├── Article 1
    ├── provider.tf
    ├── state_config.tf
    ├── terraform.tfvars
    └── variables.tf
├── Article 2
    ├── modules.tf
    ├── modules
    │   └── network
    │   │   ├── gateways.tf
    │   │   ├── route_tables.tf
    │   │   ├── subnets.tf
    │   │   ├── variables.tf
    │   │   └── vpc.tf
    ├── provider.tf
    ├── state_config.tf
    ├── terraform.tfvars
    └── variables.tf
├── Article 3
    ├── modules.tf
    ├── modules
    │   ├── network
    │   │   ├── gateways.tf
    │   │   ├── output.tf
    │   │   ├── route_tables.tf
    │   │   ├── subnets.tf
    │   │   ├── variables.tf
    │   │   └── vpc.tf
    │   └── security_groups
    │   │   ├── sg_eks_master.tf
    │   │   ├── sg_eks_node.tf
    │   │   ├── sg_rules_eks.tf
    │   │   └── variables.tf
    ├── provider.tf
    ├── state_config.tf
    ├── terraform.tfvars
    └── variables.tf
├── Article 4
    ├── modules.tf
    ├── modules
    │   ├── eks
    │   │   ├── allow_nodes.tf
    │   │   ├── eks_master.tf
    │   │   ├── iam.tf
    │   │   ├── kubeconfig.tf
    │   │   ├── output.tf
    │   │   ├── sg_eks_master.tf
    │   │   ├── sg_eks_node.tf
    │   │   ├── sg_rules_eks.tf
    │   │   ├── variables.tf
    │   │   └── worker-nodes.tf
    │   └── network
    │   │   ├── gateways.tf
    │   │   ├── output.tf
    │   │   ├── route_tables.tf
    │   │   ├── subnets.tf
    │   │   ├── variables.tf
    │   │   └── vpc.tf
    ├── provider.tf
    ├── state_config.tf
    ├── terraform.tfvars
    └── variables.tf
└── Article 5
    ├── modules.tf
    ├── modules
        ├── alb
        │   ├── acm_certificate.tf
        │   ├── alb.tf
        │   ├── route53-setup.tf
        │   ├── sg_alb.tf
        │   └── variables.tf
        ├── eks
        │   ├── allow_nodes.tf
        │   ├── eks_master.tf
        │   ├── iam.tf
        │   ├── kubeconfig.tf
        │   ├── output.tf
        │   ├── sg_eks_master.tf
        │   ├── sg_eks_node.tf
        │   ├── sg_rules_eks.tf
        │   ├── variables.tf
        │   └── worker-nodes.tf
        └── network
        │   ├── gateways.tf
        │   ├── output.tf
        │   ├── route_tables.tf
        │   ├── subnets.tf
        │   ├── variables.tf
        │   └── vpc.tf
    ├── provider.tf
    ├── state_config.tf
    ├── terraform.tfvars
    └── variables.tf


/Article 1/provider.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 |  region  = "${var.aws_region}"
3 |  version = "~> 1.55.0"
4 |  access_key = "${var.aws_access_key}"
5 |  secret_key = "${var.aws_secret_key}"
6 | }


--------------------------------------------------------------------------------
/Article 1/state_config.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 |  backend "s3" {
3 |    region         = ""
4 |    bucket         = "tf-article"
5 |    key            = "terraform.tfstate"
6 |    encrypt        = "true"
7 |    dynamodb_table = "tf-article-statelock"
8 |  }
9 | }


--------------------------------------------------------------------------------
/Article 1/terraform.tfvars:
--------------------------------------------------------------------------------
1 | aws_region      =   ""
2 | aws_access_key  =   "placeholder"
3 | aws_secret_key  =   "placeholder"


--------------------------------------------------------------------------------
/Article 1/variables.tf:
--------------------------------------------------------------------------------
 1 | variable "aws_region" {
 2 |     type        = "string"
 3 |     description = "Used AWS Region."
 4 | }
 5 | variable "aws_access_key" {
 6 |     type        = "string"
 7 |     description = "The account identification key used by your Terraform client."
 8 | }
 9 | variable "aws_secret_key" {
10 |     type        = "string"
11 |     description = "The secret key used by your terraform client to access AWS."
12 | }


--------------------------------------------------------------------------------
/Article 2/modules.tf:
--------------------------------------------------------------------------------
1 | module "network" {
2 |   source = "./modules/network"
3 | 
4 |   // pass variables from .tfvars
5 |   aws_region       = "${var.aws_region}"
6 |   subnet_count     = "${var.subnet_count}"
7 | }


--------------------------------------------------------------------------------
/Article 2/modules/network/gateways.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_internet_gateway" "example" {
 2 |   vpc_id = "${aws_vpc.example.id}"
 3 | 
 4 |   tags {
 5 |     Name = "internet_gateway"
 6 |   }
 7 | }
 8 | 
 9 | 
10 | resource "aws_eip" "nat_gateway" {
11 |   count = "${var.subnet_count}"
12 |   vpc      = true
13 | }
14 | 
15 | resource "aws_nat_gateway" "example" {
16 |   count = "${var.subnet_count}"
17 |   allocation_id = "${aws_eip.nat_gateway.*.id[count.index]}"
18 |   subnet_id = "${aws_subnet.gateway.*.id[count.index]}"
19 |   tags {
20 |     Name = "nat_gateway"
21 |   }
22 |   depends_on = ["aws_internet_gateway.example"]
23 | }


--------------------------------------------------------------------------------
/Article 2/modules/network/route_tables.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_route_table" "application" {
 2 |   count = "${var.subnet_count}"
 3 |   vpc_id = "${aws_vpc.example.id}"
 4 |   route {
 5 |     cidr_block = "0.0.0.0/0"
 6 |     nat_gateway_id = "${aws_nat_gateway.example.*.id[count.index]}"
 7 |   }
 8 |   tags {
 9 |     Name = "example_application"
10 |   }
11 | }
12 | 
13 | resource "aws_route_table" "database" {
14 |   vpc_id = "${aws_vpc.example.id}"
15 | 
16 |   tags {
17 |     Name = "example_database"
18 |   }
19 | }
20 | resource "aws_route_table" "gateway" {
21 |   vpc_id = "${aws_vpc.example.id}"
22 | 
23 |   route {
24 |     cidr_block = "0.0.0.0/0"
25 |     gateway_id = "${aws_internet_gateway.example.id}"
26 |   }
27 |   tags {
28 |     Name = "example_gateway"
29 |   }
30 | }
31 | 
32 | resource "aws_route_table_association" "application" {
33 |   count = "${var.subnet_count}"
34 | 
35 |   subnet_id      = "${aws_subnet.application.*.id[count.index]}"
36 |   route_table_id = "${aws_route_table.application.*.id[count.index]}"
37 | }
38 | 
39 | resource "aws_route_table_association" "database" {
40 |   count = "${var.subnet_count}"
41 | 
42 |   subnet_id      = "${aws_subnet.database.*.id[count.index]}"
43 |   route_table_id = "${aws_route_table.database.id}"
44 | }
45 | 
46 | resource "aws_route_table_association" "gateway" {
47 |   count = "${var.subnet_count}"
48 | 
49 |   subnet_id      = "${aws_subnet.gateway.*.id[count.index]}"
50 |   route_table_id = "${aws_route_table.gateway.id}"
51 | }


--------------------------------------------------------------------------------
/Article 2/modules/network/subnets.tf:
--------------------------------------------------------------------------------
 1 | data "aws_availability_zones" "available" {}
 2 | 
 3 | resource "aws_subnet" "gateway" {
 4 |   count = "${var.subnet_count}"
 5 |   availability_zone = "${data.aws_availability_zones.available.names[count.index]}"
 6 |   cidr_block        = "10.0.1${count.index}.0/24"
 7 |   vpc_id            = "${aws_vpc.example.id}"
 8 |   tags = "${
 9 |     map(
10 |      "Name", "example_gateway"
11 |     )
12 |   }"
13 | }
14 | resource "aws_subnet" "application" {
15 |   count = "${var.subnet_count}"
16 |   availability_zone = "${data.aws_availability_zones.available.names[count.index]}"
17 |   cidr_block        = "10.0.2${count.index}.0/24"
18 |   vpc_id            = "${aws_vpc.example.id}"
19 |   tags = "${
20 |     map(
21 |      "Name", "example_application",
22 |      "kubernetes.io/cluster/example", "shared",
23 |     )
24 |   }"
25 | }
26 | 
27 | resource "aws_subnet" "database" {
28 |   count = "${var.subnet_count}"
29 |   availability_zone = "${data.aws_availability_zones.available.names[count.index]}"
30 |   cidr_block        = "10.0.3${count.index}.0/24"
31 |   vpc_id            = "${aws_vpc.example.id}"
32 |   
33 |   tags = "${
34 |     map(
35 |      "Name", "example_database"
36 |     )
37 |   }"
38 | }


--------------------------------------------------------------------------------
/Article 2/modules/network/variables.tf:
--------------------------------------------------------------------------------
1 | variable "aws_region" {
2 |  type = "string"
3 |  description = "Used AWS Region."
4 | }
5 | variable "subnet_count" {
6 |     type        = "string"
7 |     description = "The number of subnets we want to create per type to ensure high availability."
8 | }


--------------------------------------------------------------------------------
/Article 2/modules/network/vpc.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_vpc" "example" {
 2 |   cidr_block = "10.0.0.0/16"
 3 |   enable_dns_hostnames = true
 4 |   enable_dns_support = true
 5 |   tags = "${
 6 |     map(
 7 |      "Name", "terraform-eks",
 8 |      "kubernetes.io/cluster/example", "shared",
 9 |     )
10 |   }"
11 | }


--------------------------------------------------------------------------------
/Article 2/provider.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 |  region  = "${var.aws_region}"
3 |  version = "~> 1.55.0"
4 |  access_key = "${var.aws_access_key}"
5 |  secret_key = "${var.aws_secret_key}"
6 | }


--------------------------------------------------------------------------------
/Article 2/state_config.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 |  backend "s3" {
3 |    region         = ""
4 |    bucket         = "tf-article"
5 |    key            = "terraform.tfstate"
6 |    encrypt        = "true"
7 |    dynamodb_table = "tf-article-statelock"
8 |  }
9 | }


--------------------------------------------------------------------------------
/Article 2/terraform.tfvars:
--------------------------------------------------------------------------------
1 | aws_region      =   ""
2 | aws_access_key  =   "placeholder"
3 | aws_secret_key  =   "placeholder"
4 | subnet_count    =   ""


--------------------------------------------------------------------------------
/Article 2/variables.tf:
--------------------------------------------------------------------------------
 1 | variable "aws_region" {
 2 |  type = "string"
 3 |  description = "Used AWS Region."
 4 | }
 5 | variable "aws_access_key" {
 6 |  type = "string"
 7 |  description = "The account identification key used by your Terraform client."
 8 | }
 9 | variable "aws_secret_key" {
10 |  type = "string"
11 |  description = "The secret key used by your terraform client to access AWS."
12 | }
13 | 
14 | variable "subnet_count" {
15 |     type        = "string"
16 |     description = "The number of subnets we want to create per type to ensure high availability."
17 | }


--------------------------------------------------------------------------------
/Article 3/modules.tf:
--------------------------------------------------------------------------------
 1 | module "network" {
 2 |   source = "./modules/network"
 3 | 
 4 |   // pass variables from .tfvars
 5 |   aws_region       = "${var.aws_region}"
 6 |   subnet_count     = "${var.subnet_count}"
 7 | }
 8 | 
 9 | module "security_groups" {
10 |   source = "./modules/security_groups"
11 | 
12 |   // pass variables from .tfvars
13 |   accessing_computer_ip   = "${var.accessing_computer_ip}"
14 | 
15 |   // inputs from modules
16 |   vpc_id                  = "${module.network.vpc_id}"
17 | }


--------------------------------------------------------------------------------
/Article 3/modules/network/gateways.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_internet_gateway" "example" {
 2 |   vpc_id = "${aws_vpc.example.id}"
 3 | 
 4 |   tags {
 5 |     Name = "internet_gateway"
 6 |   }
 7 | }
 8 | 
 9 | 
10 | resource "aws_eip" "nat_gateway" {
11 |   count = "${var.subnet_count}"
12 |   vpc      = true
13 | }
14 | 
15 | resource "aws_nat_gateway" "example" {
16 |   count = "${var.subnet_count}"
17 |   allocation_id = "${aws_eip.nat_gateway.*.id[count.index]}"
18 |   subnet_id = "${aws_subnet.gateway.*.id[count.index]}"
19 |   tags {
20 |     Name = "nat_gateway"
21 |   }
22 |   depends_on = ["aws_internet_gateway.example"]
23 | }


--------------------------------------------------------------------------------
/Article 3/modules/network/output.tf:
--------------------------------------------------------------------------------
1 | output "vpc_id" {
2 |   value = "${aws_vpc.example.id}"
3 | }


--------------------------------------------------------------------------------
/Article 3/modules/network/route_tables.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_route_table" "application" {
 2 |   count = "${var.subnet_count}"
 3 |   vpc_id = "${aws_vpc.example.id}"
 4 |   route {
 5 |     cidr_block = "0.0.0.0/0"
 6 |     nat_gateway_id = "${aws_nat_gateway.example.*.id[count.index]}"
 7 |   }
 8 |   tags {
 9 |     Name = "example_application"
10 |   }
11 | }
12 | 
13 | resource "aws_route_table" "database" {
14 |   vpc_id = "${aws_vpc.example.id}"
15 | 
16 |   tags {
17 |     Name = "example_database"
18 |   }
19 | }
20 | resource "aws_route_table" "gateway" {
21 |   vpc_id = "${aws_vpc.example.id}"
22 | 
23 |   route {
24 |     cidr_block = "0.0.0.0/0"
25 |     gateway_id = "${aws_internet_gateway.example.id}"
26 |   }
27 |   tags {
28 |     Name = "example_gateway"
29 |   }
30 | }
31 | 
32 | resource "aws_route_table_association" "application" {
33 |   count = "${var.subnet_count}"
34 | 
35 |   subnet_id      = "${aws_subnet.application.*.id[count.index]}"
36 |   route_table_id = "${aws_route_table.application.*.id[count.index]}"
37 | }
38 | 
39 | resource "aws_route_table_association" "database" {
40 |   count = "${var.subnet_count}"
41 | 
42 |   subnet_id      = "${aws_subnet.database.*.id[count.index]}"
43 |   route_table_id = "${aws_route_table.database.id}"
44 | }
45 | 
46 | resource "aws_route_table_association" "gateway" {
47 |   count = "${var.subnet_count}"
48 | 
49 |   subnet_id      = "${aws_subnet.gateway.*.id[count.index]}"
50 |   route_table_id = "${aws_route_table.gateway.id}"
51 | }


--------------------------------------------------------------------------------
/Article 3/modules/network/subnets.tf:
--------------------------------------------------------------------------------
 1 | data "aws_availability_zones" "available" {}
 2 | 
 3 | resource "aws_subnet" "gateway" {
 4 |   count = "${var.subnet_count}"
 5 |   availability_zone = "${data.aws_availability_zones.available.names[count.index]}"
 6 |   cidr_block        = "10.0.1${count.index}.0/24"
 7 |   vpc_id            = "${aws_vpc.example.id}"
 8 |   tags = "${
 9 |     map(
10 |      "Name", "example_gateway"
11 |     )
12 |   }"
13 | }
14 | resource "aws_subnet" "application" {
15 |   count = "${var.subnet_count}"
16 |   availability_zone = "${data.aws_availability_zones.available.names[count.index]}"
17 |   cidr_block        = "10.0.2${count.index}.0/24"
18 |   vpc_id            = "${aws_vpc.example.id}"
19 |   tags = "${
20 |     map(
21 |      "Name", "example_application",
22 |      "kubernetes.io/cluster/example", "shared",
23 |     )
24 |   }"
25 | }
26 | 
27 | resource "aws_subnet" "database" {
28 |   count = "${var.subnet_count}"
29 |   availability_zone = "${data.aws_availability_zones.available.names[count.index]}"
30 |   cidr_block        = "10.0.3${count.index}.0/24"
31 |   vpc_id            = "${aws_vpc.example.id}"
32 |   
33 |   tags = "${
34 |     map(
35 |      "Name", "example_database"
36 |     )
37 |   }"
38 | }


--------------------------------------------------------------------------------
/Article 3/modules/network/variables.tf:
--------------------------------------------------------------------------------
1 | variable "aws_region" {
2 |  type = "string"
3 |  description = "Used AWS Region."
4 | }
5 | variable "subnet_count" {
6 |     type        = "string"
7 |     description = "The number of subnets we want to create per type to ensure high availability."
8 | }


--------------------------------------------------------------------------------
/Article 3/modules/network/vpc.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_vpc" "example" {
 2 |   cidr_block = "10.0.0.0/16"
 3 |   enable_dns_hostnames = true
 4 |   enable_dns_support = true
 5 |   tags = "${
 6 |     map(
 7 |      "Name", "terraform-eks",
 8 |      "kubernetes.io/cluster/example", "shared",
 9 |     )
10 |   }"
11 | }


--------------------------------------------------------------------------------
/Article 3/modules/security_groups/sg_eks_master.tf:
--------------------------------------------------------------------------------
 1 | 
 2 | resource "aws_security_group" "tf-eks-master" {
 3 |     name        = "terraform-eks-cluster"
 4 |     description = "Cluster communication with worker nodes"
 5 |     vpc_id      = "${var.vpc_id}"
 6 | 
 7 |     egress {
 8 |         from_port   = 0
 9 |         to_port     = 0
10 |         protocol    = "-1"
11 |         cidr_blocks = ["0.0.0.0/0"]
12 |     }
13 |     
14 |     tags {
15 |         Name = "terraform-eks"
16 |     }
17 | }


--------------------------------------------------------------------------------
/Article 3/modules/security_groups/sg_eks_node.tf:
--------------------------------------------------------------------------------
 1 |     resource "aws_security_group" "tf-eks-node" {
 2 |         name        = "terraform-eks-node"
 3 |         description = "Security group for all nodes in the cluster"
 4 |         vpc_id      = "${var.vpc_id}"
 5 | 
 6 |         egress {
 7 |             from_port   = 0
 8 |             to_port     = 0
 9 |             protocol    = "-1"
10 |             cidr_blocks = ["0.0.0.0/0"]
11 |         }
12 | 
13 |         tags {
14 |             Name = "terraform-eks"
15 |         }
16 |     }
17 |     


--------------------------------------------------------------------------------
/Article 3/modules/security_groups/sg_rules_eks.tf:
--------------------------------------------------------------------------------
 1 | # Allow inbound traffic from your local workstation external IP
 2 | # to the Kubernetes. You will need to replace A.B.C.D below with
 3 | # your real IP. Services like icanhazip.com can help you find this.
 4 | resource "aws_security_group_rule" "tf-eks-cluster-ingress-workstation-https" {
 5 |   cidr_blocks       = ["${var.accessing_computer_ip}/32"]
 6 |   description       = "Allow workstation to communicate with the cluster API Server"
 7 |   from_port         = 443
 8 |   protocol          = "tcp"
 9 |   security_group_id = "${aws_security_group.tf-eks-master.id}"
10 |   to_port           = 443
11 |   type              = "ingress"
12 | }
13 | 
14 | ########################################################################################
15 | # Setup worker node security group
16 | 
17 | resource "aws_security_group_rule" "tf-eks-node-ingress-self" {
18 |   description              = "Allow node to communicate with each other"
19 |   from_port                = 0
20 |   protocol                 = "-1"
21 |   security_group_id        = "${aws_security_group.tf-eks-node.id}"
22 |   source_security_group_id = "${aws_security_group.tf-eks-node.id}"
23 |   to_port                  = 65535
24 |   type                     = "ingress"
25 | }
26 | 
27 | resource "aws_security_group_rule" "tf-eks-node-ingress-cluster" {
28 |   description              = "Allow worker Kubelets and pods to receive communication from the cluster control plane"
29 |   from_port                = 1025
30 |   protocol                 = "tcp"
31 |   security_group_id        = "${aws_security_group.tf-eks-node.id}"
32 |   source_security_group_id = "${aws_security_group.tf-eks-master.id}"
33 |   to_port                  = 65535
34 |   type                     = "ingress"
35 | }
36 | 
37 | # allow worker nodes to access EKS master
38 | resource "aws_security_group_rule" "tf-eks-cluster-ingress-node-https" {
39 |   description              = "Allow pods to communicate with the cluster API Server"
40 |   from_port                = 443
41 |   protocol                 = "tcp"
42 |   security_group_id        = "${aws_security_group.tf-eks-node.id}"
43 |   source_security_group_id = "${aws_security_group.tf-eks-master.id}"
44 |   to_port                  = 443
45 |   type                     = "ingress"
46 | }
47 | 
48 | resource "aws_security_group_rule" "tf-eks-node-ingress-master" {
49 |   description              = "Allow cluster control to receive communication from the worker Kubelets"
50 |   from_port                = 443
51 |   protocol                 = "tcp"
52 |   security_group_id        = "${aws_security_group.tf-eks-master.id}"
53 |   source_security_group_id = "${aws_security_group.tf-eks-node.id}"
54 |   to_port                  = 443
55 |   type                     = "ingress"
56 | }
57 | 
58 | 
59 | 


--------------------------------------------------------------------------------
/Article 3/modules/security_groups/variables.tf:
--------------------------------------------------------------------------------
 1 | variable "accessing_computer_ip" {
 2 |  type = "string"
 3 |  description = "IP of the computer to be allowed to connect to EKS master and nodes."
 4 | }
 5 | 
 6 | variable "vpc_id" {
 7 |   type = "string"
 8 |   description = "ID of the VPC used to setup the cluster."
 9 | }
10 | 


--------------------------------------------------------------------------------
/Article 3/provider.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 |  region  = "${var.aws_region}"
3 |  version = "~> 1.55.0"
4 |  access_key = "${var.aws_access_key}"
5 |  secret_key = "${var.aws_secret_key}"
6 | }


--------------------------------------------------------------------------------
/Article 3/state_config.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 |  backend "s3" {
3 |    region         = "eu-west-1"
4 |    bucket         = "tf-article"
5 |    key            = "terraform.tfstate"
6 |    encrypt        = "true"
7 |    dynamodb_table = "tf-article-statelock"
8 |  }
9 | }


--------------------------------------------------------------------------------
/Article 3/terraform.tfvars:
--------------------------------------------------------------------------------
1 | aws_region              =   "placeholder"
2 | aws_access_key          =   "placeholder"
3 | aws_secret_key          =   "placeholder"
4 | subnet_count            =   "placeholder"
5 | accessing_computer_ip   =   "placeholder"


--------------------------------------------------------------------------------
/Article 3/variables.tf:
--------------------------------------------------------------------------------
 1 | variable "aws_region" {
 2 |  type = "string"
 3 |  description = "Used AWS Region."
 4 | }
 5 | variable "aws_access_key" {
 6 |  type = "string"
 7 |  description = "The account identification key used by your Terraform client."
 8 | }
 9 | variable "aws_secret_key" {
10 |  type = "string"
11 |  description = "The secret key used by your terraform client to access AWS."
12 | }
13 | 
14 | variable "subnet_count" {
15 |     type        = "string"
16 |     description = "The number of subnets we want to create per type to ensure high availability."
17 | }
18 | 
19 | variable "accessing_computer_ip" {
20 |  type = "string"
21 |  description = "IP of the computer to be allowed to connect to EKS master and nodes."
22 | }


--------------------------------------------------------------------------------
/Article 4/modules.tf:
--------------------------------------------------------------------------------
 1 | module "network" {
 2 |   source = "./modules/network"
 3 | 
 4 |   // pass variables from .tfvars
 5 |   aws_region       = "${var.aws_region}"
 6 |   subnet_count     = "${var.subnet_count}"
 7 | }
 8 | 
 9 | module "eks" {
10 |   source = "./modules/eks"
11 | 
12 |   // pass variables from .tfvars
13 |   accessing_computer_ip   = "${var.accessing_computer_ip}"
14 |   aws_region              = "${var.aws_region}"
15 |   keypair-name            = "${var.keypair-name}"
16 |   // inputs from modules
17 |   vpc_id                  = "${module.network.vpc_id}"
18 |   app_subnet_ids          = "${module.network.app_subnet_ids}"
19 | }


--------------------------------------------------------------------------------
/Article 4/modules/eks/allow_nodes.tf:
--------------------------------------------------------------------------------
 1 | ########################################################################################
 2 | # setup provider for kubernetes
 3 | 
 4 | data "external" "aws_iam_authenticator" {
 5 |   program = ["sh", "-c", "aws-iam-authenticator token -i example | jq -r -c .status"]
 6 | }
 7 | 
 8 | provider "kubernetes" {
 9 |   host                      = "${aws_eks_cluster.tf_eks.endpoint}"
10 |   cluster_ca_certificate    = "${base64decode(aws_eks_cluster.tf_eks.certificate_authority.0.data)}"
11 |   token                     = "${data.external.aws_iam_authenticator.result.token}"
12 |   load_config_file          = false
13 |   version = "~> 1.5"
14 | }
15 | 
16 | # Allow worker nodes to join cluster via config map
17 | resource "kubernetes_config_map" "aws_auth" {
18 |   metadata {
19 |     name = "aws-auth"
20 |     namespace = "kube-system"
21 |   }
22 |   data {
23 |     mapRoles = <<EOF
24 | - rolearn: ${aws_iam_role.tf-eks-node.arn}
25 |   username: system:node:{{EC2PrivateDNSName}}
26 |   groups:
27 |     - system:bootstrappers
28 |     - system:nodes
29 | EOF
30 |   }
31 |   depends_on = [
32 |     "aws_eks_cluster.tf_eks"  ] 
33 | }


--------------------------------------------------------------------------------
/Article 4/modules/eks/eks_master.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_eks_cluster" "tf_eks" {
 2 |   name            = "example-cluster"
 3 |   role_arn        = "${aws_iam_role.tf-eks-master.arn}"
 4 | 
 5 |   vpc_config {
 6 |     security_group_ids = ["${aws_security_group.tf-eks-master.id}"]
 7 |     subnet_ids         = ["${var.app_subnet_ids}"]
 8 |   }
 9 | 
10 |   depends_on = [
11 |     "aws_iam_role_policy_attachment.tf-cluster-AmazonEKSClusterPolicy",
12 |     "aws_iam_role_policy_attachment.tf-cluster-AmazonEKSServicePolicy",
13 |   ]
14 | }


--------------------------------------------------------------------------------
/Article 4/modules/eks/iam.tf:
--------------------------------------------------------------------------------
 1 | # Setup for IAM role needed to setup an EKS cluster
 2 | resource "aws_iam_role" "tf-eks-master" {
 3 |   name = "terraform-eks-cluster"
 4 | 
 5 |   assume_role_policy = <<POLICY
 6 | {
 7 |   "Version": "2012-10-17",
 8 |   "Statement": [
 9 |     {
10 |       "Effect": "Allow",
11 |       "Principal": {
12 |         "Service": "eks.amazonaws.com"
13 |       },
14 |       "Action": "sts:AssumeRole"
15 |     }
16 |   ]
17 | }
18 | POLICY
19 | }
20 | 
21 | resource "aws_iam_role_policy_attachment" "tf-cluster-AmazonEKSClusterPolicy" {
22 |   policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
23 |   role       = "${aws_iam_role.tf-eks-master.name}"
24 | }
25 | 
26 | resource "aws_iam_role_policy_attachment" "tf-cluster-AmazonEKSServicePolicy" {
27 |   policy_arn = "arn:aws:iam::aws:policy/AmazonEKSServicePolicy"
28 |   role       = "${aws_iam_role.tf-eks-master.name}"
29 | }
30 | 
31 | ########################################################################################
32 | # Setup IAM role & instance profile for worker nodes
33 | 
34 | resource "aws_iam_role" "tf-eks-node" {
35 |   name = "terraform-eks-tf-eks-node"
36 | 
37 |   assume_role_policy = <<POLICY
38 | {
39 |   "Version": "2012-10-17",
40 |   "Statement": [
41 |     {
42 |       "Effect": "Allow",
43 |       "Principal": {
44 |         "Service": "ec2.amazonaws.com"
45 |       },
46 |       "Action": "sts:AssumeRole"
47 |     }
48 |   ]
49 | }
50 | POLICY
51 | }
52 | 
53 | resource "aws_iam_role_policy_attachment" "tf-eks-node-AmazonEKSWorkerNodePolicy" {
54 |   policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy"
55 |   role       = "${aws_iam_role.tf-eks-node.name}"
56 | }
57 | 
58 | resource "aws_iam_role_policy_attachment" "tf-eks-node-AmazonEKS_CNI_Policy" {
59 |   policy_arn = "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
60 |   role       = "${aws_iam_role.tf-eks-node.name}"
61 | }
62 | 
63 | resource "aws_iam_role_policy_attachment" "tf-eks-node-AmazonEC2ContainerRegistryReadOnly" {
64 |   policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
65 |   role       = "${aws_iam_role.tf-eks-node.name}"
66 | }
67 | 
68 | resource "aws_iam_instance_profile" "node" {
69 |   name = "terraform-eks-node"
70 |   role = "${aws_iam_role.tf-eks-node.name}"
71 | }
72 | 


--------------------------------------------------------------------------------
/Article 4/modules/eks/kubeconfig.tf:
--------------------------------------------------------------------------------
 1 | # generate KUBECONFIG as output to save in ~/.kube/config locally
 2 | # save the 'terraform output eks_kubeconfig > config', run 'mv config ~/.kube/config' to use it for kubectl
 3 | locals {
 4 |   kubeconfig = <<KUBECONFIG
 5 | 
 6 | 
 7 | apiVersion: v1
 8 | clusters:
 9 | - cluster:
10 |     server: ${aws_eks_cluster.tf_eks.endpoint}
11 |     certificate-authority-data: ${aws_eks_cluster.tf_eks.certificate_authority.0.data}
12 |   name: kubernetes
13 | contexts:
14 | - context:
15 |     cluster: kubernetes
16 |     user: aws
17 |   name: aws
18 | current-context: aws
19 | kind: Config
20 | preferences: {}
21 | users:
22 | - name: aws
23 |   user:
24 |     exec:
25 |       apiVersion: client.authentication.k8s.io/v1alpha1
26 |       command: aws-iam-authenticator
27 |       args:
28 |         - "token"
29 |         - "-i"
30 |         - "example"
31 | KUBECONFIG
32 | }


--------------------------------------------------------------------------------
/Article 4/modules/eks/output.tf:
--------------------------------------------------------------------------------
1 | output "eks_kubeconfig" {
2 |   value = "${local.kubeconfig}"
3 |   depends_on = [
4 |     "aws_eks_cluster.tf_eks."
5 |   ]
6 | }


--------------------------------------------------------------------------------
/Article 4/modules/eks/sg_eks_master.tf:
--------------------------------------------------------------------------------
 1 | 
 2 | resource "aws_security_group" "tf-eks-master" {
 3 |     name        = "terraform-eks-cluster"
 4 |     description = "Cluster communication with worker nodes"
 5 |     vpc_id      = "${var.vpc_id}"
 6 | 
 7 |     egress {
 8 |         from_port   = 0
 9 |         to_port     = 0
10 |         protocol    = "-1"
11 |         cidr_blocks = ["0.0.0.0/0"]
12 |     }
13 |     
14 |     tags {
15 |         Name = "terraform-eks"
16 |     }
17 | }


--------------------------------------------------------------------------------
/Article 4/modules/eks/sg_eks_node.tf:
--------------------------------------------------------------------------------
 1 |     resource "aws_security_group" "tf-eks-node" {
 2 |         name        = "terraform-eks-node"
 3 |         description = "Security group for all nodes in the cluster"
 4 |         vpc_id      = "${var.vpc_id}"
 5 | 
 6 |         egress {
 7 |             from_port   = 0
 8 |             to_port     = 0
 9 |             protocol    = "-1"
10 |             cidr_blocks = ["0.0.0.0/0"]
11 |         }
12 | 
13 |         tags {
14 |             Name = "terraform-eks"
15 |         }
16 |     }
17 |     


--------------------------------------------------------------------------------
/Article 4/modules/eks/sg_rules_eks.tf:
--------------------------------------------------------------------------------
 1 | # Allow inbound traffic from your local workstation external IP
 2 | # to the Kubernetes. You will need to replace A.B.C.D below with
 3 | # your real IP. Services like icanhazip.com can help you find this.
 4 | resource "aws_security_group_rule" "tf-eks-cluster-ingress-workstation-https" {
 5 |   cidr_blocks       = ["${var.accessing_computer_ip}/32"]
 6 |   description       = "Allow workstation to communicate with the cluster API Server"
 7 |   from_port         = 443
 8 |   protocol          = "tcp"
 9 |   security_group_id = "${aws_security_group.tf-eks-master.id}"
10 |   to_port           = 443
11 |   type              = "ingress"
12 | }
13 | 
14 | ########################################################################################
15 | # Setup worker node security group
16 | 
17 | resource "aws_security_group_rule" "tf-eks-node-ingress-self" {
18 |   description              = "Allow node to communicate with each other"
19 |   from_port                = 0
20 |   protocol                 = "-1"
21 |   security_group_id        = "${aws_security_group.tf-eks-node.id}"
22 |   source_security_group_id = "${aws_security_group.tf-eks-node.id}"
23 |   to_port                  = 65535
24 |   type                     = "ingress"
25 | }
26 | 
27 | resource "aws_security_group_rule" "tf-eks-node-ingress-cluster" {
28 |   description              = "Allow worker Kubelets and pods to receive communication from the cluster control plane"
29 |   from_port                = 1025
30 |   protocol                 = "tcp"
31 |   security_group_id        = "${aws_security_group.tf-eks-node.id}"
32 |   source_security_group_id = "${aws_security_group.tf-eks-master.id}"
33 |   to_port                  = 65535
34 |   type                     = "ingress"
35 | }
36 | 
37 | # allow worker nodes to access EKS master
38 | resource "aws_security_group_rule" "tf-eks-cluster-ingress-node-https" {
39 |   description              = "Allow pods to communicate with the cluster API Server"
40 |   from_port                = 443
41 |   protocol                 = "tcp"
42 |   security_group_id        = "${aws_security_group.tf-eks-node.id}"
43 |   source_security_group_id = "${aws_security_group.tf-eks-master.id}"
44 |   to_port                  = 443
45 |   type                     = "ingress"
46 | }
47 | 
48 | resource "aws_security_group_rule" "tf-eks-node-ingress-master" {
49 |   description              = "Allow cluster control to receive communication from the worker Kubelets"
50 |   from_port                = 443
51 |   protocol                 = "tcp"
52 |   security_group_id        = "${aws_security_group.tf-eks-master.id}"
53 |   source_security_group_id = "${aws_security_group.tf-eks-node.id}"
54 |   to_port                  = 443
55 |   type                     = "ingress"
56 | }
57 | 
58 | 
59 | 


--------------------------------------------------------------------------------
/Article 4/modules/eks/variables.tf:
--------------------------------------------------------------------------------
 1 | variable "vpc_id" {
 2 |   type = "string"
 3 | }
 4 | 
 5 | variable "accessing_computer_ip" {
 6 |     type = "string"
 7 |     description = "Public IP of the computer accessing the cluster via kubectl or browser."
 8 | }
 9 | 
10 | variable "aws_region" {
11 |   type = "string"
12 |   description = "WIP: List of used aws_regions. Should be a single one, might not be used at all."
13 | }
14 | 
15 | variable "keypair-name" {
16 |   type = "string"
17 | }
18 | 
19 | variable "app_subnet_ids" {
20 |   type = "string"
21 | }


--------------------------------------------------------------------------------
/Article 4/modules/eks/worker-nodes.tf:
--------------------------------------------------------------------------------
 1 | ########################################################################################
 2 | # Setup AutoScaling Group for worker nodes
 3 | 
 4 | # Setup data source to get amazon-provided AMI for EKS nodes
 5 | data "aws_ami" "eks-worker" {
 6 |   filter {
 7 |     name   = "name"
 8 |     values = ["amazon-eks-node-v*"]
 9 |   }
10 | 
11 |   most_recent = true
12 |   owners      = ["602401143452"] # Amazon EKS AMI Account ID
13 | }
14 | 
15 | # Is provided in demo code, no idea what it's used for though! TODO: DELETE
16 | # data "aws_region" "current" {}
17 | 
18 | # EKS currently documents this required userdata for EKS worker nodes to
19 | # properly configure Kubernetes applications on the EC2 instance.
20 | # We utilize a Terraform local here to simplify Base64 encode this
21 | # information and write it into the AutoScaling Launch Configuration.
22 | # More information: https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html
23 | locals {
24 |   tf-eks-node-userdata = <<USERDATA
25 | #!/bin/bash
26 | set -o xtrace
27 | /etc/eks/bootstrap.sh --apiserver-endpoint '${aws_eks_cluster.tf_eks.endpoint}' --b64-cluster-ca '${aws_eks_cluster.tf_eks.certificate_authority.0.data}' 'example'
28 | USERDATA
29 | }
30 | 
31 | resource "aws_launch_configuration" "tf_eks" {
32 |   associate_public_ip_address = true
33 |   iam_instance_profile        = "${aws_iam_instance_profile.node.name}"
34 |   image_id                    = "${data.aws_ami.eks-worker.id}"
35 |   instance_type               = "m4.large"
36 |   name_prefix                 = "terraform-eks"
37 |   security_groups             = ["${aws_security_group.tf-eks-node.id}"]
38 |   user_data_base64            = "${base64encode(local.tf-eks-node-userdata)}"
39 |   key_name                    = "${var.keypair-name}"
40 | 
41 |   lifecycle {
42 |     create_before_destroy = true
43 |   }
44 | }
45 | 
46 | resource "aws_autoscaling_group" "tf_eks" {
47 |   desired_capacity     = "2"
48 |   launch_configuration = "${aws_launch_configuration.tf_eks.id}"
49 |   max_size             = "3"
50 |   min_size             = 1
51 |   name                 = "terraform-tf-eks"
52 |   vpc_zone_identifier  = ["${var.app_subnet_ids}"]
53 | 
54 |   tag {
55 |     key                 = "Name"
56 |     value               = "terraform-tf-eks"
57 |     propagate_at_launch = true
58 |   }
59 | 
60 |   tag {
61 |     key                 = "kubernetes.io/cluster/example"
62 |     value               = "owned"
63 |     propagate_at_launch = true
64 |   }
65 | }
66 | 


--------------------------------------------------------------------------------
/Article 4/modules/network/gateways.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_internet_gateway" "example" {
 2 |   vpc_id = "${aws_vpc.example.id}"
 3 | 
 4 |   tags {
 5 |     Name = "internet_gateway"
 6 |   }
 7 | }
 8 | 
 9 | 
10 | resource "aws_eip" "nat_gateway" {
11 |   count = "${var.subnet_count}"
12 |   vpc      = true
13 | }
14 | 
15 | resource "aws_nat_gateway" "example" {
16 |   count = "${var.subnet_count}"
17 |   allocation_id = "${aws_eip.nat_gateway.*.id[count.index]}"
18 |   subnet_id = "${aws_subnet.gateway.*.id[count.index]}"
19 |   tags {
20 |     Name = "nat_gateway"
21 |   }
22 |   depends_on = ["aws_internet_gateway.example"]
23 | }


--------------------------------------------------------------------------------
/Article 4/modules/network/output.tf:
--------------------------------------------------------------------------------
1 | output "vpc_id" {
2 |   value = "${aws_vpc.example.id}"
3 | }
4 | 
5 | output "app_subnet_ids" {
6 |   value = "${aws_subnet.application.*.id}"
7 | }


--------------------------------------------------------------------------------
/Article 4/modules/network/route_tables.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_route_table" "application" {
 2 |   count = "${var.subnet_count}"
 3 |   vpc_id = "${aws_vpc.example.id}"
 4 |   route {
 5 |     cidr_block = "0.0.0.0/0"
 6 |     nat_gateway_id = "${aws_nat_gateway.example.*.id[count.index]}"
 7 |   }
 8 |   tags {
 9 |     Name = "example_application"
10 |   }
11 | }
12 | 
13 | resource "aws_route_table" "database" {
14 |   vpc_id = "${aws_vpc.example.id}"
15 | 
16 |   tags {
17 |     Name = "example_database"
18 |   }
19 | }
20 | resource "aws_route_table" "gateway" {
21 |   vpc_id = "${aws_vpc.example.id}"
22 | 
23 |   route {
24 |     cidr_block = "0.0.0.0/0"
25 |     gateway_id = "${aws_internet_gateway.example.id}"
26 |   }
27 |   tags {
28 |     Name = "example_gateway"
29 |   }
30 | }
31 | 
32 | resource "aws_route_table_association" "application" {
33 |   count = "${var.subnet_count}"
34 | 
35 |   subnet_id      = "${aws_subnet.application.*.id[count.index]}"
36 |   route_table_id = "${aws_route_table.application.*.id[count.index]}"
37 | }
38 | 
39 | resource "aws_route_table_association" "database" {
40 |   count = "${var.subnet_count}"
41 | 
42 |   subnet_id      = "${aws_subnet.database.*.id[count.index]}"
43 |   route_table_id = "${aws_route_table.database.id}"
44 | }
45 | 
46 | resource "aws_route_table_association" "gateway" {
47 |   count = "${var.subnet_count}"
48 | 
49 |   subnet_id      = "${aws_subnet.gateway.*.id[count.index]}"
50 |   route_table_id = "${aws_route_table.gateway.id}"
51 | }


--------------------------------------------------------------------------------
/Article 4/modules/network/subnets.tf:
--------------------------------------------------------------------------------
 1 | data "aws_availability_zones" "available" {}
 2 | 
 3 | resource "aws_subnet" "gateway" {
 4 |   count = "${var.subnet_count}"
 5 |   availability_zone = "${data.aws_availability_zones.available.names[count.index]}"
 6 |   cidr_block        = "10.0.1${count.index}.0/24"
 7 |   vpc_id            = "${aws_vpc.example.id}"
 8 |   tags = "${
 9 |     map(
10 |      "Name", "example_gateway"
11 |     )
12 |   }"
13 | }
14 | resource "aws_subnet" "application" {
15 |   count = "${var.subnet_count}"
16 |   availability_zone = "${data.aws_availability_zones.available.names[count.index]}"
17 |   cidr_block        = "10.0.2${count.index}.0/24"
18 |   vpc_id            = "${aws_vpc.example.id}"
19 |   tags = "${
20 |     map(
21 |      "Name", "example_application",
22 |      "kubernetes.io/cluster/example", "shared",
23 |     )
24 |   }"
25 | }
26 | 
27 | resource "aws_subnet" "database" {
28 |   count = "${var.subnet_count}"
29 |   availability_zone = "${data.aws_availability_zones.available.names[count.index]}"
30 |   cidr_block        = "10.0.3${count.index}.0/24"
31 |   vpc_id            = "${aws_vpc.example.id}"
32 |   
33 |   tags = "${
34 |     map(
35 |      "Name", "example_database"
36 |     )
37 |   }"
38 | }


--------------------------------------------------------------------------------
/Article 4/modules/network/variables.tf:
--------------------------------------------------------------------------------
1 | variable "aws_region" {
2 |  type = "string"
3 |  description = "Used AWS Region."
4 | }
5 | variable "subnet_count" {
6 |     type        = "string"
7 |     description = "The number of subnets we want to create per type to ensure high availability."
8 | }


--------------------------------------------------------------------------------
/Article 4/modules/network/vpc.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_vpc" "example" {
 2 |   cidr_block = "10.0.0.0/16"
 3 |   enable_dns_hostnames = true
 4 |   enable_dns_support = true
 5 |   tags = "${
 6 |     map(
 7 |      "Name", "terraform-eks",
 8 |      "kubernetes.io/cluster/example", "shared",
 9 |     )
10 |   }"
11 | }


--------------------------------------------------------------------------------
/Article 4/provider.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 |  region  = "${var.aws_region}"
3 |  version = "~> 1.55.0"
4 |  access_key = "${var.aws_access_key}"
5 |  secret_key = "${var.aws_secret_key}"
6 | }


--------------------------------------------------------------------------------
/Article 4/state_config.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 |  backend "s3" {
3 |    region         = "placeholder"
4 |    bucket         = "tf-article"
5 |    key            = "terraform.tfstate"
6 |    encrypt        = "true"
7 |    dynamodb_table = "tf-article-statelock"
8 |  }
9 | }


--------------------------------------------------------------------------------
/Article 4/terraform.tfvars:
--------------------------------------------------------------------------------
1 | aws_region              =   "placeholder"
2 | aws_access_key          =   "placeholder"
3 | aws_secret_key          =   "placeholder"
4 | subnet_count            =   "placeholder"
5 | accessing_computer_ip   =   "placeholder"
6 | keypair-name            =   "placeholder"


--------------------------------------------------------------------------------
/Article 4/variables.tf:
--------------------------------------------------------------------------------
 1 | variable "aws_region" {
 2 |  type = "string"
 3 |  description = "Used AWS Region."
 4 | }
 5 | variable "aws_access_key" {
 6 |  type = "string"
 7 |  description = "The account identification key used by your Terraform client."
 8 | }
 9 | variable "aws_secret_key" {
10 |  type = "string"
11 |  description = "The secret key used by your terraform client to access AWS."
12 | }
13 | 
14 | variable "subnet_count" {
15 |     type        = "string"
16 |     description = "The number of subnets we want to create per type to ensure high availability."
17 | }
18 | 
19 | variable "accessing_computer_ip" {
20 |  type = "string"
21 |  description = "IP of the computer to be allowed to connect to EKS master and nodes."
22 | }
23 | 
24 | variable "keypair-name" {
25 |   type = "string"
26 |   description = "Name of the keypair declared in AWS IAM, used to connect into your instances via SSH."
27 | }


--------------------------------------------------------------------------------
/Article 5/modules.tf:
--------------------------------------------------------------------------------
 1 | module "network" {
 2 |   source = "./modules/network"
 3 | 
 4 |   // pass variables from .tfvars
 5 |   aws_region       = "${var.aws_region}"
 6 |   subnet_count     = "${var.subnet_count}"
 7 | }
 8 | 
 9 | module "eks" {
10 |   source = "./modules/eks"
11 | 
12 |   // pass variables from .tfvars
13 |   accessing_computer_ip   = "${var.accessing_computer_ip}"
14 |   aws_region              = "${var.aws_region}"
15 |   keypair-name            = "${var.keypair-name}"
16 |   // inputs from modules
17 |   vpc_id                  = "${module.network.vpc_id}"
18 |   app_subnet_ids = [
19 |       "${module.network.app_subnet_ids}",
20 |    ]
21 |   cluster_version         = "${var.cluster_version}"
22 | 
23 | }
24 | 
25 | module "alb" {
26 |   source = "./modules/alb"
27 | 
28 |   // pass variables from .tfvars
29 |   hosted_zone_id           = "${var.hosted_zone_id}"
30 |   hosted_zone_url          = "${var.hosted_zone_url}"
31 |   // inputs from modules
32 |   vpc_id                  = "${module.network.vpc_id}"
33 |   gateway_subnet_ids = [
34 |       "${module.network.gateway_subnet_ids}",
35 |    ]
36 |   node_sg_id              = "${module.eks.node_sg_id}"
37 |   lb_target_group_arn     = "${module.eks.target_group_arn}"
38 | }
39 | 


--------------------------------------------------------------------------------
/Article 5/modules/alb/acm_certificate.tf:
--------------------------------------------------------------------------------
1 | data "aws_acm_certificate" "example" {
2 |   domain   = "*.example-dev.io"
3 |   statuses = ["ISSUED"]
4 | }
5 | 


--------------------------------------------------------------------------------
/Article 5/modules/alb/alb.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_alb" "eks-alb" {
 2 |   name            = "eks-alb"
 3 |   subnets         =  flatten(["${var.gateway_subnet_ids}"])
 4 |   security_groups = ["${var.node_sg_id}", "${aws_security_group.eks-alb.id}"]
 5 |   ip_address_type = "ipv4"
 6 | 
 7 |   tags = "${
 8 |     map(
 9 |      "Name", "eks-alb",
10 |      "kubernetes.io/cluster/example", "owned",
11 |     )
12 |   }"
13 | }
14 | 
15 | resource "aws_alb_listener" "eks-alb" {
16 |   load_balancer_arn = "${aws_alb.eks-alb.arn}"
17 |   port              = 80
18 |   protocol          = "HTTP"
19 |   default_action {
20 |     type              = "redirect"
21 |     redirect {
22 |       port        = "443"
23 |       protocol    = "HTTPS"
24 |       status_code = "HTTP_301"
25 |     }
26 |   }
27 | }
28 | 
29 | resource "aws_alb_listener" "eks-alb-ssl" {
30 |   load_balancer_arn = "${aws_alb.eks-alb.arn}"
31 |   port             = 443
32 |   protocol          = "HTTPS"
33 |   ssl_policy        = "ELBSecurityPolicy-TLS-1-2-Ext-2018-06"
34 |   certificate_arn   = "${data.aws_acm_certificate.example.arn}"
35 |   default_action {
36 |     type             = "forward"
37 |     target_group_arn = "${var.lb_target_group_arn}"
38 |   }
39 | }
40 | 


--------------------------------------------------------------------------------
/Article 5/modules/alb/route53-setup.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_route53_record" "example" {
 2 |   zone_id = "${var.hosted_zone_id}"
 3 |   name    = "*.api.${var.hosted_zone_url}"
 4 |   type    = "A"
 5 |   alias {
 6 |     name                   = "${aws_alb.eks-alb.dns_name}"
 7 |     zone_id                = "${aws_alb.eks-alb.zone_id}"
 8 |     evaluate_target_health = false
 9 |   }
10 | }


--------------------------------------------------------------------------------
/Article 5/modules/alb/sg_alb.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_security_group" "eks-alb" {
 2 |   name        = "eks-alb-public"
 3 |   description = "Security group allowing public traffic for the eks load balancer."
 4 |   vpc_id      = "${var.vpc_id}"
 5 | 
 6 |   egress {
 7 |     from_port   = 0
 8 |     to_port     = 0
 9 |     protocol    = "-1"
10 |     cidr_blocks = ["0.0.0.0/0"]
11 |   }
12 | 
13 |   tags = "${
14 |     map(
15 |      "Name", "terraform-eks-alb",
16 |      "kubernetes.io/cluster/example", "owned",
17 |     )
18 |   }"
19 | }
20 | 
21 | resource "aws_security_group_rule" "eks-alb-public-https" {
22 |   description       = "Allow eks load balancer to communicate with public traffic securely."
23 |   cidr_blocks       = ["0.0.0.0/0"]
24 |   from_port         = 443
25 |   protocol          = "tcp"
26 |   security_group_id = "${aws_security_group.eks-alb.id}"
27 |   to_port           = 443
28 |   type              = "ingress"
29 | }
30 | 
31 | resource "aws_security_group_rule" "eks-alb-public-http" {
32 |   description       = "Allow eks load balancer to communicate with public traffic."
33 |   cidr_blocks       = ["0.0.0.0/0"]
34 |   from_port         = 80
35 |   protocol          = "tcp"
36 |   security_group_id = "${aws_security_group.eks-alb.id}"
37 |   to_port           = 80
38 |   type              = "ingress"
39 | }
40 | 


--------------------------------------------------------------------------------
/Article 5/modules/alb/variables.tf:
--------------------------------------------------------------------------------
 1 | variable "vpc_id" {
 2 |   type = "string"
 3 | }
 4 | variable "hosted_zone_id" {
 5 |   type = "string"
 6 |   description = "ID of the hosted Zone created in Route53 before Terraform deployment."
 7 | }
 8 | 
 9 | variable "hosted_zone_url" {
10 |   type = "string"
11 |   description = "URL of the hosted Zone created in Route53 before Terraform deployment."
12 | }
13 | 
14 | 
15 | variable "gateway_subnet_ids" {
16 |   type = "list"
17 |   description = "List containing the IDs of all created gateway subnets."
18 | }
19 | 
20 | variable "node_sg_id" {
21 |   type = "string"
22 |   description = "ID of the Security Group used by the Kubernetes worker nodes."
23 | }
24 | 
25 | variable "lb_target_group_arn" {
26 |   type = "string"
27 |   description = "ARN of the Target Group pointing at the Kubernetes nodes."
28 | }
29 | 


--------------------------------------------------------------------------------
/Article 5/modules/eks/allow_nodes.tf:
--------------------------------------------------------------------------------
 1 | ########################################################################################
 2 | # setup provider for kubernetes
 3 | 
 4 | data "aws_eks_cluster_auth" "tf_eks" {
 5 |   name = "${aws_eks_cluster.tf_eks.name}"
 6 | }
 7 | 
 8 | 
 9 | provider "kubernetes" {
10 |   host                      = "${aws_eks_cluster.tf_eks.endpoint}"
11 |   cluster_ca_certificate    = "${base64decode(aws_eks_cluster.tf_eks.certificate_authority.0.data)}"
12 |   token                     = "${data.aws_eks_cluster_auth.tf_eks.token}"
13 |   load_config_file          = false
14 |   version = "~> 1.5"
15 | }
16 | 
17 | # Allow worker nodes to join cluster via config map
18 | resource "kubernetes_config_map" "aws_auth" {
19 |   metadata {
20 |     name = "aws-auth"
21 |     namespace = "kube-system"
22 |   }
23 |   data = {
24 |     mapRoles = <<EOF
25 | - rolearn: ${aws_iam_role.tf-eks-node.arn}
26 |   username: system:node:{{EC2PrivateDNSName}}
27 |   groups:
28 |     - system:bootstrappers
29 |     - system:nodes
30 | EOF
31 |   }
32 |   depends_on = [
33 |     "aws_eks_cluster.tf_eks","aws_autoscaling_group.tf_eks"]
34 | }
35 | 


--------------------------------------------------------------------------------
/Article 5/modules/eks/eks_master.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_eks_cluster" "tf_eks" {
 2 |   name            = "example-cluster"
 3 |   role_arn        = "${aws_iam_role.tf-eks-master.arn}"
 4 |   version	  = "${var.cluster_version}"
 5 |   vpc_config {
 6 |     security_group_ids = ["${aws_security_group.tf-eks-master.id}"]
 7 |     subnet_ids = flatten(["${var.app_subnet_ids}"])
 8 | 
 9 | }
10 | 
11 |   depends_on = [
12 |     "aws_iam_role_policy_attachment.tf-cluster-AmazonEKSClusterPolicy",
13 |     "aws_iam_role_policy_attachment.tf-cluster-AmazonEKSServicePolicy",
14 |   ]
15 | }
16 | 


--------------------------------------------------------------------------------
/Article 5/modules/eks/iam.tf:
--------------------------------------------------------------------------------
 1 | # Setup for IAM role needed to setup an EKS cluster
 2 | resource "aws_iam_role" "tf-eks-master" {
 3 |   name = "terraform-eks-cluster"
 4 | 
 5 |   assume_role_policy = <<POLICY
 6 | {
 7 |   "Version": "2012-10-17",
 8 |   "Statement": [
 9 |     {
10 |       "Effect": "Allow",
11 |       "Principal": {
12 |         "Service": "eks.amazonaws.com"
13 |       },
14 |       "Action": "sts:AssumeRole"
15 |     }
16 |   ]
17 | }
18 | POLICY
19 | }
20 | 
21 | resource "aws_iam_role_policy_attachment" "tf-cluster-AmazonEKSClusterPolicy" {
22 |   policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
23 |   role       = "${aws_iam_role.tf-eks-master.name}"
24 | }
25 | 
26 | resource "aws_iam_role_policy_attachment" "tf-cluster-AmazonEKSServicePolicy" {
27 |   policy_arn = "arn:aws:iam::aws:policy/AmazonEKSServicePolicy"
28 |   role       = "${aws_iam_role.tf-eks-master.name}"
29 | }
30 | 
31 | ########################################################################################
32 | # Setup IAM role & instance profile for worker nodes
33 | 
34 | resource "aws_iam_role" "tf-eks-node" {
35 |   name = "terraform-eks-tf-eks-node"
36 | 
37 |   assume_role_policy = <<POLICY
38 | {
39 |   "Version": "2012-10-17",
40 |   "Statement": [
41 |     {
42 |       "Effect": "Allow",
43 |       "Principal": {
44 |         "Service": "ec2.amazonaws.com"
45 |       },
46 |       "Action": "sts:AssumeRole"
47 |     }
48 |   ]
49 | }
50 | POLICY
51 | }
52 | 
53 | resource "aws_iam_role_policy_attachment" "tf-eks-node-AmazonEKSWorkerNodePolicy" {
54 |   policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy"
55 |   role       = "${aws_iam_role.tf-eks-node.name}"
56 | }
57 | 
58 | resource "aws_iam_role_policy_attachment" "tf-eks-node-AmazonEKS_CNI_Policy" {
59 |   policy_arn = "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
60 |   role       = "${aws_iam_role.tf-eks-node.name}"
61 | }
62 | 
63 | resource "aws_iam_role_policy_attachment" "tf-eks-node-AmazonEC2ContainerRegistryReadOnly" {
64 |   policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
65 |   role       = "${aws_iam_role.tf-eks-node.name}"
66 | }
67 | 
68 | resource "aws_iam_instance_profile" "node" {
69 |   name = "terraform-eks-node"
70 |   role = "${aws_iam_role.tf-eks-node.name}"
71 | }
72 | 


--------------------------------------------------------------------------------
/Article 5/modules/eks/kubeconfig.tf:
--------------------------------------------------------------------------------
 1 | # generate KUBECONFIG as output to save in ~/.kube/config locally
 2 | # save the 'terraform output eks_kubeconfig > config', run 'mv config ~/.kube/config' to use it for kubectl
 3 | locals {
 4 |   kubeconfig = <<KUBECONFIG
 5 | 
 6 | 
 7 | apiVersion: v1
 8 | clusters:
 9 | - cluster:
10 |     server: ${aws_eks_cluster.tf_eks.endpoint}
11 |     certificate-authority-data: ${aws_eks_cluster.tf_eks.certificate_authority.0.data}
12 |   name: kubernetes
13 | contexts:
14 | - context:
15 |     cluster: kubernetes
16 |     user: aws
17 |   name: aws
18 | current-context: aws
19 | kind: Config
20 | preferences: {}
21 | users:
22 | - name: aws
23 |   user:
24 |     exec:
25 |       apiVersion: client.authentication.k8s.io/v1alpha1
26 |       command: aws-iam-authenticator
27 |       args:
28 |         - "token"
29 |         - "-i"
30 |         - "example"
31 | KUBECONFIG
32 | }


--------------------------------------------------------------------------------
/Article 5/modules/eks/output.tf:
--------------------------------------------------------------------------------
 1 | output "eks_kubeconfig" {
 2 |   value = "${local.kubeconfig}"
 3 |   depends_on = [
 4 |     "aws_eks_cluster.tf_eks"
 5 |   ]
 6 | }
 7 | 
 8 | output "target_group_arn" {
 9 |   value = "${aws_lb_target_group.tf_eks.arn}"
10 | }
11 | 
12 | output "node_sg_id" {
13 |   value = "${aws_security_group.tf-eks-node.id}"
14 | }
15 | 


--------------------------------------------------------------------------------
/Article 5/modules/eks/sg_eks_master.tf:
--------------------------------------------------------------------------------
 1 | 
 2 | resource "aws_security_group" "tf-eks-master" {
 3 |     name        = "terraform-eks-cluster"
 4 |     description = "Cluster communication with worker nodes"
 5 |     vpc_id      = "${var.vpc_id}"
 6 | 
 7 |     egress {
 8 |         from_port   = 0
 9 |         to_port     = 0
10 |         protocol    = "-1"
11 |         cidr_blocks = ["0.0.0.0/0"]
12 |     }
13 |     
14 |     tags = {
15 |         Name = "terraform-eks"
16 |     }
17 | }
18 | 


--------------------------------------------------------------------------------
/Article 5/modules/eks/sg_eks_node.tf:
--------------------------------------------------------------------------------
 1 |     resource "aws_security_group" "tf-eks-node" {
 2 |         name        = "terraform-eks-node"
 3 |         description = "Security group for all nodes in the cluster"
 4 |         vpc_id      = "${var.vpc_id}"
 5 | 
 6 |         egress {
 7 |             from_port   = 0
 8 |             to_port     = 0
 9 |             protocol    = "-1"
10 |             cidr_blocks = ["0.0.0.0/0"]
11 |         }
12 | 
13 |         tags = {
14 |             Name = "terraform-eks"
15 |         }
16 |     }
17 |     
18 | 


--------------------------------------------------------------------------------
/Article 5/modules/eks/sg_rules_eks.tf:
--------------------------------------------------------------------------------
 1 | # Allow inbound traffic from your local workstation external IP
 2 | # to the Kubernetes. You will need to replace A.B.C.D below with
 3 | # your real IP. Services like icanhazip.com can help you find this.
 4 | resource "aws_security_group_rule" "tf-eks-cluster-ingress-workstation-https" {
 5 |   cidr_blocks       = ["${var.accessing_computer_ip}/32"]
 6 |   description       = "Allow workstation to communicate with the cluster API Server"
 7 |   from_port         = 443
 8 |   protocol          = "tcp"
 9 |   security_group_id = "${aws_security_group.tf-eks-master.id}"
10 |   to_port           = 443
11 |   type              = "ingress"
12 | }
13 | 
14 | ########################################################################################
15 | # Setup worker node security group
16 | 
17 | resource "aws_security_group_rule" "tf-eks-node-ingress-self" {
18 |   description              = "Allow node to communicate with each other"
19 |   from_port                = 0
20 |   protocol                 = "-1"
21 |   security_group_id        = "${aws_security_group.tf-eks-node.id}"
22 |   source_security_group_id = "${aws_security_group.tf-eks-node.id}"
23 |   to_port                  = 65535
24 |   type                     = "ingress"
25 | }
26 | 
27 | resource "aws_security_group_rule" "tf-eks-node-ingress-cluster" {
28 |   description              = "Allow worker Kubelets and pods to receive communication from the cluster control plane"
29 |   from_port                = 1025
30 |   protocol                 = "tcp"
31 |   security_group_id        = "${aws_security_group.tf-eks-node.id}"
32 |   source_security_group_id = "${aws_security_group.tf-eks-master.id}"
33 |   to_port                  = 65535
34 |   type                     = "ingress"
35 | }
36 | 
37 | # allow worker nodes to access EKS master
38 | resource "aws_security_group_rule" "tf-eks-cluster-ingress-node-https" {
39 |   description              = "Allow pods to communicate with the cluster API Server"
40 |   from_port                = 443
41 |   protocol                 = "tcp"
42 |   security_group_id        = "${aws_security_group.tf-eks-node.id}"
43 |   source_security_group_id = "${aws_security_group.tf-eks-master.id}"
44 |   to_port                  = 443
45 |   type                     = "ingress"
46 | }
47 | 
48 | resource "aws_security_group_rule" "tf-eks-node-ingress-master" {
49 |   description              = "Allow cluster control to receive communication from the worker Kubelets"
50 |   from_port                = 443
51 |   protocol                 = "tcp"
52 |   security_group_id        = "${aws_security_group.tf-eks-master.id}"
53 |   source_security_group_id = "${aws_security_group.tf-eks-node.id}"
54 |   to_port                  = 443
55 |   type                     = "ingress"
56 | }
57 | 
58 | 
59 | 


--------------------------------------------------------------------------------
/Article 5/modules/eks/variables.tf:
--------------------------------------------------------------------------------
 1 | variable "vpc_id" {
 2 |   type = "string"
 3 | }
 4 | 
 5 | variable "accessing_computer_ip" {
 6 |     type = "string"
 7 |     description = "Public IP of the computer accessing the cluster via kubectl or browser."
 8 | }
 9 | 
10 | variable "aws_region" {
11 |   type = "string"
12 |   description = "WIP: List of used aws_regions. Should be a single one, might not be used at all."
13 | }
14 | 
15 | variable "keypair-name" {
16 |   type = "string"
17 | }
18 | 
19 | variable "app_subnet_ids" {
20 |   type = "list"
21 | }
22 | 
23 | variable "cluster_version" {
24 |   type = "string"
25 | }
26 | 


--------------------------------------------------------------------------------
/Article 5/modules/eks/worker-nodes.tf:
--------------------------------------------------------------------------------
 1 | ########################################################################################
 2 | # Setup AutoScaling Group for worker nodes
 3 | 
 4 | # Setup data source to get amazon-provided AMI for EKS nodes
 5 | data "aws_ami" "eks-worker" {
 6 |   filter {
 7 |     name   = "name"
 8 |     values = ["amazon-eks-node-${var.cluster_version}-v*"]
 9 |   }
10 | 
11 |   most_recent = true
12 |   owners      = ["602401143452"] # Amazon EKS AMI Account ID
13 | }
14 | 
15 | # Is provided in demo code, no idea what it's used for though! TODO: DELETE
16 | # data "aws_region" "current" {}
17 | 
18 | # EKS currently documents this required userdata for EKS worker nodes to
19 | # properly configure Kubernetes applications on the EC2 instance.
20 | # We utilize a Terraform local here to simplify Base64 encode this
21 | # information and write it into the AutoScaling Launch Configuration.
22 | # More information: https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html
23 | locals {
24 |   tf-eks-node-userdata = <<USERDATA
25 | #!/bin/bash
26 | set -o xtrace
27 | /etc/eks/bootstrap.sh --apiserver-endpoint '${aws_eks_cluster.tf_eks.endpoint}' --b64-cluster-ca '${aws_eks_cluster.tf_eks.certificate_authority.0.data}' 'example-cluster'
28 | USERDATA
29 | }
30 | 
31 | resource "aws_launch_configuration" "tf_eks" {
32 |   associate_public_ip_address = true
33 |   iam_instance_profile        = "${aws_iam_instance_profile.node.name}"
34 |   image_id                    = "${data.aws_ami.eks-worker.id}"
35 |   instance_type               = "m4.large"
36 |   name_prefix                 = "terraform-eks"
37 |   security_groups             = ["${aws_security_group.tf-eks-node.id}"]
38 |   user_data_base64            = "${base64encode(local.tf-eks-node-userdata)}"
39 |   key_name                    = "${var.keypair-name}"
40 | 
41 |   lifecycle {
42 |     create_before_destroy = true
43 |   }
44 | }
45 | 
46 | resource "aws_lb_target_group" "tf_eks" {
47 |   name = "terraform-eks-nodes"
48 |   port = 31742
49 |   protocol = "HTTP"
50 |   vpc_id = "${var.vpc_id}"
51 |   target_type = "instance"
52 | }
53 | 
54 | resource "aws_autoscaling_group" "tf_eks" {
55 |   desired_capacity     = "2"
56 |   launch_configuration = "${aws_launch_configuration.tf_eks.id}"
57 |   max_size             = "3"
58 |   min_size             = 1
59 |   name                 = "terraform-tf-eks"
60 |   vpc_zone_identifier = flatten(["${var.app_subnet_ids}"])
61 |   target_group_arns    = ["${aws_lb_target_group.tf_eks.arn}"]
62 | 
63 |   tag {
64 |     key                 = "Name"
65 |     value               = "terraform-tf-eks"
66 |     propagate_at_launch = true
67 |   }
68 | 
69 |   tag {
70 |     key                 = "kubernetes.io/cluster/example-cluster"
71 |     value               = "owned"
72 |     propagate_at_launch = true
73 |   }
74 | }
75 | 


--------------------------------------------------------------------------------
/Article 5/modules/network/gateways.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_internet_gateway" "example" {
 2 |   vpc_id = "${aws_vpc.example.id}"
 3 | 
 4 |   tags = {
 5 |     Name = "internet_gateway"
 6 |   }
 7 | }
 8 | 
 9 | 
10 | resource "aws_eip" "nat_gateway" {
11 |   count = "${var.subnet_count}"
12 |   vpc      = true
13 | }
14 | 
15 | resource "aws_nat_gateway" "example" {
16 |   count = "${var.subnet_count}"
17 |   allocation_id = "${aws_eip.nat_gateway.*.id[count.index]}"
18 |   subnet_id = "${aws_subnet.gateway.*.id[count.index]}"
19 |   tags = {
20 |     Name = "nat_gateway"
21 |   }
22 |   depends_on = ["aws_internet_gateway.example"]
23 | }
24 | 


--------------------------------------------------------------------------------
/Article 5/modules/network/output.tf:
--------------------------------------------------------------------------------
 1 | output "vpc_id" {
 2 |   value = "${aws_vpc.example.id}"
 3 | }
 4 | 
 5 | output "app_subnet_ids" {
 6 |   value = "${aws_subnet.application.*.id}"
 7 | }
 8 | 
 9 | output "gateway_subnet_ids" {
10 |   value = "${aws_subnet.gateway.*.id}"
11 | }


--------------------------------------------------------------------------------
/Article 5/modules/network/route_tables.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_route_table" "application" {
 2 |   count = "${var.subnet_count}"
 3 |   vpc_id = "${aws_vpc.example.id}"
 4 |   route {
 5 |     cidr_block = "0.0.0.0/0"
 6 |     nat_gateway_id = "${aws_nat_gateway.example.*.id[count.index]}"
 7 |   }
 8 |   tags = {
 9 |     Name = "example_application"
10 |   }
11 | }
12 | 
13 | resource "aws_route_table" "database" {
14 |   vpc_id = "${aws_vpc.example.id}"
15 | 
16 |   tags = {
17 |     Name = "example_database"
18 |   }
19 | }
20 | resource "aws_route_table" "gateway" {
21 |   vpc_id = "${aws_vpc.example.id}"
22 | 
23 |   route {
24 |     cidr_block = "0.0.0.0/0"
25 |     gateway_id = "${aws_internet_gateway.example.id}"
26 |   }
27 |   tags = {
28 |     Name = "example_gateway"
29 |   }
30 | }
31 | 
32 | resource "aws_route_table_association" "application" {
33 |   count = "${var.subnet_count}"
34 | 
35 |   subnet_id      = "${aws_subnet.application.*.id[count.index]}"
36 |   route_table_id = "${aws_route_table.application.*.id[count.index]}"
37 | }
38 | 
39 | resource "aws_route_table_association" "database" {
40 |   count = "${var.subnet_count}"
41 | 
42 |   subnet_id      = "${aws_subnet.database.*.id[count.index]}"
43 |   route_table_id = "${aws_route_table.database.id}"
44 | }
45 | 
46 | resource "aws_route_table_association" "gateway" {
47 |   count = "${var.subnet_count}"
48 | 
49 |   subnet_id      = "${aws_subnet.gateway.*.id[count.index]}"
50 |   route_table_id = "${aws_route_table.gateway.id}"
51 | }
52 | 


--------------------------------------------------------------------------------
/Article 5/modules/network/subnets.tf:
--------------------------------------------------------------------------------
 1 | data "aws_availability_zones" "available" {}
 2 | 
 3 | resource "aws_subnet" "gateway" {
 4 |   count = "${var.subnet_count}"
 5 |   availability_zone = "${data.aws_availability_zones.available.names[count.index]}"
 6 |   cidr_block        = "10.0.1${count.index}.0/24"
 7 |   vpc_id            = "${aws_vpc.example.id}"
 8 |   tags = "${
 9 |     map(
10 |      "Name", "example_gateway"
11 |     )
12 |   }"
13 | }
14 | resource "aws_subnet" "application" {
15 |   count = "${var.subnet_count}"
16 |   availability_zone = "${data.aws_availability_zones.available.names[count.index]}"
17 |   cidr_block        = "10.0.2${count.index}.0/24"
18 |   vpc_id            = "${aws_vpc.example.id}"
19 |   tags = "${
20 |     map(
21 |      "Name", "example_application",
22 |      "kubernetes.io/cluster/example", "shared",
23 |     )
24 |   }"
25 | }
26 | 
27 | resource "aws_subnet" "database" {
28 |   count = "${var.subnet_count}"
29 |   availability_zone = "${data.aws_availability_zones.available.names[count.index]}"
30 |   cidr_block        = "10.0.3${count.index}.0/24"
31 |   vpc_id            = "${aws_vpc.example.id}"
32 |   
33 |   tags = "${
34 |     map(
35 |      "Name", "example_database"
36 |     )
37 |   }"
38 | }


--------------------------------------------------------------------------------
/Article 5/modules/network/variables.tf:
--------------------------------------------------------------------------------
1 | variable "aws_region" {
2 |  type = "string"
3 |  description = "Used AWS Region."
4 | }
5 | variable "subnet_count" {
6 |     type        = "string"
7 |     description = "The number of subnets we want to create per type to ensure high availability."
8 | }


--------------------------------------------------------------------------------
/Article 5/modules/network/vpc.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_vpc" "example" {
 2 |   cidr_block = "10.0.0.0/16"
 3 |   enable_dns_hostnames = true
 4 |   enable_dns_support = true
 5 |   tags = "${
 6 |     map(
 7 |      "Name", "terraform-eks",
 8 |      "kubernetes.io/cluster/example", "shared",
 9 |     )
10 |   }"
11 | }


--------------------------------------------------------------------------------
/Article 5/provider.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 |  region  = "${var.aws_region}"
3 |  version = "~> 2.70.0"
4 |  access_key = "${var.aws_access_key}"
5 |  secret_key = "${var.aws_secret_key}"
6 | }
7 | 


--------------------------------------------------------------------------------
/Article 5/state_config.tf:
--------------------------------------------------------------------------------
 1 | terraform {
 2 |  backend "s3" {
 3 |    region         = "placeholder"
 4 |    bucket         = "tf-article"
 5 |    key            = "terraform.tfstate"
 6 |    encrypt        = "true"
 7 |    dynamodb_table = "tf-article-statelock"
 8 |  }
 9 | }
10 | 


--------------------------------------------------------------------------------
/Article 5/terraform.tfvars:
--------------------------------------------------------------------------------
 1 | aws_region              =   "placeholder"
 2 | aws_access_key          =   "placeholder"
 3 | aws_secret_key          =   "placeholder"
 4 | subnet_count            =   "placeholder"
 5 | accessing_computer_ip   =   "placeholder"
 6 | keypair-name            =   "placeholder"
 7 | cluster_version		      =   "placeholder"
 8 | hosted_zone_id          =   "placeholder"
 9 | hosted_zone_url         =   "placeholder"
10 | 


--------------------------------------------------------------------------------
/Article 5/variables.tf:
--------------------------------------------------------------------------------
 1 | variable "aws_region" {
 2 |  type = "string"
 3 |  description = "Used AWS Region."
 4 | }
 5 | 
 6 | variable "aws_access_key" {
 7 |  type = "string"
 8 |  description = "The account identification key used by your Terraform client."
 9 | }
10 | 
11 | variable "aws_secret_key" {
12 |  type = "string"
13 |  description = "The secret key used by your terraform client to access AWS."
14 | }
15 | 
16 | variable "subnet_count" {
17 |     type        = "string"
18 |     description = "The number of subnets we want to create per type to ensure high availability."
19 | }
20 | 
21 | variable "accessing_computer_ip" {
22 |  type = "string"
23 |  description = "IP of the computer to be allowed to connect to EKS master and nodes."
24 | }
25 | 
26 | variable "keypair-name" {
27 |   type = "string"
28 |   description = "Name of the keypair declared in AWS IAM, used to connect into your instances via SSH."
29 | }
30 | 
31 | variable "hosted_zone_id" {
32 |   type = "string"
33 |   description = "ID of the hosted Zone created in Route53 before Terraform deployment."
34 | }
35 | 
36 | variable "hosted_zone_url" {
37 |   type = "string"
38 |   description = "URL of the hosted Zone created in Route53 before Terraform deployment."
39 | }
40 | 
41 | variable "cluster_version" {
42 |   type = "string"
43 | }
44 | 


--------------------------------------------------------------------------------