Created
September 5, 2019 09:58
-
-
Save alevz257/e6f79e0592a6dee31cf6cb067e93b0dd to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
//create AWS provider | |
provider "aws" { | |
//aws profile defined in aws cli | |
profile = "amplifyAdmin-1" | |
//aws region selection | |
region = "ap-southeast-1" | |
} | |
//create s3 tfstate location cl | |
terraform { | |
backend "s3"{ | |
bucket = [Your Bucket] | |
region = "ap-southeast-1" | |
key = [Location of Your Key] | |
dynamodb_table = "terraform_state_lock" | |
} | |
} | |
//create VPC | |
resource "aws_vpc" "workshopvpc" { | |
cidr_block = "20.0.0.0/16" | |
instance_tenancy = "default" | |
enable_dns_hostnames = "true" | |
tags = { | |
Name = "workshop-vpc" | |
} | |
} | |
//create Internet Gateway | |
resource "aws_internet_gateway" "igwWorkshop" { | |
vpc_id = "${aws_vpc.workshopvpc.id}" | |
tags = { | |
Name = "igwWorkshop" | |
} | |
} | |
//create public Subnet | |
resource "aws_subnet" "workshopPublicSubnet" { | |
vpc_id = "${aws_vpc.workshopvpc.id}" | |
cidr_block = "20.0.1.0/24" | |
map_public_ip_on_launch = "true" | |
availability_zone = "ap-southeast-1a" | |
tags = { | |
Name = "workshopPublicSubnet" | |
} | |
} | |
//create public Subnet for RDS | |
resource "aws_subnet" "workshopPrivateSubnet" { | |
vpc_id = "${aws_vpc.workshopvpc.id}" | |
cidr_block = "20.0.2.0/24" | |
map_public_ip_on_launch = "true" | |
availability_zone = "ap-southeast-1a" | |
tags = { | |
Name = "workshopPrivateSubnet" | |
} | |
} | |
//create elasticIP | |
resource "aws_eip" "workshopEIP" { | |
vpc = true | |
} | |
//create Nat Gateway | |
resource "aws_nat_gateway" "workshopGW" { | |
allocation_id = "${aws_eip.workshopEIP.id}" | |
subnet_id = "${aws_subnet.workshopPublicSubnet.id}" | |
} | |
//create Route Table with allocation to Internet Gateway | |
resource "aws_route_table" "routeTableWorkshop" { | |
vpc_id = "${aws_vpc.workshopvpc.id}" | |
route { | |
cidr_block = "0.0.0.0/0" | |
gateway_id = "${aws_internet_gateway.igwWorkshop.id}" | |
} | |
tags = { | |
Name = "routeTableWorkshop" | |
} | |
} | |
resource "aws_route_table" "routeTableWorkshopPrivate" { | |
vpc_id = "${aws_vpc.workshopvpc.id}" | |
route { | |
cidr_block = "0.0.0.0/0" | |
gateway_id = "${aws_nat_gateway.workshopGW.id}" | |
} | |
tags = { | |
Name = "routeTableWorkshop" | |
} | |
} | |
//create association RouteTable to Subnet | |
resource "aws_route_table_association" "aRouteTableSubnet" { | |
subnet_id = "${aws_subnet.workshopPublicSubnet.id}" | |
route_table_id = "${aws_route_table.routeTableWorkshop.id}" | |
} | |
resource "aws_route_table_association" "aRouteTableSubnet2" { | |
subnet_id = "${aws_subnet.workshopPrivateSubnet.id}" | |
route_table_id = "${aws_route_table.routeTableWorkshopPrivate.id}" | |
} | |
//create Security Group Web + SSH | |
resource "aws_security_group" "secGroupWorkshopWebSSH" { | |
name = "secGroupWorkshopWebSSH" | |
description = "Allow TLS inbound traffic" | |
vpc_id = "${aws_vpc.workshopvpc.id}" | |
ingress { | |
# TLS (change to whatever ports you need) | |
from_port = 80 | |
to_port = 80 | |
protocol = "tcp" | |
# Please restrict your ingress to only necessary IPs and ports. | |
# Opening to 0.0.0.0/0 can lead to security vulnerabilities. | |
cidr_blocks = ["0.0.0.0/0"] | |
} | |
ingress { | |
# TLS (change to whatever ports you need) | |
from_port = 443 | |
to_port = 443 | |
protocol = "tcp" | |
# Please restrict your ingress to only necessary IPs and ports. | |
# Opening to 0.0.0.0/0 can lead to security vulnerabilities. | |
cidr_blocks = ["0.0.0.0/0"] | |
} | |
ingress { | |
# TLS (change to whatever ports you need) | |
from_port = 22 | |
to_port = 22 | |
protocol = "tcp" | |
# Please restrict your ingress to only necessary IPs and ports. | |
# Opening to 0.0.0.0/0 can lead to security vulnerabilities. | |
cidr_blocks = ["0.0.0.0/0"] | |
} | |
egress { | |
from_port = 0 | |
to_port = 0 | |
protocol = "-1" | |
cidr_blocks = ["0.0.0.0/0"] | |
} | |
tags = { | |
Name = "secGroupWorkshopWebSSH" | |
} | |
} | |
//create security group access MYSQL | |
resource "aws_security_group" "secGroupWorkshopMYSQL" { | |
name = "secGroupWorkshopMYSQL" | |
description = "Allow TLS inbound traffic" | |
vpc_id = "${aws_vpc.workshopvpc.id}" | |
ingress { | |
# TLS (change to whatever ports you need) | |
from_port = 3306 | |
to_port = 3306 | |
protocol = "tcp" | |
# Please restrict your ingress to only necessary IPs and ports. | |
# Opening to 0.0.0.0/0 can lead to security vulnerabilities. | |
security_groups = ["${aws_security_group.secGroupWorkshopWebSSH.id}"] | |
} | |
ingress { | |
# TLS (change to whatever ports you need) | |
from_port = 22 | |
to_port = 22 | |
protocol = "tcp" | |
# Please restrict your ingress to only necessary IPs and ports. | |
# Opening to 0.0.0.0/0 can lead to security vulnerabilities. | |
cidr_blocks = ["0.0.0.0/0"] | |
} | |
egress { | |
from_port = 0 | |
to_port = 0 | |
protocol = "-1" | |
cidr_blocks = ["0.0.0.0/0"] | |
} | |
tags = { | |
Name = "secGroupWorkshopMYSQL" | |
} | |
} | |
//create EC2 Apps | |
resource "aws_instance" "ec2WorkshopWebApp" { | |
//aws AMI selection -- Amazon Linux 2 | |
ami = "ami-0602ae7e6b9191aea" | |
//aws EC2 instance type, t2.micro for free tier | |
instance_type = "t2.micro" | |
key_name = "workshop" | |
subnet_id = "${aws_subnet.workshopPublicSubnet.id}" | |
vpc_security_group_ids = ["${aws_security_group.secGroupWorkshopWebSSH.id}"] | |
tags = { | |
Name = "ec2WorkshopWebApp" | |
} | |
} | |
resource "aws_instance" "ec2WorkshopWebApp2" { | |
//aws AMI selection -- Ubuntu 18.04 LTS | |
ami = "ami-03b6f27628a4569c8" | |
//aws EC2 instance type, t2.micro for free tier | |
instance_type = "t2.micro" | |
key_name = "workshop" | |
subnet_id = "${aws_subnet.workshopPrivateSubnet.id}" | |
vpc_security_group_ids = ["${aws_security_group.secGroupWorkshopWebSSH.id}"] | |
tags = { | |
Name = "ec2WorkshopWebApp2" | |
} | |
} | |
output "ip" { | |
value = "${aws_instance.ec2WorkshopWebApp.public_ip}" | |
} | |
output "ip2" { | |
value = "${aws_instance.ec2WorkshopWebApp2.public_ip}" | |
} | |
# output "ipDB"{ | |
# value = "${aws_db_instance.rdsWorkshop.address}" | |
# } | |
# output "ipDBReplica"{ | |
# value = "${aws_db_instance.rdsWorkshopReplica.address}" | |
# } | |
output "dns"{ | |
value = "${aws_instance.ec2WorkshopWebApp.public_dns}" | |
} | |
output "dns2"{ | |
value = "${aws_instance.ec2WorkshopWebApp2.public_dns}" | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment