Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app1/index.html 10 | sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app1/metadata.html 11 | 12 | 13 | -------------------------------------------------------------------------------- /terraform-manifests/c5-04-securitygroup-privatesg.tf: -------------------------------------------------------------------------------- 1 | # AWS EC2 Security Group Terraform Module 2 | # Security Group for Private EC2 Instances 3 | module "private_sg" { 4 | source = "terraform-aws-modules/security-group/aws" 5 | #version = "3.18.0" 6 | version = "4.0.0" 7 | 8 | #name = "private-sg" 9 | name = "${local.name}-private-sg" 10 | description = "Security Group with HTTP & SSH port open for entire VPC Block (IPv4 CIDR), egress ports are all world open" 11 | vpc_id = module.vpc.vpc_id 12 | # Ingress Rules & CIDR Blocks 13 | ingress_rules = ["ssh-tcp", "http-80-tcp", "http-8080-tcp"] 14 | ingress_cidr_blocks = [module.vpc.vpc_cidr_block] 15 | # Egress Rule - all-all open 16 | egress_rules = ["all-all"] 17 | tags = local.common_tags 18 | } 19 | 20 | -------------------------------------------------------------------------------- /terraform-manifests/dev.tfvars: -------------------------------------------------------------------------------- 1 | # Environment 2 | environment = "dev" 3 | # VPC Variables 4 | vpc_name = "myvpc" 5 | vpc_cidr_block = "10.0.0.0/16" 6 | vpc_availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"] 7 | vpc_public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"] 8 | vpc_private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] 9 | vpc_database_subnets= ["10.0.151.0/24", "10.0.152.0/24", "10.0.153.0/24"] 10 | vpc_create_database_subnet_group = true 11 | vpc_create_database_subnet_route_table = true 12 | vpc_enable_nat_gateway = true 13 | vpc_single_nat_gateway = true 14 | 15 | # EC2 Instance Variables 16 | instance_type = "t3.micro" 17 | instance_keypair = "terraform-key" 18 | private_instance_count = 2 19 | 20 | # DNS Name 21 | dns_name = "devdemo5.devopsincloud.com" 22 | 23 | -------------------------------------------------------------------------------- /terraform-manifests/stag.tfvars: -------------------------------------------------------------------------------- 1 | # Environment 2 | environment = "stag" 3 | # VPC Variables 4 | vpc_name = "myvpc" 5 | vpc_cidr_block = "10.0.0.0/16" 6 | vpc_availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"] 7 | vpc_public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"] 8 | vpc_private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] 9 | vpc_database_subnets= ["10.0.151.0/24", "10.0.152.0/24", "10.0.153.0/24"] 10 | vpc_create_database_subnet_group = true 11 | vpc_create_database_subnet_route_table = true 12 | vpc_enable_nat_gateway = true 13 | vpc_single_nat_gateway = true 14 | 15 | # EC2 Instance Variables 16 | instance_type = "t3.micro" 17 | instance_keypair = "terraform-key" 18 | private_instance_count = 2 19 | 20 | # DNS Name 21 | dns_name = "stagedemo5.devopsincloud.com" 22 | 23 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Local .terraform directories 2 | **/.terraform/* 3 | 4 | # .tfstate files 5 | *.tfstate 6 | *.tfstate.* 7 | 8 | # Crash log files 9 | crash.log 10 | 11 | # Ignore any .tfvars files that are generated automatically for each Terraform run. Most 12 | # .tfvars files are managed as part of configuration and so should be included in 13 | # version control. 14 | # 15 | # example.tfvars 16 | 17 | # Ignore override files as they are usually used to override resources locally and so 18 | # are not checked in 19 | override.tf 20 | override.tf.json 21 | *_override.tf 22 | *_override.tf.json 23 | 24 | # Include override files you do wish to add to version control using negated pattern 25 | # 26 | # !example_override.tf 27 | 28 | # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan 29 | # example: *tfplan* 30 | -------------------------------------------------------------------------------- /terraform-manifests/c7-03-ec2instance-bastion.tf: -------------------------------------------------------------------------------- 1 | # AWS EC2 Instance Terraform Module 2 | # Bastion Host - EC2 Instance that will be created in VPC Public Subnet 3 | module "ec2_public" { 4 | source = "terraform-aws-modules/ec2-instance/aws" 5 | version = "2.17.0" 6 | # insert the 10 required variables here 7 | name = "${var.environment}-BastionHost" 8 | #instance_count = 5 9 | ami = data.aws_ami.amzlinux2.id 10 | instance_type = var.instance_type 11 | key_name = var.instance_keypair 12 | #monitoring = true 13 | subnet_id = module.vpc.public_subnets[0] 14 | #vpc_security_group_ids = [module.public_bastion_sg.this_security_group_id] 15 | vpc_security_group_ids = [module.public_bastion_sg.security_group_id] 16 | tags = local.common_tags 17 | } 18 | 19 | -------------------------------------------------------------------------------- /terraform-manifests/c1-versions.tf: -------------------------------------------------------------------------------- 1 | # Terraform Block 2 | terraform { 3 | required_version = "~> 0.14" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = "~> 3.0" 8 | } 9 | null = { 10 | source = "hashicorp/null" 11 | version = "~> 3.0" 12 | } 13 | random = { 14 | source = "hashicorp/random" 15 | version = "~> 3.0" 16 | } 17 | } 18 | # Adding Backend as S3 for Remote State Storage 19 | backend "s3" {} 20 | } 21 | 22 | # Provider Block 23 | provider "aws" { 24 | region = var.aws_region 25 | profile = "default" 26 | } 27 | /* 28 | Note-1: AWS Credentials Profile (profile = "default") configured on your local desktop terminal 29 | $HOME/.aws/credentials 30 | */ 31 | 32 | # Create Random Pet Resource 33 | resource "random_pet" "this" { 34 | length = 2 35 | } -------------------------------------------------------------------------------- /terraform-manifests/c13-04-autoscaling-with-launchtemplate-outputs.tf: -------------------------------------------------------------------------------- 1 | # Launch Template Outputs 2 | ## launch_template_id 3 | output "launch_template_id" { 4 | description = "Launch Template ID" 5 | value = aws_launch_template.my_launch_template.id 6 | } 7 | ## launch_template_latest_version 8 | output "launch_template_latest_version" { 9 | description = "Launch Template Latest Version" 10 | value = aws_launch_template.my_launch_template.latest_version 11 | } 12 | 13 | # Autoscaling Outputs 14 | ## autoscaling_group_id 15 | output "autoscaling_group_id" { 16 | description = "Autoscaling Group ID" 17 | value = aws_autoscaling_group.my_asg.id 18 | } 19 | 20 | ## autoscaling_group_name 21 | output "autoscaling_group_name" { 22 | description = "Autoscaling Group Name" 23 | value = aws_autoscaling_group.my_asg.name 24 | } 25 | ## autoscaling_group_arn 26 | output "autoscaling_group_arn" { 27 | description = "Autoscaling Group ARN" 28 | value = aws_autoscaling_group.my_asg.arn 29 | } 30 | -------------------------------------------------------------------------------- /terraform-manifests/c4-03-vpc-outputs.tf: -------------------------------------------------------------------------------- 1 | # VPC Output Values 2 | 3 | # VPC ID 4 | output "vpc_id" { 5 | description = "The ID of the VPC" 6 | value = module.vpc.vpc_id 7 | } 8 | 9 | # VPC CIDR blocks 10 | output "vpc_cidr_block" { 11 | description = "The CIDR block of the VPC" 12 | value = module.vpc.vpc_cidr_block 13 | } 14 | 15 | # VPC Private Subnets 16 | output "private_subnets" { 17 | description = "List of IDs of private subnets" 18 | value = module.vpc.private_subnets 19 | } 20 | 21 | # VPC Public Subnets 22 | output "public_subnets" { 23 | description = "List of IDs of public subnets" 24 | value = module.vpc.public_subnets 25 | } 26 | 27 | # VPC NAT gateway Public IP 28 | output "nat_public_ips" { 29 | description = "List of public Elastic IPs created for AWS NAT Gateway" 30 | value = module.vpc.nat_public_ips 31 | } 32 | 33 | # VPC AZs 34 | output "azs" { 35 | description = "A list of availability zones spefified as argument to this module" 36 | value = module.vpc.azs 37 | } -------------------------------------------------------------------------------- /terraform-manifests/c5-05-securitygroup-loadbalancersg.tf: -------------------------------------------------------------------------------- 1 | # Security Group for Public Load Balancer 2 | module "loadbalancer_sg" { 3 | source = "terraform-aws-modules/security-group/aws" 4 | #version = "3.18.0" 5 | version = "4.0.0" 6 | 7 | #name = "loadbalancer-sg" 8 | name = "${local.name}-loadbalancer-sg" 9 | description = "Security Group with HTTP open for entire Internet (IPv4 CIDR), egress ports are all world open" 10 | vpc_id = module.vpc.vpc_id 11 | # Ingress Rules & CIDR Blocks 12 | ingress_rules = ["http-80-tcp", "https-443-tcp"] 13 | ingress_cidr_blocks = ["0.0.0.0/0"] 14 | # Egress Rule - all-all open 15 | egress_rules = ["all-all"] 16 | tags = local.common_tags 17 | 18 | # Open to CIDRs blocks (rule or from_port+to_port+protocol+description) 19 | ingress_with_cidr_blocks = [ 20 | { 21 | from_port = 81 22 | to_port = 81 23 | protocol = 6 24 | description = "Allow Port 81 from internet" 25 | cidr_blocks = "0.0.0.0/0" 26 | }, 27 | ] 28 | } 29 | 30 | 31 | -------------------------------------------------------------------------------- /terraform-manifests/c13-05-autoscaling-notifications.tf: -------------------------------------------------------------------------------- 1 | # Autoscaling Notifications 2 | ## AWS Bug for SNS Topic: https://stackoverflow.com/questions/62694223/cloudwatch-alarm-pending-confirmation 3 | ## Due to that create SNS Topic with unique name 4 | 5 | ## SNS - Topic 6 | resource "aws_sns_topic" "myasg_sns_topic" { 7 | #name = "myasg-sns-topic-${random_pet.this.id}" 8 | name = "${local.name}-${random_pet.this.id}" 9 | } 10 | 11 | ## SNS - Subscription 12 | resource "aws_sns_topic_subscription" "myasg_sns_topic_subscription" { 13 | topic_arn = aws_sns_topic.myasg_sns_topic.arn 14 | protocol = "email" 15 | endpoint = "stacksimplify@gmail.com" 16 | } 17 | 18 | ## Create Autoscaling Notification Resource 19 | resource "aws_autoscaling_notification" "myasg_notifications" { 20 | group_names = [aws_autoscaling_group.my_asg.id] 21 | notifications = [ 22 | "autoscaling:EC2_INSTANCE_LAUNCH", 23 | "autoscaling:EC2_INSTANCE_TERMINATE", 24 | "autoscaling:EC2_INSTANCE_LAUNCH_ERROR", 25 | "autoscaling:EC2_INSTANCE_TERMINATE_ERROR", 26 | ] 27 | topic_arn = aws_sns_topic.myasg_sns_topic.arn 28 | } -------------------------------------------------------------------------------- /terraform-manifests/c9-nullresource-provisioners.tf: -------------------------------------------------------------------------------- 1 | # Create a Null Resource and Provisioners 2 | resource "null_resource" "name" { 3 | depends_on = [module.ec2_public] 4 | # Connection Block for Provisioners to connect to EC2 Instance 5 | connection { 6 | type = "ssh" 7 | host = aws_eip.bastion_eip.public_ip 8 | user = "ec2-user" 9 | password = "" 10 | private_key = file("private-key/terraform-key.pem") 11 | } 12 | 13 | ## File Provisioner: Copies the terraform-key.pem file to /tmp/terraform-key.pem 14 | provisioner "file" { 15 | source = "private-key/terraform-key.pem" 16 | destination = "/tmp/terraform-key.pem" 17 | } 18 | ## Remote Exec Provisioner: Using remote-exec provisioner fix the private key permissions on Bastion Host 19 | provisioner "remote-exec" { 20 | inline = [ 21 | "sudo chmod 400 /tmp/terraform-key.pem" 22 | ] 23 | } 24 | } 25 | 26 | 27 | # Creation Time Provisioners - By default they are created during resource creations (terraform apply) 28 | # Destory Time Provisioners - Will be executed during "terraform destroy" command (when = destroy) -------------------------------------------------------------------------------- /terraform-manifests/c13-02-autoscaling-launchtemplate-resource.tf: -------------------------------------------------------------------------------- 1 | # Launch Template Resource 2 | resource "aws_launch_template" "my_launch_template" { 3 | name_prefix = "${local.name}-" 4 | #name = "my-launch-template" 5 | description = "My Launch template" 6 | image_id = data.aws_ami.amzlinux2.id 7 | instance_type = var.instance_type 8 | 9 | vpc_security_group_ids = [ module.private_sg.security_group_id ] 10 | key_name = var.instance_keypair 11 | user_data = filebase64("${path.module}/app1-install.sh") 12 | ebs_optimized = true 13 | #default_version = 1 14 | update_default_version = true 15 | block_device_mappings { 16 | device_name = "/dev/sda1" 17 | ebs { 18 | #volume_size = 10 19 | volume_size = 20 # LT Update Testing - Version 2 of LT 20 | delete_on_termination = true 21 | volume_type = "gp2" # default is gp2 22 | } 23 | } 24 | monitoring { 25 | enabled = true 26 | } 27 | tag_specifications { 28 | resource_type = "instance" 29 | tags = { 30 | #Name = "myasg" 31 | Name = local.name 32 | } 33 | } 34 | 35 | } 36 | 37 | -------------------------------------------------------------------------------- /terraform-manifests/c13-07-autoscaling-scheduled-actions.tf: -------------------------------------------------------------------------------- 1 | ## Create Scheduled Actions 2 | ### Create Scheduled Action-1: Increase capacity during business hours 3 | resource "aws_autoscaling_schedule" "increase_capacity_7am" { 4 | scheduled_action_name = "increase-capacity-7am" 5 | min_size = 2 6 | max_size = 10 7 | desired_capacity = 8 8 | start_time = "2030-03-30T11:00:00Z" # Time should be provided in UTC Timezone (11am UTC = 7AM EST) 9 | recurrence = "00 09 * * *" 10 | autoscaling_group_name = aws_autoscaling_group.my_asg.id 11 | } 12 | ### Create Scheduled Action-2: Decrease capacity during business hours 13 | resource "aws_autoscaling_schedule" "decrease_capacity_5pm" { 14 | scheduled_action_name = "decrease-capacity-5pm" 15 | min_size = 2 16 | max_size = 10 17 | desired_capacity = 2 18 | start_time = "2030-03-30T21:00:00Z" # Time should be provided in UTC Timezone (9PM UTC = 5PM EST) 19 | recurrence = "00 21 * * *" 20 | autoscaling_group_name = aws_autoscaling_group.my_asg.id 21 | } 22 | 23 | 24 | -------------------------------------------------------------------------------- /terraform-manifests/c13-03-autoscaling-resource.tf: -------------------------------------------------------------------------------- 1 | # Autoscaling Group Resource 2 | resource "aws_autoscaling_group" "my_asg" { 3 | #name_prefix = "myasg-" 4 | name_prefix = "${local.name}-" 5 | max_size = 10 6 | min_size = 2 7 | #min_size = 4 8 | desired_capacity = 2 9 | #desired_capacity = 4 10 | vpc_zone_identifier = module.vpc.private_subnets 11 | target_group_arns = module.alb.target_group_arns 12 | health_check_type = "EC2" 13 | #health_check_grace_period = 300 # default is 300 seconds 14 | launch_template { 15 | id = aws_launch_template.my_launch_template.id 16 | version = aws_launch_template.my_launch_template.latest_version 17 | } 18 | # Instance Refresh 19 | instance_refresh { 20 | strategy = "Rolling" 21 | preferences { 22 | # instance_warmup = 300 # Default behavior is to use the Auto Scaling Groups health check grace period value 23 | min_healthy_percentage = 50 24 | } 25 | triggers = [ "desired_capacity" ] # You can add any argument from ASG here, if those has changes, ASG Instance Refresh will trigger 26 | } 27 | tag { 28 | key = "Owners" 29 | value = "Web-Team" 30 | propagate_at_launch = true 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /terraform-manifests/c4-02-vpc-module.tf: -------------------------------------------------------------------------------- 1 | # Create VPC Terraform Module 2 | module "vpc" { 3 | source = "terraform-aws-modules/vpc/aws" 4 | #version = "2.78.0" 5 | version = "3.0.0" 6 | 7 | # VPC Basic Details 8 | name = "${local.name}-${var.vpc_name}" 9 | cidr = var.vpc_cidr_block 10 | azs = var.vpc_availability_zones 11 | public_subnets = var.vpc_public_subnets 12 | private_subnets = var.vpc_private_subnets 13 | 14 | # Database Subnets 15 | database_subnets = var.vpc_database_subnets 16 | create_database_subnet_group = var.vpc_create_database_subnet_group 17 | create_database_subnet_route_table = var.vpc_create_database_subnet_route_table 18 | # create_database_internet_gateway_route = true 19 | # create_database_nat_gateway_route = true 20 | 21 | # NAT Gateways - Outbound Communication 22 | enable_nat_gateway = var.vpc_enable_nat_gateway 23 | single_nat_gateway = var.vpc_single_nat_gateway 24 | 25 | # VPC DNS Parameters 26 | enable_dns_hostnames = true 27 | enable_dns_support = true 28 | 29 | 30 | tags = local.common_tags 31 | vpc_tags = local.common_tags 32 | 33 | # Additional Tags to Subnets 34 | public_subnet_tags = { 35 | Type = "Public Subnets" 36 | } 37 | private_subnet_tags = { 38 | Type = "Private Subnets" 39 | } 40 | database_subnet_tags = { 41 | Type = "Private Database Subnets" 42 | } 43 | } -------------------------------------------------------------------------------- /terraform-manifests/c5-02-securitygroup-outputs.tf: -------------------------------------------------------------------------------- 1 | # AWS EC2 Security Group Terraform Outputs 2 | 3 | # Public Bastion Host Security Group Outputs 4 | ## public_bastion_sg_group_id 5 | output "public_bastion_sg_group_id" { 6 | description = "The ID of the security group" 7 | #value = module.public_bastion_sg.this_security_group_id 8 | value = module.public_bastion_sg.security_group_id 9 | } 10 | 11 | ## public_bastion_sg_group_vpc_id 12 | output "public_bastion_sg_group_vpc_id" { 13 | description = "The VPC ID" 14 | #value = module.public_bastion_sg.this_security_group_vpc_id 15 | value = module.public_bastion_sg.security_group_vpc_id 16 | } 17 | 18 | ## public_bastion_sg_group_name 19 | output "public_bastion_sg_group_name" { 20 | description = "The name of the security group" 21 | #value = module.public_bastion_sg.this_security_group_name 22 | value = module.public_bastion_sg.security_group_name 23 | } 24 | 25 | # Private EC2 Instances Security Group Outputs 26 | ## private_sg_group_id 27 | output "private_sg_group_id" { 28 | description = "The ID of the security group" 29 | #value = module.private_sg.this_security_group_id 30 | value = module.private_sg.security_group_id 31 | } 32 | 33 | ## private_sg_group_vpc_id 34 | output "private_sg_group_vpc_id" { 35 | description = "The VPC ID" 36 | #value = module.private_sg.this_security_group_vpc_id 37 | value = module.private_sg.security_group_vpc_id 38 | } 39 | 40 | ## private_sg_group_name 41 | output "private_sg_group_name" { 42 | description = "The name of the security group" 43 | #value = module.private_sg.this_security_group_name 44 | value = module.private_sg.security_group_name 45 | } 46 | 47 | -------------------------------------------------------------------------------- /terraform-manifests/private-key/terraform-key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEowIBAAKCAQEAnzQtbXStFNU4znotckbPpAbQvymSYBvIRhObDObmhZLzs/Qm 3 | lm57HBU18NcdAeEmKjHyu/2CI4Wwor3TJ+LTKHIldHmCt+26dSN5889Km99Af674 4 | nuPg9fTt8IXhY83aO0AeEnFivC+lk9+6Xezv7J7Llsmyx3kvUGE4uUEPNPuNcjdU 5 | OrSlQ/Th9FPWBsTL8wLQCfQaPIQhZT8fXnvNGViTpZ/YqcoKGmkXcMl/+Pi0Xccs 6 | ID3Egl18sV5uWr6T1DSMqhhwWYbl+IagZYUeKQ6Lg5znAtnX2/OHhDep6pGcf+aE 7 | jbRkhQWgfLIVYhNXkAGxdxBEA2fQO0wvnaKI6wIDAQABAoIBABmUZqApmQ253LDA 8 | TMEJw58VQUEVyuEKVbl8uPLvvqZDoEiPuAt/oOQ4PDyAM7bzmBA7ikbOSrSubF0Z 9 | pu3HsinTfVUjmO84kTb1Bkk4S0KUMmbRlDzjXGfofLqiqD5C+wd+G9bWxQh7l10V 10 | G3qv8TTRpuCJc+I9BG8jz9tkKq9WYtnGKXktVIAmEXK+ein8A5yj+szV1CyP0y6Y 11 | 6D1KApk+o1hLEXCBxaK6JgD4elJWgU0jCIhRFZzae93yozNIfJc2WZfPc8Ro6GBa 12 | 8H57q3E241P7S65VewhZlln9AUcRFYc587ohcCIW8mOWQ8NA3IMP+oVxa2p334Ll 13 | duhR2jECgYEAyf7a1/+/c82B+ENyo53Y5CK2UM28oOJjiyCaWG2Dxj6V2+ZSXPrS 14 | YTo43L9XiqT0Ry2eHjb4pJDsEeW5FnaDFO6NVUP+vfzaqWtozQmVAl3GQybbSh6g 15 | +KJoEQff2Obadp9ZVhLFTiBedvGqPD43hs7jtmk5RfMjpLOvidfe+/UCgYEAycSJ 16 | etYYHMMQm2NgX1/4dcbgOiu33N+x1H7LaXuvJMaZw0wB7fUyu65CAexEanDtiKs3 17 | jVG4tAzdMmHg7VxKR7eiCvQaSlxdWdcWtL2eFVq2TaQeowbpJUtsR0h6W0vpaN9A 18 | VYW/oAH4fzQskwmWSlBMxB/Ie14hBCBckTXSRV8CgYEAql6WXpCK/jVbZfYdfvrn 19 | sKPGeijM7DWGGBaLmAHmnxKyeyKsXVgAkZj11NpeD8ZJcq97Kajb1pGVSxMjJVsX 20 | /FOoST5sYfoew76gSi/GypQlYQYo9z8WLh9s/tBRcTRlFqAYTYzPdbG/ezshhmZD 21 | lyRw0620bNdCPOyBJhY5MPECgYA/3tFOazuSz0UQi3LUfkLetagBghlf+AgJJmIp 22 | 8BdPYvcF1ae+tiHrO4x1o188+qaW3uxk9fusM25KJqXXPaHd9gl7wi4YYAjFCcuM 23 | R4IlbGPNTCjOnr9rKOcL4aup/uvSYOmyqPYyJq2NRuzdVumWeLj0VMNYGkIFVmE3 24 | LnxzrQKBgG5loEjdSKt40YOMXtYvUYUKDGvWgoQEb0hj3OqiBXz+w4YD3/iX7dbQ 25 | qra1gCxE42Z9beiBiti6zi6zGcoVj/pfNUoyxTLMSwaytbF+g1u6ksXcmC9PXcmk 26 | kJDR0DJcm/rcL8tp3PKo22GDB7sobm9gk5je6y8z+dQs3SQbWzb0 27 | -----END RSA PRIVATE KEY----- -------------------------------------------------------------------------------- /terraform-manifests/c13-06-autoscaling-ttsp.tf: -------------------------------------------------------------------------------- 1 | ###### Target Tracking Scaling Policies ###### 2 | # TTS - Scaling Policy-1: Based on CPU Utilization 3 | # Define Autoscaling Policies and Associate them to Autoscaling Group 4 | resource "aws_autoscaling_policy" "avg_cpu_policy_greater_than_xx" { 5 | name = "${local.name}-avg-cpu-policy-greater-than-xx" 6 | policy_type = "TargetTrackingScaling" # Important Note: The policy type, either "SimpleScaling", "StepScaling" or "TargetTrackingScaling". If this value isn't provided, AWS will default to "SimpleScaling." 7 | autoscaling_group_name = aws_autoscaling_group.my_asg.id 8 | estimated_instance_warmup = 180 # defaults to ASG default cooldown 300 seconds if not set 9 | # CPU Utilization is above 50 10 | target_tracking_configuration { 11 | predefined_metric_specification { 12 | predefined_metric_type = "ASGAverageCPUUtilization" 13 | } 14 | target_value = 50.0 15 | } 16 | 17 | } 18 | 19 | # TTS - Scaling Policy-2: Based on ALB Target Requests 20 | resource "aws_autoscaling_policy" "alb_target_requests_greater_than_yy" { 21 | name = "${local.name}-alb-target-requests-greater-than-yy" 22 | policy_type = "TargetTrackingScaling" # Important Note: The policy type, either "SimpleScaling", "StepScaling" or "TargetTrackingScaling". If this value isn't provided, AWS will default to "SimpleScaling." 23 | autoscaling_group_name = aws_autoscaling_group.my_asg.id 24 | estimated_instance_warmup = 120 # defaults to ASG default cooldown 300 seconds if not set 25 | # Number of requests > 10 completed per target in an Application Load Balancer target group. 26 | target_tracking_configuration { 27 | predefined_metric_specification { 28 | predefined_metric_type = "ALBRequestCountPerTarget" 29 | resource_label = "${module.alb.lb_arn_suffix}/${module.alb.target_group_arn_suffixes[0]}" 30 | } 31 | target_value = 10.0 32 | } 33 | } -------------------------------------------------------------------------------- /terraform-manifests/c4-01-vpc-variables.tf: -------------------------------------------------------------------------------- 1 | # VPC Input Variables 2 | 3 | # VPC Name 4 | variable "vpc_name" { 5 | description = "VPC Name" 6 | type = string 7 | default = "myvpc" 8 | } 9 | 10 | # VPC CIDR Block 11 | variable "vpc_cidr_block" { 12 | description = "VPC CIDR Block" 13 | type = string 14 | default = "10.0.0.0/16" 15 | } 16 | 17 | # VPC Availability Zones 18 | variable "vpc_availability_zones" { 19 | description = "VPC Availability Zones" 20 | type = list(string) 21 | default = ["us-east-1a", "us-east-1b"] 22 | } 23 | 24 | # VPC Public Subnets 25 | variable "vpc_public_subnets" { 26 | description = "VPC Public Subnets" 27 | type = list(string) 28 | default = ["10.0.101.0/24", "10.0.102.0/24"] 29 | } 30 | 31 | # VPC Private Subnets 32 | variable "vpc_private_subnets" { 33 | description = "VPC Private Subnets" 34 | type = list(string) 35 | default = ["10.0.1.0/24", "10.0.2.0/24"] 36 | } 37 | 38 | # VPC Database Subnets 39 | variable "vpc_database_subnets" { 40 | description = "VPC Database Subnets" 41 | type = list(string) 42 | default = ["10.0.151.0/24", "10.0.152.0/24"] 43 | } 44 | 45 | # VPC Create Database Subnet Group (True / False) 46 | variable "vpc_create_database_subnet_group" { 47 | description = "VPC Create Database Subnet Group" 48 | type = bool 49 | default = true 50 | } 51 | 52 | # VPC Create Database Subnet Route Table (True or False) 53 | variable "vpc_create_database_subnet_route_table" { 54 | description = "VPC Create Database Subnet Route Table" 55 | type = bool 56 | default = true 57 | } 58 | 59 | 60 | # VPC Enable NAT Gateway (True or False) 61 | variable "vpc_enable_nat_gateway" { 62 | description = "Enable NAT Gateways for Private Subnets Outbound Communication" 63 | type = bool 64 | default = true 65 | } 66 | 67 | # VPC Single NAT Gateway (True or False) 68 | variable "vpc_single_nat_gateway" { 69 | description = "Enable only single NAT Gateway in one Availability Zone to save costs during our demos" 70 | type = bool 71 | default = true 72 | } 73 | 74 | 75 | 76 | 77 | 78 | -------------------------------------------------------------------------------- /terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf: -------------------------------------------------------------------------------- 1 | # Terraform AWS Application Load Balancer (ALB) Outputs 2 | output "lb_id" { 3 | description = "The ID and ARN of the load balancer we created." 4 | value = module.alb.lb_id 5 | } 6 | 7 | output "lb_arn" { 8 | description = "The ID and ARN of the load balancer we created." 9 | value = module.alb.lb_arn 10 | } 11 | 12 | output "lb_dns_name" { 13 | description = "The DNS name of the load balancer." 14 | value = module.alb.lb_dns_name 15 | } 16 | 17 | output "lb_arn_suffix" { 18 | description = "ARN suffix of our load balancer - can be used with CloudWatch." 19 | value = module.alb.lb_arn_suffix 20 | } 21 | 22 | output "lb_zone_id" { 23 | description = "The zone_id of the load balancer to assist with creating DNS records." 24 | value = module.alb.lb_zone_id 25 | } 26 | 27 | output "http_tcp_listener_arns" { 28 | description = "The ARN of the TCP and HTTP load balancer listeners created." 29 | value = module.alb.http_tcp_listener_arns 30 | } 31 | 32 | output "http_tcp_listener_ids" { 33 | description = "The IDs of the TCP and HTTP load balancer listeners created." 34 | value = module.alb.http_tcp_listener_ids 35 | } 36 | 37 | output "https_listener_arns" { 38 | description = "The ARNs of the HTTPS load balancer listeners created." 39 | value = module.alb.https_listener_arns 40 | } 41 | 42 | output "https_listener_ids" { 43 | description = "The IDs of the load balancer listeners created." 44 | value = module.alb.https_listener_ids 45 | } 46 | 47 | output "target_group_arns" { 48 | description = "ARNs of the target groups. Useful for passing to your Auto Scaling group." 49 | value = module.alb.target_group_arns 50 | } 51 | 52 | output "target_group_arn_suffixes" { 53 | description = "ARN suffixes of our target groups - can be used with CloudWatch." 54 | value = module.alb.target_group_arn_suffixes 55 | } 56 | 57 | output "target_group_names" { 58 | description = "Name of the target group. Useful for passing to your CodeDeploy Deployment Group." 59 | value = module.alb.target_group_names 60 | } 61 | 62 | output "target_group_attachments" { 63 | description = "ARNs of the target group attachment IDs." 64 | value = module.alb.target_group_attachments 65 | } 66 | -------------------------------------------------------------------------------- /terraform-manifests/c10-02-ALB-application-loadbalancer.tf: -------------------------------------------------------------------------------- 1 | # Terraform AWS Application Load Balancer (ALB) 2 | module "alb" { 3 | source = "terraform-aws-modules/alb/aws" 4 | #version = "5.16.0" 5 | version = "6.0.0" 6 | 7 | name = "${local.name}-alb" 8 | load_balancer_type = "application" 9 | vpc_id = module.vpc.vpc_id 10 | /*Option-1: Give as list with specific subnets or in next line, pass all public subnets 11 | subnets = [ 12 | module.vpc.public_subnets[0], 13 | module.vpc.public_subnets[1] 14 | ]*/ 15 | subnets = module.vpc.public_subnets 16 | #security_groups = [module.loadbalancer_sg.this_security_group_id] 17 | security_groups = [module.loadbalancer_sg.security_group_id] 18 | # Listeners 19 | # HTTP Listener - HTTP to HTTPS Redirect 20 | http_tcp_listeners = [ 21 | { 22 | port = 80 23 | protocol = "HTTP" 24 | action_type = "redirect" 25 | redirect = { 26 | port = "443" 27 | protocol = "HTTPS" 28 | status_code = "HTTP_301" 29 | } 30 | } 31 | ] 32 | # Target Groups 33 | target_groups = [ 34 | # App1 Target Group - TG Index = 0 35 | { 36 | name_prefix = "app1-" 37 | backend_protocol = "HTTP" 38 | backend_port = 80 39 | target_type = "instance" 40 | deregistration_delay = 10 41 | health_check = { 42 | enabled = true 43 | interval = 30 44 | path = "/app1/index.html" 45 | port = "traffic-port" 46 | healthy_threshold = 3 47 | unhealthy_threshold = 3 48 | timeout = 6 49 | protocol = "HTTP" 50 | matcher = "200-399" 51 | } 52 | protocol_version = "HTTP1" 53 | /* # App1 Target Group - Targets 54 | targets = { 55 | my_app1_vm1 = { 56 | target_id = module.ec2_private_app1.id[0] 57 | port = 80 58 | }, 59 | my_app1_vm2 = { 60 | target_id = module.ec2_private_app1.id[1] 61 | port = 80 62 | } 63 | } 64 | tags =local.common_tags # Target Group Tags*/ 65 | }, 66 | ] 67 | 68 | # HTTPS Listener 69 | https_listeners = [ 70 | # HTTPS Listener Index = 0 for HTTPS 443 71 | { 72 | port = 443 73 | protocol = "HTTPS" 74 | #certificate_arn = module.acm.this_acm_certificate_arn 75 | certificate_arn = module.acm.acm_certificate_arn 76 | action_type = "fixed-response" 77 | fixed_response = { 78 | content_type = "text/plain" 79 | message_body = "Fixed Static message - for Root Context" 80 | status_code = "200" 81 | } 82 | }, 83 | ] 84 | 85 | # HTTPS Listener Rules 86 | https_listener_rules = [ 87 | # Rule-1: /app1* should go to App1 EC2 Instances 88 | { 89 | https_listener_index = 0 90 | priority = 1 91 | actions = [ 92 | { 93 | type = "forward" 94 | target_group_index = 0 95 | } 96 | ] 97 | conditions = [{ 98 | path_patterns = ["/*"] 99 | }] 100 | }, 101 | ] 102 | tags = local.common_tags # ALB Tags 103 | } 104 | 105 | 106 | 107 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | --------------------------------------------------------------------------------