├── README.md ├── T01-Terraform-architecture-workflow ├── 01-initial-setup.md ├── 02-configure-terraform.md ├── 03-workflow.md ├── 04-terraform-blocks.md ├── 05-terraform-arguments-attributes-metaarguments.md ├── README.md ├── terraform-manifest-new │ ├── README.md │ ├── main.tf │ ├── provider.tf │ └── terraform-manifest-multiprovider │ │ ├── main.tf │ │ └── provider.tf └── terraform-manifest-old │ ├── README.md │ ├── main.tf │ └── provider.tf ├── T02-Terraform-resources ├── 01-Terraform-resources-syntax │ └── README.md ├── 02-Terraform-resources-behavior │ ├── 01-resource-syntax │ │ ├── README.md │ │ ├── main.tf │ │ └── provider.tf │ └── 02-resource-meta-arguments │ │ ├── 02-count │ │ ├── README.md │ │ ├── instance.tf │ │ ├── nginx-install.sh │ │ ├── provider.tf │ │ ├── security-group-rules.tf │ │ └── security-group.tf │ │ ├── 03-for_each │ │ ├── README.md │ │ ├── v1-without-vars │ │ │ ├── iamusers_string.tf │ │ │ ├── provider.tf │ │ │ ├── s3_for_each_policy.tf │ │ │ └── s3bucket_maps.tf │ │ └── v2-with_vars │ │ │ ├── policy.json │ │ │ ├── provider.tf │ │ │ ├── s3-bucket.tf │ │ │ └── variables.tf │ │ ├── 04-lifecycle │ │ ├── README.md │ │ ├── main.tf │ │ └── provider.tf │ │ ├── 05-previsioners-connections │ │ ├── 01-file-provisioner │ │ │ ├── README.md │ │ │ ├── emi-datasource.tf │ │ │ ├── instance.tf │ │ │ ├── nginx-install.sh │ │ │ ├── output.tf │ │ │ ├── provider.tf │ │ │ ├── security-group.tf │ │ │ └── variables.tf │ │ ├── 02-local-exec-provisioner │ │ │ ├── README.md │ │ │ ├── emi-datasource.tf │ │ │ ├── instance.tf │ │ │ ├── nginx-install.sh │ │ │ ├── output.tf │ │ │ ├── provider.tf │ │ │ ├── security-group.tf │ │ │ └── variables.tf │ │ ├── 03-remote-exec-provisioner │ │ │ ├── README.md │ │ │ ├── emi-datasource.tf │ │ │ ├── instance.tf │ │ │ ├── nginx-install.sh │ │ │ ├── output.tf │ │ │ ├── provider.tf │ │ │ ├── security-group.tf │ │ │ └── variables.tf │ │ ├── 04-null-provisioner │ │ │ ├── README.md │ │ │ ├── emi-datasource.tf │ │ │ ├── instance.tf │ │ │ ├── nginx-install.sh │ │ │ ├── output.tf │ │ │ ├── provider.tf │ │ │ ├── security-group.tf │ │ │ └── variables.tf │ │ └── README.md │ │ └── README.md ├── README.md └── terraform-manifest │ ├── igw.tf │ ├── main.tf │ ├── provider.tf │ ├── route.tf │ ├── subnet.tf │ └── vpc.tf ├── T03-Terraform-variables ├── 01-Terraform-input-variables │ ├── 01-Input-variables-basics │ │ ├── README.md │ │ ├── instance.tf │ │ ├── nginx-install.sh │ │ ├── provider.tf │ │ ├── security-group-rules.tf │ │ ├── ssecurity-groups.tf │ │ └── variables.tf │ ├── 02-Variables-prompted │ │ ├── README.md │ │ ├── instance.tf │ │ ├── nginx-install.sh │ │ ├── provider.tf │ │ ├── security-group-rules.tf │ │ ├── ssecurity-groups.tf │ │ └── variables.tf │ ├── 03-Variables-cli │ │ ├── README.md │ │ ├── instance.tf │ │ ├── nginx-install.sh │ │ ├── provider.tf │ │ ├── security-group-rules.tf │ │ ├── ssecurity-groups.tf │ │ └── variables.tf │ ├── 04-Environment-variables │ │ ├── README.md │ │ ├── instance.tf │ │ ├── nginx-install.sh │ │ ├── provider.tf │ │ ├── security-group-rules.tf │ │ ├── ssecurity-groups.tf │ │ └── variables.tf │ ├── 05-Variables-from-tfvars │ │ ├── README.md │ │ ├── ec2.auto.tfvars │ │ ├── ec2.tfvars │ │ ├── instance.tf │ │ ├── nginx-install.sh │ │ ├── provider.tf │ │ ├── security-group-rules.tf │ │ ├── ssecurity-groups.tf │ │ ├── terraform.tfvars │ │ └── variables.tf │ ├── 06-Input-variables-type-list │ │ ├── README.md │ │ ├── instance-list.tf │ │ ├── instance-map.tf │ │ ├── nginx-install.sh │ │ ├── provider.tf │ │ ├── security-group-rules.tf │ │ ├── ssecurity-groups.tf │ │ └── variables.tf │ ├── 07-Input-variable-validation-rules │ │ ├── README.md │ │ ├── instance.tf │ │ ├── nginx-install.sh │ │ ├── provider.tf │ │ ├── security-group-rules.tf │ │ ├── ssecurity-groups.tf │ │ └── variables.tf │ ├── 08-Protect-Input-variables │ │ ├── README.md │ │ ├── provider.tf │ │ ├── rdb-instance.tf │ │ ├── secrets.tfvars │ │ └── variables.tf │ ├── 09-File-function │ │ ├── instance.tf │ │ ├── nginx-install.sh │ │ ├── provider.tf │ │ ├── security-group-rules.tf │ │ └── ssecurity-groups.tf │ ├── README.md │ └── terraform-manifest │ │ ├── main.tf │ │ ├── provider.tf │ │ ├── security-group-rules.tf │ │ └── ssecurity-groups.tf ├── 02-Terraform-output-values │ ├── README.md │ ├── instance.tf │ ├── nginx-install.sh │ ├── output.tf │ ├── provider.tf │ ├── security-group.tf │ └── variables.tf ├── 03-Terraform-local-values │ ├── README.md │ ├── instance.tf │ ├── nginx-install.sh │ ├── output.tf │ ├── provider.tf │ ├── security-group.tf │ └── variables.tf ├── README.md └── T04-Loops-and-statements │ ├── count_README.md │ └── for_README.md ├── T04-Terraform-datasources ├── README.md ├── ami-datasource.tf ├── instance.tf ├── nginx-install.sh ├── output.tf ├── provider.tf ├── security-group.tf └── variables.tf ├── T05-Terraform-state-manipulation ├── 01-scenario-version-test.md ├── 02-DynamoDB-state-locking.md ├── 03-Terraform-show.md ├── 04-Terraform-refresh.md ├── 05-Terraform-state-commands.md ├── 06-Terraform-state-disaster-recovery.md ├── 07-Terraform-taint-untaint-deprecated.md ├── 08-Terraform-resource-target.md ├── 09-Manage-Resources-statefile.md ├── README.md └── terraform-manifest │ ├── instance.tf │ ├── provider.tf │ └── variables.tf ├── T06-Terraform-workspace ├── 01-Terraoform-workspace-local │ ├── README.md │ ├── ami-datasource.tf │ ├── instance.tf │ ├── nginx-install.sh │ ├── output.tf │ ├── provider.tf │ ├── security-group-rules.tf │ ├── security-group.tf │ └── variables.tf ├── 02-Terraform-workspace-remote │ ├── README.md │ ├── emi-datasource.tf │ ├── instance.tf │ ├── nginx-install.sh │ ├── output.tf │ ├── provider.tf │ ├── security-group-rules.tf │ ├── security-group.tf │ └── variables.tf └── README.md ├── T07-Terraform-modules ├── 01-Terraform-module-basics │ ├── README.md │ ├── emi-datasource.tf │ ├── instance.tf │ ├── nginx-install.sh │ ├── output.tf │ ├── provider.tf │ ├── security-group-rules.tf │ ├── security-group.tf │ └── variables.tf ├── 02-Static-website-s3-module │ ├── README.md │ ├── aws-s3-static-website-bucket │ │ ├── main.tf │ │ ├── modules │ │ │ └── aws-s3-static-website-bucket │ │ │ │ ├── LICENSE │ │ │ │ ├── README.md │ │ │ │ ├── index.html │ │ │ │ ├── output.tf │ │ │ │ ├── s3-bucket.tf │ │ │ │ └── variables.tf │ │ ├── output.tf │ │ ├── provider.tf │ │ └── variables.tf │ ├── main.tf │ ├── output.tf │ ├── provider.tf │ ├── terraform.tfvars │ └── variables.tf └── README.md ├── T09-Terraform-automation ├── 02-automation-using-github-actions.md ├── 03-Jenkins-Pipeline-Terraform.md ├── Jenkinsfile ├── Jenkinsfile.Docker ├── Jenkinsfile.choiceparameter ├── Jenkinsfile.staticparameters ├── Jenkinsfile_param.md ├── README.md └── terraform-github-actions.yml ├── T11-Terraforn-testing ├── 01-terrascan.md ├── 02-checkov.md └── README.md ├── T12-Import-Terraform-Configuration └── README.md ├── T13-Built-in-functions ├── README.md └── variables.tf ├── TASKS ├── sceanrio1-map │ ├── instance.tf │ ├── nginx-install.sh │ ├── provider.tf │ ├── security-group-rules.tf │ ├── security-group.tf │ └── variables.tf ├── scenario2 │ ├── instance.tf │ ├── nginx-install.sh │ ├── provider.tf │ ├── security-group-rules.tf │ ├── security-group.tf │ └── variables.tf ├── scenario3 │ ├── REAME.md │ ├── provider.tf │ └── vpc_subnet_tags.tf ├── terraform-manifest-ansible │ ├── README.md │ ├── ami-datasource.tf │ ├── codecommit.tf │ ├── ebs-volume.tf │ ├── instance.tf │ ├── playbooks │ │ └── jenkins_deployment.yaml │ ├── provider.tf │ ├── security-group-rules.tf │ ├── ssecurity-groups.tf │ └── variables.tf ├── terraform-manifest-demo0 │ ├── README.md │ ├── ami-datasource.tf │ ├── ebs-volume.tf │ ├── instance.tf │ ├── provider.tf │ ├── security-group-rules.tf │ ├── ssecurity-groups.tf │ └── variables.tf ├── terraform-manifest-demo1 │ ├── igw.tf │ ├── instance.tf │ ├── nginx-install.sh │ ├── output.tf │ ├── provider.tf │ ├── route-table.tf │ ├── security-group-rules.tf │ ├── security-group.tf │ ├── subnet.tf │ ├── variables.tf │ └── vpc.tf ├── terraform-manifest-demo2 │ ├── igw.tf │ ├── instance.tf │ ├── nginx-install.sh │ ├── output.tf │ ├── provider.tf │ ├── route-table.tf │ ├── security-group-rules.tf │ ├── security-group.tf │ ├── subnet.tf │ ├── variables.tf │ └── vpc.tf ├── terraform-manifest-demo3 │ ├── README.md │ ├── output.tf │ ├── policy.json │ ├── provider.tf │ ├── v1-s3-bucket.tf │ ├── v2-s3-bucket.tf │ └── variables.tf └── terraform-manifest-demo4 │ └── README.md ├── TODO ├── README.md └── Sentinel ├── Terragrunt ├── Configuration │ ├── README.md │ ├── dependencies-block.hcl │ ├── generate-block.hcl │ ├── include-block.hcl │ ├── inputs-attribute.hcl │ ├── locals-block.hcl │ ├── remote_state-block.hcl │ ├── retryable-errors.hcl │ └── terraform-block.hcl ├── dependency-block.hcl ├── terragrunt-example.hcl └── terragrunt.hcl ├── aws-eks-cluster ├── README.md ├── eks-cluster-access-policy.json ├── ekscluster-role.tf ├── elastic-ip.tf ├── igw.tf ├── instance.tf ├── nginx-install.sh ├── provider.tf ├── route.tf ├── security-group-rules.tf ├── security-group.tf ├── ssh-key-pair.tf ├── subnets.tf └── vpc.tf └── src └── images ├── Jenkins-terraform-1.PNG ├── different-IaC.PNG ├── jenkins-approve-discard.PNG ├── terraform-apply.PNG ├── terraform-cloud-vcs.png ├── terraform-flow-aws.png ├── terraform-flow-azure.png ├── terraform-import-workflow-diagram.png ├── terraform-meta-arguments.png ├── terraform-plan.PNG ├── terraform-state-remote-locking.png ├── terraform-state-remote-remote.png ├── terraform-state-remote.png ├── terraform-variables.png ├── terraform-workflow.png ├── terraform_write.PNG ├── windows-aws-cli.PNG ├── windows-terraform-install0.PNG ├── windows-terraform-install1.PNG └── windows-terraform-install2.PNG /T01-Terraform-architecture-workflow/05-terraform-arguments-attributes-metaarguments.md: -------------------------------------------------------------------------------- 1 | # Terraform Arguments 2 | - Arguments configure a particular resource; because of this, many arguments are resource-specific. 3 | - Arguments can be required or optional, as specified by the provider. If you do not supply a required argument, Terraform will give an error and not apply the configuration. 4 | 5 | # Terraform Attributes 6 | - Attributes are values exposed by an existing resource. References to resource attributes take the format resource_type.resource_name.attribute_name. 7 | - Unlike arguments which specify an infrastructure object's configuration, a resource's attributes are often assigned to it by the underlying cloud provider or API. 8 | 9 | # Terraform Meta-arguments 10 | - Meta-arguments change a resource's behavior, such as using a count meta-argument to create multiple resources. 11 | - Meta-arguments are a function of Terraform itself and are not resource or provider-specific. 12 | - Example: for_each, count, depends_on, provider, and life-cycle 13 | 14 | ## References 15 | - [Arguments](https://www.terraform.io/docs/language/syntax/configuration.html#arguments) 16 | - [Attributes](https://learn.hashicorp.com/tutorials/terraform/resource?in=terraform/configuration-language#review-the-random_pet-resource) 17 | - [Meta-arguments](https://www.terraform.io/docs/language/resources/syntax.html#meta-arguments) -------------------------------------------------------------------------------- /T01-Terraform-architecture-workflow/README.md: -------------------------------------------------------------------------------- 1 | # Introduction to IaC 2 | **Infrastructure as Code (IaC) is the managing and provisioning of infrastructure through code instead of through manual processes.** 3 | 4 | Some of the tools listed below which falls under IaC: 5 | - Terraform 6 | - AWS CloudFormation 7 | - Puppet 8 | - Chef 9 | - Ansible 10 | - Saltstack 11 | 12 | # Introduction to Terraform 13 | **Terraform is an infrastructure as code (IaC) tool that allows you to build, change, and version infrastructure safely and efficiently. This includes low-level components such as compute instances, storage, and networking, as well as high-level components such as DNS entries, SaaS features, etc. Terraform can manage both existing service providers and custom in-house solutions.** 14 | - we can automate and manage infrastructure 15 | - OpenSoure and uses declarative language(Hashicorp Configuration Language) 16 | 17 | # Key features of Terraform 18 | - **IaC** we can describe our required infrastucture on specific providers like AWS, Azure, GCP, Kubernetes etc., using **Terraform High-level language** in human-readable, declarative configuration files. 19 | - **Execution Plans** we can generate an execution plan which shows what it will do on the target Intrastucture. So that we can cross check and modify before creating it creates, updates or destroy. 20 | - **Resource graph** it builds a resource graph and creates or modifies non-dependent resources in parallel. This allows Terraform to build resources as efficiently as possible and gives you greater insight into your infrastructure. 21 | - **Change automation** it can apply complex changesets to your infrastructure with minimal human interaction. When you update configuration files, Terraform determines what changed and creates incremental execution plans that respect dependencies. -------------------------------------------------------------------------------- /T01-Terraform-architecture-workflow/terraform-manifest-new/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "web" { 2 | ami = "ami-0c2b8ca1dad447f8a" 3 | instance_type = "t2.micro" 4 | 5 | tags = { 6 | Name = "WebApp-terraform" 7 | } 8 | } -------------------------------------------------------------------------------- /T01-Terraform-architecture-workflow/terraform-manifest-new/provider.tf: -------------------------------------------------------------------------------- 1 | /* 2 | Terraform Block 3 | Provider Block 4 | */ 5 | terraform { 6 | required_providers { 7 | aws = { 8 | source = "hashicorp/aws" 9 | version = "~> 3.0" 10 | } 11 | } 12 | required_version = ">= 0.14.9" 13 | } 14 | 15 | provider "aws" { 16 | region = "us-east-1" 17 | profile = "default" 18 | } -------------------------------------------------------------------------------- /T01-Terraform-architecture-workflow/terraform-manifest-new/terraform-manifest-multiprovider/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "web" { 2 | ami = "ami-0c2b8ca1dad447f8a" 3 | instance_type = "t2.micro" 4 | 5 | tags = { 6 | Name = "WebApp-terraform" 7 | } 8 | } 9 | 10 | resource "aws_instance" "web" { 11 | ami = "ami-0c2b8ca1dad447f8a" 12 | instance_type = "t2.micro" 13 | provider = aws.west 14 | 15 | tags = { 16 | Name = "WebApp-terraform" 17 | } 18 | } -------------------------------------------------------------------------------- /T01-Terraform-architecture-workflow/terraform-manifest-new/terraform-manifest-multiprovider/provider.tf: -------------------------------------------------------------------------------- 1 | /* 2 | Terraform Block 3 | Provider Block 4 | */ 5 | terraform { 6 | required_providers { 7 | aws = { 8 | source = "hashicorp/aws" 9 | version = "~> 3.0" 10 | } 11 | } 12 | required_version = ">= 0.14.9" 13 | } 14 | 15 | provider "aws" { 16 | region = "us-east-1" 17 | profile = "default" 18 | } 19 | 20 | provider "aws" { 21 | alias = "west" 22 | region = "us-west-2" 23 | profile = "default" 24 | } -------------------------------------------------------------------------------- /T01-Terraform-architecture-workflow/terraform-manifest-old/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "web" { 2 | ami = "ami-0c2b8ca1dad447f8a" 3 | instance_type = "t2.micro" 4 | 5 | tags = { 6 | Name = "WebApp-terraform" 7 | } 8 | } -------------------------------------------------------------------------------- /T01-Terraform-architecture-workflow/terraform-manifest-old/provider.tf: -------------------------------------------------------------------------------- 1 | #Single line comment, provider block 2 | provider "aws" { 3 | version = "~> 3.0" // Terraform aws plugin version 4 | region = "us-east-1" 5 | profile = "default" 6 | } 7 | 8 | /* 9 | Reference: 10 | https://registry.terraform.io/providers/hashicorp/aws/latest/docs 11 | */ -------------------------------------------------------------------------------- /T02-Terraform-resources/01-Terraform-resources-syntax/README.md: -------------------------------------------------------------------------------- 1 | # Terraform Resource Syntax 2 | - Inorder to create resources on specific provider, we have to define resource block in "main.tf" file or any specific file with .tf as extension. 3 | - Top/Parent level blocks like resource, provider etc., and Low/Child level blocks like tags, provisioners etc., 4 | ``` 5 | resource "aws_vpc" "main" { 6 | cidr_block = var.base_cidr_block 7 | } 8 | 9 | "" "" { 10 | # Block body 11 | = # Argument 12 | } 13 | 14 | #For example 15 | aws_vpc --> resource type, defends on provider we are using 16 | main --> resource local name should be unique 17 | cidr_block --> Rource arguments 18 | ``` 19 | 20 | ## References 21 | - [Terraform Language](https://www.terraform.io/docs/language/index.html) -------------------------------------------------------------------------------- /T02-Terraform-resources/02-Terraform-resources-behavior/01-resource-syntax/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "web" { 2 | ami = "ami-0c2b8ca1dad447f8a" 3 | instance_type = "t2.micro" 4 | availability_zone = "us-east-1a" 5 | #availability_zone = "us-east-1c" 6 | 7 | tags = { 8 | "Name" = "WebApp-terraform" 9 | #"Name" = "Nginx" 10 | } 11 | } -------------------------------------------------------------------------------- /T02-Terraform-resources/02-Terraform-resources-behavior/01-resource-syntax/provider.tf: -------------------------------------------------------------------------------- 1 | # Terraform AWS provider 2 | terraform { 3 | required_version = ">= 1.0.3" 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = "~> 3.0" 8 | } 9 | } 10 | } 11 | provider "aws" { 12 | region = "us-east-1" 13 | profile = "default" 14 | } -------------------------------------------------------------------------------- /T02-Terraform-resources/02-Terraform-resources-behavior/02-resource-meta-arguments/02-count/README.md: -------------------------------------------------------------------------------- 1 | # Terraform Resource Meta-arguments using count 2 | - If we need to create multiple same resource with single configuration file, then count will be a right choice. 3 | - Value for count will be a integer. For example count = 3, will create 3 instances in AWS. 4 | - These three objects for example will be distinct from each other while created, updated or destroyed while applying configuration files. 5 | - count.index will be distinct index number(starts from 0) corresponding to this instance. 6 | - Instances are identified using index number starting from 0. For example: aws_instance.web[0]/[1]/[2] 7 | - Modules support count from terraform v0.13. 8 | - A resource or module can't use both **count and for_each** at a time. 9 | 10 | ## References 11 | - [Count Meta-Argument](https://www.terraform.io/docs/language/meta-arguments/count.html) -------------------------------------------------------------------------------- /T02-Terraform-resources/02-Terraform-resources-behavior/02-resource-meta-arguments/02-count/instance.tf: -------------------------------------------------------------------------------- 1 | /* 2 | This configuration will create 5 EC2 instances 3 | on AWS provider 4 | */ 5 | resource "aws_instance" "web" { 6 | ami = "ami-09e67e426f25ce0d7" #Ubuntu 20.04 LTS Free Tier Image 7 | instance_type = "t2.micro" 8 | key_name = "terraform-demo" 9 | user_data = file("nginx-install.sh") 10 | count = 5 11 | #availability_zone = "us-east-1a" 12 | 13 | tags = { 14 | "Name" = "Nginx-${count.index}" 15 | } 16 | } -------------------------------------------------------------------------------- /T02-Terraform-resources/02-Terraform-resources-behavior/02-resource-meta-arguments/02-count/nginx-install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | sudo apt update && apt -y dist-upgrade 3 | sudo apt install -y nginx 4 | sudo systemctl enable nginx 5 | sudo systemctl start nginx 6 | echo "

Nginx was deployed successful using terraform $(hostname -f)

" > /usr/share/nginx/html/index.html 7 | echo "

Nginx was deployed successful using terraform $(hostname -f)

" > /var/www/html/index.html -------------------------------------------------------------------------------- /T02-Terraform-resources/02-Terraform-resources-behavior/02-resource-meta-arguments/02-count/provider.tf: -------------------------------------------------------------------------------- 1 | # Terraform AWS provider 2 | terraform { 3 | required_version = ">= 1.0.3" 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = "~> 3.0" 8 | } 9 | } 10 | } 11 | provider "aws" { 12 | region = "us-east-1" 13 | profile = "default" 14 | } -------------------------------------------------------------------------------- /T02-Terraform-resources/02-Terraform-resources-behavior/02-resource-meta-arguments/02-count/security-group-rules.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group_rule" "ingress_ssh" { 2 | type = "ingress" 3 | from_port = 22 4 | to_port = 22 5 | protocol = "tcp" 6 | cidr_blocks = ["0.0.0.0/0"] 7 | security_group_id = aws_security_group.allow_http_ssh.id 8 | } 9 | 10 | resource "aws_security_group_rule" "ingress_http" { 11 | type = "ingress" 12 | from_port = 80 13 | to_port = 80 14 | protocol = "tcp" 15 | cidr_blocks = ["0.0.0.0/0"] 16 | security_group_id = aws_security_group.allow_http_ssh.id 17 | } 18 | 19 | resource "aws_security_group_rule" "egress_allow_all" { 20 | type = "egress" 21 | to_port = 0 22 | protocol = "-1" 23 | from_port = 0 24 | cidr_blocks = ["0.0.0.0/0"] 25 | security_group_id = aws_security_group.allow_http_ssh.id 26 | } -------------------------------------------------------------------------------- /T02-Terraform-resources/02-Terraform-resources-behavior/02-resource-meta-arguments/02-count/security-group.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "allow_http_ssh" { 2 | name = "allow-http-ssh" 3 | description = "Allow Ingress rules to allow SSH and HTTP connections" 4 | #vpc_id = aws_vpc.my_vpc.id 5 | } -------------------------------------------------------------------------------- /T02-Terraform-resources/02-Terraform-resources-behavior/02-resource-meta-arguments/03-for_each/v1-without-vars/iamusers_string.tf: -------------------------------------------------------------------------------- 1 | resource "aws_iam_user" "demousers" { 2 | for_each = toset(["sudheer", "adithya", "prakash"]) 3 | name = each.key // we can also use each.value 4 | } -------------------------------------------------------------------------------- /T02-Terraform-resources/02-Terraform-resources-behavior/02-resource-meta-arguments/03-for_each/v1-without-vars/provider.tf: -------------------------------------------------------------------------------- 1 | # Terraform AWS provider 2 | terraform { 3 | required_version = ">= 1.0.3" 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = "~> 3.0" 8 | } 9 | } 10 | } 11 | provider "aws" { 12 | region = "us-east-1" 13 | profile = "default" 14 | } -------------------------------------------------------------------------------- /T02-Terraform-resources/02-Terraform-resources-behavior/02-resource-meta-arguments/03-for_each/v1-without-vars/s3_for_each_policy.tf: -------------------------------------------------------------------------------- 1 | /* 2 | This configuration will create 3 s3 buckets which names 3 | provided with key-value on AWS provider 4 | */ 5 | resource "aws_s3_bucket" "s3demobucket" { 6 | for_each = { 7 | dev = "s3-demo-bucket" 8 | test = "s3-demo-bucket" 9 | qa = "s3-demo-bucket" 10 | } 11 | bucket = "${each.key}-${each.value}" 12 | policy = < v.id} 36 | # [for , in : ] 37 | bucket = "${each.value}" 38 | acl = "public-read" 39 | } 40 | /* 41 | output "key_value_data" { 42 | value = {for k, v in aws_s3_bucket.s3demobucket : k => v.id} 43 | } 44 | 45 | output "all_details" { 46 | value = values(aws_s3_bucket.s3demobucket)[*].arn 47 | } 48 | 49 | output "key_value_info" { 50 | value = aws_s3_bucket.s3demobucket 51 | } 52 | 53 | output "key_filtered_data" { 54 | value = [for name in var.names : upper(name) if length(name) < 5] 55 | } 56 | */ -------------------------------------------------------------------------------- /T02-Terraform-resources/02-Terraform-resources-behavior/02-resource-meta-arguments/03-for_each/v1-without-vars/s3bucket_maps.tf: -------------------------------------------------------------------------------- 1 | /* 2 | This configuration will create 3 s3 buckets which names 3 | provided with key-value on AWS provider 4 | */ 5 | resource "aws_s3_bucket" "s3demobucket" { 6 | for_each = { 7 | dev = "s3-dev-bucket" 8 | test = "s3-test-bucket" 9 | qa = "s3-qa-bucket" 10 | } 11 | bucket = "${each.key}-${each.value}" 12 | acl = "public-read" 13 | policy = <Nginx was deployed successful using terraform" > /usr/share/nginx/html/index.html 7 | echo "

Nginx was deployed successful using terraform

" > /var/www/html/index.html -------------------------------------------------------------------------------- /T02-Terraform-resources/02-Terraform-resources-behavior/02-resource-meta-arguments/05-previsioners-connections/01-file-provisioner/output.tf: -------------------------------------------------------------------------------- 1 | output "ec2_instance_private_ip" { 2 | value = aws_instance.web.*.private_ip 3 | description = "EC2 instance Private IP address" 4 | } 5 | 6 | output "ec2_instance_public_ip" { 7 | value = aws_instance.web.*.public_ip 8 | description = "EC2 instance Public IP address" 9 | } 10 | 11 | output "ec2_instance_public_dns" { 12 | value = "http://${aws_instance.web.*.public_dns}" 13 | description = "EC2 instance Private DNS name" 14 | #sensitive = true 15 | } -------------------------------------------------------------------------------- /T02-Terraform-resources/02-Terraform-resources-behavior/02-resource-meta-arguments/05-previsioners-connections/01-file-provisioner/provider.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = "= 1.0.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 3.0" 7 | } 8 | } 9 | } 10 | provider "aws" { 11 | region = var.aws_region 12 | profile = "default" 13 | } -------------------------------------------------------------------------------- /T02-Terraform-resources/02-Terraform-resources-behavior/02-resource-meta-arguments/05-previsioners-connections/01-file-provisioner/security-group.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "vpc-ssh-web" { 2 | name = "ec2-ssh-web-${terraform.workspace}" //"EC2-ssh-web" 3 | description = "Allow ssh and web inbound traffic" 4 | 5 | ingress = [ 6 | { 7 | description = "SSH from VPC" 8 | from_port = 22 9 | to_port = 22 10 | protocol = "tcp" 11 | cidr_blocks = ["0.0.0.0/0"] 12 | }, 13 | { 14 | description = "web from VPC" 15 | from_port = 80 16 | to_port = 80 17 | protocol = "tcp" 18 | cidr_blocks = ["0.0.0.0/0"] 19 | } 20 | ] 21 | 22 | 23 | egress = [ 24 | { 25 | from_port = 0 26 | to_port = 0 27 | protocol = "-1" 28 | cidr_blocks = ["0.0.0.0/0"] 29 | } 30 | ] 31 | 32 | tags = { 33 | Name = "EC2-ssh-web-${terraform.workspace}" 34 | } 35 | } -------------------------------------------------------------------------------- /T02-Terraform-resources/02-Terraform-resources-behavior/02-resource-meta-arguments/05-previsioners-connections/01-file-provisioner/variables.tf: -------------------------------------------------------------------------------- 1 | local { 2 | envionment-name = "${var.tag_name}" 3 | } 4 | variable "aws_region" { 5 | description = "Region on which resources will be created" 6 | type = string 7 | default = "us-east-1" 8 | } 9 | variable "az_name" { 10 | description = "Availability Zone name" 11 | type = string 12 | default = "us-east-1a" 13 | } 14 | variable "inst_type" { 15 | description = "Instance type used to launch EC2 Instance" 16 | type = string 17 | default = "t2.micro" 18 | } 19 | variable "inst_count" { 20 | description = "No of EC2 instances that need to launched" 21 | type = number 22 | default = 1 23 | } 24 | variable "tag_name" { 25 | description = "Default tag will be added to all resource when used" 26 | type = string 27 | default = "terraform-webapp-demo" 28 | } -------------------------------------------------------------------------------- /T02-Terraform-resources/02-Terraform-resources-behavior/02-resource-meta-arguments/05-previsioners-connections/02-local-exec-provisioner/README.md: -------------------------------------------------------------------------------- 1 | # Terraform local-exec provisioner 2 | - The local-exec provisioner invokes a local executable after a resource is created. 3 | - This invokes a process on the machine running Terraform, not on the resource. 4 | - Task 1 5 | - Lets create one provisioner during creation-time. Which should ootput private ip address of the instance into a file "ec2-private-ipaddress.txt" 6 | ``` 7 | privisioner "local-exec" { 8 | command = "echo ${aws_instance.wen.private_ip} >> ec2-private-ipaddress.txt" 9 | working_dir = "local-exec-output-files/" 10 | } 11 | 12 | provisioner "local-exec" { 13 | when = destroy 14 | command = "echo Destroy-time provisioner EC2 instance at `date` >> ec2-destroy.txt" 15 | working_dir = "local-exec-output-files/" 16 | } 17 | ``` 18 | 19 | ## Scenario 1: 20 | ``` 21 | - terraform init 22 | - terraform validate/fmt (optional) 23 | - terraform apply -auto-approve --> check if file "ec2-private-ipaddress.txt" was created under directory "local-exec-output-files" in current workspace. 24 | - terraform destroy -auto-approve --> check if file "ec2-destroy.txt" file was created under directory "local-exec-output-files" in current workspace. 25 | ``` -------------------------------------------------------------------------------- /T02-Terraform-resources/02-Terraform-resources-behavior/02-resource-meta-arguments/05-previsioners-connections/02-local-exec-provisioner/emi-datasource.tf: -------------------------------------------------------------------------------- 1 | data "aws_ami" "amzlinux" { 2 | most_recent = true 3 | owners = ["amazon"] 4 | filter { 5 | name = "name" 6 | values = ["amzn2-ami-hvm-*"] 7 | } 8 | filter { 9 | name = "root-device-type" 10 | values = ["ebs"] 11 | } 12 | filter { 13 | name = "virtualization-type" 14 | values = ["hvm"] 15 | } 16 | filter { 17 | name = "architecture" 18 | values = ["x86_64"] 19 | } 20 | } -------------------------------------------------------------------------------- /T02-Terraform-resources/02-Terraform-resources-behavior/02-resource-meta-arguments/05-previsioners-connections/02-local-exec-provisioner/instance.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "web" { 2 | ami = data.aws_ami.amzlinux //ami-0c2b8ca1dad447f8a 3 | instance_type = var.inst_type 4 | count = var.inst_count 5 | key_name = "terraform-aws" 6 | availability_zone = var.az_name 7 | user_data = file(nginx-install.sh) 8 | vpc_security_group_ids = [aws_security_group.vpc-ssh-web.id] 9 | 10 | tags = { 11 | Name = "WebApp-terraform" 12 | } 13 | connection { 14 | type = "ssh" 15 | host = self.public_ip 16 | user = "ec2-user" 17 | password = "" 18 | private_key = file("private-key/terraform-key.pem") 19 | } 20 | privisioner "local-exec" { 21 | command = "echo ${aws_instance.web.private_ip} >> ec2-private-ipaddress.txt" 22 | working_dir = "local-exec-output-files/" 23 | } 24 | 25 | provisioner "local-exec" { 26 | when = destroy 27 | command = "echo Destroy-time provisioner EC2 instance at `date` >> ec2-destroy.txt" 28 | working_dir = "local-exec-output-files/" 29 | } 30 | } 31 | /* 32 | - [local-exec](https://www.terraform.io/language/resources/provisioners/local-exec#argument-reference) 33 | */ -------------------------------------------------------------------------------- /T02-Terraform-resources/02-Terraform-resources-behavior/02-resource-meta-arguments/05-previsioners-connections/02-local-exec-provisioner/nginx-install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | sudo yum update 3 | sudo yum install -y nginx 4 | sudo systemctl enable nginx 5 | sudo systemctl start nginx 6 | echo "

Nginx was deployed successful using terraform

" > /usr/share/nginx/html/index.html 7 | echo "

Nginx was deployed successful using terraform

" > /var/www/html/index.html -------------------------------------------------------------------------------- /T02-Terraform-resources/02-Terraform-resources-behavior/02-resource-meta-arguments/05-previsioners-connections/02-local-exec-provisioner/output.tf: -------------------------------------------------------------------------------- 1 | output "ec2_instance_private_ip" { 2 | value = aws_instance.web.*.private_ip 3 | description = "EC2 instance Private IP address" 4 | } 5 | 6 | output "ec2_instance_public_ip" { 7 | value = aws_instance.web.*.public_ip 8 | description = "EC2 instance Public IP address" 9 | } 10 | 11 | output "ec2_instance_public_dns" { 12 | value = "http://${aws_instance.web.*.public_dns}" 13 | description = "EC2 instance Private DNS name" 14 | #sensitive = true 15 | } -------------------------------------------------------------------------------- /T02-Terraform-resources/02-Terraform-resources-behavior/02-resource-meta-arguments/05-previsioners-connections/02-local-exec-provisioner/provider.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = "= 1.0.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 3.0" 7 | } 8 | } 9 | } 10 | provider "aws" { 11 | region = var.aws_region 12 | profile = "default" 13 | } -------------------------------------------------------------------------------- /T02-Terraform-resources/02-Terraform-resources-behavior/02-resource-meta-arguments/05-previsioners-connections/02-local-exec-provisioner/security-group.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "vpc-ssh-web" { 2 | name = "ec2-ssh-web-${terraform.workspace}" //"EC2-ssh-web" 3 | description = "Allow ssh and web inbound traffic" 4 | 5 | ingress = [ 6 | { 7 | description = "SSH from VPC" 8 | from_port = 22 9 | to_port = 22 10 | protocol = "tcp" 11 | cidr_blocks = ["0.0.0.0/0"] 12 | }, 13 | { 14 | description = "web from VPC" 15 | from_port = 80 16 | to_port = 80 17 | protocol = "tcp" 18 | cidr_blocks = ["0.0.0.0/0"] 19 | } 20 | ] 21 | 22 | 23 | egress = [ 24 | { 25 | from_port = 0 26 | to_port = 0 27 | protocol = "-1" 28 | cidr_blocks = ["0.0.0.0/0"] 29 | } 30 | ] 31 | 32 | tags = { 33 | Name = "EC2-ssh-web-${terraform.workspace}" 34 | } 35 | } -------------------------------------------------------------------------------- /T02-Terraform-resources/02-Terraform-resources-behavior/02-resource-meta-arguments/05-previsioners-connections/02-local-exec-provisioner/variables.tf: -------------------------------------------------------------------------------- 1 | local { 2 | envionment-name = "${var.tag_name}" 3 | } 4 | variable "aws_region" { 5 | description = "Region on which resources will be created" 6 | type = string 7 | default = "us-east-1" 8 | } 9 | variable "az_name" { 10 | description = "Availability Zone name" 11 | type = string 12 | default = "us-east-1a" 13 | } 14 | variable "inst_type" { 15 | description = "Instance type used to launch EC2 Instance" 16 | type = string 17 | default = "t2.micro" 18 | } 19 | variable "inst_count" { 20 | description = "No of EC2 instances that need to launched" 21 | type = number 22 | default = 1 23 | } 24 | variable "tag_name" { 25 | description = "Default tag will be added to all resource when used" 26 | type = string 27 | default = "terraform-webapp-demo" 28 | } -------------------------------------------------------------------------------- /T02-Terraform-resources/02-Terraform-resources-behavior/02-resource-meta-arguments/05-previsioners-connections/03-remote-exec-provisioner/README.md: -------------------------------------------------------------------------------- 1 | # Terraform remote-exec provisioner 2 | - From file provisioner tasks we understood that provisioner was added with on_failure=continue to skip the failure. 3 | - This is always not a good practice to skip, but instead to be resolved with other approches Terraform providers. For example, with remote-exec to copy file to /usr/share/nginx/html with sudo user. 4 | - The remote-exec provisioner invokes a script on a remote resource after it is created. 5 | - This can be used to run a configuration management tool, bootstrap into a cluster, etc. 6 | ``` 7 | connection { 8 | type = "ssh" 9 | host = self.public_ip 10 | user = "ec2-user" 11 | password = "" 12 | private_key = file("private-key/terraform-key.pem") 13 | } 14 | provisioner "file" { 15 | source = "apps/index.html" 16 | destination = "/tmp/index.html" 17 | } 18 | provisioner "remote-exec" { 19 | inline = [ 20 | "sleep 120" # will sleep for 120 seconds to ensure apache package installed and running 21 | "sudo cp /tmp/index.html /var/www/html /usr/share/nginx/html" 22 | ] 23 | } 24 | ``` -------------------------------------------------------------------------------- /T02-Terraform-resources/02-Terraform-resources-behavior/02-resource-meta-arguments/05-previsioners-connections/03-remote-exec-provisioner/emi-datasource.tf: -------------------------------------------------------------------------------- 1 | data "aws_ami" "amzlinux" { 2 | most_recent = true 3 | owners = ["amazon"] 4 | filter { 5 | name = "name" 6 | values = ["amzn2-ami-hvm-*"] 7 | } 8 | filter { 9 | name = "root-device-type" 10 | values = ["ebs"] 11 | } 12 | filter { 13 | name = "virtualization-type" 14 | values = ["hvm"] 15 | } 16 | filter { 17 | name = "architecture" 18 | values = ["x86_64"] 19 | } 20 | } -------------------------------------------------------------------------------- /T02-Terraform-resources/02-Terraform-resources-behavior/02-resource-meta-arguments/05-previsioners-connections/03-remote-exec-provisioner/instance.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "web" { 2 | ami = data.aws_ami.amzlinux //ami-0c2b8ca1dad447f8a 3 | instance_type = var.inst_type 4 | count = var.inst_count 5 | key_name = "terraform-aws" 6 | availability_zone = var.az_name 7 | user_data = file(nginx-install.sh) 8 | vpc_security_group_ids = [aws_security_group.vpc-ssh-web.id] 9 | 10 | tags = { 11 | Name = "WebApp-terraform" 12 | } 13 | connection { 14 | type = "ssh" 15 | host = self.public_ip 16 | user = "ec2-user" 17 | password = "" 18 | private_key = file("private-key/terraform-key.pem") 19 | } 20 | provisioner "file" { 21 | source = "apps/index.html" 22 | destination = "/tmp/index.html" 23 | } 24 | provisioner "remote-exec" { 25 | inline = [ 26 | "sleep 120", # will sleep for 120 seconds to ensure apache package installed and running 27 | "sudo cp /tmp/index.html /var/www/html /usr/share/nginx/html" 28 | ] 29 | } 30 | } 31 | /* 32 | - [Provisioner connection](https://www.terraform.io/language/resources/provisioners/connection) 33 | */ -------------------------------------------------------------------------------- /T02-Terraform-resources/02-Terraform-resources-behavior/02-resource-meta-arguments/05-previsioners-connections/03-remote-exec-provisioner/nginx-install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | sudo yum update 3 | sudo yum install -y nginx 4 | sudo systemctl enable nginx 5 | sudo systemctl start nginx 6 | echo "

Nginx was deployed successful using terraform

" > /usr/share/nginx/html/index.html 7 | echo "

Nginx was deployed successful using terraform

" > /var/www/html/index.html -------------------------------------------------------------------------------- /T02-Terraform-resources/02-Terraform-resources-behavior/02-resource-meta-arguments/05-previsioners-connections/03-remote-exec-provisioner/output.tf: -------------------------------------------------------------------------------- 1 | output "ec2_instance_private_ip" { 2 | value = aws_instance.web.*.private_ip 3 | description = "EC2 instance Private IP address" 4 | } 5 | 6 | output "ec2_instance_public_ip" { 7 | value = aws_instance.web.*.public_ip 8 | description = "EC2 instance Public IP address" 9 | } 10 | 11 | output "ec2_instance_public_dns" { 12 | value = "http://${aws_instance.web.*.public_dns}" 13 | description = "EC2 instance Private DNS name" 14 | #sensitive = true 15 | } -------------------------------------------------------------------------------- /T02-Terraform-resources/02-Terraform-resources-behavior/02-resource-meta-arguments/05-previsioners-connections/03-remote-exec-provisioner/provider.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = "= 1.0.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 3.0" 7 | } 8 | } 9 | } 10 | provider "aws" { 11 | region = var.aws_region 12 | profile = "default" 13 | } -------------------------------------------------------------------------------- /T02-Terraform-resources/02-Terraform-resources-behavior/02-resource-meta-arguments/05-previsioners-connections/03-remote-exec-provisioner/security-group.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "vpc-ssh-web" { 2 | name = "ec2-ssh-web-${terraform.workspace}" //"EC2-ssh-web" 3 | description = "Allow ssh and web inbound traffic" 4 | 5 | ingress = [ 6 | { 7 | description = "SSH from VPC" 8 | from_port = 22 9 | to_port = 22 10 | protocol = "tcp" 11 | cidr_blocks = ["0.0.0.0/0"] 12 | }, 13 | { 14 | description = "web from VPC" 15 | from_port = 80 16 | to_port = 80 17 | protocol = "tcp" 18 | cidr_blocks = ["0.0.0.0/0"] 19 | } 20 | ] 21 | 22 | 23 | egress = [ 24 | { 25 | from_port = 0 26 | to_port = 0 27 | protocol = "-1" 28 | cidr_blocks = ["0.0.0.0/0"] 29 | } 30 | ] 31 | 32 | tags = { 33 | Name = "EC2-ssh-web-${terraform.workspace}" 34 | } 35 | } -------------------------------------------------------------------------------- /T02-Terraform-resources/02-Terraform-resources-behavior/02-resource-meta-arguments/05-previsioners-connections/03-remote-exec-provisioner/variables.tf: -------------------------------------------------------------------------------- 1 | local { 2 | envionment-name = "${var.tag_name}" 3 | } 4 | variable "aws_region" { 5 | description = "Region on which resources will be created" 6 | type = string 7 | default = "us-east-1" 8 | } 9 | variable "az_name" { 10 | description = "Availability Zone name" 11 | type = string 12 | default = "us-east-1a" 13 | } 14 | variable "inst_type" { 15 | description = "Instance type used to launch EC2 Instance" 16 | type = string 17 | default = "t2.micro" 18 | } 19 | variable "inst_count" { 20 | description = "No of EC2 instances that need to launched" 21 | type = number 22 | default = 1 23 | } 24 | variable "tag_name" { 25 | description = "Default tag will be added to all resource when used" 26 | type = string 27 | default = "terraform-webapp-demo" 28 | } -------------------------------------------------------------------------------- /T02-Terraform-resources/02-Terraform-resources-behavior/02-resource-meta-arguments/05-previsioners-connections/04-null-provisioner/README.md: -------------------------------------------------------------------------------- 1 | # Terraform Null Resources 2 | - The null provider is a rather-unusual provider that has constructs that intentionally do nothing. 3 | - This can be useful in various situations to help orchestrate tricky behavior or work around limitations. 4 | - The null_resource resource implements the standard resource lifecycle but takes no further action. 5 | ``` 6 | resource "aws_instance" "cluster" { 7 | count = 3 8 | 9 | # ... 10 | } 11 | 12 | # The primary use-case for the null resource is as a do-nothing container for 13 | # arbitrary actions taken by a provisioner. 14 | # 15 | # In this example, three EC2 instances are created and then a null_resource instance 16 | # is used to gather data about all three and execute a single action that affects 17 | # them all. Due to the triggers map, the null_resource will be replaced each time 18 | # the instance ids change, and thus the remote-exec provisioner will be re-run. 19 | resource "null_resource" "cluster" { 20 | # Changes to any instance of the cluster requires re-provisioning 21 | triggers = { 22 | cluster_instance_ids = join(",", aws_instance.cluster.*.id) 23 | } 24 | 25 | # Bootstrap script can run on any instance of the cluster 26 | # So we just choose the first in this case 27 | connection { 28 | host = element(aws_instance.cluster.*.public_ip, 0) 29 | } 30 | 31 | provisioner "remote-exec" { 32 | # Bootstrap script called with private_ip of each node in the clutser 33 | inline = [ 34 | "bootstrap-cluster.sh ${join(" ", aws_instance.cluster.*.private_ip)}", 35 | ] 36 | } 37 | } 38 | ``` 39 | 40 | ### References 41 | - [Null Provider and Resources](https://registry.terraform.io/providers/hashicorp/null/latest/docs) 42 | - [Time Provider](https://registry.terraform.io/providers/hashicorp/time/latest/docs) -------------------------------------------------------------------------------- /T02-Terraform-resources/02-Terraform-resources-behavior/02-resource-meta-arguments/05-previsioners-connections/04-null-provisioner/emi-datasource.tf: -------------------------------------------------------------------------------- 1 | data "aws_ami" "amzlinux" { 2 | most_recent = true 3 | owners = ["amazon"] 4 | filter { 5 | name = "name" 6 | values = ["amzn2-ami-hvm-*"] 7 | } 8 | filter { 9 | name = "root-device-type" 10 | values = ["ebs"] 11 | } 12 | filter { 13 | name = "virtualization-type" 14 | values = ["hvm"] 15 | } 16 | filter { 17 | name = "architecture" 18 | values = ["x86_64"] 19 | } 20 | } -------------------------------------------------------------------------------- /T02-Terraform-resources/02-Terraform-resources-behavior/02-resource-meta-arguments/05-previsioners-connections/04-null-provisioner/instance.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "web" { 2 | ami = data.aws_ami.amzlinux //ami-0c2b8ca1dad447f8a 3 | instance_type = var.inst_type 4 | count = var.inst_count 5 | key_name = "terraform-aws" 6 | availability_zone = var.az_name 7 | user_data = file(nginx-install.sh) 8 | vpc_security_group_ids = [aws_security_group.vpc-ssh-web.id] 9 | 10 | tags = { 11 | Name = "WebApp-terraform" 12 | } 13 | } 14 | 15 | resource "time_sleep" "wait_90_seconds" { 16 | depends_on = [aws_instance.my-ec2-vm] 17 | create_duration = "90s" 18 | } 19 | 20 | # Sync App1 Static Content to Webserver using Provisioners 21 | resource "null_resource" "sync_app1_static" { 22 | depends_on = [ time_sleep.wait_90_seconds ] 23 | triggers = { 24 | always-update = timestamp() 25 | } 26 | 27 | # Connection Block for Provisioners to connect to EC2 Instance 28 | connection { 29 | type = "ssh" 30 | host = aws_instance.web.public_ip 31 | user = "ec2-user" 32 | password = "" 33 | private_key = file("private-key/terraform-key.pem") 34 | } 35 | 36 | # Copies the app1 folder to /tmp 37 | provisioner "file" { 38 | source = "apps" 39 | destination = "/tmp" 40 | } 41 | 42 | # Copies the /tmp/app1 folder to Apache Webserver /var/www/html directory 43 | provisioner "remote-exec" { 44 | inline = [ 45 | "sudo cp -r /tmp/app/index.html /var/www/html" 46 | ] 47 | } 48 | } -------------------------------------------------------------------------------- /T02-Terraform-resources/02-Terraform-resources-behavior/02-resource-meta-arguments/05-previsioners-connections/04-null-provisioner/nginx-install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | sudo yum update 3 | sudo yum install -y nginx 4 | sudo systemctl enable nginx 5 | sudo systemctl start nginx 6 | echo "

Nginx was deployed successful using terraform

" > /usr/share/nginx/html/index.html 7 | echo "

Nginx was deployed successful using terraform

" > /var/www/html/index.html -------------------------------------------------------------------------------- /T02-Terraform-resources/02-Terraform-resources-behavior/02-resource-meta-arguments/05-previsioners-connections/04-null-provisioner/output.tf: -------------------------------------------------------------------------------- 1 | output "ec2_instance_private_ip" { 2 | value = aws_instance.web.*.private_ip 3 | description = "EC2 instance Private IP address" 4 | } 5 | 6 | output "ec2_instance_public_ip" { 7 | value = aws_instance.web.*.public_ip 8 | description = "EC2 instance Public IP address" 9 | } 10 | 11 | output "ec2_instance_public_dns" { 12 | value = "http://${aws_instance.web.*.public_dns}" 13 | description = "EC2 instance Private DNS name" 14 | #sensitive = true 15 | } -------------------------------------------------------------------------------- /T02-Terraform-resources/02-Terraform-resources-behavior/02-resource-meta-arguments/05-previsioners-connections/04-null-provisioner/provider.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = "= 1.0.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 3.0" 7 | } 8 | null = { 9 | source = "hashicorp/null" 10 | version = "~> 3.0.0" 11 | } 12 | time = { 13 | source = "hashicorp/time" 14 | version = "~> 0.6.0" 15 | } 16 | } 17 | } 18 | 19 | provider "aws" { 20 | region = var.aws_region 21 | profile = "default" 22 | } -------------------------------------------------------------------------------- /T02-Terraform-resources/02-Terraform-resources-behavior/02-resource-meta-arguments/05-previsioners-connections/04-null-provisioner/security-group.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "vpc-ssh-web" { 2 | name = "ec2-ssh-web-${terraform.workspace}" //"EC2-ssh-web" 3 | description = "Allow ssh and web inbound traffic" 4 | 5 | ingress = [ 6 | { 7 | description = "SSH from VPC" 8 | from_port = 22 9 | to_port = 22 10 | protocol = "tcp" 11 | cidr_blocks = ["0.0.0.0/0"] 12 | }, 13 | { 14 | description = "web from VPC" 15 | from_port = 80 16 | to_port = 80 17 | protocol = "tcp" 18 | cidr_blocks = ["0.0.0.0/0"] 19 | } 20 | ] 21 | 22 | 23 | egress = [ 24 | { 25 | from_port = 0 26 | to_port = 0 27 | protocol = "-1" 28 | cidr_blocks = ["0.0.0.0/0"] 29 | } 30 | ] 31 | 32 | tags = { 33 | Name = "EC2-ssh-web-${terraform.workspace}" 34 | } 35 | } -------------------------------------------------------------------------------- /T02-Terraform-resources/02-Terraform-resources-behavior/02-resource-meta-arguments/05-previsioners-connections/04-null-provisioner/variables.tf: -------------------------------------------------------------------------------- 1 | local { 2 | envionment-name = "${var.tag_name}" 3 | } 4 | variable "aws_region" { 5 | description = "Region on which resources will be created" 6 | type = string 7 | default = "us-east-1" 8 | } 9 | variable "az_name" { 10 | description = "Availability Zone name" 11 | type = string 12 | default = "us-east-1a" 13 | } 14 | variable "inst_type" { 15 | description = "Instance type used to launch EC2 Instance" 16 | type = string 17 | default = "t2.micro" 18 | } 19 | variable "inst_count" { 20 | description = "No of EC2 instances that need to launched" 21 | type = number 22 | default = 1 23 | } 24 | variable "tag_name" { 25 | description = "Default tag will be added to all resource when used" 26 | type = string 27 | default = "terraform-webapp-demo" 28 | } -------------------------------------------------------------------------------- /T02-Terraform-resources/terraform-manifest/igw.tf: -------------------------------------------------------------------------------- 1 | resource "aws_internet_gateway" "igw" { 2 | vpc_id = aws_vpc.my_vpc.id 3 | 4 | tags = { 5 | Name = "my-vpc-igw" 6 | } 7 | } -------------------------------------------------------------------------------- /T02-Terraform-resources/terraform-manifest/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "web" { 2 | ami = "ami-0c2b8ca1dad447f8a" 3 | instance_type = "t2.micro" 4 | 5 | tags = { 6 | Name = "WebApp-terraform" 7 | } 8 | } -------------------------------------------------------------------------------- /T02-Terraform-resources/terraform-manifest/provider.tf: -------------------------------------------------------------------------------- 1 | /* 2 | Terraform Settings Block 3 | Provider Block 4 | */ 5 | # Terraform AWS provider 6 | terraform { 7 | required_version = ">= 1.0.3" 8 | required_providers { 9 | aws = { 10 | source = "hashicorp/aws" 11 | version = "~> 4.0" 12 | } 13 | random = { 14 | source = "hashicorp/random" 15 | version = ">= 3.0.1, < 3.2" 16 | } 17 | } 18 | } 19 | 20 | /* 21 | required_version = "~> 3.0.3" 22 | required_version = "= 3.0.3" 23 | required_version = ">= 3.0.3" 24 | required_version = "<= 3.0.3" 25 | required_version = "!= 3.0.3" 26 | */ 27 | provider "aws" { 28 | region = "us-east-1" 29 | } -------------------------------------------------------------------------------- /T02-Terraform-resources/terraform-manifest/route.tf: -------------------------------------------------------------------------------- 1 | resource "aws_route_table" "public_route_table" { 2 | vpc_id = aws_vpc.my_vpc.id 3 | 4 | route { 5 | cidr_block = "0.0.0.0/0" 6 | gateway_id = aws_internet_gateway.igw.id 7 | } 8 | 9 | tags = { 10 | Name = "public-route" 11 | } 12 | } 13 | 14 | resource "aws_route_table" "private_route_table" { 15 | vpc_id = aws_vpc.my_vpc.id 16 | 17 | route = [] 18 | 19 | tags = { 20 | Name = "private-route" 21 | } 22 | } 23 | 24 | resource "aws_route_table_association" "public_rt_assoc" { 25 | subnet_id = aws_subnet.public_subnet.id 26 | route_table_id = aws_route_table.public_route_table.id 27 | } 28 | 29 | resource "aws_route_table_association" "private_rt_assoc" { 30 | subnet_id = aws_subnet.private_subnet.id 31 | route_table_id = aws_route_table.private_route_table.id 32 | } -------------------------------------------------------------------------------- /T02-Terraform-resources/terraform-manifest/subnet.tf: -------------------------------------------------------------------------------- 1 | resource "aws_subnet" "public_subnet" { 2 | vpc_id = aws_vpc.my_vpc.id 3 | cidr_block = "192.168.1.0/24" 4 | map_public_ip_on_launch = "true" 5 | availability_zone = "us-east-1a" 6 | 7 | tags = { 8 | Name = "public-subnet" 9 | } 10 | } 11 | 12 | resource "aws_subnet" "private_subnet" { 13 | vpc_id = aws_vpc.my_vpc.id 14 | cidr_block = "192.168.2.0/24" 15 | availability_zone = "us-east-1b" 16 | 17 | tags = { 18 | Name = "private-subnet" 19 | } 20 | } -------------------------------------------------------------------------------- /T02-Terraform-resources/terraform-manifest/vpc.tf: -------------------------------------------------------------------------------- 1 | resource "aws_vpc" "my_vpc" { 2 | cidr_block = "192.168.0.0/16" 3 | enable_dns_hostnames = "true" 4 | 5 | tags = { 6 | Name = "test-vpc" 7 | } 8 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/01-Input-variables-basics/README.md: -------------------------------------------------------------------------------- 1 | # Input Variables Basics 2 | - To define default variables for resources creation are defined in variables.tf file. 3 | - These values will be picked in resource block using #var.\. 4 | ``` 5 | variable "aws_region" { 6 | description = "Region on which resources will be created" 7 | type = string 8 | default = "us-east-1" 9 | } 10 | 11 | var.aws_region = "us-east-1" 12 | ``` 13 | - Terraform CLI defines the following optional arguments for variable declarations: 14 | - **default** - A default value which then makes the variable optional. 15 | - **type** - This argument specifies what value types are accepted for the variable. 16 | - string 17 | - list(string) 18 | - number 19 | - bool 20 | - map(string) 21 | - **description** - This specifies the input variable's documentation. 22 | - **validation** - A block to define validation rules, usually in addition to type constraints. 23 | - **sensitive** - Limits Terraform UI output when the variable is used in configuration. 24 | - Custom Validation rules 25 | ``` 26 | variable "image_id" { 27 | type = string 28 | description = "The id of the machine image (AMI) to use for the server." 29 | 30 | validation { 31 | condition = length(var.image_id) > 4 && substr(var.image_id, 0, 4) == "ami-" 32 | error_message = "The image_id value must be a valid AMI id, starting with \"ami-\"." 33 | } 34 | } 35 | ``` 36 | 37 | ## References 38 | - [Input Variables](https://www.terraform.io/docs/language/values/variables.html) -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/01-Input-variables-basics/instance.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "web" { 2 | ami = var.ami_name //ami-0c2b8ca1dad447f8a 3 | instance_type = var.inst_type 4 | count = var.inst_count 5 | availability_zone = var.az_name 6 | key_name = "awsdemokey" 7 | associate_public_ip_address = true 8 | vpc_security_group_ids = [aws_security_group.allow_http_ssh.id] 9 | 10 | tags = { 11 | Name = "WebApp-terraform" 12 | } 13 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/01-Input-variables-basics/nginx-install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | sudo apt update && apt -y dist-upgrade 3 | sudo apt install -y nginx 4 | sudo systemctl enable nginx 5 | sudo systemctl start nginx 6 | echo "

Nginx was deployed successful using terraform $(hostname -f)

" > /usr/share/nginx/html/index.html 7 | echo "

Nginx was deployed successful using terraform $(hostname -f)

" > /var/www/html/index.html -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/01-Input-variables-basics/provider.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | aws = { 4 | source = "hashicorp/aws" 5 | version = "~> 3.0" 6 | } 7 | } 8 | } 9 | provider "aws" { 10 | region = var.aws_region 11 | profile = "default" 12 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/01-Input-variables-basics/security-group-rules.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group_rule" "ingress_ssh" { 2 | type = "ingress" 3 | from_port = 22 4 | to_port = 22 5 | protocol = "tcp" 6 | cidr_blocks = ["0.0.0.0/0"] 7 | security_group_id = aws_security_group.allow_http_ssh.id 8 | } 9 | 10 | resource "aws_security_group_rule" "ingress_http" { 11 | type = "ingress" 12 | from_port = 80 13 | to_port = 80 14 | protocol = "tcp" 15 | cidr_blocks = ["0.0.0.0/0"] 16 | security_group_id = aws_security_group.allow_http_ssh.id 17 | } 18 | 19 | resource "aws_security_group_rule" "egress_allow_all" { 20 | type = "egress" 21 | to_port = 0 22 | protocol = "-1" 23 | from_port = 0 24 | cidr_blocks = ["0.0.0.0/0"] 25 | security_group_id = aws_security_group.allow_http_ssh.id 26 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/01-Input-variables-basics/ssecurity-groups.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "allow_http_ssh" { 2 | name = "allow-http-ssh" 3 | description = "Allow Ingress rules to allow SSH and HTTP connections" 4 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/01-Input-variables-basics/variables.tf: -------------------------------------------------------------------------------- 1 | variable "aws_region" { 2 | description = "Region on which resources will be created" 3 | type = string 4 | default = "us-east-1" 5 | } 6 | variable "az_name" { 7 | description = "Availability Zone name should be region defined in aws_region variable" 8 | type = string 9 | default = "us-east-1a" 10 | } 11 | variable "ami_name" { 12 | description = "Latest AMI ID on us-east-1" 13 | type = string 14 | default = "ami-0c2b8ca1dad447f8a" 15 | } 16 | variable "inst_type" { 17 | description = "Instance type used to launch EC2 Instance" 18 | type = string 19 | default = "t2.micro" 20 | } 21 | variable "inst_count" { 22 | description = "No of EC2 instances that need to launched" 23 | type = number 24 | default = 1 25 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/02-Variables-prompted/README.md: -------------------------------------------------------------------------------- 1 | # Terraform Input Variables When Prompted 2 | - We will not define any default value in variables.tf file. 3 | - Value will be passed when we execute commands like #terraform plan/apply. 4 | - We need to pass the value as per requirement. 5 | ``` 6 | root@terraformworkstationdemo:~/terraform-aws/variables# terraform plan 7 | var.az_name 8 | Availability Zone name should be region defined in aws_region variable 9 | 10 | Enter a value: us-east-1b 11 | 12 | var.inst_type 13 | Instance type used to launch EC2 Instance 14 | 15 | Enter a value: t3.micro 16 | ``` -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/02-Variables-prompted/instance.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "web" { 2 | ami = var.ami_name //ami-0c2b8ca1dad447f8a 3 | instance_type = var.inst_type 4 | count = var.inst_count 5 | availability_zone = var.az_name 6 | associate_public_ip_address = true 7 | key_name = "sudhams_virginia_demo" 8 | vpc_security_group_ids = [aws_security_group.allow_http_ssh.id] 9 | 10 | tags = { 11 | Name = "nginx-terraform" 12 | } 13 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/02-Variables-prompted/nginx-install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | sudo apt update && apt -y dist-upgrade 3 | sudo apt install -y nginx 4 | sudo systemctl enable nginx 5 | sudo systemctl start nginx 6 | echo "

Nginx was deployed successful using terraform $(hostname -f)

" > /usr/share/nginx/html/index.html 7 | echo "

Nginx was deployed successful using terraform $(hostname -f)

" > /var/www/html/index.html -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/02-Variables-prompted/provider.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = "= 1.0.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 3.0" 7 | } 8 | } 9 | } 10 | provider "aws" { 11 | region = var.aws_region 12 | profile = "default" 13 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/02-Variables-prompted/security-group-rules.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group_rule" "ingress_ssh" { 2 | type = "ingress" 3 | from_port = 22 4 | to_port = 22 5 | protocol = "tcp" 6 | cidr_blocks = ["0.0.0.0/0"] 7 | security_group_id = aws_security_group.allow_http_ssh.id 8 | } 9 | 10 | resource "aws_security_group_rule" "ingress_http" { 11 | type = "ingress" 12 | from_port = 80 13 | to_port = 80 14 | protocol = "tcp" 15 | cidr_blocks = ["0.0.0.0/0"] 16 | security_group_id = aws_security_group.allow_http_ssh.id 17 | } 18 | 19 | resource "aws_security_group_rule" "egress_allow_all" { 20 | type = "egress" 21 | to_port = 0 22 | protocol = "-1" 23 | from_port = 0 24 | cidr_blocks = ["0.0.0.0/0"] 25 | security_group_id = aws_security_group.allow_http_ssh.id 26 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/02-Variables-prompted/ssecurity-groups.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "allow_http_ssh" { 2 | name = "allow-http-ssh" 3 | description = "Allow Ingress rules to allow SSH and HTTP connections" 4 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/02-Variables-prompted/variables.tf: -------------------------------------------------------------------------------- 1 | variable "aws_region" { 2 | description = "Region on which resources will be created" 3 | type = string 4 | default = "us-east-1" 5 | } 6 | variable "az_name" { 7 | description = "Availability Zone name" 8 | type = string 9 | } 10 | variable "ami_name" { 11 | description = "Latest AMI ID on us-east-1" 12 | type = string 13 | default = "ami-0c2b8ca1dad447f8a" 14 | } 15 | variable "inst_type" { 16 | description = "Instance type used to launch EC2 Instance" 17 | type = string 18 | default = "t2.micro" 19 | } 20 | variable "inst_count" { 21 | description = "No of EC2 instances that need to launched" 22 | type = number 23 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/03-Variables-cli/README.md: -------------------------------------------------------------------------------- 1 | # Terraform Input Variables to override using -var option in CLI 2 | - We will define default values in variables.tf file. 3 | - These values like instance_type and few will be overridden by passing argument "-var" in CLI. 4 | - Execute below command in this demo to override "inst_type=t3.micro" and "count=2". 5 | ``` 6 | #terraform plan/apply -var="inst_type=t3.micro" -var="inst_count=2 [-auto-approve]" 7 | 8 | or 9 | 10 | #we can generate a plan file using terraform plan command "-out demo_test.out" 11 | #Now we can use that file to apply and no need to pass -var option now. Since those values are already registered in plan to file passed. 12 | ``` -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/03-Variables-cli/instance.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "web" { 2 | ami = var.ami_name //ami-0c2b8ca1dad447f8a 3 | instance_type = var.inst_type 4 | count = var.inst_count 5 | availability_zone = var.az_name 6 | key_name = "sudhams_virginia_demo" 7 | associate_public_ip_address = true 8 | vpc_security_group_ids = [aws_security_group.allow_http_ssh.id] 9 | 10 | tags = { 11 | Name = "WebApp-terraform" 12 | } 13 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/03-Variables-cli/nginx-install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | sudo apt update && apt -y dist-upgrade 3 | sudo apt install -y nginx 4 | sudo systemctl enable nginx 5 | sudo systemctl start nginx 6 | echo "

Nginx was deployed successful using terraform $(hostname -f)

" > /usr/share/nginx/html/index.html 7 | echo "

Nginx was deployed successful using terraform $(hostname -f)

" > /var/www/html/index.html -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/03-Variables-cli/provider.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = "= 1.0.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 3.0" 7 | } 8 | } 9 | } 10 | provider "aws" { 11 | region = var.aws_region 12 | profile = "default" 13 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/03-Variables-cli/security-group-rules.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group_rule" "ingress_ssh" { 2 | type = "ingress" 3 | from_port = 22 4 | to_port = 22 5 | protocol = "tcp" 6 | cidr_blocks = ["0.0.0.0/0"] 7 | security_group_id = aws_security_group.allow_http_ssh.id 8 | } 9 | 10 | resource "aws_security_group_rule" "ingress_http" { 11 | type = "ingress" 12 | from_port = 80 13 | to_port = 80 14 | protocol = "tcp" 15 | cidr_blocks = ["0.0.0.0/0"] 16 | security_group_id = aws_security_group.allow_http_ssh.id 17 | } 18 | 19 | resource "aws_security_group_rule" "egress_allow_all" { 20 | type = "egress" 21 | to_port = 0 22 | protocol = "-1" 23 | from_port = 0 24 | cidr_blocks = ["0.0.0.0/0"] 25 | security_group_id = aws_security_group.allow_http_ssh.id 26 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/03-Variables-cli/ssecurity-groups.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "allow_http_ssh" { 2 | name = "allow-http-ssh" 3 | description = "Allow Ingress rules to allow SSH and HTTP connections" 4 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/03-Variables-cli/variables.tf: -------------------------------------------------------------------------------- 1 | variable "aws_region" { 2 | description = "Region on which resources will be created" 3 | type = string 4 | default = "us-east-1" 5 | } 6 | variable "az_name" { 7 | description = "Availability Zone name" 8 | type = string 9 | default = "us-east-1a" 10 | } 11 | variable "ami_name" { 12 | description = "Latest AMI ID on us-east-1" 13 | type = string 14 | default = "ami-09e67e426f25ce0d7" 15 | } 16 | variable "inst_type" { 17 | description = "Instance type used to launch EC2 Instance" 18 | type = string 19 | default = "t2.micro" 20 | } 21 | variable "inst_count" { 22 | description = "No of EC2 instances that need to launched" 23 | type = number 24 | default = 1 25 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/04-Environment-variables/README.md: -------------------------------------------------------------------------------- 1 | # Terraform Environment Variables 2 | - Set environment variables and execute using terraform plan/apply to see/create the overrided values. 3 | - Environment variables will start with TF_VAR_\. 4 | - Export the variables on the terminal before executing #terraform plan/apply. 5 | ``` 6 | #export TF_VAR_inst_type=t3.large 7 | #export TF_VAR_inst_count=3 8 | #echo $TF_VAR_inst_type $TF_VAR_inst_count --> check if values are printed 9 | #terraform plan --> To check which values are picked 10 | #terraform apply [-auto-approve] 11 | #unset TF_VAR_inst_type 12 | #unset TF_VAR_inst_count 13 | #echo $TF_VAR_inst_type $TF_VAR_inst_count --> empty result after unset variables 14 | ``` -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/04-Environment-variables/instance.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "web" { 2 | ami = var.ami_name //ami-0c2b8ca1dad447f8a 3 | instance_type = var.inst_type 4 | count = var.inst_count 5 | availability_zone = var.az_name 6 | key_name = "sudhams_virginia_demo" 7 | associate_public_ip_address = true 8 | vpc_security_group_ids = [aws_security_group.allow_http_ssh.id] 9 | 10 | tags = { 11 | Name = "WebApp-terraform" 12 | } 13 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/04-Environment-variables/nginx-install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | sudo apt update && apt -y dist-upgrade 3 | sudo apt install -y nginx 4 | sudo systemctl enable nginx 5 | sudo systemctl start nginx 6 | echo "

Nginx was deployed successful using terraform $(hostname -f)

" > /usr/share/nginx/html/index.html 7 | echo "

Nginx was deployed successful using terraform $(hostname -f)

" > /var/www/html/index.html -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/04-Environment-variables/provider.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = "= 1.0.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 3.0" 7 | } 8 | } 9 | } 10 | provider "aws" { 11 | region = var.aws_region 12 | profile = "default" 13 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/04-Environment-variables/security-group-rules.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group_rule" "ingress_ssh" { 2 | type = "ingress" 3 | from_port = 22 4 | to_port = 22 5 | protocol = "tcp" 6 | cidr_blocks = ["0.0.0.0/0"] 7 | security_group_id = aws_security_group.allow_http_ssh.id 8 | } 9 | 10 | resource "aws_security_group_rule" "ingress_http" { 11 | type = "ingress" 12 | from_port = 80 13 | to_port = 80 14 | protocol = "tcp" 15 | cidr_blocks = ["0.0.0.0/0"] 16 | security_group_id = aws_security_group.allow_http_ssh.id 17 | } 18 | 19 | resource "aws_security_group_rule" "egress_allow_all" { 20 | type = "egress" 21 | to_port = 0 22 | protocol = "-1" 23 | from_port = 0 24 | cidr_blocks = ["0.0.0.0/0"] 25 | security_group_id = aws_security_group.allow_http_ssh.id 26 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/04-Environment-variables/ssecurity-groups.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "allow_http_ssh" { 2 | name = "allow-http-ssh" 3 | description = "Allow Ingress rules to allow SSH and HTTP connections" 4 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/04-Environment-variables/variables.tf: -------------------------------------------------------------------------------- 1 | variable "aws_region" { 2 | description = "Region on which resources will be created" 3 | type = string 4 | default = "us-east-1" 5 | } 6 | variable "az_name" { 7 | description = "Availability Zone name" 8 | type = string 9 | default = "us-east-1a" 10 | } 11 | variable "ami_name" { 12 | description = "Latest AMI ID on us-east-1" 13 | type = string 14 | default = "ami-0c2b8ca1dad447f8a" 15 | } 16 | variable "inst_type" { 17 | description = "Instance type used to launch EC2 Instance" 18 | type = string 19 | default = "t2.micro" 20 | } 21 | variable "inst_count" { 22 | description = "No of EC2 instances that need to launched" 23 | type = number 24 | default = 1 25 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/05-Variables-from-tfvars/README.md: -------------------------------------------------------------------------------- 1 | # Terraform Input Variables from terraform.tfvars 2 | - Now variables key=value will be stored in "terraform.tfvars" and variables will be defined in "variables.tf" file. 3 | - Lets provide default values in "variables.tf" file and see if values will be auto loaded with values defined in "terraform.tfvars". 4 | ``` 5 | #Scenario 1 with terraform.tfvars 6 | >terraform plan --> To check the values are picked from the file "terraform.tfvars" 7 | >terraform apply 8 | 9 | #Scenario 2 with ec2.tfvars 10 | >terraform plan -var-file=ec2.tfvars --> Check if values are loaded from file "ec2.tfvars" 11 | >terraform apply -var-file=ec2.tfvars 12 | 13 | #Scenario 3 with ec2.auto.tfvars 14 | >terraform plan 15 | >terraform apply [-auto-approve] 16 | ``` -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/05-Variables-from-tfvars/ec2.auto.tfvars: -------------------------------------------------------------------------------- 1 | inst_type = "t3.large" 2 | inst_count = 6 -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/05-Variables-from-tfvars/ec2.tfvars: -------------------------------------------------------------------------------- 1 | inst_type = "t3.small" 2 | inst_count = 4 -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/05-Variables-from-tfvars/instance.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "web" { 2 | ami = var.ami_name //ami-0c2b8ca1dad447f8a 3 | instance_type = var.inst_type 4 | count = var.inst_count 5 | availability_zone = var.az_name 6 | key_name = "sudhams_virginia_demo" 7 | associate_public_ip_address = true 8 | vpc_security_group_ids = [aws_security_group.allow_http_ssh.id] 9 | 10 | tags = { 11 | Name = "WebApp-terraform" 12 | } 13 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/05-Variables-from-tfvars/nginx-install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | sudo apt update && apt -y dist-upgrade 3 | sudo apt install -y nginx 4 | sudo systemctl enable nginx 5 | sudo systemctl start nginx 6 | echo "

Nginx was deployed successful using terraform $(hostname -f)

" > /usr/share/nginx/html/index.html 7 | echo "

Nginx was deployed successful using terraform $(hostname -f)

" > /var/www/html/index.html -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/05-Variables-from-tfvars/provider.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = "= 1.0.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 3.0" 7 | } 8 | } 9 | } 10 | provider "aws" { 11 | region = var.aws_region 12 | profile = "default" 13 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/05-Variables-from-tfvars/security-group-rules.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group_rule" "ingress_ssh" { 2 | type = "ingress" 3 | from_port = 22 4 | to_port = 22 5 | protocol = "tcp" 6 | cidr_blocks = ["0.0.0.0/0"] 7 | security_group_id = aws_security_group.allow_http_ssh.id 8 | } 9 | 10 | resource "aws_security_group_rule" "ingress_http" { 11 | type = "ingress" 12 | from_port = 80 13 | to_port = 80 14 | protocol = "tcp" 15 | cidr_blocks = ["0.0.0.0/0"] 16 | security_group_id = aws_security_group.allow_http_ssh.id 17 | } 18 | 19 | resource "aws_security_group_rule" "egress_allow_all" { 20 | type = "egress" 21 | to_port = 0 22 | protocol = "-1" 23 | from_port = 0 24 | cidr_blocks = ["0.0.0.0/0"] 25 | security_group_id = aws_security_group.allow_http_ssh.id 26 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/05-Variables-from-tfvars/ssecurity-groups.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "allow_http_ssh" { 2 | name = "allow-http-ssh" 3 | description = "Allow Ingress rules to allow SSH and HTTP connections" 4 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/05-Variables-from-tfvars/terraform.tfvars: -------------------------------------------------------------------------------- 1 | inst_count = 5 2 | inst_type = "t3.small" -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/05-Variables-from-tfvars/variables.tf: -------------------------------------------------------------------------------- 1 | variable "aws_region" { 2 | description = "Region on which resources will be created" 3 | type = string 4 | default = "us-east-1" 5 | } 6 | variable "az_name" { 7 | description = "Availability Zone name" 8 | type = string 9 | default = "us-east-1a" 10 | } 11 | variable "ami_name" { 12 | description = "Latest AMI ID on us-east-1" 13 | type = string 14 | default = "ami-0c2b8ca1dad447f8a" 15 | } 16 | variable "inst_type" { 17 | description = "Instance type used to launch EC2 Instance" 18 | type = string 19 | default = "t2.micro" 20 | } 21 | variable "inst_count" { 22 | description = "No of EC2 instances that need to launched" 23 | type = number 24 | default = 1 25 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/06-Input-variables-type-list/README.md: -------------------------------------------------------------------------------- 1 | # Terraform Input Variables type with list and map 2 | - List(or tuple): 3 | - List are sequence of values stored/reffered to a single key/variable. 4 | - Elements in list or tuple are identified by consecutive whole number, starting with zero. 5 | ``` 6 | variable "inst_type" { 7 | description = "value" 8 | type = list(string) 9 | default = [ "t3.micro", "t3.small", "t3.medium" ] 10 | } 11 | 12 | #terraform plan --> check if right value is picked "t3.small" while calling in resource block as var.inst_type[1] 13 | ``` 14 | 15 | - Map(or object): 16 | - A group of values identified by named labels. 17 | ``` 18 | variable "ec2_instance_tags" { 19 | description = "Default tags to be used" 20 | type = map(string) 21 | default = { 22 | "Name" = "webapp" 23 | "Environment" = "Dev" 24 | "Type" = "Application" 25 | } 26 | } 27 | 28 | #terraform plan --> check if tags are updated with the list specified in variables. 29 | var.ec2_instance_tags or to call specific value of a key var.ec2_instance_tags["Type"] 30 | ``` 31 | 32 | ## References 33 | - [Input list type](https://www.terraform.io/docs/language/values/variables.html) 34 | - [Expressions Types and Values](https://www.terraform.io/docs/language/expressions/types.html) -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/06-Input-variables-type-list/instance-list.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "web" { 2 | ami = "ami-0c2b8ca1dad447f8a" 3 | instance_type = var.inst_type[1] // or var.inst_type[0], var.inst_type[2] 4 | count = var.inst_count 5 | availability_zone = "us-east-1c" 6 | key_name = "sudhams_virginia_demo" 7 | associate_public_ip_address = true 8 | vpc_security_group_ids = [aws_security_group.allow_http_ssh.id] 9 | 10 | tags = { 11 | Name = "WebApp-terraform" 12 | } 13 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/06-Input-variables-type-list/instance-map.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "web" { 2 | ami = "ami-0c2b8ca1dad447f8a" 3 | instance_type = var.inst_type[1] // or var.inst_type[0], var.inst_type[2] 4 | count = var.inst_count 5 | availability_zone = "us-east-1c" 6 | key_name = "sudhams_virginia_demo" 7 | associate_public_ip_address = true 8 | 9 | tags = var.ec2_instance_tags 10 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/06-Input-variables-type-list/nginx-install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | sudo apt update && apt -y dist-upgrade 3 | sudo apt install -y nginx 4 | sudo systemctl enable nginx 5 | sudo systemctl start nginx 6 | echo "

Nginx was deployed successful using terraform $(hostname -f)

" > /usr/share/nginx/html/index.html 7 | echo "

Nginx was deployed successful using terraform $(hostname -f)

" > /var/www/html/index.html -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/06-Input-variables-type-list/provider.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = "= 1.0.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 3.0" 7 | } 8 | } 9 | } 10 | provider "aws" { 11 | region = var.aws_region 12 | profile = "default" 13 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/06-Input-variables-type-list/security-group-rules.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group_rule" "ingress_ssh" { 2 | type = "ingress" 3 | from_port = 22 4 | to_port = 22 5 | protocol = "tcp" 6 | cidr_blocks = ["0.0.0.0/0"] 7 | security_group_id = aws_security_group.allow_http_ssh.id 8 | } 9 | 10 | resource "aws_security_group_rule" "ingress_http" { 11 | type = "ingress" 12 | from_port = 80 13 | to_port = 80 14 | protocol = "tcp" 15 | cidr_blocks = ["0.0.0.0/0"] 16 | security_group_id = aws_security_group.allow_http_ssh.id 17 | } 18 | 19 | resource "aws_security_group_rule" "egress_allow_all" { 20 | type = "egress" 21 | to_port = 0 22 | protocol = "-1" 23 | from_port = 0 24 | cidr_blocks = ["0.0.0.0/0"] 25 | security_group_id = aws_security_group.allow_http_ssh.id 26 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/06-Input-variables-type-list/ssecurity-groups.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "allow_http_ssh" { 2 | name = "allow-http-ssh" 3 | description = "Allow Ingress rules to allow SSH and HTTP connections" 4 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/06-Input-variables-type-list/variables.tf: -------------------------------------------------------------------------------- 1 | variable "inst_type" { 2 | description = "Multiple instance types" 3 | type = list(string) 4 | default = [ "t3.micro", "t3.small", "t3.medium" ] 5 | } 6 | variable "inst_count" { 7 | description = "No of EC2 instances to be launched" 8 | type = number 9 | default = 1 10 | } 11 | variable "ec2_instance_tags" { 12 | description = "Default tags to be used" 13 | type = map(string) 14 | default = { 15 | "Name" = "webapp" 16 | "Environment" = "Dev" 17 | "Type" = "Application" 18 | } 19 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/07-Input-variable-validation-rules/README.md: -------------------------------------------------------------------------------- 1 | # Terraform Custom Validation rules for variables 2 | - Terraform language includes a number of built-in functions that you can call from within expressions to transform and combine values. 3 | - Length Function 4 | - Substr Function 5 | - Custom Validation Rules 6 | ``` 7 | #Sample validation with and operation: 8 | variable "image_id" { 9 | type = string 10 | description = "The id of the machine image (AMI) to use for the server." 11 | 12 | validation { 13 | condition = length(var.image_id) > 4 && substr(var.image_id, 0, 4) == "ami-" 14 | error_message = "The image_id value must be a valid AMI id, starting with \"ami-\"." 15 | } 16 | } 17 | 18 | #Sample validation with OR operation: 19 | variable "image_id" { 20 | type = string 21 | description = "The id of the machine image (AMI) to use for the server." 22 | 23 | validation { 24 | condition = can(regex("^ami-", var.image_id)) || substr(var.image_id, 0, 4) == "ami-" 25 | error_message = "The image_id value must be a valid AMI id, starting with \"ami-\" or \"zsv-\"." 26 | } 27 | } 28 | ``` 29 | 30 | ## References 31 | - [Functions](https://www.terraform.io/docs/language/functions/index.html) 32 | - [Custom rules](https://www.terraform.io/docs/language/values/variables.html#custom-validation-rules) -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/07-Input-variable-validation-rules/instance.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "web" { 2 | ami = var.image_id // "ami-0c2b8ca1dad447f8a" 3 | instance_type = var.inst_type[1] // or var.inst_type[0], var.inst_type[2] 4 | count = var.inst_count 5 | user_data = file("nginx-install.sh") 6 | availability_zone = "us-east-1c" 7 | key_name = "sudhams_virginia_demo" 8 | associate_public_ip_address = true 9 | vpc_security_group_ids = [aws_security_group.allow_http_ssh.id] 10 | 11 | tags = var.ec2_instance_tags 12 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/07-Input-variable-validation-rules/nginx-install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | sudo apt update && apt -y dist-upgrade 3 | sudo apt install -y nginx 4 | sudo systemctl enable nginx 5 | sudo systemctl start nginx 6 | echo "

Nginx was deployed successful using terraform $(hostname -f)

" > /usr/share/nginx/html/index.html 7 | echo "

Nginx was deployed successful using terraform $(hostname -f)

" > /var/www/html/index.html -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/07-Input-variable-validation-rules/provider.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = "= 1.0.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 3.0" 7 | } 8 | } 9 | } 10 | provider "aws" { 11 | region = var.aws_region 12 | profile = "default" 13 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/07-Input-variable-validation-rules/security-group-rules.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group_rule" "ingress_ssh" { 2 | type = "ingress" 3 | from_port = 22 4 | to_port = 22 5 | protocol = "tcp" 6 | cidr_blocks = ["0.0.0.0/0"] 7 | security_group_id = aws_security_group.allow_http_ssh.id 8 | } 9 | 10 | resource "aws_security_group_rule" "ingress_http" { 11 | type = "ingress" 12 | from_port = 80 13 | to_port = 80 14 | protocol = "tcp" 15 | cidr_blocks = ["0.0.0.0/0"] 16 | security_group_id = aws_security_group.allow_http_ssh.id 17 | } 18 | 19 | resource "aws_security_group_rule" "egress_allow_all" { 20 | type = "egress" 21 | to_port = 0 22 | protocol = "-1" 23 | from_port = 0 24 | cidr_blocks = ["0.0.0.0/0"] 25 | security_group_id = aws_security_group.allow_http_ssh.id 26 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/07-Input-variable-validation-rules/ssecurity-groups.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "allow_http_ssh" { 2 | name = "allow-http-ssh" 3 | description = "Allow Ingress rules to allow SSH and HTTP connections" 4 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/07-Input-variable-validation-rules/variables.tf: -------------------------------------------------------------------------------- 1 | variable "inst_type" { 2 | description = "Multiple instance types" 3 | type = list(string) 4 | default = [ "t3.micro", "t3.small", "t3.medium" ] 5 | } 6 | variable "inst_count" { 7 | description = "No of EC2 instances to be launched" 8 | type = number 9 | default = 1 10 | } 11 | variable "ec2_instance_tags" { 12 | description = "Default tags to be used" 13 | type = map(string) 14 | default = { 15 | "Name" = "webapp" 16 | "Environment" = "Dev" 17 | "Type" = "Application" 18 | } 19 | } 20 | variable "image_id" { 21 | type = string 22 | description = "The id of the machine image (AMI) to use for the server." 23 | 24 | validation { 25 | condition = length(var.image_id) > 4 && substr(var.image_id, 0, 4) == "ami-" 26 | error_message = "The image_id value must be a valid AMI id, starting with \"ami-\"." 27 | } 28 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/08-Protect-Input-variables/README.md: -------------------------------------------------------------------------------- 1 | # Terraform Protecting Input Variables 2 | - There might be some sensitive variables which should not display the value when we run in input, output etc while executing commands #terraform plan/apply etc., 3 | - When using Environment variables for terraform with TF_VAR-* it will store details on the terminal and we can view details by running printenv/history command. 4 | - Terraform will detect these values which are marked as **sensitive** in command output and log files, and raise an error when it dects that they will be exposed in other ways. 5 | ``` 6 | variable "password" { 7 | type = string 8 | description = "The id of the machine image to use for the server." 9 | sensitive = true 10 | } 11 | ``` 12 | ## Note 13 | - But password details in this example can be seen in terraform.tfstate file which should be protected as well. 14 | ### References 15 | - [Sencitive Variables](https://www.terraform.io/docs/language/values/variables.html#suppressing-values-in-cli-output) 16 | - [Examples](https://learn.hashicorp.com/tutorials/terraform/sensitive-variables?in=terraform/configuration-language&utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS) -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/08-Protect-Input-variables/provider.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = "= 1.0.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 3.0" 7 | } 8 | } 9 | } 10 | provider "aws" { 11 | region = var.aws_region 12 | profile = "default" 13 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/08-Protect-Input-variables/rdb-instance.tf: -------------------------------------------------------------------------------- 1 | resource "aws_db_instance" "mydb-server" { 2 | allocated_storage = 5 3 | engine = "mysql" 4 | instance_class = "db.t2.micro" 5 | name = "mysql-demo" 6 | username = var.username 7 | password = var.password 8 | skip_final_snapshot = true 9 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/08-Protect-Input-variables/secrets.tfvars: -------------------------------------------------------------------------------- 1 | username = "admin" 2 | password = "test1234" -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/08-Protect-Input-variables/variables.tf: -------------------------------------------------------------------------------- 1 | variable "username" { 2 | type = string 3 | description = "The id of the machine image to use for the server." 4 | } 5 | variable "password" { 6 | type = string 7 | description = "The id of the machine image to use for the server." 8 | sensitive = true 9 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/09-File-function/instance.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "web" { 2 | ami = "ami-0c2b8ca1dad447f8a" 3 | instance_type = "t2.micro" 4 | user_data = file("nginx-install.sh") 5 | key_name = "sudhams_virginia_demo" 6 | associate_public_ip_address = true 7 | vpc_security_group_ids = [aws_security_group.allow_http_ssh.id] 8 | 9 | tags = { 10 | "Name" = "WebApp-terraform" 11 | } 12 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/09-File-function/nginx-install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | sudo apt update && apt -y dist-upgrade 3 | sudo apt install -y nginx 4 | sudo systemctl enable nginx 5 | sudo systemctl start nginx 6 | echo "

Nginx was deployed successful using terraform $(hostname -f)

" > /usr/share/nginx/html/index.html 7 | echo "

Nginx was deployed successful using terraform $(hostname -f)

" > /var/www/html/index.html -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/09-File-function/provider.tf: -------------------------------------------------------------------------------- 1 | # Terraform AWS provider 2 | terraform { 3 | required_version = ">= 1.0.3" 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = "~> 3.0" 8 | } 9 | } 10 | } 11 | provider "aws" { 12 | region = "us-east-1" 13 | profile = "default" 14 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/09-File-function/security-group-rules.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group_rule" "ingress_ssh" { 2 | type = "ingress" 3 | from_port = 22 4 | to_port = 22 5 | protocol = "tcp" 6 | cidr_blocks = ["0.0.0.0/0"] 7 | security_group_id = aws_security_group.allow_http_ssh.id 8 | } 9 | 10 | resource "aws_security_group_rule" "ingress_http" { 11 | type = "ingress" 12 | from_port = 80 13 | to_port = 80 14 | protocol = "tcp" 15 | cidr_blocks = ["0.0.0.0/0"] 16 | security_group_id = aws_security_group.allow_http_ssh.id 17 | } 18 | 19 | resource "aws_security_group_rule" "egress_allow_all" { 20 | type = "egress" 21 | to_port = 0 22 | protocol = "-1" 23 | from_port = 0 24 | cidr_blocks = ["0.0.0.0/0"] 25 | security_group_id = aws_security_group.allow_http_ssh.id 26 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/09-File-function/ssecurity-groups.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "allow_http_ssh" { 2 | name = "allow-http-ssh" 3 | description = "Allow Ingress rules to allow SSH and HTTP connections" 4 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/terraform-manifest/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "web" { 2 | ami = "ami-0c2b8ca1dad447f8a" 3 | instance_type = "t2.micro" 4 | key_name = "sudhams_virginia_demo" 5 | associate_public_ip_address = true 6 | vpc_security_group_ids = [aws_security_group.allow_http_ssh.id] 7 | 8 | tags = { 9 | Name = "WebApp-terraform" 10 | } 11 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/terraform-manifest/provider.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = "= 1.0.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 3.0" 7 | } 8 | random = { 9 | source = "hashicorp/random" 10 | version = ">= 3.0.1, < 3.2" 11 | } 12 | } 13 | } 14 | 15 | provider "aws" { 16 | region = "us-east-1" 17 | profile = "default" 18 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/terraform-manifest/security-group-rules.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group_rule" "ingress_ssh" { 2 | type = "ingress" 3 | from_port = 22 4 | to_port = 22 5 | protocol = "tcp" 6 | cidr_blocks = ["0.0.0.0/0"] 7 | security_group_id = aws_security_group.allow_http_ssh.id 8 | } 9 | 10 | resource "aws_security_group_rule" "ingress_http" { 11 | type = "ingress" 12 | from_port = 80 13 | to_port = 80 14 | protocol = "tcp" 15 | cidr_blocks = ["0.0.0.0/0"] 16 | security_group_id = aws_security_group.allow_http_ssh.id 17 | } 18 | 19 | resource "aws_security_group_rule" "egress_allow_all" { 20 | type = "egress" 21 | to_port = 0 22 | protocol = "-1" 23 | from_port = 0 24 | cidr_blocks = ["0.0.0.0/0"] 25 | security_group_id = aws_security_group.allow_http_ssh.id 26 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/01-Terraform-input-variables/terraform-manifest/ssecurity-groups.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "allow_http_ssh" { 2 | name = "allow-http-ssh" 3 | description = "Allow Ingress rules to allow SSH and HTTP connections" 4 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/02-Terraform-output-values/README.md: -------------------------------------------------------------------------------- 1 | # Terraform Output Values 2 | - Terraform output values are like the return values like any other tool/language. 3 | - A root module can use outputs to print certain values in the CLI output after running **terraform plan/apply**. 4 | - A child module can use outputs to expose a subset of its resource attributes to a parent module. 5 | - When using remote state, root module outputs can be accessed by other configurations via a **terraform_remote_state data source**. 6 | ``` 7 | #terraform apply [-auto-approve] 8 | 9 | To display only outputs of the root module which reads information from "terrform.tfstate" file. 10 | #terraform output --> prints all output details 11 | #terraform output ec2_instance_public_dns --> Prints specified output passed 12 | ``` 13 | - How to print output in JSON format #terraform output -json. 14 | - We should get non-redacted original value from **terraform.tfstate** file even after adding "sensitive" parameter to output values. 15 | ``` 16 | Apply complete! Resources: 2 added, 0 changed, 0 destroyed. 17 | 18 | Outputs: 19 | 20 | ec2_instance_device_name = [ 21 | "/dev/sda1", 22 | "/dev/sda1", 23 | "/dev/sda1", 24 | ] 25 | ec2_instance_private_ip = [ 26 | "172.31.87.190", 27 | "172.31.90.6", 28 | "172.31.93.212", 29 | ] 30 | ec2_instance_public_dns = 31 | ec2_instance_public_ip = [ 32 | "54.89.73.36", 33 | "52.207.236.69", 34 | "44.202.245.109", 35 | ] 36 | ``` 37 | ## References 38 | - [Output values](https://www.terraform.io/docs/language/values/outputs.html) -------------------------------------------------------------------------------- /T03-Terraform-variables/02-Terraform-output-values/instance.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "web" { 2 | ami = var.ami_name //ami-0c2b8ca1dad447f8a 3 | instance_type = var.inst_type 4 | availability_zone = var.az_name 5 | user_data = file("nginx-install.sh") 6 | vpc_security_group_ids = [aws_security_group.vpc-ssh-web.id] 7 | 8 | tags = { 9 | Name = "WebApp-terraform" 10 | } 11 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/02-Terraform-output-values/nginx-install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | sudo yum update 3 | sudo yum install -y nginx 4 | sudo systemctl enable nginx 5 | sudo systemctl start nginx 6 | echo "

Nginx was deployed successfully using terraform on $(hostname -f)

" > /usr/share/nginx/html/index.html 7 | echo "

Nginx was deployed successfully using terraform on $(hostname -f)

" > /var/www/html/index.html -------------------------------------------------------------------------------- /T03-Terraform-variables/02-Terraform-output-values/output.tf: -------------------------------------------------------------------------------- 1 | output "ec2_instance_private_ip" { 2 | value = aws_instance.web.private_ip 3 | description = "EC2 instance Private IP address" 4 | } 5 | 6 | output "ec2_instance_public_ip" { 7 | value = aws_instance.web.public_ip 8 | description = "EC2 instance Public IP address" 9 | } 10 | 11 | output "ec2_instance_public_dns" { 12 | value = "http://${aws_instance.web.public_dns}" 13 | description = "EC2 instance Private DNS name" 14 | #sensitive = true 15 | } 16 | 17 | output "ec2_instance_device_name" { 18 | value = "${aws_instance.web.root_block_device.0.device_name}" 19 | description = "EC2 instance device name" 20 | } 21 | 22 | /* 23 | output "ec2_instance_device_name" { 24 | value = "${aws_instance.web.root_block_device.*.device_name}" 25 | description = "EC2 instance device name" 26 | } 27 | */ -------------------------------------------------------------------------------- /T03-Terraform-variables/02-Terraform-output-values/provider.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = "= 1.0.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 3.0" 7 | } 8 | } 9 | } 10 | provider "aws" { 11 | region = var.aws_region 12 | profile = "default" 13 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/02-Terraform-output-values/security-group.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "vpc-ssh-web" { 2 | name = "EC2-ssh-web" 3 | description = "Allow ssh and web inbound traffic" 4 | 5 | ingress = [ 6 | { 7 | description = "SSH from VPC" 8 | from_port = 22 9 | to_port = 22 10 | protocol = "tcp" 11 | cidr_blocks = ["0.0.0.0/0"] 12 | }, 13 | { 14 | description = "web from VPC" 15 | from_port = 80 16 | to_port = 80 17 | protocol = "tcp" 18 | cidr_blocks = ["0.0.0.0/0"] 19 | }, 20 | ] 21 | 22 | egress = [ 23 | { 24 | from_port = 0 25 | to_port = 0 26 | protocol = "-1" 27 | cidr_blocks = ["0.0.0.0/0"] 28 | } 29 | ] 30 | 31 | tags = { 32 | Name = "allow_ssh_web" 33 | } 34 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/02-Terraform-output-values/variables.tf: -------------------------------------------------------------------------------- 1 | variable "aws_region" { 2 | description = "Region on which resources will be created" 3 | type = string 4 | default = "us-east-1" 5 | } 6 | variable "az_name" { 7 | description = "Availability Zone name" 8 | type = string 9 | default = "us-east-1a" 10 | } 11 | variable "ami_name" { 12 | description = "Latest AMI ID on us-east-1" 13 | type = string 14 | default = "ami-0c2b8ca1dad447f8a" 15 | } 16 | variable "inst_type" { 17 | description = "Instance type used to launch EC2 Instance" 18 | type = string 19 | default = "t2.micro" 20 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/03-Terraform-local-values/README.md: -------------------------------------------------------------------------------- 1 | # Terraform Local Values 2 | - Terraform local values works more to apply DRP(Don't Repeat Principle). 3 | - A local value assigns a name to an expression, so you can use that name multiple times within a module without repeating it. 4 | - A local values are like a functions temporary local variables. 5 | - Once a local value is declared, you can reference it in expressions as local.\. 6 | - Local values are immutable in runtime while executing terraform plan/apply/destroy. Unlike input variables, locals are not set directly by users of your configuration. 7 | ``` 8 | locals { 9 | # Ids for multiple sets of EC2 instances, merged together 10 | instance_ids = concat(aws_instance.blue.*.id, aws_instance.green.*.id) 11 | } 12 | 13 | locals { 14 | # Common tags to be assigned to all resources 15 | common_tags = { 16 | Service = local.service_name 17 | Owner = local.owner 18 | } 19 | } 20 | ``` 21 | - Lets see how to use local values as mentioned below 22 | ``` 23 | resource "aws_instance" "example" { 24 | # ... 25 | 26 | tags = local.common_tags 27 | } 28 | ``` 29 | - The ability to easily change the value in a central place is the key advantage of local values. 30 | - Use local values only in moderation. 31 | 32 | ## References 33 | - [Local Values](https://www.terraform.io/docs/language/values/locals.html) -------------------------------------------------------------------------------- /T03-Terraform-variables/03-Terraform-local-values/instance.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "web" { 2 | ami = var.ami_name //ami-0c2b8ca1dad447f8a 3 | instance_type = var.inst_type 4 | count = var.inst_count 5 | availability_zone = var.az_name 6 | user_data = file(nginx-install.sh) 7 | vpc_security_group_ids = [aws_security_group.vpc-ssh-web.id] 8 | 9 | tags = { 10 | Name = local.environment-name 11 | } 12 | } 13 | 14 | /* 15 | tags = local.common_tags 16 | */ -------------------------------------------------------------------------------- /T03-Terraform-variables/03-Terraform-local-values/nginx-install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | sudo yum update 3 | sudo yum install -y nginx 4 | sudo systemctl enable nginx 5 | sudo systemctl start nginx 6 | echo "

Nginx was deployed successful using terraform

" > /usr/share/nginx/html/index.html 7 | echo "

Nginx was deployed successful using terraform

" > /var/www/html/index.html -------------------------------------------------------------------------------- /T03-Terraform-variables/03-Terraform-local-values/output.tf: -------------------------------------------------------------------------------- 1 | output "ec2_instance_private_ip" { 2 | value = aws_instance.web.private_ip 3 | description = "EC2 instance Private IP address" 4 | } 5 | 6 | output "ec2_instance_public_ip" { 7 | value = aws_instance.web.public_ip 8 | description = "EC2 instance Public IP address" 9 | } 10 | 11 | output "ec2_instance_public_dns" { 12 | value = "http://${aws_instance.web.public_dns}" 13 | description = "EC2 instance Private DNS name" 14 | #sensitive = true 15 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/03-Terraform-local-values/provider.tf: -------------------------------------------------------------------------------- 1 | /* 2 | Multi-line comment to explain 3 | Terraforn settings block details 4 | */ 5 | terraform { 6 | required_version = "= 1.0.3" 7 | required_providers { 8 | aws = { 9 | source = "hashicorp/aws" //This is also a single line comment 10 | version = "~> 3.0" 11 | } 12 | } 13 | } 14 | #Single line comment 15 | provider "aws" { 16 | region = var.aws_region 17 | profile = "default" 18 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/03-Terraform-local-values/security-group.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "vpc-ssh-web" { 2 | name = "EC2-ssh-web" 3 | description = "Allow ssh and web inbound traffic" 4 | 5 | ingress = [ 6 | { 7 | description = "SSH from VPC" 8 | from_port = 22 9 | to_port = 22 10 | protocol = "tcp" 11 | cidr_blocks = ["0.0.0.0/0"] 12 | }, 13 | { 14 | description = "web from VPC" 15 | from_port = 80 16 | to_port = 80 17 | protocol = "tcp" 18 | cidr_blocks = ["0.0.0.0/0"] 19 | }, 20 | ] 21 | 22 | 23 | egress = [ 24 | { 25 | from_port = 0 26 | to_port = 0 27 | protocol = "-1" 28 | cidr_blocks = ["0.0.0.0/0"] 29 | } 30 | ] 31 | 32 | tags = { 33 | Name = local.environment-name 34 | } 35 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/03-Terraform-local-values/variables.tf: -------------------------------------------------------------------------------- 1 | /* 2 | local { 3 | envionment-name = var.tag_name 4 | } 5 | */ 6 | 7 | variable "tag_name" { 8 | description = "Default tag will be added to all resource when used" 9 | type = string 10 | default = "terraform-webapp-demo" 11 | } 12 | 13 | variable "aws_region" { 14 | description = "Region on which resources will be created" 15 | type = string 16 | default = "us-east-1" 17 | } 18 | 19 | variable "az_name" { 20 | description = "Availability Zone name" 21 | type = string 22 | default = "us-east-1a" 23 | } 24 | 25 | variable "ami_name" { 26 | description = "Latest AMI ID on us-east-1" 27 | type = string 28 | default = "ami-0c2b8ca1dad447f8a" 29 | } 30 | 31 | variable "inst_type" { 32 | description = "Instance type used to launch EC2 Instance" 33 | type = string 34 | default = "t2.micro" 35 | } 36 | 37 | variable "inst_count" { 38 | description = "No of EC2 instances that need to launched" 39 | type = number 40 | default = 1 41 | } 42 | 43 | variable "tag_name" { 44 | description = "Default tag will be added to all resource when used" 45 | type = string 46 | default = "terraform-webapp-demo" 47 | } 48 | 49 | locals { 50 | common_tags = { 51 | Name = "Nginx-server" 52 | Env = "Web-Application" 53 | Type = "Application" 54 | } 55 | } -------------------------------------------------------------------------------- /T03-Terraform-variables/README.md: -------------------------------------------------------------------------------- 1 | # Terraform Variables 2 | - We have three types: 3 | - Input Variables 4 | - Output Values 5 | - Local Values 6 | - **Input Variables:** These are serve as parameters for a terraform module, allowing aspects of the module to be customized without aletring the module's own source code, and allowing modules to be shared between different configurations. 7 | - **Output Values:** These are like the return values of a terraform module and have several uses. 8 | - **Local Values:** Its works more of DRY(Don't Repeat Yourself) principle. These will assigns a name to an expression, so you can use that name multiple times within a module without repeating it. 9 | - Types: 10 | - String: a sequence of Unicode characters representing some text, like "hello" 11 | - number: a number value, like 6.3145 12 | - bool: a boolean value, like true or false 13 | - list (or tuple): a sequence of values, like ["sudheer", "sandeep"]. These are identified by consecutive whole numbers, starting from zero 14 | - map (or object): a group of values identified by named labels, like {name = "sudheer", age = 30} 15 | - null: a value that represents absence or omission 16 | 17 | ## References 18 | - [Input Variables](https://www.terraform.io/docs/language/values/variables.html) 19 | - [Output Values](https://www.terraform.io/docs/language/values/outputs.html) 20 | - [Local Values](https://www.terraform.io/docs/language/values/locals.html) 21 | - [Types](https://www.terraform.io/language/expressions/types) -------------------------------------------------------------------------------- /T03-Terraform-variables/T04-Loops-and-statements/for_README.md: -------------------------------------------------------------------------------- 1 | ## for loop example: 2 | - for loop can be used over lists and maps 3 | - Syntax for lists: output as list --> [for \ in \ : \], output as map --> {for \ in \ : \ => \} 4 | - Syntax for maps: output as list --> [for \, \ in \ : \ ], output as map --> {for \, \ in \ : \ => \} 5 | - Example for lists: 6 | ``` 7 | variable "names" { 8 | description = "A list of names" 9 | type = list(string) 10 | default = ["sudheer", "visualpath", "sandeep", "praveen kumar"] 11 | } 12 | output "short_upper_names" { 13 | value = [for name in var.names : upper(name) if length(name) < 8] 14 | } 15 | ``` 16 | - Example for maps: 17 | ``` 18 | Scenario: 1 (it will print output in form of list) 19 | variable "user_data" { 20 | description = "map" 21 | type = map(string) 22 | default = { 23 | user = "visualpath" 24 | domain = "visualpath pvt ltd" 25 | course = "DevOps" 26 | } 27 | } 28 | output "user_full_details" { 29 | value = [for name, role in var.user_data : "${name} name is ${role}"] 30 | } 31 | 32 | Scenario: 2 (It will print output as map istead of list) 33 | variable "user_data" { 34 | description = "map" 35 | type = map(string) 36 | default = { 37 | user = "visualpath" 38 | domain = "visualpath pvt ltd" 39 | course = "DevOps" 40 | } 41 | } 42 | output "user_full_details" { 43 | value = {for name, role in var.user_data : name => role} 44 | } 45 | ``` 46 | 47 | ### Reference: 48 | - [for condition](https://www.terraform.io/language/expressions/for) -------------------------------------------------------------------------------- /T04-Terraform-datasources/README.md: -------------------------------------------------------------------------------- 1 | # Terraform Datasources 2 | - Data sources allow data to be fetched or computed for use elsewhere in Terraform configuration. 3 | - Use of data sources allows a terraform configuration to make use of information defined outside of terraform, or defined by another seprate configuration or modified by functions. 4 | - A data source is accessed via a special kind of resource know as a data resource, decalred using a data block. 5 | ``` 6 | # This data sourec will fetch latest amazon linux AMI image 7 | data "aws_ami" "amzlinux" { 8 | most_recent = true 9 | owners = ["amazon"] 10 | filter { 11 | name = "name" 12 | values = ["amzn2-ami-hvm-*"] 13 | } 14 | filter { 15 | name = "root-device-type" 16 | values = ["ebs"] 17 | } 18 | filter { 19 | name = "virtualization-type" 20 | values = ["hvm"] 21 | } 22 | filter { 23 | name = "architecture" 24 | values = ["x86_64"] 25 | } 26 | } 27 | ``` 28 | - data block can be called into resource block as mentioned below. 29 | ``` 30 | resource "aws_instance" "web" { 31 | ami = data.aws_ami.amzlinux.id 32 | instance_type = "t1.micro" 33 | } 34 | ``` 35 | - Example 2: which will list all Instances IP address of "Running and Stopped" status. 36 | ``` 37 | data "aws_instances" "test" { 38 | instance_tags = { 39 | Name = "Dev" 40 | } 41 | 42 | filter { 43 | name = "instance.group-id" 44 | values = ["sg-12345678"] 45 | } 46 | 47 | instance_state_names = ["running", "stopped"] 48 | } 49 | 50 | resource "aws_eip" "test" { 51 | count = length(data.aws_instances.test.ids) 52 | instance = data.aws_instances.test.ids[count.index] 53 | } 54 | ``` 55 | 56 | ## References 57 | - [Data Sources](https://www.terraform.io/docs/language/data-sources/index.html) 58 | - [Query Terraform Data Source](https://learn.hashicorp.com/tutorials/terraform/data-sources?in=terraformconfiguration-language) 59 | - [AWS CLI Command Reference](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instances.html) -------------------------------------------------------------------------------- /T04-Terraform-datasources/ami-datasource.tf: -------------------------------------------------------------------------------- 1 | data "aws_ami" "amzlinux" { 2 | most_recent = true 3 | owners = ["amazon"] 4 | filter { 5 | name = "name" 6 | values = ["amzn2-ami-hvm-*"] 7 | } 8 | filter { 9 | name = "root-device-type" 10 | values = ["ebs"] 11 | } 12 | filter { 13 | name = "virtualization-type" 14 | values = ["hvm"] 15 | } 16 | filter { 17 | name = "architecture" 18 | values = ["x86_64"] 19 | } 20 | } 21 | /* 22 | data "aws_ami" "ubuntu_ami" { 23 | most_recent = true 24 | owners = ["099720109477"] 25 | 26 | filter { 27 | name = "name" 28 | values = ["ubuntu/images/hvm-ssd-gp3/ubuntu-noble-24.04-amd64-server-*"] #["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*"] 29 | } 30 | filter { 31 | name = "root-device-type" 32 | values = ["ebs"] 33 | } 34 | filter { 35 | name = "virtualization-type" 36 | values = ["hvm"] 37 | } 38 | filter { 39 | name = "architecture" 40 | values = ["x86_64"] 41 | } 42 | } 43 | */ 44 | -------------------------------------------------------------------------------- /T04-Terraform-datasources/instance.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "web" { 2 | ami = data.aws_ami.ubuntu_ami.id //ami-0c2b8ca1dad447f8a 3 | instance_type = var.inst_type 4 | count = var.inst_count 5 | availability_zone = var.az_name 6 | user_data = file("nginx-install.sh") 7 | associate_public_ip_address = true 8 | vpc_security_group_ids = [aws_security_group.allow_http_ssh.id] 9 | 10 | tags = { 11 | Name = local.environment-name 12 | } 13 | } -------------------------------------------------------------------------------- /T04-Terraform-datasources/nginx-install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | sudo yum update 3 | sudo yum install -y nginx 4 | sudo systemctl enable nginx 5 | sudo systemctl start nginx 6 | echo "

Nginx was deployed successful using terraform

" > /usr/share/nginx/html/index.html 7 | echo "

Nginx was deployed successful using terraform

" > /var/www/html/index.html -------------------------------------------------------------------------------- /T04-Terraform-datasources/output.tf: -------------------------------------------------------------------------------- 1 | output "ec2_instance_private_ip" { 2 | value = aws_instance.web.*.private_ip 3 | description = "EC2 instance Private IP address" 4 | } 5 | 6 | output "ec2_instance_public_ip" { 7 | value = aws_instance.web.*.public_ip 8 | description = "EC2 instance Public IP address" 9 | } 10 | 11 | output "ec2_instance_public_dns" { 12 | value = "http://aws_instance.web.*.public_dns" 13 | description = "EC2 instance Private DNS name" 14 | #sensitive = true 15 | } -------------------------------------------------------------------------------- /T04-Terraform-datasources/provider.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = "= 1.0.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 3.0" 7 | } 8 | } 9 | } 10 | provider "aws" { 11 | region = var.aws_region 12 | profile = "default" 13 | } -------------------------------------------------------------------------------- /T04-Terraform-datasources/security-group.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "vpc-ssh-web" { 2 | name = "EC2-ssh-web" 3 | description = "Allow ssh and web inbound traffic" 4 | 5 | ingress = [ 6 | { 7 | description = "SSH from VPC" 8 | from_port = 22 9 | to_port = 22 10 | protocol = "tcp" 11 | cidr_blocks = ["0.0.0.0/0"] 12 | }, 13 | { 14 | description = "web from VPC" 15 | from_port = 80 16 | to_port = 80 17 | protocol = "tcp" 18 | cidr_blocks = ["0.0.0.0/0"] 19 | } 20 | ] 21 | 22 | 23 | egress = [ 24 | { 25 | from_port = 0 26 | to_port = 0 27 | protocol = "-1" 28 | cidr_blocks = ["0.0.0.0/0"] 29 | } 30 | ] 31 | 32 | tags = { 33 | Name = local.environment-name 34 | } 35 | } -------------------------------------------------------------------------------- /T04-Terraform-datasources/variables.tf: -------------------------------------------------------------------------------- 1 | local { 2 | envionment-name = "${var.tag_name}" 3 | } 4 | variable "aws_region" { 5 | description = "Region on which resources will be created" 6 | type = string 7 | default = "us-east-1" 8 | } 9 | variable "az_name" { 10 | description = "Availability Zone name" 11 | type = string 12 | default = "us-east-1a" 13 | } 14 | variable "inst_type" { 15 | description = "Instance type used to launch EC2 Instance" 16 | type = string 17 | default = "t2.micro" 18 | } 19 | variable "inst_count" { 20 | description = "No of EC2 instances that need to launched" 21 | type = number 22 | default = 1 23 | } 24 | variable "tag_name" { 25 | description = "Default tag will be added to all resource when used" 26 | type = string 27 | default = "terraform-webapp-demo" 28 | } -------------------------------------------------------------------------------- /T05-Terraform-state-manipulation/terraform-manifest/instance.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "web" { 2 | ami = var.ami_name //ami-0c2b8ca1dad447f8a 3 | instance_type = var.inst_type 4 | count = var.inst_count 5 | availability_zone = var.az_name 6 | 7 | tags = { 8 | Name = "WebApp-terraform" 9 | } 10 | } -------------------------------------------------------------------------------- /T05-Terraform-state-manipulation/terraform-manifest/provider.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 3.0" 7 | } 8 | } 9 | # S3 bucket for storing state file in remote backend 10 | backend "s3" { 11 | bucket = "terraform-statefiles-sudheer" 12 | key = "terraform.tfstate" 13 | region = "us-east-1" 14 | } 15 | } 16 | 17 | provider "aws" { 18 | region = var.aws_region 19 | profile = "default" 20 | } 21 | /* 22 | terraform { 23 | required_version = ">= 1.0.3" 24 | required_providers { 25 | aws = { 26 | source = "hashicorp/aws" 27 | version = "~> 3.0" 28 | } 29 | } 30 | # S3 bucket for storing state file in remote backend 31 | backend "s3" { 32 | bucket = "terraform-statefiles-sudheer" 33 | key = "Prod/terraform.tfstate" 34 | region = "us-east-1" 35 | 36 | # State Locking using DynamoDB Table 37 | dynamodb_table = "terraform-dev-state-table" 38 | } 39 | } 40 | 41 | provider "aws" { 42 | region = var.aws_region 43 | profile = "default" 44 | } 45 | */ -------------------------------------------------------------------------------- /T05-Terraform-state-manipulation/terraform-manifest/variables.tf: -------------------------------------------------------------------------------- 1 | variable "aws_region" { 2 | description = "Region on which resources will be created" 3 | type = string 4 | default = "us-east-1" 5 | } 6 | variable "az_name" { 7 | description = "Availability Zone name" 8 | type = string 9 | default = "us-east-1a" 10 | } 11 | variable "ami_name" { 12 | description = "Latest AMI ID on us-east-1" 13 | type = string 14 | default = "ami-0c2b8ca1dad447f8a" 15 | } 16 | variable "inst_type" { 17 | description = "Instance type used to launch EC2 Instance" 18 | type = string 19 | default = "t2.micro" 20 | } 21 | variable "inst_count" { 22 | description = "No of EC2 instances that need to launched" 23 | type = number 24 | default = 1 25 | } -------------------------------------------------------------------------------- /T06-Terraform-workspace/01-Terraoform-workspace-local/ami-datasource.tf: -------------------------------------------------------------------------------- 1 | data "aws_ami" "ubuntu_ami" { 2 | most_recent = true 3 | owners = ["099720109477"] 4 | 5 | filter { 6 | name = "name" 7 | values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"] 8 | } 9 | filter { 10 | name = "root-device-type" 11 | values = ["ebs"] 12 | } 13 | filter { 14 | name = "virtualization-type" 15 | values = ["hvm"] 16 | } 17 | filter { 18 | name = "architecture" 19 | values = ["x86_64"] 20 | } 21 | } 22 | /* 23 | data "aws_ami" "amzlinux" { 24 | most_recent = true 25 | owners = ["amazon"] 26 | filter { 27 | name = "name" 28 | values = ["amzn2-ami-hvm-*"] 29 | } 30 | filter { 31 | name = "root-device-type" 32 | values = ["ebs"] 33 | } 34 | filter { 35 | name = "virtualization-type" 36 | values = ["hvm"] 37 | } 38 | filter { 39 | name = "architecture" 40 | values = ["x86_64"] 41 | } 42 | } 43 | */ -------------------------------------------------------------------------------- /T06-Terraform-workspace/01-Terraoform-workspace-local/instance.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "web" { 2 | ami = data.aws_ami.ubuntu_ami.id //ami-0c2b8ca1dad447f8a 3 | instance_type = var.inst_type 4 | availability_zone = var.az_name 5 | count = terraform.workspace == "default" ? 3 : 1 6 | user_data = file("nginx-install.sh") 7 | key_name = "sudhams_virginia_demo" 8 | associate_public_ip_address = true 9 | vpc_security_group_ids = [aws_security_group.allow_http_ssh.id] 10 | 11 | tags = { 12 | Name = "Nginx-application-${terraform.workspace}" 13 | } 14 | } -------------------------------------------------------------------------------- /T06-Terraform-workspace/01-Terraoform-workspace-local/nginx-install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | sudo yum update 3 | sudo yum install -y nginx 4 | sudo systemctl enable nginx 5 | sudo systemctl start nginx 6 | echo "

Nginx was deployed successful using terraform

" > /usr/share/nginx/html/index.html 7 | echo "

Nginx was deployed successful using terraform

" > /var/www/html/index.html -------------------------------------------------------------------------------- /T06-Terraform-workspace/01-Terraoform-workspace-local/output.tf: -------------------------------------------------------------------------------- 1 | output "ec2_instance_private_ip" { 2 | value = aws_instance.web.*.private_ip 3 | description = "EC2 instance Private IP address" 4 | } 5 | 6 | output "ec2_instance_public_ip" { 7 | value = aws_instance.web.*.public_ip 8 | description = "EC2 instance Public IP address" 9 | } 10 | 11 | output "ec2_instance_public_dns" { 12 | value = "http://aws_instance.web.*.public_dns" 13 | description = "EC2 instance Private DNS name" 14 | #sensitive = true 15 | } -------------------------------------------------------------------------------- /T06-Terraform-workspace/01-Terraoform-workspace-local/provider.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = "= 1.0.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 3.0" 7 | } 8 | } 9 | } 10 | provider "aws" { 11 | region = var.aws_region 12 | profile = "default" 13 | } -------------------------------------------------------------------------------- /T06-Terraform-workspace/01-Terraoform-workspace-local/security-group-rules.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group_rule" "ingress_ssh" { 2 | type = "ingress" 3 | from_port = 22 4 | to_port = 22 5 | protocol = "tcp" 6 | cidr_blocks = ["0.0.0.0/0"] 7 | security_group_id = aws_security_group.allow_http_ssh.id 8 | } 9 | 10 | resource "aws_security_group_rule" "ingress_http" { 11 | type = "ingress" 12 | from_port = 80 13 | to_port = 80 14 | protocol = "tcp" 15 | cidr_blocks = ["0.0.0.0/0"] 16 | security_group_id = aws_security_group.allow_http_ssh.id 17 | } 18 | 19 | resource "aws_security_group_rule" "egress_allow_all" { 20 | type = "egress" 21 | to_port = 0 22 | protocol = "-1" 23 | from_port = 0 24 | cidr_blocks = ["0.0.0.0/0"] 25 | security_group_id = aws_security_group.allow_http_ssh.id 26 | } -------------------------------------------------------------------------------- /T06-Terraform-workspace/01-Terraoform-workspace-local/security-group.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "allow_http_ssh" { 2 | name = "allow-http-ssh-${terraform.workspace}" 3 | description = "Allow Ingress rules to allow SSH and HTTP connections" 4 | tags = { 5 | Name = "Nginx-application-${terraform.workspace}" 6 | } 7 | } -------------------------------------------------------------------------------- /T06-Terraform-workspace/01-Terraoform-workspace-local/variables.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | envionment-name = "${var.tag_name}" 3 | } 4 | variable "aws_region" { 5 | description = "Region on which resources will be created" 6 | type = string 7 | default = "us-east-1" 8 | } 9 | variable "az_name" { 10 | description = "Availability Zone name" 11 | type = string 12 | default = "us-east-1a" 13 | } 14 | variable "inst_type" { 15 | description = "Instance type used to launch EC2 Instance" 16 | type = string 17 | default = "t2.micro" 18 | } 19 | variable "inst_count" { 20 | description = "No of EC2 instances that need to launched" 21 | type = number 22 | default = 1 23 | } 24 | variable "tag_name" { 25 | description = "Default tag will be added to all resource when used" 26 | type = map(string) 27 | default = { 28 | Name = "Nginx-server" 29 | Env = "Web-Application" 30 | } 31 | } -------------------------------------------------------------------------------- /T06-Terraform-workspace/02-Terraform-workspace-remote/README.md: -------------------------------------------------------------------------------- 1 | ## Scenario 1 to test 2 | ``` 3 | #Initialize terraform 4 | terraform init 5 | 6 | #List workspaces 7 | terraform workspace list --> * will be displayed for current used workspace 8 | 9 | #Output current workspace using show 10 | terraform workspace show 11 | 12 | #Terraform plan 13 | terraform plan --> for default it should show 2 instances creation 14 | 15 | #review and apply 16 | terraform apply [-auto-approve] 17 | 18 | #check if all instances are created as per specified in default workspace value 19 | 20 | #Now check the s3 bucket to see if workspace was created to store state file 21 | 22 | #terraform workspace new dev --> check the bucket to see a new folder structure was created (bucket-name/env:/dev/workspaces/terraform.tfstate) file got created 23 | 24 | #Optional: terraform workspace new qa --> check the bucket to see a new folder structure was created (bucket-name/env:/qa/workspaces/terraform.tfstate) file got created 25 | ``` -------------------------------------------------------------------------------- /T06-Terraform-workspace/02-Terraform-workspace-remote/emi-datasource.tf: -------------------------------------------------------------------------------- 1 | data "aws_ami" "ubuntu_ami" { 2 | most_recent = true 3 | owners = ["099720109477"] 4 | 5 | filter { 6 | name = "name" 7 | values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"] 8 | } 9 | filter { 10 | name = "root-device-type" 11 | values = ["ebs"] 12 | } 13 | filter { 14 | name = "virtualization-type" 15 | values = ["hvm"] 16 | } 17 | filter { 18 | name = "architecture" 19 | values = ["x86_64"] 20 | } 21 | } 22 | /* 23 | data "aws_ami" "amzlinux" { 24 | most_recent = true 25 | owners = ["amazon"] 26 | filter { 27 | name = "name" 28 | values = ["amzn2-ami-hvm-*"] 29 | } 30 | filter { 31 | name = "root-device-type" 32 | values = ["ebs"] 33 | } 34 | filter { 35 | name = "virtualization-type" 36 | values = ["hvm"] 37 | } 38 | filter { 39 | name = "architecture" 40 | values = ["x86_64"] 41 | } 42 | } 43 | */ -------------------------------------------------------------------------------- /T06-Terraform-workspace/02-Terraform-workspace-remote/instance.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "web" { 2 | ami = data.aws_ami.amzlinux.id //ami-0c2b8ca1dad447f8a 3 | instance_type = var.inst_type 4 | availability_zone = var.az_name 5 | count = terraform.workspace == "default" ? 1 : 2 6 | user_data = file("nginx-install.sh") 7 | key_name = "awsdemokey" 8 | associate_public_ip_address = true 9 | vpc_security_group_ids = [aws_security_group.allow_http_ssh.id] 10 | 11 | tags = { 12 | Name = "Nginx-application-${terraform.workspace}" 13 | } 14 | } -------------------------------------------------------------------------------- /T06-Terraform-workspace/02-Terraform-workspace-remote/nginx-install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | sudo apt update 3 | sudo apt install -y nginx 4 | sudo systemctl enable nginx 5 | sudo systemctl start nginx 6 | echo "

Nginx was deployed successful using terraform

" > /usr/share/nginx/html/index.html 7 | echo "

Nginx was deployed successful using terraform

" > /var/www/html/index.html -------------------------------------------------------------------------------- /T06-Terraform-workspace/02-Terraform-workspace-remote/output.tf: -------------------------------------------------------------------------------- 1 | output "ec2_instance_private_ip" { 2 | value = aws_instance.web.*.private_ip 3 | description = "EC2 instance Private IP address" 4 | } 5 | 6 | output "ec2_instance_public_ip" { 7 | value = aws_instance.web.*.public_ip 8 | description = "EC2 instance Public IP address" 9 | } 10 | 11 | output "ec2_instance_public_dns" { 12 | value = "http://aws_instance.web.*.public_dns" 13 | description = "EC2 instance Private DNS name" 14 | sensitive = true 15 | } -------------------------------------------------------------------------------- /T06-Terraform-workspace/02-Terraform-workspace-remote/provider.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | aws = { 4 | source = "hashicorp/aws" 5 | version = "~> 4.0" 6 | } 7 | } 8 | backend "s3" { 9 | bucket = "terraform-demo-sudheer" 10 | key = "workspaces/terraform.tfstate" 11 | region = "us-east-1" 12 | 13 | #For state locking 14 | dynamodb_table = "terraform-dev-state-table" 15 | } 16 | } 17 | provider "aws" { 18 | region = var.aws_region 19 | profile = "default" 20 | } -------------------------------------------------------------------------------- /T06-Terraform-workspace/02-Terraform-workspace-remote/security-group-rules.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group_rule" "ingress_ssh" { 2 | type = "ingress" 3 | from_port = 22 4 | to_port = 22 5 | protocol = "tcp" 6 | cidr_blocks = ["0.0.0.0/0"] 7 | security_group_id = aws_security_group.allow_http_ssh.id 8 | } 9 | 10 | resource "aws_security_group_rule" "ingress_http" { 11 | type = "ingress" 12 | from_port = 80 13 | to_port = 80 14 | protocol = "tcp" 15 | cidr_blocks = ["0.0.0.0/0"] 16 | security_group_id = aws_security_group.allow_http_ssh.id 17 | } 18 | 19 | resource "aws_security_group_rule" "egress_allow_all" { 20 | type = "egress" 21 | to_port = 0 22 | protocol = "-1" 23 | from_port = 0 24 | cidr_blocks = ["0.0.0.0/0"] 25 | security_group_id = aws_security_group.allow_http_ssh.id 26 | } -------------------------------------------------------------------------------- /T06-Terraform-workspace/02-Terraform-workspace-remote/security-group.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "allow_http_ssh" { 2 | name = "allow-http-ssh-${terraform.workspace}" 3 | description = "Allow Ingress rules to allow SSH and HTTP connections" 4 | tags = { 5 | Name = "Nginx-application-${terraform.workspace}" 6 | } 7 | } -------------------------------------------------------------------------------- /T06-Terraform-workspace/02-Terraform-workspace-remote/variables.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | envionment-name = "${var.tag_name}" 3 | } 4 | variable "aws_region" { 5 | description = "Region on which resources will be created" 6 | type = string 7 | default = "us-east-1" 8 | } 9 | variable "az_name" { 10 | description = "Availability Zone name" 11 | type = string 12 | default = "us-east-1a" 13 | } 14 | variable "inst_type" { 15 | description = "Instance type used to launch EC2 Instance" 16 | type = string 17 | default = "t2.micro" 18 | } 19 | variable "inst_count" { 20 | description = "No of EC2 instances that need to launched" 21 | type = number 22 | default = 1 23 | } 24 | variable "tag_name" { 25 | description = "Default tag will be added to all resource when used" 26 | type = map(string) 27 | default = { 28 | Name = "Nginx-server" 29 | Env = "Web-Application" 30 | } 31 | } -------------------------------------------------------------------------------- /T07-Terraform-modules/01-Terraform-module-basics/emi-datasource.tf: -------------------------------------------------------------------------------- 1 | data "aws_ami" "ubuntu_ami" { 2 | most_recent = true 3 | owners = ["099720109477"] 4 | 5 | filter { 6 | name = "name" 7 | values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"] 8 | } 9 | filter { 10 | name = "root-device-type" 11 | values = ["ebs"] 12 | } 13 | filter { 14 | name = "virtualization-type" 15 | values = ["hvm"] 16 | } 17 | filter { 18 | name = "architecture" 19 | values = ["x86_64"] 20 | } 21 | } -------------------------------------------------------------------------------- /T07-Terraform-modules/01-Terraform-module-basics/instance.tf: -------------------------------------------------------------------------------- 1 | # AWS EC2 Instance Module 2 | module "ec2_cluster" { 3 | source = "terraform-aws-modules/ec2-instance/aws" 4 | version = "~> 2.0" 5 | 6 | name = "my-modules-demo" 7 | instance_count = 2 8 | 9 | ami = data.aws_ami.ubuntu_ami.id 10 | instance_type = var.inst_type 11 | key_name = "awsdemokey" 12 | monitoring = true 13 | vpc_security_group_ids = [aws_security_group.allow_http_ssh.id] 14 | subnet_id = "subnet-a3c120ef" # Get one public subnet id from default vpc and replace 15 | user_data = file("nginx-install.sh") 16 | 17 | tags = local.environment-name 18 | } -------------------------------------------------------------------------------- /T07-Terraform-modules/01-Terraform-module-basics/nginx-install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | sudo apt update 3 | sudo apt install -y nginx 4 | sudo systemctl enable nginx 5 | sudo systemctl start nginx 6 | echo "

Nginx was deployed successful using terraform

" > /usr/share/nginx/html/index.html 7 | echo "

Nginx was deployed successful using terraform

" > /var/www/html/index.html -------------------------------------------------------------------------------- /T07-Terraform-modules/01-Terraform-module-basics/output.tf: -------------------------------------------------------------------------------- 1 | output "ec2_instance_private_ip" { 2 | value = module.ec2_cluster.*.private_ip 3 | description = "EC2 instance Private IP address" 4 | } 5 | 6 | output "ec2_instance_public_ip" { 7 | value = module.ec2_cluster.*.public_ip 8 | description = "EC2 instance Public IP address" 9 | } 10 | 11 | output "ec2_instance_public_dns" { 12 | value = "http://module.ec2_cluster.*.public_dns" 13 | description = "EC2 instance Private DNS name" 14 | } -------------------------------------------------------------------------------- /T07-Terraform-modules/01-Terraform-module-basics/provider.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | aws = { 4 | source = "hashicorp/aws" 5 | version = "~> 3.0" 6 | } 7 | } 8 | } 9 | provider "aws" { 10 | region = var.aws_region 11 | profile = "default" 12 | } -------------------------------------------------------------------------------- /T07-Terraform-modules/01-Terraform-module-basics/security-group-rules.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group_rule" "ingress_ssh" { 2 | type = "ingress" 3 | from_port = 22 4 | to_port = 22 5 | protocol = "tcp" 6 | cidr_blocks = ["0.0.0.0/0"] 7 | security_group_id = aws_security_group.allow_http_ssh.id 8 | } 9 | 10 | resource "aws_security_group_rule" "ingress_http" { 11 | type = "ingress" 12 | from_port = 80 13 | to_port = 80 14 | protocol = "tcp" 15 | cidr_blocks = ["0.0.0.0/0"] 16 | security_group_id = aws_security_group.allow_http_ssh.id 17 | } 18 | 19 | resource "aws_security_group_rule" "egress_allow_all" { 20 | type = "egress" 21 | to_port = 0 22 | protocol = "-1" 23 | from_port = 0 24 | cidr_blocks = ["0.0.0.0/0"] 25 | security_group_id = aws_security_group.allow_http_ssh.id 26 | } -------------------------------------------------------------------------------- /T07-Terraform-modules/01-Terraform-module-basics/security-group.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "allow_http_ssh" { 2 | name = "allow-http-ssh" 3 | description = "Allow Ingress rules to allow SSH and HTTP connections" 4 | } -------------------------------------------------------------------------------- /T07-Terraform-modules/01-Terraform-module-basics/variables.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | environment-name = var.tag_name 3 | } 4 | variable "aws_region" { 5 | description = "Region on which resources will be created" 6 | type = string 7 | default = "us-east-1" 8 | } 9 | variable "inst_type" { 10 | description = "Instance type used to launch EC2 Instance" 11 | type = string 12 | default = "t2.micro" 13 | } 14 | variable "tag_name" { 15 | description = "Default tag will be added to all resource when used" 16 | type = map(string) 17 | default = { 18 | Name = "terraform-webapp-demo" 19 | Env = "Prod" 20 | } 21 | } -------------------------------------------------------------------------------- /T07-Terraform-modules/02-Static-website-s3-module/aws-s3-static-website-bucket/main.tf: -------------------------------------------------------------------------------- 1 | # Call our Custom Terraform Module which we built earlier 2 | 3 | module "website_s3_bucket" { 4 | source = "./modules/aws-s3-static-website-bucket" # Mandatory 5 | bucket_name = var.my_s3_bucket 6 | tags = var.my_s3_tags 7 | } -------------------------------------------------------------------------------- /T07-Terraform-modules/02-Static-website-s3-module/aws-s3-static-website-bucket/modules/aws-s3-static-website-bucket/LICENSE: -------------------------------------------------------------------------------- 1 | Licensed under the Apache License, Version 2.0 (the "License"); 2 | you may not use this file except in compliance with the License. 3 | You may obtain a copy of the License at 4 | 5 | http://www.apache.org/licenses/LICENSE-2.0 6 | 7 | Unless required by applicable law or agreed to in writing, software 8 | distributed under the License is distributed on an "AS IS" BASIS, 9 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 10 | See the License for the specific language governing permissions and 11 | limitations under the License. -------------------------------------------------------------------------------- /T07-Terraform-modules/02-Static-website-s3-module/aws-s3-static-website-bucket/modules/aws-s3-static-website-bucket/README.md: -------------------------------------------------------------------------------- 1 | # AWS S3 static website bucket 2 | - This module provisions AWS S3 buckets configured for static website hosting. 3 | - This will be a demo S3 module -------------------------------------------------------------------------------- /T07-Terraform-modules/02-Static-website-s3-module/aws-s3-static-website-bucket/modules/aws-s3-static-website-bucket/index.html: -------------------------------------------------------------------------------- 1 |

Welcome to Terraform Module Block

-------------------------------------------------------------------------------- /T07-Terraform-modules/02-Static-website-s3-module/aws-s3-static-website-bucket/modules/aws-s3-static-website-bucket/output.tf: -------------------------------------------------------------------------------- 1 | # Output variable definitions 2 | 3 | output "arn" { 4 | description = "ARN of the S3 Bucket" 5 | value = aws_s3_bucket.s3_bucket.arn 6 | } 7 | 8 | output "name" { 9 | description = "Name (id) of the bucket" 10 | value = aws_s3_bucket.s3_bucket.id 11 | } 12 | 13 | output "domain" { 14 | description = "Domain Name of the bucket" 15 | value = aws_s3_bucket.s3_bucket.website_domain 16 | } 17 | 18 | output "endpoint" { 19 | description = "Endpoint Information of the bucket" 20 | value = aws_s3_bucket.s3_bucket.website_endpoint 21 | } -------------------------------------------------------------------------------- /T07-Terraform-modules/02-Static-website-s3-module/aws-s3-static-website-bucket/modules/aws-s3-static-website-bucket/s3-bucket.tf: -------------------------------------------------------------------------------- 1 | # Create S3 Bucket Resource 2 | resource "aws_s3_bucket" "s3_bucket" { 3 | bucket = var.bucket_name 4 | acl = "public-read" 5 | policy = < \ 14 | /etc/apt/sources.list.d/jenkins.list' 15 | sudo apt-get update 16 | sudo apt-get install jenkins 17 | ``` 18 | - After successful installation, access Jenkins Setup Wizard to configure further: 19 | - Access Setup Wizard in the browser 20 | ``` 21 | http://:8080 22 | ``` 23 | - Give initialAdminPassword fetched from /var/lib/jenkins/secrets/initialAdminPassword file 24 | - select "Install Suggested Plugins" 25 | - After provider admin username and password to access the dashboard further 26 | 27 | ## Setup and configure Terraform plugin 28 | - Install "terraform plugin": Manage Jenkins --> Manage Plugins --> Select "Available" tab --> In search type "terraform" --> select "install without restart" --> Once done, click on "Go back to the top page" 29 | - Enable "Terraform": Manage Jenkins --> Global Tool Configuration --> Terraform section --> Add Terraform --> Name(Terraform),select "Install automatically", install from bintary.com, select "Terraform 11029 linux(amd64)" --> Save 30 | 31 | ### References: 32 | - [Jenkins](https://www.jenkins.io/doc/book/installing/linux/) -------------------------------------------------------------------------------- /T09-Terraform-automation/Jenkinsfile.staticparameters: -------------------------------------------------------------------------------- 1 | pipeline { 2 | agent any 3 | stages { 4 | stage('Setup parameters') { 5 | steps { 6 | script { 7 | properties([ 8 | parameters([ 9 | choice( 10 | choices: ['Dev', 'Prod', 'Staging'], 11 | name: 'ENVIRONMENT' 12 | ), 13 | booleanParam( 14 | defaultValue: true, 15 | description: '', 16 | name: 'BOOLEAN' 17 | ), 18 | text( 19 | defaultValue: ''' 20 | this is a multi-line 21 | string parameter example 22 | to check how it works 23 | ''', 24 | name: 'EXECUTION-DATA' 25 | ), 26 | string( 27 | defaultValue: 'yes', 28 | name: 'Destroy resource', 29 | trim: true 30 | ) 31 | ]) 32 | ]) 33 | } 34 | } 35 | } 36 | } 37 | } -------------------------------------------------------------------------------- /T09-Terraform-automation/README.md: -------------------------------------------------------------------------------- 1 | # Automate Terraform using GitHub Actions 2 | - GitHub Actions add continuous integration to GitHub repositories to automate your software builds, tests, and deployments. 3 | - Automating Terraform with CI/CD enforces configuration best practices, promotes collaboration and automates the Terraform workflow. 4 | # Jenkins Installation 5 | - https://www.jenkins.io/doc/book/installing/linux/ 6 | - https://pkg.jenkins.io/debian-stable/ 7 | # Terraform Installation 8 | - https://www.terraform.io/cli/install/apt 9 | # Jenkinsfile Pipeline 10 | - https://www.jenkins.io/blog/2017/01/19/converting-conditional-to-pipeline/ 11 | ### Reference 12 | - [GitHub Actions](https://learn.hashicorp.com/tutorials/terraform/github-actions?in=terraform/automation) 13 | - [CircleCI](https://learn.hashicorp.com/tutorials/terraform/circle-ci?in=terraform/automation) -------------------------------------------------------------------------------- /T11-Terraforn-testing/01-terrascan.md: -------------------------------------------------------------------------------- 1 | # TerraScan 2 | 3 | 4 | ### References 5 | - [terrascan docker](https://runterrascan.io/docs/getting-started/#using-a-docker-container) 6 | - [Format](https://runterrascan.io/docs/usage/command_line_mode/#configuring-the-output-format-for-a-scan) -------------------------------------------------------------------------------- /T11-Terraforn-testing/02-checkov.md: -------------------------------------------------------------------------------- 1 | ### References: 2 | - [checkov](https://github.com/bridgecrewio/checkov?ref=thechiefio) -------------------------------------------------------------------------------- /T12-Import-Terraform-Configuration/README.md: -------------------------------------------------------------------------------- 1 | # Bringing existing infrastructure under Terraform's control involves five main steps: 2 | - Identify the existing infrastructure to be imported. 3 | - Import infrastructure into your Terraform state. 4 | - Write Terraform configuration that matches that infrastructure. 5 | - Review the Terraform plan to ensure the configuration matches the expected state and infrastructure. 6 | - Apply the configuration to update your Terraform state. 7 | - [import-configuration](../src/images/terraform-import-workflow-diagram.png) -------------------------------------------------------------------------------- /T13-Built-in-functions/README.md: -------------------------------------------------------------------------------- 1 | # Below are some of regulerally used built-in functions of Terraform 2 | ## file 3 | ## element 4 | ## format 5 | ## merge 6 | ## join 7 | ## split 8 | ## length 9 | ## can 10 | ## lookup 11 | ## max 12 | ## min 13 | ## substr 14 | ## regex -------------------------------------------------------------------------------- /T13-Built-in-functions/variables.tf: -------------------------------------------------------------------------------- 1 | variable "image_id" { 2 | type = string 3 | description = "The id of the machine image (AMI) to use for the server." 4 | 5 | validation { 6 | condition = length(var.image_id) > 4 && substr(var.image_id, 0, 4) == "ami-" 7 | error_message = "The image_id value must be a valid AMI id, starting with \"ami-\"." 8 | } 9 | } 10 | 11 | variable "image_id" { 12 | type = string 13 | description = "The id of the machine image (AMI) to use for the server." 14 | 15 | validation { 16 | # regex(...) fails if it cannot find a match 17 | condition = can(regex("^ami-", var.image_id)) 18 | error_message = "The image_id value must be a valid AMI id, starting with \"ami-\"." 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /TASKS/sceanrio1-map/instance.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "web" { 2 | ami = var.ami_name //ami-0c2b8ca1dad447f8a 3 | for_each = var.inst_type 4 | instance_type = each.value 5 | availability_zone = var.az_name 6 | key_name = "sudhams_virginia_demo" 7 | associate_public_ip_address = true 8 | vpc_security_group_ids = [aws_security_group.allow_http_ssh.id] 9 | 10 | tags = { 11 | Name = "WebApp-terraform-${each.key}" 12 | } 13 | } -------------------------------------------------------------------------------- /TASKS/sceanrio1-map/nginx-install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | sudo apt update && apt -y dist-upgrade 3 | sudo apt install -y nginx 4 | sudo systemctl enable nginx 5 | sudo systemctl start nginx 6 | echo "

Nginx was deployed successful using terraform $(hostname -f)

" > /usr/share/nginx/html/index.html 7 | echo "

Nginx was deployed successful using terraform $(hostname -f)

" > /var/www/html/index.html -------------------------------------------------------------------------------- /TASKS/sceanrio1-map/provider.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | aws = { 4 | source = "hashicorp/aws" 5 | version = "~> 3.0" 6 | } 7 | } 8 | } 9 | provider "aws" { 10 | region = var.aws_region 11 | profile = "default" 12 | } -------------------------------------------------------------------------------- /TASKS/sceanrio1-map/security-group-rules.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group_rule" "ingress_ssh" { 2 | type = "ingress" 3 | from_port = 22 4 | to_port = 22 5 | protocol = "tcp" 6 | cidr_blocks = ["0.0.0.0/0"] 7 | security_group_id = aws_security_group.allow_http_ssh.id 8 | } 9 | 10 | resource "aws_security_group_rule" "ingress_http" { 11 | type = "ingress" 12 | from_port = 80 13 | to_port = 80 14 | protocol = "tcp" 15 | cidr_blocks = ["0.0.0.0/0"] 16 | security_group_id = aws_security_group.allow_http_ssh.id 17 | } 18 | 19 | resource "aws_security_group_rule" "egress_allow_all" { 20 | type = "egress" 21 | to_port = 0 22 | protocol = "-1" 23 | from_port = 0 24 | cidr_blocks = ["0.0.0.0/0"] 25 | security_group_id = aws_security_group.allow_http_ssh.id 26 | } -------------------------------------------------------------------------------- /TASKS/sceanrio1-map/security-group.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "allow_http_ssh" { 2 | name = "allow-http-ssh" 3 | description = "Allow Ingress rules to allow SSH and HTTP connections" 4 | } -------------------------------------------------------------------------------- /TASKS/sceanrio1-map/variables.tf: -------------------------------------------------------------------------------- 1 | variable "aws_region" { 2 | description = "Region on which resources will be created" 3 | type = string 4 | default = "us-east-1" 5 | } 6 | variable "az_name" { 7 | description = "Availability Zone name should be region defined in aws_region variable" 8 | type = string 9 | default = "us-east-1a" 10 | } 11 | variable "ami_name" { 12 | description = "Latest AMI ID on us-east-1" 13 | type = string 14 | default = "ami-0c2b8ca1dad447f8a" 15 | } 16 | #variable "inst_type" { 17 | # description = "Instance type used to launch EC2 Instance" 18 | # type = list(string) 19 | # default = [ "t2.micro", "t2.small", "t2.large" ] 20 | #} 21 | variable "inst_type" { 22 | description = "Instance type used to launch EC2 Instance" 23 | type = map(string) 24 | default = { 25 | "dev" = "t2.micro" 26 | "staging" = "t2.small" 27 | "prod" = "t2.large" 28 | } 29 | } -------------------------------------------------------------------------------- /TASKS/scenario2/instance.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "web" { 2 | ami = var.ami_name //ami-0c2b8ca1dad447f8a 3 | instance_type = "${lookup(var.inst_type, var.environment, "Provide valid environment name")}" 4 | availability_zone = var.az_name 5 | key_name = "sudhams_virginia_demo" 6 | associate_public_ip_address = true 7 | vpc_security_group_ids = [aws_security_group.allow_http_ssh.id] 8 | 9 | tags = { 10 | Name = "WebApp-terraform" 11 | } 12 | } 13 | /* 14 | resource "aws_instance" "web" { 15 | ami = var.ami_name //ami-0c2b8ca1dad447f8a 16 | instance_type = "${var.inst_type["${var.environment}"]}" 17 | availability_zone = var.az_name 18 | key_name = "sudhams_virginia_demo" 19 | associate_public_ip_address = true 20 | vpc_security_group_ids = [aws_security_group.allow_http_ssh.id] 21 | 22 | tags = { 23 | Name = "WebApp-terraform" 24 | } 25 | } 26 | */ -------------------------------------------------------------------------------- /TASKS/scenario2/nginx-install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | sudo apt update && apt -y dist-upgrade 3 | sudo apt install -y nginx 4 | sudo systemctl enable nginx 5 | sudo systemctl start nginx 6 | echo "

Nginx was deployed successful using terraform $(hostname -f)

" > /usr/share/nginx/html/index.html 7 | echo "

Nginx was deployed successful using terraform $(hostname -f)

" > /var/www/html/index.html -------------------------------------------------------------------------------- /TASKS/scenario2/provider.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | aws = { 4 | source = "hashicorp/aws" 5 | version = "~> 3.0" 6 | } 7 | } 8 | } 9 | provider "aws" { 10 | region = var.aws_region 11 | profile = "default" 12 | } -------------------------------------------------------------------------------- /TASKS/scenario2/security-group-rules.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group_rule" "ingress_ssh" { 2 | type = "ingress" 3 | from_port = 22 4 | to_port = 22 5 | protocol = "tcp" 6 | cidr_blocks = ["0.0.0.0/0"] 7 | security_group_id = aws_security_group.allow_http_ssh.id 8 | } 9 | 10 | resource "aws_security_group_rule" "ingress_http" { 11 | type = "ingress" 12 | from_port = 80 13 | to_port = 80 14 | protocol = "tcp" 15 | cidr_blocks = ["0.0.0.0/0"] 16 | security_group_id = aws_security_group.allow_http_ssh.id 17 | } 18 | 19 | resource "aws_security_group_rule" "egress_allow_all" { 20 | type = "egress" 21 | to_port = 0 22 | protocol = "-1" 23 | from_port = 0 24 | cidr_blocks = ["0.0.0.0/0"] 25 | security_group_id = aws_security_group.allow_http_ssh.id 26 | } -------------------------------------------------------------------------------- /TASKS/scenario2/security-group.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "allow_http_ssh" { 2 | name = "allow-http-ssh" 3 | description = "Allow Ingress rules to allow SSH and HTTP connections" 4 | } -------------------------------------------------------------------------------- /TASKS/scenario2/variables.tf: -------------------------------------------------------------------------------- 1 | variable "aws_region" { 2 | description = "Region on which resources will be created" 3 | type = string 4 | default = "us-east-1" 5 | } 6 | 7 | variable "az_name" { 8 | description = "Availability Zone name should be region defined in aws_region variable" 9 | type = string 10 | default = "us-east-1a" 11 | } 12 | 13 | variable "ami_name" { 14 | description = "Latest AMI ID on us-east-1" 15 | type = string 16 | default = "ami-0c2b8ca1dad447f8a" 17 | } 18 | 19 | variable "environment" { 20 | description = "Pass env name as per var.inst_type" 21 | type = string 22 | } 23 | 24 | variable "inst_type" { 25 | description = "Instance type used to launch EC2 Instance" 26 | type = map(string) 27 | default = { 28 | "dev" = "t2.micro" 29 | "staging" = "t2.small" 30 | "prod" = "t2.large" 31 | } 32 | } -------------------------------------------------------------------------------- /TASKS/scenario3/REAME.md: -------------------------------------------------------------------------------- 1 | ### Reference: 2 | - [Resource tagging](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/guides/resource-tagging) 3 | - [Datasource subnets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnets) -------------------------------------------------------------------------------- /TASKS/scenario3/provider.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | aws = { 4 | source = "hashicorp/aws" 5 | version = "~>4.0" 6 | } 7 | } 8 | } 9 | 10 | provider "aws" { 11 | # Configuration options 12 | } -------------------------------------------------------------------------------- /TASKS/scenario3/vpc_subnet_tags.tf: -------------------------------------------------------------------------------- 1 | data "aws_subnets" "example" { 2 | filter { 3 | name = "vpc-id" 4 | values = ["vpc-09a642518232ca04b"] 5 | } 6 | } 7 | 8 | resource "aws_ec2_tag" "vpc_tag" { 9 | for_each = toset(data.aws_subnets.example.ids) 10 | resource_id = each.value 11 | key = "Name" 12 | value = "default-subnets" 13 | } 14 | 15 | output "subnet_list" { 16 | value = data.aws_subnets.example.ids 17 | } 18 | 19 | data "aws_network_interfaces" "aws_nic" { 20 | filter { 21 | name = "vpc-id" 22 | values = ["vpc-09a642518232ca04b"] 23 | } 24 | } 25 | 26 | resource "aws_ec2_tag" "vpc_tag" { 27 | for_each = toset(data.aws_network_interfaces.aws_nic.ids) 28 | resource_id = each.value 29 | key = "Name" 30 | value = "default-subnets" 31 | } 32 | 33 | output "example" { 34 | value = data.aws_network_interfaces.aws_nic.ids 35 | } 36 | -------------------------------------------------------------------------------- /TASKS/terraform-manifest-ansible/README.md: -------------------------------------------------------------------------------- 1 | # required_version 2 | - required_version parameter is used to specify required terraform version in our configuration. 3 | - what happens, when terraform required_version value is not matching with current terraform version installed? --> It produces error and exit without taking any further actions. 4 | - What happens when each module specifies required_version? --> requirement of all modules should be satisfied. 5 | - Terraform's resource types are implemented by provider plugins, whose release cycles are independent of Terraform CLI and of each other. 6 | 7 | # required_provider 8 | - required_providers block specifies all of the providers required by the current module, mapping each local provider name to a source address and a version constraint. 9 | - Each Terraform module must declare which providers it requires, so that Terraform can install and use them. 10 | - Downloaded Plugin for specified provider will be saved under following path 11 | - .terraform/providers/plugins/ 12 | - Each Provider has two identifiers: unique source address and local name. 13 | - source address syntax: "\[\\/\]\\/\" 14 | - [Provider](https://www.terraform.io/docs/language/providers/requirements.html) 15 | -------------------------------------------------------------------------------- /TASKS/terraform-manifest-ansible/ami-datasource.tf: -------------------------------------------------------------------------------- 1 | data "aws_ami" "ubuntu_image" { 2 | most_recent = true 3 | owners = ["099720109477"] 4 | 5 | filter { 6 | name = "name" 7 | values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"] 8 | } 9 | 10 | filter { 11 | name = "root-device-type" 12 | values = ["ebs"] 13 | } 14 | 15 | filter { 16 | name = "state" 17 | values = ["available"] 18 | } 19 | 20 | filter { 21 | name = "virtualization-type" 22 | values = ["hvm"] 23 | } 24 | 25 | filter { 26 | name = "architecture" 27 | values = ["x86_64"] 28 | } 29 | 30 | } -------------------------------------------------------------------------------- /TASKS/terraform-manifest-ansible/codecommit.tf: -------------------------------------------------------------------------------- 1 | resource "aws_codecommit_repository" "dev_repo" { 2 | repository_name = var.repo_name 3 | description = "This is the Sample App Repository" 4 | } -------------------------------------------------------------------------------- /TASKS/terraform-manifest-ansible/ebs-volume.tf: -------------------------------------------------------------------------------- 1 | resource "aws_ebs_volume" "ec2-volume" { 2 | availability_zone = var.az_name 3 | size = 30 4 | type = "gp2" #deafult 5 | 6 | tags = { 7 | Name = "sudheer-demo" 8 | } 9 | } 10 | 11 | resource "aws_volume_attachment" "name" { 12 | device_name = "/dev/sdd" 13 | volume_id = aws_ebs_volume.ec2-volume.id 14 | instance_id = aws_instance.web.id 15 | } -------------------------------------------------------------------------------- /TASKS/terraform-manifest-ansible/instance.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "web" { 2 | ami = "${data.aws_ami.ubuntu_image.id}" 3 | instance_type = var.inst_type 4 | availability_zone = var.az_name 5 | associate_public_ip_address = true 6 | key_name = "awsdemokey" 7 | vpc_security_group_ids = [aws_security_group.allow_http_ssh.id] 8 | user_data = < It produces error and exit without taking any further actions. 4 | - What happens when each module specifies required_version? --> requirement of all modules should be satisfied. 5 | - Terraform's resource types are implemented by provider plugins, whose release cycles are independent of Terraform CLI and of each other. 6 | 7 | # required_provider 8 | - required_providers block specifies all of the providers required by the current module, mapping each local provider name to a source address and a version constraint. 9 | - Each Terraform module must declare which providers it requires, so that Terraform can install and use them. 10 | - Downloaded Plugin for specified provider will be saved under following path 11 | - .terraform/providers/plugins/ 12 | - Each Provider has two identifiers: unique source address and local name. 13 | - source address syntax: "\[\\/\]\\/\" 14 | - [Provider](https://www.terraform.io/docs/language/providers/requirements.html) 15 | -------------------------------------------------------------------------------- /TASKS/terraform-manifest-demo0/ami-datasource.tf: -------------------------------------------------------------------------------- 1 | data "aws_ami" "ubuntu_image" { 2 | most_recent = true 3 | owners = ["099720109477"] 4 | 5 | filter { 6 | name = "name" 7 | values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"] 8 | } 9 | 10 | filter { 11 | name = "root-device-type" 12 | values = ["ebs"] 13 | } 14 | 15 | filter { 16 | name = "state" 17 | values = ["available"] 18 | } 19 | 20 | filter { 21 | name = "virtualization-type" 22 | values = ["hvm"] 23 | } 24 | 25 | filter { 26 | name = "architecture" 27 | values = ["x86_64"] 28 | } 29 | 30 | } -------------------------------------------------------------------------------- /TASKS/terraform-manifest-demo0/ebs-volume.tf: -------------------------------------------------------------------------------- 1 | resource "aws_ebs_volume" "ec2-volume" { 2 | availability_zone = var.az_name 3 | size = 30 4 | type = "gp2" #deafult 5 | 6 | tags = { 7 | Name = "sudheer-demo" 8 | } 9 | } 10 | 11 | resource "aws_volume_attachment" "name" { 12 | device_name = "/dev/sdd" 13 | volume_id = aws_ebs_volume.ec2-volume.id 14 | instance_id = aws_instance.web.id 15 | } -------------------------------------------------------------------------------- /TASKS/terraform-manifest-demo0/instance.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "web" { 2 | ami = "${data.aws_ami.ubuntu_image.id}" //ami-0c2b8ca1dad447f8a 3 | instance_type = var.inst_type 4 | availability_zone = var.az_name 5 | associate_public_ip_address = true 6 | key_name = "sudhams_virginia_demo" 7 | vpc_security_group_ids = [aws_security_group.allow_http_ssh.id] 8 | user_data = <Welcome to Terraform Intrastructure Automation on AWS" > /var/www/html/index.html 15 | echo "

Welcome to Terraform Intrastructure Automation on AWS

" > /usr/share/nginx/html/index.html 16 | EOF 17 | 18 | tags = { 19 | Name = "WebApp-terraform" 20 | } 21 | } -------------------------------------------------------------------------------- /TASKS/terraform-manifest-demo0/provider.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | aws = { 4 | source = "hashicorp/aws" 5 | version = "~> 3.0" 6 | } 7 | } 8 | } 9 | provider "aws" { 10 | region = var.aws_region 11 | profile = "default" 12 | } -------------------------------------------------------------------------------- /TASKS/terraform-manifest-demo0/security-group-rules.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group_rule" "ingress_ssh" { 2 | type = "ingress" 3 | from_port = 22 4 | to_port = 22 5 | protocol = "tcp" 6 | cidr_blocks = ["0.0.0.0/0"] 7 | security_group_id = aws_security_group.allow_http_ssh.id 8 | } 9 | 10 | resource "aws_security_group_rule" "ingress_http" { 11 | type = "ingress" 12 | from_port = 80 13 | to_port = 80 14 | protocol = "tcp" 15 | cidr_blocks = ["0.0.0.0/0"] 16 | security_group_id = aws_security_group.allow_http_ssh.id 17 | } 18 | 19 | resource "aws_security_group_rule" "egress_allow_all" { 20 | type = "egress" 21 | to_port = 0 22 | protocol = "-1" 23 | from_port = 0 24 | cidr_blocks = ["0.0.0.0/0"] 25 | security_group_id = aws_security_group.allow_http_ssh.id 26 | } -------------------------------------------------------------------------------- /TASKS/terraform-manifest-demo0/ssecurity-groups.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "allow_http_ssh" { 2 | name = "allow-http-ssh" 3 | description = "Allow Ingress rules to allow SSH and HTTP connections" 4 | } -------------------------------------------------------------------------------- /TASKS/terraform-manifest-demo0/variables.tf: -------------------------------------------------------------------------------- 1 | variable "aws_region" { 2 | description = "Region on which resources will be created" 3 | type = string 4 | default = "us-east-1" 5 | } 6 | variable "az_name" { 7 | description = "Availability Zone name" 8 | type = string 9 | default = "us-east-1a" 10 | } 11 | variable "inst_type" { 12 | description = "Instance type used to launch EC2 Instance" 13 | type = string 14 | default = "t2.micro" 15 | } -------------------------------------------------------------------------------- /TASKS/terraform-manifest-demo1/igw.tf: -------------------------------------------------------------------------------- 1 | /* 2 | It's recommended to denote that the AWS Instance or Elastic IP depends on the Internet Gateway. 3 | */ 4 | resource "aws_internet_gateway" "demo-igw" { 5 | vpc_id = aws_vpc.demo-vpc.id 6 | 7 | tags = { 8 | Name = "DEMO-IGW" 9 | } 10 | } -------------------------------------------------------------------------------- /TASKS/terraform-manifest-demo1/instance.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "web" { 2 | ami = var.ami_name //ami-0c2b8ca1dad447f8a 3 | instance_type = var.inst_type 4 | count = var.inst_count 5 | key_name = "sudhams_virginia_demo" 6 | user_data = file("nginx-install.sh") 7 | vpc_security_group_ids = [aws_security_group.allow_tls_ssh.id] 8 | subnet_id = aws_subnet.demo-subnet-public.id 9 | associate_public_ip_address = true 10 | 11 | tags = { 12 | Name = "WebApp-terraform" 13 | } 14 | } -------------------------------------------------------------------------------- /TASKS/terraform-manifest-demo1/nginx-install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | sudo apt update 3 | sudo apt install nginx -y 4 | sudo systemctl enable nginx 5 | sudo systemctl start nginx 6 | echo "

Nginx was deployed successful using terraform on $(hostname -f)

" > /usr/share/nginx/html/index.html 7 | echo "

Nginx was deployed successful using terraform on $(hostname -f)

" > /var/www/html/index.html -------------------------------------------------------------------------------- /TASKS/terraform-manifest-demo1/output.tf: -------------------------------------------------------------------------------- 1 | output "ec2_instance_private_ip" { 2 | value = aws_instance.web.private_ip 3 | description = "EC2 instance Private IP address" 4 | } 5 | 6 | output "ec2_instance_public_ip" { 7 | value = aws_instance.web.public_ip 8 | description = "EC2 instance Public IP address" 9 | } 10 | 11 | output "ec2_instance_public_dns" { 12 | value = "http://${aws_instance.web.public_dns}" 13 | description = "EC2 instance Private DNS name" 14 | #sensitive = true 15 | } -------------------------------------------------------------------------------- /TASKS/terraform-manifest-demo1/provider.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | #required_version = "= 1.0.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 3.0" 7 | } 8 | } 9 | } 10 | provider "aws" { 11 | region = var.aws_region 12 | profile = "default" 13 | } -------------------------------------------------------------------------------- /TASKS/terraform-manifest-demo1/route-table.tf: -------------------------------------------------------------------------------- 1 | resource "aws_route_table" "public-route-table" { 2 | vpc_id = aws_vpc.demo-vpc.id 3 | 4 | tags = { 5 | Name = "public-route" 6 | } 7 | } 8 | 9 | resource "aws_route_table" "private-route-table" { 10 | vpc_id = aws_vpc.demo-vpc.id 11 | 12 | tags = { 13 | Name = "private-route" 14 | } 15 | } 16 | 17 | resource "aws_route" "pulic-route" { 18 | route_table_id = aws_route_table.public-route-table.id 19 | destination_cidr_block = "0.0.0.0/0" 20 | gateway_id = aws_internet_gateway.demo-igw.id 21 | depends_on = [aws_internet_gateway.demo-igw] 22 | } 23 | 24 | resource "aws_route_table_association" "public_rt_assoc" { 25 | subnet_id = aws_subnet.demo-subnet-public.id 26 | route_table_id = aws_route_table.public-route-table.id 27 | } 28 | 29 | resource "aws_route_table_association" "private_rt_assoc" { 30 | subnet_id = aws_subnet.demo-subnet-private.id 31 | route_table_id = aws_route_table.private-route-table.id 32 | } -------------------------------------------------------------------------------- /TASKS/terraform-manifest-demo1/security-group-rules.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group_rule" "ingress_rules" { 2 | type = "ingress" 3 | from_port = 0 4 | to_port = 65535 5 | protocol = "tcp" 6 | cidr_blocks = ["0.0.0.0/0"] 7 | security_group_id = aws_security_group.allow_tls_ssh.id 8 | } 9 | 10 | resource "aws_security_group_rule" "egress_allow_all" { 11 | type = "egress" 12 | to_port = 0 13 | protocol = "-1" 14 | from_port = 0 15 | cidr_blocks = ["0.0.0.0/0"] 16 | security_group_id = aws_security_group.allow_tls_ssh.id 17 | } -------------------------------------------------------------------------------- /TASKS/terraform-manifest-demo1/security-group.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "allow_tls_ssh" { 2 | name = "allow_tls_ssh" 3 | description = "Allow TLS and SSH inbound traffic" 4 | vpc_id = aws_vpc.demo-vpc.id 5 | 6 | tags = { 7 | Name = "DEMO-SG" 8 | } 9 | } -------------------------------------------------------------------------------- /TASKS/terraform-manifest-demo1/subnet.tf: -------------------------------------------------------------------------------- 1 | resource "aws_subnet" "demo-subnet-public" { 2 | vpc_id = aws_vpc.demo-vpc.id 3 | cidr_block = "10.244.1.0/24" 4 | 5 | tags = { 6 | Name = "DEMO-SUBNET-PUBLIC" 7 | } 8 | } 9 | 10 | resource "aws_subnet" "demo-subnet-private" { 11 | vpc_id = aws_vpc.demo-vpc.id 12 | cidr_block = "10.244.2.0/24" 13 | 14 | tags = { 15 | Name = "DEMO-SUBNET-PRIVATE" 16 | } 17 | } 18 | 19 | resource "aws_subnet" "in_secondary_cidr" { 20 | vpc_id = aws_vpc_ipv4_cidr_block_association.secondary_cidr.vpc_id 21 | cidr_block = "172.10.0.0/24" 22 | } -------------------------------------------------------------------------------- /TASKS/terraform-manifest-demo1/variables.tf: -------------------------------------------------------------------------------- 1 | variable "aws_region" { 2 | description = "Region on which resources will be created" 3 | type = string 4 | default = "us-east-1" 5 | } 6 | variable "az_name" { 7 | description = "Availability Zone name" 8 | type = string 9 | default = "us-east-1a" 10 | } 11 | variable "ami_name" { 12 | description = "Latest AMI ID on us-east-1" 13 | type = string 14 | default = "ami-09e67e426f25ce0d7" #Ubuntu 20.04 LTS Free tier 15 | } 16 | variable "inst_type" { 17 | description = "Instance type used to launch EC2 Instance" 18 | type = string 19 | default = "t2.small" 20 | } 21 | variable "inst_count" { 22 | description = "No of EC2 instances that need to launched" 23 | type = number 24 | default = 1 25 | } -------------------------------------------------------------------------------- /TASKS/terraform-manifest-demo1/vpc.tf: -------------------------------------------------------------------------------- 1 | resource "aws_vpc" "demo-vpc" { 2 | cidr_block = "10.244.0.0/16" 3 | enable_dns_hostnames = "true" 4 | instance_tenancy = "default" 5 | 6 | tags = { 7 | Name = "DEMO-VPC" 8 | } 9 | } 10 | 11 | resource "aws_vpc_ipv4_cidr_block_association" "secondary_cidr" { 12 | vpc_id = aws_vpc.demo-vpc.id 13 | cidr_block = "172.10.0.0/16" 14 | } -------------------------------------------------------------------------------- /TASKS/terraform-manifest-demo2/igw.tf: -------------------------------------------------------------------------------- 1 | /* 2 | It's recommended to denote that the AWS Instance or Elastic IP depends on the Internet Gateway. 3 | */ 4 | resource "aws_internet_gateway" "demo-igw" { 5 | vpc_id = aws_vpc.demo-vpc.id 6 | 7 | tags = { 8 | Name = "DEMO-IGW" 9 | } 10 | } -------------------------------------------------------------------------------- /TASKS/terraform-manifest-demo2/instance.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "web" { 2 | count = length(local.public_subnets) 3 | ami = var.ami_name //ami-0c2b8ca1dad447f8a 4 | instance_type = var.inst_type 5 | key_name = "sudhams_virginia_demo" 6 | user_data = file("nginx-install.sh") 7 | vpc_security_group_ids = [aws_security_group.allow_tls_ssh.id] 8 | subnet_id = element(aws_subnet.demo-subnet-public.*.id, count.index) 9 | associate_public_ip_address = true 10 | 11 | tags = var.tag_name 12 | 13 | } -------------------------------------------------------------------------------- /TASKS/terraform-manifest-demo2/nginx-install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | sudo apt update 3 | sudo apt install nginx -y 4 | sudo systemctl enable nginx 5 | sudo systemctl start nginx 6 | echo "

Nginx was deployed successful using terraform on $(hostname -f)

" > /usr/share/nginx/html/index.html 7 | echo "

Nginx was deployed successful using terraform on $(hostname -f)

" > /var/www/html/index.html -------------------------------------------------------------------------------- /TASKS/terraform-manifest-demo2/output.tf: -------------------------------------------------------------------------------- 1 | output "ec2_instance_private_ip" { 2 | value = aws_instance.web.*.private_ip 3 | description = "EC2 instance Private IP address" 4 | } 5 | 6 | output "ec2_instance_public_ip" { 7 | value = aws_instance.web.*.public_ip 8 | description = "EC2 instance Public IP address" 9 | } -------------------------------------------------------------------------------- /TASKS/terraform-manifest-demo2/provider.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | #required_version = "= 1.0.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 3.0" 7 | } 8 | } 9 | } 10 | provider "aws" { 11 | region = var.aws_region 12 | profile = "default" 13 | } -------------------------------------------------------------------------------- /TASKS/terraform-manifest-demo2/route-table.tf: -------------------------------------------------------------------------------- 1 | resource "aws_route_table" "public-route-table" { 2 | vpc_id = aws_vpc.demo-vpc.id 3 | 4 | tags = { 5 | Name = "public-route" 6 | } 7 | } 8 | 9 | resource "aws_route_table" "private-route-table" { 10 | vpc_id = aws_vpc.demo-vpc.id 11 | 12 | tags = { 13 | Name = "private-route" 14 | } 15 | } 16 | 17 | resource "aws_route" "public-route" { 18 | route_table_id = aws_route_table.public-route-table.id 19 | destination_cidr_block = "0.0.0.0/0" 20 | gateway_id = aws_internet_gateway.demo-igw.id 21 | depends_on = [aws_internet_gateway.demo-igw] 22 | } 23 | 24 | resource "aws_route_table_association" "public_rt_assoc" { 25 | count = length(local.public_subnets) 26 | subnet_id = element(aws_subnet.demo-subnet-public.*.id, count.index) 27 | route_table_id = aws_route_table.public-route-table.id 28 | } 29 | 30 | resource "aws_route_table_association" "private_rt_assoc" { 31 | count = length(local.private_subnets) 32 | subnet_id = element(aws_subnet.demo-subnet-private.*.id, count.index) 33 | route_table_id = aws_route_table.private-route-table.id 34 | } -------------------------------------------------------------------------------- /TASKS/terraform-manifest-demo2/security-group-rules.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group_rule" "ingress_rules" { 2 | type = "ingress" 3 | from_port = 0 4 | to_port = 65535 5 | protocol = "tcp" 6 | cidr_blocks = ["0.0.0.0/0"] 7 | security_group_id = aws_security_group.allow_tls_ssh.id 8 | } 9 | 10 | resource "aws_security_group_rule" "egress_allow_all" { 11 | type = "egress" 12 | to_port = 0 13 | protocol = "-1" 14 | from_port = 0 15 | cidr_blocks = ["0.0.0.0/0"] 16 | security_group_id = aws_security_group.allow_tls_ssh.id 17 | } -------------------------------------------------------------------------------- /TASKS/terraform-manifest-demo2/security-group.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "allow_tls_ssh" { 2 | name = "allow_tls_ssh" 3 | description = "Allow TLS and SSH inbound traffic" 4 | vpc_id = aws_vpc.demo-vpc.id 5 | 6 | tags = { 7 | Name = "DEMO-SG" 8 | } 9 | } -------------------------------------------------------------------------------- /TASKS/terraform-manifest-demo2/subnet.tf: -------------------------------------------------------------------------------- 1 | resource "aws_subnet" "demo-subnet-public" { 2 | count = length(local.public_subnets) 3 | vpc_id = aws_vpc.demo-vpc.id 4 | cidr_block = element(values(local.public_subnets), count.index) 5 | map_public_ip_on_launch = true 6 | availability_zone = element(keys(local.public_subnets), count.index) 7 | 8 | tags = var.tag_name 9 | } 10 | 11 | resource "aws_subnet" "demo-subnet-private" { 12 | count = length(local.private_subnets) 13 | vpc_id = aws_vpc.demo-vpc.id 14 | cidr_block = element(values(local.private_subnets), count.index) 15 | map_public_ip_on_launch = true 16 | availability_zone = element(keys(local.private_subnets), count.index) 17 | 18 | tags = var.tag_name 19 | } -------------------------------------------------------------------------------- /TASKS/terraform-manifest-demo2/variables.tf: -------------------------------------------------------------------------------- 1 | variable "tag_name" { 2 | description = "Common Tag for all services handled from this root module" 3 | type = map(string) 4 | default = { 5 | Name = "Demo-Application" 6 | Env = "WebApplication" 7 | } 8 | } 9 | variable "aws_region" { 10 | description = "Region on which resources will be created" 11 | type = string 12 | default = "us-east-1" 13 | } 14 | variable "az_name" { 15 | description = "Availability Zone name" 16 | type = string 17 | default = "us-east-1a" 18 | } 19 | variable "vpc_cidr" { 20 | description = "VPC CIDR for demo application" 21 | type = string 22 | default = "10.244.0.0/16" 23 | } 24 | locals { 25 | public_subnets = { 26 | "${var.aws_region}a" = "10.244.1.0/24" 27 | "${var.aws_region}b" = "10.244.2.0/24" 28 | "${var.aws_region}c" = "10.244.3.0/24" 29 | } 30 | private_subnets = { 31 | "${var.aws_region}a" = "10.244.4.0/24" 32 | "${var.aws_region}b" = "10.244.5.0/24" 33 | "${var.aws_region}c" = "10.244.6.0/24" 34 | } 35 | } 36 | variable "ami_name" { 37 | description = "Latest AMI ID on us-east-1" 38 | type = string 39 | default = "ami-09e67e426f25ce0d7" #Ubuntu 20.04 LTS Free tier 40 | } 41 | variable "inst_type" { 42 | description = "Instance type used to launch EC2 Instance" 43 | type = string 44 | default = "t2.small" 45 | } 46 | variable "inst_count" { 47 | description = "No of EC2 instances that need to launched" 48 | type = number 49 | default = 1 50 | } -------------------------------------------------------------------------------- /TASKS/terraform-manifest-demo2/vpc.tf: -------------------------------------------------------------------------------- 1 | resource "aws_vpc" "demo-vpc" { 2 | cidr_block = var.vpc_cidr 3 | enable_dns_hostnames = "true" 4 | instance_tenancy = "default" 5 | 6 | tags = { 7 | Name = "DEMO-VPC" 8 | } 9 | } -------------------------------------------------------------------------------- /TASKS/terraform-manifest-demo3/README.md: -------------------------------------------------------------------------------- 1 | ## References 2 | - [S3 Policy Examples](https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html) -------------------------------------------------------------------------------- /TASKS/terraform-manifest-demo3/output.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/devopsyuva/terraform-deep-dive/3d4d77bb49322123cc9ed65c8e0e9d74e0b86a78/TASKS/terraform-manifest-demo3/output.tf -------------------------------------------------------------------------------- /TASKS/terraform-manifest-demo3/policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version":"2012-10-17", 3 | "Statement":[ 4 | { 5 | "Sid":"PublicReadGetObject", 6 | "Effect":"Allow", 7 | "Principal": "*", 8 | "Action":["s3:GetObject","s3:GetObjectVersion"], 9 | "Resource":["arn:aws:s3:::sudheer-demo-static/*"] 10 | } 11 | ] 12 | } -------------------------------------------------------------------------------- /TASKS/terraform-manifest-demo3/provider.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | #required_version = "= 1.0.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 3.0" 7 | } 8 | } 9 | } 10 | provider "aws" { 11 | region = var.aws_region 12 | profile = "default" 13 | } -------------------------------------------------------------------------------- /TASKS/terraform-manifest-demo3/v1-s3-bucket.tf: -------------------------------------------------------------------------------- 1 | resource "aws_s3_bucket" "name" { 2 | bucket = var.bucket_name 3 | acl = "public-read" 4 | policy = file("policy.json") 5 | versioning { 6 | enabled = true 7 | } 8 | website { 9 | index_document = "index.html" 10 | error_document = "error.html" 11 | } 12 | tags = local.common_tags 13 | } -------------------------------------------------------------------------------- /TASKS/terraform-manifest-demo3/v2-s3-bucket.tf: -------------------------------------------------------------------------------- 1 | resource "aws_s3_bucket" "name" { 2 | bucket = var.bucket_name 3 | acl = "public-read" 4 | policy = < https://blog.gruntwork.io/terraform-tips-tricks-loops-if-statements-and-gotchas-f739bbae55f9 4 | # TO do practical demo --> https://blog.gruntwork.io/a-comprehensive-guide-to-managing-secrets-in-your-terraform-code-1d586955ace1 5 | # TFSwitch 6 | # TFLint 7 | # Terraform-docs 8 | # Checkov 9 | # Infracost 10 | ## Reference --> https://betterprogramming.pub/5-essential-terraform-tools-to-use-everyday-e910a96e70d9 11 | -------------------------------------------------------------------------------- /TODO/Sentinel: -------------------------------------------------------------------------------- 1 | https://www.terraform.io/docs/cloud/sentinel/examples.html -------------------------------------------------------------------------------- /Terragrunt/Configuration/README.md: -------------------------------------------------------------------------------- 1 | # Terragrunt Configuration File 2 | - Terragrunt configuration ends with ".hcl" extension 3 | - It uses same as HCL (Hashicorp Configuration Launguage) syntax uses in Terraform, so it is easy to understand 4 | - Terragrunt supports "JSON-serialized HCL" as well, where we can use "terragrunt.hcl.json" as extension 5 | - As mentioned below, Terragrunt will identify the path of configuration files bases on rules mentioned below: 6 | - command-line argument 7 | - environment variable 8 | - current working directory 9 | - JSON files in current working directory 10 | 11 | ## Configuration execution order 12 | - include block 13 | - locals block 14 | - iam_role, iam_assume_role_duration, and iam_assume_role_session_time 15 | - dependencies block 16 | - dependency block 17 | - followed by rest of the blocks 18 | 19 | ## Formatting Configuration files 20 | - Terragrunt configuration files can be rewritten to canonical format using "hclfmt" 21 | - Command #terragrunt hclfmt will rewite the file. If not needed, just pass "--terragrunt-check" to the command 22 | - It is similar to what we do in Terraform to format configuration files #terraform fmt 23 | - Terragrunt picks the files in working directory, as well as other configuration files in recursive order in working directory 24 | - command to format configuration files to canonical format #terragrunt hclfmt 25 | 26 | ## tree view of Terragrunt configuration files in recursive order for formatting 27 | ``` 28 | ``` -------------------------------------------------------------------------------- /Terragrunt/Configuration/dependencies-block.hcl: -------------------------------------------------------------------------------- 1 | # When applying this terragrunt config in an `run-all` command, make sure the modules at "../vpc" 2 | # and "../rds/mysql" are handled first. 3 | dependencies { 4 | paths = ["../vpc", "../rds/mysql"] 5 | } -------------------------------------------------------------------------------- /Terragrunt/Configuration/generate-block.hcl: -------------------------------------------------------------------------------- 1 | # When using this terragrunt config, terragrunt will generate the file "provider.tf" 2 | # with the aws provider block before calling to terraform. 3 | # Note that this will overwrite the `provider.tf` file if it already exists. 4 | generate "provider" { 5 | path = "provider.tf" 6 | if_exists = "overwrite" 7 | contents = <Nginx was deployed successful using terraform $(hostname -f)" > /usr/share/nginx/html/index.html 7 | echo "

Nginx was deployed successful using terraform $(hostname -f)

" > /var/www/html/index.html -------------------------------------------------------------------------------- /aws-eks-cluster/provider.tf: -------------------------------------------------------------------------------- 1 | # Terraform AWS provider 2 | terraform { 3 | required_version = ">= 1.0.3" 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = "~> 3.0" 8 | } 9 | } 10 | } 11 | provider "aws" { 12 | region = "us-east-1" 13 | profile = "default" 14 | } -------------------------------------------------------------------------------- /aws-eks-cluster/route.tf: -------------------------------------------------------------------------------- 1 | resource "aws_route_table" "public_route_table" { 2 | vpc_id = aws_vpc.my_vpc.id 3 | 4 | tags = { 5 | Name = "Public-Route" 6 | } 7 | } 8 | 9 | resource "aws_route_table" "private_route_table" { 10 | vpc_id = aws_vpc.my_vpc.id 11 | 12 | tags = { 13 | Name = "Private-Route" 14 | } 15 | } 16 | 17 | resource "aws_route" "pulic-route" { 18 | route_table_id = aws_route_table.public_route_table.id 19 | destination_cidr_block = "0.0.0.0/0" 20 | gateway_id = aws_internet_gateway.igw.id 21 | depends_on = [aws_internet_gateway.igw] 22 | } 23 | 24 | resource "aws_route_table_association" "public_rt_assoc" { 25 | subnet_id = aws_subnet.public_subnet.id 26 | route_table_id = aws_route_table.public_route_table.id 27 | } 28 | 29 | resource "aws_route_table_association" "private_rt_assoc" { 30 | subnet_id = aws_subnet.private_subnet.id 31 | route_table_id = aws_route_table.private_route_table.id 32 | } -------------------------------------------------------------------------------- /aws-eks-cluster/security-group-rules.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group_rule" "ingress_ssh" { 2 | type = "ingress" 3 | from_port = 22 4 | to_port = 22 5 | protocol = "tcp" 6 | cidr_blocks = ["0.0.0.0/0"] 7 | security_group_id = aws_security_group.allow_http_ssh.id 8 | } 9 | 10 | resource "aws_security_group_rule" "ingress_http" { 11 | type = "ingress" 12 | from_port = 80 13 | to_port = 80 14 | protocol = "tcp" 15 | cidr_blocks = ["0.0.0.0/0"] 16 | security_group_id = aws_security_group.allow_http_ssh.id 17 | } 18 | 19 | resource "aws_security_group_rule" "egress_allow_all" { 20 | type = "egress" 21 | to_port = 0 22 | protocol = "-1" 23 | from_port = 0 24 | cidr_blocks = ["0.0.0.0/0"] 25 | security_group_id = aws_security_group.allow_http_ssh.id 26 | } -------------------------------------------------------------------------------- /aws-eks-cluster/security-group.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "allow_http_ssh" { 2 | name = "allow-http-ssh" 3 | description = "Allow Ingress rules to allow SSH and HTTP connections" 4 | vpc_id = aws_vpc.my_vpc.id 5 | } -------------------------------------------------------------------------------- /aws-eks-cluster/ssh-key-pair.tf: -------------------------------------------------------------------------------- 1 | resource "aws_key_pair" "ssh_key" { 2 | key_name = "terraform-demo" 3 | public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCsk9j1kbTCfdH4lbgbYMYf2sVlr3xEiMpYBBkO8d4NO78aTYjWeTwIQcDcawdSCohsEn3VqpHuOgQGgZVI3UKwnlqGhM3h5B76wt7jDY2XsYSFWyyeOSLzSxSEnqofrE4oxpAtTXHVW8ZYDrprupan/jWoPFH5+w8nv08ooAM5aE+eo76NUBiihUc7aB9I5ZyyH/vOZLqwyUH0XuXN4sQAK1c9Zw0ML68h/iGLr59JLjVXfLTp5on1VNZHBFXMdPbuvg53ougGetq1B/Ft6tI6nm7QeHVj9PIByxBLU8H4ytrPlus8f1AteMa48uJVPhpU7pOVZAvw81+//cvxb8bHzXWSuNDuSGwkAhF9GG70L8bEzjO0Wo05dxv10WMaWcmsf2XzdIfc7aDal/4LaJC95nG7dnTcQgMPwc1U/zGoqciqHxhKAhB4tOR5VQwwcPHcr5igB8QIgGsm0ueTLmeE1jcEisDdCkwLyrCKn4Ve43IsVKCWmmk39jRwWPctPSU= root@terraformworkstationdemo" 4 | } -------------------------------------------------------------------------------- /aws-eks-cluster/subnets.tf: -------------------------------------------------------------------------------- 1 | resource "aws_subnet" "publicsubnet01block" { 2 | vpc_id = aws_vpc.vpc_eks.id 3 | cidr_block = "192.168.0.0/18" 4 | map_public_ip_on_launch = "true" 5 | availability_zone = "us-east-1a" 6 | 7 | tags = { 8 | Name = "PublicSubnet01Block" 9 | } 10 | } 11 | 12 | resource "aws_subnet" "privatesubnet01block" { 13 | vpc_id = aws_vpc.vpc_eks.id 14 | cidr_block = "192.168.128.0/18" 15 | availability_zone = "us-east-1a" 16 | 17 | tags = { 18 | Name = "PrivateSubnet01Block" 19 | } 20 | } 21 | 22 | resource "aws_subnet" "publicsubnet02block" { 23 | vpc_id = aws_vpc.vpc_eks.id 24 | cidr_block = "192.168.64.0/18" 25 | map_public_ip_on_launch = "true" 26 | availability_zone = "us-east-1b" 27 | 28 | tags = { 29 | Name = "PublicSubnet01Block" 30 | } 31 | } 32 | 33 | resource "aws_subnet" "privatesubnet02block" { 34 | vpc_id = aws_vpc.vpc_eks.id 35 | cidr_block = "192.168.192.0/18" 36 | availability_zone = "us-east-1b" 37 | 38 | tags = { 39 | Name = "PrivateSubnet02Block" 40 | } 41 | } -------------------------------------------------------------------------------- /aws-eks-cluster/vpc.tf: -------------------------------------------------------------------------------- 1 | resource "aws_vpc" "vpc_eks" { 2 | cidr_block = "192.168.0.0/16" 3 | enable_dns_hostnames = "true" 4 | 5 | tags = { 6 | Name = "eks-network" 7 | } 8 | } -------------------------------------------------------------------------------- /src/images/Jenkins-terraform-1.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/devopsyuva/terraform-deep-dive/3d4d77bb49322123cc9ed65c8e0e9d74e0b86a78/src/images/Jenkins-terraform-1.PNG -------------------------------------------------------------------------------- /src/images/different-IaC.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/devopsyuva/terraform-deep-dive/3d4d77bb49322123cc9ed65c8e0e9d74e0b86a78/src/images/different-IaC.PNG -------------------------------------------------------------------------------- /src/images/jenkins-approve-discard.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/devopsyuva/terraform-deep-dive/3d4d77bb49322123cc9ed65c8e0e9d74e0b86a78/src/images/jenkins-approve-discard.PNG -------------------------------------------------------------------------------- /src/images/terraform-apply.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/devopsyuva/terraform-deep-dive/3d4d77bb49322123cc9ed65c8e0e9d74e0b86a78/src/images/terraform-apply.PNG -------------------------------------------------------------------------------- /src/images/terraform-cloud-vcs.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/devopsyuva/terraform-deep-dive/3d4d77bb49322123cc9ed65c8e0e9d74e0b86a78/src/images/terraform-cloud-vcs.png -------------------------------------------------------------------------------- /src/images/terraform-flow-aws.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/devopsyuva/terraform-deep-dive/3d4d77bb49322123cc9ed65c8e0e9d74e0b86a78/src/images/terraform-flow-aws.png -------------------------------------------------------------------------------- /src/images/terraform-flow-azure.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/devopsyuva/terraform-deep-dive/3d4d77bb49322123cc9ed65c8e0e9d74e0b86a78/src/images/terraform-flow-azure.png -------------------------------------------------------------------------------- /src/images/terraform-import-workflow-diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/devopsyuva/terraform-deep-dive/3d4d77bb49322123cc9ed65c8e0e9d74e0b86a78/src/images/terraform-import-workflow-diagram.png -------------------------------------------------------------------------------- /src/images/terraform-meta-arguments.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/devopsyuva/terraform-deep-dive/3d4d77bb49322123cc9ed65c8e0e9d74e0b86a78/src/images/terraform-meta-arguments.png -------------------------------------------------------------------------------- /src/images/terraform-plan.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/devopsyuva/terraform-deep-dive/3d4d77bb49322123cc9ed65c8e0e9d74e0b86a78/src/images/terraform-plan.PNG -------------------------------------------------------------------------------- /src/images/terraform-state-remote-locking.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/devopsyuva/terraform-deep-dive/3d4d77bb49322123cc9ed65c8e0e9d74e0b86a78/src/images/terraform-state-remote-locking.png -------------------------------------------------------------------------------- /src/images/terraform-state-remote-remote.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/devopsyuva/terraform-deep-dive/3d4d77bb49322123cc9ed65c8e0e9d74e0b86a78/src/images/terraform-state-remote-remote.png -------------------------------------------------------------------------------- /src/images/terraform-state-remote.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/devopsyuva/terraform-deep-dive/3d4d77bb49322123cc9ed65c8e0e9d74e0b86a78/src/images/terraform-state-remote.png -------------------------------------------------------------------------------- /src/images/terraform-variables.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/devopsyuva/terraform-deep-dive/3d4d77bb49322123cc9ed65c8e0e9d74e0b86a78/src/images/terraform-variables.png -------------------------------------------------------------------------------- /src/images/terraform-workflow.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/devopsyuva/terraform-deep-dive/3d4d77bb49322123cc9ed65c8e0e9d74e0b86a78/src/images/terraform-workflow.png -------------------------------------------------------------------------------- /src/images/terraform_write.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/devopsyuva/terraform-deep-dive/3d4d77bb49322123cc9ed65c8e0e9d74e0b86a78/src/images/terraform_write.PNG -------------------------------------------------------------------------------- /src/images/windows-aws-cli.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/devopsyuva/terraform-deep-dive/3d4d77bb49322123cc9ed65c8e0e9d74e0b86a78/src/images/windows-aws-cli.PNG -------------------------------------------------------------------------------- /src/images/windows-terraform-install0.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/devopsyuva/terraform-deep-dive/3d4d77bb49322123cc9ed65c8e0e9d74e0b86a78/src/images/windows-terraform-install0.PNG -------------------------------------------------------------------------------- /src/images/windows-terraform-install1.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/devopsyuva/terraform-deep-dive/3d4d77bb49322123cc9ed65c8e0e9d74e0b86a78/src/images/windows-terraform-install1.PNG -------------------------------------------------------------------------------- /src/images/windows-terraform-install2.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/devopsyuva/terraform-deep-dive/3d4d77bb49322123cc9ed65c8e0e9d74e0b86a78/src/images/windows-terraform-install2.PNG --------------------------------------------------------------------------------