-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.tf
145 lines (133 loc) · 5.38 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
# creating all the resources here
# creating a vpc
# have used var. to reference the variables in the variables.tf file
resource "aws_vpc" "my_vpc" {
# configuring the cidr block of the vpc
cidr_block = var.vpc_cidr_block
# doing some configurations
enable_dns_hostnames = var.enable_dns_hostnames # ensures that instances with public IP addresses get corresponding public DNS names
enable_dns_support = var.enable_dns_support # ensures that instances can resolve domain names to IP addresses
# adding tags to identify and filter out the vpc
tags = {
# by adding the Name tag, it will show the value in the UI of the aws console for the VPC
Name = "dev"
}
}
# creating a subnet (public)
resource "aws_subnet" "my_public_subnet" {
# need to specify the vpc that we are going to use for the public subnet (aws_vpc.my_vpc)
# getting the the id using the output reference variable
vpc_id = aws_vpc.my_vpc.id
# configure the cidr_block of the subnet inside the cidr_block of the vpc
cidr_block = "10.0.1.0/24"
# this will make this subnet a public subnet
map_public_ip_on_launch = true
# we need to specify an availability zone for a subnet
availability_zone = "us-east-1a"
# adding a tag
tags = {
Name = "dev-public"
}
}
# internet gateway is added to a specific vpc
resource "aws_internet_gateway" "my_internet_gateway" {
# we need to add the vpc id
vpc_id = aws_vpc.my_vpc.id
# adding some tags
tags = {
Name = "dev-igw"
}
}
# now we need to create a route table to route traffic from subnet to internet gateway
# we can define the routes inline or we can use a seperate route resource
resource "aws_route_table" "my_route_table" {
# adding the vpc id
vpc_id = aws_vpc.my_vpc.id
# adding some tags
tags = {
Name = "dev-route-table"
}
}
# let's create the route resource
# this is an entry on the route table
resource "aws_route" "my_route" {
# we need to give the route table id
route_table_id = aws_route_table.my_route_table.id
# all ip addresses should head for this gateway
destination_cidr_block = "0.0.0.0/0"
# need to pass in the internet gateway id
gateway_id = aws_internet_gateway.my_internet_gateway.id
}
# we need to bridge the gap between the subnet and the route table
# route_table_association create an association between a route table and a subnet, internet gateway, or a virtual private gateway.
resource "aws_route_table_association" "my_route_table_association" {
# we need to give the subnet id
subnet_id = aws_subnet.my_public_subnet.id
# we need to give the route table id
route_table_id = aws_route_table.my_route_table.id
}
# we need to create a security group that we will use for the ec2
resource "aws_security_group" "my_security_group" {
# security group has a name attribute. So, we do not need to tag it.
name = "dev-security-group"
# then we can provide a description
description = "dev security group"
# then we need to provide the vpc id
vpc_id = aws_vpc.my_vpc.id
# next we need to provide ingress and egress
# they are defined in seperate blocks inside this resource block
# or we can use seperate resource blocks to do so
# ingress block
# manages inbound rules for the security group
ingress {
# we need to specify the port range
from_port = 0
to_port = 0
# then we need to specify the protocol
protocol = "-1" # here we use -1 to specify all protocols
cidr_blocks = ["112.134.129.252/32"] # we only need to list ip addresses that we are going to access through here (like personal ip address)
# we need to add /32 as the subnet must which will specify a single ip
# here we have allowed our ipaddress to use any port and protocol to access throught the security group
}
# egress block
# manages outbound rules for the security group
egress {
# we need to specify the port range
from_port = 0
to_port = 0
# then we need to specify the protocol
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"] # here we are going to allow all the ipaddresses
}
}
# now we are going to create the key-value pair that we are going to use in the instance
resource "aws_key_pair" "my_key_pair" {
# we can pass the name here. no need of tags
key_name = "terraformkey"
# we have used ssh-key gen command and created a public key and a private key in the ~/.ssh directory
# instead of hardcoding the public key we can use the file method to use the .pub file from the local system that contains the public key
public_key = file("~/.ssh/terraformkey.pub")
}
# Now we can create this ec2 instance
resource "aws_instance" "my_instance" {
# we need to provide the instance type
instance_type = "t2.micro"
# we can reference to the id of the ami that we got from the data source
# not like when referencing to resources, in data sources we need to use the prefix data.
ami = data.aws_ami.my_ami.id
# now we need to provide the key pair
key_name = aws_key_pair.my_key_pair.id
# now we need to provide the security group
# we can list down multiple security groups here
vpc_security_group_ids = [aws_security_group.my_security_group.id]
# now we need to give the subnet id
subnet_id = aws_subnet.my_public_subnet.id
# we can add userdata to bootstrap the instance
# again we can use the file funtion here
# relative path is enogh here
user_data = file("userdata.tpl")
# we can add some tags
tags = {
Name = "dev-node"
}
}