rubysoho07/pulumi_test.py Secret

## pulumi_test.py
import json

import pulumi
import pulumi_aws as aws

# AWS Resources
bucket = aws.s3.Bucket('yungon-iac-test-bucket',
    bucket="YOUR_BUCKET_NAME",
    tags={
        "Name": "YOUR_BUCKET_NAME",
        "CreatedBy": "yungon"
    }
)

sg = aws.ec2.SecurityGroup("yungon_test_security_group",
    name="allow_ssh_for_my_home",
    description="Allow SSH access for my home",
    vpc_id="vpc-YOUR_VPC_ID",     # My default VPC

    ingress=[aws.ec2.SecurityGroupIngressArgs(
        description="My home IP Address",
        from_port=22,
        to_port=22,
        protocol="tcp",
        cidr_blocks=["YOUR_PUBLIC_IP_ADDRESS/32"]
    )],
    egress=[aws.ec2.SecurityGroupEgressArgs(
        from_port=0,
        to_port=0,
        protocol="-1",
        cidr_blocks=["0.0.0.0/0"]
    )]
)

test_role = aws.iam.Role("yungon-iac-test-role",
    name="yungon-iac-test-role",
    assume_role_policy=json.dumps({
        "Version": "2012-10-17",
        "Statement": [{
            "Action": "sts:AssumeRole",
            "Effect": "Allow",
            "Sid": "",
            "Principal": {
                "Service": "ec2.amazonaws.com"
            }
        }]
    })
)

def make_bucket_policy(bucket_name: str):
    return json.dumps({
        "Version": "2012-10-17",
        "Statement": [{
            "Action": ["s3:*"],
            "Effect": "Allow",
            "Resource": [
                f"arn:aws:s3:::{bucket_name}",
                f"arn:aws:s3:::{bucket_name}/*"       # For objects of the bucket
            ]
        }]
    })

test_policy = aws.iam.RolePolicy("yungon-test-role-policy",
    name="yungon-iac-test-policy",
    role=test_role.id,
    policy=bucket.id.apply(make_bucket_policy)
)

instance_profile = aws.iam.InstanceProfile(
    "yungon-iac-test-instance-profile",
    role=test_role.name
)

server = aws.ec2.Instance("yungon-iac-test-ec2",
    ami="ami-003ef1c0e2776ea27",    # Amazon Linux 2 for AMD64 (Seoul Region)
    instance_type="t3.micro",
    subnet_id="subnet-YOUR_SUBNET_ID",    # My public subnet
    key_name="YOUR_KEY_PAIR_NAME",
    iam_instance_profile=instance_profile.id,
    vpc_security_group_ids=[sg.id],
    tags={
      "Name": "YOUR_INSTANCE_NAME",
      "CreatedBy": "Yungon"
    }
)

# Export the name of the bucket
pulumi.export('bucket_name', bucket.id)
pulumi.export('server_ip', server.public_ip)
	import json

	import pulumi
	import pulumi_aws as aws

	# AWS Resources
	bucket = aws.s3.Bucket('yungon-iac-test-bucket',
	bucket="YOUR_BUCKET_NAME",
	tags={
	"Name": "YOUR_BUCKET_NAME",
	"CreatedBy": "yungon"
	}
	)

	sg = aws.ec2.SecurityGroup("yungon_test_security_group",
	name="allow_ssh_for_my_home",
	description="Allow SSH access for my home",
	vpc_id="vpc-YOUR_VPC_ID", # My default VPC

	ingress=[aws.ec2.SecurityGroupIngressArgs(
	description="My home IP Address",
	from_port=22,
	to_port=22,
	protocol="tcp",
	cidr_blocks=["YOUR_PUBLIC_IP_ADDRESS/32"]
	)],
	egress=[aws.ec2.SecurityGroupEgressArgs(
	from_port=0,
	to_port=0,
	protocol="-1",
	cidr_blocks=["0.0.0.0/0"]
	)]
	)

	test_role = aws.iam.Role("yungon-iac-test-role",
	name="yungon-iac-test-role",
	assume_role_policy=json.dumps({
	"Version": "2012-10-17",
	"Statement": [{
	"Action": "sts:AssumeRole",
	"Effect": "Allow",
	"Sid": "",
	"Principal": {
	"Service": "ec2.amazonaws.com"
	}
	}]
	})
	)

	def make_bucket_policy(bucket_name: str):
	return json.dumps({
	"Version": "2012-10-17",
	"Statement": [{
	"Action": ["s3:*"],
	"Effect": "Allow",
	"Resource": [
	f"arn:aws:s3:::{bucket_name}",
	f"arn:aws:s3:::{bucket_name}/*" # For objects of the bucket
	]
	}]
	})

	test_policy = aws.iam.RolePolicy("yungon-test-role-policy",
	name="yungon-iac-test-policy",
	role=test_role.id,
	policy=bucket.id.apply(make_bucket_policy)
	)

	instance_profile = aws.iam.InstanceProfile(
	"yungon-iac-test-instance-profile",
	role=test_role.name
	)

	server = aws.ec2.Instance("yungon-iac-test-ec2",
	ami="ami-003ef1c0e2776ea27", # Amazon Linux 2 for AMD64 (Seoul Region)
	instance_type="t3.micro",
	subnet_id="subnet-YOUR_SUBNET_ID", # My public subnet
	key_name="YOUR_KEY_PAIR_NAME",
	iam_instance_profile=instance_profile.id,
	vpc_security_group_ids=[sg.id],
	tags={
	"Name": "YOUR_INSTANCE_NAME",
	"CreatedBy": "Yungon"
	}
	)

	# Export the name of the bucket
	pulumi.export('bucket_name', bucket.id)
	pulumi.export('server_ip', server.public_ip)