Last active
December 31, 2024 17:41
-
-
Save polyglotdev/37c793053ab0ce0813e4438da347668c to your computer and use it in GitHub Desktop.
# Terraform Configuration ```terraform
terraform { required_version = "~> 1.10.0" required_providers { aws = { source = "hashicorp/aws" version = "~> 5.82.0" } }
}
``` - **terraform block**: Specifies the required Terraf
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # main.tf | |
| terraform { | |
| required_version = "~> 1.10.0" | |
| required_providers { | |
| aws = { | |
| source = "hashicorp/aws" | |
| version = "~> 5.82.0" | |
| } | |
| random = { | |
| source = "hashicorp/random" | |
| version = "~> 3.6.3" | |
| } | |
| } | |
| } | |
| # Provider Configuration | |
| provider "aws" { | |
| region = "us-east-1" | |
| } | |
| provider "random" {} | |
| # Data Source: EC2 Instance Connect Managed Prefix List | |
| data "aws_ec2_managed_prefix_list" "ec2_instance_connect" { | |
| name = "com.amazonaws.us-east-1.ec2-instance-connect" | |
| } | |
| # Security Group | |
| # trunk-ignore(checkov/CKV_AWS_382) | |
| resource "aws_security_group" "allow_ssh" { | |
| vpc_id = aws_vpc.my_vpc.id | |
| description = "Security group allowing SSH access" | |
| # Allow SSH from EC2 Instance Connect | |
| ingress { | |
| from_port = 22 | |
| to_port = 22 | |
| protocol = "tcp" | |
| prefix_list_ids = [data.aws_ec2_managed_prefix_list.ec2_instance_connect.id] | |
| description = "Allow SSH from EC2 Instance Connect" | |
| } | |
| # Allow SSH from your IP | |
| ingress { | |
| from_port = 22 | |
| to_port = 22 | |
| protocol = "tcp" | |
| cidr_blocks = ["73.27.108.253/32"] | |
| description = "Allow SSH from personal IP" | |
| } | |
| # Allow all outbound traffic | |
| egress { | |
| from_port = 0 | |
| to_port = 0 | |
| protocol = "-1" | |
| cidr_blocks = ["0.0.0.0/0"] | |
| description = "Allow all outbound traffic" | |
| } | |
| tags = { | |
| Name = "allow_ssh" | |
| } | |
| } | |
| # VPCp | |
| # trunk-ignore(checkov/CKV2_AWS_12) | |
| # trunk-ignore(checkov/CKV2_AWS_11) | |
| resource "aws_vpc" "my_vpc" { | |
| cidr_block = "10.0.0.0/16" | |
| enable_dns_support = true | |
| enable_dns_hostnames = true | |
| tags = { | |
| Name = "my_vpc" | |
| } | |
| } | |
| # Subnet | |
| # trunk-ignore(checkov/CKV_AWS_130) | |
| resource "aws_subnet" "public_subnet" { | |
| vpc_id = aws_vpc.my_vpc.id | |
| cidr_block = "10.0.1.0/24" | |
| map_public_ip_on_launch = true | |
| availability_zone = "us-east-1a" | |
| tags = { | |
| Name = "public_subnet" | |
| } | |
| } | |
| # Internet Gateway | |
| resource "aws_internet_gateway" "igw" { | |
| vpc_id = aws_vpc.my_vpc.id | |
| tags = { | |
| Name = "my_igw" | |
| } | |
| } | |
| # Route Table | |
| resource "aws_route_table" "public_route_table" { | |
| vpc_id = aws_vpc.my_vpc.id | |
| route { | |
| cidr_block = "0.0.0.0/0" | |
| gateway_id = aws_internet_gateway.igw.id | |
| } | |
| tags = { | |
| Name = "public_route_table" | |
| } | |
| } | |
| # Route Table Association | |
| resource "aws_route_table_association" "public_subnet_association" { | |
| subnet_id = aws_subnet.public_subnet.id | |
| route_table_id = aws_route_table.public_route_table.id | |
| } | |
| # IAM Role | |
| resource "aws_iam_role" "ec2_assume_role" { | |
| name = "cloud-architect-course" | |
| assume_role_policy = jsonencode({ | |
| Version = "2012-10-17", | |
| Statement : [ | |
| { | |
| Action = "sts:AssumeRole", | |
| Effect = "Allow", | |
| Principal = { | |
| Service = "ec2.amazonaws.com" | |
| } | |
| } | |
| ] | |
| }) | |
| } | |
| # Attach AmazonEC2RoleforSSM Policy | |
| resource "aws_iam_role_policy_attachment" "ec2_ssm_policy_attachment" { | |
| role = aws_iam_role.ec2_assume_role.name | |
| policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" | |
| } | |
| # IAM Instance Profile | |
| resource "aws_iam_instance_profile" "ec2_instance_profile" { | |
| name = "cloud-architect-course" | |
| role = aws_iam_role.ec2_assume_role.name | |
| } | |
| # AMI Data Source | |
| data "aws_ami" "amazon_linux" { | |
| most_recent = true | |
| owners = ["amazon"] | |
| filter { | |
| name = "name" | |
| values = ["al2023-ami-2023.*-x86_64"] | |
| } | |
| filter { | |
| name = "virtualization-type" | |
| values = ["hvm"] | |
| } | |
| filter { | |
| name = "boot-mode" | |
| values = ["uefi-preferred"] | |
| } | |
| filter { | |
| name = "root-device-type" | |
| values = ["ebs"] | |
| } | |
| filter { | |
| name = "state" | |
| values = ["available"] | |
| } | |
| } | |
| # Random Name for EC2 Instance | |
| # Add the random_pet resource | |
| resource "random_pet" "ec2_name" { | |
| length = 2 | |
| } | |
| # EC2 Instance | |
| resource "aws_instance" "ec2_instance" { | |
| ami = data.aws_ami.amazon_linux.id | |
| count = 2 | |
| instance_type = "t2.micro" | |
| subnet_id = aws_subnet.public_subnet.id | |
| key_name = "dominiquehallan-alt-admin" | |
| vpc_security_group_ids = [aws_security_group.allow_ssh.id] | |
| monitoring = true | |
| iam_instance_profile = aws_iam_instance_profile.ec2_instance_profile.name | |
| ebs_optimized = true | |
| tags = { | |
| Name = "cloud-architect-course-${random_pet.ec2_name.id}-${count.index}" | |
| Owner = "[email protected]" | |
| Project = "cloud-architect-course" | |
| Env = "dev" | |
| Terraform = "true" | |
| Managed-by = "devops" | |
| } | |
| metadata_options { | |
| http_tokens = "required" | |
| } | |
| root_block_device { | |
| encrypted = true | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment