├── .DS_Store ├── .gitignore ├── LICENSE ├── README.md ├── terraform-aws-ansible-engine ├── .gitignore ├── .terraform.lock.hcl ├── README.md ├── ansible-engine.tf ├── ansible.cfg ├── engine-config.yaml ├── main.tf ├── security_group.tf ├── user-data-ansible-engine.sh ├── user-data-ansible-nodes.sh └── variables.tf ├── terraform-aws-ansible-lab ├── .gitignore ├── .terraform.lock.hcl ├── README.md ├── ansible-engine.tf ├── ansible-nodes.tf ├── ansible.cfg ├── engine-config.yaml ├── main.tf ├── security_group.tf ├── user-data-ansible-engine.sh ├── user-data-ansible-nodes.sh └── variables.tf ├── terraform-aws-ec2-single ├── .gitignore ├── .terraform.lock.hcl ├── README.md ├── ansible.cfg ├── ec2.tf ├── main.tf ├── security_group.tf └── variables.tf ├── terraform-aws-for_each ├── README.md ├── app │ ├── aap-s3.tf │ ├── app-ec2.tf │ ├── output.tf │ └── variables.tf ├── aws-ec2-keypair.tf ├── aws-infra-setup.tf ├── aws-internet-gw-attach.tf ├── aws-internet-gw.tf ├── aws-route-table-association.tf ├── aws-route-table.tf ├── aws-routes.tf ├── aws-security_group.tf ├── aws-vpc-endpoints.tf ├── aws-vpc-subnets.tf ├── aws-vpc.tf ├── main.tf ├── output.tf └── variables.tf ├── terraform-aws-openlab ├── README.md ├── aap │ ├── aap-s3.tf │ ├── ec2-aap.tf │ ├── output.tf │ └── variables.tf ├── aws-ec2-keypair.tf ├── aws-infra-setup.tf ├── aws-internet-gw-attach.tf ├── aws-internet-gw.tf ├── aws-route-table-association.tf ├── aws-route-table.tf ├── aws-routes.tf ├── aws-security_group.tf ├── aws-vpc-endpoints.tf ├── aws-vpc-subnets.tf ├── aws-vpc.tf ├── main.tf ├── output.tf └── variables.tf ├── terraform-gcp-demo ├── README.md └── gcp-instance.tf ├── terraform-multi-instance-ebs-aws ├── .terraform.lock.hcl ├── README.md ├── aws-auto-scaling-group.tf ├── aws-launch-template.tf ├── data-availability-zones.tf ├── main.tf ├── security-group.tf └── variables.tf ├── terraform-onboarding ├── demo-attributes-and-output │ └── attributes.tf ├── demo-conditional │ └── condition.tf ├── demo-count-n-index │ └── count.tf ├── demo-data-sources │ └── data-source.tf ├── demo-datatypes │ ├── main.tf │ └── variables.tf ├── demo-digital-ocean-droplet │ └── digital-ocean.tf ├── demo-dynamic-block │ └── dynamic-blocks.tf ├── demo-ec2 │ └── ec2.tf ├── demo-functions │ └── functions.tf ├── demo-graph │ └── graph.tf ├── demo-import │ ├── ec2.tf │ └── provider.tf ├── demo-load-order │ ├── ec2.tf │ ├── iamuser.tf │ ├── provider.tf │ └── variables.tf ├── demo-localvalues │ └── localvalues.tf ├── demo-module │ ├── a-project │ │ ├── myec2.tf │ │ └── provider.tf │ ├── b-project │ │ ├── myec2.tf │ │ └── provider.tf │ └── modules │ │ └── ec2 │ │ ├── module-ec2.tf │ │ └── variables.tf ├── demo-multi-disk │ └── ec2.tf ├── demo-multi-provider │ ├── eip.tf │ └── provider.tf ├── demo-provider-sts │ └── provider.tf ├── demo-provisioner-local │ └── local-exec.tf ├── demo-provisioner-remote │ └── remote-exec.tf ├── demo-references │ └── references.tf ├── demo-registry │ └── terraform-registry.tf ├── demo-remote-backend │ ├── backend.hcl │ ├── iam.tf │ └── variables.tf ├── demo-remote-state │ ├── backend.tf │ └── remote.tf ├── demo-sensitive │ └── sensitive.tf ├── demo-settings │ └── terraform.tf ├── demo-splat-expression │ └── splat-expression.tf ├── demo-variables-2 │ ├── main.tf │ └── variables.tf ├── demo-variables │ ├── main.tf │ └── variables.tf └── demo-workspace │ └── workspace.tf ├── terraform-openshift-vmware └── README.md ├── terraform-upcloud-wordpress ├── main.tf └── variables.tf └── terraform-vmware-demos ├── README.md ├── vmware-create-vm ├── variables.tf └── vmware-new-vm.tf └── vmware-import ├── variables.tf └── vmware-import-vm.tf /.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iamgini/terraform-iac-usecases/7189dba42e3e5aa5484e9768206dff6dee470abd/.DS_Store -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Local .terraform directories 2 | **/.terraform/* 3 | 4 | # .tfstate files 5 | *.tfstate 6 | *.tfstate.* 7 | terraform.tfstate 8 | 9 | # Crash log files 10 | crash.log 11 | 12 | # Exclude all .tfvars files, which are likely to contain sentitive data, such as 13 | # password, private keys, and other secrets. These should not be part of version 14 | # control as they are data points which are potentially sensitive and subject 15 | # to change depending on the environment. 16 | # 17 | *.tfvars 18 | 19 | # Ignore override files as they are usually used to override resources locally and so 20 | # are not checked in 21 | override.tf 22 | override.tf.json 23 | *_override.tf 24 | *_override.tf.json 25 | 26 | # Include override files you do wish to add to version control using negated pattern 27 | # 28 | # !example_override.tf 29 | 30 | # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan 31 | # example: *tfplan* 32 | 33 | # Ignore CLI configuration files 34 | .terraformrc 35 | terraform.rc 36 | 37 | # lock file 38 | .terraform.lock.hcl 39 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # terraform-iac-usecases 2 | Terraform Use Case Gallery 3 | 4 | *Note: These are simple Terraform use cases for learning purpose and for work-environment configuration. DO NOT blindly use it for any production uses* 5 | 6 | Also check **[Vagrant IaC Examples ](https://github.com/iamgini/vagrant-iac-usecases)**. 7 | 8 | ## Installing Terraform 9 | 10 | [Download](https://www.terraform.io/downloads.html) and [Install](https://learn.hashicorp.com/tutorials/terraform/install-cli) Terraform. -------------------------------------------------------------------------------- /terraform-aws-ansible-engine/.gitignore: -------------------------------------------------------------------------------- 1 | # Compiled files 2 | *.tfstate 3 | *.tfstate.backup 4 | *.tfstate.lock.info 5 | 6 | # logs 7 | *.log 8 | 9 | # Directories 10 | .terraform/ 11 | .vagrant/ 12 | 13 | # SSH Keys 14 | *.pem 15 | 16 | # Backup files 17 | *.bak 18 | 19 | # Ignored Terraform files 20 | *gitignore*.tf 21 | 22 | # Ignore Mac .DS_Store files 23 | .DS_Store 24 | 25 | # Ignored vscode files 26 | .vscode/ 27 | 28 | # Ignore Any Generated JSON Files 29 | operations/automation-script/apply.json 30 | operations/automation-script/configversion.json 31 | operations/automation-script/run.template.json 32 | operations/automation-script/run.json 33 | operations/automation-script/variable.template.json 34 | operations/automation-script/variable.json 35 | operations/automation-script/workspace.template.json 36 | operations/automation-script/workspace.json 37 | operations/sentinel-policies-scripts/create-policy.template.json 38 | operations/sentinel-policies-scripts/create-policy.json 39 | operations/variable-scripts/variable.template.json 40 | operations/variable-scripts/variable.json 41 | 42 | # Sentinel runtime directory 43 | .sentinel -------------------------------------------------------------------------------- /terraform-aws-ansible-engine/.terraform.lock.hcl: -------------------------------------------------------------------------------- 1 | # This file is maintained automatically by "terraform init". 2 | # Manual edits may be lost in future updates. 3 | 4 | provider "registry.terraform.io/hashicorp/aws" { 5 | version = "3.47.0" 6 | hashes = [ 7 | "h1:oiX6JcoXY6lYIdcYWmEpr7mnS4mkyDV9intCNrcjiBs=", 8 | "zh:07bb6bda5b9fdb782dd568a2e85cfe0ab108770e2218f3411e57ed845c58af40", 9 | "zh:0926b161a109e75bdc8691e8a32f568b4cd77a55510cf27573261fb5ba382287", 10 | "zh:0a91adf25a78ad31d547da513db24f493d27592d3675ed291a7698351c30992d", 11 | "zh:0f95f01e3bf0dab306ed86afb1ca00e01ce94ed6696765158d544b1569483b13", 12 | "zh:10466a520c617354ebbee9366267e0878b091a15d49cb97846511e952bd9db90", 13 | "zh:2fc627d3dc5a6df904591c673d640e6d3a697dcc12d1a43cf71066a47314f7c0", 14 | "zh:a85476047ddb359acdc0db5b9cbe0a7e13c4e65289b03f6c93303d0452db450b", 15 | "zh:cbadde98d44e8953cc78487b6788b97cff12632e9fda065bb970b001205662cb", 16 | "zh:db05702323c5fa253d5e067458340b89126738b8f6a9847465ee3e75b0f28320", 17 | "zh:e16cf52ff3b067adb33a75b89c03f9b03e666e2d45adb2ee296ae12b36cd5776", 18 | "zh:fcb8f73f7f5e195e3345d5694b526e0d5e77562d2e7dd468366ee15b1be6b418", 19 | ] 20 | } 21 | -------------------------------------------------------------------------------- /terraform-aws-ansible-engine/README.md: -------------------------------------------------------------------------------- 1 | # Ansible Lab - Using Terraform and AWS 2 | 3 | *Warning: this is still in-progress and do not use* 4 | 5 | Also check **[Terraform IaC Examples ](https://github.com/iamgini/terraform-iac-usecases)**. 6 | 7 | Read Full Article here : [Use Terraform to Create a FREE Ansible Lab in AWS](https://www.techbeatly.com/2021/06/use-terraform-to-create-a-free-ansible-lab-in-aws.html) 8 | 9 | ## Introduction 10 | 11 | Terraform will provision below resources and take note on details. 12 | 13 | - 1x ec2 instance for Ansible Engine. 14 | - 2x ec2 instances fro Ansible managed nodes. 15 | - We are using `Amazon Linux 2 AMI (HVM), SSD Volume Type` (`ami-02f26adf094f51167`); you can create with other AMI's as well by changing the AMI details in `variables.tf` (Consider adjusting the installation commands if you are changing the AMI or OS) 16 | - Default `region = "ap-southeast-1"` (**Singapore**), change this in `main.tf` if needed. 17 | - A new Security Group will be created as `ansible-lab-security-group` (which will be destroyed when you do `terraform destroy` together with all other resources) 18 | - All Nodes will be configured with ssh access. 19 | - All Nodes will be installed with ansible, git, vim and other necessary packages. 20 | - Uncomment `# sudo yum update -y` in `user-data-*.sh` if you need to update the nodes with latest updates. 21 | 22 | # How to use this repository 23 | ## Step 1. Install Terraform 24 | 25 | If you haven't yet, [Download](https://www.terraform.io/downloads.html) and [Install](https://learn.hashicorp.com/tutorials/terraform/install-cli) Terraform. 26 | 27 | ## Step 2. Configure AWS Credential 28 | 29 | Refer [AWS CLI Configuration Guide](https://github.com/iamgini/vagrant-iac-usecases#aws-setup) for details. 30 | 31 | ## Step 3. Create SSH Keys to Access the ec2 instances 32 | 33 | If you have existing keys, you can use that; otherwise create new ssh keys. 34 | 35 | - ***Warning**: Please remember to not to overwrite the existing ssh key pair files; use a new file name if you want to keep the old keys.* 36 | - If you are using any key files other than `~/.ssh/id_rsa`, then remember to update the same in `variables.tf` as well. 37 | 38 | ```shell 39 | $ ssh-keygen 40 | ``` 41 | 42 | ## Step 4. Clone the Repository and create your Ansible Lab 43 | 44 | ```shell 45 | $ git clone https://github.com/iamgini/terraform-iac-usecases 46 | $ cd terraform-aws-ansible-lab 47 | 48 | ## init terraform 49 | $ terraform init 50 | 51 | ## verify the resource details before apply 52 | $ terraform plan 53 | 54 | ## Apply configuration - This step will spin up all necessary resources in your AWS Account 55 | $ terraform apply 56 | . 57 | . 58 | Do you want to perform these actions? 59 | Terraform will perform the actions described above. 60 | Only 'yes' will be accepted to approve. 61 | 62 | Enter a value: yes 63 | 64 | aws_key_pair.ec2loginkey: Creating... 65 | aws_security_group.ansible_access: Creating... 66 | . 67 | . 68 | Apply complete! Resources: 0 added, 0 changed, 0 destroyed. 69 | 70 | Outputs: 71 | 72 | ansible-engine = 73 | ansible-node-1 = 74 | ansible-node-2 = 75 | ``` 76 | 77 | ### How to Access the Lab ? 78 | 79 | Terraform will show you the `Public IP` of `ansible-engine` instance and you can access the ansible-engine using that IP. 80 | 81 | - Host: Public IP of `ansible-engine`. SSH Keys are already copied inside **all ec2 instances** under `devops` user but still you can access it using below credentials if accessing from different machines. 82 | - Username: `devops` 83 | - Password: `devops` 84 | 85 | ```shell 86 | $ ssh devops@IP_ADDRESS 87 | [devops@ansible-engine ~]$ 88 | ``` 89 | 90 | - A default `ansible.cfg` and `inventory` files are already available to use under home directory (`/home/devops/`) 91 | 92 | ```shell 93 | ## Check Files copied automatically 94 | [devops@ansible-engine ~]$ ls -l 95 | total 8 96 | -rwxr-xr-x 1 devops devops 82 Jun 10 09:04 ansible.cfg 97 | -rwxr-xr-x 1 devops devops 524 Jun 10 09:04 inventory 98 | ``` 99 | 100 | - `ansible-engine` to `ansible-nodes` ssh connection is already setup using password in `inventory` file. 101 | 102 | ```shell 103 | ## Verify Instance Access 104 | [devops@ansible-engine ~]$ ansible all -m ping 105 | ansible-engine | SUCCESS => { 106 | "ansible_facts": { 107 | "discovered_interpreter_python": "/usr/bin/python" 108 | }, 109 | "changed": false, 110 | "ping": "pong" 111 | } 112 | node2 | SUCCESS => { 113 | "ansible_facts": { 114 | "discovered_interpreter_python": "/usr/bin/python" 115 | }, 116 | "changed": false, 117 | "ping": "pong" 118 | } 119 | node1 | SUCCESS => { 120 | "ansible_facts": { 121 | "discovered_interpreter_python": "/usr/bin/python" 122 | }, 123 | "changed": false, 124 | "ping": "pong" 125 | } 126 | ``` 127 | 128 | 129 | ## Step 5. Destroy Lab Once you are Done 130 | 131 | As we know, we are dealing with FREE tier, remember to destroy the resources once you finish the lab or practicing for that day. 132 | 133 | ```shell 134 | $ terraform destroy 135 | ``` 136 | 137 | DO not need to worry, you will get the same lab setup whenever you needed by simply doing a `terraform apply` command again. 138 | 139 | ## Appendix 140 | 141 | ### Use `local-exec` if you have Ansible installed locally 142 | 143 | If you are using Linux/Mac machine and ansible is available locally, then you an use below method for executing Terraform provisioner. (Current configuration is to execute ansible playbook from `ansible-engine` node itself.) 144 | 145 | ```json 146 | provisioner "local-exec" { 147 | command = "ansible-playbook engine-config.yaml" 148 | } 149 | ``` -------------------------------------------------------------------------------- /terraform-aws-ansible-engine/ansible-engine.tf: -------------------------------------------------------------------------------- 1 | ## ================================ Ansible Engine Instance ================================================ 2 | resource "aws_instance" "ansible-engine" { 3 | ami = var.aws_ami_id #"ami-0cd31be676780afa7" 4 | instance_type = "t2.micro" 5 | key_name = aws_key_pair.ec2loginkey.key_name 6 | ## If you are creating Instances in a VPC, use vpc_security_group_ids instead. 7 | security_groups = ["ansible-lab-sg"] 8 | user_data = file("user-data-ansible-engine.sh") 9 | 10 | # Create inventory and ansible.cfg on ansible-engine 11 | provisioner "remote-exec" { 12 | inline = [ 13 | "echo '[ansible]' >> /home/ec2-user/inventory", 14 | "echo 'ansible-engine ansible_host=${aws_instance.ansible-engine.private_dns} ansible_connection=local' >> /home/ec2-user/inventory", 15 | "echo '[nodes]' >> /home/ec2-user/inventory", 16 | "echo '' >> /home/ec2-user/inventory", 17 | "echo '[all:vars]' >> /home/ec2-user/inventory", 18 | "echo 'ansible_user=devops' >> /home/ec2-user/inventory", 19 | "echo 'ansible_password=devops' >> /home/ec2-user/inventory", 20 | "echo 'ansible_connection=ssh' >> /home/ec2-user/inventory", 21 | "echo '#ansible_python_interpreter=/usr/bin/python3' >> /home/ec2-user/inventory", 22 | "echo 'ansible_ssh_private_key_file=/home/devops/.ssh/id_rsa' >> /home/ec2-user/inventory", 23 | "echo \"ansible_ssh_extra_args=' -o StrictHostKeyChecking=no -o PreferredAuthentications=password '\" >> /home/ec2-user/inventory", 24 | "echo '[defaults]' >> /home/ec2-user/ansible.cfg", 25 | "echo 'inventory = ./inventory' >> /home/ec2-user/ansible.cfg", 26 | "echo 'host_key_checking = False' >> /home/ec2-user/ansible.cfg", 27 | "echo 'remote_user = devops' >> /home/ec2-user/ansible.cfg", 28 | ] 29 | connection { 30 | type = "ssh" 31 | user = "ec2-user" 32 | private_key = file(pathexpand(var.ssh_key_pair)) 33 | host = self.public_ip 34 | } 35 | } 36 | 37 | # copy engine-config.yaml 38 | provisioner "file" { 39 | source = "engine-config.yaml" 40 | destination = "/home/ec2-user/engine-config.yaml" 41 | connection { 42 | type = "ssh" 43 | user = "ec2-user" 44 | private_key = file(pathexpand(var.ssh_key_pair)) 45 | host = self.public_ip 46 | } 47 | } 48 | 49 | # Execute Ansible Playbook 50 | provisioner "remote-exec" { 51 | inline = [ 52 | "sleep 120; ansible-playbook engine-config.yaml" 53 | ] 54 | connection { 55 | type = "ssh" 56 | user = "ec2-user" 57 | private_key = file(pathexpand(var.ssh_key_pair)) 58 | host = self.public_ip 59 | } 60 | } 61 | 62 | tags = { 63 | Name = "ansible-engine" 64 | } 65 | } -------------------------------------------------------------------------------- /terraform-aws-ansible-engine/ansible.cfg: -------------------------------------------------------------------------------- 1 | [defaults] 2 | inventory = ./inventory 3 | host_key_checking = False 4 | remote_user = devops 5 | -------------------------------------------------------------------------------- /terraform-aws-ansible-engine/engine-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # cofigure ansible engine and nodes with users and access 3 | 4 | - hosts: all 5 | become: true 6 | vars: 7 | devops_public_key: "" 8 | tasks: 9 | - name: Set Hostname 10 | hostname: 11 | name: "{{ inventory_hostname }}" 12 | 13 | #- name: Install Packages 14 | # yum: 15 | # name: 16 | # - vim 17 | # state: present 18 | 19 | - name: Create .ssh if not exist 20 | file: 21 | path: /home/devops/.ssh 22 | state: directory 23 | owner: devops 24 | group: devops 25 | mode: 0700 26 | 27 | #- name: Create authorized_keys if not exist 28 | # copy: 29 | # dest: /home/devops/.ssh/authorized_keys 30 | # content: "" 31 | # force: no 32 | # owner: devops 33 | # group: devops 34 | # mode: '0600' 35 | 36 | #- name: Copy Authorized keys to devops user 37 | # blockinfile: 38 | # path: /home/devops/.ssh/authorized_keys 39 | # block: "{{ lookup('file', '/home/ec2-user/.ssh/authorized_keys') }}" 40 | - name: Copy Sample Inventory to devops home 41 | copy: 42 | src: '/home/ec2-user/inventory' 43 | dest: "/home/devops/inventory" 44 | mode: '0755' 45 | owner: devops 46 | group: devops 47 | when: inventory_hostname == 'ansible-engine' 48 | 49 | - name: Copy ansible.cfg to devops home 50 | copy: 51 | src: '/home/ec2-user/ansible.cfg' 52 | dest: "/home/devops/ansible.cfg" 53 | mode: '0755' 54 | owner: devops 55 | group: devops 56 | when: inventory_hostname == 'ansible-engine' 57 | 58 | - name: Update /etc/hosts 59 | lineinfile: 60 | line: "{{ hostvars[item]['ansible_default_ipv4']['address'] }} {{ item }}" 61 | path: /etc/hosts 62 | loop: "{{ groups['all'] }}" 63 | #ignore_errors: yes 64 | 65 | - name: Generate an OpenSSH keypair 2048 bits 66 | openssh_keypair: 67 | path: '/home/ec2-user/.ssh/id_rsa' 68 | size: 2048 69 | force: True 70 | owner: ec2-user 71 | group: ec2-user 72 | delegate_to: ansible-engine 73 | when: inventory_hostname == 'ansible-engine' 74 | 75 | - name: Copy SSH Private Key to devops user 76 | copy: 77 | src: "/home/ec2-user/.ssh/id_rsa" 78 | dest: "/home/devops/.ssh/id_rsa" 79 | owner: devops 80 | group: devops 81 | mode: '0600' 82 | force: yes 83 | when: inventory_hostname == 'ansible-engine' 84 | 85 | - name: Copy SSH Public Key to devops user 86 | copy: 87 | src: "/home/ec2-user/.ssh/id_rsa.pub" 88 | dest: "/home/devops/.ssh/id_rsa.pub" 89 | owner: devops 90 | group: devops 91 | mode: '0644' 92 | force: yes 93 | when: inventory_hostname == 'ansible-engine' 94 | 95 | - name: Fetch the Public Key Content 96 | become: false 97 | set_fact: 98 | devops_public_key: "{{ lookup('file', '/home/ec2-user/.ssh/id_rsa.pub') }}" 99 | delegate_to: ansible-engine 100 | when: inventory_hostname == 'ansible-engine' 101 | 102 | - name: Add Ansible Engine keys to authorized_keys of nodes 103 | authorized_key: 104 | user: devops 105 | state: present 106 | key: "{{ hostvars['ansible-engine']['devops_public_key'] }}" 107 | 108 | - name: Disable password login 109 | lineinfile: 110 | dest: /etc/ssh/sshd_config 111 | regexp: "^PasswordAuthentication" 112 | line: "PasswordAuthentication no" 113 | state: present 114 | 115 | - name: Restart sshd 116 | service: 117 | name: sshd 118 | state: restarted 119 | 120 | - name: Clean up inventory in devops home 121 | lineinfile: 122 | dest: /home/devops/inventory 123 | regexp: "^ansible_ssh_extra_args" 124 | state: absent 125 | when: inventory_hostname == 'ansible-engine' 126 | 127 | - name: Amend inventory in devops home 128 | lineinfile: 129 | dest: /home/devops/inventory 130 | #regexp: "^ansible_ssh_extra_args" 131 | line: "ansible_ssh_extra_args=' -o StrictHostKeyChecking=no '" 132 | state: present 133 | insertafter: "ansible_connection=ssh" 134 | when: inventory_hostname == 'ansible-engine' -------------------------------------------------------------------------------- /terraform-aws-ansible-engine/main.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "ap-southeast-1" 3 | ## if you want to mention the aws credential from different path, enable below line 4 | #shared_credentials_file = "$HOME/.aws/credentials" 5 | profile = "ansible" 6 | #version = ">=2.0" 7 | } 8 | 9 | resource "aws_key_pair" "ec2loginkey" { 10 | key_name = "login-key" 11 | ## change here if you are using different key pair 12 | public_key = file(pathexpand(var.ssh_key_pair_pub)) 13 | } 14 | 15 | output "ansible-engine" { 16 | value = aws_instance.ansible-engine.public_ip 17 | } 18 | -------------------------------------------------------------------------------- /terraform-aws-ansible-engine/security_group.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "ansible_access" { 2 | name = "ansible-lab-sg" 3 | description = "Created by Terraform for SSH Access" 4 | 5 | ingress { 6 | description = "SSH Access" 7 | from_port = 22 8 | to_port = 22 9 | protocol = "tcp" 10 | cidr_blocks = ["0.0.0.0/0"] 11 | } 12 | 13 | ingress { 14 | description = "HTTP Access" 15 | from_port = 80 16 | to_port = 80 17 | protocol = "tcp" 18 | cidr_blocks = ["0.0.0.0/0"] 19 | } 20 | 21 | egress { 22 | from_port = 0 23 | to_port = 0 24 | protocol = "-1" 25 | cidr_blocks = ["0.0.0.0/0"] 26 | ipv6_cidr_blocks = ["::/0"] 27 | } 28 | 29 | tags = { 30 | Name = "allow_ssh" 31 | } 32 | } -------------------------------------------------------------------------------- /terraform-aws-ansible-engine/user-data-ansible-engine.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | sudo amazon-linux-extras install -y epel 3 | sudo useradd devops 4 | echo -e 'devops\ndevops' | sudo passwd devops 5 | echo 'devops ALL=(ALL) NOPASSWD: ALL' | sudo tee /etc/sudoers.d/devops 6 | sudo sed -i "s/PasswordAuthentication no/PasswordAuthentication yes/g" /etc/ssh/sshd_config 7 | sudo systemctl restart sshd.service 8 | sudo yum install -y python3 9 | sudo yum install -y vim 10 | sudo yum install -y ansible 11 | sudo yum install -y git 12 | # sudo yum update -y -------------------------------------------------------------------------------- /terraform-aws-ansible-engine/user-data-ansible-nodes.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | sudo amazon-linux-extras install -y epel 3 | sudo useradd devops 4 | echo -e 'devops\ndevops' | sudo passwd devops 5 | echo 'devops ALL=(ALL) NOPASSWD: ALL' | sudo tee /etc/sudoers.d/devops 6 | sudo sed -i "s/PasswordAuthentication no/PasswordAuthentication yes/g" /etc/ssh/sshd_config 7 | sudo systemctl restart sshd.service 8 | sudo yum install -y python3 9 | sudo yum install -y vim 10 | # sudo yum update -y -------------------------------------------------------------------------------- /terraform-aws-ansible-engine/variables.tf: -------------------------------------------------------------------------------- 1 | variable "aws_ami_id" { 2 | ## Amazon Linux 2 AMI (HVM) 3 | default = "ami-02f26adf094f51167" 4 | ## "ami-0cd31be676780afa7" 5 | } 6 | 7 | variable "ssh_key_pair" { 8 | default = "~/.ssh/id_rsa" 9 | } 10 | 11 | variable "ssh_key_pair_pub" { 12 | default = "~/.ssh/id_rsa.pub" 13 | } 14 | 15 | variable "ssh_key_pair_extra" { 16 | default = "~/.ssh/yashica.pub" 17 | } 18 | 19 | variable "ansible_node_count" { 20 | default = 2 21 | } 22 | -------------------------------------------------------------------------------- /terraform-aws-ansible-lab/.gitignore: -------------------------------------------------------------------------------- 1 | # Compiled files 2 | *.tfstate 3 | *.tfstate.backup 4 | *.tfstate.lock.info 5 | 6 | # logs 7 | *.log 8 | 9 | # Directories 10 | .terraform/ 11 | .vagrant/ 12 | 13 | # SSH Keys 14 | *.pem 15 | 16 | # Backup files 17 | *.bak 18 | 19 | # Ignored Terraform files 20 | *gitignore*.tf 21 | 22 | # Ignore Mac .DS_Store files 23 | .DS_Store 24 | 25 | # Ignored vscode files 26 | .vscode/ 27 | 28 | # Ignore Any Generated JSON Files 29 | operations/automation-script/apply.json 30 | operations/automation-script/configversion.json 31 | operations/automation-script/run.template.json 32 | operations/automation-script/run.json 33 | operations/automation-script/variable.template.json 34 | operations/automation-script/variable.json 35 | operations/automation-script/workspace.template.json 36 | operations/automation-script/workspace.json 37 | operations/sentinel-policies-scripts/create-policy.template.json 38 | operations/sentinel-policies-scripts/create-policy.json 39 | operations/variable-scripts/variable.template.json 40 | operations/variable-scripts/variable.json 41 | 42 | # Sentinel runtime directory 43 | .sentinel -------------------------------------------------------------------------------- /terraform-aws-ansible-lab/.terraform.lock.hcl: -------------------------------------------------------------------------------- 1 | # This file is maintained automatically by "terraform init". 2 | # Manual edits may be lost in future updates. 3 | 4 | provider "registry.terraform.io/hashicorp/aws" { 5 | version = "3.47.0" 6 | hashes = [ 7 | "h1:oiX6JcoXY6lYIdcYWmEpr7mnS4mkyDV9intCNrcjiBs=", 8 | "zh:07bb6bda5b9fdb782dd568a2e85cfe0ab108770e2218f3411e57ed845c58af40", 9 | "zh:0926b161a109e75bdc8691e8a32f568b4cd77a55510cf27573261fb5ba382287", 10 | "zh:0a91adf25a78ad31d547da513db24f493d27592d3675ed291a7698351c30992d", 11 | "zh:0f95f01e3bf0dab306ed86afb1ca00e01ce94ed6696765158d544b1569483b13", 12 | "zh:10466a520c617354ebbee9366267e0878b091a15d49cb97846511e952bd9db90", 13 | "zh:2fc627d3dc5a6df904591c673d640e6d3a697dcc12d1a43cf71066a47314f7c0", 14 | "zh:a85476047ddb359acdc0db5b9cbe0a7e13c4e65289b03f6c93303d0452db450b", 15 | "zh:cbadde98d44e8953cc78487b6788b97cff12632e9fda065bb970b001205662cb", 16 | "zh:db05702323c5fa253d5e067458340b89126738b8f6a9847465ee3e75b0f28320", 17 | "zh:e16cf52ff3b067adb33a75b89c03f9b03e666e2d45adb2ee296ae12b36cd5776", 18 | "zh:fcb8f73f7f5e195e3345d5694b526e0d5e77562d2e7dd468366ee15b1be6b418", 19 | ] 20 | } 21 | -------------------------------------------------------------------------------- /terraform-aws-ansible-lab/README.md: -------------------------------------------------------------------------------- 1 | # Ansible Lab - Using Terraform and AWS 2 | 3 | *Warning: this is still in-progress and do not use* 4 | 5 | Also check **[Terraform IaC Examples ](https://github.com/iamgini/terraform-iac-usecases)**. 6 | 7 | Read Full Article here : [Use Terraform to Create a FREE Ansible Lab in AWS](https://www.techbeatly.com/2021/06/use-terraform-to-create-a-free-ansible-lab-in-aws.html) 8 | 9 | ## Introduction 10 | 11 | Terraform will provision below resources and take note on details. 12 | 13 | - 1x ec2 instance for Ansible Engine. 14 | - 2x ec2 instances fro Ansible managed nodes. 15 | - We are using `Amazon Linux 2 AMI (HVM), SSD Volume Type` (`ami-02f26adf094f51167`); you can create with other AMI's as well by changing the AMI details in `variables.tf` (Consider adjusting the installation commands if you are changing the AMI or OS) 16 | - Default `region = "ap-southeast-1"` (**Singapore**), change this in `main.tf` if needed. 17 | - A new Security Group will be created as `ansible-lab-security-group` (which will be destroyed when you do `terraform destroy` together with all other resources) 18 | - All Nodes will be configured with ssh access. 19 | - All Nodes will be installed with ansible, git, vim and other necessary packages. 20 | - Uncomment `# sudo yum update -y` in `user-data-*.sh` if you need to update the nodes with latest updates. 21 | 22 | # How to use this repository 23 | ## Step 1. Install Terraform 24 | 25 | If you haven't yet, [Download](https://www.terraform.io/downloads.html) and [Install](https://learn.hashicorp.com/tutorials/terraform/install-cli) Terraform. 26 | 27 | ## Step 2. Configure AWS Credential 28 | 29 | Refer [AWS CLI Configuration Guide](https://github.com/iamgini/vagrant-iac-usecases#aws-setup) for details. 30 | 31 | ## Step 3. Create SSH Keys to Access the ec2 instances 32 | 33 | If you have existing keys, you can use that; otherwise create new ssh keys. 34 | 35 | - ***Warning**: Please remember to not to overwrite the existing ssh key pair files; use a new file name if you want to keep the old keys.* 36 | - If you are using any key files other than `~/.ssh/id_rsa`, then remember to update the same in `variables.tf` as well. 37 | 38 | ```shell 39 | $ ssh-keygen 40 | ``` 41 | 42 | ## Step 4. Clone the Repository and create your Ansible Lab 43 | 44 | ```shell 45 | $ git clone https://github.com/iamgini/terraform-iac-usecases 46 | $ cd terraform-aws-ansible-lab 47 | 48 | ## init terraform 49 | $ terraform init 50 | 51 | ## verify the resource details before apply 52 | $ terraform plan 53 | 54 | ## Apply configuration - This step will spin up all necessary resources in your AWS Account 55 | $ terraform apply 56 | . 57 | . 58 | Do you want to perform these actions? 59 | Terraform will perform the actions described above. 60 | Only 'yes' will be accepted to approve. 61 | 62 | Enter a value: yes 63 | 64 | aws_key_pair.ec2loginkey: Creating... 65 | aws_security_group.ansible_access: Creating... 66 | . 67 | . 68 | Apply complete! Resources: 0 added, 0 changed, 0 destroyed. 69 | 70 | Outputs: 71 | 72 | ansible-engine = 73 | ansible-node-1 = 74 | ansible-node-2 = 75 | ``` 76 | 77 | ### How to Access the Lab ? 78 | 79 | Terraform will show you the `Public IP` of `ansible-engine` instance and you can access the ansible-engine using that IP. 80 | 81 | - Host: Public IP of `ansible-engine`. SSH Keys are already copied inside **all ec2 instances** under `devops` user but still you can access it using below credentials if accessing from different machines. 82 | - Username: `devops` 83 | - Password: `devops` 84 | 85 | ```shell 86 | $ ssh devops@IP_ADDRESS 87 | [devops@ansible-engine ~]$ 88 | ``` 89 | 90 | - A default `ansible.cfg` and `inventory` files are already available to use under home directory (`/home/devops/`) 91 | 92 | ```shell 93 | ## Check Files copied automatically 94 | [devops@ansible-engine ~]$ ls -l 95 | total 8 96 | -rwxr-xr-x 1 devops devops 82 Jun 10 09:04 ansible.cfg 97 | -rwxr-xr-x 1 devops devops 524 Jun 10 09:04 inventory 98 | ``` 99 | 100 | - `ansible-engine` to `ansible-nodes` ssh connection is already setup using password in `inventory` file. 101 | 102 | ```shell 103 | ## Verify Instance Access 104 | [devops@ansible-engine ~]$ ansible all -m ping 105 | ansible-engine | SUCCESS => { 106 | "ansible_facts": { 107 | "discovered_interpreter_python": "/usr/bin/python" 108 | }, 109 | "changed": false, 110 | "ping": "pong" 111 | } 112 | node2 | SUCCESS => { 113 | "ansible_facts": { 114 | "discovered_interpreter_python": "/usr/bin/python" 115 | }, 116 | "changed": false, 117 | "ping": "pong" 118 | } 119 | node1 | SUCCESS => { 120 | "ansible_facts": { 121 | "discovered_interpreter_python": "/usr/bin/python" 122 | }, 123 | "changed": false, 124 | "ping": "pong" 125 | } 126 | ``` 127 | 128 | 129 | ## Step 5. Destroy Lab Once you are Done 130 | 131 | As we know, we are dealing with FREE tier, remember to destroy the resources once you finish the lab or practicing for that day. 132 | 133 | ```shell 134 | $ terraform destroy 135 | ``` 136 | 137 | DO not need to worry, you will get the same lab setup whenever you needed by simply doing a `terraform apply` command again. 138 | 139 | ## Appendix 140 | 141 | ### Use `local-exec` if you have Ansible installed locally 142 | 143 | If you are using Linux/Mac machine and ansible is available locally, then you an use below method for executing Terraform provisioner. (Current configuration is to execute ansible playbook from `ansible-engine` node itself.) 144 | 145 | ```json 146 | provisioner "local-exec" { 147 | command = "ansible-playbook engine-config.yaml" 148 | } 149 | ``` -------------------------------------------------------------------------------- /terraform-aws-ansible-lab/ansible-engine.tf: -------------------------------------------------------------------------------- 1 | ## ================================ Ansible Engine Instance ================================================ 2 | resource "aws_instance" "ansible-engine" { 3 | ami = var.aws_ami_id #"ami-0cd31be676780afa7" 4 | instance_type = "t2.micro" 5 | key_name = aws_key_pair.ec2loginkey.key_name 6 | ## If you are creating Instances in a VPC, use vpc_security_group_ids instead. 7 | security_groups = ["ansible-lab-sg"] 8 | user_data = file("user-data-ansible-engine.sh") 9 | 10 | # Create inventory and ansible.cfg on ansible-engine 11 | provisioner "remote-exec" { 12 | inline = [ 13 | "echo '[ansible]' >> /home/ec2-user/inventory", 14 | "echo 'ansible-engine ansible_host=${aws_instance.ansible-engine.private_dns} ansible_connection=local' >> /home/ec2-user/inventory", 15 | "echo '[nodes]' >> /home/ec2-user/inventory", 16 | "echo 'node1 ansible_host=${aws_instance.ansible-nodes[0].private_dns}' >> /home/ec2-user/inventory", 17 | "echo 'node2 ansible_host=${aws_instance.ansible-nodes[1].private_dns}' >> /home/ec2-user/inventory", 18 | "echo '' >> /home/ec2-user/inventory", 19 | "echo '[all:vars]' >> /home/ec2-user/inventory", 20 | "echo 'ansible_user=devops' >> /home/ec2-user/inventory", 21 | "echo 'ansible_password=devops' >> /home/ec2-user/inventory", 22 | "echo 'ansible_connection=ssh' >> /home/ec2-user/inventory", 23 | "echo '#ansible_python_interpreter=/usr/bin/python3' >> /home/ec2-user/inventory", 24 | "echo 'ansible_ssh_private_key_file=/home/devops/.ssh/id_rsa' >> /home/ec2-user/inventory", 25 | "echo \"ansible_ssh_extra_args=' -o StrictHostKeyChecking=no -o PreferredAuthentications=password '\" >> /home/ec2-user/inventory", 26 | "echo '[defaults]' >> /home/ec2-user/ansible.cfg", 27 | "echo 'inventory = ./inventory' >> /home/ec2-user/ansible.cfg", 28 | "echo 'host_key_checking = False' >> /home/ec2-user/ansible.cfg", 29 | "echo 'remote_user = devops' >> /home/ec2-user/ansible.cfg", 30 | ] 31 | connection { 32 | type = "ssh" 33 | user = "ec2-user" 34 | private_key = file(pathexpand(var.ssh_key_pair)) 35 | host = self.public_ip 36 | agent = false 37 | } 38 | } 39 | 40 | # copy engine-config.yaml 41 | provisioner "file" { 42 | source = "engine-config.yaml" 43 | destination = "/home/ec2-user/engine-config.yaml" 44 | connection { 45 | type = "ssh" 46 | user = "ec2-user" 47 | private_key = file(pathexpand(var.ssh_key_pair)) 48 | host = self.public_ip 49 | } 50 | } 51 | 52 | # Execute Ansible Playbook 53 | provisioner "remote-exec" { 54 | inline = [ 55 | "sleep 120; ansible-playbook engine-config.yaml" 56 | ] 57 | connection { 58 | type = "ssh" 59 | user = "ec2-user" 60 | private_key = file(pathexpand(var.ssh_key_pair)) 61 | host = self.public_ip 62 | } 63 | } 64 | 65 | tags = { 66 | Name = "ansible-engine" 67 | } 68 | } -------------------------------------------------------------------------------- /terraform-aws-ansible-lab/ansible-nodes.tf: -------------------------------------------------------------------------------- 1 | ## ================================ Ansible Node Instances ================================ 2 | resource "aws_instance" "ansible-nodes" { 3 | ami = var.aws_ami_id #"ami-0cd31be676780afa7" 4 | instance_type = "t2.micro" 5 | key_name = aws_key_pair.ec2loginkey.key_name 6 | count = var.ansible_node_count 7 | security_groups = ["ansible-lab-sg"] 8 | user_data = file("user-data-ansible-nodes.sh") 9 | tags = { 10 | Name = "ansible-node-${count.index + 1}" 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /terraform-aws-ansible-lab/ansible.cfg: -------------------------------------------------------------------------------- 1 | [defaults] 2 | inventory = ./inventory 3 | host_key_checking = False 4 | remote_user = devops 5 | -------------------------------------------------------------------------------- /terraform-aws-ansible-lab/engine-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # cofigure ansible engine and nodes with users and access 3 | 4 | - hosts: all 5 | become: true 6 | vars: 7 | devops_public_key: "" 8 | tasks: 9 | - name: Set Hostname 10 | hostname: 11 | name: "{{ inventory_hostname }}" 12 | 13 | #- name: Install Packages 14 | # yum: 15 | # name: 16 | # - vim 17 | # state: present 18 | 19 | - name: Create .ssh if not exist 20 | file: 21 | path: /home/devops/.ssh 22 | state: directory 23 | owner: devops 24 | group: devops 25 | mode: 0700 26 | 27 | #- name: Create authorized_keys if not exist 28 | # copy: 29 | # dest: /home/devops/.ssh/authorized_keys 30 | # content: "" 31 | # force: no 32 | # owner: devops 33 | # group: devops 34 | # mode: '0600' 35 | 36 | #- name: Copy Authorized keys to devops user 37 | # blockinfile: 38 | # path: /home/devops/.ssh/authorized_keys 39 | # block: "{{ lookup('file', '/home/ec2-user/.ssh/authorized_keys') }}" 40 | - name: Copy Sample Inventory to devops home 41 | copy: 42 | src: '/home/ec2-user/inventory' 43 | dest: "/home/devops/inventory" 44 | mode: '0755' 45 | owner: devops 46 | group: devops 47 | when: inventory_hostname == 'ansible-engine' 48 | 49 | - name: Copy ansible.cfg to devops home 50 | copy: 51 | src: '/home/ec2-user/ansible.cfg' 52 | dest: "/home/devops/ansible.cfg" 53 | mode: '0755' 54 | owner: devops 55 | group: devops 56 | when: inventory_hostname == 'ansible-engine' 57 | 58 | - name: Update /etc/hosts 59 | lineinfile: 60 | line: "{{ hostvars[item]['ansible_default_ipv4']['address'] }} {{ item }}" 61 | path: /etc/hosts 62 | loop: "{{ groups['all'] }}" 63 | #ignore_errors: yes 64 | 65 | - name: Generate an OpenSSH keypair 2048 bits 66 | openssh_keypair: 67 | path: '/home/ec2-user/.ssh/id_rsa' 68 | size: 2048 69 | force: True 70 | owner: ec2-user 71 | group: ec2-user 72 | delegate_to: ansible-engine 73 | when: inventory_hostname == 'ansible-engine' 74 | 75 | - name: Copy SSH Private Key to devops user 76 | copy: 77 | src: "/home/ec2-user/.ssh/id_rsa" 78 | dest: "/home/devops/.ssh/id_rsa" 79 | owner: devops 80 | group: devops 81 | mode: '0600' 82 | force: yes 83 | when: inventory_hostname == 'ansible-engine' 84 | 85 | - name: Copy SSH Public Key to devops user 86 | copy: 87 | src: "/home/ec2-user/.ssh/id_rsa.pub" 88 | dest: "/home/devops/.ssh/id_rsa.pub" 89 | owner: devops 90 | group: devops 91 | mode: '0644' 92 | force: yes 93 | when: inventory_hostname == 'ansible-engine' 94 | 95 | - name: Fetch the Public Key Content 96 | become: false 97 | set_fact: 98 | devops_public_key: "{{ lookup('file', '/home/ec2-user/.ssh/id_rsa.pub') }}" 99 | host_machine_public_key: "{{ lookup('file', '/home/ec2-user/.ssh/authorized_keys') }}" 100 | delegate_to: ansible-engine 101 | when: inventory_hostname == 'ansible-engine' 102 | 103 | - name: Add Host machine public key to devops user 104 | authorized_key: 105 | user: devops 106 | state: present 107 | key: "{{ hostvars['ansible-engine']['host_machine_public_key'] }}" 108 | 109 | - name: Add Ansible Engine keys to authorized_keys of nodes 110 | authorized_key: 111 | user: devops 112 | state: present 113 | key: "{{ hostvars['ansible-engine']['devops_public_key'] }}" 114 | 115 | - name: Disable password login 116 | lineinfile: 117 | dest: /etc/ssh/sshd_config 118 | regexp: "^PasswordAuthentication" 119 | line: "PasswordAuthentication no" 120 | state: present 121 | 122 | - name: Restart sshd 123 | service: 124 | name: sshd 125 | state: restarted 126 | 127 | - name: Clean up inventory in devops home 128 | lineinfile: 129 | dest: /home/devops/inventory 130 | regexp: "^ansible_ssh_extra_args" 131 | state: absent 132 | when: inventory_hostname == 'ansible-engine' 133 | 134 | - name: Amend inventory in devops home 135 | lineinfile: 136 | dest: /home/devops/inventory 137 | #regexp: "^ansible_ssh_extra_args" 138 | line: "ansible_ssh_extra_args=' -o StrictHostKeyChecking=no '" 139 | state: present 140 | insertafter: "ansible_connection=ssh" 141 | when: inventory_hostname == 'ansible-engine' -------------------------------------------------------------------------------- /terraform-aws-ansible-lab/main.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "ap-southeast-1" 3 | ## if you want to mention the aws credential from different path, enable below line 4 | #shared_credentials_file = "$HOME/.aws/credentials" 5 | profile = "ansible" 6 | #version = ">=2.0" 7 | } 8 | 9 | resource "aws_key_pair" "ec2loginkey" { 10 | key_name = "login-key" 11 | ## change here if you are using different key pair 12 | public_key = file(pathexpand(var.ssh_key_pair_pub)) 13 | } 14 | 15 | output "ansible-engine" { 16 | value = aws_instance.ansible-engine.public_ip 17 | } 18 | 19 | output "ansible-node-1" { 20 | value = aws_instance.ansible-nodes[0].public_ip 21 | } 22 | 23 | output "ansible-node-2" { 24 | value = aws_instance.ansible-nodes[1].public_ip 25 | } -------------------------------------------------------------------------------- /terraform-aws-ansible-lab/security_group.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "ansible_access" { 2 | name = "ansible-lab-sg" 3 | description = "Created by Terraform for SSH Access" 4 | 5 | ingress { 6 | description = "SSH Access" 7 | from_port = 22 8 | to_port = 22 9 | protocol = "tcp" 10 | cidr_blocks = ["0.0.0.0/0"] 11 | } 12 | 13 | ingress { 14 | description = "HTTP Access" 15 | from_port = 80 16 | to_port = 80 17 | protocol = "tcp" 18 | cidr_blocks = ["0.0.0.0/0"] 19 | } 20 | 21 | egress { 22 | from_port = 0 23 | to_port = 0 24 | protocol = "-1" 25 | cidr_blocks = ["0.0.0.0/0"] 26 | ipv6_cidr_blocks = ["::/0"] 27 | } 28 | 29 | tags = { 30 | Name = "allow_ssh" 31 | } 32 | } -------------------------------------------------------------------------------- /terraform-aws-ansible-lab/user-data-ansible-engine.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | sudo amazon-linux-extras install -y epel 3 | sudo useradd devops 4 | echo -e 'devops\ndevops' | sudo passwd devops 5 | echo 'devops ALL=(ALL) NOPASSWD: ALL' | sudo tee /etc/sudoers.d/devops 6 | sudo sed -i "s/PasswordAuthentication no/PasswordAuthentication yes/g" /etc/ssh/sshd_config 7 | sudo systemctl restart sshd.service 8 | sudo yum install -y python3 9 | sudo yum install -y vim 10 | sudo yum install -y ansible 11 | sudo yum install -y git 12 | # sudo yum update -y -------------------------------------------------------------------------------- /terraform-aws-ansible-lab/user-data-ansible-nodes.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | sudo amazon-linux-extras install -y epel 3 | sudo useradd devops 4 | echo -e 'devops\ndevops' | sudo passwd devops 5 | echo 'devops ALL=(ALL) NOPASSWD: ALL' | sudo tee /etc/sudoers.d/devops 6 | sudo sed -i "s/PasswordAuthentication no/PasswordAuthentication yes/g" /etc/ssh/sshd_config 7 | sudo systemctl restart sshd.service 8 | sudo yum install -y python3 9 | sudo yum install -y vim 10 | # sudo yum update -y -------------------------------------------------------------------------------- /terraform-aws-ansible-lab/variables.tf: -------------------------------------------------------------------------------- 1 | variable "aws_ami_id" { 2 | ## Amazon Linux 2 AMI (HVM) 3 | default = "ami-02f26adf094f51167" 4 | ## "ami-0cd31be676780afa7" 5 | } 6 | 7 | variable "ssh_key_pair" { 8 | default = "~/.ssh/id_rsa" 9 | #default = "~/.ssh/id_rsa_ansilble_lab" 10 | } 11 | 12 | variable "ssh_key_pair_pub" { 13 | default = "~/.ssh/id_rsa.pub" 14 | #default = "~/.ssh/id_rsa_ansilble_lab.pub" 15 | } 16 | 17 | variable "ansible_node_count" { 18 | default = 2 19 | } 20 | -------------------------------------------------------------------------------- /terraform-aws-ec2-single/.gitignore: -------------------------------------------------------------------------------- 1 | # Compiled files 2 | *.tfstate 3 | *.tfstate.backup 4 | *.tfstate.lock.info 5 | 6 | # logs 7 | *.log 8 | 9 | # Directories 10 | .terraform/ 11 | .vagrant/ 12 | 13 | # SSH Keys 14 | *.pem 15 | 16 | # Backup files 17 | *.bak 18 | 19 | # Ignored Terraform files 20 | *gitignore*.tf 21 | 22 | # Ignore Mac .DS_Store files 23 | .DS_Store 24 | 25 | # Ignored vscode files 26 | .vscode/ 27 | 28 | # Ignore Any Generated JSON Files 29 | operations/automation-script/apply.json 30 | operations/automation-script/configversion.json 31 | operations/automation-script/run.template.json 32 | operations/automation-script/run.json 33 | operations/automation-script/variable.template.json 34 | operations/automation-script/variable.json 35 | operations/automation-script/workspace.template.json 36 | operations/automation-script/workspace.json 37 | operations/sentinel-policies-scripts/create-policy.template.json 38 | operations/sentinel-policies-scripts/create-policy.json 39 | operations/variable-scripts/variable.template.json 40 | operations/variable-scripts/variable.json 41 | 42 | # Sentinel runtime directory 43 | .sentinel -------------------------------------------------------------------------------- /terraform-aws-ec2-single/.terraform.lock.hcl: -------------------------------------------------------------------------------- 1 | # This file is maintained automatically by "terraform init". 2 | # Manual edits may be lost in future updates. 3 | 4 | provider "registry.terraform.io/hashicorp/aws" { 5 | version = "3.47.0" 6 | hashes = [ 7 | "h1:gXncRh1KtgLNMeb3/bYq5CvGfy8YTR+n6ds1noc5ggc=", 8 | "h1:oiX6JcoXY6lYIdcYWmEpr7mnS4mkyDV9intCNrcjiBs=", 9 | "zh:07bb6bda5b9fdb782dd568a2e85cfe0ab108770e2218f3411e57ed845c58af40", 10 | "zh:0926b161a109e75bdc8691e8a32f568b4cd77a55510cf27573261fb5ba382287", 11 | "zh:0a91adf25a78ad31d547da513db24f493d27592d3675ed291a7698351c30992d", 12 | "zh:0f95f01e3bf0dab306ed86afb1ca00e01ce94ed6696765158d544b1569483b13", 13 | "zh:10466a520c617354ebbee9366267e0878b091a15d49cb97846511e952bd9db90", 14 | "zh:2fc627d3dc5a6df904591c673d640e6d3a697dcc12d1a43cf71066a47314f7c0", 15 | "zh:a85476047ddb359acdc0db5b9cbe0a7e13c4e65289b03f6c93303d0452db450b", 16 | "zh:cbadde98d44e8953cc78487b6788b97cff12632e9fda065bb970b001205662cb", 17 | "zh:db05702323c5fa253d5e067458340b89126738b8f6a9847465ee3e75b0f28320", 18 | "zh:e16cf52ff3b067adb33a75b89c03f9b03e666e2d45adb2ee296ae12b36cd5776", 19 | "zh:fcb8f73f7f5e195e3345d5694b526e0d5e77562d2e7dd468366ee15b1be6b418", 20 | ] 21 | } 22 | -------------------------------------------------------------------------------- /terraform-aws-ec2-single/README.md: -------------------------------------------------------------------------------- 1 | # Terraform and AWS - Single EC2 2 | 3 | *Warning: this is still in-progress and do not use* 4 | 5 | Also check **[Terraform IaC Examples ](https://github.com/iamgini/terraform-iac-usecases)**. 6 | -------------------------------------------------------------------------------- /terraform-aws-ec2-single/ansible.cfg: -------------------------------------------------------------------------------- 1 | [defaults] 2 | inventory = ./inventory 3 | host_key_checking = False 4 | remote_user = devops 5 | -------------------------------------------------------------------------------- /terraform-aws-ec2-single/ec2.tf: -------------------------------------------------------------------------------- 1 | ## ================================ Ansible Engine Instance ================================================ 2 | resource "aws_instance" "demo-ec2" { 3 | ami = var.aws_ami_id #"ami-0cd31be676780afa7" 4 | instance_type = "t2.micro" 5 | key_name = aws_key_pair.ec2loginkey.key_name 6 | ## If you are creating Instances in a VPC, use vpc_security_group_ids instead. 7 | security_groups = ["ec2-lab-sg"] 8 | #user_data = file("user-data-ansible-engine.sh") 9 | 10 | # Create inventory and ansible.cfg on ansible-engine 11 | #provisioner "remote-exec" { 12 | # inline = [ 13 | # "echo '[ansible]' >> /home/ec2-user/inventory", 14 | # "echo 'ansible-engine ansible_host=${aws_instance.ansible-engine.private_dns} ansible_connection=local' >> /home/ec2-user/inventory", 15 | # "echo '[nodes]' >> /home/ec2-user/inventory", 16 | # "echo '' >> /home/ec2-user/inventory", 17 | # "echo '[all:vars]' >> /home/ec2-user/inventory", 18 | # "echo 'ansible_user=devops' >> /home/ec2-user/inventory", 19 | # "echo 'ansible_password=devops' >> /home/ec2-user/inventory", 20 | # "echo 'ansible_connection=ssh' >> /home/ec2-user/inventory", 21 | # "echo '#ansible_python_interpreter=/usr/bin/python3' >> /home/ec2-user/inventory", 22 | # "echo 'ansible_ssh_private_key_file=/home/devops/.ssh/id_rsa' >> /home/ec2-user/inventory", 23 | # "echo \"ansible_ssh_extra_args=' -o StrictHostKeyChecking=no -o PreferredAuthentications=password '\" >> /home/ec2-user/inventory", 24 | # "echo '[defaults]' >> /home/ec2-user/ansible.cfg", 25 | # "echo 'inventory = ./inventory' >> /home/ec2-user/ansible.cfg", 26 | # "echo 'host_key_checking = False' >> /home/ec2-user/ansible.cfg", 27 | # "echo 'remote_user = devops' >> /home/ec2-user/ansible.cfg", 28 | # ] 29 | # connection { 30 | # type = "ssh" 31 | # user = "ec2-user" 32 | # private_key = file(pathexpand(var.ssh_key_pair)) 33 | # host = self.public_ip 34 | # } 35 | #} 36 | # 37 | ## copy engine-config.yaml 38 | #provisioner "file" { 39 | # source = "engine-config.yaml" 40 | # destination = "/home/ec2-user/engine-config.yaml" 41 | # connection { 42 | # type = "ssh" 43 | # user = "ec2-user" 44 | # private_key = file(pathexpand(var.ssh_key_pair)) 45 | # host = self.public_ip 46 | # } 47 | #} 48 | # 49 | ## Execute Ansible Playbook 50 | #provisioner "remote-exec" { 51 | # inline = [ 52 | # "sleep 120; ansible-playbook engine-config.yaml" 53 | # ] 54 | # connection { 55 | # type = "ssh" 56 | # user = "ec2-user" 57 | # private_key = file(pathexpand(var.ssh_key_pair)) 58 | # host = self.public_ip 59 | # } 60 | #} 61 | 62 | tags = { 63 | Name = "demo-ec2" 64 | } 65 | } -------------------------------------------------------------------------------- /terraform-aws-ec2-single/main.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "ap-southeast-1" 3 | ## if you want to mention the aws credential from different path, enable below line 4 | #shared_credentials_file = "$HOME/.aws/credentials" 5 | profile = "devops" 6 | #version = ">=2.0" 7 | } 8 | 9 | resource "aws_key_pair" "ec2loginkey" { 10 | key_name = "ec2-login-key" 11 | ## change here if you are using different key pair 12 | public_key = file(pathexpand(var.ssh_key_pair_pub)) 13 | } 14 | 15 | output "demo-ec2-output" { 16 | value = aws_instance.demo-ec2.public_ip 17 | } 18 | -------------------------------------------------------------------------------- /terraform-aws-ec2-single/security_group.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "demo_ec2_access" { 2 | name = "ec2-lab-sg" 3 | description = "Created by Terraform for SSH Access" 4 | 5 | ingress { 6 | description = "SSH Access" 7 | from_port = 22 8 | to_port = 22 9 | protocol = "tcp" 10 | cidr_blocks = ["0.0.0.0/0"] 11 | } 12 | 13 | ingress { 14 | description = "HTTP Access" 15 | from_port = 80 16 | to_port = 80 17 | protocol = "tcp" 18 | cidr_blocks = ["0.0.0.0/0"] 19 | } 20 | 21 | egress { 22 | from_port = 0 23 | to_port = 0 24 | protocol = "-1" 25 | cidr_blocks = ["0.0.0.0/0"] 26 | ipv6_cidr_blocks = ["::/0"] 27 | } 28 | 29 | tags = { 30 | Name = "allow_ssh" 31 | } 32 | } -------------------------------------------------------------------------------- /terraform-aws-ec2-single/variables.tf: -------------------------------------------------------------------------------- 1 | variable "aws_ami_id" { 2 | ## Amazon Linux 2 AMI (HVM) 3 | #default = "ami-02f26adf094f51167" 4 | 5 | ## Ubuntu Server 20.04 LTS (HVM), SSD Volume Type 6 | default = "ami-055d15d9cfddf7bd3" 7 | ## "ami-0cd31be676780afa7" 8 | } 9 | 10 | variable "ssh_key_pair" { 11 | default = "~/.ssh/id_rsa" 12 | } 13 | 14 | variable "ssh_key_pair_pub" { 15 | default = "~/.ssh/id_rsa.pub" 16 | } 17 | 18 | variable "node_count" { 19 | default = 2 20 | } 21 | -------------------------------------------------------------------------------- /terraform-aws-for_each/README.md: -------------------------------------------------------------------------------- 1 | # Terraform `for_each` demo 2 | 3 | Environment -AWS 4 | 5 | ## Introduction 6 | 7 | Terraform will provision below resources and take note on details. 8 | 9 | - 1x VPC with subnets 10 | - Default `region = "ap-southeast-2"` (**Asia Pacific (Sydney)**), change this in `main.tf` if needed. 11 | - A new Security Group will be created as `local_access` 12 | - And other 13 | 14 | ## How to use this repository 15 | 16 | ### Step 1. Install Terraform 17 | 18 | If you haven't yet, [Download](https://www.terraform.io/downloads.html) and [Install](https://learn.hashicorp.com/tutorials/terraform/install-cli) Terraform. 19 | 20 | ### Step 2. Configure AWS Credential 21 | 22 | ```shell 23 | export AWS_ACCESS_KEY_ID= 24 | export AWS_SECRET_ACCESS_KEY= 25 | export AWS_DEFAULT_REGION=ap-southeast-2 26 | ``` 27 | 28 | Also refer [AWS CLI Configuration Guide](https://github.com/iamgini/vagrant-iac-usecases#aws-setup) for more details. 29 | 30 | ### Step 3. Create SSH Keys to Access the ec2 instances 31 | 32 | If you have existing keys, you can use that; otherwise create new ssh keys. 33 | 34 | - ***Warning**: Please remember to not to overwrite the existing ssh key pair files; use a new file name if you want to keep the old SSH keys.* 35 | 36 | ```shell 37 | $ ssh-keygen 38 | ``` 39 | 40 | - If you are using any key files other than `~/.ssh/id_rsa`, then remember to update the same in `variables.tf` as well. 41 | 42 | ## Step 4. Clone the Repository and create your Ansible Lab 43 | 44 | ```shell 45 | $ git clone https://github.com/iamgini/terraform-iac-usecases 46 | $ cd terraform-aws-for_each 47 | 48 | ## init terraform 49 | $ terraform init 50 | 51 | ## verify the resource details before apply 52 | $ terraform plan 53 | 54 | ## Apply configuration - This step will spin up all necessary resources in your AWS Account 55 | $ terraform apply 56 | . 57 | . 58 | Do you want to perform these actions? 59 | Terraform will perform the actions described above. 60 | Only 'yes' will be accepted to approve. 61 | 62 | Enter a value: yes 63 | 64 | aws_key_pair.ec2loginkey: Creating... 65 | aws_security_group.ansible_access: Creating... 66 | . 67 | . 68 | Apply complete! Resources: 0 added, 0 changed, 0 destroyed. 69 | 70 | Outputs: 71 | 72 | 73 | ``` 74 | 75 | ### Step 5. Destroy Lab Once you are Done 76 | 77 | As we know, we are dealing with FREE tier, remember to destroy the resources once you finish the lab or practicing for that day. 78 | 79 | ```shell 80 | $ terraform destroy 81 | ``` 82 | 83 | ## Appendix 84 | 85 | ### Use `local-exec` if you have Ansible installed locally 86 | 87 | If you are using Linux/Mac machine and ansible is available locally, then you an use below method for executing Terraform provisioner. (Current configuration is to execute ansible playbook from `ansible-engine` node itself.) 88 | 89 | ```json 90 | provisioner "local-exec" { 91 | command = "ansible-playbook engine-config.yaml" 92 | } 93 | ``` -------------------------------------------------------------------------------- /terraform-aws-for_each/app/aap-s3.tf: -------------------------------------------------------------------------------- 1 | # resource "aws_s3_bucket" "hub_store" { 2 | # bucket = "app-store-12345" 3 | # # acl = "private" # Options: private, public-read, public-read-write, authenticated-read 4 | # force_destroy = true 5 | # tags = { 6 | # Name = "hub-store" 7 | # Environment = "Dev" 8 | # } 9 | # } -------------------------------------------------------------------------------- /terraform-aws-for_each/app/app-ec2.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "app-nodes" { 2 | for_each = var.app_instances 3 | instance_type = each.value.instance_type 4 | associate_public_ip_address = each.value.public_ip_address 5 | 6 | ami = var.ami 7 | key_name = var.key_name 8 | subnet_id = var.subnet_id 9 | security_groups = var.vpc_security_group_ids 10 | 11 | root_block_device { 12 | volume_size = each.value.volume_size # Size in GB 13 | volume_type = "gp3" # General Purpose SSD (adjust if necessary) 14 | } 15 | 16 | tags = { 17 | Name = each.key 18 | } 19 | } 20 | 21 | 22 | # resource "aws_instance" "app-nodes" { 23 | 24 | # ami = var.ami 25 | # subnet_id = var.subnet_id 26 | # instance_type = var.instance_type 27 | # key_name = var.key_name 28 | # count = var.app_node_count 29 | # security_groups = var.vpc_security_group_ids 30 | # associate_public_ip_address = false 31 | 32 | # root_block_device { 33 | # volume_size = 40 # Size in GB 34 | # volume_type = "gp3" # General Purpose SSD (adjust if necessary) 35 | # } 36 | 37 | # tags = { 38 | # Name = var.app_node_names[count.index] 39 | # } 40 | 41 | # } 42 | -------------------------------------------------------------------------------- /terraform-aws-for_each/app/output.tf: -------------------------------------------------------------------------------- 1 | 2 | # output "ap_node_public_ips" { 3 | # value = [for instance in aws_instance.app-nodes : instance.public_ip] 4 | # description = "Public IPs of all Ansible Node instances" 5 | # } 6 | 7 | output "ec2_instances" { 8 | value = { 9 | for instance in aws_instance.app-nodes : 10 | instance.id => { 11 | name = lookup(instance.tags, "Name", "Unknown") 12 | public_ip = instance.public_ip 13 | private_ip = instance.private_ip 14 | } 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /terraform-aws-for_each/app/variables.tf: -------------------------------------------------------------------------------- 1 | variable "ami" { 2 | type = string 3 | description = "The AMI ID for the node." 4 | } 5 | 6 | variable "key_name" { 7 | type = string 8 | } 9 | 10 | variable "instance_type" { 11 | type = string 12 | description = "The instance type" 13 | default = "t2.micro" 14 | } 15 | 16 | variable "subnet_id" { 17 | type = string 18 | description = "The subnet ID for the node." 19 | } 20 | 21 | variable "app_node_names" { 22 | type = list(string) 23 | default = ["web-front","web-back","web-db"] 24 | } 25 | 26 | variable "app_node_count" { 27 | type = number 28 | description = "Number of nodes for applications" 29 | default = 3 30 | } 31 | 32 | variable "app_instances" { 33 | description = "App instance details" 34 | default = { 35 | web-front = { instance_type = "t2.micro", volume_size = 40, public_ip_address = true } 36 | web-back = { instance_type = "t3.small", volume_size = 80, public_ip_address = false } 37 | web-db = { instance_type = "t3.small", volume_size = 200, public_ip_address = false } 38 | } 39 | } 40 | 41 | 42 | # variable "tags" { 43 | # type = map(string) 44 | # default = {} 45 | # description = "AWS tags to be applied to created resources." 46 | # } 47 | 48 | # variable "target_group_arns" { 49 | # type = list(string) 50 | # default = [] 51 | # description = "The list of target group ARNs for the load balancer." 52 | # } 53 | 54 | # variable "target_group_arns_length" { 55 | # description = "The length of the 'target_group_arns' variable, to work around https://github.com/hashicorp/terraform/issues/12570." 56 | # } 57 | 58 | # variable "volume_iops" { 59 | # type = string 60 | # default = "100" 61 | # description = "The amount of IOPS to provision for the disk." 62 | # } 63 | 64 | # variable "volume_size" { 65 | # type = string 66 | # default = "200" 67 | # description = "The volume size (in gibibytes) for the node's root volume." 68 | # } 69 | 70 | # variable "storage_volume_size" { 71 | # type = string 72 | # default = "300" 73 | # description = "The volume size (in gibibytes) for the node's root volume." 74 | # } 75 | 76 | # variable "volume_type" { 77 | # type = string 78 | # default = "gp3" 79 | # description = "The volume type for the node's root volume." 80 | # } 81 | 82 | # variable "volume_kms_key_id" { 83 | # type = string 84 | # description = "The KMS key id that should be used to encrypt the node's root block device." 85 | # } 86 | 87 | # variable "vpc_id" { 88 | # type = string 89 | # description = "VPC ID is used to create resources like security group rules for machine." 90 | # } 91 | 92 | # variable "vpc_cidrs" { 93 | # type = list(string) 94 | # default = [] 95 | # description = "VPC CIDR blocks." 96 | # } 97 | 98 | variable "vpc_security_group_ids" { 99 | type = list(string) 100 | default = [] 101 | description = "VPC security group IDs for the node." 102 | } 103 | 104 | # variable "publish_strategy" { 105 | # type = string 106 | # description = "The publishing strategy for endpoints like load balancers" 107 | # } 108 | 109 | # variable "openshift_ssh_key" { 110 | # description = "Path to SSH Public Key file to use for OpenShift Installation" 111 | # type = string 112 | # default = "" 113 | # } 114 | 115 | # variable "openshift_version" { 116 | # type = string 117 | # default = "4.14.38" 118 | # } 119 | 120 | # variable "base_domain" { 121 | # type = string 122 | # description = "The DNS domain for the cluster." 123 | # } 124 | 125 | # variable "cluster_name" { 126 | # type = string 127 | # description = "The identifier for the cluster." 128 | # } -------------------------------------------------------------------------------- /terraform-aws-for_each/aws-ec2-keypair.tf: -------------------------------------------------------------------------------- 1 | # Create key pair using local ssh key 2 | resource "aws_key_pair" "ec2loginkey" { 3 | key_name = "tbly-key" 4 | ## change here if you are using different key pair 5 | public_key = file(pathexpand(var.ssh_key_pair_pub)) 6 | } -------------------------------------------------------------------------------- /terraform-aws-for_each/aws-infra-setup.tf: -------------------------------------------------------------------------------- 1 | 2 | # # Enable DNS Hostnames 3 | # resource "aws_vpc_attribute" "tbly_vpc_dns" { 4 | # vpc_id = aws_vpc.tbly_vpc.id 5 | # enable_dns_hostnames = true 6 | # } 7 | 8 | # # Create VPC Endpoint for S3 9 | # resource "aws_vpc_endpoint" "tbly_s3_vpce" { 10 | # vpc_id = aws_vpc.tbly_vpc.id 11 | # service_name = "com.amazonaws.ap-southeast-2.s3" 12 | 13 | # tags = { 14 | # Name = "tbly-vpce-s3" 15 | # } 16 | # } 17 | 18 | 19 | # Modify VPC Endpoint to add Private Route Tables 20 | resource "aws_vpc_endpoint_route_table_association" "private_rtb_assoc_1" { 21 | vpc_endpoint_id = aws_vpc_endpoint.tbly_s3_vpce.id 22 | route_table_id = aws_route_table.tbly_rtb_private1.id 23 | } 24 | 25 | resource "aws_vpc_endpoint_route_table_association" "private_rtb_assoc_2" { 26 | vpc_endpoint_id = aws_vpc_endpoint.tbly_s3_vpce.id 27 | route_table_id = aws_route_table.tbly_rtb_private2.id 28 | } 29 | -------------------------------------------------------------------------------- /terraform-aws-for_each/aws-internet-gw-attach.tf: -------------------------------------------------------------------------------- 1 | # Attach Internet Gateway to VPC 2 | # resource "aws_internet_gateway_attachment" "tbly_igw_attachment" { 3 | # vpc_id = aws_vpc.tbly_vpc.id # Replace with your VPC ID if necessary 4 | # internet_gateway_id = aws_internet_gateway.tbly_igw.id 5 | # } 6 | -------------------------------------------------------------------------------- /terraform-aws-for_each/aws-internet-gw.tf: -------------------------------------------------------------------------------- 1 | # Create Internet Gateway 2 | resource "aws_internet_gateway" "tbly_igw" { 3 | vpc_id = aws_vpc.tbly_vpc.id 4 | 5 | tags = { 6 | Name = "tbly-igw" 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /terraform-aws-for_each/aws-route-table-association.tf: -------------------------------------------------------------------------------- 1 | # Associate Public Subnets with Route Table 2 | resource "aws_route_table_association" "public_assoc_1" { 3 | subnet_id = aws_subnet.tbly_subnet_public1.id 4 | route_table_id = aws_route_table.tbly_rtb_public.id 5 | } 6 | 7 | resource "aws_route_table_association" "public_assoc_2" { 8 | subnet_id = aws_subnet.tbly_subnet_public2.id 9 | route_table_id = aws_route_table.tbly_rtb_public.id 10 | } 11 | 12 | 13 | # Associate Private Subnets with Route Tables 14 | resource "aws_route_table_association" "private_assoc_1" { 15 | subnet_id = aws_subnet.tbly_subnet_private1.id 16 | route_table_id = aws_route_table.tbly_rtb_private1.id 17 | } 18 | 19 | resource "aws_route_table_association" "private_assoc_2" { 20 | subnet_id = aws_subnet.tbly_subnet_private2.id 21 | route_table_id = aws_route_table.tbly_rtb_private2.id 22 | } -------------------------------------------------------------------------------- /terraform-aws-for_each/aws-route-table.tf: -------------------------------------------------------------------------------- 1 | # Create Private Route Tables 2 | resource "aws_route_table" "tbly_rtb_private1" { 3 | vpc_id = aws_vpc.tbly_vpc.id 4 | 5 | tags = { 6 | Name = "tbly-rtb-private1-ap-southeast-2a" 7 | } 8 | } 9 | 10 | resource "aws_route_table" "tbly_rtb_private2" { 11 | vpc_id = aws_vpc.tbly_vpc.id 12 | 13 | tags = { 14 | Name = "tbly-rtb-private2-ap-southeast-2b" 15 | } 16 | } 17 | 18 | # Attach Internet Gateway to VPC 19 | resource "aws_route_table" "tbly_rtb_public" { 20 | vpc_id = aws_vpc.tbly_vpc.id 21 | 22 | # route { 23 | # cidr_block = "0.0.0.0/0" 24 | # gateway_id = aws_internet_gateway.tbly_igw.id 25 | # } 26 | 27 | tags = { 28 | Name = "tbly-rtb-public" 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /terraform-aws-for_each/aws-routes.tf: -------------------------------------------------------------------------------- 1 | # # Create Route in Route Table 2 | resource "aws_route" "tbly_public_route" { 3 | route_table_id = aws_route_table.tbly_rtb_public.id # Reference the Route Table ID 4 | destination_cidr_block = "0.0.0.0/0" # Specify the destination CIDR block 5 | gateway_id = aws_internet_gateway.tbly_igw.id # Reference the Internet Gateway ID 6 | } 7 | -------------------------------------------------------------------------------- /terraform-aws-for_each/aws-security_group.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "local_access" { 2 | vpc_id = aws_vpc.tbly_vpc.id 3 | name = var.lab_security_group_name 4 | description = "Created by Terraform for local access" 5 | 6 | egress { 7 | from_port = 0 8 | to_port = 0 9 | protocol = "-1" 10 | cidr_blocks = ["0.0.0.0/0"] 11 | ipv6_cidr_blocks = ["::/0"] 12 | } 13 | tags = { 14 | Name = "local_access" 15 | } 16 | } 17 | 18 | resource "aws_security_group_rule" "ingress_rules_local_access" { 19 | for_each = { 20 | for k, v in var.sg_ports_local_access : k => v 21 | if contains(keys(v), "port") # filtering only ingress-like entries 22 | } 23 | 24 | type = "ingress" 25 | from_port = each.value.port 26 | to_port = each.value.port 27 | protocol = each.value.protocol 28 | security_group_id = aws_security_group.local_access.id 29 | description = each.value.description 30 | cidr_blocks = ["0.0.0.0/0"] 31 | } -------------------------------------------------------------------------------- /terraform-aws-for_each/aws-vpc-endpoints.tf: -------------------------------------------------------------------------------- 1 | # Create S3 VPC Endpoint 2 | resource "aws_vpc_endpoint" "tbly_s3_vpce" { 3 | vpc_id = aws_vpc.tbly_vpc.id 4 | service_name = "com.amazonaws.ap-southeast-2.s3" 5 | vpc_endpoint_type = "Gateway" 6 | 7 | tags = { 8 | Name = "tbly-vpce-s3" 9 | } 10 | } -------------------------------------------------------------------------------- /terraform-aws-for_each/aws-vpc-subnets.tf: -------------------------------------------------------------------------------- 1 | # Create Subnets 2 | resource "aws_subnet" "tbly_subnet_public1" { 3 | vpc_id = aws_vpc.tbly_vpc.id 4 | cidr_block = "10.0.0.0/20" 5 | availability_zone = "ap-southeast-2a" 6 | 7 | tags = { 8 | Name = "tbly-subnet-public1-ap-southeast-2a" 9 | } 10 | } 11 | 12 | resource "aws_subnet" "tbly_subnet_public2" { 13 | vpc_id = aws_vpc.tbly_vpc.id 14 | cidr_block = "10.0.16.0/20" 15 | availability_zone = "ap-southeast-2b" 16 | 17 | tags = { 18 | Name = "tbly-subnet-public2-ap-southeast-2b" 19 | } 20 | } 21 | 22 | resource "aws_subnet" "tbly_subnet_private1" { 23 | vpc_id = aws_vpc.tbly_vpc.id 24 | cidr_block = "10.0.128.0/20" 25 | availability_zone = "ap-southeast-2a" 26 | 27 | tags = { 28 | Name = "tbly-subnet-private1-ap-southeast-2a" 29 | } 30 | } 31 | 32 | resource "aws_subnet" "tbly_subnet_private2" { 33 | vpc_id = aws_vpc.tbly_vpc.id 34 | cidr_block = "10.0.144.0/20" 35 | availability_zone = "ap-southeast-2b" 36 | 37 | tags = { 38 | Name = "tbly-subnet-private2-ap-southeast-2b" 39 | } 40 | } -------------------------------------------------------------------------------- /terraform-aws-for_each/aws-vpc.tf: -------------------------------------------------------------------------------- 1 | # Create VPC 2 | resource "aws_vpc" "tbly_vpc" { 3 | cidr_block = "10.0.0.0/16" 4 | instance_tenancy = "default" 5 | 6 | enable_dns_support = true 7 | enable_dns_hostnames = true 8 | 9 | tags = { 10 | Name = var.aws_vpc_name 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /terraform-aws-for_each/main.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "ap-southeast-2" 3 | } 4 | 5 | # app nodes 6 | module "app" { 7 | source = "./app" 8 | subnet_id = aws_subnet.tbly_subnet_public1.id 9 | ami = var.aws_ami_id 10 | key_name = aws_key_pair.ec2loginkey.key_name 11 | vpc_security_group_ids = [aws_security_group.local_access.id] 12 | app_node_count = 3 13 | } 14 | -------------------------------------------------------------------------------- /terraform-aws-for_each/output.tf: -------------------------------------------------------------------------------- 1 | 2 | # output "ansible-engine" { 3 | # value = aws_instance.ansible-engine.public_ip 4 | # } 5 | 6 | # output "ansible-node-1" { 7 | # value = aws_instance.ansible-nodes[0].public_ip 8 | # } 9 | 10 | # output "ansible-node-2" { 11 | # value = aws_instance.ansible-nodes[1].public_ip 12 | # } 13 | 14 | output "app_ec2_instances" { 15 | value = module.app.ec2_instances 16 | } 17 | -------------------------------------------------------------------------------- /terraform-aws-for_each/variables.tf: -------------------------------------------------------------------------------- 1 | variable "aws_ami_id" { 2 | ## Amazon Linux 2 AMI (HVM) 3 | default = "ami-02f26adf094f51167" 4 | ## "ami-0cd31be676780afa7" 5 | } 6 | 7 | variable "aws_vpc_name" { 8 | default = "tbly_vpc" 9 | description = "Name of the VPC" 10 | } 11 | 12 | variable "ssh_key_pair" { 13 | default = "~/.ssh/id_rsa" 14 | } 15 | 16 | variable "ssh_key_pair_pub" { 17 | default = "~/.ssh/id_rsa.pub" 18 | } 19 | 20 | variable "ansible_node_count" { 21 | default = 1 22 | } 23 | 24 | variable "lab_security_group_name" { 25 | default = "tbly-sg" 26 | } 27 | 28 | variable "sg_ports_local_access" { 29 | description = "Security Group ports for local access" 30 | default = { 31 | ssh = { 32 | port = 22 33 | description = "SSH Access" 34 | protocol = "tcp" 35 | } 36 | 37 | icmp = { 38 | port = -1 39 | description = "Allow Ping (ICMP)" 40 | protocol = "icmp" 41 | } 42 | 43 | http = { 44 | port = 80 45 | description = "HTTP Access" 46 | protocol = "tcp" 47 | } 48 | 49 | https = { 50 | port = 443 51 | description = "HTTPS Access" 52 | protocol = "tcp" 53 | } 54 | 55 | postgresql = { 56 | port = 5432 57 | description = "PostgreSQL Access" 58 | protocol = "tcp" 59 | } 60 | 61 | receptor = { 62 | port = 27199 63 | description = "Receptor Access" 64 | protocol = "tcp" 65 | } 66 | 67 | redis_default = { 68 | port = 6379 69 | description = "Redis" 70 | protocol = "tcp" 71 | } 72 | 73 | redis_alt = { 74 | port = 16379 75 | description = "Redis" 76 | protocol = "tcp" 77 | } 78 | 79 | grpc = { 80 | port = 50051 81 | description = "gRPC" 82 | protocol = "tcp" 83 | } 84 | 85 | controller_nginx_https = { 86 | port = 8443 87 | description = "controller_nginx_https_port" 88 | protocol = "tcp" 89 | } 90 | 91 | hub_nginx_https = { 92 | port = 8444 93 | description = "hub_nginx_https_port" 94 | protocol = "tcp" 95 | } 96 | 97 | eda_nginx_https = { 98 | port = 8445 99 | description = "eda_nginx_https_port" 100 | protocol = "tcp" 101 | } 102 | 103 | gateway_nginx_https = { 104 | port = 8446 105 | description = "gateway_nginx_https_port" 106 | protocol = "tcp" 107 | } 108 | 109 | } 110 | } 111 | -------------------------------------------------------------------------------- /terraform-aws-openlab/README.md: -------------------------------------------------------------------------------- 1 | # AWS Open Environment - General Setup 2 | 3 | *Warning: this is still in-progress and do not use without validating* 4 | 5 | ## Introduction 6 | 7 | Terraform will provision below resources and take note on details. 8 | 9 | - 1x VPC with subnets 10 | - Default `region = "ap-southeast-2"` (**Asia Pacific (Sydney)**), change this in `main.tf` if needed. 11 | - A new Security Group will be created as `local_access` 12 | - And other 13 | 14 | ## How to use this repository 15 | 16 | ### Step 1. Install Terraform 17 | 18 | If you haven't yet, [Download](https://www.terraform.io/downloads.html) and [Install](https://learn.hashicorp.com/tutorials/terraform/install-cli) Terraform. 19 | 20 | ### Step 2. Configure AWS Credential 21 | 22 | Refer [AWS CLI Configuration Guide](https://github.com/iamgini/vagrant-iac-usecases#aws-setup) for details. 23 | 24 | ### Step 3. Create SSH Keys to Access the ec2 instances 25 | 26 | If you have existing keys, you can use that; otherwise create new ssh keys. 27 | 28 | - ***Warning**: Please remember to not to overwrite the existing ssh key pair files; use a new file name if you want to keep the old keys.* 29 | 30 | - If you are using any key files other than `~/.ssh/id_rsa`, then remember to update the same in `variables.tf` as well. 31 | 32 | ```shell 33 | $ ssh-keygen 34 | ``` 35 | 36 | ## Step 4. Clone the Repository and create your Ansible Lab 37 | 38 | ```shell 39 | $ git clone https://github.com/iamgini/terraform-iac-usecases 40 | $ cd terraform-aws-openlab 41 | 42 | ## init terraform 43 | $ terraform init 44 | 45 | ## verify the resource details before apply 46 | $ terraform plan 47 | 48 | ## Apply configuration - This step will spin up all necessary resources in your AWS Account 49 | $ terraform apply 50 | . 51 | . 52 | Do you want to perform these actions? 53 | Terraform will perform the actions described above. 54 | Only 'yes' will be accepted to approve. 55 | 56 | Enter a value: yes 57 | 58 | aws_key_pair.ec2loginkey: Creating... 59 | aws_security_group.ansible_access: Creating... 60 | . 61 | . 62 | Apply complete! Resources: 0 added, 0 changed, 0 destroyed. 63 | 64 | Outputs: 65 | 66 | 67 | ``` 68 | 69 | ### Step 5. Destroy Lab Once you are Done 70 | 71 | As we know, we are dealing with FREE tier, remember to destroy the resources once you finish the lab or practicing for that day. 72 | 73 | ```shell 74 | $ terraform destroy 75 | ``` 76 | 77 | ## Appendix 78 | 79 | ### Use `local-exec` if you have Ansible installed locally 80 | 81 | If you are using Linux/Mac machine and ansible is available locally, then you an use below method for executing Terraform provisioner. (Current configuration is to execute ansible playbook from `ansible-engine` node itself.) 82 | 83 | ```json 84 | provisioner "local-exec" { 85 | command = "ansible-playbook engine-config.yaml" 86 | } 87 | ``` -------------------------------------------------------------------------------- /terraform-aws-openlab/aap/aap-s3.tf: -------------------------------------------------------------------------------- 1 | # resource "aws_s3_bucket" "hub_store" { 2 | # bucket = "aap-hub-store-12345" 3 | # # acl = "private" # Options: private, public-read, public-read-write, authenticated-read 4 | # force_destroy = true 5 | # tags = { 6 | # Name = "hub-store" 7 | # Environment = "Dev" 8 | # } 9 | # } -------------------------------------------------------------------------------- /terraform-aws-openlab/aap/ec2-aap.tf: -------------------------------------------------------------------------------- 1 | # ================ AAP Nodes ========================= 2 | resource "aws_instance" "aap-nodes" { 3 | ami = var.ami 4 | subnet_id = var.subnet_id 5 | instance_type = var.instance_type 6 | key_name = var.key_name 7 | count = var.aap_node_count 8 | security_groups = var.vpc_security_group_ids 9 | associate_public_ip_address = true 10 | 11 | root_block_device { 12 | volume_size = 100 # Size in GB 13 | volume_type = "gp3" # General Purpose SSD (adjust if necessary) 14 | } 15 | 16 | # user_data = file("user-data-ansible-nodes.sh") 17 | 18 | tags = { 19 | Name = var.aap_node_names[count.index] 20 | } 21 | 22 | } 23 | -------------------------------------------------------------------------------- /terraform-aws-openlab/aap/output.tf: -------------------------------------------------------------------------------- 1 | 2 | # output "ansible-engine" { 3 | # value = aws_instance.ansible-engine.public_ip 4 | # } 5 | 6 | # output "aap-node-1" { 7 | # value = aws_instance.ansible-nodes[0].public_ip 8 | # } 9 | 10 | # output "ansible-node-2" { 11 | # value = aws_instance.ansible-nodes[1].public_ip 12 | # } 13 | 14 | output "aap_node_public_ips" { 15 | value = [for instance in aws_instance.aap-nodes : instance.public_ip] 16 | description = "Public IPs of all Ansible Node instances" 17 | } 18 | 19 | output "ec2_instances" { 20 | value = { 21 | for instance in aws_instance.aap-nodes : 22 | instance.id => { 23 | name = lookup(instance.tags, "Name", "Unknown") 24 | public_ip = instance.public_ip 25 | private_ip = instance.private_ip 26 | } 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /terraform-aws-openlab/aap/variables.tf: -------------------------------------------------------------------------------- 1 | variable "ami" { 2 | type = string 3 | description = "The AMI ID for the node." 4 | } 5 | 6 | variable "key_name" { 7 | type = string 8 | } 9 | 10 | variable "instance_type" { 11 | type = string 12 | description = "The instance type" 13 | default = "t3.xlarge" 14 | } 15 | 16 | variable "subnet_id" { 17 | type = string 18 | description = "The subnet ID for the node." 19 | } 20 | 21 | variable "aap_node_count" { 22 | type = number 23 | description = "Number of nodes" 24 | default = 11 25 | } 26 | 27 | variable "aap_node_names" { 28 | type = list(string) 29 | default = ["aap-ac1", "aap-ac2", "aap-gw1", "aap-gw2", "aap-hub1", "aap-hub2", "aap-eda1", "aap-eda2", "aap-db1", "aap-en1", "aap-en2",] 30 | } 31 | 32 | 33 | # variable "tags" { 34 | # type = map(string) 35 | # default = {} 36 | # description = "AWS tags to be applied to created resources." 37 | # } 38 | 39 | # variable "target_group_arns" { 40 | # type = list(string) 41 | # default = [] 42 | # description = "The list of target group ARNs for the load balancer." 43 | # } 44 | 45 | # variable "target_group_arns_length" { 46 | # description = "The length of the 'target_group_arns' variable, to work around https://github.com/hashicorp/terraform/issues/12570." 47 | # } 48 | 49 | # variable "volume_iops" { 50 | # type = string 51 | # default = "100" 52 | # description = "The amount of IOPS to provision for the disk." 53 | # } 54 | 55 | # variable "volume_size" { 56 | # type = string 57 | # default = "200" 58 | # description = "The volume size (in gibibytes) for the node's root volume." 59 | # } 60 | 61 | # variable "storage_volume_size" { 62 | # type = string 63 | # default = "300" 64 | # description = "The volume size (in gibibytes) for the node's root volume." 65 | # } 66 | 67 | # variable "volume_type" { 68 | # type = string 69 | # default = "gp3" 70 | # description = "The volume type for the node's root volume." 71 | # } 72 | 73 | # variable "volume_kms_key_id" { 74 | # type = string 75 | # description = "The KMS key id that should be used to encrypt the node's root block device." 76 | # } 77 | 78 | # variable "vpc_id" { 79 | # type = string 80 | # description = "VPC ID is used to create resources like security group rules for machine." 81 | # } 82 | 83 | # variable "vpc_cidrs" { 84 | # type = list(string) 85 | # default = [] 86 | # description = "VPC CIDR blocks." 87 | # } 88 | 89 | variable "vpc_security_group_ids" { 90 | type = list(string) 91 | default = [] 92 | description = "VPC security group IDs for the node." 93 | } 94 | 95 | # variable "publish_strategy" { 96 | # type = string 97 | # description = "The publishing strategy for endpoints like load balancers" 98 | # } 99 | 100 | # variable "openshift_ssh_key" { 101 | # description = "Path to SSH Public Key file to use for OpenShift Installation" 102 | # type = string 103 | # default = "" 104 | # } 105 | 106 | # variable "openshift_version" { 107 | # type = string 108 | # default = "4.14.38" 109 | # } 110 | 111 | # variable "base_domain" { 112 | # type = string 113 | # description = "The DNS domain for the cluster." 114 | # } 115 | 116 | # variable "cluster_name" { 117 | # type = string 118 | # description = "The identifier for the cluster." 119 | # } -------------------------------------------------------------------------------- /terraform-aws-openlab/aws-ec2-keypair.tf: -------------------------------------------------------------------------------- 1 | # Create key pair using local ssh key 2 | resource "aws_key_pair" "ec2loginkey" { 3 | key_name = "openlab-key" 4 | ## change here if you are using different key pair 5 | public_key = file(pathexpand(var.ssh_key_pair_pub)) 6 | } -------------------------------------------------------------------------------- /terraform-aws-openlab/aws-infra-setup.tf: -------------------------------------------------------------------------------- 1 | 2 | # # Enable DNS Hostnames 3 | # resource "aws_vpc_attribute" "openlab_vpc_dns" { 4 | # vpc_id = aws_vpc.openlab_vpc.id 5 | # enable_dns_hostnames = true 6 | # } 7 | 8 | # # Create VPC Endpoint for S3 9 | # resource "aws_vpc_endpoint" "openlab_s3_vpce" { 10 | # vpc_id = aws_vpc.openlab_vpc.id 11 | # service_name = "com.amazonaws.ap-southeast-2.s3" 12 | 13 | # tags = { 14 | # Name = "openlab-vpce-s3" 15 | # } 16 | # } 17 | 18 | 19 | # Modify VPC Endpoint to add Private Route Tables 20 | resource "aws_vpc_endpoint_route_table_association" "private_rtb_assoc_1" { 21 | vpc_endpoint_id = aws_vpc_endpoint.openlab_s3_vpce.id 22 | route_table_id = aws_route_table.openlab_rtb_private1.id 23 | } 24 | 25 | resource "aws_vpc_endpoint_route_table_association" "private_rtb_assoc_2" { 26 | vpc_endpoint_id = aws_vpc_endpoint.openlab_s3_vpce.id 27 | route_table_id = aws_route_table.openlab_rtb_private2.id 28 | } 29 | -------------------------------------------------------------------------------- /terraform-aws-openlab/aws-internet-gw-attach.tf: -------------------------------------------------------------------------------- 1 | # Attach Internet Gateway to VPC 2 | # resource "aws_internet_gateway_attachment" "openlab_igw_attachment" { 3 | # vpc_id = aws_vpc.openlab_vpc.id # Replace with your VPC ID if necessary 4 | # internet_gateway_id = aws_internet_gateway.openlab_igw.id 5 | # } 6 | -------------------------------------------------------------------------------- /terraform-aws-openlab/aws-internet-gw.tf: -------------------------------------------------------------------------------- 1 | # Create Internet Gateway 2 | resource "aws_internet_gateway" "openlab_igw" { 3 | vpc_id = aws_vpc.openlab_vpc.id 4 | 5 | tags = { 6 | Name = "openlab-igw" 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /terraform-aws-openlab/aws-route-table-association.tf: -------------------------------------------------------------------------------- 1 | # Associate Public Subnets with Route Table 2 | resource "aws_route_table_association" "public_assoc_1" { 3 | subnet_id = aws_subnet.openlab_subnet_public1.id 4 | route_table_id = aws_route_table.openlab_rtb_public.id 5 | } 6 | 7 | resource "aws_route_table_association" "public_assoc_2" { 8 | subnet_id = aws_subnet.openlab_subnet_public2.id 9 | route_table_id = aws_route_table.openlab_rtb_public.id 10 | } 11 | 12 | 13 | # Associate Private Subnets with Route Tables 14 | resource "aws_route_table_association" "private_assoc_1" { 15 | subnet_id = aws_subnet.openlab_subnet_private1.id 16 | route_table_id = aws_route_table.openlab_rtb_private1.id 17 | } 18 | 19 | resource "aws_route_table_association" "private_assoc_2" { 20 | subnet_id = aws_subnet.openlab_subnet_private2.id 21 | route_table_id = aws_route_table.openlab_rtb_private2.id 22 | } -------------------------------------------------------------------------------- /terraform-aws-openlab/aws-route-table.tf: -------------------------------------------------------------------------------- 1 | # Create Private Route Tables 2 | resource "aws_route_table" "openlab_rtb_private1" { 3 | vpc_id = aws_vpc.openlab_vpc.id 4 | 5 | tags = { 6 | Name = "openlab-rtb-private1-ap-southeast-2a" 7 | } 8 | } 9 | 10 | resource "aws_route_table" "openlab_rtb_private2" { 11 | vpc_id = aws_vpc.openlab_vpc.id 12 | 13 | tags = { 14 | Name = "openlab-rtb-private2-ap-southeast-2b" 15 | } 16 | } 17 | 18 | # Attach Internet Gateway to VPC 19 | resource "aws_route_table" "openlab_rtb_public" { 20 | vpc_id = aws_vpc.openlab_vpc.id 21 | 22 | # route { 23 | # cidr_block = "0.0.0.0/0" 24 | # gateway_id = aws_internet_gateway.openlab_igw.id 25 | # } 26 | 27 | tags = { 28 | Name = "openlab-rtb-public" 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /terraform-aws-openlab/aws-routes.tf: -------------------------------------------------------------------------------- 1 | # # Create Route in Route Table 2 | resource "aws_route" "openlab_public_route" { 3 | route_table_id = aws_route_table.openlab_rtb_public.id # Reference the Route Table ID 4 | destination_cidr_block = "0.0.0.0/0" # Specify the destination CIDR block 5 | gateway_id = aws_internet_gateway.openlab_igw.id # Reference the Internet Gateway ID 6 | } 7 | -------------------------------------------------------------------------------- /terraform-aws-openlab/aws-security_group.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "local_access" { 2 | vpc_id = aws_vpc.openlab_vpc.id 3 | name = var.lab_security_group_name 4 | description = "Created by Terraform" 5 | 6 | ingress { 7 | description = "SSH Access" 8 | from_port = 22 9 | to_port = 22 10 | protocol = "tcp" 11 | cidr_blocks = ["0.0.0.0/0"] 12 | } 13 | 14 | # Allow ICMP (Ping) 15 | ingress { 16 | description = "Allow Ping (ICMP)" 17 | from_port = -1 18 | to_port = -1 19 | protocol = "icmp" 20 | cidr_blocks = ["0.0.0.0/0"] 21 | } 22 | 23 | ingress { 24 | description = "HTTP Access" 25 | from_port = 80 26 | to_port = 80 27 | protocol = "tcp" 28 | cidr_blocks = ["0.0.0.0/0"] 29 | } 30 | 31 | ingress { 32 | description = "HTTPS Access" 33 | from_port = 443 34 | to_port = 443 35 | protocol = "tcp" 36 | cidr_blocks = ["0.0.0.0/0"] 37 | } 38 | 39 | ingress { 40 | description = "PostgreSQL Access" 41 | from_port = 5432 42 | to_port = 5432 43 | protocol = "tcp" 44 | cidr_blocks = ["0.0.0.0/0"] 45 | } 46 | 47 | ingress { 48 | description = "Receptor Access" 49 | from_port = 27199 50 | to_port = 27199 51 | protocol = "tcp" 52 | cidr_blocks = ["0.0.0.0/0"] 53 | } 54 | 55 | ingress { 56 | description = "Redis" 57 | from_port = 6379 58 | to_port = 6379 59 | protocol = "tcp" 60 | cidr_blocks = ["0.0.0.0/0"] 61 | } 62 | 63 | ingress { 64 | description = "Redis" 65 | from_port = 16379 66 | to_port = 16379 67 | protocol = "tcp" 68 | cidr_blocks = ["0.0.0.0/0"] 69 | } 70 | 71 | ingress { 72 | description = "gRPC" 73 | from_port = 50051 74 | to_port = 50051 75 | protocol = "tcp" 76 | cidr_blocks = ["0.0.0.0/0"] 77 | } 78 | 79 | ingress { 80 | description = "controller_nginx_https_port" 81 | from_port = 8443 82 | to_port = 8443 83 | protocol = "tcp" 84 | cidr_blocks = ["0.0.0.0/0"] 85 | } 86 | 87 | ingress { 88 | description = "hub_nginx_https_port" 89 | from_port = 8444 90 | to_port = 8444 91 | protocol = "tcp" 92 | cidr_blocks = ["0.0.0.0/0"] 93 | } 94 | 95 | ingress { 96 | description = "eda_nginx_https_port" 97 | from_port = 8445 98 | to_port = 8445 99 | protocol = "tcp" 100 | cidr_blocks = ["0.0.0.0/0"] 101 | } 102 | 103 | ingress { 104 | description = "gateway_nginx_https_port" 105 | from_port = 8446 106 | to_port = 8446 107 | protocol = "tcp" 108 | cidr_blocks = ["0.0.0.0/0"] 109 | } 110 | 111 | egress { 112 | from_port = 0 113 | to_port = 0 114 | protocol = "-1" 115 | cidr_blocks = ["0.0.0.0/0"] 116 | ipv6_cidr_blocks = ["::/0"] 117 | } 118 | 119 | tags = { 120 | Name = "allow_ssh" 121 | } 122 | } -------------------------------------------------------------------------------- /terraform-aws-openlab/aws-vpc-endpoints.tf: -------------------------------------------------------------------------------- 1 | # Create S3 VPC Endpoint 2 | resource "aws_vpc_endpoint" "openlab_s3_vpce" { 3 | vpc_id = aws_vpc.openlab_vpc.id 4 | service_name = "com.amazonaws.ap-southeast-2.s3" 5 | vpc_endpoint_type = "Gateway" 6 | 7 | tags = { 8 | Name = "openlab-vpce-s3" 9 | } 10 | } -------------------------------------------------------------------------------- /terraform-aws-openlab/aws-vpc-subnets.tf: -------------------------------------------------------------------------------- 1 | # Create Subnets 2 | resource "aws_subnet" "openlab_subnet_public1" { 3 | vpc_id = aws_vpc.openlab_vpc.id 4 | cidr_block = "10.0.0.0/20" 5 | availability_zone = "ap-southeast-2a" 6 | 7 | tags = { 8 | Name = "openlab-subnet-public1-ap-southeast-2a" 9 | } 10 | } 11 | 12 | resource "aws_subnet" "openlab_subnet_public2" { 13 | vpc_id = aws_vpc.openlab_vpc.id 14 | cidr_block = "10.0.16.0/20" 15 | availability_zone = "ap-southeast-2b" 16 | 17 | tags = { 18 | Name = "openlab-subnet-public2-ap-southeast-2b" 19 | } 20 | } 21 | 22 | resource "aws_subnet" "openlab_subnet_private1" { 23 | vpc_id = aws_vpc.openlab_vpc.id 24 | cidr_block = "10.0.128.0/20" 25 | availability_zone = "ap-southeast-2a" 26 | 27 | tags = { 28 | Name = "openlab-subnet-private1-ap-southeast-2a" 29 | } 30 | } 31 | 32 | resource "aws_subnet" "openlab_subnet_private2" { 33 | vpc_id = aws_vpc.openlab_vpc.id 34 | cidr_block = "10.0.144.0/20" 35 | availability_zone = "ap-southeast-2b" 36 | 37 | tags = { 38 | Name = "openlab-subnet-private2-ap-southeast-2b" 39 | } 40 | } -------------------------------------------------------------------------------- /terraform-aws-openlab/aws-vpc.tf: -------------------------------------------------------------------------------- 1 | # Create VPC 2 | resource "aws_vpc" "openlab_vpc" { 3 | cidr_block = "10.0.0.0/16" 4 | instance_tenancy = "default" 5 | 6 | enable_dns_support = true 7 | enable_dns_hostnames = true 8 | 9 | tags = { 10 | Name = var.aws_vpc_name 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /terraform-aws-openlab/main.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "ap-southeast-2" 3 | ## if you want to mention the aws credential from different path, enable below line 4 | # shared_credentials_file = "$HOME/.aws/credentials" 5 | # profile = "openlab" 6 | #version = ">=2.0" 7 | } 8 | 9 | # Comment the below one if not required 10 | module "aap" { 11 | source = "./aap" 12 | 13 | subnet_id = aws_subnet.openlab_subnet_public1.id 14 | ami = var.aws_ami_id 15 | key_name = aws_key_pair.ec2loginkey.key_name 16 | vpc_security_group_ids = [aws_security_group.local_access.id] 17 | aap_node_count = 9 18 | } 19 | -------------------------------------------------------------------------------- /terraform-aws-openlab/output.tf: -------------------------------------------------------------------------------- 1 | 2 | # output "ansible-engine" { 3 | # value = aws_instance.ansible-engine.public_ip 4 | # } 5 | 6 | # output "ansible-node-1" { 7 | # value = aws_instance.ansible-nodes[0].public_ip 8 | # } 9 | 10 | # output "ansible-node-2" { 11 | # value = aws_instance.ansible-nodes[1].public_ip 12 | # } 13 | 14 | output "aap_ec2_instances" { 15 | value = module.aap.ec2_instances 16 | } 17 | -------------------------------------------------------------------------------- /terraform-aws-openlab/variables.tf: -------------------------------------------------------------------------------- 1 | variable "aws_ami_id" { 2 | ## Amazon Linux 2 AMI (HVM) 3 | default = "ami-02f26adf094f51167" 4 | ## "ami-0cd31be676780afa7" 5 | } 6 | 7 | variable "aws_vpc_name" { 8 | default = "openlab_vpc" 9 | description = "Name of the VPC" 10 | } 11 | 12 | variable "ssh_key_pair" { 13 | default = "~/.ssh/id_rsa" 14 | #default = "~/.ssh/id_rsa_ansilble_lab" 15 | } 16 | 17 | variable "ssh_key_pair_pub" { 18 | default = "~/.ssh/id_rsa.pub" 19 | #default = "~/.ssh/id_rsa_ansilble_lab.pub" 20 | } 21 | 22 | variable "ansible_node_count" { 23 | default = 1 24 | } 25 | 26 | variable "lab_security_group_name" { 27 | default = "openlab-sg" 28 | } 29 | -------------------------------------------------------------------------------- /terraform-gcp-demo/README.md: -------------------------------------------------------------------------------- 1 | # GCP Sandbox using Terraform 2 | 3 | This is a simple GCP Instance provisionin script using Terraform. (I use this for quick VM provisioning and do testing using Ansible Playbooks latr; and ofcourse destroy it later) 4 | 5 | - Add your SSH Public Key to GCP -> Metadata -> SSH Keys. The new VM will have this automatically and you can directly access the VM using the the ssk key. 6 | 7 | 8 | - See all [Regions and zones](https://cloud.google.com/compute/docs/regions-zones) Available. (Also see [Global, regional, and zonal resources](https://cloud.google.com/compute/docs/regions-zones/global-regional-zonal-resources)) 9 | - [Getting Started with the Google Provider](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/getting_started) -------------------------------------------------------------------------------- /terraform-gcp-demo/gcp-instance.tf: -------------------------------------------------------------------------------- 1 | provider "google" { 2 | credentials = file("~/.gcp/mg-devops-febabc6f0c0a.json") 3 | project = "mg-devops" 4 | region = "asia-southeast1" # Singapore 5 | zone = "asia-southeast1-a" 6 | } 7 | 8 | resource "google_compute_instance" "gcp_sandbox" { 9 | name = "gcp-sandbox" 10 | machine_type = "n1-standard-1" 11 | zone = "us-central1-c" 12 | tags = ["foo", "bar"] 13 | 14 | boot_disk { 15 | initialize_params { 16 | image = "debian-cloud/debian-9" 17 | } 18 | } 19 | 20 | // Local SSD disk 21 | scratch_disk { 22 | interface = "SCSI" 23 | } 24 | 25 | network_interface { 26 | network = "default" 27 | access_config { 28 | // Ephemeral IP 29 | } 30 | } 31 | 32 | metadata = { 33 | foo = "bar" 34 | } 35 | 36 | metadata_startup_script = "echo hi > /test.txt" 37 | 38 | service_account { 39 | scopes = ["userinfo-email", "compute-ro", "storage-ro"] 40 | } 41 | } -------------------------------------------------------------------------------- /terraform-multi-instance-ebs-aws/.terraform.lock.hcl: -------------------------------------------------------------------------------- 1 | # This file is maintained automatically by "terraform init". 2 | # Manual edits may be lost in future updates. 3 | 4 | provider "registry.terraform.io/hashicorp/aws" { 5 | version = "3.52.0" 6 | hashes = [ 7 | "h1:Fy/potyWfS8NVumHqWi6STgaQUX66diUmgZDfFNBeXU=", 8 | "zh:04a4f8a1b34292fd6a72c1efe03f6f10186ecbdc318df36d462d0be1c21ce72d", 9 | "zh:0601006f14f437489902555720dd8fb4e67450356438bab64b61cf6d0e1af681", 10 | "zh:14214e996b8db0a2038b74a2ddbea7356b3e53f73003cde2c9069294d9a6c421", 11 | "zh:17d1ecc280d776271b0fc0fd6a4033933be8e67eb6a39b7bfb3c242cd218645f", 12 | "zh:247ae4bc3b52fba96ed1593e7b23d62da0d2c99498fc0d968fcf28020df3c3aa", 13 | "zh:2e0432fabeb5e44d756a5566168768f1b6dea3cc0e5650fac966820e90d18367", 14 | "zh:34f6f95b88c5d8c105d9a3b7d2712e7df1181948bfbef33bb6a87d7a77c20c0d", 15 | "zh:3de6bf02b9499bf8dc13843da72a03db5ae8188b8157f0e7b3d5bf1d7cd1ac8b", 16 | "zh:43198a223ea6d6dfb82deac62b29181c3be18dc77b9ef9f8d44c32b08e44ea5c", 17 | "zh:a7de44c9445c100a2823c371df03fcaa9ecb1642750ccdc02294fa6cd1095859", 18 | "zh:c3c44bd07e5b6cdb776ff674e39feb708ba3ee3d0dff2c88d1d5db323094d942", 19 | ] 20 | } 21 | -------------------------------------------------------------------------------- /terraform-multi-instance-ebs-aws/README.md: -------------------------------------------------------------------------------- 1 | Terraform with Multi EBS Volume 2 | -------------------------------------------------------------------------------- /terraform-multi-instance-ebs-aws/aws-auto-scaling-group.tf: -------------------------------------------------------------------------------- 1 | resource "aws_autoscaling_group" "multi-instance-asg" { 2 | name = "multi-instance-asg" 3 | availability_zones = data.aws_availability_zones.az_list.names 4 | #vpc_zone_identifier = var.vpc_zone_identifier 5 | #launch_configuration = aws_launch_configuration.test.name 6 | #launch_template = "multi-instance-lt" 7 | launch_template { 8 | id = aws_launch_template.multi-instance-lt.id 9 | version = "$Latest" 10 | } 11 | min_size = 3 12 | max_size = 3 13 | desired_capacity = 3 14 | force_delete = true 15 | wait_for_capacity_timeout = "15m" 16 | 17 | tag { 18 | key = "Name" 19 | value = "multi-instances" 20 | propagate_at_launch = true 21 | } 22 | 23 | #tags = { 24 | # Name = "multi-instance" #-${count.index + 1}" 25 | #} 26 | tag { 27 | key = "Environment" 28 | value = "test" 29 | propagate_at_launch = true 30 | } 31 | 32 | } -------------------------------------------------------------------------------- /terraform-multi-instance-ebs-aws/aws-launch-template.tf: -------------------------------------------------------------------------------- 1 | resource "aws_launch_template" "multi-instance-lt" { 2 | name = "multi-instance-lt" 3 | 4 | # additional 2GB volume as /dev/sda1 5 | block_device_mappings { 6 | device_name = "/dev/sda1" 7 | ebs { 8 | volume_size = 2 9 | } 10 | } 11 | 12 | # additional 1GB volume as /dev/sda2 13 | block_device_mappings { 14 | device_name = "/dev/sda2" 15 | ebs { 16 | volume_size = 1 17 | } 18 | } 19 | 20 | capacity_reservation_specification { 21 | capacity_reservation_preference = "open" 22 | } 23 | 24 | #cpu_options { 25 | # core_count = 1 26 | # threads_per_core = 1 27 | #} 28 | 29 | credit_specification { 30 | cpu_credits = "standard" 31 | } 32 | 33 | disable_api_termination = true 34 | 35 | #ebs_optimized = true 36 | 37 | #elastic_gpu_specifications { 38 | # type = "test" 39 | #} 40 | 41 | #elastic_inference_accelerator { 42 | # type = "eia1.medium" 43 | #} 44 | 45 | #iam_instance_profile { 46 | # name = "test" 47 | #} 48 | 49 | image_id = var.ami #"ami-test" 50 | 51 | instance_initiated_shutdown_behavior = "terminate" 52 | 53 | #instance_market_options { 54 | # market_type = "spot" 55 | #} 56 | 57 | instance_type = "t2.micro" 58 | 59 | #kernel_id = "test" 60 | 61 | key_name = aws_key_pair.ec2loginkey.id #"ansible-lab-key" 62 | 63 | #license_specification { 64 | # license_configuration_arn = "arn:aws:license-manager:eu-west-1:123456789012:license-configuration:lic-0123456789abcdef0123456789abcdef" 65 | #} 66 | 67 | #metadata_options { 68 | # http_endpoint = "enabled" 69 | # http_tokens = "required" 70 | # http_put_response_hop_limit = 1 71 | #} 72 | 73 | #monitoring { 74 | # enabled = true 75 | #} 76 | 77 | network_interfaces { 78 | associate_public_ip_address = true 79 | } 80 | 81 | #placement { 82 | # availability_zone = "us-west-2a" 83 | #} 84 | 85 | #ram_disk_id = "test" 86 | 87 | #vpc_security_group_ids = ["sg-12345678"] 88 | 89 | tag_specifications { 90 | resource_type = "instance" 91 | 92 | tags = { 93 | Name = "test" 94 | } 95 | } 96 | 97 | #user_data = filebase64("${path.module}/example.sh") 98 | } -------------------------------------------------------------------------------- /terraform-multi-instance-ebs-aws/data-availability-zones.tf: -------------------------------------------------------------------------------- 1 | data "aws_availability_zones" "az_list" { 2 | state = "available" 3 | } 4 | -------------------------------------------------------------------------------- /terraform-multi-instance-ebs-aws/main.tf: -------------------------------------------------------------------------------- 1 | # Prodider Block 2 | 3 | provider "aws" { 4 | region = var.region 5 | profile = var.profile 6 | } 7 | 8 | resource "aws_key_pair" "ec2loginkey" { 9 | key_name = "ec2loginkey" 10 | ## change here if you are using different key pair 11 | public_key = file(pathexpand(var.ssh_key_pair_pub)) 12 | } -------------------------------------------------------------------------------- /terraform-multi-instance-ebs-aws/security-group.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "multi-instance-sg" { 2 | #vpc_id = var.ex_vpc 3 | name = "multi-instance-sg" 4 | description = "For multi-instance ASG" 5 | 6 | ingress { 7 | from_port = 22 8 | to_port = 22 9 | protocol = "tcp" 10 | cidr_blocks = ["0.0.0.0/0"] 11 | } 12 | ingress { 13 | from_port = 80 14 | to_port = 80 15 | protocol = "tcp" 16 | cidr_blocks = ["0.0.0.0/0"] 17 | } 18 | 19 | egress { 20 | from_port = 0 21 | to_port = 0 22 | protocol = "-1" 23 | cidr_blocks = ["0.0.0.0/0"] 24 | 25 | } 26 | } -------------------------------------------------------------------------------- /terraform-multi-instance-ebs-aws/variables.tf: -------------------------------------------------------------------------------- 1 | variable "region" { 2 | default = "ap-southeast-1" 3 | } 4 | variable "tier" { 5 | default = "test" 6 | 7 | } 8 | variable "instance_type" { 9 | default = "t2.micro" 10 | } 11 | 12 | variable "ami" { 13 | default = "ami-02f26adf094f51167" #"ami-0b0af3577fe5e3532" 14 | } 15 | 16 | variable "root_size" { 17 | default = 10 18 | 19 | } 20 | variable "vpc_zone_identifier" { 21 | default = ["subnet-ddc15182", "subnet-d80f9bbe", "subnet-a2a43683"] 22 | 23 | } 24 | 25 | variable "ex_vpc" { 26 | default = "vpc-25349458" 27 | } 28 | 29 | variable "profile" { 30 | default = "ansible" 31 | } 32 | 33 | variable "ec2_keypair" { 34 | default = "forall" 35 | } 36 | 37 | variable "ssh_key_pair" { 38 | default = "~/.ssh/id_rsa" 39 | } 40 | 41 | variable "ssh_key_pair_pub" { 42 | default = "~/.ssh/id_rsa.pub" 43 | } 44 | 45 | variable "azs" { 46 | type = list(any) 47 | default = ["us-east-1b", "us-east-1a", "us-east-1c"] 48 | #default = ["us-east-1a", "us-east-1b", "us-east-1c"] 49 | } 50 | 51 | variable "device_name" { 52 | default = "/dev/xvdf" 53 | } 54 | 55 | /* 56 | variable "azs" { 57 | type = map 58 | default = { 59 | 0 = "us-east-1a" 60 | 1 = "us-east-1b" 61 | 2 = "us-east-1c" 62 | } 63 | } 64 | */ 65 | 66 | -------------------------------------------------------------------------------- /terraform-onboarding/demo-attributes-and-output/attributes.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "ap-southeast-1" 3 | shared_credentials_file = "$HOME/.aws/credentials" 4 | profile = "default" 5 | version = ">=2.0" 6 | } 7 | 8 | resource "aws_eip" "lb" { 9 | vpc = true 10 | } 11 | 12 | resource "aws_s3_bucket" "mys3" { 13 | bucket = "demo-onboarding-20200903" 14 | } 15 | 16 | output "eip" { 17 | value = aws_eip.lb.public_ip 18 | } 19 | 20 | output "mys3bucket" { 21 | value = aws_s3_bucket.mys3.bucket_domain_name 22 | } 23 | 24 | -------------------------------------------------------------------------------- /terraform-onboarding/demo-conditional/condition.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "ap-southeast-1" 3 | shared_credentials_file = "$HOME/.aws/credentials" 4 | profile = "default" 5 | version = ">=2.0" 6 | } 7 | 8 | variable "testorprod" {} 9 | 10 | resource "aws_instance" "prod" { 11 | ami = "ami-0cd31be676780afa7" 12 | instance_type = "t2.micro" 13 | # if var.testorprod is false, then create 1 instance, else 0 instance 14 | count = var.testorprod == false ? 2 : 0 15 | } 16 | 17 | resource "aws_instance" "dev" { 18 | ami = "ami-0cd31be676780afa7" 19 | instance_type = "t2.large" 20 | # if var.testorprod is true, then create 1 instance, else 0 instance 21 | count = var.testorprod == true ? 1 : 0 22 | } -------------------------------------------------------------------------------- /terraform-onboarding/demo-count-n-index/count.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "ap-southeast-1" 3 | shared_credentials_file = "$HOME/.aws/credentials" 4 | profile = "default" 5 | version = ">=2.0" 6 | } 7 | 8 | variable "instance_names" { 9 | type = list 10 | default = ["web-front","web-back","web-db"] 11 | } 12 | 13 | resource "aws_instance" "multi-instance" { 14 | ami = "ami-0cd31be676780afa7" 15 | instance_type = "t2.micro" 16 | count = 3 17 | 18 | tags = { 19 | Name = var.instance_names[count.index] 20 | # or 21 | # Name = "hello-${count.index}" 22 | } 23 | } 24 | 25 | variable "elb_names" { 26 | type = list 27 | default = ["dev-loadbalancer", "stage-loadbalanacer","prod-loadbalancer"] 28 | } 29 | 30 | resource "aws_iam_user" "lb" { 31 | name = var.elb_names[count.index] 32 | count = 3 33 | path = "/system/" 34 | } -------------------------------------------------------------------------------- /terraform-onboarding/demo-data-sources/data-source.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "ap-southeast-1" 3 | shared_credentials_file = "$HOME/.aws/credentials" 4 | profile = "default" 5 | version = ">=2.0" 6 | } 7 | 8 | data "aws_ami" "app_ami" { 9 | most_recent = true 10 | owners = ["amazon"] 11 | 12 | filter { 13 | name = "name" 14 | values = ["amzn2-ami-hvm*"] 15 | } 16 | } 17 | 18 | resource "aws_instance" "app-dev" { 19 | ami = data.aws_ami.app_ami.id 20 | instance_type = "t2.micro" 21 | } 22 | 23 | /* 24 | output "ami" { 25 | value = data.aws_ami.app_ami 26 | } 27 | */ -------------------------------------------------------------------------------- /terraform-onboarding/demo-datatypes/main.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "ap-southeast-1" 3 | shared_credentials_file = "$HOME/.aws/credentials" 4 | profile = "default" 5 | version = ">=2.0" 6 | } 7 | 8 | resource "aws_elb" "bar" { 9 | name = var.elb_name 10 | availability_zones = var.az 11 | 12 | listener { 13 | instance_port = 8000 14 | instance_protocol = "http" 15 | lb_port = 80 16 | lb_protocol = "http" 17 | } 18 | 19 | health_check { 20 | healthy_threshold = 2 21 | unhealthy_threshold = 2 22 | timeout = var.timeout 23 | target = "HTTP:8000/" 24 | interval = 30 25 | } 26 | 27 | cross_zone_load_balancing = true 28 | idle_timeout = var.timeout 29 | connection_draining = true 30 | connection_draining_timeout = var.timeout 31 | 32 | tags = { 33 | Name = "foobar-terraform-elb" 34 | } 35 | } -------------------------------------------------------------------------------- /terraform-onboarding/demo-datatypes/variables.tf: -------------------------------------------------------------------------------- 1 | /* 2 | variable "usernumber" { 3 | type = number 4 | } 5 | */ 6 | variable "elb_name" { 7 | type = string 8 | } 9 | 10 | variable "az" { 11 | type = list 12 | } 13 | 14 | variable "timeout" { 15 | type = number 16 | } -------------------------------------------------------------------------------- /terraform-onboarding/demo-digital-ocean-droplet/digital-ocean.tf: -------------------------------------------------------------------------------- 1 | provider "digitalocean" { 2 | token = "YOUR-TOKEN" 3 | } 4 | 5 | 6 | resource "digitalocean_droplet" "doinstance" { 7 | image = "ubuntu-18-04-x64" 8 | name = "prod" 9 | region = "nyc1" 10 | size = "s-1vcpu-1gb" 11 | } 12 | 13 | 14 | /* 15 | Ref: https://registry.terraform.io/providers/digitalocean/digitalocean/latest/docs/resources/droplet 16 | /* -------------------------------------------------------------------------------- /terraform-onboarding/demo-dynamic-block/dynamic-blocks.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "ap-southeast-1" 3 | shared_credentials_file = "$HOME/.aws/credentials" 4 | profile = "default" 5 | version = ">=2.0" 6 | } 7 | 8 | variable "sg_ports" { 9 | type = list(number) 10 | description = "list of ingress ports" 11 | default = [8200, 8201,8300, 9200, 9500] 12 | } 13 | 14 | resource "aws_security_group" "dynamicsg" { 15 | name = "dynamic-sg" 16 | description = "Ingress for Vault" 17 | 18 | dynamic "ingress" { 19 | for_each = var.sg_ports 20 | iterator = port 21 | content { 22 | from_port = port.value 23 | to_port = port.value 24 | protocol = "tcp" 25 | cidr_blocks = ["0.0.0.0/0"] 26 | } 27 | } 28 | 29 | dynamic "egress" { 30 | for_each = var.sg_ports 31 | content { 32 | from_port = egress.value 33 | to_port = egress.value 34 | protocol = "tcp" 35 | cidr_blocks = ["0.0.0.0/0"] 36 | } 37 | } 38 | } 39 | 40 | /* Before..... 41 | 42 | ingress { 43 | from_port = 8200 44 | to_port = 8200 45 | protocol = "tcp" 46 | cidr_blocks = ["0.0.0.0/0"] 47 | } 48 | */ -------------------------------------------------------------------------------- /terraform-onboarding/demo-ec2/ec2.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "ap-southeast-1" 3 | shared_credentials_file = "$HOME/.aws/credentials" 4 | profile = "default" 5 | version = ">=2.0" 6 | } 7 | 8 | resource "aws_instance" "web" { 9 | ami = "ami-0cd31be676780afa7" 10 | instance_type = "t2.micro" 11 | 12 | tags = { 13 | Name = "FirstEC2" 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /terraform-onboarding/demo-functions/functions.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "ap-southeast-1" 3 | shared_credentials_file = "$HOME/.aws/credentials" 4 | profile = "default" 5 | version = ">=2.0" 6 | } 7 | 8 | locals { 9 | time = formatdate("DD MMM YYYY hh:mm ZZZ", timestamp()) 10 | } 11 | 12 | variable "region" { 13 | default = "ap-south-1" 14 | } 15 | 16 | variable "tags" { 17 | type = list 18 | default = ["firstec2","secondec2"] 19 | } 20 | 21 | variable "ami" { 22 | type = map 23 | default = { 24 | "us-east-1" = "ami-0323c3dd2da7fb37d" 25 | "us-west-2" = "ami-0d6621c01e8c2de2c" 26 | "ap-south-1" = "ami-0470e33cd681b2476" 27 | } 28 | } 29 | 30 | resource "aws_key_pair" "loginkey" { 31 | key_name = "login-key" 32 | public_key = file("${path.module}/id_rsa.pub") 33 | } 34 | 35 | resource "aws_instance" "app-dev" { 36 | ami = lookup(var.ami,var.region) 37 | instance_type = "t2.micro" 38 | key_name = aws_key_pair.loginkey.key_name 39 | count = 2 40 | 41 | tags = { 42 | Name = element(var.tags,count.index) 43 | } 44 | } 45 | 46 | 47 | output "timestamp" { 48 | value = local.time 49 | } -------------------------------------------------------------------------------- /terraform-onboarding/demo-graph/graph.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "ap-southeast-1" 3 | shared_credentials_file = "$HOME/.aws/credentials" 4 | profile = "default" 5 | version = ">=2.0" 6 | } 7 | 8 | resource "aws_instance" "myec2" { 9 | ami = "ami-082b5a644766e0e6f" 10 | instance_type = "t2.micro" 11 | } 12 | 13 | resource "aws_eip" "lb" { 14 | instance = aws_instance.myec2.id 15 | vpc = true 16 | } 17 | 18 | resource "aws_security_group" "allow_tls" { 19 | name = "allow_tls" 20 | 21 | ingress { 22 | description = "TLS from VPC" 23 | from_port = 443 24 | to_port = 443 25 | protocol = "tcp" 26 | cidr_blocks = ["${aws_eip.lb.private_ip}/32"] 27 | 28 | } 29 | } -------------------------------------------------------------------------------- /terraform-onboarding/demo-import/ec2.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "myec2" { 2 | ami = "ami-0b1e534a4ff9019e0" 3 | instance_type = "t2.micro" 4 | vpc_security_group_ids = ["sg-5dee7129","sg-061c527def3061da2"] 5 | key_name = "tf-20200805" 6 | subnet_id = "subnet-3f9f5877" 7 | 8 | tags = { 9 | Name = "test" 10 | Env = "Prod" 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /terraform-onboarding/demo-import/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "ap-southeast-1" 3 | #shared_credentials_file = "$HOME/.aws/credentials" 4 | #profile = "default" 5 | #version = ">=2.0" 6 | } -------------------------------------------------------------------------------- /terraform-onboarding/demo-load-order/ec2.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "prod" { 2 | ami = "ami-0cd31be676780afa7" 3 | instance_type = "t2.micro" 4 | } -------------------------------------------------------------------------------- /terraform-onboarding/demo-load-order/iamuser.tf: -------------------------------------------------------------------------------- 1 | resource "aws_iam_user" "lb" { 2 | name = var.iam_user 3 | path = "/system/" 4 | } -------------------------------------------------------------------------------- /terraform-onboarding/demo-load-order/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "ap-southeast-1" 3 | shared_credentials_file = "$HOME/.aws/credentials" 4 | profile = "default" 5 | version = ">=2.0" 6 | } -------------------------------------------------------------------------------- /terraform-onboarding/demo-load-order/variables.tf: -------------------------------------------------------------------------------- 1 | variable "iam_user" { 2 | default = "demouser" 3 | } -------------------------------------------------------------------------------- /terraform-onboarding/demo-localvalues/localvalues.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "ap-southeast-1" 3 | shared_credentials_file = "$HOME/.aws/credentials" 4 | profile = "default" 5 | version = ">=2.0" 6 | } 7 | 8 | locals { 9 | common_tags = { 10 | Owner = "Dev Team" 11 | Service = "Backend" 12 | } 13 | } 14 | 15 | resource "aws_instance" "dev" { 16 | ami = "ami-0cd31be676780afa7" 17 | instance_type = "t2.large" 18 | tags = local.common_tags 19 | } 20 | 21 | resource "aws_ebs_volume" "db_ebs" { 22 | availability_zone = "us-west-2a" 23 | size = 8 24 | tags = local.common_tags 25 | } -------------------------------------------------------------------------------- /terraform-onboarding/demo-module/a-project/myec2.tf: -------------------------------------------------------------------------------- 1 | module "ec2module" { 2 | source = "../modules/ec2" 3 | instance_type = "t2.large" 4 | } 5 | -------------------------------------------------------------------------------- /terraform-onboarding/demo-module/a-project/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "ap-southeast-1" 3 | shared_credentials_file = "$HOME/.aws/credentials" 4 | profile = "default" 5 | version = ">=2.0" 6 | } 7 | -------------------------------------------------------------------------------- /terraform-onboarding/demo-module/b-project/myec2.tf: -------------------------------------------------------------------------------- 1 | module "ec2module" { 2 | source = "../modules/module-ec2" 3 | } 4 | -------------------------------------------------------------------------------- /terraform-onboarding/demo-module/b-project/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "ap-southeast-1" 3 | shared_credentials_file = "$HOME/.aws/credentials" 4 | profile = "default" 5 | version = ">=2.0" 6 | } 7 | -------------------------------------------------------------------------------- /terraform-onboarding/demo-module/modules/ec2/module-ec2.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "myec2" { 2 | ami = "ami-0cd31be676780afa7" 3 | instance_type = var.instance_type 4 | } 5 | -------------------------------------------------------------------------------- /terraform-onboarding/demo-module/modules/ec2/variables.tf: -------------------------------------------------------------------------------- 1 | variable "instance_type" { 2 | default = "t2.micro" 3 | } -------------------------------------------------------------------------------- /terraform-onboarding/demo-multi-disk/ec2.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "ap-southeast-1" 3 | shared_credentials_file = "$HOME/.aws/credentials" 4 | profile = "default" 5 | version = ">=2.0" 6 | } 7 | 8 | resource "aws_instance" "web" { 9 | ami = "ami-0cd31be676780afa7" 10 | instance_type = "t2.micro" 11 | availability_zone = "ap-southeast-1a" 12 | 13 | tags = { 14 | Name = "MultiDiskInstance" 15 | } 16 | } 17 | 18 | resource "aws_ebs_volume" "datadisk1" { 19 | availability_zone = "ap-southeast-1a" 20 | size = 10 21 | 22 | tags = { 23 | Name = "DataDisk" 24 | } 25 | } 26 | 27 | resource "aws_volume_attachment" "ebs_att" { 28 | device_name = "/dev/sdd" 29 | volume_id = aws_ebs_volume.datadisk1.id 30 | instance_id = aws_instance.web.id 31 | } -------------------------------------------------------------------------------- /terraform-onboarding/demo-multi-provider/eip.tf: -------------------------------------------------------------------------------- 1 | # this will create in ap-southeast-1 2 | resource "aws_eip" "myeip" { 3 | vpc = "true" 4 | } 5 | 6 | # this will create in ap-south-1 7 | resource "aws_eip" "myeip01" { 8 | vpc = "true" 9 | provider = aws.aws02 10 | } 11 | 12 | # this will create in ap-south-1 with devops profile 13 | resource "aws_eip" "myeip02" { 14 | vpc = "true" 15 | provider = aws.aws03 16 | } -------------------------------------------------------------------------------- /terraform-onboarding/demo-multi-provider/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "ap-southeast-1" 3 | } 4 | 5 | provider "aws" { 6 | region = "ap-south-1" 7 | alias = "aws02" 8 | } 9 | 10 | provider "aws" { 11 | region = "ap-south-1" 12 | alias = "aws03" 13 | profile = "devops" 14 | } 15 | 16 | 17 | -------------------------------------------------------------------------------- /terraform-onboarding/demo-provider-sts/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "ap-southeast-1" 3 | assume_role { 4 | role_arn = "YOUR_ROLE_ARN" 5 | session_name = "sts-arn-demo" 6 | } 7 | } -------------------------------------------------------------------------------- /terraform-onboarding/demo-provisioner-local/local-exec.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "ap-southeast-1" 3 | shared_credentials_file = "$HOME/.aws/credentials" 4 | profile = "default" 5 | version = ">=2.0" 6 | } 7 | 8 | resource "aws_instance" "myec2" { 9 | ami = "ami-0cd31be676780afa7" 10 | instance_type = "t2.micro" 11 | 12 | provisioner "local-exec" { 13 | command = "echo ${aws_instance.myec2.private_ip} >> private_ips.txt" 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /terraform-onboarding/demo-provisioner-remote/remote-exec.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "ap-southeast-1" 3 | shared_credentials_file = "$HOME/.aws/credentials" 4 | profile = "default" 5 | version = ">=2.0" 6 | } 7 | 8 | resource "aws_instance" "myec2" { 9 | ami = "ami-0cd31be676780afa7" 10 | instance_type = "t2.micro" 11 | key_name = "tf-20200805" 12 | provisioner "remote-exec" { 13 | inline = [ 14 | "sudo amazon-linux-extras install -y nginx1.12", 15 | "sudo systemctl start nginx" 16 | ] 17 | connection { 18 | type = "ssh" 19 | user = "ec2-user" 20 | private_key = file("/home/devops/.ssh/tf-20200805.pem") 21 | host = self.public_ip 22 | } 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /terraform-onboarding/demo-references/references.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "ap-southeast-1" 3 | shared_credentials_file = "$HOME/.aws/credentials" 4 | profile = "default" 5 | version = ">=2.0" 6 | } 7 | 8 | resource "aws_instance" "web" { 9 | ami = "ami-0cd31be676780afa7" 10 | instance_type = "t2.micro" 11 | 12 | tags = { 13 | Name = "hello" 14 | } 15 | } 16 | 17 | resource "aws_eip" "mylb" { 18 | vpc = true 19 | } 20 | 21 | resource "aws_eip_association" "eip_assoc" { 22 | instance_id = aws_instance.web.id 23 | allocation_id = aws_eip.mylb.id 24 | } 25 | 26 | resource "aws_security_group" "allow_tls" { 27 | name = "test-allow_tls" 28 | description = "Allow TLS inbound traffic" 29 | #vpc_id = aws_vpc.main.id 30 | 31 | ingress { 32 | description = "TLS from VPC" 33 | from_port = 443 34 | to_port = 443 35 | protocol = "tcp" 36 | cidr_blocks = ["${aws_eip.mylb.public_ip}/32"] 37 | } 38 | 39 | tags = { 40 | Name = "allow_tls" 41 | } 42 | } -------------------------------------------------------------------------------- /terraform-onboarding/demo-registry/terraform-registry.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "ap-southeast-1" 3 | shared_credentials_file = "$HOME/.aws/credentials" 4 | profile = "default" 5 | version = ">=2.0" 6 | } 7 | 8 | module "ec2_cluster" { 9 | source = "terraform-aws-modules/ec2-instance/aws" 10 | version = "~> 2.0" 11 | 12 | name = "my-cluster" 13 | instance_count = 1 14 | 15 | ami = "ami-0cd31be676780afa7" 16 | instance_type = "t3.micro" 17 | key_name = "tf-20200805" 18 | #monitoring = true 19 | vpc_security_group_ids = ["sg-5dee7129"] 20 | subnet_id = "subnet-15fb794c" 21 | 22 | tags = { 23 | Terraform = "true" 24 | Environment = "dev" 25 | } 26 | } -------------------------------------------------------------------------------- /terraform-onboarding/demo-remote-backend/backend.hcl: -------------------------------------------------------------------------------- 1 | workspaces { name = "remote-backend-demo" } 2 | hostname = "app.terraform.io" 3 | organization = "techbeatly" -------------------------------------------------------------------------------- /terraform-onboarding/demo-remote-backend/iam.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = "~> 0.13.0" 3 | backend "remote" {} 4 | } 5 | 6 | resource "aws_iam_user" "lb" { 7 | name = "remoteuser" 8 | path = "/system/" 9 | } -------------------------------------------------------------------------------- /terraform-onboarding/demo-remote-backend/variables.tf: -------------------------------------------------------------------------------- 1 | variable "instancetype" { 2 | default = "t2.micro" 3 | } -------------------------------------------------------------------------------- /terraform-onboarding/demo-remote-state/backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "s3" { 3 | bucket = "terraform-remote-demo" 4 | key = "remote-terraform-state-demo.tfstate" 5 | region = "ap-southeast-1" 6 | dynamodb_table = "tf-state-demo" 7 | } 8 | } -------------------------------------------------------------------------------- /terraform-onboarding/demo-remote-state/remote.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "ap-southeast-1" 3 | shared_credentials_file = "$HOME/.aws/credentials" 4 | profile = "default" 5 | version = ">=2.0" 6 | } 7 | 8 | resource "aws_instance" "myec2" { 9 | ami = "ami-0cd31be676780afa7" 10 | instance_type = "t2.micro" 11 | } 12 | 13 | resource "aws_iam_user" "lb" { 14 | name = "loadbalancer" 15 | path = "/system/" 16 | } 17 | -------------------------------------------------------------------------------- /terraform-onboarding/demo-sensitive/sensitive.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | db_password = { 3 | admin = "password" 4 | } 5 | } 6 | 7 | output "db_password" { 8 | value = local.db_password 9 | sensitive = true 10 | } 11 | -------------------------------------------------------------------------------- /terraform-onboarding/demo-settings/terraform.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = "> 0.12.0" 3 | 4 | required_providers { 5 | aws = "~> 2.0" 6 | mycloud = { 7 | source = "mycloud/mycloud" 8 | version = "~> 1.0" 9 | } 10 | } 11 | } -------------------------------------------------------------------------------- /terraform-onboarding/demo-splat-expression/splat-expression.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "ap-southeast-1" 3 | shared_credentials_file = "$HOME/.aws/credentials" 4 | profile = "default" 5 | version = ">=2.0" 6 | } 7 | resource "aws_iam_user" "lb" { 8 | name = "iamuser.${count.index}" 9 | count = 3 10 | path = "/system/" 11 | } 12 | 13 | output "arn-single" { 14 | value = aws_iam_user.lb[0].arn 15 | } 16 | 17 | output "arns" { 18 | value = aws_iam_user.lb[*].arn 19 | } -------------------------------------------------------------------------------- /terraform-onboarding/demo-variables-2/main.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "ap-southeast-1" 3 | shared_credentials_file = "$HOME/.aws/credentials" 4 | profile = "default" 5 | version = ">=2.0" 6 | } 7 | 8 | resource "aws_security_group" "sgvardemo" { 9 | name = "sg-using-vars" 10 | 11 | ingress { 12 | from_port = 443 13 | to_port = 443 14 | protocol = "tcp" 15 | cidr_blocks = [var.vpn_ip] 16 | } 17 | 18 | ingress { 19 | from_port = 80 20 | to_port = 80 21 | protocol = "tcp" 22 | cidr_blocks = [var.vpn_ip] 23 | } 24 | 25 | ingress { 26 | from_port = 53 27 | to_port = 53 28 | protocol = "tcp" 29 | cidr_blocks = [var.vpn_ip] 30 | } 31 | } -------------------------------------------------------------------------------- /terraform-onboarding/demo-variables-2/variables.tf: -------------------------------------------------------------------------------- 1 | variable "vpn_ip" { 2 | default = "10.1.10.10/32" 3 | } -------------------------------------------------------------------------------- /terraform-onboarding/demo-variables/main.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "ap-southeast-1" 3 | shared_credentials_file = "$HOME/.aws/credentials" 4 | profile = "default" 5 | version = ">=2.0" 6 | } 7 | 8 | resource "aws_instance" "web" { 9 | ami = "ami-0cd31be676780afa7" 10 | instance_type = var.instancetype 11 | 12 | tags = { 13 | Name = "var-demo" 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /terraform-onboarding/demo-variables/variables.tf: -------------------------------------------------------------------------------- 1 | variable "my_ip" { 2 | default = "10.1.10.10/32" 3 | } 4 | 5 | variable "instancetype" { 6 | default = "t2.micro" 7 | } -------------------------------------------------------------------------------- /terraform-onboarding/demo-workspace/workspace.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "ap-southeast-1" 3 | shared_credentials_file = "$HOME/.aws/credentials" 4 | profile = "default" 5 | version = ">=2.0" 6 | } 7 | 8 | resource "aws_instance" "myec2" { 9 | ami = "ami-0cd31be676780afa7" 10 | instance_type = lookup(var.instance_type,terraform.workspace, "t2.micro") 11 | } 12 | 13 | variable "instance_type" { 14 | type = map 15 | 16 | default = { 17 | default = "t2.nano" 18 | stage = "t2.nano" 19 | dev = "t2.micro" 20 | prod = "t2.large" 21 | } 22 | } -------------------------------------------------------------------------------- /terraform-openshift-vmware/README.md: -------------------------------------------------------------------------------- 1 | # In-Prog -------------------------------------------------------------------------------- /terraform-upcloud-wordpress/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | upcloud = { 4 | source = "UpCloudLtd/upcloud" 5 | version = "~> 2.0" 6 | } 7 | } 8 | } 9 | 10 | provider "upcloud" {} 11 | 12 | 13 | resource "upcloud_storage" "debian-2cpu-4gb-au-syd1_Device_1" { 14 | size = 80 15 | tier = "maxiops" 16 | title = "debian-2cpu-4gb-au-syd1 Device 1" 17 | zone = "au-syd1" 18 | } 19 | 20 | resource "upcloud_network" "WP-NW" { 21 | name = "WP-NW" 22 | zone = "au-syd1" 23 | router = upcloud_router.RO.id 24 | 25 | ip_network { 26 | address = "10.0.0.0/24" 27 | dhcp = true 28 | dhcp_default_route = true 29 | family = "IPv4" 30 | gateway = "10.0.0.1" 31 | } 32 | } 33 | 34 | resource "upcloud_server" "wp-101" { 35 | firewall = false 36 | hostname = "wp-101" 37 | metadata = true 38 | title = "wp-101" 39 | zone = "au-syd1" 40 | plan = "2xCPU-4GB" 41 | 42 | login { 43 | user = "root" 44 | keys = [ 45 | var.public_key, 46 | ] 47 | create_password = false 48 | password_delivery = "none" 49 | } 50 | 51 | network_interface { 52 | ip_address_family = "IPv4" 53 | type = "public" 54 | } 55 | 56 | network_interface { 57 | ip_address_family = "IPv4" 58 | type = "utility" 59 | } 60 | 61 | network_interface { 62 | ip_address_family = "IPv6" 63 | type = "public" 64 | } 65 | 66 | network_interface { 67 | ip_address_family = "IPv4" 68 | type = "private" 69 | network = upcloud_network.WP-NW.id 70 | } 71 | 72 | storage_devices { 73 | address = "virtio" 74 | storage = upcloud_storage.debian-2cpu-4gb-au-syd1_Device_1.id 75 | type = "disk" 76 | } 77 | } 78 | 79 | resource "upcloud_router" "RO" { 80 | name = "RO" 81 | } 82 | 83 | resource "upcloud_managed_database_mysql" "wpdb" { 84 | maintenance_window_dow = "sunday" 85 | maintenance_window_time = "05:00:00" 86 | name = "wpdb" 87 | plan = "1x1xCPU-2GB-25GB" 88 | powered = true 89 | title = "mysql-1x1xcpu-2gb-25gb-au-syd1" 90 | zone = "au-syd1" 91 | 92 | properties { 93 | automatic_utility_network_ip_filter = true 94 | backup_hour = 1 95 | backup_minute = 48 96 | ip_filter = ["10.0.0.0/24", "0.0.0.0/0"] 97 | sql_mode = "ANSI,ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION,NO_ZERO_DATE,NO_ZERO_IN_DATE,STRICT_ALL_TABLES" 98 | sql_require_primary_key = true 99 | version = "8" 100 | } 101 | } 102 | 103 | resource "upcloud_managed_database_user" "wpdemositedbuser" { 104 | service = upcloud_managed_database_mysql.wpdb.id 105 | username = "wpdemositedbuser" 106 | } 107 | 108 | resource "upcloud_managed_database_logical_database" "wpdemosite" { 109 | name = "wpdemosite" 110 | service = upcloud_managed_database_mysql.wpdb.id 111 | } -------------------------------------------------------------------------------- /terraform-upcloud-wordpress/variables.tf: -------------------------------------------------------------------------------- 1 | variable "public_key" { 2 | type = string 3 | default = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDMlr2HouTuWgnaGx2mdkD57V1iX/WUuuHvnoLJ5KT4iYhLRXyI5tFxNEne6uFVAzljLtNiDsybZsXT8cv6P+Ec3iyOKxPqWHlhrwlpxer0GE1x29onKqoKTA+Rg8lSaPw+KXsZ/EqR8TIF8YY08nM3DP72a/EF5exyOJnaAj4oJugdgmw/O3pPrjvj7fmihoz5xEvQokQ9xRgaKJO4RlIxGX1YZs7X6qX299qO/f0lk481SnDYKyOtQjGXdEKqHzXPz8/ajOY5A/FgdJNrG8z7Zz6OsCnQaSAeA56eJSdzbACaElkkP0F4UZjXAiUraF/HKohjAoGKwmVIVsua7CPTH1tlH/6ISRiuwphOw2VljcBDn2Y4Wn5HuRXLlCIQxtujc5DSF9yrNitGKzXbQCLNnqQCNn9AXp9A8gbXdvR5qZvEw/fTT6tTU2kiDciKew3kgqHxZi1+k05ubx+qJSYdblILRY/UQWCo8mpQMLU7KyiM89jTSGPUr7+Mo+HN/zS1hch1pMJE0N335oyVGLMX6EWjBHRSfcCwWYkGk1easwkf/TyTWwoQTkRFY0hRXA+Dm2M2chAYJ2mR6kxiWj+QXLrkaEtIsZt3fzR/YZo2eKjkx62Og+onxiHKnVLHVKfluYKu2VrLW9AFqIQv1S1kvx74HNfk4fEVrk51AbnL5Q== iamgini@fedora" 4 | } -------------------------------------------------------------------------------- /terraform-vmware-demos/README.md: -------------------------------------------------------------------------------- 1 | ## How to Import VM 2 | 3 | ``` 4 | $ terraform import vsphere_virtual_machine.vm /DC1/vm/DEV/DEV2 5 | vsphere_virtual_machine.vm: Importing from ID "/DC1/vm/DEV/DEV2"... 6 | vsphere_virtual_machine.vm: Import prepared! 7 | Prepared vsphere_virtual_machine for import 8 | vsphere_virtual_machine.vm: Refreshing state... [id=4219040f-5842-ba52-b7e4-cd9064c1f36c] 9 | 10 | Import successful! 11 | 12 | The resources that were imported are shown above. These resources are now in 13 | your Terraform state and will henceforth be managed by Terraform. 14 | ``` 15 | 16 | 17 | ## Appendix 18 | 19 | - [Infrastructure-As-Code with Terraform, VMware and VMware Cloud on AWS](https://cloud.vmware.com/community/2019/11/19/infrastructure-code-terraform-vmware-vmware-cloud-aws/) -------------------------------------------------------------------------------- /terraform-vmware-demos/vmware-create-vm/variables.tf: -------------------------------------------------------------------------------- 1 | variable "vsphere_user" {} 2 | variable "vsphere_password" {} -------------------------------------------------------------------------------- /terraform-vmware-demos/vmware-create-vm/vmware-new-vm.tf: -------------------------------------------------------------------------------- 1 | provider "vsphere" { 2 | user = var.vsphere_user 3 | password = var.vsphere_password 4 | vsphere_server = "vcenter.lab.local" #var.vsphere_server 5 | 6 | # If you have a self-signed cert 7 | allow_unverified_ssl = true 8 | } 9 | 10 | data "vsphere_datacenter" "dc" { 11 | name = "DC1" 12 | } 13 | 14 | data "vsphere_datastore" "datastore" { 15 | name = "datastore1" 16 | datacenter_id = data.vsphere_datacenter.dc.id 17 | } 18 | 19 | data "vsphere_compute_cluster" "cluster" { 20 | name = "AZ1" 21 | datacenter_id = data.vsphere_datacenter.dc.id 22 | } 23 | 24 | data "vsphere_network" "network" { 25 | name = "VM Network" 26 | datacenter_id = data.vsphere_datacenter.dc.id 27 | } 28 | 29 | resource "vsphere_virtual_machine" "vm" { 30 | name = "terraform-test" 31 | resource_pool_id = data.vsphere_compute_cluster.cluster.resource_pool_id 32 | datastore_id = data.vsphere_datastore.datastore.id 33 | 34 | wait_for_guest_net_timeout = 0 35 | wait_for_guest_ip_timeout = 0 36 | 37 | # only if you dont want to wait for an IP address 38 | wait_for_guest_net_routable = false 39 | 40 | num_cpus = 2 41 | memory = 1024 42 | guest_id = "other3xLinux64Guest" 43 | 44 | network_interface { 45 | network_id = data.vsphere_network.network.id 46 | } 47 | 48 | disk { 49 | label = "disk0" 50 | size = 20 51 | } 52 | } -------------------------------------------------------------------------------- /terraform-vmware-demos/vmware-import/variables.tf: -------------------------------------------------------------------------------- 1 | variable "vsphere_user" {} 2 | variable "vsphere_password" {} -------------------------------------------------------------------------------- /terraform-vmware-demos/vmware-import/vmware-import-vm.tf: -------------------------------------------------------------------------------- 1 | provider "vsphere" { 2 | user = var.vsphere_user 3 | password = var.vsphere_password 4 | vsphere_server = "vcenter.lab.local" 5 | 6 | # If you have a self-signed cert 7 | allow_unverified_ssl = true 8 | } 9 | 10 | data "vsphere_datacenter" "dc" { 11 | name = "DC1" 12 | } 13 | 14 | data "vsphere_datastore" "datastore" { 15 | name = "datastore1" 16 | datacenter_id = data.vsphere_datacenter.dc.id 17 | } 18 | 19 | data "vsphere_compute_cluster" "cluster" { 20 | name = "AZ1" 21 | datacenter_id = data.vsphere_datacenter.dc.id 22 | } 23 | 24 | data "vsphere_network" "network" { 25 | name = "VM Network" 26 | datacenter_id = data.vsphere_datacenter.dc.id 27 | } 28 | 29 | resource "vsphere_virtual_machine" "vm" { 30 | name = "DEV2" 31 | resource_pool_id = data.vsphere_compute_cluster.cluster.resource_pool_id 32 | datastore_id = data.vsphere_datastore.datastore.id 33 | 34 | wait_for_guest_net_timeout = 0 35 | wait_for_guest_ip_timeout = 0 36 | 37 | # only if you DO NOT want to wait for an IP address 38 | wait_for_guest_net_routable = false 39 | 40 | num_cpus = 1 41 | memory = 2048 42 | #guest_id = "other3xLinux64Guest" 43 | 44 | network_interface { 45 | network_id = data.vsphere_network.network.id 46 | } 47 | 48 | disk { 49 | label = "disk0" 50 | size = 20 51 | } 52 | } --------------------------------------------------------------------------------