forked from Srazikh/Devops-notes
-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathmain.tf
146 lines (132 loc) · 3.66 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
## creating aws s3 bucket with the name of "shrini-s3"
resource "aws_s3_bucket" "s3" {
bucket = "shrini-s3"
acl = "private"
}
## creating aws_dyanmodb_table with the name of "terraform-state-lock-dynamo"
resource "aws_dynamodb_table" "dynamodb-terraform-state-lock" {
name = "terraform-state-lock-dynamo"
hash_key = "LockID"
read_capacity = 20
write_capacity = 20
attribute {
name = "LockID"
type = "S"
}
}
## moving the state file from "local" to "shrini-s3" bucket
terraform {
backend "s3" {
bucket = "shrini-s3"
dynamodb_table = "terraform-state-lock-dynamo"
key = "terraform.tfstate"
region = "ap-south-1"
}
}
## creating VPC and if we want to give vpc to name we have to mention on tags like below
resource "aws_vpc" "shrini_vpc" {
cidr_block = var.vpc_cidr
tags = {
Name = var.vpc_name
}
}
output "shrini_vpc" {
value = aws_vpc.shrini_vpc.id
}
## Creating Internet gateway
resource "aws_internet_gateway" "shrini-IGW" {
vpc_id = aws_vpc.shrini_vpc.id
tags = {
Name = var.aws_internet_gateway_name
}
}
output "shrini-IGW" {
value = aws_internet_gateway.shrini-IGW.id
}
## creating route table and exposing to internet with the help of CIDR block
resource "aws_route_table" "shrini_route_table" {
vpc_id = var.vpc_id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.shrini-IGW.id
}
tags = {
Name = var.aws_route_table_Name
}
}
output "shrini_route_table" {
value = aws_route_table.shrini_route_table.id
}
## Creating Subnet with the above mentioned VPC
resource "aws_subnet" "shrini_subnet" {
vpc_id = var.vpc_id
cidr_block = var.subnet_cidr_block
availability_zone = "ap-south-1a"
map_public_ip_on_launch = true
tags = {
Name = var.subnet_name
}
}
output "shrini_subnet" {
value = aws_subnet.shrini_subnet.id
}
## Associating subnet with Route Table
resource "aws_route_table_association" "subnet_association" {
subnet_id = var.subnet_id
route_table_id = var.route_table_id
}
output "subnet_association" {
value = aws_route_table_association.subnet_association.subnet_id
}
## Creating Security Group to allow port 22.80,443 ingress = inbound egress =outbound
resource "aws_security_group" "my_security_group" {
name = var.security_group_name
description = "Allow SSH, HTTP, and HTTPS traffic"
vpc_id = var.vpc_id
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
output "my_security_group" {
value = aws_security_group.my_security_group.id
}
##Creating Ubuntu server and install/enable apache2
resource "aws_instance" "ubuntu_server" {
ami = var.ami_id
instance_type = var.instance_type
subnet_id = var.subnet_id
associate_public_ip_address = true
security_groups = [aws_security_group.my_security_group.id]
# User data script to install and enable Apache
user_data = <<-EOF
#!/bin/bash
sudo apt-get update
sudo apt-get install apache2 -y
sudo systemctl enable apache2
sudo systemctl start apache2
EOF
}
output "ubuntu_server" {
value = aws_instance.ubuntu_server.public_ip
}