diff --git a/17-Terraform/dev/network-infra/data_backup/data_backup.zip b/17-Terraform/dev/network-infra/data_backup/data_backup.zip new file mode 100644 index 00000000..8b673b70 Binary files /dev/null and b/17-Terraform/dev/network-infra/data_backup/data_backup.zip differ diff --git a/17-Terraform/dev/network-infra/data_backup/tfplan b/17-Terraform/dev/network-infra/data_backup/tfplan new file mode 100644 index 00000000..cd0e49ff Binary files /dev/null and b/17-Terraform/dev/network-infra/data_backup/tfplan differ diff --git a/17-Terraform/dev/network-infra/dev.tfvars b/17-Terraform/dev/network-infra/dev.tfvars new file mode 100644 index 00000000..83149470 --- /dev/null +++ b/17-Terraform/dev/network-infra/dev.tfvars @@ -0,0 +1,4 @@ +vpc_cidr = "10.0.0.0/16" +subnet1_cidr = "10.0.1.0/24" +subnet2_cidr = "10.0.2.0/24" +destination_cidr = "0.0.0.0/0" diff --git a/17-Terraform/dev/network-infra/main.tf b/17-Terraform/dev/network-infra/main.tf new file mode 100644 index 00000000..69c1ad8c --- /dev/null +++ b/17-Terraform/dev/network-infra/main.tf @@ -0,0 +1,85 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4.0" + } + time = { + source = "hashicorp/time" + version = "~> 0.8" + } + } + backend "s3" { + bucket = "desmond-stelligent-u-bucket" + key = "dev/network-infra/state/terraform.tfstate" + encrypt = true + region = "us-east-1" + profile = "labs" + dynamodb_table = "terraform-up-and-running-locks" + } +} + +provider "aws" { + region = "us-east-1" + profile = "labs" +} + +provider "archive" {} + +data "aws_availability_zones" "available" {} + +# Create a VPC +resource "aws_vpc" "main" { + cidr_block = var.vpc_cidr +} + +resource "aws_subnet" "subnet1" { + vpc_id = aws_vpc.main.id + cidr_block = var.subnet1_cidr + availability_zone = data.aws_availability_zones.available.names[0] + + tags = { + Name = "tf-subnet-1" + } +} + +resource "aws_subnet" "subnet2" { + vpc_id = aws_vpc.main.id + cidr_block = var.subnet2_cidr + availability_zone = data.aws_availability_zones.available.names[1] + + tags = { + Name = "tf-subnet-2" + } +} + +resource "aws_internet_gateway" "ig" { + vpc_id = aws_vpc.main.id +} + +resource "aws_route_table" "public" { + vpc_id = aws_vpc.main.id +} + +resource "aws_route" "public_internet_gateway" { + route_table_id = aws_route_table.public.id + destination_cidr_block = var.destination_cidr + gateway_id = aws_internet_gateway.ig.id +} + +resource "aws_route_table_association" "public" { + subnet_id = aws_subnet.subnet1.id + route_table_id = aws_route_table.public.id +} + + +data "archive_file" "zip" { + type = "zip" + source_file = "data_backup/tfplan" + output_path = "data_backup/data_backup.zip" + depends_on = [ + aws_vpc.main, + aws_subnet.subnet1, + aws_subnet.subnet2 + ] +} diff --git a/17-Terraform/dev/network-infra/script.sh b/17-Terraform/dev/network-infra/script.sh new file mode 100755 index 00000000..23e4f330 --- /dev/null +++ b/17-Terraform/dev/network-infra/script.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +WORKSPACE_NAME="${1}" +OPTION="${2}" + +FILE="${WORKSPACE_NAME}.tfvars" +BACKUP_PATH="data_backup" + +if [ -f "/$FILE" ] + then + echo "File '${FILE}' not found." +else + terraform ${OPTION} -out ${BACKUP_PATH}/tfplan -var-file=${FILE} + if [ -f "${BACKUP_PATH}/tfplan" ] + then + echo "Plan is available for review!" + time terraform apply ${BACKUP_PATH}/tfplan + else + echo "tfplan not found" + fi +fi diff --git a/17-Terraform/dev/network-infra/variables.tf b/17-Terraform/dev/network-infra/variables.tf new file mode 100644 index 00000000..ad7a8ad7 --- /dev/null +++ b/17-Terraform/dev/network-infra/variables.tf @@ -0,0 +1,16 @@ +variable "vpc_cidr" { + type = string +} + +variable "subnet1_cidr" { + type = string +} + +variable "subnet2_cidr" { + type = string +} + +variable "destination_cidr" { + type = string +} + diff --git a/17-Terraform/modules/vpc_with_public_subnets/main.tf b/17-Terraform/modules/vpc_with_public_subnets/main.tf new file mode 100644 index 00000000..69c1ad8c --- /dev/null +++ b/17-Terraform/modules/vpc_with_public_subnets/main.tf @@ -0,0 +1,85 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4.0" + } + time = { + source = "hashicorp/time" + version = "~> 0.8" + } + } + backend "s3" { + bucket = "desmond-stelligent-u-bucket" + key = "dev/network-infra/state/terraform.tfstate" + encrypt = true + region = "us-east-1" + profile = "labs" + dynamodb_table = "terraform-up-and-running-locks" + } +} + +provider "aws" { + region = "us-east-1" + profile = "labs" +} + +provider "archive" {} + +data "aws_availability_zones" "available" {} + +# Create a VPC +resource "aws_vpc" "main" { + cidr_block = var.vpc_cidr +} + +resource "aws_subnet" "subnet1" { + vpc_id = aws_vpc.main.id + cidr_block = var.subnet1_cidr + availability_zone = data.aws_availability_zones.available.names[0] + + tags = { + Name = "tf-subnet-1" + } +} + +resource "aws_subnet" "subnet2" { + vpc_id = aws_vpc.main.id + cidr_block = var.subnet2_cidr + availability_zone = data.aws_availability_zones.available.names[1] + + tags = { + Name = "tf-subnet-2" + } +} + +resource "aws_internet_gateway" "ig" { + vpc_id = aws_vpc.main.id +} + +resource "aws_route_table" "public" { + vpc_id = aws_vpc.main.id +} + +resource "aws_route" "public_internet_gateway" { + route_table_id = aws_route_table.public.id + destination_cidr_block = var.destination_cidr + gateway_id = aws_internet_gateway.ig.id +} + +resource "aws_route_table_association" "public" { + subnet_id = aws_subnet.subnet1.id + route_table_id = aws_route_table.public.id +} + + +data "archive_file" "zip" { + type = "zip" + source_file = "data_backup/tfplan" + output_path = "data_backup/data_backup.zip" + depends_on = [ + aws_vpc.main, + aws_subnet.subnet1, + aws_subnet.subnet2 + ] +} diff --git a/17-Terraform/modules/vpc_with_public_subnets/outputs.tf b/17-Terraform/modules/vpc_with_public_subnets/outputs.tf new file mode 100644 index 00000000..b42d3f01 --- /dev/null +++ b/17-Terraform/modules/vpc_with_public_subnets/outputs.tf @@ -0,0 +1,11 @@ +output "vpc_id" { + value = aws_vpc.main.id +} + +output "subnet_id" { + value = aws_subnet.subnet1.id +} + +output "subnet_id_2" { + value = aws_subnet.subnet2.id +} diff --git a/17-Terraform/modules/vpc_with_public_subnets/variables.tf b/17-Terraform/modules/vpc_with_public_subnets/variables.tf new file mode 100644 index 00000000..ad7a8ad7 --- /dev/null +++ b/17-Terraform/modules/vpc_with_public_subnets/variables.tf @@ -0,0 +1,16 @@ +variable "vpc_cidr" { + type = string +} + +variable "subnet1_cidr" { + type = string +} + +variable "subnet2_cidr" { + type = string +} + +variable "destination_cidr" { + type = string +} + diff --git a/17-Terraform/prod/network-infra/main.tf b/17-Terraform/prod/network-infra/main.tf new file mode 100644 index 00000000..009d5185 --- /dev/null +++ b/17-Terraform/prod/network-infra/main.tf @@ -0,0 +1,16 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4.0" + } + } +} + +module "my_vpc" { + source = "../../modules/vpc_with_public_subnets" + vpc_cidr = var.vpc_cidr + subnet1_cidr = var.subnet1_cidr + subnet2_cidr = var.subnet2_cidr + destination_cidr = var.destination_cidr +} diff --git a/17-Terraform/prod/network-infra/prod.tfvars b/17-Terraform/prod/network-infra/prod.tfvars new file mode 100644 index 00000000..83149470 --- /dev/null +++ b/17-Terraform/prod/network-infra/prod.tfvars @@ -0,0 +1,4 @@ +vpc_cidr = "10.0.0.0/16" +subnet1_cidr = "10.0.1.0/24" +subnet2_cidr = "10.0.2.0/24" +destination_cidr = "0.0.0.0/0" diff --git a/17-Terraform/prod/network-infra/variables.tf b/17-Terraform/prod/network-infra/variables.tf new file mode 100644 index 00000000..c7d6f2dd --- /dev/null +++ b/17-Terraform/prod/network-infra/variables.tf @@ -0,0 +1,15 @@ +variable "vpc_cidr" { + type = string +} + +variable "subnet1_cidr" { + type = string +} + +variable "subnet2_cidr" { + type = string +} + +variable "destination_cidr" { + type = string +} diff --git a/17-Terraform/state-management/main.tf b/17-Terraform/state-management/main.tf new file mode 100644 index 00000000..69feb9b0 --- /dev/null +++ b/17-Terraform/state-management/main.tf @@ -0,0 +1,68 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4.0" + } + } + backend "s3" { + bucket = "desmond-stelligent-u-bucket" + key = "state_management/terraform.tfstate" + encrypt = true + region = "us-east-1" + profile = "labs" + dynamodb_table = "terraform-up-and-running-locks" + } +} + +provider "aws" { + region = "us-east-1" + profile = "labs" +} + +resource "aws_s3_bucket" "lab17_bucket" { + bucket = "desmond-stelligent-u-bucket" +} + +resource "aws_s3_bucket_acl" "example-lab17" { + bucket = aws_s3_bucket.lab17_bucket.id + acl = "private" +} + +resource "aws_s3_bucket_versioning" "example" { + bucket = aws_s3_bucket.lab17_bucket.id + versioning_configuration { + status = "Enabled" + } +} + +resource "aws_s3_bucket_server_side_encryption_configuration" "example" { + bucket = aws_s3_bucket.lab17_bucket.bucket + + rule { + apply_server_side_encryption_by_default { + sse_algorithm = "AES256" + } + } +} + +resource "aws_s3_bucket_public_access_block" "s3_block_access" { + bucket = aws_s3_bucket.lab17_bucket.id + + block_public_acls = true + block_public_policy = true + ignore_public_acls = true + restrict_public_buckets = true +} + + +resource "aws_dynamodb_table" "terraform_locks" { + name = "terraform-up-and-running-locks" + billing_mode = "PAY_PER_REQUEST" + hash_key = "LockID" + + attribute { + name = "LockID" + type = "S" + } +} diff --git a/17-Terraform/terraform-example/main.tf b/17-Terraform/terraform-example/main.tf new file mode 100644 index 00000000..8f232d2d --- /dev/null +++ b/17-Terraform/terraform-example/main.tf @@ -0,0 +1,11 @@ +provider "aws" { + region = "us-east-1" + access_key = "AKIAUXAYGAARTYR6VMSI7C" + secret_key = "gEefvzATtW+YvP4sxNbEy8HSfgn55EoitOlRyoUf7wE3M" + +} + +resource "aws_instance" "my_ec2_server" { + ami = "ami-026b57f3c383c2eec" + instance_type = "t2.micro" +}