Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
linux_wiki:terraform [2018/06/14 22:11] billdozor [Terraform Example: 2 Tier VPC] |
linux_wiki:terraform [2019/05/25 23:50] (current) |
||
---|---|---|---|
Line 5: | Line 5: | ||
" | " | ||
- | Site | + | Sites |
* Official Site: https:// | * Official Site: https:// | ||
* Downloads: https:// | * Downloads: https:// | ||
* Getting started: https:// | * Getting started: https:// | ||
+ | * AWS Provider Reference Doc: https:// | ||
+ | \\ | ||
**Checklist** | **Checklist** | ||
* AWS Account | * AWS Account | ||
Line 45: | Line 47: | ||
====== Terraform Example: 2 Tier VPC ====== | ====== Terraform Example: 2 Tier VPC ====== | ||
+ | **Pre-Req**: | ||
+ | |||
+ | \\ | ||
Creating a 2-tier VPC (public and private subnets), utilizing 3 availability zones in US-West (Oregon). | Creating a 2-tier VPC (public and private subnets), utilizing 3 availability zones in US-West (Oregon). | ||
Line 69: | Line 74: | ||
└── variables.tf | └── variables.tf | ||
</ | </ | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ===== File Contents ===== | ||
+ | |||
+ | Contents of the above config files. | ||
+ | |||
+ | ==== File Contents: Root Files ==== | ||
+ | |||
+ | Files in the top level directory. Ordered in a way that is easier to follow. | ||
+ | |||
+ | <code bash main.tf># | ||
+ | # Description: | ||
+ | # AWS Credentials auto loaded from ~/ | ||
+ | |||
+ | ## AWS Provider and Region | ||
+ | provider " | ||
+ | region = " | ||
+ | # Name of profile to use from ~/ | ||
+ | profile = " | ||
+ | } | ||
+ | |||
+ | ## Module: Site Infrastructure Setup | ||
+ | module " | ||
+ | source = " | ||
+ | availability_zones = " | ||
+ | public_subnet01_cidr = " | ||
+ | public_subnet02_cidr = " | ||
+ | public_subnet03_cidr = " | ||
+ | private_subnet01_cidr = " | ||
+ | private_subnet02_cidr = " | ||
+ | private_subnet03_cidr = " | ||
+ | vpc_cidr = " | ||
+ | }</ | ||
+ | |||
+ | <code bash variables.tf># | ||
+ | # Description: | ||
+ | |||
+ | ####-- Global Variables --#### | ||
+ | |||
+ | # AWS Region To Use | ||
+ | variable " | ||
+ | default = " | ||
+ | } | ||
+ | |||
+ | # Availability Zones To Use | ||
+ | variable " | ||
+ | type = " | ||
+ | default = [ " | ||
+ | } | ||
+ | |||
+ | ####-- VPC Variables --#### | ||
+ | |||
+ | # VPC Network | ||
+ | variable " | ||
+ | description = "CIDR for the whole VPC" | ||
+ | # /21 = 2046 IPs, 10.0.0.1 - 10.0.7.254 | ||
+ | default = " | ||
+ | } | ||
+ | |||
+ | # Public Subnet 01 (with IGW) | ||
+ | variable " | ||
+ | description = "CIDR for the Public Subnet" | ||
+ | # /25 = 126 IPs, 10.0.0.1 - 10.0.0.126 | ||
+ | default = " | ||
+ | } | ||
+ | |||
+ | # Public Subnet 02 (with IGW) | ||
+ | variable " | ||
+ | description = "CIDR for the Public Subnet" | ||
+ | # /25 = 126 IPs, 10.0.0.129 - 10.0.0.254 | ||
+ | default = " | ||
+ | } | ||
+ | |||
+ | # Public Subnet 03 (with IGW) | ||
+ | variable " | ||
+ | description = "CIDR for the Public Subnet" | ||
+ | # /25 = 126 IPs, 10.0.1.1 - 10.0.1.126 | ||
+ | default = " | ||
+ | } | ||
+ | |||
+ | # Private Subnet 01 (no IGW) | ||
+ | variable " | ||
+ | description = "CIDR for the Private Subnet" | ||
+ | # /23 = 510 IPs, 10.0.2.1 - 10.0.3.254 | ||
+ | default = " | ||
+ | } | ||
+ | |||
+ | # Private Subnet 02 (no IGW) | ||
+ | variable " | ||
+ | description = "CIDR for the Private Subnet" | ||
+ | # /23 = 510 IPs, 10.0.4.1 - 10.0.5.254 | ||
+ | default = " | ||
+ | } | ||
+ | |||
+ | # Private Subnet 03 (no IGW) | ||
+ | variable " | ||
+ | description = "CIDR for the Private Subnet" | ||
+ | # /23 = 510 IPs, 10.0.6.1 - 10.0.7.254 | ||
+ | default = " | ||
+ | }</ | ||
+ | |||
+ | <code bash outputs.tf> | ||
+ | # Description: | ||
+ | # If terraform apply is run within this directory, these variables | ||
+ | # are displayed at the end of the run. | ||
+ | |||
+ | # Pull the VPC ID from the site module | ||
+ | output " | ||
+ | value = " | ||
+ | }</ | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ==== File Contents: Site Module Files ==== | ||
+ | |||
+ | Files in the site/ module directory. Ordered in a way that is easier to follow. | ||
+ | |||
+ | <code bash variables.tf># | ||
+ | # Description: | ||
+ | # Unset variables are expected to be passed in from the calling parent | ||
+ | |||
+ | # Availability Zones: Inherit from main variables | ||
+ | variable " | ||
+ | |||
+ | # VPC CIDR: Inherit from main variables | ||
+ | variable " | ||
+ | |||
+ | # Public Subnets (with IGW): Inherit from main | ||
+ | variable " | ||
+ | variable " | ||
+ | variable " | ||
+ | |||
+ | # Private Subnets (no IGW): Inherit from main | ||
+ | variable " | ||
+ | variable " | ||
+ | variable " | ||
+ | |||
+ | <code bash vpc.tf># Title: site/vpc.tf | ||
+ | # Description: | ||
+ | |||
+ | ####-- VPC --#### | ||
+ | |||
+ | # VPC: Creation | ||
+ | resource " | ||
+ | cidr_block = " | ||
+ | enable_dns_hostnames = true | ||
+ | tags { | ||
+ | Name = " | ||
+ | } | ||
+ | } | ||
+ | |||
+ | # VPC: Internet Gateway | ||
+ | resource " | ||
+ | vpc_id = " | ||
+ | tags { | ||
+ | Name = " | ||
+ | } | ||
+ | }</ | ||
+ | |||
+ | <code bash subnets.tf># | ||
+ | # Description: | ||
+ | |||
+ | ####-- Subnets --#### | ||
+ | |||
+ | # Public Subnet 01 | ||
+ | resource " | ||
+ | vpc_id = " | ||
+ | cidr_block = " | ||
+ | availability_zone = " | ||
+ | tags { | ||
+ | Name = " | ||
+ | } | ||
+ | } | ||
+ | |||
+ | # Public Subnet 02 | ||
+ | resource " | ||
+ | vpc_id = " | ||
+ | cidr_block = " | ||
+ | availability_zone = " | ||
+ | tags { | ||
+ | Name = " | ||
+ | } | ||
+ | } | ||
+ | |||
+ | # Public Subnet 03 | ||
+ | resource " | ||
+ | vpc_id = " | ||
+ | cidr_block = " | ||
+ | availability_zone = " | ||
+ | tags { | ||
+ | Name = " | ||
+ | } | ||
+ | } | ||
+ | |||
+ | # Private Subnet 01 | ||
+ | resource " | ||
+ | vpc_id = " | ||
+ | cidr_block = " | ||
+ | availability_zone = " | ||
+ | tags { | ||
+ | Name = " | ||
+ | } | ||
+ | } | ||
+ | |||
+ | # Private Subnet 02 | ||
+ | resource " | ||
+ | vpc_id = " | ||
+ | cidr_block = " | ||
+ | availability_zone = " | ||
+ | tags { | ||
+ | Name = " | ||
+ | } | ||
+ | } | ||
+ | |||
+ | # Private Subnet 03 | ||
+ | resource " | ||
+ | vpc_id = " | ||
+ | cidr_block = " | ||
+ | availability_zone = " | ||
+ | tags { | ||
+ | Name = " | ||
+ | } | ||
+ | }</ | ||
+ | |||
+ | <code bash nat_gateway.tf># | ||
+ | # Description: | ||
+ | |||
+ | # Note: For true high availabity, you will want: | ||
+ | # -An EIP and NAT GW per public subnet | ||
+ | # | ||
+ | |||
+ | # Create the required Elastic IPs to be assigned to the NAT Gateways | ||
+ | resource " | ||
+ | vpc = true | ||
+ | } | ||
+ | |||
+ | resource " | ||
+ | vpc = true | ||
+ | } | ||
+ | |||
+ | resource " | ||
+ | vpc = true | ||
+ | } | ||
+ | |||
+ | # Create the NAT Gateways | ||
+ | resource " | ||
+ | subnet_id = " | ||
+ | allocation_id = " | ||
+ | tags { Name = " | ||
+ | |||
+ | # Dependencies: | ||
+ | depends_on = [" | ||
+ | } | ||
+ | |||
+ | resource " | ||
+ | subnet_id = " | ||
+ | allocation_id = " | ||
+ | tags { Name = " | ||
+ | |||
+ | # Dependencies: | ||
+ | depends_on = [" | ||
+ | } | ||
+ | |||
+ | resource " | ||
+ | subnet_id = " | ||
+ | allocation_id = " | ||
+ | tags { Name = " | ||
+ | |||
+ | # Dependencies: | ||
+ | depends_on = [" | ||
+ | } | ||
+ | |||
+ | # Route to the NAT Gateway provided elsewhere (in private route table)</ | ||
+ | |||
+ | <code bash routes.tf># | ||
+ | # Description: | ||
+ | |||
+ | ####-- Routes --#### | ||
+ | |||
+ | ##-- Public Subnet Routes --## | ||
+ | |||
+ | # Public Route Table - Default Route to Internet Gateway | ||
+ | resource " | ||
+ | vpc_id = " | ||
+ | |||
+ | route { | ||
+ | cidr_block = " | ||
+ | gateway_id = " | ||
+ | } | ||
+ | |||
+ | tags { | ||
+ | Name = " | ||
+ | } | ||
+ | } | ||
+ | |||
+ | # Associate Subnet Public 01 with Route Table | ||
+ | resource " | ||
+ | subnet_id = " | ||
+ | route_table_id = " | ||
+ | } | ||
+ | |||
+ | # Associate Subnet Public 02 with Route Table | ||
+ | resource " | ||
+ | subnet_id = " | ||
+ | route_table_id = " | ||
+ | } | ||
+ | |||
+ | # Associate Subnet Public 03 with Route Table | ||
+ | resource " | ||
+ | subnet_id = " | ||
+ | route_table_id = " | ||
+ | } | ||
+ | |||
+ | ##-- Private Subnet Routes --## | ||
+ | |||
+ | # Private Route Tables - Default Route to NAT GW in each AZ | ||
+ | resource " | ||
+ | vpc_id = " | ||
+ | |||
+ | route { | ||
+ | cidr_block = " | ||
+ | nat_gateway_id = " | ||
+ | } | ||
+ | |||
+ | tags { | ||
+ | Name = " | ||
+ | } | ||
+ | } | ||
+ | |||
+ | resource " | ||
+ | vpc_id = " | ||
+ | |||
+ | route { | ||
+ | cidr_block = " | ||
+ | nat_gateway_id = " | ||
+ | } | ||
+ | |||
+ | tags { | ||
+ | Name = " | ||
+ | } | ||
+ | } | ||
+ | |||
+ | resource " | ||
+ | vpc_id = " | ||
+ | |||
+ | route { | ||
+ | cidr_block = " | ||
+ | nat_gateway_id = " | ||
+ | } | ||
+ | |||
+ | tags { | ||
+ | Name = " | ||
+ | } | ||
+ | } | ||
+ | |||
+ | # Associate Subnet Private 01 with Route Table | ||
+ | resource " | ||
+ | subnet_id = " | ||
+ | route_table_id = " | ||
+ | } | ||
+ | |||
+ | # Associate Subnet Private 02 with Route Table | ||
+ | resource " | ||
+ | subnet_id = " | ||
+ | route_table_id = " | ||
+ | } | ||
+ | |||
+ | # Associate Subnet Private 03 with Route Table | ||
+ | resource " | ||
+ | subnet_id = " | ||
+ | route_table_id = " | ||
+ | }</ | ||
+ | |||
+ | <code bash security_groups.tf># | ||
+ | # Description: | ||
+ | |||
+ | ####-- Security Groups --#### | ||
+ | |||
+ | # Create default locked down security groups for private and public subnets | ||
+ | |||
+ | # Security Group: Public Subnets | ||
+ | resource " | ||
+ | name = " | ||
+ | description = " | ||
+ | tags = { Name = " | ||
+ | vpc_id = " | ||
+ | |||
+ | ##-- Ingress/ | ||
+ | # No ingress/ | ||
+ | #ingress { | ||
+ | #} | ||
+ | |||
+ | ##-- Egress/ | ||
+ | # Allow all egress/ | ||
+ | egress { | ||
+ | from_port = 0 | ||
+ | to_port = 0 | ||
+ | protocol = " | ||
+ | cidr_blocks = [" | ||
+ | } | ||
+ | } | ||
+ | |||
+ | # Security Group: Private Subnets | ||
+ | resource " | ||
+ | name = " | ||
+ | description = " | ||
+ | tags = { Name = " | ||
+ | vpc_id = " | ||
+ | |||
+ | ##-- Ingress/ | ||
+ | # Allow all ssh traffic from default public security group | ||
+ | ingress { | ||
+ | from_port = 22 | ||
+ | to_port = 22 | ||
+ | protocol = " | ||
+ | security_groups = [" | ||
+ | } | ||
+ | |||
+ | # Allow all traffic within the private security group | ||
+ | ingress { | ||
+ | from_port = 0 | ||
+ | to_port = 0 | ||
+ | protocol = " | ||
+ | self = " | ||
+ | } | ||
+ | |||
+ | ##-- Egress/ | ||
+ | # Allow all egress/ | ||
+ | egress { | ||
+ | from_port = 0 | ||
+ | to_port = 0 | ||
+ | protocol = " | ||
+ | cidr_blocks = [" | ||
+ | } | ||
+ | }</ | ||
+ | |||
+ | <code bash outputs.tf># | ||
+ | # Description: | ||
+ | # Accessible via " | ||
+ | |||
+ | # Set output variable from resource format | ||
+ | # output " | ||
+ | # value = " | ||
+ | # } | ||
+ | |||
+ | # Store the VPC ID | ||
+ | output " | ||
+ | value = " | ||
+ | } | ||
+ | |||
+ | # Store the Public Subnet ID | ||
+ | output " | ||
+ | value = " | ||
+ | } | ||
+ | |||
+ | # Store the Public Security Group ID | ||
+ | output " | ||
+ | value = " | ||
+ | }</ | ||
---- | ---- | ||