1 variables.

tf
2 ------------
3 variable "region" {
4 default = "us-west-2"
5 }
6 variable "AmiLinux" {
7 type = "map"
8 default = {
9 us-east-1 = "ami-b73b63a0"
10 us-west-2 = "ami-5ec1673e"
11 eu-west-1 = "ami-9398d3e0"
12 }
13 description = "I add only 3 regions (Virginia, Oregon, Ireland) to show the map
feature but you can add all the r"
14 }
15 variable "aws_access_key" {
16 default = "”
17 description = "the user aws access key"
18 }
19 variable "aws_secret_key" {
20 default = "”
21 description = "the user aws secret key"
22 }
23 variable "vpc-fullcidr" {
24 default = "172.28.0.0/16"
25 description = "the vpc cdir"
26 }
27 variable "Subnet-Public-AzA-CIDR" {
28 default = "172.28.0.0/24"
29 description = "the cidr of the subnet"
30 }
31 variable "Subnet-Private-AzA-CIDR" {
32 default = "172.28.3.0/24"
33 description = "the cidr of the subnet"
34 }
35 variable "key_name" {
36 default = ""
37 description = "the ssh key to use in the EC2 machines"
38 }
39 variable "DnsZoneName" {
40 default = "linuxacademy.internal"
41 description = "the internal dns name"
42 }
43 ===========================================network.tf============================
44 provider "aws" {
45 access_key = "${var.aws_access_key}"
46 secret_key = "${var.aws_secret_key}"
47 region = "${var.region}"
48 }
49 resource "aws_vpc" "terraformmain" {
50 cidr_block = "${var.vpc-fullcidr}"
51 #### this 2 true values are for use the internal vpc dns resolution
52 enable_dns_support = true
53 enable_dns_hostnames = true
54 tags {
55 Name = "My terraform vpc"
56 }
57 }
58 ===========================================routing-and-network.tf===============
59 # Declare the data source
60 data "aws_availability_zones" "available" {}
61
62 /* EXTERNAL NETWORG , IG, ROUTE TABLE */
63 resource "aws_internet_gateway" "gw" {
64 vpc_id = "${aws_vpc.terraformmain.id}"
65 tags {
66 Name = "internet gw terraform generated"
67 }
68 }
 69 resource "aws_network_acl" "all" {
70 vpc_id = "${aws_vpc.terraformmain.id}"
71 egress {
72 protocol = "-1"
73 rule_no = 2
74 action = "allow"
75 cidr_block = "0.0.0.0/0"
76 from_port = 0
77 to_port = 0
78 }
79 ingress {
80 protocol = "-1"
81 rule_no = 1
82 action = "allow"
83 cidr_block = "0.0.0.0/0"
84 from_port = 0
85 to_port = 0
86 }
87 tags {
88 Name = "open acl"
89 }
90 }
91 resource "aws_route_table" "public" {
92 vpc_id = "${aws_vpc.terraformmain.id}"
93 tags {
94 Name = "Public"
95 }
96 route {
97 cidr_block = "0.0.0.0/0"
98 gateway_id = "${aws_internet_gateway.gw.id}"
99 }
100 }
101 resource "aws_route_table" "private" {
102 vpc_id = "${aws_vpc.terraformmain.id}"
103 tags {
104 Name = "Private"
105 }
106 route {
107 cidr_block = "0.0.0.0/0"
108 nat_gateway_id = "${aws_nat_gateway.PublicAZA.id}"
109 }
110 }
111 resource "aws_eip" "forNat" {
112 vpc = true
113 }
114 resource "aws_nat_gateway" "PublicAZA" {
115 allocation_id = "${aws_eip.forNat.id}"
116 subnet_id = "${aws_subnet.PublicAZA.id}"
117 depends_on = ["aws_internet_gateway.gw"]
118 }
119 =========================================subnets.tf===============================
120 resource "aws_subnet" "PublicAZA" {
121 vpc_id = "${aws_vpc.terraformmain.id}"
122 cidr_block = "${var.Subnet-Public-AzA-CIDR}"
123 tags {
124 Name = "PublicAZA"
125 }
126 availability_zone = "${data.aws_availability_zones.available.names[0]}"
127 }
128 resource "aws_route_table_association" "PublicAZA" {
129 subnet_id = "${aws_subnet.PublicAZA.id}"
130 route_table_id = "${aws_route_table.public.id}"
131 }
132 resource "aws_subnet" "PrivateAZA" {
133 vpc_id = "${aws_vpc.terraformmain.id}"
134 cidr_block = "${var.Subnet-Private-AzA-CIDR}"
135 tags {
136 Name = "PublicAZB"
137 }
138 availability_zone = "${data.aws_availability_zones.available.names[1]}"
139 }
140 resource "aws_route_table_association" "PrivateAZA" {
141 subnet_id = "${aws_subnet.PrivateAZA.id}"
142 route_table_id = "${aws_route_table.private.id}"
143 }
144 ===================================dns-and-dhcp.tf==============================
145 resource "aws_vpc_dhcp_options" "mydhcp" {
146 domain_name = "${var.DnsZoneName}"
147 domain_name_servers = ["AmazonProvidedDNS"]
148 tags {
149 Name = "My internal name"
150 }
151 }
152 resource "aws_vpc_dhcp_options_association" "dns_resolver" {
153 vpc_id = "${aws_vpc.terraformmain.id}"
154 dhcp_options_id = "${aws_vpc_dhcp_options.mydhcp.id}"
155 }
156 /* DNS PART ZONE AND RECORDS */
157 resource "aws_route53_zone" "main" {
158 name = "${var.DnsZoneName}"
159 vpc_id = "${aws_vpc.terraformmain.id}"
160 comment = "Managed by terraform"
161 }
162 resource "aws_route53_record" "database" {
163 zone_id = "${aws_route53_zone.main.zone_id}"
164 name = "mydatabase.${var.DnsZoneName}"
165 type = "A"
166 ttl = "300"
167 records = ["${aws_instance.database.private_ip}"]
168 }
169 ===================securitygroups.tf===============================
170 resource "aws_security_group" "FrontEnd" {
171 name = "FrontEnd"
172 tags {
173 Name = "FrontEnd"
174 }
175 description = "ONLY HTTP CONNECTION INBOUD"
176 vpc_id = "${aws_vpc.terraformmain.id}"
177 ingress {
178 from_port = 80
179 to_port = 80
180 protocol = "TCP"
181 cidr_blocks = ["0.0.0.0/0"]
182 }
183 ingress {
184 from_port = "22"
185 to_port = "22"
186 protocol = "TCP"
187 cidr_blocks = ["0.0.0.0/0"]
188 }
189 egress {
190 from_port = 0
191 to_port = 0
192 protocol = "-1"
193 cidr_blocks = ["0.0.0.0/0"]
194 } }
195 resource "aws_security_group" "Database" {
196 name = "Database"
197 tags {
198 Name = "Database"
199 }
200 description = "ONLY tcp CONNECTION INBOUND"
201 vpc_id = "${aws_vpc.terraformmain.id}"
202 ingress {
203 from_port = 3306
204 to_port = 3306
205 protocol = "TCP"
206 security_groups = ["${aws_security_group.FrontEnd.id}"]
207 }
208 ingress {
209 from_port = "22"
210 to_port = "22"
211 protocol = "TCP"
212 cidr_blocks = ["0.0.0.0/0"]
213 }
214 egress {
215 from_port = 0
216 to_port = 0
217 protocol = "-1"
218 cidr_blocks = ["0.0.0.0/0"]
219 } }
220 =========================ec2-machines.tf=================================================
221 resource "aws_instance" "phpapp" {
222 ami = "${lookup(var.AmiLinux, var.region)}"
223 instance_type = "t2.micro"
224 associate_public_ip_address = "true"
225 subnet_id = "${aws_subnet.PublicAZA.id}"
226 vpc_security_group_ids = ["${aws_security_group.FrontEnd.id}"]
227 key_name = "${var.key_name}"
228 tags {
229 Name = "phpapp"
230 }
231 user_data = <<HEREDOC
232 #!/bin/bash
233 yum update -y
234 yum install -y httpd24 php56 php56-mysqlnd
235 service httpd start
236 chkconfig httpd on
237 echo "<?php" >> /var/www/html/calldb.php
238 echo "\$conn = new mysqli('mydatabase.linuxacademy.internal', 'root', 'secret',
'test');" >> /var/www/html/calldb.php
239 echo "\$sql = 'SELECT * FROM mytable'; " >> /var/www/html/calldb.php
240 echo "\$result = \$conn->query(\$sql); " >> /var/www/html/calldb.php
241 echo "while(\$row = \$result->fetch_assoc()) { echo 'the value is: ' . \$row['mycol']
;} " >> /var/www/html/calldb.php
242 echo "\$conn->close(); " >> /var/www/html/calldb.php
243 echo "?>" >> /var/www/html/calldb.php
244 HEREDOC
245 }
246 ============================ec2-machines============================================
247 resource "aws_instance" "database" {
248 ami = "${lookup(var.AmiLinux, var.region)}"
249 instance_type = "t2.micro"
250 associate_public_ip_address = "false"
251 subnet_id = "${aws_subnet.PrivateAZA.id}"
252 vpc_security_group_ids = ["${aws_security_group.Database.id}"]
253 key_name = "${var.key_name}"
254 tags {
255 Name = "database"
256 }
257 user_data = <<HEREDOC
258 #!/bin/bash
259 yum update -y
260 yum install -y mysql55-server
261 service mysqld start
262 /usr/bin/mysqladmin -u root password 'secret'
263 mysql -u root -psecret -e "create user 'root'@'%' identified by 'secret';" mysql
264 mysql -u root -psecret -e 'CREATE TABLE mytable (mycol varchar(255));' test
265 mysql -u root -psecret -e "INSERT INTO mytable (mycol) values ('linuxacademythebest')
;" test
266 HEREDOC
267 }
268