Skip to content

Instantly share code, notes, and snippets.

@alevz257

alevz257/terraform.tf

Last active August 16, 2019 12:17
Show Gist options
  • Save alevz257/60f3bde3d50fd18e610c0cd379a5e1e3 to your computer and use it in GitHub Desktop.
Save alevz257/60f3bde3d50fd18e610c0cd379a5e1e3 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
terraform.tf
//create AWS provider
provider "aws" {
//aws profile defined in aws cli
profile = "amplifyAdmin-1"
//aws region selection
region = "ap-southeast-1"
}
//create VPC
resource "aws_vpc" "workshopvpc" {
cidr_block = "20.0.0.0/16"
instance_tenancy = "default"
enable_dns_hostnames = "true"
tags = {
Name = "workshop-vpc"
}
}
//create Internet Gateway
resource "aws_internet_gateway" "igwWorkshop" {
vpc_id = "${aws_vpc.workshopvpc.id}"
tags = {
Name = "igwWorkshop"
}
}
//create public Subnet
resource "aws_subnet" "workshopPublicSubnet" {
vpc_id = "${aws_vpc.workshopvpc.id}"
cidr_block = "20.0.1.0/24"
map_public_ip_on_launch = "true"
availability_zone = "ap-southeast-1a"
tags = {
Name = "workshopPublicSubnet"
}
}
//create public Subnet for RDS
resource "aws_subnet" "workshopPublicSubnet2" {
vpc_id = "${aws_vpc.workshopvpc.id}"
cidr_block = "20.0.2.0/24"
map_public_ip_on_launch = "true"
availability_zone = "ap-southeast-1b"
tags = {
Name = "workshopPublicSubnet"
}
}
//create Route Table with allocation to Internet Gateway
resource "aws_route_table" "routeTableWorkshop" {
vpc_id = "${aws_vpc.workshopvpc.id}"
route {
cidr_block = "0.0.0.0/0"
gateway_id = "${aws_internet_gateway.igwWorkshop.id}"
}
tags = {
Name = "routeTableWorkshop"
}
}
//create association RouteTable to Subnet
resource "aws_route_table_association" "aRouteTableSubnet" {
subnet_id = "${aws_subnet.workshopPublicSubnet.id}"
route_table_id = "${aws_route_table.routeTableWorkshop.id}"
}
//create Security Group Web + SSH
resource "aws_security_group" "secGroupWorkshopWebSSH" {
name = "secGroupWorkshopWebSSH"
description = "Allow TLS inbound traffic"
vpc_id = "${aws_vpc.workshopvpc.id}"
ingress {
# TLS (change to whatever ports you need)
from_port = 80
to_port = 80
protocol = "tcp"
# Please restrict your ingress to only necessary IPs and ports.
# Opening to 0.0.0.0/0 can lead to security vulnerabilities.
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
# TLS (change to whatever ports you need)
from_port = 443
to_port = 443
protocol = "tcp"
# Please restrict your ingress to only necessary IPs and ports.
# Opening to 0.0.0.0/0 can lead to security vulnerabilities.
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
# TLS (change to whatever ports you need)
from_port = 22
to_port = 22
protocol = "tcp"
# Please restrict your ingress to only necessary IPs and ports.
# Opening to 0.0.0.0/0 can lead to security vulnerabilities.
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "secGroupWorkshopWebSSH"
}
}
//create security group access MYSQL
resource "aws_security_group" "secGroupWorkshopMYSQL" {
name = "secGroupWorkshopMYSQL"
description = "Allow TLS inbound traffic"
vpc_id = "${aws_vpc.workshopvpc.id}"
ingress {
# TLS (change to whatever ports you need)
from_port = 3306
to_port = 3306
protocol = "tcp"
# Please restrict your ingress to only necessary IPs and ports.
# Opening to 0.0.0.0/0 can lead to security vulnerabilities.
security_groups = ["${aws_security_group.secGroupWorkshopWebSSH.id}"]
}
ingress {
# TLS (change to whatever ports you need)
from_port = 22
to_port = 22
protocol = "tcp"
# Please restrict your ingress to only necessary IPs and ports.
# Opening to 0.0.0.0/0 can lead to security vulnerabilities.
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "secGroupWorkshopMYSQL"
}
}
/*resource "aws_iam_role" "roleWorkshop" {
name = "roleWorkshop"
//path = "/"
assume_role_policy = <<-EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "ssm:*",
"Resource": "arn:aws:ssm:*:*:parameter/inventory-app/*",
"Effect": "Allow"
}
]
}
EOF
}*/
resource "aws_iam_instance_profile" "instanceProfileWorkshop" {
name = "instanceProfileWorkshop"
role = "Inventory-App-Role"
}
//create EC2-ec2WorkshopWebApp user data local variable
variable "userdataEC2" {
type = "string"
default = <<-EOF
#!/bin/bash
yum install -y httpd mysql
amazon-linux-extras install -y php7.2
wget https://us-west-2-tcprod.s3.amazonaws.com/courses/ILT-TF-100-ARCHIT/v6.4.1/lab-2-webapp/scripts/inventory-app.zip
unzip inventory-app.zip -d /var/www/html/
wget https://github.com/aws/aws-sdk-php/releases/download/3.62.3/aws.zip
unzip aws -d /var/www/html
chkconfig httpd on
service httpd start
EOF
}
//create EC2 Apps
resource "aws_instance" "ec2WorkshopWebApp" {
//aws AMI selection -- Amazon Linux 2
ami = "ami-0602ae7e6b9191aea"
//aws EC2 instance type, t2.micro for free tier
instance_type = "t2.micro"
key_name = "testkeypair"
subnet_id = "${aws_subnet.workshopPublicSubnet.id}"
vpc_security_group_ids = ["${aws_security_group.secGroupWorkshopWebSSH.id}"]
//user_data_base64 = "${base64encode(var.userdataEC2)}"
user_data = "${var.userdataEC2}"
iam_instance_profile = "${aws_iam_instance_profile.instanceProfileWorkshop.name}"
tags = {
Name = "ec2WorkshopWebApp"
}
}
resource "aws_instance" "ec2WorkshopWebApp2" {
//aws AMI selection -- Amazon Linux 2
ami = "ami-0602ae7e6b9191aea"
//aws EC2 instance type, t2.micro for free tier
instance_type = "t2.micro"
key_name = "testkeypair"
subnet_id = "${aws_subnet.workshopPublicSubnet.id}"
vpc_security_group_ids = ["${aws_security_group.secGroupWorkshopWebSSH.id}"]
//user_data_base64 = "${base64encode(var.userdataEC2)}"
user_data = "${var.userdataEC2}"
iam_instance_profile = "${aws_iam_instance_profile.instanceProfileWorkshop.name}"
tags = {
Name = "ec2WorkshopWebApp2"
}
}
// create DB Subnet Group -- Subnet1+Subnet2
resource "aws_db_subnet_group" "dbSubnetGroupWorkshop" {
name = "dbsubnetgroupworkshop"
subnet_ids = ["${aws_subnet.workshopPublicSubnet.id}","${aws_subnet.workshopPublicSubnet2.id}"]
tags = {
Name = "dbSubnetGroupWorkshop"
}
}
resource "aws_db_instance" "rdsWorkshop" {
allocated_storage = 20
storage_type = "gp2"
engine = "mysql"
engine_version = "5.7"
instance_class = "db.t2.micro"
name = "rdsWorkshop"
username = "alevz"
password = "Passw0rdDB"
vpc_security_group_ids = ["${aws_security_group.secGroupWorkshopMYSQL.id}"]
db_subnet_group_name = "${aws_db_subnet_group.dbSubnetGroupWorkshop.tags.Name}"
parameter_group_name = "default.mysql5.7"
//snapshot_identifier = "some-snap"
skip_final_snapshot = true
publicly_accessible = true
}
output "ip" {
value = "${aws_instance.ec2WorkshopWebApp.public_ip}"
}
output "ip2" {
value = "${aws_instance.ec2WorkshopWebApp2.public_ip}"
}
output "ipDB"{
value = "${aws_db_instance.rdsWorkshop.address}"
}
output "dns"{
value = "${aws_instance.ec2WorkshopWebApp.public_dns}"
}
output "dns2"{
value = "${aws_instance.ec2WorkshopWebApp2.public_dns}"
}
output "userData"{
value = "${var.userdataEC2}"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment