Repository: mlabouardy/terraform-aws-labs Branch: master Commit: 945a5242405f Files: 67 Total size: 38.8 KB Directory structure: gitextract_gpwgjukk/ ├── .gitmodules ├── LICENSE ├── README.md ├── autoscalling-elb/ │ └── main.tf ├── bastion-highavailability/ │ ├── README.md │ ├── dns.tf │ ├── outputs.tf │ ├── provider.tf │ ├── resources.tf │ ├── variables.tf │ ├── variables.tfvars │ └── vpc.tf ├── ci-pipeline/ │ ├── README.md │ ├── main.tf │ └── setup.sh ├── docker-registry/ │ ├── main.tf │ ├── outputs.tf │ ├── setup.sh │ ├── variables.tf │ └── variables.tfvars ├── docker-swarm-cluster/ │ ├── README.md │ ├── hosts │ ├── install-docker.sh │ ├── outputs.tf │ ├── playbook.yml │ ├── provider.tf │ ├── resources.tf │ ├── security_groups.tf │ └── variables.tf ├── ec2-elb/ │ ├── bootstrap-server1.sh │ ├── bootstrap-server2.sh │ ├── main.tf │ └── variables.tf ├── etcd-cluster/ │ ├── README.md │ ├── cloud-config.yml │ ├── provider.tf │ ├── resources.tf │ ├── security_groups.tf │ └── variables.tf ├── linuxkit-aws/ │ ├── aws.yml │ ├── files/ │ │ ├── assume-role-policy.json │ │ └── policy.tpl │ └── main.tf ├── single-ec2-instance/ │ ├── README.md │ └── main.tf ├── telegraf-influxdb-grafana/ │ ├── bootstrap.sh │ ├── main.tf │ └── variables.tf ├── tick-stack-ansible/ │ ├── README.md │ ├── ansible/ │ │ ├── group_vars/ │ │ │ └── all │ │ ├── inventory │ │ └── playbook.yml │ └── terraform/ │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── variables.tfvars ├── vpc-public-private-subnet/ │ ├── README.md │ ├── install.sh │ ├── provider.tf │ ├── resources.tf │ ├── variables.tf │ └── vpc.tf └── wordpress/ ├── .gitignore ├── bootstrap.sh ├── main.tf ├── outputs.tf └── variables.tf ================================================ FILE CONTENTS ================================================ ================================================ FILE: .gitmodules ================================================ [submodule "telegraf-influxdb-grafana/telegraf-influxdb-grafana"] path = telegraf-influxdb-grafana/telegraf-influxdb-grafana url = https://github.com/mlabouardy/telegraf-influxdb-grafana.git ================================================ FILE: LICENSE ================================================ MIT License Copyright (c) 2017 LABOUARDY Mohamed Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ================================================ FILE: README.md ================================================ # Terraform AWS Use cases Terraform template for AWS provider # How to use - Set AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY, environment variables ``` $ export AWS_ACCESS_KEY_ID="YOUR ACCESS KEY ID" $ export AWS_SECRET_ACCESS_KEY="YOUR SECRET ACCESS KEY" ``` # Tutorials * Setting up an etcd cluster on AWS using CoreOS & Terraform * Setup Docker Swarm on AWS using Ansible & Terraform * Manage AWS VPC as Infrastructure as Code with Terraform * Manage AWS Infrastracture as Code with Terraform * Highly Available Bastion Hosts with Route53 * Highly Available Docker Registry on AWS with Nexus ================================================ FILE: autoscalling-elb/main.tf ================================================ # Define launch configuration resource "aws_launch_configuration" "previously_webcluster" { name = "previously_webcluster" image_id = "${var.ami-webserver}" instance_type = "${var.instance_type}" lifecycle { create_before_destroy = true } } resource "aws_autoscaling_group" "previously_asg" { name = "previously_asg" launch_configuration = "${aws_launch_configuration.previously_webcluster.name}" min_size = 2 max_size = 3 lifecycle { create_before_destroy = true } } resource "aws_elb" "previously_elb" { name = "previously_elb" availability_zone = ["us-west-2a", "us-west-2b"] subnets = ["${aws_subnet.previously_private_us_west_2a.id}", "${aws_subnet.previously_private_us_west_2b.id}"] security_groups = ["${aws_security_group.previously_elb_sg.id}"] listener { instance_port = 80 instance_protocol = "http" lb_port = 80 lb_protocol = "http" } health_check { healthy_threshold = 2 unhealthy_threshold = 2 timeout = 3 target = "HTTP:80/" interval = 30 } cross_zone_load_balancing = true idle_timeout = 400 connection_draining = true connection_draining_timeout = 400 tags { Name = "previously_elb" } } ================================================ FILE: bastion-highavailability/README.md ================================================

================================================ FILE: bastion-highavailability/dns.tf ================================================ resource "aws_route53_record" "bastion-slowcoder" { zone_id = "${var.zone_id}" name = "bastion.slowcoder.com" type = "A" ttl = "330" records = ["${aws_eip.bastion-1a-eip.public_ip}", "${aws_eip.bastion-1b-eip.public_ip}"] } ================================================ FILE: bastion-highavailability/outputs.tf ================================================ output "BASTION-1" { value = "${aws_eip.bastion-1a-eip.public_ip}" } output "BASTION-2" { value = "${aws_eip.bastion-1b-eip.public_ip}" } output "PRIVATE-EC2" { value = "${aws_instance.private-ec2.private_ip}" } ================================================ FILE: bastion-highavailability/provider.tf ================================================ provider "aws" { region = "${var.region}" } ================================================ FILE: bastion-highavailability/resources.tf ================================================ resource "aws_instance" "bastion-1a" { ami = "${lookup(var.amis, var.region)}" instance_type = "${var.instance_type}" key_name = "${var.key_name}" subnet_id = "${aws_subnet.us-east-1a-public.id}" associate_public_ip_address = true tags { Name = "bastion-1a" } } resource "aws_eip" "bastion-1a-eip" { instance = "${aws_instance.bastion-1a.id}" vpc = true } resource "aws_instance" "bastion-1b" { ami = "${lookup(var.amis, var.region)}" instance_type = "${var.instance_type}" key_name = "${var.key_name}" subnet_id = "${aws_subnet.us-east-1b-public.id}" associate_public_ip_address = true tags { Name = "bastion-1b" } } resource "aws_eip" "bastion-1b-eip" { instance = "${aws_instance.bastion-1b.id}" vpc = true } resource "aws_instance" "private-ec2" { ami = "${lookup(var.amis, var.region)}" instance_type = "${var.instance_type}" key_name = "${var.key_name}" subnet_id = "${aws_subnet.us-east-1a-private.id}" tags { Name = "private-ec2" } } ================================================ FILE: bastion-highavailability/variables.tf ================================================ variable "key_name" {} variable "zone_id" {} variable "region" { description = "AWS Region" default = "us-east-1" } variable "vpc_cidr" { description = "VPC CIDR Block" default = "10.0.0.0/16" } variable "us_east_1a_public_cidr" { description = "CIDR for the public subnet" default = "10.0.1.0/24" } variable "us_east_1b_public_cidr" { description = "CIDR for the public subnet" default = "10.0.2.0/24" } variable "us_east_1a_private_cidr" { description = "CIDR for the public subnet" default = "10.0.3.0/24" } variable "availability_zones" { type = "map" description = "Availability Zones by CIDR" default = { "10.0.1.0/24" = "us-east-1a" "10.0.2.0/24" = "us-east-1b" "10.0.3.0/24" = "us-east-1a" } } variable "amis" { type = "map" description = "AMIs by region" default = { us-east-1 = "ami-4fffc834" } } variable "instance_type" { description = "EC2 instance type" default = "t2.micro" } ================================================ FILE: bastion-highavailability/variables.tfvars ================================================ key_name="" zone_id="" ================================================ FILE: bastion-highavailability/vpc.tf ================================================ resource "aws_vpc" "default" { cidr_block = "${var.vpc_cidr}" enable_dns_hostnames = true tags { Name = "testing" } } resource "aws_subnet" "us-east-1a-public" { vpc_id = "${aws_vpc.default.id}" cidr_block = "${var.us_east_1a_public_cidr}" availability_zone = "${lookup(var.availability_zones, var.us_east_1a_public_cidr)}" tags { Name = "us-east-1a-public" } } resource "aws_subnet" "us-east-1b-public" { vpc_id = "${aws_vpc.default.id}" cidr_block = "${var.us_east_1b_public_cidr}" availability_zone = "${lookup(var.availability_zones, var.us_east_1b_public_cidr)}" tags { Name = "us-east-1b-public" } } resource "aws_subnet" "us-east-1a-private" { vpc_id = "${aws_vpc.default.id}" cidr_block = "${var.us_east_1a_private_cidr}" availability_zone = "${lookup(var.availability_zones, var.us_east_1a_private_cidr)}" tags { Name = "us-east-1a-private" } } resource "aws_internet_gateway" "default" { vpc_id = "${aws_vpc.default.id}" tags { Name = "igw" } } resource "aws_route_table" "default" { vpc_id = "${aws_vpc.default.id}" route { cidr_block = "0.0.0.0/0" gateway_id = "${aws_internet_gateway.default.id}" } tags { Name = "public-rt" } } resource "aws_route_table_association" "1a-public-rt" { subnet_id = "${aws_subnet.us-east-1a-public.id}" route_table_id = "${aws_route_table.default.id}" } resource "aws_route_table_association" "1b-public-rt" { subnet_id = "${aws_subnet.us-east-1b-public.id}" route_table_id = "${aws_route_table.default.id}" } ================================================ FILE: ci-pipeline/README.md ================================================ ================================================ FILE: ci-pipeline/main.tf ================================================ provider "aws" { region = "${var.region}" access_key = "${var.access_key}" secret_key = "${var.secret_key}" } // SSH KeyPair resource "aws_key_pair" "default" { key_name = "registry" public_key = "${file("${var.ssh_public_key}")}" } // Jenkins Master resource "aws_instance" "ci-master" { ami = "${lookup()}" instance_type = "${var.instance_type}" key_name = "${aws_key_pair.default.id}" security_groups = ["${aws_security_group.default.name}"] user_data = "${file("setup.sh")}" tags { Name = "ci-master" } } // Jenkins Slave resource "aws_instance" "ci-slave" { ami = "${lookup()}" instance_type = "${var.instance_type}" key_name = "${aws_key_pair.default.id}" tags { Name = "ci-slave" } } // Deployment Environment resource "aws_instance" "node" { count = 3 ami = "${lookup()}" instance_type = "${var.instance_type}" key_name = "${aws_key_pair.default.id}" tags { Name = "node-${count.index}" } } ================================================ FILE: ci-pipeline/setup.sh ================================================ #!/bin/sh yum update -y yum install -y docker service docker start usermod -aG docker ec2-user ================================================ FILE: docker-registry/main.tf ================================================ provider "aws" { region = "${var.region}" secret_key = "${var.secret_key}" access_key = "${var.access_key}" } resource "aws_security_group" "default" { name = "registry_security_group" description = "Allow access to Nexus dashboard & traffic on port 5000" ingress { from_port = 22 to_port = 22 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } ingress { from_port = 8081 to_port = 8081 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } ingress { from_port = 5000 to_port = 5000 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } egress { from_port = 0 to_port = 0 protocol = -1 cidr_blocks = ["0.0.0.0/0"] } tags { Name = "registry_security_group" } } resource "aws_key_pair" "default" { key_name = "registry" public_key = "${file("${var.ssh_public_key}")}" } resource "aws_eip" "default" { instance = "${aws_instance.default.id}" vpc = true } resource "aws_instance" "default" { ami = "${lookup(var.amis, var.region)}" instance_type = "${var.instance_type}" key_name = "${aws_key_pair.default.id}" security_groups = ["${aws_security_group.default.name}"] user_data = "${file("setup.sh")}" tags { Name = "registry" } } resource "aws_route53_record" "default" { zone_id = "${var.dns_zone_id}" name = "${var.dns_name}" type = "A" ttl = "300" records = ["${aws_eip.default.public_ip}"] } ================================================ FILE: docker-registry/outputs.tf ================================================ output "Registry IP" { value = "${aws_eip.default.public_ip}" } ================================================ FILE: docker-registry/setup.sh ================================================ #!/bin/sh yum update -y yum install -y docker service docker start usermod -aG docker ec2-user docker swarm init docker service create --replicas 1 --name registry --publish 5000:5000 --publish 8081:8081 sonatype/nexus3:3.6.2 ================================================ FILE: docker-registry/variables.tf ================================================ variable "region" {} variable "secret_key" {} variable "access_key" {} variable "ssh_public_key" {} variable "dns_zone_id" {} variable "instance_type" { default = "t2.medium" } variable "amis" { type = "map" description = "Amazon Linux Image" default = { "us-east-1" = "ami-55ef662f" "us-east-2" = "ami-15e9c770" "eu-west-2" = "ami-e7d6c983" "eu-west-1" = "ami-1a962263" "ap-south-1" = "ami-d5c18eba" } } variable "dns_name" { default = "registry.slowcoder.com" } ================================================ FILE: docker-registry/variables.tfvars ================================================ region = "YOUR AWS REGION" secret_key = "YOUR AWS SECRET KEY" access_key = "YOUR AWS ACCESS KEY ID" ssh_public_key = "YOUR SSH PUBLIC KEY (.pub)" dns_zone_id = "YOUR ROUTE53 DNS ZONE ID" ================================================ FILE: docker-swarm-cluster/README.md ================================================

How to setup a docker swarm cluster in action is shown below: [![asciicast](https://asciinema.org/a/135278.png)](https://asciinema.org/a/135278) ================================================ FILE: docker-swarm-cluster/hosts ================================================ [masters] [workers] ================================================ FILE: docker-swarm-cluster/install-docker.sh ================================================ #!/bin/sh yum update yum install -y docker service docker start usermod -aG docker ec2-user ================================================ FILE: docker-swarm-cluster/outputs.tf ================================================ output "MASTER" { value = "${aws_instance.master.public_ip}" } output "WORKER1" { value = "${aws_instance.worker1.public_ip}" } output "WORKER2" { value = "${aws_instance.worker2.public_ip}" } ================================================ FILE: docker-swarm-cluster/playbook.yml ================================================ --- - name: Init Swarm Master hosts: masters gather_facts: False remote_user: ec2-user tasks: - name: Swarm Init command: docker swarm init --advertise-addr {{ inventory_hostname }} - name: Get Worker Token command: docker swarm join-token worker -q register: worker_token - name: Show Worker Token debug: var=worker_token.stdout - name: Master Token command: docker swarm join-token manager -q register: master_token - name: Show Master Token debug: var=master_token.stdout - name: Join Swarm Cluster hosts: workers remote_user: ec2-user gather_facts: False vars: token: "{{ hostvars[groups['masters'][0]]['worker_token']['stdout'] }}" master: "{{ hostvars[groups['masters'][0]]['inventory_hostname'] }}" tasks: - name: Join Swarm Cluster as a Worker command: docker swarm join --token {{ token }} {{ master }}:2377 register: worker - name: Show Results debug: var=worker.stdout - name: Show Errors debug: var=worker.stderr ================================================ FILE: docker-swarm-cluster/provider.tf ================================================ provider "aws" { region = "${var.aws_region}" } ================================================ FILE: docker-swarm-cluster/resources.tf ================================================ resource "aws_key_pair" "default"{ key_name = "clusterkp" public_key = "${file("${var.key_path}")}" } resource "aws_instance" "master" { ami = "${var.ami}" instance_type = "${var.instance_type}" key_name = "${aws_key_pair.default.id}" user_data = "${file("${var.bootstrap_path}")}" vpc_security_group_ids = ["${aws_security_group.default.id}"] tags { Name = "master" } } resource "aws_instance" "worker1" { ami = "${var.ami}" instance_type = "${var.instance_type}" key_name = "${aws_key_pair.default.id}" user_data = "${file("${var.bootstrap_path}")}" vpc_security_group_ids = ["${aws_security_group.default.id}"] tags { Name = "worker 1" } } resource "aws_instance" "worker2" { ami = "${var.ami}" instance_type = "${var.instance_type}" key_name = "${aws_key_pair.default.id}" user_data = "${file("${var.bootstrap_path}")}" vpc_security_group_ids = ["${aws_security_group.default.id}"] tags { Name = "worker 2" } } ================================================ FILE: docker-swarm-cluster/security_groups.tf ================================================ resource "aws_security_group" "default" { name = "sgswarmcluster" # Allow all inbound ingress { from_port = 0 to_port = 65535 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } egress { from_port = 0 to_port = 65535 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } # Enable ICMP ingress { from_port = -1 to_port = -1 protocol = "icmp" cidr_blocks = ["0.0.0.0/0"] } } ================================================ FILE: docker-swarm-cluster/variables.tf ================================================ variable "aws_region" { description = "AWS region on which we will setup the swarm cluster" default = "us-east-1" } variable "ami" { description = "Amazon Linux AMI" default = "ami-4fffc834" } variable "instance_type" { description = "Instance type" default = "t2.micro" } variable "key_path" { description = "SSH Public Key path" default = "/home/core/.ssh/id_rsa.pub" } variable "bootstrap_path" { description = "Script to install Docker Engine" default = "install-docker.sh" } ================================================ FILE: ec2-elb/bootstrap-server1.sh ================================================ #!/bin/sh yum install -y httpd service start httpd chkconfig httpd on echo "hello world server 1" > /var/www/html/index.html ================================================ FILE: ec2-elb/bootstrap-server2.sh ================================================ #!/bin/sh yum install -y httpd service start httpd chkconfig httpd on echo "hello world server 2" > /var/www/html/index.html ================================================ FILE: ec2-elb/main.tf ================================================ provider "aws" { region = "${var.region}" } resource "aws_security_group" "default" { name = "ec2-elb-sg" ingress { from_port = 0 to_port = 65535 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } egress { from_port = 0 to_port = 65535 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } ingress { from_port = -1 to_port = -1 protocol = "icmp" cidr_blocks = ["0.0.0.0/0"] } } resource "aws_key_pair" "default" { key_name = "ec2-elb-key" public_key = "${file("${var.key_path}")}" } resource "aws_instance" "server1" { ami = "${var.ami}" instance_type = "${var.instance_type}" key_name = "${aws_key_pair.default.id}" security_groups = ["${aws_security_group.default.name}"] user_data = "${file("bootstrap-server1.sh")}" tags { Name = "server1" } } resource "aws_instance" "server2" { ami = "${var.ami}" instance_type = "${var.instance_type}" key_name = "${aws_key_pair.default.id}" security_groups = ["${aws_security_group.default.name}"] user_data = "${file("bootstrap-server2.sh")}" tags { Name = "server2" } } resource "aws_elb" "default" { name = "ec2-elb" instances = ["${aws_instance.server1.id}", "${aws_instance.server2.id}"] availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"] listener { instance_port = 80 instance_protocol = "tcp" lb_port = 80 lb_protocol = "tcp" } health_check { target = "HTTP:80/" healthy_threshold = 2 unhealthy_threshold = 2 interval = 30 timeout = 5 } tags { Name = "ec2-elb" } } ================================================ FILE: ec2-elb/variables.tf ================================================ variable "region" { description = "AWS Region" default = "us-east-1" } variable "key_path" { description = "Public key path" default = "/root/.ssh/id_rsa.pub" } variable "ami" { description = "AMI" default = "ami-4fffc834" } variable "instance_type" { description = "EC2 instance type" default = "t2.micro" } ================================================ FILE: etcd-cluster/README.md ================================================

How to setup an etcd cluster on AWS is shown below: [![asciicast](https://asciinema.org/a/135407.png)](https://asciinema.org/a/135407) ================================================ FILE: etcd-cluster/cloud-config.yml ================================================ #cloud-config write_files: - path: /tmp/done owner: core:core permissions: 0644 content: | Cloud config has been provisionned coreos: etcd2: discovery: "https://discovery.etcd.io/b0d368f43a40eeb76b98efea9bb4055c" advertise-client-urls: "http://$private_ipv4:2379" initial-advertise-peer-urls: "http://$private_ipv4:2380" listen-client-urls: "http://$private_ipv4:2379,http://127.0.0.1:2379" listen-peer-urls: "http://$private_ipv4:2380" update: reboot-strategy: off units: - name: etcd2.service command: start ================================================ FILE: etcd-cluster/provider.tf ================================================ provider "aws" { region = "${var.region}" } ================================================ FILE: etcd-cluster/resources.tf ================================================ resource "aws_key_pair" "default" { key_name = "etcdcluster" public_key = "${file("${var.key_path}")}" } resource "aws_instance" "node1" { ami = "${var.ami}" instance_type = "${var.instance_type}" key_name = "${aws_key_pair.default.id}" vpc_security_group_ids = ["${aws_security_group.default.id}"] user_data = "${file("cloud-config.yml")}" tags { Name = "node1" } } resource "aws_instance" "node2" { ami = "${var.ami}" instance_type = "${var.instance_type}" key_name = "${aws_key_pair.default.id}" vpc_security_group_ids = ["${aws_security_group.default.id}"] user_data = "${file("cloud-config.yml")}" tags { Name = "node2" } } resource "aws_instance" "node3" { ami = "${var.ami}" instance_type = "${var.instance_type}" key_name = "${aws_key_pair.default.id}" vpc_security_group_ids = ["${aws_security_group.default.id}"] user_data = "${file("cloud-config.yml")}" tags { Name = "node3" } } ================================================ FILE: etcd-cluster/security_groups.tf ================================================ resource "aws_security_group" "default" { name = "etcdclustersg" ingress { from_port = 0 to_port = 65535 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } egress { from_port = 0 to_port = 65535 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } ingress { from_port = -1 to_port = -1 protocol = "icmp" cidr_blocks = ["0.0.0.0/0"] } } ================================================ FILE: etcd-cluster/variables.tf ================================================ variable "region" { description = "AWS Region" default = "us-east-1" } variable "ami" { description = "CoreOS AMI" default = "ami-38714c43" } variable "instance_type" { description = "Instance type" default = "t1.micro" } variable "key_path" { description = "SSH public key path" default = "/home/core/.ssh/id_rsa.pub" } ================================================ FILE: linuxkit-aws/aws.yml ================================================ kernel: image: linuxkit/kernel:4.9.39 cmdline: "console=ttyS0" init: - linuxkit/init:838b772355a8690143b37de1cdd4ac5db725271f - linuxkit/runc:d5cbeb95bdafedb82ad2cf11cff1a5da7fcae630 - linuxkit/containerd:e33e0534d6fca88e1eb86897a1ea410b4a5d722e - linuxkit/ca-certificates:67acf038c44bb191ebb704ec7bb39a1524052cdf onboot: - name: sysctl image: linuxkit/sysctl:d1a43c7c91e92374766f962dc8534cf9508756b0 - name: dhcpcd image: linuxkit/dhcpcd:17423c1ccced74e3c005fd80486e8177841fe02b command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] - name: metadata image: linuxkit/metadata:f5d4299909b159db35f72547e4ae70bd76c42c6c services: - name: rngd image: linuxkit/rngd:1516d5d70683a5d925fe475eb1b6164a2f67ac3b - name: sshd image: linuxkit/sshd:5dc5c3c4470c85f6c89f0e26b9d477ae4ff85a3c binds: - /var/config/ssh/authorized_keys:/root/.ssh/authorized_keys trust: org: - linuxkit - library ================================================ FILE: linuxkit-aws/files/assume-role-policy.json ================================================ { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "vmie.amazonaws.com" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals":{ "sts:Externalid": "vmimport" } } } ] } ================================================ FILE: linuxkit-aws/files/policy.tpl ================================================ { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:GetBucketLocation" ], "Resource": [ "arn:aws:s3:::${bucket}" ] }, { "Effect": "Allow", "Action": [ "s3:GetObject" ], "Resource": [ "arn:aws:s3:::${bucket}/*" ] }, { "Effect": "Allow", "Action":[ "ec2:ModifySnapshotAttribute", "ec2:CopySnapshot", "ec2:RegisterImage", "ec2:Describe*" ], "Resource": "*" } ] } ================================================ FILE: linuxkit-aws/main.tf ================================================ provider "aws" { region = "us-east-1" } data "template_file" "policy" { template = "${file("files/policy.tpl")}" vars { bucket = "${aws_s3_bucket.disk_image_bucket.id}" } } ################## S3 ################### resource "aws_s3_bucket" "disk_image_bucket" { bucket_prefix = "vmimport" } ################## IAM ################## resource "aws_iam_role" "vmimport" { name = "vmimport" assume_role_policy = "${file("files/assume-role-policy.json")}" } resource "aws_iam_role_policy" "import_disk_image" { name = "import_disk_image" role = "${aws_iam_role.vmimport.name}" policy = "${data.template_file.policy.rendered}" } ================================================ FILE: single-ec2-instance/README.md ================================================

================================================ FILE: single-ec2-instance/main.tf ================================================ provider "aws" { region = "us-east-1" } resource "aws_key_pair" "mysshkey" { key_name = "mysshkey" public_key = "${file("/home/core/.ssh/id_rsa.pub")}" } resource "aws_instance" "node1" { ami = "ami-a4c7edb2" instance_type = "t2.micro" key_name = "mysshkey" tags { Name = "node1" } } ================================================ FILE: telegraf-influxdb-grafana/bootstrap.sh ================================================ #!/bin/sh yum update yum install -y docker curl service docker start usermod -aG docker ec2-user curl -L https://github.com/docker/compose/releases/download/1.15.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose chmod +x /usr/local/bin/docker-compose ================================================ FILE: telegraf-influxdb-grafana/main.tf ================================================ provider "aws" { region = "${var.region}" } resource "aws_security_group" "default"{ name = "metricssg" ingress { from_port = 0 to_port = 65535 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } egress { from_port = 0 to_port = 65535 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } ingress { from_port = -1 to_port = -1 protocol = "icmp" cidr_blocks = ["0.0.0.0/0"] } } resource "aws_key_pair" "default" { key_name = "metricskp" public_key = "${file("${var.key_path}/id_rsa.pub")}" } resource "aws_instance" "default" { ami = "${var.ami}" instance_type = "${var.instance_type}" key_name = "${aws_key_pair.default.id}" security_groups = ["${aws_security_group.default.name}"] user_data = "${file("${var.bootstrap_script}")}" tags { Name = "athena" } provisioner "file" { source = "telegraf-influxdb-grafana/" destination = "/home/ec2-user/" connection { type = "ssh" user = "ec2-user" private_key = "${file("${var.key_path}/id_rsa")}" } } } ================================================ FILE: telegraf-influxdb-grafana/variables.tf ================================================ variable "region" { description = "AWS Region" default = "us-east-1" } variable "ami" { description = "Amazon Linux Image" default = "ami-4fffc834" } variable "instance_type" { description = "Instance type" default = "t2.micro" } variable "key_path" { description = "SSH key path" default = "/home/core/.ssh/" } variable "bootstrap_script" { description = "Shell script to install docker & compose" default = "bootstrap.sh" } ================================================ FILE: tick-stack-ansible/README.md ================================================ # TICK Stack * Telegraf * InfluxDB * Chronograf * Kapacitor

# How to use ## Terraform * Update variables.tfvars with your own AWS credentials * Install AWS plugin: ``` $ terraform init ``` * Create the AWS resources: ``` $ terraform apply -var-file=variables.tfvars ``` ## Ansible * Install Role: ``` $ ansible-galaxy install mlabouardy.tick ``` * Execute playbook: ``` $ ansible-playbook --private-key=aws.pem -i inventory playbook.yml ``` ================================================ FILE: tick-stack-ansible/ansible/group_vars/all ================================================ --- remote_user: ubuntu ================================================ FILE: tick-stack-ansible/ansible/inventory ================================================ [servers] ================================================ FILE: tick-stack-ansible/ansible/playbook.yml ================================================ --- - name: Setup TICK Stack hosts: servers remote_user: "{{remote_user}}" become: yes become_method: sudo roles: - mlabouardy.tick ================================================ FILE: tick-stack-ansible/terraform/main.tf ================================================ provider "aws" { region = "${var.region}" access_key = "${var.access_key}" secret_key = "${var.secret_key}" } module "tick_sg" { source = "github.com/terraform-aws-modules/terraform-aws-security-group" name = "${var.sg_name}" description = "${var.sg_description}" vpc_id = "${var.vpc_id}" ingress_with_cidr_blocks = [ { from_port = 8083 to_port = 8083 protocol = "tcp" description = "InfluxDB admin dashboard" cidr_blocks = "0.0.0.0/0" }, { from_port = 8086 to_port = 8086 protocol = "tcp" description = "InfluxDB API" cidr_blocks = "0.0.0.0/0" }, { from_port = 8888 to_port = 8888 protocol = "tcp" description = "Chronograf Dashboard" cidr_blocks = "0.0.0.0/0" }, { from_port = 22 to_port = 22 protocol = "tcp" description = "SSH access" cidr_blocks = "0.0.0.0/0" }, ] egress_with_cidr_blocks = [ { from_port = 0 to_port = 65535 protocol = "tcp" description = "Allow all outbound traffic" cidr_blocks = "0.0.0.0/0" }, ] } module "tick_stack" { source = "github.com/terraform-aws-modules/terraform-aws-ec2-instance" name = "${var.hostname}" ami = "${var.ami}" key_name = "${var.key_name}" instance_type = "${var.instance_type}" vpc_security_group_ids = ["${module.tick_sg.this_security_group_id}"] tags { Name = "${var.hostname}" } } ================================================ FILE: tick-stack-ansible/terraform/outputs.tf ================================================ output "instance_public_dns" { value = "${module.tick_stack.public_dns[0]}" } ================================================ FILE: tick-stack-ansible/terraform/variables.tf ================================================ variable "region" { description = "AWS Region" } variable "access_key" { description = "AWS Access Key ID" } variable "secret_key" { description = "AWS Secret Key" } variable "key_name" { description = "SSH KeyPair" } variable "vpc_id" { description = "ID of the VPC where to create security group" } variable "hostname" { description = "EC2 hostname" default = "tick_stack" } variable "ami" { description = "Ubuntu Server 16.04 LTS" default = "ami-da05a4a0" } variable "instance_type" { description = "EC2 Instance Type" default = "t2.micro" } variable "sg_name" { description = "Security Group name" default = "tick_sg" } variable "sg_description" { description = "SG description" default = "Allow InfluxDB, Chronograf & SSH access" } ================================================ FILE: tick-stack-ansible/terraform/variables.tfvars ================================================ region = "AWS REGION" access_key = "YOUR AWS ACCESS KEY ID" secret_key = "YOUR AWS SECRET KEY" key_name = "YOUR SSH KEY PAIR" vpc_id = "YOUR VPC ID" ================================================ FILE: vpc-public-private-subnet/README.md ================================================

How to use in action is shown below: [![asciicast](https://asciinema.org/a/134951.png)](https://asciinema.org/a/134951) ================================================ FILE: vpc-public-private-subnet/install.sh ================================================ #!/bin/sh yum install -y httpd service start httpd chkonfig httpd on echo "

Hello from mlabouardy ^^

" > /var/www/html/index.html ================================================ FILE: vpc-public-private-subnet/provider.tf ================================================ # Define AWS as our provider provider "aws" { region = "${var.aws_region}" } ================================================ FILE: vpc-public-private-subnet/resources.tf ================================================ # Define SSH key pair for our instances resource "aws_key_pair" "default" { key_name = "vpctestkeypair" public_key = "${file("${var.key_path}")}" } # Define webserver inside the public subnet resource "aws_instance" "wb" { ami = "${var.ami}" instance_type = "t1.micro" key_name = "${aws_key_pair.default.id}" subnet_id = "${aws_subnet.public-subnet.id}" vpc_security_group_ids = ["${aws_security_group.sgweb.id}"] associate_public_ip_address = true source_dest_check = false user_data = "${file("install.sh")}" tags { Name = "webserver" } } # Define database inside the private subnet resource "aws_instance" "db" { ami = "${var.ami}" instance_type = "t1.micro" key_name = "${aws_key_pair.default.id}" subnet_id = "${aws_subnet.private-subnet.id}" vpc_security_group_ids = ["${aws_security_group.sgdb.id}"] source_dest_check = false tags { Name = "database" } } ================================================ FILE: vpc-public-private-subnet/variables.tf ================================================ variable "aws_region" { description = "Region for the VPC" default = "us-east-1" } variable "vpc_cidr" { description = "CIDR for the VPC" default = "10.0.0.0/16" } variable "public_subnet_cidr" { description = "CIDR for the public subnet" default = "10.0.1.0/24" } variable "private_subnet_cidr" { description = "CIDR for the private subnet" default = "10.0.2.0/24" } variable "ami" { description = "AMI for EC2" default = "ami-4fffc834" } variable "key_path" { description = "SSH Public Key path" default = "/home/core/.ssh/id_rsa.pub" } ================================================ FILE: vpc-public-private-subnet/vpc.tf ================================================ # Define our VPC resource "aws_vpc" "default" { cidr_block = "${var.vpc_cidr}" enable_dns_hostnames = true tags { Name = "test-vpc" } } # Define the public subnet resource "aws_subnet" "public-subnet" { vpc_id = "${aws_vpc.default.id}" cidr_block = "${var.public_subnet_cidr}" availability_zone = "us-east-1a" tags { Name = "Web Public Subnet" } } # Define the private subnet resource "aws_subnet" "private-subnet" { vpc_id = "${aws_vpc.default.id}" cidr_block = "${var.private_subnet_cidr}" availability_zone = "us-east-1b" tags { Name = "Database Private Subnet" } } # Define the internet gateway resource "aws_internet_gateway" "gw" { vpc_id = "${aws_vpc.default.id}" tags { Name = "VPC IGW" } } # Define the route table resource "aws_route_table" "web-public-rt" { vpc_id = "${aws_vpc.default.id}" route { cidr_block = "0.0.0.0/0" gateway_id = "${aws_internet_gateway.gw.id}" } tags { Name = "Public Subnet RT" } } # Assign the route table to the public Subnet resource "aws_route_table_association" "web-public-rt" { subnet_id = "${aws_subnet.public-subnet.id}" route_table_id = "${aws_route_table.web-public-rt.id}" } # Define the security group for public subnet resource "aws_security_group" "sgweb" { name = "vpc_test_web" description = "Allow incoming HTTP connections & SSH access" ingress { from_port = 80 to_port = 80 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } ingress { from_port = 443 to_port = 443 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } ingress { from_port = -1 to_port = -1 protocol = "icmp" cidr_blocks = ["0.0.0.0/0"] } ingress { from_port = 22 to_port = 22 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } vpc_id="${aws_vpc.default.id}" tags { Name = "Web Server SG" } } # Define the security group for private subnet resource "aws_security_group" "sgdb"{ name = "sg_test_web" description = "Allow traffic from public subnet" ingress { from_port = 3306 to_port = 3306 protocol = "tcp" cidr_blocks = ["${var.public_subnet_cidr}"] } ingress { from_port = -1 to_port = -1 protocol = "icmp" cidr_blocks = ["${var.public_subnet_cidr}"] } ingress { from_port = 22 to_port = 22 protocol = "tcp" cidr_blocks = ["${var.public_subnet_cidr}"] } vpc_id = "${aws_vpc.default.id}" tags { Name = "DB SG" } } ================================================ FILE: wordpress/.gitignore ================================================ terraform.tfvars ================================================ FILE: wordpress/bootstrap.sh ================================================ #/bin/sh yum install -y httpd php php-zlib php-iconv php-gd php-mbstring php-fileinfo php-curl php-mysql chkconfig httpd on cd /var/www wget www.wordpress.org/latest.zip unzip latest.zip rm latest.zip mv wordpress/* html/ rm -r wordpress chown -R apache:apache html/ apachectl start ================================================ FILE: wordpress/main.tf ================================================ provider "aws" { region = "${var.region}" } resource "aws_vpc" "default" { cidr_block = "${var.vpc_cidr_block}" enable_dns_hostnames = true tags { Name = "vpc-blog" } } resource "aws_subnet" "public-subnet1" { cidr_block = "${var.public_subnet1_cidr_block}" vpc_id = "${aws_vpc.default.id}" availability_zone = "${var.public_subnet1_az}" tags { Name = "public-subnet-${var.public_subnet1_az}" } } resource "aws_subnet" "public-subnet2" { cidr_block = "${var.public_subnet2_cidr_block}" vpc_id = "${aws_vpc.default.id}" availability_zone = "${var.public_subnet2_az}" tags { Name = "public-subnet-${var.public_subnet2_az}" } } resource "aws_subnet" "private-subnet1" { cidr_block = "${var.private_subnet1_cidr_block}" vpc_id = "${aws_vpc.default.id}" availability_zone = "${var.private_subnet1_az}" tags { Name = "private-subnet-${var.private_subnet1_az}" } } resource "aws_subnet" "private-subnet2" { cidr_block = "${var.private_subnet2_cidr_block}" vpc_id = "${aws_vpc.default.id}" availability_zone = "${var.private_subnet2_az}" tags { Name = "private-subnet-${var.private_subnet2_az}" } } resource "aws_internet_gateway" "igw" { vpc_id = "${aws_vpc.default.id}" tags { Name = "WP Internet Gateway" } } resource "aws_route_table" "default" { vpc_id = "${aws_vpc.default.id}" route { cidr_block = "0.0.0.0/0" gateway_id = "${aws_internet_gateway.igw.id}" } tags { Name = "Route table for Public subnet" } } resource "aws_route_table_association" "rt-asso-public-subnet1" { subnet_id = "${aws_subnet.public-subnet1.id}" route_table_id = "${aws_route_table.default.id}" } resource "aws_route_table_association" "rt-asso-public-subnet2" { subnet_id = "${aws_subnet.public-subnet2.id}" route_table_id = "${aws_route_table.default.id}" } resource "aws_security_group" "wpsg" { name = "wpsg" description = "Allow Incoming HTTP traffic" vpc_id = "${aws_vpc.default.id}" ingress { from_port = 80 to_port = 80 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } ingress { from_port = 22 to_port = 22 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } tags { Name = "blog-security-group" } } resource "aws_security_group" "elbsg" { name = "elbsg" description = "Allow Incoming HTTP traffic" vpc_id = "${aws_vpc.default.id}" ingress { from_port = 80 to_port = 80 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } tags { Name = "elb-security-group" } } resource "aws_security_group" "dbsg" { name = "dbsg" description = "Allow access to MySQL from WP" vpc_id = "${aws_vpc.default.id}" ingress { from_port = 3306 to_port = 3306 protocol = "tcp" security_groups = ["${aws_security_group.wpsg.id}"] } tags { Name = "db-security-group" } } resource "aws_key_pair" "default" { key_name = "blogkey" public_key = "${file("${var.key_path}")}" } resource "aws_instance" "wb1" { ami = "${var.ami}" instance_type = "${var.instance_type}" key_name = "${aws_key_pair.default.id}" user_data = "${file("bootstrap.sh")}" vpc_security_group_ids = ["${aws_security_group.wpsg.id}"] subnet_id = "${aws_subnet.public-subnet1.id}" associate_public_ip_address = true tags { Name = "wordpress-${var.public_subnet1_az}" } } resource "aws_instance" "wb2" { ami = "${var.ami}" instance_type = "${var.instance_type}" key_name = "${aws_key_pair.default.id}" user_data = "${file("bootstrap.sh")}" vpc_security_group_ids = ["${aws_security_group.wpsg.id}"] subnet_id = "${aws_subnet.public-subnet2.id}" associate_public_ip_address = true tags { Name = "wordpress-${var.public_subnet2_az}" } } resource "aws_db_subnet_group" "default" { name = "db-subnet-group" description = "RDS Subnet Group" subnet_ids = ["${aws_subnet.private-subnet1.id}", "${aws_subnet.private-subnet2.id}"] tags { Name = "DB Subnet Group" } } resource "aws_db_instance" "default" { name = "${var.db_name}" engine = "${var.engine}" engine_version = "5.6.35" storage_type = "gp2" allocated_storage = 5 instance_class = "db.t2.micro" username = "${var.db_username}" password = "${var.db_password}" vpc_security_group_ids = ["${aws_security_group.dbsg.id}"] db_subnet_group_name = "${aws_db_subnet_group.default.id}" } resource "aws_elb" "default" { name = "elbwp" instances = ["${aws_instance.wb1.id}", "${aws_instance.wb2.id}"] subnets = ["${aws_subnet.public-subnet1.id}", "${aws_subnet.public-subnet2.id}"] security_groups = ["${aws_security_group.elbsg.id}"] cross_zone_load_balancing = true idle_timeout = 400 connection_draining = true connection_draining_timeout = 400 listener { instance_port = 80 instance_protocol = "tcp" lb_port = 80 lb_protocol = "tcp" } health_check { healthy_threshold = 2 unhealthy_threshold = 2 timeout = 3 target = "HTTP:80/" interval = 30 } } ================================================ FILE: wordpress/outputs.tf ================================================ output "ELB_DNS" { value = "${aws_elb.default.dns_name}" } output "Blog_DNS" { value = "${aws_instance.default.public_dns}" } output "MYSQL_DNS" { value = "${aws_db_instance.default.dns_name}" } ================================================ FILE: wordpress/variables.tf ================================================ variable "region" { description = "VPC Region" default = "us-east-1" } variable "vpc_cidr_block" { description = "VPC CIDR" default = "10.0.0.0/16" } variable "public_subnet1_cidr_block" { description = "Public Subnet 1 CIDR" default = "10.0.1.0/24" } variable "public_subnet2_cidr_block" { description = "Public Subnet 2 CIDR" default = "10.0.2.0/24" } variable "private_subnet1_cidr_block" { description = "Private Subnet 1 CIDR" default = "10.0.3.0/24" } variable "private_subnet2_cidr_block" { description = "Private Subnet 2 CIDR" default = "10.0.4.0/24" } variable "public_subnet1_az" { description = "Public Subnet 1 Availability Zone" default = "us-east-1a" } variable "public_subnet1_az" { description = "Public Subnet 2 Availability Zone" default = "us-east-1b" } variable "private_subnet1_az" { description = "Private Subnet 1 Availability Zone" default = "us-east-1c" } variable "private_subnet2_az" { description = "Private Subnet 2 Availability Zone" default = "us-east-1d" } variable "key_path" { description = "Public Key path" } variable "ami" { description = "Amazon Linux Image" default = "ami-4fffc834" } variable "instance_type" { description = "Server Instance Type" default = "t2.micro" } variable "engine" { description = "RDS Engine" default = "mysql" } variable "db_name" { description = "Database Name" default = "mydb" } variable "db_username" { description = "Database Username" } variable "db_password" { description = "Database Password" }