_instance_profile_id" {
22 | description = "aws_iam_instance_profile id"
23 | value = module.iam_role.aws_iam_instance_profile_id
24 | }
25 | output "aws_iam_instance_profile_role" {
26 | description = "aws_iam_instance_profile role"
27 | value = module.iam_role.aws_iam_instance_profile_role
28 | }
29 | output "aws_security_group_id" {
30 | description = "aws_security_group id"
31 | value = module.iam_role.aws_security_group_id
32 | }
33 | output "aws_security_group_name" {
34 | description = "aws_security_group name"
35 | value = module.iam_role.aws_security_group_name
36 | }
37 | output "aws_security_group_ingress" {
38 | description = "aws_security_group ingress"
39 | value = module.iam_role.aws_security_group_ingress
40 | }
41 | output "aws_key_pair" {
42 | description = "aws_key_pair public_key"
43 | value = module.iam_role.aws_key_pair
44 | }
--------------------------------------------------------------------------------
/modules/01-iam/iam-role/main.tf:
--------------------------------------------------------------------------------
1 | resource "aws_iam_role" "ec2_role" {
2 | name = "ec2-role"
3 | assume_role_policy = "${file("ec2-role.json")}"
4 | }
5 | resource "aws_iam_policy" "ec2_policy" {
6 | name = "ec2-policy"
7 | description = "A ec2 policy"
8 | policy = "${file("ec2-policy.json")}"
9 | }
10 | resource "aws_iam_role_policy_attachment" "ec2-attach" {
11 | role = aws_iam_role.ec2_role.name
12 | policy_arn = aws_iam_policy.ec2_policy.arn
13 | }
14 | resource "aws_iam_instance_profile" "ec2_profile" {
15 | name = "ec2-profile"
16 | role = aws_iam_role.ec2_role.name
17 | }
18 | resource "aws_instance" "web" {
19 | ami = var.ami
20 | instance_type = var.instance_type
21 | iam_instance_profile = aws_iam_instance_profile.ec2_profile.name
22 | vpc_security_group_ids = [aws_security_group.main_role.id]
23 | key_name= "aws_key_role"
24 | tags = {
25 | Name = var.instance_name
26 | }
27 | }
28 | // Secure the EC2
29 | resource "aws_security_group" "main_role" {
30 | name = "Main Role Security Group"
31 | description = "Main Role Security Group"
32 | tags = {
33 | Name = "MAIN Role Security Group"
34 | }
35 | }
36 | // SSH can only be accessed from the WWW network (0.0.0.0/0)
37 | resource "aws_security_group_rule" "ssh" {
38 | type = "ingress"
39 | from_port = 22
40 | to_port = 22
41 | protocol = "tcp"
42 | cidr_blocks = ["0.0.0.0/0"]
43 | security_group_id = aws_security_group.main_role.id
44 | }
45 | resource "aws_key_pair" "deployer" {
46 | key_name = "aws_key_role"
47 | public_key = var.public_key
48 | }
--------------------------------------------------------------------------------
/modules/02-ec2/ec2-instance/README.md:
--------------------------------------------------------------------------------
1 | ## Requirements
2 |
3 | | Name | Version |
4 | |------|---------|
5 | |terraform| >= 1.0 |
6 | |aws| >= 4.0 |
7 |
8 | ## Providers
9 |
10 | | Name | Version |
11 | |------|---------|
12 | |aws| >= 4.0 |
13 | |template| n/a |
14 |
15 | ## Modules
16 |
17 | No modules.
18 |
19 | ## Resources
20 |
21 | | Name | Type |
22 | |------|------|
23 | |aws_eip.ec2-eip| resource |
24 | |aws_eip_association.ec2-eip-association| resource |
25 | |aws_instance.ec2-instance| resource |
26 | |aws_security_group.ec2-sg| resource |
27 | |aws_security_group_rule.allow_all_outbound| resource |
28 | |aws_security_group_rule.allow_ssh_inbound| resource |
29 | |template_file.user_data| data source |
30 |
31 | ## Inputs
32 |
33 | | Name | Description | Type | Default | Required |
34 | |------|-------------|------|---------|:--------:|
35 | |ami| Default Amazon Machine Image Type(AMI) | `string` | n/a | yes |
36 | |instance\_name| Default Instance Name | `string` | n/a | yes |
37 | |instance\_type| Default Instance Type | `string` | n/a | yes |
38 | |number\_of\_instances| Numbe of Instances | `number` | `1` | no |
39 | |use\_elastic\_ip| Default Usage of Elastic IP | `bool` | `false` | no |
40 | |use\_user\_data| Use User Data Status | `bool` | `false` | no |
41 |
42 | ## Outputs
43 |
44 | | Name | Description |
45 | |------|-------------|
46 | |ec2-elastic-address| Elastic ip address |
47 | |ec2-instance-dns| Public DNS of Created EC2-Instance |
48 | |ec2-instance-id| ID of Created EC2-Instance |
49 | |ec2-instance-ipv4| IPV4 of Created EC2-Instance |
50 | |ec2-instance-name| Name of Created EC2-Instance |
51 | |ec2-security-group-id| The EC2 Security Group ID |
--------------------------------------------------------------------------------
/modules/25-efs/efs-storage/README.md:
--------------------------------------------------------------------------------
1 | ## Requirements
2 |
3 | | Name | Version |
4 | |------|---------|
5 | |terraform| >= 1.0 |
6 | |aws| >= 4.0 |
7 |
8 | ## Providers
9 |
10 | | Name | Version |
11 | |------|---------|
12 | |aws| >= 4.0 |
13 |
14 | ## Modules
15 |
16 | No modules.
17 |
18 | ## Resources
19 |
20 | | Name | Type |
21 | |------|------|
22 | |aws_efs_file_system.efs_fs| resource |
23 |
24 | ## Inputs
25 |
26 | | Name | Description | Type | Default | Required |
27 | |------|-------------|------|---------|:--------:|
28 | |availability\_zone\_name| Avalability zone name (used for one zone efs). | `string` | `null` | no |
29 | |encryption| EFS encryption status. | `bool` | n/a | yes |
30 | |infrequent\_access\_transition\_dur| How long it takes to transition files to the IA storage class. | `string` | n/a | yes |
31 | |performance\_mode| The file system performance mode. | `string` | `"generalPurpose"` | no |
32 | |provisioned\_throughput\_in\_mibps\_val| The throughput, measured in MiB/s, that you want to provision for the file system. | `number` | `10` | no |
33 | |tag\_name| EFS tag name. | `string` | n/a | yes |
34 | |throughput\_mode| Throughput mode for the file system. | `string` | `"provisioned"` | no |
35 | |token\_name| A unique name used as reference when creating the Elastic File System to ensure idempotent file system creation. | `string` | n/a | yes |
36 |
37 | ## Outputs
38 |
39 | | Name | Description |
40 | |------|-------------|
41 | |efs\_availability\_zone\_name| Availability zone name |
42 | |efs\_encryption\_status| Encryption status |
43 | |efs\_lifecycle\_policy| Lifecycle policy |
44 | |efs\_performance\_mode| Performance mode |
45 | |efs\_throughput\_mode| Throughput mode |
46 | |efs\_token\_name| Token name |
--------------------------------------------------------------------------------
/modules/02-ec2/ec2-fundamentals/outputs.tf:
--------------------------------------------------------------------------------
1 | output "id" {
2 | description = "The ID of the instance"
3 | value = { for k, v in aws_instance.web : k => v.id }
4 | }
5 | output "private_dns" {
6 | description = "The private DNS name assigned to the instance. Can only be used inside the Amazon EC2, and only available if you've enabled DNS hostnames for your VPC"
7 | value = { for k, v in aws_instance.web : k => v.private_dns }
8 | }
9 | output "public_dns" {
10 | description = "The public DNS name assigned to the instance. For EC2-VPC, this is only available if you've enabled DNS hostnames for your VPC"
11 | value = { for k, v in aws_instance.web : k => v.public_dns }
12 | }
13 | output "public_ip" {
14 | description = "The public IP address assigned to the instance, if applicable. NOTE: If you are using an aws_eip with your instance, you should refer to the EIP's address directly and not use `public_ip` as this field will change after the EIP is attached"
15 | value = { for k, v in aws_instance.web : k => v.public_ip }
16 | }
17 | output "private_ip" {
18 | description = "The private IP address assigned to the instance."
19 | value = { for k, v in aws_instance.web : k => v.private_ip }
20 | }
21 | output "aws_security_group_name" {
22 | description = "aws_security_group name"
23 | value = aws_security_group.main.name
24 | }
25 | output "aws_security_group_ingress" {
26 | description = "aws_security_group ingress"
27 | value = aws_security_group.main.ingress
28 | }
29 | output "aws_security_group_id" {
30 | description = "aws_security_group id"
31 | value = aws_security_group.main.id
32 | }
33 | output "aws_key_pair" {
34 | description = "aws_key_pair public_key"
35 | value = aws_key_pair.deployer
36 | }
--------------------------------------------------------------------------------
/02-ec2/02-ec2-fundamentals/outputs.tf:
--------------------------------------------------------------------------------
1 | output "id" {
2 | description = "The ID of the instance"
3 | value = module.iam_ec2_fundamentals.id
4 | }
5 | output "private_dns" {
6 | description = "The private DNS name assigned to the instance. Can only be used inside the Amazon EC2, and only available if you've enabled DNS hostnames for your VPC"
7 | value = module.iam_ec2_fundamentals.private_dns
8 | }
9 | output "public_dns" {
10 | description = "The public DNS name assigned to the instance. For EC2-VPC, this is only available if you've enabled DNS hostnames for your VPC"
11 | value = module.iam_ec2_fundamentals.public_dns
12 | }
13 | output "public_ip" {
14 | description = "The public IP address assigned to the instance, if applicable. NOTE: If you are using an aws_eip with your instance, you should refer to the EIP's address directly and not use `public_ip` as this field will change after the EIP is attached"
15 | value = module.iam_ec2_fundamentals.public_ip
16 | }
17 | output "private_ip" {
18 | description = "The private IP address assigned to the instance."
19 | value = module.iam_ec2_fundamentals.private_ip
20 | }
21 | output "aws_security_group_id" {
22 | description = "aws_security_group id"
23 | value = module.iam_ec2_fundamentals.aws_security_group_id
24 | }
25 | output "aws_security_group_name" {
26 | description = "aws_security_group name"
27 | value = module.iam_ec2_fundamentals.aws_security_group_name
28 | }
29 | output "aws_security_group_ingress" {
30 | description = "aws_security_group ingress"
31 | value = module.iam_ec2_fundamentals.aws_security_group_ingress
32 | }
33 | output "aws_key_pair" {
34 | description = "aws_key_pair public_key"
35 | value = module.iam_ec2_fundamentals.aws_key_pair
36 | }
--------------------------------------------------------------------------------
/05-route53/route53-failover/main.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 | region = "us-east-1"
3 | }
4 |
5 | module "ec2-instance" {
6 | source = "../../modules/02-ec2/ec2-instance"
7 | instance_type = "t2.micro"
8 | instance_name = "ec2_instance_default"
9 | ami = "ami-05fa00d4c63e32376"
10 | number_of_instances = 2
11 |
12 | use_elastic_ip = true
13 |
14 | }
15 |
16 | module "route53-main" {
17 | source = "../../modules/05-route53/route53-main"
18 |
19 | force_destroy = var.force_destroy
20 |
21 | hosted_zone_name = var.hosted_zone_name
22 |
23 | routing_policy_type = "failover"
24 |
25 | config_list = [
26 | {
27 | record_name = var.record_name
28 | record_type = "A"
29 | hosted_zone_name = var.hosted_zone_name
30 |
31 | identifier = "failover-primary"
32 | ttl = 300
33 |
34 | records_list = [module.ec2-instance.ec2-instance-ipv4[0]]
35 | health_check_id = aws_route53_health_check.failover.id
36 |
37 | alias = {
38 | name = var.hosted_zone_name
39 | }
40 | failover_routing_policy = {
41 | type = "PRIMARY"
42 | }
43 | },
44 | {
45 | record_name = var.record_name
46 | record_type = "A"
47 | hosted_zone_name = var.hosted_zone_name
48 |
49 | identifier = "failover-secondary"
50 | ttl = 600
51 |
52 | records_list = [module.ec2-instance.ec2-instance-ipv4[1]]
53 |
54 | failover_routing_policy = {
55 | type = "SECONDARY"
56 | }
57 | }
58 | ]
59 | }
60 |
61 | resource "aws_route53_health_check" "failover" {
62 | port = 80
63 | type = "HTTP"
64 | resource_path = "/"
65 | failure_threshold = 3
66 | request_interval = 30
67 | ip_address = module.ec2-instance.ec2-instance-ipv4[0]
68 | }
--------------------------------------------------------------------------------
/modules/01-iam/iam-user/README.md:
--------------------------------------------------------------------------------
1 | # IAM Module
2 | This Module introduces 2 main components:
3 | - IAM Users
4 | - IAM Groups
5 |
6 | ### Requirements
7 | |Name|Version|
8 | |----|-------|
9 | |terraform| >=1.0|
10 | |aws|>=4.0|
11 |
12 | ### Providers
13 | |Name|Version|
14 | |----|-------|
15 | |aws|>=4.0|
16 |
17 | ### Modules
18 | None
19 |
20 | ### Resources
21 | |Name|Type|
22 | |----|----|
23 | |aws_iam_access_key.dvhb|resource|
24 | |aws_iam_user.dvhb|resource|
25 | |aws_iam_user_login_profile.dvhb|resource|
26 | |aws_iam_group.dvhb|resource|
27 | |aws_iam_group_membership.dvhb|resource|
28 |
29 | ### Inputs
30 | |Name|Description|Type|Default|Required|
31 | |----|-----------|----|-------|--------|
32 | |create_user|Whether to create the IAM user|bool|true|yes|
33 | |create_iam_user_login_profile|Whether to create IAM user login profile|bool|true|no|
34 | |create_iam_access_key|Whether to create IAM access key|bool|true|no|
35 | |password_reset_required|Whether the user should be forced to reset the generated password on first login|bool|false|no|
36 | |username|Username to create|string|n/a|yes|
37 | |group|Group to create|string|n/a|yes|
38 | |path|Path in which to create the user|string|/|yes|
39 | |pgp_key|Either a base-64 encoded PGP public key, or a keybase username in the form `keybase:username`. Used to encrypt password and access key|string|n/a|no|
40 | |password_length|The length of the generated password|int|20|no|
41 | |tags|A map of tags to add to all resources|string|n/a|no|
42 |
43 |
44 |
45 | ### Outputs
46 | |Name|Description|
47 | |----|-------|
48 | |iam_user_name|Created user|
49 | |iam_password|Randomly generated password|
50 | |iam_user_accesskey|print the Access_Key of user if available|
51 | |iam_user_secret|print the Secret_Key of user if available|
52 | |iam_group_name|the group which the user belongs to|
--------------------------------------------------------------------------------
/modules/01-iam/iam-role/README.md:
--------------------------------------------------------------------------------
1 | # IAM Module
2 | This Module introduces 2 main components:
3 | - IAM Users
4 | - IAM Groups
5 | - IAM Role
6 | ### Requirements
7 | |Name|Version|
8 | |----|-------|
9 | |terraform| >=1.0|
10 | |aws|>=4.0|
11 |
12 | ### Providers
13 | |Name|Version|
14 | |----|-------|
15 | |aws|>=4.0|
16 |
17 | ### Modules
18 | None
19 |
20 | ### Resources
21 | |Name|Type|
22 | |----|----|
23 | |aws_iam_access_key.dvhb|resource|
24 | |aws_iam_user.dvhb|resource|
25 | |aws_iam_user_login_profile.dvhb|resource|
26 | |aws_iam_group.dvhb|resource|
27 | |aws_iam_group_membership.dvhb|resource|
28 |
29 | ### Inputs
30 | |Name|Description|Type|Default|Required|
31 | |----|-----------|----|-------|--------|
32 | |create_user|Whether to create the IAM user|bool|true|yes|
33 | |create_iam_user_login_profile|Whether to create IAM user login profile|bool|true|no|
34 | |create_iam_access_key|Whether to create IAM access key|bool|true|no|
35 | |password_reset_required|Whether the user should be forced to reset the generated password on first login|bool|false|no|
36 | |username|Username to create|string|n/a|yes|
37 | |group|Group to create|string|n/a|yes|
38 | |path|Path in which to create the user|string|/|yes|
39 | |pgp_key|Either a base-64 encoded PGP public key, or a keybase username in the form `keybase:username`. Used to encrypt password and access key|string|n/a|no|
40 | |password_length|The length of the generated password|int|20|no|
41 | |tags|A map of tags to add to all resources|string|n/a|no|
42 |
43 |
44 |
45 | ### Outputs
46 | |Name|Description|
47 | |----|-------|
48 | |iam_user_name|Created user|
49 | |iam_password|Randomly generated password|
50 | |iam_user_accesskey|print the Access_Key of user if available|
51 | |iam_user_secret|print the Secret_Key of user if available|
52 | |iam_group_name|the group which the user belongs to|
53 |
--------------------------------------------------------------------------------
/modules/01-iam/iam-user/variables.tf:
--------------------------------------------------------------------------------
1 | ### IF VARS ###
2 | variable "create_user" {
3 | description = "Whether to create the IAM user"
4 | type = bool
5 | default = true
6 | }
7 | variable "create_iam_user_login_profile" {
8 | description = "Whether to create IAM user login profile"
9 | type = bool
10 | default = true
11 | }
12 |
13 | variable "create_iam_access_key" {
14 | description = "Whether to create IAM access key"
15 | type = bool
16 | default = true
17 | }
18 |
19 | variable "password_reset_required" {
20 | description = "Whether the user should be forced to reset the generated password on first login."
21 | type = bool
22 | default = false
23 | }
24 | ######
25 |
26 | variable "username" {
27 | type = string
28 | default = "dvh_user01"
29 | description = "Username to create"
30 | }
31 |
32 | variable "group" {
33 | type = string
34 | default = "dvhb_group01"
35 | description = "Group to create"
36 | }
37 |
38 | variable "owner" {
39 | type = string
40 | default = "Morteza.Rahimi"
41 | description = "The Owner of the user"
42 | }
43 |
44 | variable "path" {
45 | type = string
46 | default = "/"
47 | description = "Path in which to create the user"
48 | }
49 |
50 | variable "pgp_key" {
51 | description = "Either a base-64 encoded PGP public key, or a keybase username in the form `keybase:username`. Used to encrypt password and access key."
52 | type = string
53 | default = ""
54 | }
55 |
56 | variable "password_length" {
57 | description = "The length of the generated password"
58 | type = number
59 | default = 20
60 | }
61 |
62 | variable "tags" {
63 | description = "A map of tags to add to all resources."
64 | type = map(string)
65 | default = {
66 | created_by = "Terraform"
67 | }
68 | }
69 |
--------------------------------------------------------------------------------
/modules/02-ec2/ec2-instance/main.tf:
--------------------------------------------------------------------------------
1 | resource "aws_instance" "ec2-instance" {
2 | ami = var.ami
3 | instance_type = var.instance_type
4 |
5 | count = var.number_of_instances
6 | user_data = var.use_user_data ? data.template_file.user_data.rendered : null
7 |
8 | vpc_security_group_ids = [
9 | aws_security_group.ec2-sg.id
10 | ]
11 |
12 |
13 | root_block_device {
14 | delete_on_termination = true
15 | }
16 |
17 | tags = {
18 | Name = var.instance_name
19 | }
20 |
21 | }
22 |
23 | data "template_file" "user_data" {
24 | template = file("${path.module}/ec2-user-data.sh")
25 | }
26 |
27 | resource "aws_eip" "ec2-eip" {
28 | count = var.use_elastic_ip ? var.number_of_instances : 0
29 | vpc = true
30 | }
31 |
32 | resource "aws_eip_association" "ec2-eip-association" {
33 | count = var.use_elastic_ip ? var.number_of_instances : 0
34 |
35 | instance_id = aws_instance.ec2-instance[count.index].id
36 | allocation_id = aws_eip.ec2-eip[count.index].id
37 | }
38 |
39 | resource "aws_security_group" "ec2-sg" {
40 | name = "${var.instance_name}-sg"
41 | }
42 |
43 | resource "aws_security_group_rule" "allow_ssh_inbound" {
44 | type = "ingress"
45 | security_group_id = aws_security_group.ec2-sg.id
46 |
47 | from_port = local.http_port
48 | to_port = local.http_port
49 | protocol = local.tcp_protocol
50 | cidr_blocks = local.all_ips
51 | }
52 |
53 | resource "aws_security_group_rule" "allow_all_outbound" {
54 | type = "egress"
55 | security_group_id = aws_security_group.ec2-sg.id
56 |
57 | from_port = local.any_port
58 | to_port = local.any_port
59 | protocol = local.any_protocol
60 | cidr_blocks = local.all_ips
61 | }
62 |
63 |
64 | locals {
65 | http_port = 80
66 | any_port = 0
67 | any_protocol = "-1"
68 | tcp_protocol = "tcp"
69 | all_ips = ["0.0.0.0/0"]
70 | }
--------------------------------------------------------------------------------
/17-lb/lb-alb/main.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 | region = var.region
3 | }
4 |
5 | module "alb" {
6 | source = "../../modules/17-lb/lb-alb"
7 |
8 | alb_name = var.alb_name
9 | subnet_ids = data.aws_subnet_ids.default.ids
10 | security_group_id = module.ec2-instance.ec2-security-group-id
11 |
12 | }
13 |
14 | module "ec2-instance" {
15 | source = "../../modules/02-ec2/ec2-instance"
16 | instance_type = var.instance_type
17 | instance_name = var.instance_name
18 | ami = var.ami
19 | number_of_instances = var.number_of_instances
20 | use_user_data = var.use_user_data
21 |
22 | use_elastic_ip = true
23 |
24 | }
25 |
26 | resource "aws_lb_target_group" "lb_tg_ec2" {
27 | name = "lb-tg-ec2-example"
28 | port = var.server_port
29 | protocol = "HTTP"
30 | vpc_id = data.aws_vpc.default.id
31 |
32 | health_check {
33 | path = "/"
34 | protocol = "HTTP"
35 | matcher = "200"
36 | interval = 15
37 | timeout = 3
38 | healthy_threshold = 2
39 | unhealthy_threshold = 2
40 | }
41 | }
42 |
43 | resource "aws_lb_listener_rule" "asg" {
44 | listener_arn = module.alb.alb_http_listener_arn
45 | priority = 100
46 |
47 | condition {
48 | path_pattern {
49 | values = ["*"]
50 | }
51 | }
52 |
53 | action {
54 | type = "forward"
55 | target_group_arn = aws_lb_target_group.lb_tg_ec2.arn
56 | }
57 | }
58 |
59 | resource "aws_alb_target_group_attachment" "alb_tg_att" {
60 | count = length(module.ec2-instance.ec2-instance-id)
61 | target_group_arn = aws_lb_target_group.lb_tg_ec2.arn
62 | target_id = element(module.ec2-instance.ec2-instance-id, count.index)
63 | }
64 |
65 | data "aws_vpc" "default" {
66 | default = true
67 | }
68 |
69 | data "aws_subnet_ids" "default" {
70 | vpc_id = data.aws_vpc.default.id
71 | }
--------------------------------------------------------------------------------
/modules/25-efs/efs-storage/variables.tf:
--------------------------------------------------------------------------------
1 | # ---------------------------------------------------------------------------------------------------------------------
2 | # OPTIONAL PARAMETERS
3 | # These parameters have reasonable defaults.
4 | # ---------------------------------------------------------------------------------------------------------------------
5 |
6 | variable "availability_zone_name" {
7 | description = "Avalability zone name (used for one zone efs)."
8 | type = string
9 | default = null
10 | }
11 |
12 | variable "performance_mode" {
13 | description = "The file system performance mode."
14 | type = string
15 | default = "generalPurpose"
16 | }
17 |
18 | variable "throughput_mode" {
19 | description = "Throughput mode for the file system."
20 | type = string
21 | default = "provisioned"
22 | }
23 |
24 | variable "provisioned_throughput_in_mibps_val" {
25 | description = "The throughput, measured in MiB/s, that you want to provision for the file system."
26 | type = number
27 | default = 10
28 | }
29 |
30 | # ---------------------------------------------------------------------------------------------------------------------
31 | # REQUIRED PARAMETERS
32 | # You must provide a value for each of these parameters.
33 | # ---------------------------------------------------------------------------------------------------------------------
34 |
35 | variable "token_name" {
36 | description = "A unique name used as reference when creating the Elastic File System to ensure idempotent file system creation."
37 | type = string
38 | }
39 |
40 | variable "encryption" {
41 | description = "EFS encryption status."
42 | type = bool
43 | }
44 |
45 | variable "infrequent_access_transition_dur" {
46 | description = "How long it takes to transition files to the IA storage class."
47 | type = string
48 | }
49 |
50 | variable "tag_name" {
51 | description = "EFS tag name."
52 | type = string
53 | }
--------------------------------------------------------------------------------
/modules/05-route53/route53-main/variables.tf:
--------------------------------------------------------------------------------
1 | # ---------------------------------------------------------------------------------------------------------------------
2 | # REQUIRED PARAMETERS
3 | # You must provide a value for each of these parameters.
4 | # ---------------------------------------------------------------------------------------------------------------------
5 |
6 | variable "config_list" {
7 | description = "List of Configs For Route53 Resource"
8 | type = any
9 | }
10 |
11 | # ---------------------------------------------------------------------------------------------------------------------
12 | # OPTIONAL PARAMETERS
13 | # These parameters have reasonable defaults.
14 | # ---------------------------------------------------------------------------------------------------------------------
15 |
16 | variable "hosted_zone_name" {
17 | description = "This Is The Name of The Hosted Zone"
18 | type = string
19 | default = "testterrafromhostedzone.com"
20 | }
21 |
22 | variable "force_destroy" {
23 | description = "Whether To Destroy All Records (Possibly Managed Outside Of Terraform) In The Zone When Destroying The Zone"
24 | type = bool
25 | default = false
26 | }
27 |
28 | variable "record_name" {
29 | description = "The Name of The Record"
30 | type = string
31 | default = "test"
32 | }
33 |
34 | variable "record_type" {
35 | description = "The Record Type. Valid Values Are 'A', 'Aaaa', 'Caa', 'Cname', 'Mx', 'Naptr', 'Ns', 'Ptr', 'Soa', 'Spf', 'Srv' And 'Txt'"
36 | type = string
37 | default = "A"
38 | }
39 |
40 | variable "records_list" {
41 | description = "List of Records"
42 | type = list(string)
43 | default = [""]
44 | }
45 |
46 | variable "ttl" {
47 | description = "The TTL of The Record"
48 | type = number
49 | default = 300
50 | }
51 |
52 | variable "routing_policy_type" {
53 | description = "The Type of Routing Policy"
54 | type = string
55 | default = ""
56 | }
--------------------------------------------------------------------------------
/modules/01-iam/iam-role/outputs.tf:
--------------------------------------------------------------------------------
1 | output "id" {
2 | description = "The ID of the instance"
3 | value = aws_instance.web.id
4 | }
5 | output "private_dns" {
6 | description = "The private DNS name assigned to the instance. Can only be used inside the Amazon EC2, and only available if you've enabled DNS hostnames for your VPC"
7 | value = aws_instance.web.private_dns
8 | }
9 | output "public_dns" {
10 | description = "The public DNS name assigned to the instance. For EC2-VPC, this is only available if you've enabled DNS hostnames for your VPC"
11 | value = aws_instance.web.public_dns
12 | }
13 | output "public_ip" {
14 | description = "The public IP address assigned to the instance, if applicable. NOTE: If you are using an aws_eip with your instance, you should refer to the EIP's address directly and not use `public_ip` as this field will change after the EIP is attached"
15 | value = aws_instance.web.public_ip
16 | }
17 | output "private_ip" {
18 | description = "The private IP address assigned to the instance."
19 | value = aws_instance.web.private_ip
20 | }
21 | output "aws_iam_instance_profile_name" {
22 | description = "aws_iam_instance_profile name"
23 | value = aws_iam_instance_profile.ec2_profile.name
24 | }
25 | output "aws_iam_instance_profile_id" {
26 | description = "aws_iam_instance_profile id"
27 | value = aws_iam_instance_profile.ec2_profile.id
28 | }
29 | output "aws_iam_instance_profile_role" {
30 | description = "aws_iam_instance_profile role"
31 | value = aws_iam_instance_profile.ec2_profile.role
32 | }
33 | output "aws_security_group_id" {
34 | description = "aws_security_group id"
35 | value = aws_security_group.main_role.id
36 | }
37 | output "aws_security_group_name" {
38 | description = "aws_security_group name"
39 | value = aws_security_group.main_role.name
40 | }
41 | output "aws_security_group_ingress" {
42 | description = "aws_security_group ingress"
43 | value = aws_security_group.main_role.ingress
44 | }
45 | output "aws_key_pair" {
46 | description = "aws_key_pair public_key"
47 | value = aws_key_pair.deployer
48 | }
49 |
--------------------------------------------------------------------------------
/modules/03-rds/rds-main/main.tf:
--------------------------------------------------------------------------------
1 | locals {
2 | username = var.replicate_source_db != null ? null : var.username
3 | password = var.replicate_source_db != null ? null : var.password
4 | engine = var.replicate_source_db != null ? null : var.engine
5 | engine_version = var.replicate_source_db != null ? null : var.engine_version
6 | }
7 |
8 | resource "aws_db_parameter_group" "db_param" {
9 | count = var.create_db_param ? 1 : 0
10 | name = "rds-terraform-group"
11 | family = var.family
12 |
13 | dynamic "parameter" {
14 | for_each = var.parameters
15 | content {
16 | name = parameter.value.name
17 | value = parameter.value.value
18 | apply_method = var.apply_method
19 | }
20 | }
21 |
22 | lifecycle {
23 | create_before_destroy = true
24 | }
25 | }
26 |
27 |
28 | resource "aws_db_instance" "db_instance" {
29 | identifier = var.identifier
30 | instance_class = var.instance_class
31 |
32 | allocated_storage = var.allocated_storage
33 | max_allocated_storage = var.max_allocated_storage
34 |
35 | engine = local.engine
36 | engine_version = local.engine_version
37 |
38 | username = local.username
39 | password = local.password
40 |
41 | publicly_accessible = var.publicly_accessible
42 | skip_final_snapshot = var.skip_final_snapshot
43 |
44 | allow_major_version_upgrade = var.allow_major_version_upgrade
45 | auto_minor_version_upgrade = var.auto_minor_version_upgrade
46 |
47 | parameter_group_name = try(aws_db_parameter_group.db_param[0].name, "")
48 |
49 | availability_zone = var.multi_az ? null : var.availability_zone
50 |
51 | backup_retention_period = var.backup_retention_period
52 |
53 | deletion_protection = var.deletion_protection
54 |
55 | multi_az = var.multi_az
56 |
57 | storage_encrypted = var.storage_encrypted
58 |
59 | apply_immediately = var.apply_immediately
60 |
61 | replicate_source_db = var.replicate_source_db
62 |
63 | blue_green_update {
64 |
65 | enabled = var.blue_green_update
66 |
67 | }
68 | }
--------------------------------------------------------------------------------
/03-rds/rds-main/variables.tf:
--------------------------------------------------------------------------------
1 | # ---------------------------------------------------------------------------------------------------------------------
2 | # OPTIONAL PARAMETERS
3 | # These parameters have reasonable defaults.
4 | # ---------------------------------------------------------------------------------------------------------------------
5 |
6 | variable "region" {
7 | type = string
8 | default = "us-east-1"
9 | }
10 |
11 | variable "allocated_storage" {
12 | description = "Allocated Storage For DB Instance In GB"
13 | type = number
14 | default = 5
15 | }
16 |
17 | variable "max_allocated_storage" {
18 | description = "When Configured, The Upper Limit To Which Amazon RDS Can Automatically Scale The Storage of The DB Instance"
19 | type = number
20 | default = 10
21 | }
22 |
23 | variable "backup_retention_period" {
24 | description = "The Days To Retain Backups For. Must Be Between 0 And 35"
25 | type = number
26 | default = 1
27 | }
28 |
29 | variable "skip_final_snapshot" {
30 | description = <= 1.0 |
6 | |aws| >= 4.0 |
7 |
8 | ## Providers
9 |
10 | | Name | Version |
11 | |------|---------|
12 | |aws| >= 4.0 |
13 |
14 | ## Modules
15 |
16 | No modules.
17 |
18 | ## Resources
19 |
20 | | Name | Type |
21 | |------|------|
22 | |aws_s3_bucket.s3-bucket| resource |
23 | |aws_s3_bucket_accelerate_configuration.s3-bucket-accelerate-config| resource |
24 | |aws_s3_bucket_acl.s3-bukcet-acl| resource |
25 | |aws_s3_bucket_lifecycle_configuration.s3-bucket-lifecycle| resource |
26 | |aws_s3_bucket_logging.s3-bucket-log| resource |
27 | |aws_s3_bucket_object_lock_configuration.s3-bucket-object-lock| resource |
28 | |aws_s3_bucket_request_payment_configuration.s3-bucket-payment| resource |
29 | |aws_s3_bucket_server_side_encryption_configuration.s3-bucket-sse-kms| resource |
30 | |aws_s3_bucket_versioning.s3-bucket-versioning| resource |
31 |
32 | ## Inputs
33 |
34 | | Name | Description | Type | Default | Required |
35 | |------|-------------|------|---------|:--------:|
36 | |acceleration\_status| (Optional) Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended. | `string` | `null` | no |
37 | |acl| (Optional) The canned ACL to apply. Conflicts with `grant` | `string` | `null` | no |
38 | |bucket| (Optional, Forces New Resource) The Name Of The Bucket. If Omitted, Terraform Will Assign A Random, Unique Name | `string` | `"my-bucket"` | no |
39 | |bucket\_prefix| (Optional, Forces New Resource) Creates A Unique Bucket Name Beginning With The Specified Prefix. Conflicts With Bucket | `string` | `null` | no |
40 | |create\_bucket| Controls If S3 Bucket Should Be Created | `bool` | `true` | no |
41 | |expected\_bucket\_owner| The account ID of the expected bucket owner | `string` | `null` | no |
42 | |force\_destroy| (Optional, Default:False ) A Boolean That Indicates All Objects Should Be Deleted From The Bucket So That The Bucket Can Be Destroyed Without Error. These Objects Are Not Recoverable | `bool` | `false` | no |
43 | | lifecycle\_rule| List of maps containing configuration of object lifecycle management. | `any` | `[]` | no |
44 | |logging| Map containing access bucket logging configuration. | `map(string)` | `{}` | no |
45 | | object\_lock\_configuration| Map containing S3 object locking configuration. | `any` | `{}` | no |
46 | |object\_lock\_enabled| Whether S3 Bucket Should Have An Object Lock Configuration Enabled | `bool` | `false` | no |
47 | |request\_payer| (Optional) Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information. | `string` | `null` | no |
48 | | server\_side\_encryption\_configuration| Map containing server-side encryption configuration. | `any` | `{}` | no |
49 | |versioning| Map containing versioning configuration. | `map(string)` | `{}` | no |
50 |
51 | ## Outputs
52 |
53 | | Name | Description |
54 | |------|-------------|
55 | |s3\_bucket\_arn| The ARN of the bucket. Will be of format arn:aws:s3:::bucketname. |
56 | |s3\_bucket\_bucket\_domain\_name| The bucket domain name. Will be of format bucketname.s3.amazonaws.com. |
57 | |s3\_bucket\_hosted\_zone\_id| The Route 53 Hosted Zone ID for this bucket's region. |
58 | |s3\_bucket\_id| The name of the bucket. |
59 | |s3\_bucket\_region| The AWS region this bucket resides in. |
--------------------------------------------------------------------------------
/modules/03-rds/rds-main/README.md:
--------------------------------------------------------------------------------
1 | ## Requirements
2 |
3 | | Name | Version |
4 | |------|---------|
5 | |terraform| >= 1.0 |
6 | |aws| >= 4.0 |
7 |
8 | ## Providers
9 |
10 | | Name | Version |
11 | |------|---------|
12 | |aws| >= 4.0 |
13 |
14 | ## Modules
15 |
16 | No modules.
17 |
18 | ## Resources
19 |
20 | | Name | Type |
21 | |------|------|
22 | |aws_db_instance.db_instance| resource |
23 | |aws_db_parameter_group.db_param| resource |
24 |
25 | ## Inputs
26 |
27 | | Name | Description | Type | Default | Required |
28 | |------|-------------|------|---------|:--------:|
29 | |allocated\_storage| Allocated Storage For DB Instance In GB | `number` | `5` | no |
30 | |allow\_major\_version\_upgrade| Indicates That Major Version Upgrades Are Allowed | `bool` | `false` | no |
31 | |apply\_immediately| Specifies Whether Any Database Modifications Are Applied Immediately, Or During The Next Maintenance Window | `string` | `"8.0.30"` | no |
32 | |apply\_method| (Optional) 'immediate' (Default), Or 'pending-reboot'. Some Engines Can'T Apply Some Parameters Without A Reboot, And You Will Need To Specify 'pending-reboot' Here | `string` | `"immediate"` | no |
33 | |auto\_minor\_version\_upgrade| Indicates That Minor Engine Upgrades Will Be Applied Automatically To The DB Instance During The Maintenance Window | `bool` | `true` | no |
34 | |availability\_zone| RDS Availability Zone | `string` | `null` | no |
35 | |backup\_retention\_period| The Days To Retain Backups For. Must Be Between 0 And 35 | `number` | `0` | no |
36 | |blue\_green\_update| Enables Low-Downtime Updates Using RDS's Blue/Green Deployments | `bool` | `false` | no |
37 | |create\_db\_param| Specifies Whether DB Parameter Group Is Created | `bool` | `false` | no |
38 | |deletion\_protection| If The DB Instance Should Have Deletion Protection Enabled | `bool` | `false` | no |
39 | |engine| The Database Engine To Use | `string` | `"mysql"` | no |
40 | |engine\_version| The Engine Version To Use | `string` | `"8.0.30"` | no |
41 | |family| The Family Of The DB Parameter Group | `string` | `"mysql8.0"` | no |
42 | |identifier| The Name of The RDS Instance | `string` | n/a | yes |
43 | |instance\_class| The Instance Type of The RDS Instance | `string` | n/a | yes |
44 | |max\_allocated\_storage| When Configured, The Upper Limit To Which Amazon RDS Can Automatically Scale The Storage of The DB Instance | `number` | `10` | no |
45 | |multi\_az| Specifies If The RDS Instance Is Multi-Az | `bool` | `false` | no |
46 | |parameters| Parameter Group | `list(map(string))` | `[]` | no |
47 | |password| Password For The Master DB User | `string` | `null` | no |
48 | |publicly\_accessible| Bool To Control If Instance Is Publicly Accessible | `bool` | `false` | no |
49 | |replicate\_source\_db| Specifies That This Resource Is A Replicate Database, And To Use This Value As The Source Database | `string` | `null` | no |
50 | | skip\_final\_snapshot| Determines Whether A Final Db Snapshot Is Created Before The Db Instance Is Deleted.
If True Is Specified, No Dbsnapshot Is Created.
If False Is Specified, A Db Snapshot Is Created Before The Db Instance Is Deleted | `bool` | `false` | no |
51 | |storage\_encrypted| Specifies Whether The DB Instance Is Encrypted | `bool` | `false` | no |
52 | |username| Username For The Master DB User | `string` | `null` | no |
53 |
54 | ## Outputs
55 |
56 | | Name | Description |
57 | |------|-------------|
58 | |rds-vol-address| RDS Volume Address |
59 | |rds-vol-engine| RDS Volume Engine |
60 | |rds-vol-engine-version| RDS Volume Engine Version |
61 | |rds-vol-id| RDS Volume ID |
62 | |rds-vol-name| RDS Volume Name |
63 | |rds-vol-replica-mode| RDS Volume Replica Mode |
64 | |rds-vol-replica-source-db| RDS Volume Source DB |
65 | |rds-vol-replicas| RDS Volume Replicas |
--------------------------------------------------------------------------------
/04-s3bucket/s3bucket-bucket/main.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 | region = var.region
3 | }
4 |
5 | data "aws_caller_identity" "current" {}
6 |
7 | resource "aws_kms_key" "objects" {
8 | description = "KMS Key For Encrypting Bucket Objects"
9 | deletion_window_in_days = 10
10 | }
11 |
12 | module "log_bucket" {
13 | source = "../../modules/04-s3bucket/s3bucket-bucket"
14 |
15 | bucket = "logs-bucket-s3-terraform-test"
16 | acl = "log-delivery-write"
17 | force_destroy = true
18 | }
19 |
20 | module "s3_bucket" {
21 | source = "../../modules/04-s3bucket/s3bucket-bucket"
22 |
23 | bucket = var.bucket_name
24 |
25 | force_destroy = true
26 | acceleration_status = "Suspended" # Enabled or Suspended
27 | request_payer = "BucketOwner"
28 |
29 |
30 | object_lock_enabled = true
31 | object_lock_configuration = {
32 | rule = {
33 | default_retention = {
34 | mode = "GOVERNANCE"
35 | days = 1
36 | }
37 | }
38 | }
39 |
40 | expected_bucket_owner = data.aws_caller_identity.current.account_id
41 |
42 | acl = "private" # "acl" conflicts with "grant" and "owner" (access_control_policy block)
43 |
44 | logging = {
45 | target_bucket = module.log_bucket.s3_bucket_id # Creating a separate bucket for logging is mandetory.
46 | target_prefix = "log/"
47 | }
48 |
49 | versioning = {
50 | status = true
51 | mfa_delete = false
52 | }
53 |
54 | server_side_encryption_configuration = {
55 | rule = {
56 | apply_server_side_encryption_by_default = {
57 | kms_master_key_id = aws_kms_key.objects.arn
58 | sse_algorithm = "aws:kms"
59 | }
60 | }
61 | }
62 |
63 | lifecycle_rule = [
64 | {
65 | id = "test-1"
66 | enabled = true
67 |
68 | filter = {
69 | tags = {
70 | key1 = "value1"
71 | key2 = "value2"
72 | }
73 | }
74 |
75 | transition = [
76 | {
77 | days = 30
78 | storage_class = "ONEZONE_IA"
79 | }, {
80 | days = 60
81 | storage_class = "GLACIER"
82 | }, {
83 | days = 150
84 | storage_class = "DEEP_ARCHIVE"
85 | }
86 |
87 |
88 | ]
89 |
90 | expiration = {
91 | days = 180
92 | expired_object_delete_marker = true
93 | }
94 |
95 | noncurrent_version_expiration = {
96 | newer_noncurrent_versions = 5
97 | days = 30
98 | }
99 | },
100 | {
101 | id = "test-2"
102 | enabled = true
103 | abort_incomplete_multipart_upload_days = 7
104 |
105 | noncurrent_version_transition = [
106 | {
107 | days = 30
108 | storage_class = "STANDARD_IA"
109 | },
110 | {
111 | days = 60
112 | storage_class = "ONEZONE_IA"
113 | },
114 | {
115 | days = 90
116 | storage_class = "GLACIER"
117 | }, {
118 | days = 180
119 | storage_class = "DEEP_ARCHIVE"
120 | }
121 | ]
122 |
123 | noncurrent_version_expiration = {
124 | days = 300
125 | }
126 | },
127 | {
128 | id = "test-3"
129 | enabled = true
130 |
131 | filter = {
132 | prefix = "log/"
133 | object_size_greater_than = 200000 # byte
134 | object_size_less_than = 500000 # byte
135 | tags = {
136 | key1 = "value1"
137 | key2 = "value2"
138 | }
139 | }
140 |
141 | noncurrent_version_transition = [
142 | {
143 | days = 30
144 | storage_class = "STANDARD_IA"
145 | },
146 | ]
147 |
148 | noncurrent_version_expiration = {
149 | days = 300
150 | }
151 | },
152 | ]
153 |
154 | }
--------------------------------------------------------------------------------
/modules/03-rds/rds-main/variables.tf:
--------------------------------------------------------------------------------
1 | # ---------------------------------------------------------------------------------------------------------------------
2 | # REQUIRED PARAMETERS
3 | # You must provide a value for each of these parameters.
4 | # ---------------------------------------------------------------------------------------------------------------------
5 |
6 | variable "identifier" {
7 | description = "The Name of The RDS Instance"
8 | type = string
9 |
10 | }
11 |
12 | variable "instance_class" {
13 | description = "The Instance Type of The RDS Instance"
14 | type = string
15 | }
16 |
17 | # ---------------------------------------------------------------------------------------------------------------------
18 | # OPTIONAL PARAMETERS
19 | # These parameters have reasonable defaults.
20 | # ---------------------------------------------------------------------------------------------------------------------
21 |
22 | variable "username" {
23 | description = "Username For The Master DB User"
24 | type = string
25 | default = null
26 | }
27 |
28 | variable "password" {
29 | description = "Password For The Master DB User"
30 | type = string
31 | default = null
32 | sensitive = true
33 | }
34 |
35 | variable "allocated_storage" {
36 | description = "Allocated Storage For DB Instance In GB"
37 | type = number
38 | default = 5
39 | }
40 |
41 | variable "publicly_accessible" {
42 | description = "Bool To Control If Instance Is Publicly Accessible"
43 | type = bool
44 | default = false
45 | }
46 |
47 | variable "max_allocated_storage" {
48 | description = "When Configured, The Upper Limit To Which Amazon RDS Can Automatically Scale The Storage of The DB Instance"
49 | type = number
50 | default = 10
51 | }
52 |
53 | variable "allow_major_version_upgrade" {
54 | description = "Indicates That Major Version Upgrades Are Allowed"
55 | type = bool
56 | default = false
57 | }
58 |
59 | variable "auto_minor_version_upgrade" {
60 | description = "Indicates That Minor Engine Upgrades Will Be Applied Automatically To The DB Instance During The Maintenance Window"
61 | type = bool
62 | default = true
63 | }
64 |
65 | variable "availability_zone" {
66 | description = "RDS Availability Zone"
67 | type = string
68 | default = null
69 | }
70 |
71 | variable "backup_retention_period" {
72 | description = "The Days To Retain Backups For. Must Be Between 0 And 35"
73 | type = number
74 | default = 0
75 | }
76 |
77 | variable "blue_green_update" {
78 | description = "Enables Low-Downtime Updates Using RDS's Blue/Green Deployments"
79 | type = bool
80 | default = false
81 | }
82 |
83 | variable "skip_final_snapshot" {
84 | description = < 0 ? 1 : 0
32 |
33 | bucket = aws_s3_bucket.s3-bucket[0].id
34 |
35 | target_bucket = var.logging["target_bucket"]
36 | target_prefix = try(var.logging["target_prefix"], null)
37 | }
38 |
39 | resource "aws_s3_bucket_acl" "s3-bukcet-acl" {
40 | count = var.create_bucket && (var.acl != null && var.acl != "null") ? 1 : 0
41 |
42 | bucket = aws_s3_bucket.s3-bucket[0].id
43 | expected_bucket_owner = var.expected_bucket_owner
44 |
45 | acl = var.acl == "null" ? null : var.acl
46 |
47 | }
48 |
49 | resource "aws_s3_bucket_versioning" "s3-bucket-versioning" {
50 | count = var.create_bucket && length(keys(var.versioning)) > 0 ? 1 : 0
51 |
52 | bucket = aws_s3_bucket.s3-bucket[0].id
53 | expected_bucket_owner = var.expected_bucket_owner
54 | mfa = try(var.versioning["mfa"], null)
55 |
56 | versioning_configuration {
57 | # Valid values: "Enabled" or "Suspended"
58 | status = try(tobool(var.versioning["status"]) ? "Enabled" : "Suspended", title(lower(var.versioning["status"])), null)
59 |
60 | # Valid values: "Enabled" or "Disabled"
61 | mfa_delete = try(tobool(var.versioning["mfa_delete"]) ? "Enabled" : "Disabled", title(lower(var.versioning["mfa_delete"])), null)
62 | }
63 | }
64 |
65 | resource "aws_s3_bucket_server_side_encryption_configuration" "s3-bucket-sse-kms" {
66 | count = var.create_bucket && length(keys(var.server_side_encryption_configuration)) > 0 ? 1 : 0
67 |
68 | bucket = aws_s3_bucket.s3-bucket[0].id
69 | expected_bucket_owner = var.expected_bucket_owner
70 |
71 | dynamic "rule" {
72 | for_each = try(flatten([var.server_side_encryption_configuration["rule"]]), [])
73 |
74 | content {
75 | bucket_key_enabled = try(rule.value.bucket_key_enabled, null)
76 |
77 | dynamic "apply_server_side_encryption_by_default" {
78 | for_each = try([rule.value.apply_server_side_encryption_by_default], [])
79 |
80 | content {
81 | sse_algorithm = apply_server_side_encryption_by_default.value.sse_algorithm
82 | kms_master_key_id = try(apply_server_side_encryption_by_default.value.kms_master_key_id, null)
83 | }
84 | }
85 | }
86 | }
87 | }
88 |
89 | resource "aws_s3_bucket_accelerate_configuration" "s3-bucket-accelerate-config" {
90 | count = var.create_bucket && var.acceleration_status != null ? 1 : 0
91 |
92 | bucket = aws_s3_bucket.s3-bucket[0].id
93 | expected_bucket_owner = var.expected_bucket_owner
94 |
95 | # Valid values: "Enabled" or "Suspended"
96 | status = title(lower(var.acceleration_status))
97 | }
98 |
99 | resource "aws_s3_bucket_request_payment_configuration" "s3-bucket-payment" {
100 | count = var.create_bucket && var.request_payer != null ? 1 : 0
101 |
102 | bucket = aws_s3_bucket.s3-bucket[0].id
103 | expected_bucket_owner = var.expected_bucket_owner
104 |
105 | # Valid values: "BucketOwner" or "Requester"
106 | payer = lower(var.request_payer) == "requester" ? "Requester" : "BucketOwner"
107 | }
108 |
109 | resource "aws_s3_bucket_lifecycle_configuration" "s3-bucket-lifecycle" {
110 | count = var.create_bucket && length(local.lifecycle_rules) > 0 ? 1 : 0
111 |
112 | bucket = aws_s3_bucket.s3-bucket[0].id
113 | expected_bucket_owner = var.expected_bucket_owner
114 |
115 | dynamic "rule" {
116 | for_each = local.lifecycle_rules
117 |
118 | content {
119 | id = try(rule.value.id, null)
120 | status = try(rule.value.enabled ? "Enabled" : "Disabled", tobool(rule.value.status) ? "Enabled" : "Disabled", title(lower(rule.value.status)))
121 |
122 | # Max 1 block
123 | dynamic "abort_incomplete_multipart_upload" {
124 | for_each = try([rule.value.abort_incomplete_multipart_upload_days], [])
125 |
126 | content {
127 | days_after_initiation = try(rule.value.abort_incomplete_multipart_upload_days, null)
128 | }
129 | }
130 |
131 |
132 | # Max 1 block
133 | dynamic "expiration" {
134 | for_each = try(flatten([rule.value.expiration]), [])
135 |
136 | content {
137 | date = try(expiration.value.date, null)
138 | days = try(expiration.value.days, null)
139 | expired_object_delete_marker = try(expiration.value.expired_object_delete_marker, null)
140 | }
141 | }
142 |
143 | # Several blocks
144 | dynamic "transition" {
145 | for_each = try(flatten([rule.value.transition]), [])
146 |
147 | content {
148 | date = try(transition.value.date, null)
149 | days = try(transition.value.days, null)
150 | storage_class = transition.value.storage_class
151 | }
152 | }
153 |
154 | # Max 1 block
155 | dynamic "noncurrent_version_expiration" {
156 | for_each = try(flatten([rule.value.noncurrent_version_expiration]), [])
157 |
158 | content {
159 | newer_noncurrent_versions = try(noncurrent_version_expiration.value.newer_noncurrent_versions, null)
160 | noncurrent_days = try(noncurrent_version_expiration.value.days, noncurrent_version_expiration.value.noncurrent_days, null)
161 | }
162 | }
163 |
164 | # Several blocks
165 | dynamic "noncurrent_version_transition" {
166 | for_each = try(flatten([rule.value.noncurrent_version_transition]), [])
167 |
168 | content {
169 | newer_noncurrent_versions = try(noncurrent_version_transition.value.newer_noncurrent_versions, null)
170 | noncurrent_days = try(noncurrent_version_transition.value.days, noncurrent_version_transition.value.noncurrent_days, null)
171 | storage_class = noncurrent_version_transition.value.storage_class
172 | }
173 | }
174 |
175 | # Max 1 block - filter - without any key arguments or tags
176 | dynamic "filter" {
177 | for_each = length(try(flatten([rule.value.filter]), [])) == 0 ? [true] : []
178 |
179 | content {
180 | # prefix = ""
181 | }
182 | }
183 |
184 | # Max 1 block - filter - with one key argument or a single tag
185 | dynamic "filter" {
186 | for_each = [for v in try(flatten([rule.value.filter]), []) : v if max(length(keys(v)), length(try(rule.value.filter.tags, rule.value.filter.tag, []))) == 1]
187 |
188 | content {
189 | object_size_greater_than = try(filter.value.object_size_greater_than, null)
190 | object_size_less_than = try(filter.value.object_size_less_than, null)
191 | prefix = try(filter.value.prefix, null)
192 |
193 | dynamic "tag" {
194 | for_each = try(filter.value.tags, filter.value.tag, [])
195 |
196 | content {
197 | key = tag.key
198 | value = tag.value
199 | }
200 | }
201 | }
202 | }
203 |
204 | # Max 1 block - filter - with more than one key arguments or multiple tags
205 | dynamic "filter" {
206 | for_each = [for v in try(flatten([rule.value.filter]), []) : v if max(length(keys(v)), length(try(rule.value.filter.tags, rule.value.filter.tag, []))) > 1]
207 |
208 | content {
209 | and {
210 | object_size_greater_than = try(filter.value.object_size_greater_than, null)
211 | object_size_less_than = try(filter.value.object_size_less_than, null)
212 | prefix = try(filter.value.prefix, null)
213 | tags = try(filter.value.tags, filter.value.tag, null)
214 | }
215 | }
216 | }
217 | }
218 | }
219 |
220 | # Must have bucket versioning enabled first
221 | depends_on = [aws_s3_bucket_versioning.s3-bucket-versioning]
222 | }
--------------------------------------------------------------------------------