-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.tf
169 lines (133 loc) · 3.89 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
# Provide the name of the provider
provider "aws {
region = "us-east-1"
access_key = ""
secret_key = ""
}
# 1 Create a VPC
resource "aws_vpc" "prod-vpc" {
cidr_block = "10.0.0.0/16"
tags {
"Name" = "production-vpc"
}
}
# 2 Create a Internet Gateway
resource "aws_internet_gateway" "gw" {
vpc_id = aws_vpc.prod-vpc.id
}
# 3 Create a route Table
resource "aws_route_table" "prod-route-table" {
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.gw.id
}
}
# 4 Aws Subnet add a custom subnet here
resource "aws_subnet" "subnet-1" {
vpc_id = aws_vpc.prod-vpc.id
cidr_block = "10.0.1.0/24"
availability_zone = "us-east-1a"
tags {
Name = "prod_subnet"
}
}
# 5. Associate a subnet with a Route Table
resource "aws_main_route_table_association" "a" {
subnet_id = aws_vpc.subnet-1.id
route_table_id = aws_route_table.prod-route-table.id
}
# 6. Create a Security Group to allow port 22 , 80, 443
resource "aws_security_group" "allow_web" {
name = "allow_web"
description = "Allow inbound traffic on ports 22, 80, 443"
vpc_id = aws_vpc.prod-vpc.id
ingress {
description = "SSH"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "HTTP"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "HTTPS"
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress { // Allow Egress to everywhere
from_port = 0
to_port = 0
protocol = "-1" // Any protocol
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "allow_web"
}
}
# 7. Create a network interface with an ip address in the subnet that was
# created om step in the previous step and also in the same security group
resource "aws_network_interface" "prod-nic" {
subnet_id = aws_subnet.prod-subnet.id
private_ips = ["10.0.1.50"]
security_groups = [aws_security_group.allow_web.id]
tags = {
Name = "prod-nic"
}
}
# 8. Add an elastic IP here
resource "aws_eip" "one" {
vpc = true // To use with instances in this VPC
network_interface = aws_network_interface.prod-nic.id
associate_with_private_ip = "10.0.1.50"
depends_on = [aws_internet_gateway.gw]
}
# 9. Aws AMI add a AWS Instance
resource "aws_instance" "web-server-instance" {
ami = "ID_of_the_AMI_Instance"
availability_zone = "us-east-1a" // Hard Code the Availability zone same as machine
instance_type = "t2.micro"
key_name = "main-key"
network_interface {
device_index = 0
network_interface_id = aws_network_interface.prod-nic
}
// Install User Code here
user_data = <<-EOF
#!/bin/bash
supot apt update -y
sudo apt install apache2 -y
sudo bash -c 'echo 'Hello' >> /var/www/html/index.html'
EOF
tags {
Name : "Web Server"
}
}
# 10. Sample Output
output "server_private_ip" {
value = aws_instance.web-server-instance.private_ip
}
# Variable
variable "sample_variable" {
type = any
description = "A sample variable"
default = "sample value"
}
# During apply use the --var sample_variable = name to the name the varibale you assign
# Otherwise if using a file use the name -var-file [File_Name] of the file
# Define a terraform remote backend
terraform {
backend "s3" {
bucket = "your-terraform-state-bucket"
key = "/path/to/your/terraform.state"
region = "us-west-2"
encrypt = true
}
}