Terraform Example
/* Providers */
provider "aws" {
region = "us-west-2"
/* Variables */
variable "name" {
default = "XXXXX"
variable "availability_zones" {
default = ["us-west-2a", "us-west-2b"]
variable "cidr_block" {
default = ""
/* Data Sources */
data "aws_ami" "ubuntu" {
owners = ["099720109477"]
filter {
name = "name"
values = ["ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-*"]
filter {
name = "virtualization-type"
values = ["hvm"]
most_recent = true
/* VPC */
resource "aws_vpc" "main" {
cidr_block = "${var.cidr_block}"
tags {
Name = "${}"
resource "aws_subnet" "public" {
vpc_id = "${}"
availability_zone = "${var.availability_zones[count.index]}"
cidr_block = "${cidrsubnet(var.cidr_block, 8, count.index * 2)}"
map_public_ip_on_launch = true
count = "${length(var.availability_zones)}"
tags {
Name = "${format("${}-public-%02d", count.index + 1)}"
resource "aws_internet_gateway" "main" {
vpc_id = "${}"
tags {
Name = "${}"
resource "aws_route_table" "public" {
vpc_id = "${}"
tags {
Name = "${}-public-00"
resource "aws_route" "igw" {
route_table_id = "${}"
gateway_id = "${}"
destination_cidr_block = ""
resource "aws_route_table_association" "public" {
subnet_id = "${aws_subnet.public.*.id[count.index]}"
route_table_id = "${}"
count = "${length(var.availability_zones)}"
/* Security Groups */
resource "aws_security_group" "app_server" {
name_prefix = "${}-app-server-"
vpc_id = "${}"
tags = {
Name = "${}-app-server"
resource "aws_security_group_rule" "app_server_self" {
type = "ingress"
from_port = 0
to_port = 0
protocol = "-1"
self = true
security_group_id = "${}"
resource "aws_security_group_rule" "app_server_ssh" {
type = "ingress"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = [""]
security_group_id = "${}"
resource "aws_security_group_rule" "app_server_http" {
type = "ingress"
from_port = 3000
to_port = 3000
protocol = "tcp"
source_security_group_id = "${}"
security_group_id = "${}"
resource "aws_security_group_rule" "app_server_egress" {
type = "egress"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = [""]
security_group_id = "${}"
resource "aws_security_group" "alb" {
name_prefix = "${}-alb-"
vpc_id = "${}"
tags = {
Name = "${}-alb"
resource "aws_security_group_rule" "alb_http" {
type = "ingress"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = [""]
security_group_id = "${}"
resource "aws_security_group_rule" "alb_https" {
type = "ingress"
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = [""]
security_group_id = "${}"
resource "aws_security_group_rule" "alb_app_server" {
type = "egress"
from_port = 3000
to_port = 3000
protocol = "tcp"
source_security_group_id = "${}"
security_group_id = "${}"
resource "aws_security_group_rule" "alb_egress" {
type = "egress"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = [""]
security_group_id = "${}"
/* Application Server */
resource "aws_key_pair" "bootstrap" {
key_name = "bootstrap"
public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDW1h3gWoHkOV50ng3w0PvidOf3Qb7vrEB9PoPii+CN2UxXtg30wjFR+EB5HNVyI0X6j08umO1CM1xeW27Dhd5iqccj9ic5uZaBYYWyzTVg/ufgUH+AUMFm1ABp3ZYdAp7pDULnkQTAqpBauwIF09cJN0xH0JyzGQ/ATNSzfH6lBO0WIxKqQtR/YNI5C3m5UunJMMd/WCJy567uXRabidJDPF8qBYJ7k0sI8EfLAztGbmyy6v+srk0ZNE+ygOoqvkkkEqP29yqLgTCb5zaAP6EqMtnnFEcG6RG2AcPsX2JUOzxdaDLX0iV6odUqHSLzAjf3/wiD5EQ318DoF+0LByj3"
resource "aws_iam_role" "app_server" {
name = "${}"
assume_role_policy = <<EOF
"Version": "2012-10-17",
"Statement": [
"Action": "sts:AssumeRole",
"Principal": {
"Service": ""
"Effect": "Allow",
"Sid": ""
resource "aws_iam_instance_profile" "app_server" {
name = "${}"
roles = ["${}"]
resource "aws_instance" "app_server" {
instance_type = "t2.micro"
ami = "${}"
subnet_id = "${}"
vpc_security_group_ids = ["${}"]
iam_instance_profile = "${}"
key_name = "${aws_key_pair.bootstrap.key_name}"
monitoring = true
root_block_device {
volume_type = "standard"
volume_size = "30"
delete_on_termination = false
tags {
Name = "${}-app-01"
/* TODO: Autorecovery */
/* Load Balancer */
/* ALB */
/* ALB Attachment */
