Repository: mlabouardy/terraform-aws-labs
Branch: master
Commit: 945a5242405f
Files: 67
Total size: 38.8 KB
Directory structure:
gitextract_gpwgjukk/
├── .gitmodules
├── LICENSE
├── README.md
├── autoscalling-elb/
│ └── main.tf
├── bastion-highavailability/
│ ├── README.md
│ ├── dns.tf
│ ├── outputs.tf
│ ├── provider.tf
│ ├── resources.tf
│ ├── variables.tf
│ ├── variables.tfvars
│ └── vpc.tf
├── ci-pipeline/
│ ├── README.md
│ ├── main.tf
│ └── setup.sh
├── docker-registry/
│ ├── main.tf
│ ├── outputs.tf
│ ├── setup.sh
│ ├── variables.tf
│ └── variables.tfvars
├── docker-swarm-cluster/
│ ├── README.md
│ ├── hosts
│ ├── install-docker.sh
│ ├── outputs.tf
│ ├── playbook.yml
│ ├── provider.tf
│ ├── resources.tf
│ ├── security_groups.tf
│ └── variables.tf
├── ec2-elb/
│ ├── bootstrap-server1.sh
│ ├── bootstrap-server2.sh
│ ├── main.tf
│ └── variables.tf
├── etcd-cluster/
│ ├── README.md
│ ├── cloud-config.yml
│ ├── provider.tf
│ ├── resources.tf
│ ├── security_groups.tf
│ └── variables.tf
├── linuxkit-aws/
│ ├── aws.yml
│ ├── files/
│ │ ├── assume-role-policy.json
│ │ └── policy.tpl
│ └── main.tf
├── single-ec2-instance/
│ ├── README.md
│ └── main.tf
├── telegraf-influxdb-grafana/
│ ├── bootstrap.sh
│ ├── main.tf
│ └── variables.tf
├── tick-stack-ansible/
│ ├── README.md
│ ├── ansible/
│ │ ├── group_vars/
│ │ │ └── all
│ │ ├── inventory
│ │ └── playbook.yml
│ └── terraform/
│ ├── main.tf
│ ├── outputs.tf
│ ├── variables.tf
│ └── variables.tfvars
├── vpc-public-private-subnet/
│ ├── README.md
│ ├── install.sh
│ ├── provider.tf
│ ├── resources.tf
│ ├── variables.tf
│ └── vpc.tf
└── wordpress/
├── .gitignore
├── bootstrap.sh
├── main.tf
├── outputs.tf
└── variables.tf
================================================
FILE CONTENTS
================================================
================================================
FILE: .gitmodules
================================================
[submodule "telegraf-influxdb-grafana/telegraf-influxdb-grafana"]
path = telegraf-influxdb-grafana/telegraf-influxdb-grafana
url = https://github.com/mlabouardy/telegraf-influxdb-grafana.git
================================================
FILE: LICENSE
================================================
MIT License
Copyright (c) 2017 LABOUARDY Mohamed
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
================================================
FILE: README.md
================================================
# Terraform AWS Use cases
Terraform template for AWS provider
# How to use
- Set AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY, environment variables
```
$ export AWS_ACCESS_KEY_ID="YOUR ACCESS KEY ID"
$ export AWS_SECRET_ACCESS_KEY="YOUR SECRET ACCESS KEY"
```
# Tutorials
* <a href="http://www.labouardy.com/setting-up-an-etcd-cluster-on-aws-using-coreos-terraform/">Setting up an etcd cluster on AWS using CoreOS & Terraform</a>
* <a href="http://www.labouardy.com/setup-docker-swarm-on-aws-using-ansible-terraform/">Setup Docker Swarm on AWS using Ansible & Terraform</a>
* <a href="http://www.labouardy.com/manage-aws-vpc-as-infrastructure-as-code-with-terraform/">Manage AWS VPC as Infrastructure as Code with Terraform</a>
* <a href="http://www.labouardy.com/manage-aws-infrastracture-as-code-with-terraform/" >Manage AWS Infrastracture as Code with Terraform</a>
* <a href="http://www.blog.labouardy.com/setup-high-availability-bastion-hosts-with-route53/">Highly Available Bastion Hosts with Route53</a>
* <a href="http://www.blog.labouardy.com/highly-available-docker-registry-on-aws-with-nexus/">Highly Available Docker Registry on AWS with Nexus</a>
================================================
FILE: autoscalling-elb/main.tf
================================================
# Define launch configuration
resource "aws_launch_configuration" "previously_webcluster" {
name = "previously_webcluster"
image_id = "${var.ami-webserver}"
instance_type = "${var.instance_type}"
lifecycle {
create_before_destroy = true
}
}
resource "aws_autoscaling_group" "previously_asg" {
name = "previously_asg"
launch_configuration = "${aws_launch_configuration.previously_webcluster.name}"
min_size = 2
max_size = 3
lifecycle {
create_before_destroy = true
}
}
resource "aws_elb" "previously_elb" {
name = "previously_elb"
availability_zone = ["us-west-2a", "us-west-2b"]
subnets = ["${aws_subnet.previously_private_us_west_2a.id}", "${aws_subnet.previously_private_us_west_2b.id}"]
security_groups = ["${aws_security_group.previously_elb_sg.id}"]
listener {
instance_port = 80
instance_protocol = "http"
lb_port = 80
lb_protocol = "http"
}
health_check {
healthy_threshold = 2
unhealthy_threshold = 2
timeout = 3
target = "HTTP:80/"
interval = 30
}
cross_zone_load_balancing = true
idle_timeout = 400
connection_draining = true
connection_draining_timeout = 400
tags {
Name = "previously_elb"
}
}
================================================
FILE: bastion-highavailability/README.md
================================================
<p align="center">
<img src="http://i1.wp.com/www.blog.labouardy.com/wp-content/uploads/2017/10/bastion-1.png?w=741"/>
</p>
================================================
FILE: bastion-highavailability/dns.tf
================================================
resource "aws_route53_record" "bastion-slowcoder" {
zone_id = "${var.zone_id}"
name = "bastion.slowcoder.com"
type = "A"
ttl = "330"
records = ["${aws_eip.bastion-1a-eip.public_ip}", "${aws_eip.bastion-1b-eip.public_ip}"]
}
================================================
FILE: bastion-highavailability/outputs.tf
================================================
output "BASTION-1" {
value = "${aws_eip.bastion-1a-eip.public_ip}"
}
output "BASTION-2" {
value = "${aws_eip.bastion-1b-eip.public_ip}"
}
output "PRIVATE-EC2" {
value = "${aws_instance.private-ec2.private_ip}"
}
================================================
FILE: bastion-highavailability/provider.tf
================================================
provider "aws" {
region = "${var.region}"
}
================================================
FILE: bastion-highavailability/resources.tf
================================================
resource "aws_instance" "bastion-1a" {
ami = "${lookup(var.amis, var.region)}"
instance_type = "${var.instance_type}"
key_name = "${var.key_name}"
subnet_id = "${aws_subnet.us-east-1a-public.id}"
associate_public_ip_address = true
tags {
Name = "bastion-1a"
}
}
resource "aws_eip" "bastion-1a-eip" {
instance = "${aws_instance.bastion-1a.id}"
vpc = true
}
resource "aws_instance" "bastion-1b" {
ami = "${lookup(var.amis, var.region)}"
instance_type = "${var.instance_type}"
key_name = "${var.key_name}"
subnet_id = "${aws_subnet.us-east-1b-public.id}"
associate_public_ip_address = true
tags {
Name = "bastion-1b"
}
}
resource "aws_eip" "bastion-1b-eip" {
instance = "${aws_instance.bastion-1b.id}"
vpc = true
}
resource "aws_instance" "private-ec2" {
ami = "${lookup(var.amis, var.region)}"
instance_type = "${var.instance_type}"
key_name = "${var.key_name}"
subnet_id = "${aws_subnet.us-east-1a-private.id}"
tags {
Name = "private-ec2"
}
}
================================================
FILE: bastion-highavailability/variables.tf
================================================
variable "key_name" {}
variable "zone_id" {}
variable "region" {
description = "AWS Region"
default = "us-east-1"
}
variable "vpc_cidr" {
description = "VPC CIDR Block"
default = "10.0.0.0/16"
}
variable "us_east_1a_public_cidr" {
description = "CIDR for the public subnet"
default = "10.0.1.0/24"
}
variable "us_east_1b_public_cidr" {
description = "CIDR for the public subnet"
default = "10.0.2.0/24"
}
variable "us_east_1a_private_cidr" {
description = "CIDR for the public subnet"
default = "10.0.3.0/24"
}
variable "availability_zones" {
type = "map"
description = "Availability Zones by CIDR"
default = {
"10.0.1.0/24" = "us-east-1a"
"10.0.2.0/24" = "us-east-1b"
"10.0.3.0/24" = "us-east-1a"
}
}
variable "amis" {
type = "map"
description = "AMIs by region"
default = {
us-east-1 = "ami-4fffc834"
}
}
variable "instance_type" {
description = "EC2 instance type"
default = "t2.micro"
}
================================================
FILE: bastion-highavailability/variables.tfvars
================================================
key_name=""
zone_id=""
================================================
FILE: bastion-highavailability/vpc.tf
================================================
resource "aws_vpc" "default" {
cidr_block = "${var.vpc_cidr}"
enable_dns_hostnames = true
tags {
Name = "testing"
}
}
resource "aws_subnet" "us-east-1a-public" {
vpc_id = "${aws_vpc.default.id}"
cidr_block = "${var.us_east_1a_public_cidr}"
availability_zone = "${lookup(var.availability_zones, var.us_east_1a_public_cidr)}"
tags {
Name = "us-east-1a-public"
}
}
resource "aws_subnet" "us-east-1b-public" {
vpc_id = "${aws_vpc.default.id}"
cidr_block = "${var.us_east_1b_public_cidr}"
availability_zone = "${lookup(var.availability_zones, var.us_east_1b_public_cidr)}"
tags {
Name = "us-east-1b-public"
}
}
resource "aws_subnet" "us-east-1a-private" {
vpc_id = "${aws_vpc.default.id}"
cidr_block = "${var.us_east_1a_private_cidr}"
availability_zone = "${lookup(var.availability_zones, var.us_east_1a_private_cidr)}"
tags {
Name = "us-east-1a-private"
}
}
resource "aws_internet_gateway" "default" {
vpc_id = "${aws_vpc.default.id}"
tags {
Name = "igw"
}
}
resource "aws_route_table" "default" {
vpc_id = "${aws_vpc.default.id}"
route {
cidr_block = "0.0.0.0/0"
gateway_id = "${aws_internet_gateway.default.id}"
}
tags {
Name = "public-rt"
}
}
resource "aws_route_table_association" "1a-public-rt" {
subnet_id = "${aws_subnet.us-east-1a-public.id}"
route_table_id = "${aws_route_table.default.id}"
}
resource "aws_route_table_association" "1b-public-rt" {
subnet_id = "${aws_subnet.us-east-1b-public.id}"
route_table_id = "${aws_route_table.default.id}"
}
================================================
FILE: ci-pipeline/README.md
================================================
================================================
FILE: ci-pipeline/main.tf
================================================
provider "aws" {
region = "${var.region}"
access_key = "${var.access_key}"
secret_key = "${var.secret_key}"
}
// SSH KeyPair
resource "aws_key_pair" "default" {
key_name = "registry"
public_key = "${file("${var.ssh_public_key}")}"
}
// Jenkins Master
resource "aws_instance" "ci-master" {
ami = "${lookup()}"
instance_type = "${var.instance_type}"
key_name = "${aws_key_pair.default.id}"
security_groups = ["${aws_security_group.default.name}"]
user_data = "${file("setup.sh")}"
tags {
Name = "ci-master"
}
}
// Jenkins Slave
resource "aws_instance" "ci-slave" {
ami = "${lookup()}"
instance_type = "${var.instance_type}"
key_name = "${aws_key_pair.default.id}"
tags {
Name = "ci-slave"
}
}
// Deployment Environment
resource "aws_instance" "node" {
count = 3
ami = "${lookup()}"
instance_type = "${var.instance_type}"
key_name = "${aws_key_pair.default.id}"
tags {
Name = "node-${count.index}"
}
}
================================================
FILE: ci-pipeline/setup.sh
================================================
#!/bin/sh
yum update -y
yum install -y docker
service docker start
usermod -aG docker ec2-user
================================================
FILE: docker-registry/main.tf
================================================
provider "aws" {
region = "${var.region}"
secret_key = "${var.secret_key}"
access_key = "${var.access_key}"
}
resource "aws_security_group" "default" {
name = "registry_security_group"
description = "Allow access to Nexus dashboard & traffic on port 5000"
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 8081
to_port = 8081
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 5000
to_port = 5000
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = -1
cidr_blocks = ["0.0.0.0/0"]
}
tags {
Name = "registry_security_group"
}
}
resource "aws_key_pair" "default" {
key_name = "registry"
public_key = "${file("${var.ssh_public_key}")}"
}
resource "aws_eip" "default" {
instance = "${aws_instance.default.id}"
vpc = true
}
resource "aws_instance" "default" {
ami = "${lookup(var.amis, var.region)}"
instance_type = "${var.instance_type}"
key_name = "${aws_key_pair.default.id}"
security_groups = ["${aws_security_group.default.name}"]
user_data = "${file("setup.sh")}"
tags {
Name = "registry"
}
}
resource "aws_route53_record" "default" {
zone_id = "${var.dns_zone_id}"
name = "${var.dns_name}"
type = "A"
ttl = "300"
records = ["${aws_eip.default.public_ip}"]
}
================================================
FILE: docker-registry/outputs.tf
================================================
output "Registry IP" {
value = "${aws_eip.default.public_ip}"
}
================================================
FILE: docker-registry/setup.sh
================================================
#!/bin/sh
yum update -y
yum install -y docker
service docker start
usermod -aG docker ec2-user
docker swarm init
docker service create --replicas 1 --name registry --publish 5000:5000 --publish 8081:8081 sonatype/nexus3:3.6.2
================================================
FILE: docker-registry/variables.tf
================================================
variable "region" {}
variable "secret_key" {}
variable "access_key" {}
variable "ssh_public_key" {}
variable "dns_zone_id" {}
variable "instance_type" {
default = "t2.medium"
}
variable "amis" {
type = "map"
description = "Amazon Linux Image"
default = {
"us-east-1" = "ami-55ef662f"
"us-east-2" = "ami-15e9c770"
"eu-west-2" = "ami-e7d6c983"
"eu-west-1" = "ami-1a962263"
"ap-south-1" = "ami-d5c18eba"
}
}
variable "dns_name" {
default = "registry.slowcoder.com"
}
================================================
FILE: docker-registry/variables.tfvars
================================================
region = "YOUR AWS REGION"
secret_key = "YOUR AWS SECRET KEY"
access_key = "YOUR AWS ACCESS KEY ID"
ssh_public_key = "YOUR SSH PUBLIC KEY (.pub)"
dns_zone_id = "YOUR ROUTE53 DNS ZONE ID"
================================================
FILE: docker-swarm-cluster/README.md
================================================
<p align="center">
<img src="http://i0.wp.com/www.blog.labouardy.com/wp-content/uploads/2017/08/swarm_ansible_terraform_aws.png?w=462"/>
</p>
How to setup a docker swarm cluster in action is shown below:
[](https://asciinema.org/a/135278)
================================================
FILE: docker-swarm-cluster/hosts
================================================
[masters]
[workers]
================================================
FILE: docker-swarm-cluster/install-docker.sh
================================================
#!/bin/sh
yum update
yum install -y docker
service docker start
usermod -aG docker ec2-user
================================================
FILE: docker-swarm-cluster/outputs.tf
================================================
output "MASTER" {
value = "${aws_instance.master.public_ip}"
}
output "WORKER1" {
value = "${aws_instance.worker1.public_ip}"
}
output "WORKER2" {
value = "${aws_instance.worker2.public_ip}"
}
================================================
FILE: docker-swarm-cluster/playbook.yml
================================================
---
- name: Init Swarm Master
hosts: masters
gather_facts: False
remote_user: ec2-user
tasks:
- name: Swarm Init
command: docker swarm init --advertise-addr {{ inventory_hostname }}
- name: Get Worker Token
command: docker swarm join-token worker -q
register: worker_token
- name: Show Worker Token
debug: var=worker_token.stdout
- name: Master Token
command: docker swarm join-token manager -q
register: master_token
- name: Show Master Token
debug: var=master_token.stdout
- name: Join Swarm Cluster
hosts: workers
remote_user: ec2-user
gather_facts: False
vars:
token: "{{ hostvars[groups['masters'][0]]['worker_token']['stdout'] }}"
master: "{{ hostvars[groups['masters'][0]]['inventory_hostname'] }}"
tasks:
- name: Join Swarm Cluster as a Worker
command: docker swarm join --token {{ token }} {{ master }}:2377
register: worker
- name: Show Results
debug: var=worker.stdout
- name: Show Errors
debug: var=worker.stderr
================================================
FILE: docker-swarm-cluster/provider.tf
================================================
provider "aws" {
region = "${var.aws_region}"
}
================================================
FILE: docker-swarm-cluster/resources.tf
================================================
resource "aws_key_pair" "default"{
key_name = "clusterkp"
public_key = "${file("${var.key_path}")}"
}
resource "aws_instance" "master" {
ami = "${var.ami}"
instance_type = "${var.instance_type}"
key_name = "${aws_key_pair.default.id}"
user_data = "${file("${var.bootstrap_path}")}"
vpc_security_group_ids = ["${aws_security_group.default.id}"]
tags {
Name = "master"
}
}
resource "aws_instance" "worker1" {
ami = "${var.ami}"
instance_type = "${var.instance_type}"
key_name = "${aws_key_pair.default.id}"
user_data = "${file("${var.bootstrap_path}")}"
vpc_security_group_ids = ["${aws_security_group.default.id}"]
tags {
Name = "worker 1"
}
}
resource "aws_instance" "worker2" {
ami = "${var.ami}"
instance_type = "${var.instance_type}"
key_name = "${aws_key_pair.default.id}"
user_data = "${file("${var.bootstrap_path}")}"
vpc_security_group_ids = ["${aws_security_group.default.id}"]
tags {
Name = "worker 2"
}
}
================================================
FILE: docker-swarm-cluster/security_groups.tf
================================================
resource "aws_security_group" "default" {
name = "sgswarmcluster"
# Allow all inbound
ingress {
from_port = 0
to_port = 65535
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 65535
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
# Enable ICMP
ingress {
from_port = -1
to_port = -1
protocol = "icmp"
cidr_blocks = ["0.0.0.0/0"]
}
}
================================================
FILE: docker-swarm-cluster/variables.tf
================================================
variable "aws_region" {
description = "AWS region on which we will setup the swarm cluster"
default = "us-east-1"
}
variable "ami" {
description = "Amazon Linux AMI"
default = "ami-4fffc834"
}
variable "instance_type" {
description = "Instance type"
default = "t2.micro"
}
variable "key_path" {
description = "SSH Public Key path"
default = "/home/core/.ssh/id_rsa.pub"
}
variable "bootstrap_path" {
description = "Script to install Docker Engine"
default = "install-docker.sh"
}
================================================
FILE: ec2-elb/bootstrap-server1.sh
================================================
#!/bin/sh
yum install -y httpd
service start httpd
chkconfig httpd on
echo "hello world server 1" > /var/www/html/index.html
================================================
FILE: ec2-elb/bootstrap-server2.sh
================================================
#!/bin/sh
yum install -y httpd
service start httpd
chkconfig httpd on
echo "hello world server 2" > /var/www/html/index.html
================================================
FILE: ec2-elb/main.tf
================================================
provider "aws" {
region = "${var.region}"
}
resource "aws_security_group" "default" {
name = "ec2-elb-sg"
ingress {
from_port = 0
to_port = 65535
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 65535
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = -1
to_port = -1
protocol = "icmp"
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "aws_key_pair" "default" {
key_name = "ec2-elb-key"
public_key = "${file("${var.key_path}")}"
}
resource "aws_instance" "server1" {
ami = "${var.ami}"
instance_type = "${var.instance_type}"
key_name = "${aws_key_pair.default.id}"
security_groups = ["${aws_security_group.default.name}"]
user_data = "${file("bootstrap-server1.sh")}"
tags {
Name = "server1"
}
}
resource "aws_instance" "server2" {
ami = "${var.ami}"
instance_type = "${var.instance_type}"
key_name = "${aws_key_pair.default.id}"
security_groups = ["${aws_security_group.default.name}"]
user_data = "${file("bootstrap-server2.sh")}"
tags {
Name = "server2"
}
}
resource "aws_elb" "default" {
name = "ec2-elb"
instances = ["${aws_instance.server1.id}", "${aws_instance.server2.id}"]
availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"]
listener {
instance_port = 80
instance_protocol = "tcp"
lb_port = 80
lb_protocol = "tcp"
}
health_check {
target = "HTTP:80/"
healthy_threshold = 2
unhealthy_threshold = 2
interval = 30
timeout = 5
}
tags {
Name = "ec2-elb"
}
}
================================================
FILE: ec2-elb/variables.tf
================================================
variable "region" {
description = "AWS Region"
default = "us-east-1"
}
variable "key_path" {
description = "Public key path"
default = "/root/.ssh/id_rsa.pub"
}
variable "ami" {
description = "AMI"
default = "ami-4fffc834"
}
variable "instance_type" {
description = "EC2 instance type"
default = "t2.micro"
}
================================================
FILE: etcd-cluster/README.md
================================================
<p align="center">
<img src="http://i2.wp.com/www.blog.labouardy.com/wp-content/uploads/2017/08/etcd_cluster.png?w=462"/>
</p>
How to setup an etcd cluster on AWS is shown below:
[](https://asciinema.org/a/135407)
================================================
FILE: etcd-cluster/cloud-config.yml
================================================
#cloud-config
write_files:
- path: /tmp/done
owner: core:core
permissions: 0644
content: |
Cloud config has been provisionned
coreos:
etcd2:
discovery: "https://discovery.etcd.io/b0d368f43a40eeb76b98efea9bb4055c"
advertise-client-urls: "http://$private_ipv4:2379"
initial-advertise-peer-urls: "http://$private_ipv4:2380"
listen-client-urls: "http://$private_ipv4:2379,http://127.0.0.1:2379"
listen-peer-urls: "http://$private_ipv4:2380"
update:
reboot-strategy: off
units:
- name: etcd2.service
command: start
================================================
FILE: etcd-cluster/provider.tf
================================================
provider "aws" {
region = "${var.region}"
}
================================================
FILE: etcd-cluster/resources.tf
================================================
resource "aws_key_pair" "default" {
key_name = "etcdcluster"
public_key = "${file("${var.key_path}")}"
}
resource "aws_instance" "node1" {
ami = "${var.ami}"
instance_type = "${var.instance_type}"
key_name = "${aws_key_pair.default.id}"
vpc_security_group_ids = ["${aws_security_group.default.id}"]
user_data = "${file("cloud-config.yml")}"
tags {
Name = "node1"
}
}
resource "aws_instance" "node2" {
ami = "${var.ami}"
instance_type = "${var.instance_type}"
key_name = "${aws_key_pair.default.id}"
vpc_security_group_ids = ["${aws_security_group.default.id}"]
user_data = "${file("cloud-config.yml")}"
tags {
Name = "node2"
}
}
resource "aws_instance" "node3" {
ami = "${var.ami}"
instance_type = "${var.instance_type}"
key_name = "${aws_key_pair.default.id}"
vpc_security_group_ids = ["${aws_security_group.default.id}"]
user_data = "${file("cloud-config.yml")}"
tags {
Name = "node3"
}
}
================================================
FILE: etcd-cluster/security_groups.tf
================================================
resource "aws_security_group" "default" {
name = "etcdclustersg"
ingress {
from_port = 0
to_port = 65535
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 65535
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = -1
to_port = -1
protocol = "icmp"
cidr_blocks = ["0.0.0.0/0"]
}
}
================================================
FILE: etcd-cluster/variables.tf
================================================
variable "region" {
description = "AWS Region"
default = "us-east-1"
}
variable "ami" {
description = "CoreOS AMI"
default = "ami-38714c43"
}
variable "instance_type" {
description = "Instance type"
default = "t1.micro"
}
variable "key_path" {
description = "SSH public key path"
default = "/home/core/.ssh/id_rsa.pub"
}
================================================
FILE: linuxkit-aws/aws.yml
================================================
kernel:
image: linuxkit/kernel:4.9.39
cmdline: "console=ttyS0"
init:
- linuxkit/init:838b772355a8690143b37de1cdd4ac5db725271f
- linuxkit/runc:d5cbeb95bdafedb82ad2cf11cff1a5da7fcae630
- linuxkit/containerd:e33e0534d6fca88e1eb86897a1ea410b4a5d722e
- linuxkit/ca-certificates:67acf038c44bb191ebb704ec7bb39a1524052cdf
onboot:
- name: sysctl
image: linuxkit/sysctl:d1a43c7c91e92374766f962dc8534cf9508756b0
- name: dhcpcd
image: linuxkit/dhcpcd:17423c1ccced74e3c005fd80486e8177841fe02b
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
- name: metadata
image: linuxkit/metadata:f5d4299909b159db35f72547e4ae70bd76c42c6c
services:
- name: rngd
image: linuxkit/rngd:1516d5d70683a5d925fe475eb1b6164a2f67ac3b
- name: sshd
image: linuxkit/sshd:5dc5c3c4470c85f6c89f0e26b9d477ae4ff85a3c
binds:
- /var/config/ssh/authorized_keys:/root/.ssh/authorized_keys
trust:
org:
- linuxkit
- library
================================================
FILE: linuxkit-aws/files/assume-role-policy.json
================================================
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": { "Service": "vmie.amazonaws.com" },
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals":{
"sts:Externalid": "vmimport"
}
}
}
]
}
================================================
FILE: linuxkit-aws/files/policy.tpl
================================================
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::${bucket}"
]
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::${bucket}/*"
]
},
{
"Effect": "Allow",
"Action":[
"ec2:ModifySnapshotAttribute",
"ec2:CopySnapshot",
"ec2:RegisterImage",
"ec2:Describe*"
],
"Resource": "*"
}
]
}
================================================
FILE: linuxkit-aws/main.tf
================================================
provider "aws" {
region = "us-east-1"
}
data "template_file" "policy" {
template = "${file("files/policy.tpl")}"
vars {
bucket = "${aws_s3_bucket.disk_image_bucket.id}"
}
}
################## S3 ###################
resource "aws_s3_bucket" "disk_image_bucket" {
bucket_prefix = "vmimport"
}
################## IAM ##################
resource "aws_iam_role" "vmimport" {
name = "vmimport"
assume_role_policy = "${file("files/assume-role-policy.json")}"
}
resource "aws_iam_role_policy" "import_disk_image" {
name = "import_disk_image"
role = "${aws_iam_role.vmimport.name}"
policy = "${data.template_file.policy.rendered}"
}
================================================
FILE: single-ec2-instance/README.md
================================================
<p align="center">
<img src="http://i1.wp.com/www.blog.labouardy.com/wp-content/uploads/2017/08/terraform.png?w=472">
</p>
================================================
FILE: single-ec2-instance/main.tf
================================================
provider "aws" {
region = "us-east-1"
}
resource "aws_key_pair" "mysshkey" {
key_name = "mysshkey"
public_key = "${file("/home/core/.ssh/id_rsa.pub")}"
}
resource "aws_instance" "node1" {
ami = "ami-a4c7edb2"
instance_type = "t2.micro"
key_name = "mysshkey"
tags {
Name = "node1"
}
}
================================================
FILE: telegraf-influxdb-grafana/bootstrap.sh
================================================
#!/bin/sh
yum update
yum install -y docker curl
service docker start
usermod -aG docker ec2-user
curl -L https://github.com/docker/compose/releases/download/1.15.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
================================================
FILE: telegraf-influxdb-grafana/main.tf
================================================
provider "aws" {
region = "${var.region}"
}
resource "aws_security_group" "default"{
name = "metricssg"
ingress {
from_port = 0
to_port = 65535
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 65535
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = -1
to_port = -1
protocol = "icmp"
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "aws_key_pair" "default" {
key_name = "metricskp"
public_key = "${file("${var.key_path}/id_rsa.pub")}"
}
resource "aws_instance" "default" {
ami = "${var.ami}"
instance_type = "${var.instance_type}"
key_name = "${aws_key_pair.default.id}"
security_groups = ["${aws_security_group.default.name}"]
user_data = "${file("${var.bootstrap_script}")}"
tags {
Name = "athena"
}
provisioner "file" {
source = "telegraf-influxdb-grafana/"
destination = "/home/ec2-user/"
connection {
type = "ssh"
user = "ec2-user"
private_key = "${file("${var.key_path}/id_rsa")}"
}
}
}
================================================
FILE: telegraf-influxdb-grafana/variables.tf
================================================
variable "region" {
description = "AWS Region"
default = "us-east-1"
}
variable "ami" {
description = "Amazon Linux Image"
default = "ami-4fffc834"
}
variable "instance_type" {
description = "Instance type"
default = "t2.micro"
}
variable "key_path" {
description = "SSH key path"
default = "/home/core/.ssh/"
}
variable "bootstrap_script" {
description = "Shell script to install docker & compose"
default = "bootstrap.sh"
}
================================================
FILE: tick-stack-ansible/README.md
================================================
# TICK Stack
* Telegraf
* InfluxDB
* Chronograf
* Kapacitor
<p align="center">
<img src="logo.png" width="70%"/>
</p>
# How to use
## Terraform
* Update variables.tfvars with your own AWS credentials
* Install AWS plugin:
```
$ terraform init
```
* Create the AWS resources:
```
$ terraform apply -var-file=variables.tfvars
```
## Ansible
* Install Role:
```
$ ansible-galaxy install mlabouardy.tick
```
* Execute playbook:
```
$ ansible-playbook --private-key=aws.pem -i inventory playbook.yml
```
================================================
FILE: tick-stack-ansible/ansible/group_vars/all
================================================
---
remote_user: ubuntu
================================================
FILE: tick-stack-ansible/ansible/inventory
================================================
[servers]
================================================
FILE: tick-stack-ansible/ansible/playbook.yml
================================================
---
- name: Setup TICK Stack
hosts: servers
remote_user: "{{remote_user}}"
become: yes
become_method: sudo
roles:
- mlabouardy.tick
================================================
FILE: tick-stack-ansible/terraform/main.tf
================================================
provider "aws" {
region = "${var.region}"
access_key = "${var.access_key}"
secret_key = "${var.secret_key}"
}
module "tick_sg" {
source = "github.com/terraform-aws-modules/terraform-aws-security-group"
name = "${var.sg_name}"
description = "${var.sg_description}"
vpc_id = "${var.vpc_id}"
ingress_with_cidr_blocks = [
{
from_port = 8083
to_port = 8083
protocol = "tcp"
description = "InfluxDB admin dashboard"
cidr_blocks = "0.0.0.0/0"
},
{
from_port = 8086
to_port = 8086
protocol = "tcp"
description = "InfluxDB API"
cidr_blocks = "0.0.0.0/0"
},
{
from_port = 8888
to_port = 8888
protocol = "tcp"
description = "Chronograf Dashboard"
cidr_blocks = "0.0.0.0/0"
},
{
from_port = 22
to_port = 22
protocol = "tcp"
description = "SSH access"
cidr_blocks = "0.0.0.0/0"
},
]
egress_with_cidr_blocks = [
{
from_port = 0
to_port = 65535
protocol = "tcp"
description = "Allow all outbound traffic"
cidr_blocks = "0.0.0.0/0"
},
]
}
module "tick_stack" {
source = "github.com/terraform-aws-modules/terraform-aws-ec2-instance"
name = "${var.hostname}"
ami = "${var.ami}"
key_name = "${var.key_name}"
instance_type = "${var.instance_type}"
vpc_security_group_ids = ["${module.tick_sg.this_security_group_id}"]
tags {
Name = "${var.hostname}"
}
}
================================================
FILE: tick-stack-ansible/terraform/outputs.tf
================================================
output "instance_public_dns" {
value = "${module.tick_stack.public_dns[0]}"
}
================================================
FILE: tick-stack-ansible/terraform/variables.tf
================================================
variable "region" {
description = "AWS Region"
}
variable "access_key" {
description = "AWS Access Key ID"
}
variable "secret_key" {
description = "AWS Secret Key"
}
variable "key_name" {
description = "SSH KeyPair"
}
variable "vpc_id" {
description = "ID of the VPC where to create security group"
}
variable "hostname" {
description = "EC2 hostname"
default = "tick_stack"
}
variable "ami" {
description = "Ubuntu Server 16.04 LTS"
default = "ami-da05a4a0"
}
variable "instance_type" {
description = "EC2 Instance Type"
default = "t2.micro"
}
variable "sg_name" {
description = "Security Group name"
default = "tick_sg"
}
variable "sg_description" {
description = "SG description"
default = "Allow InfluxDB, Chronograf & SSH access"
}
================================================
FILE: tick-stack-ansible/terraform/variables.tfvars
================================================
region = "AWS REGION"
access_key = "YOUR AWS ACCESS KEY ID"
secret_key = "YOUR AWS SECRET KEY"
key_name = "YOUR SSH KEY PAIR"
vpc_id = "YOUR VPC ID"
================================================
FILE: vpc-public-private-subnet/README.md
================================================
<p align="center">
<img src="http://i0.wp.com/www.blog.labouardy.com/wp-content/uploads/2017/08/vpc_tf-1.png?w=462"/>
</p>
How to use in action is shown below:
[](https://asciinema.org/a/134951)
================================================
FILE: vpc-public-private-subnet/install.sh
================================================
#!/bin/sh
yum install -y httpd
service start httpd
chkonfig httpd on
echo "<html><h1>Hello from mlabouardy ^^</h2></html>" > /var/www/html/index.html
================================================
FILE: vpc-public-private-subnet/provider.tf
================================================
# Define AWS as our provider
provider "aws" {
region = "${var.aws_region}"
}
================================================
FILE: vpc-public-private-subnet/resources.tf
================================================
# Define SSH key pair for our instances
resource "aws_key_pair" "default" {
key_name = "vpctestkeypair"
public_key = "${file("${var.key_path}")}"
}
# Define webserver inside the public subnet
resource "aws_instance" "wb" {
ami = "${var.ami}"
instance_type = "t1.micro"
key_name = "${aws_key_pair.default.id}"
subnet_id = "${aws_subnet.public-subnet.id}"
vpc_security_group_ids = ["${aws_security_group.sgweb.id}"]
associate_public_ip_address = true
source_dest_check = false
user_data = "${file("install.sh")}"
tags {
Name = "webserver"
}
}
# Define database inside the private subnet
resource "aws_instance" "db" {
ami = "${var.ami}"
instance_type = "t1.micro"
key_name = "${aws_key_pair.default.id}"
subnet_id = "${aws_subnet.private-subnet.id}"
vpc_security_group_ids = ["${aws_security_group.sgdb.id}"]
source_dest_check = false
tags {
Name = "database"
}
}
================================================
FILE: vpc-public-private-subnet/variables.tf
================================================
variable "aws_region" {
description = "Region for the VPC"
default = "us-east-1"
}
variable "vpc_cidr" {
description = "CIDR for the VPC"
default = "10.0.0.0/16"
}
variable "public_subnet_cidr" {
description = "CIDR for the public subnet"
default = "10.0.1.0/24"
}
variable "private_subnet_cidr" {
description = "CIDR for the private subnet"
default = "10.0.2.0/24"
}
variable "ami" {
description = "AMI for EC2"
default = "ami-4fffc834"
}
variable "key_path" {
description = "SSH Public Key path"
default = "/home/core/.ssh/id_rsa.pub"
}
================================================
FILE: vpc-public-private-subnet/vpc.tf
================================================
# Define our VPC
resource "aws_vpc" "default" {
cidr_block = "${var.vpc_cidr}"
enable_dns_hostnames = true
tags {
Name = "test-vpc"
}
}
# Define the public subnet
resource "aws_subnet" "public-subnet" {
vpc_id = "${aws_vpc.default.id}"
cidr_block = "${var.public_subnet_cidr}"
availability_zone = "us-east-1a"
tags {
Name = "Web Public Subnet"
}
}
# Define the private subnet
resource "aws_subnet" "private-subnet" {
vpc_id = "${aws_vpc.default.id}"
cidr_block = "${var.private_subnet_cidr}"
availability_zone = "us-east-1b"
tags {
Name = "Database Private Subnet"
}
}
# Define the internet gateway
resource "aws_internet_gateway" "gw" {
vpc_id = "${aws_vpc.default.id}"
tags {
Name = "VPC IGW"
}
}
# Define the route table
resource "aws_route_table" "web-public-rt" {
vpc_id = "${aws_vpc.default.id}"
route {
cidr_block = "0.0.0.0/0"
gateway_id = "${aws_internet_gateway.gw.id}"
}
tags {
Name = "Public Subnet RT"
}
}
# Assign the route table to the public Subnet
resource "aws_route_table_association" "web-public-rt" {
subnet_id = "${aws_subnet.public-subnet.id}"
route_table_id = "${aws_route_table.web-public-rt.id}"
}
# Define the security group for public subnet
resource "aws_security_group" "sgweb" {
name = "vpc_test_web"
description = "Allow incoming HTTP connections & SSH access"
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = -1
to_port = -1
protocol = "icmp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
vpc_id="${aws_vpc.default.id}"
tags {
Name = "Web Server SG"
}
}
# Define the security group for private subnet
resource "aws_security_group" "sgdb"{
name = "sg_test_web"
description = "Allow traffic from public subnet"
ingress {
from_port = 3306
to_port = 3306
protocol = "tcp"
cidr_blocks = ["${var.public_subnet_cidr}"]
}
ingress {
from_port = -1
to_port = -1
protocol = "icmp"
cidr_blocks = ["${var.public_subnet_cidr}"]
}
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["${var.public_subnet_cidr}"]
}
vpc_id = "${aws_vpc.default.id}"
tags {
Name = "DB SG"
}
}
================================================
FILE: wordpress/.gitignore
================================================
terraform.tfvars
================================================
FILE: wordpress/bootstrap.sh
================================================
#/bin/sh
yum install -y httpd php php-zlib php-iconv php-gd php-mbstring php-fileinfo php-curl php-mysql
chkconfig httpd on
cd /var/www
wget www.wordpress.org/latest.zip
unzip latest.zip
rm latest.zip
mv wordpress/* html/
rm -r wordpress
chown -R apache:apache html/
apachectl start
================================================
FILE: wordpress/main.tf
================================================
provider "aws" {
region = "${var.region}"
}
resource "aws_vpc" "default" {
cidr_block = "${var.vpc_cidr_block}"
enable_dns_hostnames = true
tags {
Name = "vpc-blog"
}
}
resource "aws_subnet" "public-subnet1" {
cidr_block = "${var.public_subnet1_cidr_block}"
vpc_id = "${aws_vpc.default.id}"
availability_zone = "${var.public_subnet1_az}"
tags {
Name = "public-subnet-${var.public_subnet1_az}"
}
}
resource "aws_subnet" "public-subnet2" {
cidr_block = "${var.public_subnet2_cidr_block}"
vpc_id = "${aws_vpc.default.id}"
availability_zone = "${var.public_subnet2_az}"
tags {
Name = "public-subnet-${var.public_subnet2_az}"
}
}
resource "aws_subnet" "private-subnet1" {
cidr_block = "${var.private_subnet1_cidr_block}"
vpc_id = "${aws_vpc.default.id}"
availability_zone = "${var.private_subnet1_az}"
tags {
Name = "private-subnet-${var.private_subnet1_az}"
}
}
resource "aws_subnet" "private-subnet2" {
cidr_block = "${var.private_subnet2_cidr_block}"
vpc_id = "${aws_vpc.default.id}"
availability_zone = "${var.private_subnet2_az}"
tags {
Name = "private-subnet-${var.private_subnet2_az}"
}
}
resource "aws_internet_gateway" "igw" {
vpc_id = "${aws_vpc.default.id}"
tags {
Name = "WP Internet Gateway"
}
}
resource "aws_route_table" "default" {
vpc_id = "${aws_vpc.default.id}"
route {
cidr_block = "0.0.0.0/0"
gateway_id = "${aws_internet_gateway.igw.id}"
}
tags {
Name = "Route table for Public subnet"
}
}
resource "aws_route_table_association" "rt-asso-public-subnet1" {
subnet_id = "${aws_subnet.public-subnet1.id}"
route_table_id = "${aws_route_table.default.id}"
}
resource "aws_route_table_association" "rt-asso-public-subnet2" {
subnet_id = "${aws_subnet.public-subnet2.id}"
route_table_id = "${aws_route_table.default.id}"
}
resource "aws_security_group" "wpsg" {
name = "wpsg"
description = "Allow Incoming HTTP traffic"
vpc_id = "${aws_vpc.default.id}"
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags {
Name = "blog-security-group"
}
}
resource "aws_security_group" "elbsg" {
name = "elbsg"
description = "Allow Incoming HTTP traffic"
vpc_id = "${aws_vpc.default.id}"
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags {
Name = "elb-security-group"
}
}
resource "aws_security_group" "dbsg" {
name = "dbsg"
description = "Allow access to MySQL from WP"
vpc_id = "${aws_vpc.default.id}"
ingress {
from_port = 3306
to_port = 3306
protocol = "tcp"
security_groups = ["${aws_security_group.wpsg.id}"]
}
tags {
Name = "db-security-group"
}
}
resource "aws_key_pair" "default" {
key_name = "blogkey"
public_key = "${file("${var.key_path}")}"
}
resource "aws_instance" "wb1" {
ami = "${var.ami}"
instance_type = "${var.instance_type}"
key_name = "${aws_key_pair.default.id}"
user_data = "${file("bootstrap.sh")}"
vpc_security_group_ids = ["${aws_security_group.wpsg.id}"]
subnet_id = "${aws_subnet.public-subnet1.id}"
associate_public_ip_address = true
tags {
Name = "wordpress-${var.public_subnet1_az}"
}
}
resource "aws_instance" "wb2" {
ami = "${var.ami}"
instance_type = "${var.instance_type}"
key_name = "${aws_key_pair.default.id}"
user_data = "${file("bootstrap.sh")}"
vpc_security_group_ids = ["${aws_security_group.wpsg.id}"]
subnet_id = "${aws_subnet.public-subnet2.id}"
associate_public_ip_address = true
tags {
Name = "wordpress-${var.public_subnet2_az}"
}
}
resource "aws_db_subnet_group" "default" {
name = "db-subnet-group"
description = "RDS Subnet Group"
subnet_ids = ["${aws_subnet.private-subnet1.id}", "${aws_subnet.private-subnet2.id}"]
tags {
Name = "DB Subnet Group"
}
}
resource "aws_db_instance" "default" {
name = "${var.db_name}"
engine = "${var.engine}"
engine_version = "5.6.35"
storage_type = "gp2"
allocated_storage = 5
instance_class = "db.t2.micro"
username = "${var.db_username}"
password = "${var.db_password}"
vpc_security_group_ids = ["${aws_security_group.dbsg.id}"]
db_subnet_group_name = "${aws_db_subnet_group.default.id}"
}
resource "aws_elb" "default" {
name = "elbwp"
instances = ["${aws_instance.wb1.id}", "${aws_instance.wb2.id}"]
subnets = ["${aws_subnet.public-subnet1.id}", "${aws_subnet.public-subnet2.id}"]
security_groups = ["${aws_security_group.elbsg.id}"]
cross_zone_load_balancing = true
idle_timeout = 400
connection_draining = true
connection_draining_timeout = 400
listener {
instance_port = 80
instance_protocol = "tcp"
lb_port = 80
lb_protocol = "tcp"
}
health_check {
healthy_threshold = 2
unhealthy_threshold = 2
timeout = 3
target = "HTTP:80/"
interval = 30
}
}
================================================
FILE: wordpress/outputs.tf
================================================
output "ELB_DNS" {
value = "${aws_elb.default.dns_name}"
}
output "Blog_DNS" {
value = "${aws_instance.default.public_dns}"
}
output "MYSQL_DNS" {
value = "${aws_db_instance.default.dns_name}"
}
================================================
FILE: wordpress/variables.tf
================================================
variable "region" {
description = "VPC Region"
default = "us-east-1"
}
variable "vpc_cidr_block" {
description = "VPC CIDR"
default = "10.0.0.0/16"
}
variable "public_subnet1_cidr_block" {
description = "Public Subnet 1 CIDR"
default = "10.0.1.0/24"
}
variable "public_subnet2_cidr_block" {
description = "Public Subnet 2 CIDR"
default = "10.0.2.0/24"
}
variable "private_subnet1_cidr_block" {
description = "Private Subnet 1 CIDR"
default = "10.0.3.0/24"
}
variable "private_subnet2_cidr_block" {
description = "Private Subnet 2 CIDR"
default = "10.0.4.0/24"
}
variable "public_subnet1_az" {
description = "Public Subnet 1 Availability Zone"
default = "us-east-1a"
}
variable "public_subnet1_az" {
description = "Public Subnet 2 Availability Zone"
default = "us-east-1b"
}
variable "private_subnet1_az" {
description = "Private Subnet 1 Availability Zone"
default = "us-east-1c"
}
variable "private_subnet2_az" {
description = "Private Subnet 2 Availability Zone"
default = "us-east-1d"
}
variable "key_path" {
description = "Public Key path"
}
variable "ami" {
description = "Amazon Linux Image"
default = "ami-4fffc834"
}
variable "instance_type" {
description = "Server Instance Type"
default = "t2.micro"
}
variable "engine" {
description = "RDS Engine"
default = "mysql"
}
variable "db_name" {
description = "Database Name"
default = "mydb"
}
variable "db_username" {
description = "Database Username"
}
variable "db_password" {
description = "Database Password"
}
gitextract_gpwgjukk/
├── .gitmodules
├── LICENSE
├── README.md
├── autoscalling-elb/
│ └── main.tf
├── bastion-highavailability/
│ ├── README.md
│ ├── dns.tf
│ ├── outputs.tf
│ ├── provider.tf
│ ├── resources.tf
│ ├── variables.tf
│ ├── variables.tfvars
│ └── vpc.tf
├── ci-pipeline/
│ ├── README.md
│ ├── main.tf
│ └── setup.sh
├── docker-registry/
│ ├── main.tf
│ ├── outputs.tf
│ ├── setup.sh
│ ├── variables.tf
│ └── variables.tfvars
├── docker-swarm-cluster/
│ ├── README.md
│ ├── hosts
│ ├── install-docker.sh
│ ├── outputs.tf
│ ├── playbook.yml
│ ├── provider.tf
│ ├── resources.tf
│ ├── security_groups.tf
│ └── variables.tf
├── ec2-elb/
│ ├── bootstrap-server1.sh
│ ├── bootstrap-server2.sh
│ ├── main.tf
│ └── variables.tf
├── etcd-cluster/
│ ├── README.md
│ ├── cloud-config.yml
│ ├── provider.tf
│ ├── resources.tf
│ ├── security_groups.tf
│ └── variables.tf
├── linuxkit-aws/
│ ├── aws.yml
│ ├── files/
│ │ ├── assume-role-policy.json
│ │ └── policy.tpl
│ └── main.tf
├── single-ec2-instance/
│ ├── README.md
│ └── main.tf
├── telegraf-influxdb-grafana/
│ ├── bootstrap.sh
│ ├── main.tf
│ └── variables.tf
├── tick-stack-ansible/
│ ├── README.md
│ ├── ansible/
│ │ ├── group_vars/
│ │ │ └── all
│ │ ├── inventory
│ │ └── playbook.yml
│ └── terraform/
│ ├── main.tf
│ ├── outputs.tf
│ ├── variables.tf
│ └── variables.tfvars
├── vpc-public-private-subnet/
│ ├── README.md
│ ├── install.sh
│ ├── provider.tf
│ ├── resources.tf
│ ├── variables.tf
│ └── vpc.tf
└── wordpress/
├── .gitignore
├── bootstrap.sh
├── main.tf
├── outputs.tf
└── variables.tf
Condensed preview — 67 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (47K chars).
[
{
"path": ".gitmodules",
"chars": 193,
"preview": "[submodule \"telegraf-influxdb-grafana/telegraf-influxdb-grafana\"]\n\tpath = telegraf-influxdb-grafana/telegraf-influxdb-gr"
},
{
"path": "LICENSE",
"chars": 1074,
"preview": "MIT License\n\nCopyright (c) 2017 LABOUARDY Mohamed\n\nPermission is hereby granted, free of charge, to any person obtaining"
},
{
"path": "README.md",
"chars": 1165,
"preview": "# Terraform AWS Use cases\nTerraform template for AWS provider\n\n# How to use\n\n- Set AWS_ACCESS_KEY_ID and AWS_SECRET_ACCE"
},
{
"path": "autoscalling-elb/main.tf",
"chars": 1226,
"preview": "# Define launch configuration\n\nresource \"aws_launch_configuration\" \"previously_webcluster\" {\n name = \"previously_webclu"
},
{
"path": "bastion-highavailability/README.md",
"chars": 129,
"preview": "<p align=\"center\">\r\n <img src=\"http://i1.wp.com/www.blog.labouardy.com/wp-content/uploads/2017/10/bastion-1.png?w=741\"/"
},
{
"path": "bastion-highavailability/dns.tf",
"chars": 234,
"preview": "resource \"aws_route53_record\" \"bastion-slowcoder\" {\n zone_id = \"${var.zone_id}\"\n name = \"bastion.slowcoder.com\"\n type"
},
{
"path": "bastion-highavailability/outputs.tf",
"chars": 220,
"preview": "output \"BASTION-1\" {\n value = \"${aws_eip.bastion-1a-eip.public_ip}\"\n}\n\noutput \"BASTION-2\" {\n value = \"${aws_eip.bastio"
},
{
"path": "bastion-highavailability/provider.tf",
"chars": 46,
"preview": "provider \"aws\" {\n region = \"${var.region}\"\n}\n"
},
{
"path": "bastion-highavailability/resources.tf",
"chars": 1009,
"preview": "resource \"aws_instance\" \"bastion-1a\" {\n ami = \"${lookup(var.amis, var.region)}\"\n instance_type = \"${var.instance_type}"
},
{
"path": "bastion-highavailability/variables.tf",
"chars": 955,
"preview": "variable \"key_name\" {}\nvariable \"zone_id\" {}\n\nvariable \"region\" {\n description = \"AWS Region\"\n default = \"us-east-1\"\n}"
},
{
"path": "bastion-highavailability/variables.tfvars",
"chars": 23,
"preview": "key_name=\"\"\nzone_id=\"\"\n"
},
{
"path": "bastion-highavailability/vpc.tf",
"chars": 1562,
"preview": "resource \"aws_vpc\" \"default\" {\n cidr_block = \"${var.vpc_cidr}\"\n enable_dns_hostnames = true\n\n tags {\n Name = \"test"
},
{
"path": "ci-pipeline/README.md",
"chars": 0,
"preview": ""
},
{
"path": "ci-pipeline/main.tf",
"chars": 967,
"preview": "provider \"aws\" {\n region = \"${var.region}\"\n access_key = \"${var.access_key}\"\n secret_key = \"${var.secret_key}\"\n}\n\n// "
},
{
"path": "ci-pipeline/setup.sh",
"chars": 95,
"preview": "#!/bin/sh\nyum update -y\nyum install -y docker\nservice docker start\nusermod -aG docker ec2-user\n"
},
{
"path": "docker-registry/main.tf",
"chars": 1506,
"preview": "provider \"aws\" {\n region = \"${var.region}\"\n secret_key = \"${var.secret_key}\"\n access_key = \"${var.access_key}\"\n}\n"
},
{
"path": "docker-registry/outputs.tf",
"chars": 66,
"preview": "output \"Registry IP\" {\n value = \"${aws_eip.default.public_ip}\"\n}\n"
},
{
"path": "docker-registry/setup.sh",
"chars": 226,
"preview": "#!/bin/sh\nyum update -y\nyum install -y docker\nservice docker start\nusermod -aG docker ec2-user\ndocker swarm init\ndocker "
},
{
"path": "docker-registry/variables.tf",
"chars": 511,
"preview": "variable \"region\" {}\nvariable \"secret_key\" {}\nvariable \"access_key\" {}\nvariable \"ssh_public_key\" {}\nvariable \"dns_zone_i"
},
{
"path": "docker-registry/variables.tfvars",
"chars": 187,
"preview": "region = \"YOUR AWS REGION\"\nsecret_key = \"YOUR AWS SECRET KEY\"\naccess_key = \"YOUR AWS ACCESS KEY ID\"\nssh_public_key = \"YO"
},
{
"path": "docker-swarm-cluster/README.md",
"chars": 291,
"preview": "<p align=\"center\">\n <img src=\"http://i0.wp.com/www.blog.labouardy.com/wp-content/uploads/2017/08/swarm_ansible_terrafor"
},
{
"path": "docker-swarm-cluster/hosts",
"chars": 21,
"preview": "[masters]\n\n[workers]\n"
},
{
"path": "docker-swarm-cluster/install-docker.sh",
"chars": 92,
"preview": "#!/bin/sh\nyum update\nyum install -y docker\nservice docker start\nusermod -aG docker ec2-user\n"
},
{
"path": "docker-swarm-cluster/outputs.tf",
"chars": 201,
"preview": "output \"MASTER\" {\n value = \"${aws_instance.master.public_ip}\"\n}\n\noutput \"WORKER1\" {\n value = \"${aws_instance.worker1.p"
},
{
"path": "docker-swarm-cluster/playbook.yml",
"chars": 1120,
"preview": "---\n - name: Init Swarm Master\n hosts: masters\n gather_facts: False\n remote_user: ec2-user\n tasks:\n - "
},
{
"path": "docker-swarm-cluster/provider.tf",
"chars": 50,
"preview": "provider \"aws\" {\n region = \"${var.aws_region}\"\n}\n"
},
{
"path": "docker-swarm-cluster/resources.tf",
"chars": 982,
"preview": "resource \"aws_key_pair\" \"default\"{\n key_name = \"clusterkp\"\n public_key = \"${file(\"${var.key_path}\")}\"\n}\n\nresource \"aws"
},
{
"path": "docker-swarm-cluster/security_groups.tf",
"chars": 448,
"preview": "resource \"aws_security_group\" \"default\" {\n name = \"sgswarmcluster\"\n\n # Allow all inbound\n ingress {\n from_port ="
},
{
"path": "docker-swarm-cluster/variables.tf",
"chars": 504,
"preview": "variable \"aws_region\" {\n description = \"AWS region on which we will setup the swarm cluster\"\n default = \"us-east-1\"\n}\n"
},
{
"path": "ec2-elb/bootstrap-server1.sh",
"chars": 125,
"preview": "#!/bin/sh\nyum install -y httpd\nservice start httpd\nchkconfig httpd on\necho \"hello world server 1\" > /var/www/html/index."
},
{
"path": "ec2-elb/bootstrap-server2.sh",
"chars": 125,
"preview": "#!/bin/sh\nyum install -y httpd\nservice start httpd\nchkconfig httpd on\necho \"hello world server 2\" > /var/www/html/index."
},
{
"path": "ec2-elb/main.tf",
"chars": 1590,
"preview": "provider \"aws\" {\n region = \"${var.region}\"\n}\n\nresource \"aws_security_group\" \"default\" {\n name = \"ec2-elb-sg\"\n\n ingres"
},
{
"path": "ec2-elb/variables.tf",
"chars": 328,
"preview": "variable \"region\" {\n description = \"AWS Region\"\n default = \"us-east-1\"\n}\n\nvariable \"key_path\" {\n description = \"Publi"
},
{
"path": "etcd-cluster/README.md",
"chars": 266,
"preview": "<p align=\"center\">\n <img src=\"http://i2.wp.com/www.blog.labouardy.com/wp-content/uploads/2017/08/etcd_cluster.png?w=462"
},
{
"path": "etcd-cluster/cloud-config.yml",
"chars": 572,
"preview": "#cloud-config\n\nwrite_files:\n - path: /tmp/done\n owner: core:core\n permissions: 0644\n content: |\n Cloud co"
},
{
"path": "etcd-cluster/provider.tf",
"chars": 46,
"preview": "provider \"aws\" {\n region = \"${var.region}\"\n}\n"
},
{
"path": "etcd-cluster/resources.tf",
"chars": 955,
"preview": "resource \"aws_key_pair\" \"default\" {\n key_name = \"etcdcluster\"\n public_key = \"${file(\"${var.key_path}\")}\"\n}\n\nresource \""
},
{
"path": "etcd-cluster/security_groups.tf",
"chars": 391,
"preview": "resource \"aws_security_group\" \"default\" {\n name = \"etcdclustersg\"\n\n ingress {\n from_port = 0\n to_port = 65535\n "
},
{
"path": "etcd-cluster/variables.tf",
"chars": 340,
"preview": "variable \"region\" {\n description = \"AWS Region\"\n default = \"us-east-1\"\n}\n\nvariable \"ami\" {\n description = \"CoreOS AMI"
},
{
"path": "linuxkit-aws/aws.yml",
"chars": 961,
"preview": "kernel:\n image: linuxkit/kernel:4.9.39\n cmdline: \"console=ttyS0\"\ninit:\n - linuxkit/init:838b772355a8690143b37de1cdd4a"
},
{
"path": "linuxkit-aws/files/assume-role-policy.json",
"chars": 317,
"preview": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Principal\": { \"Service\": \""
},
{
"path": "linuxkit-aws/files/policy.tpl",
"chars": 683,
"preview": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3"
},
{
"path": "linuxkit-aws/main.tf",
"chars": 673,
"preview": "provider \"aws\" {\n region = \"us-east-1\"\n}\n\ndata \"template_file\" \"policy\" {\n template = \"${file(\"files/policy.tpl\")}\"\n "
},
{
"path": "single-ec2-instance/README.md",
"chars": 126,
"preview": "<p align=\"center\">\n <img src=\"http://i1.wp.com/www.blog.labouardy.com/wp-content/uploads/2017/08/terraform.png?w=472\">\n"
},
{
"path": "single-ec2-instance/main.tf",
"chars": 316,
"preview": "provider \"aws\" {\n region = \"us-east-1\"\n}\n\nresource \"aws_key_pair\" \"mysshkey\" {\n key_name = \"mysshkey\"\n public_key "
},
{
"path": "telegraf-influxdb-grafana/bootstrap.sh",
"chars": 273,
"preview": "#!/bin/sh\nyum update\nyum install -y docker curl\nservice docker start\nusermod -aG docker ec2-user\ncurl -L https://github."
},
{
"path": "telegraf-influxdb-grafana/main.tf",
"chars": 1071,
"preview": "provider \"aws\" {\n region = \"${var.region}\"\n}\n\nresource \"aws_security_group\" \"default\"{\n name = \"metricssg\"\n\n ingress "
},
{
"path": "telegraf-influxdb-grafana/variables.tf",
"chars": 450,
"preview": "variable \"region\" {\n description = \"AWS Region\"\n default = \"us-east-1\"\n}\n\nvariable \"ami\" {\n description = \"Amazon Lin"
},
{
"path": "tick-stack-ansible/README.md",
"chars": 514,
"preview": "# TICK Stack\n\n* Telegraf\n* InfluxDB\n* Chronograf\n* Kapacitor\n\n<p align=\"center\">\n <img src=\"logo.png\" width=\"70%\"/>\n</p"
},
{
"path": "tick-stack-ansible/ansible/group_vars/all",
"chars": 24,
"preview": "---\nremote_user: ubuntu\n"
},
{
"path": "tick-stack-ansible/ansible/inventory",
"chars": 10,
"preview": "[servers]\n"
},
{
"path": "tick-stack-ansible/ansible/playbook.yml",
"chars": 146,
"preview": "---\n- name: Setup TICK Stack\n hosts: servers\n remote_user: \"{{remote_user}}\"\n become: yes\n become_method: sudo\n rol"
},
{
"path": "tick-stack-ansible/terraform/main.tf",
"chars": 1590,
"preview": "provider \"aws\" {\r\n region = \"${var.region}\"\r\n access_key = \"${var.access_key}\"\r\n secret_key = \"${var.secret_key}\"\r\n}\r"
},
{
"path": "tick-stack-ansible/terraform/outputs.tf",
"chars": 80,
"preview": "output \"instance_public_dns\" {\n value = \"${module.tick_stack.public_dns[0]}\"\n}\n"
},
{
"path": "tick-stack-ansible/terraform/variables.tf",
"chars": 776,
"preview": "variable \"region\" {\n description = \"AWS Region\"\n}\n\nvariable \"access_key\" {\n description = \"AWS Access Key ID\"\n}\n\nvaria"
},
{
"path": "tick-stack-ansible/terraform/variables.tfvars",
"chars": 149,
"preview": "region = \"AWS REGION\"\naccess_key = \"YOUR AWS ACCESS KEY ID\"\nsecret_key = \"YOUR AWS SECRET KEY\"\nkey_name = \"YOUR SSH KEY "
},
{
"path": "vpc-public-private-subnet/README.md",
"chars": 247,
"preview": "<p align=\"center\">\n <img src=\"http://i0.wp.com/www.blog.labouardy.com/wp-content/uploads/2017/08/vpc_tf-1.png?w=462\"/>\n"
},
{
"path": "vpc-public-private-subnet/install.sh",
"chars": 150,
"preview": "#!/bin/sh\nyum install -y httpd\nservice start httpd\nchkonfig httpd on\necho \"<html><h1>Hello from mlabouardy ^^</h2></html"
},
{
"path": "vpc-public-private-subnet/provider.tf",
"chars": 79,
"preview": "# Define AWS as our provider\nprovider \"aws\" {\n region = \"${var.aws_region}\"\n}\n"
},
{
"path": "vpc-public-private-subnet/resources.tf",
"chars": 930,
"preview": "# Define SSH key pair for our instances\nresource \"aws_key_pair\" \"default\" {\n key_name = \"vpctestkeypair\"\n public_key ="
},
{
"path": "vpc-public-private-subnet/variables.tf",
"chars": 568,
"preview": "variable \"aws_region\" {\n description = \"Region for the VPC\"\n default = \"us-east-1\"\n}\n\nvariable \"vpc_cidr\" {\n descript"
},
{
"path": "vpc-public-private-subnet/vpc.tf",
"chars": 2492,
"preview": "# Define our VPC\nresource \"aws_vpc\" \"default\" {\n cidr_block = \"${var.vpc_cidr}\"\n enable_dns_hostnames = true\n\n tags {"
},
{
"path": "wordpress/.gitignore",
"chars": 17,
"preview": "terraform.tfvars\n"
},
{
"path": "wordpress/bootstrap.sh",
"chars": 283,
"preview": "#/bin/sh\nyum install -y httpd php php-zlib php-iconv php-gd php-mbstring php-fileinfo php-curl php-mysql\nchkconfig httpd"
},
{
"path": "wordpress/main.tf",
"chars": 5247,
"preview": "provider \"aws\" {\n region = \"${var.region}\"\n}\n\nresource \"aws_vpc\" \"default\" {\n cidr_block = \"${var.vpc_cidr_block}\"\n e"
},
{
"path": "wordpress/outputs.tf",
"chars": 203,
"preview": "output \"ELB_DNS\" {\n value = \"${aws_elb.default.dns_name}\"\n}\n\noutput \"Blog_DNS\" {\n value = \"${aws_instance.default.publ"
},
{
"path": "wordpress/variables.tf",
"chars": 1550,
"preview": "variable \"region\" {\n description = \"VPC Region\"\n default = \"us-east-1\"\n}\n\nvariable \"vpc_cidr_block\" {\n description = "
}
]
About this extraction
This page contains the full source code of the mlabouardy/terraform-aws-labs GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 67 files (38.8 KB), approximately 13.7k tokens. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.