Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
linux_wiki:terraform [2018/06/14 22:21] billdozor [File Structure] |
linux_wiki:terraform [2019/05/25 23:50] (current) |
||
---|---|---|---|
Line 5: | Line 5: | ||
" | " | ||
- | Site | + | Sites |
* Official Site: https:// | * Official Site: https:// | ||
* Downloads: https:// | * Downloads: https:// | ||
* Getting started: https:// | * Getting started: https:// | ||
+ | * AWS Provider Reference Doc: https:// | ||
+ | \\ | ||
**Checklist** | **Checklist** | ||
* AWS Account | * AWS Account | ||
Line 45: | Line 47: | ||
====== Terraform Example: 2 Tier VPC ====== | ====== Terraform Example: 2 Tier VPC ====== | ||
+ | **Pre-Req**: | ||
+ | |||
+ | \\ | ||
Creating a 2-tier VPC (public and private subnets), utilizing 3 availability zones in US-West (Oregon). | Creating a 2-tier VPC (public and private subnets), utilizing 3 availability zones in US-West (Oregon). | ||
Line 87: | Line 92: | ||
provider " | provider " | ||
region = " | region = " | ||
+ | # Name of profile to use from ~/ | ||
profile = " | profile = " | ||
} | } | ||
Line 170: | Line 176: | ||
}</ | }</ | ||
- | <code bash outputs.tf> | + | <code bash outputs.tf> |
# Description: | # Description: | ||
+ | # If terraform apply is run within this directory, these variables | ||
+ | # are displayed at the end of the run. | ||
# Pull the VPC ID from the site module | # Pull the VPC ID from the site module | ||
Line 177: | Line 185: | ||
value = " | value = " | ||
}</ | }</ | ||
+ | |||
+ | ---- | ||
==== File Contents: Site Module Files ==== | ==== File Contents: Site Module Files ==== | ||
Line 182: | Line 192: | ||
Files in the site/ module directory. Ordered in a way that is easier to follow. | Files in the site/ module directory. Ordered in a way that is easier to follow. | ||
- | <code bash nat_gateway.tf></code> | + | <code bash variables.tf># Title: site/variables.tf |
+ | # Description: | ||
+ | # Unset variables are expected to be passed in from the calling parent | ||
- | <code bash outputs.tf></ | + | # Availability Zones: Inherit from main variables |
+ | variable " | ||
- | <code bash routes.tf></ | + | # VPC CIDR: Inherit from main variables |
+ | variable " | ||
- | <code bash security_groups.tf></ | + | # Public Subnets (with IGW): Inherit from main |
+ | variable " | ||
+ | variable " | ||
+ | variable " | ||
- | <code bash subnets.tf> | + | # Private Subnets (no IGW): Inherit from main |
+ | variable " | ||
+ | variable " | ||
+ | variable " | ||
- | <code bash variables.tf></code> | + | <code bash vpc.tf># Title: site/vpc.tf |
+ | # Description: | ||
- | <code bash vpc.tf></ | + | ####-- VPC --#### |
+ | |||
+ | # VPC: Creation | ||
+ | resource " | ||
+ | cidr_block = " | ||
+ | enable_dns_hostnames = true | ||
+ | tags { | ||
+ | Name = " | ||
+ | } | ||
+ | } | ||
+ | |||
+ | # VPC: Internet Gateway | ||
+ | resource " | ||
+ | vpc_id = " | ||
+ | tags { | ||
+ | Name = " | ||
+ | } | ||
+ | }</ | ||
+ | |||
+ | <code bash subnets.tf># | ||
+ | # Description: | ||
+ | |||
+ | ####-- Subnets --#### | ||
+ | |||
+ | # Public Subnet 01 | ||
+ | resource " | ||
+ | vpc_id = " | ||
+ | cidr_block = " | ||
+ | availability_zone = " | ||
+ | tags { | ||
+ | Name = " | ||
+ | } | ||
+ | } | ||
+ | |||
+ | # Public Subnet 02 | ||
+ | resource " | ||
+ | vpc_id = " | ||
+ | cidr_block = " | ||
+ | availability_zone = " | ||
+ | tags { | ||
+ | Name = " | ||
+ | } | ||
+ | } | ||
+ | |||
+ | # Public Subnet 03 | ||
+ | resource " | ||
+ | vpc_id = " | ||
+ | cidr_block = " | ||
+ | availability_zone = " | ||
+ | tags { | ||
+ | Name = " | ||
+ | } | ||
+ | } | ||
+ | |||
+ | # Private Subnet 01 | ||
+ | resource " | ||
+ | vpc_id = " | ||
+ | cidr_block = " | ||
+ | availability_zone = " | ||
+ | tags { | ||
+ | Name = " | ||
+ | } | ||
+ | } | ||
+ | |||
+ | # Private Subnet 02 | ||
+ | resource " | ||
+ | vpc_id = " | ||
+ | cidr_block = " | ||
+ | availability_zone = " | ||
+ | tags { | ||
+ | Name = " | ||
+ | } | ||
+ | } | ||
+ | |||
+ | # Private Subnet 03 | ||
+ | resource " | ||
+ | vpc_id = " | ||
+ | cidr_block = " | ||
+ | availability_zone = " | ||
+ | tags { | ||
+ | Name = " | ||
+ | } | ||
+ | }</ | ||
+ | |||
+ | <code bash nat_gateway.tf># | ||
+ | # Description: | ||
+ | |||
+ | # Note: For true high availabity, you will want: | ||
+ | # -An EIP and NAT GW per public subnet | ||
+ | # | ||
+ | |||
+ | # Create the required Elastic IPs to be assigned to the NAT Gateways | ||
+ | resource " | ||
+ | | ||
+ | } | ||
+ | |||
+ | resource " | ||
+ | vpc = true | ||
+ | } | ||
+ | |||
+ | resource " | ||
+ | vpc = true | ||
+ | } | ||
+ | |||
+ | # Create the NAT Gateways | ||
+ | resource " | ||
+ | subnet_id = " | ||
+ | allocation_id = " | ||
+ | tags { Name = " | ||
+ | |||
+ | # Dependencies: | ||
+ | depends_on = [" | ||
+ | } | ||
+ | |||
+ | resource " | ||
+ | subnet_id = " | ||
+ | allocation_id = " | ||
+ | tags { Name = " | ||
+ | |||
+ | # Dependencies: | ||
+ | depends_on = [" | ||
+ | } | ||
+ | |||
+ | resource " | ||
+ | subnet_id = " | ||
+ | allocation_id = " | ||
+ | tags { Name = " | ||
+ | |||
+ | # Dependencies: | ||
+ | depends_on = [" | ||
+ | } | ||
+ | |||
+ | # Route to the NAT Gateway provided elsewhere (in private route table)</ | ||
+ | |||
+ | <code bash routes.tf>#Title: site/ | ||
+ | # Description: | ||
+ | |||
+ | ####-- Routes --#### | ||
+ | |||
+ | ##-- Public Subnet Routes --## | ||
+ | |||
+ | # Public Route Table - Default Route to Internet Gateway | ||
+ | resource " | ||
+ | vpc_id = " | ||
+ | |||
+ | route { | ||
+ | cidr_block = " | ||
+ | gateway_id = " | ||
+ | } | ||
+ | |||
+ | tags { | ||
+ | Name = " | ||
+ | } | ||
+ | } | ||
+ | |||
+ | # Associate Subnet Public 01 with Route Table | ||
+ | resource " | ||
+ | subnet_id = " | ||
+ | route_table_id = " | ||
+ | } | ||
+ | |||
+ | # Associate Subnet Public 02 with Route Table | ||
+ | resource " | ||
+ | subnet_id = " | ||
+ | route_table_id = " | ||
+ | } | ||
+ | |||
+ | # Associate Subnet Public 03 with Route Table | ||
+ | resource " | ||
+ | subnet_id = " | ||
+ | route_table_id = " | ||
+ | } | ||
+ | |||
+ | ##-- Private Subnet Routes --## | ||
+ | |||
+ | # Private Route Tables - Default Route to NAT GW in each AZ | ||
+ | resource " | ||
+ | vpc_id = " | ||
+ | |||
+ | route { | ||
+ | cidr_block = " | ||
+ | nat_gateway_id = " | ||
+ | } | ||
+ | |||
+ | tags { | ||
+ | Name = " | ||
+ | } | ||
+ | } | ||
+ | |||
+ | resource " | ||
+ | vpc_id = " | ||
+ | |||
+ | route { | ||
+ | cidr_block = " | ||
+ | nat_gateway_id = " | ||
+ | } | ||
+ | |||
+ | tags { | ||
+ | Name = " | ||
+ | } | ||
+ | } | ||
+ | |||
+ | resource " | ||
+ | vpc_id = " | ||
+ | |||
+ | route { | ||
+ | cidr_block = " | ||
+ | nat_gateway_id = " | ||
+ | } | ||
+ | |||
+ | tags { | ||
+ | Name = " | ||
+ | } | ||
+ | } | ||
+ | |||
+ | # Associate Subnet Private 01 with Route Table | ||
+ | resource " | ||
+ | subnet_id = " | ||
+ | route_table_id = " | ||
+ | } | ||
+ | |||
+ | # Associate Subnet Private 02 with Route Table | ||
+ | resource " | ||
+ | subnet_id = " | ||
+ | route_table_id = " | ||
+ | } | ||
+ | |||
+ | # Associate Subnet Private 03 with Route Table | ||
+ | resource " | ||
+ | subnet_id = " | ||
+ | route_table_id = " | ||
+ | }</ | ||
+ | |||
+ | <code bash security_groups.tf># | ||
+ | # Description: | ||
+ | |||
+ | ####-- Security Groups --#### | ||
+ | |||
+ | # Create default locked down security groups for private and public subnets | ||
+ | |||
+ | # Security Group: Public Subnets | ||
+ | resource " | ||
+ | name = " | ||
+ | description = " | ||
+ | tags = { Name = " | ||
+ | vpc_id = " | ||
+ | |||
+ | ##-- Ingress/ | ||
+ | # No ingress/ | ||
+ | #ingress { | ||
+ | #} | ||
+ | |||
+ | ##-- Egress/ | ||
+ | # Allow all egress/ | ||
+ | egress { | ||
+ | from_port = 0 | ||
+ | to_port = 0 | ||
+ | protocol = " | ||
+ | cidr_blocks = [" | ||
+ | } | ||
+ | } | ||
+ | |||
+ | # Security Group: Private Subnets | ||
+ | resource " | ||
+ | name = " | ||
+ | description = " | ||
+ | tags = { Name = " | ||
+ | vpc_id = " | ||
+ | |||
+ | ##-- Ingress/ | ||
+ | # Allow all ssh traffic from default public security group | ||
+ | ingress { | ||
+ | from_port = 22 | ||
+ | to_port = 22 | ||
+ | protocol = " | ||
+ | security_groups = [" | ||
+ | } | ||
+ | |||
+ | # Allow all traffic within the private security group | ||
+ | ingress { | ||
+ | from_port = 0 | ||
+ | to_port = 0 | ||
+ | protocol = " | ||
+ | self = " | ||
+ | } | ||
+ | |||
+ | ##-- Egress/ | ||
+ | # Allow all egress/ | ||
+ | egress { | ||
+ | from_port = 0 | ||
+ | to_port = 0 | ||
+ | protocol = " | ||
+ | cidr_blocks = [" | ||
+ | } | ||
+ | }</ | ||
+ | |||
+ | <code bash outputs.tf># | ||
+ | # Description: | ||
+ | # Accessible via " | ||
+ | |||
+ | # Set output variable from resource format | ||
+ | # output " | ||
+ | # value = " | ||
+ | # } | ||
+ | |||
+ | # Store the VPC ID | ||
+ | output " | ||
+ | value = " | ||
+ | } | ||
+ | |||
+ | # Store the Public Subnet ID | ||
+ | output " | ||
+ | value = " | ||
+ | } | ||
+ | |||
+ | # Store the Public Security Group ID | ||
+ | output " | ||
+ | value = " | ||
+ | }</ | ||
---- | ---- | ||