Skip to content

Instantly share code, notes, and snippets.

@alevz257

alevz257/Terraform-BasicLab.tf

Created September 5, 2019 09:58
Show Gist options
  • Save alevz257/e6f79e0592a6dee31cf6cb067e93b0dd to your computer and use it in GitHub Desktop.
Save alevz257/e6f79e0592a6dee31cf6cb067e93b0dd to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Terraform-BasicLab.tf
//create AWS provider
provider "aws" {
//aws profile defined in aws cli
profile = "amplifyAdmin-1"
//aws region selection
region = "ap-southeast-1"
}
//create s3 tfstate location cl
terraform {
backend "s3"{
bucket = [Your Bucket]
region = "ap-southeast-1"
key = [Location of Your Key]
dynamodb_table = "terraform_state_lock"
}
}
//create VPC
resource "aws_vpc" "workshopvpc" {
cidr_block = "20.0.0.0/16"
instance_tenancy = "default"
enable_dns_hostnames = "true"
tags = {
Name = "workshop-vpc"
}
}
//create Internet Gateway
resource "aws_internet_gateway" "igwWorkshop" {
vpc_id = "${aws_vpc.workshopvpc.id}"
tags = {
Name = "igwWorkshop"
}
}
//create public Subnet
resource "aws_subnet" "workshopPublicSubnet" {
vpc_id = "${aws_vpc.workshopvpc.id}"
cidr_block = "20.0.1.0/24"
map_public_ip_on_launch = "true"
availability_zone = "ap-southeast-1a"
tags = {
Name = "workshopPublicSubnet"
}
}
//create public Subnet for RDS
resource "aws_subnet" "workshopPrivateSubnet" {
vpc_id = "${aws_vpc.workshopvpc.id}"
cidr_block = "20.0.2.0/24"
map_public_ip_on_launch = "true"
availability_zone = "ap-southeast-1a"
tags = {
Name = "workshopPrivateSubnet"
}
}
//create elasticIP
resource "aws_eip" "workshopEIP" {
vpc = true
}
//create Nat Gateway
resource "aws_nat_gateway" "workshopGW" {
allocation_id = "${aws_eip.workshopEIP.id}"
subnet_id = "${aws_subnet.workshopPublicSubnet.id}"
}
//create Route Table with allocation to Internet Gateway
resource "aws_route_table" "routeTableWorkshop" {
vpc_id = "${aws_vpc.workshopvpc.id}"
route {
cidr_block = "0.0.0.0/0"
gateway_id = "${aws_internet_gateway.igwWorkshop.id}"
}
tags = {
Name = "routeTableWorkshop"
}
}
resource "aws_route_table" "routeTableWorkshopPrivate" {
vpc_id = "${aws_vpc.workshopvpc.id}"
route {
cidr_block = "0.0.0.0/0"
gateway_id = "${aws_nat_gateway.workshopGW.id}"
}
tags = {
Name = "routeTableWorkshop"
}
}
//create association RouteTable to Subnet
resource "aws_route_table_association" "aRouteTableSubnet" {
subnet_id = "${aws_subnet.workshopPublicSubnet.id}"
route_table_id = "${aws_route_table.routeTableWorkshop.id}"
}
resource "aws_route_table_association" "aRouteTableSubnet2" {
subnet_id = "${aws_subnet.workshopPrivateSubnet.id}"
route_table_id = "${aws_route_table.routeTableWorkshopPrivate.id}"
}
//create Security Group Web + SSH
resource "aws_security_group" "secGroupWorkshopWebSSH" {
name = "secGroupWorkshopWebSSH"
description = "Allow TLS inbound traffic"
vpc_id = "${aws_vpc.workshopvpc.id}"
ingress {
# TLS (change to whatever ports you need)
from_port = 80
to_port = 80
protocol = "tcp"
# Please restrict your ingress to only necessary IPs and ports.
# Opening to 0.0.0.0/0 can lead to security vulnerabilities.
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
# TLS (change to whatever ports you need)
from_port = 443
to_port = 443
protocol = "tcp"
# Please restrict your ingress to only necessary IPs and ports.
# Opening to 0.0.0.0/0 can lead to security vulnerabilities.
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
# TLS (change to whatever ports you need)
from_port = 22
to_port = 22
protocol = "tcp"
# Please restrict your ingress to only necessary IPs and ports.
# Opening to 0.0.0.0/0 can lead to security vulnerabilities.
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "secGroupWorkshopWebSSH"
}
}
//create security group access MYSQL
resource "aws_security_group" "secGroupWorkshopMYSQL" {
name = "secGroupWorkshopMYSQL"
description = "Allow TLS inbound traffic"
vpc_id = "${aws_vpc.workshopvpc.id}"
ingress {
# TLS (change to whatever ports you need)
from_port = 3306
to_port = 3306
protocol = "tcp"
# Please restrict your ingress to only necessary IPs and ports.
# Opening to 0.0.0.0/0 can lead to security vulnerabilities.
security_groups = ["${aws_security_group.secGroupWorkshopWebSSH.id}"]
}
ingress {
# TLS (change to whatever ports you need)
from_port = 22
to_port = 22
protocol = "tcp"
# Please restrict your ingress to only necessary IPs and ports.
# Opening to 0.0.0.0/0 can lead to security vulnerabilities.
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "secGroupWorkshopMYSQL"
}
}
//create EC2 Apps
resource "aws_instance" "ec2WorkshopWebApp" {
//aws AMI selection -- Amazon Linux 2
ami = "ami-0602ae7e6b9191aea"
//aws EC2 instance type, t2.micro for free tier
instance_type = "t2.micro"
key_name = "workshop"
subnet_id = "${aws_subnet.workshopPublicSubnet.id}"
vpc_security_group_ids = ["${aws_security_group.secGroupWorkshopWebSSH.id}"]
tags = {
Name = "ec2WorkshopWebApp"
}
}
resource "aws_instance" "ec2WorkshopWebApp2" {
//aws AMI selection -- Ubuntu 18.04 LTS
ami = "ami-03b6f27628a4569c8"
//aws EC2 instance type, t2.micro for free tier
instance_type = "t2.micro"
key_name = "workshop"
subnet_id = "${aws_subnet.workshopPrivateSubnet.id}"
vpc_security_group_ids = ["${aws_security_group.secGroupWorkshopWebSSH.id}"]
tags = {
Name = "ec2WorkshopWebApp2"
}
}
output "ip" {
value = "${aws_instance.ec2WorkshopWebApp.public_ip}"
}
output "ip2" {
value = "${aws_instance.ec2WorkshopWebApp2.public_ip}"
}
# output "ipDB"{
# value = "${aws_db_instance.rdsWorkshop.address}"
# }
# output "ipDBReplica"{
# value = "${aws_db_instance.rdsWorkshopReplica.address}"
# }
output "dns"{
value = "${aws_instance.ec2WorkshopWebApp.public_dns}"
}
output "dns2"{
value = "${aws_instance.ec2WorkshopWebApp2.public_dns}"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment