Created
August 27, 2019 12:06
-
-
Save chanakaDe/ba35a58b5992a7c1731596611aaede0c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
variable "access_key" { | |
default = "AKIAT7VMYUEWRXYDXPW2" | |
} | |
variable "secret_key" { | |
default = "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" | |
} | |
variable "region" { | |
default = "us-east-2" | |
} | |
variable "vpc_cidr" { | |
default = "10.0.0.0/16" | |
} | |
variable "subnet_one_cidr" { | |
default = "10.0.1.0/24" | |
} | |
variable "subnet_two_cidr" { | |
default = ["10.0.2.0/24","10.0.3.0/24"] | |
} | |
variable "route_table_cidr" { | |
default = "0.0.0.0/0" | |
} | |
variable "web_ports" { | |
default = ["22","80", "443", "3306"] | |
} | |
variable "db_ports" { | |
default = ["22", "3306"] | |
} | |
variable "images" { | |
type = "map" | |
default = { | |
"us-east-1" = "ami-0937dcc711d38ef3f" | |
"us-east-2" = "ami-04328208f4f0cf1fe" | |
"us-west-1" = "ami-0799ad445b5727125" | |
"us-west-2" = "ami-032509850cf9ee54e" | |
"ap-south-1" = "ami-0937dcc711d38ef3f" | |
"ap-northeast-2" = "ami-018a9a930060d38aa" | |
"ap-southeast-1" = "ami-04677bdaa3c2b6e24" | |
"ap-southeast-2" = "ami-0c9d48b5db609ad6e" | |
"ap-northeast-1" = "ami-0d7ed3ddb85b521a6" | |
"ca-central-1" = "ami-0de8b8e4bc1f125fe" | |
"eu-central-1" = "ami-0eaec5838478eb0ba" | |
"eu-west-1" = "ami-0fad7378adf284ce0" | |
"eu-west-2" = "ami-0664a710233d7c148" | |
"eu-west-3" = "ami-0854d53ce963f69d8" | |
"eu-north-1" = "ami-6d27a913" | |
} | |
} | |
#aws provider | |
provider "aws" { | |
access_key = "${var.access_key}" | |
secret_key = "${var.secret_key}" | |
region = "${var.region}" | |
} | |
#get AZ's details | |
data "aws_availability_zones" "availability_zones" {} | |
#create VPC | |
resource "aws_vpc" "myvpc" { | |
cidr_block = "${var.vpc_cidr}" | |
enable_dns_hostnames = true | |
tags { | |
Name = "myvpc" | |
} | |
} | |
#create public subnet | |
resource "aws_subnet" "myvpc_public_subnet" { | |
vpc_id = "${aws_vpc.myvpc.id}" | |
cidr_block = "${var.subnet_one_cidr}" | |
availability_zone = "${data.aws_availability_zones.availability_zones.names[0]}" | |
map_public_ip_on_launch = true | |
tags { | |
Name = "myvpc_public_subnet" | |
} | |
} | |
#create private subnet one | |
resource "aws_subnet" "myvpc_private_subnet_one" { | |
vpc_id = "${aws_vpc.myvpc.id}" | |
cidr_block = "${element(var.subnet_two_cidr, 0)}" | |
availability_zone = "${data.aws_availability_zones.availability_zones.names[0]}" | |
tags { | |
Name = "myvpc_private_subnet_one" | |
} | |
} | |
#create private subnet two | |
resource "aws_subnet" "myvpc_private_subnet_two" { | |
vpc_id = "${aws_vpc.myvpc.id}" | |
cidr_block = "${element(var.subnet_two_cidr, 1)}" | |
availability_zone = "${data.aws_availability_zones.availability_zones.names[1]}" | |
tags { | |
Name = "myvpc_private_subnet_two" | |
} | |
} | |
#create internet gateway | |
resource "aws_internet_gateway" "myvpc_internet_gateway" { | |
vpc_id = "${aws_vpc.myvpc.id}" | |
tags { | |
Name = "myvpc_internet_gateway" | |
} | |
} | |
#create public route table (assosiated with internet gateway) | |
resource "aws_route_table" "myvpc_public_subnet_route_table" { | |
vpc_id = "${aws_vpc.myvpc.id}" | |
route { | |
cidr_block = "${var.route_table_cidr}" | |
gateway_id = "${aws_internet_gateway.myvpc_internet_gateway.id}" | |
} | |
tags { | |
Name = "myvpc_public_subnet_route_table" | |
} | |
} | |
#create private subnet route table | |
resource "aws_route_table" "myvpc_private_subnet_route_table" { | |
vpc_id = "${aws_vpc.myvpc.id}" | |
tags { | |
Name = "myvpc_private_subnet_route_table" | |
} | |
} | |
#create default route table | |
resource "aws_default_route_table" "myvpc_main_route_table" { | |
default_route_table_id = "${aws_vpc.myvpc.default_route_table_id}" | |
tags = { | |
Name = "myvpc_main_route_table" | |
} | |
} | |
#assosiate public subnet with public route table | |
resource "aws_route_table_association" "myvpc_public_subnet_route_table" { | |
subnet_id = "${aws_subnet.myvpc_public_subnet.id}" | |
route_table_id = "${aws_route_table.myvpc_public_subnet_route_table.id}" | |
} | |
#assosiate private subnets with private route table | |
resource "aws_route_table_association" "myvpc_private_subnet_one_route_table_assosiation" { | |
subnet_id = "${aws_subnet.myvpc_private_subnet_one.id}" | |
route_table_id = "${aws_route_table.myvpc_private_subnet_route_table.id}" | |
} | |
resource "aws_route_table_association" "myvpc_private_subnet_two_route_table_assosiation" { | |
subnet_id = "${aws_subnet.myvpc_private_subnet_two.id}" | |
route_table_id = "${aws_route_table.myvpc_private_subnet_route_table.id}" | |
} | |
#create security group for web | |
resource "aws_security_group" "web_security_group" { | |
name = "web_security_group" | |
description = "Allow all inbound traffic" | |
vpc_id = "${aws_vpc.myvpc.id}" | |
tags { | |
Name = "myvpc_web_security_group" | |
} | |
} | |
#create security group ingress rule for web | |
resource "aws_security_group_rule" "web_ingress" { | |
count = "${length(var.web_ports)}" | |
type = "ingress" | |
protocol = "tcp" | |
cidr_blocks = ["0.0.0.0/0"] | |
from_port = "${element(var.web_ports, count.index)}" | |
to_port = "${element(var.web_ports, count.index)}" | |
security_group_id = "${aws_security_group.web_security_group.id}" | |
} | |
#create security group egress rule for web | |
resource "aws_security_group_rule" "web_egress" { | |
count = "${length(var.web_ports)} | |
type = "egress" | |
protocol = "tcp" | |
cidr_blocks = ["0.0.0.0/0"] | |
from_port = "${element(var.web_ports, count.index)}" | |
to_port = "${element(var.web_ports, count.index)}" | |
security_group_id = "${aws_security_group.web_security_group.id}" | |
} | |
#create security group for db | |
resource "aws_security_group" "db_security_group" { | |
name = "db_security_group" | |
description = "Allow all inbound traffic" | |
vpc_id = "${aws_vpc.myvpc.id}" | |
tags { | |
Name = "myvpc_db_security_group" | |
} | |
} | |
#create security group ingress rule for db | |
resource "aws_security_group_rule" "db_ingress" { | |
count = "${length(var.db_ports)}" | |
type = "ingress" | |
protocol = "tcp" | |
cidr_blocks = ["0.0.0.0/0"] | |
from_port = "${element(var.db_ports, count.index)}" | |
to_port = "${element(var.db_ports, count.index)}" | |
security_group_id = "${aws_security_group.db_security_group.id}" | |
} | |
#create security group egress rule for db | |
resource "aws_security_group_rule" "db_egress" { | |
count = "${length(var.db_ports)}" | |
type = "egress" | |
protocol = "tcp" | |
cidr_blocks = ["0.0.0.0/0"] | |
from_port = "${element(var.db_ports, count.index)}" | |
to_port = "${element(var.db_ports, count.index)}" | |
security_group_id = "${aws_security_group.db_security_group.id}" | |
} | |
#create EC2 instance | |
resource "aws_instance" "my_web_instance" { | |
ami = "${lookup(var.images,var.region)}" | |
instance_type = "t2.micro" | |
key_name = "<your_private_key>" #make sure you have your_private_ket.pem file | |
vpc_security_group_ids = ["${aws_security_group.web_security_group.id}"] | |
subnet_id = "${aws_subnet.myvpc_public_subnet.id}" | |
tags = { | |
Name = "my_web_instance" | |
} | |
volume_tags = { | |
Name = "my_web_instance_volume" | |
} | |
provisioner "remote-exec" { #install apache, mysql client, php | |
inline = [ | |
"sudo mkdir -p /var/www/html/", | |
"sudo yum update -y", | |
"sudo yum install -y httpd", | |
"sudo service httpd start", | |
"sudo usermod -a -G apache ec2-user", | |
"sudo chown -R ec2-user:apache /var/www", | |
"sudo yum install -y mysql php php-mysql" | |
] | |
} | |
provisioner "file" { #copy the index file form local to remote | |
source = "index.php" | |
destination = "/var/www/html/index.php" | |
} | |
connection { | |
type = "ssh" | |
user = "ec2-user" | |
password = "" | |
#copy <your_private_key>.pem to your local instance home directory | |
#restrict permission: chmod 400 <your_private_key>.pem | |
private_key = "${file("/home/ec2-user/<your_private_key>.pem")}" | |
} | |
} | |
#create aws rds subnet groups | |
resource "aws_db_subnet_group" "my_database_subnet_group" { | |
name = "mydbsg" | |
subnet_ids = ["${aws_subnet.myvpc_private_subnet_one.id}", "${aws_subnet.myvpc_private_subnet_two.id}"] | |
tags = { | |
Name = "my_database_subnet_group" | |
} | |
} | |
#create aws mysql rds instance | |
resource "aws_db_instance" "my_database_instance" { | |
allocated_storage = 20 | |
storage_type = "gp2" | |
engine = "mysql" | |
engine_version = "5.7" | |
instance_class = "db.t2.micro" | |
port = 3306 | |
vpc_security_group_ids = ["${aws_security_group.db_security_group.id}"] | |
db_subnet_group_name = "${aws_db_subnet_group.my_database_subnet_group.name}" | |
name = "mydb" | |
identifier = "mysqldb" | |
username = "myuser" | |
password = "mypassword" | |
parameter_group_name = "default.mysql5.7" | |
skip_final_snapshot = true | |
tags = { | |
Name = "my_database_instance" | |
} | |
} | |
#output webserver and dbserver address | |
output "db_server_address" { | |
value = "${aws_db_instance.my_database_instance.address}" | |
} | |
output "web_server_address" { | |
value = "${aws_instance.my_web_instance.public_dns}" | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment