Skip to content

Instantly share code, notes, and snippets.

@chanakaDe
Created August 27, 2019 12:06
Show Gist options
  • Save chanakaDe/ba35a58b5992a7c1731596611aaede0c to your computer and use it in GitHub Desktop.
Save chanakaDe/ba35a58b5992a7c1731596611aaede0c to your computer and use it in GitHub Desktop.
variable "access_key" {
default = "AKIAT7VMYUEWRXYDXPW2"
}
variable "secret_key" {
default = "7ptTS68o9wOW0g/bzn2Fsj0t5s3jNaYza6Zok29W"
}
variable "region" {
default = "us-east-2"
}
variable "vpc_cidr" {
default = "10.0.0.0/16"
}
variable "subnet_one_cidr" {
default = "10.0.1.0/24"
}
variable "subnet_two_cidr" {
default = ["10.0.2.0/24","10.0.3.0/24"]
}
variable "route_table_cidr" {
default = "0.0.0.0/0"
}
variable "web_ports" {
default = ["22","80", "443", "3306"]
}
variable "db_ports" {
default = ["22", "3306"]
}
variable "images" {
type = "map"
default = {
"us-east-1" = "ami-0937dcc711d38ef3f"
"us-east-2" = "ami-04328208f4f0cf1fe"
"us-west-1" = "ami-0799ad445b5727125"
"us-west-2" = "ami-032509850cf9ee54e"
"ap-south-1" = "ami-0937dcc711d38ef3f"
"ap-northeast-2" = "ami-018a9a930060d38aa"
"ap-southeast-1" = "ami-04677bdaa3c2b6e24"
"ap-southeast-2" = "ami-0c9d48b5db609ad6e"
"ap-northeast-1" = "ami-0d7ed3ddb85b521a6"
"ca-central-1" = "ami-0de8b8e4bc1f125fe"
"eu-central-1" = "ami-0eaec5838478eb0ba"
"eu-west-1" = "ami-0fad7378adf284ce0"
"eu-west-2" = "ami-0664a710233d7c148"
"eu-west-3" = "ami-0854d53ce963f69d8"
"eu-north-1" = "ami-6d27a913"
}
}
#aws provider
provider "aws" {
access_key = "${var.access_key}"
secret_key = "${var.secret_key}"
region = "${var.region}"
}
#get AZ's details
data "aws_availability_zones" "availability_zones" {}
#create VPC
resource "aws_vpc" "myvpc" {
cidr_block = "${var.vpc_cidr}"
enable_dns_hostnames = true
tags {
Name = "myvpc"
}
}
#create public subnet
resource "aws_subnet" "myvpc_public_subnet" {
vpc_id = "${aws_vpc.myvpc.id}"
cidr_block = "${var.subnet_one_cidr}"
availability_zone = "${data.aws_availability_zones.availability_zones.names[0]}"
map_public_ip_on_launch = true
tags {
Name = "myvpc_public_subnet"
}
}
#create private subnet one
resource "aws_subnet" "myvpc_private_subnet_one" {
vpc_id = "${aws_vpc.myvpc.id}"
cidr_block = "${element(var.subnet_two_cidr, 0)}"
availability_zone = "${data.aws_availability_zones.availability_zones.names[0]}"
tags {
Name = "myvpc_private_subnet_one"
}
}
#create private subnet two
resource "aws_subnet" "myvpc_private_subnet_two" {
vpc_id = "${aws_vpc.myvpc.id}"
cidr_block = "${element(var.subnet_two_cidr, 1)}"
availability_zone = "${data.aws_availability_zones.availability_zones.names[1]}"
tags {
Name = "myvpc_private_subnet_two"
}
}
#create internet gateway
resource "aws_internet_gateway" "myvpc_internet_gateway" {
vpc_id = "${aws_vpc.myvpc.id}"
tags {
Name = "myvpc_internet_gateway"
}
}
#create public route table (assosiated with internet gateway)
resource "aws_route_table" "myvpc_public_subnet_route_table" {
vpc_id = "${aws_vpc.myvpc.id}"
route {
cidr_block = "${var.route_table_cidr}"
gateway_id = "${aws_internet_gateway.myvpc_internet_gateway.id}"
}
tags {
Name = "myvpc_public_subnet_route_table"
}
}
#create private subnet route table
resource "aws_route_table" "myvpc_private_subnet_route_table" {
vpc_id = "${aws_vpc.myvpc.id}"
tags {
Name = "myvpc_private_subnet_route_table"
}
}
#create default route table
resource "aws_default_route_table" "myvpc_main_route_table" {
default_route_table_id = "${aws_vpc.myvpc.default_route_table_id}"
tags = {
Name = "myvpc_main_route_table"
}
}
#assosiate public subnet with public route table
resource "aws_route_table_association" "myvpc_public_subnet_route_table" {
subnet_id = "${aws_subnet.myvpc_public_subnet.id}"
route_table_id = "${aws_route_table.myvpc_public_subnet_route_table.id}"
}
#assosiate private subnets with private route table
resource "aws_route_table_association" "myvpc_private_subnet_one_route_table_assosiation" {
subnet_id = "${aws_subnet.myvpc_private_subnet_one.id}"
route_table_id = "${aws_route_table.myvpc_private_subnet_route_table.id}"
}
resource "aws_route_table_association" "myvpc_private_subnet_two_route_table_assosiation" {
subnet_id = "${aws_subnet.myvpc_private_subnet_two.id}"
route_table_id = "${aws_route_table.myvpc_private_subnet_route_table.id}"
}
#create security group for web
resource "aws_security_group" "web_security_group" {
name = "web_security_group"
description = "Allow all inbound traffic"
vpc_id = "${aws_vpc.myvpc.id}"
tags {
Name = "myvpc_web_security_group"
}
}
#create security group ingress rule for web
resource "aws_security_group_rule" "web_ingress" {
count = "${length(var.web_ports)}"
type = "ingress"
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
from_port = "${element(var.web_ports, count.index)}"
to_port = "${element(var.web_ports, count.index)}"
security_group_id = "${aws_security_group.web_security_group.id}"
}
#create security group egress rule for web
resource "aws_security_group_rule" "web_egress" {
count = "${length(var.web_ports)}
type = "egress"
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
from_port = "${element(var.web_ports, count.index)}"
to_port = "${element(var.web_ports, count.index)}"
security_group_id = "${aws_security_group.web_security_group.id}"
}
#create security group for db
resource "aws_security_group" "db_security_group" {
name = "db_security_group"
description = "Allow all inbound traffic"
vpc_id = "${aws_vpc.myvpc.id}"
tags {
Name = "myvpc_db_security_group"
}
}
#create security group ingress rule for db
resource "aws_security_group_rule" "db_ingress" {
count = "${length(var.db_ports)}"
type = "ingress"
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
from_port = "${element(var.db_ports, count.index)}"
to_port = "${element(var.db_ports, count.index)}"
security_group_id = "${aws_security_group.db_security_group.id}"
}
#create security group egress rule for db
resource "aws_security_group_rule" "db_egress" {
count = "${length(var.db_ports)}"
type = "egress"
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
from_port = "${element(var.db_ports, count.index)}"
to_port = "${element(var.db_ports, count.index)}"
security_group_id = "${aws_security_group.db_security_group.id}"
}
#create EC2 instance
resource "aws_instance" "my_web_instance" {
ami = "${lookup(var.images,var.region)}"
instance_type = "t2.micro"
key_name = "<your_private_key>" #make sure you have your_private_ket.pem file
vpc_security_group_ids = ["${aws_security_group.web_security_group.id}"]
subnet_id = "${aws_subnet.myvpc_public_subnet.id}"
tags = {
Name = "my_web_instance"
}
volume_tags = {
Name = "my_web_instance_volume"
}
provisioner "remote-exec" { #install apache, mysql client, php
inline = [
"sudo mkdir -p /var/www/html/",
"sudo yum update -y",
"sudo yum install -y httpd",
"sudo service httpd start",
"sudo usermod -a -G apache ec2-user",
"sudo chown -R ec2-user:apache /var/www",
"sudo yum install -y mysql php php-mysql"
]
}
provisioner "file" { #copy the index file form local to remote
source = "index.php"
destination = "/var/www/html/index.php"
}
connection {
type = "ssh"
user = "ec2-user"
password = ""
#copy <your_private_key>.pem to your local instance home directory
#restrict permission: chmod 400 <your_private_key>.pem
private_key = "${file("/home/ec2-user/<your_private_key>.pem")}"
}
}
#create aws rds subnet groups
resource "aws_db_subnet_group" "my_database_subnet_group" {
name = "mydbsg"
subnet_ids = ["${aws_subnet.myvpc_private_subnet_one.id}", "${aws_subnet.myvpc_private_subnet_two.id}"]
tags = {
Name = "my_database_subnet_group"
}
}
#create aws mysql rds instance
resource "aws_db_instance" "my_database_instance" {
allocated_storage = 20
storage_type = "gp2"
engine = "mysql"
engine_version = "5.7"
instance_class = "db.t2.micro"
port = 3306
vpc_security_group_ids = ["${aws_security_group.db_security_group.id}"]
db_subnet_group_name = "${aws_db_subnet_group.my_database_subnet_group.name}"
name = "mydb"
identifier = "mysqldb"
username = "myuser"
password = "mypassword"
parameter_group_name = "default.mysql5.7"
skip_final_snapshot = true
tags = {
Name = "my_database_instance"
}
}
#output webserver and dbserver address
output "db_server_address" {
value = "${aws_db_instance.my_database_instance.address}"
}
output "web_server_address" {
value = "${aws_instance.my_web_instance.public_dns}"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment