[ { "path": ".gitmodules", "content": "[submodule \"telegraf-influxdb-grafana/telegraf-influxdb-grafana\"]\n\tpath = telegraf-influxdb-grafana/telegraf-influxdb-grafana\n\turl = https://github.com/mlabouardy/telegraf-influxdb-grafana.git\n" }, { "path": "LICENSE", "content": "MIT License\n\nCopyright (c) 2017 LABOUARDY Mohamed\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n" }, { "path": "README.md", "content": "# Terraform AWS Use cases\nTerraform template for AWS provider\n\n# How to use\n\n- Set AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY, environment variables\n\n```\n$ export AWS_ACCESS_KEY_ID=\"YOUR ACCESS KEY ID\"\n$ export AWS_SECRET_ACCESS_KEY=\"YOUR SECRET ACCESS KEY\"\n```\n\n# Tutorials\n\n* Setting up an etcd cluster on AWS using CoreOS & Terraform\n* Setup Docker Swarm on AWS using Ansible & Terraform\n* Manage AWS VPC as Infrastructure as Code with Terraform\n* Manage AWS Infrastracture as Code with Terraform\n* Highly Available Bastion Hosts with Route53\n* Highly Available Docker Registry on AWS with Nexus\n" }, { "path": "autoscalling-elb/main.tf", "content": "# Define launch configuration\n\nresource \"aws_launch_configuration\" \"previously_webcluster\" {\n name = \"previously_webcluster\"\n image_id = \"${var.ami-webserver}\"\n instance_type = \"${var.instance_type}\"\n\n lifecycle {\n create_before_destroy = true\n }\n}\n\nresource \"aws_autoscaling_group\" \"previously_asg\" {\n name = \"previously_asg\"\n launch_configuration = \"${aws_launch_configuration.previously_webcluster.name}\"\n min_size = 2\n max_size = 3\n\n lifecycle {\n create_before_destroy = true\n }\n}\n\nresource \"aws_elb\" \"previously_elb\" {\n name = \"previously_elb\"\n availability_zone = [\"us-west-2a\", \"us-west-2b\"]\n subnets = [\"${aws_subnet.previously_private_us_west_2a.id}\", \"${aws_subnet.previously_private_us_west_2b.id}\"]\n security_groups = [\"${aws_security_group.previously_elb_sg.id}\"]\n\n listener {\n instance_port = 80\n instance_protocol = \"http\"\n lb_port = 80\n lb_protocol = \"http\"\n }\n\n health_check {\n healthy_threshold = 2\n unhealthy_threshold = 2\n timeout = 3\n target = \"HTTP:80/\"\n interval = 30\n }\n\n cross_zone_load_balancing = true\n idle_timeout = 400\n connection_draining = true\n connection_draining_timeout = 400\n\n tags {\n Name = \"previously_elb\"\n }\n}\n" }, { "path": "bastion-highavailability/README.md", "content": "

\r\n \r\n

\r\n" }, { "path": "bastion-highavailability/dns.tf", "content": "resource \"aws_route53_record\" \"bastion-slowcoder\" {\n zone_id = \"${var.zone_id}\"\n name = \"bastion.slowcoder.com\"\n type = \"A\"\n ttl = \"330\"\n records = [\"${aws_eip.bastion-1a-eip.public_ip}\", \"${aws_eip.bastion-1b-eip.public_ip}\"]\n}\n" }, { "path": "bastion-highavailability/outputs.tf", "content": "output \"BASTION-1\" {\n value = \"${aws_eip.bastion-1a-eip.public_ip}\"\n}\n\noutput \"BASTION-2\" {\n value = \"${aws_eip.bastion-1b-eip.public_ip}\"\n}\n\noutput \"PRIVATE-EC2\" {\n value = \"${aws_instance.private-ec2.private_ip}\"\n}\n" }, { "path": "bastion-highavailability/provider.tf", "content": "provider \"aws\" {\n region = \"${var.region}\"\n}\n" }, { "path": "bastion-highavailability/resources.tf", "content": "resource \"aws_instance\" \"bastion-1a\" {\n ami = \"${lookup(var.amis, var.region)}\"\n instance_type = \"${var.instance_type}\"\n key_name = \"${var.key_name}\"\n subnet_id = \"${aws_subnet.us-east-1a-public.id}\"\n associate_public_ip_address = true\n\n tags {\n Name = \"bastion-1a\"\n }\n}\n\nresource \"aws_eip\" \"bastion-1a-eip\" {\n instance = \"${aws_instance.bastion-1a.id}\"\n vpc = true\n}\n\nresource \"aws_instance\" \"bastion-1b\" {\n ami = \"${lookup(var.amis, var.region)}\"\n instance_type = \"${var.instance_type}\"\n key_name = \"${var.key_name}\"\n subnet_id = \"${aws_subnet.us-east-1b-public.id}\"\n associate_public_ip_address = true\n\n tags {\n Name = \"bastion-1b\"\n }\n}\n\nresource \"aws_eip\" \"bastion-1b-eip\" {\n instance = \"${aws_instance.bastion-1b.id}\"\n vpc = true\n}\n\nresource \"aws_instance\" \"private-ec2\" {\n ami = \"${lookup(var.amis, var.region)}\"\n instance_type = \"${var.instance_type}\"\n key_name = \"${var.key_name}\"\n subnet_id = \"${aws_subnet.us-east-1a-private.id}\"\n\n tags {\n Name = \"private-ec2\"\n }\n}\n" }, { "path": "bastion-highavailability/variables.tf", "content": "variable \"key_name\" {}\nvariable \"zone_id\" {}\n\nvariable \"region\" {\n description = \"AWS Region\"\n default = \"us-east-1\"\n}\n\nvariable \"vpc_cidr\" {\n description = \"VPC CIDR Block\"\n default = \"10.0.0.0/16\"\n}\n\nvariable \"us_east_1a_public_cidr\" {\n description = \"CIDR for the public subnet\"\n default = \"10.0.1.0/24\"\n}\n\nvariable \"us_east_1b_public_cidr\" {\n description = \"CIDR for the public subnet\"\n default = \"10.0.2.0/24\"\n}\n\nvariable \"us_east_1a_private_cidr\" {\n description = \"CIDR for the public subnet\"\n default = \"10.0.3.0/24\"\n}\n\nvariable \"availability_zones\" {\n type = \"map\"\n description = \"Availability Zones by CIDR\"\n default = {\n \"10.0.1.0/24\" = \"us-east-1a\"\n \"10.0.2.0/24\" = \"us-east-1b\"\n \"10.0.3.0/24\" = \"us-east-1a\"\n }\n}\n\nvariable \"amis\" {\n type = \"map\"\n description = \"AMIs by region\"\n default = {\n us-east-1 = \"ami-4fffc834\"\n }\n}\n\nvariable \"instance_type\" {\n description = \"EC2 instance type\"\n default = \"t2.micro\"\n}\n" }, { "path": "bastion-highavailability/variables.tfvars", "content": "key_name=\"\"\nzone_id=\"\"\n" }, { "path": "bastion-highavailability/vpc.tf", "content": "resource \"aws_vpc\" \"default\" {\n cidr_block = \"${var.vpc_cidr}\"\n enable_dns_hostnames = true\n\n tags {\n Name = \"testing\"\n }\n}\n\nresource \"aws_subnet\" \"us-east-1a-public\" {\n vpc_id = \"${aws_vpc.default.id}\"\n cidr_block = \"${var.us_east_1a_public_cidr}\"\n availability_zone = \"${lookup(var.availability_zones, var.us_east_1a_public_cidr)}\"\n\n tags {\n Name = \"us-east-1a-public\"\n }\n}\n\nresource \"aws_subnet\" \"us-east-1b-public\" {\n vpc_id = \"${aws_vpc.default.id}\"\n cidr_block = \"${var.us_east_1b_public_cidr}\"\n availability_zone = \"${lookup(var.availability_zones, var.us_east_1b_public_cidr)}\"\n\n tags {\n Name = \"us-east-1b-public\"\n }\n}\n\nresource \"aws_subnet\" \"us-east-1a-private\" {\n vpc_id = \"${aws_vpc.default.id}\"\n cidr_block = \"${var.us_east_1a_private_cidr}\"\n availability_zone = \"${lookup(var.availability_zones, var.us_east_1a_private_cidr)}\"\n\n tags {\n Name = \"us-east-1a-private\"\n }\n}\n\nresource \"aws_internet_gateway\" \"default\" {\n vpc_id = \"${aws_vpc.default.id}\"\n\n tags {\n Name = \"igw\"\n }\n}\n\nresource \"aws_route_table\" \"default\" {\n vpc_id = \"${aws_vpc.default.id}\"\n\n route {\n cidr_block = \"0.0.0.0/0\"\n gateway_id = \"${aws_internet_gateway.default.id}\"\n }\n\n tags {\n Name = \"public-rt\"\n }\n}\n\nresource \"aws_route_table_association\" \"1a-public-rt\" {\n subnet_id = \"${aws_subnet.us-east-1a-public.id}\"\n route_table_id = \"${aws_route_table.default.id}\"\n}\n\nresource \"aws_route_table_association\" \"1b-public-rt\" {\n subnet_id = \"${aws_subnet.us-east-1b-public.id}\"\n route_table_id = \"${aws_route_table.default.id}\"\n}\n" }, { "path": "ci-pipeline/README.md", "content": "" }, { "path": "ci-pipeline/main.tf", "content": "provider \"aws\" {\n region = \"${var.region}\"\n access_key = \"${var.access_key}\"\n secret_key = \"${var.secret_key}\"\n}\n\n// SSH KeyPair\nresource \"aws_key_pair\" \"default\" {\n key_name = \"registry\"\n public_key = \"${file(\"${var.ssh_public_key}\")}\"\n}\n\n// Jenkins Master\nresource \"aws_instance\" \"ci-master\" {\n ami = \"${lookup()}\"\n instance_type = \"${var.instance_type}\"\n key_name = \"${aws_key_pair.default.id}\"\n security_groups = [\"${aws_security_group.default.name}\"]\n\n user_data = \"${file(\"setup.sh\")}\"\n\n tags {\n Name = \"ci-master\"\n }\n}\n\n// Jenkins Slave\nresource \"aws_instance\" \"ci-slave\" {\n ami = \"${lookup()}\"\n instance_type = \"${var.instance_type}\"\n key_name = \"${aws_key_pair.default.id}\"\n\n tags {\n Name = \"ci-slave\"\n }\n}\n\n// Deployment Environment\nresource \"aws_instance\" \"node\" {\n count = 3\n ami = \"${lookup()}\"\n instance_type = \"${var.instance_type}\"\n key_name = \"${aws_key_pair.default.id}\"\n\n tags {\n Name = \"node-${count.index}\"\n }\n}\n" }, { "path": "ci-pipeline/setup.sh", "content": "#!/bin/sh\nyum update -y\nyum install -y docker\nservice docker start\nusermod -aG docker ec2-user\n" }, { "path": "docker-registry/main.tf", "content": "provider \"aws\" {\n region = \"${var.region}\"\n secret_key = \"${var.secret_key}\"\n access_key = \"${var.access_key}\"\n}\n\nresource \"aws_security_group\" \"default\" {\n name = \"registry_security_group\"\n description = \"Allow access to Nexus dashboard & traffic on port 5000\"\n\n ingress {\n from_port = 22\n to_port = 22\n protocol = \"tcp\"\n cidr_blocks = [\"0.0.0.0/0\"]\n }\n\n ingress {\n from_port = 8081\n to_port = 8081\n protocol = \"tcp\"\n cidr_blocks = [\"0.0.0.0/0\"]\n }\n\n ingress {\n from_port = 5000\n to_port = 5000\n protocol = \"tcp\"\n cidr_blocks = [\"0.0.0.0/0\"]\n }\n\n egress {\n from_port = 0\n to_port = 0\n protocol = -1\n cidr_blocks = [\"0.0.0.0/0\"]\n }\n\n tags {\n Name = \"registry_security_group\"\n }\n}\n\nresource \"aws_key_pair\" \"default\" {\n key_name = \"registry\"\n public_key = \"${file(\"${var.ssh_public_key}\")}\"\n}\n\nresource \"aws_eip\" \"default\" {\n instance = \"${aws_instance.default.id}\"\n vpc = true\n}\n\nresource \"aws_instance\" \"default\" {\n ami = \"${lookup(var.amis, var.region)}\"\n instance_type = \"${var.instance_type}\"\n key_name = \"${aws_key_pair.default.id}\"\n security_groups = [\"${aws_security_group.default.name}\"]\n\n user_data = \"${file(\"setup.sh\")}\"\n\n tags {\n Name = \"registry\"\n }\n}\n\nresource \"aws_route53_record\" \"default\" {\n zone_id = \"${var.dns_zone_id}\"\n name = \"${var.dns_name}\"\n type = \"A\"\n ttl = \"300\"\n records = [\"${aws_eip.default.public_ip}\"]\n}\n" }, { "path": "docker-registry/outputs.tf", "content": "output \"Registry IP\" {\n value = \"${aws_eip.default.public_ip}\"\n}\n" }, { "path": "docker-registry/setup.sh", "content": "#!/bin/sh\nyum update -y\nyum install -y docker\nservice docker start\nusermod -aG docker ec2-user\ndocker swarm init\ndocker service create --replicas 1 --name registry --publish 5000:5000 --publish 8081:8081 sonatype/nexus3:3.6.2\n" }, { "path": "docker-registry/variables.tf", "content": "variable \"region\" {}\nvariable \"secret_key\" {}\nvariable \"access_key\" {}\nvariable \"ssh_public_key\" {}\nvariable \"dns_zone_id\" {}\n\nvariable \"instance_type\" {\n default = \"t2.medium\"\n}\n\nvariable \"amis\" {\n type = \"map\"\n description = \"Amazon Linux Image\"\n\n default = {\n \"us-east-1\" = \"ami-55ef662f\"\n \"us-east-2\" = \"ami-15e9c770\"\n \"eu-west-2\" = \"ami-e7d6c983\"\n \"eu-west-1\" = \"ami-1a962263\"\n \"ap-south-1\" = \"ami-d5c18eba\"\n }\n}\n\nvariable \"dns_name\" {\n default = \"registry.slowcoder.com\"\n}\n" }, { "path": "docker-registry/variables.tfvars", "content": "region = \"YOUR AWS REGION\"\nsecret_key = \"YOUR AWS SECRET KEY\"\naccess_key = \"YOUR AWS ACCESS KEY ID\"\nssh_public_key = \"YOUR SSH PUBLIC KEY (.pub)\"\ndns_zone_id = \"YOUR ROUTE53 DNS ZONE ID\"\n" }, { "path": "docker-swarm-cluster/README.md", "content": "

\n \n

\n\nHow to setup a docker swarm cluster in action is shown below:\n\n[![asciicast](https://asciinema.org/a/135278.png)](https://asciinema.org/a/135278)\n" }, { "path": "docker-swarm-cluster/hosts", "content": "[masters]\n\n[workers]\n" }, { "path": "docker-swarm-cluster/install-docker.sh", "content": "#!/bin/sh\nyum update\nyum install -y docker\nservice docker start\nusermod -aG docker ec2-user\n" }, { "path": "docker-swarm-cluster/outputs.tf", "content": "output \"MASTER\" {\n value = \"${aws_instance.master.public_ip}\"\n}\n\noutput \"WORKER1\" {\n value = \"${aws_instance.worker1.public_ip}\"\n}\n\noutput \"WORKER2\" {\n value = \"${aws_instance.worker2.public_ip}\"\n}\n" }, { "path": "docker-swarm-cluster/playbook.yml", "content": "---\n - name: Init Swarm Master\n hosts: masters\n gather_facts: False\n remote_user: ec2-user\n tasks:\n - name: Swarm Init\n command: docker swarm init --advertise-addr {{ inventory_hostname }}\n\n - name: Get Worker Token\n command: docker swarm join-token worker -q\n register: worker_token\n\n - name: Show Worker Token\n debug: var=worker_token.stdout\n\n - name: Master Token\n command: docker swarm join-token manager -q\n register: master_token\n\n - name: Show Master Token\n debug: var=master_token.stdout\n\n - name: Join Swarm Cluster\n hosts: workers\n remote_user: ec2-user\n gather_facts: False\n vars:\n token: \"{{ hostvars[groups['masters'][0]]['worker_token']['stdout'] }}\"\n master: \"{{ hostvars[groups['masters'][0]]['inventory_hostname'] }}\"\n tasks:\n - name: Join Swarm Cluster as a Worker\n command: docker swarm join --token {{ token }} {{ master }}:2377\n register: worker\n\n - name: Show Results\n debug: var=worker.stdout\n\n - name: Show Errors\n debug: var=worker.stderr\n" }, { "path": "docker-swarm-cluster/provider.tf", "content": "provider \"aws\" {\n region = \"${var.aws_region}\"\n}\n" }, { "path": "docker-swarm-cluster/resources.tf", "content": "resource \"aws_key_pair\" \"default\"{\n key_name = \"clusterkp\"\n public_key = \"${file(\"${var.key_path}\")}\"\n}\n\nresource \"aws_instance\" \"master\" {\n ami = \"${var.ami}\"\n instance_type = \"${var.instance_type}\"\n key_name = \"${aws_key_pair.default.id}\"\n user_data = \"${file(\"${var.bootstrap_path}\")}\"\n vpc_security_group_ids = [\"${aws_security_group.default.id}\"]\n\n tags {\n Name = \"master\"\n }\n}\n\nresource \"aws_instance\" \"worker1\" {\n ami = \"${var.ami}\"\n instance_type = \"${var.instance_type}\"\n key_name = \"${aws_key_pair.default.id}\"\n user_data = \"${file(\"${var.bootstrap_path}\")}\"\n vpc_security_group_ids = [\"${aws_security_group.default.id}\"]\n\n tags {\n Name = \"worker 1\"\n }\n}\n\nresource \"aws_instance\" \"worker2\" {\n ami = \"${var.ami}\"\n instance_type = \"${var.instance_type}\"\n key_name = \"${aws_key_pair.default.id}\"\n user_data = \"${file(\"${var.bootstrap_path}\")}\"\n vpc_security_group_ids = [\"${aws_security_group.default.id}\"]\n\n tags {\n Name = \"worker 2\"\n }\n}\n" }, { "path": "docker-swarm-cluster/security_groups.tf", "content": "resource \"aws_security_group\" \"default\" {\n name = \"sgswarmcluster\"\n\n # Allow all inbound\n ingress {\n from_port = 0\n to_port = 65535\n protocol = \"tcp\"\n cidr_blocks = [\"0.0.0.0/0\"]\n }\n\n egress {\n from_port = 0\n to_port = 65535\n protocol = \"tcp\"\n cidr_blocks = [\"0.0.0.0/0\"]\n }\n\n # Enable ICMP\n ingress {\n from_port = -1\n to_port = -1\n protocol = \"icmp\"\n cidr_blocks = [\"0.0.0.0/0\"]\n }\n}\n" }, { "path": "docker-swarm-cluster/variables.tf", "content": "variable \"aws_region\" {\n description = \"AWS region on which we will setup the swarm cluster\"\n default = \"us-east-1\"\n}\n\nvariable \"ami\" {\n description = \"Amazon Linux AMI\"\n default = \"ami-4fffc834\"\n}\n\nvariable \"instance_type\" {\n description = \"Instance type\"\n default = \"t2.micro\"\n}\n\nvariable \"key_path\" {\n description = \"SSH Public Key path\"\n default = \"/home/core/.ssh/id_rsa.pub\"\n}\n\nvariable \"bootstrap_path\" {\n description = \"Script to install Docker Engine\"\n default = \"install-docker.sh\"\n}\n" }, { "path": "ec2-elb/bootstrap-server1.sh", "content": "#!/bin/sh\nyum install -y httpd\nservice start httpd\nchkconfig httpd on\necho \"hello world server 1\" > /var/www/html/index.html\n" }, { "path": "ec2-elb/bootstrap-server2.sh", "content": "#!/bin/sh\nyum install -y httpd\nservice start httpd\nchkconfig httpd on\necho \"hello world server 2\" > /var/www/html/index.html\n" }, { "path": "ec2-elb/main.tf", "content": "provider \"aws\" {\n region = \"${var.region}\"\n}\n\nresource \"aws_security_group\" \"default\" {\n name = \"ec2-elb-sg\"\n\n ingress {\n from_port = 0\n to_port = 65535\n protocol = \"tcp\"\n cidr_blocks = [\"0.0.0.0/0\"]\n }\n\n egress {\n from_port = 0\n to_port = 65535\n protocol = \"tcp\"\n cidr_blocks = [\"0.0.0.0/0\"]\n }\n\n ingress {\n from_port = -1\n to_port = -1\n protocol = \"icmp\"\n cidr_blocks = [\"0.0.0.0/0\"]\n }\n}\n\nresource \"aws_key_pair\" \"default\" {\n key_name = \"ec2-elb-key\"\n public_key = \"${file(\"${var.key_path}\")}\"\n}\n\nresource \"aws_instance\" \"server1\" {\n ami = \"${var.ami}\"\n instance_type = \"${var.instance_type}\"\n key_name = \"${aws_key_pair.default.id}\"\n security_groups = [\"${aws_security_group.default.name}\"]\n user_data = \"${file(\"bootstrap-server1.sh\")}\"\n\n tags {\n Name = \"server1\"\n }\n}\n\nresource \"aws_instance\" \"server2\" {\n ami = \"${var.ami}\"\n instance_type = \"${var.instance_type}\"\n key_name = \"${aws_key_pair.default.id}\"\n security_groups = [\"${aws_security_group.default.name}\"]\n user_data = \"${file(\"bootstrap-server2.sh\")}\"\n\n tags {\n Name = \"server2\"\n }\n}\n\nresource \"aws_elb\" \"default\" {\n name = \"ec2-elb\"\n instances = [\"${aws_instance.server1.id}\", \"${aws_instance.server2.id}\"]\n availability_zones = [\"us-east-1a\", \"us-east-1b\", \"us-east-1c\"]\n\n listener {\n instance_port = 80\n instance_protocol = \"tcp\"\n lb_port = 80\n lb_protocol = \"tcp\"\n }\n\n health_check {\n target = \"HTTP:80/\"\n healthy_threshold = 2\n unhealthy_threshold = 2\n interval = 30\n timeout = 5\n }\n\n tags {\n Name = \"ec2-elb\"\n }\n}\n" }, { "path": "ec2-elb/variables.tf", "content": "variable \"region\" {\n description = \"AWS Region\"\n default = \"us-east-1\"\n}\n\nvariable \"key_path\" {\n description = \"Public key path\"\n default = \"/root/.ssh/id_rsa.pub\"\n}\n\nvariable \"ami\" {\n description = \"AMI\"\n default = \"ami-4fffc834\"\n}\n\nvariable \"instance_type\" {\n description = \"EC2 instance type\"\n default = \"t2.micro\"\n}\n" }, { "path": "etcd-cluster/README.md", "content": "

\n \n

\n\nHow to setup an etcd cluster on AWS is shown below:\n\n[![asciicast](https://asciinema.org/a/135407.png)](https://asciinema.org/a/135407)\n" }, { "path": "etcd-cluster/cloud-config.yml", "content": "#cloud-config\n\nwrite_files:\n - path: /tmp/done\n owner: core:core\n permissions: 0644\n content: |\n Cloud config has been provisionned\n\ncoreos:\n etcd2:\n discovery: \"https://discovery.etcd.io/b0d368f43a40eeb76b98efea9bb4055c\"\n advertise-client-urls: \"http://$private_ipv4:2379\"\n initial-advertise-peer-urls: \"http://$private_ipv4:2380\"\n listen-client-urls: \"http://$private_ipv4:2379,http://127.0.0.1:2379\"\n listen-peer-urls: \"http://$private_ipv4:2380\"\n update:\n reboot-strategy: off\n units:\n - name: etcd2.service\n command: start\n" }, { "path": "etcd-cluster/provider.tf", "content": "provider \"aws\" {\n region = \"${var.region}\"\n}\n" }, { "path": "etcd-cluster/resources.tf", "content": "resource \"aws_key_pair\" \"default\" {\n key_name = \"etcdcluster\"\n public_key = \"${file(\"${var.key_path}\")}\"\n}\n\nresource \"aws_instance\" \"node1\" {\n ami = \"${var.ami}\"\n instance_type = \"${var.instance_type}\"\n key_name = \"${aws_key_pair.default.id}\"\n vpc_security_group_ids = [\"${aws_security_group.default.id}\"]\n user_data = \"${file(\"cloud-config.yml\")}\"\n\n tags {\n Name = \"node1\"\n }\n}\n\nresource \"aws_instance\" \"node2\" {\n ami = \"${var.ami}\"\n instance_type = \"${var.instance_type}\"\n key_name = \"${aws_key_pair.default.id}\"\n vpc_security_group_ids = [\"${aws_security_group.default.id}\"]\n user_data = \"${file(\"cloud-config.yml\")}\"\n\n tags {\n Name = \"node2\"\n }\n}\n\nresource \"aws_instance\" \"node3\" {\n ami = \"${var.ami}\"\n instance_type = \"${var.instance_type}\"\n key_name = \"${aws_key_pair.default.id}\"\n vpc_security_group_ids = [\"${aws_security_group.default.id}\"]\n user_data = \"${file(\"cloud-config.yml\")}\"\n\n tags {\n Name = \"node3\"\n }\n}\n" }, { "path": "etcd-cluster/security_groups.tf", "content": "resource \"aws_security_group\" \"default\" {\n name = \"etcdclustersg\"\n\n ingress {\n from_port = 0\n to_port = 65535\n protocol = \"tcp\"\n cidr_blocks = [\"0.0.0.0/0\"]\n }\n\n egress {\n from_port = 0\n to_port = 65535\n protocol = \"tcp\"\n cidr_blocks = [\"0.0.0.0/0\"]\n }\n\n ingress {\n from_port = -1\n to_port = -1\n protocol = \"icmp\"\n cidr_blocks = [\"0.0.0.0/0\"]\n }\n}\n" }, { "path": "etcd-cluster/variables.tf", "content": "variable \"region\" {\n description = \"AWS Region\"\n default = \"us-east-1\"\n}\n\nvariable \"ami\" {\n description = \"CoreOS AMI\"\n default = \"ami-38714c43\"\n}\n\nvariable \"instance_type\" {\n description = \"Instance type\"\n default = \"t1.micro\"\n}\n\nvariable \"key_path\" {\n description = \"SSH public key path\"\n default = \"/home/core/.ssh/id_rsa.pub\"\n}\n" }, { "path": "linuxkit-aws/aws.yml", "content": "kernel:\n image: linuxkit/kernel:4.9.39\n cmdline: \"console=ttyS0\"\ninit:\n - linuxkit/init:838b772355a8690143b37de1cdd4ac5db725271f\n - linuxkit/runc:d5cbeb95bdafedb82ad2cf11cff1a5da7fcae630\n - linuxkit/containerd:e33e0534d6fca88e1eb86897a1ea410b4a5d722e\n - linuxkit/ca-certificates:67acf038c44bb191ebb704ec7bb39a1524052cdf\nonboot:\n - name: sysctl\n image: linuxkit/sysctl:d1a43c7c91e92374766f962dc8534cf9508756b0\n - name: dhcpcd\n image: linuxkit/dhcpcd:17423c1ccced74e3c005fd80486e8177841fe02b\n command: [\"/sbin/dhcpcd\", \"--nobackground\", \"-f\", \"/dhcpcd.conf\", \"-1\"]\n - name: metadata\n image: linuxkit/metadata:f5d4299909b159db35f72547e4ae70bd76c42c6c\nservices:\n - name: rngd\n image: linuxkit/rngd:1516d5d70683a5d925fe475eb1b6164a2f67ac3b\n - name: sshd\n image: linuxkit/sshd:5dc5c3c4470c85f6c89f0e26b9d477ae4ff85a3c\n binds:\n - /var/config/ssh/authorized_keys:/root/.ssh/authorized_keys\ntrust:\n org:\n - linuxkit\n - library\n" }, { "path": "linuxkit-aws/files/assume-role-policy.json", "content": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Principal\": { \"Service\": \"vmie.amazonaws.com\" },\n \"Action\": \"sts:AssumeRole\",\n \"Condition\": {\n \"StringEquals\":{\n \"sts:Externalid\": \"vmimport\"\n }\n }\n }\n ]\n}\n" }, { "path": "linuxkit-aws/files/policy.tpl", "content": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:ListBucket\",\n \"s3:GetBucketLocation\"\n ],\n \"Resource\": [\n \"arn:aws:s3:::${bucket}\"\n ]\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:GetObject\"\n ],\n \"Resource\": [\n \"arn:aws:s3:::${bucket}/*\"\n ]\n },\n {\n \"Effect\": \"Allow\",\n \"Action\":[\n \"ec2:ModifySnapshotAttribute\",\n \"ec2:CopySnapshot\",\n \"ec2:RegisterImage\",\n \"ec2:Describe*\"\n ],\n \"Resource\": \"*\"\n }\n ]\n}\n" }, { "path": "linuxkit-aws/main.tf", "content": "provider \"aws\" {\n region = \"us-east-1\"\n}\n\ndata \"template_file\" \"policy\" {\n template = \"${file(\"files/policy.tpl\")}\"\n vars {\n bucket = \"${aws_s3_bucket.disk_image_bucket.id}\"\n }\n}\n\n################## S3 ###################\n\nresource \"aws_s3_bucket\" \"disk_image_bucket\" {\n bucket_prefix = \"vmimport\"\n}\n\n################## IAM ##################\n\nresource \"aws_iam_role\" \"vmimport\" {\n name = \"vmimport\"\n assume_role_policy = \"${file(\"files/assume-role-policy.json\")}\"\n}\n\n\nresource \"aws_iam_role_policy\" \"import_disk_image\" {\n name = \"import_disk_image\"\n role = \"${aws_iam_role.vmimport.name}\"\n policy = \"${data.template_file.policy.rendered}\"\n}\n" }, { "path": "single-ec2-instance/README.md", "content": "

\n \n

\n\n" }, { "path": "single-ec2-instance/main.tf", "content": "provider \"aws\" {\n region = \"us-east-1\"\n}\n\nresource \"aws_key_pair\" \"mysshkey\" {\n key_name = \"mysshkey\"\n public_key = \"${file(\"/home/core/.ssh/id_rsa.pub\")}\"\n}\n\nresource \"aws_instance\" \"node1\" {\n ami = \"ami-a4c7edb2\"\n instance_type = \"t2.micro\"\n key_name = \"mysshkey\"\n\n tags {\n Name = \"node1\"\n }\n}\n" }, { "path": "telegraf-influxdb-grafana/bootstrap.sh", "content": "#!/bin/sh\nyum update\nyum install -y docker curl\nservice docker start\nusermod -aG docker ec2-user\ncurl -L https://github.com/docker/compose/releases/download/1.15.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose\nchmod +x /usr/local/bin/docker-compose\n" }, { "path": "telegraf-influxdb-grafana/main.tf", "content": "provider \"aws\" {\n region = \"${var.region}\"\n}\n\nresource \"aws_security_group\" \"default\"{\n name = \"metricssg\"\n\n ingress {\n from_port = 0\n to_port = 65535\n protocol = \"tcp\"\n cidr_blocks = [\"0.0.0.0/0\"]\n }\n\n egress {\n from_port = 0\n to_port = 65535\n protocol = \"tcp\"\n cidr_blocks = [\"0.0.0.0/0\"]\n }\n\n ingress {\n from_port = -1\n to_port = -1\n protocol = \"icmp\"\n cidr_blocks = [\"0.0.0.0/0\"]\n }\n}\n\nresource \"aws_key_pair\" \"default\" {\n key_name = \"metricskp\"\n public_key = \"${file(\"${var.key_path}/id_rsa.pub\")}\"\n}\n\nresource \"aws_instance\" \"default\" {\n ami = \"${var.ami}\"\n instance_type = \"${var.instance_type}\"\n key_name = \"${aws_key_pair.default.id}\"\n security_groups = [\"${aws_security_group.default.name}\"]\n user_data = \"${file(\"${var.bootstrap_script}\")}\"\n\n tags {\n Name = \"athena\"\n }\n\n provisioner \"file\" {\n source = \"telegraf-influxdb-grafana/\"\n destination = \"/home/ec2-user/\"\n\n connection {\n type = \"ssh\"\n user = \"ec2-user\"\n private_key = \"${file(\"${var.key_path}/id_rsa\")}\"\n }\n }\n}\n" }, { "path": "telegraf-influxdb-grafana/variables.tf", "content": "variable \"region\" {\n description = \"AWS Region\"\n default = \"us-east-1\"\n}\n\nvariable \"ami\" {\n description = \"Amazon Linux Image\"\n default = \"ami-4fffc834\"\n}\n\nvariable \"instance_type\" {\n description = \"Instance type\"\n default = \"t2.micro\"\n}\n\nvariable \"key_path\" {\n description = \"SSH key path\"\n default = \"/home/core/.ssh/\"\n}\n\nvariable \"bootstrap_script\" {\n description = \"Shell script to install docker & compose\"\n default = \"bootstrap.sh\"\n}\n" }, { "path": "tick-stack-ansible/README.md", "content": "# TICK Stack\n\n* Telegraf\n* InfluxDB\n* Chronograf\n* Kapacitor\n\n

\n \n

\n\n# How to use\n\n## Terraform\n\n* Update variables.tfvars with your own AWS credentials\n* Install AWS plugin:\n\n```\n$ terraform init\n```\n\n* Create the AWS resources:\n\n```\n$ terraform apply -var-file=variables.tfvars\n```\n\n## Ansible\n\n* Install Role:\n\n```\n$ ansible-galaxy install mlabouardy.tick\n```\n\n* Execute playbook:\n\n```\n$ ansible-playbook --private-key=aws.pem -i inventory playbook.yml\n```\n" }, { "path": "tick-stack-ansible/ansible/group_vars/all", "content": "---\nremote_user: ubuntu\n" }, { "path": "tick-stack-ansible/ansible/inventory", "content": "[servers]\n" }, { "path": "tick-stack-ansible/ansible/playbook.yml", "content": "---\n- name: Setup TICK Stack\n hosts: servers\n remote_user: \"{{remote_user}}\"\n become: yes\n become_method: sudo\n roles:\n - mlabouardy.tick\n" }, { "path": "tick-stack-ansible/terraform/main.tf", "content": "provider \"aws\" {\r\n region = \"${var.region}\"\r\n access_key = \"${var.access_key}\"\r\n secret_key = \"${var.secret_key}\"\r\n}\r\n\r\n\r\nmodule \"tick_sg\" {\r\n source = \"github.com/terraform-aws-modules/terraform-aws-security-group\"\r\n\r\n name = \"${var.sg_name}\"\r\n description = \"${var.sg_description}\"\r\n vpc_id = \"${var.vpc_id}\"\r\n\r\n ingress_with_cidr_blocks = [\r\n {\r\n from_port = 8083\r\n to_port = 8083\r\n protocol = \"tcp\"\r\n description = \"InfluxDB admin dashboard\"\r\n cidr_blocks = \"0.0.0.0/0\"\r\n },\r\n {\r\n from_port = 8086\r\n to_port = 8086\r\n protocol = \"tcp\"\r\n description = \"InfluxDB API\"\r\n cidr_blocks = \"0.0.0.0/0\"\r\n },\r\n {\r\n from_port = 8888\r\n to_port = 8888\r\n protocol = \"tcp\"\r\n description = \"Chronograf Dashboard\"\r\n cidr_blocks = \"0.0.0.0/0\"\r\n },\r\n {\r\n from_port = 22\r\n to_port = 22\r\n protocol = \"tcp\"\r\n description = \"SSH access\"\r\n cidr_blocks = \"0.0.0.0/0\"\r\n },\r\n ]\r\n\r\n egress_with_cidr_blocks = [\r\n {\r\n from_port = 0\r\n to_port = 65535\r\n protocol = \"tcp\"\r\n description = \"Allow all outbound traffic\"\r\n cidr_blocks = \"0.0.0.0/0\"\r\n },\r\n ]\r\n}\r\n\r\nmodule \"tick_stack\" {\r\n source = \"github.com/terraform-aws-modules/terraform-aws-ec2-instance\"\r\n\r\n name = \"${var.hostname}\"\r\n ami = \"${var.ami}\"\r\n\r\n key_name = \"${var.key_name}\"\r\n instance_type = \"${var.instance_type}\"\r\n vpc_security_group_ids = [\"${module.tick_sg.this_security_group_id}\"]\r\n\r\n tags {\r\n Name = \"${var.hostname}\"\r\n }\r\n}\r\n" }, { "path": "tick-stack-ansible/terraform/outputs.tf", "content": "output \"instance_public_dns\" {\n value = \"${module.tick_stack.public_dns[0]}\"\n}\n" }, { "path": "tick-stack-ansible/terraform/variables.tf", "content": "variable \"region\" {\n description = \"AWS Region\"\n}\n\nvariable \"access_key\" {\n description = \"AWS Access Key ID\"\n}\n\nvariable \"secret_key\" {\n description = \"AWS Secret Key\"\n}\n\nvariable \"key_name\" {\n description = \"SSH KeyPair\"\n}\n\nvariable \"vpc_id\" {\n description = \"ID of the VPC where to create security group\"\n}\n\nvariable \"hostname\" {\n description = \"EC2 hostname\"\n default = \"tick_stack\"\n}\n\nvariable \"ami\" {\n description = \"Ubuntu Server 16.04 LTS\"\n default = \"ami-da05a4a0\"\n}\n\nvariable \"instance_type\" {\n description = \"EC2 Instance Type\"\n default = \"t2.micro\"\n}\n\nvariable \"sg_name\" {\n description = \"Security Group name\"\n default = \"tick_sg\"\n}\n\nvariable \"sg_description\" {\n description = \"SG description\"\n default = \"Allow InfluxDB, Chronograf & SSH access\"\n}\n" }, { "path": "tick-stack-ansible/terraform/variables.tfvars", "content": "region = \"AWS REGION\"\naccess_key = \"YOUR AWS ACCESS KEY ID\"\nsecret_key = \"YOUR AWS SECRET KEY\"\nkey_name = \"YOUR SSH KEY PAIR\"\nvpc_id = \"YOUR VPC ID\"\n" }, { "path": "vpc-public-private-subnet/README.md", "content": "

\n \n

\n\nHow to use in action is shown below:\n\n[![asciicast](https://asciinema.org/a/134951.png)](https://asciinema.org/a/134951)\n" }, { "path": "vpc-public-private-subnet/install.sh", "content": "#!/bin/sh\nyum install -y httpd\nservice start httpd\nchkonfig httpd on\necho \"

Hello from mlabouardy ^^

\" > /var/www/html/index.html\n" }, { "path": "vpc-public-private-subnet/provider.tf", "content": "# Define AWS as our provider\nprovider \"aws\" {\n region = \"${var.aws_region}\"\n}\n" }, { "path": "vpc-public-private-subnet/resources.tf", "content": "# Define SSH key pair for our instances\nresource \"aws_key_pair\" \"default\" {\n key_name = \"vpctestkeypair\"\n public_key = \"${file(\"${var.key_path}\")}\"\n}\n\n# Define webserver inside the public subnet\nresource \"aws_instance\" \"wb\" {\n ami = \"${var.ami}\"\n instance_type = \"t1.micro\"\n key_name = \"${aws_key_pair.default.id}\"\n subnet_id = \"${aws_subnet.public-subnet.id}\"\n vpc_security_group_ids = [\"${aws_security_group.sgweb.id}\"]\n associate_public_ip_address = true\n source_dest_check = false\n user_data = \"${file(\"install.sh\")}\"\n\n tags {\n Name = \"webserver\"\n }\n}\n\n# Define database inside the private subnet\nresource \"aws_instance\" \"db\" {\n ami = \"${var.ami}\"\n instance_type = \"t1.micro\"\n key_name = \"${aws_key_pair.default.id}\"\n subnet_id = \"${aws_subnet.private-subnet.id}\"\n vpc_security_group_ids = [\"${aws_security_group.sgdb.id}\"]\n source_dest_check = false\n\n tags {\n Name = \"database\"\n }\n}\n" }, { "path": "vpc-public-private-subnet/variables.tf", "content": "variable \"aws_region\" {\n description = \"Region for the VPC\"\n default = \"us-east-1\"\n}\n\nvariable \"vpc_cidr\" {\n description = \"CIDR for the VPC\"\n default = \"10.0.0.0/16\"\n}\n\nvariable \"public_subnet_cidr\" {\n description = \"CIDR for the public subnet\"\n default = \"10.0.1.0/24\"\n}\n\nvariable \"private_subnet_cidr\" {\n description = \"CIDR for the private subnet\"\n default = \"10.0.2.0/24\"\n}\n\nvariable \"ami\" {\n description = \"AMI for EC2\"\n default = \"ami-4fffc834\"\n}\n\nvariable \"key_path\" {\n description = \"SSH Public Key path\"\n default = \"/home/core/.ssh/id_rsa.pub\"\n}\n" }, { "path": "vpc-public-private-subnet/vpc.tf", "content": "# Define our VPC\nresource \"aws_vpc\" \"default\" {\n cidr_block = \"${var.vpc_cidr}\"\n enable_dns_hostnames = true\n\n tags {\n Name = \"test-vpc\"\n }\n}\n\n# Define the public subnet\nresource \"aws_subnet\" \"public-subnet\" {\n vpc_id = \"${aws_vpc.default.id}\"\n cidr_block = \"${var.public_subnet_cidr}\"\n availability_zone = \"us-east-1a\"\n\n tags {\n Name = \"Web Public Subnet\"\n }\n}\n\n# Define the private subnet\nresource \"aws_subnet\" \"private-subnet\" {\n vpc_id = \"${aws_vpc.default.id}\"\n cidr_block = \"${var.private_subnet_cidr}\"\n availability_zone = \"us-east-1b\"\n\n tags {\n Name = \"Database Private Subnet\"\n }\n}\n\n# Define the internet gateway\nresource \"aws_internet_gateway\" \"gw\" {\n vpc_id = \"${aws_vpc.default.id}\"\n\n tags {\n Name = \"VPC IGW\"\n }\n}\n\n# Define the route table\nresource \"aws_route_table\" \"web-public-rt\" {\n vpc_id = \"${aws_vpc.default.id}\"\n\n route {\n cidr_block = \"0.0.0.0/0\"\n gateway_id = \"${aws_internet_gateway.gw.id}\"\n }\n\n tags {\n Name = \"Public Subnet RT\"\n }\n}\n\n# Assign the route table to the public Subnet\nresource \"aws_route_table_association\" \"web-public-rt\" {\n subnet_id = \"${aws_subnet.public-subnet.id}\"\n route_table_id = \"${aws_route_table.web-public-rt.id}\"\n}\n\n# Define the security group for public subnet\nresource \"aws_security_group\" \"sgweb\" {\n name = \"vpc_test_web\"\n description = \"Allow incoming HTTP connections & SSH access\"\n\n ingress {\n from_port = 80\n to_port = 80\n protocol = \"tcp\"\n cidr_blocks = [\"0.0.0.0/0\"]\n }\n\n ingress {\n from_port = 443\n to_port = 443\n protocol = \"tcp\"\n cidr_blocks = [\"0.0.0.0/0\"]\n }\n\n ingress {\n from_port = -1\n to_port = -1\n protocol = \"icmp\"\n cidr_blocks = [\"0.0.0.0/0\"]\n }\n\n ingress {\n from_port = 22\n to_port = 22\n protocol = \"tcp\"\n cidr_blocks = [\"0.0.0.0/0\"]\n }\n\n vpc_id=\"${aws_vpc.default.id}\"\n\n tags {\n Name = \"Web Server SG\"\n }\n}\n\n# Define the security group for private subnet\nresource \"aws_security_group\" \"sgdb\"{\n name = \"sg_test_web\"\n description = \"Allow traffic from public subnet\"\n\n ingress {\n from_port = 3306\n to_port = 3306\n protocol = \"tcp\"\n cidr_blocks = [\"${var.public_subnet_cidr}\"]\n }\n\n ingress {\n from_port = -1\n to_port = -1\n protocol = \"icmp\"\n cidr_blocks = [\"${var.public_subnet_cidr}\"]\n }\n\n ingress {\n from_port = 22\n to_port = 22\n protocol = \"tcp\"\n cidr_blocks = [\"${var.public_subnet_cidr}\"]\n }\n\n vpc_id = \"${aws_vpc.default.id}\"\n\n tags {\n Name = \"DB SG\"\n }\n}\n" }, { "path": "wordpress/.gitignore", "content": "terraform.tfvars\n" }, { "path": "wordpress/bootstrap.sh", "content": "#/bin/sh\nyum install -y httpd php php-zlib php-iconv php-gd php-mbstring php-fileinfo php-curl php-mysql\nchkconfig httpd on\ncd /var/www\nwget www.wordpress.org/latest.zip\nunzip latest.zip\nrm latest.zip\nmv wordpress/* html/\nrm -r wordpress\nchown -R apache:apache html/\napachectl start\n" }, { "path": "wordpress/main.tf", "content": "provider \"aws\" {\n region = \"${var.region}\"\n}\n\nresource \"aws_vpc\" \"default\" {\n cidr_block = \"${var.vpc_cidr_block}\"\n enable_dns_hostnames = true\n\n tags {\n Name = \"vpc-blog\"\n }\n}\n\nresource \"aws_subnet\" \"public-subnet1\" {\n cidr_block = \"${var.public_subnet1_cidr_block}\"\n vpc_id = \"${aws_vpc.default.id}\"\n availability_zone = \"${var.public_subnet1_az}\"\n\n tags {\n Name = \"public-subnet-${var.public_subnet1_az}\"\n }\n}\n\nresource \"aws_subnet\" \"public-subnet2\" {\n cidr_block = \"${var.public_subnet2_cidr_block}\"\n vpc_id = \"${aws_vpc.default.id}\"\n availability_zone = \"${var.public_subnet2_az}\"\n\n tags {\n Name = \"public-subnet-${var.public_subnet2_az}\"\n }\n}\n\nresource \"aws_subnet\" \"private-subnet1\" {\n cidr_block = \"${var.private_subnet1_cidr_block}\"\n vpc_id = \"${aws_vpc.default.id}\"\n availability_zone = \"${var.private_subnet1_az}\"\n\n tags {\n Name = \"private-subnet-${var.private_subnet1_az}\"\n }\n}\n\nresource \"aws_subnet\" \"private-subnet2\" {\n cidr_block = \"${var.private_subnet2_cidr_block}\"\n vpc_id = \"${aws_vpc.default.id}\"\n availability_zone = \"${var.private_subnet2_az}\"\n\n tags {\n Name = \"private-subnet-${var.private_subnet2_az}\"\n }\n}\n\nresource \"aws_internet_gateway\" \"igw\" {\n vpc_id = \"${aws_vpc.default.id}\"\n\n tags {\n Name = \"WP Internet Gateway\"\n }\n}\n\nresource \"aws_route_table\" \"default\" {\n vpc_id = \"${aws_vpc.default.id}\"\n\n route {\n cidr_block = \"0.0.0.0/0\"\n gateway_id = \"${aws_internet_gateway.igw.id}\"\n }\n\n tags {\n Name = \"Route table for Public subnet\"\n }\n}\n\nresource \"aws_route_table_association\" \"rt-asso-public-subnet1\" {\n subnet_id = \"${aws_subnet.public-subnet1.id}\"\n route_table_id = \"${aws_route_table.default.id}\"\n}\n\nresource \"aws_route_table_association\" \"rt-asso-public-subnet2\" {\n subnet_id = \"${aws_subnet.public-subnet2.id}\"\n route_table_id = \"${aws_route_table.default.id}\"\n}\n\nresource \"aws_security_group\" \"wpsg\" {\n name = \"wpsg\"\n description = \"Allow Incoming HTTP traffic\"\n vpc_id = \"${aws_vpc.default.id}\"\n\n ingress {\n from_port = 80\n to_port = 80\n protocol = \"tcp\"\n cidr_blocks = [\"0.0.0.0/0\"]\n }\n\n ingress {\n from_port = 22\n to_port = 22\n protocol = \"tcp\"\n cidr_blocks = [\"0.0.0.0/0\"]\n }\n\n egress {\n from_port = 0\n to_port = 0\n protocol = \"-1\"\n cidr_blocks = [\"0.0.0.0/0\"]\n }\n\n tags {\n Name = \"blog-security-group\"\n }\n}\n\nresource \"aws_security_group\" \"elbsg\" {\n name = \"elbsg\"\n description = \"Allow Incoming HTTP traffic\"\n vpc_id = \"${aws_vpc.default.id}\"\n\n ingress {\n from_port = 80\n to_port = 80\n protocol = \"tcp\"\n cidr_blocks = [\"0.0.0.0/0\"]\n }\n\n egress {\n from_port = 0\n to_port = 0\n protocol = \"-1\"\n cidr_blocks = [\"0.0.0.0/0\"]\n }\n\n tags {\n Name = \"elb-security-group\"\n }\n}\n\nresource \"aws_security_group\" \"dbsg\" {\n name = \"dbsg\"\n description = \"Allow access to MySQL from WP\"\n vpc_id = \"${aws_vpc.default.id}\"\n\n ingress {\n from_port = 3306\n to_port = 3306\n protocol = \"tcp\"\n security_groups = [\"${aws_security_group.wpsg.id}\"]\n }\n\n tags {\n Name = \"db-security-group\"\n }\n}\n\nresource \"aws_key_pair\" \"default\" {\n key_name = \"blogkey\"\n public_key = \"${file(\"${var.key_path}\")}\"\n}\n\nresource \"aws_instance\" \"wb1\" {\n ami = \"${var.ami}\"\n instance_type = \"${var.instance_type}\"\n key_name = \"${aws_key_pair.default.id}\"\n user_data = \"${file(\"bootstrap.sh\")}\"\n vpc_security_group_ids = [\"${aws_security_group.wpsg.id}\"]\n subnet_id = \"${aws_subnet.public-subnet1.id}\"\n associate_public_ip_address = true\n\n tags {\n Name = \"wordpress-${var.public_subnet1_az}\"\n }\n}\n\nresource \"aws_instance\" \"wb2\" {\n ami = \"${var.ami}\"\n instance_type = \"${var.instance_type}\"\n key_name = \"${aws_key_pair.default.id}\"\n user_data = \"${file(\"bootstrap.sh\")}\"\n vpc_security_group_ids = [\"${aws_security_group.wpsg.id}\"]\n subnet_id = \"${aws_subnet.public-subnet2.id}\"\n associate_public_ip_address = true\n\n tags {\n Name = \"wordpress-${var.public_subnet2_az}\"\n }\n}\n\nresource \"aws_db_subnet_group\" \"default\" {\n name = \"db-subnet-group\"\n description = \"RDS Subnet Group\"\n subnet_ids = [\"${aws_subnet.private-subnet1.id}\", \"${aws_subnet.private-subnet2.id}\"]\n\n tags {\n Name = \"DB Subnet Group\"\n }\n}\n\nresource \"aws_db_instance\" \"default\" {\n name = \"${var.db_name}\"\n engine = \"${var.engine}\"\n engine_version = \"5.6.35\"\n storage_type = \"gp2\"\n allocated_storage = 5\n instance_class = \"db.t2.micro\"\n username = \"${var.db_username}\"\n password = \"${var.db_password}\"\n vpc_security_group_ids = [\"${aws_security_group.dbsg.id}\"]\n db_subnet_group_name = \"${aws_db_subnet_group.default.id}\"\n}\n\nresource \"aws_elb\" \"default\" {\n name = \"elbwp\"\n instances = [\"${aws_instance.wb1.id}\", \"${aws_instance.wb2.id}\"]\n subnets = [\"${aws_subnet.public-subnet1.id}\", \"${aws_subnet.public-subnet2.id}\"]\n security_groups = [\"${aws_security_group.elbsg.id}\"]\n cross_zone_load_balancing = true\n idle_timeout = 400\n connection_draining = true\n connection_draining_timeout = 400\n\n listener {\n instance_port = 80\n instance_protocol = \"tcp\"\n lb_port = 80\n lb_protocol = \"tcp\"\n }\n\n health_check {\n healthy_threshold = 2\n unhealthy_threshold = 2\n timeout = 3\n target = \"HTTP:80/\"\n interval = 30\n }\n}\n" }, { "path": "wordpress/outputs.tf", "content": "output \"ELB_DNS\" {\n value = \"${aws_elb.default.dns_name}\"\n}\n\noutput \"Blog_DNS\" {\n value = \"${aws_instance.default.public_dns}\"\n}\n\noutput \"MYSQL_DNS\" {\n value = \"${aws_db_instance.default.dns_name}\"\n}\n" }, { "path": "wordpress/variables.tf", "content": "variable \"region\" {\n description = \"VPC Region\"\n default = \"us-east-1\"\n}\n\nvariable \"vpc_cidr_block\" {\n description = \"VPC CIDR\"\n default = \"10.0.0.0/16\"\n}\n\nvariable \"public_subnet1_cidr_block\" {\n description = \"Public Subnet 1 CIDR\"\n default = \"10.0.1.0/24\"\n}\n\nvariable \"public_subnet2_cidr_block\" {\n description = \"Public Subnet 2 CIDR\"\n default = \"10.0.2.0/24\"\n}\n\nvariable \"private_subnet1_cidr_block\" {\n description = \"Private Subnet 1 CIDR\"\n default = \"10.0.3.0/24\"\n}\n\nvariable \"private_subnet2_cidr_block\" {\n description = \"Private Subnet 2 CIDR\"\n default = \"10.0.4.0/24\"\n}\n\nvariable \"public_subnet1_az\" {\n description = \"Public Subnet 1 Availability Zone\"\n default = \"us-east-1a\"\n}\n\nvariable \"public_subnet1_az\" {\n description = \"Public Subnet 2 Availability Zone\"\n default = \"us-east-1b\"\n}\n\n\nvariable \"private_subnet1_az\" {\n description = \"Private Subnet 1 Availability Zone\"\n default = \"us-east-1c\"\n}\n\nvariable \"private_subnet2_az\" {\n description = \"Private Subnet 2 Availability Zone\"\n default = \"us-east-1d\"\n}\n\nvariable \"key_path\" {\n description = \"Public Key path\"\n}\n\nvariable \"ami\" {\n description = \"Amazon Linux Image\"\n default = \"ami-4fffc834\"\n}\n\nvariable \"instance_type\" {\n description = \"Server Instance Type\"\n default = \"t2.micro\"\n}\n\nvariable \"engine\" {\n description = \"RDS Engine\"\n default = \"mysql\"\n}\n\nvariable \"db_name\" {\n description = \"Database Name\"\n default = \"mydb\"\n}\n\nvariable \"db_username\" {\n description = \"Database Username\"\n}\n\nvariable \"db_password\" {\n description = \"Database Password\"\n}\n" } ]