Differences
This shows you the differences between two versions of the page.
linux_wiki:terraform [2018/06/19 22:37] billdozor [File Contents: Root Files] |
linux_wiki:terraform [2019/05/25 23:50] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Terraform ====== | ||
- | |||
- | **General Information** | ||
- | |||
- | " | ||
- | |||
- | Sites | ||
- | * Official Site: https:// | ||
- | * Downloads: https:// | ||
- | * Getting started: https:// | ||
- | * AWS Provider Reference Doc: https:// | ||
- | |||
- | \\ | ||
- | **Checklist** | ||
- | * AWS Account | ||
- | |||
- | ---- | ||
- | |||
- | ====== Install Terraform ====== | ||
- | |||
- | Installing Terraform on Linux. | ||
- | |||
- | * Visit downloads page: https:// | ||
- | * Copy download link | ||
- | * On Linux server, wget the link to download (example link)< | ||
- | * Unzip single binary, move into / | ||
- | |||
- | mv terraform / | ||
- | * Verify< | ||
- | |||
- | ---- | ||
- | |||
- | ====== Configure AWS Credentials for Use ====== | ||
- | |||
- | * Login to your AWS account, create access keys for CLI use and download the file. | ||
- | * Create an AWS credentials file in your home directory< | ||
- | |||
- | # AWS Credentials | ||
- | [default] | ||
- | aws_access_key_id = " | ||
- | aws_secret_access_key = " | ||
- | * The profile name is " | ||
- | |||
- | * Lock down permissions< | ||
- | |||
- | |||
- | ====== Terraform Example: 2 Tier VPC ====== | ||
- | |||
- | **Pre-Req**: | ||
- | |||
- | \\ | ||
- | Creating a 2-tier VPC (public and private subnets), utilizing 3 availability zones in US-West (Oregon). | ||
- | |||
- | This will create the all of the virtual infrastructure to start creating services inside of. | ||
- | |||
- | ===== File Structure ===== | ||
- | |||
- | Files can be named anything, as long as it ends in a " | ||
- | |||
- | Example Structure | ||
- | <code bash> | ||
- | ├── main.tf | ||
- | ├── outputs.tf | ||
- | ├── site # A local defined module called " | ||
- | │ ├── nat_gateway.tf | ||
- | │ ├── outputs.tf | ||
- | │ ├── routes.tf | ||
- | │ ├── security_groups.tf | ||
- | │ ├── subnets.tf | ||
- | │ ├── variables.tf | ||
- | │ └── vpc.tf | ||
- | ├── terraform.tfstate | ||
- | ├── terraform.tfstate.backup | ||
- | └── variables.tf | ||
- | </ | ||
- | |||
- | ---- | ||
- | |||
- | ===== File Contents ===== | ||
- | |||
- | Contents of the above config files. | ||
- | |||
- | ==== File Contents: Root Files ==== | ||
- | |||
- | Files in the top level directory. Ordered in a way that is easier to follow. | ||
- | |||
- | <code bash main.tf># | ||
- | # Description: | ||
- | # AWS Credentials auto loaded from ~/ | ||
- | |||
- | ## AWS Provider and Region | ||
- | provider " | ||
- | region = " | ||
- | # Name of profile to use from ~/ | ||
- | profile = " | ||
- | } | ||
- | |||
- | ## Module: Site Infrastructure Setup | ||
- | module " | ||
- | source = " | ||
- | availability_zones = " | ||
- | public_subnet01_cidr = " | ||
- | public_subnet02_cidr = " | ||
- | public_subnet03_cidr = " | ||
- | private_subnet01_cidr = " | ||
- | private_subnet02_cidr = " | ||
- | private_subnet03_cidr = " | ||
- | vpc_cidr = " | ||
- | }</ | ||
- | |||
- | <code bash variables.tf># | ||
- | # Description: | ||
- | |||
- | ####-- Global Variables --#### | ||
- | |||
- | # AWS Region To Use | ||
- | variable " | ||
- | default = " | ||
- | } | ||
- | |||
- | # Availability Zones To Use | ||
- | variable " | ||
- | type = " | ||
- | default = [ " | ||
- | } | ||
- | |||
- | ####-- VPC Variables --#### | ||
- | |||
- | # VPC Network | ||
- | variable " | ||
- | description = "CIDR for the whole VPC" | ||
- | # /21 = 2046 IPs, 10.0.0.1 - 10.0.7.254 | ||
- | default = " | ||
- | } | ||
- | |||
- | # Public Subnet 01 (with IGW) | ||
- | variable " | ||
- | description = "CIDR for the Public Subnet" | ||
- | # /25 = 126 IPs, 10.0.0.1 - 10.0.0.126 | ||
- | default = " | ||
- | } | ||
- | |||
- | # Public Subnet 02 (with IGW) | ||
- | variable " | ||
- | description = "CIDR for the Public Subnet" | ||
- | # /25 = 126 IPs, 10.0.0.129 - 10.0.0.254 | ||
- | default = " | ||
- | } | ||
- | |||
- | # Public Subnet 03 (with IGW) | ||
- | variable " | ||
- | description = "CIDR for the Public Subnet" | ||
- | # /25 = 126 IPs, 10.0.1.1 - 10.0.1.126 | ||
- | default = " | ||
- | } | ||
- | |||
- | # Private Subnet 01 (no IGW) | ||
- | variable " | ||
- | description = "CIDR for the Private Subnet" | ||
- | # /23 = 510 IPs, 10.0.2.1 - 10.0.3.254 | ||
- | default = " | ||
- | } | ||
- | |||
- | # Private Subnet 02 (no IGW) | ||
- | variable " | ||
- | description = "CIDR for the Private Subnet" | ||
- | # /23 = 510 IPs, 10.0.4.1 - 10.0.5.254 | ||
- | default = " | ||
- | } | ||
- | |||
- | # Private Subnet 03 (no IGW) | ||
- | variable " | ||
- | description = "CIDR for the Private Subnet" | ||
- | # /23 = 510 IPs, 10.0.6.1 - 10.0.7.254 | ||
- | default = " | ||
- | }</ | ||
- | |||
- | <code bash outputs.tf> | ||
- | # Description: | ||
- | # If terraform apply is run within this directory, these variables | ||
- | # are displayed at the end of the run. | ||
- | |||
- | # Pull the VPC ID from the site module | ||
- | output " | ||
- | value = " | ||
- | }</ | ||
- | |||
- | ---- | ||
- | |||
- | ==== File Contents: Site Module Files ==== | ||
- | |||
- | Files in the site/ module directory. Ordered in a way that is easier to follow. | ||
- | |||
- | <code bash variables.tf># | ||
- | # Description: | ||
- | |||
- | # Availability Zones: Pass in from main variables | ||
- | variable " | ||
- | |||
- | # VPC CIDR: Pass in from main variables | ||
- | variable " | ||
- | |||
- | # Public Subnets (with IGW): Pass in from main | ||
- | variable " | ||
- | variable " | ||
- | variable " | ||
- | |||
- | # Private Subnets (no IGW): Pass in from main | ||
- | variable " | ||
- | variable " | ||
- | variable " | ||
- | |||
- | <code bash vpc.tf># Title: vpc.tf | ||
- | # Description: | ||
- | |||
- | ####-- VPC --#### | ||
- | |||
- | # VPC: Creation | ||
- | resource " | ||
- | cidr_block = " | ||
- | enable_dns_hostnames = true | ||
- | tags { | ||
- | Name = " | ||
- | } | ||
- | } | ||
- | |||
- | # VPC: Internet Gateway | ||
- | resource " | ||
- | vpc_id = " | ||
- | tags { | ||
- | Name = " | ||
- | } | ||
- | }</ | ||
- | |||
- | <code bash subnets.tf># | ||
- | # Description: | ||
- | |||
- | ####-- Subnets --#### | ||
- | |||
- | # Public Subnet 01 | ||
- | resource " | ||
- | vpc_id = " | ||
- | cidr_block = " | ||
- | availability_zone = " | ||
- | tags { | ||
- | Name = " | ||
- | } | ||
- | } | ||
- | |||
- | # Public Subnet 02 | ||
- | resource " | ||
- | vpc_id = " | ||
- | cidr_block = " | ||
- | availability_zone = " | ||
- | tags { | ||
- | Name = " | ||
- | } | ||
- | } | ||
- | |||
- | # Public Subnet 03 | ||
- | resource " | ||
- | vpc_id = " | ||
- | cidr_block = " | ||
- | availability_zone = " | ||
- | tags { | ||
- | Name = " | ||
- | } | ||
- | } | ||
- | |||
- | # Private Subnet 01 | ||
- | resource " | ||
- | vpc_id = " | ||
- | cidr_block = " | ||
- | availability_zone = " | ||
- | tags { | ||
- | Name = " | ||
- | } | ||
- | } | ||
- | |||
- | # Private Subnet 02 | ||
- | resource " | ||
- | vpc_id = " | ||
- | cidr_block = " | ||
- | availability_zone = " | ||
- | tags { | ||
- | Name = " | ||
- | } | ||
- | } | ||
- | |||
- | # Private Subnet 03 | ||
- | resource " | ||
- | vpc_id = " | ||
- | cidr_block = " | ||
- | availability_zone = " | ||
- | tags { | ||
- | Name = " | ||
- | } | ||
- | }</ | ||
- | |||
- | <code bash nat_gateway.tf># | ||
- | # Description: | ||
- | |||
- | # Note: For true high availabity, you will want: | ||
- | # -An EIP and NAT GW per public subnet | ||
- | # | ||
- | |||
- | # Create the required Elastic IPs to be assigned to the NAT Gateways | ||
- | resource " | ||
- | vpc = true | ||
- | } | ||
- | |||
- | resource " | ||
- | vpc = true | ||
- | } | ||
- | |||
- | resource " | ||
- | vpc = true | ||
- | } | ||
- | |||
- | # Create the NAT Gateways | ||
- | resource " | ||
- | subnet_id = " | ||
- | allocation_id = " | ||
- | tags { Name = " | ||
- | |||
- | # Dependencies: | ||
- | depends_on = [" | ||
- | } | ||
- | |||
- | resource " | ||
- | subnet_id = " | ||
- | allocation_id = " | ||
- | tags { Name = " | ||
- | |||
- | # Dependencies: | ||
- | depends_on = [" | ||
- | } | ||
- | |||
- | resource " | ||
- | subnet_id = " | ||
- | allocation_id = " | ||
- | tags { Name = " | ||
- | |||
- | # Dependencies: | ||
- | depends_on = [" | ||
- | } | ||
- | |||
- | # Route to the NAT Gateway provided elsewhere (in private route table)</ | ||
- | |||
- | <code bash routes.tf># | ||
- | # Description: | ||
- | |||
- | ####-- Routes --#### | ||
- | |||
- | ##-- Public Subnet Routes --## | ||
- | |||
- | # Public Route Table - Default Route to Internet Gateway | ||
- | resource " | ||
- | vpc_id = " | ||
- | |||
- | route { | ||
- | cidr_block = " | ||
- | gateway_id = " | ||
- | } | ||
- | |||
- | tags { | ||
- | Name = " | ||
- | } | ||
- | } | ||
- | |||
- | # Associate Subnet Public 01 with Route Table | ||
- | resource " | ||
- | subnet_id = " | ||
- | route_table_id = " | ||
- | } | ||
- | |||
- | # Associate Subnet Public 02 with Route Table | ||
- | resource " | ||
- | subnet_id = " | ||
- | route_table_id = " | ||
- | } | ||
- | |||
- | # Associate Subnet Public 03 with Route Table | ||
- | resource " | ||
- | subnet_id = " | ||
- | route_table_id = " | ||
- | } | ||
- | |||
- | ##-- Private Subnet Routes --## | ||
- | |||
- | # Private Route Tables - Default Route to NAT GW in each AZ | ||
- | resource " | ||
- | vpc_id = " | ||
- | |||
- | route { | ||
- | cidr_block = " | ||
- | nat_gateway_id = " | ||
- | } | ||
- | |||
- | tags { | ||
- | Name = " | ||
- | } | ||
- | } | ||
- | |||
- | resource " | ||
- | vpc_id = " | ||
- | |||
- | route { | ||
- | cidr_block = " | ||
- | nat_gateway_id = " | ||
- | } | ||
- | |||
- | tags { | ||
- | Name = " | ||
- | } | ||
- | } | ||
- | |||
- | resource " | ||
- | vpc_id = " | ||
- | |||
- | route { | ||
- | cidr_block = " | ||
- | nat_gateway_id = " | ||
- | } | ||
- | |||
- | tags { | ||
- | Name = " | ||
- | } | ||
- | } | ||
- | |||
- | # Associate Subnet Private 01 with Route Table | ||
- | resource " | ||
- | subnet_id = " | ||
- | route_table_id = " | ||
- | } | ||
- | |||
- | # Associate Subnet Private 02 with Route Table | ||
- | resource " | ||
- | subnet_id = " | ||
- | route_table_id = " | ||
- | } | ||
- | |||
- | # Associate Subnet Private 03 with Route Table | ||
- | resource " | ||
- | subnet_id = " | ||
- | route_table_id = " | ||
- | }</ | ||
- | |||
- | <code bash security_groups.tf># | ||
- | # Description: | ||
- | |||
- | ####-- Security Groups --#### | ||
- | |||
- | # Create default locked down security groups for private and public subnets | ||
- | |||
- | # Security Group: Public Subnets | ||
- | resource " | ||
- | name = " | ||
- | description = " | ||
- | tags = { Name = " | ||
- | vpc_id = " | ||
- | |||
- | ##-- Ingress/ | ||
- | # No ingress/ | ||
- | #ingress { | ||
- | #} | ||
- | |||
- | ##-- Egress/ | ||
- | # Allow all egress/ | ||
- | egress { | ||
- | from_port = 0 | ||
- | to_port = 0 | ||
- | protocol = " | ||
- | cidr_blocks = [" | ||
- | } | ||
- | } | ||
- | |||
- | # Security Group: Private Subnets | ||
- | resource " | ||
- | name = " | ||
- | description = " | ||
- | tags = { Name = " | ||
- | vpc_id = " | ||
- | |||
- | ##-- Ingress/ | ||
- | # Allow all ssh traffic from default public security group | ||
- | ingress { | ||
- | from_port = 22 | ||
- | to_port = 22 | ||
- | protocol = " | ||
- | security_groups = [" | ||
- | } | ||
- | |||
- | # Allow all traffic within the private security group | ||
- | ingress { | ||
- | from_port = 0 | ||
- | to_port = 0 | ||
- | protocol = " | ||
- | self = " | ||
- | } | ||
- | |||
- | ##-- Egress/ | ||
- | # Allow all egress/ | ||
- | egress { | ||
- | from_port = 0 | ||
- | to_port = 0 | ||
- | protocol = " | ||
- | cidr_blocks = [" | ||
- | } | ||
- | }</ | ||
- | |||
- | <code bash outputs.tf># | ||
- | # Description: | ||
- | # Accessible via " | ||
- | |||
- | # Set output variable from resource format | ||
- | # output " | ||
- | # value = " | ||
- | # } | ||
- | |||
- | # Store the VPC ID | ||
- | output " | ||
- | value = " | ||
- | } | ||
- | |||
- | # Store the Public Subnet ID | ||
- | output " | ||
- | value = " | ||
- | } | ||
- | |||
- | # Store the Public Security Group ID | ||
- | output " | ||
- | value = " | ||
- | }</ | ||
- | |||
- | ---- | ||