Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app1/index.html -sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app1/metadata.html - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-01-MetaArgument-Count-For-Loops-Lists-Maps/terraform-manifests/c1-versions.tf b/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-01-MetaArgument-Count-For-Loops-Lists-Maps/terraform-manifests/c1-versions.tf deleted file mode 100644 index 9d3553b1..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-01-MetaArgument-Count-For-Loops-Lists-Maps/terraform-manifests/c1-versions.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Terraform Block -terraform { - required_version = ">= 1.0" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 3.0" - } - } -} - -# Provider Block -provider "aws" { - region = var.aws_region -} -/* -Note-1: AWS Credentials Profile (profile = "default") configured on your local desktop terminal -$HOME/.aws/credentials -*/ diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-01-MetaArgument-Count-For-Loops-Lists-Maps/terraform-manifests/c2-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-01-MetaArgument-Count-For-Loops-Lists-Maps/terraform-manifests/c2-variables.tf deleted file mode 100644 index 8b8486e4..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-01-MetaArgument-Count-For-Loops-Lists-Maps/terraform-manifests/c2-variables.tf +++ /dev/null @@ -1,39 +0,0 @@ -# Input Variables -# AWS Region -variable "aws_region" { - description = "Region in which AWS Resources to be created" - type = string - default = "us-east-1" -} - -# AWS EC2 Instance Type -variable "instance_type" { - description = "EC2 Instnace Type" - type = string - default = "t3.micro" -} - -# AWS EC2 Instance Key Pair -variable "instance_keypair" { - description = "AWS EC2 Key Pair that need to be associated with EC2 Instance" - type = string - default = "terraform-key" -} - -# AWS EC2 Instance Type - List -variable "instance_type_list" { - description = "EC2 Instance Type" - type = list(string) - default = ["t3.micro", "t3.small", "t3.large"] -} - -# AWS EC2 Instance Type - Map -variable "instance_type_map" { - description = "EC2 Instance Type" - type = map(string) - default = { - "dev" = "t3.micro" - "qa" = "t3.small" - "prod" = "t3.large" - } -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-01-MetaArgument-Count-For-Loops-Lists-Maps/terraform-manifests/c3-ec2securitygroups.tf b/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-01-MetaArgument-Count-For-Loops-Lists-Maps/terraform-manifests/c3-ec2securitygroups.tf deleted file mode 100644 index 077c3c40..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-01-MetaArgument-Count-For-Loops-Lists-Maps/terraform-manifests/c3-ec2securitygroups.tf +++ /dev/null @@ -1,56 +0,0 @@ -# Create Security Group - SSH Traffic -resource "aws_security_group" "vpc-ssh" { - name = "vpc-ssh" - description = "Dev VPC SSH" - ingress { - description = "Allow Port 22" - from_port = 22 - to_port = 22 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - } - - egress { - description = "Allow all ip and ports outbound" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] - } - - tags = { - Name = "vpc-ssh" - } -} - -# Create Security Group - Web Traffic -resource "aws_security_group" "vpc-web" { - name = "vpc-web" - description = "Dev VPC Web" - ingress { - description = "Allow Port 80" - from_port = 80 - to_port = 80 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - } - ingress { - description = "Allow Port 443" - from_port = 443 - to_port = 443 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - } - egress { - description = "Allow all ip and ports outbound" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] - } - - tags = { - Name = "vpc-web" - } -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-01-MetaArgument-Count-For-Loops-Lists-Maps/terraform-manifests/c4-ami-datasource.tf b/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-01-MetaArgument-Count-For-Loops-Lists-Maps/terraform-manifests/c4-ami-datasource.tf deleted file mode 100644 index cf1e87a6..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-01-MetaArgument-Count-For-Loops-Lists-Maps/terraform-manifests/c4-ami-datasource.tf +++ /dev/null @@ -1,21 +0,0 @@ -# Get latest AMI ID for Amazon Linux2 OS -data "aws_ami" "amzlinux2" { - most_recent = true - owners = ["amazon"] - filter { - name = "name" - values = ["amzn2-ami-hvm-*-gp2"] - } - filter { - name = "root-device-type" - values = ["ebs"] - } - filter { - name = "virtualization-type" - values = ["hvm"] - } - filter { - name = "architecture" - values = ["x86_64"] - } -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-01-MetaArgument-Count-For-Loops-Lists-Maps/terraform-manifests/c5-ec2instance.tf b/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-01-MetaArgument-Count-For-Loops-Lists-Maps/terraform-manifests/c5-ec2instance.tf deleted file mode 100644 index 0edc0218..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-01-MetaArgument-Count-For-Loops-Lists-Maps/terraform-manifests/c5-ec2instance.tf +++ /dev/null @@ -1,26 +0,0 @@ -# EC2 Instance -resource "aws_instance" "myec2vm" { - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - #instance_type = var.instance_type_list[1] # For List - #nstance_type = var.instance_type_map["prod"] # For Map - user_data = file("${path.module}/app1-install.sh") - key_name = var.instance_keypair - vpc_security_group_ids = [ aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id ] - count = 2 - tags = { - "Name" = "Count-Demo-${count.index}" - } -} - -/* -# Drawbacks of using count in this example -- Resource Instances in this case were identified using index numbers -instead of string values like actual subnet_id -- If an element was removed from the middle of the list, -every instance after that element would see its subnet_id value -change, resulting in more remote object changes than intended. -- Even the subnet_ids should be pre-defined or we need to get them again -using for_each or for using various datasources -- Using for_each gives the same flexibility without the extra churn. -*/ \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-01-MetaArgument-Count-For-Loops-Lists-Maps/terraform-manifests/c6-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-01-MetaArgument-Count-For-Loops-Lists-Maps/terraform-manifests/c6-outputs.tf deleted file mode 100644 index 17b70589..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-01-MetaArgument-Count-For-Loops-Lists-Maps/terraform-manifests/c6-outputs.tf +++ /dev/null @@ -1,40 +0,0 @@ -# Terraform Output Values -/* Concepts Covered -1. For Loop with List -2. For Loop with Map -3. For Loop with Map Advanced -4. Legacy Splat Operator (latest) - Returns List -5. Latest Generalized Splat Operator - Returns the List -*/ - -# Output - For Loop with List -output "for_output_list" { - description = "For Loop with List" - value = [for instance in aws_instance.myec2vm: instance.public_dns] -} - -# Output - For Loop with Map -output "for_output_map1" { - description = "For Loop with Map" - value = {for instance in aws_instance.myec2vm: instance.id => instance.public_dns} -} - -# Output - For Loop with Map Advanced -output "for_output_map2" { - description = "For Loop with Map - Advanced" - value = {for c, instance in aws_instance.myec2vm: c => instance.public_dns} -} - -# Output Legacy Splat Operator (Legacy) - Returns the List -/* -output "legacy_splat_instance_publicdns" { - description = "Legacy Splat Operator" - value = aws_instance.myec2vm.*.public_dns -} -*/ - -# Output Latest Generalized Splat Operator - Returns the List -output "latest_splat_instance_publicdns" { - description = "Generalized latest Splat Operator" - value = aws_instance.myec2vm[*].public_dns -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-01-MetaArgument-Count-For-Loops-Lists-Maps/terraform-manifests/private-key/terraform-key.pem b/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-01-MetaArgument-Count-For-Loops-Lists-Maps/terraform-manifests/private-key/terraform-key.pem deleted file mode 100644 index fab1eb2a..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-01-MetaArgument-Count-For-Loops-Lists-Maps/terraform-manifests/private-key/terraform-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAnzQtbXStFNU4znotckbPpAbQvymSYBvIRhObDObmhZLzs/Qm -lm57HBU18NcdAeEmKjHyu/2CI4Wwor3TJ+LTKHIldHmCt+26dSN5889Km99Af674 -nuPg9fTt8IXhY83aO0AeEnFivC+lk9+6Xezv7J7Llsmyx3kvUGE4uUEPNPuNcjdU -OrSlQ/Th9FPWBsTL8wLQCfQaPIQhZT8fXnvNGViTpZ/YqcoKGmkXcMl/+Pi0Xccs -ID3Egl18sV5uWr6T1DSMqhhwWYbl+IagZYUeKQ6Lg5znAtnX2/OHhDep6pGcf+aE -jbRkhQWgfLIVYhNXkAGxdxBEA2fQO0wvnaKI6wIDAQABAoIBABmUZqApmQ253LDA -TMEJw58VQUEVyuEKVbl8uPLvvqZDoEiPuAt/oOQ4PDyAM7bzmBA7ikbOSrSubF0Z -pu3HsinTfVUjmO84kTb1Bkk4S0KUMmbRlDzjXGfofLqiqD5C+wd+G9bWxQh7l10V -G3qv8TTRpuCJc+I9BG8jz9tkKq9WYtnGKXktVIAmEXK+ein8A5yj+szV1CyP0y6Y -6D1KApk+o1hLEXCBxaK6JgD4elJWgU0jCIhRFZzae93yozNIfJc2WZfPc8Ro6GBa -8H57q3E241P7S65VewhZlln9AUcRFYc587ohcCIW8mOWQ8NA3IMP+oVxa2p334Ll -duhR2jECgYEAyf7a1/+/c82B+ENyo53Y5CK2UM28oOJjiyCaWG2Dxj6V2+ZSXPrS -YTo43L9XiqT0Ry2eHjb4pJDsEeW5FnaDFO6NVUP+vfzaqWtozQmVAl3GQybbSh6g -+KJoEQff2Obadp9ZVhLFTiBedvGqPD43hs7jtmk5RfMjpLOvidfe+/UCgYEAycSJ -etYYHMMQm2NgX1/4dcbgOiu33N+x1H7LaXuvJMaZw0wB7fUyu65CAexEanDtiKs3 -jVG4tAzdMmHg7VxKR7eiCvQaSlxdWdcWtL2eFVq2TaQeowbpJUtsR0h6W0vpaN9A -VYW/oAH4fzQskwmWSlBMxB/Ie14hBCBckTXSRV8CgYEAql6WXpCK/jVbZfYdfvrn -sKPGeijM7DWGGBaLmAHmnxKyeyKsXVgAkZj11NpeD8ZJcq97Kajb1pGVSxMjJVsX -/FOoST5sYfoew76gSi/GypQlYQYo9z8WLh9s/tBRcTRlFqAYTYzPdbG/ezshhmZD -lyRw0620bNdCPOyBJhY5MPECgYA/3tFOazuSz0UQi3LUfkLetagBghlf+AgJJmIp -8BdPYvcF1ae+tiHrO4x1o188+qaW3uxk9fusM25KJqXXPaHd9gl7wi4YYAjFCcuM -R4IlbGPNTCjOnr9rKOcL4aup/uvSYOmyqPYyJq2NRuzdVumWeLj0VMNYGkIFVmE3 -LnxzrQKBgG5loEjdSKt40YOMXtYvUYUKDGvWgoQEb0hj3OqiBXz+w4YD3/iX7dbQ -qra1gCxE42Z9beiBiti6zi6zGcoVj/pfNUoyxTLMSwaytbF+g1u6ksXcmC9PXcmk -kJDR0DJcm/rcL8tp3PKo22GDB7sobm9gk5je6y8z+dQs3SQbWzb0 ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-02-MetaArgument-for_each/README.md b/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-02-MetaArgument-for_each/README.md deleted file mode 100644 index 5dc1f974..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-02-MetaArgument-for_each/README.md +++ /dev/null @@ -1,125 +0,0 @@ -# Terraform for_each Meta-Argument with Functions toset, tomap -## Step-00: Pre-requisite Note -- We are using the `default vpc` in `us-east-1` region - -## Step-01: Introduction -- `for_each` Meta-Argument -- `toset` function -- `tomap` function -- Data Source: aws_availability_zones - -## Step-02: No changes to files -- c1-versions.tf -- c2-variables.tf -- c3-ec2securitygroups.tf -- c4-ami-datasource.tf - -## Step-03: c5-ec2instance.tf -- To understand more about [for_each](https://www.terraform.io/docs/language/meta-arguments/for_each.html) - -### Step-03-01: Availability Zones Datasource -```t -# Availability Zones Datasource -data "aws_availability_zones" "my_azones" { - filter { - name = "opt-in-status" - values = ["opt-in-not-required"] - } -} -``` - -### Step-03-02: EC2 Instance Resource -```t -# EC2 Instance -resource "aws_instance" "myec2vm" { - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - user_data = file("${path.module}/app1-install.sh") - key_name = var.instance_keypair - vpc_security_group_ids = [ aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id ] - # Create EC2 Instance in all Availabilty Zones of a VPC - for_each = toset(data.aws_availability_zones.my_azones.names) - availability_zone = each.key # You can also use each.value because for list items each.key == each.value - tags = { - "Name" = "For-Each-Demo-${each.key}" - } -} -``` - -## Step-04: c6-outputs.tf -```t - -# EC2 Instance Public IP with TOSET -output "instance_publicip" { - description = "EC2 Instance Public IP" - #value = aws_instance.myec2vm.*.public_ip # Legacy Splat - #value = aws_instance.myec2vm[*].public_ip # Latest Splat - value = toset([ - for myec2vm in aws_instance.myec2vm : myec2vm.public_ip - ]) -} - -# EC2 Instance Public DNS with TOSET -output "instance_publicdns" { - description = "EC2 Instance Public DNS" - #value = aws_instance.myec2vm[*].public_dns # Legacy Splat - #value = aws_instance.myec2vm[*].public_dns # Latest Splat - value = toset([ - for myec2vm in aws_instance.myec2vm : myec2vm.public_dns - ]) -} - -# EC2 Instance Public DNS with MAPS -output "instance_publicdns2" { - value = tomap({ - for s, myec2vm in aws_instance.myec2vm : s => myec2vm.public_dns - # S intends to be a subnet ID - }) -} -``` - -## Step-05: Execute Terraform Commands -```t -# Terraform Initialize -terraform init - -# Terraform Validate -terraform validate - -# Terraform Plan -terraform plan - -# Terraform Apply -terraform apply -auto-approve -Observations: -1) Should fail with not creating EC2 Instance in 1 availability zone in region us-east-1 -2) We will learn about fixing this in next two sections 05-03 and 05-04 -3) Outputs not displayed as we failed during terraform apply. We will see and review outputs in section 05-04 -``` - -## Step-06: Expected Error Message -```t -Error: Error launching source instance: Unsupported: Your requested instance type (t3.micro) is not supported in your requested Availability Zone (us-east-1e). Please retry your request by not specifying an Availability Zone or choosing us-east-1a, us-east-1b, us-east-1c, us-east-1d, us-east-1f. - status code: 400, request id: 52e0e358-17a0-434b-80de-5bc5f956eedb - - on c5-ec2instance.tf line 35, in resource "aws_instance" "myec2vm": - 35: resource "aws_instance" "myec2vm" { - -``` - -## Step-07: Clean-Up -```t -# Terraform Destroy -terraform destroy -auto-approve - -# Clean-Up -rm -rf .terraform* -rm -rf terraform.tfstate* -``` - -## References -- [Terraform Functions](https://www.terraform.io/docs/language/functions/tolist.html) -- [Data Source: aws_availability_zones](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) -- [for_each Meta-Argument](https://www.terraform.io/docs/language/meta-arguments/for_each.html) -- [tomap Function](https://www.terraform.io/docs/language/functions/tomap.html) -- [toset Function](https://www.terraform.io/docs/language/functions/toset.html) \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-02-MetaArgument-for_each/terraform-manifests/app1-install.sh b/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-02-MetaArgument-for_each/terraform-manifests/app1-install.sh deleted file mode 100644 index f697dd1d..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-02-MetaArgument-for_each/terraform-manifests/app1-install.sh +++ /dev/null @@ -1,12 +0,0 @@ -#! /bin/bash -# Instance Identity Metadata Reference - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html -sudo yum update -y -sudo yum install -y httpd -sudo systemctl enable httpd -sudo service httpd start -sudo echo 'Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app1/index.html -sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app1/metadata.html - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-02-MetaArgument-for_each/terraform-manifests/c1-versions.tf b/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-02-MetaArgument-for_each/terraform-manifests/c1-versions.tf deleted file mode 100644 index 9d3553b1..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-02-MetaArgument-for_each/terraform-manifests/c1-versions.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Terraform Block -terraform { - required_version = ">= 1.0" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 3.0" - } - } -} - -# Provider Block -provider "aws" { - region = var.aws_region -} -/* -Note-1: AWS Credentials Profile (profile = "default") configured on your local desktop terminal -$HOME/.aws/credentials -*/ diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-02-MetaArgument-for_each/terraform-manifests/c2-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-02-MetaArgument-for_each/terraform-manifests/c2-variables.tf deleted file mode 100644 index 786f7843..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-02-MetaArgument-for_each/terraform-manifests/c2-variables.tf +++ /dev/null @@ -1,23 +0,0 @@ -# Input Variables -# AWS Region -variable "aws_region" { - description = "Region in which AWS Resources to be created" - type = string - default = "us-east-1" -} - -# AWS EC2 Instance Type -variable "instance_type" { - description = "EC2 Instnace Type" - type = string - default = "t3.micro" -} - -# AWS EC2 Instance Key Pair -variable "instance_keypair" { - description = "AWS EC2 Key Pair that need to be associated with EC2 Instance" - type = string - default = "terraform-key" -} - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-02-MetaArgument-for_each/terraform-manifests/c3-ec2securitygroups.tf b/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-02-MetaArgument-for_each/terraform-manifests/c3-ec2securitygroups.tf deleted file mode 100644 index 077c3c40..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-02-MetaArgument-for_each/terraform-manifests/c3-ec2securitygroups.tf +++ /dev/null @@ -1,56 +0,0 @@ -# Create Security Group - SSH Traffic -resource "aws_security_group" "vpc-ssh" { - name = "vpc-ssh" - description = "Dev VPC SSH" - ingress { - description = "Allow Port 22" - from_port = 22 - to_port = 22 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - } - - egress { - description = "Allow all ip and ports outbound" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] - } - - tags = { - Name = "vpc-ssh" - } -} - -# Create Security Group - Web Traffic -resource "aws_security_group" "vpc-web" { - name = "vpc-web" - description = "Dev VPC Web" - ingress { - description = "Allow Port 80" - from_port = 80 - to_port = 80 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - } - ingress { - description = "Allow Port 443" - from_port = 443 - to_port = 443 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - } - egress { - description = "Allow all ip and ports outbound" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] - } - - tags = { - Name = "vpc-web" - } -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-02-MetaArgument-for_each/terraform-manifests/c4-ami-datasource.tf b/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-02-MetaArgument-for_each/terraform-manifests/c4-ami-datasource.tf deleted file mode 100644 index cf1e87a6..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-02-MetaArgument-for_each/terraform-manifests/c4-ami-datasource.tf +++ /dev/null @@ -1,21 +0,0 @@ -# Get latest AMI ID for Amazon Linux2 OS -data "aws_ami" "amzlinux2" { - most_recent = true - owners = ["amazon"] - filter { - name = "name" - values = ["amzn2-ami-hvm-*-gp2"] - } - filter { - name = "root-device-type" - values = ["ebs"] - } - filter { - name = "virtualization-type" - values = ["hvm"] - } - filter { - name = "architecture" - values = ["x86_64"] - } -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-02-MetaArgument-for_each/terraform-manifests/c5-ec2instance.tf b/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-02-MetaArgument-for_each/terraform-manifests/c5-ec2instance.tf deleted file mode 100644 index b727d580..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-02-MetaArgument-for_each/terraform-manifests/c5-ec2instance.tf +++ /dev/null @@ -1,23 +0,0 @@ -# Availability Zones Datasource -data "aws_availability_zones" "my_azones" { - filter { - name = "opt-in-status" - values = ["opt-in-not-required"] - } -} - - -# EC2 Instance -resource "aws_instance" "myec2vm" { - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - user_data = file("${path.module}/app1-install.sh") - key_name = var.instance_keypair - vpc_security_group_ids = [ aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id ] - # Create EC2 Instance in all Availabilty Zones of a VPC - for_each = toset(data.aws_availability_zones.my_azones.names) - availability_zone = each.key # You can also use each.value because for list items each.key == each.value - tags = { - "Name" = "for_each-Demo-${each.value}" - } -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-02-MetaArgument-for_each/terraform-manifests/c6-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-02-MetaArgument-for_each/terraform-manifests/c6-outputs.tf deleted file mode 100644 index 689af9f3..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-02-MetaArgument-for_each/terraform-manifests/c6-outputs.tf +++ /dev/null @@ -1,36 +0,0 @@ -# Terraform Output Values - - -# EC2 Instance Public IP with TOSET -output "instance_publicip" { - description = "EC2 Instance Public IP" - #value = aws_instance.myec2vm.*.public_ip # Legacy Splat - #value = aws_instance.myec2vm[*].public_ip # Latest Splat - value = toset([for instance in aws_instance.myec2vm: instance.public_ip]) -} - -# EC2 Instance Public DNS with TOSET -output "instance_publicdns" { - description = "EC2 Instance Public DNS" - #value = aws_instance.myec2vm[*].public_dns # Legacy Splat - #value = aws_instance.myec2vm[*].public_dns # Latest Splat - value = toset([for instance in aws_instance.myec2vm: instance.public_dns]) -} - -# EC2 Instance Public DNS with TOMAP -output "instance_publicdns2" { - value = tomap({for az, instance in aws_instance.myec2vm: az => instance.public_dns}) -} - - -/* -# Additional Important Note about OUTPUTS when for_each used -1. The [*] and .* operators are intended for use with lists only. -2. Because this resource uses for_each rather than count, -its value in other expressions is a toset or a map, not a list. -3. With that said, we can use Function "toset" and loop with "for" -to get the output for a list -4. For maps, we can directly use for loop to get the output and if we -want to handle type conversion we can use "tomap" function too -*/ - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-02-MetaArgument-for_each/terraform-manifests/private-key/terraform-key.pem b/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-02-MetaArgument-for_each/terraform-manifests/private-key/terraform-key.pem deleted file mode 100644 index fab1eb2a..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-02-MetaArgument-for_each/terraform-manifests/private-key/terraform-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAnzQtbXStFNU4znotckbPpAbQvymSYBvIRhObDObmhZLzs/Qm -lm57HBU18NcdAeEmKjHyu/2CI4Wwor3TJ+LTKHIldHmCt+26dSN5889Km99Af674 -nuPg9fTt8IXhY83aO0AeEnFivC+lk9+6Xezv7J7Llsmyx3kvUGE4uUEPNPuNcjdU -OrSlQ/Th9FPWBsTL8wLQCfQaPIQhZT8fXnvNGViTpZ/YqcoKGmkXcMl/+Pi0Xccs -ID3Egl18sV5uWr6T1DSMqhhwWYbl+IagZYUeKQ6Lg5znAtnX2/OHhDep6pGcf+aE -jbRkhQWgfLIVYhNXkAGxdxBEA2fQO0wvnaKI6wIDAQABAoIBABmUZqApmQ253LDA -TMEJw58VQUEVyuEKVbl8uPLvvqZDoEiPuAt/oOQ4PDyAM7bzmBA7ikbOSrSubF0Z -pu3HsinTfVUjmO84kTb1Bkk4S0KUMmbRlDzjXGfofLqiqD5C+wd+G9bWxQh7l10V -G3qv8TTRpuCJc+I9BG8jz9tkKq9WYtnGKXktVIAmEXK+ein8A5yj+szV1CyP0y6Y -6D1KApk+o1hLEXCBxaK6JgD4elJWgU0jCIhRFZzae93yozNIfJc2WZfPc8Ro6GBa -8H57q3E241P7S65VewhZlln9AUcRFYc587ohcCIW8mOWQ8NA3IMP+oVxa2p334Ll -duhR2jECgYEAyf7a1/+/c82B+ENyo53Y5CK2UM28oOJjiyCaWG2Dxj6V2+ZSXPrS -YTo43L9XiqT0Ry2eHjb4pJDsEeW5FnaDFO6NVUP+vfzaqWtozQmVAl3GQybbSh6g -+KJoEQff2Obadp9ZVhLFTiBedvGqPD43hs7jtmk5RfMjpLOvidfe+/UCgYEAycSJ -etYYHMMQm2NgX1/4dcbgOiu33N+x1H7LaXuvJMaZw0wB7fUyu65CAexEanDtiKs3 -jVG4tAzdMmHg7VxKR7eiCvQaSlxdWdcWtL2eFVq2TaQeowbpJUtsR0h6W0vpaN9A -VYW/oAH4fzQskwmWSlBMxB/Ie14hBCBckTXSRV8CgYEAql6WXpCK/jVbZfYdfvrn -sKPGeijM7DWGGBaLmAHmnxKyeyKsXVgAkZj11NpeD8ZJcq97Kajb1pGVSxMjJVsX -/FOoST5sYfoew76gSi/GypQlYQYo9z8WLh9s/tBRcTRlFqAYTYzPdbG/ezshhmZD -lyRw0620bNdCPOyBJhY5MPECgYA/3tFOazuSz0UQi3LUfkLetagBghlf+AgJJmIp -8BdPYvcF1ae+tiHrO4x1o188+qaW3uxk9fusM25KJqXXPaHd9gl7wi4YYAjFCcuM -R4IlbGPNTCjOnr9rKOcL4aup/uvSYOmyqPYyJq2NRuzdVumWeLj0VMNYGkIFVmE3 -LnxzrQKBgG5loEjdSKt40YOMXtYvUYUKDGvWgoQEb0hj3OqiBXz+w4YD3/iX7dbQ -qra1gCxE42Z9beiBiti6zi6zGcoVj/pfNUoyxTLMSwaytbF+g1u6ksXcmC9PXcmk -kJDR0DJcm/rcL8tp3PKo22GDB7sobm9gk5je6y8z+dQs3SQbWzb0 ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-03-Utility-Project/README.md b/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-03-Utility-Project/README.md deleted file mode 100644 index 32953c99..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-03-Utility-Project/README.md +++ /dev/null @@ -1,259 +0,0 @@ -# Terraform Small Utility Project - -## Step-01: Introduction -### Current Problem: -- We are not able to create EC2 Instances in all the subnets of our VPC which are spread across all availability zones in that region -### Approach to a Solution: -- We need to find a solution to say that our desired EC2 Instance Type `example: t3.micro` is supported in that availability zone or not -- In simple terms, give me the availability zone list in a particular region where by desired EC2 Instance Type (t3.micro) is supported -### Why utility project? -- In Terraform, we should `not` go and try things directly in large code base. -- First try your requirements in small chunks and integrate that to main code base. -- We are going to do the same now. - -## Step-02: c1-versions.tf -- Hard-coded the region as we are not going to use any `variables.tf` in this utility project -```t -# Provider Block -provider "aws" { - region = "us-east-1" -} -``` - -## Step-03: c2-v1-get-instancetype-supported-per-az-in-a-region.tf -- We are first going to explore the datasource and it outputs -```t -# Determine which Availability Zones support your instance type -aws ec2 describe-instance-type-offerings --location-type availability-zone --filters Name=instance-type,Values=t3.micro --region us-east-1 --output table -``` -### Step-03-01: Review / Create the datasource and its output -```t -# Datasource -data "aws_ec2_instance_type_offerings" "my_ins_type1" { - filter { - name = "instance-type" - values = ["t3.micro"] - } - filter { - name = "location" - values = ["us-east-1a"] - #values = ["us-east-1e"] - } - location_type = "availability-zone" -} - - -# Output -output "output_v1_1" { - value = data.aws_ec2_instance_type_offerings.my_ins_type1.instance_types -} -``` -### Step-03-02: Execute Terraform Commands -```t -# Terraform Initialize -terraform init - -# Terraform Validate -terraform validate - -# Terraform Plan -terraform plan -terraform apply -auto-approve -Observation: -1. Output should have the instance value `t3.micro` when `values = ["us-east-1a"]` in location filter -# Sample Output -output_v1_1 = toset([ - "t3.micro", -]) - -# Make a change -Switch the values in `location` filter to `values = ["us-east-1e"]` and test again with `terraform plan` - -# Terraform Plan -terraform plan -terraform apply -auto-approve -Observation: -1. Output should have the instance value empty `[]` when `values = ["us-east-1e"]` in location filter -# Sample Output -output_v1_1 = toset([]) -``` - -## Step-04: c2-v2-get-instancetype-supported-per-az-in-a-region.tf -- Using `for_each` create multiple instances of datasource and loop it with hard-coded availability zones in `for_each` -### Step-04-01: Review / Create the datasource and its output with for_each -```t -# Check if that respective Instance Type is supported in that Specific Region in list of availability Zones -# Get the List of Availability Zones in a Particular region where that respective Instance Type is supported -data "aws_ec2_instance_type_offerings" "my_ins_type2" { - for_each = toset([ "us-east-1a", "us-east-1e" ]) - filter { - name = "instance-type" - values = ["t3.micro"] - } - filter { - name = "location" - values = [each.key] - } - location_type = "availability-zone" -} - - -# Important Note: Once for_each is set, its attributes must be accessed on specific instances -output "output_v2_1" { - #value = data.aws_ec2_instance_type_offerings.my_ins_type1.instance_types - value = toset([ - for t in data.aws_ec2_instance_type_offerings.my_ins_type2 : t.instance_types - ]) -} - -# Create a Map with Key as Availability Zone and value as Instance Type supported -output "output_v2_2" { - value = { for az, details in data.aws_ec2_instance_type_offerings.my_ins_type2 : - az => details.instance_types } -} -``` - -### Step-04-02: Execute Terraform Commands -```t -# Terraform Plan -terraform plan -terraform apply -auto-approve -Observation: refer sample output -# Sample Output -output_v2_1 = toset([ - toset([ - "t3.micro", - ]), - toset([]), -]) -output_v2_2 = { - "us-east-1a" = toset([ - "t3.micro", - ]) - "us-east-1e" = toset([]) -} -``` - -## Step-05: c2-v3-get-instancetype-supported-per-az-in-a-region.tf - -### Step-05-01: Add new datasource aws_availability_zones -- Get List of Availability Zones in a Specific Region -```t -# Get List of Availability Zones in a Specific Region -# Region is set in c1-versions.tf in Provider Block -data "aws_availability_zones" "my_azones" { - filter { - name = "opt-in-status" - values = ["opt-in-not-required"] - } -} -``` - -### Step-05-02: Update for_each with new datasource -```t -# Check if that respective Instance Type is supported in that Specific Region in list of availability Zones -# Get the List of Availability Zones in a Particular region where that respective Instance Type is supported -data "aws_ec2_instance_type_offerings" "my_ins_type" { -for_each=toset(data.aws_availability_zones.my_azones.names) - filter { - name = "instance-type" - values = ["t3.micro"] - } - filter { - name = "location" - values = [each.key] - } - location_type = "availability-zone" -} -``` - -### Step-05-03: Implement Incremental Outputs till we reach what is required -```t -# Basic Output: All Availability Zones mapped to Supported Instance Types -output "output_v3_1" { - value = { for az, details in data.aws_ec2_instance_type_offerings.my_ins_type : - az => details.instance_types } -} - -# Filtered Output: Exclude Unsupported Availability Zones -output "output_v3_2" { - value = { for az, details in data.aws_ec2_instance_type_offerings.my_ins_type : - az => details.instance_types if length(details.instance_types) != 0 } -} - -# Filtered Output: with Keys Function - Which gets keys from a Map -# This will return the list of availability zones supported for a instance type -output "output_v3_3" { - value = keys({ for az, details in data.aws_ec2_instance_type_offerings.my_ins_type : - az => details.instance_types if length(details.instance_types) != 0 }) -} - -# Filtered Output: As the output is list now, get the first item from list (just for learning) -output "output_v3_4" { - value = keys({ for az, details in data.aws_ec2_instance_type_offerings.my_ins_type : - az => details.instance_types if length(details.instance_types) != 0 })[0] -} -``` - -### Step-05-04: Execute Terraform Commands -```t -# Terraform Plan -terraform plan -terraform appy -auto-approve -Observation: refer sample output -1. In the final output you will only get the availability zones list in which `t3.micro` instance is supported -# Sample Output -output_v3_1 = { - "us-east-1a" = toset([ - "t3.micro", - ]) - "us-east-1b" = toset([ - "t3.micro", - ]) - "us-east-1c" = toset([ - "t3.micro", - ]) - "us-east-1d" = toset([ - "t3.micro", - ]) - "us-east-1e" = toset([]) - "us-east-1f" = toset([ - "t3.micro", - ]) -} -output_v3_2 = { - "us-east-1a" = toset([ - "t3.micro", - ]) - "us-east-1b" = toset([ - "t3.micro", - ]) - "us-east-1c" = toset([ - "t3.micro", - ]) - "us-east-1d" = toset([ - "t3.micro", - ]) - "us-east-1f" = toset([ - "t3.micro", - ]) -} -output_v3_3 = [ - "us-east-1a", - "us-east-1b", - "us-east-1c", - "us-east-1d", - "us-east-1f", -] -output_v3_4 = "us-east-1a" -``` - -## Step-06: Clean-Up -```t -# Terraform Destroy -terraform destroy -auto-approve - -# Delete Files -rm -rf .terraform* -rm -rf terraform.tfstate* -``` \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-03-Utility-Project/terraform-manifests/c1-versions.tf b/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-03-Utility-Project/terraform-manifests/c1-versions.tf deleted file mode 100644 index eb010b40..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-03-Utility-Project/terraform-manifests/c1-versions.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Terraform Block -terraform { - required_version = ">= 1.0" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 3.0" - } - } -} - -# Provider Block -provider "aws" { - region = "us-east-1" -} -/* -Note-1: AWS Credentials Profile (profile = "default") configured on your local desktop terminal -$HOME/.aws/credentials -*/ diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-03-Utility-Project/terraform-manifests/c2-v1-get-instancetype-supported-per-az-in-a-region.tf b/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-03-Utility-Project/terraform-manifests/c2-v1-get-instancetype-supported-per-az-in-a-region.tf deleted file mode 100644 index 0417f2a4..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-03-Utility-Project/terraform-manifests/c2-v1-get-instancetype-supported-per-az-in-a-region.tf +++ /dev/null @@ -1,20 +0,0 @@ -# Datasource -data "aws_ec2_instance_type_offerings" "my_ins_type1" { - filter { - name = "instance-type" - values = ["t3.micro"] - } - filter { - name = "location" - #values = ["us-east-1a"] - values = ["us-east-1e"] - } - location_type = "availability-zone" -} - - -# Output -output "output_v1_1" { - value = data.aws_ec2_instance_type_offerings.my_ins_type1.instance_types -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-03-Utility-Project/terraform-manifests/c2-v2-get-instancetype-supported-per-az-in-a-region.tf b/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-03-Utility-Project/terraform-manifests/c2-v2-get-instancetype-supported-per-az-in-a-region.tf deleted file mode 100644 index 45c13aaa..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-03-Utility-Project/terraform-manifests/c2-v2-get-instancetype-supported-per-az-in-a-region.tf +++ /dev/null @@ -1,32 +0,0 @@ -# Check if that respective Instance Type is supported in that Specific Region in list of availability Zones -# Get the List of Availability Zones in a Particular region where that respective Instance Type is supported -# Datasource -data "aws_ec2_instance_type_offerings" "my_ins_type2" { - for_each = toset([ "us-east-1a", "us-east-1b", "us-east-1e" ]) - filter { - name = "instance-type" - values = ["t3.micro"] - } - filter { - name = "location" - values = [each.key] - } - location_type = "availability-zone" -} - - -#Output-1 -# Important Note: Once for_each is set, its attributes must be accessed on specific instances -output "output_v2_1" { - #value = data.aws_ec2_instance_type_offerings.my_ins_type1.instance_types - value = toset([for t in data.aws_ec2_instance_type_offerings.my_ins_type2: t.instance_types]) -} - -#Output-2 -# Create a Map with Key as Availability Zone and value as Instance Type supported -output "output_v2_2" { - value = { - for az, details in data.aws_ec2_instance_type_offerings.my_ins_type2: az => details.instance_types - } -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-03-Utility-Project/terraform-manifests/c2-v3-get-instancetype-supported-per-az-in-a-region.tf b/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-03-Utility-Project/terraform-manifests/c2-v3-get-instancetype-supported-per-az-in-a-region.tf deleted file mode 100644 index ab01fdea..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-03-Utility-Project/terraform-manifests/c2-v3-get-instancetype-supported-per-az-in-a-region.tf +++ /dev/null @@ -1,60 +0,0 @@ -# Get List of Availability Zones in a Specific Region -# Region is set in c1-versions.tf in Provider Block -# Datasource-1 -data "aws_availability_zones" "my_azones" { - filter { - name = "opt-in-status" - values = ["opt-in-not-required"] - } -} - -# Check if that respective Instance Type is supported in that Specific Region in list of availability Zones -# Get the List of Availability Zones in a Particular region where that respective Instance Type is supported -# Datasource-2 -data "aws_ec2_instance_type_offerings" "my_ins_type" { - for_each = toset(data.aws_availability_zones.my_azones.names) - filter { - name = "instance-type" - values = ["t3.micro"] - } - filter { - name = "location" - values = [each.key] - } - location_type = "availability-zone" -} - - -# Output-1 -# Basic Output: All Availability Zones mapped to Supported Instance Types -output "output_v3_1" { - value = { - for az, details in data.aws_ec2_instance_type_offerings.my_ins_type: az => details.instance_types - } -} - -# Output-2 -# Filtered Output: Exclude Unsupported Availability Zones -output "output_v3_2" { - value = { - for az, details in data.aws_ec2_instance_type_offerings.my_ins_type: - az => details.instance_types if length(details.instance_types) != 0 } -} - -# Output-3 -# Filtered Output: with Keys Function - Which gets keys from a Map -# This will return the list of availability zones supported for a instance type -output "output_v3_3" { - value = keys({ - for az, details in data.aws_ec2_instance_type_offerings.my_ins_type: - az => details.instance_types if length(details.instance_types) != 0 }) -} - - -# Output-4 (additional learning) -# Filtered Output: As the output is list now, get the first item from list (just for learning) -output "output_v3_4" { - value = keys({ - for az, details in data.aws_ec2_instance_type_offerings.my_ins_type: - az => details.instance_types if length(details.instance_types) != 0 })[0] -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/README.md b/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/README.md deleted file mode 100644 index e83cdb32..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/README.md +++ /dev/null @@ -1,116 +0,0 @@ -# Meta-Argument for_each with AZ Instance Type Check - -## Step-00: Pre-requisite Note -- We are using the `default vpc` in `us-east-1` region - -## Step-01: Introduction -- Implement the fix for issue we have faced in `section-05-02` with fix we have developed in `section-05-03` - -## Step-02: c7-get-instancetype-supported-per-az-in-a-region.tf -- Copy this from previous `05-03-Utility-Project` from file named `c2-v3-get-instancetype-supported-per-az-in-a-region.tf` -```t -# Get List of Availability Zones in a Specific Region -# Region is set in c1-versions.tf in Provider Block -data "aws_availability_zones" "my_azones" { - filter { - name = "opt-in-status" - values = ["opt-in-not-required"] - } -} - -# Check if that respective Instance Type is supported in that Specific Region in list of availability Zones -# Get the List of Availability Zones in a Particular region where that respective Instance Type is supported -data "aws_ec2_instance_type_offerings" "my_ins_type" { -for_each=toset(data.aws_availability_zones.my_azones.names) - filter { - name = "instance-type" - values = ["t3.micro"] - } - filter { - name = "location" - values = [each.key] - } - location_type = "availability-zone" -} - - -# Basic Output: All Availability Zones mapped to Supported Instance Types -output "output_v3_1" { - value = { for az, details in data.aws_ec2_instance_type_offerings.my_ins_type : - az => details.instance_types } -} - -# Filtered Output: Exclude Unsupported Availability Zones -output "output_v3_2" { - value = { for az, details in data.aws_ec2_instance_type_offerings.my_ins_type : - az => details.instance_types if length(details.instance_types) != 0 } -} - -# Filtered Output: with Keys Function - Which gets keys from a Map -# This will return the list of availability zones supported for a instance type -output "output_v3_3" { - value = keys({ for az, details in data.aws_ec2_instance_type_offerings.my_ins_type : - az => details.instance_types if length(details.instance_types) != 0 }) -} - -# Filtered Output: As the output is list now, get the first item from list (just for learning) -output "output_v3_4" { - value = keys({ for az, details in data.aws_ec2_instance_type_offerings.my_ins_type : - az => details.instance_types if length(details.instance_types) != 0 })[0] -} -``` - -## Step-03: c5-ec2instance.tf -### Step-03-01: Update the `for_each` statement to new one -```t - for_each = toset(keys({ for az, details in data.aws_ec2_instance_type_offerings.my_ins_type : - az => details.instance_types if length(details.instance_types) != 0 })) -``` -### Step-03-02: Final look of c5-ec2-instance.tf -```t -# EC2 Instance -resource "aws_instance" "myec2vm" { - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - user_data = file("${path.module}/app1-install.sh") - key_name = var.instance_keypair - vpc_security_group_ids = [ aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id ] - # Create EC2 Instance in all Availabilty Zones of a VPC - #for_each = toset(data.aws_availability_zones.my_azones.names) - for_each = toset(keys({ for az, details in data.aws_ec2_instance_type_offerings.my_ins_type : - az => details.instance_types if length(details.instance_types) != 0 })) - availability_zone = each.key # You can also use each.value because for list items each.key == each.value - tags = { - "Name" = "For-Each-Demo-${each.key}" - } -} -``` - -## Step-04: Execute Terraform Commands -```t -# Terraform Initialize -terraform init - -# Terraform Validate -terraform validate - -# Terraform Plan -terraform plan - -# Terraform Apply -terraform apply -auto-approve -Observations: -1. Verify Outputs -2. Verify EC2 Instances created via AWS Management Console -``` - - -## Step-05: Clean-Up -```t -# Terraform Destroy -terraform destroy -auto-approve - -# Delete Files -rm -rf .terraform* -rm -rf terraform.tfstate* -``` \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/app1-install.sh b/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/app1-install.sh deleted file mode 100644 index f697dd1d..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/app1-install.sh +++ /dev/null @@ -1,12 +0,0 @@ -#! /bin/bash -# Instance Identity Metadata Reference - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html -sudo yum update -y -sudo yum install -y httpd -sudo systemctl enable httpd -sudo service httpd start -sudo echo 'Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app1/index.html -sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app1/metadata.html - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/backup/c5-ec2instance.tf b/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/backup/c5-ec2instance.tf deleted file mode 100644 index 1136a744..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/backup/c5-ec2instance.tf +++ /dev/null @@ -1,16 +0,0 @@ -# EC2 Instance -resource "aws_instance" "myec2vm" { - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - user_data = file("${path.module}/app1-install.sh") - key_name = var.instance_keypair - vpc_security_group_ids = [ aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id ] - # Create EC2 Instance in all Availabilty Zones of a VPC - #for_each = toset(data.aws_availability_zones.my_azones.names) - for_each = toset(keys({ for az, details in data.aws_ec2_instance_type_offerings.my_ins_type : - az => details.instance_types if length(details.instance_types) != 0 })) - availability_zone = each.key # You can also use each.value because for list items each.key == each.value - tags = { - "Name" = "For-Each-Demo-${each.key}" - } -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/c1-versions.tf b/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/c1-versions.tf deleted file mode 100644 index 9d3553b1..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/c1-versions.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Terraform Block -terraform { - required_version = ">= 1.0" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 3.0" - } - } -} - -# Provider Block -provider "aws" { - region = var.aws_region -} -/* -Note-1: AWS Credentials Profile (profile = "default") configured on your local desktop terminal -$HOME/.aws/credentials -*/ diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/c2-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/c2-variables.tf deleted file mode 100644 index 786f7843..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/c2-variables.tf +++ /dev/null @@ -1,23 +0,0 @@ -# Input Variables -# AWS Region -variable "aws_region" { - description = "Region in which AWS Resources to be created" - type = string - default = "us-east-1" -} - -# AWS EC2 Instance Type -variable "instance_type" { - description = "EC2 Instnace Type" - type = string - default = "t3.micro" -} - -# AWS EC2 Instance Key Pair -variable "instance_keypair" { - description = "AWS EC2 Key Pair that need to be associated with EC2 Instance" - type = string - default = "terraform-key" -} - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/c3-ec2securitygroups.tf b/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/c3-ec2securitygroups.tf deleted file mode 100644 index 077c3c40..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/c3-ec2securitygroups.tf +++ /dev/null @@ -1,56 +0,0 @@ -# Create Security Group - SSH Traffic -resource "aws_security_group" "vpc-ssh" { - name = "vpc-ssh" - description = "Dev VPC SSH" - ingress { - description = "Allow Port 22" - from_port = 22 - to_port = 22 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - } - - egress { - description = "Allow all ip and ports outbound" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] - } - - tags = { - Name = "vpc-ssh" - } -} - -# Create Security Group - Web Traffic -resource "aws_security_group" "vpc-web" { - name = "vpc-web" - description = "Dev VPC Web" - ingress { - description = "Allow Port 80" - from_port = 80 - to_port = 80 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - } - ingress { - description = "Allow Port 443" - from_port = 443 - to_port = 443 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - } - egress { - description = "Allow all ip and ports outbound" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] - } - - tags = { - Name = "vpc-web" - } -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/c4-ami-datasource.tf b/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/c4-ami-datasource.tf deleted file mode 100644 index cf1e87a6..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/c4-ami-datasource.tf +++ /dev/null @@ -1,21 +0,0 @@ -# Get latest AMI ID for Amazon Linux2 OS -data "aws_ami" "amzlinux2" { - most_recent = true - owners = ["amazon"] - filter { - name = "name" - values = ["amzn2-ami-hvm-*-gp2"] - } - filter { - name = "root-device-type" - values = ["ebs"] - } - filter { - name = "virtualization-type" - values = ["hvm"] - } - filter { - name = "architecture" - values = ["x86_64"] - } -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/c5-ec2instance.tf b/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/c5-ec2instance.tf deleted file mode 100644 index 33612051..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/c5-ec2instance.tf +++ /dev/null @@ -1,16 +0,0 @@ -# EC2 Instance -resource "aws_instance" "myec2vm" { - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - user_data = file("${path.module}/app1-install.sh") - key_name = var.instance_keypair - vpc_security_group_ids = [ aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id ] - # Create EC2 Instance in all Availabilty Zones of a VPC - #for_each = toset(data.aws_availability_zones.my_azones.names) - for_each = toset(keys({for az, details in data.aws_ec2_instance_type_offerings.my_ins_type: - az => details.instance_types if length(details.instance_types) != 0 })) - availability_zone = each.key # You can also use each.value because for list items each.key == each.value - tags = { - "Name" = "For-Each-Demo-${each.key}" - } -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/c6-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/c6-outputs.tf deleted file mode 100644 index 689af9f3..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/c6-outputs.tf +++ /dev/null @@ -1,36 +0,0 @@ -# Terraform Output Values - - -# EC2 Instance Public IP with TOSET -output "instance_publicip" { - description = "EC2 Instance Public IP" - #value = aws_instance.myec2vm.*.public_ip # Legacy Splat - #value = aws_instance.myec2vm[*].public_ip # Latest Splat - value = toset([for instance in aws_instance.myec2vm: instance.public_ip]) -} - -# EC2 Instance Public DNS with TOSET -output "instance_publicdns" { - description = "EC2 Instance Public DNS" - #value = aws_instance.myec2vm[*].public_dns # Legacy Splat - #value = aws_instance.myec2vm[*].public_dns # Latest Splat - value = toset([for instance in aws_instance.myec2vm: instance.public_dns]) -} - -# EC2 Instance Public DNS with TOMAP -output "instance_publicdns2" { - value = tomap({for az, instance in aws_instance.myec2vm: az => instance.public_dns}) -} - - -/* -# Additional Important Note about OUTPUTS when for_each used -1. The [*] and .* operators are intended for use with lists only. -2. Because this resource uses for_each rather than count, -its value in other expressions is a toset or a map, not a list. -3. With that said, we can use Function "toset" and loop with "for" -to get the output for a list -4. For maps, we can directly use for loop to get the output and if we -want to handle type conversion we can use "tomap" function too -*/ - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/c7-get-instancetype-supported-per-az-in-a-region.tf b/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/c7-get-instancetype-supported-per-az-in-a-region.tf deleted file mode 100644 index 06a55555..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/c7-get-instancetype-supported-per-az-in-a-region.tf +++ /dev/null @@ -1,59 +0,0 @@ -# Get List of Availability Zones in a Specific Region -# Region is set in c1-versions.tf in Provider Block -# Datasource-1 -data "aws_availability_zones" "my_azones" { - filter { - name = "opt-in-status" - values = ["opt-in-not-required"] - } -} - -# Check if that respective Instance Type is supported in that Specific Region in list of availability Zones -# Get the List of Availability Zones in a Particular region where that respective Instance Type is supported -# Datasource-2 -data "aws_ec2_instance_type_offerings" "my_ins_type" { - for_each = toset(data.aws_availability_zones.my_azones.names) - filter { - name = "instance-type" - values = ["t3.micro"] - } - filter { - name = "location" - values = [each.key] - } - location_type = "availability-zone" -} - - -# Output-1 -# Basic Output: All Availability Zones mapped to Supported Instance Types -output "output_v3_1" { - value = { - for az, details in data.aws_ec2_instance_type_offerings.my_ins_type: az => details.instance_types - } -} - -# Output-2 -# Filtered Output: Exclude Unsupported Availability Zones -output "output_v3_2" { - value = { - for az, details in data.aws_ec2_instance_type_offerings.my_ins_type: - az => details.instance_types if length(details.instance_types) != 0 } -} - -# Output-3 -# Filtered Output: with Keys Function - Which gets keys from a Map -# This will return the list of availability zones supported for a instance type -output "output_v3_3" { - value = keys({for az, details in data.aws_ec2_instance_type_offerings.my_ins_type: - az => details.instance_types if length(details.instance_types) != 0 }) -} - - -# Output-4 (additional learning) -# Filtered Output: As the output is list now, get the first item from list (just for learning) -output "output_v3_4" { - value = keys({ - for az, details in data.aws_ec2_instance_type_offerings.my_ins_type: - az => details.instance_types if length(details.instance_types) != 0 })[0] -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/private-key/terraform-key.pem b/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/private-key/terraform-key.pem deleted file mode 100644 index fab1eb2a..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/private-key/terraform-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAnzQtbXStFNU4znotckbPpAbQvymSYBvIRhObDObmhZLzs/Qm -lm57HBU18NcdAeEmKjHyu/2CI4Wwor3TJ+LTKHIldHmCt+26dSN5889Km99Af674 -nuPg9fTt8IXhY83aO0AeEnFivC+lk9+6Xezv7J7Llsmyx3kvUGE4uUEPNPuNcjdU -OrSlQ/Th9FPWBsTL8wLQCfQaPIQhZT8fXnvNGViTpZ/YqcoKGmkXcMl/+Pi0Xccs -ID3Egl18sV5uWr6T1DSMqhhwWYbl+IagZYUeKQ6Lg5znAtnX2/OHhDep6pGcf+aE -jbRkhQWgfLIVYhNXkAGxdxBEA2fQO0wvnaKI6wIDAQABAoIBABmUZqApmQ253LDA -TMEJw58VQUEVyuEKVbl8uPLvvqZDoEiPuAt/oOQ4PDyAM7bzmBA7ikbOSrSubF0Z -pu3HsinTfVUjmO84kTb1Bkk4S0KUMmbRlDzjXGfofLqiqD5C+wd+G9bWxQh7l10V -G3qv8TTRpuCJc+I9BG8jz9tkKq9WYtnGKXktVIAmEXK+ein8A5yj+szV1CyP0y6Y -6D1KApk+o1hLEXCBxaK6JgD4elJWgU0jCIhRFZzae93yozNIfJc2WZfPc8Ro6GBa -8H57q3E241P7S65VewhZlln9AUcRFYc587ohcCIW8mOWQ8NA3IMP+oVxa2p334Ll -duhR2jECgYEAyf7a1/+/c82B+ENyo53Y5CK2UM28oOJjiyCaWG2Dxj6V2+ZSXPrS -YTo43L9XiqT0Ry2eHjb4pJDsEeW5FnaDFO6NVUP+vfzaqWtozQmVAl3GQybbSh6g -+KJoEQff2Obadp9ZVhLFTiBedvGqPD43hs7jtmk5RfMjpLOvidfe+/UCgYEAycSJ -etYYHMMQm2NgX1/4dcbgOiu33N+x1H7LaXuvJMaZw0wB7fUyu65CAexEanDtiKs3 -jVG4tAzdMmHg7VxKR7eiCvQaSlxdWdcWtL2eFVq2TaQeowbpJUtsR0h6W0vpaN9A -VYW/oAH4fzQskwmWSlBMxB/Ie14hBCBckTXSRV8CgYEAql6WXpCK/jVbZfYdfvrn -sKPGeijM7DWGGBaLmAHmnxKyeyKsXVgAkZj11NpeD8ZJcq97Kajb1pGVSxMjJVsX -/FOoST5sYfoew76gSi/GypQlYQYo9z8WLh9s/tBRcTRlFqAYTYzPdbG/ezshhmZD -lyRw0620bNdCPOyBJhY5MPECgYA/3tFOazuSz0UQi3LUfkLetagBghlf+AgJJmIp -8BdPYvcF1ae+tiHrO4x1o188+qaW3uxk9fusM25KJqXXPaHd9gl7wi4YYAjFCcuM -R4IlbGPNTCjOnr9rKOcL4aup/uvSYOmyqPYyJq2NRuzdVumWeLj0VMNYGkIFVmE3 -LnxzrQKBgG5loEjdSKt40YOMXtYvUYUKDGvWgoQEb0hj3OqiBXz+w4YD3/iX7dbQ -qra1gCxE42Z9beiBiti6zi6zGcoVj/pfNUoyxTLMSwaytbF+g1u6ksXcmC9PXcmk -kJDR0DJcm/rcL8tp3PKo22GDB7sobm9gk5je6y8z+dQs3SQbWzb0 ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/06-AWS-VPC/06-01-AWS-VPC-using-Mgmt-Console/README.md b/BACKUP-BEFORE-DEC2023-UPDATES/06-AWS-VPC/06-01-AWS-VPC-using-Mgmt-Console/README.md deleted file mode 100644 index 8b9ef51e..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/06-AWS-VPC/06-01-AWS-VPC-using-Mgmt-Console/README.md +++ /dev/null @@ -1,77 +0,0 @@ -# Design AWS VPC using AWS Management Console - -## Step-01: Introduction -- Create VPC -- Create Public and Private Subnets -- Create Internet Gateway and Associate to VPC -- Create NAT Gateway in Public Subnet -- Create Public Route Table, Add Public Route via Internet Gateway and Associate Public Subnet -- Create Private Route Table, Add Private Route via NAT Gateway and Associate Private Subnet - -## Step-02: Create VPC -- **Name:** my-manual-vpc -- **IPv4 CIDR Block:** 10.0.0.0/16 -- Rest all defaults -- Click on **Create VPC** - -## Step-03: Create Subnets -### Step-03-01: Public Subnet -- **VPC ID:** my-manual-vpc -- **Subnet Name::** my-public-subnet-1 -- **Availability zone:** us-east-1a -- **IPv4 CIDR Block:** 10.0.1.0/24 - -### Step-03-02: Private Subnet -- **Subnet Name::** my-private-subnet-1 -- **Availability zone:** us-east-1a -- **IPv4 CIDR Block:** 10.0.101.0/24 -- Click on **Create Subnet** - -## Step-04: Create Internet Gateway and Associate it to VPC -- **Name Tag:** my-igw -- Click on **Create Internet Gateway** -- Click on Actions -> Attach to VPC -> my-manual-vpc - -## Step-05: Create NAT Gateway -- **Name:** my-nat-gateway -- **Subnet:** my-public-subnet-1 -- **Allocate Elastic Ip:** click on that -- Click on **Create NAT Gateway** - -## Step-06: Create Public Route Table and Create Routes and Associate Subnets -### Step-06-01: Create Public Route Table -- **Name tag:** my-public-route-table -- **vpc:** my-manual-vpc -- Click on **Create** -### Step-06-02: Create Public Route in newly created Route Table -- Click on **Add Route** -- **Destination:** 0.0.0.0/0 -- **Target:** my-igw -- Click on **Save Route** -### Step-06-03: Associate Public Subnet 1 in Route Table -- Click on **Edit Subnet Associations** -- Select **my-public-subnet-1** -- Click on **Save** - - -## Step-07: Create Private Route Table and Create Routes and Associate Subnets -### Step-07-01: Create Private Route Table -- **Name tag:** my-private-route-table -- **vpc:** my-manual-vpc -- Click on **Create** -### Step-07-02: Create Private Route in newly created Route Table -- Click on **Add Route** -- **Destination:** 0.0.0.0/0 -- **Target:** my-nat-gateway -- Click on **Save Route** -### Step-07-03: Associate Private Subnet 1 in Route Table -- Click on **Edit Subnet Associations** -- Select **my-private-subnet-1** -- Click on **Save** - -## Step-08: Clean-Up -- Delete `my-nat-gateway` -- Wait till NAT Gateway is deleted -- Delete `my-manual-vpc` - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/README.md b/BACKUP-BEFORE-DEC2023-UPDATES/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/README.md deleted file mode 100644 index ea46a870..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/README.md +++ /dev/null @@ -1,383 +0,0 @@ -# Design a 3 Tier AWS VPC with NAT Gateways using Terraform - -## Step-01: Introduction -- Understand about Terraform Modules -- Create VPC using `Terraform Modules` -- Define `Input Variables` for VPC module and reference them in VPC Terraform Module -- Define `local values` and reference them in VPC Terraform Module -- Create `terraform.tfvars` to load variable values by default from this file -- Create `vpc.auto.tfvars` to load variable values by default from this file related to a VPC -- Define `Output Values` for VPC - -## Step-02: v1-vpc-module - Hardcoded Model -### Step-02-01: How to make a decision of using the public Registry module? -1. Understand about [Terraform Registry and Modules](https://registry.terraform.io/) -2. We are going to use a [VPC Module](https://registry.terraform.io/modules/terraform-aws-modules/vpc/aws/latest) from Terraform Public Registry -3. Understand about Authenticity of a module hosted on Public Terraform Registry with [HashiCorp Verified Tag](https://registry.terraform.io/modules/terraform-aws-modules/vpc/aws/latest) -4. Review the download rate for that module -5. Review the latest versions and [release history](https://github.com/terraform-aws-modules/terraform-aws-vpc/releases) of that module -6. Review our feature needs when using that module and ensure if our need is satisfied use the module else use the standard terraform resource definition appraoch. -7. Review module inputs, outputs and dependencies too. -### Step-02-02: Create a VPC Module Terraform Configuration -- c1-versions.tf -- c2-generic-variables.tf -- c3-vpc.tf -- [Terraform AWS VPC Module](https://registry.terraform.io/modules/terraform-aws-modules/vpc/aws/latest) -```t -# Create VPC Terraform Module -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - version = "2.78.0" - - # VPC Basic Details - name = "vpc-dev" - cidr = "10.0.0.0/16" - azs = ["us-east-1a", "us-east-1b"] - private_subnets = ["10.0.1.0/24", "10.0.2.0/24"] - public_subnets = ["10.0.101.0/24", "10.0.102.0/24"] - - # Database Subnets - create_database_subnet_group = true - create_database_subnet_route_table= true - database_subnets = ["10.0.151.0/24", "10.0.152.0/24"] - - #create_database_nat_gateway_route = true - #create_database_internet_gateway_route = true - - # NAT Gateways - Outbound Communication - enable_nat_gateway = true - single_nat_gateway = true - - # VPC DNS Parameters - enable_dns_hostnames = true - enable_dns_support = true - - public_subnet_tags = { - Type = "public-subnets" - } - - private_subnet_tags = { - Type = "private-subnets" - } - - database_subnet_tags = { - Type = "database-subnets" - } - - tags = { - Owner = "kalyan" - Environment = "dev" - } - - vpc_tags = { - Name = "vpc-dev" - } -} -``` - -## Step-03: Execute Terraform Commands -```t -# Working Folder -terraform-manifests/v1-vpc-module - -# Terraform Initialize -terraform init -Observation: -1. Verify if modules got downloaded to .terraform folder - -# Terraform Validate -terraform validate - -# Terraform plan -terraform plan - -# Terraform Apply -terraform apply -auto-approve -Observation: -1) Verify VPC -2) Verify Subnets -3) Verify IGW -4) Verify Public Route for Public Subnets -5) Verify no public route for private subnets -6) Verify NAT Gateway and Elastic IP for NAT Gateway -7) Verify NAT Gateway route for Private Subnets -8) Verify no public route or no NAT Gateway route to Database Subnets -9) Verify Tags - -# Terraform Destroy -terraform destroy -auto-approve - -# Delete Files -rm -rf .terraform* -rm -rf terraform.tfstate* -``` - -## Step-04: Version Constraints in Terraform with Modules -- [Terraform Version Constraints](https://www.terraform.io/docs/language/expressions/version-constraints.html) -- For modules locking to the exact version is recommended to ensure there will not be any major breakages in production -- When depending on third-party modules, require specific versions to ensure that updates only happen when convenient to you -- For modules maintained within your organization, specifying version ranges may be appropriate if semantic versioning is used consistently or if there is a well-defined release process that avoids unwanted updates. -- [Review and understand this carefully](https://www.terraform.io/docs/language/expressions/version-constraints.html#terraform-core-and-provider-versions) - -## Step-05: v2-vpc-module-standardized - Standardized and Generalized -- In the next series of steps we are going to standardize the VPC configuration -- c2-generic-variables.tf -```t -# Input Variables -# AWS Region -variable "aws_region" { - description = "Region in which AWS Resources to be created" - type = string - default = "us-east-1" -} -# Environment Variable -variable "environment" { - description = "Environment Variable used as a prefix" - type = string - default = "dev" -} -# Business Division -variable "business_divsion" { - description = "Business Division in the large organization this Infrastructure belongs" - type = string - default = "HR" -} -``` - -## Step-06: c3-local-values.tf -- Understand about [Local Values](https://www.terraform.io/docs/language/values/locals.html) -```t -# Define Local Values in Terraform -locals { - owners = var.business_divsion - environment = var.environment - name = "${var.business_divsion}-${var.environment}" - common_tags = { - owners = local.owners - environment = local.environment - } -} -``` - -## Step-07: c4-01-vpc-variables.tf -```t -# VPC Input Variables - -# VPC Name -variable "vpc_name" { - description = "VPC Name" - type = string - default = "myvpc" -} - -# VPC CIDR Block -variable "vpc_cidr_block" { - description = "VPC CIDR Block" - type = string - default = "10.0.0.0/16" -} - -# VPC Availability Zones -variable "vpc_availability_zones" { - description = "VPC Availability Zones" - type = list(string) - default = ["us-east-1a", "us-east-1b"] -} - -# VPC Public Subnets -variable "vpc_public_subnets" { - description = "VPC Public Subnets" - type = list(string) - default = ["10.0.101.0/24", "10.0.102.0/24"] -} - -# VPC Private Subnets -variable "vpc_private_subnets" { - description = "VPC Private Subnets" - type = list(string) - default = ["10.0.1.0/24", "10.0.2.0/24"] -} - -# VPC Database Subnets -variable "vpc_database_subnets" { - description = "VPC Database Subnets" - type = list(string) - default = ["10.0.151.0/24", "10.0.152.0/24"] -} - -# VPC Create Database Subnet Group (True / False) -variable "vpc_create_database_subnet_group" { - description = "VPC Create Database Subnet Group" - type = bool - default = true -} - -# VPC Create Database Subnet Route Table (True or False) -variable "vpc_create_database_subnet_route_table" { - description = "VPC Create Database Subnet Route Table" - type = bool - default = true -} - - -# VPC Enable NAT Gateway (True or False) -variable "vpc_enable_nat_gateway" { - description = "Enable NAT Gateways for Private Subnets Outbound Communication" - type = bool - default = true -} - -# VPC Single NAT Gateway (True or False) -variable "vpc_single_nat_gateway" { - description = "Enable only single NAT Gateway in one Availability Zone to save costs during our demos" - type = bool - default = true -} -``` -## Step-08: c4-02-vpc-module.tf -```t -# Create VPC Terraform Module -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - version = "2.78.0" - #version = "~> 2.0" - - # VPC Basic Details - name = "${local.name}-${var.vpc_name}" - cidr = var.vpc_cidr_block - azs = var.vpc_availability_zones - public_subnets = var.vpc_public_subnets - private_subnets = var.vpc_private_subnets - - # Database Subnets - database_subnets = var.vpc_database_subnets - create_database_subnet_group = var.vpc_create_database_subnet_group - create_database_subnet_route_table = var.vpc_create_database_subnet_route_table - # create_database_internet_gateway_route = true - # create_database_nat_gateway_route = true - - # NAT Gateways - Outbound Communication - enable_nat_gateway = var.vpc_enable_nat_gateway - single_nat_gateway = var.vpc_single_nat_gateway - - # VPC DNS Parameters - enable_dns_hostnames = true - enable_dns_support = true - - - tags = local.common_tags - vpc_tags = local.common_tags - - # Additional Tags to Subnets - public_subnet_tags = { - Type = "Public Subnets" - } - private_subnet_tags = { - Type = "Private Subnets" - } - database_subnet_tags = { - Type = "Private Database Subnets" - } -} -``` -## Step-09: c4-03-vpc-outputs.tf -```t -# VPC Output Values - -# VPC ID -output "vpc_id" { - description = "The ID of the VPC" - value = module.vpc.vpc_id -} - -# VPC CIDR blocks -output "vpc_cidr_block" { - description = "The CIDR block of the VPC" - value = module.vpc.vpc_cidr_block -} - -# VPC Private Subnets -output "private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc.private_subnets -} - -# VPC Public Subnets -output "public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc.public_subnets -} - -# VPC NAT gateway Public IP -output "nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_public_ips -} - -# VPC AZs -output "azs" { - description = "A list of availability zones spefified as argument to this module" - value = module.vpc.azs -} -``` -## Step-10: terraform.tfvars -```t -# Generic Variables -aws_region = "us-east-1" -environment = "dev" -business_divsion = "HR" -``` - -## Step-11: vpc.auto.tfvars -```t -# VPC Variables -vpc_name = "myvpc" -vpc_cidr_block = "10.0.0.0/16" -vpc_availability_zones = ["us-east-1a", "us-east-1b"] -vpc_public_subnets = ["10.0.101.0/24", "10.0.102.0/24"] -vpc_private_subnets = ["10.0.1.0/24", "10.0.2.0/24"] -vpc_database_subnets= ["10.0.151.0/24", "10.0.152.0/24"] -vpc_create_database_subnet_group = true -vpc_create_database_subnet_route_table = true -vpc_enable_nat_gateway = true -vpc_single_nat_gateway = true -``` - - -## Step-12: Execute Terraform Commands -```t -# Working Folder -terraform-manifests/v2-vpc-module-standardized - -# Terraform Initialize -terraform init - -# Terraform Validate -terraform validate - -# Terraform plan -terraform plan - -# Terraform Apply -terraform apply -auto-approve -Observation: -1) Verify VPC -2) Verify Subnets -3) Verify IGW -4) Verify Public Route for Public Subnets -5) Verify no public route for private subnets -6) Verify NAT Gateway and Elastic IP for NAT Gateway -7) Verify NAT Gateway route for Private Subnets -8) Verify no public route or no NAT Gateway route to Database Subnets -9) Verify Tags -``` - -## Step-13: Clean-Up -```t -# Terraform Destroy -terraform destroy -auto-approve - -# Delete Files -rm -rf .terraform* -rm -rf terraform.tfstate* -``` diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v1-vpc-module/c1-versions.tf b/BACKUP-BEFORE-DEC2023-UPDATES/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v1-vpc-module/c1-versions.tf deleted file mode 100644 index 5691bb0a..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v1-vpc-module/c1-versions.tf +++ /dev/null @@ -1,20 +0,0 @@ -# Terraform Block -terraform { - required_version = ">= 1.0" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 3.0" - } - } -} - -# Provider Block -provider "aws" { - region = var.aws_region - profile = "default" -} -/* -Note-1: AWS Credentials Profile (profile = "default") configured on your local desktop terminal -$HOME/.aws/credentials -*/ diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v1-vpc-module/c2-generic-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v1-vpc-module/c2-generic-variables.tf deleted file mode 100644 index 0e652e99..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v1-vpc-module/c2-generic-variables.tf +++ /dev/null @@ -1,12 +0,0 @@ -# Input Variables - -# AWS Region -variable "aws_region" { - description = "Region in which AWS Resources to be created" - type = string - default = "us-east-1" -} - - - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v1-vpc-module/c3-vpc.tf b/BACKUP-BEFORE-DEC2023-UPDATES/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v1-vpc-module/c3-vpc.tf deleted file mode 100644 index 5085adec..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v1-vpc-module/c3-vpc.tf +++ /dev/null @@ -1,53 +0,0 @@ -# Create VPC Terraform Module -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - version = "2.78.0" - # version = "~> 2.78" - - # VPC Basic Details - name = "vpc-dev" - cidr = "10.0.0.0/16" - azs = ["us-east-1a", "us-east-1b"] - private_subnets = ["10.0.1.0/24", "10.0.2.0/24"] - public_subnets = ["10.0.101.0/24", "10.0.102.0/24"] - - # Database Subnets - create_database_subnet_group = true - create_database_subnet_route_table= true - database_subnets = ["10.0.151.0/24", "10.0.152.0/24"] - - #create_database_nat_gateway_route = true - #create_database_internet_gateway_route = true - - # NAT Gateways - Outbound Communication - enable_nat_gateway = true - single_nat_gateway = true - - # VPC DNS Parameters - enable_dns_hostnames = true - enable_dns_support = true - - public_subnet_tags = { - Type = "public-subnets" - } - - private_subnet_tags = { - Type = "private-subnets" - } - - database_subnet_tags = { - Type = "database-subnets" - } - - tags = { - Owner = "kalyan" - Environment = "dev" - } - - vpc_tags = { - Name = "vpc-dev" - } -} - - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v2-vpc-module-standardized/c1-versions.tf b/BACKUP-BEFORE-DEC2023-UPDATES/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v2-vpc-module-standardized/c1-versions.tf deleted file mode 100644 index 62b1ce4e..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v2-vpc-module-standardized/c1-versions.tf +++ /dev/null @@ -1,20 +0,0 @@ -# Terraform Block -terraform { - required_version = ">= 1.0" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 3.0" - } - } -} - -# Provider Block -provider "aws" { - region = var.aws_region - profile = "default" -} -/* -Note-1: AWS Credentials Profile (profile = "default") configured on your local desktop terminal -$HOME/.aws/credentials -*/ diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v2-vpc-module-standardized/c2-generic-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v2-vpc-module-standardized/c2-generic-variables.tf deleted file mode 100644 index 4f6d813e..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v2-vpc-module-standardized/c2-generic-variables.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Input Variables -# AWS Region -variable "aws_region" { - description = "Region in which AWS Resources to be created" - type = string - default = "us-east-1" -} -# Environment Variable -variable "environment" { - description = "Environment Variable used as a prefix" - type = string - default = "dev" -} -# Business Division -variable "business_divsion" { - description = "Business Division in the large organization this Infrastructure belongs" - type = string - default = "SAP" -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v2-vpc-module-standardized/c3-local-values.tf b/BACKUP-BEFORE-DEC2023-UPDATES/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v2-vpc-module-standardized/c3-local-values.tf deleted file mode 100644 index 9465b846..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v2-vpc-module-standardized/c3-local-values.tf +++ /dev/null @@ -1,11 +0,0 @@ -# Define Local Values in Terraform -locals { - owners = var.business_divsion - environment = var.environment - name = "${var.business_divsion}-${var.environment}" - #name = "${local.owners}-${local.environment}" - common_tags = { - owners = local.owners - environment = local.environment - } -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v2-vpc-module-standardized/c4-01-vpc-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v2-vpc-module-standardized/c4-01-vpc-variables.tf deleted file mode 100644 index b68d0a48..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v2-vpc-module-standardized/c4-01-vpc-variables.tf +++ /dev/null @@ -1,77 +0,0 @@ -# VPC Input Variables - -# VPC Name -variable "vpc_name" { - description = "VPC Name" - type = string - default = "myvpc" -} - -# VPC CIDR Block -variable "vpc_cidr_block" { - description = "VPC CIDR Block" - type = string - default = "10.0.0.0/16" -} - -# VPC Availability Zones -variable "vpc_availability_zones" { - description = "VPC Availability Zones" - type = list(string) - default = ["us-east-1a", "us-east-1b"] -} - -# VPC Public Subnets -variable "vpc_public_subnets" { - description = "VPC Public Subnets" - type = list(string) - default = ["10.0.101.0/24", "10.0.102.0/24"] -} - -# VPC Private Subnets -variable "vpc_private_subnets" { - description = "VPC Private Subnets" - type = list(string) - default = ["10.0.1.0/24", "10.0.2.0/24"] -} - -# VPC Database Subnets -variable "vpc_database_subnets" { - description = "VPC Database Subnets" - type = list(string) - default = ["10.0.151.0/24", "10.0.152.0/24"] -} - -# VPC Create Database Subnet Group (True / False) -variable "vpc_create_database_subnet_group" { - description = "VPC Create Database Subnet Group" - type = bool - default = true -} - -# VPC Create Database Subnet Route Table (True or False) -variable "vpc_create_database_subnet_route_table" { - description = "VPC Create Database Subnet Route Table" - type = bool - default = true -} - - -# VPC Enable NAT Gateway (True or False) -variable "vpc_enable_nat_gateway" { - description = "Enable NAT Gateways for Private Subnets Outbound Communication" - type = bool - default = true -} - -# VPC Single NAT Gateway (True or False) -variable "vpc_single_nat_gateway" { - description = "Enable only single NAT Gateway in one Availability Zone to save costs during our demos" - type = bool - default = true -} - - - - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v2-vpc-module-standardized/c4-02-vpc-module.tf b/BACKUP-BEFORE-DEC2023-UPDATES/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v2-vpc-module-standardized/c4-02-vpc-module.tf deleted file mode 100644 index 21a86db6..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v2-vpc-module-standardized/c4-02-vpc-module.tf +++ /dev/null @@ -1,43 +0,0 @@ -# Create VPC Terraform Module -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - version = "2.78.0" - #version = "~> 2.78" - - # VPC Basic Details - name = "${local.name}-${var.vpc_name}" - cidr = var.vpc_cidr_block - azs = var.vpc_availability_zones - public_subnets = var.vpc_public_subnets - private_subnets = var.vpc_private_subnets - - # Database Subnets - database_subnets = var.vpc_database_subnets - create_database_subnet_group = var.vpc_create_database_subnet_group - create_database_subnet_route_table = var.vpc_create_database_subnet_route_table - # create_database_internet_gateway_route = true - # create_database_nat_gateway_route = true - - # NAT Gateways - Outbound Communication - enable_nat_gateway = var.vpc_enable_nat_gateway - single_nat_gateway = var.vpc_single_nat_gateway - - # VPC DNS Parameters - enable_dns_hostnames = true - enable_dns_support = true - - - tags = local.common_tags - vpc_tags = local.common_tags - - # Additional Tags to Subnets - public_subnet_tags = { - Type = "Public Subnets" - } - private_subnet_tags = { - Type = "Private Subnets" - } - database_subnet_tags = { - Type = "Private Database Subnets" - } -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v2-vpc-module-standardized/c4-03-vpc-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v2-vpc-module-standardized/c4-03-vpc-outputs.tf deleted file mode 100644 index c144e991..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v2-vpc-module-standardized/c4-03-vpc-outputs.tf +++ /dev/null @@ -1,37 +0,0 @@ -# VPC Output Values - -# VPC ID -output "vpc_id" { - description = "The ID of the VPC" - value = module.vpc.vpc_id -} - -# VPC CIDR blocks -output "vpc_cidr_block" { - description = "The CIDR block of the VPC" - value = module.vpc.vpc_cidr_block -} - -# VPC Private Subnets -output "private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc.private_subnets -} - -# VPC Public Subnets -output "public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc.public_subnets -} - -# VPC NAT gateway Public IP -output "nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_public_ips -} - -# VPC AZs -output "azs" { - description = "A list of availability zones spefified as argument to this module" - value = module.vpc.azs -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v2-vpc-module-standardized/terraform.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v2-vpc-module-standardized/terraform.tfvars deleted file mode 100644 index d423925d..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v2-vpc-module-standardized/terraform.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# Generic Variables -aws_region = "us-east-1" -environment = "stag" -business_divsion = "HR" - - - - - - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v2-vpc-module-standardized/vpc.auto.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v2-vpc-module-standardized/vpc.auto.tfvars deleted file mode 100644 index fc45bf29..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v2-vpc-module-standardized/vpc.auto.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# VPC Variables -vpc_name = "myvpc" -vpc_cidr_block = "10.0.0.0/16" -vpc_availability_zones = ["us-east-1a", "us-east-1b"] -vpc_public_subnets = ["10.0.101.0/24", "10.0.102.0/24"] -vpc_private_subnets = ["10.0.1.0/24", "10.0.2.0/24"] -vpc_database_subnets= ["10.0.151.0/24", "10.0.152.0/24"] -vpc_create_database_subnet_group = true -vpc_create_database_subnet_route_table = true -vpc_enable_nat_gateway = true -vpc_single_nat_gateway = true \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/README.md b/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/README.md deleted file mode 100644 index 50f206df..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/README.md +++ /dev/null @@ -1,405 +0,0 @@ -# Build AWS EC2 Instances, Security Groups using Terraform - -## Step-01: Introduction -### Terraform Modules we will use -- [terraform-aws-modules/vpc/aws](https://registry.terraform.io/modules/terraform-aws-modules/vpc/aws/latest) -- [terraform-aws-modules/security-group/aws](https://registry.terraform.io/modules/terraform-aws-modules/security-group/aws/latest) -- [terraform-aws-modules/ec2-instance/aws](https://registry.terraform.io/modules/terraform-aws-modules/ec2-instance/aws/latest) - -### Terraform New Concepts we will introduce -- [aws_eip](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip) -- [null_resource](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) -- [file provisioner](https://www.terraform.io/docs/language/resources/provisioners/file.html) -- [remote-exec provisioner](https://www.terraform.io/docs/language/resources/provisioners/remote-exec.html) -- [local-exec provisioner](https://www.terraform.io/docs/language/resources/provisioners/local-exec.html) -- [depends_on Meta-Argument](https://www.terraform.io/docs/language/meta-arguments/depends_on.html) - -### What are we going implement? -- Create VPC with 3-Tier Architecture (Web, App and DB) - Leverage code from previous section -- Create AWS Security Group Terraform Module and define HTTP port 80, 22 inbound rule for entire internet access `0.0.0.0/0` -- Create Multiple EC2 Instances in VPC Private Subnets and install -- Create EC2 Instance in VPC Public Subnet `Bastion Host` -- Create Elastic IP for `Bastion Host` EC2 Instance -- Create `null_resource` with following 3 Terraform Provisioners - - File Provisioner - - Remote-exec Provisioner - - Local-exec Provisioner - -## Pre-requisite -- Copy your AWS EC2 Key pair `terraform-key.pem` in `private-key` folder -- Folder name `local-exec-output-files` where `local-exec` provisioner creates a file (creation-time provisioner) - -## Step-02: Copy all the VPC TF Config files from 06-02 -- Copy the following TF Config files from 06-02 section which will create a 3-Tier VPC -- c1-versions.tf -- c2-generic-variables.tf -- c3-local-values.tf -- c4-01-vpc-variables.tf -- c4-02-vpc-module.tf -- c4-03-vpc-outputs.tf -- terraform.tfvars -- vpc.auto.tfvars -- private-key/terraform-key.pem - -## Step-03: Add app1-install.sh -- Add `app1-install.sh` in working directory -```sh -#! /bin/bash -# Instance Identity Metadata Reference - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html -sudo yum update -y -sudo yum install -y httpd -sudo systemctl enable httpd -sudo service httpd start -sudo echo 'Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app1/index.html -sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app1/metadata.html -``` - -## Step-04: Create Security Groups for Bastion Host and Private Subnet Hosts -### Step-04-01: c5-01-securitygroup-variables.tf -- Place holder file for defining any Input Variables for EC2 Security Groups - -### Step-04-02: c5-03-securitygroup-bastionsg.tf -- [SG Module Examples for Reference](https://registry.terraform.io/modules/terraform-aws-modules/security-group/aws/latest/examples/complete) -```t -# AWS EC2 Security Group Terraform Module -# Security Group for Public Bastion Host -module "public_bastion_sg" { - source = "terraform-aws-modules/security-group/aws" - version = "3.18.0" - - name = "public-bastion-sg" - description = "Security group with SSH port open for everybody (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Block - ingress_rules = ["ssh-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} -``` -### Step-04-03: c5-04-securitygroup-privatesg.tf -```t -# AWS EC2 Security Group Terraform Module -# Security Group for Private EC2 Instances -module "private_sg" { - source = "terraform-aws-modules/security-group/aws" - version = "3.18.0" - - name = "private-sg" - description = "Security group with HTTP & SSH ports open for everybody (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - ingress_rules = ["ssh-tcp", "http-80-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - egress_rules = ["all-all"] - tags = local.common_tags -} -``` - -### Step-04-04: c5-02-securitygroup-outputs.tf -- [SG Module Examples for Reference](https://registry.terraform.io/modules/terraform-aws-modules/security-group/aws/latest/examples/complete) -```t - -# Public Bastion Host Security Group Outputs -output "public_bastion_sg_group_id" { - description = "The ID of the security group" - value = module.public_bastion_sg.this_security_group_id -} -output "public_bastion_sg_group_vpc_id" { - description = "The VPC ID" - value = module.public_bastion_sg.this_security_group_vpc_id -} -output "public_bastion_sg_group_name" { - description = "The name of the security group" - value = module.public_bastion_sg.this_security_group_name -} - - -# Private EC2 Instances Security Group Outputs -output "private_sg_group_id" { - description = "The ID of the security group" - value = module.private_sg.this_security_group_id -} -output "private_sg_group_vpc_id" { - description = "The VPC ID" - value = module.private_sg.this_security_group_vpc_id -} -output "private_sg_group_name" { - description = "The name of the security group" - value = module.private_sg.this_security_group_name -} -``` - -## Step-05: c6-01-datasource-ami.tf -```t -# Get latest AMI ID for Amazon Linux2 OS -data "aws_ami" "amzlinux2" { - most_recent = true - owners = [ "amazon" ] - filter { - name = "name" - values = [ "amzn2-ami-hvm-*-gp2" ] - } - filter { - name = "root-device-type" - values = [ "ebs" ] - } - filter { - name = "virtualization-type" - values = [ "hvm" ] - } - filter { - name = "architecture" - values = [ "x86_64" ] - } -} -``` - -## Step-06: EC2 Instances -### Step-06-01: c7-01-ec2instance-variables.tf -```t -# AWS EC2 Instance Type -variable "instance_type" { - description = "EC2 Instance Type" - type = string - default = "t3.micro" -} -# AWS EC2 Instance Key Pair -variable "instance_keypair" { - description = "AWS EC2 Key pair that need to be associated with EC2 Instance" - type = string - default = "terraform-key" -} -``` -### Step-06-02: c7-03-ec2instance-bastion.tf -- [Example EC2 Instance Module for Reference](https://registry.terraform.io/modules/terraform-aws-modules/ec2-instance/aws/latest/examples/basic) -```t -# AWS EC2 Instance Terraform Module -# Bastion Host - EC2 Instance that will be created in VPC Public Subnet -module "ec2_public" { - source = "terraform-aws-modules/ec2-instance/aws" - version = "2.17.0" - # insert the 10 required variables here - name = "${var.environment}-BastionHost" - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - subnet_id = module.vpc.public_subnets[0] - vpc_security_group_ids = [module.public_bastion_sg.this_security_group_id] - tags = local.common_tags -} -``` -### Step-06-03: c7-04-ec2instance-private.tf -- [Example EC2 Instance Module for Reference](https://registry.terraform.io/modules/terraform-aws-modules/ec2-instance/aws/latest/examples/basic) -```t - -# EC2 Instances that will be created in VPC Private Subnets -module "ec2_private" { - source = "terraform-aws-modules/ec2-instance/aws" - version = "2.17.0" - name = "${var.environment}-vm" - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - user_data = file("${path.module}/apache-install.sh") - key_name = var.instance_keypair - #subnet_id = module.vpc.private_subnets[0] # Single Instance - vpc_security_group_ids = [module.private_sg.this_security_group_id] - instance_count = 3 - subnet_ids = [ - module.vpc.private_subnets[0], - module.vpc.private_subnets[1], - ] - tags = local.common_tags -} -``` -### Step-06-04: c7-02-ec2instance-outputs.tf -```t -# AWS EC2 Instance Terraform Outputs -# Public EC2 Instances - Bastion Host -output "ec2_bastion_public_instance_ids" { - description = "List of IDs of instances" - value = module.ec2_public.id -} -output "ec2_bastion_public_ip" { - description = "List of Public ip address assigned to the instances" - value = module.ec2_public.public_ip -} -# Private EC2 Instances -output "ec2_private_instance_ids" { - description = "List of IDs of instances" - value = module.ec2_private.id -} -output "ec2_private_ip" { - description = "List of private ip address assigned to the instances" - value = module.ec2_private.private_ip -} -``` - -## Step-07: EC2 Elastic IP for Bastion Host - c8-elasticip.tf -- learn about [Terraform Resource Meta-Argument `depends_on`](https://www.terraform.io/docs/language/meta-arguments/depends_on.html) -```t -# Create Elastic IP for Bastion Host -# Resource - depends_on Meta-Argument -resource "aws_eip" "bastion_eip" { - depends_on = [module.ec2_public] - instance = module.ec2_public.id[0] - vpc = true - tags = local.common_tags -} -``` - -## Step-08: c9-nullresource-provisioners.tf -### Step-08-01: Define null resource in c1-versions.tf -- Learn about [Terraform Null Resource](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) -- Define null resource in c1-versions.tf in `terraform block` -```t - null = { - source = "hashicorp/null" - version = "~> 3.0.0" - } -``` - -### Step-08-02: Understand about Null Resource and Provisioners -- Learn about Terraform Null Resource -- Learn about [Terraform File Provisioner](https://www.terraform.io/docs/language/resources/provisioners/file.html) -- Learn about [Terraform Remote-Exec Provisioner](https://www.terraform.io/docs/language/resources/provisioners/remote-exec.html) -- Learn about [Terraform Local-Exec Provisioner](https://www.terraform.io/docs/language/resources/provisioners/local-exec.html) -```t -# Create a Null Resource and Provisioners -resource "null_resource" "name" { - depends_on = [module.ec2_public ] - # Connection Block for Provisioners to connect to EC2 Instance - connection { - type = "ssh" - host = aws_eip.bastion_eip.public_ip - user = "ec2-user" - password = "" - private_key = file("private-key/terraform-key.pem") - } - - # Copies the terraform-key.pem file to /tmp/terraform-key.pem - provisioner "file" { - source = "private-key/terraform-key.pem" - destination = "/tmp/terraform-key.pem" - } - -# Using remote-exec provisioner fix the private key permissions on Bastion Host - provisioner "remote-exec" { - inline = [ - "sudo chmod 400 /tmp/terraform-key.pem" - ] - } - # local-exec provisioner (Creation-Time Provisioner - Triggered during Create Resource) - provisioner "local-exec" { - command = "echo VPC created on `date` and VPC ID: ${module.vpc.vpc_id} >> creation-time-vpc-id.txt" - working_dir = "local-exec-output-files/" - #on_failure = continue - } -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) - provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } -} -``` - -## Step-09: ec2instance.auto.tfvars -```t -# EC2 Instance Variables -instance_type = "t3.micro" -instance_keypair = "terraform-key" -``` -## Step-10: Usage of depends_on Meta-Argument -### Step-10-01: c7-04-ec2instance-private.tf -- We have put `depends_on` so that EC2 Private Instances will not get created until all the resources of VPC module are created -- **why?** -- VPC NAT Gateway should be created before EC2 Instances in private subnets because these private instances has a `userdata` which will try to go outbound to download the `HTTPD` package using YUM to install the webserver -- If Private EC2 Instances gets created first before VPC NAT Gateway provisioning of webserver in these EC2 Instances will fail. -```t -depends_on = [module.vpc] -``` - -### Step-10-02: c8-elasticip.tf -- We have put `depends_on` in Elastic IP resource. -- This elastic ip resource will explicitly wait for till the bastion EC2 instance `module.ec2_public` is created. -- This elastic ip resource will wait till all the VPC resources are created primarily the Internet Gateway IGW. -```t -depends_on = [module.ec2_public, module.vpc] -``` - -### Step-10-03: c9-nullresource-provisioners.tf -- We have put `depends_on` in Null Resource -- This Null resource contains a file provisioner which will copy the `private-key/terraform-key.pem` to Bastion Host `ec2_public module created ec2 instance`. -- So we added explicit dependency in terraform to have this `null_resource` wait till respective EC2 instance is ready so file provisioner can copy the `private-key/terraform-key.pem` file -```t - depends_on = [module.ec2_public ] -``` - -## Step-11: Execute Terraform Commands -```t -# Terraform Initialize -terraform init - -# Terraform Validate -terraform validate - -# Terraform Plan -terraform plan -Observation: -1) Review Security Group resources -2) Review EC2 Instance resources -3) Review all other resources (vpc, elasticip) - -# Terraform Apply -terraform apply -auto-approve -Observation: -1) VERY IMPORTANT: Primarily observe that first VPC NAT Gateway will be created and after that only module.ec2_private related EC2 Instance will be created -``` - - -## Step-12: Connect to Bastion EC2 Instance and Test -```t -# Connect to Bastion EC2 Instance from local desktop -ssh -i private-key/terraform-key.pem ec2-user@Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app1/index.html -sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app1/metadata.html - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/c1-versions.tf b/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/c1-versions.tf deleted file mode 100644 index 52d9f8d4..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/c1-versions.tf +++ /dev/null @@ -1,24 +0,0 @@ -# Terraform Block -terraform { - required_version = ">= 1.0" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 3.0" - } - null = { - source = "hashicorp/null" - version = "~> 3.0" - } - } -} - -# Provider Block -provider "aws" { - region = var.aws_region - profile = "default" -} -/* -Note-1: AWS Credentials Profile (profile = "default") configured on your local desktop terminal -$HOME/.aws/credentials -*/ diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/c2-generic-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/c2-generic-variables.tf deleted file mode 100644 index c238ceaa..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/c2-generic-variables.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Input Variables -# AWS Region -variable "aws_region" { - description = "Region in which AWS Resources to be created" - type = string - default = "us-east-1" -} -# Environment Variable -variable "environment" { - description = "Environment Variable used as a prefix" - type = string - default = "dev" -} -# Business Division -variable "business_divsion" { - description = "Business Division in the large organization this Infrastructure belongs" - type = string - default = "sap" -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/c3-local-values.tf b/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/c3-local-values.tf deleted file mode 100644 index 9465b846..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/c3-local-values.tf +++ /dev/null @@ -1,11 +0,0 @@ -# Define Local Values in Terraform -locals { - owners = var.business_divsion - environment = var.environment - name = "${var.business_divsion}-${var.environment}" - #name = "${local.owners}-${local.environment}" - common_tags = { - owners = local.owners - environment = local.environment - } -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/c4-01-vpc-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/c4-01-vpc-variables.tf deleted file mode 100644 index b68d0a48..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/c4-01-vpc-variables.tf +++ /dev/null @@ -1,77 +0,0 @@ -# VPC Input Variables - -# VPC Name -variable "vpc_name" { - description = "VPC Name" - type = string - default = "myvpc" -} - -# VPC CIDR Block -variable "vpc_cidr_block" { - description = "VPC CIDR Block" - type = string - default = "10.0.0.0/16" -} - -# VPC Availability Zones -variable "vpc_availability_zones" { - description = "VPC Availability Zones" - type = list(string) - default = ["us-east-1a", "us-east-1b"] -} - -# VPC Public Subnets -variable "vpc_public_subnets" { - description = "VPC Public Subnets" - type = list(string) - default = ["10.0.101.0/24", "10.0.102.0/24"] -} - -# VPC Private Subnets -variable "vpc_private_subnets" { - description = "VPC Private Subnets" - type = list(string) - default = ["10.0.1.0/24", "10.0.2.0/24"] -} - -# VPC Database Subnets -variable "vpc_database_subnets" { - description = "VPC Database Subnets" - type = list(string) - default = ["10.0.151.0/24", "10.0.152.0/24"] -} - -# VPC Create Database Subnet Group (True / False) -variable "vpc_create_database_subnet_group" { - description = "VPC Create Database Subnet Group" - type = bool - default = true -} - -# VPC Create Database Subnet Route Table (True or False) -variable "vpc_create_database_subnet_route_table" { - description = "VPC Create Database Subnet Route Table" - type = bool - default = true -} - - -# VPC Enable NAT Gateway (True or False) -variable "vpc_enable_nat_gateway" { - description = "Enable NAT Gateways for Private Subnets Outbound Communication" - type = bool - default = true -} - -# VPC Single NAT Gateway (True or False) -variable "vpc_single_nat_gateway" { - description = "Enable only single NAT Gateway in one Availability Zone to save costs during our demos" - type = bool - default = true -} - - - - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/c4-02-vpc-module.tf b/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/c4-02-vpc-module.tf deleted file mode 100644 index 21a86db6..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/c4-02-vpc-module.tf +++ /dev/null @@ -1,43 +0,0 @@ -# Create VPC Terraform Module -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - version = "2.78.0" - #version = "~> 2.78" - - # VPC Basic Details - name = "${local.name}-${var.vpc_name}" - cidr = var.vpc_cidr_block - azs = var.vpc_availability_zones - public_subnets = var.vpc_public_subnets - private_subnets = var.vpc_private_subnets - - # Database Subnets - database_subnets = var.vpc_database_subnets - create_database_subnet_group = var.vpc_create_database_subnet_group - create_database_subnet_route_table = var.vpc_create_database_subnet_route_table - # create_database_internet_gateway_route = true - # create_database_nat_gateway_route = true - - # NAT Gateways - Outbound Communication - enable_nat_gateway = var.vpc_enable_nat_gateway - single_nat_gateway = var.vpc_single_nat_gateway - - # VPC DNS Parameters - enable_dns_hostnames = true - enable_dns_support = true - - - tags = local.common_tags - vpc_tags = local.common_tags - - # Additional Tags to Subnets - public_subnet_tags = { - Type = "Public Subnets" - } - private_subnet_tags = { - Type = "Private Subnets" - } - database_subnet_tags = { - Type = "Private Database Subnets" - } -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/c4-03-vpc-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/c4-03-vpc-outputs.tf deleted file mode 100644 index c144e991..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/c4-03-vpc-outputs.tf +++ /dev/null @@ -1,37 +0,0 @@ -# VPC Output Values - -# VPC ID -output "vpc_id" { - description = "The ID of the VPC" - value = module.vpc.vpc_id -} - -# VPC CIDR blocks -output "vpc_cidr_block" { - description = "The CIDR block of the VPC" - value = module.vpc.vpc_cidr_block -} - -# VPC Private Subnets -output "private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc.private_subnets -} - -# VPC Public Subnets -output "public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc.public_subnets -} - -# VPC NAT gateway Public IP -output "nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_public_ips -} - -# VPC AZs -output "azs" { - description = "A list of availability zones spefified as argument to this module" - value = module.vpc.azs -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/c5-01-securitygroup-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/c5-01-securitygroup-variables.tf deleted file mode 100644 index fecdef54..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/c5-01-securitygroup-variables.tf +++ /dev/null @@ -1,2 +0,0 @@ -# AWS EC2 Security Group Terraform Variables -## Placeholder file for Variables diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/c5-02-securitygroup-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/c5-02-securitygroup-outputs.tf deleted file mode 100644 index ce756305..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/c5-02-securitygroup-outputs.tf +++ /dev/null @@ -1,40 +0,0 @@ -# AWS EC2 Security Group Terraform Outputs - -# Public Bastion Host Security Group Outputs -## public_bastion_sg_group_id -output "public_bastion_sg_group_id" { - description = "The ID of the security group" - value = module.public_bastion_sg.this_security_group_id -} - -## public_bastion_sg_group_vpc_id -output "public_bastion_sg_group_vpc_id" { - description = "The VPC ID" - value = module.public_bastion_sg.this_security_group_vpc_id -} - -## public_bastion_sg_group_name -output "public_bastion_sg_group_name" { - description = "The name of the security group" - value = module.public_bastion_sg.this_security_group_name -} - -# Private EC2 Instances Security Group Outputs -## private_sg_group_id -output "private_sg_group_id" { - description = "The ID of the security group" - value = module.private_sg.this_security_group_id -} - -## private_sg_group_vpc_id -output "private_sg_group_vpc_id" { - description = "The VPC ID" - value = module.private_sg.this_security_group_vpc_id -} - -## private_sg_group_name -output "private_sg_group_name" { - description = "The name of the security group" - value = module.private_sg.this_security_group_name -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/c5-03-securitygroup-bastionsg.tf b/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/c5-03-securitygroup-bastionsg.tf deleted file mode 100644 index e8c2a767..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/c5-03-securitygroup-bastionsg.tf +++ /dev/null @@ -1,16 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Public Bastion Host -module "public_bastion_sg" { - source = "terraform-aws-modules/security-group/aws" - version = "3.18.0" - - name = "public-bastion-sg" - description = "Security Group with SSH port open for everybody (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/c5-04-securitygroup-privatesg.tf b/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/c5-04-securitygroup-privatesg.tf deleted file mode 100644 index 0351a7ca..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/c5-04-securitygroup-privatesg.tf +++ /dev/null @@ -1,17 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Private EC2 Instances -module "private_sg" { - source = "terraform-aws-modules/security-group/aws" - version = "3.18.0" - - name = "private-sg" - description = "Security Group with HTTP & SSH port open for entire VPC Block (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp", "http-80-tcp"] - ingress_cidr_blocks = [module.vpc.vpc_cidr_block] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/c6-01-datasource-ami.tf b/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/c6-01-datasource-ami.tf deleted file mode 100644 index c292b608..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/c6-01-datasource-ami.tf +++ /dev/null @@ -1,21 +0,0 @@ -# Get latest AMI ID for Amazon Linux2 OS -data "aws_ami" "amzlinux2" { - most_recent = true - owners = [ "amazon" ] - filter { - name = "name" - values = [ "amzn2-ami-hvm-*-gp2" ] - } - filter { - name = "root-device-type" - values = [ "ebs" ] - } - filter { - name = "virtualization-type" - values = [ "hvm" ] - } - filter { - name = "architecture" - values = [ "x86_64" ] - } -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/c7-01-ec2instance-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/c7-01-ec2instance-variables.tf deleted file mode 100644 index 5067bec2..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/c7-01-ec2instance-variables.tf +++ /dev/null @@ -1,23 +0,0 @@ -# AWS EC2 Instance Terraform Variables -# EC2 Instance Variables - -# AWS EC2 Instance Type -variable "instance_type" { - description = "EC2 Instance Type" - type = string - default = "t3.micro" -} - -# AWS EC2 Instance Key Pair -variable "instance_keypair" { - description = "AWS EC2 Key pair that need to be associated with EC2 Instance" - type = string - default = "terraform-key" -} - -# AWS EC2 Private Instance Count -variable "private_instance_count" { - description = "AWS EC2 Private Instances Count" - type = number - default = 1 -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/c7-02-ec2instance-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/c7-02-ec2instance-outputs.tf deleted file mode 100644 index e8353d76..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/c7-02-ec2instance-outputs.tf +++ /dev/null @@ -1,33 +0,0 @@ -# AWS EC2 Instance Terraform Outputs -# Public EC2 Instances - Bastion Host - -## ec2_bastion_public_instance_ids -output "ec2_bastion_public_instance_ids" { - description = "List of IDs of instances" - value = module.ec2_public.id -} - -## ec2_bastion_public_ip -output "ec2_bastion_public_ip" { - description = "List of public IP addresses assigned to the instances" - value = module.ec2_public.public_ip -} - -# Private EC2 Instances -## ec2_private_instance_ids - -output "ec2_private_instance_ids" { - description = "List of IDs of instances" - #value = [module.ec2_private.id] - value = [for ec2private in module.ec2_private: ec2private.id ] -} - -## ec2_private_ip -output "ec2_private_ip" { - description = "List of private IP addresses assigned to the instances" - #value = [module.ec2_private.private_ip] - value = [for ec2private in module.ec2_private: ec2private.private_ip ] -} - - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/c7-03-ec2instance-bastion.tf b/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/c7-03-ec2instance-bastion.tf deleted file mode 100644 index 4148f148..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/c7-03-ec2instance-bastion.tf +++ /dev/null @@ -1,17 +0,0 @@ -# AWS EC2 Instance Terraform Module -# Bastion Host - EC2 Instance that will be created in VPC Public Subnet -module "ec2_public" { - source = "terraform-aws-modules/ec2-instance/aws" - version = "2.17.0" - # insert the 10 required variables here - name = "${var.environment}-BastionHost" - #instance_count = 5 - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - subnet_id = module.vpc.public_subnets[0] - vpc_security_group_ids = [module.public_bastion_sg.this_security_group_id] - tags = local.common_tags -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/c7-04-ec2instance-private.tf b/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/c7-04-ec2instance-private.tf deleted file mode 100644 index 77f5c6f0..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/c7-04-ec2instance-private.tf +++ /dev/null @@ -1,47 +0,0 @@ -# AWS EC2 Instance Terraform Module -# EC2 Instances that will be created in VPC Private Subnets -/* -module "ec2_private" { - depends_on = [ module.vpc ] # VERY VERY IMPORTANT else userdata webserver provisioning will fail - source = "terraform-aws-modules/ec2-instance/aws" - version = "2.17.0" - # insert the 10 required variables here - name = "${var.environment}-vm" - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - vpc_security_group_ids = [module.private_sg.this_security_group_id] - #subnet_id = module.vpc.public_subnets[0] - subnet_ids = [ - module.vpc.private_subnets[0], - module.vpc.private_subnets[1] - ] - instance_count = var.private_instance_count - user_data = file("${path.module}/app1-install.sh") - tags = local.common_tags -} -*/ - -# AWS EC2 Instance Terraform Module -# EC2 Instances that will be created in VPC Private Subnets -module "ec2_private" { - depends_on = [ module.vpc ] # VERY VERY IMPORTANT else userdata webserver provisioning will fail - source = "terraform-aws-modules/ec2-instance/aws" - version = "3.3.0" - #for_each = toset([ module.vpc.private_subnets[0],module.vpc.private_subnets[1] ]) - for_each = toset(["0", "1"]) - # insert the 10 required variables here - name = "${var.environment}-vm-${each.key}" - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - vpc_security_group_ids = [module.private_sg.this_security_group_id] - - subnet_id = element(module.vpc.private_subnets, tonumber(each.key)) -# instance_count = var.private_instance_count - user_data = file("${path.module}/app1-install.sh") - tags = local.common_tags -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/c8-elasticip.tf b/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/c8-elasticip.tf deleted file mode 100644 index 07fe130b..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/c8-elasticip.tf +++ /dev/null @@ -1,16 +0,0 @@ -# Create Elastic IP for Bastion Host -# Resource - depends_on Meta-Argument -resource "aws_eip" "bastion_eip" { - depends_on = [ module.ec2_public, module.vpc ] - instance = module.ec2_public.id[0] - vpc = true - tags = local.common_tags - -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) - provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/c9-nullresource-provisioners.tf b/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/c9-nullresource-provisioners.tf deleted file mode 100644 index a4b0bcdf..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/c9-nullresource-provisioners.tf +++ /dev/null @@ -1,42 +0,0 @@ -# Create a Null Resource and Provisioners -resource "null_resource" "name" { - depends_on = [module.ec2_public] - # Connection Block for Provisioners to connect to EC2 Instance - connection { - type = "ssh" - host = aws_eip.bastion_eip.public_ip - user = "ec2-user" - password = "" - private_key = file("private-key/terraform-key.pem") - } - -## File Provisioner: Copies the terraform-key.pem file to /tmp/terraform-key.pem - provisioner "file" { - source = "private-key/terraform-key.pem" - destination = "/tmp/terraform-key.pem" - } -## Remote Exec Provisioner: Using remote-exec provisioner fix the private key permissions on Bastion Host - provisioner "remote-exec" { - inline = [ - "sudo chmod 400 /tmp/terraform-key.pem" - ] - } -## Local Exec Provisioner: local-exec provisioner (Creation-Time Provisioner - Triggered during Create Resource) - provisioner "local-exec" { - command = "echo VPC created on `date` and VPC ID: ${module.vpc.vpc_id} >> creation-time-vpc-id.txt" - working_dir = "local-exec-output-files/" - #on_failure = continue - } -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) -/* provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } - */ - -} - -# Creation Time Provisioners - By default they are created during resource creations (terraform apply) -# Destory Time Provisioners - Will be executed during "terraform destroy" command (when = destroy) \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/ec2instance.auto.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/ec2instance.auto.tfvars deleted file mode 100644 index 2d1c0446..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/ec2instance.auto.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -# EC2 Instance Variables -instance_type = "t3.micro" -instance_keypair = "terraform-key" -private_instance_count = 2 diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/local-exec-output-files/backup-demo-kalyan/creation-time-vpc-id.txt b/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/local-exec-output-files/backup-demo-kalyan/creation-time-vpc-id.txt deleted file mode 100644 index f9c8e6fb..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/local-exec-output-files/backup-demo-kalyan/creation-time-vpc-id.txt +++ /dev/null @@ -1,2 +0,0 @@ -VPC created on Mon Apr 12 12:44:45 IST 2021 and VPC ID: vpc-0420c012ebe877808 -VPC created on Thu Apr 15 16:38:50 IST 2021 and VPC ID: vpc-06cacba8e6cd418c5 diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/local-exec-output-files/backup-demo-kalyan/destroy-time-prov.txt b/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/local-exec-output-files/backup-demo-kalyan/destroy-time-prov.txt deleted file mode 100644 index 804feee2..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/local-exec-output-files/backup-demo-kalyan/destroy-time-prov.txt +++ /dev/null @@ -1 +0,0 @@ -Destroy time prov Thu Apr 15 16:56:54 IST 2021 diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/local-exec-output-files/creation-time-vpc-id.txt b/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/local-exec-output-files/creation-time-vpc-id.txt deleted file mode 100644 index 43b06752..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/local-exec-output-files/creation-time-vpc-id.txt +++ /dev/null @@ -1 +0,0 @@ -VPC created on Fri Dec 31 16:47:17 IST 2021 and VPC ID: vpc-0f83c09823d06c558 diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/local-exec-output-files/destroy-time-prov.txt b/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/local-exec-output-files/destroy-time-prov.txt deleted file mode 100644 index aa6f62cc..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/local-exec-output-files/destroy-time-prov.txt +++ /dev/null @@ -1 +0,0 @@ -Destroy time prov Fri Dec 31 16:48:41 IST 2021 diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/private-key/terraform-key.pem b/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/private-key/terraform-key.pem deleted file mode 100644 index fab1eb2a..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/private-key/terraform-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAnzQtbXStFNU4znotckbPpAbQvymSYBvIRhObDObmhZLzs/Qm -lm57HBU18NcdAeEmKjHyu/2CI4Wwor3TJ+LTKHIldHmCt+26dSN5889Km99Af674 -nuPg9fTt8IXhY83aO0AeEnFivC+lk9+6Xezv7J7Llsmyx3kvUGE4uUEPNPuNcjdU -OrSlQ/Th9FPWBsTL8wLQCfQaPIQhZT8fXnvNGViTpZ/YqcoKGmkXcMl/+Pi0Xccs -ID3Egl18sV5uWr6T1DSMqhhwWYbl+IagZYUeKQ6Lg5znAtnX2/OHhDep6pGcf+aE -jbRkhQWgfLIVYhNXkAGxdxBEA2fQO0wvnaKI6wIDAQABAoIBABmUZqApmQ253LDA -TMEJw58VQUEVyuEKVbl8uPLvvqZDoEiPuAt/oOQ4PDyAM7bzmBA7ikbOSrSubF0Z -pu3HsinTfVUjmO84kTb1Bkk4S0KUMmbRlDzjXGfofLqiqD5C+wd+G9bWxQh7l10V -G3qv8TTRpuCJc+I9BG8jz9tkKq9WYtnGKXktVIAmEXK+ein8A5yj+szV1CyP0y6Y -6D1KApk+o1hLEXCBxaK6JgD4elJWgU0jCIhRFZzae93yozNIfJc2WZfPc8Ro6GBa -8H57q3E241P7S65VewhZlln9AUcRFYc587ohcCIW8mOWQ8NA3IMP+oVxa2p334Ll -duhR2jECgYEAyf7a1/+/c82B+ENyo53Y5CK2UM28oOJjiyCaWG2Dxj6V2+ZSXPrS -YTo43L9XiqT0Ry2eHjb4pJDsEeW5FnaDFO6NVUP+vfzaqWtozQmVAl3GQybbSh6g -+KJoEQff2Obadp9ZVhLFTiBedvGqPD43hs7jtmk5RfMjpLOvidfe+/UCgYEAycSJ -etYYHMMQm2NgX1/4dcbgOiu33N+x1H7LaXuvJMaZw0wB7fUyu65CAexEanDtiKs3 -jVG4tAzdMmHg7VxKR7eiCvQaSlxdWdcWtL2eFVq2TaQeowbpJUtsR0h6W0vpaN9A -VYW/oAH4fzQskwmWSlBMxB/Ie14hBCBckTXSRV8CgYEAql6WXpCK/jVbZfYdfvrn -sKPGeijM7DWGGBaLmAHmnxKyeyKsXVgAkZj11NpeD8ZJcq97Kajb1pGVSxMjJVsX -/FOoST5sYfoew76gSi/GypQlYQYo9z8WLh9s/tBRcTRlFqAYTYzPdbG/ezshhmZD -lyRw0620bNdCPOyBJhY5MPECgYA/3tFOazuSz0UQi3LUfkLetagBghlf+AgJJmIp -8BdPYvcF1ae+tiHrO4x1o188+qaW3uxk9fusM25KJqXXPaHd9gl7wi4YYAjFCcuM -R4IlbGPNTCjOnr9rKOcL4aup/uvSYOmyqPYyJq2NRuzdVumWeLj0VMNYGkIFVmE3 -LnxzrQKBgG5loEjdSKt40YOMXtYvUYUKDGvWgoQEb0hj3OqiBXz+w4YD3/iX7dbQ -qra1gCxE42Z9beiBiti6zi6zGcoVj/pfNUoyxTLMSwaytbF+g1u6ksXcmC9PXcmk -kJDR0DJcm/rcL8tp3PKo22GDB7sobm9gk5je6y8z+dQs3SQbWzb0 ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/terraform.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/terraform.tfvars deleted file mode 100644 index d423925d..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/terraform.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# Generic Variables -aws_region = "us-east-1" -environment = "stag" -business_divsion = "HR" - - - - - - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/vpc.auto.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/vpc.auto.tfvars deleted file mode 100644 index fc45bf29..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests-ec2private-module-version330/vpc.auto.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# VPC Variables -vpc_name = "myvpc" -vpc_cidr_block = "10.0.0.0/16" -vpc_availability_zones = ["us-east-1a", "us-east-1b"] -vpc_public_subnets = ["10.0.101.0/24", "10.0.102.0/24"] -vpc_private_subnets = ["10.0.1.0/24", "10.0.2.0/24"] -vpc_database_subnets= ["10.0.151.0/24", "10.0.152.0/24"] -vpc_create_database_subnet_group = true -vpc_create_database_subnet_route_table = true -vpc_enable_nat_gateway = true -vpc_single_nat_gateway = true \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/app1-install.sh b/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/app1-install.sh deleted file mode 100644 index f697dd1d..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/app1-install.sh +++ /dev/null @@ -1,12 +0,0 @@ -#! /bin/bash -# Instance Identity Metadata Reference - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html -sudo yum update -y -sudo yum install -y httpd -sudo systemctl enable httpd -sudo service httpd start -sudo echo 'Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app1/index.html -sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app1/metadata.html - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c1-versions.tf b/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c1-versions.tf deleted file mode 100644 index 52d9f8d4..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c1-versions.tf +++ /dev/null @@ -1,24 +0,0 @@ -# Terraform Block -terraform { - required_version = ">= 1.0" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 3.0" - } - null = { - source = "hashicorp/null" - version = "~> 3.0" - } - } -} - -# Provider Block -provider "aws" { - region = var.aws_region - profile = "default" -} -/* -Note-1: AWS Credentials Profile (profile = "default") configured on your local desktop terminal -$HOME/.aws/credentials -*/ diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c2-generic-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c2-generic-variables.tf deleted file mode 100644 index c238ceaa..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c2-generic-variables.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Input Variables -# AWS Region -variable "aws_region" { - description = "Region in which AWS Resources to be created" - type = string - default = "us-east-1" -} -# Environment Variable -variable "environment" { - description = "Environment Variable used as a prefix" - type = string - default = "dev" -} -# Business Division -variable "business_divsion" { - description = "Business Division in the large organization this Infrastructure belongs" - type = string - default = "sap" -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c3-local-values.tf b/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c3-local-values.tf deleted file mode 100644 index 9465b846..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c3-local-values.tf +++ /dev/null @@ -1,11 +0,0 @@ -# Define Local Values in Terraform -locals { - owners = var.business_divsion - environment = var.environment - name = "${var.business_divsion}-${var.environment}" - #name = "${local.owners}-${local.environment}" - common_tags = { - owners = local.owners - environment = local.environment - } -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c4-01-vpc-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c4-01-vpc-variables.tf deleted file mode 100644 index b68d0a48..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c4-01-vpc-variables.tf +++ /dev/null @@ -1,77 +0,0 @@ -# VPC Input Variables - -# VPC Name -variable "vpc_name" { - description = "VPC Name" - type = string - default = "myvpc" -} - -# VPC CIDR Block -variable "vpc_cidr_block" { - description = "VPC CIDR Block" - type = string - default = "10.0.0.0/16" -} - -# VPC Availability Zones -variable "vpc_availability_zones" { - description = "VPC Availability Zones" - type = list(string) - default = ["us-east-1a", "us-east-1b"] -} - -# VPC Public Subnets -variable "vpc_public_subnets" { - description = "VPC Public Subnets" - type = list(string) - default = ["10.0.101.0/24", "10.0.102.0/24"] -} - -# VPC Private Subnets -variable "vpc_private_subnets" { - description = "VPC Private Subnets" - type = list(string) - default = ["10.0.1.0/24", "10.0.2.0/24"] -} - -# VPC Database Subnets -variable "vpc_database_subnets" { - description = "VPC Database Subnets" - type = list(string) - default = ["10.0.151.0/24", "10.0.152.0/24"] -} - -# VPC Create Database Subnet Group (True / False) -variable "vpc_create_database_subnet_group" { - description = "VPC Create Database Subnet Group" - type = bool - default = true -} - -# VPC Create Database Subnet Route Table (True or False) -variable "vpc_create_database_subnet_route_table" { - description = "VPC Create Database Subnet Route Table" - type = bool - default = true -} - - -# VPC Enable NAT Gateway (True or False) -variable "vpc_enable_nat_gateway" { - description = "Enable NAT Gateways for Private Subnets Outbound Communication" - type = bool - default = true -} - -# VPC Single NAT Gateway (True or False) -variable "vpc_single_nat_gateway" { - description = "Enable only single NAT Gateway in one Availability Zone to save costs during our demos" - type = bool - default = true -} - - - - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c4-02-vpc-module.tf b/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c4-02-vpc-module.tf deleted file mode 100644 index 21a86db6..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c4-02-vpc-module.tf +++ /dev/null @@ -1,43 +0,0 @@ -# Create VPC Terraform Module -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - version = "2.78.0" - #version = "~> 2.78" - - # VPC Basic Details - name = "${local.name}-${var.vpc_name}" - cidr = var.vpc_cidr_block - azs = var.vpc_availability_zones - public_subnets = var.vpc_public_subnets - private_subnets = var.vpc_private_subnets - - # Database Subnets - database_subnets = var.vpc_database_subnets - create_database_subnet_group = var.vpc_create_database_subnet_group - create_database_subnet_route_table = var.vpc_create_database_subnet_route_table - # create_database_internet_gateway_route = true - # create_database_nat_gateway_route = true - - # NAT Gateways - Outbound Communication - enable_nat_gateway = var.vpc_enable_nat_gateway - single_nat_gateway = var.vpc_single_nat_gateway - - # VPC DNS Parameters - enable_dns_hostnames = true - enable_dns_support = true - - - tags = local.common_tags - vpc_tags = local.common_tags - - # Additional Tags to Subnets - public_subnet_tags = { - Type = "Public Subnets" - } - private_subnet_tags = { - Type = "Private Subnets" - } - database_subnet_tags = { - Type = "Private Database Subnets" - } -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c4-03-vpc-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c4-03-vpc-outputs.tf deleted file mode 100644 index c144e991..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c4-03-vpc-outputs.tf +++ /dev/null @@ -1,37 +0,0 @@ -# VPC Output Values - -# VPC ID -output "vpc_id" { - description = "The ID of the VPC" - value = module.vpc.vpc_id -} - -# VPC CIDR blocks -output "vpc_cidr_block" { - description = "The CIDR block of the VPC" - value = module.vpc.vpc_cidr_block -} - -# VPC Private Subnets -output "private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc.private_subnets -} - -# VPC Public Subnets -output "public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc.public_subnets -} - -# VPC NAT gateway Public IP -output "nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_public_ips -} - -# VPC AZs -output "azs" { - description = "A list of availability zones spefified as argument to this module" - value = module.vpc.azs -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c5-01-securitygroup-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c5-01-securitygroup-variables.tf deleted file mode 100644 index fecdef54..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c5-01-securitygroup-variables.tf +++ /dev/null @@ -1,2 +0,0 @@ -# AWS EC2 Security Group Terraform Variables -## Placeholder file for Variables diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c5-02-securitygroup-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c5-02-securitygroup-outputs.tf deleted file mode 100644 index ce756305..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c5-02-securitygroup-outputs.tf +++ /dev/null @@ -1,40 +0,0 @@ -# AWS EC2 Security Group Terraform Outputs - -# Public Bastion Host Security Group Outputs -## public_bastion_sg_group_id -output "public_bastion_sg_group_id" { - description = "The ID of the security group" - value = module.public_bastion_sg.this_security_group_id -} - -## public_bastion_sg_group_vpc_id -output "public_bastion_sg_group_vpc_id" { - description = "The VPC ID" - value = module.public_bastion_sg.this_security_group_vpc_id -} - -## public_bastion_sg_group_name -output "public_bastion_sg_group_name" { - description = "The name of the security group" - value = module.public_bastion_sg.this_security_group_name -} - -# Private EC2 Instances Security Group Outputs -## private_sg_group_id -output "private_sg_group_id" { - description = "The ID of the security group" - value = module.private_sg.this_security_group_id -} - -## private_sg_group_vpc_id -output "private_sg_group_vpc_id" { - description = "The VPC ID" - value = module.private_sg.this_security_group_vpc_id -} - -## private_sg_group_name -output "private_sg_group_name" { - description = "The name of the security group" - value = module.private_sg.this_security_group_name -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c5-03-securitygroup-bastionsg.tf b/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c5-03-securitygroup-bastionsg.tf deleted file mode 100644 index e8c2a767..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c5-03-securitygroup-bastionsg.tf +++ /dev/null @@ -1,16 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Public Bastion Host -module "public_bastion_sg" { - source = "terraform-aws-modules/security-group/aws" - version = "3.18.0" - - name = "public-bastion-sg" - description = "Security Group with SSH port open for everybody (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c5-04-securitygroup-privatesg.tf b/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c5-04-securitygroup-privatesg.tf deleted file mode 100644 index 0351a7ca..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c5-04-securitygroup-privatesg.tf +++ /dev/null @@ -1,17 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Private EC2 Instances -module "private_sg" { - source = "terraform-aws-modules/security-group/aws" - version = "3.18.0" - - name = "private-sg" - description = "Security Group with HTTP & SSH port open for entire VPC Block (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp", "http-80-tcp"] - ingress_cidr_blocks = [module.vpc.vpc_cidr_block] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c6-01-datasource-ami.tf b/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c6-01-datasource-ami.tf deleted file mode 100644 index c292b608..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c6-01-datasource-ami.tf +++ /dev/null @@ -1,21 +0,0 @@ -# Get latest AMI ID for Amazon Linux2 OS -data "aws_ami" "amzlinux2" { - most_recent = true - owners = [ "amazon" ] - filter { - name = "name" - values = [ "amzn2-ami-hvm-*-gp2" ] - } - filter { - name = "root-device-type" - values = [ "ebs" ] - } - filter { - name = "virtualization-type" - values = [ "hvm" ] - } - filter { - name = "architecture" - values = [ "x86_64" ] - } -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c7-01-ec2instance-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c7-01-ec2instance-variables.tf deleted file mode 100644 index 5067bec2..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c7-01-ec2instance-variables.tf +++ /dev/null @@ -1,23 +0,0 @@ -# AWS EC2 Instance Terraform Variables -# EC2 Instance Variables - -# AWS EC2 Instance Type -variable "instance_type" { - description = "EC2 Instance Type" - type = string - default = "t3.micro" -} - -# AWS EC2 Instance Key Pair -variable "instance_keypair" { - description = "AWS EC2 Key pair that need to be associated with EC2 Instance" - type = string - default = "terraform-key" -} - -# AWS EC2 Private Instance Count -variable "private_instance_count" { - description = "AWS EC2 Private Instances Count" - type = number - default = 1 -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c7-02-ec2instance-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c7-02-ec2instance-outputs.tf deleted file mode 100644 index e9fb5216..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c7-02-ec2instance-outputs.tf +++ /dev/null @@ -1,29 +0,0 @@ -# AWS EC2 Instance Terraform Outputs -# Public EC2 Instances - Bastion Host - -## ec2_bastion_public_instance_ids -output "ec2_bastion_public_instance_ids" { - description = "List of IDs of instances" - value = module.ec2_public.id -} - -## ec2_bastion_public_ip -output "ec2_bastion_public_ip" { - description = "List of public IP addresses assigned to the instances" - value = module.ec2_public.public_ip -} - -# Private EC2 Instances -## ec2_private_instance_ids -output "ec2_private_instance_ids" { - description = "List of IDs of instances" - value = module.ec2_private.id -} -## ec2_private_ip -output "ec2_private_ip" { - description = "List of private IP addresses assigned to the instances" - value = module.ec2_private.private_ip -} - - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c7-03-ec2instance-bastion.tf b/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c7-03-ec2instance-bastion.tf deleted file mode 100644 index 4148f148..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c7-03-ec2instance-bastion.tf +++ /dev/null @@ -1,17 +0,0 @@ -# AWS EC2 Instance Terraform Module -# Bastion Host - EC2 Instance that will be created in VPC Public Subnet -module "ec2_public" { - source = "terraform-aws-modules/ec2-instance/aws" - version = "2.17.0" - # insert the 10 required variables here - name = "${var.environment}-BastionHost" - #instance_count = 5 - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - subnet_id = module.vpc.public_subnets[0] - vpc_security_group_ids = [module.public_bastion_sg.this_security_group_id] - tags = local.common_tags -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c7-04-ec2instance-private.tf b/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c7-04-ec2instance-private.tf deleted file mode 100644 index 720ecc87..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c7-04-ec2instance-private.tf +++ /dev/null @@ -1,24 +0,0 @@ -# AWS EC2 Instance Terraform Module -# EC2 Instances that will be created in VPC Private Subnets -module "ec2_private" { - depends_on = [ module.vpc ] # VERY VERY IMPORTANT else userdata webserver provisioning will fail - source = "terraform-aws-modules/ec2-instance/aws" - version = "2.17.0" - # insert the 10 required variables here - name = "${var.environment}-vm" - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - vpc_security_group_ids = [module.private_sg.this_security_group_id] - #subnet_id = module.vpc.public_subnets[0] - subnet_ids = [ - module.vpc.private_subnets[0], - module.vpc.private_subnets[1] - ] - instance_count = var.private_instance_count - user_data = file("${path.module}/app1-install.sh") - tags = local.common_tags -} - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c8-elasticip.tf b/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c8-elasticip.tf deleted file mode 100644 index 07fe130b..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c8-elasticip.tf +++ /dev/null @@ -1,16 +0,0 @@ -# Create Elastic IP for Bastion Host -# Resource - depends_on Meta-Argument -resource "aws_eip" "bastion_eip" { - depends_on = [ module.ec2_public, module.vpc ] - instance = module.ec2_public.id[0] - vpc = true - tags = local.common_tags - -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) - provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c9-nullresource-provisioners.tf b/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c9-nullresource-provisioners.tf deleted file mode 100644 index a4b0bcdf..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c9-nullresource-provisioners.tf +++ /dev/null @@ -1,42 +0,0 @@ -# Create a Null Resource and Provisioners -resource "null_resource" "name" { - depends_on = [module.ec2_public] - # Connection Block for Provisioners to connect to EC2 Instance - connection { - type = "ssh" - host = aws_eip.bastion_eip.public_ip - user = "ec2-user" - password = "" - private_key = file("private-key/terraform-key.pem") - } - -## File Provisioner: Copies the terraform-key.pem file to /tmp/terraform-key.pem - provisioner "file" { - source = "private-key/terraform-key.pem" - destination = "/tmp/terraform-key.pem" - } -## Remote Exec Provisioner: Using remote-exec provisioner fix the private key permissions on Bastion Host - provisioner "remote-exec" { - inline = [ - "sudo chmod 400 /tmp/terraform-key.pem" - ] - } -## Local Exec Provisioner: local-exec provisioner (Creation-Time Provisioner - Triggered during Create Resource) - provisioner "local-exec" { - command = "echo VPC created on `date` and VPC ID: ${module.vpc.vpc_id} >> creation-time-vpc-id.txt" - working_dir = "local-exec-output-files/" - #on_failure = continue - } -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) -/* provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } - */ - -} - -# Creation Time Provisioners - By default they are created during resource creations (terraform apply) -# Destory Time Provisioners - Will be executed during "terraform destroy" command (when = destroy) \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/ec2instance.auto.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/ec2instance.auto.tfvars deleted file mode 100644 index 2d1c0446..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/ec2instance.auto.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -# EC2 Instance Variables -instance_type = "t3.micro" -instance_keypair = "terraform-key" -private_instance_count = 2 diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/local-exec-output-files/backup-demo-kalyan/creation-time-vpc-id.txt b/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/local-exec-output-files/backup-demo-kalyan/creation-time-vpc-id.txt deleted file mode 100644 index f9c8e6fb..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/local-exec-output-files/backup-demo-kalyan/creation-time-vpc-id.txt +++ /dev/null @@ -1,2 +0,0 @@ -VPC created on Mon Apr 12 12:44:45 IST 2021 and VPC ID: vpc-0420c012ebe877808 -VPC created on Thu Apr 15 16:38:50 IST 2021 and VPC ID: vpc-06cacba8e6cd418c5 diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/local-exec-output-files/backup-demo-kalyan/destroy-time-prov.txt b/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/local-exec-output-files/backup-demo-kalyan/destroy-time-prov.txt deleted file mode 100644 index 804feee2..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/local-exec-output-files/backup-demo-kalyan/destroy-time-prov.txt +++ /dev/null @@ -1 +0,0 @@ -Destroy time prov Thu Apr 15 16:56:54 IST 2021 diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/private-key/terraform-key.pem b/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/private-key/terraform-key.pem deleted file mode 100644 index fab1eb2a..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/private-key/terraform-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAnzQtbXStFNU4znotckbPpAbQvymSYBvIRhObDObmhZLzs/Qm -lm57HBU18NcdAeEmKjHyu/2CI4Wwor3TJ+LTKHIldHmCt+26dSN5889Km99Af674 -nuPg9fTt8IXhY83aO0AeEnFivC+lk9+6Xezv7J7Llsmyx3kvUGE4uUEPNPuNcjdU -OrSlQ/Th9FPWBsTL8wLQCfQaPIQhZT8fXnvNGViTpZ/YqcoKGmkXcMl/+Pi0Xccs -ID3Egl18sV5uWr6T1DSMqhhwWYbl+IagZYUeKQ6Lg5znAtnX2/OHhDep6pGcf+aE -jbRkhQWgfLIVYhNXkAGxdxBEA2fQO0wvnaKI6wIDAQABAoIBABmUZqApmQ253LDA -TMEJw58VQUEVyuEKVbl8uPLvvqZDoEiPuAt/oOQ4PDyAM7bzmBA7ikbOSrSubF0Z -pu3HsinTfVUjmO84kTb1Bkk4S0KUMmbRlDzjXGfofLqiqD5C+wd+G9bWxQh7l10V -G3qv8TTRpuCJc+I9BG8jz9tkKq9WYtnGKXktVIAmEXK+ein8A5yj+szV1CyP0y6Y -6D1KApk+o1hLEXCBxaK6JgD4elJWgU0jCIhRFZzae93yozNIfJc2WZfPc8Ro6GBa -8H57q3E241P7S65VewhZlln9AUcRFYc587ohcCIW8mOWQ8NA3IMP+oVxa2p334Ll -duhR2jECgYEAyf7a1/+/c82B+ENyo53Y5CK2UM28oOJjiyCaWG2Dxj6V2+ZSXPrS -YTo43L9XiqT0Ry2eHjb4pJDsEeW5FnaDFO6NVUP+vfzaqWtozQmVAl3GQybbSh6g -+KJoEQff2Obadp9ZVhLFTiBedvGqPD43hs7jtmk5RfMjpLOvidfe+/UCgYEAycSJ -etYYHMMQm2NgX1/4dcbgOiu33N+x1H7LaXuvJMaZw0wB7fUyu65CAexEanDtiKs3 -jVG4tAzdMmHg7VxKR7eiCvQaSlxdWdcWtL2eFVq2TaQeowbpJUtsR0h6W0vpaN9A -VYW/oAH4fzQskwmWSlBMxB/Ie14hBCBckTXSRV8CgYEAql6WXpCK/jVbZfYdfvrn -sKPGeijM7DWGGBaLmAHmnxKyeyKsXVgAkZj11NpeD8ZJcq97Kajb1pGVSxMjJVsX -/FOoST5sYfoew76gSi/GypQlYQYo9z8WLh9s/tBRcTRlFqAYTYzPdbG/ezshhmZD -lyRw0620bNdCPOyBJhY5MPECgYA/3tFOazuSz0UQi3LUfkLetagBghlf+AgJJmIp -8BdPYvcF1ae+tiHrO4x1o188+qaW3uxk9fusM25KJqXXPaHd9gl7wi4YYAjFCcuM -R4IlbGPNTCjOnr9rKOcL4aup/uvSYOmyqPYyJq2NRuzdVumWeLj0VMNYGkIFVmE3 -LnxzrQKBgG5loEjdSKt40YOMXtYvUYUKDGvWgoQEb0hj3OqiBXz+w4YD3/iX7dbQ -qra1gCxE42Z9beiBiti6zi6zGcoVj/pfNUoyxTLMSwaytbF+g1u6ksXcmC9PXcmk -kJDR0DJcm/rcL8tp3PKo22GDB7sobm9gk5je6y8z+dQs3SQbWzb0 ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/terraform.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/terraform.tfvars deleted file mode 100644 index d423925d..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/terraform.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# Generic Variables -aws_region = "us-east-1" -environment = "stag" -business_divsion = "HR" - - - - - - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/vpc.auto.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/vpc.auto.tfvars deleted file mode 100644 index fc45bf29..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/vpc.auto.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# VPC Variables -vpc_name = "myvpc" -vpc_cidr_block = "10.0.0.0/16" -vpc_availability_zones = ["us-east-1a", "us-east-1b"] -vpc_public_subnets = ["10.0.101.0/24", "10.0.102.0/24"] -vpc_private_subnets = ["10.0.1.0/24", "10.0.2.0/24"] -vpc_database_subnets= ["10.0.151.0/24", "10.0.152.0/24"] -vpc_create_database_subnet_group = true -vpc_create_database_subnet_route_table = true -vpc_enable_nat_gateway = true -vpc_single_nat_gateway = true \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/README.md b/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/README.md deleted file mode 100644 index 8eb6e155..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/README.md +++ /dev/null @@ -1,186 +0,0 @@ -# AWS Classic Load Balancer with Terraform - -## Step-01: Introduction -- Create AWS Security Group module for ELB CLB Load Balancer -- Create AWS ELB Classic Load Balancer Terraform Module -- Define Outputs for Load Balancer -- Access and test -- [Terraform Module AWS ELB](https://registry.terraform.io/modules/terraform-aws-modules/elb/aws/latest) used - -## Step-02: Copy all templates from previous section -- Copy `terraform-manifests` folder from `07-AWS-EC2Instance-and-SecurityGroups` -- We will add four more files in addition to previous section `07-AWS-EC2Instance-and-SecurityGroups` -- c5-05-securitygroup-loadbalancersg.tf -- c10-01-ELB-classic-loadbalancer-variables.tf -- c10-02-ELB-classic-loadbalancer.tf -- c10-03-ELB-classic-loadbalancer-outputs.tf - -## Step-03: c5-05-securitygroup-loadbalancersg.tf -```t -# Security Group for Public Load Balancer -module "loadbalancer_sg" { - source = "terraform-aws-modules/security-group/aws" - version = "3.18.0" - - name = "loadbalancer-sg" - description = "Security group with HTTP port open for everybody (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Block - ingress_rules = ["http-80-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} -``` - -## Step-04: AWS ELB Classic Load Balancer -### Step-04-01: c10-02-ELB-classic-loadbalancer.tf -- [terraform-aws-modules/elb/aws](https://registry.terraform.io/modules/terraform-aws-modules/elb/aws/latest) -```t -# Terraform AWS Classic Load Balancer (ELB-CLB) -module "elb" { - source = "terraform-aws-modules/elb/aws" - version = "2.5.0" - name = "${local.name}-myelb" - subnets = [ - module.vpc.public_subnets[0], - module.vpc.public_subnets[1] - ] - listener = [ - { - instance_port = 80 - instance_protocol = "HTTP" - lb_port = 80 - lb_protocol = "HTTP" - }, - { - instance_port = 80 - instance_protocol = "HTTP" - lb_port = 81 - lb_protocol = "HTTP" - }, - ] - - health_check = { - target = "HTTP:80/" - interval = 30 - healthy_threshold = 2 - unhealthy_threshold = 2 - timeout = 5 - } - - security_groups = [module.loadbalancer_sg.this_security_group_id] - - # ELB attachments - number_of_instances = var.private_instance_count - instances = [ - module.ec2_private.id[0], - module.ec2_private.id[1] - ] - tags = local.common_tags -} -``` - -### Step-04-02: Outputs for ELB Classic Load Balancer -- [Refer Outputs from Example](https://registry.terraform.io/modules/terraform-aws-modules/elb/aws/latest/examples/complete) -- c10-03-ELB-classic-loadbalancer-outputs.tf -```t -# Terraform AWS Classic Load Balancer (ELB-CLB) Outputs -output "this_elb_id" { - description = "The name of the ELB" - value = module.elb.this_elb_id -} - -output "this_elb_name" { - description = "The name of the ELB" - value = module.elb.this_elb_name -} - -output "this_elb_dns_name" { - description = "The DNS name of the ELB" - value = module.elb.this_elb_dns_name -} - -output "this_elb_instances" { - description = "The list of instances in the ELB (if may be outdated, because instances are attached using elb_attachment resource)" - value = module.elb.this_elb_instances -} - -output "this_elb_source_security_group_id" { - description = "The ID of the security group that you can use as part of your inbound rules for your load balancer's back-end application instances" - value = module.elb.this_elb_source_security_group_id -} - -output "this_elb_zone_id" { - description = "The canonical hosted zone ID of the ELB (to be used in a Route 53 Alias record)" - value = module.elb.this_elb_zone_id -} -``` - -## Step-05: Execute Terraform Commands -```t -# Terraform Initialize -terraform init - -# Terraform Validate -terraform validate - -# Terraform Plan -terraform plan - -# Terraform Apply -terraform apply -auto-approve - -# Verify -Observation: -1. Verify EC2 Instances -2. Verify Load Balancer SG -3. Verify Load Balancer Instances are healthy -4. Access sample app using Load Balancer DNS Name -5. Access Sample app with port 81 using Load Balancer DNS Name, it should fail, because from loadbalancer_sg port 81 is not allowed from internet. -# Example: from my environment -http://HR-stag-myelb-557211422.us-east-1.elb.amazonaws.com - Will pass -http://HR-stag-myelb-557211422.us-east-1.elb.amazonaws.com:81 - will fail -``` - -## Step-06: Update c5-05-securitygroup-loadbalancersg.tf -```t - # Open to CIDRs blocks (rule or from_port+to_port+protocol+description) - ingress_with_cidr_blocks = [ - { - from_port = 81 - to_port = 81 - protocol = 6 - description = "Allow Port 81 from internet" - cidr_blocks = "0.0.0.0/0" - }, - ] -``` - -## Step-07: Again Execute Terraform Commands -```t -# Terraform Plan -terraform plan - -# Terraform Apply -terraform apply -auto-approve - -# Verify -Observation: -1) Verify loadbalancer-sg in AWS mgmt console -2) Access App using port 81 and test -http://HR-stag-myelb-557211422.us-east-1.elb.amazonaws.com:81 - should pass -``` - -## Step-08: Clean-Up -```t -# Terraform Destroy -terraform destroy -auto-approve - -# Delete files -rm -rf .terraform* -rm -rf terraform.tfstate* -``` - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/app1-install.sh b/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/app1-install.sh deleted file mode 100644 index f697dd1d..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/app1-install.sh +++ /dev/null @@ -1,12 +0,0 @@ -#! /bin/bash -# Instance Identity Metadata Reference - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html -sudo yum update -y -sudo yum install -y httpd -sudo systemctl enable httpd -sudo service httpd start -sudo echo 'Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app1/index.html -sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app1/metadata.html - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c1-versions.tf b/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c1-versions.tf deleted file mode 100644 index 52d9f8d4..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c1-versions.tf +++ /dev/null @@ -1,24 +0,0 @@ -# Terraform Block -terraform { - required_version = ">= 1.0" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 3.0" - } - null = { - source = "hashicorp/null" - version = "~> 3.0" - } - } -} - -# Provider Block -provider "aws" { - region = var.aws_region - profile = "default" -} -/* -Note-1: AWS Credentials Profile (profile = "default") configured on your local desktop terminal -$HOME/.aws/credentials -*/ diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c10-01-ELB-classic-loadbalancer-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c10-01-ELB-classic-loadbalancer-variables.tf deleted file mode 100644 index f12a08c6..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c10-01-ELB-classic-loadbalancer-variables.tf +++ /dev/null @@ -1,3 +0,0 @@ -# Terraform AWS Classic Load Balancer Variables -# Place holder file for CLB Variables - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c10-02-ELB-classic-loadbalancer.tf b/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c10-02-ELB-classic-loadbalancer.tf deleted file mode 100644 index 82652a29..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c10-02-ELB-classic-loadbalancer.tf +++ /dev/null @@ -1,43 +0,0 @@ -# Terraform AWS Classic Load Balancer (ELB-CLB) -module "elb" { - source = "terraform-aws-modules/elb/aws" - version = "2.5.0" - name = "${local.name}-myelb" - subnets = [ - module.vpc.public_subnets[0], - module.vpc.public_subnets[1] - ] - security_groups = [module.loadbalancer_sg.this_security_group_id] - #internal = false - - listener = [ - { - instance_port = 80 - instance_protocol = "HTTP" - lb_port = 80 - lb_protocol = "HTTP" - }, - { - instance_port = 80 - instance_protocol = "HTTP" - lb_port = 81 - lb_protocol = "HTTP" - }, - ] - - health_check = { - target = "HTTP:80/" - interval = 30 - healthy_threshold = 2 - unhealthy_threshold = 2 - timeout = 5 - } - - # ELB attachments - number_of_instances = var.private_instance_count - instances = [ - module.ec2_private.id[0], - module.ec2_private.id[1] - ] - tags = local.common_tags -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c10-03-ELB-classic-loadbalancer-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c10-03-ELB-classic-loadbalancer-outputs.tf deleted file mode 100644 index 247202ff..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c10-03-ELB-classic-loadbalancer-outputs.tf +++ /dev/null @@ -1,30 +0,0 @@ -# Terraform AWS Classic Load Balancer (ELB-CLB) Outputs -output "this_elb_id" { - description = "The name of the ELB" - value = module.elb.this_elb_id -} - -output "this_elb_name" { - description = "The name of the ELB" - value = module.elb.this_elb_name -} - -output "this_elb_dns_name" { - description = "The DNS name of the ELB" - value = module.elb.this_elb_dns_name -} - -output "this_elb_instances" { - description = "The list of instances in the ELB (if may be outdated, because instances are attached using elb_attachment resource)" - value = module.elb.this_elb_instances -} - -output "this_elb_source_security_group_id" { - description = "The ID of the security group that you can use as part of your inbound rules for your load balancer's back-end application instances" - value = module.elb.this_elb_source_security_group_id -} - -output "this_elb_zone_id" { - description = "The canonical hosted zone ID of the ELB (to be used in a Route 53 Alias record)" - value = module.elb.this_elb_zone_id -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c2-generic-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c2-generic-variables.tf deleted file mode 100644 index c238ceaa..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c2-generic-variables.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Input Variables -# AWS Region -variable "aws_region" { - description = "Region in which AWS Resources to be created" - type = string - default = "us-east-1" -} -# Environment Variable -variable "environment" { - description = "Environment Variable used as a prefix" - type = string - default = "dev" -} -# Business Division -variable "business_divsion" { - description = "Business Division in the large organization this Infrastructure belongs" - type = string - default = "sap" -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c3-local-values.tf b/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c3-local-values.tf deleted file mode 100644 index 9465b846..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c3-local-values.tf +++ /dev/null @@ -1,11 +0,0 @@ -# Define Local Values in Terraform -locals { - owners = var.business_divsion - environment = var.environment - name = "${var.business_divsion}-${var.environment}" - #name = "${local.owners}-${local.environment}" - common_tags = { - owners = local.owners - environment = local.environment - } -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c4-01-vpc-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c4-01-vpc-variables.tf deleted file mode 100644 index b68d0a48..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c4-01-vpc-variables.tf +++ /dev/null @@ -1,77 +0,0 @@ -# VPC Input Variables - -# VPC Name -variable "vpc_name" { - description = "VPC Name" - type = string - default = "myvpc" -} - -# VPC CIDR Block -variable "vpc_cidr_block" { - description = "VPC CIDR Block" - type = string - default = "10.0.0.0/16" -} - -# VPC Availability Zones -variable "vpc_availability_zones" { - description = "VPC Availability Zones" - type = list(string) - default = ["us-east-1a", "us-east-1b"] -} - -# VPC Public Subnets -variable "vpc_public_subnets" { - description = "VPC Public Subnets" - type = list(string) - default = ["10.0.101.0/24", "10.0.102.0/24"] -} - -# VPC Private Subnets -variable "vpc_private_subnets" { - description = "VPC Private Subnets" - type = list(string) - default = ["10.0.1.0/24", "10.0.2.0/24"] -} - -# VPC Database Subnets -variable "vpc_database_subnets" { - description = "VPC Database Subnets" - type = list(string) - default = ["10.0.151.0/24", "10.0.152.0/24"] -} - -# VPC Create Database Subnet Group (True / False) -variable "vpc_create_database_subnet_group" { - description = "VPC Create Database Subnet Group" - type = bool - default = true -} - -# VPC Create Database Subnet Route Table (True or False) -variable "vpc_create_database_subnet_route_table" { - description = "VPC Create Database Subnet Route Table" - type = bool - default = true -} - - -# VPC Enable NAT Gateway (True or False) -variable "vpc_enable_nat_gateway" { - description = "Enable NAT Gateways for Private Subnets Outbound Communication" - type = bool - default = true -} - -# VPC Single NAT Gateway (True or False) -variable "vpc_single_nat_gateway" { - description = "Enable only single NAT Gateway in one Availability Zone to save costs during our demos" - type = bool - default = true -} - - - - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c4-02-vpc-module.tf b/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c4-02-vpc-module.tf deleted file mode 100644 index 21a86db6..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c4-02-vpc-module.tf +++ /dev/null @@ -1,43 +0,0 @@ -# Create VPC Terraform Module -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - version = "2.78.0" - #version = "~> 2.78" - - # VPC Basic Details - name = "${local.name}-${var.vpc_name}" - cidr = var.vpc_cidr_block - azs = var.vpc_availability_zones - public_subnets = var.vpc_public_subnets - private_subnets = var.vpc_private_subnets - - # Database Subnets - database_subnets = var.vpc_database_subnets - create_database_subnet_group = var.vpc_create_database_subnet_group - create_database_subnet_route_table = var.vpc_create_database_subnet_route_table - # create_database_internet_gateway_route = true - # create_database_nat_gateway_route = true - - # NAT Gateways - Outbound Communication - enable_nat_gateway = var.vpc_enable_nat_gateway - single_nat_gateway = var.vpc_single_nat_gateway - - # VPC DNS Parameters - enable_dns_hostnames = true - enable_dns_support = true - - - tags = local.common_tags - vpc_tags = local.common_tags - - # Additional Tags to Subnets - public_subnet_tags = { - Type = "Public Subnets" - } - private_subnet_tags = { - Type = "Private Subnets" - } - database_subnet_tags = { - Type = "Private Database Subnets" - } -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c4-03-vpc-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c4-03-vpc-outputs.tf deleted file mode 100644 index c144e991..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c4-03-vpc-outputs.tf +++ /dev/null @@ -1,37 +0,0 @@ -# VPC Output Values - -# VPC ID -output "vpc_id" { - description = "The ID of the VPC" - value = module.vpc.vpc_id -} - -# VPC CIDR blocks -output "vpc_cidr_block" { - description = "The CIDR block of the VPC" - value = module.vpc.vpc_cidr_block -} - -# VPC Private Subnets -output "private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc.private_subnets -} - -# VPC Public Subnets -output "public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc.public_subnets -} - -# VPC NAT gateway Public IP -output "nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_public_ips -} - -# VPC AZs -output "azs" { - description = "A list of availability zones spefified as argument to this module" - value = module.vpc.azs -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c5-01-securitygroup-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c5-01-securitygroup-variables.tf deleted file mode 100644 index fecdef54..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c5-01-securitygroup-variables.tf +++ /dev/null @@ -1,2 +0,0 @@ -# AWS EC2 Security Group Terraform Variables -## Placeholder file for Variables diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c5-02-securitygroup-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c5-02-securitygroup-outputs.tf deleted file mode 100644 index ce756305..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c5-02-securitygroup-outputs.tf +++ /dev/null @@ -1,40 +0,0 @@ -# AWS EC2 Security Group Terraform Outputs - -# Public Bastion Host Security Group Outputs -## public_bastion_sg_group_id -output "public_bastion_sg_group_id" { - description = "The ID of the security group" - value = module.public_bastion_sg.this_security_group_id -} - -## public_bastion_sg_group_vpc_id -output "public_bastion_sg_group_vpc_id" { - description = "The VPC ID" - value = module.public_bastion_sg.this_security_group_vpc_id -} - -## public_bastion_sg_group_name -output "public_bastion_sg_group_name" { - description = "The name of the security group" - value = module.public_bastion_sg.this_security_group_name -} - -# Private EC2 Instances Security Group Outputs -## private_sg_group_id -output "private_sg_group_id" { - description = "The ID of the security group" - value = module.private_sg.this_security_group_id -} - -## private_sg_group_vpc_id -output "private_sg_group_vpc_id" { - description = "The VPC ID" - value = module.private_sg.this_security_group_vpc_id -} - -## private_sg_group_name -output "private_sg_group_name" { - description = "The name of the security group" - value = module.private_sg.this_security_group_name -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c5-03-securitygroup-bastionsg.tf b/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c5-03-securitygroup-bastionsg.tf deleted file mode 100644 index e8c2a767..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c5-03-securitygroup-bastionsg.tf +++ /dev/null @@ -1,16 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Public Bastion Host -module "public_bastion_sg" { - source = "terraform-aws-modules/security-group/aws" - version = "3.18.0" - - name = "public-bastion-sg" - description = "Security Group with SSH port open for everybody (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c5-04-securitygroup-privatesg.tf b/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c5-04-securitygroup-privatesg.tf deleted file mode 100644 index 0351a7ca..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c5-04-securitygroup-privatesg.tf +++ /dev/null @@ -1,17 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Private EC2 Instances -module "private_sg" { - source = "terraform-aws-modules/security-group/aws" - version = "3.18.0" - - name = "private-sg" - description = "Security Group with HTTP & SSH port open for entire VPC Block (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp", "http-80-tcp"] - ingress_cidr_blocks = [module.vpc.vpc_cidr_block] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf b/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf deleted file mode 100644 index c4919af7..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf +++ /dev/null @@ -1,28 +0,0 @@ -# Security Group for Public Load Balancer -module "loadbalancer_sg" { - source = "terraform-aws-modules/security-group/aws" - version = "3.18.0" - - name = "loadbalancer-sg" - description = "Security Group with HTTP open for entire Internet (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["http-80-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags - - # Open to CIDRs blocks (rule or from_port+to_port+protocol+description) - ingress_with_cidr_blocks = [ - { - from_port = 81 - to_port = 81 - protocol = 6 - description = "Allow Port 81 from internet" - cidr_blocks = "0.0.0.0/0" - }, - ] -} - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c6-01-datasource-ami.tf b/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c6-01-datasource-ami.tf deleted file mode 100644 index c292b608..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c6-01-datasource-ami.tf +++ /dev/null @@ -1,21 +0,0 @@ -# Get latest AMI ID for Amazon Linux2 OS -data "aws_ami" "amzlinux2" { - most_recent = true - owners = [ "amazon" ] - filter { - name = "name" - values = [ "amzn2-ami-hvm-*-gp2" ] - } - filter { - name = "root-device-type" - values = [ "ebs" ] - } - filter { - name = "virtualization-type" - values = [ "hvm" ] - } - filter { - name = "architecture" - values = [ "x86_64" ] - } -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c7-01-ec2instance-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c7-01-ec2instance-variables.tf deleted file mode 100644 index 5067bec2..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c7-01-ec2instance-variables.tf +++ /dev/null @@ -1,23 +0,0 @@ -# AWS EC2 Instance Terraform Variables -# EC2 Instance Variables - -# AWS EC2 Instance Type -variable "instance_type" { - description = "EC2 Instance Type" - type = string - default = "t3.micro" -} - -# AWS EC2 Instance Key Pair -variable "instance_keypair" { - description = "AWS EC2 Key pair that need to be associated with EC2 Instance" - type = string - default = "terraform-key" -} - -# AWS EC2 Private Instance Count -variable "private_instance_count" { - description = "AWS EC2 Private Instances Count" - type = number - default = 1 -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c7-02-ec2instance-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c7-02-ec2instance-outputs.tf deleted file mode 100644 index e9fb5216..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c7-02-ec2instance-outputs.tf +++ /dev/null @@ -1,29 +0,0 @@ -# AWS EC2 Instance Terraform Outputs -# Public EC2 Instances - Bastion Host - -## ec2_bastion_public_instance_ids -output "ec2_bastion_public_instance_ids" { - description = "List of IDs of instances" - value = module.ec2_public.id -} - -## ec2_bastion_public_ip -output "ec2_bastion_public_ip" { - description = "List of public IP addresses assigned to the instances" - value = module.ec2_public.public_ip -} - -# Private EC2 Instances -## ec2_private_instance_ids -output "ec2_private_instance_ids" { - description = "List of IDs of instances" - value = module.ec2_private.id -} -## ec2_private_ip -output "ec2_private_ip" { - description = "List of private IP addresses assigned to the instances" - value = module.ec2_private.private_ip -} - - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c7-03-ec2instance-bastion.tf b/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c7-03-ec2instance-bastion.tf deleted file mode 100644 index 4148f148..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c7-03-ec2instance-bastion.tf +++ /dev/null @@ -1,17 +0,0 @@ -# AWS EC2 Instance Terraform Module -# Bastion Host - EC2 Instance that will be created in VPC Public Subnet -module "ec2_public" { - source = "terraform-aws-modules/ec2-instance/aws" - version = "2.17.0" - # insert the 10 required variables here - name = "${var.environment}-BastionHost" - #instance_count = 5 - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - subnet_id = module.vpc.public_subnets[0] - vpc_security_group_ids = [module.public_bastion_sg.this_security_group_id] - tags = local.common_tags -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c7-04-ec2instance-private.tf b/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c7-04-ec2instance-private.tf deleted file mode 100644 index 720ecc87..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c7-04-ec2instance-private.tf +++ /dev/null @@ -1,24 +0,0 @@ -# AWS EC2 Instance Terraform Module -# EC2 Instances that will be created in VPC Private Subnets -module "ec2_private" { - depends_on = [ module.vpc ] # VERY VERY IMPORTANT else userdata webserver provisioning will fail - source = "terraform-aws-modules/ec2-instance/aws" - version = "2.17.0" - # insert the 10 required variables here - name = "${var.environment}-vm" - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - vpc_security_group_ids = [module.private_sg.this_security_group_id] - #subnet_id = module.vpc.public_subnets[0] - subnet_ids = [ - module.vpc.private_subnets[0], - module.vpc.private_subnets[1] - ] - instance_count = var.private_instance_count - user_data = file("${path.module}/app1-install.sh") - tags = local.common_tags -} - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c8-elasticip.tf b/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c8-elasticip.tf deleted file mode 100644 index 07fe130b..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c8-elasticip.tf +++ /dev/null @@ -1,16 +0,0 @@ -# Create Elastic IP for Bastion Host -# Resource - depends_on Meta-Argument -resource "aws_eip" "bastion_eip" { - depends_on = [ module.ec2_public, module.vpc ] - instance = module.ec2_public.id[0] - vpc = true - tags = local.common_tags - -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) - provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c9-nullresource-provisioners.tf b/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c9-nullresource-provisioners.tf deleted file mode 100644 index a4b0bcdf..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c9-nullresource-provisioners.tf +++ /dev/null @@ -1,42 +0,0 @@ -# Create a Null Resource and Provisioners -resource "null_resource" "name" { - depends_on = [module.ec2_public] - # Connection Block for Provisioners to connect to EC2 Instance - connection { - type = "ssh" - host = aws_eip.bastion_eip.public_ip - user = "ec2-user" - password = "" - private_key = file("private-key/terraform-key.pem") - } - -## File Provisioner: Copies the terraform-key.pem file to /tmp/terraform-key.pem - provisioner "file" { - source = "private-key/terraform-key.pem" - destination = "/tmp/terraform-key.pem" - } -## Remote Exec Provisioner: Using remote-exec provisioner fix the private key permissions on Bastion Host - provisioner "remote-exec" { - inline = [ - "sudo chmod 400 /tmp/terraform-key.pem" - ] - } -## Local Exec Provisioner: local-exec provisioner (Creation-Time Provisioner - Triggered during Create Resource) - provisioner "local-exec" { - command = "echo VPC created on `date` and VPC ID: ${module.vpc.vpc_id} >> creation-time-vpc-id.txt" - working_dir = "local-exec-output-files/" - #on_failure = continue - } -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) -/* provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } - */ - -} - -# Creation Time Provisioners - By default they are created during resource creations (terraform apply) -# Destory Time Provisioners - Will be executed during "terraform destroy" command (when = destroy) \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/ec2instance.auto.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/ec2instance.auto.tfvars deleted file mode 100644 index 2d1c0446..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/ec2instance.auto.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -# EC2 Instance Variables -instance_type = "t3.micro" -instance_keypair = "terraform-key" -private_instance_count = 2 diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/local-exec-output-files/backup-demo-kalyan/creation-time-vpc-id.txt b/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/local-exec-output-files/backup-demo-kalyan/creation-time-vpc-id.txt deleted file mode 100644 index f9c8e6fb..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/local-exec-output-files/backup-demo-kalyan/creation-time-vpc-id.txt +++ /dev/null @@ -1,2 +0,0 @@ -VPC created on Mon Apr 12 12:44:45 IST 2021 and VPC ID: vpc-0420c012ebe877808 -VPC created on Thu Apr 15 16:38:50 IST 2021 and VPC ID: vpc-06cacba8e6cd418c5 diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/local-exec-output-files/backup-demo-kalyan/destroy-time-prov.txt b/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/local-exec-output-files/backup-demo-kalyan/destroy-time-prov.txt deleted file mode 100644 index 804feee2..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/local-exec-output-files/backup-demo-kalyan/destroy-time-prov.txt +++ /dev/null @@ -1 +0,0 @@ -Destroy time prov Thu Apr 15 16:56:54 IST 2021 diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/private-key/terraform-key.pem b/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/private-key/terraform-key.pem deleted file mode 100644 index fab1eb2a..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/private-key/terraform-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAnzQtbXStFNU4znotckbPpAbQvymSYBvIRhObDObmhZLzs/Qm -lm57HBU18NcdAeEmKjHyu/2CI4Wwor3TJ+LTKHIldHmCt+26dSN5889Km99Af674 -nuPg9fTt8IXhY83aO0AeEnFivC+lk9+6Xezv7J7Llsmyx3kvUGE4uUEPNPuNcjdU -OrSlQ/Th9FPWBsTL8wLQCfQaPIQhZT8fXnvNGViTpZ/YqcoKGmkXcMl/+Pi0Xccs -ID3Egl18sV5uWr6T1DSMqhhwWYbl+IagZYUeKQ6Lg5znAtnX2/OHhDep6pGcf+aE -jbRkhQWgfLIVYhNXkAGxdxBEA2fQO0wvnaKI6wIDAQABAoIBABmUZqApmQ253LDA -TMEJw58VQUEVyuEKVbl8uPLvvqZDoEiPuAt/oOQ4PDyAM7bzmBA7ikbOSrSubF0Z -pu3HsinTfVUjmO84kTb1Bkk4S0KUMmbRlDzjXGfofLqiqD5C+wd+G9bWxQh7l10V -G3qv8TTRpuCJc+I9BG8jz9tkKq9WYtnGKXktVIAmEXK+ein8A5yj+szV1CyP0y6Y -6D1KApk+o1hLEXCBxaK6JgD4elJWgU0jCIhRFZzae93yozNIfJc2WZfPc8Ro6GBa -8H57q3E241P7S65VewhZlln9AUcRFYc587ohcCIW8mOWQ8NA3IMP+oVxa2p334Ll -duhR2jECgYEAyf7a1/+/c82B+ENyo53Y5CK2UM28oOJjiyCaWG2Dxj6V2+ZSXPrS -YTo43L9XiqT0Ry2eHjb4pJDsEeW5FnaDFO6NVUP+vfzaqWtozQmVAl3GQybbSh6g -+KJoEQff2Obadp9ZVhLFTiBedvGqPD43hs7jtmk5RfMjpLOvidfe+/UCgYEAycSJ -etYYHMMQm2NgX1/4dcbgOiu33N+x1H7LaXuvJMaZw0wB7fUyu65CAexEanDtiKs3 -jVG4tAzdMmHg7VxKR7eiCvQaSlxdWdcWtL2eFVq2TaQeowbpJUtsR0h6W0vpaN9A -VYW/oAH4fzQskwmWSlBMxB/Ie14hBCBckTXSRV8CgYEAql6WXpCK/jVbZfYdfvrn -sKPGeijM7DWGGBaLmAHmnxKyeyKsXVgAkZj11NpeD8ZJcq97Kajb1pGVSxMjJVsX -/FOoST5sYfoew76gSi/GypQlYQYo9z8WLh9s/tBRcTRlFqAYTYzPdbG/ezshhmZD -lyRw0620bNdCPOyBJhY5MPECgYA/3tFOazuSz0UQi3LUfkLetagBghlf+AgJJmIp -8BdPYvcF1ae+tiHrO4x1o188+qaW3uxk9fusM25KJqXXPaHd9gl7wi4YYAjFCcuM -R4IlbGPNTCjOnr9rKOcL4aup/uvSYOmyqPYyJq2NRuzdVumWeLj0VMNYGkIFVmE3 -LnxzrQKBgG5loEjdSKt40YOMXtYvUYUKDGvWgoQEb0hj3OqiBXz+w4YD3/iX7dbQ -qra1gCxE42Z9beiBiti6zi6zGcoVj/pfNUoyxTLMSwaytbF+g1u6ksXcmC9PXcmk -kJDR0DJcm/rcL8tp3PKo22GDB7sobm9gk5je6y8z+dQs3SQbWzb0 ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/terraform.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/terraform.tfvars deleted file mode 100644 index d423925d..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/terraform.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# Generic Variables -aws_region = "us-east-1" -environment = "stag" -business_divsion = "HR" - - - - - - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/vpc.auto.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/vpc.auto.tfvars deleted file mode 100644 index fc45bf29..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/vpc.auto.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# VPC Variables -vpc_name = "myvpc" -vpc_cidr_block = "10.0.0.0/16" -vpc_availability_zones = ["us-east-1a", "us-east-1b"] -vpc_public_subnets = ["10.0.101.0/24", "10.0.102.0/24"] -vpc_private_subnets = ["10.0.1.0/24", "10.0.2.0/24"] -vpc_database_subnets= ["10.0.151.0/24", "10.0.152.0/24"] -vpc_create_database_subnet_group = true -vpc_create_database_subnet_route_table = true -vpc_enable_nat_gateway = true -vpc_single_nat_gateway = true \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/README.md b/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/README.md deleted file mode 100644 index 2f120d71..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/README.md +++ /dev/null @@ -1,283 +0,0 @@ -# AWS Application Load Balancer Basics with Terraform - -## Step-01: Introduction -- Create [AWS ALB Application Load Balancer Terraform Module](https://registry.terraform.io/modules/terraform-aws-modules/alb/aws/latest) -- Re-use AWS Security Group created for Load Balancers - -## Step-02: Create ALB Basic Manually -### Step-02-01: Create EC2 Instance with Userdata -- Go to AWS Services -> EC2 -> Instances -> Launch Instances -- **Step 1: Choose an Amazon Machine Image (AMI):** Amazon Linux 2 AMI (HVM), SSD Volume Type -- **Step 2: Choose an Instance Type:** t2.micro -- **Step 3: Configure Instance Details:** - - Number of Instances: 2 - - Userdata: select `file` and reference `terraform-manifests/app1-install.sh` for userdata - - Rest all defaults -- **Step 4: Add Storage:** leave to defaults -- **Step 5: Add Tags:** - - Key: Name - - Value: ALB-Manual-Test-1 -- **Step 6: Configure Security Group:** - - Security Group Name: ALB-Manual-TestSG1 - - Add SSH and HTTP rules for entire internet edge 0.0.0.0/0 -- **Step 7: Review Instance Launch:** Click on Launch -- **Select an existing key pair or create a new key pair:** terraform-key -- Click on Launch Instance -- Verify once the EC2 Instance is created and wait for Instances to be in `2/2 checks passed` -- Access Instances and verify -``` -# Access App1 from both Instances -http://Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app1/index.html -sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app1/metadata.html - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c1-versions.tf b/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c1-versions.tf deleted file mode 100644 index 52d9f8d4..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c1-versions.tf +++ /dev/null @@ -1,24 +0,0 @@ -# Terraform Block -terraform { - required_version = ">= 1.0" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 3.0" - } - null = { - source = "hashicorp/null" - version = "~> 3.0" - } - } -} - -# Provider Block -provider "aws" { - region = var.aws_region - profile = "default" -} -/* -Note-1: AWS Credentials Profile (profile = "default") configured on your local desktop terminal -$HOME/.aws/credentials -*/ diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf deleted file mode 100644 index 0aeebd65..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf +++ /dev/null @@ -1,3 +0,0 @@ -# Terraform AWS Application Load Balancer Variables -# Place holder file for AWS ALB Variables - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c10-02-ALB-application-loadbalancer.tf b/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c10-02-ALB-application-loadbalancer.tf deleted file mode 100644 index 9987234c..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c10-02-ALB-application-loadbalancer.tf +++ /dev/null @@ -1,58 +0,0 @@ -# Terraform AWS Application Load Balancer (ALB) -module "alb" { - source = "terraform-aws-modules/alb/aws" - version = "5.16.0" - - name = "${local.name}-alb" - load_balancer_type = "application" - vpc_id = module.vpc.vpc_id - subnets = [ - module.vpc.public_subnets[0], - module.vpc.public_subnets[1] - ] - security_groups = [module.loadbalancer_sg.this_security_group_id] - # Listeners - http_tcp_listeners = [ - { - port = 80 - protocol = "HTTP" - target_group_index = 0 # App1 TG associated to this listener - } - ] - # Target Groups - target_groups = [ - # App1 Target Group - TG Index = 0 - { - name_prefix = "app1-" - backend_protocol = "HTTP" - backend_port = 80 - target_type = "instance" - deregistration_delay = 10 - health_check = { - enabled = true - interval = 30 - path = "/app1/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - protocol = "HTTP" - matcher = "200-399" - } - protocol_version = "HTTP1" - # App1 Target Group - Targets - targets = { - my_app1_vm1 = { - target_id = module.ec2_private.id[0] - port = 80 - }, - my_app1_vm2 = { - target_id = module.ec2_private.id[1] - port = 80 - } - } - tags =local.common_tags # Target Group Tags - } - ] - tags = local.common_tags # ALB Tags -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf deleted file mode 100644 index 2db1d52e..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf +++ /dev/null @@ -1,65 +0,0 @@ -# Terraform AWS Application Load Balancer (ALB) Outputs -output "this_lb_id" { - description = "The ID and ARN of the load balancer we created." - value = module.alb.this_lb_id -} - -output "this_lb_arn" { - description = "The ID and ARN of the load balancer we created." - value = module.alb.this_lb_arn -} - -output "this_lb_dns_name" { - description = "The DNS name of the load balancer." - value = module.alb.this_lb_dns_name -} - -output "this_lb_arn_suffix" { - description = "ARN suffix of our load balancer - can be used with CloudWatch." - value = module.alb.this_lb_arn_suffix -} - -output "this_lb_zone_id" { - description = "The zone_id of the load balancer to assist with creating DNS records." - value = module.alb.this_lb_zone_id -} - -output "http_tcp_listener_arns" { - description = "The ARN of the TCP and HTTP load balancer listeners created." - value = module.alb.http_tcp_listener_arns -} - -output "http_tcp_listener_ids" { - description = "The IDs of the TCP and HTTP load balancer listeners created." - value = module.alb.http_tcp_listener_ids -} - -output "https_listener_arns" { - description = "The ARNs of the HTTPS load balancer listeners created." - value = module.alb.https_listener_arns -} - -output "https_listener_ids" { - description = "The IDs of the load balancer listeners created." - value = module.alb.https_listener_ids -} - -output "target_group_arns" { - description = "ARNs of the target groups. Useful for passing to your Auto Scaling group." - value = module.alb.target_group_arns -} - -output "target_group_arn_suffixes" { - description = "ARN suffixes of our target groups - can be used with CloudWatch." - value = module.alb.target_group_arn_suffixes -} - -output "target_group_names" { - description = "Name of the target group. Useful for passing to your CodeDeploy Deployment Group." - value = module.alb.target_group_names -} - -output "target_group_attachments" { - description = "ARNs of the target group attachment IDs." - value = module.alb.target_group_attachments -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c2-generic-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c2-generic-variables.tf deleted file mode 100644 index c238ceaa..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c2-generic-variables.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Input Variables -# AWS Region -variable "aws_region" { - description = "Region in which AWS Resources to be created" - type = string - default = "us-east-1" -} -# Environment Variable -variable "environment" { - description = "Environment Variable used as a prefix" - type = string - default = "dev" -} -# Business Division -variable "business_divsion" { - description = "Business Division in the large organization this Infrastructure belongs" - type = string - default = "sap" -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c3-local-values.tf b/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c3-local-values.tf deleted file mode 100644 index 9465b846..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c3-local-values.tf +++ /dev/null @@ -1,11 +0,0 @@ -# Define Local Values in Terraform -locals { - owners = var.business_divsion - environment = var.environment - name = "${var.business_divsion}-${var.environment}" - #name = "${local.owners}-${local.environment}" - common_tags = { - owners = local.owners - environment = local.environment - } -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c4-01-vpc-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c4-01-vpc-variables.tf deleted file mode 100644 index b68d0a48..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c4-01-vpc-variables.tf +++ /dev/null @@ -1,77 +0,0 @@ -# VPC Input Variables - -# VPC Name -variable "vpc_name" { - description = "VPC Name" - type = string - default = "myvpc" -} - -# VPC CIDR Block -variable "vpc_cidr_block" { - description = "VPC CIDR Block" - type = string - default = "10.0.0.0/16" -} - -# VPC Availability Zones -variable "vpc_availability_zones" { - description = "VPC Availability Zones" - type = list(string) - default = ["us-east-1a", "us-east-1b"] -} - -# VPC Public Subnets -variable "vpc_public_subnets" { - description = "VPC Public Subnets" - type = list(string) - default = ["10.0.101.0/24", "10.0.102.0/24"] -} - -# VPC Private Subnets -variable "vpc_private_subnets" { - description = "VPC Private Subnets" - type = list(string) - default = ["10.0.1.0/24", "10.0.2.0/24"] -} - -# VPC Database Subnets -variable "vpc_database_subnets" { - description = "VPC Database Subnets" - type = list(string) - default = ["10.0.151.0/24", "10.0.152.0/24"] -} - -# VPC Create Database Subnet Group (True / False) -variable "vpc_create_database_subnet_group" { - description = "VPC Create Database Subnet Group" - type = bool - default = true -} - -# VPC Create Database Subnet Route Table (True or False) -variable "vpc_create_database_subnet_route_table" { - description = "VPC Create Database Subnet Route Table" - type = bool - default = true -} - - -# VPC Enable NAT Gateway (True or False) -variable "vpc_enable_nat_gateway" { - description = "Enable NAT Gateways for Private Subnets Outbound Communication" - type = bool - default = true -} - -# VPC Single NAT Gateway (True or False) -variable "vpc_single_nat_gateway" { - description = "Enable only single NAT Gateway in one Availability Zone to save costs during our demos" - type = bool - default = true -} - - - - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c4-02-vpc-module.tf b/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c4-02-vpc-module.tf deleted file mode 100644 index 21a86db6..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c4-02-vpc-module.tf +++ /dev/null @@ -1,43 +0,0 @@ -# Create VPC Terraform Module -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - version = "2.78.0" - #version = "~> 2.78" - - # VPC Basic Details - name = "${local.name}-${var.vpc_name}" - cidr = var.vpc_cidr_block - azs = var.vpc_availability_zones - public_subnets = var.vpc_public_subnets - private_subnets = var.vpc_private_subnets - - # Database Subnets - database_subnets = var.vpc_database_subnets - create_database_subnet_group = var.vpc_create_database_subnet_group - create_database_subnet_route_table = var.vpc_create_database_subnet_route_table - # create_database_internet_gateway_route = true - # create_database_nat_gateway_route = true - - # NAT Gateways - Outbound Communication - enable_nat_gateway = var.vpc_enable_nat_gateway - single_nat_gateway = var.vpc_single_nat_gateway - - # VPC DNS Parameters - enable_dns_hostnames = true - enable_dns_support = true - - - tags = local.common_tags - vpc_tags = local.common_tags - - # Additional Tags to Subnets - public_subnet_tags = { - Type = "Public Subnets" - } - private_subnet_tags = { - Type = "Private Subnets" - } - database_subnet_tags = { - Type = "Private Database Subnets" - } -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c4-03-vpc-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c4-03-vpc-outputs.tf deleted file mode 100644 index c144e991..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c4-03-vpc-outputs.tf +++ /dev/null @@ -1,37 +0,0 @@ -# VPC Output Values - -# VPC ID -output "vpc_id" { - description = "The ID of the VPC" - value = module.vpc.vpc_id -} - -# VPC CIDR blocks -output "vpc_cidr_block" { - description = "The CIDR block of the VPC" - value = module.vpc.vpc_cidr_block -} - -# VPC Private Subnets -output "private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc.private_subnets -} - -# VPC Public Subnets -output "public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc.public_subnets -} - -# VPC NAT gateway Public IP -output "nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_public_ips -} - -# VPC AZs -output "azs" { - description = "A list of availability zones spefified as argument to this module" - value = module.vpc.azs -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c5-01-securitygroup-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c5-01-securitygroup-variables.tf deleted file mode 100644 index fecdef54..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c5-01-securitygroup-variables.tf +++ /dev/null @@ -1,2 +0,0 @@ -# AWS EC2 Security Group Terraform Variables -## Placeholder file for Variables diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c5-02-securitygroup-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c5-02-securitygroup-outputs.tf deleted file mode 100644 index ce756305..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c5-02-securitygroup-outputs.tf +++ /dev/null @@ -1,40 +0,0 @@ -# AWS EC2 Security Group Terraform Outputs - -# Public Bastion Host Security Group Outputs -## public_bastion_sg_group_id -output "public_bastion_sg_group_id" { - description = "The ID of the security group" - value = module.public_bastion_sg.this_security_group_id -} - -## public_bastion_sg_group_vpc_id -output "public_bastion_sg_group_vpc_id" { - description = "The VPC ID" - value = module.public_bastion_sg.this_security_group_vpc_id -} - -## public_bastion_sg_group_name -output "public_bastion_sg_group_name" { - description = "The name of the security group" - value = module.public_bastion_sg.this_security_group_name -} - -# Private EC2 Instances Security Group Outputs -## private_sg_group_id -output "private_sg_group_id" { - description = "The ID of the security group" - value = module.private_sg.this_security_group_id -} - -## private_sg_group_vpc_id -output "private_sg_group_vpc_id" { - description = "The VPC ID" - value = module.private_sg.this_security_group_vpc_id -} - -## private_sg_group_name -output "private_sg_group_name" { - description = "The name of the security group" - value = module.private_sg.this_security_group_name -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c5-03-securitygroup-bastionsg.tf b/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c5-03-securitygroup-bastionsg.tf deleted file mode 100644 index e8c2a767..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c5-03-securitygroup-bastionsg.tf +++ /dev/null @@ -1,16 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Public Bastion Host -module "public_bastion_sg" { - source = "terraform-aws-modules/security-group/aws" - version = "3.18.0" - - name = "public-bastion-sg" - description = "Security Group with SSH port open for everybody (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c5-04-securitygroup-privatesg.tf b/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c5-04-securitygroup-privatesg.tf deleted file mode 100644 index 0351a7ca..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c5-04-securitygroup-privatesg.tf +++ /dev/null @@ -1,17 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Private EC2 Instances -module "private_sg" { - source = "terraform-aws-modules/security-group/aws" - version = "3.18.0" - - name = "private-sg" - description = "Security Group with HTTP & SSH port open for entire VPC Block (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp", "http-80-tcp"] - ingress_cidr_blocks = [module.vpc.vpc_cidr_block] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf b/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf deleted file mode 100644 index c4919af7..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf +++ /dev/null @@ -1,28 +0,0 @@ -# Security Group for Public Load Balancer -module "loadbalancer_sg" { - source = "terraform-aws-modules/security-group/aws" - version = "3.18.0" - - name = "loadbalancer-sg" - description = "Security Group with HTTP open for entire Internet (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["http-80-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags - - # Open to CIDRs blocks (rule or from_port+to_port+protocol+description) - ingress_with_cidr_blocks = [ - { - from_port = 81 - to_port = 81 - protocol = 6 - description = "Allow Port 81 from internet" - cidr_blocks = "0.0.0.0/0" - }, - ] -} - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c6-01-datasource-ami.tf b/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c6-01-datasource-ami.tf deleted file mode 100644 index c292b608..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c6-01-datasource-ami.tf +++ /dev/null @@ -1,21 +0,0 @@ -# Get latest AMI ID for Amazon Linux2 OS -data "aws_ami" "amzlinux2" { - most_recent = true - owners = [ "amazon" ] - filter { - name = "name" - values = [ "amzn2-ami-hvm-*-gp2" ] - } - filter { - name = "root-device-type" - values = [ "ebs" ] - } - filter { - name = "virtualization-type" - values = [ "hvm" ] - } - filter { - name = "architecture" - values = [ "x86_64" ] - } -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c7-01-ec2instance-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c7-01-ec2instance-variables.tf deleted file mode 100644 index 5067bec2..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c7-01-ec2instance-variables.tf +++ /dev/null @@ -1,23 +0,0 @@ -# AWS EC2 Instance Terraform Variables -# EC2 Instance Variables - -# AWS EC2 Instance Type -variable "instance_type" { - description = "EC2 Instance Type" - type = string - default = "t3.micro" -} - -# AWS EC2 Instance Key Pair -variable "instance_keypair" { - description = "AWS EC2 Key pair that need to be associated with EC2 Instance" - type = string - default = "terraform-key" -} - -# AWS EC2 Private Instance Count -variable "private_instance_count" { - description = "AWS EC2 Private Instances Count" - type = number - default = 1 -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c7-02-ec2instance-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c7-02-ec2instance-outputs.tf deleted file mode 100644 index e9fb5216..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c7-02-ec2instance-outputs.tf +++ /dev/null @@ -1,29 +0,0 @@ -# AWS EC2 Instance Terraform Outputs -# Public EC2 Instances - Bastion Host - -## ec2_bastion_public_instance_ids -output "ec2_bastion_public_instance_ids" { - description = "List of IDs of instances" - value = module.ec2_public.id -} - -## ec2_bastion_public_ip -output "ec2_bastion_public_ip" { - description = "List of public IP addresses assigned to the instances" - value = module.ec2_public.public_ip -} - -# Private EC2 Instances -## ec2_private_instance_ids -output "ec2_private_instance_ids" { - description = "List of IDs of instances" - value = module.ec2_private.id -} -## ec2_private_ip -output "ec2_private_ip" { - description = "List of private IP addresses assigned to the instances" - value = module.ec2_private.private_ip -} - - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c7-03-ec2instance-bastion.tf b/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c7-03-ec2instance-bastion.tf deleted file mode 100644 index 4148f148..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c7-03-ec2instance-bastion.tf +++ /dev/null @@ -1,17 +0,0 @@ -# AWS EC2 Instance Terraform Module -# Bastion Host - EC2 Instance that will be created in VPC Public Subnet -module "ec2_public" { - source = "terraform-aws-modules/ec2-instance/aws" - version = "2.17.0" - # insert the 10 required variables here - name = "${var.environment}-BastionHost" - #instance_count = 5 - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - subnet_id = module.vpc.public_subnets[0] - vpc_security_group_ids = [module.public_bastion_sg.this_security_group_id] - tags = local.common_tags -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c7-04-ec2instance-private.tf b/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c7-04-ec2instance-private.tf deleted file mode 100644 index 720ecc87..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c7-04-ec2instance-private.tf +++ /dev/null @@ -1,24 +0,0 @@ -# AWS EC2 Instance Terraform Module -# EC2 Instances that will be created in VPC Private Subnets -module "ec2_private" { - depends_on = [ module.vpc ] # VERY VERY IMPORTANT else userdata webserver provisioning will fail - source = "terraform-aws-modules/ec2-instance/aws" - version = "2.17.0" - # insert the 10 required variables here - name = "${var.environment}-vm" - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - vpc_security_group_ids = [module.private_sg.this_security_group_id] - #subnet_id = module.vpc.public_subnets[0] - subnet_ids = [ - module.vpc.private_subnets[0], - module.vpc.private_subnets[1] - ] - instance_count = var.private_instance_count - user_data = file("${path.module}/app1-install.sh") - tags = local.common_tags -} - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c8-elasticip.tf b/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c8-elasticip.tf deleted file mode 100644 index 07fe130b..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c8-elasticip.tf +++ /dev/null @@ -1,16 +0,0 @@ -# Create Elastic IP for Bastion Host -# Resource - depends_on Meta-Argument -resource "aws_eip" "bastion_eip" { - depends_on = [ module.ec2_public, module.vpc ] - instance = module.ec2_public.id[0] - vpc = true - tags = local.common_tags - -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) - provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c9-nullresource-provisioners.tf b/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c9-nullresource-provisioners.tf deleted file mode 100644 index a4b0bcdf..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c9-nullresource-provisioners.tf +++ /dev/null @@ -1,42 +0,0 @@ -# Create a Null Resource and Provisioners -resource "null_resource" "name" { - depends_on = [module.ec2_public] - # Connection Block for Provisioners to connect to EC2 Instance - connection { - type = "ssh" - host = aws_eip.bastion_eip.public_ip - user = "ec2-user" - password = "" - private_key = file("private-key/terraform-key.pem") - } - -## File Provisioner: Copies the terraform-key.pem file to /tmp/terraform-key.pem - provisioner "file" { - source = "private-key/terraform-key.pem" - destination = "/tmp/terraform-key.pem" - } -## Remote Exec Provisioner: Using remote-exec provisioner fix the private key permissions on Bastion Host - provisioner "remote-exec" { - inline = [ - "sudo chmod 400 /tmp/terraform-key.pem" - ] - } -## Local Exec Provisioner: local-exec provisioner (Creation-Time Provisioner - Triggered during Create Resource) - provisioner "local-exec" { - command = "echo VPC created on `date` and VPC ID: ${module.vpc.vpc_id} >> creation-time-vpc-id.txt" - working_dir = "local-exec-output-files/" - #on_failure = continue - } -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) -/* provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } - */ - -} - -# Creation Time Provisioners - By default they are created during resource creations (terraform apply) -# Destory Time Provisioners - Will be executed during "terraform destroy" command (when = destroy) \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/ec2instance.auto.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/ec2instance.auto.tfvars deleted file mode 100644 index 2d1c0446..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/ec2instance.auto.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -# EC2 Instance Variables -instance_type = "t3.micro" -instance_keypair = "terraform-key" -private_instance_count = 2 diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt b/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt deleted file mode 100644 index 899483f3..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt +++ /dev/null @@ -1 +0,0 @@ -VPC created on Mon Apr 19 15:00:57 IST 2021 and VPC ID: vpc-0124fbdd659d7c887 diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/local-exec-output-files/destroy-time-prov.txt b/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/local-exec-output-files/destroy-time-prov.txt deleted file mode 100644 index 688585a8..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/local-exec-output-files/destroy-time-prov.txt +++ /dev/null @@ -1 +0,0 @@ -Destroy time prov Mon Apr 19 15:08:50 IST 2021 diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/private-key/terraform-key.pem b/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/private-key/terraform-key.pem deleted file mode 100644 index fab1eb2a..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/private-key/terraform-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAnzQtbXStFNU4znotckbPpAbQvymSYBvIRhObDObmhZLzs/Qm -lm57HBU18NcdAeEmKjHyu/2CI4Wwor3TJ+LTKHIldHmCt+26dSN5889Km99Af674 -nuPg9fTt8IXhY83aO0AeEnFivC+lk9+6Xezv7J7Llsmyx3kvUGE4uUEPNPuNcjdU -OrSlQ/Th9FPWBsTL8wLQCfQaPIQhZT8fXnvNGViTpZ/YqcoKGmkXcMl/+Pi0Xccs -ID3Egl18sV5uWr6T1DSMqhhwWYbl+IagZYUeKQ6Lg5znAtnX2/OHhDep6pGcf+aE -jbRkhQWgfLIVYhNXkAGxdxBEA2fQO0wvnaKI6wIDAQABAoIBABmUZqApmQ253LDA -TMEJw58VQUEVyuEKVbl8uPLvvqZDoEiPuAt/oOQ4PDyAM7bzmBA7ikbOSrSubF0Z -pu3HsinTfVUjmO84kTb1Bkk4S0KUMmbRlDzjXGfofLqiqD5C+wd+G9bWxQh7l10V -G3qv8TTRpuCJc+I9BG8jz9tkKq9WYtnGKXktVIAmEXK+ein8A5yj+szV1CyP0y6Y -6D1KApk+o1hLEXCBxaK6JgD4elJWgU0jCIhRFZzae93yozNIfJc2WZfPc8Ro6GBa -8H57q3E241P7S65VewhZlln9AUcRFYc587ohcCIW8mOWQ8NA3IMP+oVxa2p334Ll -duhR2jECgYEAyf7a1/+/c82B+ENyo53Y5CK2UM28oOJjiyCaWG2Dxj6V2+ZSXPrS -YTo43L9XiqT0Ry2eHjb4pJDsEeW5FnaDFO6NVUP+vfzaqWtozQmVAl3GQybbSh6g -+KJoEQff2Obadp9ZVhLFTiBedvGqPD43hs7jtmk5RfMjpLOvidfe+/UCgYEAycSJ -etYYHMMQm2NgX1/4dcbgOiu33N+x1H7LaXuvJMaZw0wB7fUyu65CAexEanDtiKs3 -jVG4tAzdMmHg7VxKR7eiCvQaSlxdWdcWtL2eFVq2TaQeowbpJUtsR0h6W0vpaN9A -VYW/oAH4fzQskwmWSlBMxB/Ie14hBCBckTXSRV8CgYEAql6WXpCK/jVbZfYdfvrn -sKPGeijM7DWGGBaLmAHmnxKyeyKsXVgAkZj11NpeD8ZJcq97Kajb1pGVSxMjJVsX -/FOoST5sYfoew76gSi/GypQlYQYo9z8WLh9s/tBRcTRlFqAYTYzPdbG/ezshhmZD -lyRw0620bNdCPOyBJhY5MPECgYA/3tFOazuSz0UQi3LUfkLetagBghlf+AgJJmIp -8BdPYvcF1ae+tiHrO4x1o188+qaW3uxk9fusM25KJqXXPaHd9gl7wi4YYAjFCcuM -R4IlbGPNTCjOnr9rKOcL4aup/uvSYOmyqPYyJq2NRuzdVumWeLj0VMNYGkIFVmE3 -LnxzrQKBgG5loEjdSKt40YOMXtYvUYUKDGvWgoQEb0hj3OqiBXz+w4YD3/iX7dbQ -qra1gCxE42Z9beiBiti6zi6zGcoVj/pfNUoyxTLMSwaytbF+g1u6ksXcmC9PXcmk -kJDR0DJcm/rcL8tp3PKo22GDB7sobm9gk5je6y8z+dQs3SQbWzb0 ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/terraform.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/terraform.tfvars deleted file mode 100644 index 8b9f8d7c..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/terraform.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# Generic Variables -aws_region = "us-east-1" -environment = "stag" -business_divsion = "hr" - - - - - - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/vpc.auto.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/vpc.auto.tfvars deleted file mode 100644 index fc45bf29..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/vpc.auto.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# VPC Variables -vpc_name = "myvpc" -vpc_cidr_block = "10.0.0.0/16" -vpc_availability_zones = ["us-east-1a", "us-east-1b"] -vpc_public_subnets = ["10.0.101.0/24", "10.0.102.0/24"] -vpc_private_subnets = ["10.0.1.0/24", "10.0.2.0/24"] -vpc_database_subnets= ["10.0.151.0/24", "10.0.152.0/24"] -vpc_create_database_subnet_group = true -vpc_create_database_subnet_route_table = true -vpc_enable_nat_gateway = true -vpc_single_nat_gateway = true \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/README.md b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/README.md deleted file mode 100644 index 2ebc8b64..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/README.md +++ /dev/null @@ -1,357 +0,0 @@ -# AWS ALB Context Path based Routing using Terraform - -## Step-00: Pre-requisites -- You need a Registered Domain in AWS Route53 to implement this usecase -- Lets discuss more about it -- Go to AWS Services -> Route53 -> Domains -> Registered Domains -> Register Domain -- Choose a domain name: abcabc.com and click on **Check** -- If available, click on **Add to Cart** and Click on **Continue** -- Provide `Contact Details for Your 1 Domain` and Click on **Continue** -- Terms and Conditions: Check and click on **Complete Order** -- Go back to **Billing** and complete the payment for the domain to be approved -- Copy your `terraform-key.pem` file to `terraform-manifests/private-key` folder - -## Step-01: Introduction -- We are going to implement Context Path based Routing in AWS Application Load Balancer using Terraform. -- To achieve that we are going to implement many series of steps. -- Our core focus in the entire section should be primarily targeted to two things - - **Listener Indexes:** `https_listener_index = 0` - - **Target Group Indexes:** `target_group_index = 0` -- If we are good with understanding these indexes and how to reference them, we are good with handling these multiple context paths or multiple header based routes or anything from ALB perspective. -- We are going to implement the following using AWS ALB -1. Fixed Response for /* : http://apps.devopsincloud.com -2. App1 /app1* goes to App1 EC2 Instances: http://apps.devopsincloud.com/app1/index.html -3. App2 /app2* goes to App2 EC2 Instances: http://apps.devopsincloud.com/app2/index.html -4. HTTP to HTTPS Redirect - -## Step-02: Copy all files from previous section -- We are going to copy all files from previous section `09-AWS-ALB-Application-LoadBalancer-Basic` -- Files from `c1 to c10` -- Create new files - - c6-02-datasource-route53-zone.tf - - c11-acm-certificatemanager.tf - - c12-route53-dnsregistration.tf -- Review the files - - app1-install.sh - - app2-install.sh - -## Step-03: c5-05-securitygroup-loadbalancersg.tf -- Update load balancer security group to allow port 443 -```t - ingress_rules = ["http-80-tcp", "https-443-tcp"] -``` - -## Step-04: c6-02-datasource-route53-zone.tf -- Define the datasource for [Route53 Zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_zone) -```t -# Get DNS information from AWS Route53 -data "aws_route53_zone" "mydomain" { - name = "devopsincloud.com" -} - -# Output MyDomain Zone ID -output "mydomain_zoneid" { - description = "The Hosted Zone id of the desired Hosted Zone" - value = data.aws_route53_zone.mydomain.zone_id -} -``` - -## Step-05: c7-04-ec2instance-private-app1.tf -- We will change the module name from `ec2_private` to `ec2_private_app1` -- We will change the `name` to `"${var.environment}-app1"` -```t -# EC2 Instances that will be created in VPC Private Subnets for App1 -module "ec2_private_app1" { - depends_on = [ module.vpc ] # VERY VERY IMPORTANT else userdata webserver provisioning will fail - source = "terraform-aws-modules/ec2-instance/aws" - version = "2.17.0" - # insert the 10 required variables here - name = "${var.environment}-app1" - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - vpc_security_group_ids = [module.private_sg.this_security_group_id] - #subnet_id = module.vpc.public_subnets[0] - subnet_ids = [ - module.vpc.private_subnets[0], - module.vpc.private_subnets[1] - ] - instance_count = var.private_instance_count - user_data = file("${path.module}/app1-install.sh") - tags = local.common_tags -} -``` - -## Step-06: c7-05-ec2instance-private-app2.tf -- Create new EC2 Instances for App2 Application -- **Module Name:** ec2_private_app2 -- **Name:** `"${var.environment}-app2"` -- **User Data:** `user_data = file("${path.module}/app2-install.sh")` -```t -# AWS EC2 Instance Terraform Module -# EC2 Instances that will be created in VPC Private Subnets for App2 -module "ec2_private_app2" { - depends_on = [ module.vpc ] # VERY VERY IMPORTANT else userdata webserver provisioning will fail - source = "terraform-aws-modules/ec2-instance/aws" - version = "2.17.0" - # insert the 10 required variables here - name = "${var.environment}-app2" - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - vpc_security_group_ids = [module.private_sg.this_security_group_id] - #subnet_id = module.vpc.public_subnets[0] - subnet_ids = [ - module.vpc.private_subnets[0], - module.vpc.private_subnets[1] - ] - instance_count = var.private_instance_count - user_data = file("${path.module}/app2-install.sh") - tags = local.common_tags -} -``` - -## Step-07: c7-02-ec2instance-outputs.tf -- Update App1 and App2 Outputs based on new module names -```t -# App1 - Private EC2 Instances -## ec2_private_instance_ids -output "app1_ec2_private_instance_ids" { - description = "List of IDs of instances" - value = module.ec2_private_app1.id -} -## ec2_private_ip -output "app1_ec2_private_ip" { - description = "List of private IP addresses assigned to the instances" - value = module.ec2_private_app1.private_ip -} - -# App2 - Private EC2 Instances -## ec2_private_instance_ids -output "app2_ec2_private_instance_ids" { - description = "List of IDs of instances" - value = module.ec2_private_app2.id -} -## ec2_private_ip -output "app2_ec2_private_ip" { - description = "List of private IP addresses assigned to the instances" - value = module.ec2_private_app2.private_ip -} -``` -## Step-08: c11-acm-certificatemanager.tf -- [Terraform AWS ACM Module](https://registry.terraform.io/modules/terraform-aws-modules/acm/aws/latest) -- Create a SAN SSL Certificate using DNS Validation with Route53 -- This is required for us with ALB Load Balancer HTTPS Listener to associate SSL certificate to it -- Test trimsuffic function using `terraform console` -```t -# Terraform Console -terraform console - -# Provide Trim Suffix Function -trimsuffix("devopsincloud.com.", ".") - -# Verify Output -"devopsincloud.com" -``` -- **ACM Module Terraform Configuration** -```t -# ACM Module - To create and Verify SSL Certificates -module "acm" { - source = "terraform-aws-modules/acm/aws" - version = "~> 2.0" - - domain_name = trimsuffix(data.aws_route53_zone.mydomain.name, ".") - zone_id = data.aws_route53_zone.mydomain.id - subject_alternative_names = [ - "*.devopsincloud.com" - ] - tags = local.common_tags -} - -# Output ACM Certificate ARN -output "acm_certificate_arn" { - description = "ACM Certificate ARN" - value = module.acm.this_acm_certificate_arn -} -``` - -## Step-09: c10-02-ALB-application-loadbalancer.tf -- [Terraform ALB Module](https://registry.terraform.io/modules/terraform-aws-modules/alb/aws/latest) -- [Terraform ALB Module - Complete Example](https://registry.terraform.io/modules/terraform-aws-modules/alb/aws/latest/examples/complete-alb) -### Step-09-01: HTTP to HTTPS Redirect -```t - # HTTP Listener - HTTP to HTTPS Redirect - http_tcp_listeners = [ - { - port = 80 - protocol = "HTTP" - action_type = "redirect" - redirect = { - port = "443" - protocol = "HTTPS" - status_code = "HTTP_301" - } - } - ] -``` -### Step-09-02: Add Target Group app2 -```t - # App2 Target Group - TG Index = 1 - { - name_prefix = "app2-" - backend_protocol = "HTTP" - backend_port = 80 - target_type = "instance" - deregistration_delay = 10 - health_check = { - enabled = true - interval = 30 - path = "/app2/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - protocol = "HTTP" - matcher = "200-399" - } - protocol_version = "HTTP1" - # App2 Target Group - Targets - targets = { - my_app2_vm1 = { - target_id = module.ec2_private_app2.id[0] - port = 80 - }, - my_app2_vm2 = { - target_id = module.ec2_private_app2.id[1] - port = 80 - } - } - tags =local.common_tags # Target Group Tags - } -``` -### Step-09-03: Add HTTPS Listener -1. Associate SSL Certificate ARN -2. Add fixed response for Root Context `/*` -```t - # HTTPS Listener - https_listeners = [ - # HTTPS Listener Index = 0 for HTTPS 443 - { - port = 443 - protocol = "HTTPS" - certificate_arn = module.acm.this_acm_certificate_arn - action_type = "fixed-response" - fixed_response = { - content_type = "text/plain" - message_body = "Fixed Static message - for Root Context" - status_code = "200" - } - }, - ] -``` -### Step-09-04: Add HTTPS Listener Rules -- Understand about `https_listener_index` -- Create Rule-1: /app1* should go to App1 EC2 Instances -- Understand about `target_group_index` -- Create Rule-2: /app2* should go to App2 EC2 Instances -```t - - # HTTPS Listener Rules - https_listener_rules = [ - # Rule-1: /app1* should go to App1 EC2 Instances - { - https_listener_index = 0 - actions = [ - { - type = "forward" - target_group_index = 0 - } - ] - conditions = [{ - path_patterns = ["/app1*"] - }] - }, - # Rule-2: /app2* should go to App2 EC2 Instances - { - https_listener_index = 0 - actions = [ - { - type = "forward" - target_group_index = 1 - } - ] - conditions = [{ - path_patterns = ["/app2*"] - }] - }, - ] -``` -## Step-10: c12-route53-dnsregistration.tf -- [Route53 Record Resource](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) -```t -# DNS Registration -resource "aws_route53_record" "apps_dns" { - zone_id = data.aws_route53_zone.mydomain.id - name = "apps9.devopsincloud.com" - type = "A" - - alias { - name = module.alb.this_lb_dns_name - zone_id = module.alb.this_lb_zone_id - evaluate_target_health = true - } -} -``` - -## Step-11: Execute Terraform Commands -```t -# Terraform Initialize -terraform init - -# Terraform Validate -terraform validate - -# Terraform Plan -terraform plan - -# Terraform Apply -terraform apply -auto-approve - -# Verify -Observation: -1. Verify EC2 Instances for App1 -2. Verify EC2 Instances for App2 -3. Verify Load Balancer SG - Primarily SSL 443 Rule -4. Verify ALB Listener - HTTP:80 - Should contain a redirect from HTTP to HTTPS -5. Verify ALB Listener - HTTPS:443 - Should contain 3 rules -5.1 /app1* to app1-tg -5.2 /app2* to app2-tg -5.3 /* return Fixed response -6. Verify ALB Target Groups App1 and App2, Targets (should be healthy) -5. Verify SSL Certificate (Certificate Manager) -6. Verify Route53 DNS Record - -# Test (Domain will be different for you based on your registered domain) -# Note: All the below URLS shoud redirect from HTTP to HTTPS -1. Fixed Response: http://apps.devopsincloud.com -2. App1 Landing Page: http://apps.devopsincloud.com/app1/index.html -3. App1 Metadata Page: http://apps.devopsincloud.com/app1/metadata.html -4. App2 Landing Page: http://apps.devopsincloud.com/app2/index.html -5. App2 Metadata Page: http://apps.devopsincloud.com/app2/metadata.html -``` - -## Step-12: Clean-Up -```t -# Terraform Destroy -terraform destroy -auto-approve - -# Delete files -rm -rf .terraform* -rm -rf terraform.tfstate* -``` - - -## References -- [Terraform AWS ALB](https://github.com/terraform-aws-modules/terraform-aws-alb) diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/README.md b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/README.md deleted file mode 100644 index e68810c5..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/README.md +++ /dev/null @@ -1,91 +0,0 @@ -# EC2 Demo 13 - Autoscaling with Target Tracking Policy - -## Step-01: Introduction -### V1-Terraform-Manifests: LC & ASG & TTSP & ALB & Notifications -#### Module-1: ASG & LC & ALB -- Create Launch Configuration -- Create Autoscaling Group -- Map it with ALB (Application Load Balancer) - -#### Module-2: - TTSP (Target Tracking Scaling Policies) -- Create `Resource: aws_autoscaling_policy` -- ASGAverageCPUUtilization -- ALBRequestCountPerTarget -- Terraform Import for `ALBRequestCountPerTarget` Resource Label finding -#### Module-3: Autoscaling Notifications -- Create SNS Topic `aws_sns_topic` -- Create SNS Topic Subscription `aws_sns_topic_subscription` -- Create Autoscaling Notification Resource `aws_autoscaling_notification` -#### Module-4: Scheduled Actions -- Create a scheduled action to `increase capacity at 7am` -- Create a scheduled action to `decrease capacity at 5pm` -```t -# Import State -$ terraform import aws_autoscaling_schedule.resource-name auto-scaling-group-name/scheduled-action-name -terraform import aws_autoscaling_schedule.capacity_increase_during_business_hours myapp1-asg-20210329100544375800000007/capacity_increase_during_business_hours --> using terraform import get values for recurrence argument (cron format) - -# UTC Timezone converter -https://www.worldtimebuddy.com/utc-to-est-converter -``` - -### Module-5: Changes to ASG -- Change Desired capacity to 3 `desired_capacity = 3` and test -- Any change to ASG, do a instance refresh -- Instance Refresh is not available in this ASG module, we will learn this during Launch Template + ASG with Resources -```t - instance_refresh { - strategy = "Rolling" - preferences { - min_healthy_percentage = 50 - } - triggers = ["tag"] - } -``` - -## Module-6: Change to Launch Configuration -- What happens? -- In next scale-in event changes will be adjusted [or] if instance refresh present and configured in this module it updates ASG with new LC ID, instance refresh should kick in. -- We will test this with next scale-in event - Run postman runner test -- Lets see that practically - - - - -## Step-02: ASG with ELB with Simple Scaling -### V2-Terraform-Manifests: Simple Scaling -- Implement Simple Scaling - -### V3-Terraform-Manifests: Step Scaling & - - -### V5-Terraform-Manifests: Lifecycle Hooks - -### V6-Terraform-Manifests: Modify LC and ASG - -### V7-Terraform-Manifests: Monitoring - -### Instance Refresh - - - - - - -## Step-02: Get Resource LABEL for TTS Policy ALBRequestCount policy - -``` -``` -$ terraform import aws_autoscaling_policy.test-policy asg-name/policy-name - -terraform import aws_autoscaling_policy.dkalyan-test-policy myapp1-asg-20210329045302504300000007/TP1 -``` - -``` - -## References -- [Data Source: aws_subnet_ids](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet_ids) -- [Resource: aws_autoscaling_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_policy) -- [Resource: aws_autoscaling_notification](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_notification) -- [Resource: aws_autoscaling_schedule](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_schedule) -- [Pre-defined Metrics - Autoscaling](https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_PredefinedMetricSpecification.html) diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/.terraform.lock.hcl b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/.terraform.lock.hcl deleted file mode 100644 index c9fb10f6..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/.terraform.lock.hcl +++ /dev/null @@ -1,58 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "3.34.0" - constraints = ">= 2.41.0, >= 2.42.0, >= 2.53.0, >= 2.54.0, >= 2.65.0, >= 2.70.0, ~> 3.0" - hashes = [ - "h1:2xGmnG7UF0iScMGVWBazSYk1sRatXeZYgCGjdGm4A+w=", - "zh:003272229bd19bb63d6e77bc3d684268c417a151dfaee01c40b40e21cdd8bb0f", - "zh:103cacc1f3d97dfb7e9dd1e1905b075f92d9bd8aed434f811e8111788b648a57", - "zh:63a43c6e5fb2e5ad59ea068bede5c6bb54358affd32163d72785473a15440427", - "zh:6648af39a318c85eb336e2fb3ec1a01c5ffe8d75cc51686c37e892dd6f6a8974", - "zh:71ac8f6d5d61e5dee90099fd4fc1bb5bcd8ccb674eb6e7cd58d20757f7cecd12", - "zh:73baae4aa5bc0af12917e3bb17e1086050d25cdf7ba604f7fc422653c99f884c", - "zh:7d920ac05c45e77c59c49e0dd0cb010d64202c5a2fdfde6d9efe3dc61e396c97", - "zh:8a495e49f8fcbe276a74911f9ca48381533686ff71a9d4f7027bb9109769b639", - "zh:8ab9769581dfc1675c645e33e7ab8fea6ad1acc9e232eeda823070447e5ecaf1", - "zh:a170ecc560d49c251f4bebb6d6a82ff3637ae16a0f779a53489d4a64ddd1ee6a", - "zh:d9178201057b62666691ec206d1fbe09965bcfea532085b4e31f46073bf5898f", - ] -} - -provider "registry.terraform.io/hashicorp/null" { - version = "3.0.0" - constraints = ">= 2.0.0, ~> 3.0.0" - hashes = [ - "h1:V1tzrSG6t3e7zWvUwRbGbhsWU2Jd/anrJpOl9XM+R/8=", - "zh:05fb7eab469324c97e9b73a61d2ece6f91de4e9b493e573bfeda0f2077bc3a4c", - "zh:1688aa91885a395c4ae67636d411475d0b831e422e005dcf02eedacaafac3bb4", - "zh:24a0b1292e3a474f57c483a7a4512d797e041bc9c2fbaac42fe12e86a7fb5a3c", - "zh:2fc951bd0d1b9b23427acc93be09b6909d72871e464088171da60fbee4fdde03", - "zh:6db825759425599a326385a68acc6be2d9ba0d7d6ef587191d0cdc6daef9ac63", - "zh:85985763d02618993c32c294072cc6ec51f1692b803cb506fcfedca9d40eaec9", - "zh:a53186599c57058be1509f904da512342cfdc5d808efdaf02dec15f0f3cb039a", - "zh:c2e07b49b6efa676bdc7b00c06333ea1792a983a5720f9e2233db27323d2707c", - "zh:cdc8fe1096103cf5374751e2e8408ec4abd2eb67d5a1c5151fe2c7ecfd525bef", - "zh:dbdef21df0c012b0d08776f3d4f34eb0f2f229adfde07ff252a119e52c0f65b7", - ] -} - -provider "registry.terraform.io/hashicorp/random" { - version = "3.1.0" - constraints = ">= 2.0.0" - hashes = [ - "h1:rKYu5ZUbXwrLG1w81k7H3nce/Ys6yAxXhWcbtk36HjY=", - "zh:2bbb3339f0643b5daa07480ef4397bd23a79963cc364cdfbb4e86354cb7725bc", - "zh:3cd456047805bf639fbf2c761b1848880ea703a054f76db51852008b11008626", - "zh:4f251b0eda5bb5e3dc26ea4400dba200018213654b69b4a5f96abee815b4f5ff", - "zh:7011332745ea061e517fe1319bd6c75054a314155cb2c1199a5b01fe1889a7e2", - "zh:738ed82858317ccc246691c8b85995bc125ac3b4143043219bd0437adc56c992", - "zh:7dbe52fac7bb21227acd7529b487511c91f4107db9cc4414f50d04ffc3cab427", - "zh:a3a9251fb15f93e4cfc1789800fc2d7414bbc18944ad4c5c98f466e6477c42bc", - "zh:a543ec1a3a8c20635cf374110bd2f87c07374cf2c50617eee2c669b3ceeeaa9f", - "zh:d9ab41d556a48bd7059f0810cf020500635bfc696c9fc3adab5ea8915c1d886b", - "zh:d9e13427a7d011dbd654e591b0337e6074eef8c3b9bb11b2e39eaaf257044fd7", - "zh:f7605bd1437752114baf601bdf6931debe6dc6bfe3006eb7e9bb9080931dca8a", - ] -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/app1-install.sh b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/app1-install.sh deleted file mode 100644 index f697dd1d..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/app1-install.sh +++ /dev/null @@ -1,12 +0,0 @@ -#! /bin/bash -# Instance Identity Metadata Reference - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html -sudo yum update -y -sudo yum install -y httpd -sudo systemctl enable httpd -sudo service httpd start -sudo echo 'Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app1/index.html -sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app1/metadata.html - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/c1-versions.tf b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/c1-versions.tf deleted file mode 100644 index cd69a9c8..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/c1-versions.tf +++ /dev/null @@ -1,24 +0,0 @@ -# Terraform Block -terraform { - required_version = ">= 1.0" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 3.0" - } - null = { - source = "hashicorp/null" - version = "~> 3.0.0" - } - } -} - -# Provider Block -provider "aws" { - region = var.aws_region - profile = "default" -} -/* -Note-1: AWS Credentials Profile (profile = "default") configured on your local desktop terminal -$HOME/.aws/credentials -*/ diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/c10-acm-certificatemanager.tf b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/c10-acm-certificatemanager.tf deleted file mode 100644 index d13cb296..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/c10-acm-certificatemanager.tf +++ /dev/null @@ -1,23 +0,0 @@ -# Get DNS information from AWS Route53 -data "aws_route53_zone" "mydomain" { - name = "devopsincloud.com" -} - -# ACM Module - To create and Verify SSL Certificates -module "acm" { - source = "terraform-aws-modules/acm/aws" - version = "~> 2.0" - - domain_name = trimsuffix(data.aws_route53_zone.mydomain.name, ".") - zone_id = data.aws_route53_zone.mydomain.id - subject_alternative_names = [ - "apps.devopsincloud.com", - "app1.devopsincloud.com", - "app2.devopsincloud.com", - "default.devopsincloud.com", - "custom-header.devopsincloud.com", - "redirects1.devopsincloud.com", - "lb-to-db1.devopsincloud.com", - "asg-lc2.devopsincloud.com", - ] -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/c11-ALB-Application-loadbalancer.tf b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/c11-ALB-Application-loadbalancer.tf deleted file mode 100644 index ef8ed947..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/c11-ALB-Application-loadbalancer.tf +++ /dev/null @@ -1,106 +0,0 @@ -# Terraform AWS Application Load Balancer (ALB) -module "alb" { - source = "terraform-aws-modules/alb/aws" - version = "5.12.0" - - name = "alb-basic" - load_balancer_type = "application" - vpc_id = module.vpc.vpc_id - subnets = [ - module.vpc.public_subnets[0], - module.vpc.public_subnets[1], - module.vpc.public_subnets[2] - ] - security_groups = [module.loadbalancer_sg.this_security_group_id] - # HTTP Listener - HTTP to HTTPS Redirect - http_tcp_listeners = [ - { - port = 80 - protocol = "HTTP" - action_type = "redirect" - redirect = { - port = "443" - protocol = "HTTPS" - status_code = "HTTP_301" - } - } - ] - - - - - # Target Groups - target_groups = [ - { - name_prefix = "app1-" - backend_protocol = "HTTP" - backend_port = 80 - target_type = "instance" - deregistration_delay = 10 - health_check = { - enabled = true - interval = 30 - path = "/app1/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - protocol = "HTTP" - matcher = "200-399" - } - }, - ] - - - tags = local.common_tags - - - - # HTTPS Listener - https_listeners = [ - { - port = 443 - protocol = "HTTPS" - certificate_arn = module.acm.this_acm_certificate_arn - action_type = "fixed-response" - fixed_response = { - content_type = "text/plain" - message_body = "Fixed message - for Root Context" - status_code = "200" - } - }, - ] - - # HTTPS Listener Rules - https_listener_rules = [ - # Rule-1: /app1* should go to App1 EC2 Instances - { - https_listener_index = 0 - actions = [ - { - type = "forward" - target_group_index = 0 - } - ] - conditions = [{ - path_patterns = ["/*"] - }] - }, - ] -} - -/* -- IMPORTANT NOTE -- -As on Today, Target Group Attachments Not Supported -https://github.com/terraform-aws-modules/terraform-aws-alb -With that said, to register EC2 Instances to ALB TG, we need to use -Terraform resource "aws_alb_target_group_attachment" -*/ -/* -# App1 - aws_alb_target_group_attachment -resource "aws_alb_target_group_attachment" "app1_alb_target_group_attachment_80" { - count = length(module.ec2_private_app1.id) - target_group_arn = module.alb.target_group_arns[0] - target_id = module.ec2_private_app1.id[count.index] - port = 80 -} -*/ diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/c12-route53-dnsregistration.tf b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/c12-route53-dnsregistration.tf deleted file mode 100644 index 4adfee6b..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/c12-route53-dnsregistration.tf +++ /dev/null @@ -1,12 +0,0 @@ -## DNS Registration - apps.devopsincloud.com -resource "aws_route53_record" "apps_dns" { - zone_id = data.aws_route53_zone.mydomain.id - name = "asg-lc2.devopsincloud.com" - type = "A" - - alias { - name = module.alb.this_lb_dns_name - zone_id = module.alb.this_lb_zone_id - evaluate_target_health = true - } -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/c13-autoscaling-launchconfiguration.tf b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/c13-autoscaling-launchconfiguration.tf deleted file mode 100644 index a29a2954..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/c13-autoscaling-launchconfiguration.tf +++ /dev/null @@ -1,147 +0,0 @@ -# Autoscaling with Launch Configuration - Both created at a time -module "autoscaling" { - source = "terraform-aws-modules/autoscaling/aws" - version = "3.9.0" - - name = "myasg-with-alb" - - # Launch configuration - # - # launch_configuration = "my-existing-launch-configuration" # Use the existing launch configuration - # create_lc = false # disables creation of launch configuration - lc_name = "myasg-lc1" - - image_id = data.aws_ami.amzlinux2.id - instance_type = "t3.micro" - security_groups = [module.private_sg.this_security_group_id] - #load_balancers = [module.alb.this_lb_id] - for ELB-CLB - target_group_arns = module.alb.target_group_arns # FOR ALB TG - key_name = var.instance_keypair - user_data = file("${path.module}/app1-install.sh") - - # Optionl - For additional mount points in VM - ebs_block_device = [ - { - device_name = "/dev/xvdz" - volume_type = "gp2" - volume_size = "5" - delete_on_termination = true - }, - ] - - root_block_device = [ - { - volume_size = "10" - volume_type = "gp2" - }, - ] - - # Auto scaling group - asg_name = "myapp1-asg" - vpc_zone_identifier = [ - module.vpc.private_subnets[0], - module.vpc.private_subnets[1], - module.vpc.private_subnets[2] - ] - health_check_type = "EC2" - desired_capacity = 2 - min_size = 2 - max_size = 10 - wait_for_capacity_timeout = 0 - - tags = [ - { - key = "Environment" - value = "dev" - propagate_at_launch = true - }, - { - key = "Project" - value = "megasecret" - propagate_at_launch = true - }, - ] -} - -###### Target Tracking Scaling Policies ###### -# TTS - Scaling Policy-1: Based on CPU Utilization -# Define Autoscaling Policies and Associate them to Autoscaling Group -resource "aws_autoscaling_policy" "avg_cpu_policy_greater_than_xx" { - name = "avg-cpu-policy-greater-than-xx" - policy_type = "TargetTrackingScaling" # Important Note: The policy type, either "SimpleScaling", "StepScaling" or "TargetTrackingScaling". If this value isn't provided, AWS will default to "SimpleScaling." - autoscaling_group_name = module.autoscaling.this_autoscaling_group_id - estimated_instance_warmup = 180 # defaults to ASG default cooldown 300 seconds if not set - # CPU Utilization is above 50 - target_tracking_configuration { - predefined_metric_specification { - predefined_metric_type = "ASGAverageCPUUtilization" - } - target_value = 50.0 - } - -} - -# TTS - Scaling Policy-2: Based on ALB Target Requests -resource "aws_autoscaling_policy" "alb_target_requests_greater_than_yy" { - name = "alb-target-requests-greater-than-yy" - policy_type = "TargetTrackingScaling" # Important Note: The policy type, either "SimpleScaling", "StepScaling" or "TargetTrackingScaling". If this value isn't provided, AWS will default to "SimpleScaling." - autoscaling_group_name = module.autoscaling.this_autoscaling_group_id - estimated_instance_warmup = 120 # defaults to ASG default cooldown 300 seconds if not set - # Number of requests > 10 completed per target in an Application Load Balancer target group. - target_tracking_configuration { - predefined_metric_specification { - predefined_metric_type = "ALBRequestCountPerTarget" - resource_label = "${module.alb.this_lb_arn_suffix}/${module.alb.target_group_arn_suffixes[0]}" - } - target_value = 10.0 - } -} - -# Autoscaling Notifications -## SNS - Topic -resource "aws_sns_topic" "myasg_sns_topic" { - name = "myasg-sns-topic" -} - -## SNS - Subscription -resource "aws_sns_topic_subscription" "myasg_sns_topic_subscription" { - topic_arn = aws_sns_topic.myasg_sns_topic.arn - protocol = "email" - endpoint = "stacksimplify@gmail.com" -} - -## Create Autoscaling Notification Resource -resource "aws_autoscaling_notification" "myasg_notifications" { - group_names = [module.autoscaling.this_autoscaling_group_id] - notifications = [ - "autoscaling:EC2_INSTANCE_LAUNCH", - "autoscaling:EC2_INSTANCE_TERMINATE", - "autoscaling:EC2_INSTANCE_LAUNCH_ERROR", - "autoscaling:EC2_INSTANCE_TERMINATE_ERROR", - ] - topic_arn = aws_sns_topic.myasg_sns_topic.arn -} - -## Create Scheduled Actions -### Create Scheduled Action-1: Increase capacity during business hours -resource "aws_autoscaling_schedule" "increase_capacity_7am" { - scheduled_action_name = "increase-capacity-7am" - min_size = 2 - max_size = 10 - desired_capacity = 8 - start_time = "2021-03-30T11:00:00Z" # Time should be provided in UTC Timezone (11am UTC = 7AM EST) - recurrence = "00 09 * * *" - autoscaling_group_name = module.autoscaling.this_autoscaling_group_id -} -### Create Scheduled Action-2: Decrease capacity during business hours -resource "aws_autoscaling_schedule" "decrease_capacity_5pm" { - scheduled_action_name = "decrease-capacity-5pm" - min_size = 2 - max_size = 10 - desired_capacity = 2 - start_time = "2021-03-30T21:00:00Z" # Time should be provided in UTC Timezone (9PM UTC = 5PM EST) - recurrence = "00 21 * * *" - autoscaling_group_name = module.autoscaling.this_autoscaling_group_id -} - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/c14-o1-asg-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/c14-o1-asg-outputs.tf deleted file mode 100644 index 62df6bf6..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/c14-o1-asg-outputs.tf +++ /dev/null @@ -1,12 +0,0 @@ -# Launch configuration -output "this_launch_configuration_id" { - description = "The ID of the launch configuration" - value = module.autoscaling.this_launch_configuration_id -} - -# Autoscaling group -output "this_autoscaling_group_id" { - description = "The autoscaling group id" - value = module.autoscaling.this_autoscaling_group_id -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/c14-o2-alb-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/c14-o2-alb-outputs.tf deleted file mode 100644 index 4b1ec4d9..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/c14-o2-alb-outputs.tf +++ /dev/null @@ -1,59 +0,0 @@ -output "this_lb_id" { - description = "The ID and ARN of the load balancer we created." - value = module.alb.this_lb_id -} - -output "this_lb_arn" { - description = "The ID and ARN of the load balancer we created." - value = module.alb.this_lb_arn -} - -output "this_lb_dns_name" { - description = "The DNS name of the load balancer." - value = module.alb.this_lb_dns_name -} - -output "this_lb_arn_suffix" { - description = "ARN suffix of our load balancer - can be used with CloudWatch." - value = module.alb.this_lb_arn_suffix -} - -output "this_lb_zone_id" { - description = "The zone_id of the load balancer to assist with creating DNS records." - value = module.alb.this_lb_zone_id -} - -output "http_tcp_listener_arns" { - description = "The ARN of the TCP and HTTP load balancer listeners created." - value = module.alb.http_tcp_listener_arns -} - -output "http_tcp_listener_ids" { - description = "The IDs of the TCP and HTTP load balancer listeners created." - value = module.alb.http_tcp_listener_ids -} - -output "https_listener_arns" { - description = "The ARNs of the HTTPS load balancer listeners created." - value = module.alb.https_listener_arns -} - -output "https_listener_ids" { - description = "The IDs of the load balancer listeners created." - value = module.alb.https_listener_ids -} - -output "target_group_arns" { - description = "ARNs of the target groups. Useful for passing to your Auto Scaling group." - value = module.alb.target_group_arns -} - -output "target_group_arn_suffixes" { - description = "ARN suffixes of our target groups - can be used with CloudWatch." - value = module.alb.target_group_arn_suffixes -} - -output "target_group_names" { - description = "Name of the target group. Useful for passing to your CodeDeploy Deployment Group." - value = module.alb.target_group_names -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/c14-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/c14-outputs.tf deleted file mode 100644 index a6456be1..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/c14-outputs.tf +++ /dev/null @@ -1,133 +0,0 @@ -/* -# Output Values -### VPC Output Values -# VPC -output "vpc_id" { - description = "The ID of the VPC" - value = module.vpc.vpc_id -} -# CIDR blocks -output "vpc_cidr_block" { - description = "The CIDR block of the VPC" - value = module.vpc.vpc_cidr_block -} -# Subnets -output "private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc.private_subnets -} -output "public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc.public_subnets -} -# NAT gateways -output "nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_public_ips -} -# AZs -output "azs" { - description = "A list of availability zones spefified as argument to this module" - value = module.vpc.azs -} - -### EC2 Security Group Output Values -# Private EC2 Instances Security Group Outputs -output "private_sg_group_id" { - description = "The ID of the security group" - value = module.private_sg.this_security_group_id -} -output "private_sg_group_vpc_id" { - description = "The VPC ID" - value = module.private_sg.this_security_group_vpc_id -} -output "private_sg_group_name" { - description = "The name of the security group" - value = module.private_sg.this_security_group_name -} - -# Public Bastion Host Security Group Outputs -output "public_bastion_sg_group_id" { - description = "The ID of the security group" - value = module.public_bastion_sg.this_security_group_id -} -output "ssh_sg_group_vpc_id" { - description = "The VPC ID" - value = module.public_bastion_sg.this_security_group_vpc_id -} -output "ssh_sg_group_name" { - description = "The name of the security group" - value = module.public_bastion_sg.this_security_group_name -} - -### EC2 Instance Output Values -# Private EC2 Instances -output "ec2_private_instance_ids" { - description = "List of IDs of instances" - value = module.ec2_private_app1.id -} -output "ec2_private_ip" { - description = "List of private ip address assigned to the instances" - value = module.ec2_private_app1.private_ip -} - -# Public EC2 Instances - Bastion Host -output "ec2_bastion_public_instance_ids" { - description = "List of IDs of instances" - value = module.ec2_public.id -} -output "ec2_bastion_public_ip" { - description = "List of Public ip address assigned to the instances" - value = module.ec2_public.public_ip -} - -# ALB Application Load Balancer Outputs -# https://github.com/terraform-aws-modules/terraform-aws-alb/blob/master/examples/complete-alb/outputs.tf -output "alb_dns_name" { - description = "The DNS name of the load balancer." - value = module.alb.this_lb_dns_name -} - -output "alb_http_tcp_listener_arns" { - description = "The ARN of the TCP and HTTP load balancer listeners created." - value = module.alb.http_tcp_listener_arns -} - - -# Route53 Zone Outputs -output "route53_domain" { - value = data.aws_route53_zone.mydomain.name -} - -# ACM Outputs -output "this_acm_certificate_arn" { - description = "The ARN of the certificate" - value = module.acm.this_acm_certificate_arn -} - -output "this_acm_certificate_domain_validation_options" { - description = "A list of attributes to feed into other resources to complete certificate validation. Can have more than one element, e.g. if SANs are defined. Only set if DNS-validation was used." - value = module.acm.this_acm_certificate_domain_validation_options -} - -output "this_acm_certificate_validation_emails" { - description = "A list of addresses that received a validation E-Mail. Only set if EMAIL-validation was used." - value = module.acm.this_acm_certificate_validation_emails -} - -output "validation_route53_record_fqdns" { - description = "List of FQDNs built using the zone domain and name." - value = module.acm.validation_route53_record_fqdns -} - -output "distinct_domain_names" { - description = "List of distinct domains names used for the validation." - value = module.acm.distinct_domain_names -} - -output "validation_domains" { - description = "List of distinct domain validation options. This is useful if subject alternative names contain wildcards." - value = module.acm.validation_domains -} - -*/ diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/c2-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/c2-variables.tf deleted file mode 100644 index f0de1c7b..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/c2-variables.tf +++ /dev/null @@ -1,103 +0,0 @@ -# Input Variables - -# AWS Region -variable "aws_region" { - description = "Region in which AWS Resources to be created" - type = string - default = "us-east-1" -} - -# Environment Variable -variable "environment" { - description = "Environment Variable used as a prefix" - type = string - default = "dev" -} - -# Application Name -variable "business_divsion" { - description = "Business Division in the large organization this Infrastructure belongs" - type = string - default = "HR-Team" -} - -# VPC Variables -variable "vpc_name" { - description = "VPC Name" - type = string - default = "myvpc" -} - -variable "vpc_cidr_block" { - description = "VPC CIDR Block" - type = string - default = "10.0.0.0/16" -} - -variable "vpc_availability_zones" { - description = "VPC Availability Zones" - type = list(string) - default = ["us-east-1a", "us-east-1b", "us-east-1c"] -} - -variable "vpc_public_subnets" { - description = "VPC Public Subnets" - type = list(string) - default = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"] -} - -variable "vpc_private_subnets" { - description = "VPC Private Subnets" - type = list(string) - default = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] -} - -variable "vpc_database_subnets" { - description = "VPC Database Subnets" - type = list(string) - default = ["10.0.151.0/24", "10.0.152.0/24", "10.0.153.0/24"] -} - -variable "vpc_create_database_subnet_group" { - description = "VPC Create Database Subnet Group" - type = bool - default = true -} - -variable "vpc_create_database_subnet_route_table" { - description = "VPC Create Database Subnet Route Table" - type = bool - default = true -} - - -variable "vpc_enable_nat_gateway" { - description = "Enable NAT Gateways for Private Subnets Outbound Communication" - type = bool - default = true -} - -variable "vpc_single_nat_gateway" { - description = "Enable only single NAT Gateway in one Availability Zone to save costs during our demos" - type = bool - default = true -} - -# EC2 Instance Variables - -# AWS EC2 Instance Type -variable "instance_type" { - description = "EC2 Instance Type" - type = string - default = "t3.micro" -} - -# AWS EC2 Instance Key Pair -variable "instance_keypair" { - description = "AWS EC2 Key pair that need to be associated with EC2 Instance" - type = string - default = "terraform-key" -} - - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/c3-local-values.tf b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/c3-local-values.tf deleted file mode 100644 index a34ca566..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/c3-local-values.tf +++ /dev/null @@ -1,10 +0,0 @@ -# Define Local Values in Terraform -locals { - owners = var.business_divsion - environment = var.environment - name = "${var.environment}-${var.vpc_name}" - common_tags = { - owners = local.owners - environment = local.environment - } -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/c4-vpc.tf b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/c4-vpc.tf deleted file mode 100644 index 4c92d72f..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/c4-vpc.tf +++ /dev/null @@ -1,42 +0,0 @@ -# Create VPC Terraform Module -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - version = "2.77.0" - - # VPC Basic Details - name = local.name - cidr = var.vpc_cidr_block - azs = var.vpc_availability_zones - public_subnets = var.vpc_public_subnets - private_subnets = var.vpc_private_subnets - - # Database Subnets - database_subnets = var.vpc_database_subnets - create_database_subnet_group = var.vpc_create_database_subnet_group - create_database_subnet_route_table = var.vpc_create_database_subnet_route_table - # create_database_internet_gateway_route = true - # create_database_nat_gateway_route = true - - # NAT Gateways - Outbound Communication - enable_nat_gateway = var.vpc_enable_nat_gateway - single_nat_gateway = var.vpc_single_nat_gateway - - # VPC DNS Parameters - enable_dns_hostnames = true - enable_dns_support = true - - - tags = local.common_tags - vpc_tags = local.common_tags - - # Additional Tags to Subnets - public_subnet_tags = { - Type = "Public Subnets" - } - private_subnet_tags = { - Type = "Private Subnets" - } - database_subnet_tags = { - Type = "Private Database Subnets" - } -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/c5-ec2securitygroup.tf b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/c5-ec2securitygroup.tf deleted file mode 100644 index 8e8f2313..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/c5-ec2securitygroup.tf +++ /dev/null @@ -1,51 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Private EC2 Instances -module "private_sg" { - source = "terraform-aws-modules/security-group/aws" - version = "~> 3" - - name = "private-sg" - description = "Security group with HTTP & SSH ports open for everybody (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - ingress_rules = ["ssh-tcp", "http-80-tcp", "http-8080-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - egress_rules = ["all-all"] - tags = local.common_tags -} - -# Security Group for Public Bastion Host -module "public_bastion_sg" { - source = "terraform-aws-modules/security-group/aws" - version = "~> 3" - - name = "public-bastion-sg" - description = "Security group with SSH port open for everybody (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Block - ingress_rules = ["ssh-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} - -# Security Group for Public Load Balancer -module "loadbalancer_sg" { - source = "terraform-aws-modules/security-group/aws" - version = "~> 3" - - - name = "loadbalancer-sg" - description = "Security group with HTTP port open for everybody (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - - # Ingress Rules & CIDR Block - ingress_rules = ["http-80-tcp", "https-443-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} - - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/c6-ami-datasource.tf b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/c6-ami-datasource.tf deleted file mode 100644 index c292b608..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/c6-ami-datasource.tf +++ /dev/null @@ -1,21 +0,0 @@ -# Get latest AMI ID for Amazon Linux2 OS -data "aws_ami" "amzlinux2" { - most_recent = true - owners = [ "amazon" ] - filter { - name = "name" - values = [ "amzn2-ami-hvm-*-gp2" ] - } - filter { - name = "root-device-type" - values = [ "ebs" ] - } - filter { - name = "virtualization-type" - values = [ "hvm" ] - } - filter { - name = "architecture" - values = [ "x86_64" ] - } -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/c7-ec2instance.tf b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/c7-ec2instance.tf deleted file mode 100644 index da736a60..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/c7-ec2instance.tf +++ /dev/null @@ -1,41 +0,0 @@ -# AWS EC2 Instance Terraform Module -/* -# EC2 Instances that will be created in VPC Private Subnets -# App1 - EC2 Instances -module "ec2_private_app1" { - source = "terraform-aws-modules/ec2-instance/aws" - version = "2.17.0" - name = "${var.environment}-app1" - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - user_data = file("${path.module}/app1-install.sh") - key_name = var.instance_keypair - vpc_security_group_ids = [module.private_sg.this_security_group_id] - instance_count = 1 - subnet_ids = [ - module.vpc.private_subnets[0], - module.vpc.private_subnets[1], - module.vpc.private_subnets[2] - ] - tags = local.common_tags -} -*/ - - - - -# Bastion Host - EC2 Instance that will be created in VPC Public Subnet -module "ec2_public" { - source = "terraform-aws-modules/ec2-instance/aws" - version = "2.17.0" - # insert the 10 required variables here - name = "${var.environment}-BastionHost" - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - subnet_id = module.vpc.public_subnets[0] - vpc_security_group_ids = [module.public_bastion_sg.this_security_group_id] - instance_count = 1 - tags = local.common_tags -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/c8-elasticip.tf b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/c8-elasticip.tf deleted file mode 100644 index 2461500b..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/c8-elasticip.tf +++ /dev/null @@ -1,7 +0,0 @@ -# Create Elastic IP for Bastion Host -resource "aws_eip" "bastion_eip" { - depends_on = [module.ec2_public] - instance = module.ec2_public.id[0] - vpc = true - tags = local.common_tags -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/c9-nullresource-provisioners.tf b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/c9-nullresource-provisioners.tf deleted file mode 100644 index 0c297ba5..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/c9-nullresource-provisioners.tf +++ /dev/null @@ -1,26 +0,0 @@ -# Create a Null Resource and Provisioners -resource "null_resource" "name" { - depends_on = [module.ec2_public, aws_eip.bastion_eip] - # Connection Block for Provisioners to connect to EC2 Instance - connection { - type = "ssh" - host = aws_eip.bastion_eip.public_ip - user = "ec2-user" - password = "" - private_key = file("private-key/terraform-key.pem") - } - - # Copies the terraform-key.pem file to /home/ec2-user/terraform-key.pem - provisioner "file" { - source = "private-key/terraform-key.pem" - destination = "/home/ec2-user/terraform-key.pem" - } - -# Using remote-exec provisioner fix the private key permissions - provisioner "remote-exec" { - inline = [ - "sudo chmod 400 /home/ec2-user/terraform-key.pem" - ] - } -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/private-key/terraform-key.pem b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/private-key/terraform-key.pem deleted file mode 100644 index fab1eb2a..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/private-key/terraform-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAnzQtbXStFNU4znotckbPpAbQvymSYBvIRhObDObmhZLzs/Qm -lm57HBU18NcdAeEmKjHyu/2CI4Wwor3TJ+LTKHIldHmCt+26dSN5889Km99Af674 -nuPg9fTt8IXhY83aO0AeEnFivC+lk9+6Xezv7J7Llsmyx3kvUGE4uUEPNPuNcjdU -OrSlQ/Th9FPWBsTL8wLQCfQaPIQhZT8fXnvNGViTpZ/YqcoKGmkXcMl/+Pi0Xccs -ID3Egl18sV5uWr6T1DSMqhhwWYbl+IagZYUeKQ6Lg5znAtnX2/OHhDep6pGcf+aE -jbRkhQWgfLIVYhNXkAGxdxBEA2fQO0wvnaKI6wIDAQABAoIBABmUZqApmQ253LDA -TMEJw58VQUEVyuEKVbl8uPLvvqZDoEiPuAt/oOQ4PDyAM7bzmBA7ikbOSrSubF0Z -pu3HsinTfVUjmO84kTb1Bkk4S0KUMmbRlDzjXGfofLqiqD5C+wd+G9bWxQh7l10V -G3qv8TTRpuCJc+I9BG8jz9tkKq9WYtnGKXktVIAmEXK+ein8A5yj+szV1CyP0y6Y -6D1KApk+o1hLEXCBxaK6JgD4elJWgU0jCIhRFZzae93yozNIfJc2WZfPc8Ro6GBa -8H57q3E241P7S65VewhZlln9AUcRFYc587ohcCIW8mOWQ8NA3IMP+oVxa2p334Ll -duhR2jECgYEAyf7a1/+/c82B+ENyo53Y5CK2UM28oOJjiyCaWG2Dxj6V2+ZSXPrS -YTo43L9XiqT0Ry2eHjb4pJDsEeW5FnaDFO6NVUP+vfzaqWtozQmVAl3GQybbSh6g -+KJoEQff2Obadp9ZVhLFTiBedvGqPD43hs7jtmk5RfMjpLOvidfe+/UCgYEAycSJ -etYYHMMQm2NgX1/4dcbgOiu33N+x1H7LaXuvJMaZw0wB7fUyu65CAexEanDtiKs3 -jVG4tAzdMmHg7VxKR7eiCvQaSlxdWdcWtL2eFVq2TaQeowbpJUtsR0h6W0vpaN9A -VYW/oAH4fzQskwmWSlBMxB/Ie14hBCBckTXSRV8CgYEAql6WXpCK/jVbZfYdfvrn -sKPGeijM7DWGGBaLmAHmnxKyeyKsXVgAkZj11NpeD8ZJcq97Kajb1pGVSxMjJVsX -/FOoST5sYfoew76gSi/GypQlYQYo9z8WLh9s/tBRcTRlFqAYTYzPdbG/ezshhmZD -lyRw0620bNdCPOyBJhY5MPECgYA/3tFOazuSz0UQi3LUfkLetagBghlf+AgJJmIp -8BdPYvcF1ae+tiHrO4x1o188+qaW3uxk9fusM25KJqXXPaHd9gl7wi4YYAjFCcuM -R4IlbGPNTCjOnr9rKOcL4aup/uvSYOmyqPYyJq2NRuzdVumWeLj0VMNYGkIFVmE3 -LnxzrQKBgG5loEjdSKt40YOMXtYvUYUKDGvWgoQEb0hj3OqiBXz+w4YD3/iX7dbQ -qra1gCxE42Z9beiBiti6zi6zGcoVj/pfNUoyxTLMSwaytbF+g1u6ksXcmC9PXcmk -kJDR0DJcm/rcL8tp3PKo22GDB7sobm9gk5je6y8z+dQs3SQbWzb0 ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/terraform.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/terraform.tfvars deleted file mode 100644 index 4c4c4134..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/14-ALB-Autoscaling-with-Launch-Configuration/terraform-manifests/terraform.tfvars +++ /dev/null @@ -1,26 +0,0 @@ -# Generic Variables -aws_region = "us-east-1" -environment = "stag" -business_divsion = "HR-Team" - -# VPC Variables -vpc_name = "myvpc" -vpc_cidr_block = "10.0.0.0/16" -vpc_availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"] -vpc_public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"] -vpc_private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] -vpc_database_subnets= ["10.0.151.0/24", "10.0.152.0/24", "10.0.153.0/24"] -vpc_create_database_subnet_group = true -vpc_create_database_subnet_route_table = true -vpc_enable_nat_gateway = true -vpc_single_nat_gateway = true - -# EC2 Instance Variables -instance_type = "t3.micro" -instance_keypair = "terraform-key" - - - - - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/app1-install.sh b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/app1-install.sh deleted file mode 100644 index f697dd1d..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/app1-install.sh +++ /dev/null @@ -1,12 +0,0 @@ -#! /bin/bash -# Instance Identity Metadata Reference - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html -sudo yum update -y -sudo yum install -y httpd -sudo systemctl enable httpd -sudo service httpd start -sudo echo 'Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app1/index.html -sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app1/metadata.html - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/app2-install.sh b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/app2-install.sh deleted file mode 100644 index 805d4bea..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/app2-install.sh +++ /dev/null @@ -1,12 +0,0 @@ -#! /bin/bash -# Instance Identity Metadata Reference - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html -sudo yum update -y -sudo yum install -y httpd -sudo systemctl enable httpd -sudo service httpd start -sudo echo 'Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app2/index.html -sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app2/metadata.html - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c1-versions.tf b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c1-versions.tf deleted file mode 100644 index 52d9f8d4..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c1-versions.tf +++ /dev/null @@ -1,24 +0,0 @@ -# Terraform Block -terraform { - required_version = ">= 1.0" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 3.0" - } - null = { - source = "hashicorp/null" - version = "~> 3.0" - } - } -} - -# Provider Block -provider "aws" { - region = var.aws_region - profile = "default" -} -/* -Note-1: AWS Credentials Profile (profile = "default") configured on your local desktop terminal -$HOME/.aws/credentials -*/ diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf deleted file mode 100644 index 0aeebd65..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf +++ /dev/null @@ -1,3 +0,0 @@ -# Terraform AWS Application Load Balancer Variables -# Place holder file for AWS ALB Variables - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c10-02-ALB-application-loadbalancer.tf b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c10-02-ALB-application-loadbalancer.tf deleted file mode 100644 index 830cf1c0..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c10-02-ALB-application-loadbalancer.tf +++ /dev/null @@ -1,143 +0,0 @@ -# Terraform AWS Application Load Balancer (ALB) -module "alb" { - source = "terraform-aws-modules/alb/aws" - version = "5.16.0" - - name = "${local.name}-alb" - load_balancer_type = "application" - vpc_id = module.vpc.vpc_id - subnets = [ - module.vpc.public_subnets[0], - module.vpc.public_subnets[1] - ] - security_groups = [module.loadbalancer_sg.this_security_group_id] - # Listeners - # HTTP Listener - HTTP to HTTPS Redirect - http_tcp_listeners = [ - { - port = 80 - protocol = "HTTP" - action_type = "redirect" - redirect = { - port = "443" - protocol = "HTTPS" - status_code = "HTTP_301" - } - } - ] - # Target Groups - target_groups = [ - # App1 Target Group - TG Index = 0 - { - name_prefix = "app1-" - backend_protocol = "HTTP" - backend_port = 80 - target_type = "instance" - deregistration_delay = 10 - health_check = { - enabled = true - interval = 30 - path = "/app1/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - protocol = "HTTP" - matcher = "200-399" - } - protocol_version = "HTTP1" - # App1 Target Group - Targets - targets = { - my_app1_vm1 = { - target_id = module.ec2_private_app1.id[0] - port = 80 - }, - my_app1_vm2 = { - target_id = module.ec2_private_app1.id[1] - port = 80 - } - } - tags =local.common_tags # Target Group Tags - }, - # App2 Target Group - TG Index = 1 - { - name_prefix = "app2-" - backend_protocol = "HTTP" - backend_port = 80 - target_type = "instance" - deregistration_delay = 10 - health_check = { - enabled = true - interval = 30 - path = "/app2/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - protocol = "HTTP" - matcher = "200-399" - } - protocol_version = "HTTP1" - # App2 Target Group - Targets - targets = { - my_app2_vm1 = { - target_id = module.ec2_private_app2.id[0] - port = 80 - }, - my_app2_vm2 = { - target_id = module.ec2_private_app2.id[1] - port = 80 - } - } - tags =local.common_tags # Target Group Tags - } - ] - - # HTTPS Listener - https_listeners = [ - # HTTPS Listener Index = 0 for HTTPS 443 - { - port = 443 - protocol = "HTTPS" - certificate_arn = module.acm.this_acm_certificate_arn - action_type = "fixed-response" - fixed_response = { - content_type = "text/plain" - message_body = "Fixed Static message - for Root Context" - status_code = "200" - } - }, - ] - - # HTTPS Listener Rules - https_listener_rules = [ - # Rule-1: /app1* should go to App1 EC2 Instances - { - https_listener_index = 0 - actions = [ - { - type = "forward" - target_group_index = 0 - } - ] - conditions = [{ - path_patterns = ["/app1*"] - }] - }, - # Rule-2: /app2* should go to App2 EC2 Instances - { - https_listener_index = 0 - actions = [ - { - type = "forward" - target_group_index = 1 - } - ] - conditions = [{ - path_patterns = ["/app2*"] - }] - }, - ] - - tags = local.common_tags # ALB Tags -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf deleted file mode 100644 index 2db1d52e..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf +++ /dev/null @@ -1,65 +0,0 @@ -# Terraform AWS Application Load Balancer (ALB) Outputs -output "this_lb_id" { - description = "The ID and ARN of the load balancer we created." - value = module.alb.this_lb_id -} - -output "this_lb_arn" { - description = "The ID and ARN of the load balancer we created." - value = module.alb.this_lb_arn -} - -output "this_lb_dns_name" { - description = "The DNS name of the load balancer." - value = module.alb.this_lb_dns_name -} - -output "this_lb_arn_suffix" { - description = "ARN suffix of our load balancer - can be used with CloudWatch." - value = module.alb.this_lb_arn_suffix -} - -output "this_lb_zone_id" { - description = "The zone_id of the load balancer to assist with creating DNS records." - value = module.alb.this_lb_zone_id -} - -output "http_tcp_listener_arns" { - description = "The ARN of the TCP and HTTP load balancer listeners created." - value = module.alb.http_tcp_listener_arns -} - -output "http_tcp_listener_ids" { - description = "The IDs of the TCP and HTTP load balancer listeners created." - value = module.alb.http_tcp_listener_ids -} - -output "https_listener_arns" { - description = "The ARNs of the HTTPS load balancer listeners created." - value = module.alb.https_listener_arns -} - -output "https_listener_ids" { - description = "The IDs of the load balancer listeners created." - value = module.alb.https_listener_ids -} - -output "target_group_arns" { - description = "ARNs of the target groups. Useful for passing to your Auto Scaling group." - value = module.alb.target_group_arns -} - -output "target_group_arn_suffixes" { - description = "ARN suffixes of our target groups - can be used with CloudWatch." - value = module.alb.target_group_arn_suffixes -} - -output "target_group_names" { - description = "Name of the target group. Useful for passing to your CodeDeploy Deployment Group." - value = module.alb.target_group_names -} - -output "target_group_attachments" { - description = "ARNs of the target group attachment IDs." - value = module.alb.target_group_attachments -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c11-acm-certificatemanager.tf b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c11-acm-certificatemanager.tf deleted file mode 100644 index 50fe5ef7..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c11-acm-certificatemanager.tf +++ /dev/null @@ -1,20 +0,0 @@ -# ACM Module - To create and Verify SSL Certificates -module "acm" { - source = "terraform-aws-modules/acm/aws" - version = "2.14.0" - - domain_name = trimsuffix(data.aws_route53_zone.mydomain.name, ".") - zone_id = data.aws_route53_zone.mydomain.zone_id - - subject_alternative_names = [ - "*.devopsincloud.com" - ] - tags = local.common_tags -} - -# Output ACM Certificate ARN -output "this_acm_certificate_arn" { - description = "The ARN of the certificate" - value = module.acm.this_acm_certificate_arn -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c12-route53-dnsregistration.tf b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c12-route53-dnsregistration.tf deleted file mode 100644 index ae2492e7..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c12-route53-dnsregistration.tf +++ /dev/null @@ -1,11 +0,0 @@ -# DNS Registration -resource "aws_route53_record" "apps_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = "apps.devopsincloud.com" - type = "A" - alias { - name = module.alb.this_lb_dns_name - zone_id = module.alb.this_lb_zone_id - evaluate_target_health = true - } -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c2-generic-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c2-generic-variables.tf deleted file mode 100644 index c238ceaa..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c2-generic-variables.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Input Variables -# AWS Region -variable "aws_region" { - description = "Region in which AWS Resources to be created" - type = string - default = "us-east-1" -} -# Environment Variable -variable "environment" { - description = "Environment Variable used as a prefix" - type = string - default = "dev" -} -# Business Division -variable "business_divsion" { - description = "Business Division in the large organization this Infrastructure belongs" - type = string - default = "sap" -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c3-local-values.tf b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c3-local-values.tf deleted file mode 100644 index 9465b846..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c3-local-values.tf +++ /dev/null @@ -1,11 +0,0 @@ -# Define Local Values in Terraform -locals { - owners = var.business_divsion - environment = var.environment - name = "${var.business_divsion}-${var.environment}" - #name = "${local.owners}-${local.environment}" - common_tags = { - owners = local.owners - environment = local.environment - } -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c4-01-vpc-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c4-01-vpc-variables.tf deleted file mode 100644 index b68d0a48..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c4-01-vpc-variables.tf +++ /dev/null @@ -1,77 +0,0 @@ -# VPC Input Variables - -# VPC Name -variable "vpc_name" { - description = "VPC Name" - type = string - default = "myvpc" -} - -# VPC CIDR Block -variable "vpc_cidr_block" { - description = "VPC CIDR Block" - type = string - default = "10.0.0.0/16" -} - -# VPC Availability Zones -variable "vpc_availability_zones" { - description = "VPC Availability Zones" - type = list(string) - default = ["us-east-1a", "us-east-1b"] -} - -# VPC Public Subnets -variable "vpc_public_subnets" { - description = "VPC Public Subnets" - type = list(string) - default = ["10.0.101.0/24", "10.0.102.0/24"] -} - -# VPC Private Subnets -variable "vpc_private_subnets" { - description = "VPC Private Subnets" - type = list(string) - default = ["10.0.1.0/24", "10.0.2.0/24"] -} - -# VPC Database Subnets -variable "vpc_database_subnets" { - description = "VPC Database Subnets" - type = list(string) - default = ["10.0.151.0/24", "10.0.152.0/24"] -} - -# VPC Create Database Subnet Group (True / False) -variable "vpc_create_database_subnet_group" { - description = "VPC Create Database Subnet Group" - type = bool - default = true -} - -# VPC Create Database Subnet Route Table (True or False) -variable "vpc_create_database_subnet_route_table" { - description = "VPC Create Database Subnet Route Table" - type = bool - default = true -} - - -# VPC Enable NAT Gateway (True or False) -variable "vpc_enable_nat_gateway" { - description = "Enable NAT Gateways for Private Subnets Outbound Communication" - type = bool - default = true -} - -# VPC Single NAT Gateway (True or False) -variable "vpc_single_nat_gateway" { - description = "Enable only single NAT Gateway in one Availability Zone to save costs during our demos" - type = bool - default = true -} - - - - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c4-02-vpc-module.tf b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c4-02-vpc-module.tf deleted file mode 100644 index 21a86db6..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c4-02-vpc-module.tf +++ /dev/null @@ -1,43 +0,0 @@ -# Create VPC Terraform Module -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - version = "2.78.0" - #version = "~> 2.78" - - # VPC Basic Details - name = "${local.name}-${var.vpc_name}" - cidr = var.vpc_cidr_block - azs = var.vpc_availability_zones - public_subnets = var.vpc_public_subnets - private_subnets = var.vpc_private_subnets - - # Database Subnets - database_subnets = var.vpc_database_subnets - create_database_subnet_group = var.vpc_create_database_subnet_group - create_database_subnet_route_table = var.vpc_create_database_subnet_route_table - # create_database_internet_gateway_route = true - # create_database_nat_gateway_route = true - - # NAT Gateways - Outbound Communication - enable_nat_gateway = var.vpc_enable_nat_gateway - single_nat_gateway = var.vpc_single_nat_gateway - - # VPC DNS Parameters - enable_dns_hostnames = true - enable_dns_support = true - - - tags = local.common_tags - vpc_tags = local.common_tags - - # Additional Tags to Subnets - public_subnet_tags = { - Type = "Public Subnets" - } - private_subnet_tags = { - Type = "Private Subnets" - } - database_subnet_tags = { - Type = "Private Database Subnets" - } -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c4-03-vpc-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c4-03-vpc-outputs.tf deleted file mode 100644 index c144e991..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c4-03-vpc-outputs.tf +++ /dev/null @@ -1,37 +0,0 @@ -# VPC Output Values - -# VPC ID -output "vpc_id" { - description = "The ID of the VPC" - value = module.vpc.vpc_id -} - -# VPC CIDR blocks -output "vpc_cidr_block" { - description = "The CIDR block of the VPC" - value = module.vpc.vpc_cidr_block -} - -# VPC Private Subnets -output "private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc.private_subnets -} - -# VPC Public Subnets -output "public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc.public_subnets -} - -# VPC NAT gateway Public IP -output "nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_public_ips -} - -# VPC AZs -output "azs" { - description = "A list of availability zones spefified as argument to this module" - value = module.vpc.azs -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c5-01-securitygroup-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c5-01-securitygroup-variables.tf deleted file mode 100644 index fecdef54..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c5-01-securitygroup-variables.tf +++ /dev/null @@ -1,2 +0,0 @@ -# AWS EC2 Security Group Terraform Variables -## Placeholder file for Variables diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c5-02-securitygroup-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c5-02-securitygroup-outputs.tf deleted file mode 100644 index ce756305..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c5-02-securitygroup-outputs.tf +++ /dev/null @@ -1,40 +0,0 @@ -# AWS EC2 Security Group Terraform Outputs - -# Public Bastion Host Security Group Outputs -## public_bastion_sg_group_id -output "public_bastion_sg_group_id" { - description = "The ID of the security group" - value = module.public_bastion_sg.this_security_group_id -} - -## public_bastion_sg_group_vpc_id -output "public_bastion_sg_group_vpc_id" { - description = "The VPC ID" - value = module.public_bastion_sg.this_security_group_vpc_id -} - -## public_bastion_sg_group_name -output "public_bastion_sg_group_name" { - description = "The name of the security group" - value = module.public_bastion_sg.this_security_group_name -} - -# Private EC2 Instances Security Group Outputs -## private_sg_group_id -output "private_sg_group_id" { - description = "The ID of the security group" - value = module.private_sg.this_security_group_id -} - -## private_sg_group_vpc_id -output "private_sg_group_vpc_id" { - description = "The VPC ID" - value = module.private_sg.this_security_group_vpc_id -} - -## private_sg_group_name -output "private_sg_group_name" { - description = "The name of the security group" - value = module.private_sg.this_security_group_name -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c5-03-securitygroup-bastionsg.tf b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c5-03-securitygroup-bastionsg.tf deleted file mode 100644 index e8c2a767..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c5-03-securitygroup-bastionsg.tf +++ /dev/null @@ -1,16 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Public Bastion Host -module "public_bastion_sg" { - source = "terraform-aws-modules/security-group/aws" - version = "3.18.0" - - name = "public-bastion-sg" - description = "Security Group with SSH port open for everybody (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c5-04-securitygroup-privatesg.tf b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c5-04-securitygroup-privatesg.tf deleted file mode 100644 index 0351a7ca..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c5-04-securitygroup-privatesg.tf +++ /dev/null @@ -1,17 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Private EC2 Instances -module "private_sg" { - source = "terraform-aws-modules/security-group/aws" - version = "3.18.0" - - name = "private-sg" - description = "Security Group with HTTP & SSH port open for entire VPC Block (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp", "http-80-tcp"] - ingress_cidr_blocks = [module.vpc.vpc_cidr_block] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf deleted file mode 100644 index ae0d8306..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf +++ /dev/null @@ -1,28 +0,0 @@ -# Security Group for Public Load Balancer -module "loadbalancer_sg" { - source = "terraform-aws-modules/security-group/aws" - version = "3.18.0" - - name = "loadbalancer-sg" - description = "Security Group with HTTP open for entire Internet (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["http-80-tcp", "https-443-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags - - # Open to CIDRs blocks (rule or from_port+to_port+protocol+description) - ingress_with_cidr_blocks = [ - { - from_port = 81 - to_port = 81 - protocol = 6 - description = "Allow Port 81 from internet" - cidr_blocks = "0.0.0.0/0" - }, - ] -} - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c6-01-datasource-ami.tf b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c6-01-datasource-ami.tf deleted file mode 100644 index c292b608..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c6-01-datasource-ami.tf +++ /dev/null @@ -1,21 +0,0 @@ -# Get latest AMI ID for Amazon Linux2 OS -data "aws_ami" "amzlinux2" { - most_recent = true - owners = [ "amazon" ] - filter { - name = "name" - values = [ "amzn2-ami-hvm-*-gp2" ] - } - filter { - name = "root-device-type" - values = [ "ebs" ] - } - filter { - name = "virtualization-type" - values = [ "hvm" ] - } - filter { - name = "architecture" - values = [ "x86_64" ] - } -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c6-02-datasource-route53-zone.tf b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c6-02-datasource-route53-zone.tf deleted file mode 100644 index a30979d5..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c6-02-datasource-route53-zone.tf +++ /dev/null @@ -1,16 +0,0 @@ -# Get DNS information from AWS Route53 -data "aws_route53_zone" "mydomain" { - name = "devopsincloud.com" -} - -# Output MyDomain Zone ID -output "mydomain_zoneid" { - description = "The Hosted Zone id of the desired Hosted Zone" - value = data.aws_route53_zone.mydomain.zone_id -} - -# Output MyDomain name -output "mydomain_name" { - description = " The Hosted Zone name of the desired Hosted Zone." - value = data.aws_route53_zone.mydomain.name -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c7-01-ec2instance-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c7-01-ec2instance-variables.tf deleted file mode 100644 index 5067bec2..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c7-01-ec2instance-variables.tf +++ /dev/null @@ -1,23 +0,0 @@ -# AWS EC2 Instance Terraform Variables -# EC2 Instance Variables - -# AWS EC2 Instance Type -variable "instance_type" { - description = "EC2 Instance Type" - type = string - default = "t3.micro" -} - -# AWS EC2 Instance Key Pair -variable "instance_keypair" { - description = "AWS EC2 Key pair that need to be associated with EC2 Instance" - type = string - default = "terraform-key" -} - -# AWS EC2 Private Instance Count -variable "private_instance_count" { - description = "AWS EC2 Private Instances Count" - type = number - default = 1 -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c7-02-ec2instance-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c7-02-ec2instance-outputs.tf deleted file mode 100644 index 7391ccea..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c7-02-ec2instance-outputs.tf +++ /dev/null @@ -1,40 +0,0 @@ -# AWS EC2 Instance Terraform Outputs -# Public EC2 Instances - Bastion Host - -## ec2_bastion_public_instance_ids -output "ec2_bastion_public_instance_ids" { - description = "List of IDs of instances" - value = module.ec2_public.id -} - -## ec2_bastion_public_ip -output "ec2_bastion_public_ip" { - description = "List of public IP addresses assigned to the instances" - value = module.ec2_public.public_ip -} - -# App1 - Private EC2 Instances -## ec2_private_instance_ids -output "app1_ec2_private_instance_ids" { - description = "List of IDs of instances" - value = module.ec2_private_app1.id -} -## ec2_private_ip -output "app1_ec2_private_ip" { - description = "List of private IP addresses assigned to the instances" - value = module.ec2_private_app1.private_ip -} - -# App2 - Private EC2 Instances -## ec2_private_instance_ids -output "app2_ec2_private_instance_ids" { - description = "List of IDs of instances" - value = module.ec2_private_app2.id -} -## ec2_private_ip -output "app2_ec2_private_ip" { - description = "List of private IP addresses assigned to the instances" - value = module.ec2_private_app2.private_ip -} - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c7-03-ec2instance-bastion.tf b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c7-03-ec2instance-bastion.tf deleted file mode 100644 index 4148f148..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c7-03-ec2instance-bastion.tf +++ /dev/null @@ -1,17 +0,0 @@ -# AWS EC2 Instance Terraform Module -# Bastion Host - EC2 Instance that will be created in VPC Public Subnet -module "ec2_public" { - source = "terraform-aws-modules/ec2-instance/aws" - version = "2.17.0" - # insert the 10 required variables here - name = "${var.environment}-BastionHost" - #instance_count = 5 - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - subnet_id = module.vpc.public_subnets[0] - vpc_security_group_ids = [module.public_bastion_sg.this_security_group_id] - tags = local.common_tags -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c7-04-ec2instance-private-app1.tf b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c7-04-ec2instance-private-app1.tf deleted file mode 100644 index 66d888d4..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c7-04-ec2instance-private-app1.tf +++ /dev/null @@ -1,24 +0,0 @@ -# AWS EC2 Instance Terraform Module -# EC2 Instances that will be created in VPC Private Subnets for App1 -module "ec2_private_app1" { - depends_on = [ module.vpc ] # VERY VERY IMPORTANT else userdata webserver provisioning will fail - source = "terraform-aws-modules/ec2-instance/aws" - version = "2.17.0" - # insert the 10 required variables here - name = "${var.environment}-app1" - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - vpc_security_group_ids = [module.private_sg.this_security_group_id] - #subnet_id = module.vpc.public_subnets[0] - subnet_ids = [ - module.vpc.private_subnets[0], - module.vpc.private_subnets[1] - ] - instance_count = var.private_instance_count - user_data = file("${path.module}/app1-install.sh") - tags = local.common_tags -} - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c7-05-ec2instance-private-app2.tf b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c7-05-ec2instance-private-app2.tf deleted file mode 100644 index 66da349a..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c7-05-ec2instance-private-app2.tf +++ /dev/null @@ -1,24 +0,0 @@ -# AWS EC2 Instance Terraform Module -# EC2 Instances that will be created in VPC Private Subnets for App2 -module "ec2_private_app2" { - depends_on = [ module.vpc ] # VERY VERY IMPORTANT else userdata webserver provisioning will fail - source = "terraform-aws-modules/ec2-instance/aws" - version = "2.17.0" - # insert the 10 required variables here - name = "${var.environment}-app2" - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - vpc_security_group_ids = [module.private_sg.this_security_group_id] - #subnet_id = module.vpc.public_subnets[0] - subnet_ids = [ - module.vpc.private_subnets[0], - module.vpc.private_subnets[1] - ] - instance_count = var.private_instance_count - user_data = file("${path.module}/app2-install.sh") - tags = local.common_tags -} - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c8-elasticip.tf b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c8-elasticip.tf deleted file mode 100644 index 07fe130b..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c8-elasticip.tf +++ /dev/null @@ -1,16 +0,0 @@ -# Create Elastic IP for Bastion Host -# Resource - depends_on Meta-Argument -resource "aws_eip" "bastion_eip" { - depends_on = [ module.ec2_public, module.vpc ] - instance = module.ec2_public.id[0] - vpc = true - tags = local.common_tags - -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) - provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c9-nullresource-provisioners.tf b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c9-nullresource-provisioners.tf deleted file mode 100644 index a4b0bcdf..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/c9-nullresource-provisioners.tf +++ /dev/null @@ -1,42 +0,0 @@ -# Create a Null Resource and Provisioners -resource "null_resource" "name" { - depends_on = [module.ec2_public] - # Connection Block for Provisioners to connect to EC2 Instance - connection { - type = "ssh" - host = aws_eip.bastion_eip.public_ip - user = "ec2-user" - password = "" - private_key = file("private-key/terraform-key.pem") - } - -## File Provisioner: Copies the terraform-key.pem file to /tmp/terraform-key.pem - provisioner "file" { - source = "private-key/terraform-key.pem" - destination = "/tmp/terraform-key.pem" - } -## Remote Exec Provisioner: Using remote-exec provisioner fix the private key permissions on Bastion Host - provisioner "remote-exec" { - inline = [ - "sudo chmod 400 /tmp/terraform-key.pem" - ] - } -## Local Exec Provisioner: local-exec provisioner (Creation-Time Provisioner - Triggered during Create Resource) - provisioner "local-exec" { - command = "echo VPC created on `date` and VPC ID: ${module.vpc.vpc_id} >> creation-time-vpc-id.txt" - working_dir = "local-exec-output-files/" - #on_failure = continue - } -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) -/* provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } - */ - -} - -# Creation Time Provisioners - By default they are created during resource creations (terraform apply) -# Destory Time Provisioners - Will be executed during "terraform destroy" command (when = destroy) \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/ec2instance.auto.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/ec2instance.auto.tfvars deleted file mode 100644 index 2d1c0446..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/ec2instance.auto.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -# EC2 Instance Variables -instance_type = "t3.micro" -instance_keypair = "terraform-key" -private_instance_count = 2 diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt deleted file mode 100644 index 088352cc..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt +++ /dev/null @@ -1 +0,0 @@ -VPC created on Tue Apr 20 13:59:45 IST 2021 and VPC ID: vpc-0325dc1acd7eec103 diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/local-exec-output-files/destroy-time-prov.txt b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/local-exec-output-files/destroy-time-prov.txt deleted file mode 100644 index 66233f53..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/local-exec-output-files/destroy-time-prov.txt +++ /dev/null @@ -1 +0,0 @@ -Destroy time prov Tue Apr 20 14:11:11 IST 2021 diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/private-key/terraform-key.pem b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/private-key/terraform-key.pem deleted file mode 100644 index fab1eb2a..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/private-key/terraform-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAnzQtbXStFNU4znotckbPpAbQvymSYBvIRhObDObmhZLzs/Qm -lm57HBU18NcdAeEmKjHyu/2CI4Wwor3TJ+LTKHIldHmCt+26dSN5889Km99Af674 -nuPg9fTt8IXhY83aO0AeEnFivC+lk9+6Xezv7J7Llsmyx3kvUGE4uUEPNPuNcjdU -OrSlQ/Th9FPWBsTL8wLQCfQaPIQhZT8fXnvNGViTpZ/YqcoKGmkXcMl/+Pi0Xccs -ID3Egl18sV5uWr6T1DSMqhhwWYbl+IagZYUeKQ6Lg5znAtnX2/OHhDep6pGcf+aE -jbRkhQWgfLIVYhNXkAGxdxBEA2fQO0wvnaKI6wIDAQABAoIBABmUZqApmQ253LDA -TMEJw58VQUEVyuEKVbl8uPLvvqZDoEiPuAt/oOQ4PDyAM7bzmBA7ikbOSrSubF0Z -pu3HsinTfVUjmO84kTb1Bkk4S0KUMmbRlDzjXGfofLqiqD5C+wd+G9bWxQh7l10V -G3qv8TTRpuCJc+I9BG8jz9tkKq9WYtnGKXktVIAmEXK+ein8A5yj+szV1CyP0y6Y -6D1KApk+o1hLEXCBxaK6JgD4elJWgU0jCIhRFZzae93yozNIfJc2WZfPc8Ro6GBa -8H57q3E241P7S65VewhZlln9AUcRFYc587ohcCIW8mOWQ8NA3IMP+oVxa2p334Ll -duhR2jECgYEAyf7a1/+/c82B+ENyo53Y5CK2UM28oOJjiyCaWG2Dxj6V2+ZSXPrS -YTo43L9XiqT0Ry2eHjb4pJDsEeW5FnaDFO6NVUP+vfzaqWtozQmVAl3GQybbSh6g -+KJoEQff2Obadp9ZVhLFTiBedvGqPD43hs7jtmk5RfMjpLOvidfe+/UCgYEAycSJ -etYYHMMQm2NgX1/4dcbgOiu33N+x1H7LaXuvJMaZw0wB7fUyu65CAexEanDtiKs3 -jVG4tAzdMmHg7VxKR7eiCvQaSlxdWdcWtL2eFVq2TaQeowbpJUtsR0h6W0vpaN9A -VYW/oAH4fzQskwmWSlBMxB/Ie14hBCBckTXSRV8CgYEAql6WXpCK/jVbZfYdfvrn -sKPGeijM7DWGGBaLmAHmnxKyeyKsXVgAkZj11NpeD8ZJcq97Kajb1pGVSxMjJVsX -/FOoST5sYfoew76gSi/GypQlYQYo9z8WLh9s/tBRcTRlFqAYTYzPdbG/ezshhmZD -lyRw0620bNdCPOyBJhY5MPECgYA/3tFOazuSz0UQi3LUfkLetagBghlf+AgJJmIp -8BdPYvcF1ae+tiHrO4x1o188+qaW3uxk9fusM25KJqXXPaHd9gl7wi4YYAjFCcuM -R4IlbGPNTCjOnr9rKOcL4aup/uvSYOmyqPYyJq2NRuzdVumWeLj0VMNYGkIFVmE3 -LnxzrQKBgG5loEjdSKt40YOMXtYvUYUKDGvWgoQEb0hj3OqiBXz+w4YD3/iX7dbQ -qra1gCxE42Z9beiBiti6zi6zGcoVj/pfNUoyxTLMSwaytbF+g1u6ksXcmC9PXcmk -kJDR0DJcm/rcL8tp3PKo22GDB7sobm9gk5je6y8z+dQs3SQbWzb0 ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/terraform.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/terraform.tfvars deleted file mode 100644 index 8b9f8d7c..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/terraform.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# Generic Variables -aws_region = "us-east-1" -environment = "stag" -business_divsion = "hr" - - - - - - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/vpc.auto.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/vpc.auto.tfvars deleted file mode 100644 index fc45bf29..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/10-ALB-Path-Based-Routing/terraform-manifests/vpc.auto.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# VPC Variables -vpc_name = "myvpc" -vpc_cidr_block = "10.0.0.0/16" -vpc_availability_zones = ["us-east-1a", "us-east-1b"] -vpc_public_subnets = ["10.0.101.0/24", "10.0.102.0/24"] -vpc_private_subnets = ["10.0.1.0/24", "10.0.2.0/24"] -vpc_database_subnets= ["10.0.151.0/24", "10.0.152.0/24"] -vpc_create_database_subnet_group = true -vpc_create_database_subnet_route_table = true -vpc_enable_nat_gateway = true -vpc_single_nat_gateway = true \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/README.md b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/README.md deleted file mode 100644 index 02c51fa2..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/README.md +++ /dev/null @@ -1,251 +0,0 @@ ---- -title: AWS ALB Host Header based Routing using Terraform -description: Create AWS Application Load Balancer Host Header based Routing Rules usign Terraform ---- - -# AWS ALB Host Header based Routing using Terraform - -## Pre-requisites -- You need a Registered Domain in AWS Route53 to implement this usecase -- Copy your `terraform-key.pem` file to `terraform-manifests/private-key` folder - - -## Step-01: Introduction -- Implement AWS ALB Host Header based Routing - -[](https://stacksimplify.com/course-images/terraform-aws-alb-host-header-based-routing-1.png) - -[](https://stacksimplify.com/course-images/terraform-aws-alb-host-header-based-routing-2.png) - -## Step-02: Error Message realted AWS ACM Certificate Limit -- Review the AWS Support Case ID 8245155801 to demonstrate the issue and resolution from AWS -- Understand about how to submit the case related to Limit Increase for ACM Certificates. -- It will take 2 to 3 days to increase the limit and resolve the issue from AWS Side so if you want to ensure that before you hit the limit, if you want to increase you can submit the ticket well in advance. -```t -Error: Error requesting certificate: LimitExceededException: Error: you have reached your limit of 20 certificates in the last year. - - on .terraform/modules/acm/main.tf line 11, in resource "aws_acm_certificate" "this": - 11: resource "aws_acm_certificate" "this" { -``` - -## Step-03: Our Options to Continue -- **Option-1:** Submit the ticket to AWS and wait till they update the ACM certificate limit -- **Option-2:** Switch to other region and continue with our course. -- This limit you can hit at any point during your next sections of the course where you exceeded 20 times of certificate creation and deletion. -- With that said knowing to run these Terraform Manifests in other region is a better option. -- I will show you the steps you can perform to switch the region using the terraform manifests if you face this issue. -- Use this folder `terraform-manifests-us-east-2` terraform manifests to create resources in us-east-2 region. -- Review `step-04` for changes we need to perform to switch regions. - -## Step-04: Terraform Configurations to change to run in US-EAST-2 Ohio Region -### Step-04-00: Update terraform.tfvars -```t -# Before -aws_region = "us-east-1" - -# After -aws_region = "us-east-2" -``` -### Step-04-01: Update vpc.auto.tfvars -```t -# Before -vpc_availability_zones = ["us-east-1a", "us-east-1b"] - -# After -vpc_availability_zones = ["us-east-2a", "us-east-2b"] -``` -### Step-04-02: Create new EC2 Key pair in region us-east-2 Ohio -- Go to Services -> EC2 -> Network & Security -> Keypairs -- **Name:** terraform-key-us-east-2 -- **File Format:** pem -- Click on **Create keypair** -- You can have the keypair name same in us-east-2 region also so that you don't need to change anything in `c9-nullresource-provisioners.tf`. Choice is yours. -- To identify the difference, i have given different name here. - -### Step-04-03: Copy newly created keypair to private-key folder -- Copy the newly created keypair `terraform-key-us-east-2.pem` to `terraform-manifests\private-key` folder - -### Step-04-04: Give permissions as chmod 400 -``` -# KeyPair Permissions -cd terraform-manifests\private-key -chmod 400 terraform-key-us-east-2.pem -``` - -### Step-04-05: Update ec2instance.auto.tfvars -```t -# Before -instance_keypair = "terraform-key" - -# After -#instance_keypair = "terraform-key" -instance_keypair = "terraform-key-us-east-2" -``` - -### Step-04-06: Update c9-nullresource-provisioners.tf -```t -# Create a Null Resource and Provisioners -resource "null_resource" "name" { - depends_on = [module.ec2_public] - # Connection Block for Provisioners to connect to EC2 Instance - connection { - type = "ssh" - host = aws_eip.bastion_eip.public_ip - user = "ec2-user" - password = "" - private_key = file("private-key/terraform-key-us-east-2.pem") - } - -## File Provisioner: Copies the terraform-key.pem file to /tmp/terraform-key-us-east-2.pem - provisioner "file" { - source = "private-key/terraform-key-us-east-2.pem" - destination = "/tmp/terraform-key-us-east-2.pem" - } -## Remote Exec Provisioner: Using remote-exec provisioner fix the private key permissions on Bastion Host - provisioner "remote-exec" { - inline = [ - "sudo chmod 400 /tmp/terraform-key-us-east-2.pem" - ] - } -## Local Exec Provisioner: local-exec provisioner (Creation-Time Provisioner - Triggered during Create Resource) - provisioner "local-exec" { - command = "echo VPC created on `date` and VPC ID: ${module.vpc.vpc_id} >> creation-time-vpc-id.txt" - working_dir = "local-exec-output-files/" - #on_failure = continue - } -``` - -## Step-05: c10-01-ALB-application-loadbalancer-variables.tf -- We will be using these variables in two places - - c10-02-ALB-application-loadbalancer.tf - - c12-route53-dnsregistration.tf -- If we are using the values in more than one place its good to variablize that value -```t -# App1 DNS Name -variable "app1_dns_name" { - description = "App1 DNS Name" -} - -# App2 DNS Name -variable "app2_dns_name" { - description = "App2 DNS Name" -} -``` -## Step-06: loadbalancer.auto.tfvars -```t -# AWS Load Balancer Variables -app1_dns_name = "app16.devopsincloud.com" -app2_dns_name = "app26.devopsincloud.com" -``` - -## Step-06: c10-02-ALB-application-loadbalancer.tf -### Step-06-01: HTTPS Listener Rule-1 -```t - conditions = [{ - #path_patterns = ["/app1*"] - host_headers = [var.app1_dns_name] - }] -``` -### Step-06-02: HTTPS Listener Rule-2 -```t - conditions = [{ - #path_patterns = ["/app2*"] - host_headers = [var.app2_dns_name] - }] -``` - -## Step-07: c12-route53-dnsregistration.tf -### Step-07-01: App1 DNS -```t -## Default DNS -resource "aws_route53_record" "default_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = "myapps.devopsincloud.com" - type = "A" - alias { - name = module.alb.this_lb_dns_name - zone_id = module.alb.this_lb_zone_id - evaluate_target_health = true - } -} - -# DNS Registration -## App1 DNS -resource "aws_route53_record" "app1_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = var.app1_dns_name - type = "A" - alias { - name = module.alb.this_lb_dns_name - zone_id = module.alb.this_lb_zone_id - evaluate_target_health = true - } -} -``` -### Step-07-02: App2 DNS -```t -## App2 DNS -resource "aws_route53_record" "app2_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = var.app2_dns_name - type = "A" - alias { - name = module.alb.this_lb_dns_name - zone_id = module.alb.this_lb_zone_id - evaluate_target_health = true - } -} -``` - -## Step-08: Execute Terraform Commands -```t -# Terraform Initialize -terraform init - -# Terraform Validate -terraform validate - -# Terraform Plan -terraform plan - -# Terraform Apply -terraform apply -auto-approve - -# Verify -Observation: -1. Verify EC2 Instances for App1 -2. Verify EC2 Instances for App2 -3. Verify Load Balancer SG - Primarily SSL 443 Rule -4. Verify ALB Listener - HTTP:80 - Should contain a redirect from HTTP to HTTPS -5. Verify ALB Listener - HTTPS:443 - Should contain 3 rules -5.1 Host Header app1.devopsincloud.com to app1-tg -5.2 Host Header app2.devopsincloud.com toto app2-tg -5.3 Fixed Response: any other errors or any other IP or valid DNS to this LB -6. Verify ALB Target Groups App1 and App2, Targets (should be healthy) -5. Verify SSL Certificate (Certificate Manager) -6. Verify Route53 DNS Record - -# Test (Domain will be different for you based on your registered domain) -# Note: All the below URLS shoud redirect from HTTP to HTTPS -# App1 -1. App1 Landing Page index.html at Root Context of App1: http://app1.devopsincloud.com -2. App1 /app1/index.html: http://app1.devopsincloud.com/app1/index.html -3. App1 /app1/metadata.html: http://app1.devopsincloud.com/app1/metadata.html -4. Failure Case: Access App2 Directory from App1 DNS: http://app1.devopsincloud.com/app2/index.html - Should return Directory not found 404 - -# App2 -1. App2 Landing Page index.html at Root Context of App1: http://app2.devopsincloud.com -2. App1 /app2/index.html: http://app1.devopsincloud.com/app2/index.html -3. App1 /app2/metadata.html: http://app1.devopsincloud.com/app2/metadata.html -4. Failure Case: Access App2 Directory from App1 DNS: http://app2.devopsincloud.com/app1/index.html - Should return Directory not found 404 -``` - -## Step-09: Clean-Up -```t -# Terraform Destroy -terraform destroy -auto-approve - -# Delete files -rm -rf .terraform* -rm -rf terraform.tfstate* -``` \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/app1-install.sh b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/app1-install.sh deleted file mode 100644 index f697dd1d..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/app1-install.sh +++ /dev/null @@ -1,12 +0,0 @@ -#! /bin/bash -# Instance Identity Metadata Reference - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html -sudo yum update -y -sudo yum install -y httpd -sudo systemctl enable httpd -sudo service httpd start -sudo echo 'Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app1/index.html -sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app1/metadata.html - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/app2-install.sh b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/app2-install.sh deleted file mode 100644 index 805d4bea..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/app2-install.sh +++ /dev/null @@ -1,12 +0,0 @@ -#! /bin/bash -# Instance Identity Metadata Reference - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html -sudo yum update -y -sudo yum install -y httpd -sudo systemctl enable httpd -sudo service httpd start -sudo echo 'Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app2/index.html -sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app2/metadata.html - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c1-versions.tf b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c1-versions.tf deleted file mode 100644 index 52d9f8d4..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c1-versions.tf +++ /dev/null @@ -1,24 +0,0 @@ -# Terraform Block -terraform { - required_version = ">= 1.0" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 3.0" - } - null = { - source = "hashicorp/null" - version = "~> 3.0" - } - } -} - -# Provider Block -provider "aws" { - region = var.aws_region - profile = "default" -} -/* -Note-1: AWS Credentials Profile (profile = "default") configured on your local desktop terminal -$HOME/.aws/credentials -*/ diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c10-01-ALB-application-loadbalancer-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c10-01-ALB-application-loadbalancer-variables.tf deleted file mode 100644 index a4c16d05..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c10-01-ALB-application-loadbalancer-variables.tf +++ /dev/null @@ -1,14 +0,0 @@ -# Terraform AWS Application Load Balancer Variables -# Place holder file for AWS ALB Variables - -# App1 DNS Name -variable "app1_dns_name" { - description = "App1 DNS Name" -} - -# App2 DNS Name -variable "app2_dns_name" { - description = "App2 DNS Name" -} - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c10-02-ALB-application-loadbalancer.tf b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c10-02-ALB-application-loadbalancer.tf deleted file mode 100644 index bb4ad7ee..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c10-02-ALB-application-loadbalancer.tf +++ /dev/null @@ -1,145 +0,0 @@ -# Terraform AWS Application Load Balancer (ALB) -module "alb" { - source = "terraform-aws-modules/alb/aws" - version = "5.16.0" - - name = "${local.name}-alb" - load_balancer_type = "application" - vpc_id = module.vpc.vpc_id - subnets = [ - module.vpc.public_subnets[0], - module.vpc.public_subnets[1] - ] - security_groups = [module.loadbalancer_sg.this_security_group_id] - # Listeners - # HTTP Listener - HTTP to HTTPS Redirect - http_tcp_listeners = [ - { - port = 80 - protocol = "HTTP" - action_type = "redirect" - redirect = { - port = "443" - protocol = "HTTPS" - status_code = "HTTP_301" - } - } - ] - # Target Groups - target_groups = [ - # App1 Target Group - TG Index = 0 - { - name_prefix = "app1-" - backend_protocol = "HTTP" - backend_port = 80 - target_type = "instance" - deregistration_delay = 10 - health_check = { - enabled = true - interval = 30 - path = "/app1/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - protocol = "HTTP" - matcher = "200-399" - } - protocol_version = "HTTP1" - # App1 Target Group - Targets - targets = { - my_app1_vm1 = { - target_id = module.ec2_private_app1.id[0] - port = 80 - }, - my_app1_vm2 = { - target_id = module.ec2_private_app1.id[1] - port = 80 - } - } - tags =local.common_tags # Target Group Tags - }, - # App2 Target Group - TG Index = 1 - { - name_prefix = "app2-" - backend_protocol = "HTTP" - backend_port = 80 - target_type = "instance" - deregistration_delay = 10 - health_check = { - enabled = true - interval = 30 - path = "/app2/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - protocol = "HTTP" - matcher = "200-399" - } - protocol_version = "HTTP1" - # App2 Target Group - Targets - targets = { - my_app2_vm1 = { - target_id = module.ec2_private_app2.id[0] - port = 80 - }, - my_app2_vm2 = { - target_id = module.ec2_private_app2.id[1] - port = 80 - } - } - tags =local.common_tags # Target Group Tags - } - ] - - # HTTPS Listener - https_listeners = [ - # HTTPS Listener Index = 0 for HTTPS 443 - { - port = 443 - protocol = "HTTPS" - certificate_arn = module.acm.this_acm_certificate_arn - action_type = "fixed-response" - fixed_response = { - content_type = "text/plain" - message_body = "Fixed Static message - for Root Context" - status_code = "200" - } - }, - ] - - # HTTPS Listener Rules - https_listener_rules = [ - # Rule-1: app1.devopsincloud.com should go to App1 EC2 Instances - { - https_listener_index = 0 - actions = [ - { - type = "forward" - target_group_index = 0 - } - ] - conditions = [{ - #path_patterns = ["/app1*"] - host_headers = [var.app1_dns_name] - }] - }, - # Rule-2: app2.devopsincloud.com should go to App2 EC2 Instances - { - https_listener_index = 0 - actions = [ - { - type = "forward" - target_group_index = 1 - } - ] - conditions = [{ - #path_patterns = ["/app2*"] - host_headers = [var.app2_dns_name] - }] - }, - ] - - tags = local.common_tags # ALB Tags -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c10-03-ALB-application-loadbalancer-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c10-03-ALB-application-loadbalancer-outputs.tf deleted file mode 100644 index 2db1d52e..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c10-03-ALB-application-loadbalancer-outputs.tf +++ /dev/null @@ -1,65 +0,0 @@ -# Terraform AWS Application Load Balancer (ALB) Outputs -output "this_lb_id" { - description = "The ID and ARN of the load balancer we created." - value = module.alb.this_lb_id -} - -output "this_lb_arn" { - description = "The ID and ARN of the load balancer we created." - value = module.alb.this_lb_arn -} - -output "this_lb_dns_name" { - description = "The DNS name of the load balancer." - value = module.alb.this_lb_dns_name -} - -output "this_lb_arn_suffix" { - description = "ARN suffix of our load balancer - can be used with CloudWatch." - value = module.alb.this_lb_arn_suffix -} - -output "this_lb_zone_id" { - description = "The zone_id of the load balancer to assist with creating DNS records." - value = module.alb.this_lb_zone_id -} - -output "http_tcp_listener_arns" { - description = "The ARN of the TCP and HTTP load balancer listeners created." - value = module.alb.http_tcp_listener_arns -} - -output "http_tcp_listener_ids" { - description = "The IDs of the TCP and HTTP load balancer listeners created." - value = module.alb.http_tcp_listener_ids -} - -output "https_listener_arns" { - description = "The ARNs of the HTTPS load balancer listeners created." - value = module.alb.https_listener_arns -} - -output "https_listener_ids" { - description = "The IDs of the load balancer listeners created." - value = module.alb.https_listener_ids -} - -output "target_group_arns" { - description = "ARNs of the target groups. Useful for passing to your Auto Scaling group." - value = module.alb.target_group_arns -} - -output "target_group_arn_suffixes" { - description = "ARN suffixes of our target groups - can be used with CloudWatch." - value = module.alb.target_group_arn_suffixes -} - -output "target_group_names" { - description = "Name of the target group. Useful for passing to your CodeDeploy Deployment Group." - value = module.alb.target_group_names -} - -output "target_group_attachments" { - description = "ARNs of the target group attachment IDs." - value = module.alb.target_group_attachments -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c11-acm-certificatemanager.tf b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c11-acm-certificatemanager.tf deleted file mode 100644 index 50fe5ef7..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c11-acm-certificatemanager.tf +++ /dev/null @@ -1,20 +0,0 @@ -# ACM Module - To create and Verify SSL Certificates -module "acm" { - source = "terraform-aws-modules/acm/aws" - version = "2.14.0" - - domain_name = trimsuffix(data.aws_route53_zone.mydomain.name, ".") - zone_id = data.aws_route53_zone.mydomain.zone_id - - subject_alternative_names = [ - "*.devopsincloud.com" - ] - tags = local.common_tags -} - -# Output ACM Certificate ARN -output "this_acm_certificate_arn" { - description = "The ARN of the certificate" - value = module.acm.this_acm_certificate_arn -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c12-route53-dnsregistration.tf b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c12-route53-dnsregistration.tf deleted file mode 100644 index 6551673b..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c12-route53-dnsregistration.tf +++ /dev/null @@ -1,37 +0,0 @@ -# DNS Registration -## Default DNS -resource "aws_route53_record" "default_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = "myapps1.devopsincloud.com" - type = "A" - alias { - name = module.alb.this_lb_dns_name - zone_id = module.alb.this_lb_zone_id - evaluate_target_health = true - } -} - -## App1 DNS -resource "aws_route53_record" "app1_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = var.app1_dns_name - type = "A" - alias { - name = module.alb.this_lb_dns_name - zone_id = module.alb.this_lb_zone_id - evaluate_target_health = true - } -} - - -## App2 DNS -resource "aws_route53_record" "app2_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = var.app2_dns_name - type = "A" - alias { - name = module.alb.this_lb_dns_name - zone_id = module.alb.this_lb_zone_id - evaluate_target_health = true - } -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c2-generic-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c2-generic-variables.tf deleted file mode 100644 index c238ceaa..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c2-generic-variables.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Input Variables -# AWS Region -variable "aws_region" { - description = "Region in which AWS Resources to be created" - type = string - default = "us-east-1" -} -# Environment Variable -variable "environment" { - description = "Environment Variable used as a prefix" - type = string - default = "dev" -} -# Business Division -variable "business_divsion" { - description = "Business Division in the large organization this Infrastructure belongs" - type = string - default = "sap" -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c3-local-values.tf b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c3-local-values.tf deleted file mode 100644 index 9465b846..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c3-local-values.tf +++ /dev/null @@ -1,11 +0,0 @@ -# Define Local Values in Terraform -locals { - owners = var.business_divsion - environment = var.environment - name = "${var.business_divsion}-${var.environment}" - #name = "${local.owners}-${local.environment}" - common_tags = { - owners = local.owners - environment = local.environment - } -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c4-01-vpc-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c4-01-vpc-variables.tf deleted file mode 100644 index b68d0a48..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c4-01-vpc-variables.tf +++ /dev/null @@ -1,77 +0,0 @@ -# VPC Input Variables - -# VPC Name -variable "vpc_name" { - description = "VPC Name" - type = string - default = "myvpc" -} - -# VPC CIDR Block -variable "vpc_cidr_block" { - description = "VPC CIDR Block" - type = string - default = "10.0.0.0/16" -} - -# VPC Availability Zones -variable "vpc_availability_zones" { - description = "VPC Availability Zones" - type = list(string) - default = ["us-east-1a", "us-east-1b"] -} - -# VPC Public Subnets -variable "vpc_public_subnets" { - description = "VPC Public Subnets" - type = list(string) - default = ["10.0.101.0/24", "10.0.102.0/24"] -} - -# VPC Private Subnets -variable "vpc_private_subnets" { - description = "VPC Private Subnets" - type = list(string) - default = ["10.0.1.0/24", "10.0.2.0/24"] -} - -# VPC Database Subnets -variable "vpc_database_subnets" { - description = "VPC Database Subnets" - type = list(string) - default = ["10.0.151.0/24", "10.0.152.0/24"] -} - -# VPC Create Database Subnet Group (True / False) -variable "vpc_create_database_subnet_group" { - description = "VPC Create Database Subnet Group" - type = bool - default = true -} - -# VPC Create Database Subnet Route Table (True or False) -variable "vpc_create_database_subnet_route_table" { - description = "VPC Create Database Subnet Route Table" - type = bool - default = true -} - - -# VPC Enable NAT Gateway (True or False) -variable "vpc_enable_nat_gateway" { - description = "Enable NAT Gateways for Private Subnets Outbound Communication" - type = bool - default = true -} - -# VPC Single NAT Gateway (True or False) -variable "vpc_single_nat_gateway" { - description = "Enable only single NAT Gateway in one Availability Zone to save costs during our demos" - type = bool - default = true -} - - - - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c4-02-vpc-module.tf b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c4-02-vpc-module.tf deleted file mode 100644 index 21a86db6..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c4-02-vpc-module.tf +++ /dev/null @@ -1,43 +0,0 @@ -# Create VPC Terraform Module -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - version = "2.78.0" - #version = "~> 2.78" - - # VPC Basic Details - name = "${local.name}-${var.vpc_name}" - cidr = var.vpc_cidr_block - azs = var.vpc_availability_zones - public_subnets = var.vpc_public_subnets - private_subnets = var.vpc_private_subnets - - # Database Subnets - database_subnets = var.vpc_database_subnets - create_database_subnet_group = var.vpc_create_database_subnet_group - create_database_subnet_route_table = var.vpc_create_database_subnet_route_table - # create_database_internet_gateway_route = true - # create_database_nat_gateway_route = true - - # NAT Gateways - Outbound Communication - enable_nat_gateway = var.vpc_enable_nat_gateway - single_nat_gateway = var.vpc_single_nat_gateway - - # VPC DNS Parameters - enable_dns_hostnames = true - enable_dns_support = true - - - tags = local.common_tags - vpc_tags = local.common_tags - - # Additional Tags to Subnets - public_subnet_tags = { - Type = "Public Subnets" - } - private_subnet_tags = { - Type = "Private Subnets" - } - database_subnet_tags = { - Type = "Private Database Subnets" - } -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c4-03-vpc-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c4-03-vpc-outputs.tf deleted file mode 100644 index c144e991..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c4-03-vpc-outputs.tf +++ /dev/null @@ -1,37 +0,0 @@ -# VPC Output Values - -# VPC ID -output "vpc_id" { - description = "The ID of the VPC" - value = module.vpc.vpc_id -} - -# VPC CIDR blocks -output "vpc_cidr_block" { - description = "The CIDR block of the VPC" - value = module.vpc.vpc_cidr_block -} - -# VPC Private Subnets -output "private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc.private_subnets -} - -# VPC Public Subnets -output "public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc.public_subnets -} - -# VPC NAT gateway Public IP -output "nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_public_ips -} - -# VPC AZs -output "azs" { - description = "A list of availability zones spefified as argument to this module" - value = module.vpc.azs -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c5-01-securitygroup-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c5-01-securitygroup-variables.tf deleted file mode 100644 index fecdef54..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c5-01-securitygroup-variables.tf +++ /dev/null @@ -1,2 +0,0 @@ -# AWS EC2 Security Group Terraform Variables -## Placeholder file for Variables diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c5-02-securitygroup-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c5-02-securitygroup-outputs.tf deleted file mode 100644 index ce756305..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c5-02-securitygroup-outputs.tf +++ /dev/null @@ -1,40 +0,0 @@ -# AWS EC2 Security Group Terraform Outputs - -# Public Bastion Host Security Group Outputs -## public_bastion_sg_group_id -output "public_bastion_sg_group_id" { - description = "The ID of the security group" - value = module.public_bastion_sg.this_security_group_id -} - -## public_bastion_sg_group_vpc_id -output "public_bastion_sg_group_vpc_id" { - description = "The VPC ID" - value = module.public_bastion_sg.this_security_group_vpc_id -} - -## public_bastion_sg_group_name -output "public_bastion_sg_group_name" { - description = "The name of the security group" - value = module.public_bastion_sg.this_security_group_name -} - -# Private EC2 Instances Security Group Outputs -## private_sg_group_id -output "private_sg_group_id" { - description = "The ID of the security group" - value = module.private_sg.this_security_group_id -} - -## private_sg_group_vpc_id -output "private_sg_group_vpc_id" { - description = "The VPC ID" - value = module.private_sg.this_security_group_vpc_id -} - -## private_sg_group_name -output "private_sg_group_name" { - description = "The name of the security group" - value = module.private_sg.this_security_group_name -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c5-03-securitygroup-bastionsg.tf b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c5-03-securitygroup-bastionsg.tf deleted file mode 100644 index e8c2a767..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c5-03-securitygroup-bastionsg.tf +++ /dev/null @@ -1,16 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Public Bastion Host -module "public_bastion_sg" { - source = "terraform-aws-modules/security-group/aws" - version = "3.18.0" - - name = "public-bastion-sg" - description = "Security Group with SSH port open for everybody (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c5-04-securitygroup-privatesg.tf b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c5-04-securitygroup-privatesg.tf deleted file mode 100644 index 0351a7ca..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c5-04-securitygroup-privatesg.tf +++ /dev/null @@ -1,17 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Private EC2 Instances -module "private_sg" { - source = "terraform-aws-modules/security-group/aws" - version = "3.18.0" - - name = "private-sg" - description = "Security Group with HTTP & SSH port open for entire VPC Block (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp", "http-80-tcp"] - ingress_cidr_blocks = [module.vpc.vpc_cidr_block] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c5-05-securitygroup-loadbalancersg.tf b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c5-05-securitygroup-loadbalancersg.tf deleted file mode 100644 index ae0d8306..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c5-05-securitygroup-loadbalancersg.tf +++ /dev/null @@ -1,28 +0,0 @@ -# Security Group for Public Load Balancer -module "loadbalancer_sg" { - source = "terraform-aws-modules/security-group/aws" - version = "3.18.0" - - name = "loadbalancer-sg" - description = "Security Group with HTTP open for entire Internet (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["http-80-tcp", "https-443-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags - - # Open to CIDRs blocks (rule or from_port+to_port+protocol+description) - ingress_with_cidr_blocks = [ - { - from_port = 81 - to_port = 81 - protocol = 6 - description = "Allow Port 81 from internet" - cidr_blocks = "0.0.0.0/0" - }, - ] -} - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c6-01-datasource-ami.tf b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c6-01-datasource-ami.tf deleted file mode 100644 index c292b608..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c6-01-datasource-ami.tf +++ /dev/null @@ -1,21 +0,0 @@ -# Get latest AMI ID for Amazon Linux2 OS -data "aws_ami" "amzlinux2" { - most_recent = true - owners = [ "amazon" ] - filter { - name = "name" - values = [ "amzn2-ami-hvm-*-gp2" ] - } - filter { - name = "root-device-type" - values = [ "ebs" ] - } - filter { - name = "virtualization-type" - values = [ "hvm" ] - } - filter { - name = "architecture" - values = [ "x86_64" ] - } -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c6-02-datasource-route53-zone.tf b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c6-02-datasource-route53-zone.tf deleted file mode 100644 index a30979d5..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c6-02-datasource-route53-zone.tf +++ /dev/null @@ -1,16 +0,0 @@ -# Get DNS information from AWS Route53 -data "aws_route53_zone" "mydomain" { - name = "devopsincloud.com" -} - -# Output MyDomain Zone ID -output "mydomain_zoneid" { - description = "The Hosted Zone id of the desired Hosted Zone" - value = data.aws_route53_zone.mydomain.zone_id -} - -# Output MyDomain name -output "mydomain_name" { - description = " The Hosted Zone name of the desired Hosted Zone." - value = data.aws_route53_zone.mydomain.name -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c7-01-ec2instance-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c7-01-ec2instance-variables.tf deleted file mode 100644 index 5067bec2..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c7-01-ec2instance-variables.tf +++ /dev/null @@ -1,23 +0,0 @@ -# AWS EC2 Instance Terraform Variables -# EC2 Instance Variables - -# AWS EC2 Instance Type -variable "instance_type" { - description = "EC2 Instance Type" - type = string - default = "t3.micro" -} - -# AWS EC2 Instance Key Pair -variable "instance_keypair" { - description = "AWS EC2 Key pair that need to be associated with EC2 Instance" - type = string - default = "terraform-key" -} - -# AWS EC2 Private Instance Count -variable "private_instance_count" { - description = "AWS EC2 Private Instances Count" - type = number - default = 1 -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c7-02-ec2instance-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c7-02-ec2instance-outputs.tf deleted file mode 100644 index 7391ccea..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c7-02-ec2instance-outputs.tf +++ /dev/null @@ -1,40 +0,0 @@ -# AWS EC2 Instance Terraform Outputs -# Public EC2 Instances - Bastion Host - -## ec2_bastion_public_instance_ids -output "ec2_bastion_public_instance_ids" { - description = "List of IDs of instances" - value = module.ec2_public.id -} - -## ec2_bastion_public_ip -output "ec2_bastion_public_ip" { - description = "List of public IP addresses assigned to the instances" - value = module.ec2_public.public_ip -} - -# App1 - Private EC2 Instances -## ec2_private_instance_ids -output "app1_ec2_private_instance_ids" { - description = "List of IDs of instances" - value = module.ec2_private_app1.id -} -## ec2_private_ip -output "app1_ec2_private_ip" { - description = "List of private IP addresses assigned to the instances" - value = module.ec2_private_app1.private_ip -} - -# App2 - Private EC2 Instances -## ec2_private_instance_ids -output "app2_ec2_private_instance_ids" { - description = "List of IDs of instances" - value = module.ec2_private_app2.id -} -## ec2_private_ip -output "app2_ec2_private_ip" { - description = "List of private IP addresses assigned to the instances" - value = module.ec2_private_app2.private_ip -} - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c7-03-ec2instance-bastion.tf b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c7-03-ec2instance-bastion.tf deleted file mode 100644 index 4148f148..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c7-03-ec2instance-bastion.tf +++ /dev/null @@ -1,17 +0,0 @@ -# AWS EC2 Instance Terraform Module -# Bastion Host - EC2 Instance that will be created in VPC Public Subnet -module "ec2_public" { - source = "terraform-aws-modules/ec2-instance/aws" - version = "2.17.0" - # insert the 10 required variables here - name = "${var.environment}-BastionHost" - #instance_count = 5 - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - subnet_id = module.vpc.public_subnets[0] - vpc_security_group_ids = [module.public_bastion_sg.this_security_group_id] - tags = local.common_tags -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c7-04-ec2instance-private-app1.tf b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c7-04-ec2instance-private-app1.tf deleted file mode 100644 index 66d888d4..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c7-04-ec2instance-private-app1.tf +++ /dev/null @@ -1,24 +0,0 @@ -# AWS EC2 Instance Terraform Module -# EC2 Instances that will be created in VPC Private Subnets for App1 -module "ec2_private_app1" { - depends_on = [ module.vpc ] # VERY VERY IMPORTANT else userdata webserver provisioning will fail - source = "terraform-aws-modules/ec2-instance/aws" - version = "2.17.0" - # insert the 10 required variables here - name = "${var.environment}-app1" - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - vpc_security_group_ids = [module.private_sg.this_security_group_id] - #subnet_id = module.vpc.public_subnets[0] - subnet_ids = [ - module.vpc.private_subnets[0], - module.vpc.private_subnets[1] - ] - instance_count = var.private_instance_count - user_data = file("${path.module}/app1-install.sh") - tags = local.common_tags -} - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c7-05-ec2instance-private-app2.tf b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c7-05-ec2instance-private-app2.tf deleted file mode 100644 index 66da349a..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c7-05-ec2instance-private-app2.tf +++ /dev/null @@ -1,24 +0,0 @@ -# AWS EC2 Instance Terraform Module -# EC2 Instances that will be created in VPC Private Subnets for App2 -module "ec2_private_app2" { - depends_on = [ module.vpc ] # VERY VERY IMPORTANT else userdata webserver provisioning will fail - source = "terraform-aws-modules/ec2-instance/aws" - version = "2.17.0" - # insert the 10 required variables here - name = "${var.environment}-app2" - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - vpc_security_group_ids = [module.private_sg.this_security_group_id] - #subnet_id = module.vpc.public_subnets[0] - subnet_ids = [ - module.vpc.private_subnets[0], - module.vpc.private_subnets[1] - ] - instance_count = var.private_instance_count - user_data = file("${path.module}/app2-install.sh") - tags = local.common_tags -} - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c8-elasticip.tf b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c8-elasticip.tf deleted file mode 100644 index 07fe130b..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c8-elasticip.tf +++ /dev/null @@ -1,16 +0,0 @@ -# Create Elastic IP for Bastion Host -# Resource - depends_on Meta-Argument -resource "aws_eip" "bastion_eip" { - depends_on = [ module.ec2_public, module.vpc ] - instance = module.ec2_public.id[0] - vpc = true - tags = local.common_tags - -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) - provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c9-nullresource-provisioners.tf b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c9-nullresource-provisioners.tf deleted file mode 100644 index 7248c8b9..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c9-nullresource-provisioners.tf +++ /dev/null @@ -1,42 +0,0 @@ -# Create a Null Resource and Provisioners -resource "null_resource" "name" { - depends_on = [module.ec2_public] - # Connection Block for Provisioners to connect to EC2 Instance - connection { - type = "ssh" - host = aws_eip.bastion_eip.public_ip - user = "ec2-user" - password = "" - private_key = file("private-key/terraform-key-us-east-2.pem") - } - -## File Provisioner: Copies the terraform-key.pem file to /tmp/terraform-key-us-east-2.pem - provisioner "file" { - source = "private-key/terraform-key-us-east-2.pem" - destination = "/tmp/terraform-key-us-east-2.pem" - } -## Remote Exec Provisioner: Using remote-exec provisioner fix the private key permissions on Bastion Host - provisioner "remote-exec" { - inline = [ - "sudo chmod 400 /tmp/terraform-key-us-east-2.pem" - ] - } -## Local Exec Provisioner: local-exec provisioner (Creation-Time Provisioner - Triggered during Create Resource) - provisioner "local-exec" { - command = "echo VPC created on `date` and VPC ID: ${module.vpc.vpc_id} >> creation-time-vpc-id.txt" - working_dir = "local-exec-output-files/" - #on_failure = continue - } -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) -/* provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } - */ - -} - -# Creation Time Provisioners - By default they are created during resource creations (terraform apply) -# Destory Time Provisioners - Will be executed during "terraform destroy" command (when = destroy) \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/ec2instance.auto.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/ec2instance.auto.tfvars deleted file mode 100644 index d6876b8a..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/ec2instance.auto.tfvars +++ /dev/null @@ -1,5 +0,0 @@ -# EC2 Instance Variables -instance_type = "t3.micro" -#instance_keypair = "terraform-key" -instance_keypair = "terraform-key-us-east-2" -private_instance_count = 2 diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/loadbalancer.auto.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/loadbalancer.auto.tfvars deleted file mode 100644 index b1f784bf..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/loadbalancer.auto.tfvars +++ /dev/null @@ -1,3 +0,0 @@ -# AWS Load Balancer Variables -app1_dns_name = "app17.devopsincloud.com" -app2_dns_name = "app27.devopsincloud.com" \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/local-exec-output-files/creation-time-vpc-id.txt b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/local-exec-output-files/creation-time-vpc-id.txt deleted file mode 100644 index fc178919..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/local-exec-output-files/creation-time-vpc-id.txt +++ /dev/null @@ -1,4 +0,0 @@ -VPC created on Tue Apr 20 13:59:45 IST 2021 and VPC ID: vpc-0325dc1acd7eec103 -VPC created on Tue Apr 20 15:38:18 IST 2021 and VPC ID: vpc-0ada4f674de70b568 -VPC created on Thu Apr 22 11:41:49 IST 2021 and VPC ID: vpc-0ad139001a6b52da6 -VPC created on Thu Apr 22 14:12:55 IST 2021 and VPC ID: vpc-0230b618d0cd954ba diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/local-exec-output-files/destroy-time-prov.txt b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/local-exec-output-files/destroy-time-prov.txt deleted file mode 100644 index f9574e76..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/local-exec-output-files/destroy-time-prov.txt +++ /dev/null @@ -1,4 +0,0 @@ -Destroy time prov Tue Apr 20 14:11:11 IST 2021 -Destroy time prov Tue Apr 20 15:47:43 IST 2021 -Destroy time prov Thu Apr 22 12:11:35 IST 2021 -Destroy time prov Thu Apr 22 14:24:56 IST 2021 diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/private-key/terraform-key-us-east-2.pem b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/private-key/terraform-key-us-east-2.pem deleted file mode 100644 index fa1c3685..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/private-key/terraform-key-us-east-2.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAm3BeIK0SgPAv+tu5Dcts5G6lbTwB0QrrGbCFGV5k9Yn35f8F -RoAVBqyFHjrcye7ZRYnrIbT4bzQKVwPz+AcNUj2Y+keXcAsB0v39C1VH2VieUCIr -rmHRggrzvI8P/cdzmuXuSwr38CfBC1BXhqPfrTJSEEqok1S2Rw78GW7S4e/OSEc/ -3p4dkNpVv3pTP3Ygq5DYVeLROq50LPF5NHmllnC0V9vlhFyPI5qMycJj3rx0HYYT -BCRF+TY7WyBYaH/EqCR37vajuzTYFrPhtPUoP3ryWEr0+OaMJzLW5IS4KNV7GkL9 -ceyPa9iW1E6J8B1hvT3+nOIUZhhZIXIXZbin+wIDAQABAoIBACHwDc0qnKCkUIWA -Fc5qPPM/KUVJVcgzjxND1DuuvXJS1lpULO2wp2aWolXwWiaIzM1/CGSKo7d78EoB -ZfIgcAslwdHbcbgX3yUXKXmg/Bf7Xk12uHzRhLHU/FSOE9rAAoCudTHTSkEYHPEA -cKvH+d1R4FMISfgpBcdMAUT4Snjj0NH11uFW37QtrAKziZKEeA1eU/mP4a9OL6qj -XGIaJeL5flhiNVqz9HPnY6fc3wUF2TBcMy+OBxt7VKFXtE8M06FhRn2MJyyE5tsp -ulfgJ5Y3bp1k5WFD4mmNt/97YopF5hA+3GXZlGtziZMrxjRS3j9EPVMhc7UkGdyf -Yd9NwcECgYEAyxTPUN1B5JU5u4Ki1qO8NrY8ESOA2rqRmd1wRHgsTN7iKPCD5890 -7BO8DosX7QJ6EBaxvtCAsP5mMMK4plAeh/UIn48TxnY1jgUds99R5goYM760S/in -3kLWMlqOxPjfthrmJ29tR2gQh3FK2N16hdMT5HTaHO90h9esrmnMAFsCgYEAw/Fr -7oThVGQIFGhTFvOa89rYjk5QFeVAfehT5/CWabYMFC5sTUTQLeW9MDNQS+ydKkDg -0yjUQEaAPwoKq2iQa8RJIRYKCEjzIn41mGGtpRo6IqYMnlXLSgR90gOKPyhwIwd3 -8mzytUqcsTbxax4sqXXLMtbPirZaRKvO/aB0iOECgYATvr45eonBk9C9LoJupBTU -rPtCH1WT7rfhYepcfeKwxqrumBP7IeyYV4LdVyDIZok/rzUw/EzG6LU+4G/bm8ac -KXLhMKQXk765RD4TEw9/clPQFCarjE2mCpGQ68Ud2aTGq+7cvrS9UJzqzlUcqMwU -3uT8PXBHh/ColIuxmY/AKQKBgGgVjWzlX0DR5kzY4hJWEyCoRtLJHNeUsP5w9GlH -rs62qpHp2xPskt1epXG+QFAkf5QbZJImpSEDkkpqTiKhZ94nJWWS7H9cKPNQsa2h -bXk/hlQzeo59KoDGBAQUZ1KHa5Hf/MJlR0QwPy4P7owlOjpGXUtDOnoHxcmmrkyh -+GVhAoGAQ6nIU1Nyw8PQmjfkgSu3mD56vFHUzO9lsjZOBgYXtDbdoQxaMoYpHKym -dmelrGzz/S60dQH+OpgqLOVARIk/z65wxKsxV+mDerUQZTEV/LkrA3+za2VxKS7L -7U5oa2lurCbiA8vyJPVEK92cTky/73keL5e9JxmDaHeiQEVr9Zw= ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/private-key/terraform-key.pem b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/private-key/terraform-key.pem deleted file mode 100644 index fab1eb2a..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/private-key/terraform-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAnzQtbXStFNU4znotckbPpAbQvymSYBvIRhObDObmhZLzs/Qm -lm57HBU18NcdAeEmKjHyu/2CI4Wwor3TJ+LTKHIldHmCt+26dSN5889Km99Af674 -nuPg9fTt8IXhY83aO0AeEnFivC+lk9+6Xezv7J7Llsmyx3kvUGE4uUEPNPuNcjdU -OrSlQ/Th9FPWBsTL8wLQCfQaPIQhZT8fXnvNGViTpZ/YqcoKGmkXcMl/+Pi0Xccs -ID3Egl18sV5uWr6T1DSMqhhwWYbl+IagZYUeKQ6Lg5znAtnX2/OHhDep6pGcf+aE -jbRkhQWgfLIVYhNXkAGxdxBEA2fQO0wvnaKI6wIDAQABAoIBABmUZqApmQ253LDA -TMEJw58VQUEVyuEKVbl8uPLvvqZDoEiPuAt/oOQ4PDyAM7bzmBA7ikbOSrSubF0Z -pu3HsinTfVUjmO84kTb1Bkk4S0KUMmbRlDzjXGfofLqiqD5C+wd+G9bWxQh7l10V -G3qv8TTRpuCJc+I9BG8jz9tkKq9WYtnGKXktVIAmEXK+ein8A5yj+szV1CyP0y6Y -6D1KApk+o1hLEXCBxaK6JgD4elJWgU0jCIhRFZzae93yozNIfJc2WZfPc8Ro6GBa -8H57q3E241P7S65VewhZlln9AUcRFYc587ohcCIW8mOWQ8NA3IMP+oVxa2p334Ll -duhR2jECgYEAyf7a1/+/c82B+ENyo53Y5CK2UM28oOJjiyCaWG2Dxj6V2+ZSXPrS -YTo43L9XiqT0Ry2eHjb4pJDsEeW5FnaDFO6NVUP+vfzaqWtozQmVAl3GQybbSh6g -+KJoEQff2Obadp9ZVhLFTiBedvGqPD43hs7jtmk5RfMjpLOvidfe+/UCgYEAycSJ -etYYHMMQm2NgX1/4dcbgOiu33N+x1H7LaXuvJMaZw0wB7fUyu65CAexEanDtiKs3 -jVG4tAzdMmHg7VxKR7eiCvQaSlxdWdcWtL2eFVq2TaQeowbpJUtsR0h6W0vpaN9A -VYW/oAH4fzQskwmWSlBMxB/Ie14hBCBckTXSRV8CgYEAql6WXpCK/jVbZfYdfvrn -sKPGeijM7DWGGBaLmAHmnxKyeyKsXVgAkZj11NpeD8ZJcq97Kajb1pGVSxMjJVsX -/FOoST5sYfoew76gSi/GypQlYQYo9z8WLh9s/tBRcTRlFqAYTYzPdbG/ezshhmZD -lyRw0620bNdCPOyBJhY5MPECgYA/3tFOazuSz0UQi3LUfkLetagBghlf+AgJJmIp -8BdPYvcF1ae+tiHrO4x1o188+qaW3uxk9fusM25KJqXXPaHd9gl7wi4YYAjFCcuM -R4IlbGPNTCjOnr9rKOcL4aup/uvSYOmyqPYyJq2NRuzdVumWeLj0VMNYGkIFVmE3 -LnxzrQKBgG5loEjdSKt40YOMXtYvUYUKDGvWgoQEb0hj3OqiBXz+w4YD3/iX7dbQ -qra1gCxE42Z9beiBiti6zi6zGcoVj/pfNUoyxTLMSwaytbF+g1u6ksXcmC9PXcmk -kJDR0DJcm/rcL8tp3PKo22GDB7sobm9gk5je6y8z+dQs3SQbWzb0 ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/terraform.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/terraform.tfvars deleted file mode 100644 index 7cf12278..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/terraform.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# Generic Variables -aws_region = "us-east-2" -environment = "stag" -business_divsion = "hr" - - - - - - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/vpc.auto.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/vpc.auto.tfvars deleted file mode 100644 index 38a68f4d..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/vpc.auto.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# VPC Variables -vpc_name = "myvpc" -vpc_cidr_block = "10.0.0.0/16" -vpc_availability_zones = ["us-east-2a", "us-east-2b"] -vpc_public_subnets = ["10.0.101.0/24", "10.0.102.0/24"] -vpc_private_subnets = ["10.0.1.0/24", "10.0.2.0/24"] -vpc_database_subnets= ["10.0.151.0/24", "10.0.152.0/24"] -vpc_create_database_subnet_group = true -vpc_create_database_subnet_route_table = true -vpc_enable_nat_gateway = true -vpc_single_nat_gateway = true \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/app1-install.sh b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/app1-install.sh deleted file mode 100644 index f697dd1d..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/app1-install.sh +++ /dev/null @@ -1,12 +0,0 @@ -#! /bin/bash -# Instance Identity Metadata Reference - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html -sudo yum update -y -sudo yum install -y httpd -sudo systemctl enable httpd -sudo service httpd start -sudo echo 'Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app1/index.html -sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app1/metadata.html - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/app2-install.sh b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/app2-install.sh deleted file mode 100644 index 805d4bea..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/app2-install.sh +++ /dev/null @@ -1,12 +0,0 @@ -#! /bin/bash -# Instance Identity Metadata Reference - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html -sudo yum update -y -sudo yum install -y httpd -sudo systemctl enable httpd -sudo service httpd start -sudo echo 'Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app2/index.html -sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app2/metadata.html - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c1-versions.tf b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c1-versions.tf deleted file mode 100644 index 52d9f8d4..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c1-versions.tf +++ /dev/null @@ -1,24 +0,0 @@ -# Terraform Block -terraform { - required_version = ">= 1.0" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 3.0" - } - null = { - source = "hashicorp/null" - version = "~> 3.0" - } - } -} - -# Provider Block -provider "aws" { - region = var.aws_region - profile = "default" -} -/* -Note-1: AWS Credentials Profile (profile = "default") configured on your local desktop terminal -$HOME/.aws/credentials -*/ diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf deleted file mode 100644 index a4c16d05..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf +++ /dev/null @@ -1,14 +0,0 @@ -# Terraform AWS Application Load Balancer Variables -# Place holder file for AWS ALB Variables - -# App1 DNS Name -variable "app1_dns_name" { - description = "App1 DNS Name" -} - -# App2 DNS Name -variable "app2_dns_name" { - description = "App2 DNS Name" -} - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c10-02-ALB-application-loadbalancer.tf b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c10-02-ALB-application-loadbalancer.tf deleted file mode 100644 index bb4ad7ee..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c10-02-ALB-application-loadbalancer.tf +++ /dev/null @@ -1,145 +0,0 @@ -# Terraform AWS Application Load Balancer (ALB) -module "alb" { - source = "terraform-aws-modules/alb/aws" - version = "5.16.0" - - name = "${local.name}-alb" - load_balancer_type = "application" - vpc_id = module.vpc.vpc_id - subnets = [ - module.vpc.public_subnets[0], - module.vpc.public_subnets[1] - ] - security_groups = [module.loadbalancer_sg.this_security_group_id] - # Listeners - # HTTP Listener - HTTP to HTTPS Redirect - http_tcp_listeners = [ - { - port = 80 - protocol = "HTTP" - action_type = "redirect" - redirect = { - port = "443" - protocol = "HTTPS" - status_code = "HTTP_301" - } - } - ] - # Target Groups - target_groups = [ - # App1 Target Group - TG Index = 0 - { - name_prefix = "app1-" - backend_protocol = "HTTP" - backend_port = 80 - target_type = "instance" - deregistration_delay = 10 - health_check = { - enabled = true - interval = 30 - path = "/app1/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - protocol = "HTTP" - matcher = "200-399" - } - protocol_version = "HTTP1" - # App1 Target Group - Targets - targets = { - my_app1_vm1 = { - target_id = module.ec2_private_app1.id[0] - port = 80 - }, - my_app1_vm2 = { - target_id = module.ec2_private_app1.id[1] - port = 80 - } - } - tags =local.common_tags # Target Group Tags - }, - # App2 Target Group - TG Index = 1 - { - name_prefix = "app2-" - backend_protocol = "HTTP" - backend_port = 80 - target_type = "instance" - deregistration_delay = 10 - health_check = { - enabled = true - interval = 30 - path = "/app2/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - protocol = "HTTP" - matcher = "200-399" - } - protocol_version = "HTTP1" - # App2 Target Group - Targets - targets = { - my_app2_vm1 = { - target_id = module.ec2_private_app2.id[0] - port = 80 - }, - my_app2_vm2 = { - target_id = module.ec2_private_app2.id[1] - port = 80 - } - } - tags =local.common_tags # Target Group Tags - } - ] - - # HTTPS Listener - https_listeners = [ - # HTTPS Listener Index = 0 for HTTPS 443 - { - port = 443 - protocol = "HTTPS" - certificate_arn = module.acm.this_acm_certificate_arn - action_type = "fixed-response" - fixed_response = { - content_type = "text/plain" - message_body = "Fixed Static message - for Root Context" - status_code = "200" - } - }, - ] - - # HTTPS Listener Rules - https_listener_rules = [ - # Rule-1: app1.devopsincloud.com should go to App1 EC2 Instances - { - https_listener_index = 0 - actions = [ - { - type = "forward" - target_group_index = 0 - } - ] - conditions = [{ - #path_patterns = ["/app1*"] - host_headers = [var.app1_dns_name] - }] - }, - # Rule-2: app2.devopsincloud.com should go to App2 EC2 Instances - { - https_listener_index = 0 - actions = [ - { - type = "forward" - target_group_index = 1 - } - ] - conditions = [{ - #path_patterns = ["/app2*"] - host_headers = [var.app2_dns_name] - }] - }, - ] - - tags = local.common_tags # ALB Tags -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf deleted file mode 100644 index 2db1d52e..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf +++ /dev/null @@ -1,65 +0,0 @@ -# Terraform AWS Application Load Balancer (ALB) Outputs -output "this_lb_id" { - description = "The ID and ARN of the load balancer we created." - value = module.alb.this_lb_id -} - -output "this_lb_arn" { - description = "The ID and ARN of the load balancer we created." - value = module.alb.this_lb_arn -} - -output "this_lb_dns_name" { - description = "The DNS name of the load balancer." - value = module.alb.this_lb_dns_name -} - -output "this_lb_arn_suffix" { - description = "ARN suffix of our load balancer - can be used with CloudWatch." - value = module.alb.this_lb_arn_suffix -} - -output "this_lb_zone_id" { - description = "The zone_id of the load balancer to assist with creating DNS records." - value = module.alb.this_lb_zone_id -} - -output "http_tcp_listener_arns" { - description = "The ARN of the TCP and HTTP load balancer listeners created." - value = module.alb.http_tcp_listener_arns -} - -output "http_tcp_listener_ids" { - description = "The IDs of the TCP and HTTP load balancer listeners created." - value = module.alb.http_tcp_listener_ids -} - -output "https_listener_arns" { - description = "The ARNs of the HTTPS load balancer listeners created." - value = module.alb.https_listener_arns -} - -output "https_listener_ids" { - description = "The IDs of the load balancer listeners created." - value = module.alb.https_listener_ids -} - -output "target_group_arns" { - description = "ARNs of the target groups. Useful for passing to your Auto Scaling group." - value = module.alb.target_group_arns -} - -output "target_group_arn_suffixes" { - description = "ARN suffixes of our target groups - can be used with CloudWatch." - value = module.alb.target_group_arn_suffixes -} - -output "target_group_names" { - description = "Name of the target group. Useful for passing to your CodeDeploy Deployment Group." - value = module.alb.target_group_names -} - -output "target_group_attachments" { - description = "ARNs of the target group attachment IDs." - value = module.alb.target_group_attachments -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c11-acm-certificatemanager.tf b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c11-acm-certificatemanager.tf deleted file mode 100644 index 50fe5ef7..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c11-acm-certificatemanager.tf +++ /dev/null @@ -1,20 +0,0 @@ -# ACM Module - To create and Verify SSL Certificates -module "acm" { - source = "terraform-aws-modules/acm/aws" - version = "2.14.0" - - domain_name = trimsuffix(data.aws_route53_zone.mydomain.name, ".") - zone_id = data.aws_route53_zone.mydomain.zone_id - - subject_alternative_names = [ - "*.devopsincloud.com" - ] - tags = local.common_tags -} - -# Output ACM Certificate ARN -output "this_acm_certificate_arn" { - description = "The ARN of the certificate" - value = module.acm.this_acm_certificate_arn -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c12-route53-dnsregistration.tf b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c12-route53-dnsregistration.tf deleted file mode 100644 index 97da8dfe..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c12-route53-dnsregistration.tf +++ /dev/null @@ -1,37 +0,0 @@ -# DNS Registration -## Default DNS -resource "aws_route53_record" "default_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = "myapps.devopsincloud.com" - type = "A" - alias { - name = module.alb.this_lb_dns_name - zone_id = module.alb.this_lb_zone_id - evaluate_target_health = true - } -} - -## App1 DNS -resource "aws_route53_record" "app1_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = var.app1_dns_name - type = "A" - alias { - name = module.alb.this_lb_dns_name - zone_id = module.alb.this_lb_zone_id - evaluate_target_health = true - } -} - - -## App2 DNS -resource "aws_route53_record" "app2_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = var.app2_dns_name - type = "A" - alias { - name = module.alb.this_lb_dns_name - zone_id = module.alb.this_lb_zone_id - evaluate_target_health = true - } -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c2-generic-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c2-generic-variables.tf deleted file mode 100644 index c238ceaa..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c2-generic-variables.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Input Variables -# AWS Region -variable "aws_region" { - description = "Region in which AWS Resources to be created" - type = string - default = "us-east-1" -} -# Environment Variable -variable "environment" { - description = "Environment Variable used as a prefix" - type = string - default = "dev" -} -# Business Division -variable "business_divsion" { - description = "Business Division in the large organization this Infrastructure belongs" - type = string - default = "sap" -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c3-local-values.tf b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c3-local-values.tf deleted file mode 100644 index 9465b846..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c3-local-values.tf +++ /dev/null @@ -1,11 +0,0 @@ -# Define Local Values in Terraform -locals { - owners = var.business_divsion - environment = var.environment - name = "${var.business_divsion}-${var.environment}" - #name = "${local.owners}-${local.environment}" - common_tags = { - owners = local.owners - environment = local.environment - } -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c4-01-vpc-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c4-01-vpc-variables.tf deleted file mode 100644 index b68d0a48..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c4-01-vpc-variables.tf +++ /dev/null @@ -1,77 +0,0 @@ -# VPC Input Variables - -# VPC Name -variable "vpc_name" { - description = "VPC Name" - type = string - default = "myvpc" -} - -# VPC CIDR Block -variable "vpc_cidr_block" { - description = "VPC CIDR Block" - type = string - default = "10.0.0.0/16" -} - -# VPC Availability Zones -variable "vpc_availability_zones" { - description = "VPC Availability Zones" - type = list(string) - default = ["us-east-1a", "us-east-1b"] -} - -# VPC Public Subnets -variable "vpc_public_subnets" { - description = "VPC Public Subnets" - type = list(string) - default = ["10.0.101.0/24", "10.0.102.0/24"] -} - -# VPC Private Subnets -variable "vpc_private_subnets" { - description = "VPC Private Subnets" - type = list(string) - default = ["10.0.1.0/24", "10.0.2.0/24"] -} - -# VPC Database Subnets -variable "vpc_database_subnets" { - description = "VPC Database Subnets" - type = list(string) - default = ["10.0.151.0/24", "10.0.152.0/24"] -} - -# VPC Create Database Subnet Group (True / False) -variable "vpc_create_database_subnet_group" { - description = "VPC Create Database Subnet Group" - type = bool - default = true -} - -# VPC Create Database Subnet Route Table (True or False) -variable "vpc_create_database_subnet_route_table" { - description = "VPC Create Database Subnet Route Table" - type = bool - default = true -} - - -# VPC Enable NAT Gateway (True or False) -variable "vpc_enable_nat_gateway" { - description = "Enable NAT Gateways for Private Subnets Outbound Communication" - type = bool - default = true -} - -# VPC Single NAT Gateway (True or False) -variable "vpc_single_nat_gateway" { - description = "Enable only single NAT Gateway in one Availability Zone to save costs during our demos" - type = bool - default = true -} - - - - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c4-02-vpc-module.tf b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c4-02-vpc-module.tf deleted file mode 100644 index 21a86db6..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c4-02-vpc-module.tf +++ /dev/null @@ -1,43 +0,0 @@ -# Create VPC Terraform Module -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - version = "2.78.0" - #version = "~> 2.78" - - # VPC Basic Details - name = "${local.name}-${var.vpc_name}" - cidr = var.vpc_cidr_block - azs = var.vpc_availability_zones - public_subnets = var.vpc_public_subnets - private_subnets = var.vpc_private_subnets - - # Database Subnets - database_subnets = var.vpc_database_subnets - create_database_subnet_group = var.vpc_create_database_subnet_group - create_database_subnet_route_table = var.vpc_create_database_subnet_route_table - # create_database_internet_gateway_route = true - # create_database_nat_gateway_route = true - - # NAT Gateways - Outbound Communication - enable_nat_gateway = var.vpc_enable_nat_gateway - single_nat_gateway = var.vpc_single_nat_gateway - - # VPC DNS Parameters - enable_dns_hostnames = true - enable_dns_support = true - - - tags = local.common_tags - vpc_tags = local.common_tags - - # Additional Tags to Subnets - public_subnet_tags = { - Type = "Public Subnets" - } - private_subnet_tags = { - Type = "Private Subnets" - } - database_subnet_tags = { - Type = "Private Database Subnets" - } -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c4-03-vpc-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c4-03-vpc-outputs.tf deleted file mode 100644 index c144e991..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c4-03-vpc-outputs.tf +++ /dev/null @@ -1,37 +0,0 @@ -# VPC Output Values - -# VPC ID -output "vpc_id" { - description = "The ID of the VPC" - value = module.vpc.vpc_id -} - -# VPC CIDR blocks -output "vpc_cidr_block" { - description = "The CIDR block of the VPC" - value = module.vpc.vpc_cidr_block -} - -# VPC Private Subnets -output "private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc.private_subnets -} - -# VPC Public Subnets -output "public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc.public_subnets -} - -# VPC NAT gateway Public IP -output "nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_public_ips -} - -# VPC AZs -output "azs" { - description = "A list of availability zones spefified as argument to this module" - value = module.vpc.azs -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c5-01-securitygroup-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c5-01-securitygroup-variables.tf deleted file mode 100644 index fecdef54..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c5-01-securitygroup-variables.tf +++ /dev/null @@ -1,2 +0,0 @@ -# AWS EC2 Security Group Terraform Variables -## Placeholder file for Variables diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c5-02-securitygroup-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c5-02-securitygroup-outputs.tf deleted file mode 100644 index ce756305..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c5-02-securitygroup-outputs.tf +++ /dev/null @@ -1,40 +0,0 @@ -# AWS EC2 Security Group Terraform Outputs - -# Public Bastion Host Security Group Outputs -## public_bastion_sg_group_id -output "public_bastion_sg_group_id" { - description = "The ID of the security group" - value = module.public_bastion_sg.this_security_group_id -} - -## public_bastion_sg_group_vpc_id -output "public_bastion_sg_group_vpc_id" { - description = "The VPC ID" - value = module.public_bastion_sg.this_security_group_vpc_id -} - -## public_bastion_sg_group_name -output "public_bastion_sg_group_name" { - description = "The name of the security group" - value = module.public_bastion_sg.this_security_group_name -} - -# Private EC2 Instances Security Group Outputs -## private_sg_group_id -output "private_sg_group_id" { - description = "The ID of the security group" - value = module.private_sg.this_security_group_id -} - -## private_sg_group_vpc_id -output "private_sg_group_vpc_id" { - description = "The VPC ID" - value = module.private_sg.this_security_group_vpc_id -} - -## private_sg_group_name -output "private_sg_group_name" { - description = "The name of the security group" - value = module.private_sg.this_security_group_name -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c5-03-securitygroup-bastionsg.tf b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c5-03-securitygroup-bastionsg.tf deleted file mode 100644 index e8c2a767..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c5-03-securitygroup-bastionsg.tf +++ /dev/null @@ -1,16 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Public Bastion Host -module "public_bastion_sg" { - source = "terraform-aws-modules/security-group/aws" - version = "3.18.0" - - name = "public-bastion-sg" - description = "Security Group with SSH port open for everybody (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c5-04-securitygroup-privatesg.tf b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c5-04-securitygroup-privatesg.tf deleted file mode 100644 index 0351a7ca..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c5-04-securitygroup-privatesg.tf +++ /dev/null @@ -1,17 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Private EC2 Instances -module "private_sg" { - source = "terraform-aws-modules/security-group/aws" - version = "3.18.0" - - name = "private-sg" - description = "Security Group with HTTP & SSH port open for entire VPC Block (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp", "http-80-tcp"] - ingress_cidr_blocks = [module.vpc.vpc_cidr_block] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf deleted file mode 100644 index ae0d8306..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf +++ /dev/null @@ -1,28 +0,0 @@ -# Security Group for Public Load Balancer -module "loadbalancer_sg" { - source = "terraform-aws-modules/security-group/aws" - version = "3.18.0" - - name = "loadbalancer-sg" - description = "Security Group with HTTP open for entire Internet (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["http-80-tcp", "https-443-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags - - # Open to CIDRs blocks (rule or from_port+to_port+protocol+description) - ingress_with_cidr_blocks = [ - { - from_port = 81 - to_port = 81 - protocol = 6 - description = "Allow Port 81 from internet" - cidr_blocks = "0.0.0.0/0" - }, - ] -} - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c6-01-datasource-ami.tf b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c6-01-datasource-ami.tf deleted file mode 100644 index c292b608..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c6-01-datasource-ami.tf +++ /dev/null @@ -1,21 +0,0 @@ -# Get latest AMI ID for Amazon Linux2 OS -data "aws_ami" "amzlinux2" { - most_recent = true - owners = [ "amazon" ] - filter { - name = "name" - values = [ "amzn2-ami-hvm-*-gp2" ] - } - filter { - name = "root-device-type" - values = [ "ebs" ] - } - filter { - name = "virtualization-type" - values = [ "hvm" ] - } - filter { - name = "architecture" - values = [ "x86_64" ] - } -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c6-02-datasource-route53-zone.tf b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c6-02-datasource-route53-zone.tf deleted file mode 100644 index a30979d5..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c6-02-datasource-route53-zone.tf +++ /dev/null @@ -1,16 +0,0 @@ -# Get DNS information from AWS Route53 -data "aws_route53_zone" "mydomain" { - name = "devopsincloud.com" -} - -# Output MyDomain Zone ID -output "mydomain_zoneid" { - description = "The Hosted Zone id of the desired Hosted Zone" - value = data.aws_route53_zone.mydomain.zone_id -} - -# Output MyDomain name -output "mydomain_name" { - description = " The Hosted Zone name of the desired Hosted Zone." - value = data.aws_route53_zone.mydomain.name -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c7-01-ec2instance-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c7-01-ec2instance-variables.tf deleted file mode 100644 index 5067bec2..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c7-01-ec2instance-variables.tf +++ /dev/null @@ -1,23 +0,0 @@ -# AWS EC2 Instance Terraform Variables -# EC2 Instance Variables - -# AWS EC2 Instance Type -variable "instance_type" { - description = "EC2 Instance Type" - type = string - default = "t3.micro" -} - -# AWS EC2 Instance Key Pair -variable "instance_keypair" { - description = "AWS EC2 Key pair that need to be associated with EC2 Instance" - type = string - default = "terraform-key" -} - -# AWS EC2 Private Instance Count -variable "private_instance_count" { - description = "AWS EC2 Private Instances Count" - type = number - default = 1 -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c7-02-ec2instance-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c7-02-ec2instance-outputs.tf deleted file mode 100644 index 7391ccea..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c7-02-ec2instance-outputs.tf +++ /dev/null @@ -1,40 +0,0 @@ -# AWS EC2 Instance Terraform Outputs -# Public EC2 Instances - Bastion Host - -## ec2_bastion_public_instance_ids -output "ec2_bastion_public_instance_ids" { - description = "List of IDs of instances" - value = module.ec2_public.id -} - -## ec2_bastion_public_ip -output "ec2_bastion_public_ip" { - description = "List of public IP addresses assigned to the instances" - value = module.ec2_public.public_ip -} - -# App1 - Private EC2 Instances -## ec2_private_instance_ids -output "app1_ec2_private_instance_ids" { - description = "List of IDs of instances" - value = module.ec2_private_app1.id -} -## ec2_private_ip -output "app1_ec2_private_ip" { - description = "List of private IP addresses assigned to the instances" - value = module.ec2_private_app1.private_ip -} - -# App2 - Private EC2 Instances -## ec2_private_instance_ids -output "app2_ec2_private_instance_ids" { - description = "List of IDs of instances" - value = module.ec2_private_app2.id -} -## ec2_private_ip -output "app2_ec2_private_ip" { - description = "List of private IP addresses assigned to the instances" - value = module.ec2_private_app2.private_ip -} - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c7-03-ec2instance-bastion.tf b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c7-03-ec2instance-bastion.tf deleted file mode 100644 index 4148f148..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c7-03-ec2instance-bastion.tf +++ /dev/null @@ -1,17 +0,0 @@ -# AWS EC2 Instance Terraform Module -# Bastion Host - EC2 Instance that will be created in VPC Public Subnet -module "ec2_public" { - source = "terraform-aws-modules/ec2-instance/aws" - version = "2.17.0" - # insert the 10 required variables here - name = "${var.environment}-BastionHost" - #instance_count = 5 - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - subnet_id = module.vpc.public_subnets[0] - vpc_security_group_ids = [module.public_bastion_sg.this_security_group_id] - tags = local.common_tags -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c7-04-ec2instance-private-app1.tf b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c7-04-ec2instance-private-app1.tf deleted file mode 100644 index 66d888d4..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c7-04-ec2instance-private-app1.tf +++ /dev/null @@ -1,24 +0,0 @@ -# AWS EC2 Instance Terraform Module -# EC2 Instances that will be created in VPC Private Subnets for App1 -module "ec2_private_app1" { - depends_on = [ module.vpc ] # VERY VERY IMPORTANT else userdata webserver provisioning will fail - source = "terraform-aws-modules/ec2-instance/aws" - version = "2.17.0" - # insert the 10 required variables here - name = "${var.environment}-app1" - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - vpc_security_group_ids = [module.private_sg.this_security_group_id] - #subnet_id = module.vpc.public_subnets[0] - subnet_ids = [ - module.vpc.private_subnets[0], - module.vpc.private_subnets[1] - ] - instance_count = var.private_instance_count - user_data = file("${path.module}/app1-install.sh") - tags = local.common_tags -} - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c7-05-ec2instance-private-app2.tf b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c7-05-ec2instance-private-app2.tf deleted file mode 100644 index 66da349a..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c7-05-ec2instance-private-app2.tf +++ /dev/null @@ -1,24 +0,0 @@ -# AWS EC2 Instance Terraform Module -# EC2 Instances that will be created in VPC Private Subnets for App2 -module "ec2_private_app2" { - depends_on = [ module.vpc ] # VERY VERY IMPORTANT else userdata webserver provisioning will fail - source = "terraform-aws-modules/ec2-instance/aws" - version = "2.17.0" - # insert the 10 required variables here - name = "${var.environment}-app2" - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - vpc_security_group_ids = [module.private_sg.this_security_group_id] - #subnet_id = module.vpc.public_subnets[0] - subnet_ids = [ - module.vpc.private_subnets[0], - module.vpc.private_subnets[1] - ] - instance_count = var.private_instance_count - user_data = file("${path.module}/app2-install.sh") - tags = local.common_tags -} - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c8-elasticip.tf b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c8-elasticip.tf deleted file mode 100644 index 07fe130b..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c8-elasticip.tf +++ /dev/null @@ -1,16 +0,0 @@ -# Create Elastic IP for Bastion Host -# Resource - depends_on Meta-Argument -resource "aws_eip" "bastion_eip" { - depends_on = [ module.ec2_public, module.vpc ] - instance = module.ec2_public.id[0] - vpc = true - tags = local.common_tags - -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) - provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c9-nullresource-provisioners.tf b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c9-nullresource-provisioners.tf deleted file mode 100644 index c9a1d2a8..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/c9-nullresource-provisioners.tf +++ /dev/null @@ -1,42 +0,0 @@ -# Create a Null Resource and Provisioners -resource "null_resource" "name" { - depends_on = [module.ec2_public] - # Connection Block for Provisioners to connect to EC2 Instance - connection { - type = "ssh" - host = aws_eip.bastion_eip.public_ip - user = "ec2-user" - password = "" - private_key = file("private-key/terraform-key.pem") - } - -## File Provisioner: Copies the terraform-key.pem file to /tmp/terraform-key-us-east-2.pem - provisioner "file" { - source = "private-key/terraform-key.pem" - destination = "/tmp/terraform-key.pem" - } -## Remote Exec Provisioner: Using remote-exec provisioner fix the private key permissions on Bastion Host - provisioner "remote-exec" { - inline = [ - "sudo chmod 400 /tmp/terraform-key.pem" - ] - } -## Local Exec Provisioner: local-exec provisioner (Creation-Time Provisioner - Triggered during Create Resource) - provisioner "local-exec" { - command = "echo VPC created on `date` and VPC ID: ${module.vpc.vpc_id} >> creation-time-vpc-id.txt" - working_dir = "local-exec-output-files/" - #on_failure = continue - } -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) -/* provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } - */ - -} - -# Creation Time Provisioners - By default they are created during resource creations (terraform apply) -# Destory Time Provisioners - Will be executed during "terraform destroy" command (when = destroy) \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/ec2instance.auto.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/ec2instance.auto.tfvars deleted file mode 100644 index 2d1c0446..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/ec2instance.auto.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -# EC2 Instance Variables -instance_type = "t3.micro" -instance_keypair = "terraform-key" -private_instance_count = 2 diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/loadbalancer.auto.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/loadbalancer.auto.tfvars deleted file mode 100644 index 0784e098..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/loadbalancer.auto.tfvars +++ /dev/null @@ -1,3 +0,0 @@ -# AWS Load Balancer Variables -app1_dns_name = "app1.devopsincloud.com" -app2_dns_name = "app2.devopsincloud.com" \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt deleted file mode 100644 index 749d7b43..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt +++ /dev/null @@ -1,7 +0,0 @@ -VPC created on Tue Apr 20 13:59:45 IST 2021 and VPC ID: vpc-0325dc1acd7eec103 -VPC created on Tue Apr 20 15:38:18 IST 2021 and VPC ID: vpc-0ada4f674de70b568 -VPC created on Thu Apr 22 11:41:49 IST 2021 and VPC ID: vpc-0ad139001a6b52da6 -VPC created on Thu Apr 22 14:12:55 IST 2021 and VPC ID: vpc-0230b618d0cd954ba -VPC created on Thu Apr 22 14:37:23 IST 2021 and VPC ID: vpc-033920cf9b2dcd7fa -VPC created on Fri Apr 23 10:23:25 IST 2021 and VPC ID: vpc-07f56cbdaa0491e20 -VPC created on Tue Apr 27 08:26:43 IST 2021 and VPC ID: vpc-01c5c36461f11275d diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/local-exec-output-files/destroy-time-prov.txt b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/local-exec-output-files/destroy-time-prov.txt deleted file mode 100644 index 888327c8..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/local-exec-output-files/destroy-time-prov.txt +++ /dev/null @@ -1,7 +0,0 @@ -Destroy time prov Tue Apr 20 14:11:11 IST 2021 -Destroy time prov Tue Apr 20 15:47:43 IST 2021 -Destroy time prov Thu Apr 22 12:11:35 IST 2021 -Destroy time prov Thu Apr 22 14:24:56 IST 2021 -Destroy time prov Thu Apr 22 14:49:18 IST 2021 -Destroy time prov Fri Apr 23 10:32:44 IST 2021 -Destroy time prov Tue Apr 27 08:41:33 IST 2021 diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/private-key/terraform-key-us-east-2.pem b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/private-key/terraform-key-us-east-2.pem deleted file mode 100644 index fa1c3685..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/private-key/terraform-key-us-east-2.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAm3BeIK0SgPAv+tu5Dcts5G6lbTwB0QrrGbCFGV5k9Yn35f8F -RoAVBqyFHjrcye7ZRYnrIbT4bzQKVwPz+AcNUj2Y+keXcAsB0v39C1VH2VieUCIr -rmHRggrzvI8P/cdzmuXuSwr38CfBC1BXhqPfrTJSEEqok1S2Rw78GW7S4e/OSEc/ -3p4dkNpVv3pTP3Ygq5DYVeLROq50LPF5NHmllnC0V9vlhFyPI5qMycJj3rx0HYYT -BCRF+TY7WyBYaH/EqCR37vajuzTYFrPhtPUoP3ryWEr0+OaMJzLW5IS4KNV7GkL9 -ceyPa9iW1E6J8B1hvT3+nOIUZhhZIXIXZbin+wIDAQABAoIBACHwDc0qnKCkUIWA -Fc5qPPM/KUVJVcgzjxND1DuuvXJS1lpULO2wp2aWolXwWiaIzM1/CGSKo7d78EoB -ZfIgcAslwdHbcbgX3yUXKXmg/Bf7Xk12uHzRhLHU/FSOE9rAAoCudTHTSkEYHPEA -cKvH+d1R4FMISfgpBcdMAUT4Snjj0NH11uFW37QtrAKziZKEeA1eU/mP4a9OL6qj -XGIaJeL5flhiNVqz9HPnY6fc3wUF2TBcMy+OBxt7VKFXtE8M06FhRn2MJyyE5tsp -ulfgJ5Y3bp1k5WFD4mmNt/97YopF5hA+3GXZlGtziZMrxjRS3j9EPVMhc7UkGdyf -Yd9NwcECgYEAyxTPUN1B5JU5u4Ki1qO8NrY8ESOA2rqRmd1wRHgsTN7iKPCD5890 -7BO8DosX7QJ6EBaxvtCAsP5mMMK4plAeh/UIn48TxnY1jgUds99R5goYM760S/in -3kLWMlqOxPjfthrmJ29tR2gQh3FK2N16hdMT5HTaHO90h9esrmnMAFsCgYEAw/Fr -7oThVGQIFGhTFvOa89rYjk5QFeVAfehT5/CWabYMFC5sTUTQLeW9MDNQS+ydKkDg -0yjUQEaAPwoKq2iQa8RJIRYKCEjzIn41mGGtpRo6IqYMnlXLSgR90gOKPyhwIwd3 -8mzytUqcsTbxax4sqXXLMtbPirZaRKvO/aB0iOECgYATvr45eonBk9C9LoJupBTU -rPtCH1WT7rfhYepcfeKwxqrumBP7IeyYV4LdVyDIZok/rzUw/EzG6LU+4G/bm8ac -KXLhMKQXk765RD4TEw9/clPQFCarjE2mCpGQ68Ud2aTGq+7cvrS9UJzqzlUcqMwU -3uT8PXBHh/ColIuxmY/AKQKBgGgVjWzlX0DR5kzY4hJWEyCoRtLJHNeUsP5w9GlH -rs62qpHp2xPskt1epXG+QFAkf5QbZJImpSEDkkpqTiKhZ94nJWWS7H9cKPNQsa2h -bXk/hlQzeo59KoDGBAQUZ1KHa5Hf/MJlR0QwPy4P7owlOjpGXUtDOnoHxcmmrkyh -+GVhAoGAQ6nIU1Nyw8PQmjfkgSu3mD56vFHUzO9lsjZOBgYXtDbdoQxaMoYpHKym -dmelrGzz/S60dQH+OpgqLOVARIk/z65wxKsxV+mDerUQZTEV/LkrA3+za2VxKS7L -7U5oa2lurCbiA8vyJPVEK92cTky/73keL5e9JxmDaHeiQEVr9Zw= ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/private-key/terraform-key.pem b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/private-key/terraform-key.pem deleted file mode 100644 index fab1eb2a..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/private-key/terraform-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAnzQtbXStFNU4znotckbPpAbQvymSYBvIRhObDObmhZLzs/Qm -lm57HBU18NcdAeEmKjHyu/2CI4Wwor3TJ+LTKHIldHmCt+26dSN5889Km99Af674 -nuPg9fTt8IXhY83aO0AeEnFivC+lk9+6Xezv7J7Llsmyx3kvUGE4uUEPNPuNcjdU -OrSlQ/Th9FPWBsTL8wLQCfQaPIQhZT8fXnvNGViTpZ/YqcoKGmkXcMl/+Pi0Xccs -ID3Egl18sV5uWr6T1DSMqhhwWYbl+IagZYUeKQ6Lg5znAtnX2/OHhDep6pGcf+aE -jbRkhQWgfLIVYhNXkAGxdxBEA2fQO0wvnaKI6wIDAQABAoIBABmUZqApmQ253LDA -TMEJw58VQUEVyuEKVbl8uPLvvqZDoEiPuAt/oOQ4PDyAM7bzmBA7ikbOSrSubF0Z -pu3HsinTfVUjmO84kTb1Bkk4S0KUMmbRlDzjXGfofLqiqD5C+wd+G9bWxQh7l10V -G3qv8TTRpuCJc+I9BG8jz9tkKq9WYtnGKXktVIAmEXK+ein8A5yj+szV1CyP0y6Y -6D1KApk+o1hLEXCBxaK6JgD4elJWgU0jCIhRFZzae93yozNIfJc2WZfPc8Ro6GBa -8H57q3E241P7S65VewhZlln9AUcRFYc587ohcCIW8mOWQ8NA3IMP+oVxa2p334Ll -duhR2jECgYEAyf7a1/+/c82B+ENyo53Y5CK2UM28oOJjiyCaWG2Dxj6V2+ZSXPrS -YTo43L9XiqT0Ry2eHjb4pJDsEeW5FnaDFO6NVUP+vfzaqWtozQmVAl3GQybbSh6g -+KJoEQff2Obadp9ZVhLFTiBedvGqPD43hs7jtmk5RfMjpLOvidfe+/UCgYEAycSJ -etYYHMMQm2NgX1/4dcbgOiu33N+x1H7LaXuvJMaZw0wB7fUyu65CAexEanDtiKs3 -jVG4tAzdMmHg7VxKR7eiCvQaSlxdWdcWtL2eFVq2TaQeowbpJUtsR0h6W0vpaN9A -VYW/oAH4fzQskwmWSlBMxB/Ie14hBCBckTXSRV8CgYEAql6WXpCK/jVbZfYdfvrn -sKPGeijM7DWGGBaLmAHmnxKyeyKsXVgAkZj11NpeD8ZJcq97Kajb1pGVSxMjJVsX -/FOoST5sYfoew76gSi/GypQlYQYo9z8WLh9s/tBRcTRlFqAYTYzPdbG/ezshhmZD -lyRw0620bNdCPOyBJhY5MPECgYA/3tFOazuSz0UQi3LUfkLetagBghlf+AgJJmIp -8BdPYvcF1ae+tiHrO4x1o188+qaW3uxk9fusM25KJqXXPaHd9gl7wi4YYAjFCcuM -R4IlbGPNTCjOnr9rKOcL4aup/uvSYOmyqPYyJq2NRuzdVumWeLj0VMNYGkIFVmE3 -LnxzrQKBgG5loEjdSKt40YOMXtYvUYUKDGvWgoQEb0hj3OqiBXz+w4YD3/iX7dbQ -qra1gCxE42Z9beiBiti6zi6zGcoVj/pfNUoyxTLMSwaytbF+g1u6ksXcmC9PXcmk -kJDR0DJcm/rcL8tp3PKo22GDB7sobm9gk5je6y8z+dQs3SQbWzb0 ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/terraform.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/terraform.tfvars deleted file mode 100644 index 8b9f8d7c..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/terraform.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# Generic Variables -aws_region = "us-east-1" -environment = "stag" -business_divsion = "hr" - - - - - - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/vpc.auto.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/vpc.auto.tfvars deleted file mode 100644 index fc45bf29..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/11-ALB-Host-Header-Based-Routing/terraform-manifests/vpc.auto.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# VPC Variables -vpc_name = "myvpc" -vpc_cidr_block = "10.0.0.0/16" -vpc_availability_zones = ["us-east-1a", "us-east-1b"] -vpc_public_subnets = ["10.0.101.0/24", "10.0.102.0/24"] -vpc_private_subnets = ["10.0.1.0/24", "10.0.2.0/24"] -vpc_database_subnets= ["10.0.151.0/24", "10.0.152.0/24"] -vpc_create_database_subnet_group = true -vpc_create_database_subnet_route_table = true -vpc_enable_nat_gateway = true -vpc_single_nat_gateway = true \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/README.md b/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/README.md deleted file mode 100644 index 98ab8322..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/README.md +++ /dev/null @@ -1,295 +0,0 @@ ---- -title: AWS ALB Different Listener Rules for Routing -description: Create AWS Application Load Balancer Custom HTTP Header, 302 Redirects with Query String and Host Headers ---- -# AWS ALB Query String, Host Header Redirects and Custom Header Routing - -## Pre-requisites -- You need a Registered Domain in AWS Route53 to implement this usecase -- Copy your `terraform-key.pem` file to `terraform-manifests/private-key` folder - -## Step-01: Introduction -- We are going to implement four AWS ALB Application HTTPS Listener Rules -- Rule-1 and Rule-2 will outline the Custom HTTP Header based Routing -- Rule-3 and Rule-4 will outline the HTTP Redirect using Query String and Host Header based rules -- **Rule-1:** custom-header=my-app-1 should go to App1 EC2 Instances -- **Rule-2:** custom-header=my-app-2 should go to App2 EC2 Instances -- **Rule-3:** When Query-String, website=aws-eks redirect to https://stacksimplify.com/aws-eks/ -- **Rule-4:** When Host Header = azure-aks.devopsincloud.com, redirect to https://stacksimplify. - -- Understand about Priority feature for Rules `priority = 2` - -[](https://stacksimplify.com/course-images/terraform-aws-alb-custom-header-routing-redirects302-querystring-1.png) - -[](https://stacksimplify.com/course-images/terraform-aws-alb-custom-header-routing-redirects302-querystring-2.png) - -## Step-02: c10-02-ALB-application-loadbalancer.tf -- Define different HTTPS Listener Rules for ALB Load Balancer -### Step-02-01: Rule-1: Custom Header Rule for App-1 -- Rule-1: custom-header=my-app-1 should go to App1 EC2 Instances -```t - # Rule-1: custom-header=my-app-1 should go to App1 EC2 Instances - { - https_listener_index = 0 - priority = 1 - actions = [ - { - type = "forward" - target_group_index = 0 - } - ] - conditions = [{ - #path_patterns = ["/app1*"] - #host_headers = [var.app1_dns_name] - http_headers = [{ - http_header_name = "custom-header" - values = ["app-1", "app1", "my-app-1"] - }] - }] - }, -``` -### Step-02-02: Rule-2: Custom Header Rule for App-1 -- Rule-2: custom-header=my-app-2 should go to App2 EC2 Instances -```t - # Rule-2: custom-header=my-app-2 should go to App2 EC2 Instances - { - https_listener_index = 0 - priority = 2 - actions = [ - { - type = "forward" - target_group_index = 1 - } - ] - conditions = [{ - #path_patterns = ["/app2*"] - #host_headers = [var.app2_dns_name] - http_headers = [{ - http_header_name = "custom-header" - values = ["app-2", "app2", "my-app-2"] - }] - }] - }, -``` -### Step-02-03: Rule-3: Query String Redirect -- Rule-3: When Query-String, website=aws-eks redirect to https://stacksimplify.com/aws-eks/ -```t - # Rule-3: When Query-String, website=aws-eks redirect to https://stacksimplify.com/aws-eks/ - { - https_listener_index = 0 - priority = 3 - actions = [{ - type = "redirect" - status_code = "HTTP_302" - host = "stacksimplify.com" - path = "/aws-eks/" - query = "" - protocol = "HTTPS" - }] - conditions = [{ - query_strings = [{ - key = "website" - value = "aws-eks" - }] - }] - }, -``` -### Step-02-04: Rule-4: Host Header Redirect -- Rule-4: When Host Header = azure-aks.devopsincloud.com, redirect to https://stacksimplify.com/azure-aks/azure-kubernetes-service-introduction/ -```t - # Rule-4: When Host Header = azure-aks.devopsincloud.com, redirect to https://stacksimplify.com/azure-aks/azure-kubernetes-service-introduction/ - { - https_listener_index = 0 - priority = 4 - actions = [{ - type = "redirect" - status_code = "HTTP_302" - host = "stacksimplify.com" - path = "/azure-aks/azure-kubernetes-service-introduction/" - query = "" - protocol = "HTTPS" - }] - conditions = [{ - host_headers = ["azure-aks11.devopsincloud.com"] - }] - }, -``` - -## Step-03: c12-route53-dnsregistration.tf -```t -# DNS Registration -## Default DNS -resource "aws_route53_record" "default_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = "myapps11.devopsincloud.com" - type = "A" - alias { - name = module.alb.this_lb_dns_name - zone_id = module.alb.this_lb_zone_id - evaluate_target_health = true - } -} - -## Testing Host Header - Redirect to External Site from ALB HTTPS Listener Rules -resource "aws_route53_record" "app1_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = "azure-aks11.devopsincloud.com" - type = "A" - alias { - name = module.alb.this_lb_dns_name - zone_id = module.alb.this_lb_zone_id - evaluate_target_health = true - } -} -``` -## Step-04: Terraform ALB Module v6.0.0 Changes -### Step-04-01: c10-02-ALB-application-loadbalancer.tf -```t -# Before - version = "5.16.0" - -# After - version = "6.0.0" -``` -### Step-04-02: c10-03-ALB-application-loadbalancer-outputs.tf -- [ALB Outpus Reference](https://github.com/terraform-aws-modules/terraform-aws-alb/blob/v6.0.0/examples/complete-alb/outputs.tf) -- `this_` is removed from few of the outputs of ALB Module -- So we can use the latest `outputs` from this section onwards -- Update `c10-03-ALB-application-loadbalancer-outputs.tf` with latest outputs -```t -output "lb_id" { - description = "The ID and ARN of the load balancer we created." - value = module.alb.lb_id -} - -output "lb_arn" { - description = "The ID and ARN of the load balancer we created." - value = module.alb.lb_arn -} - -output "lb_dns_name" { - description = "The DNS name of the load balancer." - value = module.alb.lb_dns_name -} - -output "lb_arn_suffix" { - description = "ARN suffix of our load balancer - can be used with CloudWatch." - value = module.alb.lb_arn_suffix -} - -output "lb_zone_id" { - description = "The zone_id of the load balancer to assist with creating DNS records." - value = module.alb.lb_zone_id -} - -output "http_tcp_listener_arns" { - description = "The ARN of the TCP and HTTP load balancer listeners created." - value = module.alb.http_tcp_listener_arns -} - -output "http_tcp_listener_ids" { - description = "The IDs of the TCP and HTTP load balancer listeners created." - value = module.alb.http_tcp_listener_ids -} - -output "https_listener_arns" { - description = "The ARNs of the HTTPS load balancer listeners created." - value = module.alb.https_listener_arns -} - -output "https_listener_ids" { - description = "The IDs of the load balancer listeners created." - value = module.alb.https_listener_ids -} - -output "target_group_arns" { - description = "ARNs of the target groups. Useful for passing to your Auto Scaling group." - value = module.alb.target_group_arns -} - -output "target_group_arn_suffixes" { - description = "ARN suffixes of our target groups - can be used with CloudWatch." - value = module.alb.target_group_arn_suffixes -} - -output "target_group_names" { - description = "Name of the target group. Useful for passing to your CodeDeploy Deployment Group." - value = module.alb.target_group_names -} - -output "target_group_attachments" { - description = "ARNs of the target group attachment IDs." - value = module.alb.target_group_attachments -} -``` - -### Step-04-03: c12-route53-dnsregistration.tf -```t -# Before - name = module.alb.this_lb_dns_name - zone_id = module.alb.this_lb_zone_id - -# After - name = module.alb.lb_dns_name - zone_id = module.alb.lb_zone_id -``` - - -## Step-05: Execute Terraform Commands -```t -# Terraform Initialize -terraform init - -# Terraform Validate -terraform validate - -# Terraform Plan -terraform plan - -# Terrform Apply -terraform apply -auto-approve -``` - -## Step-06: Verify HTTP Header Based Routing (Rule-1 and Rule-2) -- Rest Clinets we can use -- https://restninja.io/ -- https://www.webtools.services/online-rest-api-client -- https://reqbin.com/ -```t -# Verify Rule-1 and Rule-2 -https://myapps.devopsincloud.com -custom-header = my-app-1 - Should get the page from App1 -custom-header = my-app-2 - Should get the page from App2 -``` - -## Step-07: Verify Rule-3 -- When Query-String, website=aws-eks redirect to https://stacksimplify.com/aws-eks/ -```t -# Verify Rule-3 -https://myapps.devopsincloud.com/?website=aws-eks -Observation: -1. Should Redirect to https://stacksimplify.com/aws-eks/ -``` - -## Step-08: Verify Rule-4 -- When Host Header = azure-aks.devopsincloud.com, redirect to https://stacksimplify.com/azure-aks/azure-kubernetes-service-introduction/ -```t -# Verify Rule-4 -http://azure-aks.devopsincloud.com -Observation: -1. Should redirect to https://stacksimplify.com/azure-aks/azure-kubernetes-service-introduction/ -``` - -## Step-09: Clean-Up -```t -# Destroy Resources -terraform destroy -auto-approve - -# Delete Files -rm -rf .terraform* -rm -rf terraform.tfstate -``` - - -## References -- [Terraform AWS ALB](https://github.com/terraform-aws-modules/terraform-aws-alb) diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/.terraform.lock.hcl b/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/.terraform.lock.hcl deleted file mode 100644 index 928c1d7b..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/.terraform.lock.hcl +++ /dev/null @@ -1,42 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "3.75.2" - constraints = ">= 2.42.0, >= 2.53.0, >= 2.65.0, >= 2.70.0, ~> 3.0, >= 3.27.0" - hashes = [ - "h1:lcSLAmkNM1FvNhqAEbh2oTZRqF37HKRh1Di8LvssYBY=", - "zh:0e75fb14ec42d69bc46461dd54016bb2487d38da324222cec20863918b8954c4", - "zh:30831a1fe29f005d8b809250b43d09522288db45d474c9d238b26f40bdca2388", - "zh:36163d625ab2999c9cd31ef2475d978f9f033a8dfa0d585f1665f2d6492fac4b", - "zh:48ec39685541e4ddd8ddd196e2cfb72516b87f471d86ac3892bc11f83c573199", - "zh:707b9c8775efd6962b6226d914ab25f308013bba1f68953daa77adca99ff6807", - "zh:72bd9f4609a827afa366c6f119c7dec7d73a35d712dad1457c0497d87bf8d160", - "zh:930e3ae3d0cb152e17ee5a8aee5cb47f7613d6421bc7c22e7f50c19da484a100", - "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:a19bf49b80101a0f0272b994153eeff8f8c206ecc592707bfbce7563355b6882", - "zh:a34b5d2bbaf52285b0c9a8df6258f4789f4d927ff777e126bdc77e7887abbeaa", - "zh:caad6fd5e79eae33e6d74e38c3b15c28a5482f2a1a8ca46cc1ee70089de61adb", - "zh:f2eae988635030de9a088f8058fbcd91e2014a8312a48b16bfd09a9d69d9d6f7", - ] -} - -provider "registry.terraform.io/hashicorp/null" { - version = "3.1.1" - constraints = "~> 3.0" - hashes = [ - "h1:Pctug/s/2Hg5FJqjYcTM0kPyx3AoYK1MpRWO0T9V2ns=", - "zh:063466f41f1d9fd0dd93722840c1314f046d8760b1812fa67c34de0afcba5597", - "zh:08c058e367de6debdad35fc24d97131c7cf75103baec8279aba3506a08b53faf", - "zh:73ce6dff935150d6ddc6ac4a10071e02647d10175c173cfe5dca81f3d13d8afe", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:8fdd792a626413502e68c195f2097352bdc6a0df694f7df350ed784741eb587e", - "zh:976bbaf268cb497400fd5b3c774d218f3933271864345f18deebe4dcbfcd6afa", - "zh:b21b78ca581f98f4cdb7a366b03ae9db23a73dfa7df12c533d7c19b68e9e72e5", - "zh:b7fc0c1615dbdb1d6fd4abb9c7dc7da286631f7ca2299fb9cd4664258ccfbff4", - "zh:d1efc942b2c44345e0c29bc976594cb7278c38cfb8897b344669eafbc3cddf46", - "zh:e356c245b3cd9d4789bab010893566acace682d7db877e52d40fc4ca34a50924", - "zh:ea98802ba92fcfa8cf12cbce2e9e7ebe999afbf8ed47fa45fc847a098d89468b", - "zh:eff8872458806499889f6927b5d954560f3d74bf20b6043409edf94d26cd906f", - ] -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/app1-install.sh b/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/app1-install.sh deleted file mode 100644 index f697dd1d..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/app1-install.sh +++ /dev/null @@ -1,12 +0,0 @@ -#! /bin/bash -# Instance Identity Metadata Reference - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html -sudo yum update -y -sudo yum install -y httpd -sudo systemctl enable httpd -sudo service httpd start -sudo echo 'Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app1/index.html -sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app1/metadata.html - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/app2-install.sh b/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/app2-install.sh deleted file mode 100644 index 805d4bea..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/app2-install.sh +++ /dev/null @@ -1,12 +0,0 @@ -#! /bin/bash -# Instance Identity Metadata Reference - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html -sudo yum update -y -sudo yum install -y httpd -sudo systemctl enable httpd -sudo service httpd start -sudo echo 'Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app2/index.html -sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app2/metadata.html - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c1-versions.tf b/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c1-versions.tf deleted file mode 100644 index 52d9f8d4..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c1-versions.tf +++ /dev/null @@ -1,24 +0,0 @@ -# Terraform Block -terraform { - required_version = ">= 1.0" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 3.0" - } - null = { - source = "hashicorp/null" - version = "~> 3.0" - } - } -} - -# Provider Block -provider "aws" { - region = var.aws_region - profile = "default" -} -/* -Note-1: AWS Credentials Profile (profile = "default") configured on your local desktop terminal -$HOME/.aws/credentials -*/ diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf deleted file mode 100644 index a4c16d05..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf +++ /dev/null @@ -1,14 +0,0 @@ -# Terraform AWS Application Load Balancer Variables -# Place holder file for AWS ALB Variables - -# App1 DNS Name -variable "app1_dns_name" { - description = "App1 DNS Name" -} - -# App2 DNS Name -variable "app2_dns_name" { - description = "App2 DNS Name" -} - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c10-02-ALB-application-loadbalancer.tf b/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c10-02-ALB-application-loadbalancer.tf deleted file mode 100644 index a58334ba..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c10-02-ALB-application-loadbalancer.tf +++ /dev/null @@ -1,190 +0,0 @@ -# Terraform AWS Application Load Balancer (ALB) -module "alb" { - source = "terraform-aws-modules/alb/aws" - #version = "5.16.0" - version = "6.0.0" - - name = "${local.name}-alb" - load_balancer_type = "application" - vpc_id = module.vpc.vpc_id - subnets = [ - module.vpc.public_subnets[0], - module.vpc.public_subnets[1] - ] - security_groups = [module.loadbalancer_sg.this_security_group_id] - # Listeners - # HTTP Listener - HTTP to HTTPS Redirect - http_tcp_listeners = [ - { - port = 80 - protocol = "HTTP" - action_type = "redirect" - redirect = { - port = "443" - protocol = "HTTPS" - status_code = "HTTP_301" - } - } - ] - # Target Groups - target_groups = [ - # App1 Target Group - TG Index = 0 - { - name_prefix = "app1-" - backend_protocol = "HTTP" - backend_port = 80 - target_type = "instance" - deregistration_delay = 10 - health_check = { - enabled = true - interval = 30 - path = "/app1/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - protocol = "HTTP" - matcher = "200-399" - } - protocol_version = "HTTP1" - # App1 Target Group - Targets - targets = { - my_app1_vm1 = { - target_id = module.ec2_private_app1.id[0] - port = 80 - }, - my_app1_vm2 = { - target_id = module.ec2_private_app1.id[1] - port = 80 - } - } - tags =local.common_tags # Target Group Tags - }, - # App2 Target Group - TG Index = 1 - { - name_prefix = "app2-" - backend_protocol = "HTTP" - backend_port = 80 - target_type = "instance" - deregistration_delay = 10 - health_check = { - enabled = true - interval = 30 - path = "/app2/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - protocol = "HTTP" - matcher = "200-399" - } - protocol_version = "HTTP1" - # App2 Target Group - Targets - targets = { - my_app2_vm1 = { - target_id = module.ec2_private_app2.id[0] - port = 80 - }, - my_app2_vm2 = { - target_id = module.ec2_private_app2.id[1] - port = 80 - } - } - tags =local.common_tags # Target Group Tags - } - ] - - # HTTPS Listener - https_listeners = [ - # HTTPS Listener Index = 0 for HTTPS 443 - { - port = 443 - protocol = "HTTPS" - certificate_arn = module.acm.this_acm_certificate_arn - action_type = "fixed-response" - fixed_response = { - content_type = "text/plain" - message_body = "Fixed Static message - for Root Context" - status_code = "200" - } - }, - ] - - # HTTPS Listener Rules - https_listener_rules = [ - # Rule-1: custom-header=my-app-1 should go to App1 EC2 Instances - { - https_listener_index = 0 - priority = 1 - actions = [ - { - type = "forward" - target_group_index = 0 - } - ] - conditions = [{ - #path_patterns = ["/app1*"] - #host_headers = [var.app1_dns_name] - http_headers = [{ - http_header_name = "custom-header" - values = ["app-1", "app1", "my-app-1"] - }] - }] - }, - # Rule-2: custom-header=my-app-2 should go to App2 EC2 Instances - { - https_listener_index = 0 - priority = 2 - actions = [ - { - type = "forward" - target_group_index = 1 - } - ] - conditions = [{ - #path_patterns = ["/app2*"] - #host_headers = [var.app2_dns_name] - http_headers = [{ - http_header_name = "custom-header" - values = ["app-2", "app2", "my-app-2"] - }] - }] - }, - # Rule-3: When Query-String, website=aws-eks redirect to https://stacksimplify.com/aws-eks/ - { - https_listener_index = 0 - priority = 3 - actions = [{ - type = "redirect" - status_code = "HTTP_302" - host = "stacksimplify.com" - path = "/aws-eks/" - query = "" - protocol = "HTTPS" - }] - conditions = [{ - query_strings = [{ - key = "website" - value = "aws-eks" - }] - }] - }, - # Rule-4: When Host Header = azure-aks.devopsincloud.com, redirect to https://stacksimplify.com/azure-aks/azure-kubernetes-service-introduction/ - { - https_listener_index = 0 - priority = 4 - actions = [{ - type = "redirect" - status_code = "HTTP_302" - host = "stacksimplify.com" - path = "/azure-aks/azure-kubernetes-service-introduction/" - query = "" - protocol = "HTTPS" - }] - conditions = [{ - host_headers = ["azure-aks101.devopsincloud.com"] - }] - }, - ] - tags = local.common_tags # ALB Tags -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf deleted file mode 100644 index dd3fd9fa..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf +++ /dev/null @@ -1,65 +0,0 @@ -# Terraform AWS Application Load Balancer (ALB) Outputs -output "lb_id" { - description = "The ID and ARN of the load balancer we created." - value = module.alb.lb_id -} - -output "lb_arn" { - description = "The ID and ARN of the load balancer we created." - value = module.alb.lb_arn -} - -output "lb_dns_name" { - description = "The DNS name of the load balancer." - value = module.alb.lb_dns_name -} - -output "lb_arn_suffix" { - description = "ARN suffix of our load balancer - can be used with CloudWatch." - value = module.alb.lb_arn_suffix -} - -output "lb_zone_id" { - description = "The zone_id of the load balancer to assist with creating DNS records." - value = module.alb.lb_zone_id -} - -output "http_tcp_listener_arns" { - description = "The ARN of the TCP and HTTP load balancer listeners created." - value = module.alb.http_tcp_listener_arns -} - -output "http_tcp_listener_ids" { - description = "The IDs of the TCP and HTTP load balancer listeners created." - value = module.alb.http_tcp_listener_ids -} - -output "https_listener_arns" { - description = "The ARNs of the HTTPS load balancer listeners created." - value = module.alb.https_listener_arns -} - -output "https_listener_ids" { - description = "The IDs of the load balancer listeners created." - value = module.alb.https_listener_ids -} - -output "target_group_arns" { - description = "ARNs of the target groups. Useful for passing to your Auto Scaling group." - value = module.alb.target_group_arns -} - -output "target_group_arn_suffixes" { - description = "ARN suffixes of our target groups - can be used with CloudWatch." - value = module.alb.target_group_arn_suffixes -} - -output "target_group_names" { - description = "Name of the target group. Useful for passing to your CodeDeploy Deployment Group." - value = module.alb.target_group_names -} - -output "target_group_attachments" { - description = "ARNs of the target group attachment IDs." - value = module.alb.target_group_attachments -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c11-acm-certificatemanager.tf b/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c11-acm-certificatemanager.tf deleted file mode 100644 index 50fe5ef7..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c11-acm-certificatemanager.tf +++ /dev/null @@ -1,20 +0,0 @@ -# ACM Module - To create and Verify SSL Certificates -module "acm" { - source = "terraform-aws-modules/acm/aws" - version = "2.14.0" - - domain_name = trimsuffix(data.aws_route53_zone.mydomain.name, ".") - zone_id = data.aws_route53_zone.mydomain.zone_id - - subject_alternative_names = [ - "*.devopsincloud.com" - ] - tags = local.common_tags -} - -# Output ACM Certificate ARN -output "this_acm_certificate_arn" { - description = "The ARN of the certificate" - value = module.acm.this_acm_certificate_arn -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c12-route53-dnsregistration.tf b/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c12-route53-dnsregistration.tf deleted file mode 100644 index 930636aa..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c12-route53-dnsregistration.tf +++ /dev/null @@ -1,25 +0,0 @@ -# DNS Registration -## Default DNS -resource "aws_route53_record" "default_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = "myapps101.devopsincloud.com" - type = "A" - alias { - name = module.alb.lb_dns_name - zone_id = module.alb.lb_zone_id - evaluate_target_health = true - } -} - -## Testing Host Header - Redirect to External Site from ALB HTTPS Listener Rules -resource "aws_route53_record" "app1_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = "azure-aks101.devopsincloud.com" - type = "A" - alias { - name = module.alb.lb_dns_name - zone_id = module.alb.lb_zone_id - evaluate_target_health = true - } -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c2-generic-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c2-generic-variables.tf deleted file mode 100644 index c238ceaa..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c2-generic-variables.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Input Variables -# AWS Region -variable "aws_region" { - description = "Region in which AWS Resources to be created" - type = string - default = "us-east-1" -} -# Environment Variable -variable "environment" { - description = "Environment Variable used as a prefix" - type = string - default = "dev" -} -# Business Division -variable "business_divsion" { - description = "Business Division in the large organization this Infrastructure belongs" - type = string - default = "sap" -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c3-local-values.tf b/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c3-local-values.tf deleted file mode 100644 index 9465b846..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c3-local-values.tf +++ /dev/null @@ -1,11 +0,0 @@ -# Define Local Values in Terraform -locals { - owners = var.business_divsion - environment = var.environment - name = "${var.business_divsion}-${var.environment}" - #name = "${local.owners}-${local.environment}" - common_tags = { - owners = local.owners - environment = local.environment - } -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c4-01-vpc-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c4-01-vpc-variables.tf deleted file mode 100644 index b68d0a48..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c4-01-vpc-variables.tf +++ /dev/null @@ -1,77 +0,0 @@ -# VPC Input Variables - -# VPC Name -variable "vpc_name" { - description = "VPC Name" - type = string - default = "myvpc" -} - -# VPC CIDR Block -variable "vpc_cidr_block" { - description = "VPC CIDR Block" - type = string - default = "10.0.0.0/16" -} - -# VPC Availability Zones -variable "vpc_availability_zones" { - description = "VPC Availability Zones" - type = list(string) - default = ["us-east-1a", "us-east-1b"] -} - -# VPC Public Subnets -variable "vpc_public_subnets" { - description = "VPC Public Subnets" - type = list(string) - default = ["10.0.101.0/24", "10.0.102.0/24"] -} - -# VPC Private Subnets -variable "vpc_private_subnets" { - description = "VPC Private Subnets" - type = list(string) - default = ["10.0.1.0/24", "10.0.2.0/24"] -} - -# VPC Database Subnets -variable "vpc_database_subnets" { - description = "VPC Database Subnets" - type = list(string) - default = ["10.0.151.0/24", "10.0.152.0/24"] -} - -# VPC Create Database Subnet Group (True / False) -variable "vpc_create_database_subnet_group" { - description = "VPC Create Database Subnet Group" - type = bool - default = true -} - -# VPC Create Database Subnet Route Table (True or False) -variable "vpc_create_database_subnet_route_table" { - description = "VPC Create Database Subnet Route Table" - type = bool - default = true -} - - -# VPC Enable NAT Gateway (True or False) -variable "vpc_enable_nat_gateway" { - description = "Enable NAT Gateways for Private Subnets Outbound Communication" - type = bool - default = true -} - -# VPC Single NAT Gateway (True or False) -variable "vpc_single_nat_gateway" { - description = "Enable only single NAT Gateway in one Availability Zone to save costs during our demos" - type = bool - default = true -} - - - - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c4-02-vpc-module.tf b/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c4-02-vpc-module.tf deleted file mode 100644 index 21a86db6..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c4-02-vpc-module.tf +++ /dev/null @@ -1,43 +0,0 @@ -# Create VPC Terraform Module -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - version = "2.78.0" - #version = "~> 2.78" - - # VPC Basic Details - name = "${local.name}-${var.vpc_name}" - cidr = var.vpc_cidr_block - azs = var.vpc_availability_zones - public_subnets = var.vpc_public_subnets - private_subnets = var.vpc_private_subnets - - # Database Subnets - database_subnets = var.vpc_database_subnets - create_database_subnet_group = var.vpc_create_database_subnet_group - create_database_subnet_route_table = var.vpc_create_database_subnet_route_table - # create_database_internet_gateway_route = true - # create_database_nat_gateway_route = true - - # NAT Gateways - Outbound Communication - enable_nat_gateway = var.vpc_enable_nat_gateway - single_nat_gateway = var.vpc_single_nat_gateway - - # VPC DNS Parameters - enable_dns_hostnames = true - enable_dns_support = true - - - tags = local.common_tags - vpc_tags = local.common_tags - - # Additional Tags to Subnets - public_subnet_tags = { - Type = "Public Subnets" - } - private_subnet_tags = { - Type = "Private Subnets" - } - database_subnet_tags = { - Type = "Private Database Subnets" - } -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c4-03-vpc-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c4-03-vpc-outputs.tf deleted file mode 100644 index c144e991..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c4-03-vpc-outputs.tf +++ /dev/null @@ -1,37 +0,0 @@ -# VPC Output Values - -# VPC ID -output "vpc_id" { - description = "The ID of the VPC" - value = module.vpc.vpc_id -} - -# VPC CIDR blocks -output "vpc_cidr_block" { - description = "The CIDR block of the VPC" - value = module.vpc.vpc_cidr_block -} - -# VPC Private Subnets -output "private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc.private_subnets -} - -# VPC Public Subnets -output "public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc.public_subnets -} - -# VPC NAT gateway Public IP -output "nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_public_ips -} - -# VPC AZs -output "azs" { - description = "A list of availability zones spefified as argument to this module" - value = module.vpc.azs -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c5-01-securitygroup-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c5-01-securitygroup-variables.tf deleted file mode 100644 index fecdef54..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c5-01-securitygroup-variables.tf +++ /dev/null @@ -1,2 +0,0 @@ -# AWS EC2 Security Group Terraform Variables -## Placeholder file for Variables diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c5-02-securitygroup-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c5-02-securitygroup-outputs.tf deleted file mode 100644 index ce756305..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c5-02-securitygroup-outputs.tf +++ /dev/null @@ -1,40 +0,0 @@ -# AWS EC2 Security Group Terraform Outputs - -# Public Bastion Host Security Group Outputs -## public_bastion_sg_group_id -output "public_bastion_sg_group_id" { - description = "The ID of the security group" - value = module.public_bastion_sg.this_security_group_id -} - -## public_bastion_sg_group_vpc_id -output "public_bastion_sg_group_vpc_id" { - description = "The VPC ID" - value = module.public_bastion_sg.this_security_group_vpc_id -} - -## public_bastion_sg_group_name -output "public_bastion_sg_group_name" { - description = "The name of the security group" - value = module.public_bastion_sg.this_security_group_name -} - -# Private EC2 Instances Security Group Outputs -## private_sg_group_id -output "private_sg_group_id" { - description = "The ID of the security group" - value = module.private_sg.this_security_group_id -} - -## private_sg_group_vpc_id -output "private_sg_group_vpc_id" { - description = "The VPC ID" - value = module.private_sg.this_security_group_vpc_id -} - -## private_sg_group_name -output "private_sg_group_name" { - description = "The name of the security group" - value = module.private_sg.this_security_group_name -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c5-03-securitygroup-bastionsg.tf b/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c5-03-securitygroup-bastionsg.tf deleted file mode 100644 index e8c2a767..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c5-03-securitygroup-bastionsg.tf +++ /dev/null @@ -1,16 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Public Bastion Host -module "public_bastion_sg" { - source = "terraform-aws-modules/security-group/aws" - version = "3.18.0" - - name = "public-bastion-sg" - description = "Security Group with SSH port open for everybody (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c5-04-securitygroup-privatesg.tf b/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c5-04-securitygroup-privatesg.tf deleted file mode 100644 index 0351a7ca..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c5-04-securitygroup-privatesg.tf +++ /dev/null @@ -1,17 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Private EC2 Instances -module "private_sg" { - source = "terraform-aws-modules/security-group/aws" - version = "3.18.0" - - name = "private-sg" - description = "Security Group with HTTP & SSH port open for entire VPC Block (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp", "http-80-tcp"] - ingress_cidr_blocks = [module.vpc.vpc_cidr_block] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf b/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf deleted file mode 100644 index ae0d8306..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf +++ /dev/null @@ -1,28 +0,0 @@ -# Security Group for Public Load Balancer -module "loadbalancer_sg" { - source = "terraform-aws-modules/security-group/aws" - version = "3.18.0" - - name = "loadbalancer-sg" - description = "Security Group with HTTP open for entire Internet (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["http-80-tcp", "https-443-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags - - # Open to CIDRs blocks (rule or from_port+to_port+protocol+description) - ingress_with_cidr_blocks = [ - { - from_port = 81 - to_port = 81 - protocol = 6 - description = "Allow Port 81 from internet" - cidr_blocks = "0.0.0.0/0" - }, - ] -} - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c6-01-datasource-ami.tf b/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c6-01-datasource-ami.tf deleted file mode 100644 index c292b608..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c6-01-datasource-ami.tf +++ /dev/null @@ -1,21 +0,0 @@ -# Get latest AMI ID for Amazon Linux2 OS -data "aws_ami" "amzlinux2" { - most_recent = true - owners = [ "amazon" ] - filter { - name = "name" - values = [ "amzn2-ami-hvm-*-gp2" ] - } - filter { - name = "root-device-type" - values = [ "ebs" ] - } - filter { - name = "virtualization-type" - values = [ "hvm" ] - } - filter { - name = "architecture" - values = [ "x86_64" ] - } -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c6-02-datasource-route53-zone.tf b/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c6-02-datasource-route53-zone.tf deleted file mode 100644 index a30979d5..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c6-02-datasource-route53-zone.tf +++ /dev/null @@ -1,16 +0,0 @@ -# Get DNS information from AWS Route53 -data "aws_route53_zone" "mydomain" { - name = "devopsincloud.com" -} - -# Output MyDomain Zone ID -output "mydomain_zoneid" { - description = "The Hosted Zone id of the desired Hosted Zone" - value = data.aws_route53_zone.mydomain.zone_id -} - -# Output MyDomain name -output "mydomain_name" { - description = " The Hosted Zone name of the desired Hosted Zone." - value = data.aws_route53_zone.mydomain.name -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c7-01-ec2instance-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c7-01-ec2instance-variables.tf deleted file mode 100644 index 5067bec2..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c7-01-ec2instance-variables.tf +++ /dev/null @@ -1,23 +0,0 @@ -# AWS EC2 Instance Terraform Variables -# EC2 Instance Variables - -# AWS EC2 Instance Type -variable "instance_type" { - description = "EC2 Instance Type" - type = string - default = "t3.micro" -} - -# AWS EC2 Instance Key Pair -variable "instance_keypair" { - description = "AWS EC2 Key pair that need to be associated with EC2 Instance" - type = string - default = "terraform-key" -} - -# AWS EC2 Private Instance Count -variable "private_instance_count" { - description = "AWS EC2 Private Instances Count" - type = number - default = 1 -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c7-02-ec2instance-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c7-02-ec2instance-outputs.tf deleted file mode 100644 index 7391ccea..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c7-02-ec2instance-outputs.tf +++ /dev/null @@ -1,40 +0,0 @@ -# AWS EC2 Instance Terraform Outputs -# Public EC2 Instances - Bastion Host - -## ec2_bastion_public_instance_ids -output "ec2_bastion_public_instance_ids" { - description = "List of IDs of instances" - value = module.ec2_public.id -} - -## ec2_bastion_public_ip -output "ec2_bastion_public_ip" { - description = "List of public IP addresses assigned to the instances" - value = module.ec2_public.public_ip -} - -# App1 - Private EC2 Instances -## ec2_private_instance_ids -output "app1_ec2_private_instance_ids" { - description = "List of IDs of instances" - value = module.ec2_private_app1.id -} -## ec2_private_ip -output "app1_ec2_private_ip" { - description = "List of private IP addresses assigned to the instances" - value = module.ec2_private_app1.private_ip -} - -# App2 - Private EC2 Instances -## ec2_private_instance_ids -output "app2_ec2_private_instance_ids" { - description = "List of IDs of instances" - value = module.ec2_private_app2.id -} -## ec2_private_ip -output "app2_ec2_private_ip" { - description = "List of private IP addresses assigned to the instances" - value = module.ec2_private_app2.private_ip -} - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c7-03-ec2instance-bastion.tf b/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c7-03-ec2instance-bastion.tf deleted file mode 100644 index 4148f148..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c7-03-ec2instance-bastion.tf +++ /dev/null @@ -1,17 +0,0 @@ -# AWS EC2 Instance Terraform Module -# Bastion Host - EC2 Instance that will be created in VPC Public Subnet -module "ec2_public" { - source = "terraform-aws-modules/ec2-instance/aws" - version = "2.17.0" - # insert the 10 required variables here - name = "${var.environment}-BastionHost" - #instance_count = 5 - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - subnet_id = module.vpc.public_subnets[0] - vpc_security_group_ids = [module.public_bastion_sg.this_security_group_id] - tags = local.common_tags -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c7-04-ec2instance-private-app1.tf b/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c7-04-ec2instance-private-app1.tf deleted file mode 100644 index 66d888d4..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c7-04-ec2instance-private-app1.tf +++ /dev/null @@ -1,24 +0,0 @@ -# AWS EC2 Instance Terraform Module -# EC2 Instances that will be created in VPC Private Subnets for App1 -module "ec2_private_app1" { - depends_on = [ module.vpc ] # VERY VERY IMPORTANT else userdata webserver provisioning will fail - source = "terraform-aws-modules/ec2-instance/aws" - version = "2.17.0" - # insert the 10 required variables here - name = "${var.environment}-app1" - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - vpc_security_group_ids = [module.private_sg.this_security_group_id] - #subnet_id = module.vpc.public_subnets[0] - subnet_ids = [ - module.vpc.private_subnets[0], - module.vpc.private_subnets[1] - ] - instance_count = var.private_instance_count - user_data = file("${path.module}/app1-install.sh") - tags = local.common_tags -} - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c7-05-ec2instance-private-app2.tf b/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c7-05-ec2instance-private-app2.tf deleted file mode 100644 index 66da349a..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c7-05-ec2instance-private-app2.tf +++ /dev/null @@ -1,24 +0,0 @@ -# AWS EC2 Instance Terraform Module -# EC2 Instances that will be created in VPC Private Subnets for App2 -module "ec2_private_app2" { - depends_on = [ module.vpc ] # VERY VERY IMPORTANT else userdata webserver provisioning will fail - source = "terraform-aws-modules/ec2-instance/aws" - version = "2.17.0" - # insert the 10 required variables here - name = "${var.environment}-app2" - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - vpc_security_group_ids = [module.private_sg.this_security_group_id] - #subnet_id = module.vpc.public_subnets[0] - subnet_ids = [ - module.vpc.private_subnets[0], - module.vpc.private_subnets[1] - ] - instance_count = var.private_instance_count - user_data = file("${path.module}/app2-install.sh") - tags = local.common_tags -} - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c8-elasticip.tf b/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c8-elasticip.tf deleted file mode 100644 index 07fe130b..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c8-elasticip.tf +++ /dev/null @@ -1,16 +0,0 @@ -# Create Elastic IP for Bastion Host -# Resource - depends_on Meta-Argument -resource "aws_eip" "bastion_eip" { - depends_on = [ module.ec2_public, module.vpc ] - instance = module.ec2_public.id[0] - vpc = true - tags = local.common_tags - -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) - provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c9-nullresource-provisioners.tf b/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c9-nullresource-provisioners.tf deleted file mode 100644 index c9a1d2a8..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c9-nullresource-provisioners.tf +++ /dev/null @@ -1,42 +0,0 @@ -# Create a Null Resource and Provisioners -resource "null_resource" "name" { - depends_on = [module.ec2_public] - # Connection Block for Provisioners to connect to EC2 Instance - connection { - type = "ssh" - host = aws_eip.bastion_eip.public_ip - user = "ec2-user" - password = "" - private_key = file("private-key/terraform-key.pem") - } - -## File Provisioner: Copies the terraform-key.pem file to /tmp/terraform-key-us-east-2.pem - provisioner "file" { - source = "private-key/terraform-key.pem" - destination = "/tmp/terraform-key.pem" - } -## Remote Exec Provisioner: Using remote-exec provisioner fix the private key permissions on Bastion Host - provisioner "remote-exec" { - inline = [ - "sudo chmod 400 /tmp/terraform-key.pem" - ] - } -## Local Exec Provisioner: local-exec provisioner (Creation-Time Provisioner - Triggered during Create Resource) - provisioner "local-exec" { - command = "echo VPC created on `date` and VPC ID: ${module.vpc.vpc_id} >> creation-time-vpc-id.txt" - working_dir = "local-exec-output-files/" - #on_failure = continue - } -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) -/* provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } - */ - -} - -# Creation Time Provisioners - By default they are created during resource creations (terraform apply) -# Destory Time Provisioners - Will be executed during "terraform destroy" command (when = destroy) \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/ec2instance.auto.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/ec2instance.auto.tfvars deleted file mode 100644 index 2d1c0446..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/ec2instance.auto.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -# EC2 Instance Variables -instance_type = "t3.micro" -instance_keypair = "terraform-key" -private_instance_count = 2 diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/loadbalancer.auto.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/loadbalancer.auto.tfvars deleted file mode 100644 index 4252445b..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/loadbalancer.auto.tfvars +++ /dev/null @@ -1,3 +0,0 @@ -# AWS Load Balancer Variables -app1_dns_name = "app18.devopsincloud.com" -app2_dns_name = "app28.devopsincloud.com" \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt b/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt deleted file mode 100644 index 12aa250d..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt +++ /dev/null @@ -1,9 +0,0 @@ -VPC created on Tue Apr 20 13:59:45 IST 2021 and VPC ID: vpc-0325dc1acd7eec103 -VPC created on Tue Apr 20 15:38:18 IST 2021 and VPC ID: vpc-0ada4f674de70b568 -VPC created on Thu Apr 22 11:41:49 IST 2021 and VPC ID: vpc-0ad139001a6b52da6 -VPC created on Thu Apr 22 14:12:55 IST 2021 and VPC ID: vpc-0230b618d0cd954ba -VPC created on Thu Apr 22 14:37:23 IST 2021 and VPC ID: vpc-033920cf9b2dcd7fa -VPC created on Fri Apr 23 10:23:25 IST 2021 and VPC ID: vpc-07f56cbdaa0491e20 -VPC created on Fri Apr 23 10:41:27 IST 2021 and VPC ID: vpc-0cb9c7b423bb5df16 -VPC created on Tue Apr 27 10:03:02 IST 2021 and VPC ID: vpc-090c52af3ac4bd0d3 -VPC created on Sun Oct 16 18:17:56 IST 2022 and VPC ID: vpc-01c51b9ea5c3ac5c9 diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/local-exec-output-files/destroy-time-prov.txt b/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/local-exec-output-files/destroy-time-prov.txt deleted file mode 100644 index 79e20ca8..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/local-exec-output-files/destroy-time-prov.txt +++ /dev/null @@ -1,8 +0,0 @@ -Destroy time prov Tue Apr 20 14:11:11 IST 2021 -Destroy time prov Tue Apr 20 15:47:43 IST 2021 -Destroy time prov Thu Apr 22 12:11:35 IST 2021 -Destroy time prov Thu Apr 22 14:24:56 IST 2021 -Destroy time prov Thu Apr 22 14:49:18 IST 2021 -Destroy time prov Fri Apr 23 10:32:44 IST 2021 -Destroy time prov Fri Apr 23 10:52:14 IST 2021 -Destroy time prov Tue Apr 27 10:14:39 IST 2021 diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/private-key/terraform-key-us-east-2.pem b/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/private-key/terraform-key-us-east-2.pem deleted file mode 100644 index fa1c3685..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/private-key/terraform-key-us-east-2.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAm3BeIK0SgPAv+tu5Dcts5G6lbTwB0QrrGbCFGV5k9Yn35f8F -RoAVBqyFHjrcye7ZRYnrIbT4bzQKVwPz+AcNUj2Y+keXcAsB0v39C1VH2VieUCIr -rmHRggrzvI8P/cdzmuXuSwr38CfBC1BXhqPfrTJSEEqok1S2Rw78GW7S4e/OSEc/ -3p4dkNpVv3pTP3Ygq5DYVeLROq50LPF5NHmllnC0V9vlhFyPI5qMycJj3rx0HYYT -BCRF+TY7WyBYaH/EqCR37vajuzTYFrPhtPUoP3ryWEr0+OaMJzLW5IS4KNV7GkL9 -ceyPa9iW1E6J8B1hvT3+nOIUZhhZIXIXZbin+wIDAQABAoIBACHwDc0qnKCkUIWA -Fc5qPPM/KUVJVcgzjxND1DuuvXJS1lpULO2wp2aWolXwWiaIzM1/CGSKo7d78EoB -ZfIgcAslwdHbcbgX3yUXKXmg/Bf7Xk12uHzRhLHU/FSOE9rAAoCudTHTSkEYHPEA -cKvH+d1R4FMISfgpBcdMAUT4Snjj0NH11uFW37QtrAKziZKEeA1eU/mP4a9OL6qj -XGIaJeL5flhiNVqz9HPnY6fc3wUF2TBcMy+OBxt7VKFXtE8M06FhRn2MJyyE5tsp -ulfgJ5Y3bp1k5WFD4mmNt/97YopF5hA+3GXZlGtziZMrxjRS3j9EPVMhc7UkGdyf -Yd9NwcECgYEAyxTPUN1B5JU5u4Ki1qO8NrY8ESOA2rqRmd1wRHgsTN7iKPCD5890 -7BO8DosX7QJ6EBaxvtCAsP5mMMK4plAeh/UIn48TxnY1jgUds99R5goYM760S/in -3kLWMlqOxPjfthrmJ29tR2gQh3FK2N16hdMT5HTaHO90h9esrmnMAFsCgYEAw/Fr -7oThVGQIFGhTFvOa89rYjk5QFeVAfehT5/CWabYMFC5sTUTQLeW9MDNQS+ydKkDg -0yjUQEaAPwoKq2iQa8RJIRYKCEjzIn41mGGtpRo6IqYMnlXLSgR90gOKPyhwIwd3 -8mzytUqcsTbxax4sqXXLMtbPirZaRKvO/aB0iOECgYATvr45eonBk9C9LoJupBTU -rPtCH1WT7rfhYepcfeKwxqrumBP7IeyYV4LdVyDIZok/rzUw/EzG6LU+4G/bm8ac -KXLhMKQXk765RD4TEw9/clPQFCarjE2mCpGQ68Ud2aTGq+7cvrS9UJzqzlUcqMwU -3uT8PXBHh/ColIuxmY/AKQKBgGgVjWzlX0DR5kzY4hJWEyCoRtLJHNeUsP5w9GlH -rs62qpHp2xPskt1epXG+QFAkf5QbZJImpSEDkkpqTiKhZ94nJWWS7H9cKPNQsa2h -bXk/hlQzeo59KoDGBAQUZ1KHa5Hf/MJlR0QwPy4P7owlOjpGXUtDOnoHxcmmrkyh -+GVhAoGAQ6nIU1Nyw8PQmjfkgSu3mD56vFHUzO9lsjZOBgYXtDbdoQxaMoYpHKym -dmelrGzz/S60dQH+OpgqLOVARIk/z65wxKsxV+mDerUQZTEV/LkrA3+za2VxKS7L -7U5oa2lurCbiA8vyJPVEK92cTky/73keL5e9JxmDaHeiQEVr9Zw= ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/private-key/terraform-key.pem b/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/private-key/terraform-key.pem deleted file mode 100644 index fab1eb2a..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/private-key/terraform-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAnzQtbXStFNU4znotckbPpAbQvymSYBvIRhObDObmhZLzs/Qm -lm57HBU18NcdAeEmKjHyu/2CI4Wwor3TJ+LTKHIldHmCt+26dSN5889Km99Af674 -nuPg9fTt8IXhY83aO0AeEnFivC+lk9+6Xezv7J7Llsmyx3kvUGE4uUEPNPuNcjdU -OrSlQ/Th9FPWBsTL8wLQCfQaPIQhZT8fXnvNGViTpZ/YqcoKGmkXcMl/+Pi0Xccs -ID3Egl18sV5uWr6T1DSMqhhwWYbl+IagZYUeKQ6Lg5znAtnX2/OHhDep6pGcf+aE -jbRkhQWgfLIVYhNXkAGxdxBEA2fQO0wvnaKI6wIDAQABAoIBABmUZqApmQ253LDA -TMEJw58VQUEVyuEKVbl8uPLvvqZDoEiPuAt/oOQ4PDyAM7bzmBA7ikbOSrSubF0Z -pu3HsinTfVUjmO84kTb1Bkk4S0KUMmbRlDzjXGfofLqiqD5C+wd+G9bWxQh7l10V -G3qv8TTRpuCJc+I9BG8jz9tkKq9WYtnGKXktVIAmEXK+ein8A5yj+szV1CyP0y6Y -6D1KApk+o1hLEXCBxaK6JgD4elJWgU0jCIhRFZzae93yozNIfJc2WZfPc8Ro6GBa -8H57q3E241P7S65VewhZlln9AUcRFYc587ohcCIW8mOWQ8NA3IMP+oVxa2p334Ll -duhR2jECgYEAyf7a1/+/c82B+ENyo53Y5CK2UM28oOJjiyCaWG2Dxj6V2+ZSXPrS -YTo43L9XiqT0Ry2eHjb4pJDsEeW5FnaDFO6NVUP+vfzaqWtozQmVAl3GQybbSh6g -+KJoEQff2Obadp9ZVhLFTiBedvGqPD43hs7jtmk5RfMjpLOvidfe+/UCgYEAycSJ -etYYHMMQm2NgX1/4dcbgOiu33N+x1H7LaXuvJMaZw0wB7fUyu65CAexEanDtiKs3 -jVG4tAzdMmHg7VxKR7eiCvQaSlxdWdcWtL2eFVq2TaQeowbpJUtsR0h6W0vpaN9A -VYW/oAH4fzQskwmWSlBMxB/Ie14hBCBckTXSRV8CgYEAql6WXpCK/jVbZfYdfvrn -sKPGeijM7DWGGBaLmAHmnxKyeyKsXVgAkZj11NpeD8ZJcq97Kajb1pGVSxMjJVsX -/FOoST5sYfoew76gSi/GypQlYQYo9z8WLh9s/tBRcTRlFqAYTYzPdbG/ezshhmZD -lyRw0620bNdCPOyBJhY5MPECgYA/3tFOazuSz0UQi3LUfkLetagBghlf+AgJJmIp -8BdPYvcF1ae+tiHrO4x1o188+qaW3uxk9fusM25KJqXXPaHd9gl7wi4YYAjFCcuM -R4IlbGPNTCjOnr9rKOcL4aup/uvSYOmyqPYyJq2NRuzdVumWeLj0VMNYGkIFVmE3 -LnxzrQKBgG5loEjdSKt40YOMXtYvUYUKDGvWgoQEb0hj3OqiBXz+w4YD3/iX7dbQ -qra1gCxE42Z9beiBiti6zi6zGcoVj/pfNUoyxTLMSwaytbF+g1u6ksXcmC9PXcmk -kJDR0DJcm/rcL8tp3PKo22GDB7sobm9gk5je6y8z+dQs3SQbWzb0 ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/terraform.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/terraform.tfvars deleted file mode 100644 index 8b9f8d7c..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/terraform.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# Generic Variables -aws_region = "us-east-1" -environment = "stag" -business_divsion = "hr" - - - - - - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/vpc.auto.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/vpc.auto.tfvars deleted file mode 100644 index fc45bf29..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/vpc.auto.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# VPC Variables -vpc_name = "myvpc" -vpc_cidr_block = "10.0.0.0/16" -vpc_availability_zones = ["us-east-1a", "us-east-1b"] -vpc_public_subnets = ["10.0.101.0/24", "10.0.102.0/24"] -vpc_private_subnets = ["10.0.1.0/24", "10.0.2.0/24"] -vpc_database_subnets= ["10.0.151.0/24", "10.0.152.0/24"] -vpc_create_database_subnet_group = true -vpc_create_database_subnet_route_table = true -vpc_enable_nat_gateway = true -vpc_single_nat_gateway = true \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/README.md b/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/README.md deleted file mode 100644 index 2e833e6a..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/README.md +++ /dev/null @@ -1,599 +0,0 @@ ---- -title: Terraform DNS to DB Demo on AWS with EC2 -description: Create a DNS to DB Demo on AWS with Route53, ALB, EC2 and RDS Database with 3 Applications ---- -# Terraform DNS to DB Demo on AWS with EC2 - -## Pre-requisites -- Copy `terraform-manifests` from `10-ALB-Path-Based-Routing` -- You need a Registered Domain in AWS Route53 to implement this usecase -- Copy your `terraform-key.pem` file to `terraform-manifests/private-key` folder - -## Step-01: Introduction -### Step-01-00: Update Terraform Module Versions -- There is a minor update to the following Terraform modules with `major-release` tag today. -- We need to update them and also understand impact and fix the impacted areas - - VPC - - Security Group - - ALB - - ACM -- We are going to learn about how to understand the changes and fix them during Terraform Module Updates. -- We will learn that having fixed version for modules is a recommended approach instead of using version constraints like `>=, >, ~>` etc - -### Step-01-01: Create RDS Database Terraform Configs -- Create RDS DB Security Group -- Create RDS DB Variables with `sensitive` argument for DB password -- Create RDS DB Module -- Create RDS DB Outputs - -### Step-01-02: Create EC2 Instance Terraform Configs -- Create EC2 Instance Module for new App3 -- Create `tmpl` file for userdata (Use Terraform templatefle function) -- Create Outputs for EC2 Instance -- App Port 8080 inbound rule added to Private_SG module `"http-8080-tcp"` - -### Step-01-03: Create ALB Terraform Configs -- Create ALB TG for App3 UMS with Port 8080 -- Enable Stickiness for App3 UMS TG -- Create HTTPS Listener Rule for (/*) -- Listener Rule Priorities `priority = 1` - - app1 - `priority = 1` - - app2 - `priority = 2` - - Root Context "/*" - `priority = 3` - -### Step-01-04: Create Jumpbox server to have mysql client installed -- Using jumpbox userdata, mysql client should be auto-installed. -- Connect to Jumpbox to test if default db and tables created. -- Connect via Jumpbox to DB to verify webappdb, Tables and Content inside - -### Step-01-05: Create DNS Name AWS Route53 Record Set -- Give `dns-to-db` DNS name for Route53 record - -[](https://stacksimplify.com/course-images/terraform-aws-dns-to-db-1.png) - -[](https://stacksimplify.com/course-images/terraform-aws-dns-to-db-2.png) - -[](https://stacksimplify.com/course-images/terraform-aws-dns-to-db-3.png) - -[](https://stacksimplify.com/course-images/terraform-aws-dns-to-db-4.png) - -## Step-02: Update Terraform Module Versions to Latest -### Step-02-01: VPC Module -- Previous Version: 2.78.0 -- Latest Version: 3.0.0 -- **Impact:** No impact -### Step-02-02: Security Group Module -- Previous Version: 3.18.0 -- Latest Version: 4.0.0 -- **Impact:** High Impact, need to update wherever that security group is referenced `this_` should be removed. Example all ec2 instances and load balancers -```t -# Before -module.loadbalancer_sg.this_security_group_id -# After -module.loadbalancer_sg.security_group_id -``` -### Step-02-03: Application Load Balancer -- Previous Version: 5.16.0 -- Latest Version: 6.0.0 -- **Impact:** High Impact, need to update wherever ALB is referenced with `this_` should be removed. We need to update the `aws_route53_record` which already taken care in previous section -```t -# Before - name = module.alb.this_lb_dns_name - zone_id = module.alb.this_lb_zone_id - -# After - name = module.alb.lb_dns_name - zone_id = module.alb.lb_zone_id -``` - -### Step-02-04: ACM Certificate Manager -- Previous Version: 2.14.0 -- Latest Version: 3.0.0 -- **Impact:** High Impact need to update the reference in ALB Load Balancer HTTPS Listener by removing the `this_` -```t -# Before -module.acm.this_acm_certificate_arn - -# After -module.acm.acm_certificate_arn -``` - - -## Step-03: Terraform RDS Database Configurations -- Create RDS DB Security Group -- Create RDS DB Variables with `sensitive` argument for DB password -- Create RDS DB Module -- Create RDS DB Outputs -### Step-03-01: c5-06-securitygroup-rdsdbsg.tf -- Create AWS RDS Database Security Group which will allow access to DB from any subnet inside a VPC. -```t -# Security Group for AWS RDS DB -module "rdsdb_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - version = "4.0.0" - - name = "rdsdb-sg" - description = "Access to MySQL DB for entire VPC CIDR Block" - vpc_id = module.vpc.vpc_id - - # ingress - ingress_with_cidr_blocks = [ - { - from_port = 3306 - to_port = 3306 - protocol = "tcp" - description = "MySQL access from within VPC" - cidr_blocks = module.vpc.vpc_cidr_block - }, - ] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} -``` - -### Step-03-02: c13-01-rdsdb-variables.tf -- Understand about Terraform Variables `Sensitive Flag` -```t -# Terraform AWS RDS Database Variables -# Place holder file for AWS RDS Database - -# DB Name -variable "db_name" { - description = "AWS RDS Database Name" - type = string -} -# DB Instance Identifier -variable "db_instance_identifier" { - description = "AWS RDS Database Instance Identifier" - type = string -} -# DB Username - Enable Sensitive flag -variable "db_username" { - description = "AWS RDS Database Administrator Username" - type = string -} -# DB Password - Enable Sensitive flag -variable "db_password" { - description = "AWS RDS Database Administrator Password" - type = string - sensitive = true -} - -``` -### Step-03-03: rdsdb.auto.tfvars -```t -# RDS Database Variables -db_name = "webappdb" -db_instance_identifier = "webappdb" -db_username = "dbadmin" -``` -### Step-03-04: secrets.tfvars -```t -db_password = "dbpassword11" -``` -### Step-03-05: c13-02-rdsdb.tf -```t -# Create AWS RDS Database -module "rdsdb" { - source = "terraform-aws-modules/rds/aws" - #version = "2.34.0" - version = "3.0.0" - - identifier = var.db_instance_identifier - - name = var.db_name # Initial Database Name - username = var.db_username - password = var.db_password - port = 3306 - - - multi_az = true - subnet_ids = module.vpc.database_subnets - vpc_security_group_ids = [module.rdsdb_sg.security_group_id] - - # All available versions: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt - engine = "mysql" - engine_version = "8.0.20" - family = "mysql8.0" # DB parameter group - major_engine_version = "8.0" # DB option group - instance_class = "db.t3.large" - - allocated_storage = 20 - max_allocated_storage = 100 - storage_encrypted = false - - - maintenance_window = "Mon:00:00-Mon:03:00" - backup_window = "03:00-06:00" - enabled_cloudwatch_logs_exports = ["general"] - - backup_retention_period = 0 - skip_final_snapshot = true - deletion_protection = false - - performance_insights_enabled = true - performance_insights_retention_period = 7 - create_monitoring_role = true - monitoring_interval = 60 - - parameters = [ - { - name = "character_set_client" - value = "utf8mb4" - }, - { - name = "character_set_server" - value = "utf8mb4" - } - ] - - tags = local.common_tags - db_instance_tags = { - "Sensitive" = "high" - } - db_option_group_tags = { - "Sensitive" = "low" - } - db_parameter_group_tags = { - "Sensitive" = "low" - } - db_subnet_group_tags = { - "Sensitive" = "high" - } -} -``` -### Step-03-06: c13-03-rdsdb-outputs.tf -```t -# RDS DB Outputs -output "db_instance_address" { - description = "The address of the RDS instance" - value = module.rdsdb.db_instance_address -} - -output "db_instance_arn" { - description = "The ARN of the RDS instance" - value = module.rdsdb.db_instance_arn -} - -output "db_instance_availability_zone" { - description = "The availability zone of the RDS instance" - value = module.rdsdb.db_instance_availability_zone -} - -output "db_instance_endpoint" { - description = "The connection endpoint" - value = module.rdsdb.db_instance_endpoint -} - -output "db_instance_hosted_zone_id" { - description = "The canonical hosted zone ID of the DB instance (to be used in a Route 53 Alias record)" - value = module.rdsdb.db_instance_hosted_zone_id -} - -output "db_instance_id" { - description = "The RDS instance ID" - value = module.rdsdb.db_instance_id -} - -output "db_instance_resource_id" { - description = "The RDS Resource ID of this instance" - value = module.rdsdb.db_instance_resource_id -} - -output "db_instance_status" { - description = "The RDS instance status" - value = module.rdsdb.db_instance_status -} - -output "db_instance_name" { - description = "The database name" - value = module.rdsdb.db_instance_name -} - -output "db_instance_username" { - description = "The master username for the database" - value = module.rdsdb.db_instance_username - sensitive = true -} - -output "db_instance_password" { - description = "The database password (this password may be old, because Terraform doesn't track it after initial creation)" - value = module.rdsdb.db_instance_password - sensitive = true -} - -output "db_instance_port" { - description = "The database port" - value = module.rdsdb.db_instance_port -} - -output "db_subnet_group_id" { - description = "The db subnet group name" - value = module.rdsdb.db_subnet_group_id -} - -output "db_subnet_group_arn" { - description = "The ARN of the db subnet group" - value = module.rdsdb.db_subnet_group_arn -} - -output "db_parameter_group_id" { - description = "The db parameter group id" - value = module.rdsdb.db_parameter_group_id -} - -output "db_parameter_group_arn" { - description = "The ARN of the db parameter group" - value = module.rdsdb.db_parameter_group_arn -} - -output "db_enhanced_monitoring_iam_role_arn" { - description = "The Amazon Resource Name (ARN) specifying the monitoring role" - value = module.rdsdb.enhanced_monitoring_iam_role_arn -} - - -``` - -## Step-04: Create new EC2 Instance Module for App3 UMS -- **UMS:** User Management Web Application -- Create EC2 Instance Module for new App3 -- Create `tmpl` file for userdata (Use Terraform templatefle function) -- Create Outputs for EC2 Instance -- App Port 8080 inbound rule added to Private_SG module `"http-8080-tcp"` - -### Step-04-01: Terraform templatefile function -- [Terraform templatefile function](https://www.terraform.io/docs/language/functions/templatefile.html) -- `templatefile` reads the file at the given path and renders its content as a template using a supplied set of template variables. -```t -# Change Directory -cd 13-DNS-to-DB/templatefile-function-demo -# Terraform Console -terraform console - -# Terraform Tempaltefile Function -templatefile("app3-ums-install.tmpl",{rds_db_endpoint = "mydatabase"}) -``` -### Step-04-02: app3-ums-install.tmpl -```sh -#! /bin/bash -sudo amazon-linux-extras enable java-openjdk11 -sudo yum clean metadata && sudo yum -y install java-11-openjdk -mkdir /home/ec2-user/app3-usermgmt && cd /home/ec2-user/app3-usermgmt -wget https://github.com/stacksimplify/temp1/releases/download/1.0.0/usermgmt-webapp.war -P /home/ec2-user/app3-usermgmt -export DB_HOSTNAME=${rds_db_endpoint} -export DB_PORT=3306 -export DB_NAME=webappdb -export DB_USERNAME=dbadmin -export DB_PASSWORD=dbpassword11 -java -jar /home/ec2-user/app3-usermgmt/usermgmt-webapp.war > /home/ec2-user/app3-usermgmt/ums-start.log & -``` -### Step-04-03: c7-06-ec2instance-private-app3.tf -```t -# AWS EC2 Instance Terraform Module -# EC2 Instances that will be created in VPC Private Subnets for App2 -module "ec2_private_app3" { - depends_on = [ module.vpc ] # VERY VERY IMPORTANT else userdata webserver provisioning will fail - source = "terraform-aws-modules/ec2-instance/aws" - #version = "2.17.0" - version = "3.0.0" - # insert the 10 required variables here - name = "${var.environment}-app3" - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - #vpc_security_group_ids = [module.private_sg.this_security_group_id] - vpc_security_group_ids = [module.private_sg.security_group_id] - #subnet_id = module.vpc.public_subnets[0] - subnet_ids = [ - module.vpc.private_subnets[0], - module.vpc.private_subnets[1] - ] - instance_count = var.private_instance_count - #user_data = file("${path.module}/app3-ums-install.tmpl") - THIS WILL NOT WORK, use Terraform templatefile function as below. - #https://www.terraform.io/docs/language/functions/templatefile.html - user_data = templatefile("app3-ums-install.tmpl",{rds_db_endpoint = module.rdsdb.db_instance_address}) - tags = local.common_tags -} -``` - -### Step-04-04: c7-02-ec2instance-outputs.tf -- Create Outputs for new App3 EC2 Instance -```t -# App3 - Private EC2 Instances -## ec2_private_instance_ids -output "app3_ec2_private_instance_ids" { - description = "List of IDs of instances" - value = module.ec2_private_app3.id -} -## ec2_private_ip -output "app3_ec2_private_ip" { - description = "List of private IP addresses assigned to the instances" - value = module.ec2_private_app3.private_ip -} -``` -### Step-04-05: c5-04-securitygroup-privatesg.tf -```t - ingress_rules = ["ssh-tcp", "http-80-tcp", "http-8080-tcp"] -``` - -## Step-05: c10-02-ALB-application-loadbalancer.tf -- Create ALB TG for App3 UMS with Port 8080 -- Enable Stickiness for App3 UMS TG -- Create HTTPS Listener Rule for (/*) -- Listener Rule Priorities like `priority = 1` -### Step-05-01: Create App3 Target Group -- Create App3 Target Group -- Discuss exclusively about `stickiness` block -```t - # App3 Target Group - TG Index = 2 - { - name_prefix = "app3-" - backend_protocol = "HTTP" - backend_port = 80 - target_type = "instance" - deregistration_delay = 10 - health_check = { - enabled = true - interval = 30 - path = "/login" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - protocol = "HTTP" - matcher = "200-399" - } - stickiness = { - enabled = true - cookie_duration = 86400 - type = "lb_cookie" - } - protocol_version = "HTTP1" - # App3 Target Group - Targets - targets = { - my_app3_vm1 = { - target_id = module.ec2_private_app3.id[0] - port = 8080 - }, - my_app3_vm2 = { - target_id = module.ec2_private_app3.id[1] - port = 8080 - } - } - tags =local.common_tags # Target Group Tags - } -``` -### Step-05-02: Create Listener Rules for App3 -```t - # Rule-3: /* should go to App3 - User-mgmt-WebApp EC2 Instances - { - https_listener_index = 0 - priority = 3 - actions = [ - { - type = "forward" - target_group_index = 2 - } - ] - conditions = [{ - path_patterns = ["/*"] - }] - }, -``` -### Step-05-03: Implement Rule Priority for all 3 Listener Rules -- Listener Rule Priorities -- **/app1*:** `priority = 1` -- **/app2*:** `priority = 2` -- **Root Context /*:** `priority = 3` - -## Step-06: Automate Jumpbox server to have mysql client installed -- Using jumpbox userdata, `mysql client` should be auto-installed. -- We will use jumpbox to connect to RDS MySQL DB by installing MySQL Client -### Step-06-01: jumpbox-install.sh -```t -#! /bin/bash -sudo yum update -y -sudo rpm -e --nodeps mariadb-libs-* -sudo amazon-linux-extras enable mariadb10.5 -sudo yum clean metadata -sudo yum install -y mariadb -sudo mysql -V -sudo yum install -y telnet -``` -## Step-07: c12-route53-dnsregistration.tf -- Update the DNS name as desired to match our demo -```t - name = "dns-to-db1.devopsincloud.com" -``` -## Step-08: Execute Terraform Commands -```t -# Terraform Init -terraform init - -# Terraform Validate -terraform validate - -# Terraform Plan -terraform plan -var-file="secrets.tfvars" - -# Terraform Apply -terraform apply -var-file="secrets.tfvars" -``` - -## Step-09: Verify AWS Resources cretion on Cloud -1. EC2 Instances App1, App2, App3, Bastion Host -2. RDS Databases -3. ALB Listeners and Routing Rules -4. ALB Target Groups App1, App2 and App3 if they are healthy - -## Step-10: Connect to DB -- Connect to Jumpbox to test if default db and tables created. -- Connect via Jumpbox to DB to verify webappdb, Tables and Content inside -```t -# Connect to MySQL DB -mysql -h webappdb.cxojydmxwly6.us-east-1.rds.amazonaws.com -u dbadmin -pdbpassword11 -mysql> show schemas; -mysql> use webappdb; -mysql> show tables; -mysql> select * from user; -``` -- **Important Note:** If you the tables created and `default admin user` present in `user` that confirms our `User Management Web Application` is up and running on `App3 EC2 Instances` - -## Step-11: Access Applications and Test -```t -# App1 -https://dns-to-db.devopsincloud.com/app1/index.html - -# App2 -https://dns-to-db.devopsincloud.com/app2/index.html - -# App3 -https://dns-to-db.devopsincloud.com -Username: admin101 -Password: password101 -1. Create a user, List User -2. Verify user in DB -``` - -## Step-12: Additional Troubleshooting for App3 -- Connect to App3 Instances -``` -# Connect to App3 EC2 Instance from Jumpbox -ssh -i /tmp/terraform-key.pem ec2-user@Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app1/index.html -sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app1/metadata.html - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/app2-install.sh b/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/app2-install.sh deleted file mode 100644 index 805d4bea..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/app2-install.sh +++ /dev/null @@ -1,12 +0,0 @@ -#! /bin/bash -# Instance Identity Metadata Reference - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html -sudo yum update -y -sudo yum install -y httpd -sudo systemctl enable httpd -sudo service httpd start -sudo echo 'Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app2/index.html -sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app2/metadata.html - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/app3-ums-install.tmpl b/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/app3-ums-install.tmpl deleted file mode 100644 index 31a62bdc..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/app3-ums-install.tmpl +++ /dev/null @@ -1,11 +0,0 @@ -#! /bin/bash -sudo amazon-linux-extras enable java-openjdk11 -sudo yum clean metadata && sudo yum -y install java-11-openjdk -mkdir /home/ec2-user/app3-usermgmt && cd /home/ec2-user/app3-usermgmt -wget https://github.com/stacksimplify/temp1/releases/download/1.0.0/usermgmt-webapp.war -P /home/ec2-user/app3-usermgmt -export DB_HOSTNAME=${rds_db_endpoint} -export DB_PORT=3306 -export DB_NAME=webappdb -export DB_USERNAME=dbadmin -export DB_PASSWORD=dbpassword11 -java -jar /home/ec2-user/app3-usermgmt/usermgmt-webapp.war > /home/ec2-user/app3-usermgmt/ums-start.log & diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c1-versions.tf b/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c1-versions.tf deleted file mode 100644 index 52d9f8d4..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c1-versions.tf +++ /dev/null @@ -1,24 +0,0 @@ -# Terraform Block -terraform { - required_version = ">= 1.0" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 3.0" - } - null = { - source = "hashicorp/null" - version = "~> 3.0" - } - } -} - -# Provider Block -provider "aws" { - region = var.aws_region - profile = "default" -} -/* -Note-1: AWS Credentials Profile (profile = "default") configured on your local desktop terminal -$HOME/.aws/credentials -*/ diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf deleted file mode 100644 index 0aeebd65..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf +++ /dev/null @@ -1,3 +0,0 @@ -# Terraform AWS Application Load Balancer Variables -# Place holder file for AWS ALB Variables - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c10-02-ALB-application-loadbalancer.tf b/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c10-02-ALB-application-loadbalancer.tf deleted file mode 100644 index 6bf8e9d6..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c10-02-ALB-application-loadbalancer.tf +++ /dev/null @@ -1,202 +0,0 @@ -# Terraform AWS Application Load Balancer (ALB) -module "alb" { - source = "terraform-aws-modules/alb/aws" - #version = "5.16.0" - version = "6.0.0" - - name = "${local.name}-alb" - load_balancer_type = "application" - vpc_id = module.vpc.vpc_id - subnets = [ - module.vpc.public_subnets[0], - module.vpc.public_subnets[1] - ] - #security_groups = [module.loadbalancer_sg.this_security_group_id] - security_groups = [module.loadbalancer_sg.security_group_id] - # Listeners - # HTTP Listener - HTTP to HTTPS Redirect - http_tcp_listeners = [ - { - port = 80 - protocol = "HTTP" - action_type = "redirect" - redirect = { - port = "443" - protocol = "HTTPS" - status_code = "HTTP_301" - } - } - ] - # Target Groups - target_groups = [ - # App1 Target Group - TG Index = 0 - { - name_prefix = "app1-" - backend_protocol = "HTTP" - backend_port = 80 - target_type = "instance" - deregistration_delay = 10 - health_check = { - enabled = true - interval = 30 - path = "/app1/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - protocol = "HTTP" - matcher = "200-399" - } - protocol_version = "HTTP1" - # App1 Target Group - Targets - targets = { - my_app1_vm1 = { - target_id = module.ec2_private_app1.id[0] - port = 80 - }, - my_app1_vm2 = { - target_id = module.ec2_private_app1.id[1] - port = 80 - } - } - tags =local.common_tags # Target Group Tags - }, - # App2 Target Group - TG Index = 1 - { - name_prefix = "app2-" - backend_protocol = "HTTP" - backend_port = 80 - target_type = "instance" - deregistration_delay = 10 - health_check = { - enabled = true - interval = 30 - path = "/app2/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - protocol = "HTTP" - matcher = "200-399" - } - protocol_version = "HTTP1" - # App2 Target Group - Targets - targets = { - my_app2_vm1 = { - target_id = module.ec2_private_app2.id[0] - port = 80 - }, - my_app2_vm2 = { - target_id = module.ec2_private_app2.id[1] - port = 80 - } - } - tags =local.common_tags # Target Group Tags - }, - # App3 Target Group - TG Index = 2 - { - name_prefix = "app3-" - backend_protocol = "HTTP" - backend_port = 8080 - target_type = "instance" - deregistration_delay = 10 - health_check = { - enabled = true - interval = 30 - path = "/login" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - protocol = "HTTP" - matcher = "200-399" - } - stickiness = { - enabled = true - cookie_duration = 86400 - type = "lb_cookie" - } - protocol_version = "HTTP1" - # App3 Target Group - Targets - targets = { - my_app3_vm1 = { - target_id = module.ec2_private_app3.id[0] - port = 8080 - }, - my_app3_vm2 = { - target_id = module.ec2_private_app3.id[1] - port = 8080 - } - } - tags =local.common_tags # Target Group Tags - } - ] - - # HTTPS Listener - https_listeners = [ - # HTTPS Listener Index = 0 for HTTPS 443 - { - port = 443 - protocol = "HTTPS" - #certificate_arn = module.acm.this_acm_certificate_arn - certificate_arn = module.acm.acm_certificate_arn - action_type = "fixed-response" - fixed_response = { - content_type = "text/plain" - message_body = "Fixed Static message - for Root Context" - status_code = "200" - } - }, - ] - - # HTTPS Listener Rules - https_listener_rules = [ - # Rule-1: /app1* should go to App1 EC2 Instances - { - https_listener_index = 0 - priority = 1 - actions = [ - { - type = "forward" - target_group_index = 0 - } - ] - conditions = [{ - path_patterns = ["/app1*"] - }] - }, - # Rule-2: /app2* should go to App2 EC2 Instances - { - https_listener_index = 0 - priority = 2 - actions = [ - { - type = "forward" - target_group_index = 1 - } - ] - conditions = [{ - path_patterns = ["/app2*"] - }] - }, - # Rule-3: /* should go to App3 - User-mgmt-WebApp EC2 Instances - { - https_listener_index = 0 - priority = 3 - actions = [ - { - type = "forward" - target_group_index = 2 - } - ] - conditions = [{ - path_patterns = ["/*"] - }] - }, - ] - - tags = local.common_tags # ALB Tags -} - - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf deleted file mode 100644 index 53b13a4e..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf +++ /dev/null @@ -1,65 +0,0 @@ -# Terraform AWS Application Load Balancer (ALB) Outputs -output "lb_id" { - description = "The ID and ARN of the load balancer we created." - value = module.alb.lb_id -} - -output "lb_arn" { - description = "The ID and ARN of the load balancer we created." - value = module.alb.lb_arn -} - -output "lb_dns_name" { - description = "The DNS name of the load balancer." - value = module.alb.lb_dns_name -} - -output "lb_arn_suffix" { - description = "ARN suffix of our load balancer - can be used with CloudWatch." - value = module.alb.lb_arn_suffix -} - -output "lb_zone_id" { - description = "The zone_id of the load balancer to assist with creating DNS records." - value = module.alb.lb_zone_id -} - -output "http_tcp_listener_arns" { - description = "The ARN of the TCP and HTTP load balancer listeners created." - value = module.alb.http_tcp_listener_arns -} - -output "http_tcp_listener_ids" { - description = "The IDs of the TCP and HTTP load balancer listeners created." - value = module.alb.http_tcp_listener_ids -} - -output "https_listener_arns" { - description = "The ARNs of the HTTPS load balancer listeners created." - value = module.alb.https_listener_arns -} - -output "https_listener_ids" { - description = "The IDs of the load balancer listeners created." - value = module.alb.https_listener_ids -} - -output "target_group_arns" { - description = "ARNs of the target groups. Useful for passing to your Auto Scaling group." - value = module.alb.target_group_arns -} - -output "target_group_arn_suffixes" { - description = "ARN suffixes of our target groups - can be used with CloudWatch." - value = module.alb.target_group_arn_suffixes -} - -output "target_group_names" { - description = "Name of the target group. Useful for passing to your CodeDeploy Deployment Group." - value = module.alb.target_group_names -} - -output "target_group_attachments" { - description = "ARNs of the target group attachment IDs." - value = module.alb.target_group_attachments -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c11-acm-certificatemanager.tf b/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c11-acm-certificatemanager.tf deleted file mode 100644 index 1ec4f8fe..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c11-acm-certificatemanager.tf +++ /dev/null @@ -1,22 +0,0 @@ -# ACM Module - To create and Verify SSL Certificates -module "acm" { - source = "terraform-aws-modules/acm/aws" - #version = "2.14.0" - version = "3.0.0" - - domain_name = trimsuffix(data.aws_route53_zone.mydomain.name, ".") - zone_id = data.aws_route53_zone.mydomain.zone_id - - subject_alternative_names = [ - "*.devopsincloud.com" - ] - tags = local.common_tags -} - -# Output ACM Certificate ARN -output "this_acm_certificate_arn" { - description = "The ARN of the certificate" - #value = module.acm.this_acm_certificate_arn - value = module.acm.acm_certificate_arn -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c12-route53-dnsregistration.tf b/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c12-route53-dnsregistration.tf deleted file mode 100644 index 6866e5f3..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c12-route53-dnsregistration.tf +++ /dev/null @@ -1,11 +0,0 @@ -# DNS Registration -resource "aws_route53_record" "apps_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = "dns-to-db.devopsincloud.com" - type = "A" - alias { - name = module.alb.lb_dns_name - zone_id = module.alb.lb_zone_id - evaluate_target_health = true - } -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c13-01-rdsdb-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c13-01-rdsdb-variables.tf deleted file mode 100644 index e14d69cb..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c13-01-rdsdb-variables.tf +++ /dev/null @@ -1,26 +0,0 @@ -# Terraform AWS RDS Database Variables -# Place holder file for AWS RDS Database - -# DB Name -variable "db_name" { - description = "AWS RDS Database Name" - type = string -} -# DB Instance Identifier -variable "db_instance_identifier" { - description = "AWS RDS Database Instance Identifier" - type = string -} -# DB Username - Enable Sensitive flag -variable "db_username" { - description = "AWS RDS Database Administrator Username" - type = string -} -# DB Password - Enable Sensitive flag -variable "db_password" { - description = "AWS RDS Database Administrator Password" - type = string - sensitive = true -} - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c13-02-rdsdb.tf b/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c13-02-rdsdb.tf deleted file mode 100644 index aa3c399b..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c13-02-rdsdb.tf +++ /dev/null @@ -1,68 +0,0 @@ -# Create AWS RDS Database -module "rdsdb" { - source = "terraform-aws-modules/rds/aws" - #version = "2.34.0" - version = "3.0.0" - - identifier = var.db_instance_identifier - - name = var.db_name # Initial Database Name - username = var.db_username - password = var.db_password - port = 3306 - - - multi_az = true - subnet_ids = module.vpc.database_subnets - vpc_security_group_ids = [module.rdsdb_sg.security_group_id] - - # All available versions: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt - engine = "mysql" - engine_version = "8.0.20" - family = "mysql8.0" # DB parameter group - major_engine_version = "8.0" # DB option group - instance_class = "db.t3.large" - - allocated_storage = 20 - max_allocated_storage = 100 - storage_encrypted = false - - - maintenance_window = "Mon:00:00-Mon:03:00" - backup_window = "03:00-06:00" - enabled_cloudwatch_logs_exports = ["general"] - - backup_retention_period = 0 - skip_final_snapshot = true - deletion_protection = false - - performance_insights_enabled = true - performance_insights_retention_period = 7 - create_monitoring_role = true - monitoring_interval = 60 - - parameters = [ - { - name = "character_set_client" - value = "utf8mb4" - }, - { - name = "character_set_server" - value = "utf8mb4" - } - ] - - tags = local.common_tags - db_instance_tags = { - "Sensitive" = "high" - } - db_option_group_tags = { - "Sensitive" = "low" - } - db_parameter_group_tags = { - "Sensitive" = "low" - } - db_subnet_group_tags = { - "Sensitive" = "high" - } -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c13-03-rdsdb-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c13-03-rdsdb-outputs.tf deleted file mode 100644 index 58aaaf6a..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c13-03-rdsdb-outputs.tf +++ /dev/null @@ -1,87 +0,0 @@ -# RDS DB Outputs -output "db_instance_address" { - description = "The address of the RDS instance" - value = module.rdsdb.db_instance_address -} - -output "db_instance_arn" { - description = "The ARN of the RDS instance" - value = module.rdsdb.db_instance_arn -} - -output "db_instance_availability_zone" { - description = "The availability zone of the RDS instance" - value = module.rdsdb.db_instance_availability_zone -} - -output "db_instance_endpoint" { - description = "The connection endpoint" - value = module.rdsdb.db_instance_endpoint -} - -output "db_instance_hosted_zone_id" { - description = "The canonical hosted zone ID of the DB instance (to be used in a Route 53 Alias record)" - value = module.rdsdb.db_instance_hosted_zone_id -} - -output "db_instance_id" { - description = "The RDS instance ID" - value = module.rdsdb.db_instance_id -} - -output "db_instance_resource_id" { - description = "The RDS Resource ID of this instance" - value = module.rdsdb.db_instance_resource_id -} - -output "db_instance_status" { - description = "The RDS instance status" - value = module.rdsdb.db_instance_status -} - -output "db_instance_name" { - description = "The database name" - value = module.rdsdb.db_instance_name -} - -output "db_instance_username" { - description = "The master username for the database" - value = module.rdsdb.db_instance_username - sensitive = true -} - -output "db_instance_password" { - description = "The database password (this password may be old, because Terraform doesn't track it after initial creation)" - value = module.rdsdb.db_instance_password - sensitive = true -} - -output "db_instance_port" { - description = "The database port" - value = module.rdsdb.db_instance_port -} - -output "db_subnet_group_id" { - description = "The db subnet group name" - value = module.rdsdb.db_subnet_group_id -} - -output "db_subnet_group_arn" { - description = "The ARN of the db subnet group" - value = module.rdsdb.db_subnet_group_arn -} - -output "db_parameter_group_id" { - description = "The db parameter group id" - value = module.rdsdb.db_parameter_group_id -} - -output "db_parameter_group_arn" { - description = "The ARN of the db parameter group" - value = module.rdsdb.db_parameter_group_arn -} - -output "db_enhanced_monitoring_iam_role_arn" { - description = "The Amazon Resource Name (ARN) specifying the monitoring role" - value = module.rdsdb.enhanced_monitoring_iam_role_arn -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c2-generic-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c2-generic-variables.tf deleted file mode 100644 index c238ceaa..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c2-generic-variables.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Input Variables -# AWS Region -variable "aws_region" { - description = "Region in which AWS Resources to be created" - type = string - default = "us-east-1" -} -# Environment Variable -variable "environment" { - description = "Environment Variable used as a prefix" - type = string - default = "dev" -} -# Business Division -variable "business_divsion" { - description = "Business Division in the large organization this Infrastructure belongs" - type = string - default = "sap" -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c3-local-values.tf b/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c3-local-values.tf deleted file mode 100644 index 9465b846..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c3-local-values.tf +++ /dev/null @@ -1,11 +0,0 @@ -# Define Local Values in Terraform -locals { - owners = var.business_divsion - environment = var.environment - name = "${var.business_divsion}-${var.environment}" - #name = "${local.owners}-${local.environment}" - common_tags = { - owners = local.owners - environment = local.environment - } -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c4-01-vpc-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c4-01-vpc-variables.tf deleted file mode 100644 index b68d0a48..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c4-01-vpc-variables.tf +++ /dev/null @@ -1,77 +0,0 @@ -# VPC Input Variables - -# VPC Name -variable "vpc_name" { - description = "VPC Name" - type = string - default = "myvpc" -} - -# VPC CIDR Block -variable "vpc_cidr_block" { - description = "VPC CIDR Block" - type = string - default = "10.0.0.0/16" -} - -# VPC Availability Zones -variable "vpc_availability_zones" { - description = "VPC Availability Zones" - type = list(string) - default = ["us-east-1a", "us-east-1b"] -} - -# VPC Public Subnets -variable "vpc_public_subnets" { - description = "VPC Public Subnets" - type = list(string) - default = ["10.0.101.0/24", "10.0.102.0/24"] -} - -# VPC Private Subnets -variable "vpc_private_subnets" { - description = "VPC Private Subnets" - type = list(string) - default = ["10.0.1.0/24", "10.0.2.0/24"] -} - -# VPC Database Subnets -variable "vpc_database_subnets" { - description = "VPC Database Subnets" - type = list(string) - default = ["10.0.151.0/24", "10.0.152.0/24"] -} - -# VPC Create Database Subnet Group (True / False) -variable "vpc_create_database_subnet_group" { - description = "VPC Create Database Subnet Group" - type = bool - default = true -} - -# VPC Create Database Subnet Route Table (True or False) -variable "vpc_create_database_subnet_route_table" { - description = "VPC Create Database Subnet Route Table" - type = bool - default = true -} - - -# VPC Enable NAT Gateway (True or False) -variable "vpc_enable_nat_gateway" { - description = "Enable NAT Gateways for Private Subnets Outbound Communication" - type = bool - default = true -} - -# VPC Single NAT Gateway (True or False) -variable "vpc_single_nat_gateway" { - description = "Enable only single NAT Gateway in one Availability Zone to save costs during our demos" - type = bool - default = true -} - - - - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c4-02-vpc-module.tf b/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c4-02-vpc-module.tf deleted file mode 100644 index 69535c5f..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c4-02-vpc-module.tf +++ /dev/null @@ -1,43 +0,0 @@ -# Create VPC Terraform Module -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - #version = "2.78.0" - version = "3.0.0" - - # VPC Basic Details - name = "${local.name}-${var.vpc_name}" - cidr = var.vpc_cidr_block - azs = var.vpc_availability_zones - public_subnets = var.vpc_public_subnets - private_subnets = var.vpc_private_subnets - - # Database Subnets - database_subnets = var.vpc_database_subnets - create_database_subnet_group = var.vpc_create_database_subnet_group - create_database_subnet_route_table = var.vpc_create_database_subnet_route_table - # create_database_internet_gateway_route = true - # create_database_nat_gateway_route = true - - # NAT Gateways - Outbound Communication - enable_nat_gateway = var.vpc_enable_nat_gateway - single_nat_gateway = var.vpc_single_nat_gateway - - # VPC DNS Parameters - enable_dns_hostnames = true - enable_dns_support = true - - - tags = local.common_tags - vpc_tags = local.common_tags - - # Additional Tags to Subnets - public_subnet_tags = { - Type = "Public Subnets" - } - private_subnet_tags = { - Type = "Private Subnets" - } - database_subnet_tags = { - Type = "Private Database Subnets" - } -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c4-03-vpc-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c4-03-vpc-outputs.tf deleted file mode 100644 index c144e991..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c4-03-vpc-outputs.tf +++ /dev/null @@ -1,37 +0,0 @@ -# VPC Output Values - -# VPC ID -output "vpc_id" { - description = "The ID of the VPC" - value = module.vpc.vpc_id -} - -# VPC CIDR blocks -output "vpc_cidr_block" { - description = "The CIDR block of the VPC" - value = module.vpc.vpc_cidr_block -} - -# VPC Private Subnets -output "private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc.private_subnets -} - -# VPC Public Subnets -output "public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc.public_subnets -} - -# VPC NAT gateway Public IP -output "nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_public_ips -} - -# VPC AZs -output "azs" { - description = "A list of availability zones spefified as argument to this module" - value = module.vpc.azs -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c5-01-securitygroup-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c5-01-securitygroup-variables.tf deleted file mode 100644 index fecdef54..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c5-01-securitygroup-variables.tf +++ /dev/null @@ -1,2 +0,0 @@ -# AWS EC2 Security Group Terraform Variables -## Placeholder file for Variables diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c5-02-securitygroup-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c5-02-securitygroup-outputs.tf deleted file mode 100644 index 2bd8f58c..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c5-02-securitygroup-outputs.tf +++ /dev/null @@ -1,46 +0,0 @@ -# AWS EC2 Security Group Terraform Outputs - -# Public Bastion Host Security Group Outputs -## public_bastion_sg_group_id -output "public_bastion_sg_group_id" { - description = "The ID of the security group" - #value = module.public_bastion_sg.this_security_group_id - value = module.public_bastion_sg.security_group_id -} - -## public_bastion_sg_group_vpc_id -output "public_bastion_sg_group_vpc_id" { - description = "The VPC ID" - #value = module.public_bastion_sg.this_security_group_vpc_id - value = module.public_bastion_sg.security_group_vpc_id -} - -## public_bastion_sg_group_name -output "public_bastion_sg_group_name" { - description = "The name of the security group" - #value = module.public_bastion_sg.this_security_group_name - value = module.public_bastion_sg.security_group_name -} - -# Private EC2 Instances Security Group Outputs -## private_sg_group_id -output "private_sg_group_id" { - description = "The ID of the security group" - #value = module.private_sg.this_security_group_id - value = module.private_sg.security_group_id -} - -## private_sg_group_vpc_id -output "private_sg_group_vpc_id" { - description = "The VPC ID" - #value = module.private_sg.this_security_group_vpc_id - value = module.private_sg.security_group_vpc_id -} - -## private_sg_group_name -output "private_sg_group_name" { - description = "The name of the security group" - #value = module.private_sg.this_security_group_name - value = module.private_sg.security_group_name -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c5-03-securitygroup-bastionsg.tf b/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c5-03-securitygroup-bastionsg.tf deleted file mode 100644 index 3be1eb68..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c5-03-securitygroup-bastionsg.tf +++ /dev/null @@ -1,17 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Public Bastion Host -module "public_bastion_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - version = "4.0.0" - - name = "public-bastion-sg" - description = "Security Group with SSH port open for everybody (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c5-04-securitygroup-privatesg.tf b/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c5-04-securitygroup-privatesg.tf deleted file mode 100644 index 560a64cf..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c5-04-securitygroup-privatesg.tf +++ /dev/null @@ -1,18 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Private EC2 Instances -module "private_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - version = "4.0.0" - - name = "private-sg" - description = "Security Group with HTTP & SSH port open for entire VPC Block (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp", "http-80-tcp", "http-8080-tcp"] - ingress_cidr_blocks = [module.vpc.vpc_cidr_block] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf b/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf deleted file mode 100644 index e1cdf082..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf +++ /dev/null @@ -1,29 +0,0 @@ -# Security Group for Public Load Balancer -module "loadbalancer_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - version = "4.0.0" - - name = "loadbalancer-sg" - description = "Security Group with HTTP open for entire Internet (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["http-80-tcp", "https-443-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags - - # Open to CIDRs blocks (rule or from_port+to_port+protocol+description) - ingress_with_cidr_blocks = [ - { - from_port = 81 - to_port = 81 - protocol = 6 - description = "Allow Port 81 from internet" - cidr_blocks = "0.0.0.0/0" - }, - ] -} - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c5-06-securitygroup-rdsdbsg.tf b/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c5-06-securitygroup-rdsdbsg.tf deleted file mode 100644 index c5f7d47b..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c5-06-securitygroup-rdsdbsg.tf +++ /dev/null @@ -1,24 +0,0 @@ -# Security Group for AWS RDS DB -module "rdsdb_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - version = "4.0.0" - - name = "rdsdb-sg" - description = "Access to MySQL DB for entire VPC CIDR Block" - vpc_id = module.vpc.vpc_id - - # ingress - ingress_with_cidr_blocks = [ - { - from_port = 3306 - to_port = 3306 - protocol = "tcp" - description = "MySQL access from within VPC" - cidr_blocks = module.vpc.vpc_cidr_block - }, - ] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c6-01-datasource-ami.tf b/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c6-01-datasource-ami.tf deleted file mode 100644 index c292b608..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c6-01-datasource-ami.tf +++ /dev/null @@ -1,21 +0,0 @@ -# Get latest AMI ID for Amazon Linux2 OS -data "aws_ami" "amzlinux2" { - most_recent = true - owners = [ "amazon" ] - filter { - name = "name" - values = [ "amzn2-ami-hvm-*-gp2" ] - } - filter { - name = "root-device-type" - values = [ "ebs" ] - } - filter { - name = "virtualization-type" - values = [ "hvm" ] - } - filter { - name = "architecture" - values = [ "x86_64" ] - } -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c6-02-datasource-route53-zone.tf b/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c6-02-datasource-route53-zone.tf deleted file mode 100644 index a30979d5..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c6-02-datasource-route53-zone.tf +++ /dev/null @@ -1,16 +0,0 @@ -# Get DNS information from AWS Route53 -data "aws_route53_zone" "mydomain" { - name = "devopsincloud.com" -} - -# Output MyDomain Zone ID -output "mydomain_zoneid" { - description = "The Hosted Zone id of the desired Hosted Zone" - value = data.aws_route53_zone.mydomain.zone_id -} - -# Output MyDomain name -output "mydomain_name" { - description = " The Hosted Zone name of the desired Hosted Zone." - value = data.aws_route53_zone.mydomain.name -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c7-01-ec2instance-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c7-01-ec2instance-variables.tf deleted file mode 100644 index 5067bec2..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c7-01-ec2instance-variables.tf +++ /dev/null @@ -1,23 +0,0 @@ -# AWS EC2 Instance Terraform Variables -# EC2 Instance Variables - -# AWS EC2 Instance Type -variable "instance_type" { - description = "EC2 Instance Type" - type = string - default = "t3.micro" -} - -# AWS EC2 Instance Key Pair -variable "instance_keypair" { - description = "AWS EC2 Key pair that need to be associated with EC2 Instance" - type = string - default = "terraform-key" -} - -# AWS EC2 Private Instance Count -variable "private_instance_count" { - description = "AWS EC2 Private Instances Count" - type = number - default = 1 -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c7-02-ec2instance-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c7-02-ec2instance-outputs.tf deleted file mode 100644 index a899b6cc..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c7-02-ec2instance-outputs.tf +++ /dev/null @@ -1,52 +0,0 @@ -# AWS EC2 Instance Terraform Outputs -# Public EC2 Instances - Bastion Host - -## ec2_bastion_public_instance_ids -output "ec2_bastion_public_instance_ids" { - description = "List of IDs of instances" - value = module.ec2_public.id -} - -## ec2_bastion_public_ip -output "ec2_bastion_public_ip" { - description = "List of public IP addresses assigned to the instances" - value = module.ec2_public.public_ip -} - -# App1 - Private EC2 Instances -## ec2_private_instance_ids -output "app1_ec2_private_instance_ids" { - description = "List of IDs of instances" - value = module.ec2_private_app1.id -} -## ec2_private_ip -output "app1_ec2_private_ip" { - description = "List of private IP addresses assigned to the instances" - value = module.ec2_private_app1.private_ip -} - -# App2 - Private EC2 Instances -## ec2_private_instance_ids -output "app2_ec2_private_instance_ids" { - description = "List of IDs of instances" - value = module.ec2_private_app2.id -} -## ec2_private_ip -output "app2_ec2_private_ip" { - description = "List of private IP addresses assigned to the instances" - value = module.ec2_private_app2.private_ip -} - -# App3 - Private EC2 Instances -## ec2_private_instance_ids -output "app3_ec2_private_instance_ids" { - description = "List of IDs of instances" - value = module.ec2_private_app3.id -} -## ec2_private_ip -output "app3_ec2_private_ip" { - description = "List of private IP addresses assigned to the instances" - value = module.ec2_private_app3.private_ip -} - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c7-03-ec2instance-bastion.tf b/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c7-03-ec2instance-bastion.tf deleted file mode 100644 index 70a8536e..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c7-03-ec2instance-bastion.tf +++ /dev/null @@ -1,19 +0,0 @@ -# AWS EC2 Instance Terraform Module -# Bastion Host - EC2 Instance that will be created in VPC Public Subnet -module "ec2_public" { - source = "terraform-aws-modules/ec2-instance/aws" - version = "2.17.0" - # insert the 10 required variables here - name = "${var.environment}-BastionHost" - #instance_count = 5 - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - subnet_id = module.vpc.public_subnets[0] - #vpc_security_group_ids = [module.public_bastion_sg.this_security_group_id] - vpc_security_group_ids = [module.public_bastion_sg.security_group_id] - tags = local.common_tags - user_data = file("${path.module}/jumpbox-install.sh") -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c7-04-ec2instance-private-app1.tf b/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c7-04-ec2instance-private-app1.tf deleted file mode 100644 index 3401197d..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c7-04-ec2instance-private-app1.tf +++ /dev/null @@ -1,25 +0,0 @@ -# AWS EC2 Instance Terraform Module -# EC2 Instances that will be created in VPC Private Subnets for App1 -module "ec2_private_app1" { - depends_on = [ module.vpc ] # VERY VERY IMPORTANT else userdata webserver provisioning will fail - source = "terraform-aws-modules/ec2-instance/aws" - version = "2.17.0" - # insert the 10 required variables here - name = "${var.environment}-app1" - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - #vpc_security_group_ids = [module.private_sg.this_security_group_id] - vpc_security_group_ids = [module.private_sg.security_group_id] - #subnet_id = module.vpc.public_subnets[0] - subnet_ids = [ - module.vpc.private_subnets[0], - module.vpc.private_subnets[1] - ] - instance_count = var.private_instance_count - user_data = file("${path.module}/app1-install.sh") - tags = local.common_tags -} - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c7-05-ec2instance-private-app2.tf b/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c7-05-ec2instance-private-app2.tf deleted file mode 100644 index 9f678599..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c7-05-ec2instance-private-app2.tf +++ /dev/null @@ -1,25 +0,0 @@ -# AWS EC2 Instance Terraform Module -# EC2 Instances that will be created in VPC Private Subnets for App2 -module "ec2_private_app2" { - depends_on = [ module.vpc ] # VERY VERY IMPORTANT else userdata webserver provisioning will fail - source = "terraform-aws-modules/ec2-instance/aws" - version = "2.17.0" - # insert the 10 required variables here - name = "${var.environment}-app2" - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - #vpc_security_group_ids = [module.private_sg.this_security_group_id] - vpc_security_group_ids = [module.private_sg.security_group_id] - #subnet_id = module.vpc.public_subnets[0] - subnet_ids = [ - module.vpc.private_subnets[0], - module.vpc.private_subnets[1] - ] - instance_count = var.private_instance_count - user_data = file("${path.module}/app2-install.sh") - tags = local.common_tags -} - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c7-06-ec2instance-private-app3.tf b/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c7-06-ec2instance-private-app3.tf deleted file mode 100644 index b4fd0258..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c7-06-ec2instance-private-app3.tf +++ /dev/null @@ -1,27 +0,0 @@ -# AWS EC2 Instance Terraform Module -# EC2 Instances that will be created in VPC Private Subnets for App2 -module "ec2_private_app3" { - depends_on = [ module.vpc ] # VERY VERY IMPORTANT else userdata webserver provisioning will fail - source = "terraform-aws-modules/ec2-instance/aws" - version = "2.17.0" - # insert the 10 required variables here - name = "${var.environment}-app3" - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - #vpc_security_group_ids = [module.private_sg.this_security_group_id] - vpc_security_group_ids = [module.private_sg.security_group_id] - #subnet_id = module.vpc.public_subnets[0] - subnet_ids = [ - module.vpc.private_subnets[0], - module.vpc.private_subnets[1] - ] - instance_count = var.private_instance_count - #user_data = file("${path.module}/app3-ums-install.tmpl") - THIS WILL NOT WORK, use Terraform templatefile function as below. - #https://www.terraform.io/docs/language/functions/templatefile.html - user_data = templatefile("app3-ums-install.tmpl",{rds_db_endpoint = module.rdsdb.db_instance_address}) - tags = local.common_tags -} - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c8-elasticip.tf b/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c8-elasticip.tf deleted file mode 100644 index 07fe130b..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c8-elasticip.tf +++ /dev/null @@ -1,16 +0,0 @@ -# Create Elastic IP for Bastion Host -# Resource - depends_on Meta-Argument -resource "aws_eip" "bastion_eip" { - depends_on = [ module.ec2_public, module.vpc ] - instance = module.ec2_public.id[0] - vpc = true - tags = local.common_tags - -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) - provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c9-nullresource-provisioners.tf b/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c9-nullresource-provisioners.tf deleted file mode 100644 index a4b0bcdf..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/c9-nullresource-provisioners.tf +++ /dev/null @@ -1,42 +0,0 @@ -# Create a Null Resource and Provisioners -resource "null_resource" "name" { - depends_on = [module.ec2_public] - # Connection Block for Provisioners to connect to EC2 Instance - connection { - type = "ssh" - host = aws_eip.bastion_eip.public_ip - user = "ec2-user" - password = "" - private_key = file("private-key/terraform-key.pem") - } - -## File Provisioner: Copies the terraform-key.pem file to /tmp/terraform-key.pem - provisioner "file" { - source = "private-key/terraform-key.pem" - destination = "/tmp/terraform-key.pem" - } -## Remote Exec Provisioner: Using remote-exec provisioner fix the private key permissions on Bastion Host - provisioner "remote-exec" { - inline = [ - "sudo chmod 400 /tmp/terraform-key.pem" - ] - } -## Local Exec Provisioner: local-exec provisioner (Creation-Time Provisioner - Triggered during Create Resource) - provisioner "local-exec" { - command = "echo VPC created on `date` and VPC ID: ${module.vpc.vpc_id} >> creation-time-vpc-id.txt" - working_dir = "local-exec-output-files/" - #on_failure = continue - } -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) -/* provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } - */ - -} - -# Creation Time Provisioners - By default they are created during resource creations (terraform apply) -# Destory Time Provisioners - Will be executed during "terraform destroy" command (when = destroy) \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/ec2instance.auto.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/ec2instance.auto.tfvars deleted file mode 100644 index 2d1c0446..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/ec2instance.auto.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -# EC2 Instance Variables -instance_type = "t3.micro" -instance_keypair = "terraform-key" -private_instance_count = 2 diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/jumpbox-install.sh b/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/jumpbox-install.sh deleted file mode 100644 index eaa57e01..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/jumpbox-install.sh +++ /dev/null @@ -1,8 +0,0 @@ -#! /bin/bash -sudo yum update -y -sudo rpm -e --nodeps mariadb-libs-* -sudo amazon-linux-extras enable mariadb10.5 -sudo yum clean metadata -sudo yum install -y mariadb -sudo mysql -V -sudo yum install -y telnet \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt b/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt deleted file mode 100644 index df059b49..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt +++ /dev/null @@ -1,5 +0,0 @@ -VPC created on Tue Apr 20 13:59:45 IST 2021 and VPC ID: vpc-0325dc1acd7eec103 -VPC created on Fri Apr 23 14:38:18 IST 2021 and VPC ID: vpc-0159283c216ac75de -VPC created on Tue Apr 27 10:44:49 IST 2021 and VPC ID: vpc-0f27dbec1d02214ac -VPC created on Tue Apr 27 11:43:16 IST 2021 and VPC ID: vpc-0919ae691ce17b447 -VPC created on Tue Apr 27 15:46:33 IST 2021 and VPC ID: vpc-0c049ce82c2fef9d3 diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/local-exec-output-files/destroy-time-prov.txt b/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/local-exec-output-files/destroy-time-prov.txt deleted file mode 100644 index 222ba814..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/local-exec-output-files/destroy-time-prov.txt +++ /dev/null @@ -1,5 +0,0 @@ -Destroy time prov Tue Apr 20 14:11:11 IST 2021 -Destroy time prov Fri Apr 23 16:06:53 IST 2021 -Destroy time prov Tue Apr 27 11:10:39 IST 2021 -Destroy time prov Tue Apr 27 13:09:09 IST 2021 -Destroy time prov Tue Apr 27 16:20:51 IST 2021 diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/private-key/terraform-key.pem b/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/private-key/terraform-key.pem deleted file mode 100644 index fab1eb2a..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/private-key/terraform-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAnzQtbXStFNU4znotckbPpAbQvymSYBvIRhObDObmhZLzs/Qm -lm57HBU18NcdAeEmKjHyu/2CI4Wwor3TJ+LTKHIldHmCt+26dSN5889Km99Af674 -nuPg9fTt8IXhY83aO0AeEnFivC+lk9+6Xezv7J7Llsmyx3kvUGE4uUEPNPuNcjdU -OrSlQ/Th9FPWBsTL8wLQCfQaPIQhZT8fXnvNGViTpZ/YqcoKGmkXcMl/+Pi0Xccs -ID3Egl18sV5uWr6T1DSMqhhwWYbl+IagZYUeKQ6Lg5znAtnX2/OHhDep6pGcf+aE -jbRkhQWgfLIVYhNXkAGxdxBEA2fQO0wvnaKI6wIDAQABAoIBABmUZqApmQ253LDA -TMEJw58VQUEVyuEKVbl8uPLvvqZDoEiPuAt/oOQ4PDyAM7bzmBA7ikbOSrSubF0Z -pu3HsinTfVUjmO84kTb1Bkk4S0KUMmbRlDzjXGfofLqiqD5C+wd+G9bWxQh7l10V -G3qv8TTRpuCJc+I9BG8jz9tkKq9WYtnGKXktVIAmEXK+ein8A5yj+szV1CyP0y6Y -6D1KApk+o1hLEXCBxaK6JgD4elJWgU0jCIhRFZzae93yozNIfJc2WZfPc8Ro6GBa -8H57q3E241P7S65VewhZlln9AUcRFYc587ohcCIW8mOWQ8NA3IMP+oVxa2p334Ll -duhR2jECgYEAyf7a1/+/c82B+ENyo53Y5CK2UM28oOJjiyCaWG2Dxj6V2+ZSXPrS -YTo43L9XiqT0Ry2eHjb4pJDsEeW5FnaDFO6NVUP+vfzaqWtozQmVAl3GQybbSh6g -+KJoEQff2Obadp9ZVhLFTiBedvGqPD43hs7jtmk5RfMjpLOvidfe+/UCgYEAycSJ -etYYHMMQm2NgX1/4dcbgOiu33N+x1H7LaXuvJMaZw0wB7fUyu65CAexEanDtiKs3 -jVG4tAzdMmHg7VxKR7eiCvQaSlxdWdcWtL2eFVq2TaQeowbpJUtsR0h6W0vpaN9A -VYW/oAH4fzQskwmWSlBMxB/Ie14hBCBckTXSRV8CgYEAql6WXpCK/jVbZfYdfvrn -sKPGeijM7DWGGBaLmAHmnxKyeyKsXVgAkZj11NpeD8ZJcq97Kajb1pGVSxMjJVsX -/FOoST5sYfoew76gSi/GypQlYQYo9z8WLh9s/tBRcTRlFqAYTYzPdbG/ezshhmZD -lyRw0620bNdCPOyBJhY5MPECgYA/3tFOazuSz0UQi3LUfkLetagBghlf+AgJJmIp -8BdPYvcF1ae+tiHrO4x1o188+qaW3uxk9fusM25KJqXXPaHd9gl7wi4YYAjFCcuM -R4IlbGPNTCjOnr9rKOcL4aup/uvSYOmyqPYyJq2NRuzdVumWeLj0VMNYGkIFVmE3 -LnxzrQKBgG5loEjdSKt40YOMXtYvUYUKDGvWgoQEb0hj3OqiBXz+w4YD3/iX7dbQ -qra1gCxE42Z9beiBiti6zi6zGcoVj/pfNUoyxTLMSwaytbF+g1u6ksXcmC9PXcmk -kJDR0DJcm/rcL8tp3PKo22GDB7sobm9gk5je6y8z+dQs3SQbWzb0 ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/rdsdb.auto.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/rdsdb.auto.tfvars deleted file mode 100644 index 6e44361b..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/rdsdb.auto.tfvars +++ /dev/null @@ -1,7 +0,0 @@ -# RDS Database Variables -db_name = "webappdb" -db_instance_identifier = "webappdb" -db_username = "dbadmin" - - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/secrets.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/secrets.tfvars deleted file mode 100644 index 56e7e303..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/secrets.tfvars +++ /dev/null @@ -1 +0,0 @@ -db_password = "dbpassword11" \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/terraform.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/terraform.tfvars deleted file mode 100644 index 8b9f8d7c..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/terraform.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# Generic Variables -aws_region = "us-east-1" -environment = "stag" -business_divsion = "hr" - - - - - - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/vpc.auto.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/vpc.auto.tfvars deleted file mode 100644 index fc45bf29..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/13-DNS-to-DB/terraform-manifests/vpc.auto.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# VPC Variables -vpc_name = "myvpc" -vpc_cidr_block = "10.0.0.0/16" -vpc_availability_zones = ["us-east-1a", "us-east-1b"] -vpc_public_subnets = ["10.0.101.0/24", "10.0.102.0/24"] -vpc_private_subnets = ["10.0.1.0/24", "10.0.2.0/24"] -vpc_database_subnets= ["10.0.151.0/24", "10.0.152.0/24"] -vpc_create_database_subnet_group = true -vpc_create_database_subnet_route_table = true -vpc_enable_nat_gateway = true -vpc_single_nat_gateway = true \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/README.md b/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/README.md deleted file mode 100644 index 7db92591..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/README.md +++ /dev/null @@ -1,728 +0,0 @@ ---- -title: AWS Autoscaling with Launch Configuration -description: Create AWS Autoscaling with Launch Configuration using Terraform ---- -# AWS Autoscaling with Launch Configuration using Terraform -## Step-00: Create Autoscaling using AWS Management Console -- We are going to create Autoscaling using AWS Management Console to understand things on high level before going to create them using Terrafom - - Create Lauch Configuration - - Create Autoscaling - - Create TTSP Policies - - Create Launch Configurations - - Create Lifecycle Hooks - - Create Notifications - - Create Scheduled Actions -- **Important Note:** Students who are already experts in Autoscaling can move on to implement the same using Terraform. - -## Step-01: Introduction to Autoscaing using Terraform -### Module-1: Create ASG & LC & ALB -- [Terraform Autoscaling Module](https://registry.terraform.io/modules/terraform-aws-modules/autoscaling/aws/latest) -- Create Launch Configuration -- Create Autoscaling Group -- Map it with ALB (Application Load Balancer) -- Create Autoscaling Outputs - -[](https://stacksimplify.com/course-images/terraform-aws-autoscaling-launch-configurations-1.png) - -[](https://stacksimplify.com/course-images/terraform-aws-autoscaling-launch-configurations-2.png) - -[](https://stacksimplify.com/course-images/terraform-aws-autoscaling-launch-configurations-3.png) - - -### Module-2: Autoscaling Notifications -- Create SNS Topic `aws_sns_topic` -- Create SNS Topic Subscription `aws_sns_topic_subscription` -- Create Autoscaling Notification Resource `aws_autoscaling_notification` - -### Module-3: Create TTSP (Target Tracking Scaling Policies) -- Create `Resource: aws_autoscaling_policy` - - ASGAverageCPUUtilization - - ALBRequestCountPerTarget -- Terraform Import for `ALBRequestCountPerTarget` Resource Label finding (Standard Troubleshooting to find exact argument and value using `terraform import` command) - -### Module-4: Scheduled Actions -- Create a scheduled action to `increase capacity at 7am` -- Create a scheduled action to `decrease capacity at 5pm` -```t -# Import State -$ terraform import aws_autoscaling_schedule.resource-name auto-scaling-group-name/scheduled-action-name -terraform import aws_autoscaling_schedule.capacity_increase_during_business_hours myapp1-asg-20210329100544375800000007/capacity_increase_during_business_hours --> using terraform import get values for recurrence argument (cron format) - -# UTC Timezone converter -https://www.worldtimebuddy.com/utc-to-est-converter -``` - -### Module-5: Changes to ASG - Test Instance Refresh -- Change Desired capacity to 3 `desired_capacity = 3` and test -- Any change to ASG specific arguments listed in `triggers` of `instance_refresh` block, do a instance refresh - -### Module-6: Change to Launch Configuration - Test Instance Refresh -- What happens? -- In next scale-in event changes will be adjusted [or] if instance refresh present and configured in this module it updates ASG with new LC ID, instance refresh should kick in. -- Lets see that practically -- In this case, we don't need to have `launch_configuration` practically present in `triggers` section of `instance_refresh` things take care automatically - -### Module-7: Testing using Postman for Autoscaling -- Use postman to put load to test the TTSP policies for autoscaling - -## Step-02: Review existing configuration files -1. c1-versions.tf -2. c2-generic-variables.tf -3. c3-local-values.tf: ADDED `asg_tags` -4. VPC Module -- c4-01-vpc-variables.tf -- c4-02-vpc-module.tf -- c4-03-vpc-outputs.tf -5. Security Group Modules -- c5-01-securitygroup-variables.tf -- c5-02-securitygroup-outputs.tf -- c5-03-securitygroup-bastionsg.tf -- c5-04-securitygroup-privatesg.tf -- c5-05-securitygroup-loadbalancersg.tf -6. Datasources -- c6-01-datasource-ami.tf -- c6-02-datasource-route53-zone.tf -7. EC2 Instance Module -- c7-01-ec2instance-variables.tf -- c7-02-ec2instance-outputs.tf: REMOVED OUTPUTS RELATED TO OTHER PRIVATE EC2 INSTANCES -- c7-03-ec2instance-bastion.tf -8. c8-elasticip.tf -9. c9-nullresource-provisioners.tf -10. Application Load Balancer Module -- c10-01-ALB-application-loadbalancer-variables.tf -- c10-02-ALB-application-loadbalancer.tf: CHANGES RELATED TO APP1 TG, REMOVE TARGETS, TARGETS WILL BE ADDED FROM ASG -- c10-03-ALB-application-loadbalancer-outputs.tf -11. c11-acm-certificatemanager.tf -12. c12-route53-dnsregistration.tf: JUST CHANGED THE DNS NAME -13. Autoscaling with Launch Configuration Module: NEW ADDITION -- c13-01-autoscaling-with-launchconfiguration-variables.tf -- c13-02-autoscaling-additional-resoures.tf -- c13-03-autoscaling-with-launchconfiguration.tf -- c13-04-autoscaling-with-launchconfiguration-outputs.tf -- c13-05-autoscaling-notifications.tf -- c13-06-autoscaling-ttsp.tf -- c13-07-autoscaling-scheduled-actions.tf -14. Terraform Input Variables -- ec2instance.auto.tfvars -- terraform.tfvars -- vpc.auto.tfvars -15. Userdata -- app1-install.sh -16. EC2 Instance Private Keys -- private-key/terraform-key.pem - - -## Step-03: c3-local-values.tf -```t - asg_tags = [ - { - key = "Project" - value = "megasecret" - propagate_at_launch = true - }, - { - key = "foo" - value = "" - propagate_at_launch = true - }, - ] -``` - -## Step-04: c7-02-ec2instance-outputs.tf -- Removed EC2 Instance Outputs anything defined for Private EC2 Instances created using EC2 Instance module -- Only outputs for Bastion EC2 Instance is present -```t -## ec2_bastion_public_instance_ids -output "ec2_bastion_public_instance_ids" { - description = "List of IDs of instances" - value = module.ec2_public.id -} - -## ec2_bastion_public_ip -output "ec2_bastion_public_ip" { - description = "List of public IP addresses assigned to the instances" - value = module.ec2_public.public_ip -} - -``` - -## Step-05: c10-02-ALB-application-loadbalancer.tf -- Two changes -- **Change-1:** For `subnets` argument, either we can give specific subnets or we can also give all private subnets defined. -- **Change-2:** Commented the Targets for App1, App1 Targets now will be added automatically from ASG. HOW? - - In ASG, we will be referencing the load balancer `target_group_arns= module.alb.target_group_arns` - - We will discuss more about this when creating ASG TF Configs -- **Change-3:** changed the path patter as `path_patterns = ["/*"]` -```t -# Terraform AWS Application Load Balancer (ALB) -module "alb" { - source = "terraform-aws-modules/alb/aws" - #version = "5.16.0" - version = "6.0.0" - - name = "${local.name}-alb" - load_balancer_type = "application" - vpc_id = module.vpc.vpc_id - /*Option-1: Give as list with specific subnets or in next line, pass all public subnets - subnets = [ - module.vpc.public_subnets[0], - module.vpc.public_subnets[1] - ]*/ - subnets = module.vpc.public_subnets - #security_groups = [module.loadbalancer_sg.this_security_group_id] - security_groups = [module.loadbalancer_sg.security_group_id] - # Listeners - # HTTP Listener - HTTP to HTTPS Redirect - http_tcp_listeners = [ - { - port = 80 - protocol = "HTTP" - action_type = "redirect" - redirect = { - port = "443" - protocol = "HTTPS" - status_code = "HTTP_301" - } - } - ] - # Target Groups - target_groups = [ - # App1 Target Group - TG Index = 0 - { - name_prefix = "app1-" - backend_protocol = "HTTP" - backend_port = 80 - target_type = "instance" - deregistration_delay = 10 - health_check = { - enabled = true - interval = 30 - path = "/app1/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - protocol = "HTTP" - matcher = "200-399" - } - protocol_version = "HTTP1" - /* # App1 Target Group - Targets - targets = { - my_app1_vm1 = { - target_id = module.ec2_private_app1.id[0] - port = 80 - }, - my_app1_vm2 = { - target_id = module.ec2_private_app1.id[1] - port = 80 - } - } - tags =local.common_tags # Target Group Tags*/ - }, - ] - - # HTTPS Listener - https_listeners = [ - # HTTPS Listener Index = 0 for HTTPS 443 - { - port = 443 - protocol = "HTTPS" - #certificate_arn = module.acm.this_acm_certificate_arn - certificate_arn = module.acm.acm_certificate_arn - action_type = "fixed-response" - fixed_response = { - content_type = "text/plain" - message_body = "Fixed Static message - for Root Context" - status_code = "200" - } - }, - ] - - # HTTPS Listener Rules - https_listener_rules = [ - # Rule-1: /app1* should go to App1 EC2 Instances - { - https_listener_index = 0 - priority = 1 - actions = [ - { - type = "forward" - target_group_index = 0 - } - ] - conditions = [{ - path_patterns = ["/*"] - }] - }, - ] - tags = local.common_tags # ALB Tags -} -``` - -## Step-06: c12-route53-dnsregistration.tf -- Update the DNS name relevant to demo -```t - name = "asg-lc1.devopsincloud.com" -``` - -## Step-07: Autoscaling with Launch Configuration Terraform Module -### Step-07-01: c13-01-autoscaling-with-launchconfiguration-variables.tf -```t -# Autoscaling Input Variables -## Placeholder file -``` - -### Step-07-02: c13-02-autoscaling-additional-resoures.tf -```t -# AWS IAM Service Linked Role for Autoscaling Group -resource "aws_iam_service_linked_role" "autoscaling" { - aws_service_name = "autoscaling.amazonaws.com" - description = "A service linked role for autoscaling" - custom_suffix = local.name - - # Sometimes good sleep is required to have some IAM resources created before they can be used - provisioner "local-exec" { - command = "sleep 10" - } -} - -# Output AWS IAM Service Linked Role -output "service_linked_role_arn" { - value = aws_iam_service_linked_role.autoscaling.arn -} -``` - -### Step-07-03: c13-03-autoscaling-with-launchconfiguration.tf -```t -# Autoscaling with Launch Configuration - Both created at a time -module "autoscaling" { - source = "terraform-aws-modules/autoscaling/aws" - version = "4.1.0" - - # Autoscaling group - name = "${local.name}-myasg1" - use_name_prefix = false - - min_size = 2 - max_size = 10 - desired_capacity = 2 - wait_for_capacity_timeout = 0 - health_check_type = "EC2" - vpc_zone_identifier = module.vpc.private_subnets - service_linked_role_arn = aws_iam_service_linked_role.autoscaling.arn - # Associate ALB with ASG - target_group_arns = module.alb.target_group_arns - - # ASG Lifecycle Hooks - initial_lifecycle_hooks = [ - { - name = "ExampleStartupLifeCycleHook" - default_result = "CONTINUE" - heartbeat_timeout = 60 - lifecycle_transition = "autoscaling:EC2_INSTANCE_LAUNCHING" - # This could be a rendered data resource - notification_metadata = jsonencode({ "hello" = "world" }) - }, - { - name = "ExampleTerminationLifeCycleHook" - default_result = "CONTINUE" - heartbeat_timeout = 180 - lifecycle_transition = "autoscaling:EC2_INSTANCE_TERMINATING" - # This could be a rendered data resource - notification_metadata = jsonencode({ "goodbye" = "world" }) - } - ] - - # ASG Instance Referesh - instance_refresh = { - strategy = "Rolling" - preferences = { - min_healthy_percentage = 50 - } - triggers = ["tag", "desired_capacity"/*, "launch_configuration"*/] # Desired Capacity here added for demostrating the Instance Refresh scenario - } - - # ASG Launch configuration - lc_name = "${local.name}-mylc1" - use_lc = true - create_lc = true - - image_id = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - user_data = file("${path.module}/app1-install.sh") - ebs_optimized = true - enable_monitoring = true - - security_groups = [module.private_sg.security_group_id] - associate_public_ip_address = false - - # Add Spot Instances, which creates Spot Requests to get instances at the price listed (Optional argument) - #spot_price = "0.014" - spot_price = "0.015" # Change for Instance Refresh test - - ebs_block_device = [ - { - device_name = "/dev/xvdz" - delete_on_termination = true - encrypted = true - volume_type = "gp2" - volume_size = "20" - }, - ] - - root_block_device = [ - { - delete_on_termination = true - encrypted = true - volume_size = "15" - volume_type = "gp2" - }, - ] - - metadata_options = { - http_endpoint = "enabled" - http_tokens = "optional" # At production grade you can change to "required", for our example if is optional we can get the content in metadata.html - http_put_response_hop_limit = 32 - } - - tags = local.asg_tags -} -``` - -### Step-07-04: c13-04-autoscaling-with-launchconfiguration-outputs.tf -```t -# Launch configuration Outputs -output "launch_configuration_id" { - description = "The ID of the launch configuration" - value = module.autoscaling.launch_configuration_id -} - -output "launch_configuration_arn" { - description = "The ARN of the launch configuration" - value = module.autoscaling.launch_configuration_arn -} - -output "launch_configuration_name" { - description = "The name of the launch configuration" - value = module.autoscaling.launch_configuration_name -} - -# Autoscaling Outpus -output "autoscaling_group_id" { - description = "The autoscaling group id" - value = module.autoscaling.autoscaling_group_id -} - -output "autoscaling_group_name" { - description = "The autoscaling group name" - value = module.autoscaling.autoscaling_group_name -} - -output "autoscaling_group_arn" { - description = "The ARN for this AutoScaling Group" - value = module.autoscaling.autoscaling_group_arn -} - -output "autoscaling_group_min_size" { - description = "The minimum size of the autoscale group" - value = module.autoscaling.autoscaling_group_min_size -} - -output "autoscaling_group_max_size" { - description = "The maximum size of the autoscale group" - value = module.autoscaling.autoscaling_group_max_size -} - -output "autoscaling_group_desired_capacity" { - description = "The number of Amazon EC2 instances that should be running in the group" - value = module.autoscaling.autoscaling_group_desired_capacity -} - -output "autoscaling_group_default_cooldown" { - description = "Time between a scaling activity and the succeeding scaling activity" - value = module.autoscaling.autoscaling_group_default_cooldown -} - -output "autoscaling_group_health_check_grace_period" { - description = "Time after instance comes into service before checking health" - value = module.autoscaling.autoscaling_group_health_check_grace_period -} - -output "autoscaling_group_health_check_type" { - description = "EC2 or ELB. Controls how health checking is done" - value = module.autoscaling.autoscaling_group_health_check_type -} - -output "autoscaling_group_availability_zones" { - description = "The availability zones of the autoscale group" - value = module.autoscaling.autoscaling_group_availability_zones -} - -output "autoscaling_group_vpc_zone_identifier" { - description = "The VPC zone identifier" - value = module.autoscaling.autoscaling_group_vpc_zone_identifier -} - -output "autoscaling_group_load_balancers" { - description = "The load balancer names associated with the autoscaling group" - value = module.autoscaling.autoscaling_group_load_balancers -} - -output "autoscaling_group_target_group_arns" { - description = "List of Target Group ARNs that apply to this AutoScaling Group" - value = module.autoscaling.autoscaling_group_target_group_arns -} -``` - -### Step-07-05: c13-05-autoscaling-notifications.tf -#### Step-07-05-01: c1-versions.tf -```t -# Add Random Provider in required_providers block - random = { - source = "hashicorp/random" - version = "~> 3.0" - } - -# Create Random Pet Resource -resource "random_pet" "this" { - length = 2 -} -``` - -#### Step-07-05-02: c13-05-autoscaling-notifications.tf -```t -# Autoscaling Notifications -## SNS - Topic -resource "aws_sns_topic" "myasg_sns_topic" { - name = "myasg-sns-topic-${random_pet.this.id}" -} - -## SNS - Subscription -resource "aws_sns_topic_subscription" "myasg_sns_topic_subscription" { - topic_arn = aws_sns_topic.myasg_sns_topic.arn - protocol = "email" - endpoint = "stacksimplify@gmail.com" -} - -## Create Autoscaling Notification Resource -resource "aws_autoscaling_notification" "myasg_notifications" { - group_names = [module.autoscaling.autoscaling_group_id] - notifications = [ - "autoscaling:EC2_INSTANCE_LAUNCH", - "autoscaling:EC2_INSTANCE_TERMINATE", - "autoscaling:EC2_INSTANCE_LAUNCH_ERROR", - "autoscaling:EC2_INSTANCE_TERMINATE_ERROR", - ] - topic_arn = aws_sns_topic.myasg_sns_topic.arn -} -``` - -### Step-07-06: c13-06-autoscaling-ttsp.tf -```t -###### Target Tracking Scaling Policies ###### -# TTS - Scaling Policy-1: Based on CPU Utilization of EC2 Instances -# Define Autoscaling Policies and Associate them to Autoscaling Group -resource "aws_autoscaling_policy" "avg_cpu_policy_greater_than_xx" { - name = "avg-cpu-policy-greater-than-xx" - policy_type = "TargetTrackingScaling" # Important Note: The policy type, either "SimpleScaling", "StepScaling" or "TargetTrackingScaling". If this value isn't provided, AWS will default to "SimpleScaling." - autoscaling_group_name = module.autoscaling.autoscaling_group_id - estimated_instance_warmup = 180 # defaults to ASG default cooldown 300 seconds if not set - # CPU Utilization is above 50 - target_tracking_configuration { - predefined_metric_specification { - predefined_metric_type = "ASGAverageCPUUtilization" - } - target_value = 50.0 - } - -} - -# TTS - Scaling Policy-2: Based on ALB Target Requests -resource "aws_autoscaling_policy" "alb_target_requests_greater_than_yy" { - name = "alb-target-requests-greater-than-yy" - policy_type = "TargetTrackingScaling" # Important Note: The policy type, either "SimpleScaling", "StepScaling" or "TargetTrackingScaling". If this value isn't provided, AWS will default to "SimpleScaling." - autoscaling_group_name = module.autoscaling.autoscaling_group_id - estimated_instance_warmup = 120 # defaults to ASG default cooldown 300 seconds if not set - # Number of requests > 10 completed per target in an Application Load Balancer target group. - target_tracking_configuration { - predefined_metric_specification { - predefined_metric_type = "ALBRequestCountPerTarget" - resource_label = "${module.alb.lb_arn_suffix}/${module.alb.target_group_arn_suffixes[0]}" - } - target_value = 10.0 - } -} -``` - -### Step-07-07: c13-07-autoscaling-scheduled-actions.tf -#### Step-07-07-01: Terraform Import Command -```t -# Import State -$ terraform import aws_autoscaling_schedule.resource-name auto-scaling-group-name/scheduled-action-name -terraform import aws_autoscaling_schedule.capacity_increase_during_business_hours myapp1-asg-20210329100544375800000007/capacity_increase_during_business_hours --> using terraform import get values for recurrence argument (cron format) -``` -#### Step-07-07-02: ASG Scheduled Actions -- `start_time` is given as future date, you can correct that based on your need from what date these actions should take place. -- Time in `start_time` should be in UTC Timezone so please convert from your local time to UTC Time and update the value accordingly. -- [UTC Timezone converter](https://www.worldtimebuddy.com/utc-to-est-converter) - -```t -## Create Scheduled Actions -### Create Scheduled Action-1: Increase capacity during business hours -resource "aws_autoscaling_schedule" "increase_capacity_7am" { - scheduled_action_name = "increase-capacity-7am" - min_size = 2 - max_size = 10 - desired_capacity = 8 - start_time = "2030-03-30T11:00:00Z" # Time should be provided in UTC Timezone (11am UTC = 7AM EST) - recurrence = "00 09 * * *" - autoscaling_group_name = module.autoscaling.autoscaling_group_id -} -### Create Scheduled Action-2: Decrease capacity during business hours -resource "aws_autoscaling_schedule" "decrease_capacity_5pm" { - scheduled_action_name = "decrease-capacity-5pm" - min_size = 2 - max_size = 10 - desired_capacity = 2 - start_time = "2030-03-30T21:00:00Z" # Time should be provided in UTC Timezone (9PM UTC = 5PM EST) - recurrence = "00 21 * * *" - autoscaling_group_name = module.autoscaling.autoscaling_group_id -} -``` - -## Step-08: Execute Terraform Commands -```t -# Terraform Initialize -terraform init - -# Terraform Validate -terraform validate - -# Terraform Plan -terraform plan - -# Terraform Apply -terraform apply -auto-approve -``` - -## Step-09: Verify the AWS resources created -0. Confirm SNS Subscription in your email -1. Verify EC2 Instances -2. Verify Launch Configuration (High Level) -3. Verify Autoscaling Group (High Level) -4. Verify Load Balancer -5. Verify Load Balancer Target Group - Health Checks -6. Verify Autoscaling Group Features In detail -- Details Tab - - ASG Group Details - - Launch Configuration -- Activity Tab -- Automatic Scaling - - Target Tracking Scaling Policies (TTSP) - - Scheduled Actions -- Instance Management - - Instances - - Lifecycle Hooks -- Monitoring - - Autoscaling - - EC2 -- Instance Refresh Tab -7. Verify Spot Requests -8. Access and Test -```t -# Access and Test -http://asg-lc.devopsincloud.com -http://asg-lc.devopsincloud.com/app1/index.html -http://asg-lc.devopsincloud.com/app1/metadata.html -``` - - -## Step-10: Changes to ASG - Test Instance Refresh -- Change Desired capacity to 3 `desired_capacity = 3` and test -- Any change to ASG specific arguments listed in `triggers` of `instance_refresh` block, do a instance refresh -```t - # ASG Instance Referesh - instance_refresh = { - strategy = "Rolling" - preferences = { - min_healthy_percentage = 50 - } - triggers = ["tag", "desired_capacity"] # Desired Capacity here added for demostrating the Instance Refresh scenario - } -``` -- Execute Terraform Commands -```t -# Terraform Plan -terraform plan - -# Terraform Apply -terraform apply -auto-approve - -# Observation -1. Consistently monitor the Autoscaling "Activity" and "Instance Refresh" tabs. -2. In close to 5 to 10 minutes, instances will be refreshed -3. Verify EC2 Instances, old will be terminated and new will be created -``` - -## Step-11: Change to Launch Configuration - Test Instance Refresh -- What happens? -- In next scale-in event changes will be adjusted [or] if instance refresh present and configured in this module it updates ASG with new LC ID, instance refresh should kick in. -- Lets see that practically -- In this case, we don't need to have `launch_configuration` practically present in `triggers` section of `instance_refresh` things take care automatically -```t -# Before - spot_price = "0.014" -# After - spot_price = "0.015" # Change for Instance Refresh test -``` -- Execute Terraform Commands -```t -# Terraform Plan -terraform plan - -# Terraform Apply -terraform apply -auto-approve - -# Observation -1. Consistently monitor the Autoscaling "Activity" and "Instance Refresh" tabs. -2. In close to 5 to 10 minutes, instances will be refreshed -3. Verify EC2 Instances, old will be terminated and new will be created -``` -## Step-12: Test Autoscaling using Postman -- [Download Postman client and Install](https://www.postman.com/downloads/) -- Create New Collection: terraform-on-aws -- Create new Request: asg -- URL: https://asg-lc1.devopsincloud.com/app1/metadata.html -- Click on **RUN**, with 5000 requests -- Monitor ASG -> Activity Tab -- Monitor EC2 -> Instances - To see if new EC2 Instances getting created (Autoscaling working as expected) -- It might take 5 to 10 minutes to autoscale with new EC2 Instances - -## Step-13: Clean-Up -```t -# Terraform Destroy -terraform destroy -auto-approve - -# Clean-Up Files -rm -rf .terraform* -rm -rf terraform.tfstate* -``` - -## Additional Knowledge -### Terraform-Import-1: Get Resource LABEL for TTS Policy ALBRequestCount policy -- If I am not able to understand how to findout the entire resource argument from documentation, I follow this `terraform import` approach -```t -$ terraform import aws_autoscaling_policy.test-policy asg-name/policy-name - -terraform import aws_autoscaling_policy.dkalyan-test-policy myapp1-asg-20210329045302504300000007/TP1 -``` - -## References -- [Data Source: aws_subnet_ids](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet_ids) -- [Resource: aws_autoscaling_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_policy) -- [Resource: aws_autoscaling_notification](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_notification) -- [Resource: aws_autoscaling_schedule](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_schedule) -- [Pre-defined Metrics - Autoscaling](https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_PredefinedMetricSpecification.html) diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/app1-install.sh b/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/app1-install.sh deleted file mode 100644 index f697dd1d..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/app1-install.sh +++ /dev/null @@ -1,12 +0,0 @@ -#! /bin/bash -# Instance Identity Metadata Reference - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html -sudo yum update -y -sudo yum install -y httpd -sudo systemctl enable httpd -sudo service httpd start -sudo echo 'Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app1/index.html -sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app1/metadata.html - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c1-versions.tf b/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c1-versions.tf deleted file mode 100644 index 2f3912f8..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c1-versions.tf +++ /dev/null @@ -1,33 +0,0 @@ -# Terraform Block -terraform { - required_version = ">= 1.0" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 3.0" - } - null = { - source = "hashicorp/null" - version = "~> 3.0.0" - } - random = { - source = "hashicorp/random" - version = "~> 3.0" - } - } -} - -# Provider Block -provider "aws" { - region = var.aws_region - profile = "default" -} -/* -Note-1: AWS Credentials Profile (profile = "default") configured on your local desktop terminal -$HOME/.aws/credentials -*/ - -# Create Random Pet Resource -resource "random_pet" "this" { - length = 2 -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf deleted file mode 100644 index 0aeebd65..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf +++ /dev/null @@ -1,3 +0,0 @@ -# Terraform AWS Application Load Balancer Variables -# Place holder file for AWS ALB Variables - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c10-02-ALB-application-loadbalancer.tf b/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c10-02-ALB-application-loadbalancer.tf deleted file mode 100644 index fa707c3f..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c10-02-ALB-application-loadbalancer.tf +++ /dev/null @@ -1,106 +0,0 @@ -# Terraform AWS Application Load Balancer (ALB) -module "alb" { - source = "terraform-aws-modules/alb/aws" - #version = "5.16.0" - version = "6.0.0" - - name = "${local.name}-alb" - load_balancer_type = "application" - vpc_id = module.vpc.vpc_id - /*Option-1: Give as list with specific subnets or in next line, pass all public subnets - subnets = [ - module.vpc.public_subnets[0], - module.vpc.public_subnets[1] - ]*/ - subnets = module.vpc.public_subnets - #security_groups = [module.loadbalancer_sg.this_security_group_id] - security_groups = [module.loadbalancer_sg.security_group_id] - # Listeners - # HTTP Listener - HTTP to HTTPS Redirect - http_tcp_listeners = [ - { - port = 80 - protocol = "HTTP" - action_type = "redirect" - redirect = { - port = "443" - protocol = "HTTPS" - status_code = "HTTP_301" - } - } - ] - # Target Groups - target_groups = [ - # App1 Target Group - TG Index = 0 - { - name_prefix = "app1-" - backend_protocol = "HTTP" - backend_port = 80 - target_type = "instance" - deregistration_delay = 10 - health_check = { - enabled = true - interval = 30 - path = "/app1/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - protocol = "HTTP" - matcher = "200-399" - } - protocol_version = "HTTP1" - /* # App1 Target Group - Targets - targets = { - my_app1_vm1 = { - target_id = module.ec2_private_app1.id[0] - port = 80 - }, - my_app1_vm2 = { - target_id = module.ec2_private_app1.id[1] - port = 80 - } - } - tags =local.common_tags # Target Group Tags*/ - }, - ] - - # HTTPS Listener - https_listeners = [ - # HTTPS Listener Index = 0 for HTTPS 443 - { - port = 443 - protocol = "HTTPS" - #certificate_arn = module.acm.this_acm_certificate_arn - certificate_arn = module.acm.acm_certificate_arn - action_type = "fixed-response" - fixed_response = { - content_type = "text/plain" - message_body = "Fixed Static message - for Root Context" - status_code = "200" - } - }, - ] - - # HTTPS Listener Rules - https_listener_rules = [ - # Rule-1: /app1* should go to App1 EC2 Instances - { - https_listener_index = 0 - priority = 1 - actions = [ - { - type = "forward" - target_group_index = 0 - } - ] - conditions = [{ - path_patterns = ["/*"] - }] - }, - ] - tags = local.common_tags # ALB Tags -} - - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf deleted file mode 100644 index 53b13a4e..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf +++ /dev/null @@ -1,65 +0,0 @@ -# Terraform AWS Application Load Balancer (ALB) Outputs -output "lb_id" { - description = "The ID and ARN of the load balancer we created." - value = module.alb.lb_id -} - -output "lb_arn" { - description = "The ID and ARN of the load balancer we created." - value = module.alb.lb_arn -} - -output "lb_dns_name" { - description = "The DNS name of the load balancer." - value = module.alb.lb_dns_name -} - -output "lb_arn_suffix" { - description = "ARN suffix of our load balancer - can be used with CloudWatch." - value = module.alb.lb_arn_suffix -} - -output "lb_zone_id" { - description = "The zone_id of the load balancer to assist with creating DNS records." - value = module.alb.lb_zone_id -} - -output "http_tcp_listener_arns" { - description = "The ARN of the TCP and HTTP load balancer listeners created." - value = module.alb.http_tcp_listener_arns -} - -output "http_tcp_listener_ids" { - description = "The IDs of the TCP and HTTP load balancer listeners created." - value = module.alb.http_tcp_listener_ids -} - -output "https_listener_arns" { - description = "The ARNs of the HTTPS load balancer listeners created." - value = module.alb.https_listener_arns -} - -output "https_listener_ids" { - description = "The IDs of the load balancer listeners created." - value = module.alb.https_listener_ids -} - -output "target_group_arns" { - description = "ARNs of the target groups. Useful for passing to your Auto Scaling group." - value = module.alb.target_group_arns -} - -output "target_group_arn_suffixes" { - description = "ARN suffixes of our target groups - can be used with CloudWatch." - value = module.alb.target_group_arn_suffixes -} - -output "target_group_names" { - description = "Name of the target group. Useful for passing to your CodeDeploy Deployment Group." - value = module.alb.target_group_names -} - -output "target_group_attachments" { - description = "ARNs of the target group attachment IDs." - value = module.alb.target_group_attachments -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c11-acm-certificatemanager.tf b/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c11-acm-certificatemanager.tf deleted file mode 100644 index 1ec4f8fe..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c11-acm-certificatemanager.tf +++ /dev/null @@ -1,22 +0,0 @@ -# ACM Module - To create and Verify SSL Certificates -module "acm" { - source = "terraform-aws-modules/acm/aws" - #version = "2.14.0" - version = "3.0.0" - - domain_name = trimsuffix(data.aws_route53_zone.mydomain.name, ".") - zone_id = data.aws_route53_zone.mydomain.zone_id - - subject_alternative_names = [ - "*.devopsincloud.com" - ] - tags = local.common_tags -} - -# Output ACM Certificate ARN -output "this_acm_certificate_arn" { - description = "The ARN of the certificate" - #value = module.acm.this_acm_certificate_arn - value = module.acm.acm_certificate_arn -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c12-route53-dnsregistration.tf b/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c12-route53-dnsregistration.tf deleted file mode 100644 index 10110493..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c12-route53-dnsregistration.tf +++ /dev/null @@ -1,11 +0,0 @@ -# DNS Registration -resource "aws_route53_record" "apps_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = "asg-lc.devopsincloud.com" - type = "A" - alias { - name = module.alb.lb_dns_name - zone_id = module.alb.lb_zone_id - evaluate_target_health = true - } -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c13-01-autoscaling-with-launchconfiguration-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c13-01-autoscaling-with-launchconfiguration-variables.tf deleted file mode 100644 index 72ba1abd..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c13-01-autoscaling-with-launchconfiguration-variables.tf +++ /dev/null @@ -1,2 +0,0 @@ -# Autoscaling Input Variables -## Placeholder file \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c13-02-autoscaling-additional-resoures.tf b/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c13-02-autoscaling-additional-resoures.tf deleted file mode 100644 index 6fb2c73d..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c13-02-autoscaling-additional-resoures.tf +++ /dev/null @@ -1,16 +0,0 @@ -# AWS IAM Service Linked Role for Autoscaling Group -resource "aws_iam_service_linked_role" "autoscaling" { - aws_service_name = "autoscaling.amazonaws.com" - description = "A service linked role for autoscaling" - custom_suffix = local.name - - # Sometimes good sleep is required to have some IAM resources created before they can be used - provisioner "local-exec" { - command = "sleep 10" - } -} - -# Output AWS IAM Service Linked Role -output "service_linked_role_arn" { - value = aws_iam_service_linked_role.autoscaling.arn -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c13-03-autoscaling-with-launchconfiguration.tf b/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c13-03-autoscaling-with-launchconfiguration.tf deleted file mode 100644 index 46fa80d1..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c13-03-autoscaling-with-launchconfiguration.tf +++ /dev/null @@ -1,95 +0,0 @@ -# Autoscaling with Launch Configuration - Both created at a time -module "autoscaling" { - source = "terraform-aws-modules/autoscaling/aws" - version = "4.1.0" - - # Autoscaling group - name = "${local.name}-myasg1" - use_name_prefix = false - - min_size = 2 - max_size = 10 - desired_capacity = 2 - #desired_capacity = 3 # Changed for testing Instance Refresh as part of Step-10 - wait_for_capacity_timeout = 0 - health_check_type = "EC2" - vpc_zone_identifier = module.vpc.private_subnets - service_linked_role_arn = aws_iam_service_linked_role.autoscaling.arn - # Associate ALB with ASG - target_group_arns = module.alb.target_group_arns - - # ASG Lifecycle Hooks - initial_lifecycle_hooks = [ - { - name = "ExampleStartupLifeCycleHook" - default_result = "CONTINUE" - heartbeat_timeout = 60 - lifecycle_transition = "autoscaling:EC2_INSTANCE_LAUNCHING" - # This could be a rendered data resource - notification_metadata = jsonencode({ "hello" = "world" }) - }, - { - name = "ExampleTerminationLifeCycleHook" - default_result = "CONTINUE" - heartbeat_timeout = 180 - lifecycle_transition = "autoscaling:EC2_INSTANCE_TERMINATING" - # This could be a rendered data resource - notification_metadata = jsonencode({ "goodbye" = "world" }) - } - ] - - # ASG Instance Referesh - instance_refresh = { - strategy = "Rolling" - preferences = { - min_healthy_percentage = 50 - } - triggers = ["tag", "desired_capacity"] # Desired Capacity here added for demostrating the Instance Refresh scenario - } - - # ASG Launch configuration - lc_name = "${local.name}-mylc1" - use_lc = true - create_lc = true - - image_id = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - user_data = file("${path.module}/app1-install.sh") - ebs_optimized = true - enable_monitoring = true - - security_groups = [module.private_sg.security_group_id] - associate_public_ip_address = false - - # Add Spot Instances, which creates Spot Requests to get instances at the price listed (Optional argument) - spot_price = "0.014" - #spot_price = "0.016" # Change for Instance Refresh test - - ebs_block_device = [ - { - device_name = "/dev/xvdz" - delete_on_termination = true - encrypted = true - volume_type = "gp2" - volume_size = "20" - }, - ] - - root_block_device = [ - { - delete_on_termination = true - encrypted = true - volume_size = "15" - volume_type = "gp2" - }, - ] - - metadata_options = { - http_endpoint = "enabled" - http_tokens = "optional" # At production grade you can change to "required", for our example if is optional we can get the content in metadata.html - http_put_response_hop_limit = 32 - } - - tags = local.asg_tags -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c13-04-autoscaling-with-launchconfiguration-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c13-04-autoscaling-with-launchconfiguration-outputs.tf deleted file mode 100644 index 211db790..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c13-04-autoscaling-with-launchconfiguration-outputs.tf +++ /dev/null @@ -1,81 +0,0 @@ -# Launch configuration Outputs -output "launch_configuration_id" { - description = "The ID of the launch configuration" - value = module.autoscaling.launch_configuration_id -} - -output "launch_configuration_arn" { - description = "The ARN of the launch configuration" - value = module.autoscaling.launch_configuration_arn -} - -output "launch_configuration_name" { - description = "The name of the launch configuration" - value = module.autoscaling.launch_configuration_name -} - -# Autoscaling Outpus -output "autoscaling_group_id" { - description = "The autoscaling group id" - value = module.autoscaling.autoscaling_group_id -} - -output "autoscaling_group_name" { - description = "The autoscaling group name" - value = module.autoscaling.autoscaling_group_name -} - -output "autoscaling_group_arn" { - description = "The ARN for this AutoScaling Group" - value = module.autoscaling.autoscaling_group_arn -} - -output "autoscaling_group_min_size" { - description = "The minimum size of the autoscale group" - value = module.autoscaling.autoscaling_group_min_size -} - -output "autoscaling_group_max_size" { - description = "The maximum size of the autoscale group" - value = module.autoscaling.autoscaling_group_max_size -} - -output "autoscaling_group_desired_capacity" { - description = "The number of Amazon EC2 instances that should be running in the group" - value = module.autoscaling.autoscaling_group_desired_capacity -} - -output "autoscaling_group_default_cooldown" { - description = "Time between a scaling activity and the succeeding scaling activity" - value = module.autoscaling.autoscaling_group_default_cooldown -} - -output "autoscaling_group_health_check_grace_period" { - description = "Time after instance comes into service before checking health" - value = module.autoscaling.autoscaling_group_health_check_grace_period -} - -output "autoscaling_group_health_check_type" { - description = "EC2 or ELB. Controls how health checking is done" - value = module.autoscaling.autoscaling_group_health_check_type -} - -output "autoscaling_group_availability_zones" { - description = "The availability zones of the autoscale group" - value = module.autoscaling.autoscaling_group_availability_zones -} - -output "autoscaling_group_vpc_zone_identifier" { - description = "The VPC zone identifier" - value = module.autoscaling.autoscaling_group_vpc_zone_identifier -} - -output "autoscaling_group_load_balancers" { - description = "The load balancer names associated with the autoscaling group" - value = module.autoscaling.autoscaling_group_load_balancers -} - -output "autoscaling_group_target_group_arns" { - description = "List of Target Group ARNs that apply to this AutoScaling Group" - value = module.autoscaling.autoscaling_group_target_group_arns -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c13-05-autoscaling-notifications.tf b/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c13-05-autoscaling-notifications.tf deleted file mode 100644 index 0d599a6e..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c13-05-autoscaling-notifications.tf +++ /dev/null @@ -1,27 +0,0 @@ -# Autoscaling Notifications -## AWS Bug for SNS Topic: https://stackoverflow.com/questions/62694223/cloudwatch-alarm-pending-confirmation -## Due to that create SNS Topic with unique name - -## SNS - Topic -resource "aws_sns_topic" "myasg_sns_topic" { - name = "myasg-sns-topic-${random_pet.this.id}" -} - -## SNS - Subscription -resource "aws_sns_topic_subscription" "myasg_sns_topic_subscription" { - topic_arn = aws_sns_topic.myasg_sns_topic.arn - protocol = "email" - endpoint = "stacksimplify@gmail.com" -} - -## Create Autoscaling Notification Resource -resource "aws_autoscaling_notification" "myasg_notifications" { - group_names = [module.autoscaling.autoscaling_group_id] - notifications = [ - "autoscaling:EC2_INSTANCE_LAUNCH", - "autoscaling:EC2_INSTANCE_TERMINATE", - "autoscaling:EC2_INSTANCE_LAUNCH_ERROR", - "autoscaling:EC2_INSTANCE_TERMINATE_ERROR", - ] - topic_arn = aws_sns_topic.myasg_sns_topic.arn -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c13-06-autoscaling-ttsp.tf b/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c13-06-autoscaling-ttsp.tf deleted file mode 100644 index 0e81c2bf..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c13-06-autoscaling-ttsp.tf +++ /dev/null @@ -1,33 +0,0 @@ -###### Target Tracking Scaling Policies ###### -# TTS - Scaling Policy-1: Based on CPU Utilization of EC2 Instances -# Define Autoscaling Policies and Associate them to Autoscaling Group -resource "aws_autoscaling_policy" "avg_cpu_policy_greater_than_xx" { - name = "avg-cpu-policy-greater-than-xx" - policy_type = "TargetTrackingScaling" # Important Note: The policy type, either "SimpleScaling", "StepScaling" or "TargetTrackingScaling". If this value isn't provided, AWS will default to "SimpleScaling." - autoscaling_group_name = module.autoscaling.autoscaling_group_id - estimated_instance_warmup = 180 # defaults to ASG default cooldown 300 seconds if not set - # CPU Utilization is above 50 - target_tracking_configuration { - predefined_metric_specification { - predefined_metric_type = "ASGAverageCPUUtilization" - } - target_value = 50.0 - } - -} - -# TTS - Scaling Policy-2: Based on ALB Target Requests -resource "aws_autoscaling_policy" "alb_target_requests_greater_than_yy" { - name = "alb-target-requests-greater-than-yy" - policy_type = "TargetTrackingScaling" # Important Note: The policy type, either "SimpleScaling", "StepScaling" or "TargetTrackingScaling". If this value isn't provided, AWS will default to "SimpleScaling." - autoscaling_group_name = module.autoscaling.autoscaling_group_id - estimated_instance_warmup = 120 # defaults to ASG default cooldown 300 seconds if not set - # Number of requests > 10 completed per target in an Application Load Balancer target group. - target_tracking_configuration { - predefined_metric_specification { - predefined_metric_type = "ALBRequestCountPerTarget" - resource_label = "${module.alb.lb_arn_suffix}/${module.alb.target_group_arn_suffixes[0]}" - } - target_value = 10.0 - } -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c13-07-autoscaling-scheduled-actions.tf b/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c13-07-autoscaling-scheduled-actions.tf deleted file mode 100644 index 76e5a814..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c13-07-autoscaling-scheduled-actions.tf +++ /dev/null @@ -1,22 +0,0 @@ -## Create Scheduled Actions -### Create Scheduled Action-1: Increase capacity during business hours -resource "aws_autoscaling_schedule" "increase_capacity_9am" { - scheduled_action_name = "increase-capacity-9am" - min_size = 2 - max_size = 10 - desired_capacity = 8 - start_time = "2030-12-11T09:00:00Z" - recurrence = "00 09 * * *" - autoscaling_group_name = module.autoscaling.autoscaling_group_id -} - -### Create Scheduled Action-2: Decrease capacity during non-business hours -resource "aws_autoscaling_schedule" "decrease_capacity_9pm" { - scheduled_action_name = "decrease-capacity-9pm" - min_size = 2 - max_size = 10 - desired_capacity = 2 - start_time = "2030-12-11T21:00:00Z" - recurrence = "00 21 * * *" - autoscaling_group_name = module.autoscaling.autoscaling_group_id -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c2-generic-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c2-generic-variables.tf deleted file mode 100644 index c238ceaa..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c2-generic-variables.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Input Variables -# AWS Region -variable "aws_region" { - description = "Region in which AWS Resources to be created" - type = string - default = "us-east-1" -} -# Environment Variable -variable "environment" { - description = "Environment Variable used as a prefix" - type = string - default = "dev" -} -# Business Division -variable "business_divsion" { - description = "Business Division in the large organization this Infrastructure belongs" - type = string - default = "sap" -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c3-local-values.tf b/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c3-local-values.tf deleted file mode 100644 index ba7f09c2..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c3-local-values.tf +++ /dev/null @@ -1,25 +0,0 @@ -# Define Local Values in Terraform -locals { - owners = var.business_divsion - environment = var.environment - name = "${var.business_divsion}-${var.environment}" - #name = "${local.owners}-${local.environment}" - common_tags = { - owners = local.owners - environment = local.environment - } - - asg_tags = [ - { - key = "Project" - value = "megasecret" - propagate_at_launch = true - }, - { - key = "foo" - value = "" - propagate_at_launch = true - }, - ] - -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c4-01-vpc-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c4-01-vpc-variables.tf deleted file mode 100644 index b68d0a48..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c4-01-vpc-variables.tf +++ /dev/null @@ -1,77 +0,0 @@ -# VPC Input Variables - -# VPC Name -variable "vpc_name" { - description = "VPC Name" - type = string - default = "myvpc" -} - -# VPC CIDR Block -variable "vpc_cidr_block" { - description = "VPC CIDR Block" - type = string - default = "10.0.0.0/16" -} - -# VPC Availability Zones -variable "vpc_availability_zones" { - description = "VPC Availability Zones" - type = list(string) - default = ["us-east-1a", "us-east-1b"] -} - -# VPC Public Subnets -variable "vpc_public_subnets" { - description = "VPC Public Subnets" - type = list(string) - default = ["10.0.101.0/24", "10.0.102.0/24"] -} - -# VPC Private Subnets -variable "vpc_private_subnets" { - description = "VPC Private Subnets" - type = list(string) - default = ["10.0.1.0/24", "10.0.2.0/24"] -} - -# VPC Database Subnets -variable "vpc_database_subnets" { - description = "VPC Database Subnets" - type = list(string) - default = ["10.0.151.0/24", "10.0.152.0/24"] -} - -# VPC Create Database Subnet Group (True / False) -variable "vpc_create_database_subnet_group" { - description = "VPC Create Database Subnet Group" - type = bool - default = true -} - -# VPC Create Database Subnet Route Table (True or False) -variable "vpc_create_database_subnet_route_table" { - description = "VPC Create Database Subnet Route Table" - type = bool - default = true -} - - -# VPC Enable NAT Gateway (True or False) -variable "vpc_enable_nat_gateway" { - description = "Enable NAT Gateways for Private Subnets Outbound Communication" - type = bool - default = true -} - -# VPC Single NAT Gateway (True or False) -variable "vpc_single_nat_gateway" { - description = "Enable only single NAT Gateway in one Availability Zone to save costs during our demos" - type = bool - default = true -} - - - - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c4-02-vpc-module.tf b/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c4-02-vpc-module.tf deleted file mode 100644 index 69535c5f..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c4-02-vpc-module.tf +++ /dev/null @@ -1,43 +0,0 @@ -# Create VPC Terraform Module -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - #version = "2.78.0" - version = "3.0.0" - - # VPC Basic Details - name = "${local.name}-${var.vpc_name}" - cidr = var.vpc_cidr_block - azs = var.vpc_availability_zones - public_subnets = var.vpc_public_subnets - private_subnets = var.vpc_private_subnets - - # Database Subnets - database_subnets = var.vpc_database_subnets - create_database_subnet_group = var.vpc_create_database_subnet_group - create_database_subnet_route_table = var.vpc_create_database_subnet_route_table - # create_database_internet_gateway_route = true - # create_database_nat_gateway_route = true - - # NAT Gateways - Outbound Communication - enable_nat_gateway = var.vpc_enable_nat_gateway - single_nat_gateway = var.vpc_single_nat_gateway - - # VPC DNS Parameters - enable_dns_hostnames = true - enable_dns_support = true - - - tags = local.common_tags - vpc_tags = local.common_tags - - # Additional Tags to Subnets - public_subnet_tags = { - Type = "Public Subnets" - } - private_subnet_tags = { - Type = "Private Subnets" - } - database_subnet_tags = { - Type = "Private Database Subnets" - } -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c4-03-vpc-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c4-03-vpc-outputs.tf deleted file mode 100644 index c144e991..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c4-03-vpc-outputs.tf +++ /dev/null @@ -1,37 +0,0 @@ -# VPC Output Values - -# VPC ID -output "vpc_id" { - description = "The ID of the VPC" - value = module.vpc.vpc_id -} - -# VPC CIDR blocks -output "vpc_cidr_block" { - description = "The CIDR block of the VPC" - value = module.vpc.vpc_cidr_block -} - -# VPC Private Subnets -output "private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc.private_subnets -} - -# VPC Public Subnets -output "public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc.public_subnets -} - -# VPC NAT gateway Public IP -output "nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_public_ips -} - -# VPC AZs -output "azs" { - description = "A list of availability zones spefified as argument to this module" - value = module.vpc.azs -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c5-01-securitygroup-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c5-01-securitygroup-variables.tf deleted file mode 100644 index fecdef54..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c5-01-securitygroup-variables.tf +++ /dev/null @@ -1,2 +0,0 @@ -# AWS EC2 Security Group Terraform Variables -## Placeholder file for Variables diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c5-02-securitygroup-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c5-02-securitygroup-outputs.tf deleted file mode 100644 index 2bd8f58c..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c5-02-securitygroup-outputs.tf +++ /dev/null @@ -1,46 +0,0 @@ -# AWS EC2 Security Group Terraform Outputs - -# Public Bastion Host Security Group Outputs -## public_bastion_sg_group_id -output "public_bastion_sg_group_id" { - description = "The ID of the security group" - #value = module.public_bastion_sg.this_security_group_id - value = module.public_bastion_sg.security_group_id -} - -## public_bastion_sg_group_vpc_id -output "public_bastion_sg_group_vpc_id" { - description = "The VPC ID" - #value = module.public_bastion_sg.this_security_group_vpc_id - value = module.public_bastion_sg.security_group_vpc_id -} - -## public_bastion_sg_group_name -output "public_bastion_sg_group_name" { - description = "The name of the security group" - #value = module.public_bastion_sg.this_security_group_name - value = module.public_bastion_sg.security_group_name -} - -# Private EC2 Instances Security Group Outputs -## private_sg_group_id -output "private_sg_group_id" { - description = "The ID of the security group" - #value = module.private_sg.this_security_group_id - value = module.private_sg.security_group_id -} - -## private_sg_group_vpc_id -output "private_sg_group_vpc_id" { - description = "The VPC ID" - #value = module.private_sg.this_security_group_vpc_id - value = module.private_sg.security_group_vpc_id -} - -## private_sg_group_name -output "private_sg_group_name" { - description = "The name of the security group" - #value = module.private_sg.this_security_group_name - value = module.private_sg.security_group_name -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c5-03-securitygroup-bastionsg.tf b/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c5-03-securitygroup-bastionsg.tf deleted file mode 100644 index 3be1eb68..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c5-03-securitygroup-bastionsg.tf +++ /dev/null @@ -1,17 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Public Bastion Host -module "public_bastion_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - version = "4.0.0" - - name = "public-bastion-sg" - description = "Security Group with SSH port open for everybody (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c5-04-securitygroup-privatesg.tf b/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c5-04-securitygroup-privatesg.tf deleted file mode 100644 index 560a64cf..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c5-04-securitygroup-privatesg.tf +++ /dev/null @@ -1,18 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Private EC2 Instances -module "private_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - version = "4.0.0" - - name = "private-sg" - description = "Security Group with HTTP & SSH port open for entire VPC Block (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp", "http-80-tcp", "http-8080-tcp"] - ingress_cidr_blocks = [module.vpc.vpc_cidr_block] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf b/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf deleted file mode 100644 index e1cdf082..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf +++ /dev/null @@ -1,29 +0,0 @@ -# Security Group for Public Load Balancer -module "loadbalancer_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - version = "4.0.0" - - name = "loadbalancer-sg" - description = "Security Group with HTTP open for entire Internet (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["http-80-tcp", "https-443-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags - - # Open to CIDRs blocks (rule or from_port+to_port+protocol+description) - ingress_with_cidr_blocks = [ - { - from_port = 81 - to_port = 81 - protocol = 6 - description = "Allow Port 81 from internet" - cidr_blocks = "0.0.0.0/0" - }, - ] -} - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c6-01-datasource-ami.tf b/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c6-01-datasource-ami.tf deleted file mode 100644 index c292b608..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c6-01-datasource-ami.tf +++ /dev/null @@ -1,21 +0,0 @@ -# Get latest AMI ID for Amazon Linux2 OS -data "aws_ami" "amzlinux2" { - most_recent = true - owners = [ "amazon" ] - filter { - name = "name" - values = [ "amzn2-ami-hvm-*-gp2" ] - } - filter { - name = "root-device-type" - values = [ "ebs" ] - } - filter { - name = "virtualization-type" - values = [ "hvm" ] - } - filter { - name = "architecture" - values = [ "x86_64" ] - } -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c6-02-datasource-route53-zone.tf b/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c6-02-datasource-route53-zone.tf deleted file mode 100644 index a30979d5..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c6-02-datasource-route53-zone.tf +++ /dev/null @@ -1,16 +0,0 @@ -# Get DNS information from AWS Route53 -data "aws_route53_zone" "mydomain" { - name = "devopsincloud.com" -} - -# Output MyDomain Zone ID -output "mydomain_zoneid" { - description = "The Hosted Zone id of the desired Hosted Zone" - value = data.aws_route53_zone.mydomain.zone_id -} - -# Output MyDomain name -output "mydomain_name" { - description = " The Hosted Zone name of the desired Hosted Zone." - value = data.aws_route53_zone.mydomain.name -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c7-01-ec2instance-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c7-01-ec2instance-variables.tf deleted file mode 100644 index 5067bec2..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c7-01-ec2instance-variables.tf +++ /dev/null @@ -1,23 +0,0 @@ -# AWS EC2 Instance Terraform Variables -# EC2 Instance Variables - -# AWS EC2 Instance Type -variable "instance_type" { - description = "EC2 Instance Type" - type = string - default = "t3.micro" -} - -# AWS EC2 Instance Key Pair -variable "instance_keypair" { - description = "AWS EC2 Key pair that need to be associated with EC2 Instance" - type = string - default = "terraform-key" -} - -# AWS EC2 Private Instance Count -variable "private_instance_count" { - description = "AWS EC2 Private Instances Count" - type = number - default = 1 -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c7-02-ec2instance-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c7-02-ec2instance-outputs.tf deleted file mode 100644 index 14415a3f..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c7-02-ec2instance-outputs.tf +++ /dev/null @@ -1,15 +0,0 @@ -# AWS EC2 Instance Terraform Outputs -# Public EC2 Instances - Bastion Host - -## ec2_bastion_public_instance_ids -output "ec2_bastion_public_instance_ids" { - description = "List of IDs of instances" - value = module.ec2_public.id -} - -## ec2_bastion_public_ip -output "ec2_bastion_public_ip" { - description = "List of public IP addresses assigned to the instances" - value = module.ec2_public.public_ip -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c7-03-ec2instance-bastion.tf b/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c7-03-ec2instance-bastion.tf deleted file mode 100644 index b13a1b56..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c7-03-ec2instance-bastion.tf +++ /dev/null @@ -1,18 +0,0 @@ -# AWS EC2 Instance Terraform Module -# Bastion Host - EC2 Instance that will be created in VPC Public Subnet -module "ec2_public" { - source = "terraform-aws-modules/ec2-instance/aws" - version = "2.17.0" - # insert the 10 required variables here - name = "${var.environment}-BastionHost" - #instance_count = 5 - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - subnet_id = module.vpc.public_subnets[0] - #vpc_security_group_ids = [module.public_bastion_sg.this_security_group_id] - vpc_security_group_ids = [module.public_bastion_sg.security_group_id] - tags = local.common_tags -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c8-elasticip.tf b/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c8-elasticip.tf deleted file mode 100644 index 07fe130b..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c8-elasticip.tf +++ /dev/null @@ -1,16 +0,0 @@ -# Create Elastic IP for Bastion Host -# Resource - depends_on Meta-Argument -resource "aws_eip" "bastion_eip" { - depends_on = [ module.ec2_public, module.vpc ] - instance = module.ec2_public.id[0] - vpc = true - tags = local.common_tags - -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) - provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c9-nullresource-provisioners.tf b/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c9-nullresource-provisioners.tf deleted file mode 100644 index a4b0bcdf..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/c9-nullresource-provisioners.tf +++ /dev/null @@ -1,42 +0,0 @@ -# Create a Null Resource and Provisioners -resource "null_resource" "name" { - depends_on = [module.ec2_public] - # Connection Block for Provisioners to connect to EC2 Instance - connection { - type = "ssh" - host = aws_eip.bastion_eip.public_ip - user = "ec2-user" - password = "" - private_key = file("private-key/terraform-key.pem") - } - -## File Provisioner: Copies the terraform-key.pem file to /tmp/terraform-key.pem - provisioner "file" { - source = "private-key/terraform-key.pem" - destination = "/tmp/terraform-key.pem" - } -## Remote Exec Provisioner: Using remote-exec provisioner fix the private key permissions on Bastion Host - provisioner "remote-exec" { - inline = [ - "sudo chmod 400 /tmp/terraform-key.pem" - ] - } -## Local Exec Provisioner: local-exec provisioner (Creation-Time Provisioner - Triggered during Create Resource) - provisioner "local-exec" { - command = "echo VPC created on `date` and VPC ID: ${module.vpc.vpc_id} >> creation-time-vpc-id.txt" - working_dir = "local-exec-output-files/" - #on_failure = continue - } -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) -/* provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } - */ - -} - -# Creation Time Provisioners - By default they are created during resource creations (terraform apply) -# Destory Time Provisioners - Will be executed during "terraform destroy" command (when = destroy) \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/ec2instance.auto.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/ec2instance.auto.tfvars deleted file mode 100644 index 2d1c0446..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/ec2instance.auto.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -# EC2 Instance Variables -instance_type = "t3.micro" -instance_keypair = "terraform-key" -private_instance_count = 2 diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt b/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt deleted file mode 100644 index 92029d78..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt +++ /dev/null @@ -1,12 +0,0 @@ -VPC created on Tue Apr 20 13:59:45 IST 2021 and VPC ID: vpc-0325dc1acd7eec103 -VPC created on Fri Apr 23 14:38:18 IST 2021 and VPC ID: vpc-0159283c216ac75de -VPC created on Tue Apr 27 10:44:49 IST 2021 and VPC ID: vpc-0f27dbec1d02214ac -VPC created on Tue Apr 27 11:43:16 IST 2021 and VPC ID: vpc-0919ae691ce17b447 -VPC created on Tue Apr 27 15:46:33 IST 2021 and VPC ID: vpc-0c049ce82c2fef9d3 -VPC created on Wed Apr 28 07:46:02 IST 2021 and VPC ID: vpc-0d39babb1eceb9575 -VPC created on Wed Apr 28 09:38:00 IST 2021 and VPC ID: vpc-09e48c566409ec82d -VPC created on Wed Apr 28 10:24:07 IST 2021 and VPC ID: vpc-09022e15de01c4a50 -VPC created on Wed Apr 28 10:50:57 IST 2021 and VPC ID: vpc-092812c768984d8be -VPC created on Wed Apr 28 11:34:10 IST 2021 and VPC ID: vpc-01adbaf8ac37d8544 -VPC created on Thu Apr 29 07:49:39 IST 2021 and VPC ID: vpc-076756b5a8528bb7c -VPC created on Tue May 4 10:48:59 IST 2021 and VPC ID: vpc-00108076e81b11c59 diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/local-exec-output-files/destroy-time-prov.txt b/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/local-exec-output-files/destroy-time-prov.txt deleted file mode 100644 index af8c4bff..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/local-exec-output-files/destroy-time-prov.txt +++ /dev/null @@ -1,12 +0,0 @@ -Destroy time prov Tue Apr 20 14:11:11 IST 2021 -Destroy time prov Fri Apr 23 16:06:53 IST 2021 -Destroy time prov Tue Apr 27 11:10:39 IST 2021 -Destroy time prov Tue Apr 27 13:09:09 IST 2021 -Destroy time prov Tue Apr 27 16:20:51 IST 2021 -Destroy time prov Wed Apr 28 08:12:01 IST 2021 -Destroy time prov Wed Apr 28 10:12:10 IST 2021 -Destroy time prov Wed Apr 28 10:39:23 IST 2021 -Destroy time prov Wed Apr 28 11:24:38 IST 2021 -Destroy time prov Wed Apr 28 13:05:25 IST 2021 -Destroy time prov Thu Apr 29 11:15:01 IST 2021 -Destroy time prov Tue May 4 12:08:25 IST 2021 diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/private-key/terraform-key.pem b/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/private-key/terraform-key.pem deleted file mode 100644 index fab1eb2a..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/private-key/terraform-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAnzQtbXStFNU4znotckbPpAbQvymSYBvIRhObDObmhZLzs/Qm -lm57HBU18NcdAeEmKjHyu/2CI4Wwor3TJ+LTKHIldHmCt+26dSN5889Km99Af674 -nuPg9fTt8IXhY83aO0AeEnFivC+lk9+6Xezv7J7Llsmyx3kvUGE4uUEPNPuNcjdU -OrSlQ/Th9FPWBsTL8wLQCfQaPIQhZT8fXnvNGViTpZ/YqcoKGmkXcMl/+Pi0Xccs -ID3Egl18sV5uWr6T1DSMqhhwWYbl+IagZYUeKQ6Lg5znAtnX2/OHhDep6pGcf+aE -jbRkhQWgfLIVYhNXkAGxdxBEA2fQO0wvnaKI6wIDAQABAoIBABmUZqApmQ253LDA -TMEJw58VQUEVyuEKVbl8uPLvvqZDoEiPuAt/oOQ4PDyAM7bzmBA7ikbOSrSubF0Z -pu3HsinTfVUjmO84kTb1Bkk4S0KUMmbRlDzjXGfofLqiqD5C+wd+G9bWxQh7l10V -G3qv8TTRpuCJc+I9BG8jz9tkKq9WYtnGKXktVIAmEXK+ein8A5yj+szV1CyP0y6Y -6D1KApk+o1hLEXCBxaK6JgD4elJWgU0jCIhRFZzae93yozNIfJc2WZfPc8Ro6GBa -8H57q3E241P7S65VewhZlln9AUcRFYc587ohcCIW8mOWQ8NA3IMP+oVxa2p334Ll -duhR2jECgYEAyf7a1/+/c82B+ENyo53Y5CK2UM28oOJjiyCaWG2Dxj6V2+ZSXPrS -YTo43L9XiqT0Ry2eHjb4pJDsEeW5FnaDFO6NVUP+vfzaqWtozQmVAl3GQybbSh6g -+KJoEQff2Obadp9ZVhLFTiBedvGqPD43hs7jtmk5RfMjpLOvidfe+/UCgYEAycSJ -etYYHMMQm2NgX1/4dcbgOiu33N+x1H7LaXuvJMaZw0wB7fUyu65CAexEanDtiKs3 -jVG4tAzdMmHg7VxKR7eiCvQaSlxdWdcWtL2eFVq2TaQeowbpJUtsR0h6W0vpaN9A -VYW/oAH4fzQskwmWSlBMxB/Ie14hBCBckTXSRV8CgYEAql6WXpCK/jVbZfYdfvrn -sKPGeijM7DWGGBaLmAHmnxKyeyKsXVgAkZj11NpeD8ZJcq97Kajb1pGVSxMjJVsX -/FOoST5sYfoew76gSi/GypQlYQYo9z8WLh9s/tBRcTRlFqAYTYzPdbG/ezshhmZD -lyRw0620bNdCPOyBJhY5MPECgYA/3tFOazuSz0UQi3LUfkLetagBghlf+AgJJmIp -8BdPYvcF1ae+tiHrO4x1o188+qaW3uxk9fusM25KJqXXPaHd9gl7wi4YYAjFCcuM -R4IlbGPNTCjOnr9rKOcL4aup/uvSYOmyqPYyJq2NRuzdVumWeLj0VMNYGkIFVmE3 -LnxzrQKBgG5loEjdSKt40YOMXtYvUYUKDGvWgoQEb0hj3OqiBXz+w4YD3/iX7dbQ -qra1gCxE42Z9beiBiti6zi6zGcoVj/pfNUoyxTLMSwaytbF+g1u6ksXcmC9PXcmk -kJDR0DJcm/rcL8tp3PKo22GDB7sobm9gk5je6y8z+dQs3SQbWzb0 ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/terraform.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/terraform.tfvars deleted file mode 100644 index 8b9f8d7c..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/terraform.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# Generic Variables -aws_region = "us-east-1" -environment = "stag" -business_divsion = "hr" - - - - - - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/vpc.auto.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/vpc.auto.tfvars deleted file mode 100644 index fc45bf29..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/14-Autoscaling-with-Launch-Configuration/terraform-manifests/vpc.auto.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# VPC Variables -vpc_name = "myvpc" -vpc_cidr_block = "10.0.0.0/16" -vpc_availability_zones = ["us-east-1a", "us-east-1b"] -vpc_public_subnets = ["10.0.101.0/24", "10.0.102.0/24"] -vpc_private_subnets = ["10.0.1.0/24", "10.0.2.0/24"] -vpc_database_subnets= ["10.0.151.0/24", "10.0.152.0/24"] -vpc_create_database_subnet_group = true -vpc_create_database_subnet_route_table = true -vpc_enable_nat_gateway = true -vpc_single_nat_gateway = true \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/README.md b/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/README.md deleted file mode 100644 index 54debbe7..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/README.md +++ /dev/null @@ -1,329 +0,0 @@ ---- -title: AWS Autoscaling with Launch Templates -description: Create AWS Autoscaling with Launch Templates using Terraform ---- -# AWS Autoscaling with Launch Templates using Terraform -## Step-00: Introduction -- Create Launch Templates using Terraform Resources -- Create Autoscaling Group using Terraform Resources -- Create Autoscaling following features using Terraform Resources - - Autoscaling Notifications - - Autoscaling Scheduled Actions - - Autoscaling Target Tracking Scaling Policies (TTSP) -[](https://stacksimplify.com/course-images/terraform-aws-autoscaling-launch-template-1.png) - -[](https://stacksimplify.com/course-images/terraform-aws-autoscaling-launch-template-2.png) - -[](https://stacksimplify.com/course-images/terraform-aws-autoscaling-launch-template-3.png) - -## Step-01: Create Launch Templates Manually to Understand more -- Create Launch templates manually -- **Scenario-1:** Create base Launch Template (standardized template) -- **Scenario-2:** Create App1 Launch Template referencing the base template by adding additional features to it -- **Scenario-3:** Create new version of App1 Launch Template and also switch the default version of Launch Template -- We already know about Autoscaling Groups which we learned in launch configurations, so we can ignore that and move on to creating all these with Terraform. - -## Step-02: Review existing configuration files -- Copy `c1 to c12` from Section-14 `14-Autoscaling-with-Launch-Configuration` - -## Step-03: c12-route53-dnsregistration.tf -- Update DNS name relevant to demo -```t - name = "asg-lt1.devopsincloud.com" -``` - -## Step-04: c13-01-autoscaling-with-launchtemplate-variables.tf -- Place holder file to define variables for autoscaling - -## Step-05: c13-02-autoscaling-launchtemplate-resource.tf -- Define [Launch Template Resource](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_template) -```t -# Launch Template Resource -resource "aws_launch_template" "my_launch_template" { - name = "my-launch-template" - description = "My Launch Template" - image_id = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - - vpc_security_group_ids = [module.private_sg.security_group_id] - key_name = var.instance_keypair - user_data = filebase64("${path.module}/app1-install.sh") - ebs_optimized = true - #default_version = 1 - update_default_version = true - block_device_mappings { - device_name = "/dev/sda1" - ebs { - volume_size = 10 - #volume_size = 20 # LT Update Testing - Version 2 of LT - delete_on_termination = true - volume_type = "gp2" # default is gp2 - } - } - monitoring { - enabled = true - } - - tag_specifications { - resource_type = "instance" - tags = { - Name = "myasg" - } - } -} -``` - -## Step-06: c13-03-autoscaling-resource.tf -- Define [Autoscaling Group Terraform Resource](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_group) -```t -# Autoscaling Group Resource -resource "aws_autoscaling_group" "my_asg" { - name_prefix = "myasg-" - desired_capacity = 2 - max_size = 10 - min_size = 2 - vpc_zone_identifier = module.vpc.private_subnets - /*[ - module.vpc.private_subnet[0], - module.vpc.private_subnet[1] - ]*/ - target_group_arns = module.alb.target_group_arns - health_check_type = "EC2" - #health_check_grace_period = 300 # default is 300 seconds - # Launch Template - launch_template { - id = aws_launch_template.my_launch_template.id - version = aws_launch_template.my_launch_template.latest_version - } - # Instance Refresh - instance_refresh { - strategy = "Rolling" - preferences { - #instance_warmup = 300 # Default behavior is to use the Auto Scaling Group's health check grace period. - min_healthy_percentage = 50 - } - triggers = [ /*"launch_template",*/ "desired_capacity" ] # You can add any argument from ASG here, if those has changes, ASG Instance Refresh will trigger - } - tag { - key = "Owners" - value = "Web-Team" - propagate_at_launch = true - } -} -``` - -## Step-07: c13-04-autoscaling-with-launchtemplate-outputs.tf -- Define Launch Template and Autoscaling basic outputs -```t -# Launch Template Outputs -output "launch_template_id" { - description = "Launch Template ID" - value = aws_launch_template.my_launch_template.id -} - -output "launch_template_latest_version" { - description = "Launch Template Latest Version" - value = aws_launch_template.my_launch_template.latest_version -} - -# Autoscaling Outputs -output "autoscaling_group_id" { - description = "Autoscaling Group ID" - value = aws_autoscaling_group.my_asg.id -} - -output "autoscaling_group_name" { - description = "Autoscaling Group Name" - value = aws_autoscaling_group.my_asg.name -} - -output "autoscaling_group_arn" { - description = "Autoscaling Group ARN" - value = aws_autoscaling_group.my_asg.arn -} -``` - -## Step-08: c13-05-autoscaling-notifications.tf -```t -# Autoscaling Notifications -## SNS - Topic -resource "aws_sns_topic" "myasg_sns_topic" { - name = "myasg-sns-topic" -} - -## SNS - Subscription -resource "aws_sns_topic_subscription" "myasg_sns_topic_subscription" { - topic_arn = aws_sns_topic.myasg_sns_topic.arn - protocol = "email" - endpoint = "stacksimplify@gmail.com" -} - -## Create Autoscaling Notification Resource -resource "aws_autoscaling_notification" "myasg_notifications" { - group_names = [aws_autoscaling_group.my_asg.id] - notifications = [ - "autoscaling:EC2_INSTANCE_LAUNCH", - "autoscaling:EC2_INSTANCE_TERMINATE", - "autoscaling:EC2_INSTANCE_LAUNCH_ERROR", - "autoscaling:EC2_INSTANCE_TERMINATE_ERROR", - ] - topic_arn = aws_sns_topic.myasg_sns_topic.arn -} -``` - -## Step-09: c13-06-autoscaling-ttsp.tf -```t -###### Target Tracking Scaling Policies ###### -# TTS - Scaling Policy-1: Based on CPU Utilization -# Define Autoscaling Policies and Associate them to Autoscaling Group -resource "aws_autoscaling_policy" "avg_cpu_policy_greater_than_xx" { - name = "avg-cpu-policy-greater-than-xx" - policy_type = "TargetTrackingScaling" # Important Note: The policy type, either "SimpleScaling", "StepScaling" or "TargetTrackingScaling". If this value isn't provided, AWS will default to "SimpleScaling." - autoscaling_group_name = aws_autoscaling_group.my_asg.id - estimated_instance_warmup = 180 # defaults to ASG default cooldown 300 seconds if not set - # CPU Utilization is above 50 - target_tracking_configuration { - predefined_metric_specification { - predefined_metric_type = "ASGAverageCPUUtilization" - } - target_value = 50.0 - } - -} - -# TTS - Scaling Policy-2: Based on ALB Target Requests -resource "aws_autoscaling_policy" "alb_target_requests_greater_than_yy" { - name = "alb-target-requests-greater-than-yy" - policy_type = "TargetTrackingScaling" # Important Note: The policy type, either "SimpleScaling", "StepScaling" or "TargetTrackingScaling". If this value isn't provided, AWS will default to "SimpleScaling." - autoscaling_group_name = aws_autoscaling_group.my_asg.id - estimated_instance_warmup = 120 # defaults to ASG default cooldown 300 seconds if not set - # Number of requests > 10 completed per target in an Application Load Balancer target group. - target_tracking_configuration { - predefined_metric_specification { - predefined_metric_type = "ALBRequestCountPerTarget" - resource_label = "${module.alb.lb_arn_suffix}/${module.alb.target_group_arn_suffixes[0]}" - } - target_value = 10.0 - } -} -``` - -## Step-10: c13-07-autoscaling-scheduled-actions.tf -```t -## Create Scheduled Actions -### Create Scheduled Action-1: Increase capacity during business hours -resource "aws_autoscaling_schedule" "increase_capacity_7am" { - scheduled_action_name = "increase-capacity-7am" - min_size = 2 - max_size = 10 - desired_capacity = 8 - start_time = "2030-03-30T11:00:00Z" # Time should be provided in UTC Timezone (11am UTC = 7AM EST) - recurrence = "00 09 * * *" - autoscaling_group_name = aws_autoscaling_group.my_asg.id -} -### Create Scheduled Action-2: Decrease capacity during business hours -resource "aws_autoscaling_schedule" "decrease_capacity_5pm" { - scheduled_action_name = "decrease-capacity-5pm" - min_size = 2 - max_size = 10 - desired_capacity = 2 - start_time = "2030-03-30T21:00:00Z" # Time should be provided in UTC Timezone (9PM UTC = 5PM EST) - recurrence = "00 21 * * *" - autoscaling_group_name = aws_autoscaling_group.my_asg.id -} -``` - -## Step-11: Execute Terraform Commands -```t -# Terraform Initialize -terraform init - -# Terrafom Validate -terraform validate - -# Terraform Plan -terraform plan - -# Terraform Apply -terraform apply -auto-approve -``` - -## Step-12: Verify the AWS resources created -0. Confirm SNS Subscription in your email -1. Verify EC2 Instances -2. Verify Launch Templates (High Level) -3. Verify Autoscaling Group (High Level) -4. Verify Load Balancer -5. Verify Load Balancer Target Group - Health Checks -6. Verify Autoscaling Group Features In detail -- Details Tab - - ASG Group Details - - Launch Configuration -- Activity Tab -- Automatic Scaling - - Target Tracking Scaling Policies (TTSP) - - Scheduled Actions -- Instance Management - - Instances - - Lifecycle Hooks -- Monitoring - - Autoscaling - - EC2 -- Instance Refresh Tab -7. Access and Test -```t -# Access and Test -http://asg-lt.devopsincloud.com -http://asg-lt.devopsincloud.com/app1/index.html -http://asg-lt.devopsincloud.com/app1/metadata.html -``` - -## Step-13: Update Launch Template and Verify -```t -# Before - ebs { - volume_size = 10 - #volume_size = 20 # LT Update Testing - Version 2 of LT - delete_on_termination = true - volume_type = "gp2" # default is gp2 - } - -# After - ebs { - #volume_size = 10 - volume_size = 20 # LT Update Testing - Version 2 of LT - delete_on_termination = true - volume_type = "gp2" # default is gp2 - } -``` -- Execute Terraform Commands -```t -# Terraform Plan -terraform plan - -# Terraform Apply -terraform apply -auto-approve - -# Observation -1. Consistently monitor the Autoscaling "Activity" and "Instance Refresh" tabs. -2. In close to 5 to 10 minutes, instances will be refreshed -3. Verify EC2 Instances, old will be terminated and new will be created -``` - -## Step-14: Clean-Up -```t -# Terraform Destroy -terraform destroy -auto-approve - -# Clean-Up Files -rm -rf .terraform* -rm -rf terraform.tfstate* -``` - -## Additional Troubleshooting -``` -$ terraform import aws_launch_template.web lt-12345678 - -terraform import aws_launch_template.mytemp lt-02a572ea76508f68d -``` - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/app1-install.sh b/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/app1-install.sh deleted file mode 100644 index f697dd1d..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/app1-install.sh +++ /dev/null @@ -1,12 +0,0 @@ -#! /bin/bash -# Instance Identity Metadata Reference - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html -sudo yum update -y -sudo yum install -y httpd -sudo systemctl enable httpd -sudo service httpd start -sudo echo 'Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app1/index.html -sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app1/metadata.html - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c1-versions.tf b/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c1-versions.tf deleted file mode 100644 index 190be15e..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c1-versions.tf +++ /dev/null @@ -1,33 +0,0 @@ -# Terraform Block -terraform { - required_version = ">= 1.0" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 3.0" - } - null = { - source = "hashicorp/null" - version = "~> 3.0" - } - random = { - source = "hashicorp/random" - version = "~> 3.0" - } - } -} - -# Provider Block -provider "aws" { - region = var.aws_region - profile = "default" -} -/* -Note-1: AWS Credentials Profile (profile = "default") configured on your local desktop terminal -$HOME/.aws/credentials -*/ - -# Create Random Pet Resource -resource "random_pet" "this" { - length = 2 -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf deleted file mode 100644 index 0aeebd65..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf +++ /dev/null @@ -1,3 +0,0 @@ -# Terraform AWS Application Load Balancer Variables -# Place holder file for AWS ALB Variables - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c10-02-ALB-application-loadbalancer.tf b/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c10-02-ALB-application-loadbalancer.tf deleted file mode 100644 index fa707c3f..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c10-02-ALB-application-loadbalancer.tf +++ /dev/null @@ -1,106 +0,0 @@ -# Terraform AWS Application Load Balancer (ALB) -module "alb" { - source = "terraform-aws-modules/alb/aws" - #version = "5.16.0" - version = "6.0.0" - - name = "${local.name}-alb" - load_balancer_type = "application" - vpc_id = module.vpc.vpc_id - /*Option-1: Give as list with specific subnets or in next line, pass all public subnets - subnets = [ - module.vpc.public_subnets[0], - module.vpc.public_subnets[1] - ]*/ - subnets = module.vpc.public_subnets - #security_groups = [module.loadbalancer_sg.this_security_group_id] - security_groups = [module.loadbalancer_sg.security_group_id] - # Listeners - # HTTP Listener - HTTP to HTTPS Redirect - http_tcp_listeners = [ - { - port = 80 - protocol = "HTTP" - action_type = "redirect" - redirect = { - port = "443" - protocol = "HTTPS" - status_code = "HTTP_301" - } - } - ] - # Target Groups - target_groups = [ - # App1 Target Group - TG Index = 0 - { - name_prefix = "app1-" - backend_protocol = "HTTP" - backend_port = 80 - target_type = "instance" - deregistration_delay = 10 - health_check = { - enabled = true - interval = 30 - path = "/app1/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - protocol = "HTTP" - matcher = "200-399" - } - protocol_version = "HTTP1" - /* # App1 Target Group - Targets - targets = { - my_app1_vm1 = { - target_id = module.ec2_private_app1.id[0] - port = 80 - }, - my_app1_vm2 = { - target_id = module.ec2_private_app1.id[1] - port = 80 - } - } - tags =local.common_tags # Target Group Tags*/ - }, - ] - - # HTTPS Listener - https_listeners = [ - # HTTPS Listener Index = 0 for HTTPS 443 - { - port = 443 - protocol = "HTTPS" - #certificate_arn = module.acm.this_acm_certificate_arn - certificate_arn = module.acm.acm_certificate_arn - action_type = "fixed-response" - fixed_response = { - content_type = "text/plain" - message_body = "Fixed Static message - for Root Context" - status_code = "200" - } - }, - ] - - # HTTPS Listener Rules - https_listener_rules = [ - # Rule-1: /app1* should go to App1 EC2 Instances - { - https_listener_index = 0 - priority = 1 - actions = [ - { - type = "forward" - target_group_index = 0 - } - ] - conditions = [{ - path_patterns = ["/*"] - }] - }, - ] - tags = local.common_tags # ALB Tags -} - - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf deleted file mode 100644 index 53b13a4e..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf +++ /dev/null @@ -1,65 +0,0 @@ -# Terraform AWS Application Load Balancer (ALB) Outputs -output "lb_id" { - description = "The ID and ARN of the load balancer we created." - value = module.alb.lb_id -} - -output "lb_arn" { - description = "The ID and ARN of the load balancer we created." - value = module.alb.lb_arn -} - -output "lb_dns_name" { - description = "The DNS name of the load balancer." - value = module.alb.lb_dns_name -} - -output "lb_arn_suffix" { - description = "ARN suffix of our load balancer - can be used with CloudWatch." - value = module.alb.lb_arn_suffix -} - -output "lb_zone_id" { - description = "The zone_id of the load balancer to assist with creating DNS records." - value = module.alb.lb_zone_id -} - -output "http_tcp_listener_arns" { - description = "The ARN of the TCP and HTTP load balancer listeners created." - value = module.alb.http_tcp_listener_arns -} - -output "http_tcp_listener_ids" { - description = "The IDs of the TCP and HTTP load balancer listeners created." - value = module.alb.http_tcp_listener_ids -} - -output "https_listener_arns" { - description = "The ARNs of the HTTPS load balancer listeners created." - value = module.alb.https_listener_arns -} - -output "https_listener_ids" { - description = "The IDs of the load balancer listeners created." - value = module.alb.https_listener_ids -} - -output "target_group_arns" { - description = "ARNs of the target groups. Useful for passing to your Auto Scaling group." - value = module.alb.target_group_arns -} - -output "target_group_arn_suffixes" { - description = "ARN suffixes of our target groups - can be used with CloudWatch." - value = module.alb.target_group_arn_suffixes -} - -output "target_group_names" { - description = "Name of the target group. Useful for passing to your CodeDeploy Deployment Group." - value = module.alb.target_group_names -} - -output "target_group_attachments" { - description = "ARNs of the target group attachment IDs." - value = module.alb.target_group_attachments -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c11-acm-certificatemanager.tf b/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c11-acm-certificatemanager.tf deleted file mode 100644 index 1ec4f8fe..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c11-acm-certificatemanager.tf +++ /dev/null @@ -1,22 +0,0 @@ -# ACM Module - To create and Verify SSL Certificates -module "acm" { - source = "terraform-aws-modules/acm/aws" - #version = "2.14.0" - version = "3.0.0" - - domain_name = trimsuffix(data.aws_route53_zone.mydomain.name, ".") - zone_id = data.aws_route53_zone.mydomain.zone_id - - subject_alternative_names = [ - "*.devopsincloud.com" - ] - tags = local.common_tags -} - -# Output ACM Certificate ARN -output "this_acm_certificate_arn" { - description = "The ARN of the certificate" - #value = module.acm.this_acm_certificate_arn - value = module.acm.acm_certificate_arn -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c12-route53-dnsregistration.tf b/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c12-route53-dnsregistration.tf deleted file mode 100644 index 78fada35..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c12-route53-dnsregistration.tf +++ /dev/null @@ -1,11 +0,0 @@ -# DNS Registration -resource "aws_route53_record" "apps_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = "asg-lt.devopsincloud.com" - type = "A" - alias { - name = module.alb.lb_dns_name - zone_id = module.alb.lb_zone_id - evaluate_target_health = true - } -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c13-01-autoscaling-with-launchtemplate-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c13-01-autoscaling-with-launchtemplate-variables.tf deleted file mode 100644 index 72ba1abd..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c13-01-autoscaling-with-launchtemplate-variables.tf +++ /dev/null @@ -1,2 +0,0 @@ -# Autoscaling Input Variables -## Placeholder file \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c13-02-autoscaling-launchtemplate-resource.tf b/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c13-02-autoscaling-launchtemplate-resource.tf deleted file mode 100644 index 2e0e54ab..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c13-02-autoscaling-launchtemplate-resource.tf +++ /dev/null @@ -1,34 +0,0 @@ -# Launch Template Resource -resource "aws_launch_template" "my_launch_template" { - name = "my-launch-template" - description = "My Launch template" - image_id = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - - vpc_security_group_ids = [ module.private_sg.security_group_id ] - key_name = var.instance_keypair - user_data = filebase64("${path.module}/app1-install.sh") - ebs_optimized = true - #default_version = 1 - update_default_version = true - block_device_mappings { - device_name = "/dev/sda1" - ebs { - #volume_size = 10 - volume_size = 20 # LT Update Testing - Version 2 of LT - delete_on_termination = true - volume_type = "gp2" # default is gp2 - } - } - monitoring { - enabled = true - } - tag_specifications { - resource_type = "instance" - tags = { - Name = "myasg" - } - } - -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c13-03-autoscaling-resource.tf b/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c13-03-autoscaling-resource.tf deleted file mode 100644 index 4dd9e483..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c13-03-autoscaling-resource.tf +++ /dev/null @@ -1,29 +0,0 @@ -# Autoscaling Group Resource -resource "aws_autoscaling_group" "my_asg" { - name_prefix = "myasg-" - desired_capacity = 2 - max_size = 10 - min_size = 2 - vpc_zone_identifier = module.vpc.private_subnets - target_group_arns = module.alb.target_group_arns - health_check_type = "EC2" - #health_check_grace_period = 300 # default is 300 seconds - launch_template { - id = aws_launch_template.my_launch_template.id - version = aws_launch_template.my_launch_template.latest_version - } - # Instance Refresh - instance_refresh { - strategy = "Rolling" - preferences { - # instance_warmup = 300 # Default behavior is to use the Auto Scaling Groups health check grace period value - min_healthy_percentage = 50 - } - triggers = [ "desired_capacity" ] # You can add any argument from ASG here, if those has changes, ASG Instance Refresh will trigger - } - tag { - key = "Owners" - value = "Web-Team" - propagate_at_launch = true - } -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c13-04-autoscaling-with-launchtemplate-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c13-04-autoscaling-with-launchtemplate-outputs.tf deleted file mode 100644 index 4a67007c..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c13-04-autoscaling-with-launchtemplate-outputs.tf +++ /dev/null @@ -1,29 +0,0 @@ -# Launch Template Outputs -## launch_template_id -output "launch_template_id" { - description = "Launch Template ID" - value = aws_launch_template.my_launch_template.id -} -## launch_template_latest_version -output "launch_template_latest_version" { - description = "Launch Template Latest Version" - value = aws_launch_template.my_launch_template.latest_version -} - -# Autoscaling Outputs -## autoscaling_group_id -output "autoscaling_group_id" { - description = "Autoscaling Group ID" - value = aws_autoscaling_group.my_asg.id -} - -## autoscaling_group_name -output "autoscaling_group_name" { - description = "Autoscaling Group Name" - value = aws_autoscaling_group.my_asg.name -} -## autoscaling_group_arn -output "autoscaling_group_arn" { - description = "Autoscaling Group ARN" - value = aws_autoscaling_group.my_asg.arn -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c13-05-autoscaling-notifications.tf b/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c13-05-autoscaling-notifications.tf deleted file mode 100644 index e2c85343..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c13-05-autoscaling-notifications.tf +++ /dev/null @@ -1,27 +0,0 @@ -# Autoscaling Notifications -## AWS Bug for SNS Topic: https://stackoverflow.com/questions/62694223/cloudwatch-alarm-pending-confirmation -## Due to that create SNS Topic with unique name - -## SNS - Topic -resource "aws_sns_topic" "myasg_sns_topic" { - name = "myasg-sns-topic-${random_pet.this.id}" -} - -## SNS - Subscription -resource "aws_sns_topic_subscription" "myasg_sns_topic_subscription" { - topic_arn = aws_sns_topic.myasg_sns_topic.arn - protocol = "email" - endpoint = "stacksimplify@gmail.com" -} - -## Create Autoscaling Notification Resource -resource "aws_autoscaling_notification" "myasg_notifications" { - group_names = [aws_autoscaling_group.my_asg.id] - notifications = [ - "autoscaling:EC2_INSTANCE_LAUNCH", - "autoscaling:EC2_INSTANCE_TERMINATE", - "autoscaling:EC2_INSTANCE_LAUNCH_ERROR", - "autoscaling:EC2_INSTANCE_TERMINATE_ERROR", - ] - topic_arn = aws_sns_topic.myasg_sns_topic.arn -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c13-06-autoscaling-ttsp.tf b/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c13-06-autoscaling-ttsp.tf deleted file mode 100644 index f67b9b23..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c13-06-autoscaling-ttsp.tf +++ /dev/null @@ -1,33 +0,0 @@ -###### Target Tracking Scaling Policies ###### -# TTS - Scaling Policy-1: Based on CPU Utilization -# Define Autoscaling Policies and Associate them to Autoscaling Group -resource "aws_autoscaling_policy" "avg_cpu_policy_greater_than_xx" { - name = "avg-cpu-policy-greater-than-xx" - policy_type = "TargetTrackingScaling" # Important Note: The policy type, either "SimpleScaling", "StepScaling" or "TargetTrackingScaling". If this value isn't provided, AWS will default to "SimpleScaling." - autoscaling_group_name = aws_autoscaling_group.my_asg.id - estimated_instance_warmup = 180 # defaults to ASG default cooldown 300 seconds if not set - # CPU Utilization is above 50 - target_tracking_configuration { - predefined_metric_specification { - predefined_metric_type = "ASGAverageCPUUtilization" - } - target_value = 50.0 - } - -} - -# TTS - Scaling Policy-2: Based on ALB Target Requests -resource "aws_autoscaling_policy" "alb_target_requests_greater_than_yy" { - name = "alb-target-requests-greater-than-yy" - policy_type = "TargetTrackingScaling" # Important Note: The policy type, either "SimpleScaling", "StepScaling" or "TargetTrackingScaling". If this value isn't provided, AWS will default to "SimpleScaling." - autoscaling_group_name = aws_autoscaling_group.my_asg.id - estimated_instance_warmup = 120 # defaults to ASG default cooldown 300 seconds if not set - # Number of requests > 10 completed per target in an Application Load Balancer target group. - target_tracking_configuration { - predefined_metric_specification { - predefined_metric_type = "ALBRequestCountPerTarget" - resource_label = "${module.alb.lb_arn_suffix}/${module.alb.target_group_arn_suffixes[0]}" - } - target_value = 10.0 - } -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c13-07-autoscaling-scheduled-actions.tf b/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c13-07-autoscaling-scheduled-actions.tf deleted file mode 100644 index f8d000b4..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c13-07-autoscaling-scheduled-actions.tf +++ /dev/null @@ -1,23 +0,0 @@ -## Create Scheduled Actions -### Create Scheduled Action-1: Increase capacity during business hours -resource "aws_autoscaling_schedule" "increase_capacity_7am" { - scheduled_action_name = "increase-capacity-7am" - min_size = 2 - max_size = 10 - desired_capacity = 8 - start_time = "2030-03-30T11:00:00Z" # Time should be provided in UTC Timezone (11am UTC = 7AM EST) - recurrence = "00 09 * * *" - autoscaling_group_name = aws_autoscaling_group.my_asg.id -} -### Create Scheduled Action-2: Decrease capacity during business hours -resource "aws_autoscaling_schedule" "decrease_capacity_5pm" { - scheduled_action_name = "decrease-capacity-5pm" - min_size = 2 - max_size = 10 - desired_capacity = 2 - start_time = "2030-03-30T21:00:00Z" # Time should be provided in UTC Timezone (9PM UTC = 5PM EST) - recurrence = "00 21 * * *" - autoscaling_group_name = aws_autoscaling_group.my_asg.id -} - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c2-generic-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c2-generic-variables.tf deleted file mode 100644 index c238ceaa..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c2-generic-variables.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Input Variables -# AWS Region -variable "aws_region" { - description = "Region in which AWS Resources to be created" - type = string - default = "us-east-1" -} -# Environment Variable -variable "environment" { - description = "Environment Variable used as a prefix" - type = string - default = "dev" -} -# Business Division -variable "business_divsion" { - description = "Business Division in the large organization this Infrastructure belongs" - type = string - default = "sap" -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c3-local-values.tf b/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c3-local-values.tf deleted file mode 100644 index ba7f09c2..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c3-local-values.tf +++ /dev/null @@ -1,25 +0,0 @@ -# Define Local Values in Terraform -locals { - owners = var.business_divsion - environment = var.environment - name = "${var.business_divsion}-${var.environment}" - #name = "${local.owners}-${local.environment}" - common_tags = { - owners = local.owners - environment = local.environment - } - - asg_tags = [ - { - key = "Project" - value = "megasecret" - propagate_at_launch = true - }, - { - key = "foo" - value = "" - propagate_at_launch = true - }, - ] - -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c4-01-vpc-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c4-01-vpc-variables.tf deleted file mode 100644 index b68d0a48..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c4-01-vpc-variables.tf +++ /dev/null @@ -1,77 +0,0 @@ -# VPC Input Variables - -# VPC Name -variable "vpc_name" { - description = "VPC Name" - type = string - default = "myvpc" -} - -# VPC CIDR Block -variable "vpc_cidr_block" { - description = "VPC CIDR Block" - type = string - default = "10.0.0.0/16" -} - -# VPC Availability Zones -variable "vpc_availability_zones" { - description = "VPC Availability Zones" - type = list(string) - default = ["us-east-1a", "us-east-1b"] -} - -# VPC Public Subnets -variable "vpc_public_subnets" { - description = "VPC Public Subnets" - type = list(string) - default = ["10.0.101.0/24", "10.0.102.0/24"] -} - -# VPC Private Subnets -variable "vpc_private_subnets" { - description = "VPC Private Subnets" - type = list(string) - default = ["10.0.1.0/24", "10.0.2.0/24"] -} - -# VPC Database Subnets -variable "vpc_database_subnets" { - description = "VPC Database Subnets" - type = list(string) - default = ["10.0.151.0/24", "10.0.152.0/24"] -} - -# VPC Create Database Subnet Group (True / False) -variable "vpc_create_database_subnet_group" { - description = "VPC Create Database Subnet Group" - type = bool - default = true -} - -# VPC Create Database Subnet Route Table (True or False) -variable "vpc_create_database_subnet_route_table" { - description = "VPC Create Database Subnet Route Table" - type = bool - default = true -} - - -# VPC Enable NAT Gateway (True or False) -variable "vpc_enable_nat_gateway" { - description = "Enable NAT Gateways for Private Subnets Outbound Communication" - type = bool - default = true -} - -# VPC Single NAT Gateway (True or False) -variable "vpc_single_nat_gateway" { - description = "Enable only single NAT Gateway in one Availability Zone to save costs during our demos" - type = bool - default = true -} - - - - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c4-02-vpc-module.tf b/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c4-02-vpc-module.tf deleted file mode 100644 index 69535c5f..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c4-02-vpc-module.tf +++ /dev/null @@ -1,43 +0,0 @@ -# Create VPC Terraform Module -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - #version = "2.78.0" - version = "3.0.0" - - # VPC Basic Details - name = "${local.name}-${var.vpc_name}" - cidr = var.vpc_cidr_block - azs = var.vpc_availability_zones - public_subnets = var.vpc_public_subnets - private_subnets = var.vpc_private_subnets - - # Database Subnets - database_subnets = var.vpc_database_subnets - create_database_subnet_group = var.vpc_create_database_subnet_group - create_database_subnet_route_table = var.vpc_create_database_subnet_route_table - # create_database_internet_gateway_route = true - # create_database_nat_gateway_route = true - - # NAT Gateways - Outbound Communication - enable_nat_gateway = var.vpc_enable_nat_gateway - single_nat_gateway = var.vpc_single_nat_gateway - - # VPC DNS Parameters - enable_dns_hostnames = true - enable_dns_support = true - - - tags = local.common_tags - vpc_tags = local.common_tags - - # Additional Tags to Subnets - public_subnet_tags = { - Type = "Public Subnets" - } - private_subnet_tags = { - Type = "Private Subnets" - } - database_subnet_tags = { - Type = "Private Database Subnets" - } -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c4-03-vpc-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c4-03-vpc-outputs.tf deleted file mode 100644 index c144e991..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c4-03-vpc-outputs.tf +++ /dev/null @@ -1,37 +0,0 @@ -# VPC Output Values - -# VPC ID -output "vpc_id" { - description = "The ID of the VPC" - value = module.vpc.vpc_id -} - -# VPC CIDR blocks -output "vpc_cidr_block" { - description = "The CIDR block of the VPC" - value = module.vpc.vpc_cidr_block -} - -# VPC Private Subnets -output "private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc.private_subnets -} - -# VPC Public Subnets -output "public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc.public_subnets -} - -# VPC NAT gateway Public IP -output "nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_public_ips -} - -# VPC AZs -output "azs" { - description = "A list of availability zones spefified as argument to this module" - value = module.vpc.azs -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c5-01-securitygroup-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c5-01-securitygroup-variables.tf deleted file mode 100644 index fecdef54..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c5-01-securitygroup-variables.tf +++ /dev/null @@ -1,2 +0,0 @@ -# AWS EC2 Security Group Terraform Variables -## Placeholder file for Variables diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c5-02-securitygroup-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c5-02-securitygroup-outputs.tf deleted file mode 100644 index 2bd8f58c..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c5-02-securitygroup-outputs.tf +++ /dev/null @@ -1,46 +0,0 @@ -# AWS EC2 Security Group Terraform Outputs - -# Public Bastion Host Security Group Outputs -## public_bastion_sg_group_id -output "public_bastion_sg_group_id" { - description = "The ID of the security group" - #value = module.public_bastion_sg.this_security_group_id - value = module.public_bastion_sg.security_group_id -} - -## public_bastion_sg_group_vpc_id -output "public_bastion_sg_group_vpc_id" { - description = "The VPC ID" - #value = module.public_bastion_sg.this_security_group_vpc_id - value = module.public_bastion_sg.security_group_vpc_id -} - -## public_bastion_sg_group_name -output "public_bastion_sg_group_name" { - description = "The name of the security group" - #value = module.public_bastion_sg.this_security_group_name - value = module.public_bastion_sg.security_group_name -} - -# Private EC2 Instances Security Group Outputs -## private_sg_group_id -output "private_sg_group_id" { - description = "The ID of the security group" - #value = module.private_sg.this_security_group_id - value = module.private_sg.security_group_id -} - -## private_sg_group_vpc_id -output "private_sg_group_vpc_id" { - description = "The VPC ID" - #value = module.private_sg.this_security_group_vpc_id - value = module.private_sg.security_group_vpc_id -} - -## private_sg_group_name -output "private_sg_group_name" { - description = "The name of the security group" - #value = module.private_sg.this_security_group_name - value = module.private_sg.security_group_name -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c5-03-securitygroup-bastionsg.tf b/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c5-03-securitygroup-bastionsg.tf deleted file mode 100644 index 3be1eb68..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c5-03-securitygroup-bastionsg.tf +++ /dev/null @@ -1,17 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Public Bastion Host -module "public_bastion_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - version = "4.0.0" - - name = "public-bastion-sg" - description = "Security Group with SSH port open for everybody (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c5-04-securitygroup-privatesg.tf b/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c5-04-securitygroup-privatesg.tf deleted file mode 100644 index 560a64cf..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c5-04-securitygroup-privatesg.tf +++ /dev/null @@ -1,18 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Private EC2 Instances -module "private_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - version = "4.0.0" - - name = "private-sg" - description = "Security Group with HTTP & SSH port open for entire VPC Block (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp", "http-80-tcp", "http-8080-tcp"] - ingress_cidr_blocks = [module.vpc.vpc_cidr_block] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf b/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf deleted file mode 100644 index e1cdf082..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf +++ /dev/null @@ -1,29 +0,0 @@ -# Security Group for Public Load Balancer -module "loadbalancer_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - version = "4.0.0" - - name = "loadbalancer-sg" - description = "Security Group with HTTP open for entire Internet (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["http-80-tcp", "https-443-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags - - # Open to CIDRs blocks (rule or from_port+to_port+protocol+description) - ingress_with_cidr_blocks = [ - { - from_port = 81 - to_port = 81 - protocol = 6 - description = "Allow Port 81 from internet" - cidr_blocks = "0.0.0.0/0" - }, - ] -} - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c6-01-datasource-ami.tf b/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c6-01-datasource-ami.tf deleted file mode 100644 index c292b608..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c6-01-datasource-ami.tf +++ /dev/null @@ -1,21 +0,0 @@ -# Get latest AMI ID for Amazon Linux2 OS -data "aws_ami" "amzlinux2" { - most_recent = true - owners = [ "amazon" ] - filter { - name = "name" - values = [ "amzn2-ami-hvm-*-gp2" ] - } - filter { - name = "root-device-type" - values = [ "ebs" ] - } - filter { - name = "virtualization-type" - values = [ "hvm" ] - } - filter { - name = "architecture" - values = [ "x86_64" ] - } -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c6-02-datasource-route53-zone.tf b/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c6-02-datasource-route53-zone.tf deleted file mode 100644 index a30979d5..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c6-02-datasource-route53-zone.tf +++ /dev/null @@ -1,16 +0,0 @@ -# Get DNS information from AWS Route53 -data "aws_route53_zone" "mydomain" { - name = "devopsincloud.com" -} - -# Output MyDomain Zone ID -output "mydomain_zoneid" { - description = "The Hosted Zone id of the desired Hosted Zone" - value = data.aws_route53_zone.mydomain.zone_id -} - -# Output MyDomain name -output "mydomain_name" { - description = " The Hosted Zone name of the desired Hosted Zone." - value = data.aws_route53_zone.mydomain.name -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c7-01-ec2instance-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c7-01-ec2instance-variables.tf deleted file mode 100644 index 5067bec2..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c7-01-ec2instance-variables.tf +++ /dev/null @@ -1,23 +0,0 @@ -# AWS EC2 Instance Terraform Variables -# EC2 Instance Variables - -# AWS EC2 Instance Type -variable "instance_type" { - description = "EC2 Instance Type" - type = string - default = "t3.micro" -} - -# AWS EC2 Instance Key Pair -variable "instance_keypair" { - description = "AWS EC2 Key pair that need to be associated with EC2 Instance" - type = string - default = "terraform-key" -} - -# AWS EC2 Private Instance Count -variable "private_instance_count" { - description = "AWS EC2 Private Instances Count" - type = number - default = 1 -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c7-02-ec2instance-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c7-02-ec2instance-outputs.tf deleted file mode 100644 index 14415a3f..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c7-02-ec2instance-outputs.tf +++ /dev/null @@ -1,15 +0,0 @@ -# AWS EC2 Instance Terraform Outputs -# Public EC2 Instances - Bastion Host - -## ec2_bastion_public_instance_ids -output "ec2_bastion_public_instance_ids" { - description = "List of IDs of instances" - value = module.ec2_public.id -} - -## ec2_bastion_public_ip -output "ec2_bastion_public_ip" { - description = "List of public IP addresses assigned to the instances" - value = module.ec2_public.public_ip -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c7-03-ec2instance-bastion.tf b/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c7-03-ec2instance-bastion.tf deleted file mode 100644 index b13a1b56..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c7-03-ec2instance-bastion.tf +++ /dev/null @@ -1,18 +0,0 @@ -# AWS EC2 Instance Terraform Module -# Bastion Host - EC2 Instance that will be created in VPC Public Subnet -module "ec2_public" { - source = "terraform-aws-modules/ec2-instance/aws" - version = "2.17.0" - # insert the 10 required variables here - name = "${var.environment}-BastionHost" - #instance_count = 5 - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - subnet_id = module.vpc.public_subnets[0] - #vpc_security_group_ids = [module.public_bastion_sg.this_security_group_id] - vpc_security_group_ids = [module.public_bastion_sg.security_group_id] - tags = local.common_tags -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c8-elasticip.tf b/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c8-elasticip.tf deleted file mode 100644 index 07fe130b..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c8-elasticip.tf +++ /dev/null @@ -1,16 +0,0 @@ -# Create Elastic IP for Bastion Host -# Resource - depends_on Meta-Argument -resource "aws_eip" "bastion_eip" { - depends_on = [ module.ec2_public, module.vpc ] - instance = module.ec2_public.id[0] - vpc = true - tags = local.common_tags - -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) - provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c9-nullresource-provisioners.tf b/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c9-nullresource-provisioners.tf deleted file mode 100644 index a4b0bcdf..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/c9-nullresource-provisioners.tf +++ /dev/null @@ -1,42 +0,0 @@ -# Create a Null Resource and Provisioners -resource "null_resource" "name" { - depends_on = [module.ec2_public] - # Connection Block for Provisioners to connect to EC2 Instance - connection { - type = "ssh" - host = aws_eip.bastion_eip.public_ip - user = "ec2-user" - password = "" - private_key = file("private-key/terraform-key.pem") - } - -## File Provisioner: Copies the terraform-key.pem file to /tmp/terraform-key.pem - provisioner "file" { - source = "private-key/terraform-key.pem" - destination = "/tmp/terraform-key.pem" - } -## Remote Exec Provisioner: Using remote-exec provisioner fix the private key permissions on Bastion Host - provisioner "remote-exec" { - inline = [ - "sudo chmod 400 /tmp/terraform-key.pem" - ] - } -## Local Exec Provisioner: local-exec provisioner (Creation-Time Provisioner - Triggered during Create Resource) - provisioner "local-exec" { - command = "echo VPC created on `date` and VPC ID: ${module.vpc.vpc_id} >> creation-time-vpc-id.txt" - working_dir = "local-exec-output-files/" - #on_failure = continue - } -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) -/* provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } - */ - -} - -# Creation Time Provisioners - By default they are created during resource creations (terraform apply) -# Destory Time Provisioners - Will be executed during "terraform destroy" command (when = destroy) \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/ec2instance.auto.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/ec2instance.auto.tfvars deleted file mode 100644 index 2d1c0446..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/ec2instance.auto.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -# EC2 Instance Variables -instance_type = "t3.micro" -instance_keypair = "terraform-key" -private_instance_count = 2 diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt b/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt deleted file mode 100644 index ccdb34a7..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt +++ /dev/null @@ -1,13 +0,0 @@ -VPC created on Tue Apr 20 13:59:45 IST 2021 and VPC ID: vpc-0325dc1acd7eec103 -VPC created on Fri Apr 23 14:38:18 IST 2021 and VPC ID: vpc-0159283c216ac75de -VPC created on Tue Apr 27 10:44:49 IST 2021 and VPC ID: vpc-0f27dbec1d02214ac -VPC created on Tue Apr 27 11:43:16 IST 2021 and VPC ID: vpc-0919ae691ce17b447 -VPC created on Tue Apr 27 15:46:33 IST 2021 and VPC ID: vpc-0c049ce82c2fef9d3 -VPC created on Wed Apr 28 07:46:02 IST 2021 and VPC ID: vpc-0d39babb1eceb9575 -VPC created on Wed Apr 28 09:38:00 IST 2021 and VPC ID: vpc-09e48c566409ec82d -VPC created on Wed Apr 28 10:24:07 IST 2021 and VPC ID: vpc-09022e15de01c4a50 -VPC created on Wed Apr 28 10:50:57 IST 2021 and VPC ID: vpc-092812c768984d8be -VPC created on Wed Apr 28 11:34:10 IST 2021 and VPC ID: vpc-01adbaf8ac37d8544 -VPC created on Thu Apr 29 07:49:39 IST 2021 and VPC ID: vpc-076756b5a8528bb7c -VPC created on Thu Apr 29 14:42:12 IST 2021 and VPC ID: vpc-0c1dc4b0f2ac20dcb -VPC created on Sat May 8 10:58:39 IST 2021 and VPC ID: vpc-0597a0c7016fa61c6 diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/local-exec-output-files/destroy-time-prov.txt b/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/local-exec-output-files/destroy-time-prov.txt deleted file mode 100644 index e355f80a..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/local-exec-output-files/destroy-time-prov.txt +++ /dev/null @@ -1,13 +0,0 @@ -Destroy time prov Tue Apr 20 14:11:11 IST 2021 -Destroy time prov Fri Apr 23 16:06:53 IST 2021 -Destroy time prov Tue Apr 27 11:10:39 IST 2021 -Destroy time prov Tue Apr 27 13:09:09 IST 2021 -Destroy time prov Tue Apr 27 16:20:51 IST 2021 -Destroy time prov Wed Apr 28 08:12:01 IST 2021 -Destroy time prov Wed Apr 28 10:12:10 IST 2021 -Destroy time prov Wed Apr 28 10:39:23 IST 2021 -Destroy time prov Wed Apr 28 11:24:38 IST 2021 -Destroy time prov Wed Apr 28 13:05:25 IST 2021 -Destroy time prov Thu Apr 29 11:15:01 IST 2021 -Destroy time prov Thu Apr 29 16:03:46 IST 2021 -Destroy time prov Sat May 8 11:14:32 IST 2021 diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/private-key/terraform-key.pem b/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/private-key/terraform-key.pem deleted file mode 100644 index fab1eb2a..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/private-key/terraform-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAnzQtbXStFNU4znotckbPpAbQvymSYBvIRhObDObmhZLzs/Qm -lm57HBU18NcdAeEmKjHyu/2CI4Wwor3TJ+LTKHIldHmCt+26dSN5889Km99Af674 -nuPg9fTt8IXhY83aO0AeEnFivC+lk9+6Xezv7J7Llsmyx3kvUGE4uUEPNPuNcjdU -OrSlQ/Th9FPWBsTL8wLQCfQaPIQhZT8fXnvNGViTpZ/YqcoKGmkXcMl/+Pi0Xccs -ID3Egl18sV5uWr6T1DSMqhhwWYbl+IagZYUeKQ6Lg5znAtnX2/OHhDep6pGcf+aE -jbRkhQWgfLIVYhNXkAGxdxBEA2fQO0wvnaKI6wIDAQABAoIBABmUZqApmQ253LDA -TMEJw58VQUEVyuEKVbl8uPLvvqZDoEiPuAt/oOQ4PDyAM7bzmBA7ikbOSrSubF0Z -pu3HsinTfVUjmO84kTb1Bkk4S0KUMmbRlDzjXGfofLqiqD5C+wd+G9bWxQh7l10V -G3qv8TTRpuCJc+I9BG8jz9tkKq9WYtnGKXktVIAmEXK+ein8A5yj+szV1CyP0y6Y -6D1KApk+o1hLEXCBxaK6JgD4elJWgU0jCIhRFZzae93yozNIfJc2WZfPc8Ro6GBa -8H57q3E241P7S65VewhZlln9AUcRFYc587ohcCIW8mOWQ8NA3IMP+oVxa2p334Ll -duhR2jECgYEAyf7a1/+/c82B+ENyo53Y5CK2UM28oOJjiyCaWG2Dxj6V2+ZSXPrS -YTo43L9XiqT0Ry2eHjb4pJDsEeW5FnaDFO6NVUP+vfzaqWtozQmVAl3GQybbSh6g -+KJoEQff2Obadp9ZVhLFTiBedvGqPD43hs7jtmk5RfMjpLOvidfe+/UCgYEAycSJ -etYYHMMQm2NgX1/4dcbgOiu33N+x1H7LaXuvJMaZw0wB7fUyu65CAexEanDtiKs3 -jVG4tAzdMmHg7VxKR7eiCvQaSlxdWdcWtL2eFVq2TaQeowbpJUtsR0h6W0vpaN9A -VYW/oAH4fzQskwmWSlBMxB/Ie14hBCBckTXSRV8CgYEAql6WXpCK/jVbZfYdfvrn -sKPGeijM7DWGGBaLmAHmnxKyeyKsXVgAkZj11NpeD8ZJcq97Kajb1pGVSxMjJVsX -/FOoST5sYfoew76gSi/GypQlYQYo9z8WLh9s/tBRcTRlFqAYTYzPdbG/ezshhmZD -lyRw0620bNdCPOyBJhY5MPECgYA/3tFOazuSz0UQi3LUfkLetagBghlf+AgJJmIp -8BdPYvcF1ae+tiHrO4x1o188+qaW3uxk9fusM25KJqXXPaHd9gl7wi4YYAjFCcuM -R4IlbGPNTCjOnr9rKOcL4aup/uvSYOmyqPYyJq2NRuzdVumWeLj0VMNYGkIFVmE3 -LnxzrQKBgG5loEjdSKt40YOMXtYvUYUKDGvWgoQEb0hj3OqiBXz+w4YD3/iX7dbQ -qra1gCxE42Z9beiBiti6zi6zGcoVj/pfNUoyxTLMSwaytbF+g1u6ksXcmC9PXcmk -kJDR0DJcm/rcL8tp3PKo22GDB7sobm9gk5je6y8z+dQs3SQbWzb0 ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/terraform.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/terraform.tfvars deleted file mode 100644 index 8b9f8d7c..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/terraform.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# Generic Variables -aws_region = "us-east-1" -environment = "stag" -business_divsion = "hr" - - - - - - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/vpc.auto.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/vpc.auto.tfvars deleted file mode 100644 index fc45bf29..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/15-Autoscaling-with-Launch-Templates/terraform-manifests/vpc.auto.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# VPC Variables -vpc_name = "myvpc" -vpc_cidr_block = "10.0.0.0/16" -vpc_availability_zones = ["us-east-1a", "us-east-1b"] -vpc_public_subnets = ["10.0.101.0/24", "10.0.102.0/24"] -vpc_private_subnets = ["10.0.1.0/24", "10.0.2.0/24"] -vpc_database_subnets= ["10.0.151.0/24", "10.0.152.0/24"] -vpc_create_database_subnet_group = true -vpc_create_database_subnet_route_table = true -vpc_enable_nat_gateway = true -vpc_single_nat_gateway = true \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/README.md b/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/README.md deleted file mode 100644 index 1a76b901..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/README.md +++ /dev/null @@ -1,251 +0,0 @@ ---- -title: AWS Network Load Balancer with Terraform -description: Create AWS Network Load Balancer with Terraform - Demo for both TCP and TLS Listeners ---- -# AWS Network Load Balancer TCP and TLS with Terraform - -## Step-01: Introduction -- Create [AWS Network Load Balancer using Terraform Module](https://registry.terraform.io/modules/terraform-aws-modules/alb/aws/latest) -- Create TCP Listener -- Create TLS Listener -- Create Target Group - -[](https://stacksimplify.com/course-images/terraform-aws-nlb-network-loadbalancer-1.png) - -[](https://stacksimplify.com/course-images/terraform-aws-nlb-network-loadbalancer-2.png) - -[](https://stacksimplify.com/course-images/terraform-aws-nlb-network-loadbalancer-3.png) - -## Step-02: c5-04-securitygroup-privatesg.tf -- NLB requires private security group EC2 Instances to have the `ingress_cidr_blocks` as `0.0.0.0/0` -```t -# Before - ingress_cidr_blocks = [module.vpc.vpc_cidr_block] - -# After - ingress_cidr_blocks = ["0.0.0.0/0"] # Required for NLB -``` - -## Step-03: c10-01-NLB-network-loadbalancer-variables.tf -- Place holder file for NLB variables. - -## Step-04: c10-02-NLB-network-loadbalancer.tf -- Create [AWS Network Load Balancer using Terraform Module](https://registry.terraform.io/modules/terraform-aws-modules/alb/aws/latest) -- Create TCP Listener -- Create TLS Listener -- Create Target Group -```t -# Terraform AWS Network Load Balancer (NLB) -module "nlb" { - source = "terraform-aws-modules/alb/aws" - version = "6.0.0" - name_prefix = "mynlb-" - #name = "nlb-basic" - load_balancer_type = "network" - vpc_id = module.vpc.vpc_id - subnets = module.vpc.public_subnets - #security_groups = [module.loadbalancer_sg.this_security_group_id] # Security Groups not supported for NLB - # TCP Listener - http_tcp_listeners = [ - { - port = 80 - protocol = "TCP" - target_group_index = 0 - } - ] - - # TLS Listener - https_listeners = [ - { - port = 443 - protocol = "TLS" - certificate_arn = module.acm.acm_certificate_arn - target_group_index = 0 - }, - ] - - - # Target Group - target_groups = [ - { - name_prefix = "app1-" - backend_protocol = "TCP" - backend_port = 80 - target_type = "instance" - deregistration_delay = 10 - health_check = { - enabled = true - interval = 30 - path = "/app1/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - } - }, - ] - tags = local.common_tags -} -``` -## Step-05: c10-03-NLB-network-loadbalancer-outputs.tf -```t -# Terraform AWS Network Load Balancer (NLB) Outputs -output "lb_id" { - description = "The ID and ARN of the load balancer we created." - value = module.nlb.lb_id -} - -output "lb_arn" { - description = "The ID and ARN of the load balancer we created." - value = module.nlb.lb_arn -} - -output "lb_dns_name" { - description = "The DNS name of the load balancer." - value = module.nlb.lb_dns_name -} - -output "lb_arn_suffix" { - description = "ARN suffix of our load balancer - can be used with CloudWatch." - value = module.nlb.lb_arn_suffix -} - -output "lb_zone_id" { - description = "The zone_id of the load balancer to assist with creating DNS records." - value = module.nlb.lb_zone_id -} - -output "http_tcp_listener_arns" { - description = "The ARN of the TCP and HTTP load balancer listeners created." - value = module.nlb.http_tcp_listener_arns -} - -output "http_tcp_listener_ids" { - description = "The IDs of the TCP and HTTP load balancer listeners created." - value = module.nlb.http_tcp_listener_ids -} - -output "https_listener_arns" { - description = "The ARNs of the HTTPS load balancer listeners created." - value = module.nlb.https_listener_arns -} - -output "https_listener_ids" { - description = "The IDs of the load balancer listeners created." - value = module.nlb.https_listener_ids -} - -output "target_group_arns" { - description = "ARNs of the target groups. Useful for passing to your Auto Scaling group." - value = module.nlb.target_group_arns -} - -output "target_group_arn_suffixes" { - description = "ARN suffixes of our target groups - can be used with CloudWatch." - value = module.nlb.target_group_arn_suffixes -} - -output "target_group_names" { - description = "Name of the target group. Useful for passing to your CodeDeploy Deployment Group." - value = module.nlb.target_group_names -} -``` -## Step-06: c12-route53-dnsregistration.tf -- **Change-1:** Update DNS Name -- **Change-2:** Update `alias name` -- **Change-3:** Update `alias zone_id` -```t -# DNS Registration -resource "aws_route53_record" "apps_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = "nlb1.devopsincloud.com" - type = "A" - alias { - name = module.nlb.lb_dns_name - zone_id = module.nlb.lb_zone_id - evaluate_target_health = true - } -} -``` -## Step-07: c13-03-autoscaling-resource.tf -- Change the module name for `target_group_arns` to `nlb` -```t -# Before - target_group_arns = module.alb.target_group_arns -# After - target_group_arns = module.nlb.target_group_arns -``` -## Step-08: c13-06-autoscaling-ttsp.tf -- Comment TTSP ALB policy which is not applicable to NLB -```t -# TTS - Scaling Policy-2: Based on ALB Target Requests -# THIS POLICY IS SPECIFIC TO ALB and NOT APPLICABLE TO NLB -/* -resource "aws_autoscaling_policy" "alb_target_requests_greater_than_yy" { - name = "alb-target-requests-greater-than-yy" - policy_type = "TargetTrackingScaling" # Important Note: The policy type, either "SimpleScaling", "StepScaling" or "TargetTrackingScaling". If this value isn't provided, AWS will default to "SimpleScaling." - autoscaling_group_name = aws_autoscaling_group.my_asg.id - estimated_instance_warmup = 120 # defaults to ASG default cooldown 300 seconds if not set - # Number of requests > 10 completed per target in an Application Load Balancer target group. - target_tracking_configuration { - predefined_metric_specification { - predefined_metric_type = "ALBRequestCountPerTarget" - resource_label = "${module.alb.lb_arn_suffix}/${module.alb.target_group_arn_suffixes[0]}" - } - target_value = 10.0 - } -} -*/ -``` -## Step-09: Execute Terraform Commands -```t -# Terraform Initialize -terraform init - -# Terrafom Validate -terraform validate - -# Terraform Plan -terraform plan - -# Terraform Apply -terraform apply -auto-approve -``` -## Step-10: Verify the AWS resources created -0. Confirm SNS Subscription in your email -1. Verify EC2 Instances -2. Verify Launch Templates (High Level) -3. Verify Autoscaling Group (High Level) -4. Verify Network Load Balancer - - TCP Listener - - TLS Listener -5. Verify Network Load Balancer Target Group - - Health Checks - both nodes should be healthy -6. Access and Test -```t -# Access and Test with Port 80 - TCP Listener -http://nlb.devopsincloud.com -http://nlb.devopsincloud.com/app1/index.html -http://nlb.devopsincloud.com/app1/metadata.html - -# Access and Test with Port 443 - TLS Listener -https://nlb.devopsincloud.com -https://nlb.devopsincloud.com/app1/index.html -https://nlb.devopsincloud.com/app1/metadata.html -``` - -## Step-11: Clean-Up -```t -# Terraform Destroy -terraform destroy -auto-approve - -# Clean-Up Files -rm -rf .terraform* -rm -rf terraform.tfstate* -``` - - - -## References --[Complete NLB - Example](https://registry.terraform.io/modules/terraform-aws-modules/alb/aws/latest/examples/complete-nlb) - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/app1-install.sh b/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/app1-install.sh deleted file mode 100644 index f697dd1d..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/app1-install.sh +++ /dev/null @@ -1,12 +0,0 @@ -#! /bin/bash -# Instance Identity Metadata Reference - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html -sudo yum update -y -sudo yum install -y httpd -sudo systemctl enable httpd -sudo service httpd start -sudo echo 'Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app1/index.html -sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app1/metadata.html - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c1-versions.tf b/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c1-versions.tf deleted file mode 100644 index 91d8add4..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c1-versions.tf +++ /dev/null @@ -1,33 +0,0 @@ -# Terraform Block -terraform { - required_version = ">= 1.0" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 3.0" - } - null = { - source = "hashicorp/null" - version = "~> 3.0" - } - random = { - source = "hashicorp/random" - version = "~> 3.0" - } - } -} - -# Provider Block -provider "aws" { - region = var.aws_region - profile = "default" -} -/* -Note-1: AWS Credentials Profile (profile = "default") configured on your local desktop terminal -$HOME/.aws/credentials -*/ - -# Create Random Pet Resource -resource "random_pet" "this" { - length = 2 -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c10-01-NLB-network-loadbalancer-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c10-01-NLB-network-loadbalancer-variables.tf deleted file mode 100644 index 0aeebd65..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c10-01-NLB-network-loadbalancer-variables.tf +++ /dev/null @@ -1,3 +0,0 @@ -# Terraform AWS Application Load Balancer Variables -# Place holder file for AWS ALB Variables - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c10-02-NLB-network-loadbalancer.tf b/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c10-02-NLB-network-loadbalancer.tf deleted file mode 100644 index 4c57834e..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c10-02-NLB-network-loadbalancer.tf +++ /dev/null @@ -1,50 +0,0 @@ -# Terraform AWS Network Load Balancer (NLB) -module "nlb" { - source = "terraform-aws-modules/alb/aws" - version = "6.0.0" - name_prefix = "mynlb-" - #name = "complete-nlb-${random_pet.this.id}" - load_balancer_type = "network" - vpc_id = module.vpc.vpc_id - subnets = module.vpc.public_subnets - - # TCP Listener - http_tcp_listeners = [ - { - port = 80 - protocol = "TCP" - target_group_index = 0 - } - ] - - # TLS Listener - https_listeners = [ - { - port = 443 - protocol = "TLS" - certificate_arn = module.acm.acm_certificate_arn - target_group_index = 0 - }, - ] - - # Target Groups - target_groups = [ - { - name_prefix = "app1-" - backend_protocol = "TCP" - backend_port = 80 - target_type = "instance" - deregistration_delay = 10 - health_check = { - enabled = true - interval = 30 - path = "/app1/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - } - }, - ] - tags = local.common_tags -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c10-03-NLB-network-loadbalancer-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c10-03-NLB-network-loadbalancer-outputs.tf deleted file mode 100644 index c0dd4e42..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c10-03-NLB-network-loadbalancer-outputs.tf +++ /dev/null @@ -1,60 +0,0 @@ -# Terraform AWS Network Load Balancer (NLB) Outputs -output "lb_id" { - description = "The ID and ARN of the load balancer we created." - value = module.nlb.lb_id -} - -output "lb_arn" { - description = "The ID and ARN of the load balancer we created." - value = module.nlb.lb_arn -} - -output "lb_dns_name" { - description = "The DNS name of the load balancer." - value = module.nlb.lb_dns_name -} - -output "lb_arn_suffix" { - description = "ARN suffix of our load balancer - can be used with CloudWatch." - value = module.nlb.lb_arn_suffix -} - -output "lb_zone_id" { - description = "The zone_id of the load balancer to assist with creating DNS records." - value = module.nlb.lb_zone_id -} - -output "http_tcp_listener_arns" { - description = "The ARN of the TCP and HTTP load balancer listeners created." - value = module.nlb.http_tcp_listener_arns -} - -output "http_tcp_listener_ids" { - description = "The IDs of the TCP and HTTP load balancer listeners created." - value = module.nlb.http_tcp_listener_ids -} - -output "https_listener_arns" { - description = "The ARNs of the HTTPS load balancer listeners created." - value = module.nlb.https_listener_arns -} - -output "https_listener_ids" { - description = "The IDs of the load balancer listeners created." - value = module.nlb.https_listener_ids -} - -output "target_group_arns" { - description = "ARNs of the target groups. Useful for passing to your Auto Scaling group." - value = module.nlb.target_group_arns -} - -output "target_group_arn_suffixes" { - description = "ARN suffixes of our target groups - can be used with CloudWatch." - value = module.nlb.target_group_arn_suffixes -} - -output "target_group_names" { - description = "Name of the target group. Useful for passing to your CodeDeploy Deployment Group." - value = module.nlb.target_group_names -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c11-acm-certificatemanager.tf b/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c11-acm-certificatemanager.tf deleted file mode 100644 index 1ec4f8fe..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c11-acm-certificatemanager.tf +++ /dev/null @@ -1,22 +0,0 @@ -# ACM Module - To create and Verify SSL Certificates -module "acm" { - source = "terraform-aws-modules/acm/aws" - #version = "2.14.0" - version = "3.0.0" - - domain_name = trimsuffix(data.aws_route53_zone.mydomain.name, ".") - zone_id = data.aws_route53_zone.mydomain.zone_id - - subject_alternative_names = [ - "*.devopsincloud.com" - ] - tags = local.common_tags -} - -# Output ACM Certificate ARN -output "this_acm_certificate_arn" { - description = "The ARN of the certificate" - #value = module.acm.this_acm_certificate_arn - value = module.acm.acm_certificate_arn -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c12-route53-dnsregistration.tf b/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c12-route53-dnsregistration.tf deleted file mode 100644 index c1d1e704..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c12-route53-dnsregistration.tf +++ /dev/null @@ -1,11 +0,0 @@ -# DNS Registration -resource "aws_route53_record" "apps_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = "nlb.devopsincloud.com" - type = "A" - alias { - name = module.nlb.lb_dns_name - zone_id = module.nlb.lb_zone_id - evaluate_target_health = true - } -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c13-01-autoscaling-with-launchtemplate-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c13-01-autoscaling-with-launchtemplate-variables.tf deleted file mode 100644 index 72ba1abd..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c13-01-autoscaling-with-launchtemplate-variables.tf +++ /dev/null @@ -1,2 +0,0 @@ -# Autoscaling Input Variables -## Placeholder file \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c13-02-autoscaling-launchtemplate-resource.tf b/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c13-02-autoscaling-launchtemplate-resource.tf deleted file mode 100644 index 4fd4d7ae..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c13-02-autoscaling-launchtemplate-resource.tf +++ /dev/null @@ -1,34 +0,0 @@ -# Launch Template Resource -resource "aws_launch_template" "my_launch_template" { - name = "my-launch-template" - description = "My Launch Template" - image_id = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - - vpc_security_group_ids = [module.private_sg.security_group_id] - key_name = var.instance_keypair - user_data = filebase64("${path.module}/app1-install.sh") - ebs_optimized = true - #default_version = 1 - update_default_version = true - block_device_mappings { - device_name = "/dev/sda1" - ebs { - volume_size = 10 - #volume_size = 20 # LT Update Testing - Version 2 of LT - delete_on_termination = true - volume_type = "gp2" # default is gp2 - } - } - monitoring { - enabled = true - } - - tag_specifications { - resource_type = "instance" - tags = { - Name = "myasg" - } - } -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c13-03-autoscaling-resource.tf b/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c13-03-autoscaling-resource.tf deleted file mode 100644 index fb02f487..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c13-03-autoscaling-resource.tf +++ /dev/null @@ -1,33 +0,0 @@ -# Autoscaling Group Resource -resource "aws_autoscaling_group" "my_asg" { - name_prefix = "myasg-" - desired_capacity = 2 - max_size = 10 - min_size = 2 - vpc_zone_identifier = module.vpc.private_subnets - target_group_arns = module.nlb.target_group_arns - health_check_type = "EC2" - #health_check_grace_period = 300 # default is 300 seconds - # Launch Template - launch_template { - id = aws_launch_template.my_launch_template.id - version = aws_launch_template.my_launch_template.latest_version - } - # Instance Refresh - instance_refresh { - strategy = "Rolling" - preferences { - #instance_warmup = 300 # Default behavior is to use the Auto Scaling Group's health check grace period. - min_healthy_percentage = 50 - } - triggers = [ /*"launch_template",*/ "desired_capacity" ] # You can add any argument from ASG here, if those has changes, ASG Instance Refresh will trigger - } - tag { - key = "Owners" - value = "Web-Team" - propagate_at_launch = true - } -} - - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c13-04-autoscaling-with-launchtemplate-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c13-04-autoscaling-with-launchtemplate-outputs.tf deleted file mode 100644 index a23e76f4..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c13-04-autoscaling-with-launchtemplate-outputs.tf +++ /dev/null @@ -1,26 +0,0 @@ -# Launch Template Outputs -output "launch_template_id" { - description = "Launch Template ID" - value = aws_launch_template.my_launch_template.id -} - -output "launch_template_latest_version" { - description = "Launch Template Latest Version" - value = aws_launch_template.my_launch_template.latest_version -} - -# Autoscaling Outputs -output "autoscaling_group_id" { - description = "Autoscaling Group ID" - value = aws_autoscaling_group.my_asg.id -} - -output "autoscaling_group_name" { - description = "Autoscaling Group Name" - value = aws_autoscaling_group.my_asg.name -} - -output "autoscaling_group_arn" { - description = "Autoscaling Group ARN" - value = aws_autoscaling_group.my_asg.arn -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c13-05-autoscaling-notifications.tf b/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c13-05-autoscaling-notifications.tf deleted file mode 100644 index e2c85343..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c13-05-autoscaling-notifications.tf +++ /dev/null @@ -1,27 +0,0 @@ -# Autoscaling Notifications -## AWS Bug for SNS Topic: https://stackoverflow.com/questions/62694223/cloudwatch-alarm-pending-confirmation -## Due to that create SNS Topic with unique name - -## SNS - Topic -resource "aws_sns_topic" "myasg_sns_topic" { - name = "myasg-sns-topic-${random_pet.this.id}" -} - -## SNS - Subscription -resource "aws_sns_topic_subscription" "myasg_sns_topic_subscription" { - topic_arn = aws_sns_topic.myasg_sns_topic.arn - protocol = "email" - endpoint = "stacksimplify@gmail.com" -} - -## Create Autoscaling Notification Resource -resource "aws_autoscaling_notification" "myasg_notifications" { - group_names = [aws_autoscaling_group.my_asg.id] - notifications = [ - "autoscaling:EC2_INSTANCE_LAUNCH", - "autoscaling:EC2_INSTANCE_TERMINATE", - "autoscaling:EC2_INSTANCE_LAUNCH_ERROR", - "autoscaling:EC2_INSTANCE_TERMINATE_ERROR", - ] - topic_arn = aws_sns_topic.myasg_sns_topic.arn -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c13-06-autoscaling-ttsp.tf b/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c13-06-autoscaling-ttsp.tf deleted file mode 100644 index f453b533..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c13-06-autoscaling-ttsp.tf +++ /dev/null @@ -1,36 +0,0 @@ -###### Target Tracking Scaling Policies ###### -# TTS - Scaling Policy-1: Based on CPU Utilization -# Define Autoscaling Policies and Associate them to Autoscaling Group -resource "aws_autoscaling_policy" "avg_cpu_policy_greater_than_xx" { - name = "avg-cpu-policy-greater-than-xx" - policy_type = "TargetTrackingScaling" # Important Note: The policy type, either "SimpleScaling", "StepScaling" or "TargetTrackingScaling". If this value isn't provided, AWS will default to "SimpleScaling." - autoscaling_group_name = aws_autoscaling_group.my_asg.id - estimated_instance_warmup = 180 # defaults to ASG default cooldown 300 seconds if not set - # CPU Utilization is above 50 - target_tracking_configuration { - predefined_metric_specification { - predefined_metric_type = "ASGAverageCPUUtilization" - } - target_value = 50.0 - } - -} - -# TTS - Scaling Policy-2: Based on ALB Target Requests -# THIS POLICY IS SPECIFIC TO ALB and NOT APPLICABLE TO NLB -/* -resource "aws_autoscaling_policy" "alb_target_requests_greater_than_yy" { - name = "alb-target-requests-greater-than-yy" - policy_type = "TargetTrackingScaling" # Important Note: The policy type, either "SimpleScaling", "StepScaling" or "TargetTrackingScaling". If this value isn't provided, AWS will default to "SimpleScaling." - autoscaling_group_name = aws_autoscaling_group.my_asg.id - estimated_instance_warmup = 120 # defaults to ASG default cooldown 300 seconds if not set - # Number of requests > 10 completed per target in an Application Load Balancer target group. - target_tracking_configuration { - predefined_metric_specification { - predefined_metric_type = "ALBRequestCountPerTarget" - resource_label = "${module.alb.lb_arn_suffix}/${module.alb.target_group_arn_suffixes[0]}" - } - target_value = 10.0 - } -} -*/ \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c13-07-autoscaling-scheduled-actions.tf b/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c13-07-autoscaling-scheduled-actions.tf deleted file mode 100644 index f8d000b4..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c13-07-autoscaling-scheduled-actions.tf +++ /dev/null @@ -1,23 +0,0 @@ -## Create Scheduled Actions -### Create Scheduled Action-1: Increase capacity during business hours -resource "aws_autoscaling_schedule" "increase_capacity_7am" { - scheduled_action_name = "increase-capacity-7am" - min_size = 2 - max_size = 10 - desired_capacity = 8 - start_time = "2030-03-30T11:00:00Z" # Time should be provided in UTC Timezone (11am UTC = 7AM EST) - recurrence = "00 09 * * *" - autoscaling_group_name = aws_autoscaling_group.my_asg.id -} -### Create Scheduled Action-2: Decrease capacity during business hours -resource "aws_autoscaling_schedule" "decrease_capacity_5pm" { - scheduled_action_name = "decrease-capacity-5pm" - min_size = 2 - max_size = 10 - desired_capacity = 2 - start_time = "2030-03-30T21:00:00Z" # Time should be provided in UTC Timezone (9PM UTC = 5PM EST) - recurrence = "00 21 * * *" - autoscaling_group_name = aws_autoscaling_group.my_asg.id -} - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c2-generic-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c2-generic-variables.tf deleted file mode 100644 index c238ceaa..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c2-generic-variables.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Input Variables -# AWS Region -variable "aws_region" { - description = "Region in which AWS Resources to be created" - type = string - default = "us-east-1" -} -# Environment Variable -variable "environment" { - description = "Environment Variable used as a prefix" - type = string - default = "dev" -} -# Business Division -variable "business_divsion" { - description = "Business Division in the large organization this Infrastructure belongs" - type = string - default = "sap" -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c3-local-values.tf b/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c3-local-values.tf deleted file mode 100644 index ba7f09c2..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c3-local-values.tf +++ /dev/null @@ -1,25 +0,0 @@ -# Define Local Values in Terraform -locals { - owners = var.business_divsion - environment = var.environment - name = "${var.business_divsion}-${var.environment}" - #name = "${local.owners}-${local.environment}" - common_tags = { - owners = local.owners - environment = local.environment - } - - asg_tags = [ - { - key = "Project" - value = "megasecret" - propagate_at_launch = true - }, - { - key = "foo" - value = "" - propagate_at_launch = true - }, - ] - -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c4-01-vpc-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c4-01-vpc-variables.tf deleted file mode 100644 index b68d0a48..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c4-01-vpc-variables.tf +++ /dev/null @@ -1,77 +0,0 @@ -# VPC Input Variables - -# VPC Name -variable "vpc_name" { - description = "VPC Name" - type = string - default = "myvpc" -} - -# VPC CIDR Block -variable "vpc_cidr_block" { - description = "VPC CIDR Block" - type = string - default = "10.0.0.0/16" -} - -# VPC Availability Zones -variable "vpc_availability_zones" { - description = "VPC Availability Zones" - type = list(string) - default = ["us-east-1a", "us-east-1b"] -} - -# VPC Public Subnets -variable "vpc_public_subnets" { - description = "VPC Public Subnets" - type = list(string) - default = ["10.0.101.0/24", "10.0.102.0/24"] -} - -# VPC Private Subnets -variable "vpc_private_subnets" { - description = "VPC Private Subnets" - type = list(string) - default = ["10.0.1.0/24", "10.0.2.0/24"] -} - -# VPC Database Subnets -variable "vpc_database_subnets" { - description = "VPC Database Subnets" - type = list(string) - default = ["10.0.151.0/24", "10.0.152.0/24"] -} - -# VPC Create Database Subnet Group (True / False) -variable "vpc_create_database_subnet_group" { - description = "VPC Create Database Subnet Group" - type = bool - default = true -} - -# VPC Create Database Subnet Route Table (True or False) -variable "vpc_create_database_subnet_route_table" { - description = "VPC Create Database Subnet Route Table" - type = bool - default = true -} - - -# VPC Enable NAT Gateway (True or False) -variable "vpc_enable_nat_gateway" { - description = "Enable NAT Gateways for Private Subnets Outbound Communication" - type = bool - default = true -} - -# VPC Single NAT Gateway (True or False) -variable "vpc_single_nat_gateway" { - description = "Enable only single NAT Gateway in one Availability Zone to save costs during our demos" - type = bool - default = true -} - - - - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c4-02-vpc-module.tf b/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c4-02-vpc-module.tf deleted file mode 100644 index 69535c5f..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c4-02-vpc-module.tf +++ /dev/null @@ -1,43 +0,0 @@ -# Create VPC Terraform Module -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - #version = "2.78.0" - version = "3.0.0" - - # VPC Basic Details - name = "${local.name}-${var.vpc_name}" - cidr = var.vpc_cidr_block - azs = var.vpc_availability_zones - public_subnets = var.vpc_public_subnets - private_subnets = var.vpc_private_subnets - - # Database Subnets - database_subnets = var.vpc_database_subnets - create_database_subnet_group = var.vpc_create_database_subnet_group - create_database_subnet_route_table = var.vpc_create_database_subnet_route_table - # create_database_internet_gateway_route = true - # create_database_nat_gateway_route = true - - # NAT Gateways - Outbound Communication - enable_nat_gateway = var.vpc_enable_nat_gateway - single_nat_gateway = var.vpc_single_nat_gateway - - # VPC DNS Parameters - enable_dns_hostnames = true - enable_dns_support = true - - - tags = local.common_tags - vpc_tags = local.common_tags - - # Additional Tags to Subnets - public_subnet_tags = { - Type = "Public Subnets" - } - private_subnet_tags = { - Type = "Private Subnets" - } - database_subnet_tags = { - Type = "Private Database Subnets" - } -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c4-03-vpc-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c4-03-vpc-outputs.tf deleted file mode 100644 index c144e991..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c4-03-vpc-outputs.tf +++ /dev/null @@ -1,37 +0,0 @@ -# VPC Output Values - -# VPC ID -output "vpc_id" { - description = "The ID of the VPC" - value = module.vpc.vpc_id -} - -# VPC CIDR blocks -output "vpc_cidr_block" { - description = "The CIDR block of the VPC" - value = module.vpc.vpc_cidr_block -} - -# VPC Private Subnets -output "private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc.private_subnets -} - -# VPC Public Subnets -output "public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc.public_subnets -} - -# VPC NAT gateway Public IP -output "nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_public_ips -} - -# VPC AZs -output "azs" { - description = "A list of availability zones spefified as argument to this module" - value = module.vpc.azs -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c5-01-securitygroup-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c5-01-securitygroup-variables.tf deleted file mode 100644 index fecdef54..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c5-01-securitygroup-variables.tf +++ /dev/null @@ -1,2 +0,0 @@ -# AWS EC2 Security Group Terraform Variables -## Placeholder file for Variables diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c5-02-securitygroup-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c5-02-securitygroup-outputs.tf deleted file mode 100644 index 2bd8f58c..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c5-02-securitygroup-outputs.tf +++ /dev/null @@ -1,46 +0,0 @@ -# AWS EC2 Security Group Terraform Outputs - -# Public Bastion Host Security Group Outputs -## public_bastion_sg_group_id -output "public_bastion_sg_group_id" { - description = "The ID of the security group" - #value = module.public_bastion_sg.this_security_group_id - value = module.public_bastion_sg.security_group_id -} - -## public_bastion_sg_group_vpc_id -output "public_bastion_sg_group_vpc_id" { - description = "The VPC ID" - #value = module.public_bastion_sg.this_security_group_vpc_id - value = module.public_bastion_sg.security_group_vpc_id -} - -## public_bastion_sg_group_name -output "public_bastion_sg_group_name" { - description = "The name of the security group" - #value = module.public_bastion_sg.this_security_group_name - value = module.public_bastion_sg.security_group_name -} - -# Private EC2 Instances Security Group Outputs -## private_sg_group_id -output "private_sg_group_id" { - description = "The ID of the security group" - #value = module.private_sg.this_security_group_id - value = module.private_sg.security_group_id -} - -## private_sg_group_vpc_id -output "private_sg_group_vpc_id" { - description = "The VPC ID" - #value = module.private_sg.this_security_group_vpc_id - value = module.private_sg.security_group_vpc_id -} - -## private_sg_group_name -output "private_sg_group_name" { - description = "The name of the security group" - #value = module.private_sg.this_security_group_name - value = module.private_sg.security_group_name -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c5-03-securitygroup-bastionsg.tf b/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c5-03-securitygroup-bastionsg.tf deleted file mode 100644 index 3be1eb68..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c5-03-securitygroup-bastionsg.tf +++ /dev/null @@ -1,17 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Public Bastion Host -module "public_bastion_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - version = "4.0.0" - - name = "public-bastion-sg" - description = "Security Group with SSH port open for everybody (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c5-04-securitygroup-privatesg.tf b/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c5-04-securitygroup-privatesg.tf deleted file mode 100644 index ff6509d6..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c5-04-securitygroup-privatesg.tf +++ /dev/null @@ -1,19 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Private EC2 Instances -module "private_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - version = "4.0.0" - - name = "private-sg" - description = "Security Group with HTTP & SSH port open for entire VPC Block (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp", "http-80-tcp", "http-8080-tcp"] - #ingress_cidr_blocks = [module.vpc.vpc_cidr_block] - ingress_cidr_blocks = ["0.0.0.0/0"] # Required for NLB - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf b/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf deleted file mode 100644 index e1cdf082..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf +++ /dev/null @@ -1,29 +0,0 @@ -# Security Group for Public Load Balancer -module "loadbalancer_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - version = "4.0.0" - - name = "loadbalancer-sg" - description = "Security Group with HTTP open for entire Internet (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["http-80-tcp", "https-443-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags - - # Open to CIDRs blocks (rule or from_port+to_port+protocol+description) - ingress_with_cidr_blocks = [ - { - from_port = 81 - to_port = 81 - protocol = 6 - description = "Allow Port 81 from internet" - cidr_blocks = "0.0.0.0/0" - }, - ] -} - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c6-01-datasource-ami.tf b/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c6-01-datasource-ami.tf deleted file mode 100644 index c292b608..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c6-01-datasource-ami.tf +++ /dev/null @@ -1,21 +0,0 @@ -# Get latest AMI ID for Amazon Linux2 OS -data "aws_ami" "amzlinux2" { - most_recent = true - owners = [ "amazon" ] - filter { - name = "name" - values = [ "amzn2-ami-hvm-*-gp2" ] - } - filter { - name = "root-device-type" - values = [ "ebs" ] - } - filter { - name = "virtualization-type" - values = [ "hvm" ] - } - filter { - name = "architecture" - values = [ "x86_64" ] - } -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c6-02-datasource-route53-zone.tf b/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c6-02-datasource-route53-zone.tf deleted file mode 100644 index a30979d5..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c6-02-datasource-route53-zone.tf +++ /dev/null @@ -1,16 +0,0 @@ -# Get DNS information from AWS Route53 -data "aws_route53_zone" "mydomain" { - name = "devopsincloud.com" -} - -# Output MyDomain Zone ID -output "mydomain_zoneid" { - description = "The Hosted Zone id of the desired Hosted Zone" - value = data.aws_route53_zone.mydomain.zone_id -} - -# Output MyDomain name -output "mydomain_name" { - description = " The Hosted Zone name of the desired Hosted Zone." - value = data.aws_route53_zone.mydomain.name -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c7-01-ec2instance-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c7-01-ec2instance-variables.tf deleted file mode 100644 index 5067bec2..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c7-01-ec2instance-variables.tf +++ /dev/null @@ -1,23 +0,0 @@ -# AWS EC2 Instance Terraform Variables -# EC2 Instance Variables - -# AWS EC2 Instance Type -variable "instance_type" { - description = "EC2 Instance Type" - type = string - default = "t3.micro" -} - -# AWS EC2 Instance Key Pair -variable "instance_keypair" { - description = "AWS EC2 Key pair that need to be associated with EC2 Instance" - type = string - default = "terraform-key" -} - -# AWS EC2 Private Instance Count -variable "private_instance_count" { - description = "AWS EC2 Private Instances Count" - type = number - default = 1 -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c7-02-ec2instance-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c7-02-ec2instance-outputs.tf deleted file mode 100644 index 14415a3f..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c7-02-ec2instance-outputs.tf +++ /dev/null @@ -1,15 +0,0 @@ -# AWS EC2 Instance Terraform Outputs -# Public EC2 Instances - Bastion Host - -## ec2_bastion_public_instance_ids -output "ec2_bastion_public_instance_ids" { - description = "List of IDs of instances" - value = module.ec2_public.id -} - -## ec2_bastion_public_ip -output "ec2_bastion_public_ip" { - description = "List of public IP addresses assigned to the instances" - value = module.ec2_public.public_ip -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c7-03-ec2instance-bastion.tf b/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c7-03-ec2instance-bastion.tf deleted file mode 100644 index b13a1b56..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c7-03-ec2instance-bastion.tf +++ /dev/null @@ -1,18 +0,0 @@ -# AWS EC2 Instance Terraform Module -# Bastion Host - EC2 Instance that will be created in VPC Public Subnet -module "ec2_public" { - source = "terraform-aws-modules/ec2-instance/aws" - version = "2.17.0" - # insert the 10 required variables here - name = "${var.environment}-BastionHost" - #instance_count = 5 - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - subnet_id = module.vpc.public_subnets[0] - #vpc_security_group_ids = [module.public_bastion_sg.this_security_group_id] - vpc_security_group_ids = [module.public_bastion_sg.security_group_id] - tags = local.common_tags -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c8-elasticip.tf b/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c8-elasticip.tf deleted file mode 100644 index 07fe130b..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c8-elasticip.tf +++ /dev/null @@ -1,16 +0,0 @@ -# Create Elastic IP for Bastion Host -# Resource - depends_on Meta-Argument -resource "aws_eip" "bastion_eip" { - depends_on = [ module.ec2_public, module.vpc ] - instance = module.ec2_public.id[0] - vpc = true - tags = local.common_tags - -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) - provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c9-nullresource-provisioners.tf b/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c9-nullresource-provisioners.tf deleted file mode 100644 index a4b0bcdf..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c9-nullresource-provisioners.tf +++ /dev/null @@ -1,42 +0,0 @@ -# Create a Null Resource and Provisioners -resource "null_resource" "name" { - depends_on = [module.ec2_public] - # Connection Block for Provisioners to connect to EC2 Instance - connection { - type = "ssh" - host = aws_eip.bastion_eip.public_ip - user = "ec2-user" - password = "" - private_key = file("private-key/terraform-key.pem") - } - -## File Provisioner: Copies the terraform-key.pem file to /tmp/terraform-key.pem - provisioner "file" { - source = "private-key/terraform-key.pem" - destination = "/tmp/terraform-key.pem" - } -## Remote Exec Provisioner: Using remote-exec provisioner fix the private key permissions on Bastion Host - provisioner "remote-exec" { - inline = [ - "sudo chmod 400 /tmp/terraform-key.pem" - ] - } -## Local Exec Provisioner: local-exec provisioner (Creation-Time Provisioner - Triggered during Create Resource) - provisioner "local-exec" { - command = "echo VPC created on `date` and VPC ID: ${module.vpc.vpc_id} >> creation-time-vpc-id.txt" - working_dir = "local-exec-output-files/" - #on_failure = continue - } -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) -/* provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } - */ - -} - -# Creation Time Provisioners - By default they are created during resource creations (terraform apply) -# Destory Time Provisioners - Will be executed during "terraform destroy" command (when = destroy) \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/ec2instance.auto.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/ec2instance.auto.tfvars deleted file mode 100644 index 2d1c0446..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/ec2instance.auto.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -# EC2 Instance Variables -instance_type = "t3.micro" -instance_keypair = "terraform-key" -private_instance_count = 2 diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt b/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt deleted file mode 100644 index c14b6d42..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt +++ /dev/null @@ -1,14 +0,0 @@ -VPC created on Tue Apr 20 13:59:45 IST 2021 and VPC ID: vpc-0325dc1acd7eec103 -VPC created on Fri Apr 23 14:38:18 IST 2021 and VPC ID: vpc-0159283c216ac75de -VPC created on Tue Apr 27 10:44:49 IST 2021 and VPC ID: vpc-0f27dbec1d02214ac -VPC created on Tue Apr 27 11:43:16 IST 2021 and VPC ID: vpc-0919ae691ce17b447 -VPC created on Tue Apr 27 15:46:33 IST 2021 and VPC ID: vpc-0c049ce82c2fef9d3 -VPC created on Wed Apr 28 07:46:02 IST 2021 and VPC ID: vpc-0d39babb1eceb9575 -VPC created on Wed Apr 28 09:38:00 IST 2021 and VPC ID: vpc-09e48c566409ec82d -VPC created on Wed Apr 28 10:24:07 IST 2021 and VPC ID: vpc-09022e15de01c4a50 -VPC created on Wed Apr 28 10:50:57 IST 2021 and VPC ID: vpc-092812c768984d8be -VPC created on Wed Apr 28 11:34:10 IST 2021 and VPC ID: vpc-01adbaf8ac37d8544 -VPC created on Thu Apr 29 07:49:39 IST 2021 and VPC ID: vpc-076756b5a8528bb7c -VPC created on Thu Apr 29 14:42:12 IST 2021 and VPC ID: vpc-0c1dc4b0f2ac20dcb -VPC created on Fri Apr 30 07:09:19 IST 2021 and VPC ID: vpc-03688705ea5b23544 -VPC created on Sat May 8 14:06:23 IST 2021 and VPC ID: vpc-08aca5f197b632448 diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/local-exec-output-files/destroy-time-prov.txt b/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/local-exec-output-files/destroy-time-prov.txt deleted file mode 100644 index 15d54eef..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/local-exec-output-files/destroy-time-prov.txt +++ /dev/null @@ -1,14 +0,0 @@ -Destroy time prov Tue Apr 20 14:11:11 IST 2021 -Destroy time prov Fri Apr 23 16:06:53 IST 2021 -Destroy time prov Tue Apr 27 11:10:39 IST 2021 -Destroy time prov Tue Apr 27 13:09:09 IST 2021 -Destroy time prov Tue Apr 27 16:20:51 IST 2021 -Destroy time prov Wed Apr 28 08:12:01 IST 2021 -Destroy time prov Wed Apr 28 10:12:10 IST 2021 -Destroy time prov Wed Apr 28 10:39:23 IST 2021 -Destroy time prov Wed Apr 28 11:24:38 IST 2021 -Destroy time prov Wed Apr 28 13:05:25 IST 2021 -Destroy time prov Thu Apr 29 11:15:01 IST 2021 -Destroy time prov Thu Apr 29 16:03:46 IST 2021 -Destroy time prov Fri Apr 30 09:35:00 IST 2021 -Destroy time prov Sat May 8 14:16:59 IST 2021 diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/private-key/terraform-key.pem b/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/private-key/terraform-key.pem deleted file mode 100644 index fab1eb2a..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/private-key/terraform-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAnzQtbXStFNU4znotckbPpAbQvymSYBvIRhObDObmhZLzs/Qm -lm57HBU18NcdAeEmKjHyu/2CI4Wwor3TJ+LTKHIldHmCt+26dSN5889Km99Af674 -nuPg9fTt8IXhY83aO0AeEnFivC+lk9+6Xezv7J7Llsmyx3kvUGE4uUEPNPuNcjdU -OrSlQ/Th9FPWBsTL8wLQCfQaPIQhZT8fXnvNGViTpZ/YqcoKGmkXcMl/+Pi0Xccs -ID3Egl18sV5uWr6T1DSMqhhwWYbl+IagZYUeKQ6Lg5znAtnX2/OHhDep6pGcf+aE -jbRkhQWgfLIVYhNXkAGxdxBEA2fQO0wvnaKI6wIDAQABAoIBABmUZqApmQ253LDA -TMEJw58VQUEVyuEKVbl8uPLvvqZDoEiPuAt/oOQ4PDyAM7bzmBA7ikbOSrSubF0Z -pu3HsinTfVUjmO84kTb1Bkk4S0KUMmbRlDzjXGfofLqiqD5C+wd+G9bWxQh7l10V -G3qv8TTRpuCJc+I9BG8jz9tkKq9WYtnGKXktVIAmEXK+ein8A5yj+szV1CyP0y6Y -6D1KApk+o1hLEXCBxaK6JgD4elJWgU0jCIhRFZzae93yozNIfJc2WZfPc8Ro6GBa -8H57q3E241P7S65VewhZlln9AUcRFYc587ohcCIW8mOWQ8NA3IMP+oVxa2p334Ll -duhR2jECgYEAyf7a1/+/c82B+ENyo53Y5CK2UM28oOJjiyCaWG2Dxj6V2+ZSXPrS -YTo43L9XiqT0Ry2eHjb4pJDsEeW5FnaDFO6NVUP+vfzaqWtozQmVAl3GQybbSh6g -+KJoEQff2Obadp9ZVhLFTiBedvGqPD43hs7jtmk5RfMjpLOvidfe+/UCgYEAycSJ -etYYHMMQm2NgX1/4dcbgOiu33N+x1H7LaXuvJMaZw0wB7fUyu65CAexEanDtiKs3 -jVG4tAzdMmHg7VxKR7eiCvQaSlxdWdcWtL2eFVq2TaQeowbpJUtsR0h6W0vpaN9A -VYW/oAH4fzQskwmWSlBMxB/Ie14hBCBckTXSRV8CgYEAql6WXpCK/jVbZfYdfvrn -sKPGeijM7DWGGBaLmAHmnxKyeyKsXVgAkZj11NpeD8ZJcq97Kajb1pGVSxMjJVsX -/FOoST5sYfoew76gSi/GypQlYQYo9z8WLh9s/tBRcTRlFqAYTYzPdbG/ezshhmZD -lyRw0620bNdCPOyBJhY5MPECgYA/3tFOazuSz0UQi3LUfkLetagBghlf+AgJJmIp -8BdPYvcF1ae+tiHrO4x1o188+qaW3uxk9fusM25KJqXXPaHd9gl7wi4YYAjFCcuM -R4IlbGPNTCjOnr9rKOcL4aup/uvSYOmyqPYyJq2NRuzdVumWeLj0VMNYGkIFVmE3 -LnxzrQKBgG5loEjdSKt40YOMXtYvUYUKDGvWgoQEb0hj3OqiBXz+w4YD3/iX7dbQ -qra1gCxE42Z9beiBiti6zi6zGcoVj/pfNUoyxTLMSwaytbF+g1u6ksXcmC9PXcmk -kJDR0DJcm/rcL8tp3PKo22GDB7sobm9gk5je6y8z+dQs3SQbWzb0 ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/terraform.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/terraform.tfvars deleted file mode 100644 index 8b9f8d7c..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/terraform.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# Generic Variables -aws_region = "us-east-1" -environment = "stag" -business_divsion = "hr" - - - - - - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/vpc.auto.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/vpc.auto.tfvars deleted file mode 100644 index fc45bf29..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/vpc.auto.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# VPC Variables -vpc_name = "myvpc" -vpc_cidr_block = "10.0.0.0/16" -vpc_availability_zones = ["us-east-1a", "us-east-1b"] -vpc_public_subnets = ["10.0.101.0/24", "10.0.102.0/24"] -vpc_private_subnets = ["10.0.1.0/24", "10.0.2.0/24"] -vpc_database_subnets= ["10.0.151.0/24", "10.0.152.0/24"] -vpc_create_database_subnet_group = true -vpc_create_database_subnet_route_table = true -vpc_enable_nat_gateway = true -vpc_single_nat_gateway = true \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/README.md b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/README.md deleted file mode 100644 index 94edcfe9..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/README.md +++ /dev/null @@ -1,329 +0,0 @@ ---- -title: AWS CloudWatch using Terraform -description: Create CloudWatch Alarms for ASG, ALB, Synthetics, CIS Alarams ---- -# CloudWatch + ALB + Autoscaling with Launch Templates - -## Step-01: Introduction -- Create the following Alarms using CloudWatch with the end to end usecase we have built so far - - AWS Application Load Balancer Alarms - - AWS Autoscaling Group Alarms - - AWS CIS Alarms (Center for Internet Security) -- AWS CloudWatch Synthetics - - Implement a Heart Beat Monitor - - -[](https://stacksimplify.com/course-images/terraform-aws-cloudwatch-1.png) - -[](https://stacksimplify.com/course-images/terraform-aws-cloudwatch-2.png) - -[](https://stacksimplify.com/course-images/terraform-aws-cloudwatch-3.png) - -## Step-02: Copy all files from Section-15 -- Copy all the files from `15-Autoscaling-with-Launch-Templates\terraform-manifests` - -## Step-03: c12-route53-dnsregistration.tf -- Change the DNS name as per your demo content -```t - name = "cloudwatch1.devopsincloud.com" -``` - -## Step-04: c14-01-cloudwatch-variables.tf -- Create a place holder file to define CloudWatch Variables - -## Step-05: c14-02-cloudwatch-asg-alarms.tf -```t -# Define CloudWatch Alarms for Autoscaling Groups - -# Autoscaling - Scaling Policy for High CPU -resource "aws_autoscaling_policy" "high_cpu" { - name = "high-cpu" - scaling_adjustment = 4 - adjustment_type = "ChangeInCapacity" - cooldown = 300 - autoscaling_group_name = aws_autoscaling_group.my_asg.name -} - -# Cloud Watch Alarm to trigger the above scaling policy when CPU Utilization is above 80% -# Also send the notificaiton email to users present in SNS Topic Subscription -resource "aws_cloudwatch_metric_alarm" "app1_asg_cwa_cpu" { - alarm_name = "App1-ASG-CWA-CPUUtilization" - comparison_operator = "GreaterThanOrEqualToThreshold" - evaluation_periods = "2" - metric_name = "CPUUtilization" - namespace = "AWS/EC2" - period = "120" - statistic = "Average" - threshold = "80" - - dimensions = { - AutoScalingGroupName = aws_autoscaling_group.my_asg.name - } - - alarm_description = "This metric monitors ec2 cpu utilization and triggers the ASG Scaling policy to scale-out if CPU is above 80%" - - ok_actions = [aws_sns_topic.myasg_sns_topic.arn] - alarm_actions = [ - aws_autoscaling_policy.high_cpu.arn, - aws_sns_topic.myasg_sns_topic.arn - ] -} -``` - -## Step-06: c14-03-cloudwatch-alb-alarms.tf -```t -# Define CloudWatch Alarms for ALB -# Alert if HTTP 4xx errors are more than threshold value -resource "aws_cloudwatch_metric_alarm" "alb_4xx_errors" { - alarm_name = "App1-ALB-HTTP-4xx-errors" - comparison_operator = "GreaterThanThreshold" - datapoints_to_alarm = "2" # "2" - evaluation_periods = "3" # "3" - metric_name = "HTTPCode_Target_4XX_Count" - namespace = "AWS/ApplicationELB" - period = "120" - statistic = "Sum" - threshold = "5" # Update real-world value like 100, 200 etc - treat_missing_data = "missing" - dimensions = { - LoadBalancer = module.alb.lb_arn_suffix - } - alarm_description = "This metric monitors ALB HTTP 4xx errors and if they are above 100 in specified interval, it is going to send a notification email" - ok_actions = [aws_sns_topic.myasg_sns_topic.arn] - alarm_actions = [aws_sns_topic.myasg_sns_topic.arn] -} - -# Per AppELB Metrics -## - HTTPCode_ELB_5XX_Count -## - HTTPCode_ELB_502_Count -## - TargetResponseTime -# Per AppELB, per TG Metrics -## - UnHealthyHostCount -## - HealthyHostCount -## - HTTPCode_Target_4XX_Count -## - TargetResponseTime -``` - -## Step-07: c14-04-cloudwatch-cis-alarms.tf -- [Terraform AWS CloudWatch Module](https://registry.terraform.io/modules/terraform-aws-modules/cloudwatch/aws/latest) -- [AWS CIS Alarms](https://registry.terraform.io/modules/terraform-aws-modules/cloudwatch/aws/latest/submodules/cis-alarms) -- [CIS AWS Foundations Benchmark controls](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cis-controls.html) - -```t -# Create Log Group for CIS -resource "aws_cloudwatch_log_group" "cis_log_group" { - name = "cis-log-group-${random_pet.this.id}" -} - -# Define CIS Alarms -module "all_cis_alarms" { - source = "terraform-aws-modules/cloudwatch/aws//modules/cis-alarms" - version = "2.0.0" - - disabled_controls = ["DisableOrDeleteCMK", "VPCChanges"] - log_group_name = aws_cloudwatch_log_group.cis_log_group.name - alarm_actions = [aws_sns_topic.myasg_sns_topic.arn] - tags = local.common_tags -} -``` - -## Step-08: AWS CloudWatch Synthetics - Run manually and Understand -- Understand AWS CloudWatch Synthetics -- Create CloudWatch Synthetics using AWS management console and explore more about it - -## Step-09: AWS CloudWatch Synthetics using Terraform -- Review the following files -- **File-1:** `sswebsite2\nodejs\node_modules\sswebsite2.js` -- **File-2:** sswebsite2v1.zip - -### Step-09-01: Create Folder Structure -- `nodejs\node_modules\` - -### Step-09-02: Create sswebsite2.js file -- Use `Heart Beat Monitor` sample from AWS Management Console - AWS CloudWatch Sythetic Service -- Update your Application DNS Name -```t -# Before - const urls = ['https://stacksimplify.com']; - -# After - const urls = ['https://yourapp.com']; -``` -### Step-09-03: Create ZIP file -```t -cd sswebsite2 -zip -r sswebsite2v1.zip nodejs -``` -### Step-09-04: c14-05-cloudwatch-synthetics.tf - Create IAM Policy and Role -```t -# AWS IAM Policy -resource "aws_iam_policy" "cw_canary_iam_policy" { - name = "cw-canary-iam-policy" - path = "/" - description = "CloudWatch Canary Synthetic IAM Policy" - - # Terraform's "jsonencode" function converts a - # Terraform expression result to valid JSON syntax. - policy = jsonencode({ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "VisualEditor0", - "Effect": "Allow", - "Action": "cloudwatch:PutMetricData", - "Resource": "*", - "Condition": { - "StringEquals": { - "cloudwatch:namespace": "CloudWatchSynthetics" - } - } - }, - { - "Sid": "VisualEditor1", - "Effect": "Allow", - "Action": [ - "s3:PutObject", - "logs:CreateLogStream", - "s3:ListAllMyBuckets", - "logs:CreateLogGroup", - "logs:PutLogEvents", - "s3:GetBucketLocation", - "xray:PutTraceSegments" - ], - "Resource": "*" - } - ] -}) -} - -# AWS IAM Role -resource "aws_iam_role" "cw_canary_iam_role" { - name = "cw-canary-iam-role" - description = "CloudWatch Synthetics lambda execution role for running canaries" - path = "/service-role/" - #assume_role_policy = data.aws_iam_policy_document.instance_assume_role_policy.json # (not shown) - assume_role_policy = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"lambda.amazonaws.com\"},\"Action\":\"sts:AssumeRole\"}]}" - managed_policy_arns = [aws_iam_policy.cw_canary_iam_policy.arn] -} -``` - -### Step-09-05: c14-05-cloudwatch-synthetics.tf - Create S3 Bucket -```t -# Create S3 Bucket -resource "aws_s3_bucket" "cw_canary_bucket" { - bucket = "cw-canary-bucket-${random_pet.this.id}" - acl = "private" - force_destroy = true - - tags = { - Name = "My bucket" - Environment = "Dev" - } -} -``` -### Step-09-06: c14-05-cloudwatch-synthetics.tf - Create AWS CloudWatch Canary Resource -```t - -# AWS CloudWatch Canary -resource "aws_synthetics_canary" "sswebsite2" { - name = "sswebsite2" - artifact_s3_location = "s3://${aws_s3_bucket.cw_canary_bucket.id}/sswebsite2" - execution_role_arn = aws_iam_role.cw_canary_iam_role.arn - handler = "sswebsite2.handler" - zip_file = "sswebsite2/sswebsite2v1.zip" - runtime_version = "syn-nodejs-puppeteer-3.1" - start_canary = true - - run_config { - active_tracing = true - memory_in_mb = 960 - timeout_in_seconds = 60 - } - schedule { - expression = "rate(1 minute)" - } -} -``` -### Step-09-07: c14-05-cloudwatch-synthetics.tf - Create AWS CloudWatch Metric Alarm for Canary Resource -```t -# AWS CloudWatch Metric Alarm for Synthetics Heart Beat Monitor when availability is less than 10 percent -resource "aws_cloudwatch_metric_alarm" "synthetics_alarm_app1" { - alarm_name = "Synthetics-Alarm-App1" - comparison_operator = "LessThanThreshold" - datapoints_to_alarm = "1" # "2" - evaluation_periods = "1" # "3" - metric_name = "SuccessPercent" - namespace = "CloudWatchSynthetics" - period = "300" - statistic = "Average" - threshold = "90" - treat_missing_data = "breaching" # You can also add "missing" - dimensions = { - CanaryName = aws_synthetics_canary.sswebsite2.id - } - alarm_description = "Synthetics alarm metric: SuccessPercent LessThanThreshold 90" - ok_actions = [aws_sns_topic.myasg_sns_topic.arn] - alarm_actions = [aws_sns_topic.myasg_sns_topic.arn] -} -``` - - -## Step-10: Execute Terraform Commands -```t -# Terraform Initialize -terraform init - -# Terraform Validate -terraform validate - -# Terraform Plan -terraform plan - -# Terraform Apply -terraform apply -auto-approve -``` - -## Step-11: Verify Resources -0. Confirm SNS Subscription in your email -1. Verify EC2 Instances -2. Verify Launch Templates (High Level) -3. Verify Autoscaling Group (High Level) -4. Verify Load Balancer -5. Verify Load Balancer Target Group - Health Checks -6. Cloud Watch -- ALB Alarm -- ASG Alarm -- CIS Alarms -- Synthetics -7. Access and Test -```t -# Access and Test -http://cloudwatch.devopsincloud.com -http://cloudwatch.devopsincloud.com/app1/index.html -http://cloudwatch.devopsincloud.com/app1/metadata.html -``` - -## Step-11: Clean-Up -```t -# Delete Resources -terraform destroy -auto-approve - -# Delete Files -rm -rf .terraform* -rm -rf terraform.tfstate* -``` - - - -## Additional Knowledge -```t -terraform import aws_cloudwatch_metric_alarm.test alarm-12345 -terraform import aws_cloudwatch_metric_alarm.temp1 alb-4xx-temp-1 -``` - - -## References -- [ALL CW Metrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/aws-services-cloudwatch-metrics.html) -- [ALB CW Metrics](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-cloudwatch-metrics.html) -- [CloudWatch Concepts](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html) - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/cw-synthetics-manifests-v1/c1-versions.tf b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/cw-synthetics-manifests-v1/c1-versions.tf deleted file mode 100644 index cb7989da..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/cw-synthetics-manifests-v1/c1-versions.tf +++ /dev/null @@ -1,34 +0,0 @@ -# Terraform Block -terraform { - required_version = "~> 0.14" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 3.0" - } - null = { - source = "hashicorp/null" - version = "~> 3.0" - } - random = { - source = "hashicorp/random" - version = "~> 3.0" - } - } -} - -# Provider Block -provider "aws" { - region = "us-east-1" - profile = "default" -} -/* -Note-1: AWS Credentials Profile (profile = "default") configured on your local desktop terminal -$HOME/.aws/credentials -*/ - -# Create Random Pet Resource -resource "random_pet" "this" { - length = 2 -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/cw-synthetics-manifests-v1/c14-05-cloudwatch-synthetics.tf b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/cw-synthetics-manifests-v1/c14-05-cloudwatch-synthetics.tf deleted file mode 100644 index 0eb308ee..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/cw-synthetics-manifests-v1/c14-05-cloudwatch-synthetics.tf +++ /dev/null @@ -1,31 +0,0 @@ -# Temp CW Synthetics -/*resource "aws_synthetics_canary" "some" { - -}*/ - -## Use Terraform Import -/* -1. Create temp resource as above -2. Take terraform.tfstate backup -cp terraform.tfstate terraform.tfstate_before_canary -terraform import aws_synthetics_canary.some app1-canary-test -*/ - -resource "aws_synthetics_canary" "sswebsite2" { - name = "sswebsite2" - artifact_s3_location = "s3://cw-syn-results-180789647333-us-east-1/canary/us-east-1/sswebsite2" - execution_role_arn = "arn:aws:iam::180789647333:role/service-role/CloudWatchSyntheticsRole-app1-canary-test-eaf-ff4674189c99" - handler = "sswebsite2.handler" - zip_file = "sswebsite2/sswebsite2v1.zip" - runtime_version = "syn-nodejs-puppeteer-3.1" - start_canary = true - - run_config { - active_tracing = true - memory_in_mb = 960 - timeout_in_seconds = 60 - } - schedule { - expression = "rate(1 minute)" - } -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/cw-synthetics-manifests-v1/sswebsite2/nodejs/node_modules/sswebsite2.js b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/cw-synthetics-manifests-v1/sswebsite2/nodejs/node_modules/sswebsite2.js deleted file mode 100644 index 625dcf57..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/cw-synthetics-manifests-v1/sswebsite2/nodejs/node_modules/sswebsite2.js +++ /dev/null @@ -1,95 +0,0 @@ -const URL = require('url'); -const synthetics = require('Synthetics'); -const log = require('SyntheticsLogger'); -const syntheticsConfiguration = synthetics.getConfiguration(); - -const loadBlueprint = async function () { - - const urls = ['https://stacksimplify.com']; - - // Set screenshot option - const takeScreenshot = true; - - /* Disabling default step screen shots taken during Synthetics.executeStep() calls - * Step will be used to publish metrics on time taken to load dom content but - * Screenshots will be taken outside the executeStep to allow for page to completely load with domcontentloaded - * You can change it to load, networkidle0, networkidle2 depending on what works best for you. - */ - syntheticsConfiguration.disableStepScreenshots(); - syntheticsConfiguration.setConfig({ - continueOnStepFailure: true - }); - - let page = await synthetics.getPage(); - - for (const url of urls) { - await loadUrl(page, url, takeScreenshot); - } -}; - -// Reset the page in-between -const resetPage = async function(page) { - try { - await page.goto('about:blank',{waitUntil: ['load', 'networkidle0'], timeout: 30000} ); - } catch(ex) { - synthetics.addExecutionError('Unable to open a blank page ', ex); - } -} - -const loadUrl = async function (page, url, takeScreenshot) { - let stepName = null; - let domcontentloaded = false; - - try { - stepName = URL.parse(url).hostname; - } catch (error) { - const errorString = `Error parsing url: ${url}. ${error}`; - log.error(errorString); - /* If we fail to parse the URL, don't emit a metric with a stepName based on it. - It may not be a legal CloudWatch metric dimension name and we may not have an alarms - setup on the malformed URL stepName. Instead, fail this step which will - show up in the logs and will fail the overall canary and alarm on the overall canary - success rate. - */ - throw error; - } - - await synthetics.executeStep(stepName, async function () { - - /* You can customize the wait condition here. For instance, using 'networkidle2' or 'networkidle0' to load page completely. - networkidle0: Navigation is successful when the page has had no network requests for half a second. This might never happen if page is constantly loading multiple resources. - networkidle2: Navigation is successful when the page has no more then 2 network requests for half a second. - domcontentloaded: It's fired as soon as the page DOM has been loaded, without waiting for resources to finish loading. Can be used and then add explicit await page.waitFor(timeInMs) - */ - const response = await page.goto(url, { waitUntil: ['domcontentloaded'], timeout: 30000}); - if (response) { - domcontentloaded = true; - const status = response.status(); - const statusText = response.statusText(); - - const logResponseString = `Response from url: ${url} Status: ${status} Status Text: ${statusText}`; - - //If the response status code is not a 2xx success code - if (response.status() < 200 || response.status() > 299) { - throw `Failed to load url: ${url} ${response.status()} ${response.statusText()}`; - } - } else { - const logNoResponseString = `No response returned for url: ${url}`; - log.error(logNoResponseString); - throw new Error(logNoResponseString); - } - }); - - // Wait for 15 seconds to let page load fully before taking screenshot. - if (domcontentloaded && takeScreenshot) { - await page.waitFor(15000); - await synthetics.takeScreenshot(stepName, 'loaded'); - await resetPage(page); - } -}; - -const urls = []; - -exports.handler = async () => { - return await loadBlueprint(); -}; \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/cw-synthetics-manifests-v1/sswebsite2/sswebsite2v1.zip b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/cw-synthetics-manifests-v1/sswebsite2/sswebsite2v1.zip deleted file mode 100644 index c2d3acb3..00000000 Binary files a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/cw-synthetics-manifests-v1/sswebsite2/sswebsite2v1.zip and /dev/null differ diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/cw-synthetics-manifests-v2/c1-versions.tf b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/cw-synthetics-manifests-v2/c1-versions.tf deleted file mode 100644 index cb7989da..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/cw-synthetics-manifests-v2/c1-versions.tf +++ /dev/null @@ -1,34 +0,0 @@ -# Terraform Block -terraform { - required_version = "~> 0.14" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 3.0" - } - null = { - source = "hashicorp/null" - version = "~> 3.0" - } - random = { - source = "hashicorp/random" - version = "~> 3.0" - } - } -} - -# Provider Block -provider "aws" { - region = "us-east-1" - profile = "default" -} -/* -Note-1: AWS Credentials Profile (profile = "default") configured on your local desktop terminal -$HOME/.aws/credentials -*/ - -# Create Random Pet Resource -resource "random_pet" "this" { - length = 2 -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/cw-synthetics-manifests-v2/c14-05-cloudwatch-synthetics.tf b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/cw-synthetics-manifests-v2/c14-05-cloudwatch-synthetics.tf deleted file mode 100644 index 8c402cba..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/cw-synthetics-manifests-v2/c14-05-cloudwatch-synthetics.tf +++ /dev/null @@ -1,101 +0,0 @@ -# AWS IAM Policy -resource "aws_iam_policy" "cw_canary_iam_policy" { - name = "cw-canary-iam-policy" - path = "/" - description = "CloudWatch Canary Synthetic IAM Policy" - - # Terraform's "jsonencode" function converts a - # Terraform expression result to valid JSON syntax. - policy = jsonencode({ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "VisualEditor0", - "Effect": "Allow", - "Action": "cloudwatch:PutMetricData", - "Resource": "*", - "Condition": { - "StringEquals": { - "cloudwatch:namespace": "CloudWatchSynthetics" - } - } - }, - { - "Sid": "VisualEditor1", - "Effect": "Allow", - "Action": [ - "s3:PutObject", - "logs:CreateLogStream", - "s3:ListAllMyBuckets", - "logs:CreateLogGroup", - "logs:PutLogEvents", - "s3:GetBucketLocation", - "xray:PutTraceSegments" - ], - "Resource": "*" - } - ] -}) -} - -# AWS IAM Role -resource "aws_iam_role" "cw_canary_iam_role" { - name = "cw-canary-iam-role" - description = "CloudWatch Synthetics lambda execution role for running canaries" - path = "/service-role/" - #assume_role_policy = data.aws_iam_policy_document.instance_assume_role_policy.json # (not shown) - assume_role_policy = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"lambda.amazonaws.com\"},\"Action\":\"sts:AssumeRole\"}]}" - managed_policy_arns = [aws_iam_policy.cw_canary_iam_policy.arn] -} - -# Create S3 Bucket -resource "aws_s3_bucket" "cw_canary_bucket" { - bucket = "cw-canary-bucket-${random_pet.this.id}" - acl = "private" - force_destroy = true - - tags = { - Name = "My bucket" - Environment = "Dev" - } -} - -# AWS CloudWatch Canary -resource "aws_synthetics_canary" "sswebsite2" { - name = "sswebsite2" - artifact_s3_location = "s3://${aws_s3_bucket.cw_canary_bucket.id}/sswebsite2" - execution_role_arn = aws_iam_role.cw_canary_iam_role.arn - handler = "sswebsite2.handler" - zip_file = "sswebsite2/sswebsite2v1.zip" - runtime_version = "syn-nodejs-puppeteer-3.1" - start_canary = true - - run_config { - active_tracing = true - memory_in_mb = 960 - timeout_in_seconds = 60 - } - schedule { - expression = "rate(1 minute)" - } -} - -# AWS CloudWatch Metric Alarm for Synthetics Heart Beat Monitor when availability is less than 10 percent -resource "aws_cloudwatch_metric_alarm" "synthetics_alarm_app1" { - alarm_name = "Synthetics-Alarm-App1" - comparison_operator = "LessThanThreshold" - datapoints_to_alarm = "2" # "2" - evaluation_periods = "3" # "3" - metric_name = "SuccessPercent" - namespace = "CloudWatchSynthetics" - period = "300" - statistic = "Average" - threshold = "90" - treat_missing_data = "breaching" # You can also add "missing" - dimensions = { - CanaryName = aws_synthetics_canary.sswebsite2.id - } - alarm_description = "Synthetics alarm metric: SuccessPercent LessThanThreshold 90" - ok_actions = [aws_sns_topic.myasg_sns_topic.arn] - alarm_actions = [aws_sns_topic.myasg_sns_topic.arn] -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/cw-synthetics-manifests-v2/c9-import-role.tf b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/cw-synthetics-manifests-v2/c9-import-role.tf deleted file mode 100644 index 70d40d15..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/cw-synthetics-manifests-v2/c9-import-role.tf +++ /dev/null @@ -1,5 +0,0 @@ -/*resource "aws_iam_role" "developer" { - -}*/ - -# terraform import aws_iam_role.developer CloudWatchSyntheticsRole-sswebsite-3a7-8333e475ed87 diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/cw-synthetics-manifests-v2/sswebsite2/nodejs/node_modules/sswebsite2.js b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/cw-synthetics-manifests-v2/sswebsite2/nodejs/node_modules/sswebsite2.js deleted file mode 100644 index 625dcf57..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/cw-synthetics-manifests-v2/sswebsite2/nodejs/node_modules/sswebsite2.js +++ /dev/null @@ -1,95 +0,0 @@ -const URL = require('url'); -const synthetics = require('Synthetics'); -const log = require('SyntheticsLogger'); -const syntheticsConfiguration = synthetics.getConfiguration(); - -const loadBlueprint = async function () { - - const urls = ['https://stacksimplify.com']; - - // Set screenshot option - const takeScreenshot = true; - - /* Disabling default step screen shots taken during Synthetics.executeStep() calls - * Step will be used to publish metrics on time taken to load dom content but - * Screenshots will be taken outside the executeStep to allow for page to completely load with domcontentloaded - * You can change it to load, networkidle0, networkidle2 depending on what works best for you. - */ - syntheticsConfiguration.disableStepScreenshots(); - syntheticsConfiguration.setConfig({ - continueOnStepFailure: true - }); - - let page = await synthetics.getPage(); - - for (const url of urls) { - await loadUrl(page, url, takeScreenshot); - } -}; - -// Reset the page in-between -const resetPage = async function(page) { - try { - await page.goto('about:blank',{waitUntil: ['load', 'networkidle0'], timeout: 30000} ); - } catch(ex) { - synthetics.addExecutionError('Unable to open a blank page ', ex); - } -} - -const loadUrl = async function (page, url, takeScreenshot) { - let stepName = null; - let domcontentloaded = false; - - try { - stepName = URL.parse(url).hostname; - } catch (error) { - const errorString = `Error parsing url: ${url}. ${error}`; - log.error(errorString); - /* If we fail to parse the URL, don't emit a metric with a stepName based on it. - It may not be a legal CloudWatch metric dimension name and we may not have an alarms - setup on the malformed URL stepName. Instead, fail this step which will - show up in the logs and will fail the overall canary and alarm on the overall canary - success rate. - */ - throw error; - } - - await synthetics.executeStep(stepName, async function () { - - /* You can customize the wait condition here. For instance, using 'networkidle2' or 'networkidle0' to load page completely. - networkidle0: Navigation is successful when the page has had no network requests for half a second. This might never happen if page is constantly loading multiple resources. - networkidle2: Navigation is successful when the page has no more then 2 network requests for half a second. - domcontentloaded: It's fired as soon as the page DOM has been loaded, without waiting for resources to finish loading. Can be used and then add explicit await page.waitFor(timeInMs) - */ - const response = await page.goto(url, { waitUntil: ['domcontentloaded'], timeout: 30000}); - if (response) { - domcontentloaded = true; - const status = response.status(); - const statusText = response.statusText(); - - const logResponseString = `Response from url: ${url} Status: ${status} Status Text: ${statusText}`; - - //If the response status code is not a 2xx success code - if (response.status() < 200 || response.status() > 299) { - throw `Failed to load url: ${url} ${response.status()} ${response.statusText()}`; - } - } else { - const logNoResponseString = `No response returned for url: ${url}`; - log.error(logNoResponseString); - throw new Error(logNoResponseString); - } - }); - - // Wait for 15 seconds to let page load fully before taking screenshot. - if (domcontentloaded && takeScreenshot) { - await page.waitFor(15000); - await synthetics.takeScreenshot(stepName, 'loaded'); - await resetPage(page); - } -}; - -const urls = []; - -exports.handler = async () => { - return await loadBlueprint(); -}; \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/cw-synthetics-manifests-v2/sswebsite2/sswebsite2v1.zip b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/cw-synthetics-manifests-v2/sswebsite2/sswebsite2v1.zip deleted file mode 100644 index c2d3acb3..00000000 Binary files a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/cw-synthetics-manifests-v2/sswebsite2/sswebsite2v1.zip and /dev/null differ diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/temp-alarm/temp-alarm.tf b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/temp-alarm/temp-alarm.tf deleted file mode 100644 index 1f7c75a4..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/temp-alarm/temp-alarm.tf +++ /dev/null @@ -1,12 +0,0 @@ -provider "aws" { - region = "us-east-1" -} - -resource "aws_cloudwatch_metric_alarm" "temp" { - -} - -/* Create my terraform import command -terraform import aws_cloudwatch_metric_alarm.temp temp-alarm -terraform import aws_cloudwatch_metric_alarm.temp Synthetics-Alarm-my-manual-canary2-1 -*/ \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/temp-alarm/terraform.tfstate-file-alb b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/temp-alarm/terraform.tfstate-file-alb deleted file mode 100644 index 82536555..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/temp-alarm/terraform.tfstate-file-alb +++ /dev/null @@ -1,53 +0,0 @@ -{ - "version": 4, - "terraform_version": "0.15.0", - "serial": 1, - "lineage": "1720e85c-8dab-b211-42ec-8d55d972f7ed", - "outputs": {}, - "resources": [ - { - "mode": "managed", - "type": "aws_cloudwatch_metric_alarm", - "name": "temp", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 1, - "attributes": { - "actions_enabled": true, - "alarm_actions": [ - "arn:aws:sns:us-east-1:180789647333:tempasg-11-sns-topic11" - ], - "alarm_description": "temp-alarm", - "alarm_name": "temp-alarm", - "arn": "arn:aws:cloudwatch:us-east-1:180789647333:alarm:temp-alarm", - "comparison_operator": "GreaterThanThreshold", - "datapoints_to_alarm": 1, - "dimensions": { - "LoadBalancer": "app/hr-stag-alb/0a6f6b656983b09f" - }, - "evaluate_low_sample_count_percentiles": "", - "evaluation_periods": 1, - "extended_statistic": "", - "id": "temp-alarm", - "insufficient_data_actions": [], - "metric_name": "TargetResponseTime", - "metric_query": [], - "namespace": "AWS/ApplicationELB", - "ok_actions": [], - "period": 300, - "statistic": "Average", - "tags": {}, - "tags_all": {}, - "threshold": 100, - "threshold_metric_id": "", - "treat_missing_data": "missing", - "unit": "" - }, - "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==" - } - ] - } - ] -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/temp-alarm/terraform.tfstate-file-synthetics-canary b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/temp-alarm/terraform.tfstate-file-synthetics-canary deleted file mode 100644 index b745407c..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/temp-alarm/terraform.tfstate-file-synthetics-canary +++ /dev/null @@ -1,53 +0,0 @@ -{ - "version": 4, - "terraform_version": "0.15.0", - "serial": 1, - "lineage": "7b023b55-71ba-4058-1d03-421f5a234cda", - "outputs": {}, - "resources": [ - { - "mode": "managed", - "type": "aws_cloudwatch_metric_alarm", - "name": "temp", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 1, - "attributes": { - "actions_enabled": true, - "alarm_actions": [ - "arn:aws:sns:us-east-1:180789647333:tempasg-11-sns-topic11" - ], - "alarm_description": "Synthetics alarm metric: SuccessPercent LessThanThreshold 90", - "alarm_name": "Synthetics-Alarm-my-manual-canary2-1", - "arn": "arn:aws:cloudwatch:us-east-1:180789647333:alarm:Synthetics-Alarm-my-manual-canary2-1", - "comparison_operator": "LessThanThreshold", - "datapoints_to_alarm": 1, - "dimensions": { - "CanaryName": "my-manual-canary2" - }, - "evaluate_low_sample_count_percentiles": "", - "evaluation_periods": 1, - "extended_statistic": "", - "id": "Synthetics-Alarm-my-manual-canary2-1", - "insufficient_data_actions": [], - "metric_name": "SuccessPercent", - "metric_query": [], - "namespace": "CloudWatchSynthetics", - "ok_actions": [], - "period": 300, - "statistic": "Average", - "tags": {}, - "tags_all": {}, - "threshold": 90, - "threshold_metric_id": "", - "treat_missing_data": "breaching", - "unit": "" - }, - "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==" - } - ] - } - ] -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/app1-install.sh b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/app1-install.sh deleted file mode 100644 index f697dd1d..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/app1-install.sh +++ /dev/null @@ -1,12 +0,0 @@ -#! /bin/bash -# Instance Identity Metadata Reference - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html -sudo yum update -y -sudo yum install -y httpd -sudo systemctl enable httpd -sudo service httpd start -sudo echo 'Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app1/index.html -sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app1/metadata.html - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c1-versions.tf b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c1-versions.tf deleted file mode 100644 index a795de35..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c1-versions.tf +++ /dev/null @@ -1,34 +0,0 @@ -# Terraform Block -terraform { - required_version = ">= 1.0" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 3.0" - } - null = { - source = "hashicorp/null" - version = "~> 3.0" - } - random = { - source = "hashicorp/random" - version = "~> 3.0" - } - } -} - -# Provider Block -provider "aws" { - region = var.aws_region - profile = "default" -} -/* -Note-1: AWS Credentials Profile (profile = "default") configured on your local desktop terminal -$HOME/.aws/credentials -*/ - -# Create Random Pet Resource -resource "random_pet" "this" { - length = 2 -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf deleted file mode 100644 index 0aeebd65..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf +++ /dev/null @@ -1,3 +0,0 @@ -# Terraform AWS Application Load Balancer Variables -# Place holder file for AWS ALB Variables - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c10-02-ALB-application-loadbalancer.tf b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c10-02-ALB-application-loadbalancer.tf deleted file mode 100644 index fa707c3f..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c10-02-ALB-application-loadbalancer.tf +++ /dev/null @@ -1,106 +0,0 @@ -# Terraform AWS Application Load Balancer (ALB) -module "alb" { - source = "terraform-aws-modules/alb/aws" - #version = "5.16.0" - version = "6.0.0" - - name = "${local.name}-alb" - load_balancer_type = "application" - vpc_id = module.vpc.vpc_id - /*Option-1: Give as list with specific subnets or in next line, pass all public subnets - subnets = [ - module.vpc.public_subnets[0], - module.vpc.public_subnets[1] - ]*/ - subnets = module.vpc.public_subnets - #security_groups = [module.loadbalancer_sg.this_security_group_id] - security_groups = [module.loadbalancer_sg.security_group_id] - # Listeners - # HTTP Listener - HTTP to HTTPS Redirect - http_tcp_listeners = [ - { - port = 80 - protocol = "HTTP" - action_type = "redirect" - redirect = { - port = "443" - protocol = "HTTPS" - status_code = "HTTP_301" - } - } - ] - # Target Groups - target_groups = [ - # App1 Target Group - TG Index = 0 - { - name_prefix = "app1-" - backend_protocol = "HTTP" - backend_port = 80 - target_type = "instance" - deregistration_delay = 10 - health_check = { - enabled = true - interval = 30 - path = "/app1/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - protocol = "HTTP" - matcher = "200-399" - } - protocol_version = "HTTP1" - /* # App1 Target Group - Targets - targets = { - my_app1_vm1 = { - target_id = module.ec2_private_app1.id[0] - port = 80 - }, - my_app1_vm2 = { - target_id = module.ec2_private_app1.id[1] - port = 80 - } - } - tags =local.common_tags # Target Group Tags*/ - }, - ] - - # HTTPS Listener - https_listeners = [ - # HTTPS Listener Index = 0 for HTTPS 443 - { - port = 443 - protocol = "HTTPS" - #certificate_arn = module.acm.this_acm_certificate_arn - certificate_arn = module.acm.acm_certificate_arn - action_type = "fixed-response" - fixed_response = { - content_type = "text/plain" - message_body = "Fixed Static message - for Root Context" - status_code = "200" - } - }, - ] - - # HTTPS Listener Rules - https_listener_rules = [ - # Rule-1: /app1* should go to App1 EC2 Instances - { - https_listener_index = 0 - priority = 1 - actions = [ - { - type = "forward" - target_group_index = 0 - } - ] - conditions = [{ - path_patterns = ["/*"] - }] - }, - ] - tags = local.common_tags # ALB Tags -} - - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf deleted file mode 100644 index 53b13a4e..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf +++ /dev/null @@ -1,65 +0,0 @@ -# Terraform AWS Application Load Balancer (ALB) Outputs -output "lb_id" { - description = "The ID and ARN of the load balancer we created." - value = module.alb.lb_id -} - -output "lb_arn" { - description = "The ID and ARN of the load balancer we created." - value = module.alb.lb_arn -} - -output "lb_dns_name" { - description = "The DNS name of the load balancer." - value = module.alb.lb_dns_name -} - -output "lb_arn_suffix" { - description = "ARN suffix of our load balancer - can be used with CloudWatch." - value = module.alb.lb_arn_suffix -} - -output "lb_zone_id" { - description = "The zone_id of the load balancer to assist with creating DNS records." - value = module.alb.lb_zone_id -} - -output "http_tcp_listener_arns" { - description = "The ARN of the TCP and HTTP load balancer listeners created." - value = module.alb.http_tcp_listener_arns -} - -output "http_tcp_listener_ids" { - description = "The IDs of the TCP and HTTP load balancer listeners created." - value = module.alb.http_tcp_listener_ids -} - -output "https_listener_arns" { - description = "The ARNs of the HTTPS load balancer listeners created." - value = module.alb.https_listener_arns -} - -output "https_listener_ids" { - description = "The IDs of the load balancer listeners created." - value = module.alb.https_listener_ids -} - -output "target_group_arns" { - description = "ARNs of the target groups. Useful for passing to your Auto Scaling group." - value = module.alb.target_group_arns -} - -output "target_group_arn_suffixes" { - description = "ARN suffixes of our target groups - can be used with CloudWatch." - value = module.alb.target_group_arn_suffixes -} - -output "target_group_names" { - description = "Name of the target group. Useful for passing to your CodeDeploy Deployment Group." - value = module.alb.target_group_names -} - -output "target_group_attachments" { - description = "ARNs of the target group attachment IDs." - value = module.alb.target_group_attachments -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c11-acm-certificatemanager.tf b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c11-acm-certificatemanager.tf deleted file mode 100644 index 1ec4f8fe..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c11-acm-certificatemanager.tf +++ /dev/null @@ -1,22 +0,0 @@ -# ACM Module - To create and Verify SSL Certificates -module "acm" { - source = "terraform-aws-modules/acm/aws" - #version = "2.14.0" - version = "3.0.0" - - domain_name = trimsuffix(data.aws_route53_zone.mydomain.name, ".") - zone_id = data.aws_route53_zone.mydomain.zone_id - - subject_alternative_names = [ - "*.devopsincloud.com" - ] - tags = local.common_tags -} - -# Output ACM Certificate ARN -output "this_acm_certificate_arn" { - description = "The ARN of the certificate" - #value = module.acm.this_acm_certificate_arn - value = module.acm.acm_certificate_arn -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c12-route53-dnsregistration.tf b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c12-route53-dnsregistration.tf deleted file mode 100644 index 5819b84d..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c12-route53-dnsregistration.tf +++ /dev/null @@ -1,11 +0,0 @@ -# DNS Registration -resource "aws_route53_record" "apps_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = "cloudwatch.devopsincloud.com" - type = "A" - alias { - name = module.alb.lb_dns_name - zone_id = module.alb.lb_zone_id - evaluate_target_health = true - } -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c13-01-autoscaling-with-launchtemplate-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c13-01-autoscaling-with-launchtemplate-variables.tf deleted file mode 100644 index 72ba1abd..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c13-01-autoscaling-with-launchtemplate-variables.tf +++ /dev/null @@ -1,2 +0,0 @@ -# Autoscaling Input Variables -## Placeholder file \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c13-02-autoscaling-launchtemplate-resource.tf b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c13-02-autoscaling-launchtemplate-resource.tf deleted file mode 100644 index 4fd4d7ae..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c13-02-autoscaling-launchtemplate-resource.tf +++ /dev/null @@ -1,34 +0,0 @@ -# Launch Template Resource -resource "aws_launch_template" "my_launch_template" { - name = "my-launch-template" - description = "My Launch Template" - image_id = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - - vpc_security_group_ids = [module.private_sg.security_group_id] - key_name = var.instance_keypair - user_data = filebase64("${path.module}/app1-install.sh") - ebs_optimized = true - #default_version = 1 - update_default_version = true - block_device_mappings { - device_name = "/dev/sda1" - ebs { - volume_size = 10 - #volume_size = 20 # LT Update Testing - Version 2 of LT - delete_on_termination = true - volume_type = "gp2" # default is gp2 - } - } - monitoring { - enabled = true - } - - tag_specifications { - resource_type = "instance" - tags = { - Name = "myasg" - } - } -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c13-03-autoscaling-resource.tf b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c13-03-autoscaling-resource.tf deleted file mode 100644 index 9c1dd3c8..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c13-03-autoscaling-resource.tf +++ /dev/null @@ -1,33 +0,0 @@ -# Autoscaling Group Resource -resource "aws_autoscaling_group" "my_asg" { - name_prefix = "myasg-" - desired_capacity = 2 - max_size = 10 - min_size = 2 - vpc_zone_identifier = module.vpc.private_subnets - target_group_arns = module.alb.target_group_arns - health_check_type = "EC2" - #health_check_grace_period = 300 # default is 300 seconds - # Launch Template - launch_template { - id = aws_launch_template.my_launch_template.id - version = aws_launch_template.my_launch_template.latest_version - } - # Instance Refresh - instance_refresh { - strategy = "Rolling" - preferences { - #instance_warmup = 300 # Default behavior is to use the Auto Scaling Group's health check grace period. - min_healthy_percentage = 50 - } - triggers = [ /*"launch_template",*/ "desired_capacity" ] # You can add any argument from ASG here, if those has changes, ASG Instance Refresh will trigger - } - tag { - key = "Owners" - value = "Web-Team" - propagate_at_launch = true - } -} - - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c13-04-autoscaling-with-launchtemplate-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c13-04-autoscaling-with-launchtemplate-outputs.tf deleted file mode 100644 index a23e76f4..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c13-04-autoscaling-with-launchtemplate-outputs.tf +++ /dev/null @@ -1,26 +0,0 @@ -# Launch Template Outputs -output "launch_template_id" { - description = "Launch Template ID" - value = aws_launch_template.my_launch_template.id -} - -output "launch_template_latest_version" { - description = "Launch Template Latest Version" - value = aws_launch_template.my_launch_template.latest_version -} - -# Autoscaling Outputs -output "autoscaling_group_id" { - description = "Autoscaling Group ID" - value = aws_autoscaling_group.my_asg.id -} - -output "autoscaling_group_name" { - description = "Autoscaling Group Name" - value = aws_autoscaling_group.my_asg.name -} - -output "autoscaling_group_arn" { - description = "Autoscaling Group ARN" - value = aws_autoscaling_group.my_asg.arn -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c13-05-autoscaling-notifications.tf b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c13-05-autoscaling-notifications.tf deleted file mode 100644 index e2c85343..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c13-05-autoscaling-notifications.tf +++ /dev/null @@ -1,27 +0,0 @@ -# Autoscaling Notifications -## AWS Bug for SNS Topic: https://stackoverflow.com/questions/62694223/cloudwatch-alarm-pending-confirmation -## Due to that create SNS Topic with unique name - -## SNS - Topic -resource "aws_sns_topic" "myasg_sns_topic" { - name = "myasg-sns-topic-${random_pet.this.id}" -} - -## SNS - Subscription -resource "aws_sns_topic_subscription" "myasg_sns_topic_subscription" { - topic_arn = aws_sns_topic.myasg_sns_topic.arn - protocol = "email" - endpoint = "stacksimplify@gmail.com" -} - -## Create Autoscaling Notification Resource -resource "aws_autoscaling_notification" "myasg_notifications" { - group_names = [aws_autoscaling_group.my_asg.id] - notifications = [ - "autoscaling:EC2_INSTANCE_LAUNCH", - "autoscaling:EC2_INSTANCE_TERMINATE", - "autoscaling:EC2_INSTANCE_LAUNCH_ERROR", - "autoscaling:EC2_INSTANCE_TERMINATE_ERROR", - ] - topic_arn = aws_sns_topic.myasg_sns_topic.arn -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c13-06-autoscaling-ttsp.tf b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c13-06-autoscaling-ttsp.tf deleted file mode 100644 index f67b9b23..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c13-06-autoscaling-ttsp.tf +++ /dev/null @@ -1,33 +0,0 @@ -###### Target Tracking Scaling Policies ###### -# TTS - Scaling Policy-1: Based on CPU Utilization -# Define Autoscaling Policies and Associate them to Autoscaling Group -resource "aws_autoscaling_policy" "avg_cpu_policy_greater_than_xx" { - name = "avg-cpu-policy-greater-than-xx" - policy_type = "TargetTrackingScaling" # Important Note: The policy type, either "SimpleScaling", "StepScaling" or "TargetTrackingScaling". If this value isn't provided, AWS will default to "SimpleScaling." - autoscaling_group_name = aws_autoscaling_group.my_asg.id - estimated_instance_warmup = 180 # defaults to ASG default cooldown 300 seconds if not set - # CPU Utilization is above 50 - target_tracking_configuration { - predefined_metric_specification { - predefined_metric_type = "ASGAverageCPUUtilization" - } - target_value = 50.0 - } - -} - -# TTS - Scaling Policy-2: Based on ALB Target Requests -resource "aws_autoscaling_policy" "alb_target_requests_greater_than_yy" { - name = "alb-target-requests-greater-than-yy" - policy_type = "TargetTrackingScaling" # Important Note: The policy type, either "SimpleScaling", "StepScaling" or "TargetTrackingScaling". If this value isn't provided, AWS will default to "SimpleScaling." - autoscaling_group_name = aws_autoscaling_group.my_asg.id - estimated_instance_warmup = 120 # defaults to ASG default cooldown 300 seconds if not set - # Number of requests > 10 completed per target in an Application Load Balancer target group. - target_tracking_configuration { - predefined_metric_specification { - predefined_metric_type = "ALBRequestCountPerTarget" - resource_label = "${module.alb.lb_arn_suffix}/${module.alb.target_group_arn_suffixes[0]}" - } - target_value = 10.0 - } -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c13-07-autoscaling-scheduled-actions.tf b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c13-07-autoscaling-scheduled-actions.tf deleted file mode 100644 index f8d000b4..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c13-07-autoscaling-scheduled-actions.tf +++ /dev/null @@ -1,23 +0,0 @@ -## Create Scheduled Actions -### Create Scheduled Action-1: Increase capacity during business hours -resource "aws_autoscaling_schedule" "increase_capacity_7am" { - scheduled_action_name = "increase-capacity-7am" - min_size = 2 - max_size = 10 - desired_capacity = 8 - start_time = "2030-03-30T11:00:00Z" # Time should be provided in UTC Timezone (11am UTC = 7AM EST) - recurrence = "00 09 * * *" - autoscaling_group_name = aws_autoscaling_group.my_asg.id -} -### Create Scheduled Action-2: Decrease capacity during business hours -resource "aws_autoscaling_schedule" "decrease_capacity_5pm" { - scheduled_action_name = "decrease-capacity-5pm" - min_size = 2 - max_size = 10 - desired_capacity = 2 - start_time = "2030-03-30T21:00:00Z" # Time should be provided in UTC Timezone (9PM UTC = 5PM EST) - recurrence = "00 21 * * *" - autoscaling_group_name = aws_autoscaling_group.my_asg.id -} - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c14-01-cloudwatch-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c14-01-cloudwatch-variables.tf deleted file mode 100644 index da5ba7ec..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c14-01-cloudwatch-variables.tf +++ /dev/null @@ -1,2 +0,0 @@ -# AWS CloudWatch Input Variables -## Place holder file for AWS CloudWatch Input Variables \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c14-02-cloudwatch-asg-alarms.tf b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c14-02-cloudwatch-asg-alarms.tf deleted file mode 100644 index a3c487b7..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c14-02-cloudwatch-asg-alarms.tf +++ /dev/null @@ -1,35 +0,0 @@ -# Define CloudWatch Alarms for Autoscaling Groups - -# Autoscaling - Scaling Policy for High CPU -resource "aws_autoscaling_policy" "high_cpu" { - name = "high-cpu" - scaling_adjustment = 4 - adjustment_type = "ChangeInCapacity" - cooldown = 300 - autoscaling_group_name = aws_autoscaling_group.my_asg.name -} - -# Cloud Watch Alarm to trigger the above scaling policy when CPU Utilization is above 80% -# Also send the notificaiton email to users present in SNS Topic Subscription -resource "aws_cloudwatch_metric_alarm" "app1_asg_cwa_cpu" { - alarm_name = "App1-ASG-CWA-CPUUtilization" - comparison_operator = "GreaterThanOrEqualToThreshold" - evaluation_periods = "2" - metric_name = "CPUUtilization" - namespace = "AWS/EC2" - period = "120" - statistic = "Average" - threshold = "80" - - dimensions = { - AutoScalingGroupName = aws_autoscaling_group.my_asg.name - } - - alarm_description = "This metric monitors ec2 cpu utilization and triggers the ASG Scaling policy to scale-out if CPU is above 80%" - - ok_actions = [aws_sns_topic.myasg_sns_topic.arn] - alarm_actions = [ - aws_autoscaling_policy.high_cpu.arn, - aws_sns_topic.myasg_sns_topic.arn - ] -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c14-03-cloudwatch-alb-alarms.tf b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c14-03-cloudwatch-alb-alarms.tf deleted file mode 100644 index 20bf8e53..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c14-03-cloudwatch-alb-alarms.tf +++ /dev/null @@ -1,31 +0,0 @@ -# Define CloudWatch Alarms for ALB -# Alert if HTTP 4xx errors are more than threshold value -resource "aws_cloudwatch_metric_alarm" "alb_4xx_errors" { - alarm_name = "App1-ALB-HTTP-4xx-errors" - comparison_operator = "GreaterThanThreshold" - datapoints_to_alarm = "2" # "2" - evaluation_periods = "3" # "3" - metric_name = "HTTPCode_Target_4XX_Count" - namespace = "AWS/ApplicationELB" - period = "120" - statistic = "Sum" - threshold = "5" # Update real-world value like 100, 200 etc - treat_missing_data = "missing" - dimensions = { - LoadBalancer = module.alb.lb_arn_suffix - } - alarm_description = "This metric monitors ALB HTTP 4xx errors and if they are above 100 in specified interval, it is going to send a notification email" - ok_actions = [aws_sns_topic.myasg_sns_topic.arn] - alarm_actions = [aws_sns_topic.myasg_sns_topic.arn] -} - -# Per AppELB Metrics -## - HTTPCode_ELB_5XX_Count -## - HTTPCode_ELB_502_Count -## - TargetResponseTime -# Per AppELB, per TG Metrics -## - UnHealthyHostCount -## - HealthyHostCount -## - HTTPCode_Target_4XX_Count -## - TargetResponseTime - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c14-04-cloudwatch-cis-alarms.tf b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c14-04-cloudwatch-cis-alarms.tf deleted file mode 100644 index 7a877db1..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c14-04-cloudwatch-cis-alarms.tf +++ /dev/null @@ -1,17 +0,0 @@ -# Create Log Group for CIS -resource "aws_cloudwatch_log_group" "cis_log_group" { - name = "cis-log-group-${random_pet.this.id}" -} - -# Define CIS Alarms -module "all_cis_alarms" { - source = "terraform-aws-modules/cloudwatch/aws//modules/cis-alarms" - version = "2.1.0" - #create = false - - disabled_controls = ["DisableOrDeleteCMK", "VPCChanges"] - - log_group_name = aws_cloudwatch_log_group.cis_log_group.name - alarm_actions = [aws_sns_topic.myasg_sns_topic.arn] - tags = local.common_tags -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c14-05-cloudwatch-synthetics.tf b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c14-05-cloudwatch-synthetics.tf deleted file mode 100644 index f05e214a..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c14-05-cloudwatch-synthetics.tf +++ /dev/null @@ -1,101 +0,0 @@ -# AWS IAM Policy -resource "aws_iam_policy" "cw_canary_iam_policy" { - name = "cw-canary-iam-policy" - path = "/" - description = "CloudWatch Canary Synthetic IAM Policy" - - # Terraform's "jsonencode" function converts a - # Terraform expression result to valid JSON syntax. - policy = jsonencode({ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "VisualEditor0", - "Effect": "Allow", - "Action": "cloudwatch:PutMetricData", - "Resource": "*", - "Condition": { - "StringEquals": { - "cloudwatch:namespace": "CloudWatchSynthetics" - } - } - }, - { - "Sid": "VisualEditor1", - "Effect": "Allow", - "Action": [ - "s3:PutObject", - "logs:CreateLogStream", - "s3:ListAllMyBuckets", - "logs:CreateLogGroup", - "logs:PutLogEvents", - "s3:GetBucketLocation", - "xray:PutTraceSegments" - ], - "Resource": "*" - } - ] -}) -} - -# AWS IAM Role -resource "aws_iam_role" "cw_canary_iam_role" { - name = "cw-canary-iam-role" - description = "CloudWatch Synthetics lambda execution role for running canaries" - path = "/service-role/" - #assume_role_policy = data.aws_iam_policy_document.instance_assume_role_policy.json # (not shown) - assume_role_policy = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"lambda.amazonaws.com\"},\"Action\":\"sts:AssumeRole\"}]}" - managed_policy_arns = [aws_iam_policy.cw_canary_iam_policy.arn] -} - -# Create S3 Bucket -resource "aws_s3_bucket" "cw_canary_bucket" { - bucket = "cw-canary-bucket-${random_pet.this.id}" - acl = "private" - force_destroy = true - - tags = { - Name = "My bucket" - Environment = "Dev" - } -} - -# AWS CloudWatch Canary -resource "aws_synthetics_canary" "sswebsite2" { - name = "sswebsite2" - artifact_s3_location = "s3://${aws_s3_bucket.cw_canary_bucket.id}/sswebsite2" - execution_role_arn = aws_iam_role.cw_canary_iam_role.arn - handler = "sswebsite2.handler" - zip_file = "sswebsite2/sswebsite2v1.zip" - runtime_version = "syn-nodejs-puppeteer-3.1" - start_canary = true - - run_config { - active_tracing = true - memory_in_mb = 960 - timeout_in_seconds = 60 - } - schedule { - expression = "rate(1 minute)" - } -} - -# AWS CloudWatch Metric Alarm for Synthetics Heart Beat Monitor when availability is less than 10 percent -resource "aws_cloudwatch_metric_alarm" "synthetics_alarm_app1" { - alarm_name = "Synthetics-Alarm-App1" - comparison_operator = "LessThanThreshold" - datapoints_to_alarm = "1" # "2" - evaluation_periods = "1" # "3" - metric_name = "SuccessPercent" - namespace = "CloudWatchSynthetics" - period = "300" - statistic = "Average" - threshold = "90" - treat_missing_data = "breaching" # You can also add "missing" - dimensions = { - CanaryName = aws_synthetics_canary.sswebsite2.id - } - alarm_description = "Synthetics alarm metric: SuccessPercent LessThanThreshold 90" - ok_actions = [aws_sns_topic.myasg_sns_topic.arn] - alarm_actions = [aws_sns_topic.myasg_sns_topic.arn] -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c2-generic-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c2-generic-variables.tf deleted file mode 100644 index c238ceaa..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c2-generic-variables.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Input Variables -# AWS Region -variable "aws_region" { - description = "Region in which AWS Resources to be created" - type = string - default = "us-east-1" -} -# Environment Variable -variable "environment" { - description = "Environment Variable used as a prefix" - type = string - default = "dev" -} -# Business Division -variable "business_divsion" { - description = "Business Division in the large organization this Infrastructure belongs" - type = string - default = "sap" -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c3-local-values.tf b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c3-local-values.tf deleted file mode 100644 index ba7f09c2..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c3-local-values.tf +++ /dev/null @@ -1,25 +0,0 @@ -# Define Local Values in Terraform -locals { - owners = var.business_divsion - environment = var.environment - name = "${var.business_divsion}-${var.environment}" - #name = "${local.owners}-${local.environment}" - common_tags = { - owners = local.owners - environment = local.environment - } - - asg_tags = [ - { - key = "Project" - value = "megasecret" - propagate_at_launch = true - }, - { - key = "foo" - value = "" - propagate_at_launch = true - }, - ] - -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c4-01-vpc-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c4-01-vpc-variables.tf deleted file mode 100644 index b68d0a48..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c4-01-vpc-variables.tf +++ /dev/null @@ -1,77 +0,0 @@ -# VPC Input Variables - -# VPC Name -variable "vpc_name" { - description = "VPC Name" - type = string - default = "myvpc" -} - -# VPC CIDR Block -variable "vpc_cidr_block" { - description = "VPC CIDR Block" - type = string - default = "10.0.0.0/16" -} - -# VPC Availability Zones -variable "vpc_availability_zones" { - description = "VPC Availability Zones" - type = list(string) - default = ["us-east-1a", "us-east-1b"] -} - -# VPC Public Subnets -variable "vpc_public_subnets" { - description = "VPC Public Subnets" - type = list(string) - default = ["10.0.101.0/24", "10.0.102.0/24"] -} - -# VPC Private Subnets -variable "vpc_private_subnets" { - description = "VPC Private Subnets" - type = list(string) - default = ["10.0.1.0/24", "10.0.2.0/24"] -} - -# VPC Database Subnets -variable "vpc_database_subnets" { - description = "VPC Database Subnets" - type = list(string) - default = ["10.0.151.0/24", "10.0.152.0/24"] -} - -# VPC Create Database Subnet Group (True / False) -variable "vpc_create_database_subnet_group" { - description = "VPC Create Database Subnet Group" - type = bool - default = true -} - -# VPC Create Database Subnet Route Table (True or False) -variable "vpc_create_database_subnet_route_table" { - description = "VPC Create Database Subnet Route Table" - type = bool - default = true -} - - -# VPC Enable NAT Gateway (True or False) -variable "vpc_enable_nat_gateway" { - description = "Enable NAT Gateways for Private Subnets Outbound Communication" - type = bool - default = true -} - -# VPC Single NAT Gateway (True or False) -variable "vpc_single_nat_gateway" { - description = "Enable only single NAT Gateway in one Availability Zone to save costs during our demos" - type = bool - default = true -} - - - - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c4-02-vpc-module.tf b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c4-02-vpc-module.tf deleted file mode 100644 index 69535c5f..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c4-02-vpc-module.tf +++ /dev/null @@ -1,43 +0,0 @@ -# Create VPC Terraform Module -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - #version = "2.78.0" - version = "3.0.0" - - # VPC Basic Details - name = "${local.name}-${var.vpc_name}" - cidr = var.vpc_cidr_block - azs = var.vpc_availability_zones - public_subnets = var.vpc_public_subnets - private_subnets = var.vpc_private_subnets - - # Database Subnets - database_subnets = var.vpc_database_subnets - create_database_subnet_group = var.vpc_create_database_subnet_group - create_database_subnet_route_table = var.vpc_create_database_subnet_route_table - # create_database_internet_gateway_route = true - # create_database_nat_gateway_route = true - - # NAT Gateways - Outbound Communication - enable_nat_gateway = var.vpc_enable_nat_gateway - single_nat_gateway = var.vpc_single_nat_gateway - - # VPC DNS Parameters - enable_dns_hostnames = true - enable_dns_support = true - - - tags = local.common_tags - vpc_tags = local.common_tags - - # Additional Tags to Subnets - public_subnet_tags = { - Type = "Public Subnets" - } - private_subnet_tags = { - Type = "Private Subnets" - } - database_subnet_tags = { - Type = "Private Database Subnets" - } -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c4-03-vpc-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c4-03-vpc-outputs.tf deleted file mode 100644 index c144e991..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c4-03-vpc-outputs.tf +++ /dev/null @@ -1,37 +0,0 @@ -# VPC Output Values - -# VPC ID -output "vpc_id" { - description = "The ID of the VPC" - value = module.vpc.vpc_id -} - -# VPC CIDR blocks -output "vpc_cidr_block" { - description = "The CIDR block of the VPC" - value = module.vpc.vpc_cidr_block -} - -# VPC Private Subnets -output "private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc.private_subnets -} - -# VPC Public Subnets -output "public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc.public_subnets -} - -# VPC NAT gateway Public IP -output "nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_public_ips -} - -# VPC AZs -output "azs" { - description = "A list of availability zones spefified as argument to this module" - value = module.vpc.azs -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c5-01-securitygroup-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c5-01-securitygroup-variables.tf deleted file mode 100644 index fecdef54..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c5-01-securitygroup-variables.tf +++ /dev/null @@ -1,2 +0,0 @@ -# AWS EC2 Security Group Terraform Variables -## Placeholder file for Variables diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c5-02-securitygroup-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c5-02-securitygroup-outputs.tf deleted file mode 100644 index 2bd8f58c..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c5-02-securitygroup-outputs.tf +++ /dev/null @@ -1,46 +0,0 @@ -# AWS EC2 Security Group Terraform Outputs - -# Public Bastion Host Security Group Outputs -## public_bastion_sg_group_id -output "public_bastion_sg_group_id" { - description = "The ID of the security group" - #value = module.public_bastion_sg.this_security_group_id - value = module.public_bastion_sg.security_group_id -} - -## public_bastion_sg_group_vpc_id -output "public_bastion_sg_group_vpc_id" { - description = "The VPC ID" - #value = module.public_bastion_sg.this_security_group_vpc_id - value = module.public_bastion_sg.security_group_vpc_id -} - -## public_bastion_sg_group_name -output "public_bastion_sg_group_name" { - description = "The name of the security group" - #value = module.public_bastion_sg.this_security_group_name - value = module.public_bastion_sg.security_group_name -} - -# Private EC2 Instances Security Group Outputs -## private_sg_group_id -output "private_sg_group_id" { - description = "The ID of the security group" - #value = module.private_sg.this_security_group_id - value = module.private_sg.security_group_id -} - -## private_sg_group_vpc_id -output "private_sg_group_vpc_id" { - description = "The VPC ID" - #value = module.private_sg.this_security_group_vpc_id - value = module.private_sg.security_group_vpc_id -} - -## private_sg_group_name -output "private_sg_group_name" { - description = "The name of the security group" - #value = module.private_sg.this_security_group_name - value = module.private_sg.security_group_name -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c5-03-securitygroup-bastionsg.tf b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c5-03-securitygroup-bastionsg.tf deleted file mode 100644 index 3be1eb68..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c5-03-securitygroup-bastionsg.tf +++ /dev/null @@ -1,17 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Public Bastion Host -module "public_bastion_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - version = "4.0.0" - - name = "public-bastion-sg" - description = "Security Group with SSH port open for everybody (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c5-04-securitygroup-privatesg.tf b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c5-04-securitygroup-privatesg.tf deleted file mode 100644 index 560a64cf..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c5-04-securitygroup-privatesg.tf +++ /dev/null @@ -1,18 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Private EC2 Instances -module "private_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - version = "4.0.0" - - name = "private-sg" - description = "Security Group with HTTP & SSH port open for entire VPC Block (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp", "http-80-tcp", "http-8080-tcp"] - ingress_cidr_blocks = [module.vpc.vpc_cidr_block] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf deleted file mode 100644 index e1cdf082..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf +++ /dev/null @@ -1,29 +0,0 @@ -# Security Group for Public Load Balancer -module "loadbalancer_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - version = "4.0.0" - - name = "loadbalancer-sg" - description = "Security Group with HTTP open for entire Internet (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["http-80-tcp", "https-443-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags - - # Open to CIDRs blocks (rule or from_port+to_port+protocol+description) - ingress_with_cidr_blocks = [ - { - from_port = 81 - to_port = 81 - protocol = 6 - description = "Allow Port 81 from internet" - cidr_blocks = "0.0.0.0/0" - }, - ] -} - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c6-01-datasource-ami.tf b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c6-01-datasource-ami.tf deleted file mode 100644 index c292b608..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c6-01-datasource-ami.tf +++ /dev/null @@ -1,21 +0,0 @@ -# Get latest AMI ID for Amazon Linux2 OS -data "aws_ami" "amzlinux2" { - most_recent = true - owners = [ "amazon" ] - filter { - name = "name" - values = [ "amzn2-ami-hvm-*-gp2" ] - } - filter { - name = "root-device-type" - values = [ "ebs" ] - } - filter { - name = "virtualization-type" - values = [ "hvm" ] - } - filter { - name = "architecture" - values = [ "x86_64" ] - } -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c6-02-datasource-route53-zone.tf b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c6-02-datasource-route53-zone.tf deleted file mode 100644 index a30979d5..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c6-02-datasource-route53-zone.tf +++ /dev/null @@ -1,16 +0,0 @@ -# Get DNS information from AWS Route53 -data "aws_route53_zone" "mydomain" { - name = "devopsincloud.com" -} - -# Output MyDomain Zone ID -output "mydomain_zoneid" { - description = "The Hosted Zone id of the desired Hosted Zone" - value = data.aws_route53_zone.mydomain.zone_id -} - -# Output MyDomain name -output "mydomain_name" { - description = " The Hosted Zone name of the desired Hosted Zone." - value = data.aws_route53_zone.mydomain.name -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c7-01-ec2instance-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c7-01-ec2instance-variables.tf deleted file mode 100644 index 5067bec2..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c7-01-ec2instance-variables.tf +++ /dev/null @@ -1,23 +0,0 @@ -# AWS EC2 Instance Terraform Variables -# EC2 Instance Variables - -# AWS EC2 Instance Type -variable "instance_type" { - description = "EC2 Instance Type" - type = string - default = "t3.micro" -} - -# AWS EC2 Instance Key Pair -variable "instance_keypair" { - description = "AWS EC2 Key pair that need to be associated with EC2 Instance" - type = string - default = "terraform-key" -} - -# AWS EC2 Private Instance Count -variable "private_instance_count" { - description = "AWS EC2 Private Instances Count" - type = number - default = 1 -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c7-02-ec2instance-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c7-02-ec2instance-outputs.tf deleted file mode 100644 index 14415a3f..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c7-02-ec2instance-outputs.tf +++ /dev/null @@ -1,15 +0,0 @@ -# AWS EC2 Instance Terraform Outputs -# Public EC2 Instances - Bastion Host - -## ec2_bastion_public_instance_ids -output "ec2_bastion_public_instance_ids" { - description = "List of IDs of instances" - value = module.ec2_public.id -} - -## ec2_bastion_public_ip -output "ec2_bastion_public_ip" { - description = "List of public IP addresses assigned to the instances" - value = module.ec2_public.public_ip -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c7-03-ec2instance-bastion.tf b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c7-03-ec2instance-bastion.tf deleted file mode 100644 index b13a1b56..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c7-03-ec2instance-bastion.tf +++ /dev/null @@ -1,18 +0,0 @@ -# AWS EC2 Instance Terraform Module -# Bastion Host - EC2 Instance that will be created in VPC Public Subnet -module "ec2_public" { - source = "terraform-aws-modules/ec2-instance/aws" - version = "2.17.0" - # insert the 10 required variables here - name = "${var.environment}-BastionHost" - #instance_count = 5 - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - subnet_id = module.vpc.public_subnets[0] - #vpc_security_group_ids = [module.public_bastion_sg.this_security_group_id] - vpc_security_group_ids = [module.public_bastion_sg.security_group_id] - tags = local.common_tags -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c8-elasticip.tf b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c8-elasticip.tf deleted file mode 100644 index 07fe130b..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c8-elasticip.tf +++ /dev/null @@ -1,16 +0,0 @@ -# Create Elastic IP for Bastion Host -# Resource - depends_on Meta-Argument -resource "aws_eip" "bastion_eip" { - depends_on = [ module.ec2_public, module.vpc ] - instance = module.ec2_public.id[0] - vpc = true - tags = local.common_tags - -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) - provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c9-nullresource-provisioners.tf b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c9-nullresource-provisioners.tf deleted file mode 100644 index a4b0bcdf..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/c9-nullresource-provisioners.tf +++ /dev/null @@ -1,42 +0,0 @@ -# Create a Null Resource and Provisioners -resource "null_resource" "name" { - depends_on = [module.ec2_public] - # Connection Block for Provisioners to connect to EC2 Instance - connection { - type = "ssh" - host = aws_eip.bastion_eip.public_ip - user = "ec2-user" - password = "" - private_key = file("private-key/terraform-key.pem") - } - -## File Provisioner: Copies the terraform-key.pem file to /tmp/terraform-key.pem - provisioner "file" { - source = "private-key/terraform-key.pem" - destination = "/tmp/terraform-key.pem" - } -## Remote Exec Provisioner: Using remote-exec provisioner fix the private key permissions on Bastion Host - provisioner "remote-exec" { - inline = [ - "sudo chmod 400 /tmp/terraform-key.pem" - ] - } -## Local Exec Provisioner: local-exec provisioner (Creation-Time Provisioner - Triggered during Create Resource) - provisioner "local-exec" { - command = "echo VPC created on `date` and VPC ID: ${module.vpc.vpc_id} >> creation-time-vpc-id.txt" - working_dir = "local-exec-output-files/" - #on_failure = continue - } -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) -/* provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } - */ - -} - -# Creation Time Provisioners - By default they are created during resource creations (terraform apply) -# Destory Time Provisioners - Will be executed during "terraform destroy" command (when = destroy) \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/ec2instance.auto.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/ec2instance.auto.tfvars deleted file mode 100644 index 2d1c0446..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/ec2instance.auto.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -# EC2 Instance Variables -instance_type = "t3.micro" -instance_keypair = "terraform-key" -private_instance_count = 2 diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt deleted file mode 100644 index 25e81225..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt +++ /dev/null @@ -1,18 +0,0 @@ -VPC created on Tue Apr 20 13:59:45 IST 2021 and VPC ID: vpc-0325dc1acd7eec103 -VPC created on Fri Apr 23 14:38:18 IST 2021 and VPC ID: vpc-0159283c216ac75de -VPC created on Tue Apr 27 10:44:49 IST 2021 and VPC ID: vpc-0f27dbec1d02214ac -VPC created on Tue Apr 27 11:43:16 IST 2021 and VPC ID: vpc-0919ae691ce17b447 -VPC created on Tue Apr 27 15:46:33 IST 2021 and VPC ID: vpc-0c049ce82c2fef9d3 -VPC created on Wed Apr 28 07:46:02 IST 2021 and VPC ID: vpc-0d39babb1eceb9575 -VPC created on Wed Apr 28 09:38:00 IST 2021 and VPC ID: vpc-09e48c566409ec82d -VPC created on Wed Apr 28 10:24:07 IST 2021 and VPC ID: vpc-09022e15de01c4a50 -VPC created on Wed Apr 28 10:50:57 IST 2021 and VPC ID: vpc-092812c768984d8be -VPC created on Wed Apr 28 11:34:10 IST 2021 and VPC ID: vpc-01adbaf8ac37d8544 -VPC created on Thu Apr 29 07:49:39 IST 2021 and VPC ID: vpc-076756b5a8528bb7c -VPC created on Thu Apr 29 14:42:12 IST 2021 and VPC ID: vpc-0c1dc4b0f2ac20dcb -VPC created on Fri Apr 30 09:48:05 IST 2021 and VPC ID: vpc-0ae122f1a1bafd20c -VPC created on Fri Apr 30 12:02:58 IST 2021 and VPC ID: vpc-026bd083ea767032b -VPC created on Fri Apr 30 12:21:18 IST 2021 and VPC ID: vpc-017a2af115dcd92f7 -VPC created on Wed May 5 11:45:36 IST 2021 and VPC ID: vpc-0af52c0e11e9c3b7b -VPC created on Sun May 9 11:35:11 IST 2021 and VPC ID: vpc-0d426b9e05f2b859f -VPC created on Mon May 10 11:40:49 IST 2021 and VPC ID: vpc-0e55e5d8610e814af diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/local-exec-output-files/destroy-time-prov.txt b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/local-exec-output-files/destroy-time-prov.txt deleted file mode 100644 index 788e899c..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/local-exec-output-files/destroy-time-prov.txt +++ /dev/null @@ -1,18 +0,0 @@ -Destroy time prov Tue Apr 20 14:11:11 IST 2021 -Destroy time prov Fri Apr 23 16:06:53 IST 2021 -Destroy time prov Tue Apr 27 11:10:39 IST 2021 -Destroy time prov Tue Apr 27 13:09:09 IST 2021 -Destroy time prov Tue Apr 27 16:20:51 IST 2021 -Destroy time prov Wed Apr 28 08:12:01 IST 2021 -Destroy time prov Wed Apr 28 10:12:10 IST 2021 -Destroy time prov Wed Apr 28 10:39:23 IST 2021 -Destroy time prov Wed Apr 28 11:24:38 IST 2021 -Destroy time prov Wed Apr 28 13:05:25 IST 2021 -Destroy time prov Thu Apr 29 11:15:01 IST 2021 -Destroy time prov Thu Apr 29 16:03:46 IST 2021 -Destroy time prov Fri Apr 30 11:44:18 IST 2021 -Destroy time prov Fri Apr 30 12:13:20 IST 2021 -Destroy time prov Fri Apr 30 16:07:07 IST 2021 -Destroy time prov Wed May 5 14:07:03 IST 2021 -Destroy time prov Sun May 9 11:44:35 IST 2021 -Destroy time prov Mon May 10 11:53:15 IST 2021 diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/private-key/terraform-key.pem b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/private-key/terraform-key.pem deleted file mode 100644 index fab1eb2a..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/private-key/terraform-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAnzQtbXStFNU4znotckbPpAbQvymSYBvIRhObDObmhZLzs/Qm -lm57HBU18NcdAeEmKjHyu/2CI4Wwor3TJ+LTKHIldHmCt+26dSN5889Km99Af674 -nuPg9fTt8IXhY83aO0AeEnFivC+lk9+6Xezv7J7Llsmyx3kvUGE4uUEPNPuNcjdU -OrSlQ/Th9FPWBsTL8wLQCfQaPIQhZT8fXnvNGViTpZ/YqcoKGmkXcMl/+Pi0Xccs -ID3Egl18sV5uWr6T1DSMqhhwWYbl+IagZYUeKQ6Lg5znAtnX2/OHhDep6pGcf+aE -jbRkhQWgfLIVYhNXkAGxdxBEA2fQO0wvnaKI6wIDAQABAoIBABmUZqApmQ253LDA -TMEJw58VQUEVyuEKVbl8uPLvvqZDoEiPuAt/oOQ4PDyAM7bzmBA7ikbOSrSubF0Z -pu3HsinTfVUjmO84kTb1Bkk4S0KUMmbRlDzjXGfofLqiqD5C+wd+G9bWxQh7l10V -G3qv8TTRpuCJc+I9BG8jz9tkKq9WYtnGKXktVIAmEXK+ein8A5yj+szV1CyP0y6Y -6D1KApk+o1hLEXCBxaK6JgD4elJWgU0jCIhRFZzae93yozNIfJc2WZfPc8Ro6GBa -8H57q3E241P7S65VewhZlln9AUcRFYc587ohcCIW8mOWQ8NA3IMP+oVxa2p334Ll -duhR2jECgYEAyf7a1/+/c82B+ENyo53Y5CK2UM28oOJjiyCaWG2Dxj6V2+ZSXPrS -YTo43L9XiqT0Ry2eHjb4pJDsEeW5FnaDFO6NVUP+vfzaqWtozQmVAl3GQybbSh6g -+KJoEQff2Obadp9ZVhLFTiBedvGqPD43hs7jtmk5RfMjpLOvidfe+/UCgYEAycSJ -etYYHMMQm2NgX1/4dcbgOiu33N+x1H7LaXuvJMaZw0wB7fUyu65CAexEanDtiKs3 -jVG4tAzdMmHg7VxKR7eiCvQaSlxdWdcWtL2eFVq2TaQeowbpJUtsR0h6W0vpaN9A -VYW/oAH4fzQskwmWSlBMxB/Ie14hBCBckTXSRV8CgYEAql6WXpCK/jVbZfYdfvrn -sKPGeijM7DWGGBaLmAHmnxKyeyKsXVgAkZj11NpeD8ZJcq97Kajb1pGVSxMjJVsX -/FOoST5sYfoew76gSi/GypQlYQYo9z8WLh9s/tBRcTRlFqAYTYzPdbG/ezshhmZD -lyRw0620bNdCPOyBJhY5MPECgYA/3tFOazuSz0UQi3LUfkLetagBghlf+AgJJmIp -8BdPYvcF1ae+tiHrO4x1o188+qaW3uxk9fusM25KJqXXPaHd9gl7wi4YYAjFCcuM -R4IlbGPNTCjOnr9rKOcL4aup/uvSYOmyqPYyJq2NRuzdVumWeLj0VMNYGkIFVmE3 -LnxzrQKBgG5loEjdSKt40YOMXtYvUYUKDGvWgoQEb0hj3OqiBXz+w4YD3/iX7dbQ -qra1gCxE42Z9beiBiti6zi6zGcoVj/pfNUoyxTLMSwaytbF+g1u6ksXcmC9PXcmk -kJDR0DJcm/rcL8tp3PKo22GDB7sobm9gk5je6y8z+dQs3SQbWzb0 ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/sswebsite2/nodejs/node_modules/sswebsite2.js b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/sswebsite2/nodejs/node_modules/sswebsite2.js deleted file mode 100644 index 625dcf57..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/sswebsite2/nodejs/node_modules/sswebsite2.js +++ /dev/null @@ -1,95 +0,0 @@ -const URL = require('url'); -const synthetics = require('Synthetics'); -const log = require('SyntheticsLogger'); -const syntheticsConfiguration = synthetics.getConfiguration(); - -const loadBlueprint = async function () { - - const urls = ['https://stacksimplify.com']; - - // Set screenshot option - const takeScreenshot = true; - - /* Disabling default step screen shots taken during Synthetics.executeStep() calls - * Step will be used to publish metrics on time taken to load dom content but - * Screenshots will be taken outside the executeStep to allow for page to completely load with domcontentloaded - * You can change it to load, networkidle0, networkidle2 depending on what works best for you. - */ - syntheticsConfiguration.disableStepScreenshots(); - syntheticsConfiguration.setConfig({ - continueOnStepFailure: true - }); - - let page = await synthetics.getPage(); - - for (const url of urls) { - await loadUrl(page, url, takeScreenshot); - } -}; - -// Reset the page in-between -const resetPage = async function(page) { - try { - await page.goto('about:blank',{waitUntil: ['load', 'networkidle0'], timeout: 30000} ); - } catch(ex) { - synthetics.addExecutionError('Unable to open a blank page ', ex); - } -} - -const loadUrl = async function (page, url, takeScreenshot) { - let stepName = null; - let domcontentloaded = false; - - try { - stepName = URL.parse(url).hostname; - } catch (error) { - const errorString = `Error parsing url: ${url}. ${error}`; - log.error(errorString); - /* If we fail to parse the URL, don't emit a metric with a stepName based on it. - It may not be a legal CloudWatch metric dimension name and we may not have an alarms - setup on the malformed URL stepName. Instead, fail this step which will - show up in the logs and will fail the overall canary and alarm on the overall canary - success rate. - */ - throw error; - } - - await synthetics.executeStep(stepName, async function () { - - /* You can customize the wait condition here. For instance, using 'networkidle2' or 'networkidle0' to load page completely. - networkidle0: Navigation is successful when the page has had no network requests for half a second. This might never happen if page is constantly loading multiple resources. - networkidle2: Navigation is successful when the page has no more then 2 network requests for half a second. - domcontentloaded: It's fired as soon as the page DOM has been loaded, without waiting for resources to finish loading. Can be used and then add explicit await page.waitFor(timeInMs) - */ - const response = await page.goto(url, { waitUntil: ['domcontentloaded'], timeout: 30000}); - if (response) { - domcontentloaded = true; - const status = response.status(); - const statusText = response.statusText(); - - const logResponseString = `Response from url: ${url} Status: ${status} Status Text: ${statusText}`; - - //If the response status code is not a 2xx success code - if (response.status() < 200 || response.status() > 299) { - throw `Failed to load url: ${url} ${response.status()} ${response.statusText()}`; - } - } else { - const logNoResponseString = `No response returned for url: ${url}`; - log.error(logNoResponseString); - throw new Error(logNoResponseString); - } - }); - - // Wait for 15 seconds to let page load fully before taking screenshot. - if (domcontentloaded && takeScreenshot) { - await page.waitFor(15000); - await synthetics.takeScreenshot(stepName, 'loaded'); - await resetPage(page); - } -}; - -const urls = []; - -exports.handler = async () => { - return await loadBlueprint(); -}; \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/sswebsite2/sswebsite2v1.zip b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/sswebsite2/sswebsite2v1.zip deleted file mode 100644 index c2d3acb3..00000000 Binary files a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/sswebsite2/sswebsite2v1.zip and /dev/null differ diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/terraform.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/terraform.tfvars deleted file mode 100644 index 8b9f8d7c..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/terraform.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# Generic Variables -aws_region = "us-east-1" -environment = "stag" -business_divsion = "hr" - - - - - - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/vpc.auto.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/vpc.auto.tfvars deleted file mode 100644 index fc45bf29..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/17-AWS-CloudWatch/terraform-manifests/vpc.auto.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# VPC Variables -vpc_name = "myvpc" -vpc_cidr_block = "10.0.0.0/16" -vpc_availability_zones = ["us-east-1a", "us-east-1b"] -vpc_public_subnets = ["10.0.101.0/24", "10.0.102.0/24"] -vpc_private_subnets = ["10.0.1.0/24", "10.0.2.0/24"] -vpc_database_subnets= ["10.0.151.0/24", "10.0.152.0/24"] -vpc_create_database_subnet_group = true -vpc_create_database_subnet_route_table = true -vpc_enable_nat_gateway = true -vpc_single_nat_gateway = true \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/README.md b/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/README.md deleted file mode 100644 index c26991e2..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/README.md +++ /dev/null @@ -1,70 +0,0 @@ ---- -title: Develop Terraform Modules Locally -description: Create Terraform Modules locally ---- -# Develop Terraform Modules Locally - -## Step-01: Introduction -- How to develop Terraform modules locally ? -- How to leverage and use open source Terraform Modules locally if we don't have access from our organization private networks to Terraform Public Registry ? - -[](https://stacksimplify.com/course-images/terraform-modules-build-locally-1.png) - -[](https://stacksimplify.com/course-images/terraform-modules-build-locally-2.png) - - -## Step-02: Copy templates from 06-AWS-VPC -- Copy `terraform-manifests` from `06-AWS-VPC\06-02-AWS-VPC-using-Terraform\terraform-manifests\v2-vpc-module-standardized` - -## Step-03: Download Public Registry Terraform Module -- Download the VPC module from Terraform Public Registry - -## Step-04: Create VPC Local Module -- Create `modules` folder in Terraform Working Directory `terraform-manifests` -- Copy the downloaded VPC module to `modules` folder with module folder name `aws-vpc` -- Remove all other unused or un-required files from this downloaded module. -- Update the `source` argument in `c4-02-vpc-module.tf` -- Also comment `version` argument -```t -# Create VPC Terraform Module -module "vpc" { - source = "./modules/aws-vpc" - #version = "2.78.0" - -### BELOW Terraform code is truncated and will be available in c4-02-vpc-module.tf -``` - -## Step-05: Execute Terraform Commands -```t -# Terraform Initialize -terraform init -Observation: -1. Verify the cli output -2. Verify the .terraform\modules folder -3. It will just have the module.json file referencing to local modules folder where aws-vpc module is present - -# Terraform Validate -terraform validate - -# Terraform Plan -terraform plan - -# Terraform Apply -terraform apply -auto-approve -``` - -## Step-06: Additional Understanding -1. If we want to develop local modules in our organization, don't need to build everything from scratch -2. Analyze what all open source modules available for us and use them and change those as per our requirement. -3. If we don't relevant module, atleast refer these module related code `main.tf` to get how the advanced level code they write to build such type of re-usable modules - - -## Step-07: Clean-Up -```t -# Terraform Destroy -terraform destroy -auto-approve - -# Delete Files -rm -rf .terraform* -rm -rf terraform.tfstate* -``` \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/c1-versions.tf b/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/c1-versions.tf deleted file mode 100644 index a305835c..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/c1-versions.tf +++ /dev/null @@ -1,20 +0,0 @@ -# Terraform Block -terraform { - required_version = "~> 0.14" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 3.0" - } - } -} - -# Provider Block -provider "aws" { - region = var.aws_region - profile = "default" -} -/* -Note-1: AWS Credentials Profile (profile = "default") configured on your local desktop terminal -$HOME/.aws/credentials -*/ diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/c2-generic-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/c2-generic-variables.tf deleted file mode 100644 index 4f6d813e..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/c2-generic-variables.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Input Variables -# AWS Region -variable "aws_region" { - description = "Region in which AWS Resources to be created" - type = string - default = "us-east-1" -} -# Environment Variable -variable "environment" { - description = "Environment Variable used as a prefix" - type = string - default = "dev" -} -# Business Division -variable "business_divsion" { - description = "Business Division in the large organization this Infrastructure belongs" - type = string - default = "SAP" -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/c3-local-values.tf b/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/c3-local-values.tf deleted file mode 100644 index 9465b846..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/c3-local-values.tf +++ /dev/null @@ -1,11 +0,0 @@ -# Define Local Values in Terraform -locals { - owners = var.business_divsion - environment = var.environment - name = "${var.business_divsion}-${var.environment}" - #name = "${local.owners}-${local.environment}" - common_tags = { - owners = local.owners - environment = local.environment - } -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/c4-01-vpc-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/c4-01-vpc-variables.tf deleted file mode 100644 index b68d0a48..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/c4-01-vpc-variables.tf +++ /dev/null @@ -1,77 +0,0 @@ -# VPC Input Variables - -# VPC Name -variable "vpc_name" { - description = "VPC Name" - type = string - default = "myvpc" -} - -# VPC CIDR Block -variable "vpc_cidr_block" { - description = "VPC CIDR Block" - type = string - default = "10.0.0.0/16" -} - -# VPC Availability Zones -variable "vpc_availability_zones" { - description = "VPC Availability Zones" - type = list(string) - default = ["us-east-1a", "us-east-1b"] -} - -# VPC Public Subnets -variable "vpc_public_subnets" { - description = "VPC Public Subnets" - type = list(string) - default = ["10.0.101.0/24", "10.0.102.0/24"] -} - -# VPC Private Subnets -variable "vpc_private_subnets" { - description = "VPC Private Subnets" - type = list(string) - default = ["10.0.1.0/24", "10.0.2.0/24"] -} - -# VPC Database Subnets -variable "vpc_database_subnets" { - description = "VPC Database Subnets" - type = list(string) - default = ["10.0.151.0/24", "10.0.152.0/24"] -} - -# VPC Create Database Subnet Group (True / False) -variable "vpc_create_database_subnet_group" { - description = "VPC Create Database Subnet Group" - type = bool - default = true -} - -# VPC Create Database Subnet Route Table (True or False) -variable "vpc_create_database_subnet_route_table" { - description = "VPC Create Database Subnet Route Table" - type = bool - default = true -} - - -# VPC Enable NAT Gateway (True or False) -variable "vpc_enable_nat_gateway" { - description = "Enable NAT Gateways for Private Subnets Outbound Communication" - type = bool - default = true -} - -# VPC Single NAT Gateway (True or False) -variable "vpc_single_nat_gateway" { - description = "Enable only single NAT Gateway in one Availability Zone to save costs during our demos" - type = bool - default = true -} - - - - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/c4-02-vpc-module.tf b/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/c4-02-vpc-module.tf deleted file mode 100644 index 7c60b13c..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/c4-02-vpc-module.tf +++ /dev/null @@ -1,43 +0,0 @@ -# Create VPC Terraform Module -module "vpc" { - source = "./modules/aws-vpc" - #version = "2.78.0" - #version = "~> 2.78" - - # VPC Basic Details - name = "${local.name}-${var.vpc_name}" - cidr = var.vpc_cidr_block - azs = var.vpc_availability_zones - public_subnets = var.vpc_public_subnets - private_subnets = var.vpc_private_subnets - - # Database Subnets - database_subnets = var.vpc_database_subnets - create_database_subnet_group = var.vpc_create_database_subnet_group - create_database_subnet_route_table = var.vpc_create_database_subnet_route_table - # create_database_internet_gateway_route = true - # create_database_nat_gateway_route = true - - # NAT Gateways - Outbound Communication - enable_nat_gateway = var.vpc_enable_nat_gateway - single_nat_gateway = var.vpc_single_nat_gateway - - # VPC DNS Parameters - enable_dns_hostnames = true - enable_dns_support = true - - - tags = local.common_tags - vpc_tags = local.common_tags - - # Additional Tags to Subnets - public_subnet_tags = { - Type = "Public Subnets" - } - private_subnet_tags = { - Type = "Private Subnets" - } - database_subnet_tags = { - Type = "Private Database Subnets" - } -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/c4-03-vpc-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/c4-03-vpc-outputs.tf deleted file mode 100644 index c144e991..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/c4-03-vpc-outputs.tf +++ /dev/null @@ -1,37 +0,0 @@ -# VPC Output Values - -# VPC ID -output "vpc_id" { - description = "The ID of the VPC" - value = module.vpc.vpc_id -} - -# VPC CIDR blocks -output "vpc_cidr_block" { - description = "The CIDR block of the VPC" - value = module.vpc.vpc_cidr_block -} - -# VPC Private Subnets -output "private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc.private_subnets -} - -# VPC Public Subnets -output "public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc.public_subnets -} - -# VPC NAT gateway Public IP -output "nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_public_ips -} - -# VPC AZs -output "azs" { - description = "A list of availability zones spefified as argument to this module" - value = module.vpc.azs -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/modules/aws-vpc/.editorconfig b/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/modules/aws-vpc/.editorconfig deleted file mode 100644 index 88cb2519..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/modules/aws-vpc/.editorconfig +++ /dev/null @@ -1,30 +0,0 @@ -# EditorConfig is awesome: http://EditorConfig.org -# Uses editorconfig to maintain consistent coding styles - -# top-most EditorConfig file -root = true - -# Unix-style newlines with a newline ending every file -[*] -charset = utf-8 -end_of_line = lf -indent_size = 2 -indent_style = space -insert_final_newline = true -max_line_length = 80 -trim_trailing_whitespace = true - -[*.{tf,tfvars}] -indent_size = 2 -indent_style = space - -[*.md] -max_line_length = 0 -trim_trailing_whitespace = false - -[Makefile] -tab_width = 2 -indent_style = tab - -[COMMIT_EDITMSG] -max_line_length = 0 diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/modules/aws-vpc/.gitignore b/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/modules/aws-vpc/.gitignore deleted file mode 100644 index 397af322..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/modules/aws-vpc/.gitignore +++ /dev/null @@ -1,29 +0,0 @@ -# Local .terraform directories -**/.terraform/* - -# Terraform lockfile -.terraform.lock.hcl - -# .tfstate files -*.tfstate -*.tfstate.* - -# Crash log files -crash.log - -# Exclude all .tfvars files, which are likely to contain sentitive data, such as -# password, private keys, and other secrets. These should not be part of version -# control as they are data points which are potentially sensitive and subject -# to change depending on the environment. -*.tfvars - -# Ignore override files as they are usually used to override resources locally and so -# are not checked in -override.tf -override.tf.json -*_override.tf -*_override.tf.json - -# Ignore CLI configuration files -.terraformrc -terraform.rc diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/modules/aws-vpc/Makefile b/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/modules/aws-vpc/Makefile deleted file mode 100644 index 558dac5a..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/modules/aws-vpc/Makefile +++ /dev/null @@ -1,7 +0,0 @@ -.PHONY: changelog release - -changelog: - git-chglog -o CHANGELOG.md --next-tag `semtag final -s minor -o` - -release: - semtag final -s minor diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/modules/aws-vpc/README.md b/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/modules/aws-vpc/README.md deleted file mode 100644 index 8fcd7ce4..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/modules/aws-vpc/README.md +++ /dev/null @@ -1,9 +0,0 @@ -# AWS VPC Terraform module - -## Authors - -Module is maintained by [Anton Babenko](https://github.com/antonbabenko) with help from [these awesome contributors](https://github.com/terraform-aws-modules/terraform-aws-vpc/graphs/contributors). - -## License - -Apache 2 Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/LICENSE) for full details. diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/modules/aws-vpc/UPGRADE-3.0.md b/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/modules/aws-vpc/UPGRADE-3.0.md deleted file mode 100644 index f1e5d24f..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/modules/aws-vpc/UPGRADE-3.0.md +++ /dev/null @@ -1,52 +0,0 @@ -# Upgrade from v2.x to v3.x - -If you have any questions regarding this upgrade process, please consult the `examples` directory: - -- [Complete-VPC](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/complete-vpc) - -If you find a bug, please open an issue with supporting configuration to reproduce. - -## List of backwards incompatible changes - -Previously, VPC endpoints were configured as standalone resources with their own set of variables and attributes. Now, this functionality is provided via a module which loops over a map of maps using `for_each` to generate the desired VPC endpoints. Therefore, to maintain the existing set of functionality while upgrading, you will need to perform the following changes: - -1. Move the endpoint resource from the main module to the sub-module. The example state move below is valid for all endpoints you might have configured (reference [`complete-vpc`](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/complete-vpc) example for reference), where `ssmmessages` should be updated for and state move performed for each endpoint configured: - -``` -terraform state mv 'module.vpc.aws_vpc_endpoint.ssm[0]' 'module.vpc_endpoints.aws_vpc_endpoint.this["ssm"]' -terraform state mv 'module.vpc.aws_vpc_endpoint.ssmmessages[0]' 'module.vpc_endpoints.aws_vpc_endpoint.this["ssmmessages"]' -terraform state mv 'module.vpc.aws_vpc_endpoint.ec2[0]' 'module.vpc_endpoints.aws_vpc_endpoint.this["ec2"]' -... -``` - -2. Remove the gateway endpoint route table association separate resources. The route table associations are now managed in the VPC endpoint resource itself via the map of maps provided to the VPC endpoint sub-module. Perform the necessary removals for each route table association and for S3 and/or DynamoDB depending on your configuration: - -``` -terraform state rm 'module.vpc.aws_vpc_endpoint_route_table_association.intra_dynamodb[0]' -terraform state rm 'module.vpc.aws_vpc_endpoint_route_table_association.private_dynamodb[0]' -terraform state rm 'module.vpc.aws_vpc_endpoint_route_table_association.public_dynamodb[0]' -... -``` - -### Variable and output changes - -1. Removed variables: - - - `enable_*_endpoint` - - `*_endpoint_type` - - `*_endpoint_security_group_ids` - - `*_endpoint_subnet_ids` - - `*_endpoint_private_dns_enabled` - - `*_endpoint_policy` - -2. Renamed variables: - -See the [VPC endpoint sub-module](modules/vpc-endpoints) for the more information on the variables to utilize for VPC endpoints - -3. Removed outputs: - - - `vpc_endpoint_*` - -4. Renamed outputs: - -VPC endpoint outputs are now provided via the VPC endpoint sub-module and can be accessed via lookups. See [`complete-vpc`](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/complete-vpc) for further examples of how to access VPC endpoint attributes from outputs diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/modules/aws-vpc/main.tf b/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/modules/aws-vpc/main.tf deleted file mode 100644 index a6d75a83..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/modules/aws-vpc/main.tf +++ /dev/null @@ -1,1315 +0,0 @@ -locals { - max_subnet_length = max( - length(var.private_subnets), - length(var.elasticache_subnets), - length(var.database_subnets), - length(var.redshift_subnets), - ) - nat_gateway_count = var.single_nat_gateway ? 1 : var.one_nat_gateway_per_az ? length(var.azs) : local.max_subnet_length - - # Use `local.vpc_id` to give a hint to Terraform that subnets should be deleted before secondary CIDR blocks can be free! - vpc_id = element( - concat( - aws_vpc_ipv4_cidr_block_association.this.*.vpc_id, - aws_vpc.this.*.id, - [""], - ), - 0, - ) -} - -################################################################################ -# VPC -################################################################################ - -resource "aws_vpc" "this" { - count = var.create_vpc ? 1 : 0 - - cidr_block = var.cidr - instance_tenancy = var.instance_tenancy - enable_dns_hostnames = var.enable_dns_hostnames - enable_dns_support = var.enable_dns_support - enable_classiclink = var.enable_classiclink - enable_classiclink_dns_support = var.enable_classiclink_dns_support - assign_generated_ipv6_cidr_block = var.enable_ipv6 - - tags = merge( - { - "Name" = format("%s", var.name) - }, - var.tags, - var.vpc_tags, - ) -} - -resource "aws_vpc_ipv4_cidr_block_association" "this" { - count = var.create_vpc && length(var.secondary_cidr_blocks) > 0 ? length(var.secondary_cidr_blocks) : 0 - - vpc_id = aws_vpc.this[0].id - - cidr_block = element(var.secondary_cidr_blocks, count.index) -} - -resource "aws_default_security_group" "this" { - count = var.create_vpc && var.manage_default_security_group ? 1 : 0 - - vpc_id = aws_vpc.this[0].id - - dynamic "ingress" { - for_each = var.default_security_group_ingress - content { - self = lookup(ingress.value, "self", null) - cidr_blocks = compact(split(",", lookup(ingress.value, "cidr_blocks", ""))) - ipv6_cidr_blocks = compact(split(",", lookup(ingress.value, "ipv6_cidr_blocks", ""))) - prefix_list_ids = compact(split(",", lookup(ingress.value, "prefix_list_ids", ""))) - security_groups = compact(split(",", lookup(ingress.value, "security_groups", ""))) - description = lookup(ingress.value, "description", null) - from_port = lookup(ingress.value, "from_port", 0) - to_port = lookup(ingress.value, "to_port", 0) - protocol = lookup(ingress.value, "protocol", "-1") - } - } - - dynamic "egress" { - for_each = var.default_security_group_egress - content { - self = lookup(egress.value, "self", null) - cidr_blocks = compact(split(",", lookup(egress.value, "cidr_blocks", ""))) - ipv6_cidr_blocks = compact(split(",", lookup(egress.value, "ipv6_cidr_blocks", ""))) - prefix_list_ids = compact(split(",", lookup(egress.value, "prefix_list_ids", ""))) - security_groups = compact(split(",", lookup(egress.value, "security_groups", ""))) - description = lookup(egress.value, "description", null) - from_port = lookup(egress.value, "from_port", 0) - to_port = lookup(egress.value, "to_port", 0) - protocol = lookup(egress.value, "protocol", "-1") - } - } - - tags = merge( - { - "Name" = format("%s", var.default_security_group_name) - }, - var.tags, - var.default_security_group_tags, - ) -} - -################################################################################ -# DHCP Options Set -################################################################################ - -resource "aws_vpc_dhcp_options" "this" { - count = var.create_vpc && var.enable_dhcp_options ? 1 : 0 - - domain_name = var.dhcp_options_domain_name - domain_name_servers = var.dhcp_options_domain_name_servers - ntp_servers = var.dhcp_options_ntp_servers - netbios_name_servers = var.dhcp_options_netbios_name_servers - netbios_node_type = var.dhcp_options_netbios_node_type - - tags = merge( - { - "Name" = format("%s", var.name) - }, - var.tags, - var.dhcp_options_tags, - ) -} - -resource "aws_vpc_dhcp_options_association" "this" { - count = var.create_vpc && var.enable_dhcp_options ? 1 : 0 - - vpc_id = local.vpc_id - dhcp_options_id = aws_vpc_dhcp_options.this[0].id -} - -################################################################################ -# Internet Gateway -################################################################################ - -resource "aws_internet_gateway" "this" { - count = var.create_vpc && var.create_igw && length(var.public_subnets) > 0 ? 1 : 0 - - vpc_id = local.vpc_id - - tags = merge( - { - "Name" = format("%s", var.name) - }, - var.tags, - var.igw_tags, - ) -} - -resource "aws_egress_only_internet_gateway" "this" { - count = var.create_vpc && var.create_egress_only_igw && var.enable_ipv6 && local.max_subnet_length > 0 ? 1 : 0 - - vpc_id = local.vpc_id - - tags = merge( - { - "Name" = format("%s", var.name) - }, - var.tags, - var.igw_tags, - ) -} - -################################################################################ -# Default route -################################################################################ - -resource "aws_default_route_table" "default" { - count = var.create_vpc && var.manage_default_route_table ? 1 : 0 - - default_route_table_id = aws_vpc.this[0].default_route_table_id - propagating_vgws = var.default_route_table_propagating_vgws - - dynamic "route" { - for_each = var.default_route_table_routes - content { - # One of the following destinations must be provided - cidr_block = route.value.cidr_block - ipv6_cidr_block = lookup(route.value, "ipv6_cidr_block", null) - - # One of the following targets must be provided - egress_only_gateway_id = lookup(route.value, "egress_only_gateway_id", null) - gateway_id = lookup(route.value, "gateway_id", null) - instance_id = lookup(route.value, "instance_id", null) - nat_gateway_id = lookup(route.value, "nat_gateway_id", null) - network_interface_id = lookup(route.value, "network_interface_id", null) - transit_gateway_id = lookup(route.value, "transit_gateway_id", null) - vpc_endpoint_id = lookup(route.value, "vpc_endpoint_id", null) - vpc_peering_connection_id = lookup(route.value, "vpc_peering_connection_id", null) - } - } - - tags = merge( - { "Name" = var.name }, - var.tags, - var.default_route_table_tags, - ) -} - -################################################################################ -# Publiс routes -################################################################################ - -resource "aws_route_table" "public" { - count = var.create_vpc && length(var.public_subnets) > 0 ? 1 : 0 - - vpc_id = local.vpc_id - - tags = merge( - { - "Name" = format("%s-${var.public_subnet_suffix}", var.name) - }, - var.tags, - var.public_route_table_tags, - ) -} - -resource "aws_route" "public_internet_gateway" { - count = var.create_vpc && var.create_igw && length(var.public_subnets) > 0 ? 1 : 0 - - route_table_id = aws_route_table.public[0].id - destination_cidr_block = "0.0.0.0/0" - gateway_id = aws_internet_gateway.this[0].id - - timeouts { - create = "5m" - } -} - -resource "aws_route" "public_internet_gateway_ipv6" { - count = var.create_vpc && var.create_igw && var.enable_ipv6 && length(var.public_subnets) > 0 ? 1 : 0 - - route_table_id = aws_route_table.public[0].id - destination_ipv6_cidr_block = "::/0" - gateway_id = aws_internet_gateway.this[0].id -} - -################################################################################ -# Private routes -# There are as many routing tables as the number of NAT gateways -################################################################################ - -resource "aws_route_table" "private" { - count = var.create_vpc && local.max_subnet_length > 0 ? local.nat_gateway_count : 0 - - vpc_id = local.vpc_id - - tags = merge( - { - "Name" = var.single_nat_gateway ? "${var.name}-${var.private_subnet_suffix}" : format( - "%s-${var.private_subnet_suffix}-%s", - var.name, - element(var.azs, count.index), - ) - }, - var.tags, - var.private_route_table_tags, - ) -} - -################################################################################ -# Database routes -################################################################################ - -resource "aws_route_table" "database" { - count = var.create_vpc && var.create_database_subnet_route_table && length(var.database_subnets) > 0 ? var.single_nat_gateway || var.create_database_internet_gateway_route ? 1 : length(var.database_subnets) : 0 - - vpc_id = local.vpc_id - - tags = merge( - { - "Name" = var.single_nat_gateway || var.create_database_internet_gateway_route ? "${var.name}-${var.database_subnet_suffix}" : format( - "%s-${var.database_subnet_suffix}-%s", - var.name, - element(var.azs, count.index), - ) - }, - var.tags, - var.database_route_table_tags, - ) -} - -resource "aws_route" "database_internet_gateway" { - count = var.create_vpc && var.create_igw && var.create_database_subnet_route_table && length(var.database_subnets) > 0 && var.create_database_internet_gateway_route && false == var.create_database_nat_gateway_route ? 1 : 0 - - route_table_id = aws_route_table.database[0].id - destination_cidr_block = "0.0.0.0/0" - gateway_id = aws_internet_gateway.this[0].id - - timeouts { - create = "5m" - } -} - -resource "aws_route" "database_nat_gateway" { - count = var.create_vpc && var.create_database_subnet_route_table && length(var.database_subnets) > 0 && false == var.create_database_internet_gateway_route && var.create_database_nat_gateway_route && var.enable_nat_gateway ? var.single_nat_gateway ? 1 : length(var.database_subnets) : 0 - - route_table_id = element(aws_route_table.database.*.id, count.index) - destination_cidr_block = "0.0.0.0/0" - nat_gateway_id = element(aws_nat_gateway.this.*.id, count.index) - - timeouts { - create = "5m" - } -} - -resource "aws_route" "database_ipv6_egress" { - count = var.create_vpc && var.create_egress_only_igw && var.enable_ipv6 && var.create_database_subnet_route_table && length(var.database_subnets) > 0 && var.create_database_internet_gateway_route ? 1 : 0 - - route_table_id = aws_route_table.database[0].id - destination_ipv6_cidr_block = "::/0" - egress_only_gateway_id = aws_egress_only_internet_gateway.this[0].id - - timeouts { - create = "5m" - } -} - -################################################################################ -# Redshift routes -################################################################################ - -resource "aws_route_table" "redshift" { - count = var.create_vpc && var.create_redshift_subnet_route_table && length(var.redshift_subnets) > 0 ? 1 : 0 - - vpc_id = local.vpc_id - - tags = merge( - { - "Name" = "${var.name}-${var.redshift_subnet_suffix}" - }, - var.tags, - var.redshift_route_table_tags, - ) -} - -################################################################################ -# Elasticache routes -################################################################################ - -resource "aws_route_table" "elasticache" { - count = var.create_vpc && var.create_elasticache_subnet_route_table && length(var.elasticache_subnets) > 0 ? 1 : 0 - - vpc_id = local.vpc_id - - tags = merge( - { - "Name" = "${var.name}-${var.elasticache_subnet_suffix}" - }, - var.tags, - var.elasticache_route_table_tags, - ) -} - -################################################################################ -# Intra routes -################################################################################ - -resource "aws_route_table" "intra" { - count = var.create_vpc && length(var.intra_subnets) > 0 ? 1 : 0 - - vpc_id = local.vpc_id - - tags = merge( - { - "Name" = "${var.name}-${var.intra_subnet_suffix}" - }, - var.tags, - var.intra_route_table_tags, - ) -} - -################################################################################ -# Public subnet -################################################################################ - -resource "aws_subnet" "public" { - count = var.create_vpc && length(var.public_subnets) > 0 && (false == var.one_nat_gateway_per_az || length(var.public_subnets) >= length(var.azs)) ? length(var.public_subnets) : 0 - - vpc_id = local.vpc_id - cidr_block = element(concat(var.public_subnets, [""]), count.index) - availability_zone = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) > 0 ? element(var.azs, count.index) : null - availability_zone_id = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) == 0 ? element(var.azs, count.index) : null - map_public_ip_on_launch = var.map_public_ip_on_launch - assign_ipv6_address_on_creation = var.public_subnet_assign_ipv6_address_on_creation == null ? var.assign_ipv6_address_on_creation : var.public_subnet_assign_ipv6_address_on_creation - - ipv6_cidr_block = var.enable_ipv6 && length(var.public_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.public_subnet_ipv6_prefixes[count.index]) : null - - tags = merge( - { - "Name" = format( - "%s-${var.public_subnet_suffix}-%s", - var.name, - element(var.azs, count.index), - ) - }, - var.tags, - var.public_subnet_tags, - ) -} - -################################################################################ -# Private subnet -################################################################################ - -resource "aws_subnet" "private" { - count = var.create_vpc && length(var.private_subnets) > 0 ? length(var.private_subnets) : 0 - - vpc_id = local.vpc_id - cidr_block = var.private_subnets[count.index] - availability_zone = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) > 0 ? element(var.azs, count.index) : null - availability_zone_id = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) == 0 ? element(var.azs, count.index) : null - assign_ipv6_address_on_creation = var.private_subnet_assign_ipv6_address_on_creation == null ? var.assign_ipv6_address_on_creation : var.private_subnet_assign_ipv6_address_on_creation - - ipv6_cidr_block = var.enable_ipv6 && length(var.private_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.private_subnet_ipv6_prefixes[count.index]) : null - - tags = merge( - { - "Name" = format( - "%s-${var.private_subnet_suffix}-%s", - var.name, - element(var.azs, count.index), - ) - }, - var.tags, - var.private_subnet_tags, - ) -} - -################################################################################ -# Outpost subnet -################################################################################ - -resource "aws_subnet" "outpost" { - count = var.create_vpc && length(var.outpost_subnets) > 0 ? length(var.outpost_subnets) : 0 - - vpc_id = local.vpc_id - cidr_block = var.outpost_subnets[count.index] - availability_zone = var.outpost_az - assign_ipv6_address_on_creation = var.outpost_subnet_assign_ipv6_address_on_creation == null ? var.assign_ipv6_address_on_creation : var.outpost_subnet_assign_ipv6_address_on_creation - - ipv6_cidr_block = var.enable_ipv6 && length(var.outpost_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.outpost_subnet_ipv6_prefixes[count.index]) : null - - outpost_arn = var.outpost_arn - - tags = merge( - { - "Name" = format( - "%s-${var.outpost_subnet_suffix}-%s", - var.name, - var.outpost_az, - ) - }, - var.tags, - var.outpost_subnet_tags, - ) -} - -################################################################################ -# Database subnet -################################################################################ - -resource "aws_subnet" "database" { - count = var.create_vpc && length(var.database_subnets) > 0 ? length(var.database_subnets) : 0 - - vpc_id = local.vpc_id - cidr_block = var.database_subnets[count.index] - availability_zone = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) > 0 ? element(var.azs, count.index) : null - availability_zone_id = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) == 0 ? element(var.azs, count.index) : null - assign_ipv6_address_on_creation = var.database_subnet_assign_ipv6_address_on_creation == null ? var.assign_ipv6_address_on_creation : var.database_subnet_assign_ipv6_address_on_creation - - ipv6_cidr_block = var.enable_ipv6 && length(var.database_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.database_subnet_ipv6_prefixes[count.index]) : null - - tags = merge( - { - "Name" = format( - "%s-${var.database_subnet_suffix}-%s", - var.name, - element(var.azs, count.index), - ) - }, - var.tags, - var.database_subnet_tags, - ) -} - -resource "aws_db_subnet_group" "database" { - count = var.create_vpc && length(var.database_subnets) > 0 && var.create_database_subnet_group ? 1 : 0 - - name = lower(var.name) - description = "Database subnet group for ${var.name}" - subnet_ids = aws_subnet.database.*.id - - tags = merge( - { - "Name" = format("%s", var.name) - }, - var.tags, - var.database_subnet_group_tags, - ) -} - -################################################################################ -# Redshift subnet -################################################################################ - -resource "aws_subnet" "redshift" { - count = var.create_vpc && length(var.redshift_subnets) > 0 ? length(var.redshift_subnets) : 0 - - vpc_id = local.vpc_id - cidr_block = var.redshift_subnets[count.index] - availability_zone = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) > 0 ? element(var.azs, count.index) : null - availability_zone_id = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) == 0 ? element(var.azs, count.index) : null - assign_ipv6_address_on_creation = var.redshift_subnet_assign_ipv6_address_on_creation == null ? var.assign_ipv6_address_on_creation : var.redshift_subnet_assign_ipv6_address_on_creation - - ipv6_cidr_block = var.enable_ipv6 && length(var.redshift_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.redshift_subnet_ipv6_prefixes[count.index]) : null - - tags = merge( - { - "Name" = format( - "%s-${var.redshift_subnet_suffix}-%s", - var.name, - element(var.azs, count.index), - ) - }, - var.tags, - var.redshift_subnet_tags, - ) -} - -resource "aws_redshift_subnet_group" "redshift" { - count = var.create_vpc && length(var.redshift_subnets) > 0 && var.create_redshift_subnet_group ? 1 : 0 - - name = lower(var.name) - description = "Redshift subnet group for ${var.name}" - subnet_ids = aws_subnet.redshift.*.id - - tags = merge( - { - "Name" = format("%s", var.name) - }, - var.tags, - var.redshift_subnet_group_tags, - ) -} - -################################################################################ -# ElastiCache subnet -################################################################################ - -resource "aws_subnet" "elasticache" { - count = var.create_vpc && length(var.elasticache_subnets) > 0 ? length(var.elasticache_subnets) : 0 - - vpc_id = local.vpc_id - cidr_block = var.elasticache_subnets[count.index] - availability_zone = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) > 0 ? element(var.azs, count.index) : null - availability_zone_id = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) == 0 ? element(var.azs, count.index) : null - assign_ipv6_address_on_creation = var.elasticache_subnet_assign_ipv6_address_on_creation == null ? var.assign_ipv6_address_on_creation : var.elasticache_subnet_assign_ipv6_address_on_creation - - ipv6_cidr_block = var.enable_ipv6 && length(var.elasticache_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.elasticache_subnet_ipv6_prefixes[count.index]) : null - - tags = merge( - { - "Name" = format( - "%s-${var.elasticache_subnet_suffix}-%s", - var.name, - element(var.azs, count.index), - ) - }, - var.tags, - var.elasticache_subnet_tags, - ) -} - -resource "aws_elasticache_subnet_group" "elasticache" { - count = var.create_vpc && length(var.elasticache_subnets) > 0 && var.create_elasticache_subnet_group ? 1 : 0 - - name = var.name - description = "ElastiCache subnet group for ${var.name}" - subnet_ids = aws_subnet.elasticache.*.id -} - -################################################################################ -# Intra subnets - private subnet without NAT gateway -################################################################################ - -resource "aws_subnet" "intra" { - count = var.create_vpc && length(var.intra_subnets) > 0 ? length(var.intra_subnets) : 0 - - vpc_id = local.vpc_id - cidr_block = var.intra_subnets[count.index] - availability_zone = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) > 0 ? element(var.azs, count.index) : null - availability_zone_id = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) == 0 ? element(var.azs, count.index) : null - assign_ipv6_address_on_creation = var.intra_subnet_assign_ipv6_address_on_creation == null ? var.assign_ipv6_address_on_creation : var.intra_subnet_assign_ipv6_address_on_creation - - ipv6_cidr_block = var.enable_ipv6 && length(var.intra_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.intra_subnet_ipv6_prefixes[count.index]) : null - - tags = merge( - { - "Name" = format( - "%s-${var.intra_subnet_suffix}-%s", - var.name, - element(var.azs, count.index), - ) - }, - var.tags, - var.intra_subnet_tags, - ) -} - -################################################################################ -# Default Network ACLs -################################################################################ - -resource "aws_default_network_acl" "this" { - count = var.create_vpc && var.manage_default_network_acl ? 1 : 0 - - default_network_acl_id = element(concat(aws_vpc.this.*.default_network_acl_id, [""]), 0) - - # The value of subnet_ids should be any subnet IDs that are not set as subnet_ids - # for any of the non-default network ACLs - subnet_ids = setsubtract( - compact(flatten([ - aws_subnet.public.*.id, - aws_subnet.private.*.id, - aws_subnet.intra.*.id, - aws_subnet.database.*.id, - aws_subnet.redshift.*.id, - aws_subnet.elasticache.*.id, - aws_subnet.outpost.*.id, - ])), - compact(flatten([ - aws_network_acl.public.*.subnet_ids, - aws_network_acl.private.*.subnet_ids, - aws_network_acl.intra.*.subnet_ids, - aws_network_acl.database.*.subnet_ids, - aws_network_acl.redshift.*.subnet_ids, - aws_network_acl.elasticache.*.subnet_ids, - aws_network_acl.outpost.*.subnet_ids, - ])) - ) - - dynamic "ingress" { - for_each = var.default_network_acl_ingress - content { - action = ingress.value.action - cidr_block = lookup(ingress.value, "cidr_block", null) - from_port = ingress.value.from_port - icmp_code = lookup(ingress.value, "icmp_code", null) - icmp_type = lookup(ingress.value, "icmp_type", null) - ipv6_cidr_block = lookup(ingress.value, "ipv6_cidr_block", null) - protocol = ingress.value.protocol - rule_no = ingress.value.rule_no - to_port = ingress.value.to_port - } - } - dynamic "egress" { - for_each = var.default_network_acl_egress - content { - action = egress.value.action - cidr_block = lookup(egress.value, "cidr_block", null) - from_port = egress.value.from_port - icmp_code = lookup(egress.value, "icmp_code", null) - icmp_type = lookup(egress.value, "icmp_type", null) - ipv6_cidr_block = lookup(egress.value, "ipv6_cidr_block", null) - protocol = egress.value.protocol - rule_no = egress.value.rule_no - to_port = egress.value.to_port - } - } - - tags = merge( - { - "Name" = format("%s", var.default_network_acl_name) - }, - var.tags, - var.default_network_acl_tags, - ) -} - -################################################################################ -# Public Network ACLs -################################################################################ - -resource "aws_network_acl" "public" { - count = var.create_vpc && var.public_dedicated_network_acl && length(var.public_subnets) > 0 ? 1 : 0 - - vpc_id = element(concat(aws_vpc.this.*.id, [""]), 0) - subnet_ids = aws_subnet.public.*.id - - tags = merge( - { - "Name" = format("%s-${var.public_subnet_suffix}", var.name) - }, - var.tags, - var.public_acl_tags, - ) -} - -resource "aws_network_acl_rule" "public_inbound" { - count = var.create_vpc && var.public_dedicated_network_acl && length(var.public_subnets) > 0 ? length(var.public_inbound_acl_rules) : 0 - - network_acl_id = aws_network_acl.public[0].id - - egress = false - rule_number = var.public_inbound_acl_rules[count.index]["rule_number"] - rule_action = var.public_inbound_acl_rules[count.index]["rule_action"] - from_port = lookup(var.public_inbound_acl_rules[count.index], "from_port", null) - to_port = lookup(var.public_inbound_acl_rules[count.index], "to_port", null) - icmp_code = lookup(var.public_inbound_acl_rules[count.index], "icmp_code", null) - icmp_type = lookup(var.public_inbound_acl_rules[count.index], "icmp_type", null) - protocol = var.public_inbound_acl_rules[count.index]["protocol"] - cidr_block = lookup(var.public_inbound_acl_rules[count.index], "cidr_block", null) - ipv6_cidr_block = lookup(var.public_inbound_acl_rules[count.index], "ipv6_cidr_block", null) -} - -resource "aws_network_acl_rule" "public_outbound" { - count = var.create_vpc && var.public_dedicated_network_acl && length(var.public_subnets) > 0 ? length(var.public_outbound_acl_rules) : 0 - - network_acl_id = aws_network_acl.public[0].id - - egress = true - rule_number = var.public_outbound_acl_rules[count.index]["rule_number"] - rule_action = var.public_outbound_acl_rules[count.index]["rule_action"] - from_port = lookup(var.public_outbound_acl_rules[count.index], "from_port", null) - to_port = lookup(var.public_outbound_acl_rules[count.index], "to_port", null) - icmp_code = lookup(var.public_outbound_acl_rules[count.index], "icmp_code", null) - icmp_type = lookup(var.public_outbound_acl_rules[count.index], "icmp_type", null) - protocol = var.public_outbound_acl_rules[count.index]["protocol"] - cidr_block = lookup(var.public_outbound_acl_rules[count.index], "cidr_block", null) - ipv6_cidr_block = lookup(var.public_outbound_acl_rules[count.index], "ipv6_cidr_block", null) -} - -################################################################################ -# Private Network ACLs -################################################################################ - -resource "aws_network_acl" "private" { - count = var.create_vpc && var.private_dedicated_network_acl && length(var.private_subnets) > 0 ? 1 : 0 - - vpc_id = element(concat(aws_vpc.this.*.id, [""]), 0) - subnet_ids = aws_subnet.private.*.id - - tags = merge( - { - "Name" = format("%s-${var.private_subnet_suffix}", var.name) - }, - var.tags, - var.private_acl_tags, - ) -} - -resource "aws_network_acl_rule" "private_inbound" { - count = var.create_vpc && var.private_dedicated_network_acl && length(var.private_subnets) > 0 ? length(var.private_inbound_acl_rules) : 0 - - network_acl_id = aws_network_acl.private[0].id - - egress = false - rule_number = var.private_inbound_acl_rules[count.index]["rule_number"] - rule_action = var.private_inbound_acl_rules[count.index]["rule_action"] - from_port = lookup(var.private_inbound_acl_rules[count.index], "from_port", null) - to_port = lookup(var.private_inbound_acl_rules[count.index], "to_port", null) - icmp_code = lookup(var.private_inbound_acl_rules[count.index], "icmp_code", null) - icmp_type = lookup(var.private_inbound_acl_rules[count.index], "icmp_type", null) - protocol = var.private_inbound_acl_rules[count.index]["protocol"] - cidr_block = lookup(var.private_inbound_acl_rules[count.index], "cidr_block", null) - ipv6_cidr_block = lookup(var.private_inbound_acl_rules[count.index], "ipv6_cidr_block", null) -} - -resource "aws_network_acl_rule" "private_outbound" { - count = var.create_vpc && var.private_dedicated_network_acl && length(var.private_subnets) > 0 ? length(var.private_outbound_acl_rules) : 0 - - network_acl_id = aws_network_acl.private[0].id - - egress = true - rule_number = var.private_outbound_acl_rules[count.index]["rule_number"] - rule_action = var.private_outbound_acl_rules[count.index]["rule_action"] - from_port = lookup(var.private_outbound_acl_rules[count.index], "from_port", null) - to_port = lookup(var.private_outbound_acl_rules[count.index], "to_port", null) - icmp_code = lookup(var.private_outbound_acl_rules[count.index], "icmp_code", null) - icmp_type = lookup(var.private_outbound_acl_rules[count.index], "icmp_type", null) - protocol = var.private_outbound_acl_rules[count.index]["protocol"] - cidr_block = lookup(var.private_outbound_acl_rules[count.index], "cidr_block", null) - ipv6_cidr_block = lookup(var.private_outbound_acl_rules[count.index], "ipv6_cidr_block", null) -} - -################################################################################ -# Outpost Network ACLs -################################################################################ - -resource "aws_network_acl" "outpost" { - count = var.create_vpc && var.outpost_dedicated_network_acl && length(var.outpost_subnets) > 0 ? 1 : 0 - - vpc_id = element(concat(aws_vpc.this.*.id, [""]), 0) - subnet_ids = aws_subnet.outpost.*.id - - tags = merge( - { - "Name" = format("%s-${var.outpost_subnet_suffix}", var.name) - }, - var.tags, - var.outpost_acl_tags, - ) -} - -resource "aws_network_acl_rule" "outpost_inbound" { - count = var.create_vpc && var.outpost_dedicated_network_acl && length(var.outpost_subnets) > 0 ? length(var.outpost_inbound_acl_rules) : 0 - - network_acl_id = aws_network_acl.outpost[0].id - - egress = false - rule_number = var.outpost_inbound_acl_rules[count.index]["rule_number"] - rule_action = var.outpost_inbound_acl_rules[count.index]["rule_action"] - from_port = lookup(var.outpost_inbound_acl_rules[count.index], "from_port", null) - to_port = lookup(var.outpost_inbound_acl_rules[count.index], "to_port", null) - icmp_code = lookup(var.outpost_inbound_acl_rules[count.index], "icmp_code", null) - icmp_type = lookup(var.outpost_inbound_acl_rules[count.index], "icmp_type", null) - protocol = var.outpost_inbound_acl_rules[count.index]["protocol"] - cidr_block = lookup(var.outpost_inbound_acl_rules[count.index], "cidr_block", null) - ipv6_cidr_block = lookup(var.outpost_inbound_acl_rules[count.index], "ipv6_cidr_block", null) -} - -resource "aws_network_acl_rule" "outpost_outbound" { - count = var.create_vpc && var.outpost_dedicated_network_acl && length(var.outpost_subnets) > 0 ? length(var.outpost_outbound_acl_rules) : 0 - - network_acl_id = aws_network_acl.outpost[0].id - - egress = true - rule_number = var.outpost_outbound_acl_rules[count.index]["rule_number"] - rule_action = var.outpost_outbound_acl_rules[count.index]["rule_action"] - from_port = lookup(var.outpost_outbound_acl_rules[count.index], "from_port", null) - to_port = lookup(var.outpost_outbound_acl_rules[count.index], "to_port", null) - icmp_code = lookup(var.outpost_outbound_acl_rules[count.index], "icmp_code", null) - icmp_type = lookup(var.outpost_outbound_acl_rules[count.index], "icmp_type", null) - protocol = var.outpost_outbound_acl_rules[count.index]["protocol"] - cidr_block = lookup(var.outpost_outbound_acl_rules[count.index], "cidr_block", null) - ipv6_cidr_block = lookup(var.outpost_outbound_acl_rules[count.index], "ipv6_cidr_block", null) -} - -################################################################################ -# Intra Network ACLs -################################################################################ - -resource "aws_network_acl" "intra" { - count = var.create_vpc && var.intra_dedicated_network_acl && length(var.intra_subnets) > 0 ? 1 : 0 - - vpc_id = element(concat(aws_vpc.this.*.id, [""]), 0) - subnet_ids = aws_subnet.intra.*.id - - tags = merge( - { - "Name" = format("%s-${var.intra_subnet_suffix}", var.name) - }, - var.tags, - var.intra_acl_tags, - ) -} - -resource "aws_network_acl_rule" "intra_inbound" { - count = var.create_vpc && var.intra_dedicated_network_acl && length(var.intra_subnets) > 0 ? length(var.intra_inbound_acl_rules) : 0 - - network_acl_id = aws_network_acl.intra[0].id - - egress = false - rule_number = var.intra_inbound_acl_rules[count.index]["rule_number"] - rule_action = var.intra_inbound_acl_rules[count.index]["rule_action"] - from_port = lookup(var.intra_inbound_acl_rules[count.index], "from_port", null) - to_port = lookup(var.intra_inbound_acl_rules[count.index], "to_port", null) - icmp_code = lookup(var.intra_inbound_acl_rules[count.index], "icmp_code", null) - icmp_type = lookup(var.intra_inbound_acl_rules[count.index], "icmp_type", null) - protocol = var.intra_inbound_acl_rules[count.index]["protocol"] - cidr_block = lookup(var.intra_inbound_acl_rules[count.index], "cidr_block", null) - ipv6_cidr_block = lookup(var.intra_inbound_acl_rules[count.index], "ipv6_cidr_block", null) -} - -resource "aws_network_acl_rule" "intra_outbound" { - count = var.create_vpc && var.intra_dedicated_network_acl && length(var.intra_subnets) > 0 ? length(var.intra_outbound_acl_rules) : 0 - - network_acl_id = aws_network_acl.intra[0].id - - egress = true - rule_number = var.intra_outbound_acl_rules[count.index]["rule_number"] - rule_action = var.intra_outbound_acl_rules[count.index]["rule_action"] - from_port = lookup(var.intra_outbound_acl_rules[count.index], "from_port", null) - to_port = lookup(var.intra_outbound_acl_rules[count.index], "to_port", null) - icmp_code = lookup(var.intra_outbound_acl_rules[count.index], "icmp_code", null) - icmp_type = lookup(var.intra_outbound_acl_rules[count.index], "icmp_type", null) - protocol = var.intra_outbound_acl_rules[count.index]["protocol"] - cidr_block = lookup(var.intra_outbound_acl_rules[count.index], "cidr_block", null) - ipv6_cidr_block = lookup(var.intra_outbound_acl_rules[count.index], "ipv6_cidr_block", null) -} - -################################################################################ -# Database Network ACLs -################################################################################ - -resource "aws_network_acl" "database" { - count = var.create_vpc && var.database_dedicated_network_acl && length(var.database_subnets) > 0 ? 1 : 0 - - vpc_id = element(concat(aws_vpc.this.*.id, [""]), 0) - subnet_ids = aws_subnet.database.*.id - - tags = merge( - { - "Name" = format("%s-${var.database_subnet_suffix}", var.name) - }, - var.tags, - var.database_acl_tags, - ) -} - -resource "aws_network_acl_rule" "database_inbound" { - count = var.create_vpc && var.database_dedicated_network_acl && length(var.database_subnets) > 0 ? length(var.database_inbound_acl_rules) : 0 - - network_acl_id = aws_network_acl.database[0].id - - egress = false - rule_number = var.database_inbound_acl_rules[count.index]["rule_number"] - rule_action = var.database_inbound_acl_rules[count.index]["rule_action"] - from_port = lookup(var.database_inbound_acl_rules[count.index], "from_port", null) - to_port = lookup(var.database_inbound_acl_rules[count.index], "to_port", null) - icmp_code = lookup(var.database_inbound_acl_rules[count.index], "icmp_code", null) - icmp_type = lookup(var.database_inbound_acl_rules[count.index], "icmp_type", null) - protocol = var.database_inbound_acl_rules[count.index]["protocol"] - cidr_block = lookup(var.database_inbound_acl_rules[count.index], "cidr_block", null) - ipv6_cidr_block = lookup(var.database_inbound_acl_rules[count.index], "ipv6_cidr_block", null) -} - -resource "aws_network_acl_rule" "database_outbound" { - count = var.create_vpc && var.database_dedicated_network_acl && length(var.database_subnets) > 0 ? length(var.database_outbound_acl_rules) : 0 - - network_acl_id = aws_network_acl.database[0].id - - egress = true - rule_number = var.database_outbound_acl_rules[count.index]["rule_number"] - rule_action = var.database_outbound_acl_rules[count.index]["rule_action"] - from_port = lookup(var.database_outbound_acl_rules[count.index], "from_port", null) - to_port = lookup(var.database_outbound_acl_rules[count.index], "to_port", null) - icmp_code = lookup(var.database_outbound_acl_rules[count.index], "icmp_code", null) - icmp_type = lookup(var.database_outbound_acl_rules[count.index], "icmp_type", null) - protocol = var.database_outbound_acl_rules[count.index]["protocol"] - cidr_block = lookup(var.database_outbound_acl_rules[count.index], "cidr_block", null) - ipv6_cidr_block = lookup(var.database_outbound_acl_rules[count.index], "ipv6_cidr_block", null) -} - -################################################################################ -# Redshift Network ACLs -################################################################################ - -resource "aws_network_acl" "redshift" { - count = var.create_vpc && var.redshift_dedicated_network_acl && length(var.redshift_subnets) > 0 ? 1 : 0 - - vpc_id = element(concat(aws_vpc.this.*.id, [""]), 0) - subnet_ids = aws_subnet.redshift.*.id - - tags = merge( - { - "Name" = format("%s-${var.redshift_subnet_suffix}", var.name) - }, - var.tags, - var.redshift_acl_tags, - ) -} - -resource "aws_network_acl_rule" "redshift_inbound" { - count = var.create_vpc && var.redshift_dedicated_network_acl && length(var.redshift_subnets) > 0 ? length(var.redshift_inbound_acl_rules) : 0 - - network_acl_id = aws_network_acl.redshift[0].id - - egress = false - rule_number = var.redshift_inbound_acl_rules[count.index]["rule_number"] - rule_action = var.redshift_inbound_acl_rules[count.index]["rule_action"] - from_port = lookup(var.redshift_inbound_acl_rules[count.index], "from_port", null) - to_port = lookup(var.redshift_inbound_acl_rules[count.index], "to_port", null) - icmp_code = lookup(var.redshift_inbound_acl_rules[count.index], "icmp_code", null) - icmp_type = lookup(var.redshift_inbound_acl_rules[count.index], "icmp_type", null) - protocol = var.redshift_inbound_acl_rules[count.index]["protocol"] - cidr_block = lookup(var.redshift_inbound_acl_rules[count.index], "cidr_block", null) - ipv6_cidr_block = lookup(var.redshift_inbound_acl_rules[count.index], "ipv6_cidr_block", null) -} - -resource "aws_network_acl_rule" "redshift_outbound" { - count = var.create_vpc && var.redshift_dedicated_network_acl && length(var.redshift_subnets) > 0 ? length(var.redshift_outbound_acl_rules) : 0 - - network_acl_id = aws_network_acl.redshift[0].id - - egress = true - rule_number = var.redshift_outbound_acl_rules[count.index]["rule_number"] - rule_action = var.redshift_outbound_acl_rules[count.index]["rule_action"] - from_port = lookup(var.redshift_outbound_acl_rules[count.index], "from_port", null) - to_port = lookup(var.redshift_outbound_acl_rules[count.index], "to_port", null) - icmp_code = lookup(var.redshift_outbound_acl_rules[count.index], "icmp_code", null) - icmp_type = lookup(var.redshift_outbound_acl_rules[count.index], "icmp_type", null) - protocol = var.redshift_outbound_acl_rules[count.index]["protocol"] - cidr_block = lookup(var.redshift_outbound_acl_rules[count.index], "cidr_block", null) - ipv6_cidr_block = lookup(var.redshift_outbound_acl_rules[count.index], "ipv6_cidr_block", null) -} - -################################################################################ -# Elasticache Network ACLs -################################################################################ - -resource "aws_network_acl" "elasticache" { - count = var.create_vpc && var.elasticache_dedicated_network_acl && length(var.elasticache_subnets) > 0 ? 1 : 0 - - vpc_id = element(concat(aws_vpc.this.*.id, [""]), 0) - subnet_ids = aws_subnet.elasticache.*.id - - tags = merge( - { - "Name" = format("%s-${var.elasticache_subnet_suffix}", var.name) - }, - var.tags, - var.elasticache_acl_tags, - ) -} - -resource "aws_network_acl_rule" "elasticache_inbound" { - count = var.create_vpc && var.elasticache_dedicated_network_acl && length(var.elasticache_subnets) > 0 ? length(var.elasticache_inbound_acl_rules) : 0 - - network_acl_id = aws_network_acl.elasticache[0].id - - egress = false - rule_number = var.elasticache_inbound_acl_rules[count.index]["rule_number"] - rule_action = var.elasticache_inbound_acl_rules[count.index]["rule_action"] - from_port = lookup(var.elasticache_inbound_acl_rules[count.index], "from_port", null) - to_port = lookup(var.elasticache_inbound_acl_rules[count.index], "to_port", null) - icmp_code = lookup(var.elasticache_inbound_acl_rules[count.index], "icmp_code", null) - icmp_type = lookup(var.elasticache_inbound_acl_rules[count.index], "icmp_type", null) - protocol = var.elasticache_inbound_acl_rules[count.index]["protocol"] - cidr_block = lookup(var.elasticache_inbound_acl_rules[count.index], "cidr_block", null) - ipv6_cidr_block = lookup(var.elasticache_inbound_acl_rules[count.index], "ipv6_cidr_block", null) -} - -resource "aws_network_acl_rule" "elasticache_outbound" { - count = var.create_vpc && var.elasticache_dedicated_network_acl && length(var.elasticache_subnets) > 0 ? length(var.elasticache_outbound_acl_rules) : 0 - - network_acl_id = aws_network_acl.elasticache[0].id - - egress = true - rule_number = var.elasticache_outbound_acl_rules[count.index]["rule_number"] - rule_action = var.elasticache_outbound_acl_rules[count.index]["rule_action"] - from_port = lookup(var.elasticache_outbound_acl_rules[count.index], "from_port", null) - to_port = lookup(var.elasticache_outbound_acl_rules[count.index], "to_port", null) - icmp_code = lookup(var.elasticache_outbound_acl_rules[count.index], "icmp_code", null) - icmp_type = lookup(var.elasticache_outbound_acl_rules[count.index], "icmp_type", null) - protocol = var.elasticache_outbound_acl_rules[count.index]["protocol"] - cidr_block = lookup(var.elasticache_outbound_acl_rules[count.index], "cidr_block", null) - ipv6_cidr_block = lookup(var.elasticache_outbound_acl_rules[count.index], "ipv6_cidr_block", null) -} - -################################################################################ -# NAT Gateway -################################################################################ - -# Workaround for interpolation not being able to "short-circuit" the evaluation of the conditional branch that doesn't end up being used -# Source: https://github.com/hashicorp/terraform/issues/11566#issuecomment-289417805 -# -# The logical expression would be -# -# nat_gateway_ips = var.reuse_nat_ips ? var.external_nat_ip_ids : aws_eip.nat.*.id -# -# but then when count of aws_eip.nat.*.id is zero, this would throw a resource not found error on aws_eip.nat.*.id. -locals { - nat_gateway_ips = split( - ",", - var.reuse_nat_ips ? join(",", var.external_nat_ip_ids) : join(",", aws_eip.nat.*.id), - ) -} - -resource "aws_eip" "nat" { - count = var.create_vpc && var.enable_nat_gateway && false == var.reuse_nat_ips ? local.nat_gateway_count : 0 - - vpc = true - - tags = merge( - { - "Name" = format( - "%s-%s", - var.name, - element(var.azs, var.single_nat_gateway ? 0 : count.index), - ) - }, - var.tags, - var.nat_eip_tags, - ) -} - -resource "aws_nat_gateway" "this" { - count = var.create_vpc && var.enable_nat_gateway ? local.nat_gateway_count : 0 - - allocation_id = element( - local.nat_gateway_ips, - var.single_nat_gateway ? 0 : count.index, - ) - subnet_id = element( - aws_subnet.public.*.id, - var.single_nat_gateway ? 0 : count.index, - ) - - tags = merge( - { - "Name" = format( - "%s-%s", - var.name, - element(var.azs, var.single_nat_gateway ? 0 : count.index), - ) - }, - var.tags, - var.nat_gateway_tags, - ) - - depends_on = [aws_internet_gateway.this] -} - -resource "aws_route" "private_nat_gateway" { - count = var.create_vpc && var.enable_nat_gateway ? local.nat_gateway_count : 0 - - route_table_id = element(aws_route_table.private.*.id, count.index) - destination_cidr_block = "0.0.0.0/0" - nat_gateway_id = element(aws_nat_gateway.this.*.id, count.index) - - timeouts { - create = "5m" - } -} - -resource "aws_route" "private_ipv6_egress" { - count = var.create_vpc && var.create_egress_only_igw && var.enable_ipv6 ? length(var.private_subnets) : 0 - - route_table_id = element(aws_route_table.private.*.id, count.index) - destination_ipv6_cidr_block = "::/0" - egress_only_gateway_id = element(aws_egress_only_internet_gateway.this.*.id, 0) -} - -################################################################################ -# Route table association -################################################################################ - -resource "aws_route_table_association" "private" { - count = var.create_vpc && length(var.private_subnets) > 0 ? length(var.private_subnets) : 0 - - subnet_id = element(aws_subnet.private.*.id, count.index) - route_table_id = element( - aws_route_table.private.*.id, - var.single_nat_gateway ? 0 : count.index, - ) -} - -resource "aws_route_table_association" "outpost" { - count = var.create_vpc && length(var.outpost_subnets) > 0 ? length(var.outpost_subnets) : 0 - - subnet_id = element(aws_subnet.outpost.*.id, count.index) - route_table_id = element( - aws_route_table.private.*.id, - var.single_nat_gateway ? 0 : count.index, - ) -} - -resource "aws_route_table_association" "database" { - count = var.create_vpc && length(var.database_subnets) > 0 ? length(var.database_subnets) : 0 - - subnet_id = element(aws_subnet.database.*.id, count.index) - route_table_id = element( - coalescelist(aws_route_table.database.*.id, aws_route_table.private.*.id), - var.create_database_subnet_route_table ? var.single_nat_gateway || var.create_database_internet_gateway_route ? 0 : count.index : count.index, - ) -} - -resource "aws_route_table_association" "redshift" { - count = var.create_vpc && length(var.redshift_subnets) > 0 && false == var.enable_public_redshift ? length(var.redshift_subnets) : 0 - - subnet_id = element(aws_subnet.redshift.*.id, count.index) - route_table_id = element( - coalescelist(aws_route_table.redshift.*.id, aws_route_table.private.*.id), - var.single_nat_gateway || var.create_redshift_subnet_route_table ? 0 : count.index, - ) -} - -resource "aws_route_table_association" "redshift_public" { - count = var.create_vpc && length(var.redshift_subnets) > 0 && var.enable_public_redshift ? length(var.redshift_subnets) : 0 - - subnet_id = element(aws_subnet.redshift.*.id, count.index) - route_table_id = element( - coalescelist(aws_route_table.redshift.*.id, aws_route_table.public.*.id), - var.single_nat_gateway || var.create_redshift_subnet_route_table ? 0 : count.index, - ) -} - -resource "aws_route_table_association" "elasticache" { - count = var.create_vpc && length(var.elasticache_subnets) > 0 ? length(var.elasticache_subnets) : 0 - - subnet_id = element(aws_subnet.elasticache.*.id, count.index) - route_table_id = element( - coalescelist( - aws_route_table.elasticache.*.id, - aws_route_table.private.*.id, - ), - var.single_nat_gateway || var.create_elasticache_subnet_route_table ? 0 : count.index, - ) -} - -resource "aws_route_table_association" "intra" { - count = var.create_vpc && length(var.intra_subnets) > 0 ? length(var.intra_subnets) : 0 - - subnet_id = element(aws_subnet.intra.*.id, count.index) - route_table_id = element(aws_route_table.intra.*.id, 0) -} - -resource "aws_route_table_association" "public" { - count = var.create_vpc && length(var.public_subnets) > 0 ? length(var.public_subnets) : 0 - - subnet_id = element(aws_subnet.public.*.id, count.index) - route_table_id = aws_route_table.public[0].id -} - -################################################################################ -# Customer Gateways -################################################################################ - -resource "aws_customer_gateway" "this" { - for_each = var.customer_gateways - - bgp_asn = each.value["bgp_asn"] - ip_address = each.value["ip_address"] - type = "ipsec.1" - - tags = merge( - { - Name = format("%s-%s", var.name, each.key) - }, - var.tags, - var.customer_gateway_tags, - ) -} - -################################################################################ -# VPN Gateway -################################################################################ - -resource "aws_vpn_gateway" "this" { - count = var.create_vpc && var.enable_vpn_gateway ? 1 : 0 - - vpc_id = local.vpc_id - amazon_side_asn = var.amazon_side_asn - availability_zone = var.vpn_gateway_az - - tags = merge( - { - "Name" = format("%s", var.name) - }, - var.tags, - var.vpn_gateway_tags, - ) -} - -resource "aws_vpn_gateway_attachment" "this" { - count = var.vpn_gateway_id != "" ? 1 : 0 - - vpc_id = local.vpc_id - vpn_gateway_id = var.vpn_gateway_id -} - -resource "aws_vpn_gateway_route_propagation" "public" { - count = var.create_vpc && var.propagate_public_route_tables_vgw && (var.enable_vpn_gateway || var.vpn_gateway_id != "") ? 1 : 0 - - route_table_id = element(aws_route_table.public.*.id, count.index) - vpn_gateway_id = element( - concat( - aws_vpn_gateway.this.*.id, - aws_vpn_gateway_attachment.this.*.vpn_gateway_id, - ), - count.index, - ) -} - -resource "aws_vpn_gateway_route_propagation" "private" { - count = var.create_vpc && var.propagate_private_route_tables_vgw && (var.enable_vpn_gateway || var.vpn_gateway_id != "") ? length(var.private_subnets) : 0 - - route_table_id = element(aws_route_table.private.*.id, count.index) - vpn_gateway_id = element( - concat( - aws_vpn_gateway.this.*.id, - aws_vpn_gateway_attachment.this.*.vpn_gateway_id, - ), - count.index, - ) -} - -resource "aws_vpn_gateway_route_propagation" "intra" { - count = var.create_vpc && var.propagate_intra_route_tables_vgw && (var.enable_vpn_gateway || var.vpn_gateway_id != "") ? length(var.intra_subnets) : 0 - - route_table_id = element(aws_route_table.intra.*.id, count.index) - vpn_gateway_id = element( - concat( - aws_vpn_gateway.this.*.id, - aws_vpn_gateway_attachment.this.*.vpn_gateway_id, - ), - count.index, - ) -} - -################################################################################ -# Defaults -################################################################################ - -resource "aws_default_vpc" "this" { - count = var.manage_default_vpc ? 1 : 0 - - enable_dns_support = var.default_vpc_enable_dns_support - enable_dns_hostnames = var.default_vpc_enable_dns_hostnames - enable_classiclink = var.default_vpc_enable_classiclink - - tags = merge( - { - "Name" = format("%s", var.default_vpc_name) - }, - var.tags, - var.default_vpc_tags, - ) -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/modules/aws-vpc/modules/vpc-endpoints/README.md b/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/modules/aws-vpc/modules/vpc-endpoints/README.md deleted file mode 100644 index f0c45fd8..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/modules/aws-vpc/modules/vpc-endpoints/README.md +++ /dev/null @@ -1,96 +0,0 @@ -# AWS VPC Endpoints Terraform sub-module - -Terraform sub-module which creates VPC endpoint resources on AWS. - -## Usage - -See [`examples`](../../examples) directory for working examples to reference: - -```hcl -module "endpoints" { - source = "terraform-aws-modules/vpc/aws//modules/vpc-endpoints" - - vpc_id = "vpc-12345678" - security_group_ids = ["sg-12345678"] - - endpoints = { - s3 = { - # interface endpoint - service = "s3" - private_dns_enabled = true - tags = { Name = "s3-vpc-endpoint" } - }, - dynamodb = { - # gateway endpoint - service = "dynamodb" - route_table_ids = ["rt-12322456", "rt-43433343", "rt-11223344"] - tags = { Name = "dynamodb-vpc-endpoint" } - }, - sns = { - service = "sns" - subnet_ids = ["subnet-12345678", "subnet-87654321"] - tags = { Name = "sns-vpc-endpoint" } - }, - sqs = { - service = "sqs" - private_dns_enabled = true - security_group_ids = ["sg-987654321"] - subnet_ids = ["subnet-12345678", "subnet-87654321"] - tags = { Name = "sqs-vpc-endpoint" } - }, - } - - tags = { - Owner = "user" - Environment = "dev" - } -} -``` - -## Examples - -- [Complete-VPC](../../examples/complete-vpc) with VPC Endpoints. - - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 0.12.26 | -| [aws](#requirement\_aws) | >= 3.15 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | >= 3.15 | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [aws_vpc_endpoint.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_endpoint) | resource | -| [aws_vpc_endpoint_service.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc_endpoint_service) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [create](#input\_create) | Determines whether resources will be created | `bool` | `true` | no | -| [endpoints](#input\_endpoints) | A map of interface and/or gateway endpoints containing their properties and configurations | `any` | `{}` | no | -| [security\_group\_ids](#input\_security\_group\_ids) | Default security group IDs to associate with the VPC endpoints | `list(string)` | `[]` | no | -| [subnet\_ids](#input\_subnet\_ids) | Default subnets IDs to associate with the VPC endpoints | `list(string)` | `[]` | no | -| [tags](#input\_tags) | A map of tags to use on all resources | `map(string)` | `{}` | no | -| [timeouts](#input\_timeouts) | Define maximum timeout for creating, updating, and deleting VPC endpoint resources | `map(string)` | `{}` | no | -| [vpc\_id](#input\_vpc\_id) | The ID of the VPC in which the endpoint will be used | `string` | `null` | no | - -## Outputs - -| Name | Description | -|------|-------------| -| [endpoints](#output\_endpoints) | Array containing the full resource object and attributes for all endpoints created | - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/modules/aws-vpc/modules/vpc-endpoints/main.tf b/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/modules/aws-vpc/modules/vpc-endpoints/main.tf deleted file mode 100644 index 58b3270e..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/modules/aws-vpc/modules/vpc-endpoints/main.tf +++ /dev/null @@ -1,42 +0,0 @@ -locals { - endpoints = var.create ? var.endpoints : tomap({}) -} - -################################################################################ -# Endpoint(s) -################################################################################ - -data "aws_vpc_endpoint_service" "this" { - for_each = local.endpoints - - service = lookup(each.value, "service", null) - service_name = lookup(each.value, "service_name", null) - - filter { - name = "service-type" - values = [lookup(each.value, "service_type", "Interface")] - } -} - -resource "aws_vpc_endpoint" "this" { - for_each = local.endpoints - - vpc_id = var.vpc_id - service_name = data.aws_vpc_endpoint_service.this[each.key].service_name - vpc_endpoint_type = lookup(each.value, "service_type", "Interface") - auto_accept = lookup(each.value, "auto_accept", null) - - security_group_ids = lookup(each.value, "service_type", "Interface") == "Interface" ? distinct(concat(var.security_group_ids, lookup(each.value, "security_group_ids", []))) : null - subnet_ids = lookup(each.value, "service_type", "Interface") == "Interface" ? distinct(concat(var.subnet_ids, lookup(each.value, "subnet_ids", []))) : null - route_table_ids = lookup(each.value, "service_type", "Interface") == "Gateway" ? lookup(each.value, "route_table_ids", null) : null - policy = lookup(each.value, "policy", null) - private_dns_enabled = lookup(each.value, "service_type", "Interface") == "Interface" ? lookup(each.value, "private_dns_enabled", null) : null - - tags = merge(var.tags, lookup(each.value, "tags", {})) - - timeouts { - create = lookup(var.timeouts, "create", "10m") - update = lookup(var.timeouts, "update", "10m") - delete = lookup(var.timeouts, "delete", "10m") - } -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/modules/aws-vpc/modules/vpc-endpoints/outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/modules/aws-vpc/modules/vpc-endpoints/outputs.tf deleted file mode 100644 index 88aa989f..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/modules/aws-vpc/modules/vpc-endpoints/outputs.tf +++ /dev/null @@ -1,4 +0,0 @@ -output "endpoints" { - description = "Array containing the full resource object and attributes for all endpoints created" - value = aws_vpc_endpoint.this -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/modules/aws-vpc/modules/vpc-endpoints/variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/modules/aws-vpc/modules/vpc-endpoints/variables.tf deleted file mode 100644 index afcebc3d..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/modules/aws-vpc/modules/vpc-endpoints/variables.tf +++ /dev/null @@ -1,41 +0,0 @@ -variable "create" { - description = "Determines whether resources will be created" - type = bool - default = true -} - -variable "vpc_id" { - description = "The ID of the VPC in which the endpoint will be used" - type = string - default = null -} - -variable "endpoints" { - description = "A map of interface and/or gateway endpoints containing their properties and configurations" - type = any - default = {} -} - -variable "security_group_ids" { - description = "Default security group IDs to associate with the VPC endpoints" - type = list(string) - default = [] -} - -variable "subnet_ids" { - description = "Default subnets IDs to associate with the VPC endpoints" - type = list(string) - default = [] -} - -variable "tags" { - description = "A map of tags to use on all resources" - type = map(string) - default = {} -} - -variable "timeouts" { - description = "Define maximum timeout for creating, updating, and deleting VPC endpoint resources" - type = map(string) - default = {} -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/modules/aws-vpc/modules/vpc-endpoints/versions.tf b/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/modules/aws-vpc/modules/vpc-endpoints/versions.tf deleted file mode 100644 index dc46f697..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/modules/aws-vpc/modules/vpc-endpoints/versions.tf +++ /dev/null @@ -1,10 +0,0 @@ -terraform { - required_version = ">= 0.12.26" - - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 3.15" - } - } -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/modules/aws-vpc/outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/modules/aws-vpc/outputs.tf deleted file mode 100644 index aa986603..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/modules/aws-vpc/outputs.tf +++ /dev/null @@ -1,541 +0,0 @@ -output "vpc_id" { - description = "The ID of the VPC" - value = concat(aws_vpc.this.*.id, [""])[0] -} - -output "vpc_arn" { - description = "The ARN of the VPC" - value = concat(aws_vpc.this.*.arn, [""])[0] -} - -output "vpc_cidr_block" { - description = "The CIDR block of the VPC" - value = concat(aws_vpc.this.*.cidr_block, [""])[0] -} - -output "default_security_group_id" { - description = "The ID of the security group created by default on VPC creation" - value = concat(aws_vpc.this.*.default_security_group_id, [""])[0] -} - -output "default_network_acl_id" { - description = "The ID of the default network ACL" - value = concat(aws_vpc.this.*.default_network_acl_id, [""])[0] -} - -output "default_route_table_id" { - description = "The ID of the default route table" - value = concat(aws_vpc.this.*.default_route_table_id, [""])[0] -} - -output "vpc_instance_tenancy" { - description = "Tenancy of instances spin up within VPC" - value = concat(aws_vpc.this.*.instance_tenancy, [""])[0] -} - -output "vpc_enable_dns_support" { - description = "Whether or not the VPC has DNS support" - value = concat(aws_vpc.this.*.enable_dns_support, [""])[0] -} - -output "vpc_enable_dns_hostnames" { - description = "Whether or not the VPC has DNS hostname support" - value = concat(aws_vpc.this.*.enable_dns_hostnames, [""])[0] -} - -output "vpc_main_route_table_id" { - description = "The ID of the main route table associated with this VPC" - value = concat(aws_vpc.this.*.main_route_table_id, [""])[0] -} - -output "vpc_ipv6_association_id" { - description = "The association ID for the IPv6 CIDR block" - value = concat(aws_vpc.this.*.ipv6_association_id, [""])[0] -} - -output "vpc_ipv6_cidr_block" { - description = "The IPv6 CIDR block" - value = concat(aws_vpc.this.*.ipv6_cidr_block, [""])[0] -} - -output "vpc_secondary_cidr_blocks" { - description = "List of secondary CIDR blocks of the VPC" - value = aws_vpc_ipv4_cidr_block_association.this.*.cidr_block -} - -output "vpc_owner_id" { - description = "The ID of the AWS account that owns the VPC" - value = concat(aws_vpc.this.*.owner_id, [""])[0] -} - -output "private_subnets" { - description = "List of IDs of private subnets" - value = aws_subnet.private.*.id -} - -output "private_subnet_arns" { - description = "List of ARNs of private subnets" - value = aws_subnet.private.*.arn -} - -output "private_subnets_cidr_blocks" { - description = "List of cidr_blocks of private subnets" - value = aws_subnet.private.*.cidr_block -} - -output "private_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of private subnets in an IPv6 enabled VPC" - value = aws_subnet.private.*.ipv6_cidr_block -} - -output "public_subnets" { - description = "List of IDs of public subnets" - value = aws_subnet.public.*.id -} - -output "public_subnet_arns" { - description = "List of ARNs of public subnets" - value = aws_subnet.public.*.arn -} - -output "public_subnets_cidr_blocks" { - description = "List of cidr_blocks of public subnets" - value = aws_subnet.public.*.cidr_block -} - -output "public_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of public subnets in an IPv6 enabled VPC" - value = aws_subnet.public.*.ipv6_cidr_block -} - -output "outpost_subnets" { - description = "List of IDs of outpost subnets" - value = aws_subnet.outpost.*.id -} - -output "outpost_subnet_arns" { - description = "List of ARNs of outpost subnets" - value = aws_subnet.outpost.*.arn -} - -output "outpost_subnets_cidr_blocks" { - description = "List of cidr_blocks of outpost subnets" - value = aws_subnet.outpost.*.cidr_block -} - -output "outpost_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of outpost subnets in an IPv6 enabled VPC" - value = aws_subnet.outpost.*.ipv6_cidr_block -} - -output "database_subnets" { - description = "List of IDs of database subnets" - value = aws_subnet.database.*.id -} - -output "database_subnet_arns" { - description = "List of ARNs of database subnets" - value = aws_subnet.database.*.arn -} - -output "database_subnets_cidr_blocks" { - description = "List of cidr_blocks of database subnets" - value = aws_subnet.database.*.cidr_block -} - -output "database_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of database subnets in an IPv6 enabled VPC" - value = aws_subnet.database.*.ipv6_cidr_block -} - -output "database_subnet_group" { - description = "ID of database subnet group" - value = concat(aws_db_subnet_group.database.*.id, [""])[0] -} - -output "database_subnet_group_name" { - description = "Name of database subnet group" - value = concat(aws_db_subnet_group.database.*.name, [""])[0] -} - -output "redshift_subnets" { - description = "List of IDs of redshift subnets" - value = aws_subnet.redshift.*.id -} - -output "redshift_subnet_arns" { - description = "List of ARNs of redshift subnets" - value = aws_subnet.redshift.*.arn -} - -output "redshift_subnets_cidr_blocks" { - description = "List of cidr_blocks of redshift subnets" - value = aws_subnet.redshift.*.cidr_block -} - -output "redshift_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of redshift subnets in an IPv6 enabled VPC" - value = aws_subnet.redshift.*.ipv6_cidr_block -} - -output "redshift_subnet_group" { - description = "ID of redshift subnet group" - value = concat(aws_redshift_subnet_group.redshift.*.id, [""])[0] -} - -output "elasticache_subnets" { - description = "List of IDs of elasticache subnets" - value = aws_subnet.elasticache.*.id -} - -output "elasticache_subnet_arns" { - description = "List of ARNs of elasticache subnets" - value = aws_subnet.elasticache.*.arn -} - -output "elasticache_subnets_cidr_blocks" { - description = "List of cidr_blocks of elasticache subnets" - value = aws_subnet.elasticache.*.cidr_block -} - -output "elasticache_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of elasticache subnets in an IPv6 enabled VPC" - value = aws_subnet.elasticache.*.ipv6_cidr_block -} - -output "intra_subnets" { - description = "List of IDs of intra subnets" - value = aws_subnet.intra.*.id -} - -output "intra_subnet_arns" { - description = "List of ARNs of intra subnets" - value = aws_subnet.intra.*.arn -} - -output "intra_subnets_cidr_blocks" { - description = "List of cidr_blocks of intra subnets" - value = aws_subnet.intra.*.cidr_block -} - -output "intra_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of intra subnets in an IPv6 enabled VPC" - value = aws_subnet.intra.*.ipv6_cidr_block -} - -output "elasticache_subnet_group" { - description = "ID of elasticache subnet group" - value = concat(aws_elasticache_subnet_group.elasticache.*.id, [""])[0] -} - -output "elasticache_subnet_group_name" { - description = "Name of elasticache subnet group" - value = concat(aws_elasticache_subnet_group.elasticache.*.name, [""])[0] -} - -output "public_route_table_ids" { - description = "List of IDs of public route tables" - value = aws_route_table.public.*.id -} - -output "private_route_table_ids" { - description = "List of IDs of private route tables" - value = aws_route_table.private.*.id -} - -output "database_route_table_ids" { - description = "List of IDs of database route tables" - value = length(aws_route_table.database.*.id) > 0 ? aws_route_table.database.*.id : aws_route_table.private.*.id -} - -output "redshift_route_table_ids" { - description = "List of IDs of redshift route tables" - value = length(aws_route_table.redshift.*.id) > 0 ? aws_route_table.redshift.*.id : aws_route_table.private.*.id -} - -output "elasticache_route_table_ids" { - description = "List of IDs of elasticache route tables" - value = length(aws_route_table.elasticache.*.id) > 0 ? aws_route_table.elasticache.*.id : aws_route_table.private.*.id -} - -output "intra_route_table_ids" { - description = "List of IDs of intra route tables" - value = aws_route_table.intra.*.id -} - -output "public_internet_gateway_route_id" { - description = "ID of the internet gateway route." - value = concat(aws_route.public_internet_gateway.*.id, [""])[0] -} - -output "public_internet_gateway_ipv6_route_id" { - description = "ID of the IPv6 internet gateway route." - value = concat(aws_route.public_internet_gateway_ipv6.*.id, [""])[0] -} - -output "database_internet_gateway_route_id" { - description = "ID of the database internet gateway route." - value = concat(aws_route.database_internet_gateway.*.id, [""])[0] -} - -output "database_nat_gateway_route_ids" { - description = "List of IDs of the database nat gateway route." - value = aws_route.database_nat_gateway.*.id -} - -output "database_ipv6_egress_route_id" { - description = "ID of the database IPv6 egress route." - value = concat(aws_route.database_ipv6_egress.*.id, [""])[0] -} - -output "private_nat_gateway_route_ids" { - description = "List of IDs of the private nat gateway route." - value = aws_route.private_nat_gateway.*.id -} - -output "private_ipv6_egress_route_ids" { - description = "List of IDs of the ipv6 egress route." - value = aws_route.private_ipv6_egress.*.id -} - -output "private_route_table_association_ids" { - description = "List of IDs of the private route table association" - value = aws_route_table_association.private.*.id -} - -output "database_route_table_association_ids" { - description = "List of IDs of the database route table association" - value = aws_route_table_association.database.*.id -} - -output "redshift_route_table_association_ids" { - description = "List of IDs of the redshift route table association" - value = aws_route_table_association.redshift.*.id -} - -output "redshift_public_route_table_association_ids" { - description = "List of IDs of the public redshidt route table association" - value = aws_route_table_association.redshift_public.*.id -} - -output "elasticache_route_table_association_ids" { - description = "List of IDs of the elasticache route table association" - value = aws_route_table_association.elasticache.*.id -} - -output "intra_route_table_association_ids" { - description = "List of IDs of the intra route table association" - value = aws_route_table_association.intra.*.id -} - -output "public_route_table_association_ids" { - description = "List of IDs of the public route table association" - value = aws_route_table_association.public.*.id -} - -output "nat_ids" { - description = "List of allocation ID of Elastic IPs created for AWS NAT Gateway" - value = aws_eip.nat.*.id -} - -output "nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = var.reuse_nat_ips ? var.external_nat_ips : aws_eip.nat.*.public_ip -} - -output "natgw_ids" { - description = "List of NAT Gateway IDs" - value = aws_nat_gateway.this.*.id -} - -output "igw_id" { - description = "The ID of the Internet Gateway" - value = concat(aws_internet_gateway.this.*.id, [""])[0] -} - -output "igw_arn" { - description = "The ARN of the Internet Gateway" - value = concat(aws_internet_gateway.this.*.arn, [""])[0] -} - -output "egress_only_internet_gateway_id" { - description = "The ID of the egress only Internet Gateway" - value = concat(aws_egress_only_internet_gateway.this.*.id, [""])[0] -} - -output "cgw_ids" { - description = "List of IDs of Customer Gateway" - value = [for k, v in aws_customer_gateway.this : v.id] -} - -output "cgw_arns" { - description = "List of ARNs of Customer Gateway" - value = [for k, v in aws_customer_gateway.this : v.arn] -} - -output "this_customer_gateway" { - description = "Map of Customer Gateway attributes" - value = aws_customer_gateway.this -} - -output "vgw_id" { - description = "The ID of the VPN Gateway" - value = concat(aws_vpn_gateway.this.*.id, aws_vpn_gateway_attachment.this.*.vpn_gateway_id, [""])[0] -} - -output "vgw_arn" { - description = "The ARN of the VPN Gateway" - value = concat(aws_vpn_gateway.this.*.arn, [""])[0] -} - -output "default_vpc_id" { - description = "The ID of the Default VPC" - value = concat(aws_default_vpc.this.*.id, [""])[0] -} - -output "default_vpc_arn" { - description = "The ARN of the Default VPC" - value = concat(aws_default_vpc.this.*.arn, [""])[0] -} - -output "default_vpc_cidr_block" { - description = "The CIDR block of the Default VPC" - value = concat(aws_default_vpc.this.*.cidr_block, [""])[0] -} - -output "default_vpc_default_security_group_id" { - description = "The ID of the security group created by default on Default VPC creation" - value = concat(aws_default_vpc.this.*.default_security_group_id, [""])[0] -} - -output "default_vpc_default_network_acl_id" { - description = "The ID of the default network ACL of the Default VPC" - value = concat(aws_default_vpc.this.*.default_network_acl_id, [""])[0] -} - -output "default_vpc_default_route_table_id" { - description = "The ID of the default route table of the Default VPC" - value = concat(aws_default_vpc.this.*.default_route_table_id, [""])[0] -} - -output "default_vpc_instance_tenancy" { - description = "Tenancy of instances spin up within Default VPC" - value = concat(aws_default_vpc.this.*.instance_tenancy, [""])[0] -} - -output "default_vpc_enable_dns_support" { - description = "Whether or not the Default VPC has DNS support" - value = concat(aws_default_vpc.this.*.enable_dns_support, [""])[0] -} - -output "default_vpc_enable_dns_hostnames" { - description = "Whether or not the Default VPC has DNS hostname support" - value = concat(aws_default_vpc.this.*.enable_dns_hostnames, [""])[0] -} - -output "default_vpc_main_route_table_id" { - description = "The ID of the main route table associated with the Default VPC" - value = concat(aws_default_vpc.this.*.main_route_table_id, [""])[0] -} - -output "public_network_acl_id" { - description = "ID of the public network ACL" - value = concat(aws_network_acl.public.*.id, [""])[0] -} - -output "public_network_acl_arn" { - description = "ARN of the public network ACL" - value = concat(aws_network_acl.public.*.arn, [""])[0] -} - -output "private_network_acl_id" { - description = "ID of the private network ACL" - value = concat(aws_network_acl.private.*.id, [""])[0] -} - -output "private_network_acl_arn" { - description = "ARN of the private network ACL" - value = concat(aws_network_acl.private.*.arn, [""])[0] -} - -output "outpost_network_acl_id" { - description = "ID of the outpost network ACL" - value = concat(aws_network_acl.outpost.*.id, [""])[0] -} - -output "outpost_network_acl_arn" { - description = "ARN of the outpost network ACL" - value = concat(aws_network_acl.outpost.*.arn, [""])[0] -} - -output "intra_network_acl_id" { - description = "ID of the intra network ACL" - value = concat(aws_network_acl.intra.*.id, [""])[0] -} - -output "intra_network_acl_arn" { - description = "ARN of the intra network ACL" - value = concat(aws_network_acl.intra.*.arn, [""])[0] -} - -output "database_network_acl_id" { - description = "ID of the database network ACL" - value = concat(aws_network_acl.database.*.id, [""])[0] -} - -output "database_network_acl_arn" { - description = "ARN of the database network ACL" - value = concat(aws_network_acl.database.*.arn, [""])[0] -} - -output "redshift_network_acl_id" { - description = "ID of the redshift network ACL" - value = concat(aws_network_acl.redshift.*.id, [""])[0] -} - -output "redshift_network_acl_arn" { - description = "ARN of the redshift network ACL" - value = concat(aws_network_acl.redshift.*.arn, [""])[0] -} - -output "elasticache_network_acl_id" { - description = "ID of the elasticache network ACL" - value = concat(aws_network_acl.elasticache.*.id, [""])[0] -} - -output "elasticache_network_acl_arn" { - description = "ARN of the elasticache network ACL" - value = concat(aws_network_acl.elasticache.*.arn, [""])[0] -} - -# VPC flow log -output "vpc_flow_log_id" { - description = "The ID of the Flow Log resource" - value = concat(aws_flow_log.this.*.id, [""])[0] -} - -output "vpc_flow_log_destination_arn" { - description = "The ARN of the destination for VPC Flow Logs" - value = local.flow_log_destination_arn -} - -output "vpc_flow_log_destination_type" { - description = "The type of the destination for VPC Flow Logs" - value = var.flow_log_destination_type -} - -output "vpc_flow_log_cloudwatch_iam_role_arn" { - description = "The ARN of the IAM role used when pushing logs to Cloudwatch log group" - value = local.flow_log_iam_role_arn -} - -# Static values (arguments) -output "azs" { - description = "A list of availability zones specified as argument to this module" - value = var.azs -} - -output "name" { - description = "The name of the VPC specified as argument to this module" - value = var.name -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/modules/aws-vpc/variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/modules/aws-vpc/variables.tf deleted file mode 100644 index 9754193c..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/modules/aws-vpc/variables.tf +++ /dev/null @@ -1,1129 +0,0 @@ -variable "create_vpc" { - description = "Controls if VPC should be created (it affects almost all resources)" - type = bool - default = true -} - -variable "name" { - description = "Name to be used on all the resources as identifier" - type = string - default = "" -} - -variable "cidr" { - description = "The CIDR block for the VPC. Default value is a valid CIDR, but not acceptable by AWS and should be overridden" - type = string - default = "0.0.0.0/0" -} - -variable "enable_ipv6" { - description = "Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block." - type = bool - default = false -} - -variable "private_subnet_ipv6_prefixes" { - description = "Assigns IPv6 private subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list" - type = list(string) - default = [] -} - -variable "public_subnet_ipv6_prefixes" { - description = "Assigns IPv6 public subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list" - type = list(string) - default = [] -} - -variable "outpost_subnet_ipv6_prefixes" { - description = "Assigns IPv6 outpost subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list" - type = list(string) - default = [] -} - -variable "database_subnet_ipv6_prefixes" { - description = "Assigns IPv6 database subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list" - type = list(string) - default = [] -} - -variable "redshift_subnet_ipv6_prefixes" { - description = "Assigns IPv6 redshift subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list" - type = list(string) - default = [] -} - -variable "elasticache_subnet_ipv6_prefixes" { - description = "Assigns IPv6 elasticache subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list" - type = list(string) - default = [] -} - -variable "intra_subnet_ipv6_prefixes" { - description = "Assigns IPv6 intra subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list" - type = list(string) - default = [] -} - -variable "assign_ipv6_address_on_creation" { - description = "Assign IPv6 address on subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch" - type = bool - default = false -} - -variable "private_subnet_assign_ipv6_address_on_creation" { - description = "Assign IPv6 address on private subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch" - type = bool - default = null -} - -variable "public_subnet_assign_ipv6_address_on_creation" { - description = "Assign IPv6 address on public subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch" - type = bool - default = null -} - -variable "outpost_subnet_assign_ipv6_address_on_creation" { - description = "Assign IPv6 address on outpost subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch" - type = bool - default = null -} - -variable "database_subnet_assign_ipv6_address_on_creation" { - description = "Assign IPv6 address on database subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch" - type = bool - default = null -} - -variable "redshift_subnet_assign_ipv6_address_on_creation" { - description = "Assign IPv6 address on redshift subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch" - type = bool - default = null -} - -variable "elasticache_subnet_assign_ipv6_address_on_creation" { - description = "Assign IPv6 address on elasticache subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch" - type = bool - default = null -} - -variable "intra_subnet_assign_ipv6_address_on_creation" { - description = "Assign IPv6 address on intra subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch" - type = bool - default = null -} - -variable "secondary_cidr_blocks" { - description = "List of secondary CIDR blocks to associate with the VPC to extend the IP Address pool" - type = list(string) - default = [] -} - -variable "instance_tenancy" { - description = "A tenancy option for instances launched into the VPC" - type = string - default = "default" -} - -variable "public_subnet_suffix" { - description = "Suffix to append to public subnets name" - type = string - default = "public" -} - -variable "private_subnet_suffix" { - description = "Suffix to append to private subnets name" - type = string - default = "private" -} - -variable "outpost_subnet_suffix" { - description = "Suffix to append to outpost subnets name" - type = string - default = "outpost" -} - -variable "intra_subnet_suffix" { - description = "Suffix to append to intra subnets name" - type = string - default = "intra" -} - -variable "database_subnet_suffix" { - description = "Suffix to append to database subnets name" - type = string - default = "db" -} - -variable "redshift_subnet_suffix" { - description = "Suffix to append to redshift subnets name" - type = string - default = "redshift" -} - -variable "elasticache_subnet_suffix" { - description = "Suffix to append to elasticache subnets name" - type = string - default = "elasticache" -} - -variable "public_subnets" { - description = "A list of public subnets inside the VPC" - type = list(string) - default = [] -} - -variable "private_subnets" { - description = "A list of private subnets inside the VPC" - type = list(string) - default = [] -} - -variable "outpost_subnets" { - description = "A list of outpost subnets inside the VPC" - type = list(string) - default = [] -} - -variable "database_subnets" { - description = "A list of database subnets" - type = list(string) - default = [] -} - -variable "redshift_subnets" { - description = "A list of redshift subnets" - type = list(string) - default = [] -} - -variable "elasticache_subnets" { - description = "A list of elasticache subnets" - type = list(string) - default = [] -} - -variable "intra_subnets" { - description = "A list of intra subnets" - type = list(string) - default = [] -} - -variable "create_database_subnet_route_table" { - description = "Controls if separate route table for database should be created" - type = bool - default = false -} - -variable "create_redshift_subnet_route_table" { - description = "Controls if separate route table for redshift should be created" - type = bool - default = false -} - -variable "enable_public_redshift" { - description = "Controls if redshift should have public routing table" - type = bool - default = false -} - -variable "create_elasticache_subnet_route_table" { - description = "Controls if separate route table for elasticache should be created" - type = bool - default = false -} - -variable "create_database_subnet_group" { - description = "Controls if database subnet group should be created (n.b. database_subnets must also be set)" - type = bool - default = true -} - -variable "create_elasticache_subnet_group" { - description = "Controls if elasticache subnet group should be created" - type = bool - default = true -} - -variable "create_redshift_subnet_group" { - description = "Controls if redshift subnet group should be created" - type = bool - default = true -} - -variable "create_database_internet_gateway_route" { - description = "Controls if an internet gateway route for public database access should be created" - type = bool - default = false -} - -variable "create_database_nat_gateway_route" { - description = "Controls if a nat gateway route should be created to give internet access to the database subnets" - type = bool - default = false -} - -variable "azs" { - description = "A list of availability zones names or ids in the region" - type = list(string) - default = [] -} - -variable "enable_dns_hostnames" { - description = "Should be true to enable DNS hostnames in the VPC" - type = bool - default = false -} - -variable "enable_dns_support" { - description = "Should be true to enable DNS support in the VPC" - type = bool - default = true -} - -variable "enable_classiclink" { - description = "Should be true to enable ClassicLink for the VPC. Only valid in regions and accounts that support EC2 Classic." - type = bool - default = null -} - -variable "enable_classiclink_dns_support" { - description = "Should be true to enable ClassicLink DNS Support for the VPC. Only valid in regions and accounts that support EC2 Classic." - type = bool - default = null -} - -variable "enable_nat_gateway" { - description = "Should be true if you want to provision NAT Gateways for each of your private networks" - type = bool - default = false -} - -variable "single_nat_gateway" { - description = "Should be true if you want to provision a single shared NAT Gateway across all of your private networks" - type = bool - default = false -} - -variable "one_nat_gateway_per_az" { - description = "Should be true if you want only one NAT Gateway per availability zone. Requires `var.azs` to be set, and the number of `public_subnets` created to be greater than or equal to the number of availability zones specified in `var.azs`." - type = bool - default = false -} - -variable "reuse_nat_ips" { - description = "Should be true if you don't want EIPs to be created for your NAT Gateways and will instead pass them in via the 'external_nat_ip_ids' variable" - type = bool - default = false -} - -variable "external_nat_ip_ids" { - description = "List of EIP IDs to be assigned to the NAT Gateways (used in combination with reuse_nat_ips)" - type = list(string) - default = [] -} - -variable "external_nat_ips" { - description = "List of EIPs to be used for `nat_public_ips` output (used in combination with reuse_nat_ips and external_nat_ip_ids)" - type = list(string) - default = [] -} - -variable "map_public_ip_on_launch" { - description = "Should be false if you do not want to auto-assign public IP on launch" - type = bool - default = true -} - -variable "customer_gateways" { - description = "Maps of Customer Gateway's attributes (BGP ASN and Gateway's Internet-routable external IP address)" - type = map(map(any)) - default = {} -} - -variable "enable_vpn_gateway" { - description = "Should be true if you want to create a new VPN Gateway resource and attach it to the VPC" - type = bool - default = false -} - -variable "vpn_gateway_id" { - description = "ID of VPN Gateway to attach to the VPC" - type = string - default = "" -} - -variable "amazon_side_asn" { - description = "The Autonomous System Number (ASN) for the Amazon side of the gateway. By default the virtual private gateway is created with the current default Amazon ASN." - type = string - default = "64512" -} - -variable "vpn_gateway_az" { - description = "The Availability Zone for the VPN Gateway" - type = string - default = null -} - -variable "propagate_intra_route_tables_vgw" { - description = "Should be true if you want route table propagation" - type = bool - default = false -} - -variable "propagate_private_route_tables_vgw" { - description = "Should be true if you want route table propagation" - type = bool - default = false -} - -variable "propagate_public_route_tables_vgw" { - description = "Should be true if you want route table propagation" - type = bool - default = false -} - -variable "manage_default_route_table" { - description = "Should be true to manage default route table" - type = bool - default = false -} - -variable "default_route_table_propagating_vgws" { - description = "List of virtual gateways for propagation" - type = list(string) - default = [] -} - -variable "default_route_table_routes" { - description = "Configuration block of routes. See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_route_table#route" - type = list(map(string)) - default = [] -} - -variable "default_route_table_tags" { - description = "Additional tags for the default route table" - type = map(string) - default = {} -} - -variable "tags" { - description = "A map of tags to add to all resources" - type = map(string) - default = {} -} - -variable "vpc_tags" { - description = "Additional tags for the VPC" - type = map(string) - default = {} -} - -variable "igw_tags" { - description = "Additional tags for the internet gateway" - type = map(string) - default = {} -} - -variable "public_subnet_tags" { - description = "Additional tags for the public subnets" - type = map(string) - default = {} -} - -variable "private_subnet_tags" { - description = "Additional tags for the private subnets" - type = map(string) - default = {} -} - -variable "outpost_subnet_tags" { - description = "Additional tags for the outpost subnets" - type = map(string) - default = {} -} - -variable "public_route_table_tags" { - description = "Additional tags for the public route tables" - type = map(string) - default = {} -} - -variable "private_route_table_tags" { - description = "Additional tags for the private route tables" - type = map(string) - default = {} -} - -variable "database_route_table_tags" { - description = "Additional tags for the database route tables" - type = map(string) - default = {} -} - -variable "redshift_route_table_tags" { - description = "Additional tags for the redshift route tables" - type = map(string) - default = {} -} - -variable "elasticache_route_table_tags" { - description = "Additional tags for the elasticache route tables" - type = map(string) - default = {} -} - -variable "intra_route_table_tags" { - description = "Additional tags for the intra route tables" - type = map(string) - default = {} -} - -variable "database_subnet_tags" { - description = "Additional tags for the database subnets" - type = map(string) - default = {} -} - -variable "database_subnet_group_tags" { - description = "Additional tags for the database subnet group" - type = map(string) - default = {} -} - -variable "redshift_subnet_tags" { - description = "Additional tags for the redshift subnets" - type = map(string) - default = {} -} - -variable "redshift_subnet_group_tags" { - description = "Additional tags for the redshift subnet group" - type = map(string) - default = {} -} - -variable "elasticache_subnet_tags" { - description = "Additional tags for the elasticache subnets" - type = map(string) - default = {} -} - -variable "intra_subnet_tags" { - description = "Additional tags for the intra subnets" - type = map(string) - default = {} -} - -variable "public_acl_tags" { - description = "Additional tags for the public subnets network ACL" - type = map(string) - default = {} -} - -variable "private_acl_tags" { - description = "Additional tags for the private subnets network ACL" - type = map(string) - default = {} -} - -variable "outpost_acl_tags" { - description = "Additional tags for the outpost subnets network ACL" - type = map(string) - default = {} -} - -variable "intra_acl_tags" { - description = "Additional tags for the intra subnets network ACL" - type = map(string) - default = {} -} - -variable "database_acl_tags" { - description = "Additional tags for the database subnets network ACL" - type = map(string) - default = {} -} - -variable "redshift_acl_tags" { - description = "Additional tags for the redshift subnets network ACL" - type = map(string) - default = {} -} - -variable "elasticache_acl_tags" { - description = "Additional tags for the elasticache subnets network ACL" - type = map(string) - default = {} -} - -variable "dhcp_options_tags" { - description = "Additional tags for the DHCP option set (requires enable_dhcp_options set to true)" - type = map(string) - default = {} -} - -variable "nat_gateway_tags" { - description = "Additional tags for the NAT gateways" - type = map(string) - default = {} -} - -variable "nat_eip_tags" { - description = "Additional tags for the NAT EIP" - type = map(string) - default = {} -} - -variable "customer_gateway_tags" { - description = "Additional tags for the Customer Gateway" - type = map(string) - default = {} -} - -variable "vpn_gateway_tags" { - description = "Additional tags for the VPN gateway" - type = map(string) - default = {} -} - -variable "vpc_flow_log_tags" { - description = "Additional tags for the VPC Flow Logs" - type = map(string) - default = {} -} - -variable "vpc_flow_log_permissions_boundary" { - description = "The ARN of the Permissions Boundary for the VPC Flow Log IAM Role" - type = string - default = null -} - -variable "enable_dhcp_options" { - description = "Should be true if you want to specify a DHCP options set with a custom domain name, DNS servers, NTP servers, netbios servers, and/or netbios server type" - type = bool - default = false -} - -variable "dhcp_options_domain_name" { - description = "Specifies DNS name for DHCP options set (requires enable_dhcp_options set to true)" - type = string - default = "" -} - -variable "dhcp_options_domain_name_servers" { - description = "Specify a list of DNS server addresses for DHCP options set, default to AWS provided (requires enable_dhcp_options set to true)" - type = list(string) - default = ["AmazonProvidedDNS"] -} - -variable "dhcp_options_ntp_servers" { - description = "Specify a list of NTP servers for DHCP options set (requires enable_dhcp_options set to true)" - type = list(string) - default = [] -} - -variable "dhcp_options_netbios_name_servers" { - description = "Specify a list of netbios servers for DHCP options set (requires enable_dhcp_options set to true)" - type = list(string) - default = [] -} - -variable "dhcp_options_netbios_node_type" { - description = "Specify netbios node_type for DHCP options set (requires enable_dhcp_options set to true)" - type = string - default = "" -} - -variable "manage_default_vpc" { - description = "Should be true to adopt and manage Default VPC" - type = bool - default = false -} - -variable "default_vpc_name" { - description = "Name to be used on the Default VPC" - type = string - default = "" -} - -variable "default_vpc_enable_dns_support" { - description = "Should be true to enable DNS support in the Default VPC" - type = bool - default = true -} - -variable "default_vpc_enable_dns_hostnames" { - description = "Should be true to enable DNS hostnames in the Default VPC" - type = bool - default = false -} - -variable "default_vpc_enable_classiclink" { - description = "Should be true to enable ClassicLink in the Default VPC" - type = bool - default = false -} - -variable "default_vpc_tags" { - description = "Additional tags for the Default VPC" - type = map(string) - default = {} -} - -variable "manage_default_network_acl" { - description = "Should be true to adopt and manage Default Network ACL" - type = bool - default = false -} - -variable "default_network_acl_name" { - description = "Name to be used on the Default Network ACL" - type = string - default = "" -} - -variable "default_network_acl_tags" { - description = "Additional tags for the Default Network ACL" - type = map(string) - default = {} -} - -variable "public_dedicated_network_acl" { - description = "Whether to use dedicated network ACL (not default) and custom rules for public subnets" - type = bool - default = false -} - -variable "private_dedicated_network_acl" { - description = "Whether to use dedicated network ACL (not default) and custom rules for private subnets" - type = bool - default = false -} - -variable "outpost_dedicated_network_acl" { - description = "Whether to use dedicated network ACL (not default) and custom rules for outpost subnets" - type = bool - default = false -} - -variable "intra_dedicated_network_acl" { - description = "Whether to use dedicated network ACL (not default) and custom rules for intra subnets" - type = bool - default = false -} - -variable "database_dedicated_network_acl" { - description = "Whether to use dedicated network ACL (not default) and custom rules for database subnets" - type = bool - default = false -} - -variable "redshift_dedicated_network_acl" { - description = "Whether to use dedicated network ACL (not default) and custom rules for redshift subnets" - type = bool - default = false -} - -variable "elasticache_dedicated_network_acl" { - description = "Whether to use dedicated network ACL (not default) and custom rules for elasticache subnets" - type = bool - default = false -} - -variable "default_network_acl_ingress" { - description = "List of maps of ingress rules to set on the Default Network ACL" - type = list(map(string)) - - default = [ - { - rule_no = 100 - action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_block = "0.0.0.0/0" - }, - { - rule_no = 101 - action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - ipv6_cidr_block = "::/0" - }, - ] -} - -variable "default_network_acl_egress" { - description = "List of maps of egress rules to set on the Default Network ACL" - type = list(map(string)) - - default = [ - { - rule_no = 100 - action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_block = "0.0.0.0/0" - }, - { - rule_no = 101 - action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - ipv6_cidr_block = "::/0" - }, - ] -} - -variable "public_inbound_acl_rules" { - description = "Public subnets inbound network ACLs" - type = list(map(string)) - - default = [ - { - rule_number = 100 - rule_action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_block = "0.0.0.0/0" - }, - ] -} - -variable "public_outbound_acl_rules" { - description = "Public subnets outbound network ACLs" - type = list(map(string)) - - default = [ - { - rule_number = 100 - rule_action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_block = "0.0.0.0/0" - }, - ] -} - -variable "private_inbound_acl_rules" { - description = "Private subnets inbound network ACLs" - type = list(map(string)) - - default = [ - { - rule_number = 100 - rule_action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_block = "0.0.0.0/0" - }, - ] -} - -variable "private_outbound_acl_rules" { - description = "Private subnets outbound network ACLs" - type = list(map(string)) - - default = [ - { - rule_number = 100 - rule_action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_block = "0.0.0.0/0" - }, - ] -} - -variable "outpost_inbound_acl_rules" { - description = "Outpost subnets inbound network ACLs" - type = list(map(string)) - - default = [ - { - rule_number = 100 - rule_action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_block = "0.0.0.0/0" - }, - ] -} - -variable "outpost_outbound_acl_rules" { - description = "Outpost subnets outbound network ACLs" - type = list(map(string)) - - default = [ - { - rule_number = 100 - rule_action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_block = "0.0.0.0/0" - }, - ] -} - -variable "intra_inbound_acl_rules" { - description = "Intra subnets inbound network ACLs" - type = list(map(string)) - - default = [ - { - rule_number = 100 - rule_action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_block = "0.0.0.0/0" - }, - ] -} - -variable "intra_outbound_acl_rules" { - description = "Intra subnets outbound network ACLs" - type = list(map(string)) - - default = [ - { - rule_number = 100 - rule_action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_block = "0.0.0.0/0" - }, - ] -} - -variable "database_inbound_acl_rules" { - description = "Database subnets inbound network ACL rules" - type = list(map(string)) - - default = [ - { - rule_number = 100 - rule_action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_block = "0.0.0.0/0" - }, - ] -} - -variable "database_outbound_acl_rules" { - description = "Database subnets outbound network ACL rules" - type = list(map(string)) - - default = [ - { - rule_number = 100 - rule_action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_block = "0.0.0.0/0" - }, - ] -} - -variable "redshift_inbound_acl_rules" { - description = "Redshift subnets inbound network ACL rules" - type = list(map(string)) - - default = [ - { - rule_number = 100 - rule_action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_block = "0.0.0.0/0" - }, - ] -} - -variable "redshift_outbound_acl_rules" { - description = "Redshift subnets outbound network ACL rules" - type = list(map(string)) - - default = [ - { - rule_number = 100 - rule_action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_block = "0.0.0.0/0" - }, - ] -} - -variable "elasticache_inbound_acl_rules" { - description = "Elasticache subnets inbound network ACL rules" - type = list(map(string)) - - default = [ - { - rule_number = 100 - rule_action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_block = "0.0.0.0/0" - }, - ] -} - -variable "elasticache_outbound_acl_rules" { - description = "Elasticache subnets outbound network ACL rules" - type = list(map(string)) - - default = [ - { - rule_number = 100 - rule_action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_block = "0.0.0.0/0" - }, - ] -} - -variable "manage_default_security_group" { - description = "Should be true to adopt and manage default security group" - type = bool - default = false -} - -variable "default_security_group_name" { - description = "Name to be used on the default security group" - type = string - default = "default" -} - -variable "default_security_group_ingress" { - description = "List of maps of ingress rules to set on the default security group" - type = list(map(string)) - default = null -} - -variable "enable_flow_log" { - description = "Whether or not to enable VPC Flow Logs" - type = bool - default = false -} - -variable "default_security_group_egress" { - description = "List of maps of egress rules to set on the default security group" - type = list(map(string)) - default = null -} - -variable "default_security_group_tags" { - description = "Additional tags for the default security group" - type = map(string) - default = {} -} - -variable "create_flow_log_cloudwatch_log_group" { - description = "Whether to create CloudWatch log group for VPC Flow Logs" - type = bool - default = false -} - -variable "create_flow_log_cloudwatch_iam_role" { - description = "Whether to create IAM role for VPC Flow Logs" - type = bool - default = false -} - -variable "flow_log_traffic_type" { - description = "The type of traffic to capture. Valid values: ACCEPT, REJECT, ALL." - type = string - default = "ALL" -} - -variable "flow_log_destination_type" { - description = "Type of flow log destination. Can be s3 or cloud-watch-logs." - type = string - default = "cloud-watch-logs" -} - -variable "flow_log_log_format" { - description = "The fields to include in the flow log record, in the order in which they should appear." - type = string - default = null -} - -variable "flow_log_destination_arn" { - description = "The ARN of the CloudWatch log group or S3 bucket where VPC Flow Logs will be pushed. If this ARN is a S3 bucket the appropriate permissions need to be set on that bucket's policy. When create_flow_log_cloudwatch_log_group is set to false this argument must be provided." - type = string - default = "" -} - -variable "flow_log_cloudwatch_iam_role_arn" { - description = "The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group. When flow_log_destination_arn is set to ARN of Cloudwatch Logs, this argument needs to be provided." - type = string - default = "" -} - -variable "flow_log_cloudwatch_log_group_name_prefix" { - description = "Specifies the name prefix of CloudWatch Log Group for VPC flow logs." - type = string - default = "/aws/vpc-flow-log/" -} - -variable "flow_log_cloudwatch_log_group_retention_in_days" { - description = "Specifies the number of days you want to retain log events in the specified log group for VPC flow logs." - type = number - default = null -} - -variable "flow_log_cloudwatch_log_group_kms_key_id" { - description = "The ARN of the KMS Key to use when encrypting log data for VPC flow logs." - type = string - default = null -} - -variable "flow_log_max_aggregation_interval" { - description = "The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: `60` seconds or `600` seconds." - type = number - default = 600 -} - -variable "create_igw" { - description = "Controls if an Internet Gateway is created for public subnets and the related routes that connect them." - type = bool - default = true -} - -variable "create_egress_only_igw" { - description = "Controls if an Egress Only Internet Gateway is created and its related routes." - type = bool - default = true -} - -variable "outpost_arn" { - description = "ARN of Outpost you want to create a subnet in." - type = string - default = null -} - -variable "outpost_az" { - description = "AZ where Outpost is anchored." - type = string - default = null -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/modules/aws-vpc/versions.tf b/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/modules/aws-vpc/versions.tf deleted file mode 100644 index dc46f697..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/modules/aws-vpc/versions.tf +++ /dev/null @@ -1,10 +0,0 @@ -terraform { - required_version = ">= 0.12.26" - - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 3.15" - } - } -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/modules/aws-vpc/vpc-flow-logs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/modules/aws-vpc/vpc-flow-logs.tf deleted file mode 100644 index c478748b..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/modules/aws-vpc/vpc-flow-logs.tf +++ /dev/null @@ -1,100 +0,0 @@ -locals { - # Only create flow log if user selected to create a VPC as well - enable_flow_log = var.create_vpc && var.enable_flow_log - - create_flow_log_cloudwatch_iam_role = local.enable_flow_log && var.flow_log_destination_type != "s3" && var.create_flow_log_cloudwatch_iam_role - create_flow_log_cloudwatch_log_group = local.enable_flow_log && var.flow_log_destination_type != "s3" && var.create_flow_log_cloudwatch_log_group - - flow_log_destination_arn = local.create_flow_log_cloudwatch_log_group ? aws_cloudwatch_log_group.flow_log[0].arn : var.flow_log_destination_arn - flow_log_iam_role_arn = var.flow_log_destination_type != "s3" && local.create_flow_log_cloudwatch_iam_role ? aws_iam_role.vpc_flow_log_cloudwatch[0].arn : var.flow_log_cloudwatch_iam_role_arn -} - -################################################################################ -# Flow Log -################################################################################ - -resource "aws_flow_log" "this" { - count = local.enable_flow_log ? 1 : 0 - - log_destination_type = var.flow_log_destination_type - log_destination = local.flow_log_destination_arn - log_format = var.flow_log_log_format - iam_role_arn = local.flow_log_iam_role_arn - traffic_type = var.flow_log_traffic_type - vpc_id = local.vpc_id - max_aggregation_interval = var.flow_log_max_aggregation_interval - - tags = merge(var.tags, var.vpc_flow_log_tags) -} - -################################################################################ -# Flow Log CloudWatch -################################################################################ - -resource "aws_cloudwatch_log_group" "flow_log" { - count = local.create_flow_log_cloudwatch_log_group ? 1 : 0 - - name = "${var.flow_log_cloudwatch_log_group_name_prefix}${local.vpc_id}" - retention_in_days = var.flow_log_cloudwatch_log_group_retention_in_days - kms_key_id = var.flow_log_cloudwatch_log_group_kms_key_id - - tags = merge(var.tags, var.vpc_flow_log_tags) -} - -resource "aws_iam_role" "vpc_flow_log_cloudwatch" { - count = local.create_flow_log_cloudwatch_iam_role ? 1 : 0 - - name_prefix = "vpc-flow-log-role-" - assume_role_policy = data.aws_iam_policy_document.flow_log_cloudwatch_assume_role[0].json - permissions_boundary = var.vpc_flow_log_permissions_boundary - - tags = merge(var.tags, var.vpc_flow_log_tags) -} - -data "aws_iam_policy_document" "flow_log_cloudwatch_assume_role" { - count = local.create_flow_log_cloudwatch_iam_role ? 1 : 0 - - statement { - principals { - type = "Service" - identifiers = ["vpc-flow-logs.amazonaws.com"] - } - - effect = "Allow" - - actions = ["sts:AssumeRole"] - } -} - -resource "aws_iam_role_policy_attachment" "vpc_flow_log_cloudwatch" { - count = local.create_flow_log_cloudwatch_iam_role ? 1 : 0 - - role = aws_iam_role.vpc_flow_log_cloudwatch[0].name - policy_arn = aws_iam_policy.vpc_flow_log_cloudwatch[0].arn -} - -resource "aws_iam_policy" "vpc_flow_log_cloudwatch" { - count = local.create_flow_log_cloudwatch_iam_role ? 1 : 0 - - name_prefix = "vpc-flow-log-to-cloudwatch-" - policy = data.aws_iam_policy_document.vpc_flow_log_cloudwatch[0].json -} - -data "aws_iam_policy_document" "vpc_flow_log_cloudwatch" { - count = local.create_flow_log_cloudwatch_iam_role ? 1 : 0 - - statement { - sid = "AWSVPCFlowLogsPushToCloudWatch" - - effect = "Allow" - - actions = [ - "logs:CreateLogStream", - "logs:PutLogEvents", - "logs:DescribeLogGroups", - "logs:DescribeLogStreams", - ] - - resources = ["*"] - } -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/terraform.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/terraform.tfvars deleted file mode 100644 index d423925d..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/terraform.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# Generic Variables -aws_region = "us-east-1" -environment = "stag" -business_divsion = "HR" - - - - - - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/vpc.auto.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/vpc.auto.tfvars deleted file mode 100644 index fc45bf29..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/backup-terraform-manifests/vpc.auto.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# VPC Variables -vpc_name = "myvpc" -vpc_cidr_block = "10.0.0.0/16" -vpc_availability_zones = ["us-east-1a", "us-east-1b"] -vpc_public_subnets = ["10.0.101.0/24", "10.0.102.0/24"] -vpc_private_subnets = ["10.0.1.0/24", "10.0.2.0/24"] -vpc_database_subnets= ["10.0.151.0/24", "10.0.152.0/24"] -vpc_create_database_subnet_group = true -vpc_create_database_subnet_route_table = true -vpc_enable_nat_gateway = true -vpc_single_nat_gateway = true \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/c1-versions.tf b/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/c1-versions.tf deleted file mode 100644 index 62b1ce4e..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/c1-versions.tf +++ /dev/null @@ -1,20 +0,0 @@ -# Terraform Block -terraform { - required_version = ">= 1.0" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 3.0" - } - } -} - -# Provider Block -provider "aws" { - region = var.aws_region - profile = "default" -} -/* -Note-1: AWS Credentials Profile (profile = "default") configured on your local desktop terminal -$HOME/.aws/credentials -*/ diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/c2-generic-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/c2-generic-variables.tf deleted file mode 100644 index 4f6d813e..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/c2-generic-variables.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Input Variables -# AWS Region -variable "aws_region" { - description = "Region in which AWS Resources to be created" - type = string - default = "us-east-1" -} -# Environment Variable -variable "environment" { - description = "Environment Variable used as a prefix" - type = string - default = "dev" -} -# Business Division -variable "business_divsion" { - description = "Business Division in the large organization this Infrastructure belongs" - type = string - default = "SAP" -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/c3-local-values.tf b/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/c3-local-values.tf deleted file mode 100644 index 9465b846..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/c3-local-values.tf +++ /dev/null @@ -1,11 +0,0 @@ -# Define Local Values in Terraform -locals { - owners = var.business_divsion - environment = var.environment - name = "${var.business_divsion}-${var.environment}" - #name = "${local.owners}-${local.environment}" - common_tags = { - owners = local.owners - environment = local.environment - } -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/c4-01-vpc-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/c4-01-vpc-variables.tf deleted file mode 100644 index b68d0a48..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/c4-01-vpc-variables.tf +++ /dev/null @@ -1,77 +0,0 @@ -# VPC Input Variables - -# VPC Name -variable "vpc_name" { - description = "VPC Name" - type = string - default = "myvpc" -} - -# VPC CIDR Block -variable "vpc_cidr_block" { - description = "VPC CIDR Block" - type = string - default = "10.0.0.0/16" -} - -# VPC Availability Zones -variable "vpc_availability_zones" { - description = "VPC Availability Zones" - type = list(string) - default = ["us-east-1a", "us-east-1b"] -} - -# VPC Public Subnets -variable "vpc_public_subnets" { - description = "VPC Public Subnets" - type = list(string) - default = ["10.0.101.0/24", "10.0.102.0/24"] -} - -# VPC Private Subnets -variable "vpc_private_subnets" { - description = "VPC Private Subnets" - type = list(string) - default = ["10.0.1.0/24", "10.0.2.0/24"] -} - -# VPC Database Subnets -variable "vpc_database_subnets" { - description = "VPC Database Subnets" - type = list(string) - default = ["10.0.151.0/24", "10.0.152.0/24"] -} - -# VPC Create Database Subnet Group (True / False) -variable "vpc_create_database_subnet_group" { - description = "VPC Create Database Subnet Group" - type = bool - default = true -} - -# VPC Create Database Subnet Route Table (True or False) -variable "vpc_create_database_subnet_route_table" { - description = "VPC Create Database Subnet Route Table" - type = bool - default = true -} - - -# VPC Enable NAT Gateway (True or False) -variable "vpc_enable_nat_gateway" { - description = "Enable NAT Gateways for Private Subnets Outbound Communication" - type = bool - default = true -} - -# VPC Single NAT Gateway (True or False) -variable "vpc_single_nat_gateway" { - description = "Enable only single NAT Gateway in one Availability Zone to save costs during our demos" - type = bool - default = true -} - - - - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/c4-02-vpc-module.tf b/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/c4-02-vpc-module.tf deleted file mode 100644 index 7c60b13c..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/c4-02-vpc-module.tf +++ /dev/null @@ -1,43 +0,0 @@ -# Create VPC Terraform Module -module "vpc" { - source = "./modules/aws-vpc" - #version = "2.78.0" - #version = "~> 2.78" - - # VPC Basic Details - name = "${local.name}-${var.vpc_name}" - cidr = var.vpc_cidr_block - azs = var.vpc_availability_zones - public_subnets = var.vpc_public_subnets - private_subnets = var.vpc_private_subnets - - # Database Subnets - database_subnets = var.vpc_database_subnets - create_database_subnet_group = var.vpc_create_database_subnet_group - create_database_subnet_route_table = var.vpc_create_database_subnet_route_table - # create_database_internet_gateway_route = true - # create_database_nat_gateway_route = true - - # NAT Gateways - Outbound Communication - enable_nat_gateway = var.vpc_enable_nat_gateway - single_nat_gateway = var.vpc_single_nat_gateway - - # VPC DNS Parameters - enable_dns_hostnames = true - enable_dns_support = true - - - tags = local.common_tags - vpc_tags = local.common_tags - - # Additional Tags to Subnets - public_subnet_tags = { - Type = "Public Subnets" - } - private_subnet_tags = { - Type = "Private Subnets" - } - database_subnet_tags = { - Type = "Private Database Subnets" - } -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/c4-03-vpc-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/c4-03-vpc-outputs.tf deleted file mode 100644 index c144e991..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/c4-03-vpc-outputs.tf +++ /dev/null @@ -1,37 +0,0 @@ -# VPC Output Values - -# VPC ID -output "vpc_id" { - description = "The ID of the VPC" - value = module.vpc.vpc_id -} - -# VPC CIDR blocks -output "vpc_cidr_block" { - description = "The CIDR block of the VPC" - value = module.vpc.vpc_cidr_block -} - -# VPC Private Subnets -output "private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc.private_subnets -} - -# VPC Public Subnets -output "public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc.public_subnets -} - -# VPC NAT gateway Public IP -output "nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_public_ips -} - -# VPC AZs -output "azs" { - description = "A list of availability zones spefified as argument to this module" - value = module.vpc.azs -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/.gitignore b/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/.gitignore deleted file mode 100644 index 397af322..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/.gitignore +++ /dev/null @@ -1,29 +0,0 @@ -# Local .terraform directories -**/.terraform/* - -# Terraform lockfile -.terraform.lock.hcl - -# .tfstate files -*.tfstate -*.tfstate.* - -# Crash log files -crash.log - -# Exclude all .tfvars files, which are likely to contain sentitive data, such as -# password, private keys, and other secrets. These should not be part of version -# control as they are data points which are potentially sensitive and subject -# to change depending on the environment. -*.tfvars - -# Ignore override files as they are usually used to override resources locally and so -# are not checked in -override.tf -override.tf.json -*_override.tf -*_override.tf.json - -# Ignore CLI configuration files -.terraformrc -terraform.rc diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/README.md b/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/README.md deleted file mode 100644 index 0bc50a8e..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/README.md +++ /dev/null @@ -1,7 +0,0 @@ -# AWS VPC Terraform module - -## Authors -Module is maintained by [Anton Babenko](https://github.com/antonbabenko) with help from [these awesome contributors](https://github.com/terraform-aws-modules/terraform-aws-vpc/graphs/contributors). - -## License -Apache 2 Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/LICENSE) for full details. diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/main.tf b/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/main.tf deleted file mode 100644 index a6d75a83..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/main.tf +++ /dev/null @@ -1,1315 +0,0 @@ -locals { - max_subnet_length = max( - length(var.private_subnets), - length(var.elasticache_subnets), - length(var.database_subnets), - length(var.redshift_subnets), - ) - nat_gateway_count = var.single_nat_gateway ? 1 : var.one_nat_gateway_per_az ? length(var.azs) : local.max_subnet_length - - # Use `local.vpc_id` to give a hint to Terraform that subnets should be deleted before secondary CIDR blocks can be free! - vpc_id = element( - concat( - aws_vpc_ipv4_cidr_block_association.this.*.vpc_id, - aws_vpc.this.*.id, - [""], - ), - 0, - ) -} - -################################################################################ -# VPC -################################################################################ - -resource "aws_vpc" "this" { - count = var.create_vpc ? 1 : 0 - - cidr_block = var.cidr - instance_tenancy = var.instance_tenancy - enable_dns_hostnames = var.enable_dns_hostnames - enable_dns_support = var.enable_dns_support - enable_classiclink = var.enable_classiclink - enable_classiclink_dns_support = var.enable_classiclink_dns_support - assign_generated_ipv6_cidr_block = var.enable_ipv6 - - tags = merge( - { - "Name" = format("%s", var.name) - }, - var.tags, - var.vpc_tags, - ) -} - -resource "aws_vpc_ipv4_cidr_block_association" "this" { - count = var.create_vpc && length(var.secondary_cidr_blocks) > 0 ? length(var.secondary_cidr_blocks) : 0 - - vpc_id = aws_vpc.this[0].id - - cidr_block = element(var.secondary_cidr_blocks, count.index) -} - -resource "aws_default_security_group" "this" { - count = var.create_vpc && var.manage_default_security_group ? 1 : 0 - - vpc_id = aws_vpc.this[0].id - - dynamic "ingress" { - for_each = var.default_security_group_ingress - content { - self = lookup(ingress.value, "self", null) - cidr_blocks = compact(split(",", lookup(ingress.value, "cidr_blocks", ""))) - ipv6_cidr_blocks = compact(split(",", lookup(ingress.value, "ipv6_cidr_blocks", ""))) - prefix_list_ids = compact(split(",", lookup(ingress.value, "prefix_list_ids", ""))) - security_groups = compact(split(",", lookup(ingress.value, "security_groups", ""))) - description = lookup(ingress.value, "description", null) - from_port = lookup(ingress.value, "from_port", 0) - to_port = lookup(ingress.value, "to_port", 0) - protocol = lookup(ingress.value, "protocol", "-1") - } - } - - dynamic "egress" { - for_each = var.default_security_group_egress - content { - self = lookup(egress.value, "self", null) - cidr_blocks = compact(split(",", lookup(egress.value, "cidr_blocks", ""))) - ipv6_cidr_blocks = compact(split(",", lookup(egress.value, "ipv6_cidr_blocks", ""))) - prefix_list_ids = compact(split(",", lookup(egress.value, "prefix_list_ids", ""))) - security_groups = compact(split(",", lookup(egress.value, "security_groups", ""))) - description = lookup(egress.value, "description", null) - from_port = lookup(egress.value, "from_port", 0) - to_port = lookup(egress.value, "to_port", 0) - protocol = lookup(egress.value, "protocol", "-1") - } - } - - tags = merge( - { - "Name" = format("%s", var.default_security_group_name) - }, - var.tags, - var.default_security_group_tags, - ) -} - -################################################################################ -# DHCP Options Set -################################################################################ - -resource "aws_vpc_dhcp_options" "this" { - count = var.create_vpc && var.enable_dhcp_options ? 1 : 0 - - domain_name = var.dhcp_options_domain_name - domain_name_servers = var.dhcp_options_domain_name_servers - ntp_servers = var.dhcp_options_ntp_servers - netbios_name_servers = var.dhcp_options_netbios_name_servers - netbios_node_type = var.dhcp_options_netbios_node_type - - tags = merge( - { - "Name" = format("%s", var.name) - }, - var.tags, - var.dhcp_options_tags, - ) -} - -resource "aws_vpc_dhcp_options_association" "this" { - count = var.create_vpc && var.enable_dhcp_options ? 1 : 0 - - vpc_id = local.vpc_id - dhcp_options_id = aws_vpc_dhcp_options.this[0].id -} - -################################################################################ -# Internet Gateway -################################################################################ - -resource "aws_internet_gateway" "this" { - count = var.create_vpc && var.create_igw && length(var.public_subnets) > 0 ? 1 : 0 - - vpc_id = local.vpc_id - - tags = merge( - { - "Name" = format("%s", var.name) - }, - var.tags, - var.igw_tags, - ) -} - -resource "aws_egress_only_internet_gateway" "this" { - count = var.create_vpc && var.create_egress_only_igw && var.enable_ipv6 && local.max_subnet_length > 0 ? 1 : 0 - - vpc_id = local.vpc_id - - tags = merge( - { - "Name" = format("%s", var.name) - }, - var.tags, - var.igw_tags, - ) -} - -################################################################################ -# Default route -################################################################################ - -resource "aws_default_route_table" "default" { - count = var.create_vpc && var.manage_default_route_table ? 1 : 0 - - default_route_table_id = aws_vpc.this[0].default_route_table_id - propagating_vgws = var.default_route_table_propagating_vgws - - dynamic "route" { - for_each = var.default_route_table_routes - content { - # One of the following destinations must be provided - cidr_block = route.value.cidr_block - ipv6_cidr_block = lookup(route.value, "ipv6_cidr_block", null) - - # One of the following targets must be provided - egress_only_gateway_id = lookup(route.value, "egress_only_gateway_id", null) - gateway_id = lookup(route.value, "gateway_id", null) - instance_id = lookup(route.value, "instance_id", null) - nat_gateway_id = lookup(route.value, "nat_gateway_id", null) - network_interface_id = lookup(route.value, "network_interface_id", null) - transit_gateway_id = lookup(route.value, "transit_gateway_id", null) - vpc_endpoint_id = lookup(route.value, "vpc_endpoint_id", null) - vpc_peering_connection_id = lookup(route.value, "vpc_peering_connection_id", null) - } - } - - tags = merge( - { "Name" = var.name }, - var.tags, - var.default_route_table_tags, - ) -} - -################################################################################ -# Publiс routes -################################################################################ - -resource "aws_route_table" "public" { - count = var.create_vpc && length(var.public_subnets) > 0 ? 1 : 0 - - vpc_id = local.vpc_id - - tags = merge( - { - "Name" = format("%s-${var.public_subnet_suffix}", var.name) - }, - var.tags, - var.public_route_table_tags, - ) -} - -resource "aws_route" "public_internet_gateway" { - count = var.create_vpc && var.create_igw && length(var.public_subnets) > 0 ? 1 : 0 - - route_table_id = aws_route_table.public[0].id - destination_cidr_block = "0.0.0.0/0" - gateway_id = aws_internet_gateway.this[0].id - - timeouts { - create = "5m" - } -} - -resource "aws_route" "public_internet_gateway_ipv6" { - count = var.create_vpc && var.create_igw && var.enable_ipv6 && length(var.public_subnets) > 0 ? 1 : 0 - - route_table_id = aws_route_table.public[0].id - destination_ipv6_cidr_block = "::/0" - gateway_id = aws_internet_gateway.this[0].id -} - -################################################################################ -# Private routes -# There are as many routing tables as the number of NAT gateways -################################################################################ - -resource "aws_route_table" "private" { - count = var.create_vpc && local.max_subnet_length > 0 ? local.nat_gateway_count : 0 - - vpc_id = local.vpc_id - - tags = merge( - { - "Name" = var.single_nat_gateway ? "${var.name}-${var.private_subnet_suffix}" : format( - "%s-${var.private_subnet_suffix}-%s", - var.name, - element(var.azs, count.index), - ) - }, - var.tags, - var.private_route_table_tags, - ) -} - -################################################################################ -# Database routes -################################################################################ - -resource "aws_route_table" "database" { - count = var.create_vpc && var.create_database_subnet_route_table && length(var.database_subnets) > 0 ? var.single_nat_gateway || var.create_database_internet_gateway_route ? 1 : length(var.database_subnets) : 0 - - vpc_id = local.vpc_id - - tags = merge( - { - "Name" = var.single_nat_gateway || var.create_database_internet_gateway_route ? "${var.name}-${var.database_subnet_suffix}" : format( - "%s-${var.database_subnet_suffix}-%s", - var.name, - element(var.azs, count.index), - ) - }, - var.tags, - var.database_route_table_tags, - ) -} - -resource "aws_route" "database_internet_gateway" { - count = var.create_vpc && var.create_igw && var.create_database_subnet_route_table && length(var.database_subnets) > 0 && var.create_database_internet_gateway_route && false == var.create_database_nat_gateway_route ? 1 : 0 - - route_table_id = aws_route_table.database[0].id - destination_cidr_block = "0.0.0.0/0" - gateway_id = aws_internet_gateway.this[0].id - - timeouts { - create = "5m" - } -} - -resource "aws_route" "database_nat_gateway" { - count = var.create_vpc && var.create_database_subnet_route_table && length(var.database_subnets) > 0 && false == var.create_database_internet_gateway_route && var.create_database_nat_gateway_route && var.enable_nat_gateway ? var.single_nat_gateway ? 1 : length(var.database_subnets) : 0 - - route_table_id = element(aws_route_table.database.*.id, count.index) - destination_cidr_block = "0.0.0.0/0" - nat_gateway_id = element(aws_nat_gateway.this.*.id, count.index) - - timeouts { - create = "5m" - } -} - -resource "aws_route" "database_ipv6_egress" { - count = var.create_vpc && var.create_egress_only_igw && var.enable_ipv6 && var.create_database_subnet_route_table && length(var.database_subnets) > 0 && var.create_database_internet_gateway_route ? 1 : 0 - - route_table_id = aws_route_table.database[0].id - destination_ipv6_cidr_block = "::/0" - egress_only_gateway_id = aws_egress_only_internet_gateway.this[0].id - - timeouts { - create = "5m" - } -} - -################################################################################ -# Redshift routes -################################################################################ - -resource "aws_route_table" "redshift" { - count = var.create_vpc && var.create_redshift_subnet_route_table && length(var.redshift_subnets) > 0 ? 1 : 0 - - vpc_id = local.vpc_id - - tags = merge( - { - "Name" = "${var.name}-${var.redshift_subnet_suffix}" - }, - var.tags, - var.redshift_route_table_tags, - ) -} - -################################################################################ -# Elasticache routes -################################################################################ - -resource "aws_route_table" "elasticache" { - count = var.create_vpc && var.create_elasticache_subnet_route_table && length(var.elasticache_subnets) > 0 ? 1 : 0 - - vpc_id = local.vpc_id - - tags = merge( - { - "Name" = "${var.name}-${var.elasticache_subnet_suffix}" - }, - var.tags, - var.elasticache_route_table_tags, - ) -} - -################################################################################ -# Intra routes -################################################################################ - -resource "aws_route_table" "intra" { - count = var.create_vpc && length(var.intra_subnets) > 0 ? 1 : 0 - - vpc_id = local.vpc_id - - tags = merge( - { - "Name" = "${var.name}-${var.intra_subnet_suffix}" - }, - var.tags, - var.intra_route_table_tags, - ) -} - -################################################################################ -# Public subnet -################################################################################ - -resource "aws_subnet" "public" { - count = var.create_vpc && length(var.public_subnets) > 0 && (false == var.one_nat_gateway_per_az || length(var.public_subnets) >= length(var.azs)) ? length(var.public_subnets) : 0 - - vpc_id = local.vpc_id - cidr_block = element(concat(var.public_subnets, [""]), count.index) - availability_zone = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) > 0 ? element(var.azs, count.index) : null - availability_zone_id = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) == 0 ? element(var.azs, count.index) : null - map_public_ip_on_launch = var.map_public_ip_on_launch - assign_ipv6_address_on_creation = var.public_subnet_assign_ipv6_address_on_creation == null ? var.assign_ipv6_address_on_creation : var.public_subnet_assign_ipv6_address_on_creation - - ipv6_cidr_block = var.enable_ipv6 && length(var.public_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.public_subnet_ipv6_prefixes[count.index]) : null - - tags = merge( - { - "Name" = format( - "%s-${var.public_subnet_suffix}-%s", - var.name, - element(var.azs, count.index), - ) - }, - var.tags, - var.public_subnet_tags, - ) -} - -################################################################################ -# Private subnet -################################################################################ - -resource "aws_subnet" "private" { - count = var.create_vpc && length(var.private_subnets) > 0 ? length(var.private_subnets) : 0 - - vpc_id = local.vpc_id - cidr_block = var.private_subnets[count.index] - availability_zone = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) > 0 ? element(var.azs, count.index) : null - availability_zone_id = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) == 0 ? element(var.azs, count.index) : null - assign_ipv6_address_on_creation = var.private_subnet_assign_ipv6_address_on_creation == null ? var.assign_ipv6_address_on_creation : var.private_subnet_assign_ipv6_address_on_creation - - ipv6_cidr_block = var.enable_ipv6 && length(var.private_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.private_subnet_ipv6_prefixes[count.index]) : null - - tags = merge( - { - "Name" = format( - "%s-${var.private_subnet_suffix}-%s", - var.name, - element(var.azs, count.index), - ) - }, - var.tags, - var.private_subnet_tags, - ) -} - -################################################################################ -# Outpost subnet -################################################################################ - -resource "aws_subnet" "outpost" { - count = var.create_vpc && length(var.outpost_subnets) > 0 ? length(var.outpost_subnets) : 0 - - vpc_id = local.vpc_id - cidr_block = var.outpost_subnets[count.index] - availability_zone = var.outpost_az - assign_ipv6_address_on_creation = var.outpost_subnet_assign_ipv6_address_on_creation == null ? var.assign_ipv6_address_on_creation : var.outpost_subnet_assign_ipv6_address_on_creation - - ipv6_cidr_block = var.enable_ipv6 && length(var.outpost_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.outpost_subnet_ipv6_prefixes[count.index]) : null - - outpost_arn = var.outpost_arn - - tags = merge( - { - "Name" = format( - "%s-${var.outpost_subnet_suffix}-%s", - var.name, - var.outpost_az, - ) - }, - var.tags, - var.outpost_subnet_tags, - ) -} - -################################################################################ -# Database subnet -################################################################################ - -resource "aws_subnet" "database" { - count = var.create_vpc && length(var.database_subnets) > 0 ? length(var.database_subnets) : 0 - - vpc_id = local.vpc_id - cidr_block = var.database_subnets[count.index] - availability_zone = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) > 0 ? element(var.azs, count.index) : null - availability_zone_id = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) == 0 ? element(var.azs, count.index) : null - assign_ipv6_address_on_creation = var.database_subnet_assign_ipv6_address_on_creation == null ? var.assign_ipv6_address_on_creation : var.database_subnet_assign_ipv6_address_on_creation - - ipv6_cidr_block = var.enable_ipv6 && length(var.database_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.database_subnet_ipv6_prefixes[count.index]) : null - - tags = merge( - { - "Name" = format( - "%s-${var.database_subnet_suffix}-%s", - var.name, - element(var.azs, count.index), - ) - }, - var.tags, - var.database_subnet_tags, - ) -} - -resource "aws_db_subnet_group" "database" { - count = var.create_vpc && length(var.database_subnets) > 0 && var.create_database_subnet_group ? 1 : 0 - - name = lower(var.name) - description = "Database subnet group for ${var.name}" - subnet_ids = aws_subnet.database.*.id - - tags = merge( - { - "Name" = format("%s", var.name) - }, - var.tags, - var.database_subnet_group_tags, - ) -} - -################################################################################ -# Redshift subnet -################################################################################ - -resource "aws_subnet" "redshift" { - count = var.create_vpc && length(var.redshift_subnets) > 0 ? length(var.redshift_subnets) : 0 - - vpc_id = local.vpc_id - cidr_block = var.redshift_subnets[count.index] - availability_zone = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) > 0 ? element(var.azs, count.index) : null - availability_zone_id = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) == 0 ? element(var.azs, count.index) : null - assign_ipv6_address_on_creation = var.redshift_subnet_assign_ipv6_address_on_creation == null ? var.assign_ipv6_address_on_creation : var.redshift_subnet_assign_ipv6_address_on_creation - - ipv6_cidr_block = var.enable_ipv6 && length(var.redshift_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.redshift_subnet_ipv6_prefixes[count.index]) : null - - tags = merge( - { - "Name" = format( - "%s-${var.redshift_subnet_suffix}-%s", - var.name, - element(var.azs, count.index), - ) - }, - var.tags, - var.redshift_subnet_tags, - ) -} - -resource "aws_redshift_subnet_group" "redshift" { - count = var.create_vpc && length(var.redshift_subnets) > 0 && var.create_redshift_subnet_group ? 1 : 0 - - name = lower(var.name) - description = "Redshift subnet group for ${var.name}" - subnet_ids = aws_subnet.redshift.*.id - - tags = merge( - { - "Name" = format("%s", var.name) - }, - var.tags, - var.redshift_subnet_group_tags, - ) -} - -################################################################################ -# ElastiCache subnet -################################################################################ - -resource "aws_subnet" "elasticache" { - count = var.create_vpc && length(var.elasticache_subnets) > 0 ? length(var.elasticache_subnets) : 0 - - vpc_id = local.vpc_id - cidr_block = var.elasticache_subnets[count.index] - availability_zone = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) > 0 ? element(var.azs, count.index) : null - availability_zone_id = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) == 0 ? element(var.azs, count.index) : null - assign_ipv6_address_on_creation = var.elasticache_subnet_assign_ipv6_address_on_creation == null ? var.assign_ipv6_address_on_creation : var.elasticache_subnet_assign_ipv6_address_on_creation - - ipv6_cidr_block = var.enable_ipv6 && length(var.elasticache_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.elasticache_subnet_ipv6_prefixes[count.index]) : null - - tags = merge( - { - "Name" = format( - "%s-${var.elasticache_subnet_suffix}-%s", - var.name, - element(var.azs, count.index), - ) - }, - var.tags, - var.elasticache_subnet_tags, - ) -} - -resource "aws_elasticache_subnet_group" "elasticache" { - count = var.create_vpc && length(var.elasticache_subnets) > 0 && var.create_elasticache_subnet_group ? 1 : 0 - - name = var.name - description = "ElastiCache subnet group for ${var.name}" - subnet_ids = aws_subnet.elasticache.*.id -} - -################################################################################ -# Intra subnets - private subnet without NAT gateway -################################################################################ - -resource "aws_subnet" "intra" { - count = var.create_vpc && length(var.intra_subnets) > 0 ? length(var.intra_subnets) : 0 - - vpc_id = local.vpc_id - cidr_block = var.intra_subnets[count.index] - availability_zone = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) > 0 ? element(var.azs, count.index) : null - availability_zone_id = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) == 0 ? element(var.azs, count.index) : null - assign_ipv6_address_on_creation = var.intra_subnet_assign_ipv6_address_on_creation == null ? var.assign_ipv6_address_on_creation : var.intra_subnet_assign_ipv6_address_on_creation - - ipv6_cidr_block = var.enable_ipv6 && length(var.intra_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.intra_subnet_ipv6_prefixes[count.index]) : null - - tags = merge( - { - "Name" = format( - "%s-${var.intra_subnet_suffix}-%s", - var.name, - element(var.azs, count.index), - ) - }, - var.tags, - var.intra_subnet_tags, - ) -} - -################################################################################ -# Default Network ACLs -################################################################################ - -resource "aws_default_network_acl" "this" { - count = var.create_vpc && var.manage_default_network_acl ? 1 : 0 - - default_network_acl_id = element(concat(aws_vpc.this.*.default_network_acl_id, [""]), 0) - - # The value of subnet_ids should be any subnet IDs that are not set as subnet_ids - # for any of the non-default network ACLs - subnet_ids = setsubtract( - compact(flatten([ - aws_subnet.public.*.id, - aws_subnet.private.*.id, - aws_subnet.intra.*.id, - aws_subnet.database.*.id, - aws_subnet.redshift.*.id, - aws_subnet.elasticache.*.id, - aws_subnet.outpost.*.id, - ])), - compact(flatten([ - aws_network_acl.public.*.subnet_ids, - aws_network_acl.private.*.subnet_ids, - aws_network_acl.intra.*.subnet_ids, - aws_network_acl.database.*.subnet_ids, - aws_network_acl.redshift.*.subnet_ids, - aws_network_acl.elasticache.*.subnet_ids, - aws_network_acl.outpost.*.subnet_ids, - ])) - ) - - dynamic "ingress" { - for_each = var.default_network_acl_ingress - content { - action = ingress.value.action - cidr_block = lookup(ingress.value, "cidr_block", null) - from_port = ingress.value.from_port - icmp_code = lookup(ingress.value, "icmp_code", null) - icmp_type = lookup(ingress.value, "icmp_type", null) - ipv6_cidr_block = lookup(ingress.value, "ipv6_cidr_block", null) - protocol = ingress.value.protocol - rule_no = ingress.value.rule_no - to_port = ingress.value.to_port - } - } - dynamic "egress" { - for_each = var.default_network_acl_egress - content { - action = egress.value.action - cidr_block = lookup(egress.value, "cidr_block", null) - from_port = egress.value.from_port - icmp_code = lookup(egress.value, "icmp_code", null) - icmp_type = lookup(egress.value, "icmp_type", null) - ipv6_cidr_block = lookup(egress.value, "ipv6_cidr_block", null) - protocol = egress.value.protocol - rule_no = egress.value.rule_no - to_port = egress.value.to_port - } - } - - tags = merge( - { - "Name" = format("%s", var.default_network_acl_name) - }, - var.tags, - var.default_network_acl_tags, - ) -} - -################################################################################ -# Public Network ACLs -################################################################################ - -resource "aws_network_acl" "public" { - count = var.create_vpc && var.public_dedicated_network_acl && length(var.public_subnets) > 0 ? 1 : 0 - - vpc_id = element(concat(aws_vpc.this.*.id, [""]), 0) - subnet_ids = aws_subnet.public.*.id - - tags = merge( - { - "Name" = format("%s-${var.public_subnet_suffix}", var.name) - }, - var.tags, - var.public_acl_tags, - ) -} - -resource "aws_network_acl_rule" "public_inbound" { - count = var.create_vpc && var.public_dedicated_network_acl && length(var.public_subnets) > 0 ? length(var.public_inbound_acl_rules) : 0 - - network_acl_id = aws_network_acl.public[0].id - - egress = false - rule_number = var.public_inbound_acl_rules[count.index]["rule_number"] - rule_action = var.public_inbound_acl_rules[count.index]["rule_action"] - from_port = lookup(var.public_inbound_acl_rules[count.index], "from_port", null) - to_port = lookup(var.public_inbound_acl_rules[count.index], "to_port", null) - icmp_code = lookup(var.public_inbound_acl_rules[count.index], "icmp_code", null) - icmp_type = lookup(var.public_inbound_acl_rules[count.index], "icmp_type", null) - protocol = var.public_inbound_acl_rules[count.index]["protocol"] - cidr_block = lookup(var.public_inbound_acl_rules[count.index], "cidr_block", null) - ipv6_cidr_block = lookup(var.public_inbound_acl_rules[count.index], "ipv6_cidr_block", null) -} - -resource "aws_network_acl_rule" "public_outbound" { - count = var.create_vpc && var.public_dedicated_network_acl && length(var.public_subnets) > 0 ? length(var.public_outbound_acl_rules) : 0 - - network_acl_id = aws_network_acl.public[0].id - - egress = true - rule_number = var.public_outbound_acl_rules[count.index]["rule_number"] - rule_action = var.public_outbound_acl_rules[count.index]["rule_action"] - from_port = lookup(var.public_outbound_acl_rules[count.index], "from_port", null) - to_port = lookup(var.public_outbound_acl_rules[count.index], "to_port", null) - icmp_code = lookup(var.public_outbound_acl_rules[count.index], "icmp_code", null) - icmp_type = lookup(var.public_outbound_acl_rules[count.index], "icmp_type", null) - protocol = var.public_outbound_acl_rules[count.index]["protocol"] - cidr_block = lookup(var.public_outbound_acl_rules[count.index], "cidr_block", null) - ipv6_cidr_block = lookup(var.public_outbound_acl_rules[count.index], "ipv6_cidr_block", null) -} - -################################################################################ -# Private Network ACLs -################################################################################ - -resource "aws_network_acl" "private" { - count = var.create_vpc && var.private_dedicated_network_acl && length(var.private_subnets) > 0 ? 1 : 0 - - vpc_id = element(concat(aws_vpc.this.*.id, [""]), 0) - subnet_ids = aws_subnet.private.*.id - - tags = merge( - { - "Name" = format("%s-${var.private_subnet_suffix}", var.name) - }, - var.tags, - var.private_acl_tags, - ) -} - -resource "aws_network_acl_rule" "private_inbound" { - count = var.create_vpc && var.private_dedicated_network_acl && length(var.private_subnets) > 0 ? length(var.private_inbound_acl_rules) : 0 - - network_acl_id = aws_network_acl.private[0].id - - egress = false - rule_number = var.private_inbound_acl_rules[count.index]["rule_number"] - rule_action = var.private_inbound_acl_rules[count.index]["rule_action"] - from_port = lookup(var.private_inbound_acl_rules[count.index], "from_port", null) - to_port = lookup(var.private_inbound_acl_rules[count.index], "to_port", null) - icmp_code = lookup(var.private_inbound_acl_rules[count.index], "icmp_code", null) - icmp_type = lookup(var.private_inbound_acl_rules[count.index], "icmp_type", null) - protocol = var.private_inbound_acl_rules[count.index]["protocol"] - cidr_block = lookup(var.private_inbound_acl_rules[count.index], "cidr_block", null) - ipv6_cidr_block = lookup(var.private_inbound_acl_rules[count.index], "ipv6_cidr_block", null) -} - -resource "aws_network_acl_rule" "private_outbound" { - count = var.create_vpc && var.private_dedicated_network_acl && length(var.private_subnets) > 0 ? length(var.private_outbound_acl_rules) : 0 - - network_acl_id = aws_network_acl.private[0].id - - egress = true - rule_number = var.private_outbound_acl_rules[count.index]["rule_number"] - rule_action = var.private_outbound_acl_rules[count.index]["rule_action"] - from_port = lookup(var.private_outbound_acl_rules[count.index], "from_port", null) - to_port = lookup(var.private_outbound_acl_rules[count.index], "to_port", null) - icmp_code = lookup(var.private_outbound_acl_rules[count.index], "icmp_code", null) - icmp_type = lookup(var.private_outbound_acl_rules[count.index], "icmp_type", null) - protocol = var.private_outbound_acl_rules[count.index]["protocol"] - cidr_block = lookup(var.private_outbound_acl_rules[count.index], "cidr_block", null) - ipv6_cidr_block = lookup(var.private_outbound_acl_rules[count.index], "ipv6_cidr_block", null) -} - -################################################################################ -# Outpost Network ACLs -################################################################################ - -resource "aws_network_acl" "outpost" { - count = var.create_vpc && var.outpost_dedicated_network_acl && length(var.outpost_subnets) > 0 ? 1 : 0 - - vpc_id = element(concat(aws_vpc.this.*.id, [""]), 0) - subnet_ids = aws_subnet.outpost.*.id - - tags = merge( - { - "Name" = format("%s-${var.outpost_subnet_suffix}", var.name) - }, - var.tags, - var.outpost_acl_tags, - ) -} - -resource "aws_network_acl_rule" "outpost_inbound" { - count = var.create_vpc && var.outpost_dedicated_network_acl && length(var.outpost_subnets) > 0 ? length(var.outpost_inbound_acl_rules) : 0 - - network_acl_id = aws_network_acl.outpost[0].id - - egress = false - rule_number = var.outpost_inbound_acl_rules[count.index]["rule_number"] - rule_action = var.outpost_inbound_acl_rules[count.index]["rule_action"] - from_port = lookup(var.outpost_inbound_acl_rules[count.index], "from_port", null) - to_port = lookup(var.outpost_inbound_acl_rules[count.index], "to_port", null) - icmp_code = lookup(var.outpost_inbound_acl_rules[count.index], "icmp_code", null) - icmp_type = lookup(var.outpost_inbound_acl_rules[count.index], "icmp_type", null) - protocol = var.outpost_inbound_acl_rules[count.index]["protocol"] - cidr_block = lookup(var.outpost_inbound_acl_rules[count.index], "cidr_block", null) - ipv6_cidr_block = lookup(var.outpost_inbound_acl_rules[count.index], "ipv6_cidr_block", null) -} - -resource "aws_network_acl_rule" "outpost_outbound" { - count = var.create_vpc && var.outpost_dedicated_network_acl && length(var.outpost_subnets) > 0 ? length(var.outpost_outbound_acl_rules) : 0 - - network_acl_id = aws_network_acl.outpost[0].id - - egress = true - rule_number = var.outpost_outbound_acl_rules[count.index]["rule_number"] - rule_action = var.outpost_outbound_acl_rules[count.index]["rule_action"] - from_port = lookup(var.outpost_outbound_acl_rules[count.index], "from_port", null) - to_port = lookup(var.outpost_outbound_acl_rules[count.index], "to_port", null) - icmp_code = lookup(var.outpost_outbound_acl_rules[count.index], "icmp_code", null) - icmp_type = lookup(var.outpost_outbound_acl_rules[count.index], "icmp_type", null) - protocol = var.outpost_outbound_acl_rules[count.index]["protocol"] - cidr_block = lookup(var.outpost_outbound_acl_rules[count.index], "cidr_block", null) - ipv6_cidr_block = lookup(var.outpost_outbound_acl_rules[count.index], "ipv6_cidr_block", null) -} - -################################################################################ -# Intra Network ACLs -################################################################################ - -resource "aws_network_acl" "intra" { - count = var.create_vpc && var.intra_dedicated_network_acl && length(var.intra_subnets) > 0 ? 1 : 0 - - vpc_id = element(concat(aws_vpc.this.*.id, [""]), 0) - subnet_ids = aws_subnet.intra.*.id - - tags = merge( - { - "Name" = format("%s-${var.intra_subnet_suffix}", var.name) - }, - var.tags, - var.intra_acl_tags, - ) -} - -resource "aws_network_acl_rule" "intra_inbound" { - count = var.create_vpc && var.intra_dedicated_network_acl && length(var.intra_subnets) > 0 ? length(var.intra_inbound_acl_rules) : 0 - - network_acl_id = aws_network_acl.intra[0].id - - egress = false - rule_number = var.intra_inbound_acl_rules[count.index]["rule_number"] - rule_action = var.intra_inbound_acl_rules[count.index]["rule_action"] - from_port = lookup(var.intra_inbound_acl_rules[count.index], "from_port", null) - to_port = lookup(var.intra_inbound_acl_rules[count.index], "to_port", null) - icmp_code = lookup(var.intra_inbound_acl_rules[count.index], "icmp_code", null) - icmp_type = lookup(var.intra_inbound_acl_rules[count.index], "icmp_type", null) - protocol = var.intra_inbound_acl_rules[count.index]["protocol"] - cidr_block = lookup(var.intra_inbound_acl_rules[count.index], "cidr_block", null) - ipv6_cidr_block = lookup(var.intra_inbound_acl_rules[count.index], "ipv6_cidr_block", null) -} - -resource "aws_network_acl_rule" "intra_outbound" { - count = var.create_vpc && var.intra_dedicated_network_acl && length(var.intra_subnets) > 0 ? length(var.intra_outbound_acl_rules) : 0 - - network_acl_id = aws_network_acl.intra[0].id - - egress = true - rule_number = var.intra_outbound_acl_rules[count.index]["rule_number"] - rule_action = var.intra_outbound_acl_rules[count.index]["rule_action"] - from_port = lookup(var.intra_outbound_acl_rules[count.index], "from_port", null) - to_port = lookup(var.intra_outbound_acl_rules[count.index], "to_port", null) - icmp_code = lookup(var.intra_outbound_acl_rules[count.index], "icmp_code", null) - icmp_type = lookup(var.intra_outbound_acl_rules[count.index], "icmp_type", null) - protocol = var.intra_outbound_acl_rules[count.index]["protocol"] - cidr_block = lookup(var.intra_outbound_acl_rules[count.index], "cidr_block", null) - ipv6_cidr_block = lookup(var.intra_outbound_acl_rules[count.index], "ipv6_cidr_block", null) -} - -################################################################################ -# Database Network ACLs -################################################################################ - -resource "aws_network_acl" "database" { - count = var.create_vpc && var.database_dedicated_network_acl && length(var.database_subnets) > 0 ? 1 : 0 - - vpc_id = element(concat(aws_vpc.this.*.id, [""]), 0) - subnet_ids = aws_subnet.database.*.id - - tags = merge( - { - "Name" = format("%s-${var.database_subnet_suffix}", var.name) - }, - var.tags, - var.database_acl_tags, - ) -} - -resource "aws_network_acl_rule" "database_inbound" { - count = var.create_vpc && var.database_dedicated_network_acl && length(var.database_subnets) > 0 ? length(var.database_inbound_acl_rules) : 0 - - network_acl_id = aws_network_acl.database[0].id - - egress = false - rule_number = var.database_inbound_acl_rules[count.index]["rule_number"] - rule_action = var.database_inbound_acl_rules[count.index]["rule_action"] - from_port = lookup(var.database_inbound_acl_rules[count.index], "from_port", null) - to_port = lookup(var.database_inbound_acl_rules[count.index], "to_port", null) - icmp_code = lookup(var.database_inbound_acl_rules[count.index], "icmp_code", null) - icmp_type = lookup(var.database_inbound_acl_rules[count.index], "icmp_type", null) - protocol = var.database_inbound_acl_rules[count.index]["protocol"] - cidr_block = lookup(var.database_inbound_acl_rules[count.index], "cidr_block", null) - ipv6_cidr_block = lookup(var.database_inbound_acl_rules[count.index], "ipv6_cidr_block", null) -} - -resource "aws_network_acl_rule" "database_outbound" { - count = var.create_vpc && var.database_dedicated_network_acl && length(var.database_subnets) > 0 ? length(var.database_outbound_acl_rules) : 0 - - network_acl_id = aws_network_acl.database[0].id - - egress = true - rule_number = var.database_outbound_acl_rules[count.index]["rule_number"] - rule_action = var.database_outbound_acl_rules[count.index]["rule_action"] - from_port = lookup(var.database_outbound_acl_rules[count.index], "from_port", null) - to_port = lookup(var.database_outbound_acl_rules[count.index], "to_port", null) - icmp_code = lookup(var.database_outbound_acl_rules[count.index], "icmp_code", null) - icmp_type = lookup(var.database_outbound_acl_rules[count.index], "icmp_type", null) - protocol = var.database_outbound_acl_rules[count.index]["protocol"] - cidr_block = lookup(var.database_outbound_acl_rules[count.index], "cidr_block", null) - ipv6_cidr_block = lookup(var.database_outbound_acl_rules[count.index], "ipv6_cidr_block", null) -} - -################################################################################ -# Redshift Network ACLs -################################################################################ - -resource "aws_network_acl" "redshift" { - count = var.create_vpc && var.redshift_dedicated_network_acl && length(var.redshift_subnets) > 0 ? 1 : 0 - - vpc_id = element(concat(aws_vpc.this.*.id, [""]), 0) - subnet_ids = aws_subnet.redshift.*.id - - tags = merge( - { - "Name" = format("%s-${var.redshift_subnet_suffix}", var.name) - }, - var.tags, - var.redshift_acl_tags, - ) -} - -resource "aws_network_acl_rule" "redshift_inbound" { - count = var.create_vpc && var.redshift_dedicated_network_acl && length(var.redshift_subnets) > 0 ? length(var.redshift_inbound_acl_rules) : 0 - - network_acl_id = aws_network_acl.redshift[0].id - - egress = false - rule_number = var.redshift_inbound_acl_rules[count.index]["rule_number"] - rule_action = var.redshift_inbound_acl_rules[count.index]["rule_action"] - from_port = lookup(var.redshift_inbound_acl_rules[count.index], "from_port", null) - to_port = lookup(var.redshift_inbound_acl_rules[count.index], "to_port", null) - icmp_code = lookup(var.redshift_inbound_acl_rules[count.index], "icmp_code", null) - icmp_type = lookup(var.redshift_inbound_acl_rules[count.index], "icmp_type", null) - protocol = var.redshift_inbound_acl_rules[count.index]["protocol"] - cidr_block = lookup(var.redshift_inbound_acl_rules[count.index], "cidr_block", null) - ipv6_cidr_block = lookup(var.redshift_inbound_acl_rules[count.index], "ipv6_cidr_block", null) -} - -resource "aws_network_acl_rule" "redshift_outbound" { - count = var.create_vpc && var.redshift_dedicated_network_acl && length(var.redshift_subnets) > 0 ? length(var.redshift_outbound_acl_rules) : 0 - - network_acl_id = aws_network_acl.redshift[0].id - - egress = true - rule_number = var.redshift_outbound_acl_rules[count.index]["rule_number"] - rule_action = var.redshift_outbound_acl_rules[count.index]["rule_action"] - from_port = lookup(var.redshift_outbound_acl_rules[count.index], "from_port", null) - to_port = lookup(var.redshift_outbound_acl_rules[count.index], "to_port", null) - icmp_code = lookup(var.redshift_outbound_acl_rules[count.index], "icmp_code", null) - icmp_type = lookup(var.redshift_outbound_acl_rules[count.index], "icmp_type", null) - protocol = var.redshift_outbound_acl_rules[count.index]["protocol"] - cidr_block = lookup(var.redshift_outbound_acl_rules[count.index], "cidr_block", null) - ipv6_cidr_block = lookup(var.redshift_outbound_acl_rules[count.index], "ipv6_cidr_block", null) -} - -################################################################################ -# Elasticache Network ACLs -################################################################################ - -resource "aws_network_acl" "elasticache" { - count = var.create_vpc && var.elasticache_dedicated_network_acl && length(var.elasticache_subnets) > 0 ? 1 : 0 - - vpc_id = element(concat(aws_vpc.this.*.id, [""]), 0) - subnet_ids = aws_subnet.elasticache.*.id - - tags = merge( - { - "Name" = format("%s-${var.elasticache_subnet_suffix}", var.name) - }, - var.tags, - var.elasticache_acl_tags, - ) -} - -resource "aws_network_acl_rule" "elasticache_inbound" { - count = var.create_vpc && var.elasticache_dedicated_network_acl && length(var.elasticache_subnets) > 0 ? length(var.elasticache_inbound_acl_rules) : 0 - - network_acl_id = aws_network_acl.elasticache[0].id - - egress = false - rule_number = var.elasticache_inbound_acl_rules[count.index]["rule_number"] - rule_action = var.elasticache_inbound_acl_rules[count.index]["rule_action"] - from_port = lookup(var.elasticache_inbound_acl_rules[count.index], "from_port", null) - to_port = lookup(var.elasticache_inbound_acl_rules[count.index], "to_port", null) - icmp_code = lookup(var.elasticache_inbound_acl_rules[count.index], "icmp_code", null) - icmp_type = lookup(var.elasticache_inbound_acl_rules[count.index], "icmp_type", null) - protocol = var.elasticache_inbound_acl_rules[count.index]["protocol"] - cidr_block = lookup(var.elasticache_inbound_acl_rules[count.index], "cidr_block", null) - ipv6_cidr_block = lookup(var.elasticache_inbound_acl_rules[count.index], "ipv6_cidr_block", null) -} - -resource "aws_network_acl_rule" "elasticache_outbound" { - count = var.create_vpc && var.elasticache_dedicated_network_acl && length(var.elasticache_subnets) > 0 ? length(var.elasticache_outbound_acl_rules) : 0 - - network_acl_id = aws_network_acl.elasticache[0].id - - egress = true - rule_number = var.elasticache_outbound_acl_rules[count.index]["rule_number"] - rule_action = var.elasticache_outbound_acl_rules[count.index]["rule_action"] - from_port = lookup(var.elasticache_outbound_acl_rules[count.index], "from_port", null) - to_port = lookup(var.elasticache_outbound_acl_rules[count.index], "to_port", null) - icmp_code = lookup(var.elasticache_outbound_acl_rules[count.index], "icmp_code", null) - icmp_type = lookup(var.elasticache_outbound_acl_rules[count.index], "icmp_type", null) - protocol = var.elasticache_outbound_acl_rules[count.index]["protocol"] - cidr_block = lookup(var.elasticache_outbound_acl_rules[count.index], "cidr_block", null) - ipv6_cidr_block = lookup(var.elasticache_outbound_acl_rules[count.index], "ipv6_cidr_block", null) -} - -################################################################################ -# NAT Gateway -################################################################################ - -# Workaround for interpolation not being able to "short-circuit" the evaluation of the conditional branch that doesn't end up being used -# Source: https://github.com/hashicorp/terraform/issues/11566#issuecomment-289417805 -# -# The logical expression would be -# -# nat_gateway_ips = var.reuse_nat_ips ? var.external_nat_ip_ids : aws_eip.nat.*.id -# -# but then when count of aws_eip.nat.*.id is zero, this would throw a resource not found error on aws_eip.nat.*.id. -locals { - nat_gateway_ips = split( - ",", - var.reuse_nat_ips ? join(",", var.external_nat_ip_ids) : join(",", aws_eip.nat.*.id), - ) -} - -resource "aws_eip" "nat" { - count = var.create_vpc && var.enable_nat_gateway && false == var.reuse_nat_ips ? local.nat_gateway_count : 0 - - vpc = true - - tags = merge( - { - "Name" = format( - "%s-%s", - var.name, - element(var.azs, var.single_nat_gateway ? 0 : count.index), - ) - }, - var.tags, - var.nat_eip_tags, - ) -} - -resource "aws_nat_gateway" "this" { - count = var.create_vpc && var.enable_nat_gateway ? local.nat_gateway_count : 0 - - allocation_id = element( - local.nat_gateway_ips, - var.single_nat_gateway ? 0 : count.index, - ) - subnet_id = element( - aws_subnet.public.*.id, - var.single_nat_gateway ? 0 : count.index, - ) - - tags = merge( - { - "Name" = format( - "%s-%s", - var.name, - element(var.azs, var.single_nat_gateway ? 0 : count.index), - ) - }, - var.tags, - var.nat_gateway_tags, - ) - - depends_on = [aws_internet_gateway.this] -} - -resource "aws_route" "private_nat_gateway" { - count = var.create_vpc && var.enable_nat_gateway ? local.nat_gateway_count : 0 - - route_table_id = element(aws_route_table.private.*.id, count.index) - destination_cidr_block = "0.0.0.0/0" - nat_gateway_id = element(aws_nat_gateway.this.*.id, count.index) - - timeouts { - create = "5m" - } -} - -resource "aws_route" "private_ipv6_egress" { - count = var.create_vpc && var.create_egress_only_igw && var.enable_ipv6 ? length(var.private_subnets) : 0 - - route_table_id = element(aws_route_table.private.*.id, count.index) - destination_ipv6_cidr_block = "::/0" - egress_only_gateway_id = element(aws_egress_only_internet_gateway.this.*.id, 0) -} - -################################################################################ -# Route table association -################################################################################ - -resource "aws_route_table_association" "private" { - count = var.create_vpc && length(var.private_subnets) > 0 ? length(var.private_subnets) : 0 - - subnet_id = element(aws_subnet.private.*.id, count.index) - route_table_id = element( - aws_route_table.private.*.id, - var.single_nat_gateway ? 0 : count.index, - ) -} - -resource "aws_route_table_association" "outpost" { - count = var.create_vpc && length(var.outpost_subnets) > 0 ? length(var.outpost_subnets) : 0 - - subnet_id = element(aws_subnet.outpost.*.id, count.index) - route_table_id = element( - aws_route_table.private.*.id, - var.single_nat_gateway ? 0 : count.index, - ) -} - -resource "aws_route_table_association" "database" { - count = var.create_vpc && length(var.database_subnets) > 0 ? length(var.database_subnets) : 0 - - subnet_id = element(aws_subnet.database.*.id, count.index) - route_table_id = element( - coalescelist(aws_route_table.database.*.id, aws_route_table.private.*.id), - var.create_database_subnet_route_table ? var.single_nat_gateway || var.create_database_internet_gateway_route ? 0 : count.index : count.index, - ) -} - -resource "aws_route_table_association" "redshift" { - count = var.create_vpc && length(var.redshift_subnets) > 0 && false == var.enable_public_redshift ? length(var.redshift_subnets) : 0 - - subnet_id = element(aws_subnet.redshift.*.id, count.index) - route_table_id = element( - coalescelist(aws_route_table.redshift.*.id, aws_route_table.private.*.id), - var.single_nat_gateway || var.create_redshift_subnet_route_table ? 0 : count.index, - ) -} - -resource "aws_route_table_association" "redshift_public" { - count = var.create_vpc && length(var.redshift_subnets) > 0 && var.enable_public_redshift ? length(var.redshift_subnets) : 0 - - subnet_id = element(aws_subnet.redshift.*.id, count.index) - route_table_id = element( - coalescelist(aws_route_table.redshift.*.id, aws_route_table.public.*.id), - var.single_nat_gateway || var.create_redshift_subnet_route_table ? 0 : count.index, - ) -} - -resource "aws_route_table_association" "elasticache" { - count = var.create_vpc && length(var.elasticache_subnets) > 0 ? length(var.elasticache_subnets) : 0 - - subnet_id = element(aws_subnet.elasticache.*.id, count.index) - route_table_id = element( - coalescelist( - aws_route_table.elasticache.*.id, - aws_route_table.private.*.id, - ), - var.single_nat_gateway || var.create_elasticache_subnet_route_table ? 0 : count.index, - ) -} - -resource "aws_route_table_association" "intra" { - count = var.create_vpc && length(var.intra_subnets) > 0 ? length(var.intra_subnets) : 0 - - subnet_id = element(aws_subnet.intra.*.id, count.index) - route_table_id = element(aws_route_table.intra.*.id, 0) -} - -resource "aws_route_table_association" "public" { - count = var.create_vpc && length(var.public_subnets) > 0 ? length(var.public_subnets) : 0 - - subnet_id = element(aws_subnet.public.*.id, count.index) - route_table_id = aws_route_table.public[0].id -} - -################################################################################ -# Customer Gateways -################################################################################ - -resource "aws_customer_gateway" "this" { - for_each = var.customer_gateways - - bgp_asn = each.value["bgp_asn"] - ip_address = each.value["ip_address"] - type = "ipsec.1" - - tags = merge( - { - Name = format("%s-%s", var.name, each.key) - }, - var.tags, - var.customer_gateway_tags, - ) -} - -################################################################################ -# VPN Gateway -################################################################################ - -resource "aws_vpn_gateway" "this" { - count = var.create_vpc && var.enable_vpn_gateway ? 1 : 0 - - vpc_id = local.vpc_id - amazon_side_asn = var.amazon_side_asn - availability_zone = var.vpn_gateway_az - - tags = merge( - { - "Name" = format("%s", var.name) - }, - var.tags, - var.vpn_gateway_tags, - ) -} - -resource "aws_vpn_gateway_attachment" "this" { - count = var.vpn_gateway_id != "" ? 1 : 0 - - vpc_id = local.vpc_id - vpn_gateway_id = var.vpn_gateway_id -} - -resource "aws_vpn_gateway_route_propagation" "public" { - count = var.create_vpc && var.propagate_public_route_tables_vgw && (var.enable_vpn_gateway || var.vpn_gateway_id != "") ? 1 : 0 - - route_table_id = element(aws_route_table.public.*.id, count.index) - vpn_gateway_id = element( - concat( - aws_vpn_gateway.this.*.id, - aws_vpn_gateway_attachment.this.*.vpn_gateway_id, - ), - count.index, - ) -} - -resource "aws_vpn_gateway_route_propagation" "private" { - count = var.create_vpc && var.propagate_private_route_tables_vgw && (var.enable_vpn_gateway || var.vpn_gateway_id != "") ? length(var.private_subnets) : 0 - - route_table_id = element(aws_route_table.private.*.id, count.index) - vpn_gateway_id = element( - concat( - aws_vpn_gateway.this.*.id, - aws_vpn_gateway_attachment.this.*.vpn_gateway_id, - ), - count.index, - ) -} - -resource "aws_vpn_gateway_route_propagation" "intra" { - count = var.create_vpc && var.propagate_intra_route_tables_vgw && (var.enable_vpn_gateway || var.vpn_gateway_id != "") ? length(var.intra_subnets) : 0 - - route_table_id = element(aws_route_table.intra.*.id, count.index) - vpn_gateway_id = element( - concat( - aws_vpn_gateway.this.*.id, - aws_vpn_gateway_attachment.this.*.vpn_gateway_id, - ), - count.index, - ) -} - -################################################################################ -# Defaults -################################################################################ - -resource "aws_default_vpc" "this" { - count = var.manage_default_vpc ? 1 : 0 - - enable_dns_support = var.default_vpc_enable_dns_support - enable_dns_hostnames = var.default_vpc_enable_dns_hostnames - enable_classiclink = var.default_vpc_enable_classiclink - - tags = merge( - { - "Name" = format("%s", var.default_vpc_name) - }, - var.tags, - var.default_vpc_tags, - ) -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/modules/vpc-endpoints/README.md b/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/modules/vpc-endpoints/README.md deleted file mode 100644 index f0c45fd8..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/modules/vpc-endpoints/README.md +++ /dev/null @@ -1,96 +0,0 @@ -# AWS VPC Endpoints Terraform sub-module - -Terraform sub-module which creates VPC endpoint resources on AWS. - -## Usage - -See [`examples`](../../examples) directory for working examples to reference: - -```hcl -module "endpoints" { - source = "terraform-aws-modules/vpc/aws//modules/vpc-endpoints" - - vpc_id = "vpc-12345678" - security_group_ids = ["sg-12345678"] - - endpoints = { - s3 = { - # interface endpoint - service = "s3" - private_dns_enabled = true - tags = { Name = "s3-vpc-endpoint" } - }, - dynamodb = { - # gateway endpoint - service = "dynamodb" - route_table_ids = ["rt-12322456", "rt-43433343", "rt-11223344"] - tags = { Name = "dynamodb-vpc-endpoint" } - }, - sns = { - service = "sns" - subnet_ids = ["subnet-12345678", "subnet-87654321"] - tags = { Name = "sns-vpc-endpoint" } - }, - sqs = { - service = "sqs" - private_dns_enabled = true - security_group_ids = ["sg-987654321"] - subnet_ids = ["subnet-12345678", "subnet-87654321"] - tags = { Name = "sqs-vpc-endpoint" } - }, - } - - tags = { - Owner = "user" - Environment = "dev" - } -} -``` - -## Examples - -- [Complete-VPC](../../examples/complete-vpc) with VPC Endpoints. - - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 0.12.26 | -| [aws](#requirement\_aws) | >= 3.15 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | >= 3.15 | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [aws_vpc_endpoint.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_endpoint) | resource | -| [aws_vpc_endpoint_service.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc_endpoint_service) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [create](#input\_create) | Determines whether resources will be created | `bool` | `true` | no | -| [endpoints](#input\_endpoints) | A map of interface and/or gateway endpoints containing their properties and configurations | `any` | `{}` | no | -| [security\_group\_ids](#input\_security\_group\_ids) | Default security group IDs to associate with the VPC endpoints | `list(string)` | `[]` | no | -| [subnet\_ids](#input\_subnet\_ids) | Default subnets IDs to associate with the VPC endpoints | `list(string)` | `[]` | no | -| [tags](#input\_tags) | A map of tags to use on all resources | `map(string)` | `{}` | no | -| [timeouts](#input\_timeouts) | Define maximum timeout for creating, updating, and deleting VPC endpoint resources | `map(string)` | `{}` | no | -| [vpc\_id](#input\_vpc\_id) | The ID of the VPC in which the endpoint will be used | `string` | `null` | no | - -## Outputs - -| Name | Description | -|------|-------------| -| [endpoints](#output\_endpoints) | Array containing the full resource object and attributes for all endpoints created | - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/modules/vpc-endpoints/main.tf b/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/modules/vpc-endpoints/main.tf deleted file mode 100644 index 58b3270e..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/modules/vpc-endpoints/main.tf +++ /dev/null @@ -1,42 +0,0 @@ -locals { - endpoints = var.create ? var.endpoints : tomap({}) -} - -################################################################################ -# Endpoint(s) -################################################################################ - -data "aws_vpc_endpoint_service" "this" { - for_each = local.endpoints - - service = lookup(each.value, "service", null) - service_name = lookup(each.value, "service_name", null) - - filter { - name = "service-type" - values = [lookup(each.value, "service_type", "Interface")] - } -} - -resource "aws_vpc_endpoint" "this" { - for_each = local.endpoints - - vpc_id = var.vpc_id - service_name = data.aws_vpc_endpoint_service.this[each.key].service_name - vpc_endpoint_type = lookup(each.value, "service_type", "Interface") - auto_accept = lookup(each.value, "auto_accept", null) - - security_group_ids = lookup(each.value, "service_type", "Interface") == "Interface" ? distinct(concat(var.security_group_ids, lookup(each.value, "security_group_ids", []))) : null - subnet_ids = lookup(each.value, "service_type", "Interface") == "Interface" ? distinct(concat(var.subnet_ids, lookup(each.value, "subnet_ids", []))) : null - route_table_ids = lookup(each.value, "service_type", "Interface") == "Gateway" ? lookup(each.value, "route_table_ids", null) : null - policy = lookup(each.value, "policy", null) - private_dns_enabled = lookup(each.value, "service_type", "Interface") == "Interface" ? lookup(each.value, "private_dns_enabled", null) : null - - tags = merge(var.tags, lookup(each.value, "tags", {})) - - timeouts { - create = lookup(var.timeouts, "create", "10m") - update = lookup(var.timeouts, "update", "10m") - delete = lookup(var.timeouts, "delete", "10m") - } -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/modules/vpc-endpoints/outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/modules/vpc-endpoints/outputs.tf deleted file mode 100644 index 88aa989f..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/modules/vpc-endpoints/outputs.tf +++ /dev/null @@ -1,4 +0,0 @@ -output "endpoints" { - description = "Array containing the full resource object and attributes for all endpoints created" - value = aws_vpc_endpoint.this -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/modules/vpc-endpoints/variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/modules/vpc-endpoints/variables.tf deleted file mode 100644 index afcebc3d..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/modules/vpc-endpoints/variables.tf +++ /dev/null @@ -1,41 +0,0 @@ -variable "create" { - description = "Determines whether resources will be created" - type = bool - default = true -} - -variable "vpc_id" { - description = "The ID of the VPC in which the endpoint will be used" - type = string - default = null -} - -variable "endpoints" { - description = "A map of interface and/or gateway endpoints containing their properties and configurations" - type = any - default = {} -} - -variable "security_group_ids" { - description = "Default security group IDs to associate with the VPC endpoints" - type = list(string) - default = [] -} - -variable "subnet_ids" { - description = "Default subnets IDs to associate with the VPC endpoints" - type = list(string) - default = [] -} - -variable "tags" { - description = "A map of tags to use on all resources" - type = map(string) - default = {} -} - -variable "timeouts" { - description = "Define maximum timeout for creating, updating, and deleting VPC endpoint resources" - type = map(string) - default = {} -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/modules/vpc-endpoints/versions.tf b/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/modules/vpc-endpoints/versions.tf deleted file mode 100644 index dc46f697..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/modules/vpc-endpoints/versions.tf +++ /dev/null @@ -1,10 +0,0 @@ -terraform { - required_version = ">= 0.12.26" - - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 3.15" - } - } -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/outputs.tf deleted file mode 100644 index aa986603..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/outputs.tf +++ /dev/null @@ -1,541 +0,0 @@ -output "vpc_id" { - description = "The ID of the VPC" - value = concat(aws_vpc.this.*.id, [""])[0] -} - -output "vpc_arn" { - description = "The ARN of the VPC" - value = concat(aws_vpc.this.*.arn, [""])[0] -} - -output "vpc_cidr_block" { - description = "The CIDR block of the VPC" - value = concat(aws_vpc.this.*.cidr_block, [""])[0] -} - -output "default_security_group_id" { - description = "The ID of the security group created by default on VPC creation" - value = concat(aws_vpc.this.*.default_security_group_id, [""])[0] -} - -output "default_network_acl_id" { - description = "The ID of the default network ACL" - value = concat(aws_vpc.this.*.default_network_acl_id, [""])[0] -} - -output "default_route_table_id" { - description = "The ID of the default route table" - value = concat(aws_vpc.this.*.default_route_table_id, [""])[0] -} - -output "vpc_instance_tenancy" { - description = "Tenancy of instances spin up within VPC" - value = concat(aws_vpc.this.*.instance_tenancy, [""])[0] -} - -output "vpc_enable_dns_support" { - description = "Whether or not the VPC has DNS support" - value = concat(aws_vpc.this.*.enable_dns_support, [""])[0] -} - -output "vpc_enable_dns_hostnames" { - description = "Whether or not the VPC has DNS hostname support" - value = concat(aws_vpc.this.*.enable_dns_hostnames, [""])[0] -} - -output "vpc_main_route_table_id" { - description = "The ID of the main route table associated with this VPC" - value = concat(aws_vpc.this.*.main_route_table_id, [""])[0] -} - -output "vpc_ipv6_association_id" { - description = "The association ID for the IPv6 CIDR block" - value = concat(aws_vpc.this.*.ipv6_association_id, [""])[0] -} - -output "vpc_ipv6_cidr_block" { - description = "The IPv6 CIDR block" - value = concat(aws_vpc.this.*.ipv6_cidr_block, [""])[0] -} - -output "vpc_secondary_cidr_blocks" { - description = "List of secondary CIDR blocks of the VPC" - value = aws_vpc_ipv4_cidr_block_association.this.*.cidr_block -} - -output "vpc_owner_id" { - description = "The ID of the AWS account that owns the VPC" - value = concat(aws_vpc.this.*.owner_id, [""])[0] -} - -output "private_subnets" { - description = "List of IDs of private subnets" - value = aws_subnet.private.*.id -} - -output "private_subnet_arns" { - description = "List of ARNs of private subnets" - value = aws_subnet.private.*.arn -} - -output "private_subnets_cidr_blocks" { - description = "List of cidr_blocks of private subnets" - value = aws_subnet.private.*.cidr_block -} - -output "private_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of private subnets in an IPv6 enabled VPC" - value = aws_subnet.private.*.ipv6_cidr_block -} - -output "public_subnets" { - description = "List of IDs of public subnets" - value = aws_subnet.public.*.id -} - -output "public_subnet_arns" { - description = "List of ARNs of public subnets" - value = aws_subnet.public.*.arn -} - -output "public_subnets_cidr_blocks" { - description = "List of cidr_blocks of public subnets" - value = aws_subnet.public.*.cidr_block -} - -output "public_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of public subnets in an IPv6 enabled VPC" - value = aws_subnet.public.*.ipv6_cidr_block -} - -output "outpost_subnets" { - description = "List of IDs of outpost subnets" - value = aws_subnet.outpost.*.id -} - -output "outpost_subnet_arns" { - description = "List of ARNs of outpost subnets" - value = aws_subnet.outpost.*.arn -} - -output "outpost_subnets_cidr_blocks" { - description = "List of cidr_blocks of outpost subnets" - value = aws_subnet.outpost.*.cidr_block -} - -output "outpost_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of outpost subnets in an IPv6 enabled VPC" - value = aws_subnet.outpost.*.ipv6_cidr_block -} - -output "database_subnets" { - description = "List of IDs of database subnets" - value = aws_subnet.database.*.id -} - -output "database_subnet_arns" { - description = "List of ARNs of database subnets" - value = aws_subnet.database.*.arn -} - -output "database_subnets_cidr_blocks" { - description = "List of cidr_blocks of database subnets" - value = aws_subnet.database.*.cidr_block -} - -output "database_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of database subnets in an IPv6 enabled VPC" - value = aws_subnet.database.*.ipv6_cidr_block -} - -output "database_subnet_group" { - description = "ID of database subnet group" - value = concat(aws_db_subnet_group.database.*.id, [""])[0] -} - -output "database_subnet_group_name" { - description = "Name of database subnet group" - value = concat(aws_db_subnet_group.database.*.name, [""])[0] -} - -output "redshift_subnets" { - description = "List of IDs of redshift subnets" - value = aws_subnet.redshift.*.id -} - -output "redshift_subnet_arns" { - description = "List of ARNs of redshift subnets" - value = aws_subnet.redshift.*.arn -} - -output "redshift_subnets_cidr_blocks" { - description = "List of cidr_blocks of redshift subnets" - value = aws_subnet.redshift.*.cidr_block -} - -output "redshift_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of redshift subnets in an IPv6 enabled VPC" - value = aws_subnet.redshift.*.ipv6_cidr_block -} - -output "redshift_subnet_group" { - description = "ID of redshift subnet group" - value = concat(aws_redshift_subnet_group.redshift.*.id, [""])[0] -} - -output "elasticache_subnets" { - description = "List of IDs of elasticache subnets" - value = aws_subnet.elasticache.*.id -} - -output "elasticache_subnet_arns" { - description = "List of ARNs of elasticache subnets" - value = aws_subnet.elasticache.*.arn -} - -output "elasticache_subnets_cidr_blocks" { - description = "List of cidr_blocks of elasticache subnets" - value = aws_subnet.elasticache.*.cidr_block -} - -output "elasticache_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of elasticache subnets in an IPv6 enabled VPC" - value = aws_subnet.elasticache.*.ipv6_cidr_block -} - -output "intra_subnets" { - description = "List of IDs of intra subnets" - value = aws_subnet.intra.*.id -} - -output "intra_subnet_arns" { - description = "List of ARNs of intra subnets" - value = aws_subnet.intra.*.arn -} - -output "intra_subnets_cidr_blocks" { - description = "List of cidr_blocks of intra subnets" - value = aws_subnet.intra.*.cidr_block -} - -output "intra_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of intra subnets in an IPv6 enabled VPC" - value = aws_subnet.intra.*.ipv6_cidr_block -} - -output "elasticache_subnet_group" { - description = "ID of elasticache subnet group" - value = concat(aws_elasticache_subnet_group.elasticache.*.id, [""])[0] -} - -output "elasticache_subnet_group_name" { - description = "Name of elasticache subnet group" - value = concat(aws_elasticache_subnet_group.elasticache.*.name, [""])[0] -} - -output "public_route_table_ids" { - description = "List of IDs of public route tables" - value = aws_route_table.public.*.id -} - -output "private_route_table_ids" { - description = "List of IDs of private route tables" - value = aws_route_table.private.*.id -} - -output "database_route_table_ids" { - description = "List of IDs of database route tables" - value = length(aws_route_table.database.*.id) > 0 ? aws_route_table.database.*.id : aws_route_table.private.*.id -} - -output "redshift_route_table_ids" { - description = "List of IDs of redshift route tables" - value = length(aws_route_table.redshift.*.id) > 0 ? aws_route_table.redshift.*.id : aws_route_table.private.*.id -} - -output "elasticache_route_table_ids" { - description = "List of IDs of elasticache route tables" - value = length(aws_route_table.elasticache.*.id) > 0 ? aws_route_table.elasticache.*.id : aws_route_table.private.*.id -} - -output "intra_route_table_ids" { - description = "List of IDs of intra route tables" - value = aws_route_table.intra.*.id -} - -output "public_internet_gateway_route_id" { - description = "ID of the internet gateway route." - value = concat(aws_route.public_internet_gateway.*.id, [""])[0] -} - -output "public_internet_gateway_ipv6_route_id" { - description = "ID of the IPv6 internet gateway route." - value = concat(aws_route.public_internet_gateway_ipv6.*.id, [""])[0] -} - -output "database_internet_gateway_route_id" { - description = "ID of the database internet gateway route." - value = concat(aws_route.database_internet_gateway.*.id, [""])[0] -} - -output "database_nat_gateway_route_ids" { - description = "List of IDs of the database nat gateway route." - value = aws_route.database_nat_gateway.*.id -} - -output "database_ipv6_egress_route_id" { - description = "ID of the database IPv6 egress route." - value = concat(aws_route.database_ipv6_egress.*.id, [""])[0] -} - -output "private_nat_gateway_route_ids" { - description = "List of IDs of the private nat gateway route." - value = aws_route.private_nat_gateway.*.id -} - -output "private_ipv6_egress_route_ids" { - description = "List of IDs of the ipv6 egress route." - value = aws_route.private_ipv6_egress.*.id -} - -output "private_route_table_association_ids" { - description = "List of IDs of the private route table association" - value = aws_route_table_association.private.*.id -} - -output "database_route_table_association_ids" { - description = "List of IDs of the database route table association" - value = aws_route_table_association.database.*.id -} - -output "redshift_route_table_association_ids" { - description = "List of IDs of the redshift route table association" - value = aws_route_table_association.redshift.*.id -} - -output "redshift_public_route_table_association_ids" { - description = "List of IDs of the public redshidt route table association" - value = aws_route_table_association.redshift_public.*.id -} - -output "elasticache_route_table_association_ids" { - description = "List of IDs of the elasticache route table association" - value = aws_route_table_association.elasticache.*.id -} - -output "intra_route_table_association_ids" { - description = "List of IDs of the intra route table association" - value = aws_route_table_association.intra.*.id -} - -output "public_route_table_association_ids" { - description = "List of IDs of the public route table association" - value = aws_route_table_association.public.*.id -} - -output "nat_ids" { - description = "List of allocation ID of Elastic IPs created for AWS NAT Gateway" - value = aws_eip.nat.*.id -} - -output "nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = var.reuse_nat_ips ? var.external_nat_ips : aws_eip.nat.*.public_ip -} - -output "natgw_ids" { - description = "List of NAT Gateway IDs" - value = aws_nat_gateway.this.*.id -} - -output "igw_id" { - description = "The ID of the Internet Gateway" - value = concat(aws_internet_gateway.this.*.id, [""])[0] -} - -output "igw_arn" { - description = "The ARN of the Internet Gateway" - value = concat(aws_internet_gateway.this.*.arn, [""])[0] -} - -output "egress_only_internet_gateway_id" { - description = "The ID of the egress only Internet Gateway" - value = concat(aws_egress_only_internet_gateway.this.*.id, [""])[0] -} - -output "cgw_ids" { - description = "List of IDs of Customer Gateway" - value = [for k, v in aws_customer_gateway.this : v.id] -} - -output "cgw_arns" { - description = "List of ARNs of Customer Gateway" - value = [for k, v in aws_customer_gateway.this : v.arn] -} - -output "this_customer_gateway" { - description = "Map of Customer Gateway attributes" - value = aws_customer_gateway.this -} - -output "vgw_id" { - description = "The ID of the VPN Gateway" - value = concat(aws_vpn_gateway.this.*.id, aws_vpn_gateway_attachment.this.*.vpn_gateway_id, [""])[0] -} - -output "vgw_arn" { - description = "The ARN of the VPN Gateway" - value = concat(aws_vpn_gateway.this.*.arn, [""])[0] -} - -output "default_vpc_id" { - description = "The ID of the Default VPC" - value = concat(aws_default_vpc.this.*.id, [""])[0] -} - -output "default_vpc_arn" { - description = "The ARN of the Default VPC" - value = concat(aws_default_vpc.this.*.arn, [""])[0] -} - -output "default_vpc_cidr_block" { - description = "The CIDR block of the Default VPC" - value = concat(aws_default_vpc.this.*.cidr_block, [""])[0] -} - -output "default_vpc_default_security_group_id" { - description = "The ID of the security group created by default on Default VPC creation" - value = concat(aws_default_vpc.this.*.default_security_group_id, [""])[0] -} - -output "default_vpc_default_network_acl_id" { - description = "The ID of the default network ACL of the Default VPC" - value = concat(aws_default_vpc.this.*.default_network_acl_id, [""])[0] -} - -output "default_vpc_default_route_table_id" { - description = "The ID of the default route table of the Default VPC" - value = concat(aws_default_vpc.this.*.default_route_table_id, [""])[0] -} - -output "default_vpc_instance_tenancy" { - description = "Tenancy of instances spin up within Default VPC" - value = concat(aws_default_vpc.this.*.instance_tenancy, [""])[0] -} - -output "default_vpc_enable_dns_support" { - description = "Whether or not the Default VPC has DNS support" - value = concat(aws_default_vpc.this.*.enable_dns_support, [""])[0] -} - -output "default_vpc_enable_dns_hostnames" { - description = "Whether or not the Default VPC has DNS hostname support" - value = concat(aws_default_vpc.this.*.enable_dns_hostnames, [""])[0] -} - -output "default_vpc_main_route_table_id" { - description = "The ID of the main route table associated with the Default VPC" - value = concat(aws_default_vpc.this.*.main_route_table_id, [""])[0] -} - -output "public_network_acl_id" { - description = "ID of the public network ACL" - value = concat(aws_network_acl.public.*.id, [""])[0] -} - -output "public_network_acl_arn" { - description = "ARN of the public network ACL" - value = concat(aws_network_acl.public.*.arn, [""])[0] -} - -output "private_network_acl_id" { - description = "ID of the private network ACL" - value = concat(aws_network_acl.private.*.id, [""])[0] -} - -output "private_network_acl_arn" { - description = "ARN of the private network ACL" - value = concat(aws_network_acl.private.*.arn, [""])[0] -} - -output "outpost_network_acl_id" { - description = "ID of the outpost network ACL" - value = concat(aws_network_acl.outpost.*.id, [""])[0] -} - -output "outpost_network_acl_arn" { - description = "ARN of the outpost network ACL" - value = concat(aws_network_acl.outpost.*.arn, [""])[0] -} - -output "intra_network_acl_id" { - description = "ID of the intra network ACL" - value = concat(aws_network_acl.intra.*.id, [""])[0] -} - -output "intra_network_acl_arn" { - description = "ARN of the intra network ACL" - value = concat(aws_network_acl.intra.*.arn, [""])[0] -} - -output "database_network_acl_id" { - description = "ID of the database network ACL" - value = concat(aws_network_acl.database.*.id, [""])[0] -} - -output "database_network_acl_arn" { - description = "ARN of the database network ACL" - value = concat(aws_network_acl.database.*.arn, [""])[0] -} - -output "redshift_network_acl_id" { - description = "ID of the redshift network ACL" - value = concat(aws_network_acl.redshift.*.id, [""])[0] -} - -output "redshift_network_acl_arn" { - description = "ARN of the redshift network ACL" - value = concat(aws_network_acl.redshift.*.arn, [""])[0] -} - -output "elasticache_network_acl_id" { - description = "ID of the elasticache network ACL" - value = concat(aws_network_acl.elasticache.*.id, [""])[0] -} - -output "elasticache_network_acl_arn" { - description = "ARN of the elasticache network ACL" - value = concat(aws_network_acl.elasticache.*.arn, [""])[0] -} - -# VPC flow log -output "vpc_flow_log_id" { - description = "The ID of the Flow Log resource" - value = concat(aws_flow_log.this.*.id, [""])[0] -} - -output "vpc_flow_log_destination_arn" { - description = "The ARN of the destination for VPC Flow Logs" - value = local.flow_log_destination_arn -} - -output "vpc_flow_log_destination_type" { - description = "The type of the destination for VPC Flow Logs" - value = var.flow_log_destination_type -} - -output "vpc_flow_log_cloudwatch_iam_role_arn" { - description = "The ARN of the IAM role used when pushing logs to Cloudwatch log group" - value = local.flow_log_iam_role_arn -} - -# Static values (arguments) -output "azs" { - description = "A list of availability zones specified as argument to this module" - value = var.azs -} - -output "name" { - description = "The name of the VPC specified as argument to this module" - value = var.name -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/variables.tf deleted file mode 100644 index 9754193c..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/variables.tf +++ /dev/null @@ -1,1129 +0,0 @@ -variable "create_vpc" { - description = "Controls if VPC should be created (it affects almost all resources)" - type = bool - default = true -} - -variable "name" { - description = "Name to be used on all the resources as identifier" - type = string - default = "" -} - -variable "cidr" { - description = "The CIDR block for the VPC. Default value is a valid CIDR, but not acceptable by AWS and should be overridden" - type = string - default = "0.0.0.0/0" -} - -variable "enable_ipv6" { - description = "Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block." - type = bool - default = false -} - -variable "private_subnet_ipv6_prefixes" { - description = "Assigns IPv6 private subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list" - type = list(string) - default = [] -} - -variable "public_subnet_ipv6_prefixes" { - description = "Assigns IPv6 public subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list" - type = list(string) - default = [] -} - -variable "outpost_subnet_ipv6_prefixes" { - description = "Assigns IPv6 outpost subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list" - type = list(string) - default = [] -} - -variable "database_subnet_ipv6_prefixes" { - description = "Assigns IPv6 database subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list" - type = list(string) - default = [] -} - -variable "redshift_subnet_ipv6_prefixes" { - description = "Assigns IPv6 redshift subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list" - type = list(string) - default = [] -} - -variable "elasticache_subnet_ipv6_prefixes" { - description = "Assigns IPv6 elasticache subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list" - type = list(string) - default = [] -} - -variable "intra_subnet_ipv6_prefixes" { - description = "Assigns IPv6 intra subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list" - type = list(string) - default = [] -} - -variable "assign_ipv6_address_on_creation" { - description = "Assign IPv6 address on subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch" - type = bool - default = false -} - -variable "private_subnet_assign_ipv6_address_on_creation" { - description = "Assign IPv6 address on private subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch" - type = bool - default = null -} - -variable "public_subnet_assign_ipv6_address_on_creation" { - description = "Assign IPv6 address on public subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch" - type = bool - default = null -} - -variable "outpost_subnet_assign_ipv6_address_on_creation" { - description = "Assign IPv6 address on outpost subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch" - type = bool - default = null -} - -variable "database_subnet_assign_ipv6_address_on_creation" { - description = "Assign IPv6 address on database subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch" - type = bool - default = null -} - -variable "redshift_subnet_assign_ipv6_address_on_creation" { - description = "Assign IPv6 address on redshift subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch" - type = bool - default = null -} - -variable "elasticache_subnet_assign_ipv6_address_on_creation" { - description = "Assign IPv6 address on elasticache subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch" - type = bool - default = null -} - -variable "intra_subnet_assign_ipv6_address_on_creation" { - description = "Assign IPv6 address on intra subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch" - type = bool - default = null -} - -variable "secondary_cidr_blocks" { - description = "List of secondary CIDR blocks to associate with the VPC to extend the IP Address pool" - type = list(string) - default = [] -} - -variable "instance_tenancy" { - description = "A tenancy option for instances launched into the VPC" - type = string - default = "default" -} - -variable "public_subnet_suffix" { - description = "Suffix to append to public subnets name" - type = string - default = "public" -} - -variable "private_subnet_suffix" { - description = "Suffix to append to private subnets name" - type = string - default = "private" -} - -variable "outpost_subnet_suffix" { - description = "Suffix to append to outpost subnets name" - type = string - default = "outpost" -} - -variable "intra_subnet_suffix" { - description = "Suffix to append to intra subnets name" - type = string - default = "intra" -} - -variable "database_subnet_suffix" { - description = "Suffix to append to database subnets name" - type = string - default = "db" -} - -variable "redshift_subnet_suffix" { - description = "Suffix to append to redshift subnets name" - type = string - default = "redshift" -} - -variable "elasticache_subnet_suffix" { - description = "Suffix to append to elasticache subnets name" - type = string - default = "elasticache" -} - -variable "public_subnets" { - description = "A list of public subnets inside the VPC" - type = list(string) - default = [] -} - -variable "private_subnets" { - description = "A list of private subnets inside the VPC" - type = list(string) - default = [] -} - -variable "outpost_subnets" { - description = "A list of outpost subnets inside the VPC" - type = list(string) - default = [] -} - -variable "database_subnets" { - description = "A list of database subnets" - type = list(string) - default = [] -} - -variable "redshift_subnets" { - description = "A list of redshift subnets" - type = list(string) - default = [] -} - -variable "elasticache_subnets" { - description = "A list of elasticache subnets" - type = list(string) - default = [] -} - -variable "intra_subnets" { - description = "A list of intra subnets" - type = list(string) - default = [] -} - -variable "create_database_subnet_route_table" { - description = "Controls if separate route table for database should be created" - type = bool - default = false -} - -variable "create_redshift_subnet_route_table" { - description = "Controls if separate route table for redshift should be created" - type = bool - default = false -} - -variable "enable_public_redshift" { - description = "Controls if redshift should have public routing table" - type = bool - default = false -} - -variable "create_elasticache_subnet_route_table" { - description = "Controls if separate route table for elasticache should be created" - type = bool - default = false -} - -variable "create_database_subnet_group" { - description = "Controls if database subnet group should be created (n.b. database_subnets must also be set)" - type = bool - default = true -} - -variable "create_elasticache_subnet_group" { - description = "Controls if elasticache subnet group should be created" - type = bool - default = true -} - -variable "create_redshift_subnet_group" { - description = "Controls if redshift subnet group should be created" - type = bool - default = true -} - -variable "create_database_internet_gateway_route" { - description = "Controls if an internet gateway route for public database access should be created" - type = bool - default = false -} - -variable "create_database_nat_gateway_route" { - description = "Controls if a nat gateway route should be created to give internet access to the database subnets" - type = bool - default = false -} - -variable "azs" { - description = "A list of availability zones names or ids in the region" - type = list(string) - default = [] -} - -variable "enable_dns_hostnames" { - description = "Should be true to enable DNS hostnames in the VPC" - type = bool - default = false -} - -variable "enable_dns_support" { - description = "Should be true to enable DNS support in the VPC" - type = bool - default = true -} - -variable "enable_classiclink" { - description = "Should be true to enable ClassicLink for the VPC. Only valid in regions and accounts that support EC2 Classic." - type = bool - default = null -} - -variable "enable_classiclink_dns_support" { - description = "Should be true to enable ClassicLink DNS Support for the VPC. Only valid in regions and accounts that support EC2 Classic." - type = bool - default = null -} - -variable "enable_nat_gateway" { - description = "Should be true if you want to provision NAT Gateways for each of your private networks" - type = bool - default = false -} - -variable "single_nat_gateway" { - description = "Should be true if you want to provision a single shared NAT Gateway across all of your private networks" - type = bool - default = false -} - -variable "one_nat_gateway_per_az" { - description = "Should be true if you want only one NAT Gateway per availability zone. Requires `var.azs` to be set, and the number of `public_subnets` created to be greater than or equal to the number of availability zones specified in `var.azs`." - type = bool - default = false -} - -variable "reuse_nat_ips" { - description = "Should be true if you don't want EIPs to be created for your NAT Gateways and will instead pass them in via the 'external_nat_ip_ids' variable" - type = bool - default = false -} - -variable "external_nat_ip_ids" { - description = "List of EIP IDs to be assigned to the NAT Gateways (used in combination with reuse_nat_ips)" - type = list(string) - default = [] -} - -variable "external_nat_ips" { - description = "List of EIPs to be used for `nat_public_ips` output (used in combination with reuse_nat_ips and external_nat_ip_ids)" - type = list(string) - default = [] -} - -variable "map_public_ip_on_launch" { - description = "Should be false if you do not want to auto-assign public IP on launch" - type = bool - default = true -} - -variable "customer_gateways" { - description = "Maps of Customer Gateway's attributes (BGP ASN and Gateway's Internet-routable external IP address)" - type = map(map(any)) - default = {} -} - -variable "enable_vpn_gateway" { - description = "Should be true if you want to create a new VPN Gateway resource and attach it to the VPC" - type = bool - default = false -} - -variable "vpn_gateway_id" { - description = "ID of VPN Gateway to attach to the VPC" - type = string - default = "" -} - -variable "amazon_side_asn" { - description = "The Autonomous System Number (ASN) for the Amazon side of the gateway. By default the virtual private gateway is created with the current default Amazon ASN." - type = string - default = "64512" -} - -variable "vpn_gateway_az" { - description = "The Availability Zone for the VPN Gateway" - type = string - default = null -} - -variable "propagate_intra_route_tables_vgw" { - description = "Should be true if you want route table propagation" - type = bool - default = false -} - -variable "propagate_private_route_tables_vgw" { - description = "Should be true if you want route table propagation" - type = bool - default = false -} - -variable "propagate_public_route_tables_vgw" { - description = "Should be true if you want route table propagation" - type = bool - default = false -} - -variable "manage_default_route_table" { - description = "Should be true to manage default route table" - type = bool - default = false -} - -variable "default_route_table_propagating_vgws" { - description = "List of virtual gateways for propagation" - type = list(string) - default = [] -} - -variable "default_route_table_routes" { - description = "Configuration block of routes. See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_route_table#route" - type = list(map(string)) - default = [] -} - -variable "default_route_table_tags" { - description = "Additional tags for the default route table" - type = map(string) - default = {} -} - -variable "tags" { - description = "A map of tags to add to all resources" - type = map(string) - default = {} -} - -variable "vpc_tags" { - description = "Additional tags for the VPC" - type = map(string) - default = {} -} - -variable "igw_tags" { - description = "Additional tags for the internet gateway" - type = map(string) - default = {} -} - -variable "public_subnet_tags" { - description = "Additional tags for the public subnets" - type = map(string) - default = {} -} - -variable "private_subnet_tags" { - description = "Additional tags for the private subnets" - type = map(string) - default = {} -} - -variable "outpost_subnet_tags" { - description = "Additional tags for the outpost subnets" - type = map(string) - default = {} -} - -variable "public_route_table_tags" { - description = "Additional tags for the public route tables" - type = map(string) - default = {} -} - -variable "private_route_table_tags" { - description = "Additional tags for the private route tables" - type = map(string) - default = {} -} - -variable "database_route_table_tags" { - description = "Additional tags for the database route tables" - type = map(string) - default = {} -} - -variable "redshift_route_table_tags" { - description = "Additional tags for the redshift route tables" - type = map(string) - default = {} -} - -variable "elasticache_route_table_tags" { - description = "Additional tags for the elasticache route tables" - type = map(string) - default = {} -} - -variable "intra_route_table_tags" { - description = "Additional tags for the intra route tables" - type = map(string) - default = {} -} - -variable "database_subnet_tags" { - description = "Additional tags for the database subnets" - type = map(string) - default = {} -} - -variable "database_subnet_group_tags" { - description = "Additional tags for the database subnet group" - type = map(string) - default = {} -} - -variable "redshift_subnet_tags" { - description = "Additional tags for the redshift subnets" - type = map(string) - default = {} -} - -variable "redshift_subnet_group_tags" { - description = "Additional tags for the redshift subnet group" - type = map(string) - default = {} -} - -variable "elasticache_subnet_tags" { - description = "Additional tags for the elasticache subnets" - type = map(string) - default = {} -} - -variable "intra_subnet_tags" { - description = "Additional tags for the intra subnets" - type = map(string) - default = {} -} - -variable "public_acl_tags" { - description = "Additional tags for the public subnets network ACL" - type = map(string) - default = {} -} - -variable "private_acl_tags" { - description = "Additional tags for the private subnets network ACL" - type = map(string) - default = {} -} - -variable "outpost_acl_tags" { - description = "Additional tags for the outpost subnets network ACL" - type = map(string) - default = {} -} - -variable "intra_acl_tags" { - description = "Additional tags for the intra subnets network ACL" - type = map(string) - default = {} -} - -variable "database_acl_tags" { - description = "Additional tags for the database subnets network ACL" - type = map(string) - default = {} -} - -variable "redshift_acl_tags" { - description = "Additional tags for the redshift subnets network ACL" - type = map(string) - default = {} -} - -variable "elasticache_acl_tags" { - description = "Additional tags for the elasticache subnets network ACL" - type = map(string) - default = {} -} - -variable "dhcp_options_tags" { - description = "Additional tags for the DHCP option set (requires enable_dhcp_options set to true)" - type = map(string) - default = {} -} - -variable "nat_gateway_tags" { - description = "Additional tags for the NAT gateways" - type = map(string) - default = {} -} - -variable "nat_eip_tags" { - description = "Additional tags for the NAT EIP" - type = map(string) - default = {} -} - -variable "customer_gateway_tags" { - description = "Additional tags for the Customer Gateway" - type = map(string) - default = {} -} - -variable "vpn_gateway_tags" { - description = "Additional tags for the VPN gateway" - type = map(string) - default = {} -} - -variable "vpc_flow_log_tags" { - description = "Additional tags for the VPC Flow Logs" - type = map(string) - default = {} -} - -variable "vpc_flow_log_permissions_boundary" { - description = "The ARN of the Permissions Boundary for the VPC Flow Log IAM Role" - type = string - default = null -} - -variable "enable_dhcp_options" { - description = "Should be true if you want to specify a DHCP options set with a custom domain name, DNS servers, NTP servers, netbios servers, and/or netbios server type" - type = bool - default = false -} - -variable "dhcp_options_domain_name" { - description = "Specifies DNS name for DHCP options set (requires enable_dhcp_options set to true)" - type = string - default = "" -} - -variable "dhcp_options_domain_name_servers" { - description = "Specify a list of DNS server addresses for DHCP options set, default to AWS provided (requires enable_dhcp_options set to true)" - type = list(string) - default = ["AmazonProvidedDNS"] -} - -variable "dhcp_options_ntp_servers" { - description = "Specify a list of NTP servers for DHCP options set (requires enable_dhcp_options set to true)" - type = list(string) - default = [] -} - -variable "dhcp_options_netbios_name_servers" { - description = "Specify a list of netbios servers for DHCP options set (requires enable_dhcp_options set to true)" - type = list(string) - default = [] -} - -variable "dhcp_options_netbios_node_type" { - description = "Specify netbios node_type for DHCP options set (requires enable_dhcp_options set to true)" - type = string - default = "" -} - -variable "manage_default_vpc" { - description = "Should be true to adopt and manage Default VPC" - type = bool - default = false -} - -variable "default_vpc_name" { - description = "Name to be used on the Default VPC" - type = string - default = "" -} - -variable "default_vpc_enable_dns_support" { - description = "Should be true to enable DNS support in the Default VPC" - type = bool - default = true -} - -variable "default_vpc_enable_dns_hostnames" { - description = "Should be true to enable DNS hostnames in the Default VPC" - type = bool - default = false -} - -variable "default_vpc_enable_classiclink" { - description = "Should be true to enable ClassicLink in the Default VPC" - type = bool - default = false -} - -variable "default_vpc_tags" { - description = "Additional tags for the Default VPC" - type = map(string) - default = {} -} - -variable "manage_default_network_acl" { - description = "Should be true to adopt and manage Default Network ACL" - type = bool - default = false -} - -variable "default_network_acl_name" { - description = "Name to be used on the Default Network ACL" - type = string - default = "" -} - -variable "default_network_acl_tags" { - description = "Additional tags for the Default Network ACL" - type = map(string) - default = {} -} - -variable "public_dedicated_network_acl" { - description = "Whether to use dedicated network ACL (not default) and custom rules for public subnets" - type = bool - default = false -} - -variable "private_dedicated_network_acl" { - description = "Whether to use dedicated network ACL (not default) and custom rules for private subnets" - type = bool - default = false -} - -variable "outpost_dedicated_network_acl" { - description = "Whether to use dedicated network ACL (not default) and custom rules for outpost subnets" - type = bool - default = false -} - -variable "intra_dedicated_network_acl" { - description = "Whether to use dedicated network ACL (not default) and custom rules for intra subnets" - type = bool - default = false -} - -variable "database_dedicated_network_acl" { - description = "Whether to use dedicated network ACL (not default) and custom rules for database subnets" - type = bool - default = false -} - -variable "redshift_dedicated_network_acl" { - description = "Whether to use dedicated network ACL (not default) and custom rules for redshift subnets" - type = bool - default = false -} - -variable "elasticache_dedicated_network_acl" { - description = "Whether to use dedicated network ACL (not default) and custom rules for elasticache subnets" - type = bool - default = false -} - -variable "default_network_acl_ingress" { - description = "List of maps of ingress rules to set on the Default Network ACL" - type = list(map(string)) - - default = [ - { - rule_no = 100 - action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_block = "0.0.0.0/0" - }, - { - rule_no = 101 - action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - ipv6_cidr_block = "::/0" - }, - ] -} - -variable "default_network_acl_egress" { - description = "List of maps of egress rules to set on the Default Network ACL" - type = list(map(string)) - - default = [ - { - rule_no = 100 - action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_block = "0.0.0.0/0" - }, - { - rule_no = 101 - action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - ipv6_cidr_block = "::/0" - }, - ] -} - -variable "public_inbound_acl_rules" { - description = "Public subnets inbound network ACLs" - type = list(map(string)) - - default = [ - { - rule_number = 100 - rule_action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_block = "0.0.0.0/0" - }, - ] -} - -variable "public_outbound_acl_rules" { - description = "Public subnets outbound network ACLs" - type = list(map(string)) - - default = [ - { - rule_number = 100 - rule_action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_block = "0.0.0.0/0" - }, - ] -} - -variable "private_inbound_acl_rules" { - description = "Private subnets inbound network ACLs" - type = list(map(string)) - - default = [ - { - rule_number = 100 - rule_action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_block = "0.0.0.0/0" - }, - ] -} - -variable "private_outbound_acl_rules" { - description = "Private subnets outbound network ACLs" - type = list(map(string)) - - default = [ - { - rule_number = 100 - rule_action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_block = "0.0.0.0/0" - }, - ] -} - -variable "outpost_inbound_acl_rules" { - description = "Outpost subnets inbound network ACLs" - type = list(map(string)) - - default = [ - { - rule_number = 100 - rule_action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_block = "0.0.0.0/0" - }, - ] -} - -variable "outpost_outbound_acl_rules" { - description = "Outpost subnets outbound network ACLs" - type = list(map(string)) - - default = [ - { - rule_number = 100 - rule_action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_block = "0.0.0.0/0" - }, - ] -} - -variable "intra_inbound_acl_rules" { - description = "Intra subnets inbound network ACLs" - type = list(map(string)) - - default = [ - { - rule_number = 100 - rule_action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_block = "0.0.0.0/0" - }, - ] -} - -variable "intra_outbound_acl_rules" { - description = "Intra subnets outbound network ACLs" - type = list(map(string)) - - default = [ - { - rule_number = 100 - rule_action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_block = "0.0.0.0/0" - }, - ] -} - -variable "database_inbound_acl_rules" { - description = "Database subnets inbound network ACL rules" - type = list(map(string)) - - default = [ - { - rule_number = 100 - rule_action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_block = "0.0.0.0/0" - }, - ] -} - -variable "database_outbound_acl_rules" { - description = "Database subnets outbound network ACL rules" - type = list(map(string)) - - default = [ - { - rule_number = 100 - rule_action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_block = "0.0.0.0/0" - }, - ] -} - -variable "redshift_inbound_acl_rules" { - description = "Redshift subnets inbound network ACL rules" - type = list(map(string)) - - default = [ - { - rule_number = 100 - rule_action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_block = "0.0.0.0/0" - }, - ] -} - -variable "redshift_outbound_acl_rules" { - description = "Redshift subnets outbound network ACL rules" - type = list(map(string)) - - default = [ - { - rule_number = 100 - rule_action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_block = "0.0.0.0/0" - }, - ] -} - -variable "elasticache_inbound_acl_rules" { - description = "Elasticache subnets inbound network ACL rules" - type = list(map(string)) - - default = [ - { - rule_number = 100 - rule_action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_block = "0.0.0.0/0" - }, - ] -} - -variable "elasticache_outbound_acl_rules" { - description = "Elasticache subnets outbound network ACL rules" - type = list(map(string)) - - default = [ - { - rule_number = 100 - rule_action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_block = "0.0.0.0/0" - }, - ] -} - -variable "manage_default_security_group" { - description = "Should be true to adopt and manage default security group" - type = bool - default = false -} - -variable "default_security_group_name" { - description = "Name to be used on the default security group" - type = string - default = "default" -} - -variable "default_security_group_ingress" { - description = "List of maps of ingress rules to set on the default security group" - type = list(map(string)) - default = null -} - -variable "enable_flow_log" { - description = "Whether or not to enable VPC Flow Logs" - type = bool - default = false -} - -variable "default_security_group_egress" { - description = "List of maps of egress rules to set on the default security group" - type = list(map(string)) - default = null -} - -variable "default_security_group_tags" { - description = "Additional tags for the default security group" - type = map(string) - default = {} -} - -variable "create_flow_log_cloudwatch_log_group" { - description = "Whether to create CloudWatch log group for VPC Flow Logs" - type = bool - default = false -} - -variable "create_flow_log_cloudwatch_iam_role" { - description = "Whether to create IAM role for VPC Flow Logs" - type = bool - default = false -} - -variable "flow_log_traffic_type" { - description = "The type of traffic to capture. Valid values: ACCEPT, REJECT, ALL." - type = string - default = "ALL" -} - -variable "flow_log_destination_type" { - description = "Type of flow log destination. Can be s3 or cloud-watch-logs." - type = string - default = "cloud-watch-logs" -} - -variable "flow_log_log_format" { - description = "The fields to include in the flow log record, in the order in which they should appear." - type = string - default = null -} - -variable "flow_log_destination_arn" { - description = "The ARN of the CloudWatch log group or S3 bucket where VPC Flow Logs will be pushed. If this ARN is a S3 bucket the appropriate permissions need to be set on that bucket's policy. When create_flow_log_cloudwatch_log_group is set to false this argument must be provided." - type = string - default = "" -} - -variable "flow_log_cloudwatch_iam_role_arn" { - description = "The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group. When flow_log_destination_arn is set to ARN of Cloudwatch Logs, this argument needs to be provided." - type = string - default = "" -} - -variable "flow_log_cloudwatch_log_group_name_prefix" { - description = "Specifies the name prefix of CloudWatch Log Group for VPC flow logs." - type = string - default = "/aws/vpc-flow-log/" -} - -variable "flow_log_cloudwatch_log_group_retention_in_days" { - description = "Specifies the number of days you want to retain log events in the specified log group for VPC flow logs." - type = number - default = null -} - -variable "flow_log_cloudwatch_log_group_kms_key_id" { - description = "The ARN of the KMS Key to use when encrypting log data for VPC flow logs." - type = string - default = null -} - -variable "flow_log_max_aggregation_interval" { - description = "The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: `60` seconds or `600` seconds." - type = number - default = 600 -} - -variable "create_igw" { - description = "Controls if an Internet Gateway is created for public subnets and the related routes that connect them." - type = bool - default = true -} - -variable "create_egress_only_igw" { - description = "Controls if an Egress Only Internet Gateway is created and its related routes." - type = bool - default = true -} - -variable "outpost_arn" { - description = "ARN of Outpost you want to create a subnet in." - type = string - default = null -} - -variable "outpost_az" { - description = "AZ where Outpost is anchored." - type = string - default = null -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/versions.tf b/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/versions.tf deleted file mode 100644 index dc46f697..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/versions.tf +++ /dev/null @@ -1,10 +0,0 @@ -terraform { - required_version = ">= 0.12.26" - - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 3.15" - } - } -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/vpc-flow-logs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/vpc-flow-logs.tf deleted file mode 100644 index c478748b..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/vpc-flow-logs.tf +++ /dev/null @@ -1,100 +0,0 @@ -locals { - # Only create flow log if user selected to create a VPC as well - enable_flow_log = var.create_vpc && var.enable_flow_log - - create_flow_log_cloudwatch_iam_role = local.enable_flow_log && var.flow_log_destination_type != "s3" && var.create_flow_log_cloudwatch_iam_role - create_flow_log_cloudwatch_log_group = local.enable_flow_log && var.flow_log_destination_type != "s3" && var.create_flow_log_cloudwatch_log_group - - flow_log_destination_arn = local.create_flow_log_cloudwatch_log_group ? aws_cloudwatch_log_group.flow_log[0].arn : var.flow_log_destination_arn - flow_log_iam_role_arn = var.flow_log_destination_type != "s3" && local.create_flow_log_cloudwatch_iam_role ? aws_iam_role.vpc_flow_log_cloudwatch[0].arn : var.flow_log_cloudwatch_iam_role_arn -} - -################################################################################ -# Flow Log -################################################################################ - -resource "aws_flow_log" "this" { - count = local.enable_flow_log ? 1 : 0 - - log_destination_type = var.flow_log_destination_type - log_destination = local.flow_log_destination_arn - log_format = var.flow_log_log_format - iam_role_arn = local.flow_log_iam_role_arn - traffic_type = var.flow_log_traffic_type - vpc_id = local.vpc_id - max_aggregation_interval = var.flow_log_max_aggregation_interval - - tags = merge(var.tags, var.vpc_flow_log_tags) -} - -################################################################################ -# Flow Log CloudWatch -################################################################################ - -resource "aws_cloudwatch_log_group" "flow_log" { - count = local.create_flow_log_cloudwatch_log_group ? 1 : 0 - - name = "${var.flow_log_cloudwatch_log_group_name_prefix}${local.vpc_id}" - retention_in_days = var.flow_log_cloudwatch_log_group_retention_in_days - kms_key_id = var.flow_log_cloudwatch_log_group_kms_key_id - - tags = merge(var.tags, var.vpc_flow_log_tags) -} - -resource "aws_iam_role" "vpc_flow_log_cloudwatch" { - count = local.create_flow_log_cloudwatch_iam_role ? 1 : 0 - - name_prefix = "vpc-flow-log-role-" - assume_role_policy = data.aws_iam_policy_document.flow_log_cloudwatch_assume_role[0].json - permissions_boundary = var.vpc_flow_log_permissions_boundary - - tags = merge(var.tags, var.vpc_flow_log_tags) -} - -data "aws_iam_policy_document" "flow_log_cloudwatch_assume_role" { - count = local.create_flow_log_cloudwatch_iam_role ? 1 : 0 - - statement { - principals { - type = "Service" - identifiers = ["vpc-flow-logs.amazonaws.com"] - } - - effect = "Allow" - - actions = ["sts:AssumeRole"] - } -} - -resource "aws_iam_role_policy_attachment" "vpc_flow_log_cloudwatch" { - count = local.create_flow_log_cloudwatch_iam_role ? 1 : 0 - - role = aws_iam_role.vpc_flow_log_cloudwatch[0].name - policy_arn = aws_iam_policy.vpc_flow_log_cloudwatch[0].arn -} - -resource "aws_iam_policy" "vpc_flow_log_cloudwatch" { - count = local.create_flow_log_cloudwatch_iam_role ? 1 : 0 - - name_prefix = "vpc-flow-log-to-cloudwatch-" - policy = data.aws_iam_policy_document.vpc_flow_log_cloudwatch[0].json -} - -data "aws_iam_policy_document" "vpc_flow_log_cloudwatch" { - count = local.create_flow_log_cloudwatch_iam_role ? 1 : 0 - - statement { - sid = "AWSVPCFlowLogsPushToCloudWatch" - - effect = "Allow" - - actions = [ - "logs:CreateLogStream", - "logs:PutLogEvents", - "logs:DescribeLogGroups", - "logs:DescribeLogStreams", - ] - - resources = ["*"] - } -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/terraform.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/terraform.tfvars deleted file mode 100644 index d423925d..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/terraform.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# Generic Variables -aws_region = "us-east-1" -environment = "stag" -business_divsion = "HR" - - - - - - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/vpc.auto.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/vpc.auto.tfvars deleted file mode 100644 index fc45bf29..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/18-Develop-Terraform-Modules-Locally/terraform-manifests/vpc.auto.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# VPC Variables -vpc_name = "myvpc" -vpc_cidr_block = "10.0.0.0/16" -vpc_availability_zones = ["us-east-1a", "us-east-1b"] -vpc_public_subnets = ["10.0.101.0/24", "10.0.102.0/24"] -vpc_private_subnets = ["10.0.1.0/24", "10.0.2.0/24"] -vpc_database_subnets= ["10.0.151.0/24", "10.0.152.0/24"] -vpc_create_database_subnet_group = true -vpc_create_database_subnet_route_table = true -vpc_enable_nat_gateway = true -vpc_single_nat_gateway = true \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/19-Develop-Terraform-Module-from-scratch/README.md b/BACKUP-BEFORE-DEC2023-UPDATES/19-Develop-Terraform-Module-from-scratch/README.md deleted file mode 100644 index 1282aabb..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/19-Develop-Terraform-Module-from-scratch/README.md +++ /dev/null @@ -1,273 +0,0 @@ ---- -title: Build Terraform Module from Scratch -description: Create Terraform Modules locally ---- -# Build a Terraform Module - -## Step-01: Introduction -- Build a Terraform Module - - Create a Terraform module - - Use local Terraform modules in your configuration - - Configure modules with variables - - Use module outputs - - We are going to write a local re-usable module for the following usecase. -- **Usecase: Hosting a static website with AWS S3 buckets** -1. Create an S3 Bucket -2. Create Public Read policy for the bucket -3. Once above two are ready, we can deploy Static Content -4. For steps, 1 and 2 we are going to create a re-usable module in Terraform -- **How are we going to do this?** -- We are going to do this in 3 sections -- **Section-1 - Full Manual:** Create Static Website on S3 using AWS Management Consoleand host static content and test -- **Section-2 - Terraform Resources:** Automate section-1 using Terraform Resources -- **Section-3 - Terraform Modules:** Create a re-usable module for hosting static website by referencing section-2 terraform configuration files. - -## Step-02: Hosting a Static Website with AWS S3 using AWS Management Console -- **Reference Sub-folder:** v1-create-static-website-on-s3-using-aws-mgmt-console -- We are going to host a static website with AWS S3 using AWS Management console -### Step-02-01: Create AWS S3 Bucket -- Go to AWS Services -> S3 -> Create Bucket -- **Bucket Name:** mybucket-1045 (Note: Bucket name should be unique across AWS) -- **Region:** US.East (N.Virginia) -- Rest all leave to defaults -- Click on **Create Bucket** - -### Step-02-02: Enable Static website hosting -- Go to AWS Services -> S3 -> Buckets -> mybucket-1045 -> Properties Tab -> At the end -- Edit to enable **Static website hosting** -- **Static website hosting:** enable -- **Index document:** index.html -- Click on **Save Changes** - -### Step-02-03: Remove Block public access (bucket settings) -- Go to AWS Services -> S3 -> Buckets -> mybucket-1045 -> Permissions Tab -- Edit **Block public access (bucket settings)** -- Uncheck **Block all public access** -- Click on **Save Changes** -- Provide text `confirm` and Click on **Confirm** - -### Step-02-04: Add Bucket policy for public read by bucket owners -- Update your bucket name in the below listed policy -- **Location:** v1-create-static-website-on-s3-using-aws-mgmt-console/policy-public-read-access-for-website.json -```json -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "PublicReadGetObject", - "Effect": "Allow", - "Principal": "*", - "Action": [ - "s3:GetObject" - ], - "Resource": [ - "arn:aws:s3:::mybucket-1045/*" - ] - } - ] -} -``` -- Go to AWS Services -> S3 -> Buckets -> mybucket-1045 -> Permissions Tab -- Edit -> **Bucket policy** -> Copy paste the policy above with your bucket name -- Click on **Save Changes** - -### Step-02-05: Upload index.html -- **Location:** v1-create-static-website-on-s3-using-aws-mgmt-console/index.html -- Go to AWS Services -> S3 -> Buckets -> mybucket-1045 -> Objects Tab -- Upload **index.html** - -### Step-02-06: Access Static Website using S3 Website Endpoint -- Access the newly uploaded index.html to S3 bucket using browser -``` -# Endpoint Format -http://example-bucket.s3-website.Region.amazonaws.com/ - -# Replace Values (Bucket Name, Region) -http://mybucket-1045.s3-website.us-east-1.amazonaws.com/ -``` - -### Step-02-07: Conclusion -- We have used multiple manual steps to host a static website on AWS -- Now all the above manual steps automate using Terraform in next step - -## Step-03: Create Terraform Configuration to Host a Static Website on AWS S3 -- **Reference Sub-folder:** v2-host-static-website-on-s3-using-terraform-manifests -- We are going to host a static website on AWS S3 using general terraform configuration files -### Step-03-01: Create Terraform Configuration Files step by step -1. versions.tf -2. main.tf -3. variables.tf -4. outputs.tf -5. terraform.tfvars - -### Step-03-02: Execute Terraform Commands & Verify the bucket -```t -# Terraform Initialize -terraform init - -# Terraform Validate -terraform validate - -# Terraform Format -terraform fmt - -# Terraform Plan -terraform plan - -# Terraform Apply -terraform apply -auto-approve - -# Verify -1. Bucket has static website hosting enabled -2. Bucket has public read access enabled using policy -3. Bucket has "Block all public access" unchecked -``` - -### Step-03-03: Upload index.html and test -``` -# Endpoint Format -http://example-bucket.s3-website.Region.amazonaws.com/ - -# Replace Values (Bucket Name, Region) -http://mybucket-1046.s3-website.us-east-1.amazonaws.com/ -``` -### Step-03-04: Destroy and Clean-Up -```t -# Terraform Destroy -terraform destroy -auto-approve - -# Delete Terraform files -rm -rf .terraform* -rm -rf terraform.tfstate* -``` - - -### Step-03-05: Conclusion -- Using above terraform configurations we have hosted a static website in AWS S3 in seconds. -- In next step, we will convert these **terraform configuration files** to a Module which will be re-usable just by calling it. - - -## Step-04: Build a Terraform Module to Host a Static Website on AWS S3 -- **Reference Sub-folder:** v3-build-a-module-to-host-static-website-on-aws-s3 -- We will build a Terraform module to host a static website on AWS S3 - -### Step-04-01: Create Module Folder Structure -- We are going to create `modules` folder and in that we are going to create a module named `aws-s3-static-website-bucket` -- We will copy required files from previous section for this respective module. -- Terraform Working Directory: v3-build-a-module-to-host-static-website-on-aws-s3 - - modules - - Module-1: aws-s3-static-website-bucket - - main.tf - - variables.tf - - outputs.tf - - README.md - - LICENSE -- Inside `modules/aws-s3-static-website-bucket`, copy below listed three files from `v2-host-static-website-on-s3-using-terraform-manifests` - - main.tf - - variables.tf - - outputs.tf - - -### Step-04-02: Call Module from Terraform Work Directory (Root Module) -- Create Terraform Configuration in Root Module by calling the newly created module -- c1-versions.tf -- c2-variables.tf -- c3-s3bucket.tf -- c4-outputs.tf -```t -module "website_s3_bucket" { - source = "./modules/aws-s3-static-website-bucket" - bucket_name = var.my_s3_bucket - tags = var.my_s3_tags -} -``` -### Step-04-03: Execute Terraform Commands -``` -# Terraform Initialize -terraform init -Observation: -1. Verify ".terraform", you will find "modules" folder in addition to "providers" folder -2. Verify inside ".terraform/modules" folder too. - -# Terraform Validate -terraform validate - -# Terraform Format -terraform fmt - -# Terraform Plan -terraform plan - -# Terraform Apply -terraform apply -auto-approve - -# Verify -1. Bucket has static website hosting enabled -2. Bucket has public read access enabled using policy -3. Bucket has "Block all public access" unchecked -``` - -### Step-04-04: Upload index.html and test -``` -# Endpoint Format -http://example-bucket.s3-website.Region.amazonaws.com/ - -# Replace Values (Bucket Name, Region) -http://mybucket-1047.s3-website.us-east-1.amazonaws.com/ -``` - -### Step-04-05: Destroy and Clean-Up -```t -# Terraform Destroy -terraform destroy -auto-approve - -# Delete Terraform files -rm -rf .terraform* -rm -rf terraform.tfstate* -``` - -### Step-04-06: Understand terraform get command -- We have used `terraform init` to download providers from terraform registry and at the same time to download `modules` present in local modules folder in terraform working directory. -- Assuming we already have initialized using `terraform init` and later we have created `module` configs, we can `terraform get` to download the same. -- Whenever you add a new module to a configuration, Terraform must install the module before it can be used. -- Both the `terraform get` and `terraform init` commands will install and update modules. -- The `terraform init` command will also initialize backends and install plugins. -``` -# Delete modules in .terraform folder -ls -lrt .terraform/modules -rm -rf .terraform/modules -ls -lrt .terraform/modules - -# Terraform Get -terraform get -ls -lrt .terraform/modules -``` -### Step-04-07: Major difference between Local and Remote Module -- When installing a remote module, Terraform will download it into the .terraform directory in your configuration's root directory. -- When installing a local module, Terraform will instead refer directly to the source directory. -- Because of this, Terraform will automatically notice changes to local modules without having to re-run terraform init or terraform get. - -## Step-05: Conclusion -- Created a Terraform module -- Used local Terraform modules in your configuration -- Configured modules with variables -- Used module outputs - - - - - - - - - - - - - - - - - - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/19-Develop-Terraform-Module-from-scratch/v1-create-static-website-on-s3-using-aws-mgmt-console/index.html b/BACKUP-BEFORE-DEC2023-UPDATES/19-Develop-Terraform-Module-from-scratch/v1-create-static-website-on-s3-using-aws-mgmt-console/index.html deleted file mode 100644 index 3c12553c..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/19-Develop-Terraform-Module-from-scratch/v1-create-static-website-on-s3-using-aws-mgmt-console/index.html +++ /dev/null @@ -1,10 +0,0 @@ - - -Terraform Modules - Step by Step
- - \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/19-Develop-Terraform-Module-from-scratch/v1-create-static-website-on-s3-using-aws-mgmt-console/policy-public-read-access-for-website.json b/BACKUP-BEFORE-DEC2023-UPDATES/19-Develop-Terraform-Module-from-scratch/v1-create-static-website-on-s3-using-aws-mgmt-console/policy-public-read-access-for-website.json deleted file mode 100644 index 1b47fe4f..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/19-Develop-Terraform-Module-from-scratch/v1-create-static-website-on-s3-using-aws-mgmt-console/policy-public-read-access-for-website.json +++ /dev/null @@ -1,16 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "PublicReadGetObject", - "Effect": "Allow", - "Principal": "*", - "Action": [ - "s3:GetObject" - ], - "Resource": [ - "arn:aws:s3:::mybucket-1045/*" - ] - } - ] -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/19-Develop-Terraform-Module-from-scratch/v2-host-static-website-on-s3-using-terraform-manifests/main.tf b/BACKUP-BEFORE-DEC2023-UPDATES/19-Develop-Terraform-Module-from-scratch/v2-host-static-website-on-s3-using-terraform-manifests/main.tf deleted file mode 100644 index 00b2bfcf..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/19-Develop-Terraform-Module-from-scratch/v2-host-static-website-on-s3-using-terraform-manifests/main.tf +++ /dev/null @@ -1,30 +0,0 @@ -# Create S3 Bucket Resource -resource "aws_s3_bucket" "s3_bucket" { - bucket = var.bucket_name - acl = "public-read" - policy = <Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app1/index.html -sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app1/metadata.html - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c0-terraform-remote-state-datasource.tf b/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c0-terraform-remote-state-datasource.tf deleted file mode 100644 index e6f221f9..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c0-terraform-remote-state-datasource.tf +++ /dev/null @@ -1,27 +0,0 @@ -# Terraform Remote State Datasource -data "terraform_remote_state" "vpc" { - backend = "s3" - config = { - bucket = "terraform-on-aws-for-ec2" - key = "dev/project1-vpc/terraform.tfstate" - region = "us-east-1" - } -} - -/* -1. Security Group -vpc_id = data.terraform_remote_state.vpc.outputs.vpc_id -ingress_cidr_blocks = [data.terraform_remote_state.vpc.outputs.vpc_cidr_block] - -2. Bastion Host -subnet_id = data.terraform_remote_state.vpc.outputs.public_subnets[0] - -3. ALB -subnets = data.terraform_remote_state.vpc.outputs.public_subnets - -4. ASG - vpc_zone_identifier = data.terraform_remote_state.vpc.outputs.private_subnets - -5. Null Resource - command = "echo VPC created on `date` and VPC ID: ${data.terraform_remote_state.vpc.outputs.vpc_id} >> creation-time-vpc-id.txt" -*/ \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c1-versions.tf b/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c1-versions.tf deleted file mode 100644 index f2819a19..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c1-versions.tf +++ /dev/null @@ -1,43 +0,0 @@ -# Terraform Block -terraform { - required_version = ">= 1.0" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 3.0" - } - null = { - source = "hashicorp/null" - version = "~> 3.0" - } - random = { - source = "hashicorp/random" - version = "~> 3.0" - } - } - # Adding Backend as S3 for Remote State Storage - backend "s3" { - bucket = "terraform-on-aws-for-ec2" - key = "dev/project2-app1/terraform.tfstate" - region = "us-east-1" - - # Enable during Step-09 - # For State Locking - dynamodb_table = "dev-project2-app1" - } -} - -# Provider Block -provider "aws" { - region = var.aws_region - profile = "default" -} -/* -Note-1: AWS Credentials Profile (profile = "default") configured on your local desktop terminal -$HOME/.aws/credentials -*/ - -# Create Random Pet Resource -resource "random_pet" "this" { - length = 2 -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c10-01-ALB-application-loadbalancer-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c10-01-ALB-application-loadbalancer-variables.tf deleted file mode 100644 index 0aeebd65..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c10-01-ALB-application-loadbalancer-variables.tf +++ /dev/null @@ -1,3 +0,0 @@ -# Terraform AWS Application Load Balancer Variables -# Place holder file for AWS ALB Variables - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c10-02-ALB-application-loadbalancer.tf b/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c10-02-ALB-application-loadbalancer.tf deleted file mode 100644 index 41601840..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c10-02-ALB-application-loadbalancer.tf +++ /dev/null @@ -1,103 +0,0 @@ -# Terraform AWS Application Load Balancer (ALB) -module "alb" { - source = "terraform-aws-modules/alb/aws" - #version = "5.16.0" - version = "6.0.0" - - name = "${local.name}-alb" - load_balancer_type = "application" - #vpc_id = module.vpc.vpc_id - #subnets = module.vpc.public_subnets - vpc_id = data.terraform_remote_state.vpc.outputs.vpc_id - subnets = data.terraform_remote_state.vpc.outputs.public_subnets - #security_groups = [module.loadbalancer_sg.this_security_group_id] - security_groups = [module.loadbalancer_sg.security_group_id] - # Listeners - # HTTP Listener - HTTP to HTTPS Redirect - http_tcp_listeners = [ - { - port = 80 - protocol = "HTTP" - action_type = "redirect" - redirect = { - port = "443" - protocol = "HTTPS" - status_code = "HTTP_301" - } - } - ] - # Target Groups - target_groups = [ - # App1 Target Group - TG Index = 0 - { - name_prefix = "app1-" - backend_protocol = "HTTP" - backend_port = 80 - target_type = "instance" - deregistration_delay = 10 - health_check = { - enabled = true - interval = 30 - path = "/app1/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - protocol = "HTTP" - matcher = "200-399" - } - protocol_version = "HTTP1" - /* # App1 Target Group - Targets - targets = { - my_app1_vm1 = { - target_id = module.ec2_private_app1.id[0] - port = 80 - }, - my_app1_vm2 = { - target_id = module.ec2_private_app1.id[1] - port = 80 - } - } - tags =local.common_tags # Target Group Tags*/ - }, - ] - - # HTTPS Listener - https_listeners = [ - # HTTPS Listener Index = 0 for HTTPS 443 - { - port = 443 - protocol = "HTTPS" - #certificate_arn = module.acm.this_acm_certificate_arn - certificate_arn = module.acm.acm_certificate_arn - action_type = "fixed-response" - fixed_response = { - content_type = "text/plain" - message_body = "Fixed Static message - for Root Context" - status_code = "200" - } - }, - ] - - # HTTPS Listener Rules - https_listener_rules = [ - # Rule-1: /app1* should go to App1 EC2 Instances - { - https_listener_index = 0 - priority = 1 - actions = [ - { - type = "forward" - target_group_index = 0 - } - ] - conditions = [{ - path_patterns = ["/*"] - }] - }, - ] - tags = local.common_tags # ALB Tags -} - - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c10-03-ALB-application-loadbalancer-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c10-03-ALB-application-loadbalancer-outputs.tf deleted file mode 100644 index 53b13a4e..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c10-03-ALB-application-loadbalancer-outputs.tf +++ /dev/null @@ -1,65 +0,0 @@ -# Terraform AWS Application Load Balancer (ALB) Outputs -output "lb_id" { - description = "The ID and ARN of the load balancer we created." - value = module.alb.lb_id -} - -output "lb_arn" { - description = "The ID and ARN of the load balancer we created." - value = module.alb.lb_arn -} - -output "lb_dns_name" { - description = "The DNS name of the load balancer." - value = module.alb.lb_dns_name -} - -output "lb_arn_suffix" { - description = "ARN suffix of our load balancer - can be used with CloudWatch." - value = module.alb.lb_arn_suffix -} - -output "lb_zone_id" { - description = "The zone_id of the load balancer to assist with creating DNS records." - value = module.alb.lb_zone_id -} - -output "http_tcp_listener_arns" { - description = "The ARN of the TCP and HTTP load balancer listeners created." - value = module.alb.http_tcp_listener_arns -} - -output "http_tcp_listener_ids" { - description = "The IDs of the TCP and HTTP load balancer listeners created." - value = module.alb.http_tcp_listener_ids -} - -output "https_listener_arns" { - description = "The ARNs of the HTTPS load balancer listeners created." - value = module.alb.https_listener_arns -} - -output "https_listener_ids" { - description = "The IDs of the load balancer listeners created." - value = module.alb.https_listener_ids -} - -output "target_group_arns" { - description = "ARNs of the target groups. Useful for passing to your Auto Scaling group." - value = module.alb.target_group_arns -} - -output "target_group_arn_suffixes" { - description = "ARN suffixes of our target groups - can be used with CloudWatch." - value = module.alb.target_group_arn_suffixes -} - -output "target_group_names" { - description = "Name of the target group. Useful for passing to your CodeDeploy Deployment Group." - value = module.alb.target_group_names -} - -output "target_group_attachments" { - description = "ARNs of the target group attachment IDs." - value = module.alb.target_group_attachments -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c11-acm-certificatemanager.tf b/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c11-acm-certificatemanager.tf deleted file mode 100644 index 1ec4f8fe..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c11-acm-certificatemanager.tf +++ /dev/null @@ -1,22 +0,0 @@ -# ACM Module - To create and Verify SSL Certificates -module "acm" { - source = "terraform-aws-modules/acm/aws" - #version = "2.14.0" - version = "3.0.0" - - domain_name = trimsuffix(data.aws_route53_zone.mydomain.name, ".") - zone_id = data.aws_route53_zone.mydomain.zone_id - - subject_alternative_names = [ - "*.devopsincloud.com" - ] - tags = local.common_tags -} - -# Output ACM Certificate ARN -output "this_acm_certificate_arn" { - description = "The ARN of the certificate" - #value = module.acm.this_acm_certificate_arn - value = module.acm.acm_certificate_arn -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c12-route53-dnsregistration.tf b/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c12-route53-dnsregistration.tf deleted file mode 100644 index 010d1d20..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c12-route53-dnsregistration.tf +++ /dev/null @@ -1,11 +0,0 @@ -# DNS Registration -resource "aws_route53_record" "apps_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = "tf-multi-app-projects.devopsincloud.com" - type = "A" - alias { - name = module.alb.lb_dns_name - zone_id = module.alb.lb_zone_id - evaluate_target_health = true - } -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c13-01-autoscaling-with-launchtemplate-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c13-01-autoscaling-with-launchtemplate-variables.tf deleted file mode 100644 index 72ba1abd..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c13-01-autoscaling-with-launchtemplate-variables.tf +++ /dev/null @@ -1,2 +0,0 @@ -# Autoscaling Input Variables -## Placeholder file \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c13-02-autoscaling-launchtemplate-resource.tf b/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c13-02-autoscaling-launchtemplate-resource.tf deleted file mode 100644 index 4f42bb45..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c13-02-autoscaling-launchtemplate-resource.tf +++ /dev/null @@ -1,33 +0,0 @@ -# Launch Template Resource -resource "aws_launch_template" "my_launch_template" { - name = "my-launch-template" - description = "My Launch Template" - image_id = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - - vpc_security_group_ids = [module.private_sg.security_group_id] - key_name = var.instance_keypair - user_data = filebase64("${path.module}/app1-install.sh") - ebs_optimized = true - #default_version = 1 - update_default_version = true - block_device_mappings { - device_name = "/dev/sda1" - ebs { - volume_size = 10 - #volume_size = 20 # LT Update Testing - Version 2 of LT - delete_on_termination = true - volume_type = "gp2" # default is gp2 - } - } - monitoring { - enabled = true - } - - tag_specifications { - resource_type = "instance" - tags = { - Name = "myasg" - } - } -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c13-03-autoscaling-resource.tf b/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c13-03-autoscaling-resource.tf deleted file mode 100644 index 0f1b4a56..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c13-03-autoscaling-resource.tf +++ /dev/null @@ -1,31 +0,0 @@ -# Autoscaling Group Resource -resource "aws_autoscaling_group" "my_asg" { - name_prefix = "myasg-" - desired_capacity = 2 - max_size = 10 - min_size = 2 - #vpc_zone_identifier = module.vpc.private_subnets - vpc_zone_identifier = data.terraform_remote_state.vpc.outputs.private_subnets - target_group_arns = module.alb.target_group_arns - health_check_type = "EC2" - #health_check_grace_period = 300 # default is 300 seconds - launch_template { - id = aws_launch_template.my_launch_template.id - version = aws_launch_template.my_launch_template.latest_version - } - # Instance Refresh - instance_refresh { - strategy = "Rolling" - preferences { - # instance_warmup = 300 # Default behavior is to use the Auto Scaling Groups health check grace period value - min_healthy_percentage = 50 - } - triggers = [ "desired_capacity" ] # You can add any argument from ASG here, if those has changes, ASG Instance Refresh will trigger - } - tag { - key = "Owners" - value = "Web-Team" - propagate_at_launch = true - } -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c13-04-autoscaling-with-launchtemplate-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c13-04-autoscaling-with-launchtemplate-outputs.tf deleted file mode 100644 index a23e76f4..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c13-04-autoscaling-with-launchtemplate-outputs.tf +++ /dev/null @@ -1,26 +0,0 @@ -# Launch Template Outputs -output "launch_template_id" { - description = "Launch Template ID" - value = aws_launch_template.my_launch_template.id -} - -output "launch_template_latest_version" { - description = "Launch Template Latest Version" - value = aws_launch_template.my_launch_template.latest_version -} - -# Autoscaling Outputs -output "autoscaling_group_id" { - description = "Autoscaling Group ID" - value = aws_autoscaling_group.my_asg.id -} - -output "autoscaling_group_name" { - description = "Autoscaling Group Name" - value = aws_autoscaling_group.my_asg.name -} - -output "autoscaling_group_arn" { - description = "Autoscaling Group ARN" - value = aws_autoscaling_group.my_asg.arn -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c13-05-autoscaling-notifications.tf b/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c13-05-autoscaling-notifications.tf deleted file mode 100644 index e2c85343..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c13-05-autoscaling-notifications.tf +++ /dev/null @@ -1,27 +0,0 @@ -# Autoscaling Notifications -## AWS Bug for SNS Topic: https://stackoverflow.com/questions/62694223/cloudwatch-alarm-pending-confirmation -## Due to that create SNS Topic with unique name - -## SNS - Topic -resource "aws_sns_topic" "myasg_sns_topic" { - name = "myasg-sns-topic-${random_pet.this.id}" -} - -## SNS - Subscription -resource "aws_sns_topic_subscription" "myasg_sns_topic_subscription" { - topic_arn = aws_sns_topic.myasg_sns_topic.arn - protocol = "email" - endpoint = "stacksimplify@gmail.com" -} - -## Create Autoscaling Notification Resource -resource "aws_autoscaling_notification" "myasg_notifications" { - group_names = [aws_autoscaling_group.my_asg.id] - notifications = [ - "autoscaling:EC2_INSTANCE_LAUNCH", - "autoscaling:EC2_INSTANCE_TERMINATE", - "autoscaling:EC2_INSTANCE_LAUNCH_ERROR", - "autoscaling:EC2_INSTANCE_TERMINATE_ERROR", - ] - topic_arn = aws_sns_topic.myasg_sns_topic.arn -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c13-06-autoscaling-ttsp.tf b/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c13-06-autoscaling-ttsp.tf deleted file mode 100644 index f67b9b23..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c13-06-autoscaling-ttsp.tf +++ /dev/null @@ -1,33 +0,0 @@ -###### Target Tracking Scaling Policies ###### -# TTS - Scaling Policy-1: Based on CPU Utilization -# Define Autoscaling Policies and Associate them to Autoscaling Group -resource "aws_autoscaling_policy" "avg_cpu_policy_greater_than_xx" { - name = "avg-cpu-policy-greater-than-xx" - policy_type = "TargetTrackingScaling" # Important Note: The policy type, either "SimpleScaling", "StepScaling" or "TargetTrackingScaling". If this value isn't provided, AWS will default to "SimpleScaling." - autoscaling_group_name = aws_autoscaling_group.my_asg.id - estimated_instance_warmup = 180 # defaults to ASG default cooldown 300 seconds if not set - # CPU Utilization is above 50 - target_tracking_configuration { - predefined_metric_specification { - predefined_metric_type = "ASGAverageCPUUtilization" - } - target_value = 50.0 - } - -} - -# TTS - Scaling Policy-2: Based on ALB Target Requests -resource "aws_autoscaling_policy" "alb_target_requests_greater_than_yy" { - name = "alb-target-requests-greater-than-yy" - policy_type = "TargetTrackingScaling" # Important Note: The policy type, either "SimpleScaling", "StepScaling" or "TargetTrackingScaling". If this value isn't provided, AWS will default to "SimpleScaling." - autoscaling_group_name = aws_autoscaling_group.my_asg.id - estimated_instance_warmup = 120 # defaults to ASG default cooldown 300 seconds if not set - # Number of requests > 10 completed per target in an Application Load Balancer target group. - target_tracking_configuration { - predefined_metric_specification { - predefined_metric_type = "ALBRequestCountPerTarget" - resource_label = "${module.alb.lb_arn_suffix}/${module.alb.target_group_arn_suffixes[0]}" - } - target_value = 10.0 - } -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c13-07-autoscaling-scheduled-actions.tf b/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c13-07-autoscaling-scheduled-actions.tf deleted file mode 100644 index f8d000b4..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c13-07-autoscaling-scheduled-actions.tf +++ /dev/null @@ -1,23 +0,0 @@ -## Create Scheduled Actions -### Create Scheduled Action-1: Increase capacity during business hours -resource "aws_autoscaling_schedule" "increase_capacity_7am" { - scheduled_action_name = "increase-capacity-7am" - min_size = 2 - max_size = 10 - desired_capacity = 8 - start_time = "2030-03-30T11:00:00Z" # Time should be provided in UTC Timezone (11am UTC = 7AM EST) - recurrence = "00 09 * * *" - autoscaling_group_name = aws_autoscaling_group.my_asg.id -} -### Create Scheduled Action-2: Decrease capacity during business hours -resource "aws_autoscaling_schedule" "decrease_capacity_5pm" { - scheduled_action_name = "decrease-capacity-5pm" - min_size = 2 - max_size = 10 - desired_capacity = 2 - start_time = "2030-03-30T21:00:00Z" # Time should be provided in UTC Timezone (9PM UTC = 5PM EST) - recurrence = "00 21 * * *" - autoscaling_group_name = aws_autoscaling_group.my_asg.id -} - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c2-generic-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c2-generic-variables.tf deleted file mode 100644 index c238ceaa..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c2-generic-variables.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Input Variables -# AWS Region -variable "aws_region" { - description = "Region in which AWS Resources to be created" - type = string - default = "us-east-1" -} -# Environment Variable -variable "environment" { - description = "Environment Variable used as a prefix" - type = string - default = "dev" -} -# Business Division -variable "business_divsion" { - description = "Business Division in the large organization this Infrastructure belongs" - type = string - default = "sap" -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c3-local-values.tf b/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c3-local-values.tf deleted file mode 100644 index ba7f09c2..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c3-local-values.tf +++ /dev/null @@ -1,25 +0,0 @@ -# Define Local Values in Terraform -locals { - owners = var.business_divsion - environment = var.environment - name = "${var.business_divsion}-${var.environment}" - #name = "${local.owners}-${local.environment}" - common_tags = { - owners = local.owners - environment = local.environment - } - - asg_tags = [ - { - key = "Project" - value = "megasecret" - propagate_at_launch = true - }, - { - key = "foo" - value = "" - propagate_at_launch = true - }, - ] - -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c5-01-securitygroup-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c5-01-securitygroup-variables.tf deleted file mode 100644 index fecdef54..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c5-01-securitygroup-variables.tf +++ /dev/null @@ -1,2 +0,0 @@ -# AWS EC2 Security Group Terraform Variables -## Placeholder file for Variables diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c5-02-securitygroup-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c5-02-securitygroup-outputs.tf deleted file mode 100644 index 2bd8f58c..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c5-02-securitygroup-outputs.tf +++ /dev/null @@ -1,46 +0,0 @@ -# AWS EC2 Security Group Terraform Outputs - -# Public Bastion Host Security Group Outputs -## public_bastion_sg_group_id -output "public_bastion_sg_group_id" { - description = "The ID of the security group" - #value = module.public_bastion_sg.this_security_group_id - value = module.public_bastion_sg.security_group_id -} - -## public_bastion_sg_group_vpc_id -output "public_bastion_sg_group_vpc_id" { - description = "The VPC ID" - #value = module.public_bastion_sg.this_security_group_vpc_id - value = module.public_bastion_sg.security_group_vpc_id -} - -## public_bastion_sg_group_name -output "public_bastion_sg_group_name" { - description = "The name of the security group" - #value = module.public_bastion_sg.this_security_group_name - value = module.public_bastion_sg.security_group_name -} - -# Private EC2 Instances Security Group Outputs -## private_sg_group_id -output "private_sg_group_id" { - description = "The ID of the security group" - #value = module.private_sg.this_security_group_id - value = module.private_sg.security_group_id -} - -## private_sg_group_vpc_id -output "private_sg_group_vpc_id" { - description = "The VPC ID" - #value = module.private_sg.this_security_group_vpc_id - value = module.private_sg.security_group_vpc_id -} - -## private_sg_group_name -output "private_sg_group_name" { - description = "The name of the security group" - #value = module.private_sg.this_security_group_name - value = module.private_sg.security_group_name -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c5-03-securitygroup-bastionsg.tf b/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c5-03-securitygroup-bastionsg.tf deleted file mode 100644 index 71757107..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c5-03-securitygroup-bastionsg.tf +++ /dev/null @@ -1,18 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Public Bastion Host -module "public_bastion_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - version = "4.0.0" - - name = "public-bastion-sg" - description = "Security Group with SSH port open for everybody (IPv4 CIDR), egress ports are all world open" - #vpc_id = module.vpc.vpc_id - vpc_id = data.terraform_remote_state.vpc.outputs.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c5-04-securitygroup-privatesg.tf b/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c5-04-securitygroup-privatesg.tf deleted file mode 100644 index 03546110..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c5-04-securitygroup-privatesg.tf +++ /dev/null @@ -1,19 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Private EC2 Instances -module "private_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - version = "4.0.0" - - name = "private-sg" - description = "Security Group with HTTP & SSH port open for entire VPC Block (IPv4 CIDR), egress ports are all world open" - #vpc_id = module.vpc.vpc_id - vpc_id = data.terraform_remote_state.vpc.outputs.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp", "http-80-tcp", "http-8080-tcp"] - ingress_cidr_blocks = [data.terraform_remote_state.vpc.outputs.vpc_cidr_block] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c5-05-securitygroup-loadbalancersg.tf b/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c5-05-securitygroup-loadbalancersg.tf deleted file mode 100644 index b2493983..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c5-05-securitygroup-loadbalancersg.tf +++ /dev/null @@ -1,30 +0,0 @@ -# Security Group for Public Load Balancer -module "loadbalancer_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - version = "4.0.0" - - name = "loadbalancer-sg" - description = "Security Group with HTTP open for entire Internet (IPv4 CIDR), egress ports are all world open" - #vpc_id = module.vpc.vpc_id - vpc_id = data.terraform_remote_state.vpc.outputs.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["http-80-tcp", "https-443-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags - - # Open to CIDRs blocks (rule or from_port+to_port+protocol+description) - ingress_with_cidr_blocks = [ - { - from_port = 81 - to_port = 81 - protocol = 6 - description = "Allow Port 81 from internet" - cidr_blocks = "0.0.0.0/0" - }, - ] -} - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c6-01-datasource-ami.tf b/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c6-01-datasource-ami.tf deleted file mode 100644 index c292b608..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c6-01-datasource-ami.tf +++ /dev/null @@ -1,21 +0,0 @@ -# Get latest AMI ID for Amazon Linux2 OS -data "aws_ami" "amzlinux2" { - most_recent = true - owners = [ "amazon" ] - filter { - name = "name" - values = [ "amzn2-ami-hvm-*-gp2" ] - } - filter { - name = "root-device-type" - values = [ "ebs" ] - } - filter { - name = "virtualization-type" - values = [ "hvm" ] - } - filter { - name = "architecture" - values = [ "x86_64" ] - } -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c6-02-datasource-route53-zone.tf b/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c6-02-datasource-route53-zone.tf deleted file mode 100644 index a30979d5..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c6-02-datasource-route53-zone.tf +++ /dev/null @@ -1,16 +0,0 @@ -# Get DNS information from AWS Route53 -data "aws_route53_zone" "mydomain" { - name = "devopsincloud.com" -} - -# Output MyDomain Zone ID -output "mydomain_zoneid" { - description = "The Hosted Zone id of the desired Hosted Zone" - value = data.aws_route53_zone.mydomain.zone_id -} - -# Output MyDomain name -output "mydomain_name" { - description = " The Hosted Zone name of the desired Hosted Zone." - value = data.aws_route53_zone.mydomain.name -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c7-01-ec2instance-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c7-01-ec2instance-variables.tf deleted file mode 100644 index 5067bec2..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c7-01-ec2instance-variables.tf +++ /dev/null @@ -1,23 +0,0 @@ -# AWS EC2 Instance Terraform Variables -# EC2 Instance Variables - -# AWS EC2 Instance Type -variable "instance_type" { - description = "EC2 Instance Type" - type = string - default = "t3.micro" -} - -# AWS EC2 Instance Key Pair -variable "instance_keypair" { - description = "AWS EC2 Key pair that need to be associated with EC2 Instance" - type = string - default = "terraform-key" -} - -# AWS EC2 Private Instance Count -variable "private_instance_count" { - description = "AWS EC2 Private Instances Count" - type = number - default = 1 -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c7-02-ec2instance-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c7-02-ec2instance-outputs.tf deleted file mode 100644 index 14415a3f..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c7-02-ec2instance-outputs.tf +++ /dev/null @@ -1,15 +0,0 @@ -# AWS EC2 Instance Terraform Outputs -# Public EC2 Instances - Bastion Host - -## ec2_bastion_public_instance_ids -output "ec2_bastion_public_instance_ids" { - description = "List of IDs of instances" - value = module.ec2_public.id -} - -## ec2_bastion_public_ip -output "ec2_bastion_public_ip" { - description = "List of public IP addresses assigned to the instances" - value = module.ec2_public.public_ip -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c7-03-ec2instance-bastion.tf b/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c7-03-ec2instance-bastion.tf deleted file mode 100644 index aacd48d4..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c7-03-ec2instance-bastion.tf +++ /dev/null @@ -1,19 +0,0 @@ -# AWS EC2 Instance Terraform Module -# Bastion Host - EC2 Instance that will be created in VPC Public Subnet -module "ec2_public" { - source = "terraform-aws-modules/ec2-instance/aws" - version = "2.17.0" - # insert the 10 required variables here - name = "${var.environment}-BastionHost" - #instance_count = 5 - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - #subnet_id = module.vpc.public_subnets[0] - subnet_id = data.terraform_remote_state.vpc.outputs.public_subnets[0] - #vpc_security_group_ids = [module.public_bastion_sg.this_security_group_id] - vpc_security_group_ids = [module.public_bastion_sg.security_group_id] - tags = local.common_tags -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c8-elasticip.tf b/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c8-elasticip.tf deleted file mode 100644 index a0fe24f7..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c8-elasticip.tf +++ /dev/null @@ -1,17 +0,0 @@ -# Create Elastic IP for Bastion Host -# Resource - depends_on Meta-Argument -resource "aws_eip" "bastion_eip" { - #depends_on = [ module.ec2_public, module.vpc ] - depends_on = [ module.ec2_public, /*module.vpc*/ ] - instance = module.ec2_public.id[0] - vpc = true - tags = local.common_tags - -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) - provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c9-nullresource-provisioners.tf b/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c9-nullresource-provisioners.tf deleted file mode 100644 index ce2506dc..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c9-nullresource-provisioners.tf +++ /dev/null @@ -1,42 +0,0 @@ -# Create a Null Resource and Provisioners -resource "null_resource" "name" { - depends_on = [module.ec2_public] - # Connection Block for Provisioners to connect to EC2 Instance - connection { - type = "ssh" - host = aws_eip.bastion_eip.public_ip - user = "ec2-user" - password = "" - private_key = file("private-key/terraform-key.pem") - } - -## File Provisioner: Copies the terraform-key.pem file to /tmp/terraform-key.pem - provisioner "file" { - source = "private-key/terraform-key.pem" - destination = "/tmp/terraform-key.pem" - } -## Remote Exec Provisioner: Using remote-exec provisioner fix the private key permissions on Bastion Host - provisioner "remote-exec" { - inline = [ - "sudo chmod 400 /tmp/terraform-key.pem" - ] - } -## Local Exec Provisioner: local-exec provisioner (Creation-Time Provisioner - Triggered during Create Resource) - provisioner "local-exec" { - command = "echo VPC created on `date` and VPC ID: ${data.terraform_remote_state.vpc.outputs.vpc_id} >> creation-time-vpc-id.txt" - working_dir = "local-exec-output-files/" - #on_failure = continue - } -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) -/* provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } - */ - -} - -# Creation Time Provisioners - By default they are created during resource creations (terraform apply) -# Destory Time Provisioners - Will be executed during "terraform destroy" command (when = destroy) \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/ec2instance.auto.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/ec2instance.auto.tfvars deleted file mode 100644 index 2d1c0446..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/ec2instance.auto.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -# EC2 Instance Variables -instance_type = "t3.micro" -instance_keypair = "terraform-key" -private_instance_count = 2 diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/local-exec-output-files/creation-time-vpc-id.txt b/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/local-exec-output-files/creation-time-vpc-id.txt deleted file mode 100644 index ba1a83ea..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/local-exec-output-files/creation-time-vpc-id.txt +++ /dev/null @@ -1,13 +0,0 @@ -VPC created on Tue Apr 20 13:59:45 IST 2021 and VPC ID: vpc-0325dc1acd7eec103 -VPC created on Fri Apr 23 14:38:18 IST 2021 and VPC ID: vpc-0159283c216ac75de -VPC created on Tue Apr 27 10:44:49 IST 2021 and VPC ID: vpc-0f27dbec1d02214ac -VPC created on Tue Apr 27 11:43:16 IST 2021 and VPC ID: vpc-0919ae691ce17b447 -VPC created on Tue Apr 27 15:46:33 IST 2021 and VPC ID: vpc-0c049ce82c2fef9d3 -VPC created on Wed Apr 28 07:46:02 IST 2021 and VPC ID: vpc-0d39babb1eceb9575 -VPC created on Wed Apr 28 09:38:00 IST 2021 and VPC ID: vpc-09e48c566409ec82d -VPC created on Wed Apr 28 10:24:07 IST 2021 and VPC ID: vpc-09022e15de01c4a50 -VPC created on Wed Apr 28 10:50:57 IST 2021 and VPC ID: vpc-092812c768984d8be -VPC created on Wed Apr 28 11:34:10 IST 2021 and VPC ID: vpc-01adbaf8ac37d8544 -VPC created on Thu Apr 29 07:49:39 IST 2021 and VPC ID: vpc-076756b5a8528bb7c -VPC created on Thu Apr 29 14:42:12 IST 2021 and VPC ID: vpc-0c1dc4b0f2ac20dcb -VPC created on Mon May 10 17:50:17 IST 2021 and VPC ID: vpc-096d7d24188ba6aeb diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/local-exec-output-files/destroy-time-prov.txt b/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/local-exec-output-files/destroy-time-prov.txt deleted file mode 100644 index 7bd187c9..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/local-exec-output-files/destroy-time-prov.txt +++ /dev/null @@ -1,13 +0,0 @@ -Destroy time prov Tue Apr 20 14:11:11 IST 2021 -Destroy time prov Fri Apr 23 16:06:53 IST 2021 -Destroy time prov Tue Apr 27 11:10:39 IST 2021 -Destroy time prov Tue Apr 27 13:09:09 IST 2021 -Destroy time prov Tue Apr 27 16:20:51 IST 2021 -Destroy time prov Wed Apr 28 08:12:01 IST 2021 -Destroy time prov Wed Apr 28 10:12:10 IST 2021 -Destroy time prov Wed Apr 28 10:39:23 IST 2021 -Destroy time prov Wed Apr 28 11:24:38 IST 2021 -Destroy time prov Wed Apr 28 13:05:25 IST 2021 -Destroy time prov Thu Apr 29 11:15:01 IST 2021 -Destroy time prov Thu Apr 29 16:03:46 IST 2021 -Destroy time prov Mon May 10 17:56:23 IST 2021 diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/private-key/terraform-key.pem b/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/private-key/terraform-key.pem deleted file mode 100644 index fab1eb2a..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/private-key/terraform-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAnzQtbXStFNU4znotckbPpAbQvymSYBvIRhObDObmhZLzs/Qm -lm57HBU18NcdAeEmKjHyu/2CI4Wwor3TJ+LTKHIldHmCt+26dSN5889Km99Af674 -nuPg9fTt8IXhY83aO0AeEnFivC+lk9+6Xezv7J7Llsmyx3kvUGE4uUEPNPuNcjdU -OrSlQ/Th9FPWBsTL8wLQCfQaPIQhZT8fXnvNGViTpZ/YqcoKGmkXcMl/+Pi0Xccs -ID3Egl18sV5uWr6T1DSMqhhwWYbl+IagZYUeKQ6Lg5znAtnX2/OHhDep6pGcf+aE -jbRkhQWgfLIVYhNXkAGxdxBEA2fQO0wvnaKI6wIDAQABAoIBABmUZqApmQ253LDA -TMEJw58VQUEVyuEKVbl8uPLvvqZDoEiPuAt/oOQ4PDyAM7bzmBA7ikbOSrSubF0Z -pu3HsinTfVUjmO84kTb1Bkk4S0KUMmbRlDzjXGfofLqiqD5C+wd+G9bWxQh7l10V -G3qv8TTRpuCJc+I9BG8jz9tkKq9WYtnGKXktVIAmEXK+ein8A5yj+szV1CyP0y6Y -6D1KApk+o1hLEXCBxaK6JgD4elJWgU0jCIhRFZzae93yozNIfJc2WZfPc8Ro6GBa -8H57q3E241P7S65VewhZlln9AUcRFYc587ohcCIW8mOWQ8NA3IMP+oVxa2p334Ll -duhR2jECgYEAyf7a1/+/c82B+ENyo53Y5CK2UM28oOJjiyCaWG2Dxj6V2+ZSXPrS -YTo43L9XiqT0Ry2eHjb4pJDsEeW5FnaDFO6NVUP+vfzaqWtozQmVAl3GQybbSh6g -+KJoEQff2Obadp9ZVhLFTiBedvGqPD43hs7jtmk5RfMjpLOvidfe+/UCgYEAycSJ -etYYHMMQm2NgX1/4dcbgOiu33N+x1H7LaXuvJMaZw0wB7fUyu65CAexEanDtiKs3 -jVG4tAzdMmHg7VxKR7eiCvQaSlxdWdcWtL2eFVq2TaQeowbpJUtsR0h6W0vpaN9A -VYW/oAH4fzQskwmWSlBMxB/Ie14hBCBckTXSRV8CgYEAql6WXpCK/jVbZfYdfvrn -sKPGeijM7DWGGBaLmAHmnxKyeyKsXVgAkZj11NpeD8ZJcq97Kajb1pGVSxMjJVsX -/FOoST5sYfoew76gSi/GypQlYQYo9z8WLh9s/tBRcTRlFqAYTYzPdbG/ezshhmZD -lyRw0620bNdCPOyBJhY5MPECgYA/3tFOazuSz0UQi3LUfkLetagBghlf+AgJJmIp -8BdPYvcF1ae+tiHrO4x1o188+qaW3uxk9fusM25KJqXXPaHd9gl7wi4YYAjFCcuM -R4IlbGPNTCjOnr9rKOcL4aup/uvSYOmyqPYyJq2NRuzdVumWeLj0VMNYGkIFVmE3 -LnxzrQKBgG5loEjdSKt40YOMXtYvUYUKDGvWgoQEb0hj3OqiBXz+w4YD3/iX7dbQ -qra1gCxE42Z9beiBiti6zi6zGcoVj/pfNUoyxTLMSwaytbF+g1u6ksXcmC9PXcmk -kJDR0DJcm/rcL8tp3PKo22GDB7sobm9gk5je6y8z+dQs3SQbWzb0 ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/terraform.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/terraform.tfvars deleted file mode 100644 index 8b9f8d7c..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/terraform.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# Generic Variables -aws_region = "us-east-1" -environment = "stag" -business_divsion = "hr" - - - - - - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/.gitignore b/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/.gitignore deleted file mode 100644 index 7a3e2fd0..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/.gitignore +++ /dev/null @@ -1,29 +0,0 @@ -# Local .terraform directories -**/.terraform/* - -# .tfstate files -*.tfstate -*.tfstate.* - -# Crash log files -crash.log - -# Ignore any .tfvars files that are generated automatically for each Terraform run. Most -# .tfvars files are managed as part of configuration and so should be included in -# version control. -# -# example.tfvars - -# Ignore override files as they are usually used to override resources locally and so -# are not checked in -override.tf -override.tf.json -*_override.tf -*_override.tf.json - -# Include override files you do wish to add to version control using negated pattern -# -# !example_override.tf - -# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan -# example: *tfplan* diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/README.md b/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/README.md deleted file mode 100644 index d95b023b..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/README.md +++ /dev/null @@ -1,2 +0,0 @@ -# terraform-iacdevops-with-aws-codepipeline -terraform-iacdevops-with-aws-codepipeline diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/buildspec-dev.yml b/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/buildspec-dev.yml deleted file mode 100644 index 94e84eeb..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/buildspec-dev.yml +++ /dev/null @@ -1,43 +0,0 @@ -version: 0.2 - -env: - variables: - TERRAFORM_VERSION: "0.15.3" - TF_COMMAND: "apply" - #TF_COMMAND: "destroy" - parameter-store: - AWS_ACCESS_KEY_ID: "/CodeBuild/MY_AWS_ACCESS_KEY_ID" - AWS_SECRET_ACCESS_KEY: "/CodeBuild/MY_AWS_SECRET_ACCESS_KEY" - -phases: - install: - runtime-versions: - python: 3.7 - on-failure: ABORT - commands: - - tf_version=$TERRAFORM_VERSION - - wget https://releases.hashicorp.com/terraform/"$TERRAFORM_VERSION"/terraform_"$TERRAFORM_VERSION"_linux_amd64.zip - - unzip terraform_"$TERRAFORM_VERSION"_linux_amd64.zip - - mv terraform /usr/local/bin/ - pre_build: - on-failure: ABORT - commands: - - echo terraform execution started on `date` - build: - on-failure: ABORT - commands: - # Project-1: AWS VPC, ASG, ALB, Route53, ACM, Security Groups and SNS - - cd "$CODEBUILD_SRC_DIR/terraform-manifests" - - ls -lrt "$CODEBUILD_SRC_DIR/terraform-manifests" - - terraform --version - - terraform init -input=false --backend-config=dev.conf - - terraform validate - - terraform plan -lock=false -input=false -var-file=dev.tfvars - - terraform $TF_COMMAND -input=false -var-file=dev.tfvars -auto-approve - post_build: - on-failure: CONTINUE - commands: - - echo terraform execution completed on `date` - - - \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/buildspec-stag.yml b/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/buildspec-stag.yml deleted file mode 100644 index ebbe5a85..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/buildspec-stag.yml +++ /dev/null @@ -1,43 +0,0 @@ -version: 0.2 - -env: - variables: - TERRAFORM_VERSION: "0.15.3" - TF_COMMAND: "apply" - #TF_COMMAND: "destroy" - parameter-store: - AWS_ACCESS_KEY_ID: "/CodeBuild/MY_AWS_ACCESS_KEY_ID" - AWS_SECRET_ACCESS_KEY: "/CodeBuild/MY_AWS_SECRET_ACCESS_KEY" - -phases: - install: - runtime-versions: - python: 3.7 - on-failure: ABORT - commands: - - tf_version=$TERRAFORM_VERSION - - wget https://releases.hashicorp.com/terraform/"$TERRAFORM_VERSION"/terraform_"$TERRAFORM_VERSION"_linux_amd64.zip - - unzip terraform_"$TERRAFORM_VERSION"_linux_amd64.zip - - mv terraform /usr/local/bin/ - pre_build: - on-failure: ABORT - commands: - - echo terraform execution started on `date` - build: - on-failure: ABORT - commands: - # Project-1: AWS VPC, ASG, ALB, Route53, ACM, Security Groups and SNS - - cd "$CODEBUILD_SRC_DIR/terraform-manifests" - - ls -lrt "$CODEBUILD_SRC_DIR/terraform-manifests" - - terraform --version - - terraform init -input=false --backend-config=stag.conf - - terraform validate - - terraform plan -lock=false -input=false -var-file=stag.tfvars - - terraform $TF_COMMAND -input=false -var-file=stag.tfvars -auto-approve - post_build: - on-failure: CONTINUE - commands: - - echo terraform execution completed on `date` - - - \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/app1-install.sh b/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/app1-install.sh deleted file mode 100644 index f697dd1d..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/app1-install.sh +++ /dev/null @@ -1,12 +0,0 @@ -#! /bin/bash -# Instance Identity Metadata Reference - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html -sudo yum update -y -sudo yum install -y httpd -sudo systemctl enable httpd -sudo service httpd start -sudo echo 'Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app1/index.html -sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app1/metadata.html - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c1-versions.tf b/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c1-versions.tf deleted file mode 100644 index 21b8eb48..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c1-versions.tf +++ /dev/null @@ -1,35 +0,0 @@ -# Terraform Block -terraform { - required_version = ">= 1.0" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 3.0" - } - null = { - source = "hashicorp/null" - version = "~> 3.0" - } - random = { - source = "hashicorp/random" - version = "~> 3.0" - } - } - # Adding Backend as S3 for Remote State Storage - backend "s3" {} -} - -# Provider Block -provider "aws" { - region = var.aws_region - profile = "default" -} -/* -Note-1: AWS Credentials Profile (profile = "default") configured on your local desktop terminal -$HOME/.aws/credentials -*/ - -# Create Random Pet Resource -resource "random_pet" "this" { - length = 2 -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf deleted file mode 100644 index 0aeebd65..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf +++ /dev/null @@ -1,3 +0,0 @@ -# Terraform AWS Application Load Balancer Variables -# Place holder file for AWS ALB Variables - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c10-02-ALB-application-loadbalancer.tf b/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c10-02-ALB-application-loadbalancer.tf deleted file mode 100644 index fa707c3f..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c10-02-ALB-application-loadbalancer.tf +++ /dev/null @@ -1,106 +0,0 @@ -# Terraform AWS Application Load Balancer (ALB) -module "alb" { - source = "terraform-aws-modules/alb/aws" - #version = "5.16.0" - version = "6.0.0" - - name = "${local.name}-alb" - load_balancer_type = "application" - vpc_id = module.vpc.vpc_id - /*Option-1: Give as list with specific subnets or in next line, pass all public subnets - subnets = [ - module.vpc.public_subnets[0], - module.vpc.public_subnets[1] - ]*/ - subnets = module.vpc.public_subnets - #security_groups = [module.loadbalancer_sg.this_security_group_id] - security_groups = [module.loadbalancer_sg.security_group_id] - # Listeners - # HTTP Listener - HTTP to HTTPS Redirect - http_tcp_listeners = [ - { - port = 80 - protocol = "HTTP" - action_type = "redirect" - redirect = { - port = "443" - protocol = "HTTPS" - status_code = "HTTP_301" - } - } - ] - # Target Groups - target_groups = [ - # App1 Target Group - TG Index = 0 - { - name_prefix = "app1-" - backend_protocol = "HTTP" - backend_port = 80 - target_type = "instance" - deregistration_delay = 10 - health_check = { - enabled = true - interval = 30 - path = "/app1/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - protocol = "HTTP" - matcher = "200-399" - } - protocol_version = "HTTP1" - /* # App1 Target Group - Targets - targets = { - my_app1_vm1 = { - target_id = module.ec2_private_app1.id[0] - port = 80 - }, - my_app1_vm2 = { - target_id = module.ec2_private_app1.id[1] - port = 80 - } - } - tags =local.common_tags # Target Group Tags*/ - }, - ] - - # HTTPS Listener - https_listeners = [ - # HTTPS Listener Index = 0 for HTTPS 443 - { - port = 443 - protocol = "HTTPS" - #certificate_arn = module.acm.this_acm_certificate_arn - certificate_arn = module.acm.acm_certificate_arn - action_type = "fixed-response" - fixed_response = { - content_type = "text/plain" - message_body = "Fixed Static message - for Root Context" - status_code = "200" - } - }, - ] - - # HTTPS Listener Rules - https_listener_rules = [ - # Rule-1: /app1* should go to App1 EC2 Instances - { - https_listener_index = 0 - priority = 1 - actions = [ - { - type = "forward" - target_group_index = 0 - } - ] - conditions = [{ - path_patterns = ["/*"] - }] - }, - ] - tags = local.common_tags # ALB Tags -} - - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf deleted file mode 100644 index 53b13a4e..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf +++ /dev/null @@ -1,65 +0,0 @@ -# Terraform AWS Application Load Balancer (ALB) Outputs -output "lb_id" { - description = "The ID and ARN of the load balancer we created." - value = module.alb.lb_id -} - -output "lb_arn" { - description = "The ID and ARN of the load balancer we created." - value = module.alb.lb_arn -} - -output "lb_dns_name" { - description = "The DNS name of the load balancer." - value = module.alb.lb_dns_name -} - -output "lb_arn_suffix" { - description = "ARN suffix of our load balancer - can be used with CloudWatch." - value = module.alb.lb_arn_suffix -} - -output "lb_zone_id" { - description = "The zone_id of the load balancer to assist with creating DNS records." - value = module.alb.lb_zone_id -} - -output "http_tcp_listener_arns" { - description = "The ARN of the TCP and HTTP load balancer listeners created." - value = module.alb.http_tcp_listener_arns -} - -output "http_tcp_listener_ids" { - description = "The IDs of the TCP and HTTP load balancer listeners created." - value = module.alb.http_tcp_listener_ids -} - -output "https_listener_arns" { - description = "The ARNs of the HTTPS load balancer listeners created." - value = module.alb.https_listener_arns -} - -output "https_listener_ids" { - description = "The IDs of the load balancer listeners created." - value = module.alb.https_listener_ids -} - -output "target_group_arns" { - description = "ARNs of the target groups. Useful for passing to your Auto Scaling group." - value = module.alb.target_group_arns -} - -output "target_group_arn_suffixes" { - description = "ARN suffixes of our target groups - can be used with CloudWatch." - value = module.alb.target_group_arn_suffixes -} - -output "target_group_names" { - description = "Name of the target group. Useful for passing to your CodeDeploy Deployment Group." - value = module.alb.target_group_names -} - -output "target_group_attachments" { - description = "ARNs of the target group attachment IDs." - value = module.alb.target_group_attachments -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c11-acm-certificatemanager.tf b/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c11-acm-certificatemanager.tf deleted file mode 100644 index 395a4f31..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c11-acm-certificatemanager.tf +++ /dev/null @@ -1,23 +0,0 @@ -# ACM Module - To create and Verify SSL Certificates -module "acm" { - source = "terraform-aws-modules/acm/aws" - #version = "2.14.0" - version = "3.0.0" - - domain_name = trimsuffix(data.aws_route53_zone.mydomain.name, ".") - zone_id = data.aws_route53_zone.mydomain.zone_id - - subject_alternative_names = [ - #"*.devopsincloud.com" - var.dns_name - ] - tags = local.common_tags -} - -# Output ACM Certificate ARN -output "this_acm_certificate_arn" { - description = "The ARN of the certificate" - #value = module.acm.this_acm_certificate_arn - value = module.acm.acm_certificate_arn -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c12-route53-dnsregistration.tf b/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c12-route53-dnsregistration.tf deleted file mode 100644 index 3e5404c2..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c12-route53-dnsregistration.tf +++ /dev/null @@ -1,16 +0,0 @@ -# DNS Name Input Variable -variable "dns_name" { - description = "DNS Name to support multiple environments" - type = string -} -# DNS Registration -resource "aws_route53_record" "apps_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = var.dns_name - type = "A" - alias { - name = module.alb.lb_dns_name - zone_id = module.alb.lb_zone_id - evaluate_target_health = true - } -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c13-01-autoscaling-with-launchtemplate-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c13-01-autoscaling-with-launchtemplate-variables.tf deleted file mode 100644 index 72ba1abd..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c13-01-autoscaling-with-launchtemplate-variables.tf +++ /dev/null @@ -1,2 +0,0 @@ -# Autoscaling Input Variables -## Placeholder file \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c13-02-autoscaling-launchtemplate-resource.tf b/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c13-02-autoscaling-launchtemplate-resource.tf deleted file mode 100644 index 0b7249a7..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c13-02-autoscaling-launchtemplate-resource.tf +++ /dev/null @@ -1,36 +0,0 @@ -# Launch Template Resource -resource "aws_launch_template" "my_launch_template" { - name_prefix = "${local.name}-" - #name = "my-launch-template" - description = "My Launch template" - image_id = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - - vpc_security_group_ids = [ module.private_sg.security_group_id ] - key_name = var.instance_keypair - user_data = filebase64("${path.module}/app1-install.sh") - ebs_optimized = true - #default_version = 1 - update_default_version = true - block_device_mappings { - device_name = "/dev/sda1" - ebs { - #volume_size = 10 - volume_size = 20 # LT Update Testing - Version 2 of LT - delete_on_termination = true - volume_type = "gp2" # default is gp2 - } - } - monitoring { - enabled = true - } - tag_specifications { - resource_type = "instance" - tags = { - #Name = "myasg" - Name = local.name - } - } - -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c13-03-autoscaling-resource.tf b/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c13-03-autoscaling-resource.tf deleted file mode 100644 index b48394f7..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c13-03-autoscaling-resource.tf +++ /dev/null @@ -1,32 +0,0 @@ -# Autoscaling Group Resource -resource "aws_autoscaling_group" "my_asg" { - #name_prefix = "myasg-" - name_prefix = "${local.name}-" - max_size = 10 - min_size = 2 - #min_size = 4 - desired_capacity = 2 - #desired_capacity = 4 - vpc_zone_identifier = module.vpc.private_subnets - target_group_arns = module.alb.target_group_arns - health_check_type = "EC2" - #health_check_grace_period = 300 # default is 300 seconds - launch_template { - id = aws_launch_template.my_launch_template.id - version = aws_launch_template.my_launch_template.latest_version - } - # Instance Refresh - instance_refresh { - strategy = "Rolling" - preferences { - # instance_warmup = 300 # Default behavior is to use the Auto Scaling Groups health check grace period value - min_healthy_percentage = 50 - } - triggers = [ "desired_capacity" ] # You can add any argument from ASG here, if those has changes, ASG Instance Refresh will trigger - } - tag { - key = "Owners" - value = "Web-Team" - propagate_at_launch = true - } -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c13-04-autoscaling-with-launchtemplate-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c13-04-autoscaling-with-launchtemplate-outputs.tf deleted file mode 100644 index 4a67007c..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c13-04-autoscaling-with-launchtemplate-outputs.tf +++ /dev/null @@ -1,29 +0,0 @@ -# Launch Template Outputs -## launch_template_id -output "launch_template_id" { - description = "Launch Template ID" - value = aws_launch_template.my_launch_template.id -} -## launch_template_latest_version -output "launch_template_latest_version" { - description = "Launch Template Latest Version" - value = aws_launch_template.my_launch_template.latest_version -} - -# Autoscaling Outputs -## autoscaling_group_id -output "autoscaling_group_id" { - description = "Autoscaling Group ID" - value = aws_autoscaling_group.my_asg.id -} - -## autoscaling_group_name -output "autoscaling_group_name" { - description = "Autoscaling Group Name" - value = aws_autoscaling_group.my_asg.name -} -## autoscaling_group_arn -output "autoscaling_group_arn" { - description = "Autoscaling Group ARN" - value = aws_autoscaling_group.my_asg.arn -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c13-05-autoscaling-notifications.tf b/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c13-05-autoscaling-notifications.tf deleted file mode 100644 index 224468f3..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c13-05-autoscaling-notifications.tf +++ /dev/null @@ -1,28 +0,0 @@ -# Autoscaling Notifications -## AWS Bug for SNS Topic: https://stackoverflow.com/questions/62694223/cloudwatch-alarm-pending-confirmation -## Due to that create SNS Topic with unique name - -## SNS - Topic -resource "aws_sns_topic" "myasg_sns_topic" { - #name = "myasg-sns-topic-${random_pet.this.id}" - name = "${local.name}-${random_pet.this.id}" -} - -## SNS - Subscription -resource "aws_sns_topic_subscription" "myasg_sns_topic_subscription" { - topic_arn = aws_sns_topic.myasg_sns_topic.arn - protocol = "email" - endpoint = "stacksimplify@gmail.com" -} - -## Create Autoscaling Notification Resource -resource "aws_autoscaling_notification" "myasg_notifications" { - group_names = [aws_autoscaling_group.my_asg.id] - notifications = [ - "autoscaling:EC2_INSTANCE_LAUNCH", - "autoscaling:EC2_INSTANCE_TERMINATE", - "autoscaling:EC2_INSTANCE_LAUNCH_ERROR", - "autoscaling:EC2_INSTANCE_TERMINATE_ERROR", - ] - topic_arn = aws_sns_topic.myasg_sns_topic.arn -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c13-06-autoscaling-ttsp.tf b/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c13-06-autoscaling-ttsp.tf deleted file mode 100644 index 8df9a4e8..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c13-06-autoscaling-ttsp.tf +++ /dev/null @@ -1,33 +0,0 @@ -###### Target Tracking Scaling Policies ###### -# TTS - Scaling Policy-1: Based on CPU Utilization -# Define Autoscaling Policies and Associate them to Autoscaling Group -resource "aws_autoscaling_policy" "avg_cpu_policy_greater_than_xx" { - name = "${local.name}-avg-cpu-policy-greater-than-xx" - policy_type = "TargetTrackingScaling" # Important Note: The policy type, either "SimpleScaling", "StepScaling" or "TargetTrackingScaling". If this value isn't provided, AWS will default to "SimpleScaling." - autoscaling_group_name = aws_autoscaling_group.my_asg.id - estimated_instance_warmup = 180 # defaults to ASG default cooldown 300 seconds if not set - # CPU Utilization is above 50 - target_tracking_configuration { - predefined_metric_specification { - predefined_metric_type = "ASGAverageCPUUtilization" - } - target_value = 50.0 - } - -} - -# TTS - Scaling Policy-2: Based on ALB Target Requests -resource "aws_autoscaling_policy" "alb_target_requests_greater_than_yy" { - name = "${local.name}-alb-target-requests-greater-than-yy" - policy_type = "TargetTrackingScaling" # Important Note: The policy type, either "SimpleScaling", "StepScaling" or "TargetTrackingScaling". If this value isn't provided, AWS will default to "SimpleScaling." - autoscaling_group_name = aws_autoscaling_group.my_asg.id - estimated_instance_warmup = 120 # defaults to ASG default cooldown 300 seconds if not set - # Number of requests > 10 completed per target in an Application Load Balancer target group. - target_tracking_configuration { - predefined_metric_specification { - predefined_metric_type = "ALBRequestCountPerTarget" - resource_label = "${module.alb.lb_arn_suffix}/${module.alb.target_group_arn_suffixes[0]}" - } - target_value = 10.0 - } -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c13-07-autoscaling-scheduled-actions.tf b/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c13-07-autoscaling-scheduled-actions.tf deleted file mode 100644 index f8d000b4..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c13-07-autoscaling-scheduled-actions.tf +++ /dev/null @@ -1,23 +0,0 @@ -## Create Scheduled Actions -### Create Scheduled Action-1: Increase capacity during business hours -resource "aws_autoscaling_schedule" "increase_capacity_7am" { - scheduled_action_name = "increase-capacity-7am" - min_size = 2 - max_size = 10 - desired_capacity = 8 - start_time = "2030-03-30T11:00:00Z" # Time should be provided in UTC Timezone (11am UTC = 7AM EST) - recurrence = "00 09 * * *" - autoscaling_group_name = aws_autoscaling_group.my_asg.id -} -### Create Scheduled Action-2: Decrease capacity during business hours -resource "aws_autoscaling_schedule" "decrease_capacity_5pm" { - scheduled_action_name = "decrease-capacity-5pm" - min_size = 2 - max_size = 10 - desired_capacity = 2 - start_time = "2030-03-30T21:00:00Z" # Time should be provided in UTC Timezone (9PM UTC = 5PM EST) - recurrence = "00 21 * * *" - autoscaling_group_name = aws_autoscaling_group.my_asg.id -} - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c2-generic-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c2-generic-variables.tf deleted file mode 100644 index c238ceaa..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c2-generic-variables.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Input Variables -# AWS Region -variable "aws_region" { - description = "Region in which AWS Resources to be created" - type = string - default = "us-east-1" -} -# Environment Variable -variable "environment" { - description = "Environment Variable used as a prefix" - type = string - default = "dev" -} -# Business Division -variable "business_divsion" { - description = "Business Division in the large organization this Infrastructure belongs" - type = string - default = "sap" -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c3-local-values.tf b/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c3-local-values.tf deleted file mode 100644 index ba7f09c2..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c3-local-values.tf +++ /dev/null @@ -1,25 +0,0 @@ -# Define Local Values in Terraform -locals { - owners = var.business_divsion - environment = var.environment - name = "${var.business_divsion}-${var.environment}" - #name = "${local.owners}-${local.environment}" - common_tags = { - owners = local.owners - environment = local.environment - } - - asg_tags = [ - { - key = "Project" - value = "megasecret" - propagate_at_launch = true - }, - { - key = "foo" - value = "" - propagate_at_launch = true - }, - ] - -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c4-01-vpc-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c4-01-vpc-variables.tf deleted file mode 100644 index b68d0a48..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c4-01-vpc-variables.tf +++ /dev/null @@ -1,77 +0,0 @@ -# VPC Input Variables - -# VPC Name -variable "vpc_name" { - description = "VPC Name" - type = string - default = "myvpc" -} - -# VPC CIDR Block -variable "vpc_cidr_block" { - description = "VPC CIDR Block" - type = string - default = "10.0.0.0/16" -} - -# VPC Availability Zones -variable "vpc_availability_zones" { - description = "VPC Availability Zones" - type = list(string) - default = ["us-east-1a", "us-east-1b"] -} - -# VPC Public Subnets -variable "vpc_public_subnets" { - description = "VPC Public Subnets" - type = list(string) - default = ["10.0.101.0/24", "10.0.102.0/24"] -} - -# VPC Private Subnets -variable "vpc_private_subnets" { - description = "VPC Private Subnets" - type = list(string) - default = ["10.0.1.0/24", "10.0.2.0/24"] -} - -# VPC Database Subnets -variable "vpc_database_subnets" { - description = "VPC Database Subnets" - type = list(string) - default = ["10.0.151.0/24", "10.0.152.0/24"] -} - -# VPC Create Database Subnet Group (True / False) -variable "vpc_create_database_subnet_group" { - description = "VPC Create Database Subnet Group" - type = bool - default = true -} - -# VPC Create Database Subnet Route Table (True or False) -variable "vpc_create_database_subnet_route_table" { - description = "VPC Create Database Subnet Route Table" - type = bool - default = true -} - - -# VPC Enable NAT Gateway (True or False) -variable "vpc_enable_nat_gateway" { - description = "Enable NAT Gateways for Private Subnets Outbound Communication" - type = bool - default = true -} - -# VPC Single NAT Gateway (True or False) -variable "vpc_single_nat_gateway" { - description = "Enable only single NAT Gateway in one Availability Zone to save costs during our demos" - type = bool - default = true -} - - - - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c4-02-vpc-module.tf b/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c4-02-vpc-module.tf deleted file mode 100644 index 69535c5f..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c4-02-vpc-module.tf +++ /dev/null @@ -1,43 +0,0 @@ -# Create VPC Terraform Module -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - #version = "2.78.0" - version = "3.0.0" - - # VPC Basic Details - name = "${local.name}-${var.vpc_name}" - cidr = var.vpc_cidr_block - azs = var.vpc_availability_zones - public_subnets = var.vpc_public_subnets - private_subnets = var.vpc_private_subnets - - # Database Subnets - database_subnets = var.vpc_database_subnets - create_database_subnet_group = var.vpc_create_database_subnet_group - create_database_subnet_route_table = var.vpc_create_database_subnet_route_table - # create_database_internet_gateway_route = true - # create_database_nat_gateway_route = true - - # NAT Gateways - Outbound Communication - enable_nat_gateway = var.vpc_enable_nat_gateway - single_nat_gateway = var.vpc_single_nat_gateway - - # VPC DNS Parameters - enable_dns_hostnames = true - enable_dns_support = true - - - tags = local.common_tags - vpc_tags = local.common_tags - - # Additional Tags to Subnets - public_subnet_tags = { - Type = "Public Subnets" - } - private_subnet_tags = { - Type = "Private Subnets" - } - database_subnet_tags = { - Type = "Private Database Subnets" - } -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c4-03-vpc-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c4-03-vpc-outputs.tf deleted file mode 100644 index c144e991..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c4-03-vpc-outputs.tf +++ /dev/null @@ -1,37 +0,0 @@ -# VPC Output Values - -# VPC ID -output "vpc_id" { - description = "The ID of the VPC" - value = module.vpc.vpc_id -} - -# VPC CIDR blocks -output "vpc_cidr_block" { - description = "The CIDR block of the VPC" - value = module.vpc.vpc_cidr_block -} - -# VPC Private Subnets -output "private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc.private_subnets -} - -# VPC Public Subnets -output "public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc.public_subnets -} - -# VPC NAT gateway Public IP -output "nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_public_ips -} - -# VPC AZs -output "azs" { - description = "A list of availability zones spefified as argument to this module" - value = module.vpc.azs -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c5-01-securitygroup-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c5-01-securitygroup-variables.tf deleted file mode 100644 index fecdef54..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c5-01-securitygroup-variables.tf +++ /dev/null @@ -1,2 +0,0 @@ -# AWS EC2 Security Group Terraform Variables -## Placeholder file for Variables diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c5-02-securitygroup-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c5-02-securitygroup-outputs.tf deleted file mode 100644 index 2bd8f58c..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c5-02-securitygroup-outputs.tf +++ /dev/null @@ -1,46 +0,0 @@ -# AWS EC2 Security Group Terraform Outputs - -# Public Bastion Host Security Group Outputs -## public_bastion_sg_group_id -output "public_bastion_sg_group_id" { - description = "The ID of the security group" - #value = module.public_bastion_sg.this_security_group_id - value = module.public_bastion_sg.security_group_id -} - -## public_bastion_sg_group_vpc_id -output "public_bastion_sg_group_vpc_id" { - description = "The VPC ID" - #value = module.public_bastion_sg.this_security_group_vpc_id - value = module.public_bastion_sg.security_group_vpc_id -} - -## public_bastion_sg_group_name -output "public_bastion_sg_group_name" { - description = "The name of the security group" - #value = module.public_bastion_sg.this_security_group_name - value = module.public_bastion_sg.security_group_name -} - -# Private EC2 Instances Security Group Outputs -## private_sg_group_id -output "private_sg_group_id" { - description = "The ID of the security group" - #value = module.private_sg.this_security_group_id - value = module.private_sg.security_group_id -} - -## private_sg_group_vpc_id -output "private_sg_group_vpc_id" { - description = "The VPC ID" - #value = module.private_sg.this_security_group_vpc_id - value = module.private_sg.security_group_vpc_id -} - -## private_sg_group_name -output "private_sg_group_name" { - description = "The name of the security group" - #value = module.private_sg.this_security_group_name - value = module.private_sg.security_group_name -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c5-03-securitygroup-bastionsg.tf b/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c5-03-securitygroup-bastionsg.tf deleted file mode 100644 index 5a3ff548..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c5-03-securitygroup-bastionsg.tf +++ /dev/null @@ -1,18 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Public Bastion Host -module "public_bastion_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - version = "4.0.0" - - #name = "public-bastion-sg" - name = "${local.name}-public-bastion-sg" - description = "Security Group with SSH port open for everybody (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c5-04-securitygroup-privatesg.tf b/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c5-04-securitygroup-privatesg.tf deleted file mode 100644 index 514d879f..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c5-04-securitygroup-privatesg.tf +++ /dev/null @@ -1,19 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Private EC2 Instances -module "private_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - version = "4.0.0" - - #name = "private-sg" - name = "${local.name}-private-sg" - description = "Security Group with HTTP & SSH port open for entire VPC Block (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp", "http-80-tcp", "http-8080-tcp"] - ingress_cidr_blocks = [module.vpc.vpc_cidr_block] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf b/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf deleted file mode 100644 index 27e6e967..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf +++ /dev/null @@ -1,30 +0,0 @@ -# Security Group for Public Load Balancer -module "loadbalancer_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - version = "4.0.0" - - #name = "loadbalancer-sg" - name = "${local.name}-loadbalancer-sg" - description = "Security Group with HTTP open for entire Internet (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["http-80-tcp", "https-443-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags - - # Open to CIDRs blocks (rule or from_port+to_port+protocol+description) - ingress_with_cidr_blocks = [ - { - from_port = 81 - to_port = 81 - protocol = 6 - description = "Allow Port 81 from internet" - cidr_blocks = "0.0.0.0/0" - }, - ] -} - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c6-01-datasource-ami.tf b/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c6-01-datasource-ami.tf deleted file mode 100644 index c292b608..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c6-01-datasource-ami.tf +++ /dev/null @@ -1,21 +0,0 @@ -# Get latest AMI ID for Amazon Linux2 OS -data "aws_ami" "amzlinux2" { - most_recent = true - owners = [ "amazon" ] - filter { - name = "name" - values = [ "amzn2-ami-hvm-*-gp2" ] - } - filter { - name = "root-device-type" - values = [ "ebs" ] - } - filter { - name = "virtualization-type" - values = [ "hvm" ] - } - filter { - name = "architecture" - values = [ "x86_64" ] - } -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c6-02-datasource-route53-zone.tf b/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c6-02-datasource-route53-zone.tf deleted file mode 100644 index a30979d5..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c6-02-datasource-route53-zone.tf +++ /dev/null @@ -1,16 +0,0 @@ -# Get DNS information from AWS Route53 -data "aws_route53_zone" "mydomain" { - name = "devopsincloud.com" -} - -# Output MyDomain Zone ID -output "mydomain_zoneid" { - description = "The Hosted Zone id of the desired Hosted Zone" - value = data.aws_route53_zone.mydomain.zone_id -} - -# Output MyDomain name -output "mydomain_name" { - description = " The Hosted Zone name of the desired Hosted Zone." - value = data.aws_route53_zone.mydomain.name -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c7-01-ec2instance-variables.tf b/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c7-01-ec2instance-variables.tf deleted file mode 100644 index 5067bec2..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c7-01-ec2instance-variables.tf +++ /dev/null @@ -1,23 +0,0 @@ -# AWS EC2 Instance Terraform Variables -# EC2 Instance Variables - -# AWS EC2 Instance Type -variable "instance_type" { - description = "EC2 Instance Type" - type = string - default = "t3.micro" -} - -# AWS EC2 Instance Key Pair -variable "instance_keypair" { - description = "AWS EC2 Key pair that need to be associated with EC2 Instance" - type = string - default = "terraform-key" -} - -# AWS EC2 Private Instance Count -variable "private_instance_count" { - description = "AWS EC2 Private Instances Count" - type = number - default = 1 -} \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c7-02-ec2instance-outputs.tf b/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c7-02-ec2instance-outputs.tf deleted file mode 100644 index 14415a3f..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c7-02-ec2instance-outputs.tf +++ /dev/null @@ -1,15 +0,0 @@ -# AWS EC2 Instance Terraform Outputs -# Public EC2 Instances - Bastion Host - -## ec2_bastion_public_instance_ids -output "ec2_bastion_public_instance_ids" { - description = "List of IDs of instances" - value = module.ec2_public.id -} - -## ec2_bastion_public_ip -output "ec2_bastion_public_ip" { - description = "List of public IP addresses assigned to the instances" - value = module.ec2_public.public_ip -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c7-03-ec2instance-bastion.tf b/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c7-03-ec2instance-bastion.tf deleted file mode 100644 index b13a1b56..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c7-03-ec2instance-bastion.tf +++ /dev/null @@ -1,18 +0,0 @@ -# AWS EC2 Instance Terraform Module -# Bastion Host - EC2 Instance that will be created in VPC Public Subnet -module "ec2_public" { - source = "terraform-aws-modules/ec2-instance/aws" - version = "2.17.0" - # insert the 10 required variables here - name = "${var.environment}-BastionHost" - #instance_count = 5 - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - subnet_id = module.vpc.public_subnets[0] - #vpc_security_group_ids = [module.public_bastion_sg.this_security_group_id] - vpc_security_group_ids = [module.public_bastion_sg.security_group_id] - tags = local.common_tags -} - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c8-elasticip.tf b/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c8-elasticip.tf deleted file mode 100644 index df3cb6b6..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c8-elasticip.tf +++ /dev/null @@ -1,8 +0,0 @@ -# Create Elastic IP for Bastion Host -# Resource - depends_on Meta-Argument -resource "aws_eip" "bastion_eip" { - depends_on = [ module.ec2_public, module.vpc ] - instance = module.ec2_public.id[0] - vpc = true - tags = local.common_tags -} diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c9-nullresource-provisioners.tf b/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c9-nullresource-provisioners.tf deleted file mode 100644 index 78243332..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c9-nullresource-provisioners.tf +++ /dev/null @@ -1,28 +0,0 @@ -# Create a Null Resource and Provisioners -resource "null_resource" "name" { - depends_on = [module.ec2_public] - # Connection Block for Provisioners to connect to EC2 Instance - connection { - type = "ssh" - host = aws_eip.bastion_eip.public_ip - user = "ec2-user" - password = "" - private_key = file("private-key/terraform-key.pem") - } - -## File Provisioner: Copies the terraform-key.pem file to /tmp/terraform-key.pem - provisioner "file" { - source = "private-key/terraform-key.pem" - destination = "/tmp/terraform-key.pem" - } -## Remote Exec Provisioner: Using remote-exec provisioner fix the private key permissions on Bastion Host - provisioner "remote-exec" { - inline = [ - "sudo chmod 400 /tmp/terraform-key.pem" - ] - } -} - - -# Creation Time Provisioners - By default they are created during resource creations (terraform apply) -# Destory Time Provisioners - Will be executed during "terraform destroy" command (when = destroy) \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/dev.conf b/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/dev.conf deleted file mode 100644 index bd8e4872..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/dev.conf +++ /dev/null @@ -1,6 +0,0 @@ -bucket = "terraform-on-aws-for-ec2" -key = "iacdevops/dev/terraform.tfstate" -region = "us-east-1" -dynamodb_table = "iacdevops-dev-tfstate" - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/dev.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/dev.tfvars deleted file mode 100644 index 7a1789f5..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/dev.tfvars +++ /dev/null @@ -1,22 +0,0 @@ -# Environment -environment = "dev" -# VPC Variables -vpc_name = "myvpc" -vpc_cidr_block = "10.0.0.0/16" -vpc_availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"] -vpc_public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"] -vpc_private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] -vpc_database_subnets= ["10.0.151.0/24", "10.0.152.0/24", "10.0.153.0/24"] -vpc_create_database_subnet_group = true -vpc_create_database_subnet_route_table = true -vpc_enable_nat_gateway = true -vpc_single_nat_gateway = true - -# EC2 Instance Variables -instance_type = "t3.micro" -instance_keypair = "terraform-key" -private_instance_count = 2 - -# DNS Name -dns_name = "devdemo5.devopsincloud.com" - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/private-key/terraform-key.pem b/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/private-key/terraform-key.pem deleted file mode 100644 index fab1eb2a..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/private-key/terraform-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAnzQtbXStFNU4znotckbPpAbQvymSYBvIRhObDObmhZLzs/Qm -lm57HBU18NcdAeEmKjHyu/2CI4Wwor3TJ+LTKHIldHmCt+26dSN5889Km99Af674 -nuPg9fTt8IXhY83aO0AeEnFivC+lk9+6Xezv7J7Llsmyx3kvUGE4uUEPNPuNcjdU -OrSlQ/Th9FPWBsTL8wLQCfQaPIQhZT8fXnvNGViTpZ/YqcoKGmkXcMl/+Pi0Xccs -ID3Egl18sV5uWr6T1DSMqhhwWYbl+IagZYUeKQ6Lg5znAtnX2/OHhDep6pGcf+aE -jbRkhQWgfLIVYhNXkAGxdxBEA2fQO0wvnaKI6wIDAQABAoIBABmUZqApmQ253LDA -TMEJw58VQUEVyuEKVbl8uPLvvqZDoEiPuAt/oOQ4PDyAM7bzmBA7ikbOSrSubF0Z -pu3HsinTfVUjmO84kTb1Bkk4S0KUMmbRlDzjXGfofLqiqD5C+wd+G9bWxQh7l10V -G3qv8TTRpuCJc+I9BG8jz9tkKq9WYtnGKXktVIAmEXK+ein8A5yj+szV1CyP0y6Y -6D1KApk+o1hLEXCBxaK6JgD4elJWgU0jCIhRFZzae93yozNIfJc2WZfPc8Ro6GBa -8H57q3E241P7S65VewhZlln9AUcRFYc587ohcCIW8mOWQ8NA3IMP+oVxa2p334Ll -duhR2jECgYEAyf7a1/+/c82B+ENyo53Y5CK2UM28oOJjiyCaWG2Dxj6V2+ZSXPrS -YTo43L9XiqT0Ry2eHjb4pJDsEeW5FnaDFO6NVUP+vfzaqWtozQmVAl3GQybbSh6g -+KJoEQff2Obadp9ZVhLFTiBedvGqPD43hs7jtmk5RfMjpLOvidfe+/UCgYEAycSJ -etYYHMMQm2NgX1/4dcbgOiu33N+x1H7LaXuvJMaZw0wB7fUyu65CAexEanDtiKs3 -jVG4tAzdMmHg7VxKR7eiCvQaSlxdWdcWtL2eFVq2TaQeowbpJUtsR0h6W0vpaN9A -VYW/oAH4fzQskwmWSlBMxB/Ie14hBCBckTXSRV8CgYEAql6WXpCK/jVbZfYdfvrn -sKPGeijM7DWGGBaLmAHmnxKyeyKsXVgAkZj11NpeD8ZJcq97Kajb1pGVSxMjJVsX -/FOoST5sYfoew76gSi/GypQlYQYo9z8WLh9s/tBRcTRlFqAYTYzPdbG/ezshhmZD -lyRw0620bNdCPOyBJhY5MPECgYA/3tFOazuSz0UQi3LUfkLetagBghlf+AgJJmIp -8BdPYvcF1ae+tiHrO4x1o188+qaW3uxk9fusM25KJqXXPaHd9gl7wi4YYAjFCcuM -R4IlbGPNTCjOnr9rKOcL4aup/uvSYOmyqPYyJq2NRuzdVumWeLj0VMNYGkIFVmE3 -LnxzrQKBgG5loEjdSKt40YOMXtYvUYUKDGvWgoQEb0hj3OqiBXz+w4YD3/iX7dbQ -qra1gCxE42Z9beiBiti6zi6zGcoVj/pfNUoyxTLMSwaytbF+g1u6ksXcmC9PXcmk -kJDR0DJcm/rcL8tp3PKo22GDB7sobm9gk5je6y8z+dQs3SQbWzb0 ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/stag.conf b/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/stag.conf deleted file mode 100644 index e924a17c..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/stag.conf +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "terraform-on-aws-for-ec2" -key = "iacdevops/stag/terraform.tfstate" -region = "us-east-1" -dynamodb_table = "iacdevops-stag-tfstate" \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/stag.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/stag.tfvars deleted file mode 100644 index 653323b3..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/stag.tfvars +++ /dev/null @@ -1,22 +0,0 @@ -# Environment -environment = "stag" -# VPC Variables -vpc_name = "myvpc" -vpc_cidr_block = "10.0.0.0/16" -vpc_availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"] -vpc_public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"] -vpc_private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] -vpc_database_subnets= ["10.0.151.0/24", "10.0.152.0/24", "10.0.153.0/24"] -vpc_create_database_subnet_group = true -vpc_create_database_subnet_route_table = true -vpc_enable_nat_gateway = true -vpc_single_nat_gateway = true - -# EC2 Instance Variables -instance_type = "t3.micro" -instance_keypair = "terraform-key" -private_instance_count = 2 - -# DNS Name -dns_name = "stagedemo5.devopsincloud.com" - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/terraform.tfvars b/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/terraform.tfvars deleted file mode 100644 index 4c74aefc..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/terraform.tfvars +++ /dev/null @@ -1,10 +0,0 @@ -# Generic Variables -aws_region = "us-east-1" -business_divsion = "hr" - - - - - - - diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/README.md b/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/README.md deleted file mode 100644 index 0ad18154..00000000 --- a/BACKUP-BEFORE-DEC2023-UPDATES/22-IaC-DevOps-using-AWS-CodePipeline/README.md +++ /dev/null @@ -1,749 +0,0 @@ ---- -title: Terraform IaC DevOps using AWS CodePipeline -description: Create AWS CodePipeline with Multiple Environments Dev and Staging ---- -# IaC DevOps using AWS CodePipeline - -## Step-00: Introduction -1. Terraform Backend with backend-config -2. How to create multiple environments related Pipeline with single TF Config files in Terraform ? -3. As part of Multiple environments we are going to create `dev` and `stag` environments -4. We are going build IaC DevOps Pipelines using -- AWS CodeBuild -- AWS CodePipeline -- Github -5. We are going to streamline the `terraform-manifests` taken from `section-15` and streamline that to support Multiple environments. - -[](https://stacksimplify.com/course-images/terraform-aws-codepipeline-iac-devops-1.png) - -[](https://stacksimplify.com/course-images/terraform-aws-codepipeline-iac-devops-2.png) - -[](https://stacksimplify.com/course-images/terraform-aws-codepipeline-iac-devops-3.png) - -[](https://stacksimplify.com/course-images/terraform-aws-codepipeline-iac-devops-4.png) - -## Step-01: Copy terraform-manifests from Section-15 -- Copy `terraform-manifests` from Section-15 `15-Autoscaling-with-Launch-Templates` -- Update `private-key\terraform-key.pem` with your private key with same name. - - -## Step-02: c1-versions.tf - Terraform Backends -### Step-02-01 Add backend block as below -```t - # Adding Backend as S3 for Remote State Storage - backend "s3" { } -``` -### Step-02-02: Create file named `dev.conf` -```t -bucket = "terraform-on-aws-for-ec2" -key = "iacdevops/dev/terraform.tfstate" -region = "us-east-1" -dynamodb_table = "iacdevops-dev-tfstate" -``` -### Step-02-03: Create file named `stag.conf` -```t -bucket = "terraform-on-aws-for-ec2" -key = "iacdevops/stag/terraform.tfstate" -region = "us-east-1" -dynamodb_table = "iacdevops-stag-tfstate" -``` -### Step-02-04: Create S3 Bucket related folders for both environments for Terraform State Storage -- Go to Services -> S3 -> terraform-on-aws-for-ec2 -- Create Folder `iacdevops` -- Create Folder `iacdevops\dev` -- Create Folder `iacdevops\stag` - -### Step-02-05: Create DynamoDB Tables for Both Environments for Terraform State Locking -- Create Dynamo DB Table for Dev Environment - - **Table Name:** iacdevops-dev-tfstate - - **Partition key (Primary Key):** LockID (Type as String) - - **Table settings:** Use default settings (checked) - - Click on **Create** -- Create Dynamo DB Table for Staging Environment - - **Table Name:** iacdevops-stag-tfstate - - **Partition key (Primary Key):** LockID (Type as String) - - **Table settings:** Use default settings (checked) - - Click on **Create** - -## Step-03: Pipeline Build Out - Decisions -- We have two options here. -### Step-03-01: Option-1: Create separate folders per environment and have same TF Config files (c1 to c13) maintained per environment - - More work as we need to manage many environment related configs - - Dev - C1 to C13 - Approximate 30 files - - QA - C1 to C13 - Approximate 30 files - - Stg - C1 to C13 - Approximate 30 files - - Prd - C1 to C13 - Approximate 30 files - - DR - C1 to C13 - Approximate 30 files -- Close to 150 files you need to manage changes. -- For critical projects which you want to isolate as above, Terraform also recommends this approach but its all case to case basis on the environment we have built, skill level and organization level standards. - -### Step-03-02: Option-2: Create only 1 folder and leverage same C1 to C13 files (approx 30 files) across environments. - - Only 30 files to manage across Dev, QA, Staging, Production and DR environments. - - We are going to take this `option-2` and build the pipeline for Dev and Staging environments - -## Step-04: Merge vpc.auto.tfvars and ec2instance.auto.tfvars -- Merge `vpc.auto.tfvars` and `ec2instance.auto.tfvars` to environment specific `.tfvars` example `dev.tfvars` and `stag.tfvats` -- Also don't provide `.auto.` in `dev.tfvars` or `stag.tfvars` if we want to leverage same TF Config files across environmets. -- We are going to pass the `.tfvars` file as `-var-file` argument to `terraform apply` command -```t -terraform apply -input=false -var-file=dev.tfvars -auto-approve -``` -### Step-04-01: dev.tfvars -```t -# Environment -environment = "dev" -# VPC Variables -vpc_name = "myvpc" -vpc_cidr_block = "10.0.0.0/16" -vpc_availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"] -vpc_public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"] -vpc_private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] -vpc_database_subnets= ["10.0.151.0/24", "10.0.152.0/24", "10.0.153.0/24"] -vpc_create_database_subnet_group = true -vpc_create_database_subnet_route_table = true -vpc_enable_nat_gateway = true -vpc_single_nat_gateway = true - -# EC2 Instance Variables -instance_type = "t3.micro" -instance_keypair = "terraform-key" -private_instance_count = 2 -``` -### Step-04-01: stag.tfvars -```t -# Environment -environment = "stag" -# VPC Variables -vpc_name = "myvpc" -vpc_cidr_block = "10.0.0.0/16" -vpc_availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"] -vpc_public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"] -vpc_private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] -vpc_database_subnets= ["10.0.151.0/24", "10.0.152.0/24", "10.0.153.0/24"] -vpc_create_database_subnet_group = true -vpc_create_database_subnet_route_table = true -vpc_enable_nat_gateway = true -vpc_single_nat_gateway = true - -# EC2 Instance Variables -instance_type = "t3.micro" -instance_keypair = "terraform-key" -private_instance_count = 2 -``` -- Remove / Delete the following two files - - vpc.auto.tfvars - - ec2instance.auto.tfvars - -## Step-05: terraform.tfvars -- `terraform.tfvars` which autoloads for all environment creations will have only generic variables. -```t -# Generic Variables -aws_region = "us-east-1" -business_divsion = "hr" -``` - - - -## Step-06: Remove local-exec Provisioners -### Step-06-01: c9-nullresource-provisioners.tf -- Remove Local Exec Provisioner which is not applicable in CodePipeline -> CodeBuild case. -```t -## Local Exec Provisioner: local-exec provisioner (Creation-Time Provisioner - Triggered during Create Resource) - provisioner "local-exec" { - command = "echo VPC created on `date` and VPC ID: ${module.vpc.vpc_id} >> creation-time-vpc-id.txt" - working_dir = "local-exec-output-files/" - #on_failure = continue - } -``` -- Remove the folder `local-exec-output-files` -### Step-06-02: c8-elasticip.tf -- Remove Local Exec Provisioner which is not applicable in CodePipeline -> CodeBuild case. -```t -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) - provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } -``` - -## Step-07: To Support Multiple Environments -### Step-07-01: c5-03-securitygroup-bastionsg.tf -```t -# Before - name = "public-bastion-sg" -# After - name = "${local.name}-public-bastion-sg" -``` -### Step-07-02: c5-04-securitygroup-privatesg.tf -```t -# Before - name = "private-sg" -# After - name = "${local-name}-private-sg" -``` - -### Step-07-03: c5-05-securitygroup-loadbalancersg.tf -```t -# Before - name = "loadbalancer-sg" -# After - name = "${local.name}-loadbalancer-sg" -``` - -### Step-07-04: Create Variable for DNS Name to support multiple environments -#### Step-07-04-01: c12-route53-dnsregistration.tf -```t -# DNS Name Input Variable -variable "dns_name" { - description = "DNS Name to support multiple environments" - type = string -} -``` -#### Step-07-04-02: c12-route53-dnsregistration.tf -```t -# DNS Registration -resource "aws_route53_record" "apps_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = var.dns_name - type = "A" - alias { - name = module.alb.lb_dns_name - zone_id = module.alb.lb_zone_id - evaluate_target_health = true - } -} -``` -#### Step-07-04-03: dev.tfvars -```t -# DNS Name -dns_name = "devdemo1.devopsincloud.com" -``` -#### Step-07-04-04: stag.tfvars -```t -# DNS Name -dns_name = "stagedemo1.devopsincloud.com" -``` - -### Step-07-05: c11-acm-certificatemanager.tf -- In your case, the domain names will change as per this step. -```t -# Before - subject_alternative_names = [ - "*.devopsincloud.com" - ] - -# After - subject_alternative_names = [ - #"*.devopsincloud.com" - var.dns_name - ] -``` - -### Step-07-06: c13-02-autoscaling-launchtemplate-resource.tf -```t -# Before - name = "my-launch-template" -# After - name_prefix = "${local.name}-" -``` -### Step-07-07: c13-02-autoscaling-launchtemplate-resource.tf -```t -# Before - tag_specifications { - resource_type = "instance" - tags = { - Name = "myasg" - } - } -# After - tag_specifications { - resource_type = "instance" - tags = { - #Name = "myasg" - Name = local.name - } - } -``` -### Step-07-08: c13-03-autoscaling-resource.tf -```t -# Before - name_prefix = "myasg-" -# After - name_prefix = "${local.name}-" -``` -### Step-07-09: c13-06-autoscaling-ttsp.tf -```t -# Before - name = "avg-cpu-policy-greater-than-xx" - name = "alb-target-requests-greater-than-yy" -# After - name = "${local.name}-avg-cpu-policy-greater-than-xx" - name = "${local.name}-alb-target-requests-greater-than-yy" -``` - -## Step-08: Create Secure Parameters in Parameter Store -### Step-08-01: Create MY_AWS_SECRET_ACCESS_KEY -- Go to Services -> Systems Manager -> Application Management -> Parameter Store -> Create Parameter - - Name: /CodeBuild/MY_AWS_ACCESS_KEY_ID - - Descritpion: My AWS Access Key ID for Terraform CodePipeline Project - - Tier: Standard - - Type: Secure String - - Rest all defaults - - Value: ABCXXXXDEFXXXXGHXXX - -### Step-08-02: Create MY_AWS_SECRET_ACCESS_KEY -- Go to Services -> Systems Manager -> Application Management -> Parameter Store -> Create Parameter - - Name: /CodeBuild/MY_AWS_SECRET_ACCESS_KEY - - Descritpion: My AWS Secret Access Key for Terraform CodePipeline Project - - Tier: Standard - - Type: Secure String - - Rest all defaults - - Value: abcdefxjkdklsa55dsjlkdjsakj - - -## Step-09: buildspec-dev.yml -- Discuss about following Environment variables we are going to pass -- TERRAFORM_VERSION - - which version of terraform codebuild should use - - As on today `0.15.3` is latest we will use that -- TF_COMMAND - - We will use `apply` to create resources - - We will use `destroy` in CodeBuild Environment -- AWS_ACCESS_KEY_ID: /CodeBuild/MY_AWS_ACCESS_KEY_ID - - AWS Access Key ID is safely stored in Parameter Store -- AWS_SECRET_ACCESS_KEY: /CodeBuild/MY_AWS_SECRET_ACCESS_KEY - - AWS Secret Access Key is safely stored in Parameter Store -```yaml -version: 0.2 - -env: - variables: - TERRAFORM_VERSION: "0.15.3" - TF_COMMAND: "apply" - #TF_COMMAND: "destroy" - parameter-store: - AWS_ACCESS_KEY_ID: "/CodeBuild/MY_AWS_ACCESS_KEY_ID" - AWS_SECRET_ACCESS_KEY: "/CodeBuild/MY_AWS_SECRET_ACCESS_KEY" - -phases: - install: - runtime-versions: - python: 3.7 - on-failure: ABORT - commands: - - tf_version=$TERRAFORM_VERSION - - wget https://releases.hashicorp.com/terraform/"$TERRAFORM_VERSION"/terraform_"$TERRAFORM_VERSION"_linux_amd64.zip - - unzip terraform_"$TERRAFORM_VERSION"_linux_amd64.zip - - mv terraform /usr/local/bin/ - pre_build: - on-failure: ABORT - commands: - - echo terraform execution started on `date` - build: - on-failure: ABORT - commands: - # Project-1: AWS VPC, ASG, ALB, Route53, ACM, Security Groups and SNS - - cd "$CODEBUILD_SRC_DIR/terraform-manifests" - - ls -lrt "$CODEBUILD_SRC_DIR/terraform-manifests" - - terraform --version - - terraform init -input=false --backend-config=dev.conf - - terraform validate - - terraform plan -lock=false -input=false -var-file=dev.tfvars - - terraform $TF_COMMAND -input=false -var-file=dev.tfvars -auto-approve - post_build: - on-failure: CONTINUE - commands: - - echo terraform execution completed on `date` -``` - -## Step-10: buildspec-stag.yml -```yaml -version: 0.2 - -env: - variables: - TERRAFORM_VERSION: "0.15.3" - TF_COMMAND: "apply" - #TF_COMMAND: "destroy" - parameter-store: - AWS_ACCESS_KEY_ID: "/CodeBuild/MY_AWS_ACCESS_KEY_ID" - AWS_SECRET_ACCESS_KEY: "/CodeBuild/MY_AWS_SECRET_ACCESS_KEY" - -phases: - install: - runtime-versions: - python: 3.7 - on-failure: ABORT - commands: - - tf_version=$TERRAFORM_VERSION - - wget https://releases.hashicorp.com/terraform/"$TERRAFORM_VERSION"/terraform_"$TERRAFORM_VERSION"_linux_amd64.zip - - unzip terraform_"$TERRAFORM_VERSION"_linux_amd64.zip - - mv terraform /usr/local/bin/ - pre_build: - on-failure: ABORT - commands: - - echo terraform execution started on `date` - build: - on-failure: ABORT - commands: - # Project-1: AWS VPC, ASG, ALB, Route53, ACM, Security Groups and SNS - - cd "$CODEBUILD_SRC_DIR/terraform-manifests" - - ls -lrt "$CODEBUILD_SRC_DIR/terraform-manifests" - - terraform --version - - terraform init -input=false --backend-config=stag.conf - - terraform validate - - terraform plan -lock=false -input=false -var-file=stag.tfvars - - terraform $TF_COMMAND -input=false -var-file=stag.tfvars -auto-approve - post_build: - on-failure: CONTINUE - commands: - - echo terraform execution completed on `date` -``` - -## Step-11: Create Github Repository and Check-In file -### Step-11-01: Create New Github Repository -- Go to github.com and login with your credentials -- URL: https://github.com/stacksimplify (my git repo url) -- Click on **Repositories Tab** -- Click on **New** to create a new repository -- **Repository Name:** terraform-iacdevops-with-aws-codepipeline -- **Description:** Implement Terraform IAC DevOps for AWS Project with AWS CodePipeline -- **Repository Type:** Private -- **Choose License:** Apache License 2.0 -- Click on **Create Repository** -- Click on **Code** and Copy Repo link -### Step-11-02: Clone Remote Repo and Copy all related files -```t -# Change Directory -cd demo-repos - -# Execute Git Clone -git clone https://github.com/stacksimplify/terraform-iacdevops-with-aws-codepipeline.git - -# Copy all files from Section-22 Git-Repo-Files folder -1. Source Folder Path: 22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files -2. Copy all files from Source Folder to Destination Folder -3. Destination Folder Path: demo-repos/terraform-iacdevops-with-aws-codepipeline - -# Verify Git Status -git status - -# Git Commit -git commit -am "First Commit" - -# Push files to Remote Repository -git push - -# Verify same on Remote Repository -https://github.com/stacksimplify/terraform-iacdevops-with-aws-codepipeline.git -``` - -## Step-12: Verify if AWS Connector for GitHub already installed on your Github -- Go to below url and verify -- **URL:** https://github.com/settings/installations - -## Step-13: Create Github Connection from AWS Developer Tools -- Go to Services -> CodePipeline -> Create Pipeline -- In Developer Tools -> Click on **Settings** -> Connections -> Create Connection -- **Select Provider:** Github -- **Connection Name:** terraform-iacdevops-aws-cp-con1 -- Click on **Connect to Github** -- GitHub Apps: Click on **Install new app** -- It should redirect to github page `Install AWS Connector for GitHub` -- **Only select repositories:** terraform-iacdevops-with-aws-codepipeline -- Click on **Install** -- Click on **Connect** -- Verify Connection Status: It should be in **Available** state -- Go to below url and verify -- **URL:** https://github.com/settings/installations -- You should see `Install AWS Connector for GitHub` app installed - -## Step-14: Create AWS CodePipeline -- Go to Services -> CodePipeline -> Create Pipeline -### Pipeline settings -- **Pipeline Name:** tf-iacdevops-aws-cp1 -- **Service role:** New Service Role -- rest all defaults - - Artifact store: Default Location - - Encryption Key: Default AWS Managed Key -- Click **Next** -### Source Stage -- **Source Provider:** Github (Version 2) -- **Connection:** terraform-iacdevops-aws-cp-con1 -- **Repository name:** terraform-iacdevops-with-aws-codepipeline -- **Branch name:** main -- **Change detection options:** leave to defaults as checked -- **Output artifact format:** leave to defaults as `CodePipeline default` -### Add Build Stage -- **Build Provider:** AWS CodeBuild -- **Region:** N.Virginia -- **Project Name:** Click on **Create Project** - - **Project Name:** codebuild-tf-iacdevops-aws-cp1 - - **Description:** CodeBuild Project for Dev Stage of IAC DevOps Terraform Demo - - **Environment image:** Managed Image - - **Operating System:** Amazon Linux 2 - - **Runtimes:** Standard - - **Image:** latest available today (aws/codebuild/amazonlinux2-x86_64-standard:3.0) - - **Environment Type:** Linux - - **Service Role:** New (leave to defaults including Role Name) - - **Build specifications:** use a buildspec file - - **Buildspec name - optional:** buildspec-dev.yml (Ensure that this file is present in root folder of your github repository) - - Rest all leave to defaults - - Click on **Continue to CodePipeline** -- **Project Name:** This value should be auto-populated with `codebuild-tf-iacdevops-aws-cp1` -- **Build Type:** Single Build -- Click **Next** -### Add Deploy Stage -- Click on **Skip Deploy Stage** -### Review Stage -- Click on **Create Pipeline** - - -## Step-15: Verify the Pipeline created -- **Verify Source Stage:** Should pass -- **Verify Build Stage:** should fail with error -- Verify Build Stage logs by clicking on **details** in pipeline screen -```log -[Container] 2021/05/11 06:24:06 Waiting for agent ping -[Container] 2021/05/11 06:24:09 Waiting for DOWNLOAD_SOURCE -[Container] 2021/05/11 06:24:09 Phase is DOWNLOAD_SOURCE -[Container] 2021/05/11 06:24:09 CODEBUILD_SRC_DIR=/codebuild/output/src851708532/src -[Container] 2021/05/11 06:24:09 YAML location is /codebuild/output/src851708532/src/buildspec-dev.yml -[Container] 2021/05/11 06:24:09 Processing environment variables -[Container] 2021/05/11 06:24:09 Decrypting parameter store environment variables -[Container] 2021/05/11 06:24:09 Phase complete: DOWNLOAD_SOURCE State: FAILED -[Container] 2021/05/11 06:24:09 Phase context status code: Decrypted Variables Error Message: AccessDeniedException: User: arn:aws:sts::180789647333:assumed-role/codebuild-codebuild-tf-iacdevops-aws-cp1-service-role/AWSCodeBuild-97595edc-1db1-4070-97a0-71fa862f0993 is not authorized to perform: ssm:GetParameters on resource: arn:aws:ssm:us-east-1:180789647333:parameter/CodeBuild/MY_AWS_ACCESS_KEY_ID -``` -## Step-16: Fix ssm:GetParameters IAM Role issues -### Step-16-01: Get IAM Service Role used by CodeBuild Project -- Get the IAM Service Role name CodeBuild Project is using -- Go to CodeBuild -> codebuild-tf-iacdevops-aws-cp1 -> Edit -> Environment -- Make a note of Service Role ARN -```t -# CodeBuild Service Role ARN -arn:aws:iam::180789647333:role/service-role/codebuild-codebuild-tf-iacdevops-aws-cp1-service-role -``` -### Step-16-02: Create IAM Policy with Systems Manager Get Parameter Read Permission -- Go to Services -> IAM -> Policies -> Create Policy -- **Service:** Systems Manager -- **Actions:** Get Parameters (Under Read) -- **Resources:** All -- Click **Next Tags** -- Click **Next Review** -- **Policy name:** systems-manger-get-parameter-access -- **Policy Description:** Read Parameters from Parameter Store in AWS Systems Manager Service -- Click on **Create Policy** - -### Step-16-03: Associate this Policy to IAM Role -- Go to Services -> IAM -> Roles -> Search for `codebuild-codebuild-tf-iacdevops-aws-cp1-service-role` -- Attach the polic named `systems-manger-get-parameter-access` - -## Step-17: Re-run the CodePipeline -- Go to Services -> CodePipeline -> tf-iacdevops-aws-cp1 -- Click on **Release Change** -- **Verify Source Stage:** - - Should pass -- **Verify Build Stage:** - - Verify Build Stage logs by clicking on **details** in pipeline screen - - Verify `Cloudwatch -> Log Groups` logs too (Logs saved in CloudWatch for additional reference) - - -## Step-18: Verify Resources -0. Confirm SNS Subscription in your email -1. Verify EC2 Instances -2. Verify Launch Templates (High Level) -3. Verify Autoscaling Group (High Level) -4. Verify Load Balancer -5. Verify Load Balancer Target Group - Health Checks -7. Access and Test -```t -# Access and Test -http://devdemo1.devopsincloud.com -http://devdemo1.devopsincloud.com/app1/index.html -http://devdemo1.devopsincloud.com/app1/metadata.html -``` - -## Step-19: Add Approval Stage before deploying to staging environment -- Go to Services -> AWS CodePipeline -> tf-iacdevops-aws-cp1 -> Edit -### Add Stage - - Name: Email-Approval -### Add Action Group -- Action Name: Email-Approval -- Action Provider: Manual Approval -- SNS Topic: Select SNS Topic from drop down -- Comments: Approve to deploy to staging environment - -## Step-20: Add Staging Environment Deploy Stage -- Go to Services -> AWS CodePipeline -> tf-iacdevops-aws-cp1 -> Edit -### Add Stage - - Name: Stage-Deploy -### Add Action Group -- Action Name: Stage-Deploy -- Region: US East (N.Virginia) -- Action Provider: AWS CodeBuild -- Input Artifacts: Source Artifact -- **Project Name:** Click on **Create Project** - - **Project Name:** stage-deploy-tf-iacdevops-aws-cp1 - - **Description:** CodeBuild Project for Staging Environment of IAC DevOps Terraform Demo - - **Environment image:** Managed Image - - **Operating System:** Amazon Linux 2 - - **Runtimes:** Standard - - **Image:** latest available today (aws/codebuild/amazonlinux2-x86_64-standard:3.0) - - **Environment Type:** Linux - - **Service Role:** New (leave to defaults including Role Name) - - **Build specifications:** use a buildspec file - - **Buildspec name - optional:** buildspec-stag.yml (Ensure that this file is present in root folder of your github repository) - - Rest all leave to defaults - - Click on **Continue to CodePipeline** -- **Project Name:** This value should be auto-populated with `stage-deploy-tf-iacdevops-aws-cp1` -- **Build Type:** Single Build -- Click on **Done** -- Click on **Save** - -## Step-21: Update the IAM Role -- Update the IAM Role created as part of this `stage-deploy-tf-iacdevops-aws-cp1` CodeBuild project by adding the policy `systems-manger-get-parameter-access1` - -## Step-22: Run the Pipeline -- Go to Services -> AWS CodePipeline -> tf-iacdevops-aws-cp1 -- Click on **Release Change** -- Verify Source Stage -- Verify Build Stage (Dev Environment - Dev Depploy phase) -- Verify Manual Approval Stage - Approve the change -- Verify Stage Deploy Stage - - Verify build logs - -## Step-23: Verify Staging Environment -0. Confirm SNS Subscription in your email -1. Verify EC2 Instances -2. Verify Launch Templates (High Level) -3. Verify Autoscaling Group (High Level) -4. Verify Load Balancer -5. Verify Load Balancer Target Group - Health Checks -7. Access and Test -```t -# Access and Test -http://stagedemo1.devopsincloud.com -http://stagedemo1.devopsincloud.com/app1/index.html -http://stagedemo1.devopsincloud.com/app1/metadata.html -``` - -## Step-24: Make a change and test the entire pipeline -### Step-24-01: c13-03-autoscaling-resource.tf -- Increase minimum EC2 Instances from 2 to 3 -```t -# Before - desired_capacity = 2 - max_size = 10 - min_size = 2 -# After - desired_capacity = 4 - max_size = 10 - min_size = 4 -``` -### Step-24-02: Commit Changes via Git Repo -```t -# Verify Changes -git status - -# Commit Changes to Local Repository -git add . -git commit -am "ASG Min Size from 2 to 4" - -# Push changes to Remote Repository -git push -``` -### Step-24-03: Review Build Logs -- Go to Services -> CodePipeline -> tf-iacdevops-aws-cp1 -- Verify Dev Deploy Logs -- Approve at `Manual Approval` stage -- Verify Stage Deploy Logs - -### Step-24-04: Verify EC2 Instances -- Go to Services -> EC2 Instances -- Newly created instances should be visible. -- hr-dev: 4 EC2 Instances -- hr-stag: 4 EC2 Instances - -## Step-25: Destroy Resources -### Step-25-01: Update buildspec-dev.yml -```t -# Before - TF_COMMAND: "apply" - #TF_COMMAND: "destroy" -# After - #TF_COMMAND: "apply" - TF_COMMAND: "destroy" -``` -### Step-25-02: Update buildspec-stag.yml -```t -# Before - TF_COMMAND: "apply" - #TF_COMMAND: "destroy" -# After - #TF_COMMAND: "apply" - TF_COMMAND: "destroy" -``` -### Step-25-03: Commit Changes via Git Repo -```t -# Verify Changes -git status - -# Commit Changes to Local Repository -git add . -git commit -am "Destroy Resources" - -# Push changes to Remote Repository -git push -``` -### Step-25-03: Review Build Logs -- Go to Services -> CodePipeline -> tf-iacdevops-aws-cp1 -- Verify Dev Deploy Logs -- Approve at `Manual Approval` stage -- Verify Stage Deploy Logs - - -## Step-26: Change Everything back to original Demo State -### Step-26-01: c13-03-autoscaling-resource.tf -- Change them back to original state -```t -# Before - desired_capacity = 4 - max_size = 10 - min_size = 4 -# After - desired_capacity = 2 - max_size = 10 - min_size = 2 -``` -### Step-26-02: buildspec-dev.yml and buildspec-stag.yml -- Change them back to original state -```t -# Before - #TF_COMMAND: "apply" - TF_COMMAND: "destroy" -# After - TF_COMMAND: "apply" - #TF_COMMAND: "destroy" -``` -### Step-26-03: Commit Changes via Git Repo -```t -# Verify Changes -git status - -# Commit Changes to Local Repository -git add . -git commit -am "Fixed all the changes back to demo state" - -# Push changes to Remote Repository -git push -``` - - - - -## References -- [1:Backend configuration Dynamic](https://www.terraform.io/docs/cli/commands/init.html) -- [2:Backend configuration Dynamic](https://www.terraform.io/docs/language/settings/backends/configuration.html#partial-configuration) -- [AWS CodeBuild Builspe file reference](https://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html#build-spec.env) \ No newline at end of file diff --git a/BACKUP-BEFORE-DEC2023-UPDATES/presentation/Terraform-On-AWS-v2.pptx b/BACKUP-BEFORE-DEC2023-UPDATES/presentation/Terraform-On-AWS-v2.pptx deleted file mode 100644 index d5174670..00000000 Binary files a/BACKUP-BEFORE-DEC2023-UPDATES/presentation/Terraform-On-AWS-v2.pptx and /dev/null differ diff --git a/README.md b/README.md deleted file mode 100644 index 9a1da68e..00000000 --- a/README.md +++ /dev/null @@ -1,156 +0,0 @@ -# Terraform on AWS with SRE & IaC DevOps | Real-World 20 Demos -[](https://links.stacksimplify.com/terraform-on-aws-with-sre-and-iacdevops) - -## Course Modules -01. Infrastructure as Code (IaC) -02. Terraform Basics - - Install Tools on MacOs, LinuxOS and WindowsOS - - Terraform Command Basics - - Terraform Language Syntax -03. Terraform Settings, Providers and Resources -04. Terraform Variables and Datasources -05. Terraform Loops, Meta-Arguments and Splat Operators -06. AWS VPC 3-Tier Architecture -07. AWS EC2 Instances and Security Groups in a VPC -08. AWS Classic Load Balancer -09. AWS ALB Application Load Balancer -10. AWS ALB Context-Path based Routing -11. AWS ALB Host-Header based Routing -12. AWS ALB HTTP Header and Query String Redirects -13. AWS DNS to DB Implementation -14. AWS Autoscaling with Launch Configuration -15. AWS Autoscaling with Launch Templates -16. AWS Network Load Balancer with TCP and TLS -17. AWS CloudWatch Alarms for ALB, ASG and CIS -18. Develop and Reference Terraform Modules locally -19. Develop Terraform Module from scratch -20. Remote State Storage with AWS S3 and DynamoDB -21. Terraform Remote State Datasource -22. IaC DevOps using AWS CodePipeline - -## AWS Services Covered -01. AWS VPC Virtual Private Cloud -02. AWS VPC NAT Gateways for Outbound Communication -03. AWS VPC Public and Private Subnets -04. AWS EC2 Instances -05. AWS Security Groups -06. AWS Classic Load Balancer -07. AWS ALB Application Load Balancer - Basic -08. AWS ALB Context-Path based Routing -09. AWS ALB Host-Header based Routing -10. AWS ALB Custom-HTTP Header based Routing -11. AWS ALB Query String based Redirects -12. AWS Autoscaling with Launch Configurations -13. AWS Autoscaling with Launch Templates -14. AWS Network Load Balancer -15. AWS CloudWatch Alarms -16. AWS Certificate Manager (ACM) -17. AWS Route53 -18. AWS CodeBuild -19. AWS CodePipeline -20. AWS RDS Database -21. AWS Elastic IP -22. AWS SNS - -## Terraform Concepts Covered -01. Terraform Install -02. Command Basics (init, validate, plan, apply) -03. Language Syntax (Blocks, Arguments) -04. Settings Block -05. Provider Block -06. Resources Block -07. Resource Meta-Arguments (depends_on, count, for_each) -08. Input Variables - Basics -09. Input Variables - Assign When Prompted -10. Input Variables - Override default with cli var -11. Input Variables - Assign with terraform.tfvars -12. Input Variables - Assign with tfvars var-file argument -13. Input Variables - Assign with auto tfvars -14. Input Variables - Lists -15. Input Variables - Maps -16. Input Variables - Sensitive Input Variables -17. Function: File -18. Output Values -19. Local Values -20. Datasources -21. Backends - Remote State Storage -22. File Provisioner -23. local-exec Provisioner -24. remote-exec Provisioner -25. Null Resource -26. Modules from Public Registry -27. Build Local Module -28. For Loop with Lists -29. For Loop with Maps -30. For Loops with Advanced Maps -31. Legacy Splat Operator -32. Latest Splat Operator -33. Function: toset -34. Function: tomap -35. Function: keys -36. Module Upgrades -37. Random Resource -39. Terraform Import - -## What will students learn in your course? -- You will learn to master Terraform in a Real-world perspective with 22 demo's -- You will build AWS VPC 3-Tier Architecture using Terraform -- You will build various Load balancers CLB, ALB and NLB using Terraform -- You will build DNS to DB Architecture on AWS using Terraform -- You will build Autoscaling with Launch Configuration using Terraform -- You will build Autoscaling with Launch Templates using Terraform -- You will build AWS CloudWatch Alarms using Terraform -- You will implement IaC DevOps usecase using AWS CodePipeline for your Terraform Configurations -- You will learn in detail about Terrafrom State, Local and Remote Backends. -- You will learn and implement all Terraform Provisioners -- You will learn and implement Terraform Modules with 2 types (Public Modules and Local Modules) - - -## Are there any course requirements or prerequisites? -- You must have an AWS Cloud account to follow with me for hands-on activities. -- You don't need to have any basic knowledge of Terraform. Course will get started from very very basics of Terraform and take you to very advanced levels - -## Who are your target students? -- Infrastructure Architects or Sysadmins or Developers who are planning to master Terraform -- Any beginner who is interested in learning IaC Infrastructure as Code current trending tool Terraform -- Anyone who want to learn Terraform from a Real-World perspective - -## Github Repositories used for this course -- [HashiCorp Certified: Terraform Associate](https://github.com/stacksimplify/hashicorp-certified-terraform-associate) -- **Important Note:** Please go to these repositories and FORK these repositories and make use of them during the course. - - -## Each of my courses come with -- Amazing Hands-on Step By Step Learning Experiences -- Real Implementation Experience -- Friendly Support in the Q&A section -- 30 Day "No Questions Asked" Money Back Guarantee! - -## My Other AWS Courses -- [Udemy Enroll](https://www.stacksimplify.com/azure-aks/courses/stacksimplify-best-selling-courses-on-udemy/) - -## Stack Simplify Udemy Profile -- [Udemy Profile](https://www.udemy.com/user/kalyan-reddy-9/) - -# HashiCorp Certified: Terraform Associate - 50 Practical Demos -[](https://links.stacksimplify.com/hashicorp-certified-terraform-associate) - -# AWS EKS - Elastic Kubernetes Service - Masterclass -[](https://www.udemy.com/course/aws-eks-kubernetes-masterclass-devops-microservices/?referralCode=257C9AD5B5AF8D12D1E1) - - -# Azure Kubernetes Service with Azure DevOps and Terraform -[](https://www.udemy.com/course/azure-kubernetes-service-with-azure-devops-and-terraform/?referralCode=2499BF7F5FAAA506ED42) - - -## Additional References -- [Certification Curriculum](https://www.hashicorp.com/certification/terraform-associate) -- [Certification Preparation](https://learn.hashicorp.com/collections/terraform/certification) -- [Study Guide](https://learn.hashicorp.com/tutorials/terraform/associate-study?in=terraform/certification) -- [Exam Review Guide](https://learn.hashicorp.com/tutorials/terraform/associate-review?in=terraform/certification) -- [Sample Questions](https://learn.hashicorp.com/tutorials/terraform/associate-questions?in=terraform/certification) - - - - - diff --git a/V1-UPDATES-DEC2023/01-Infrastructure-as-Code-IaC-Basics/README.md b/V1-UPDATES-DEC2023/01-Infrastructure-as-Code-IaC-Basics/README.md deleted file mode 100644 index 7c778fe2..00000000 --- a/V1-UPDATES-DEC2023/01-Infrastructure-as-Code-IaC-Basics/README.md +++ /dev/null @@ -1,13 +0,0 @@ -# Infrastructure as Code Basics - -## Step-01: Understand Problems with Traditional way of Managing Infrastructure -- Time it takes for building multiple environments -- Issues we face with different environments -- Scale-Up and Scale-Down On-Demand - -## Step-02: Discuss how IaC with Terraform Solves them -- Visibility -- Stability -- Scalability -- Security -- Audit \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/02-Terraform-Basics/02-01-Install-Tools-TerraformCLI-AWSCLI-VSCodeIDE/README.md b/V1-UPDATES-DEC2023/02-Terraform-Basics/02-01-Install-Tools-TerraformCLI-AWSCLI-VSCodeIDE/README.md deleted file mode 100644 index 4ca52c65..00000000 --- a/V1-UPDATES-DEC2023/02-Terraform-Basics/02-01-Install-Tools-TerraformCLI-AWSCLI-VSCodeIDE/README.md +++ /dev/null @@ -1,92 +0,0 @@ -# Terraform & AWS CLI Installation - -## Step-01: Introduction -- Install Terraform CLI -- Install AWS CLI -- Install VS Code Editor -- Install HashiCorp Terraform plugin for VS Code - - -## Step-02: MACOS: Terraform Install -- [Download Terraform MAC](https://www.terraform.io/downloads.html) -- [Install CLI](https://learn.hashicorp.com/tutorials/terraform/install-cli) -- Unzip the package -``` -# Copy binary zip file to a folder -mkdir /Users/Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app1/index.html -sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app1/metadata.html -``` - -## Step-06: Execute Terraform Commands -```t -# Terraform Initialize -terraform init -Observation: -1) Initialized Local Backend -2) Downloaded the provider plugins (initialized plugins) -3) Review the folder structure ".terraform folder" - -# Terraform Validate -terraform validate -Observation: -1) If any changes to files, those will come as printed in stdout (those file names will be printed in CLI) - -# Terraform Plan -terraform plan -Observation: -1) No changes - Just prints the execution plan - -# Terraform Apply -terraform apply -[or] -terraform apply -auto-approve -Observations: -1) Create resources on cloud -2) Created terraform.tfstate file when you run the terraform apply command -``` - -## Step-07: Access Application -- **Important Note:** verify if default VPC security group has a rule to allow port 80 -```t -# Access index.html -http://Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app1/index.html -sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app1/metadata.html - - diff --git a/V1-UPDATES-DEC2023/03-Terraform-Settings-Providers-Resources/terraform-manifests/c1-versions.tf b/V1-UPDATES-DEC2023/03-Terraform-Settings-Providers-Resources/terraform-manifests/c1-versions.tf deleted file mode 100644 index 08b8c8e3..00000000 --- a/V1-UPDATES-DEC2023/03-Terraform-Settings-Providers-Resources/terraform-manifests/c1-versions.tf +++ /dev/null @@ -1,20 +0,0 @@ -# Terraform Block -terraform { - required_version = ">= 1.6" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 5.0" - } - } -} -# Provider Block -provider "aws" { - region = "us-east-1" -} - -/* -Note-1: AWS Credentials Profile (profile = "default") configured on your local desktop terminal -$HOME/.aws/credentials -*/ - diff --git a/V1-UPDATES-DEC2023/03-Terraform-Settings-Providers-Resources/terraform-manifests/c2-ec2instance.tf b/V1-UPDATES-DEC2023/03-Terraform-Settings-Providers-Resources/terraform-manifests/c2-ec2instance.tf deleted file mode 100644 index e90b892e..00000000 --- a/V1-UPDATES-DEC2023/03-Terraform-Settings-Providers-Resources/terraform-manifests/c2-ec2instance.tf +++ /dev/null @@ -1,9 +0,0 @@ -# Resource: EC2 Instance -resource "aws_instance" "myec2vm" { - ami = "ami-0742b4e673072066f" - instance_type = "t3.micro" - user_data = file("${path.module}/app1-install.sh") - tags = { - "Name" = "EC2 Demo" - } -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/04-Terraform-Variables-and-Datasources/README.md b/V1-UPDATES-DEC2023/04-Terraform-Variables-and-Datasources/README.md deleted file mode 100644 index 34f2aa44..00000000 --- a/V1-UPDATES-DEC2023/04-Terraform-Variables-and-Datasources/README.md +++ /dev/null @@ -1,236 +0,0 @@ -# Terraform Variables and Datasources - -## Step-00: Pre-requisite Note -- Create a `terraform-key` in AWS EC2 Key pairs which we will reference in our EC2 Instance - -## Step-01: Introduction -### Terraform Concepts -- Terraform Input Variables -- Terraform Datasources -- Terraform Output Values - -### What are we going to learn ? -1. Learn about Terraform `Input Variable` basics - - AWS Region - - Instance Type - - Key Name -2. Define `Security Groups` and Associate them as a `List item` to AWS EC2 Instance - - vpc-ssh - - vpc-web -3. Learn about Terraform `Output Values` - - Public IP - - Public DNS -4. Get latest EC2 AMI ID Using `Terraform Datasources` concept -5. We are also going to use existing EC2 Key pair `terraform-key` -6. Use all the above to create an EC2 Instance in default VPC - - -## Step-02: c2-variables.tf - Define Input Variables in Terraform -- [Terraform Input Variables](https://www.terraform.io/docs/language/values/variables.html) -- [Terraform Input Variable Usage - 10 different types](https://github.com/stacksimplify/hashicorp-certified-terraform-associate/tree/main/05-Terraform-Variables/05-01-Terraform-Input-Variables) -```t -# AWS Region -variable "aws_region" { - description = "Region in which AWS Resources to be created" - type = string - default = "us-east-1" -} - -# AWS EC2 Instance Type -variable "instance_type" { - description = "EC2 Instance Type" - type = string - default = "t3.micro" -} - -# AWS EC2 Instance Key Pair -variable "instance_keypair" { - description = "AWS EC2 Key pair that need to be associated with EC2 Instance" - type = string - default = "terraform-key" -} -``` -- Reference the variables in respective `.tf`fies -```t -# c1-versions.tf -region = var.aws_region - -# c5-ec2instance.tf -instance_type = var.instance_type -key_name = var.instance_keypair -``` - -## Step-03: c3-ec2securitygroups.tf - Define Security Group Resources in Terraform -- [Resource: aws_security_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) -```t -# Create Security Group - SSH Traffic -resource "aws_security_group" "vpc-ssh" { - name = "vpc-ssh" - description = "Dev VPC SSH" - ingress { - description = "Allow Port 22" - from_port = 22 - to_port = 22 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - } - egress { - description = "Allow all ip and ports outboun" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] - } -} - -# Create Security Group - Web Traffic -resource "aws_security_group" "vpc-web" { - name = "vpc-web" - description = "Dev VPC web" - ingress { - description = "Allow Port 80" - from_port = 80 - to_port = 80 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - } - - ingress { - description = "Allow Port 443" - from_port = 443 - to_port = 443 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - } - - egress { - description = "Allow all ip and ports outbound" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] - } -} -``` -- Reference the security groups in `c5-ec2instance.tf` file as a list item -```t -# List Item -vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id] -``` - -## Step-04: c4-ami-datasource.tf - Define Get Latest AMI ID for Amazon Linux2 OS -- [Data Source: aws_ami](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) -```t -# Get latest AMI ID for Amazon Linux2 OS -# Get Latest AWS AMI ID for Amazon2 Linux -data "aws_ami" "amzlinux2" { - most_recent = true - owners = [ "amazon" ] - filter { - name = "name" - values = [ "amzn2-ami-hvm-*-gp2" ] - } - filter { - name = "root-device-type" - values = [ "ebs" ] - } - filter { - name = "virtualization-type" - values = [ "hvm" ] - } - filter { - name = "architecture" - values = [ "x86_64" ] - } -} -``` -- Reference the datasource in `c5-ec2instance.tf` file -```t -# Reference Datasource to get the latest AMI ID -ami = data.aws_ami.amzlinux2.id -``` - -## Step-05: c5-ec2instance.tf - Define EC2 Instance Resource -- [Resource: aws_instance](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance) -```t -# EC2 Instance -resource "aws_instance" "myec2vm" { - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - user_data = file("${path.module}/app1-install.sh") - key_name = var.instance_keypair - vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id] - tags = { - "Name" = "EC2 Demo 2" - } -} -``` - - -## Step-06: c6-outputs.tf - Define Output Values -- [Output Values](https://www.terraform.io/docs/language/values/outputs.html) -```t -# Terraform Output Values -output "instance_publicip" { - description = "EC2 Instance Public IP" - value = aws_instance.myec2vm.public_ip -} - -output "instance_publicdns" { - description = "EC2 Instance Public DNS" - value = aws_instance.myec2vm.public_dns -} -``` - -## Step-07: Execute Terraform Commands -```t -# Terraform Initialize -terraform init -Observation: -1) Initialized Local Backend -2) Downloaded the provider plugins (initialized plugins) -3) Review the folder structure ".terraform folder" - -# Terraform Validate -terraform validate -Observation: -1) If any changes to files, those will come as printed in stdout (those file names will be printed in CLI) - -# Terraform Plan -terraform plan -Observation: -1) Verify the latest AMI ID picked and displayed in plan -2) Verify the number of resources that going to get created -3) Verify the variable replacements worked as expected - -# Terraform Apply -terraform apply -[or] -terraform apply -auto-approve -Observations: -1) Create resources on cloud -2) Created terraform.tfstate file when you run the terraform apply command -3) Verify the EC2 Instance AMI ID which got created -``` - -## Step-08: Access Application -```t -# Access index.html -http://Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app1/index.html -sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app1/metadata.html - - diff --git a/V1-UPDATES-DEC2023/04-Terraform-Variables-and-Datasources/terraform-manifests/c1-versions.tf b/V1-UPDATES-DEC2023/04-Terraform-Variables-and-Datasources/terraform-manifests/c1-versions.tf deleted file mode 100644 index b5f936d3..00000000 --- a/V1-UPDATES-DEC2023/04-Terraform-Variables-and-Datasources/terraform-manifests/c1-versions.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Terraform Block -terraform { - required_version = ">= 1.6" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 5.0" - } - } -} - -# Provider Block -provider "aws" { - region = var.aws_region -} -/* -Note-1: AWS Credentials Profile (profile = "default") configured on your local desktop terminal -$HOME/.aws/credentials -*/ diff --git a/V1-UPDATES-DEC2023/04-Terraform-Variables-and-Datasources/terraform-manifests/c2-variables.tf b/V1-UPDATES-DEC2023/04-Terraform-Variables-and-Datasources/terraform-manifests/c2-variables.tf deleted file mode 100644 index 786f7843..00000000 --- a/V1-UPDATES-DEC2023/04-Terraform-Variables-and-Datasources/terraform-manifests/c2-variables.tf +++ /dev/null @@ -1,23 +0,0 @@ -# Input Variables -# AWS Region -variable "aws_region" { - description = "Region in which AWS Resources to be created" - type = string - default = "us-east-1" -} - -# AWS EC2 Instance Type -variable "instance_type" { - description = "EC2 Instnace Type" - type = string - default = "t3.micro" -} - -# AWS EC2 Instance Key Pair -variable "instance_keypair" { - description = "AWS EC2 Key Pair that need to be associated with EC2 Instance" - type = string - default = "terraform-key" -} - - diff --git a/V1-UPDATES-DEC2023/04-Terraform-Variables-and-Datasources/terraform-manifests/c3-ec2securitygroups.tf b/V1-UPDATES-DEC2023/04-Terraform-Variables-and-Datasources/terraform-manifests/c3-ec2securitygroups.tf deleted file mode 100644 index 077c3c40..00000000 --- a/V1-UPDATES-DEC2023/04-Terraform-Variables-and-Datasources/terraform-manifests/c3-ec2securitygroups.tf +++ /dev/null @@ -1,56 +0,0 @@ -# Create Security Group - SSH Traffic -resource "aws_security_group" "vpc-ssh" { - name = "vpc-ssh" - description = "Dev VPC SSH" - ingress { - description = "Allow Port 22" - from_port = 22 - to_port = 22 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - } - - egress { - description = "Allow all ip and ports outbound" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] - } - - tags = { - Name = "vpc-ssh" - } -} - -# Create Security Group - Web Traffic -resource "aws_security_group" "vpc-web" { - name = "vpc-web" - description = "Dev VPC Web" - ingress { - description = "Allow Port 80" - from_port = 80 - to_port = 80 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - } - ingress { - description = "Allow Port 443" - from_port = 443 - to_port = 443 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - } - egress { - description = "Allow all ip and ports outbound" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] - } - - tags = { - Name = "vpc-web" - } -} - diff --git a/V1-UPDATES-DEC2023/04-Terraform-Variables-and-Datasources/terraform-manifests/c4-ami-datasource.tf b/V1-UPDATES-DEC2023/04-Terraform-Variables-and-Datasources/terraform-manifests/c4-ami-datasource.tf deleted file mode 100644 index cf1e87a6..00000000 --- a/V1-UPDATES-DEC2023/04-Terraform-Variables-and-Datasources/terraform-manifests/c4-ami-datasource.tf +++ /dev/null @@ -1,21 +0,0 @@ -# Get latest AMI ID for Amazon Linux2 OS -data "aws_ami" "amzlinux2" { - most_recent = true - owners = ["amazon"] - filter { - name = "name" - values = ["amzn2-ami-hvm-*-gp2"] - } - filter { - name = "root-device-type" - values = ["ebs"] - } - filter { - name = "virtualization-type" - values = ["hvm"] - } - filter { - name = "architecture" - values = ["x86_64"] - } -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/04-Terraform-Variables-and-Datasources/terraform-manifests/c5-ec2instance.tf b/V1-UPDATES-DEC2023/04-Terraform-Variables-and-Datasources/terraform-manifests/c5-ec2instance.tf deleted file mode 100644 index 8c74dfab..00000000 --- a/V1-UPDATES-DEC2023/04-Terraform-Variables-and-Datasources/terraform-manifests/c5-ec2instance.tf +++ /dev/null @@ -1,11 +0,0 @@ -# EC2 Instance -resource "aws_instance" "myec2vm" { - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - user_data = file("${path.module}/app1-install.sh") - key_name = var.instance_keypair - vpc_security_group_ids = [ aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id ] - tags = { - "Name" = "EC2 Demo 2" - } -} diff --git a/V1-UPDATES-DEC2023/04-Terraform-Variables-and-Datasources/terraform-manifests/c6-outputs.tf b/V1-UPDATES-DEC2023/04-Terraform-Variables-and-Datasources/terraform-manifests/c6-outputs.tf deleted file mode 100644 index 70c4061b..00000000 --- a/V1-UPDATES-DEC2023/04-Terraform-Variables-and-Datasources/terraform-manifests/c6-outputs.tf +++ /dev/null @@ -1,13 +0,0 @@ -# Terraform Output Values - -# EC2 Instance Public IP -output "instance_publicip" { - description = "EC2 Instance Public IP" - value = aws_instance.myec2vm.public_ip -} - -# EC2 Instance Public DNS -output "instance_publicdns" { - description = "EC2 Instance Public DNS" - value = aws_instance.myec2vm.public_dns -} diff --git a/V1-UPDATES-DEC2023/04-Terraform-Variables-and-Datasources/terraform-manifests/private-key/terraform-key.pem b/V1-UPDATES-DEC2023/04-Terraform-Variables-and-Datasources/terraform-manifests/private-key/terraform-key.pem deleted file mode 100644 index fab1eb2a..00000000 --- a/V1-UPDATES-DEC2023/04-Terraform-Variables-and-Datasources/terraform-manifests/private-key/terraform-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAnzQtbXStFNU4znotckbPpAbQvymSYBvIRhObDObmhZLzs/Qm -lm57HBU18NcdAeEmKjHyu/2CI4Wwor3TJ+LTKHIldHmCt+26dSN5889Km99Af674 -nuPg9fTt8IXhY83aO0AeEnFivC+lk9+6Xezv7J7Llsmyx3kvUGE4uUEPNPuNcjdU -OrSlQ/Th9FPWBsTL8wLQCfQaPIQhZT8fXnvNGViTpZ/YqcoKGmkXcMl/+Pi0Xccs -ID3Egl18sV5uWr6T1DSMqhhwWYbl+IagZYUeKQ6Lg5znAtnX2/OHhDep6pGcf+aE -jbRkhQWgfLIVYhNXkAGxdxBEA2fQO0wvnaKI6wIDAQABAoIBABmUZqApmQ253LDA -TMEJw58VQUEVyuEKVbl8uPLvvqZDoEiPuAt/oOQ4PDyAM7bzmBA7ikbOSrSubF0Z -pu3HsinTfVUjmO84kTb1Bkk4S0KUMmbRlDzjXGfofLqiqD5C+wd+G9bWxQh7l10V -G3qv8TTRpuCJc+I9BG8jz9tkKq9WYtnGKXktVIAmEXK+ein8A5yj+szV1CyP0y6Y -6D1KApk+o1hLEXCBxaK6JgD4elJWgU0jCIhRFZzae93yozNIfJc2WZfPc8Ro6GBa -8H57q3E241P7S65VewhZlln9AUcRFYc587ohcCIW8mOWQ8NA3IMP+oVxa2p334Ll -duhR2jECgYEAyf7a1/+/c82B+ENyo53Y5CK2UM28oOJjiyCaWG2Dxj6V2+ZSXPrS -YTo43L9XiqT0Ry2eHjb4pJDsEeW5FnaDFO6NVUP+vfzaqWtozQmVAl3GQybbSh6g -+KJoEQff2Obadp9ZVhLFTiBedvGqPD43hs7jtmk5RfMjpLOvidfe+/UCgYEAycSJ -etYYHMMQm2NgX1/4dcbgOiu33N+x1H7LaXuvJMaZw0wB7fUyu65CAexEanDtiKs3 -jVG4tAzdMmHg7VxKR7eiCvQaSlxdWdcWtL2eFVq2TaQeowbpJUtsR0h6W0vpaN9A -VYW/oAH4fzQskwmWSlBMxB/Ie14hBCBckTXSRV8CgYEAql6WXpCK/jVbZfYdfvrn -sKPGeijM7DWGGBaLmAHmnxKyeyKsXVgAkZj11NpeD8ZJcq97Kajb1pGVSxMjJVsX -/FOoST5sYfoew76gSi/GypQlYQYo9z8WLh9s/tBRcTRlFqAYTYzPdbG/ezshhmZD -lyRw0620bNdCPOyBJhY5MPECgYA/3tFOazuSz0UQi3LUfkLetagBghlf+AgJJmIp -8BdPYvcF1ae+tiHrO4x1o188+qaW3uxk9fusM25KJqXXPaHd9gl7wi4YYAjFCcuM -R4IlbGPNTCjOnr9rKOcL4aup/uvSYOmyqPYyJq2NRuzdVumWeLj0VMNYGkIFVmE3 -LnxzrQKBgG5loEjdSKt40YOMXtYvUYUKDGvWgoQEb0hj3OqiBXz+w4YD3/iX7dbQ -qra1gCxE42Z9beiBiti6zi6zGcoVj/pfNUoyxTLMSwaytbF+g1u6ksXcmC9PXcmk -kJDR0DJcm/rcL8tp3PKo22GDB7sobm9gk5je6y8z+dQs3SQbWzb0 ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-01-MetaArgument-Count-For-Loops-Lists-Maps/README.md b/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-01-MetaArgument-Count-For-Loops-Lists-Maps/README.md deleted file mode 100644 index 9bc89df8..00000000 --- a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-01-MetaArgument-Count-For-Loops-Lists-Maps/README.md +++ /dev/null @@ -1,144 +0,0 @@ -# Terraform For Loops, Lists, Maps and Count Meta-Argument - -## Step-00: Pre-requisite Note -- We are using the `default vpc` in `us-east-1` region - -## Step-01: Introduction -- Terraform Meta-Argument: `Count` -- **Terraform Lists & Maps** - - List(string) - - map(string) -- **Terraform for loops** - - for loop with List - - for loop with Map - - for loop with Map Advanced -- **Splat Operators** - - Legacy Splat Operator `.*.` - - Generalized Splat Operator (latest) - - Understand about Terraform Generic Splat Expression `[*]` when dealing with `count` Meta-Argument and multiple output values - -## Step-02: c1-versions.tf -- No changes - -## Step-03: c2-variables.tf - Lists and Maps -```t -# AWS EC2 Instance Type - List -variable "instance_type_list" { - description = "EC2 Instnace Type" - type = list(string) - default = ["t3.micro", "t3.small"] -} - - -# AWS EC2 Instance Type - Map -variable "instance_type_map" { - description = "EC2 Instnace Type" - type = map(string) - default = { - "dev" = "t3.micro" - "qa" = "t3.small" - "prod" = "t3.large" - } -} -``` - -## Step-04: c3-ec2securitygroups.tf and c4-ami-datasource.tf -- No changes to both files - -## Step-05: c5-ec2instance.tf -```t -# How to reference List values ? -instance_type = var.instance_type_list[1] - -# How to reference Map values ? -instance_type = var.instance_type_map["prod"] - -# Meta-Argument Count -count = 2 - -# count.index - tags = { - "Name" = "Count-Demo-${count.index}" - } -``` - -## Step-06: c6-outputs.tf -- for loop with List -- for loop with Map -- for loop with Map Advanced -```t - -# Output - For Loop with List -output "for_output_list" { - description = "For Loop with List" - value = [for instance in aws_instance.myec2vm: instance.public_dns ] -} - -# Output - For Loop with Map -output "for_output_map1" { - description = "For Loop with Map" - value = {for instance in aws_instance.myec2vm: instance.id => instance.public_dns} -} - -# Output - For Loop with Map Advanced -output "for_output_map2" { - description = "For Loop with Map - Advanced" - value = {for c, instance in aws_instance.myec2vm: c => instance.public_dns} -} - -# Output Legacy Splat Operator (latest) - Returns the List -output "legacy_splat_instance_publicdns" { - description = "Legacy Splat Expression" - value = aws_instance.myec2vm.*.public_dns -} - -# Output Latest Generalized Splat Operator - Returns the List -output "latest_splat_instance_publicdns" { - description = "Generalized Splat Expression" - value = aws_instance.myec2vm[*].public_dns -} -``` - -## Step-07: Execute Terraform Commands -```t -# Terraform Initialize -terraform init - -# Terraform Validate -terraform validate - -# Terraform Plan -terraform plan -Observations: -1) play with Lists and Maps for instance_type - -# Terraform Apply -terraform apply -auto-approve -Observations: -1) Two EC2 Instances (Count = 2) of a Resource myec2vm will be created -2) Count.index will start from 0 and end with 1 for VM Names -3) Review outputs in detail (for loop with list, maps, maps advanced, splat legacy and splat latest) -``` - -## Step-08: Terraform Comments -- Single Line Comments - `#` and `//` -- Multi-line Commnets - `Start with /*` and `end with */` -- We are going to comment the legacy splat operator, which might be decommissioned in future versions -```t -# Output Legacy Splat Operator (latest) - Returns the List -/* output "legacy_splat_instance_publicdns" { - description = "Legacy Splat Expression" - value = aws_instance.myec2vm.*.public_dns -} */ -``` - -## Step-09: Clean-Up -```t -# Terraform Destroy -terraform destroy -auto-approve - -# Files -rm -rf .terraform* -rm -rf terraform.tfstate* -``` - diff --git a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-01-MetaArgument-Count-For-Loops-Lists-Maps/terraform-manifests/app1-install.sh b/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-01-MetaArgument-Count-For-Loops-Lists-Maps/terraform-manifests/app1-install.sh deleted file mode 100644 index f697dd1d..00000000 --- a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-01-MetaArgument-Count-For-Loops-Lists-Maps/terraform-manifests/app1-install.sh +++ /dev/null @@ -1,12 +0,0 @@ -#! /bin/bash -# Instance Identity Metadata Reference - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html -sudo yum update -y -sudo yum install -y httpd -sudo systemctl enable httpd -sudo service httpd start -sudo echo 'Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app1/index.html -sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app1/metadata.html - - diff --git a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-01-MetaArgument-Count-For-Loops-Lists-Maps/terraform-manifests/c1-versions.tf b/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-01-MetaArgument-Count-For-Loops-Lists-Maps/terraform-manifests/c1-versions.tf deleted file mode 100644 index b5f936d3..00000000 --- a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-01-MetaArgument-Count-For-Loops-Lists-Maps/terraform-manifests/c1-versions.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Terraform Block -terraform { - required_version = ">= 1.6" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 5.0" - } - } -} - -# Provider Block -provider "aws" { - region = var.aws_region -} -/* -Note-1: AWS Credentials Profile (profile = "default") configured on your local desktop terminal -$HOME/.aws/credentials -*/ diff --git a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-01-MetaArgument-Count-For-Loops-Lists-Maps/terraform-manifests/c2-variables.tf b/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-01-MetaArgument-Count-For-Loops-Lists-Maps/terraform-manifests/c2-variables.tf deleted file mode 100644 index 8b8486e4..00000000 --- a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-01-MetaArgument-Count-For-Loops-Lists-Maps/terraform-manifests/c2-variables.tf +++ /dev/null @@ -1,39 +0,0 @@ -# Input Variables -# AWS Region -variable "aws_region" { - description = "Region in which AWS Resources to be created" - type = string - default = "us-east-1" -} - -# AWS EC2 Instance Type -variable "instance_type" { - description = "EC2 Instnace Type" - type = string - default = "t3.micro" -} - -# AWS EC2 Instance Key Pair -variable "instance_keypair" { - description = "AWS EC2 Key Pair that need to be associated with EC2 Instance" - type = string - default = "terraform-key" -} - -# AWS EC2 Instance Type - List -variable "instance_type_list" { - description = "EC2 Instance Type" - type = list(string) - default = ["t3.micro", "t3.small", "t3.large"] -} - -# AWS EC2 Instance Type - Map -variable "instance_type_map" { - description = "EC2 Instance Type" - type = map(string) - default = { - "dev" = "t3.micro" - "qa" = "t3.small" - "prod" = "t3.large" - } -} diff --git a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-01-MetaArgument-Count-For-Loops-Lists-Maps/terraform-manifests/c3-ec2securitygroups.tf b/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-01-MetaArgument-Count-For-Loops-Lists-Maps/terraform-manifests/c3-ec2securitygroups.tf deleted file mode 100644 index 077c3c40..00000000 --- a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-01-MetaArgument-Count-For-Loops-Lists-Maps/terraform-manifests/c3-ec2securitygroups.tf +++ /dev/null @@ -1,56 +0,0 @@ -# Create Security Group - SSH Traffic -resource "aws_security_group" "vpc-ssh" { - name = "vpc-ssh" - description = "Dev VPC SSH" - ingress { - description = "Allow Port 22" - from_port = 22 - to_port = 22 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - } - - egress { - description = "Allow all ip and ports outbound" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] - } - - tags = { - Name = "vpc-ssh" - } -} - -# Create Security Group - Web Traffic -resource "aws_security_group" "vpc-web" { - name = "vpc-web" - description = "Dev VPC Web" - ingress { - description = "Allow Port 80" - from_port = 80 - to_port = 80 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - } - ingress { - description = "Allow Port 443" - from_port = 443 - to_port = 443 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - } - egress { - description = "Allow all ip and ports outbound" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] - } - - tags = { - Name = "vpc-web" - } -} - diff --git a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-01-MetaArgument-Count-For-Loops-Lists-Maps/terraform-manifests/c4-ami-datasource.tf b/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-01-MetaArgument-Count-For-Loops-Lists-Maps/terraform-manifests/c4-ami-datasource.tf deleted file mode 100644 index cf1e87a6..00000000 --- a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-01-MetaArgument-Count-For-Loops-Lists-Maps/terraform-manifests/c4-ami-datasource.tf +++ /dev/null @@ -1,21 +0,0 @@ -# Get latest AMI ID for Amazon Linux2 OS -data "aws_ami" "amzlinux2" { - most_recent = true - owners = ["amazon"] - filter { - name = "name" - values = ["amzn2-ami-hvm-*-gp2"] - } - filter { - name = "root-device-type" - values = ["ebs"] - } - filter { - name = "virtualization-type" - values = ["hvm"] - } - filter { - name = "architecture" - values = ["x86_64"] - } -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-01-MetaArgument-Count-For-Loops-Lists-Maps/terraform-manifests/c5-ec2instance.tf b/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-01-MetaArgument-Count-For-Loops-Lists-Maps/terraform-manifests/c5-ec2instance.tf deleted file mode 100644 index 0edc0218..00000000 --- a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-01-MetaArgument-Count-For-Loops-Lists-Maps/terraform-manifests/c5-ec2instance.tf +++ /dev/null @@ -1,26 +0,0 @@ -# EC2 Instance -resource "aws_instance" "myec2vm" { - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - #instance_type = var.instance_type_list[1] # For List - #nstance_type = var.instance_type_map["prod"] # For Map - user_data = file("${path.module}/app1-install.sh") - key_name = var.instance_keypair - vpc_security_group_ids = [ aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id ] - count = 2 - tags = { - "Name" = "Count-Demo-${count.index}" - } -} - -/* -# Drawbacks of using count in this example -- Resource Instances in this case were identified using index numbers -instead of string values like actual subnet_id -- If an element was removed from the middle of the list, -every instance after that element would see its subnet_id value -change, resulting in more remote object changes than intended. -- Even the subnet_ids should be pre-defined or we need to get them again -using for_each or for using various datasources -- Using for_each gives the same flexibility without the extra churn. -*/ \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-01-MetaArgument-Count-For-Loops-Lists-Maps/terraform-manifests/c6-outputs.tf b/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-01-MetaArgument-Count-For-Loops-Lists-Maps/terraform-manifests/c6-outputs.tf deleted file mode 100644 index 17b70589..00000000 --- a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-01-MetaArgument-Count-For-Loops-Lists-Maps/terraform-manifests/c6-outputs.tf +++ /dev/null @@ -1,40 +0,0 @@ -# Terraform Output Values -/* Concepts Covered -1. For Loop with List -2. For Loop with Map -3. For Loop with Map Advanced -4. Legacy Splat Operator (latest) - Returns List -5. Latest Generalized Splat Operator - Returns the List -*/ - -# Output - For Loop with List -output "for_output_list" { - description = "For Loop with List" - value = [for instance in aws_instance.myec2vm: instance.public_dns] -} - -# Output - For Loop with Map -output "for_output_map1" { - description = "For Loop with Map" - value = {for instance in aws_instance.myec2vm: instance.id => instance.public_dns} -} - -# Output - For Loop with Map Advanced -output "for_output_map2" { - description = "For Loop with Map - Advanced" - value = {for c, instance in aws_instance.myec2vm: c => instance.public_dns} -} - -# Output Legacy Splat Operator (Legacy) - Returns the List -/* -output "legacy_splat_instance_publicdns" { - description = "Legacy Splat Operator" - value = aws_instance.myec2vm.*.public_dns -} -*/ - -# Output Latest Generalized Splat Operator - Returns the List -output "latest_splat_instance_publicdns" { - description = "Generalized latest Splat Operator" - value = aws_instance.myec2vm[*].public_dns -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-01-MetaArgument-Count-For-Loops-Lists-Maps/terraform-manifests/private-key/terraform-key.pem b/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-01-MetaArgument-Count-For-Loops-Lists-Maps/terraform-manifests/private-key/terraform-key.pem deleted file mode 100644 index fab1eb2a..00000000 --- a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-01-MetaArgument-Count-For-Loops-Lists-Maps/terraform-manifests/private-key/terraform-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAnzQtbXStFNU4znotckbPpAbQvymSYBvIRhObDObmhZLzs/Qm -lm57HBU18NcdAeEmKjHyu/2CI4Wwor3TJ+LTKHIldHmCt+26dSN5889Km99Af674 -nuPg9fTt8IXhY83aO0AeEnFivC+lk9+6Xezv7J7Llsmyx3kvUGE4uUEPNPuNcjdU -OrSlQ/Th9FPWBsTL8wLQCfQaPIQhZT8fXnvNGViTpZ/YqcoKGmkXcMl/+Pi0Xccs -ID3Egl18sV5uWr6T1DSMqhhwWYbl+IagZYUeKQ6Lg5znAtnX2/OHhDep6pGcf+aE -jbRkhQWgfLIVYhNXkAGxdxBEA2fQO0wvnaKI6wIDAQABAoIBABmUZqApmQ253LDA -TMEJw58VQUEVyuEKVbl8uPLvvqZDoEiPuAt/oOQ4PDyAM7bzmBA7ikbOSrSubF0Z -pu3HsinTfVUjmO84kTb1Bkk4S0KUMmbRlDzjXGfofLqiqD5C+wd+G9bWxQh7l10V -G3qv8TTRpuCJc+I9BG8jz9tkKq9WYtnGKXktVIAmEXK+ein8A5yj+szV1CyP0y6Y -6D1KApk+o1hLEXCBxaK6JgD4elJWgU0jCIhRFZzae93yozNIfJc2WZfPc8Ro6GBa -8H57q3E241P7S65VewhZlln9AUcRFYc587ohcCIW8mOWQ8NA3IMP+oVxa2p334Ll -duhR2jECgYEAyf7a1/+/c82B+ENyo53Y5CK2UM28oOJjiyCaWG2Dxj6V2+ZSXPrS -YTo43L9XiqT0Ry2eHjb4pJDsEeW5FnaDFO6NVUP+vfzaqWtozQmVAl3GQybbSh6g -+KJoEQff2Obadp9ZVhLFTiBedvGqPD43hs7jtmk5RfMjpLOvidfe+/UCgYEAycSJ -etYYHMMQm2NgX1/4dcbgOiu33N+x1H7LaXuvJMaZw0wB7fUyu65CAexEanDtiKs3 -jVG4tAzdMmHg7VxKR7eiCvQaSlxdWdcWtL2eFVq2TaQeowbpJUtsR0h6W0vpaN9A -VYW/oAH4fzQskwmWSlBMxB/Ie14hBCBckTXSRV8CgYEAql6WXpCK/jVbZfYdfvrn -sKPGeijM7DWGGBaLmAHmnxKyeyKsXVgAkZj11NpeD8ZJcq97Kajb1pGVSxMjJVsX -/FOoST5sYfoew76gSi/GypQlYQYo9z8WLh9s/tBRcTRlFqAYTYzPdbG/ezshhmZD -lyRw0620bNdCPOyBJhY5MPECgYA/3tFOazuSz0UQi3LUfkLetagBghlf+AgJJmIp -8BdPYvcF1ae+tiHrO4x1o188+qaW3uxk9fusM25KJqXXPaHd9gl7wi4YYAjFCcuM -R4IlbGPNTCjOnr9rKOcL4aup/uvSYOmyqPYyJq2NRuzdVumWeLj0VMNYGkIFVmE3 -LnxzrQKBgG5loEjdSKt40YOMXtYvUYUKDGvWgoQEb0hj3OqiBXz+w4YD3/iX7dbQ -qra1gCxE42Z9beiBiti6zi6zGcoVj/pfNUoyxTLMSwaytbF+g1u6ksXcmC9PXcmk -kJDR0DJcm/rcL8tp3PKo22GDB7sobm9gk5je6y8z+dQs3SQbWzb0 ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-02-MetaArgument-for_each/README.md b/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-02-MetaArgument-for_each/README.md deleted file mode 100644 index 5dc1f974..00000000 --- a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-02-MetaArgument-for_each/README.md +++ /dev/null @@ -1,125 +0,0 @@ -# Terraform for_each Meta-Argument with Functions toset, tomap -## Step-00: Pre-requisite Note -- We are using the `default vpc` in `us-east-1` region - -## Step-01: Introduction -- `for_each` Meta-Argument -- `toset` function -- `tomap` function -- Data Source: aws_availability_zones - -## Step-02: No changes to files -- c1-versions.tf -- c2-variables.tf -- c3-ec2securitygroups.tf -- c4-ami-datasource.tf - -## Step-03: c5-ec2instance.tf -- To understand more about [for_each](https://www.terraform.io/docs/language/meta-arguments/for_each.html) - -### Step-03-01: Availability Zones Datasource -```t -# Availability Zones Datasource -data "aws_availability_zones" "my_azones" { - filter { - name = "opt-in-status" - values = ["opt-in-not-required"] - } -} -``` - -### Step-03-02: EC2 Instance Resource -```t -# EC2 Instance -resource "aws_instance" "myec2vm" { - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - user_data = file("${path.module}/app1-install.sh") - key_name = var.instance_keypair - vpc_security_group_ids = [ aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id ] - # Create EC2 Instance in all Availabilty Zones of a VPC - for_each = toset(data.aws_availability_zones.my_azones.names) - availability_zone = each.key # You can also use each.value because for list items each.key == each.value - tags = { - "Name" = "For-Each-Demo-${each.key}" - } -} -``` - -## Step-04: c6-outputs.tf -```t - -# EC2 Instance Public IP with TOSET -output "instance_publicip" { - description = "EC2 Instance Public IP" - #value = aws_instance.myec2vm.*.public_ip # Legacy Splat - #value = aws_instance.myec2vm[*].public_ip # Latest Splat - value = toset([ - for myec2vm in aws_instance.myec2vm : myec2vm.public_ip - ]) -} - -# EC2 Instance Public DNS with TOSET -output "instance_publicdns" { - description = "EC2 Instance Public DNS" - #value = aws_instance.myec2vm[*].public_dns # Legacy Splat - #value = aws_instance.myec2vm[*].public_dns # Latest Splat - value = toset([ - for myec2vm in aws_instance.myec2vm : myec2vm.public_dns - ]) -} - -# EC2 Instance Public DNS with MAPS -output "instance_publicdns2" { - value = tomap({ - for s, myec2vm in aws_instance.myec2vm : s => myec2vm.public_dns - # S intends to be a subnet ID - }) -} -``` - -## Step-05: Execute Terraform Commands -```t -# Terraform Initialize -terraform init - -# Terraform Validate -terraform validate - -# Terraform Plan -terraform plan - -# Terraform Apply -terraform apply -auto-approve -Observations: -1) Should fail with not creating EC2 Instance in 1 availability zone in region us-east-1 -2) We will learn about fixing this in next two sections 05-03 and 05-04 -3) Outputs not displayed as we failed during terraform apply. We will see and review outputs in section 05-04 -``` - -## Step-06: Expected Error Message -```t -Error: Error launching source instance: Unsupported: Your requested instance type (t3.micro) is not supported in your requested Availability Zone (us-east-1e). Please retry your request by not specifying an Availability Zone or choosing us-east-1a, us-east-1b, us-east-1c, us-east-1d, us-east-1f. - status code: 400, request id: 52e0e358-17a0-434b-80de-5bc5f956eedb - - on c5-ec2instance.tf line 35, in resource "aws_instance" "myec2vm": - 35: resource "aws_instance" "myec2vm" { - -``` - -## Step-07: Clean-Up -```t -# Terraform Destroy -terraform destroy -auto-approve - -# Clean-Up -rm -rf .terraform* -rm -rf terraform.tfstate* -``` - -## References -- [Terraform Functions](https://www.terraform.io/docs/language/functions/tolist.html) -- [Data Source: aws_availability_zones](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) -- [for_each Meta-Argument](https://www.terraform.io/docs/language/meta-arguments/for_each.html) -- [tomap Function](https://www.terraform.io/docs/language/functions/tomap.html) -- [toset Function](https://www.terraform.io/docs/language/functions/toset.html) \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-02-MetaArgument-for_each/terraform-manifests/app1-install.sh b/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-02-MetaArgument-for_each/terraform-manifests/app1-install.sh deleted file mode 100644 index f697dd1d..00000000 --- a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-02-MetaArgument-for_each/terraform-manifests/app1-install.sh +++ /dev/null @@ -1,12 +0,0 @@ -#! /bin/bash -# Instance Identity Metadata Reference - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html -sudo yum update -y -sudo yum install -y httpd -sudo systemctl enable httpd -sudo service httpd start -sudo echo 'Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app1/index.html -sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app1/metadata.html - - diff --git a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-02-MetaArgument-for_each/terraform-manifests/c1-versions.tf b/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-02-MetaArgument-for_each/terraform-manifests/c1-versions.tf deleted file mode 100644 index b5f936d3..00000000 --- a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-02-MetaArgument-for_each/terraform-manifests/c1-versions.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Terraform Block -terraform { - required_version = ">= 1.6" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 5.0" - } - } -} - -# Provider Block -provider "aws" { - region = var.aws_region -} -/* -Note-1: AWS Credentials Profile (profile = "default") configured on your local desktop terminal -$HOME/.aws/credentials -*/ diff --git a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-02-MetaArgument-for_each/terraform-manifests/c2-variables.tf b/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-02-MetaArgument-for_each/terraform-manifests/c2-variables.tf deleted file mode 100644 index 786f7843..00000000 --- a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-02-MetaArgument-for_each/terraform-manifests/c2-variables.tf +++ /dev/null @@ -1,23 +0,0 @@ -# Input Variables -# AWS Region -variable "aws_region" { - description = "Region in which AWS Resources to be created" - type = string - default = "us-east-1" -} - -# AWS EC2 Instance Type -variable "instance_type" { - description = "EC2 Instnace Type" - type = string - default = "t3.micro" -} - -# AWS EC2 Instance Key Pair -variable "instance_keypair" { - description = "AWS EC2 Key Pair that need to be associated with EC2 Instance" - type = string - default = "terraform-key" -} - - diff --git a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-02-MetaArgument-for_each/terraform-manifests/c3-ec2securitygroups.tf b/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-02-MetaArgument-for_each/terraform-manifests/c3-ec2securitygroups.tf deleted file mode 100644 index 077c3c40..00000000 --- a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-02-MetaArgument-for_each/terraform-manifests/c3-ec2securitygroups.tf +++ /dev/null @@ -1,56 +0,0 @@ -# Create Security Group - SSH Traffic -resource "aws_security_group" "vpc-ssh" { - name = "vpc-ssh" - description = "Dev VPC SSH" - ingress { - description = "Allow Port 22" - from_port = 22 - to_port = 22 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - } - - egress { - description = "Allow all ip and ports outbound" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] - } - - tags = { - Name = "vpc-ssh" - } -} - -# Create Security Group - Web Traffic -resource "aws_security_group" "vpc-web" { - name = "vpc-web" - description = "Dev VPC Web" - ingress { - description = "Allow Port 80" - from_port = 80 - to_port = 80 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - } - ingress { - description = "Allow Port 443" - from_port = 443 - to_port = 443 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - } - egress { - description = "Allow all ip and ports outbound" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] - } - - tags = { - Name = "vpc-web" - } -} - diff --git a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-02-MetaArgument-for_each/terraform-manifests/c4-ami-datasource.tf b/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-02-MetaArgument-for_each/terraform-manifests/c4-ami-datasource.tf deleted file mode 100644 index cf1e87a6..00000000 --- a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-02-MetaArgument-for_each/terraform-manifests/c4-ami-datasource.tf +++ /dev/null @@ -1,21 +0,0 @@ -# Get latest AMI ID for Amazon Linux2 OS -data "aws_ami" "amzlinux2" { - most_recent = true - owners = ["amazon"] - filter { - name = "name" - values = ["amzn2-ami-hvm-*-gp2"] - } - filter { - name = "root-device-type" - values = ["ebs"] - } - filter { - name = "virtualization-type" - values = ["hvm"] - } - filter { - name = "architecture" - values = ["x86_64"] - } -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-02-MetaArgument-for_each/terraform-manifests/c5-ec2instance.tf b/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-02-MetaArgument-for_each/terraform-manifests/c5-ec2instance.tf deleted file mode 100644 index b727d580..00000000 --- a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-02-MetaArgument-for_each/terraform-manifests/c5-ec2instance.tf +++ /dev/null @@ -1,23 +0,0 @@ -# Availability Zones Datasource -data "aws_availability_zones" "my_azones" { - filter { - name = "opt-in-status" - values = ["opt-in-not-required"] - } -} - - -# EC2 Instance -resource "aws_instance" "myec2vm" { - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - user_data = file("${path.module}/app1-install.sh") - key_name = var.instance_keypair - vpc_security_group_ids = [ aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id ] - # Create EC2 Instance in all Availabilty Zones of a VPC - for_each = toset(data.aws_availability_zones.my_azones.names) - availability_zone = each.key # You can also use each.value because for list items each.key == each.value - tags = { - "Name" = "for_each-Demo-${each.value}" - } -} diff --git a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-02-MetaArgument-for_each/terraform-manifests/c6-outputs.tf b/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-02-MetaArgument-for_each/terraform-manifests/c6-outputs.tf deleted file mode 100644 index 689af9f3..00000000 --- a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-02-MetaArgument-for_each/terraform-manifests/c6-outputs.tf +++ /dev/null @@ -1,36 +0,0 @@ -# Terraform Output Values - - -# EC2 Instance Public IP with TOSET -output "instance_publicip" { - description = "EC2 Instance Public IP" - #value = aws_instance.myec2vm.*.public_ip # Legacy Splat - #value = aws_instance.myec2vm[*].public_ip # Latest Splat - value = toset([for instance in aws_instance.myec2vm: instance.public_ip]) -} - -# EC2 Instance Public DNS with TOSET -output "instance_publicdns" { - description = "EC2 Instance Public DNS" - #value = aws_instance.myec2vm[*].public_dns # Legacy Splat - #value = aws_instance.myec2vm[*].public_dns # Latest Splat - value = toset([for instance in aws_instance.myec2vm: instance.public_dns]) -} - -# EC2 Instance Public DNS with TOMAP -output "instance_publicdns2" { - value = tomap({for az, instance in aws_instance.myec2vm: az => instance.public_dns}) -} - - -/* -# Additional Important Note about OUTPUTS when for_each used -1. The [*] and .* operators are intended for use with lists only. -2. Because this resource uses for_each rather than count, -its value in other expressions is a toset or a map, not a list. -3. With that said, we can use Function "toset" and loop with "for" -to get the output for a list -4. For maps, we can directly use for loop to get the output and if we -want to handle type conversion we can use "tomap" function too -*/ - diff --git a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-02-MetaArgument-for_each/terraform-manifests/private-key/terraform-key.pem b/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-02-MetaArgument-for_each/terraform-manifests/private-key/terraform-key.pem deleted file mode 100644 index fab1eb2a..00000000 --- a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-02-MetaArgument-for_each/terraform-manifests/private-key/terraform-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAnzQtbXStFNU4znotckbPpAbQvymSYBvIRhObDObmhZLzs/Qm -lm57HBU18NcdAeEmKjHyu/2CI4Wwor3TJ+LTKHIldHmCt+26dSN5889Km99Af674 -nuPg9fTt8IXhY83aO0AeEnFivC+lk9+6Xezv7J7Llsmyx3kvUGE4uUEPNPuNcjdU -OrSlQ/Th9FPWBsTL8wLQCfQaPIQhZT8fXnvNGViTpZ/YqcoKGmkXcMl/+Pi0Xccs -ID3Egl18sV5uWr6T1DSMqhhwWYbl+IagZYUeKQ6Lg5znAtnX2/OHhDep6pGcf+aE -jbRkhQWgfLIVYhNXkAGxdxBEA2fQO0wvnaKI6wIDAQABAoIBABmUZqApmQ253LDA -TMEJw58VQUEVyuEKVbl8uPLvvqZDoEiPuAt/oOQ4PDyAM7bzmBA7ikbOSrSubF0Z -pu3HsinTfVUjmO84kTb1Bkk4S0KUMmbRlDzjXGfofLqiqD5C+wd+G9bWxQh7l10V -G3qv8TTRpuCJc+I9BG8jz9tkKq9WYtnGKXktVIAmEXK+ein8A5yj+szV1CyP0y6Y -6D1KApk+o1hLEXCBxaK6JgD4elJWgU0jCIhRFZzae93yozNIfJc2WZfPc8Ro6GBa -8H57q3E241P7S65VewhZlln9AUcRFYc587ohcCIW8mOWQ8NA3IMP+oVxa2p334Ll -duhR2jECgYEAyf7a1/+/c82B+ENyo53Y5CK2UM28oOJjiyCaWG2Dxj6V2+ZSXPrS -YTo43L9XiqT0Ry2eHjb4pJDsEeW5FnaDFO6NVUP+vfzaqWtozQmVAl3GQybbSh6g -+KJoEQff2Obadp9ZVhLFTiBedvGqPD43hs7jtmk5RfMjpLOvidfe+/UCgYEAycSJ -etYYHMMQm2NgX1/4dcbgOiu33N+x1H7LaXuvJMaZw0wB7fUyu65CAexEanDtiKs3 -jVG4tAzdMmHg7VxKR7eiCvQaSlxdWdcWtL2eFVq2TaQeowbpJUtsR0h6W0vpaN9A -VYW/oAH4fzQskwmWSlBMxB/Ie14hBCBckTXSRV8CgYEAql6WXpCK/jVbZfYdfvrn -sKPGeijM7DWGGBaLmAHmnxKyeyKsXVgAkZj11NpeD8ZJcq97Kajb1pGVSxMjJVsX -/FOoST5sYfoew76gSi/GypQlYQYo9z8WLh9s/tBRcTRlFqAYTYzPdbG/ezshhmZD -lyRw0620bNdCPOyBJhY5MPECgYA/3tFOazuSz0UQi3LUfkLetagBghlf+AgJJmIp -8BdPYvcF1ae+tiHrO4x1o188+qaW3uxk9fusM25KJqXXPaHd9gl7wi4YYAjFCcuM -R4IlbGPNTCjOnr9rKOcL4aup/uvSYOmyqPYyJq2NRuzdVumWeLj0VMNYGkIFVmE3 -LnxzrQKBgG5loEjdSKt40YOMXtYvUYUKDGvWgoQEb0hj3OqiBXz+w4YD3/iX7dbQ -qra1gCxE42Z9beiBiti6zi6zGcoVj/pfNUoyxTLMSwaytbF+g1u6ksXcmC9PXcmk -kJDR0DJcm/rcL8tp3PKo22GDB7sobm9gk5je6y8z+dQs3SQbWzb0 ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-03-Utility-Project/README.md b/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-03-Utility-Project/README.md deleted file mode 100644 index 32953c99..00000000 --- a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-03-Utility-Project/README.md +++ /dev/null @@ -1,259 +0,0 @@ -# Terraform Small Utility Project - -## Step-01: Introduction -### Current Problem: -- We are not able to create EC2 Instances in all the subnets of our VPC which are spread across all availability zones in that region -### Approach to a Solution: -- We need to find a solution to say that our desired EC2 Instance Type `example: t3.micro` is supported in that availability zone or not -- In simple terms, give me the availability zone list in a particular region where by desired EC2 Instance Type (t3.micro) is supported -### Why utility project? -- In Terraform, we should `not` go and try things directly in large code base. -- First try your requirements in small chunks and integrate that to main code base. -- We are going to do the same now. - -## Step-02: c1-versions.tf -- Hard-coded the region as we are not going to use any `variables.tf` in this utility project -```t -# Provider Block -provider "aws" { - region = "us-east-1" -} -``` - -## Step-03: c2-v1-get-instancetype-supported-per-az-in-a-region.tf -- We are first going to explore the datasource and it outputs -```t -# Determine which Availability Zones support your instance type -aws ec2 describe-instance-type-offerings --location-type availability-zone --filters Name=instance-type,Values=t3.micro --region us-east-1 --output table -``` -### Step-03-01: Review / Create the datasource and its output -```t -# Datasource -data "aws_ec2_instance_type_offerings" "my_ins_type1" { - filter { - name = "instance-type" - values = ["t3.micro"] - } - filter { - name = "location" - values = ["us-east-1a"] - #values = ["us-east-1e"] - } - location_type = "availability-zone" -} - - -# Output -output "output_v1_1" { - value = data.aws_ec2_instance_type_offerings.my_ins_type1.instance_types -} -``` -### Step-03-02: Execute Terraform Commands -```t -# Terraform Initialize -terraform init - -# Terraform Validate -terraform validate - -# Terraform Plan -terraform plan -terraform apply -auto-approve -Observation: -1. Output should have the instance value `t3.micro` when `values = ["us-east-1a"]` in location filter -# Sample Output -output_v1_1 = toset([ - "t3.micro", -]) - -# Make a change -Switch the values in `location` filter to `values = ["us-east-1e"]` and test again with `terraform plan` - -# Terraform Plan -terraform plan -terraform apply -auto-approve -Observation: -1. Output should have the instance value empty `[]` when `values = ["us-east-1e"]` in location filter -# Sample Output -output_v1_1 = toset([]) -``` - -## Step-04: c2-v2-get-instancetype-supported-per-az-in-a-region.tf -- Using `for_each` create multiple instances of datasource and loop it with hard-coded availability zones in `for_each` -### Step-04-01: Review / Create the datasource and its output with for_each -```t -# Check if that respective Instance Type is supported in that Specific Region in list of availability Zones -# Get the List of Availability Zones in a Particular region where that respective Instance Type is supported -data "aws_ec2_instance_type_offerings" "my_ins_type2" { - for_each = toset([ "us-east-1a", "us-east-1e" ]) - filter { - name = "instance-type" - values = ["t3.micro"] - } - filter { - name = "location" - values = [each.key] - } - location_type = "availability-zone" -} - - -# Important Note: Once for_each is set, its attributes must be accessed on specific instances -output "output_v2_1" { - #value = data.aws_ec2_instance_type_offerings.my_ins_type1.instance_types - value = toset([ - for t in data.aws_ec2_instance_type_offerings.my_ins_type2 : t.instance_types - ]) -} - -# Create a Map with Key as Availability Zone and value as Instance Type supported -output "output_v2_2" { - value = { for az, details in data.aws_ec2_instance_type_offerings.my_ins_type2 : - az => details.instance_types } -} -``` - -### Step-04-02: Execute Terraform Commands -```t -# Terraform Plan -terraform plan -terraform apply -auto-approve -Observation: refer sample output -# Sample Output -output_v2_1 = toset([ - toset([ - "t3.micro", - ]), - toset([]), -]) -output_v2_2 = { - "us-east-1a" = toset([ - "t3.micro", - ]) - "us-east-1e" = toset([]) -} -``` - -## Step-05: c2-v3-get-instancetype-supported-per-az-in-a-region.tf - -### Step-05-01: Add new datasource aws_availability_zones -- Get List of Availability Zones in a Specific Region -```t -# Get List of Availability Zones in a Specific Region -# Region is set in c1-versions.tf in Provider Block -data "aws_availability_zones" "my_azones" { - filter { - name = "opt-in-status" - values = ["opt-in-not-required"] - } -} -``` - -### Step-05-02: Update for_each with new datasource -```t -# Check if that respective Instance Type is supported in that Specific Region in list of availability Zones -# Get the List of Availability Zones in a Particular region where that respective Instance Type is supported -data "aws_ec2_instance_type_offerings" "my_ins_type" { -for_each=toset(data.aws_availability_zones.my_azones.names) - filter { - name = "instance-type" - values = ["t3.micro"] - } - filter { - name = "location" - values = [each.key] - } - location_type = "availability-zone" -} -``` - -### Step-05-03: Implement Incremental Outputs till we reach what is required -```t -# Basic Output: All Availability Zones mapped to Supported Instance Types -output "output_v3_1" { - value = { for az, details in data.aws_ec2_instance_type_offerings.my_ins_type : - az => details.instance_types } -} - -# Filtered Output: Exclude Unsupported Availability Zones -output "output_v3_2" { - value = { for az, details in data.aws_ec2_instance_type_offerings.my_ins_type : - az => details.instance_types if length(details.instance_types) != 0 } -} - -# Filtered Output: with Keys Function - Which gets keys from a Map -# This will return the list of availability zones supported for a instance type -output "output_v3_3" { - value = keys({ for az, details in data.aws_ec2_instance_type_offerings.my_ins_type : - az => details.instance_types if length(details.instance_types) != 0 }) -} - -# Filtered Output: As the output is list now, get the first item from list (just for learning) -output "output_v3_4" { - value = keys({ for az, details in data.aws_ec2_instance_type_offerings.my_ins_type : - az => details.instance_types if length(details.instance_types) != 0 })[0] -} -``` - -### Step-05-04: Execute Terraform Commands -```t -# Terraform Plan -terraform plan -terraform appy -auto-approve -Observation: refer sample output -1. In the final output you will only get the availability zones list in which `t3.micro` instance is supported -# Sample Output -output_v3_1 = { - "us-east-1a" = toset([ - "t3.micro", - ]) - "us-east-1b" = toset([ - "t3.micro", - ]) - "us-east-1c" = toset([ - "t3.micro", - ]) - "us-east-1d" = toset([ - "t3.micro", - ]) - "us-east-1e" = toset([]) - "us-east-1f" = toset([ - "t3.micro", - ]) -} -output_v3_2 = { - "us-east-1a" = toset([ - "t3.micro", - ]) - "us-east-1b" = toset([ - "t3.micro", - ]) - "us-east-1c" = toset([ - "t3.micro", - ]) - "us-east-1d" = toset([ - "t3.micro", - ]) - "us-east-1f" = toset([ - "t3.micro", - ]) -} -output_v3_3 = [ - "us-east-1a", - "us-east-1b", - "us-east-1c", - "us-east-1d", - "us-east-1f", -] -output_v3_4 = "us-east-1a" -``` - -## Step-06: Clean-Up -```t -# Terraform Destroy -terraform destroy -auto-approve - -# Delete Files -rm -rf .terraform* -rm -rf terraform.tfstate* -``` \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-03-Utility-Project/terraform-manifests/c1-versions.tf b/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-03-Utility-Project/terraform-manifests/c1-versions.tf deleted file mode 100644 index 003b3c92..00000000 --- a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-03-Utility-Project/terraform-manifests/c1-versions.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Terraform Block -terraform { - required_version = ">= 1.6" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 5.0" - } - } -} - -# Provider Block -provider "aws" { - region = "us-east-1" -} -/* -Note-1: AWS Credentials Profile (profile = "default") configured on your local desktop terminal -$HOME/.aws/credentials -*/ diff --git a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-03-Utility-Project/terraform-manifests/c2-v1-get-instancetype-supported-per-az-in-a-region.tf b/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-03-Utility-Project/terraform-manifests/c2-v1-get-instancetype-supported-per-az-in-a-region.tf deleted file mode 100644 index 0417f2a4..00000000 --- a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-03-Utility-Project/terraform-manifests/c2-v1-get-instancetype-supported-per-az-in-a-region.tf +++ /dev/null @@ -1,20 +0,0 @@ -# Datasource -data "aws_ec2_instance_type_offerings" "my_ins_type1" { - filter { - name = "instance-type" - values = ["t3.micro"] - } - filter { - name = "location" - #values = ["us-east-1a"] - values = ["us-east-1e"] - } - location_type = "availability-zone" -} - - -# Output -output "output_v1_1" { - value = data.aws_ec2_instance_type_offerings.my_ins_type1.instance_types -} - diff --git a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-03-Utility-Project/terraform-manifests/c2-v2-get-instancetype-supported-per-az-in-a-region.tf b/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-03-Utility-Project/terraform-manifests/c2-v2-get-instancetype-supported-per-az-in-a-region.tf deleted file mode 100644 index 45c13aaa..00000000 --- a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-03-Utility-Project/terraform-manifests/c2-v2-get-instancetype-supported-per-az-in-a-region.tf +++ /dev/null @@ -1,32 +0,0 @@ -# Check if that respective Instance Type is supported in that Specific Region in list of availability Zones -# Get the List of Availability Zones in a Particular region where that respective Instance Type is supported -# Datasource -data "aws_ec2_instance_type_offerings" "my_ins_type2" { - for_each = toset([ "us-east-1a", "us-east-1b", "us-east-1e" ]) - filter { - name = "instance-type" - values = ["t3.micro"] - } - filter { - name = "location" - values = [each.key] - } - location_type = "availability-zone" -} - - -#Output-1 -# Important Note: Once for_each is set, its attributes must be accessed on specific instances -output "output_v2_1" { - #value = data.aws_ec2_instance_type_offerings.my_ins_type1.instance_types - value = toset([for t in data.aws_ec2_instance_type_offerings.my_ins_type2: t.instance_types]) -} - -#Output-2 -# Create a Map with Key as Availability Zone and value as Instance Type supported -output "output_v2_2" { - value = { - for az, details in data.aws_ec2_instance_type_offerings.my_ins_type2: az => details.instance_types - } -} - diff --git a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-03-Utility-Project/terraform-manifests/c2-v3-get-instancetype-supported-per-az-in-a-region.tf b/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-03-Utility-Project/terraform-manifests/c2-v3-get-instancetype-supported-per-az-in-a-region.tf deleted file mode 100644 index ab01fdea..00000000 --- a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-03-Utility-Project/terraform-manifests/c2-v3-get-instancetype-supported-per-az-in-a-region.tf +++ /dev/null @@ -1,60 +0,0 @@ -# Get List of Availability Zones in a Specific Region -# Region is set in c1-versions.tf in Provider Block -# Datasource-1 -data "aws_availability_zones" "my_azones" { - filter { - name = "opt-in-status" - values = ["opt-in-not-required"] - } -} - -# Check if that respective Instance Type is supported in that Specific Region in list of availability Zones -# Get the List of Availability Zones in a Particular region where that respective Instance Type is supported -# Datasource-2 -data "aws_ec2_instance_type_offerings" "my_ins_type" { - for_each = toset(data.aws_availability_zones.my_azones.names) - filter { - name = "instance-type" - values = ["t3.micro"] - } - filter { - name = "location" - values = [each.key] - } - location_type = "availability-zone" -} - - -# Output-1 -# Basic Output: All Availability Zones mapped to Supported Instance Types -output "output_v3_1" { - value = { - for az, details in data.aws_ec2_instance_type_offerings.my_ins_type: az => details.instance_types - } -} - -# Output-2 -# Filtered Output: Exclude Unsupported Availability Zones -output "output_v3_2" { - value = { - for az, details in data.aws_ec2_instance_type_offerings.my_ins_type: - az => details.instance_types if length(details.instance_types) != 0 } -} - -# Output-3 -# Filtered Output: with Keys Function - Which gets keys from a Map -# This will return the list of availability zones supported for a instance type -output "output_v3_3" { - value = keys({ - for az, details in data.aws_ec2_instance_type_offerings.my_ins_type: - az => details.instance_types if length(details.instance_types) != 0 }) -} - - -# Output-4 (additional learning) -# Filtered Output: As the output is list now, get the first item from list (just for learning) -output "output_v3_4" { - value = keys({ - for az, details in data.aws_ec2_instance_type_offerings.my_ins_type: - az => details.instance_types if length(details.instance_types) != 0 })[0] -} diff --git a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/README.md b/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/README.md deleted file mode 100644 index e83cdb32..00000000 --- a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/README.md +++ /dev/null @@ -1,116 +0,0 @@ -# Meta-Argument for_each with AZ Instance Type Check - -## Step-00: Pre-requisite Note -- We are using the `default vpc` in `us-east-1` region - -## Step-01: Introduction -- Implement the fix for issue we have faced in `section-05-02` with fix we have developed in `section-05-03` - -## Step-02: c7-get-instancetype-supported-per-az-in-a-region.tf -- Copy this from previous `05-03-Utility-Project` from file named `c2-v3-get-instancetype-supported-per-az-in-a-region.tf` -```t -# Get List of Availability Zones in a Specific Region -# Region is set in c1-versions.tf in Provider Block -data "aws_availability_zones" "my_azones" { - filter { - name = "opt-in-status" - values = ["opt-in-not-required"] - } -} - -# Check if that respective Instance Type is supported in that Specific Region in list of availability Zones -# Get the List of Availability Zones in a Particular region where that respective Instance Type is supported -data "aws_ec2_instance_type_offerings" "my_ins_type" { -for_each=toset(data.aws_availability_zones.my_azones.names) - filter { - name = "instance-type" - values = ["t3.micro"] - } - filter { - name = "location" - values = [each.key] - } - location_type = "availability-zone" -} - - -# Basic Output: All Availability Zones mapped to Supported Instance Types -output "output_v3_1" { - value = { for az, details in data.aws_ec2_instance_type_offerings.my_ins_type : - az => details.instance_types } -} - -# Filtered Output: Exclude Unsupported Availability Zones -output "output_v3_2" { - value = { for az, details in data.aws_ec2_instance_type_offerings.my_ins_type : - az => details.instance_types if length(details.instance_types) != 0 } -} - -# Filtered Output: with Keys Function - Which gets keys from a Map -# This will return the list of availability zones supported for a instance type -output "output_v3_3" { - value = keys({ for az, details in data.aws_ec2_instance_type_offerings.my_ins_type : - az => details.instance_types if length(details.instance_types) != 0 }) -} - -# Filtered Output: As the output is list now, get the first item from list (just for learning) -output "output_v3_4" { - value = keys({ for az, details in data.aws_ec2_instance_type_offerings.my_ins_type : - az => details.instance_types if length(details.instance_types) != 0 })[0] -} -``` - -## Step-03: c5-ec2instance.tf -### Step-03-01: Update the `for_each` statement to new one -```t - for_each = toset(keys({ for az, details in data.aws_ec2_instance_type_offerings.my_ins_type : - az => details.instance_types if length(details.instance_types) != 0 })) -``` -### Step-03-02: Final look of c5-ec2-instance.tf -```t -# EC2 Instance -resource "aws_instance" "myec2vm" { - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - user_data = file("${path.module}/app1-install.sh") - key_name = var.instance_keypair - vpc_security_group_ids = [ aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id ] - # Create EC2 Instance in all Availabilty Zones of a VPC - #for_each = toset(data.aws_availability_zones.my_azones.names) - for_each = toset(keys({ for az, details in data.aws_ec2_instance_type_offerings.my_ins_type : - az => details.instance_types if length(details.instance_types) != 0 })) - availability_zone = each.key # You can also use each.value because for list items each.key == each.value - tags = { - "Name" = "For-Each-Demo-${each.key}" - } -} -``` - -## Step-04: Execute Terraform Commands -```t -# Terraform Initialize -terraform init - -# Terraform Validate -terraform validate - -# Terraform Plan -terraform plan - -# Terraform Apply -terraform apply -auto-approve -Observations: -1. Verify Outputs -2. Verify EC2 Instances created via AWS Management Console -``` - - -## Step-05: Clean-Up -```t -# Terraform Destroy -terraform destroy -auto-approve - -# Delete Files -rm -rf .terraform* -rm -rf terraform.tfstate* -``` \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/app1-install.sh b/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/app1-install.sh deleted file mode 100644 index f697dd1d..00000000 --- a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/app1-install.sh +++ /dev/null @@ -1,12 +0,0 @@ -#! /bin/bash -# Instance Identity Metadata Reference - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html -sudo yum update -y -sudo yum install -y httpd -sudo systemctl enable httpd -sudo service httpd start -sudo echo 'Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app1/index.html -sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app1/metadata.html - - diff --git a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/backup/c5-ec2instance.tf b/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/backup/c5-ec2instance.tf deleted file mode 100644 index 1136a744..00000000 --- a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/backup/c5-ec2instance.tf +++ /dev/null @@ -1,16 +0,0 @@ -# EC2 Instance -resource "aws_instance" "myec2vm" { - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - user_data = file("${path.module}/app1-install.sh") - key_name = var.instance_keypair - vpc_security_group_ids = [ aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id ] - # Create EC2 Instance in all Availabilty Zones of a VPC - #for_each = toset(data.aws_availability_zones.my_azones.names) - for_each = toset(keys({ for az, details in data.aws_ec2_instance_type_offerings.my_ins_type : - az => details.instance_types if length(details.instance_types) != 0 })) - availability_zone = each.key # You can also use each.value because for list items each.key == each.value - tags = { - "Name" = "For-Each-Demo-${each.key}" - } -} diff --git a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/c1-versions.tf b/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/c1-versions.tf deleted file mode 100644 index b5f936d3..00000000 --- a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/c1-versions.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Terraform Block -terraform { - required_version = ">= 1.6" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 5.0" - } - } -} - -# Provider Block -provider "aws" { - region = var.aws_region -} -/* -Note-1: AWS Credentials Profile (profile = "default") configured on your local desktop terminal -$HOME/.aws/credentials -*/ diff --git a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/c2-variables.tf b/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/c2-variables.tf deleted file mode 100644 index 786f7843..00000000 --- a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/c2-variables.tf +++ /dev/null @@ -1,23 +0,0 @@ -# Input Variables -# AWS Region -variable "aws_region" { - description = "Region in which AWS Resources to be created" - type = string - default = "us-east-1" -} - -# AWS EC2 Instance Type -variable "instance_type" { - description = "EC2 Instnace Type" - type = string - default = "t3.micro" -} - -# AWS EC2 Instance Key Pair -variable "instance_keypair" { - description = "AWS EC2 Key Pair that need to be associated with EC2 Instance" - type = string - default = "terraform-key" -} - - diff --git a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/c3-ec2securitygroups.tf b/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/c3-ec2securitygroups.tf deleted file mode 100644 index 077c3c40..00000000 --- a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/c3-ec2securitygroups.tf +++ /dev/null @@ -1,56 +0,0 @@ -# Create Security Group - SSH Traffic -resource "aws_security_group" "vpc-ssh" { - name = "vpc-ssh" - description = "Dev VPC SSH" - ingress { - description = "Allow Port 22" - from_port = 22 - to_port = 22 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - } - - egress { - description = "Allow all ip and ports outbound" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] - } - - tags = { - Name = "vpc-ssh" - } -} - -# Create Security Group - Web Traffic -resource "aws_security_group" "vpc-web" { - name = "vpc-web" - description = "Dev VPC Web" - ingress { - description = "Allow Port 80" - from_port = 80 - to_port = 80 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - } - ingress { - description = "Allow Port 443" - from_port = 443 - to_port = 443 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - } - egress { - description = "Allow all ip and ports outbound" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] - } - - tags = { - Name = "vpc-web" - } -} - diff --git a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/c4-ami-datasource.tf b/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/c4-ami-datasource.tf deleted file mode 100644 index cf1e87a6..00000000 --- a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/c4-ami-datasource.tf +++ /dev/null @@ -1,21 +0,0 @@ -# Get latest AMI ID for Amazon Linux2 OS -data "aws_ami" "amzlinux2" { - most_recent = true - owners = ["amazon"] - filter { - name = "name" - values = ["amzn2-ami-hvm-*-gp2"] - } - filter { - name = "root-device-type" - values = ["ebs"] - } - filter { - name = "virtualization-type" - values = ["hvm"] - } - filter { - name = "architecture" - values = ["x86_64"] - } -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/c5-ec2instance.tf b/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/c5-ec2instance.tf deleted file mode 100644 index 33612051..00000000 --- a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/c5-ec2instance.tf +++ /dev/null @@ -1,16 +0,0 @@ -# EC2 Instance -resource "aws_instance" "myec2vm" { - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - user_data = file("${path.module}/app1-install.sh") - key_name = var.instance_keypair - vpc_security_group_ids = [ aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id ] - # Create EC2 Instance in all Availabilty Zones of a VPC - #for_each = toset(data.aws_availability_zones.my_azones.names) - for_each = toset(keys({for az, details in data.aws_ec2_instance_type_offerings.my_ins_type: - az => details.instance_types if length(details.instance_types) != 0 })) - availability_zone = each.key # You can also use each.value because for list items each.key == each.value - tags = { - "Name" = "For-Each-Demo-${each.key}" - } -} diff --git a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/c6-outputs.tf b/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/c6-outputs.tf deleted file mode 100644 index 689af9f3..00000000 --- a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/c6-outputs.tf +++ /dev/null @@ -1,36 +0,0 @@ -# Terraform Output Values - - -# EC2 Instance Public IP with TOSET -output "instance_publicip" { - description = "EC2 Instance Public IP" - #value = aws_instance.myec2vm.*.public_ip # Legacy Splat - #value = aws_instance.myec2vm[*].public_ip # Latest Splat - value = toset([for instance in aws_instance.myec2vm: instance.public_ip]) -} - -# EC2 Instance Public DNS with TOSET -output "instance_publicdns" { - description = "EC2 Instance Public DNS" - #value = aws_instance.myec2vm[*].public_dns # Legacy Splat - #value = aws_instance.myec2vm[*].public_dns # Latest Splat - value = toset([for instance in aws_instance.myec2vm: instance.public_dns]) -} - -# EC2 Instance Public DNS with TOMAP -output "instance_publicdns2" { - value = tomap({for az, instance in aws_instance.myec2vm: az => instance.public_dns}) -} - - -/* -# Additional Important Note about OUTPUTS when for_each used -1. The [*] and .* operators are intended for use with lists only. -2. Because this resource uses for_each rather than count, -its value in other expressions is a toset or a map, not a list. -3. With that said, we can use Function "toset" and loop with "for" -to get the output for a list -4. For maps, we can directly use for loop to get the output and if we -want to handle type conversion we can use "tomap" function too -*/ - diff --git a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/c7-get-instancetype-supported-per-az-in-a-region.tf b/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/c7-get-instancetype-supported-per-az-in-a-region.tf deleted file mode 100644 index 06a55555..00000000 --- a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/c7-get-instancetype-supported-per-az-in-a-region.tf +++ /dev/null @@ -1,59 +0,0 @@ -# Get List of Availability Zones in a Specific Region -# Region is set in c1-versions.tf in Provider Block -# Datasource-1 -data "aws_availability_zones" "my_azones" { - filter { - name = "opt-in-status" - values = ["opt-in-not-required"] - } -} - -# Check if that respective Instance Type is supported in that Specific Region in list of availability Zones -# Get the List of Availability Zones in a Particular region where that respective Instance Type is supported -# Datasource-2 -data "aws_ec2_instance_type_offerings" "my_ins_type" { - for_each = toset(data.aws_availability_zones.my_azones.names) - filter { - name = "instance-type" - values = ["t3.micro"] - } - filter { - name = "location" - values = [each.key] - } - location_type = "availability-zone" -} - - -# Output-1 -# Basic Output: All Availability Zones mapped to Supported Instance Types -output "output_v3_1" { - value = { - for az, details in data.aws_ec2_instance_type_offerings.my_ins_type: az => details.instance_types - } -} - -# Output-2 -# Filtered Output: Exclude Unsupported Availability Zones -output "output_v3_2" { - value = { - for az, details in data.aws_ec2_instance_type_offerings.my_ins_type: - az => details.instance_types if length(details.instance_types) != 0 } -} - -# Output-3 -# Filtered Output: with Keys Function - Which gets keys from a Map -# This will return the list of availability zones supported for a instance type -output "output_v3_3" { - value = keys({for az, details in data.aws_ec2_instance_type_offerings.my_ins_type: - az => details.instance_types if length(details.instance_types) != 0 }) -} - - -# Output-4 (additional learning) -# Filtered Output: As the output is list now, get the first item from list (just for learning) -output "output_v3_4" { - value = keys({ - for az, details in data.aws_ec2_instance_type_offerings.my_ins_type: - az => details.instance_types if length(details.instance_types) != 0 })[0] -} diff --git a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/private-key/terraform-key.pem b/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/private-key/terraform-key.pem deleted file mode 100644 index fab1eb2a..00000000 --- a/V1-UPDATES-DEC2023/05-Terraform-Loops-MetaArguments-SplatOperator/05-04-for_each-with-az-instancetype-check/terraform-manifests/private-key/terraform-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAnzQtbXStFNU4znotckbPpAbQvymSYBvIRhObDObmhZLzs/Qm -lm57HBU18NcdAeEmKjHyu/2CI4Wwor3TJ+LTKHIldHmCt+26dSN5889Km99Af674 -nuPg9fTt8IXhY83aO0AeEnFivC+lk9+6Xezv7J7Llsmyx3kvUGE4uUEPNPuNcjdU -OrSlQ/Th9FPWBsTL8wLQCfQaPIQhZT8fXnvNGViTpZ/YqcoKGmkXcMl/+Pi0Xccs -ID3Egl18sV5uWr6T1DSMqhhwWYbl+IagZYUeKQ6Lg5znAtnX2/OHhDep6pGcf+aE -jbRkhQWgfLIVYhNXkAGxdxBEA2fQO0wvnaKI6wIDAQABAoIBABmUZqApmQ253LDA -TMEJw58VQUEVyuEKVbl8uPLvvqZDoEiPuAt/oOQ4PDyAM7bzmBA7ikbOSrSubF0Z -pu3HsinTfVUjmO84kTb1Bkk4S0KUMmbRlDzjXGfofLqiqD5C+wd+G9bWxQh7l10V -G3qv8TTRpuCJc+I9BG8jz9tkKq9WYtnGKXktVIAmEXK+ein8A5yj+szV1CyP0y6Y -6D1KApk+o1hLEXCBxaK6JgD4elJWgU0jCIhRFZzae93yozNIfJc2WZfPc8Ro6GBa -8H57q3E241P7S65VewhZlln9AUcRFYc587ohcCIW8mOWQ8NA3IMP+oVxa2p334Ll -duhR2jECgYEAyf7a1/+/c82B+ENyo53Y5CK2UM28oOJjiyCaWG2Dxj6V2+ZSXPrS -YTo43L9XiqT0Ry2eHjb4pJDsEeW5FnaDFO6NVUP+vfzaqWtozQmVAl3GQybbSh6g -+KJoEQff2Obadp9ZVhLFTiBedvGqPD43hs7jtmk5RfMjpLOvidfe+/UCgYEAycSJ -etYYHMMQm2NgX1/4dcbgOiu33N+x1H7LaXuvJMaZw0wB7fUyu65CAexEanDtiKs3 -jVG4tAzdMmHg7VxKR7eiCvQaSlxdWdcWtL2eFVq2TaQeowbpJUtsR0h6W0vpaN9A -VYW/oAH4fzQskwmWSlBMxB/Ie14hBCBckTXSRV8CgYEAql6WXpCK/jVbZfYdfvrn -sKPGeijM7DWGGBaLmAHmnxKyeyKsXVgAkZj11NpeD8ZJcq97Kajb1pGVSxMjJVsX -/FOoST5sYfoew76gSi/GypQlYQYo9z8WLh9s/tBRcTRlFqAYTYzPdbG/ezshhmZD -lyRw0620bNdCPOyBJhY5MPECgYA/3tFOazuSz0UQi3LUfkLetagBghlf+AgJJmIp -8BdPYvcF1ae+tiHrO4x1o188+qaW3uxk9fusM25KJqXXPaHd9gl7wi4YYAjFCcuM -R4IlbGPNTCjOnr9rKOcL4aup/uvSYOmyqPYyJq2NRuzdVumWeLj0VMNYGkIFVmE3 -LnxzrQKBgG5loEjdSKt40YOMXtYvUYUKDGvWgoQEb0hj3OqiBXz+w4YD3/iX7dbQ -qra1gCxE42Z9beiBiti6zi6zGcoVj/pfNUoyxTLMSwaytbF+g1u6ksXcmC9PXcmk -kJDR0DJcm/rcL8tp3PKo22GDB7sobm9gk5je6y8z+dQs3SQbWzb0 ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/06-AWS-VPC/06-01-AWS-VPC-using-Mgmt-Console/README.md b/V1-UPDATES-DEC2023/06-AWS-VPC/06-01-AWS-VPC-using-Mgmt-Console/README.md deleted file mode 100644 index 8b9ef51e..00000000 --- a/V1-UPDATES-DEC2023/06-AWS-VPC/06-01-AWS-VPC-using-Mgmt-Console/README.md +++ /dev/null @@ -1,77 +0,0 @@ -# Design AWS VPC using AWS Management Console - -## Step-01: Introduction -- Create VPC -- Create Public and Private Subnets -- Create Internet Gateway and Associate to VPC -- Create NAT Gateway in Public Subnet -- Create Public Route Table, Add Public Route via Internet Gateway and Associate Public Subnet -- Create Private Route Table, Add Private Route via NAT Gateway and Associate Private Subnet - -## Step-02: Create VPC -- **Name:** my-manual-vpc -- **IPv4 CIDR Block:** 10.0.0.0/16 -- Rest all defaults -- Click on **Create VPC** - -## Step-03: Create Subnets -### Step-03-01: Public Subnet -- **VPC ID:** my-manual-vpc -- **Subnet Name::** my-public-subnet-1 -- **Availability zone:** us-east-1a -- **IPv4 CIDR Block:** 10.0.1.0/24 - -### Step-03-02: Private Subnet -- **Subnet Name::** my-private-subnet-1 -- **Availability zone:** us-east-1a -- **IPv4 CIDR Block:** 10.0.101.0/24 -- Click on **Create Subnet** - -## Step-04: Create Internet Gateway and Associate it to VPC -- **Name Tag:** my-igw -- Click on **Create Internet Gateway** -- Click on Actions -> Attach to VPC -> my-manual-vpc - -## Step-05: Create NAT Gateway -- **Name:** my-nat-gateway -- **Subnet:** my-public-subnet-1 -- **Allocate Elastic Ip:** click on that -- Click on **Create NAT Gateway** - -## Step-06: Create Public Route Table and Create Routes and Associate Subnets -### Step-06-01: Create Public Route Table -- **Name tag:** my-public-route-table -- **vpc:** my-manual-vpc -- Click on **Create** -### Step-06-02: Create Public Route in newly created Route Table -- Click on **Add Route** -- **Destination:** 0.0.0.0/0 -- **Target:** my-igw -- Click on **Save Route** -### Step-06-03: Associate Public Subnet 1 in Route Table -- Click on **Edit Subnet Associations** -- Select **my-public-subnet-1** -- Click on **Save** - - -## Step-07: Create Private Route Table and Create Routes and Associate Subnets -### Step-07-01: Create Private Route Table -- **Name tag:** my-private-route-table -- **vpc:** my-manual-vpc -- Click on **Create** -### Step-07-02: Create Private Route in newly created Route Table -- Click on **Add Route** -- **Destination:** 0.0.0.0/0 -- **Target:** my-nat-gateway -- Click on **Save Route** -### Step-07-03: Associate Private Subnet 1 in Route Table -- Click on **Edit Subnet Associations** -- Select **my-private-subnet-1** -- Click on **Save** - -## Step-08: Clean-Up -- Delete `my-nat-gateway` -- Wait till NAT Gateway is deleted -- Delete `my-manual-vpc` - - diff --git a/V1-UPDATES-DEC2023/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/README.md b/V1-UPDATES-DEC2023/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/README.md deleted file mode 100644 index 054a6a32..00000000 --- a/V1-UPDATES-DEC2023/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/README.md +++ /dev/null @@ -1,386 +0,0 @@ -# Design a 3 Tier AWS VPC with NAT Gateways using Terraform - -## Step-01: Introduction -- Understand about Terraform Modules -- Create VPC using `Terraform Modules` -- Define `Input Variables` for VPC module and reference them in VPC Terraform Module -- Define `local values` and reference them in VPC Terraform Module -- Create `terraform.tfvars` to load variable values by default from this file -- Create `vpc.auto.tfvars` to load variable values by default from this file related to a VPC -- Define `Output Values` for VPC - -## Step-02: v1-vpc-module - Hardcoded Model -### Step-02-01: How to make a decision of using the public Registry module? -1. Understand about [Terraform Registry and Modules](https://registry.terraform.io/) -2. We are going to use a [VPC Module](https://registry.terraform.io/modules/terraform-aws-modules/vpc/aws/latest) from Terraform Public Registry -3. Understand about Authenticity of a module hosted on Public Terraform Registry with [HashiCorp Verified Tag](https://registry.terraform.io/modules/terraform-aws-modules/vpc/aws/latest) -4. Review the download rate for that module -5. Review the latest versions and [release history](https://github.com/terraform-aws-modules/terraform-aws-vpc/releases) of that module -6. Review our feature needs when using that module and ensure if our need is satisfied use the module else use the standard terraform resource definition appraoch. -7. Review module inputs, outputs and dependencies too. -### Step-02-02: Create a VPC Module Terraform Configuration -- c1-versions.tf -- c2-generic-variables.tf -- c3-vpc.tf -- [Terraform AWS VPC Module](https://registry.terraform.io/modules/terraform-aws-modules/vpc/aws/latest) -```t -# Create VPC Terraform Module -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - version = "2.78.0" - - # VPC Basic Details - name = "vpc-dev" - cidr = "10.0.0.0/16" - azs = ["us-east-1a", "us-east-1b"] - private_subnets = ["10.0.1.0/24", "10.0.2.0/24"] - public_subnets = ["10.0.101.0/24", "10.0.102.0/24"] - - # Database Subnets - create_database_subnet_group = true - create_database_subnet_route_table= true - database_subnets = ["10.0.151.0/24", "10.0.152.0/24"] - - #create_database_nat_gateway_route = true - #create_database_internet_gateway_route = true - - # NAT Gateways - Outbound Communication - enable_nat_gateway = true - single_nat_gateway = true - - # VPC DNS Parameters - enable_dns_hostnames = true - enable_dns_support = true - - public_subnet_tags = { - Type = "public-subnets" - } - - private_subnet_tags = { - Type = "private-subnets" - } - - database_subnet_tags = { - Type = "database-subnets" - } - - tags = { - Owner = "kalyan" - Environment = "dev" - } - - vpc_tags = { - Name = "vpc-dev" - } -} -``` - -## Step-03: Execute Terraform Commands -```t -# Working Folder -terraform-manifests/v1-vpc-module - -# Terraform Initialize -terraform init -Observation: -1. Verify if modules got downloaded to .terraform folder - -# Terraform Validate -terraform validate - -# Terraform plan -terraform plan - -# Terraform Apply -terraform apply -auto-approve -Observation: -1) Verify VPC -2) Verify Subnets -3) Verify IGW -4) Verify Public Route for Public Subnets -5) Verify no public route for private subnets -6) Verify NAT Gateway and Elastic IP for NAT Gateway -7) Verify NAT Gateway route for Private Subnets -8) Verify no public route or no NAT Gateway route to Database Subnets -9) Verify Tags - -# Terraform Destroy -terraform destroy -auto-approve - -# Delete Files -rm -rf .terraform* -rm -rf terraform.tfstate* -``` - -## Step-04: Version Constraints in Terraform with Modules -- [Terraform Version Constraints](https://www.terraform.io/docs/language/expressions/version-constraints.html) -- For modules locking to the exact version is recommended to ensure there will not be any major breakages in production -- When depending on third-party modules, require specific versions to ensure that updates only happen when convenient to you -- For modules maintained within your organization, specifying version ranges may be appropriate if semantic versioning is used consistently or if there is a well-defined release process that avoids unwanted updates. -- [Review and understand this carefully](https://www.terraform.io/docs/language/expressions/version-constraints.html#terraform-core-and-provider-versions) - -## Step-05: v2-vpc-module-standardized - Standardized and Generalized -- In the next series of steps we are going to standardize the VPC configuration -- c2-generic-variables.tf -```t -# Input Variables -# AWS Region -variable "aws_region" { - description = "Region in which AWS Resources to be created" - type = string - default = "us-east-1" -} -# Environment Variable -variable "environment" { - description = "Environment Variable used as a prefix" - type = string - default = "dev" -} -# Business Division -variable "business_divsion" { - description = "Business Division in the large organization this Infrastructure belongs" - type = string - default = "HR" -} -``` - -## Step-06: c3-local-values.tf -- Understand about [Local Values](https://www.terraform.io/docs/language/values/locals.html) -```t -# Define Local Values in Terraform -locals { - owners = var.business_divsion - environment = var.environment - name = "${var.business_divsion}-${var.environment}" - common_tags = { - owners = local.owners - environment = local.environment - } -} -``` - -## Step-07: c4-01-vpc-variables.tf -```t -# VPC Input Variables - -# VPC Name -variable "vpc_name" { - description = "VPC Name" - type = string - default = "myvpc" -} - -# VPC CIDR Block -variable "vpc_cidr_block" { - description = "VPC CIDR Block" - type = string - default = "10.0.0.0/16" -} - -# VPC Availability Zones -variable "vpc_availability_zones" { - description = "VPC Availability Zones" - type = list(string) - default = ["us-east-1a", "us-east-1b"] -} - -# VPC Public Subnets -variable "vpc_public_subnets" { - description = "VPC Public Subnets" - type = list(string) - default = ["10.0.101.0/24", "10.0.102.0/24"] -} - -# VPC Private Subnets -variable "vpc_private_subnets" { - description = "VPC Private Subnets" - type = list(string) - default = ["10.0.1.0/24", "10.0.2.0/24"] -} - -# VPC Database Subnets -variable "vpc_database_subnets" { - description = "VPC Database Subnets" - type = list(string) - default = ["10.0.151.0/24", "10.0.152.0/24"] -} - -# VPC Create Database Subnet Group (True / False) -variable "vpc_create_database_subnet_group" { - description = "VPC Create Database Subnet Group" - type = bool - default = true -} - -# VPC Create Database Subnet Route Table (True or False) -variable "vpc_create_database_subnet_route_table" { - description = "VPC Create Database Subnet Route Table" - type = bool - default = true -} - - -# VPC Enable NAT Gateway (True or False) -variable "vpc_enable_nat_gateway" { - description = "Enable NAT Gateways for Private Subnets Outbound Communication" - type = bool - default = true -} - -# VPC Single NAT Gateway (True or False) -variable "vpc_single_nat_gateway" { - description = "Enable only single NAT Gateway in one Availability Zone to save costs during our demos" - type = bool - default = true -} -``` -## Step-08: c4-02-vpc-module.tf -```t -# Create VPC Terraform Module -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - #version = "2.78.0" - #version = "~> 2.78" - version = "5.2.0" - - # VPC Basic Details - name = "${local.name}-${var.vpc_name}" - cidr = var.vpc_cidr_block - azs = var.vpc_availability_zones - public_subnets = var.vpc_public_subnets - private_subnets = var.vpc_private_subnets - - # Database Subnets - database_subnets = var.vpc_database_subnets - create_database_subnet_group = var.vpc_create_database_subnet_group - create_database_subnet_route_table = var.vpc_create_database_subnet_route_table - # create_database_internet_gateway_route = true - # create_database_nat_gateway_route = true - - # NAT Gateways - Outbound Communication - enable_nat_gateway = var.vpc_enable_nat_gateway - single_nat_gateway = var.vpc_single_nat_gateway - - # VPC DNS Parameters - enable_dns_hostnames = true - enable_dns_support = true - - - tags = local.common_tags - vpc_tags = local.common_tags - - # Additional Tags to Subnets - public_subnet_tags = { - Type = "Public Subnets" - } - private_subnet_tags = { - Type = "Private Subnets" - } - database_subnet_tags = { - Type = "Private Database Subnets" - } -} -``` -## Step-09: c4-03-vpc-outputs.tf -```t -# VPC Output Values - -# VPC ID -output "vpc_id" { - description = "The ID of the VPC" - value = module.vpc.vpc_id -} - -# VPC CIDR blocks -output "vpc_cidr_block" { - description = "The CIDR block of the VPC" - value = module.vpc.vpc_cidr_block -} - -# VPC Private Subnets -output "private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc.private_subnets -} - -# VPC Public Subnets -output "public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc.public_subnets -} - -# VPC NAT gateway Public IP -output "nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_public_ips -} - -# VPC AZs -output "azs" { - description = "A list of availability zones spefified as argument to this module" - value = module.vpc.azs -} -``` -## Step-10: terraform.tfvars -```t -# Generic Variables -aws_region = "us-east-1" -environment = "dev" -business_divsion = "HR" -``` - -## Step-11: vpc.auto.tfvars -```t -# VPC Variables -vpc_name = "myvpc" -vpc_cidr_block = "10.0.0.0/16" -vpc_availability_zones = ["us-east-1a", "us-east-1b"] -vpc_public_subnets = ["10.0.101.0/24", "10.0.102.0/24"] -vpc_private_subnets = ["10.0.1.0/24", "10.0.2.0/24"] -vpc_database_subnets= ["10.0.151.0/24", "10.0.152.0/24"] -vpc_create_database_subnet_group = true -vpc_create_database_subnet_route_table = true -vpc_enable_nat_gateway = true -vpc_single_nat_gateway = true -``` - - -## Step-12: Execute Terraform Commands -```t -# Working Folder -terraform-manifests/v2-vpc-module-standardized - -# Terraform Initialize -terraform init - -# Terraform Validate -terraform validate - -# Terraform plan -terraform plan - -# Terraform Apply -terraform apply -auto-approve -Observation: -1) Verify VPC -2) Verify Subnets -3) Verify IGW -4) Verify Public Route for Public Subnets -5) Verify no public route for private subnets -6) Verify NAT Gateway and Elastic IP for NAT Gateway -7) Verify NAT Gateway route for Private Subnets -8) Verify no public route or no NAT Gateway route to Database Subnets -9) Verify Tags -``` - -## Step-13: Clean-Up -```t -# Terraform Destroy -terraform destroy -auto-approve - -# Delete Files -rm -rf .terraform* -rm -rf terraform.tfstate* -``` - - diff --git a/V1-UPDATES-DEC2023/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/UPGRADES-1.0.md b/V1-UPDATES-DEC2023/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/UPGRADES-1.0.md deleted file mode 100644 index 46d5429b..00000000 --- a/V1-UPDATES-DEC2023/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/UPGRADES-1.0.md +++ /dev/null @@ -1,27 +0,0 @@ -# Terraform Manifest Upgrades - -## Step-01: c1-versions.tf -```t -# Terraform Block -terraform { - required_version = ">= 1.6" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 5.0" - } - null = { - source = "hashicorp/null" - version = "~> 3.0" - } - } -} -``` - -## Step-02: c4-02-vpc-module.tf -```t - source = "terraform-aws-modules/vpc/aws" - #version = "2.78.0" - #version = "~> 2.78" - version = "5.2.0" -``` diff --git a/V1-UPDATES-DEC2023/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v1-vpc-module/c1-versions.tf b/V1-UPDATES-DEC2023/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v1-vpc-module/c1-versions.tf deleted file mode 100644 index e546ccb7..00000000 --- a/V1-UPDATES-DEC2023/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v1-vpc-module/c1-versions.tf +++ /dev/null @@ -1,20 +0,0 @@ -# Terraform Block -terraform { - required_version = ">= 1.6" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 5.0" - } - } -} - -# Provider Block -provider "aws" { - region = var.aws_region - profile = "default" -} -/* -Note-1: AWS Credentials Profile (profile = "default") configured on your local desktop terminal -$HOME/.aws/credentials -*/ diff --git a/V1-UPDATES-DEC2023/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v1-vpc-module/c2-generic-variables.tf b/V1-UPDATES-DEC2023/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v1-vpc-module/c2-generic-variables.tf deleted file mode 100644 index 0e652e99..00000000 --- a/V1-UPDATES-DEC2023/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v1-vpc-module/c2-generic-variables.tf +++ /dev/null @@ -1,12 +0,0 @@ -# Input Variables - -# AWS Region -variable "aws_region" { - description = "Region in which AWS Resources to be created" - type = string - default = "us-east-1" -} - - - - diff --git a/V1-UPDATES-DEC2023/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v1-vpc-module/c3-vpc.tf b/V1-UPDATES-DEC2023/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v1-vpc-module/c3-vpc.tf deleted file mode 100644 index 79aa63ea..00000000 --- a/V1-UPDATES-DEC2023/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v1-vpc-module/c3-vpc.tf +++ /dev/null @@ -1,54 +0,0 @@ -# Create VPC Terraform Module -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - #version = "2.78.0" - # version = "~> 2.78" - version = "5.2.0" - - # VPC Basic Details - name = "vpc-dev" - cidr = "10.0.0.0/16" - azs = ["us-east-1a", "us-east-1b"] - private_subnets = ["10.0.1.0/24", "10.0.2.0/24"] - public_subnets = ["10.0.101.0/24", "10.0.102.0/24"] - - # Database Subnets - create_database_subnet_group = true - create_database_subnet_route_table= true - database_subnets = ["10.0.151.0/24", "10.0.152.0/24"] - - #create_database_nat_gateway_route = true - #create_database_internet_gateway_route = true - - # NAT Gateways - Outbound Communication - enable_nat_gateway = true - single_nat_gateway = true - - # VPC DNS Parameters - enable_dns_hostnames = true - enable_dns_support = true - - public_subnet_tags = { - Type = "public-subnets" - } - - private_subnet_tags = { - Type = "private-subnets" - } - - database_subnet_tags = { - Type = "database-subnets" - } - - tags = { - Owner = "kalyan" - Environment = "dev" - } - - vpc_tags = { - Name = "vpc-dev" - } -} - - - diff --git a/V1-UPDATES-DEC2023/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v2-vpc-module-standardized/c1-versions.tf b/V1-UPDATES-DEC2023/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v2-vpc-module-standardized/c1-versions.tf deleted file mode 100644 index e39ad585..00000000 --- a/V1-UPDATES-DEC2023/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v2-vpc-module-standardized/c1-versions.tf +++ /dev/null @@ -1,20 +0,0 @@ -# Terraform Block -terraform { - required_version = ">= 1.6" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 5.0" - } - } -} - -# Provider Block -provider "aws" { - region = var.aws_region - profile = "default" -} -/* -Note-1: AWS Credentials Profile (profile = "default") configured on your local desktop terminal -$HOME/.aws/credentials -*/ diff --git a/V1-UPDATES-DEC2023/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v2-vpc-module-standardized/c2-generic-variables.tf b/V1-UPDATES-DEC2023/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v2-vpc-module-standardized/c2-generic-variables.tf deleted file mode 100644 index 4f6d813e..00000000 --- a/V1-UPDATES-DEC2023/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v2-vpc-module-standardized/c2-generic-variables.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Input Variables -# AWS Region -variable "aws_region" { - description = "Region in which AWS Resources to be created" - type = string - default = "us-east-1" -} -# Environment Variable -variable "environment" { - description = "Environment Variable used as a prefix" - type = string - default = "dev" -} -# Business Division -variable "business_divsion" { - description = "Business Division in the large organization this Infrastructure belongs" - type = string - default = "SAP" -} diff --git a/V1-UPDATES-DEC2023/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v2-vpc-module-standardized/c3-local-values.tf b/V1-UPDATES-DEC2023/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v2-vpc-module-standardized/c3-local-values.tf deleted file mode 100644 index 9465b846..00000000 --- a/V1-UPDATES-DEC2023/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v2-vpc-module-standardized/c3-local-values.tf +++ /dev/null @@ -1,11 +0,0 @@ -# Define Local Values in Terraform -locals { - owners = var.business_divsion - environment = var.environment - name = "${var.business_divsion}-${var.environment}" - #name = "${local.owners}-${local.environment}" - common_tags = { - owners = local.owners - environment = local.environment - } -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v2-vpc-module-standardized/c4-01-vpc-variables.tf b/V1-UPDATES-DEC2023/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v2-vpc-module-standardized/c4-01-vpc-variables.tf deleted file mode 100644 index b68d0a48..00000000 --- a/V1-UPDATES-DEC2023/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v2-vpc-module-standardized/c4-01-vpc-variables.tf +++ /dev/null @@ -1,77 +0,0 @@ -# VPC Input Variables - -# VPC Name -variable "vpc_name" { - description = "VPC Name" - type = string - default = "myvpc" -} - -# VPC CIDR Block -variable "vpc_cidr_block" { - description = "VPC CIDR Block" - type = string - default = "10.0.0.0/16" -} - -# VPC Availability Zones -variable "vpc_availability_zones" { - description = "VPC Availability Zones" - type = list(string) - default = ["us-east-1a", "us-east-1b"] -} - -# VPC Public Subnets -variable "vpc_public_subnets" { - description = "VPC Public Subnets" - type = list(string) - default = ["10.0.101.0/24", "10.0.102.0/24"] -} - -# VPC Private Subnets -variable "vpc_private_subnets" { - description = "VPC Private Subnets" - type = list(string) - default = ["10.0.1.0/24", "10.0.2.0/24"] -} - -# VPC Database Subnets -variable "vpc_database_subnets" { - description = "VPC Database Subnets" - type = list(string) - default = ["10.0.151.0/24", "10.0.152.0/24"] -} - -# VPC Create Database Subnet Group (True / False) -variable "vpc_create_database_subnet_group" { - description = "VPC Create Database Subnet Group" - type = bool - default = true -} - -# VPC Create Database Subnet Route Table (True or False) -variable "vpc_create_database_subnet_route_table" { - description = "VPC Create Database Subnet Route Table" - type = bool - default = true -} - - -# VPC Enable NAT Gateway (True or False) -variable "vpc_enable_nat_gateway" { - description = "Enable NAT Gateways for Private Subnets Outbound Communication" - type = bool - default = true -} - -# VPC Single NAT Gateway (True or False) -variable "vpc_single_nat_gateway" { - description = "Enable only single NAT Gateway in one Availability Zone to save costs during our demos" - type = bool - default = true -} - - - - - diff --git a/V1-UPDATES-DEC2023/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v2-vpc-module-standardized/c4-02-vpc-module.tf b/V1-UPDATES-DEC2023/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v2-vpc-module-standardized/c4-02-vpc-module.tf deleted file mode 100644 index c13690c5..00000000 --- a/V1-UPDATES-DEC2023/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v2-vpc-module-standardized/c4-02-vpc-module.tf +++ /dev/null @@ -1,44 +0,0 @@ -# Create VPC Terraform Module -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - #version = "2.78.0" - #version = "~> 2.78" - version = "5.2.0" - - # VPC Basic Details - name = "${local.name}-${var.vpc_name}" - cidr = var.vpc_cidr_block - azs = var.vpc_availability_zones - public_subnets = var.vpc_public_subnets - private_subnets = var.vpc_private_subnets - - # Database Subnets - database_subnets = var.vpc_database_subnets - create_database_subnet_group = var.vpc_create_database_subnet_group - create_database_subnet_route_table = var.vpc_create_database_subnet_route_table - # create_database_internet_gateway_route = true - # create_database_nat_gateway_route = true - - # NAT Gateways - Outbound Communication - enable_nat_gateway = var.vpc_enable_nat_gateway - single_nat_gateway = var.vpc_single_nat_gateway - - # VPC DNS Parameters - enable_dns_hostnames = true - enable_dns_support = true - - - tags = local.common_tags - vpc_tags = local.common_tags - - # Additional Tags to Subnets - public_subnet_tags = { - Type = "Public Subnets" - } - private_subnet_tags = { - Type = "Private Subnets" - } - database_subnet_tags = { - Type = "Private Database Subnets" - } -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v2-vpc-module-standardized/c4-03-vpc-outputs.tf b/V1-UPDATES-DEC2023/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v2-vpc-module-standardized/c4-03-vpc-outputs.tf deleted file mode 100644 index c144e991..00000000 --- a/V1-UPDATES-DEC2023/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v2-vpc-module-standardized/c4-03-vpc-outputs.tf +++ /dev/null @@ -1,37 +0,0 @@ -# VPC Output Values - -# VPC ID -output "vpc_id" { - description = "The ID of the VPC" - value = module.vpc.vpc_id -} - -# VPC CIDR blocks -output "vpc_cidr_block" { - description = "The CIDR block of the VPC" - value = module.vpc.vpc_cidr_block -} - -# VPC Private Subnets -output "private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc.private_subnets -} - -# VPC Public Subnets -output "public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc.public_subnets -} - -# VPC NAT gateway Public IP -output "nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_public_ips -} - -# VPC AZs -output "azs" { - description = "A list of availability zones spefified as argument to this module" - value = module.vpc.azs -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v2-vpc-module-standardized/terraform.tfvars b/V1-UPDATES-DEC2023/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v2-vpc-module-standardized/terraform.tfvars deleted file mode 100644 index d423925d..00000000 --- a/V1-UPDATES-DEC2023/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v2-vpc-module-standardized/terraform.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# Generic Variables -aws_region = "us-east-1" -environment = "stag" -business_divsion = "HR" - - - - - - - diff --git a/V1-UPDATES-DEC2023/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v2-vpc-module-standardized/vpc.auto.tfvars b/V1-UPDATES-DEC2023/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v2-vpc-module-standardized/vpc.auto.tfvars deleted file mode 100644 index fc45bf29..00000000 --- a/V1-UPDATES-DEC2023/06-AWS-VPC/06-02-AWS-VPC-using-Terraform/terraform-manifests/v2-vpc-module-standardized/vpc.auto.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# VPC Variables -vpc_name = "myvpc" -vpc_cidr_block = "10.0.0.0/16" -vpc_availability_zones = ["us-east-1a", "us-east-1b"] -vpc_public_subnets = ["10.0.101.0/24", "10.0.102.0/24"] -vpc_private_subnets = ["10.0.1.0/24", "10.0.2.0/24"] -vpc_database_subnets= ["10.0.151.0/24", "10.0.152.0/24"] -vpc_create_database_subnet_group = true -vpc_create_database_subnet_route_table = true -vpc_enable_nat_gateway = true -vpc_single_nat_gateway = true \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/README.md b/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/README.md deleted file mode 100644 index 50f206df..00000000 --- a/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/README.md +++ /dev/null @@ -1,405 +0,0 @@ -# Build AWS EC2 Instances, Security Groups using Terraform - -## Step-01: Introduction -### Terraform Modules we will use -- [terraform-aws-modules/vpc/aws](https://registry.terraform.io/modules/terraform-aws-modules/vpc/aws/latest) -- [terraform-aws-modules/security-group/aws](https://registry.terraform.io/modules/terraform-aws-modules/security-group/aws/latest) -- [terraform-aws-modules/ec2-instance/aws](https://registry.terraform.io/modules/terraform-aws-modules/ec2-instance/aws/latest) - -### Terraform New Concepts we will introduce -- [aws_eip](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip) -- [null_resource](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) -- [file provisioner](https://www.terraform.io/docs/language/resources/provisioners/file.html) -- [remote-exec provisioner](https://www.terraform.io/docs/language/resources/provisioners/remote-exec.html) -- [local-exec provisioner](https://www.terraform.io/docs/language/resources/provisioners/local-exec.html) -- [depends_on Meta-Argument](https://www.terraform.io/docs/language/meta-arguments/depends_on.html) - -### What are we going implement? -- Create VPC with 3-Tier Architecture (Web, App and DB) - Leverage code from previous section -- Create AWS Security Group Terraform Module and define HTTP port 80, 22 inbound rule for entire internet access `0.0.0.0/0` -- Create Multiple EC2 Instances in VPC Private Subnets and install -- Create EC2 Instance in VPC Public Subnet `Bastion Host` -- Create Elastic IP for `Bastion Host` EC2 Instance -- Create `null_resource` with following 3 Terraform Provisioners - - File Provisioner - - Remote-exec Provisioner - - Local-exec Provisioner - -## Pre-requisite -- Copy your AWS EC2 Key pair `terraform-key.pem` in `private-key` folder -- Folder name `local-exec-output-files` where `local-exec` provisioner creates a file (creation-time provisioner) - -## Step-02: Copy all the VPC TF Config files from 06-02 -- Copy the following TF Config files from 06-02 section which will create a 3-Tier VPC -- c1-versions.tf -- c2-generic-variables.tf -- c3-local-values.tf -- c4-01-vpc-variables.tf -- c4-02-vpc-module.tf -- c4-03-vpc-outputs.tf -- terraform.tfvars -- vpc.auto.tfvars -- private-key/terraform-key.pem - -## Step-03: Add app1-install.sh -- Add `app1-install.sh` in working directory -```sh -#! /bin/bash -# Instance Identity Metadata Reference - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html -sudo yum update -y -sudo yum install -y httpd -sudo systemctl enable httpd -sudo service httpd start -sudo echo 'Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app1/index.html -sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app1/metadata.html -``` - -## Step-04: Create Security Groups for Bastion Host and Private Subnet Hosts -### Step-04-01: c5-01-securitygroup-variables.tf -- Place holder file for defining any Input Variables for EC2 Security Groups - -### Step-04-02: c5-03-securitygroup-bastionsg.tf -- [SG Module Examples for Reference](https://registry.terraform.io/modules/terraform-aws-modules/security-group/aws/latest/examples/complete) -```t -# AWS EC2 Security Group Terraform Module -# Security Group for Public Bastion Host -module "public_bastion_sg" { - source = "terraform-aws-modules/security-group/aws" - version = "3.18.0" - - name = "public-bastion-sg" - description = "Security group with SSH port open for everybody (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Block - ingress_rules = ["ssh-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} -``` -### Step-04-03: c5-04-securitygroup-privatesg.tf -```t -# AWS EC2 Security Group Terraform Module -# Security Group for Private EC2 Instances -module "private_sg" { - source = "terraform-aws-modules/security-group/aws" - version = "3.18.0" - - name = "private-sg" - description = "Security group with HTTP & SSH ports open for everybody (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - ingress_rules = ["ssh-tcp", "http-80-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - egress_rules = ["all-all"] - tags = local.common_tags -} -``` - -### Step-04-04: c5-02-securitygroup-outputs.tf -- [SG Module Examples for Reference](https://registry.terraform.io/modules/terraform-aws-modules/security-group/aws/latest/examples/complete) -```t - -# Public Bastion Host Security Group Outputs -output "public_bastion_sg_group_id" { - description = "The ID of the security group" - value = module.public_bastion_sg.this_security_group_id -} -output "public_bastion_sg_group_vpc_id" { - description = "The VPC ID" - value = module.public_bastion_sg.this_security_group_vpc_id -} -output "public_bastion_sg_group_name" { - description = "The name of the security group" - value = module.public_bastion_sg.this_security_group_name -} - - -# Private EC2 Instances Security Group Outputs -output "private_sg_group_id" { - description = "The ID of the security group" - value = module.private_sg.this_security_group_id -} -output "private_sg_group_vpc_id" { - description = "The VPC ID" - value = module.private_sg.this_security_group_vpc_id -} -output "private_sg_group_name" { - description = "The name of the security group" - value = module.private_sg.this_security_group_name -} -``` - -## Step-05: c6-01-datasource-ami.tf -```t -# Get latest AMI ID for Amazon Linux2 OS -data "aws_ami" "amzlinux2" { - most_recent = true - owners = [ "amazon" ] - filter { - name = "name" - values = [ "amzn2-ami-hvm-*-gp2" ] - } - filter { - name = "root-device-type" - values = [ "ebs" ] - } - filter { - name = "virtualization-type" - values = [ "hvm" ] - } - filter { - name = "architecture" - values = [ "x86_64" ] - } -} -``` - -## Step-06: EC2 Instances -### Step-06-01: c7-01-ec2instance-variables.tf -```t -# AWS EC2 Instance Type -variable "instance_type" { - description = "EC2 Instance Type" - type = string - default = "t3.micro" -} -# AWS EC2 Instance Key Pair -variable "instance_keypair" { - description = "AWS EC2 Key pair that need to be associated with EC2 Instance" - type = string - default = "terraform-key" -} -``` -### Step-06-02: c7-03-ec2instance-bastion.tf -- [Example EC2 Instance Module for Reference](https://registry.terraform.io/modules/terraform-aws-modules/ec2-instance/aws/latest/examples/basic) -```t -# AWS EC2 Instance Terraform Module -# Bastion Host - EC2 Instance that will be created in VPC Public Subnet -module "ec2_public" { - source = "terraform-aws-modules/ec2-instance/aws" - version = "2.17.0" - # insert the 10 required variables here - name = "${var.environment}-BastionHost" - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - subnet_id = module.vpc.public_subnets[0] - vpc_security_group_ids = [module.public_bastion_sg.this_security_group_id] - tags = local.common_tags -} -``` -### Step-06-03: c7-04-ec2instance-private.tf -- [Example EC2 Instance Module for Reference](https://registry.terraform.io/modules/terraform-aws-modules/ec2-instance/aws/latest/examples/basic) -```t - -# EC2 Instances that will be created in VPC Private Subnets -module "ec2_private" { - source = "terraform-aws-modules/ec2-instance/aws" - version = "2.17.0" - name = "${var.environment}-vm" - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - user_data = file("${path.module}/apache-install.sh") - key_name = var.instance_keypair - #subnet_id = module.vpc.private_subnets[0] # Single Instance - vpc_security_group_ids = [module.private_sg.this_security_group_id] - instance_count = 3 - subnet_ids = [ - module.vpc.private_subnets[0], - module.vpc.private_subnets[1], - ] - tags = local.common_tags -} -``` -### Step-06-04: c7-02-ec2instance-outputs.tf -```t -# AWS EC2 Instance Terraform Outputs -# Public EC2 Instances - Bastion Host -output "ec2_bastion_public_instance_ids" { - description = "List of IDs of instances" - value = module.ec2_public.id -} -output "ec2_bastion_public_ip" { - description = "List of Public ip address assigned to the instances" - value = module.ec2_public.public_ip -} -# Private EC2 Instances -output "ec2_private_instance_ids" { - description = "List of IDs of instances" - value = module.ec2_private.id -} -output "ec2_private_ip" { - description = "List of private ip address assigned to the instances" - value = module.ec2_private.private_ip -} -``` - -## Step-07: EC2 Elastic IP for Bastion Host - c8-elasticip.tf -- learn about [Terraform Resource Meta-Argument `depends_on`](https://www.terraform.io/docs/language/meta-arguments/depends_on.html) -```t -# Create Elastic IP for Bastion Host -# Resource - depends_on Meta-Argument -resource "aws_eip" "bastion_eip" { - depends_on = [module.ec2_public] - instance = module.ec2_public.id[0] - vpc = true - tags = local.common_tags -} -``` - -## Step-08: c9-nullresource-provisioners.tf -### Step-08-01: Define null resource in c1-versions.tf -- Learn about [Terraform Null Resource](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) -- Define null resource in c1-versions.tf in `terraform block` -```t - null = { - source = "hashicorp/null" - version = "~> 3.0.0" - } -``` - -### Step-08-02: Understand about Null Resource and Provisioners -- Learn about Terraform Null Resource -- Learn about [Terraform File Provisioner](https://www.terraform.io/docs/language/resources/provisioners/file.html) -- Learn about [Terraform Remote-Exec Provisioner](https://www.terraform.io/docs/language/resources/provisioners/remote-exec.html) -- Learn about [Terraform Local-Exec Provisioner](https://www.terraform.io/docs/language/resources/provisioners/local-exec.html) -```t -# Create a Null Resource and Provisioners -resource "null_resource" "name" { - depends_on = [module.ec2_public ] - # Connection Block for Provisioners to connect to EC2 Instance - connection { - type = "ssh" - host = aws_eip.bastion_eip.public_ip - user = "ec2-user" - password = "" - private_key = file("private-key/terraform-key.pem") - } - - # Copies the terraform-key.pem file to /tmp/terraform-key.pem - provisioner "file" { - source = "private-key/terraform-key.pem" - destination = "/tmp/terraform-key.pem" - } - -# Using remote-exec provisioner fix the private key permissions on Bastion Host - provisioner "remote-exec" { - inline = [ - "sudo chmod 400 /tmp/terraform-key.pem" - ] - } - # local-exec provisioner (Creation-Time Provisioner - Triggered during Create Resource) - provisioner "local-exec" { - command = "echo VPC created on `date` and VPC ID: ${module.vpc.vpc_id} >> creation-time-vpc-id.txt" - working_dir = "local-exec-output-files/" - #on_failure = continue - } -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) - provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } -} -``` - -## Step-09: ec2instance.auto.tfvars -```t -# EC2 Instance Variables -instance_type = "t3.micro" -instance_keypair = "terraform-key" -``` -## Step-10: Usage of depends_on Meta-Argument -### Step-10-01: c7-04-ec2instance-private.tf -- We have put `depends_on` so that EC2 Private Instances will not get created until all the resources of VPC module are created -- **why?** -- VPC NAT Gateway should be created before EC2 Instances in private subnets because these private instances has a `userdata` which will try to go outbound to download the `HTTPD` package using YUM to install the webserver -- If Private EC2 Instances gets created first before VPC NAT Gateway provisioning of webserver in these EC2 Instances will fail. -```t -depends_on = [module.vpc] -``` - -### Step-10-02: c8-elasticip.tf -- We have put `depends_on` in Elastic IP resource. -- This elastic ip resource will explicitly wait for till the bastion EC2 instance `module.ec2_public` is created. -- This elastic ip resource will wait till all the VPC resources are created primarily the Internet Gateway IGW. -```t -depends_on = [module.ec2_public, module.vpc] -``` - -### Step-10-03: c9-nullresource-provisioners.tf -- We have put `depends_on` in Null Resource -- This Null resource contains a file provisioner which will copy the `private-key/terraform-key.pem` to Bastion Host `ec2_public module created ec2 instance`. -- So we added explicit dependency in terraform to have this `null_resource` wait till respective EC2 instance is ready so file provisioner can copy the `private-key/terraform-key.pem` file -```t - depends_on = [module.ec2_public ] -``` - -## Step-11: Execute Terraform Commands -```t -# Terraform Initialize -terraform init - -# Terraform Validate -terraform validate - -# Terraform Plan -terraform plan -Observation: -1) Review Security Group resources -2) Review EC2 Instance resources -3) Review all other resources (vpc, elasticip) - -# Terraform Apply -terraform apply -auto-approve -Observation: -1) VERY IMPORTANT: Primarily observe that first VPC NAT Gateway will be created and after that only module.ec2_private related EC2 Instance will be created -``` - - -## Step-12: Connect to Bastion EC2 Instance and Test -```t -# Connect to Bastion EC2 Instance from local desktop -ssh -i private-key/terraform-key.pem ec2-user@Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app1/index.html -sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app1/metadata.html - - diff --git a/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c1-versions.tf b/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c1-versions.tf deleted file mode 100644 index 7fa6c2d0..00000000 --- a/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c1-versions.tf +++ /dev/null @@ -1,24 +0,0 @@ -# Terraform Block -terraform { - required_version = ">= 1.6" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 5.0" - } - null = { - source = "hashicorp/null" - version = "~> 3.0" - } - } -} - -# Provider Block -provider "aws" { - region = var.aws_region - profile = "default" -} -/* -Note-1: AWS Credentials Profile (profile = "default") configured on your local desktop terminal -$HOME/.aws/credentials -*/ diff --git a/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c2-generic-variables.tf b/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c2-generic-variables.tf deleted file mode 100644 index c238ceaa..00000000 --- a/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c2-generic-variables.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Input Variables -# AWS Region -variable "aws_region" { - description = "Region in which AWS Resources to be created" - type = string - default = "us-east-1" -} -# Environment Variable -variable "environment" { - description = "Environment Variable used as a prefix" - type = string - default = "dev" -} -# Business Division -variable "business_divsion" { - description = "Business Division in the large organization this Infrastructure belongs" - type = string - default = "sap" -} diff --git a/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c3-local-values.tf b/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c3-local-values.tf deleted file mode 100644 index 9465b846..00000000 --- a/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c3-local-values.tf +++ /dev/null @@ -1,11 +0,0 @@ -# Define Local Values in Terraform -locals { - owners = var.business_divsion - environment = var.environment - name = "${var.business_divsion}-${var.environment}" - #name = "${local.owners}-${local.environment}" - common_tags = { - owners = local.owners - environment = local.environment - } -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c4-01-vpc-variables.tf b/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c4-01-vpc-variables.tf deleted file mode 100644 index b68d0a48..00000000 --- a/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c4-01-vpc-variables.tf +++ /dev/null @@ -1,77 +0,0 @@ -# VPC Input Variables - -# VPC Name -variable "vpc_name" { - description = "VPC Name" - type = string - default = "myvpc" -} - -# VPC CIDR Block -variable "vpc_cidr_block" { - description = "VPC CIDR Block" - type = string - default = "10.0.0.0/16" -} - -# VPC Availability Zones -variable "vpc_availability_zones" { - description = "VPC Availability Zones" - type = list(string) - default = ["us-east-1a", "us-east-1b"] -} - -# VPC Public Subnets -variable "vpc_public_subnets" { - description = "VPC Public Subnets" - type = list(string) - default = ["10.0.101.0/24", "10.0.102.0/24"] -} - -# VPC Private Subnets -variable "vpc_private_subnets" { - description = "VPC Private Subnets" - type = list(string) - default = ["10.0.1.0/24", "10.0.2.0/24"] -} - -# VPC Database Subnets -variable "vpc_database_subnets" { - description = "VPC Database Subnets" - type = list(string) - default = ["10.0.151.0/24", "10.0.152.0/24"] -} - -# VPC Create Database Subnet Group (True / False) -variable "vpc_create_database_subnet_group" { - description = "VPC Create Database Subnet Group" - type = bool - default = true -} - -# VPC Create Database Subnet Route Table (True or False) -variable "vpc_create_database_subnet_route_table" { - description = "VPC Create Database Subnet Route Table" - type = bool - default = true -} - - -# VPC Enable NAT Gateway (True or False) -variable "vpc_enable_nat_gateway" { - description = "Enable NAT Gateways for Private Subnets Outbound Communication" - type = bool - default = true -} - -# VPC Single NAT Gateway (True or False) -variable "vpc_single_nat_gateway" { - description = "Enable only single NAT Gateway in one Availability Zone to save costs during our demos" - type = bool - default = true -} - - - - - diff --git a/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c4-02-vpc-module.tf b/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c4-02-vpc-module.tf deleted file mode 100644 index 967d2dcb..00000000 --- a/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c4-02-vpc-module.tf +++ /dev/null @@ -1,44 +0,0 @@ -# Create VPC Terraform Module -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - #version = "2.78.0" - #version = "~> 2.78" - version = "5.2.0" - - # VPC Basic Details - name = "${local.name}-${var.vpc_name}" - cidr = var.vpc_cidr_block - azs = var.vpc_availability_zones - public_subnets = var.vpc_public_subnets - private_subnets = var.vpc_private_subnets - - # Database Subnets - database_subnets = var.vpc_database_subnets - create_database_subnet_group = var.vpc_create_database_subnet_group - create_database_subnet_route_table = var.vpc_create_database_subnet_route_table - # create_database_internet_gateway_route = true - # create_database_nat_gateway_route = true - - # NAT Gateways - Outbound Communication - enable_nat_gateway = var.vpc_enable_nat_gateway - single_nat_gateway = var.vpc_single_nat_gateway - - # VPC DNS Parameters - enable_dns_hostnames = true - enable_dns_support = true - - - tags = local.common_tags - vpc_tags = local.common_tags - - # Additional Tags to Subnets - public_subnet_tags = { - Type = "Public Subnets" - } - private_subnet_tags = { - Type = "Private Subnets" - } - database_subnet_tags = { - Type = "Private Database Subnets" - } -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c4-03-vpc-outputs.tf b/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c4-03-vpc-outputs.tf deleted file mode 100644 index c144e991..00000000 --- a/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c4-03-vpc-outputs.tf +++ /dev/null @@ -1,37 +0,0 @@ -# VPC Output Values - -# VPC ID -output "vpc_id" { - description = "The ID of the VPC" - value = module.vpc.vpc_id -} - -# VPC CIDR blocks -output "vpc_cidr_block" { - description = "The CIDR block of the VPC" - value = module.vpc.vpc_cidr_block -} - -# VPC Private Subnets -output "private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc.private_subnets -} - -# VPC Public Subnets -output "public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc.public_subnets -} - -# VPC NAT gateway Public IP -output "nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_public_ips -} - -# VPC AZs -output "azs" { - description = "A list of availability zones spefified as argument to this module" - value = module.vpc.azs -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c5-01-securitygroup-variables.tf b/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c5-01-securitygroup-variables.tf deleted file mode 100644 index fecdef54..00000000 --- a/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c5-01-securitygroup-variables.tf +++ /dev/null @@ -1,2 +0,0 @@ -# AWS EC2 Security Group Terraform Variables -## Placeholder file for Variables diff --git a/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c5-02-securitygroup-outputs.tf b/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c5-02-securitygroup-outputs.tf deleted file mode 100644 index 920e9010..00000000 --- a/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c5-02-securitygroup-outputs.tf +++ /dev/null @@ -1,46 +0,0 @@ -# AWS EC2 Security Group Terraform Outputs - -# Public Bastion Host Security Group Outputs -## public_bastion_sg_group_id -output "public_bastion_sg_group_id" { - description = "The ID of the security group" - #value = module.public_bastion_sg.this_security_group_id - value = module.public_bastion_sg.security_group_id -} - -## public_bastion_sg_group_vpc_id -output "public_bastion_sg_group_vpc_id" { - description = "The VPC ID" - # value = module.public_bastion_sg.this_security_group_vpc_id - value = module.public_bastion_sg.security_group_vpc_id -} - -## public_bastion_sg_group_name -output "public_bastion_sg_group_name" { - description = "The name of the security group" - #value = module.public_bastion_sg.this_security_group_name - value = module.public_bastion_sg.security_group_name -} - -# Private EC2 Instances Security Group Outputs -## private_sg_group_id -output "private_sg_group_id" { - description = "The ID of the security group" - #value = module.private_sg.this_security_group_id - value = module.private_sg.security_group_id -} - -## private_sg_group_vpc_id -output "private_sg_group_vpc_id" { - description = "The VPC ID" - #value = module.private_sg.this_security_group_vpc_id - value = module.private_sg.security_group_vpc_id -} - -## private_sg_group_name -output "private_sg_group_name" { - description = "The name of the security group" - #value = module.private_sg.this_security_group_name - value = module.private_sg.security_group_name -} - diff --git a/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c5-03-securitygroup-bastionsg.tf b/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c5-03-securitygroup-bastionsg.tf deleted file mode 100644 index fe1917db..00000000 --- a/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c5-03-securitygroup-bastionsg.tf +++ /dev/null @@ -1,17 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Public Bastion Host -module "public_bastion_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - version = "5.1.0" - - name = "public-bastion-sg" - description = "Security Group with SSH port open for everybody (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} diff --git a/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c5-04-securitygroup-privatesg.tf b/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c5-04-securitygroup-privatesg.tf deleted file mode 100644 index 01dcf5df..00000000 --- a/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c5-04-securitygroup-privatesg.tf +++ /dev/null @@ -1,18 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Private EC2 Instances -module "private_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - version = "5.1.0" - - name = "private-sg" - description = "Security Group with HTTP & SSH port open for entire VPC Block (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp", "http-80-tcp"] - ingress_cidr_blocks = [module.vpc.vpc_cidr_block] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} - diff --git a/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c6-01-datasource-ami.tf b/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c6-01-datasource-ami.tf deleted file mode 100644 index c292b608..00000000 --- a/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c6-01-datasource-ami.tf +++ /dev/null @@ -1,21 +0,0 @@ -# Get latest AMI ID for Amazon Linux2 OS -data "aws_ami" "amzlinux2" { - most_recent = true - owners = [ "amazon" ] - filter { - name = "name" - values = [ "amzn2-ami-hvm-*-gp2" ] - } - filter { - name = "root-device-type" - values = [ "ebs" ] - } - filter { - name = "virtualization-type" - values = [ "hvm" ] - } - filter { - name = "architecture" - values = [ "x86_64" ] - } -} diff --git a/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c7-01-ec2instance-variables.tf b/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c7-01-ec2instance-variables.tf deleted file mode 100644 index 5067bec2..00000000 --- a/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c7-01-ec2instance-variables.tf +++ /dev/null @@ -1,23 +0,0 @@ -# AWS EC2 Instance Terraform Variables -# EC2 Instance Variables - -# AWS EC2 Instance Type -variable "instance_type" { - description = "EC2 Instance Type" - type = string - default = "t3.micro" -} - -# AWS EC2 Instance Key Pair -variable "instance_keypair" { - description = "AWS EC2 Key pair that need to be associated with EC2 Instance" - type = string - default = "terraform-key" -} - -# AWS EC2 Private Instance Count -variable "private_instance_count" { - description = "AWS EC2 Private Instances Count" - type = number - default = 1 -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c7-02-ec2instance-outputs.tf b/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c7-02-ec2instance-outputs.tf deleted file mode 100644 index 88cc51be..00000000 --- a/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c7-02-ec2instance-outputs.tf +++ /dev/null @@ -1,31 +0,0 @@ -# AWS EC2 Instance Terraform Outputs -# Public EC2 Instances - Bastion Host - -## ec2_bastion_public_instance_ids -output "ec2_bastion_public_instance_ids" { - description = "EC2 instance ID" - value = module.ec2_public.id -} - -## ec2_bastion_public_ip -output "ec2_bastion_public_ip" { - description = "Public IP address EC2 instance" - value = module.ec2_public.public_ip -} - -# Private EC2 Instances -## ec2_private_instance_ids -output "ec2_private_instance_ids" { - description = "List of IDs of instances" - value = [for ec2private in module.ec2_private: ec2private.id ] -} - -## ec2_private_ip -output "ec2_private_ip" { - description = "List of private IP addresses assigned to the instances" - value = [for ec2private in module.ec2_private: ec2private.private_ip ] -} - - - - diff --git a/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c7-03-ec2instance-bastion.tf b/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c7-03-ec2instance-bastion.tf deleted file mode 100644 index 0d21fa12..00000000 --- a/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c7-03-ec2instance-bastion.tf +++ /dev/null @@ -1,19 +0,0 @@ -# AWS EC2 Instance Terraform Module -# Bastion Host - EC2 Instance that will be created in VPC Public Subnet -module "ec2_public" { - source = "terraform-aws-modules/ec2-instance/aws" - #version = "2.17.0" - version = "5.5.0" - # insert the 10 required variables here - name = "${var.environment}-BastionHost" - #instance_count = 5 - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - subnet_id = module.vpc.public_subnets[0] - #vpc_security_group_ids = [module.public_bastion_sg.this_security_group_id] - vpc_security_group_ids = [module.public_bastion_sg.security_group_id] - tags = local.common_tags -} - diff --git a/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c7-04-ec2instance-private.tf b/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c7-04-ec2instance-private.tf deleted file mode 100644 index c8b0ce93..00000000 --- a/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c7-04-ec2instance-private.tf +++ /dev/null @@ -1,34 +0,0 @@ -# AWS EC2 Instance Terraform Module -# EC2 Instances that will be created in VPC Private Subnets -module "ec2_private" { - depends_on = [ module.vpc ] # VERY VERY IMPORTANT else userdata webserver provisioning will fail - source = "terraform-aws-modules/ec2-instance/aws" - #version = "2.17.0" - version = "5.5.0" - # insert the 10 required variables here - name = "${var.environment}-vm" - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - user_data = file("${path.module}/app1-install.sh") - tags = local.common_tags - - -# BELOW CODE COMMENTED AS PART OF MODULE UPGRADE TO 5.5.0 - #vpc_security_group_ids = [module.private_sg.this_security_group_id] - #instance_count = var.private_instance_count - #subnet_ids = [module.vpc.private_subnets[0],module.vpc.private_subnets[1] ] - -# Changes as of Module version UPGRADE from 2.17.0 to 5.5.0 - vpc_security_group_ids = [module.private_sg.security_group_id] - for_each = toset(["0", "1"]) - subnet_id = element(module.vpc.private_subnets, tonumber(each.key)) -} - - -# ELEMENT Function -# terraform console -# element(["kalyan", "reddy", "daida"], 0) -# element(["kalyan", "reddy", "daida"], 1) -# element(["kalyan", "reddy", "daida"], 2) - diff --git a/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c8-elasticip.tf b/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c8-elasticip.tf deleted file mode 100644 index 35cbdb61..00000000 --- a/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c8-elasticip.tf +++ /dev/null @@ -1,23 +0,0 @@ -# Create Elastic IP for Bastion Host -# Resource - depends_on Meta-Argument -resource "aws_eip" "bastion_eip" { - depends_on = [ module.ec2_public, module.vpc ] - tags = local.common_tags - - # COMMENTED - #instance = module.ec2_public.id[0] - #vpc = true - - # UPDATED - instance = module.ec2_public.id - domain = "vpc" - - -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) - provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } -} diff --git a/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c9-nullresource-provisioners.tf b/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c9-nullresource-provisioners.tf deleted file mode 100644 index a4b0bcdf..00000000 --- a/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/c9-nullresource-provisioners.tf +++ /dev/null @@ -1,42 +0,0 @@ -# Create a Null Resource and Provisioners -resource "null_resource" "name" { - depends_on = [module.ec2_public] - # Connection Block for Provisioners to connect to EC2 Instance - connection { - type = "ssh" - host = aws_eip.bastion_eip.public_ip - user = "ec2-user" - password = "" - private_key = file("private-key/terraform-key.pem") - } - -## File Provisioner: Copies the terraform-key.pem file to /tmp/terraform-key.pem - provisioner "file" { - source = "private-key/terraform-key.pem" - destination = "/tmp/terraform-key.pem" - } -## Remote Exec Provisioner: Using remote-exec provisioner fix the private key permissions on Bastion Host - provisioner "remote-exec" { - inline = [ - "sudo chmod 400 /tmp/terraform-key.pem" - ] - } -## Local Exec Provisioner: local-exec provisioner (Creation-Time Provisioner - Triggered during Create Resource) - provisioner "local-exec" { - command = "echo VPC created on `date` and VPC ID: ${module.vpc.vpc_id} >> creation-time-vpc-id.txt" - working_dir = "local-exec-output-files/" - #on_failure = continue - } -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) -/* provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } - */ - -} - -# Creation Time Provisioners - By default they are created during resource creations (terraform apply) -# Destory Time Provisioners - Will be executed during "terraform destroy" command (when = destroy) \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/ec2instance.auto.tfvars b/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/ec2instance.auto.tfvars deleted file mode 100644 index 2d1c0446..00000000 --- a/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/ec2instance.auto.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -# EC2 Instance Variables -instance_type = "t3.micro" -instance_keypair = "terraform-key" -private_instance_count = 2 diff --git a/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/local-exec-output-files/backup-demo-kalyan/creation-time-vpc-id.txt b/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/local-exec-output-files/backup-demo-kalyan/creation-time-vpc-id.txt deleted file mode 100644 index f9c8e6fb..00000000 --- a/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/local-exec-output-files/backup-demo-kalyan/creation-time-vpc-id.txt +++ /dev/null @@ -1,2 +0,0 @@ -VPC created on Mon Apr 12 12:44:45 IST 2021 and VPC ID: vpc-0420c012ebe877808 -VPC created on Thu Apr 15 16:38:50 IST 2021 and VPC ID: vpc-06cacba8e6cd418c5 diff --git a/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/local-exec-output-files/backup-demo-kalyan/destroy-time-prov.txt b/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/local-exec-output-files/backup-demo-kalyan/destroy-time-prov.txt deleted file mode 100644 index 804feee2..00000000 --- a/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/local-exec-output-files/backup-demo-kalyan/destroy-time-prov.txt +++ /dev/null @@ -1 +0,0 @@ -Destroy time prov Thu Apr 15 16:56:54 IST 2021 diff --git a/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt b/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt deleted file mode 100644 index 146c2121..00000000 --- a/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt +++ /dev/null @@ -1 +0,0 @@ -VPC created on Tue Nov 28 10:36:35 IST 2023 and VPC ID: vpc-03b65bf021fae83d9 diff --git a/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/local-exec-output-files/destroy-time-prov.txt b/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/local-exec-output-files/destroy-time-prov.txt deleted file mode 100644 index 4f1162b5..00000000 --- a/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/local-exec-output-files/destroy-time-prov.txt +++ /dev/null @@ -1 +0,0 @@ -Destroy time prov Tue Nov 28 10:40:26 IST 2023 diff --git a/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/private-key/terraform-key.pem b/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/private-key/terraform-key.pem deleted file mode 100644 index fab1eb2a..00000000 --- a/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/private-key/terraform-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAnzQtbXStFNU4znotckbPpAbQvymSYBvIRhObDObmhZLzs/Qm -lm57HBU18NcdAeEmKjHyu/2CI4Wwor3TJ+LTKHIldHmCt+26dSN5889Km99Af674 -nuPg9fTt8IXhY83aO0AeEnFivC+lk9+6Xezv7J7Llsmyx3kvUGE4uUEPNPuNcjdU -OrSlQ/Th9FPWBsTL8wLQCfQaPIQhZT8fXnvNGViTpZ/YqcoKGmkXcMl/+Pi0Xccs -ID3Egl18sV5uWr6T1DSMqhhwWYbl+IagZYUeKQ6Lg5znAtnX2/OHhDep6pGcf+aE -jbRkhQWgfLIVYhNXkAGxdxBEA2fQO0wvnaKI6wIDAQABAoIBABmUZqApmQ253LDA -TMEJw58VQUEVyuEKVbl8uPLvvqZDoEiPuAt/oOQ4PDyAM7bzmBA7ikbOSrSubF0Z -pu3HsinTfVUjmO84kTb1Bkk4S0KUMmbRlDzjXGfofLqiqD5C+wd+G9bWxQh7l10V -G3qv8TTRpuCJc+I9BG8jz9tkKq9WYtnGKXktVIAmEXK+ein8A5yj+szV1CyP0y6Y -6D1KApk+o1hLEXCBxaK6JgD4elJWgU0jCIhRFZzae93yozNIfJc2WZfPc8Ro6GBa -8H57q3E241P7S65VewhZlln9AUcRFYc587ohcCIW8mOWQ8NA3IMP+oVxa2p334Ll -duhR2jECgYEAyf7a1/+/c82B+ENyo53Y5CK2UM28oOJjiyCaWG2Dxj6V2+ZSXPrS -YTo43L9XiqT0Ry2eHjb4pJDsEeW5FnaDFO6NVUP+vfzaqWtozQmVAl3GQybbSh6g -+KJoEQff2Obadp9ZVhLFTiBedvGqPD43hs7jtmk5RfMjpLOvidfe+/UCgYEAycSJ -etYYHMMQm2NgX1/4dcbgOiu33N+x1H7LaXuvJMaZw0wB7fUyu65CAexEanDtiKs3 -jVG4tAzdMmHg7VxKR7eiCvQaSlxdWdcWtL2eFVq2TaQeowbpJUtsR0h6W0vpaN9A -VYW/oAH4fzQskwmWSlBMxB/Ie14hBCBckTXSRV8CgYEAql6WXpCK/jVbZfYdfvrn -sKPGeijM7DWGGBaLmAHmnxKyeyKsXVgAkZj11NpeD8ZJcq97Kajb1pGVSxMjJVsX -/FOoST5sYfoew76gSi/GypQlYQYo9z8WLh9s/tBRcTRlFqAYTYzPdbG/ezshhmZD -lyRw0620bNdCPOyBJhY5MPECgYA/3tFOazuSz0UQi3LUfkLetagBghlf+AgJJmIp -8BdPYvcF1ae+tiHrO4x1o188+qaW3uxk9fusM25KJqXXPaHd9gl7wi4YYAjFCcuM -R4IlbGPNTCjOnr9rKOcL4aup/uvSYOmyqPYyJq2NRuzdVumWeLj0VMNYGkIFVmE3 -LnxzrQKBgG5loEjdSKt40YOMXtYvUYUKDGvWgoQEb0hj3OqiBXz+w4YD3/iX7dbQ -qra1gCxE42Z9beiBiti6zi6zGcoVj/pfNUoyxTLMSwaytbF+g1u6ksXcmC9PXcmk -kJDR0DJcm/rcL8tp3PKo22GDB7sobm9gk5je6y8z+dQs3SQbWzb0 ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/terraform.tfvars b/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/terraform.tfvars deleted file mode 100644 index d423925d..00000000 --- a/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/terraform.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# Generic Variables -aws_region = "us-east-1" -environment = "stag" -business_divsion = "HR" - - - - - - - diff --git a/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/vpc.auto.tfvars b/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/vpc.auto.tfvars deleted file mode 100644 index fc45bf29..00000000 --- a/V1-UPDATES-DEC2023/07-AWS-EC2Instance-and-SecurityGroups/terraform-manifests/vpc.auto.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# VPC Variables -vpc_name = "myvpc" -vpc_cidr_block = "10.0.0.0/16" -vpc_availability_zones = ["us-east-1a", "us-east-1b"] -vpc_public_subnets = ["10.0.101.0/24", "10.0.102.0/24"] -vpc_private_subnets = ["10.0.1.0/24", "10.0.2.0/24"] -vpc_database_subnets= ["10.0.151.0/24", "10.0.152.0/24"] -vpc_create_database_subnet_group = true -vpc_create_database_subnet_route_table = true -vpc_enable_nat_gateway = true -vpc_single_nat_gateway = true \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/README.md b/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/README.md deleted file mode 100644 index c2041663..00000000 --- a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/README.md +++ /dev/null @@ -1,195 +0,0 @@ -# AWS Classic Load Balancer with Terraform - -## Step-01: Introduction -- Create AWS Security Group module for ELB CLB Load Balancer -- Create AWS ELB Classic Load Balancer Terraform Module -- Define Outputs for Load Balancer -- Access and test -- [Terraform Module AWS ELB](https://registry.terraform.io/modules/terraform-aws-modules/elb/aws/latest) used - -## Step-02: Copy all templates from previous section -- Copy `terraform-manifests` folder from `07-AWS-EC2Instance-and-SecurityGroups` -- We will add four more files in addition to previous section `07-AWS-EC2Instance-and-SecurityGroups` -- c5-05-securitygroup-loadbalancersg.tf -- c10-01-ELB-classic-loadbalancer-variables.tf -- c10-02-ELB-classic-loadbalancer.tf -- c10-03-ELB-classic-loadbalancer-outputs.tf - -## Step-03: c5-05-securitygroup-loadbalancersg.tf -```t -# Security Group for Public Load Balancer -module "loadbalancer_sg" { - source = "terraform-aws-modules/security-group/aws" - version = "3.18.0" - - name = "loadbalancer-sg" - description = "Security group with HTTP port open for everybody (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Block - ingress_rules = ["http-80-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} -``` - -## Step-04: AWS ELB Classic Load Balancer -### Step-04-01: c10-02-ELB-classic-loadbalancer.tf -- [terraform-aws-modules/elb/aws](https://registry.terraform.io/modules/terraform-aws-modules/elb/aws/latest) -```t -# Terraform AWS Classic Load Balancer (ELB-CLB) -module "elb" { - source = "terraform-aws-modules/elb/aws" - #version = "2.5.0" - version = "4.0.1" - name = "${local.name}-myelb" - subnets = [ - module.vpc.public_subnets[0], - module.vpc.public_subnets[1] - ] - #internal = false - - listener = [ - { - instance_port = 80 - instance_protocol = "HTTP" - lb_port = 80 - lb_protocol = "HTTP" - }, - { - instance_port = 80 - instance_protocol = "HTTP" - lb_port = 81 - lb_protocol = "HTTP" - }, - ] - - health_check = { - target = "HTTP:80/" - interval = 30 - healthy_threshold = 2 - unhealthy_threshold = 2 - timeout = 5 - } - -# ELB attachments - #number_of_instances = var.private_instance_count - #instances = [module.ec2_private.id[0],module.ec2_private.id[1]] - -# Module Upgrade Change-1 - number_of_instances = length(module.ec2_private) - -# Module Upgrade Change-2 - instances = [for ec2private in module.ec2_private: ec2private.id ] - -# Module Upgrade Change-3 - #security_groups = [module.loadbalancer_sg.this_security_group_id] - security_groups = [module.loadbalancer_sg.security_group_id] - - tags = local.common_tags -} -``` - -### Step-04-02: Outputs for ELB Classic Load Balancer -- [Refer Outputs from Example](https://registry.terraform.io/modules/terraform-aws-modules/elb/aws/latest/examples/complete) -- c10-03-ELB-classic-loadbalancer-outputs.tf -```t -# Terraform AWS Classic Load Balancer (ELB-CLB) Outputs -output "elb_id" { - description = "The name of the ELB" - value = module.elb.elb_id -} - -output "elb_name" { - description = "The name of the ELB" - value = module.elb.elb_name -} - -output "elb_dns_name" { - description = "The DNS name of the ELB" - value = module.elb.elb_dns_name -} - -output "elb_instances" { - description = "The list of instances in the ELB (if may be outdated, because instances are attached using elb_attachment resource)" - value = module.elb.elb_instances -} - -output "elb_source_security_group_id" { - description = "The ID of the security group that you can use as part of your inbound rules for your load balancer's back-end application instances" - value = module.elb.elb_source_security_group_id -} - -output "elb_zone_id" { - description = "The canonical hosted zone ID of the ELB (to be used in a Route 53 Alias record)" - value = module.elb.elb_zone_id -} -``` - -## Step-05: Execute Terraform Commands -```t -# Terraform Initialize -terraform init - -# Terraform Validate -terraform validate - -# Terraform Plan -terraform plan - -# Terraform Apply -terraform apply -auto-approve - -# Verify -Observation: -1. Verify EC2 Instances -2. Verify Load Balancer SG -3. Verify Load Balancer Instances are healthy -4. Access sample app using Load Balancer DNS Name -5. Access Sample app with port 81 using Load Balancer DNS Name, it should fail, because from loadbalancer_sg port 81 is not allowed from internet. -# Example: from my environment -http://HR-stag-myelb-557211422.us-east-1.elb.amazonaws.com - Will pass -http://HR-stag-myelb-557211422.us-east-1.elb.amazonaws.com:81 - will fail -``` - -## Step-06: Update c5-05-securitygroup-loadbalancersg.tf -```t - # Open to CIDRs blocks (rule or from_port+to_port+protocol+description) - ingress_with_cidr_blocks = [ - { - from_port = 81 - to_port = 81 - protocol = 6 - description = "Allow Port 81 from internet" - cidr_blocks = "0.0.0.0/0" - }, - ] -``` - -## Step-07: Again Execute Terraform Commands -```t -# Terraform Plan -terraform plan - -# Terraform Apply -terraform apply -auto-approve - -# Verify -Observation: -1) Verify loadbalancer-sg in AWS mgmt console -2) Access App using port 81 and test -http://HR-stag-myelb-557211422.us-east-1.elb.amazonaws.com:81 - should pass -``` - -## Step-08: Clean-Up -```t -# Terraform Destroy -terraform destroy -auto-approve - -# Delete files -rm -rf .terraform* -rm -rf terraform.tfstate* -``` - - diff --git a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/UPGRADES.md b/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/UPGRADES.md deleted file mode 100644 index 1a6520fd..00000000 --- a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/UPGRADES.md +++ /dev/null @@ -1,82 +0,0 @@ -# Terraform Manifest Upgrades - - ## Step-01: c10-02-ELB-classic-loadbalancer.tf - ```t - # Terraform AWS Classic Load Balancer (ELB-CLB) -module "elb" { - source = "terraform-aws-modules/elb/aws" - #version = "2.5.0" - version = "4.0.1" - name = "${local.name}-myelb" - subnets = [ - module.vpc.public_subnets[0], - module.vpc.public_subnets[1] - ] - #security_groups = [module.loadbalancer_sg.this_security_group_id] - security_groups = [module.loadbalancer_sg.security_group_id] - #internal = false - - listener = [ - { - instance_port = 80 - instance_protocol = "HTTP" - lb_port = 80 - lb_protocol = "HTTP" - }, - { - instance_port = 80 - instance_protocol = "HTTP" - lb_port = 81 - lb_protocol = "HTTP" - }, - ] - - health_check = { - target = "HTTP:80/" - interval = 30 - healthy_threshold = 2 - unhealthy_threshold = 2 - timeout = 5 - } - - # ELB attachments - number_of_instances = var.private_instance_count - #instances = [module.ec2_private.id[0],module.ec2_private.id[1]] - instances = [for ec2private in module.ec2_private: ec2private.id ] - tags = local.common_tags -} - ``` - - ## Step-02: c10-03-ELB-classic-loadbalancer-outputs.tf - ```t - # Terraform AWS Classic Load Balancer (ELB-CLB) Outputs -output "elb_id" { - description = "The name of the ELB" - value = module.elb.elb_id -} - -output "elb_name" { - description = "The name of the ELB" - value = module.elb.elb_name -} - -output "elb_dns_name" { - description = "The DNS name of the ELB" - value = module.elb.elb_dns_name -} - -output "elb_instances" { - description = "The list of instances in the ELB (if may be outdated, because instances are attached using elb_attachment resource)" - value = module.elb.elb_instances -} - -output "elb_source_security_group_id" { - description = "The ID of the security group that you can use as part of your inbound rules for your load balancer's back-end application instances" - value = module.elb.elb_source_security_group_id -} - -output "elb_zone_id" { - description = "The canonical hosted zone ID of the ELB (to be used in a Route 53 Alias record)" - value = module.elb.elb_zone_id -} - ``` \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/app1-install.sh b/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/app1-install.sh deleted file mode 100644 index f697dd1d..00000000 --- a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/app1-install.sh +++ /dev/null @@ -1,12 +0,0 @@ -#! /bin/bash -# Instance Identity Metadata Reference - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html -sudo yum update -y -sudo yum install -y httpd -sudo systemctl enable httpd -sudo service httpd start -sudo echo 'Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app1/index.html -sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app1/metadata.html - - diff --git a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c1-versions.tf b/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c1-versions.tf deleted file mode 100644 index 7fa6c2d0..00000000 --- a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c1-versions.tf +++ /dev/null @@ -1,24 +0,0 @@ -# Terraform Block -terraform { - required_version = ">= 1.6" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 5.0" - } - null = { - source = "hashicorp/null" - version = "~> 3.0" - } - } -} - -# Provider Block -provider "aws" { - region = var.aws_region - profile = "default" -} -/* -Note-1: AWS Credentials Profile (profile = "default") configured on your local desktop terminal -$HOME/.aws/credentials -*/ diff --git a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c10-01-ELB-classic-loadbalancer-variables.tf b/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c10-01-ELB-classic-loadbalancer-variables.tf deleted file mode 100644 index f12a08c6..00000000 --- a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c10-01-ELB-classic-loadbalancer-variables.tf +++ /dev/null @@ -1,3 +0,0 @@ -# Terraform AWS Classic Load Balancer Variables -# Place holder file for CLB Variables - diff --git a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c10-02-ELB-classic-loadbalancer.tf b/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c10-02-ELB-classic-loadbalancer.tf deleted file mode 100644 index fd90937b..00000000 --- a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c10-02-ELB-classic-loadbalancer.tf +++ /dev/null @@ -1,51 +0,0 @@ -# Terraform AWS Classic Load Balancer (ELB-CLB) -module "elb" { - source = "terraform-aws-modules/elb/aws" - #version = "2.5.0" - version = "4.0.1" - name = "${local.name}-myelb" - subnets = [ - module.vpc.public_subnets[0], - module.vpc.public_subnets[1] - ] - #internal = false - - listener = [ - { - instance_port = 80 - instance_protocol = "HTTP" - lb_port = 80 - lb_protocol = "HTTP" - }, - { - instance_port = 80 - instance_protocol = "HTTP" - lb_port = 81 - lb_protocol = "HTTP" - }, - ] - - health_check = { - target = "HTTP:80/" - interval = 30 - healthy_threshold = 2 - unhealthy_threshold = 2 - timeout = 5 - } - -# ELB attachments - #number_of_instances = var.private_instance_count - #instances = [module.ec2_private.id[0],module.ec2_private.id[1]] - -# Module Upgrade Change-1 - number_of_instances = length(module.ec2_private) - -# Module Upgrade Change-2 - instances = [for ec2private in module.ec2_private: ec2private.id ] - -# Module Upgrade Change-3 - #security_groups = [module.loadbalancer_sg.this_security_group_id] - security_groups = [module.loadbalancer_sg.security_group_id] - - tags = local.common_tags -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c10-03-ELB-classic-loadbalancer-outputs.tf b/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c10-03-ELB-classic-loadbalancer-outputs.tf deleted file mode 100644 index e35e700a..00000000 --- a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c10-03-ELB-classic-loadbalancer-outputs.tf +++ /dev/null @@ -1,30 +0,0 @@ -# Terraform AWS Classic Load Balancer (ELB-CLB) Outputs -output "elb_id" { - description = "The name of the ELB" - value = module.elb.elb_id -} - -output "elb_name" { - description = "The name of the ELB" - value = module.elb.elb_name -} - -output "elb_dns_name" { - description = "The DNS name of the ELB" - value = module.elb.elb_dns_name -} - -output "elb_instances" { - description = "The list of instances in the ELB (if may be outdated, because instances are attached using elb_attachment resource)" - value = module.elb.elb_instances -} - -output "elb_source_security_group_id" { - description = "The ID of the security group that you can use as part of your inbound rules for your load balancer's back-end application instances" - value = module.elb.elb_source_security_group_id -} - -output "elb_zone_id" { - description = "The canonical hosted zone ID of the ELB (to be used in a Route 53 Alias record)" - value = module.elb.elb_zone_id -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c2-generic-variables.tf b/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c2-generic-variables.tf deleted file mode 100644 index c238ceaa..00000000 --- a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c2-generic-variables.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Input Variables -# AWS Region -variable "aws_region" { - description = "Region in which AWS Resources to be created" - type = string - default = "us-east-1" -} -# Environment Variable -variable "environment" { - description = "Environment Variable used as a prefix" - type = string - default = "dev" -} -# Business Division -variable "business_divsion" { - description = "Business Division in the large organization this Infrastructure belongs" - type = string - default = "sap" -} diff --git a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c3-local-values.tf b/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c3-local-values.tf deleted file mode 100644 index 9465b846..00000000 --- a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c3-local-values.tf +++ /dev/null @@ -1,11 +0,0 @@ -# Define Local Values in Terraform -locals { - owners = var.business_divsion - environment = var.environment - name = "${var.business_divsion}-${var.environment}" - #name = "${local.owners}-${local.environment}" - common_tags = { - owners = local.owners - environment = local.environment - } -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c4-01-vpc-variables.tf b/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c4-01-vpc-variables.tf deleted file mode 100644 index b68d0a48..00000000 --- a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c4-01-vpc-variables.tf +++ /dev/null @@ -1,77 +0,0 @@ -# VPC Input Variables - -# VPC Name -variable "vpc_name" { - description = "VPC Name" - type = string - default = "myvpc" -} - -# VPC CIDR Block -variable "vpc_cidr_block" { - description = "VPC CIDR Block" - type = string - default = "10.0.0.0/16" -} - -# VPC Availability Zones -variable "vpc_availability_zones" { - description = "VPC Availability Zones" - type = list(string) - default = ["us-east-1a", "us-east-1b"] -} - -# VPC Public Subnets -variable "vpc_public_subnets" { - description = "VPC Public Subnets" - type = list(string) - default = ["10.0.101.0/24", "10.0.102.0/24"] -} - -# VPC Private Subnets -variable "vpc_private_subnets" { - description = "VPC Private Subnets" - type = list(string) - default = ["10.0.1.0/24", "10.0.2.0/24"] -} - -# VPC Database Subnets -variable "vpc_database_subnets" { - description = "VPC Database Subnets" - type = list(string) - default = ["10.0.151.0/24", "10.0.152.0/24"] -} - -# VPC Create Database Subnet Group (True / False) -variable "vpc_create_database_subnet_group" { - description = "VPC Create Database Subnet Group" - type = bool - default = true -} - -# VPC Create Database Subnet Route Table (True or False) -variable "vpc_create_database_subnet_route_table" { - description = "VPC Create Database Subnet Route Table" - type = bool - default = true -} - - -# VPC Enable NAT Gateway (True or False) -variable "vpc_enable_nat_gateway" { - description = "Enable NAT Gateways for Private Subnets Outbound Communication" - type = bool - default = true -} - -# VPC Single NAT Gateway (True or False) -variable "vpc_single_nat_gateway" { - description = "Enable only single NAT Gateway in one Availability Zone to save costs during our demos" - type = bool - default = true -} - - - - - diff --git a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c4-02-vpc-module.tf b/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c4-02-vpc-module.tf deleted file mode 100644 index 967d2dcb..00000000 --- a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c4-02-vpc-module.tf +++ /dev/null @@ -1,44 +0,0 @@ -# Create VPC Terraform Module -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - #version = "2.78.0" - #version = "~> 2.78" - version = "5.2.0" - - # VPC Basic Details - name = "${local.name}-${var.vpc_name}" - cidr = var.vpc_cidr_block - azs = var.vpc_availability_zones - public_subnets = var.vpc_public_subnets - private_subnets = var.vpc_private_subnets - - # Database Subnets - database_subnets = var.vpc_database_subnets - create_database_subnet_group = var.vpc_create_database_subnet_group - create_database_subnet_route_table = var.vpc_create_database_subnet_route_table - # create_database_internet_gateway_route = true - # create_database_nat_gateway_route = true - - # NAT Gateways - Outbound Communication - enable_nat_gateway = var.vpc_enable_nat_gateway - single_nat_gateway = var.vpc_single_nat_gateway - - # VPC DNS Parameters - enable_dns_hostnames = true - enable_dns_support = true - - - tags = local.common_tags - vpc_tags = local.common_tags - - # Additional Tags to Subnets - public_subnet_tags = { - Type = "Public Subnets" - } - private_subnet_tags = { - Type = "Private Subnets" - } - database_subnet_tags = { - Type = "Private Database Subnets" - } -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c4-03-vpc-outputs.tf b/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c4-03-vpc-outputs.tf deleted file mode 100644 index c144e991..00000000 --- a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c4-03-vpc-outputs.tf +++ /dev/null @@ -1,37 +0,0 @@ -# VPC Output Values - -# VPC ID -output "vpc_id" { - description = "The ID of the VPC" - value = module.vpc.vpc_id -} - -# VPC CIDR blocks -output "vpc_cidr_block" { - description = "The CIDR block of the VPC" - value = module.vpc.vpc_cidr_block -} - -# VPC Private Subnets -output "private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc.private_subnets -} - -# VPC Public Subnets -output "public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc.public_subnets -} - -# VPC NAT gateway Public IP -output "nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_public_ips -} - -# VPC AZs -output "azs" { - description = "A list of availability zones spefified as argument to this module" - value = module.vpc.azs -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c5-01-securitygroup-variables.tf b/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c5-01-securitygroup-variables.tf deleted file mode 100644 index fecdef54..00000000 --- a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c5-01-securitygroup-variables.tf +++ /dev/null @@ -1,2 +0,0 @@ -# AWS EC2 Security Group Terraform Variables -## Placeholder file for Variables diff --git a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c5-02-securitygroup-outputs.tf b/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c5-02-securitygroup-outputs.tf deleted file mode 100644 index ca6ff040..00000000 --- a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c5-02-securitygroup-outputs.tf +++ /dev/null @@ -1,40 +0,0 @@ -# AWS EC2 Security Group Terraform Outputs - -# Public Bastion Host Security Group Outputs -## public_bastion_sg_group_id -output "public_bastion_sg_group_id" { - description = "The ID of the security group" - value = module.public_bastion_sg.security_group_id -} - -## public_bastion_sg_group_vpc_id -output "public_bastion_sg_group_vpc_id" { - description = "The VPC ID" - value = module.public_bastion_sg.security_group_vpc_id -} - -## public_bastion_sg_group_name -output "public_bastion_sg_group_name" { - description = "The name of the security group" - value = module.public_bastion_sg.security_group_name -} - -# Private EC2 Instances Security Group Outputs -## private_sg_group_id -output "private_sg_group_id" { - description = "The ID of the security group" - value = module.private_sg.security_group_id -} - -## private_sg_group_vpc_id -output "private_sg_group_vpc_id" { - description = "The VPC ID" - value = module.private_sg.security_group_vpc_id -} - -## private_sg_group_name -output "private_sg_group_name" { - description = "The name of the security group" - value = module.private_sg.security_group_name -} - diff --git a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c5-03-securitygroup-bastionsg.tf b/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c5-03-securitygroup-bastionsg.tf deleted file mode 100644 index fe1917db..00000000 --- a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c5-03-securitygroup-bastionsg.tf +++ /dev/null @@ -1,17 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Public Bastion Host -module "public_bastion_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - version = "5.1.0" - - name = "public-bastion-sg" - description = "Security Group with SSH port open for everybody (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} diff --git a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c5-04-securitygroup-privatesg.tf b/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c5-04-securitygroup-privatesg.tf deleted file mode 100644 index 561d2896..00000000 --- a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c5-04-securitygroup-privatesg.tf +++ /dev/null @@ -1,18 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Private EC2 Instances -module "private_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - version = "5.1.0" - - name = "private-sg" - description = "Security Group with HTTP & SSH port open for entire VPC Block (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp", "http-80-tcp"] - ingress_cidr_blocks = [module.vpc.vpc_cidr_block] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} - diff --git a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf b/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf deleted file mode 100644 index 6e77330c..00000000 --- a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf +++ /dev/null @@ -1,29 +0,0 @@ -# Security Group for Public Load Balancer -module "loadbalancer_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - version = "5.1.0" - - name = "loadbalancer-sg" - description = "Security Group with HTTP open for entire Internet (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["http-80-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags - - # Open to CIDRs blocks (rule or from_port+to_port+protocol+description) - ingress_with_cidr_blocks = [ - { - from_port = 81 - to_port = 81 - protocol = 6 - description = "Allow Port 81 from internet" - cidr_blocks = "0.0.0.0/0" - }, - ] -} - - diff --git a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c6-01-datasource-ami.tf b/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c6-01-datasource-ami.tf deleted file mode 100644 index c292b608..00000000 --- a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c6-01-datasource-ami.tf +++ /dev/null @@ -1,21 +0,0 @@ -# Get latest AMI ID for Amazon Linux2 OS -data "aws_ami" "amzlinux2" { - most_recent = true - owners = [ "amazon" ] - filter { - name = "name" - values = [ "amzn2-ami-hvm-*-gp2" ] - } - filter { - name = "root-device-type" - values = [ "ebs" ] - } - filter { - name = "virtualization-type" - values = [ "hvm" ] - } - filter { - name = "architecture" - values = [ "x86_64" ] - } -} diff --git a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c7-01-ec2instance-variables.tf b/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c7-01-ec2instance-variables.tf deleted file mode 100644 index cf83a6c1..00000000 --- a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c7-01-ec2instance-variables.tf +++ /dev/null @@ -1,24 +0,0 @@ -# AWS EC2 Instance Terraform Variables -# EC2 Instance Variables - -# AWS EC2 Instance Type -variable "instance_type" { - description = "EC2 Instance Type" - type = string - default = "t3.micro" -} - -# AWS EC2 Instance Key Pair -variable "instance_keypair" { - description = "AWS EC2 Key pair that need to be associated with EC2 Instance" - type = string - default = "terraform-key" -} - -# AWS EC2 Private Instance Count -/* -variable "private_instance_count" { - description = "AWS EC2 Private Instances Count" - type = number - default = 1 -}*/ \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c7-02-ec2instance-outputs.tf b/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c7-02-ec2instance-outputs.tf deleted file mode 100644 index 2bab94e1..00000000 --- a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c7-02-ec2instance-outputs.tf +++ /dev/null @@ -1,35 +0,0 @@ -# AWS EC2 Instance Terraform Outputs -# Public EC2 Instances - Bastion Host - -## ec2_bastion_public_instance_ids -output "ec2_bastion_public_instance_ids" { - description = "EC2 instance ID" - value = module.ec2_public.id -} - -## ec2_bastion_public_ip -output "ec2_bastion_public_ip" { - description = "Public IP address EC2 instance" - value = module.ec2_public.public_ip -} - -# Private EC2 Instances -## ec2_private_instance_ids -output "ec2_private_instance_ids" { - description = "List of IDs of instances" - #value = [module.ec2_private.id] - value = [for ec2private in module.ec2_private: ec2private.id ] -} - -## ec2_private_ip -output "ec2_private_ip" { - description = "List of private IP addresses assigned to the instances" - #value = [module.ec2_private.private_ip] - value = [for ec2private in module.ec2_private: ec2private.private_ip ] -} - - - - - - diff --git a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c7-03-ec2instance-bastion.tf b/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c7-03-ec2instance-bastion.tf deleted file mode 100644 index 16e7f1c5..00000000 --- a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c7-03-ec2instance-bastion.tf +++ /dev/null @@ -1,20 +0,0 @@ -# AWS EC2 Instance Terraform Module -# Bastion Host - EC2 Instance that will be created in VPC Public Subnet -module "ec2_public" { - source = "terraform-aws-modules/ec2-instance/aws" - #version = "2.17.0" - version = "5.5.0" - - # insert the 10 required variables here - name = "${var.environment}-BastionHost" - #instance_count = 5 - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - subnet_id = module.vpc.public_subnets[0] - #vpc_security_group_ids = [module.public_bastion_sg.this_security_group_id] - vpc_security_group_ids = [module.public_bastion_sg.security_group_id] - tags = local.common_tags -} - diff --git a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c7-04-ec2instance-private.tf b/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c7-04-ec2instance-private.tf deleted file mode 100644 index 8f0164a9..00000000 --- a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c7-04-ec2instance-private.tf +++ /dev/null @@ -1,32 +0,0 @@ -# AWS EC2 Instance Terraform Module -# EC2 Instances that will be created in VPC Private Subnets -module "ec2_private" { - depends_on = [ module.vpc ] # VERY VERY IMPORTANT else userdata webserver provisioning will fail - source = "terraform-aws-modules/ec2-instance/aws" - #version = "2.17.0" - version = "5.5.0" - # insert the 10 required variables here - name = "${var.environment}-vm" - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - user_data = file("${path.module}/app1-install.sh") - tags = local.common_tags - -# Changes as part of Module version from 2.17.0 to 5.5.0 - for_each = toset(["0", "1"]) - subnet_id = element(module.vpc.private_subnets, tonumber(each.key)) - vpc_security_group_ids = [module.private_sg.security_group_id] - -# BELOW CODE COMMENTED AS PART OF MODULE UPGRADE TO 5.5.0 -/* subnet_ids = [ - module.vpc.private_subnets[0], - module.vpc.private_subnets[1] - ] - instance_count = var.private_instance_count - vpc_security_group_ids = [module.private_sg.this_security_group_id] -*/ - -} - - diff --git a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c8-elasticip.tf b/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c8-elasticip.tf deleted file mode 100644 index fe5fb8d2..00000000 --- a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c8-elasticip.tf +++ /dev/null @@ -1,22 +0,0 @@ -# Create Elastic IP for Bastion Host -# Resource - depends_on Meta-Argument -resource "aws_eip" "bastion_eip" { - depends_on = [ module.ec2_public, module.vpc ] - tags = local.common_tags - - # COMMENTED - #instance = module.ec2_public.id[0] - #vpc = true - - # UPDATED - instance = module.ec2_public.id - domain = "vpc" - -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) - provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } -} diff --git a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c9-nullresource-provisioners.tf b/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c9-nullresource-provisioners.tf deleted file mode 100644 index a4b0bcdf..00000000 --- a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/c9-nullresource-provisioners.tf +++ /dev/null @@ -1,42 +0,0 @@ -# Create a Null Resource and Provisioners -resource "null_resource" "name" { - depends_on = [module.ec2_public] - # Connection Block for Provisioners to connect to EC2 Instance - connection { - type = "ssh" - host = aws_eip.bastion_eip.public_ip - user = "ec2-user" - password = "" - private_key = file("private-key/terraform-key.pem") - } - -## File Provisioner: Copies the terraform-key.pem file to /tmp/terraform-key.pem - provisioner "file" { - source = "private-key/terraform-key.pem" - destination = "/tmp/terraform-key.pem" - } -## Remote Exec Provisioner: Using remote-exec provisioner fix the private key permissions on Bastion Host - provisioner "remote-exec" { - inline = [ - "sudo chmod 400 /tmp/terraform-key.pem" - ] - } -## Local Exec Provisioner: local-exec provisioner (Creation-Time Provisioner - Triggered during Create Resource) - provisioner "local-exec" { - command = "echo VPC created on `date` and VPC ID: ${module.vpc.vpc_id} >> creation-time-vpc-id.txt" - working_dir = "local-exec-output-files/" - #on_failure = continue - } -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) -/* provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } - */ - -} - -# Creation Time Provisioners - By default they are created during resource creations (terraform apply) -# Destory Time Provisioners - Will be executed during "terraform destroy" command (when = destroy) \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/ec2instance.auto.tfvars b/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/ec2instance.auto.tfvars deleted file mode 100644 index 9875e621..00000000 --- a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/ec2instance.auto.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -# EC2 Instance Variables -instance_type = "t3.micro" -instance_keypair = "terraform-key" -#private_instance_count = 2 diff --git a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/local-exec-output-files/backup-demo-kalyan/creation-time-vpc-id.txt b/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/local-exec-output-files/backup-demo-kalyan/creation-time-vpc-id.txt deleted file mode 100644 index f9c8e6fb..00000000 --- a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/local-exec-output-files/backup-demo-kalyan/creation-time-vpc-id.txt +++ /dev/null @@ -1,2 +0,0 @@ -VPC created on Mon Apr 12 12:44:45 IST 2021 and VPC ID: vpc-0420c012ebe877808 -VPC created on Thu Apr 15 16:38:50 IST 2021 and VPC ID: vpc-06cacba8e6cd418c5 diff --git a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/local-exec-output-files/backup-demo-kalyan/destroy-time-prov.txt b/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/local-exec-output-files/backup-demo-kalyan/destroy-time-prov.txt deleted file mode 100644 index 804feee2..00000000 --- a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/local-exec-output-files/backup-demo-kalyan/destroy-time-prov.txt +++ /dev/null @@ -1 +0,0 @@ -Destroy time prov Thu Apr 15 16:56:54 IST 2021 diff --git a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt b/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt deleted file mode 100644 index 02caedc8..00000000 --- a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt +++ /dev/null @@ -1,2 +0,0 @@ -VPC created on Tue Nov 28 11:01:43 IST 2023 and VPC ID: vpc-0a899e74c3df2dce4 -VPC created on Sat Dec 23 06:46:23 IST 2023 and VPC ID: vpc-063392b2a9c4e3eee diff --git a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/local-exec-output-files/destroy-time-prov.txt b/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/local-exec-output-files/destroy-time-prov.txt deleted file mode 100644 index dbb023d1..00000000 --- a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/local-exec-output-files/destroy-time-prov.txt +++ /dev/null @@ -1,2 +0,0 @@ -Destroy time prov Tue Nov 28 11:03:30 IST 2023 -Destroy time prov Sat Dec 23 06:49:18 IST 2023 diff --git a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/private-key/terraform-key.pem b/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/private-key/terraform-key.pem deleted file mode 100644 index fab1eb2a..00000000 --- a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/private-key/terraform-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAnzQtbXStFNU4znotckbPpAbQvymSYBvIRhObDObmhZLzs/Qm -lm57HBU18NcdAeEmKjHyu/2CI4Wwor3TJ+LTKHIldHmCt+26dSN5889Km99Af674 -nuPg9fTt8IXhY83aO0AeEnFivC+lk9+6Xezv7J7Llsmyx3kvUGE4uUEPNPuNcjdU -OrSlQ/Th9FPWBsTL8wLQCfQaPIQhZT8fXnvNGViTpZ/YqcoKGmkXcMl/+Pi0Xccs -ID3Egl18sV5uWr6T1DSMqhhwWYbl+IagZYUeKQ6Lg5znAtnX2/OHhDep6pGcf+aE -jbRkhQWgfLIVYhNXkAGxdxBEA2fQO0wvnaKI6wIDAQABAoIBABmUZqApmQ253LDA -TMEJw58VQUEVyuEKVbl8uPLvvqZDoEiPuAt/oOQ4PDyAM7bzmBA7ikbOSrSubF0Z -pu3HsinTfVUjmO84kTb1Bkk4S0KUMmbRlDzjXGfofLqiqD5C+wd+G9bWxQh7l10V -G3qv8TTRpuCJc+I9BG8jz9tkKq9WYtnGKXktVIAmEXK+ein8A5yj+szV1CyP0y6Y -6D1KApk+o1hLEXCBxaK6JgD4elJWgU0jCIhRFZzae93yozNIfJc2WZfPc8Ro6GBa -8H57q3E241P7S65VewhZlln9AUcRFYc587ohcCIW8mOWQ8NA3IMP+oVxa2p334Ll -duhR2jECgYEAyf7a1/+/c82B+ENyo53Y5CK2UM28oOJjiyCaWG2Dxj6V2+ZSXPrS -YTo43L9XiqT0Ry2eHjb4pJDsEeW5FnaDFO6NVUP+vfzaqWtozQmVAl3GQybbSh6g -+KJoEQff2Obadp9ZVhLFTiBedvGqPD43hs7jtmk5RfMjpLOvidfe+/UCgYEAycSJ -etYYHMMQm2NgX1/4dcbgOiu33N+x1H7LaXuvJMaZw0wB7fUyu65CAexEanDtiKs3 -jVG4tAzdMmHg7VxKR7eiCvQaSlxdWdcWtL2eFVq2TaQeowbpJUtsR0h6W0vpaN9A -VYW/oAH4fzQskwmWSlBMxB/Ie14hBCBckTXSRV8CgYEAql6WXpCK/jVbZfYdfvrn -sKPGeijM7DWGGBaLmAHmnxKyeyKsXVgAkZj11NpeD8ZJcq97Kajb1pGVSxMjJVsX -/FOoST5sYfoew76gSi/GypQlYQYo9z8WLh9s/tBRcTRlFqAYTYzPdbG/ezshhmZD -lyRw0620bNdCPOyBJhY5MPECgYA/3tFOazuSz0UQi3LUfkLetagBghlf+AgJJmIp -8BdPYvcF1ae+tiHrO4x1o188+qaW3uxk9fusM25KJqXXPaHd9gl7wi4YYAjFCcuM -R4IlbGPNTCjOnr9rKOcL4aup/uvSYOmyqPYyJq2NRuzdVumWeLj0VMNYGkIFVmE3 -LnxzrQKBgG5loEjdSKt40YOMXtYvUYUKDGvWgoQEb0hj3OqiBXz+w4YD3/iX7dbQ -qra1gCxE42Z9beiBiti6zi6zGcoVj/pfNUoyxTLMSwaytbF+g1u6ksXcmC9PXcmk -kJDR0DJcm/rcL8tp3PKo22GDB7sobm9gk5je6y8z+dQs3SQbWzb0 ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/terraform.tfvars b/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/terraform.tfvars deleted file mode 100644 index d423925d..00000000 --- a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/terraform.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# Generic Variables -aws_region = "us-east-1" -environment = "stag" -business_divsion = "HR" - - - - - - - diff --git a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/vpc.auto.tfvars b/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/vpc.auto.tfvars deleted file mode 100644 index fc45bf29..00000000 --- a/V1-UPDATES-DEC2023/08-AWS-ELB-Classic-LoadBalancer/terraform-manifests/vpc.auto.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# VPC Variables -vpc_name = "myvpc" -vpc_cidr_block = "10.0.0.0/16" -vpc_availability_zones = ["us-east-1a", "us-east-1b"] -vpc_public_subnets = ["10.0.101.0/24", "10.0.102.0/24"] -vpc_private_subnets = ["10.0.1.0/24", "10.0.2.0/24"] -vpc_database_subnets= ["10.0.151.0/24", "10.0.152.0/24"] -vpc_create_database_subnet_group = true -vpc_create_database_subnet_route_table = true -vpc_enable_nat_gateway = true -vpc_single_nat_gateway = true \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/README.md b/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/README.md deleted file mode 100644 index fb4cc4b6..00000000 --- a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/README.md +++ /dev/null @@ -1,291 +0,0 @@ -# AWS Application Load Balancer Basics with Terraform - -## Step-01: Introduction -- Create [AWS ALB Application Load Balancer Terraform Module](https://registry.terraform.io/modules/terraform-aws-modules/alb/aws/latest) -- Re-use AWS Security Group created for Load Balancers - -## Step-02: Create ALB Basic Manually -### Step-02-01: Create EC2 Instance with Userdata -- Go to AWS Services -> EC2 -> Instances -> Launch Instances -- **Step 1: Choose an Amazon Machine Image (AMI):** Amazon Linux 2 AMI (HVM), SSD Volume Type -- **Step 2: Choose an Instance Type:** t2.micro -- **Step 3: Configure Instance Details:** - - Number of Instances: 2 - - Userdata: select `file` and reference `terraform-manifests/app1-install.sh` for userdata - - Rest all defaults -- **Step 4: Add Storage:** leave to defaults -- **Step 5: Add Tags:** - - Key: Name - - Value: ALB-Manual-Test-1 -- **Step 6: Configure Security Group:** - - Security Group Name: ALB-Manual-TestSG1 - - Add SSH and HTTP rules for entire internet edge 0.0.0.0/0 -- **Step 7: Review Instance Launch:** Click on Launch -- **Select an existing key pair or create a new key pair:** terraform-key -- Click on Launch Instance -- Verify once the EC2 Instance is created and wait for Instances to be in `2/2 checks passed` -- Access Instances and verify -``` -# Access App1 from both Instances -http://Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app1/index.html -sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app1/metadata.html - - diff --git a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c1-versions.tf b/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c1-versions.tf deleted file mode 100644 index 7fa6c2d0..00000000 --- a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c1-versions.tf +++ /dev/null @@ -1,24 +0,0 @@ -# Terraform Block -terraform { - required_version = ">= 1.6" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 5.0" - } - null = { - source = "hashicorp/null" - version = "~> 3.0" - } - } -} - -# Provider Block -provider "aws" { - region = var.aws_region - profile = "default" -} -/* -Note-1: AWS Credentials Profile (profile = "default") configured on your local desktop terminal -$HOME/.aws/credentials -*/ diff --git a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf b/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf deleted file mode 100644 index 0aeebd65..00000000 --- a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf +++ /dev/null @@ -1,3 +0,0 @@ -# Terraform AWS Application Load Balancer Variables -# Place holder file for AWS ALB Variables - diff --git a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c10-02-ALB-application-loadbalancer.tf b/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c10-02-ALB-application-loadbalancer.tf deleted file mode 100644 index 87988eeb..00000000 --- a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c10-02-ALB-application-loadbalancer.tf +++ /dev/null @@ -1,79 +0,0 @@ -# Terraform AWS Application Load Balancer (ALB) -module "alb" { - source = "terraform-aws-modules/alb/aws" - #version = "5.16.0" - version = "9.4.0" - - name = "${local.name}-alb" - load_balancer_type = "application" - vpc_id = module.vpc.vpc_id - subnets = module.vpc.public_subnets - #security_groups = [module.loadbalancer_sg.this_security_group_id] - security_groups = [module.loadbalancer_sg.security_group_id] - - # For example only - enable_deletion_protection = false - -# Listeners - listeners = { - # Listener-1: my-http-listener - my-http-listener = { - port = 80 - protocol = "HTTP" - forward = { - target_group_key = "mytg1" - } - }# End of my-http-listener - }# End of listeners block - -# Target Groups - target_groups = { - # Target Group-1: mytg1 - mytg1 = { - # VERY IMPORTANT: We will create aws_lb_target_group_attachment resource separately when we use create_attachment = false, refer above GitHub issue URL. - ## Github ISSUE: https://github.com/terraform-aws-modules/terraform-aws-alb/issues/316 - ## Search for "create_attachment" to jump to that Github issue solution - create_attachment = false - name_prefix = "mytg1-" - protocol = "HTTP" - port = 80 - target_type = "instance" - deregistration_delay = 10 - load_balancing_cross_zone_enabled = false - protocol_version = "HTTP1" - health_check = { - enabled = true - interval = 30 - path = "/app1/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - protocol = "HTTP" - matcher = "200-399" - }# End of health_check Block - tags = local.common_tags # Target Group Tags - } # END of Target Group: mytg1 - } # END OF target_groups Block - tags = local.common_tags # ALB Tags -} - -# Load Balancer Target Group Attachment -resource "aws_lb_target_group_attachment" "mytg1" { - for_each = {for k, v in module.ec2_private: k => v} - target_group_arn = module.alb.target_groups["mytg1"].arn - target_id = each.value.id - port = 80 -} - -## k = ec2_instance -## v = ec2_instance_details - -## TEMP App Outputs -output "zz_ec2_private" { - #value = {for k, v in module.ec2_private: k => v} - value = {for ec2_instance, ec2_instance_details in module.ec2_private: ec2_instance => ec2_instance_details} -} - - - diff --git a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf b/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf deleted file mode 100644 index a8edad22..00000000 --- a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf +++ /dev/null @@ -1,54 +0,0 @@ -# Terraform AWS Application Load Balancer (ALB) Outputs -################################################################################ -# Load Balancer -################################################################################ - -output "id" { - description = "The ID and ARN of the load balancer we created" - value = module.alb.id -} - -output "arn" { - description = "The ID and ARN of the load balancer we created" - value = module.alb.arn -} - -output "arn_suffix" { - description = "ARN suffix of our load balancer - can be used with CloudWatch" - value = module.alb.arn_suffix -} - -output "dns_name" { - description = "The DNS name of the load balancer" - value = module.alb.dns_name -} - -output "zone_id" { - description = "The zone_id of the load balancer to assist with creating DNS records" - value = module.alb.zone_id -} - -################################################################################ -# Listener(s) -################################################################################ - -output "listeners" { - description = "Map of listeners created and their attributes" - value = module.alb.listeners - sensitive = true -} - -output "listener_rules" { - description = "Map of listeners rules created and their attributes" - value = module.alb.listener_rules - sensitive = true -} - -################################################################################ -# Target Group(s) -################################################################################ - -output "target_groups" { - description = "Map of target groups created and their attributes" - value = module.alb.target_groups -} diff --git a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c2-generic-variables.tf b/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c2-generic-variables.tf deleted file mode 100644 index c238ceaa..00000000 --- a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c2-generic-variables.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Input Variables -# AWS Region -variable "aws_region" { - description = "Region in which AWS Resources to be created" - type = string - default = "us-east-1" -} -# Environment Variable -variable "environment" { - description = "Environment Variable used as a prefix" - type = string - default = "dev" -} -# Business Division -variable "business_divsion" { - description = "Business Division in the large organization this Infrastructure belongs" - type = string - default = "sap" -} diff --git a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c3-local-values.tf b/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c3-local-values.tf deleted file mode 100644 index 9465b846..00000000 --- a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c3-local-values.tf +++ /dev/null @@ -1,11 +0,0 @@ -# Define Local Values in Terraform -locals { - owners = var.business_divsion - environment = var.environment - name = "${var.business_divsion}-${var.environment}" - #name = "${local.owners}-${local.environment}" - common_tags = { - owners = local.owners - environment = local.environment - } -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c4-01-vpc-variables.tf b/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c4-01-vpc-variables.tf deleted file mode 100644 index b68d0a48..00000000 --- a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c4-01-vpc-variables.tf +++ /dev/null @@ -1,77 +0,0 @@ -# VPC Input Variables - -# VPC Name -variable "vpc_name" { - description = "VPC Name" - type = string - default = "myvpc" -} - -# VPC CIDR Block -variable "vpc_cidr_block" { - description = "VPC CIDR Block" - type = string - default = "10.0.0.0/16" -} - -# VPC Availability Zones -variable "vpc_availability_zones" { - description = "VPC Availability Zones" - type = list(string) - default = ["us-east-1a", "us-east-1b"] -} - -# VPC Public Subnets -variable "vpc_public_subnets" { - description = "VPC Public Subnets" - type = list(string) - default = ["10.0.101.0/24", "10.0.102.0/24"] -} - -# VPC Private Subnets -variable "vpc_private_subnets" { - description = "VPC Private Subnets" - type = list(string) - default = ["10.0.1.0/24", "10.0.2.0/24"] -} - -# VPC Database Subnets -variable "vpc_database_subnets" { - description = "VPC Database Subnets" - type = list(string) - default = ["10.0.151.0/24", "10.0.152.0/24"] -} - -# VPC Create Database Subnet Group (True / False) -variable "vpc_create_database_subnet_group" { - description = "VPC Create Database Subnet Group" - type = bool - default = true -} - -# VPC Create Database Subnet Route Table (True or False) -variable "vpc_create_database_subnet_route_table" { - description = "VPC Create Database Subnet Route Table" - type = bool - default = true -} - - -# VPC Enable NAT Gateway (True or False) -variable "vpc_enable_nat_gateway" { - description = "Enable NAT Gateways for Private Subnets Outbound Communication" - type = bool - default = true -} - -# VPC Single NAT Gateway (True or False) -variable "vpc_single_nat_gateway" { - description = "Enable only single NAT Gateway in one Availability Zone to save costs during our demos" - type = bool - default = true -} - - - - - diff --git a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c4-02-vpc-module.tf b/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c4-02-vpc-module.tf deleted file mode 100644 index 967d2dcb..00000000 --- a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c4-02-vpc-module.tf +++ /dev/null @@ -1,44 +0,0 @@ -# Create VPC Terraform Module -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - #version = "2.78.0" - #version = "~> 2.78" - version = "5.2.0" - - # VPC Basic Details - name = "${local.name}-${var.vpc_name}" - cidr = var.vpc_cidr_block - azs = var.vpc_availability_zones - public_subnets = var.vpc_public_subnets - private_subnets = var.vpc_private_subnets - - # Database Subnets - database_subnets = var.vpc_database_subnets - create_database_subnet_group = var.vpc_create_database_subnet_group - create_database_subnet_route_table = var.vpc_create_database_subnet_route_table - # create_database_internet_gateway_route = true - # create_database_nat_gateway_route = true - - # NAT Gateways - Outbound Communication - enable_nat_gateway = var.vpc_enable_nat_gateway - single_nat_gateway = var.vpc_single_nat_gateway - - # VPC DNS Parameters - enable_dns_hostnames = true - enable_dns_support = true - - - tags = local.common_tags - vpc_tags = local.common_tags - - # Additional Tags to Subnets - public_subnet_tags = { - Type = "Public Subnets" - } - private_subnet_tags = { - Type = "Private Subnets" - } - database_subnet_tags = { - Type = "Private Database Subnets" - } -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c4-03-vpc-outputs.tf b/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c4-03-vpc-outputs.tf deleted file mode 100644 index c144e991..00000000 --- a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c4-03-vpc-outputs.tf +++ /dev/null @@ -1,37 +0,0 @@ -# VPC Output Values - -# VPC ID -output "vpc_id" { - description = "The ID of the VPC" - value = module.vpc.vpc_id -} - -# VPC CIDR blocks -output "vpc_cidr_block" { - description = "The CIDR block of the VPC" - value = module.vpc.vpc_cidr_block -} - -# VPC Private Subnets -output "private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc.private_subnets -} - -# VPC Public Subnets -output "public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc.public_subnets -} - -# VPC NAT gateway Public IP -output "nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_public_ips -} - -# VPC AZs -output "azs" { - description = "A list of availability zones spefified as argument to this module" - value = module.vpc.azs -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c5-01-securitygroup-variables.tf b/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c5-01-securitygroup-variables.tf deleted file mode 100644 index fecdef54..00000000 --- a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c5-01-securitygroup-variables.tf +++ /dev/null @@ -1,2 +0,0 @@ -# AWS EC2 Security Group Terraform Variables -## Placeholder file for Variables diff --git a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c5-02-securitygroup-outputs.tf b/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c5-02-securitygroup-outputs.tf deleted file mode 100644 index ca6ff040..00000000 --- a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c5-02-securitygroup-outputs.tf +++ /dev/null @@ -1,40 +0,0 @@ -# AWS EC2 Security Group Terraform Outputs - -# Public Bastion Host Security Group Outputs -## public_bastion_sg_group_id -output "public_bastion_sg_group_id" { - description = "The ID of the security group" - value = module.public_bastion_sg.security_group_id -} - -## public_bastion_sg_group_vpc_id -output "public_bastion_sg_group_vpc_id" { - description = "The VPC ID" - value = module.public_bastion_sg.security_group_vpc_id -} - -## public_bastion_sg_group_name -output "public_bastion_sg_group_name" { - description = "The name of the security group" - value = module.public_bastion_sg.security_group_name -} - -# Private EC2 Instances Security Group Outputs -## private_sg_group_id -output "private_sg_group_id" { - description = "The ID of the security group" - value = module.private_sg.security_group_id -} - -## private_sg_group_vpc_id -output "private_sg_group_vpc_id" { - description = "The VPC ID" - value = module.private_sg.security_group_vpc_id -} - -## private_sg_group_name -output "private_sg_group_name" { - description = "The name of the security group" - value = module.private_sg.security_group_name -} - diff --git a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c5-03-securitygroup-bastionsg.tf b/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c5-03-securitygroup-bastionsg.tf deleted file mode 100644 index fe1917db..00000000 --- a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c5-03-securitygroup-bastionsg.tf +++ /dev/null @@ -1,17 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Public Bastion Host -module "public_bastion_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - version = "5.1.0" - - name = "public-bastion-sg" - description = "Security Group with SSH port open for everybody (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} diff --git a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c5-04-securitygroup-privatesg.tf b/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c5-04-securitygroup-privatesg.tf deleted file mode 100644 index 01dcf5df..00000000 --- a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c5-04-securitygroup-privatesg.tf +++ /dev/null @@ -1,18 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Private EC2 Instances -module "private_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - version = "5.1.0" - - name = "private-sg" - description = "Security Group with HTTP & SSH port open for entire VPC Block (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp", "http-80-tcp"] - ingress_cidr_blocks = [module.vpc.vpc_cidr_block] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} - diff --git a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf b/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf deleted file mode 100644 index 6e77330c..00000000 --- a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf +++ /dev/null @@ -1,29 +0,0 @@ -# Security Group for Public Load Balancer -module "loadbalancer_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - version = "5.1.0" - - name = "loadbalancer-sg" - description = "Security Group with HTTP open for entire Internet (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["http-80-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags - - # Open to CIDRs blocks (rule or from_port+to_port+protocol+description) - ingress_with_cidr_blocks = [ - { - from_port = 81 - to_port = 81 - protocol = 6 - description = "Allow Port 81 from internet" - cidr_blocks = "0.0.0.0/0" - }, - ] -} - - diff --git a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c6-01-datasource-ami.tf b/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c6-01-datasource-ami.tf deleted file mode 100644 index c292b608..00000000 --- a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c6-01-datasource-ami.tf +++ /dev/null @@ -1,21 +0,0 @@ -# Get latest AMI ID for Amazon Linux2 OS -data "aws_ami" "amzlinux2" { - most_recent = true - owners = [ "amazon" ] - filter { - name = "name" - values = [ "amzn2-ami-hvm-*-gp2" ] - } - filter { - name = "root-device-type" - values = [ "ebs" ] - } - filter { - name = "virtualization-type" - values = [ "hvm" ] - } - filter { - name = "architecture" - values = [ "x86_64" ] - } -} diff --git a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c7-01-ec2instance-variables.tf b/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c7-01-ec2instance-variables.tf deleted file mode 100644 index 5067bec2..00000000 --- a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c7-01-ec2instance-variables.tf +++ /dev/null @@ -1,23 +0,0 @@ -# AWS EC2 Instance Terraform Variables -# EC2 Instance Variables - -# AWS EC2 Instance Type -variable "instance_type" { - description = "EC2 Instance Type" - type = string - default = "t3.micro" -} - -# AWS EC2 Instance Key Pair -variable "instance_keypair" { - description = "AWS EC2 Key pair that need to be associated with EC2 Instance" - type = string - default = "terraform-key" -} - -# AWS EC2 Private Instance Count -variable "private_instance_count" { - description = "AWS EC2 Private Instances Count" - type = number - default = 1 -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c7-02-ec2instance-outputs.tf b/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c7-02-ec2instance-outputs.tf deleted file mode 100644 index 2bab94e1..00000000 --- a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c7-02-ec2instance-outputs.tf +++ /dev/null @@ -1,35 +0,0 @@ -# AWS EC2 Instance Terraform Outputs -# Public EC2 Instances - Bastion Host - -## ec2_bastion_public_instance_ids -output "ec2_bastion_public_instance_ids" { - description = "EC2 instance ID" - value = module.ec2_public.id -} - -## ec2_bastion_public_ip -output "ec2_bastion_public_ip" { - description = "Public IP address EC2 instance" - value = module.ec2_public.public_ip -} - -# Private EC2 Instances -## ec2_private_instance_ids -output "ec2_private_instance_ids" { - description = "List of IDs of instances" - #value = [module.ec2_private.id] - value = [for ec2private in module.ec2_private: ec2private.id ] -} - -## ec2_private_ip -output "ec2_private_ip" { - description = "List of private IP addresses assigned to the instances" - #value = [module.ec2_private.private_ip] - value = [for ec2private in module.ec2_private: ec2private.private_ip ] -} - - - - - - diff --git a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c7-03-ec2instance-bastion.tf b/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c7-03-ec2instance-bastion.tf deleted file mode 100644 index 01a8c8b8..00000000 --- a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c7-03-ec2instance-bastion.tf +++ /dev/null @@ -1,22 +0,0 @@ -# AWS EC2 Instance Terraform Module -# Bastion Host - EC2 Instance that will be created in VPC Public Subnet -module "ec2_public" { - source = "terraform-aws-modules/ec2-instance/aws" - #version = "2.17.0" - version = "5.5.0" - # insert the 10 required variables here - name = "${var.environment}-BastionHost" - #instance_count = 5 - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - subnet_id = module.vpc.public_subnets[0] - tags = local.common_tags - - # UPDATED - #vpc_security_group_ids = [module.public_bastion_sg.this_security_group_id] - vpc_security_group_ids = [module.public_bastion_sg.security_group_id] - -} - diff --git a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c7-04-ec2instance-private.tf b/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c7-04-ec2instance-private.tf deleted file mode 100644 index 725ef7bf..00000000 --- a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c7-04-ec2instance-private.tf +++ /dev/null @@ -1,32 +0,0 @@ -# AWS EC2 Instance Terraform Module -# EC2 Instances that will be created in VPC Private Subnets -module "ec2_private" { - depends_on = [ module.vpc ] # VERY VERY IMPORTANT else userdata webserver provisioning will fail - source = "terraform-aws-modules/ec2-instance/aws" - #version = "2.17.0" - version = "5.5.0" - # insert the 10 required variables here - name = "${var.environment}-vm" - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - user_data = file("${path.module}/app1-install.sh") - tags = local.common_tags - -# Changes as part of Module version from 2.17.0 to 5.5.0 - for_each = toset(["0", "1"]) - subnet_id = element(module.vpc.private_subnets, tonumber(each.key)) - vpc_security_group_ids = [module.private_sg.security_group_id] - -# BELOW CODE COMMENTED AS PART OF MODULE UPGRADE TO 5.5.0 -/* subnet_ids = [ - module.vpc.private_subnets[0], - module.vpc.private_subnets[1] - ] - instance_count = var.private_instance_count - vpc_security_group_ids = [module.private_sg.this_security_group_id] -*/ - -} - - diff --git a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c8-elasticip.tf b/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c8-elasticip.tf deleted file mode 100644 index 271c9f23..00000000 --- a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c8-elasticip.tf +++ /dev/null @@ -1,21 +0,0 @@ -# Create Elastic IP for Bastion Host -# Resource - depends_on Meta-Argument -resource "aws_eip" "bastion_eip" { - depends_on = [ module.ec2_public, module.vpc ] - tags = local.common_tags - # COMMENTED - #instance = module.ec2_public.id[0] - #vpc = true - - # UPDATED - instance = module.ec2_public.id - domain = "vpc" - -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) - provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } -} diff --git a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c9-nullresource-provisioners.tf b/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c9-nullresource-provisioners.tf deleted file mode 100644 index a4b0bcdf..00000000 --- a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/c9-nullresource-provisioners.tf +++ /dev/null @@ -1,42 +0,0 @@ -# Create a Null Resource and Provisioners -resource "null_resource" "name" { - depends_on = [module.ec2_public] - # Connection Block for Provisioners to connect to EC2 Instance - connection { - type = "ssh" - host = aws_eip.bastion_eip.public_ip - user = "ec2-user" - password = "" - private_key = file("private-key/terraform-key.pem") - } - -## File Provisioner: Copies the terraform-key.pem file to /tmp/terraform-key.pem - provisioner "file" { - source = "private-key/terraform-key.pem" - destination = "/tmp/terraform-key.pem" - } -## Remote Exec Provisioner: Using remote-exec provisioner fix the private key permissions on Bastion Host - provisioner "remote-exec" { - inline = [ - "sudo chmod 400 /tmp/terraform-key.pem" - ] - } -## Local Exec Provisioner: local-exec provisioner (Creation-Time Provisioner - Triggered during Create Resource) - provisioner "local-exec" { - command = "echo VPC created on `date` and VPC ID: ${module.vpc.vpc_id} >> creation-time-vpc-id.txt" - working_dir = "local-exec-output-files/" - #on_failure = continue - } -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) -/* provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } - */ - -} - -# Creation Time Provisioners - By default they are created during resource creations (terraform apply) -# Destory Time Provisioners - Will be executed during "terraform destroy" command (when = destroy) \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/ec2instance.auto.tfvars b/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/ec2instance.auto.tfvars deleted file mode 100644 index 2d1c0446..00000000 --- a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/ec2instance.auto.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -# EC2 Instance Variables -instance_type = "t3.micro" -instance_keypair = "terraform-key" -private_instance_count = 2 diff --git a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt b/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt deleted file mode 100644 index 7ff316c5..00000000 --- a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt +++ /dev/null @@ -1,6 +0,0 @@ -VPC created on Mon Apr 19 15:00:57 IST 2021 and VPC ID: vpc-0124fbdd659d7c887 -VPC created on Tue Nov 28 16:05:45 IST 2023 and VPC ID: vpc-0e6ef02a87ec70c93 -VPC created on Wed Nov 29 08:11:44 IST 2023 and VPC ID: vpc-075259a3b12e2b534 -VPC created on Wed Nov 29 08:27:52 IST 2023 and VPC ID: vpc-01d5390a471670d00 -VPC created on Sat Dec 2 06:32:58 IST 2023 and VPC ID: vpc-02ca7255ad8e243c4 -VPC created on Sat Dec 23 11:28:22 IST 2023 and VPC ID: vpc-04e37bdae8b27216e diff --git a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/local-exec-output-files/destroy-time-prov.txt b/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/local-exec-output-files/destroy-time-prov.txt deleted file mode 100644 index 89e2d4d7..00000000 --- a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/local-exec-output-files/destroy-time-prov.txt +++ /dev/null @@ -1,6 +0,0 @@ -Destroy time prov Mon Apr 19 15:08:50 IST 2021 -Destroy time prov Tue Nov 28 17:14:47 IST 2023 -Destroy time prov Wed Nov 29 08:18:39 IST 2023 -Destroy time prov Wed Nov 29 08:32:50 IST 2023 -Destroy time prov Sat Dec 2 06:37:02 IST 2023 -Destroy time prov Sat Dec 23 11:36:27 IST 2023 diff --git a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/private-key/terraform-key.pem b/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/private-key/terraform-key.pem deleted file mode 100644 index fab1eb2a..00000000 --- a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/private-key/terraform-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAnzQtbXStFNU4znotckbPpAbQvymSYBvIRhObDObmhZLzs/Qm -lm57HBU18NcdAeEmKjHyu/2CI4Wwor3TJ+LTKHIldHmCt+26dSN5889Km99Af674 -nuPg9fTt8IXhY83aO0AeEnFivC+lk9+6Xezv7J7Llsmyx3kvUGE4uUEPNPuNcjdU -OrSlQ/Th9FPWBsTL8wLQCfQaPIQhZT8fXnvNGViTpZ/YqcoKGmkXcMl/+Pi0Xccs -ID3Egl18sV5uWr6T1DSMqhhwWYbl+IagZYUeKQ6Lg5znAtnX2/OHhDep6pGcf+aE -jbRkhQWgfLIVYhNXkAGxdxBEA2fQO0wvnaKI6wIDAQABAoIBABmUZqApmQ253LDA -TMEJw58VQUEVyuEKVbl8uPLvvqZDoEiPuAt/oOQ4PDyAM7bzmBA7ikbOSrSubF0Z -pu3HsinTfVUjmO84kTb1Bkk4S0KUMmbRlDzjXGfofLqiqD5C+wd+G9bWxQh7l10V -G3qv8TTRpuCJc+I9BG8jz9tkKq9WYtnGKXktVIAmEXK+ein8A5yj+szV1CyP0y6Y -6D1KApk+o1hLEXCBxaK6JgD4elJWgU0jCIhRFZzae93yozNIfJc2WZfPc8Ro6GBa -8H57q3E241P7S65VewhZlln9AUcRFYc587ohcCIW8mOWQ8NA3IMP+oVxa2p334Ll -duhR2jECgYEAyf7a1/+/c82B+ENyo53Y5CK2UM28oOJjiyCaWG2Dxj6V2+ZSXPrS -YTo43L9XiqT0Ry2eHjb4pJDsEeW5FnaDFO6NVUP+vfzaqWtozQmVAl3GQybbSh6g -+KJoEQff2Obadp9ZVhLFTiBedvGqPD43hs7jtmk5RfMjpLOvidfe+/UCgYEAycSJ -etYYHMMQm2NgX1/4dcbgOiu33N+x1H7LaXuvJMaZw0wB7fUyu65CAexEanDtiKs3 -jVG4tAzdMmHg7VxKR7eiCvQaSlxdWdcWtL2eFVq2TaQeowbpJUtsR0h6W0vpaN9A -VYW/oAH4fzQskwmWSlBMxB/Ie14hBCBckTXSRV8CgYEAql6WXpCK/jVbZfYdfvrn -sKPGeijM7DWGGBaLmAHmnxKyeyKsXVgAkZj11NpeD8ZJcq97Kajb1pGVSxMjJVsX -/FOoST5sYfoew76gSi/GypQlYQYo9z8WLh9s/tBRcTRlFqAYTYzPdbG/ezshhmZD -lyRw0620bNdCPOyBJhY5MPECgYA/3tFOazuSz0UQi3LUfkLetagBghlf+AgJJmIp -8BdPYvcF1ae+tiHrO4x1o188+qaW3uxk9fusM25KJqXXPaHd9gl7wi4YYAjFCcuM -R4IlbGPNTCjOnr9rKOcL4aup/uvSYOmyqPYyJq2NRuzdVumWeLj0VMNYGkIFVmE3 -LnxzrQKBgG5loEjdSKt40YOMXtYvUYUKDGvWgoQEb0hj3OqiBXz+w4YD3/iX7dbQ -qra1gCxE42Z9beiBiti6zi6zGcoVj/pfNUoyxTLMSwaytbF+g1u6ksXcmC9PXcmk -kJDR0DJcm/rcL8tp3PKo22GDB7sobm9gk5je6y8z+dQs3SQbWzb0 ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/terraform.tfvars b/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/terraform.tfvars deleted file mode 100644 index 8b9f8d7c..00000000 --- a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/terraform.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# Generic Variables -aws_region = "us-east-1" -environment = "stag" -business_divsion = "hr" - - - - - - - diff --git a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/vpc.auto.tfvars b/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/vpc.auto.tfvars deleted file mode 100644 index fc45bf29..00000000 --- a/V1-UPDATES-DEC2023/09-AWS-ALB-Application-LoadBalancer-Basic/terraform-manifests/vpc.auto.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# VPC Variables -vpc_name = "myvpc" -vpc_cidr_block = "10.0.0.0/16" -vpc_availability_zones = ["us-east-1a", "us-east-1b"] -vpc_public_subnets = ["10.0.101.0/24", "10.0.102.0/24"] -vpc_private_subnets = ["10.0.1.0/24", "10.0.2.0/24"] -vpc_database_subnets= ["10.0.151.0/24", "10.0.152.0/24"] -vpc_create_database_subnet_group = true -vpc_create_database_subnet_route_table = true -vpc_enable_nat_gateway = true -vpc_single_nat_gateway = true \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/README-OLD.md b/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/README-OLD.md deleted file mode 100644 index 2ebc8b64..00000000 --- a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/README-OLD.md +++ /dev/null @@ -1,357 +0,0 @@ -# AWS ALB Context Path based Routing using Terraform - -## Step-00: Pre-requisites -- You need a Registered Domain in AWS Route53 to implement this usecase -- Lets discuss more about it -- Go to AWS Services -> Route53 -> Domains -> Registered Domains -> Register Domain -- Choose a domain name: abcabc.com and click on **Check** -- If available, click on **Add to Cart** and Click on **Continue** -- Provide `Contact Details for Your 1 Domain` and Click on **Continue** -- Terms and Conditions: Check and click on **Complete Order** -- Go back to **Billing** and complete the payment for the domain to be approved -- Copy your `terraform-key.pem` file to `terraform-manifests/private-key` folder - -## Step-01: Introduction -- We are going to implement Context Path based Routing in AWS Application Load Balancer using Terraform. -- To achieve that we are going to implement many series of steps. -- Our core focus in the entire section should be primarily targeted to two things - - **Listener Indexes:** `https_listener_index = 0` - - **Target Group Indexes:** `target_group_index = 0` -- If we are good with understanding these indexes and how to reference them, we are good with handling these multiple context paths or multiple header based routes or anything from ALB perspective. -- We are going to implement the following using AWS ALB -1. Fixed Response for /* : http://apps.devopsincloud.com -2. App1 /app1* goes to App1 EC2 Instances: http://apps.devopsincloud.com/app1/index.html -3. App2 /app2* goes to App2 EC2 Instances: http://apps.devopsincloud.com/app2/index.html -4. HTTP to HTTPS Redirect - -## Step-02: Copy all files from previous section -- We are going to copy all files from previous section `09-AWS-ALB-Application-LoadBalancer-Basic` -- Files from `c1 to c10` -- Create new files - - c6-02-datasource-route53-zone.tf - - c11-acm-certificatemanager.tf - - c12-route53-dnsregistration.tf -- Review the files - - app1-install.sh - - app2-install.sh - -## Step-03: c5-05-securitygroup-loadbalancersg.tf -- Update load balancer security group to allow port 443 -```t - ingress_rules = ["http-80-tcp", "https-443-tcp"] -``` - -## Step-04: c6-02-datasource-route53-zone.tf -- Define the datasource for [Route53 Zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_zone) -```t -# Get DNS information from AWS Route53 -data "aws_route53_zone" "mydomain" { - name = "devopsincloud.com" -} - -# Output MyDomain Zone ID -output "mydomain_zoneid" { - description = "The Hosted Zone id of the desired Hosted Zone" - value = data.aws_route53_zone.mydomain.zone_id -} -``` - -## Step-05: c7-04-ec2instance-private-app1.tf -- We will change the module name from `ec2_private` to `ec2_private_app1` -- We will change the `name` to `"${var.environment}-app1"` -```t -# EC2 Instances that will be created in VPC Private Subnets for App1 -module "ec2_private_app1" { - depends_on = [ module.vpc ] # VERY VERY IMPORTANT else userdata webserver provisioning will fail - source = "terraform-aws-modules/ec2-instance/aws" - version = "2.17.0" - # insert the 10 required variables here - name = "${var.environment}-app1" - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - vpc_security_group_ids = [module.private_sg.this_security_group_id] - #subnet_id = module.vpc.public_subnets[0] - subnet_ids = [ - module.vpc.private_subnets[0], - module.vpc.private_subnets[1] - ] - instance_count = var.private_instance_count - user_data = file("${path.module}/app1-install.sh") - tags = local.common_tags -} -``` - -## Step-06: c7-05-ec2instance-private-app2.tf -- Create new EC2 Instances for App2 Application -- **Module Name:** ec2_private_app2 -- **Name:** `"${var.environment}-app2"` -- **User Data:** `user_data = file("${path.module}/app2-install.sh")` -```t -# AWS EC2 Instance Terraform Module -# EC2 Instances that will be created in VPC Private Subnets for App2 -module "ec2_private_app2" { - depends_on = [ module.vpc ] # VERY VERY IMPORTANT else userdata webserver provisioning will fail - source = "terraform-aws-modules/ec2-instance/aws" - version = "2.17.0" - # insert the 10 required variables here - name = "${var.environment}-app2" - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - vpc_security_group_ids = [module.private_sg.this_security_group_id] - #subnet_id = module.vpc.public_subnets[0] - subnet_ids = [ - module.vpc.private_subnets[0], - module.vpc.private_subnets[1] - ] - instance_count = var.private_instance_count - user_data = file("${path.module}/app2-install.sh") - tags = local.common_tags -} -``` - -## Step-07: c7-02-ec2instance-outputs.tf -- Update App1 and App2 Outputs based on new module names -```t -# App1 - Private EC2 Instances -## ec2_private_instance_ids -output "app1_ec2_private_instance_ids" { - description = "List of IDs of instances" - value = module.ec2_private_app1.id -} -## ec2_private_ip -output "app1_ec2_private_ip" { - description = "List of private IP addresses assigned to the instances" - value = module.ec2_private_app1.private_ip -} - -# App2 - Private EC2 Instances -## ec2_private_instance_ids -output "app2_ec2_private_instance_ids" { - description = "List of IDs of instances" - value = module.ec2_private_app2.id -} -## ec2_private_ip -output "app2_ec2_private_ip" { - description = "List of private IP addresses assigned to the instances" - value = module.ec2_private_app2.private_ip -} -``` -## Step-08: c11-acm-certificatemanager.tf -- [Terraform AWS ACM Module](https://registry.terraform.io/modules/terraform-aws-modules/acm/aws/latest) -- Create a SAN SSL Certificate using DNS Validation with Route53 -- This is required for us with ALB Load Balancer HTTPS Listener to associate SSL certificate to it -- Test trimsuffic function using `terraform console` -```t -# Terraform Console -terraform console - -# Provide Trim Suffix Function -trimsuffix("devopsincloud.com.", ".") - -# Verify Output -"devopsincloud.com" -``` -- **ACM Module Terraform Configuration** -```t -# ACM Module - To create and Verify SSL Certificates -module "acm" { - source = "terraform-aws-modules/acm/aws" - version = "~> 2.0" - - domain_name = trimsuffix(data.aws_route53_zone.mydomain.name, ".") - zone_id = data.aws_route53_zone.mydomain.id - subject_alternative_names = [ - "*.devopsincloud.com" - ] - tags = local.common_tags -} - -# Output ACM Certificate ARN -output "acm_certificate_arn" { - description = "ACM Certificate ARN" - value = module.acm.this_acm_certificate_arn -} -``` - -## Step-09: c10-02-ALB-application-loadbalancer.tf -- [Terraform ALB Module](https://registry.terraform.io/modules/terraform-aws-modules/alb/aws/latest) -- [Terraform ALB Module - Complete Example](https://registry.terraform.io/modules/terraform-aws-modules/alb/aws/latest/examples/complete-alb) -### Step-09-01: HTTP to HTTPS Redirect -```t - # HTTP Listener - HTTP to HTTPS Redirect - http_tcp_listeners = [ - { - port = 80 - protocol = "HTTP" - action_type = "redirect" - redirect = { - port = "443" - protocol = "HTTPS" - status_code = "HTTP_301" - } - } - ] -``` -### Step-09-02: Add Target Group app2 -```t - # App2 Target Group - TG Index = 1 - { - name_prefix = "app2-" - backend_protocol = "HTTP" - backend_port = 80 - target_type = "instance" - deregistration_delay = 10 - health_check = { - enabled = true - interval = 30 - path = "/app2/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - protocol = "HTTP" - matcher = "200-399" - } - protocol_version = "HTTP1" - # App2 Target Group - Targets - targets = { - my_app2_vm1 = { - target_id = module.ec2_private_app2.id[0] - port = 80 - }, - my_app2_vm2 = { - target_id = module.ec2_private_app2.id[1] - port = 80 - } - } - tags =local.common_tags # Target Group Tags - } -``` -### Step-09-03: Add HTTPS Listener -1. Associate SSL Certificate ARN -2. Add fixed response for Root Context `/*` -```t - # HTTPS Listener - https_listeners = [ - # HTTPS Listener Index = 0 for HTTPS 443 - { - port = 443 - protocol = "HTTPS" - certificate_arn = module.acm.this_acm_certificate_arn - action_type = "fixed-response" - fixed_response = { - content_type = "text/plain" - message_body = "Fixed Static message - for Root Context" - status_code = "200" - } - }, - ] -``` -### Step-09-04: Add HTTPS Listener Rules -- Understand about `https_listener_index` -- Create Rule-1: /app1* should go to App1 EC2 Instances -- Understand about `target_group_index` -- Create Rule-2: /app2* should go to App2 EC2 Instances -```t - - # HTTPS Listener Rules - https_listener_rules = [ - # Rule-1: /app1* should go to App1 EC2 Instances - { - https_listener_index = 0 - actions = [ - { - type = "forward" - target_group_index = 0 - } - ] - conditions = [{ - path_patterns = ["/app1*"] - }] - }, - # Rule-2: /app2* should go to App2 EC2 Instances - { - https_listener_index = 0 - actions = [ - { - type = "forward" - target_group_index = 1 - } - ] - conditions = [{ - path_patterns = ["/app2*"] - }] - }, - ] -``` -## Step-10: c12-route53-dnsregistration.tf -- [Route53 Record Resource](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) -```t -# DNS Registration -resource "aws_route53_record" "apps_dns" { - zone_id = data.aws_route53_zone.mydomain.id - name = "apps9.devopsincloud.com" - type = "A" - - alias { - name = module.alb.this_lb_dns_name - zone_id = module.alb.this_lb_zone_id - evaluate_target_health = true - } -} -``` - -## Step-11: Execute Terraform Commands -```t -# Terraform Initialize -terraform init - -# Terraform Validate -terraform validate - -# Terraform Plan -terraform plan - -# Terraform Apply -terraform apply -auto-approve - -# Verify -Observation: -1. Verify EC2 Instances for App1 -2. Verify EC2 Instances for App2 -3. Verify Load Balancer SG - Primarily SSL 443 Rule -4. Verify ALB Listener - HTTP:80 - Should contain a redirect from HTTP to HTTPS -5. Verify ALB Listener - HTTPS:443 - Should contain 3 rules -5.1 /app1* to app1-tg -5.2 /app2* to app2-tg -5.3 /* return Fixed response -6. Verify ALB Target Groups App1 and App2, Targets (should be healthy) -5. Verify SSL Certificate (Certificate Manager) -6. Verify Route53 DNS Record - -# Test (Domain will be different for you based on your registered domain) -# Note: All the below URLS shoud redirect from HTTP to HTTPS -1. Fixed Response: http://apps.devopsincloud.com -2. App1 Landing Page: http://apps.devopsincloud.com/app1/index.html -3. App1 Metadata Page: http://apps.devopsincloud.com/app1/metadata.html -4. App2 Landing Page: http://apps.devopsincloud.com/app2/index.html -5. App2 Metadata Page: http://apps.devopsincloud.com/app2/metadata.html -``` - -## Step-12: Clean-Up -```t -# Terraform Destroy -terraform destroy -auto-approve - -# Delete files -rm -rf .terraform* -rm -rf terraform.tfstate* -``` - - -## References -- [Terraform AWS ALB](https://github.com/terraform-aws-modules/terraform-aws-alb) diff --git a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/README.md b/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/README.md deleted file mode 100644 index 9f951543..00000000 --- a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/README.md +++ /dev/null @@ -1,411 +0,0 @@ -# AWS ALB Context Path based Routing using Terraform - -## Step-00: Pre-requisites -- You need a Registered Domain in AWS Route53 to implement this usecase -- Lets discuss more about it -- Go to AWS Services -> Route53 -> Domains -> Registered Domains -> Register Domain -- Choose a domain name: abcabc.com and click on **Check** -- If available, click on **Add to Cart** and Click on **Continue** -- Provide `Contact Details for Your 1 Domain` and Click on **Continue** -- Terms and Conditions: Check and click on **Complete Order** -- Go back to **Billing** and complete the payment for the domain to be approved -- Copy your `terraform-key.pem` file to `terraform-manifests/private-key` folder - -## Step-01: Introduction -- We are going to implement Context Path based Routing in AWS Application Load Balancer using Terraform. -- To achieve that we are going to implement many series of steps. -- We are going to implement the following using AWS ALB -1. Fixed Response for /* : http://apps.devopsincloud.com -2. App1 /app1* goes to App1 EC2 Instances: http://apps.devopsincloud.com/app1/index.html -3. App2 /app2* goes to App2 EC2 Instances: http://apps.devopsincloud.com/app2/index.html -4. HTTP to HTTPS Redirect - -## Step-02: Copy all files from previous section -- We are going to copy all files from previous section `09-AWS-ALB-Application-LoadBalancer-Basic` -- Files from `c1 to c10` -- Create new files - - c6-02-datasource-route53-zone.tf - - c11-acm-certificatemanager.tf - - c12-route53-dnsregistration.tf -- Review the files - - app1-install.sh - - app2-install.sh - -## Step-03: c5-05-securitygroup-loadbalancersg.tf -- Update load balancer security group to allow port 443 -```t - ingress_rules = ["http-80-tcp", "https-443-tcp"] -``` - -## Step-04: c6-02-datasource-route53-zone.tf -- Define the datasource for [Route53 Zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_zone) -```t -# Get DNS information from AWS Route53 -data "aws_route53_zone" "mydomain" { - name = "devopsincloud.com" -} - -# Output MyDomain Zone ID -output "mydomain_zoneid" { - description = "The Hosted Zone id of the desired Hosted Zone" - value = data.aws_route53_zone.mydomain.zone_id -} -``` - -## Step-05: c7-04-ec2instance-private-app1.tf -- We will change the module name from `ec2_private` to `ec2_private_app1` -- We will change the `name` to `"${var.environment}-app1"` -```t -# AWS EC2 Instance Terraform Module -# EC2 Instances that will be created in VPC Private Subnets for App1 -module "ec2_private_app1" { - depends_on = [ module.vpc ] # VERY VERY IMPORTANT else userdata webserver provisioning will fail - source = "terraform-aws-modules/ec2-instance/aws" - #version = "2.17.0" - version = "5.5.0" - # insert the 10 required variables here - name = "${var.environment}-app1" - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - user_data = file("${path.module}/app1-install.sh") - tags = local.common_tags - - -# Changes as part of Module version from 2.17.0 to 5.5.0 - for_each = toset(["0", "1"]) - subnet_id = element(module.vpc.private_subnets, tonumber(each.key)) - vpc_security_group_ids = [module.private_sg.security_group_id] -} -``` - -## Step-06: c7-05-ec2instance-private-app2.tf -- Create new EC2 Instances for App2 Application -- **Module Name:** ec2_private_app2 -- **Name:** `"${var.environment}-app2"` -- **User Data:** `user_data = file("${path.module}/app2-install.sh")` -```t -# AWS EC2 Instance Terraform Module -# EC2 Instances that will be created in VPC Private Subnets for App2 -module "ec2_private_app2" { - depends_on = [ module.vpc ] # VERY VERY IMPORTANT else userdata webserver provisioning will fail - source = "terraform-aws-modules/ec2-instance/aws" - #version = "2.17.0" - version = "5.5.0" - # insert the 10 required variables here - name = "${var.environment}-app2" - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - user_data = file("${path.module}/app2-install.sh") - tags = local.common_tags - -# Changes as part of Module version from 2.17.0 to 5.5.0 - for_each = toset(["0", "1"]) - subnet_id = element(module.vpc.private_subnets, tonumber(each.key)) - vpc_security_group_ids = [module.private_sg.security_group_id] -} -``` - -## Step-07: c7-02-ec2instance-outputs.tf -- Update App1 and App2 Outputs based on new module names -```t - -# Private EC2 Instances - App1 -## ec2_private_instance_ids -output "ec2_private_instance_ids_app1" { - description = "List of IDs of instances" - value = [for ec2private in module.ec2_private_app1: ec2private.id ] -} - -## ec2_private_ip -output "ec2_private_ip_app1" { - description = "List of private IP addresses assigned to the instances" - value = [for ec2private in module.ec2_private_app1: ec2private.private_ip ] -} - - -# Private EC2 Instances - App2 -## ec2_private_instance_ids -output "ec2_private_instance_ids_app2" { - description = "List of IDs of instances" - value = [for ec2private in module.ec2_private_app2: ec2private.id ] -} - -## ec2_private_ip -output "ec2_private_ip_app2" { - description = "List of private IP addresses assigned to the instances" - value = [for ec2private in module.ec2_private_app2: ec2private.private_ip ] -} -``` -## Step-08: c11-acm-certificatemanager.tf -- [Terraform AWS ACM Module](https://registry.terraform.io/modules/terraform-aws-modules/acm/aws/latest) -- Create a SAN SSL Certificate using DNS Validation with Route53 -- This is required for us with ALB Load Balancer HTTPS Listener to associate SSL certificate to it -- Test trimsuffic function using `terraform console` -```t -# Terraform Console -terraform console - -# Provide Trim Suffix Function -trimsuffix("devopsincloud.com.", ".") - -# Verify Output -"devopsincloud.com" -``` -- **ACM Module Terraform Configuration** -```t -# ACM Module - To create and Verify SSL Certificates -module "acm" { - source = "terraform-aws-modules/acm/aws" - #version = "2.14.0" - version = "5.0.0" - - domain_name = trimsuffix(data.aws_route53_zone.mydomain.name, ".") - zone_id = data.aws_route53_zone.mydomain.zone_id - - subject_alternative_names = [ - "*.devopsincloud.com" - ] - tags = local.common_tags - - # Validation Method - validation_method = "DNS" - wait_for_validation = true -} - -# Output ACM Certificate ARN -output "acm_certificate_arn" { - description = "The ARN of the certificate" - value = module.acm.acm_certificate_arn -} -``` - -## Step-09: c10-02-ALB-application-loadbalancer.tf -- [Terraform ALB Module](https://registry.terraform.io/modules/terraform-aws-modules/alb/aws/latest) -- [Terraform ALB Module - Complete Example](https://registry.terraform.io/modules/terraform-aws-modules/alb/aws/latest/examples/complete-alb) -### Step-09-01: Create Target Groups mytg1 and mytg2 -```t -# Target Groups - target_groups = { - # Target Group-1: mytg1 - mytg1 = { - # VERY IMPORTANT: We will create aws_lb_target_group_attachment resource separately when we use create_attachment = false, refer above GitHub issue URL. - ## Github ISSUE: https://github.com/terraform-aws-modules/terraform-aws-alb/issues/316 - ## Search for "create_attachment" to jump to that Github issue solution - create_attachment = false - name_prefix = "mytg1-" - protocol = "HTTP" - port = 80 - target_type = "instance" - deregistration_delay = 10 - load_balancing_cross_zone_enabled = false - protocol_version = "HTTP1" - health_check = { - enabled = true - interval = 30 - path = "/app1/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - protocol = "HTTP" - matcher = "200-399" - }# End of Health Check Block - tags = local.common_tags # Target Group Tags - } # END of Target Group-1: mytg1 - - # Target Group-2: mytg2 - mytg2 = { - # VERY IMPORTANT: We will create aws_lb_target_group_attachment resource separately when we use create_attachment = false, refer above GitHub issue URL. - ## Github ISSUE: https://github.com/terraform-aws-modules/terraform-aws-alb/issues/316 - ## Search for "create_attachment" to jump to that Github issue solution - create_attachment = false - name_prefix = "mytg2-" - protocol = "HTTP" - port = 80 - target_type = "instance" - deregistration_delay = 10 - load_balancing_cross_zone_enabled = false - protocol_version = "HTTP1" - health_check = { - enabled = true - interval = 30 - path = "/app2/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - protocol = "HTTP" - matcher = "200-399" - } - tags = local.common_tags # Target Group Tags - } # END of Target Group-2: mytg2 - } # END OF target_groups -``` - -### Step-09-02: Create Load Balancer Target Group Attachment -```t -# mytg1: LB Target Group Attachment -resource "aws_lb_target_group_attachment" "mytg1" { - for_each = {for k,v in module.ec2_private_app1: k => v} - target_group_arn = module.alb.target_groups["mytg1"].arn - target_id = each.value.id - port = 80 -} - -# mytg2: LB Target Group Attachment -resource "aws_lb_target_group_attachment" "mytg2" { - for_each = {for k,v in module.ec2_private_app2: k => v} - target_group_arn = module.alb.target_groups["mytg2"].arn - target_id = each.value.id - port = 80 -} -``` - -### Step-09-03: Listener-1: HTTP to HTTPS Redirect -```t - # Listener-1: my-http-https-redirect - my-http-https-redirect = { - port = 80 - protocol = "HTTP" - redirect = { - port = "443" - protocol = "HTTPS" - status_code = "HTTP_301" - } - }# End my-http-https-redirect Listener - -``` -### Step-09-04: Create HTTPS Listener with HTTP Rules for App1 and App2 -```t - # Listener-2: my-https-listener - my-https-listener = { - port = 443 - protocol = "HTTPS" - ssl_policy = "ELBSecurityPolicy-TLS13-1-2-Res-2021-06" - certificate_arn = module.acm.acm_certificate_arn - - # Fixed Response for Root Context - fixed_response = { - content_type = "text/plain" - message_body = "Fixed Static message - for Root Context" - status_code = "200" - }# End of Fixed Response - - # Load Balancer Rules - rules = { - # Rule-1: myapp1-rule - myapp1-rule = { - actions = [{ - type = "weighted-forward" - target_groups = [ - { - target_group_key = "mytg1" - weight = 1 - } - ] - stickiness = { - enabled = true - duration = 3600 - } - }] - conditions = [{ - path_pattern = { - values = ["/app1*"] - } - }] - }# End of myapp1-rule - # Rule-2: myapp2-rule - myapp2-rule = { - actions = [{ - type = "weighted-forward" - target_groups = [ - { - target_group_key = "mytg2" - weight = 1 - } - ] - stickiness = { - enabled = true - duration = 3600 - } - }] - conditions = [{ - path_pattern = { - values = ["/app2*"] - } - }] - }# End of myapp2-rule Block - }# End Rules Block - }# End my-https-listener Block -``` - -## Step-10: c12-route53-dnsregistration.tf -- [Route53 Record Resource](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) -```t -# DNS Registration -resource "aws_route53_record" "apps_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = "apps.devopsincloud.com" - type = "A" - alias { - #name = module.alb.this_lb_dns_name - #zone_id = module.alb.this_lb_zone_id - name = module.alb.dns_name - zone_id = module.alb.zone_id - evaluate_target_health = true - } -} -``` - -## Step-11: Execute Terraform Commands -```t -# Terraform Initialize -terraform init - -# Terraform Validate -terraform validate - -# Terraform Plan -terraform plan - -# Terraform Apply -terraform apply -auto-approve - -# Verify -Observation: -1. Verify EC2 Instances for App1 -2. Verify EC2 Instances for App2 -3. Verify Load Balancer SG - Primarily SSL 443 Rule -4. Verify ALB Listener - HTTP:80 - Should contain a redirect from HTTP to HTTPS -5. Verify ALB Listener - HTTPS:443 - Should contain 3 rules -5.1 /app1* to app1-tg -5.2 /app2* to app2-tg -5.3 /* return Fixed response -6. Verify ALB Target Groups App1 and App2, Targets (should be healthy) -5. Verify SSL Certificate (Certificate Manager) -6. Verify Route53 DNS Record - -# Test (Domain will be different for you based on your registered domain) -# Note: All the below URLS shoud redirect from HTTP to HTTPS -1. Fixed Response: http://apps.devopsincloud.com -2. App1 Landing Page: http://apps.devopsincloud.com/app1/index.html -3. App1 Metadata Page: http://apps.devopsincloud.com/app1/metadata.html -4. App2 Landing Page: http://apps.devopsincloud.com/app2/index.html -5. App2 Metadata Page: http://apps.devopsincloud.com/app2/metadata.html -``` - -## Step-12: Clean-Up -```t -# Terraform Destroy -terraform destroy -auto-approve - -# Delete files -rm -rf .terraform* -rm -rf terraform.tfstate* -``` - - -## References -- [Terraform AWS ALB](https://github.com/terraform-aws-modules/terraform-aws-alb) diff --git a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/UPGRADES.md b/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/UPGRADES.md deleted file mode 100644 index 1d709409..00000000 --- a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/UPGRADES.md +++ /dev/null @@ -1,255 +0,0 @@ -# Terraform Manifest Upgrades - -## Step-01: Upgrade EC2 Private Instances -### Which files need changes? -- c7-04-ec2instance-private-app1.tf -- c7-05-ec2instance-private-app2.tf -### Why are these changes required ? -1. `count` meta-argument not supported for creating multiple instances -2. We need to switch the code to `for_each` to support creating multiple instances -```t -# Change-1: Module Version - source = "terraform-aws-modules/ec2-instance/aws" - #version = "2.17.0" - version = "5.5.0" - -# Change-2: Change from count to for_each -1. count meta-argument not supported for creating multiple instances -2. We need to switch the code to for_each to support creating multiple instances - -# Changes as part of Module version from 2.17.0 to 5.5.0 - for_each = toset(["0", "1"]) - subnet_id = element(module.vpc.private_subnets, tonumber(each.key)) - vpc_security_group_ids = [module.private_sg.security_group_id] - -# BELOW CODE COMMENTED AS PART OF MODULE UPGRADE TO 5.5.0 -/* subnet_ids = [ - module.vpc.private_subnets[0], - module.vpc.private_subnets[1] - ] - instance_count = var.private_instance_count - vpc_security_group_ids = [module.private_sg.this_security_group_id] -*/ -``` - -## Step-02: c7-02-ec2instance-outputs.tf -- Updated the outputs with `for loop` to support the `for_each` used for creating `ec2_private` instances -```t - -# Private EC2 Instances - App1 -## ec2_private_instance_ids -output "ec2_private_instance_ids_app1" { - description = "List of IDs of instances" - value = [for ec2private in module.ec2_private_app1: ec2private.id ] -} - -## ec2_private_ip -output "ec2_private_ip_app1" { - description = "List of private IP addresses assigned to the instances" - value = [for ec2private in module.ec2_private_app1: ec2private.private_ip ] -} - - -# Private EC2 Instances - App2 -## ec2_private_instance_ids -output "ec2_private_instance_ids_app2" { - description = "List of IDs of instances" - value = [for ec2private in module.ec2_private_app2: ec2private.id ] -} - -## ec2_private_ip -output "ec2_private_ip_app2" { - description = "List of private IP addresses assigned to the instances" - value = [for ec2private in module.ec2_private_app2: ec2private.private_ip ] -} -``` - -## Step-03: c10-02-ALB-application-loadbalancer.tf -```t -# Terraform AWS Application Load Balancer (ALB) -module "alb" { - source = "terraform-aws-modules/alb/aws" - #version = "5.16.0" - version = "9.2.0" - - name = "${local.name}-alb" - load_balancer_type = "application" - vpc_id = module.vpc.vpc_id - subnets = module.vpc.public_subnets - security_groups = [module.loadbalancer_sg.security_group_id] - - # For example only - enable_deletion_protection = false - -# Listeners - listeners = { - # Listener-1: my-http-https-redirect - my-http-https-redirect = { - port = 80 - protocol = "HTTP" - redirect = { - port = "443" - protocol = "HTTPS" - status_code = "HTTP_301" - } - }# End my-http-https-redirect Listener - - # Listener-2: my-https-listener - my-https-listener = { - port = 443 - protocol = "HTTPS" - ssl_policy = "ELBSecurityPolicy-TLS13-1-2-Res-2021-06" - certificate_arn = module.acm.acm_certificate_arn - - # Fixed Response for Root Context - fixed_response = { - content_type = "text/plain" - message_body = "Fixed Static message - for Root Context" - status_code = "200" - }# End of Fixed Response - - # Load Balancer Rules - rules = { - # Rule-1: myapp1-rule - myapp1-rule = { - actions = [{ - type = "weighted-forward" - target_groups = [ - { - target_group_key = "mytg1" - weight = 1 - } - ] - stickiness = { - enabled = true - duration = 3600 - } - }] - conditions = [{ - path_pattern = { - values = ["/app1*"] - } - }] - }# End of myapp1-rule - # Rule-2: myapp2-rule - myapp2-rule = { - actions = [{ - type = "weighted-forward" - target_groups = [ - { - target_group_key = "mytg2" - weight = 1 - } - ] - stickiness = { - enabled = true - duration = 3600 - } - }] - conditions = [{ - path_pattern = { - values = ["/app2*"] - } - }] - }# End of myapp2-rule Block - }# End Rules Block - }# End my-https-listener Block - }# End Listeners Block - -# Target Groups - target_groups = { - # Target Group-1: mytg1 - mytg1 = { - # VERY IMPORTANT: We will create aws_lb_target_group_attachment resource separately when we use create_attachment = false, refer above GitHub issue URL. - ## Github ISSUE: https://github.com/terraform-aws-modules/terraform-aws-alb/issues/316 - ## Search for "create_attachment" to jump to that Github issue solution - create_attachment = false - name_prefix = "mytg1-" - protocol = "HTTP" - port = 80 - target_type = "instance" - deregistration_delay = 10 - load_balancing_cross_zone_enabled = false - protocol_version = "HTTP1" - health_check = { - enabled = true - interval = 30 - path = "/app1/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - protocol = "HTTP" - matcher = "200-399" - }# End of Health Check Block - tags = local.common_tags # Target Group Tags - } # END of Target Group-1: mytg1 - - # Target Group-1: mytg2 - mytg2 = { - # VERY IMPORTANT: We will create aws_lb_target_group_attachment resource separately, refer above GitHub issue URL. - create_attachment = false - name_prefix = "mytg2-" - protocol = "HTTP" - port = 80 - target_type = "instance" - deregistration_delay = 10 - load_balancing_cross_zone_enabled = false - protocol_version = "HTTP1" - health_check = { - enabled = true - interval = 30 - path = "/app2/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - protocol = "HTTP" - matcher = "200-399" - } - tags = local.common_tags # Target Group Tags - } # END of Target Group-2: mytg2 - } # END OF target_groups - tags = local.common_tags # ALB Tags -}# End of alb module - -# mytg1: LB Target Group Attachment -resource "aws_lb_target_group_attachment" "mytg1" { - for_each = {for k,v in module.ec2_private_app1: k => v} - target_group_arn = module.alb.target_groups["mytg1"].arn - target_id = each.value.id - port = 80 -} - -# mytg2: LB Target Group Attachment -resource "aws_lb_target_group_attachment" "mytg2" { - for_each = {for k,v in module.ec2_private_app2: k => v} - target_group_arn = module.alb.target_groups["mytg2"].arn - target_id = each.value.id - port = 80 -} -``` - -## Step-04: c11-acm-certificatemanager.tf -```t - # Change-1: ACM module upgraded - source = "terraform-aws-modules/acm/aws" - #version = "2.14.0" - version = "5.0.0" - -# Change-2: Added Validation Method - # Validation Method - validation_method = "DNS" - wait_for_validation = true -``` - -## Step-05: c12-route53-dnsregistration.tf -```t -# Before - name = module.alb.this_lb_dns_name - zone_id = module.alb.this_lb_zone_id - -# After (Removed this_) - name = module.alb.dns_name - zone_id = module.alb.zone_id -``` \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/app1-install.sh b/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/app1-install.sh deleted file mode 100644 index f697dd1d..00000000 --- a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/app1-install.sh +++ /dev/null @@ -1,12 +0,0 @@ -#! /bin/bash -# Instance Identity Metadata Reference - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html -sudo yum update -y -sudo yum install -y httpd -sudo systemctl enable httpd -sudo service httpd start -sudo echo 'Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app1/index.html -sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app1/metadata.html - - diff --git a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/app2-install.sh b/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/app2-install.sh deleted file mode 100644 index 805d4bea..00000000 --- a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/app2-install.sh +++ /dev/null @@ -1,12 +0,0 @@ -#! /bin/bash -# Instance Identity Metadata Reference - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html -sudo yum update -y -sudo yum install -y httpd -sudo systemctl enable httpd -sudo service httpd start -sudo echo 'Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app2/index.html -sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app2/metadata.html - - diff --git a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c1-versions.tf b/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c1-versions.tf deleted file mode 100644 index 7fa6c2d0..00000000 --- a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c1-versions.tf +++ /dev/null @@ -1,24 +0,0 @@ -# Terraform Block -terraform { - required_version = ">= 1.6" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 5.0" - } - null = { - source = "hashicorp/null" - version = "~> 3.0" - } - } -} - -# Provider Block -provider "aws" { - region = var.aws_region - profile = "default" -} -/* -Note-1: AWS Credentials Profile (profile = "default") configured on your local desktop terminal -$HOME/.aws/credentials -*/ diff --git a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf b/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf deleted file mode 100644 index 0aeebd65..00000000 --- a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf +++ /dev/null @@ -1,3 +0,0 @@ -# Terraform AWS Application Load Balancer Variables -# Place holder file for AWS ALB Variables - diff --git a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c10-02-ALB-application-loadbalancer.tf b/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c10-02-ALB-application-loadbalancer.tf deleted file mode 100644 index 17233ddc..00000000 --- a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c10-02-ALB-application-loadbalancer.tf +++ /dev/null @@ -1,165 +0,0 @@ -# Terraform AWS Application Load Balancer (ALB) -module "alb" { - source = "terraform-aws-modules/alb/aws" - #version = "5.16.0" - version = "9.4.0" - - name = "${local.name}-alb" - load_balancer_type = "application" - vpc_id = module.vpc.vpc_id - subnets = module.vpc.public_subnets - security_groups = [module.loadbalancer_sg.security_group_id] - - # For example only - enable_deletion_protection = false - -# Listeners - listeners = { - # Listener-1: my-http-https-redirect - my-http-https-redirect = { - port = 80 - protocol = "HTTP" - redirect = { - port = "443" - protocol = "HTTPS" - status_code = "HTTP_301" - } - }# End my-http-https-redirect Listener - - # Listener-2: my-https-listener - my-https-listener = { - port = 443 - protocol = "HTTPS" - ssl_policy = "ELBSecurityPolicy-TLS13-1-2-Res-2021-06" - certificate_arn = module.acm.acm_certificate_arn - - # Fixed Response for Root Context - fixed_response = { - content_type = "text/plain" - message_body = "Fixed Static message - for Root Context" - status_code = "200" - }# End of Fixed Response - - # Load Balancer Rules - rules = { - # Rule-1: myapp1-rule - myapp1-rule = { - actions = [{ - type = "weighted-forward" - target_groups = [ - { - target_group_key = "mytg1" - weight = 1 - } - ] - stickiness = { - enabled = true - duration = 3600 - } - }] - conditions = [{ - path_pattern = { - values = ["/app1*"] - } - }] - }# End of myapp1-rule - # Rule-2: myapp2-rule - myapp2-rule = { - actions = [{ - type = "weighted-forward" - target_groups = [ - { - target_group_key = "mytg2" - weight = 1 - } - ] - stickiness = { - enabled = true - duration = 3600 - } - }] - conditions = [{ - path_pattern = { - values = ["/app2*"] - } - }] - }# End of myapp2-rule Block - }# End Rules Block - }# End my-https-listener Block - }# End Listeners Block - -# Target Groups - target_groups = { - # Target Group-1: mytg1 - mytg1 = { - # VERY IMPORTANT: We will create aws_lb_target_group_attachment resource separately when we use create_attachment = false, refer above GitHub issue URL. - ## Github ISSUE: https://github.com/terraform-aws-modules/terraform-aws-alb/issues/316 - ## Search for "create_attachment" to jump to that Github issue solution - create_attachment = false - name_prefix = "mytg1-" - protocol = "HTTP" - port = 80 - target_type = "instance" - deregistration_delay = 10 - load_balancing_cross_zone_enabled = false - protocol_version = "HTTP1" - health_check = { - enabled = true - interval = 30 - path = "/app1/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - protocol = "HTTP" - matcher = "200-399" - }# End of Health Check Block - tags = local.common_tags # Target Group Tags - } # END of Target Group-1: mytg1 - - # Target Group-1: mytg2 - mytg2 = { - # VERY IMPORTANT: We will create aws_lb_target_group_attachment resource separately when we use create_attachment = false, refer above GitHub issue URL. - ## Github ISSUE: https://github.com/terraform-aws-modules/terraform-aws-alb/issues/316 - ## Search for "create_attachment" to jump to that Github issue solution - create_attachment = false - name_prefix = "mytg2-" - protocol = "HTTP" - port = 80 - target_type = "instance" - deregistration_delay = 10 - load_balancing_cross_zone_enabled = false - protocol_version = "HTTP1" - health_check = { - enabled = true - interval = 30 - path = "/app2/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - protocol = "HTTP" - matcher = "200-399" - } - tags = local.common_tags # Target Group Tags - } # END of Target Group-2: mytg2 - } # END OF target_groups - tags = local.common_tags # ALB Tags -}# End of alb module - -# mytg1: LB Target Group Attachment -resource "aws_lb_target_group_attachment" "mytg1" { - for_each = {for k,v in module.ec2_private_app1: k => v} - target_group_arn = module.alb.target_groups["mytg1"].arn - target_id = each.value.id - port = 80 -} - -# mytg2: LB Target Group Attachment -resource "aws_lb_target_group_attachment" "mytg2" { - for_each = {for k,v in module.ec2_private_app2: k => v} - target_group_arn = module.alb.target_groups["mytg2"].arn - target_id = each.value.id - port = 80 -} - diff --git a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf b/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf deleted file mode 100644 index a8edad22..00000000 --- a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf +++ /dev/null @@ -1,54 +0,0 @@ -# Terraform AWS Application Load Balancer (ALB) Outputs -################################################################################ -# Load Balancer -################################################################################ - -output "id" { - description = "The ID and ARN of the load balancer we created" - value = module.alb.id -} - -output "arn" { - description = "The ID and ARN of the load balancer we created" - value = module.alb.arn -} - -output "arn_suffix" { - description = "ARN suffix of our load balancer - can be used with CloudWatch" - value = module.alb.arn_suffix -} - -output "dns_name" { - description = "The DNS name of the load balancer" - value = module.alb.dns_name -} - -output "zone_id" { - description = "The zone_id of the load balancer to assist with creating DNS records" - value = module.alb.zone_id -} - -################################################################################ -# Listener(s) -################################################################################ - -output "listeners" { - description = "Map of listeners created and their attributes" - value = module.alb.listeners - sensitive = true -} - -output "listener_rules" { - description = "Map of listeners rules created and their attributes" - value = module.alb.listener_rules - sensitive = true -} - -################################################################################ -# Target Group(s) -################################################################################ - -output "target_groups" { - description = "Map of target groups created and their attributes" - value = module.alb.target_groups -} diff --git a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c11-acm-certificatemanager.tf b/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c11-acm-certificatemanager.tf deleted file mode 100644 index 930bcde8..00000000 --- a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c11-acm-certificatemanager.tf +++ /dev/null @@ -1,28 +0,0 @@ -# ACM Module - To create and Verify SSL Certificates -module "acm" { - source = "terraform-aws-modules/acm/aws" - #version = "2.14.0" - version = "5.0.0" - - domain_name = trimsuffix(data.aws_route53_zone.mydomain.name, ".") - zone_id = data.aws_route53_zone.mydomain.zone_id - - subject_alternative_names = [ - "*.devopsincloud.com" - ] - tags = local.common_tags - - # Module Upgrade Change-1 - # Validation Method - validation_method = "DNS" - wait_for_validation = true -} - -# Output ACM Certificate ARN -output "acm_certificate_arn" { - description = "The ARN of the certificate" - # Module Upgrade Change-2 - #value = module.acm.this_acm_certificate_arn - value = module.acm.acm_certificate_arn -} - diff --git a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c12-route53-dnsregistration.tf b/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c12-route53-dnsregistration.tf deleted file mode 100644 index fd733896..00000000 --- a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c12-route53-dnsregistration.tf +++ /dev/null @@ -1,13 +0,0 @@ -# DNS Registration -resource "aws_route53_record" "apps_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = "apps.devopsincloud.com" - type = "A" - alias { - #name = module.alb.this_lb_dns_name - #zone_id = module.alb.this_lb_zone_id - name = module.alb.dns_name - zone_id = module.alb.zone_id - evaluate_target_health = true - } -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c2-generic-variables.tf b/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c2-generic-variables.tf deleted file mode 100644 index c238ceaa..00000000 --- a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c2-generic-variables.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Input Variables -# AWS Region -variable "aws_region" { - description = "Region in which AWS Resources to be created" - type = string - default = "us-east-1" -} -# Environment Variable -variable "environment" { - description = "Environment Variable used as a prefix" - type = string - default = "dev" -} -# Business Division -variable "business_divsion" { - description = "Business Division in the large organization this Infrastructure belongs" - type = string - default = "sap" -} diff --git a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c3-local-values.tf b/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c3-local-values.tf deleted file mode 100644 index 9465b846..00000000 --- a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c3-local-values.tf +++ /dev/null @@ -1,11 +0,0 @@ -# Define Local Values in Terraform -locals { - owners = var.business_divsion - environment = var.environment - name = "${var.business_divsion}-${var.environment}" - #name = "${local.owners}-${local.environment}" - common_tags = { - owners = local.owners - environment = local.environment - } -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c4-01-vpc-variables.tf b/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c4-01-vpc-variables.tf deleted file mode 100644 index b68d0a48..00000000 --- a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c4-01-vpc-variables.tf +++ /dev/null @@ -1,77 +0,0 @@ -# VPC Input Variables - -# VPC Name -variable "vpc_name" { - description = "VPC Name" - type = string - default = "myvpc" -} - -# VPC CIDR Block -variable "vpc_cidr_block" { - description = "VPC CIDR Block" - type = string - default = "10.0.0.0/16" -} - -# VPC Availability Zones -variable "vpc_availability_zones" { - description = "VPC Availability Zones" - type = list(string) - default = ["us-east-1a", "us-east-1b"] -} - -# VPC Public Subnets -variable "vpc_public_subnets" { - description = "VPC Public Subnets" - type = list(string) - default = ["10.0.101.0/24", "10.0.102.0/24"] -} - -# VPC Private Subnets -variable "vpc_private_subnets" { - description = "VPC Private Subnets" - type = list(string) - default = ["10.0.1.0/24", "10.0.2.0/24"] -} - -# VPC Database Subnets -variable "vpc_database_subnets" { - description = "VPC Database Subnets" - type = list(string) - default = ["10.0.151.0/24", "10.0.152.0/24"] -} - -# VPC Create Database Subnet Group (True / False) -variable "vpc_create_database_subnet_group" { - description = "VPC Create Database Subnet Group" - type = bool - default = true -} - -# VPC Create Database Subnet Route Table (True or False) -variable "vpc_create_database_subnet_route_table" { - description = "VPC Create Database Subnet Route Table" - type = bool - default = true -} - - -# VPC Enable NAT Gateway (True or False) -variable "vpc_enable_nat_gateway" { - description = "Enable NAT Gateways for Private Subnets Outbound Communication" - type = bool - default = true -} - -# VPC Single NAT Gateway (True or False) -variable "vpc_single_nat_gateway" { - description = "Enable only single NAT Gateway in one Availability Zone to save costs during our demos" - type = bool - default = true -} - - - - - diff --git a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c4-02-vpc-module.tf b/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c4-02-vpc-module.tf deleted file mode 100644 index 28a994ef..00000000 --- a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c4-02-vpc-module.tf +++ /dev/null @@ -1,44 +0,0 @@ -# Create VPC Terraform Module -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - #version = "2.78.0" - #version = "~> 2.78" - version = "5.2.0" - - # VPC Basic Details - name = "${local.name}-${var.vpc_name}" - cidr = var.vpc_cidr_block - azs = var.vpc_availability_zones - public_subnets = var.vpc_public_subnets - private_subnets = var.vpc_private_subnets - - # Database Subnets - database_subnets = var.vpc_database_subnets - create_database_subnet_group = var.vpc_create_database_subnet_group - create_database_subnet_route_table = var.vpc_create_database_subnet_route_table - # create_database_internet_gateway_route = true - # create_database_nat_gateway_route = true - - # NAT Gateways - Outbound Communication - enable_nat_gateway = var.vpc_enable_nat_gateway - single_nat_gateway = var.vpc_single_nat_gateway - - # VPC DNS Parameters - enable_dns_hostnames = true - enable_dns_support = true - - - tags = local.common_tags - vpc_tags = local.common_tags - - # Additional Tags to Subnets - public_subnet_tags = { - Type = "Public Subnets" - } - private_subnet_tags = { - Type = "Private Subnets" - } - database_subnet_tags = { - Type = "Private Database Subnets" - } -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c4-03-vpc-outputs.tf b/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c4-03-vpc-outputs.tf deleted file mode 100644 index c144e991..00000000 --- a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c4-03-vpc-outputs.tf +++ /dev/null @@ -1,37 +0,0 @@ -# VPC Output Values - -# VPC ID -output "vpc_id" { - description = "The ID of the VPC" - value = module.vpc.vpc_id -} - -# VPC CIDR blocks -output "vpc_cidr_block" { - description = "The CIDR block of the VPC" - value = module.vpc.vpc_cidr_block -} - -# VPC Private Subnets -output "private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc.private_subnets -} - -# VPC Public Subnets -output "public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc.public_subnets -} - -# VPC NAT gateway Public IP -output "nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_public_ips -} - -# VPC AZs -output "azs" { - description = "A list of availability zones spefified as argument to this module" - value = module.vpc.azs -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c5-01-securitygroup-variables.tf b/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c5-01-securitygroup-variables.tf deleted file mode 100644 index fecdef54..00000000 --- a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c5-01-securitygroup-variables.tf +++ /dev/null @@ -1,2 +0,0 @@ -# AWS EC2 Security Group Terraform Variables -## Placeholder file for Variables diff --git a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c5-02-securitygroup-outputs.tf b/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c5-02-securitygroup-outputs.tf deleted file mode 100644 index ca6ff040..00000000 --- a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c5-02-securitygroup-outputs.tf +++ /dev/null @@ -1,40 +0,0 @@ -# AWS EC2 Security Group Terraform Outputs - -# Public Bastion Host Security Group Outputs -## public_bastion_sg_group_id -output "public_bastion_sg_group_id" { - description = "The ID of the security group" - value = module.public_bastion_sg.security_group_id -} - -## public_bastion_sg_group_vpc_id -output "public_bastion_sg_group_vpc_id" { - description = "The VPC ID" - value = module.public_bastion_sg.security_group_vpc_id -} - -## public_bastion_sg_group_name -output "public_bastion_sg_group_name" { - description = "The name of the security group" - value = module.public_bastion_sg.security_group_name -} - -# Private EC2 Instances Security Group Outputs -## private_sg_group_id -output "private_sg_group_id" { - description = "The ID of the security group" - value = module.private_sg.security_group_id -} - -## private_sg_group_vpc_id -output "private_sg_group_vpc_id" { - description = "The VPC ID" - value = module.private_sg.security_group_vpc_id -} - -## private_sg_group_name -output "private_sg_group_name" { - description = "The name of the security group" - value = module.private_sg.security_group_name -} - diff --git a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c5-03-securitygroup-bastionsg.tf b/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c5-03-securitygroup-bastionsg.tf deleted file mode 100644 index 67f1dd30..00000000 --- a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c5-03-securitygroup-bastionsg.tf +++ /dev/null @@ -1,17 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Public Bastion Host -module "public_bastion_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - version = "5.1.0" - - name = "public-bastion-sg" - description = "Security Group with SSH port open for everybody (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} diff --git a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c5-04-securitygroup-privatesg.tf b/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c5-04-securitygroup-privatesg.tf deleted file mode 100644 index 01dcf5df..00000000 --- a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c5-04-securitygroup-privatesg.tf +++ /dev/null @@ -1,18 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Private EC2 Instances -module "private_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - version = "5.1.0" - - name = "private-sg" - description = "Security Group with HTTP & SSH port open for entire VPC Block (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp", "http-80-tcp"] - ingress_cidr_blocks = [module.vpc.vpc_cidr_block] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} - diff --git a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf b/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf deleted file mode 100644 index ca1b70ae..00000000 --- a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf +++ /dev/null @@ -1,29 +0,0 @@ -# Security Group for Public Load Balancer -module "loadbalancer_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - version = "5.1.0" - - name = "loadbalancer-sg" - description = "Security Group with HTTP open for entire Internet (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["http-80-tcp", "https-443-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags - - # Open to CIDRs blocks (rule or from_port+to_port+protocol+description) - ingress_with_cidr_blocks = [ - { - from_port = 81 - to_port = 81 - protocol = 6 - description = "Allow Port 81 from internet" - cidr_blocks = "0.0.0.0/0" - }, - ] -} - - diff --git a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c6-01-datasource-ami.tf b/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c6-01-datasource-ami.tf deleted file mode 100644 index c292b608..00000000 --- a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c6-01-datasource-ami.tf +++ /dev/null @@ -1,21 +0,0 @@ -# Get latest AMI ID for Amazon Linux2 OS -data "aws_ami" "amzlinux2" { - most_recent = true - owners = [ "amazon" ] - filter { - name = "name" - values = [ "amzn2-ami-hvm-*-gp2" ] - } - filter { - name = "root-device-type" - values = [ "ebs" ] - } - filter { - name = "virtualization-type" - values = [ "hvm" ] - } - filter { - name = "architecture" - values = [ "x86_64" ] - } -} diff --git a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c6-02-datasource-route53-zone.tf b/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c6-02-datasource-route53-zone.tf deleted file mode 100644 index a30979d5..00000000 --- a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c6-02-datasource-route53-zone.tf +++ /dev/null @@ -1,16 +0,0 @@ -# Get DNS information from AWS Route53 -data "aws_route53_zone" "mydomain" { - name = "devopsincloud.com" -} - -# Output MyDomain Zone ID -output "mydomain_zoneid" { - description = "The Hosted Zone id of the desired Hosted Zone" - value = data.aws_route53_zone.mydomain.zone_id -} - -# Output MyDomain name -output "mydomain_name" { - description = " The Hosted Zone name of the desired Hosted Zone." - value = data.aws_route53_zone.mydomain.name -} diff --git a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c7-01-ec2instance-variables.tf b/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c7-01-ec2instance-variables.tf deleted file mode 100644 index 5067bec2..00000000 --- a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c7-01-ec2instance-variables.tf +++ /dev/null @@ -1,23 +0,0 @@ -# AWS EC2 Instance Terraform Variables -# EC2 Instance Variables - -# AWS EC2 Instance Type -variable "instance_type" { - description = "EC2 Instance Type" - type = string - default = "t3.micro" -} - -# AWS EC2 Instance Key Pair -variable "instance_keypair" { - description = "AWS EC2 Key pair that need to be associated with EC2 Instance" - type = string - default = "terraform-key" -} - -# AWS EC2 Private Instance Count -variable "private_instance_count" { - description = "AWS EC2 Private Instances Count" - type = number - default = 1 -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c7-02-ec2instance-outputs.tf b/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c7-02-ec2instance-outputs.tf deleted file mode 100644 index bd6f0263..00000000 --- a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c7-02-ec2instance-outputs.tf +++ /dev/null @@ -1,45 +0,0 @@ -# AWS EC2 Instance Terraform Outputs -# Public EC2 Instances - Bastion Host - -## ec2_bastion_public_instance_ids -output "ec2_bastion_public_instance_ids" { - description = "EC2 instance ID" - value = module.ec2_public.id -} - -## ec2_bastion_public_ip -output "ec2_bastion_public_ip" { - description = "Public IP address EC2 instance" - value = module.ec2_public.public_ip -} - -# Private EC2 Instances - App1 -## ec2_private_instance_ids -output "ec2_private_instance_ids_app1" { - description = "List of IDs of instances" - value = [for ec2private in module.ec2_private_app1: ec2private.id ] -} - -## ec2_private_ip -output "ec2_private_ip_app1" { - description = "List of private IP addresses assigned to the instances" - value = [for ec2private in module.ec2_private_app1: ec2private.private_ip ] -} - -# Private EC2 Instances - App2 -## ec2_private_instance_ids -output "ec2_private_instance_ids_app2" { - description = "List of IDs of instances" - value = [for ec2private in module.ec2_private_app2: ec2private.id ] -} - -## ec2_private_ip -output "ec2_private_ip_app2" { - description = "List of private IP addresses assigned to the instances" - value = [for ec2private in module.ec2_private_app2: ec2private.private_ip ] -} - - - - - diff --git a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c7-03-ec2instance-bastion.tf b/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c7-03-ec2instance-bastion.tf deleted file mode 100644 index 5a2ae84a..00000000 --- a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c7-03-ec2instance-bastion.tf +++ /dev/null @@ -1,21 +0,0 @@ -# AWS EC2 Instance Terraform Module -# Bastion Host - EC2 Instance that will be created in VPC Public Subnet -module "ec2_public" { - source = "terraform-aws-modules/ec2-instance/aws" - #version = "2.17.0" - version = "5.5.0" - # insert the 10 required variables here - name = "${var.environment}-BastionHost" - #instance_count = 5 - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - subnet_id = module.vpc.public_subnets[0] - tags = local.common_tags - - # UPDATED - #vpc_security_group_ids = [module.public_bastion_sg.this_security_group_id] - vpc_security_group_ids = [module.public_bastion_sg.security_group_id] -} - diff --git a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c7-04-ec2instance-private-app1.tf b/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c7-04-ec2instance-private-app1.tf deleted file mode 100644 index 15a5d0fe..00000000 --- a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c7-04-ec2instance-private-app1.tf +++ /dev/null @@ -1,23 +0,0 @@ -# AWS EC2 Instance Terraform Module -# EC2 Instances that will be created in VPC Private Subnets for App1 -module "ec2_private_app1" { - depends_on = [ module.vpc ] # VERY VERY IMPORTANT else userdata webserver provisioning will fail - source = "terraform-aws-modules/ec2-instance/aws" - #version = "2.17.0" - version = "5.5.0" - # insert the 10 required variables here - name = "${var.environment}-app1" - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - user_data = file("${path.module}/app1-install.sh") - tags = local.common_tags - - -# Changes as part of Module version from 2.17.0 to 5.5.0 - for_each = toset(["0", "1"]) - subnet_id = element(module.vpc.private_subnets, tonumber(each.key)) - vpc_security_group_ids = [module.private_sg.security_group_id] -} - - diff --git a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c7-05-ec2instance-private-app2.tf b/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c7-05-ec2instance-private-app2.tf deleted file mode 100644 index dc2e568e..00000000 --- a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c7-05-ec2instance-private-app2.tf +++ /dev/null @@ -1,23 +0,0 @@ -# AWS EC2 Instance Terraform Module -# EC2 Instances that will be created in VPC Private Subnets for App2 -module "ec2_private_app2" { - depends_on = [ module.vpc ] # VERY VERY IMPORTANT else userdata webserver provisioning will fail - source = "terraform-aws-modules/ec2-instance/aws" - #version = "2.17.0" - version = "5.5.0" - # insert the 10 required variables here - name = "${var.environment}-app2" - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - user_data = file("${path.module}/app2-install.sh") - tags = local.common_tags - -# Changes as part of Module version from 2.17.0 to 5.5.0 - for_each = toset(["0", "1"]) - subnet_id = element(module.vpc.private_subnets, tonumber(each.key)) - vpc_security_group_ids = [module.private_sg.security_group_id] - -} - - diff --git a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c8-elasticip.tf b/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c8-elasticip.tf deleted file mode 100644 index 072ba506..00000000 --- a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c8-elasticip.tf +++ /dev/null @@ -1,20 +0,0 @@ -# Create Elastic IP for Bastion Host -# Resource - depends_on Meta-Argument -resource "aws_eip" "bastion_eip" { - depends_on = [ module.ec2_public, module.vpc ] - tags = local.common_tags - # COMMENTED - #instance = module.ec2_public.id[0] - #vpc = true - - # UPDATED - instance = module.ec2_public.id - domain = "vpc" -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) - provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } -} diff --git a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c9-nullresource-provisioners.tf b/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c9-nullresource-provisioners.tf deleted file mode 100644 index a4b0bcdf..00000000 --- a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/c9-nullresource-provisioners.tf +++ /dev/null @@ -1,42 +0,0 @@ -# Create a Null Resource and Provisioners -resource "null_resource" "name" { - depends_on = [module.ec2_public] - # Connection Block for Provisioners to connect to EC2 Instance - connection { - type = "ssh" - host = aws_eip.bastion_eip.public_ip - user = "ec2-user" - password = "" - private_key = file("private-key/terraform-key.pem") - } - -## File Provisioner: Copies the terraform-key.pem file to /tmp/terraform-key.pem - provisioner "file" { - source = "private-key/terraform-key.pem" - destination = "/tmp/terraform-key.pem" - } -## Remote Exec Provisioner: Using remote-exec provisioner fix the private key permissions on Bastion Host - provisioner "remote-exec" { - inline = [ - "sudo chmod 400 /tmp/terraform-key.pem" - ] - } -## Local Exec Provisioner: local-exec provisioner (Creation-Time Provisioner - Triggered during Create Resource) - provisioner "local-exec" { - command = "echo VPC created on `date` and VPC ID: ${module.vpc.vpc_id} >> creation-time-vpc-id.txt" - working_dir = "local-exec-output-files/" - #on_failure = continue - } -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) -/* provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } - */ - -} - -# Creation Time Provisioners - By default they are created during resource creations (terraform apply) -# Destory Time Provisioners - Will be executed during "terraform destroy" command (when = destroy) \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/ec2instance.auto.tfvars b/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/ec2instance.auto.tfvars deleted file mode 100644 index 2d1c0446..00000000 --- a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/ec2instance.auto.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -# EC2 Instance Variables -instance_type = "t3.micro" -instance_keypair = "terraform-key" -private_instance_count = 2 diff --git a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt b/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt deleted file mode 100644 index cc43dd39..00000000 --- a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt +++ /dev/null @@ -1,3 +0,0 @@ -VPC created on Tue Apr 20 13:59:45 IST 2021 and VPC ID: vpc-0325dc1acd7eec103 -VPC created on Wed Nov 29 09:10:12 IST 2023 and VPC ID: vpc-003afd96bf5d225cd -VPC created on Sat Dec 23 16:23:55 IST 2023 and VPC ID: vpc-0b7637a6d7e5e6fea diff --git a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/local-exec-output-files/destroy-time-prov.txt b/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/local-exec-output-files/destroy-time-prov.txt deleted file mode 100644 index 0f5964c0..00000000 --- a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/local-exec-output-files/destroy-time-prov.txt +++ /dev/null @@ -1,3 +0,0 @@ -Destroy time prov Tue Apr 20 14:11:11 IST 2021 -Destroy time prov Wed Nov 29 11:03:33 IST 2023 -Destroy time prov Sat Dec 23 16:34:56 IST 2023 diff --git a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/private-key/terraform-key.pem b/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/private-key/terraform-key.pem deleted file mode 100644 index fab1eb2a..00000000 --- a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/private-key/terraform-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAnzQtbXStFNU4znotckbPpAbQvymSYBvIRhObDObmhZLzs/Qm -lm57HBU18NcdAeEmKjHyu/2CI4Wwor3TJ+LTKHIldHmCt+26dSN5889Km99Af674 -nuPg9fTt8IXhY83aO0AeEnFivC+lk9+6Xezv7J7Llsmyx3kvUGE4uUEPNPuNcjdU -OrSlQ/Th9FPWBsTL8wLQCfQaPIQhZT8fXnvNGViTpZ/YqcoKGmkXcMl/+Pi0Xccs -ID3Egl18sV5uWr6T1DSMqhhwWYbl+IagZYUeKQ6Lg5znAtnX2/OHhDep6pGcf+aE -jbRkhQWgfLIVYhNXkAGxdxBEA2fQO0wvnaKI6wIDAQABAoIBABmUZqApmQ253LDA -TMEJw58VQUEVyuEKVbl8uPLvvqZDoEiPuAt/oOQ4PDyAM7bzmBA7ikbOSrSubF0Z -pu3HsinTfVUjmO84kTb1Bkk4S0KUMmbRlDzjXGfofLqiqD5C+wd+G9bWxQh7l10V -G3qv8TTRpuCJc+I9BG8jz9tkKq9WYtnGKXktVIAmEXK+ein8A5yj+szV1CyP0y6Y -6D1KApk+o1hLEXCBxaK6JgD4elJWgU0jCIhRFZzae93yozNIfJc2WZfPc8Ro6GBa -8H57q3E241P7S65VewhZlln9AUcRFYc587ohcCIW8mOWQ8NA3IMP+oVxa2p334Ll -duhR2jECgYEAyf7a1/+/c82B+ENyo53Y5CK2UM28oOJjiyCaWG2Dxj6V2+ZSXPrS -YTo43L9XiqT0Ry2eHjb4pJDsEeW5FnaDFO6NVUP+vfzaqWtozQmVAl3GQybbSh6g -+KJoEQff2Obadp9ZVhLFTiBedvGqPD43hs7jtmk5RfMjpLOvidfe+/UCgYEAycSJ -etYYHMMQm2NgX1/4dcbgOiu33N+x1H7LaXuvJMaZw0wB7fUyu65CAexEanDtiKs3 -jVG4tAzdMmHg7VxKR7eiCvQaSlxdWdcWtL2eFVq2TaQeowbpJUtsR0h6W0vpaN9A -VYW/oAH4fzQskwmWSlBMxB/Ie14hBCBckTXSRV8CgYEAql6WXpCK/jVbZfYdfvrn -sKPGeijM7DWGGBaLmAHmnxKyeyKsXVgAkZj11NpeD8ZJcq97Kajb1pGVSxMjJVsX -/FOoST5sYfoew76gSi/GypQlYQYo9z8WLh9s/tBRcTRlFqAYTYzPdbG/ezshhmZD -lyRw0620bNdCPOyBJhY5MPECgYA/3tFOazuSz0UQi3LUfkLetagBghlf+AgJJmIp -8BdPYvcF1ae+tiHrO4x1o188+qaW3uxk9fusM25KJqXXPaHd9gl7wi4YYAjFCcuM -R4IlbGPNTCjOnr9rKOcL4aup/uvSYOmyqPYyJq2NRuzdVumWeLj0VMNYGkIFVmE3 -LnxzrQKBgG5loEjdSKt40YOMXtYvUYUKDGvWgoQEb0hj3OqiBXz+w4YD3/iX7dbQ -qra1gCxE42Z9beiBiti6zi6zGcoVj/pfNUoyxTLMSwaytbF+g1u6ksXcmC9PXcmk -kJDR0DJcm/rcL8tp3PKo22GDB7sobm9gk5je6y8z+dQs3SQbWzb0 ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/terraform.tfvars b/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/terraform.tfvars deleted file mode 100644 index 8b9f8d7c..00000000 --- a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/terraform.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# Generic Variables -aws_region = "us-east-1" -environment = "stag" -business_divsion = "hr" - - - - - - - diff --git a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/vpc.auto.tfvars b/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/vpc.auto.tfvars deleted file mode 100644 index fc45bf29..00000000 --- a/V1-UPDATES-DEC2023/10-ALB-Path-Based-Routing/terraform-manifests/vpc.auto.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# VPC Variables -vpc_name = "myvpc" -vpc_cidr_block = "10.0.0.0/16" -vpc_availability_zones = ["us-east-1a", "us-east-1b"] -vpc_public_subnets = ["10.0.101.0/24", "10.0.102.0/24"] -vpc_private_subnets = ["10.0.1.0/24", "10.0.2.0/24"] -vpc_database_subnets= ["10.0.151.0/24", "10.0.152.0/24"] -vpc_create_database_subnet_group = true -vpc_create_database_subnet_route_table = true -vpc_enable_nat_gateway = true -vpc_single_nat_gateway = true \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/README-old.md b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/README-old.md deleted file mode 100644 index 02c51fa2..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/README-old.md +++ /dev/null @@ -1,251 +0,0 @@ ---- -title: AWS ALB Host Header based Routing using Terraform -description: Create AWS Application Load Balancer Host Header based Routing Rules usign Terraform ---- - -# AWS ALB Host Header based Routing using Terraform - -## Pre-requisites -- You need a Registered Domain in AWS Route53 to implement this usecase -- Copy your `terraform-key.pem` file to `terraform-manifests/private-key` folder - - -## Step-01: Introduction -- Implement AWS ALB Host Header based Routing - -[](https://stacksimplify.com/course-images/terraform-aws-alb-host-header-based-routing-1.png) - -[](https://stacksimplify.com/course-images/terraform-aws-alb-host-header-based-routing-2.png) - -## Step-02: Error Message realted AWS ACM Certificate Limit -- Review the AWS Support Case ID 8245155801 to demonstrate the issue and resolution from AWS -- Understand about how to submit the case related to Limit Increase for ACM Certificates. -- It will take 2 to 3 days to increase the limit and resolve the issue from AWS Side so if you want to ensure that before you hit the limit, if you want to increase you can submit the ticket well in advance. -```t -Error: Error requesting certificate: LimitExceededException: Error: you have reached your limit of 20 certificates in the last year. - - on .terraform/modules/acm/main.tf line 11, in resource "aws_acm_certificate" "this": - 11: resource "aws_acm_certificate" "this" { -``` - -## Step-03: Our Options to Continue -- **Option-1:** Submit the ticket to AWS and wait till they update the ACM certificate limit -- **Option-2:** Switch to other region and continue with our course. -- This limit you can hit at any point during your next sections of the course where you exceeded 20 times of certificate creation and deletion. -- With that said knowing to run these Terraform Manifests in other region is a better option. -- I will show you the steps you can perform to switch the region using the terraform manifests if you face this issue. -- Use this folder `terraform-manifests-us-east-2` terraform manifests to create resources in us-east-2 region. -- Review `step-04` for changes we need to perform to switch regions. - -## Step-04: Terraform Configurations to change to run in US-EAST-2 Ohio Region -### Step-04-00: Update terraform.tfvars -```t -# Before -aws_region = "us-east-1" - -# After -aws_region = "us-east-2" -``` -### Step-04-01: Update vpc.auto.tfvars -```t -# Before -vpc_availability_zones = ["us-east-1a", "us-east-1b"] - -# After -vpc_availability_zones = ["us-east-2a", "us-east-2b"] -``` -### Step-04-02: Create new EC2 Key pair in region us-east-2 Ohio -- Go to Services -> EC2 -> Network & Security -> Keypairs -- **Name:** terraform-key-us-east-2 -- **File Format:** pem -- Click on **Create keypair** -- You can have the keypair name same in us-east-2 region also so that you don't need to change anything in `c9-nullresource-provisioners.tf`. Choice is yours. -- To identify the difference, i have given different name here. - -### Step-04-03: Copy newly created keypair to private-key folder -- Copy the newly created keypair `terraform-key-us-east-2.pem` to `terraform-manifests\private-key` folder - -### Step-04-04: Give permissions as chmod 400 -``` -# KeyPair Permissions -cd terraform-manifests\private-key -chmod 400 terraform-key-us-east-2.pem -``` - -### Step-04-05: Update ec2instance.auto.tfvars -```t -# Before -instance_keypair = "terraform-key" - -# After -#instance_keypair = "terraform-key" -instance_keypair = "terraform-key-us-east-2" -``` - -### Step-04-06: Update c9-nullresource-provisioners.tf -```t -# Create a Null Resource and Provisioners -resource "null_resource" "name" { - depends_on = [module.ec2_public] - # Connection Block for Provisioners to connect to EC2 Instance - connection { - type = "ssh" - host = aws_eip.bastion_eip.public_ip - user = "ec2-user" - password = "" - private_key = file("private-key/terraform-key-us-east-2.pem") - } - -## File Provisioner: Copies the terraform-key.pem file to /tmp/terraform-key-us-east-2.pem - provisioner "file" { - source = "private-key/terraform-key-us-east-2.pem" - destination = "/tmp/terraform-key-us-east-2.pem" - } -## Remote Exec Provisioner: Using remote-exec provisioner fix the private key permissions on Bastion Host - provisioner "remote-exec" { - inline = [ - "sudo chmod 400 /tmp/terraform-key-us-east-2.pem" - ] - } -## Local Exec Provisioner: local-exec provisioner (Creation-Time Provisioner - Triggered during Create Resource) - provisioner "local-exec" { - command = "echo VPC created on `date` and VPC ID: ${module.vpc.vpc_id} >> creation-time-vpc-id.txt" - working_dir = "local-exec-output-files/" - #on_failure = continue - } -``` - -## Step-05: c10-01-ALB-application-loadbalancer-variables.tf -- We will be using these variables in two places - - c10-02-ALB-application-loadbalancer.tf - - c12-route53-dnsregistration.tf -- If we are using the values in more than one place its good to variablize that value -```t -# App1 DNS Name -variable "app1_dns_name" { - description = "App1 DNS Name" -} - -# App2 DNS Name -variable "app2_dns_name" { - description = "App2 DNS Name" -} -``` -## Step-06: loadbalancer.auto.tfvars -```t -# AWS Load Balancer Variables -app1_dns_name = "app16.devopsincloud.com" -app2_dns_name = "app26.devopsincloud.com" -``` - -## Step-06: c10-02-ALB-application-loadbalancer.tf -### Step-06-01: HTTPS Listener Rule-1 -```t - conditions = [{ - #path_patterns = ["/app1*"] - host_headers = [var.app1_dns_name] - }] -``` -### Step-06-02: HTTPS Listener Rule-2 -```t - conditions = [{ - #path_patterns = ["/app2*"] - host_headers = [var.app2_dns_name] - }] -``` - -## Step-07: c12-route53-dnsregistration.tf -### Step-07-01: App1 DNS -```t -## Default DNS -resource "aws_route53_record" "default_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = "myapps.devopsincloud.com" - type = "A" - alias { - name = module.alb.this_lb_dns_name - zone_id = module.alb.this_lb_zone_id - evaluate_target_health = true - } -} - -# DNS Registration -## App1 DNS -resource "aws_route53_record" "app1_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = var.app1_dns_name - type = "A" - alias { - name = module.alb.this_lb_dns_name - zone_id = module.alb.this_lb_zone_id - evaluate_target_health = true - } -} -``` -### Step-07-02: App2 DNS -```t -## App2 DNS -resource "aws_route53_record" "app2_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = var.app2_dns_name - type = "A" - alias { - name = module.alb.this_lb_dns_name - zone_id = module.alb.this_lb_zone_id - evaluate_target_health = true - } -} -``` - -## Step-08: Execute Terraform Commands -```t -# Terraform Initialize -terraform init - -# Terraform Validate -terraform validate - -# Terraform Plan -terraform plan - -# Terraform Apply -terraform apply -auto-approve - -# Verify -Observation: -1. Verify EC2 Instances for App1 -2. Verify EC2 Instances for App2 -3. Verify Load Balancer SG - Primarily SSL 443 Rule -4. Verify ALB Listener - HTTP:80 - Should contain a redirect from HTTP to HTTPS -5. Verify ALB Listener - HTTPS:443 - Should contain 3 rules -5.1 Host Header app1.devopsincloud.com to app1-tg -5.2 Host Header app2.devopsincloud.com toto app2-tg -5.3 Fixed Response: any other errors or any other IP or valid DNS to this LB -6. Verify ALB Target Groups App1 and App2, Targets (should be healthy) -5. Verify SSL Certificate (Certificate Manager) -6. Verify Route53 DNS Record - -# Test (Domain will be different for you based on your registered domain) -# Note: All the below URLS shoud redirect from HTTP to HTTPS -# App1 -1. App1 Landing Page index.html at Root Context of App1: http://app1.devopsincloud.com -2. App1 /app1/index.html: http://app1.devopsincloud.com/app1/index.html -3. App1 /app1/metadata.html: http://app1.devopsincloud.com/app1/metadata.html -4. Failure Case: Access App2 Directory from App1 DNS: http://app1.devopsincloud.com/app2/index.html - Should return Directory not found 404 - -# App2 -1. App2 Landing Page index.html at Root Context of App1: http://app2.devopsincloud.com -2. App1 /app2/index.html: http://app1.devopsincloud.com/app2/index.html -3. App1 /app2/metadata.html: http://app1.devopsincloud.com/app2/metadata.html -4. Failure Case: Access App2 Directory from App1 DNS: http://app2.devopsincloud.com/app1/index.html - Should return Directory not found 404 -``` - -## Step-09: Clean-Up -```t -# Terraform Destroy -terraform destroy -auto-approve - -# Delete files -rm -rf .terraform* -rm -rf terraform.tfstate* -``` \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/README.md b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/README.md deleted file mode 100644 index c4b8053e..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/README.md +++ /dev/null @@ -1,253 +0,0 @@ ---- -title: AWS ALB Host Header based Routing using Terraform -description: Create AWS Application Load Balancer Host Header based Routing Rules usign Terraform ---- - -# AWS ALB Host Header based Routing using Terraform - -## Pre-requisites -- You need a Registered Domain in AWS Route53 to implement this usecase -- Copy your `terraform-key.pem` file to `terraform-manifests/private-key` folder - - -## Step-01: Introduction -- Implement AWS ALB Host Header based Routing - -[](https://stacksimplify.com/course-images/terraform-aws-alb-host-header-based-routing-1.png) - -[](https://stacksimplify.com/course-images/terraform-aws-alb-host-header-based-routing-2.png) - -## Step-02: Error Message realted AWS ACM Certificate Limit -- Review the AWS Support Case ID 8245155801 to demonstrate the issue and resolution from AWS -- Understand about how to submit the case related to Limit Increase for ACM Certificates. -- It will take 2 to 3 days to increase the limit and resolve the issue from AWS Side so if you want to ensure that before you hit the limit, if you want to increase you can submit the ticket well in advance. -```t -Error: Error requesting certificate: LimitExceededException: Error: you have reached your limit of 20 certificates in the last year. - - on .terraform/modules/acm/main.tf line 11, in resource "aws_acm_certificate" "this": - 11: resource "aws_acm_certificate" "this" { -``` - -## Step-03: Our Options to Continue -- **Option-1:** Submit the ticket to AWS and wait till they update the ACM certificate limit -- **Option-2:** Switch to other region and continue with our course. -- This limit you can hit at any point during your next sections of the course where you exceeded 20 times of certificate creation and deletion. -- With that said knowing to run these Terraform Manifests in other region is a better option. -- I will show you the steps you can perform to switch the region using the terraform manifests if you face this issue. -- Use this folder `terraform-manifests-us-east-2` terraform manifests to create resources in us-east-2 region. -- Review `step-04` for changes we need to perform to switch regions. - -## Step-04: Terraform Configurations to change to run in US-EAST-2 Ohio Region -### Step-04-00: Update terraform.tfvars -```t -# Before -aws_region = "us-east-1" - -# After -aws_region = "us-east-2" -``` -### Step-04-01: Update vpc.auto.tfvars -```t -# Before -vpc_availability_zones = ["us-east-1a", "us-east-1b"] - -# After -vpc_availability_zones = ["us-east-2a", "us-east-2b"] -``` -### Step-04-02: Create new EC2 Key pair in region us-east-2 Ohio -- Go to Services -> EC2 -> Network & Security -> Keypairs -- **Name:** terraform-key-us-east-2 -- **File Format:** pem -- Click on **Create keypair** -- You can have the keypair name same in us-east-2 region also so that you don't need to change anything in `c9-nullresource-provisioners.tf`. Choice is yours. -- To identify the difference, i have given different name here. - -### Step-04-03: Copy newly created keypair to private-key folder -- Copy the newly created keypair `terraform-key-us-east-2.pem` to `terraform-manifests\private-key` folder - -### Step-04-04: Give permissions as chmod 400 -``` -# KeyPair Permissions -cd terraform-manifests\private-key -chmod 400 terraform-key-us-east-2.pem -``` - -### Step-04-05: Update ec2instance.auto.tfvars -```t -# Before -instance_keypair = "terraform-key" - -# After -#instance_keypair = "terraform-key" -instance_keypair = "terraform-key-us-east-2" -``` - -### Step-04-06: Update c9-nullresource-provisioners.tf -```t -# Create a Null Resource and Provisioners -resource "null_resource" "name" { - depends_on = [module.ec2_public] - # Connection Block for Provisioners to connect to EC2 Instance - connection { - type = "ssh" - host = aws_eip.bastion_eip.public_ip - user = "ec2-user" - password = "" - private_key = file("private-key/terraform-key-us-east-2.pem") - } - -## File Provisioner: Copies the terraform-key.pem file to /tmp/terraform-key-us-east-2.pem - provisioner "file" { - source = "private-key/terraform-key-us-east-2.pem" - destination = "/tmp/terraform-key-us-east-2.pem" - } -## Remote Exec Provisioner: Using remote-exec provisioner fix the private key permissions on Bastion Host - provisioner "remote-exec" { - inline = [ - "sudo chmod 400 /tmp/terraform-key-us-east-2.pem" - ] - } -## Local Exec Provisioner: local-exec provisioner (Creation-Time Provisioner - Triggered during Create Resource) - provisioner "local-exec" { - command = "echo VPC created on `date` and VPC ID: ${module.vpc.vpc_id} >> creation-time-vpc-id.txt" - working_dir = "local-exec-output-files/" - #on_failure = continue - } -``` - -## Step-05: c10-01-ALB-application-loadbalancer-variables.tf -- We will be using these variables in two places - - c10-02-ALB-application-loadbalancer.tf - - c12-route53-dnsregistration.tf -- If we are using the values in more than one place its good to variablize that value -```t -# App1 DNS Name -variable "app1_dns_name" { - description = "App1 DNS Name" -} - -# App2 DNS Name -variable "app2_dns_name" { - description = "App2 DNS Name" -} -``` -## Step-06: loadbalancer.auto.tfvars -```t -# AWS Load Balancer Variables -app1_dns_name = "app16.devopsincloud.com" -app2_dns_name = "app26.devopsincloud.com" -``` - -## Step-06: c10-02-ALB-application-loadbalancer.tf -### Step-06-01: HTTPS Listener Rule-1 -```t - conditions = [{ - host_header = { - values = [var.app1_dns_name] - } - }] -``` -### Step-06-02: HTTPS Listener Rule-2 -```t - conditions = [{ - host_header = { - values = [var.app2_dns_name] - } - }] -``` - -## Step-07: c12-route53-dnsregistration.tf -### Step-07-01: App1 DNS -```t -## Default DNS -resource "aws_route53_record" "default_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = "myapps.devopsincloud.com" - type = "A" - alias { - name = module.alb.dns_name - zone_id = module.alb.zone_id - evaluate_target_health = true - } -} - -# DNS Registration -## App1 DNS -resource "aws_route53_record" "app1_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = var.app1_dns_name - type = "A" - alias { - name = module.alb.dns_name - zone_id = module.alb.zone_id - evaluate_target_health = true - } -} -``` -### Step-07-02: App2 DNS -```t -## App2 DNS -resource "aws_route53_record" "app2_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = var.app2_dns_name - type = "A" - alias { - name = module.alb.dns_name - zone_id = module.alb.zone_id - evaluate_target_health = true - } -} -``` - -## Step-08: Execute Terraform Commands -```t -# Terraform Initialize -terraform init - -# Terraform Validate -terraform validate - -# Terraform Plan -terraform plan - -# Terraform Apply -terraform apply -auto-approve - -# Verify -Observation: -1. Verify EC2 Instances for App1 -2. Verify EC2 Instances for App2 -3. Verify Load Balancer SG - Primarily SSL 443 Rule -4. Verify ALB Listener - HTTP:80 - Should contain a redirect from HTTP to HTTPS -5. Verify ALB Listener - HTTPS:443 - Should contain 3 rules -5.1 Host Header app1.devopsincloud.com to app1-tg -5.2 Host Header app2.devopsincloud.com toto app2-tg -5.3 Fixed Response: any other errors or any other IP or valid DNS to this LB -6. Verify ALB Target Groups App1 and App2, Targets (should be healthy) -5. Verify SSL Certificate (Certificate Manager) -6. Verify Route53 DNS Record - -# Test (Domain will be different for you based on your registered domain) -# Note: All the below URLS shoud redirect from HTTP to HTTPS -# App1 -1. App1 Landing Page index.html at Root Context of App1: http://app1.devopsincloud.com -2. App1 /app1/index.html: http://app1.devopsincloud.com/app1/index.html -3. App1 /app1/metadata.html: http://app1.devopsincloud.com/app1/metadata.html -4. Failure Case: Access App2 Directory from App1 DNS: http://app1.devopsincloud.com/app2/index.html - Should return Directory not found 404 - -# App2 -1. App2 Landing Page index.html at Root Context of App1: http://app2.devopsincloud.com -2. App1 /app2/index.html: http://app1.devopsincloud.com/app2/index.html -3. App1 /app2/metadata.html: http://app1.devopsincloud.com/app2/metadata.html -4. Failure Case: Access App2 Directory from App1 DNS: http://app2.devopsincloud.com/app1/index.html - Should return Directory not found 404 -``` - -## Step-09: Clean-Up -```t -# Terraform Destroy -terraform destroy -auto-approve - -# Delete files -rm -rf .terraform* -rm -rf terraform.tfstate* -``` \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/UPGRADES.md b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/UPGRADES.md deleted file mode 100644 index dee2e829..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/UPGRADES.md +++ /dev/null @@ -1,170 +0,0 @@ -# Terraform Manifest Upgrades - - ## Step-01: c10-02-ALB-application-loadbalancer.tf -```t -# Terraform AWS Application Load Balancer (ALB) -module "alb" { - source = "terraform-aws-modules/alb/aws" - #version = "5.16.0" - version = "9.3.0" - - name = "${local.name}-alb" - load_balancer_type = "application" - vpc_id = module.vpc.vpc_id - subnets = module.vpc.public_subnets - security_groups = [module.loadbalancer_sg.security_group_id] - - # For example only - enable_deletion_protection = false - -# Listeners - listeners = { - # Listener-1: my-http-https-redirect - my-http-https-redirect = { - port = 80 - protocol = "HTTP" - redirect = { - port = "443" - protocol = "HTTPS" - status_code = "HTTP_301" - } - }# End my-http-https-redirect Listener - - # Listener-2: my-https-listener - my-https-listener = { - port = 443 - protocol = "HTTPS" - ssl_policy = "ELBSecurityPolicy-TLS13-1-2-Res-2021-06" - certificate_arn = module.acm.acm_certificate_arn - - # Fixed Response for Root Context - fixed_response = { - content_type = "text/plain" - message_body = "Fixed Static message - for Root Context" - status_code = "200" - }# End of Fixed Response - - # Load Balancer Rules - rules = { - # Rule-1: myapp1-rule - myapp1-rule = { - actions = [{ - type = "weighted-forward" - target_groups = [ - { - target_group_key = "mytg1" - weight = 1 - } - ] - stickiness = { - enabled = true - duration = 3600 - } - }] - conditions = [{ - host_header = { - values = [var.app1_dns_name] - } - }] - }# End of myapp1-rule - # Rule-2: myapp2-rule - myapp2-rule = { - actions = [{ - type = "weighted-forward" - target_groups = [ - { - target_group_key = "mytg2" - weight = 1 - } - ] - stickiness = { - enabled = true - duration = 3600 - } - }] - conditions = [{ - host_header = { - values = [var.app2_dns_name] - } - }] - }# End of myapp2-rule Block - }# End Rules Block - }# End my-https-listener Block - }# End Listeners Block - -# Target Groups - target_groups = { - # Target Group-1: mytg1 - mytg1 = { - # VERY IMPORTANT: We will create aws_lb_target_group_attachment resource separately when we use create_attachment = false, refer above GitHub issue URL. - ## Github ISSUE: https://github.com/terraform-aws-modules/terraform-aws-alb/issues/316 - ## Search for "create_attachment" to jump to that Github issue solution - create_attachment = false - name_prefix = "mytg1-" - protocol = "HTTP" - port = 80 - target_type = "instance" - deregistration_delay = 10 - load_balancing_cross_zone_enabled = false - protocol_version = "HTTP1" - health_check = { - enabled = true - interval = 30 - path = "/app1/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - protocol = "HTTP" - matcher = "200-399" - }# End of Health Check Block - tags = local.common_tags # Target Group Tags - }# END of Target Group-1: mytg1 - - # Target Group-1: mytg2 - mytg2 = { - # VERY IMPORTANT: We will create aws_lb_target_group_attachment resource separately when we use create_attachment = false, refer above GitHub issue URL. - ## Github ISSUE: https://github.com/terraform-aws-modules/terraform-aws-alb/issues/316 - ## Search for "create_attachment" to jump to that Github issue solution - create_attachment = false - name_prefix = "mytg2-" - protocol = "HTTP" - port = 80 - target_type = "instance" - deregistration_delay = 10 - load_balancing_cross_zone_enabled = false - protocol_version = "HTTP1" - health_check = { - enabled = true - interval = 30 - path = "/app2/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - protocol = "HTTP" - matcher = "200-399" - } - tags = local.common_tags # Target Group Tags - } # END of Target Group-2: mytg2 - } # END OF target_groups - tags = local.common_tags # ALB Tags -} - -# mytg1: LB Target Group Attachment -resource "aws_lb_target_group_attachment" "mytg1" { - for_each = {for k,v in module.ec2_private_app1: k => v} - target_group_arn = module.alb.target_groups["mytg1"].arn - target_id = each.value.id - port = 80 -} - -# mytg2: LB Target Group Attachment -resource "aws_lb_target_group_attachment" "mytg2" { - for_each = {for k,v in module.ec2_private_app2: k => v} - target_group_arn = module.alb.target_groups["mytg2"].arn - target_id = each.value.id - port = 80 -} - -``` diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/app1-install.sh b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/app1-install.sh deleted file mode 100644 index f697dd1d..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/app1-install.sh +++ /dev/null @@ -1,12 +0,0 @@ -#! /bin/bash -# Instance Identity Metadata Reference - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html -sudo yum update -y -sudo yum install -y httpd -sudo systemctl enable httpd -sudo service httpd start -sudo echo 'Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app1/index.html -sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app1/metadata.html - - diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/app2-install.sh b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/app2-install.sh deleted file mode 100644 index 805d4bea..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/app2-install.sh +++ /dev/null @@ -1,12 +0,0 @@ -#! /bin/bash -# Instance Identity Metadata Reference - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html -sudo yum update -y -sudo yum install -y httpd -sudo systemctl enable httpd -sudo service httpd start -sudo echo 'Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app2/index.html -sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app2/metadata.html - - diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c1-versions.tf b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c1-versions.tf deleted file mode 100644 index 7fa6c2d0..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c1-versions.tf +++ /dev/null @@ -1,24 +0,0 @@ -# Terraform Block -terraform { - required_version = ">= 1.6" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 5.0" - } - null = { - source = "hashicorp/null" - version = "~> 3.0" - } - } -} - -# Provider Block -provider "aws" { - region = var.aws_region - profile = "default" -} -/* -Note-1: AWS Credentials Profile (profile = "default") configured on your local desktop terminal -$HOME/.aws/credentials -*/ diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c10-01-ALB-application-loadbalancer-variables.tf b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c10-01-ALB-application-loadbalancer-variables.tf deleted file mode 100644 index a4c16d05..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c10-01-ALB-application-loadbalancer-variables.tf +++ /dev/null @@ -1,14 +0,0 @@ -# Terraform AWS Application Load Balancer Variables -# Place holder file for AWS ALB Variables - -# App1 DNS Name -variable "app1_dns_name" { - description = "App1 DNS Name" -} - -# App2 DNS Name -variable "app2_dns_name" { - description = "App2 DNS Name" -} - - diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c10-02-ALB-application-loadbalancer.tf b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c10-02-ALB-application-loadbalancer.tf deleted file mode 100644 index 960ed7de..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c10-02-ALB-application-loadbalancer.tf +++ /dev/null @@ -1,315 +0,0 @@ -# Terraform AWS Application Load Balancer (ALB) -## Github ISSUE: https://github.com/terraform-aws-modules/terraform-aws-alb/issues/316 -## Search for "create_attachment" to jump to that issue solution - -module "alb" { - source = "terraform-aws-modules/alb/aws" - #version = "5.16.0" - version = "9.4.0" - - name = "${local.name}-alb" - load_balancer_type = "application" - vpc_id = module.vpc.vpc_id - subnets = module.vpc.public_subnets - security_groups = [module.loadbalancer_sg.security_group_id] - - # For example only - enable_deletion_protection = false - -# Listeners - listeners = { - # Listener-1: my-http-https-redirect - my-http-https-redirect = { - port = 80 - protocol = "HTTP" - redirect = { - port = "443" - protocol = "HTTPS" - status_code = "HTTP_301" - } - } # End my-http-https-redirect Listener - - # Listener-2: my-https-listener - my-https-listener = { - port = 443 - protocol = "HTTPS" - ssl_policy = "ELBSecurityPolicy-TLS13-1-2-Res-2021-06" - certificate_arn = module.acm.acm_certificate_arn - - # Fixed Response for Root Context - fixed_response = { - content_type = "text/plain" - message_body = "Fixed Static message - for Root Context" - status_code = "200" - }# End of Fixed Response - - # Load Balancer Rules - rules = { - # Rule-1: myapp1-rule - myapp1-rule = { - actions = [{ - type = "weighted-forward" - target_groups = [ - { - target_group_key = "mytg1" - weight = 1 - } - ] - stickiness = { - enabled = true - duration = 3600 - } - }] - conditions = [{ - host_header = { - values = [var.app1_dns_name] - } - }] - },# End of myapp1-rule - # Rule-2: myapp2-rule - myapp2-rule = { - actions = [{ - type = "weighted-forward" - target_groups = [ - { - target_group_key = "mytg2" - weight = 1 - } - ] - stickiness = { - enabled = true - duration = 3600 - } - }] - conditions = [{ - host_header = { - values = [var.app2_dns_name] - } - }] - }# End of myapp2-rule Block - }# End Rules Block - }# End my-https-listener Block - }# End Listeners Block - - target_groups = { - # Target Group-1: mytg1 - mytg1 = { - # VERY IMPORTANT: We will create aws_lb_target_group_attachment resource separately when we use create_attachment = false, refer above GitHub issue URL. - ## Github ISSUE: https://github.com/terraform-aws-modules/terraform-aws-alb/issues/316 - ## Search for "create_attachment" to jump to that Github issue solution - create_attachment = false - name_prefix = "mytg1-" - protocol = "HTTP" - port = 80 - target_type = "instance" - deregistration_delay = 10 - load_balancing_cross_zone_enabled = false - protocol_version = "HTTP1" - health_check = { - enabled = true - interval = 30 - path = "/app1/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - protocol = "HTTP" - matcher = "200-399" - }# End of Health Check Block - tags = local.common_tags # Target Group Tags - }# END of Target Group-1: mytg1 - - # Target Group-1: mytg2 - mytg2 = { - # VERY IMPORTANT: We will create aws_lb_target_group_attachment resource separately when we use create_attachment = false, refer above GitHub issue URL. - ## Github ISSUE: https://github.com/terraform-aws-modules/terraform-aws-alb/issues/316 - ## Search for "create_attachment" to jump to that Github issue solution - create_attachment = false - name_prefix = "mytg2-" - protocol = "HTTP" - port = 80 - target_type = "instance" - deregistration_delay = 10 - load_balancing_cross_zone_enabled = false - protocol_version = "HTTP1" - health_check = { - enabled = true - interval = 30 - path = "/app2/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - protocol = "HTTP" - matcher = "200-399" - } - tags = local.common_tags # Target Group Tags - } # END of Target Group-2: mytg2 - } # END OF target_groups - tags = local.common_tags # ALB Tags -} - -# mytg1: LB Target Group Attachment -resource "aws_lb_target_group_attachment" "mytg1" { - for_each = {for k,v in module.ec2_private_app1: k => v} - target_group_arn = module.alb.target_groups["mytg1"].arn - target_id = each.value.id - port = 80 -} - -# mytg2: LB Target Group Attachment -resource "aws_lb_target_group_attachment" "mytg2" { - for_each = {for k,v in module.ec2_private_app2: k => v} - target_group_arn = module.alb.target_groups["mytg2"].arn - target_id = each.value.id - port = 80 -} - - - -/* -module "alb" { - source = "terraform-aws-modules/alb/aws" - version = "5.16.0" - - name = "${local.name}-alb" - load_balancer_type = "application" - vpc_id = module.vpc.vpc_id - subnets = [ - module.vpc.public_subnets[0], - module.vpc.public_subnets[1] - ] - security_groups = [module.loadbalancer_sg.this_security_group_id] - # Listeners - # HTTP Listener - HTTP to HTTPS Redirect - http_tcp_listeners = [ - { - port = 80 - protocol = "HTTP" - action_type = "redirect" - redirect = { - port = "443" - protocol = "HTTPS" - status_code = "HTTP_301" - } - } - ] - # Target Groups - target_groups = [ - # App1 Target Group - TG Index = 0 - { - name_prefix = "app1-" - backend_protocol = "HTTP" - backend_port = 80 - target_type = "instance" - deregistration_delay = 10 - health_check = { - enabled = true - interval = 30 - path = "/app1/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - protocol = "HTTP" - matcher = "200-399" - } - protocol_version = "HTTP1" - # App1 Target Group - Targets - targets = { - my_app1_vm1 = { - target_id = module.ec2_private_app1.id[0] - port = 80 - }, - my_app1_vm2 = { - target_id = module.ec2_private_app1.id[1] - port = 80 - } - } - tags =local.common_tags # Target Group Tags - }, - # App2 Target Group - TG Index = 1 - { - name_prefix = "app2-" - backend_protocol = "HTTP" - backend_port = 80 - target_type = "instance" - deregistration_delay = 10 - health_check = { - enabled = true - interval = 30 - path = "/app2/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - protocol = "HTTP" - matcher = "200-399" - } - protocol_version = "HTTP1" - # App2 Target Group - Targets - targets = { - my_app2_vm1 = { - target_id = module.ec2_private_app2.id[0] - port = 80 - }, - my_app2_vm2 = { - target_id = module.ec2_private_app2.id[1] - port = 80 - } - } - tags =local.common_tags # Target Group Tags - } - ] - - # HTTPS Listener - https_listeners = [ - # HTTPS Listener Index = 0 for HTTPS 443 - { - port = 443 - protocol = "HTTPS" - certificate_arn = module.acm.this_acm_certificate_arn - action_type = "fixed-response" - fixed_response = { - content_type = "text/plain" - message_body = "Fixed Static message - for Root Context" - status_code = "200" - } - }, - ] - - # HTTPS Listener Rules - https_listener_rules = [ - # Rule-1: app1.devopsincloud.com should go to App1 EC2 Instances - { - https_listener_index = 0 - actions = [ - { - type = "forward" - target_group_index = 0 - } - ] - conditions = [{ - #path_patterns = ["/app1*"] - host_headers = [var.app1_dns_name] - }] - }, - # Rule-2: app2.devopsincloud.com should go to App2 EC2 Instances - { - https_listener_index = 0 - actions = [ - { - type = "forward" - target_group_index = 1 - } - ] - conditions = [{ - #path_patterns = ["/app2*"] - host_headers = [var.app2_dns_name] - }] - }, - ] - - tags = local.common_tags # ALB Tags -} -*/ \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c10-03-ALB-application-loadbalancer-outputs.tf b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c10-03-ALB-application-loadbalancer-outputs.tf deleted file mode 100644 index 25387755..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c10-03-ALB-application-loadbalancer-outputs.tf +++ /dev/null @@ -1,41 +0,0 @@ -# Terraform AWS Application Load Balancer (ALB) Outputs - -output "lb_id" { - description = "The ID and ARN of the load balancer we created." - value = module.alb.id -} - -output "lb_arn" { - description = "The ID and ARN of the load balancer we created." - value = module.alb.arn -} - -output "lb_dns_name" { - description = "The DNS name of the load balancer." - value = module.alb.dns_name -} - -output "lb_arn_suffix" { - description = "ARN suffix of our load balancer - can be used with CloudWatch." - value = module.alb.arn_suffix -} - -output "lb_zone_id" { - description = "The zone_id of the load balancer to assist with creating DNS records." - value = module.alb.zone_id -} - -output "listener_rules" { - description = "Map of listeners rules created and their attributes" - value = module.alb.listener_rules -} - -output "listeners" { - description = "Map of listeners created and their attributes" - value = module.alb.listeners -} - -output "target_groups" { - description = "Map of target groups created and their attributes" - value = module.alb.target_groups -} diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c11-acm-certificatemanager.tf b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c11-acm-certificatemanager.tf deleted file mode 100644 index 26253779..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c11-acm-certificatemanager.tf +++ /dev/null @@ -1,25 +0,0 @@ -# ACM Module - To create and Verify SSL Certificates -module "acm" { - source = "terraform-aws-modules/acm/aws" - #version = "2.14.0" - version = "5.0.0" - - domain_name = trimsuffix(data.aws_route53_zone.mydomain.name, ".") - zone_id = data.aws_route53_zone.mydomain.zone_id - - subject_alternative_names = [ - "*.devopsincloud.com" - ] - tags = local.common_tags - - # Validation Method - validation_method = "DNS" - wait_for_validation = true -} - -# Output ACM Certificate ARN -output "acm_certificate_arn" { - description = "The ARN of the certificate" - value = module.acm.acm_certificate_arn -} - diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c12-route53-dnsregistration.tf b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c12-route53-dnsregistration.tf deleted file mode 100644 index c68586a9..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c12-route53-dnsregistration.tf +++ /dev/null @@ -1,37 +0,0 @@ -# DNS Registration -## Default DNS -resource "aws_route53_record" "default_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = "myapps.devopsincloud.com" - type = "A" - alias { - name = module.alb.dns_name - zone_id = module.alb.zone_id - evaluate_target_health = true - } -} - -## App1 DNS -resource "aws_route53_record" "app1_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = var.app1_dns_name - type = "A" - alias { - name = module.alb.dns_name - zone_id = module.alb.zone_id - evaluate_target_health = true - } -} - - -## App2 DNS -resource "aws_route53_record" "app2_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = var.app2_dns_name - type = "A" - alias { - name = module.alb.dns_name - zone_id = module.alb.zone_id - evaluate_target_health = true - } -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c2-generic-variables.tf b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c2-generic-variables.tf deleted file mode 100644 index c238ceaa..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c2-generic-variables.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Input Variables -# AWS Region -variable "aws_region" { - description = "Region in which AWS Resources to be created" - type = string - default = "us-east-1" -} -# Environment Variable -variable "environment" { - description = "Environment Variable used as a prefix" - type = string - default = "dev" -} -# Business Division -variable "business_divsion" { - description = "Business Division in the large organization this Infrastructure belongs" - type = string - default = "sap" -} diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c3-local-values.tf b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c3-local-values.tf deleted file mode 100644 index 9465b846..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c3-local-values.tf +++ /dev/null @@ -1,11 +0,0 @@ -# Define Local Values in Terraform -locals { - owners = var.business_divsion - environment = var.environment - name = "${var.business_divsion}-${var.environment}" - #name = "${local.owners}-${local.environment}" - common_tags = { - owners = local.owners - environment = local.environment - } -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c4-01-vpc-variables.tf b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c4-01-vpc-variables.tf deleted file mode 100644 index b68d0a48..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c4-01-vpc-variables.tf +++ /dev/null @@ -1,77 +0,0 @@ -# VPC Input Variables - -# VPC Name -variable "vpc_name" { - description = "VPC Name" - type = string - default = "myvpc" -} - -# VPC CIDR Block -variable "vpc_cidr_block" { - description = "VPC CIDR Block" - type = string - default = "10.0.0.0/16" -} - -# VPC Availability Zones -variable "vpc_availability_zones" { - description = "VPC Availability Zones" - type = list(string) - default = ["us-east-1a", "us-east-1b"] -} - -# VPC Public Subnets -variable "vpc_public_subnets" { - description = "VPC Public Subnets" - type = list(string) - default = ["10.0.101.0/24", "10.0.102.0/24"] -} - -# VPC Private Subnets -variable "vpc_private_subnets" { - description = "VPC Private Subnets" - type = list(string) - default = ["10.0.1.0/24", "10.0.2.0/24"] -} - -# VPC Database Subnets -variable "vpc_database_subnets" { - description = "VPC Database Subnets" - type = list(string) - default = ["10.0.151.0/24", "10.0.152.0/24"] -} - -# VPC Create Database Subnet Group (True / False) -variable "vpc_create_database_subnet_group" { - description = "VPC Create Database Subnet Group" - type = bool - default = true -} - -# VPC Create Database Subnet Route Table (True or False) -variable "vpc_create_database_subnet_route_table" { - description = "VPC Create Database Subnet Route Table" - type = bool - default = true -} - - -# VPC Enable NAT Gateway (True or False) -variable "vpc_enable_nat_gateway" { - description = "Enable NAT Gateways for Private Subnets Outbound Communication" - type = bool - default = true -} - -# VPC Single NAT Gateway (True or False) -variable "vpc_single_nat_gateway" { - description = "Enable only single NAT Gateway in one Availability Zone to save costs during our demos" - type = bool - default = true -} - - - - - diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c4-02-vpc-module.tf b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c4-02-vpc-module.tf deleted file mode 100644 index 967d2dcb..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c4-02-vpc-module.tf +++ /dev/null @@ -1,44 +0,0 @@ -# Create VPC Terraform Module -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - #version = "2.78.0" - #version = "~> 2.78" - version = "5.2.0" - - # VPC Basic Details - name = "${local.name}-${var.vpc_name}" - cidr = var.vpc_cidr_block - azs = var.vpc_availability_zones - public_subnets = var.vpc_public_subnets - private_subnets = var.vpc_private_subnets - - # Database Subnets - database_subnets = var.vpc_database_subnets - create_database_subnet_group = var.vpc_create_database_subnet_group - create_database_subnet_route_table = var.vpc_create_database_subnet_route_table - # create_database_internet_gateway_route = true - # create_database_nat_gateway_route = true - - # NAT Gateways - Outbound Communication - enable_nat_gateway = var.vpc_enable_nat_gateway - single_nat_gateway = var.vpc_single_nat_gateway - - # VPC DNS Parameters - enable_dns_hostnames = true - enable_dns_support = true - - - tags = local.common_tags - vpc_tags = local.common_tags - - # Additional Tags to Subnets - public_subnet_tags = { - Type = "Public Subnets" - } - private_subnet_tags = { - Type = "Private Subnets" - } - database_subnet_tags = { - Type = "Private Database Subnets" - } -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c4-03-vpc-outputs.tf b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c4-03-vpc-outputs.tf deleted file mode 100644 index c144e991..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c4-03-vpc-outputs.tf +++ /dev/null @@ -1,37 +0,0 @@ -# VPC Output Values - -# VPC ID -output "vpc_id" { - description = "The ID of the VPC" - value = module.vpc.vpc_id -} - -# VPC CIDR blocks -output "vpc_cidr_block" { - description = "The CIDR block of the VPC" - value = module.vpc.vpc_cidr_block -} - -# VPC Private Subnets -output "private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc.private_subnets -} - -# VPC Public Subnets -output "public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc.public_subnets -} - -# VPC NAT gateway Public IP -output "nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_public_ips -} - -# VPC AZs -output "azs" { - description = "A list of availability zones spefified as argument to this module" - value = module.vpc.azs -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c5-01-securitygroup-variables.tf b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c5-01-securitygroup-variables.tf deleted file mode 100644 index fecdef54..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c5-01-securitygroup-variables.tf +++ /dev/null @@ -1,2 +0,0 @@ -# AWS EC2 Security Group Terraform Variables -## Placeholder file for Variables diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c5-02-securitygroup-outputs.tf b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c5-02-securitygroup-outputs.tf deleted file mode 100644 index ca6ff040..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c5-02-securitygroup-outputs.tf +++ /dev/null @@ -1,40 +0,0 @@ -# AWS EC2 Security Group Terraform Outputs - -# Public Bastion Host Security Group Outputs -## public_bastion_sg_group_id -output "public_bastion_sg_group_id" { - description = "The ID of the security group" - value = module.public_bastion_sg.security_group_id -} - -## public_bastion_sg_group_vpc_id -output "public_bastion_sg_group_vpc_id" { - description = "The VPC ID" - value = module.public_bastion_sg.security_group_vpc_id -} - -## public_bastion_sg_group_name -output "public_bastion_sg_group_name" { - description = "The name of the security group" - value = module.public_bastion_sg.security_group_name -} - -# Private EC2 Instances Security Group Outputs -## private_sg_group_id -output "private_sg_group_id" { - description = "The ID of the security group" - value = module.private_sg.security_group_id -} - -## private_sg_group_vpc_id -output "private_sg_group_vpc_id" { - description = "The VPC ID" - value = module.private_sg.security_group_vpc_id -} - -## private_sg_group_name -output "private_sg_group_name" { - description = "The name of the security group" - value = module.private_sg.security_group_name -} - diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c5-03-securitygroup-bastionsg.tf b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c5-03-securitygroup-bastionsg.tf deleted file mode 100644 index 67f1dd30..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c5-03-securitygroup-bastionsg.tf +++ /dev/null @@ -1,17 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Public Bastion Host -module "public_bastion_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - version = "5.1.0" - - name = "public-bastion-sg" - description = "Security Group with SSH port open for everybody (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c5-04-securitygroup-privatesg.tf b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c5-04-securitygroup-privatesg.tf deleted file mode 100644 index 33dce699..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c5-04-securitygroup-privatesg.tf +++ /dev/null @@ -1,18 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Private EC2 Instances -module "private_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - version = "5.1.0" - - name = "private-sg" - description = "Security Group with HTTP & SSH port open for entire VPC Block (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp", "http-80-tcp"] - ingress_cidr_blocks = [module.vpc.vpc_cidr_block] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} - diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c5-05-securitygroup-loadbalancersg.tf b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c5-05-securitygroup-loadbalancersg.tf deleted file mode 100644 index e30ae877..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c5-05-securitygroup-loadbalancersg.tf +++ /dev/null @@ -1,29 +0,0 @@ -# Security Group for Public Load Balancer -module "loadbalancer_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - version = "5.1.0" - - name = "loadbalancer-sg" - description = "Security Group with HTTP open for entire Internet (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["http-80-tcp", "https-443-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags - - # Open to CIDRs blocks (rule or from_port+to_port+protocol+description) - ingress_with_cidr_blocks = [ - { - from_port = 81 - to_port = 81 - protocol = 6 - description = "Allow Port 81 from internet" - cidr_blocks = "0.0.0.0/0" - }, - ] -} - - diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c6-01-datasource-ami.tf b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c6-01-datasource-ami.tf deleted file mode 100644 index c292b608..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c6-01-datasource-ami.tf +++ /dev/null @@ -1,21 +0,0 @@ -# Get latest AMI ID for Amazon Linux2 OS -data "aws_ami" "amzlinux2" { - most_recent = true - owners = [ "amazon" ] - filter { - name = "name" - values = [ "amzn2-ami-hvm-*-gp2" ] - } - filter { - name = "root-device-type" - values = [ "ebs" ] - } - filter { - name = "virtualization-type" - values = [ "hvm" ] - } - filter { - name = "architecture" - values = [ "x86_64" ] - } -} diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c6-02-datasource-route53-zone.tf b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c6-02-datasource-route53-zone.tf deleted file mode 100644 index a30979d5..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c6-02-datasource-route53-zone.tf +++ /dev/null @@ -1,16 +0,0 @@ -# Get DNS information from AWS Route53 -data "aws_route53_zone" "mydomain" { - name = "devopsincloud.com" -} - -# Output MyDomain Zone ID -output "mydomain_zoneid" { - description = "The Hosted Zone id of the desired Hosted Zone" - value = data.aws_route53_zone.mydomain.zone_id -} - -# Output MyDomain name -output "mydomain_name" { - description = " The Hosted Zone name of the desired Hosted Zone." - value = data.aws_route53_zone.mydomain.name -} diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c7-01-ec2instance-variables.tf b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c7-01-ec2instance-variables.tf deleted file mode 100644 index 5067bec2..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c7-01-ec2instance-variables.tf +++ /dev/null @@ -1,23 +0,0 @@ -# AWS EC2 Instance Terraform Variables -# EC2 Instance Variables - -# AWS EC2 Instance Type -variable "instance_type" { - description = "EC2 Instance Type" - type = string - default = "t3.micro" -} - -# AWS EC2 Instance Key Pair -variable "instance_keypair" { - description = "AWS EC2 Key pair that need to be associated with EC2 Instance" - type = string - default = "terraform-key" -} - -# AWS EC2 Private Instance Count -variable "private_instance_count" { - description = "AWS EC2 Private Instances Count" - type = number - default = 1 -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c7-02-ec2instance-outputs.tf b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c7-02-ec2instance-outputs.tf deleted file mode 100644 index 039fc29e..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c7-02-ec2instance-outputs.tf +++ /dev/null @@ -1,46 +0,0 @@ -# AWS EC2 Instance Terraform Outputs -# Public EC2 Instances - Bastion Host - -## ec2_bastion_public_instance_ids -output "ec2_bastion_public_instance_ids" { - description = "EC2 instance ID" - value = module.ec2_public.id -} - -## ec2_bastion_public_ip -output "ec2_bastion_public_ip" { - description = "Public IP address EC2 instance" - value = module.ec2_public.public_ip -} - -# Private EC2 Instances - App1 -## ec2_private_instance_ids -output "ec2_private_instance_ids_app1" { - description = "List of IDs of instances" - value = [for ec2private in module.ec2_private_app1: ec2private.id ] -} - -## ec2_private_ip -output "ec2_private_ip_app1" { - description = "List of private IP addresses assigned to the instances" - value = [for ec2private in module.ec2_private_app1: ec2private.private_ip ] -} - - -# Private EC2 Instances - App2 -## ec2_private_instance_ids -output "ec2_private_instance_ids_app2" { - description = "List of IDs of instances" - value = [for ec2private in module.ec2_private_app2: ec2private.id ] -} - -## ec2_private_ip -output "ec2_private_ip_app2" { - description = "List of private IP addresses assigned to the instances" - value = [for ec2private in module.ec2_private_app2: ec2private.private_ip ] -} - - - - - diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c7-03-ec2instance-bastion.tf b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c7-03-ec2instance-bastion.tf deleted file mode 100644 index b8ddebc2..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c7-03-ec2instance-bastion.tf +++ /dev/null @@ -1,22 +0,0 @@ -# AWS EC2 Instance Terraform Module -# Bastion Host - EC2 Instance that will be created in VPC Public Subnet -module "ec2_public" { - source = "terraform-aws-modules/ec2-instance/aws" - #version = "2.17.0" - version = "5.5.0" - # insert the 10 required variables here - name = "${var.environment}-BastionHost" - #instance_count = 5 - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - subnet_id = module.vpc.public_subnets[0] - tags = local.common_tags - - # UPDATED - #vpc_security_group_ids = [module.public_bastion_sg.this_security_group_id] - vpc_security_group_ids = [module.public_bastion_sg.security_group_id] - -} - diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c7-04-ec2instance-private-app1.tf b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c7-04-ec2instance-private-app1.tf deleted file mode 100644 index 8ab37cf3..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c7-04-ec2instance-private-app1.tf +++ /dev/null @@ -1,24 +0,0 @@ -# AWS EC2 Instance Terraform Module -# EC2 Instances that will be created in VPC Private Subnets for App1 -module "ec2_private_app1" { - depends_on = [ module.vpc ] # VERY VERY IMPORTANT else userdata webserver provisioning will fail - source = "terraform-aws-modules/ec2-instance/aws" - #version = "2.17.0" - version = "5.5.0" - # insert the 10 required variables here - name = "${var.environment}-app1" - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - user_data = file("${path.module}/app1-install.sh") - tags = local.common_tags - -# Changes as part of Module version from 2.17.0 to 5.5.0 - for_each = toset(["0", "1"]) - subnet_id = element(module.vpc.private_subnets, tonumber(each.key)) - vpc_security_group_ids = [module.private_sg.security_group_id] - -} - - diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c7-05-ec2instance-private-app2.tf b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c7-05-ec2instance-private-app2.tf deleted file mode 100644 index d7861b3d..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c7-05-ec2instance-private-app2.tf +++ /dev/null @@ -1,24 +0,0 @@ -# AWS EC2 Instance Terraform Module -# EC2 Instances that will be created in VPC Private Subnets for App2 -module "ec2_private_app2" { - depends_on = [ module.vpc ] # VERY VERY IMPORTANT else userdata webserver provisioning will fail - source = "terraform-aws-modules/ec2-instance/aws" - #version = "2.17.0" - version = "5.5.0" - # insert the 10 required variables here - name = "${var.environment}-app2" - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - user_data = file("${path.module}/app2-install.sh") - tags = local.common_tags - -# Changes as part of Module version from 2.17.0 to 5.5.0 - for_each = toset(["0", "1"]) - subnet_id = element(module.vpc.private_subnets, tonumber(each.key)) - vpc_security_group_ids = [module.private_sg.security_group_id] - -} - - diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c8-elasticip.tf b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c8-elasticip.tf deleted file mode 100644 index 072ba506..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c8-elasticip.tf +++ /dev/null @@ -1,20 +0,0 @@ -# Create Elastic IP for Bastion Host -# Resource - depends_on Meta-Argument -resource "aws_eip" "bastion_eip" { - depends_on = [ module.ec2_public, module.vpc ] - tags = local.common_tags - # COMMENTED - #instance = module.ec2_public.id[0] - #vpc = true - - # UPDATED - instance = module.ec2_public.id - domain = "vpc" -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) - provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } -} diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c9-nullresource-provisioners.tf b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c9-nullresource-provisioners.tf deleted file mode 100644 index 52a5c298..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/c9-nullresource-provisioners.tf +++ /dev/null @@ -1,42 +0,0 @@ -# Create a Null Resource and Provisioners -resource "null_resource" "name" { - depends_on = [module.ec2_public] - # Connection Block for Provisioners to connect to EC2 Instance - connection { - type = "ssh" - host = aws_eip.bastion_eip.public_ip - user = "ec2-user" - password = "" - private_key = file("private-key/terraform-key-us-east-2.pem") - } - -## File Provisioner: Copies the terraform-key-us-east-2.pem file to /tmp/terraform-key-us-east-2.pem - provisioner "file" { - source = "private-key/terraform-key-us-east-2.pem" - destination = "/tmp/terraform-key-us-east-2.pem" - } -## Remote Exec Provisioner: Using remote-exec provisioner fix the private key permissions on Bastion Host - provisioner "remote-exec" { - inline = [ - "sudo chmod 400 /tmp/terraform-key-us-east-2.pem" - ] - } -## Local Exec Provisioner: local-exec provisioner (Creation-Time Provisioner - Triggered during Create Resource) - provisioner "local-exec" { - command = "echo VPC created on `date` and VPC ID: ${module.vpc.vpc_id} >> creation-time-vpc-id.txt" - working_dir = "local-exec-output-files/" - #on_failure = continue - } -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) -/* provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } - */ - -} - -# Creation Time Provisioners - By default they are created during resource creations (terraform apply) -# Destory Time Provisioners - Will be executed during "terraform destroy" command (when = destroy) \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/ec2instance.auto.tfvars b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/ec2instance.auto.tfvars deleted file mode 100644 index df21a55c..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/ec2instance.auto.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -# EC2 Instance Variables -instance_type = "t3.micro" -instance_keypair = "terraform-key-us-east-2" -private_instance_count = 2 diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/loadbalancer.auto.tfvars b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/loadbalancer.auto.tfvars deleted file mode 100644 index 0784e098..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/loadbalancer.auto.tfvars +++ /dev/null @@ -1,3 +0,0 @@ -# AWS Load Balancer Variables -app1_dns_name = "app1.devopsincloud.com" -app2_dns_name = "app2.devopsincloud.com" \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/local-exec-output-files/creation-time-vpc-id.txt b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/local-exec-output-files/creation-time-vpc-id.txt deleted file mode 100644 index 033e4b0e..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/local-exec-output-files/creation-time-vpc-id.txt +++ /dev/null @@ -1,9 +0,0 @@ -VPC created on Tue Apr 20 13:59:45 IST 2021 and VPC ID: vpc-0325dc1acd7eec103 -VPC created on Tue Apr 20 15:38:18 IST 2021 and VPC ID: vpc-0ada4f674de70b568 -VPC created on Thu Apr 22 11:41:49 IST 2021 and VPC ID: vpc-0ad139001a6b52da6 -VPC created on Thu Apr 22 14:12:55 IST 2021 and VPC ID: vpc-0230b618d0cd954ba -VPC created on Thu Apr 22 14:37:23 IST 2021 and VPC ID: vpc-033920cf9b2dcd7fa -VPC created on Fri Apr 23 10:23:25 IST 2021 and VPC ID: vpc-07f56cbdaa0491e20 -VPC created on Tue Apr 27 08:26:43 IST 2021 and VPC ID: vpc-01c5c36461f11275d -VPC created on Wed Nov 29 11:26:59 IST 2023 and VPC ID: vpc-0cff9239afb6f3b13 -VPC created on Wed Nov 29 13:06:02 IST 2023 and VPC ID: vpc-0ae5161bdffa490b4 diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/local-exec-output-files/destroy-time-prov.txt b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/local-exec-output-files/destroy-time-prov.txt deleted file mode 100644 index 6cda3051..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/local-exec-output-files/destroy-time-prov.txt +++ /dev/null @@ -1,9 +0,0 @@ -Destroy time prov Tue Apr 20 14:11:11 IST 2021 -Destroy time prov Tue Apr 20 15:47:43 IST 2021 -Destroy time prov Thu Apr 22 12:11:35 IST 2021 -Destroy time prov Thu Apr 22 14:24:56 IST 2021 -Destroy time prov Thu Apr 22 14:49:18 IST 2021 -Destroy time prov Fri Apr 23 10:32:44 IST 2021 -Destroy time prov Tue Apr 27 08:41:33 IST 2021 -Destroy time prov Wed Nov 29 11:34:45 IST 2023 -Destroy time prov Wed Nov 29 13:09:08 IST 2023 diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/private-key/terraform-key-us-east-2.pem b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/private-key/terraform-key-us-east-2.pem deleted file mode 100644 index fa1c3685..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/private-key/terraform-key-us-east-2.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAm3BeIK0SgPAv+tu5Dcts5G6lbTwB0QrrGbCFGV5k9Yn35f8F -RoAVBqyFHjrcye7ZRYnrIbT4bzQKVwPz+AcNUj2Y+keXcAsB0v39C1VH2VieUCIr -rmHRggrzvI8P/cdzmuXuSwr38CfBC1BXhqPfrTJSEEqok1S2Rw78GW7S4e/OSEc/ -3p4dkNpVv3pTP3Ygq5DYVeLROq50LPF5NHmllnC0V9vlhFyPI5qMycJj3rx0HYYT -BCRF+TY7WyBYaH/EqCR37vajuzTYFrPhtPUoP3ryWEr0+OaMJzLW5IS4KNV7GkL9 -ceyPa9iW1E6J8B1hvT3+nOIUZhhZIXIXZbin+wIDAQABAoIBACHwDc0qnKCkUIWA -Fc5qPPM/KUVJVcgzjxND1DuuvXJS1lpULO2wp2aWolXwWiaIzM1/CGSKo7d78EoB -ZfIgcAslwdHbcbgX3yUXKXmg/Bf7Xk12uHzRhLHU/FSOE9rAAoCudTHTSkEYHPEA -cKvH+d1R4FMISfgpBcdMAUT4Snjj0NH11uFW37QtrAKziZKEeA1eU/mP4a9OL6qj -XGIaJeL5flhiNVqz9HPnY6fc3wUF2TBcMy+OBxt7VKFXtE8M06FhRn2MJyyE5tsp -ulfgJ5Y3bp1k5WFD4mmNt/97YopF5hA+3GXZlGtziZMrxjRS3j9EPVMhc7UkGdyf -Yd9NwcECgYEAyxTPUN1B5JU5u4Ki1qO8NrY8ESOA2rqRmd1wRHgsTN7iKPCD5890 -7BO8DosX7QJ6EBaxvtCAsP5mMMK4plAeh/UIn48TxnY1jgUds99R5goYM760S/in -3kLWMlqOxPjfthrmJ29tR2gQh3FK2N16hdMT5HTaHO90h9esrmnMAFsCgYEAw/Fr -7oThVGQIFGhTFvOa89rYjk5QFeVAfehT5/CWabYMFC5sTUTQLeW9MDNQS+ydKkDg -0yjUQEaAPwoKq2iQa8RJIRYKCEjzIn41mGGtpRo6IqYMnlXLSgR90gOKPyhwIwd3 -8mzytUqcsTbxax4sqXXLMtbPirZaRKvO/aB0iOECgYATvr45eonBk9C9LoJupBTU -rPtCH1WT7rfhYepcfeKwxqrumBP7IeyYV4LdVyDIZok/rzUw/EzG6LU+4G/bm8ac -KXLhMKQXk765RD4TEw9/clPQFCarjE2mCpGQ68Ud2aTGq+7cvrS9UJzqzlUcqMwU -3uT8PXBHh/ColIuxmY/AKQKBgGgVjWzlX0DR5kzY4hJWEyCoRtLJHNeUsP5w9GlH -rs62qpHp2xPskt1epXG+QFAkf5QbZJImpSEDkkpqTiKhZ94nJWWS7H9cKPNQsa2h -bXk/hlQzeo59KoDGBAQUZ1KHa5Hf/MJlR0QwPy4P7owlOjpGXUtDOnoHxcmmrkyh -+GVhAoGAQ6nIU1Nyw8PQmjfkgSu3mD56vFHUzO9lsjZOBgYXtDbdoQxaMoYpHKym -dmelrGzz/S60dQH+OpgqLOVARIk/z65wxKsxV+mDerUQZTEV/LkrA3+za2VxKS7L -7U5oa2lurCbiA8vyJPVEK92cTky/73keL5e9JxmDaHeiQEVr9Zw= ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/private-key/terraform-key.pem b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/private-key/terraform-key.pem deleted file mode 100644 index fab1eb2a..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/private-key/terraform-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAnzQtbXStFNU4znotckbPpAbQvymSYBvIRhObDObmhZLzs/Qm -lm57HBU18NcdAeEmKjHyu/2CI4Wwor3TJ+LTKHIldHmCt+26dSN5889Km99Af674 -nuPg9fTt8IXhY83aO0AeEnFivC+lk9+6Xezv7J7Llsmyx3kvUGE4uUEPNPuNcjdU -OrSlQ/Th9FPWBsTL8wLQCfQaPIQhZT8fXnvNGViTpZ/YqcoKGmkXcMl/+Pi0Xccs -ID3Egl18sV5uWr6T1DSMqhhwWYbl+IagZYUeKQ6Lg5znAtnX2/OHhDep6pGcf+aE -jbRkhQWgfLIVYhNXkAGxdxBEA2fQO0wvnaKI6wIDAQABAoIBABmUZqApmQ253LDA -TMEJw58VQUEVyuEKVbl8uPLvvqZDoEiPuAt/oOQ4PDyAM7bzmBA7ikbOSrSubF0Z -pu3HsinTfVUjmO84kTb1Bkk4S0KUMmbRlDzjXGfofLqiqD5C+wd+G9bWxQh7l10V -G3qv8TTRpuCJc+I9BG8jz9tkKq9WYtnGKXktVIAmEXK+ein8A5yj+szV1CyP0y6Y -6D1KApk+o1hLEXCBxaK6JgD4elJWgU0jCIhRFZzae93yozNIfJc2WZfPc8Ro6GBa -8H57q3E241P7S65VewhZlln9AUcRFYc587ohcCIW8mOWQ8NA3IMP+oVxa2p334Ll -duhR2jECgYEAyf7a1/+/c82B+ENyo53Y5CK2UM28oOJjiyCaWG2Dxj6V2+ZSXPrS -YTo43L9XiqT0Ry2eHjb4pJDsEeW5FnaDFO6NVUP+vfzaqWtozQmVAl3GQybbSh6g -+KJoEQff2Obadp9ZVhLFTiBedvGqPD43hs7jtmk5RfMjpLOvidfe+/UCgYEAycSJ -etYYHMMQm2NgX1/4dcbgOiu33N+x1H7LaXuvJMaZw0wB7fUyu65CAexEanDtiKs3 -jVG4tAzdMmHg7VxKR7eiCvQaSlxdWdcWtL2eFVq2TaQeowbpJUtsR0h6W0vpaN9A -VYW/oAH4fzQskwmWSlBMxB/Ie14hBCBckTXSRV8CgYEAql6WXpCK/jVbZfYdfvrn -sKPGeijM7DWGGBaLmAHmnxKyeyKsXVgAkZj11NpeD8ZJcq97Kajb1pGVSxMjJVsX -/FOoST5sYfoew76gSi/GypQlYQYo9z8WLh9s/tBRcTRlFqAYTYzPdbG/ezshhmZD -lyRw0620bNdCPOyBJhY5MPECgYA/3tFOazuSz0UQi3LUfkLetagBghlf+AgJJmIp -8BdPYvcF1ae+tiHrO4x1o188+qaW3uxk9fusM25KJqXXPaHd9gl7wi4YYAjFCcuM -R4IlbGPNTCjOnr9rKOcL4aup/uvSYOmyqPYyJq2NRuzdVumWeLj0VMNYGkIFVmE3 -LnxzrQKBgG5loEjdSKt40YOMXtYvUYUKDGvWgoQEb0hj3OqiBXz+w4YD3/iX7dbQ -qra1gCxE42Z9beiBiti6zi6zGcoVj/pfNUoyxTLMSwaytbF+g1u6ksXcmC9PXcmk -kJDR0DJcm/rcL8tp3PKo22GDB7sobm9gk5je6y8z+dQs3SQbWzb0 ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/terraform.tfvars b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/terraform.tfvars deleted file mode 100644 index 7cf12278..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/terraform.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# Generic Variables -aws_region = "us-east-2" -environment = "stag" -business_divsion = "hr" - - - - - - - diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/vpc.auto.tfvars b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/vpc.auto.tfvars deleted file mode 100644 index a13b996a..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests-us-east-2/vpc.auto.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# VPC Variables -vpc_name = "myvpc" -vpc_cidr_block = "10.0.0.0/16" -vpc_availability_zones = ["us-east-2a", "us-east-2b"] -vpc_public_subnets = ["10.0.101.0/24", "10.0.102.0/24"] -vpc_private_subnets = ["10.0.1.0/24", "10.0.2.0/24"] -vpc_database_subnets= ["10.0.151.0/24", "10.0.152.0/24"] -vpc_create_database_subnet_group = true -vpc_create_database_subnet_route_table = true -vpc_enable_nat_gateway = true -vpc_single_nat_gateway = true \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/app1-install.sh b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/app1-install.sh deleted file mode 100644 index f697dd1d..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/app1-install.sh +++ /dev/null @@ -1,12 +0,0 @@ -#! /bin/bash -# Instance Identity Metadata Reference - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html -sudo yum update -y -sudo yum install -y httpd -sudo systemctl enable httpd -sudo service httpd start -sudo echo 'Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app1/index.html -sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app1/metadata.html - - diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/app2-install.sh b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/app2-install.sh deleted file mode 100644 index 805d4bea..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/app2-install.sh +++ /dev/null @@ -1,12 +0,0 @@ -#! /bin/bash -# Instance Identity Metadata Reference - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html -sudo yum update -y -sudo yum install -y httpd -sudo systemctl enable httpd -sudo service httpd start -sudo echo 'Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app2/index.html -sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app2/metadata.html - - diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c1-versions.tf b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c1-versions.tf deleted file mode 100644 index 7fa6c2d0..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c1-versions.tf +++ /dev/null @@ -1,24 +0,0 @@ -# Terraform Block -terraform { - required_version = ">= 1.6" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 5.0" - } - null = { - source = "hashicorp/null" - version = "~> 3.0" - } - } -} - -# Provider Block -provider "aws" { - region = var.aws_region - profile = "default" -} -/* -Note-1: AWS Credentials Profile (profile = "default") configured on your local desktop terminal -$HOME/.aws/credentials -*/ diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf deleted file mode 100644 index a4c16d05..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf +++ /dev/null @@ -1,14 +0,0 @@ -# Terraform AWS Application Load Balancer Variables -# Place holder file for AWS ALB Variables - -# App1 DNS Name -variable "app1_dns_name" { - description = "App1 DNS Name" -} - -# App2 DNS Name -variable "app2_dns_name" { - description = "App2 DNS Name" -} - - diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c10-02-ALB-application-loadbalancer.tf b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c10-02-ALB-application-loadbalancer.tf deleted file mode 100644 index 6b4623e2..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c10-02-ALB-application-loadbalancer.tf +++ /dev/null @@ -1,165 +0,0 @@ -# Terraform AWS Application Load Balancer (ALB) -module "alb" { - source = "terraform-aws-modules/alb/aws" - #version = "5.16.0" - version = "9.4.0" - - name = "${local.name}-alb" - load_balancer_type = "application" - vpc_id = module.vpc.vpc_id - subnets = module.vpc.public_subnets - security_groups = [module.loadbalancer_sg.security_group_id] - - # For example only - enable_deletion_protection = false - -# Listeners - listeners = { - # Listener-1: my-http-https-redirect - my-http-https-redirect = { - port = 80 - protocol = "HTTP" - redirect = { - port = "443" - protocol = "HTTPS" - status_code = "HTTP_301" - } - }# End my-http-https-redirect Listener - - # Listener-2: my-https-listener - my-https-listener = { - port = 443 - protocol = "HTTPS" - ssl_policy = "ELBSecurityPolicy-TLS13-1-2-Res-2021-06" - certificate_arn = module.acm.acm_certificate_arn - - # Fixed Response for Root Context - fixed_response = { - content_type = "text/plain" - message_body = "Fixed Static message - for Root Context" - status_code = "200" - }# End of Fixed Response - - # Load Balancer Rules - rules = { - # Rule-1: myapp1-rule - myapp1-rule = { - actions = [{ - type = "weighted-forward" - target_groups = [ - { - target_group_key = "mytg1" - weight = 1 - } - ] - stickiness = { - enabled = true - duration = 3600 - } - }] - conditions = [{ - host_header = { - values = [var.app1_dns_name] - } - }] - }# End of myapp1-rule - # Rule-2: myapp2-rule - myapp2-rule = { - actions = [{ - type = "weighted-forward" - target_groups = [ - { - target_group_key = "mytg2" - weight = 1 - } - ] - stickiness = { - enabled = true - duration = 3600 - } - }] - conditions = [{ - host_header = { - values = [var.app2_dns_name] - } - }] - }# End of myapp2-rule Block - }# End Rules Block - }# End my-https-listener Block - }# End Listeners Block - -# Target Groups - target_groups = { - # Target Group-1: mytg1 - mytg1 = { - # VERY IMPORTANT: We will create aws_lb_target_group_attachment resource separately when we use create_attachment = false, refer above GitHub issue URL. - ## Github ISSUE: https://github.com/terraform-aws-modules/terraform-aws-alb/issues/316 - ## Search for "create_attachment" to jump to that Github issue solution - create_attachment = false - name_prefix = "mytg1-" - protocol = "HTTP" - port = 80 - target_type = "instance" - deregistration_delay = 10 - load_balancing_cross_zone_enabled = false - protocol_version = "HTTP1" - health_check = { - enabled = true - interval = 30 - path = "/app1/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - protocol = "HTTP" - matcher = "200-399" - }# End of Health Check Block - tags = local.common_tags # Target Group Tags - }# END of Target Group-1: mytg1 - - # Target Group-1: mytg2 - mytg2 = { - # VERY IMPORTANT: We will create aws_lb_target_group_attachment resource separately when we use create_attachment = false, refer above GitHub issue URL. - ## Github ISSUE: https://github.com/terraform-aws-modules/terraform-aws-alb/issues/316 - ## Search for "create_attachment" to jump to that Github issue solution - create_attachment = false - name_prefix = "mytg2-" - protocol = "HTTP" - port = 80 - target_type = "instance" - deregistration_delay = 10 - load_balancing_cross_zone_enabled = false - protocol_version = "HTTP1" - health_check = { - enabled = true - interval = 30 - path = "/app2/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - protocol = "HTTP" - matcher = "200-399" - } - tags = local.common_tags # Target Group Tags - } # END of Target Group-2: mytg2 - } # END OF target_groups - tags = local.common_tags # ALB Tags -} - -# mytg1: LB Target Group Attachment -resource "aws_lb_target_group_attachment" "mytg1" { - for_each = {for k,v in module.ec2_private_app1: k => v} - target_group_arn = module.alb.target_groups["mytg1"].arn - target_id = each.value.id - port = 80 -} - -# mytg2: LB Target Group Attachment -resource "aws_lb_target_group_attachment" "mytg2" { - for_each = {for k,v in module.ec2_private_app2: k => v} - target_group_arn = module.alb.target_groups["mytg2"].arn - target_id = each.value.id - port = 80 -} - diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf deleted file mode 100644 index 25387755..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf +++ /dev/null @@ -1,41 +0,0 @@ -# Terraform AWS Application Load Balancer (ALB) Outputs - -output "lb_id" { - description = "The ID and ARN of the load balancer we created." - value = module.alb.id -} - -output "lb_arn" { - description = "The ID and ARN of the load balancer we created." - value = module.alb.arn -} - -output "lb_dns_name" { - description = "The DNS name of the load balancer." - value = module.alb.dns_name -} - -output "lb_arn_suffix" { - description = "ARN suffix of our load balancer - can be used with CloudWatch." - value = module.alb.arn_suffix -} - -output "lb_zone_id" { - description = "The zone_id of the load balancer to assist with creating DNS records." - value = module.alb.zone_id -} - -output "listener_rules" { - description = "Map of listeners rules created and their attributes" - value = module.alb.listener_rules -} - -output "listeners" { - description = "Map of listeners created and their attributes" - value = module.alb.listeners -} - -output "target_groups" { - description = "Map of target groups created and their attributes" - value = module.alb.target_groups -} diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c11-acm-certificatemanager.tf b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c11-acm-certificatemanager.tf deleted file mode 100644 index 26253779..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c11-acm-certificatemanager.tf +++ /dev/null @@ -1,25 +0,0 @@ -# ACM Module - To create and Verify SSL Certificates -module "acm" { - source = "terraform-aws-modules/acm/aws" - #version = "2.14.0" - version = "5.0.0" - - domain_name = trimsuffix(data.aws_route53_zone.mydomain.name, ".") - zone_id = data.aws_route53_zone.mydomain.zone_id - - subject_alternative_names = [ - "*.devopsincloud.com" - ] - tags = local.common_tags - - # Validation Method - validation_method = "DNS" - wait_for_validation = true -} - -# Output ACM Certificate ARN -output "acm_certificate_arn" { - description = "The ARN of the certificate" - value = module.acm.acm_certificate_arn -} - diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c12-route53-dnsregistration.tf b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c12-route53-dnsregistration.tf deleted file mode 100644 index c68586a9..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c12-route53-dnsregistration.tf +++ /dev/null @@ -1,37 +0,0 @@ -# DNS Registration -## Default DNS -resource "aws_route53_record" "default_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = "myapps.devopsincloud.com" - type = "A" - alias { - name = module.alb.dns_name - zone_id = module.alb.zone_id - evaluate_target_health = true - } -} - -## App1 DNS -resource "aws_route53_record" "app1_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = var.app1_dns_name - type = "A" - alias { - name = module.alb.dns_name - zone_id = module.alb.zone_id - evaluate_target_health = true - } -} - - -## App2 DNS -resource "aws_route53_record" "app2_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = var.app2_dns_name - type = "A" - alias { - name = module.alb.dns_name - zone_id = module.alb.zone_id - evaluate_target_health = true - } -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c2-generic-variables.tf b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c2-generic-variables.tf deleted file mode 100644 index c238ceaa..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c2-generic-variables.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Input Variables -# AWS Region -variable "aws_region" { - description = "Region in which AWS Resources to be created" - type = string - default = "us-east-1" -} -# Environment Variable -variable "environment" { - description = "Environment Variable used as a prefix" - type = string - default = "dev" -} -# Business Division -variable "business_divsion" { - description = "Business Division in the large organization this Infrastructure belongs" - type = string - default = "sap" -} diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c3-local-values.tf b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c3-local-values.tf deleted file mode 100644 index 9465b846..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c3-local-values.tf +++ /dev/null @@ -1,11 +0,0 @@ -# Define Local Values in Terraform -locals { - owners = var.business_divsion - environment = var.environment - name = "${var.business_divsion}-${var.environment}" - #name = "${local.owners}-${local.environment}" - common_tags = { - owners = local.owners - environment = local.environment - } -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c4-01-vpc-variables.tf b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c4-01-vpc-variables.tf deleted file mode 100644 index b68d0a48..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c4-01-vpc-variables.tf +++ /dev/null @@ -1,77 +0,0 @@ -# VPC Input Variables - -# VPC Name -variable "vpc_name" { - description = "VPC Name" - type = string - default = "myvpc" -} - -# VPC CIDR Block -variable "vpc_cidr_block" { - description = "VPC CIDR Block" - type = string - default = "10.0.0.0/16" -} - -# VPC Availability Zones -variable "vpc_availability_zones" { - description = "VPC Availability Zones" - type = list(string) - default = ["us-east-1a", "us-east-1b"] -} - -# VPC Public Subnets -variable "vpc_public_subnets" { - description = "VPC Public Subnets" - type = list(string) - default = ["10.0.101.0/24", "10.0.102.0/24"] -} - -# VPC Private Subnets -variable "vpc_private_subnets" { - description = "VPC Private Subnets" - type = list(string) - default = ["10.0.1.0/24", "10.0.2.0/24"] -} - -# VPC Database Subnets -variable "vpc_database_subnets" { - description = "VPC Database Subnets" - type = list(string) - default = ["10.0.151.0/24", "10.0.152.0/24"] -} - -# VPC Create Database Subnet Group (True / False) -variable "vpc_create_database_subnet_group" { - description = "VPC Create Database Subnet Group" - type = bool - default = true -} - -# VPC Create Database Subnet Route Table (True or False) -variable "vpc_create_database_subnet_route_table" { - description = "VPC Create Database Subnet Route Table" - type = bool - default = true -} - - -# VPC Enable NAT Gateway (True or False) -variable "vpc_enable_nat_gateway" { - description = "Enable NAT Gateways for Private Subnets Outbound Communication" - type = bool - default = true -} - -# VPC Single NAT Gateway (True or False) -variable "vpc_single_nat_gateway" { - description = "Enable only single NAT Gateway in one Availability Zone to save costs during our demos" - type = bool - default = true -} - - - - - diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c4-02-vpc-module.tf b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c4-02-vpc-module.tf deleted file mode 100644 index 967d2dcb..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c4-02-vpc-module.tf +++ /dev/null @@ -1,44 +0,0 @@ -# Create VPC Terraform Module -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - #version = "2.78.0" - #version = "~> 2.78" - version = "5.2.0" - - # VPC Basic Details - name = "${local.name}-${var.vpc_name}" - cidr = var.vpc_cidr_block - azs = var.vpc_availability_zones - public_subnets = var.vpc_public_subnets - private_subnets = var.vpc_private_subnets - - # Database Subnets - database_subnets = var.vpc_database_subnets - create_database_subnet_group = var.vpc_create_database_subnet_group - create_database_subnet_route_table = var.vpc_create_database_subnet_route_table - # create_database_internet_gateway_route = true - # create_database_nat_gateway_route = true - - # NAT Gateways - Outbound Communication - enable_nat_gateway = var.vpc_enable_nat_gateway - single_nat_gateway = var.vpc_single_nat_gateway - - # VPC DNS Parameters - enable_dns_hostnames = true - enable_dns_support = true - - - tags = local.common_tags - vpc_tags = local.common_tags - - # Additional Tags to Subnets - public_subnet_tags = { - Type = "Public Subnets" - } - private_subnet_tags = { - Type = "Private Subnets" - } - database_subnet_tags = { - Type = "Private Database Subnets" - } -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c4-03-vpc-outputs.tf b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c4-03-vpc-outputs.tf deleted file mode 100644 index c144e991..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c4-03-vpc-outputs.tf +++ /dev/null @@ -1,37 +0,0 @@ -# VPC Output Values - -# VPC ID -output "vpc_id" { - description = "The ID of the VPC" - value = module.vpc.vpc_id -} - -# VPC CIDR blocks -output "vpc_cidr_block" { - description = "The CIDR block of the VPC" - value = module.vpc.vpc_cidr_block -} - -# VPC Private Subnets -output "private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc.private_subnets -} - -# VPC Public Subnets -output "public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc.public_subnets -} - -# VPC NAT gateway Public IP -output "nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_public_ips -} - -# VPC AZs -output "azs" { - description = "A list of availability zones spefified as argument to this module" - value = module.vpc.azs -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c5-01-securitygroup-variables.tf b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c5-01-securitygroup-variables.tf deleted file mode 100644 index fecdef54..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c5-01-securitygroup-variables.tf +++ /dev/null @@ -1,2 +0,0 @@ -# AWS EC2 Security Group Terraform Variables -## Placeholder file for Variables diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c5-02-securitygroup-outputs.tf b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c5-02-securitygroup-outputs.tf deleted file mode 100644 index ca6ff040..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c5-02-securitygroup-outputs.tf +++ /dev/null @@ -1,40 +0,0 @@ -# AWS EC2 Security Group Terraform Outputs - -# Public Bastion Host Security Group Outputs -## public_bastion_sg_group_id -output "public_bastion_sg_group_id" { - description = "The ID of the security group" - value = module.public_bastion_sg.security_group_id -} - -## public_bastion_sg_group_vpc_id -output "public_bastion_sg_group_vpc_id" { - description = "The VPC ID" - value = module.public_bastion_sg.security_group_vpc_id -} - -## public_bastion_sg_group_name -output "public_bastion_sg_group_name" { - description = "The name of the security group" - value = module.public_bastion_sg.security_group_name -} - -# Private EC2 Instances Security Group Outputs -## private_sg_group_id -output "private_sg_group_id" { - description = "The ID of the security group" - value = module.private_sg.security_group_id -} - -## private_sg_group_vpc_id -output "private_sg_group_vpc_id" { - description = "The VPC ID" - value = module.private_sg.security_group_vpc_id -} - -## private_sg_group_name -output "private_sg_group_name" { - description = "The name of the security group" - value = module.private_sg.security_group_name -} - diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c5-03-securitygroup-bastionsg.tf b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c5-03-securitygroup-bastionsg.tf deleted file mode 100644 index 67f1dd30..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c5-03-securitygroup-bastionsg.tf +++ /dev/null @@ -1,17 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Public Bastion Host -module "public_bastion_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - version = "5.1.0" - - name = "public-bastion-sg" - description = "Security Group with SSH port open for everybody (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c5-04-securitygroup-privatesg.tf b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c5-04-securitygroup-privatesg.tf deleted file mode 100644 index 33dce699..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c5-04-securitygroup-privatesg.tf +++ /dev/null @@ -1,18 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Private EC2 Instances -module "private_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - version = "5.1.0" - - name = "private-sg" - description = "Security Group with HTTP & SSH port open for entire VPC Block (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp", "http-80-tcp"] - ingress_cidr_blocks = [module.vpc.vpc_cidr_block] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} - diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf deleted file mode 100644 index e30ae877..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf +++ /dev/null @@ -1,29 +0,0 @@ -# Security Group for Public Load Balancer -module "loadbalancer_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - version = "5.1.0" - - name = "loadbalancer-sg" - description = "Security Group with HTTP open for entire Internet (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["http-80-tcp", "https-443-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags - - # Open to CIDRs blocks (rule or from_port+to_port+protocol+description) - ingress_with_cidr_blocks = [ - { - from_port = 81 - to_port = 81 - protocol = 6 - description = "Allow Port 81 from internet" - cidr_blocks = "0.0.0.0/0" - }, - ] -} - - diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c6-01-datasource-ami.tf b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c6-01-datasource-ami.tf deleted file mode 100644 index c292b608..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c6-01-datasource-ami.tf +++ /dev/null @@ -1,21 +0,0 @@ -# Get latest AMI ID for Amazon Linux2 OS -data "aws_ami" "amzlinux2" { - most_recent = true - owners = [ "amazon" ] - filter { - name = "name" - values = [ "amzn2-ami-hvm-*-gp2" ] - } - filter { - name = "root-device-type" - values = [ "ebs" ] - } - filter { - name = "virtualization-type" - values = [ "hvm" ] - } - filter { - name = "architecture" - values = [ "x86_64" ] - } -} diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c6-02-datasource-route53-zone.tf b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c6-02-datasource-route53-zone.tf deleted file mode 100644 index a30979d5..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c6-02-datasource-route53-zone.tf +++ /dev/null @@ -1,16 +0,0 @@ -# Get DNS information from AWS Route53 -data "aws_route53_zone" "mydomain" { - name = "devopsincloud.com" -} - -# Output MyDomain Zone ID -output "mydomain_zoneid" { - description = "The Hosted Zone id of the desired Hosted Zone" - value = data.aws_route53_zone.mydomain.zone_id -} - -# Output MyDomain name -output "mydomain_name" { - description = " The Hosted Zone name of the desired Hosted Zone." - value = data.aws_route53_zone.mydomain.name -} diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c7-01-ec2instance-variables.tf b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c7-01-ec2instance-variables.tf deleted file mode 100644 index 5067bec2..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c7-01-ec2instance-variables.tf +++ /dev/null @@ -1,23 +0,0 @@ -# AWS EC2 Instance Terraform Variables -# EC2 Instance Variables - -# AWS EC2 Instance Type -variable "instance_type" { - description = "EC2 Instance Type" - type = string - default = "t3.micro" -} - -# AWS EC2 Instance Key Pair -variable "instance_keypair" { - description = "AWS EC2 Key pair that need to be associated with EC2 Instance" - type = string - default = "terraform-key" -} - -# AWS EC2 Private Instance Count -variable "private_instance_count" { - description = "AWS EC2 Private Instances Count" - type = number - default = 1 -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c7-02-ec2instance-outputs.tf b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c7-02-ec2instance-outputs.tf deleted file mode 100644 index 039fc29e..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c7-02-ec2instance-outputs.tf +++ /dev/null @@ -1,46 +0,0 @@ -# AWS EC2 Instance Terraform Outputs -# Public EC2 Instances - Bastion Host - -## ec2_bastion_public_instance_ids -output "ec2_bastion_public_instance_ids" { - description = "EC2 instance ID" - value = module.ec2_public.id -} - -## ec2_bastion_public_ip -output "ec2_bastion_public_ip" { - description = "Public IP address EC2 instance" - value = module.ec2_public.public_ip -} - -# Private EC2 Instances - App1 -## ec2_private_instance_ids -output "ec2_private_instance_ids_app1" { - description = "List of IDs of instances" - value = [for ec2private in module.ec2_private_app1: ec2private.id ] -} - -## ec2_private_ip -output "ec2_private_ip_app1" { - description = "List of private IP addresses assigned to the instances" - value = [for ec2private in module.ec2_private_app1: ec2private.private_ip ] -} - - -# Private EC2 Instances - App2 -## ec2_private_instance_ids -output "ec2_private_instance_ids_app2" { - description = "List of IDs of instances" - value = [for ec2private in module.ec2_private_app2: ec2private.id ] -} - -## ec2_private_ip -output "ec2_private_ip_app2" { - description = "List of private IP addresses assigned to the instances" - value = [for ec2private in module.ec2_private_app2: ec2private.private_ip ] -} - - - - - diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c7-03-ec2instance-bastion.tf b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c7-03-ec2instance-bastion.tf deleted file mode 100644 index b8ddebc2..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c7-03-ec2instance-bastion.tf +++ /dev/null @@ -1,22 +0,0 @@ -# AWS EC2 Instance Terraform Module -# Bastion Host - EC2 Instance that will be created in VPC Public Subnet -module "ec2_public" { - source = "terraform-aws-modules/ec2-instance/aws" - #version = "2.17.0" - version = "5.5.0" - # insert the 10 required variables here - name = "${var.environment}-BastionHost" - #instance_count = 5 - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - subnet_id = module.vpc.public_subnets[0] - tags = local.common_tags - - # UPDATED - #vpc_security_group_ids = [module.public_bastion_sg.this_security_group_id] - vpc_security_group_ids = [module.public_bastion_sg.security_group_id] - -} - diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c7-04-ec2instance-private-app1.tf b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c7-04-ec2instance-private-app1.tf deleted file mode 100644 index 8ab37cf3..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c7-04-ec2instance-private-app1.tf +++ /dev/null @@ -1,24 +0,0 @@ -# AWS EC2 Instance Terraform Module -# EC2 Instances that will be created in VPC Private Subnets for App1 -module "ec2_private_app1" { - depends_on = [ module.vpc ] # VERY VERY IMPORTANT else userdata webserver provisioning will fail - source = "terraform-aws-modules/ec2-instance/aws" - #version = "2.17.0" - version = "5.5.0" - # insert the 10 required variables here - name = "${var.environment}-app1" - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - user_data = file("${path.module}/app1-install.sh") - tags = local.common_tags - -# Changes as part of Module version from 2.17.0 to 5.5.0 - for_each = toset(["0", "1"]) - subnet_id = element(module.vpc.private_subnets, tonumber(each.key)) - vpc_security_group_ids = [module.private_sg.security_group_id] - -} - - diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c7-05-ec2instance-private-app2.tf b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c7-05-ec2instance-private-app2.tf deleted file mode 100644 index d7861b3d..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c7-05-ec2instance-private-app2.tf +++ /dev/null @@ -1,24 +0,0 @@ -# AWS EC2 Instance Terraform Module -# EC2 Instances that will be created in VPC Private Subnets for App2 -module "ec2_private_app2" { - depends_on = [ module.vpc ] # VERY VERY IMPORTANT else userdata webserver provisioning will fail - source = "terraform-aws-modules/ec2-instance/aws" - #version = "2.17.0" - version = "5.5.0" - # insert the 10 required variables here - name = "${var.environment}-app2" - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - user_data = file("${path.module}/app2-install.sh") - tags = local.common_tags - -# Changes as part of Module version from 2.17.0 to 5.5.0 - for_each = toset(["0", "1"]) - subnet_id = element(module.vpc.private_subnets, tonumber(each.key)) - vpc_security_group_ids = [module.private_sg.security_group_id] - -} - - diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c8-elasticip.tf b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c8-elasticip.tf deleted file mode 100644 index 072ba506..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c8-elasticip.tf +++ /dev/null @@ -1,20 +0,0 @@ -# Create Elastic IP for Bastion Host -# Resource - depends_on Meta-Argument -resource "aws_eip" "bastion_eip" { - depends_on = [ module.ec2_public, module.vpc ] - tags = local.common_tags - # COMMENTED - #instance = module.ec2_public.id[0] - #vpc = true - - # UPDATED - instance = module.ec2_public.id - domain = "vpc" -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) - provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } -} diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c9-nullresource-provisioners.tf b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c9-nullresource-provisioners.tf deleted file mode 100644 index c9a1d2a8..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/c9-nullresource-provisioners.tf +++ /dev/null @@ -1,42 +0,0 @@ -# Create a Null Resource and Provisioners -resource "null_resource" "name" { - depends_on = [module.ec2_public] - # Connection Block for Provisioners to connect to EC2 Instance - connection { - type = "ssh" - host = aws_eip.bastion_eip.public_ip - user = "ec2-user" - password = "" - private_key = file("private-key/terraform-key.pem") - } - -## File Provisioner: Copies the terraform-key.pem file to /tmp/terraform-key-us-east-2.pem - provisioner "file" { - source = "private-key/terraform-key.pem" - destination = "/tmp/terraform-key.pem" - } -## Remote Exec Provisioner: Using remote-exec provisioner fix the private key permissions on Bastion Host - provisioner "remote-exec" { - inline = [ - "sudo chmod 400 /tmp/terraform-key.pem" - ] - } -## Local Exec Provisioner: local-exec provisioner (Creation-Time Provisioner - Triggered during Create Resource) - provisioner "local-exec" { - command = "echo VPC created on `date` and VPC ID: ${module.vpc.vpc_id} >> creation-time-vpc-id.txt" - working_dir = "local-exec-output-files/" - #on_failure = continue - } -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) -/* provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } - */ - -} - -# Creation Time Provisioners - By default they are created during resource creations (terraform apply) -# Destory Time Provisioners - Will be executed during "terraform destroy" command (when = destroy) \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/ec2instance.auto.tfvars b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/ec2instance.auto.tfvars deleted file mode 100644 index 2d1c0446..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/ec2instance.auto.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -# EC2 Instance Variables -instance_type = "t3.micro" -instance_keypair = "terraform-key" -private_instance_count = 2 diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/loadbalancer.auto.tfvars b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/loadbalancer.auto.tfvars deleted file mode 100644 index 0784e098..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/loadbalancer.auto.tfvars +++ /dev/null @@ -1,3 +0,0 @@ -# AWS Load Balancer Variables -app1_dns_name = "app1.devopsincloud.com" -app2_dns_name = "app2.devopsincloud.com" \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt deleted file mode 100644 index 8cf63014..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt +++ /dev/null @@ -1,8 +0,0 @@ -VPC created on Tue Apr 20 13:59:45 IST 2021 and VPC ID: vpc-0325dc1acd7eec103 -VPC created on Tue Apr 20 15:38:18 IST 2021 and VPC ID: vpc-0ada4f674de70b568 -VPC created on Thu Apr 22 11:41:49 IST 2021 and VPC ID: vpc-0ad139001a6b52da6 -VPC created on Thu Apr 22 14:12:55 IST 2021 and VPC ID: vpc-0230b618d0cd954ba -VPC created on Thu Apr 22 14:37:23 IST 2021 and VPC ID: vpc-033920cf9b2dcd7fa -VPC created on Fri Apr 23 10:23:25 IST 2021 and VPC ID: vpc-07f56cbdaa0491e20 -VPC created on Tue Apr 27 08:26:43 IST 2021 and VPC ID: vpc-01c5c36461f11275d -VPC created on Wed Nov 29 11:26:59 IST 2023 and VPC ID: vpc-0cff9239afb6f3b13 diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/local-exec-output-files/destroy-time-prov.txt b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/local-exec-output-files/destroy-time-prov.txt deleted file mode 100644 index 624b9271..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/local-exec-output-files/destroy-time-prov.txt +++ /dev/null @@ -1,8 +0,0 @@ -Destroy time prov Tue Apr 20 14:11:11 IST 2021 -Destroy time prov Tue Apr 20 15:47:43 IST 2021 -Destroy time prov Thu Apr 22 12:11:35 IST 2021 -Destroy time prov Thu Apr 22 14:24:56 IST 2021 -Destroy time prov Thu Apr 22 14:49:18 IST 2021 -Destroy time prov Fri Apr 23 10:32:44 IST 2021 -Destroy time prov Tue Apr 27 08:41:33 IST 2021 -Destroy time prov Wed Nov 29 11:34:45 IST 2023 diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/private-key/terraform-key-us-east-2.pem b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/private-key/terraform-key-us-east-2.pem deleted file mode 100644 index fa1c3685..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/private-key/terraform-key-us-east-2.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAm3BeIK0SgPAv+tu5Dcts5G6lbTwB0QrrGbCFGV5k9Yn35f8F -RoAVBqyFHjrcye7ZRYnrIbT4bzQKVwPz+AcNUj2Y+keXcAsB0v39C1VH2VieUCIr -rmHRggrzvI8P/cdzmuXuSwr38CfBC1BXhqPfrTJSEEqok1S2Rw78GW7S4e/OSEc/ -3p4dkNpVv3pTP3Ygq5DYVeLROq50LPF5NHmllnC0V9vlhFyPI5qMycJj3rx0HYYT -BCRF+TY7WyBYaH/EqCR37vajuzTYFrPhtPUoP3ryWEr0+OaMJzLW5IS4KNV7GkL9 -ceyPa9iW1E6J8B1hvT3+nOIUZhhZIXIXZbin+wIDAQABAoIBACHwDc0qnKCkUIWA -Fc5qPPM/KUVJVcgzjxND1DuuvXJS1lpULO2wp2aWolXwWiaIzM1/CGSKo7d78EoB -ZfIgcAslwdHbcbgX3yUXKXmg/Bf7Xk12uHzRhLHU/FSOE9rAAoCudTHTSkEYHPEA -cKvH+d1R4FMISfgpBcdMAUT4Snjj0NH11uFW37QtrAKziZKEeA1eU/mP4a9OL6qj -XGIaJeL5flhiNVqz9HPnY6fc3wUF2TBcMy+OBxt7VKFXtE8M06FhRn2MJyyE5tsp -ulfgJ5Y3bp1k5WFD4mmNt/97YopF5hA+3GXZlGtziZMrxjRS3j9EPVMhc7UkGdyf -Yd9NwcECgYEAyxTPUN1B5JU5u4Ki1qO8NrY8ESOA2rqRmd1wRHgsTN7iKPCD5890 -7BO8DosX7QJ6EBaxvtCAsP5mMMK4plAeh/UIn48TxnY1jgUds99R5goYM760S/in -3kLWMlqOxPjfthrmJ29tR2gQh3FK2N16hdMT5HTaHO90h9esrmnMAFsCgYEAw/Fr -7oThVGQIFGhTFvOa89rYjk5QFeVAfehT5/CWabYMFC5sTUTQLeW9MDNQS+ydKkDg -0yjUQEaAPwoKq2iQa8RJIRYKCEjzIn41mGGtpRo6IqYMnlXLSgR90gOKPyhwIwd3 -8mzytUqcsTbxax4sqXXLMtbPirZaRKvO/aB0iOECgYATvr45eonBk9C9LoJupBTU -rPtCH1WT7rfhYepcfeKwxqrumBP7IeyYV4LdVyDIZok/rzUw/EzG6LU+4G/bm8ac -KXLhMKQXk765RD4TEw9/clPQFCarjE2mCpGQ68Ud2aTGq+7cvrS9UJzqzlUcqMwU -3uT8PXBHh/ColIuxmY/AKQKBgGgVjWzlX0DR5kzY4hJWEyCoRtLJHNeUsP5w9GlH -rs62qpHp2xPskt1epXG+QFAkf5QbZJImpSEDkkpqTiKhZ94nJWWS7H9cKPNQsa2h -bXk/hlQzeo59KoDGBAQUZ1KHa5Hf/MJlR0QwPy4P7owlOjpGXUtDOnoHxcmmrkyh -+GVhAoGAQ6nIU1Nyw8PQmjfkgSu3mD56vFHUzO9lsjZOBgYXtDbdoQxaMoYpHKym -dmelrGzz/S60dQH+OpgqLOVARIk/z65wxKsxV+mDerUQZTEV/LkrA3+za2VxKS7L -7U5oa2lurCbiA8vyJPVEK92cTky/73keL5e9JxmDaHeiQEVr9Zw= ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/private-key/terraform-key.pem b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/private-key/terraform-key.pem deleted file mode 100644 index fab1eb2a..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/private-key/terraform-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAnzQtbXStFNU4znotckbPpAbQvymSYBvIRhObDObmhZLzs/Qm -lm57HBU18NcdAeEmKjHyu/2CI4Wwor3TJ+LTKHIldHmCt+26dSN5889Km99Af674 -nuPg9fTt8IXhY83aO0AeEnFivC+lk9+6Xezv7J7Llsmyx3kvUGE4uUEPNPuNcjdU -OrSlQ/Th9FPWBsTL8wLQCfQaPIQhZT8fXnvNGViTpZ/YqcoKGmkXcMl/+Pi0Xccs -ID3Egl18sV5uWr6T1DSMqhhwWYbl+IagZYUeKQ6Lg5znAtnX2/OHhDep6pGcf+aE -jbRkhQWgfLIVYhNXkAGxdxBEA2fQO0wvnaKI6wIDAQABAoIBABmUZqApmQ253LDA -TMEJw58VQUEVyuEKVbl8uPLvvqZDoEiPuAt/oOQ4PDyAM7bzmBA7ikbOSrSubF0Z -pu3HsinTfVUjmO84kTb1Bkk4S0KUMmbRlDzjXGfofLqiqD5C+wd+G9bWxQh7l10V -G3qv8TTRpuCJc+I9BG8jz9tkKq9WYtnGKXktVIAmEXK+ein8A5yj+szV1CyP0y6Y -6D1KApk+o1hLEXCBxaK6JgD4elJWgU0jCIhRFZzae93yozNIfJc2WZfPc8Ro6GBa -8H57q3E241P7S65VewhZlln9AUcRFYc587ohcCIW8mOWQ8NA3IMP+oVxa2p334Ll -duhR2jECgYEAyf7a1/+/c82B+ENyo53Y5CK2UM28oOJjiyCaWG2Dxj6V2+ZSXPrS -YTo43L9XiqT0Ry2eHjb4pJDsEeW5FnaDFO6NVUP+vfzaqWtozQmVAl3GQybbSh6g -+KJoEQff2Obadp9ZVhLFTiBedvGqPD43hs7jtmk5RfMjpLOvidfe+/UCgYEAycSJ -etYYHMMQm2NgX1/4dcbgOiu33N+x1H7LaXuvJMaZw0wB7fUyu65CAexEanDtiKs3 -jVG4tAzdMmHg7VxKR7eiCvQaSlxdWdcWtL2eFVq2TaQeowbpJUtsR0h6W0vpaN9A -VYW/oAH4fzQskwmWSlBMxB/Ie14hBCBckTXSRV8CgYEAql6WXpCK/jVbZfYdfvrn -sKPGeijM7DWGGBaLmAHmnxKyeyKsXVgAkZj11NpeD8ZJcq97Kajb1pGVSxMjJVsX -/FOoST5sYfoew76gSi/GypQlYQYo9z8WLh9s/tBRcTRlFqAYTYzPdbG/ezshhmZD -lyRw0620bNdCPOyBJhY5MPECgYA/3tFOazuSz0UQi3LUfkLetagBghlf+AgJJmIp -8BdPYvcF1ae+tiHrO4x1o188+qaW3uxk9fusM25KJqXXPaHd9gl7wi4YYAjFCcuM -R4IlbGPNTCjOnr9rKOcL4aup/uvSYOmyqPYyJq2NRuzdVumWeLj0VMNYGkIFVmE3 -LnxzrQKBgG5loEjdSKt40YOMXtYvUYUKDGvWgoQEb0hj3OqiBXz+w4YD3/iX7dbQ -qra1gCxE42Z9beiBiti6zi6zGcoVj/pfNUoyxTLMSwaytbF+g1u6ksXcmC9PXcmk -kJDR0DJcm/rcL8tp3PKo22GDB7sobm9gk5je6y8z+dQs3SQbWzb0 ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/terraform.tfvars b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/terraform.tfvars deleted file mode 100644 index 8b9f8d7c..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/terraform.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# Generic Variables -aws_region = "us-east-1" -environment = "stag" -business_divsion = "hr" - - - - - - - diff --git a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/vpc.auto.tfvars b/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/vpc.auto.tfvars deleted file mode 100644 index fc45bf29..00000000 --- a/V1-UPDATES-DEC2023/11-ALB-Host-Header-Based-Routing/terraform-manifests/vpc.auto.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# VPC Variables -vpc_name = "myvpc" -vpc_cidr_block = "10.0.0.0/16" -vpc_availability_zones = ["us-east-1a", "us-east-1b"] -vpc_public_subnets = ["10.0.101.0/24", "10.0.102.0/24"] -vpc_private_subnets = ["10.0.1.0/24", "10.0.2.0/24"] -vpc_database_subnets= ["10.0.151.0/24", "10.0.152.0/24"] -vpc_create_database_subnet_group = true -vpc_create_database_subnet_route_table = true -vpc_enable_nat_gateway = true -vpc_single_nat_gateway = true \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/README-old.md b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/README-old.md deleted file mode 100644 index 98ab8322..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/README-old.md +++ /dev/null @@ -1,295 +0,0 @@ ---- -title: AWS ALB Different Listener Rules for Routing -description: Create AWS Application Load Balancer Custom HTTP Header, 302 Redirects with Query String and Host Headers ---- -# AWS ALB Query String, Host Header Redirects and Custom Header Routing - -## Pre-requisites -- You need a Registered Domain in AWS Route53 to implement this usecase -- Copy your `terraform-key.pem` file to `terraform-manifests/private-key` folder - -## Step-01: Introduction -- We are going to implement four AWS ALB Application HTTPS Listener Rules -- Rule-1 and Rule-2 will outline the Custom HTTP Header based Routing -- Rule-3 and Rule-4 will outline the HTTP Redirect using Query String and Host Header based rules -- **Rule-1:** custom-header=my-app-1 should go to App1 EC2 Instances -- **Rule-2:** custom-header=my-app-2 should go to App2 EC2 Instances -- **Rule-3:** When Query-String, website=aws-eks redirect to https://stacksimplify.com/aws-eks/ -- **Rule-4:** When Host Header = azure-aks.devopsincloud.com, redirect to https://stacksimplify. - -- Understand about Priority feature for Rules `priority = 2` - -[](https://stacksimplify.com/course-images/terraform-aws-alb-custom-header-routing-redirects302-querystring-1.png) - -[](https://stacksimplify.com/course-images/terraform-aws-alb-custom-header-routing-redirects302-querystring-2.png) - -## Step-02: c10-02-ALB-application-loadbalancer.tf -- Define different HTTPS Listener Rules for ALB Load Balancer -### Step-02-01: Rule-1: Custom Header Rule for App-1 -- Rule-1: custom-header=my-app-1 should go to App1 EC2 Instances -```t - # Rule-1: custom-header=my-app-1 should go to App1 EC2 Instances - { - https_listener_index = 0 - priority = 1 - actions = [ - { - type = "forward" - target_group_index = 0 - } - ] - conditions = [{ - #path_patterns = ["/app1*"] - #host_headers = [var.app1_dns_name] - http_headers = [{ - http_header_name = "custom-header" - values = ["app-1", "app1", "my-app-1"] - }] - }] - }, -``` -### Step-02-02: Rule-2: Custom Header Rule for App-1 -- Rule-2: custom-header=my-app-2 should go to App2 EC2 Instances -```t - # Rule-2: custom-header=my-app-2 should go to App2 EC2 Instances - { - https_listener_index = 0 - priority = 2 - actions = [ - { - type = "forward" - target_group_index = 1 - } - ] - conditions = [{ - #path_patterns = ["/app2*"] - #host_headers = [var.app2_dns_name] - http_headers = [{ - http_header_name = "custom-header" - values = ["app-2", "app2", "my-app-2"] - }] - }] - }, -``` -### Step-02-03: Rule-3: Query String Redirect -- Rule-3: When Query-String, website=aws-eks redirect to https://stacksimplify.com/aws-eks/ -```t - # Rule-3: When Query-String, website=aws-eks redirect to https://stacksimplify.com/aws-eks/ - { - https_listener_index = 0 - priority = 3 - actions = [{ - type = "redirect" - status_code = "HTTP_302" - host = "stacksimplify.com" - path = "/aws-eks/" - query = "" - protocol = "HTTPS" - }] - conditions = [{ - query_strings = [{ - key = "website" - value = "aws-eks" - }] - }] - }, -``` -### Step-02-04: Rule-4: Host Header Redirect -- Rule-4: When Host Header = azure-aks.devopsincloud.com, redirect to https://stacksimplify.com/azure-aks/azure-kubernetes-service-introduction/ -```t - # Rule-4: When Host Header = azure-aks.devopsincloud.com, redirect to https://stacksimplify.com/azure-aks/azure-kubernetes-service-introduction/ - { - https_listener_index = 0 - priority = 4 - actions = [{ - type = "redirect" - status_code = "HTTP_302" - host = "stacksimplify.com" - path = "/azure-aks/azure-kubernetes-service-introduction/" - query = "" - protocol = "HTTPS" - }] - conditions = [{ - host_headers = ["azure-aks11.devopsincloud.com"] - }] - }, -``` - -## Step-03: c12-route53-dnsregistration.tf -```t -# DNS Registration -## Default DNS -resource "aws_route53_record" "default_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = "myapps11.devopsincloud.com" - type = "A" - alias { - name = module.alb.this_lb_dns_name - zone_id = module.alb.this_lb_zone_id - evaluate_target_health = true - } -} - -## Testing Host Header - Redirect to External Site from ALB HTTPS Listener Rules -resource "aws_route53_record" "app1_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = "azure-aks11.devopsincloud.com" - type = "A" - alias { - name = module.alb.this_lb_dns_name - zone_id = module.alb.this_lb_zone_id - evaluate_target_health = true - } -} -``` -## Step-04: Terraform ALB Module v6.0.0 Changes -### Step-04-01: c10-02-ALB-application-loadbalancer.tf -```t -# Before - version = "5.16.0" - -# After - version = "6.0.0" -``` -### Step-04-02: c10-03-ALB-application-loadbalancer-outputs.tf -- [ALB Outpus Reference](https://github.com/terraform-aws-modules/terraform-aws-alb/blob/v6.0.0/examples/complete-alb/outputs.tf) -- `this_` is removed from few of the outputs of ALB Module -- So we can use the latest `outputs` from this section onwards -- Update `c10-03-ALB-application-loadbalancer-outputs.tf` with latest outputs -```t -output "lb_id" { - description = "The ID and ARN of the load balancer we created." - value = module.alb.lb_id -} - -output "lb_arn" { - description = "The ID and ARN of the load balancer we created." - value = module.alb.lb_arn -} - -output "lb_dns_name" { - description = "The DNS name of the load balancer." - value = module.alb.lb_dns_name -} - -output "lb_arn_suffix" { - description = "ARN suffix of our load balancer - can be used with CloudWatch." - value = module.alb.lb_arn_suffix -} - -output "lb_zone_id" { - description = "The zone_id of the load balancer to assist with creating DNS records." - value = module.alb.lb_zone_id -} - -output "http_tcp_listener_arns" { - description = "The ARN of the TCP and HTTP load balancer listeners created." - value = module.alb.http_tcp_listener_arns -} - -output "http_tcp_listener_ids" { - description = "The IDs of the TCP and HTTP load balancer listeners created." - value = module.alb.http_tcp_listener_ids -} - -output "https_listener_arns" { - description = "The ARNs of the HTTPS load balancer listeners created." - value = module.alb.https_listener_arns -} - -output "https_listener_ids" { - description = "The IDs of the load balancer listeners created." - value = module.alb.https_listener_ids -} - -output "target_group_arns" { - description = "ARNs of the target groups. Useful for passing to your Auto Scaling group." - value = module.alb.target_group_arns -} - -output "target_group_arn_suffixes" { - description = "ARN suffixes of our target groups - can be used with CloudWatch." - value = module.alb.target_group_arn_suffixes -} - -output "target_group_names" { - description = "Name of the target group. Useful for passing to your CodeDeploy Deployment Group." - value = module.alb.target_group_names -} - -output "target_group_attachments" { - description = "ARNs of the target group attachment IDs." - value = module.alb.target_group_attachments -} -``` - -### Step-04-03: c12-route53-dnsregistration.tf -```t -# Before - name = module.alb.this_lb_dns_name - zone_id = module.alb.this_lb_zone_id - -# After - name = module.alb.lb_dns_name - zone_id = module.alb.lb_zone_id -``` - - -## Step-05: Execute Terraform Commands -```t -# Terraform Initialize -terraform init - -# Terraform Validate -terraform validate - -# Terraform Plan -terraform plan - -# Terrform Apply -terraform apply -auto-approve -``` - -## Step-06: Verify HTTP Header Based Routing (Rule-1 and Rule-2) -- Rest Clinets we can use -- https://restninja.io/ -- https://www.webtools.services/online-rest-api-client -- https://reqbin.com/ -```t -# Verify Rule-1 and Rule-2 -https://myapps.devopsincloud.com -custom-header = my-app-1 - Should get the page from App1 -custom-header = my-app-2 - Should get the page from App2 -``` - -## Step-07: Verify Rule-3 -- When Query-String, website=aws-eks redirect to https://stacksimplify.com/aws-eks/ -```t -# Verify Rule-3 -https://myapps.devopsincloud.com/?website=aws-eks -Observation: -1. Should Redirect to https://stacksimplify.com/aws-eks/ -``` - -## Step-08: Verify Rule-4 -- When Host Header = azure-aks.devopsincloud.com, redirect to https://stacksimplify.com/azure-aks/azure-kubernetes-service-introduction/ -```t -# Verify Rule-4 -http://azure-aks.devopsincloud.com -Observation: -1. Should redirect to https://stacksimplify.com/azure-aks/azure-kubernetes-service-introduction/ -``` - -## Step-09: Clean-Up -```t -# Destroy Resources -terraform destroy -auto-approve - -# Delete Files -rm -rf .terraform* -rm -rf terraform.tfstate -``` - - -## References -- [Terraform AWS ALB](https://github.com/terraform-aws-modules/terraform-aws-alb) diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/README.md b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/README.md deleted file mode 100644 index 0b31ee59..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/README.md +++ /dev/null @@ -1,215 +0,0 @@ ---- -title: AWS ALB Different Listener Rules for Routing -description: Create AWS Application Load Balancer Custom HTTP Header, 302 Redirects with Query String and Host Headers ---- -# AWS ALB Query String, Host Header Redirects and Custom Header Routing - -## Pre-requisites -- You need a Registered Domain in AWS Route53 to implement this usecase -- Copy your `terraform-key.pem` file to `terraform-manifests/private-key` folder - -## Step-01: Introduction -- We are going to implement four AWS ALB Application HTTPS Listener Rules -- Rule-1 and Rule-2 will outline the Custom HTTP Header based Routing -- Rule-3 and Rule-4 will outline the HTTP Redirect using Query String and Host Header based rules -- **Rule-1:** custom-header=my-app-1 should go to App1 EC2 Instances -- **Rule-2:** custom-header=my-app-2 should go to App2 EC2 Instances -- **Rule-3:** When Query-String, website=aws-eks redirect to https://stacksimplify.com/aws-eks/ -- **Rule-4:** When Host Header = azure-aks.devopsincloud.com, redirect to https://stacksimplify. - -- Understand about Priority feature for Rules `priority = 2` - -[](https://stacksimplify.com/course-images/terraform-aws-alb-custom-header-routing-redirects302-querystring-1.png) - -[](https://stacksimplify.com/course-images/terraform-aws-alb-custom-header-routing-redirects302-querystring-2.png) - -## Step-02: c10-02-ALB-application-loadbalancer.tf -- Define different HTTPS Listener Rules for ALB Load Balancer -### Step-02-01: Rule-1: Custom Header Rule for App-1 -- Rule-1: custom-header=my-app-1 should go to App1 EC2 Instances -```t - # Rule-1: myapp1-rule - custom-header=my-app-1 should go to App1 EC2 Instances - myapp1-rule = { - priority = 1 - actions = [{ - type = "weighted-forward" - target_groups = [ - { - target_group_key = "mytg1" - weight = 1 - } - ] - stickiness = { - enabled = true - duration = 3600 - } - }] - conditions = [{ - http_header = { - http_header_name = "custom-header" - values = ["app-1", "app1", "my-app-1"] - } - }] - }# End of myapp1-rule -``` -### Step-02-02: Rule-2: Custom Header Rule for App-1 -- Rule-2: custom-header=my-app-2 should go to App2 EC2 Instances -```t - # Rule-2: myapp2-rule - custom-header=my-app-2 should go to App2 EC2 Instances - myapp2-rule = { - priority = 2 - actions = [{ - type = "weighted-forward" - target_groups = [ - { - target_group_key = "mytg2" - weight = 1 - } - ] - stickiness = { - enabled = true - duration = 3600 - } - }] - conditions = [{ - http_header = { - http_header_name = "custom-header" - values = ["app-2", "app2", "my-app-2"] - } - }] - }# End of myapp2-rule Block - -``` -### Step-02-03: Rule-3: Query String Redirect -- Rule-3: When Query-String, website=aws-eks redirect to https://stacksimplify.com/aws-eks/ -```t - # Rule-3: When Query-String, website=aws-eks redirect to https://stacksimplify.com/aws-eks/ - # Rule-3: Query String Redirect Redirect Rule - my-redirect-query = { - priority = 3 - actions = [{ - type = "redirect" - status_code = "HTTP_302" - host = "stacksimplify.com" - path = "/aws-eks/" - query = "" - protocol = "HTTPS" - }] - - conditions = [{ - query_string = { - key = "website" - value = "aws-eks" - } - }] - }# End of Rule-3 Query String Redirect Redirect Rule -``` -### Step-02-04: Rule-4: Host Header Redirect -- Rule-4: When Host Header = azure-aks.devopsincloud.com, redirect to https://stacksimplify.com/azure-aks/azure-kubernetes-service-introduction/ -```t - # Rule-4: When Host Header = azure-aks.devopsincloud.com, redirect to https://stacksimplify.com/azure-aks/azure-kubernetes-service-introduction/ - # Rule-4: Host Header Redirect - my-redirect-hh = { - priority = 4 - actions = [{ - type = "redirect" - status_code = "HTTP_302" - host = "stacksimplify.com" - path = "/azure-aks/azure-kubernetes-service-introduction/" - query = "" - protocol = "HTTPS" - }] - - conditions = [{ - host_header = { - values = ["azure-aks11.devopsincloud.com"] - } - }] - }# Rule-4: Host Header Redirect -``` - -## Step-03: c12-route53-dnsregistration.tf -```t -# DNS Registration -## Default DNS -resource "aws_route53_record" "default_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = "myapps11.devopsincloud.com" - type = "A" - alias { - name = module.alb.dns_name - zone_id = module.alb.zone_id - evaluate_target_health = true - } -} - -## Testing Host Header - Redirect to External Site from ALB HTTPS Listener Rules -resource "aws_route53_record" "app1_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = "azure-aks11.devopsincloud.com" - type = "A" - alias { - name = module.alb.dns_name - zone_id = module.alb.zone_id - evaluate_target_health = true - } -} -``` -## Step-04: Execute Terraform Commands -```t -# Terraform Initialize -terraform init - -# Terraform Validate -terraform validate - -# Terraform Plan -terraform plan - -# Terrform Apply -terraform apply -auto-approve -``` - -## Step-06: Verify HTTP Header Based Routing (Rule-1 and Rule-2) -- Rest Clinets we can use -- https://restninja.io/ -- https://www.webtools.services/online-rest-api-client -- https://reqbin.com/ -```t -# Verify Rule-1 and Rule-2 -https://myapps.devopsincloud.com -custom-header = my-app-1 - Should get the page from App1 -custom-header = my-app-2 - Should get the page from App2 -``` - -## Step-07: Verify Rule-3 -- When Query-String, website=aws-eks redirect to https://stacksimplify.com/aws-eks/ -```t -# Verify Rule-3 -https://myapps.devopsincloud.com/?website=aws-eks -Observation: -1. Should Redirect to https://stacksimplify.com/aws-eks/ -``` - -## Step-08: Verify Rule-4 -- When Host Header = azure-aks.devopsincloud.com, redirect to https://stacksimplify.com/azure-aks/azure-kubernetes-service-introduction/ -```t -# Verify Rule-4 -http://azure-aks.devopsincloud.com -Observation: -1. Should redirect to https://stacksimplify.com/azure-aks/azure-kubernetes-service-introduction/ -``` - -## Step-09: Clean-Up -```t -# Destroy Resources -terraform destroy -auto-approve - -# Delete Files -rm -rf .terraform* -rm -rf terraform.tfstate -``` - - -## References -- [Terraform AWS ALB](https://github.com/terraform-aws-modules/terraform-aws-alb) diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/UPGRADES.md b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/UPGRADES.md deleted file mode 100644 index a4403462..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/UPGRADES.md +++ /dev/null @@ -1,210 +0,0 @@ -# Terraform Manifest Upgrades -## Step-01: c10-02-ALB-application-loadbalancer.tf -```t -# Terraform AWS Application Load Balancer (ALB) -module "alb" { - source = "terraform-aws-modules/alb/aws" - #version = "5.16.0" - version = "9.2.0" - - name = "${local.name}-alb" - load_balancer_type = "application" - vpc_id = module.vpc.vpc_id - subnets = module.vpc.public_subnets - security_groups = [module.loadbalancer_sg.security_group_id] - - # For example only - enable_deletion_protection = false - -# Listeners - listeners = { - # Listener-1: my-http-https-redirect - my-http-https-redirect = { - port = 80 - protocol = "HTTP" - redirect = { - port = "443" - protocol = "HTTPS" - status_code = "HTTP_301" - } - }# End my-http-https-redirect Listener - - # Listener-2: my-https-listener - my-https-listener = { - port = 443 - protocol = "HTTPS" - ssl_policy = "ELBSecurityPolicy-TLS13-1-2-Res-2021-06" - certificate_arn = module.acm.acm_certificate_arn - - # Fixed Response for Root Context - fixed_response = { - content_type = "text/plain" - message_body = "Fixed Static message - for Root Context" - status_code = "200" - }# End of Fixed Response - - # Load Balancer Rules - rules = { - # Rule-1: myapp1-rule - myapp1-rule = { - priority = 1 - actions = [{ - type = "weighted-forward" - target_groups = [ - { - target_group_key = "mytg1" - weight = 1 - } - ] - stickiness = { - enabled = true - duration = 3600 - } - }] - conditions = [{ - http_header = { - http_header_name = "custom-header" - values = ["app-1", "app1", "my-app-1"] - } - }] - }# End of myapp1-rule - # Rule-2: myapp2-rule - myapp2-rule = { - priority = 2 - actions = [{ - type = "weighted-forward" - target_groups = [ - { - target_group_key = "mytg2" - weight = 1 - } - ] - stickiness = { - enabled = true - duration = 3600 - } - }] - conditions = [{ - http_header = { - http_header_name = "custom-header" - values = ["app-2", "app2", "my-app-2"] - } - }] - }# End of myapp2-rule Block - - # Rule-3: Query String Redirect Redirect Rule - my-redirect-query = { - priority = 3 - actions = [{ - type = "redirect" - status_code = "HTTP_302" - host = "stacksimplify.com" - path = "/aws-eks/" - query = "" - protocol = "HTTPS" - }] - - conditions = [{ - query_string = { - key = "website" - value = "aws-eks" - } - }] - }# End of Rule-3 Query String Redirect Redirect Rule - # Rule-4: Host Header Redirect - my-redirect-hh = { - priority = 4 - actions = [{ - type = "redirect" - status_code = "HTTP_302" - host = "stacksimplify.com" - path = "/azure-aks/azure-kubernetes-service-introduction/" - query = "" - protocol = "HTTPS" - }] - - conditions = [{ - host_header = { - values = ["azure-aks11.devopsincloud.com"] - } - }] - }# Rule-4: Host Header Redirect - }# End Rules - }# End Listener-2: my-https-listener - }# End Listeners - -# Target Groups - target_groups = { - # Target Group-1: mytg1 - mytg1 = { - # VERY IMPORTANT: We will create aws_lb_target_group_attachment resource separately when we use create_attachment = false, refer above GitHub issue URL. - ## Github ISSUE: https://github.com/terraform-aws-modules/terraform-aws-alb/issues/316 - ## Search for "create_attachment" to jump to that Github issue solution - create_attachment = false - name_prefix = "mytg1-" - protocol = "HTTP" - port = 80 - target_type = "instance" - deregistration_delay = 10 - load_balancing_cross_zone_enabled = false - protocol_version = "HTTP1" - health_check = { - enabled = true - interval = 30 - path = "/app1/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - protocol = "HTTP" - matcher = "200-399" - }# End of Health Check Block - tags = local.common_tags # Target Group Tags - }# END of Target Group-1: mytg1 - - # Target Group-1: mytg2 - mytg2 = { - # VERY IMPORTANT: We will create aws_lb_target_group_attachment resource separately when we use create_attachment = false, refer above GitHub issue URL. - ## Github ISSUE: https://github.com/terraform-aws-modules/terraform-aws-alb/issues/316 - ## Search for "create_attachment" to jump to that Github issue solution - create_attachment = false - name_prefix = "mytg2-" - protocol = "HTTP" - port = 80 - target_type = "instance" - deregistration_delay = 10 - load_balancing_cross_zone_enabled = false - protocol_version = "HTTP1" - health_check = { - enabled = true - interval = 30 - path = "/app2/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - protocol = "HTTP" - matcher = "200-399" - } - tags = local.common_tags # Target Group Tags - }# END of Target Group-2: mytg2 - } # END OF target_groups - tags = local.common_tags # ALB Tags -} - -# mytg1: LB Target Group Attachment -resource "aws_lb_target_group_attachment" "mytg1" { - for_each = {for k,v in module.ec2_private_app1: k => v} - target_group_arn = module.alb.target_groups["mytg1"].arn - target_id = each.value.id - port = 80 -} - -# mytg2: LB Target Group Attachment -resource "aws_lb_target_group_attachment" "mytg2" { - for_each = {for k,v in module.ec2_private_app2: k => v} - target_group_arn = module.alb.target_groups["mytg2"].arn - target_id = each.value.id - port = 80 -} -``` diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/app1-install.sh b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/app1-install.sh deleted file mode 100644 index f697dd1d..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/app1-install.sh +++ /dev/null @@ -1,12 +0,0 @@ -#! /bin/bash -# Instance Identity Metadata Reference - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html -sudo yum update -y -sudo yum install -y httpd -sudo systemctl enable httpd -sudo service httpd start -sudo echo 'Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app1/index.html -sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app1/metadata.html - - diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/app2-install.sh b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/app2-install.sh deleted file mode 100644 index 805d4bea..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/app2-install.sh +++ /dev/null @@ -1,12 +0,0 @@ -#! /bin/bash -# Instance Identity Metadata Reference - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html -sudo yum update -y -sudo yum install -y httpd -sudo systemctl enable httpd -sudo service httpd start -sudo echo 'Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app2/index.html -sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app2/metadata.html - - diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c1-versions.tf b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c1-versions.tf deleted file mode 100644 index 7fa6c2d0..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c1-versions.tf +++ /dev/null @@ -1,24 +0,0 @@ -# Terraform Block -terraform { - required_version = ">= 1.6" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 5.0" - } - null = { - source = "hashicorp/null" - version = "~> 3.0" - } - } -} - -# Provider Block -provider "aws" { - region = var.aws_region - profile = "default" -} -/* -Note-1: AWS Credentials Profile (profile = "default") configured on your local desktop terminal -$HOME/.aws/credentials -*/ diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c10-01-ALB-application-loadbalancer-variables.tf b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c10-01-ALB-application-loadbalancer-variables.tf deleted file mode 100644 index a4c16d05..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c10-01-ALB-application-loadbalancer-variables.tf +++ /dev/null @@ -1,14 +0,0 @@ -# Terraform AWS Application Load Balancer Variables -# Place holder file for AWS ALB Variables - -# App1 DNS Name -variable "app1_dns_name" { - description = "App1 DNS Name" -} - -# App2 DNS Name -variable "app2_dns_name" { - description = "App2 DNS Name" -} - - diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c10-02-ALB-application-loadbalancer.tf b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c10-02-ALB-application-loadbalancer.tf deleted file mode 100644 index 8b7dc5d0..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c10-02-ALB-application-loadbalancer.tf +++ /dev/null @@ -1,208 +0,0 @@ -# Terraform AWS Application Load Balancer (ALB) -module "alb" { - source = "terraform-aws-modules/alb/aws" - #version = "5.16.0" - version = "9.4.0" - - name = "${local.name}-alb" - load_balancer_type = "application" - vpc_id = module.vpc.vpc_id - subnets = module.vpc.public_subnets - security_groups = [module.loadbalancer_sg.security_group_id] - - # For example only - enable_deletion_protection = false - -# Listeners - listeners = { - # Listener-1: my-http-https-redirect - my-http-https-redirect = { - port = 80 - protocol = "HTTP" - redirect = { - port = "443" - protocol = "HTTPS" - status_code = "HTTP_301" - } - }# End my-http-https-redirect Listener - - # Listener-2: my-https-listener - my-https-listener = { - port = 443 - protocol = "HTTPS" - ssl_policy = "ELBSecurityPolicy-TLS13-1-2-Res-2021-06" - certificate_arn = module.acm.acm_certificate_arn - - # Fixed Response for Root Context - fixed_response = { - content_type = "text/plain" - message_body = "Fixed Static message - for Root Context" - status_code = "200" - }# End of Fixed Response - - # Load Balancer Rules - rules = { - # Rule-1: myapp1-rule - myapp1-rule = { - priority = 1 - actions = [{ - type = "weighted-forward" - target_groups = [ - { - target_group_key = "mytg1" - weight = 1 - } - ] - stickiness = { - enabled = true - duration = 3600 - } - }] - conditions = [{ - http_header = { - http_header_name = "custom-header" - values = ["app-1", "app1", "my-app-1"] - } - }] - }# End of myapp1-rule - # Rule-2: myapp2-rule - myapp2-rule = { - priority = 2 - actions = [{ - type = "weighted-forward" - target_groups = [ - { - target_group_key = "mytg2" - weight = 1 - } - ] - stickiness = { - enabled = true - duration = 3600 - } - }] - conditions = [{ - http_header = { - http_header_name = "custom-header" - values = ["app-2", "app2", "my-app-2"] - } - }] - }# End of myapp2-rule Block - - # Rule-3: Query String Redirect Redirect Rule - my-redirect-query = { - priority = 3 - actions = [{ - type = "redirect" - status_code = "HTTP_302" - host = "stacksimplify.com" - path = "/aws-eks/" - query = "" - protocol = "HTTPS" - }] - - conditions = [{ - query_string = { - key = "website" - value = "aws-eks" - } - }] - }# End of Rule-3 Query String Redirect Redirect Rule - # Rule-4: Host Header Redirect - my-redirect-hh = { - priority = 4 - actions = [{ - type = "redirect" - status_code = "HTTP_302" - host = "stacksimplify.com" - path = "/azure-aks/azure-kubernetes-service-introduction/" - query = "" - protocol = "HTTPS" - }] - - conditions = [{ - host_header = { - values = ["azure-aks11.devopsincloud.com"] - } - }] - }# Rule-4: Host Header Redirect - }# End Rules - }# End Listener-2: my-https-listener - }# End Listeners - -# Target Groups - target_groups = { - # Target Group-1: mytg1 - mytg1 = { - # VERY IMPORTANT: We will create aws_lb_target_group_attachment resource separately when we use create_attachment = false, refer above GitHub issue URL. - ## Github ISSUE: https://github.com/terraform-aws-modules/terraform-aws-alb/issues/316 - ## Search for "create_attachment" to jump to that Github issue solution - create_attachment = false - name_prefix = "mytg1-" - protocol = "HTTP" - port = 80 - target_type = "instance" - deregistration_delay = 10 - load_balancing_cross_zone_enabled = false - protocol_version = "HTTP1" - health_check = { - enabled = true - interval = 30 - path = "/app1/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - protocol = "HTTP" - matcher = "200-399" - }# End of Health Check Block - tags = local.common_tags # Target Group Tags - }# END of Target Group-1: mytg1 - - # Target Group-1: mytg2 - mytg2 = { - # VERY IMPORTANT: We will create aws_lb_target_group_attachment resource separately when we use create_attachment = false, refer above GitHub issue URL. - ## Github ISSUE: https://github.com/terraform-aws-modules/terraform-aws-alb/issues/316 - ## Search for "create_attachment" to jump to that Github issue solution - create_attachment = false - name_prefix = "mytg2-" - protocol = "HTTP" - port = 80 - target_type = "instance" - deregistration_delay = 10 - load_balancing_cross_zone_enabled = false - protocol_version = "HTTP1" - health_check = { - enabled = true - interval = 30 - path = "/app2/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - protocol = "HTTP" - matcher = "200-399" - } - tags = local.common_tags # Target Group Tags - }# END of Target Group-2: mytg2 - } # END OF target_groups - tags = local.common_tags # ALB Tags -} - -# mytg1: LB Target Group Attachment -resource "aws_lb_target_group_attachment" "mytg1" { - for_each = {for k,v in module.ec2_private_app1: k => v} - target_group_arn = module.alb.target_groups["mytg1"].arn - target_id = each.value.id - port = 80 -} - -# mytg2: LB Target Group Attachment -resource "aws_lb_target_group_attachment" "mytg2" { - for_each = {for k,v in module.ec2_private_app2: k => v} - target_group_arn = module.alb.target_groups["mytg2"].arn - target_id = each.value.id - port = 80 -} - - diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c10-03-ALB-application-loadbalancer-outputs.tf b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c10-03-ALB-application-loadbalancer-outputs.tf deleted file mode 100644 index 25387755..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c10-03-ALB-application-loadbalancer-outputs.tf +++ /dev/null @@ -1,41 +0,0 @@ -# Terraform AWS Application Load Balancer (ALB) Outputs - -output "lb_id" { - description = "The ID and ARN of the load balancer we created." - value = module.alb.id -} - -output "lb_arn" { - description = "The ID and ARN of the load balancer we created." - value = module.alb.arn -} - -output "lb_dns_name" { - description = "The DNS name of the load balancer." - value = module.alb.dns_name -} - -output "lb_arn_suffix" { - description = "ARN suffix of our load balancer - can be used with CloudWatch." - value = module.alb.arn_suffix -} - -output "lb_zone_id" { - description = "The zone_id of the load balancer to assist with creating DNS records." - value = module.alb.zone_id -} - -output "listener_rules" { - description = "Map of listeners rules created and their attributes" - value = module.alb.listener_rules -} - -output "listeners" { - description = "Map of listeners created and their attributes" - value = module.alb.listeners -} - -output "target_groups" { - description = "Map of target groups created and their attributes" - value = module.alb.target_groups -} diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c11-acm-certificatemanager.tf b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c11-acm-certificatemanager.tf deleted file mode 100644 index 26253779..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c11-acm-certificatemanager.tf +++ /dev/null @@ -1,25 +0,0 @@ -# ACM Module - To create and Verify SSL Certificates -module "acm" { - source = "terraform-aws-modules/acm/aws" - #version = "2.14.0" - version = "5.0.0" - - domain_name = trimsuffix(data.aws_route53_zone.mydomain.name, ".") - zone_id = data.aws_route53_zone.mydomain.zone_id - - subject_alternative_names = [ - "*.devopsincloud.com" - ] - tags = local.common_tags - - # Validation Method - validation_method = "DNS" - wait_for_validation = true -} - -# Output ACM Certificate ARN -output "acm_certificate_arn" { - description = "The ARN of the certificate" - value = module.acm.acm_certificate_arn -} - diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c12-route53-dnsregistration.tf b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c12-route53-dnsregistration.tf deleted file mode 100644 index dec8f06d..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c12-route53-dnsregistration.tf +++ /dev/null @@ -1,24 +0,0 @@ -# DNS Registration -## Default DNS -resource "aws_route53_record" "default_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = "myapps11.devopsincloud.com" - type = "A" - alias { - name = module.alb.dns_name - zone_id = module.alb.zone_id - evaluate_target_health = true - } -} - -## App1 DNS -resource "aws_route53_record" "app1_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = "azure-aks11.devopsincloud.com" - type = "A" - alias { - name = module.alb.dns_name - zone_id = module.alb.zone_id - evaluate_target_health = true - } -} diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c2-generic-variables.tf b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c2-generic-variables.tf deleted file mode 100644 index c238ceaa..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c2-generic-variables.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Input Variables -# AWS Region -variable "aws_region" { - description = "Region in which AWS Resources to be created" - type = string - default = "us-east-1" -} -# Environment Variable -variable "environment" { - description = "Environment Variable used as a prefix" - type = string - default = "dev" -} -# Business Division -variable "business_divsion" { - description = "Business Division in the large organization this Infrastructure belongs" - type = string - default = "sap" -} diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c3-local-values.tf b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c3-local-values.tf deleted file mode 100644 index 9465b846..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c3-local-values.tf +++ /dev/null @@ -1,11 +0,0 @@ -# Define Local Values in Terraform -locals { - owners = var.business_divsion - environment = var.environment - name = "${var.business_divsion}-${var.environment}" - #name = "${local.owners}-${local.environment}" - common_tags = { - owners = local.owners - environment = local.environment - } -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c4-01-vpc-variables.tf b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c4-01-vpc-variables.tf deleted file mode 100644 index b68d0a48..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c4-01-vpc-variables.tf +++ /dev/null @@ -1,77 +0,0 @@ -# VPC Input Variables - -# VPC Name -variable "vpc_name" { - description = "VPC Name" - type = string - default = "myvpc" -} - -# VPC CIDR Block -variable "vpc_cidr_block" { - description = "VPC CIDR Block" - type = string - default = "10.0.0.0/16" -} - -# VPC Availability Zones -variable "vpc_availability_zones" { - description = "VPC Availability Zones" - type = list(string) - default = ["us-east-1a", "us-east-1b"] -} - -# VPC Public Subnets -variable "vpc_public_subnets" { - description = "VPC Public Subnets" - type = list(string) - default = ["10.0.101.0/24", "10.0.102.0/24"] -} - -# VPC Private Subnets -variable "vpc_private_subnets" { - description = "VPC Private Subnets" - type = list(string) - default = ["10.0.1.0/24", "10.0.2.0/24"] -} - -# VPC Database Subnets -variable "vpc_database_subnets" { - description = "VPC Database Subnets" - type = list(string) - default = ["10.0.151.0/24", "10.0.152.0/24"] -} - -# VPC Create Database Subnet Group (True / False) -variable "vpc_create_database_subnet_group" { - description = "VPC Create Database Subnet Group" - type = bool - default = true -} - -# VPC Create Database Subnet Route Table (True or False) -variable "vpc_create_database_subnet_route_table" { - description = "VPC Create Database Subnet Route Table" - type = bool - default = true -} - - -# VPC Enable NAT Gateway (True or False) -variable "vpc_enable_nat_gateway" { - description = "Enable NAT Gateways for Private Subnets Outbound Communication" - type = bool - default = true -} - -# VPC Single NAT Gateway (True or False) -variable "vpc_single_nat_gateway" { - description = "Enable only single NAT Gateway in one Availability Zone to save costs during our demos" - type = bool - default = true -} - - - - - diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c4-02-vpc-module.tf b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c4-02-vpc-module.tf deleted file mode 100644 index 967d2dcb..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c4-02-vpc-module.tf +++ /dev/null @@ -1,44 +0,0 @@ -# Create VPC Terraform Module -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - #version = "2.78.0" - #version = "~> 2.78" - version = "5.2.0" - - # VPC Basic Details - name = "${local.name}-${var.vpc_name}" - cidr = var.vpc_cidr_block - azs = var.vpc_availability_zones - public_subnets = var.vpc_public_subnets - private_subnets = var.vpc_private_subnets - - # Database Subnets - database_subnets = var.vpc_database_subnets - create_database_subnet_group = var.vpc_create_database_subnet_group - create_database_subnet_route_table = var.vpc_create_database_subnet_route_table - # create_database_internet_gateway_route = true - # create_database_nat_gateway_route = true - - # NAT Gateways - Outbound Communication - enable_nat_gateway = var.vpc_enable_nat_gateway - single_nat_gateway = var.vpc_single_nat_gateway - - # VPC DNS Parameters - enable_dns_hostnames = true - enable_dns_support = true - - - tags = local.common_tags - vpc_tags = local.common_tags - - # Additional Tags to Subnets - public_subnet_tags = { - Type = "Public Subnets" - } - private_subnet_tags = { - Type = "Private Subnets" - } - database_subnet_tags = { - Type = "Private Database Subnets" - } -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c4-03-vpc-outputs.tf b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c4-03-vpc-outputs.tf deleted file mode 100644 index c144e991..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c4-03-vpc-outputs.tf +++ /dev/null @@ -1,37 +0,0 @@ -# VPC Output Values - -# VPC ID -output "vpc_id" { - description = "The ID of the VPC" - value = module.vpc.vpc_id -} - -# VPC CIDR blocks -output "vpc_cidr_block" { - description = "The CIDR block of the VPC" - value = module.vpc.vpc_cidr_block -} - -# VPC Private Subnets -output "private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc.private_subnets -} - -# VPC Public Subnets -output "public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc.public_subnets -} - -# VPC NAT gateway Public IP -output "nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_public_ips -} - -# VPC AZs -output "azs" { - description = "A list of availability zones spefified as argument to this module" - value = module.vpc.azs -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c5-01-securitygroup-variables.tf b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c5-01-securitygroup-variables.tf deleted file mode 100644 index fecdef54..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c5-01-securitygroup-variables.tf +++ /dev/null @@ -1,2 +0,0 @@ -# AWS EC2 Security Group Terraform Variables -## Placeholder file for Variables diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c5-02-securitygroup-outputs.tf b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c5-02-securitygroup-outputs.tf deleted file mode 100644 index ca6ff040..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c5-02-securitygroup-outputs.tf +++ /dev/null @@ -1,40 +0,0 @@ -# AWS EC2 Security Group Terraform Outputs - -# Public Bastion Host Security Group Outputs -## public_bastion_sg_group_id -output "public_bastion_sg_group_id" { - description = "The ID of the security group" - value = module.public_bastion_sg.security_group_id -} - -## public_bastion_sg_group_vpc_id -output "public_bastion_sg_group_vpc_id" { - description = "The VPC ID" - value = module.public_bastion_sg.security_group_vpc_id -} - -## public_bastion_sg_group_name -output "public_bastion_sg_group_name" { - description = "The name of the security group" - value = module.public_bastion_sg.security_group_name -} - -# Private EC2 Instances Security Group Outputs -## private_sg_group_id -output "private_sg_group_id" { - description = "The ID of the security group" - value = module.private_sg.security_group_id -} - -## private_sg_group_vpc_id -output "private_sg_group_vpc_id" { - description = "The VPC ID" - value = module.private_sg.security_group_vpc_id -} - -## private_sg_group_name -output "private_sg_group_name" { - description = "The name of the security group" - value = module.private_sg.security_group_name -} - diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c5-03-securitygroup-bastionsg.tf b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c5-03-securitygroup-bastionsg.tf deleted file mode 100644 index 67f1dd30..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c5-03-securitygroup-bastionsg.tf +++ /dev/null @@ -1,17 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Public Bastion Host -module "public_bastion_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - version = "5.1.0" - - name = "public-bastion-sg" - description = "Security Group with SSH port open for everybody (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c5-04-securitygroup-privatesg.tf b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c5-04-securitygroup-privatesg.tf deleted file mode 100644 index 33dce699..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c5-04-securitygroup-privatesg.tf +++ /dev/null @@ -1,18 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Private EC2 Instances -module "private_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - version = "5.1.0" - - name = "private-sg" - description = "Security Group with HTTP & SSH port open for entire VPC Block (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp", "http-80-tcp"] - ingress_cidr_blocks = [module.vpc.vpc_cidr_block] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} - diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c5-05-securitygroup-loadbalancersg.tf b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c5-05-securitygroup-loadbalancersg.tf deleted file mode 100644 index e30ae877..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c5-05-securitygroup-loadbalancersg.tf +++ /dev/null @@ -1,29 +0,0 @@ -# Security Group for Public Load Balancer -module "loadbalancer_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - version = "5.1.0" - - name = "loadbalancer-sg" - description = "Security Group with HTTP open for entire Internet (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["http-80-tcp", "https-443-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags - - # Open to CIDRs blocks (rule or from_port+to_port+protocol+description) - ingress_with_cidr_blocks = [ - { - from_port = 81 - to_port = 81 - protocol = 6 - description = "Allow Port 81 from internet" - cidr_blocks = "0.0.0.0/0" - }, - ] -} - - diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c6-01-datasource-ami.tf b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c6-01-datasource-ami.tf deleted file mode 100644 index c292b608..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c6-01-datasource-ami.tf +++ /dev/null @@ -1,21 +0,0 @@ -# Get latest AMI ID for Amazon Linux2 OS -data "aws_ami" "amzlinux2" { - most_recent = true - owners = [ "amazon" ] - filter { - name = "name" - values = [ "amzn2-ami-hvm-*-gp2" ] - } - filter { - name = "root-device-type" - values = [ "ebs" ] - } - filter { - name = "virtualization-type" - values = [ "hvm" ] - } - filter { - name = "architecture" - values = [ "x86_64" ] - } -} diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c6-02-datasource-route53-zone.tf b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c6-02-datasource-route53-zone.tf deleted file mode 100644 index a30979d5..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c6-02-datasource-route53-zone.tf +++ /dev/null @@ -1,16 +0,0 @@ -# Get DNS information from AWS Route53 -data "aws_route53_zone" "mydomain" { - name = "devopsincloud.com" -} - -# Output MyDomain Zone ID -output "mydomain_zoneid" { - description = "The Hosted Zone id of the desired Hosted Zone" - value = data.aws_route53_zone.mydomain.zone_id -} - -# Output MyDomain name -output "mydomain_name" { - description = " The Hosted Zone name of the desired Hosted Zone." - value = data.aws_route53_zone.mydomain.name -} diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c7-01-ec2instance-variables.tf b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c7-01-ec2instance-variables.tf deleted file mode 100644 index 5067bec2..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c7-01-ec2instance-variables.tf +++ /dev/null @@ -1,23 +0,0 @@ -# AWS EC2 Instance Terraform Variables -# EC2 Instance Variables - -# AWS EC2 Instance Type -variable "instance_type" { - description = "EC2 Instance Type" - type = string - default = "t3.micro" -} - -# AWS EC2 Instance Key Pair -variable "instance_keypair" { - description = "AWS EC2 Key pair that need to be associated with EC2 Instance" - type = string - default = "terraform-key" -} - -# AWS EC2 Private Instance Count -variable "private_instance_count" { - description = "AWS EC2 Private Instances Count" - type = number - default = 1 -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c7-02-ec2instance-outputs.tf b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c7-02-ec2instance-outputs.tf deleted file mode 100644 index 039fc29e..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c7-02-ec2instance-outputs.tf +++ /dev/null @@ -1,46 +0,0 @@ -# AWS EC2 Instance Terraform Outputs -# Public EC2 Instances - Bastion Host - -## ec2_bastion_public_instance_ids -output "ec2_bastion_public_instance_ids" { - description = "EC2 instance ID" - value = module.ec2_public.id -} - -## ec2_bastion_public_ip -output "ec2_bastion_public_ip" { - description = "Public IP address EC2 instance" - value = module.ec2_public.public_ip -} - -# Private EC2 Instances - App1 -## ec2_private_instance_ids -output "ec2_private_instance_ids_app1" { - description = "List of IDs of instances" - value = [for ec2private in module.ec2_private_app1: ec2private.id ] -} - -## ec2_private_ip -output "ec2_private_ip_app1" { - description = "List of private IP addresses assigned to the instances" - value = [for ec2private in module.ec2_private_app1: ec2private.private_ip ] -} - - -# Private EC2 Instances - App2 -## ec2_private_instance_ids -output "ec2_private_instance_ids_app2" { - description = "List of IDs of instances" - value = [for ec2private in module.ec2_private_app2: ec2private.id ] -} - -## ec2_private_ip -output "ec2_private_ip_app2" { - description = "List of private IP addresses assigned to the instances" - value = [for ec2private in module.ec2_private_app2: ec2private.private_ip ] -} - - - - - diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c7-03-ec2instance-bastion.tf b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c7-03-ec2instance-bastion.tf deleted file mode 100644 index b8ddebc2..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c7-03-ec2instance-bastion.tf +++ /dev/null @@ -1,22 +0,0 @@ -# AWS EC2 Instance Terraform Module -# Bastion Host - EC2 Instance that will be created in VPC Public Subnet -module "ec2_public" { - source = "terraform-aws-modules/ec2-instance/aws" - #version = "2.17.0" - version = "5.5.0" - # insert the 10 required variables here - name = "${var.environment}-BastionHost" - #instance_count = 5 - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - subnet_id = module.vpc.public_subnets[0] - tags = local.common_tags - - # UPDATED - #vpc_security_group_ids = [module.public_bastion_sg.this_security_group_id] - vpc_security_group_ids = [module.public_bastion_sg.security_group_id] - -} - diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c7-04-ec2instance-private-app1.tf b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c7-04-ec2instance-private-app1.tf deleted file mode 100644 index 8ab37cf3..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c7-04-ec2instance-private-app1.tf +++ /dev/null @@ -1,24 +0,0 @@ -# AWS EC2 Instance Terraform Module -# EC2 Instances that will be created in VPC Private Subnets for App1 -module "ec2_private_app1" { - depends_on = [ module.vpc ] # VERY VERY IMPORTANT else userdata webserver provisioning will fail - source = "terraform-aws-modules/ec2-instance/aws" - #version = "2.17.0" - version = "5.5.0" - # insert the 10 required variables here - name = "${var.environment}-app1" - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - user_data = file("${path.module}/app1-install.sh") - tags = local.common_tags - -# Changes as part of Module version from 2.17.0 to 5.5.0 - for_each = toset(["0", "1"]) - subnet_id = element(module.vpc.private_subnets, tonumber(each.key)) - vpc_security_group_ids = [module.private_sg.security_group_id] - -} - - diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c7-05-ec2instance-private-app2.tf b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c7-05-ec2instance-private-app2.tf deleted file mode 100644 index d7861b3d..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c7-05-ec2instance-private-app2.tf +++ /dev/null @@ -1,24 +0,0 @@ -# AWS EC2 Instance Terraform Module -# EC2 Instances that will be created in VPC Private Subnets for App2 -module "ec2_private_app2" { - depends_on = [ module.vpc ] # VERY VERY IMPORTANT else userdata webserver provisioning will fail - source = "terraform-aws-modules/ec2-instance/aws" - #version = "2.17.0" - version = "5.5.0" - # insert the 10 required variables here - name = "${var.environment}-app2" - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - user_data = file("${path.module}/app2-install.sh") - tags = local.common_tags - -# Changes as part of Module version from 2.17.0 to 5.5.0 - for_each = toset(["0", "1"]) - subnet_id = element(module.vpc.private_subnets, tonumber(each.key)) - vpc_security_group_ids = [module.private_sg.security_group_id] - -} - - diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c8-elasticip.tf b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c8-elasticip.tf deleted file mode 100644 index 072ba506..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c8-elasticip.tf +++ /dev/null @@ -1,20 +0,0 @@ -# Create Elastic IP for Bastion Host -# Resource - depends_on Meta-Argument -resource "aws_eip" "bastion_eip" { - depends_on = [ module.ec2_public, module.vpc ] - tags = local.common_tags - # COMMENTED - #instance = module.ec2_public.id[0] - #vpc = true - - # UPDATED - instance = module.ec2_public.id - domain = "vpc" -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) - provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } -} diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c9-nullresource-provisioners.tf b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c9-nullresource-provisioners.tf deleted file mode 100644 index c9a1d2a8..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/c9-nullresource-provisioners.tf +++ /dev/null @@ -1,42 +0,0 @@ -# Create a Null Resource and Provisioners -resource "null_resource" "name" { - depends_on = [module.ec2_public] - # Connection Block for Provisioners to connect to EC2 Instance - connection { - type = "ssh" - host = aws_eip.bastion_eip.public_ip - user = "ec2-user" - password = "" - private_key = file("private-key/terraform-key.pem") - } - -## File Provisioner: Copies the terraform-key.pem file to /tmp/terraform-key-us-east-2.pem - provisioner "file" { - source = "private-key/terraform-key.pem" - destination = "/tmp/terraform-key.pem" - } -## Remote Exec Provisioner: Using remote-exec provisioner fix the private key permissions on Bastion Host - provisioner "remote-exec" { - inline = [ - "sudo chmod 400 /tmp/terraform-key.pem" - ] - } -## Local Exec Provisioner: local-exec provisioner (Creation-Time Provisioner - Triggered during Create Resource) - provisioner "local-exec" { - command = "echo VPC created on `date` and VPC ID: ${module.vpc.vpc_id} >> creation-time-vpc-id.txt" - working_dir = "local-exec-output-files/" - #on_failure = continue - } -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) -/* provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } - */ - -} - -# Creation Time Provisioners - By default they are created during resource creations (terraform apply) -# Destory Time Provisioners - Will be executed during "terraform destroy" command (when = destroy) \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/ec2instance.auto.tfvars b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/ec2instance.auto.tfvars deleted file mode 100644 index 9875e621..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/ec2instance.auto.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -# EC2 Instance Variables -instance_type = "t3.micro" -instance_keypair = "terraform-key" -#private_instance_count = 2 diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/loadbalancer.auto.tfvars b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/loadbalancer.auto.tfvars deleted file mode 100644 index 0784e098..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/loadbalancer.auto.tfvars +++ /dev/null @@ -1,3 +0,0 @@ -# AWS Load Balancer Variables -app1_dns_name = "app1.devopsincloud.com" -app2_dns_name = "app2.devopsincloud.com" \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/local-exec-output-files/creation-time-vpc-id.txt b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/local-exec-output-files/creation-time-vpc-id.txt deleted file mode 100644 index 271f5b90..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/local-exec-output-files/creation-time-vpc-id.txt +++ /dev/null @@ -1,9 +0,0 @@ -VPC created on Tue Apr 20 13:59:45 IST 2021 and VPC ID: vpc-0325dc1acd7eec103 -VPC created on Tue Apr 20 15:38:18 IST 2021 and VPC ID: vpc-0ada4f674de70b568 -VPC created on Thu Apr 22 11:41:49 IST 2021 and VPC ID: vpc-0ad139001a6b52da6 -VPC created on Thu Apr 22 14:12:55 IST 2021 and VPC ID: vpc-0230b618d0cd954ba -VPC created on Thu Apr 22 14:37:23 IST 2021 and VPC ID: vpc-033920cf9b2dcd7fa -VPC created on Fri Apr 23 10:23:25 IST 2021 and VPC ID: vpc-07f56cbdaa0491e20 -VPC created on Tue Apr 27 08:26:43 IST 2021 and VPC ID: vpc-01c5c36461f11275d -VPC created on Wed Nov 29 11:26:59 IST 2023 and VPC ID: vpc-0cff9239afb6f3b13 -VPC created on Wed Nov 29 13:35:57 IST 2023 and VPC ID: vpc-0dbd3fb545fbf472b diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/local-exec-output-files/destroy-time-prov.txt b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/local-exec-output-files/destroy-time-prov.txt deleted file mode 100644 index 5b769eaf..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/local-exec-output-files/destroy-time-prov.txt +++ /dev/null @@ -1,9 +0,0 @@ -Destroy time prov Tue Apr 20 14:11:11 IST 2021 -Destroy time prov Tue Apr 20 15:47:43 IST 2021 -Destroy time prov Thu Apr 22 12:11:35 IST 2021 -Destroy time prov Thu Apr 22 14:24:56 IST 2021 -Destroy time prov Thu Apr 22 14:49:18 IST 2021 -Destroy time prov Fri Apr 23 10:32:44 IST 2021 -Destroy time prov Tue Apr 27 08:41:33 IST 2021 -Destroy time prov Wed Nov 29 11:34:45 IST 2023 -Destroy time prov Wed Nov 29 13:47:30 IST 2023 diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/private-key/terraform-key-us-east-2.pem b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/private-key/terraform-key-us-east-2.pem deleted file mode 100644 index fa1c3685..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/private-key/terraform-key-us-east-2.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAm3BeIK0SgPAv+tu5Dcts5G6lbTwB0QrrGbCFGV5k9Yn35f8F -RoAVBqyFHjrcye7ZRYnrIbT4bzQKVwPz+AcNUj2Y+keXcAsB0v39C1VH2VieUCIr -rmHRggrzvI8P/cdzmuXuSwr38CfBC1BXhqPfrTJSEEqok1S2Rw78GW7S4e/OSEc/ -3p4dkNpVv3pTP3Ygq5DYVeLROq50LPF5NHmllnC0V9vlhFyPI5qMycJj3rx0HYYT -BCRF+TY7WyBYaH/EqCR37vajuzTYFrPhtPUoP3ryWEr0+OaMJzLW5IS4KNV7GkL9 -ceyPa9iW1E6J8B1hvT3+nOIUZhhZIXIXZbin+wIDAQABAoIBACHwDc0qnKCkUIWA -Fc5qPPM/KUVJVcgzjxND1DuuvXJS1lpULO2wp2aWolXwWiaIzM1/CGSKo7d78EoB -ZfIgcAslwdHbcbgX3yUXKXmg/Bf7Xk12uHzRhLHU/FSOE9rAAoCudTHTSkEYHPEA -cKvH+d1R4FMISfgpBcdMAUT4Snjj0NH11uFW37QtrAKziZKEeA1eU/mP4a9OL6qj -XGIaJeL5flhiNVqz9HPnY6fc3wUF2TBcMy+OBxt7VKFXtE8M06FhRn2MJyyE5tsp -ulfgJ5Y3bp1k5WFD4mmNt/97YopF5hA+3GXZlGtziZMrxjRS3j9EPVMhc7UkGdyf -Yd9NwcECgYEAyxTPUN1B5JU5u4Ki1qO8NrY8ESOA2rqRmd1wRHgsTN7iKPCD5890 -7BO8DosX7QJ6EBaxvtCAsP5mMMK4plAeh/UIn48TxnY1jgUds99R5goYM760S/in -3kLWMlqOxPjfthrmJ29tR2gQh3FK2N16hdMT5HTaHO90h9esrmnMAFsCgYEAw/Fr -7oThVGQIFGhTFvOa89rYjk5QFeVAfehT5/CWabYMFC5sTUTQLeW9MDNQS+ydKkDg -0yjUQEaAPwoKq2iQa8RJIRYKCEjzIn41mGGtpRo6IqYMnlXLSgR90gOKPyhwIwd3 -8mzytUqcsTbxax4sqXXLMtbPirZaRKvO/aB0iOECgYATvr45eonBk9C9LoJupBTU -rPtCH1WT7rfhYepcfeKwxqrumBP7IeyYV4LdVyDIZok/rzUw/EzG6LU+4G/bm8ac -KXLhMKQXk765RD4TEw9/clPQFCarjE2mCpGQ68Ud2aTGq+7cvrS9UJzqzlUcqMwU -3uT8PXBHh/ColIuxmY/AKQKBgGgVjWzlX0DR5kzY4hJWEyCoRtLJHNeUsP5w9GlH -rs62qpHp2xPskt1epXG+QFAkf5QbZJImpSEDkkpqTiKhZ94nJWWS7H9cKPNQsa2h -bXk/hlQzeo59KoDGBAQUZ1KHa5Hf/MJlR0QwPy4P7owlOjpGXUtDOnoHxcmmrkyh -+GVhAoGAQ6nIU1Nyw8PQmjfkgSu3mD56vFHUzO9lsjZOBgYXtDbdoQxaMoYpHKym -dmelrGzz/S60dQH+OpgqLOVARIk/z65wxKsxV+mDerUQZTEV/LkrA3+za2VxKS7L -7U5oa2lurCbiA8vyJPVEK92cTky/73keL5e9JxmDaHeiQEVr9Zw= ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/private-key/terraform-key.pem b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/private-key/terraform-key.pem deleted file mode 100644 index fab1eb2a..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/private-key/terraform-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAnzQtbXStFNU4znotckbPpAbQvymSYBvIRhObDObmhZLzs/Qm -lm57HBU18NcdAeEmKjHyu/2CI4Wwor3TJ+LTKHIldHmCt+26dSN5889Km99Af674 -nuPg9fTt8IXhY83aO0AeEnFivC+lk9+6Xezv7J7Llsmyx3kvUGE4uUEPNPuNcjdU -OrSlQ/Th9FPWBsTL8wLQCfQaPIQhZT8fXnvNGViTpZ/YqcoKGmkXcMl/+Pi0Xccs -ID3Egl18sV5uWr6T1DSMqhhwWYbl+IagZYUeKQ6Lg5znAtnX2/OHhDep6pGcf+aE -jbRkhQWgfLIVYhNXkAGxdxBEA2fQO0wvnaKI6wIDAQABAoIBABmUZqApmQ253LDA -TMEJw58VQUEVyuEKVbl8uPLvvqZDoEiPuAt/oOQ4PDyAM7bzmBA7ikbOSrSubF0Z -pu3HsinTfVUjmO84kTb1Bkk4S0KUMmbRlDzjXGfofLqiqD5C+wd+G9bWxQh7l10V -G3qv8TTRpuCJc+I9BG8jz9tkKq9WYtnGKXktVIAmEXK+ein8A5yj+szV1CyP0y6Y -6D1KApk+o1hLEXCBxaK6JgD4elJWgU0jCIhRFZzae93yozNIfJc2WZfPc8Ro6GBa -8H57q3E241P7S65VewhZlln9AUcRFYc587ohcCIW8mOWQ8NA3IMP+oVxa2p334Ll -duhR2jECgYEAyf7a1/+/c82B+ENyo53Y5CK2UM28oOJjiyCaWG2Dxj6V2+ZSXPrS -YTo43L9XiqT0Ry2eHjb4pJDsEeW5FnaDFO6NVUP+vfzaqWtozQmVAl3GQybbSh6g -+KJoEQff2Obadp9ZVhLFTiBedvGqPD43hs7jtmk5RfMjpLOvidfe+/UCgYEAycSJ -etYYHMMQm2NgX1/4dcbgOiu33N+x1H7LaXuvJMaZw0wB7fUyu65CAexEanDtiKs3 -jVG4tAzdMmHg7VxKR7eiCvQaSlxdWdcWtL2eFVq2TaQeowbpJUtsR0h6W0vpaN9A -VYW/oAH4fzQskwmWSlBMxB/Ie14hBCBckTXSRV8CgYEAql6WXpCK/jVbZfYdfvrn -sKPGeijM7DWGGBaLmAHmnxKyeyKsXVgAkZj11NpeD8ZJcq97Kajb1pGVSxMjJVsX -/FOoST5sYfoew76gSi/GypQlYQYo9z8WLh9s/tBRcTRlFqAYTYzPdbG/ezshhmZD -lyRw0620bNdCPOyBJhY5MPECgYA/3tFOazuSz0UQi3LUfkLetagBghlf+AgJJmIp -8BdPYvcF1ae+tiHrO4x1o188+qaW3uxk9fusM25KJqXXPaHd9gl7wi4YYAjFCcuM -R4IlbGPNTCjOnr9rKOcL4aup/uvSYOmyqPYyJq2NRuzdVumWeLj0VMNYGkIFVmE3 -LnxzrQKBgG5loEjdSKt40YOMXtYvUYUKDGvWgoQEb0hj3OqiBXz+w4YD3/iX7dbQ -qra1gCxE42Z9beiBiti6zi6zGcoVj/pfNUoyxTLMSwaytbF+g1u6ksXcmC9PXcmk -kJDR0DJcm/rcL8tp3PKo22GDB7sobm9gk5je6y8z+dQs3SQbWzb0 ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/terraform.tfvars b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/terraform.tfvars deleted file mode 100644 index 8b9f8d7c..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/terraform.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# Generic Variables -aws_region = "us-east-1" -environment = "stag" -business_divsion = "hr" - - - - - - - diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/vpc.auto.tfvars b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/vpc.auto.tfvars deleted file mode 100644 index fc45bf29..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests-orig/vpc.auto.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# VPC Variables -vpc_name = "myvpc" -vpc_cidr_block = "10.0.0.0/16" -vpc_availability_zones = ["us-east-1a", "us-east-1b"] -vpc_public_subnets = ["10.0.101.0/24", "10.0.102.0/24"] -vpc_private_subnets = ["10.0.1.0/24", "10.0.2.0/24"] -vpc_database_subnets= ["10.0.151.0/24", "10.0.152.0/24"] -vpc_create_database_subnet_group = true -vpc_create_database_subnet_route_table = true -vpc_enable_nat_gateway = true -vpc_single_nat_gateway = true \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/app1-install.sh b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/app1-install.sh deleted file mode 100644 index f697dd1d..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/app1-install.sh +++ /dev/null @@ -1,12 +0,0 @@ -#! /bin/bash -# Instance Identity Metadata Reference - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html -sudo yum update -y -sudo yum install -y httpd -sudo systemctl enable httpd -sudo service httpd start -sudo echo 'Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app1/index.html -sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app1/metadata.html - - diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/app2-install.sh b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/app2-install.sh deleted file mode 100644 index 805d4bea..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/app2-install.sh +++ /dev/null @@ -1,12 +0,0 @@ -#! /bin/bash -# Instance Identity Metadata Reference - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html -sudo yum update -y -sudo yum install -y httpd -sudo systemctl enable httpd -sudo service httpd start -sudo echo 'Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app2/index.html -sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app2/metadata.html - - diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c1-versions.tf b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c1-versions.tf deleted file mode 100644 index 7fa6c2d0..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c1-versions.tf +++ /dev/null @@ -1,24 +0,0 @@ -# Terraform Block -terraform { - required_version = ">= 1.6" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 5.0" - } - null = { - source = "hashicorp/null" - version = "~> 3.0" - } - } -} - -# Provider Block -provider "aws" { - region = var.aws_region - profile = "default" -} -/* -Note-1: AWS Credentials Profile (profile = "default") configured on your local desktop terminal -$HOME/.aws/credentials -*/ diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf deleted file mode 100644 index a4c16d05..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf +++ /dev/null @@ -1,14 +0,0 @@ -# Terraform AWS Application Load Balancer Variables -# Place holder file for AWS ALB Variables - -# App1 DNS Name -variable "app1_dns_name" { - description = "App1 DNS Name" -} - -# App2 DNS Name -variable "app2_dns_name" { - description = "App2 DNS Name" -} - - diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c10-02-ALB-application-loadbalancer.tf b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c10-02-ALB-application-loadbalancer.tf deleted file mode 100644 index f0ef580b..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c10-02-ALB-application-loadbalancer.tf +++ /dev/null @@ -1,208 +0,0 @@ -# Terraform AWS Application Load Balancer (ALB) -module "alb" { - source = "terraform-aws-modules/alb/aws" - #version = "5.16.0" - version = "9.4.0" - - name = "${local.name}-alb" - load_balancer_type = "application" - vpc_id = module.vpc.vpc_id - subnets = module.vpc.public_subnets - security_groups = [module.loadbalancer_sg.security_group_id] - - # For example only - enable_deletion_protection = false - -# Listeners - listeners = { - # Listener-1: my-http-https-redirect - my-http-https-redirect = { - port = 80 - protocol = "HTTP" - redirect = { - port = "443" - protocol = "HTTPS" - status_code = "HTTP_301" - } - }# End my-http-https-redirect Listener - - # Listener-2: my-https-listener - my-https-listener = { - port = 443 - protocol = "HTTPS" - ssl_policy = "ELBSecurityPolicy-TLS13-1-2-Res-2021-06" - certificate_arn = module.acm.acm_certificate_arn - - # Fixed Response for Root Context - fixed_response = { - content_type = "text/plain" - message_body = "Fixed Static message - for Root Context" - status_code = "200" - }# End of Fixed Response - - # Load Balancer Rules - rules = { - # Rule-1: myapp1-rule - custom-header=my-app-1 should go to App1 EC2 Instances - myapp1-rule = { - priority = 1 - actions = [{ - type = "weighted-forward" - target_groups = [ - { - target_group_key = "mytg1" - weight = 1 - } - ] - stickiness = { - enabled = true - duration = 3600 - } - }] - conditions = [{ - http_header = { - http_header_name = "custom-header" - values = ["app-1", "app1", "my-app-1"] - } - }] - }# End of myapp1-rule - # Rule-2: myapp2-rule - custom-header=my-app-2 should go to App2 EC2 Instances - myapp2-rule = { - priority = 2 - actions = [{ - type = "weighted-forward" - target_groups = [ - { - target_group_key = "mytg2" - weight = 1 - } - ] - stickiness = { - enabled = true - duration = 3600 - } - }] - conditions = [{ - http_header = { - http_header_name = "custom-header" - values = ["app-2", "app2", "my-app-2"] - } - }] - }# End of myapp2-rule Block - - # Rule-3: Query String Redirect Redirect Rule - my-redirect-query = { - priority = 3 - actions = [{ - type = "redirect" - status_code = "HTTP_302" - host = "stacksimplify.com" - path = "/aws-eks/" - query = "" - protocol = "HTTPS" - }] - - conditions = [{ - query_string = { - key = "website" - value = "aws-eks" - } - }] - }# End of Rule-3 Query String Redirect Redirect Rule - # Rule-4: Host Header Redirect - my-redirect-hh = { - priority = 4 - actions = [{ - type = "redirect" - status_code = "HTTP_302" - host = "stacksimplify.com" - path = "/azure-aks/azure-kubernetes-service-introduction/" - query = "" - protocol = "HTTPS" - }] - - conditions = [{ - host_header = { - values = ["azure-aks11.devopsincloud.com"] - } - }] - }# Rule-4: Host Header Redirect - }# End Rules - }# End Listener-2: my-https-listener - }# End Listeners - -# Target Groups - target_groups = { - # Target Group-1: mytg1 - mytg1 = { - # VERY IMPORTANT: We will create aws_lb_target_group_attachment resource separately when we use create_attachment = false, refer above GitHub issue URL. - ## Github ISSUE: https://github.com/terraform-aws-modules/terraform-aws-alb/issues/316 - ## Search for "create_attachment" to jump to that Github issue solution - create_attachment = false - name_prefix = "mytg1-" - protocol = "HTTP" - port = 80 - target_type = "instance" - deregistration_delay = 10 - load_balancing_cross_zone_enabled = false - protocol_version = "HTTP1" - health_check = { - enabled = true - interval = 30 - path = "/app1/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - protocol = "HTTP" - matcher = "200-399" - }# End of Health Check Block - tags = local.common_tags # Target Group Tags - }# END of Target Group-1: mytg1 - - # Target Group-1: mytg2 - mytg2 = { - # VERY IMPORTANT: We will create aws_lb_target_group_attachment resource separately when we use create_attachment = false, refer above GitHub issue URL. - ## Github ISSUE: https://github.com/terraform-aws-modules/terraform-aws-alb/issues/316 - ## Search for "create_attachment" to jump to that Github issue solution - create_attachment = false - name_prefix = "mytg2-" - protocol = "HTTP" - port = 80 - target_type = "instance" - deregistration_delay = 10 - load_balancing_cross_zone_enabled = false - protocol_version = "HTTP1" - health_check = { - enabled = true - interval = 30 - path = "/app2/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - protocol = "HTTP" - matcher = "200-399" - } - tags = local.common_tags # Target Group Tags - }# END of Target Group-2: mytg2 - } # END OF target_groups - tags = local.common_tags # ALB Tags -} - -# mytg1: LB Target Group Attachment -resource "aws_lb_target_group_attachment" "mytg1" { - for_each = {for k,v in module.ec2_private_app1: k => v} - target_group_arn = module.alb.target_groups["mytg1"].arn - target_id = each.value.id - port = 80 -} - -# mytg2: LB Target Group Attachment -resource "aws_lb_target_group_attachment" "mytg2" { - for_each = {for k,v in module.ec2_private_app2: k => v} - target_group_arn = module.alb.target_groups["mytg2"].arn - target_id = each.value.id - port = 80 -} - - diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf deleted file mode 100644 index 25387755..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf +++ /dev/null @@ -1,41 +0,0 @@ -# Terraform AWS Application Load Balancer (ALB) Outputs - -output "lb_id" { - description = "The ID and ARN of the load balancer we created." - value = module.alb.id -} - -output "lb_arn" { - description = "The ID and ARN of the load balancer we created." - value = module.alb.arn -} - -output "lb_dns_name" { - description = "The DNS name of the load balancer." - value = module.alb.dns_name -} - -output "lb_arn_suffix" { - description = "ARN suffix of our load balancer - can be used with CloudWatch." - value = module.alb.arn_suffix -} - -output "lb_zone_id" { - description = "The zone_id of the load balancer to assist with creating DNS records." - value = module.alb.zone_id -} - -output "listener_rules" { - description = "Map of listeners rules created and their attributes" - value = module.alb.listener_rules -} - -output "listeners" { - description = "Map of listeners created and their attributes" - value = module.alb.listeners -} - -output "target_groups" { - description = "Map of target groups created and their attributes" - value = module.alb.target_groups -} diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c11-acm-certificatemanager.tf b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c11-acm-certificatemanager.tf deleted file mode 100644 index 26253779..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c11-acm-certificatemanager.tf +++ /dev/null @@ -1,25 +0,0 @@ -# ACM Module - To create and Verify SSL Certificates -module "acm" { - source = "terraform-aws-modules/acm/aws" - #version = "2.14.0" - version = "5.0.0" - - domain_name = trimsuffix(data.aws_route53_zone.mydomain.name, ".") - zone_id = data.aws_route53_zone.mydomain.zone_id - - subject_alternative_names = [ - "*.devopsincloud.com" - ] - tags = local.common_tags - - # Validation Method - validation_method = "DNS" - wait_for_validation = true -} - -# Output ACM Certificate ARN -output "acm_certificate_arn" { - description = "The ARN of the certificate" - value = module.acm.acm_certificate_arn -} - diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c12-route53-dnsregistration.tf b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c12-route53-dnsregistration.tf deleted file mode 100644 index dec8f06d..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c12-route53-dnsregistration.tf +++ /dev/null @@ -1,24 +0,0 @@ -# DNS Registration -## Default DNS -resource "aws_route53_record" "default_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = "myapps11.devopsincloud.com" - type = "A" - alias { - name = module.alb.dns_name - zone_id = module.alb.zone_id - evaluate_target_health = true - } -} - -## App1 DNS -resource "aws_route53_record" "app1_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = "azure-aks11.devopsincloud.com" - type = "A" - alias { - name = module.alb.dns_name - zone_id = module.alb.zone_id - evaluate_target_health = true - } -} diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c2-generic-variables.tf b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c2-generic-variables.tf deleted file mode 100644 index c238ceaa..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c2-generic-variables.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Input Variables -# AWS Region -variable "aws_region" { - description = "Region in which AWS Resources to be created" - type = string - default = "us-east-1" -} -# Environment Variable -variable "environment" { - description = "Environment Variable used as a prefix" - type = string - default = "dev" -} -# Business Division -variable "business_divsion" { - description = "Business Division in the large organization this Infrastructure belongs" - type = string - default = "sap" -} diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c3-local-values.tf b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c3-local-values.tf deleted file mode 100644 index 9465b846..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c3-local-values.tf +++ /dev/null @@ -1,11 +0,0 @@ -# Define Local Values in Terraform -locals { - owners = var.business_divsion - environment = var.environment - name = "${var.business_divsion}-${var.environment}" - #name = "${local.owners}-${local.environment}" - common_tags = { - owners = local.owners - environment = local.environment - } -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c4-01-vpc-variables.tf b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c4-01-vpc-variables.tf deleted file mode 100644 index b68d0a48..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c4-01-vpc-variables.tf +++ /dev/null @@ -1,77 +0,0 @@ -# VPC Input Variables - -# VPC Name -variable "vpc_name" { - description = "VPC Name" - type = string - default = "myvpc" -} - -# VPC CIDR Block -variable "vpc_cidr_block" { - description = "VPC CIDR Block" - type = string - default = "10.0.0.0/16" -} - -# VPC Availability Zones -variable "vpc_availability_zones" { - description = "VPC Availability Zones" - type = list(string) - default = ["us-east-1a", "us-east-1b"] -} - -# VPC Public Subnets -variable "vpc_public_subnets" { - description = "VPC Public Subnets" - type = list(string) - default = ["10.0.101.0/24", "10.0.102.0/24"] -} - -# VPC Private Subnets -variable "vpc_private_subnets" { - description = "VPC Private Subnets" - type = list(string) - default = ["10.0.1.0/24", "10.0.2.0/24"] -} - -# VPC Database Subnets -variable "vpc_database_subnets" { - description = "VPC Database Subnets" - type = list(string) - default = ["10.0.151.0/24", "10.0.152.0/24"] -} - -# VPC Create Database Subnet Group (True / False) -variable "vpc_create_database_subnet_group" { - description = "VPC Create Database Subnet Group" - type = bool - default = true -} - -# VPC Create Database Subnet Route Table (True or False) -variable "vpc_create_database_subnet_route_table" { - description = "VPC Create Database Subnet Route Table" - type = bool - default = true -} - - -# VPC Enable NAT Gateway (True or False) -variable "vpc_enable_nat_gateway" { - description = "Enable NAT Gateways for Private Subnets Outbound Communication" - type = bool - default = true -} - -# VPC Single NAT Gateway (True or False) -variable "vpc_single_nat_gateway" { - description = "Enable only single NAT Gateway in one Availability Zone to save costs during our demos" - type = bool - default = true -} - - - - - diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c4-02-vpc-module.tf b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c4-02-vpc-module.tf deleted file mode 100644 index 967d2dcb..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c4-02-vpc-module.tf +++ /dev/null @@ -1,44 +0,0 @@ -# Create VPC Terraform Module -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - #version = "2.78.0" - #version = "~> 2.78" - version = "5.2.0" - - # VPC Basic Details - name = "${local.name}-${var.vpc_name}" - cidr = var.vpc_cidr_block - azs = var.vpc_availability_zones - public_subnets = var.vpc_public_subnets - private_subnets = var.vpc_private_subnets - - # Database Subnets - database_subnets = var.vpc_database_subnets - create_database_subnet_group = var.vpc_create_database_subnet_group - create_database_subnet_route_table = var.vpc_create_database_subnet_route_table - # create_database_internet_gateway_route = true - # create_database_nat_gateway_route = true - - # NAT Gateways - Outbound Communication - enable_nat_gateway = var.vpc_enable_nat_gateway - single_nat_gateway = var.vpc_single_nat_gateway - - # VPC DNS Parameters - enable_dns_hostnames = true - enable_dns_support = true - - - tags = local.common_tags - vpc_tags = local.common_tags - - # Additional Tags to Subnets - public_subnet_tags = { - Type = "Public Subnets" - } - private_subnet_tags = { - Type = "Private Subnets" - } - database_subnet_tags = { - Type = "Private Database Subnets" - } -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c4-03-vpc-outputs.tf b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c4-03-vpc-outputs.tf deleted file mode 100644 index c144e991..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c4-03-vpc-outputs.tf +++ /dev/null @@ -1,37 +0,0 @@ -# VPC Output Values - -# VPC ID -output "vpc_id" { - description = "The ID of the VPC" - value = module.vpc.vpc_id -} - -# VPC CIDR blocks -output "vpc_cidr_block" { - description = "The CIDR block of the VPC" - value = module.vpc.vpc_cidr_block -} - -# VPC Private Subnets -output "private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc.private_subnets -} - -# VPC Public Subnets -output "public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc.public_subnets -} - -# VPC NAT gateway Public IP -output "nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_public_ips -} - -# VPC AZs -output "azs" { - description = "A list of availability zones spefified as argument to this module" - value = module.vpc.azs -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c5-01-securitygroup-variables.tf b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c5-01-securitygroup-variables.tf deleted file mode 100644 index fecdef54..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c5-01-securitygroup-variables.tf +++ /dev/null @@ -1,2 +0,0 @@ -# AWS EC2 Security Group Terraform Variables -## Placeholder file for Variables diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c5-02-securitygroup-outputs.tf b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c5-02-securitygroup-outputs.tf deleted file mode 100644 index ca6ff040..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c5-02-securitygroup-outputs.tf +++ /dev/null @@ -1,40 +0,0 @@ -# AWS EC2 Security Group Terraform Outputs - -# Public Bastion Host Security Group Outputs -## public_bastion_sg_group_id -output "public_bastion_sg_group_id" { - description = "The ID of the security group" - value = module.public_bastion_sg.security_group_id -} - -## public_bastion_sg_group_vpc_id -output "public_bastion_sg_group_vpc_id" { - description = "The VPC ID" - value = module.public_bastion_sg.security_group_vpc_id -} - -## public_bastion_sg_group_name -output "public_bastion_sg_group_name" { - description = "The name of the security group" - value = module.public_bastion_sg.security_group_name -} - -# Private EC2 Instances Security Group Outputs -## private_sg_group_id -output "private_sg_group_id" { - description = "The ID of the security group" - value = module.private_sg.security_group_id -} - -## private_sg_group_vpc_id -output "private_sg_group_vpc_id" { - description = "The VPC ID" - value = module.private_sg.security_group_vpc_id -} - -## private_sg_group_name -output "private_sg_group_name" { - description = "The name of the security group" - value = module.private_sg.security_group_name -} - diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c5-03-securitygroup-bastionsg.tf b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c5-03-securitygroup-bastionsg.tf deleted file mode 100644 index 67f1dd30..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c5-03-securitygroup-bastionsg.tf +++ /dev/null @@ -1,17 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Public Bastion Host -module "public_bastion_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - version = "5.1.0" - - name = "public-bastion-sg" - description = "Security Group with SSH port open for everybody (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c5-04-securitygroup-privatesg.tf b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c5-04-securitygroup-privatesg.tf deleted file mode 100644 index 33dce699..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c5-04-securitygroup-privatesg.tf +++ /dev/null @@ -1,18 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Private EC2 Instances -module "private_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - version = "5.1.0" - - name = "private-sg" - description = "Security Group with HTTP & SSH port open for entire VPC Block (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp", "http-80-tcp"] - ingress_cidr_blocks = [module.vpc.vpc_cidr_block] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} - diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf deleted file mode 100644 index e30ae877..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf +++ /dev/null @@ -1,29 +0,0 @@ -# Security Group for Public Load Balancer -module "loadbalancer_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - version = "5.1.0" - - name = "loadbalancer-sg" - description = "Security Group with HTTP open for entire Internet (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["http-80-tcp", "https-443-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags - - # Open to CIDRs blocks (rule or from_port+to_port+protocol+description) - ingress_with_cidr_blocks = [ - { - from_port = 81 - to_port = 81 - protocol = 6 - description = "Allow Port 81 from internet" - cidr_blocks = "0.0.0.0/0" - }, - ] -} - - diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c6-01-datasource-ami.tf b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c6-01-datasource-ami.tf deleted file mode 100644 index c292b608..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c6-01-datasource-ami.tf +++ /dev/null @@ -1,21 +0,0 @@ -# Get latest AMI ID for Amazon Linux2 OS -data "aws_ami" "amzlinux2" { - most_recent = true - owners = [ "amazon" ] - filter { - name = "name" - values = [ "amzn2-ami-hvm-*-gp2" ] - } - filter { - name = "root-device-type" - values = [ "ebs" ] - } - filter { - name = "virtualization-type" - values = [ "hvm" ] - } - filter { - name = "architecture" - values = [ "x86_64" ] - } -} diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c6-02-datasource-route53-zone.tf b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c6-02-datasource-route53-zone.tf deleted file mode 100644 index a30979d5..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c6-02-datasource-route53-zone.tf +++ /dev/null @@ -1,16 +0,0 @@ -# Get DNS information from AWS Route53 -data "aws_route53_zone" "mydomain" { - name = "devopsincloud.com" -} - -# Output MyDomain Zone ID -output "mydomain_zoneid" { - description = "The Hosted Zone id of the desired Hosted Zone" - value = data.aws_route53_zone.mydomain.zone_id -} - -# Output MyDomain name -output "mydomain_name" { - description = " The Hosted Zone name of the desired Hosted Zone." - value = data.aws_route53_zone.mydomain.name -} diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c7-01-ec2instance-variables.tf b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c7-01-ec2instance-variables.tf deleted file mode 100644 index 5067bec2..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c7-01-ec2instance-variables.tf +++ /dev/null @@ -1,23 +0,0 @@ -# AWS EC2 Instance Terraform Variables -# EC2 Instance Variables - -# AWS EC2 Instance Type -variable "instance_type" { - description = "EC2 Instance Type" - type = string - default = "t3.micro" -} - -# AWS EC2 Instance Key Pair -variable "instance_keypair" { - description = "AWS EC2 Key pair that need to be associated with EC2 Instance" - type = string - default = "terraform-key" -} - -# AWS EC2 Private Instance Count -variable "private_instance_count" { - description = "AWS EC2 Private Instances Count" - type = number - default = 1 -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c7-02-ec2instance-outputs.tf b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c7-02-ec2instance-outputs.tf deleted file mode 100644 index 039fc29e..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c7-02-ec2instance-outputs.tf +++ /dev/null @@ -1,46 +0,0 @@ -# AWS EC2 Instance Terraform Outputs -# Public EC2 Instances - Bastion Host - -## ec2_bastion_public_instance_ids -output "ec2_bastion_public_instance_ids" { - description = "EC2 instance ID" - value = module.ec2_public.id -} - -## ec2_bastion_public_ip -output "ec2_bastion_public_ip" { - description = "Public IP address EC2 instance" - value = module.ec2_public.public_ip -} - -# Private EC2 Instances - App1 -## ec2_private_instance_ids -output "ec2_private_instance_ids_app1" { - description = "List of IDs of instances" - value = [for ec2private in module.ec2_private_app1: ec2private.id ] -} - -## ec2_private_ip -output "ec2_private_ip_app1" { - description = "List of private IP addresses assigned to the instances" - value = [for ec2private in module.ec2_private_app1: ec2private.private_ip ] -} - - -# Private EC2 Instances - App2 -## ec2_private_instance_ids -output "ec2_private_instance_ids_app2" { - description = "List of IDs of instances" - value = [for ec2private in module.ec2_private_app2: ec2private.id ] -} - -## ec2_private_ip -output "ec2_private_ip_app2" { - description = "List of private IP addresses assigned to the instances" - value = [for ec2private in module.ec2_private_app2: ec2private.private_ip ] -} - - - - - diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c7-03-ec2instance-bastion.tf b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c7-03-ec2instance-bastion.tf deleted file mode 100644 index b8ddebc2..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c7-03-ec2instance-bastion.tf +++ /dev/null @@ -1,22 +0,0 @@ -# AWS EC2 Instance Terraform Module -# Bastion Host - EC2 Instance that will be created in VPC Public Subnet -module "ec2_public" { - source = "terraform-aws-modules/ec2-instance/aws" - #version = "2.17.0" - version = "5.5.0" - # insert the 10 required variables here - name = "${var.environment}-BastionHost" - #instance_count = 5 - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - subnet_id = module.vpc.public_subnets[0] - tags = local.common_tags - - # UPDATED - #vpc_security_group_ids = [module.public_bastion_sg.this_security_group_id] - vpc_security_group_ids = [module.public_bastion_sg.security_group_id] - -} - diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c7-04-ec2instance-private-app1.tf b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c7-04-ec2instance-private-app1.tf deleted file mode 100644 index 8ab37cf3..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c7-04-ec2instance-private-app1.tf +++ /dev/null @@ -1,24 +0,0 @@ -# AWS EC2 Instance Terraform Module -# EC2 Instances that will be created in VPC Private Subnets for App1 -module "ec2_private_app1" { - depends_on = [ module.vpc ] # VERY VERY IMPORTANT else userdata webserver provisioning will fail - source = "terraform-aws-modules/ec2-instance/aws" - #version = "2.17.0" - version = "5.5.0" - # insert the 10 required variables here - name = "${var.environment}-app1" - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - user_data = file("${path.module}/app1-install.sh") - tags = local.common_tags - -# Changes as part of Module version from 2.17.0 to 5.5.0 - for_each = toset(["0", "1"]) - subnet_id = element(module.vpc.private_subnets, tonumber(each.key)) - vpc_security_group_ids = [module.private_sg.security_group_id] - -} - - diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c7-05-ec2instance-private-app2.tf b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c7-05-ec2instance-private-app2.tf deleted file mode 100644 index d7861b3d..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c7-05-ec2instance-private-app2.tf +++ /dev/null @@ -1,24 +0,0 @@ -# AWS EC2 Instance Terraform Module -# EC2 Instances that will be created in VPC Private Subnets for App2 -module "ec2_private_app2" { - depends_on = [ module.vpc ] # VERY VERY IMPORTANT else userdata webserver provisioning will fail - source = "terraform-aws-modules/ec2-instance/aws" - #version = "2.17.0" - version = "5.5.0" - # insert the 10 required variables here - name = "${var.environment}-app2" - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - user_data = file("${path.module}/app2-install.sh") - tags = local.common_tags - -# Changes as part of Module version from 2.17.0 to 5.5.0 - for_each = toset(["0", "1"]) - subnet_id = element(module.vpc.private_subnets, tonumber(each.key)) - vpc_security_group_ids = [module.private_sg.security_group_id] - -} - - diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c8-elasticip.tf b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c8-elasticip.tf deleted file mode 100644 index 072ba506..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c8-elasticip.tf +++ /dev/null @@ -1,20 +0,0 @@ -# Create Elastic IP for Bastion Host -# Resource - depends_on Meta-Argument -resource "aws_eip" "bastion_eip" { - depends_on = [ module.ec2_public, module.vpc ] - tags = local.common_tags - # COMMENTED - #instance = module.ec2_public.id[0] - #vpc = true - - # UPDATED - instance = module.ec2_public.id - domain = "vpc" -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) - provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } -} diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c9-nullresource-provisioners.tf b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c9-nullresource-provisioners.tf deleted file mode 100644 index c9a1d2a8..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/c9-nullresource-provisioners.tf +++ /dev/null @@ -1,42 +0,0 @@ -# Create a Null Resource and Provisioners -resource "null_resource" "name" { - depends_on = [module.ec2_public] - # Connection Block for Provisioners to connect to EC2 Instance - connection { - type = "ssh" - host = aws_eip.bastion_eip.public_ip - user = "ec2-user" - password = "" - private_key = file("private-key/terraform-key.pem") - } - -## File Provisioner: Copies the terraform-key.pem file to /tmp/terraform-key-us-east-2.pem - provisioner "file" { - source = "private-key/terraform-key.pem" - destination = "/tmp/terraform-key.pem" - } -## Remote Exec Provisioner: Using remote-exec provisioner fix the private key permissions on Bastion Host - provisioner "remote-exec" { - inline = [ - "sudo chmod 400 /tmp/terraform-key.pem" - ] - } -## Local Exec Provisioner: local-exec provisioner (Creation-Time Provisioner - Triggered during Create Resource) - provisioner "local-exec" { - command = "echo VPC created on `date` and VPC ID: ${module.vpc.vpc_id} >> creation-time-vpc-id.txt" - working_dir = "local-exec-output-files/" - #on_failure = continue - } -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) -/* provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } - */ - -} - -# Creation Time Provisioners - By default they are created during resource creations (terraform apply) -# Destory Time Provisioners - Will be executed during "terraform destroy" command (when = destroy) \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/ec2instance.auto.tfvars b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/ec2instance.auto.tfvars deleted file mode 100644 index 9875e621..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/ec2instance.auto.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -# EC2 Instance Variables -instance_type = "t3.micro" -instance_keypair = "terraform-key" -#private_instance_count = 2 diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/loadbalancer.auto.tfvars b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/loadbalancer.auto.tfvars deleted file mode 100644 index 0784e098..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/loadbalancer.auto.tfvars +++ /dev/null @@ -1,3 +0,0 @@ -# AWS Load Balancer Variables -app1_dns_name = "app1.devopsincloud.com" -app2_dns_name = "app2.devopsincloud.com" \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt deleted file mode 100644 index e584c372..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt +++ /dev/null @@ -1,10 +0,0 @@ -VPC created on Tue Apr 20 13:59:45 IST 2021 and VPC ID: vpc-0325dc1acd7eec103 -VPC created on Tue Apr 20 15:38:18 IST 2021 and VPC ID: vpc-0ada4f674de70b568 -VPC created on Thu Apr 22 11:41:49 IST 2021 and VPC ID: vpc-0ad139001a6b52da6 -VPC created on Thu Apr 22 14:12:55 IST 2021 and VPC ID: vpc-0230b618d0cd954ba -VPC created on Thu Apr 22 14:37:23 IST 2021 and VPC ID: vpc-033920cf9b2dcd7fa -VPC created on Fri Apr 23 10:23:25 IST 2021 and VPC ID: vpc-07f56cbdaa0491e20 -VPC created on Tue Apr 27 08:26:43 IST 2021 and VPC ID: vpc-01c5c36461f11275d -VPC created on Wed Nov 29 11:26:59 IST 2023 and VPC ID: vpc-0cff9239afb6f3b13 -VPC created on Wed Nov 29 13:35:57 IST 2023 and VPC ID: vpc-0dbd3fb545fbf472b -VPC created on Tue Dec 26 12:15:15 IST 2023 and VPC ID: vpc-0b4ae36c9413541e5 diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/local-exec-output-files/destroy-time-prov.txt b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/local-exec-output-files/destroy-time-prov.txt deleted file mode 100644 index 3a0c4909..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/local-exec-output-files/destroy-time-prov.txt +++ /dev/null @@ -1,10 +0,0 @@ -Destroy time prov Tue Apr 20 14:11:11 IST 2021 -Destroy time prov Tue Apr 20 15:47:43 IST 2021 -Destroy time prov Thu Apr 22 12:11:35 IST 2021 -Destroy time prov Thu Apr 22 14:24:56 IST 2021 -Destroy time prov Thu Apr 22 14:49:18 IST 2021 -Destroy time prov Fri Apr 23 10:32:44 IST 2021 -Destroy time prov Tue Apr 27 08:41:33 IST 2021 -Destroy time prov Wed Nov 29 11:34:45 IST 2023 -Destroy time prov Wed Nov 29 13:47:30 IST 2023 -Destroy time prov Tue Dec 26 12:33:13 IST 2023 diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/private-key/terraform-key-us-east-2.pem b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/private-key/terraform-key-us-east-2.pem deleted file mode 100644 index fa1c3685..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/private-key/terraform-key-us-east-2.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAm3BeIK0SgPAv+tu5Dcts5G6lbTwB0QrrGbCFGV5k9Yn35f8F -RoAVBqyFHjrcye7ZRYnrIbT4bzQKVwPz+AcNUj2Y+keXcAsB0v39C1VH2VieUCIr -rmHRggrzvI8P/cdzmuXuSwr38CfBC1BXhqPfrTJSEEqok1S2Rw78GW7S4e/OSEc/ -3p4dkNpVv3pTP3Ygq5DYVeLROq50LPF5NHmllnC0V9vlhFyPI5qMycJj3rx0HYYT -BCRF+TY7WyBYaH/EqCR37vajuzTYFrPhtPUoP3ryWEr0+OaMJzLW5IS4KNV7GkL9 -ceyPa9iW1E6J8B1hvT3+nOIUZhhZIXIXZbin+wIDAQABAoIBACHwDc0qnKCkUIWA -Fc5qPPM/KUVJVcgzjxND1DuuvXJS1lpULO2wp2aWolXwWiaIzM1/CGSKo7d78EoB -ZfIgcAslwdHbcbgX3yUXKXmg/Bf7Xk12uHzRhLHU/FSOE9rAAoCudTHTSkEYHPEA -cKvH+d1R4FMISfgpBcdMAUT4Snjj0NH11uFW37QtrAKziZKEeA1eU/mP4a9OL6qj -XGIaJeL5flhiNVqz9HPnY6fc3wUF2TBcMy+OBxt7VKFXtE8M06FhRn2MJyyE5tsp -ulfgJ5Y3bp1k5WFD4mmNt/97YopF5hA+3GXZlGtziZMrxjRS3j9EPVMhc7UkGdyf -Yd9NwcECgYEAyxTPUN1B5JU5u4Ki1qO8NrY8ESOA2rqRmd1wRHgsTN7iKPCD5890 -7BO8DosX7QJ6EBaxvtCAsP5mMMK4plAeh/UIn48TxnY1jgUds99R5goYM760S/in -3kLWMlqOxPjfthrmJ29tR2gQh3FK2N16hdMT5HTaHO90h9esrmnMAFsCgYEAw/Fr -7oThVGQIFGhTFvOa89rYjk5QFeVAfehT5/CWabYMFC5sTUTQLeW9MDNQS+ydKkDg -0yjUQEaAPwoKq2iQa8RJIRYKCEjzIn41mGGtpRo6IqYMnlXLSgR90gOKPyhwIwd3 -8mzytUqcsTbxax4sqXXLMtbPirZaRKvO/aB0iOECgYATvr45eonBk9C9LoJupBTU -rPtCH1WT7rfhYepcfeKwxqrumBP7IeyYV4LdVyDIZok/rzUw/EzG6LU+4G/bm8ac -KXLhMKQXk765RD4TEw9/clPQFCarjE2mCpGQ68Ud2aTGq+7cvrS9UJzqzlUcqMwU -3uT8PXBHh/ColIuxmY/AKQKBgGgVjWzlX0DR5kzY4hJWEyCoRtLJHNeUsP5w9GlH -rs62qpHp2xPskt1epXG+QFAkf5QbZJImpSEDkkpqTiKhZ94nJWWS7H9cKPNQsa2h -bXk/hlQzeo59KoDGBAQUZ1KHa5Hf/MJlR0QwPy4P7owlOjpGXUtDOnoHxcmmrkyh -+GVhAoGAQ6nIU1Nyw8PQmjfkgSu3mD56vFHUzO9lsjZOBgYXtDbdoQxaMoYpHKym -dmelrGzz/S60dQH+OpgqLOVARIk/z65wxKsxV+mDerUQZTEV/LkrA3+za2VxKS7L -7U5oa2lurCbiA8vyJPVEK92cTky/73keL5e9JxmDaHeiQEVr9Zw= ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/private-key/terraform-key.pem b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/private-key/terraform-key.pem deleted file mode 100644 index fab1eb2a..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/private-key/terraform-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAnzQtbXStFNU4znotckbPpAbQvymSYBvIRhObDObmhZLzs/Qm -lm57HBU18NcdAeEmKjHyu/2CI4Wwor3TJ+LTKHIldHmCt+26dSN5889Km99Af674 -nuPg9fTt8IXhY83aO0AeEnFivC+lk9+6Xezv7J7Llsmyx3kvUGE4uUEPNPuNcjdU -OrSlQ/Th9FPWBsTL8wLQCfQaPIQhZT8fXnvNGViTpZ/YqcoKGmkXcMl/+Pi0Xccs -ID3Egl18sV5uWr6T1DSMqhhwWYbl+IagZYUeKQ6Lg5znAtnX2/OHhDep6pGcf+aE -jbRkhQWgfLIVYhNXkAGxdxBEA2fQO0wvnaKI6wIDAQABAoIBABmUZqApmQ253LDA -TMEJw58VQUEVyuEKVbl8uPLvvqZDoEiPuAt/oOQ4PDyAM7bzmBA7ikbOSrSubF0Z -pu3HsinTfVUjmO84kTb1Bkk4S0KUMmbRlDzjXGfofLqiqD5C+wd+G9bWxQh7l10V -G3qv8TTRpuCJc+I9BG8jz9tkKq9WYtnGKXktVIAmEXK+ein8A5yj+szV1CyP0y6Y -6D1KApk+o1hLEXCBxaK6JgD4elJWgU0jCIhRFZzae93yozNIfJc2WZfPc8Ro6GBa -8H57q3E241P7S65VewhZlln9AUcRFYc587ohcCIW8mOWQ8NA3IMP+oVxa2p334Ll -duhR2jECgYEAyf7a1/+/c82B+ENyo53Y5CK2UM28oOJjiyCaWG2Dxj6V2+ZSXPrS -YTo43L9XiqT0Ry2eHjb4pJDsEeW5FnaDFO6NVUP+vfzaqWtozQmVAl3GQybbSh6g -+KJoEQff2Obadp9ZVhLFTiBedvGqPD43hs7jtmk5RfMjpLOvidfe+/UCgYEAycSJ -etYYHMMQm2NgX1/4dcbgOiu33N+x1H7LaXuvJMaZw0wB7fUyu65CAexEanDtiKs3 -jVG4tAzdMmHg7VxKR7eiCvQaSlxdWdcWtL2eFVq2TaQeowbpJUtsR0h6W0vpaN9A -VYW/oAH4fzQskwmWSlBMxB/Ie14hBCBckTXSRV8CgYEAql6WXpCK/jVbZfYdfvrn -sKPGeijM7DWGGBaLmAHmnxKyeyKsXVgAkZj11NpeD8ZJcq97Kajb1pGVSxMjJVsX -/FOoST5sYfoew76gSi/GypQlYQYo9z8WLh9s/tBRcTRlFqAYTYzPdbG/ezshhmZD -lyRw0620bNdCPOyBJhY5MPECgYA/3tFOazuSz0UQi3LUfkLetagBghlf+AgJJmIp -8BdPYvcF1ae+tiHrO4x1o188+qaW3uxk9fusM25KJqXXPaHd9gl7wi4YYAjFCcuM -R4IlbGPNTCjOnr9rKOcL4aup/uvSYOmyqPYyJq2NRuzdVumWeLj0VMNYGkIFVmE3 -LnxzrQKBgG5loEjdSKt40YOMXtYvUYUKDGvWgoQEb0hj3OqiBXz+w4YD3/iX7dbQ -qra1gCxE42Z9beiBiti6zi6zGcoVj/pfNUoyxTLMSwaytbF+g1u6ksXcmC9PXcmk -kJDR0DJcm/rcL8tp3PKo22GDB7sobm9gk5je6y8z+dQs3SQbWzb0 ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/terraform.tfvars b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/terraform.tfvars deleted file mode 100644 index 8b9f8d7c..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/terraform.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# Generic Variables -aws_region = "us-east-1" -environment = "stag" -business_divsion = "hr" - - - - - - - diff --git a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/vpc.auto.tfvars b/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/vpc.auto.tfvars deleted file mode 100644 index fc45bf29..00000000 --- a/V1-UPDATES-DEC2023/12-ALB-HTTPHeader-QueryString-Redirects/terraform-manifests/vpc.auto.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# VPC Variables -vpc_name = "myvpc" -vpc_cidr_block = "10.0.0.0/16" -vpc_availability_zones = ["us-east-1a", "us-east-1b"] -vpc_public_subnets = ["10.0.101.0/24", "10.0.102.0/24"] -vpc_private_subnets = ["10.0.1.0/24", "10.0.2.0/24"] -vpc_database_subnets= ["10.0.151.0/24", "10.0.152.0/24"] -vpc_create_database_subnet_group = true -vpc_create_database_subnet_route_table = true -vpc_enable_nat_gateway = true -vpc_single_nat_gateway = true \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/13-DNS-to-DB/README-old.md b/V1-UPDATES-DEC2023/13-DNS-to-DB/README-old.md deleted file mode 100644 index 2e833e6a..00000000 --- a/V1-UPDATES-DEC2023/13-DNS-to-DB/README-old.md +++ /dev/null @@ -1,599 +0,0 @@ ---- -title: Terraform DNS to DB Demo on AWS with EC2 -description: Create a DNS to DB Demo on AWS with Route53, ALB, EC2 and RDS Database with 3 Applications ---- -# Terraform DNS to DB Demo on AWS with EC2 - -## Pre-requisites -- Copy `terraform-manifests` from `10-ALB-Path-Based-Routing` -- You need a Registered Domain in AWS Route53 to implement this usecase -- Copy your `terraform-key.pem` file to `terraform-manifests/private-key` folder - -## Step-01: Introduction -### Step-01-00: Update Terraform Module Versions -- There is a minor update to the following Terraform modules with `major-release` tag today. -- We need to update them and also understand impact and fix the impacted areas - - VPC - - Security Group - - ALB - - ACM -- We are going to learn about how to understand the changes and fix them during Terraform Module Updates. -- We will learn that having fixed version for modules is a recommended approach instead of using version constraints like `>=, >, ~>` etc - -### Step-01-01: Create RDS Database Terraform Configs -- Create RDS DB Security Group -- Create RDS DB Variables with `sensitive` argument for DB password -- Create RDS DB Module -- Create RDS DB Outputs - -### Step-01-02: Create EC2 Instance Terraform Configs -- Create EC2 Instance Module for new App3 -- Create `tmpl` file for userdata (Use Terraform templatefle function) -- Create Outputs for EC2 Instance -- App Port 8080 inbound rule added to Private_SG module `"http-8080-tcp"` - -### Step-01-03: Create ALB Terraform Configs -- Create ALB TG for App3 UMS with Port 8080 -- Enable Stickiness for App3 UMS TG -- Create HTTPS Listener Rule for (/*) -- Listener Rule Priorities `priority = 1` - - app1 - `priority = 1` - - app2 - `priority = 2` - - Root Context "/*" - `priority = 3` - -### Step-01-04: Create Jumpbox server to have mysql client installed -- Using jumpbox userdata, mysql client should be auto-installed. -- Connect to Jumpbox to test if default db and tables created. -- Connect via Jumpbox to DB to verify webappdb, Tables and Content inside - -### Step-01-05: Create DNS Name AWS Route53 Record Set -- Give `dns-to-db` DNS name for Route53 record - -[](https://stacksimplify.com/course-images/terraform-aws-dns-to-db-1.png) - -[](https://stacksimplify.com/course-images/terraform-aws-dns-to-db-2.png) - -[](https://stacksimplify.com/course-images/terraform-aws-dns-to-db-3.png) - -[](https://stacksimplify.com/course-images/terraform-aws-dns-to-db-4.png) - -## Step-02: Update Terraform Module Versions to Latest -### Step-02-01: VPC Module -- Previous Version: 2.78.0 -- Latest Version: 3.0.0 -- **Impact:** No impact -### Step-02-02: Security Group Module -- Previous Version: 3.18.0 -- Latest Version: 4.0.0 -- **Impact:** High Impact, need to update wherever that security group is referenced `this_` should be removed. Example all ec2 instances and load balancers -```t -# Before -module.loadbalancer_sg.this_security_group_id -# After -module.loadbalancer_sg.security_group_id -``` -### Step-02-03: Application Load Balancer -- Previous Version: 5.16.0 -- Latest Version: 6.0.0 -- **Impact:** High Impact, need to update wherever ALB is referenced with `this_` should be removed. We need to update the `aws_route53_record` which already taken care in previous section -```t -# Before - name = module.alb.this_lb_dns_name - zone_id = module.alb.this_lb_zone_id - -# After - name = module.alb.lb_dns_name - zone_id = module.alb.lb_zone_id -``` - -### Step-02-04: ACM Certificate Manager -- Previous Version: 2.14.0 -- Latest Version: 3.0.0 -- **Impact:** High Impact need to update the reference in ALB Load Balancer HTTPS Listener by removing the `this_` -```t -# Before -module.acm.this_acm_certificate_arn - -# After -module.acm.acm_certificate_arn -``` - - -## Step-03: Terraform RDS Database Configurations -- Create RDS DB Security Group -- Create RDS DB Variables with `sensitive` argument for DB password -- Create RDS DB Module -- Create RDS DB Outputs -### Step-03-01: c5-06-securitygroup-rdsdbsg.tf -- Create AWS RDS Database Security Group which will allow access to DB from any subnet inside a VPC. -```t -# Security Group for AWS RDS DB -module "rdsdb_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - version = "4.0.0" - - name = "rdsdb-sg" - description = "Access to MySQL DB for entire VPC CIDR Block" - vpc_id = module.vpc.vpc_id - - # ingress - ingress_with_cidr_blocks = [ - { - from_port = 3306 - to_port = 3306 - protocol = "tcp" - description = "MySQL access from within VPC" - cidr_blocks = module.vpc.vpc_cidr_block - }, - ] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} -``` - -### Step-03-02: c13-01-rdsdb-variables.tf -- Understand about Terraform Variables `Sensitive Flag` -```t -# Terraform AWS RDS Database Variables -# Place holder file for AWS RDS Database - -# DB Name -variable "db_name" { - description = "AWS RDS Database Name" - type = string -} -# DB Instance Identifier -variable "db_instance_identifier" { - description = "AWS RDS Database Instance Identifier" - type = string -} -# DB Username - Enable Sensitive flag -variable "db_username" { - description = "AWS RDS Database Administrator Username" - type = string -} -# DB Password - Enable Sensitive flag -variable "db_password" { - description = "AWS RDS Database Administrator Password" - type = string - sensitive = true -} - -``` -### Step-03-03: rdsdb.auto.tfvars -```t -# RDS Database Variables -db_name = "webappdb" -db_instance_identifier = "webappdb" -db_username = "dbadmin" -``` -### Step-03-04: secrets.tfvars -```t -db_password = "dbpassword11" -``` -### Step-03-05: c13-02-rdsdb.tf -```t -# Create AWS RDS Database -module "rdsdb" { - source = "terraform-aws-modules/rds/aws" - #version = "2.34.0" - version = "3.0.0" - - identifier = var.db_instance_identifier - - name = var.db_name # Initial Database Name - username = var.db_username - password = var.db_password - port = 3306 - - - multi_az = true - subnet_ids = module.vpc.database_subnets - vpc_security_group_ids = [module.rdsdb_sg.security_group_id] - - # All available versions: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt - engine = "mysql" - engine_version = "8.0.20" - family = "mysql8.0" # DB parameter group - major_engine_version = "8.0" # DB option group - instance_class = "db.t3.large" - - allocated_storage = 20 - max_allocated_storage = 100 - storage_encrypted = false - - - maintenance_window = "Mon:00:00-Mon:03:00" - backup_window = "03:00-06:00" - enabled_cloudwatch_logs_exports = ["general"] - - backup_retention_period = 0 - skip_final_snapshot = true - deletion_protection = false - - performance_insights_enabled = true - performance_insights_retention_period = 7 - create_monitoring_role = true - monitoring_interval = 60 - - parameters = [ - { - name = "character_set_client" - value = "utf8mb4" - }, - { - name = "character_set_server" - value = "utf8mb4" - } - ] - - tags = local.common_tags - db_instance_tags = { - "Sensitive" = "high" - } - db_option_group_tags = { - "Sensitive" = "low" - } - db_parameter_group_tags = { - "Sensitive" = "low" - } - db_subnet_group_tags = { - "Sensitive" = "high" - } -} -``` -### Step-03-06: c13-03-rdsdb-outputs.tf -```t -# RDS DB Outputs -output "db_instance_address" { - description = "The address of the RDS instance" - value = module.rdsdb.db_instance_address -} - -output "db_instance_arn" { - description = "The ARN of the RDS instance" - value = module.rdsdb.db_instance_arn -} - -output "db_instance_availability_zone" { - description = "The availability zone of the RDS instance" - value = module.rdsdb.db_instance_availability_zone -} - -output "db_instance_endpoint" { - description = "The connection endpoint" - value = module.rdsdb.db_instance_endpoint -} - -output "db_instance_hosted_zone_id" { - description = "The canonical hosted zone ID of the DB instance (to be used in a Route 53 Alias record)" - value = module.rdsdb.db_instance_hosted_zone_id -} - -output "db_instance_id" { - description = "The RDS instance ID" - value = module.rdsdb.db_instance_id -} - -output "db_instance_resource_id" { - description = "The RDS Resource ID of this instance" - value = module.rdsdb.db_instance_resource_id -} - -output "db_instance_status" { - description = "The RDS instance status" - value = module.rdsdb.db_instance_status -} - -output "db_instance_name" { - description = "The database name" - value = module.rdsdb.db_instance_name -} - -output "db_instance_username" { - description = "The master username for the database" - value = module.rdsdb.db_instance_username - sensitive = true -} - -output "db_instance_password" { - description = "The database password (this password may be old, because Terraform doesn't track it after initial creation)" - value = module.rdsdb.db_instance_password - sensitive = true -} - -output "db_instance_port" { - description = "The database port" - value = module.rdsdb.db_instance_port -} - -output "db_subnet_group_id" { - description = "The db subnet group name" - value = module.rdsdb.db_subnet_group_id -} - -output "db_subnet_group_arn" { - description = "The ARN of the db subnet group" - value = module.rdsdb.db_subnet_group_arn -} - -output "db_parameter_group_id" { - description = "The db parameter group id" - value = module.rdsdb.db_parameter_group_id -} - -output "db_parameter_group_arn" { - description = "The ARN of the db parameter group" - value = module.rdsdb.db_parameter_group_arn -} - -output "db_enhanced_monitoring_iam_role_arn" { - description = "The Amazon Resource Name (ARN) specifying the monitoring role" - value = module.rdsdb.enhanced_monitoring_iam_role_arn -} - - -``` - -## Step-04: Create new EC2 Instance Module for App3 UMS -- **UMS:** User Management Web Application -- Create EC2 Instance Module for new App3 -- Create `tmpl` file for userdata (Use Terraform templatefle function) -- Create Outputs for EC2 Instance -- App Port 8080 inbound rule added to Private_SG module `"http-8080-tcp"` - -### Step-04-01: Terraform templatefile function -- [Terraform templatefile function](https://www.terraform.io/docs/language/functions/templatefile.html) -- `templatefile` reads the file at the given path and renders its content as a template using a supplied set of template variables. -```t -# Change Directory -cd 13-DNS-to-DB/templatefile-function-demo -# Terraform Console -terraform console - -# Terraform Tempaltefile Function -templatefile("app3-ums-install.tmpl",{rds_db_endpoint = "mydatabase"}) -``` -### Step-04-02: app3-ums-install.tmpl -```sh -#! /bin/bash -sudo amazon-linux-extras enable java-openjdk11 -sudo yum clean metadata && sudo yum -y install java-11-openjdk -mkdir /home/ec2-user/app3-usermgmt && cd /home/ec2-user/app3-usermgmt -wget https://github.com/stacksimplify/temp1/releases/download/1.0.0/usermgmt-webapp.war -P /home/ec2-user/app3-usermgmt -export DB_HOSTNAME=${rds_db_endpoint} -export DB_PORT=3306 -export DB_NAME=webappdb -export DB_USERNAME=dbadmin -export DB_PASSWORD=dbpassword11 -java -jar /home/ec2-user/app3-usermgmt/usermgmt-webapp.war > /home/ec2-user/app3-usermgmt/ums-start.log & -``` -### Step-04-03: c7-06-ec2instance-private-app3.tf -```t -# AWS EC2 Instance Terraform Module -# EC2 Instances that will be created in VPC Private Subnets for App2 -module "ec2_private_app3" { - depends_on = [ module.vpc ] # VERY VERY IMPORTANT else userdata webserver provisioning will fail - source = "terraform-aws-modules/ec2-instance/aws" - #version = "2.17.0" - version = "3.0.0" - # insert the 10 required variables here - name = "${var.environment}-app3" - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - #vpc_security_group_ids = [module.private_sg.this_security_group_id] - vpc_security_group_ids = [module.private_sg.security_group_id] - #subnet_id = module.vpc.public_subnets[0] - subnet_ids = [ - module.vpc.private_subnets[0], - module.vpc.private_subnets[1] - ] - instance_count = var.private_instance_count - #user_data = file("${path.module}/app3-ums-install.tmpl") - THIS WILL NOT WORK, use Terraform templatefile function as below. - #https://www.terraform.io/docs/language/functions/templatefile.html - user_data = templatefile("app3-ums-install.tmpl",{rds_db_endpoint = module.rdsdb.db_instance_address}) - tags = local.common_tags -} -``` - -### Step-04-04: c7-02-ec2instance-outputs.tf -- Create Outputs for new App3 EC2 Instance -```t -# App3 - Private EC2 Instances -## ec2_private_instance_ids -output "app3_ec2_private_instance_ids" { - description = "List of IDs of instances" - value = module.ec2_private_app3.id -} -## ec2_private_ip -output "app3_ec2_private_ip" { - description = "List of private IP addresses assigned to the instances" - value = module.ec2_private_app3.private_ip -} -``` -### Step-04-05: c5-04-securitygroup-privatesg.tf -```t - ingress_rules = ["ssh-tcp", "http-80-tcp", "http-8080-tcp"] -``` - -## Step-05: c10-02-ALB-application-loadbalancer.tf -- Create ALB TG for App3 UMS with Port 8080 -- Enable Stickiness for App3 UMS TG -- Create HTTPS Listener Rule for (/*) -- Listener Rule Priorities like `priority = 1` -### Step-05-01: Create App3 Target Group -- Create App3 Target Group -- Discuss exclusively about `stickiness` block -```t - # App3 Target Group - TG Index = 2 - { - name_prefix = "app3-" - backend_protocol = "HTTP" - backend_port = 80 - target_type = "instance" - deregistration_delay = 10 - health_check = { - enabled = true - interval = 30 - path = "/login" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - protocol = "HTTP" - matcher = "200-399" - } - stickiness = { - enabled = true - cookie_duration = 86400 - type = "lb_cookie" - } - protocol_version = "HTTP1" - # App3 Target Group - Targets - targets = { - my_app3_vm1 = { - target_id = module.ec2_private_app3.id[0] - port = 8080 - }, - my_app3_vm2 = { - target_id = module.ec2_private_app3.id[1] - port = 8080 - } - } - tags =local.common_tags # Target Group Tags - } -``` -### Step-05-02: Create Listener Rules for App3 -```t - # Rule-3: /* should go to App3 - User-mgmt-WebApp EC2 Instances - { - https_listener_index = 0 - priority = 3 - actions = [ - { - type = "forward" - target_group_index = 2 - } - ] - conditions = [{ - path_patterns = ["/*"] - }] - }, -``` -### Step-05-03: Implement Rule Priority for all 3 Listener Rules -- Listener Rule Priorities -- **/app1*:** `priority = 1` -- **/app2*:** `priority = 2` -- **Root Context /*:** `priority = 3` - -## Step-06: Automate Jumpbox server to have mysql client installed -- Using jumpbox userdata, `mysql client` should be auto-installed. -- We will use jumpbox to connect to RDS MySQL DB by installing MySQL Client -### Step-06-01: jumpbox-install.sh -```t -#! /bin/bash -sudo yum update -y -sudo rpm -e --nodeps mariadb-libs-* -sudo amazon-linux-extras enable mariadb10.5 -sudo yum clean metadata -sudo yum install -y mariadb -sudo mysql -V -sudo yum install -y telnet -``` -## Step-07: c12-route53-dnsregistration.tf -- Update the DNS name as desired to match our demo -```t - name = "dns-to-db1.devopsincloud.com" -``` -## Step-08: Execute Terraform Commands -```t -# Terraform Init -terraform init - -# Terraform Validate -terraform validate - -# Terraform Plan -terraform plan -var-file="secrets.tfvars" - -# Terraform Apply -terraform apply -var-file="secrets.tfvars" -``` - -## Step-09: Verify AWS Resources cretion on Cloud -1. EC2 Instances App1, App2, App3, Bastion Host -2. RDS Databases -3. ALB Listeners and Routing Rules -4. ALB Target Groups App1, App2 and App3 if they are healthy - -## Step-10: Connect to DB -- Connect to Jumpbox to test if default db and tables created. -- Connect via Jumpbox to DB to verify webappdb, Tables and Content inside -```t -# Connect to MySQL DB -mysql -h webappdb.cxojydmxwly6.us-east-1.rds.amazonaws.com -u dbadmin -pdbpassword11 -mysql> show schemas; -mysql> use webappdb; -mysql> show tables; -mysql> select * from user; -``` -- **Important Note:** If you the tables created and `default admin user` present in `user` that confirms our `User Management Web Application` is up and running on `App3 EC2 Instances` - -## Step-11: Access Applications and Test -```t -# App1 -https://dns-to-db.devopsincloud.com/app1/index.html - -# App2 -https://dns-to-db.devopsincloud.com/app2/index.html - -# App3 -https://dns-to-db.devopsincloud.com -Username: admin101 -Password: password101 -1. Create a user, List User -2. Verify user in DB -``` - -## Step-12: Additional Troubleshooting for App3 -- Connect to App3 Instances -``` -# Connect to App3 EC2 Instance from Jumpbox -ssh -i /tmp/terraform-key.pem ec2-user@Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app1/index.html -sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app1/metadata.html - - diff --git a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/app2-install.sh b/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/app2-install.sh deleted file mode 100644 index 805d4bea..00000000 --- a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/app2-install.sh +++ /dev/null @@ -1,12 +0,0 @@ -#! /bin/bash -# Instance Identity Metadata Reference - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html -sudo yum update -y -sudo yum install -y httpd -sudo systemctl enable httpd -sudo service httpd start -sudo echo 'Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app2/index.html -sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app2/metadata.html - - diff --git a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/app3-ums-install.tmpl b/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/app3-ums-install.tmpl deleted file mode 100644 index 31a62bdc..00000000 --- a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/app3-ums-install.tmpl +++ /dev/null @@ -1,11 +0,0 @@ -#! /bin/bash -sudo amazon-linux-extras enable java-openjdk11 -sudo yum clean metadata && sudo yum -y install java-11-openjdk -mkdir /home/ec2-user/app3-usermgmt && cd /home/ec2-user/app3-usermgmt -wget https://github.com/stacksimplify/temp1/releases/download/1.0.0/usermgmt-webapp.war -P /home/ec2-user/app3-usermgmt -export DB_HOSTNAME=${rds_db_endpoint} -export DB_PORT=3306 -export DB_NAME=webappdb -export DB_USERNAME=dbadmin -export DB_PASSWORD=dbpassword11 -java -jar /home/ec2-user/app3-usermgmt/usermgmt-webapp.war > /home/ec2-user/app3-usermgmt/ums-start.log & diff --git a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c1-versions.tf b/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c1-versions.tf deleted file mode 100644 index 7fa6c2d0..00000000 --- a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c1-versions.tf +++ /dev/null @@ -1,24 +0,0 @@ -# Terraform Block -terraform { - required_version = ">= 1.6" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 5.0" - } - null = { - source = "hashicorp/null" - version = "~> 3.0" - } - } -} - -# Provider Block -provider "aws" { - region = var.aws_region - profile = "default" -} -/* -Note-1: AWS Credentials Profile (profile = "default") configured on your local desktop terminal -$HOME/.aws/credentials -*/ diff --git a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf b/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf deleted file mode 100644 index 0aeebd65..00000000 --- a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf +++ /dev/null @@ -1,3 +0,0 @@ -# Terraform AWS Application Load Balancer Variables -# Place holder file for AWS ALB Variables - diff --git a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c10-02-ALB-application-loadbalancer.tf b/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c10-02-ALB-application-loadbalancer.tf deleted file mode 100644 index ec23e340..00000000 --- a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c10-02-ALB-application-loadbalancer.tf +++ /dev/null @@ -1,223 +0,0 @@ -# Terraform AWS Application Load Balancer (ALB) -module "alb" { - source = "terraform-aws-modules/alb/aws" - #version = "5.16.0" - version = "9.4.0" - - name = "${local.name}-alb" - load_balancer_type = "application" - vpc_id = module.vpc.vpc_id - subnets = module.vpc.public_subnets - security_groups = [module.loadbalancer_sg.security_group_id] - - # For example only - enable_deletion_protection = false - -# Listeners - listeners = { - # Listener-1: my-http-https-redirect - my-http-https-redirect = { - port = 80 - protocol = "HTTP" - redirect = { - port = "443" - protocol = "HTTPS" - status_code = "HTTP_301" - } - }# End my-http-https-redirect Listener - - # Listener-2: my-https-listener - my-https-listener = { - port = 443 - protocol = "HTTPS" - ssl_policy = "ELBSecurityPolicy-TLS13-1-2-Res-2021-06" - certificate_arn = module.acm.acm_certificate_arn - - # Fixed Response for Root Context - fixed_response = { - content_type = "text/plain" - message_body = "Fixed Static message - for Root Context" - status_code = "200" - }# End of Fixed Response - - # Load Balancer Rules - rules = { - # Rule-1: myapp1-rule - myapp1-rule = { - priority = 10 - actions = [{ - type = "weighted-forward" - target_groups = [ - { - target_group_key = "mytg1" - weight = 1 - } - ] - stickiness = { - enabled = true - duration = 3600 - } - }] - conditions = [{ - path_pattern = { - values = ["/app1*"] - } - }] - }# End of myapp1-rule - # Rule-2: myapp2-rule - myapp2-rule = { - priority = 20 - actions = [{ - type = "weighted-forward" - target_groups = [ - { - target_group_key = "mytg2" - weight = 1 - } - ] - stickiness = { - enabled = true - duration = 3600 - } - }] - conditions = [{ - path_pattern = { - values = ["/app2*"] - } - }] - }# End of myapp2-rule Block - # Rule-3: myapp3-rule - myapp3-rule = { - priority = 30 - actions = [{ - type = "weighted-forward" - target_groups = [ - { - target_group_key = "mytg3" - weight = 1 - } - ] - stickiness = { - enabled = true - duration = 3600 - } - }] - conditions = [{ - path_pattern = { - values = ["/*"] - } - }] - }# End of myapp3-rule Block - }# End Rules - }# End Listener-2: my-https-listener - }# End Listeners - -# Target Groups - target_groups = { - # Target Group-1: mytg1 - mytg1 = { - # VERY IMPORTANT: We will create aws_lb_target_group_attachment resource separately when we use create_attachment = false, refer above GitHub issue URL. - ## Github ISSUE: https://github.com/terraform-aws-modules/terraform-aws-alb/issues/316 - ## Search for "create_attachment" to jump to that Github issue solution - create_attachment = false - name_prefix = "mytg1-" - protocol = "HTTP" - port = 80 - target_type = "instance" - deregistration_delay = 10 - load_balancing_cross_zone_enabled = false - protocol_version = "HTTP1" - health_check = { - enabled = true - interval = 30 - path = "/app1/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - protocol = "HTTP" - matcher = "200-399" - }# End of Health Check Block - tags = local.common_tags # Target Group Tags - }# END of Target Group-1: mytg1 - - # Target Group-2: mytg2 - mytg2 = { - # VERY IMPORTANT: We will create aws_lb_target_group_attachment resource separately when we use create_attachment = false, refer above GitHub issue URL. - ## Github ISSUE: https://github.com/terraform-aws-modules/terraform-aws-alb/issues/316 - ## Search for "create_attachment" to jump to that Github issue solution - create_attachment = false - name_prefix = "mytg2-" - protocol = "HTTP" - port = 80 - target_type = "instance" - deregistration_delay = 10 - load_balancing_cross_zone_enabled = false - protocol_version = "HTTP1" - health_check = { - enabled = true - interval = 30 - path = "/app2/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - protocol = "HTTP" - matcher = "200-399" - } - tags = local.common_tags # Target Group Tags - } # END of Target Group-2: mytg2 - - # Target Group-3: mytg3 - mytg3 = { - # VERY IMPORTANT: We will create aws_lb_target_group_attachment resource separately, refer above GitHub issue URL. - create_attachment = false - name_prefix = "mytg3-" - protocol = "HTTP" - port = 8080 - target_type = "instance" - deregistration_delay = 10 - load_balancing_cross_zone_enabled = false - protocol_version = "HTTP1" - health_check = { - enabled = true - interval = 30 - path = "/login" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - protocol = "HTTP" - matcher = "200-399" - } - tags = local.common_tags # Target Group Tags - }# END of Target Group-3: mytg3 - } # END OF target_groups - tags = local.common_tags # ALB Tags -} - -# mytg1: LB Target Group Attachment -resource "aws_lb_target_group_attachment" "mytg1" { - for_each = {for k,v in module.ec2_private_app1: k => v} - target_group_arn = module.alb.target_groups["mytg1"].arn - target_id = each.value.id - port = 80 -} - -# mytg2: LB Target Group Attachment -resource "aws_lb_target_group_attachment" "mytg2" { - for_each = {for k,v in module.ec2_private_app2: k => v} - target_group_arn = module.alb.target_groups["mytg2"].arn - target_id = each.value.id - port = 80 -} - -# mytg3: LB Target Group Attachment -resource "aws_lb_target_group_attachment" "mytg3" { - for_each = {for k,v in module.ec2_private_app3: k => v} - target_group_arn = module.alb.target_groups["mytg3"].arn - target_id = each.value.id - port = 8080 -} - - diff --git a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf b/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf deleted file mode 100644 index 25387755..00000000 --- a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf +++ /dev/null @@ -1,41 +0,0 @@ -# Terraform AWS Application Load Balancer (ALB) Outputs - -output "lb_id" { - description = "The ID and ARN of the load balancer we created." - value = module.alb.id -} - -output "lb_arn" { - description = "The ID and ARN of the load balancer we created." - value = module.alb.arn -} - -output "lb_dns_name" { - description = "The DNS name of the load balancer." - value = module.alb.dns_name -} - -output "lb_arn_suffix" { - description = "ARN suffix of our load balancer - can be used with CloudWatch." - value = module.alb.arn_suffix -} - -output "lb_zone_id" { - description = "The zone_id of the load balancer to assist with creating DNS records." - value = module.alb.zone_id -} - -output "listener_rules" { - description = "Map of listeners rules created and their attributes" - value = module.alb.listener_rules -} - -output "listeners" { - description = "Map of listeners created and their attributes" - value = module.alb.listeners -} - -output "target_groups" { - description = "Map of target groups created and their attributes" - value = module.alb.target_groups -} diff --git a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c11-acm-certificatemanager.tf b/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c11-acm-certificatemanager.tf deleted file mode 100644 index 3fe2d75d..00000000 --- a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c11-acm-certificatemanager.tf +++ /dev/null @@ -1,26 +0,0 @@ -# ACM Module - To create and Verify SSL Certificates -module "acm" { - source = "terraform-aws-modules/acm/aws" - #version = "2.14.0" - version = "5.0.0" - - domain_name = trimsuffix(data.aws_route53_zone.mydomain.name, ".") - zone_id = data.aws_route53_zone.mydomain.zone_id - - subject_alternative_names = [ - "*.devopsincloud.com" - ] - tags = local.common_tags - - # Validation Method - validation_method = "DNS" - wait_for_validation = true -} - -# Output ACM Certificate ARN -output "this_acm_certificate_arn" { - description = "The ARN of the certificate" - #value = module.acm.this_acm_certificate_arn - value = module.acm.acm_certificate_arn -} - diff --git a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c12-route53-dnsregistration.tf b/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c12-route53-dnsregistration.tf deleted file mode 100644 index 67b19dac..00000000 --- a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c12-route53-dnsregistration.tf +++ /dev/null @@ -1,11 +0,0 @@ -# DNS Registration -resource "aws_route53_record" "apps_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = "dns-to-db.devopsincloud.com" - type = "A" - alias { - name = module.alb.dns_name - zone_id = module.alb.zone_id - evaluate_target_health = true - } -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c13-01-rdsdb-variables.tf b/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c13-01-rdsdb-variables.tf deleted file mode 100644 index e14d69cb..00000000 --- a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c13-01-rdsdb-variables.tf +++ /dev/null @@ -1,26 +0,0 @@ -# Terraform AWS RDS Database Variables -# Place holder file for AWS RDS Database - -# DB Name -variable "db_name" { - description = "AWS RDS Database Name" - type = string -} -# DB Instance Identifier -variable "db_instance_identifier" { - description = "AWS RDS Database Instance Identifier" - type = string -} -# DB Username - Enable Sensitive flag -variable "db_username" { - description = "AWS RDS Database Administrator Username" - type = string -} -# DB Password - Enable Sensitive flag -variable "db_password" { - description = "AWS RDS Database Administrator Password" - type = string - sensitive = true -} - - diff --git a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c13-02-rdsdb.tf b/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c13-02-rdsdb.tf deleted file mode 100644 index d197090e..00000000 --- a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c13-02-rdsdb.tf +++ /dev/null @@ -1,72 +0,0 @@ -# Create AWS RDS Database -module "rdsdb" { - source = "terraform-aws-modules/rds/aws" - #version = "2.34.0" - #version = "3.0.0" - version = "6.3.0" - - identifier = var.db_instance_identifier - - #name = var.db_name # Initial Database Name - DEPRECATED - db_name = var.db_name # Added as part of Module v6.3.0 - username = var.db_username - password = var.db_password - manage_master_user_password = false # Added as part of Module v6.3.0 - port = 3306 - - - multi_az = true - create_db_subnet_group = true # Added as part of Module v6.3.0 - subnet_ids = module.vpc.database_subnets - vpc_security_group_ids = [module.rdsdb_sg.security_group_id] - - # All available versions: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt - engine = "mysql" - engine_version = "8.0.35" - family = "mysql8.0" # DB parameter group - major_engine_version = "8.0" # DB option group - instance_class = "db.t3.large" - - allocated_storage = 20 - max_allocated_storage = 100 - storage_encrypted = false - - - maintenance_window = "Mon:00:00-Mon:03:00" - backup_window = "03:00-06:00" - enabled_cloudwatch_logs_exports = ["general"] - - backup_retention_period = 0 - skip_final_snapshot = true - deletion_protection = false - - performance_insights_enabled = true - performance_insights_retention_period = 7 - create_monitoring_role = true - monitoring_interval = 60 - - parameters = [ - { - name = "character_set_client" - value = "utf8mb4" - }, - { - name = "character_set_server" - value = "utf8mb4" - } - ] - - tags = local.common_tags - db_instance_tags = { - "Sensitive" = "high" - } - db_option_group_tags = { - "Sensitive" = "low" - } - db_parameter_group_tags = { - "Sensitive" = "low" - } - db_subnet_group_tags = { - "Sensitive" = "high" - } -} diff --git a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c13-03-rdsdb-outputs.tf b/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c13-03-rdsdb-outputs.tf deleted file mode 100644 index 0a960b27..00000000 --- a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c13-03-rdsdb-outputs.tf +++ /dev/null @@ -1,89 +0,0 @@ -# RDS DB Outputs -output "db_instance_address" { - description = "The address of the RDS instance" - value = module.rdsdb.db_instance_address -} - -output "db_instance_arn" { - description = "The ARN of the RDS instance" - value = module.rdsdb.db_instance_arn -} - -output "db_instance_availability_zone" { - description = "The availability zone of the RDS instance" - value = module.rdsdb.db_instance_availability_zone -} - -output "db_instance_endpoint" { - description = "The connection endpoint" - value = module.rdsdb.db_instance_endpoint -} - -output "db_instance_hosted_zone_id" { - description = "The canonical hosted zone ID of the DB instance (to be used in a Route 53 Alias record)" - value = module.rdsdb.db_instance_hosted_zone_id -} - -output "db_instance_id" { - description = "The RDS instance ID" - value = module.rdsdb.db_instance_identifier - -} - -output "db_instance_resource_id" { - description = "The RDS Resource ID of this instance" - value = module.rdsdb.db_instance_resource_id -} - -output "db_instance_status" { - description = "The RDS instance status" - value = module.rdsdb.db_instance_status -} - -output "db_instance_name" { - description = "The database name" - value = module.rdsdb.db_instance_name -} - -output "db_instance_username" { - description = "The master username for the database" - value = module.rdsdb.db_instance_username - sensitive = true -} - -/* -output "db_instance_password" { - description = "The database password (this password may be old, because Terraform doesn't track it after initial creation)" - value = module.rdsdb.db_instance_password - sensitive = true -} -*/ -output "db_instance_port" { - description = "The database port" - value = module.rdsdb.db_instance_port -} - -output "db_subnet_group_id" { - description = "The db subnet group name" - value = module.rdsdb.db_subnet_group_id -} - -output "db_subnet_group_arn" { - description = "The ARN of the db subnet group" - value = module.rdsdb.db_subnet_group_arn -} - -output "db_parameter_group_id" { - description = "The db parameter group id" - value = module.rdsdb.db_parameter_group_id -} - -output "db_parameter_group_arn" { - description = "The ARN of the db parameter group" - value = module.rdsdb.db_parameter_group_arn -} - -output "db_enhanced_monitoring_iam_role_arn" { - description = "The Amazon Resource Name (ARN) specifying the monitoring role" - value = module.rdsdb.enhanced_monitoring_iam_role_arn -} diff --git a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c2-generic-variables.tf b/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c2-generic-variables.tf deleted file mode 100644 index c238ceaa..00000000 --- a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c2-generic-variables.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Input Variables -# AWS Region -variable "aws_region" { - description = "Region in which AWS Resources to be created" - type = string - default = "us-east-1" -} -# Environment Variable -variable "environment" { - description = "Environment Variable used as a prefix" - type = string - default = "dev" -} -# Business Division -variable "business_divsion" { - description = "Business Division in the large organization this Infrastructure belongs" - type = string - default = "sap" -} diff --git a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c3-local-values.tf b/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c3-local-values.tf deleted file mode 100644 index 9465b846..00000000 --- a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c3-local-values.tf +++ /dev/null @@ -1,11 +0,0 @@ -# Define Local Values in Terraform -locals { - owners = var.business_divsion - environment = var.environment - name = "${var.business_divsion}-${var.environment}" - #name = "${local.owners}-${local.environment}" - common_tags = { - owners = local.owners - environment = local.environment - } -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c4-01-vpc-variables.tf b/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c4-01-vpc-variables.tf deleted file mode 100644 index b68d0a48..00000000 --- a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c4-01-vpc-variables.tf +++ /dev/null @@ -1,77 +0,0 @@ -# VPC Input Variables - -# VPC Name -variable "vpc_name" { - description = "VPC Name" - type = string - default = "myvpc" -} - -# VPC CIDR Block -variable "vpc_cidr_block" { - description = "VPC CIDR Block" - type = string - default = "10.0.0.0/16" -} - -# VPC Availability Zones -variable "vpc_availability_zones" { - description = "VPC Availability Zones" - type = list(string) - default = ["us-east-1a", "us-east-1b"] -} - -# VPC Public Subnets -variable "vpc_public_subnets" { - description = "VPC Public Subnets" - type = list(string) - default = ["10.0.101.0/24", "10.0.102.0/24"] -} - -# VPC Private Subnets -variable "vpc_private_subnets" { - description = "VPC Private Subnets" - type = list(string) - default = ["10.0.1.0/24", "10.0.2.0/24"] -} - -# VPC Database Subnets -variable "vpc_database_subnets" { - description = "VPC Database Subnets" - type = list(string) - default = ["10.0.151.0/24", "10.0.152.0/24"] -} - -# VPC Create Database Subnet Group (True / False) -variable "vpc_create_database_subnet_group" { - description = "VPC Create Database Subnet Group" - type = bool - default = true -} - -# VPC Create Database Subnet Route Table (True or False) -variable "vpc_create_database_subnet_route_table" { - description = "VPC Create Database Subnet Route Table" - type = bool - default = true -} - - -# VPC Enable NAT Gateway (True or False) -variable "vpc_enable_nat_gateway" { - description = "Enable NAT Gateways for Private Subnets Outbound Communication" - type = bool - default = true -} - -# VPC Single NAT Gateway (True or False) -variable "vpc_single_nat_gateway" { - description = "Enable only single NAT Gateway in one Availability Zone to save costs during our demos" - type = bool - default = true -} - - - - - diff --git a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c4-02-vpc-module.tf b/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c4-02-vpc-module.tf deleted file mode 100644 index 7b7fb83c..00000000 --- a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c4-02-vpc-module.tf +++ /dev/null @@ -1,44 +0,0 @@ -# Create VPC Terraform Module -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - #version = "2.78.0" - #version = "3.0.0" - version = "5.2.0" - - # VPC Basic Details - name = "${local.name}-${var.vpc_name}" - cidr = var.vpc_cidr_block - azs = var.vpc_availability_zones - public_subnets = var.vpc_public_subnets - private_subnets = var.vpc_private_subnets - - # Database Subnets - database_subnets = var.vpc_database_subnets - create_database_subnet_group = var.vpc_create_database_subnet_group - create_database_subnet_route_table = var.vpc_create_database_subnet_route_table - # create_database_internet_gateway_route = true - # create_database_nat_gateway_route = true - - # NAT Gateways - Outbound Communication - enable_nat_gateway = var.vpc_enable_nat_gateway - single_nat_gateway = var.vpc_single_nat_gateway - - # VPC DNS Parameters - enable_dns_hostnames = true - enable_dns_support = true - - - tags = local.common_tags - vpc_tags = local.common_tags - - # Additional Tags to Subnets - public_subnet_tags = { - Type = "Public Subnets" - } - private_subnet_tags = { - Type = "Private Subnets" - } - database_subnet_tags = { - Type = "Private Database Subnets" - } -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c4-03-vpc-outputs.tf b/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c4-03-vpc-outputs.tf deleted file mode 100644 index c144e991..00000000 --- a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c4-03-vpc-outputs.tf +++ /dev/null @@ -1,37 +0,0 @@ -# VPC Output Values - -# VPC ID -output "vpc_id" { - description = "The ID of the VPC" - value = module.vpc.vpc_id -} - -# VPC CIDR blocks -output "vpc_cidr_block" { - description = "The CIDR block of the VPC" - value = module.vpc.vpc_cidr_block -} - -# VPC Private Subnets -output "private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc.private_subnets -} - -# VPC Public Subnets -output "public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc.public_subnets -} - -# VPC NAT gateway Public IP -output "nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_public_ips -} - -# VPC AZs -output "azs" { - description = "A list of availability zones spefified as argument to this module" - value = module.vpc.azs -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c5-01-securitygroup-variables.tf b/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c5-01-securitygroup-variables.tf deleted file mode 100644 index fecdef54..00000000 --- a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c5-01-securitygroup-variables.tf +++ /dev/null @@ -1,2 +0,0 @@ -# AWS EC2 Security Group Terraform Variables -## Placeholder file for Variables diff --git a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c5-02-securitygroup-outputs.tf b/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c5-02-securitygroup-outputs.tf deleted file mode 100644 index 2bd8f58c..00000000 --- a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c5-02-securitygroup-outputs.tf +++ /dev/null @@ -1,46 +0,0 @@ -# AWS EC2 Security Group Terraform Outputs - -# Public Bastion Host Security Group Outputs -## public_bastion_sg_group_id -output "public_bastion_sg_group_id" { - description = "The ID of the security group" - #value = module.public_bastion_sg.this_security_group_id - value = module.public_bastion_sg.security_group_id -} - -## public_bastion_sg_group_vpc_id -output "public_bastion_sg_group_vpc_id" { - description = "The VPC ID" - #value = module.public_bastion_sg.this_security_group_vpc_id - value = module.public_bastion_sg.security_group_vpc_id -} - -## public_bastion_sg_group_name -output "public_bastion_sg_group_name" { - description = "The name of the security group" - #value = module.public_bastion_sg.this_security_group_name - value = module.public_bastion_sg.security_group_name -} - -# Private EC2 Instances Security Group Outputs -## private_sg_group_id -output "private_sg_group_id" { - description = "The ID of the security group" - #value = module.private_sg.this_security_group_id - value = module.private_sg.security_group_id -} - -## private_sg_group_vpc_id -output "private_sg_group_vpc_id" { - description = "The VPC ID" - #value = module.private_sg.this_security_group_vpc_id - value = module.private_sg.security_group_vpc_id -} - -## private_sg_group_name -output "private_sg_group_name" { - description = "The name of the security group" - #value = module.private_sg.this_security_group_name - value = module.private_sg.security_group_name -} - diff --git a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c5-03-securitygroup-bastionsg.tf b/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c5-03-securitygroup-bastionsg.tf deleted file mode 100644 index 2cfb2a12..00000000 --- a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c5-03-securitygroup-bastionsg.tf +++ /dev/null @@ -1,18 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Public Bastion Host -module "public_bastion_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - #version = "4.0.0" - version = "5.1.0" - - name = "public-bastion-sg" - description = "Security Group with SSH port open for everybody (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} diff --git a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c5-04-securitygroup-privatesg.tf b/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c5-04-securitygroup-privatesg.tf deleted file mode 100644 index a8f61637..00000000 --- a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c5-04-securitygroup-privatesg.tf +++ /dev/null @@ -1,19 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Private EC2 Instances -module "private_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - #version = "4.0.0" - version = "5.1.0" - - name = "private-sg" - description = "Security Group with HTTP & SSH port open for entire VPC Block (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp", "http-80-tcp", "http-8080-tcp"] - ingress_cidr_blocks = [module.vpc.vpc_cidr_block] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} - diff --git a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf b/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf deleted file mode 100644 index c11b8bee..00000000 --- a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf +++ /dev/null @@ -1,30 +0,0 @@ -# Security Group for Public Load Balancer -module "loadbalancer_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - #version = "4.0.0" - version = "5.1.0" - - name = "loadbalancer-sg" - description = "Security Group with HTTP open for entire Internet (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["http-80-tcp", "https-443-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags - - # Open to CIDRs blocks (rule or from_port+to_port+protocol+description) - ingress_with_cidr_blocks = [ - { - from_port = 81 - to_port = 81 - protocol = 6 - description = "Allow Port 81 from internet" - cidr_blocks = "0.0.0.0/0" - }, - ] -} - - diff --git a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c5-06-securitygroup-rdsdbsg.tf b/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c5-06-securitygroup-rdsdbsg.tf deleted file mode 100644 index 38ec7521..00000000 --- a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c5-06-securitygroup-rdsdbsg.tf +++ /dev/null @@ -1,25 +0,0 @@ -# Security Group for AWS RDS DB -module "rdsdb_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - #version = "4.0.0" - version = "5.1.0" - - name = "rdsdb-sg" - description = "Access to MySQL DB for entire VPC CIDR Block" - vpc_id = module.vpc.vpc_id - - # ingress - ingress_with_cidr_blocks = [ - { - from_port = 3306 - to_port = 3306 - protocol = "tcp" - description = "MySQL access from within VPC" - cidr_blocks = module.vpc.vpc_cidr_block - }, - ] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} diff --git a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c6-01-datasource-ami.tf b/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c6-01-datasource-ami.tf deleted file mode 100644 index c292b608..00000000 --- a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c6-01-datasource-ami.tf +++ /dev/null @@ -1,21 +0,0 @@ -# Get latest AMI ID for Amazon Linux2 OS -data "aws_ami" "amzlinux2" { - most_recent = true - owners = [ "amazon" ] - filter { - name = "name" - values = [ "amzn2-ami-hvm-*-gp2" ] - } - filter { - name = "root-device-type" - values = [ "ebs" ] - } - filter { - name = "virtualization-type" - values = [ "hvm" ] - } - filter { - name = "architecture" - values = [ "x86_64" ] - } -} diff --git a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c6-02-datasource-route53-zone.tf b/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c6-02-datasource-route53-zone.tf deleted file mode 100644 index a30979d5..00000000 --- a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c6-02-datasource-route53-zone.tf +++ /dev/null @@ -1,16 +0,0 @@ -# Get DNS information from AWS Route53 -data "aws_route53_zone" "mydomain" { - name = "devopsincloud.com" -} - -# Output MyDomain Zone ID -output "mydomain_zoneid" { - description = "The Hosted Zone id of the desired Hosted Zone" - value = data.aws_route53_zone.mydomain.zone_id -} - -# Output MyDomain name -output "mydomain_name" { - description = " The Hosted Zone name of the desired Hosted Zone." - value = data.aws_route53_zone.mydomain.name -} diff --git a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c7-01-ec2instance-variables.tf b/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c7-01-ec2instance-variables.tf deleted file mode 100644 index 5067bec2..00000000 --- a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c7-01-ec2instance-variables.tf +++ /dev/null @@ -1,23 +0,0 @@ -# AWS EC2 Instance Terraform Variables -# EC2 Instance Variables - -# AWS EC2 Instance Type -variable "instance_type" { - description = "EC2 Instance Type" - type = string - default = "t3.micro" -} - -# AWS EC2 Instance Key Pair -variable "instance_keypair" { - description = "AWS EC2 Key pair that need to be associated with EC2 Instance" - type = string - default = "terraform-key" -} - -# AWS EC2 Private Instance Count -variable "private_instance_count" { - description = "AWS EC2 Private Instances Count" - type = number - default = 1 -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c7-02-ec2instance-outputs.tf b/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c7-02-ec2instance-outputs.tf deleted file mode 100644 index 66558379..00000000 --- a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c7-02-ec2instance-outputs.tf +++ /dev/null @@ -1,52 +0,0 @@ -# AWS EC2 Instance Terraform Outputs -# Public EC2 Instances - Bastion Host - -## ec2_bastion_public_instance_ids -output "ec2_bastion_public_instance_ids" { - description = "List of IDs of instances" - value = module.ec2_public.id -} - -## ec2_bastion_public_ip -output "ec2_bastion_public_ip" { - description = "List of public IP addresses assigned to the instances" - value = module.ec2_public.public_ip -} - -# App1 - Private EC2 Instances -## ec2_private_instance_ids -output "app1_ec2_private_instance_ids" { - description = "List of IDs of instances" - value = [for ec2private in module.ec2_private_app1: ec2private.id ] -} -## ec2_private_ip -output "app1_ec2_private_ip" { - description = "List of private IP addresses assigned to the instances" - value = [for ec2private in module.ec2_private_app1: ec2private.private_ip ] -} - -# App2 - Private EC2 Instances -## ec2_private_instance_ids -output "app2_ec2_private_instance_ids" { - description = "List of IDs of instances" - value = [for ec2private in module.ec2_private_app2: ec2private.id ] -} -## ec2_private_ip -output "app2_ec2_private_ip" { - description = "List of private IP addresses assigned to the instances" - value = [for ec2private in module.ec2_private_app2: ec2private.private_ip ] -} - -# App3 - Private EC2 Instances -## ec2_private_instance_ids -output "app3_ec2_private_instance_ids" { - description = "List of IDs of instances" - value = [for ec2private in module.ec2_private_app3: ec2private.id ] -} -## ec2_private_ip -output "app3_ec2_private_ip" { - description = "List of private IP addresses assigned to the instances" - value = [for ec2private in module.ec2_private_app3: ec2private.private_ip ] -} - - diff --git a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c7-03-ec2instance-bastion.tf b/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c7-03-ec2instance-bastion.tf deleted file mode 100644 index fc2a8c64..00000000 --- a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c7-03-ec2instance-bastion.tf +++ /dev/null @@ -1,20 +0,0 @@ -# AWS EC2 Instance Terraform Module -# Bastion Host - EC2 Instance that will be created in VPC Public Subnet -module "ec2_public" { - source = "terraform-aws-modules/ec2-instance/aws" - #version = "2.17.0" - version = "5.5.0" - # insert the 10 required variables here - name = "${var.environment}-BastionHost" - #instance_count = 5 - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - subnet_id = module.vpc.public_subnets[0] - #vpc_security_group_ids = [module.public_bastion_sg.this_security_group_id] - vpc_security_group_ids = [module.public_bastion_sg.security_group_id] - tags = local.common_tags - user_data = file("${path.module}/jumpbox-install.sh") -} - diff --git a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c7-04-ec2instance-private-app1.tf b/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c7-04-ec2instance-private-app1.tf deleted file mode 100644 index f0fa5fa9..00000000 --- a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c7-04-ec2instance-private-app1.tf +++ /dev/null @@ -1,23 +0,0 @@ -# AWS EC2 Instance Terraform Module -# EC2 Instances that will be created in VPC Private Subnets for App1 -module "ec2_private_app1" { - depends_on = [ module.vpc ] # VERY VERY IMPORTANT else userdata webserver provisioning will fail - source = "terraform-aws-modules/ec2-instance/aws" - #version = "2.17.0" - version = "5.5.0" - # insert the 10 required variables here - name = "${var.environment}-app1" - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - user_data = file("${path.module}/app1-install.sh") - tags = local.common_tags - -# Changes as part of Module version from 2.17.0 to 5.5.0 - for_each = toset(["0", "1"]) - subnet_id = element(module.vpc.private_subnets, tonumber(each.key)) - vpc_security_group_ids = [module.private_sg.security_group_id] -} - - diff --git a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c7-05-ec2instance-private-app2.tf b/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c7-05-ec2instance-private-app2.tf deleted file mode 100644 index 61f12239..00000000 --- a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c7-05-ec2instance-private-app2.tf +++ /dev/null @@ -1,22 +0,0 @@ -# AWS EC2 Instance Terraform Module -# EC2 Instances that will be created in VPC Private Subnets for App2 -module "ec2_private_app2" { - depends_on = [ module.vpc ] # VERY VERY IMPORTANT else userdata webserver provisioning will fail - source = "terraform-aws-modules/ec2-instance/aws" - #version = "2.17.0" - version = "5.5.0" - # insert the 10 required variables here - name = "${var.environment}-app2" - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - user_data = file("${path.module}/app2-install.sh") - tags = local.common_tags - -# Changes as part of Module version from 2.17.0 to 5.5.0 - for_each = toset(["0", "1"]) - subnet_id = element(module.vpc.private_subnets, tonumber(each.key)) - vpc_security_group_ids = [module.private_sg.security_group_id] -} - - diff --git a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c7-06-ec2instance-private-app3.tf b/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c7-06-ec2instance-private-app3.tf deleted file mode 100644 index b5546525..00000000 --- a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c7-06-ec2instance-private-app3.tf +++ /dev/null @@ -1,24 +0,0 @@ -# AWS EC2 Instance Terraform Module -# EC2 Instances that will be created in VPC Private Subnets for App2 -module "ec2_private_app3" { - depends_on = [ module.vpc ] # VERY VERY IMPORTANT else userdata webserver provisioning will fail - source = "terraform-aws-modules/ec2-instance/aws" - #version = "2.17.0" - version = "5.5.0" - # insert the 10 required variables here - name = "${var.environment}-app3" - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #user_data = file("${path.module}/app3-ums-install.tmpl") - THIS WILL NOT WORK, use Terraform templatefile function as below. - #https://www.terraform.io/docs/language/functions/templatefile.html - user_data = templatefile("app3-ums-install.tmpl",{rds_db_endpoint = module.rdsdb.db_instance_address}) - tags = local.common_tags - -# Changes as part of Module version from 2.17.0 to 5.5.0 - for_each = toset(["0", "1"]) - subnet_id = element(module.vpc.private_subnets, tonumber(each.key)) - vpc_security_group_ids = [module.private_sg.security_group_id] -} - - diff --git a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c8-elasticip.tf b/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c8-elasticip.tf deleted file mode 100644 index 271c9f23..00000000 --- a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c8-elasticip.tf +++ /dev/null @@ -1,21 +0,0 @@ -# Create Elastic IP for Bastion Host -# Resource - depends_on Meta-Argument -resource "aws_eip" "bastion_eip" { - depends_on = [ module.ec2_public, module.vpc ] - tags = local.common_tags - # COMMENTED - #instance = module.ec2_public.id[0] - #vpc = true - - # UPDATED - instance = module.ec2_public.id - domain = "vpc" - -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) - provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } -} diff --git a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c9-nullresource-provisioners.tf b/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c9-nullresource-provisioners.tf deleted file mode 100644 index a4b0bcdf..00000000 --- a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/c9-nullresource-provisioners.tf +++ /dev/null @@ -1,42 +0,0 @@ -# Create a Null Resource and Provisioners -resource "null_resource" "name" { - depends_on = [module.ec2_public] - # Connection Block for Provisioners to connect to EC2 Instance - connection { - type = "ssh" - host = aws_eip.bastion_eip.public_ip - user = "ec2-user" - password = "" - private_key = file("private-key/terraform-key.pem") - } - -## File Provisioner: Copies the terraform-key.pem file to /tmp/terraform-key.pem - provisioner "file" { - source = "private-key/terraform-key.pem" - destination = "/tmp/terraform-key.pem" - } -## Remote Exec Provisioner: Using remote-exec provisioner fix the private key permissions on Bastion Host - provisioner "remote-exec" { - inline = [ - "sudo chmod 400 /tmp/terraform-key.pem" - ] - } -## Local Exec Provisioner: local-exec provisioner (Creation-Time Provisioner - Triggered during Create Resource) - provisioner "local-exec" { - command = "echo VPC created on `date` and VPC ID: ${module.vpc.vpc_id} >> creation-time-vpc-id.txt" - working_dir = "local-exec-output-files/" - #on_failure = continue - } -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) -/* provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } - */ - -} - -# Creation Time Provisioners - By default they are created during resource creations (terraform apply) -# Destory Time Provisioners - Will be executed during "terraform destroy" command (when = destroy) \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/ec2instance.auto.tfvars b/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/ec2instance.auto.tfvars deleted file mode 100644 index 9875e621..00000000 --- a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/ec2instance.auto.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -# EC2 Instance Variables -instance_type = "t3.micro" -instance_keypair = "terraform-key" -#private_instance_count = 2 diff --git a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/jumpbox-install.sh b/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/jumpbox-install.sh deleted file mode 100644 index eaa57e01..00000000 --- a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/jumpbox-install.sh +++ /dev/null @@ -1,8 +0,0 @@ -#! /bin/bash -sudo yum update -y -sudo rpm -e --nodeps mariadb-libs-* -sudo amazon-linux-extras enable mariadb10.5 -sudo yum clean metadata -sudo yum install -y mariadb -sudo mysql -V -sudo yum install -y telnet \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt b/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt deleted file mode 100644 index ceeb7a41..00000000 --- a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt +++ /dev/null @@ -1,8 +0,0 @@ -VPC created on Tue Apr 20 13:59:45 IST 2021 and VPC ID: vpc-0325dc1acd7eec103 -VPC created on Fri Apr 23 14:38:18 IST 2021 and VPC ID: vpc-0159283c216ac75de -VPC created on Tue Apr 27 10:44:49 IST 2021 and VPC ID: vpc-0f27dbec1d02214ac -VPC created on Tue Apr 27 11:43:16 IST 2021 and VPC ID: vpc-0919ae691ce17b447 -VPC created on Tue Apr 27 15:46:33 IST 2021 and VPC ID: vpc-0c049ce82c2fef9d3 -VPC created on Wed Nov 29 14:47:05 IST 2023 and VPC ID: vpc-0ee0098358608ebe6 -VPC created on Wed Nov 29 16:27:19 IST 2023 and VPC ID: vpc-044eb89eb8edd3117 -VPC created on Tue Dec 26 14:19:49 IST 2023 and VPC ID: vpc-0fca77c6c35965b70 diff --git a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/local-exec-output-files/destroy-time-prov.txt b/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/local-exec-output-files/destroy-time-prov.txt deleted file mode 100644 index 0f596da0..00000000 --- a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/local-exec-output-files/destroy-time-prov.txt +++ /dev/null @@ -1,8 +0,0 @@ -Destroy time prov Tue Apr 20 14:11:11 IST 2021 -Destroy time prov Fri Apr 23 16:06:53 IST 2021 -Destroy time prov Tue Apr 27 11:10:39 IST 2021 -Destroy time prov Tue Apr 27 13:09:09 IST 2021 -Destroy time prov Tue Apr 27 16:20:51 IST 2021 -Destroy time prov Wed Nov 29 16:13:32 IST 2023 -Destroy time prov Wed Nov 29 17:02:35 IST 2023 -Destroy time prov Tue Dec 26 14:43:34 IST 2023 diff --git a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/private-key/terraform-key.pem b/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/private-key/terraform-key.pem deleted file mode 100644 index fab1eb2a..00000000 --- a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/private-key/terraform-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAnzQtbXStFNU4znotckbPpAbQvymSYBvIRhObDObmhZLzs/Qm -lm57HBU18NcdAeEmKjHyu/2CI4Wwor3TJ+LTKHIldHmCt+26dSN5889Km99Af674 -nuPg9fTt8IXhY83aO0AeEnFivC+lk9+6Xezv7J7Llsmyx3kvUGE4uUEPNPuNcjdU -OrSlQ/Th9FPWBsTL8wLQCfQaPIQhZT8fXnvNGViTpZ/YqcoKGmkXcMl/+Pi0Xccs -ID3Egl18sV5uWr6T1DSMqhhwWYbl+IagZYUeKQ6Lg5znAtnX2/OHhDep6pGcf+aE -jbRkhQWgfLIVYhNXkAGxdxBEA2fQO0wvnaKI6wIDAQABAoIBABmUZqApmQ253LDA -TMEJw58VQUEVyuEKVbl8uPLvvqZDoEiPuAt/oOQ4PDyAM7bzmBA7ikbOSrSubF0Z -pu3HsinTfVUjmO84kTb1Bkk4S0KUMmbRlDzjXGfofLqiqD5C+wd+G9bWxQh7l10V -G3qv8TTRpuCJc+I9BG8jz9tkKq9WYtnGKXktVIAmEXK+ein8A5yj+szV1CyP0y6Y -6D1KApk+o1hLEXCBxaK6JgD4elJWgU0jCIhRFZzae93yozNIfJc2WZfPc8Ro6GBa -8H57q3E241P7S65VewhZlln9AUcRFYc587ohcCIW8mOWQ8NA3IMP+oVxa2p334Ll -duhR2jECgYEAyf7a1/+/c82B+ENyo53Y5CK2UM28oOJjiyCaWG2Dxj6V2+ZSXPrS -YTo43L9XiqT0Ry2eHjb4pJDsEeW5FnaDFO6NVUP+vfzaqWtozQmVAl3GQybbSh6g -+KJoEQff2Obadp9ZVhLFTiBedvGqPD43hs7jtmk5RfMjpLOvidfe+/UCgYEAycSJ -etYYHMMQm2NgX1/4dcbgOiu33N+x1H7LaXuvJMaZw0wB7fUyu65CAexEanDtiKs3 -jVG4tAzdMmHg7VxKR7eiCvQaSlxdWdcWtL2eFVq2TaQeowbpJUtsR0h6W0vpaN9A -VYW/oAH4fzQskwmWSlBMxB/Ie14hBCBckTXSRV8CgYEAql6WXpCK/jVbZfYdfvrn -sKPGeijM7DWGGBaLmAHmnxKyeyKsXVgAkZj11NpeD8ZJcq97Kajb1pGVSxMjJVsX -/FOoST5sYfoew76gSi/GypQlYQYo9z8WLh9s/tBRcTRlFqAYTYzPdbG/ezshhmZD -lyRw0620bNdCPOyBJhY5MPECgYA/3tFOazuSz0UQi3LUfkLetagBghlf+AgJJmIp -8BdPYvcF1ae+tiHrO4x1o188+qaW3uxk9fusM25KJqXXPaHd9gl7wi4YYAjFCcuM -R4IlbGPNTCjOnr9rKOcL4aup/uvSYOmyqPYyJq2NRuzdVumWeLj0VMNYGkIFVmE3 -LnxzrQKBgG5loEjdSKt40YOMXtYvUYUKDGvWgoQEb0hj3OqiBXz+w4YD3/iX7dbQ -qra1gCxE42Z9beiBiti6zi6zGcoVj/pfNUoyxTLMSwaytbF+g1u6ksXcmC9PXcmk -kJDR0DJcm/rcL8tp3PKo22GDB7sobm9gk5je6y8z+dQs3SQbWzb0 ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/rdsdb.auto.tfvars b/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/rdsdb.auto.tfvars deleted file mode 100644 index 6e44361b..00000000 --- a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/rdsdb.auto.tfvars +++ /dev/null @@ -1,7 +0,0 @@ -# RDS Database Variables -db_name = "webappdb" -db_instance_identifier = "webappdb" -db_username = "dbadmin" - - - diff --git a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/secrets.tfvars b/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/secrets.tfvars deleted file mode 100644 index 56e7e303..00000000 --- a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/secrets.tfvars +++ /dev/null @@ -1 +0,0 @@ -db_password = "dbpassword11" \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/terraform.tfvars b/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/terraform.tfvars deleted file mode 100644 index 8b9f8d7c..00000000 --- a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/terraform.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# Generic Variables -aws_region = "us-east-1" -environment = "stag" -business_divsion = "hr" - - - - - - - diff --git a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/vpc.auto.tfvars b/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/vpc.auto.tfvars deleted file mode 100644 index fc45bf29..00000000 --- a/V1-UPDATES-DEC2023/13-DNS-to-DB/terraform-manifests/vpc.auto.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# VPC Variables -vpc_name = "myvpc" -vpc_cidr_block = "10.0.0.0/16" -vpc_availability_zones = ["us-east-1a", "us-east-1b"] -vpc_public_subnets = ["10.0.101.0/24", "10.0.102.0/24"] -vpc_private_subnets = ["10.0.1.0/24", "10.0.2.0/24"] -vpc_database_subnets= ["10.0.151.0/24", "10.0.152.0/24"] -vpc_create_database_subnet_group = true -vpc_create_database_subnet_route_table = true -vpc_enable_nat_gateway = true -vpc_single_nat_gateway = true \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/README.md b/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/README.md deleted file mode 100644 index 7db92591..00000000 --- a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/README.md +++ /dev/null @@ -1,728 +0,0 @@ ---- -title: AWS Autoscaling with Launch Configuration -description: Create AWS Autoscaling with Launch Configuration using Terraform ---- -# AWS Autoscaling with Launch Configuration using Terraform -## Step-00: Create Autoscaling using AWS Management Console -- We are going to create Autoscaling using AWS Management Console to understand things on high level before going to create them using Terrafom - - Create Lauch Configuration - - Create Autoscaling - - Create TTSP Policies - - Create Launch Configurations - - Create Lifecycle Hooks - - Create Notifications - - Create Scheduled Actions -- **Important Note:** Students who are already experts in Autoscaling can move on to implement the same using Terraform. - -## Step-01: Introduction to Autoscaing using Terraform -### Module-1: Create ASG & LC & ALB -- [Terraform Autoscaling Module](https://registry.terraform.io/modules/terraform-aws-modules/autoscaling/aws/latest) -- Create Launch Configuration -- Create Autoscaling Group -- Map it with ALB (Application Load Balancer) -- Create Autoscaling Outputs - -[](https://stacksimplify.com/course-images/terraform-aws-autoscaling-launch-configurations-1.png) - -[](https://stacksimplify.com/course-images/terraform-aws-autoscaling-launch-configurations-2.png) - -[](https://stacksimplify.com/course-images/terraform-aws-autoscaling-launch-configurations-3.png) - - -### Module-2: Autoscaling Notifications -- Create SNS Topic `aws_sns_topic` -- Create SNS Topic Subscription `aws_sns_topic_subscription` -- Create Autoscaling Notification Resource `aws_autoscaling_notification` - -### Module-3: Create TTSP (Target Tracking Scaling Policies) -- Create `Resource: aws_autoscaling_policy` - - ASGAverageCPUUtilization - - ALBRequestCountPerTarget -- Terraform Import for `ALBRequestCountPerTarget` Resource Label finding (Standard Troubleshooting to find exact argument and value using `terraform import` command) - -### Module-4: Scheduled Actions -- Create a scheduled action to `increase capacity at 7am` -- Create a scheduled action to `decrease capacity at 5pm` -```t -# Import State -$ terraform import aws_autoscaling_schedule.resource-name auto-scaling-group-name/scheduled-action-name -terraform import aws_autoscaling_schedule.capacity_increase_during_business_hours myapp1-asg-20210329100544375800000007/capacity_increase_during_business_hours --> using terraform import get values for recurrence argument (cron format) - -# UTC Timezone converter -https://www.worldtimebuddy.com/utc-to-est-converter -``` - -### Module-5: Changes to ASG - Test Instance Refresh -- Change Desired capacity to 3 `desired_capacity = 3` and test -- Any change to ASG specific arguments listed in `triggers` of `instance_refresh` block, do a instance refresh - -### Module-6: Change to Launch Configuration - Test Instance Refresh -- What happens? -- In next scale-in event changes will be adjusted [or] if instance refresh present and configured in this module it updates ASG with new LC ID, instance refresh should kick in. -- Lets see that practically -- In this case, we don't need to have `launch_configuration` practically present in `triggers` section of `instance_refresh` things take care automatically - -### Module-7: Testing using Postman for Autoscaling -- Use postman to put load to test the TTSP policies for autoscaling - -## Step-02: Review existing configuration files -1. c1-versions.tf -2. c2-generic-variables.tf -3. c3-local-values.tf: ADDED `asg_tags` -4. VPC Module -- c4-01-vpc-variables.tf -- c4-02-vpc-module.tf -- c4-03-vpc-outputs.tf -5. Security Group Modules -- c5-01-securitygroup-variables.tf -- c5-02-securitygroup-outputs.tf -- c5-03-securitygroup-bastionsg.tf -- c5-04-securitygroup-privatesg.tf -- c5-05-securitygroup-loadbalancersg.tf -6. Datasources -- c6-01-datasource-ami.tf -- c6-02-datasource-route53-zone.tf -7. EC2 Instance Module -- c7-01-ec2instance-variables.tf -- c7-02-ec2instance-outputs.tf: REMOVED OUTPUTS RELATED TO OTHER PRIVATE EC2 INSTANCES -- c7-03-ec2instance-bastion.tf -8. c8-elasticip.tf -9. c9-nullresource-provisioners.tf -10. Application Load Balancer Module -- c10-01-ALB-application-loadbalancer-variables.tf -- c10-02-ALB-application-loadbalancer.tf: CHANGES RELATED TO APP1 TG, REMOVE TARGETS, TARGETS WILL BE ADDED FROM ASG -- c10-03-ALB-application-loadbalancer-outputs.tf -11. c11-acm-certificatemanager.tf -12. c12-route53-dnsregistration.tf: JUST CHANGED THE DNS NAME -13. Autoscaling with Launch Configuration Module: NEW ADDITION -- c13-01-autoscaling-with-launchconfiguration-variables.tf -- c13-02-autoscaling-additional-resoures.tf -- c13-03-autoscaling-with-launchconfiguration.tf -- c13-04-autoscaling-with-launchconfiguration-outputs.tf -- c13-05-autoscaling-notifications.tf -- c13-06-autoscaling-ttsp.tf -- c13-07-autoscaling-scheduled-actions.tf -14. Terraform Input Variables -- ec2instance.auto.tfvars -- terraform.tfvars -- vpc.auto.tfvars -15. Userdata -- app1-install.sh -16. EC2 Instance Private Keys -- private-key/terraform-key.pem - - -## Step-03: c3-local-values.tf -```t - asg_tags = [ - { - key = "Project" - value = "megasecret" - propagate_at_launch = true - }, - { - key = "foo" - value = "" - propagate_at_launch = true - }, - ] -``` - -## Step-04: c7-02-ec2instance-outputs.tf -- Removed EC2 Instance Outputs anything defined for Private EC2 Instances created using EC2 Instance module -- Only outputs for Bastion EC2 Instance is present -```t -## ec2_bastion_public_instance_ids -output "ec2_bastion_public_instance_ids" { - description = "List of IDs of instances" - value = module.ec2_public.id -} - -## ec2_bastion_public_ip -output "ec2_bastion_public_ip" { - description = "List of public IP addresses assigned to the instances" - value = module.ec2_public.public_ip -} - -``` - -## Step-05: c10-02-ALB-application-loadbalancer.tf -- Two changes -- **Change-1:** For `subnets` argument, either we can give specific subnets or we can also give all private subnets defined. -- **Change-2:** Commented the Targets for App1, App1 Targets now will be added automatically from ASG. HOW? - - In ASG, we will be referencing the load balancer `target_group_arns= module.alb.target_group_arns` - - We will discuss more about this when creating ASG TF Configs -- **Change-3:** changed the path patter as `path_patterns = ["/*"]` -```t -# Terraform AWS Application Load Balancer (ALB) -module "alb" { - source = "terraform-aws-modules/alb/aws" - #version = "5.16.0" - version = "6.0.0" - - name = "${local.name}-alb" - load_balancer_type = "application" - vpc_id = module.vpc.vpc_id - /*Option-1: Give as list with specific subnets or in next line, pass all public subnets - subnets = [ - module.vpc.public_subnets[0], - module.vpc.public_subnets[1] - ]*/ - subnets = module.vpc.public_subnets - #security_groups = [module.loadbalancer_sg.this_security_group_id] - security_groups = [module.loadbalancer_sg.security_group_id] - # Listeners - # HTTP Listener - HTTP to HTTPS Redirect - http_tcp_listeners = [ - { - port = 80 - protocol = "HTTP" - action_type = "redirect" - redirect = { - port = "443" - protocol = "HTTPS" - status_code = "HTTP_301" - } - } - ] - # Target Groups - target_groups = [ - # App1 Target Group - TG Index = 0 - { - name_prefix = "app1-" - backend_protocol = "HTTP" - backend_port = 80 - target_type = "instance" - deregistration_delay = 10 - health_check = { - enabled = true - interval = 30 - path = "/app1/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - protocol = "HTTP" - matcher = "200-399" - } - protocol_version = "HTTP1" - /* # App1 Target Group - Targets - targets = { - my_app1_vm1 = { - target_id = module.ec2_private_app1.id[0] - port = 80 - }, - my_app1_vm2 = { - target_id = module.ec2_private_app1.id[1] - port = 80 - } - } - tags =local.common_tags # Target Group Tags*/ - }, - ] - - # HTTPS Listener - https_listeners = [ - # HTTPS Listener Index = 0 for HTTPS 443 - { - port = 443 - protocol = "HTTPS" - #certificate_arn = module.acm.this_acm_certificate_arn - certificate_arn = module.acm.acm_certificate_arn - action_type = "fixed-response" - fixed_response = { - content_type = "text/plain" - message_body = "Fixed Static message - for Root Context" - status_code = "200" - } - }, - ] - - # HTTPS Listener Rules - https_listener_rules = [ - # Rule-1: /app1* should go to App1 EC2 Instances - { - https_listener_index = 0 - priority = 1 - actions = [ - { - type = "forward" - target_group_index = 0 - } - ] - conditions = [{ - path_patterns = ["/*"] - }] - }, - ] - tags = local.common_tags # ALB Tags -} -``` - -## Step-06: c12-route53-dnsregistration.tf -- Update the DNS name relevant to demo -```t - name = "asg-lc1.devopsincloud.com" -``` - -## Step-07: Autoscaling with Launch Configuration Terraform Module -### Step-07-01: c13-01-autoscaling-with-launchconfiguration-variables.tf -```t -# Autoscaling Input Variables -## Placeholder file -``` - -### Step-07-02: c13-02-autoscaling-additional-resoures.tf -```t -# AWS IAM Service Linked Role for Autoscaling Group -resource "aws_iam_service_linked_role" "autoscaling" { - aws_service_name = "autoscaling.amazonaws.com" - description = "A service linked role for autoscaling" - custom_suffix = local.name - - # Sometimes good sleep is required to have some IAM resources created before they can be used - provisioner "local-exec" { - command = "sleep 10" - } -} - -# Output AWS IAM Service Linked Role -output "service_linked_role_arn" { - value = aws_iam_service_linked_role.autoscaling.arn -} -``` - -### Step-07-03: c13-03-autoscaling-with-launchconfiguration.tf -```t -# Autoscaling with Launch Configuration - Both created at a time -module "autoscaling" { - source = "terraform-aws-modules/autoscaling/aws" - version = "4.1.0" - - # Autoscaling group - name = "${local.name}-myasg1" - use_name_prefix = false - - min_size = 2 - max_size = 10 - desired_capacity = 2 - wait_for_capacity_timeout = 0 - health_check_type = "EC2" - vpc_zone_identifier = module.vpc.private_subnets - service_linked_role_arn = aws_iam_service_linked_role.autoscaling.arn - # Associate ALB with ASG - target_group_arns = module.alb.target_group_arns - - # ASG Lifecycle Hooks - initial_lifecycle_hooks = [ - { - name = "ExampleStartupLifeCycleHook" - default_result = "CONTINUE" - heartbeat_timeout = 60 - lifecycle_transition = "autoscaling:EC2_INSTANCE_LAUNCHING" - # This could be a rendered data resource - notification_metadata = jsonencode({ "hello" = "world" }) - }, - { - name = "ExampleTerminationLifeCycleHook" - default_result = "CONTINUE" - heartbeat_timeout = 180 - lifecycle_transition = "autoscaling:EC2_INSTANCE_TERMINATING" - # This could be a rendered data resource - notification_metadata = jsonencode({ "goodbye" = "world" }) - } - ] - - # ASG Instance Referesh - instance_refresh = { - strategy = "Rolling" - preferences = { - min_healthy_percentage = 50 - } - triggers = ["tag", "desired_capacity"/*, "launch_configuration"*/] # Desired Capacity here added for demostrating the Instance Refresh scenario - } - - # ASG Launch configuration - lc_name = "${local.name}-mylc1" - use_lc = true - create_lc = true - - image_id = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - user_data = file("${path.module}/app1-install.sh") - ebs_optimized = true - enable_monitoring = true - - security_groups = [module.private_sg.security_group_id] - associate_public_ip_address = false - - # Add Spot Instances, which creates Spot Requests to get instances at the price listed (Optional argument) - #spot_price = "0.014" - spot_price = "0.015" # Change for Instance Refresh test - - ebs_block_device = [ - { - device_name = "/dev/xvdz" - delete_on_termination = true - encrypted = true - volume_type = "gp2" - volume_size = "20" - }, - ] - - root_block_device = [ - { - delete_on_termination = true - encrypted = true - volume_size = "15" - volume_type = "gp2" - }, - ] - - metadata_options = { - http_endpoint = "enabled" - http_tokens = "optional" # At production grade you can change to "required", for our example if is optional we can get the content in metadata.html - http_put_response_hop_limit = 32 - } - - tags = local.asg_tags -} -``` - -### Step-07-04: c13-04-autoscaling-with-launchconfiguration-outputs.tf -```t -# Launch configuration Outputs -output "launch_configuration_id" { - description = "The ID of the launch configuration" - value = module.autoscaling.launch_configuration_id -} - -output "launch_configuration_arn" { - description = "The ARN of the launch configuration" - value = module.autoscaling.launch_configuration_arn -} - -output "launch_configuration_name" { - description = "The name of the launch configuration" - value = module.autoscaling.launch_configuration_name -} - -# Autoscaling Outpus -output "autoscaling_group_id" { - description = "The autoscaling group id" - value = module.autoscaling.autoscaling_group_id -} - -output "autoscaling_group_name" { - description = "The autoscaling group name" - value = module.autoscaling.autoscaling_group_name -} - -output "autoscaling_group_arn" { - description = "The ARN for this AutoScaling Group" - value = module.autoscaling.autoscaling_group_arn -} - -output "autoscaling_group_min_size" { - description = "The minimum size of the autoscale group" - value = module.autoscaling.autoscaling_group_min_size -} - -output "autoscaling_group_max_size" { - description = "The maximum size of the autoscale group" - value = module.autoscaling.autoscaling_group_max_size -} - -output "autoscaling_group_desired_capacity" { - description = "The number of Amazon EC2 instances that should be running in the group" - value = module.autoscaling.autoscaling_group_desired_capacity -} - -output "autoscaling_group_default_cooldown" { - description = "Time between a scaling activity and the succeeding scaling activity" - value = module.autoscaling.autoscaling_group_default_cooldown -} - -output "autoscaling_group_health_check_grace_period" { - description = "Time after instance comes into service before checking health" - value = module.autoscaling.autoscaling_group_health_check_grace_period -} - -output "autoscaling_group_health_check_type" { - description = "EC2 or ELB. Controls how health checking is done" - value = module.autoscaling.autoscaling_group_health_check_type -} - -output "autoscaling_group_availability_zones" { - description = "The availability zones of the autoscale group" - value = module.autoscaling.autoscaling_group_availability_zones -} - -output "autoscaling_group_vpc_zone_identifier" { - description = "The VPC zone identifier" - value = module.autoscaling.autoscaling_group_vpc_zone_identifier -} - -output "autoscaling_group_load_balancers" { - description = "The load balancer names associated with the autoscaling group" - value = module.autoscaling.autoscaling_group_load_balancers -} - -output "autoscaling_group_target_group_arns" { - description = "List of Target Group ARNs that apply to this AutoScaling Group" - value = module.autoscaling.autoscaling_group_target_group_arns -} -``` - -### Step-07-05: c13-05-autoscaling-notifications.tf -#### Step-07-05-01: c1-versions.tf -```t -# Add Random Provider in required_providers block - random = { - source = "hashicorp/random" - version = "~> 3.0" - } - -# Create Random Pet Resource -resource "random_pet" "this" { - length = 2 -} -``` - -#### Step-07-05-02: c13-05-autoscaling-notifications.tf -```t -# Autoscaling Notifications -## SNS - Topic -resource "aws_sns_topic" "myasg_sns_topic" { - name = "myasg-sns-topic-${random_pet.this.id}" -} - -## SNS - Subscription -resource "aws_sns_topic_subscription" "myasg_sns_topic_subscription" { - topic_arn = aws_sns_topic.myasg_sns_topic.arn - protocol = "email" - endpoint = "stacksimplify@gmail.com" -} - -## Create Autoscaling Notification Resource -resource "aws_autoscaling_notification" "myasg_notifications" { - group_names = [module.autoscaling.autoscaling_group_id] - notifications = [ - "autoscaling:EC2_INSTANCE_LAUNCH", - "autoscaling:EC2_INSTANCE_TERMINATE", - "autoscaling:EC2_INSTANCE_LAUNCH_ERROR", - "autoscaling:EC2_INSTANCE_TERMINATE_ERROR", - ] - topic_arn = aws_sns_topic.myasg_sns_topic.arn -} -``` - -### Step-07-06: c13-06-autoscaling-ttsp.tf -```t -###### Target Tracking Scaling Policies ###### -# TTS - Scaling Policy-1: Based on CPU Utilization of EC2 Instances -# Define Autoscaling Policies and Associate them to Autoscaling Group -resource "aws_autoscaling_policy" "avg_cpu_policy_greater_than_xx" { - name = "avg-cpu-policy-greater-than-xx" - policy_type = "TargetTrackingScaling" # Important Note: The policy type, either "SimpleScaling", "StepScaling" or "TargetTrackingScaling". If this value isn't provided, AWS will default to "SimpleScaling." - autoscaling_group_name = module.autoscaling.autoscaling_group_id - estimated_instance_warmup = 180 # defaults to ASG default cooldown 300 seconds if not set - # CPU Utilization is above 50 - target_tracking_configuration { - predefined_metric_specification { - predefined_metric_type = "ASGAverageCPUUtilization" - } - target_value = 50.0 - } - -} - -# TTS - Scaling Policy-2: Based on ALB Target Requests -resource "aws_autoscaling_policy" "alb_target_requests_greater_than_yy" { - name = "alb-target-requests-greater-than-yy" - policy_type = "TargetTrackingScaling" # Important Note: The policy type, either "SimpleScaling", "StepScaling" or "TargetTrackingScaling". If this value isn't provided, AWS will default to "SimpleScaling." - autoscaling_group_name = module.autoscaling.autoscaling_group_id - estimated_instance_warmup = 120 # defaults to ASG default cooldown 300 seconds if not set - # Number of requests > 10 completed per target in an Application Load Balancer target group. - target_tracking_configuration { - predefined_metric_specification { - predefined_metric_type = "ALBRequestCountPerTarget" - resource_label = "${module.alb.lb_arn_suffix}/${module.alb.target_group_arn_suffixes[0]}" - } - target_value = 10.0 - } -} -``` - -### Step-07-07: c13-07-autoscaling-scheduled-actions.tf -#### Step-07-07-01: Terraform Import Command -```t -# Import State -$ terraform import aws_autoscaling_schedule.resource-name auto-scaling-group-name/scheduled-action-name -terraform import aws_autoscaling_schedule.capacity_increase_during_business_hours myapp1-asg-20210329100544375800000007/capacity_increase_during_business_hours --> using terraform import get values for recurrence argument (cron format) -``` -#### Step-07-07-02: ASG Scheduled Actions -- `start_time` is given as future date, you can correct that based on your need from what date these actions should take place. -- Time in `start_time` should be in UTC Timezone so please convert from your local time to UTC Time and update the value accordingly. -- [UTC Timezone converter](https://www.worldtimebuddy.com/utc-to-est-converter) - -```t -## Create Scheduled Actions -### Create Scheduled Action-1: Increase capacity during business hours -resource "aws_autoscaling_schedule" "increase_capacity_7am" { - scheduled_action_name = "increase-capacity-7am" - min_size = 2 - max_size = 10 - desired_capacity = 8 - start_time = "2030-03-30T11:00:00Z" # Time should be provided in UTC Timezone (11am UTC = 7AM EST) - recurrence = "00 09 * * *" - autoscaling_group_name = module.autoscaling.autoscaling_group_id -} -### Create Scheduled Action-2: Decrease capacity during business hours -resource "aws_autoscaling_schedule" "decrease_capacity_5pm" { - scheduled_action_name = "decrease-capacity-5pm" - min_size = 2 - max_size = 10 - desired_capacity = 2 - start_time = "2030-03-30T21:00:00Z" # Time should be provided in UTC Timezone (9PM UTC = 5PM EST) - recurrence = "00 21 * * *" - autoscaling_group_name = module.autoscaling.autoscaling_group_id -} -``` - -## Step-08: Execute Terraform Commands -```t -# Terraform Initialize -terraform init - -# Terraform Validate -terraform validate - -# Terraform Plan -terraform plan - -# Terraform Apply -terraform apply -auto-approve -``` - -## Step-09: Verify the AWS resources created -0. Confirm SNS Subscription in your email -1. Verify EC2 Instances -2. Verify Launch Configuration (High Level) -3. Verify Autoscaling Group (High Level) -4. Verify Load Balancer -5. Verify Load Balancer Target Group - Health Checks -6. Verify Autoscaling Group Features In detail -- Details Tab - - ASG Group Details - - Launch Configuration -- Activity Tab -- Automatic Scaling - - Target Tracking Scaling Policies (TTSP) - - Scheduled Actions -- Instance Management - - Instances - - Lifecycle Hooks -- Monitoring - - Autoscaling - - EC2 -- Instance Refresh Tab -7. Verify Spot Requests -8. Access and Test -```t -# Access and Test -http://asg-lc.devopsincloud.com -http://asg-lc.devopsincloud.com/app1/index.html -http://asg-lc.devopsincloud.com/app1/metadata.html -``` - - -## Step-10: Changes to ASG - Test Instance Refresh -- Change Desired capacity to 3 `desired_capacity = 3` and test -- Any change to ASG specific arguments listed in `triggers` of `instance_refresh` block, do a instance refresh -```t - # ASG Instance Referesh - instance_refresh = { - strategy = "Rolling" - preferences = { - min_healthy_percentage = 50 - } - triggers = ["tag", "desired_capacity"] # Desired Capacity here added for demostrating the Instance Refresh scenario - } -``` -- Execute Terraform Commands -```t -# Terraform Plan -terraform plan - -# Terraform Apply -terraform apply -auto-approve - -# Observation -1. Consistently monitor the Autoscaling "Activity" and "Instance Refresh" tabs. -2. In close to 5 to 10 minutes, instances will be refreshed -3. Verify EC2 Instances, old will be terminated and new will be created -``` - -## Step-11: Change to Launch Configuration - Test Instance Refresh -- What happens? -- In next scale-in event changes will be adjusted [or] if instance refresh present and configured in this module it updates ASG with new LC ID, instance refresh should kick in. -- Lets see that practically -- In this case, we don't need to have `launch_configuration` practically present in `triggers` section of `instance_refresh` things take care automatically -```t -# Before - spot_price = "0.014" -# After - spot_price = "0.015" # Change for Instance Refresh test -``` -- Execute Terraform Commands -```t -# Terraform Plan -terraform plan - -# Terraform Apply -terraform apply -auto-approve - -# Observation -1. Consistently monitor the Autoscaling "Activity" and "Instance Refresh" tabs. -2. In close to 5 to 10 minutes, instances will be refreshed -3. Verify EC2 Instances, old will be terminated and new will be created -``` -## Step-12: Test Autoscaling using Postman -- [Download Postman client and Install](https://www.postman.com/downloads/) -- Create New Collection: terraform-on-aws -- Create new Request: asg -- URL: https://asg-lc1.devopsincloud.com/app1/metadata.html -- Click on **RUN**, with 5000 requests -- Monitor ASG -> Activity Tab -- Monitor EC2 -> Instances - To see if new EC2 Instances getting created (Autoscaling working as expected) -- It might take 5 to 10 minutes to autoscale with new EC2 Instances - -## Step-13: Clean-Up -```t -# Terraform Destroy -terraform destroy -auto-approve - -# Clean-Up Files -rm -rf .terraform* -rm -rf terraform.tfstate* -``` - -## Additional Knowledge -### Terraform-Import-1: Get Resource LABEL for TTS Policy ALBRequestCount policy -- If I am not able to understand how to findout the entire resource argument from documentation, I follow this `terraform import` approach -```t -$ terraform import aws_autoscaling_policy.test-policy asg-name/policy-name - -terraform import aws_autoscaling_policy.dkalyan-test-policy myapp1-asg-20210329045302504300000007/TP1 -``` - -## References -- [Data Source: aws_subnet_ids](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet_ids) -- [Resource: aws_autoscaling_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_policy) -- [Resource: aws_autoscaling_notification](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_notification) -- [Resource: aws_autoscaling_schedule](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_schedule) -- [Pre-defined Metrics - Autoscaling](https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_PredefinedMetricSpecification.html) diff --git a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/app1-install.sh b/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/app1-install.sh deleted file mode 100644 index f697dd1d..00000000 --- a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/app1-install.sh +++ /dev/null @@ -1,12 +0,0 @@ -#! /bin/bash -# Instance Identity Metadata Reference - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html -sudo yum update -y -sudo yum install -y httpd -sudo systemctl enable httpd -sudo service httpd start -sudo echo 'Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app1/index.html -sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app1/metadata.html - - diff --git a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c1-versions.tf b/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c1-versions.tf deleted file mode 100644 index 2f3912f8..00000000 --- a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c1-versions.tf +++ /dev/null @@ -1,33 +0,0 @@ -# Terraform Block -terraform { - required_version = ">= 1.0" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 3.0" - } - null = { - source = "hashicorp/null" - version = "~> 3.0.0" - } - random = { - source = "hashicorp/random" - version = "~> 3.0" - } - } -} - -# Provider Block -provider "aws" { - region = var.aws_region - profile = "default" -} -/* -Note-1: AWS Credentials Profile (profile = "default") configured on your local desktop terminal -$HOME/.aws/credentials -*/ - -# Create Random Pet Resource -resource "random_pet" "this" { - length = 2 -} diff --git a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf b/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf deleted file mode 100644 index 0aeebd65..00000000 --- a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf +++ /dev/null @@ -1,3 +0,0 @@ -# Terraform AWS Application Load Balancer Variables -# Place holder file for AWS ALB Variables - diff --git a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c10-02-ALB-application-loadbalancer.tf b/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c10-02-ALB-application-loadbalancer.tf deleted file mode 100644 index fa707c3f..00000000 --- a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c10-02-ALB-application-loadbalancer.tf +++ /dev/null @@ -1,106 +0,0 @@ -# Terraform AWS Application Load Balancer (ALB) -module "alb" { - source = "terraform-aws-modules/alb/aws" - #version = "5.16.0" - version = "6.0.0" - - name = "${local.name}-alb" - load_balancer_type = "application" - vpc_id = module.vpc.vpc_id - /*Option-1: Give as list with specific subnets or in next line, pass all public subnets - subnets = [ - module.vpc.public_subnets[0], - module.vpc.public_subnets[1] - ]*/ - subnets = module.vpc.public_subnets - #security_groups = [module.loadbalancer_sg.this_security_group_id] - security_groups = [module.loadbalancer_sg.security_group_id] - # Listeners - # HTTP Listener - HTTP to HTTPS Redirect - http_tcp_listeners = [ - { - port = 80 - protocol = "HTTP" - action_type = "redirect" - redirect = { - port = "443" - protocol = "HTTPS" - status_code = "HTTP_301" - } - } - ] - # Target Groups - target_groups = [ - # App1 Target Group - TG Index = 0 - { - name_prefix = "app1-" - backend_protocol = "HTTP" - backend_port = 80 - target_type = "instance" - deregistration_delay = 10 - health_check = { - enabled = true - interval = 30 - path = "/app1/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - protocol = "HTTP" - matcher = "200-399" - } - protocol_version = "HTTP1" - /* # App1 Target Group - Targets - targets = { - my_app1_vm1 = { - target_id = module.ec2_private_app1.id[0] - port = 80 - }, - my_app1_vm2 = { - target_id = module.ec2_private_app1.id[1] - port = 80 - } - } - tags =local.common_tags # Target Group Tags*/ - }, - ] - - # HTTPS Listener - https_listeners = [ - # HTTPS Listener Index = 0 for HTTPS 443 - { - port = 443 - protocol = "HTTPS" - #certificate_arn = module.acm.this_acm_certificate_arn - certificate_arn = module.acm.acm_certificate_arn - action_type = "fixed-response" - fixed_response = { - content_type = "text/plain" - message_body = "Fixed Static message - for Root Context" - status_code = "200" - } - }, - ] - - # HTTPS Listener Rules - https_listener_rules = [ - # Rule-1: /app1* should go to App1 EC2 Instances - { - https_listener_index = 0 - priority = 1 - actions = [ - { - type = "forward" - target_group_index = 0 - } - ] - conditions = [{ - path_patterns = ["/*"] - }] - }, - ] - tags = local.common_tags # ALB Tags -} - - - diff --git a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf b/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf deleted file mode 100644 index 53b13a4e..00000000 --- a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf +++ /dev/null @@ -1,65 +0,0 @@ -# Terraform AWS Application Load Balancer (ALB) Outputs -output "lb_id" { - description = "The ID and ARN of the load balancer we created." - value = module.alb.lb_id -} - -output "lb_arn" { - description = "The ID and ARN of the load balancer we created." - value = module.alb.lb_arn -} - -output "lb_dns_name" { - description = "The DNS name of the load balancer." - value = module.alb.lb_dns_name -} - -output "lb_arn_suffix" { - description = "ARN suffix of our load balancer - can be used with CloudWatch." - value = module.alb.lb_arn_suffix -} - -output "lb_zone_id" { - description = "The zone_id of the load balancer to assist with creating DNS records." - value = module.alb.lb_zone_id -} - -output "http_tcp_listener_arns" { - description = "The ARN of the TCP and HTTP load balancer listeners created." - value = module.alb.http_tcp_listener_arns -} - -output "http_tcp_listener_ids" { - description = "The IDs of the TCP and HTTP load balancer listeners created." - value = module.alb.http_tcp_listener_ids -} - -output "https_listener_arns" { - description = "The ARNs of the HTTPS load balancer listeners created." - value = module.alb.https_listener_arns -} - -output "https_listener_ids" { - description = "The IDs of the load balancer listeners created." - value = module.alb.https_listener_ids -} - -output "target_group_arns" { - description = "ARNs of the target groups. Useful for passing to your Auto Scaling group." - value = module.alb.target_group_arns -} - -output "target_group_arn_suffixes" { - description = "ARN suffixes of our target groups - can be used with CloudWatch." - value = module.alb.target_group_arn_suffixes -} - -output "target_group_names" { - description = "Name of the target group. Useful for passing to your CodeDeploy Deployment Group." - value = module.alb.target_group_names -} - -output "target_group_attachments" { - description = "ARNs of the target group attachment IDs." - value = module.alb.target_group_attachments -} diff --git a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c11-acm-certificatemanager.tf b/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c11-acm-certificatemanager.tf deleted file mode 100644 index 1ec4f8fe..00000000 --- a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c11-acm-certificatemanager.tf +++ /dev/null @@ -1,22 +0,0 @@ -# ACM Module - To create and Verify SSL Certificates -module "acm" { - source = "terraform-aws-modules/acm/aws" - #version = "2.14.0" - version = "3.0.0" - - domain_name = trimsuffix(data.aws_route53_zone.mydomain.name, ".") - zone_id = data.aws_route53_zone.mydomain.zone_id - - subject_alternative_names = [ - "*.devopsincloud.com" - ] - tags = local.common_tags -} - -# Output ACM Certificate ARN -output "this_acm_certificate_arn" { - description = "The ARN of the certificate" - #value = module.acm.this_acm_certificate_arn - value = module.acm.acm_certificate_arn -} - diff --git a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c12-route53-dnsregistration.tf b/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c12-route53-dnsregistration.tf deleted file mode 100644 index 10110493..00000000 --- a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c12-route53-dnsregistration.tf +++ /dev/null @@ -1,11 +0,0 @@ -# DNS Registration -resource "aws_route53_record" "apps_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = "asg-lc.devopsincloud.com" - type = "A" - alias { - name = module.alb.lb_dns_name - zone_id = module.alb.lb_zone_id - evaluate_target_health = true - } -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c13-01-autoscaling-with-launchconfiguration-variables.tf b/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c13-01-autoscaling-with-launchconfiguration-variables.tf deleted file mode 100644 index 72ba1abd..00000000 --- a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c13-01-autoscaling-with-launchconfiguration-variables.tf +++ /dev/null @@ -1,2 +0,0 @@ -# Autoscaling Input Variables -## Placeholder file \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c13-02-autoscaling-additional-resoures.tf b/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c13-02-autoscaling-additional-resoures.tf deleted file mode 100644 index 6fb2c73d..00000000 --- a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c13-02-autoscaling-additional-resoures.tf +++ /dev/null @@ -1,16 +0,0 @@ -# AWS IAM Service Linked Role for Autoscaling Group -resource "aws_iam_service_linked_role" "autoscaling" { - aws_service_name = "autoscaling.amazonaws.com" - description = "A service linked role for autoscaling" - custom_suffix = local.name - - # Sometimes good sleep is required to have some IAM resources created before they can be used - provisioner "local-exec" { - command = "sleep 10" - } -} - -# Output AWS IAM Service Linked Role -output "service_linked_role_arn" { - value = aws_iam_service_linked_role.autoscaling.arn -} diff --git a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c13-03-autoscaling-with-launchconfiguration.tf b/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c13-03-autoscaling-with-launchconfiguration.tf deleted file mode 100644 index 46fa80d1..00000000 --- a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c13-03-autoscaling-with-launchconfiguration.tf +++ /dev/null @@ -1,95 +0,0 @@ -# Autoscaling with Launch Configuration - Both created at a time -module "autoscaling" { - source = "terraform-aws-modules/autoscaling/aws" - version = "4.1.0" - - # Autoscaling group - name = "${local.name}-myasg1" - use_name_prefix = false - - min_size = 2 - max_size = 10 - desired_capacity = 2 - #desired_capacity = 3 # Changed for testing Instance Refresh as part of Step-10 - wait_for_capacity_timeout = 0 - health_check_type = "EC2" - vpc_zone_identifier = module.vpc.private_subnets - service_linked_role_arn = aws_iam_service_linked_role.autoscaling.arn - # Associate ALB with ASG - target_group_arns = module.alb.target_group_arns - - # ASG Lifecycle Hooks - initial_lifecycle_hooks = [ - { - name = "ExampleStartupLifeCycleHook" - default_result = "CONTINUE" - heartbeat_timeout = 60 - lifecycle_transition = "autoscaling:EC2_INSTANCE_LAUNCHING" - # This could be a rendered data resource - notification_metadata = jsonencode({ "hello" = "world" }) - }, - { - name = "ExampleTerminationLifeCycleHook" - default_result = "CONTINUE" - heartbeat_timeout = 180 - lifecycle_transition = "autoscaling:EC2_INSTANCE_TERMINATING" - # This could be a rendered data resource - notification_metadata = jsonencode({ "goodbye" = "world" }) - } - ] - - # ASG Instance Referesh - instance_refresh = { - strategy = "Rolling" - preferences = { - min_healthy_percentage = 50 - } - triggers = ["tag", "desired_capacity"] # Desired Capacity here added for demostrating the Instance Refresh scenario - } - - # ASG Launch configuration - lc_name = "${local.name}-mylc1" - use_lc = true - create_lc = true - - image_id = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - user_data = file("${path.module}/app1-install.sh") - ebs_optimized = true - enable_monitoring = true - - security_groups = [module.private_sg.security_group_id] - associate_public_ip_address = false - - # Add Spot Instances, which creates Spot Requests to get instances at the price listed (Optional argument) - spot_price = "0.014" - #spot_price = "0.016" # Change for Instance Refresh test - - ebs_block_device = [ - { - device_name = "/dev/xvdz" - delete_on_termination = true - encrypted = true - volume_type = "gp2" - volume_size = "20" - }, - ] - - root_block_device = [ - { - delete_on_termination = true - encrypted = true - volume_size = "15" - volume_type = "gp2" - }, - ] - - metadata_options = { - http_endpoint = "enabled" - http_tokens = "optional" # At production grade you can change to "required", for our example if is optional we can get the content in metadata.html - http_put_response_hop_limit = 32 - } - - tags = local.asg_tags -} diff --git a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c13-04-autoscaling-with-launchconfiguration-outputs.tf b/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c13-04-autoscaling-with-launchconfiguration-outputs.tf deleted file mode 100644 index 211db790..00000000 --- a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c13-04-autoscaling-with-launchconfiguration-outputs.tf +++ /dev/null @@ -1,81 +0,0 @@ -# Launch configuration Outputs -output "launch_configuration_id" { - description = "The ID of the launch configuration" - value = module.autoscaling.launch_configuration_id -} - -output "launch_configuration_arn" { - description = "The ARN of the launch configuration" - value = module.autoscaling.launch_configuration_arn -} - -output "launch_configuration_name" { - description = "The name of the launch configuration" - value = module.autoscaling.launch_configuration_name -} - -# Autoscaling Outpus -output "autoscaling_group_id" { - description = "The autoscaling group id" - value = module.autoscaling.autoscaling_group_id -} - -output "autoscaling_group_name" { - description = "The autoscaling group name" - value = module.autoscaling.autoscaling_group_name -} - -output "autoscaling_group_arn" { - description = "The ARN for this AutoScaling Group" - value = module.autoscaling.autoscaling_group_arn -} - -output "autoscaling_group_min_size" { - description = "The minimum size of the autoscale group" - value = module.autoscaling.autoscaling_group_min_size -} - -output "autoscaling_group_max_size" { - description = "The maximum size of the autoscale group" - value = module.autoscaling.autoscaling_group_max_size -} - -output "autoscaling_group_desired_capacity" { - description = "The number of Amazon EC2 instances that should be running in the group" - value = module.autoscaling.autoscaling_group_desired_capacity -} - -output "autoscaling_group_default_cooldown" { - description = "Time between a scaling activity and the succeeding scaling activity" - value = module.autoscaling.autoscaling_group_default_cooldown -} - -output "autoscaling_group_health_check_grace_period" { - description = "Time after instance comes into service before checking health" - value = module.autoscaling.autoscaling_group_health_check_grace_period -} - -output "autoscaling_group_health_check_type" { - description = "EC2 or ELB. Controls how health checking is done" - value = module.autoscaling.autoscaling_group_health_check_type -} - -output "autoscaling_group_availability_zones" { - description = "The availability zones of the autoscale group" - value = module.autoscaling.autoscaling_group_availability_zones -} - -output "autoscaling_group_vpc_zone_identifier" { - description = "The VPC zone identifier" - value = module.autoscaling.autoscaling_group_vpc_zone_identifier -} - -output "autoscaling_group_load_balancers" { - description = "The load balancer names associated with the autoscaling group" - value = module.autoscaling.autoscaling_group_load_balancers -} - -output "autoscaling_group_target_group_arns" { - description = "List of Target Group ARNs that apply to this AutoScaling Group" - value = module.autoscaling.autoscaling_group_target_group_arns -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c13-05-autoscaling-notifications.tf b/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c13-05-autoscaling-notifications.tf deleted file mode 100644 index 0d599a6e..00000000 --- a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c13-05-autoscaling-notifications.tf +++ /dev/null @@ -1,27 +0,0 @@ -# Autoscaling Notifications -## AWS Bug for SNS Topic: https://stackoverflow.com/questions/62694223/cloudwatch-alarm-pending-confirmation -## Due to that create SNS Topic with unique name - -## SNS - Topic -resource "aws_sns_topic" "myasg_sns_topic" { - name = "myasg-sns-topic-${random_pet.this.id}" -} - -## SNS - Subscription -resource "aws_sns_topic_subscription" "myasg_sns_topic_subscription" { - topic_arn = aws_sns_topic.myasg_sns_topic.arn - protocol = "email" - endpoint = "stacksimplify@gmail.com" -} - -## Create Autoscaling Notification Resource -resource "aws_autoscaling_notification" "myasg_notifications" { - group_names = [module.autoscaling.autoscaling_group_id] - notifications = [ - "autoscaling:EC2_INSTANCE_LAUNCH", - "autoscaling:EC2_INSTANCE_TERMINATE", - "autoscaling:EC2_INSTANCE_LAUNCH_ERROR", - "autoscaling:EC2_INSTANCE_TERMINATE_ERROR", - ] - topic_arn = aws_sns_topic.myasg_sns_topic.arn -} diff --git a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c13-06-autoscaling-ttsp.tf b/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c13-06-autoscaling-ttsp.tf deleted file mode 100644 index 0e81c2bf..00000000 --- a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c13-06-autoscaling-ttsp.tf +++ /dev/null @@ -1,33 +0,0 @@ -###### Target Tracking Scaling Policies ###### -# TTS - Scaling Policy-1: Based on CPU Utilization of EC2 Instances -# Define Autoscaling Policies and Associate them to Autoscaling Group -resource "aws_autoscaling_policy" "avg_cpu_policy_greater_than_xx" { - name = "avg-cpu-policy-greater-than-xx" - policy_type = "TargetTrackingScaling" # Important Note: The policy type, either "SimpleScaling", "StepScaling" or "TargetTrackingScaling". If this value isn't provided, AWS will default to "SimpleScaling." - autoscaling_group_name = module.autoscaling.autoscaling_group_id - estimated_instance_warmup = 180 # defaults to ASG default cooldown 300 seconds if not set - # CPU Utilization is above 50 - target_tracking_configuration { - predefined_metric_specification { - predefined_metric_type = "ASGAverageCPUUtilization" - } - target_value = 50.0 - } - -} - -# TTS - Scaling Policy-2: Based on ALB Target Requests -resource "aws_autoscaling_policy" "alb_target_requests_greater_than_yy" { - name = "alb-target-requests-greater-than-yy" - policy_type = "TargetTrackingScaling" # Important Note: The policy type, either "SimpleScaling", "StepScaling" or "TargetTrackingScaling". If this value isn't provided, AWS will default to "SimpleScaling." - autoscaling_group_name = module.autoscaling.autoscaling_group_id - estimated_instance_warmup = 120 # defaults to ASG default cooldown 300 seconds if not set - # Number of requests > 10 completed per target in an Application Load Balancer target group. - target_tracking_configuration { - predefined_metric_specification { - predefined_metric_type = "ALBRequestCountPerTarget" - resource_label = "${module.alb.lb_arn_suffix}/${module.alb.target_group_arn_suffixes[0]}" - } - target_value = 10.0 - } -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c13-07-autoscaling-scheduled-actions.tf b/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c13-07-autoscaling-scheduled-actions.tf deleted file mode 100644 index 76e5a814..00000000 --- a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c13-07-autoscaling-scheduled-actions.tf +++ /dev/null @@ -1,22 +0,0 @@ -## Create Scheduled Actions -### Create Scheduled Action-1: Increase capacity during business hours -resource "aws_autoscaling_schedule" "increase_capacity_9am" { - scheduled_action_name = "increase-capacity-9am" - min_size = 2 - max_size = 10 - desired_capacity = 8 - start_time = "2030-12-11T09:00:00Z" - recurrence = "00 09 * * *" - autoscaling_group_name = module.autoscaling.autoscaling_group_id -} - -### Create Scheduled Action-2: Decrease capacity during non-business hours -resource "aws_autoscaling_schedule" "decrease_capacity_9pm" { - scheduled_action_name = "decrease-capacity-9pm" - min_size = 2 - max_size = 10 - desired_capacity = 2 - start_time = "2030-12-11T21:00:00Z" - recurrence = "00 21 * * *" - autoscaling_group_name = module.autoscaling.autoscaling_group_id -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c2-generic-variables.tf b/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c2-generic-variables.tf deleted file mode 100644 index c238ceaa..00000000 --- a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c2-generic-variables.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Input Variables -# AWS Region -variable "aws_region" { - description = "Region in which AWS Resources to be created" - type = string - default = "us-east-1" -} -# Environment Variable -variable "environment" { - description = "Environment Variable used as a prefix" - type = string - default = "dev" -} -# Business Division -variable "business_divsion" { - description = "Business Division in the large organization this Infrastructure belongs" - type = string - default = "sap" -} diff --git a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c3-local-values.tf b/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c3-local-values.tf deleted file mode 100644 index ba7f09c2..00000000 --- a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c3-local-values.tf +++ /dev/null @@ -1,25 +0,0 @@ -# Define Local Values in Terraform -locals { - owners = var.business_divsion - environment = var.environment - name = "${var.business_divsion}-${var.environment}" - #name = "${local.owners}-${local.environment}" - common_tags = { - owners = local.owners - environment = local.environment - } - - asg_tags = [ - { - key = "Project" - value = "megasecret" - propagate_at_launch = true - }, - { - key = "foo" - value = "" - propagate_at_launch = true - }, - ] - -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c4-01-vpc-variables.tf b/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c4-01-vpc-variables.tf deleted file mode 100644 index b68d0a48..00000000 --- a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c4-01-vpc-variables.tf +++ /dev/null @@ -1,77 +0,0 @@ -# VPC Input Variables - -# VPC Name -variable "vpc_name" { - description = "VPC Name" - type = string - default = "myvpc" -} - -# VPC CIDR Block -variable "vpc_cidr_block" { - description = "VPC CIDR Block" - type = string - default = "10.0.0.0/16" -} - -# VPC Availability Zones -variable "vpc_availability_zones" { - description = "VPC Availability Zones" - type = list(string) - default = ["us-east-1a", "us-east-1b"] -} - -# VPC Public Subnets -variable "vpc_public_subnets" { - description = "VPC Public Subnets" - type = list(string) - default = ["10.0.101.0/24", "10.0.102.0/24"] -} - -# VPC Private Subnets -variable "vpc_private_subnets" { - description = "VPC Private Subnets" - type = list(string) - default = ["10.0.1.0/24", "10.0.2.0/24"] -} - -# VPC Database Subnets -variable "vpc_database_subnets" { - description = "VPC Database Subnets" - type = list(string) - default = ["10.0.151.0/24", "10.0.152.0/24"] -} - -# VPC Create Database Subnet Group (True / False) -variable "vpc_create_database_subnet_group" { - description = "VPC Create Database Subnet Group" - type = bool - default = true -} - -# VPC Create Database Subnet Route Table (True or False) -variable "vpc_create_database_subnet_route_table" { - description = "VPC Create Database Subnet Route Table" - type = bool - default = true -} - - -# VPC Enable NAT Gateway (True or False) -variable "vpc_enable_nat_gateway" { - description = "Enable NAT Gateways for Private Subnets Outbound Communication" - type = bool - default = true -} - -# VPC Single NAT Gateway (True or False) -variable "vpc_single_nat_gateway" { - description = "Enable only single NAT Gateway in one Availability Zone to save costs during our demos" - type = bool - default = true -} - - - - - diff --git a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c4-02-vpc-module.tf b/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c4-02-vpc-module.tf deleted file mode 100644 index 69535c5f..00000000 --- a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c4-02-vpc-module.tf +++ /dev/null @@ -1,43 +0,0 @@ -# Create VPC Terraform Module -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - #version = "2.78.0" - version = "3.0.0" - - # VPC Basic Details - name = "${local.name}-${var.vpc_name}" - cidr = var.vpc_cidr_block - azs = var.vpc_availability_zones - public_subnets = var.vpc_public_subnets - private_subnets = var.vpc_private_subnets - - # Database Subnets - database_subnets = var.vpc_database_subnets - create_database_subnet_group = var.vpc_create_database_subnet_group - create_database_subnet_route_table = var.vpc_create_database_subnet_route_table - # create_database_internet_gateway_route = true - # create_database_nat_gateway_route = true - - # NAT Gateways - Outbound Communication - enable_nat_gateway = var.vpc_enable_nat_gateway - single_nat_gateway = var.vpc_single_nat_gateway - - # VPC DNS Parameters - enable_dns_hostnames = true - enable_dns_support = true - - - tags = local.common_tags - vpc_tags = local.common_tags - - # Additional Tags to Subnets - public_subnet_tags = { - Type = "Public Subnets" - } - private_subnet_tags = { - Type = "Private Subnets" - } - database_subnet_tags = { - Type = "Private Database Subnets" - } -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c4-03-vpc-outputs.tf b/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c4-03-vpc-outputs.tf deleted file mode 100644 index c144e991..00000000 --- a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c4-03-vpc-outputs.tf +++ /dev/null @@ -1,37 +0,0 @@ -# VPC Output Values - -# VPC ID -output "vpc_id" { - description = "The ID of the VPC" - value = module.vpc.vpc_id -} - -# VPC CIDR blocks -output "vpc_cidr_block" { - description = "The CIDR block of the VPC" - value = module.vpc.vpc_cidr_block -} - -# VPC Private Subnets -output "private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc.private_subnets -} - -# VPC Public Subnets -output "public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc.public_subnets -} - -# VPC NAT gateway Public IP -output "nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_public_ips -} - -# VPC AZs -output "azs" { - description = "A list of availability zones spefified as argument to this module" - value = module.vpc.azs -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c5-01-securitygroup-variables.tf b/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c5-01-securitygroup-variables.tf deleted file mode 100644 index fecdef54..00000000 --- a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c5-01-securitygroup-variables.tf +++ /dev/null @@ -1,2 +0,0 @@ -# AWS EC2 Security Group Terraform Variables -## Placeholder file for Variables diff --git a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c5-02-securitygroup-outputs.tf b/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c5-02-securitygroup-outputs.tf deleted file mode 100644 index 2bd8f58c..00000000 --- a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c5-02-securitygroup-outputs.tf +++ /dev/null @@ -1,46 +0,0 @@ -# AWS EC2 Security Group Terraform Outputs - -# Public Bastion Host Security Group Outputs -## public_bastion_sg_group_id -output "public_bastion_sg_group_id" { - description = "The ID of the security group" - #value = module.public_bastion_sg.this_security_group_id - value = module.public_bastion_sg.security_group_id -} - -## public_bastion_sg_group_vpc_id -output "public_bastion_sg_group_vpc_id" { - description = "The VPC ID" - #value = module.public_bastion_sg.this_security_group_vpc_id - value = module.public_bastion_sg.security_group_vpc_id -} - -## public_bastion_sg_group_name -output "public_bastion_sg_group_name" { - description = "The name of the security group" - #value = module.public_bastion_sg.this_security_group_name - value = module.public_bastion_sg.security_group_name -} - -# Private EC2 Instances Security Group Outputs -## private_sg_group_id -output "private_sg_group_id" { - description = "The ID of the security group" - #value = module.private_sg.this_security_group_id - value = module.private_sg.security_group_id -} - -## private_sg_group_vpc_id -output "private_sg_group_vpc_id" { - description = "The VPC ID" - #value = module.private_sg.this_security_group_vpc_id - value = module.private_sg.security_group_vpc_id -} - -## private_sg_group_name -output "private_sg_group_name" { - description = "The name of the security group" - #value = module.private_sg.this_security_group_name - value = module.private_sg.security_group_name -} - diff --git a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c5-03-securitygroup-bastionsg.tf b/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c5-03-securitygroup-bastionsg.tf deleted file mode 100644 index 3be1eb68..00000000 --- a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c5-03-securitygroup-bastionsg.tf +++ /dev/null @@ -1,17 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Public Bastion Host -module "public_bastion_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - version = "4.0.0" - - name = "public-bastion-sg" - description = "Security Group with SSH port open for everybody (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} diff --git a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c5-04-securitygroup-privatesg.tf b/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c5-04-securitygroup-privatesg.tf deleted file mode 100644 index 560a64cf..00000000 --- a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c5-04-securitygroup-privatesg.tf +++ /dev/null @@ -1,18 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Private EC2 Instances -module "private_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - version = "4.0.0" - - name = "private-sg" - description = "Security Group with HTTP & SSH port open for entire VPC Block (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp", "http-80-tcp", "http-8080-tcp"] - ingress_cidr_blocks = [module.vpc.vpc_cidr_block] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} - diff --git a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf b/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf deleted file mode 100644 index e1cdf082..00000000 --- a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf +++ /dev/null @@ -1,29 +0,0 @@ -# Security Group for Public Load Balancer -module "loadbalancer_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - version = "4.0.0" - - name = "loadbalancer-sg" - description = "Security Group with HTTP open for entire Internet (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["http-80-tcp", "https-443-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags - - # Open to CIDRs blocks (rule or from_port+to_port+protocol+description) - ingress_with_cidr_blocks = [ - { - from_port = 81 - to_port = 81 - protocol = 6 - description = "Allow Port 81 from internet" - cidr_blocks = "0.0.0.0/0" - }, - ] -} - - diff --git a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c6-01-datasource-ami.tf b/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c6-01-datasource-ami.tf deleted file mode 100644 index c292b608..00000000 --- a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c6-01-datasource-ami.tf +++ /dev/null @@ -1,21 +0,0 @@ -# Get latest AMI ID for Amazon Linux2 OS -data "aws_ami" "amzlinux2" { - most_recent = true - owners = [ "amazon" ] - filter { - name = "name" - values = [ "amzn2-ami-hvm-*-gp2" ] - } - filter { - name = "root-device-type" - values = [ "ebs" ] - } - filter { - name = "virtualization-type" - values = [ "hvm" ] - } - filter { - name = "architecture" - values = [ "x86_64" ] - } -} diff --git a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c6-02-datasource-route53-zone.tf b/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c6-02-datasource-route53-zone.tf deleted file mode 100644 index a30979d5..00000000 --- a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c6-02-datasource-route53-zone.tf +++ /dev/null @@ -1,16 +0,0 @@ -# Get DNS information from AWS Route53 -data "aws_route53_zone" "mydomain" { - name = "devopsincloud.com" -} - -# Output MyDomain Zone ID -output "mydomain_zoneid" { - description = "The Hosted Zone id of the desired Hosted Zone" - value = data.aws_route53_zone.mydomain.zone_id -} - -# Output MyDomain name -output "mydomain_name" { - description = " The Hosted Zone name of the desired Hosted Zone." - value = data.aws_route53_zone.mydomain.name -} diff --git a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c7-01-ec2instance-variables.tf b/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c7-01-ec2instance-variables.tf deleted file mode 100644 index 5067bec2..00000000 --- a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c7-01-ec2instance-variables.tf +++ /dev/null @@ -1,23 +0,0 @@ -# AWS EC2 Instance Terraform Variables -# EC2 Instance Variables - -# AWS EC2 Instance Type -variable "instance_type" { - description = "EC2 Instance Type" - type = string - default = "t3.micro" -} - -# AWS EC2 Instance Key Pair -variable "instance_keypair" { - description = "AWS EC2 Key pair that need to be associated with EC2 Instance" - type = string - default = "terraform-key" -} - -# AWS EC2 Private Instance Count -variable "private_instance_count" { - description = "AWS EC2 Private Instances Count" - type = number - default = 1 -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c7-02-ec2instance-outputs.tf b/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c7-02-ec2instance-outputs.tf deleted file mode 100644 index 14415a3f..00000000 --- a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c7-02-ec2instance-outputs.tf +++ /dev/null @@ -1,15 +0,0 @@ -# AWS EC2 Instance Terraform Outputs -# Public EC2 Instances - Bastion Host - -## ec2_bastion_public_instance_ids -output "ec2_bastion_public_instance_ids" { - description = "List of IDs of instances" - value = module.ec2_public.id -} - -## ec2_bastion_public_ip -output "ec2_bastion_public_ip" { - description = "List of public IP addresses assigned to the instances" - value = module.ec2_public.public_ip -} - diff --git a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c7-03-ec2instance-bastion.tf b/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c7-03-ec2instance-bastion.tf deleted file mode 100644 index b13a1b56..00000000 --- a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c7-03-ec2instance-bastion.tf +++ /dev/null @@ -1,18 +0,0 @@ -# AWS EC2 Instance Terraform Module -# Bastion Host - EC2 Instance that will be created in VPC Public Subnet -module "ec2_public" { - source = "terraform-aws-modules/ec2-instance/aws" - version = "2.17.0" - # insert the 10 required variables here - name = "${var.environment}-BastionHost" - #instance_count = 5 - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - subnet_id = module.vpc.public_subnets[0] - #vpc_security_group_ids = [module.public_bastion_sg.this_security_group_id] - vpc_security_group_ids = [module.public_bastion_sg.security_group_id] - tags = local.common_tags -} - diff --git a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c8-elasticip.tf b/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c8-elasticip.tf deleted file mode 100644 index 07fe130b..00000000 --- a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c8-elasticip.tf +++ /dev/null @@ -1,16 +0,0 @@ -# Create Elastic IP for Bastion Host -# Resource - depends_on Meta-Argument -resource "aws_eip" "bastion_eip" { - depends_on = [ module.ec2_public, module.vpc ] - instance = module.ec2_public.id[0] - vpc = true - tags = local.common_tags - -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) - provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } -} diff --git a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c9-nullresource-provisioners.tf b/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c9-nullresource-provisioners.tf deleted file mode 100644 index a4b0bcdf..00000000 --- a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/c9-nullresource-provisioners.tf +++ /dev/null @@ -1,42 +0,0 @@ -# Create a Null Resource and Provisioners -resource "null_resource" "name" { - depends_on = [module.ec2_public] - # Connection Block for Provisioners to connect to EC2 Instance - connection { - type = "ssh" - host = aws_eip.bastion_eip.public_ip - user = "ec2-user" - password = "" - private_key = file("private-key/terraform-key.pem") - } - -## File Provisioner: Copies the terraform-key.pem file to /tmp/terraform-key.pem - provisioner "file" { - source = "private-key/terraform-key.pem" - destination = "/tmp/terraform-key.pem" - } -## Remote Exec Provisioner: Using remote-exec provisioner fix the private key permissions on Bastion Host - provisioner "remote-exec" { - inline = [ - "sudo chmod 400 /tmp/terraform-key.pem" - ] - } -## Local Exec Provisioner: local-exec provisioner (Creation-Time Provisioner - Triggered during Create Resource) - provisioner "local-exec" { - command = "echo VPC created on `date` and VPC ID: ${module.vpc.vpc_id} >> creation-time-vpc-id.txt" - working_dir = "local-exec-output-files/" - #on_failure = continue - } -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) -/* provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } - */ - -} - -# Creation Time Provisioners - By default they are created during resource creations (terraform apply) -# Destory Time Provisioners - Will be executed during "terraform destroy" command (when = destroy) \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/ec2instance.auto.tfvars b/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/ec2instance.auto.tfvars deleted file mode 100644 index 2d1c0446..00000000 --- a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/ec2instance.auto.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -# EC2 Instance Variables -instance_type = "t3.micro" -instance_keypair = "terraform-key" -private_instance_count = 2 diff --git a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt b/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt deleted file mode 100644 index 92029d78..00000000 --- a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt +++ /dev/null @@ -1,12 +0,0 @@ -VPC created on Tue Apr 20 13:59:45 IST 2021 and VPC ID: vpc-0325dc1acd7eec103 -VPC created on Fri Apr 23 14:38:18 IST 2021 and VPC ID: vpc-0159283c216ac75de -VPC created on Tue Apr 27 10:44:49 IST 2021 and VPC ID: vpc-0f27dbec1d02214ac -VPC created on Tue Apr 27 11:43:16 IST 2021 and VPC ID: vpc-0919ae691ce17b447 -VPC created on Tue Apr 27 15:46:33 IST 2021 and VPC ID: vpc-0c049ce82c2fef9d3 -VPC created on Wed Apr 28 07:46:02 IST 2021 and VPC ID: vpc-0d39babb1eceb9575 -VPC created on Wed Apr 28 09:38:00 IST 2021 and VPC ID: vpc-09e48c566409ec82d -VPC created on Wed Apr 28 10:24:07 IST 2021 and VPC ID: vpc-09022e15de01c4a50 -VPC created on Wed Apr 28 10:50:57 IST 2021 and VPC ID: vpc-092812c768984d8be -VPC created on Wed Apr 28 11:34:10 IST 2021 and VPC ID: vpc-01adbaf8ac37d8544 -VPC created on Thu Apr 29 07:49:39 IST 2021 and VPC ID: vpc-076756b5a8528bb7c -VPC created on Tue May 4 10:48:59 IST 2021 and VPC ID: vpc-00108076e81b11c59 diff --git a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/local-exec-output-files/destroy-time-prov.txt b/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/local-exec-output-files/destroy-time-prov.txt deleted file mode 100644 index af8c4bff..00000000 --- a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/local-exec-output-files/destroy-time-prov.txt +++ /dev/null @@ -1,12 +0,0 @@ -Destroy time prov Tue Apr 20 14:11:11 IST 2021 -Destroy time prov Fri Apr 23 16:06:53 IST 2021 -Destroy time prov Tue Apr 27 11:10:39 IST 2021 -Destroy time prov Tue Apr 27 13:09:09 IST 2021 -Destroy time prov Tue Apr 27 16:20:51 IST 2021 -Destroy time prov Wed Apr 28 08:12:01 IST 2021 -Destroy time prov Wed Apr 28 10:12:10 IST 2021 -Destroy time prov Wed Apr 28 10:39:23 IST 2021 -Destroy time prov Wed Apr 28 11:24:38 IST 2021 -Destroy time prov Wed Apr 28 13:05:25 IST 2021 -Destroy time prov Thu Apr 29 11:15:01 IST 2021 -Destroy time prov Tue May 4 12:08:25 IST 2021 diff --git a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/private-key/terraform-key.pem b/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/private-key/terraform-key.pem deleted file mode 100644 index fab1eb2a..00000000 --- a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/private-key/terraform-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAnzQtbXStFNU4znotckbPpAbQvymSYBvIRhObDObmhZLzs/Qm -lm57HBU18NcdAeEmKjHyu/2CI4Wwor3TJ+LTKHIldHmCt+26dSN5889Km99Af674 -nuPg9fTt8IXhY83aO0AeEnFivC+lk9+6Xezv7J7Llsmyx3kvUGE4uUEPNPuNcjdU -OrSlQ/Th9FPWBsTL8wLQCfQaPIQhZT8fXnvNGViTpZ/YqcoKGmkXcMl/+Pi0Xccs -ID3Egl18sV5uWr6T1DSMqhhwWYbl+IagZYUeKQ6Lg5znAtnX2/OHhDep6pGcf+aE -jbRkhQWgfLIVYhNXkAGxdxBEA2fQO0wvnaKI6wIDAQABAoIBABmUZqApmQ253LDA -TMEJw58VQUEVyuEKVbl8uPLvvqZDoEiPuAt/oOQ4PDyAM7bzmBA7ikbOSrSubF0Z -pu3HsinTfVUjmO84kTb1Bkk4S0KUMmbRlDzjXGfofLqiqD5C+wd+G9bWxQh7l10V -G3qv8TTRpuCJc+I9BG8jz9tkKq9WYtnGKXktVIAmEXK+ein8A5yj+szV1CyP0y6Y -6D1KApk+o1hLEXCBxaK6JgD4elJWgU0jCIhRFZzae93yozNIfJc2WZfPc8Ro6GBa -8H57q3E241P7S65VewhZlln9AUcRFYc587ohcCIW8mOWQ8NA3IMP+oVxa2p334Ll -duhR2jECgYEAyf7a1/+/c82B+ENyo53Y5CK2UM28oOJjiyCaWG2Dxj6V2+ZSXPrS -YTo43L9XiqT0Ry2eHjb4pJDsEeW5FnaDFO6NVUP+vfzaqWtozQmVAl3GQybbSh6g -+KJoEQff2Obadp9ZVhLFTiBedvGqPD43hs7jtmk5RfMjpLOvidfe+/UCgYEAycSJ -etYYHMMQm2NgX1/4dcbgOiu33N+x1H7LaXuvJMaZw0wB7fUyu65CAexEanDtiKs3 -jVG4tAzdMmHg7VxKR7eiCvQaSlxdWdcWtL2eFVq2TaQeowbpJUtsR0h6W0vpaN9A -VYW/oAH4fzQskwmWSlBMxB/Ie14hBCBckTXSRV8CgYEAql6WXpCK/jVbZfYdfvrn -sKPGeijM7DWGGBaLmAHmnxKyeyKsXVgAkZj11NpeD8ZJcq97Kajb1pGVSxMjJVsX -/FOoST5sYfoew76gSi/GypQlYQYo9z8WLh9s/tBRcTRlFqAYTYzPdbG/ezshhmZD -lyRw0620bNdCPOyBJhY5MPECgYA/3tFOazuSz0UQi3LUfkLetagBghlf+AgJJmIp -8BdPYvcF1ae+tiHrO4x1o188+qaW3uxk9fusM25KJqXXPaHd9gl7wi4YYAjFCcuM -R4IlbGPNTCjOnr9rKOcL4aup/uvSYOmyqPYyJq2NRuzdVumWeLj0VMNYGkIFVmE3 -LnxzrQKBgG5loEjdSKt40YOMXtYvUYUKDGvWgoQEb0hj3OqiBXz+w4YD3/iX7dbQ -qra1gCxE42Z9beiBiti6zi6zGcoVj/pfNUoyxTLMSwaytbF+g1u6ksXcmC9PXcmk -kJDR0DJcm/rcL8tp3PKo22GDB7sobm9gk5je6y8z+dQs3SQbWzb0 ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/terraform.tfvars b/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/terraform.tfvars deleted file mode 100644 index 8b9f8d7c..00000000 --- a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/terraform.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# Generic Variables -aws_region = "us-east-1" -environment = "stag" -business_divsion = "hr" - - - - - - - diff --git a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/vpc.auto.tfvars b/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/vpc.auto.tfvars deleted file mode 100644 index fc45bf29..00000000 --- a/V1-UPDATES-DEC2023/14-DEPRECATED-Autoscaling-with-Launch-Configuration/terraform-manifests/vpc.auto.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# VPC Variables -vpc_name = "myvpc" -vpc_cidr_block = "10.0.0.0/16" -vpc_availability_zones = ["us-east-1a", "us-east-1b"] -vpc_public_subnets = ["10.0.101.0/24", "10.0.102.0/24"] -vpc_private_subnets = ["10.0.1.0/24", "10.0.2.0/24"] -vpc_database_subnets= ["10.0.151.0/24", "10.0.152.0/24"] -vpc_create_database_subnet_group = true -vpc_create_database_subnet_route_table = true -vpc_enable_nat_gateway = true -vpc_single_nat_gateway = true \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/README.md b/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/README.md deleted file mode 100644 index 54debbe7..00000000 --- a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/README.md +++ /dev/null @@ -1,329 +0,0 @@ ---- -title: AWS Autoscaling with Launch Templates -description: Create AWS Autoscaling with Launch Templates using Terraform ---- -# AWS Autoscaling with Launch Templates using Terraform -## Step-00: Introduction -- Create Launch Templates using Terraform Resources -- Create Autoscaling Group using Terraform Resources -- Create Autoscaling following features using Terraform Resources - - Autoscaling Notifications - - Autoscaling Scheduled Actions - - Autoscaling Target Tracking Scaling Policies (TTSP) -[](https://stacksimplify.com/course-images/terraform-aws-autoscaling-launch-template-1.png) - -[](https://stacksimplify.com/course-images/terraform-aws-autoscaling-launch-template-2.png) - -[](https://stacksimplify.com/course-images/terraform-aws-autoscaling-launch-template-3.png) - -## Step-01: Create Launch Templates Manually to Understand more -- Create Launch templates manually -- **Scenario-1:** Create base Launch Template (standardized template) -- **Scenario-2:** Create App1 Launch Template referencing the base template by adding additional features to it -- **Scenario-3:** Create new version of App1 Launch Template and also switch the default version of Launch Template -- We already know about Autoscaling Groups which we learned in launch configurations, so we can ignore that and move on to creating all these with Terraform. - -## Step-02: Review existing configuration files -- Copy `c1 to c12` from Section-14 `14-Autoscaling-with-Launch-Configuration` - -## Step-03: c12-route53-dnsregistration.tf -- Update DNS name relevant to demo -```t - name = "asg-lt1.devopsincloud.com" -``` - -## Step-04: c13-01-autoscaling-with-launchtemplate-variables.tf -- Place holder file to define variables for autoscaling - -## Step-05: c13-02-autoscaling-launchtemplate-resource.tf -- Define [Launch Template Resource](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_template) -```t -# Launch Template Resource -resource "aws_launch_template" "my_launch_template" { - name = "my-launch-template" - description = "My Launch Template" - image_id = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - - vpc_security_group_ids = [module.private_sg.security_group_id] - key_name = var.instance_keypair - user_data = filebase64("${path.module}/app1-install.sh") - ebs_optimized = true - #default_version = 1 - update_default_version = true - block_device_mappings { - device_name = "/dev/sda1" - ebs { - volume_size = 10 - #volume_size = 20 # LT Update Testing - Version 2 of LT - delete_on_termination = true - volume_type = "gp2" # default is gp2 - } - } - monitoring { - enabled = true - } - - tag_specifications { - resource_type = "instance" - tags = { - Name = "myasg" - } - } -} -``` - -## Step-06: c13-03-autoscaling-resource.tf -- Define [Autoscaling Group Terraform Resource](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_group) -```t -# Autoscaling Group Resource -resource "aws_autoscaling_group" "my_asg" { - name_prefix = "myasg-" - desired_capacity = 2 - max_size = 10 - min_size = 2 - vpc_zone_identifier = module.vpc.private_subnets - /*[ - module.vpc.private_subnet[0], - module.vpc.private_subnet[1] - ]*/ - target_group_arns = module.alb.target_group_arns - health_check_type = "EC2" - #health_check_grace_period = 300 # default is 300 seconds - # Launch Template - launch_template { - id = aws_launch_template.my_launch_template.id - version = aws_launch_template.my_launch_template.latest_version - } - # Instance Refresh - instance_refresh { - strategy = "Rolling" - preferences { - #instance_warmup = 300 # Default behavior is to use the Auto Scaling Group's health check grace period. - min_healthy_percentage = 50 - } - triggers = [ /*"launch_template",*/ "desired_capacity" ] # You can add any argument from ASG here, if those has changes, ASG Instance Refresh will trigger - } - tag { - key = "Owners" - value = "Web-Team" - propagate_at_launch = true - } -} -``` - -## Step-07: c13-04-autoscaling-with-launchtemplate-outputs.tf -- Define Launch Template and Autoscaling basic outputs -```t -# Launch Template Outputs -output "launch_template_id" { - description = "Launch Template ID" - value = aws_launch_template.my_launch_template.id -} - -output "launch_template_latest_version" { - description = "Launch Template Latest Version" - value = aws_launch_template.my_launch_template.latest_version -} - -# Autoscaling Outputs -output "autoscaling_group_id" { - description = "Autoscaling Group ID" - value = aws_autoscaling_group.my_asg.id -} - -output "autoscaling_group_name" { - description = "Autoscaling Group Name" - value = aws_autoscaling_group.my_asg.name -} - -output "autoscaling_group_arn" { - description = "Autoscaling Group ARN" - value = aws_autoscaling_group.my_asg.arn -} -``` - -## Step-08: c13-05-autoscaling-notifications.tf -```t -# Autoscaling Notifications -## SNS - Topic -resource "aws_sns_topic" "myasg_sns_topic" { - name = "myasg-sns-topic" -} - -## SNS - Subscription -resource "aws_sns_topic_subscription" "myasg_sns_topic_subscription" { - topic_arn = aws_sns_topic.myasg_sns_topic.arn - protocol = "email" - endpoint = "stacksimplify@gmail.com" -} - -## Create Autoscaling Notification Resource -resource "aws_autoscaling_notification" "myasg_notifications" { - group_names = [aws_autoscaling_group.my_asg.id] - notifications = [ - "autoscaling:EC2_INSTANCE_LAUNCH", - "autoscaling:EC2_INSTANCE_TERMINATE", - "autoscaling:EC2_INSTANCE_LAUNCH_ERROR", - "autoscaling:EC2_INSTANCE_TERMINATE_ERROR", - ] - topic_arn = aws_sns_topic.myasg_sns_topic.arn -} -``` - -## Step-09: c13-06-autoscaling-ttsp.tf -```t -###### Target Tracking Scaling Policies ###### -# TTS - Scaling Policy-1: Based on CPU Utilization -# Define Autoscaling Policies and Associate them to Autoscaling Group -resource "aws_autoscaling_policy" "avg_cpu_policy_greater_than_xx" { - name = "avg-cpu-policy-greater-than-xx" - policy_type = "TargetTrackingScaling" # Important Note: The policy type, either "SimpleScaling", "StepScaling" or "TargetTrackingScaling". If this value isn't provided, AWS will default to "SimpleScaling." - autoscaling_group_name = aws_autoscaling_group.my_asg.id - estimated_instance_warmup = 180 # defaults to ASG default cooldown 300 seconds if not set - # CPU Utilization is above 50 - target_tracking_configuration { - predefined_metric_specification { - predefined_metric_type = "ASGAverageCPUUtilization" - } - target_value = 50.0 - } - -} - -# TTS - Scaling Policy-2: Based on ALB Target Requests -resource "aws_autoscaling_policy" "alb_target_requests_greater_than_yy" { - name = "alb-target-requests-greater-than-yy" - policy_type = "TargetTrackingScaling" # Important Note: The policy type, either "SimpleScaling", "StepScaling" or "TargetTrackingScaling". If this value isn't provided, AWS will default to "SimpleScaling." - autoscaling_group_name = aws_autoscaling_group.my_asg.id - estimated_instance_warmup = 120 # defaults to ASG default cooldown 300 seconds if not set - # Number of requests > 10 completed per target in an Application Load Balancer target group. - target_tracking_configuration { - predefined_metric_specification { - predefined_metric_type = "ALBRequestCountPerTarget" - resource_label = "${module.alb.lb_arn_suffix}/${module.alb.target_group_arn_suffixes[0]}" - } - target_value = 10.0 - } -} -``` - -## Step-10: c13-07-autoscaling-scheduled-actions.tf -```t -## Create Scheduled Actions -### Create Scheduled Action-1: Increase capacity during business hours -resource "aws_autoscaling_schedule" "increase_capacity_7am" { - scheduled_action_name = "increase-capacity-7am" - min_size = 2 - max_size = 10 - desired_capacity = 8 - start_time = "2030-03-30T11:00:00Z" # Time should be provided in UTC Timezone (11am UTC = 7AM EST) - recurrence = "00 09 * * *" - autoscaling_group_name = aws_autoscaling_group.my_asg.id -} -### Create Scheduled Action-2: Decrease capacity during business hours -resource "aws_autoscaling_schedule" "decrease_capacity_5pm" { - scheduled_action_name = "decrease-capacity-5pm" - min_size = 2 - max_size = 10 - desired_capacity = 2 - start_time = "2030-03-30T21:00:00Z" # Time should be provided in UTC Timezone (9PM UTC = 5PM EST) - recurrence = "00 21 * * *" - autoscaling_group_name = aws_autoscaling_group.my_asg.id -} -``` - -## Step-11: Execute Terraform Commands -```t -# Terraform Initialize -terraform init - -# Terrafom Validate -terraform validate - -# Terraform Plan -terraform plan - -# Terraform Apply -terraform apply -auto-approve -``` - -## Step-12: Verify the AWS resources created -0. Confirm SNS Subscription in your email -1. Verify EC2 Instances -2. Verify Launch Templates (High Level) -3. Verify Autoscaling Group (High Level) -4. Verify Load Balancer -5. Verify Load Balancer Target Group - Health Checks -6. Verify Autoscaling Group Features In detail -- Details Tab - - ASG Group Details - - Launch Configuration -- Activity Tab -- Automatic Scaling - - Target Tracking Scaling Policies (TTSP) - - Scheduled Actions -- Instance Management - - Instances - - Lifecycle Hooks -- Monitoring - - Autoscaling - - EC2 -- Instance Refresh Tab -7. Access and Test -```t -# Access and Test -http://asg-lt.devopsincloud.com -http://asg-lt.devopsincloud.com/app1/index.html -http://asg-lt.devopsincloud.com/app1/metadata.html -``` - -## Step-13: Update Launch Template and Verify -```t -# Before - ebs { - volume_size = 10 - #volume_size = 20 # LT Update Testing - Version 2 of LT - delete_on_termination = true - volume_type = "gp2" # default is gp2 - } - -# After - ebs { - #volume_size = 10 - volume_size = 20 # LT Update Testing - Version 2 of LT - delete_on_termination = true - volume_type = "gp2" # default is gp2 - } -``` -- Execute Terraform Commands -```t -# Terraform Plan -terraform plan - -# Terraform Apply -terraform apply -auto-approve - -# Observation -1. Consistently monitor the Autoscaling "Activity" and "Instance Refresh" tabs. -2. In close to 5 to 10 minutes, instances will be refreshed -3. Verify EC2 Instances, old will be terminated and new will be created -``` - -## Step-14: Clean-Up -```t -# Terraform Destroy -terraform destroy -auto-approve - -# Clean-Up Files -rm -rf .terraform* -rm -rf terraform.tfstate* -``` - -## Additional Troubleshooting -``` -$ terraform import aws_launch_template.web lt-12345678 - -terraform import aws_launch_template.mytemp lt-02a572ea76508f68d -``` - diff --git a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/UPGRADES.md b/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/UPGRADES.md deleted file mode 100644 index f42fec9c..00000000 --- a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/UPGRADES.md +++ /dev/null @@ -1,123 +0,0 @@ -# Terraform Manifest Upgrades - -## Step-01: c10-02-ALB-application-loadbalancer.tf -```t -# Terraform AWS Application Load Balancer (ALB) -module "alb" { - source = "terraform-aws-modules/alb/aws" - #version = "5.16.0" - version = "9.4.0" - - name = "${local.name}-alb" - load_balancer_type = "application" - vpc_id = module.vpc.vpc_id - subnets = module.vpc.public_subnets - security_groups = [module.loadbalancer_sg.security_group_id] - - # For example only - enable_deletion_protection = false - -# Listeners - listeners = { - # Listener-1: my-http-https-redirect - my-http-https-redirect = { - port = 80 - protocol = "HTTP" - redirect = { - port = "443" - protocol = "HTTPS" - status_code = "HTTP_301" - } - }# End my-http-https-redirect Listener - - # Listener-2: my-https-listener - my-https-listener = { - port = 443 - protocol = "HTTPS" - ssl_policy = "ELBSecurityPolicy-TLS13-1-2-Res-2021-06" - certificate_arn = module.acm.acm_certificate_arn - - # Fixed Response for Root Context - fixed_response = { - content_type = "text/plain" - message_body = "Fixed Static message - for Root Context" - status_code = "200" - }# End of Fixed Response - - # Load Balancer Rules - rules = { - # Rule-1: myapp1-rule - myapp1-rule = { - actions = [{ - type = "weighted-forward" - target_groups = [ - { - target_group_key = "mytg1" - weight = 1 - } - ] - stickiness = { - enabled = true - duration = 3600 - } - }] - conditions = [{ - path_pattern = { - values = ["/*"] - } - }] - }# End of myapp1-rule - }# End Rules Block - }# End my-https-listener Block - }# End Listeners Block - -# Target Groups - target_groups = { - # Target Group-1: mytg1 - mytg1 = { - # VERY IMPORTANT: We will create aws_lb_target_group_attachment resource separately when we use create_attachment = false, refer above GitHub issue URL. - ## Github ISSUE: https://github.com/terraform-aws-modules/terraform-aws-alb/issues/316 - ## Search for "create_attachment" to jump to that Github issue solution - create_attachment = false - name_prefix = "mytg1-" - protocol = "HTTP" - port = 80 - target_type = "instance" - deregistration_delay = 10 - load_balancing_cross_zone_enabled = false - protocol_version = "HTTP1" - health_check = { - enabled = true - interval = 30 - path = "/app1/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - protocol = "HTTP" - matcher = "200-399" - }# End of Health Check Block - tags = local.common_tags # Target Group Tags - } # END of Target Group-1: mytg1 - } # END OF target_groups - tags = local.common_tags # ALB Tags -}# End of alb module -``` - -## Step-02: c13-03-autoscaling-resource.tf -```t -# Before - target_group_arns = module.alb.target_group_arns - -# After - target_group_arns = [module.alb.target_groups["mytg1"].arn] -``` - -## Step-03: c13-06-autoscaling-ttsp.tf -```t -# Before - resource_label = "${module.alb.lb_arn_suffix}/${module.alb.target_group_arn_suffixes[0]}" - -# After - resource_label = "${module.alb.arn_suffix}/${module.alb.target_groups["mytg1"].arn_suffix}" -``` \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/app1-install.sh b/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/app1-install.sh deleted file mode 100644 index f697dd1d..00000000 --- a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/app1-install.sh +++ /dev/null @@ -1,12 +0,0 @@ -#! /bin/bash -# Instance Identity Metadata Reference - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html -sudo yum update -y -sudo yum install -y httpd -sudo systemctl enable httpd -sudo service httpd start -sudo echo 'Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app1/index.html -sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app1/metadata.html - - diff --git a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c1-versions.tf b/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c1-versions.tf deleted file mode 100644 index dfbebfad..00000000 --- a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c1-versions.tf +++ /dev/null @@ -1,33 +0,0 @@ -# Terraform Block -terraform { - required_version = ">= 1.6" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 5.0" - } - null = { - source = "hashicorp/null" - version = "~> 3.0" - } - random = { - source = "hashicorp/random" - version = "~> 3.0" - } - } -} - -# Provider Block -provider "aws" { - region = var.aws_region - profile = "default" -} -/* -Note-1: AWS Credentials Profile (profile = "default") configured on your local desktop terminal -$HOME/.aws/credentials -*/ - -# Create Random Pet Resource -resource "random_pet" "this" { - length = 2 -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf b/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf deleted file mode 100644 index 0aeebd65..00000000 --- a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf +++ /dev/null @@ -1,3 +0,0 @@ -# Terraform AWS Application Load Balancer Variables -# Place holder file for AWS ALB Variables - diff --git a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c10-02-ALB-application-loadbalancer.tf b/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c10-02-ALB-application-loadbalancer.tf deleted file mode 100644 index 164cffaf..00000000 --- a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c10-02-ALB-application-loadbalancer.tf +++ /dev/null @@ -1,103 +0,0 @@ -# Terraform AWS Application Load Balancer (ALB) -module "alb" { - source = "terraform-aws-modules/alb/aws" - #version = "5.16.0" - version = "9.4.0" - - name = "${local.name}-alb" - load_balancer_type = "application" - vpc_id = module.vpc.vpc_id - subnets = module.vpc.public_subnets - security_groups = [module.loadbalancer_sg.security_group_id] - - # For example only - enable_deletion_protection = false - -# Listeners - listeners = { - # Listener-1: my-http-https-redirect - my-http-https-redirect = { - port = 80 - protocol = "HTTP" - redirect = { - port = "443" - protocol = "HTTPS" - status_code = "HTTP_301" - } - }# End my-http-https-redirect Listener - - # Listener-2: my-https-listener - my-https-listener = { - port = 443 - protocol = "HTTPS" - ssl_policy = "ELBSecurityPolicy-TLS13-1-2-Res-2021-06" - certificate_arn = module.acm.acm_certificate_arn - - # Fixed Response for Root Context - fixed_response = { - content_type = "text/plain" - message_body = "Fixed Static message - for Root Context" - status_code = "200" - }# End of Fixed Response - - # Load Balancer Rules - rules = { - # Rule-1: myapp1-rule - myapp1-rule = { - actions = [{ - type = "weighted-forward" - target_groups = [ - { - target_group_key = "mytg1" - weight = 1 - } - ] - stickiness = { - enabled = true - duration = 3600 - } - }] - conditions = [{ - path_pattern = { - values = ["/*"] - } - }] - }# End of myapp1-rule - }# End Rules Block - }# End my-https-listener Block - }# End Listeners Block - -# Target Groups - target_groups = { - # Target Group-1: mytg1 - mytg1 = { - # VERY IMPORTANT: We will create aws_lb_target_group_attachment resource separately when we use create_attachment = false, refer above GitHub issue URL. - ## Github ISSUE: https://github.com/terraform-aws-modules/terraform-aws-alb/issues/316 - ## Search for "create_attachment" to jump to that Github issue solution - create_attachment = false - name_prefix = "mytg1-" - protocol = "HTTP" - port = 80 - target_type = "instance" - deregistration_delay = 10 - load_balancing_cross_zone_enabled = false - protocol_version = "HTTP1" - health_check = { - enabled = true - interval = 30 - path = "/app1/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - protocol = "HTTP" - matcher = "200-399" - }# End of Health Check Block - tags = local.common_tags # Target Group Tags - } # END of Target Group-1: mytg1 - - } # END OF target_groups - tags = local.common_tags # ALB Tags -}# End of alb module - - diff --git a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf b/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf deleted file mode 100644 index 25387755..00000000 --- a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf +++ /dev/null @@ -1,41 +0,0 @@ -# Terraform AWS Application Load Balancer (ALB) Outputs - -output "lb_id" { - description = "The ID and ARN of the load balancer we created." - value = module.alb.id -} - -output "lb_arn" { - description = "The ID and ARN of the load balancer we created." - value = module.alb.arn -} - -output "lb_dns_name" { - description = "The DNS name of the load balancer." - value = module.alb.dns_name -} - -output "lb_arn_suffix" { - description = "ARN suffix of our load balancer - can be used with CloudWatch." - value = module.alb.arn_suffix -} - -output "lb_zone_id" { - description = "The zone_id of the load balancer to assist with creating DNS records." - value = module.alb.zone_id -} - -output "listener_rules" { - description = "Map of listeners rules created and their attributes" - value = module.alb.listener_rules -} - -output "listeners" { - description = "Map of listeners created and their attributes" - value = module.alb.listeners -} - -output "target_groups" { - description = "Map of target groups created and their attributes" - value = module.alb.target_groups -} diff --git a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c11-acm-certificatemanager.tf b/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c11-acm-certificatemanager.tf deleted file mode 100644 index e5ea7d06..00000000 --- a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c11-acm-certificatemanager.tf +++ /dev/null @@ -1,26 +0,0 @@ -# ACM Module - To create and Verify SSL Certificates -module "acm" { - source = "terraform-aws-modules/acm/aws" - #version = "2.14.0" - #version = "3.0.0" - version = "5.0.0" - - domain_name = trimsuffix(data.aws_route53_zone.mydomain.name, ".") - zone_id = data.aws_route53_zone.mydomain.zone_id - - subject_alternative_names = [ - "*.devopsincloud.com" - ] - tags = local.common_tags - # Validation Method - validation_method = "DNS" - wait_for_validation = true -} - -# Output ACM Certificate ARN -output "this_acm_certificate_arn" { - description = "The ARN of the certificate" - #value = module.acm.this_acm_certificate_arn - value = module.acm.acm_certificate_arn -} - diff --git a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c12-route53-dnsregistration.tf b/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c12-route53-dnsregistration.tf deleted file mode 100644 index 85072338..00000000 --- a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c12-route53-dnsregistration.tf +++ /dev/null @@ -1,13 +0,0 @@ -# DNS Registration -resource "aws_route53_record" "apps_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = "asg-lt.devopsincloud.com" - type = "A" - alias { - #name = module.alb.lb_dns_name - #zone_id = module.alb.lb_zone_id - name = module.alb.dns_name - zone_id = module.alb.zone_id - evaluate_target_health = true - } -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c13-01-autoscaling-with-launchtemplate-variables.tf b/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c13-01-autoscaling-with-launchtemplate-variables.tf deleted file mode 100644 index 72ba1abd..00000000 --- a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c13-01-autoscaling-with-launchtemplate-variables.tf +++ /dev/null @@ -1,2 +0,0 @@ -# Autoscaling Input Variables -## Placeholder file \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c13-02-autoscaling-launchtemplate-resource.tf b/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c13-02-autoscaling-launchtemplate-resource.tf deleted file mode 100644 index 2e0e54ab..00000000 --- a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c13-02-autoscaling-launchtemplate-resource.tf +++ /dev/null @@ -1,34 +0,0 @@ -# Launch Template Resource -resource "aws_launch_template" "my_launch_template" { - name = "my-launch-template" - description = "My Launch template" - image_id = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - - vpc_security_group_ids = [ module.private_sg.security_group_id ] - key_name = var.instance_keypair - user_data = filebase64("${path.module}/app1-install.sh") - ebs_optimized = true - #default_version = 1 - update_default_version = true - block_device_mappings { - device_name = "/dev/sda1" - ebs { - #volume_size = 10 - volume_size = 20 # LT Update Testing - Version 2 of LT - delete_on_termination = true - volume_type = "gp2" # default is gp2 - } - } - monitoring { - enabled = true - } - tag_specifications { - resource_type = "instance" - tags = { - Name = "myasg" - } - } - -} - diff --git a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c13-03-autoscaling-resource.tf b/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c13-03-autoscaling-resource.tf deleted file mode 100644 index b9ed2bf4..00000000 --- a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c13-03-autoscaling-resource.tf +++ /dev/null @@ -1,33 +0,0 @@ -# Autoscaling Group Resource -resource "aws_autoscaling_group" "my_asg" { - name_prefix = "myasg-" - desired_capacity = 2 - max_size = 10 - min_size = 2 - vpc_zone_identifier = module.vpc.private_subnets - - # Change-1: ALB Module upgraded to 9.4.0 - #target_group_arns = module.alb.target_group_arns - target_group_arns = [module.alb.target_groups["mytg1"].arn] # UPDATED - - health_check_type = "EC2" - #health_check_grace_period = 300 # default is 300 seconds - launch_template { - id = aws_launch_template.my_launch_template.id - version = aws_launch_template.my_launch_template.latest_version - } - # Instance Refresh - instance_refresh { - strategy = "Rolling" - preferences { - # instance_warmup = 300 # Default behavior is to use the Auto Scaling Groups health check grace period value - min_healthy_percentage = 50 - } - triggers = [ "desired_capacity" ] # You can add any argument from ASG here, if those has changes, ASG Instance Refresh will trigger - } - tag { - key = "Owners" - value = "Web-Team" - propagate_at_launch = true - } -} diff --git a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c13-04-autoscaling-with-launchtemplate-outputs.tf b/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c13-04-autoscaling-with-launchtemplate-outputs.tf deleted file mode 100644 index 4a67007c..00000000 --- a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c13-04-autoscaling-with-launchtemplate-outputs.tf +++ /dev/null @@ -1,29 +0,0 @@ -# Launch Template Outputs -## launch_template_id -output "launch_template_id" { - description = "Launch Template ID" - value = aws_launch_template.my_launch_template.id -} -## launch_template_latest_version -output "launch_template_latest_version" { - description = "Launch Template Latest Version" - value = aws_launch_template.my_launch_template.latest_version -} - -# Autoscaling Outputs -## autoscaling_group_id -output "autoscaling_group_id" { - description = "Autoscaling Group ID" - value = aws_autoscaling_group.my_asg.id -} - -## autoscaling_group_name -output "autoscaling_group_name" { - description = "Autoscaling Group Name" - value = aws_autoscaling_group.my_asg.name -} -## autoscaling_group_arn -output "autoscaling_group_arn" { - description = "Autoscaling Group ARN" - value = aws_autoscaling_group.my_asg.arn -} diff --git a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c13-05-autoscaling-notifications.tf b/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c13-05-autoscaling-notifications.tf deleted file mode 100644 index e2c85343..00000000 --- a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c13-05-autoscaling-notifications.tf +++ /dev/null @@ -1,27 +0,0 @@ -# Autoscaling Notifications -## AWS Bug for SNS Topic: https://stackoverflow.com/questions/62694223/cloudwatch-alarm-pending-confirmation -## Due to that create SNS Topic with unique name - -## SNS - Topic -resource "aws_sns_topic" "myasg_sns_topic" { - name = "myasg-sns-topic-${random_pet.this.id}" -} - -## SNS - Subscription -resource "aws_sns_topic_subscription" "myasg_sns_topic_subscription" { - topic_arn = aws_sns_topic.myasg_sns_topic.arn - protocol = "email" - endpoint = "stacksimplify@gmail.com" -} - -## Create Autoscaling Notification Resource -resource "aws_autoscaling_notification" "myasg_notifications" { - group_names = [aws_autoscaling_group.my_asg.id] - notifications = [ - "autoscaling:EC2_INSTANCE_LAUNCH", - "autoscaling:EC2_INSTANCE_TERMINATE", - "autoscaling:EC2_INSTANCE_LAUNCH_ERROR", - "autoscaling:EC2_INSTANCE_TERMINATE_ERROR", - ] - topic_arn = aws_sns_topic.myasg_sns_topic.arn -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c13-06-autoscaling-ttsp.tf b/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c13-06-autoscaling-ttsp.tf deleted file mode 100644 index d867d630..00000000 --- a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c13-06-autoscaling-ttsp.tf +++ /dev/null @@ -1,42 +0,0 @@ -###### Target Tracking Scaling Policies ###### -# TTS - Scaling Policy-1: Based on CPU Utilization -# Define Autoscaling Policies and Associate them to Autoscaling Group -resource "aws_autoscaling_policy" "avg_cpu_policy_greater_than_xx" { - name = "avg-cpu-policy-greater-than-xx" - policy_type = "TargetTrackingScaling" # Important Note: The policy type, either "SimpleScaling", "StepScaling" or "TargetTrackingScaling". If this value isn't provided, AWS will default to "SimpleScaling." - autoscaling_group_name = aws_autoscaling_group.my_asg.id - estimated_instance_warmup = 180 # defaults to ASG default cooldown 300 seconds if not set - # CPU Utilization is above 50 - target_tracking_configuration { - predefined_metric_specification { - predefined_metric_type = "ASGAverageCPUUtilization" - } - target_value = 50.0 - } - -} - -# TTS - Scaling Policy-2: Based on ALB Target Requests -resource "aws_autoscaling_policy" "alb_target_requests_greater_than_yy" { - name = "alb-target-requests-greater-than-yy" - policy_type = "TargetTrackingScaling" # Important Note: The policy type, either "SimpleScaling", "StepScaling" or "TargetTrackingScaling". If this value isn't provided, AWS will default to "SimpleScaling." - autoscaling_group_name = aws_autoscaling_group.my_asg.id - estimated_instance_warmup = 120 # defaults to ASG default cooldown 300 seconds if not set - # Number of requests > 10 completed per target in an Application Load Balancer target group. - target_tracking_configuration { - predefined_metric_specification { - predefined_metric_type = "ALBRequestCountPerTarget" - - # Change-2: ALB Module upgraded to 9.4.0 - #resource_label = "${module.alb.lb_arn_suffix}/${module.alb.target_group_arn_suffixes[0]}" - resource_label = "${module.alb.arn_suffix}/${module.alb.target_groups["mytg1"].arn_suffix}" # UPDATED - } - target_value = 10.0 - } -} - -# Updated -output "asg_build_resource_label" { - value = "${module.alb.arn_suffix}/${module.alb.target_groups["mytg1"].arn_suffix}" -} - diff --git a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c13-07-autoscaling-scheduled-actions.tf b/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c13-07-autoscaling-scheduled-actions.tf deleted file mode 100644 index f8d000b4..00000000 --- a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c13-07-autoscaling-scheduled-actions.tf +++ /dev/null @@ -1,23 +0,0 @@ -## Create Scheduled Actions -### Create Scheduled Action-1: Increase capacity during business hours -resource "aws_autoscaling_schedule" "increase_capacity_7am" { - scheduled_action_name = "increase-capacity-7am" - min_size = 2 - max_size = 10 - desired_capacity = 8 - start_time = "2030-03-30T11:00:00Z" # Time should be provided in UTC Timezone (11am UTC = 7AM EST) - recurrence = "00 09 * * *" - autoscaling_group_name = aws_autoscaling_group.my_asg.id -} -### Create Scheduled Action-2: Decrease capacity during business hours -resource "aws_autoscaling_schedule" "decrease_capacity_5pm" { - scheduled_action_name = "decrease-capacity-5pm" - min_size = 2 - max_size = 10 - desired_capacity = 2 - start_time = "2030-03-30T21:00:00Z" # Time should be provided in UTC Timezone (9PM UTC = 5PM EST) - recurrence = "00 21 * * *" - autoscaling_group_name = aws_autoscaling_group.my_asg.id -} - - diff --git a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c2-generic-variables.tf b/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c2-generic-variables.tf deleted file mode 100644 index c238ceaa..00000000 --- a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c2-generic-variables.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Input Variables -# AWS Region -variable "aws_region" { - description = "Region in which AWS Resources to be created" - type = string - default = "us-east-1" -} -# Environment Variable -variable "environment" { - description = "Environment Variable used as a prefix" - type = string - default = "dev" -} -# Business Division -variable "business_divsion" { - description = "Business Division in the large organization this Infrastructure belongs" - type = string - default = "sap" -} diff --git a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c3-local-values.tf b/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c3-local-values.tf deleted file mode 100644 index ba7f09c2..00000000 --- a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c3-local-values.tf +++ /dev/null @@ -1,25 +0,0 @@ -# Define Local Values in Terraform -locals { - owners = var.business_divsion - environment = var.environment - name = "${var.business_divsion}-${var.environment}" - #name = "${local.owners}-${local.environment}" - common_tags = { - owners = local.owners - environment = local.environment - } - - asg_tags = [ - { - key = "Project" - value = "megasecret" - propagate_at_launch = true - }, - { - key = "foo" - value = "" - propagate_at_launch = true - }, - ] - -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c4-01-vpc-variables.tf b/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c4-01-vpc-variables.tf deleted file mode 100644 index b68d0a48..00000000 --- a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c4-01-vpc-variables.tf +++ /dev/null @@ -1,77 +0,0 @@ -# VPC Input Variables - -# VPC Name -variable "vpc_name" { - description = "VPC Name" - type = string - default = "myvpc" -} - -# VPC CIDR Block -variable "vpc_cidr_block" { - description = "VPC CIDR Block" - type = string - default = "10.0.0.0/16" -} - -# VPC Availability Zones -variable "vpc_availability_zones" { - description = "VPC Availability Zones" - type = list(string) - default = ["us-east-1a", "us-east-1b"] -} - -# VPC Public Subnets -variable "vpc_public_subnets" { - description = "VPC Public Subnets" - type = list(string) - default = ["10.0.101.0/24", "10.0.102.0/24"] -} - -# VPC Private Subnets -variable "vpc_private_subnets" { - description = "VPC Private Subnets" - type = list(string) - default = ["10.0.1.0/24", "10.0.2.0/24"] -} - -# VPC Database Subnets -variable "vpc_database_subnets" { - description = "VPC Database Subnets" - type = list(string) - default = ["10.0.151.0/24", "10.0.152.0/24"] -} - -# VPC Create Database Subnet Group (True / False) -variable "vpc_create_database_subnet_group" { - description = "VPC Create Database Subnet Group" - type = bool - default = true -} - -# VPC Create Database Subnet Route Table (True or False) -variable "vpc_create_database_subnet_route_table" { - description = "VPC Create Database Subnet Route Table" - type = bool - default = true -} - - -# VPC Enable NAT Gateway (True or False) -variable "vpc_enable_nat_gateway" { - description = "Enable NAT Gateways for Private Subnets Outbound Communication" - type = bool - default = true -} - -# VPC Single NAT Gateway (True or False) -variable "vpc_single_nat_gateway" { - description = "Enable only single NAT Gateway in one Availability Zone to save costs during our demos" - type = bool - default = true -} - - - - - diff --git a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c4-02-vpc-module.tf b/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c4-02-vpc-module.tf deleted file mode 100644 index 7b7fb83c..00000000 --- a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c4-02-vpc-module.tf +++ /dev/null @@ -1,44 +0,0 @@ -# Create VPC Terraform Module -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - #version = "2.78.0" - #version = "3.0.0" - version = "5.2.0" - - # VPC Basic Details - name = "${local.name}-${var.vpc_name}" - cidr = var.vpc_cidr_block - azs = var.vpc_availability_zones - public_subnets = var.vpc_public_subnets - private_subnets = var.vpc_private_subnets - - # Database Subnets - database_subnets = var.vpc_database_subnets - create_database_subnet_group = var.vpc_create_database_subnet_group - create_database_subnet_route_table = var.vpc_create_database_subnet_route_table - # create_database_internet_gateway_route = true - # create_database_nat_gateway_route = true - - # NAT Gateways - Outbound Communication - enable_nat_gateway = var.vpc_enable_nat_gateway - single_nat_gateway = var.vpc_single_nat_gateway - - # VPC DNS Parameters - enable_dns_hostnames = true - enable_dns_support = true - - - tags = local.common_tags - vpc_tags = local.common_tags - - # Additional Tags to Subnets - public_subnet_tags = { - Type = "Public Subnets" - } - private_subnet_tags = { - Type = "Private Subnets" - } - database_subnet_tags = { - Type = "Private Database Subnets" - } -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c4-03-vpc-outputs.tf b/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c4-03-vpc-outputs.tf deleted file mode 100644 index c144e991..00000000 --- a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c4-03-vpc-outputs.tf +++ /dev/null @@ -1,37 +0,0 @@ -# VPC Output Values - -# VPC ID -output "vpc_id" { - description = "The ID of the VPC" - value = module.vpc.vpc_id -} - -# VPC CIDR blocks -output "vpc_cidr_block" { - description = "The CIDR block of the VPC" - value = module.vpc.vpc_cidr_block -} - -# VPC Private Subnets -output "private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc.private_subnets -} - -# VPC Public Subnets -output "public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc.public_subnets -} - -# VPC NAT gateway Public IP -output "nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_public_ips -} - -# VPC AZs -output "azs" { - description = "A list of availability zones spefified as argument to this module" - value = module.vpc.azs -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c5-01-securitygroup-variables.tf b/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c5-01-securitygroup-variables.tf deleted file mode 100644 index fecdef54..00000000 --- a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c5-01-securitygroup-variables.tf +++ /dev/null @@ -1,2 +0,0 @@ -# AWS EC2 Security Group Terraform Variables -## Placeholder file for Variables diff --git a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c5-02-securitygroup-outputs.tf b/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c5-02-securitygroup-outputs.tf deleted file mode 100644 index 2bd8f58c..00000000 --- a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c5-02-securitygroup-outputs.tf +++ /dev/null @@ -1,46 +0,0 @@ -# AWS EC2 Security Group Terraform Outputs - -# Public Bastion Host Security Group Outputs -## public_bastion_sg_group_id -output "public_bastion_sg_group_id" { - description = "The ID of the security group" - #value = module.public_bastion_sg.this_security_group_id - value = module.public_bastion_sg.security_group_id -} - -## public_bastion_sg_group_vpc_id -output "public_bastion_sg_group_vpc_id" { - description = "The VPC ID" - #value = module.public_bastion_sg.this_security_group_vpc_id - value = module.public_bastion_sg.security_group_vpc_id -} - -## public_bastion_sg_group_name -output "public_bastion_sg_group_name" { - description = "The name of the security group" - #value = module.public_bastion_sg.this_security_group_name - value = module.public_bastion_sg.security_group_name -} - -# Private EC2 Instances Security Group Outputs -## private_sg_group_id -output "private_sg_group_id" { - description = "The ID of the security group" - #value = module.private_sg.this_security_group_id - value = module.private_sg.security_group_id -} - -## private_sg_group_vpc_id -output "private_sg_group_vpc_id" { - description = "The VPC ID" - #value = module.private_sg.this_security_group_vpc_id - value = module.private_sg.security_group_vpc_id -} - -## private_sg_group_name -output "private_sg_group_name" { - description = "The name of the security group" - #value = module.private_sg.this_security_group_name - value = module.private_sg.security_group_name -} - diff --git a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c5-03-securitygroup-bastionsg.tf b/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c5-03-securitygroup-bastionsg.tf deleted file mode 100644 index af37d057..00000000 --- a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c5-03-securitygroup-bastionsg.tf +++ /dev/null @@ -1,18 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Public Bastion Host -module "public_bastion_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - #version = "4.0.0" - version = "5.1.0" - - name = "public-bastion-sg" - description = "Security Group with SSH port open for everybody (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} diff --git a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c5-04-securitygroup-privatesg.tf b/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c5-04-securitygroup-privatesg.tf deleted file mode 100644 index 8ee54a17..00000000 --- a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c5-04-securitygroup-privatesg.tf +++ /dev/null @@ -1,19 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Private EC2 Instances -module "private_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - #version = "4.0.0" - version = "5.1.0" - - name = "private-sg" - description = "Security Group with HTTP & SSH port open for entire VPC Block (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp", "http-80-tcp", "http-8080-tcp"] - ingress_cidr_blocks = [module.vpc.vpc_cidr_block] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} - diff --git a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf b/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf deleted file mode 100644 index 4666ed06..00000000 --- a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf +++ /dev/null @@ -1,30 +0,0 @@ -# Security Group for Public Load Balancer -module "loadbalancer_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - #version = "4.0.0" - version = "5.1.0" - - name = "loadbalancer-sg" - description = "Security Group with HTTP open for entire Internet (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["http-80-tcp", "https-443-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags - - # Open to CIDRs blocks (rule or from_port+to_port+protocol+description) - ingress_with_cidr_blocks = [ - { - from_port = 81 - to_port = 81 - protocol = 6 - description = "Allow Port 81 from internet" - cidr_blocks = "0.0.0.0/0" - }, - ] -} - - diff --git a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c6-01-datasource-ami.tf b/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c6-01-datasource-ami.tf deleted file mode 100644 index c292b608..00000000 --- a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c6-01-datasource-ami.tf +++ /dev/null @@ -1,21 +0,0 @@ -# Get latest AMI ID for Amazon Linux2 OS -data "aws_ami" "amzlinux2" { - most_recent = true - owners = [ "amazon" ] - filter { - name = "name" - values = [ "amzn2-ami-hvm-*-gp2" ] - } - filter { - name = "root-device-type" - values = [ "ebs" ] - } - filter { - name = "virtualization-type" - values = [ "hvm" ] - } - filter { - name = "architecture" - values = [ "x86_64" ] - } -} diff --git a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c6-02-datasource-route53-zone.tf b/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c6-02-datasource-route53-zone.tf deleted file mode 100644 index a30979d5..00000000 --- a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c6-02-datasource-route53-zone.tf +++ /dev/null @@ -1,16 +0,0 @@ -# Get DNS information from AWS Route53 -data "aws_route53_zone" "mydomain" { - name = "devopsincloud.com" -} - -# Output MyDomain Zone ID -output "mydomain_zoneid" { - description = "The Hosted Zone id of the desired Hosted Zone" - value = data.aws_route53_zone.mydomain.zone_id -} - -# Output MyDomain name -output "mydomain_name" { - description = " The Hosted Zone name of the desired Hosted Zone." - value = data.aws_route53_zone.mydomain.name -} diff --git a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c7-01-ec2instance-variables.tf b/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c7-01-ec2instance-variables.tf deleted file mode 100644 index 5067bec2..00000000 --- a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c7-01-ec2instance-variables.tf +++ /dev/null @@ -1,23 +0,0 @@ -# AWS EC2 Instance Terraform Variables -# EC2 Instance Variables - -# AWS EC2 Instance Type -variable "instance_type" { - description = "EC2 Instance Type" - type = string - default = "t3.micro" -} - -# AWS EC2 Instance Key Pair -variable "instance_keypair" { - description = "AWS EC2 Key pair that need to be associated with EC2 Instance" - type = string - default = "terraform-key" -} - -# AWS EC2 Private Instance Count -variable "private_instance_count" { - description = "AWS EC2 Private Instances Count" - type = number - default = 1 -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c7-02-ec2instance-outputs.tf b/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c7-02-ec2instance-outputs.tf deleted file mode 100644 index 14415a3f..00000000 --- a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c7-02-ec2instance-outputs.tf +++ /dev/null @@ -1,15 +0,0 @@ -# AWS EC2 Instance Terraform Outputs -# Public EC2 Instances - Bastion Host - -## ec2_bastion_public_instance_ids -output "ec2_bastion_public_instance_ids" { - description = "List of IDs of instances" - value = module.ec2_public.id -} - -## ec2_bastion_public_ip -output "ec2_bastion_public_ip" { - description = "List of public IP addresses assigned to the instances" - value = module.ec2_public.public_ip -} - diff --git a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c7-03-ec2instance-bastion.tf b/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c7-03-ec2instance-bastion.tf deleted file mode 100644 index 3e60ba74..00000000 --- a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c7-03-ec2instance-bastion.tf +++ /dev/null @@ -1,19 +0,0 @@ -# AWS EC2 Instance Terraform Module -# Bastion Host - EC2 Instance that will be created in VPC Public Subnet -module "ec2_public" { - source = "terraform-aws-modules/ec2-instance/aws" - #version = "2.17.0" - version = "5.5.0" - # insert the 10 required variables here - name = "${var.environment}-BastionHost" - #instance_count = 5 - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - subnet_id = module.vpc.public_subnets[0] - #vpc_security_group_ids = [module.public_bastion_sg.this_security_group_id] - vpc_security_group_ids = [module.public_bastion_sg.security_group_id] - tags = local.common_tags -} - diff --git a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c8-elasticip.tf b/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c8-elasticip.tf deleted file mode 100644 index 0157705d..00000000 --- a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c8-elasticip.tf +++ /dev/null @@ -1,21 +0,0 @@ -# Create Elastic IP for Bastion Host -# Resource - depends_on Meta-Argument -resource "aws_eip" "bastion_eip" { - depends_on = [ module.ec2_public, module.vpc ] - tags = local.common_tags - # COMMENTED - #instance = module.ec2_public.id[0] - #vpc = true - - # UPDATED - instance = module.ec2_public.id - domain = "vpc" - -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) - provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } -} diff --git a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c9-nullresource-provisioners.tf b/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c9-nullresource-provisioners.tf deleted file mode 100644 index a4b0bcdf..00000000 --- a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/c9-nullresource-provisioners.tf +++ /dev/null @@ -1,42 +0,0 @@ -# Create a Null Resource and Provisioners -resource "null_resource" "name" { - depends_on = [module.ec2_public] - # Connection Block for Provisioners to connect to EC2 Instance - connection { - type = "ssh" - host = aws_eip.bastion_eip.public_ip - user = "ec2-user" - password = "" - private_key = file("private-key/terraform-key.pem") - } - -## File Provisioner: Copies the terraform-key.pem file to /tmp/terraform-key.pem - provisioner "file" { - source = "private-key/terraform-key.pem" - destination = "/tmp/terraform-key.pem" - } -## Remote Exec Provisioner: Using remote-exec provisioner fix the private key permissions on Bastion Host - provisioner "remote-exec" { - inline = [ - "sudo chmod 400 /tmp/terraform-key.pem" - ] - } -## Local Exec Provisioner: local-exec provisioner (Creation-Time Provisioner - Triggered during Create Resource) - provisioner "local-exec" { - command = "echo VPC created on `date` and VPC ID: ${module.vpc.vpc_id} >> creation-time-vpc-id.txt" - working_dir = "local-exec-output-files/" - #on_failure = continue - } -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) -/* provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } - */ - -} - -# Creation Time Provisioners - By default they are created during resource creations (terraform apply) -# Destory Time Provisioners - Will be executed during "terraform destroy" command (when = destroy) \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/ec2instance.auto.tfvars b/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/ec2instance.auto.tfvars deleted file mode 100644 index 2d1c0446..00000000 --- a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/ec2instance.auto.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -# EC2 Instance Variables -instance_type = "t3.micro" -instance_keypair = "terraform-key" -private_instance_count = 2 diff --git a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt b/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt deleted file mode 100644 index 2b8b3af8..00000000 --- a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt +++ /dev/null @@ -1,14 +0,0 @@ -VPC created on Tue Apr 20 13:59:45 IST 2021 and VPC ID: vpc-0325dc1acd7eec103 -VPC created on Fri Apr 23 14:38:18 IST 2021 and VPC ID: vpc-0159283c216ac75de -VPC created on Tue Apr 27 10:44:49 IST 2021 and VPC ID: vpc-0f27dbec1d02214ac -VPC created on Tue Apr 27 11:43:16 IST 2021 and VPC ID: vpc-0919ae691ce17b447 -VPC created on Tue Apr 27 15:46:33 IST 2021 and VPC ID: vpc-0c049ce82c2fef9d3 -VPC created on Wed Apr 28 07:46:02 IST 2021 and VPC ID: vpc-0d39babb1eceb9575 -VPC created on Wed Apr 28 09:38:00 IST 2021 and VPC ID: vpc-09e48c566409ec82d -VPC created on Wed Apr 28 10:24:07 IST 2021 and VPC ID: vpc-09022e15de01c4a50 -VPC created on Wed Apr 28 10:50:57 IST 2021 and VPC ID: vpc-092812c768984d8be -VPC created on Wed Apr 28 11:34:10 IST 2021 and VPC ID: vpc-01adbaf8ac37d8544 -VPC created on Thu Apr 29 07:49:39 IST 2021 and VPC ID: vpc-076756b5a8528bb7c -VPC created on Thu Apr 29 14:42:12 IST 2021 and VPC ID: vpc-0c1dc4b0f2ac20dcb -VPC created on Sat May 8 10:58:39 IST 2021 and VPC ID: vpc-0597a0c7016fa61c6 -VPC created on Thu Nov 30 09:27:52 IST 2023 and VPC ID: vpc-0fa3e888581fcf1b5 diff --git a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/local-exec-output-files/destroy-time-prov.txt b/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/local-exec-output-files/destroy-time-prov.txt deleted file mode 100644 index 1427deb9..00000000 --- a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/local-exec-output-files/destroy-time-prov.txt +++ /dev/null @@ -1,14 +0,0 @@ -Destroy time prov Tue Apr 20 14:11:11 IST 2021 -Destroy time prov Fri Apr 23 16:06:53 IST 2021 -Destroy time prov Tue Apr 27 11:10:39 IST 2021 -Destroy time prov Tue Apr 27 13:09:09 IST 2021 -Destroy time prov Tue Apr 27 16:20:51 IST 2021 -Destroy time prov Wed Apr 28 08:12:01 IST 2021 -Destroy time prov Wed Apr 28 10:12:10 IST 2021 -Destroy time prov Wed Apr 28 10:39:23 IST 2021 -Destroy time prov Wed Apr 28 11:24:38 IST 2021 -Destroy time prov Wed Apr 28 13:05:25 IST 2021 -Destroy time prov Thu Apr 29 11:15:01 IST 2021 -Destroy time prov Thu Apr 29 16:03:46 IST 2021 -Destroy time prov Sat May 8 11:14:32 IST 2021 -Destroy time prov Thu Nov 30 09:40:49 IST 2023 diff --git a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/private-key/terraform-key.pem b/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/private-key/terraform-key.pem deleted file mode 100644 index fab1eb2a..00000000 --- a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/private-key/terraform-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAnzQtbXStFNU4znotckbPpAbQvymSYBvIRhObDObmhZLzs/Qm -lm57HBU18NcdAeEmKjHyu/2CI4Wwor3TJ+LTKHIldHmCt+26dSN5889Km99Af674 -nuPg9fTt8IXhY83aO0AeEnFivC+lk9+6Xezv7J7Llsmyx3kvUGE4uUEPNPuNcjdU -OrSlQ/Th9FPWBsTL8wLQCfQaPIQhZT8fXnvNGViTpZ/YqcoKGmkXcMl/+Pi0Xccs -ID3Egl18sV5uWr6T1DSMqhhwWYbl+IagZYUeKQ6Lg5znAtnX2/OHhDep6pGcf+aE -jbRkhQWgfLIVYhNXkAGxdxBEA2fQO0wvnaKI6wIDAQABAoIBABmUZqApmQ253LDA -TMEJw58VQUEVyuEKVbl8uPLvvqZDoEiPuAt/oOQ4PDyAM7bzmBA7ikbOSrSubF0Z -pu3HsinTfVUjmO84kTb1Bkk4S0KUMmbRlDzjXGfofLqiqD5C+wd+G9bWxQh7l10V -G3qv8TTRpuCJc+I9BG8jz9tkKq9WYtnGKXktVIAmEXK+ein8A5yj+szV1CyP0y6Y -6D1KApk+o1hLEXCBxaK6JgD4elJWgU0jCIhRFZzae93yozNIfJc2WZfPc8Ro6GBa -8H57q3E241P7S65VewhZlln9AUcRFYc587ohcCIW8mOWQ8NA3IMP+oVxa2p334Ll -duhR2jECgYEAyf7a1/+/c82B+ENyo53Y5CK2UM28oOJjiyCaWG2Dxj6V2+ZSXPrS -YTo43L9XiqT0Ry2eHjb4pJDsEeW5FnaDFO6NVUP+vfzaqWtozQmVAl3GQybbSh6g -+KJoEQff2Obadp9ZVhLFTiBedvGqPD43hs7jtmk5RfMjpLOvidfe+/UCgYEAycSJ -etYYHMMQm2NgX1/4dcbgOiu33N+x1H7LaXuvJMaZw0wB7fUyu65CAexEanDtiKs3 -jVG4tAzdMmHg7VxKR7eiCvQaSlxdWdcWtL2eFVq2TaQeowbpJUtsR0h6W0vpaN9A -VYW/oAH4fzQskwmWSlBMxB/Ie14hBCBckTXSRV8CgYEAql6WXpCK/jVbZfYdfvrn -sKPGeijM7DWGGBaLmAHmnxKyeyKsXVgAkZj11NpeD8ZJcq97Kajb1pGVSxMjJVsX -/FOoST5sYfoew76gSi/GypQlYQYo9z8WLh9s/tBRcTRlFqAYTYzPdbG/ezshhmZD -lyRw0620bNdCPOyBJhY5MPECgYA/3tFOazuSz0UQi3LUfkLetagBghlf+AgJJmIp -8BdPYvcF1ae+tiHrO4x1o188+qaW3uxk9fusM25KJqXXPaHd9gl7wi4YYAjFCcuM -R4IlbGPNTCjOnr9rKOcL4aup/uvSYOmyqPYyJq2NRuzdVumWeLj0VMNYGkIFVmE3 -LnxzrQKBgG5loEjdSKt40YOMXtYvUYUKDGvWgoQEb0hj3OqiBXz+w4YD3/iX7dbQ -qra1gCxE42Z9beiBiti6zi6zGcoVj/pfNUoyxTLMSwaytbF+g1u6ksXcmC9PXcmk -kJDR0DJcm/rcL8tp3PKo22GDB7sobm9gk5je6y8z+dQs3SQbWzb0 ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/terraform.tfvars b/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/terraform.tfvars deleted file mode 100644 index 8b9f8d7c..00000000 --- a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/terraform.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# Generic Variables -aws_region = "us-east-1" -environment = "stag" -business_divsion = "hr" - - - - - - - diff --git a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/vpc.auto.tfvars b/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/vpc.auto.tfvars deleted file mode 100644 index fc45bf29..00000000 --- a/V1-UPDATES-DEC2023/15-Autoscaling-with-Launch-Templates/terraform-manifests/vpc.auto.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# VPC Variables -vpc_name = "myvpc" -vpc_cidr_block = "10.0.0.0/16" -vpc_availability_zones = ["us-east-1a", "us-east-1b"] -vpc_public_subnets = ["10.0.101.0/24", "10.0.102.0/24"] -vpc_private_subnets = ["10.0.1.0/24", "10.0.2.0/24"] -vpc_database_subnets= ["10.0.151.0/24", "10.0.152.0/24"] -vpc_create_database_subnet_group = true -vpc_create_database_subnet_route_table = true -vpc_enable_nat_gateway = true -vpc_single_nat_gateway = true \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/README-old.md b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/README-old.md deleted file mode 100644 index 1a76b901..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/README-old.md +++ /dev/null @@ -1,251 +0,0 @@ ---- -title: AWS Network Load Balancer with Terraform -description: Create AWS Network Load Balancer with Terraform - Demo for both TCP and TLS Listeners ---- -# AWS Network Load Balancer TCP and TLS with Terraform - -## Step-01: Introduction -- Create [AWS Network Load Balancer using Terraform Module](https://registry.terraform.io/modules/terraform-aws-modules/alb/aws/latest) -- Create TCP Listener -- Create TLS Listener -- Create Target Group - -[](https://stacksimplify.com/course-images/terraform-aws-nlb-network-loadbalancer-1.png) - -[](https://stacksimplify.com/course-images/terraform-aws-nlb-network-loadbalancer-2.png) - -[](https://stacksimplify.com/course-images/terraform-aws-nlb-network-loadbalancer-3.png) - -## Step-02: c5-04-securitygroup-privatesg.tf -- NLB requires private security group EC2 Instances to have the `ingress_cidr_blocks` as `0.0.0.0/0` -```t -# Before - ingress_cidr_blocks = [module.vpc.vpc_cidr_block] - -# After - ingress_cidr_blocks = ["0.0.0.0/0"] # Required for NLB -``` - -## Step-03: c10-01-NLB-network-loadbalancer-variables.tf -- Place holder file for NLB variables. - -## Step-04: c10-02-NLB-network-loadbalancer.tf -- Create [AWS Network Load Balancer using Terraform Module](https://registry.terraform.io/modules/terraform-aws-modules/alb/aws/latest) -- Create TCP Listener -- Create TLS Listener -- Create Target Group -```t -# Terraform AWS Network Load Balancer (NLB) -module "nlb" { - source = "terraform-aws-modules/alb/aws" - version = "6.0.0" - name_prefix = "mynlb-" - #name = "nlb-basic" - load_balancer_type = "network" - vpc_id = module.vpc.vpc_id - subnets = module.vpc.public_subnets - #security_groups = [module.loadbalancer_sg.this_security_group_id] # Security Groups not supported for NLB - # TCP Listener - http_tcp_listeners = [ - { - port = 80 - protocol = "TCP" - target_group_index = 0 - } - ] - - # TLS Listener - https_listeners = [ - { - port = 443 - protocol = "TLS" - certificate_arn = module.acm.acm_certificate_arn - target_group_index = 0 - }, - ] - - - # Target Group - target_groups = [ - { - name_prefix = "app1-" - backend_protocol = "TCP" - backend_port = 80 - target_type = "instance" - deregistration_delay = 10 - health_check = { - enabled = true - interval = 30 - path = "/app1/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - } - }, - ] - tags = local.common_tags -} -``` -## Step-05: c10-03-NLB-network-loadbalancer-outputs.tf -```t -# Terraform AWS Network Load Balancer (NLB) Outputs -output "lb_id" { - description = "The ID and ARN of the load balancer we created." - value = module.nlb.lb_id -} - -output "lb_arn" { - description = "The ID and ARN of the load balancer we created." - value = module.nlb.lb_arn -} - -output "lb_dns_name" { - description = "The DNS name of the load balancer." - value = module.nlb.lb_dns_name -} - -output "lb_arn_suffix" { - description = "ARN suffix of our load balancer - can be used with CloudWatch." - value = module.nlb.lb_arn_suffix -} - -output "lb_zone_id" { - description = "The zone_id of the load balancer to assist with creating DNS records." - value = module.nlb.lb_zone_id -} - -output "http_tcp_listener_arns" { - description = "The ARN of the TCP and HTTP load balancer listeners created." - value = module.nlb.http_tcp_listener_arns -} - -output "http_tcp_listener_ids" { - description = "The IDs of the TCP and HTTP load balancer listeners created." - value = module.nlb.http_tcp_listener_ids -} - -output "https_listener_arns" { - description = "The ARNs of the HTTPS load balancer listeners created." - value = module.nlb.https_listener_arns -} - -output "https_listener_ids" { - description = "The IDs of the load balancer listeners created." - value = module.nlb.https_listener_ids -} - -output "target_group_arns" { - description = "ARNs of the target groups. Useful for passing to your Auto Scaling group." - value = module.nlb.target_group_arns -} - -output "target_group_arn_suffixes" { - description = "ARN suffixes of our target groups - can be used with CloudWatch." - value = module.nlb.target_group_arn_suffixes -} - -output "target_group_names" { - description = "Name of the target group. Useful for passing to your CodeDeploy Deployment Group." - value = module.nlb.target_group_names -} -``` -## Step-06: c12-route53-dnsregistration.tf -- **Change-1:** Update DNS Name -- **Change-2:** Update `alias name` -- **Change-3:** Update `alias zone_id` -```t -# DNS Registration -resource "aws_route53_record" "apps_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = "nlb1.devopsincloud.com" - type = "A" - alias { - name = module.nlb.lb_dns_name - zone_id = module.nlb.lb_zone_id - evaluate_target_health = true - } -} -``` -## Step-07: c13-03-autoscaling-resource.tf -- Change the module name for `target_group_arns` to `nlb` -```t -# Before - target_group_arns = module.alb.target_group_arns -# After - target_group_arns = module.nlb.target_group_arns -``` -## Step-08: c13-06-autoscaling-ttsp.tf -- Comment TTSP ALB policy which is not applicable to NLB -```t -# TTS - Scaling Policy-2: Based on ALB Target Requests -# THIS POLICY IS SPECIFIC TO ALB and NOT APPLICABLE TO NLB -/* -resource "aws_autoscaling_policy" "alb_target_requests_greater_than_yy" { - name = "alb-target-requests-greater-than-yy" - policy_type = "TargetTrackingScaling" # Important Note: The policy type, either "SimpleScaling", "StepScaling" or "TargetTrackingScaling". If this value isn't provided, AWS will default to "SimpleScaling." - autoscaling_group_name = aws_autoscaling_group.my_asg.id - estimated_instance_warmup = 120 # defaults to ASG default cooldown 300 seconds if not set - # Number of requests > 10 completed per target in an Application Load Balancer target group. - target_tracking_configuration { - predefined_metric_specification { - predefined_metric_type = "ALBRequestCountPerTarget" - resource_label = "${module.alb.lb_arn_suffix}/${module.alb.target_group_arn_suffixes[0]}" - } - target_value = 10.0 - } -} -*/ -``` -## Step-09: Execute Terraform Commands -```t -# Terraform Initialize -terraform init - -# Terrafom Validate -terraform validate - -# Terraform Plan -terraform plan - -# Terraform Apply -terraform apply -auto-approve -``` -## Step-10: Verify the AWS resources created -0. Confirm SNS Subscription in your email -1. Verify EC2 Instances -2. Verify Launch Templates (High Level) -3. Verify Autoscaling Group (High Level) -4. Verify Network Load Balancer - - TCP Listener - - TLS Listener -5. Verify Network Load Balancer Target Group - - Health Checks - both nodes should be healthy -6. Access and Test -```t -# Access and Test with Port 80 - TCP Listener -http://nlb.devopsincloud.com -http://nlb.devopsincloud.com/app1/index.html -http://nlb.devopsincloud.com/app1/metadata.html - -# Access and Test with Port 443 - TLS Listener -https://nlb.devopsincloud.com -https://nlb.devopsincloud.com/app1/index.html -https://nlb.devopsincloud.com/app1/metadata.html -``` - -## Step-11: Clean-Up -```t -# Terraform Destroy -terraform destroy -auto-approve - -# Clean-Up Files -rm -rf .terraform* -rm -rf terraform.tfstate* -``` - - - -## References --[Complete NLB - Example](https://registry.terraform.io/modules/terraform-aws-modules/alb/aws/latest/examples/complete-nlb) - diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/README.md b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/README.md deleted file mode 100644 index eb8570f3..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/README.md +++ /dev/null @@ -1,277 +0,0 @@ ---- -title: AWS Network Load Balancer with Terraform -description: Create AWS Network Load Balancer with Terraform - Demo for both TCP and TLS Listeners ---- -# AWS Network Load Balancer TCP and TLS with Terraform - -## Step-01: Introduction -- Create [AWS Network Load Balancer using Terraform Module](https://registry.terraform.io/modules/terraform-aws-modules/alb/aws/latest) -- Create TCP Listener -- Create TLS Listener -- Create Target Group - -[](https://stacksimplify.com/course-images/terraform-aws-nlb-network-loadbalancer-1.png) - -[](https://stacksimplify.com/course-images/terraform-aws-nlb-network-loadbalancer-2.png) - -[](https://stacksimplify.com/course-images/terraform-aws-nlb-network-loadbalancer-3.png) - -## Step-02: c5-04-securitygroup-privatesg.tf -- NLB requires private security group EC2 Instances to have the `ingress_cidr_blocks` as `0.0.0.0/0` -```t -# Before - ingress_cidr_blocks = [module.vpc.vpc_cidr_block] - -# After - ingress_cidr_blocks = ["0.0.0.0/0"] # Required for NLB -``` - -## Step-03: c10-01-NLB-network-loadbalancer-variables.tf -- Place holder file for NLB variables. - -## Step-04: c10-02-NLB-network-loadbalancer.tf -- Create [AWS Network Load Balancer using Terraform Module](https://registry.terraform.io/modules/terraform-aws-modules/alb/aws/latest) -- Create TCP Listener -- Create TLS Listener -- Create Target Group -```t -# Terraform AWS Network Load Balancer (NLB) -module "nlb" { - source = "terraform-aws-modules/alb/aws" - version = "9.4.0" - - name_prefix = "mynlb-" - load_balancer_type = "network" - vpc_id = module.vpc.vpc_id - dns_record_client_routing_policy = "availability_zone_affinity" - security_groups = [module.loadbalancer_sg.security_group_id] - - # https://github.com/hashicorp/terraform-provider-aws/issues/17281 - subnets = module.vpc.public_subnets - - # For example only - enable_deletion_protection = false - -# Listeners - listeners = { - # Listener-1: TCP Listener - my-tcp = { - port = 80 - protocol = "TCP" - forward = { - target_group_key = "mytg1" - } - }# End Listener-1: TCP Listener - # Listener-2: TLS Listener (SSL) - my-tls = { - port = 443 - protocol = "TLS" - certificate_arn = module.acm.acm_certificate_arn - forward = { - target_group_key = "mytg1" - } - }# End Listener-2: TLS Listener (SSL) - }# End Listeners Block - -# Target Groups - target_groups = { - # Target Group-1: mytg1 - mytg1 = { - create_attachment = false - name_prefix = "mytg1-" - protocol = "TCP" - port = 80 - target_type = "instance" - deregistration_delay = 10 - health_check = { - enabled = true - interval = 30 - path = "/app1/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - }# End Health Check Block - }# End Target Group-1: mytg1 - } - tags = local.common_tags -}# End NLB Module - -``` -## Step-05: c10-03-NLB-network-loadbalancer-outputs.tf -```t -# Terraform AWS Network Load Balancer (NLB) Outputs -################################################################################ -# Load Balancer -################################################################################ - -output "id" { - description = "The ID and ARN of the load balancer we created" - value = module.nlb.id -} - -output "arn" { - description = "The ID and ARN of the load balancer we created" - value = module.nlb.arn -} - -output "arn_suffix" { - description = "ARN suffix of our load balancer - can be used with CloudWatch" - value = module.nlb.arn_suffix -} - -output "dns_name" { - description = "The DNS name of the load balancer" - value = module.nlb.dns_name -} - -output "zone_id" { - description = "The zone_id of the load balancer to assist with creating DNS records" - value = module.nlb.zone_id -} - -################################################################################ -# Listener(s) -################################################################################ - -output "listeners" { - description = "Map of listeners created and their attributes" - value = module.nlb.listeners -} - -output "listener_rules" { - description = "Map of listeners rules created and their attributes" - value = module.nlb.listener_rules -} - -################################################################################ -# Target Group(s) -################################################################################ - -output "target_groups" { - description = "Map of target groups created and their attributes" - value = module.nlb.target_groups -} - -################################################################################ -# Security Group -################################################################################ - -output "security_group_arn" { - description = "Amazon Resource Name (ARN) of the security group" - value = module.nlb.security_group_arn -} - -output "security_group_id" { - description = "ID of the security group" - value = module.nlb.security_group_id -} - -################################################################################ -# Route53 Record(s) -################################################################################ - -output "route53_records" { - description = "The Route53 records created and attached to the load balancer" - value = module.nlb.route53_records -} -``` -## Step-06: c12-route53-dnsregistration.tf -- **Change-1:** Update DNS Name -- **Change-2:** Update `alias name` -- **Change-3:** Update `alias zone_id` -```t -# DNS Registration -resource "aws_route53_record" "apps_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = "nlb1.devopsincloud.com" - type = "A" - alias { - name = module.nlb.lb_dns_name - zone_id = module.nlb.lb_zone_id - evaluate_target_health = true - } -} -``` -## Step-07: c13-03-autoscaling-resource.tf -- Change the module name for `target_group_arns` to `nlb` -```t -# Before - target_group_arns = [module.alb.target_groups["mytg1"].arn] - # After - target_group_arns = [module.nlb.target_groups["mytg1"].arn] -``` -## Step-08: c13-06-autoscaling-ttsp.tf -- Comment TTSP ALB policy which is not applicable to NLB -```t -# TTS - Scaling Policy-2: Based on ALB Target Requests -# THIS POLICY IS SPECIFIC TO ALB and NOT APPLICABLE TO NLB -/* -resource "aws_autoscaling_policy" "alb_target_requests_greater_than_yy" { - name = "alb-target-requests-greater-than-yy" - policy_type = "TargetTrackingScaling" # Important Note: The policy type, either "SimpleScaling", "StepScaling" or "TargetTrackingScaling". If this value isn't provided, AWS will default to "SimpleScaling." - autoscaling_group_name = aws_autoscaling_group.my_asg.id - estimated_instance_warmup = 120 # defaults to ASG default cooldown 300 seconds if not set - # Number of requests > 10 completed per target in an Application Load Balancer target group. - target_tracking_configuration { - predefined_metric_specification { - predefined_metric_type = "ALBRequestCountPerTarget" - resource_label = "${module.alb.lb_arn_suffix}/${module.alb.target_group_arn_suffixes[0]}" - } - target_value = 10.0 - } -} -*/ -``` -## Step-09: Execute Terraform Commands -```t -# Terraform Initialize -terraform init - -# Terrafom Validate -terraform validate - -# Terraform Plan -terraform plan - -# Terraform Apply -terraform apply -auto-approve -``` -## Step-10: Verify the AWS resources created -0. Confirm SNS Subscription in your email -1. Verify EC2 Instances -2. Verify Launch Templates (High Level) -3. Verify Autoscaling Group (High Level) -4. Verify Network Load Balancer - - TCP Listener - - TLS Listener -5. Verify Network Load Balancer Target Group - - Health Checks - both nodes should be healthy -6. Access and Test -```t -# Access and Test with Port 80 - TCP Listener -http://nlb.devopsincloud.com -http://nlb.devopsincloud.com/app1/index.html -http://nlb.devopsincloud.com/app1/metadata.html - -# Access and Test with Port 443 - TLS Listener -https://nlb.devopsincloud.com -https://nlb.devopsincloud.com/app1/index.html -https://nlb.devopsincloud.com/app1/metadata.html -``` - -## Step-11: Clean-Up -```t -# Terraform Destroy -terraform destroy -auto-approve - -# Clean-Up Files -rm -rf .terraform* -rm -rf terraform.tfstate* -``` - - - -## References --[Complete NLB - Example](https://registry.terraform.io/modules/terraform-aws-modules/alb/aws/latest/examples/complete-nlb) - diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/UPGRADES.md b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/UPGRADES.md deleted file mode 100644 index 9b7e030f..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/UPGRADES.md +++ /dev/null @@ -1,67 +0,0 @@ -# Terraform Manifest Upgrades - -## Step-01: c10-02-ALB-application-loadbalancer.tf -```t -# Terraform AWS Network Load Balancer (NLB) -module "nlb" { - source = "terraform-aws-modules/alb/aws" - version = "9.4.0" - - name_prefix = "mynlb-" - load_balancer_type = "network" - vpc_id = module.vpc.vpc_id - dns_record_client_routing_policy = "availability_zone_affinity" - security_groups = [module.loadbalancer_sg.security_group_id] - - # https://github.com/hashicorp/terraform-provider-aws/issues/17281 - subnets = module.vpc.public_subnets - - # For example only - enable_deletion_protection = false - -# Listeners - listeners = { - # Listener-1: TCP Listener - my-tcp = { - port = 80 - protocol = "TCP" - forward = { - target_group_key = "mytg1" - } - }# End Listener-1: TCP Listener - # Listener-2: TLS Listener (SSL) - my-tls = { - port = 443 - protocol = "TLS" - certificate_arn = module.acm.acm_certificate_arn - forward = { - target_group_key = "mytg1" - } - }# End Listener-2: TLS Listener (SSL) - }# End Listeners Block - -# Target Groups - target_groups = { - # Target Group-1: mytg1 - mytg1 = { - create_attachment = false - name_prefix = "mytg1-" - protocol = "TCP" - port = 80 - target_type = "instance" - deregistration_delay = 10 - health_check = { - enabled = true - interval = 30 - path = "/app1/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - }# End Health Check Block - }# End Target Group-1: mytg1 - } - tags = local.common_tags -}# End NLB Module - -``` diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/app1-install.sh b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/app1-install.sh deleted file mode 100644 index f697dd1d..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/app1-install.sh +++ /dev/null @@ -1,12 +0,0 @@ -#! /bin/bash -# Instance Identity Metadata Reference - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html -sudo yum update -y -sudo yum install -y httpd -sudo systemctl enable httpd -sudo service httpd start -sudo echo 'Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app1/index.html -sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app1/metadata.html - - diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c1-versions.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c1-versions.tf deleted file mode 100644 index eb5d5bf4..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c1-versions.tf +++ /dev/null @@ -1,33 +0,0 @@ -# Terraform Block -terraform { - required_version = ">= 1.6" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 5.0" - } - null = { - source = "hashicorp/null" - version = "~> 3.0" - } - random = { - source = "hashicorp/random" - version = "~> 3.0" - } - } -} - -# Provider Block -provider "aws" { - region = var.aws_region - profile = "default" -} -/* -Note-1: AWS Credentials Profile (profile = "default") configured on your local desktop terminal -$HOME/.aws/credentials -*/ - -# Create Random Pet Resource -resource "random_pet" "this" { - length = 2 -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c10-01-NLB-network-loadbalancer-variables.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c10-01-NLB-network-loadbalancer-variables.tf deleted file mode 100644 index 0aeebd65..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c10-01-NLB-network-loadbalancer-variables.tf +++ /dev/null @@ -1,3 +0,0 @@ -# Terraform AWS Application Load Balancer Variables -# Place holder file for AWS ALB Variables - diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c10-02-NLB-network-loadbalancer.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c10-02-NLB-network-loadbalancer.tf deleted file mode 100644 index 78228660..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c10-02-NLB-network-loadbalancer.tf +++ /dev/null @@ -1,76 +0,0 @@ -# Create EIP for Network Load Balancer -resource "aws_eip" "this" { - count = length(module.vpc.private_subnets) - domain = "vpc" -} - -# Terraform AWS Network Load Balancer (NLB) -module "nlb" { - source = "terraform-aws-modules/alb/aws" - version = "9.4.0" - - name = "${local.name}-nlb" - load_balancer_type = "network" - vpc_id = module.vpc.vpc_id - dns_record_client_routing_policy = "availability_zone_affinity" - security_groups = [module.loadbalancer_sg.security_group_id] - - # https://github.com/hashicorp/terraform-provider-aws/issues/17281 - subnets = module.vpc.public_subnets - - # Use `subnet_mapping` to attach EIPs - /*subnet_mapping = [for i, eip in aws_eip.this : - { - allocation_id = eip.id - subnet_id = module.vpc.public_subnets[i] - } - ]*/ - - # For example only - enable_deletion_protection = false - - -# Listeners - listeners = { - # Listener-1: TCP Listener - my-tcp = { - port = 80 - protocol = "TCP" - forward = { - target_group_key = "mytg1" - } - }# End Listener-1: TCP Listener - # Listener-2: TLS Listener (SSL) - my-tls = { - port = 443 - protocol = "TLS" - certificate_arn = module.acm.acm_certificate_arn - forward = { - target_group_key = "mytg1" - } - }# End Listener-2: TLS Listener (SSL) - }# End Listeners Block - -# Target Groups - target_groups = { - # Target Group-1: mytg1 - mytg1 = { - create_attachment = false - name_prefix = "mytg1-" - protocol = "TCP" - port = 80 - target_type = "instance" - deregistration_delay = 10 - health_check = { - enabled = true - interval = 30 - path = "/app1/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - }# End Health Check Block - }# End Target Group-1: mytg1 - } - tags = local.common_tags -}# End ALB Module diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c10-03-NLB-network-loadbalancer-outputs.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c10-03-NLB-network-loadbalancer-outputs.tf deleted file mode 100644 index 7b927e1b..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c10-03-NLB-network-loadbalancer-outputs.tf +++ /dev/null @@ -1,74 +0,0 @@ -################################################################################ -# Load Balancer -################################################################################ - -output "id" { - description = "The ID and ARN of the load balancer we created" - value = module.nlb.id -} - -output "arn" { - description = "The ID and ARN of the load balancer we created" - value = module.nlb.arn -} - -output "arn_suffix" { - description = "ARN suffix of our load balancer - can be used with CloudWatch" - value = module.nlb.arn_suffix -} - -output "dns_name" { - description = "The DNS name of the load balancer" - value = module.nlb.dns_name -} - -output "zone_id" { - description = "The zone_id of the load balancer to assist with creating DNS records" - value = module.nlb.zone_id -} - -################################################################################ -# Listener(s) -################################################################################ - -output "listeners" { - description = "Map of listeners created and their attributes" - value = module.nlb.listeners -} - -output "listener_rules" { - description = "Map of listeners rules created and their attributes" - value = module.nlb.listener_rules -} - -################################################################################ -# Target Group(s) -################################################################################ - -output "target_groups" { - description = "Map of target groups created and their attributes" - value = module.nlb.target_groups -} - -################################################################################ -# Security Group -################################################################################ - -output "security_group_arn" { - description = "Amazon Resource Name (ARN) of the security group" - value = module.nlb.security_group_arn -} - -output "security_group_id" { - description = "ID of the security group" - value = module.nlb.security_group_id -} - -################################################################################ -# Route53 Record(s) -################################################################################ - -output "route53_records" { - description = "The Route53 records created and attached to the load balancer" - value = module.nlb.route53_records -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c11-acm-certificatemanager.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c11-acm-certificatemanager.tf deleted file mode 100644 index 0f899c19..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c11-acm-certificatemanager.tf +++ /dev/null @@ -1,27 +0,0 @@ -# ACM Module - To create and Verify SSL Certificates -module "acm" { - source = "terraform-aws-modules/acm/aws" - #version = "2.14.0" - #version = "3.0.0" - version = "5.0.0" - - domain_name = trimsuffix(data.aws_route53_zone.mydomain.name, ".") - zone_id = data.aws_route53_zone.mydomain.zone_id - - subject_alternative_names = [ - "*.devopsincloud.com" - ] - tags = local.common_tags - - # Validation Method - validation_method = "DNS" - wait_for_validation = true -} - -# Output ACM Certificate ARN -output "this_acm_certificate_arn" { - description = "The ARN of the certificate" - #value = module.acm.this_acm_certificate_arn - value = module.acm.acm_certificate_arn -} - diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c12-route53-dnsregistration.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c12-route53-dnsregistration.tf deleted file mode 100644 index 6952aed4..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c12-route53-dnsregistration.tf +++ /dev/null @@ -1,13 +0,0 @@ -# DNS Registration -resource "aws_route53_record" "apps_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = "nlb.devopsincloud.com" - type = "A" - alias { - #name = module.nlb.lb_dns_name - #zone_id = module.nlb.lb_zone_id - name = module.nlb.dns_name - zone_id = module.nlb.zone_id - evaluate_target_health = true - } -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c13-01-autoscaling-with-launchtemplate-variables.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c13-01-autoscaling-with-launchtemplate-variables.tf deleted file mode 100644 index 72ba1abd..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c13-01-autoscaling-with-launchtemplate-variables.tf +++ /dev/null @@ -1,2 +0,0 @@ -# Autoscaling Input Variables -## Placeholder file \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c13-02-autoscaling-launchtemplate-resource.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c13-02-autoscaling-launchtemplate-resource.tf deleted file mode 100644 index 4fd4d7ae..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c13-02-autoscaling-launchtemplate-resource.tf +++ /dev/null @@ -1,34 +0,0 @@ -# Launch Template Resource -resource "aws_launch_template" "my_launch_template" { - name = "my-launch-template" - description = "My Launch Template" - image_id = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - - vpc_security_group_ids = [module.private_sg.security_group_id] - key_name = var.instance_keypair - user_data = filebase64("${path.module}/app1-install.sh") - ebs_optimized = true - #default_version = 1 - update_default_version = true - block_device_mappings { - device_name = "/dev/sda1" - ebs { - volume_size = 10 - #volume_size = 20 # LT Update Testing - Version 2 of LT - delete_on_termination = true - volume_type = "gp2" # default is gp2 - } - } - monitoring { - enabled = true - } - - tag_specifications { - resource_type = "instance" - tags = { - Name = "myasg" - } - } -} - diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c13-03-autoscaling-resource.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c13-03-autoscaling-resource.tf deleted file mode 100644 index ec0c37d4..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c13-03-autoscaling-resource.tf +++ /dev/null @@ -1,37 +0,0 @@ -# Autoscaling Group Resource -resource "aws_autoscaling_group" "my_asg" { - name_prefix = "myasg-" - desired_capacity = 2 - max_size = 10 - min_size = 2 - vpc_zone_identifier = module.vpc.private_subnets - #target_group_arns = module.nlb.target_group_arns - target_group_arns = [module.nlb.target_groups["mytg1"].arn] # UPDATED NOV2023 - health_check_type = "EC2" - #health_check_grace_period = 300 # default is 300 seconds - # Launch Template - launch_template { - id = aws_launch_template.my_launch_template.id - version = aws_launch_template.my_launch_template.latest_version - } - # Instance Refresh - instance_refresh { - strategy = "Rolling" - preferences { - #instance_warmup = 300 # Default behavior is to use the Auto Scaling Group's health check grace period. - min_healthy_percentage = 50 - } - triggers = [ /*"launch_template",*/ "desired_capacity" ] # You can add any argument from ASG here, if those has changes, ASG Instance Refresh will trigger - } - tag { - key = "Owners" - value = "Web-Team" - propagate_at_launch = true - } -} - - - -output "zz" { - value= aws_autoscaling_group.my_asg.target_group_arns -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c13-04-autoscaling-with-launchtemplate-outputs.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c13-04-autoscaling-with-launchtemplate-outputs.tf deleted file mode 100644 index a23e76f4..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c13-04-autoscaling-with-launchtemplate-outputs.tf +++ /dev/null @@ -1,26 +0,0 @@ -# Launch Template Outputs -output "launch_template_id" { - description = "Launch Template ID" - value = aws_launch_template.my_launch_template.id -} - -output "launch_template_latest_version" { - description = "Launch Template Latest Version" - value = aws_launch_template.my_launch_template.latest_version -} - -# Autoscaling Outputs -output "autoscaling_group_id" { - description = "Autoscaling Group ID" - value = aws_autoscaling_group.my_asg.id -} - -output "autoscaling_group_name" { - description = "Autoscaling Group Name" - value = aws_autoscaling_group.my_asg.name -} - -output "autoscaling_group_arn" { - description = "Autoscaling Group ARN" - value = aws_autoscaling_group.my_asg.arn -} diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c13-05-autoscaling-notifications.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c13-05-autoscaling-notifications.tf deleted file mode 100644 index e2c85343..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c13-05-autoscaling-notifications.tf +++ /dev/null @@ -1,27 +0,0 @@ -# Autoscaling Notifications -## AWS Bug for SNS Topic: https://stackoverflow.com/questions/62694223/cloudwatch-alarm-pending-confirmation -## Due to that create SNS Topic with unique name - -## SNS - Topic -resource "aws_sns_topic" "myasg_sns_topic" { - name = "myasg-sns-topic-${random_pet.this.id}" -} - -## SNS - Subscription -resource "aws_sns_topic_subscription" "myasg_sns_topic_subscription" { - topic_arn = aws_sns_topic.myasg_sns_topic.arn - protocol = "email" - endpoint = "stacksimplify@gmail.com" -} - -## Create Autoscaling Notification Resource -resource "aws_autoscaling_notification" "myasg_notifications" { - group_names = [aws_autoscaling_group.my_asg.id] - notifications = [ - "autoscaling:EC2_INSTANCE_LAUNCH", - "autoscaling:EC2_INSTANCE_TERMINATE", - "autoscaling:EC2_INSTANCE_LAUNCH_ERROR", - "autoscaling:EC2_INSTANCE_TERMINATE_ERROR", - ] - topic_arn = aws_sns_topic.myasg_sns_topic.arn -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c13-06-autoscaling-ttsp.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c13-06-autoscaling-ttsp.tf deleted file mode 100644 index f453b533..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c13-06-autoscaling-ttsp.tf +++ /dev/null @@ -1,36 +0,0 @@ -###### Target Tracking Scaling Policies ###### -# TTS - Scaling Policy-1: Based on CPU Utilization -# Define Autoscaling Policies and Associate them to Autoscaling Group -resource "aws_autoscaling_policy" "avg_cpu_policy_greater_than_xx" { - name = "avg-cpu-policy-greater-than-xx" - policy_type = "TargetTrackingScaling" # Important Note: The policy type, either "SimpleScaling", "StepScaling" or "TargetTrackingScaling". If this value isn't provided, AWS will default to "SimpleScaling." - autoscaling_group_name = aws_autoscaling_group.my_asg.id - estimated_instance_warmup = 180 # defaults to ASG default cooldown 300 seconds if not set - # CPU Utilization is above 50 - target_tracking_configuration { - predefined_metric_specification { - predefined_metric_type = "ASGAverageCPUUtilization" - } - target_value = 50.0 - } - -} - -# TTS - Scaling Policy-2: Based on ALB Target Requests -# THIS POLICY IS SPECIFIC TO ALB and NOT APPLICABLE TO NLB -/* -resource "aws_autoscaling_policy" "alb_target_requests_greater_than_yy" { - name = "alb-target-requests-greater-than-yy" - policy_type = "TargetTrackingScaling" # Important Note: The policy type, either "SimpleScaling", "StepScaling" or "TargetTrackingScaling". If this value isn't provided, AWS will default to "SimpleScaling." - autoscaling_group_name = aws_autoscaling_group.my_asg.id - estimated_instance_warmup = 120 # defaults to ASG default cooldown 300 seconds if not set - # Number of requests > 10 completed per target in an Application Load Balancer target group. - target_tracking_configuration { - predefined_metric_specification { - predefined_metric_type = "ALBRequestCountPerTarget" - resource_label = "${module.alb.lb_arn_suffix}/${module.alb.target_group_arn_suffixes[0]}" - } - target_value = 10.0 - } -} -*/ \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c13-07-autoscaling-scheduled-actions.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c13-07-autoscaling-scheduled-actions.tf deleted file mode 100644 index f8d000b4..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c13-07-autoscaling-scheduled-actions.tf +++ /dev/null @@ -1,23 +0,0 @@ -## Create Scheduled Actions -### Create Scheduled Action-1: Increase capacity during business hours -resource "aws_autoscaling_schedule" "increase_capacity_7am" { - scheduled_action_name = "increase-capacity-7am" - min_size = 2 - max_size = 10 - desired_capacity = 8 - start_time = "2030-03-30T11:00:00Z" # Time should be provided in UTC Timezone (11am UTC = 7AM EST) - recurrence = "00 09 * * *" - autoscaling_group_name = aws_autoscaling_group.my_asg.id -} -### Create Scheduled Action-2: Decrease capacity during business hours -resource "aws_autoscaling_schedule" "decrease_capacity_5pm" { - scheduled_action_name = "decrease-capacity-5pm" - min_size = 2 - max_size = 10 - desired_capacity = 2 - start_time = "2030-03-30T21:00:00Z" # Time should be provided in UTC Timezone (9PM UTC = 5PM EST) - recurrence = "00 21 * * *" - autoscaling_group_name = aws_autoscaling_group.my_asg.id -} - - diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c2-generic-variables.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c2-generic-variables.tf deleted file mode 100644 index c238ceaa..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c2-generic-variables.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Input Variables -# AWS Region -variable "aws_region" { - description = "Region in which AWS Resources to be created" - type = string - default = "us-east-1" -} -# Environment Variable -variable "environment" { - description = "Environment Variable used as a prefix" - type = string - default = "dev" -} -# Business Division -variable "business_divsion" { - description = "Business Division in the large organization this Infrastructure belongs" - type = string - default = "sap" -} diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c3-local-values.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c3-local-values.tf deleted file mode 100644 index ba7f09c2..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c3-local-values.tf +++ /dev/null @@ -1,25 +0,0 @@ -# Define Local Values in Terraform -locals { - owners = var.business_divsion - environment = var.environment - name = "${var.business_divsion}-${var.environment}" - #name = "${local.owners}-${local.environment}" - common_tags = { - owners = local.owners - environment = local.environment - } - - asg_tags = [ - { - key = "Project" - value = "megasecret" - propagate_at_launch = true - }, - { - key = "foo" - value = "" - propagate_at_launch = true - }, - ] - -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c4-01-vpc-variables.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c4-01-vpc-variables.tf deleted file mode 100644 index b68d0a48..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c4-01-vpc-variables.tf +++ /dev/null @@ -1,77 +0,0 @@ -# VPC Input Variables - -# VPC Name -variable "vpc_name" { - description = "VPC Name" - type = string - default = "myvpc" -} - -# VPC CIDR Block -variable "vpc_cidr_block" { - description = "VPC CIDR Block" - type = string - default = "10.0.0.0/16" -} - -# VPC Availability Zones -variable "vpc_availability_zones" { - description = "VPC Availability Zones" - type = list(string) - default = ["us-east-1a", "us-east-1b"] -} - -# VPC Public Subnets -variable "vpc_public_subnets" { - description = "VPC Public Subnets" - type = list(string) - default = ["10.0.101.0/24", "10.0.102.0/24"] -} - -# VPC Private Subnets -variable "vpc_private_subnets" { - description = "VPC Private Subnets" - type = list(string) - default = ["10.0.1.0/24", "10.0.2.0/24"] -} - -# VPC Database Subnets -variable "vpc_database_subnets" { - description = "VPC Database Subnets" - type = list(string) - default = ["10.0.151.0/24", "10.0.152.0/24"] -} - -# VPC Create Database Subnet Group (True / False) -variable "vpc_create_database_subnet_group" { - description = "VPC Create Database Subnet Group" - type = bool - default = true -} - -# VPC Create Database Subnet Route Table (True or False) -variable "vpc_create_database_subnet_route_table" { - description = "VPC Create Database Subnet Route Table" - type = bool - default = true -} - - -# VPC Enable NAT Gateway (True or False) -variable "vpc_enable_nat_gateway" { - description = "Enable NAT Gateways for Private Subnets Outbound Communication" - type = bool - default = true -} - -# VPC Single NAT Gateway (True or False) -variable "vpc_single_nat_gateway" { - description = "Enable only single NAT Gateway in one Availability Zone to save costs during our demos" - type = bool - default = true -} - - - - - diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c4-02-vpc-module.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c4-02-vpc-module.tf deleted file mode 100644 index 7b7fb83c..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c4-02-vpc-module.tf +++ /dev/null @@ -1,44 +0,0 @@ -# Create VPC Terraform Module -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - #version = "2.78.0" - #version = "3.0.0" - version = "5.2.0" - - # VPC Basic Details - name = "${local.name}-${var.vpc_name}" - cidr = var.vpc_cidr_block - azs = var.vpc_availability_zones - public_subnets = var.vpc_public_subnets - private_subnets = var.vpc_private_subnets - - # Database Subnets - database_subnets = var.vpc_database_subnets - create_database_subnet_group = var.vpc_create_database_subnet_group - create_database_subnet_route_table = var.vpc_create_database_subnet_route_table - # create_database_internet_gateway_route = true - # create_database_nat_gateway_route = true - - # NAT Gateways - Outbound Communication - enable_nat_gateway = var.vpc_enable_nat_gateway - single_nat_gateway = var.vpc_single_nat_gateway - - # VPC DNS Parameters - enable_dns_hostnames = true - enable_dns_support = true - - - tags = local.common_tags - vpc_tags = local.common_tags - - # Additional Tags to Subnets - public_subnet_tags = { - Type = "Public Subnets" - } - private_subnet_tags = { - Type = "Private Subnets" - } - database_subnet_tags = { - Type = "Private Database Subnets" - } -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c4-03-vpc-outputs.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c4-03-vpc-outputs.tf deleted file mode 100644 index c144e991..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c4-03-vpc-outputs.tf +++ /dev/null @@ -1,37 +0,0 @@ -# VPC Output Values - -# VPC ID -output "vpc_id" { - description = "The ID of the VPC" - value = module.vpc.vpc_id -} - -# VPC CIDR blocks -output "vpc_cidr_block" { - description = "The CIDR block of the VPC" - value = module.vpc.vpc_cidr_block -} - -# VPC Private Subnets -output "private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc.private_subnets -} - -# VPC Public Subnets -output "public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc.public_subnets -} - -# VPC NAT gateway Public IP -output "nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_public_ips -} - -# VPC AZs -output "azs" { - description = "A list of availability zones spefified as argument to this module" - value = module.vpc.azs -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c5-01-securitygroup-variables.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c5-01-securitygroup-variables.tf deleted file mode 100644 index fecdef54..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c5-01-securitygroup-variables.tf +++ /dev/null @@ -1,2 +0,0 @@ -# AWS EC2 Security Group Terraform Variables -## Placeholder file for Variables diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c5-02-securitygroup-outputs.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c5-02-securitygroup-outputs.tf deleted file mode 100644 index 2bd8f58c..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c5-02-securitygroup-outputs.tf +++ /dev/null @@ -1,46 +0,0 @@ -# AWS EC2 Security Group Terraform Outputs - -# Public Bastion Host Security Group Outputs -## public_bastion_sg_group_id -output "public_bastion_sg_group_id" { - description = "The ID of the security group" - #value = module.public_bastion_sg.this_security_group_id - value = module.public_bastion_sg.security_group_id -} - -## public_bastion_sg_group_vpc_id -output "public_bastion_sg_group_vpc_id" { - description = "The VPC ID" - #value = module.public_bastion_sg.this_security_group_vpc_id - value = module.public_bastion_sg.security_group_vpc_id -} - -## public_bastion_sg_group_name -output "public_bastion_sg_group_name" { - description = "The name of the security group" - #value = module.public_bastion_sg.this_security_group_name - value = module.public_bastion_sg.security_group_name -} - -# Private EC2 Instances Security Group Outputs -## private_sg_group_id -output "private_sg_group_id" { - description = "The ID of the security group" - #value = module.private_sg.this_security_group_id - value = module.private_sg.security_group_id -} - -## private_sg_group_vpc_id -output "private_sg_group_vpc_id" { - description = "The VPC ID" - #value = module.private_sg.this_security_group_vpc_id - value = module.private_sg.security_group_vpc_id -} - -## private_sg_group_name -output "private_sg_group_name" { - description = "The name of the security group" - #value = module.private_sg.this_security_group_name - value = module.private_sg.security_group_name -} - diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c5-03-securitygroup-bastionsg.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c5-03-securitygroup-bastionsg.tf deleted file mode 100644 index 2cfb2a12..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c5-03-securitygroup-bastionsg.tf +++ /dev/null @@ -1,18 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Public Bastion Host -module "public_bastion_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - #version = "4.0.0" - version = "5.1.0" - - name = "public-bastion-sg" - description = "Security Group with SSH port open for everybody (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c5-04-securitygroup-privatesg.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c5-04-securitygroup-privatesg.tf deleted file mode 100644 index 415edaa3..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c5-04-securitygroup-privatesg.tf +++ /dev/null @@ -1,20 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Private EC2 Instances -module "private_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - #version = "4.0.0" - version = "5.1.0" - - name = "private-sg" - description = "Security Group with HTTP & SSH port open for entire VPC Block (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp", "http-80-tcp", "http-8080-tcp"] - #ingress_cidr_blocks = [module.vpc.vpc_cidr_block] - ingress_cidr_blocks = ["0.0.0.0/0"] # Required for NLB - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} - diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c5-05-securitygroup-loadbalancersg.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c5-05-securitygroup-loadbalancersg.tf deleted file mode 100644 index c11b8bee..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c5-05-securitygroup-loadbalancersg.tf +++ /dev/null @@ -1,30 +0,0 @@ -# Security Group for Public Load Balancer -module "loadbalancer_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - #version = "4.0.0" - version = "5.1.0" - - name = "loadbalancer-sg" - description = "Security Group with HTTP open for entire Internet (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["http-80-tcp", "https-443-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags - - # Open to CIDRs blocks (rule or from_port+to_port+protocol+description) - ingress_with_cidr_blocks = [ - { - from_port = 81 - to_port = 81 - protocol = 6 - description = "Allow Port 81 from internet" - cidr_blocks = "0.0.0.0/0" - }, - ] -} - - diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c6-01-datasource-ami.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c6-01-datasource-ami.tf deleted file mode 100644 index c292b608..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c6-01-datasource-ami.tf +++ /dev/null @@ -1,21 +0,0 @@ -# Get latest AMI ID for Amazon Linux2 OS -data "aws_ami" "amzlinux2" { - most_recent = true - owners = [ "amazon" ] - filter { - name = "name" - values = [ "amzn2-ami-hvm-*-gp2" ] - } - filter { - name = "root-device-type" - values = [ "ebs" ] - } - filter { - name = "virtualization-type" - values = [ "hvm" ] - } - filter { - name = "architecture" - values = [ "x86_64" ] - } -} diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c6-02-datasource-route53-zone.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c6-02-datasource-route53-zone.tf deleted file mode 100644 index a30979d5..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c6-02-datasource-route53-zone.tf +++ /dev/null @@ -1,16 +0,0 @@ -# Get DNS information from AWS Route53 -data "aws_route53_zone" "mydomain" { - name = "devopsincloud.com" -} - -# Output MyDomain Zone ID -output "mydomain_zoneid" { - description = "The Hosted Zone id of the desired Hosted Zone" - value = data.aws_route53_zone.mydomain.zone_id -} - -# Output MyDomain name -output "mydomain_name" { - description = " The Hosted Zone name of the desired Hosted Zone." - value = data.aws_route53_zone.mydomain.name -} diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c7-01-ec2instance-variables.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c7-01-ec2instance-variables.tf deleted file mode 100644 index 5067bec2..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c7-01-ec2instance-variables.tf +++ /dev/null @@ -1,23 +0,0 @@ -# AWS EC2 Instance Terraform Variables -# EC2 Instance Variables - -# AWS EC2 Instance Type -variable "instance_type" { - description = "EC2 Instance Type" - type = string - default = "t3.micro" -} - -# AWS EC2 Instance Key Pair -variable "instance_keypair" { - description = "AWS EC2 Key pair that need to be associated with EC2 Instance" - type = string - default = "terraform-key" -} - -# AWS EC2 Private Instance Count -variable "private_instance_count" { - description = "AWS EC2 Private Instances Count" - type = number - default = 1 -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c7-02-ec2instance-outputs.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c7-02-ec2instance-outputs.tf deleted file mode 100644 index 14415a3f..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c7-02-ec2instance-outputs.tf +++ /dev/null @@ -1,15 +0,0 @@ -# AWS EC2 Instance Terraform Outputs -# Public EC2 Instances - Bastion Host - -## ec2_bastion_public_instance_ids -output "ec2_bastion_public_instance_ids" { - description = "List of IDs of instances" - value = module.ec2_public.id -} - -## ec2_bastion_public_ip -output "ec2_bastion_public_ip" { - description = "List of public IP addresses assigned to the instances" - value = module.ec2_public.public_ip -} - diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c7-03-ec2instance-bastion.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c7-03-ec2instance-bastion.tf deleted file mode 100644 index 3a343e5e..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c7-03-ec2instance-bastion.tf +++ /dev/null @@ -1,19 +0,0 @@ -# AWS EC2 Instance Terraform Module -# Bastion Host - EC2 Instance that will be created in VPC Public Subnet -module "ec2_public" { - source = "terraform-aws-modules/ec2-instance/aws" - #version = "2.17.0" - version = "5.5.0" - # insert the 10 required variables here - name = "${var.environment}-BastionHost" - #instance_count = 5 - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - subnet_id = module.vpc.public_subnets[0] - #vpc_security_group_ids = [module.public_bastion_sg.this_security_group_id] - vpc_security_group_ids = [module.public_bastion_sg.security_group_id] - tags = local.common_tags -} - diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c8-elasticip.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c8-elasticip.tf deleted file mode 100644 index 04debe57..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c8-elasticip.tf +++ /dev/null @@ -1,22 +0,0 @@ -# Create Elastic IP for Bastion Host -# Resource - depends_on Meta-Argument -resource "aws_eip" "bastion_eip" { - depends_on = [ module.ec2_public, module.vpc ] - tags = local.common_tags - - # COMMENTED - #instance = module.ec2_public.id[0] - #vpc = true - - # UPDATED - instance = module.ec2_public.id - domain = "vpc" - -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) - provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } -} diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c9-nullresource-provisioners.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c9-nullresource-provisioners.tf deleted file mode 100644 index a4b0bcdf..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/c9-nullresource-provisioners.tf +++ /dev/null @@ -1,42 +0,0 @@ -# Create a Null Resource and Provisioners -resource "null_resource" "name" { - depends_on = [module.ec2_public] - # Connection Block for Provisioners to connect to EC2 Instance - connection { - type = "ssh" - host = aws_eip.bastion_eip.public_ip - user = "ec2-user" - password = "" - private_key = file("private-key/terraform-key.pem") - } - -## File Provisioner: Copies the terraform-key.pem file to /tmp/terraform-key.pem - provisioner "file" { - source = "private-key/terraform-key.pem" - destination = "/tmp/terraform-key.pem" - } -## Remote Exec Provisioner: Using remote-exec provisioner fix the private key permissions on Bastion Host - provisioner "remote-exec" { - inline = [ - "sudo chmod 400 /tmp/terraform-key.pem" - ] - } -## Local Exec Provisioner: local-exec provisioner (Creation-Time Provisioner - Triggered during Create Resource) - provisioner "local-exec" { - command = "echo VPC created on `date` and VPC ID: ${module.vpc.vpc_id} >> creation-time-vpc-id.txt" - working_dir = "local-exec-output-files/" - #on_failure = continue - } -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) -/* provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } - */ - -} - -# Creation Time Provisioners - By default they are created during resource creations (terraform apply) -# Destory Time Provisioners - Will be executed during "terraform destroy" command (when = destroy) \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/ec2instance.auto.tfvars b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/ec2instance.auto.tfvars deleted file mode 100644 index 2d1c0446..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/ec2instance.auto.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -# EC2 Instance Variables -instance_type = "t3.micro" -instance_keypair = "terraform-key" -private_instance_count = 2 diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/local-exec-output-files/creation-time-vpc-id.txt b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/local-exec-output-files/creation-time-vpc-id.txt deleted file mode 100644 index 8d4cf8de..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/local-exec-output-files/creation-time-vpc-id.txt +++ /dev/null @@ -1,16 +0,0 @@ -VPC created on Tue Apr 20 13:59:45 IST 2021 and VPC ID: vpc-0325dc1acd7eec103 -VPC created on Fri Apr 23 14:38:18 IST 2021 and VPC ID: vpc-0159283c216ac75de -VPC created on Tue Apr 27 10:44:49 IST 2021 and VPC ID: vpc-0f27dbec1d02214ac -VPC created on Tue Apr 27 11:43:16 IST 2021 and VPC ID: vpc-0919ae691ce17b447 -VPC created on Tue Apr 27 15:46:33 IST 2021 and VPC ID: vpc-0c049ce82c2fef9d3 -VPC created on Wed Apr 28 07:46:02 IST 2021 and VPC ID: vpc-0d39babb1eceb9575 -VPC created on Wed Apr 28 09:38:00 IST 2021 and VPC ID: vpc-09e48c566409ec82d -VPC created on Wed Apr 28 10:24:07 IST 2021 and VPC ID: vpc-09022e15de01c4a50 -VPC created on Wed Apr 28 10:50:57 IST 2021 and VPC ID: vpc-092812c768984d8be -VPC created on Wed Apr 28 11:34:10 IST 2021 and VPC ID: vpc-01adbaf8ac37d8544 -VPC created on Thu Apr 29 07:49:39 IST 2021 and VPC ID: vpc-076756b5a8528bb7c -VPC created on Thu Apr 29 14:42:12 IST 2021 and VPC ID: vpc-0c1dc4b0f2ac20dcb -VPC created on Fri Apr 30 07:09:19 IST 2021 and VPC ID: vpc-03688705ea5b23544 -VPC created on Sat May 8 14:06:23 IST 2021 and VPC ID: vpc-08aca5f197b632448 -VPC created on Thu Nov 30 14:31:30 IST 2023 and VPC ID: vpc-0bd55b27a8d2d2099 -VPC created on Tue Dec 26 17:30:22 IST 2023 and VPC ID: vpc-0d2d5963ff460cbe1 diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/local-exec-output-files/destroy-time-prov.txt b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/local-exec-output-files/destroy-time-prov.txt deleted file mode 100644 index 70d2abcf..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/local-exec-output-files/destroy-time-prov.txt +++ /dev/null @@ -1,16 +0,0 @@ -Destroy time prov Tue Apr 20 14:11:11 IST 2021 -Destroy time prov Fri Apr 23 16:06:53 IST 2021 -Destroy time prov Tue Apr 27 11:10:39 IST 2021 -Destroy time prov Tue Apr 27 13:09:09 IST 2021 -Destroy time prov Tue Apr 27 16:20:51 IST 2021 -Destroy time prov Wed Apr 28 08:12:01 IST 2021 -Destroy time prov Wed Apr 28 10:12:10 IST 2021 -Destroy time prov Wed Apr 28 10:39:23 IST 2021 -Destroy time prov Wed Apr 28 11:24:38 IST 2021 -Destroy time prov Wed Apr 28 13:05:25 IST 2021 -Destroy time prov Thu Apr 29 11:15:01 IST 2021 -Destroy time prov Thu Apr 29 16:03:46 IST 2021 -Destroy time prov Fri Apr 30 09:35:00 IST 2021 -Destroy time prov Sat May 8 14:16:59 IST 2021 -Destroy time prov Thu Nov 30 15:18:55 IST 2023 -Destroy time prov Tue Dec 26 17:31:52 IST 2023 diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/private-key/terraform-key.pem b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/private-key/terraform-key.pem deleted file mode 100644 index fab1eb2a..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/private-key/terraform-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAnzQtbXStFNU4znotckbPpAbQvymSYBvIRhObDObmhZLzs/Qm -lm57HBU18NcdAeEmKjHyu/2CI4Wwor3TJ+LTKHIldHmCt+26dSN5889Km99Af674 -nuPg9fTt8IXhY83aO0AeEnFivC+lk9+6Xezv7J7Llsmyx3kvUGE4uUEPNPuNcjdU -OrSlQ/Th9FPWBsTL8wLQCfQaPIQhZT8fXnvNGViTpZ/YqcoKGmkXcMl/+Pi0Xccs -ID3Egl18sV5uWr6T1DSMqhhwWYbl+IagZYUeKQ6Lg5znAtnX2/OHhDep6pGcf+aE -jbRkhQWgfLIVYhNXkAGxdxBEA2fQO0wvnaKI6wIDAQABAoIBABmUZqApmQ253LDA -TMEJw58VQUEVyuEKVbl8uPLvvqZDoEiPuAt/oOQ4PDyAM7bzmBA7ikbOSrSubF0Z -pu3HsinTfVUjmO84kTb1Bkk4S0KUMmbRlDzjXGfofLqiqD5C+wd+G9bWxQh7l10V -G3qv8TTRpuCJc+I9BG8jz9tkKq9WYtnGKXktVIAmEXK+ein8A5yj+szV1CyP0y6Y -6D1KApk+o1hLEXCBxaK6JgD4elJWgU0jCIhRFZzae93yozNIfJc2WZfPc8Ro6GBa -8H57q3E241P7S65VewhZlln9AUcRFYc587ohcCIW8mOWQ8NA3IMP+oVxa2p334Ll -duhR2jECgYEAyf7a1/+/c82B+ENyo53Y5CK2UM28oOJjiyCaWG2Dxj6V2+ZSXPrS -YTo43L9XiqT0Ry2eHjb4pJDsEeW5FnaDFO6NVUP+vfzaqWtozQmVAl3GQybbSh6g -+KJoEQff2Obadp9ZVhLFTiBedvGqPD43hs7jtmk5RfMjpLOvidfe+/UCgYEAycSJ -etYYHMMQm2NgX1/4dcbgOiu33N+x1H7LaXuvJMaZw0wB7fUyu65CAexEanDtiKs3 -jVG4tAzdMmHg7VxKR7eiCvQaSlxdWdcWtL2eFVq2TaQeowbpJUtsR0h6W0vpaN9A -VYW/oAH4fzQskwmWSlBMxB/Ie14hBCBckTXSRV8CgYEAql6WXpCK/jVbZfYdfvrn -sKPGeijM7DWGGBaLmAHmnxKyeyKsXVgAkZj11NpeD8ZJcq97Kajb1pGVSxMjJVsX -/FOoST5sYfoew76gSi/GypQlYQYo9z8WLh9s/tBRcTRlFqAYTYzPdbG/ezshhmZD -lyRw0620bNdCPOyBJhY5MPECgYA/3tFOazuSz0UQi3LUfkLetagBghlf+AgJJmIp -8BdPYvcF1ae+tiHrO4x1o188+qaW3uxk9fusM25KJqXXPaHd9gl7wi4YYAjFCcuM -R4IlbGPNTCjOnr9rKOcL4aup/uvSYOmyqPYyJq2NRuzdVumWeLj0VMNYGkIFVmE3 -LnxzrQKBgG5loEjdSKt40YOMXtYvUYUKDGvWgoQEb0hj3OqiBXz+w4YD3/iX7dbQ -qra1gCxE42Z9beiBiti6zi6zGcoVj/pfNUoyxTLMSwaytbF+g1u6ksXcmC9PXcmk -kJDR0DJcm/rcL8tp3PKo22GDB7sobm9gk5je6y8z+dQs3SQbWzb0 ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/terraform.tfvars b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/terraform.tfvars deleted file mode 100644 index 8b9f8d7c..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/terraform.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# Generic Variables -aws_region = "us-east-1" -environment = "stag" -business_divsion = "hr" - - - - - - - diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/vpc.auto.tfvars b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/vpc.auto.tfvars deleted file mode 100644 index fc45bf29..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests-orig/vpc.auto.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# VPC Variables -vpc_name = "myvpc" -vpc_cidr_block = "10.0.0.0/16" -vpc_availability_zones = ["us-east-1a", "us-east-1b"] -vpc_public_subnets = ["10.0.101.0/24", "10.0.102.0/24"] -vpc_private_subnets = ["10.0.1.0/24", "10.0.2.0/24"] -vpc_database_subnets= ["10.0.151.0/24", "10.0.152.0/24"] -vpc_create_database_subnet_group = true -vpc_create_database_subnet_route_table = true -vpc_enable_nat_gateway = true -vpc_single_nat_gateway = true \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/app1-install.sh b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/app1-install.sh deleted file mode 100644 index f697dd1d..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/app1-install.sh +++ /dev/null @@ -1,12 +0,0 @@ -#! /bin/bash -# Instance Identity Metadata Reference - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html -sudo yum update -y -sudo yum install -y httpd -sudo systemctl enable httpd -sudo service httpd start -sudo echo 'Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app1/index.html -sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app1/metadata.html - - diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c1-versions.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c1-versions.tf deleted file mode 100644 index eb5d5bf4..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c1-versions.tf +++ /dev/null @@ -1,33 +0,0 @@ -# Terraform Block -terraform { - required_version = ">= 1.6" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 5.0" - } - null = { - source = "hashicorp/null" - version = "~> 3.0" - } - random = { - source = "hashicorp/random" - version = "~> 3.0" - } - } -} - -# Provider Block -provider "aws" { - region = var.aws_region - profile = "default" -} -/* -Note-1: AWS Credentials Profile (profile = "default") configured on your local desktop terminal -$HOME/.aws/credentials -*/ - -# Create Random Pet Resource -resource "random_pet" "this" { - length = 2 -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c10-01-NLB-network-loadbalancer-variables.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c10-01-NLB-network-loadbalancer-variables.tf deleted file mode 100644 index 0aeebd65..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c10-01-NLB-network-loadbalancer-variables.tf +++ /dev/null @@ -1,3 +0,0 @@ -# Terraform AWS Application Load Balancer Variables -# Place holder file for AWS ALB Variables - diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c10-02-NLB-network-loadbalancer.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c10-02-NLB-network-loadbalancer.tf deleted file mode 100644 index 296910c3..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c10-02-NLB-network-loadbalancer.tf +++ /dev/null @@ -1,61 +0,0 @@ -# Terraform AWS Network Load Balancer (NLB) -module "nlb" { - source = "terraform-aws-modules/alb/aws" - version = "9.4.0" - - name_prefix = "mynlb-" - load_balancer_type = "network" - vpc_id = module.vpc.vpc_id - dns_record_client_routing_policy = "availability_zone_affinity" - security_groups = [module.loadbalancer_sg.security_group_id] - - # https://github.com/hashicorp/terraform-provider-aws/issues/17281 - subnets = module.vpc.public_subnets - - # For example only - enable_deletion_protection = false - -# Listeners - listeners = { - # Listener-1: TCP Listener - my-tcp = { - port = 80 - protocol = "TCP" - forward = { - target_group_key = "mytg1" - } - }# End Listener-1: TCP Listener - # Listener-2: TLS Listener (SSL) - my-tls = { - port = 443 - protocol = "TLS" - certificate_arn = module.acm.acm_certificate_arn - forward = { - target_group_key = "mytg1" - } - }# End Listener-2: TLS Listener (SSL) - }# End Listeners Block - -# Target Groups - target_groups = { - # Target Group-1: mytg1 - mytg1 = { - create_attachment = false - name_prefix = "mytg1-" - protocol = "TCP" - port = 80 - target_type = "instance" - deregistration_delay = 10 - health_check = { - enabled = true - interval = 30 - path = "/app1/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - }# End Health Check Block - }# End Target Group-1: mytg1 - } - tags = local.common_tags -}# End NLB Module diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c10-03-NLB-network-loadbalancer-outputs.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c10-03-NLB-network-loadbalancer-outputs.tf deleted file mode 100644 index 7b927e1b..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c10-03-NLB-network-loadbalancer-outputs.tf +++ /dev/null @@ -1,74 +0,0 @@ -################################################################################ -# Load Balancer -################################################################################ - -output "id" { - description = "The ID and ARN of the load balancer we created" - value = module.nlb.id -} - -output "arn" { - description = "The ID and ARN of the load balancer we created" - value = module.nlb.arn -} - -output "arn_suffix" { - description = "ARN suffix of our load balancer - can be used with CloudWatch" - value = module.nlb.arn_suffix -} - -output "dns_name" { - description = "The DNS name of the load balancer" - value = module.nlb.dns_name -} - -output "zone_id" { - description = "The zone_id of the load balancer to assist with creating DNS records" - value = module.nlb.zone_id -} - -################################################################################ -# Listener(s) -################################################################################ - -output "listeners" { - description = "Map of listeners created and their attributes" - value = module.nlb.listeners -} - -output "listener_rules" { - description = "Map of listeners rules created and their attributes" - value = module.nlb.listener_rules -} - -################################################################################ -# Target Group(s) -################################################################################ - -output "target_groups" { - description = "Map of target groups created and their attributes" - value = module.nlb.target_groups -} - -################################################################################ -# Security Group -################################################################################ - -output "security_group_arn" { - description = "Amazon Resource Name (ARN) of the security group" - value = module.nlb.security_group_arn -} - -output "security_group_id" { - description = "ID of the security group" - value = module.nlb.security_group_id -} - -################################################################################ -# Route53 Record(s) -################################################################################ - -output "route53_records" { - description = "The Route53 records created and attached to the load balancer" - value = module.nlb.route53_records -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c11-acm-certificatemanager.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c11-acm-certificatemanager.tf deleted file mode 100644 index 0f899c19..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c11-acm-certificatemanager.tf +++ /dev/null @@ -1,27 +0,0 @@ -# ACM Module - To create and Verify SSL Certificates -module "acm" { - source = "terraform-aws-modules/acm/aws" - #version = "2.14.0" - #version = "3.0.0" - version = "5.0.0" - - domain_name = trimsuffix(data.aws_route53_zone.mydomain.name, ".") - zone_id = data.aws_route53_zone.mydomain.zone_id - - subject_alternative_names = [ - "*.devopsincloud.com" - ] - tags = local.common_tags - - # Validation Method - validation_method = "DNS" - wait_for_validation = true -} - -# Output ACM Certificate ARN -output "this_acm_certificate_arn" { - description = "The ARN of the certificate" - #value = module.acm.this_acm_certificate_arn - value = module.acm.acm_certificate_arn -} - diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c12-route53-dnsregistration.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c12-route53-dnsregistration.tf deleted file mode 100644 index 6952aed4..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c12-route53-dnsregistration.tf +++ /dev/null @@ -1,13 +0,0 @@ -# DNS Registration -resource "aws_route53_record" "apps_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = "nlb.devopsincloud.com" - type = "A" - alias { - #name = module.nlb.lb_dns_name - #zone_id = module.nlb.lb_zone_id - name = module.nlb.dns_name - zone_id = module.nlb.zone_id - evaluate_target_health = true - } -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c13-01-autoscaling-with-launchtemplate-variables.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c13-01-autoscaling-with-launchtemplate-variables.tf deleted file mode 100644 index 72ba1abd..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c13-01-autoscaling-with-launchtemplate-variables.tf +++ /dev/null @@ -1,2 +0,0 @@ -# Autoscaling Input Variables -## Placeholder file \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c13-02-autoscaling-launchtemplate-resource.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c13-02-autoscaling-launchtemplate-resource.tf deleted file mode 100644 index 4fd4d7ae..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c13-02-autoscaling-launchtemplate-resource.tf +++ /dev/null @@ -1,34 +0,0 @@ -# Launch Template Resource -resource "aws_launch_template" "my_launch_template" { - name = "my-launch-template" - description = "My Launch Template" - image_id = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - - vpc_security_group_ids = [module.private_sg.security_group_id] - key_name = var.instance_keypair - user_data = filebase64("${path.module}/app1-install.sh") - ebs_optimized = true - #default_version = 1 - update_default_version = true - block_device_mappings { - device_name = "/dev/sda1" - ebs { - volume_size = 10 - #volume_size = 20 # LT Update Testing - Version 2 of LT - delete_on_termination = true - volume_type = "gp2" # default is gp2 - } - } - monitoring { - enabled = true - } - - tag_specifications { - resource_type = "instance" - tags = { - Name = "myasg" - } - } -} - diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c13-03-autoscaling-resource.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c13-03-autoscaling-resource.tf deleted file mode 100644 index 4c815367..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c13-03-autoscaling-resource.tf +++ /dev/null @@ -1,40 +0,0 @@ -# Autoscaling Group Resource -resource "aws_autoscaling_group" "my_asg" { - name_prefix = "myasg-" - desired_capacity = 2 - max_size = 10 - min_size = 2 - vpc_zone_identifier = module.vpc.private_subnets - - # Change-1: nlb module upgrade to 9.4.0 - #target_group_arns = module.nlb.target_group_arns - target_group_arns = [module.nlb.target_groups["mytg1"].arn] # UPDATED - - health_check_type = "EC2" - #health_check_grace_period = 300 # default is 300 seconds - # Launch Template - launch_template { - id = aws_launch_template.my_launch_template.id - version = aws_launch_template.my_launch_template.latest_version - } - # Instance Refresh - instance_refresh { - strategy = "Rolling" - preferences { - #instance_warmup = 300 # Default behavior is to use the Auto Scaling Group's health check grace period. - min_healthy_percentage = 50 - } - triggers = [ /*"launch_template",*/ "desired_capacity" ] # You can add any argument from ASG here, if those has changes, ASG Instance Refresh will trigger - } - tag { - key = "Owners" - value = "Web-Team" - propagate_at_launch = true - } -} - - - -output "zz" { - value= aws_autoscaling_group.my_asg.target_group_arns -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c13-04-autoscaling-with-launchtemplate-outputs.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c13-04-autoscaling-with-launchtemplate-outputs.tf deleted file mode 100644 index a23e76f4..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c13-04-autoscaling-with-launchtemplate-outputs.tf +++ /dev/null @@ -1,26 +0,0 @@ -# Launch Template Outputs -output "launch_template_id" { - description = "Launch Template ID" - value = aws_launch_template.my_launch_template.id -} - -output "launch_template_latest_version" { - description = "Launch Template Latest Version" - value = aws_launch_template.my_launch_template.latest_version -} - -# Autoscaling Outputs -output "autoscaling_group_id" { - description = "Autoscaling Group ID" - value = aws_autoscaling_group.my_asg.id -} - -output "autoscaling_group_name" { - description = "Autoscaling Group Name" - value = aws_autoscaling_group.my_asg.name -} - -output "autoscaling_group_arn" { - description = "Autoscaling Group ARN" - value = aws_autoscaling_group.my_asg.arn -} diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c13-05-autoscaling-notifications.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c13-05-autoscaling-notifications.tf deleted file mode 100644 index e2c85343..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c13-05-autoscaling-notifications.tf +++ /dev/null @@ -1,27 +0,0 @@ -# Autoscaling Notifications -## AWS Bug for SNS Topic: https://stackoverflow.com/questions/62694223/cloudwatch-alarm-pending-confirmation -## Due to that create SNS Topic with unique name - -## SNS - Topic -resource "aws_sns_topic" "myasg_sns_topic" { - name = "myasg-sns-topic-${random_pet.this.id}" -} - -## SNS - Subscription -resource "aws_sns_topic_subscription" "myasg_sns_topic_subscription" { - topic_arn = aws_sns_topic.myasg_sns_topic.arn - protocol = "email" - endpoint = "stacksimplify@gmail.com" -} - -## Create Autoscaling Notification Resource -resource "aws_autoscaling_notification" "myasg_notifications" { - group_names = [aws_autoscaling_group.my_asg.id] - notifications = [ - "autoscaling:EC2_INSTANCE_LAUNCH", - "autoscaling:EC2_INSTANCE_TERMINATE", - "autoscaling:EC2_INSTANCE_LAUNCH_ERROR", - "autoscaling:EC2_INSTANCE_TERMINATE_ERROR", - ] - topic_arn = aws_sns_topic.myasg_sns_topic.arn -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c13-06-autoscaling-ttsp.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c13-06-autoscaling-ttsp.tf deleted file mode 100644 index f453b533..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c13-06-autoscaling-ttsp.tf +++ /dev/null @@ -1,36 +0,0 @@ -###### Target Tracking Scaling Policies ###### -# TTS - Scaling Policy-1: Based on CPU Utilization -# Define Autoscaling Policies and Associate them to Autoscaling Group -resource "aws_autoscaling_policy" "avg_cpu_policy_greater_than_xx" { - name = "avg-cpu-policy-greater-than-xx" - policy_type = "TargetTrackingScaling" # Important Note: The policy type, either "SimpleScaling", "StepScaling" or "TargetTrackingScaling". If this value isn't provided, AWS will default to "SimpleScaling." - autoscaling_group_name = aws_autoscaling_group.my_asg.id - estimated_instance_warmup = 180 # defaults to ASG default cooldown 300 seconds if not set - # CPU Utilization is above 50 - target_tracking_configuration { - predefined_metric_specification { - predefined_metric_type = "ASGAverageCPUUtilization" - } - target_value = 50.0 - } - -} - -# TTS - Scaling Policy-2: Based on ALB Target Requests -# THIS POLICY IS SPECIFIC TO ALB and NOT APPLICABLE TO NLB -/* -resource "aws_autoscaling_policy" "alb_target_requests_greater_than_yy" { - name = "alb-target-requests-greater-than-yy" - policy_type = "TargetTrackingScaling" # Important Note: The policy type, either "SimpleScaling", "StepScaling" or "TargetTrackingScaling". If this value isn't provided, AWS will default to "SimpleScaling." - autoscaling_group_name = aws_autoscaling_group.my_asg.id - estimated_instance_warmup = 120 # defaults to ASG default cooldown 300 seconds if not set - # Number of requests > 10 completed per target in an Application Load Balancer target group. - target_tracking_configuration { - predefined_metric_specification { - predefined_metric_type = "ALBRequestCountPerTarget" - resource_label = "${module.alb.lb_arn_suffix}/${module.alb.target_group_arn_suffixes[0]}" - } - target_value = 10.0 - } -} -*/ \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c13-07-autoscaling-scheduled-actions.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c13-07-autoscaling-scheduled-actions.tf deleted file mode 100644 index f8d000b4..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c13-07-autoscaling-scheduled-actions.tf +++ /dev/null @@ -1,23 +0,0 @@ -## Create Scheduled Actions -### Create Scheduled Action-1: Increase capacity during business hours -resource "aws_autoscaling_schedule" "increase_capacity_7am" { - scheduled_action_name = "increase-capacity-7am" - min_size = 2 - max_size = 10 - desired_capacity = 8 - start_time = "2030-03-30T11:00:00Z" # Time should be provided in UTC Timezone (11am UTC = 7AM EST) - recurrence = "00 09 * * *" - autoscaling_group_name = aws_autoscaling_group.my_asg.id -} -### Create Scheduled Action-2: Decrease capacity during business hours -resource "aws_autoscaling_schedule" "decrease_capacity_5pm" { - scheduled_action_name = "decrease-capacity-5pm" - min_size = 2 - max_size = 10 - desired_capacity = 2 - start_time = "2030-03-30T21:00:00Z" # Time should be provided in UTC Timezone (9PM UTC = 5PM EST) - recurrence = "00 21 * * *" - autoscaling_group_name = aws_autoscaling_group.my_asg.id -} - - diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c2-generic-variables.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c2-generic-variables.tf deleted file mode 100644 index c238ceaa..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c2-generic-variables.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Input Variables -# AWS Region -variable "aws_region" { - description = "Region in which AWS Resources to be created" - type = string - default = "us-east-1" -} -# Environment Variable -variable "environment" { - description = "Environment Variable used as a prefix" - type = string - default = "dev" -} -# Business Division -variable "business_divsion" { - description = "Business Division in the large organization this Infrastructure belongs" - type = string - default = "sap" -} diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c3-local-values.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c3-local-values.tf deleted file mode 100644 index ba7f09c2..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c3-local-values.tf +++ /dev/null @@ -1,25 +0,0 @@ -# Define Local Values in Terraform -locals { - owners = var.business_divsion - environment = var.environment - name = "${var.business_divsion}-${var.environment}" - #name = "${local.owners}-${local.environment}" - common_tags = { - owners = local.owners - environment = local.environment - } - - asg_tags = [ - { - key = "Project" - value = "megasecret" - propagate_at_launch = true - }, - { - key = "foo" - value = "" - propagate_at_launch = true - }, - ] - -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c4-01-vpc-variables.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c4-01-vpc-variables.tf deleted file mode 100644 index b68d0a48..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c4-01-vpc-variables.tf +++ /dev/null @@ -1,77 +0,0 @@ -# VPC Input Variables - -# VPC Name -variable "vpc_name" { - description = "VPC Name" - type = string - default = "myvpc" -} - -# VPC CIDR Block -variable "vpc_cidr_block" { - description = "VPC CIDR Block" - type = string - default = "10.0.0.0/16" -} - -# VPC Availability Zones -variable "vpc_availability_zones" { - description = "VPC Availability Zones" - type = list(string) - default = ["us-east-1a", "us-east-1b"] -} - -# VPC Public Subnets -variable "vpc_public_subnets" { - description = "VPC Public Subnets" - type = list(string) - default = ["10.0.101.0/24", "10.0.102.0/24"] -} - -# VPC Private Subnets -variable "vpc_private_subnets" { - description = "VPC Private Subnets" - type = list(string) - default = ["10.0.1.0/24", "10.0.2.0/24"] -} - -# VPC Database Subnets -variable "vpc_database_subnets" { - description = "VPC Database Subnets" - type = list(string) - default = ["10.0.151.0/24", "10.0.152.0/24"] -} - -# VPC Create Database Subnet Group (True / False) -variable "vpc_create_database_subnet_group" { - description = "VPC Create Database Subnet Group" - type = bool - default = true -} - -# VPC Create Database Subnet Route Table (True or False) -variable "vpc_create_database_subnet_route_table" { - description = "VPC Create Database Subnet Route Table" - type = bool - default = true -} - - -# VPC Enable NAT Gateway (True or False) -variable "vpc_enable_nat_gateway" { - description = "Enable NAT Gateways for Private Subnets Outbound Communication" - type = bool - default = true -} - -# VPC Single NAT Gateway (True or False) -variable "vpc_single_nat_gateway" { - description = "Enable only single NAT Gateway in one Availability Zone to save costs during our demos" - type = bool - default = true -} - - - - - diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c4-02-vpc-module.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c4-02-vpc-module.tf deleted file mode 100644 index 7b7fb83c..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c4-02-vpc-module.tf +++ /dev/null @@ -1,44 +0,0 @@ -# Create VPC Terraform Module -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - #version = "2.78.0" - #version = "3.0.0" - version = "5.2.0" - - # VPC Basic Details - name = "${local.name}-${var.vpc_name}" - cidr = var.vpc_cidr_block - azs = var.vpc_availability_zones - public_subnets = var.vpc_public_subnets - private_subnets = var.vpc_private_subnets - - # Database Subnets - database_subnets = var.vpc_database_subnets - create_database_subnet_group = var.vpc_create_database_subnet_group - create_database_subnet_route_table = var.vpc_create_database_subnet_route_table - # create_database_internet_gateway_route = true - # create_database_nat_gateway_route = true - - # NAT Gateways - Outbound Communication - enable_nat_gateway = var.vpc_enable_nat_gateway - single_nat_gateway = var.vpc_single_nat_gateway - - # VPC DNS Parameters - enable_dns_hostnames = true - enable_dns_support = true - - - tags = local.common_tags - vpc_tags = local.common_tags - - # Additional Tags to Subnets - public_subnet_tags = { - Type = "Public Subnets" - } - private_subnet_tags = { - Type = "Private Subnets" - } - database_subnet_tags = { - Type = "Private Database Subnets" - } -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c4-03-vpc-outputs.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c4-03-vpc-outputs.tf deleted file mode 100644 index c144e991..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c4-03-vpc-outputs.tf +++ /dev/null @@ -1,37 +0,0 @@ -# VPC Output Values - -# VPC ID -output "vpc_id" { - description = "The ID of the VPC" - value = module.vpc.vpc_id -} - -# VPC CIDR blocks -output "vpc_cidr_block" { - description = "The CIDR block of the VPC" - value = module.vpc.vpc_cidr_block -} - -# VPC Private Subnets -output "private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc.private_subnets -} - -# VPC Public Subnets -output "public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc.public_subnets -} - -# VPC NAT gateway Public IP -output "nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_public_ips -} - -# VPC AZs -output "azs" { - description = "A list of availability zones spefified as argument to this module" - value = module.vpc.azs -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c5-01-securitygroup-variables.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c5-01-securitygroup-variables.tf deleted file mode 100644 index fecdef54..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c5-01-securitygroup-variables.tf +++ /dev/null @@ -1,2 +0,0 @@ -# AWS EC2 Security Group Terraform Variables -## Placeholder file for Variables diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c5-02-securitygroup-outputs.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c5-02-securitygroup-outputs.tf deleted file mode 100644 index 2bd8f58c..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c5-02-securitygroup-outputs.tf +++ /dev/null @@ -1,46 +0,0 @@ -# AWS EC2 Security Group Terraform Outputs - -# Public Bastion Host Security Group Outputs -## public_bastion_sg_group_id -output "public_bastion_sg_group_id" { - description = "The ID of the security group" - #value = module.public_bastion_sg.this_security_group_id - value = module.public_bastion_sg.security_group_id -} - -## public_bastion_sg_group_vpc_id -output "public_bastion_sg_group_vpc_id" { - description = "The VPC ID" - #value = module.public_bastion_sg.this_security_group_vpc_id - value = module.public_bastion_sg.security_group_vpc_id -} - -## public_bastion_sg_group_name -output "public_bastion_sg_group_name" { - description = "The name of the security group" - #value = module.public_bastion_sg.this_security_group_name - value = module.public_bastion_sg.security_group_name -} - -# Private EC2 Instances Security Group Outputs -## private_sg_group_id -output "private_sg_group_id" { - description = "The ID of the security group" - #value = module.private_sg.this_security_group_id - value = module.private_sg.security_group_id -} - -## private_sg_group_vpc_id -output "private_sg_group_vpc_id" { - description = "The VPC ID" - #value = module.private_sg.this_security_group_vpc_id - value = module.private_sg.security_group_vpc_id -} - -## private_sg_group_name -output "private_sg_group_name" { - description = "The name of the security group" - #value = module.private_sg.this_security_group_name - value = module.private_sg.security_group_name -} - diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c5-03-securitygroup-bastionsg.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c5-03-securitygroup-bastionsg.tf deleted file mode 100644 index 2cfb2a12..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c5-03-securitygroup-bastionsg.tf +++ /dev/null @@ -1,18 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Public Bastion Host -module "public_bastion_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - #version = "4.0.0" - version = "5.1.0" - - name = "public-bastion-sg" - description = "Security Group with SSH port open for everybody (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c5-04-securitygroup-privatesg.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c5-04-securitygroup-privatesg.tf deleted file mode 100644 index 415edaa3..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c5-04-securitygroup-privatesg.tf +++ /dev/null @@ -1,20 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Private EC2 Instances -module "private_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - #version = "4.0.0" - version = "5.1.0" - - name = "private-sg" - description = "Security Group with HTTP & SSH port open for entire VPC Block (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp", "http-80-tcp", "http-8080-tcp"] - #ingress_cidr_blocks = [module.vpc.vpc_cidr_block] - ingress_cidr_blocks = ["0.0.0.0/0"] # Required for NLB - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} - diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf deleted file mode 100644 index c11b8bee..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf +++ /dev/null @@ -1,30 +0,0 @@ -# Security Group for Public Load Balancer -module "loadbalancer_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - #version = "4.0.0" - version = "5.1.0" - - name = "loadbalancer-sg" - description = "Security Group with HTTP open for entire Internet (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["http-80-tcp", "https-443-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags - - # Open to CIDRs blocks (rule or from_port+to_port+protocol+description) - ingress_with_cidr_blocks = [ - { - from_port = 81 - to_port = 81 - protocol = 6 - description = "Allow Port 81 from internet" - cidr_blocks = "0.0.0.0/0" - }, - ] -} - - diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c6-01-datasource-ami.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c6-01-datasource-ami.tf deleted file mode 100644 index c292b608..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c6-01-datasource-ami.tf +++ /dev/null @@ -1,21 +0,0 @@ -# Get latest AMI ID for Amazon Linux2 OS -data "aws_ami" "amzlinux2" { - most_recent = true - owners = [ "amazon" ] - filter { - name = "name" - values = [ "amzn2-ami-hvm-*-gp2" ] - } - filter { - name = "root-device-type" - values = [ "ebs" ] - } - filter { - name = "virtualization-type" - values = [ "hvm" ] - } - filter { - name = "architecture" - values = [ "x86_64" ] - } -} diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c6-02-datasource-route53-zone.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c6-02-datasource-route53-zone.tf deleted file mode 100644 index a30979d5..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c6-02-datasource-route53-zone.tf +++ /dev/null @@ -1,16 +0,0 @@ -# Get DNS information from AWS Route53 -data "aws_route53_zone" "mydomain" { - name = "devopsincloud.com" -} - -# Output MyDomain Zone ID -output "mydomain_zoneid" { - description = "The Hosted Zone id of the desired Hosted Zone" - value = data.aws_route53_zone.mydomain.zone_id -} - -# Output MyDomain name -output "mydomain_name" { - description = " The Hosted Zone name of the desired Hosted Zone." - value = data.aws_route53_zone.mydomain.name -} diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c7-01-ec2instance-variables.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c7-01-ec2instance-variables.tf deleted file mode 100644 index 5067bec2..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c7-01-ec2instance-variables.tf +++ /dev/null @@ -1,23 +0,0 @@ -# AWS EC2 Instance Terraform Variables -# EC2 Instance Variables - -# AWS EC2 Instance Type -variable "instance_type" { - description = "EC2 Instance Type" - type = string - default = "t3.micro" -} - -# AWS EC2 Instance Key Pair -variable "instance_keypair" { - description = "AWS EC2 Key pair that need to be associated with EC2 Instance" - type = string - default = "terraform-key" -} - -# AWS EC2 Private Instance Count -variable "private_instance_count" { - description = "AWS EC2 Private Instances Count" - type = number - default = 1 -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c7-02-ec2instance-outputs.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c7-02-ec2instance-outputs.tf deleted file mode 100644 index 14415a3f..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c7-02-ec2instance-outputs.tf +++ /dev/null @@ -1,15 +0,0 @@ -# AWS EC2 Instance Terraform Outputs -# Public EC2 Instances - Bastion Host - -## ec2_bastion_public_instance_ids -output "ec2_bastion_public_instance_ids" { - description = "List of IDs of instances" - value = module.ec2_public.id -} - -## ec2_bastion_public_ip -output "ec2_bastion_public_ip" { - description = "List of public IP addresses assigned to the instances" - value = module.ec2_public.public_ip -} - diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c7-03-ec2instance-bastion.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c7-03-ec2instance-bastion.tf deleted file mode 100644 index 3a343e5e..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c7-03-ec2instance-bastion.tf +++ /dev/null @@ -1,19 +0,0 @@ -# AWS EC2 Instance Terraform Module -# Bastion Host - EC2 Instance that will be created in VPC Public Subnet -module "ec2_public" { - source = "terraform-aws-modules/ec2-instance/aws" - #version = "2.17.0" - version = "5.5.0" - # insert the 10 required variables here - name = "${var.environment}-BastionHost" - #instance_count = 5 - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - subnet_id = module.vpc.public_subnets[0] - #vpc_security_group_ids = [module.public_bastion_sg.this_security_group_id] - vpc_security_group_ids = [module.public_bastion_sg.security_group_id] - tags = local.common_tags -} - diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c8-elasticip.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c8-elasticip.tf deleted file mode 100644 index 04debe57..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c8-elasticip.tf +++ /dev/null @@ -1,22 +0,0 @@ -# Create Elastic IP for Bastion Host -# Resource - depends_on Meta-Argument -resource "aws_eip" "bastion_eip" { - depends_on = [ module.ec2_public, module.vpc ] - tags = local.common_tags - - # COMMENTED - #instance = module.ec2_public.id[0] - #vpc = true - - # UPDATED - instance = module.ec2_public.id - domain = "vpc" - -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) - provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } -} diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c9-nullresource-provisioners.tf b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c9-nullresource-provisioners.tf deleted file mode 100644 index a4b0bcdf..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/c9-nullresource-provisioners.tf +++ /dev/null @@ -1,42 +0,0 @@ -# Create a Null Resource and Provisioners -resource "null_resource" "name" { - depends_on = [module.ec2_public] - # Connection Block for Provisioners to connect to EC2 Instance - connection { - type = "ssh" - host = aws_eip.bastion_eip.public_ip - user = "ec2-user" - password = "" - private_key = file("private-key/terraform-key.pem") - } - -## File Provisioner: Copies the terraform-key.pem file to /tmp/terraform-key.pem - provisioner "file" { - source = "private-key/terraform-key.pem" - destination = "/tmp/terraform-key.pem" - } -## Remote Exec Provisioner: Using remote-exec provisioner fix the private key permissions on Bastion Host - provisioner "remote-exec" { - inline = [ - "sudo chmod 400 /tmp/terraform-key.pem" - ] - } -## Local Exec Provisioner: local-exec provisioner (Creation-Time Provisioner - Triggered during Create Resource) - provisioner "local-exec" { - command = "echo VPC created on `date` and VPC ID: ${module.vpc.vpc_id} >> creation-time-vpc-id.txt" - working_dir = "local-exec-output-files/" - #on_failure = continue - } -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) -/* provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } - */ - -} - -# Creation Time Provisioners - By default they are created during resource creations (terraform apply) -# Destory Time Provisioners - Will be executed during "terraform destroy" command (when = destroy) \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/ec2instance.auto.tfvars b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/ec2instance.auto.tfvars deleted file mode 100644 index 2d1c0446..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/ec2instance.auto.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -# EC2 Instance Variables -instance_type = "t3.micro" -instance_keypair = "terraform-key" -private_instance_count = 2 diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt deleted file mode 100644 index 66abcec7..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt +++ /dev/null @@ -1,18 +0,0 @@ -VPC created on Tue Apr 20 13:59:45 IST 2021 and VPC ID: vpc-0325dc1acd7eec103 -VPC created on Fri Apr 23 14:38:18 IST 2021 and VPC ID: vpc-0159283c216ac75de -VPC created on Tue Apr 27 10:44:49 IST 2021 and VPC ID: vpc-0f27dbec1d02214ac -VPC created on Tue Apr 27 11:43:16 IST 2021 and VPC ID: vpc-0919ae691ce17b447 -VPC created on Tue Apr 27 15:46:33 IST 2021 and VPC ID: vpc-0c049ce82c2fef9d3 -VPC created on Wed Apr 28 07:46:02 IST 2021 and VPC ID: vpc-0d39babb1eceb9575 -VPC created on Wed Apr 28 09:38:00 IST 2021 and VPC ID: vpc-09e48c566409ec82d -VPC created on Wed Apr 28 10:24:07 IST 2021 and VPC ID: vpc-09022e15de01c4a50 -VPC created on Wed Apr 28 10:50:57 IST 2021 and VPC ID: vpc-092812c768984d8be -VPC created on Wed Apr 28 11:34:10 IST 2021 and VPC ID: vpc-01adbaf8ac37d8544 -VPC created on Thu Apr 29 07:49:39 IST 2021 and VPC ID: vpc-076756b5a8528bb7c -VPC created on Thu Apr 29 14:42:12 IST 2021 and VPC ID: vpc-0c1dc4b0f2ac20dcb -VPC created on Fri Apr 30 07:09:19 IST 2021 and VPC ID: vpc-03688705ea5b23544 -VPC created on Sat May 8 14:06:23 IST 2021 and VPC ID: vpc-08aca5f197b632448 -VPC created on Thu Nov 30 14:31:30 IST 2023 and VPC ID: vpc-0bd55b27a8d2d2099 -VPC created on Tue Dec 26 17:15:47 IST 2023 and VPC ID: vpc-04812871ae7a7ec3a -VPC created on Tue Dec 26 17:36:56 IST 2023 and VPC ID: vpc-04d257c8c467cb6f3 -VPC created on Tue Dec 26 18:03:49 IST 2023 and VPC ID: vpc-0153787074d74bd27 diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/local-exec-output-files/destroy-time-prov.txt b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/local-exec-output-files/destroy-time-prov.txt deleted file mode 100644 index 759e6150..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/local-exec-output-files/destroy-time-prov.txt +++ /dev/null @@ -1,18 +0,0 @@ -Destroy time prov Tue Apr 20 14:11:11 IST 2021 -Destroy time prov Fri Apr 23 16:06:53 IST 2021 -Destroy time prov Tue Apr 27 11:10:39 IST 2021 -Destroy time prov Tue Apr 27 13:09:09 IST 2021 -Destroy time prov Tue Apr 27 16:20:51 IST 2021 -Destroy time prov Wed Apr 28 08:12:01 IST 2021 -Destroy time prov Wed Apr 28 10:12:10 IST 2021 -Destroy time prov Wed Apr 28 10:39:23 IST 2021 -Destroy time prov Wed Apr 28 11:24:38 IST 2021 -Destroy time prov Wed Apr 28 13:05:25 IST 2021 -Destroy time prov Thu Apr 29 11:15:01 IST 2021 -Destroy time prov Thu Apr 29 16:03:46 IST 2021 -Destroy time prov Fri Apr 30 09:35:00 IST 2021 -Destroy time prov Sat May 8 14:16:59 IST 2021 -Destroy time prov Thu Nov 30 15:18:55 IST 2023 -Destroy time prov Tue Dec 26 17:22:39 IST 2023 -Destroy time prov Tue Dec 26 17:41:46 IST 2023 -Destroy time prov Tue Dec 26 18:10:24 IST 2023 diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/private-key/terraform-key.pem b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/private-key/terraform-key.pem deleted file mode 100644 index fab1eb2a..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/private-key/terraform-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAnzQtbXStFNU4znotckbPpAbQvymSYBvIRhObDObmhZLzs/Qm -lm57HBU18NcdAeEmKjHyu/2CI4Wwor3TJ+LTKHIldHmCt+26dSN5889Km99Af674 -nuPg9fTt8IXhY83aO0AeEnFivC+lk9+6Xezv7J7Llsmyx3kvUGE4uUEPNPuNcjdU -OrSlQ/Th9FPWBsTL8wLQCfQaPIQhZT8fXnvNGViTpZ/YqcoKGmkXcMl/+Pi0Xccs -ID3Egl18sV5uWr6T1DSMqhhwWYbl+IagZYUeKQ6Lg5znAtnX2/OHhDep6pGcf+aE -jbRkhQWgfLIVYhNXkAGxdxBEA2fQO0wvnaKI6wIDAQABAoIBABmUZqApmQ253LDA -TMEJw58VQUEVyuEKVbl8uPLvvqZDoEiPuAt/oOQ4PDyAM7bzmBA7ikbOSrSubF0Z -pu3HsinTfVUjmO84kTb1Bkk4S0KUMmbRlDzjXGfofLqiqD5C+wd+G9bWxQh7l10V -G3qv8TTRpuCJc+I9BG8jz9tkKq9WYtnGKXktVIAmEXK+ein8A5yj+szV1CyP0y6Y -6D1KApk+o1hLEXCBxaK6JgD4elJWgU0jCIhRFZzae93yozNIfJc2WZfPc8Ro6GBa -8H57q3E241P7S65VewhZlln9AUcRFYc587ohcCIW8mOWQ8NA3IMP+oVxa2p334Ll -duhR2jECgYEAyf7a1/+/c82B+ENyo53Y5CK2UM28oOJjiyCaWG2Dxj6V2+ZSXPrS -YTo43L9XiqT0Ry2eHjb4pJDsEeW5FnaDFO6NVUP+vfzaqWtozQmVAl3GQybbSh6g -+KJoEQff2Obadp9ZVhLFTiBedvGqPD43hs7jtmk5RfMjpLOvidfe+/UCgYEAycSJ -etYYHMMQm2NgX1/4dcbgOiu33N+x1H7LaXuvJMaZw0wB7fUyu65CAexEanDtiKs3 -jVG4tAzdMmHg7VxKR7eiCvQaSlxdWdcWtL2eFVq2TaQeowbpJUtsR0h6W0vpaN9A -VYW/oAH4fzQskwmWSlBMxB/Ie14hBCBckTXSRV8CgYEAql6WXpCK/jVbZfYdfvrn -sKPGeijM7DWGGBaLmAHmnxKyeyKsXVgAkZj11NpeD8ZJcq97Kajb1pGVSxMjJVsX -/FOoST5sYfoew76gSi/GypQlYQYo9z8WLh9s/tBRcTRlFqAYTYzPdbG/ezshhmZD -lyRw0620bNdCPOyBJhY5MPECgYA/3tFOazuSz0UQi3LUfkLetagBghlf+AgJJmIp -8BdPYvcF1ae+tiHrO4x1o188+qaW3uxk9fusM25KJqXXPaHd9gl7wi4YYAjFCcuM -R4IlbGPNTCjOnr9rKOcL4aup/uvSYOmyqPYyJq2NRuzdVumWeLj0VMNYGkIFVmE3 -LnxzrQKBgG5loEjdSKt40YOMXtYvUYUKDGvWgoQEb0hj3OqiBXz+w4YD3/iX7dbQ -qra1gCxE42Z9beiBiti6zi6zGcoVj/pfNUoyxTLMSwaytbF+g1u6ksXcmC9PXcmk -kJDR0DJcm/rcL8tp3PKo22GDB7sobm9gk5je6y8z+dQs3SQbWzb0 ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/terraform.tfvars b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/terraform.tfvars deleted file mode 100644 index 8b9f8d7c..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/terraform.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# Generic Variables -aws_region = "us-east-1" -environment = "stag" -business_divsion = "hr" - - - - - - - diff --git a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/vpc.auto.tfvars b/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/vpc.auto.tfvars deleted file mode 100644 index fc45bf29..00000000 --- a/V1-UPDATES-DEC2023/16-AWS-NLB-Network-Load-Balancer/terraform-manifests/vpc.auto.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# VPC Variables -vpc_name = "myvpc" -vpc_cidr_block = "10.0.0.0/16" -vpc_availability_zones = ["us-east-1a", "us-east-1b"] -vpc_public_subnets = ["10.0.101.0/24", "10.0.102.0/24"] -vpc_private_subnets = ["10.0.1.0/24", "10.0.2.0/24"] -vpc_database_subnets= ["10.0.151.0/24", "10.0.152.0/24"] -vpc_create_database_subnet_group = true -vpc_create_database_subnet_route_table = true -vpc_enable_nat_gateway = true -vpc_single_nat_gateway = true \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/README.md b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/README.md deleted file mode 100644 index 94edcfe9..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/README.md +++ /dev/null @@ -1,329 +0,0 @@ ---- -title: AWS CloudWatch using Terraform -description: Create CloudWatch Alarms for ASG, ALB, Synthetics, CIS Alarams ---- -# CloudWatch + ALB + Autoscaling with Launch Templates - -## Step-01: Introduction -- Create the following Alarms using CloudWatch with the end to end usecase we have built so far - - AWS Application Load Balancer Alarms - - AWS Autoscaling Group Alarms - - AWS CIS Alarms (Center for Internet Security) -- AWS CloudWatch Synthetics - - Implement a Heart Beat Monitor - - -[](https://stacksimplify.com/course-images/terraform-aws-cloudwatch-1.png) - -[](https://stacksimplify.com/course-images/terraform-aws-cloudwatch-2.png) - -[](https://stacksimplify.com/course-images/terraform-aws-cloudwatch-3.png) - -## Step-02: Copy all files from Section-15 -- Copy all the files from `15-Autoscaling-with-Launch-Templates\terraform-manifests` - -## Step-03: c12-route53-dnsregistration.tf -- Change the DNS name as per your demo content -```t - name = "cloudwatch1.devopsincloud.com" -``` - -## Step-04: c14-01-cloudwatch-variables.tf -- Create a place holder file to define CloudWatch Variables - -## Step-05: c14-02-cloudwatch-asg-alarms.tf -```t -# Define CloudWatch Alarms for Autoscaling Groups - -# Autoscaling - Scaling Policy for High CPU -resource "aws_autoscaling_policy" "high_cpu" { - name = "high-cpu" - scaling_adjustment = 4 - adjustment_type = "ChangeInCapacity" - cooldown = 300 - autoscaling_group_name = aws_autoscaling_group.my_asg.name -} - -# Cloud Watch Alarm to trigger the above scaling policy when CPU Utilization is above 80% -# Also send the notificaiton email to users present in SNS Topic Subscription -resource "aws_cloudwatch_metric_alarm" "app1_asg_cwa_cpu" { - alarm_name = "App1-ASG-CWA-CPUUtilization" - comparison_operator = "GreaterThanOrEqualToThreshold" - evaluation_periods = "2" - metric_name = "CPUUtilization" - namespace = "AWS/EC2" - period = "120" - statistic = "Average" - threshold = "80" - - dimensions = { - AutoScalingGroupName = aws_autoscaling_group.my_asg.name - } - - alarm_description = "This metric monitors ec2 cpu utilization and triggers the ASG Scaling policy to scale-out if CPU is above 80%" - - ok_actions = [aws_sns_topic.myasg_sns_topic.arn] - alarm_actions = [ - aws_autoscaling_policy.high_cpu.arn, - aws_sns_topic.myasg_sns_topic.arn - ] -} -``` - -## Step-06: c14-03-cloudwatch-alb-alarms.tf -```t -# Define CloudWatch Alarms for ALB -# Alert if HTTP 4xx errors are more than threshold value -resource "aws_cloudwatch_metric_alarm" "alb_4xx_errors" { - alarm_name = "App1-ALB-HTTP-4xx-errors" - comparison_operator = "GreaterThanThreshold" - datapoints_to_alarm = "2" # "2" - evaluation_periods = "3" # "3" - metric_name = "HTTPCode_Target_4XX_Count" - namespace = "AWS/ApplicationELB" - period = "120" - statistic = "Sum" - threshold = "5" # Update real-world value like 100, 200 etc - treat_missing_data = "missing" - dimensions = { - LoadBalancer = module.alb.lb_arn_suffix - } - alarm_description = "This metric monitors ALB HTTP 4xx errors and if they are above 100 in specified interval, it is going to send a notification email" - ok_actions = [aws_sns_topic.myasg_sns_topic.arn] - alarm_actions = [aws_sns_topic.myasg_sns_topic.arn] -} - -# Per AppELB Metrics -## - HTTPCode_ELB_5XX_Count -## - HTTPCode_ELB_502_Count -## - TargetResponseTime -# Per AppELB, per TG Metrics -## - UnHealthyHostCount -## - HealthyHostCount -## - HTTPCode_Target_4XX_Count -## - TargetResponseTime -``` - -## Step-07: c14-04-cloudwatch-cis-alarms.tf -- [Terraform AWS CloudWatch Module](https://registry.terraform.io/modules/terraform-aws-modules/cloudwatch/aws/latest) -- [AWS CIS Alarms](https://registry.terraform.io/modules/terraform-aws-modules/cloudwatch/aws/latest/submodules/cis-alarms) -- [CIS AWS Foundations Benchmark controls](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cis-controls.html) - -```t -# Create Log Group for CIS -resource "aws_cloudwatch_log_group" "cis_log_group" { - name = "cis-log-group-${random_pet.this.id}" -} - -# Define CIS Alarms -module "all_cis_alarms" { - source = "terraform-aws-modules/cloudwatch/aws//modules/cis-alarms" - version = "2.0.0" - - disabled_controls = ["DisableOrDeleteCMK", "VPCChanges"] - log_group_name = aws_cloudwatch_log_group.cis_log_group.name - alarm_actions = [aws_sns_topic.myasg_sns_topic.arn] - tags = local.common_tags -} -``` - -## Step-08: AWS CloudWatch Synthetics - Run manually and Understand -- Understand AWS CloudWatch Synthetics -- Create CloudWatch Synthetics using AWS management console and explore more about it - -## Step-09: AWS CloudWatch Synthetics using Terraform -- Review the following files -- **File-1:** `sswebsite2\nodejs\node_modules\sswebsite2.js` -- **File-2:** sswebsite2v1.zip - -### Step-09-01: Create Folder Structure -- `nodejs\node_modules\` - -### Step-09-02: Create sswebsite2.js file -- Use `Heart Beat Monitor` sample from AWS Management Console - AWS CloudWatch Sythetic Service -- Update your Application DNS Name -```t -# Before - const urls = ['https://stacksimplify.com']; - -# After - const urls = ['https://yourapp.com']; -``` -### Step-09-03: Create ZIP file -```t -cd sswebsite2 -zip -r sswebsite2v1.zip nodejs -``` -### Step-09-04: c14-05-cloudwatch-synthetics.tf - Create IAM Policy and Role -```t -# AWS IAM Policy -resource "aws_iam_policy" "cw_canary_iam_policy" { - name = "cw-canary-iam-policy" - path = "/" - description = "CloudWatch Canary Synthetic IAM Policy" - - # Terraform's "jsonencode" function converts a - # Terraform expression result to valid JSON syntax. - policy = jsonencode({ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "VisualEditor0", - "Effect": "Allow", - "Action": "cloudwatch:PutMetricData", - "Resource": "*", - "Condition": { - "StringEquals": { - "cloudwatch:namespace": "CloudWatchSynthetics" - } - } - }, - { - "Sid": "VisualEditor1", - "Effect": "Allow", - "Action": [ - "s3:PutObject", - "logs:CreateLogStream", - "s3:ListAllMyBuckets", - "logs:CreateLogGroup", - "logs:PutLogEvents", - "s3:GetBucketLocation", - "xray:PutTraceSegments" - ], - "Resource": "*" - } - ] -}) -} - -# AWS IAM Role -resource "aws_iam_role" "cw_canary_iam_role" { - name = "cw-canary-iam-role" - description = "CloudWatch Synthetics lambda execution role for running canaries" - path = "/service-role/" - #assume_role_policy = data.aws_iam_policy_document.instance_assume_role_policy.json # (not shown) - assume_role_policy = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"lambda.amazonaws.com\"},\"Action\":\"sts:AssumeRole\"}]}" - managed_policy_arns = [aws_iam_policy.cw_canary_iam_policy.arn] -} -``` - -### Step-09-05: c14-05-cloudwatch-synthetics.tf - Create S3 Bucket -```t -# Create S3 Bucket -resource "aws_s3_bucket" "cw_canary_bucket" { - bucket = "cw-canary-bucket-${random_pet.this.id}" - acl = "private" - force_destroy = true - - tags = { - Name = "My bucket" - Environment = "Dev" - } -} -``` -### Step-09-06: c14-05-cloudwatch-synthetics.tf - Create AWS CloudWatch Canary Resource -```t - -# AWS CloudWatch Canary -resource "aws_synthetics_canary" "sswebsite2" { - name = "sswebsite2" - artifact_s3_location = "s3://${aws_s3_bucket.cw_canary_bucket.id}/sswebsite2" - execution_role_arn = aws_iam_role.cw_canary_iam_role.arn - handler = "sswebsite2.handler" - zip_file = "sswebsite2/sswebsite2v1.zip" - runtime_version = "syn-nodejs-puppeteer-3.1" - start_canary = true - - run_config { - active_tracing = true - memory_in_mb = 960 - timeout_in_seconds = 60 - } - schedule { - expression = "rate(1 minute)" - } -} -``` -### Step-09-07: c14-05-cloudwatch-synthetics.tf - Create AWS CloudWatch Metric Alarm for Canary Resource -```t -# AWS CloudWatch Metric Alarm for Synthetics Heart Beat Monitor when availability is less than 10 percent -resource "aws_cloudwatch_metric_alarm" "synthetics_alarm_app1" { - alarm_name = "Synthetics-Alarm-App1" - comparison_operator = "LessThanThreshold" - datapoints_to_alarm = "1" # "2" - evaluation_periods = "1" # "3" - metric_name = "SuccessPercent" - namespace = "CloudWatchSynthetics" - period = "300" - statistic = "Average" - threshold = "90" - treat_missing_data = "breaching" # You can also add "missing" - dimensions = { - CanaryName = aws_synthetics_canary.sswebsite2.id - } - alarm_description = "Synthetics alarm metric: SuccessPercent LessThanThreshold 90" - ok_actions = [aws_sns_topic.myasg_sns_topic.arn] - alarm_actions = [aws_sns_topic.myasg_sns_topic.arn] -} -``` - - -## Step-10: Execute Terraform Commands -```t -# Terraform Initialize -terraform init - -# Terraform Validate -terraform validate - -# Terraform Plan -terraform plan - -# Terraform Apply -terraform apply -auto-approve -``` - -## Step-11: Verify Resources -0. Confirm SNS Subscription in your email -1. Verify EC2 Instances -2. Verify Launch Templates (High Level) -3. Verify Autoscaling Group (High Level) -4. Verify Load Balancer -5. Verify Load Balancer Target Group - Health Checks -6. Cloud Watch -- ALB Alarm -- ASG Alarm -- CIS Alarms -- Synthetics -7. Access and Test -```t -# Access and Test -http://cloudwatch.devopsincloud.com -http://cloudwatch.devopsincloud.com/app1/index.html -http://cloudwatch.devopsincloud.com/app1/metadata.html -``` - -## Step-11: Clean-Up -```t -# Delete Resources -terraform destroy -auto-approve - -# Delete Files -rm -rf .terraform* -rm -rf terraform.tfstate* -``` - - - -## Additional Knowledge -```t -terraform import aws_cloudwatch_metric_alarm.test alarm-12345 -terraform import aws_cloudwatch_metric_alarm.temp1 alb-4xx-temp-1 -``` - - -## References -- [ALL CW Metrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/aws-services-cloudwatch-metrics.html) -- [ALB CW Metrics](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-cloudwatch-metrics.html) -- [CloudWatch Concepts](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html) - diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/UPGRADES.md b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/UPGRADES.md deleted file mode 100644 index 7788886d..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/UPGRADES.md +++ /dev/null @@ -1,42 +0,0 @@ -# Terraform Manifest Upgrades - -## Step-01: c14-03-cloudwatch-alb-alarms.tf -```t -# Before - dimensions = { - LoadBalancer = module.alb.lb_arn_suffix - } - -# After - dimensions = { - LoadBalancer = module.alb.arn_suffix # UPDATED - } -``` - -## Step-02: c14-05-cloudwatch-synthetics.tf -```t -# Create S3 Bucket -resource "aws_s3_bucket" "cw_canary_bucket" { - bucket = "cw-canary-bucket-${random_pet.this.id}" - #acl = "private" # UPDATED - force_destroy = true - - tags = { - Name = "My bucket" - Environment = "Dev" - } -} -# Create S3 Bucket Ownership control - ADDED NEW -resource "aws_s3_bucket_ownership_controls" "example" { - bucket = aws_s3_bucket.cw_canary_bucket.id - rule { - object_ownership = "BucketOwnerPreferred" - } -} -# Create S3 Bucket ACL - ADDED NEW -resource "aws_s3_bucket_acl" "example" { - depends_on = [aws_s3_bucket_ownership_controls.example] - bucket = aws_s3_bucket.cw_canary_bucket.id - acl = "private" -} -``` diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/cw-synthetics-manifests-v1/c1-versions.tf b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/cw-synthetics-manifests-v1/c1-versions.tf deleted file mode 100644 index cb7989da..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/cw-synthetics-manifests-v1/c1-versions.tf +++ /dev/null @@ -1,34 +0,0 @@ -# Terraform Block -terraform { - required_version = "~> 0.14" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 3.0" - } - null = { - source = "hashicorp/null" - version = "~> 3.0" - } - random = { - source = "hashicorp/random" - version = "~> 3.0" - } - } -} - -# Provider Block -provider "aws" { - region = "us-east-1" - profile = "default" -} -/* -Note-1: AWS Credentials Profile (profile = "default") configured on your local desktop terminal -$HOME/.aws/credentials -*/ - -# Create Random Pet Resource -resource "random_pet" "this" { - length = 2 -} - diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/cw-synthetics-manifests-v1/c14-05-cloudwatch-synthetics.tf b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/cw-synthetics-manifests-v1/c14-05-cloudwatch-synthetics.tf deleted file mode 100644 index 754554c0..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/cw-synthetics-manifests-v1/c14-05-cloudwatch-synthetics.tf +++ /dev/null @@ -1,31 +0,0 @@ -# Temp CW Synthetics -/*resource "aws_synthetics_canary" "some" { - -}*/ - -## Use Terraform Import -/* -1. Create temp resource as above -2. Take terraform.tfstate backup -cp terraform.tfstate terraform.tfstate_before_canary -terraform import aws_synthetics_canary.some app1-canary-test -*/ - -resource "aws_synthetics_canary" "sswebsite2" { - name = "sswebsite2" - artifact_s3_location = "s3://cw-syn-results-180789647333-us-east-1/canary/us-east-1/sswebsite2" - execution_role_arn = "arn:aws:iam::180789647333:role/service-role/CloudWatchSyntheticsRole-app1-canary-test-eaf-ff4674189c99" - handler = "sswebsite2.handler" - zip_file = "sswebsite2/sswebsite2v1.zip" - runtime_version = "syn-nodejs-puppeteer-6.0" - start_canary = true - - run_config { - active_tracing = true - memory_in_mb = 960 - timeout_in_seconds = 60 - } - schedule { - expression = "rate(1 minute)" - } -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/cw-synthetics-manifests-v1/sswebsite2/nodejs/node_modules/sswebsite2.js b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/cw-synthetics-manifests-v1/sswebsite2/nodejs/node_modules/sswebsite2.js deleted file mode 100644 index 625dcf57..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/cw-synthetics-manifests-v1/sswebsite2/nodejs/node_modules/sswebsite2.js +++ /dev/null @@ -1,95 +0,0 @@ -const URL = require('url'); -const synthetics = require('Synthetics'); -const log = require('SyntheticsLogger'); -const syntheticsConfiguration = synthetics.getConfiguration(); - -const loadBlueprint = async function () { - - const urls = ['https://stacksimplify.com']; - - // Set screenshot option - const takeScreenshot = true; - - /* Disabling default step screen shots taken during Synthetics.executeStep() calls - * Step will be used to publish metrics on time taken to load dom content but - * Screenshots will be taken outside the executeStep to allow for page to completely load with domcontentloaded - * You can change it to load, networkidle0, networkidle2 depending on what works best for you. - */ - syntheticsConfiguration.disableStepScreenshots(); - syntheticsConfiguration.setConfig({ - continueOnStepFailure: true - }); - - let page = await synthetics.getPage(); - - for (const url of urls) { - await loadUrl(page, url, takeScreenshot); - } -}; - -// Reset the page in-between -const resetPage = async function(page) { - try { - await page.goto('about:blank',{waitUntil: ['load', 'networkidle0'], timeout: 30000} ); - } catch(ex) { - synthetics.addExecutionError('Unable to open a blank page ', ex); - } -} - -const loadUrl = async function (page, url, takeScreenshot) { - let stepName = null; - let domcontentloaded = false; - - try { - stepName = URL.parse(url).hostname; - } catch (error) { - const errorString = `Error parsing url: ${url}. ${error}`; - log.error(errorString); - /* If we fail to parse the URL, don't emit a metric with a stepName based on it. - It may not be a legal CloudWatch metric dimension name and we may not have an alarms - setup on the malformed URL stepName. Instead, fail this step which will - show up in the logs and will fail the overall canary and alarm on the overall canary - success rate. - */ - throw error; - } - - await synthetics.executeStep(stepName, async function () { - - /* You can customize the wait condition here. For instance, using 'networkidle2' or 'networkidle0' to load page completely. - networkidle0: Navigation is successful when the page has had no network requests for half a second. This might never happen if page is constantly loading multiple resources. - networkidle2: Navigation is successful when the page has no more then 2 network requests for half a second. - domcontentloaded: It's fired as soon as the page DOM has been loaded, without waiting for resources to finish loading. Can be used and then add explicit await page.waitFor(timeInMs) - */ - const response = await page.goto(url, { waitUntil: ['domcontentloaded'], timeout: 30000}); - if (response) { - domcontentloaded = true; - const status = response.status(); - const statusText = response.statusText(); - - const logResponseString = `Response from url: ${url} Status: ${status} Status Text: ${statusText}`; - - //If the response status code is not a 2xx success code - if (response.status() < 200 || response.status() > 299) { - throw `Failed to load url: ${url} ${response.status()} ${response.statusText()}`; - } - } else { - const logNoResponseString = `No response returned for url: ${url}`; - log.error(logNoResponseString); - throw new Error(logNoResponseString); - } - }); - - // Wait for 15 seconds to let page load fully before taking screenshot. - if (domcontentloaded && takeScreenshot) { - await page.waitFor(15000); - await synthetics.takeScreenshot(stepName, 'loaded'); - await resetPage(page); - } -}; - -const urls = []; - -exports.handler = async () => { - return await loadBlueprint(); -}; \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/cw-synthetics-manifests-v1/sswebsite2/sswebsite2v1.zip b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/cw-synthetics-manifests-v1/sswebsite2/sswebsite2v1.zip deleted file mode 100644 index c2d3acb3..00000000 Binary files a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/cw-synthetics-manifests-v1/sswebsite2/sswebsite2v1.zip and /dev/null differ diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/cw-synthetics-manifests-v2/c1-versions.tf b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/cw-synthetics-manifests-v2/c1-versions.tf deleted file mode 100644 index cb7989da..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/cw-synthetics-manifests-v2/c1-versions.tf +++ /dev/null @@ -1,34 +0,0 @@ -# Terraform Block -terraform { - required_version = "~> 0.14" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 3.0" - } - null = { - source = "hashicorp/null" - version = "~> 3.0" - } - random = { - source = "hashicorp/random" - version = "~> 3.0" - } - } -} - -# Provider Block -provider "aws" { - region = "us-east-1" - profile = "default" -} -/* -Note-1: AWS Credentials Profile (profile = "default") configured on your local desktop terminal -$HOME/.aws/credentials -*/ - -# Create Random Pet Resource -resource "random_pet" "this" { - length = 2 -} - diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/cw-synthetics-manifests-v2/c14-05-cloudwatch-synthetics.tf b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/cw-synthetics-manifests-v2/c14-05-cloudwatch-synthetics.tf deleted file mode 100644 index 8c402cba..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/cw-synthetics-manifests-v2/c14-05-cloudwatch-synthetics.tf +++ /dev/null @@ -1,101 +0,0 @@ -# AWS IAM Policy -resource "aws_iam_policy" "cw_canary_iam_policy" { - name = "cw-canary-iam-policy" - path = "/" - description = "CloudWatch Canary Synthetic IAM Policy" - - # Terraform's "jsonencode" function converts a - # Terraform expression result to valid JSON syntax. - policy = jsonencode({ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "VisualEditor0", - "Effect": "Allow", - "Action": "cloudwatch:PutMetricData", - "Resource": "*", - "Condition": { - "StringEquals": { - "cloudwatch:namespace": "CloudWatchSynthetics" - } - } - }, - { - "Sid": "VisualEditor1", - "Effect": "Allow", - "Action": [ - "s3:PutObject", - "logs:CreateLogStream", - "s3:ListAllMyBuckets", - "logs:CreateLogGroup", - "logs:PutLogEvents", - "s3:GetBucketLocation", - "xray:PutTraceSegments" - ], - "Resource": "*" - } - ] -}) -} - -# AWS IAM Role -resource "aws_iam_role" "cw_canary_iam_role" { - name = "cw-canary-iam-role" - description = "CloudWatch Synthetics lambda execution role for running canaries" - path = "/service-role/" - #assume_role_policy = data.aws_iam_policy_document.instance_assume_role_policy.json # (not shown) - assume_role_policy = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"lambda.amazonaws.com\"},\"Action\":\"sts:AssumeRole\"}]}" - managed_policy_arns = [aws_iam_policy.cw_canary_iam_policy.arn] -} - -# Create S3 Bucket -resource "aws_s3_bucket" "cw_canary_bucket" { - bucket = "cw-canary-bucket-${random_pet.this.id}" - acl = "private" - force_destroy = true - - tags = { - Name = "My bucket" - Environment = "Dev" - } -} - -# AWS CloudWatch Canary -resource "aws_synthetics_canary" "sswebsite2" { - name = "sswebsite2" - artifact_s3_location = "s3://${aws_s3_bucket.cw_canary_bucket.id}/sswebsite2" - execution_role_arn = aws_iam_role.cw_canary_iam_role.arn - handler = "sswebsite2.handler" - zip_file = "sswebsite2/sswebsite2v1.zip" - runtime_version = "syn-nodejs-puppeteer-3.1" - start_canary = true - - run_config { - active_tracing = true - memory_in_mb = 960 - timeout_in_seconds = 60 - } - schedule { - expression = "rate(1 minute)" - } -} - -# AWS CloudWatch Metric Alarm for Synthetics Heart Beat Monitor when availability is less than 10 percent -resource "aws_cloudwatch_metric_alarm" "synthetics_alarm_app1" { - alarm_name = "Synthetics-Alarm-App1" - comparison_operator = "LessThanThreshold" - datapoints_to_alarm = "2" # "2" - evaluation_periods = "3" # "3" - metric_name = "SuccessPercent" - namespace = "CloudWatchSynthetics" - period = "300" - statistic = "Average" - threshold = "90" - treat_missing_data = "breaching" # You can also add "missing" - dimensions = { - CanaryName = aws_synthetics_canary.sswebsite2.id - } - alarm_description = "Synthetics alarm metric: SuccessPercent LessThanThreshold 90" - ok_actions = [aws_sns_topic.myasg_sns_topic.arn] - alarm_actions = [aws_sns_topic.myasg_sns_topic.arn] -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/cw-synthetics-manifests-v2/c9-import-role.tf b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/cw-synthetics-manifests-v2/c9-import-role.tf deleted file mode 100644 index 70d40d15..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/cw-synthetics-manifests-v2/c9-import-role.tf +++ /dev/null @@ -1,5 +0,0 @@ -/*resource "aws_iam_role" "developer" { - -}*/ - -# terraform import aws_iam_role.developer CloudWatchSyntheticsRole-sswebsite-3a7-8333e475ed87 diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/cw-synthetics-manifests-v2/sswebsite2/nodejs/node_modules/sswebsite2.js b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/cw-synthetics-manifests-v2/sswebsite2/nodejs/node_modules/sswebsite2.js deleted file mode 100644 index 625dcf57..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/cw-synthetics-manifests-v2/sswebsite2/nodejs/node_modules/sswebsite2.js +++ /dev/null @@ -1,95 +0,0 @@ -const URL = require('url'); -const synthetics = require('Synthetics'); -const log = require('SyntheticsLogger'); -const syntheticsConfiguration = synthetics.getConfiguration(); - -const loadBlueprint = async function () { - - const urls = ['https://stacksimplify.com']; - - // Set screenshot option - const takeScreenshot = true; - - /* Disabling default step screen shots taken during Synthetics.executeStep() calls - * Step will be used to publish metrics on time taken to load dom content but - * Screenshots will be taken outside the executeStep to allow for page to completely load with domcontentloaded - * You can change it to load, networkidle0, networkidle2 depending on what works best for you. - */ - syntheticsConfiguration.disableStepScreenshots(); - syntheticsConfiguration.setConfig({ - continueOnStepFailure: true - }); - - let page = await synthetics.getPage(); - - for (const url of urls) { - await loadUrl(page, url, takeScreenshot); - } -}; - -// Reset the page in-between -const resetPage = async function(page) { - try { - await page.goto('about:blank',{waitUntil: ['load', 'networkidle0'], timeout: 30000} ); - } catch(ex) { - synthetics.addExecutionError('Unable to open a blank page ', ex); - } -} - -const loadUrl = async function (page, url, takeScreenshot) { - let stepName = null; - let domcontentloaded = false; - - try { - stepName = URL.parse(url).hostname; - } catch (error) { - const errorString = `Error parsing url: ${url}. ${error}`; - log.error(errorString); - /* If we fail to parse the URL, don't emit a metric with a stepName based on it. - It may not be a legal CloudWatch metric dimension name and we may not have an alarms - setup on the malformed URL stepName. Instead, fail this step which will - show up in the logs and will fail the overall canary and alarm on the overall canary - success rate. - */ - throw error; - } - - await synthetics.executeStep(stepName, async function () { - - /* You can customize the wait condition here. For instance, using 'networkidle2' or 'networkidle0' to load page completely. - networkidle0: Navigation is successful when the page has had no network requests for half a second. This might never happen if page is constantly loading multiple resources. - networkidle2: Navigation is successful when the page has no more then 2 network requests for half a second. - domcontentloaded: It's fired as soon as the page DOM has been loaded, without waiting for resources to finish loading. Can be used and then add explicit await page.waitFor(timeInMs) - */ - const response = await page.goto(url, { waitUntil: ['domcontentloaded'], timeout: 30000}); - if (response) { - domcontentloaded = true; - const status = response.status(); - const statusText = response.statusText(); - - const logResponseString = `Response from url: ${url} Status: ${status} Status Text: ${statusText}`; - - //If the response status code is not a 2xx success code - if (response.status() < 200 || response.status() > 299) { - throw `Failed to load url: ${url} ${response.status()} ${response.statusText()}`; - } - } else { - const logNoResponseString = `No response returned for url: ${url}`; - log.error(logNoResponseString); - throw new Error(logNoResponseString); - } - }); - - // Wait for 15 seconds to let page load fully before taking screenshot. - if (domcontentloaded && takeScreenshot) { - await page.waitFor(15000); - await synthetics.takeScreenshot(stepName, 'loaded'); - await resetPage(page); - } -}; - -const urls = []; - -exports.handler = async () => { - return await loadBlueprint(); -}; \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/cw-synthetics-manifests-v2/sswebsite2/sswebsite2v1.zip b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/cw-synthetics-manifests-v2/sswebsite2/sswebsite2v1.zip deleted file mode 100644 index c2d3acb3..00000000 Binary files a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/cw-synthetics-manifests-v2/sswebsite2/sswebsite2v1.zip and /dev/null differ diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/temp-alarm/temp-alarm.tf b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/temp-alarm/temp-alarm.tf deleted file mode 100644 index 1f7c75a4..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/temp-alarm/temp-alarm.tf +++ /dev/null @@ -1,12 +0,0 @@ -provider "aws" { - region = "us-east-1" -} - -resource "aws_cloudwatch_metric_alarm" "temp" { - -} - -/* Create my terraform import command -terraform import aws_cloudwatch_metric_alarm.temp temp-alarm -terraform import aws_cloudwatch_metric_alarm.temp Synthetics-Alarm-my-manual-canary2-1 -*/ \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/temp-alarm/terraform.tfstate-file-alb b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/temp-alarm/terraform.tfstate-file-alb deleted file mode 100644 index 82536555..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/temp-alarm/terraform.tfstate-file-alb +++ /dev/null @@ -1,53 +0,0 @@ -{ - "version": 4, - "terraform_version": "0.15.0", - "serial": 1, - "lineage": "1720e85c-8dab-b211-42ec-8d55d972f7ed", - "outputs": {}, - "resources": [ - { - "mode": "managed", - "type": "aws_cloudwatch_metric_alarm", - "name": "temp", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 1, - "attributes": { - "actions_enabled": true, - "alarm_actions": [ - "arn:aws:sns:us-east-1:180789647333:tempasg-11-sns-topic11" - ], - "alarm_description": "temp-alarm", - "alarm_name": "temp-alarm", - "arn": "arn:aws:cloudwatch:us-east-1:180789647333:alarm:temp-alarm", - "comparison_operator": "GreaterThanThreshold", - "datapoints_to_alarm": 1, - "dimensions": { - "LoadBalancer": "app/hr-stag-alb/0a6f6b656983b09f" - }, - "evaluate_low_sample_count_percentiles": "", - "evaluation_periods": 1, - "extended_statistic": "", - "id": "temp-alarm", - "insufficient_data_actions": [], - "metric_name": "TargetResponseTime", - "metric_query": [], - "namespace": "AWS/ApplicationELB", - "ok_actions": [], - "period": 300, - "statistic": "Average", - "tags": {}, - "tags_all": {}, - "threshold": 100, - "threshold_metric_id": "", - "treat_missing_data": "missing", - "unit": "" - }, - "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==" - } - ] - } - ] -} diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/temp-alarm/terraform.tfstate-file-synthetics-canary b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/temp-alarm/terraform.tfstate-file-synthetics-canary deleted file mode 100644 index b745407c..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/temp-alarm/terraform.tfstate-file-synthetics-canary +++ /dev/null @@ -1,53 +0,0 @@ -{ - "version": 4, - "terraform_version": "0.15.0", - "serial": 1, - "lineage": "7b023b55-71ba-4058-1d03-421f5a234cda", - "outputs": {}, - "resources": [ - { - "mode": "managed", - "type": "aws_cloudwatch_metric_alarm", - "name": "temp", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 1, - "attributes": { - "actions_enabled": true, - "alarm_actions": [ - "arn:aws:sns:us-east-1:180789647333:tempasg-11-sns-topic11" - ], - "alarm_description": "Synthetics alarm metric: SuccessPercent LessThanThreshold 90", - "alarm_name": "Synthetics-Alarm-my-manual-canary2-1", - "arn": "arn:aws:cloudwatch:us-east-1:180789647333:alarm:Synthetics-Alarm-my-manual-canary2-1", - "comparison_operator": "LessThanThreshold", - "datapoints_to_alarm": 1, - "dimensions": { - "CanaryName": "my-manual-canary2" - }, - "evaluate_low_sample_count_percentiles": "", - "evaluation_periods": 1, - "extended_statistic": "", - "id": "Synthetics-Alarm-my-manual-canary2-1", - "insufficient_data_actions": [], - "metric_name": "SuccessPercent", - "metric_query": [], - "namespace": "CloudWatchSynthetics", - "ok_actions": [], - "period": 300, - "statistic": "Average", - "tags": {}, - "tags_all": {}, - "threshold": 90, - "threshold_metric_id": "", - "treat_missing_data": "breaching", - "unit": "" - }, - "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==" - } - ] - } - ] -} diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/app1-install.sh b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/app1-install.sh deleted file mode 100644 index f697dd1d..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/app1-install.sh +++ /dev/null @@ -1,12 +0,0 @@ -#! /bin/bash -# Instance Identity Metadata Reference - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html -sudo yum update -y -sudo yum install -y httpd -sudo systemctl enable httpd -sudo service httpd start -sudo echo 'Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app1/index.html -sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app1/metadata.html - - diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c1-versions.tf b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c1-versions.tf deleted file mode 100644 index dcab69ff..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c1-versions.tf +++ /dev/null @@ -1,34 +0,0 @@ -# Terraform Block -terraform { - required_version = ">= 1.6" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 5.0" - } - null = { - source = "hashicorp/null" - version = "~> 3.0" - } - random = { - source = "hashicorp/random" - version = "~> 3.0" - } - } -} - -# Provider Block -provider "aws" { - region = var.aws_region - profile = "default" -} -/* -Note-1: AWS Credentials Profile (profile = "default") configured on your local desktop terminal -$HOME/.aws/credentials -*/ - -# Create Random Pet Resource -resource "random_pet" "this" { - length = 2 -} - diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf deleted file mode 100644 index 0aeebd65..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf +++ /dev/null @@ -1,3 +0,0 @@ -# Terraform AWS Application Load Balancer Variables -# Place holder file for AWS ALB Variables - diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c10-02-ALB-application-loadbalancer.tf b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c10-02-ALB-application-loadbalancer.tf deleted file mode 100644 index 4d83f1e6..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c10-02-ALB-application-loadbalancer.tf +++ /dev/null @@ -1,103 +0,0 @@ -# Terraform AWS Application Load Balancer (ALB) -module "alb" { - source = "terraform-aws-modules/alb/aws" - #version = "5.16.0" - version = "9.2.0" - - name = "${local.name}-alb" - load_balancer_type = "application" - vpc_id = module.vpc.vpc_id - subnets = module.vpc.public_subnets - security_groups = [module.loadbalancer_sg.security_group_id] - - # For example only - enable_deletion_protection = false - -# Listeners - listeners = { - # Listener-1: my-http-https-redirect - my-http-https-redirect = { - port = 80 - protocol = "HTTP" - redirect = { - port = "443" - protocol = "HTTPS" - status_code = "HTTP_301" - } - }# End my-http-https-redirect Listener - - # Listener-2: my-https-listener - my-https-listener = { - port = 443 - protocol = "HTTPS" - ssl_policy = "ELBSecurityPolicy-TLS13-1-2-Res-2021-06" - certificate_arn = module.acm.acm_certificate_arn - - # Fixed Response for Root Context - fixed_response = { - content_type = "text/plain" - message_body = "Fixed Static message - for Root Context" - status_code = "200" - }# End of Fixed Response - - # Load Balancer Rules - rules = { - # Rule-1: myapp1-rule - myapp1-rule = { - actions = [{ - type = "weighted-forward" - target_groups = [ - { - target_group_key = "mytg1" - weight = 1 - } - ] - stickiness = { - enabled = true - duration = 3600 - } - }] - conditions = [{ - path_pattern = { - values = ["/*"] - } - }] - }# End of myapp1-rule - }# End Rules Block - }# End my-https-listener Block - }# End Listeners Block - -# Target Groups - target_groups = { - # Target Group-1: mytg1 - mytg1 = { - # VERY IMPORTANT: We will create aws_lb_target_group_attachment resource separately when we use create_attachment = false, refer above GitHub issue URL. - ## Github ISSUE: https://github.com/terraform-aws-modules/terraform-aws-alb/issues/316 - ## Search for "create_attachment" to jump to that Github issue solution - create_attachment = false - name_prefix = "mytg1-" - protocol = "HTTP" - port = 80 - target_type = "instance" - deregistration_delay = 10 - load_balancing_cross_zone_enabled = false - protocol_version = "HTTP1" - health_check = { - enabled = true - interval = 30 - path = "/app1/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - protocol = "HTTP" - matcher = "200-399" - }# End of Health Check Block - tags = local.common_tags # Target Group Tags - } # END of Target Group-1: mytg1 - - } # END OF target_groups - tags = local.common_tags # ALB Tags -}# End of alb module - - diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf deleted file mode 100644 index 25387755..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf +++ /dev/null @@ -1,41 +0,0 @@ -# Terraform AWS Application Load Balancer (ALB) Outputs - -output "lb_id" { - description = "The ID and ARN of the load balancer we created." - value = module.alb.id -} - -output "lb_arn" { - description = "The ID and ARN of the load balancer we created." - value = module.alb.arn -} - -output "lb_dns_name" { - description = "The DNS name of the load balancer." - value = module.alb.dns_name -} - -output "lb_arn_suffix" { - description = "ARN suffix of our load balancer - can be used with CloudWatch." - value = module.alb.arn_suffix -} - -output "lb_zone_id" { - description = "The zone_id of the load balancer to assist with creating DNS records." - value = module.alb.zone_id -} - -output "listener_rules" { - description = "Map of listeners rules created and their attributes" - value = module.alb.listener_rules -} - -output "listeners" { - description = "Map of listeners created and their attributes" - value = module.alb.listeners -} - -output "target_groups" { - description = "Map of target groups created and their attributes" - value = module.alb.target_groups -} diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c11-acm-certificatemanager.tf b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c11-acm-certificatemanager.tf deleted file mode 100644 index e5ea7d06..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c11-acm-certificatemanager.tf +++ /dev/null @@ -1,26 +0,0 @@ -# ACM Module - To create and Verify SSL Certificates -module "acm" { - source = "terraform-aws-modules/acm/aws" - #version = "2.14.0" - #version = "3.0.0" - version = "5.0.0" - - domain_name = trimsuffix(data.aws_route53_zone.mydomain.name, ".") - zone_id = data.aws_route53_zone.mydomain.zone_id - - subject_alternative_names = [ - "*.devopsincloud.com" - ] - tags = local.common_tags - # Validation Method - validation_method = "DNS" - wait_for_validation = true -} - -# Output ACM Certificate ARN -output "this_acm_certificate_arn" { - description = "The ARN of the certificate" - #value = module.acm.this_acm_certificate_arn - value = module.acm.acm_certificate_arn -} - diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c12-route53-dnsregistration.tf b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c12-route53-dnsregistration.tf deleted file mode 100644 index d28e185b..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c12-route53-dnsregistration.tf +++ /dev/null @@ -1,13 +0,0 @@ -# DNS Registration -resource "aws_route53_record" "apps_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = "cloudwatch.devopsincloud.com" - type = "A" - alias { - #name = module.alb.lb_dns_name - #zone_id = module.alb.lb_zone_id - name = module.alb.dns_name - zone_id = module.alb.zone_id - evaluate_target_health = true - } -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c13-01-autoscaling-with-launchtemplate-variables.tf b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c13-01-autoscaling-with-launchtemplate-variables.tf deleted file mode 100644 index 72ba1abd..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c13-01-autoscaling-with-launchtemplate-variables.tf +++ /dev/null @@ -1,2 +0,0 @@ -# Autoscaling Input Variables -## Placeholder file \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c13-02-autoscaling-launchtemplate-resource.tf b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c13-02-autoscaling-launchtemplate-resource.tf deleted file mode 100644 index 4fd4d7ae..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c13-02-autoscaling-launchtemplate-resource.tf +++ /dev/null @@ -1,34 +0,0 @@ -# Launch Template Resource -resource "aws_launch_template" "my_launch_template" { - name = "my-launch-template" - description = "My Launch Template" - image_id = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - - vpc_security_group_ids = [module.private_sg.security_group_id] - key_name = var.instance_keypair - user_data = filebase64("${path.module}/app1-install.sh") - ebs_optimized = true - #default_version = 1 - update_default_version = true - block_device_mappings { - device_name = "/dev/sda1" - ebs { - volume_size = 10 - #volume_size = 20 # LT Update Testing - Version 2 of LT - delete_on_termination = true - volume_type = "gp2" # default is gp2 - } - } - monitoring { - enabled = true - } - - tag_specifications { - resource_type = "instance" - tags = { - Name = "myasg" - } - } -} - diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c13-03-autoscaling-resource.tf b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c13-03-autoscaling-resource.tf deleted file mode 100644 index 262be922..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c13-03-autoscaling-resource.tf +++ /dev/null @@ -1,34 +0,0 @@ -# Autoscaling Group Resource -resource "aws_autoscaling_group" "my_asg" { - name_prefix = "myasg-" - desired_capacity = 2 - max_size = 10 - min_size = 2 - vpc_zone_identifier = module.vpc.private_subnets - #target_group_arns = module.alb.target_group_arns - target_group_arns = [module.alb.target_groups["mytg1"].arn] # UPDATED NOV2023 - health_check_type = "EC2" - #health_check_grace_period = 300 # default is 300 seconds - # Launch Template - launch_template { - id = aws_launch_template.my_launch_template.id - version = aws_launch_template.my_launch_template.latest_version - } - # Instance Refresh - instance_refresh { - strategy = "Rolling" - preferences { - #instance_warmup = 300 # Default behavior is to use the Auto Scaling Group's health check grace period. - min_healthy_percentage = 50 - } - triggers = [ /*"launch_template",*/ "desired_capacity" ] # You can add any argument from ASG here, if those has changes, ASG Instance Refresh will trigger - } - tag { - key = "Owners" - value = "Web-Team" - propagate_at_launch = true - } -} - - - diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c13-04-autoscaling-with-launchtemplate-outputs.tf b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c13-04-autoscaling-with-launchtemplate-outputs.tf deleted file mode 100644 index a23e76f4..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c13-04-autoscaling-with-launchtemplate-outputs.tf +++ /dev/null @@ -1,26 +0,0 @@ -# Launch Template Outputs -output "launch_template_id" { - description = "Launch Template ID" - value = aws_launch_template.my_launch_template.id -} - -output "launch_template_latest_version" { - description = "Launch Template Latest Version" - value = aws_launch_template.my_launch_template.latest_version -} - -# Autoscaling Outputs -output "autoscaling_group_id" { - description = "Autoscaling Group ID" - value = aws_autoscaling_group.my_asg.id -} - -output "autoscaling_group_name" { - description = "Autoscaling Group Name" - value = aws_autoscaling_group.my_asg.name -} - -output "autoscaling_group_arn" { - description = "Autoscaling Group ARN" - value = aws_autoscaling_group.my_asg.arn -} diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c13-05-autoscaling-notifications.tf b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c13-05-autoscaling-notifications.tf deleted file mode 100644 index e2c85343..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c13-05-autoscaling-notifications.tf +++ /dev/null @@ -1,27 +0,0 @@ -# Autoscaling Notifications -## AWS Bug for SNS Topic: https://stackoverflow.com/questions/62694223/cloudwatch-alarm-pending-confirmation -## Due to that create SNS Topic with unique name - -## SNS - Topic -resource "aws_sns_topic" "myasg_sns_topic" { - name = "myasg-sns-topic-${random_pet.this.id}" -} - -## SNS - Subscription -resource "aws_sns_topic_subscription" "myasg_sns_topic_subscription" { - topic_arn = aws_sns_topic.myasg_sns_topic.arn - protocol = "email" - endpoint = "stacksimplify@gmail.com" -} - -## Create Autoscaling Notification Resource -resource "aws_autoscaling_notification" "myasg_notifications" { - group_names = [aws_autoscaling_group.my_asg.id] - notifications = [ - "autoscaling:EC2_INSTANCE_LAUNCH", - "autoscaling:EC2_INSTANCE_TERMINATE", - "autoscaling:EC2_INSTANCE_LAUNCH_ERROR", - "autoscaling:EC2_INSTANCE_TERMINATE_ERROR", - ] - topic_arn = aws_sns_topic.myasg_sns_topic.arn -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c13-06-autoscaling-ttsp.tf b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c13-06-autoscaling-ttsp.tf deleted file mode 100644 index 7aff1040..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c13-06-autoscaling-ttsp.tf +++ /dev/null @@ -1,40 +0,0 @@ -###### Target Tracking Scaling Policies ###### -# TTS - Scaling Policy-1: Based on CPU Utilization -# Define Autoscaling Policies and Associate them to Autoscaling Group -resource "aws_autoscaling_policy" "avg_cpu_policy_greater_than_xx" { - name = "avg-cpu-policy-greater-than-xx" - policy_type = "TargetTrackingScaling" # Important Note: The policy type, either "SimpleScaling", "StepScaling" or "TargetTrackingScaling". If this value isn't provided, AWS will default to "SimpleScaling." - autoscaling_group_name = aws_autoscaling_group.my_asg.id - estimated_instance_warmup = 180 # defaults to ASG default cooldown 300 seconds if not set - # CPU Utilization is above 50 - target_tracking_configuration { - predefined_metric_specification { - predefined_metric_type = "ASGAverageCPUUtilization" - } - target_value = 50.0 - } - -} - -# TTS - Scaling Policy-2: Based on ALB Target Requests -resource "aws_autoscaling_policy" "alb_target_requests_greater_than_yy" { - name = "alb-target-requests-greater-than-yy" - policy_type = "TargetTrackingScaling" # Important Note: The policy type, either "SimpleScaling", "StepScaling" or "TargetTrackingScaling". If this value isn't provided, AWS will default to "SimpleScaling." - autoscaling_group_name = aws_autoscaling_group.my_asg.id - estimated_instance_warmup = 120 # defaults to ASG default cooldown 300 seconds if not set - # Number of requests > 10 completed per target in an Application Load Balancer target group. - target_tracking_configuration { - predefined_metric_specification { - predefined_metric_type = "ALBRequestCountPerTarget" - #resource_label = "${module.alb.lb_arn_suffix}/${module.alb.target_group_arn_suffixes[0]}" - resource_label = "${module.alb.arn_suffix}/${module.alb.target_groups["mytg1"].arn_suffix}" # UPDATED NOV2023 - } - target_value = 10.0 - } -} - -# Updated Nov2023 -output "asg_build_resource_label" { - value = "${module.alb.arn_suffix}/${module.alb.target_groups["mytg1"].arn_suffix}" -} - diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c13-07-autoscaling-scheduled-actions.tf b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c13-07-autoscaling-scheduled-actions.tf deleted file mode 100644 index f8d000b4..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c13-07-autoscaling-scheduled-actions.tf +++ /dev/null @@ -1,23 +0,0 @@ -## Create Scheduled Actions -### Create Scheduled Action-1: Increase capacity during business hours -resource "aws_autoscaling_schedule" "increase_capacity_7am" { - scheduled_action_name = "increase-capacity-7am" - min_size = 2 - max_size = 10 - desired_capacity = 8 - start_time = "2030-03-30T11:00:00Z" # Time should be provided in UTC Timezone (11am UTC = 7AM EST) - recurrence = "00 09 * * *" - autoscaling_group_name = aws_autoscaling_group.my_asg.id -} -### Create Scheduled Action-2: Decrease capacity during business hours -resource "aws_autoscaling_schedule" "decrease_capacity_5pm" { - scheduled_action_name = "decrease-capacity-5pm" - min_size = 2 - max_size = 10 - desired_capacity = 2 - start_time = "2030-03-30T21:00:00Z" # Time should be provided in UTC Timezone (9PM UTC = 5PM EST) - recurrence = "00 21 * * *" - autoscaling_group_name = aws_autoscaling_group.my_asg.id -} - - diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c14-01-cloudwatch-variables.tf b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c14-01-cloudwatch-variables.tf deleted file mode 100644 index da5ba7ec..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c14-01-cloudwatch-variables.tf +++ /dev/null @@ -1,2 +0,0 @@ -# AWS CloudWatch Input Variables -## Place holder file for AWS CloudWatch Input Variables \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c14-02-cloudwatch-asg-alarms.tf b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c14-02-cloudwatch-asg-alarms.tf deleted file mode 100644 index a3c487b7..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c14-02-cloudwatch-asg-alarms.tf +++ /dev/null @@ -1,35 +0,0 @@ -# Define CloudWatch Alarms for Autoscaling Groups - -# Autoscaling - Scaling Policy for High CPU -resource "aws_autoscaling_policy" "high_cpu" { - name = "high-cpu" - scaling_adjustment = 4 - adjustment_type = "ChangeInCapacity" - cooldown = 300 - autoscaling_group_name = aws_autoscaling_group.my_asg.name -} - -# Cloud Watch Alarm to trigger the above scaling policy when CPU Utilization is above 80% -# Also send the notificaiton email to users present in SNS Topic Subscription -resource "aws_cloudwatch_metric_alarm" "app1_asg_cwa_cpu" { - alarm_name = "App1-ASG-CWA-CPUUtilization" - comparison_operator = "GreaterThanOrEqualToThreshold" - evaluation_periods = "2" - metric_name = "CPUUtilization" - namespace = "AWS/EC2" - period = "120" - statistic = "Average" - threshold = "80" - - dimensions = { - AutoScalingGroupName = aws_autoscaling_group.my_asg.name - } - - alarm_description = "This metric monitors ec2 cpu utilization and triggers the ASG Scaling policy to scale-out if CPU is above 80%" - - ok_actions = [aws_sns_topic.myasg_sns_topic.arn] - alarm_actions = [ - aws_autoscaling_policy.high_cpu.arn, - aws_sns_topic.myasg_sns_topic.arn - ] -} diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c14-03-cloudwatch-alb-alarms.tf b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c14-03-cloudwatch-alb-alarms.tf deleted file mode 100644 index e8f973da..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c14-03-cloudwatch-alb-alarms.tf +++ /dev/null @@ -1,32 +0,0 @@ -# Define CloudWatch Alarms for ALB -# Alert if HTTP 4xx errors are more than threshold value -resource "aws_cloudwatch_metric_alarm" "alb_4xx_errors" { - alarm_name = "App1-ALB-HTTP-4xx-errors" - comparison_operator = "GreaterThanThreshold" - datapoints_to_alarm = "2" # "2" - evaluation_periods = "3" # "3" - metric_name = "HTTPCode_Target_4XX_Count" - namespace = "AWS/ApplicationELB" - period = "120" - statistic = "Sum" - threshold = "5" # Update real-world value like 100, 200 etc - treat_missing_data = "missing" - dimensions = { - #LoadBalancer = module.alb.lb_arn_suffix - LoadBalancer = module.alb.arn_suffix # UPDATED - } - alarm_description = "This metric monitors ALB HTTP 4xx errors and if they are above 100 in specified interval, it is going to send a notification email" - ok_actions = [aws_sns_topic.myasg_sns_topic.arn] - alarm_actions = [aws_sns_topic.myasg_sns_topic.arn] -} - -# Per AppELB Metrics -## - HTTPCode_ELB_5XX_Count -## - HTTPCode_ELB_502_Count -## - TargetResponseTime -# Per AppELB, per TG Metrics -## - UnHealthyHostCount -## - HealthyHostCount -## - HTTPCode_Target_4XX_Count -## - TargetResponseTime - diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c14-04-cloudwatch-cis-alarms.tf b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c14-04-cloudwatch-cis-alarms.tf deleted file mode 100644 index 7a877db1..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c14-04-cloudwatch-cis-alarms.tf +++ /dev/null @@ -1,17 +0,0 @@ -# Create Log Group for CIS -resource "aws_cloudwatch_log_group" "cis_log_group" { - name = "cis-log-group-${random_pet.this.id}" -} - -# Define CIS Alarms -module "all_cis_alarms" { - source = "terraform-aws-modules/cloudwatch/aws//modules/cis-alarms" - version = "2.1.0" - #create = false - - disabled_controls = ["DisableOrDeleteCMK", "VPCChanges"] - - log_group_name = aws_cloudwatch_log_group.cis_log_group.name - alarm_actions = [aws_sns_topic.myasg_sns_topic.arn] - tags = local.common_tags -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c14-05-cloudwatch-synthetics.tf b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c14-05-cloudwatch-synthetics.tf deleted file mode 100644 index e0dbfd40..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c14-05-cloudwatch-synthetics.tf +++ /dev/null @@ -1,115 +0,0 @@ -# AWS IAM Policy -resource "aws_iam_policy" "cw_canary_iam_policy" { - name = "cw-canary-iam-policy" - path = "/" - description = "CloudWatch Canary Synthetic IAM Policy" - - # Terraform's "jsonencode" function converts a - # Terraform expression result to valid JSON syntax. - policy = jsonencode({ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "VisualEditor0", - "Effect": "Allow", - "Action": "cloudwatch:PutMetricData", - "Resource": "*", - "Condition": { - "StringEquals": { - "cloudwatch:namespace": "CloudWatchSynthetics" - } - } - }, - { - "Sid": "VisualEditor1", - "Effect": "Allow", - "Action": [ - "s3:PutObject", - "logs:CreateLogStream", - "s3:ListAllMyBuckets", - "logs:CreateLogGroup", - "logs:PutLogEvents", - "s3:GetBucketLocation", - "xray:PutTraceSegments" - ], - "Resource": "*" - } - ] -}) -} - -# AWS IAM Role -resource "aws_iam_role" "cw_canary_iam_role" { - name = "cw-canary-iam-role" - description = "CloudWatch Synthetics lambda execution role for running canaries" - path = "/service-role/" - #assume_role_policy = data.aws_iam_policy_document.instance_assume_role_policy.json # (not shown) - assume_role_policy = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"lambda.amazonaws.com\"},\"Action\":\"sts:AssumeRole\"}]}" - managed_policy_arns = [aws_iam_policy.cw_canary_iam_policy.arn] -} - -# Create S3 Bucket -resource "aws_s3_bucket" "cw_canary_bucket" { - bucket = "cw-canary-bucket-${random_pet.this.id}" - #acl = "private" # UPDATED - force_destroy = true - - tags = { - Name = "My bucket" - Environment = "Dev" - } -} -# Create S3 Bucket Ownership control - ADDED NEW -resource "aws_s3_bucket_ownership_controls" "example" { - bucket = aws_s3_bucket.cw_canary_bucket.id - rule { - object_ownership = "BucketOwnerPreferred" - } -} -# Create S3 Bucket ACL - ADDED NEW -resource "aws_s3_bucket_acl" "example" { - depends_on = [aws_s3_bucket_ownership_controls.example] - bucket = aws_s3_bucket.cw_canary_bucket.id - acl = "private" -} - -# AWS CloudWatch Canary -resource "aws_synthetics_canary" "sswebsite2" { - name = "sswebsite2" - artifact_s3_location = "s3://${aws_s3_bucket.cw_canary_bucket.id}/sswebsite2" - execution_role_arn = aws_iam_role.cw_canary_iam_role.arn - handler = "sswebsite2.handler" - zip_file = "sswebsite2/sswebsite2v1.zip" - #runtime_version = "syn-nodejs-puppeteer-3.1" - runtime_version = "syn-nodejs-puppeteer-6.0" # UPDATED NOV2023 - start_canary = true - - run_config { - active_tracing = true - memory_in_mb = 960 - timeout_in_seconds = 60 - } - schedule { - expression = "rate(1 minute)" - } -} - -# AWS CloudWatch Metric Alarm for Synthetics Heart Beat Monitor when availability is less than 10 percent -resource "aws_cloudwatch_metric_alarm" "synthetics_alarm_app1" { - alarm_name = "Synthetics-Alarm-App1" - comparison_operator = "LessThanThreshold" - datapoints_to_alarm = "1" # "2" - evaluation_periods = "1" # "3" - metric_name = "SuccessPercent" - namespace = "CloudWatchSynthetics" - period = "300" - statistic = "Average" - threshold = "90" - treat_missing_data = "breaching" # You can also add "missing" - dimensions = { - CanaryName = aws_synthetics_canary.sswebsite2.id - } - alarm_description = "Synthetics alarm metric: SuccessPercent LessThanThreshold 90" - ok_actions = [aws_sns_topic.myasg_sns_topic.arn] - alarm_actions = [aws_sns_topic.myasg_sns_topic.arn] -} diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c2-generic-variables.tf b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c2-generic-variables.tf deleted file mode 100644 index c238ceaa..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c2-generic-variables.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Input Variables -# AWS Region -variable "aws_region" { - description = "Region in which AWS Resources to be created" - type = string - default = "us-east-1" -} -# Environment Variable -variable "environment" { - description = "Environment Variable used as a prefix" - type = string - default = "dev" -} -# Business Division -variable "business_divsion" { - description = "Business Division in the large organization this Infrastructure belongs" - type = string - default = "sap" -} diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c3-local-values.tf b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c3-local-values.tf deleted file mode 100644 index ba7f09c2..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c3-local-values.tf +++ /dev/null @@ -1,25 +0,0 @@ -# Define Local Values in Terraform -locals { - owners = var.business_divsion - environment = var.environment - name = "${var.business_divsion}-${var.environment}" - #name = "${local.owners}-${local.environment}" - common_tags = { - owners = local.owners - environment = local.environment - } - - asg_tags = [ - { - key = "Project" - value = "megasecret" - propagate_at_launch = true - }, - { - key = "foo" - value = "" - propagate_at_launch = true - }, - ] - -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c4-01-vpc-variables.tf b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c4-01-vpc-variables.tf deleted file mode 100644 index b68d0a48..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c4-01-vpc-variables.tf +++ /dev/null @@ -1,77 +0,0 @@ -# VPC Input Variables - -# VPC Name -variable "vpc_name" { - description = "VPC Name" - type = string - default = "myvpc" -} - -# VPC CIDR Block -variable "vpc_cidr_block" { - description = "VPC CIDR Block" - type = string - default = "10.0.0.0/16" -} - -# VPC Availability Zones -variable "vpc_availability_zones" { - description = "VPC Availability Zones" - type = list(string) - default = ["us-east-1a", "us-east-1b"] -} - -# VPC Public Subnets -variable "vpc_public_subnets" { - description = "VPC Public Subnets" - type = list(string) - default = ["10.0.101.0/24", "10.0.102.0/24"] -} - -# VPC Private Subnets -variable "vpc_private_subnets" { - description = "VPC Private Subnets" - type = list(string) - default = ["10.0.1.0/24", "10.0.2.0/24"] -} - -# VPC Database Subnets -variable "vpc_database_subnets" { - description = "VPC Database Subnets" - type = list(string) - default = ["10.0.151.0/24", "10.0.152.0/24"] -} - -# VPC Create Database Subnet Group (True / False) -variable "vpc_create_database_subnet_group" { - description = "VPC Create Database Subnet Group" - type = bool - default = true -} - -# VPC Create Database Subnet Route Table (True or False) -variable "vpc_create_database_subnet_route_table" { - description = "VPC Create Database Subnet Route Table" - type = bool - default = true -} - - -# VPC Enable NAT Gateway (True or False) -variable "vpc_enable_nat_gateway" { - description = "Enable NAT Gateways for Private Subnets Outbound Communication" - type = bool - default = true -} - -# VPC Single NAT Gateway (True or False) -variable "vpc_single_nat_gateway" { - description = "Enable only single NAT Gateway in one Availability Zone to save costs during our demos" - type = bool - default = true -} - - - - - diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c4-02-vpc-module.tf b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c4-02-vpc-module.tf deleted file mode 100644 index b23f27ac..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c4-02-vpc-module.tf +++ /dev/null @@ -1,44 +0,0 @@ -# Create VPC Terraform Module -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - #version = "2.78.0" - #version = "3.0.0" - version = "5.2.0" - - # VPC Basic Details - name = "${local.name}-${var.vpc_name}" - cidr = var.vpc_cidr_block - azs = var.vpc_availability_zones - public_subnets = var.vpc_public_subnets - private_subnets = var.vpc_private_subnets - - # Database Subnets - database_subnets = var.vpc_database_subnets - create_database_subnet_group = var.vpc_create_database_subnet_group - create_database_subnet_route_table = var.vpc_create_database_subnet_route_table - # create_database_internet_gateway_route = true - # create_database_nat_gateway_route = true - - # NAT Gateways - Outbound Communication - enable_nat_gateway = var.vpc_enable_nat_gateway - single_nat_gateway = var.vpc_single_nat_gateway - - # VPC DNS Parameters - enable_dns_hostnames = true - enable_dns_support = true - - - tags = local.common_tags - vpc_tags = local.common_tags - - # Additional Tags to Subnets - public_subnet_tags = { - Type = "Public Subnets" - } - private_subnet_tags = { - Type = "Private Subnets" - } - database_subnet_tags = { - Type = "Private Database Subnets" - } -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c4-03-vpc-outputs.tf b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c4-03-vpc-outputs.tf deleted file mode 100644 index c144e991..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c4-03-vpc-outputs.tf +++ /dev/null @@ -1,37 +0,0 @@ -# VPC Output Values - -# VPC ID -output "vpc_id" { - description = "The ID of the VPC" - value = module.vpc.vpc_id -} - -# VPC CIDR blocks -output "vpc_cidr_block" { - description = "The CIDR block of the VPC" - value = module.vpc.vpc_cidr_block -} - -# VPC Private Subnets -output "private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc.private_subnets -} - -# VPC Public Subnets -output "public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc.public_subnets -} - -# VPC NAT gateway Public IP -output "nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_public_ips -} - -# VPC AZs -output "azs" { - description = "A list of availability zones spefified as argument to this module" - value = module.vpc.azs -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c5-01-securitygroup-variables.tf b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c5-01-securitygroup-variables.tf deleted file mode 100644 index fecdef54..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c5-01-securitygroup-variables.tf +++ /dev/null @@ -1,2 +0,0 @@ -# AWS EC2 Security Group Terraform Variables -## Placeholder file for Variables diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c5-02-securitygroup-outputs.tf b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c5-02-securitygroup-outputs.tf deleted file mode 100644 index 2bd8f58c..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c5-02-securitygroup-outputs.tf +++ /dev/null @@ -1,46 +0,0 @@ -# AWS EC2 Security Group Terraform Outputs - -# Public Bastion Host Security Group Outputs -## public_bastion_sg_group_id -output "public_bastion_sg_group_id" { - description = "The ID of the security group" - #value = module.public_bastion_sg.this_security_group_id - value = module.public_bastion_sg.security_group_id -} - -## public_bastion_sg_group_vpc_id -output "public_bastion_sg_group_vpc_id" { - description = "The VPC ID" - #value = module.public_bastion_sg.this_security_group_vpc_id - value = module.public_bastion_sg.security_group_vpc_id -} - -## public_bastion_sg_group_name -output "public_bastion_sg_group_name" { - description = "The name of the security group" - #value = module.public_bastion_sg.this_security_group_name - value = module.public_bastion_sg.security_group_name -} - -# Private EC2 Instances Security Group Outputs -## private_sg_group_id -output "private_sg_group_id" { - description = "The ID of the security group" - #value = module.private_sg.this_security_group_id - value = module.private_sg.security_group_id -} - -## private_sg_group_vpc_id -output "private_sg_group_vpc_id" { - description = "The VPC ID" - #value = module.private_sg.this_security_group_vpc_id - value = module.private_sg.security_group_vpc_id -} - -## private_sg_group_name -output "private_sg_group_name" { - description = "The name of the security group" - #value = module.private_sg.this_security_group_name - value = module.private_sg.security_group_name -} - diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c5-03-securitygroup-bastionsg.tf b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c5-03-securitygroup-bastionsg.tf deleted file mode 100644 index 823d8a93..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c5-03-securitygroup-bastionsg.tf +++ /dev/null @@ -1,18 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Public Bastion Host -module "public_bastion_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - #version = "4.0.0" - version = "5.1.0" - - name = "public-bastion-sg" - description = "Security Group with SSH port open for everybody (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c5-04-securitygroup-privatesg.tf b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c5-04-securitygroup-privatesg.tf deleted file mode 100644 index 0f066b5b..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c5-04-securitygroup-privatesg.tf +++ /dev/null @@ -1,19 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Private EC2 Instances -module "private_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - #version = "4.0.0" - version = "5.1.0" - - name = "private-sg" - description = "Security Group with HTTP & SSH port open for entire VPC Block (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp", "http-80-tcp", "http-8080-tcp"] - ingress_cidr_blocks = [module.vpc.vpc_cidr_block] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} - diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf deleted file mode 100644 index 01e68150..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf +++ /dev/null @@ -1,30 +0,0 @@ -# Security Group for Public Load Balancer -module "loadbalancer_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - #version = "4.0.0" - version = "5.1.0" - - name = "loadbalancer-sg" - description = "Security Group with HTTP open for entire Internet (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["http-80-tcp", "https-443-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags - - # Open to CIDRs blocks (rule or from_port+to_port+protocol+description) - ingress_with_cidr_blocks = [ - { - from_port = 81 - to_port = 81 - protocol = 6 - description = "Allow Port 81 from internet" - cidr_blocks = "0.0.0.0/0" - }, - ] -} - - diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c6-01-datasource-ami.tf b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c6-01-datasource-ami.tf deleted file mode 100644 index c292b608..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c6-01-datasource-ami.tf +++ /dev/null @@ -1,21 +0,0 @@ -# Get latest AMI ID for Amazon Linux2 OS -data "aws_ami" "amzlinux2" { - most_recent = true - owners = [ "amazon" ] - filter { - name = "name" - values = [ "amzn2-ami-hvm-*-gp2" ] - } - filter { - name = "root-device-type" - values = [ "ebs" ] - } - filter { - name = "virtualization-type" - values = [ "hvm" ] - } - filter { - name = "architecture" - values = [ "x86_64" ] - } -} diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c6-02-datasource-route53-zone.tf b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c6-02-datasource-route53-zone.tf deleted file mode 100644 index a30979d5..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c6-02-datasource-route53-zone.tf +++ /dev/null @@ -1,16 +0,0 @@ -# Get DNS information from AWS Route53 -data "aws_route53_zone" "mydomain" { - name = "devopsincloud.com" -} - -# Output MyDomain Zone ID -output "mydomain_zoneid" { - description = "The Hosted Zone id of the desired Hosted Zone" - value = data.aws_route53_zone.mydomain.zone_id -} - -# Output MyDomain name -output "mydomain_name" { - description = " The Hosted Zone name of the desired Hosted Zone." - value = data.aws_route53_zone.mydomain.name -} diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c7-01-ec2instance-variables.tf b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c7-01-ec2instance-variables.tf deleted file mode 100644 index 5067bec2..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c7-01-ec2instance-variables.tf +++ /dev/null @@ -1,23 +0,0 @@ -# AWS EC2 Instance Terraform Variables -# EC2 Instance Variables - -# AWS EC2 Instance Type -variable "instance_type" { - description = "EC2 Instance Type" - type = string - default = "t3.micro" -} - -# AWS EC2 Instance Key Pair -variable "instance_keypair" { - description = "AWS EC2 Key pair that need to be associated with EC2 Instance" - type = string - default = "terraform-key" -} - -# AWS EC2 Private Instance Count -variable "private_instance_count" { - description = "AWS EC2 Private Instances Count" - type = number - default = 1 -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c7-02-ec2instance-outputs.tf b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c7-02-ec2instance-outputs.tf deleted file mode 100644 index 14415a3f..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c7-02-ec2instance-outputs.tf +++ /dev/null @@ -1,15 +0,0 @@ -# AWS EC2 Instance Terraform Outputs -# Public EC2 Instances - Bastion Host - -## ec2_bastion_public_instance_ids -output "ec2_bastion_public_instance_ids" { - description = "List of IDs of instances" - value = module.ec2_public.id -} - -## ec2_bastion_public_ip -output "ec2_bastion_public_ip" { - description = "List of public IP addresses assigned to the instances" - value = module.ec2_public.public_ip -} - diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c7-03-ec2instance-bastion.tf b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c7-03-ec2instance-bastion.tf deleted file mode 100644 index 3e60ba74..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c7-03-ec2instance-bastion.tf +++ /dev/null @@ -1,19 +0,0 @@ -# AWS EC2 Instance Terraform Module -# Bastion Host - EC2 Instance that will be created in VPC Public Subnet -module "ec2_public" { - source = "terraform-aws-modules/ec2-instance/aws" - #version = "2.17.0" - version = "5.5.0" - # insert the 10 required variables here - name = "${var.environment}-BastionHost" - #instance_count = 5 - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - subnet_id = module.vpc.public_subnets[0] - #vpc_security_group_ids = [module.public_bastion_sg.this_security_group_id] - vpc_security_group_ids = [module.public_bastion_sg.security_group_id] - tags = local.common_tags -} - diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c8-elasticip.tf b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c8-elasticip.tf deleted file mode 100644 index 0157705d..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c8-elasticip.tf +++ /dev/null @@ -1,21 +0,0 @@ -# Create Elastic IP for Bastion Host -# Resource - depends_on Meta-Argument -resource "aws_eip" "bastion_eip" { - depends_on = [ module.ec2_public, module.vpc ] - tags = local.common_tags - # COMMENTED - #instance = module.ec2_public.id[0] - #vpc = true - - # UPDATED - instance = module.ec2_public.id - domain = "vpc" - -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) - provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } -} diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c9-nullresource-provisioners.tf b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c9-nullresource-provisioners.tf deleted file mode 100644 index a4b0bcdf..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/c9-nullresource-provisioners.tf +++ /dev/null @@ -1,42 +0,0 @@ -# Create a Null Resource and Provisioners -resource "null_resource" "name" { - depends_on = [module.ec2_public] - # Connection Block for Provisioners to connect to EC2 Instance - connection { - type = "ssh" - host = aws_eip.bastion_eip.public_ip - user = "ec2-user" - password = "" - private_key = file("private-key/terraform-key.pem") - } - -## File Provisioner: Copies the terraform-key.pem file to /tmp/terraform-key.pem - provisioner "file" { - source = "private-key/terraform-key.pem" - destination = "/tmp/terraform-key.pem" - } -## Remote Exec Provisioner: Using remote-exec provisioner fix the private key permissions on Bastion Host - provisioner "remote-exec" { - inline = [ - "sudo chmod 400 /tmp/terraform-key.pem" - ] - } -## Local Exec Provisioner: local-exec provisioner (Creation-Time Provisioner - Triggered during Create Resource) - provisioner "local-exec" { - command = "echo VPC created on `date` and VPC ID: ${module.vpc.vpc_id} >> creation-time-vpc-id.txt" - working_dir = "local-exec-output-files/" - #on_failure = continue - } -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) -/* provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } - */ - -} - -# Creation Time Provisioners - By default they are created during resource creations (terraform apply) -# Destory Time Provisioners - Will be executed during "terraform destroy" command (when = destroy) \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/ec2instance.auto.tfvars b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/ec2instance.auto.tfvars deleted file mode 100644 index 2d1c0446..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/ec2instance.auto.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -# EC2 Instance Variables -instance_type = "t3.micro" -instance_keypair = "terraform-key" -private_instance_count = 2 diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt deleted file mode 100644 index 4ca00d4c..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/local-exec-output-files/creation-time-vpc-id.txt +++ /dev/null @@ -1,19 +0,0 @@ -VPC created on Tue Apr 20 13:59:45 IST 2021 and VPC ID: vpc-0325dc1acd7eec103 -VPC created on Fri Apr 23 14:38:18 IST 2021 and VPC ID: vpc-0159283c216ac75de -VPC created on Tue Apr 27 10:44:49 IST 2021 and VPC ID: vpc-0f27dbec1d02214ac -VPC created on Tue Apr 27 11:43:16 IST 2021 and VPC ID: vpc-0919ae691ce17b447 -VPC created on Tue Apr 27 15:46:33 IST 2021 and VPC ID: vpc-0c049ce82c2fef9d3 -VPC created on Wed Apr 28 07:46:02 IST 2021 and VPC ID: vpc-0d39babb1eceb9575 -VPC created on Wed Apr 28 09:38:00 IST 2021 and VPC ID: vpc-09e48c566409ec82d -VPC created on Wed Apr 28 10:24:07 IST 2021 and VPC ID: vpc-09022e15de01c4a50 -VPC created on Wed Apr 28 10:50:57 IST 2021 and VPC ID: vpc-092812c768984d8be -VPC created on Wed Apr 28 11:34:10 IST 2021 and VPC ID: vpc-01adbaf8ac37d8544 -VPC created on Thu Apr 29 07:49:39 IST 2021 and VPC ID: vpc-076756b5a8528bb7c -VPC created on Thu Apr 29 14:42:12 IST 2021 and VPC ID: vpc-0c1dc4b0f2ac20dcb -VPC created on Fri Apr 30 09:48:05 IST 2021 and VPC ID: vpc-0ae122f1a1bafd20c -VPC created on Fri Apr 30 12:02:58 IST 2021 and VPC ID: vpc-026bd083ea767032b -VPC created on Fri Apr 30 12:21:18 IST 2021 and VPC ID: vpc-017a2af115dcd92f7 -VPC created on Wed May 5 11:45:36 IST 2021 and VPC ID: vpc-0af52c0e11e9c3b7b -VPC created on Sun May 9 11:35:11 IST 2021 and VPC ID: vpc-0d426b9e05f2b859f -VPC created on Mon May 10 11:40:49 IST 2021 and VPC ID: vpc-0e55e5d8610e814af -VPC created on Thu Nov 30 10:51:47 IST 2023 and VPC ID: vpc-0e94d0c2c4d8ab3c8 diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/local-exec-output-files/destroy-time-prov.txt b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/local-exec-output-files/destroy-time-prov.txt deleted file mode 100644 index 04c9fb3b..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/local-exec-output-files/destroy-time-prov.txt +++ /dev/null @@ -1,19 +0,0 @@ -Destroy time prov Tue Apr 20 14:11:11 IST 2021 -Destroy time prov Fri Apr 23 16:06:53 IST 2021 -Destroy time prov Tue Apr 27 11:10:39 IST 2021 -Destroy time prov Tue Apr 27 13:09:09 IST 2021 -Destroy time prov Tue Apr 27 16:20:51 IST 2021 -Destroy time prov Wed Apr 28 08:12:01 IST 2021 -Destroy time prov Wed Apr 28 10:12:10 IST 2021 -Destroy time prov Wed Apr 28 10:39:23 IST 2021 -Destroy time prov Wed Apr 28 11:24:38 IST 2021 -Destroy time prov Wed Apr 28 13:05:25 IST 2021 -Destroy time prov Thu Apr 29 11:15:01 IST 2021 -Destroy time prov Thu Apr 29 16:03:46 IST 2021 -Destroy time prov Fri Apr 30 11:44:18 IST 2021 -Destroy time prov Fri Apr 30 12:13:20 IST 2021 -Destroy time prov Fri Apr 30 16:07:07 IST 2021 -Destroy time prov Wed May 5 14:07:03 IST 2021 -Destroy time prov Sun May 9 11:44:35 IST 2021 -Destroy time prov Mon May 10 11:53:15 IST 2021 -Destroy time prov Thu Nov 30 11:13:11 IST 2023 diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/private-key/terraform-key.pem b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/private-key/terraform-key.pem deleted file mode 100644 index fab1eb2a..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/private-key/terraform-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAnzQtbXStFNU4znotckbPpAbQvymSYBvIRhObDObmhZLzs/Qm -lm57HBU18NcdAeEmKjHyu/2CI4Wwor3TJ+LTKHIldHmCt+26dSN5889Km99Af674 -nuPg9fTt8IXhY83aO0AeEnFivC+lk9+6Xezv7J7Llsmyx3kvUGE4uUEPNPuNcjdU -OrSlQ/Th9FPWBsTL8wLQCfQaPIQhZT8fXnvNGViTpZ/YqcoKGmkXcMl/+Pi0Xccs -ID3Egl18sV5uWr6T1DSMqhhwWYbl+IagZYUeKQ6Lg5znAtnX2/OHhDep6pGcf+aE -jbRkhQWgfLIVYhNXkAGxdxBEA2fQO0wvnaKI6wIDAQABAoIBABmUZqApmQ253LDA -TMEJw58VQUEVyuEKVbl8uPLvvqZDoEiPuAt/oOQ4PDyAM7bzmBA7ikbOSrSubF0Z -pu3HsinTfVUjmO84kTb1Bkk4S0KUMmbRlDzjXGfofLqiqD5C+wd+G9bWxQh7l10V -G3qv8TTRpuCJc+I9BG8jz9tkKq9WYtnGKXktVIAmEXK+ein8A5yj+szV1CyP0y6Y -6D1KApk+o1hLEXCBxaK6JgD4elJWgU0jCIhRFZzae93yozNIfJc2WZfPc8Ro6GBa -8H57q3E241P7S65VewhZlln9AUcRFYc587ohcCIW8mOWQ8NA3IMP+oVxa2p334Ll -duhR2jECgYEAyf7a1/+/c82B+ENyo53Y5CK2UM28oOJjiyCaWG2Dxj6V2+ZSXPrS -YTo43L9XiqT0Ry2eHjb4pJDsEeW5FnaDFO6NVUP+vfzaqWtozQmVAl3GQybbSh6g -+KJoEQff2Obadp9ZVhLFTiBedvGqPD43hs7jtmk5RfMjpLOvidfe+/UCgYEAycSJ -etYYHMMQm2NgX1/4dcbgOiu33N+x1H7LaXuvJMaZw0wB7fUyu65CAexEanDtiKs3 -jVG4tAzdMmHg7VxKR7eiCvQaSlxdWdcWtL2eFVq2TaQeowbpJUtsR0h6W0vpaN9A -VYW/oAH4fzQskwmWSlBMxB/Ie14hBCBckTXSRV8CgYEAql6WXpCK/jVbZfYdfvrn -sKPGeijM7DWGGBaLmAHmnxKyeyKsXVgAkZj11NpeD8ZJcq97Kajb1pGVSxMjJVsX -/FOoST5sYfoew76gSi/GypQlYQYo9z8WLh9s/tBRcTRlFqAYTYzPdbG/ezshhmZD -lyRw0620bNdCPOyBJhY5MPECgYA/3tFOazuSz0UQi3LUfkLetagBghlf+AgJJmIp -8BdPYvcF1ae+tiHrO4x1o188+qaW3uxk9fusM25KJqXXPaHd9gl7wi4YYAjFCcuM -R4IlbGPNTCjOnr9rKOcL4aup/uvSYOmyqPYyJq2NRuzdVumWeLj0VMNYGkIFVmE3 -LnxzrQKBgG5loEjdSKt40YOMXtYvUYUKDGvWgoQEb0hj3OqiBXz+w4YD3/iX7dbQ -qra1gCxE42Z9beiBiti6zi6zGcoVj/pfNUoyxTLMSwaytbF+g1u6ksXcmC9PXcmk -kJDR0DJcm/rcL8tp3PKo22GDB7sobm9gk5je6y8z+dQs3SQbWzb0 ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/sswebsite2/nodejs/node_modules/sswebsite2.js b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/sswebsite2/nodejs/node_modules/sswebsite2.js deleted file mode 100644 index 625dcf57..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/sswebsite2/nodejs/node_modules/sswebsite2.js +++ /dev/null @@ -1,95 +0,0 @@ -const URL = require('url'); -const synthetics = require('Synthetics'); -const log = require('SyntheticsLogger'); -const syntheticsConfiguration = synthetics.getConfiguration(); - -const loadBlueprint = async function () { - - const urls = ['https://stacksimplify.com']; - - // Set screenshot option - const takeScreenshot = true; - - /* Disabling default step screen shots taken during Synthetics.executeStep() calls - * Step will be used to publish metrics on time taken to load dom content but - * Screenshots will be taken outside the executeStep to allow for page to completely load with domcontentloaded - * You can change it to load, networkidle0, networkidle2 depending on what works best for you. - */ - syntheticsConfiguration.disableStepScreenshots(); - syntheticsConfiguration.setConfig({ - continueOnStepFailure: true - }); - - let page = await synthetics.getPage(); - - for (const url of urls) { - await loadUrl(page, url, takeScreenshot); - } -}; - -// Reset the page in-between -const resetPage = async function(page) { - try { - await page.goto('about:blank',{waitUntil: ['load', 'networkidle0'], timeout: 30000} ); - } catch(ex) { - synthetics.addExecutionError('Unable to open a blank page ', ex); - } -} - -const loadUrl = async function (page, url, takeScreenshot) { - let stepName = null; - let domcontentloaded = false; - - try { - stepName = URL.parse(url).hostname; - } catch (error) { - const errorString = `Error parsing url: ${url}. ${error}`; - log.error(errorString); - /* If we fail to parse the URL, don't emit a metric with a stepName based on it. - It may not be a legal CloudWatch metric dimension name and we may not have an alarms - setup on the malformed URL stepName. Instead, fail this step which will - show up in the logs and will fail the overall canary and alarm on the overall canary - success rate. - */ - throw error; - } - - await synthetics.executeStep(stepName, async function () { - - /* You can customize the wait condition here. For instance, using 'networkidle2' or 'networkidle0' to load page completely. - networkidle0: Navigation is successful when the page has had no network requests for half a second. This might never happen if page is constantly loading multiple resources. - networkidle2: Navigation is successful when the page has no more then 2 network requests for half a second. - domcontentloaded: It's fired as soon as the page DOM has been loaded, without waiting for resources to finish loading. Can be used and then add explicit await page.waitFor(timeInMs) - */ - const response = await page.goto(url, { waitUntil: ['domcontentloaded'], timeout: 30000}); - if (response) { - domcontentloaded = true; - const status = response.status(); - const statusText = response.statusText(); - - const logResponseString = `Response from url: ${url} Status: ${status} Status Text: ${statusText}`; - - //If the response status code is not a 2xx success code - if (response.status() < 200 || response.status() > 299) { - throw `Failed to load url: ${url} ${response.status()} ${response.statusText()}`; - } - } else { - const logNoResponseString = `No response returned for url: ${url}`; - log.error(logNoResponseString); - throw new Error(logNoResponseString); - } - }); - - // Wait for 15 seconds to let page load fully before taking screenshot. - if (domcontentloaded && takeScreenshot) { - await page.waitFor(15000); - await synthetics.takeScreenshot(stepName, 'loaded'); - await resetPage(page); - } -}; - -const urls = []; - -exports.handler = async () => { - return await loadBlueprint(); -}; \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/sswebsite2/sswebsite2v1.zip b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/sswebsite2/sswebsite2v1.zip deleted file mode 100644 index c2d3acb3..00000000 Binary files a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/sswebsite2/sswebsite2v1.zip and /dev/null differ diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/terraform.tfvars b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/terraform.tfvars deleted file mode 100644 index 8b9f8d7c..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/terraform.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# Generic Variables -aws_region = "us-east-1" -environment = "stag" -business_divsion = "hr" - - - - - - - diff --git a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/vpc.auto.tfvars b/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/vpc.auto.tfvars deleted file mode 100644 index fc45bf29..00000000 --- a/V1-UPDATES-DEC2023/17-AWS-CloudWatch/terraform-manifests/vpc.auto.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# VPC Variables -vpc_name = "myvpc" -vpc_cidr_block = "10.0.0.0/16" -vpc_availability_zones = ["us-east-1a", "us-east-1b"] -vpc_public_subnets = ["10.0.101.0/24", "10.0.102.0/24"] -vpc_private_subnets = ["10.0.1.0/24", "10.0.2.0/24"] -vpc_database_subnets= ["10.0.151.0/24", "10.0.152.0/24"] -vpc_create_database_subnet_group = true -vpc_create_database_subnet_route_table = true -vpc_enable_nat_gateway = true -vpc_single_nat_gateway = true \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/README.md b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/README.md deleted file mode 100644 index c26991e2..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/README.md +++ /dev/null @@ -1,70 +0,0 @@ ---- -title: Develop Terraform Modules Locally -description: Create Terraform Modules locally ---- -# Develop Terraform Modules Locally - -## Step-01: Introduction -- How to develop Terraform modules locally ? -- How to leverage and use open source Terraform Modules locally if we don't have access from our organization private networks to Terraform Public Registry ? - -[](https://stacksimplify.com/course-images/terraform-modules-build-locally-1.png) - -[](https://stacksimplify.com/course-images/terraform-modules-build-locally-2.png) - - -## Step-02: Copy templates from 06-AWS-VPC -- Copy `terraform-manifests` from `06-AWS-VPC\06-02-AWS-VPC-using-Terraform\terraform-manifests\v2-vpc-module-standardized` - -## Step-03: Download Public Registry Terraform Module -- Download the VPC module from Terraform Public Registry - -## Step-04: Create VPC Local Module -- Create `modules` folder in Terraform Working Directory `terraform-manifests` -- Copy the downloaded VPC module to `modules` folder with module folder name `aws-vpc` -- Remove all other unused or un-required files from this downloaded module. -- Update the `source` argument in `c4-02-vpc-module.tf` -- Also comment `version` argument -```t -# Create VPC Terraform Module -module "vpc" { - source = "./modules/aws-vpc" - #version = "2.78.0" - -### BELOW Terraform code is truncated and will be available in c4-02-vpc-module.tf -``` - -## Step-05: Execute Terraform Commands -```t -# Terraform Initialize -terraform init -Observation: -1. Verify the cli output -2. Verify the .terraform\modules folder -3. It will just have the module.json file referencing to local modules folder where aws-vpc module is present - -# Terraform Validate -terraform validate - -# Terraform Plan -terraform plan - -# Terraform Apply -terraform apply -auto-approve -``` - -## Step-06: Additional Understanding -1. If we want to develop local modules in our organization, don't need to build everything from scratch -2. Analyze what all open source modules available for us and use them and change those as per our requirement. -3. If we don't relevant module, atleast refer these module related code `main.tf` to get how the advanced level code they write to build such type of re-usable modules - - -## Step-07: Clean-Up -```t -# Terraform Destroy -terraform destroy -auto-approve - -# Delete Files -rm -rf .terraform* -rm -rf terraform.tfstate* -``` \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/c1-versions.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/c1-versions.tf deleted file mode 100644 index e39ad585..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/c1-versions.tf +++ /dev/null @@ -1,20 +0,0 @@ -# Terraform Block -terraform { - required_version = ">= 1.6" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 5.0" - } - } -} - -# Provider Block -provider "aws" { - region = var.aws_region - profile = "default" -} -/* -Note-1: AWS Credentials Profile (profile = "default") configured on your local desktop terminal -$HOME/.aws/credentials -*/ diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/c2-generic-variables.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/c2-generic-variables.tf deleted file mode 100644 index 4f6d813e..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/c2-generic-variables.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Input Variables -# AWS Region -variable "aws_region" { - description = "Region in which AWS Resources to be created" - type = string - default = "us-east-1" -} -# Environment Variable -variable "environment" { - description = "Environment Variable used as a prefix" - type = string - default = "dev" -} -# Business Division -variable "business_divsion" { - description = "Business Division in the large organization this Infrastructure belongs" - type = string - default = "SAP" -} diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/c3-local-values.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/c3-local-values.tf deleted file mode 100644 index 9465b846..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/c3-local-values.tf +++ /dev/null @@ -1,11 +0,0 @@ -# Define Local Values in Terraform -locals { - owners = var.business_divsion - environment = var.environment - name = "${var.business_divsion}-${var.environment}" - #name = "${local.owners}-${local.environment}" - common_tags = { - owners = local.owners - environment = local.environment - } -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/c4-01-vpc-variables.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/c4-01-vpc-variables.tf deleted file mode 100644 index b68d0a48..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/c4-01-vpc-variables.tf +++ /dev/null @@ -1,77 +0,0 @@ -# VPC Input Variables - -# VPC Name -variable "vpc_name" { - description = "VPC Name" - type = string - default = "myvpc" -} - -# VPC CIDR Block -variable "vpc_cidr_block" { - description = "VPC CIDR Block" - type = string - default = "10.0.0.0/16" -} - -# VPC Availability Zones -variable "vpc_availability_zones" { - description = "VPC Availability Zones" - type = list(string) - default = ["us-east-1a", "us-east-1b"] -} - -# VPC Public Subnets -variable "vpc_public_subnets" { - description = "VPC Public Subnets" - type = list(string) - default = ["10.0.101.0/24", "10.0.102.0/24"] -} - -# VPC Private Subnets -variable "vpc_private_subnets" { - description = "VPC Private Subnets" - type = list(string) - default = ["10.0.1.0/24", "10.0.2.0/24"] -} - -# VPC Database Subnets -variable "vpc_database_subnets" { - description = "VPC Database Subnets" - type = list(string) - default = ["10.0.151.0/24", "10.0.152.0/24"] -} - -# VPC Create Database Subnet Group (True / False) -variable "vpc_create_database_subnet_group" { - description = "VPC Create Database Subnet Group" - type = bool - default = true -} - -# VPC Create Database Subnet Route Table (True or False) -variable "vpc_create_database_subnet_route_table" { - description = "VPC Create Database Subnet Route Table" - type = bool - default = true -} - - -# VPC Enable NAT Gateway (True or False) -variable "vpc_enable_nat_gateway" { - description = "Enable NAT Gateways for Private Subnets Outbound Communication" - type = bool - default = true -} - -# VPC Single NAT Gateway (True or False) -variable "vpc_single_nat_gateway" { - description = "Enable only single NAT Gateway in one Availability Zone to save costs during our demos" - type = bool - default = true -} - - - - - diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/c4-02-vpc-module.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/c4-02-vpc-module.tf deleted file mode 100644 index 080b1e06..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/c4-02-vpc-module.tf +++ /dev/null @@ -1,41 +0,0 @@ -# Create VPC Terraform Module -module "vpc" { - source = "./modules/aws-vpc" - - # VPC Basic Details - name = "${local.name}-${var.vpc_name}" - cidr = var.vpc_cidr_block - azs = var.vpc_availability_zones - public_subnets = var.vpc_public_subnets - private_subnets = var.vpc_private_subnets - - # Database Subnets - database_subnets = var.vpc_database_subnets - create_database_subnet_group = var.vpc_create_database_subnet_group - create_database_subnet_route_table = var.vpc_create_database_subnet_route_table - # create_database_internet_gateway_route = true - # create_database_nat_gateway_route = true - - # NAT Gateways - Outbound Communication - enable_nat_gateway = var.vpc_enable_nat_gateway - single_nat_gateway = var.vpc_single_nat_gateway - - # VPC DNS Parameters - enable_dns_hostnames = true - enable_dns_support = true - - - tags = local.common_tags - vpc_tags = local.common_tags - - # Additional Tags to Subnets - public_subnet_tags = { - Type = "Public Subnets" - } - private_subnet_tags = { - Type = "Private Subnets" - } - database_subnet_tags = { - Type = "Private Database Subnets" - } -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/c4-03-vpc-outputs.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/c4-03-vpc-outputs.tf deleted file mode 100644 index c144e991..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/c4-03-vpc-outputs.tf +++ /dev/null @@ -1,37 +0,0 @@ -# VPC Output Values - -# VPC ID -output "vpc_id" { - description = "The ID of the VPC" - value = module.vpc.vpc_id -} - -# VPC CIDR blocks -output "vpc_cidr_block" { - description = "The CIDR block of the VPC" - value = module.vpc.vpc_cidr_block -} - -# VPC Private Subnets -output "private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc.private_subnets -} - -# VPC Public Subnets -output "public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc.public_subnets -} - -# VPC NAT gateway Public IP -output "nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_public_ips -} - -# VPC AZs -output "azs" { - description = "A list of availability zones spefified as argument to this module" - value = module.vpc.azs -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/.editorconfig b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/.editorconfig deleted file mode 100644 index 88cb2519..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/.editorconfig +++ /dev/null @@ -1,30 +0,0 @@ -# EditorConfig is awesome: http://EditorConfig.org -# Uses editorconfig to maintain consistent coding styles - -# top-most EditorConfig file -root = true - -# Unix-style newlines with a newline ending every file -[*] -charset = utf-8 -end_of_line = lf -indent_size = 2 -indent_style = space -insert_final_newline = true -max_line_length = 80 -trim_trailing_whitespace = true - -[*.{tf,tfvars}] -indent_size = 2 -indent_style = space - -[*.md] -max_line_length = 0 -trim_trailing_whitespace = false - -[Makefile] -tab_width = 2 -indent_style = tab - -[COMMIT_EDITMSG] -max_line_length = 0 diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/.github/contributing.md b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/.github/contributing.md deleted file mode 100644 index b7c27a5c..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/.github/contributing.md +++ /dev/null @@ -1,34 +0,0 @@ -# Contributing - -When contributing to this repository, please first discuss the change you wish to make via issue, -email, or any other method with the owners of this repository before making a change. - -Please note we have a code of conduct, please follow it in all your interactions with the project. - -## Pull Request Process - -1. Update the README.md with details of changes including example hcl blocks and [example files](./examples) if appropriate. -2. Run pre-commit hooks `pre-commit run -a`. -3. Once all outstanding comments and checklist items have been addressed, your contribution will be merged! Merged PRs will be included in the next release. The terraform-aws-vpc maintainers take care of updating the CHANGELOG as they merge. - -## Checklists for contributions - -- [ ] Add [semantics prefix](#semantic-pull-requests) to your PR or Commits (at least one of your commit groups) -- [ ] CI tests are passing -- [ ] README.md has been updated after any changes to variables and outputs. See https://github.com/terraform-aws-modules/terraform-aws-vpc/#doc-generation -- [ ] Run pre-commit hooks `pre-commit run -a` - -## Semantic Pull Requests - -To generate changelog, Pull Requests or Commits must have semantic and must follow conventional specs below: - -- `feat:` for new features -- `fix:` for bug fixes -- `improvement:` for enhancements -- `docs:` for documentation and examples -- `refactor:` for code refactoring -- `test:` for tests -- `ci:` for CI purpose -- `chore:` for chores stuff - -The `chore` prefix skipped during changelog generation. It can be used for `chore: update changelog` commit message by example. diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/.github/workflows/lock.yml b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/.github/workflows/lock.yml deleted file mode 100644 index 6b6c9cec..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/.github/workflows/lock.yml +++ /dev/null @@ -1,21 +0,0 @@ -name: 'Lock Threads' - -on: - schedule: - - cron: '50 1 * * *' - -jobs: - lock: - runs-on: ubuntu-latest - steps: - - uses: dessant/lock-threads@v4 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - issue-comment: > - I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues. - If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. - issue-inactive-days: '30' - pr-comment: > - I'm going to lock this pull request because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues. - If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. - pr-inactive-days: '30' diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/.github/workflows/pr-title.yml b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/.github/workflows/pr-title.yml deleted file mode 100644 index cb32a0f8..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/.github/workflows/pr-title.yml +++ /dev/null @@ -1,52 +0,0 @@ -name: 'Validate PR title' - -on: - pull_request_target: - types: - - opened - - edited - - synchronize - -jobs: - main: - name: Validate PR title - runs-on: ubuntu-latest - steps: - # Please look up the latest version from - # https://github.com/amannn/action-semantic-pull-request/releases - - uses: amannn/action-semantic-pull-request@v5.0.2 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - # Configure which types are allowed. - # Default: https://github.com/commitizen/conventional-commit-types - types: | - fix - feat - docs - ci - chore - # Configure that a scope must always be provided. - requireScope: false - # Configure additional validation for the subject based on a regex. - # This example ensures the subject starts with an uppercase character. - subjectPattern: ^[A-Z].+$ - # If `subjectPattern` is configured, you can use this property to override - # the default error message that is shown when the pattern doesn't match. - # The variables `subject` and `title` can be used within the message. - subjectPatternError: | - The subject "{subject}" found in the pull request title "{title}" - didn't match the configured pattern. Please ensure that the subject - starts with an uppercase character. - # For work-in-progress PRs you can typically use draft pull requests - # from Github. However, private repositories on the free plan don't have - # this option and therefore this action allows you to opt-in to using the - # special "[WIP]" prefix to indicate this state. This will avoid the - # validation of the PR title and the pull request checks remain pending. - # Note that a second check will be reported if this is enabled. - wip: true - # When using "Squash and merge" on a PR with only one commit, GitHub - # will suggest using that commit message instead of the PR title for the - # merge commit, and it's easy to commit this by mistake. Enable this option - # to also validate the commit message for one commit PRs. - validateSingleCommit: false diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/.github/workflows/pre-commit.yml b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/.github/workflows/pre-commit.yml deleted file mode 100644 index cb826713..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/.github/workflows/pre-commit.yml +++ /dev/null @@ -1,83 +0,0 @@ -name: Pre-Commit - -on: - pull_request: - branches: - - main - - master - -env: - TERRAFORM_DOCS_VERSION: v0.16.0 - TFLINT_VERSION: v0.44.1 - -jobs: - collectInputs: - name: Collect workflow inputs - runs-on: ubuntu-latest - outputs: - directories: ${{ steps.dirs.outputs.directories }} - steps: - - name: Checkout - uses: actions/checkout@v3 - - - name: Get root directories - id: dirs - uses: clowdhaus/terraform-composite-actions/directories@v1.8.3 - - preCommitMinVersions: - name: Min TF pre-commit - needs: collectInputs - runs-on: ubuntu-latest - strategy: - matrix: - directory: ${{ fromJson(needs.collectInputs.outputs.directories) }} - steps: - - name: Checkout - uses: actions/checkout@v3 - - - name: Terraform min/max versions - id: minMax - uses: clowdhaus/terraform-min-max@v1.2.4 - with: - directory: ${{ matrix.directory }} - - - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} - # Run only validate pre-commit check on min version supported - if: ${{ matrix.directory != '.' }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.3 - with: - terraform-version: ${{ steps.minMax.outputs.minVersion }} - tflint-version: ${{ env.TFLINT_VERSION }} - args: 'terraform_validate --color=always --show-diff-on-failure --files ${{ matrix.directory }}/*' - - - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} - # Run only validate pre-commit check on min version supported - if: ${{ matrix.directory == '.' }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.3 - with: - terraform-version: ${{ steps.minMax.outputs.minVersion }} - tflint-version: ${{ env.TFLINT_VERSION }} - args: 'terraform_validate --color=always --show-diff-on-failure --files $(ls *.tf)' - - preCommitMaxVersion: - name: Max TF pre-commit - runs-on: ubuntu-latest - needs: collectInputs - steps: - - name: Checkout - uses: actions/checkout@v3 - with: - ref: ${{ github.event.pull_request.head.ref }} - repository: ${{github.event.pull_request.head.repo.full_name}} - - - name: Terraform min/max versions - id: minMax - uses: clowdhaus/terraform-min-max@v1.2.4 - - - name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.3 - with: - terraform-version: ${{ steps.minMax.outputs.maxVersion }} - tflint-version: ${{ env.TFLINT_VERSION }} - terraform-docs-version: ${{ env.TERRAFORM_DOCS_VERSION }} - install-hcledit: true diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/.github/workflows/release.yml b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/.github/workflows/release.yml deleted file mode 100644 index 81f67474..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/.github/workflows/release.yml +++ /dev/null @@ -1,37 +0,0 @@ -name: Release - -on: - workflow_dispatch: - push: - branches: - - main - - master - paths: - - '**/*.tpl' - - '**/*.py' - - '**/*.tf' - - '.github/workflows/release.yml' - -jobs: - release: - name: Release - runs-on: ubuntu-latest - # Skip running release workflow on forks - if: github.repository_owner == 'terraform-aws-modules' - steps: - - name: Checkout - uses: actions/checkout@v3 - with: - persist-credentials: false - fetch-depth: 0 - - - name: Release - uses: cycjimmy/semantic-release-action@v3 - with: - semantic_version: 18.0.0 - extra_plugins: | - @semantic-release/changelog@6.0.0 - @semantic-release/git@10.0.0 - conventional-changelog-conventionalcommits@4.6.3 - env: - GITHUB_TOKEN: ${{ secrets.SEMANTIC_RELEASE_TOKEN }} diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/.github/workflows/stale-actions.yaml b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/.github/workflows/stale-actions.yaml deleted file mode 100644 index 50379957..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/.github/workflows/stale-actions.yaml +++ /dev/null @@ -1,32 +0,0 @@ -name: 'Mark or close stale issues and PRs' -on: - schedule: - - cron: '0 0 * * *' - -jobs: - stale: - runs-on: ubuntu-latest - steps: - - uses: actions/stale@v6 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - # Staling issues and PR's - days-before-stale: 30 - stale-issue-label: stale - stale-pr-label: stale - stale-issue-message: | - This issue has been automatically marked as stale because it has been open 30 days - with no activity. Remove stale label or comment or this issue will be closed in 10 days - stale-pr-message: | - This PR has been automatically marked as stale because it has been open 30 days - with no activity. Remove stale label or comment or this PR will be closed in 10 days - # Not stale if have this labels or part of milestone - exempt-issue-labels: bug,wip,on-hold - exempt-pr-labels: bug,wip,on-hold - exempt-all-milestones: true - # Close issue operations - # Label will be automatically removed if the issues are no longer closed nor locked. - days-before-close: 10 - delete-branch: true - close-issue-message: This issue was automatically closed because of stale in 10 days - close-pr-message: This PR was automatically closed because of stale in 10 days diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/.gitignore b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/.gitignore deleted file mode 100644 index 397af322..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/.gitignore +++ /dev/null @@ -1,29 +0,0 @@ -# Local .terraform directories -**/.terraform/* - -# Terraform lockfile -.terraform.lock.hcl - -# .tfstate files -*.tfstate -*.tfstate.* - -# Crash log files -crash.log - -# Exclude all .tfvars files, which are likely to contain sentitive data, such as -# password, private keys, and other secrets. These should not be part of version -# control as they are data points which are potentially sensitive and subject -# to change depending on the environment. -*.tfvars - -# Ignore override files as they are usually used to override resources locally and so -# are not checked in -override.tf -override.tf.json -*_override.tf -*_override.tf.json - -# Ignore CLI configuration files -.terraformrc -terraform.rc diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/.pre-commit-config.yaml b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/.pre-commit-config.yaml deleted file mode 100644 index 0f342838..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/.pre-commit-config.yaml +++ /dev/null @@ -1,29 +0,0 @@ -repos: - - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.81.0 - hooks: - - id: terraform_fmt - - id: terraform_validate - - id: terraform_docs - args: - - '--args=--lockfile=false' - - id: terraform_tflint - args: - - '--args=--only=terraform_deprecated_interpolation' - - '--args=--only=terraform_deprecated_index' - - '--args=--only=terraform_unused_declarations' - - '--args=--only=terraform_comment_syntax' - - '--args=--only=terraform_documented_outputs' - - '--args=--only=terraform_documented_variables' - - '--args=--only=terraform_typed_variables' - - '--args=--only=terraform_module_pinned_source' - - '--args=--only=terraform_naming_convention' - - '--args=--only=terraform_required_version' - - '--args=--only=terraform_required_providers' - - '--args=--only=terraform_standard_module_structure' - - '--args=--only=terraform_workspace_remote' - - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.4.0 - hooks: - - id: check-merge-conflict - - id: end-of-file-fixer diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/.releaserc.json b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/.releaserc.json deleted file mode 100644 index 66b3eefd..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/.releaserc.json +++ /dev/null @@ -1,45 +0,0 @@ -{ - "branches": [ - "main", - "master" - ], - "ci": false, - "plugins": [ - [ - "@semantic-release/commit-analyzer", - { - "preset": "conventionalcommits" - } - ], - [ - "@semantic-release/release-notes-generator", - { - "preset": "conventionalcommits" - } - ], - [ - "@semantic-release/github", - { - "successComment": "This ${issue.pull_request ? 'PR is included' : 'issue has been resolved'} in version ${nextRelease.version} :tada:", - "labels": false, - "releasedLabels": false - } - ], - [ - "@semantic-release/changelog", - { - "changelogFile": "CHANGELOG.md", - "changelogTitle": "# Changelog\n\nAll notable changes to this project will be documented in this file." - } - ], - [ - "@semantic-release/git", - { - "assets": [ - "CHANGELOG.md" - ], - "message": "chore(release): version ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}" - } - ] - ] -} diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/CHANGELOG.md b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/CHANGELOG.md deleted file mode 100644 index 40ef2b9f..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/CHANGELOG.md +++ /dev/null @@ -1,1714 +0,0 @@ -# Changelog - -All notable changes to this project will be documented in this file. - -## [5.2.0](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v5.1.2...v5.2.0) (2023-11-18) - - -### Features - -* Add `skip_destroy` to vpc flow log cloudwatch log group ([#1009](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/1009)) ([abe2c0f](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/abe2c0fcd23f1adfcb6e3a7739811e2482e2d197)) - -### [5.1.2](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v5.1.1...v5.1.2) (2023-09-07) - - -### Bug Fixes - -* The number of intra subnets should not influence the number of NAT gateways provisioned ([#968](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/968)) ([1e36f9f](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/1e36f9f8a01eb26be83d8e1ce2227a6890390b0e)) - -### [5.1.1](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v5.1.0...v5.1.1) (2023-07-25) - - -### Bug Fixes - -* Ensure database route table output works ([#926](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/926)) ([e4c48d4](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/e4c48d4675718d5bd8c72c6b934c70c0f4bf1670)), closes [#857](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/857) - -## [5.1.0](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v5.0.0...v5.1.0) (2023-07-15) - - -### Features - -* Add support for creating a security group for VPC endpoint(s) ([#962](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/962)) ([802d5f1](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/802d5f14c29db4e50b3f2aaf87950845594a31bd)) - -## [5.0.0](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v4.0.2...v5.0.0) (2023-05-30) - - -### ⚠ BREAKING CHANGES - -* Bump Terraform AWS Provider version to 5.0 (#941) - -### Features - -* Bump Terraform AWS Provider version to 5.0 ([#941](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/941)) ([2517eb9](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/2517eb98a39500897feecd27178994055ee2eb5e)) - -### [4.0.2](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v4.0.1...v4.0.2) (2023-05-15) - - -### Bug Fixes - -* Add dns64 routes ([#924](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/924)) ([743798d](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/743798daa14b8a5b827b37053ca7e3c5b8865c06)) - -### [4.0.1](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v4.0.0...v4.0.1) (2023-04-07) - - -### Bug Fixes - -* Add missing private subnets to max subnet length local ([#920](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/920)) ([6f51f34](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/6f51f34d9c91d62984ff985aad6b5ef03eb2a75a)) - -## [4.0.0](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.19.0...v4.0.0) (2023-04-07) - - -### ⚠ BREAKING CHANGES - -* Support enabling NAU metrics in "aws_vpc" resource (#838) - -### Features - -* Support enabling NAU metrics in "aws_vpc" resource ([#838](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/838)) ([44e6eaa](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/44e6eaa154a9e78c8d6e86d1c735f95825b270db)) - -## [3.19.0](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.18.1...v3.19.0) (2023-01-13) - - -### Features - -* Add public and private tags per az ([#860](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/860)) ([a82c9d3](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/a82c9d3272e3a83d22f70f174133dd26c24eee21)) - - -### Bug Fixes - -* Use a version for to avoid GitHub API rate limiting on CI workflows ([#876](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/876)) ([2a0319e](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/2a0319ec3244169997c6dac0d7850897ba9b9162)) - -### [3.18.1](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.18.0...v3.18.1) (2022-10-27) - - -### Bug Fixes - -* Update CI configuration files to use latest version ([#850](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/850)) ([b94561d](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/b94561dc61b8bbedb5e36e0334e030edf03a1c7b)) - -## [3.18.0](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.17.0...v3.18.0) (2022-10-21) - - -### Features - -* Added ability to specify CloudWatch Log group name for VPC Flow logs ([#847](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/847)) ([80d6318](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/80d631884126075e1adbe2d410f46ef6b9ea8a19)) - -## [3.17.0](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.16.1...v3.17.0) (2022-10-21) - - -### Features - -* Add custom subnet names ([#816](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/816)) ([4416e37](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/4416e379ed9a9b650a12a629441410f326b44c0c)) - -### [3.16.1](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.16.0...v3.16.1) (2022-10-14) - - -### Bug Fixes - -* Prevent an error when VPC Flow log log_group and role is not created ([#844](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/844)) ([b0c81ad](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/b0c81ad61214069f8fa6d35492716c9d4cac9096)) - -## [3.16.0](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.15.0...v3.16.0) (2022-09-26) - - -### Features - -* Add IPAM IPv6 support ([#718](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/718)) ([4fe7745](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/4fe7745ddb675af3bd50daf335ad3ffa16d08a98)) - -## [3.15.0](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.14.4...v3.15.0) (2022-09-25) - - -### Features - -* Add IPAM IPv4 support ([#716](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/716)) ([6eddcad](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/6eddcad72867cd9df536d13ea8fdac15e0eebbd4)) - -### [3.14.4](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.14.3...v3.14.4) (2022-09-05) - - -### Bug Fixes - -* Remove EC2-classic deprecation warnings by hardcoding classiclink values to `null` ([#826](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/826)) ([736931b](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/736931b0a707115a1fbeb45e0d6f784199cba95e)) - -### [3.14.3](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.14.2...v3.14.3) (2022-09-02) - - -### Bug Fixes - -* Allow `security_group_ids` to take `null` values ([#825](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/825)) ([67ef09a](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/67ef09a1717f155d9a2f22a867230bf872af4cef)) - -### [3.14.2](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.14.1...v3.14.2) (2022-06-20) - - -### Bug Fixes - -* Compact CIDR block outputs to avoid empty diffs ([#802](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/802)) ([c3fd156](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/c3fd1566df23cc4a2d3447b1964956964b9830a3)) - -### [3.14.1](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.14.0...v3.14.1) (2022-06-16) - - -### Bug Fixes - -* Declare data resource only for requested VPC endpoints ([#800](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/800)) ([024fbc0](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/024fbc01bf468240213666dfd4428f5b425794d1)) - -## [3.14.0](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.13.0...v3.14.0) (2022-03-31) - - -### Features - -* Change to allow create variable within specific vpc objects ([#773](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/773)) ([5913d7e](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/5913d7ebe9805c8c5f39a7afb6b28bf1c4e9505e)) - -## [3.13.0](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.12.0...v3.13.0) (2022-03-11) - - -### Features - -* Made it clear that we stand with Ukraine ([acb0ae5](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/acb0ae548d7c6dd0594565c7a6087f65b4c45f93)) - -## [3.12.0](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.11.5...v3.12.0) (2022-02-07) - - -### Features - -* Added custom route for NAT gateway ([#748](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/748)) ([728a4d1](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/728a4d114000f256a24d8d4bc9895184df533d0c)) - -### [3.11.5](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.11.4...v3.11.5) (2022-01-28) - - -### Bug Fixes - -* Addresses persistent diff with manage_default_network_acl ([#737](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/737)) ([d247d8e](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/d247d8e44728a86d0024a2da9b0cd34ad218c33a)) - -### [3.11.4](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.11.3...v3.11.4) (2022-01-26) - - -### Bug Fixes - -* Fixed redshift_route_table_ids outputs ([#739](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/739)) ([7c8df92](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/7c8df92f471af5f40ac126f2bb194722d92228f3)) - -### [3.11.3](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.11.2...v3.11.3) (2022-01-13) - - -### Bug Fixes - -* Update tags for default resources to correct spurious plan diffs ([#730](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/730)) ([d1adf74](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/d1adf743b27ef131b559ec15c7aadc37466a74b9)) - -### [3.11.2](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.11.1...v3.11.2) (2022-01-11) - - -### Bug Fixes - -* Correct `for_each` map on VPC endpoints to propagate endpoint maps correctly ([#729](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/729)) ([19fcf0d](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/19fcf0d68027dea10ecaa456ccea1cb50567e388)) - -### [3.11.1](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.11.0...v3.11.1) (2022-01-10) - - -### Bug Fixes - -* update CI/CD process to enable auto-release workflow ([#711](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/711)) ([57ba0ef](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/57ba0ef08063390636daedcf88f71443281c2b84)) - - -## [v3.11.0] - 2021-11-04 - -- feat: Add tags to VPC flow logs IAM policy ([#706](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/706)) - - - -## [v3.10.0] - 2021-10-15 - -- fix: Enabled destination_options only for VPC Flow Logs on S3 ([#703](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/703)) - - - -## [v3.9.0] - 2021-10-15 - -- feat: Added timeout block to aws_default_route_table resource ([#701](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/701)) - - - -## [v3.8.0] - 2021-10-14 - -- feat: Added support for VPC Flow Logs in Parquet format ([#700](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/700)) -- docs: Fixed docs in simple-vpc -- chore: Updated outputs in example ([#690](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/690)) -- Updated pre-commit - - - -## [v3.7.0] - 2021-08-31 - -- feat: Add support for naming and tagging subnet groups ([#688](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/688)) - - - -## [v3.6.0] - 2021-08-18 - -- feat: Added device_name to customer gateway object. ([#681](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/681)) - - - -## [v3.5.0] - 2021-08-15 - -- fix: Return correct route table when enable_public_redshift is set ([#337](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/337)) - - - -## [v3.4.0] - 2021-08-13 - -- fix: Update the terraform to support new provider signatures ([#678](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/678)) - - - -## [v3.3.0] - 2021-08-10 - -- docs: Added ID of aws_vpc_dhcp_options to outputs ([#669](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/669)) -- fix: Fixed mistake in separate private route tables example ([#664](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/664)) -- fix: Fixed SID for assume role policy for flow logs ([#670](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/670)) - - - -## [v3.2.0] - 2021-06-28 - -- feat: Added database_subnet_group_name variable ([#656](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/656)) - - - -## [v3.1.0] - 2021-06-07 - -- chore: Removed link to cloudcraft -- chore: Private DNS cannot be used with S3 endpoint ([#651](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/651)) -- chore: update CI/CD to use stable `terraform-docs` release artifact and discoverable Apache2.0 license ([#643](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/643)) - - - -## [v3.0.0] - 2021-04-26 - -- refactor: remove existing vpc endpoint configurations from base module and move into sub-module ([#635](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/635)) - - - -## [v2.78.0] - 2021-04-06 - -- feat: Add outpost support (subnet, NACL, IPv6) ([#542](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/542)) -- chore: update documentation and pin `terraform_docs` version to avoid future changes ([#619](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/619)) -- chore: align ci-cd static checks to use individual minimum Terraform versions ([#606](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/606)) - - - -## [v2.77.0] - 2021-02-23 - -- feat: add default route table resource to manage default route table, its tags, routes, etc. ([#599](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/599)) - - - -## [v2.76.0] - 2021-02-23 - -- fix: Remove CreateLogGroup permission from service role ([#550](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/550)) - - - -## [v2.75.0] - 2021-02-23 - -- feat: add vpc endpoint policies to supported services ([#601](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/601)) - - - -## [v2.74.0] - 2021-02-22 - -- fix: use filter for getting service type for S3 endpoint and update to allow s3 to use interface endpoint types ([#597](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/597)) -- chore: Updated the conditional creation section of the README ([#584](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/584)) - - - -## [v2.73.0] - 2021-02-22 - -- chore: Adds database_subnet_group_name as an output variable ([#592](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/592)) -- fix: aws_default_security_group was always dirty when manage_default_security_group was set ([#591](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/591)) - - - -## [v2.72.0] - 2021-02-22 - -- fix: Correctly manage route tables for database subnets when multiple NAT gateways present ([#518](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/518)) -- chore: add ci-cd workflow for pre-commit checks ([#598](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/598)) - - - -## [v2.71.0] - 2021-02-20 - -- chore: update documentation based on latest `terraform-docs` which includes module and resource sections ([#594](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/594)) -- feat: Upgraded minimum required versions of AWS provider to 3.10 ([#574](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/574)) -- fix: Specify an endpoint type for S3 VPC endpoint ([#573](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/573)) -- fix: Fixed wrong count in DMS endpoint ([#566](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/566)) -- feat: Adding VPC endpoint for DMS ([#564](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/564)) -- fix: Adding missing RDS endpoint to output.tf ([#563](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/563)) -- docs: Clarifies default_vpc attributes ([#552](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/552)) -- feat: Adding vpc_flow_log_permissions_boundary ([#536](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/536)) -- docs: Updated README and pre-commit ([#537](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/537)) -- feat: Lambda VPC Endpoint ([#534](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/534)) -- Updated README -- feat: Added Codeartifact API/Repo vpc endpoints ([#515](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/515)) -- fix: Updated min required version of Terraform to 0.12.21 ([#532](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/532)) -- Fixed circleci configs -- fix: Resource aws_default_network_acl orphaned subnet_ids ([#530](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/530)) -- fix: Removed ignore_changes to work with Terraform 0.14 ([#526](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/526)) -- feat: Added support for Terraform 0.14 ([#525](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/525)) -- revert: Create only required number of NAT gateways ([#492](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/492)) ([#517](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/517)) -- fix: Create only required number of NAT gateways ([#492](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/492)) -- docs: Updated docs with pre-commit -- feat: Added Textract vpc endpoint ([#509](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/509)) -- fix: Split appstream to appstream_api and appstream_streaming ([#508](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/508)) -- feat: Add support for security groups ids in default sg's rules ([#491](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/491)) -- feat: Added tflint as pre-commit hook ([#507](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/507)) -- feat: add enable_public_s3_endpoint variable for S3 VPC Endpoint for public subnets ([#502](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/502)) -- feat: Add ability to create CodeDeploy endpoint to VPC ([#501](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/501)) -- feat: Add ability to create RDS endpoint to VPC ([#499](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/499)) -- fix: Use database route table instead of private route table for NAT gateway route ([#476](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/476)) -- feat: add arn outputs for: igw, cgw, vgw, default vpc, acls ([#471](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/471)) -- fix: InvalidServiceName for elasticbeanstalk_health ([#484](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/484)) -- feat: bump version of aws provider version to support 3.* ([#479](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/479)) -- fix: bumping terraform version from 0.12.6 to 0.12.7 in circleci to include regexall function ([#474](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/474)) -- docs: Fix typo in nat_public_ips ([#460](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/460)) -- feat: manage default security group ([#382](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/382)) -- feat: add support for disabling IGW for public subnets ([#457](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/457)) -- fix: Reorder tags to allow overriding Name tag in route tables ([#458](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/458)) -- fix: Output list of external_nat_ips when using external eips ([#432](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/432)) -- Updated pre-commit hooks -- feat: Add support for VPC flow log max_aggregation_interval ([#431](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/431)) -- feat: Add support for tagging egress only internet gateway ([#430](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/430)) -- feat: Enable support for Terraform 0.13 as a valid version by setting minimum version required ([#455](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/455)) -- feat: add vpc_owner_id to outputs ([#428](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/428)) -- docs: Fixed README -- Merge branch 'master' into master -- Updated description of vpc_owner_id -- fix: Fix wrong ACM PCA output ([#450](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/450)) -- feat: Added support for more VPC endpoints ([#369](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/369)) -- feat: Add VPC Endpoint for SES ([#449](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/449)) -- feat: Add routes table association and route attachment outputs ([#398](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/398)) -- fix: Updated outputs in ipv6 example ([#375](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/375)) -- added owner_id output ([#1](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/1)) -- docs: Updated required versions of Terraform -- feat: Add EC2 Auto Scaling VPC endpoint ([#374](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/374)) -- docs: Document create_database_subnet_group requiring database_subnets ([#424](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/424)) -- feat: Add intra subnet VPN route propagation ([#421](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/421)) -- chore: Add badge for latest version number ([#384](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/384)) -- Added tagging for VPC Flow Logs ([#407](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/407)) -- Add support for specifying AZ in VPN Gateway ([#401](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/401)) -- Fixed output of aws_flow_log -- Add VPC Flow Logs capabilities ([#316](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/316)) -- Added support for both types of values in azs (names and ids) ([#370](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/370)) -- Set minimum terraform version to 0.12.6 (fixes circleci) ([#390](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/390)) -- Updated pre-commit-terraform with terraform-docs 0.8.0 support ([#388](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/388)) -- Added note about Transit Gateway integration ([#386](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/386)) -- fix ipv6 enable ([#340](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/340)) -- Added Customer Gateway resource ([#360](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/360)) -- Update TFLint to v0.12.1 for circleci ([#351](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/351)) -- Add Elastic File System & Cloud Directory VPC Endpoints ([#355](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/355)) -- Fixed spelling mistakes -- Updated network-acls example with IPv6 rules -- Added support for `ipv6_cidr_block` in network acls ([#329](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/329)) -- Added VPC Endpoints for AppStream, Athena & Rekognition ([#335](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/335)) -- Add VPC endpoints for CloudFormation, CodePipeline, Storage Gateway, AppMesh, Transfer, Service Catalog & SageMaker(Runtime & API) ([#324](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/324)) -- Added support for EC2 ClassicLink ([#322](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/322)) -- Added support for ICMP rules in Network ACL ([#286](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/286)) -- Added tags to VPC Endpoints ([#292](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/292)) -- Added more VPC endpoints (Glue, STS, Sagemaker Notebook), and all missing outputs ([#311](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/311)) -- Add IPv6 support ([#317](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/317)) -- Fixed README after merge -- Output var.name ([#303](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/303)) -- Fixed README after merge -- Additional VPC Endpoints ([#302](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/302)) -- Added Kinesis streams and firehose VPC endpoints ([#301](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/301)) -- adding transfer server vpc end point support -- adding codebuild, codecommit and git-codecommit vpc end point support -- adding config vpc end point support -- adding secrets manager vpc end point support -- Updated version of pre-commit-terraform -- Updated pre-commit-terraform to support terraform-docs and Terraform 0.12 ([#288](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/288)) -- Updated VPC endpoint example (fixed [#249](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/249)) -- Update tflint to 0.8.2 for circleci task ([#280](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/280)) -- Fixed broken 2.3.0 -- Fixed opportunity to create the vpc, vpn gateway routes (bug during upgrade to 0.12) -- Updated Terraform versions in README -- Added VPC Endpoints for SNS, Cloudtrail, ELB, Cloudwatch ([#269](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/269)) -- Upgrade Docker Image to fix CI ([#270](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/270)) -- Fixed merge conflicts -- Finally, Terraform 0.12 support ([#266](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/266)) - - - -## [v1.73.0] - 2021-02-04 - -- fix: Fixed multiple VPC endpoint error for S3 -- Add VPC endpoints for AppStream, Athena & Rekognition ([#336](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/336)) -- Fixed Sagemaker resource name in VPC endpoint ([#323](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/323)) -- Fixed name of appmesh VPC endpoint ([#320](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/320)) -- Allow ICMP Network ACL rules ([#252](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/252)) -- Added VPC endpoints from [#311](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/311) to Terraform 0.11 branch ([#319](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/319)) -- Add tags to VPC Endpoints ([#293](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/293)) -- Add VPC endpoints for ELB, CloudTrail, CloudWatch and SNS ([#274](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/274)) - - - -## [v2.70.0] - 2021-02-02 - -- feat: Upgraded minimum required versions of AWS provider to 3.10 ([#574](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/574)) - - - -## [v2.69.0] - 2021-02-02 - -- fix: Specify an endpoint type for S3 VPC endpoint ([#573](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/573)) - - - -## [v2.68.0] - 2021-01-29 - -- fix: Fixed wrong count in DMS endpoint ([#566](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/566)) - - - -## [v2.67.0] - 2021-01-29 - -- feat: Adding VPC endpoint for DMS ([#564](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/564)) -- fix: Adding missing RDS endpoint to output.tf ([#563](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/563)) - - - -## [v2.66.0] - 2021-01-14 - -- docs: Clarifies default_vpc attributes ([#552](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/552)) - - - -## [v2.65.0] - 2021-01-14 - -- feat: Adding vpc_flow_log_permissions_boundary ([#536](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/536)) - - - -## [v2.64.0] - 2020-11-04 - -- docs: Updated README and pre-commit ([#537](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/537)) - - - -## [v2.63.0] - 2020-10-26 - -- feat: Lambda VPC Endpoint ([#534](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/534)) - - - -## [v2.62.0] - 2020-10-22 - -- Updated README -- feat: Added Codeartifact API/Repo vpc endpoints ([#515](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/515)) - - - -## [v2.61.0] - 2020-10-22 - -- fix: Updated min required version of Terraform to 0.12.21 ([#532](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/532)) -- Fixed circleci configs - - - -## [v2.60.0] - 2020-10-21 - -- fix: Resource aws_default_network_acl orphaned subnet_ids ([#530](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/530)) - - - -## [v2.59.0] - 2020-10-19 - -- fix: Removed ignore_changes to work with Terraform 0.14 ([#526](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/526)) - - - -## [v2.58.0] - 2020-10-16 - -- feat: Added support for Terraform 0.14 ([#525](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/525)) - - - -## [v2.57.0] - 2020-10-06 - -- revert: Create only required number of NAT gateways ([#492](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/492)) ([#517](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/517)) - - - -## [v2.56.0] - 2020-10-06 - -- fix: Create only required number of NAT gateways ([#492](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/492)) - - - -## [v2.55.0] - 2020-09-28 - -- docs: Updated docs with pre-commit -- feat: Added Textract vpc endpoint ([#509](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/509)) - - - -## [v2.54.0] - 2020-09-23 - -- fix: Split appstream to appstream_api and appstream_streaming ([#508](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/508)) - - - -## [v2.53.0] - 2020-09-23 - -- feat: Add support for security groups ids in default sg's rules ([#491](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/491)) - - - -## [v2.52.0] - 2020-09-22 - -- feat: Added tflint as pre-commit hook ([#507](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/507)) - - - -## [v2.51.0] - 2020-09-15 - -- feat: add enable_public_s3_endpoint variable for S3 VPC Endpoint for public subnets ([#502](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/502)) - - - -## [v2.50.0] - 2020-09-11 - -- feat: Add ability to create CodeDeploy endpoint to VPC ([#501](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/501)) - - - -## [v2.49.0] - 2020-09-11 - -- feat: Add ability to create RDS endpoint to VPC ([#499](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/499)) - - - -## [v2.48.0] - 2020-08-17 - -- fix: Use database route table instead of private route table for NAT gateway route ([#476](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/476)) - - - -## [v2.47.0] - 2020-08-13 - -- feat: add arn outputs for: igw, cgw, vgw, default vpc, acls ([#471](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/471)) - - - -## [v2.46.0] - 2020-08-13 - -- fix: InvalidServiceName for elasticbeanstalk_health ([#484](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/484)) - - - -## [v2.45.0] - 2020-08-13 - -- feat: bump version of aws provider version to support 3.* ([#479](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/479)) -- fix: bumping terraform version from 0.12.6 to 0.12.7 in circleci to include regexall function ([#474](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/474)) -- docs: Fix typo in nat_public_ips ([#460](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/460)) - - - -## [v2.44.0] - 2020-06-21 - -- feat: manage default security group ([#382](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/382)) - - - -## [v2.43.0] - 2020-06-20 - -- feat: add support for disabling IGW for public subnets ([#457](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/457)) - - - -## [v2.42.0] - 2020-06-20 - -- fix: Reorder tags to allow overriding Name tag in route tables ([#458](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/458)) - - - -## [v2.41.0] - 2020-06-20 - -- fix: Output list of external_nat_ips when using external eips ([#432](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/432)) - - - -## [v2.40.0] - 2020-06-20 - -- Updated pre-commit hooks -- feat: Add support for VPC flow log max_aggregation_interval ([#431](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/431)) -- feat: Add support for tagging egress only internet gateway ([#430](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/430)) - - - -## [v2.39.0] - 2020-06-06 - -- feat: Enable support for Terraform 0.13 as a valid version by setting minimum version required ([#455](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/455)) - - - -## [v2.38.0] - 2020-05-25 - -- feat: add vpc_owner_id to outputs ([#428](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/428)) -- docs: Fixed README -- Merge branch 'master' into master -- Updated description of vpc_owner_id -- added owner_id output ([#1](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/1)) - - - -## [v2.37.0] - 2020-05-25 - -- fix: Fix wrong ACM PCA output ([#450](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/450)) - - - -## [v2.36.0] - 2020-05-25 - -- feat: Added support for more VPC endpoints ([#369](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/369)) - - - -## [v2.35.0] - 2020-05-25 - -- feat: Add VPC Endpoint for SES ([#449](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/449)) - - - -## [v2.34.0] - 2020-05-25 - -- feat: Add routes table association and route attachment outputs ([#398](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/398)) -- fix: Updated outputs in ipv6 example ([#375](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/375)) - - - -## [v2.33.0] - 2020-04-02 - -- docs: Updated required versions of Terraform -- feat: Add EC2 Auto Scaling VPC endpoint ([#374](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/374)) -- docs: Document create_database_subnet_group requiring database_subnets ([#424](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/424)) - - - -## [v2.32.0] - 2020-03-24 - -- feat: Add intra subnet VPN route propagation ([#421](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/421)) - - - -## [v2.31.0] - 2020-03-20 - -- chore: Add badge for latest version number ([#384](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/384)) - - - -## [v2.30.0] - 2020-03-19 - - - - -## [v2.29.0] - 2020-03-13 - -- Added tagging for VPC Flow Logs ([#407](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/407)) - - - -## [v2.28.0] - 2020-03-11 - -- Add support for specifying AZ in VPN Gateway ([#401](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/401)) - - - -## [v2.27.0] - 2020-03-11 - -- Fixed output of aws_flow_log - - - -## [v2.26.0] - 2020-03-11 - -- Add VPC Flow Logs capabilities ([#316](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/316)) - - - -## [v2.25.0] - 2020-03-02 - -- Added support for both types of values in azs (names and ids) ([#370](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/370)) - - - -## [v2.24.0] - 2020-01-23 - -- Set minimum terraform version to 0.12.6 (fixes circleci) ([#390](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/390)) - - - -## [v2.23.0] - 2020-01-21 - -- Updated pre-commit-terraform with terraform-docs 0.8.0 support ([#388](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/388)) - - - -## [v2.22.0] - 2020-01-16 - -- Added note about Transit Gateway integration ([#386](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/386)) - - - -## [v2.21.0] - 2019-11-27 - -- fix ipv6 enable ([#340](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/340)) - - - -## [v2.20.0] - 2019-11-27 - -- Added Customer Gateway resource ([#360](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/360)) -- Update TFLint to v0.12.1 for circleci ([#351](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/351)) - - - -## [v2.19.0] - 2019-11-27 - -- Add Elastic File System & Cloud Directory VPC Endpoints ([#355](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/355)) - - - -## [v2.18.0] - 2019-11-04 - -- Fixed spelling mistakes -- Updated network-acls example with IPv6 rules -- Added support for `ipv6_cidr_block` in network acls ([#329](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/329)) -- Added VPC Endpoints for AppStream, Athena & Rekognition ([#335](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/335)) -- Add VPC endpoints for CloudFormation, CodePipeline, Storage Gateway, AppMesh, Transfer, Service Catalog & SageMaker(Runtime & API) ([#324](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/324)) -- Added support for EC2 ClassicLink ([#322](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/322)) -- Added support for ICMP rules in Network ACL ([#286](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/286)) -- Added tags to VPC Endpoints ([#292](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/292)) -- Added more VPC endpoints (Glue, STS, Sagemaker Notebook), and all missing outputs ([#311](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/311)) -- Add IPv6 support ([#317](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/317)) -- Fixed README after merge -- Output var.name ([#303](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/303)) -- Fixed README after merge -- Additional VPC Endpoints ([#302](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/302)) -- Added Kinesis streams and firehose VPC endpoints ([#301](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/301)) -- adding transfer server vpc end point support -- adding codebuild, codecommit and git-codecommit vpc end point support -- adding config vpc end point support -- adding secrets manager vpc end point support -- Updated version of pre-commit-terraform -- Updated pre-commit-terraform to support terraform-docs and Terraform 0.12 ([#288](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/288)) -- Updated VPC endpoint example (fixed [#249](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/249)) -- Update tflint to 0.8.2 for circleci task ([#280](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/280)) -- Fixed broken 2.3.0 -- Fixed opportunity to create the vpc, vpn gateway routes (bug during upgrade to 0.12) -- Updated Terraform versions in README -- Added VPC Endpoints for SNS, Cloudtrail, ELB, Cloudwatch ([#269](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/269)) -- Upgrade Docker Image to fix CI ([#270](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/270)) -- Fixed merge conflicts -- Finally, Terraform 0.12 support ([#266](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/266)) - - - -## [v1.72.0] - 2019-09-30 - -- Add VPC endpoints for AppStream, Athena & Rekognition ([#336](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/336)) -- Fixed Sagemaker resource name in VPC endpoint ([#323](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/323)) -- Fixed name of appmesh VPC endpoint ([#320](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/320)) -- Allow ICMP Network ACL rules ([#252](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/252)) -- Added VPC endpoints from [#311](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/311) to Terraform 0.11 branch ([#319](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/319)) -- Add tags to VPC Endpoints ([#293](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/293)) -- Add VPC endpoints for ELB, CloudTrail, CloudWatch and SNS ([#274](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/274)) - - - -## [v2.17.0] - 2019-09-30 - -- Updated network-acls example with IPv6 rules -- Added support for `ipv6_cidr_block` in network acls ([#329](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/329)) - - - -## [v2.16.0] - 2019-09-30 - -- Added VPC Endpoints for AppStream, Athena & Rekognition ([#335](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/335)) - - - -## [v2.15.0] - 2019-09-03 - -- Add VPC endpoints for CloudFormation, CodePipeline, Storage Gateway, AppMesh, Transfer, Service Catalog & SageMaker(Runtime & API) ([#324](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/324)) -- Added support for EC2 ClassicLink ([#322](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/322)) -- Added support for ICMP rules in Network ACL ([#286](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/286)) -- Added tags to VPC Endpoints ([#292](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/292)) -- Added more VPC endpoints (Glue, STS, Sagemaker Notebook), and all missing outputs ([#311](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/311)) -- Add IPv6 support ([#317](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/317)) -- Fixed README after merge -- Output var.name ([#303](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/303)) -- Fixed README after merge -- Additional VPC Endpoints ([#302](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/302)) -- Added Kinesis streams and firehose VPC endpoints ([#301](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/301)) -- adding transfer server vpc end point support -- adding codebuild, codecommit and git-codecommit vpc end point support -- adding config vpc end point support -- adding secrets manager vpc end point support -- Updated version of pre-commit-terraform -- Updated pre-commit-terraform to support terraform-docs and Terraform 0.12 ([#288](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/288)) -- Updated VPC endpoint example (fixed [#249](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/249)) -- Update tflint to 0.8.2 for circleci task ([#280](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/280)) -- Fixed broken 2.3.0 -- Fixed opportunity to create the vpc, vpn gateway routes (bug during upgrade to 0.12) -- Updated Terraform versions in README -- Added VPC Endpoints for SNS, Cloudtrail, ELB, Cloudwatch ([#269](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/269)) -- Upgrade Docker Image to fix CI ([#270](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/270)) -- Fixed merge conflicts -- Finally, Terraform 0.12 support ([#266](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/266)) - - - -## [v1.71.0] - 2019-09-03 - -- Fixed Sagemaker resource name in VPC endpoint ([#323](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/323)) -- Fixed name of appmesh VPC endpoint ([#320](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/320)) -- Allow ICMP Network ACL rules ([#252](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/252)) -- Added VPC endpoints from [#311](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/311) to Terraform 0.11 branch ([#319](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/319)) -- Add tags to VPC Endpoints ([#293](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/293)) -- Add VPC endpoints for ELB, CloudTrail, CloudWatch and SNS ([#274](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/274)) - - - -## [v2.14.0] - 2019-09-03 - -- Added support for EC2 ClassicLink ([#322](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/322)) - - - -## [v2.13.0] - 2019-09-03 - -- Added support for ICMP rules in Network ACL ([#286](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/286)) -- Added tags to VPC Endpoints ([#292](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/292)) -- Added more VPC endpoints (Glue, STS, Sagemaker Notebook), and all missing outputs ([#311](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/311)) -- Add IPv6 support ([#317](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/317)) -- Fixed README after merge -- Output var.name ([#303](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/303)) -- Fixed README after merge -- Additional VPC Endpoints ([#302](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/302)) -- Added Kinesis streams and firehose VPC endpoints ([#301](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/301)) -- adding transfer server vpc end point support -- adding codebuild, codecommit and git-codecommit vpc end point support -- adding config vpc end point support -- adding secrets manager vpc end point support -- Updated version of pre-commit-terraform -- Updated pre-commit-terraform to support terraform-docs and Terraform 0.12 ([#288](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/288)) -- Updated VPC endpoint example (fixed [#249](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/249)) -- Update tflint to 0.8.2 for circleci task ([#280](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/280)) -- Fixed broken 2.3.0 -- Fixed opportunity to create the vpc, vpn gateway routes (bug during upgrade to 0.12) -- Updated Terraform versions in README -- Added VPC Endpoints for SNS, Cloudtrail, ELB, Cloudwatch ([#269](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/269)) -- Upgrade Docker Image to fix CI ([#270](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/270)) -- Fixed merge conflicts -- Finally, Terraform 0.12 support ([#266](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/266)) - - - -## [v1.70.0] - 2019-09-03 - -- Allow ICMP Network ACL rules ([#252](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/252)) - - - -## [v1.69.0] - 2019-09-03 - -- Added VPC endpoints from [#311](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/311) to Terraform 0.11 branch ([#319](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/319)) - - - -## [v1.68.0] - 2019-09-02 - -- Add tags to VPC Endpoints ([#293](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/293)) -- Add VPC endpoints for ELB, CloudTrail, CloudWatch and SNS ([#274](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/274)) - - - -## [v2.12.0] - 2019-09-02 - -- Added tags to VPC Endpoints ([#292](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/292)) - - - -## [v2.11.0] - 2019-09-02 - -- Added more VPC endpoints (Glue, STS, Sagemaker Notebook), and all missing outputs ([#311](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/311)) - - - -## [v2.10.0] - 2019-09-02 - -- Add IPv6 support ([#317](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/317)) - - - -## [v2.9.0] - 2019-07-21 - -- Fixed README after merge -- Output var.name ([#303](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/303)) - - - -## [v2.8.0] - 2019-07-21 - -- Fixed README after merge -- Additional VPC Endpoints ([#302](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/302)) -- Added Kinesis streams and firehose VPC endpoints ([#301](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/301)) -- adding transfer server vpc end point support -- adding codebuild, codecommit and git-codecommit vpc end point support -- adding config vpc end point support -- adding secrets manager vpc end point support -- Updated version of pre-commit-terraform - - - -## [v2.7.0] - 2019-06-17 - -- Updated pre-commit-terraform to support terraform-docs and Terraform 0.12 ([#288](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/288)) - - - -## [v2.6.0] - 2019-06-13 - -- Updated VPC endpoint example (fixed [#249](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/249)) -- Update tflint to 0.8.2 for circleci task ([#280](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/280)) -- Fixed broken 2.3.0 -- Fixed opportunity to create the vpc, vpn gateway routes (bug during upgrade to 0.12) -- Updated Terraform versions in README -- Added VPC Endpoints for SNS, Cloudtrail, ELB, Cloudwatch ([#269](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/269)) -- Upgrade Docker Image to fix CI ([#270](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/270)) -- Fixed merge conflicts -- Finally, Terraform 0.12 support ([#266](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/266)) - - - -## [v1.67.0] - 2019-06-13 - -- Add VPC endpoints for ELB, CloudTrail, CloudWatch and SNS ([#274](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/274)) - - - -## [v2.5.0] - 2019-06-05 - - - - -## [v2.4.0] - 2019-06-05 - -- Fixed broken 2.3.0 - - - -## [v2.3.0] - 2019-06-04 - -- Fixed opportunity to create the vpc, vpn gateway routes (bug during upgrade to 0.12) - - - -## [v2.2.0] - 2019-05-28 - -- Updated Terraform versions in README - - - -## [v2.1.0] - 2019-05-27 - -- Added VPC Endpoints for SNS, Cloudtrail, ELB, Cloudwatch ([#269](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/269)) -- Upgrade Docker Image to fix CI ([#270](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/270)) - - - -## [v2.0.0] - 2019-05-24 - -- Fixed merge conflicts -- Finally, Terraform 0.12 support ([#266](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/266)) - - - -## [v1.66.0] - 2019-05-24 - -- Added VPC endpoints for SQS (closes [#248](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/248)) -- ECS endpoint ([#261](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/261)) - - - -## [v1.65.0] - 2019-05-21 - -- Improving DHCP options docs ([#260](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/260)) - - - -## [v1.64.0] - 2019-04-25 - -- Fixed formatting -- Add Output Of Subnet ARNs ([#242](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/242)) - - - -## [v1.63.0] - 2019-04-25 - -- Fixed formatting -- Added ARN of VPC in module output ([#245](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/245)) - - - -## [v1.62.0] - 2019-04-25 - -- Add support for KMS VPC endpoint creation ([#243](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/243)) - - - -## [v1.61.0] - 2019-04-25 - -- Added missing VPC endpoints outputs (resolves [#246](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/246)) ([#247](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/247)) - - - -## [v1.60.0] - 2019-03-22 - -- Network ACLs ([#238](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/238)) - - - -## [v1.59.0] - 2019-03-05 - -- Updated changelog -- Resolved conflicts after merge -- Redshift public subnets ([#222](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/222)) -- Redshift public subnets ([#222](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/222)) -- docs: Update comment in docs ([#226](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/226)) - - - -## [v1.58.0] - 2019-03-01 - -- Updated changelog -- API gateway Endpoint ([#225](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/225)) - - - -## [v1.57.0] - 2019-02-21 - -- Bump version - - - -## [v1.56.0] - 2019-02-21 - -- Added intra subnet suffix. ([#220](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/220)) - - - -## [v1.55.0] - 2019-02-14 - -- Fixed formatting after [#213](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/213) -- Added subnet ids to ecr endpoints -- Added option to create ECR api and dkr endpoints - - - -## [v1.54.0] - 2019-02-14 - -- Fixed formatting after [#205](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/205) -- switch to terraform-docs v0.6.0 -- add files updated by pre-commit -- add additional endpoints to examples -- fix typo -- add endpoints ec2messages, ssmmessages as those are required by Systems Manager in addition to ec2 and ssm. - - - -## [v1.53.0] - 2019-01-18 - -- Reordered vars in count for database_nat_gateway route -- adding option to create a route to nat gateway in database subnets - - - -## [v1.52.0] - 2019-01-17 - -- Added SSM and EC2 VPC endpoints (fixes [#195](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/195), [#194](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/194)) - - - -## [v1.51.0] - 2019-01-10 - -- Added possibility to control creation of elasticache and redshift subnet groups - - - -## [v1.50.0] - 2018-12-27 - -- Added azs to outputs which is an argument - - - -## [v1.49.0] - 2018-12-12 - -- Reverted complete-example -- Added IGW route for DB subnets (based on [#179](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/179)) - - - -## [v1.48.0] - 2018-12-11 - -- Updated pre-commit version with new terraform-docs script - - - -## [v1.47.0] - 2018-12-11 - -- Fix for the error: module.vpc.aws_redshift_subnet_group.redshift: only lowercase alphanumeric characters and hyphens allowed in name - - - -## [v1.46.0] - 2018-10-06 - -- Fixed [#177](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/177) - public_subnets should not always be validated - - - -## [v1.45.0] - 2018-10-01 - -- Updated README.md after merge -- Added amazon_side_asn to vpn_gateway ([#159](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/159)) - - - -## [v1.44.0] - 2018-09-18 - -- Reordering tag merging ([#148](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/148)) - - - -## [v1.43.2] - 2018-09-17 - -- Updated link to cloudcraft - - - -## [v1.43.1] - 2018-09-17 - -- Updated link to cloudcraft - - - -## [v1.43.0] - 2018-09-16 - -- Removed comments starting from # to fix README -- Added cloudcraft.co as a sponsor for this module -- Added cloudcraft.co as a sponsor for this module - - - -## [v1.42.0] - 2018-09-14 - -- add vars for custom subnet and route table names ([#168](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/168)) - - - -## [v1.41.0] - 2018-09-04 - -- Add secondary CIDR block support ([#163](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/163)) - - - -## [v1.40.0] - 2018-08-19 - -- Removed IPv6 from outputs (fixed [#157](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/157)) ([#158](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/158)) - - - -## [v1.39.0] - 2018-08-19 - -- Add minimum support for IPv6 to VPC ([#156](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/156)) - - - -## [v1.38.0] - 2018-08-18 - -- Provide separate route tables for db/elasticache/redshift ([#155](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/155)) -- Fixing typo overriden -> overridden ([#150](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/150)) - - - -## [v1.37.0] - 2018-06-22 - -- Removed obsolete default_route_table_tags (fixed [#146](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/146)) - - - -## [v1.36.0] - 2018-06-20 - -- Allow tags override for all resources (fix for [#138](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/138)) ([#145](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/145)) - - - -## [v1.35.0] - 2018-06-20 - -- Updated README after [#141](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/141) -- Add `nat_gateway_tags` input ([#141](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/141)) - - - -## [v1.34.0] - 2018-06-05 - -- Fixed creation of aws_vpc_endpoint_route_table_association when intra_subnets are not set (fixes 137) - - - -## [v1.33.0] - 2018-06-04 - -- Added missing route_table for intra_subnets, and prepare the release -- Adding "intra subnets" as a class ([#135](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/135)) - - - -## [v1.32.0] - 2018-05-24 - -- Prepared release, updated README a bit -- Fix [#117](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/117) - Add `one_nat_gateway_per_az` functionality ([#129](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/129)) - - - -## [v1.31.0] - 2018-05-16 - -- Added pre-commit hook to autogenerate terraform-docs ([#127](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/127)) - - - -## [v1.30.0] - 2018-04-09 - -- Fixed formatting -- Added longer timeouts for aws_route create ([#113](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/113)) - - - -## [v1.29.0] - 2018-04-05 - -- Creates a single private route table when single_nat_gateway is true ([#83](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/83)) - - - -## [v1.28.0] - 2018-04-05 - -- Ensures the correct number of S3 and DDB VPC Endpoint associations ([#90](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/90)) - - - -## [v1.27.0] - 2018-04-05 - -- Removed aws_default_route_table and aws_main_route_table_association, added potentially failed example ([#111](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/111)) - - - -## [v1.26.0] - 2018-03-06 - -- Added default CIDR block as 0.0.0.0/0 ([#93](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/93)) - - - -## [v1.25.0] - 2018-03-02 - -- Fixed complete example -- Make terraform recognize lists when uring variables ([#92](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/92)) - - - -## [v1.24.0-pre] - 2018-03-01 - -- Fixed description -- Fixed aws_vpn_gateway_route_propagation for default route table - - - -## [v1.23.0] - 2018-02-10 - -- Extended aws_vpn_gateway use case. ([#67](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/67)) - - - -## [v1.22.1] - 2018-02-10 - -- Removed classiclink from outputs because it is not present in recent regions ([#78](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/78)) - - - -## [v1.22.0] - 2018-02-09 - -- Added support for default VPC resource ([#75](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/75)) - - - -## [v1.21.0] - 2018-02-09 - -- Added possibility to create VPC conditionally ([#74](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/74)) - - - -## [v1.20.0] - 2018-02-09 - -- Manage Default Route Table under Terraform ([#69](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/69)) - - - -## [v1.19.0] - 2018-02-09 - -- Only create one public route association for s3 endpoint ([#73](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/73)) - - - -## [v1.18.0] - 2018-02-05 - -- Adding tests for vpc, subnets, and route tables ([#31](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/31)) -- Improve documentation about the usage of external NAT gateway IPs ([#66](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/66)) - - - -## [v1.17.0] - 2018-01-21 - -- Issue [#58](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/58): Add ElastiCache subnet group name output. ([#60](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/60)) - - - -## [v1.16.0] - 2018-01-21 - -- Terraform fmt -- Issue [#56](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/56): Added tags for elastic ips ([#61](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/61)) - - - -## [v1.15.0] - 2018-01-19 - -- Lowercase database subnet group name ([#57](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/57)) - - - -## [v1.14.0] - 2018-01-11 - -- Add Redshift subnets ([#54](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/54)) - - - -## [v1.13.0] - 2018-01-03 - -- Ignore changes to propagating_vgws of private routing table ([#50](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/50)) - - - -## [v1.12.0] - 2017-12-12 - -- Downgraded require_version from 0.10.13 to 0.10.3 ([#48](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/48)) - - - -## [v1.11.0] - 2017-12-11 - -- Added fix for issue when no private subnets are defined ([#47](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/47)) - - - -## [v1.10.0] - 2017-12-11 - -- Fixing edge case when VPC is not symmetrical with few private subnets ([#45](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/45)) - - - -## [v1.9.1] - 2017-12-07 - -- Minor fix in README - - - -## [v1.9.0] - 2017-12-07 - -- Allow passing in EIPs for the NAT Gateways ([#38](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/38)) - - - -## [v1.8.0] - 2017-12-06 - -- change conditional private routes ([#36](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/36)) - - - -## [v1.7.0] - 2017-12-06 - -- Add extra tags for DHCP option set ([#42](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/42)) -- Add "default_route_table_id" to outputs ([#41](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/41)) - - - -## [v1.6.0] - 2017-12-06 - -- Add support for additional tags on VPC ([#43](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/43)) -- Reverted bad merge, fixed [#33](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/33) -- Set enable_dns_support=true by default - - - -## [v1.4.1] - 2017-11-23 - -- Reverted bad merge, fixed [#33](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/33) - - - -## [v1.5.1] - 2017-11-23 - - - - -## [v1.5.0] - 2017-11-23 - -- Reverted bad merge, fixed [#33](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/33) -- Set enable_dns_support=true by default -- Updated descriptions for DNS variables (closes [#14](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/14)) - - - -## [v1.4.0] - 2017-11-22 - -- Add version requirements in README.md (fixes [#32](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/32)) -- Add version requirements in README.md - - - -## [v1.3.0] - 2017-11-16 - -- make sure outputs are always valid ([#29](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/29)) -- Add tags to the aws_vpc_dhcp_options resource ([#30](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/30)) - - - -## [v1.2.0] - 2017-11-11 - -- Add support for DHCP options set ([#20](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/20)) - - - -## [v1.1.0] - 2017-11-11 - -- [#22](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/22) add vpn gateway feature ([#24](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/24)) -- Add cidr_block outputs to public and private subnets ([#19](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/19)) -- Add AZ to natgateway name - - - -## [v1.0.4] - 2017-10-20 - -- NAT gateway should be tagged too. - - - -## [v1.0.3] - 2017-10-12 - -- Make aws_vpc_endpoint_service conditional -- Improve variable descriptions - - - -## [v1.0.2] - 2017-09-27 - -- disable dynamodb data source when not needed - - - -## [v1.0.1] - 2017-09-26 - -- Updated link in README -- Allow the user to define custom tags for route tables - - - -## v1.0.0 - 2017-09-12 - -- Updated README -- Updated README -- Aded examples and updated names -- Added descriptions, applied fmt -- Removed parts of readme -- Initial commit -- Initial commit - - -[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.11.0...HEAD -[v3.11.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.10.0...v3.11.0 -[v3.10.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.9.0...v3.10.0 -[v3.9.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.8.0...v3.9.0 -[v3.8.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.7.0...v3.8.0 -[v3.7.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.6.0...v3.7.0 -[v3.6.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.5.0...v3.6.0 -[v3.5.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.4.0...v3.5.0 -[v3.4.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.3.0...v3.4.0 -[v3.3.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.2.0...v3.3.0 -[v3.2.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.1.0...v3.2.0 -[v3.1.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.0.0...v3.1.0 -[v3.0.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.78.0...v3.0.0 -[v2.78.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.77.0...v2.78.0 -[v2.77.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.76.0...v2.77.0 -[v2.76.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.75.0...v2.76.0 -[v2.75.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.74.0...v2.75.0 -[v2.74.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.73.0...v2.74.0 -[v2.73.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.72.0...v2.73.0 -[v2.72.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.71.0...v2.72.0 -[v2.71.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.73.0...v2.71.0 -[v1.73.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.70.0...v1.73.0 -[v2.70.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.69.0...v2.70.0 -[v2.69.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.68.0...v2.69.0 -[v2.68.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.67.0...v2.68.0 -[v2.67.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.66.0...v2.67.0 -[v2.66.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.65.0...v2.66.0 -[v2.65.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.64.0...v2.65.0 -[v2.64.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.63.0...v2.64.0 -[v2.63.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.62.0...v2.63.0 -[v2.62.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.61.0...v2.62.0 -[v2.61.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.60.0...v2.61.0 -[v2.60.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.59.0...v2.60.0 -[v2.59.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.58.0...v2.59.0 -[v2.58.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.57.0...v2.58.0 -[v2.57.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.56.0...v2.57.0 -[v2.56.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.55.0...v2.56.0 -[v2.55.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.54.0...v2.55.0 -[v2.54.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.53.0...v2.54.0 -[v2.53.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.52.0...v2.53.0 -[v2.52.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.51.0...v2.52.0 -[v2.51.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.50.0...v2.51.0 -[v2.50.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.49.0...v2.50.0 -[v2.49.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.48.0...v2.49.0 -[v2.48.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.47.0...v2.48.0 -[v2.47.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.46.0...v2.47.0 -[v2.46.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.45.0...v2.46.0 -[v2.45.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.44.0...v2.45.0 -[v2.44.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.43.0...v2.44.0 -[v2.43.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.42.0...v2.43.0 -[v2.42.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.41.0...v2.42.0 -[v2.41.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.40.0...v2.41.0 -[v2.40.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.39.0...v2.40.0 -[v2.39.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.38.0...v2.39.0 -[v2.38.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.37.0...v2.38.0 -[v2.37.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.36.0...v2.37.0 -[v2.36.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.35.0...v2.36.0 -[v2.35.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.34.0...v2.35.0 -[v2.34.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.33.0...v2.34.0 -[v2.33.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.32.0...v2.33.0 -[v2.32.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.31.0...v2.32.0 -[v2.31.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.30.0...v2.31.0 -[v2.30.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.29.0...v2.30.0 -[v2.29.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.28.0...v2.29.0 -[v2.28.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.27.0...v2.28.0 -[v2.27.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.26.0...v2.27.0 -[v2.26.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.25.0...v2.26.0 -[v2.25.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.24.0...v2.25.0 -[v2.24.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.23.0...v2.24.0 -[v2.23.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.22.0...v2.23.0 -[v2.22.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.21.0...v2.22.0 -[v2.21.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.20.0...v2.21.0 -[v2.20.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.19.0...v2.20.0 -[v2.19.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.18.0...v2.19.0 -[v2.18.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.72.0...v2.18.0 -[v1.72.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.17.0...v1.72.0 -[v2.17.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.16.0...v2.17.0 -[v2.16.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.15.0...v2.16.0 -[v2.15.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.71.0...v2.15.0 -[v1.71.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.14.0...v1.71.0 -[v2.14.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.13.0...v2.14.0 -[v2.13.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.70.0...v2.13.0 -[v1.70.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.69.0...v1.70.0 -[v1.69.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.68.0...v1.69.0 -[v1.68.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.12.0...v1.68.0 -[v2.12.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.11.0...v2.12.0 -[v2.11.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.10.0...v2.11.0 -[v2.10.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.9.0...v2.10.0 -[v2.9.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.8.0...v2.9.0 -[v2.8.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.7.0...v2.8.0 -[v2.7.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.6.0...v2.7.0 -[v2.6.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.67.0...v2.6.0 -[v1.67.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.5.0...v1.67.0 -[v2.5.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.4.0...v2.5.0 -[v2.4.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.3.0...v2.4.0 -[v2.3.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.2.0...v2.3.0 -[v2.2.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.1.0...v2.2.0 -[v2.1.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v2.0.0...v2.1.0 -[v2.0.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.66.0...v2.0.0 -[v1.66.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.65.0...v1.66.0 -[v1.65.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.64.0...v1.65.0 -[v1.64.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.63.0...v1.64.0 -[v1.63.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.62.0...v1.63.0 -[v1.62.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.61.0...v1.62.0 -[v1.61.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.60.0...v1.61.0 -[v1.60.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.59.0...v1.60.0 -[v1.59.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.58.0...v1.59.0 -[v1.58.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.57.0...v1.58.0 -[v1.57.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.56.0...v1.57.0 -[v1.56.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.55.0...v1.56.0 -[v1.55.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.54.0...v1.55.0 -[v1.54.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.53.0...v1.54.0 -[v1.53.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.52.0...v1.53.0 -[v1.52.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.51.0...v1.52.0 -[v1.51.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.50.0...v1.51.0 -[v1.50.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.49.0...v1.50.0 -[v1.49.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.48.0...v1.49.0 -[v1.48.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.47.0...v1.48.0 -[v1.47.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.46.0...v1.47.0 -[v1.46.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.45.0...v1.46.0 -[v1.45.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.44.0...v1.45.0 -[v1.44.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.43.2...v1.44.0 -[v1.43.2]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.43.1...v1.43.2 -[v1.43.1]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.43.0...v1.43.1 -[v1.43.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.42.0...v1.43.0 -[v1.42.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.41.0...v1.42.0 -[v1.41.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.40.0...v1.41.0 -[v1.40.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.39.0...v1.40.0 -[v1.39.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.38.0...v1.39.0 -[v1.38.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.37.0...v1.38.0 -[v1.37.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.36.0...v1.37.0 -[v1.36.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.35.0...v1.36.0 -[v1.35.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.34.0...v1.35.0 -[v1.34.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.33.0...v1.34.0 -[v1.33.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.32.0...v1.33.0 -[v1.32.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.31.0...v1.32.0 -[v1.31.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.30.0...v1.31.0 -[v1.30.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.29.0...v1.30.0 -[v1.29.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.28.0...v1.29.0 -[v1.28.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.27.0...v1.28.0 -[v1.27.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.26.0...v1.27.0 -[v1.26.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.25.0...v1.26.0 -[v1.25.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.24.0-pre...v1.25.0 -[v1.24.0-pre]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.23.0...v1.24.0-pre -[v1.23.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.22.1...v1.23.0 -[v1.22.1]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.22.0...v1.22.1 -[v1.22.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.21.0...v1.22.0 -[v1.21.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.20.0...v1.21.0 -[v1.20.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.19.0...v1.20.0 -[v1.19.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.18.0...v1.19.0 -[v1.18.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.17.0...v1.18.0 -[v1.17.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.16.0...v1.17.0 -[v1.16.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.15.0...v1.16.0 -[v1.15.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.14.0...v1.15.0 -[v1.14.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.13.0...v1.14.0 -[v1.13.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.12.0...v1.13.0 -[v1.12.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.11.0...v1.12.0 -[v1.11.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.10.0...v1.11.0 -[v1.10.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.9.1...v1.10.0 -[v1.9.1]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.9.0...v1.9.1 -[v1.9.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.8.0...v1.9.0 -[v1.8.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.7.0...v1.8.0 -[v1.7.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.6.0...v1.7.0 -[v1.6.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.4.1...v1.6.0 -[v1.4.1]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.5.1...v1.4.1 -[v1.5.1]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.5.0...v1.5.1 -[v1.5.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.4.0...v1.5.0 -[v1.4.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.3.0...v1.4.0 -[v1.3.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.2.0...v1.3.0 -[v1.2.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.1.0...v1.2.0 -[v1.1.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.0.4...v1.1.0 -[v1.0.4]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.0.3...v1.0.4 -[v1.0.3]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.0.2...v1.0.3 -[v1.0.2]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.0.1...v1.0.2 -[v1.0.1]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.0.0...v1.0.1 diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/LICENSE b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/LICENSE deleted file mode 100644 index d9a10c0d..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/LICENSE +++ /dev/null @@ -1,176 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/README.md b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/README.md deleted file mode 100644 index caf1610f..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/README.md +++ /dev/null @@ -1,708 +0,0 @@ -# AWS VPC Terraform module - -Terraform module which creates VPC resources on AWS. - -[](https://github.com/vshymanskyy/StandWithUkraine/blob/main/docs/README.md) - -## Usage - -```hcl -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - - name = "my-vpc" - cidr = "10.0.0.0/16" - - azs = ["eu-west-1a", "eu-west-1b", "eu-west-1c"] - private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] - public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"] - - enable_nat_gateway = true - enable_vpn_gateway = true - - tags = { - Terraform = "true" - Environment = "dev" - } -} -``` - -## External NAT Gateway IPs - -By default this module will provision new Elastic IPs for the VPC's NAT Gateways. -This means that when creating a new VPC, new IPs are allocated, and when that VPC is destroyed those IPs are released. -Sometimes it is handy to keep the same IPs even after the VPC is destroyed and re-created. -To that end, it is possible to assign existing IPs to the NAT Gateways. -This prevents the destruction of the VPC from releasing those IPs, while making it possible that a re-created VPC uses the same IPs. - -To achieve this, allocate the IPs outside the VPC module declaration. - -```hcl -resource "aws_eip" "nat" { - count = 3 - - vpc = true -} -``` - -Then, pass the allocated IPs as a parameter to this module. - -```hcl -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - - # The rest of arguments are omitted for brevity - - enable_nat_gateway = true - single_nat_gateway = false - reuse_nat_ips = true # <= Skip creation of EIPs for the NAT Gateways - external_nat_ip_ids = "${aws_eip.nat.*.id}" # <= IPs specified here as input to the module -} -``` - -Note that in the example we allocate 3 IPs because we will be provisioning 3 NAT Gateways (due to `single_nat_gateway = false` and having 3 subnets). -If, on the other hand, `single_nat_gateway = true`, then `aws_eip.nat` would only need to allocate 1 IP. -Passing the IPs into the module is done by setting two variables `reuse_nat_ips = true` and `external_nat_ip_ids = "${aws_eip.nat.*.id}"`. - -## NAT Gateway Scenarios - -This module supports three scenarios for creating NAT gateways. Each will be explained in further detail in the corresponding sections. - -- One NAT Gateway per subnet (default behavior) - - `enable_nat_gateway = true` - - `single_nat_gateway = false` - - `one_nat_gateway_per_az = false` -- Single NAT Gateway - - `enable_nat_gateway = true` - - `single_nat_gateway = true` - - `one_nat_gateway_per_az = false` -- One NAT Gateway per availability zone - - `enable_nat_gateway = true` - - `single_nat_gateway = false` - - `one_nat_gateway_per_az = true` - -If both `single_nat_gateway` and `one_nat_gateway_per_az` are set to `true`, then `single_nat_gateway` takes precedence. - -### One NAT Gateway per subnet (default) - -By default, the module will determine the number of NAT Gateways to create based on the `max()` of the private subnet lists (`database_subnets`, `elasticache_subnets`, `private_subnets`, and `redshift_subnets`). The module **does not** take into account the number of `intra_subnets`, since the latter are designed to have no Internet access via NAT Gateway. For example, if your configuration looks like the following: - -```hcl -database_subnets = ["10.0.21.0/24", "10.0.22.0/24"] -elasticache_subnets = ["10.0.31.0/24", "10.0.32.0/24"] -private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24", "10.0.4.0/24", "10.0.5.0/24"] -redshift_subnets = ["10.0.41.0/24", "10.0.42.0/24"] -intra_subnets = ["10.0.51.0/24", "10.0.52.0/24", "10.0.53.0/24"] -``` - -Then `5` NAT Gateways will be created since `5` private subnet CIDR blocks were specified. - -### Single NAT Gateway - -If `single_nat_gateway = true`, then all private subnets will route their Internet traffic through this single NAT gateway. The NAT gateway will be placed in the first public subnet in your `public_subnets` block. - -### One NAT Gateway per availability zone - -If `one_nat_gateway_per_az = true` and `single_nat_gateway = false`, then the module will place one NAT gateway in each availability zone you specify in `var.azs`. There are some requirements around using this feature flag: - -- The variable `var.azs` **must** be specified. -- The number of public subnet CIDR blocks specified in `public_subnets` **must** be greater than or equal to the number of availability zones specified in `var.azs`. This is to ensure that each NAT Gateway has a dedicated public subnet to deploy to. - -## "private" versus "intra" subnets - -By default, if NAT Gateways are enabled, private subnets will be configured with routes for Internet traffic that point at the NAT Gateways configured by use of the above options. - -If you need private subnets that should have no Internet routing (in the sense of [RFC1918 Category 1 subnets](https://tools.ietf.org/html/rfc1918)), `intra_subnets` should be specified. An example use case is configuration of AWS Lambda functions within a VPC, where AWS Lambda functions only need to pass traffic to internal resources or VPC endpoints for AWS services. - -Since AWS Lambda functions allocate Elastic Network Interfaces in proportion to the traffic received ([read more](https://docs.aws.amazon.com/lambda/latest/dg/vpc.html)), it can be useful to allocate a large private subnet for such allocations, while keeping the traffic they generate entirely internal to the VPC. - -You can add additional tags with `intra_subnet_tags` as with other subnet types. - -## VPC Flow Log - -VPC Flow Log allows to capture IP traffic for a specific network interface (ENI), subnet, or entire VPC. This module supports enabling or disabling VPC Flow Logs for entire VPC. If you need to have VPC Flow Logs for subnet or ENI, you have to manage it outside of this module with [aws_flow_log resource](https://www.terraform.io/docs/providers/aws/r/flow_log.html). - -### VPC Flow Log Examples - -By default `file_format` is `plain-text`. You can also specify `parquet` to have logs written in Apache Parquet format. - -``` -flow_log_file_format = "parquet" -``` - -### Permissions Boundary - -If your organization requires a permissions boundary to be attached to the VPC Flow Log role, make sure that you specify an ARN of the permissions boundary policy as `vpc_flow_log_permissions_boundary` argument. Read more about required [IAM policy for publishing flow logs](https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs-cwl.html#flow-logs-iam). - -## Conditional creation - -Prior to Terraform 0.13, you were unable to specify `count` in a module block. If you wish to toggle the creation of the module's resources in an older (pre 0.13) version of Terraform, you can use the `create_vpc` argument. - -```hcl -# This VPC will not be created -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - - create_vpc = false - # ... omitted -} -``` - -## Public access to RDS instances - -Sometimes it is handy to have public access to RDS instances (it is not recommended for production) by specifying these arguments: - -```hcl - create_database_subnet_group = true - create_database_subnet_route_table = true - create_database_internet_gateway_route = true - - enable_dns_hostnames = true - enable_dns_support = true -``` - -## Network Access Control Lists (ACL or NACL) - -This module can manage network ACL and rules. Once VPC is created, AWS creates the default network ACL, which can be controlled using this module (`manage_default_network_acl = true`). - -Also, each type of subnet may have its own network ACL with custom rules per subnet. Eg, set `public_dedicated_network_acl = true` to use dedicated network ACL for the public subnets; set values of `public_inbound_acl_rules` and `public_outbound_acl_rules` to specify all the NACL rules you need to have on public subnets (see `variables.tf` for default values and structures). - -By default, all subnets are associated with the default network ACL. - -## Public access to Redshift cluster - -Sometimes it is handy to have public access to Redshift clusters (for example if you need to access it by Kinesis - VPC endpoint for Kinesis is not yet supported by Redshift) by specifying these arguments: - -```hcl - enable_public_redshift = true # <= By default Redshift subnets will be associated with the private route table -``` - -## Transit Gateway (TGW) integration - -It is possible to integrate this VPC module with [terraform-aws-transit-gateway module](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway) which handles the creation of TGW resources and VPC attachments. See [complete example there](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/tree/master/examples/complete). - -## VPC CIDR from AWS IP Address Manager (IPAM) - -It is possible to have your VPC CIDR assigned from an [AWS IPAM Pool](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipam_pool). However, In order to build subnets within this module Terraform must know subnet CIDRs to properly plan the amount of resources to build. Since CIDR is derived by IPAM by calling CreateVpc this is not possible within a module unless cidr is known ahead of time. You can get around this by "previewing" the CIDR and then using that as the subnet values. - -_Note: Due to race conditions with `terraform plan`, it is not possible to use `ipv4_netmask_length` or a pools `allocation_default_netmask_length` within this module. You must explicitly set the CIDRs for a pool to use._ - -```hcl -# Find the pool RAM shared to your account -# Info on RAM sharing pools: https://docs.aws.amazon.com/vpc/latest/ipam/share-pool-ipam.html -data "aws_vpc_ipam_pool" "ipv4_example" { - filter { - name = "description" - values = ["*mypool*"] - } - - filter { - name = "address-family" - values = ["ipv4"] - } -} - -# Preview next CIDR from pool -data "aws_vpc_ipam_preview_next_cidr" "previewed_cidr" { - ipam_pool_id = data.aws_vpc_ipam_pool.ipv4_example.id - netmask_length = 24 -} - -data "aws_region" "current" {} - -# Calculate subnet cidrs from previewed IPAM CIDR -locals { - partition = cidrsubnets(data.aws_vpc_ipam_preview_next_cidr.previewed_cidr.cidr, 2, 2) - private_subnets = cidrsubnets(local.partition[0], 2, 2) - public_subnets = cidrsubnets(local.partition[1], 2, 2) - azs = formatlist("${data.aws_region.current.name}%s", ["a", "b"]) -} - -module "vpc_cidr_from_ipam" { - source = "terraform-aws-modules/vpc/aws" - name = "vpc-cidr-from-ipam" - ipv4_ipam_pool_id = data.aws_vpc_ipam_pool.ipv4_example.id - azs = local.azs - cidr = data.aws_vpc_ipam_preview_next_cidr.previewed_cidr.cidr - private_subnets = local.private_subnets - public_subnets = local.public_subnets -} -``` - -## Examples - -- [Complete VPC](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/complete) with VPC Endpoints. -- [VPC using IPAM](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/ipam) -- [Dualstack IPv4/IPv6 VPC](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/ipv6-dualstack) -- [IPv6 only subnets/VPC](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/ipv6-only) -- [Manage Default VPC](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/manage-default-vpc) -- [Network ACL](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/network-acls) -- [VPC with Outpost](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/outpost) -- [VPC with secondary CIDR blocks](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/secondary-cidr-blocks) -- [VPC with unique route tables](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/separate-route-tables) -- [Simple VPC](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/simple) -- [VPC Flow Logs](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/vpc-flow-logs) -- [Few tests and edge case examples](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/issues) - -## Contributing - -Report issues/questions/feature requests on in the [issues](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/new) section. - -Full contributing [guidelines are covered here](.github/contributing.md). - - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.0 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | >= 5.0 | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [aws_cloudwatch_log_group.flow_log](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource | -| [aws_customer_gateway.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/customer_gateway) | resource | -| [aws_db_subnet_group.database](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_subnet_group) | resource | -| [aws_default_network_acl.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_network_acl) | resource | -| [aws_default_route_table.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_route_table) | resource | -| [aws_default_security_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_security_group) | resource | -| [aws_default_vpc.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_vpc) | resource | -| [aws_egress_only_internet_gateway.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/egress_only_internet_gateway) | resource | -| [aws_eip.nat](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip) | resource | -| [aws_elasticache_subnet_group.elasticache](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_subnet_group) | resource | -| [aws_flow_log.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/flow_log) | resource | -| [aws_iam_policy.vpc_flow_log_cloudwatch](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_role.vpc_flow_log_cloudwatch](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | -| [aws_iam_role_policy_attachment.vpc_flow_log_cloudwatch](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [aws_internet_gateway.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/internet_gateway) | resource | -| [aws_nat_gateway.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/nat_gateway) | resource | -| [aws_network_acl.database](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl) | resource | -| [aws_network_acl.elasticache](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl) | resource | -| [aws_network_acl.intra](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl) | resource | -| [aws_network_acl.outpost](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl) | resource | -| [aws_network_acl.private](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl) | resource | -| [aws_network_acl.public](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl) | resource | -| [aws_network_acl.redshift](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl) | resource | -| [aws_network_acl_rule.database_inbound](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule) | resource | -| [aws_network_acl_rule.database_outbound](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule) | resource | -| [aws_network_acl_rule.elasticache_inbound](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule) | resource | -| [aws_network_acl_rule.elasticache_outbound](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule) | resource | -| [aws_network_acl_rule.intra_inbound](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule) | resource | -| [aws_network_acl_rule.intra_outbound](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule) | resource | -| [aws_network_acl_rule.outpost_inbound](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule) | resource | -| [aws_network_acl_rule.outpost_outbound](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule) | resource | -| [aws_network_acl_rule.private_inbound](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule) | resource | -| [aws_network_acl_rule.private_outbound](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule) | resource | -| [aws_network_acl_rule.public_inbound](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule) | resource | -| [aws_network_acl_rule.public_outbound](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule) | resource | -| [aws_network_acl_rule.redshift_inbound](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule) | resource | -| [aws_network_acl_rule.redshift_outbound](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule) | resource | -| [aws_redshift_subnet_group.redshift](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/redshift_subnet_group) | resource | -| [aws_route.database_dns64_nat_gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource | -| [aws_route.database_internet_gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource | -| [aws_route.database_ipv6_egress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource | -| [aws_route.database_nat_gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource | -| [aws_route.private_dns64_nat_gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource | -| [aws_route.private_ipv6_egress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource | -| [aws_route.private_nat_gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource | -| [aws_route.public_internet_gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource | -| [aws_route.public_internet_gateway_ipv6](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource | -| [aws_route_table.database](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table) | resource | -| [aws_route_table.elasticache](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table) | resource | -| [aws_route_table.intra](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table) | resource | -| [aws_route_table.private](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table) | resource | -| [aws_route_table.public](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table) | resource | -| [aws_route_table.redshift](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table) | resource | -| [aws_route_table_association.database](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table_association) | resource | -| [aws_route_table_association.elasticache](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table_association) | resource | -| [aws_route_table_association.intra](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table_association) | resource | -| [aws_route_table_association.outpost](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table_association) | resource | -| [aws_route_table_association.private](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table_association) | resource | -| [aws_route_table_association.public](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table_association) | resource | -| [aws_route_table_association.redshift](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table_association) | resource | -| [aws_route_table_association.redshift_public](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table_association) | resource | -| [aws_subnet.database](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | resource | -| [aws_subnet.elasticache](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | resource | -| [aws_subnet.intra](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | resource | -| [aws_subnet.outpost](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | resource | -| [aws_subnet.private](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | resource | -| [aws_subnet.public](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | resource | -| [aws_subnet.redshift](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | resource | -| [aws_vpc.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc) | resource | -| [aws_vpc_dhcp_options.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_dhcp_options) | resource | -| [aws_vpc_dhcp_options_association.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_dhcp_options_association) | resource | -| [aws_vpc_ipv4_cidr_block_association.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipv4_cidr_block_association) | resource | -| [aws_vpn_gateway.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpn_gateway) | resource | -| [aws_vpn_gateway_attachment.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpn_gateway_attachment) | resource | -| [aws_vpn_gateway_route_propagation.intra](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpn_gateway_route_propagation) | resource | -| [aws_vpn_gateway_route_propagation.private](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpn_gateway_route_propagation) | resource | -| [aws_vpn_gateway_route_propagation.public](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpn_gateway_route_propagation) | resource | -| [aws_iam_policy_document.flow_log_cloudwatch_assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_iam_policy_document.vpc_flow_log_cloudwatch](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [amazon\_side\_asn](#input\_amazon\_side\_asn) | The Autonomous System Number (ASN) for the Amazon side of the gateway. By default the virtual private gateway is created with the current default Amazon ASN | `string` | `"64512"` | no | -| [azs](#input\_azs) | A list of availability zones names or ids in the region | `list(string)` | `[]` | no | -| [cidr](#input\_cidr) | (Optional) The IPv4 CIDR block for the VPC. CIDR can be explicitly set or it can be derived from IPAM using `ipv4_netmask_length` & `ipv4_ipam_pool_id` | `string` | `"10.0.0.0/16"` | no | -| [create\_database\_internet\_gateway\_route](#input\_create\_database\_internet\_gateway\_route) | Controls if an internet gateway route for public database access should be created | `bool` | `false` | no | -| [create\_database\_nat\_gateway\_route](#input\_create\_database\_nat\_gateway\_route) | Controls if a nat gateway route should be created to give internet access to the database subnets | `bool` | `false` | no | -| [create\_database\_subnet\_group](#input\_create\_database\_subnet\_group) | Controls if database subnet group should be created (n.b. database\_subnets must also be set) | `bool` | `true` | no | -| [create\_database\_subnet\_route\_table](#input\_create\_database\_subnet\_route\_table) | Controls if separate route table for database should be created | `bool` | `false` | no | -| [create\_egress\_only\_igw](#input\_create\_egress\_only\_igw) | Controls if an Egress Only Internet Gateway is created and its related routes | `bool` | `true` | no | -| [create\_elasticache\_subnet\_group](#input\_create\_elasticache\_subnet\_group) | Controls if elasticache subnet group should be created | `bool` | `true` | no | -| [create\_elasticache\_subnet\_route\_table](#input\_create\_elasticache\_subnet\_route\_table) | Controls if separate route table for elasticache should be created | `bool` | `false` | no | -| [create\_flow\_log\_cloudwatch\_iam\_role](#input\_create\_flow\_log\_cloudwatch\_iam\_role) | Whether to create IAM role for VPC Flow Logs | `bool` | `false` | no | -| [create\_flow\_log\_cloudwatch\_log\_group](#input\_create\_flow\_log\_cloudwatch\_log\_group) | Whether to create CloudWatch log group for VPC Flow Logs | `bool` | `false` | no | -| [create\_igw](#input\_create\_igw) | Controls if an Internet Gateway is created for public subnets and the related routes that connect them | `bool` | `true` | no | -| [create\_redshift\_subnet\_group](#input\_create\_redshift\_subnet\_group) | Controls if redshift subnet group should be created | `bool` | `true` | no | -| [create\_redshift\_subnet\_route\_table](#input\_create\_redshift\_subnet\_route\_table) | Controls if separate route table for redshift should be created | `bool` | `false` | no | -| [create\_vpc](#input\_create\_vpc) | Controls if VPC should be created (it affects almost all resources) | `bool` | `true` | no | -| [customer\_gateway\_tags](#input\_customer\_gateway\_tags) | Additional tags for the Customer Gateway | `map(string)` | `{}` | no | -| [customer\_gateways](#input\_customer\_gateways) | Maps of Customer Gateway's attributes (BGP ASN and Gateway's Internet-routable external IP address) | `map(map(any))` | `{}` | no | -| [customer\_owned\_ipv4\_pool](#input\_customer\_owned\_ipv4\_pool) | The customer owned IPv4 address pool. Typically used with the `map_customer_owned_ip_on_launch` argument. The `outpost_arn` argument must be specified when configured | `string` | `null` | no | -| [database\_acl\_tags](#input\_database\_acl\_tags) | Additional tags for the database subnets network ACL | `map(string)` | `{}` | no | -| [database\_dedicated\_network\_acl](#input\_database\_dedicated\_network\_acl) | Whether to use dedicated network ACL (not default) and custom rules for database subnets | `bool` | `false` | no | -| [database\_inbound\_acl\_rules](#input\_database\_inbound\_acl\_rules) | Database subnets inbound network ACL rules | `list(map(string))` |[| no | -| [database\_outbound\_acl\_rules](#input\_database\_outbound\_acl\_rules) | Database subnets outbound network ACL rules | `list(map(string))` |
{
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_action": "allow",
"rule_number": 100,
"to_port": 0
}
]
[| no | -| [database\_route\_table\_tags](#input\_database\_route\_table\_tags) | Additional tags for the database route tables | `map(string)` | `{}` | no | -| [database\_subnet\_assign\_ipv6\_address\_on\_creation](#input\_database\_subnet\_assign\_ipv6\_address\_on\_creation) | Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is `false` | `bool` | `false` | no | -| [database\_subnet\_enable\_dns64](#input\_database\_subnet\_enable\_dns64) | Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true` | `bool` | `true` | no | -| [database\_subnet\_enable\_resource\_name\_dns\_a\_record\_on\_launch](#input\_database\_subnet\_enable\_resource\_name\_dns\_a\_record\_on\_launch) | Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false` | `bool` | `false` | no | -| [database\_subnet\_enable\_resource\_name\_dns\_aaaa\_record\_on\_launch](#input\_database\_subnet\_enable\_resource\_name\_dns\_aaaa\_record\_on\_launch) | Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true` | `bool` | `true` | no | -| [database\_subnet\_group\_name](#input\_database\_subnet\_group\_name) | Name of database subnet group | `string` | `null` | no | -| [database\_subnet\_group\_tags](#input\_database\_subnet\_group\_tags) | Additional tags for the database subnet group | `map(string)` | `{}` | no | -| [database\_subnet\_ipv6\_native](#input\_database\_subnet\_ipv6\_native) | Indicates whether to create an IPv6-only subnet. Default: `false` | `bool` | `false` | no | -| [database\_subnet\_ipv6\_prefixes](#input\_database\_subnet\_ipv6\_prefixes) | Assigns IPv6 database subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list | `list(string)` | `[]` | no | -| [database\_subnet\_names](#input\_database\_subnet\_names) | Explicit values to use in the Name tag on database subnets. If empty, Name tags are generated | `list(string)` | `[]` | no | -| [database\_subnet\_private\_dns\_hostname\_type\_on\_launch](#input\_database\_subnet\_private\_dns\_hostname\_type\_on\_launch) | The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name` | `string` | `null` | no | -| [database\_subnet\_suffix](#input\_database\_subnet\_suffix) | Suffix to append to database subnets name | `string` | `"db"` | no | -| [database\_subnet\_tags](#input\_database\_subnet\_tags) | Additional tags for the database subnets | `map(string)` | `{}` | no | -| [database\_subnets](#input\_database\_subnets) | A list of database subnets inside the VPC | `list(string)` | `[]` | no | -| [default\_network\_acl\_egress](#input\_default\_network\_acl\_egress) | List of maps of egress rules to set on the Default Network ACL | `list(map(string))` |
{
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_action": "allow",
"rule_number": 100,
"to_port": 0
}
]
[| no | -| [default\_network\_acl\_ingress](#input\_default\_network\_acl\_ingress) | List of maps of ingress rules to set on the Default Network ACL | `list(map(string))` |
{
"action": "allow",
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_no": 100,
"to_port": 0
},
{
"action": "allow",
"from_port": 0,
"ipv6_cidr_block": "::/0",
"protocol": "-1",
"rule_no": 101,
"to_port": 0
}
]
[| no | -| [default\_network\_acl\_name](#input\_default\_network\_acl\_name) | Name to be used on the Default Network ACL | `string` | `null` | no | -| [default\_network\_acl\_tags](#input\_default\_network\_acl\_tags) | Additional tags for the Default Network ACL | `map(string)` | `{}` | no | -| [default\_route\_table\_name](#input\_default\_route\_table\_name) | Name to be used on the default route table | `string` | `null` | no | -| [default\_route\_table\_propagating\_vgws](#input\_default\_route\_table\_propagating\_vgws) | List of virtual gateways for propagation | `list(string)` | `[]` | no | -| [default\_route\_table\_routes](#input\_default\_route\_table\_routes) | Configuration block of routes. See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_route_table#route | `list(map(string))` | `[]` | no | -| [default\_route\_table\_tags](#input\_default\_route\_table\_tags) | Additional tags for the default route table | `map(string)` | `{}` | no | -| [default\_security\_group\_egress](#input\_default\_security\_group\_egress) | List of maps of egress rules to set on the default security group | `list(map(string))` | `[]` | no | -| [default\_security\_group\_ingress](#input\_default\_security\_group\_ingress) | List of maps of ingress rules to set on the default security group | `list(map(string))` | `[]` | no | -| [default\_security\_group\_name](#input\_default\_security\_group\_name) | Name to be used on the default security group | `string` | `null` | no | -| [default\_security\_group\_tags](#input\_default\_security\_group\_tags) | Additional tags for the default security group | `map(string)` | `{}` | no | -| [default\_vpc\_enable\_dns\_hostnames](#input\_default\_vpc\_enable\_dns\_hostnames) | Should be true to enable DNS hostnames in the Default VPC | `bool` | `true` | no | -| [default\_vpc\_enable\_dns\_support](#input\_default\_vpc\_enable\_dns\_support) | Should be true to enable DNS support in the Default VPC | `bool` | `true` | no | -| [default\_vpc\_name](#input\_default\_vpc\_name) | Name to be used on the Default VPC | `string` | `null` | no | -| [default\_vpc\_tags](#input\_default\_vpc\_tags) | Additional tags for the Default VPC | `map(string)` | `{}` | no | -| [dhcp\_options\_domain\_name](#input\_dhcp\_options\_domain\_name) | Specifies DNS name for DHCP options set (requires enable\_dhcp\_options set to true) | `string` | `""` | no | -| [dhcp\_options\_domain\_name\_servers](#input\_dhcp\_options\_domain\_name\_servers) | Specify a list of DNS server addresses for DHCP options set, default to AWS provided (requires enable\_dhcp\_options set to true) | `list(string)` |
{
"action": "allow",
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_no": 100,
"to_port": 0
},
{
"action": "allow",
"from_port": 0,
"ipv6_cidr_block": "::/0",
"protocol": "-1",
"rule_no": 101,
"to_port": 0
}
]
[| no | -| [dhcp\_options\_netbios\_name\_servers](#input\_dhcp\_options\_netbios\_name\_servers) | Specify a list of netbios servers for DHCP options set (requires enable\_dhcp\_options set to true) | `list(string)` | `[]` | no | -| [dhcp\_options\_netbios\_node\_type](#input\_dhcp\_options\_netbios\_node\_type) | Specify netbios node\_type for DHCP options set (requires enable\_dhcp\_options set to true) | `string` | `""` | no | -| [dhcp\_options\_ntp\_servers](#input\_dhcp\_options\_ntp\_servers) | Specify a list of NTP servers for DHCP options set (requires enable\_dhcp\_options set to true) | `list(string)` | `[]` | no | -| [dhcp\_options\_tags](#input\_dhcp\_options\_tags) | Additional tags for the DHCP option set (requires enable\_dhcp\_options set to true) | `map(string)` | `{}` | no | -| [elasticache\_acl\_tags](#input\_elasticache\_acl\_tags) | Additional tags for the elasticache subnets network ACL | `map(string)` | `{}` | no | -| [elasticache\_dedicated\_network\_acl](#input\_elasticache\_dedicated\_network\_acl) | Whether to use dedicated network ACL (not default) and custom rules for elasticache subnets | `bool` | `false` | no | -| [elasticache\_inbound\_acl\_rules](#input\_elasticache\_inbound\_acl\_rules) | Elasticache subnets inbound network ACL rules | `list(map(string))` |
"AmazonProvidedDNS"
]
[| no | -| [elasticache\_outbound\_acl\_rules](#input\_elasticache\_outbound\_acl\_rules) | Elasticache subnets outbound network ACL rules | `list(map(string))` |
{
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_action": "allow",
"rule_number": 100,
"to_port": 0
}
]
[| no | -| [elasticache\_route\_table\_tags](#input\_elasticache\_route\_table\_tags) | Additional tags for the elasticache route tables | `map(string)` | `{}` | no | -| [elasticache\_subnet\_assign\_ipv6\_address\_on\_creation](#input\_elasticache\_subnet\_assign\_ipv6\_address\_on\_creation) | Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is `false` | `bool` | `false` | no | -| [elasticache\_subnet\_enable\_dns64](#input\_elasticache\_subnet\_enable\_dns64) | Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true` | `bool` | `true` | no | -| [elasticache\_subnet\_enable\_resource\_name\_dns\_a\_record\_on\_launch](#input\_elasticache\_subnet\_enable\_resource\_name\_dns\_a\_record\_on\_launch) | Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false` | `bool` | `false` | no | -| [elasticache\_subnet\_enable\_resource\_name\_dns\_aaaa\_record\_on\_launch](#input\_elasticache\_subnet\_enable\_resource\_name\_dns\_aaaa\_record\_on\_launch) | Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true` | `bool` | `true` | no | -| [elasticache\_subnet\_group\_name](#input\_elasticache\_subnet\_group\_name) | Name of elasticache subnet group | `string` | `null` | no | -| [elasticache\_subnet\_group\_tags](#input\_elasticache\_subnet\_group\_tags) | Additional tags for the elasticache subnet group | `map(string)` | `{}` | no | -| [elasticache\_subnet\_ipv6\_native](#input\_elasticache\_subnet\_ipv6\_native) | Indicates whether to create an IPv6-only subnet. Default: `false` | `bool` | `false` | no | -| [elasticache\_subnet\_ipv6\_prefixes](#input\_elasticache\_subnet\_ipv6\_prefixes) | Assigns IPv6 elasticache subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list | `list(string)` | `[]` | no | -| [elasticache\_subnet\_names](#input\_elasticache\_subnet\_names) | Explicit values to use in the Name tag on elasticache subnets. If empty, Name tags are generated | `list(string)` | `[]` | no | -| [elasticache\_subnet\_private\_dns\_hostname\_type\_on\_launch](#input\_elasticache\_subnet\_private\_dns\_hostname\_type\_on\_launch) | The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name` | `string` | `null` | no | -| [elasticache\_subnet\_suffix](#input\_elasticache\_subnet\_suffix) | Suffix to append to elasticache subnets name | `string` | `"elasticache"` | no | -| [elasticache\_subnet\_tags](#input\_elasticache\_subnet\_tags) | Additional tags for the elasticache subnets | `map(string)` | `{}` | no | -| [elasticache\_subnets](#input\_elasticache\_subnets) | A list of elasticache subnets inside the VPC | `list(string)` | `[]` | no | -| [enable\_dhcp\_options](#input\_enable\_dhcp\_options) | Should be true if you want to specify a DHCP options set with a custom domain name, DNS servers, NTP servers, netbios servers, and/or netbios server type | `bool` | `false` | no | -| [enable\_dns\_hostnames](#input\_enable\_dns\_hostnames) | Should be true to enable DNS hostnames in the VPC | `bool` | `true` | no | -| [enable\_dns\_support](#input\_enable\_dns\_support) | Should be true to enable DNS support in the VPC | `bool` | `true` | no | -| [enable\_flow\_log](#input\_enable\_flow\_log) | Whether or not to enable VPC Flow Logs | `bool` | `false` | no | -| [enable\_ipv6](#input\_enable\_ipv6) | Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block | `bool` | `false` | no | -| [enable\_nat\_gateway](#input\_enable\_nat\_gateway) | Should be true if you want to provision NAT Gateways for each of your private networks | `bool` | `false` | no | -| [enable\_network\_address\_usage\_metrics](#input\_enable\_network\_address\_usage\_metrics) | Determines whether network address usage metrics are enabled for the VPC | `bool` | `null` | no | -| [enable\_public\_redshift](#input\_enable\_public\_redshift) | Controls if redshift should have public routing table | `bool` | `false` | no | -| [enable\_vpn\_gateway](#input\_enable\_vpn\_gateway) | Should be true if you want to create a new VPN Gateway resource and attach it to the VPC | `bool` | `false` | no | -| [external\_nat\_ip\_ids](#input\_external\_nat\_ip\_ids) | List of EIP IDs to be assigned to the NAT Gateways (used in combination with reuse\_nat\_ips) | `list(string)` | `[]` | no | -| [external\_nat\_ips](#input\_external\_nat\_ips) | List of EIPs to be used for `nat_public_ips` output (used in combination with reuse\_nat\_ips and external\_nat\_ip\_ids) | `list(string)` | `[]` | no | -| [flow\_log\_cloudwatch\_iam\_role\_arn](#input\_flow\_log\_cloudwatch\_iam\_role\_arn) | The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group. When flow\_log\_destination\_arn is set to ARN of Cloudwatch Logs, this argument needs to be provided | `string` | `""` | no | -| [flow\_log\_cloudwatch\_log\_group\_kms\_key\_id](#input\_flow\_log\_cloudwatch\_log\_group\_kms\_key\_id) | The ARN of the KMS Key to use when encrypting log data for VPC flow logs | `string` | `null` | no | -| [flow\_log\_cloudwatch\_log\_group\_name\_prefix](#input\_flow\_log\_cloudwatch\_log\_group\_name\_prefix) | Specifies the name prefix of CloudWatch Log Group for VPC flow logs | `string` | `"/aws/vpc-flow-log/"` | no | -| [flow\_log\_cloudwatch\_log\_group\_name\_suffix](#input\_flow\_log\_cloudwatch\_log\_group\_name\_suffix) | Specifies the name suffix of CloudWatch Log Group for VPC flow logs | `string` | `""` | no | -| [flow\_log\_cloudwatch\_log\_group\_retention\_in\_days](#input\_flow\_log\_cloudwatch\_log\_group\_retention\_in\_days) | Specifies the number of days you want to retain log events in the specified log group for VPC flow logs | `number` | `null` | no | -| [flow\_log\_cloudwatch\_log\_group\_skip\_destroy](#input\_flow\_log\_cloudwatch\_log\_group\_skip\_destroy) | Set to true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time, and instead just remove the log group from the Terraform state | `bool` | `false` | no | -| [flow\_log\_destination\_arn](#input\_flow\_log\_destination\_arn) | The ARN of the CloudWatch log group or S3 bucket where VPC Flow Logs will be pushed. If this ARN is a S3 bucket the appropriate permissions need to be set on that bucket's policy. When create\_flow\_log\_cloudwatch\_log\_group is set to false this argument must be provided | `string` | `""` | no | -| [flow\_log\_destination\_type](#input\_flow\_log\_destination\_type) | Type of flow log destination. Can be s3 or cloud-watch-logs | `string` | `"cloud-watch-logs"` | no | -| [flow\_log\_file\_format](#input\_flow\_log\_file\_format) | (Optional) The format for the flow log. Valid values: `plain-text`, `parquet` | `string` | `null` | no | -| [flow\_log\_hive\_compatible\_partitions](#input\_flow\_log\_hive\_compatible\_partitions) | (Optional) Indicates whether to use Hive-compatible prefixes for flow logs stored in Amazon S3 | `bool` | `false` | no | -| [flow\_log\_log\_format](#input\_flow\_log\_log\_format) | The fields to include in the flow log record, in the order in which they should appear | `string` | `null` | no | -| [flow\_log\_max\_aggregation\_interval](#input\_flow\_log\_max\_aggregation\_interval) | The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: `60` seconds or `600` seconds | `number` | `600` | no | -| [flow\_log\_per\_hour\_partition](#input\_flow\_log\_per\_hour\_partition) | (Optional) Indicates whether to partition the flow log per hour. This reduces the cost and response time for queries | `bool` | `false` | no | -| [flow\_log\_traffic\_type](#input\_flow\_log\_traffic\_type) | The type of traffic to capture. Valid values: ACCEPT, REJECT, ALL | `string` | `"ALL"` | no | -| [igw\_tags](#input\_igw\_tags) | Additional tags for the internet gateway | `map(string)` | `{}` | no | -| [instance\_tenancy](#input\_instance\_tenancy) | A tenancy option for instances launched into the VPC | `string` | `"default"` | no | -| [intra\_acl\_tags](#input\_intra\_acl\_tags) | Additional tags for the intra subnets network ACL | `map(string)` | `{}` | no | -| [intra\_dedicated\_network\_acl](#input\_intra\_dedicated\_network\_acl) | Whether to use dedicated network ACL (not default) and custom rules for intra subnets | `bool` | `false` | no | -| [intra\_inbound\_acl\_rules](#input\_intra\_inbound\_acl\_rules) | Intra subnets inbound network ACLs | `list(map(string))` |
{
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_action": "allow",
"rule_number": 100,
"to_port": 0
}
]
[| no | -| [intra\_outbound\_acl\_rules](#input\_intra\_outbound\_acl\_rules) | Intra subnets outbound network ACLs | `list(map(string))` |
{
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_action": "allow",
"rule_number": 100,
"to_port": 0
}
]
[| no | -| [intra\_route\_table\_tags](#input\_intra\_route\_table\_tags) | Additional tags for the intra route tables | `map(string)` | `{}` | no | -| [intra\_subnet\_assign\_ipv6\_address\_on\_creation](#input\_intra\_subnet\_assign\_ipv6\_address\_on\_creation) | Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is `false` | `bool` | `false` | no | -| [intra\_subnet\_enable\_dns64](#input\_intra\_subnet\_enable\_dns64) | Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true` | `bool` | `true` | no | -| [intra\_subnet\_enable\_resource\_name\_dns\_a\_record\_on\_launch](#input\_intra\_subnet\_enable\_resource\_name\_dns\_a\_record\_on\_launch) | Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false` | `bool` | `false` | no | -| [intra\_subnet\_enable\_resource\_name\_dns\_aaaa\_record\_on\_launch](#input\_intra\_subnet\_enable\_resource\_name\_dns\_aaaa\_record\_on\_launch) | Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true` | `bool` | `true` | no | -| [intra\_subnet\_ipv6\_native](#input\_intra\_subnet\_ipv6\_native) | Indicates whether to create an IPv6-only subnet. Default: `false` | `bool` | `false` | no | -| [intra\_subnet\_ipv6\_prefixes](#input\_intra\_subnet\_ipv6\_prefixes) | Assigns IPv6 intra subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list | `list(string)` | `[]` | no | -| [intra\_subnet\_names](#input\_intra\_subnet\_names) | Explicit values to use in the Name tag on intra subnets. If empty, Name tags are generated | `list(string)` | `[]` | no | -| [intra\_subnet\_private\_dns\_hostname\_type\_on\_launch](#input\_intra\_subnet\_private\_dns\_hostname\_type\_on\_launch) | The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name` | `string` | `null` | no | -| [intra\_subnet\_suffix](#input\_intra\_subnet\_suffix) | Suffix to append to intra subnets name | `string` | `"intra"` | no | -| [intra\_subnet\_tags](#input\_intra\_subnet\_tags) | Additional tags for the intra subnets | `map(string)` | `{}` | no | -| [intra\_subnets](#input\_intra\_subnets) | A list of intra subnets inside the VPC | `list(string)` | `[]` | no | -| [ipv4\_ipam\_pool\_id](#input\_ipv4\_ipam\_pool\_id) | (Optional) The ID of an IPv4 IPAM pool you want to use for allocating this VPC's CIDR | `string` | `null` | no | -| [ipv4\_netmask\_length](#input\_ipv4\_netmask\_length) | (Optional) The netmask length of the IPv4 CIDR you want to allocate to this VPC. Requires specifying a ipv4\_ipam\_pool\_id | `number` | `null` | no | -| [ipv6\_cidr](#input\_ipv6\_cidr) | (Optional) IPv6 CIDR block to request from an IPAM Pool. Can be set explicitly or derived from IPAM using `ipv6_netmask_length` | `string` | `null` | no | -| [ipv6\_cidr\_block\_network\_border\_group](#input\_ipv6\_cidr\_block\_network\_border\_group) | By default when an IPv6 CIDR is assigned to a VPC a default ipv6\_cidr\_block\_network\_border\_group will be set to the region of the VPC. This can be changed to restrict advertisement of public addresses to specific Network Border Groups such as LocalZones | `string` | `null` | no | -| [ipv6\_ipam\_pool\_id](#input\_ipv6\_ipam\_pool\_id) | (Optional) IPAM Pool ID for a IPv6 pool. Conflicts with `assign_generated_ipv6_cidr_block` | `string` | `null` | no | -| [ipv6\_netmask\_length](#input\_ipv6\_netmask\_length) | (Optional) Netmask length to request from IPAM Pool. Conflicts with `ipv6_cidr_block`. This can be omitted if IPAM pool as a `allocation_default_netmask_length` set. Valid values: `56` | `number` | `null` | no | -| [manage\_default\_network\_acl](#input\_manage\_default\_network\_acl) | Should be true to adopt and manage Default Network ACL | `bool` | `true` | no | -| [manage\_default\_route\_table](#input\_manage\_default\_route\_table) | Should be true to manage default route table | `bool` | `true` | no | -| [manage\_default\_security\_group](#input\_manage\_default\_security\_group) | Should be true to adopt and manage default security group | `bool` | `true` | no | -| [manage\_default\_vpc](#input\_manage\_default\_vpc) | Should be true to adopt and manage Default VPC | `bool` | `false` | no | -| [map\_customer\_owned\_ip\_on\_launch](#input\_map\_customer\_owned\_ip\_on\_launch) | Specify true to indicate that network interfaces created in the subnet should be assigned a customer owned IP address. The `customer_owned_ipv4_pool` and `outpost_arn` arguments must be specified when set to `true`. Default is `false` | `bool` | `false` | no | -| [map\_public\_ip\_on\_launch](#input\_map\_public\_ip\_on\_launch) | Specify true to indicate that instances launched into the subnet should be assigned a public IP address. Default is `false` | `bool` | `false` | no | -| [name](#input\_name) | Name to be used on all the resources as identifier | `string` | `""` | no | -| [nat\_eip\_tags](#input\_nat\_eip\_tags) | Additional tags for the NAT EIP | `map(string)` | `{}` | no | -| [nat\_gateway\_destination\_cidr\_block](#input\_nat\_gateway\_destination\_cidr\_block) | Used to pass a custom destination route for private NAT Gateway. If not specified, the default 0.0.0.0/0 is used as a destination route | `string` | `"0.0.0.0/0"` | no | -| [nat\_gateway\_tags](#input\_nat\_gateway\_tags) | Additional tags for the NAT gateways | `map(string)` | `{}` | no | -| [one\_nat\_gateway\_per\_az](#input\_one\_nat\_gateway\_per\_az) | Should be true if you want only one NAT Gateway per availability zone. Requires `var.azs` to be set, and the number of `public_subnets` created to be greater than or equal to the number of availability zones specified in `var.azs` | `bool` | `false` | no | -| [outpost\_acl\_tags](#input\_outpost\_acl\_tags) | Additional tags for the outpost subnets network ACL | `map(string)` | `{}` | no | -| [outpost\_arn](#input\_outpost\_arn) | ARN of Outpost you want to create a subnet in | `string` | `null` | no | -| [outpost\_az](#input\_outpost\_az) | AZ where Outpost is anchored | `string` | `null` | no | -| [outpost\_dedicated\_network\_acl](#input\_outpost\_dedicated\_network\_acl) | Whether to use dedicated network ACL (not default) and custom rules for outpost subnets | `bool` | `false` | no | -| [outpost\_inbound\_acl\_rules](#input\_outpost\_inbound\_acl\_rules) | Outpost subnets inbound network ACLs | `list(map(string))` |
{
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_action": "allow",
"rule_number": 100,
"to_port": 0
}
]
[| no | -| [outpost\_outbound\_acl\_rules](#input\_outpost\_outbound\_acl\_rules) | Outpost subnets outbound network ACLs | `list(map(string))` |
{
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_action": "allow",
"rule_number": 100,
"to_port": 0
}
]
[| no | -| [outpost\_subnet\_assign\_ipv6\_address\_on\_creation](#input\_outpost\_subnet\_assign\_ipv6\_address\_on\_creation) | Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is `false` | `bool` | `false` | no | -| [outpost\_subnet\_enable\_dns64](#input\_outpost\_subnet\_enable\_dns64) | Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true` | `bool` | `true` | no | -| [outpost\_subnet\_enable\_resource\_name\_dns\_a\_record\_on\_launch](#input\_outpost\_subnet\_enable\_resource\_name\_dns\_a\_record\_on\_launch) | Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false` | `bool` | `false` | no | -| [outpost\_subnet\_enable\_resource\_name\_dns\_aaaa\_record\_on\_launch](#input\_outpost\_subnet\_enable\_resource\_name\_dns\_aaaa\_record\_on\_launch) | Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true` | `bool` | `true` | no | -| [outpost\_subnet\_ipv6\_native](#input\_outpost\_subnet\_ipv6\_native) | Indicates whether to create an IPv6-only subnet. Default: `false` | `bool` | `false` | no | -| [outpost\_subnet\_ipv6\_prefixes](#input\_outpost\_subnet\_ipv6\_prefixes) | Assigns IPv6 outpost subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list | `list(string)` | `[]` | no | -| [outpost\_subnet\_names](#input\_outpost\_subnet\_names) | Explicit values to use in the Name tag on outpost subnets. If empty, Name tags are generated | `list(string)` | `[]` | no | -| [outpost\_subnet\_private\_dns\_hostname\_type\_on\_launch](#input\_outpost\_subnet\_private\_dns\_hostname\_type\_on\_launch) | The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name` | `string` | `null` | no | -| [outpost\_subnet\_suffix](#input\_outpost\_subnet\_suffix) | Suffix to append to outpost subnets name | `string` | `"outpost"` | no | -| [outpost\_subnet\_tags](#input\_outpost\_subnet\_tags) | Additional tags for the outpost subnets | `map(string)` | `{}` | no | -| [outpost\_subnets](#input\_outpost\_subnets) | A list of outpost subnets inside the VPC | `list(string)` | `[]` | no | -| [private\_acl\_tags](#input\_private\_acl\_tags) | Additional tags for the private subnets network ACL | `map(string)` | `{}` | no | -| [private\_dedicated\_network\_acl](#input\_private\_dedicated\_network\_acl) | Whether to use dedicated network ACL (not default) and custom rules for private subnets | `bool` | `false` | no | -| [private\_inbound\_acl\_rules](#input\_private\_inbound\_acl\_rules) | Private subnets inbound network ACLs | `list(map(string))` |
{
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_action": "allow",
"rule_number": 100,
"to_port": 0
}
]
[| no | -| [private\_outbound\_acl\_rules](#input\_private\_outbound\_acl\_rules) | Private subnets outbound network ACLs | `list(map(string))` |
{
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_action": "allow",
"rule_number": 100,
"to_port": 0
}
]
[| no | -| [private\_route\_table\_tags](#input\_private\_route\_table\_tags) | Additional tags for the private route tables | `map(string)` | `{}` | no | -| [private\_subnet\_assign\_ipv6\_address\_on\_creation](#input\_private\_subnet\_assign\_ipv6\_address\_on\_creation) | Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is `false` | `bool` | `false` | no | -| [private\_subnet\_enable\_dns64](#input\_private\_subnet\_enable\_dns64) | Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true` | `bool` | `true` | no | -| [private\_subnet\_enable\_resource\_name\_dns\_a\_record\_on\_launch](#input\_private\_subnet\_enable\_resource\_name\_dns\_a\_record\_on\_launch) | Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false` | `bool` | `false` | no | -| [private\_subnet\_enable\_resource\_name\_dns\_aaaa\_record\_on\_launch](#input\_private\_subnet\_enable\_resource\_name\_dns\_aaaa\_record\_on\_launch) | Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true` | `bool` | `true` | no | -| [private\_subnet\_ipv6\_native](#input\_private\_subnet\_ipv6\_native) | Indicates whether to create an IPv6-only subnet. Default: `false` | `bool` | `false` | no | -| [private\_subnet\_ipv6\_prefixes](#input\_private\_subnet\_ipv6\_prefixes) | Assigns IPv6 private subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list | `list(string)` | `[]` | no | -| [private\_subnet\_names](#input\_private\_subnet\_names) | Explicit values to use in the Name tag on private subnets. If empty, Name tags are generated | `list(string)` | `[]` | no | -| [private\_subnet\_private\_dns\_hostname\_type\_on\_launch](#input\_private\_subnet\_private\_dns\_hostname\_type\_on\_launch) | The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name` | `string` | `null` | no | -| [private\_subnet\_suffix](#input\_private\_subnet\_suffix) | Suffix to append to private subnets name | `string` | `"private"` | no | -| [private\_subnet\_tags](#input\_private\_subnet\_tags) | Additional tags for the private subnets | `map(string)` | `{}` | no | -| [private\_subnet\_tags\_per\_az](#input\_private\_subnet\_tags\_per\_az) | Additional tags for the private subnets where the primary key is the AZ | `map(map(string))` | `{}` | no | -| [private\_subnets](#input\_private\_subnets) | A list of private subnets inside the VPC | `list(string)` | `[]` | no | -| [propagate\_intra\_route\_tables\_vgw](#input\_propagate\_intra\_route\_tables\_vgw) | Should be true if you want route table propagation | `bool` | `false` | no | -| [propagate\_private\_route\_tables\_vgw](#input\_propagate\_private\_route\_tables\_vgw) | Should be true if you want route table propagation | `bool` | `false` | no | -| [propagate\_public\_route\_tables\_vgw](#input\_propagate\_public\_route\_tables\_vgw) | Should be true if you want route table propagation | `bool` | `false` | no | -| [public\_acl\_tags](#input\_public\_acl\_tags) | Additional tags for the public subnets network ACL | `map(string)` | `{}` | no | -| [public\_dedicated\_network\_acl](#input\_public\_dedicated\_network\_acl) | Whether to use dedicated network ACL (not default) and custom rules for public subnets | `bool` | `false` | no | -| [public\_inbound\_acl\_rules](#input\_public\_inbound\_acl\_rules) | Public subnets inbound network ACLs | `list(map(string))` |
{
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_action": "allow",
"rule_number": 100,
"to_port": 0
}
]
[| no | -| [public\_outbound\_acl\_rules](#input\_public\_outbound\_acl\_rules) | Public subnets outbound network ACLs | `list(map(string))` |
{
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_action": "allow",
"rule_number": 100,
"to_port": 0
}
]
[| no | -| [public\_route\_table\_tags](#input\_public\_route\_table\_tags) | Additional tags for the public route tables | `map(string)` | `{}` | no | -| [public\_subnet\_assign\_ipv6\_address\_on\_creation](#input\_public\_subnet\_assign\_ipv6\_address\_on\_creation) | Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is `false` | `bool` | `false` | no | -| [public\_subnet\_enable\_dns64](#input\_public\_subnet\_enable\_dns64) | Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true` | `bool` | `true` | no | -| [public\_subnet\_enable\_resource\_name\_dns\_a\_record\_on\_launch](#input\_public\_subnet\_enable\_resource\_name\_dns\_a\_record\_on\_launch) | Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false` | `bool` | `false` | no | -| [public\_subnet\_enable\_resource\_name\_dns\_aaaa\_record\_on\_launch](#input\_public\_subnet\_enable\_resource\_name\_dns\_aaaa\_record\_on\_launch) | Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true` | `bool` | `true` | no | -| [public\_subnet\_ipv6\_native](#input\_public\_subnet\_ipv6\_native) | Indicates whether to create an IPv6-only subnet. Default: `false` | `bool` | `false` | no | -| [public\_subnet\_ipv6\_prefixes](#input\_public\_subnet\_ipv6\_prefixes) | Assigns IPv6 public subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list | `list(string)` | `[]` | no | -| [public\_subnet\_names](#input\_public\_subnet\_names) | Explicit values to use in the Name tag on public subnets. If empty, Name tags are generated | `list(string)` | `[]` | no | -| [public\_subnet\_private\_dns\_hostname\_type\_on\_launch](#input\_public\_subnet\_private\_dns\_hostname\_type\_on\_launch) | The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name` | `string` | `null` | no | -| [public\_subnet\_suffix](#input\_public\_subnet\_suffix) | Suffix to append to public subnets name | `string` | `"public"` | no | -| [public\_subnet\_tags](#input\_public\_subnet\_tags) | Additional tags for the public subnets | `map(string)` | `{}` | no | -| [public\_subnet\_tags\_per\_az](#input\_public\_subnet\_tags\_per\_az) | Additional tags for the public subnets where the primary key is the AZ | `map(map(string))` | `{}` | no | -| [public\_subnets](#input\_public\_subnets) | A list of public subnets inside the VPC | `list(string)` | `[]` | no | -| [putin\_khuylo](#input\_putin\_khuylo) | Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo! | `bool` | `true` | no | -| [redshift\_acl\_tags](#input\_redshift\_acl\_tags) | Additional tags for the redshift subnets network ACL | `map(string)` | `{}` | no | -| [redshift\_dedicated\_network\_acl](#input\_redshift\_dedicated\_network\_acl) | Whether to use dedicated network ACL (not default) and custom rules for redshift subnets | `bool` | `false` | no | -| [redshift\_inbound\_acl\_rules](#input\_redshift\_inbound\_acl\_rules) | Redshift subnets inbound network ACL rules | `list(map(string))` |
{
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_action": "allow",
"rule_number": 100,
"to_port": 0
}
]
[| no | -| [redshift\_outbound\_acl\_rules](#input\_redshift\_outbound\_acl\_rules) | Redshift subnets outbound network ACL rules | `list(map(string))` |
{
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_action": "allow",
"rule_number": 100,
"to_port": 0
}
]
[| no | -| [redshift\_route\_table\_tags](#input\_redshift\_route\_table\_tags) | Additional tags for the redshift route tables | `map(string)` | `{}` | no | -| [redshift\_subnet\_assign\_ipv6\_address\_on\_creation](#input\_redshift\_subnet\_assign\_ipv6\_address\_on\_creation) | Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is `false` | `bool` | `false` | no | -| [redshift\_subnet\_enable\_dns64](#input\_redshift\_subnet\_enable\_dns64) | Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true` | `bool` | `true` | no | -| [redshift\_subnet\_enable\_resource\_name\_dns\_a\_record\_on\_launch](#input\_redshift\_subnet\_enable\_resource\_name\_dns\_a\_record\_on\_launch) | Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false` | `bool` | `false` | no | -| [redshift\_subnet\_enable\_resource\_name\_dns\_aaaa\_record\_on\_launch](#input\_redshift\_subnet\_enable\_resource\_name\_dns\_aaaa\_record\_on\_launch) | Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true` | `bool` | `true` | no | -| [redshift\_subnet\_group\_name](#input\_redshift\_subnet\_group\_name) | Name of redshift subnet group | `string` | `null` | no | -| [redshift\_subnet\_group\_tags](#input\_redshift\_subnet\_group\_tags) | Additional tags for the redshift subnet group | `map(string)` | `{}` | no | -| [redshift\_subnet\_ipv6\_native](#input\_redshift\_subnet\_ipv6\_native) | Indicates whether to create an IPv6-only subnet. Default: `false` | `bool` | `false` | no | -| [redshift\_subnet\_ipv6\_prefixes](#input\_redshift\_subnet\_ipv6\_prefixes) | Assigns IPv6 redshift subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list | `list(string)` | `[]` | no | -| [redshift\_subnet\_names](#input\_redshift\_subnet\_names) | Explicit values to use in the Name tag on redshift subnets. If empty, Name tags are generated | `list(string)` | `[]` | no | -| [redshift\_subnet\_private\_dns\_hostname\_type\_on\_launch](#input\_redshift\_subnet\_private\_dns\_hostname\_type\_on\_launch) | The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name` | `string` | `null` | no | -| [redshift\_subnet\_suffix](#input\_redshift\_subnet\_suffix) | Suffix to append to redshift subnets name | `string` | `"redshift"` | no | -| [redshift\_subnet\_tags](#input\_redshift\_subnet\_tags) | Additional tags for the redshift subnets | `map(string)` | `{}` | no | -| [redshift\_subnets](#input\_redshift\_subnets) | A list of redshift subnets inside the VPC | `list(string)` | `[]` | no | -| [reuse\_nat\_ips](#input\_reuse\_nat\_ips) | Should be true if you don't want EIPs to be created for your NAT Gateways and will instead pass them in via the 'external\_nat\_ip\_ids' variable | `bool` | `false` | no | -| [secondary\_cidr\_blocks](#input\_secondary\_cidr\_blocks) | List of secondary CIDR blocks to associate with the VPC to extend the IP Address pool | `list(string)` | `[]` | no | -| [single\_nat\_gateway](#input\_single\_nat\_gateway) | Should be true if you want to provision a single shared NAT Gateway across all of your private networks | `bool` | `false` | no | -| [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no | -| [use\_ipam\_pool](#input\_use\_ipam\_pool) | Determines whether IPAM pool is used for CIDR allocation | `bool` | `false` | no | -| [vpc\_flow\_log\_permissions\_boundary](#input\_vpc\_flow\_log\_permissions\_boundary) | The ARN of the Permissions Boundary for the VPC Flow Log IAM Role | `string` | `null` | no | -| [vpc\_flow\_log\_tags](#input\_vpc\_flow\_log\_tags) | Additional tags for the VPC Flow Logs | `map(string)` | `{}` | no | -| [vpc\_tags](#input\_vpc\_tags) | Additional tags for the VPC | `map(string)` | `{}` | no | -| [vpn\_gateway\_az](#input\_vpn\_gateway\_az) | The Availability Zone for the VPN Gateway | `string` | `null` | no | -| [vpn\_gateway\_id](#input\_vpn\_gateway\_id) | ID of VPN Gateway to attach to the VPC | `string` | `""` | no | -| [vpn\_gateway\_tags](#input\_vpn\_gateway\_tags) | Additional tags for the VPN gateway | `map(string)` | `{}` | no | - -## Outputs - -| Name | Description | -|------|-------------| -| [azs](#output\_azs) | A list of availability zones specified as argument to this module | -| [cgw\_arns](#output\_cgw\_arns) | List of ARNs of Customer Gateway | -| [cgw\_ids](#output\_cgw\_ids) | List of IDs of Customer Gateway | -| [database\_internet\_gateway\_route\_id](#output\_database\_internet\_gateway\_route\_id) | ID of the database internet gateway route | -| [database\_ipv6\_egress\_route\_id](#output\_database\_ipv6\_egress\_route\_id) | ID of the database IPv6 egress route | -| [database\_nat\_gateway\_route\_ids](#output\_database\_nat\_gateway\_route\_ids) | List of IDs of the database nat gateway route | -| [database\_network\_acl\_arn](#output\_database\_network\_acl\_arn) | ARN of the database network ACL | -| [database\_network\_acl\_id](#output\_database\_network\_acl\_id) | ID of the database network ACL | -| [database\_route\_table\_association\_ids](#output\_database\_route\_table\_association\_ids) | List of IDs of the database route table association | -| [database\_route\_table\_ids](#output\_database\_route\_table\_ids) | List of IDs of database route tables | -| [database\_subnet\_arns](#output\_database\_subnet\_arns) | List of ARNs of database subnets | -| [database\_subnet\_group](#output\_database\_subnet\_group) | ID of database subnet group | -| [database\_subnet\_group\_name](#output\_database\_subnet\_group\_name) | Name of database subnet group | -| [database\_subnets](#output\_database\_subnets) | List of IDs of database subnets | -| [database\_subnets\_cidr\_blocks](#output\_database\_subnets\_cidr\_blocks) | List of cidr\_blocks of database subnets | -| [database\_subnets\_ipv6\_cidr\_blocks](#output\_database\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of database subnets in an IPv6 enabled VPC | -| [default\_network\_acl\_id](#output\_default\_network\_acl\_id) | The ID of the default network ACL | -| [default\_route\_table\_id](#output\_default\_route\_table\_id) | The ID of the default route table | -| [default\_security\_group\_id](#output\_default\_security\_group\_id) | The ID of the security group created by default on VPC creation | -| [default\_vpc\_arn](#output\_default\_vpc\_arn) | The ARN of the Default VPC | -| [default\_vpc\_cidr\_block](#output\_default\_vpc\_cidr\_block) | The CIDR block of the Default VPC | -| [default\_vpc\_default\_network\_acl\_id](#output\_default\_vpc\_default\_network\_acl\_id) | The ID of the default network ACL of the Default VPC | -| [default\_vpc\_default\_route\_table\_id](#output\_default\_vpc\_default\_route\_table\_id) | The ID of the default route table of the Default VPC | -| [default\_vpc\_default\_security\_group\_id](#output\_default\_vpc\_default\_security\_group\_id) | The ID of the security group created by default on Default VPC creation | -| [default\_vpc\_enable\_dns\_hostnames](#output\_default\_vpc\_enable\_dns\_hostnames) | Whether or not the Default VPC has DNS hostname support | -| [default\_vpc\_enable\_dns\_support](#output\_default\_vpc\_enable\_dns\_support) | Whether or not the Default VPC has DNS support | -| [default\_vpc\_id](#output\_default\_vpc\_id) | The ID of the Default VPC | -| [default\_vpc\_instance\_tenancy](#output\_default\_vpc\_instance\_tenancy) | Tenancy of instances spin up within Default VPC | -| [default\_vpc\_main\_route\_table\_id](#output\_default\_vpc\_main\_route\_table\_id) | The ID of the main route table associated with the Default VPC | -| [dhcp\_options\_id](#output\_dhcp\_options\_id) | The ID of the DHCP options | -| [egress\_only\_internet\_gateway\_id](#output\_egress\_only\_internet\_gateway\_id) | The ID of the egress only Internet Gateway | -| [elasticache\_network\_acl\_arn](#output\_elasticache\_network\_acl\_arn) | ARN of the elasticache network ACL | -| [elasticache\_network\_acl\_id](#output\_elasticache\_network\_acl\_id) | ID of the elasticache network ACL | -| [elasticache\_route\_table\_association\_ids](#output\_elasticache\_route\_table\_association\_ids) | List of IDs of the elasticache route table association | -| [elasticache\_route\_table\_ids](#output\_elasticache\_route\_table\_ids) | List of IDs of elasticache route tables | -| [elasticache\_subnet\_arns](#output\_elasticache\_subnet\_arns) | List of ARNs of elasticache subnets | -| [elasticache\_subnet\_group](#output\_elasticache\_subnet\_group) | ID of elasticache subnet group | -| [elasticache\_subnet\_group\_name](#output\_elasticache\_subnet\_group\_name) | Name of elasticache subnet group | -| [elasticache\_subnets](#output\_elasticache\_subnets) | List of IDs of elasticache subnets | -| [elasticache\_subnets\_cidr\_blocks](#output\_elasticache\_subnets\_cidr\_blocks) | List of cidr\_blocks of elasticache subnets | -| [elasticache\_subnets\_ipv6\_cidr\_blocks](#output\_elasticache\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of elasticache subnets in an IPv6 enabled VPC | -| [igw\_arn](#output\_igw\_arn) | The ARN of the Internet Gateway | -| [igw\_id](#output\_igw\_id) | The ID of the Internet Gateway | -| [intra\_network\_acl\_arn](#output\_intra\_network\_acl\_arn) | ARN of the intra network ACL | -| [intra\_network\_acl\_id](#output\_intra\_network\_acl\_id) | ID of the intra network ACL | -| [intra\_route\_table\_association\_ids](#output\_intra\_route\_table\_association\_ids) | List of IDs of the intra route table association | -| [intra\_route\_table\_ids](#output\_intra\_route\_table\_ids) | List of IDs of intra route tables | -| [intra\_subnet\_arns](#output\_intra\_subnet\_arns) | List of ARNs of intra subnets | -| [intra\_subnets](#output\_intra\_subnets) | List of IDs of intra subnets | -| [intra\_subnets\_cidr\_blocks](#output\_intra\_subnets\_cidr\_blocks) | List of cidr\_blocks of intra subnets | -| [intra\_subnets\_ipv6\_cidr\_blocks](#output\_intra\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of intra subnets in an IPv6 enabled VPC | -| [name](#output\_name) | The name of the VPC specified as argument to this module | -| [nat\_ids](#output\_nat\_ids) | List of allocation ID of Elastic IPs created for AWS NAT Gateway | -| [nat\_public\_ips](#output\_nat\_public\_ips) | List of public Elastic IPs created for AWS NAT Gateway | -| [natgw\_ids](#output\_natgw\_ids) | List of NAT Gateway IDs | -| [outpost\_network\_acl\_arn](#output\_outpost\_network\_acl\_arn) | ARN of the outpost network ACL | -| [outpost\_network\_acl\_id](#output\_outpost\_network\_acl\_id) | ID of the outpost network ACL | -| [outpost\_subnet\_arns](#output\_outpost\_subnet\_arns) | List of ARNs of outpost subnets | -| [outpost\_subnets](#output\_outpost\_subnets) | List of IDs of outpost subnets | -| [outpost\_subnets\_cidr\_blocks](#output\_outpost\_subnets\_cidr\_blocks) | List of cidr\_blocks of outpost subnets | -| [outpost\_subnets\_ipv6\_cidr\_blocks](#output\_outpost\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of outpost subnets in an IPv6 enabled VPC | -| [private\_ipv6\_egress\_route\_ids](#output\_private\_ipv6\_egress\_route\_ids) | List of IDs of the ipv6 egress route | -| [private\_nat\_gateway\_route\_ids](#output\_private\_nat\_gateway\_route\_ids) | List of IDs of the private nat gateway route | -| [private\_network\_acl\_arn](#output\_private\_network\_acl\_arn) | ARN of the private network ACL | -| [private\_network\_acl\_id](#output\_private\_network\_acl\_id) | ID of the private network ACL | -| [private\_route\_table\_association\_ids](#output\_private\_route\_table\_association\_ids) | List of IDs of the private route table association | -| [private\_route\_table\_ids](#output\_private\_route\_table\_ids) | List of IDs of private route tables | -| [private\_subnet\_arns](#output\_private\_subnet\_arns) | List of ARNs of private subnets | -| [private\_subnets](#output\_private\_subnets) | List of IDs of private subnets | -| [private\_subnets\_cidr\_blocks](#output\_private\_subnets\_cidr\_blocks) | List of cidr\_blocks of private subnets | -| [private\_subnets\_ipv6\_cidr\_blocks](#output\_private\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of private subnets in an IPv6 enabled VPC | -| [public\_internet\_gateway\_ipv6\_route\_id](#output\_public\_internet\_gateway\_ipv6\_route\_id) | ID of the IPv6 internet gateway route | -| [public\_internet\_gateway\_route\_id](#output\_public\_internet\_gateway\_route\_id) | ID of the internet gateway route | -| [public\_network\_acl\_arn](#output\_public\_network\_acl\_arn) | ARN of the public network ACL | -| [public\_network\_acl\_id](#output\_public\_network\_acl\_id) | ID of the public network ACL | -| [public\_route\_table\_association\_ids](#output\_public\_route\_table\_association\_ids) | List of IDs of the public route table association | -| [public\_route\_table\_ids](#output\_public\_route\_table\_ids) | List of IDs of public route tables | -| [public\_subnet\_arns](#output\_public\_subnet\_arns) | List of ARNs of public subnets | -| [public\_subnets](#output\_public\_subnets) | List of IDs of public subnets | -| [public\_subnets\_cidr\_blocks](#output\_public\_subnets\_cidr\_blocks) | List of cidr\_blocks of public subnets | -| [public\_subnets\_ipv6\_cidr\_blocks](#output\_public\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of public subnets in an IPv6 enabled VPC | -| [redshift\_network\_acl\_arn](#output\_redshift\_network\_acl\_arn) | ARN of the redshift network ACL | -| [redshift\_network\_acl\_id](#output\_redshift\_network\_acl\_id) | ID of the redshift network ACL | -| [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshift route table association | -| [redshift\_route\_table\_association\_ids](#output\_redshift\_route\_table\_association\_ids) | List of IDs of the redshift route table association | -| [redshift\_route\_table\_ids](#output\_redshift\_route\_table\_ids) | List of IDs of redshift route tables | -| [redshift\_subnet\_arns](#output\_redshift\_subnet\_arns) | List of ARNs of redshift subnets | -| [redshift\_subnet\_group](#output\_redshift\_subnet\_group) | ID of redshift subnet group | -| [redshift\_subnets](#output\_redshift\_subnets) | List of IDs of redshift subnets | -| [redshift\_subnets\_cidr\_blocks](#output\_redshift\_subnets\_cidr\_blocks) | List of cidr\_blocks of redshift subnets | -| [redshift\_subnets\_ipv6\_cidr\_blocks](#output\_redshift\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of redshift subnets in an IPv6 enabled VPC | -| [this\_customer\_gateway](#output\_this\_customer\_gateway) | Map of Customer Gateway attributes | -| [vgw\_arn](#output\_vgw\_arn) | The ARN of the VPN Gateway | -| [vgw\_id](#output\_vgw\_id) | The ID of the VPN Gateway | -| [vpc\_arn](#output\_vpc\_arn) | The ARN of the VPC | -| [vpc\_cidr\_block](#output\_vpc\_cidr\_block) | The CIDR block of the VPC | -| [vpc\_enable\_dns\_hostnames](#output\_vpc\_enable\_dns\_hostnames) | Whether or not the VPC has DNS hostname support | -| [vpc\_enable\_dns\_support](#output\_vpc\_enable\_dns\_support) | Whether or not the VPC has DNS support | -| [vpc\_flow\_log\_cloudwatch\_iam\_role\_arn](#output\_vpc\_flow\_log\_cloudwatch\_iam\_role\_arn) | The ARN of the IAM role used when pushing logs to Cloudwatch log group | -| [vpc\_flow\_log\_destination\_arn](#output\_vpc\_flow\_log\_destination\_arn) | The ARN of the destination for VPC Flow Logs | -| [vpc\_flow\_log\_destination\_type](#output\_vpc\_flow\_log\_destination\_type) | The type of the destination for VPC Flow Logs | -| [vpc\_flow\_log\_id](#output\_vpc\_flow\_log\_id) | The ID of the Flow Log resource | -| [vpc\_id](#output\_vpc\_id) | The ID of the VPC | -| [vpc\_instance\_tenancy](#output\_vpc\_instance\_tenancy) | Tenancy of instances spin up within VPC | -| [vpc\_ipv6\_association\_id](#output\_vpc\_ipv6\_association\_id) | The association ID for the IPv6 CIDR block | -| [vpc\_ipv6\_cidr\_block](#output\_vpc\_ipv6\_cidr\_block) | The IPv6 CIDR block | -| [vpc\_main\_route\_table\_id](#output\_vpc\_main\_route\_table\_id) | The ID of the main route table associated with this VPC | -| [vpc\_owner\_id](#output\_vpc\_owner\_id) | The ID of the AWS account that owns the VPC | -| [vpc\_secondary\_cidr\_blocks](#output\_vpc\_secondary\_cidr\_blocks) | List of secondary CIDR blocks of the VPC | - - -## Authors - -Module is maintained by [Anton Babenko](https://github.com/antonbabenko) with help from [these awesome contributors](https://github.com/terraform-aws-modules/terraform-aws-vpc/graphs/contributors). - -## License - -Apache 2 Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/LICENSE) for full details. - -## Additional information for users from Russia and Belarus - -* Russia has [illegally annexed Crimea in 2014](https://en.wikipedia.org/wiki/Annexation_of_Crimea_by_the_Russian_Federation) and [brought the war in Donbas](https://en.wikipedia.org/wiki/War_in_Donbas) followed by [full-scale invasion of Ukraine in 2022](https://en.wikipedia.org/wiki/2022_Russian_invasion_of_Ukraine). -* Russia has brought sorrow and devastations to millions of Ukrainians, killed [thousands of innocent people](https://www.ohchr.org/en/news/2023/06/ukraine-civilian-casualty-update-19-june-2023), damaged thousands of buildings including [critical infrastructure](https://www.aljazeera.com/gallery/2022/12/17/russia-launches-another-major-missile-attack-on-ukraine), caused ecocide by [blowing up a dam](https://www.reuters.com/world/europe/ukraine-security-service-says-it-intercepted-call-proving-russia-destroyed-2023-06-09/), [bombed theater](https://www.cnn.com/2022/03/16/europe/ukraine-mariupol-bombing-theater-intl/index.html) in Mariupol that had "Children" marking on the ground, [raped men and boys](https://www.theguardian.com/world/2022/may/03/men-and-boys-among-alleged-victims-by-russian-soldiers-in-ukraine), [deported children](https://www.bbc.com/news/world-europe-64992727) in the occupied territoris, and forced [millions of people](https://www.unrefugees.org/emergencies/ukraine/) to flee. -* [Putin khuylo!](https://en.wikipedia.org/wiki/Putin_khuylo!) diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/UPGRADE-3.0.md b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/UPGRADE-3.0.md deleted file mode 100644 index f1e5d24f..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/UPGRADE-3.0.md +++ /dev/null @@ -1,52 +0,0 @@ -# Upgrade from v2.x to v3.x - -If you have any questions regarding this upgrade process, please consult the `examples` directory: - -- [Complete-VPC](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/complete-vpc) - -If you find a bug, please open an issue with supporting configuration to reproduce. - -## List of backwards incompatible changes - -Previously, VPC endpoints were configured as standalone resources with their own set of variables and attributes. Now, this functionality is provided via a module which loops over a map of maps using `for_each` to generate the desired VPC endpoints. Therefore, to maintain the existing set of functionality while upgrading, you will need to perform the following changes: - -1. Move the endpoint resource from the main module to the sub-module. The example state move below is valid for all endpoints you might have configured (reference [`complete-vpc`](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/complete-vpc) example for reference), where `ssmmessages` should be updated for and state move performed for each endpoint configured: - -``` -terraform state mv 'module.vpc.aws_vpc_endpoint.ssm[0]' 'module.vpc_endpoints.aws_vpc_endpoint.this["ssm"]' -terraform state mv 'module.vpc.aws_vpc_endpoint.ssmmessages[0]' 'module.vpc_endpoints.aws_vpc_endpoint.this["ssmmessages"]' -terraform state mv 'module.vpc.aws_vpc_endpoint.ec2[0]' 'module.vpc_endpoints.aws_vpc_endpoint.this["ec2"]' -... -``` - -2. Remove the gateway endpoint route table association separate resources. The route table associations are now managed in the VPC endpoint resource itself via the map of maps provided to the VPC endpoint sub-module. Perform the necessary removals for each route table association and for S3 and/or DynamoDB depending on your configuration: - -``` -terraform state rm 'module.vpc.aws_vpc_endpoint_route_table_association.intra_dynamodb[0]' -terraform state rm 'module.vpc.aws_vpc_endpoint_route_table_association.private_dynamodb[0]' -terraform state rm 'module.vpc.aws_vpc_endpoint_route_table_association.public_dynamodb[0]' -... -``` - -### Variable and output changes - -1. Removed variables: - - - `enable_*_endpoint` - - `*_endpoint_type` - - `*_endpoint_security_group_ids` - - `*_endpoint_subnet_ids` - - `*_endpoint_private_dns_enabled` - - `*_endpoint_policy` - -2. Renamed variables: - -See the [VPC endpoint sub-module](modules/vpc-endpoints) for the more information on the variables to utilize for VPC endpoints - -3. Removed outputs: - - - `vpc_endpoint_*` - -4. Renamed outputs: - -VPC endpoint outputs are now provided via the VPC endpoint sub-module and can be accessed via lookups. See [`complete-vpc`](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/complete-vpc) for further examples of how to access VPC endpoint attributes from outputs diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/UPGRADE-4.0.md b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/UPGRADE-4.0.md deleted file mode 100644 index abf1e2a2..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/UPGRADE-4.0.md +++ /dev/null @@ -1,66 +0,0 @@ -# Upgrade from v3.x to v4.x - -If you have any questions regarding this upgrade process, please consult the [`examples`](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/) directory: - -If you find a bug, please open an issue with supporting configuration to reproduce. - -## List of backwards incompatible changes - -- The minimum required Terraform version is now 1.0 -- The minimum required AWS provider version is now 4.x (4.35.0 at time of writing) -- `assign_ipv6_address_on_creation` has been removed; use the respective subnet type equivalent instead (i.e. - `public_subnet_assign_ipv6_address_on_creation`) -- `enable_classiclink` has been removed; it is no longer supported by AWS https://github.com/hashicorp/terraform/issues/31730 -- `enable_classiclink_dns_support` has been removed; it is no longer supported by AWS https://github.com/hashicorp/terraform/issues/31730 - -## Additional changes - -### Modified - -- `map_public_ip_on_launch` now defaults to `false` -- `enable_dns_hostnames` now defaults to `true` -- `enable_dns_support` now defaults to `true` -- `manage_default_security_group` now defaults to `true` -- `manage_default_route_table` now defaults to `true` -- `manage_default_network_acl` now defaults to `true` -- The default name for the default security group, route table, and network ACL has changed to fallback to append `-default` to the VPC name if a specific name is not provided -- The default fallback value for outputs has changed from an empty string to `null` - -### Variable and output changes - -1. Removed variables: - - - `assign_ipv6_address_on_creation` has been removed; use the respective subnet type equivalent instead (i.e. - `public_subnet_assign_ipv6_address_on_creation`) - - `enable_classiclink` has been removed; it is no longer supported by AWS https://github.com/hashicorp/terraform/issues/31730 - - `enable_classiclink_dns_support` has been removed; it is no longer supported by AWS https://github.com/hashicorp/terraform/issues/31730 - -2. Renamed variables: - - - None - -3. Added variables: - - - VPC - - `ipv6_cidr_block_network_border_group` - - `enable_network_address_usage_metrics` - - Subnets - - `*_subnet_enable_dns64` for each subnet type - - `*_subnet_enable_resource_name_dns_aaaa_record_on_launch` for each subnet type - - `*_subnet_enable_resource_name_dns_a_record_on_launch` for each subnet type - - `*_subnet_ipv6_native` for each subnet type - - `*_subnet_private_dns_hostname_type_on_launch` for each subnet type - -4. Removed outputs: - - - None - -5. Renamed outputs: - - - None - -6. Added outputs: - - - None - -### State Changes - -None diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/complete/README.md b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/complete/README.md deleted file mode 100644 index d6e4eb4a..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/complete/README.md +++ /dev/null @@ -1,168 +0,0 @@ -# Complete VPC - -Configuration in this directory creates set of VPC resources which may be sufficient for staging or production environment (look into [simple](../simple) for more simplified setup). - -There are public, private, database, ElastiCache, intra (private w/o Internet access) subnets, and NAT Gateways created in each availability zone. - -## Usage - -To run this example you need to execute: - -```bash -$ terraform init -$ terraform plan -$ terraform apply -``` - -Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources. - - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.0 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | >= 5.0 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [vpc](#module\_vpc) | ../../ | n/a | -| [vpc\_endpoints](#module\_vpc\_endpoints) | ../../modules/vpc-endpoints | n/a | -| [vpc\_endpoints\_nocreate](#module\_vpc\_endpoints\_nocreate) | ../../modules/vpc-endpoints | n/a | - -## Resources - -| Name | Type | -|------|------| -| [aws_security_group.rds](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | -| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source | -| [aws_iam_policy_document.dynamodb_endpoint_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_iam_policy_document.generic_endpoint_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | - -## Inputs - -No inputs. - -## Outputs - -| Name | Description | -|------|-------------| -| [cgw\_arns](#output\_cgw\_arns) | List of ARNs of Customer Gateway | -| [cgw\_ids](#output\_cgw\_ids) | List of IDs of Customer Gateway | -| [database\_internet\_gateway\_route\_id](#output\_database\_internet\_gateway\_route\_id) | ID of the database internet gateway route | -| [database\_ipv6\_egress\_route\_id](#output\_database\_ipv6\_egress\_route\_id) | ID of the database IPv6 egress route | -| [database\_nat\_gateway\_route\_ids](#output\_database\_nat\_gateway\_route\_ids) | List of IDs of the database nat gateway route | -| [database\_network\_acl\_arn](#output\_database\_network\_acl\_arn) | ARN of the database network ACL | -| [database\_network\_acl\_id](#output\_database\_network\_acl\_id) | ID of the database network ACL | -| [database\_route\_table\_association\_ids](#output\_database\_route\_table\_association\_ids) | List of IDs of the database route table association | -| [database\_route\_table\_ids](#output\_database\_route\_table\_ids) | List of IDs of database route tables | -| [database\_subnet\_arns](#output\_database\_subnet\_arns) | List of ARNs of database subnets | -| [database\_subnet\_group](#output\_database\_subnet\_group) | ID of database subnet group | -| [database\_subnet\_group\_name](#output\_database\_subnet\_group\_name) | Name of database subnet group | -| [database\_subnets](#output\_database\_subnets) | List of IDs of database subnets | -| [database\_subnets\_cidr\_blocks](#output\_database\_subnets\_cidr\_blocks) | List of cidr\_blocks of database subnets | -| [database\_subnets\_ipv6\_cidr\_blocks](#output\_database\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of database subnets in an IPv6 enabled VPC | -| [default\_network\_acl\_id](#output\_default\_network\_acl\_id) | The ID of the default network ACL | -| [default\_route\_table\_id](#output\_default\_route\_table\_id) | The ID of the default route table | -| [default\_security\_group\_id](#output\_default\_security\_group\_id) | The ID of the security group created by default on VPC creation | -| [default\_vpc\_arn](#output\_default\_vpc\_arn) | The ARN of the Default VPC | -| [default\_vpc\_cidr\_block](#output\_default\_vpc\_cidr\_block) | The CIDR block of the Default VPC | -| [default\_vpc\_default\_network\_acl\_id](#output\_default\_vpc\_default\_network\_acl\_id) | The ID of the default network ACL of the Default VPC | -| [default\_vpc\_default\_route\_table\_id](#output\_default\_vpc\_default\_route\_table\_id) | The ID of the default route table of the Default VPC | -| [default\_vpc\_default\_security\_group\_id](#output\_default\_vpc\_default\_security\_group\_id) | The ID of the security group created by default on Default VPC creation | -| [default\_vpc\_enable\_dns\_hostnames](#output\_default\_vpc\_enable\_dns\_hostnames) | Whether or not the Default VPC has DNS hostname support | -| [default\_vpc\_enable\_dns\_support](#output\_default\_vpc\_enable\_dns\_support) | Whether or not the Default VPC has DNS support | -| [default\_vpc\_id](#output\_default\_vpc\_id) | The ID of the Default VPC | -| [default\_vpc\_instance\_tenancy](#output\_default\_vpc\_instance\_tenancy) | Tenancy of instances spin up within Default VPC | -| [default\_vpc\_main\_route\_table\_id](#output\_default\_vpc\_main\_route\_table\_id) | The ID of the main route table associated with the Default VPC | -| [dhcp\_options\_id](#output\_dhcp\_options\_id) | The ID of the DHCP options | -| [egress\_only\_internet\_gateway\_id](#output\_egress\_only\_internet\_gateway\_id) | The ID of the egress only Internet Gateway | -| [elasticache\_network\_acl\_arn](#output\_elasticache\_network\_acl\_arn) | ARN of the elasticache network ACL | -| [elasticache\_network\_acl\_id](#output\_elasticache\_network\_acl\_id) | ID of the elasticache network ACL | -| [elasticache\_route\_table\_association\_ids](#output\_elasticache\_route\_table\_association\_ids) | List of IDs of the elasticache route table association | -| [elasticache\_route\_table\_ids](#output\_elasticache\_route\_table\_ids) | List of IDs of elasticache route tables | -| [elasticache\_subnet\_arns](#output\_elasticache\_subnet\_arns) | List of ARNs of elasticache subnets | -| [elasticache\_subnet\_group](#output\_elasticache\_subnet\_group) | ID of elasticache subnet group | -| [elasticache\_subnet\_group\_name](#output\_elasticache\_subnet\_group\_name) | Name of elasticache subnet group | -| [elasticache\_subnets](#output\_elasticache\_subnets) | List of IDs of elasticache subnets | -| [elasticache\_subnets\_cidr\_blocks](#output\_elasticache\_subnets\_cidr\_blocks) | List of cidr\_blocks of elasticache subnets | -| [elasticache\_subnets\_ipv6\_cidr\_blocks](#output\_elasticache\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of elasticache subnets in an IPv6 enabled VPC | -| [igw\_arn](#output\_igw\_arn) | The ARN of the Internet Gateway | -| [igw\_id](#output\_igw\_id) | The ID of the Internet Gateway | -| [intra\_network\_acl\_arn](#output\_intra\_network\_acl\_arn) | ARN of the intra network ACL | -| [intra\_network\_acl\_id](#output\_intra\_network\_acl\_id) | ID of the intra network ACL | -| [intra\_route\_table\_association\_ids](#output\_intra\_route\_table\_association\_ids) | List of IDs of the intra route table association | -| [intra\_route\_table\_ids](#output\_intra\_route\_table\_ids) | List of IDs of intra route tables | -| [intra\_subnet\_arns](#output\_intra\_subnet\_arns) | List of ARNs of intra subnets | -| [intra\_subnets](#output\_intra\_subnets) | List of IDs of intra subnets | -| [intra\_subnets\_cidr\_blocks](#output\_intra\_subnets\_cidr\_blocks) | List of cidr\_blocks of intra subnets | -| [intra\_subnets\_ipv6\_cidr\_blocks](#output\_intra\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of intra subnets in an IPv6 enabled VPC | -| [nat\_ids](#output\_nat\_ids) | List of allocation ID of Elastic IPs created for AWS NAT Gateway | -| [nat\_public\_ips](#output\_nat\_public\_ips) | List of public Elastic IPs created for AWS NAT Gateway | -| [natgw\_ids](#output\_natgw\_ids) | List of NAT Gateway IDs | -| [outpost\_network\_acl\_arn](#output\_outpost\_network\_acl\_arn) | ARN of the outpost network ACL | -| [outpost\_network\_acl\_id](#output\_outpost\_network\_acl\_id) | ID of the outpost network ACL | -| [outpost\_subnet\_arns](#output\_outpost\_subnet\_arns) | List of ARNs of outpost subnets | -| [outpost\_subnets](#output\_outpost\_subnets) | List of IDs of outpost subnets | -| [outpost\_subnets\_cidr\_blocks](#output\_outpost\_subnets\_cidr\_blocks) | List of cidr\_blocks of outpost subnets | -| [outpost\_subnets\_ipv6\_cidr\_blocks](#output\_outpost\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of outpost subnets in an IPv6 enabled VPC | -| [private\_ipv6\_egress\_route\_ids](#output\_private\_ipv6\_egress\_route\_ids) | List of IDs of the ipv6 egress route | -| [private\_nat\_gateway\_route\_ids](#output\_private\_nat\_gateway\_route\_ids) | List of IDs of the private nat gateway route | -| [private\_network\_acl\_arn](#output\_private\_network\_acl\_arn) | ARN of the private network ACL | -| [private\_network\_acl\_id](#output\_private\_network\_acl\_id) | ID of the private network ACL | -| [private\_route\_table\_association\_ids](#output\_private\_route\_table\_association\_ids) | List of IDs of the private route table association | -| [private\_route\_table\_ids](#output\_private\_route\_table\_ids) | List of IDs of private route tables | -| [private\_subnet\_arns](#output\_private\_subnet\_arns) | List of ARNs of private subnets | -| [private\_subnets](#output\_private\_subnets) | List of IDs of private subnets | -| [private\_subnets\_cidr\_blocks](#output\_private\_subnets\_cidr\_blocks) | List of cidr\_blocks of private subnets | -| [private\_subnets\_ipv6\_cidr\_blocks](#output\_private\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of private subnets in an IPv6 enabled VPC | -| [public\_internet\_gateway\_ipv6\_route\_id](#output\_public\_internet\_gateway\_ipv6\_route\_id) | ID of the IPv6 internet gateway route | -| [public\_internet\_gateway\_route\_id](#output\_public\_internet\_gateway\_route\_id) | ID of the internet gateway route | -| [public\_network\_acl\_arn](#output\_public\_network\_acl\_arn) | ARN of the public network ACL | -| [public\_network\_acl\_id](#output\_public\_network\_acl\_id) | ID of the public network ACL | -| [public\_route\_table\_association\_ids](#output\_public\_route\_table\_association\_ids) | List of IDs of the public route table association | -| [public\_route\_table\_ids](#output\_public\_route\_table\_ids) | List of IDs of public route tables | -| [public\_subnet\_arns](#output\_public\_subnet\_arns) | List of ARNs of public subnets | -| [public\_subnets](#output\_public\_subnets) | List of IDs of public subnets | -| [public\_subnets\_cidr\_blocks](#output\_public\_subnets\_cidr\_blocks) | List of cidr\_blocks of public subnets | -| [public\_subnets\_ipv6\_cidr\_blocks](#output\_public\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of public subnets in an IPv6 enabled VPC | -| [redshift\_network\_acl\_arn](#output\_redshift\_network\_acl\_arn) | ARN of the redshift network ACL | -| [redshift\_network\_acl\_id](#output\_redshift\_network\_acl\_id) | ID of the redshift network ACL | -| [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshift route table association | -| [redshift\_route\_table\_association\_ids](#output\_redshift\_route\_table\_association\_ids) | List of IDs of the redshift route table association | -| [redshift\_route\_table\_ids](#output\_redshift\_route\_table\_ids) | List of IDs of redshift route tables | -| [redshift\_subnet\_arns](#output\_redshift\_subnet\_arns) | List of ARNs of redshift subnets | -| [redshift\_subnet\_group](#output\_redshift\_subnet\_group) | ID of redshift subnet group | -| [redshift\_subnets](#output\_redshift\_subnets) | List of IDs of redshift subnets | -| [redshift\_subnets\_cidr\_blocks](#output\_redshift\_subnets\_cidr\_blocks) | List of cidr\_blocks of redshift subnets | -| [redshift\_subnets\_ipv6\_cidr\_blocks](#output\_redshift\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of redshift subnets in an IPv6 enabled VPC | -| [this\_customer\_gateway](#output\_this\_customer\_gateway) | Map of Customer Gateway attributes | -| [vgw\_arn](#output\_vgw\_arn) | The ARN of the VPN Gateway | -| [vgw\_id](#output\_vgw\_id) | The ID of the VPN Gateway | -| [vpc\_arn](#output\_vpc\_arn) | The ARN of the VPC | -| [vpc\_cidr\_block](#output\_vpc\_cidr\_block) | The CIDR block of the VPC | -| [vpc\_enable\_dns\_hostnames](#output\_vpc\_enable\_dns\_hostnames) | Whether or not the VPC has DNS hostname support | -| [vpc\_enable\_dns\_support](#output\_vpc\_enable\_dns\_support) | Whether or not the VPC has DNS support | -| [vpc\_endpoints](#output\_vpc\_endpoints) | Array containing the full resource object and attributes for all endpoints created | -| [vpc\_endpoints\_security\_group\_arn](#output\_vpc\_endpoints\_security\_group\_arn) | Amazon Resource Name (ARN) of the security group | -| [vpc\_endpoints\_security\_group\_id](#output\_vpc\_endpoints\_security\_group\_id) | ID of the security group | -| [vpc\_flow\_log\_cloudwatch\_iam\_role\_arn](#output\_vpc\_flow\_log\_cloudwatch\_iam\_role\_arn) | The ARN of the IAM role used when pushing logs to Cloudwatch log group | -| [vpc\_flow\_log\_destination\_arn](#output\_vpc\_flow\_log\_destination\_arn) | The ARN of the destination for VPC Flow Logs | -| [vpc\_flow\_log\_destination\_type](#output\_vpc\_flow\_log\_destination\_type) | The type of the destination for VPC Flow Logs | -| [vpc\_flow\_log\_id](#output\_vpc\_flow\_log\_id) | The ID of the Flow Log resource | -| [vpc\_id](#output\_vpc\_id) | The ID of the VPC | -| [vpc\_instance\_tenancy](#output\_vpc\_instance\_tenancy) | Tenancy of instances spin up within VPC | -| [vpc\_ipv6\_association\_id](#output\_vpc\_ipv6\_association\_id) | The association ID for the IPv6 CIDR block | -| [vpc\_ipv6\_cidr\_block](#output\_vpc\_ipv6\_cidr\_block) | The IPv6 CIDR block | -| [vpc\_main\_route\_table\_id](#output\_vpc\_main\_route\_table\_id) | The ID of the main route table associated with this VPC | -| [vpc\_owner\_id](#output\_vpc\_owner\_id) | The ID of the AWS account that owns the VPC | -| [vpc\_secondary\_cidr\_blocks](#output\_vpc\_secondary\_cidr\_blocks) | List of secondary CIDR blocks of the VPC | - diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/complete/main.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/complete/main.tf deleted file mode 100644 index 51435563..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/complete/main.tf +++ /dev/null @@ -1,216 +0,0 @@ -provider "aws" { - region = local.region -} - -data "aws_availability_zones" "available" {} - -locals { - name = "ex-${basename(path.cwd)}" - region = "eu-west-1" - - vpc_cidr = "10.0.0.0/16" - azs = slice(data.aws_availability_zones.available.names, 0, 3) - - tags = { - Example = local.name - GithubRepo = "terraform-aws-vpc" - GithubOrg = "terraform-aws-modules" - } -} - -################################################################################ -# VPC Module -################################################################################ - -module "vpc" { - source = "../../" - - name = local.name - cidr = local.vpc_cidr - - azs = local.azs - private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k)] - public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 4)] - database_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 8)] - elasticache_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 12)] - redshift_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 16)] - intra_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 20)] - - private_subnet_names = ["Private Subnet One", "Private Subnet Two"] - # public_subnet_names omitted to show default name generation for all three subnets - database_subnet_names = ["DB Subnet One"] - elasticache_subnet_names = ["Elasticache Subnet One", "Elasticache Subnet Two"] - redshift_subnet_names = ["Redshift Subnet One", "Redshift Subnet Two", "Redshift Subnet Three"] - intra_subnet_names = [] - - create_database_subnet_group = false - manage_default_network_acl = false - manage_default_route_table = false - manage_default_security_group = false - - enable_dns_hostnames = true - enable_dns_support = true - - enable_nat_gateway = true - single_nat_gateway = true - - customer_gateways = { - IP1 = { - bgp_asn = 65112 - ip_address = "1.2.3.4" - device_name = "some_name" - }, - IP2 = { - bgp_asn = 65112 - ip_address = "5.6.7.8" - } - } - - enable_vpn_gateway = true - - enable_dhcp_options = true - dhcp_options_domain_name = "service.consul" - dhcp_options_domain_name_servers = ["127.0.0.1", "10.10.0.2"] - - # VPC Flow Logs (Cloudwatch log group and IAM role will be created) - enable_flow_log = true - create_flow_log_cloudwatch_log_group = true - create_flow_log_cloudwatch_iam_role = true - flow_log_max_aggregation_interval = 60 - - tags = local.tags -} - -################################################################################ -# VPC Endpoints Module -################################################################################ - -module "vpc_endpoints" { - source = "../../modules/vpc-endpoints" - - vpc_id = module.vpc.vpc_id - - create_security_group = true - security_group_name_prefix = "${local.name}-vpc-endpoints-" - security_group_description = "VPC endpoint security group" - security_group_rules = { - ingress_https = { - description = "HTTPS from VPC" - cidr_blocks = [module.vpc.vpc_cidr_block] - } - } - - endpoints = { - s3 = { - service = "s3" - tags = { Name = "s3-vpc-endpoint" } - }, - dynamodb = { - service = "dynamodb" - service_type = "Gateway" - route_table_ids = flatten([module.vpc.intra_route_table_ids, module.vpc.private_route_table_ids, module.vpc.public_route_table_ids]) - policy = data.aws_iam_policy_document.dynamodb_endpoint_policy.json - tags = { Name = "dynamodb-vpc-endpoint" } - }, - ecs = { - service = "ecs" - private_dns_enabled = true - subnet_ids = module.vpc.private_subnets - }, - ecs_telemetry = { - create = false - service = "ecs-telemetry" - private_dns_enabled = true - subnet_ids = module.vpc.private_subnets - }, - ecr_api = { - service = "ecr.api" - private_dns_enabled = true - subnet_ids = module.vpc.private_subnets - policy = data.aws_iam_policy_document.generic_endpoint_policy.json - }, - ecr_dkr = { - service = "ecr.dkr" - private_dns_enabled = true - subnet_ids = module.vpc.private_subnets - policy = data.aws_iam_policy_document.generic_endpoint_policy.json - }, - rds = { - service = "rds" - private_dns_enabled = true - subnet_ids = module.vpc.private_subnets - security_group_ids = [aws_security_group.rds.id] - }, - } - - tags = merge(local.tags, { - Project = "Secret" - Endpoint = "true" - }) -} - -module "vpc_endpoints_nocreate" { - source = "../../modules/vpc-endpoints" - - create = false -} - -################################################################################ -# Supporting Resources -################################################################################ - -data "aws_iam_policy_document" "dynamodb_endpoint_policy" { - statement { - effect = "Deny" - actions = ["dynamodb:*"] - resources = ["*"] - - principals { - type = "*" - identifiers = ["*"] - } - - condition { - test = "StringNotEquals" - variable = "aws:sourceVpc" - - values = [module.vpc.vpc_id] - } - } -} - -data "aws_iam_policy_document" "generic_endpoint_policy" { - statement { - effect = "Deny" - actions = ["*"] - resources = ["*"] - - principals { - type = "*" - identifiers = ["*"] - } - - condition { - test = "StringNotEquals" - variable = "aws:SourceVpc" - - values = [module.vpc.vpc_id] - } - } -} - -resource "aws_security_group" "rds" { - name_prefix = "${local.name}-rds" - description = "Allow PostgreSQL inbound traffic" - vpc_id = module.vpc.vpc_id - - ingress { - description = "TLS from VPC" - from_port = 5432 - to_port = 5432 - protocol = "tcp" - cidr_blocks = [module.vpc.vpc_cidr_block] - } - - tags = local.tags -} diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/complete/outputs.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/complete/outputs.tf deleted file mode 100644 index 24be1a37..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/complete/outputs.tf +++ /dev/null @@ -1,551 +0,0 @@ -output "vpc_id" { - description = "The ID of the VPC" - value = module.vpc.vpc_id -} - -output "vpc_arn" { - description = "The ARN of the VPC" - value = module.vpc.vpc_arn -} - -output "vpc_cidr_block" { - description = "The CIDR block of the VPC" - value = module.vpc.vpc_cidr_block -} - -output "default_security_group_id" { - description = "The ID of the security group created by default on VPC creation" - value = module.vpc.default_security_group_id -} - -output "default_network_acl_id" { - description = "The ID of the default network ACL" - value = module.vpc.default_network_acl_id -} - -output "default_route_table_id" { - description = "The ID of the default route table" - value = module.vpc.default_route_table_id -} - -output "vpc_instance_tenancy" { - description = "Tenancy of instances spin up within VPC" - value = module.vpc.vpc_instance_tenancy -} - -output "vpc_enable_dns_support" { - description = "Whether or not the VPC has DNS support" - value = module.vpc.vpc_enable_dns_support -} - -output "vpc_enable_dns_hostnames" { - description = "Whether or not the VPC has DNS hostname support" - value = module.vpc.vpc_enable_dns_hostnames -} - -output "vpc_main_route_table_id" { - description = "The ID of the main route table associated with this VPC" - value = module.vpc.vpc_main_route_table_id -} - -output "vpc_ipv6_association_id" { - description = "The association ID for the IPv6 CIDR block" - value = module.vpc.vpc_ipv6_association_id -} - -output "vpc_ipv6_cidr_block" { - description = "The IPv6 CIDR block" - value = module.vpc.vpc_ipv6_cidr_block -} - -output "vpc_secondary_cidr_blocks" { - description = "List of secondary CIDR blocks of the VPC" - value = module.vpc.vpc_secondary_cidr_blocks -} - -output "vpc_owner_id" { - description = "The ID of the AWS account that owns the VPC" - value = module.vpc.vpc_owner_id -} - -output "private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc.private_subnets -} - -output "private_subnet_arns" { - description = "List of ARNs of private subnets" - value = module.vpc.private_subnet_arns -} - -output "private_subnets_cidr_blocks" { - description = "List of cidr_blocks of private subnets" - value = module.vpc.private_subnets_cidr_blocks -} - -output "private_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of private subnets in an IPv6 enabled VPC" - value = module.vpc.private_subnets_ipv6_cidr_blocks -} - -output "public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc.public_subnets -} - -output "public_subnet_arns" { - description = "List of ARNs of public subnets" - value = module.vpc.public_subnet_arns -} - -output "public_subnets_cidr_blocks" { - description = "List of cidr_blocks of public subnets" - value = module.vpc.public_subnets_cidr_blocks -} - -output "public_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of public subnets in an IPv6 enabled VPC" - value = module.vpc.public_subnets_ipv6_cidr_blocks -} - -output "outpost_subnets" { - description = "List of IDs of outpost subnets" - value = module.vpc.outpost_subnets -} - -output "outpost_subnet_arns" { - description = "List of ARNs of outpost subnets" - value = module.vpc.outpost_subnet_arns -} - -output "outpost_subnets_cidr_blocks" { - description = "List of cidr_blocks of outpost subnets" - value = module.vpc.outpost_subnets_cidr_blocks -} - -output "outpost_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of outpost subnets in an IPv6 enabled VPC" - value = module.vpc.outpost_subnets_ipv6_cidr_blocks -} - -output "database_subnets" { - description = "List of IDs of database subnets" - value = module.vpc.database_subnets -} - -output "database_subnet_arns" { - description = "List of ARNs of database subnets" - value = module.vpc.database_subnet_arns -} - -output "database_subnets_cidr_blocks" { - description = "List of cidr_blocks of database subnets" - value = module.vpc.database_subnets_cidr_blocks -} - -output "database_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of database subnets in an IPv6 enabled VPC" - value = module.vpc.database_subnets_ipv6_cidr_blocks -} - -output "database_subnet_group" { - description = "ID of database subnet group" - value = module.vpc.database_subnet_group -} - -output "database_subnet_group_name" { - description = "Name of database subnet group" - value = module.vpc.database_subnet_group_name -} - -output "redshift_subnets" { - description = "List of IDs of redshift subnets" - value = module.vpc.redshift_subnets -} - -output "redshift_subnet_arns" { - description = "List of ARNs of redshift subnets" - value = module.vpc.redshift_subnet_arns -} - -output "redshift_subnets_cidr_blocks" { - description = "List of cidr_blocks of redshift subnets" - value = module.vpc.redshift_subnets_cidr_blocks -} - -output "redshift_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of redshift subnets in an IPv6 enabled VPC" - value = module.vpc.redshift_subnets_ipv6_cidr_blocks -} - -output "redshift_subnet_group" { - description = "ID of redshift subnet group" - value = module.vpc.redshift_subnet_group -} - -output "elasticache_subnets" { - description = "List of IDs of elasticache subnets" - value = module.vpc.elasticache_subnets -} - -output "elasticache_subnet_arns" { - description = "List of ARNs of elasticache subnets" - value = module.vpc.elasticache_subnet_arns -} - -output "elasticache_subnets_cidr_blocks" { - description = "List of cidr_blocks of elasticache subnets" - value = module.vpc.elasticache_subnets_cidr_blocks -} - -output "elasticache_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of elasticache subnets in an IPv6 enabled VPC" - value = module.vpc.elasticache_subnets_ipv6_cidr_blocks -} - -output "intra_subnets" { - description = "List of IDs of intra subnets" - value = module.vpc.intra_subnets -} - -output "intra_subnet_arns" { - description = "List of ARNs of intra subnets" - value = module.vpc.intra_subnet_arns -} - -output "intra_subnets_cidr_blocks" { - description = "List of cidr_blocks of intra subnets" - value = module.vpc.intra_subnets_cidr_blocks -} - -output "intra_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of intra subnets in an IPv6 enabled VPC" - value = module.vpc.intra_subnets_ipv6_cidr_blocks -} - -output "elasticache_subnet_group" { - description = "ID of elasticache subnet group" - value = module.vpc.elasticache_subnet_group -} - -output "elasticache_subnet_group_name" { - description = "Name of elasticache subnet group" - value = module.vpc.elasticache_subnet_group_name -} - -output "public_route_table_ids" { - description = "List of IDs of public route tables" - value = module.vpc.public_route_table_ids -} - -output "private_route_table_ids" { - description = "List of IDs of private route tables" - value = module.vpc.private_route_table_ids -} - -output "database_route_table_ids" { - description = "List of IDs of database route tables" - value = module.vpc.database_route_table_ids -} - -output "redshift_route_table_ids" { - description = "List of IDs of redshift route tables" - value = module.vpc.redshift_route_table_ids -} - -output "elasticache_route_table_ids" { - description = "List of IDs of elasticache route tables" - value = module.vpc.elasticache_route_table_ids -} - -output "intra_route_table_ids" { - description = "List of IDs of intra route tables" - value = module.vpc.intra_route_table_ids -} - -output "public_internet_gateway_route_id" { - description = "ID of the internet gateway route" - value = module.vpc.public_internet_gateway_route_id -} - -output "public_internet_gateway_ipv6_route_id" { - description = "ID of the IPv6 internet gateway route" - value = module.vpc.public_internet_gateway_ipv6_route_id -} - -output "database_internet_gateway_route_id" { - description = "ID of the database internet gateway route" - value = module.vpc.database_internet_gateway_route_id -} - -output "database_nat_gateway_route_ids" { - description = "List of IDs of the database nat gateway route" - value = module.vpc.database_nat_gateway_route_ids -} - -output "database_ipv6_egress_route_id" { - description = "ID of the database IPv6 egress route" - value = module.vpc.database_ipv6_egress_route_id -} - -output "private_nat_gateway_route_ids" { - description = "List of IDs of the private nat gateway route" - value = module.vpc.private_nat_gateway_route_ids -} - -output "private_ipv6_egress_route_ids" { - description = "List of IDs of the ipv6 egress route" - value = module.vpc.private_ipv6_egress_route_ids -} - -output "private_route_table_association_ids" { - description = "List of IDs of the private route table association" - value = module.vpc.private_route_table_association_ids -} - -output "database_route_table_association_ids" { - description = "List of IDs of the database route table association" - value = module.vpc.database_route_table_association_ids -} - -output "redshift_route_table_association_ids" { - description = "List of IDs of the redshift route table association" - value = module.vpc.redshift_route_table_association_ids -} - -output "redshift_public_route_table_association_ids" { - description = "List of IDs of the public redshift route table association" - value = module.vpc.redshift_public_route_table_association_ids -} - -output "elasticache_route_table_association_ids" { - description = "List of IDs of the elasticache route table association" - value = module.vpc.elasticache_route_table_association_ids -} - -output "intra_route_table_association_ids" { - description = "List of IDs of the intra route table association" - value = module.vpc.intra_route_table_association_ids -} - -output "public_route_table_association_ids" { - description = "List of IDs of the public route table association" - value = module.vpc.public_route_table_association_ids -} - -output "dhcp_options_id" { - description = "The ID of the DHCP options" - value = module.vpc.dhcp_options_id -} - -output "nat_ids" { - description = "List of allocation ID of Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_ids -} - -output "nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_public_ips -} - -output "natgw_ids" { - description = "List of NAT Gateway IDs" - value = module.vpc.natgw_ids -} - -output "igw_id" { - description = "The ID of the Internet Gateway" - value = module.vpc.igw_id -} - -output "igw_arn" { - description = "The ARN of the Internet Gateway" - value = module.vpc.igw_arn -} - -output "egress_only_internet_gateway_id" { - description = "The ID of the egress only Internet Gateway" - value = module.vpc.egress_only_internet_gateway_id -} - -output "cgw_ids" { - description = "List of IDs of Customer Gateway" - value = module.vpc.cgw_ids -} - -output "cgw_arns" { - description = "List of ARNs of Customer Gateway" - value = module.vpc.cgw_arns -} - -output "this_customer_gateway" { - description = "Map of Customer Gateway attributes" - value = module.vpc.this_customer_gateway -} - -output "vgw_id" { - description = "The ID of the VPN Gateway" - value = module.vpc.vgw_id -} - -output "vgw_arn" { - description = "The ARN of the VPN Gateway" - value = module.vpc.vgw_arn -} - -output "default_vpc_id" { - description = "The ID of the Default VPC" - value = module.vpc.default_vpc_id -} - -output "default_vpc_arn" { - description = "The ARN of the Default VPC" - value = module.vpc.default_vpc_arn -} - -output "default_vpc_cidr_block" { - description = "The CIDR block of the Default VPC" - value = module.vpc.default_vpc_cidr_block -} - -output "default_vpc_default_security_group_id" { - description = "The ID of the security group created by default on Default VPC creation" - value = module.vpc.default_vpc_default_security_group_id -} - -output "default_vpc_default_network_acl_id" { - description = "The ID of the default network ACL of the Default VPC" - value = module.vpc.default_vpc_default_network_acl_id -} - -output "default_vpc_default_route_table_id" { - description = "The ID of the default route table of the Default VPC" - value = module.vpc.default_vpc_default_route_table_id -} - -output "default_vpc_instance_tenancy" { - description = "Tenancy of instances spin up within Default VPC" - value = module.vpc.default_vpc_instance_tenancy -} - -output "default_vpc_enable_dns_support" { - description = "Whether or not the Default VPC has DNS support" - value = module.vpc.default_vpc_enable_dns_support -} - -output "default_vpc_enable_dns_hostnames" { - description = "Whether or not the Default VPC has DNS hostname support" - value = module.vpc.default_vpc_enable_dns_hostnames -} - -output "default_vpc_main_route_table_id" { - description = "The ID of the main route table associated with the Default VPC" - value = module.vpc.default_vpc_main_route_table_id -} - -output "public_network_acl_id" { - description = "ID of the public network ACL" - value = module.vpc.public_network_acl_id -} - -output "public_network_acl_arn" { - description = "ARN of the public network ACL" - value = module.vpc.public_network_acl_arn -} - -output "private_network_acl_id" { - description = "ID of the private network ACL" - value = module.vpc.private_network_acl_id -} - -output "private_network_acl_arn" { - description = "ARN of the private network ACL" - value = module.vpc.private_network_acl_arn -} - -output "outpost_network_acl_id" { - description = "ID of the outpost network ACL" - value = module.vpc.outpost_network_acl_id -} - -output "outpost_network_acl_arn" { - description = "ARN of the outpost network ACL" - value = module.vpc.outpost_network_acl_arn -} - -output "intra_network_acl_id" { - description = "ID of the intra network ACL" - value = module.vpc.intra_network_acl_id -} - -output "intra_network_acl_arn" { - description = "ARN of the intra network ACL" - value = module.vpc.intra_network_acl_arn -} - -output "database_network_acl_id" { - description = "ID of the database network ACL" - value = module.vpc.database_network_acl_id -} - -output "database_network_acl_arn" { - description = "ARN of the database network ACL" - value = module.vpc.database_network_acl_arn -} - -output "redshift_network_acl_id" { - description = "ID of the redshift network ACL" - value = module.vpc.redshift_network_acl_id -} - -output "redshift_network_acl_arn" { - description = "ARN of the redshift network ACL" - value = module.vpc.redshift_network_acl_arn -} - -output "elasticache_network_acl_id" { - description = "ID of the elasticache network ACL" - value = module.vpc.elasticache_network_acl_id -} - -output "elasticache_network_acl_arn" { - description = "ARN of the elasticache network ACL" - value = module.vpc.elasticache_network_acl_arn -} - -# VPC flow log -output "vpc_flow_log_id" { - description = "The ID of the Flow Log resource" - value = module.vpc.vpc_flow_log_id -} - -output "vpc_flow_log_destination_arn" { - description = "The ARN of the destination for VPC Flow Logs" - value = module.vpc.vpc_flow_log_destination_arn -} - -output "vpc_flow_log_destination_type" { - description = "The type of the destination for VPC Flow Logs" - value = module.vpc.vpc_flow_log_destination_type -} - -output "vpc_flow_log_cloudwatch_iam_role_arn" { - description = "The ARN of the IAM role used when pushing logs to Cloudwatch log group" - value = module.vpc.vpc_flow_log_cloudwatch_iam_role_arn -} - -# VPC endpoints -output "vpc_endpoints" { - description = "Array containing the full resource object and attributes for all endpoints created" - value = module.vpc_endpoints.endpoints -} - -output "vpc_endpoints_security_group_arn" { - description = "Amazon Resource Name (ARN) of the security group" - value = module.vpc_endpoints.security_group_arn -} - -output "vpc_endpoints_security_group_id" { - description = "ID of the security group" - value = module.vpc_endpoints.security_group_id -} diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/complete/variables.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/complete/variables.tf deleted file mode 100644 index e69de29b..00000000 diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/complete/versions.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/complete/versions.tf deleted file mode 100644 index ddfcb0e0..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/complete/versions.tf +++ /dev/null @@ -1,10 +0,0 @@ -terraform { - required_version = ">= 1.0" - - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 5.0" - } - } -} diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/ipam/README.md b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/ipam/README.md deleted file mode 100644 index 07373875..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/ipam/README.md +++ /dev/null @@ -1,174 +0,0 @@ -# VPC with IPAM pool - -Configuration in this directory creates set of VPC resources using the CIDR provided by an IPAM pool. - -Note: Due to the nature of vending CIDR blocks from an IPAM pool, the IPAM pool must exist prior to creating a VPC using one of the CIDRs from the pool. - -## Usage - -To run this example you need to execute: - -```bash -$ terraform init -$ terraform plan -$ terraform apply -target=aws_vpc_ipam_preview_next_cidr.this # CIDR pool must exist before assigning CIDR from pool -$ terraform apply -``` - -To destroy this example you can execute: - -```bash -$ terraform destroy -target=module.vpc # destroy VPC that uses the IPAM pool CIDR first -$ terraform destroy -``` - -Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources. - - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.0 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | >= 5.0 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [vpc\_ipam\_set\_cidr](#module\_vpc\_ipam\_set\_cidr) | ../.. | n/a | -| [vpc\_ipam\_set\_netmask](#module\_vpc\_ipam\_set\_netmask) | ../.. | n/a | - -## Resources - -| Name | Type | -|------|------| -| [aws_vpc_ipam.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipam) | resource | -| [aws_vpc_ipam_pool.ipv6](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipam_pool) | resource | -| [aws_vpc_ipam_pool.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipam_pool) | resource | -| [aws_vpc_ipam_pool_cidr.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipam_pool_cidr) | resource | -| [aws_vpc_ipam_preview_next_cidr.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipam_preview_next_cidr) | resource | -| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source | - -## Inputs - -No inputs. - -## Outputs - -| Name | Description | -|------|-------------| -| [cgw\_arns](#output\_cgw\_arns) | List of ARNs of Customer Gateway | -| [cgw\_ids](#output\_cgw\_ids) | List of IDs of Customer Gateway | -| [database\_internet\_gateway\_route\_id](#output\_database\_internet\_gateway\_route\_id) | ID of the database internet gateway route | -| [database\_ipv6\_egress\_route\_id](#output\_database\_ipv6\_egress\_route\_id) | ID of the database IPv6 egress route | -| [database\_nat\_gateway\_route\_ids](#output\_database\_nat\_gateway\_route\_ids) | List of IDs of the database nat gateway route | -| [database\_network\_acl\_arn](#output\_database\_network\_acl\_arn) | ARN of the database network ACL | -| [database\_network\_acl\_id](#output\_database\_network\_acl\_id) | ID of the database network ACL | -| [database\_route\_table\_association\_ids](#output\_database\_route\_table\_association\_ids) | List of IDs of the database route table association | -| [database\_route\_table\_ids](#output\_database\_route\_table\_ids) | List of IDs of database route tables | -| [database\_subnet\_arns](#output\_database\_subnet\_arns) | List of ARNs of database subnets | -| [database\_subnet\_group](#output\_database\_subnet\_group) | ID of database subnet group | -| [database\_subnet\_group\_name](#output\_database\_subnet\_group\_name) | Name of database subnet group | -| [database\_subnets](#output\_database\_subnets) | List of IDs of database subnets | -| [database\_subnets\_cidr\_blocks](#output\_database\_subnets\_cidr\_blocks) | List of cidr\_blocks of database subnets | -| [database\_subnets\_ipv6\_cidr\_blocks](#output\_database\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of database subnets in an IPv6 enabled VPC | -| [default\_network\_acl\_id](#output\_default\_network\_acl\_id) | The ID of the default network ACL | -| [default\_route\_table\_id](#output\_default\_route\_table\_id) | The ID of the default route table | -| [default\_security\_group\_id](#output\_default\_security\_group\_id) | The ID of the security group created by default on VPC creation | -| [default\_vpc\_arn](#output\_default\_vpc\_arn) | The ARN of the Default VPC | -| [default\_vpc\_cidr\_block](#output\_default\_vpc\_cidr\_block) | The CIDR block of the Default VPC | -| [default\_vpc\_default\_network\_acl\_id](#output\_default\_vpc\_default\_network\_acl\_id) | The ID of the default network ACL of the Default VPC | -| [default\_vpc\_default\_route\_table\_id](#output\_default\_vpc\_default\_route\_table\_id) | The ID of the default route table of the Default VPC | -| [default\_vpc\_default\_security\_group\_id](#output\_default\_vpc\_default\_security\_group\_id) | The ID of the security group created by default on Default VPC creation | -| [default\_vpc\_enable\_dns\_hostnames](#output\_default\_vpc\_enable\_dns\_hostnames) | Whether or not the Default VPC has DNS hostname support | -| [default\_vpc\_enable\_dns\_support](#output\_default\_vpc\_enable\_dns\_support) | Whether or not the Default VPC has DNS support | -| [default\_vpc\_id](#output\_default\_vpc\_id) | The ID of the Default VPC | -| [default\_vpc\_instance\_tenancy](#output\_default\_vpc\_instance\_tenancy) | Tenancy of instances spin up within Default VPC | -| [default\_vpc\_main\_route\_table\_id](#output\_default\_vpc\_main\_route\_table\_id) | The ID of the main route table associated with the Default VPC | -| [dhcp\_options\_id](#output\_dhcp\_options\_id) | The ID of the DHCP options | -| [egress\_only\_internet\_gateway\_id](#output\_egress\_only\_internet\_gateway\_id) | The ID of the egress only Internet Gateway | -| [elasticache\_network\_acl\_arn](#output\_elasticache\_network\_acl\_arn) | ARN of the elasticache network ACL | -| [elasticache\_network\_acl\_id](#output\_elasticache\_network\_acl\_id) | ID of the elasticache network ACL | -| [elasticache\_route\_table\_association\_ids](#output\_elasticache\_route\_table\_association\_ids) | List of IDs of the elasticache route table association | -| [elasticache\_route\_table\_ids](#output\_elasticache\_route\_table\_ids) | List of IDs of elasticache route tables | -| [elasticache\_subnet\_arns](#output\_elasticache\_subnet\_arns) | List of ARNs of elasticache subnets | -| [elasticache\_subnet\_group](#output\_elasticache\_subnet\_group) | ID of elasticache subnet group | -| [elasticache\_subnet\_group\_name](#output\_elasticache\_subnet\_group\_name) | Name of elasticache subnet group | -| [elasticache\_subnets](#output\_elasticache\_subnets) | List of IDs of elasticache subnets | -| [elasticache\_subnets\_cidr\_blocks](#output\_elasticache\_subnets\_cidr\_blocks) | List of cidr\_blocks of elasticache subnets | -| [elasticache\_subnets\_ipv6\_cidr\_blocks](#output\_elasticache\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of elasticache subnets in an IPv6 enabled VPC | -| [igw\_arn](#output\_igw\_arn) | The ARN of the Internet Gateway | -| [igw\_id](#output\_igw\_id) | The ID of the Internet Gateway | -| [intra\_network\_acl\_arn](#output\_intra\_network\_acl\_arn) | ARN of the intra network ACL | -| [intra\_network\_acl\_id](#output\_intra\_network\_acl\_id) | ID of the intra network ACL | -| [intra\_route\_table\_association\_ids](#output\_intra\_route\_table\_association\_ids) | List of IDs of the intra route table association | -| [intra\_route\_table\_ids](#output\_intra\_route\_table\_ids) | List of IDs of intra route tables | -| [intra\_subnet\_arns](#output\_intra\_subnet\_arns) | List of ARNs of intra subnets | -| [intra\_subnets](#output\_intra\_subnets) | List of IDs of intra subnets | -| [intra\_subnets\_cidr\_blocks](#output\_intra\_subnets\_cidr\_blocks) | List of cidr\_blocks of intra subnets | -| [intra\_subnets\_ipv6\_cidr\_blocks](#output\_intra\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of intra subnets in an IPv6 enabled VPC | -| [nat\_ids](#output\_nat\_ids) | List of allocation ID of Elastic IPs created for AWS NAT Gateway | -| [nat\_public\_ips](#output\_nat\_public\_ips) | List of public Elastic IPs created for AWS NAT Gateway | -| [natgw\_ids](#output\_natgw\_ids) | List of NAT Gateway IDs | -| [outpost\_network\_acl\_arn](#output\_outpost\_network\_acl\_arn) | ARN of the outpost network ACL | -| [outpost\_network\_acl\_id](#output\_outpost\_network\_acl\_id) | ID of the outpost network ACL | -| [outpost\_subnet\_arns](#output\_outpost\_subnet\_arns) | List of ARNs of outpost subnets | -| [outpost\_subnets](#output\_outpost\_subnets) | List of IDs of outpost subnets | -| [outpost\_subnets\_cidr\_blocks](#output\_outpost\_subnets\_cidr\_blocks) | List of cidr\_blocks of outpost subnets | -| [outpost\_subnets\_ipv6\_cidr\_blocks](#output\_outpost\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of outpost subnets in an IPv6 enabled VPC | -| [private\_ipv6\_egress\_route\_ids](#output\_private\_ipv6\_egress\_route\_ids) | List of IDs of the ipv6 egress route | -| [private\_nat\_gateway\_route\_ids](#output\_private\_nat\_gateway\_route\_ids) | List of IDs of the private nat gateway route | -| [private\_network\_acl\_arn](#output\_private\_network\_acl\_arn) | ARN of the private network ACL | -| [private\_network\_acl\_id](#output\_private\_network\_acl\_id) | ID of the private network ACL | -| [private\_route\_table\_association\_ids](#output\_private\_route\_table\_association\_ids) | List of IDs of the private route table association | -| [private\_route\_table\_ids](#output\_private\_route\_table\_ids) | List of IDs of private route tables | -| [private\_subnet\_arns](#output\_private\_subnet\_arns) | List of ARNs of private subnets | -| [private\_subnets](#output\_private\_subnets) | List of IDs of private subnets | -| [private\_subnets\_cidr\_blocks](#output\_private\_subnets\_cidr\_blocks) | List of cidr\_blocks of private subnets | -| [private\_subnets\_ipv6\_cidr\_blocks](#output\_private\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of private subnets in an IPv6 enabled VPC | -| [public\_internet\_gateway\_ipv6\_route\_id](#output\_public\_internet\_gateway\_ipv6\_route\_id) | ID of the IPv6 internet gateway route | -| [public\_internet\_gateway\_route\_id](#output\_public\_internet\_gateway\_route\_id) | ID of the internet gateway route | -| [public\_network\_acl\_arn](#output\_public\_network\_acl\_arn) | ARN of the public network ACL | -| [public\_network\_acl\_id](#output\_public\_network\_acl\_id) | ID of the public network ACL | -| [public\_route\_table\_association\_ids](#output\_public\_route\_table\_association\_ids) | List of IDs of the public route table association | -| [public\_route\_table\_ids](#output\_public\_route\_table\_ids) | List of IDs of public route tables | -| [public\_subnet\_arns](#output\_public\_subnet\_arns) | List of ARNs of public subnets | -| [public\_subnets](#output\_public\_subnets) | List of IDs of public subnets | -| [public\_subnets\_cidr\_blocks](#output\_public\_subnets\_cidr\_blocks) | List of cidr\_blocks of public subnets | -| [public\_subnets\_ipv6\_cidr\_blocks](#output\_public\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of public subnets in an IPv6 enabled VPC | -| [redshift\_network\_acl\_arn](#output\_redshift\_network\_acl\_arn) | ARN of the redshift network ACL | -| [redshift\_network\_acl\_id](#output\_redshift\_network\_acl\_id) | ID of the redshift network ACL | -| [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshift route table association | -| [redshift\_route\_table\_association\_ids](#output\_redshift\_route\_table\_association\_ids) | List of IDs of the redshift route table association | -| [redshift\_route\_table\_ids](#output\_redshift\_route\_table\_ids) | List of IDs of redshift route tables | -| [redshift\_subnet\_arns](#output\_redshift\_subnet\_arns) | List of ARNs of redshift subnets | -| [redshift\_subnet\_group](#output\_redshift\_subnet\_group) | ID of redshift subnet group | -| [redshift\_subnets](#output\_redshift\_subnets) | List of IDs of redshift subnets | -| [redshift\_subnets\_cidr\_blocks](#output\_redshift\_subnets\_cidr\_blocks) | List of cidr\_blocks of redshift subnets | -| [redshift\_subnets\_ipv6\_cidr\_blocks](#output\_redshift\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of redshift subnets in an IPv6 enabled VPC | -| [this\_customer\_gateway](#output\_this\_customer\_gateway) | Map of Customer Gateway attributes | -| [vgw\_arn](#output\_vgw\_arn) | The ARN of the VPN Gateway | -| [vgw\_id](#output\_vgw\_id) | The ID of the VPN Gateway | -| [vpc\_arn](#output\_vpc\_arn) | The ARN of the VPC | -| [vpc\_cidr\_block](#output\_vpc\_cidr\_block) | The CIDR block of the VPC | -| [vpc\_enable\_dns\_hostnames](#output\_vpc\_enable\_dns\_hostnames) | Whether or not the VPC has DNS hostname support | -| [vpc\_enable\_dns\_support](#output\_vpc\_enable\_dns\_support) | Whether or not the VPC has DNS support | -| [vpc\_flow\_log\_cloudwatch\_iam\_role\_arn](#output\_vpc\_flow\_log\_cloudwatch\_iam\_role\_arn) | The ARN of the IAM role used when pushing logs to Cloudwatch log group | -| [vpc\_flow\_log\_destination\_arn](#output\_vpc\_flow\_log\_destination\_arn) | The ARN of the destination for VPC Flow Logs | -| [vpc\_flow\_log\_destination\_type](#output\_vpc\_flow\_log\_destination\_type) | The type of the destination for VPC Flow Logs | -| [vpc\_flow\_log\_id](#output\_vpc\_flow\_log\_id) | The ID of the Flow Log resource | -| [vpc\_id](#output\_vpc\_id) | The ID of the VPC | -| [vpc\_instance\_tenancy](#output\_vpc\_instance\_tenancy) | Tenancy of instances spin up within VPC | -| [vpc\_ipv6\_association\_id](#output\_vpc\_ipv6\_association\_id) | The association ID for the IPv6 CIDR block | -| [vpc\_ipv6\_cidr\_block](#output\_vpc\_ipv6\_cidr\_block) | The IPv6 CIDR block | -| [vpc\_main\_route\_table\_id](#output\_vpc\_main\_route\_table\_id) | The ID of the main route table associated with this VPC | -| [vpc\_owner\_id](#output\_vpc\_owner\_id) | The ID of the AWS account that owns the VPC | -| [vpc\_secondary\_cidr\_blocks](#output\_vpc\_secondary\_cidr\_blocks) | List of secondary CIDR blocks of the VPC | - diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/ipam/main.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/ipam/main.tf deleted file mode 100644 index d4385120..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/ipam/main.tf +++ /dev/null @@ -1,149 +0,0 @@ -provider "aws" { - region = local.region -} - -data "aws_availability_zones" "available" {} - -locals { - name = "ex-${basename(path.cwd)}" - region = "eu-west-1" - - azs = slice(data.aws_availability_zones.available.names, 0, 3) - preview_partition = cidrsubnets(aws_vpc_ipam_preview_next_cidr.this.cidr, 2, 2, 2) - - tags = { - Example = local.name - GithubRepo = "terraform-aws-vpc" - GithubOrg = "terraform-aws-modules" - } -} - -################################################################################ -# VPC Module -################################################################################ - -# IPv4 -module "vpc_ipam_set_netmask" { - source = "../.." - - name = "${local.name}-set-netmask" - - use_ipam_pool = true - ipv4_ipam_pool_id = aws_vpc_ipam_pool.this.id - ipv4_netmask_length = 16 - azs = local.azs - - private_subnets = cidrsubnets(local.preview_partition[0], 2, 2, 2) - public_subnets = cidrsubnets(local.preview_partition[1], 2, 2, 2) - - tags = local.tags - - depends_on = [ - aws_vpc_ipam_pool_cidr.this - ] -} - -module "vpc_ipam_set_cidr" { - source = "../.." - - name = "${local.name}-set-cidr" - - use_ipam_pool = true - ipv4_ipam_pool_id = aws_vpc_ipam_pool.this.id - cidr = "10.1.0.0/16" - azs = local.azs - - private_subnets = ["10.1.1.0/24", "10.1.2.0/24", "10.1.3.0/24"] - public_subnets = ["10.1.11.0/24", "10.1.12.0/24", "10.1.13.0/24"] - - tags = local.tags -} - -# # IPv6 - Requires having a CIDR plus its message and signature (see below) -# module "vpc_ipv6_ipam_set_netmask" { -# source = "../.." - -# name = "${local.name}-ipv6-set-netmask" - -# use_ipam_pool = true -# ipv4_ipam_pool_id = aws_vpc_ipam_pool.this.id -# ipv6_ipam_pool_id = aws_vpc_ipam_pool.ipv6.id -# ipv6_netmask_length = 56 -# azs = local.azs - -# tags = local.tags -# } - -################################################################################ -# Supporting Resources -################################################################################ - -/* -NOTES ON IPAM USAGE: - -In order to build subnets with your VPC Terraform must know subnet CIDRs to properly plan # of resources to build. -Since CIDR is derived by IPAM by calling CreateVpc this is not possible within a module unless cidr is known ahead of time. -We can get around this by "previewing" the CIDR and then using that as the subnet values. - -In the example above we use `cidrsubnets()` to calculate a public and private "partitions" (group of cidrs) then calculate the specific -CIDRs for each subnet type. - -For an explanation on prolonged delete times on IPAM pools see 2nd -*note* in terraform docs: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipam_pool_cidr -*/ - -resource "aws_vpc_ipam" "this" { - operating_regions { - region_name = local.region - } - - tags = local.tags -} - -# IPv4 -resource "aws_vpc_ipam_pool" "this" { - description = "IPv4 pool" - address_family = "ipv4" - ipam_scope_id = aws_vpc_ipam.this.private_default_scope_id - locale = local.region - allocation_default_netmask_length = 16 - - tags = local.tags -} - -resource "aws_vpc_ipam_pool_cidr" "this" { - ipam_pool_id = aws_vpc_ipam_pool.this.id - cidr = "10.0.0.0/8" -} - -resource "aws_vpc_ipam_preview_next_cidr" "this" { - ipam_pool_id = aws_vpc_ipam_pool.this.id - - depends_on = [ - aws_vpc_ipam_pool_cidr.this - ] -} - -# IPv6 -resource "aws_vpc_ipam_pool" "ipv6" { - description = "IPv6 pool" - address_family = "ipv6" - ipam_scope_id = aws_vpc_ipam.this.public_default_scope_id - locale = local.region - allocation_default_netmask_length = 56 - publicly_advertisable = false - aws_service = "ec2" - - tags = local.tags -} - -# # Requires having a CIDR plus its message and signature -# resource "aws_vpc_ipam_pool_cidr" "ipv6" { -# ipam_pool_id = aws_vpc_ipam_pool.ipv6.id -# cidr = var.ipv6_cidr - -# cidr_authorization_context { -# message = var.message -# signature = var.signature -# } -# } diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/ipam/outputs.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/ipam/outputs.tf deleted file mode 100644 index 47ca2117..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/ipam/outputs.tf +++ /dev/null @@ -1,535 +0,0 @@ -output "vpc_id" { - description = "The ID of the VPC" - value = module.vpc_ipam_set_netmask.vpc_id -} - -output "vpc_arn" { - description = "The ARN of the VPC" - value = module.vpc_ipam_set_netmask.vpc_arn -} - -output "vpc_cidr_block" { - description = "The CIDR block of the VPC" - value = module.vpc_ipam_set_netmask.vpc_cidr_block -} - -output "default_security_group_id" { - description = "The ID of the security group created by default on VPC creation" - value = module.vpc_ipam_set_netmask.default_security_group_id -} - -output "default_network_acl_id" { - description = "The ID of the default network ACL" - value = module.vpc_ipam_set_netmask.default_network_acl_id -} - -output "default_route_table_id" { - description = "The ID of the default route table" - value = module.vpc_ipam_set_netmask.default_route_table_id -} - -output "vpc_instance_tenancy" { - description = "Tenancy of instances spin up within VPC" - value = module.vpc_ipam_set_netmask.vpc_instance_tenancy -} - -output "vpc_enable_dns_support" { - description = "Whether or not the VPC has DNS support" - value = module.vpc_ipam_set_netmask.vpc_enable_dns_support -} - -output "vpc_enable_dns_hostnames" { - description = "Whether or not the VPC has DNS hostname support" - value = module.vpc_ipam_set_netmask.vpc_enable_dns_hostnames -} - -output "vpc_main_route_table_id" { - description = "The ID of the main route table associated with this VPC" - value = module.vpc_ipam_set_netmask.vpc_main_route_table_id -} - -output "vpc_ipv6_association_id" { - description = "The association ID for the IPv6 CIDR block" - value = module.vpc_ipam_set_netmask.vpc_ipv6_association_id -} - -output "vpc_ipv6_cidr_block" { - description = "The IPv6 CIDR block" - value = module.vpc_ipam_set_netmask.vpc_ipv6_cidr_block -} - -output "vpc_secondary_cidr_blocks" { - description = "List of secondary CIDR blocks of the VPC" - value = module.vpc_ipam_set_netmask.vpc_secondary_cidr_blocks -} - -output "vpc_owner_id" { - description = "The ID of the AWS account that owns the VPC" - value = module.vpc_ipam_set_netmask.vpc_owner_id -} - -output "private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc_ipam_set_netmask.private_subnets -} - -output "private_subnet_arns" { - description = "List of ARNs of private subnets" - value = module.vpc_ipam_set_netmask.private_subnet_arns -} - -output "private_subnets_cidr_blocks" { - description = "List of cidr_blocks of private subnets" - value = module.vpc_ipam_set_netmask.private_subnets_cidr_blocks -} - -output "private_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of private subnets in an IPv6 enabled VPC" - value = module.vpc_ipam_set_netmask.private_subnets_ipv6_cidr_blocks -} - -output "public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc_ipam_set_netmask.public_subnets -} - -output "public_subnet_arns" { - description = "List of ARNs of public subnets" - value = module.vpc_ipam_set_netmask.public_subnet_arns -} - -output "public_subnets_cidr_blocks" { - description = "List of cidr_blocks of public subnets" - value = module.vpc_ipam_set_netmask.public_subnets_cidr_blocks -} - -output "public_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of public subnets in an IPv6 enabled VPC" - value = module.vpc_ipam_set_netmask.public_subnets_ipv6_cidr_blocks -} - -output "outpost_subnets" { - description = "List of IDs of outpost subnets" - value = module.vpc_ipam_set_netmask.outpost_subnets -} - -output "outpost_subnet_arns" { - description = "List of ARNs of outpost subnets" - value = module.vpc_ipam_set_netmask.outpost_subnet_arns -} - -output "outpost_subnets_cidr_blocks" { - description = "List of cidr_blocks of outpost subnets" - value = module.vpc_ipam_set_netmask.outpost_subnets_cidr_blocks -} - -output "outpost_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of outpost subnets in an IPv6 enabled VPC" - value = module.vpc_ipam_set_netmask.outpost_subnets_ipv6_cidr_blocks -} - -output "database_subnets" { - description = "List of IDs of database subnets" - value = module.vpc_ipam_set_netmask.database_subnets -} - -output "database_subnet_arns" { - description = "List of ARNs of database subnets" - value = module.vpc_ipam_set_netmask.database_subnet_arns -} - -output "database_subnets_cidr_blocks" { - description = "List of cidr_blocks of database subnets" - value = module.vpc_ipam_set_netmask.database_subnets_cidr_blocks -} - -output "database_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of database subnets in an IPv6 enabled VPC" - value = module.vpc_ipam_set_netmask.database_subnets_ipv6_cidr_blocks -} - -output "database_subnet_group" { - description = "ID of database subnet group" - value = module.vpc_ipam_set_netmask.database_subnet_group -} - -output "database_subnet_group_name" { - description = "Name of database subnet group" - value = module.vpc_ipam_set_netmask.database_subnet_group_name -} - -output "redshift_subnets" { - description = "List of IDs of redshift subnets" - value = module.vpc_ipam_set_netmask.redshift_subnets -} - -output "redshift_subnet_arns" { - description = "List of ARNs of redshift subnets" - value = module.vpc_ipam_set_netmask.redshift_subnet_arns -} - -output "redshift_subnets_cidr_blocks" { - description = "List of cidr_blocks of redshift subnets" - value = module.vpc_ipam_set_netmask.redshift_subnets_cidr_blocks -} - -output "redshift_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of redshift subnets in an IPv6 enabled VPC" - value = module.vpc_ipam_set_netmask.redshift_subnets_ipv6_cidr_blocks -} - -output "redshift_subnet_group" { - description = "ID of redshift subnet group" - value = module.vpc_ipam_set_netmask.redshift_subnet_group -} - -output "elasticache_subnets" { - description = "List of IDs of elasticache subnets" - value = module.vpc_ipam_set_netmask.elasticache_subnets -} - -output "elasticache_subnet_arns" { - description = "List of ARNs of elasticache subnets" - value = module.vpc_ipam_set_netmask.elasticache_subnet_arns -} - -output "elasticache_subnets_cidr_blocks" { - description = "List of cidr_blocks of elasticache subnets" - value = module.vpc_ipam_set_netmask.elasticache_subnets_cidr_blocks -} - -output "elasticache_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of elasticache subnets in an IPv6 enabled VPC" - value = module.vpc_ipam_set_netmask.elasticache_subnets_ipv6_cidr_blocks -} - -output "intra_subnets" { - description = "List of IDs of intra subnets" - value = module.vpc_ipam_set_netmask.intra_subnets -} - -output "intra_subnet_arns" { - description = "List of ARNs of intra subnets" - value = module.vpc_ipam_set_netmask.intra_subnet_arns -} - -output "intra_subnets_cidr_blocks" { - description = "List of cidr_blocks of intra subnets" - value = module.vpc_ipam_set_netmask.intra_subnets_cidr_blocks -} - -output "intra_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of intra subnets in an IPv6 enabled VPC" - value = module.vpc_ipam_set_netmask.intra_subnets_ipv6_cidr_blocks -} - -output "elasticache_subnet_group" { - description = "ID of elasticache subnet group" - value = module.vpc_ipam_set_netmask.elasticache_subnet_group -} - -output "elasticache_subnet_group_name" { - description = "Name of elasticache subnet group" - value = module.vpc_ipam_set_netmask.elasticache_subnet_group_name -} - -output "public_route_table_ids" { - description = "List of IDs of public route tables" - value = module.vpc_ipam_set_netmask.public_route_table_ids -} - -output "private_route_table_ids" { - description = "List of IDs of private route tables" - value = module.vpc_ipam_set_netmask.private_route_table_ids -} - -output "database_route_table_ids" { - description = "List of IDs of database route tables" - value = module.vpc_ipam_set_netmask.database_route_table_ids -} - -output "redshift_route_table_ids" { - description = "List of IDs of redshift route tables" - value = module.vpc_ipam_set_netmask.redshift_route_table_ids -} - -output "elasticache_route_table_ids" { - description = "List of IDs of elasticache route tables" - value = module.vpc_ipam_set_netmask.elasticache_route_table_ids -} - -output "intra_route_table_ids" { - description = "List of IDs of intra route tables" - value = module.vpc_ipam_set_netmask.intra_route_table_ids -} - -output "public_internet_gateway_route_id" { - description = "ID of the internet gateway route" - value = module.vpc_ipam_set_netmask.public_internet_gateway_route_id -} - -output "public_internet_gateway_ipv6_route_id" { - description = "ID of the IPv6 internet gateway route" - value = module.vpc_ipam_set_netmask.public_internet_gateway_ipv6_route_id -} - -output "database_internet_gateway_route_id" { - description = "ID of the database internet gateway route" - value = module.vpc_ipam_set_netmask.database_internet_gateway_route_id -} - -output "database_nat_gateway_route_ids" { - description = "List of IDs of the database nat gateway route" - value = module.vpc_ipam_set_netmask.database_nat_gateway_route_ids -} - -output "database_ipv6_egress_route_id" { - description = "ID of the database IPv6 egress route" - value = module.vpc_ipam_set_netmask.database_ipv6_egress_route_id -} - -output "private_nat_gateway_route_ids" { - description = "List of IDs of the private nat gateway route" - value = module.vpc_ipam_set_netmask.private_nat_gateway_route_ids -} - -output "private_ipv6_egress_route_ids" { - description = "List of IDs of the ipv6 egress route" - value = module.vpc_ipam_set_netmask.private_ipv6_egress_route_ids -} - -output "private_route_table_association_ids" { - description = "List of IDs of the private route table association" - value = module.vpc_ipam_set_netmask.private_route_table_association_ids -} - -output "database_route_table_association_ids" { - description = "List of IDs of the database route table association" - value = module.vpc_ipam_set_netmask.database_route_table_association_ids -} - -output "redshift_route_table_association_ids" { - description = "List of IDs of the redshift route table association" - value = module.vpc_ipam_set_netmask.redshift_route_table_association_ids -} - -output "redshift_public_route_table_association_ids" { - description = "List of IDs of the public redshift route table association" - value = module.vpc_ipam_set_netmask.redshift_public_route_table_association_ids -} - -output "elasticache_route_table_association_ids" { - description = "List of IDs of the elasticache route table association" - value = module.vpc_ipam_set_netmask.elasticache_route_table_association_ids -} - -output "intra_route_table_association_ids" { - description = "List of IDs of the intra route table association" - value = module.vpc_ipam_set_netmask.intra_route_table_association_ids -} - -output "public_route_table_association_ids" { - description = "List of IDs of the public route table association" - value = module.vpc_ipam_set_netmask.public_route_table_association_ids -} - -output "dhcp_options_id" { - description = "The ID of the DHCP options" - value = module.vpc_ipam_set_netmask.dhcp_options_id -} - -output "nat_ids" { - description = "List of allocation ID of Elastic IPs created for AWS NAT Gateway" - value = module.vpc_ipam_set_netmask.nat_ids -} - -output "nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = module.vpc_ipam_set_netmask.nat_public_ips -} - -output "natgw_ids" { - description = "List of NAT Gateway IDs" - value = module.vpc_ipam_set_netmask.natgw_ids -} - -output "igw_id" { - description = "The ID of the Internet Gateway" - value = module.vpc_ipam_set_netmask.igw_id -} - -output "igw_arn" { - description = "The ARN of the Internet Gateway" - value = module.vpc_ipam_set_netmask.igw_arn -} - -output "egress_only_internet_gateway_id" { - description = "The ID of the egress only Internet Gateway" - value = module.vpc_ipam_set_netmask.egress_only_internet_gateway_id -} - -output "cgw_ids" { - description = "List of IDs of Customer Gateway" - value = module.vpc_ipam_set_netmask.cgw_ids -} - -output "cgw_arns" { - description = "List of ARNs of Customer Gateway" - value = module.vpc_ipam_set_netmask.cgw_arns -} - -output "this_customer_gateway" { - description = "Map of Customer Gateway attributes" - value = module.vpc_ipam_set_netmask.this_customer_gateway -} - -output "vgw_id" { - description = "The ID of the VPN Gateway" - value = module.vpc_ipam_set_netmask.vgw_id -} - -output "vgw_arn" { - description = "The ARN of the VPN Gateway" - value = module.vpc_ipam_set_netmask.vgw_arn -} - -output "default_vpc_id" { - description = "The ID of the Default VPC" - value = module.vpc_ipam_set_netmask.default_vpc_id -} - -output "default_vpc_arn" { - description = "The ARN of the Default VPC" - value = module.vpc_ipam_set_netmask.default_vpc_arn -} - -output "default_vpc_cidr_block" { - description = "The CIDR block of the Default VPC" - value = module.vpc_ipam_set_netmask.default_vpc_cidr_block -} - -output "default_vpc_default_security_group_id" { - description = "The ID of the security group created by default on Default VPC creation" - value = module.vpc_ipam_set_netmask.default_vpc_default_security_group_id -} - -output "default_vpc_default_network_acl_id" { - description = "The ID of the default network ACL of the Default VPC" - value = module.vpc_ipam_set_netmask.default_vpc_default_network_acl_id -} - -output "default_vpc_default_route_table_id" { - description = "The ID of the default route table of the Default VPC" - value = module.vpc_ipam_set_netmask.default_vpc_default_route_table_id -} - -output "default_vpc_instance_tenancy" { - description = "Tenancy of instances spin up within Default VPC" - value = module.vpc_ipam_set_netmask.default_vpc_instance_tenancy -} - -output "default_vpc_enable_dns_support" { - description = "Whether or not the Default VPC has DNS support" - value = module.vpc_ipam_set_netmask.default_vpc_enable_dns_support -} - -output "default_vpc_enable_dns_hostnames" { - description = "Whether or not the Default VPC has DNS hostname support" - value = module.vpc_ipam_set_netmask.default_vpc_enable_dns_hostnames -} - -output "default_vpc_main_route_table_id" { - description = "The ID of the main route table associated with the Default VPC" - value = module.vpc_ipam_set_netmask.default_vpc_main_route_table_id -} - -output "public_network_acl_id" { - description = "ID of the public network ACL" - value = module.vpc_ipam_set_netmask.public_network_acl_id -} - -output "public_network_acl_arn" { - description = "ARN of the public network ACL" - value = module.vpc_ipam_set_netmask.public_network_acl_arn -} - -output "private_network_acl_id" { - description = "ID of the private network ACL" - value = module.vpc_ipam_set_netmask.private_network_acl_id -} - -output "private_network_acl_arn" { - description = "ARN of the private network ACL" - value = module.vpc_ipam_set_netmask.private_network_acl_arn -} - -output "outpost_network_acl_id" { - description = "ID of the outpost network ACL" - value = module.vpc_ipam_set_netmask.outpost_network_acl_id -} - -output "outpost_network_acl_arn" { - description = "ARN of the outpost network ACL" - value = module.vpc_ipam_set_netmask.outpost_network_acl_arn -} - -output "intra_network_acl_id" { - description = "ID of the intra network ACL" - value = module.vpc_ipam_set_netmask.intra_network_acl_id -} - -output "intra_network_acl_arn" { - description = "ARN of the intra network ACL" - value = module.vpc_ipam_set_netmask.intra_network_acl_arn -} - -output "database_network_acl_id" { - description = "ID of the database network ACL" - value = module.vpc_ipam_set_netmask.database_network_acl_id -} - -output "database_network_acl_arn" { - description = "ARN of the database network ACL" - value = module.vpc_ipam_set_netmask.database_network_acl_arn -} - -output "redshift_network_acl_id" { - description = "ID of the redshift network ACL" - value = module.vpc_ipam_set_netmask.redshift_network_acl_id -} - -output "redshift_network_acl_arn" { - description = "ARN of the redshift network ACL" - value = module.vpc_ipam_set_netmask.redshift_network_acl_arn -} - -output "elasticache_network_acl_id" { - description = "ID of the elasticache network ACL" - value = module.vpc_ipam_set_netmask.elasticache_network_acl_id -} - -output "elasticache_network_acl_arn" { - description = "ARN of the elasticache network ACL" - value = module.vpc_ipam_set_netmask.elasticache_network_acl_arn -} - -# VPC flow log -output "vpc_flow_log_id" { - description = "The ID of the Flow Log resource" - value = module.vpc_ipam_set_netmask.vpc_flow_log_id -} - -output "vpc_flow_log_destination_arn" { - description = "The ARN of the destination for VPC Flow Logs" - value = module.vpc_ipam_set_netmask.vpc_flow_log_destination_arn -} - -output "vpc_flow_log_destination_type" { - description = "The type of the destination for VPC Flow Logs" - value = module.vpc_ipam_set_netmask.vpc_flow_log_destination_type -} - -output "vpc_flow_log_cloudwatch_iam_role_arn" { - description = "The ARN of the IAM role used when pushing logs to Cloudwatch log group" - value = module.vpc_ipam_set_netmask.vpc_flow_log_cloudwatch_iam_role_arn -} diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/ipam/variables.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/ipam/variables.tf deleted file mode 100644 index e69de29b..00000000 diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/ipam/versions.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/ipam/versions.tf deleted file mode 100644 index ddfcb0e0..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/ipam/versions.tf +++ /dev/null @@ -1,10 +0,0 @@ -terraform { - required_version = ">= 1.0" - - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 5.0" - } - } -} diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/ipv6-dualstack/README.md b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/ipv6-dualstack/README.md deleted file mode 100644 index 3318683e..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/ipv6-dualstack/README.md +++ /dev/null @@ -1,158 +0,0 @@ -# VPC with IPv6 enabled - -Configuration in this directory creates set of VPC resources with IPv6 enabled on VPC and subnets. - -## Usage - -To run this example you need to execute: - -```bash -$ terraform init -$ terraform plan -$ terraform apply -``` - -Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources. - - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.0 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | >= 5.0 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [vpc](#module\_vpc) | ../.. | n/a | - -## Resources - -| Name | Type | -|------|------| -| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source | - -## Inputs - -No inputs. - -## Outputs - -| Name | Description | -|------|-------------| -| [cgw\_arns](#output\_cgw\_arns) | List of ARNs of Customer Gateway | -| [cgw\_ids](#output\_cgw\_ids) | List of IDs of Customer Gateway | -| [database\_internet\_gateway\_route\_id](#output\_database\_internet\_gateway\_route\_id) | ID of the database internet gateway route | -| [database\_ipv6\_egress\_route\_id](#output\_database\_ipv6\_egress\_route\_id) | ID of the database IPv6 egress route | -| [database\_nat\_gateway\_route\_ids](#output\_database\_nat\_gateway\_route\_ids) | List of IDs of the database nat gateway route | -| [database\_network\_acl\_arn](#output\_database\_network\_acl\_arn) | ARN of the database network ACL | -| [database\_network\_acl\_id](#output\_database\_network\_acl\_id) | ID of the database network ACL | -| [database\_route\_table\_association\_ids](#output\_database\_route\_table\_association\_ids) | List of IDs of the database route table association | -| [database\_route\_table\_ids](#output\_database\_route\_table\_ids) | List of IDs of database route tables | -| [database\_subnet\_arns](#output\_database\_subnet\_arns) | List of ARNs of database subnets | -| [database\_subnet\_group](#output\_database\_subnet\_group) | ID of database subnet group | -| [database\_subnet\_group\_name](#output\_database\_subnet\_group\_name) | Name of database subnet group | -| [database\_subnets](#output\_database\_subnets) | List of IDs of database subnets | -| [database\_subnets\_cidr\_blocks](#output\_database\_subnets\_cidr\_blocks) | List of cidr\_blocks of database subnets | -| [database\_subnets\_ipv6\_cidr\_blocks](#output\_database\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of database subnets in an IPv6 enabled VPC | -| [default\_network\_acl\_id](#output\_default\_network\_acl\_id) | The ID of the default network ACL | -| [default\_route\_table\_id](#output\_default\_route\_table\_id) | The ID of the default route table | -| [default\_security\_group\_id](#output\_default\_security\_group\_id) | The ID of the security group created by default on VPC creation | -| [default\_vpc\_arn](#output\_default\_vpc\_arn) | The ARN of the Default VPC | -| [default\_vpc\_cidr\_block](#output\_default\_vpc\_cidr\_block) | The CIDR block of the Default VPC | -| [default\_vpc\_default\_network\_acl\_id](#output\_default\_vpc\_default\_network\_acl\_id) | The ID of the default network ACL of the Default VPC | -| [default\_vpc\_default\_route\_table\_id](#output\_default\_vpc\_default\_route\_table\_id) | The ID of the default route table of the Default VPC | -| [default\_vpc\_default\_security\_group\_id](#output\_default\_vpc\_default\_security\_group\_id) | The ID of the security group created by default on Default VPC creation | -| [default\_vpc\_enable\_dns\_hostnames](#output\_default\_vpc\_enable\_dns\_hostnames) | Whether or not the Default VPC has DNS hostname support | -| [default\_vpc\_enable\_dns\_support](#output\_default\_vpc\_enable\_dns\_support) | Whether or not the Default VPC has DNS support | -| [default\_vpc\_id](#output\_default\_vpc\_id) | The ID of the Default VPC | -| [default\_vpc\_instance\_tenancy](#output\_default\_vpc\_instance\_tenancy) | Tenancy of instances spin up within Default VPC | -| [default\_vpc\_main\_route\_table\_id](#output\_default\_vpc\_main\_route\_table\_id) | The ID of the main route table associated with the Default VPC | -| [dhcp\_options\_id](#output\_dhcp\_options\_id) | The ID of the DHCP options | -| [egress\_only\_internet\_gateway\_id](#output\_egress\_only\_internet\_gateway\_id) | The ID of the egress only Internet Gateway | -| [elasticache\_network\_acl\_arn](#output\_elasticache\_network\_acl\_arn) | ARN of the elasticache network ACL | -| [elasticache\_network\_acl\_id](#output\_elasticache\_network\_acl\_id) | ID of the elasticache network ACL | -| [elasticache\_route\_table\_association\_ids](#output\_elasticache\_route\_table\_association\_ids) | List of IDs of the elasticache route table association | -| [elasticache\_route\_table\_ids](#output\_elasticache\_route\_table\_ids) | List of IDs of elasticache route tables | -| [elasticache\_subnet\_arns](#output\_elasticache\_subnet\_arns) | List of ARNs of elasticache subnets | -| [elasticache\_subnet\_group](#output\_elasticache\_subnet\_group) | ID of elasticache subnet group | -| [elasticache\_subnet\_group\_name](#output\_elasticache\_subnet\_group\_name) | Name of elasticache subnet group | -| [elasticache\_subnets](#output\_elasticache\_subnets) | List of IDs of elasticache subnets | -| [elasticache\_subnets\_cidr\_blocks](#output\_elasticache\_subnets\_cidr\_blocks) | List of cidr\_blocks of elasticache subnets | -| [elasticache\_subnets\_ipv6\_cidr\_blocks](#output\_elasticache\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of elasticache subnets in an IPv6 enabled VPC | -| [igw\_arn](#output\_igw\_arn) | The ARN of the Internet Gateway | -| [igw\_id](#output\_igw\_id) | The ID of the Internet Gateway | -| [intra\_network\_acl\_arn](#output\_intra\_network\_acl\_arn) | ARN of the intra network ACL | -| [intra\_network\_acl\_id](#output\_intra\_network\_acl\_id) | ID of the intra network ACL | -| [intra\_route\_table\_association\_ids](#output\_intra\_route\_table\_association\_ids) | List of IDs of the intra route table association | -| [intra\_route\_table\_ids](#output\_intra\_route\_table\_ids) | List of IDs of intra route tables | -| [intra\_subnet\_arns](#output\_intra\_subnet\_arns) | List of ARNs of intra subnets | -| [intra\_subnets](#output\_intra\_subnets) | List of IDs of intra subnets | -| [intra\_subnets\_cidr\_blocks](#output\_intra\_subnets\_cidr\_blocks) | List of cidr\_blocks of intra subnets | -| [intra\_subnets\_ipv6\_cidr\_blocks](#output\_intra\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of intra subnets in an IPv6 enabled VPC | -| [nat\_ids](#output\_nat\_ids) | List of allocation ID of Elastic IPs created for AWS NAT Gateway | -| [nat\_public\_ips](#output\_nat\_public\_ips) | List of public Elastic IPs created for AWS NAT Gateway | -| [natgw\_ids](#output\_natgw\_ids) | List of NAT Gateway IDs | -| [outpost\_network\_acl\_arn](#output\_outpost\_network\_acl\_arn) | ARN of the outpost network ACL | -| [outpost\_network\_acl\_id](#output\_outpost\_network\_acl\_id) | ID of the outpost network ACL | -| [outpost\_subnet\_arns](#output\_outpost\_subnet\_arns) | List of ARNs of outpost subnets | -| [outpost\_subnets](#output\_outpost\_subnets) | List of IDs of outpost subnets | -| [outpost\_subnets\_cidr\_blocks](#output\_outpost\_subnets\_cidr\_blocks) | List of cidr\_blocks of outpost subnets | -| [outpost\_subnets\_ipv6\_cidr\_blocks](#output\_outpost\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of outpost subnets in an IPv6 enabled VPC | -| [private\_ipv6\_egress\_route\_ids](#output\_private\_ipv6\_egress\_route\_ids) | List of IDs of the ipv6 egress route | -| [private\_nat\_gateway\_route\_ids](#output\_private\_nat\_gateway\_route\_ids) | List of IDs of the private nat gateway route | -| [private\_network\_acl\_arn](#output\_private\_network\_acl\_arn) | ARN of the private network ACL | -| [private\_network\_acl\_id](#output\_private\_network\_acl\_id) | ID of the private network ACL | -| [private\_route\_table\_association\_ids](#output\_private\_route\_table\_association\_ids) | List of IDs of the private route table association | -| [private\_route\_table\_ids](#output\_private\_route\_table\_ids) | List of IDs of private route tables | -| [private\_subnet\_arns](#output\_private\_subnet\_arns) | List of ARNs of private subnets | -| [private\_subnets](#output\_private\_subnets) | List of IDs of private subnets | -| [private\_subnets\_cidr\_blocks](#output\_private\_subnets\_cidr\_blocks) | List of cidr\_blocks of private subnets | -| [private\_subnets\_ipv6\_cidr\_blocks](#output\_private\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of private subnets in an IPv6 enabled VPC | -| [public\_internet\_gateway\_ipv6\_route\_id](#output\_public\_internet\_gateway\_ipv6\_route\_id) | ID of the IPv6 internet gateway route | -| [public\_internet\_gateway\_route\_id](#output\_public\_internet\_gateway\_route\_id) | ID of the internet gateway route | -| [public\_network\_acl\_arn](#output\_public\_network\_acl\_arn) | ARN of the public network ACL | -| [public\_network\_acl\_id](#output\_public\_network\_acl\_id) | ID of the public network ACL | -| [public\_route\_table\_association\_ids](#output\_public\_route\_table\_association\_ids) | List of IDs of the public route table association | -| [public\_route\_table\_ids](#output\_public\_route\_table\_ids) | List of IDs of public route tables | -| [public\_subnet\_arns](#output\_public\_subnet\_arns) | List of ARNs of public subnets | -| [public\_subnets](#output\_public\_subnets) | List of IDs of public subnets | -| [public\_subnets\_cidr\_blocks](#output\_public\_subnets\_cidr\_blocks) | List of cidr\_blocks of public subnets | -| [public\_subnets\_ipv6\_cidr\_blocks](#output\_public\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of public subnets in an IPv6 enabled VPC | -| [redshift\_network\_acl\_arn](#output\_redshift\_network\_acl\_arn) | ARN of the redshift network ACL | -| [redshift\_network\_acl\_id](#output\_redshift\_network\_acl\_id) | ID of the redshift network ACL | -| [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshift route table association | -| [redshift\_route\_table\_association\_ids](#output\_redshift\_route\_table\_association\_ids) | List of IDs of the redshift route table association | -| [redshift\_route\_table\_ids](#output\_redshift\_route\_table\_ids) | List of IDs of redshift route tables | -| [redshift\_subnet\_arns](#output\_redshift\_subnet\_arns) | List of ARNs of redshift subnets | -| [redshift\_subnet\_group](#output\_redshift\_subnet\_group) | ID of redshift subnet group | -| [redshift\_subnets](#output\_redshift\_subnets) | List of IDs of redshift subnets | -| [redshift\_subnets\_cidr\_blocks](#output\_redshift\_subnets\_cidr\_blocks) | List of cidr\_blocks of redshift subnets | -| [redshift\_subnets\_ipv6\_cidr\_blocks](#output\_redshift\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of redshift subnets in an IPv6 enabled VPC | -| [this\_customer\_gateway](#output\_this\_customer\_gateway) | Map of Customer Gateway attributes | -| [vgw\_arn](#output\_vgw\_arn) | The ARN of the VPN Gateway | -| [vgw\_id](#output\_vgw\_id) | The ID of the VPN Gateway | -| [vpc\_arn](#output\_vpc\_arn) | The ARN of the VPC | -| [vpc\_cidr\_block](#output\_vpc\_cidr\_block) | The CIDR block of the VPC | -| [vpc\_enable\_dns\_hostnames](#output\_vpc\_enable\_dns\_hostnames) | Whether or not the VPC has DNS hostname support | -| [vpc\_enable\_dns\_support](#output\_vpc\_enable\_dns\_support) | Whether or not the VPC has DNS support | -| [vpc\_flow\_log\_cloudwatch\_iam\_role\_arn](#output\_vpc\_flow\_log\_cloudwatch\_iam\_role\_arn) | The ARN of the IAM role used when pushing logs to Cloudwatch log group | -| [vpc\_flow\_log\_destination\_arn](#output\_vpc\_flow\_log\_destination\_arn) | The ARN of the destination for VPC Flow Logs | -| [vpc\_flow\_log\_destination\_type](#output\_vpc\_flow\_log\_destination\_type) | The type of the destination for VPC Flow Logs | -| [vpc\_flow\_log\_id](#output\_vpc\_flow\_log\_id) | The ID of the Flow Log resource | -| [vpc\_id](#output\_vpc\_id) | The ID of the VPC | -| [vpc\_instance\_tenancy](#output\_vpc\_instance\_tenancy) | Tenancy of instances spin up within VPC | -| [vpc\_ipv6\_association\_id](#output\_vpc\_ipv6\_association\_id) | The association ID for the IPv6 CIDR block | -| [vpc\_ipv6\_cidr\_block](#output\_vpc\_ipv6\_cidr\_block) | The IPv6 CIDR block | -| [vpc\_main\_route\_table\_id](#output\_vpc\_main\_route\_table\_id) | The ID of the main route table associated with this VPC | -| [vpc\_owner\_id](#output\_vpc\_owner\_id) | The ID of the AWS account that owns the VPC | -| [vpc\_secondary\_cidr\_blocks](#output\_vpc\_secondary\_cidr\_blocks) | List of secondary CIDR blocks of the VPC | - diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/ipv6-dualstack/main.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/ipv6-dualstack/main.tf deleted file mode 100644 index d71f8fe3..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/ipv6-dualstack/main.tf +++ /dev/null @@ -1,49 +0,0 @@ -provider "aws" { - region = local.region -} - -data "aws_availability_zones" "available" {} - -locals { - name = "ex-${basename(path.cwd)}" - region = "eu-west-1" - - vpc_cidr = "10.0.0.0/16" - azs = slice(data.aws_availability_zones.available.names, 0, 3) - - tags = { - Example = local.name - GithubRepo = "terraform-aws-vpc" - GithubOrg = "terraform-aws-modules" - } -} - -################################################################################ -# VPC Module -################################################################################ - -module "vpc" { - source = "../.." - - name = local.name - cidr = local.vpc_cidr - - azs = local.azs - private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k)] - public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 4)] - database_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 8)] - - enable_nat_gateway = true - - create_database_subnet_route_table = true - create_database_internet_gateway_route = true - - enable_ipv6 = true - public_subnet_assign_ipv6_address_on_creation = true - - public_subnet_ipv6_prefixes = [0, 1, 2] - private_subnet_ipv6_prefixes = [3, 4, 5] - database_subnet_ipv6_prefixes = [6, 7, 8] - - tags = local.tags -} diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/ipv6-dualstack/outputs.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/ipv6-dualstack/outputs.tf deleted file mode 100644 index 77f244a9..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/ipv6-dualstack/outputs.tf +++ /dev/null @@ -1,535 +0,0 @@ -output "vpc_id" { - description = "The ID of the VPC" - value = module.vpc.vpc_id -} - -output "vpc_arn" { - description = "The ARN of the VPC" - value = module.vpc.vpc_arn -} - -output "vpc_cidr_block" { - description = "The CIDR block of the VPC" - value = module.vpc.vpc_cidr_block -} - -output "default_security_group_id" { - description = "The ID of the security group created by default on VPC creation" - value = module.vpc.default_security_group_id -} - -output "default_network_acl_id" { - description = "The ID of the default network ACL" - value = module.vpc.default_network_acl_id -} - -output "default_route_table_id" { - description = "The ID of the default route table" - value = module.vpc.default_route_table_id -} - -output "vpc_instance_tenancy" { - description = "Tenancy of instances spin up within VPC" - value = module.vpc.vpc_instance_tenancy -} - -output "vpc_enable_dns_support" { - description = "Whether or not the VPC has DNS support" - value = module.vpc.vpc_enable_dns_support -} - -output "vpc_enable_dns_hostnames" { - description = "Whether or not the VPC has DNS hostname support" - value = module.vpc.vpc_enable_dns_hostnames -} - -output "vpc_main_route_table_id" { - description = "The ID of the main route table associated with this VPC" - value = module.vpc.vpc_main_route_table_id -} - -output "vpc_ipv6_association_id" { - description = "The association ID for the IPv6 CIDR block" - value = module.vpc.vpc_ipv6_association_id -} - -output "vpc_ipv6_cidr_block" { - description = "The IPv6 CIDR block" - value = module.vpc.vpc_ipv6_cidr_block -} - -output "vpc_secondary_cidr_blocks" { - description = "List of secondary CIDR blocks of the VPC" - value = module.vpc.vpc_secondary_cidr_blocks -} - -output "vpc_owner_id" { - description = "The ID of the AWS account that owns the VPC" - value = module.vpc.vpc_owner_id -} - -output "private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc.private_subnets -} - -output "private_subnet_arns" { - description = "List of ARNs of private subnets" - value = module.vpc.private_subnet_arns -} - -output "private_subnets_cidr_blocks" { - description = "List of cidr_blocks of private subnets" - value = module.vpc.private_subnets_cidr_blocks -} - -output "private_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of private subnets in an IPv6 enabled VPC" - value = module.vpc.private_subnets_ipv6_cidr_blocks -} - -output "public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc.public_subnets -} - -output "public_subnet_arns" { - description = "List of ARNs of public subnets" - value = module.vpc.public_subnet_arns -} - -output "public_subnets_cidr_blocks" { - description = "List of cidr_blocks of public subnets" - value = module.vpc.public_subnets_cidr_blocks -} - -output "public_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of public subnets in an IPv6 enabled VPC" - value = module.vpc.public_subnets_ipv6_cidr_blocks -} - -output "outpost_subnets" { - description = "List of IDs of outpost subnets" - value = module.vpc.outpost_subnets -} - -output "outpost_subnet_arns" { - description = "List of ARNs of outpost subnets" - value = module.vpc.outpost_subnet_arns -} - -output "outpost_subnets_cidr_blocks" { - description = "List of cidr_blocks of outpost subnets" - value = module.vpc.outpost_subnets_cidr_blocks -} - -output "outpost_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of outpost subnets in an IPv6 enabled VPC" - value = module.vpc.outpost_subnets_ipv6_cidr_blocks -} - -output "database_subnets" { - description = "List of IDs of database subnets" - value = module.vpc.database_subnets -} - -output "database_subnet_arns" { - description = "List of ARNs of database subnets" - value = module.vpc.database_subnet_arns -} - -output "database_subnets_cidr_blocks" { - description = "List of cidr_blocks of database subnets" - value = module.vpc.database_subnets_cidr_blocks -} - -output "database_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of database subnets in an IPv6 enabled VPC" - value = module.vpc.database_subnets_ipv6_cidr_blocks -} - -output "database_subnet_group" { - description = "ID of database subnet group" - value = module.vpc.database_subnet_group -} - -output "database_subnet_group_name" { - description = "Name of database subnet group" - value = module.vpc.database_subnet_group_name -} - -output "redshift_subnets" { - description = "List of IDs of redshift subnets" - value = module.vpc.redshift_subnets -} - -output "redshift_subnet_arns" { - description = "List of ARNs of redshift subnets" - value = module.vpc.redshift_subnet_arns -} - -output "redshift_subnets_cidr_blocks" { - description = "List of cidr_blocks of redshift subnets" - value = module.vpc.redshift_subnets_cidr_blocks -} - -output "redshift_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of redshift subnets in an IPv6 enabled VPC" - value = module.vpc.redshift_subnets_ipv6_cidr_blocks -} - -output "redshift_subnet_group" { - description = "ID of redshift subnet group" - value = module.vpc.redshift_subnet_group -} - -output "elasticache_subnets" { - description = "List of IDs of elasticache subnets" - value = module.vpc.elasticache_subnets -} - -output "elasticache_subnet_arns" { - description = "List of ARNs of elasticache subnets" - value = module.vpc.elasticache_subnet_arns -} - -output "elasticache_subnets_cidr_blocks" { - description = "List of cidr_blocks of elasticache subnets" - value = module.vpc.elasticache_subnets_cidr_blocks -} - -output "elasticache_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of elasticache subnets in an IPv6 enabled VPC" - value = module.vpc.elasticache_subnets_ipv6_cidr_blocks -} - -output "intra_subnets" { - description = "List of IDs of intra subnets" - value = module.vpc.intra_subnets -} - -output "intra_subnet_arns" { - description = "List of ARNs of intra subnets" - value = module.vpc.intra_subnet_arns -} - -output "intra_subnets_cidr_blocks" { - description = "List of cidr_blocks of intra subnets" - value = module.vpc.intra_subnets_cidr_blocks -} - -output "intra_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of intra subnets in an IPv6 enabled VPC" - value = module.vpc.intra_subnets_ipv6_cidr_blocks -} - -output "elasticache_subnet_group" { - description = "ID of elasticache subnet group" - value = module.vpc.elasticache_subnet_group -} - -output "elasticache_subnet_group_name" { - description = "Name of elasticache subnet group" - value = module.vpc.elasticache_subnet_group_name -} - -output "public_route_table_ids" { - description = "List of IDs of public route tables" - value = module.vpc.public_route_table_ids -} - -output "private_route_table_ids" { - description = "List of IDs of private route tables" - value = module.vpc.private_route_table_ids -} - -output "database_route_table_ids" { - description = "List of IDs of database route tables" - value = module.vpc.database_route_table_ids -} - -output "redshift_route_table_ids" { - description = "List of IDs of redshift route tables" - value = module.vpc.redshift_route_table_ids -} - -output "elasticache_route_table_ids" { - description = "List of IDs of elasticache route tables" - value = module.vpc.elasticache_route_table_ids -} - -output "intra_route_table_ids" { - description = "List of IDs of intra route tables" - value = module.vpc.intra_route_table_ids -} - -output "public_internet_gateway_route_id" { - description = "ID of the internet gateway route" - value = module.vpc.public_internet_gateway_route_id -} - -output "public_internet_gateway_ipv6_route_id" { - description = "ID of the IPv6 internet gateway route" - value = module.vpc.public_internet_gateway_ipv6_route_id -} - -output "database_internet_gateway_route_id" { - description = "ID of the database internet gateway route" - value = module.vpc.database_internet_gateway_route_id -} - -output "database_nat_gateway_route_ids" { - description = "List of IDs of the database nat gateway route" - value = module.vpc.database_nat_gateway_route_ids -} - -output "database_ipv6_egress_route_id" { - description = "ID of the database IPv6 egress route" - value = module.vpc.database_ipv6_egress_route_id -} - -output "private_nat_gateway_route_ids" { - description = "List of IDs of the private nat gateway route" - value = module.vpc.private_nat_gateway_route_ids -} - -output "private_ipv6_egress_route_ids" { - description = "List of IDs of the ipv6 egress route" - value = module.vpc.private_ipv6_egress_route_ids -} - -output "private_route_table_association_ids" { - description = "List of IDs of the private route table association" - value = module.vpc.private_route_table_association_ids -} - -output "database_route_table_association_ids" { - description = "List of IDs of the database route table association" - value = module.vpc.database_route_table_association_ids -} - -output "redshift_route_table_association_ids" { - description = "List of IDs of the redshift route table association" - value = module.vpc.redshift_route_table_association_ids -} - -output "redshift_public_route_table_association_ids" { - description = "List of IDs of the public redshift route table association" - value = module.vpc.redshift_public_route_table_association_ids -} - -output "elasticache_route_table_association_ids" { - description = "List of IDs of the elasticache route table association" - value = module.vpc.elasticache_route_table_association_ids -} - -output "intra_route_table_association_ids" { - description = "List of IDs of the intra route table association" - value = module.vpc.intra_route_table_association_ids -} - -output "public_route_table_association_ids" { - description = "List of IDs of the public route table association" - value = module.vpc.public_route_table_association_ids -} - -output "dhcp_options_id" { - description = "The ID of the DHCP options" - value = module.vpc.dhcp_options_id -} - -output "nat_ids" { - description = "List of allocation ID of Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_ids -} - -output "nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_public_ips -} - -output "natgw_ids" { - description = "List of NAT Gateway IDs" - value = module.vpc.natgw_ids -} - -output "igw_id" { - description = "The ID of the Internet Gateway" - value = module.vpc.igw_id -} - -output "igw_arn" { - description = "The ARN of the Internet Gateway" - value = module.vpc.igw_arn -} - -output "egress_only_internet_gateway_id" { - description = "The ID of the egress only Internet Gateway" - value = module.vpc.egress_only_internet_gateway_id -} - -output "cgw_ids" { - description = "List of IDs of Customer Gateway" - value = module.vpc.cgw_ids -} - -output "cgw_arns" { - description = "List of ARNs of Customer Gateway" - value = module.vpc.cgw_arns -} - -output "this_customer_gateway" { - description = "Map of Customer Gateway attributes" - value = module.vpc.this_customer_gateway -} - -output "vgw_id" { - description = "The ID of the VPN Gateway" - value = module.vpc.vgw_id -} - -output "vgw_arn" { - description = "The ARN of the VPN Gateway" - value = module.vpc.vgw_arn -} - -output "default_vpc_id" { - description = "The ID of the Default VPC" - value = module.vpc.default_vpc_id -} - -output "default_vpc_arn" { - description = "The ARN of the Default VPC" - value = module.vpc.default_vpc_arn -} - -output "default_vpc_cidr_block" { - description = "The CIDR block of the Default VPC" - value = module.vpc.default_vpc_cidr_block -} - -output "default_vpc_default_security_group_id" { - description = "The ID of the security group created by default on Default VPC creation" - value = module.vpc.default_vpc_default_security_group_id -} - -output "default_vpc_default_network_acl_id" { - description = "The ID of the default network ACL of the Default VPC" - value = module.vpc.default_vpc_default_network_acl_id -} - -output "default_vpc_default_route_table_id" { - description = "The ID of the default route table of the Default VPC" - value = module.vpc.default_vpc_default_route_table_id -} - -output "default_vpc_instance_tenancy" { - description = "Tenancy of instances spin up within Default VPC" - value = module.vpc.default_vpc_instance_tenancy -} - -output "default_vpc_enable_dns_support" { - description = "Whether or not the Default VPC has DNS support" - value = module.vpc.default_vpc_enable_dns_support -} - -output "default_vpc_enable_dns_hostnames" { - description = "Whether or not the Default VPC has DNS hostname support" - value = module.vpc.default_vpc_enable_dns_hostnames -} - -output "default_vpc_main_route_table_id" { - description = "The ID of the main route table associated with the Default VPC" - value = module.vpc.default_vpc_main_route_table_id -} - -output "public_network_acl_id" { - description = "ID of the public network ACL" - value = module.vpc.public_network_acl_id -} - -output "public_network_acl_arn" { - description = "ARN of the public network ACL" - value = module.vpc.public_network_acl_arn -} - -output "private_network_acl_id" { - description = "ID of the private network ACL" - value = module.vpc.private_network_acl_id -} - -output "private_network_acl_arn" { - description = "ARN of the private network ACL" - value = module.vpc.private_network_acl_arn -} - -output "outpost_network_acl_id" { - description = "ID of the outpost network ACL" - value = module.vpc.outpost_network_acl_id -} - -output "outpost_network_acl_arn" { - description = "ARN of the outpost network ACL" - value = module.vpc.outpost_network_acl_arn -} - -output "intra_network_acl_id" { - description = "ID of the intra network ACL" - value = module.vpc.intra_network_acl_id -} - -output "intra_network_acl_arn" { - description = "ARN of the intra network ACL" - value = module.vpc.intra_network_acl_arn -} - -output "database_network_acl_id" { - description = "ID of the database network ACL" - value = module.vpc.database_network_acl_id -} - -output "database_network_acl_arn" { - description = "ARN of the database network ACL" - value = module.vpc.database_network_acl_arn -} - -output "redshift_network_acl_id" { - description = "ID of the redshift network ACL" - value = module.vpc.redshift_network_acl_id -} - -output "redshift_network_acl_arn" { - description = "ARN of the redshift network ACL" - value = module.vpc.redshift_network_acl_arn -} - -output "elasticache_network_acl_id" { - description = "ID of the elasticache network ACL" - value = module.vpc.elasticache_network_acl_id -} - -output "elasticache_network_acl_arn" { - description = "ARN of the elasticache network ACL" - value = module.vpc.elasticache_network_acl_arn -} - -# VPC flow log -output "vpc_flow_log_id" { - description = "The ID of the Flow Log resource" - value = module.vpc.vpc_flow_log_id -} - -output "vpc_flow_log_destination_arn" { - description = "The ARN of the destination for VPC Flow Logs" - value = module.vpc.vpc_flow_log_destination_arn -} - -output "vpc_flow_log_destination_type" { - description = "The type of the destination for VPC Flow Logs" - value = module.vpc.vpc_flow_log_destination_type -} - -output "vpc_flow_log_cloudwatch_iam_role_arn" { - description = "The ARN of the IAM role used when pushing logs to Cloudwatch log group" - value = module.vpc.vpc_flow_log_cloudwatch_iam_role_arn -} diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/ipv6-dualstack/variables.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/ipv6-dualstack/variables.tf deleted file mode 100644 index e69de29b..00000000 diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/ipv6-dualstack/versions.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/ipv6-dualstack/versions.tf deleted file mode 100644 index ddfcb0e0..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/ipv6-dualstack/versions.tf +++ /dev/null @@ -1,10 +0,0 @@ -terraform { - required_version = ">= 1.0" - - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 5.0" - } - } -} diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/ipv6-only/README.md b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/ipv6-only/README.md deleted file mode 100644 index eb8cea2e..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/ipv6-only/README.md +++ /dev/null @@ -1,158 +0,0 @@ -# IPv6 Only VPC - -Configuration in this directory creates set of VPC resources with IPv6 only enabled on VPC and subnets. - -## Usage - -To run this example you need to execute: - -```bash -$ terraform init -$ terraform plan -$ terraform apply -``` - -Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources. - - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.0 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | >= 5.0 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [vpc](#module\_vpc) | ../.. | n/a | - -## Resources - -| Name | Type | -|------|------| -| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source | - -## Inputs - -No inputs. - -## Outputs - -| Name | Description | -|------|-------------| -| [cgw\_arns](#output\_cgw\_arns) | List of ARNs of Customer Gateway | -| [cgw\_ids](#output\_cgw\_ids) | List of IDs of Customer Gateway | -| [database\_internet\_gateway\_route\_id](#output\_database\_internet\_gateway\_route\_id) | ID of the database internet gateway route | -| [database\_ipv6\_egress\_route\_id](#output\_database\_ipv6\_egress\_route\_id) | ID of the database IPv6 egress route | -| [database\_nat\_gateway\_route\_ids](#output\_database\_nat\_gateway\_route\_ids) | List of IDs of the database nat gateway route | -| [database\_network\_acl\_arn](#output\_database\_network\_acl\_arn) | ARN of the database network ACL | -| [database\_network\_acl\_id](#output\_database\_network\_acl\_id) | ID of the database network ACL | -| [database\_route\_table\_association\_ids](#output\_database\_route\_table\_association\_ids) | List of IDs of the database route table association | -| [database\_route\_table\_ids](#output\_database\_route\_table\_ids) | List of IDs of database route tables | -| [database\_subnet\_arns](#output\_database\_subnet\_arns) | List of ARNs of database subnets | -| [database\_subnet\_group](#output\_database\_subnet\_group) | ID of database subnet group | -| [database\_subnet\_group\_name](#output\_database\_subnet\_group\_name) | Name of database subnet group | -| [database\_subnets](#output\_database\_subnets) | List of IDs of database subnets | -| [database\_subnets\_cidr\_blocks](#output\_database\_subnets\_cidr\_blocks) | List of cidr\_blocks of database subnets | -| [database\_subnets\_ipv6\_cidr\_blocks](#output\_database\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of database subnets in an IPv6 enabled VPC | -| [default\_network\_acl\_id](#output\_default\_network\_acl\_id) | The ID of the default network ACL | -| [default\_route\_table\_id](#output\_default\_route\_table\_id) | The ID of the default route table | -| [default\_security\_group\_id](#output\_default\_security\_group\_id) | The ID of the security group created by default on VPC creation | -| [default\_vpc\_arn](#output\_default\_vpc\_arn) | The ARN of the Default VPC | -| [default\_vpc\_cidr\_block](#output\_default\_vpc\_cidr\_block) | The CIDR block of the Default VPC | -| [default\_vpc\_default\_network\_acl\_id](#output\_default\_vpc\_default\_network\_acl\_id) | The ID of the default network ACL of the Default VPC | -| [default\_vpc\_default\_route\_table\_id](#output\_default\_vpc\_default\_route\_table\_id) | The ID of the default route table of the Default VPC | -| [default\_vpc\_default\_security\_group\_id](#output\_default\_vpc\_default\_security\_group\_id) | The ID of the security group created by default on Default VPC creation | -| [default\_vpc\_enable\_dns\_hostnames](#output\_default\_vpc\_enable\_dns\_hostnames) | Whether or not the Default VPC has DNS hostname support | -| [default\_vpc\_enable\_dns\_support](#output\_default\_vpc\_enable\_dns\_support) | Whether or not the Default VPC has DNS support | -| [default\_vpc\_id](#output\_default\_vpc\_id) | The ID of the Default VPC | -| [default\_vpc\_instance\_tenancy](#output\_default\_vpc\_instance\_tenancy) | Tenancy of instances spin up within Default VPC | -| [default\_vpc\_main\_route\_table\_id](#output\_default\_vpc\_main\_route\_table\_id) | The ID of the main route table associated with the Default VPC | -| [dhcp\_options\_id](#output\_dhcp\_options\_id) | The ID of the DHCP options | -| [egress\_only\_internet\_gateway\_id](#output\_egress\_only\_internet\_gateway\_id) | The ID of the egress only Internet Gateway | -| [elasticache\_network\_acl\_arn](#output\_elasticache\_network\_acl\_arn) | ARN of the elasticache network ACL | -| [elasticache\_network\_acl\_id](#output\_elasticache\_network\_acl\_id) | ID of the elasticache network ACL | -| [elasticache\_route\_table\_association\_ids](#output\_elasticache\_route\_table\_association\_ids) | List of IDs of the elasticache route table association | -| [elasticache\_route\_table\_ids](#output\_elasticache\_route\_table\_ids) | List of IDs of elasticache route tables | -| [elasticache\_subnet\_arns](#output\_elasticache\_subnet\_arns) | List of ARNs of elasticache subnets | -| [elasticache\_subnet\_group](#output\_elasticache\_subnet\_group) | ID of elasticache subnet group | -| [elasticache\_subnet\_group\_name](#output\_elasticache\_subnet\_group\_name) | Name of elasticache subnet group | -| [elasticache\_subnets](#output\_elasticache\_subnets) | List of IDs of elasticache subnets | -| [elasticache\_subnets\_cidr\_blocks](#output\_elasticache\_subnets\_cidr\_blocks) | List of cidr\_blocks of elasticache subnets | -| [elasticache\_subnets\_ipv6\_cidr\_blocks](#output\_elasticache\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of elasticache subnets in an IPv6 enabled VPC | -| [igw\_arn](#output\_igw\_arn) | The ARN of the Internet Gateway | -| [igw\_id](#output\_igw\_id) | The ID of the Internet Gateway | -| [intra\_network\_acl\_arn](#output\_intra\_network\_acl\_arn) | ARN of the intra network ACL | -| [intra\_network\_acl\_id](#output\_intra\_network\_acl\_id) | ID of the intra network ACL | -| [intra\_route\_table\_association\_ids](#output\_intra\_route\_table\_association\_ids) | List of IDs of the intra route table association | -| [intra\_route\_table\_ids](#output\_intra\_route\_table\_ids) | List of IDs of intra route tables | -| [intra\_subnet\_arns](#output\_intra\_subnet\_arns) | List of ARNs of intra subnets | -| [intra\_subnets](#output\_intra\_subnets) | List of IDs of intra subnets | -| [intra\_subnets\_cidr\_blocks](#output\_intra\_subnets\_cidr\_blocks) | List of cidr\_blocks of intra subnets | -| [intra\_subnets\_ipv6\_cidr\_blocks](#output\_intra\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of intra subnets in an IPv6 enabled VPC | -| [nat\_ids](#output\_nat\_ids) | List of allocation ID of Elastic IPs created for AWS NAT Gateway | -| [nat\_public\_ips](#output\_nat\_public\_ips) | List of public Elastic IPs created for AWS NAT Gateway | -| [natgw\_ids](#output\_natgw\_ids) | List of NAT Gateway IDs | -| [outpost\_network\_acl\_arn](#output\_outpost\_network\_acl\_arn) | ARN of the outpost network ACL | -| [outpost\_network\_acl\_id](#output\_outpost\_network\_acl\_id) | ID of the outpost network ACL | -| [outpost\_subnet\_arns](#output\_outpost\_subnet\_arns) | List of ARNs of outpost subnets | -| [outpost\_subnets](#output\_outpost\_subnets) | List of IDs of outpost subnets | -| [outpost\_subnets\_cidr\_blocks](#output\_outpost\_subnets\_cidr\_blocks) | List of cidr\_blocks of outpost subnets | -| [outpost\_subnets\_ipv6\_cidr\_blocks](#output\_outpost\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of outpost subnets in an IPv6 enabled VPC | -| [private\_ipv6\_egress\_route\_ids](#output\_private\_ipv6\_egress\_route\_ids) | List of IDs of the ipv6 egress route | -| [private\_nat\_gateway\_route\_ids](#output\_private\_nat\_gateway\_route\_ids) | List of IDs of the private nat gateway route | -| [private\_network\_acl\_arn](#output\_private\_network\_acl\_arn) | ARN of the private network ACL | -| [private\_network\_acl\_id](#output\_private\_network\_acl\_id) | ID of the private network ACL | -| [private\_route\_table\_association\_ids](#output\_private\_route\_table\_association\_ids) | List of IDs of the private route table association | -| [private\_route\_table\_ids](#output\_private\_route\_table\_ids) | List of IDs of private route tables | -| [private\_subnet\_arns](#output\_private\_subnet\_arns) | List of ARNs of private subnets | -| [private\_subnets](#output\_private\_subnets) | List of IDs of private subnets | -| [private\_subnets\_cidr\_blocks](#output\_private\_subnets\_cidr\_blocks) | List of cidr\_blocks of private subnets | -| [private\_subnets\_ipv6\_cidr\_blocks](#output\_private\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of private subnets in an IPv6 enabled VPC | -| [public\_internet\_gateway\_ipv6\_route\_id](#output\_public\_internet\_gateway\_ipv6\_route\_id) | ID of the IPv6 internet gateway route | -| [public\_internet\_gateway\_route\_id](#output\_public\_internet\_gateway\_route\_id) | ID of the internet gateway route | -| [public\_network\_acl\_arn](#output\_public\_network\_acl\_arn) | ARN of the public network ACL | -| [public\_network\_acl\_id](#output\_public\_network\_acl\_id) | ID of the public network ACL | -| [public\_route\_table\_association\_ids](#output\_public\_route\_table\_association\_ids) | List of IDs of the public route table association | -| [public\_route\_table\_ids](#output\_public\_route\_table\_ids) | List of IDs of public route tables | -| [public\_subnet\_arns](#output\_public\_subnet\_arns) | List of ARNs of public subnets | -| [public\_subnets](#output\_public\_subnets) | List of IDs of public subnets | -| [public\_subnets\_cidr\_blocks](#output\_public\_subnets\_cidr\_blocks) | List of cidr\_blocks of public subnets | -| [public\_subnets\_ipv6\_cidr\_blocks](#output\_public\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of public subnets in an IPv6 enabled VPC | -| [redshift\_network\_acl\_arn](#output\_redshift\_network\_acl\_arn) | ARN of the redshift network ACL | -| [redshift\_network\_acl\_id](#output\_redshift\_network\_acl\_id) | ID of the redshift network ACL | -| [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshift route table association | -| [redshift\_route\_table\_association\_ids](#output\_redshift\_route\_table\_association\_ids) | List of IDs of the redshift route table association | -| [redshift\_route\_table\_ids](#output\_redshift\_route\_table\_ids) | List of IDs of redshift route tables | -| [redshift\_subnet\_arns](#output\_redshift\_subnet\_arns) | List of ARNs of redshift subnets | -| [redshift\_subnet\_group](#output\_redshift\_subnet\_group) | ID of redshift subnet group | -| [redshift\_subnets](#output\_redshift\_subnets) | List of IDs of redshift subnets | -| [redshift\_subnets\_cidr\_blocks](#output\_redshift\_subnets\_cidr\_blocks) | List of cidr\_blocks of redshift subnets | -| [redshift\_subnets\_ipv6\_cidr\_blocks](#output\_redshift\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of redshift subnets in an IPv6 enabled VPC | -| [this\_customer\_gateway](#output\_this\_customer\_gateway) | Map of Customer Gateway attributes | -| [vgw\_arn](#output\_vgw\_arn) | The ARN of the VPN Gateway | -| [vgw\_id](#output\_vgw\_id) | The ID of the VPN Gateway | -| [vpc\_arn](#output\_vpc\_arn) | The ARN of the VPC | -| [vpc\_cidr\_block](#output\_vpc\_cidr\_block) | The CIDR block of the VPC | -| [vpc\_enable\_dns\_hostnames](#output\_vpc\_enable\_dns\_hostnames) | Whether or not the VPC has DNS hostname support | -| [vpc\_enable\_dns\_support](#output\_vpc\_enable\_dns\_support) | Whether or not the VPC has DNS support | -| [vpc\_flow\_log\_cloudwatch\_iam\_role\_arn](#output\_vpc\_flow\_log\_cloudwatch\_iam\_role\_arn) | The ARN of the IAM role used when pushing logs to Cloudwatch log group | -| [vpc\_flow\_log\_destination\_arn](#output\_vpc\_flow\_log\_destination\_arn) | The ARN of the destination for VPC Flow Logs | -| [vpc\_flow\_log\_destination\_type](#output\_vpc\_flow\_log\_destination\_type) | The type of the destination for VPC Flow Logs | -| [vpc\_flow\_log\_id](#output\_vpc\_flow\_log\_id) | The ID of the Flow Log resource | -| [vpc\_id](#output\_vpc\_id) | The ID of the VPC | -| [vpc\_instance\_tenancy](#output\_vpc\_instance\_tenancy) | Tenancy of instances spin up within VPC | -| [vpc\_ipv6\_association\_id](#output\_vpc\_ipv6\_association\_id) | The association ID for the IPv6 CIDR block | -| [vpc\_ipv6\_cidr\_block](#output\_vpc\_ipv6\_cidr\_block) | The IPv6 CIDR block | -| [vpc\_main\_route\_table\_id](#output\_vpc\_main\_route\_table\_id) | The ID of the main route table associated with this VPC | -| [vpc\_owner\_id](#output\_vpc\_owner\_id) | The ID of the AWS account that owns the VPC | -| [vpc\_secondary\_cidr\_blocks](#output\_vpc\_secondary\_cidr\_blocks) | List of secondary CIDR blocks of the VPC | - diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/ipv6-only/main.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/ipv6-only/main.tf deleted file mode 100644 index ba737316..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/ipv6-only/main.tf +++ /dev/null @@ -1,43 +0,0 @@ -provider "aws" { - region = local.region -} - -data "aws_availability_zones" "available" {} - -locals { - name = "ex-${basename(path.cwd)}" - region = "eu-west-1" - - tags = { - Example = local.name - GithubRepo = "terraform-aws-vpc" - GithubOrg = "terraform-aws-modules" - } -} - -################################################################################ -# VPC Module -################################################################################ - -module "vpc" { - source = "../.." - - name = local.name - - azs = slice(data.aws_availability_zones.available.names, 0, 3) - enable_ipv6 = true - - public_subnet_ipv6_native = true - public_subnet_ipv6_prefixes = [0, 1, 2] - private_subnet_ipv6_native = true - private_subnet_ipv6_prefixes = [3, 4, 5] - - # RDS currently only supports dual-stack so IPv4 CIDRs will need to be provided for subnets - # database_subnet_ipv6_native = true - # database_subnet_ipv6_prefixes = [6, 7, 8] - - enable_nat_gateway = false - create_egress_only_igw = true - - tags = local.tags -} diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/ipv6-only/outputs.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/ipv6-only/outputs.tf deleted file mode 100644 index 77f244a9..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/ipv6-only/outputs.tf +++ /dev/null @@ -1,535 +0,0 @@ -output "vpc_id" { - description = "The ID of the VPC" - value = module.vpc.vpc_id -} - -output "vpc_arn" { - description = "The ARN of the VPC" - value = module.vpc.vpc_arn -} - -output "vpc_cidr_block" { - description = "The CIDR block of the VPC" - value = module.vpc.vpc_cidr_block -} - -output "default_security_group_id" { - description = "The ID of the security group created by default on VPC creation" - value = module.vpc.default_security_group_id -} - -output "default_network_acl_id" { - description = "The ID of the default network ACL" - value = module.vpc.default_network_acl_id -} - -output "default_route_table_id" { - description = "The ID of the default route table" - value = module.vpc.default_route_table_id -} - -output "vpc_instance_tenancy" { - description = "Tenancy of instances spin up within VPC" - value = module.vpc.vpc_instance_tenancy -} - -output "vpc_enable_dns_support" { - description = "Whether or not the VPC has DNS support" - value = module.vpc.vpc_enable_dns_support -} - -output "vpc_enable_dns_hostnames" { - description = "Whether or not the VPC has DNS hostname support" - value = module.vpc.vpc_enable_dns_hostnames -} - -output "vpc_main_route_table_id" { - description = "The ID of the main route table associated with this VPC" - value = module.vpc.vpc_main_route_table_id -} - -output "vpc_ipv6_association_id" { - description = "The association ID for the IPv6 CIDR block" - value = module.vpc.vpc_ipv6_association_id -} - -output "vpc_ipv6_cidr_block" { - description = "The IPv6 CIDR block" - value = module.vpc.vpc_ipv6_cidr_block -} - -output "vpc_secondary_cidr_blocks" { - description = "List of secondary CIDR blocks of the VPC" - value = module.vpc.vpc_secondary_cidr_blocks -} - -output "vpc_owner_id" { - description = "The ID of the AWS account that owns the VPC" - value = module.vpc.vpc_owner_id -} - -output "private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc.private_subnets -} - -output "private_subnet_arns" { - description = "List of ARNs of private subnets" - value = module.vpc.private_subnet_arns -} - -output "private_subnets_cidr_blocks" { - description = "List of cidr_blocks of private subnets" - value = module.vpc.private_subnets_cidr_blocks -} - -output "private_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of private subnets in an IPv6 enabled VPC" - value = module.vpc.private_subnets_ipv6_cidr_blocks -} - -output "public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc.public_subnets -} - -output "public_subnet_arns" { - description = "List of ARNs of public subnets" - value = module.vpc.public_subnet_arns -} - -output "public_subnets_cidr_blocks" { - description = "List of cidr_blocks of public subnets" - value = module.vpc.public_subnets_cidr_blocks -} - -output "public_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of public subnets in an IPv6 enabled VPC" - value = module.vpc.public_subnets_ipv6_cidr_blocks -} - -output "outpost_subnets" { - description = "List of IDs of outpost subnets" - value = module.vpc.outpost_subnets -} - -output "outpost_subnet_arns" { - description = "List of ARNs of outpost subnets" - value = module.vpc.outpost_subnet_arns -} - -output "outpost_subnets_cidr_blocks" { - description = "List of cidr_blocks of outpost subnets" - value = module.vpc.outpost_subnets_cidr_blocks -} - -output "outpost_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of outpost subnets in an IPv6 enabled VPC" - value = module.vpc.outpost_subnets_ipv6_cidr_blocks -} - -output "database_subnets" { - description = "List of IDs of database subnets" - value = module.vpc.database_subnets -} - -output "database_subnet_arns" { - description = "List of ARNs of database subnets" - value = module.vpc.database_subnet_arns -} - -output "database_subnets_cidr_blocks" { - description = "List of cidr_blocks of database subnets" - value = module.vpc.database_subnets_cidr_blocks -} - -output "database_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of database subnets in an IPv6 enabled VPC" - value = module.vpc.database_subnets_ipv6_cidr_blocks -} - -output "database_subnet_group" { - description = "ID of database subnet group" - value = module.vpc.database_subnet_group -} - -output "database_subnet_group_name" { - description = "Name of database subnet group" - value = module.vpc.database_subnet_group_name -} - -output "redshift_subnets" { - description = "List of IDs of redshift subnets" - value = module.vpc.redshift_subnets -} - -output "redshift_subnet_arns" { - description = "List of ARNs of redshift subnets" - value = module.vpc.redshift_subnet_arns -} - -output "redshift_subnets_cidr_blocks" { - description = "List of cidr_blocks of redshift subnets" - value = module.vpc.redshift_subnets_cidr_blocks -} - -output "redshift_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of redshift subnets in an IPv6 enabled VPC" - value = module.vpc.redshift_subnets_ipv6_cidr_blocks -} - -output "redshift_subnet_group" { - description = "ID of redshift subnet group" - value = module.vpc.redshift_subnet_group -} - -output "elasticache_subnets" { - description = "List of IDs of elasticache subnets" - value = module.vpc.elasticache_subnets -} - -output "elasticache_subnet_arns" { - description = "List of ARNs of elasticache subnets" - value = module.vpc.elasticache_subnet_arns -} - -output "elasticache_subnets_cidr_blocks" { - description = "List of cidr_blocks of elasticache subnets" - value = module.vpc.elasticache_subnets_cidr_blocks -} - -output "elasticache_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of elasticache subnets in an IPv6 enabled VPC" - value = module.vpc.elasticache_subnets_ipv6_cidr_blocks -} - -output "intra_subnets" { - description = "List of IDs of intra subnets" - value = module.vpc.intra_subnets -} - -output "intra_subnet_arns" { - description = "List of ARNs of intra subnets" - value = module.vpc.intra_subnet_arns -} - -output "intra_subnets_cidr_blocks" { - description = "List of cidr_blocks of intra subnets" - value = module.vpc.intra_subnets_cidr_blocks -} - -output "intra_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of intra subnets in an IPv6 enabled VPC" - value = module.vpc.intra_subnets_ipv6_cidr_blocks -} - -output "elasticache_subnet_group" { - description = "ID of elasticache subnet group" - value = module.vpc.elasticache_subnet_group -} - -output "elasticache_subnet_group_name" { - description = "Name of elasticache subnet group" - value = module.vpc.elasticache_subnet_group_name -} - -output "public_route_table_ids" { - description = "List of IDs of public route tables" - value = module.vpc.public_route_table_ids -} - -output "private_route_table_ids" { - description = "List of IDs of private route tables" - value = module.vpc.private_route_table_ids -} - -output "database_route_table_ids" { - description = "List of IDs of database route tables" - value = module.vpc.database_route_table_ids -} - -output "redshift_route_table_ids" { - description = "List of IDs of redshift route tables" - value = module.vpc.redshift_route_table_ids -} - -output "elasticache_route_table_ids" { - description = "List of IDs of elasticache route tables" - value = module.vpc.elasticache_route_table_ids -} - -output "intra_route_table_ids" { - description = "List of IDs of intra route tables" - value = module.vpc.intra_route_table_ids -} - -output "public_internet_gateway_route_id" { - description = "ID of the internet gateway route" - value = module.vpc.public_internet_gateway_route_id -} - -output "public_internet_gateway_ipv6_route_id" { - description = "ID of the IPv6 internet gateway route" - value = module.vpc.public_internet_gateway_ipv6_route_id -} - -output "database_internet_gateway_route_id" { - description = "ID of the database internet gateway route" - value = module.vpc.database_internet_gateway_route_id -} - -output "database_nat_gateway_route_ids" { - description = "List of IDs of the database nat gateway route" - value = module.vpc.database_nat_gateway_route_ids -} - -output "database_ipv6_egress_route_id" { - description = "ID of the database IPv6 egress route" - value = module.vpc.database_ipv6_egress_route_id -} - -output "private_nat_gateway_route_ids" { - description = "List of IDs of the private nat gateway route" - value = module.vpc.private_nat_gateway_route_ids -} - -output "private_ipv6_egress_route_ids" { - description = "List of IDs of the ipv6 egress route" - value = module.vpc.private_ipv6_egress_route_ids -} - -output "private_route_table_association_ids" { - description = "List of IDs of the private route table association" - value = module.vpc.private_route_table_association_ids -} - -output "database_route_table_association_ids" { - description = "List of IDs of the database route table association" - value = module.vpc.database_route_table_association_ids -} - -output "redshift_route_table_association_ids" { - description = "List of IDs of the redshift route table association" - value = module.vpc.redshift_route_table_association_ids -} - -output "redshift_public_route_table_association_ids" { - description = "List of IDs of the public redshift route table association" - value = module.vpc.redshift_public_route_table_association_ids -} - -output "elasticache_route_table_association_ids" { - description = "List of IDs of the elasticache route table association" - value = module.vpc.elasticache_route_table_association_ids -} - -output "intra_route_table_association_ids" { - description = "List of IDs of the intra route table association" - value = module.vpc.intra_route_table_association_ids -} - -output "public_route_table_association_ids" { - description = "List of IDs of the public route table association" - value = module.vpc.public_route_table_association_ids -} - -output "dhcp_options_id" { - description = "The ID of the DHCP options" - value = module.vpc.dhcp_options_id -} - -output "nat_ids" { - description = "List of allocation ID of Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_ids -} - -output "nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_public_ips -} - -output "natgw_ids" { - description = "List of NAT Gateway IDs" - value = module.vpc.natgw_ids -} - -output "igw_id" { - description = "The ID of the Internet Gateway" - value = module.vpc.igw_id -} - -output "igw_arn" { - description = "The ARN of the Internet Gateway" - value = module.vpc.igw_arn -} - -output "egress_only_internet_gateway_id" { - description = "The ID of the egress only Internet Gateway" - value = module.vpc.egress_only_internet_gateway_id -} - -output "cgw_ids" { - description = "List of IDs of Customer Gateway" - value = module.vpc.cgw_ids -} - -output "cgw_arns" { - description = "List of ARNs of Customer Gateway" - value = module.vpc.cgw_arns -} - -output "this_customer_gateway" { - description = "Map of Customer Gateway attributes" - value = module.vpc.this_customer_gateway -} - -output "vgw_id" { - description = "The ID of the VPN Gateway" - value = module.vpc.vgw_id -} - -output "vgw_arn" { - description = "The ARN of the VPN Gateway" - value = module.vpc.vgw_arn -} - -output "default_vpc_id" { - description = "The ID of the Default VPC" - value = module.vpc.default_vpc_id -} - -output "default_vpc_arn" { - description = "The ARN of the Default VPC" - value = module.vpc.default_vpc_arn -} - -output "default_vpc_cidr_block" { - description = "The CIDR block of the Default VPC" - value = module.vpc.default_vpc_cidr_block -} - -output "default_vpc_default_security_group_id" { - description = "The ID of the security group created by default on Default VPC creation" - value = module.vpc.default_vpc_default_security_group_id -} - -output "default_vpc_default_network_acl_id" { - description = "The ID of the default network ACL of the Default VPC" - value = module.vpc.default_vpc_default_network_acl_id -} - -output "default_vpc_default_route_table_id" { - description = "The ID of the default route table of the Default VPC" - value = module.vpc.default_vpc_default_route_table_id -} - -output "default_vpc_instance_tenancy" { - description = "Tenancy of instances spin up within Default VPC" - value = module.vpc.default_vpc_instance_tenancy -} - -output "default_vpc_enable_dns_support" { - description = "Whether or not the Default VPC has DNS support" - value = module.vpc.default_vpc_enable_dns_support -} - -output "default_vpc_enable_dns_hostnames" { - description = "Whether or not the Default VPC has DNS hostname support" - value = module.vpc.default_vpc_enable_dns_hostnames -} - -output "default_vpc_main_route_table_id" { - description = "The ID of the main route table associated with the Default VPC" - value = module.vpc.default_vpc_main_route_table_id -} - -output "public_network_acl_id" { - description = "ID of the public network ACL" - value = module.vpc.public_network_acl_id -} - -output "public_network_acl_arn" { - description = "ARN of the public network ACL" - value = module.vpc.public_network_acl_arn -} - -output "private_network_acl_id" { - description = "ID of the private network ACL" - value = module.vpc.private_network_acl_id -} - -output "private_network_acl_arn" { - description = "ARN of the private network ACL" - value = module.vpc.private_network_acl_arn -} - -output "outpost_network_acl_id" { - description = "ID of the outpost network ACL" - value = module.vpc.outpost_network_acl_id -} - -output "outpost_network_acl_arn" { - description = "ARN of the outpost network ACL" - value = module.vpc.outpost_network_acl_arn -} - -output "intra_network_acl_id" { - description = "ID of the intra network ACL" - value = module.vpc.intra_network_acl_id -} - -output "intra_network_acl_arn" { - description = "ARN of the intra network ACL" - value = module.vpc.intra_network_acl_arn -} - -output "database_network_acl_id" { - description = "ID of the database network ACL" - value = module.vpc.database_network_acl_id -} - -output "database_network_acl_arn" { - description = "ARN of the database network ACL" - value = module.vpc.database_network_acl_arn -} - -output "redshift_network_acl_id" { - description = "ID of the redshift network ACL" - value = module.vpc.redshift_network_acl_id -} - -output "redshift_network_acl_arn" { - description = "ARN of the redshift network ACL" - value = module.vpc.redshift_network_acl_arn -} - -output "elasticache_network_acl_id" { - description = "ID of the elasticache network ACL" - value = module.vpc.elasticache_network_acl_id -} - -output "elasticache_network_acl_arn" { - description = "ARN of the elasticache network ACL" - value = module.vpc.elasticache_network_acl_arn -} - -# VPC flow log -output "vpc_flow_log_id" { - description = "The ID of the Flow Log resource" - value = module.vpc.vpc_flow_log_id -} - -output "vpc_flow_log_destination_arn" { - description = "The ARN of the destination for VPC Flow Logs" - value = module.vpc.vpc_flow_log_destination_arn -} - -output "vpc_flow_log_destination_type" { - description = "The type of the destination for VPC Flow Logs" - value = module.vpc.vpc_flow_log_destination_type -} - -output "vpc_flow_log_cloudwatch_iam_role_arn" { - description = "The ARN of the IAM role used when pushing logs to Cloudwatch log group" - value = module.vpc.vpc_flow_log_cloudwatch_iam_role_arn -} diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/ipv6-only/variables.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/ipv6-only/variables.tf deleted file mode 100644 index e69de29b..00000000 diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/ipv6-only/versions.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/ipv6-only/versions.tf deleted file mode 100644 index ddfcb0e0..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/ipv6-only/versions.tf +++ /dev/null @@ -1,10 +0,0 @@ -terraform { - required_version = ">= 1.0" - - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 5.0" - } - } -} diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/issues/README.md b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/issues/README.md deleted file mode 100644 index 92cc3a4c..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/issues/README.md +++ /dev/null @@ -1,76 +0,0 @@ -# Issues - -Configuration in this directory creates set of VPC resources to cover issues reported on GitHub: - -- https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/44 -- https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/46 -- https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/102 -- https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/108 - -## Usage - -To run this example you need to execute: - -```bash -$ terraform init -$ terraform plan -$ terraform apply -``` - -Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources. - - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.0 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | >= 5.0 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [vpc\_issue\_108](#module\_vpc\_issue\_108) | ../../ | n/a | -| [vpc\_issue\_44](#module\_vpc\_issue\_44) | ../../ | n/a | -| [vpc\_issue\_46](#module\_vpc\_issue\_46) | ../../ | n/a | - -## Resources - -| Name | Type | -|------|------| -| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source | - -## Inputs - -No inputs. - -## Outputs - -| Name | Description | -|------|-------------| -| [issue\_108\_database\_subnets](#output\_issue\_108\_database\_subnets) | List of IDs of database subnets | -| [issue\_108\_elasticache\_subnets](#output\_issue\_108\_elasticache\_subnets) | List of IDs of elasticache subnets | -| [issue\_108\_nat\_public\_ips](#output\_issue\_108\_nat\_public\_ips) | List of public Elastic IPs created for AWS NAT Gateway | -| [issue\_108\_private\_subnets](#output\_issue\_108\_private\_subnets) | List of IDs of private subnets | -| [issue\_108\_public\_subnets](#output\_issue\_108\_public\_subnets) | List of IDs of public subnets | -| [issue\_108\_vpc\_id](#output\_issue\_108\_vpc\_id) | The ID of the VPC | -| [issue\_44\_database\_subnets](#output\_issue\_44\_database\_subnets) | List of IDs of database subnets | -| [issue\_44\_elasticache\_subnets](#output\_issue\_44\_elasticache\_subnets) | List of IDs of elasticache subnets | -| [issue\_44\_nat\_public\_ips](#output\_issue\_44\_nat\_public\_ips) | List of public Elastic IPs created for AWS NAT Gateway | -| [issue\_44\_private\_subnets](#output\_issue\_44\_private\_subnets) | List of IDs of private subnets | -| [issue\_44\_public\_subnets](#output\_issue\_44\_public\_subnets) | List of IDs of public subnets | -| [issue\_44\_vpc\_id](#output\_issue\_44\_vpc\_id) | The ID of the VPC | -| [issue\_46\_database\_subnets](#output\_issue\_46\_database\_subnets) | List of IDs of database subnets | -| [issue\_46\_elasticache\_subnets](#output\_issue\_46\_elasticache\_subnets) | List of IDs of elasticache subnets | -| [issue\_46\_nat\_public\_ips](#output\_issue\_46\_nat\_public\_ips) | List of public Elastic IPs created for AWS NAT Gateway | -| [issue\_46\_private\_subnets](#output\_issue\_46\_private\_subnets) | List of IDs of private subnets | -| [issue\_46\_public\_subnets](#output\_issue\_46\_public\_subnets) | List of IDs of public subnets | -| [issue\_46\_vpc\_id](#output\_issue\_46\_vpc\_id) | The ID of the VPC | - diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/issues/main.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/issues/main.tf deleted file mode 100644 index 9e23b806..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/issues/main.tf +++ /dev/null @@ -1,91 +0,0 @@ -provider "aws" { - region = local.region -} - -data "aws_availability_zones" "available" {} - -locals { - name = "ex-${basename(path.cwd)}" - region = "eu-west-1" - - azs = slice(data.aws_availability_zones.available.names, 0, 3) - - tags = { - Example = local.name - GithubRepo = "terraform-aws-vpc" - GithubOrg = "terraform-aws-modules" - } -} - -################################################################################ -# Issue 44 - https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/44 -################################################################################ - -module "vpc_issue_44" { - source = "../../" - - name = "asymmetrical" - cidr = "10.0.0.0/16" - - azs = local.azs - private_subnets = ["10.0.1.0/24"] - public_subnets = ["10.0.101.0/24", "10.0.102.0/24"] - database_subnets = ["10.0.21.0/24", "10.0.22.0/24", "10.0.23.0/24"] - - create_database_subnet_group = true - enable_nat_gateway = true - - tags = merge({ - Issue = "44" - Name = "asymmetrical" - }, local.tags) -} - -################################################################################ -# Issue 46 - https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/46 -################################################################################ - -module "vpc_issue_46" { - source = "../../" - - name = "no-private-subnets" - cidr = "10.0.0.0/16" - - azs = local.azs - public_subnets = ["10.0.0.0/22", "10.0.4.0/22", "10.0.8.0/22"] - private_subnets = [] - database_subnets = ["10.0.128.0/24", "10.0.129.0/24"] - elasticache_subnets = ["10.0.131.0/24", "10.0.132.0/24", "10.0.133.0/24"] - - enable_dns_support = true - enable_dns_hostnames = true - enable_nat_gateway = false - - tags = merge({ - Issue = "46" - Name = "no-private-subnets" - }, local.tags) -} - -################################################################################ -# Issue 108 - https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/108 -################################################################################ - -module "vpc_issue_108" { - source = "../../" - - name = "route-already-exists" - cidr = "10.0.0.0/16" - - azs = local.azs - private_subnets = ["10.0.0.0/24", "10.0.1.0/24", "10.0.2.0/24"] - public_subnets = ["10.0.254.240/28", "10.0.254.224/28", "10.0.254.208/28"] - - single_nat_gateway = true - enable_nat_gateway = true - - tags = merge({ - Issue = "108" - Name = "route-already-exists" - }, local.tags) -} diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/issues/outputs.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/issues/outputs.tf deleted file mode 100644 index adcd5760..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/issues/outputs.tf +++ /dev/null @@ -1,110 +0,0 @@ -################################################################################ -# Issue 44 -################################################################################ - -# VPC -output "issue_44_vpc_id" { - description = "The ID of the VPC" - value = module.vpc_issue_44.vpc_id -} - -# Subnets -output "issue_44_private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc_issue_44.private_subnets -} - -output "issue_44_public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc_issue_44.public_subnets -} - -output "issue_44_database_subnets" { - description = "List of IDs of database subnets" - value = module.vpc_issue_44.database_subnets -} - -output "issue_44_elasticache_subnets" { - description = "List of IDs of elasticache subnets" - value = module.vpc_issue_44.elasticache_subnets -} - -# NAT gateways -output "issue_44_nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = module.vpc_issue_44.nat_public_ips -} - -################################################################################ -# Issue 46 -################################################################################ - -# VPC -output "issue_46_vpc_id" { - description = "The ID of the VPC" - value = module.vpc_issue_46.vpc_id -} - -# Subnets -output "issue_46_private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc_issue_46.private_subnets -} - -output "issue_46_public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc_issue_46.public_subnets -} - -output "issue_46_database_subnets" { - description = "List of IDs of database subnets" - value = module.vpc_issue_46.database_subnets -} - -output "issue_46_elasticache_subnets" { - description = "List of IDs of elasticache subnets" - value = module.vpc_issue_46.elasticache_subnets -} - -# NAT gateways -output "issue_46_nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = module.vpc_issue_46.nat_public_ips -} - -################################################################################ -# Issue 108 -################################################################################ - -# VPC -output "issue_108_vpc_id" { - description = "The ID of the VPC" - value = module.vpc_issue_108.vpc_id -} - -# Subnets -output "issue_108_private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc_issue_108.private_subnets -} - -output "issue_108_public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc_issue_108.public_subnets -} - -output "issue_108_database_subnets" { - description = "List of IDs of database subnets" - value = module.vpc_issue_108.database_subnets -} - -output "issue_108_elasticache_subnets" { - description = "List of IDs of elasticache subnets" - value = module.vpc_issue_108.elasticache_subnets -} - -# NAT gateways -output "issue_108_nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = module.vpc_issue_108.nat_public_ips -} diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/issues/variables.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/issues/variables.tf deleted file mode 100644 index e69de29b..00000000 diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/issues/versions.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/issues/versions.tf deleted file mode 100644 index ddfcb0e0..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/issues/versions.tf +++ /dev/null @@ -1,10 +0,0 @@ -terraform { - required_version = ">= 1.0" - - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 5.0" - } - } -} diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/manage-default-vpc/README.md b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/manage-default-vpc/README.md deleted file mode 100644 index 0c506f33..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/manage-default-vpc/README.md +++ /dev/null @@ -1,156 +0,0 @@ -# Manage Default VPC - -Configuration in this directory does not create new VPC resources, but it adopts [Default VPC](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/default-vpc.html) created by AWS to allow management of it using Terraform. - -This is not usual type of resource in Terraform, so use it carefully. More information is [here](https://www.terraform.io/docs/providers/aws/r/default_vpc). - -## Usage - -To run this example you need to execute: - -```bash -$ terraform init -$ terraform plan -$ terraform apply -``` - -Run `terraform destroy` when you don't need these resources. - - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.0 | - -## Providers - -No providers. - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [vpc](#module\_vpc) | ../../ | n/a | - -## Resources - -No resources. - -## Inputs - -No inputs. - -## Outputs - -| Name | Description | -|------|-------------| -| [cgw\_arns](#output\_cgw\_arns) | List of ARNs of Customer Gateway | -| [cgw\_ids](#output\_cgw\_ids) | List of IDs of Customer Gateway | -| [database\_internet\_gateway\_route\_id](#output\_database\_internet\_gateway\_route\_id) | ID of the database internet gateway route | -| [database\_ipv6\_egress\_route\_id](#output\_database\_ipv6\_egress\_route\_id) | ID of the database IPv6 egress route | -| [database\_nat\_gateway\_route\_ids](#output\_database\_nat\_gateway\_route\_ids) | List of IDs of the database nat gateway route | -| [database\_network\_acl\_arn](#output\_database\_network\_acl\_arn) | ARN of the database network ACL | -| [database\_network\_acl\_id](#output\_database\_network\_acl\_id) | ID of the database network ACL | -| [database\_route\_table\_association\_ids](#output\_database\_route\_table\_association\_ids) | List of IDs of the database route table association | -| [database\_route\_table\_ids](#output\_database\_route\_table\_ids) | List of IDs of database route tables | -| [database\_subnet\_arns](#output\_database\_subnet\_arns) | List of ARNs of database subnets | -| [database\_subnet\_group](#output\_database\_subnet\_group) | ID of database subnet group | -| [database\_subnet\_group\_name](#output\_database\_subnet\_group\_name) | Name of database subnet group | -| [database\_subnets](#output\_database\_subnets) | List of IDs of database subnets | -| [database\_subnets\_cidr\_blocks](#output\_database\_subnets\_cidr\_blocks) | List of cidr\_blocks of database subnets | -| [database\_subnets\_ipv6\_cidr\_blocks](#output\_database\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of database subnets in an IPv6 enabled VPC | -| [default\_network\_acl\_id](#output\_default\_network\_acl\_id) | The ID of the default network ACL | -| [default\_route\_table\_id](#output\_default\_route\_table\_id) | The ID of the default route table | -| [default\_security\_group\_id](#output\_default\_security\_group\_id) | The ID of the security group created by default on VPC creation | -| [default\_vpc\_arn](#output\_default\_vpc\_arn) | The ARN of the Default VPC | -| [default\_vpc\_cidr\_block](#output\_default\_vpc\_cidr\_block) | The CIDR block of the Default VPC | -| [default\_vpc\_default\_network\_acl\_id](#output\_default\_vpc\_default\_network\_acl\_id) | The ID of the default network ACL of the Default VPC | -| [default\_vpc\_default\_route\_table\_id](#output\_default\_vpc\_default\_route\_table\_id) | The ID of the default route table of the Default VPC | -| [default\_vpc\_default\_security\_group\_id](#output\_default\_vpc\_default\_security\_group\_id) | The ID of the security group created by default on Default VPC creation | -| [default\_vpc\_enable\_dns\_hostnames](#output\_default\_vpc\_enable\_dns\_hostnames) | Whether or not the Default VPC has DNS hostname support | -| [default\_vpc\_enable\_dns\_support](#output\_default\_vpc\_enable\_dns\_support) | Whether or not the Default VPC has DNS support | -| [default\_vpc\_id](#output\_default\_vpc\_id) | The ID of the Default VPC | -| [default\_vpc\_instance\_tenancy](#output\_default\_vpc\_instance\_tenancy) | Tenancy of instances spin up within Default VPC | -| [default\_vpc\_main\_route\_table\_id](#output\_default\_vpc\_main\_route\_table\_id) | The ID of the main route table associated with the Default VPC | -| [dhcp\_options\_id](#output\_dhcp\_options\_id) | The ID of the DHCP options | -| [egress\_only\_internet\_gateway\_id](#output\_egress\_only\_internet\_gateway\_id) | The ID of the egress only Internet Gateway | -| [elasticache\_network\_acl\_arn](#output\_elasticache\_network\_acl\_arn) | ARN of the elasticache network ACL | -| [elasticache\_network\_acl\_id](#output\_elasticache\_network\_acl\_id) | ID of the elasticache network ACL | -| [elasticache\_route\_table\_association\_ids](#output\_elasticache\_route\_table\_association\_ids) | List of IDs of the elasticache route table association | -| [elasticache\_route\_table\_ids](#output\_elasticache\_route\_table\_ids) | List of IDs of elasticache route tables | -| [elasticache\_subnet\_arns](#output\_elasticache\_subnet\_arns) | List of ARNs of elasticache subnets | -| [elasticache\_subnet\_group](#output\_elasticache\_subnet\_group) | ID of elasticache subnet group | -| [elasticache\_subnet\_group\_name](#output\_elasticache\_subnet\_group\_name) | Name of elasticache subnet group | -| [elasticache\_subnets](#output\_elasticache\_subnets) | List of IDs of elasticache subnets | -| [elasticache\_subnets\_cidr\_blocks](#output\_elasticache\_subnets\_cidr\_blocks) | List of cidr\_blocks of elasticache subnets | -| [elasticache\_subnets\_ipv6\_cidr\_blocks](#output\_elasticache\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of elasticache subnets in an IPv6 enabled VPC | -| [igw\_arn](#output\_igw\_arn) | The ARN of the Internet Gateway | -| [igw\_id](#output\_igw\_id) | The ID of the Internet Gateway | -| [intra\_network\_acl\_arn](#output\_intra\_network\_acl\_arn) | ARN of the intra network ACL | -| [intra\_network\_acl\_id](#output\_intra\_network\_acl\_id) | ID of the intra network ACL | -| [intra\_route\_table\_association\_ids](#output\_intra\_route\_table\_association\_ids) | List of IDs of the intra route table association | -| [intra\_route\_table\_ids](#output\_intra\_route\_table\_ids) | List of IDs of intra route tables | -| [intra\_subnet\_arns](#output\_intra\_subnet\_arns) | List of ARNs of intra subnets | -| [intra\_subnets](#output\_intra\_subnets) | List of IDs of intra subnets | -| [intra\_subnets\_cidr\_blocks](#output\_intra\_subnets\_cidr\_blocks) | List of cidr\_blocks of intra subnets | -| [intra\_subnets\_ipv6\_cidr\_blocks](#output\_intra\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of intra subnets in an IPv6 enabled VPC | -| [nat\_ids](#output\_nat\_ids) | List of allocation ID of Elastic IPs created for AWS NAT Gateway | -| [nat\_public\_ips](#output\_nat\_public\_ips) | List of public Elastic IPs created for AWS NAT Gateway | -| [natgw\_ids](#output\_natgw\_ids) | List of NAT Gateway IDs | -| [outpost\_network\_acl\_arn](#output\_outpost\_network\_acl\_arn) | ARN of the outpost network ACL | -| [outpost\_network\_acl\_id](#output\_outpost\_network\_acl\_id) | ID of the outpost network ACL | -| [outpost\_subnet\_arns](#output\_outpost\_subnet\_arns) | List of ARNs of outpost subnets | -| [outpost\_subnets](#output\_outpost\_subnets) | List of IDs of outpost subnets | -| [outpost\_subnets\_cidr\_blocks](#output\_outpost\_subnets\_cidr\_blocks) | List of cidr\_blocks of outpost subnets | -| [outpost\_subnets\_ipv6\_cidr\_blocks](#output\_outpost\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of outpost subnets in an IPv6 enabled VPC | -| [private\_ipv6\_egress\_route\_ids](#output\_private\_ipv6\_egress\_route\_ids) | List of IDs of the ipv6 egress route | -| [private\_nat\_gateway\_route\_ids](#output\_private\_nat\_gateway\_route\_ids) | List of IDs of the private nat gateway route | -| [private\_network\_acl\_arn](#output\_private\_network\_acl\_arn) | ARN of the private network ACL | -| [private\_network\_acl\_id](#output\_private\_network\_acl\_id) | ID of the private network ACL | -| [private\_route\_table\_association\_ids](#output\_private\_route\_table\_association\_ids) | List of IDs of the private route table association | -| [private\_route\_table\_ids](#output\_private\_route\_table\_ids) | List of IDs of private route tables | -| [private\_subnet\_arns](#output\_private\_subnet\_arns) | List of ARNs of private subnets | -| [private\_subnets](#output\_private\_subnets) | List of IDs of private subnets | -| [private\_subnets\_cidr\_blocks](#output\_private\_subnets\_cidr\_blocks) | List of cidr\_blocks of private subnets | -| [private\_subnets\_ipv6\_cidr\_blocks](#output\_private\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of private subnets in an IPv6 enabled VPC | -| [public\_internet\_gateway\_ipv6\_route\_id](#output\_public\_internet\_gateway\_ipv6\_route\_id) | ID of the IPv6 internet gateway route | -| [public\_internet\_gateway\_route\_id](#output\_public\_internet\_gateway\_route\_id) | ID of the internet gateway route | -| [public\_network\_acl\_arn](#output\_public\_network\_acl\_arn) | ARN of the public network ACL | -| [public\_network\_acl\_id](#output\_public\_network\_acl\_id) | ID of the public network ACL | -| [public\_route\_table\_association\_ids](#output\_public\_route\_table\_association\_ids) | List of IDs of the public route table association | -| [public\_route\_table\_ids](#output\_public\_route\_table\_ids) | List of IDs of public route tables | -| [public\_subnet\_arns](#output\_public\_subnet\_arns) | List of ARNs of public subnets | -| [public\_subnets](#output\_public\_subnets) | List of IDs of public subnets | -| [public\_subnets\_cidr\_blocks](#output\_public\_subnets\_cidr\_blocks) | List of cidr\_blocks of public subnets | -| [public\_subnets\_ipv6\_cidr\_blocks](#output\_public\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of public subnets in an IPv6 enabled VPC | -| [redshift\_network\_acl\_arn](#output\_redshift\_network\_acl\_arn) | ARN of the redshift network ACL | -| [redshift\_network\_acl\_id](#output\_redshift\_network\_acl\_id) | ID of the redshift network ACL | -| [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshift route table association | -| [redshift\_route\_table\_association\_ids](#output\_redshift\_route\_table\_association\_ids) | List of IDs of the redshift route table association | -| [redshift\_route\_table\_ids](#output\_redshift\_route\_table\_ids) | List of IDs of redshift route tables | -| [redshift\_subnet\_arns](#output\_redshift\_subnet\_arns) | List of ARNs of redshift subnets | -| [redshift\_subnet\_group](#output\_redshift\_subnet\_group) | ID of redshift subnet group | -| [redshift\_subnets](#output\_redshift\_subnets) | List of IDs of redshift subnets | -| [redshift\_subnets\_cidr\_blocks](#output\_redshift\_subnets\_cidr\_blocks) | List of cidr\_blocks of redshift subnets | -| [redshift\_subnets\_ipv6\_cidr\_blocks](#output\_redshift\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of redshift subnets in an IPv6 enabled VPC | -| [this\_customer\_gateway](#output\_this\_customer\_gateway) | Map of Customer Gateway attributes | -| [vgw\_arn](#output\_vgw\_arn) | The ARN of the VPN Gateway | -| [vgw\_id](#output\_vgw\_id) | The ID of the VPN Gateway | -| [vpc\_arn](#output\_vpc\_arn) | The ARN of the VPC | -| [vpc\_cidr\_block](#output\_vpc\_cidr\_block) | The CIDR block of the VPC | -| [vpc\_enable\_dns\_hostnames](#output\_vpc\_enable\_dns\_hostnames) | Whether or not the VPC has DNS hostname support | -| [vpc\_enable\_dns\_support](#output\_vpc\_enable\_dns\_support) | Whether or not the VPC has DNS support | -| [vpc\_flow\_log\_cloudwatch\_iam\_role\_arn](#output\_vpc\_flow\_log\_cloudwatch\_iam\_role\_arn) | The ARN of the IAM role used when pushing logs to Cloudwatch log group | -| [vpc\_flow\_log\_destination\_arn](#output\_vpc\_flow\_log\_destination\_arn) | The ARN of the destination for VPC Flow Logs | -| [vpc\_flow\_log\_destination\_type](#output\_vpc\_flow\_log\_destination\_type) | The type of the destination for VPC Flow Logs | -| [vpc\_flow\_log\_id](#output\_vpc\_flow\_log\_id) | The ID of the Flow Log resource | -| [vpc\_id](#output\_vpc\_id) | The ID of the VPC | -| [vpc\_instance\_tenancy](#output\_vpc\_instance\_tenancy) | Tenancy of instances spin up within VPC | -| [vpc\_ipv6\_association\_id](#output\_vpc\_ipv6\_association\_id) | The association ID for the IPv6 CIDR block | -| [vpc\_ipv6\_cidr\_block](#output\_vpc\_ipv6\_cidr\_block) | The IPv6 CIDR block | -| [vpc\_main\_route\_table\_id](#output\_vpc\_main\_route\_table\_id) | The ID of the main route table associated with this VPC | -| [vpc\_owner\_id](#output\_vpc\_owner\_id) | The ID of the AWS account that owns the VPC | -| [vpc\_secondary\_cidr\_blocks](#output\_vpc\_secondary\_cidr\_blocks) | List of secondary CIDR blocks of the VPC | - diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/manage-default-vpc/main.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/manage-default-vpc/main.tf deleted file mode 100644 index ec8c532d..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/manage-default-vpc/main.tf +++ /dev/null @@ -1,30 +0,0 @@ -provider "aws" { - region = local.region -} - -locals { - name = "ex-${basename(path.cwd)}" - region = "eu-west-1" - - tags = { - Example = local.name - GithubRepo = "terraform-aws-vpc" - GithubOrg = "terraform-aws-modules" - } -} - -################################################################################ -# VPC Module -################################################################################ - -module "vpc" { - source = "../../" - - create_vpc = false - - manage_default_vpc = true - default_vpc_name = "default" - default_vpc_enable_dns_hostnames = true - - tags = local.tags -} diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/manage-default-vpc/outputs.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/manage-default-vpc/outputs.tf deleted file mode 100644 index 77f244a9..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/manage-default-vpc/outputs.tf +++ /dev/null @@ -1,535 +0,0 @@ -output "vpc_id" { - description = "The ID of the VPC" - value = module.vpc.vpc_id -} - -output "vpc_arn" { - description = "The ARN of the VPC" - value = module.vpc.vpc_arn -} - -output "vpc_cidr_block" { - description = "The CIDR block of the VPC" - value = module.vpc.vpc_cidr_block -} - -output "default_security_group_id" { - description = "The ID of the security group created by default on VPC creation" - value = module.vpc.default_security_group_id -} - -output "default_network_acl_id" { - description = "The ID of the default network ACL" - value = module.vpc.default_network_acl_id -} - -output "default_route_table_id" { - description = "The ID of the default route table" - value = module.vpc.default_route_table_id -} - -output "vpc_instance_tenancy" { - description = "Tenancy of instances spin up within VPC" - value = module.vpc.vpc_instance_tenancy -} - -output "vpc_enable_dns_support" { - description = "Whether or not the VPC has DNS support" - value = module.vpc.vpc_enable_dns_support -} - -output "vpc_enable_dns_hostnames" { - description = "Whether or not the VPC has DNS hostname support" - value = module.vpc.vpc_enable_dns_hostnames -} - -output "vpc_main_route_table_id" { - description = "The ID of the main route table associated with this VPC" - value = module.vpc.vpc_main_route_table_id -} - -output "vpc_ipv6_association_id" { - description = "The association ID for the IPv6 CIDR block" - value = module.vpc.vpc_ipv6_association_id -} - -output "vpc_ipv6_cidr_block" { - description = "The IPv6 CIDR block" - value = module.vpc.vpc_ipv6_cidr_block -} - -output "vpc_secondary_cidr_blocks" { - description = "List of secondary CIDR blocks of the VPC" - value = module.vpc.vpc_secondary_cidr_blocks -} - -output "vpc_owner_id" { - description = "The ID of the AWS account that owns the VPC" - value = module.vpc.vpc_owner_id -} - -output "private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc.private_subnets -} - -output "private_subnet_arns" { - description = "List of ARNs of private subnets" - value = module.vpc.private_subnet_arns -} - -output "private_subnets_cidr_blocks" { - description = "List of cidr_blocks of private subnets" - value = module.vpc.private_subnets_cidr_blocks -} - -output "private_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of private subnets in an IPv6 enabled VPC" - value = module.vpc.private_subnets_ipv6_cidr_blocks -} - -output "public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc.public_subnets -} - -output "public_subnet_arns" { - description = "List of ARNs of public subnets" - value = module.vpc.public_subnet_arns -} - -output "public_subnets_cidr_blocks" { - description = "List of cidr_blocks of public subnets" - value = module.vpc.public_subnets_cidr_blocks -} - -output "public_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of public subnets in an IPv6 enabled VPC" - value = module.vpc.public_subnets_ipv6_cidr_blocks -} - -output "outpost_subnets" { - description = "List of IDs of outpost subnets" - value = module.vpc.outpost_subnets -} - -output "outpost_subnet_arns" { - description = "List of ARNs of outpost subnets" - value = module.vpc.outpost_subnet_arns -} - -output "outpost_subnets_cidr_blocks" { - description = "List of cidr_blocks of outpost subnets" - value = module.vpc.outpost_subnets_cidr_blocks -} - -output "outpost_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of outpost subnets in an IPv6 enabled VPC" - value = module.vpc.outpost_subnets_ipv6_cidr_blocks -} - -output "database_subnets" { - description = "List of IDs of database subnets" - value = module.vpc.database_subnets -} - -output "database_subnet_arns" { - description = "List of ARNs of database subnets" - value = module.vpc.database_subnet_arns -} - -output "database_subnets_cidr_blocks" { - description = "List of cidr_blocks of database subnets" - value = module.vpc.database_subnets_cidr_blocks -} - -output "database_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of database subnets in an IPv6 enabled VPC" - value = module.vpc.database_subnets_ipv6_cidr_blocks -} - -output "database_subnet_group" { - description = "ID of database subnet group" - value = module.vpc.database_subnet_group -} - -output "database_subnet_group_name" { - description = "Name of database subnet group" - value = module.vpc.database_subnet_group_name -} - -output "redshift_subnets" { - description = "List of IDs of redshift subnets" - value = module.vpc.redshift_subnets -} - -output "redshift_subnet_arns" { - description = "List of ARNs of redshift subnets" - value = module.vpc.redshift_subnet_arns -} - -output "redshift_subnets_cidr_blocks" { - description = "List of cidr_blocks of redshift subnets" - value = module.vpc.redshift_subnets_cidr_blocks -} - -output "redshift_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of redshift subnets in an IPv6 enabled VPC" - value = module.vpc.redshift_subnets_ipv6_cidr_blocks -} - -output "redshift_subnet_group" { - description = "ID of redshift subnet group" - value = module.vpc.redshift_subnet_group -} - -output "elasticache_subnets" { - description = "List of IDs of elasticache subnets" - value = module.vpc.elasticache_subnets -} - -output "elasticache_subnet_arns" { - description = "List of ARNs of elasticache subnets" - value = module.vpc.elasticache_subnet_arns -} - -output "elasticache_subnets_cidr_blocks" { - description = "List of cidr_blocks of elasticache subnets" - value = module.vpc.elasticache_subnets_cidr_blocks -} - -output "elasticache_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of elasticache subnets in an IPv6 enabled VPC" - value = module.vpc.elasticache_subnets_ipv6_cidr_blocks -} - -output "intra_subnets" { - description = "List of IDs of intra subnets" - value = module.vpc.intra_subnets -} - -output "intra_subnet_arns" { - description = "List of ARNs of intra subnets" - value = module.vpc.intra_subnet_arns -} - -output "intra_subnets_cidr_blocks" { - description = "List of cidr_blocks of intra subnets" - value = module.vpc.intra_subnets_cidr_blocks -} - -output "intra_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of intra subnets in an IPv6 enabled VPC" - value = module.vpc.intra_subnets_ipv6_cidr_blocks -} - -output "elasticache_subnet_group" { - description = "ID of elasticache subnet group" - value = module.vpc.elasticache_subnet_group -} - -output "elasticache_subnet_group_name" { - description = "Name of elasticache subnet group" - value = module.vpc.elasticache_subnet_group_name -} - -output "public_route_table_ids" { - description = "List of IDs of public route tables" - value = module.vpc.public_route_table_ids -} - -output "private_route_table_ids" { - description = "List of IDs of private route tables" - value = module.vpc.private_route_table_ids -} - -output "database_route_table_ids" { - description = "List of IDs of database route tables" - value = module.vpc.database_route_table_ids -} - -output "redshift_route_table_ids" { - description = "List of IDs of redshift route tables" - value = module.vpc.redshift_route_table_ids -} - -output "elasticache_route_table_ids" { - description = "List of IDs of elasticache route tables" - value = module.vpc.elasticache_route_table_ids -} - -output "intra_route_table_ids" { - description = "List of IDs of intra route tables" - value = module.vpc.intra_route_table_ids -} - -output "public_internet_gateway_route_id" { - description = "ID of the internet gateway route" - value = module.vpc.public_internet_gateway_route_id -} - -output "public_internet_gateway_ipv6_route_id" { - description = "ID of the IPv6 internet gateway route" - value = module.vpc.public_internet_gateway_ipv6_route_id -} - -output "database_internet_gateway_route_id" { - description = "ID of the database internet gateway route" - value = module.vpc.database_internet_gateway_route_id -} - -output "database_nat_gateway_route_ids" { - description = "List of IDs of the database nat gateway route" - value = module.vpc.database_nat_gateway_route_ids -} - -output "database_ipv6_egress_route_id" { - description = "ID of the database IPv6 egress route" - value = module.vpc.database_ipv6_egress_route_id -} - -output "private_nat_gateway_route_ids" { - description = "List of IDs of the private nat gateway route" - value = module.vpc.private_nat_gateway_route_ids -} - -output "private_ipv6_egress_route_ids" { - description = "List of IDs of the ipv6 egress route" - value = module.vpc.private_ipv6_egress_route_ids -} - -output "private_route_table_association_ids" { - description = "List of IDs of the private route table association" - value = module.vpc.private_route_table_association_ids -} - -output "database_route_table_association_ids" { - description = "List of IDs of the database route table association" - value = module.vpc.database_route_table_association_ids -} - -output "redshift_route_table_association_ids" { - description = "List of IDs of the redshift route table association" - value = module.vpc.redshift_route_table_association_ids -} - -output "redshift_public_route_table_association_ids" { - description = "List of IDs of the public redshift route table association" - value = module.vpc.redshift_public_route_table_association_ids -} - -output "elasticache_route_table_association_ids" { - description = "List of IDs of the elasticache route table association" - value = module.vpc.elasticache_route_table_association_ids -} - -output "intra_route_table_association_ids" { - description = "List of IDs of the intra route table association" - value = module.vpc.intra_route_table_association_ids -} - -output "public_route_table_association_ids" { - description = "List of IDs of the public route table association" - value = module.vpc.public_route_table_association_ids -} - -output "dhcp_options_id" { - description = "The ID of the DHCP options" - value = module.vpc.dhcp_options_id -} - -output "nat_ids" { - description = "List of allocation ID of Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_ids -} - -output "nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_public_ips -} - -output "natgw_ids" { - description = "List of NAT Gateway IDs" - value = module.vpc.natgw_ids -} - -output "igw_id" { - description = "The ID of the Internet Gateway" - value = module.vpc.igw_id -} - -output "igw_arn" { - description = "The ARN of the Internet Gateway" - value = module.vpc.igw_arn -} - -output "egress_only_internet_gateway_id" { - description = "The ID of the egress only Internet Gateway" - value = module.vpc.egress_only_internet_gateway_id -} - -output "cgw_ids" { - description = "List of IDs of Customer Gateway" - value = module.vpc.cgw_ids -} - -output "cgw_arns" { - description = "List of ARNs of Customer Gateway" - value = module.vpc.cgw_arns -} - -output "this_customer_gateway" { - description = "Map of Customer Gateway attributes" - value = module.vpc.this_customer_gateway -} - -output "vgw_id" { - description = "The ID of the VPN Gateway" - value = module.vpc.vgw_id -} - -output "vgw_arn" { - description = "The ARN of the VPN Gateway" - value = module.vpc.vgw_arn -} - -output "default_vpc_id" { - description = "The ID of the Default VPC" - value = module.vpc.default_vpc_id -} - -output "default_vpc_arn" { - description = "The ARN of the Default VPC" - value = module.vpc.default_vpc_arn -} - -output "default_vpc_cidr_block" { - description = "The CIDR block of the Default VPC" - value = module.vpc.default_vpc_cidr_block -} - -output "default_vpc_default_security_group_id" { - description = "The ID of the security group created by default on Default VPC creation" - value = module.vpc.default_vpc_default_security_group_id -} - -output "default_vpc_default_network_acl_id" { - description = "The ID of the default network ACL of the Default VPC" - value = module.vpc.default_vpc_default_network_acl_id -} - -output "default_vpc_default_route_table_id" { - description = "The ID of the default route table of the Default VPC" - value = module.vpc.default_vpc_default_route_table_id -} - -output "default_vpc_instance_tenancy" { - description = "Tenancy of instances spin up within Default VPC" - value = module.vpc.default_vpc_instance_tenancy -} - -output "default_vpc_enable_dns_support" { - description = "Whether or not the Default VPC has DNS support" - value = module.vpc.default_vpc_enable_dns_support -} - -output "default_vpc_enable_dns_hostnames" { - description = "Whether or not the Default VPC has DNS hostname support" - value = module.vpc.default_vpc_enable_dns_hostnames -} - -output "default_vpc_main_route_table_id" { - description = "The ID of the main route table associated with the Default VPC" - value = module.vpc.default_vpc_main_route_table_id -} - -output "public_network_acl_id" { - description = "ID of the public network ACL" - value = module.vpc.public_network_acl_id -} - -output "public_network_acl_arn" { - description = "ARN of the public network ACL" - value = module.vpc.public_network_acl_arn -} - -output "private_network_acl_id" { - description = "ID of the private network ACL" - value = module.vpc.private_network_acl_id -} - -output "private_network_acl_arn" { - description = "ARN of the private network ACL" - value = module.vpc.private_network_acl_arn -} - -output "outpost_network_acl_id" { - description = "ID of the outpost network ACL" - value = module.vpc.outpost_network_acl_id -} - -output "outpost_network_acl_arn" { - description = "ARN of the outpost network ACL" - value = module.vpc.outpost_network_acl_arn -} - -output "intra_network_acl_id" { - description = "ID of the intra network ACL" - value = module.vpc.intra_network_acl_id -} - -output "intra_network_acl_arn" { - description = "ARN of the intra network ACL" - value = module.vpc.intra_network_acl_arn -} - -output "database_network_acl_id" { - description = "ID of the database network ACL" - value = module.vpc.database_network_acl_id -} - -output "database_network_acl_arn" { - description = "ARN of the database network ACL" - value = module.vpc.database_network_acl_arn -} - -output "redshift_network_acl_id" { - description = "ID of the redshift network ACL" - value = module.vpc.redshift_network_acl_id -} - -output "redshift_network_acl_arn" { - description = "ARN of the redshift network ACL" - value = module.vpc.redshift_network_acl_arn -} - -output "elasticache_network_acl_id" { - description = "ID of the elasticache network ACL" - value = module.vpc.elasticache_network_acl_id -} - -output "elasticache_network_acl_arn" { - description = "ARN of the elasticache network ACL" - value = module.vpc.elasticache_network_acl_arn -} - -# VPC flow log -output "vpc_flow_log_id" { - description = "The ID of the Flow Log resource" - value = module.vpc.vpc_flow_log_id -} - -output "vpc_flow_log_destination_arn" { - description = "The ARN of the destination for VPC Flow Logs" - value = module.vpc.vpc_flow_log_destination_arn -} - -output "vpc_flow_log_destination_type" { - description = "The type of the destination for VPC Flow Logs" - value = module.vpc.vpc_flow_log_destination_type -} - -output "vpc_flow_log_cloudwatch_iam_role_arn" { - description = "The ARN of the IAM role used when pushing logs to Cloudwatch log group" - value = module.vpc.vpc_flow_log_cloudwatch_iam_role_arn -} diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/manage-default-vpc/variables.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/manage-default-vpc/variables.tf deleted file mode 100644 index e69de29b..00000000 diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/manage-default-vpc/versions.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/manage-default-vpc/versions.tf deleted file mode 100644 index ddfcb0e0..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/manage-default-vpc/versions.tf +++ /dev/null @@ -1,10 +0,0 @@ -terraform { - required_version = ">= 1.0" - - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 5.0" - } - } -} diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/network-acls/README.md b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/network-acls/README.md deleted file mode 100644 index 4e6ca7a0..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/network-acls/README.md +++ /dev/null @@ -1,162 +0,0 @@ -# Simple VPC with Network ACLs - -Configuration in this directory creates set of VPC resources along with network ACLs for several subnets. - -Network ACL rules for inbound and outbound traffic are defined as the following: -1. Public and elasticache subnets will have network ACL rules provided -1. Private subnets will be associated with the default network ACL rules (IPV4-only ingress and egress is open for all) - -## Usage - -To run this example you need to execute: - -```bash -$ terraform init -$ terraform plan -$ terraform apply -``` - -Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources. - - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.0 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | >= 5.0 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [vpc](#module\_vpc) | ../../ | n/a | - -## Resources - -| Name | Type | -|------|------| -| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source | - -## Inputs - -No inputs. - -## Outputs - -| Name | Description | -|------|-------------| -| [cgw\_arns](#output\_cgw\_arns) | List of ARNs of Customer Gateway | -| [cgw\_ids](#output\_cgw\_ids) | List of IDs of Customer Gateway | -| [database\_internet\_gateway\_route\_id](#output\_database\_internet\_gateway\_route\_id) | ID of the database internet gateway route | -| [database\_ipv6\_egress\_route\_id](#output\_database\_ipv6\_egress\_route\_id) | ID of the database IPv6 egress route | -| [database\_nat\_gateway\_route\_ids](#output\_database\_nat\_gateway\_route\_ids) | List of IDs of the database nat gateway route | -| [database\_network\_acl\_arn](#output\_database\_network\_acl\_arn) | ARN of the database network ACL | -| [database\_network\_acl\_id](#output\_database\_network\_acl\_id) | ID of the database network ACL | -| [database\_route\_table\_association\_ids](#output\_database\_route\_table\_association\_ids) | List of IDs of the database route table association | -| [database\_route\_table\_ids](#output\_database\_route\_table\_ids) | List of IDs of database route tables | -| [database\_subnet\_arns](#output\_database\_subnet\_arns) | List of ARNs of database subnets | -| [database\_subnet\_group](#output\_database\_subnet\_group) | ID of database subnet group | -| [database\_subnet\_group\_name](#output\_database\_subnet\_group\_name) | Name of database subnet group | -| [database\_subnets](#output\_database\_subnets) | List of IDs of database subnets | -| [database\_subnets\_cidr\_blocks](#output\_database\_subnets\_cidr\_blocks) | List of cidr\_blocks of database subnets | -| [database\_subnets\_ipv6\_cidr\_blocks](#output\_database\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of database subnets in an IPv6 enabled VPC | -| [default\_network\_acl\_id](#output\_default\_network\_acl\_id) | The ID of the default network ACL | -| [default\_route\_table\_id](#output\_default\_route\_table\_id) | The ID of the default route table | -| [default\_security\_group\_id](#output\_default\_security\_group\_id) | The ID of the security group created by default on VPC creation | -| [default\_vpc\_arn](#output\_default\_vpc\_arn) | The ARN of the Default VPC | -| [default\_vpc\_cidr\_block](#output\_default\_vpc\_cidr\_block) | The CIDR block of the Default VPC | -| [default\_vpc\_default\_network\_acl\_id](#output\_default\_vpc\_default\_network\_acl\_id) | The ID of the default network ACL of the Default VPC | -| [default\_vpc\_default\_route\_table\_id](#output\_default\_vpc\_default\_route\_table\_id) | The ID of the default route table of the Default VPC | -| [default\_vpc\_default\_security\_group\_id](#output\_default\_vpc\_default\_security\_group\_id) | The ID of the security group created by default on Default VPC creation | -| [default\_vpc\_enable\_dns\_hostnames](#output\_default\_vpc\_enable\_dns\_hostnames) | Whether or not the Default VPC has DNS hostname support | -| [default\_vpc\_enable\_dns\_support](#output\_default\_vpc\_enable\_dns\_support) | Whether or not the Default VPC has DNS support | -| [default\_vpc\_id](#output\_default\_vpc\_id) | The ID of the Default VPC | -| [default\_vpc\_instance\_tenancy](#output\_default\_vpc\_instance\_tenancy) | Tenancy of instances spin up within Default VPC | -| [default\_vpc\_main\_route\_table\_id](#output\_default\_vpc\_main\_route\_table\_id) | The ID of the main route table associated with the Default VPC | -| [dhcp\_options\_id](#output\_dhcp\_options\_id) | The ID of the DHCP options | -| [egress\_only\_internet\_gateway\_id](#output\_egress\_only\_internet\_gateway\_id) | The ID of the egress only Internet Gateway | -| [elasticache\_network\_acl\_arn](#output\_elasticache\_network\_acl\_arn) | ARN of the elasticache network ACL | -| [elasticache\_network\_acl\_id](#output\_elasticache\_network\_acl\_id) | ID of the elasticache network ACL | -| [elasticache\_route\_table\_association\_ids](#output\_elasticache\_route\_table\_association\_ids) | List of IDs of the elasticache route table association | -| [elasticache\_route\_table\_ids](#output\_elasticache\_route\_table\_ids) | List of IDs of elasticache route tables | -| [elasticache\_subnet\_arns](#output\_elasticache\_subnet\_arns) | List of ARNs of elasticache subnets | -| [elasticache\_subnet\_group](#output\_elasticache\_subnet\_group) | ID of elasticache subnet group | -| [elasticache\_subnet\_group\_name](#output\_elasticache\_subnet\_group\_name) | Name of elasticache subnet group | -| [elasticache\_subnets](#output\_elasticache\_subnets) | List of IDs of elasticache subnets | -| [elasticache\_subnets\_cidr\_blocks](#output\_elasticache\_subnets\_cidr\_blocks) | List of cidr\_blocks of elasticache subnets | -| [elasticache\_subnets\_ipv6\_cidr\_blocks](#output\_elasticache\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of elasticache subnets in an IPv6 enabled VPC | -| [igw\_arn](#output\_igw\_arn) | The ARN of the Internet Gateway | -| [igw\_id](#output\_igw\_id) | The ID of the Internet Gateway | -| [intra\_network\_acl\_arn](#output\_intra\_network\_acl\_arn) | ARN of the intra network ACL | -| [intra\_network\_acl\_id](#output\_intra\_network\_acl\_id) | ID of the intra network ACL | -| [intra\_route\_table\_association\_ids](#output\_intra\_route\_table\_association\_ids) | List of IDs of the intra route table association | -| [intra\_route\_table\_ids](#output\_intra\_route\_table\_ids) | List of IDs of intra route tables | -| [intra\_subnet\_arns](#output\_intra\_subnet\_arns) | List of ARNs of intra subnets | -| [intra\_subnets](#output\_intra\_subnets) | List of IDs of intra subnets | -| [intra\_subnets\_cidr\_blocks](#output\_intra\_subnets\_cidr\_blocks) | List of cidr\_blocks of intra subnets | -| [intra\_subnets\_ipv6\_cidr\_blocks](#output\_intra\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of intra subnets in an IPv6 enabled VPC | -| [nat\_ids](#output\_nat\_ids) | List of allocation ID of Elastic IPs created for AWS NAT Gateway | -| [nat\_public\_ips](#output\_nat\_public\_ips) | List of public Elastic IPs created for AWS NAT Gateway | -| [natgw\_ids](#output\_natgw\_ids) | List of NAT Gateway IDs | -| [outpost\_network\_acl\_arn](#output\_outpost\_network\_acl\_arn) | ARN of the outpost network ACL | -| [outpost\_network\_acl\_id](#output\_outpost\_network\_acl\_id) | ID of the outpost network ACL | -| [outpost\_subnet\_arns](#output\_outpost\_subnet\_arns) | List of ARNs of outpost subnets | -| [outpost\_subnets](#output\_outpost\_subnets) | List of IDs of outpost subnets | -| [outpost\_subnets\_cidr\_blocks](#output\_outpost\_subnets\_cidr\_blocks) | List of cidr\_blocks of outpost subnets | -| [outpost\_subnets\_ipv6\_cidr\_blocks](#output\_outpost\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of outpost subnets in an IPv6 enabled VPC | -| [private\_ipv6\_egress\_route\_ids](#output\_private\_ipv6\_egress\_route\_ids) | List of IDs of the ipv6 egress route | -| [private\_nat\_gateway\_route\_ids](#output\_private\_nat\_gateway\_route\_ids) | List of IDs of the private nat gateway route | -| [private\_network\_acl\_arn](#output\_private\_network\_acl\_arn) | ARN of the private network ACL | -| [private\_network\_acl\_id](#output\_private\_network\_acl\_id) | ID of the private network ACL | -| [private\_route\_table\_association\_ids](#output\_private\_route\_table\_association\_ids) | List of IDs of the private route table association | -| [private\_route\_table\_ids](#output\_private\_route\_table\_ids) | List of IDs of private route tables | -| [private\_subnet\_arns](#output\_private\_subnet\_arns) | List of ARNs of private subnets | -| [private\_subnets](#output\_private\_subnets) | List of IDs of private subnets | -| [private\_subnets\_cidr\_blocks](#output\_private\_subnets\_cidr\_blocks) | List of cidr\_blocks of private subnets | -| [private\_subnets\_ipv6\_cidr\_blocks](#output\_private\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of private subnets in an IPv6 enabled VPC | -| [public\_internet\_gateway\_ipv6\_route\_id](#output\_public\_internet\_gateway\_ipv6\_route\_id) | ID of the IPv6 internet gateway route | -| [public\_internet\_gateway\_route\_id](#output\_public\_internet\_gateway\_route\_id) | ID of the internet gateway route | -| [public\_network\_acl\_arn](#output\_public\_network\_acl\_arn) | ARN of the public network ACL | -| [public\_network\_acl\_id](#output\_public\_network\_acl\_id) | ID of the public network ACL | -| [public\_route\_table\_association\_ids](#output\_public\_route\_table\_association\_ids) | List of IDs of the public route table association | -| [public\_route\_table\_ids](#output\_public\_route\_table\_ids) | List of IDs of public route tables | -| [public\_subnet\_arns](#output\_public\_subnet\_arns) | List of ARNs of public subnets | -| [public\_subnets](#output\_public\_subnets) | List of IDs of public subnets | -| [public\_subnets\_cidr\_blocks](#output\_public\_subnets\_cidr\_blocks) | List of cidr\_blocks of public subnets | -| [public\_subnets\_ipv6\_cidr\_blocks](#output\_public\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of public subnets in an IPv6 enabled VPC | -| [redshift\_network\_acl\_arn](#output\_redshift\_network\_acl\_arn) | ARN of the redshift network ACL | -| [redshift\_network\_acl\_id](#output\_redshift\_network\_acl\_id) | ID of the redshift network ACL | -| [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshift route table association | -| [redshift\_route\_table\_association\_ids](#output\_redshift\_route\_table\_association\_ids) | List of IDs of the redshift route table association | -| [redshift\_route\_table\_ids](#output\_redshift\_route\_table\_ids) | List of IDs of redshift route tables | -| [redshift\_subnet\_arns](#output\_redshift\_subnet\_arns) | List of ARNs of redshift subnets | -| [redshift\_subnet\_group](#output\_redshift\_subnet\_group) | ID of redshift subnet group | -| [redshift\_subnets](#output\_redshift\_subnets) | List of IDs of redshift subnets | -| [redshift\_subnets\_cidr\_blocks](#output\_redshift\_subnets\_cidr\_blocks) | List of cidr\_blocks of redshift subnets | -| [redshift\_subnets\_ipv6\_cidr\_blocks](#output\_redshift\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of redshift subnets in an IPv6 enabled VPC | -| [this\_customer\_gateway](#output\_this\_customer\_gateway) | Map of Customer Gateway attributes | -| [vgw\_arn](#output\_vgw\_arn) | The ARN of the VPN Gateway | -| [vgw\_id](#output\_vgw\_id) | The ID of the VPN Gateway | -| [vpc\_arn](#output\_vpc\_arn) | The ARN of the VPC | -| [vpc\_cidr\_block](#output\_vpc\_cidr\_block) | The CIDR block of the VPC | -| [vpc\_enable\_dns\_hostnames](#output\_vpc\_enable\_dns\_hostnames) | Whether or not the VPC has DNS hostname support | -| [vpc\_enable\_dns\_support](#output\_vpc\_enable\_dns\_support) | Whether or not the VPC has DNS support | -| [vpc\_flow\_log\_cloudwatch\_iam\_role\_arn](#output\_vpc\_flow\_log\_cloudwatch\_iam\_role\_arn) | The ARN of the IAM role used when pushing logs to Cloudwatch log group | -| [vpc\_flow\_log\_destination\_arn](#output\_vpc\_flow\_log\_destination\_arn) | The ARN of the destination for VPC Flow Logs | -| [vpc\_flow\_log\_destination\_type](#output\_vpc\_flow\_log\_destination\_type) | The type of the destination for VPC Flow Logs | -| [vpc\_flow\_log\_id](#output\_vpc\_flow\_log\_id) | The ID of the Flow Log resource | -| [vpc\_id](#output\_vpc\_id) | The ID of the VPC | -| [vpc\_instance\_tenancy](#output\_vpc\_instance\_tenancy) | Tenancy of instances spin up within VPC | -| [vpc\_ipv6\_association\_id](#output\_vpc\_ipv6\_association\_id) | The association ID for the IPv6 CIDR block | -| [vpc\_ipv6\_cidr\_block](#output\_vpc\_ipv6\_cidr\_block) | The IPv6 CIDR block | -| [vpc\_main\_route\_table\_id](#output\_vpc\_main\_route\_table\_id) | The ID of the main route table associated with this VPC | -| [vpc\_owner\_id](#output\_vpc\_owner\_id) | The ID of the AWS account that owns the VPC | -| [vpc\_secondary\_cidr\_blocks](#output\_vpc\_secondary\_cidr\_blocks) | List of secondary CIDR blocks of the VPC | - diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/network-acls/main.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/network-acls/main.tf deleted file mode 100644 index 35c3a221..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/network-acls/main.tf +++ /dev/null @@ -1,209 +0,0 @@ -provider "aws" { - region = local.region -} - -data "aws_availability_zones" "available" {} - -locals { - name = "ex-${basename(path.cwd)}" - region = "eu-west-1" - - vpc_cidr = "10.0.0.0/16" - azs = slice(data.aws_availability_zones.available.names, 0, 3) - - tags = { - Example = local.name - GithubRepo = "terraform-aws-vpc" - GithubOrg = "terraform-aws-modules" - } - - network_acls = { - default_inbound = [ - { - rule_number = 900 - rule_action = "allow" - from_port = 1024 - to_port = 65535 - protocol = "tcp" - cidr_block = "0.0.0.0/0" - }, - ] - default_outbound = [ - { - rule_number = 900 - rule_action = "allow" - from_port = 32768 - to_port = 65535 - protocol = "tcp" - cidr_block = "0.0.0.0/0" - }, - ] - public_inbound = [ - { - rule_number = 100 - rule_action = "allow" - from_port = 80 - to_port = 80 - protocol = "tcp" - cidr_block = "0.0.0.0/0" - }, - { - rule_number = 110 - rule_action = "allow" - from_port = 443 - to_port = 443 - protocol = "tcp" - cidr_block = "0.0.0.0/0" - }, - { - rule_number = 120 - rule_action = "allow" - from_port = 22 - to_port = 22 - protocol = "tcp" - cidr_block = "0.0.0.0/0" - }, - { - rule_number = 130 - rule_action = "allow" - from_port = 3389 - to_port = 3389 - protocol = "tcp" - cidr_block = "0.0.0.0/0" - }, - { - rule_number = 140 - rule_action = "allow" - from_port = 80 - to_port = 80 - protocol = "tcp" - ipv6_cidr_block = "::/0" - }, - ] - public_outbound = [ - { - rule_number = 100 - rule_action = "allow" - from_port = 80 - to_port = 80 - protocol = "tcp" - cidr_block = "0.0.0.0/0" - }, - { - rule_number = 110 - rule_action = "allow" - from_port = 443 - to_port = 443 - protocol = "tcp" - cidr_block = "0.0.0.0/0" - }, - { - rule_number = 120 - rule_action = "allow" - from_port = 1433 - to_port = 1433 - protocol = "tcp" - cidr_block = "10.0.100.0/22" - }, - { - rule_number = 130 - rule_action = "allow" - from_port = 22 - to_port = 22 - protocol = "tcp" - cidr_block = "10.0.100.0/22" - }, - { - rule_number = 140 - rule_action = "allow" - icmp_code = -1 - icmp_type = 8 - protocol = "icmp" - cidr_block = "10.0.0.0/22" - }, - { - rule_number = 150 - rule_action = "allow" - from_port = 90 - to_port = 90 - protocol = "tcp" - ipv6_cidr_block = "::/0" - }, - ] - elasticache_outbound = [ - { - rule_number = 100 - rule_action = "allow" - from_port = 80 - to_port = 80 - protocol = "tcp" - cidr_block = "0.0.0.0/0" - }, - { - rule_number = 110 - rule_action = "allow" - from_port = 443 - to_port = 443 - protocol = "tcp" - cidr_block = "0.0.0.0/0" - }, - { - rule_number = 140 - rule_action = "allow" - icmp_code = -1 - icmp_type = 12 - protocol = "icmp" - cidr_block = "10.0.0.0/22" - }, - { - rule_number = 150 - rule_action = "allow" - from_port = 90 - to_port = 90 - protocol = "tcp" - ipv6_cidr_block = "::/0" - }, - ] - } -} - -################################################################################ -# VPC Module -################################################################################ - -module "vpc" { - source = "../../" - - name = local.name - cidr = local.vpc_cidr - - azs = local.azs - private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k)] - public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 4)] - elasticache_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 8)] - - public_dedicated_network_acl = true - public_inbound_acl_rules = concat(local.network_acls["default_inbound"], local.network_acls["public_inbound"]) - public_outbound_acl_rules = concat(local.network_acls["default_outbound"], local.network_acls["public_outbound"]) - elasticache_outbound_acl_rules = concat(local.network_acls["default_outbound"], local.network_acls["elasticache_outbound"]) - - private_dedicated_network_acl = false - elasticache_dedicated_network_acl = true - - manage_default_network_acl = true - - enable_ipv6 = true - - enable_nat_gateway = false - single_nat_gateway = true - - public_subnet_tags = { - Name = "overridden-name-public" - } - - tags = local.tags - - vpc_tags = { - Name = "vpc-name" - } -} diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/network-acls/outputs.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/network-acls/outputs.tf deleted file mode 100644 index 77f244a9..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/network-acls/outputs.tf +++ /dev/null @@ -1,535 +0,0 @@ -output "vpc_id" { - description = "The ID of the VPC" - value = module.vpc.vpc_id -} - -output "vpc_arn" { - description = "The ARN of the VPC" - value = module.vpc.vpc_arn -} - -output "vpc_cidr_block" { - description = "The CIDR block of the VPC" - value = module.vpc.vpc_cidr_block -} - -output "default_security_group_id" { - description = "The ID of the security group created by default on VPC creation" - value = module.vpc.default_security_group_id -} - -output "default_network_acl_id" { - description = "The ID of the default network ACL" - value = module.vpc.default_network_acl_id -} - -output "default_route_table_id" { - description = "The ID of the default route table" - value = module.vpc.default_route_table_id -} - -output "vpc_instance_tenancy" { - description = "Tenancy of instances spin up within VPC" - value = module.vpc.vpc_instance_tenancy -} - -output "vpc_enable_dns_support" { - description = "Whether or not the VPC has DNS support" - value = module.vpc.vpc_enable_dns_support -} - -output "vpc_enable_dns_hostnames" { - description = "Whether or not the VPC has DNS hostname support" - value = module.vpc.vpc_enable_dns_hostnames -} - -output "vpc_main_route_table_id" { - description = "The ID of the main route table associated with this VPC" - value = module.vpc.vpc_main_route_table_id -} - -output "vpc_ipv6_association_id" { - description = "The association ID for the IPv6 CIDR block" - value = module.vpc.vpc_ipv6_association_id -} - -output "vpc_ipv6_cidr_block" { - description = "The IPv6 CIDR block" - value = module.vpc.vpc_ipv6_cidr_block -} - -output "vpc_secondary_cidr_blocks" { - description = "List of secondary CIDR blocks of the VPC" - value = module.vpc.vpc_secondary_cidr_blocks -} - -output "vpc_owner_id" { - description = "The ID of the AWS account that owns the VPC" - value = module.vpc.vpc_owner_id -} - -output "private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc.private_subnets -} - -output "private_subnet_arns" { - description = "List of ARNs of private subnets" - value = module.vpc.private_subnet_arns -} - -output "private_subnets_cidr_blocks" { - description = "List of cidr_blocks of private subnets" - value = module.vpc.private_subnets_cidr_blocks -} - -output "private_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of private subnets in an IPv6 enabled VPC" - value = module.vpc.private_subnets_ipv6_cidr_blocks -} - -output "public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc.public_subnets -} - -output "public_subnet_arns" { - description = "List of ARNs of public subnets" - value = module.vpc.public_subnet_arns -} - -output "public_subnets_cidr_blocks" { - description = "List of cidr_blocks of public subnets" - value = module.vpc.public_subnets_cidr_blocks -} - -output "public_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of public subnets in an IPv6 enabled VPC" - value = module.vpc.public_subnets_ipv6_cidr_blocks -} - -output "outpost_subnets" { - description = "List of IDs of outpost subnets" - value = module.vpc.outpost_subnets -} - -output "outpost_subnet_arns" { - description = "List of ARNs of outpost subnets" - value = module.vpc.outpost_subnet_arns -} - -output "outpost_subnets_cidr_blocks" { - description = "List of cidr_blocks of outpost subnets" - value = module.vpc.outpost_subnets_cidr_blocks -} - -output "outpost_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of outpost subnets in an IPv6 enabled VPC" - value = module.vpc.outpost_subnets_ipv6_cidr_blocks -} - -output "database_subnets" { - description = "List of IDs of database subnets" - value = module.vpc.database_subnets -} - -output "database_subnet_arns" { - description = "List of ARNs of database subnets" - value = module.vpc.database_subnet_arns -} - -output "database_subnets_cidr_blocks" { - description = "List of cidr_blocks of database subnets" - value = module.vpc.database_subnets_cidr_blocks -} - -output "database_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of database subnets in an IPv6 enabled VPC" - value = module.vpc.database_subnets_ipv6_cidr_blocks -} - -output "database_subnet_group" { - description = "ID of database subnet group" - value = module.vpc.database_subnet_group -} - -output "database_subnet_group_name" { - description = "Name of database subnet group" - value = module.vpc.database_subnet_group_name -} - -output "redshift_subnets" { - description = "List of IDs of redshift subnets" - value = module.vpc.redshift_subnets -} - -output "redshift_subnet_arns" { - description = "List of ARNs of redshift subnets" - value = module.vpc.redshift_subnet_arns -} - -output "redshift_subnets_cidr_blocks" { - description = "List of cidr_blocks of redshift subnets" - value = module.vpc.redshift_subnets_cidr_blocks -} - -output "redshift_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of redshift subnets in an IPv6 enabled VPC" - value = module.vpc.redshift_subnets_ipv6_cidr_blocks -} - -output "redshift_subnet_group" { - description = "ID of redshift subnet group" - value = module.vpc.redshift_subnet_group -} - -output "elasticache_subnets" { - description = "List of IDs of elasticache subnets" - value = module.vpc.elasticache_subnets -} - -output "elasticache_subnet_arns" { - description = "List of ARNs of elasticache subnets" - value = module.vpc.elasticache_subnet_arns -} - -output "elasticache_subnets_cidr_blocks" { - description = "List of cidr_blocks of elasticache subnets" - value = module.vpc.elasticache_subnets_cidr_blocks -} - -output "elasticache_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of elasticache subnets in an IPv6 enabled VPC" - value = module.vpc.elasticache_subnets_ipv6_cidr_blocks -} - -output "intra_subnets" { - description = "List of IDs of intra subnets" - value = module.vpc.intra_subnets -} - -output "intra_subnet_arns" { - description = "List of ARNs of intra subnets" - value = module.vpc.intra_subnet_arns -} - -output "intra_subnets_cidr_blocks" { - description = "List of cidr_blocks of intra subnets" - value = module.vpc.intra_subnets_cidr_blocks -} - -output "intra_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of intra subnets in an IPv6 enabled VPC" - value = module.vpc.intra_subnets_ipv6_cidr_blocks -} - -output "elasticache_subnet_group" { - description = "ID of elasticache subnet group" - value = module.vpc.elasticache_subnet_group -} - -output "elasticache_subnet_group_name" { - description = "Name of elasticache subnet group" - value = module.vpc.elasticache_subnet_group_name -} - -output "public_route_table_ids" { - description = "List of IDs of public route tables" - value = module.vpc.public_route_table_ids -} - -output "private_route_table_ids" { - description = "List of IDs of private route tables" - value = module.vpc.private_route_table_ids -} - -output "database_route_table_ids" { - description = "List of IDs of database route tables" - value = module.vpc.database_route_table_ids -} - -output "redshift_route_table_ids" { - description = "List of IDs of redshift route tables" - value = module.vpc.redshift_route_table_ids -} - -output "elasticache_route_table_ids" { - description = "List of IDs of elasticache route tables" - value = module.vpc.elasticache_route_table_ids -} - -output "intra_route_table_ids" { - description = "List of IDs of intra route tables" - value = module.vpc.intra_route_table_ids -} - -output "public_internet_gateway_route_id" { - description = "ID of the internet gateway route" - value = module.vpc.public_internet_gateway_route_id -} - -output "public_internet_gateway_ipv6_route_id" { - description = "ID of the IPv6 internet gateway route" - value = module.vpc.public_internet_gateway_ipv6_route_id -} - -output "database_internet_gateway_route_id" { - description = "ID of the database internet gateway route" - value = module.vpc.database_internet_gateway_route_id -} - -output "database_nat_gateway_route_ids" { - description = "List of IDs of the database nat gateway route" - value = module.vpc.database_nat_gateway_route_ids -} - -output "database_ipv6_egress_route_id" { - description = "ID of the database IPv6 egress route" - value = module.vpc.database_ipv6_egress_route_id -} - -output "private_nat_gateway_route_ids" { - description = "List of IDs of the private nat gateway route" - value = module.vpc.private_nat_gateway_route_ids -} - -output "private_ipv6_egress_route_ids" { - description = "List of IDs of the ipv6 egress route" - value = module.vpc.private_ipv6_egress_route_ids -} - -output "private_route_table_association_ids" { - description = "List of IDs of the private route table association" - value = module.vpc.private_route_table_association_ids -} - -output "database_route_table_association_ids" { - description = "List of IDs of the database route table association" - value = module.vpc.database_route_table_association_ids -} - -output "redshift_route_table_association_ids" { - description = "List of IDs of the redshift route table association" - value = module.vpc.redshift_route_table_association_ids -} - -output "redshift_public_route_table_association_ids" { - description = "List of IDs of the public redshift route table association" - value = module.vpc.redshift_public_route_table_association_ids -} - -output "elasticache_route_table_association_ids" { - description = "List of IDs of the elasticache route table association" - value = module.vpc.elasticache_route_table_association_ids -} - -output "intra_route_table_association_ids" { - description = "List of IDs of the intra route table association" - value = module.vpc.intra_route_table_association_ids -} - -output "public_route_table_association_ids" { - description = "List of IDs of the public route table association" - value = module.vpc.public_route_table_association_ids -} - -output "dhcp_options_id" { - description = "The ID of the DHCP options" - value = module.vpc.dhcp_options_id -} - -output "nat_ids" { - description = "List of allocation ID of Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_ids -} - -output "nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_public_ips -} - -output "natgw_ids" { - description = "List of NAT Gateway IDs" - value = module.vpc.natgw_ids -} - -output "igw_id" { - description = "The ID of the Internet Gateway" - value = module.vpc.igw_id -} - -output "igw_arn" { - description = "The ARN of the Internet Gateway" - value = module.vpc.igw_arn -} - -output "egress_only_internet_gateway_id" { - description = "The ID of the egress only Internet Gateway" - value = module.vpc.egress_only_internet_gateway_id -} - -output "cgw_ids" { - description = "List of IDs of Customer Gateway" - value = module.vpc.cgw_ids -} - -output "cgw_arns" { - description = "List of ARNs of Customer Gateway" - value = module.vpc.cgw_arns -} - -output "this_customer_gateway" { - description = "Map of Customer Gateway attributes" - value = module.vpc.this_customer_gateway -} - -output "vgw_id" { - description = "The ID of the VPN Gateway" - value = module.vpc.vgw_id -} - -output "vgw_arn" { - description = "The ARN of the VPN Gateway" - value = module.vpc.vgw_arn -} - -output "default_vpc_id" { - description = "The ID of the Default VPC" - value = module.vpc.default_vpc_id -} - -output "default_vpc_arn" { - description = "The ARN of the Default VPC" - value = module.vpc.default_vpc_arn -} - -output "default_vpc_cidr_block" { - description = "The CIDR block of the Default VPC" - value = module.vpc.default_vpc_cidr_block -} - -output "default_vpc_default_security_group_id" { - description = "The ID of the security group created by default on Default VPC creation" - value = module.vpc.default_vpc_default_security_group_id -} - -output "default_vpc_default_network_acl_id" { - description = "The ID of the default network ACL of the Default VPC" - value = module.vpc.default_vpc_default_network_acl_id -} - -output "default_vpc_default_route_table_id" { - description = "The ID of the default route table of the Default VPC" - value = module.vpc.default_vpc_default_route_table_id -} - -output "default_vpc_instance_tenancy" { - description = "Tenancy of instances spin up within Default VPC" - value = module.vpc.default_vpc_instance_tenancy -} - -output "default_vpc_enable_dns_support" { - description = "Whether or not the Default VPC has DNS support" - value = module.vpc.default_vpc_enable_dns_support -} - -output "default_vpc_enable_dns_hostnames" { - description = "Whether or not the Default VPC has DNS hostname support" - value = module.vpc.default_vpc_enable_dns_hostnames -} - -output "default_vpc_main_route_table_id" { - description = "The ID of the main route table associated with the Default VPC" - value = module.vpc.default_vpc_main_route_table_id -} - -output "public_network_acl_id" { - description = "ID of the public network ACL" - value = module.vpc.public_network_acl_id -} - -output "public_network_acl_arn" { - description = "ARN of the public network ACL" - value = module.vpc.public_network_acl_arn -} - -output "private_network_acl_id" { - description = "ID of the private network ACL" - value = module.vpc.private_network_acl_id -} - -output "private_network_acl_arn" { - description = "ARN of the private network ACL" - value = module.vpc.private_network_acl_arn -} - -output "outpost_network_acl_id" { - description = "ID of the outpost network ACL" - value = module.vpc.outpost_network_acl_id -} - -output "outpost_network_acl_arn" { - description = "ARN of the outpost network ACL" - value = module.vpc.outpost_network_acl_arn -} - -output "intra_network_acl_id" { - description = "ID of the intra network ACL" - value = module.vpc.intra_network_acl_id -} - -output "intra_network_acl_arn" { - description = "ARN of the intra network ACL" - value = module.vpc.intra_network_acl_arn -} - -output "database_network_acl_id" { - description = "ID of the database network ACL" - value = module.vpc.database_network_acl_id -} - -output "database_network_acl_arn" { - description = "ARN of the database network ACL" - value = module.vpc.database_network_acl_arn -} - -output "redshift_network_acl_id" { - description = "ID of the redshift network ACL" - value = module.vpc.redshift_network_acl_id -} - -output "redshift_network_acl_arn" { - description = "ARN of the redshift network ACL" - value = module.vpc.redshift_network_acl_arn -} - -output "elasticache_network_acl_id" { - description = "ID of the elasticache network ACL" - value = module.vpc.elasticache_network_acl_id -} - -output "elasticache_network_acl_arn" { - description = "ARN of the elasticache network ACL" - value = module.vpc.elasticache_network_acl_arn -} - -# VPC flow log -output "vpc_flow_log_id" { - description = "The ID of the Flow Log resource" - value = module.vpc.vpc_flow_log_id -} - -output "vpc_flow_log_destination_arn" { - description = "The ARN of the destination for VPC Flow Logs" - value = module.vpc.vpc_flow_log_destination_arn -} - -output "vpc_flow_log_destination_type" { - description = "The type of the destination for VPC Flow Logs" - value = module.vpc.vpc_flow_log_destination_type -} - -output "vpc_flow_log_cloudwatch_iam_role_arn" { - description = "The ARN of the IAM role used when pushing logs to Cloudwatch log group" - value = module.vpc.vpc_flow_log_cloudwatch_iam_role_arn -} diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/network-acls/variables.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/network-acls/variables.tf deleted file mode 100644 index e69de29b..00000000 diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/network-acls/versions.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/network-acls/versions.tf deleted file mode 100644 index ddfcb0e0..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/network-acls/versions.tf +++ /dev/null @@ -1,10 +0,0 @@ -terraform { - required_version = ">= 1.0" - - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 5.0" - } - } -} diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/outpost/README.md b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/outpost/README.md deleted file mode 100644 index 8c7173bb..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/outpost/README.md +++ /dev/null @@ -1,163 +0,0 @@ -# VPC with Outpost Subnet - -Configuration in this directory creates a VPC with public, private, and private outpost subnets. - -This configuration uses data-source to find an available Outpost by name. Change it according to your needs in order to run this example. - -[Read more about AWS regions, availability zones and local zones](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-regions-availability-zones). - -## Usage - -To run this example you need to execute: - -```bash -$ terraform init -$ terraform plan -$ terraform apply -``` - -Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources. - - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.0 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | >= 5.0 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [vpc](#module\_vpc) | ../../ | n/a | - -## Resources - -| Name | Type | -|------|------| -| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source | -| [aws_outposts_outpost.shared](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/outposts_outpost) | data source | - -## Inputs - -No inputs. - -## Outputs - -| Name | Description | -|------|-------------| -| [cgw\_arns](#output\_cgw\_arns) | List of ARNs of Customer Gateway | -| [cgw\_ids](#output\_cgw\_ids) | List of IDs of Customer Gateway | -| [database\_internet\_gateway\_route\_id](#output\_database\_internet\_gateway\_route\_id) | ID of the database internet gateway route | -| [database\_ipv6\_egress\_route\_id](#output\_database\_ipv6\_egress\_route\_id) | ID of the database IPv6 egress route | -| [database\_nat\_gateway\_route\_ids](#output\_database\_nat\_gateway\_route\_ids) | List of IDs of the database nat gateway route | -| [database\_network\_acl\_arn](#output\_database\_network\_acl\_arn) | ARN of the database network ACL | -| [database\_network\_acl\_id](#output\_database\_network\_acl\_id) | ID of the database network ACL | -| [database\_route\_table\_association\_ids](#output\_database\_route\_table\_association\_ids) | List of IDs of the database route table association | -| [database\_route\_table\_ids](#output\_database\_route\_table\_ids) | List of IDs of database route tables | -| [database\_subnet\_arns](#output\_database\_subnet\_arns) | List of ARNs of database subnets | -| [database\_subnet\_group](#output\_database\_subnet\_group) | ID of database subnet group | -| [database\_subnet\_group\_name](#output\_database\_subnet\_group\_name) | Name of database subnet group | -| [database\_subnets](#output\_database\_subnets) | List of IDs of database subnets | -| [database\_subnets\_cidr\_blocks](#output\_database\_subnets\_cidr\_blocks) | List of cidr\_blocks of database subnets | -| [database\_subnets\_ipv6\_cidr\_blocks](#output\_database\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of database subnets in an IPv6 enabled VPC | -| [default\_network\_acl\_id](#output\_default\_network\_acl\_id) | The ID of the default network ACL | -| [default\_route\_table\_id](#output\_default\_route\_table\_id) | The ID of the default route table | -| [default\_security\_group\_id](#output\_default\_security\_group\_id) | The ID of the security group created by default on VPC creation | -| [default\_vpc\_arn](#output\_default\_vpc\_arn) | The ARN of the Default VPC | -| [default\_vpc\_cidr\_block](#output\_default\_vpc\_cidr\_block) | The CIDR block of the Default VPC | -| [default\_vpc\_default\_network\_acl\_id](#output\_default\_vpc\_default\_network\_acl\_id) | The ID of the default network ACL of the Default VPC | -| [default\_vpc\_default\_route\_table\_id](#output\_default\_vpc\_default\_route\_table\_id) | The ID of the default route table of the Default VPC | -| [default\_vpc\_default\_security\_group\_id](#output\_default\_vpc\_default\_security\_group\_id) | The ID of the security group created by default on Default VPC creation | -| [default\_vpc\_enable\_dns\_hostnames](#output\_default\_vpc\_enable\_dns\_hostnames) | Whether or not the Default VPC has DNS hostname support | -| [default\_vpc\_enable\_dns\_support](#output\_default\_vpc\_enable\_dns\_support) | Whether or not the Default VPC has DNS support | -| [default\_vpc\_id](#output\_default\_vpc\_id) | The ID of the Default VPC | -| [default\_vpc\_instance\_tenancy](#output\_default\_vpc\_instance\_tenancy) | Tenancy of instances spin up within Default VPC | -| [default\_vpc\_main\_route\_table\_id](#output\_default\_vpc\_main\_route\_table\_id) | The ID of the main route table associated with the Default VPC | -| [dhcp\_options\_id](#output\_dhcp\_options\_id) | The ID of the DHCP options | -| [egress\_only\_internet\_gateway\_id](#output\_egress\_only\_internet\_gateway\_id) | The ID of the egress only Internet Gateway | -| [elasticache\_network\_acl\_arn](#output\_elasticache\_network\_acl\_arn) | ARN of the elasticache network ACL | -| [elasticache\_network\_acl\_id](#output\_elasticache\_network\_acl\_id) | ID of the elasticache network ACL | -| [elasticache\_route\_table\_association\_ids](#output\_elasticache\_route\_table\_association\_ids) | List of IDs of the elasticache route table association | -| [elasticache\_route\_table\_ids](#output\_elasticache\_route\_table\_ids) | List of IDs of elasticache route tables | -| [elasticache\_subnet\_arns](#output\_elasticache\_subnet\_arns) | List of ARNs of elasticache subnets | -| [elasticache\_subnet\_group](#output\_elasticache\_subnet\_group) | ID of elasticache subnet group | -| [elasticache\_subnet\_group\_name](#output\_elasticache\_subnet\_group\_name) | Name of elasticache subnet group | -| [elasticache\_subnets](#output\_elasticache\_subnets) | List of IDs of elasticache subnets | -| [elasticache\_subnets\_cidr\_blocks](#output\_elasticache\_subnets\_cidr\_blocks) | List of cidr\_blocks of elasticache subnets | -| [elasticache\_subnets\_ipv6\_cidr\_blocks](#output\_elasticache\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of elasticache subnets in an IPv6 enabled VPC | -| [igw\_arn](#output\_igw\_arn) | The ARN of the Internet Gateway | -| [igw\_id](#output\_igw\_id) | The ID of the Internet Gateway | -| [intra\_network\_acl\_arn](#output\_intra\_network\_acl\_arn) | ARN of the intra network ACL | -| [intra\_network\_acl\_id](#output\_intra\_network\_acl\_id) | ID of the intra network ACL | -| [intra\_route\_table\_association\_ids](#output\_intra\_route\_table\_association\_ids) | List of IDs of the intra route table association | -| [intra\_route\_table\_ids](#output\_intra\_route\_table\_ids) | List of IDs of intra route tables | -| [intra\_subnet\_arns](#output\_intra\_subnet\_arns) | List of ARNs of intra subnets | -| [intra\_subnets](#output\_intra\_subnets) | List of IDs of intra subnets | -| [intra\_subnets\_cidr\_blocks](#output\_intra\_subnets\_cidr\_blocks) | List of cidr\_blocks of intra subnets | -| [intra\_subnets\_ipv6\_cidr\_blocks](#output\_intra\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of intra subnets in an IPv6 enabled VPC | -| [nat\_ids](#output\_nat\_ids) | List of allocation ID of Elastic IPs created for AWS NAT Gateway | -| [nat\_public\_ips](#output\_nat\_public\_ips) | List of public Elastic IPs created for AWS NAT Gateway | -| [natgw\_ids](#output\_natgw\_ids) | List of NAT Gateway IDs | -| [outpost\_network\_acl\_arn](#output\_outpost\_network\_acl\_arn) | ARN of the outpost network ACL | -| [outpost\_network\_acl\_id](#output\_outpost\_network\_acl\_id) | ID of the outpost network ACL | -| [outpost\_subnet\_arns](#output\_outpost\_subnet\_arns) | List of ARNs of outpost subnets | -| [outpost\_subnets](#output\_outpost\_subnets) | List of IDs of outpost subnets | -| [outpost\_subnets\_cidr\_blocks](#output\_outpost\_subnets\_cidr\_blocks) | List of cidr\_blocks of outpost subnets | -| [outpost\_subnets\_ipv6\_cidr\_blocks](#output\_outpost\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of outpost subnets in an IPv6 enabled VPC | -| [private\_ipv6\_egress\_route\_ids](#output\_private\_ipv6\_egress\_route\_ids) | List of IDs of the ipv6 egress route | -| [private\_nat\_gateway\_route\_ids](#output\_private\_nat\_gateway\_route\_ids) | List of IDs of the private nat gateway route | -| [private\_network\_acl\_arn](#output\_private\_network\_acl\_arn) | ARN of the private network ACL | -| [private\_network\_acl\_id](#output\_private\_network\_acl\_id) | ID of the private network ACL | -| [private\_route\_table\_association\_ids](#output\_private\_route\_table\_association\_ids) | List of IDs of the private route table association | -| [private\_route\_table\_ids](#output\_private\_route\_table\_ids) | List of IDs of private route tables | -| [private\_subnet\_arns](#output\_private\_subnet\_arns) | List of ARNs of private subnets | -| [private\_subnets](#output\_private\_subnets) | List of IDs of private subnets | -| [private\_subnets\_cidr\_blocks](#output\_private\_subnets\_cidr\_blocks) | List of cidr\_blocks of private subnets | -| [private\_subnets\_ipv6\_cidr\_blocks](#output\_private\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of private subnets in an IPv6 enabled VPC | -| [public\_internet\_gateway\_ipv6\_route\_id](#output\_public\_internet\_gateway\_ipv6\_route\_id) | ID of the IPv6 internet gateway route | -| [public\_internet\_gateway\_route\_id](#output\_public\_internet\_gateway\_route\_id) | ID of the internet gateway route | -| [public\_network\_acl\_arn](#output\_public\_network\_acl\_arn) | ARN of the public network ACL | -| [public\_network\_acl\_id](#output\_public\_network\_acl\_id) | ID of the public network ACL | -| [public\_route\_table\_association\_ids](#output\_public\_route\_table\_association\_ids) | List of IDs of the public route table association | -| [public\_route\_table\_ids](#output\_public\_route\_table\_ids) | List of IDs of public route tables | -| [public\_subnet\_arns](#output\_public\_subnet\_arns) | List of ARNs of public subnets | -| [public\_subnets](#output\_public\_subnets) | List of IDs of public subnets | -| [public\_subnets\_cidr\_blocks](#output\_public\_subnets\_cidr\_blocks) | List of cidr\_blocks of public subnets | -| [public\_subnets\_ipv6\_cidr\_blocks](#output\_public\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of public subnets in an IPv6 enabled VPC | -| [redshift\_network\_acl\_arn](#output\_redshift\_network\_acl\_arn) | ARN of the redshift network ACL | -| [redshift\_network\_acl\_id](#output\_redshift\_network\_acl\_id) | ID of the redshift network ACL | -| [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshift route table association | -| [redshift\_route\_table\_association\_ids](#output\_redshift\_route\_table\_association\_ids) | List of IDs of the redshift route table association | -| [redshift\_route\_table\_ids](#output\_redshift\_route\_table\_ids) | List of IDs of redshift route tables | -| [redshift\_subnet\_arns](#output\_redshift\_subnet\_arns) | List of ARNs of redshift subnets | -| [redshift\_subnet\_group](#output\_redshift\_subnet\_group) | ID of redshift subnet group | -| [redshift\_subnets](#output\_redshift\_subnets) | List of IDs of redshift subnets | -| [redshift\_subnets\_cidr\_blocks](#output\_redshift\_subnets\_cidr\_blocks) | List of cidr\_blocks of redshift subnets | -| [redshift\_subnets\_ipv6\_cidr\_blocks](#output\_redshift\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of redshift subnets in an IPv6 enabled VPC | -| [this\_customer\_gateway](#output\_this\_customer\_gateway) | Map of Customer Gateway attributes | -| [vgw\_arn](#output\_vgw\_arn) | The ARN of the VPN Gateway | -| [vgw\_id](#output\_vgw\_id) | The ID of the VPN Gateway | -| [vpc\_arn](#output\_vpc\_arn) | The ARN of the VPC | -| [vpc\_cidr\_block](#output\_vpc\_cidr\_block) | The CIDR block of the VPC | -| [vpc\_enable\_dns\_hostnames](#output\_vpc\_enable\_dns\_hostnames) | Whether or not the VPC has DNS hostname support | -| [vpc\_enable\_dns\_support](#output\_vpc\_enable\_dns\_support) | Whether or not the VPC has DNS support | -| [vpc\_flow\_log\_cloudwatch\_iam\_role\_arn](#output\_vpc\_flow\_log\_cloudwatch\_iam\_role\_arn) | The ARN of the IAM role used when pushing logs to Cloudwatch log group | -| [vpc\_flow\_log\_destination\_arn](#output\_vpc\_flow\_log\_destination\_arn) | The ARN of the destination for VPC Flow Logs | -| [vpc\_flow\_log\_destination\_type](#output\_vpc\_flow\_log\_destination\_type) | The type of the destination for VPC Flow Logs | -| [vpc\_flow\_log\_id](#output\_vpc\_flow\_log\_id) | The ID of the Flow Log resource | -| [vpc\_id](#output\_vpc\_id) | The ID of the VPC | -| [vpc\_instance\_tenancy](#output\_vpc\_instance\_tenancy) | Tenancy of instances spin up within VPC | -| [vpc\_ipv6\_association\_id](#output\_vpc\_ipv6\_association\_id) | The association ID for the IPv6 CIDR block | -| [vpc\_ipv6\_cidr\_block](#output\_vpc\_ipv6\_cidr\_block) | The IPv6 CIDR block | -| [vpc\_main\_route\_table\_id](#output\_vpc\_main\_route\_table\_id) | The ID of the main route table associated with this VPC | -| [vpc\_owner\_id](#output\_vpc\_owner\_id) | The ID of the AWS account that owns the VPC | -| [vpc\_secondary\_cidr\_blocks](#output\_vpc\_secondary\_cidr\_blocks) | List of secondary CIDR blocks of the VPC | - diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/outpost/main.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/outpost/main.tf deleted file mode 100644 index b65e8d75..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/outpost/main.tf +++ /dev/null @@ -1,162 +0,0 @@ -provider "aws" { - region = local.region - - assume_role { - role_arn = "arn:aws:iam::562806027032:role/outpost-shared-anton" - } -} - -data "aws_availability_zones" "available" {} - -locals { - name = "ex-${basename(path.cwd)}" - region = "eu-west-1" - - vpc_cidr = "10.0.0.0/16" - azs = slice(data.aws_availability_zones.available.names, 0, 3) - - tags = { - Example = local.name - GithubRepo = "terraform-aws-vpc" - GithubOrg = "terraform-aws-modules" - } - - network_acls = { - outpost_inbound = [ - { - rule_number = 100 - rule_action = "allow" - from_port = 80 - to_port = 80 - protocol = "tcp" - cidr_block = "0.0.0.0/0" - }, - { - rule_number = 110 - rule_action = "allow" - from_port = 443 - to_port = 443 - protocol = "tcp" - cidr_block = "0.0.0.0/0" - }, - { - rule_number = 120 - rule_action = "allow" - from_port = 22 - to_port = 22 - protocol = "tcp" - cidr_block = "0.0.0.0/0" - }, - { - rule_number = 130 - rule_action = "allow" - from_port = 3389 - to_port = 3389 - protocol = "tcp" - cidr_block = "0.0.0.0/0" - }, - { - rule_number = 140 - rule_action = "allow" - from_port = 80 - to_port = 80 - protocol = "tcp" - ipv6_cidr_block = "::/0" - }, - ] - outpost_outbound = [ - { - rule_number = 100 - rule_action = "allow" - from_port = 80 - to_port = 80 - protocol = "tcp" - cidr_block = "0.0.0.0/0" - }, - { - rule_number = 110 - rule_action = "allow" - from_port = 443 - to_port = 443 - protocol = "tcp" - cidr_block = "0.0.0.0/0" - }, - { - rule_number = 120 - rule_action = "allow" - from_port = 1433 - to_port = 1433 - protocol = "tcp" - cidr_block = "10.0.100.0/22" - }, - { - rule_number = 130 - rule_action = "allow" - from_port = 22 - to_port = 22 - protocol = "tcp" - cidr_block = "10.0.100.0/22" - }, - { - rule_number = 140 - rule_action = "allow" - icmp_code = -1 - icmp_type = 8 - protocol = "icmp" - cidr_block = "10.0.0.0/22" - }, - { - rule_number = 150 - rule_action = "allow" - from_port = 90 - to_port = 90 - protocol = "tcp" - ipv6_cidr_block = "::/0" - }, - ] - } -} - -################################################################################ -# VPC Module -################################################################################ - -module "vpc" { - source = "../../" - - name = local.name - cidr = local.vpc_cidr - - azs = local.azs - private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k)] - public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 4)] - - # Outpost is using single AZ specified in `outpost_az` - outpost_subnets = ["10.0.50.0/24", "10.0.51.0/24"] - outpost_arn = data.aws_outposts_outpost.shared.arn - outpost_az = data.aws_outposts_outpost.shared.availability_zone - - # IPv6 - enable_ipv6 = true - outpost_subnet_assign_ipv6_address_on_creation = true - outpost_subnet_ipv6_prefixes = [2, 3, 4] - - # NAT Gateway - enable_nat_gateway = true - single_nat_gateway = true - - # Network ACLs - outpost_dedicated_network_acl = true - outpost_inbound_acl_rules = local.network_acls["outpost_inbound"] - outpost_outbound_acl_rules = local.network_acls["outpost_outbound"] - - tags = local.tags -} - -################################################################################ -# Supporting Resources -################################################################################ - -data "aws_outposts_outpost" "shared" { - name = "SEA19.07" -} diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/outpost/outputs.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/outpost/outputs.tf deleted file mode 100644 index 77f244a9..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/outpost/outputs.tf +++ /dev/null @@ -1,535 +0,0 @@ -output "vpc_id" { - description = "The ID of the VPC" - value = module.vpc.vpc_id -} - -output "vpc_arn" { - description = "The ARN of the VPC" - value = module.vpc.vpc_arn -} - -output "vpc_cidr_block" { - description = "The CIDR block of the VPC" - value = module.vpc.vpc_cidr_block -} - -output "default_security_group_id" { - description = "The ID of the security group created by default on VPC creation" - value = module.vpc.default_security_group_id -} - -output "default_network_acl_id" { - description = "The ID of the default network ACL" - value = module.vpc.default_network_acl_id -} - -output "default_route_table_id" { - description = "The ID of the default route table" - value = module.vpc.default_route_table_id -} - -output "vpc_instance_tenancy" { - description = "Tenancy of instances spin up within VPC" - value = module.vpc.vpc_instance_tenancy -} - -output "vpc_enable_dns_support" { - description = "Whether or not the VPC has DNS support" - value = module.vpc.vpc_enable_dns_support -} - -output "vpc_enable_dns_hostnames" { - description = "Whether or not the VPC has DNS hostname support" - value = module.vpc.vpc_enable_dns_hostnames -} - -output "vpc_main_route_table_id" { - description = "The ID of the main route table associated with this VPC" - value = module.vpc.vpc_main_route_table_id -} - -output "vpc_ipv6_association_id" { - description = "The association ID for the IPv6 CIDR block" - value = module.vpc.vpc_ipv6_association_id -} - -output "vpc_ipv6_cidr_block" { - description = "The IPv6 CIDR block" - value = module.vpc.vpc_ipv6_cidr_block -} - -output "vpc_secondary_cidr_blocks" { - description = "List of secondary CIDR blocks of the VPC" - value = module.vpc.vpc_secondary_cidr_blocks -} - -output "vpc_owner_id" { - description = "The ID of the AWS account that owns the VPC" - value = module.vpc.vpc_owner_id -} - -output "private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc.private_subnets -} - -output "private_subnet_arns" { - description = "List of ARNs of private subnets" - value = module.vpc.private_subnet_arns -} - -output "private_subnets_cidr_blocks" { - description = "List of cidr_blocks of private subnets" - value = module.vpc.private_subnets_cidr_blocks -} - -output "private_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of private subnets in an IPv6 enabled VPC" - value = module.vpc.private_subnets_ipv6_cidr_blocks -} - -output "public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc.public_subnets -} - -output "public_subnet_arns" { - description = "List of ARNs of public subnets" - value = module.vpc.public_subnet_arns -} - -output "public_subnets_cidr_blocks" { - description = "List of cidr_blocks of public subnets" - value = module.vpc.public_subnets_cidr_blocks -} - -output "public_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of public subnets in an IPv6 enabled VPC" - value = module.vpc.public_subnets_ipv6_cidr_blocks -} - -output "outpost_subnets" { - description = "List of IDs of outpost subnets" - value = module.vpc.outpost_subnets -} - -output "outpost_subnet_arns" { - description = "List of ARNs of outpost subnets" - value = module.vpc.outpost_subnet_arns -} - -output "outpost_subnets_cidr_blocks" { - description = "List of cidr_blocks of outpost subnets" - value = module.vpc.outpost_subnets_cidr_blocks -} - -output "outpost_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of outpost subnets in an IPv6 enabled VPC" - value = module.vpc.outpost_subnets_ipv6_cidr_blocks -} - -output "database_subnets" { - description = "List of IDs of database subnets" - value = module.vpc.database_subnets -} - -output "database_subnet_arns" { - description = "List of ARNs of database subnets" - value = module.vpc.database_subnet_arns -} - -output "database_subnets_cidr_blocks" { - description = "List of cidr_blocks of database subnets" - value = module.vpc.database_subnets_cidr_blocks -} - -output "database_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of database subnets in an IPv6 enabled VPC" - value = module.vpc.database_subnets_ipv6_cidr_blocks -} - -output "database_subnet_group" { - description = "ID of database subnet group" - value = module.vpc.database_subnet_group -} - -output "database_subnet_group_name" { - description = "Name of database subnet group" - value = module.vpc.database_subnet_group_name -} - -output "redshift_subnets" { - description = "List of IDs of redshift subnets" - value = module.vpc.redshift_subnets -} - -output "redshift_subnet_arns" { - description = "List of ARNs of redshift subnets" - value = module.vpc.redshift_subnet_arns -} - -output "redshift_subnets_cidr_blocks" { - description = "List of cidr_blocks of redshift subnets" - value = module.vpc.redshift_subnets_cidr_blocks -} - -output "redshift_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of redshift subnets in an IPv6 enabled VPC" - value = module.vpc.redshift_subnets_ipv6_cidr_blocks -} - -output "redshift_subnet_group" { - description = "ID of redshift subnet group" - value = module.vpc.redshift_subnet_group -} - -output "elasticache_subnets" { - description = "List of IDs of elasticache subnets" - value = module.vpc.elasticache_subnets -} - -output "elasticache_subnet_arns" { - description = "List of ARNs of elasticache subnets" - value = module.vpc.elasticache_subnet_arns -} - -output "elasticache_subnets_cidr_blocks" { - description = "List of cidr_blocks of elasticache subnets" - value = module.vpc.elasticache_subnets_cidr_blocks -} - -output "elasticache_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of elasticache subnets in an IPv6 enabled VPC" - value = module.vpc.elasticache_subnets_ipv6_cidr_blocks -} - -output "intra_subnets" { - description = "List of IDs of intra subnets" - value = module.vpc.intra_subnets -} - -output "intra_subnet_arns" { - description = "List of ARNs of intra subnets" - value = module.vpc.intra_subnet_arns -} - -output "intra_subnets_cidr_blocks" { - description = "List of cidr_blocks of intra subnets" - value = module.vpc.intra_subnets_cidr_blocks -} - -output "intra_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of intra subnets in an IPv6 enabled VPC" - value = module.vpc.intra_subnets_ipv6_cidr_blocks -} - -output "elasticache_subnet_group" { - description = "ID of elasticache subnet group" - value = module.vpc.elasticache_subnet_group -} - -output "elasticache_subnet_group_name" { - description = "Name of elasticache subnet group" - value = module.vpc.elasticache_subnet_group_name -} - -output "public_route_table_ids" { - description = "List of IDs of public route tables" - value = module.vpc.public_route_table_ids -} - -output "private_route_table_ids" { - description = "List of IDs of private route tables" - value = module.vpc.private_route_table_ids -} - -output "database_route_table_ids" { - description = "List of IDs of database route tables" - value = module.vpc.database_route_table_ids -} - -output "redshift_route_table_ids" { - description = "List of IDs of redshift route tables" - value = module.vpc.redshift_route_table_ids -} - -output "elasticache_route_table_ids" { - description = "List of IDs of elasticache route tables" - value = module.vpc.elasticache_route_table_ids -} - -output "intra_route_table_ids" { - description = "List of IDs of intra route tables" - value = module.vpc.intra_route_table_ids -} - -output "public_internet_gateway_route_id" { - description = "ID of the internet gateway route" - value = module.vpc.public_internet_gateway_route_id -} - -output "public_internet_gateway_ipv6_route_id" { - description = "ID of the IPv6 internet gateway route" - value = module.vpc.public_internet_gateway_ipv6_route_id -} - -output "database_internet_gateway_route_id" { - description = "ID of the database internet gateway route" - value = module.vpc.database_internet_gateway_route_id -} - -output "database_nat_gateway_route_ids" { - description = "List of IDs of the database nat gateway route" - value = module.vpc.database_nat_gateway_route_ids -} - -output "database_ipv6_egress_route_id" { - description = "ID of the database IPv6 egress route" - value = module.vpc.database_ipv6_egress_route_id -} - -output "private_nat_gateway_route_ids" { - description = "List of IDs of the private nat gateway route" - value = module.vpc.private_nat_gateway_route_ids -} - -output "private_ipv6_egress_route_ids" { - description = "List of IDs of the ipv6 egress route" - value = module.vpc.private_ipv6_egress_route_ids -} - -output "private_route_table_association_ids" { - description = "List of IDs of the private route table association" - value = module.vpc.private_route_table_association_ids -} - -output "database_route_table_association_ids" { - description = "List of IDs of the database route table association" - value = module.vpc.database_route_table_association_ids -} - -output "redshift_route_table_association_ids" { - description = "List of IDs of the redshift route table association" - value = module.vpc.redshift_route_table_association_ids -} - -output "redshift_public_route_table_association_ids" { - description = "List of IDs of the public redshift route table association" - value = module.vpc.redshift_public_route_table_association_ids -} - -output "elasticache_route_table_association_ids" { - description = "List of IDs of the elasticache route table association" - value = module.vpc.elasticache_route_table_association_ids -} - -output "intra_route_table_association_ids" { - description = "List of IDs of the intra route table association" - value = module.vpc.intra_route_table_association_ids -} - -output "public_route_table_association_ids" { - description = "List of IDs of the public route table association" - value = module.vpc.public_route_table_association_ids -} - -output "dhcp_options_id" { - description = "The ID of the DHCP options" - value = module.vpc.dhcp_options_id -} - -output "nat_ids" { - description = "List of allocation ID of Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_ids -} - -output "nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_public_ips -} - -output "natgw_ids" { - description = "List of NAT Gateway IDs" - value = module.vpc.natgw_ids -} - -output "igw_id" { - description = "The ID of the Internet Gateway" - value = module.vpc.igw_id -} - -output "igw_arn" { - description = "The ARN of the Internet Gateway" - value = module.vpc.igw_arn -} - -output "egress_only_internet_gateway_id" { - description = "The ID of the egress only Internet Gateway" - value = module.vpc.egress_only_internet_gateway_id -} - -output "cgw_ids" { - description = "List of IDs of Customer Gateway" - value = module.vpc.cgw_ids -} - -output "cgw_arns" { - description = "List of ARNs of Customer Gateway" - value = module.vpc.cgw_arns -} - -output "this_customer_gateway" { - description = "Map of Customer Gateway attributes" - value = module.vpc.this_customer_gateway -} - -output "vgw_id" { - description = "The ID of the VPN Gateway" - value = module.vpc.vgw_id -} - -output "vgw_arn" { - description = "The ARN of the VPN Gateway" - value = module.vpc.vgw_arn -} - -output "default_vpc_id" { - description = "The ID of the Default VPC" - value = module.vpc.default_vpc_id -} - -output "default_vpc_arn" { - description = "The ARN of the Default VPC" - value = module.vpc.default_vpc_arn -} - -output "default_vpc_cidr_block" { - description = "The CIDR block of the Default VPC" - value = module.vpc.default_vpc_cidr_block -} - -output "default_vpc_default_security_group_id" { - description = "The ID of the security group created by default on Default VPC creation" - value = module.vpc.default_vpc_default_security_group_id -} - -output "default_vpc_default_network_acl_id" { - description = "The ID of the default network ACL of the Default VPC" - value = module.vpc.default_vpc_default_network_acl_id -} - -output "default_vpc_default_route_table_id" { - description = "The ID of the default route table of the Default VPC" - value = module.vpc.default_vpc_default_route_table_id -} - -output "default_vpc_instance_tenancy" { - description = "Tenancy of instances spin up within Default VPC" - value = module.vpc.default_vpc_instance_tenancy -} - -output "default_vpc_enable_dns_support" { - description = "Whether or not the Default VPC has DNS support" - value = module.vpc.default_vpc_enable_dns_support -} - -output "default_vpc_enable_dns_hostnames" { - description = "Whether or not the Default VPC has DNS hostname support" - value = module.vpc.default_vpc_enable_dns_hostnames -} - -output "default_vpc_main_route_table_id" { - description = "The ID of the main route table associated with the Default VPC" - value = module.vpc.default_vpc_main_route_table_id -} - -output "public_network_acl_id" { - description = "ID of the public network ACL" - value = module.vpc.public_network_acl_id -} - -output "public_network_acl_arn" { - description = "ARN of the public network ACL" - value = module.vpc.public_network_acl_arn -} - -output "private_network_acl_id" { - description = "ID of the private network ACL" - value = module.vpc.private_network_acl_id -} - -output "private_network_acl_arn" { - description = "ARN of the private network ACL" - value = module.vpc.private_network_acl_arn -} - -output "outpost_network_acl_id" { - description = "ID of the outpost network ACL" - value = module.vpc.outpost_network_acl_id -} - -output "outpost_network_acl_arn" { - description = "ARN of the outpost network ACL" - value = module.vpc.outpost_network_acl_arn -} - -output "intra_network_acl_id" { - description = "ID of the intra network ACL" - value = module.vpc.intra_network_acl_id -} - -output "intra_network_acl_arn" { - description = "ARN of the intra network ACL" - value = module.vpc.intra_network_acl_arn -} - -output "database_network_acl_id" { - description = "ID of the database network ACL" - value = module.vpc.database_network_acl_id -} - -output "database_network_acl_arn" { - description = "ARN of the database network ACL" - value = module.vpc.database_network_acl_arn -} - -output "redshift_network_acl_id" { - description = "ID of the redshift network ACL" - value = module.vpc.redshift_network_acl_id -} - -output "redshift_network_acl_arn" { - description = "ARN of the redshift network ACL" - value = module.vpc.redshift_network_acl_arn -} - -output "elasticache_network_acl_id" { - description = "ID of the elasticache network ACL" - value = module.vpc.elasticache_network_acl_id -} - -output "elasticache_network_acl_arn" { - description = "ARN of the elasticache network ACL" - value = module.vpc.elasticache_network_acl_arn -} - -# VPC flow log -output "vpc_flow_log_id" { - description = "The ID of the Flow Log resource" - value = module.vpc.vpc_flow_log_id -} - -output "vpc_flow_log_destination_arn" { - description = "The ARN of the destination for VPC Flow Logs" - value = module.vpc.vpc_flow_log_destination_arn -} - -output "vpc_flow_log_destination_type" { - description = "The type of the destination for VPC Flow Logs" - value = module.vpc.vpc_flow_log_destination_type -} - -output "vpc_flow_log_cloudwatch_iam_role_arn" { - description = "The ARN of the IAM role used when pushing logs to Cloudwatch log group" - value = module.vpc.vpc_flow_log_cloudwatch_iam_role_arn -} diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/outpost/variables.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/outpost/variables.tf deleted file mode 100644 index e69de29b..00000000 diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/outpost/versions.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/outpost/versions.tf deleted file mode 100644 index ddfcb0e0..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/outpost/versions.tf +++ /dev/null @@ -1,10 +0,0 @@ -terraform { - required_version = ">= 1.0" - - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 5.0" - } - } -} diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/secondary-cidr-blocks/README.md b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/secondary-cidr-blocks/README.md deleted file mode 100644 index 5054d43f..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/secondary-cidr-blocks/README.md +++ /dev/null @@ -1,160 +0,0 @@ -# Simple VPC with secondary CIDR blocks - -Configuration in this directory creates set of VPC resources across multiple CIDR blocks. - -There is a public and private subnet created per availability zone in addition to single NAT Gateway shared between all 3 availability zones. - -## Usage - -To run this example you need to execute: - -```bash -$ terraform init -$ terraform plan -$ terraform apply -``` - -Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources. - - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.0 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | >= 5.0 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [vpc](#module\_vpc) | ../../ | n/a | - -## Resources - -| Name | Type | -|------|------| -| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source | - -## Inputs - -No inputs. - -## Outputs - -| Name | Description | -|------|-------------| -| [cgw\_arns](#output\_cgw\_arns) | List of ARNs of Customer Gateway | -| [cgw\_ids](#output\_cgw\_ids) | List of IDs of Customer Gateway | -| [database\_internet\_gateway\_route\_id](#output\_database\_internet\_gateway\_route\_id) | ID of the database internet gateway route | -| [database\_ipv6\_egress\_route\_id](#output\_database\_ipv6\_egress\_route\_id) | ID of the database IPv6 egress route | -| [database\_nat\_gateway\_route\_ids](#output\_database\_nat\_gateway\_route\_ids) | List of IDs of the database nat gateway route | -| [database\_network\_acl\_arn](#output\_database\_network\_acl\_arn) | ARN of the database network ACL | -| [database\_network\_acl\_id](#output\_database\_network\_acl\_id) | ID of the database network ACL | -| [database\_route\_table\_association\_ids](#output\_database\_route\_table\_association\_ids) | List of IDs of the database route table association | -| [database\_route\_table\_ids](#output\_database\_route\_table\_ids) | List of IDs of database route tables | -| [database\_subnet\_arns](#output\_database\_subnet\_arns) | List of ARNs of database subnets | -| [database\_subnet\_group](#output\_database\_subnet\_group) | ID of database subnet group | -| [database\_subnet\_group\_name](#output\_database\_subnet\_group\_name) | Name of database subnet group | -| [database\_subnets](#output\_database\_subnets) | List of IDs of database subnets | -| [database\_subnets\_cidr\_blocks](#output\_database\_subnets\_cidr\_blocks) | List of cidr\_blocks of database subnets | -| [database\_subnets\_ipv6\_cidr\_blocks](#output\_database\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of database subnets in an IPv6 enabled VPC | -| [default\_network\_acl\_id](#output\_default\_network\_acl\_id) | The ID of the default network ACL | -| [default\_route\_table\_id](#output\_default\_route\_table\_id) | The ID of the default route table | -| [default\_security\_group\_id](#output\_default\_security\_group\_id) | The ID of the security group created by default on VPC creation | -| [default\_vpc\_arn](#output\_default\_vpc\_arn) | The ARN of the Default VPC | -| [default\_vpc\_cidr\_block](#output\_default\_vpc\_cidr\_block) | The CIDR block of the Default VPC | -| [default\_vpc\_default\_network\_acl\_id](#output\_default\_vpc\_default\_network\_acl\_id) | The ID of the default network ACL of the Default VPC | -| [default\_vpc\_default\_route\_table\_id](#output\_default\_vpc\_default\_route\_table\_id) | The ID of the default route table of the Default VPC | -| [default\_vpc\_default\_security\_group\_id](#output\_default\_vpc\_default\_security\_group\_id) | The ID of the security group created by default on Default VPC creation | -| [default\_vpc\_enable\_dns\_hostnames](#output\_default\_vpc\_enable\_dns\_hostnames) | Whether or not the Default VPC has DNS hostname support | -| [default\_vpc\_enable\_dns\_support](#output\_default\_vpc\_enable\_dns\_support) | Whether or not the Default VPC has DNS support | -| [default\_vpc\_id](#output\_default\_vpc\_id) | The ID of the Default VPC | -| [default\_vpc\_instance\_tenancy](#output\_default\_vpc\_instance\_tenancy) | Tenancy of instances spin up within Default VPC | -| [default\_vpc\_main\_route\_table\_id](#output\_default\_vpc\_main\_route\_table\_id) | The ID of the main route table associated with the Default VPC | -| [dhcp\_options\_id](#output\_dhcp\_options\_id) | The ID of the DHCP options | -| [egress\_only\_internet\_gateway\_id](#output\_egress\_only\_internet\_gateway\_id) | The ID of the egress only Internet Gateway | -| [elasticache\_network\_acl\_arn](#output\_elasticache\_network\_acl\_arn) | ARN of the elasticache network ACL | -| [elasticache\_network\_acl\_id](#output\_elasticache\_network\_acl\_id) | ID of the elasticache network ACL | -| [elasticache\_route\_table\_association\_ids](#output\_elasticache\_route\_table\_association\_ids) | List of IDs of the elasticache route table association | -| [elasticache\_route\_table\_ids](#output\_elasticache\_route\_table\_ids) | List of IDs of elasticache route tables | -| [elasticache\_subnet\_arns](#output\_elasticache\_subnet\_arns) | List of ARNs of elasticache subnets | -| [elasticache\_subnet\_group](#output\_elasticache\_subnet\_group) | ID of elasticache subnet group | -| [elasticache\_subnet\_group\_name](#output\_elasticache\_subnet\_group\_name) | Name of elasticache subnet group | -| [elasticache\_subnets](#output\_elasticache\_subnets) | List of IDs of elasticache subnets | -| [elasticache\_subnets\_cidr\_blocks](#output\_elasticache\_subnets\_cidr\_blocks) | List of cidr\_blocks of elasticache subnets | -| [elasticache\_subnets\_ipv6\_cidr\_blocks](#output\_elasticache\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of elasticache subnets in an IPv6 enabled VPC | -| [igw\_arn](#output\_igw\_arn) | The ARN of the Internet Gateway | -| [igw\_id](#output\_igw\_id) | The ID of the Internet Gateway | -| [intra\_network\_acl\_arn](#output\_intra\_network\_acl\_arn) | ARN of the intra network ACL | -| [intra\_network\_acl\_id](#output\_intra\_network\_acl\_id) | ID of the intra network ACL | -| [intra\_route\_table\_association\_ids](#output\_intra\_route\_table\_association\_ids) | List of IDs of the intra route table association | -| [intra\_route\_table\_ids](#output\_intra\_route\_table\_ids) | List of IDs of intra route tables | -| [intra\_subnet\_arns](#output\_intra\_subnet\_arns) | List of ARNs of intra subnets | -| [intra\_subnets](#output\_intra\_subnets) | List of IDs of intra subnets | -| [intra\_subnets\_cidr\_blocks](#output\_intra\_subnets\_cidr\_blocks) | List of cidr\_blocks of intra subnets | -| [intra\_subnets\_ipv6\_cidr\_blocks](#output\_intra\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of intra subnets in an IPv6 enabled VPC | -| [nat\_ids](#output\_nat\_ids) | List of allocation ID of Elastic IPs created for AWS NAT Gateway | -| [nat\_public\_ips](#output\_nat\_public\_ips) | List of public Elastic IPs created for AWS NAT Gateway | -| [natgw\_ids](#output\_natgw\_ids) | List of NAT Gateway IDs | -| [outpost\_network\_acl\_arn](#output\_outpost\_network\_acl\_arn) | ARN of the outpost network ACL | -| [outpost\_network\_acl\_id](#output\_outpost\_network\_acl\_id) | ID of the outpost network ACL | -| [outpost\_subnet\_arns](#output\_outpost\_subnet\_arns) | List of ARNs of outpost subnets | -| [outpost\_subnets](#output\_outpost\_subnets) | List of IDs of outpost subnets | -| [outpost\_subnets\_cidr\_blocks](#output\_outpost\_subnets\_cidr\_blocks) | List of cidr\_blocks of outpost subnets | -| [outpost\_subnets\_ipv6\_cidr\_blocks](#output\_outpost\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of outpost subnets in an IPv6 enabled VPC | -| [private\_ipv6\_egress\_route\_ids](#output\_private\_ipv6\_egress\_route\_ids) | List of IDs of the ipv6 egress route | -| [private\_nat\_gateway\_route\_ids](#output\_private\_nat\_gateway\_route\_ids) | List of IDs of the private nat gateway route | -| [private\_network\_acl\_arn](#output\_private\_network\_acl\_arn) | ARN of the private network ACL | -| [private\_network\_acl\_id](#output\_private\_network\_acl\_id) | ID of the private network ACL | -| [private\_route\_table\_association\_ids](#output\_private\_route\_table\_association\_ids) | List of IDs of the private route table association | -| [private\_route\_table\_ids](#output\_private\_route\_table\_ids) | List of IDs of private route tables | -| [private\_subnet\_arns](#output\_private\_subnet\_arns) | List of ARNs of private subnets | -| [private\_subnets](#output\_private\_subnets) | List of IDs of private subnets | -| [private\_subnets\_cidr\_blocks](#output\_private\_subnets\_cidr\_blocks) | List of cidr\_blocks of private subnets | -| [private\_subnets\_ipv6\_cidr\_blocks](#output\_private\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of private subnets in an IPv6 enabled VPC | -| [public\_internet\_gateway\_ipv6\_route\_id](#output\_public\_internet\_gateway\_ipv6\_route\_id) | ID of the IPv6 internet gateway route | -| [public\_internet\_gateway\_route\_id](#output\_public\_internet\_gateway\_route\_id) | ID of the internet gateway route | -| [public\_network\_acl\_arn](#output\_public\_network\_acl\_arn) | ARN of the public network ACL | -| [public\_network\_acl\_id](#output\_public\_network\_acl\_id) | ID of the public network ACL | -| [public\_route\_table\_association\_ids](#output\_public\_route\_table\_association\_ids) | List of IDs of the public route table association | -| [public\_route\_table\_ids](#output\_public\_route\_table\_ids) | List of IDs of public route tables | -| [public\_subnet\_arns](#output\_public\_subnet\_arns) | List of ARNs of public subnets | -| [public\_subnets](#output\_public\_subnets) | List of IDs of public subnets | -| [public\_subnets\_cidr\_blocks](#output\_public\_subnets\_cidr\_blocks) | List of cidr\_blocks of public subnets | -| [public\_subnets\_ipv6\_cidr\_blocks](#output\_public\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of public subnets in an IPv6 enabled VPC | -| [redshift\_network\_acl\_arn](#output\_redshift\_network\_acl\_arn) | ARN of the redshift network ACL | -| [redshift\_network\_acl\_id](#output\_redshift\_network\_acl\_id) | ID of the redshift network ACL | -| [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshift route table association | -| [redshift\_route\_table\_association\_ids](#output\_redshift\_route\_table\_association\_ids) | List of IDs of the redshift route table association | -| [redshift\_route\_table\_ids](#output\_redshift\_route\_table\_ids) | List of IDs of redshift route tables | -| [redshift\_subnet\_arns](#output\_redshift\_subnet\_arns) | List of ARNs of redshift subnets | -| [redshift\_subnet\_group](#output\_redshift\_subnet\_group) | ID of redshift subnet group | -| [redshift\_subnets](#output\_redshift\_subnets) | List of IDs of redshift subnets | -| [redshift\_subnets\_cidr\_blocks](#output\_redshift\_subnets\_cidr\_blocks) | List of cidr\_blocks of redshift subnets | -| [redshift\_subnets\_ipv6\_cidr\_blocks](#output\_redshift\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of redshift subnets in an IPv6 enabled VPC | -| [this\_customer\_gateway](#output\_this\_customer\_gateway) | Map of Customer Gateway attributes | -| [vgw\_arn](#output\_vgw\_arn) | The ARN of the VPN Gateway | -| [vgw\_id](#output\_vgw\_id) | The ID of the VPN Gateway | -| [vpc\_arn](#output\_vpc\_arn) | The ARN of the VPC | -| [vpc\_cidr\_block](#output\_vpc\_cidr\_block) | The CIDR block of the VPC | -| [vpc\_enable\_dns\_hostnames](#output\_vpc\_enable\_dns\_hostnames) | Whether or not the VPC has DNS hostname support | -| [vpc\_enable\_dns\_support](#output\_vpc\_enable\_dns\_support) | Whether or not the VPC has DNS support | -| [vpc\_flow\_log\_cloudwatch\_iam\_role\_arn](#output\_vpc\_flow\_log\_cloudwatch\_iam\_role\_arn) | The ARN of the IAM role used when pushing logs to Cloudwatch log group | -| [vpc\_flow\_log\_destination\_arn](#output\_vpc\_flow\_log\_destination\_arn) | The ARN of the destination for VPC Flow Logs | -| [vpc\_flow\_log\_destination\_type](#output\_vpc\_flow\_log\_destination\_type) | The type of the destination for VPC Flow Logs | -| [vpc\_flow\_log\_id](#output\_vpc\_flow\_log\_id) | The ID of the Flow Log resource | -| [vpc\_id](#output\_vpc\_id) | The ID of the VPC | -| [vpc\_instance\_tenancy](#output\_vpc\_instance\_tenancy) | Tenancy of instances spin up within VPC | -| [vpc\_ipv6\_association\_id](#output\_vpc\_ipv6\_association\_id) | The association ID for the IPv6 CIDR block | -| [vpc\_ipv6\_cidr\_block](#output\_vpc\_ipv6\_cidr\_block) | The IPv6 CIDR block | -| [vpc\_main\_route\_table\_id](#output\_vpc\_main\_route\_table\_id) | The ID of the main route table associated with this VPC | -| [vpc\_owner\_id](#output\_vpc\_owner\_id) | The ID of the AWS account that owns the VPC | -| [vpc\_secondary\_cidr\_blocks](#output\_vpc\_secondary\_cidr\_blocks) | List of secondary CIDR blocks of the VPC | - diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/secondary-cidr-blocks/main.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/secondary-cidr-blocks/main.tf deleted file mode 100644 index 5c963bb9..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/secondary-cidr-blocks/main.tf +++ /dev/null @@ -1,45 +0,0 @@ -provider "aws" { - region = local.region -} - -data "aws_availability_zones" "available" {} - -locals { - name = "ex-${basename(path.cwd)}" - region = "eu-west-1" - - vpc_cidr = "10.0.0.0/16" - secondary_cidr_blocks = ["10.1.0.0/16", "10.2.0.0/16"] - azs = slice(data.aws_availability_zones.available.names, 0, 3) - - tags = { - Example = local.name - GithubRepo = "terraform-aws-vpc" - GithubOrg = "terraform-aws-modules" - } -} - -################################################################################ -# VPC Module -################################################################################ - -module "vpc" { - source = "../../" - - name = local.name - cidr = local.vpc_cidr - - secondary_cidr_blocks = local.secondary_cidr_blocks # can add up to 5 total CIDR blocks - - azs = local.azs - private_subnets = concat( - [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)], - [for k, v in local.azs : cidrsubnet(element(local.secondary_cidr_blocks, 0), 2, k)], - [for k, v in local.azs : cidrsubnet(element(local.secondary_cidr_blocks, 1), 2, k)], - ) - public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)] - - enable_nat_gateway = false - - tags = local.tags -} diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/secondary-cidr-blocks/outputs.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/secondary-cidr-blocks/outputs.tf deleted file mode 100644 index 77f244a9..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/secondary-cidr-blocks/outputs.tf +++ /dev/null @@ -1,535 +0,0 @@ -output "vpc_id" { - description = "The ID of the VPC" - value = module.vpc.vpc_id -} - -output "vpc_arn" { - description = "The ARN of the VPC" - value = module.vpc.vpc_arn -} - -output "vpc_cidr_block" { - description = "The CIDR block of the VPC" - value = module.vpc.vpc_cidr_block -} - -output "default_security_group_id" { - description = "The ID of the security group created by default on VPC creation" - value = module.vpc.default_security_group_id -} - -output "default_network_acl_id" { - description = "The ID of the default network ACL" - value = module.vpc.default_network_acl_id -} - -output "default_route_table_id" { - description = "The ID of the default route table" - value = module.vpc.default_route_table_id -} - -output "vpc_instance_tenancy" { - description = "Tenancy of instances spin up within VPC" - value = module.vpc.vpc_instance_tenancy -} - -output "vpc_enable_dns_support" { - description = "Whether or not the VPC has DNS support" - value = module.vpc.vpc_enable_dns_support -} - -output "vpc_enable_dns_hostnames" { - description = "Whether or not the VPC has DNS hostname support" - value = module.vpc.vpc_enable_dns_hostnames -} - -output "vpc_main_route_table_id" { - description = "The ID of the main route table associated with this VPC" - value = module.vpc.vpc_main_route_table_id -} - -output "vpc_ipv6_association_id" { - description = "The association ID for the IPv6 CIDR block" - value = module.vpc.vpc_ipv6_association_id -} - -output "vpc_ipv6_cidr_block" { - description = "The IPv6 CIDR block" - value = module.vpc.vpc_ipv6_cidr_block -} - -output "vpc_secondary_cidr_blocks" { - description = "List of secondary CIDR blocks of the VPC" - value = module.vpc.vpc_secondary_cidr_blocks -} - -output "vpc_owner_id" { - description = "The ID of the AWS account that owns the VPC" - value = module.vpc.vpc_owner_id -} - -output "private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc.private_subnets -} - -output "private_subnet_arns" { - description = "List of ARNs of private subnets" - value = module.vpc.private_subnet_arns -} - -output "private_subnets_cidr_blocks" { - description = "List of cidr_blocks of private subnets" - value = module.vpc.private_subnets_cidr_blocks -} - -output "private_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of private subnets in an IPv6 enabled VPC" - value = module.vpc.private_subnets_ipv6_cidr_blocks -} - -output "public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc.public_subnets -} - -output "public_subnet_arns" { - description = "List of ARNs of public subnets" - value = module.vpc.public_subnet_arns -} - -output "public_subnets_cidr_blocks" { - description = "List of cidr_blocks of public subnets" - value = module.vpc.public_subnets_cidr_blocks -} - -output "public_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of public subnets in an IPv6 enabled VPC" - value = module.vpc.public_subnets_ipv6_cidr_blocks -} - -output "outpost_subnets" { - description = "List of IDs of outpost subnets" - value = module.vpc.outpost_subnets -} - -output "outpost_subnet_arns" { - description = "List of ARNs of outpost subnets" - value = module.vpc.outpost_subnet_arns -} - -output "outpost_subnets_cidr_blocks" { - description = "List of cidr_blocks of outpost subnets" - value = module.vpc.outpost_subnets_cidr_blocks -} - -output "outpost_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of outpost subnets in an IPv6 enabled VPC" - value = module.vpc.outpost_subnets_ipv6_cidr_blocks -} - -output "database_subnets" { - description = "List of IDs of database subnets" - value = module.vpc.database_subnets -} - -output "database_subnet_arns" { - description = "List of ARNs of database subnets" - value = module.vpc.database_subnet_arns -} - -output "database_subnets_cidr_blocks" { - description = "List of cidr_blocks of database subnets" - value = module.vpc.database_subnets_cidr_blocks -} - -output "database_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of database subnets in an IPv6 enabled VPC" - value = module.vpc.database_subnets_ipv6_cidr_blocks -} - -output "database_subnet_group" { - description = "ID of database subnet group" - value = module.vpc.database_subnet_group -} - -output "database_subnet_group_name" { - description = "Name of database subnet group" - value = module.vpc.database_subnet_group_name -} - -output "redshift_subnets" { - description = "List of IDs of redshift subnets" - value = module.vpc.redshift_subnets -} - -output "redshift_subnet_arns" { - description = "List of ARNs of redshift subnets" - value = module.vpc.redshift_subnet_arns -} - -output "redshift_subnets_cidr_blocks" { - description = "List of cidr_blocks of redshift subnets" - value = module.vpc.redshift_subnets_cidr_blocks -} - -output "redshift_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of redshift subnets in an IPv6 enabled VPC" - value = module.vpc.redshift_subnets_ipv6_cidr_blocks -} - -output "redshift_subnet_group" { - description = "ID of redshift subnet group" - value = module.vpc.redshift_subnet_group -} - -output "elasticache_subnets" { - description = "List of IDs of elasticache subnets" - value = module.vpc.elasticache_subnets -} - -output "elasticache_subnet_arns" { - description = "List of ARNs of elasticache subnets" - value = module.vpc.elasticache_subnet_arns -} - -output "elasticache_subnets_cidr_blocks" { - description = "List of cidr_blocks of elasticache subnets" - value = module.vpc.elasticache_subnets_cidr_blocks -} - -output "elasticache_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of elasticache subnets in an IPv6 enabled VPC" - value = module.vpc.elasticache_subnets_ipv6_cidr_blocks -} - -output "intra_subnets" { - description = "List of IDs of intra subnets" - value = module.vpc.intra_subnets -} - -output "intra_subnet_arns" { - description = "List of ARNs of intra subnets" - value = module.vpc.intra_subnet_arns -} - -output "intra_subnets_cidr_blocks" { - description = "List of cidr_blocks of intra subnets" - value = module.vpc.intra_subnets_cidr_blocks -} - -output "intra_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of intra subnets in an IPv6 enabled VPC" - value = module.vpc.intra_subnets_ipv6_cidr_blocks -} - -output "elasticache_subnet_group" { - description = "ID of elasticache subnet group" - value = module.vpc.elasticache_subnet_group -} - -output "elasticache_subnet_group_name" { - description = "Name of elasticache subnet group" - value = module.vpc.elasticache_subnet_group_name -} - -output "public_route_table_ids" { - description = "List of IDs of public route tables" - value = module.vpc.public_route_table_ids -} - -output "private_route_table_ids" { - description = "List of IDs of private route tables" - value = module.vpc.private_route_table_ids -} - -output "database_route_table_ids" { - description = "List of IDs of database route tables" - value = module.vpc.database_route_table_ids -} - -output "redshift_route_table_ids" { - description = "List of IDs of redshift route tables" - value = module.vpc.redshift_route_table_ids -} - -output "elasticache_route_table_ids" { - description = "List of IDs of elasticache route tables" - value = module.vpc.elasticache_route_table_ids -} - -output "intra_route_table_ids" { - description = "List of IDs of intra route tables" - value = module.vpc.intra_route_table_ids -} - -output "public_internet_gateway_route_id" { - description = "ID of the internet gateway route" - value = module.vpc.public_internet_gateway_route_id -} - -output "public_internet_gateway_ipv6_route_id" { - description = "ID of the IPv6 internet gateway route" - value = module.vpc.public_internet_gateway_ipv6_route_id -} - -output "database_internet_gateway_route_id" { - description = "ID of the database internet gateway route" - value = module.vpc.database_internet_gateway_route_id -} - -output "database_nat_gateway_route_ids" { - description = "List of IDs of the database nat gateway route" - value = module.vpc.database_nat_gateway_route_ids -} - -output "database_ipv6_egress_route_id" { - description = "ID of the database IPv6 egress route" - value = module.vpc.database_ipv6_egress_route_id -} - -output "private_nat_gateway_route_ids" { - description = "List of IDs of the private nat gateway route" - value = module.vpc.private_nat_gateway_route_ids -} - -output "private_ipv6_egress_route_ids" { - description = "List of IDs of the ipv6 egress route" - value = module.vpc.private_ipv6_egress_route_ids -} - -output "private_route_table_association_ids" { - description = "List of IDs of the private route table association" - value = module.vpc.private_route_table_association_ids -} - -output "database_route_table_association_ids" { - description = "List of IDs of the database route table association" - value = module.vpc.database_route_table_association_ids -} - -output "redshift_route_table_association_ids" { - description = "List of IDs of the redshift route table association" - value = module.vpc.redshift_route_table_association_ids -} - -output "redshift_public_route_table_association_ids" { - description = "List of IDs of the public redshift route table association" - value = module.vpc.redshift_public_route_table_association_ids -} - -output "elasticache_route_table_association_ids" { - description = "List of IDs of the elasticache route table association" - value = module.vpc.elasticache_route_table_association_ids -} - -output "intra_route_table_association_ids" { - description = "List of IDs of the intra route table association" - value = module.vpc.intra_route_table_association_ids -} - -output "public_route_table_association_ids" { - description = "List of IDs of the public route table association" - value = module.vpc.public_route_table_association_ids -} - -output "dhcp_options_id" { - description = "The ID of the DHCP options" - value = module.vpc.dhcp_options_id -} - -output "nat_ids" { - description = "List of allocation ID of Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_ids -} - -output "nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_public_ips -} - -output "natgw_ids" { - description = "List of NAT Gateway IDs" - value = module.vpc.natgw_ids -} - -output "igw_id" { - description = "The ID of the Internet Gateway" - value = module.vpc.igw_id -} - -output "igw_arn" { - description = "The ARN of the Internet Gateway" - value = module.vpc.igw_arn -} - -output "egress_only_internet_gateway_id" { - description = "The ID of the egress only Internet Gateway" - value = module.vpc.egress_only_internet_gateway_id -} - -output "cgw_ids" { - description = "List of IDs of Customer Gateway" - value = module.vpc.cgw_ids -} - -output "cgw_arns" { - description = "List of ARNs of Customer Gateway" - value = module.vpc.cgw_arns -} - -output "this_customer_gateway" { - description = "Map of Customer Gateway attributes" - value = module.vpc.this_customer_gateway -} - -output "vgw_id" { - description = "The ID of the VPN Gateway" - value = module.vpc.vgw_id -} - -output "vgw_arn" { - description = "The ARN of the VPN Gateway" - value = module.vpc.vgw_arn -} - -output "default_vpc_id" { - description = "The ID of the Default VPC" - value = module.vpc.default_vpc_id -} - -output "default_vpc_arn" { - description = "The ARN of the Default VPC" - value = module.vpc.default_vpc_arn -} - -output "default_vpc_cidr_block" { - description = "The CIDR block of the Default VPC" - value = module.vpc.default_vpc_cidr_block -} - -output "default_vpc_default_security_group_id" { - description = "The ID of the security group created by default on Default VPC creation" - value = module.vpc.default_vpc_default_security_group_id -} - -output "default_vpc_default_network_acl_id" { - description = "The ID of the default network ACL of the Default VPC" - value = module.vpc.default_vpc_default_network_acl_id -} - -output "default_vpc_default_route_table_id" { - description = "The ID of the default route table of the Default VPC" - value = module.vpc.default_vpc_default_route_table_id -} - -output "default_vpc_instance_tenancy" { - description = "Tenancy of instances spin up within Default VPC" - value = module.vpc.default_vpc_instance_tenancy -} - -output "default_vpc_enable_dns_support" { - description = "Whether or not the Default VPC has DNS support" - value = module.vpc.default_vpc_enable_dns_support -} - -output "default_vpc_enable_dns_hostnames" { - description = "Whether or not the Default VPC has DNS hostname support" - value = module.vpc.default_vpc_enable_dns_hostnames -} - -output "default_vpc_main_route_table_id" { - description = "The ID of the main route table associated with the Default VPC" - value = module.vpc.default_vpc_main_route_table_id -} - -output "public_network_acl_id" { - description = "ID of the public network ACL" - value = module.vpc.public_network_acl_id -} - -output "public_network_acl_arn" { - description = "ARN of the public network ACL" - value = module.vpc.public_network_acl_arn -} - -output "private_network_acl_id" { - description = "ID of the private network ACL" - value = module.vpc.private_network_acl_id -} - -output "private_network_acl_arn" { - description = "ARN of the private network ACL" - value = module.vpc.private_network_acl_arn -} - -output "outpost_network_acl_id" { - description = "ID of the outpost network ACL" - value = module.vpc.outpost_network_acl_id -} - -output "outpost_network_acl_arn" { - description = "ARN of the outpost network ACL" - value = module.vpc.outpost_network_acl_arn -} - -output "intra_network_acl_id" { - description = "ID of the intra network ACL" - value = module.vpc.intra_network_acl_id -} - -output "intra_network_acl_arn" { - description = "ARN of the intra network ACL" - value = module.vpc.intra_network_acl_arn -} - -output "database_network_acl_id" { - description = "ID of the database network ACL" - value = module.vpc.database_network_acl_id -} - -output "database_network_acl_arn" { - description = "ARN of the database network ACL" - value = module.vpc.database_network_acl_arn -} - -output "redshift_network_acl_id" { - description = "ID of the redshift network ACL" - value = module.vpc.redshift_network_acl_id -} - -output "redshift_network_acl_arn" { - description = "ARN of the redshift network ACL" - value = module.vpc.redshift_network_acl_arn -} - -output "elasticache_network_acl_id" { - description = "ID of the elasticache network ACL" - value = module.vpc.elasticache_network_acl_id -} - -output "elasticache_network_acl_arn" { - description = "ARN of the elasticache network ACL" - value = module.vpc.elasticache_network_acl_arn -} - -# VPC flow log -output "vpc_flow_log_id" { - description = "The ID of the Flow Log resource" - value = module.vpc.vpc_flow_log_id -} - -output "vpc_flow_log_destination_arn" { - description = "The ARN of the destination for VPC Flow Logs" - value = module.vpc.vpc_flow_log_destination_arn -} - -output "vpc_flow_log_destination_type" { - description = "The type of the destination for VPC Flow Logs" - value = module.vpc.vpc_flow_log_destination_type -} - -output "vpc_flow_log_cloudwatch_iam_role_arn" { - description = "The ARN of the IAM role used when pushing logs to Cloudwatch log group" - value = module.vpc.vpc_flow_log_cloudwatch_iam_role_arn -} diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/secondary-cidr-blocks/variables.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/secondary-cidr-blocks/variables.tf deleted file mode 100644 index e69de29b..00000000 diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/secondary-cidr-blocks/versions.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/secondary-cidr-blocks/versions.tf deleted file mode 100644 index ddfcb0e0..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/secondary-cidr-blocks/versions.tf +++ /dev/null @@ -1,10 +0,0 @@ -terraform { - required_version = ">= 1.0" - - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 5.0" - } - } -} diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/separate-route-tables/README.md b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/separate-route-tables/README.md deleted file mode 100644 index 57ee751f..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/separate-route-tables/README.md +++ /dev/null @@ -1,160 +0,0 @@ -# VPC with separate private route tables - -Configuration in this directory creates set of VPC resources which may be sufficient for staging or production environment (look into [simple-vpc](../simple-vpc) for more simplified setup). - -There are public, private, database, ElastiCache, Redshift subnets, NAT Gateways created in each availability zone. **This example sets up separate private route for database, elasticache and redshift subnets.**. - -## Usage - -To run this example you need to execute: - -```bash -$ terraform init -$ terraform plan -$ terraform apply -``` - -Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources. - - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.0 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | >= 5.0 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [vpc](#module\_vpc) | ../../ | n/a | - -## Resources - -| Name | Type | -|------|------| -| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source | - -## Inputs - -No inputs. - -## Outputs - -| Name | Description | -|------|-------------| -| [cgw\_arns](#output\_cgw\_arns) | List of ARNs of Customer Gateway | -| [cgw\_ids](#output\_cgw\_ids) | List of IDs of Customer Gateway | -| [database\_internet\_gateway\_route\_id](#output\_database\_internet\_gateway\_route\_id) | ID of the database internet gateway route | -| [database\_ipv6\_egress\_route\_id](#output\_database\_ipv6\_egress\_route\_id) | ID of the database IPv6 egress route | -| [database\_nat\_gateway\_route\_ids](#output\_database\_nat\_gateway\_route\_ids) | List of IDs of the database nat gateway route | -| [database\_network\_acl\_arn](#output\_database\_network\_acl\_arn) | ARN of the database network ACL | -| [database\_network\_acl\_id](#output\_database\_network\_acl\_id) | ID of the database network ACL | -| [database\_route\_table\_association\_ids](#output\_database\_route\_table\_association\_ids) | List of IDs of the database route table association | -| [database\_route\_table\_ids](#output\_database\_route\_table\_ids) | List of IDs of database route tables | -| [database\_subnet\_arns](#output\_database\_subnet\_arns) | List of ARNs of database subnets | -| [database\_subnet\_group](#output\_database\_subnet\_group) | ID of database subnet group | -| [database\_subnet\_group\_name](#output\_database\_subnet\_group\_name) | Name of database subnet group | -| [database\_subnets](#output\_database\_subnets) | List of IDs of database subnets | -| [database\_subnets\_cidr\_blocks](#output\_database\_subnets\_cidr\_blocks) | List of cidr\_blocks of database subnets | -| [database\_subnets\_ipv6\_cidr\_blocks](#output\_database\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of database subnets in an IPv6 enabled VPC | -| [default\_network\_acl\_id](#output\_default\_network\_acl\_id) | The ID of the default network ACL | -| [default\_route\_table\_id](#output\_default\_route\_table\_id) | The ID of the default route table | -| [default\_security\_group\_id](#output\_default\_security\_group\_id) | The ID of the security group created by default on VPC creation | -| [default\_vpc\_arn](#output\_default\_vpc\_arn) | The ARN of the Default VPC | -| [default\_vpc\_cidr\_block](#output\_default\_vpc\_cidr\_block) | The CIDR block of the Default VPC | -| [default\_vpc\_default\_network\_acl\_id](#output\_default\_vpc\_default\_network\_acl\_id) | The ID of the default network ACL of the Default VPC | -| [default\_vpc\_default\_route\_table\_id](#output\_default\_vpc\_default\_route\_table\_id) | The ID of the default route table of the Default VPC | -| [default\_vpc\_default\_security\_group\_id](#output\_default\_vpc\_default\_security\_group\_id) | The ID of the security group created by default on Default VPC creation | -| [default\_vpc\_enable\_dns\_hostnames](#output\_default\_vpc\_enable\_dns\_hostnames) | Whether or not the Default VPC has DNS hostname support | -| [default\_vpc\_enable\_dns\_support](#output\_default\_vpc\_enable\_dns\_support) | Whether or not the Default VPC has DNS support | -| [default\_vpc\_id](#output\_default\_vpc\_id) | The ID of the Default VPC | -| [default\_vpc\_instance\_tenancy](#output\_default\_vpc\_instance\_tenancy) | Tenancy of instances spin up within Default VPC | -| [default\_vpc\_main\_route\_table\_id](#output\_default\_vpc\_main\_route\_table\_id) | The ID of the main route table associated with the Default VPC | -| [dhcp\_options\_id](#output\_dhcp\_options\_id) | The ID of the DHCP options | -| [egress\_only\_internet\_gateway\_id](#output\_egress\_only\_internet\_gateway\_id) | The ID of the egress only Internet Gateway | -| [elasticache\_network\_acl\_arn](#output\_elasticache\_network\_acl\_arn) | ARN of the elasticache network ACL | -| [elasticache\_network\_acl\_id](#output\_elasticache\_network\_acl\_id) | ID of the elasticache network ACL | -| [elasticache\_route\_table\_association\_ids](#output\_elasticache\_route\_table\_association\_ids) | List of IDs of the elasticache route table association | -| [elasticache\_route\_table\_ids](#output\_elasticache\_route\_table\_ids) | List of IDs of elasticache route tables | -| [elasticache\_subnet\_arns](#output\_elasticache\_subnet\_arns) | List of ARNs of elasticache subnets | -| [elasticache\_subnet\_group](#output\_elasticache\_subnet\_group) | ID of elasticache subnet group | -| [elasticache\_subnet\_group\_name](#output\_elasticache\_subnet\_group\_name) | Name of elasticache subnet group | -| [elasticache\_subnets](#output\_elasticache\_subnets) | List of IDs of elasticache subnets | -| [elasticache\_subnets\_cidr\_blocks](#output\_elasticache\_subnets\_cidr\_blocks) | List of cidr\_blocks of elasticache subnets | -| [elasticache\_subnets\_ipv6\_cidr\_blocks](#output\_elasticache\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of elasticache subnets in an IPv6 enabled VPC | -| [igw\_arn](#output\_igw\_arn) | The ARN of the Internet Gateway | -| [igw\_id](#output\_igw\_id) | The ID of the Internet Gateway | -| [intra\_network\_acl\_arn](#output\_intra\_network\_acl\_arn) | ARN of the intra network ACL | -| [intra\_network\_acl\_id](#output\_intra\_network\_acl\_id) | ID of the intra network ACL | -| [intra\_route\_table\_association\_ids](#output\_intra\_route\_table\_association\_ids) | List of IDs of the intra route table association | -| [intra\_route\_table\_ids](#output\_intra\_route\_table\_ids) | List of IDs of intra route tables | -| [intra\_subnet\_arns](#output\_intra\_subnet\_arns) | List of ARNs of intra subnets | -| [intra\_subnets](#output\_intra\_subnets) | List of IDs of intra subnets | -| [intra\_subnets\_cidr\_blocks](#output\_intra\_subnets\_cidr\_blocks) | List of cidr\_blocks of intra subnets | -| [intra\_subnets\_ipv6\_cidr\_blocks](#output\_intra\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of intra subnets in an IPv6 enabled VPC | -| [nat\_ids](#output\_nat\_ids) | List of allocation ID of Elastic IPs created for AWS NAT Gateway | -| [nat\_public\_ips](#output\_nat\_public\_ips) | List of public Elastic IPs created for AWS NAT Gateway | -| [natgw\_ids](#output\_natgw\_ids) | List of NAT Gateway IDs | -| [outpost\_network\_acl\_arn](#output\_outpost\_network\_acl\_arn) | ARN of the outpost network ACL | -| [outpost\_network\_acl\_id](#output\_outpost\_network\_acl\_id) | ID of the outpost network ACL | -| [outpost\_subnet\_arns](#output\_outpost\_subnet\_arns) | List of ARNs of outpost subnets | -| [outpost\_subnets](#output\_outpost\_subnets) | List of IDs of outpost subnets | -| [outpost\_subnets\_cidr\_blocks](#output\_outpost\_subnets\_cidr\_blocks) | List of cidr\_blocks of outpost subnets | -| [outpost\_subnets\_ipv6\_cidr\_blocks](#output\_outpost\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of outpost subnets in an IPv6 enabled VPC | -| [private\_ipv6\_egress\_route\_ids](#output\_private\_ipv6\_egress\_route\_ids) | List of IDs of the ipv6 egress route | -| [private\_nat\_gateway\_route\_ids](#output\_private\_nat\_gateway\_route\_ids) | List of IDs of the private nat gateway route | -| [private\_network\_acl\_arn](#output\_private\_network\_acl\_arn) | ARN of the private network ACL | -| [private\_network\_acl\_id](#output\_private\_network\_acl\_id) | ID of the private network ACL | -| [private\_route\_table\_association\_ids](#output\_private\_route\_table\_association\_ids) | List of IDs of the private route table association | -| [private\_route\_table\_ids](#output\_private\_route\_table\_ids) | List of IDs of private route tables | -| [private\_subnet\_arns](#output\_private\_subnet\_arns) | List of ARNs of private subnets | -| [private\_subnets](#output\_private\_subnets) | List of IDs of private subnets | -| [private\_subnets\_cidr\_blocks](#output\_private\_subnets\_cidr\_blocks) | List of cidr\_blocks of private subnets | -| [private\_subnets\_ipv6\_cidr\_blocks](#output\_private\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of private subnets in an IPv6 enabled VPC | -| [public\_internet\_gateway\_ipv6\_route\_id](#output\_public\_internet\_gateway\_ipv6\_route\_id) | ID of the IPv6 internet gateway route | -| [public\_internet\_gateway\_route\_id](#output\_public\_internet\_gateway\_route\_id) | ID of the internet gateway route | -| [public\_network\_acl\_arn](#output\_public\_network\_acl\_arn) | ARN of the public network ACL | -| [public\_network\_acl\_id](#output\_public\_network\_acl\_id) | ID of the public network ACL | -| [public\_route\_table\_association\_ids](#output\_public\_route\_table\_association\_ids) | List of IDs of the public route table association | -| [public\_route\_table\_ids](#output\_public\_route\_table\_ids) | List of IDs of public route tables | -| [public\_subnet\_arns](#output\_public\_subnet\_arns) | List of ARNs of public subnets | -| [public\_subnets](#output\_public\_subnets) | List of IDs of public subnets | -| [public\_subnets\_cidr\_blocks](#output\_public\_subnets\_cidr\_blocks) | List of cidr\_blocks of public subnets | -| [public\_subnets\_ipv6\_cidr\_blocks](#output\_public\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of public subnets in an IPv6 enabled VPC | -| [redshift\_network\_acl\_arn](#output\_redshift\_network\_acl\_arn) | ARN of the redshift network ACL | -| [redshift\_network\_acl\_id](#output\_redshift\_network\_acl\_id) | ID of the redshift network ACL | -| [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshift route table association | -| [redshift\_route\_table\_association\_ids](#output\_redshift\_route\_table\_association\_ids) | List of IDs of the redshift route table association | -| [redshift\_route\_table\_ids](#output\_redshift\_route\_table\_ids) | List of IDs of redshift route tables | -| [redshift\_subnet\_arns](#output\_redshift\_subnet\_arns) | List of ARNs of redshift subnets | -| [redshift\_subnet\_group](#output\_redshift\_subnet\_group) | ID of redshift subnet group | -| [redshift\_subnets](#output\_redshift\_subnets) | List of IDs of redshift subnets | -| [redshift\_subnets\_cidr\_blocks](#output\_redshift\_subnets\_cidr\_blocks) | List of cidr\_blocks of redshift subnets | -| [redshift\_subnets\_ipv6\_cidr\_blocks](#output\_redshift\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of redshift subnets in an IPv6 enabled VPC | -| [this\_customer\_gateway](#output\_this\_customer\_gateway) | Map of Customer Gateway attributes | -| [vgw\_arn](#output\_vgw\_arn) | The ARN of the VPN Gateway | -| [vgw\_id](#output\_vgw\_id) | The ID of the VPN Gateway | -| [vpc\_arn](#output\_vpc\_arn) | The ARN of the VPC | -| [vpc\_cidr\_block](#output\_vpc\_cidr\_block) | The CIDR block of the VPC | -| [vpc\_enable\_dns\_hostnames](#output\_vpc\_enable\_dns\_hostnames) | Whether or not the VPC has DNS hostname support | -| [vpc\_enable\_dns\_support](#output\_vpc\_enable\_dns\_support) | Whether or not the VPC has DNS support | -| [vpc\_flow\_log\_cloudwatch\_iam\_role\_arn](#output\_vpc\_flow\_log\_cloudwatch\_iam\_role\_arn) | The ARN of the IAM role used when pushing logs to Cloudwatch log group | -| [vpc\_flow\_log\_destination\_arn](#output\_vpc\_flow\_log\_destination\_arn) | The ARN of the destination for VPC Flow Logs | -| [vpc\_flow\_log\_destination\_type](#output\_vpc\_flow\_log\_destination\_type) | The type of the destination for VPC Flow Logs | -| [vpc\_flow\_log\_id](#output\_vpc\_flow\_log\_id) | The ID of the Flow Log resource | -| [vpc\_id](#output\_vpc\_id) | The ID of the VPC | -| [vpc\_instance\_tenancy](#output\_vpc\_instance\_tenancy) | Tenancy of instances spin up within VPC | -| [vpc\_ipv6\_association\_id](#output\_vpc\_ipv6\_association\_id) | The association ID for the IPv6 CIDR block | -| [vpc\_ipv6\_cidr\_block](#output\_vpc\_ipv6\_cidr\_block) | The IPv6 CIDR block | -| [vpc\_main\_route\_table\_id](#output\_vpc\_main\_route\_table\_id) | The ID of the main route table associated with this VPC | -| [vpc\_owner\_id](#output\_vpc\_owner\_id) | The ID of the AWS account that owns the VPC | -| [vpc\_secondary\_cidr\_blocks](#output\_vpc\_secondary\_cidr\_blocks) | List of secondary CIDR blocks of the VPC | - diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/separate-route-tables/main.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/separate-route-tables/main.tf deleted file mode 100644 index 99cf9828..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/separate-route-tables/main.tf +++ /dev/null @@ -1,47 +0,0 @@ -provider "aws" { - region = local.region -} - -data "aws_availability_zones" "available" {} - -locals { - name = "ex-${basename(path.cwd)}" - region = "eu-west-1" - - vpc_cidr = "10.0.0.0/16" - azs = slice(data.aws_availability_zones.available.names, 0, 3) - - tags = { - Example = local.name - GithubRepo = "terraform-aws-vpc" - GithubOrg = "terraform-aws-modules" - } -} - -################################################################################ -# VPC Module -################################################################################ - -module "vpc" { - source = "../../" - - name = local.name - cidr = local.vpc_cidr - - azs = local.azs - private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k)] - public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 4)] - database_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 8)] - elasticache_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 12)] - redshift_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 16)] - intra_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 20)] - - create_database_subnet_route_table = true - create_elasticache_subnet_route_table = true - create_redshift_subnet_route_table = true - - single_nat_gateway = true - enable_nat_gateway = true - - tags = local.tags -} diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/separate-route-tables/outputs.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/separate-route-tables/outputs.tf deleted file mode 100644 index 77f244a9..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/separate-route-tables/outputs.tf +++ /dev/null @@ -1,535 +0,0 @@ -output "vpc_id" { - description = "The ID of the VPC" - value = module.vpc.vpc_id -} - -output "vpc_arn" { - description = "The ARN of the VPC" - value = module.vpc.vpc_arn -} - -output "vpc_cidr_block" { - description = "The CIDR block of the VPC" - value = module.vpc.vpc_cidr_block -} - -output "default_security_group_id" { - description = "The ID of the security group created by default on VPC creation" - value = module.vpc.default_security_group_id -} - -output "default_network_acl_id" { - description = "The ID of the default network ACL" - value = module.vpc.default_network_acl_id -} - -output "default_route_table_id" { - description = "The ID of the default route table" - value = module.vpc.default_route_table_id -} - -output "vpc_instance_tenancy" { - description = "Tenancy of instances spin up within VPC" - value = module.vpc.vpc_instance_tenancy -} - -output "vpc_enable_dns_support" { - description = "Whether or not the VPC has DNS support" - value = module.vpc.vpc_enable_dns_support -} - -output "vpc_enable_dns_hostnames" { - description = "Whether or not the VPC has DNS hostname support" - value = module.vpc.vpc_enable_dns_hostnames -} - -output "vpc_main_route_table_id" { - description = "The ID of the main route table associated with this VPC" - value = module.vpc.vpc_main_route_table_id -} - -output "vpc_ipv6_association_id" { - description = "The association ID for the IPv6 CIDR block" - value = module.vpc.vpc_ipv6_association_id -} - -output "vpc_ipv6_cidr_block" { - description = "The IPv6 CIDR block" - value = module.vpc.vpc_ipv6_cidr_block -} - -output "vpc_secondary_cidr_blocks" { - description = "List of secondary CIDR blocks of the VPC" - value = module.vpc.vpc_secondary_cidr_blocks -} - -output "vpc_owner_id" { - description = "The ID of the AWS account that owns the VPC" - value = module.vpc.vpc_owner_id -} - -output "private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc.private_subnets -} - -output "private_subnet_arns" { - description = "List of ARNs of private subnets" - value = module.vpc.private_subnet_arns -} - -output "private_subnets_cidr_blocks" { - description = "List of cidr_blocks of private subnets" - value = module.vpc.private_subnets_cidr_blocks -} - -output "private_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of private subnets in an IPv6 enabled VPC" - value = module.vpc.private_subnets_ipv6_cidr_blocks -} - -output "public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc.public_subnets -} - -output "public_subnet_arns" { - description = "List of ARNs of public subnets" - value = module.vpc.public_subnet_arns -} - -output "public_subnets_cidr_blocks" { - description = "List of cidr_blocks of public subnets" - value = module.vpc.public_subnets_cidr_blocks -} - -output "public_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of public subnets in an IPv6 enabled VPC" - value = module.vpc.public_subnets_ipv6_cidr_blocks -} - -output "outpost_subnets" { - description = "List of IDs of outpost subnets" - value = module.vpc.outpost_subnets -} - -output "outpost_subnet_arns" { - description = "List of ARNs of outpost subnets" - value = module.vpc.outpost_subnet_arns -} - -output "outpost_subnets_cidr_blocks" { - description = "List of cidr_blocks of outpost subnets" - value = module.vpc.outpost_subnets_cidr_blocks -} - -output "outpost_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of outpost subnets in an IPv6 enabled VPC" - value = module.vpc.outpost_subnets_ipv6_cidr_blocks -} - -output "database_subnets" { - description = "List of IDs of database subnets" - value = module.vpc.database_subnets -} - -output "database_subnet_arns" { - description = "List of ARNs of database subnets" - value = module.vpc.database_subnet_arns -} - -output "database_subnets_cidr_blocks" { - description = "List of cidr_blocks of database subnets" - value = module.vpc.database_subnets_cidr_blocks -} - -output "database_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of database subnets in an IPv6 enabled VPC" - value = module.vpc.database_subnets_ipv6_cidr_blocks -} - -output "database_subnet_group" { - description = "ID of database subnet group" - value = module.vpc.database_subnet_group -} - -output "database_subnet_group_name" { - description = "Name of database subnet group" - value = module.vpc.database_subnet_group_name -} - -output "redshift_subnets" { - description = "List of IDs of redshift subnets" - value = module.vpc.redshift_subnets -} - -output "redshift_subnet_arns" { - description = "List of ARNs of redshift subnets" - value = module.vpc.redshift_subnet_arns -} - -output "redshift_subnets_cidr_blocks" { - description = "List of cidr_blocks of redshift subnets" - value = module.vpc.redshift_subnets_cidr_blocks -} - -output "redshift_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of redshift subnets in an IPv6 enabled VPC" - value = module.vpc.redshift_subnets_ipv6_cidr_blocks -} - -output "redshift_subnet_group" { - description = "ID of redshift subnet group" - value = module.vpc.redshift_subnet_group -} - -output "elasticache_subnets" { - description = "List of IDs of elasticache subnets" - value = module.vpc.elasticache_subnets -} - -output "elasticache_subnet_arns" { - description = "List of ARNs of elasticache subnets" - value = module.vpc.elasticache_subnet_arns -} - -output "elasticache_subnets_cidr_blocks" { - description = "List of cidr_blocks of elasticache subnets" - value = module.vpc.elasticache_subnets_cidr_blocks -} - -output "elasticache_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of elasticache subnets in an IPv6 enabled VPC" - value = module.vpc.elasticache_subnets_ipv6_cidr_blocks -} - -output "intra_subnets" { - description = "List of IDs of intra subnets" - value = module.vpc.intra_subnets -} - -output "intra_subnet_arns" { - description = "List of ARNs of intra subnets" - value = module.vpc.intra_subnet_arns -} - -output "intra_subnets_cidr_blocks" { - description = "List of cidr_blocks of intra subnets" - value = module.vpc.intra_subnets_cidr_blocks -} - -output "intra_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of intra subnets in an IPv6 enabled VPC" - value = module.vpc.intra_subnets_ipv6_cidr_blocks -} - -output "elasticache_subnet_group" { - description = "ID of elasticache subnet group" - value = module.vpc.elasticache_subnet_group -} - -output "elasticache_subnet_group_name" { - description = "Name of elasticache subnet group" - value = module.vpc.elasticache_subnet_group_name -} - -output "public_route_table_ids" { - description = "List of IDs of public route tables" - value = module.vpc.public_route_table_ids -} - -output "private_route_table_ids" { - description = "List of IDs of private route tables" - value = module.vpc.private_route_table_ids -} - -output "database_route_table_ids" { - description = "List of IDs of database route tables" - value = module.vpc.database_route_table_ids -} - -output "redshift_route_table_ids" { - description = "List of IDs of redshift route tables" - value = module.vpc.redshift_route_table_ids -} - -output "elasticache_route_table_ids" { - description = "List of IDs of elasticache route tables" - value = module.vpc.elasticache_route_table_ids -} - -output "intra_route_table_ids" { - description = "List of IDs of intra route tables" - value = module.vpc.intra_route_table_ids -} - -output "public_internet_gateway_route_id" { - description = "ID of the internet gateway route" - value = module.vpc.public_internet_gateway_route_id -} - -output "public_internet_gateway_ipv6_route_id" { - description = "ID of the IPv6 internet gateway route" - value = module.vpc.public_internet_gateway_ipv6_route_id -} - -output "database_internet_gateway_route_id" { - description = "ID of the database internet gateway route" - value = module.vpc.database_internet_gateway_route_id -} - -output "database_nat_gateway_route_ids" { - description = "List of IDs of the database nat gateway route" - value = module.vpc.database_nat_gateway_route_ids -} - -output "database_ipv6_egress_route_id" { - description = "ID of the database IPv6 egress route" - value = module.vpc.database_ipv6_egress_route_id -} - -output "private_nat_gateway_route_ids" { - description = "List of IDs of the private nat gateway route" - value = module.vpc.private_nat_gateway_route_ids -} - -output "private_ipv6_egress_route_ids" { - description = "List of IDs of the ipv6 egress route" - value = module.vpc.private_ipv6_egress_route_ids -} - -output "private_route_table_association_ids" { - description = "List of IDs of the private route table association" - value = module.vpc.private_route_table_association_ids -} - -output "database_route_table_association_ids" { - description = "List of IDs of the database route table association" - value = module.vpc.database_route_table_association_ids -} - -output "redshift_route_table_association_ids" { - description = "List of IDs of the redshift route table association" - value = module.vpc.redshift_route_table_association_ids -} - -output "redshift_public_route_table_association_ids" { - description = "List of IDs of the public redshift route table association" - value = module.vpc.redshift_public_route_table_association_ids -} - -output "elasticache_route_table_association_ids" { - description = "List of IDs of the elasticache route table association" - value = module.vpc.elasticache_route_table_association_ids -} - -output "intra_route_table_association_ids" { - description = "List of IDs of the intra route table association" - value = module.vpc.intra_route_table_association_ids -} - -output "public_route_table_association_ids" { - description = "List of IDs of the public route table association" - value = module.vpc.public_route_table_association_ids -} - -output "dhcp_options_id" { - description = "The ID of the DHCP options" - value = module.vpc.dhcp_options_id -} - -output "nat_ids" { - description = "List of allocation ID of Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_ids -} - -output "nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_public_ips -} - -output "natgw_ids" { - description = "List of NAT Gateway IDs" - value = module.vpc.natgw_ids -} - -output "igw_id" { - description = "The ID of the Internet Gateway" - value = module.vpc.igw_id -} - -output "igw_arn" { - description = "The ARN of the Internet Gateway" - value = module.vpc.igw_arn -} - -output "egress_only_internet_gateway_id" { - description = "The ID of the egress only Internet Gateway" - value = module.vpc.egress_only_internet_gateway_id -} - -output "cgw_ids" { - description = "List of IDs of Customer Gateway" - value = module.vpc.cgw_ids -} - -output "cgw_arns" { - description = "List of ARNs of Customer Gateway" - value = module.vpc.cgw_arns -} - -output "this_customer_gateway" { - description = "Map of Customer Gateway attributes" - value = module.vpc.this_customer_gateway -} - -output "vgw_id" { - description = "The ID of the VPN Gateway" - value = module.vpc.vgw_id -} - -output "vgw_arn" { - description = "The ARN of the VPN Gateway" - value = module.vpc.vgw_arn -} - -output "default_vpc_id" { - description = "The ID of the Default VPC" - value = module.vpc.default_vpc_id -} - -output "default_vpc_arn" { - description = "The ARN of the Default VPC" - value = module.vpc.default_vpc_arn -} - -output "default_vpc_cidr_block" { - description = "The CIDR block of the Default VPC" - value = module.vpc.default_vpc_cidr_block -} - -output "default_vpc_default_security_group_id" { - description = "The ID of the security group created by default on Default VPC creation" - value = module.vpc.default_vpc_default_security_group_id -} - -output "default_vpc_default_network_acl_id" { - description = "The ID of the default network ACL of the Default VPC" - value = module.vpc.default_vpc_default_network_acl_id -} - -output "default_vpc_default_route_table_id" { - description = "The ID of the default route table of the Default VPC" - value = module.vpc.default_vpc_default_route_table_id -} - -output "default_vpc_instance_tenancy" { - description = "Tenancy of instances spin up within Default VPC" - value = module.vpc.default_vpc_instance_tenancy -} - -output "default_vpc_enable_dns_support" { - description = "Whether or not the Default VPC has DNS support" - value = module.vpc.default_vpc_enable_dns_support -} - -output "default_vpc_enable_dns_hostnames" { - description = "Whether or not the Default VPC has DNS hostname support" - value = module.vpc.default_vpc_enable_dns_hostnames -} - -output "default_vpc_main_route_table_id" { - description = "The ID of the main route table associated with the Default VPC" - value = module.vpc.default_vpc_main_route_table_id -} - -output "public_network_acl_id" { - description = "ID of the public network ACL" - value = module.vpc.public_network_acl_id -} - -output "public_network_acl_arn" { - description = "ARN of the public network ACL" - value = module.vpc.public_network_acl_arn -} - -output "private_network_acl_id" { - description = "ID of the private network ACL" - value = module.vpc.private_network_acl_id -} - -output "private_network_acl_arn" { - description = "ARN of the private network ACL" - value = module.vpc.private_network_acl_arn -} - -output "outpost_network_acl_id" { - description = "ID of the outpost network ACL" - value = module.vpc.outpost_network_acl_id -} - -output "outpost_network_acl_arn" { - description = "ARN of the outpost network ACL" - value = module.vpc.outpost_network_acl_arn -} - -output "intra_network_acl_id" { - description = "ID of the intra network ACL" - value = module.vpc.intra_network_acl_id -} - -output "intra_network_acl_arn" { - description = "ARN of the intra network ACL" - value = module.vpc.intra_network_acl_arn -} - -output "database_network_acl_id" { - description = "ID of the database network ACL" - value = module.vpc.database_network_acl_id -} - -output "database_network_acl_arn" { - description = "ARN of the database network ACL" - value = module.vpc.database_network_acl_arn -} - -output "redshift_network_acl_id" { - description = "ID of the redshift network ACL" - value = module.vpc.redshift_network_acl_id -} - -output "redshift_network_acl_arn" { - description = "ARN of the redshift network ACL" - value = module.vpc.redshift_network_acl_arn -} - -output "elasticache_network_acl_id" { - description = "ID of the elasticache network ACL" - value = module.vpc.elasticache_network_acl_id -} - -output "elasticache_network_acl_arn" { - description = "ARN of the elasticache network ACL" - value = module.vpc.elasticache_network_acl_arn -} - -# VPC flow log -output "vpc_flow_log_id" { - description = "The ID of the Flow Log resource" - value = module.vpc.vpc_flow_log_id -} - -output "vpc_flow_log_destination_arn" { - description = "The ARN of the destination for VPC Flow Logs" - value = module.vpc.vpc_flow_log_destination_arn -} - -output "vpc_flow_log_destination_type" { - description = "The type of the destination for VPC Flow Logs" - value = module.vpc.vpc_flow_log_destination_type -} - -output "vpc_flow_log_cloudwatch_iam_role_arn" { - description = "The ARN of the IAM role used when pushing logs to Cloudwatch log group" - value = module.vpc.vpc_flow_log_cloudwatch_iam_role_arn -} diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/separate-route-tables/variables.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/separate-route-tables/variables.tf deleted file mode 100644 index e69de29b..00000000 diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/separate-route-tables/versions.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/separate-route-tables/versions.tf deleted file mode 100644 index ddfcb0e0..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/separate-route-tables/versions.tf +++ /dev/null @@ -1,10 +0,0 @@ -terraform { - required_version = ">= 1.0" - - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 5.0" - } - } -} diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/simple/README.md b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/simple/README.md deleted file mode 100644 index 0d5658b4..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/simple/README.md +++ /dev/null @@ -1,164 +0,0 @@ -# Simple VPC - -Configuration in this directory creates set of VPC resources which may be sufficient for development environment. - -There is a public and private subnet created per availability zone in addition to single NAT Gateway shared between all 3 availability zones. - -This configuration uses Availability Zone IDs and Availability Zone names for demonstration purposes. Normally, you need to specify only names or IDs. - -[Read more about AWS regions, availability zones and local zones](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-regions-availability-zones). - -## Usage - -To run this example you need to execute: - -```bash -$ terraform init -$ terraform plan -$ terraform apply -``` - -Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources. - - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.0 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | >= 5.0 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [vpc](#module\_vpc) | ../../ | n/a | - -## Resources - -| Name | Type | -|------|------| -| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source | - -## Inputs - -No inputs. - -## Outputs - -| Name | Description | -|------|-------------| -| [cgw\_arns](#output\_cgw\_arns) | List of ARNs of Customer Gateway | -| [cgw\_ids](#output\_cgw\_ids) | List of IDs of Customer Gateway | -| [database\_internet\_gateway\_route\_id](#output\_database\_internet\_gateway\_route\_id) | ID of the database internet gateway route | -| [database\_ipv6\_egress\_route\_id](#output\_database\_ipv6\_egress\_route\_id) | ID of the database IPv6 egress route | -| [database\_nat\_gateway\_route\_ids](#output\_database\_nat\_gateway\_route\_ids) | List of IDs of the database nat gateway route | -| [database\_network\_acl\_arn](#output\_database\_network\_acl\_arn) | ARN of the database network ACL | -| [database\_network\_acl\_id](#output\_database\_network\_acl\_id) | ID of the database network ACL | -| [database\_route\_table\_association\_ids](#output\_database\_route\_table\_association\_ids) | List of IDs of the database route table association | -| [database\_route\_table\_ids](#output\_database\_route\_table\_ids) | List of IDs of database route tables | -| [database\_subnet\_arns](#output\_database\_subnet\_arns) | List of ARNs of database subnets | -| [database\_subnet\_group](#output\_database\_subnet\_group) | ID of database subnet group | -| [database\_subnet\_group\_name](#output\_database\_subnet\_group\_name) | Name of database subnet group | -| [database\_subnets](#output\_database\_subnets) | List of IDs of database subnets | -| [database\_subnets\_cidr\_blocks](#output\_database\_subnets\_cidr\_blocks) | List of cidr\_blocks of database subnets | -| [database\_subnets\_ipv6\_cidr\_blocks](#output\_database\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of database subnets in an IPv6 enabled VPC | -| [default\_network\_acl\_id](#output\_default\_network\_acl\_id) | The ID of the default network ACL | -| [default\_route\_table\_id](#output\_default\_route\_table\_id) | The ID of the default route table | -| [default\_security\_group\_id](#output\_default\_security\_group\_id) | The ID of the security group created by default on VPC creation | -| [default\_vpc\_arn](#output\_default\_vpc\_arn) | The ARN of the Default VPC | -| [default\_vpc\_cidr\_block](#output\_default\_vpc\_cidr\_block) | The CIDR block of the Default VPC | -| [default\_vpc\_default\_network\_acl\_id](#output\_default\_vpc\_default\_network\_acl\_id) | The ID of the default network ACL of the Default VPC | -| [default\_vpc\_default\_route\_table\_id](#output\_default\_vpc\_default\_route\_table\_id) | The ID of the default route table of the Default VPC | -| [default\_vpc\_default\_security\_group\_id](#output\_default\_vpc\_default\_security\_group\_id) | The ID of the security group created by default on Default VPC creation | -| [default\_vpc\_enable\_dns\_hostnames](#output\_default\_vpc\_enable\_dns\_hostnames) | Whether or not the Default VPC has DNS hostname support | -| [default\_vpc\_enable\_dns\_support](#output\_default\_vpc\_enable\_dns\_support) | Whether or not the Default VPC has DNS support | -| [default\_vpc\_id](#output\_default\_vpc\_id) | The ID of the Default VPC | -| [default\_vpc\_instance\_tenancy](#output\_default\_vpc\_instance\_tenancy) | Tenancy of instances spin up within Default VPC | -| [default\_vpc\_main\_route\_table\_id](#output\_default\_vpc\_main\_route\_table\_id) | The ID of the main route table associated with the Default VPC | -| [dhcp\_options\_id](#output\_dhcp\_options\_id) | The ID of the DHCP options | -| [egress\_only\_internet\_gateway\_id](#output\_egress\_only\_internet\_gateway\_id) | The ID of the egress only Internet Gateway | -| [elasticache\_network\_acl\_arn](#output\_elasticache\_network\_acl\_arn) | ARN of the elasticache network ACL | -| [elasticache\_network\_acl\_id](#output\_elasticache\_network\_acl\_id) | ID of the elasticache network ACL | -| [elasticache\_route\_table\_association\_ids](#output\_elasticache\_route\_table\_association\_ids) | List of IDs of the elasticache route table association | -| [elasticache\_route\_table\_ids](#output\_elasticache\_route\_table\_ids) | List of IDs of elasticache route tables | -| [elasticache\_subnet\_arns](#output\_elasticache\_subnet\_arns) | List of ARNs of elasticache subnets | -| [elasticache\_subnet\_group](#output\_elasticache\_subnet\_group) | ID of elasticache subnet group | -| [elasticache\_subnet\_group\_name](#output\_elasticache\_subnet\_group\_name) | Name of elasticache subnet group | -| [elasticache\_subnets](#output\_elasticache\_subnets) | List of IDs of elasticache subnets | -| [elasticache\_subnets\_cidr\_blocks](#output\_elasticache\_subnets\_cidr\_blocks) | List of cidr\_blocks of elasticache subnets | -| [elasticache\_subnets\_ipv6\_cidr\_blocks](#output\_elasticache\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of elasticache subnets in an IPv6 enabled VPC | -| [igw\_arn](#output\_igw\_arn) | The ARN of the Internet Gateway | -| [igw\_id](#output\_igw\_id) | The ID of the Internet Gateway | -| [intra\_network\_acl\_arn](#output\_intra\_network\_acl\_arn) | ARN of the intra network ACL | -| [intra\_network\_acl\_id](#output\_intra\_network\_acl\_id) | ID of the intra network ACL | -| [intra\_route\_table\_association\_ids](#output\_intra\_route\_table\_association\_ids) | List of IDs of the intra route table association | -| [intra\_route\_table\_ids](#output\_intra\_route\_table\_ids) | List of IDs of intra route tables | -| [intra\_subnet\_arns](#output\_intra\_subnet\_arns) | List of ARNs of intra subnets | -| [intra\_subnets](#output\_intra\_subnets) | List of IDs of intra subnets | -| [intra\_subnets\_cidr\_blocks](#output\_intra\_subnets\_cidr\_blocks) | List of cidr\_blocks of intra subnets | -| [intra\_subnets\_ipv6\_cidr\_blocks](#output\_intra\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of intra subnets in an IPv6 enabled VPC | -| [nat\_ids](#output\_nat\_ids) | List of allocation ID of Elastic IPs created for AWS NAT Gateway | -| [nat\_public\_ips](#output\_nat\_public\_ips) | List of public Elastic IPs created for AWS NAT Gateway | -| [natgw\_ids](#output\_natgw\_ids) | List of NAT Gateway IDs | -| [outpost\_network\_acl\_arn](#output\_outpost\_network\_acl\_arn) | ARN of the outpost network ACL | -| [outpost\_network\_acl\_id](#output\_outpost\_network\_acl\_id) | ID of the outpost network ACL | -| [outpost\_subnet\_arns](#output\_outpost\_subnet\_arns) | List of ARNs of outpost subnets | -| [outpost\_subnets](#output\_outpost\_subnets) | List of IDs of outpost subnets | -| [outpost\_subnets\_cidr\_blocks](#output\_outpost\_subnets\_cidr\_blocks) | List of cidr\_blocks of outpost subnets | -| [outpost\_subnets\_ipv6\_cidr\_blocks](#output\_outpost\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of outpost subnets in an IPv6 enabled VPC | -| [private\_ipv6\_egress\_route\_ids](#output\_private\_ipv6\_egress\_route\_ids) | List of IDs of the ipv6 egress route | -| [private\_nat\_gateway\_route\_ids](#output\_private\_nat\_gateway\_route\_ids) | List of IDs of the private nat gateway route | -| [private\_network\_acl\_arn](#output\_private\_network\_acl\_arn) | ARN of the private network ACL | -| [private\_network\_acl\_id](#output\_private\_network\_acl\_id) | ID of the private network ACL | -| [private\_route\_table\_association\_ids](#output\_private\_route\_table\_association\_ids) | List of IDs of the private route table association | -| [private\_route\_table\_ids](#output\_private\_route\_table\_ids) | List of IDs of private route tables | -| [private\_subnet\_arns](#output\_private\_subnet\_arns) | List of ARNs of private subnets | -| [private\_subnets](#output\_private\_subnets) | List of IDs of private subnets | -| [private\_subnets\_cidr\_blocks](#output\_private\_subnets\_cidr\_blocks) | List of cidr\_blocks of private subnets | -| [private\_subnets\_ipv6\_cidr\_blocks](#output\_private\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of private subnets in an IPv6 enabled VPC | -| [public\_internet\_gateway\_ipv6\_route\_id](#output\_public\_internet\_gateway\_ipv6\_route\_id) | ID of the IPv6 internet gateway route | -| [public\_internet\_gateway\_route\_id](#output\_public\_internet\_gateway\_route\_id) | ID of the internet gateway route | -| [public\_network\_acl\_arn](#output\_public\_network\_acl\_arn) | ARN of the public network ACL | -| [public\_network\_acl\_id](#output\_public\_network\_acl\_id) | ID of the public network ACL | -| [public\_route\_table\_association\_ids](#output\_public\_route\_table\_association\_ids) | List of IDs of the public route table association | -| [public\_route\_table\_ids](#output\_public\_route\_table\_ids) | List of IDs of public route tables | -| [public\_subnet\_arns](#output\_public\_subnet\_arns) | List of ARNs of public subnets | -| [public\_subnets](#output\_public\_subnets) | List of IDs of public subnets | -| [public\_subnets\_cidr\_blocks](#output\_public\_subnets\_cidr\_blocks) | List of cidr\_blocks of public subnets | -| [public\_subnets\_ipv6\_cidr\_blocks](#output\_public\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of public subnets in an IPv6 enabled VPC | -| [redshift\_network\_acl\_arn](#output\_redshift\_network\_acl\_arn) | ARN of the redshift network ACL | -| [redshift\_network\_acl\_id](#output\_redshift\_network\_acl\_id) | ID of the redshift network ACL | -| [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshift route table association | -| [redshift\_route\_table\_association\_ids](#output\_redshift\_route\_table\_association\_ids) | List of IDs of the redshift route table association | -| [redshift\_route\_table\_ids](#output\_redshift\_route\_table\_ids) | List of IDs of redshift route tables | -| [redshift\_subnet\_arns](#output\_redshift\_subnet\_arns) | List of ARNs of redshift subnets | -| [redshift\_subnet\_group](#output\_redshift\_subnet\_group) | ID of redshift subnet group | -| [redshift\_subnets](#output\_redshift\_subnets) | List of IDs of redshift subnets | -| [redshift\_subnets\_cidr\_blocks](#output\_redshift\_subnets\_cidr\_blocks) | List of cidr\_blocks of redshift subnets | -| [redshift\_subnets\_ipv6\_cidr\_blocks](#output\_redshift\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of redshift subnets in an IPv6 enabled VPC | -| [this\_customer\_gateway](#output\_this\_customer\_gateway) | Map of Customer Gateway attributes | -| [vgw\_arn](#output\_vgw\_arn) | The ARN of the VPN Gateway | -| [vgw\_id](#output\_vgw\_id) | The ID of the VPN Gateway | -| [vpc\_arn](#output\_vpc\_arn) | The ARN of the VPC | -| [vpc\_cidr\_block](#output\_vpc\_cidr\_block) | The CIDR block of the VPC | -| [vpc\_enable\_dns\_hostnames](#output\_vpc\_enable\_dns\_hostnames) | Whether or not the VPC has DNS hostname support | -| [vpc\_enable\_dns\_support](#output\_vpc\_enable\_dns\_support) | Whether or not the VPC has DNS support | -| [vpc\_flow\_log\_cloudwatch\_iam\_role\_arn](#output\_vpc\_flow\_log\_cloudwatch\_iam\_role\_arn) | The ARN of the IAM role used when pushing logs to Cloudwatch log group | -| [vpc\_flow\_log\_destination\_arn](#output\_vpc\_flow\_log\_destination\_arn) | The ARN of the destination for VPC Flow Logs | -| [vpc\_flow\_log\_destination\_type](#output\_vpc\_flow\_log\_destination\_type) | The type of the destination for VPC Flow Logs | -| [vpc\_flow\_log\_id](#output\_vpc\_flow\_log\_id) | The ID of the Flow Log resource | -| [vpc\_id](#output\_vpc\_id) | The ID of the VPC | -| [vpc\_instance\_tenancy](#output\_vpc\_instance\_tenancy) | Tenancy of instances spin up within VPC | -| [vpc\_ipv6\_association\_id](#output\_vpc\_ipv6\_association\_id) | The association ID for the IPv6 CIDR block | -| [vpc\_ipv6\_cidr\_block](#output\_vpc\_ipv6\_cidr\_block) | The IPv6 CIDR block | -| [vpc\_main\_route\_table\_id](#output\_vpc\_main\_route\_table\_id) | The ID of the main route table associated with this VPC | -| [vpc\_owner\_id](#output\_vpc\_owner\_id) | The ID of the AWS account that owns the VPC | -| [vpc\_secondary\_cidr\_blocks](#output\_vpc\_secondary\_cidr\_blocks) | List of secondary CIDR blocks of the VPC | - diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/simple/main.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/simple/main.tf deleted file mode 100644 index 32497717..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/simple/main.tf +++ /dev/null @@ -1,35 +0,0 @@ -provider "aws" { - region = local.region -} - -data "aws_availability_zones" "available" {} - -locals { - name = "ex-${basename(path.cwd)}" - region = "eu-west-1" - - vpc_cidr = "10.0.0.0/16" - azs = slice(data.aws_availability_zones.available.names, 0, 3) - - tags = { - Example = local.name - GithubRepo = "terraform-aws-vpc" - GithubOrg = "terraform-aws-modules" - } -} - -################################################################################ -# VPC Module -################################################################################ - -module "vpc" { - source = "../../" - - name = local.name - cidr = local.vpc_cidr - - azs = local.azs - private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)] - - tags = local.tags -} diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/simple/outputs.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/simple/outputs.tf deleted file mode 100644 index 77f244a9..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/simple/outputs.tf +++ /dev/null @@ -1,535 +0,0 @@ -output "vpc_id" { - description = "The ID of the VPC" - value = module.vpc.vpc_id -} - -output "vpc_arn" { - description = "The ARN of the VPC" - value = module.vpc.vpc_arn -} - -output "vpc_cidr_block" { - description = "The CIDR block of the VPC" - value = module.vpc.vpc_cidr_block -} - -output "default_security_group_id" { - description = "The ID of the security group created by default on VPC creation" - value = module.vpc.default_security_group_id -} - -output "default_network_acl_id" { - description = "The ID of the default network ACL" - value = module.vpc.default_network_acl_id -} - -output "default_route_table_id" { - description = "The ID of the default route table" - value = module.vpc.default_route_table_id -} - -output "vpc_instance_tenancy" { - description = "Tenancy of instances spin up within VPC" - value = module.vpc.vpc_instance_tenancy -} - -output "vpc_enable_dns_support" { - description = "Whether or not the VPC has DNS support" - value = module.vpc.vpc_enable_dns_support -} - -output "vpc_enable_dns_hostnames" { - description = "Whether or not the VPC has DNS hostname support" - value = module.vpc.vpc_enable_dns_hostnames -} - -output "vpc_main_route_table_id" { - description = "The ID of the main route table associated with this VPC" - value = module.vpc.vpc_main_route_table_id -} - -output "vpc_ipv6_association_id" { - description = "The association ID for the IPv6 CIDR block" - value = module.vpc.vpc_ipv6_association_id -} - -output "vpc_ipv6_cidr_block" { - description = "The IPv6 CIDR block" - value = module.vpc.vpc_ipv6_cidr_block -} - -output "vpc_secondary_cidr_blocks" { - description = "List of secondary CIDR blocks of the VPC" - value = module.vpc.vpc_secondary_cidr_blocks -} - -output "vpc_owner_id" { - description = "The ID of the AWS account that owns the VPC" - value = module.vpc.vpc_owner_id -} - -output "private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc.private_subnets -} - -output "private_subnet_arns" { - description = "List of ARNs of private subnets" - value = module.vpc.private_subnet_arns -} - -output "private_subnets_cidr_blocks" { - description = "List of cidr_blocks of private subnets" - value = module.vpc.private_subnets_cidr_blocks -} - -output "private_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of private subnets in an IPv6 enabled VPC" - value = module.vpc.private_subnets_ipv6_cidr_blocks -} - -output "public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc.public_subnets -} - -output "public_subnet_arns" { - description = "List of ARNs of public subnets" - value = module.vpc.public_subnet_arns -} - -output "public_subnets_cidr_blocks" { - description = "List of cidr_blocks of public subnets" - value = module.vpc.public_subnets_cidr_blocks -} - -output "public_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of public subnets in an IPv6 enabled VPC" - value = module.vpc.public_subnets_ipv6_cidr_blocks -} - -output "outpost_subnets" { - description = "List of IDs of outpost subnets" - value = module.vpc.outpost_subnets -} - -output "outpost_subnet_arns" { - description = "List of ARNs of outpost subnets" - value = module.vpc.outpost_subnet_arns -} - -output "outpost_subnets_cidr_blocks" { - description = "List of cidr_blocks of outpost subnets" - value = module.vpc.outpost_subnets_cidr_blocks -} - -output "outpost_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of outpost subnets in an IPv6 enabled VPC" - value = module.vpc.outpost_subnets_ipv6_cidr_blocks -} - -output "database_subnets" { - description = "List of IDs of database subnets" - value = module.vpc.database_subnets -} - -output "database_subnet_arns" { - description = "List of ARNs of database subnets" - value = module.vpc.database_subnet_arns -} - -output "database_subnets_cidr_blocks" { - description = "List of cidr_blocks of database subnets" - value = module.vpc.database_subnets_cidr_blocks -} - -output "database_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of database subnets in an IPv6 enabled VPC" - value = module.vpc.database_subnets_ipv6_cidr_blocks -} - -output "database_subnet_group" { - description = "ID of database subnet group" - value = module.vpc.database_subnet_group -} - -output "database_subnet_group_name" { - description = "Name of database subnet group" - value = module.vpc.database_subnet_group_name -} - -output "redshift_subnets" { - description = "List of IDs of redshift subnets" - value = module.vpc.redshift_subnets -} - -output "redshift_subnet_arns" { - description = "List of ARNs of redshift subnets" - value = module.vpc.redshift_subnet_arns -} - -output "redshift_subnets_cidr_blocks" { - description = "List of cidr_blocks of redshift subnets" - value = module.vpc.redshift_subnets_cidr_blocks -} - -output "redshift_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of redshift subnets in an IPv6 enabled VPC" - value = module.vpc.redshift_subnets_ipv6_cidr_blocks -} - -output "redshift_subnet_group" { - description = "ID of redshift subnet group" - value = module.vpc.redshift_subnet_group -} - -output "elasticache_subnets" { - description = "List of IDs of elasticache subnets" - value = module.vpc.elasticache_subnets -} - -output "elasticache_subnet_arns" { - description = "List of ARNs of elasticache subnets" - value = module.vpc.elasticache_subnet_arns -} - -output "elasticache_subnets_cidr_blocks" { - description = "List of cidr_blocks of elasticache subnets" - value = module.vpc.elasticache_subnets_cidr_blocks -} - -output "elasticache_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of elasticache subnets in an IPv6 enabled VPC" - value = module.vpc.elasticache_subnets_ipv6_cidr_blocks -} - -output "intra_subnets" { - description = "List of IDs of intra subnets" - value = module.vpc.intra_subnets -} - -output "intra_subnet_arns" { - description = "List of ARNs of intra subnets" - value = module.vpc.intra_subnet_arns -} - -output "intra_subnets_cidr_blocks" { - description = "List of cidr_blocks of intra subnets" - value = module.vpc.intra_subnets_cidr_blocks -} - -output "intra_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of intra subnets in an IPv6 enabled VPC" - value = module.vpc.intra_subnets_ipv6_cidr_blocks -} - -output "elasticache_subnet_group" { - description = "ID of elasticache subnet group" - value = module.vpc.elasticache_subnet_group -} - -output "elasticache_subnet_group_name" { - description = "Name of elasticache subnet group" - value = module.vpc.elasticache_subnet_group_name -} - -output "public_route_table_ids" { - description = "List of IDs of public route tables" - value = module.vpc.public_route_table_ids -} - -output "private_route_table_ids" { - description = "List of IDs of private route tables" - value = module.vpc.private_route_table_ids -} - -output "database_route_table_ids" { - description = "List of IDs of database route tables" - value = module.vpc.database_route_table_ids -} - -output "redshift_route_table_ids" { - description = "List of IDs of redshift route tables" - value = module.vpc.redshift_route_table_ids -} - -output "elasticache_route_table_ids" { - description = "List of IDs of elasticache route tables" - value = module.vpc.elasticache_route_table_ids -} - -output "intra_route_table_ids" { - description = "List of IDs of intra route tables" - value = module.vpc.intra_route_table_ids -} - -output "public_internet_gateway_route_id" { - description = "ID of the internet gateway route" - value = module.vpc.public_internet_gateway_route_id -} - -output "public_internet_gateway_ipv6_route_id" { - description = "ID of the IPv6 internet gateway route" - value = module.vpc.public_internet_gateway_ipv6_route_id -} - -output "database_internet_gateway_route_id" { - description = "ID of the database internet gateway route" - value = module.vpc.database_internet_gateway_route_id -} - -output "database_nat_gateway_route_ids" { - description = "List of IDs of the database nat gateway route" - value = module.vpc.database_nat_gateway_route_ids -} - -output "database_ipv6_egress_route_id" { - description = "ID of the database IPv6 egress route" - value = module.vpc.database_ipv6_egress_route_id -} - -output "private_nat_gateway_route_ids" { - description = "List of IDs of the private nat gateway route" - value = module.vpc.private_nat_gateway_route_ids -} - -output "private_ipv6_egress_route_ids" { - description = "List of IDs of the ipv6 egress route" - value = module.vpc.private_ipv6_egress_route_ids -} - -output "private_route_table_association_ids" { - description = "List of IDs of the private route table association" - value = module.vpc.private_route_table_association_ids -} - -output "database_route_table_association_ids" { - description = "List of IDs of the database route table association" - value = module.vpc.database_route_table_association_ids -} - -output "redshift_route_table_association_ids" { - description = "List of IDs of the redshift route table association" - value = module.vpc.redshift_route_table_association_ids -} - -output "redshift_public_route_table_association_ids" { - description = "List of IDs of the public redshift route table association" - value = module.vpc.redshift_public_route_table_association_ids -} - -output "elasticache_route_table_association_ids" { - description = "List of IDs of the elasticache route table association" - value = module.vpc.elasticache_route_table_association_ids -} - -output "intra_route_table_association_ids" { - description = "List of IDs of the intra route table association" - value = module.vpc.intra_route_table_association_ids -} - -output "public_route_table_association_ids" { - description = "List of IDs of the public route table association" - value = module.vpc.public_route_table_association_ids -} - -output "dhcp_options_id" { - description = "The ID of the DHCP options" - value = module.vpc.dhcp_options_id -} - -output "nat_ids" { - description = "List of allocation ID of Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_ids -} - -output "nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_public_ips -} - -output "natgw_ids" { - description = "List of NAT Gateway IDs" - value = module.vpc.natgw_ids -} - -output "igw_id" { - description = "The ID of the Internet Gateway" - value = module.vpc.igw_id -} - -output "igw_arn" { - description = "The ARN of the Internet Gateway" - value = module.vpc.igw_arn -} - -output "egress_only_internet_gateway_id" { - description = "The ID of the egress only Internet Gateway" - value = module.vpc.egress_only_internet_gateway_id -} - -output "cgw_ids" { - description = "List of IDs of Customer Gateway" - value = module.vpc.cgw_ids -} - -output "cgw_arns" { - description = "List of ARNs of Customer Gateway" - value = module.vpc.cgw_arns -} - -output "this_customer_gateway" { - description = "Map of Customer Gateway attributes" - value = module.vpc.this_customer_gateway -} - -output "vgw_id" { - description = "The ID of the VPN Gateway" - value = module.vpc.vgw_id -} - -output "vgw_arn" { - description = "The ARN of the VPN Gateway" - value = module.vpc.vgw_arn -} - -output "default_vpc_id" { - description = "The ID of the Default VPC" - value = module.vpc.default_vpc_id -} - -output "default_vpc_arn" { - description = "The ARN of the Default VPC" - value = module.vpc.default_vpc_arn -} - -output "default_vpc_cidr_block" { - description = "The CIDR block of the Default VPC" - value = module.vpc.default_vpc_cidr_block -} - -output "default_vpc_default_security_group_id" { - description = "The ID of the security group created by default on Default VPC creation" - value = module.vpc.default_vpc_default_security_group_id -} - -output "default_vpc_default_network_acl_id" { - description = "The ID of the default network ACL of the Default VPC" - value = module.vpc.default_vpc_default_network_acl_id -} - -output "default_vpc_default_route_table_id" { - description = "The ID of the default route table of the Default VPC" - value = module.vpc.default_vpc_default_route_table_id -} - -output "default_vpc_instance_tenancy" { - description = "Tenancy of instances spin up within Default VPC" - value = module.vpc.default_vpc_instance_tenancy -} - -output "default_vpc_enable_dns_support" { - description = "Whether or not the Default VPC has DNS support" - value = module.vpc.default_vpc_enable_dns_support -} - -output "default_vpc_enable_dns_hostnames" { - description = "Whether or not the Default VPC has DNS hostname support" - value = module.vpc.default_vpc_enable_dns_hostnames -} - -output "default_vpc_main_route_table_id" { - description = "The ID of the main route table associated with the Default VPC" - value = module.vpc.default_vpc_main_route_table_id -} - -output "public_network_acl_id" { - description = "ID of the public network ACL" - value = module.vpc.public_network_acl_id -} - -output "public_network_acl_arn" { - description = "ARN of the public network ACL" - value = module.vpc.public_network_acl_arn -} - -output "private_network_acl_id" { - description = "ID of the private network ACL" - value = module.vpc.private_network_acl_id -} - -output "private_network_acl_arn" { - description = "ARN of the private network ACL" - value = module.vpc.private_network_acl_arn -} - -output "outpost_network_acl_id" { - description = "ID of the outpost network ACL" - value = module.vpc.outpost_network_acl_id -} - -output "outpost_network_acl_arn" { - description = "ARN of the outpost network ACL" - value = module.vpc.outpost_network_acl_arn -} - -output "intra_network_acl_id" { - description = "ID of the intra network ACL" - value = module.vpc.intra_network_acl_id -} - -output "intra_network_acl_arn" { - description = "ARN of the intra network ACL" - value = module.vpc.intra_network_acl_arn -} - -output "database_network_acl_id" { - description = "ID of the database network ACL" - value = module.vpc.database_network_acl_id -} - -output "database_network_acl_arn" { - description = "ARN of the database network ACL" - value = module.vpc.database_network_acl_arn -} - -output "redshift_network_acl_id" { - description = "ID of the redshift network ACL" - value = module.vpc.redshift_network_acl_id -} - -output "redshift_network_acl_arn" { - description = "ARN of the redshift network ACL" - value = module.vpc.redshift_network_acl_arn -} - -output "elasticache_network_acl_id" { - description = "ID of the elasticache network ACL" - value = module.vpc.elasticache_network_acl_id -} - -output "elasticache_network_acl_arn" { - description = "ARN of the elasticache network ACL" - value = module.vpc.elasticache_network_acl_arn -} - -# VPC flow log -output "vpc_flow_log_id" { - description = "The ID of the Flow Log resource" - value = module.vpc.vpc_flow_log_id -} - -output "vpc_flow_log_destination_arn" { - description = "The ARN of the destination for VPC Flow Logs" - value = module.vpc.vpc_flow_log_destination_arn -} - -output "vpc_flow_log_destination_type" { - description = "The type of the destination for VPC Flow Logs" - value = module.vpc.vpc_flow_log_destination_type -} - -output "vpc_flow_log_cloudwatch_iam_role_arn" { - description = "The ARN of the IAM role used when pushing logs to Cloudwatch log group" - value = module.vpc.vpc_flow_log_cloudwatch_iam_role_arn -} diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/simple/variables.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/simple/variables.tf deleted file mode 100644 index e69de29b..00000000 diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/simple/versions.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/simple/versions.tf deleted file mode 100644 index ddfcb0e0..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/simple/versions.tf +++ /dev/null @@ -1,10 +0,0 @@ -terraform { - required_version = ">= 1.0" - - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 5.0" - } - } -} diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/vpc-flow-logs/README.md b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/vpc-flow-logs/README.md deleted file mode 100644 index d0cb120a..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/vpc-flow-logs/README.md +++ /dev/null @@ -1,80 +0,0 @@ -# VPC with enabled VPC flow log to S3 and CloudWatch logs - -Configuration in this directory creates a set of VPC resources with VPC Flow Logs enabled in different configurations: - -1. `cloud-watch-logs.tf` - Push logs to a new AWS CloudWatch Log group. -1. `cloud-watch-logs.tf` - Push logs to an existing AWS CloudWatch Log group using existing IAM role (created outside of this module). -1. `s3.tf` - Push logs to an existing S3 bucket (created outside of this module). - -## Usage - -To run this example you need to execute: - -```bash -$ terraform init -$ terraform plan -$ terraform apply -``` - -Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources. - - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.0 | -| [random](#requirement\_random) | >= 2.0 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | >= 5.0 | -| [random](#provider\_random) | >= 2.0 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 3.0 | -| [vpc\_with\_flow\_logs\_cloudwatch\_logs](#module\_vpc\_with\_flow\_logs\_cloudwatch\_logs) | ../../ | n/a | -| [vpc\_with\_flow\_logs\_cloudwatch\_logs\_default](#module\_vpc\_with\_flow\_logs\_cloudwatch\_logs\_default) | ../../ | n/a | -| [vpc\_with\_flow\_logs\_s3\_bucket](#module\_vpc\_with\_flow\_logs\_s3\_bucket) | ../../ | n/a | -| [vpc\_with\_flow\_logs\_s3\_bucket\_parquet](#module\_vpc\_with\_flow\_logs\_s3\_bucket\_parquet) | ../../ | n/a | - -## Resources - -| Name | Type | -|------|------| -| [aws_cloudwatch_log_group.flow_log](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource | -| [aws_iam_policy.vpc_flow_log_cloudwatch](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_role.vpc_flow_log_cloudwatch](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | -| [aws_iam_role_policy_attachment.vpc_flow_log_cloudwatch](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | -| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source | -| [aws_iam_policy_document.flow_log_cloudwatch_assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_iam_policy_document.flow_log_s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_iam_policy_document.vpc_flow_log_cloudwatch](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | - -## Inputs - -No inputs. - -## Outputs - -| Name | Description | -|------|-------------| -| [vpc\_flow\_logs\_s3\_bucket\_vpc\_flow\_log\_destination\_arn](#output\_vpc\_flow\_logs\_s3\_bucket\_vpc\_flow\_log\_destination\_arn) | The ARN of the destination for VPC Flow Logs | -| [vpc\_flow\_logs\_s3\_bucket\_vpc\_flow\_log\_destination\_type](#output\_vpc\_flow\_logs\_s3\_bucket\_vpc\_flow\_log\_destination\_type) | The type of the destination for VPC Flow Logs | -| [vpc\_flow\_logs\_s3\_bucket\_vpc\_flow\_log\_id](#output\_vpc\_flow\_logs\_s3\_bucket\_vpc\_flow\_log\_id) | The ID of the Flow Log resource | -| [vpc\_with\_flow\_logs\_cloudwatch\_logs\_default\_vpc\_flow\_log\_cloudwatch\_iam\_role\_arn](#output\_vpc\_with\_flow\_logs\_cloudwatch\_logs\_default\_vpc\_flow\_log\_cloudwatch\_iam\_role\_arn) | The ARN of the IAM role used when pushing logs to Cloudwatch log group | -| [vpc\_with\_flow\_logs\_cloudwatch\_logs\_default\_vpc\_flow\_log\_destination\_arn](#output\_vpc\_with\_flow\_logs\_cloudwatch\_logs\_default\_vpc\_flow\_log\_destination\_arn) | The ARN of the destination for VPC Flow Logs | -| [vpc\_with\_flow\_logs\_cloudwatch\_logs\_default\_vpc\_flow\_log\_destination\_type](#output\_vpc\_with\_flow\_logs\_cloudwatch\_logs\_default\_vpc\_flow\_log\_destination\_type) | The type of the destination for VPC Flow Logs | -| [vpc\_with\_flow\_logs\_cloudwatch\_logs\_default\_vpc\_flow\_log\_id](#output\_vpc\_with\_flow\_logs\_cloudwatch\_logs\_default\_vpc\_flow\_log\_id) | The ID of the Flow Log resource | -| [vpc\_with\_flow\_logs\_cloudwatch\_logs\_vpc\_flow\_log\_cloudwatch\_iam\_role\_arn](#output\_vpc\_with\_flow\_logs\_cloudwatch\_logs\_vpc\_flow\_log\_cloudwatch\_iam\_role\_arn) | The ARN of the IAM role used when pushing logs to Cloudwatch log group | -| [vpc\_with\_flow\_logs\_cloudwatch\_logs\_vpc\_flow\_log\_destination\_arn](#output\_vpc\_with\_flow\_logs\_cloudwatch\_logs\_vpc\_flow\_log\_destination\_arn) | The ARN of the destination for VPC Flow Logs | -| [vpc\_with\_flow\_logs\_cloudwatch\_logs\_vpc\_flow\_log\_destination\_type](#output\_vpc\_with\_flow\_logs\_cloudwatch\_logs\_vpc\_flow\_log\_destination\_type) | The type of the destination for VPC Flow Logs | -| [vpc\_with\_flow\_logs\_cloudwatch\_logs\_vpc\_flow\_log\_id](#output\_vpc\_with\_flow\_logs\_cloudwatch\_logs\_vpc\_flow\_log\_id) | The ID of the Flow Log resource | - diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/vpc-flow-logs/main.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/vpc-flow-logs/main.tf deleted file mode 100644 index 140aa0cd..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/vpc-flow-logs/main.tf +++ /dev/null @@ -1,197 +0,0 @@ -provider "aws" { - region = local.region -} - -data "aws_availability_zones" "available" {} - -locals { - name = "ex-${basename(path.cwd)}" - region = "eu-west-1" - - vpc_cidr = "10.0.0.0/16" - azs = slice(data.aws_availability_zones.available.names, 0, 3) - - tags = { - Example = local.name - GithubRepo = "terraform-aws-vpc" - GithubOrg = "terraform-aws-modules" - } - - s3_bucket_name = "vpc-flow-logs-to-s3-${random_pet.this.id}" -} - -################################################################################ -# VPC Module -################################################################################ - -module "vpc_with_flow_logs_s3_bucket" { - source = "../../" - - name = local.name - cidr = local.vpc_cidr - - azs = local.azs - private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k)] - public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 4)] - - enable_flow_log = true - flow_log_destination_type = "s3" - flow_log_destination_arn = module.s3_bucket.s3_bucket_arn - - vpc_flow_log_tags = local.tags -} - -module "vpc_with_flow_logs_s3_bucket_parquet" { - source = "../../" - - name = "${local.name}-parquet" - cidr = local.vpc_cidr - - azs = local.azs - private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k)] - public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 4)] - - enable_flow_log = true - flow_log_destination_type = "s3" - flow_log_destination_arn = module.s3_bucket.s3_bucket_arn - flow_log_file_format = "parquet" - - vpc_flow_log_tags = local.tags -} - -# CloudWatch Log Group and IAM role created automatically -module "vpc_with_flow_logs_cloudwatch_logs_default" { - source = "../../" - - name = "${local.name}-cloudwatch-logs-default" - cidr = local.vpc_cidr - - azs = local.azs - private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k)] - public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 4)] - - # Cloudwatch log group and IAM role will be created - enable_flow_log = true - create_flow_log_cloudwatch_log_group = true - create_flow_log_cloudwatch_iam_role = true - - flow_log_max_aggregation_interval = 60 - flow_log_cloudwatch_log_group_name_prefix = "/aws/my-amazing-vpc-flow-logz/" - flow_log_cloudwatch_log_group_name_suffix = "my-test" - - vpc_flow_log_tags = local.tags -} - -# CloudWatch Log Group and IAM role created separately -module "vpc_with_flow_logs_cloudwatch_logs" { - source = "../../" - - name = "${local.name}-cloudwatch-logs" - cidr = local.vpc_cidr - - azs = local.azs - private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k)] - public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 4)] - - enable_flow_log = true - flow_log_destination_type = "cloud-watch-logs" - flow_log_destination_arn = aws_cloudwatch_log_group.flow_log.arn - flow_log_cloudwatch_iam_role_arn = aws_iam_role.vpc_flow_log_cloudwatch.arn - - vpc_flow_log_tags = local.tags -} - -################################################################################ -# Supporting Resources -################################################################################ - -resource "random_pet" "this" { - length = 2 -} - -# S3 Bucket -module "s3_bucket" { - source = "terraform-aws-modules/s3-bucket/aws" - version = "~> 3.0" - - bucket = local.s3_bucket_name - policy = data.aws_iam_policy_document.flow_log_s3.json - force_destroy = true - - tags = local.tags -} - -data "aws_iam_policy_document" "flow_log_s3" { - statement { - sid = "AWSLogDeliveryWrite" - - principals { - type = "Service" - identifiers = ["delivery.logs.amazonaws.com"] - } - - actions = ["s3:PutObject"] - - resources = ["arn:aws:s3:::${local.s3_bucket_name}/AWSLogs/*"] - } - - statement { - sid = "AWSLogDeliveryAclCheck" - - principals { - type = "Service" - identifiers = ["delivery.logs.amazonaws.com"] - } - - actions = ["s3:GetBucketAcl"] - - resources = ["arn:aws:s3:::${local.s3_bucket_name}"] - } -} - -# Cloudwatch logs -resource "aws_cloudwatch_log_group" "flow_log" { - name = "vpc-flow-logs-to-cloudwatch-${random_pet.this.id}" -} - -resource "aws_iam_role" "vpc_flow_log_cloudwatch" { - name_prefix = "vpc-flow-log-role-" - assume_role_policy = data.aws_iam_policy_document.flow_log_cloudwatch_assume_role.json -} - -data "aws_iam_policy_document" "flow_log_cloudwatch_assume_role" { - statement { - principals { - type = "Service" - identifiers = ["vpc-flow-logs.amazonaws.com"] - } - - actions = ["sts:AssumeRole"] - } -} - -resource "aws_iam_role_policy_attachment" "vpc_flow_log_cloudwatch" { - role = aws_iam_role.vpc_flow_log_cloudwatch.name - policy_arn = aws_iam_policy.vpc_flow_log_cloudwatch.arn -} - -resource "aws_iam_policy" "vpc_flow_log_cloudwatch" { - name_prefix = "vpc-flow-log-cloudwatch-" - policy = data.aws_iam_policy_document.vpc_flow_log_cloudwatch.json -} - -data "aws_iam_policy_document" "vpc_flow_log_cloudwatch" { - statement { - sid = "AWSVPCFlowLogsPushToCloudWatch" - - actions = [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - "logs:DescribeLogGroups", - "logs:DescribeLogStreams", - ] - - resources = ["*"] - } -} diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/vpc-flow-logs/outputs.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/vpc-flow-logs/outputs.tf deleted file mode 100644 index 4f779423..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/vpc-flow-logs/outputs.tf +++ /dev/null @@ -1,57 +0,0 @@ -# VPC flow log - Cloudwatch logs (default) -output "vpc_with_flow_logs_cloudwatch_logs_default_vpc_flow_log_id" { - description = "The ID of the Flow Log resource" - value = module.vpc_with_flow_logs_cloudwatch_logs_default.vpc_flow_log_id -} - -output "vpc_with_flow_logs_cloudwatch_logs_default_vpc_flow_log_destination_arn" { - description = "The ARN of the destination for VPC Flow Logs" - value = module.vpc_with_flow_logs_cloudwatch_logs_default.vpc_flow_log_destination_arn -} - -output "vpc_with_flow_logs_cloudwatch_logs_default_vpc_flow_log_destination_type" { - description = "The type of the destination for VPC Flow Logs" - value = module.vpc_with_flow_logs_cloudwatch_logs_default.vpc_flow_log_destination_type -} - -output "vpc_with_flow_logs_cloudwatch_logs_default_vpc_flow_log_cloudwatch_iam_role_arn" { - description = "The ARN of the IAM role used when pushing logs to Cloudwatch log group" - value = module.vpc_with_flow_logs_cloudwatch_logs_default.vpc_flow_log_cloudwatch_iam_role_arn -} - -# VPC flow log - Cloudwatch logs (created separately) -output "vpc_with_flow_logs_cloudwatch_logs_vpc_flow_log_id" { - description = "The ID of the Flow Log resource" - value = module.vpc_with_flow_logs_cloudwatch_logs.vpc_flow_log_id -} - -output "vpc_with_flow_logs_cloudwatch_logs_vpc_flow_log_destination_arn" { - description = "The ARN of the destination for VPC Flow Logs" - value = module.vpc_with_flow_logs_cloudwatch_logs.vpc_flow_log_destination_arn -} - -output "vpc_with_flow_logs_cloudwatch_logs_vpc_flow_log_destination_type" { - description = "The type of the destination for VPC Flow Logs" - value = module.vpc_with_flow_logs_cloudwatch_logs.vpc_flow_log_destination_type -} - -output "vpc_with_flow_logs_cloudwatch_logs_vpc_flow_log_cloudwatch_iam_role_arn" { - description = "The ARN of the IAM role used when pushing logs to Cloudwatch log group" - value = module.vpc_with_flow_logs_cloudwatch_logs.vpc_flow_log_cloudwatch_iam_role_arn -} - -# VPC flow log - S3 bucket -output "vpc_flow_logs_s3_bucket_vpc_flow_log_id" { - description = "The ID of the Flow Log resource" - value = module.vpc_with_flow_logs_s3_bucket.vpc_flow_log_id -} - -output "vpc_flow_logs_s3_bucket_vpc_flow_log_destination_arn" { - description = "The ARN of the destination for VPC Flow Logs" - value = module.vpc_with_flow_logs_s3_bucket.vpc_flow_log_destination_arn -} - -output "vpc_flow_logs_s3_bucket_vpc_flow_log_destination_type" { - description = "The type of the destination for VPC Flow Logs" - value = module.vpc_with_flow_logs_s3_bucket.vpc_flow_log_destination_type -} diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/vpc-flow-logs/variables.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/vpc-flow-logs/variables.tf deleted file mode 100644 index e69de29b..00000000 diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/vpc-flow-logs/versions.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/vpc-flow-logs/versions.tf deleted file mode 100644 index 38365228..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/examples/vpc-flow-logs/versions.tf +++ /dev/null @@ -1,15 +0,0 @@ -terraform { - required_version = ">= 1.0" - - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 5.0" - } - - random = { - source = "hashicorp/random" - version = ">= 2.0" - } - } -} diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/main.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/main.tf deleted file mode 100644 index 9d19218f..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/main.tf +++ /dev/null @@ -1,1343 +0,0 @@ -locals { - len_public_subnets = max(length(var.public_subnets), length(var.public_subnet_ipv6_prefixes)) - len_private_subnets = max(length(var.private_subnets), length(var.private_subnet_ipv6_prefixes)) - len_database_subnets = max(length(var.database_subnets), length(var.database_subnet_ipv6_prefixes)) - len_elasticache_subnets = max(length(var.elasticache_subnets), length(var.elasticache_subnet_ipv6_prefixes)) - len_redshift_subnets = max(length(var.redshift_subnets), length(var.redshift_subnet_ipv6_prefixes)) - len_intra_subnets = max(length(var.intra_subnets), length(var.intra_subnet_ipv6_prefixes)) - len_outpost_subnets = max(length(var.outpost_subnets), length(var.outpost_subnet_ipv6_prefixes)) - - max_subnet_length = max( - local.len_private_subnets, - local.len_public_subnets, - local.len_elasticache_subnets, - local.len_database_subnets, - local.len_redshift_subnets, - ) - - # Use `local.vpc_id` to give a hint to Terraform that subnets should be deleted before secondary CIDR blocks can be free! - vpc_id = try(aws_vpc_ipv4_cidr_block_association.this[0].vpc_id, aws_vpc.this[0].id, "") - - create_vpc = var.create_vpc && var.putin_khuylo -} - -################################################################################ -# VPC -################################################################################ - -resource "aws_vpc" "this" { - count = local.create_vpc ? 1 : 0 - - cidr_block = var.use_ipam_pool ? null : var.cidr - ipv4_ipam_pool_id = var.ipv4_ipam_pool_id - ipv4_netmask_length = var.ipv4_netmask_length - - assign_generated_ipv6_cidr_block = var.enable_ipv6 && !var.use_ipam_pool ? true : null - ipv6_cidr_block = var.ipv6_cidr - ipv6_ipam_pool_id = var.ipv6_ipam_pool_id - ipv6_netmask_length = var.ipv6_netmask_length - ipv6_cidr_block_network_border_group = var.ipv6_cidr_block_network_border_group - - instance_tenancy = var.instance_tenancy - enable_dns_hostnames = var.enable_dns_hostnames - enable_dns_support = var.enable_dns_support - enable_network_address_usage_metrics = var.enable_network_address_usage_metrics - - tags = merge( - { "Name" = var.name }, - var.tags, - var.vpc_tags, - ) -} - -resource "aws_vpc_ipv4_cidr_block_association" "this" { - count = local.create_vpc && length(var.secondary_cidr_blocks) > 0 ? length(var.secondary_cidr_blocks) : 0 - - # Do not turn this into `local.vpc_id` - vpc_id = aws_vpc.this[0].id - - cidr_block = element(var.secondary_cidr_blocks, count.index) -} - -################################################################################ -# DHCP Options Set -################################################################################ - -resource "aws_vpc_dhcp_options" "this" { - count = local.create_vpc && var.enable_dhcp_options ? 1 : 0 - - domain_name = var.dhcp_options_domain_name - domain_name_servers = var.dhcp_options_domain_name_servers - ntp_servers = var.dhcp_options_ntp_servers - netbios_name_servers = var.dhcp_options_netbios_name_servers - netbios_node_type = var.dhcp_options_netbios_node_type - - tags = merge( - { "Name" = var.name }, - var.tags, - var.dhcp_options_tags, - ) -} - -resource "aws_vpc_dhcp_options_association" "this" { - count = local.create_vpc && var.enable_dhcp_options ? 1 : 0 - - vpc_id = local.vpc_id - dhcp_options_id = aws_vpc_dhcp_options.this[0].id -} - -################################################################################ -# Publiс Subnets -################################################################################ - -locals { - create_public_subnets = local.create_vpc && local.len_public_subnets > 0 -} - -resource "aws_subnet" "public" { - count = local.create_public_subnets && (!var.one_nat_gateway_per_az || local.len_public_subnets >= length(var.azs)) ? local.len_public_subnets : 0 - - assign_ipv6_address_on_creation = var.enable_ipv6 && var.public_subnet_ipv6_native ? true : var.public_subnet_assign_ipv6_address_on_creation - availability_zone = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) > 0 ? element(var.azs, count.index) : null - availability_zone_id = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) == 0 ? element(var.azs, count.index) : null - cidr_block = var.public_subnet_ipv6_native ? null : element(concat(var.public_subnets, [""]), count.index) - enable_dns64 = var.enable_ipv6 && var.public_subnet_enable_dns64 - enable_resource_name_dns_aaaa_record_on_launch = var.enable_ipv6 && var.public_subnet_enable_resource_name_dns_aaaa_record_on_launch - enable_resource_name_dns_a_record_on_launch = !var.public_subnet_ipv6_native && var.public_subnet_enable_resource_name_dns_a_record_on_launch - ipv6_cidr_block = var.enable_ipv6 && length(var.public_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.public_subnet_ipv6_prefixes[count.index]) : null - ipv6_native = var.enable_ipv6 && var.public_subnet_ipv6_native - map_public_ip_on_launch = var.map_public_ip_on_launch - private_dns_hostname_type_on_launch = var.public_subnet_private_dns_hostname_type_on_launch - vpc_id = local.vpc_id - - tags = merge( - { - Name = try( - var.public_subnet_names[count.index], - format("${var.name}-${var.public_subnet_suffix}-%s", element(var.azs, count.index)) - ) - }, - var.tags, - var.public_subnet_tags, - lookup(var.public_subnet_tags_per_az, element(var.azs, count.index), {}) - ) -} - -resource "aws_route_table" "public" { - count = local.create_public_subnets ? 1 : 0 - - vpc_id = local.vpc_id - - tags = merge( - { "Name" = "${var.name}-${var.public_subnet_suffix}" }, - var.tags, - var.public_route_table_tags, - ) -} - -resource "aws_route_table_association" "public" { - count = local.create_public_subnets ? local.len_public_subnets : 0 - - subnet_id = element(aws_subnet.public[*].id, count.index) - route_table_id = aws_route_table.public[0].id -} - -resource "aws_route" "public_internet_gateway" { - count = local.create_public_subnets && var.create_igw ? 1 : 0 - - route_table_id = aws_route_table.public[0].id - destination_cidr_block = "0.0.0.0/0" - gateway_id = aws_internet_gateway.this[0].id - - timeouts { - create = "5m" - } -} - -resource "aws_route" "public_internet_gateway_ipv6" { - count = local.create_public_subnets && var.create_igw && var.enable_ipv6 ? 1 : 0 - - route_table_id = aws_route_table.public[0].id - destination_ipv6_cidr_block = "::/0" - gateway_id = aws_internet_gateway.this[0].id -} - -################################################################################ -# Public Network ACLs -################################################################################ - -resource "aws_network_acl" "public" { - count = local.create_public_subnets && var.public_dedicated_network_acl ? 1 : 0 - - vpc_id = local.vpc_id - subnet_ids = aws_subnet.public[*].id - - tags = merge( - { "Name" = "${var.name}-${var.public_subnet_suffix}" }, - var.tags, - var.public_acl_tags, - ) -} - -resource "aws_network_acl_rule" "public_inbound" { - count = local.create_public_subnets && var.public_dedicated_network_acl ? length(var.public_inbound_acl_rules) : 0 - - network_acl_id = aws_network_acl.public[0].id - - egress = false - rule_number = var.public_inbound_acl_rules[count.index]["rule_number"] - rule_action = var.public_inbound_acl_rules[count.index]["rule_action"] - from_port = lookup(var.public_inbound_acl_rules[count.index], "from_port", null) - to_port = lookup(var.public_inbound_acl_rules[count.index], "to_port", null) - icmp_code = lookup(var.public_inbound_acl_rules[count.index], "icmp_code", null) - icmp_type = lookup(var.public_inbound_acl_rules[count.index], "icmp_type", null) - protocol = var.public_inbound_acl_rules[count.index]["protocol"] - cidr_block = lookup(var.public_inbound_acl_rules[count.index], "cidr_block", null) - ipv6_cidr_block = lookup(var.public_inbound_acl_rules[count.index], "ipv6_cidr_block", null) -} - -resource "aws_network_acl_rule" "public_outbound" { - count = local.create_public_subnets && var.public_dedicated_network_acl ? length(var.public_outbound_acl_rules) : 0 - - network_acl_id = aws_network_acl.public[0].id - - egress = true - rule_number = var.public_outbound_acl_rules[count.index]["rule_number"] - rule_action = var.public_outbound_acl_rules[count.index]["rule_action"] - from_port = lookup(var.public_outbound_acl_rules[count.index], "from_port", null) - to_port = lookup(var.public_outbound_acl_rules[count.index], "to_port", null) - icmp_code = lookup(var.public_outbound_acl_rules[count.index], "icmp_code", null) - icmp_type = lookup(var.public_outbound_acl_rules[count.index], "icmp_type", null) - protocol = var.public_outbound_acl_rules[count.index]["protocol"] - cidr_block = lookup(var.public_outbound_acl_rules[count.index], "cidr_block", null) - ipv6_cidr_block = lookup(var.public_outbound_acl_rules[count.index], "ipv6_cidr_block", null) -} - -################################################################################ -# Private Subnets -################################################################################ - -locals { - create_private_subnets = local.create_vpc && local.len_private_subnets > 0 -} - -resource "aws_subnet" "private" { - count = local.create_private_subnets ? local.len_private_subnets : 0 - - assign_ipv6_address_on_creation = var.enable_ipv6 && var.private_subnet_ipv6_native ? true : var.private_subnet_assign_ipv6_address_on_creation - availability_zone = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) > 0 ? element(var.azs, count.index) : null - availability_zone_id = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) == 0 ? element(var.azs, count.index) : null - cidr_block = var.private_subnet_ipv6_native ? null : element(concat(var.private_subnets, [""]), count.index) - enable_dns64 = var.enable_ipv6 && var.private_subnet_enable_dns64 - enable_resource_name_dns_aaaa_record_on_launch = var.enable_ipv6 && var.private_subnet_enable_resource_name_dns_aaaa_record_on_launch - enable_resource_name_dns_a_record_on_launch = !var.private_subnet_ipv6_native && var.private_subnet_enable_resource_name_dns_a_record_on_launch - ipv6_cidr_block = var.enable_ipv6 && length(var.private_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.private_subnet_ipv6_prefixes[count.index]) : null - ipv6_native = var.enable_ipv6 && var.private_subnet_ipv6_native - private_dns_hostname_type_on_launch = var.private_subnet_private_dns_hostname_type_on_launch - vpc_id = local.vpc_id - - tags = merge( - { - Name = try( - var.private_subnet_names[count.index], - format("${var.name}-${var.private_subnet_suffix}-%s", element(var.azs, count.index)) - ) - }, - var.tags, - var.private_subnet_tags, - lookup(var.private_subnet_tags_per_az, element(var.azs, count.index), {}) - ) -} - -# There are as many routing tables as the number of NAT gateways -resource "aws_route_table" "private" { - count = local.create_private_subnets && local.max_subnet_length > 0 ? local.nat_gateway_count : 0 - - vpc_id = local.vpc_id - - tags = merge( - { - "Name" = var.single_nat_gateway ? "${var.name}-${var.private_subnet_suffix}" : format( - "${var.name}-${var.private_subnet_suffix}-%s", - element(var.azs, count.index), - ) - }, - var.tags, - var.private_route_table_tags, - ) -} - -resource "aws_route_table_association" "private" { - count = local.create_private_subnets ? local.len_private_subnets : 0 - - subnet_id = element(aws_subnet.private[*].id, count.index) - route_table_id = element( - aws_route_table.private[*].id, - var.single_nat_gateway ? 0 : count.index, - ) -} - -################################################################################ -# Private Network ACLs -################################################################################ - -locals { - create_private_network_acl = local.create_private_subnets && var.private_dedicated_network_acl -} - -resource "aws_network_acl" "private" { - count = local.create_private_network_acl ? 1 : 0 - - vpc_id = local.vpc_id - subnet_ids = aws_subnet.private[*].id - - tags = merge( - { "Name" = "${var.name}-${var.private_subnet_suffix}" }, - var.tags, - var.private_acl_tags, - ) -} - -resource "aws_network_acl_rule" "private_inbound" { - count = local.create_private_network_acl ? length(var.private_inbound_acl_rules) : 0 - - network_acl_id = aws_network_acl.private[0].id - - egress = false - rule_number = var.private_inbound_acl_rules[count.index]["rule_number"] - rule_action = var.private_inbound_acl_rules[count.index]["rule_action"] - from_port = lookup(var.private_inbound_acl_rules[count.index], "from_port", null) - to_port = lookup(var.private_inbound_acl_rules[count.index], "to_port", null) - icmp_code = lookup(var.private_inbound_acl_rules[count.index], "icmp_code", null) - icmp_type = lookup(var.private_inbound_acl_rules[count.index], "icmp_type", null) - protocol = var.private_inbound_acl_rules[count.index]["protocol"] - cidr_block = lookup(var.private_inbound_acl_rules[count.index], "cidr_block", null) - ipv6_cidr_block = lookup(var.private_inbound_acl_rules[count.index], "ipv6_cidr_block", null) -} - -resource "aws_network_acl_rule" "private_outbound" { - count = local.create_private_network_acl ? length(var.private_outbound_acl_rules) : 0 - - network_acl_id = aws_network_acl.private[0].id - - egress = true - rule_number = var.private_outbound_acl_rules[count.index]["rule_number"] - rule_action = var.private_outbound_acl_rules[count.index]["rule_action"] - from_port = lookup(var.private_outbound_acl_rules[count.index], "from_port", null) - to_port = lookup(var.private_outbound_acl_rules[count.index], "to_port", null) - icmp_code = lookup(var.private_outbound_acl_rules[count.index], "icmp_code", null) - icmp_type = lookup(var.private_outbound_acl_rules[count.index], "icmp_type", null) - protocol = var.private_outbound_acl_rules[count.index]["protocol"] - cidr_block = lookup(var.private_outbound_acl_rules[count.index], "cidr_block", null) - ipv6_cidr_block = lookup(var.private_outbound_acl_rules[count.index], "ipv6_cidr_block", null) -} - -################################################################################ -# Database Subnets -################################################################################ - -locals { - create_database_subnets = local.create_vpc && local.len_database_subnets > 0 - create_database_route_table = local.create_database_subnets && var.create_database_subnet_route_table -} - -resource "aws_subnet" "database" { - count = local.create_database_subnets ? local.len_database_subnets : 0 - - assign_ipv6_address_on_creation = var.enable_ipv6 && var.database_subnet_ipv6_native ? true : var.database_subnet_assign_ipv6_address_on_creation - availability_zone = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) > 0 ? element(var.azs, count.index) : null - availability_zone_id = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) == 0 ? element(var.azs, count.index) : null - cidr_block = var.database_subnet_ipv6_native ? null : element(concat(var.database_subnets, [""]), count.index) - enable_dns64 = var.enable_ipv6 && var.database_subnet_enable_dns64 - enable_resource_name_dns_aaaa_record_on_launch = var.enable_ipv6 && var.database_subnet_enable_resource_name_dns_aaaa_record_on_launch - enable_resource_name_dns_a_record_on_launch = !var.database_subnet_ipv6_native && var.database_subnet_enable_resource_name_dns_a_record_on_launch - ipv6_cidr_block = var.enable_ipv6 && length(var.database_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.database_subnet_ipv6_prefixes[count.index]) : null - ipv6_native = var.enable_ipv6 && var.database_subnet_ipv6_native - private_dns_hostname_type_on_launch = var.database_subnet_private_dns_hostname_type_on_launch - vpc_id = local.vpc_id - - tags = merge( - { - Name = try( - var.database_subnet_names[count.index], - format("${var.name}-${var.database_subnet_suffix}-%s", element(var.azs, count.index), ) - ) - }, - var.tags, - var.database_subnet_tags, - ) -} - -resource "aws_db_subnet_group" "database" { - count = local.create_database_subnets && var.create_database_subnet_group ? 1 : 0 - - name = lower(coalesce(var.database_subnet_group_name, var.name)) - description = "Database subnet group for ${var.name}" - subnet_ids = aws_subnet.database[*].id - - tags = merge( - { - "Name" = lower(coalesce(var.database_subnet_group_name, var.name)) - }, - var.tags, - var.database_subnet_group_tags, - ) -} - -resource "aws_route_table" "database" { - count = local.create_database_route_table ? var.single_nat_gateway || var.create_database_internet_gateway_route ? 1 : local.len_database_subnets : 0 - - vpc_id = local.vpc_id - - tags = merge( - { - "Name" = var.single_nat_gateway || var.create_database_internet_gateway_route ? "${var.name}-${var.database_subnet_suffix}" : format( - "${var.name}-${var.database_subnet_suffix}-%s", - element(var.azs, count.index), - ) - }, - var.tags, - var.database_route_table_tags, - ) -} - -resource "aws_route_table_association" "database" { - count = local.create_database_subnets ? local.len_database_subnets : 0 - - subnet_id = element(aws_subnet.database[*].id, count.index) - route_table_id = element( - coalescelist(aws_route_table.database[*].id, aws_route_table.private[*].id), - var.create_database_subnet_route_table ? var.single_nat_gateway || var.create_database_internet_gateway_route ? 0 : count.index : count.index, - ) -} - -resource "aws_route" "database_internet_gateway" { - count = local.create_database_route_table && var.create_igw && var.create_database_internet_gateway_route && !var.create_database_nat_gateway_route ? 1 : 0 - - route_table_id = aws_route_table.database[0].id - destination_cidr_block = "0.0.0.0/0" - gateway_id = aws_internet_gateway.this[0].id - - timeouts { - create = "5m" - } -} - -resource "aws_route" "database_nat_gateway" { - count = local.create_database_route_table && !var.create_database_internet_gateway_route && var.create_database_nat_gateway_route && var.enable_nat_gateway ? var.single_nat_gateway ? 1 : local.len_database_subnets : 0 - - route_table_id = element(aws_route_table.database[*].id, count.index) - destination_cidr_block = "0.0.0.0/0" - nat_gateway_id = element(aws_nat_gateway.this[*].id, count.index) - - timeouts { - create = "5m" - } -} - -resource "aws_route" "database_dns64_nat_gateway" { - count = local.create_database_route_table && !var.create_database_internet_gateway_route && var.create_database_nat_gateway_route && var.enable_nat_gateway && var.enable_ipv6 && var.private_subnet_enable_dns64 ? var.single_nat_gateway ? 1 : local.len_database_subnets : 0 - - route_table_id = element(aws_route_table.database[*].id, count.index) - destination_ipv6_cidr_block = "64:ff9b::/96" - nat_gateway_id = element(aws_nat_gateway.this[*].id, count.index) - - timeouts { - create = "5m" - } -} - -resource "aws_route" "database_ipv6_egress" { - count = local.create_database_route_table && var.create_egress_only_igw && var.enable_ipv6 && var.create_database_internet_gateway_route ? 1 : 0 - - route_table_id = aws_route_table.database[0].id - destination_ipv6_cidr_block = "::/0" - egress_only_gateway_id = aws_egress_only_internet_gateway.this[0].id - - timeouts { - create = "5m" - } -} - -################################################################################ -# Database Network ACLs -################################################################################ - -locals { - create_database_network_acl = local.create_database_subnets && var.database_dedicated_network_acl -} - -resource "aws_network_acl" "database" { - count = local.create_database_network_acl ? 1 : 0 - - vpc_id = local.vpc_id - subnet_ids = aws_subnet.database[*].id - - tags = merge( - { "Name" = "${var.name}-${var.database_subnet_suffix}" }, - var.tags, - var.database_acl_tags, - ) -} - -resource "aws_network_acl_rule" "database_inbound" { - count = local.create_database_network_acl ? length(var.database_inbound_acl_rules) : 0 - - network_acl_id = aws_network_acl.database[0].id - - egress = false - rule_number = var.database_inbound_acl_rules[count.index]["rule_number"] - rule_action = var.database_inbound_acl_rules[count.index]["rule_action"] - from_port = lookup(var.database_inbound_acl_rules[count.index], "from_port", null) - to_port = lookup(var.database_inbound_acl_rules[count.index], "to_port", null) - icmp_code = lookup(var.database_inbound_acl_rules[count.index], "icmp_code", null) - icmp_type = lookup(var.database_inbound_acl_rules[count.index], "icmp_type", null) - protocol = var.database_inbound_acl_rules[count.index]["protocol"] - cidr_block = lookup(var.database_inbound_acl_rules[count.index], "cidr_block", null) - ipv6_cidr_block = lookup(var.database_inbound_acl_rules[count.index], "ipv6_cidr_block", null) -} - -resource "aws_network_acl_rule" "database_outbound" { - count = local.create_database_network_acl ? length(var.database_outbound_acl_rules) : 0 - - network_acl_id = aws_network_acl.database[0].id - - egress = true - rule_number = var.database_outbound_acl_rules[count.index]["rule_number"] - rule_action = var.database_outbound_acl_rules[count.index]["rule_action"] - from_port = lookup(var.database_outbound_acl_rules[count.index], "from_port", null) - to_port = lookup(var.database_outbound_acl_rules[count.index], "to_port", null) - icmp_code = lookup(var.database_outbound_acl_rules[count.index], "icmp_code", null) - icmp_type = lookup(var.database_outbound_acl_rules[count.index], "icmp_type", null) - protocol = var.database_outbound_acl_rules[count.index]["protocol"] - cidr_block = lookup(var.database_outbound_acl_rules[count.index], "cidr_block", null) - ipv6_cidr_block = lookup(var.database_outbound_acl_rules[count.index], "ipv6_cidr_block", null) -} - -################################################################################ -# Redshift Subnets -################################################################################ - -locals { - create_redshift_subnets = local.create_vpc && local.len_redshift_subnets > 0 - create_redshift_route_table = local.create_redshift_subnets && var.create_redshift_subnet_route_table -} - -resource "aws_subnet" "redshift" { - count = local.create_redshift_subnets ? local.len_redshift_subnets : 0 - - assign_ipv6_address_on_creation = var.enable_ipv6 && var.redshift_subnet_ipv6_native ? true : var.redshift_subnet_assign_ipv6_address_on_creation - availability_zone = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) > 0 ? element(var.azs, count.index) : null - availability_zone_id = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) == 0 ? element(var.azs, count.index) : null - cidr_block = var.redshift_subnet_ipv6_native ? null : element(concat(var.redshift_subnets, [""]), count.index) - enable_dns64 = var.enable_ipv6 && var.redshift_subnet_enable_dns64 - enable_resource_name_dns_aaaa_record_on_launch = var.enable_ipv6 && var.redshift_subnet_enable_resource_name_dns_aaaa_record_on_launch - enable_resource_name_dns_a_record_on_launch = !var.redshift_subnet_ipv6_native && var.redshift_subnet_enable_resource_name_dns_a_record_on_launch - ipv6_cidr_block = var.enable_ipv6 && length(var.redshift_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.redshift_subnet_ipv6_prefixes[count.index]) : null - ipv6_native = var.enable_ipv6 && var.redshift_subnet_ipv6_native - private_dns_hostname_type_on_launch = var.redshift_subnet_private_dns_hostname_type_on_launch - vpc_id = local.vpc_id - - tags = merge( - { - Name = try( - var.redshift_subnet_names[count.index], - format("${var.name}-${var.redshift_subnet_suffix}-%s", element(var.azs, count.index)) - ) - }, - var.tags, - var.redshift_subnet_tags, - ) -} - -resource "aws_redshift_subnet_group" "redshift" { - count = local.create_redshift_subnets && var.create_redshift_subnet_group ? 1 : 0 - - name = lower(coalesce(var.redshift_subnet_group_name, var.name)) - description = "Redshift subnet group for ${var.name}" - subnet_ids = aws_subnet.redshift[*].id - - tags = merge( - { "Name" = coalesce(var.redshift_subnet_group_name, var.name) }, - var.tags, - var.redshift_subnet_group_tags, - ) -} - -resource "aws_route_table" "redshift" { - count = local.create_redshift_route_table ? 1 : 0 - - vpc_id = local.vpc_id - - tags = merge( - { "Name" = "${var.name}-${var.redshift_subnet_suffix}" }, - var.tags, - var.redshift_route_table_tags, - ) -} - -resource "aws_route_table_association" "redshift" { - count = local.create_redshift_subnets && !var.enable_public_redshift ? local.len_redshift_subnets : 0 - - subnet_id = element(aws_subnet.redshift[*].id, count.index) - route_table_id = element( - coalescelist(aws_route_table.redshift[*].id, aws_route_table.private[*].id), - var.single_nat_gateway || var.create_redshift_subnet_route_table ? 0 : count.index, - ) -} - -resource "aws_route_table_association" "redshift_public" { - count = local.create_redshift_subnets && var.enable_public_redshift ? local.len_redshift_subnets : 0 - - subnet_id = element(aws_subnet.redshift[*].id, count.index) - route_table_id = element( - coalescelist(aws_route_table.redshift[*].id, aws_route_table.public[*].id), - var.single_nat_gateway || var.create_redshift_subnet_route_table ? 0 : count.index, - ) -} - -################################################################################ -# Redshift Network ACLs -################################################################################ - -locals { - create_redshift_network_acl = local.create_redshift_subnets && var.redshift_dedicated_network_acl -} - -resource "aws_network_acl" "redshift" { - count = local.create_redshift_network_acl ? 1 : 0 - - vpc_id = local.vpc_id - subnet_ids = aws_subnet.redshift[*].id - - tags = merge( - { "Name" = "${var.name}-${var.redshift_subnet_suffix}" }, - var.tags, - var.redshift_acl_tags, - ) -} - -resource "aws_network_acl_rule" "redshift_inbound" { - count = local.create_redshift_network_acl ? length(var.redshift_inbound_acl_rules) : 0 - - network_acl_id = aws_network_acl.redshift[0].id - - egress = false - rule_number = var.redshift_inbound_acl_rules[count.index]["rule_number"] - rule_action = var.redshift_inbound_acl_rules[count.index]["rule_action"] - from_port = lookup(var.redshift_inbound_acl_rules[count.index], "from_port", null) - to_port = lookup(var.redshift_inbound_acl_rules[count.index], "to_port", null) - icmp_code = lookup(var.redshift_inbound_acl_rules[count.index], "icmp_code", null) - icmp_type = lookup(var.redshift_inbound_acl_rules[count.index], "icmp_type", null) - protocol = var.redshift_inbound_acl_rules[count.index]["protocol"] - cidr_block = lookup(var.redshift_inbound_acl_rules[count.index], "cidr_block", null) - ipv6_cidr_block = lookup(var.redshift_inbound_acl_rules[count.index], "ipv6_cidr_block", null) -} - -resource "aws_network_acl_rule" "redshift_outbound" { - count = local.create_redshift_network_acl ? length(var.redshift_outbound_acl_rules) : 0 - - network_acl_id = aws_network_acl.redshift[0].id - - egress = true - rule_number = var.redshift_outbound_acl_rules[count.index]["rule_number"] - rule_action = var.redshift_outbound_acl_rules[count.index]["rule_action"] - from_port = lookup(var.redshift_outbound_acl_rules[count.index], "from_port", null) - to_port = lookup(var.redshift_outbound_acl_rules[count.index], "to_port", null) - icmp_code = lookup(var.redshift_outbound_acl_rules[count.index], "icmp_code", null) - icmp_type = lookup(var.redshift_outbound_acl_rules[count.index], "icmp_type", null) - protocol = var.redshift_outbound_acl_rules[count.index]["protocol"] - cidr_block = lookup(var.redshift_outbound_acl_rules[count.index], "cidr_block", null) - ipv6_cidr_block = lookup(var.redshift_outbound_acl_rules[count.index], "ipv6_cidr_block", null) -} - -################################################################################ -# Elasticache Subnets -################################################################################ - -locals { - create_elasticache_subnets = local.create_vpc && local.len_elasticache_subnets > 0 - create_elasticache_route_table = local.create_elasticache_subnets && var.create_elasticache_subnet_route_table -} - -resource "aws_subnet" "elasticache" { - count = local.create_elasticache_subnets ? local.len_elasticache_subnets : 0 - - assign_ipv6_address_on_creation = var.enable_ipv6 && var.elasticache_subnet_ipv6_native ? true : var.elasticache_subnet_assign_ipv6_address_on_creation - availability_zone = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) > 0 ? element(var.azs, count.index) : null - availability_zone_id = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) == 0 ? element(var.azs, count.index) : null - cidr_block = var.elasticache_subnet_ipv6_native ? null : element(concat(var.elasticache_subnets, [""]), count.index) - enable_dns64 = var.enable_ipv6 && var.elasticache_subnet_enable_dns64 - enable_resource_name_dns_aaaa_record_on_launch = var.enable_ipv6 && var.elasticache_subnet_enable_resource_name_dns_aaaa_record_on_launch - enable_resource_name_dns_a_record_on_launch = !var.elasticache_subnet_ipv6_native && var.elasticache_subnet_enable_resource_name_dns_a_record_on_launch - ipv6_cidr_block = var.enable_ipv6 && length(var.elasticache_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.elasticache_subnet_ipv6_prefixes[count.index]) : null - ipv6_native = var.enable_ipv6 && var.elasticache_subnet_ipv6_native - private_dns_hostname_type_on_launch = var.elasticache_subnet_private_dns_hostname_type_on_launch - vpc_id = local.vpc_id - - tags = merge( - { - Name = try( - var.elasticache_subnet_names[count.index], - format("${var.name}-${var.elasticache_subnet_suffix}-%s", element(var.azs, count.index)) - ) - }, - var.tags, - var.elasticache_subnet_tags, - ) -} - -resource "aws_elasticache_subnet_group" "elasticache" { - count = local.create_elasticache_subnets && var.create_elasticache_subnet_group ? 1 : 0 - - name = coalesce(var.elasticache_subnet_group_name, var.name) - description = "ElastiCache subnet group for ${var.name}" - subnet_ids = aws_subnet.elasticache[*].id - - tags = merge( - { "Name" = coalesce(var.elasticache_subnet_group_name, var.name) }, - var.tags, - var.elasticache_subnet_group_tags, - ) -} - -resource "aws_route_table" "elasticache" { - count = local.create_elasticache_route_table ? 1 : 0 - - vpc_id = local.vpc_id - - tags = merge( - { "Name" = "${var.name}-${var.elasticache_subnet_suffix}" }, - var.tags, - var.elasticache_route_table_tags, - ) -} - -resource "aws_route_table_association" "elasticache" { - count = local.create_elasticache_subnets ? local.len_elasticache_subnets : 0 - - subnet_id = element(aws_subnet.elasticache[*].id, count.index) - route_table_id = element( - coalescelist( - aws_route_table.elasticache[*].id, - aws_route_table.private[*].id, - ), - var.single_nat_gateway || var.create_elasticache_subnet_route_table ? 0 : count.index, - ) -} - -################################################################################ -# Elasticache Network ACLs -################################################################################ - -locals { - create_elasticache_network_acl = local.create_elasticache_subnets && var.elasticache_dedicated_network_acl -} - -resource "aws_network_acl" "elasticache" { - count = local.create_elasticache_network_acl ? 1 : 0 - - vpc_id = local.vpc_id - subnet_ids = aws_subnet.elasticache[*].id - - tags = merge( - { "Name" = "${var.name}-${var.elasticache_subnet_suffix}" }, - var.tags, - var.elasticache_acl_tags, - ) -} - -resource "aws_network_acl_rule" "elasticache_inbound" { - count = local.create_elasticache_network_acl ? length(var.elasticache_inbound_acl_rules) : 0 - - network_acl_id = aws_network_acl.elasticache[0].id - - egress = false - rule_number = var.elasticache_inbound_acl_rules[count.index]["rule_number"] - rule_action = var.elasticache_inbound_acl_rules[count.index]["rule_action"] - from_port = lookup(var.elasticache_inbound_acl_rules[count.index], "from_port", null) - to_port = lookup(var.elasticache_inbound_acl_rules[count.index], "to_port", null) - icmp_code = lookup(var.elasticache_inbound_acl_rules[count.index], "icmp_code", null) - icmp_type = lookup(var.elasticache_inbound_acl_rules[count.index], "icmp_type", null) - protocol = var.elasticache_inbound_acl_rules[count.index]["protocol"] - cidr_block = lookup(var.elasticache_inbound_acl_rules[count.index], "cidr_block", null) - ipv6_cidr_block = lookup(var.elasticache_inbound_acl_rules[count.index], "ipv6_cidr_block", null) -} - -resource "aws_network_acl_rule" "elasticache_outbound" { - count = local.create_elasticache_network_acl ? length(var.elasticache_outbound_acl_rules) : 0 - - network_acl_id = aws_network_acl.elasticache[0].id - - egress = true - rule_number = var.elasticache_outbound_acl_rules[count.index]["rule_number"] - rule_action = var.elasticache_outbound_acl_rules[count.index]["rule_action"] - from_port = lookup(var.elasticache_outbound_acl_rules[count.index], "from_port", null) - to_port = lookup(var.elasticache_outbound_acl_rules[count.index], "to_port", null) - icmp_code = lookup(var.elasticache_outbound_acl_rules[count.index], "icmp_code", null) - icmp_type = lookup(var.elasticache_outbound_acl_rules[count.index], "icmp_type", null) - protocol = var.elasticache_outbound_acl_rules[count.index]["protocol"] - cidr_block = lookup(var.elasticache_outbound_acl_rules[count.index], "cidr_block", null) - ipv6_cidr_block = lookup(var.elasticache_outbound_acl_rules[count.index], "ipv6_cidr_block", null) -} - -################################################################################ -# Intra Subnets -################################################################################ - -locals { - create_intra_subnets = local.create_vpc && local.len_intra_subnets > 0 -} - -resource "aws_subnet" "intra" { - count = local.create_intra_subnets ? local.len_intra_subnets : 0 - - assign_ipv6_address_on_creation = var.enable_ipv6 && var.intra_subnet_ipv6_native ? true : var.intra_subnet_assign_ipv6_address_on_creation - availability_zone = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) > 0 ? element(var.azs, count.index) : null - availability_zone_id = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) == 0 ? element(var.azs, count.index) : null - cidr_block = var.intra_subnet_ipv6_native ? null : element(concat(var.intra_subnets, [""]), count.index) - enable_dns64 = var.enable_ipv6 && var.intra_subnet_enable_dns64 - enable_resource_name_dns_aaaa_record_on_launch = var.enable_ipv6 && var.intra_subnet_enable_resource_name_dns_aaaa_record_on_launch - enable_resource_name_dns_a_record_on_launch = !var.intra_subnet_ipv6_native && var.intra_subnet_enable_resource_name_dns_a_record_on_launch - ipv6_cidr_block = var.enable_ipv6 && length(var.intra_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.intra_subnet_ipv6_prefixes[count.index]) : null - ipv6_native = var.enable_ipv6 && var.intra_subnet_ipv6_native - private_dns_hostname_type_on_launch = var.intra_subnet_private_dns_hostname_type_on_launch - vpc_id = local.vpc_id - - tags = merge( - { - Name = try( - var.intra_subnet_names[count.index], - format("${var.name}-${var.intra_subnet_suffix}-%s", element(var.azs, count.index)) - ) - }, - var.tags, - var.intra_subnet_tags, - ) -} - -resource "aws_route_table" "intra" { - count = local.create_intra_subnets ? 1 : 0 - - vpc_id = local.vpc_id - - tags = merge( - { "Name" = "${var.name}-${var.intra_subnet_suffix}" }, - var.tags, - var.intra_route_table_tags, - ) -} - -resource "aws_route_table_association" "intra" { - count = local.create_intra_subnets ? local.len_intra_subnets : 0 - - subnet_id = element(aws_subnet.intra[*].id, count.index) - route_table_id = element(aws_route_table.intra[*].id, 0) -} - -################################################################################ -# Intra Network ACLs -################################################################################ - -locals { - create_intra_network_acl = local.create_intra_subnets && var.intra_dedicated_network_acl -} - -resource "aws_network_acl" "intra" { - count = local.create_intra_network_acl ? 1 : 0 - - vpc_id = local.vpc_id - subnet_ids = aws_subnet.intra[*].id - - tags = merge( - { "Name" = "${var.name}-${var.intra_subnet_suffix}" }, - var.tags, - var.intra_acl_tags, - ) -} - -resource "aws_network_acl_rule" "intra_inbound" { - count = local.create_intra_network_acl ? length(var.intra_inbound_acl_rules) : 0 - - network_acl_id = aws_network_acl.intra[0].id - - egress = false - rule_number = var.intra_inbound_acl_rules[count.index]["rule_number"] - rule_action = var.intra_inbound_acl_rules[count.index]["rule_action"] - from_port = lookup(var.intra_inbound_acl_rules[count.index], "from_port", null) - to_port = lookup(var.intra_inbound_acl_rules[count.index], "to_port", null) - icmp_code = lookup(var.intra_inbound_acl_rules[count.index], "icmp_code", null) - icmp_type = lookup(var.intra_inbound_acl_rules[count.index], "icmp_type", null) - protocol = var.intra_inbound_acl_rules[count.index]["protocol"] - cidr_block = lookup(var.intra_inbound_acl_rules[count.index], "cidr_block", null) - ipv6_cidr_block = lookup(var.intra_inbound_acl_rules[count.index], "ipv6_cidr_block", null) -} - -resource "aws_network_acl_rule" "intra_outbound" { - count = local.create_intra_network_acl ? length(var.intra_outbound_acl_rules) : 0 - - network_acl_id = aws_network_acl.intra[0].id - - egress = true - rule_number = var.intra_outbound_acl_rules[count.index]["rule_number"] - rule_action = var.intra_outbound_acl_rules[count.index]["rule_action"] - from_port = lookup(var.intra_outbound_acl_rules[count.index], "from_port", null) - to_port = lookup(var.intra_outbound_acl_rules[count.index], "to_port", null) - icmp_code = lookup(var.intra_outbound_acl_rules[count.index], "icmp_code", null) - icmp_type = lookup(var.intra_outbound_acl_rules[count.index], "icmp_type", null) - protocol = var.intra_outbound_acl_rules[count.index]["protocol"] - cidr_block = lookup(var.intra_outbound_acl_rules[count.index], "cidr_block", null) - ipv6_cidr_block = lookup(var.intra_outbound_acl_rules[count.index], "ipv6_cidr_block", null) -} - -################################################################################ -# Outpost Subnets -################################################################################ - -locals { - create_outpost_subnets = local.create_vpc && local.len_outpost_subnets > 0 -} - -resource "aws_subnet" "outpost" { - count = local.create_outpost_subnets ? local.len_outpost_subnets : 0 - - assign_ipv6_address_on_creation = var.enable_ipv6 && var.outpost_subnet_ipv6_native ? true : var.outpost_subnet_assign_ipv6_address_on_creation - availability_zone = var.outpost_az - cidr_block = var.outpost_subnet_ipv6_native ? null : element(concat(var.outpost_subnets, [""]), count.index) - customer_owned_ipv4_pool = var.customer_owned_ipv4_pool - enable_dns64 = var.enable_ipv6 && var.outpost_subnet_enable_dns64 - enable_resource_name_dns_aaaa_record_on_launch = var.enable_ipv6 && var.outpost_subnet_enable_resource_name_dns_aaaa_record_on_launch - enable_resource_name_dns_a_record_on_launch = !var.outpost_subnet_ipv6_native && var.outpost_subnet_enable_resource_name_dns_a_record_on_launch - ipv6_cidr_block = var.enable_ipv6 && length(var.outpost_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.outpost_subnet_ipv6_prefixes[count.index]) : null - ipv6_native = var.enable_ipv6 && var.outpost_subnet_ipv6_native - map_customer_owned_ip_on_launch = var.map_customer_owned_ip_on_launch - outpost_arn = var.outpost_arn - private_dns_hostname_type_on_launch = var.outpost_subnet_private_dns_hostname_type_on_launch - vpc_id = local.vpc_id - - tags = merge( - { - Name = try( - var.outpost_subnet_names[count.index], - format("${var.name}-${var.outpost_subnet_suffix}-%s", var.outpost_az) - ) - }, - var.tags, - var.outpost_subnet_tags, - ) -} - -resource "aws_route_table_association" "outpost" { - count = local.create_outpost_subnets ? local.len_outpost_subnets : 0 - - subnet_id = element(aws_subnet.outpost[*].id, count.index) - route_table_id = element( - aws_route_table.private[*].id, - var.single_nat_gateway ? 0 : count.index, - ) -} - -################################################################################ -# Outpost Network ACLs -################################################################################ - -locals { - create_outpost_network_acl = local.create_outpost_subnets && var.outpost_dedicated_network_acl -} - -resource "aws_network_acl" "outpost" { - count = local.create_outpost_network_acl ? 1 : 0 - - vpc_id = local.vpc_id - subnet_ids = aws_subnet.outpost[*].id - - tags = merge( - { "Name" = "${var.name}-${var.outpost_subnet_suffix}" }, - var.tags, - var.outpost_acl_tags, - ) -} - -resource "aws_network_acl_rule" "outpost_inbound" { - count = local.create_outpost_network_acl ? length(var.outpost_inbound_acl_rules) : 0 - - network_acl_id = aws_network_acl.outpost[0].id - - egress = false - rule_number = var.outpost_inbound_acl_rules[count.index]["rule_number"] - rule_action = var.outpost_inbound_acl_rules[count.index]["rule_action"] - from_port = lookup(var.outpost_inbound_acl_rules[count.index], "from_port", null) - to_port = lookup(var.outpost_inbound_acl_rules[count.index], "to_port", null) - icmp_code = lookup(var.outpost_inbound_acl_rules[count.index], "icmp_code", null) - icmp_type = lookup(var.outpost_inbound_acl_rules[count.index], "icmp_type", null) - protocol = var.outpost_inbound_acl_rules[count.index]["protocol"] - cidr_block = lookup(var.outpost_inbound_acl_rules[count.index], "cidr_block", null) - ipv6_cidr_block = lookup(var.outpost_inbound_acl_rules[count.index], "ipv6_cidr_block", null) -} - -resource "aws_network_acl_rule" "outpost_outbound" { - count = local.create_outpost_network_acl ? length(var.outpost_outbound_acl_rules) : 0 - - network_acl_id = aws_network_acl.outpost[0].id - - egress = true - rule_number = var.outpost_outbound_acl_rules[count.index]["rule_number"] - rule_action = var.outpost_outbound_acl_rules[count.index]["rule_action"] - from_port = lookup(var.outpost_outbound_acl_rules[count.index], "from_port", null) - to_port = lookup(var.outpost_outbound_acl_rules[count.index], "to_port", null) - icmp_code = lookup(var.outpost_outbound_acl_rules[count.index], "icmp_code", null) - icmp_type = lookup(var.outpost_outbound_acl_rules[count.index], "icmp_type", null) - protocol = var.outpost_outbound_acl_rules[count.index]["protocol"] - cidr_block = lookup(var.outpost_outbound_acl_rules[count.index], "cidr_block", null) - ipv6_cidr_block = lookup(var.outpost_outbound_acl_rules[count.index], "ipv6_cidr_block", null) -} - -################################################################################ -# Internet Gateway -################################################################################ - -resource "aws_internet_gateway" "this" { - count = local.create_public_subnets && var.create_igw ? 1 : 0 - - vpc_id = local.vpc_id - - tags = merge( - { "Name" = var.name }, - var.tags, - var.igw_tags, - ) -} - -resource "aws_egress_only_internet_gateway" "this" { - count = local.create_vpc && var.create_egress_only_igw && var.enable_ipv6 && local.max_subnet_length > 0 ? 1 : 0 - - vpc_id = local.vpc_id - - tags = merge( - { "Name" = var.name }, - var.tags, - var.igw_tags, - ) -} - -resource "aws_route" "private_ipv6_egress" { - count = local.create_vpc && var.create_egress_only_igw && var.enable_ipv6 ? local.len_private_subnets : 0 - - route_table_id = element(aws_route_table.private[*].id, count.index) - destination_ipv6_cidr_block = "::/0" - egress_only_gateway_id = element(aws_egress_only_internet_gateway.this[*].id, 0) -} - -################################################################################ -# NAT Gateway -################################################################################ - -locals { - nat_gateway_count = var.single_nat_gateway ? 1 : var.one_nat_gateway_per_az ? length(var.azs) : local.max_subnet_length - nat_gateway_ips = var.reuse_nat_ips ? var.external_nat_ip_ids : try(aws_eip.nat[*].id, []) -} - -resource "aws_eip" "nat" { - count = local.create_vpc && var.enable_nat_gateway && !var.reuse_nat_ips ? local.nat_gateway_count : 0 - - domain = "vpc" - - tags = merge( - { - "Name" = format( - "${var.name}-%s", - element(var.azs, var.single_nat_gateway ? 0 : count.index), - ) - }, - var.tags, - var.nat_eip_tags, - ) - - depends_on = [aws_internet_gateway.this] -} - -resource "aws_nat_gateway" "this" { - count = local.create_vpc && var.enable_nat_gateway ? local.nat_gateway_count : 0 - - allocation_id = element( - local.nat_gateway_ips, - var.single_nat_gateway ? 0 : count.index, - ) - subnet_id = element( - aws_subnet.public[*].id, - var.single_nat_gateway ? 0 : count.index, - ) - - tags = merge( - { - "Name" = format( - "${var.name}-%s", - element(var.azs, var.single_nat_gateway ? 0 : count.index), - ) - }, - var.tags, - var.nat_gateway_tags, - ) - - depends_on = [aws_internet_gateway.this] -} - -resource "aws_route" "private_nat_gateway" { - count = local.create_vpc && var.enable_nat_gateway ? local.nat_gateway_count : 0 - - route_table_id = element(aws_route_table.private[*].id, count.index) - destination_cidr_block = var.nat_gateway_destination_cidr_block - nat_gateway_id = element(aws_nat_gateway.this[*].id, count.index) - - timeouts { - create = "5m" - } -} - -resource "aws_route" "private_dns64_nat_gateway" { - count = local.create_vpc && var.enable_nat_gateway && var.enable_ipv6 && var.private_subnet_enable_dns64 ? local.nat_gateway_count : 0 - - route_table_id = element(aws_route_table.private[*].id, count.index) - destination_ipv6_cidr_block = "64:ff9b::/96" - nat_gateway_id = element(aws_nat_gateway.this[*].id, count.index) - - timeouts { - create = "5m" - } -} - -################################################################################ -# Customer Gateways -################################################################################ - -resource "aws_customer_gateway" "this" { - for_each = var.customer_gateways - - bgp_asn = each.value["bgp_asn"] - ip_address = each.value["ip_address"] - device_name = lookup(each.value, "device_name", null) - type = "ipsec.1" - - tags = merge( - { Name = "${var.name}-${each.key}" }, - var.tags, - var.customer_gateway_tags, - ) -} - -################################################################################ -# VPN Gateway -################################################################################ - -resource "aws_vpn_gateway" "this" { - count = local.create_vpc && var.enable_vpn_gateway ? 1 : 0 - - vpc_id = local.vpc_id - amazon_side_asn = var.amazon_side_asn - availability_zone = var.vpn_gateway_az - - tags = merge( - { "Name" = var.name }, - var.tags, - var.vpn_gateway_tags, - ) -} - -resource "aws_vpn_gateway_attachment" "this" { - count = var.vpn_gateway_id != "" ? 1 : 0 - - vpc_id = local.vpc_id - vpn_gateway_id = var.vpn_gateway_id -} - -resource "aws_vpn_gateway_route_propagation" "public" { - count = local.create_vpc && var.propagate_public_route_tables_vgw && (var.enable_vpn_gateway || var.vpn_gateway_id != "") ? 1 : 0 - - route_table_id = element(aws_route_table.public[*].id, count.index) - vpn_gateway_id = element( - concat( - aws_vpn_gateway.this[*].id, - aws_vpn_gateway_attachment.this[*].vpn_gateway_id, - ), - count.index, - ) -} - -resource "aws_vpn_gateway_route_propagation" "private" { - count = local.create_vpc && var.propagate_private_route_tables_vgw && (var.enable_vpn_gateway || var.vpn_gateway_id != "") ? local.len_private_subnets : 0 - - route_table_id = element(aws_route_table.private[*].id, count.index) - vpn_gateway_id = element( - concat( - aws_vpn_gateway.this[*].id, - aws_vpn_gateway_attachment.this[*].vpn_gateway_id, - ), - count.index, - ) -} - -resource "aws_vpn_gateway_route_propagation" "intra" { - count = local.create_vpc && var.propagate_intra_route_tables_vgw && (var.enable_vpn_gateway || var.vpn_gateway_id != "") ? local.len_intra_subnets : 0 - - route_table_id = element(aws_route_table.intra[*].id, count.index) - vpn_gateway_id = element( - concat( - aws_vpn_gateway.this[*].id, - aws_vpn_gateway_attachment.this[*].vpn_gateway_id, - ), - count.index, - ) -} - -################################################################################ -# Default VPC -################################################################################ - -resource "aws_default_vpc" "this" { - count = var.manage_default_vpc ? 1 : 0 - - enable_dns_support = var.default_vpc_enable_dns_support - enable_dns_hostnames = var.default_vpc_enable_dns_hostnames - - tags = merge( - { "Name" = coalesce(var.default_vpc_name, "default") }, - var.tags, - var.default_vpc_tags, - ) -} - -resource "aws_default_security_group" "this" { - count = local.create_vpc && var.manage_default_security_group ? 1 : 0 - - vpc_id = aws_vpc.this[0].id - - dynamic "ingress" { - for_each = var.default_security_group_ingress - content { - self = lookup(ingress.value, "self", null) - cidr_blocks = compact(split(",", lookup(ingress.value, "cidr_blocks", ""))) - ipv6_cidr_blocks = compact(split(",", lookup(ingress.value, "ipv6_cidr_blocks", ""))) - prefix_list_ids = compact(split(",", lookup(ingress.value, "prefix_list_ids", ""))) - security_groups = compact(split(",", lookup(ingress.value, "security_groups", ""))) - description = lookup(ingress.value, "description", null) - from_port = lookup(ingress.value, "from_port", 0) - to_port = lookup(ingress.value, "to_port", 0) - protocol = lookup(ingress.value, "protocol", "-1") - } - } - - dynamic "egress" { - for_each = var.default_security_group_egress - content { - self = lookup(egress.value, "self", null) - cidr_blocks = compact(split(",", lookup(egress.value, "cidr_blocks", ""))) - ipv6_cidr_blocks = compact(split(",", lookup(egress.value, "ipv6_cidr_blocks", ""))) - prefix_list_ids = compact(split(",", lookup(egress.value, "prefix_list_ids", ""))) - security_groups = compact(split(",", lookup(egress.value, "security_groups", ""))) - description = lookup(egress.value, "description", null) - from_port = lookup(egress.value, "from_port", 0) - to_port = lookup(egress.value, "to_port", 0) - protocol = lookup(egress.value, "protocol", "-1") - } - } - - tags = merge( - { "Name" = coalesce(var.default_security_group_name, "${var.name}-default") }, - var.tags, - var.default_security_group_tags, - ) -} - -################################################################################ -# Default Network ACLs -################################################################################ - -resource "aws_default_network_acl" "this" { - count = local.create_vpc && var.manage_default_network_acl ? 1 : 0 - - default_network_acl_id = aws_vpc.this[0].default_network_acl_id - - # subnet_ids is using lifecycle ignore_changes, so it is not necessary to list - # any explicitly. See https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/736 - subnet_ids = null - - dynamic "ingress" { - for_each = var.default_network_acl_ingress - content { - action = ingress.value.action - cidr_block = lookup(ingress.value, "cidr_block", null) - from_port = ingress.value.from_port - icmp_code = lookup(ingress.value, "icmp_code", null) - icmp_type = lookup(ingress.value, "icmp_type", null) - ipv6_cidr_block = lookup(ingress.value, "ipv6_cidr_block", null) - protocol = ingress.value.protocol - rule_no = ingress.value.rule_no - to_port = ingress.value.to_port - } - } - dynamic "egress" { - for_each = var.default_network_acl_egress - content { - action = egress.value.action - cidr_block = lookup(egress.value, "cidr_block", null) - from_port = egress.value.from_port - icmp_code = lookup(egress.value, "icmp_code", null) - icmp_type = lookup(egress.value, "icmp_type", null) - ipv6_cidr_block = lookup(egress.value, "ipv6_cidr_block", null) - protocol = egress.value.protocol - rule_no = egress.value.rule_no - to_port = egress.value.to_port - } - } - - tags = merge( - { "Name" = coalesce(var.default_network_acl_name, "${var.name}-default") }, - var.tags, - var.default_network_acl_tags, - ) - - lifecycle { - ignore_changes = [subnet_ids] - } -} - -################################################################################ -# Default Route -################################################################################ - -resource "aws_default_route_table" "default" { - count = local.create_vpc && var.manage_default_route_table ? 1 : 0 - - default_route_table_id = aws_vpc.this[0].default_route_table_id - propagating_vgws = var.default_route_table_propagating_vgws - - dynamic "route" { - for_each = var.default_route_table_routes - content { - # One of the following destinations must be provided - cidr_block = route.value.cidr_block - ipv6_cidr_block = lookup(route.value, "ipv6_cidr_block", null) - - # One of the following targets must be provided - egress_only_gateway_id = lookup(route.value, "egress_only_gateway_id", null) - gateway_id = lookup(route.value, "gateway_id", null) - instance_id = lookup(route.value, "instance_id", null) - nat_gateway_id = lookup(route.value, "nat_gateway_id", null) - network_interface_id = lookup(route.value, "network_interface_id", null) - transit_gateway_id = lookup(route.value, "transit_gateway_id", null) - vpc_endpoint_id = lookup(route.value, "vpc_endpoint_id", null) - vpc_peering_connection_id = lookup(route.value, "vpc_peering_connection_id", null) - } - } - - timeouts { - create = "5m" - update = "5m" - } - - tags = merge( - { "Name" = coalesce(var.default_route_table_name, "${var.name}-default") }, - var.tags, - var.default_route_table_tags, - ) -} diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/modules/vpc-endpoints/README.md b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/modules/vpc-endpoints/README.md deleted file mode 100644 index a59292ae..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/modules/vpc-endpoints/README.md +++ /dev/null @@ -1,105 +0,0 @@ -# AWS VPC Endpoints Terraform sub-module - -Terraform sub-module which creates VPC endpoint resources on AWS. - -## Usage - -See [`examples`](../../examples) directory for working examples to reference: - -```hcl -module "endpoints" { - source = "terraform-aws-modules/vpc/aws//modules/vpc-endpoints" - - vpc_id = "vpc-12345678" - security_group_ids = ["sg-12345678"] - - endpoints = { - s3 = { - # interface endpoint - service = "s3" - tags = { Name = "s3-vpc-endpoint" } - }, - dynamodb = { - # gateway endpoint - service = "dynamodb" - route_table_ids = ["rt-12322456", "rt-43433343", "rt-11223344"] - tags = { Name = "dynamodb-vpc-endpoint" } - }, - sns = { - service = "sns" - subnet_ids = ["subnet-12345678", "subnet-87654321"] - tags = { Name = "sns-vpc-endpoint" } - }, - sqs = { - service = "sqs" - private_dns_enabled = true - security_group_ids = ["sg-987654321"] - subnet_ids = ["subnet-12345678", "subnet-87654321"] - tags = { Name = "sqs-vpc-endpoint" } - }, - } - - tags = { - Owner = "user" - Environment = "dev" - } -} -``` - -## Examples - -- [Complete-VPC](../../examples/complete) with VPC Endpoints. - - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.0 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | >= 5.0 | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [aws_security_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | -| [aws_security_group_rule.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource | -| [aws_vpc_endpoint.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_endpoint) | resource | -| [aws_vpc_endpoint_service.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc_endpoint_service) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [create](#input\_create) | Determines whether resources will be created | `bool` | `true` | no | -| [create\_security\_group](#input\_create\_security\_group) | Determines if a security group is created | `bool` | `false` | no | -| [endpoints](#input\_endpoints) | A map of interface and/or gateway endpoints containing their properties and configurations | `any` | `{}` | no | -| [security\_group\_description](#input\_security\_group\_description) | Description of the security group created | `string` | `null` | no | -| [security\_group\_ids](#input\_security\_group\_ids) | Default security group IDs to associate with the VPC endpoints | `list(string)` | `[]` | no | -| [security\_group\_name](#input\_security\_group\_name) | Name to use on security group created. Conflicts with `security_group_name_prefix` | `string` | `null` | no | -| [security\_group\_name\_prefix](#input\_security\_group\_name\_prefix) | Name prefix to use on security group created. Conflicts with `security_group_name` | `string` | `null` | no | -| [security\_group\_rules](#input\_security\_group\_rules) | Security group rules to add to the security group created | `any` | `{}` | no | -| [security\_group\_tags](#input\_security\_group\_tags) | A map of additional tags to add to the security group created | `map(string)` | `{}` | no | -| [subnet\_ids](#input\_subnet\_ids) | Default subnets IDs to associate with the VPC endpoints | `list(string)` | `[]` | no | -| [tags](#input\_tags) | A map of tags to use on all resources | `map(string)` | `{}` | no | -| [timeouts](#input\_timeouts) | Define maximum timeout for creating, updating, and deleting VPC endpoint resources | `map(string)` | `{}` | no | -| [vpc\_id](#input\_vpc\_id) | The ID of the VPC in which the endpoint will be used | `string` | `null` | no | - -## Outputs - -| Name | Description | -|------|-------------| -| [endpoints](#output\_endpoints) | Array containing the full resource object and attributes for all endpoints created | -| [security\_group\_arn](#output\_security\_group\_arn) | Amazon Resource Name (ARN) of the security group | -| [security\_group\_id](#output\_security\_group\_id) | ID of the security group | - diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/modules/vpc-endpoints/main.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/modules/vpc-endpoints/main.tf deleted file mode 100644 index 8c4b09c3..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/modules/vpc-endpoints/main.tf +++ /dev/null @@ -1,86 +0,0 @@ -################################################################################ -# Endpoint(s) -################################################################################ - -locals { - endpoints = { for k, v in var.endpoints : k => v if var.create && try(v.create, true) } - - security_group_ids = var.create && var.create_security_group ? concat(var.security_group_ids, [aws_security_group.this[0].id]) : var.security_group_ids -} - -data "aws_vpc_endpoint_service" "this" { - for_each = local.endpoints - - service = try(each.value.service, null) - service_name = try(each.value.service_name, null) - - filter { - name = "service-type" - values = [try(each.value.service_type, "Interface")] - } -} - -resource "aws_vpc_endpoint" "this" { - for_each = local.endpoints - - vpc_id = var.vpc_id - service_name = data.aws_vpc_endpoint_service.this[each.key].service_name - vpc_endpoint_type = try(each.value.service_type, "Interface") - auto_accept = try(each.value.auto_accept, null) - - security_group_ids = try(each.value.service_type, "Interface") == "Interface" ? length(distinct(concat(local.security_group_ids, lookup(each.value, "security_group_ids", [])))) > 0 ? distinct(concat(local.security_group_ids, lookup(each.value, "security_group_ids", []))) : null : null - subnet_ids = try(each.value.service_type, "Interface") == "Interface" ? distinct(concat(var.subnet_ids, lookup(each.value, "subnet_ids", []))) : null - route_table_ids = try(each.value.service_type, "Interface") == "Gateway" ? lookup(each.value, "route_table_ids", null) : null - policy = try(each.value.policy, null) - private_dns_enabled = try(each.value.service_type, "Interface") == "Interface" ? try(each.value.private_dns_enabled, null) : null - - tags = merge(var.tags, try(each.value.tags, {})) - - timeouts { - create = try(var.timeouts.create, "10m") - update = try(var.timeouts.update, "10m") - delete = try(var.timeouts.delete, "10m") - } -} - -################################################################################ -# Security Group -################################################################################ - -resource "aws_security_group" "this" { - count = var.create && var.create_security_group ? 1 : 0 - - name = var.security_group_name - name_prefix = var.security_group_name_prefix - description = var.security_group_description - vpc_id = var.vpc_id - - tags = merge( - var.tags, - var.security_group_tags, - { "Name" = try(coalesce(var.security_group_name, var.security_group_name_prefix), "") }, - ) - - lifecycle { - create_before_destroy = true - } -} - -resource "aws_security_group_rule" "this" { - for_each = { for k, v in var.security_group_rules : k => v if var.create && var.create_security_group } - - # Required - security_group_id = aws_security_group.this[0].id - protocol = try(each.value.protocol, "tcp") - from_port = try(each.value.from_port, 443) - to_port = try(each.value.to_port, 443) - type = try(each.value.type, "ingress") - - # Optional - description = try(each.value.description, null) - cidr_blocks = lookup(each.value, "cidr_blocks", null) - ipv6_cidr_blocks = lookup(each.value, "ipv6_cidr_blocks", null) - prefix_list_ids = lookup(each.value, "prefix_list_ids", null) - self = try(each.value.self, null) - source_security_group_id = lookup(each.value, "source_security_group_id", null) -} diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/modules/vpc-endpoints/outputs.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/modules/vpc-endpoints/outputs.tf deleted file mode 100644 index a9df78d0..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/modules/vpc-endpoints/outputs.tf +++ /dev/null @@ -1,18 +0,0 @@ -output "endpoints" { - description = "Array containing the full resource object and attributes for all endpoints created" - value = aws_vpc_endpoint.this -} - -################################################################################ -# Security Group -################################################################################ - -output "security_group_arn" { - description = "Amazon Resource Name (ARN) of the security group" - value = try(aws_security_group.this[0].arn, null) -} - -output "security_group_id" { - description = "ID of the security group" - value = try(aws_security_group.this[0].id, null) -} diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/modules/vpc-endpoints/variables.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/modules/vpc-endpoints/variables.tf deleted file mode 100644 index 30a747ab..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/modules/vpc-endpoints/variables.tf +++ /dev/null @@ -1,81 +0,0 @@ -variable "create" { - description = "Determines whether resources will be created" - type = bool - default = true -} - -variable "vpc_id" { - description = "The ID of the VPC in which the endpoint will be used" - type = string - default = null -} - -variable "endpoints" { - description = "A map of interface and/or gateway endpoints containing their properties and configurations" - type = any - default = {} -} - -variable "security_group_ids" { - description = "Default security group IDs to associate with the VPC endpoints" - type = list(string) - default = [] -} - -variable "subnet_ids" { - description = "Default subnets IDs to associate with the VPC endpoints" - type = list(string) - default = [] -} - -variable "tags" { - description = "A map of tags to use on all resources" - type = map(string) - default = {} -} - -variable "timeouts" { - description = "Define maximum timeout for creating, updating, and deleting VPC endpoint resources" - type = map(string) - default = {} -} - -################################################################################ -# Security Group -################################################################################ - -variable "create_security_group" { - description = "Determines if a security group is created" - type = bool - default = false -} - -variable "security_group_name" { - description = "Name to use on security group created. Conflicts with `security_group_name_prefix`" - type = string - default = null -} - -variable "security_group_name_prefix" { - description = "Name prefix to use on security group created. Conflicts with `security_group_name`" - type = string - default = null -} - -variable "security_group_description" { - description = "Description of the security group created" - type = string - default = null -} - -variable "security_group_rules" { - description = "Security group rules to add to the security group created" - type = any - default = {} -} - -variable "security_group_tags" { - description = "A map of additional tags to add to the security group created" - type = map(string) - default = {} -} diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/modules/vpc-endpoints/versions.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/modules/vpc-endpoints/versions.tf deleted file mode 100644 index ddfcb0e0..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/modules/vpc-endpoints/versions.tf +++ /dev/null @@ -1,10 +0,0 @@ -terraform { - required_version = ">= 1.0" - - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 5.0" - } - } -} diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/outputs.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/outputs.tf deleted file mode 100644 index d4e3e407..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/outputs.tf +++ /dev/null @@ -1,619 +0,0 @@ -locals { - redshift_route_table_ids = aws_route_table.redshift[*].id - public_route_table_ids = aws_route_table.public[*].id - private_route_table_ids = aws_route_table.private[*].id -} - -################################################################################ -# VPC -################################################################################ - -output "vpc_id" { - description = "The ID of the VPC" - value = try(aws_vpc.this[0].id, null) -} - -output "vpc_arn" { - description = "The ARN of the VPC" - value = try(aws_vpc.this[0].arn, null) -} - -output "vpc_cidr_block" { - description = "The CIDR block of the VPC" - value = try(aws_vpc.this[0].cidr_block, null) -} - -output "default_security_group_id" { - description = "The ID of the security group created by default on VPC creation" - value = try(aws_vpc.this[0].default_security_group_id, null) -} - -output "default_network_acl_id" { - description = "The ID of the default network ACL" - value = try(aws_vpc.this[0].default_network_acl_id, null) -} - -output "default_route_table_id" { - description = "The ID of the default route table" - value = try(aws_vpc.this[0].default_route_table_id, null) -} - -output "vpc_instance_tenancy" { - description = "Tenancy of instances spin up within VPC" - value = try(aws_vpc.this[0].instance_tenancy, null) -} - -output "vpc_enable_dns_support" { - description = "Whether or not the VPC has DNS support" - value = try(aws_vpc.this[0].enable_dns_support, null) -} - -output "vpc_enable_dns_hostnames" { - description = "Whether or not the VPC has DNS hostname support" - value = try(aws_vpc.this[0].enable_dns_hostnames, null) -} - -output "vpc_main_route_table_id" { - description = "The ID of the main route table associated with this VPC" - value = try(aws_vpc.this[0].main_route_table_id, null) -} - -output "vpc_ipv6_association_id" { - description = "The association ID for the IPv6 CIDR block" - value = try(aws_vpc.this[0].ipv6_association_id, null) -} - -output "vpc_ipv6_cidr_block" { - description = "The IPv6 CIDR block" - value = try(aws_vpc.this[0].ipv6_cidr_block, null) -} - -output "vpc_secondary_cidr_blocks" { - description = "List of secondary CIDR blocks of the VPC" - value = compact(aws_vpc_ipv4_cidr_block_association.this[*].cidr_block) -} - -output "vpc_owner_id" { - description = "The ID of the AWS account that owns the VPC" - value = try(aws_vpc.this[0].owner_id, null) -} - -################################################################################ -# DHCP Options Set -################################################################################ - -output "dhcp_options_id" { - description = "The ID of the DHCP options" - value = try(aws_vpc_dhcp_options.this[0].id, null) -} - -################################################################################ -# Internet Gateway -################################################################################ - -output "igw_id" { - description = "The ID of the Internet Gateway" - value = try(aws_internet_gateway.this[0].id, null) -} - -output "igw_arn" { - description = "The ARN of the Internet Gateway" - value = try(aws_internet_gateway.this[0].arn, null) -} - -################################################################################ -# Publiс Subnets -################################################################################ - -output "public_subnets" { - description = "List of IDs of public subnets" - value = aws_subnet.public[*].id -} - -output "public_subnet_arns" { - description = "List of ARNs of public subnets" - value = aws_subnet.public[*].arn -} - -output "public_subnets_cidr_blocks" { - description = "List of cidr_blocks of public subnets" - value = compact(aws_subnet.public[*].cidr_block) -} - -output "public_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of public subnets in an IPv6 enabled VPC" - value = compact(aws_subnet.public[*].ipv6_cidr_block) -} - -output "public_route_table_ids" { - description = "List of IDs of public route tables" - value = local.public_route_table_ids -} - -output "public_internet_gateway_route_id" { - description = "ID of the internet gateway route" - value = try(aws_route.public_internet_gateway[0].id, null) -} - -output "public_internet_gateway_ipv6_route_id" { - description = "ID of the IPv6 internet gateway route" - value = try(aws_route.public_internet_gateway_ipv6[0].id, null) -} - -output "public_route_table_association_ids" { - description = "List of IDs of the public route table association" - value = aws_route_table_association.public[*].id -} - -output "public_network_acl_id" { - description = "ID of the public network ACL" - value = try(aws_network_acl.public[0].id, null) -} - -output "public_network_acl_arn" { - description = "ARN of the public network ACL" - value = try(aws_network_acl.public[0].arn, null) -} - -################################################################################ -# Private Subnets -################################################################################ - -output "private_subnets" { - description = "List of IDs of private subnets" - value = aws_subnet.private[*].id -} - -output "private_subnet_arns" { - description = "List of ARNs of private subnets" - value = aws_subnet.private[*].arn -} - -output "private_subnets_cidr_blocks" { - description = "List of cidr_blocks of private subnets" - value = compact(aws_subnet.private[*].cidr_block) -} - -output "private_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of private subnets in an IPv6 enabled VPC" - value = compact(aws_subnet.private[*].ipv6_cidr_block) -} - -output "private_route_table_ids" { - description = "List of IDs of private route tables" - value = local.private_route_table_ids -} - -output "private_nat_gateway_route_ids" { - description = "List of IDs of the private nat gateway route" - value = aws_route.private_nat_gateway[*].id -} - -output "private_ipv6_egress_route_ids" { - description = "List of IDs of the ipv6 egress route" - value = aws_route.private_ipv6_egress[*].id -} - -output "private_route_table_association_ids" { - description = "List of IDs of the private route table association" - value = aws_route_table_association.private[*].id -} - -output "private_network_acl_id" { - description = "ID of the private network ACL" - value = try(aws_network_acl.private[0].id, null) -} - -output "private_network_acl_arn" { - description = "ARN of the private network ACL" - value = try(aws_network_acl.private[0].arn, null) -} - -################################################################################ -# Outpost Subnets -################################################################################ - -output "outpost_subnets" { - description = "List of IDs of outpost subnets" - value = aws_subnet.outpost[*].id -} - -output "outpost_subnet_arns" { - description = "List of ARNs of outpost subnets" - value = aws_subnet.outpost[*].arn -} - -output "outpost_subnets_cidr_blocks" { - description = "List of cidr_blocks of outpost subnets" - value = compact(aws_subnet.outpost[*].cidr_block) -} - -output "outpost_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of outpost subnets in an IPv6 enabled VPC" - value = compact(aws_subnet.outpost[*].ipv6_cidr_block) -} - -output "outpost_network_acl_id" { - description = "ID of the outpost network ACL" - value = try(aws_network_acl.outpost[0].id, null) -} - -output "outpost_network_acl_arn" { - description = "ARN of the outpost network ACL" - value = try(aws_network_acl.outpost[0].arn, null) -} - -################################################################################ -# Database Subnets -################################################################################ - -output "database_subnets" { - description = "List of IDs of database subnets" - value = aws_subnet.database[*].id -} - -output "database_subnet_arns" { - description = "List of ARNs of database subnets" - value = aws_subnet.database[*].arn -} - -output "database_subnets_cidr_blocks" { - description = "List of cidr_blocks of database subnets" - value = compact(aws_subnet.database[*].cidr_block) -} - -output "database_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of database subnets in an IPv6 enabled VPC" - value = compact(aws_subnet.database[*].ipv6_cidr_block) -} - -output "database_subnet_group" { - description = "ID of database subnet group" - value = try(aws_db_subnet_group.database[0].id, null) -} - -output "database_subnet_group_name" { - description = "Name of database subnet group" - value = try(aws_db_subnet_group.database[0].name, null) -} - -output "database_route_table_ids" { - description = "List of IDs of database route tables" - # Refer to https://github.com/terraform-aws-modules/terraform-aws-vpc/pull/926 before changing logic - value = length(aws_route_table.database[*].id) > 0 ? aws_route_table.database[*].id : aws_route_table.private[*].id -} - -output "database_internet_gateway_route_id" { - description = "ID of the database internet gateway route" - value = try(aws_route.database_internet_gateway[0].id, null) -} - -output "database_nat_gateway_route_ids" { - description = "List of IDs of the database nat gateway route" - value = aws_route.database_nat_gateway[*].id -} - -output "database_ipv6_egress_route_id" { - description = "ID of the database IPv6 egress route" - value = try(aws_route.database_ipv6_egress[0].id, null) -} - -output "database_route_table_association_ids" { - description = "List of IDs of the database route table association" - value = aws_route_table_association.database[*].id -} - -output "database_network_acl_id" { - description = "ID of the database network ACL" - value = try(aws_network_acl.database[0].id, null) -} - -output "database_network_acl_arn" { - description = "ARN of the database network ACL" - value = try(aws_network_acl.database[0].arn, null) -} - -################################################################################ -# Redshift Subnets -################################################################################ - -output "redshift_subnets" { - description = "List of IDs of redshift subnets" - value = aws_subnet.redshift[*].id -} - -output "redshift_subnet_arns" { - description = "List of ARNs of redshift subnets" - value = aws_subnet.redshift[*].arn -} - -output "redshift_subnets_cidr_blocks" { - description = "List of cidr_blocks of redshift subnets" - value = compact(aws_subnet.redshift[*].cidr_block) -} - -output "redshift_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of redshift subnets in an IPv6 enabled VPC" - value = compact(aws_subnet.redshift[*].ipv6_cidr_block) -} - -output "redshift_subnet_group" { - description = "ID of redshift subnet group" - value = try(aws_redshift_subnet_group.redshift[0].id, null) -} - -output "redshift_route_table_ids" { - description = "List of IDs of redshift route tables" - value = length(local.redshift_route_table_ids) > 0 ? local.redshift_route_table_ids : (var.enable_public_redshift ? local.public_route_table_ids : local.private_route_table_ids) -} - -output "redshift_route_table_association_ids" { - description = "List of IDs of the redshift route table association" - value = aws_route_table_association.redshift[*].id -} - -output "redshift_public_route_table_association_ids" { - description = "List of IDs of the public redshift route table association" - value = aws_route_table_association.redshift_public[*].id -} - -output "redshift_network_acl_id" { - description = "ID of the redshift network ACL" - value = try(aws_network_acl.redshift[0].id, null) -} - -output "redshift_network_acl_arn" { - description = "ARN of the redshift network ACL" - value = try(aws_network_acl.redshift[0].arn, null) -} - -################################################################################ -# Elasticache Subnets -################################################################################ - -output "elasticache_subnets" { - description = "List of IDs of elasticache subnets" - value = aws_subnet.elasticache[*].id -} - -output "elasticache_subnet_arns" { - description = "List of ARNs of elasticache subnets" - value = aws_subnet.elasticache[*].arn -} - -output "elasticache_subnets_cidr_blocks" { - description = "List of cidr_blocks of elasticache subnets" - value = compact(aws_subnet.elasticache[*].cidr_block) -} - -output "elasticache_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of elasticache subnets in an IPv6 enabled VPC" - value = compact(aws_subnet.elasticache[*].ipv6_cidr_block) -} - -output "elasticache_subnet_group" { - description = "ID of elasticache subnet group" - value = try(aws_elasticache_subnet_group.elasticache[0].id, null) -} - -output "elasticache_subnet_group_name" { - description = "Name of elasticache subnet group" - value = try(aws_elasticache_subnet_group.elasticache[0].name, null) -} - -output "elasticache_route_table_ids" { - description = "List of IDs of elasticache route tables" - value = try(coalescelist(aws_route_table.elasticache[*].id, local.private_route_table_ids), []) -} - -output "elasticache_route_table_association_ids" { - description = "List of IDs of the elasticache route table association" - value = aws_route_table_association.elasticache[*].id -} - -output "elasticache_network_acl_id" { - description = "ID of the elasticache network ACL" - value = try(aws_network_acl.elasticache[0].id, null) -} - -output "elasticache_network_acl_arn" { - description = "ARN of the elasticache network ACL" - value = try(aws_network_acl.elasticache[0].arn, null) -} - -################################################################################ -# Intra Subnets -################################################################################ - -output "intra_subnets" { - description = "List of IDs of intra subnets" - value = aws_subnet.intra[*].id -} - -output "intra_subnet_arns" { - description = "List of ARNs of intra subnets" - value = aws_subnet.intra[*].arn -} - -output "intra_subnets_cidr_blocks" { - description = "List of cidr_blocks of intra subnets" - value = compact(aws_subnet.intra[*].cidr_block) -} - -output "intra_subnets_ipv6_cidr_blocks" { - description = "List of IPv6 cidr_blocks of intra subnets in an IPv6 enabled VPC" - value = compact(aws_subnet.intra[*].ipv6_cidr_block) -} - -output "intra_route_table_ids" { - description = "List of IDs of intra route tables" - value = aws_route_table.intra[*].id -} - -output "intra_route_table_association_ids" { - description = "List of IDs of the intra route table association" - value = aws_route_table_association.intra[*].id -} - -output "intra_network_acl_id" { - description = "ID of the intra network ACL" - value = try(aws_network_acl.intra[0].id, null) -} - -output "intra_network_acl_arn" { - description = "ARN of the intra network ACL" - value = try(aws_network_acl.intra[0].arn, null) -} - -################################################################################ -# NAT Gateway -################################################################################ - -output "nat_ids" { - description = "List of allocation ID of Elastic IPs created for AWS NAT Gateway" - value = aws_eip.nat[*].id -} - -output "nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = var.reuse_nat_ips ? var.external_nat_ips : aws_eip.nat[*].public_ip -} - -output "natgw_ids" { - description = "List of NAT Gateway IDs" - value = aws_nat_gateway.this[*].id -} - -################################################################################ -# Egress Only Gateway -################################################################################ - -output "egress_only_internet_gateway_id" { - description = "The ID of the egress only Internet Gateway" - value = try(aws_egress_only_internet_gateway.this[0].id, null) -} - -################################################################################ -# Customer Gateway -################################################################################ - -output "cgw_ids" { - description = "List of IDs of Customer Gateway" - value = [for k, v in aws_customer_gateway.this : v.id] -} - -output "cgw_arns" { - description = "List of ARNs of Customer Gateway" - value = [for k, v in aws_customer_gateway.this : v.arn] -} - -output "this_customer_gateway" { - description = "Map of Customer Gateway attributes" - value = aws_customer_gateway.this -} - -################################################################################ -# VPN Gateway -################################################################################ - -output "vgw_id" { - description = "The ID of the VPN Gateway" - value = try(aws_vpn_gateway.this[0].id, aws_vpn_gateway_attachment.this[0].vpn_gateway_id, null) -} - -output "vgw_arn" { - description = "The ARN of the VPN Gateway" - value = try(aws_vpn_gateway.this[0].arn, null) -} - -################################################################################ -# Default VPC -################################################################################ - -output "default_vpc_id" { - description = "The ID of the Default VPC" - value = try(aws_default_vpc.this[0].id, null) -} - -output "default_vpc_arn" { - description = "The ARN of the Default VPC" - value = try(aws_default_vpc.this[0].arn, null) -} - -output "default_vpc_cidr_block" { - description = "The CIDR block of the Default VPC" - value = try(aws_default_vpc.this[0].cidr_block, null) -} - -output "default_vpc_default_security_group_id" { - description = "The ID of the security group created by default on Default VPC creation" - value = try(aws_default_vpc.this[0].default_security_group_id, null) -} - -output "default_vpc_default_network_acl_id" { - description = "The ID of the default network ACL of the Default VPC" - value = try(aws_default_vpc.this[0].default_network_acl_id, null) -} - -output "default_vpc_default_route_table_id" { - description = "The ID of the default route table of the Default VPC" - value = try(aws_default_vpc.this[0].default_route_table_id, null) -} - -output "default_vpc_instance_tenancy" { - description = "Tenancy of instances spin up within Default VPC" - value = try(aws_default_vpc.this[0].instance_tenancy, null) -} - -output "default_vpc_enable_dns_support" { - description = "Whether or not the Default VPC has DNS support" - value = try(aws_default_vpc.this[0].enable_dns_support, null) -} - -output "default_vpc_enable_dns_hostnames" { - description = "Whether or not the Default VPC has DNS hostname support" - value = try(aws_default_vpc.this[0].enable_dns_hostnames, null) -} - -output "default_vpc_main_route_table_id" { - description = "The ID of the main route table associated with the Default VPC" - value = try(aws_default_vpc.this[0].main_route_table_id, null) -} - -################################################################################ -# VPC Flow Log -################################################################################ - -output "vpc_flow_log_id" { - description = "The ID of the Flow Log resource" - value = try(aws_flow_log.this[0].id, null) -} - -output "vpc_flow_log_destination_arn" { - description = "The ARN of the destination for VPC Flow Logs" - value = local.flow_log_destination_arn -} - -output "vpc_flow_log_destination_type" { - description = "The type of the destination for VPC Flow Logs" - value = var.flow_log_destination_type -} - -output "vpc_flow_log_cloudwatch_iam_role_arn" { - description = "The ARN of the IAM role used when pushing logs to Cloudwatch log group" - value = local.flow_log_iam_role_arn -} - -################################################################################ -# Static values (arguments) -################################################################################ - -output "azs" { - description = "A list of availability zones specified as argument to this module" - value = var.azs -} - -output "name" { - description = "The name of the VPC specified as argument to this module" - value = var.name -} diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/variables.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/variables.tf deleted file mode 100644 index 8a20ba93..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/variables.tf +++ /dev/null @@ -1,1585 +0,0 @@ -################################################################################ -# VPC -################################################################################ - -variable "create_vpc" { - description = "Controls if VPC should be created (it affects almost all resources)" - type = bool - default = true -} - -variable "name" { - description = "Name to be used on all the resources as identifier" - type = string - default = "" -} - -variable "cidr" { - description = "(Optional) The IPv4 CIDR block for the VPC. CIDR can be explicitly set or it can be derived from IPAM using `ipv4_netmask_length` & `ipv4_ipam_pool_id`" - type = string - default = "10.0.0.0/16" -} - -variable "secondary_cidr_blocks" { - description = "List of secondary CIDR blocks to associate with the VPC to extend the IP Address pool" - type = list(string) - default = [] -} - -variable "instance_tenancy" { - description = "A tenancy option for instances launched into the VPC" - type = string - default = "default" -} - -variable "azs" { - description = "A list of availability zones names or ids in the region" - type = list(string) - default = [] -} - -variable "enable_dns_hostnames" { - description = "Should be true to enable DNS hostnames in the VPC" - type = bool - default = true -} - -variable "enable_dns_support" { - description = "Should be true to enable DNS support in the VPC" - type = bool - default = true -} - -variable "enable_network_address_usage_metrics" { - description = "Determines whether network address usage metrics are enabled for the VPC" - type = bool - default = null -} - -variable "use_ipam_pool" { - description = "Determines whether IPAM pool is used for CIDR allocation" - type = bool - default = false -} - -variable "ipv4_ipam_pool_id" { - description = "(Optional) The ID of an IPv4 IPAM pool you want to use for allocating this VPC's CIDR" - type = string - default = null -} - -variable "ipv4_netmask_length" { - description = "(Optional) The netmask length of the IPv4 CIDR you want to allocate to this VPC. Requires specifying a ipv4_ipam_pool_id" - type = number - default = null -} - -variable "enable_ipv6" { - description = "Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block" - type = bool - default = false -} - -variable "ipv6_cidr" { - description = "(Optional) IPv6 CIDR block to request from an IPAM Pool. Can be set explicitly or derived from IPAM using `ipv6_netmask_length`" - type = string - default = null -} - -variable "ipv6_ipam_pool_id" { - description = "(Optional) IPAM Pool ID for a IPv6 pool. Conflicts with `assign_generated_ipv6_cidr_block`" - type = string - default = null -} - -variable "ipv6_netmask_length" { - description = "(Optional) Netmask length to request from IPAM Pool. Conflicts with `ipv6_cidr_block`. This can be omitted if IPAM pool as a `allocation_default_netmask_length` set. Valid values: `56`" - type = number - default = null -} - -variable "ipv6_cidr_block_network_border_group" { - description = "By default when an IPv6 CIDR is assigned to a VPC a default ipv6_cidr_block_network_border_group will be set to the region of the VPC. This can be changed to restrict advertisement of public addresses to specific Network Border Groups such as LocalZones" - type = string - default = null -} - -variable "vpc_tags" { - description = "Additional tags for the VPC" - type = map(string) - default = {} -} - -variable "tags" { - description = "A map of tags to add to all resources" - type = map(string) - default = {} -} - -################################################################################ -# DHCP Options Set -################################################################################ - -variable "enable_dhcp_options" { - description = "Should be true if you want to specify a DHCP options set with a custom domain name, DNS servers, NTP servers, netbios servers, and/or netbios server type" - type = bool - default = false -} - -variable "dhcp_options_domain_name" { - description = "Specifies DNS name for DHCP options set (requires enable_dhcp_options set to true)" - type = string - default = "" -} - -variable "dhcp_options_domain_name_servers" { - description = "Specify a list of DNS server addresses for DHCP options set, default to AWS provided (requires enable_dhcp_options set to true)" - type = list(string) - default = ["AmazonProvidedDNS"] -} - -variable "dhcp_options_ntp_servers" { - description = "Specify a list of NTP servers for DHCP options set (requires enable_dhcp_options set to true)" - type = list(string) - default = [] -} - -variable "dhcp_options_netbios_name_servers" { - description = "Specify a list of netbios servers for DHCP options set (requires enable_dhcp_options set to true)" - type = list(string) - default = [] -} - -variable "dhcp_options_netbios_node_type" { - description = "Specify netbios node_type for DHCP options set (requires enable_dhcp_options set to true)" - type = string - default = "" -} - -variable "dhcp_options_tags" { - description = "Additional tags for the DHCP option set (requires enable_dhcp_options set to true)" - type = map(string) - default = {} -} - -################################################################################ -# Publiс Subnets -################################################################################ - -variable "public_subnets" { - description = "A list of public subnets inside the VPC" - type = list(string) - default = [] -} - -variable "public_subnet_assign_ipv6_address_on_creation" { - description = "Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is `false`" - type = bool - default = false -} - -variable "public_subnet_enable_dns64" { - description = "Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true`" - type = bool - default = true -} - -variable "public_subnet_enable_resource_name_dns_aaaa_record_on_launch" { - description = "Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true`" - type = bool - default = true -} - -variable "public_subnet_enable_resource_name_dns_a_record_on_launch" { - description = "Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false`" - type = bool - default = false -} - -variable "public_subnet_ipv6_prefixes" { - description = "Assigns IPv6 public subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list" - type = list(string) - default = [] -} - -variable "public_subnet_ipv6_native" { - description = "Indicates whether to create an IPv6-only subnet. Default: `false`" - type = bool - default = false -} - -variable "map_public_ip_on_launch" { - description = "Specify true to indicate that instances launched into the subnet should be assigned a public IP address. Default is `false`" - type = bool - default = false -} - -variable "public_subnet_private_dns_hostname_type_on_launch" { - description = "The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name`" - type = string - default = null -} - -variable "public_subnet_names" { - description = "Explicit values to use in the Name tag on public subnets. If empty, Name tags are generated" - type = list(string) - default = [] -} - -variable "public_subnet_suffix" { - description = "Suffix to append to public subnets name" - type = string - default = "public" -} - -variable "public_subnet_tags" { - description = "Additional tags for the public subnets" - type = map(string) - default = {} -} - -variable "public_subnet_tags_per_az" { - description = "Additional tags for the public subnets where the primary key is the AZ" - type = map(map(string)) - default = {} -} - -variable "public_route_table_tags" { - description = "Additional tags for the public route tables" - type = map(string) - default = {} -} - -################################################################################ -# Public Network ACLs -################################################################################ - -variable "public_dedicated_network_acl" { - description = "Whether to use dedicated network ACL (not default) and custom rules for public subnets" - type = bool - default = false -} - -variable "public_inbound_acl_rules" { - description = "Public subnets inbound network ACLs" - type = list(map(string)) - default = [ - { - rule_number = 100 - rule_action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_block = "0.0.0.0/0" - }, - ] -} - -variable "public_outbound_acl_rules" { - description = "Public subnets outbound network ACLs" - type = list(map(string)) - default = [ - { - rule_number = 100 - rule_action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_block = "0.0.0.0/0" - }, - ] -} - -variable "public_acl_tags" { - description = "Additional tags for the public subnets network ACL" - type = map(string) - default = {} -} - -################################################################################ -# Private Subnets -################################################################################ - -variable "private_subnets" { - description = "A list of private subnets inside the VPC" - type = list(string) - default = [] -} - -variable "private_subnet_assign_ipv6_address_on_creation" { - description = "Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is `false`" - type = bool - default = false -} - -variable "private_subnet_enable_dns64" { - description = "Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true`" - type = bool - default = true -} - -variable "private_subnet_enable_resource_name_dns_aaaa_record_on_launch" { - description = "Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true`" - type = bool - default = true -} - -variable "private_subnet_enable_resource_name_dns_a_record_on_launch" { - description = "Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false`" - type = bool - default = false -} - -variable "private_subnet_ipv6_prefixes" { - description = "Assigns IPv6 private subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list" - type = list(string) - default = [] -} - -variable "private_subnet_ipv6_native" { - description = "Indicates whether to create an IPv6-only subnet. Default: `false`" - type = bool - default = false -} - -variable "private_subnet_private_dns_hostname_type_on_launch" { - description = "The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name`" - type = string - default = null -} - -variable "private_subnet_names" { - description = "Explicit values to use in the Name tag on private subnets. If empty, Name tags are generated" - type = list(string) - default = [] -} - -variable "private_subnet_suffix" { - description = "Suffix to append to private subnets name" - type = string - default = "private" -} - -variable "private_subnet_tags" { - description = "Additional tags for the private subnets" - type = map(string) - default = {} -} - -variable "private_subnet_tags_per_az" { - description = "Additional tags for the private subnets where the primary key is the AZ" - type = map(map(string)) - default = {} -} - -variable "private_route_table_tags" { - description = "Additional tags for the private route tables" - type = map(string) - default = {} -} - -################################################################################ -# Private Network ACLs -################################################################################ - -variable "private_dedicated_network_acl" { - description = "Whether to use dedicated network ACL (not default) and custom rules for private subnets" - type = bool - default = false -} - -variable "private_inbound_acl_rules" { - description = "Private subnets inbound network ACLs" - type = list(map(string)) - default = [ - { - rule_number = 100 - rule_action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_block = "0.0.0.0/0" - }, - ] -} - -variable "private_outbound_acl_rules" { - description = "Private subnets outbound network ACLs" - type = list(map(string)) - default = [ - { - rule_number = 100 - rule_action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_block = "0.0.0.0/0" - }, - ] -} - -variable "private_acl_tags" { - description = "Additional tags for the private subnets network ACL" - type = map(string) - default = {} -} - -################################################################################ -# Database Subnets -################################################################################ - -variable "database_subnets" { - description = "A list of database subnets inside the VPC" - type = list(string) - default = [] -} - -variable "database_subnet_assign_ipv6_address_on_creation" { - description = "Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is `false`" - type = bool - default = false -} - -variable "database_subnet_enable_dns64" { - description = "Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true`" - type = bool - default = true -} - -variable "database_subnet_enable_resource_name_dns_aaaa_record_on_launch" { - description = "Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true`" - type = bool - default = true -} - -variable "database_subnet_enable_resource_name_dns_a_record_on_launch" { - description = "Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false`" - type = bool - default = false -} - -variable "database_subnet_ipv6_prefixes" { - description = "Assigns IPv6 database subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list" - type = list(string) - default = [] -} - -variable "database_subnet_ipv6_native" { - description = "Indicates whether to create an IPv6-only subnet. Default: `false`" - type = bool - default = false -} - -variable "database_subnet_private_dns_hostname_type_on_launch" { - description = "The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name`" - type = string - default = null -} - -variable "database_subnet_names" { - description = "Explicit values to use in the Name tag on database subnets. If empty, Name tags are generated" - type = list(string) - default = [] -} - -variable "database_subnet_suffix" { - description = "Suffix to append to database subnets name" - type = string - default = "db" -} - -variable "create_database_subnet_route_table" { - description = "Controls if separate route table for database should be created" - type = bool - default = false -} - -variable "create_database_internet_gateway_route" { - description = "Controls if an internet gateway route for public database access should be created" - type = bool - default = false -} - -variable "create_database_nat_gateway_route" { - description = "Controls if a nat gateway route should be created to give internet access to the database subnets" - type = bool - default = false -} - -variable "database_route_table_tags" { - description = "Additional tags for the database route tables" - type = map(string) - default = {} -} - -variable "database_subnet_tags" { - description = "Additional tags for the database subnets" - type = map(string) - default = {} -} - -variable "create_database_subnet_group" { - description = "Controls if database subnet group should be created (n.b. database_subnets must also be set)" - type = bool - default = true -} - -variable "database_subnet_group_name" { - description = "Name of database subnet group" - type = string - default = null -} - -variable "database_subnet_group_tags" { - description = "Additional tags for the database subnet group" - type = map(string) - default = {} -} - -################################################################################ -# Database Network ACLs -################################################################################ - -variable "database_dedicated_network_acl" { - description = "Whether to use dedicated network ACL (not default) and custom rules for database subnets" - type = bool - default = false -} - -variable "database_inbound_acl_rules" { - description = "Database subnets inbound network ACL rules" - type = list(map(string)) - default = [ - { - rule_number = 100 - rule_action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_block = "0.0.0.0/0" - }, - ] -} - -variable "database_outbound_acl_rules" { - description = "Database subnets outbound network ACL rules" - type = list(map(string)) - default = [ - { - rule_number = 100 - rule_action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_block = "0.0.0.0/0" - }, - ] -} - -variable "database_acl_tags" { - description = "Additional tags for the database subnets network ACL" - type = map(string) - default = {} -} - -################################################################################ -# Redshift Subnets -################################################################################ - -variable "redshift_subnets" { - description = "A list of redshift subnets inside the VPC" - type = list(string) - default = [] -} - -variable "redshift_subnet_assign_ipv6_address_on_creation" { - description = "Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is `false`" - type = bool - default = false -} - -variable "redshift_subnet_enable_dns64" { - description = "Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true`" - type = bool - default = true -} - -variable "redshift_subnet_enable_resource_name_dns_aaaa_record_on_launch" { - description = "Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true`" - type = bool - default = true -} - -variable "redshift_subnet_enable_resource_name_dns_a_record_on_launch" { - description = "Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false`" - type = bool - default = false -} - -variable "redshift_subnet_ipv6_prefixes" { - description = "Assigns IPv6 redshift subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list" - type = list(string) - default = [] -} - -variable "redshift_subnet_ipv6_native" { - description = "Indicates whether to create an IPv6-only subnet. Default: `false`" - type = bool - default = false -} - -variable "redshift_subnet_private_dns_hostname_type_on_launch" { - description = "The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name`" - type = string - default = null -} - -variable "redshift_subnet_names" { - description = "Explicit values to use in the Name tag on redshift subnets. If empty, Name tags are generated" - type = list(string) - default = [] -} - -variable "redshift_subnet_suffix" { - description = "Suffix to append to redshift subnets name" - type = string - default = "redshift" -} - -variable "enable_public_redshift" { - description = "Controls if redshift should have public routing table" - type = bool - default = false -} - -variable "create_redshift_subnet_route_table" { - description = "Controls if separate route table for redshift should be created" - type = bool - default = false -} - -variable "redshift_route_table_tags" { - description = "Additional tags for the redshift route tables" - type = map(string) - default = {} -} - -variable "redshift_subnet_tags" { - description = "Additional tags for the redshift subnets" - type = map(string) - default = {} -} - -variable "create_redshift_subnet_group" { - description = "Controls if redshift subnet group should be created" - type = bool - default = true -} - -variable "redshift_subnet_group_name" { - description = "Name of redshift subnet group" - type = string - default = null -} - -variable "redshift_subnet_group_tags" { - description = "Additional tags for the redshift subnet group" - type = map(string) - default = {} -} - -################################################################################ -# Redshift Network ACLs -################################################################################ - -variable "redshift_dedicated_network_acl" { - description = "Whether to use dedicated network ACL (not default) and custom rules for redshift subnets" - type = bool - default = false -} - -variable "redshift_inbound_acl_rules" { - description = "Redshift subnets inbound network ACL rules" - type = list(map(string)) - default = [ - { - rule_number = 100 - rule_action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_block = "0.0.0.0/0" - }, - ] -} - -variable "redshift_outbound_acl_rules" { - description = "Redshift subnets outbound network ACL rules" - type = list(map(string)) - default = [ - { - rule_number = 100 - rule_action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_block = "0.0.0.0/0" - }, - ] -} - -variable "redshift_acl_tags" { - description = "Additional tags for the redshift subnets network ACL" - type = map(string) - default = {} -} - -################################################################################ -# Elasticache Subnets -################################################################################ - -variable "elasticache_subnets" { - description = "A list of elasticache subnets inside the VPC" - type = list(string) - default = [] -} - -variable "elasticache_subnet_assign_ipv6_address_on_creation" { - description = "Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is `false`" - type = bool - default = false -} - -variable "elasticache_subnet_enable_dns64" { - description = "Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true`" - type = bool - default = true -} - -variable "elasticache_subnet_enable_resource_name_dns_aaaa_record_on_launch" { - description = "Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true`" - type = bool - default = true -} - -variable "elasticache_subnet_enable_resource_name_dns_a_record_on_launch" { - description = "Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false`" - type = bool - default = false -} - -variable "elasticache_subnet_ipv6_prefixes" { - description = "Assigns IPv6 elasticache subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list" - type = list(string) - default = [] -} - -variable "elasticache_subnet_ipv6_native" { - description = "Indicates whether to create an IPv6-only subnet. Default: `false`" - type = bool - default = false -} - -variable "elasticache_subnet_private_dns_hostname_type_on_launch" { - description = "The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name`" - type = string - default = null -} - -variable "elasticache_subnet_names" { - description = "Explicit values to use in the Name tag on elasticache subnets. If empty, Name tags are generated" - type = list(string) - default = [] -} - -variable "elasticache_subnet_suffix" { - description = "Suffix to append to elasticache subnets name" - type = string - default = "elasticache" -} - -variable "elasticache_subnet_tags" { - description = "Additional tags for the elasticache subnets" - type = map(string) - default = {} -} - -variable "create_elasticache_subnet_route_table" { - description = "Controls if separate route table for elasticache should be created" - type = bool - default = false -} - -variable "elasticache_route_table_tags" { - description = "Additional tags for the elasticache route tables" - type = map(string) - default = {} -} - -variable "create_elasticache_subnet_group" { - description = "Controls if elasticache subnet group should be created" - type = bool - default = true -} - -variable "elasticache_subnet_group_name" { - description = "Name of elasticache subnet group" - type = string - default = null -} - -variable "elasticache_subnet_group_tags" { - description = "Additional tags for the elasticache subnet group" - type = map(string) - default = {} -} - -################################################################################ -# Elasticache Network ACLs -################################################################################ - -variable "elasticache_dedicated_network_acl" { - description = "Whether to use dedicated network ACL (not default) and custom rules for elasticache subnets" - type = bool - default = false -} - -variable "elasticache_inbound_acl_rules" { - description = "Elasticache subnets inbound network ACL rules" - type = list(map(string)) - default = [ - { - rule_number = 100 - rule_action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_block = "0.0.0.0/0" - }, - ] -} - -variable "elasticache_outbound_acl_rules" { - description = "Elasticache subnets outbound network ACL rules" - type = list(map(string)) - default = [ - { - rule_number = 100 - rule_action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_block = "0.0.0.0/0" - }, - ] -} - -variable "elasticache_acl_tags" { - description = "Additional tags for the elasticache subnets network ACL" - type = map(string) - default = {} -} - -################################################################################ -# Intra Subnets -################################################################################ - -variable "intra_subnets" { - description = "A list of intra subnets inside the VPC" - type = list(string) - default = [] -} - -variable "intra_subnet_assign_ipv6_address_on_creation" { - description = "Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is `false`" - type = bool - default = false -} - -variable "intra_subnet_enable_dns64" { - description = "Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true`" - type = bool - default = true -} - -variable "intra_subnet_enable_resource_name_dns_aaaa_record_on_launch" { - description = "Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true`" - type = bool - default = true -} - -variable "intra_subnet_enable_resource_name_dns_a_record_on_launch" { - description = "Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false`" - type = bool - default = false -} - -variable "intra_subnet_ipv6_prefixes" { - description = "Assigns IPv6 intra subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list" - type = list(string) - default = [] -} - -variable "intra_subnet_ipv6_native" { - description = "Indicates whether to create an IPv6-only subnet. Default: `false`" - type = bool - default = false -} - -variable "intra_subnet_private_dns_hostname_type_on_launch" { - description = "The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name`" - type = string - default = null -} - -variable "intra_subnet_names" { - description = "Explicit values to use in the Name tag on intra subnets. If empty, Name tags are generated" - type = list(string) - default = [] -} - -variable "intra_subnet_suffix" { - description = "Suffix to append to intra subnets name" - type = string - default = "intra" -} - -variable "intra_subnet_tags" { - description = "Additional tags for the intra subnets" - type = map(string) - default = {} -} - -variable "intra_route_table_tags" { - description = "Additional tags for the intra route tables" - type = map(string) - default = {} -} - -################################################################################ -# Intra Network ACLs -################################################################################ - -variable "intra_dedicated_network_acl" { - description = "Whether to use dedicated network ACL (not default) and custom rules for intra subnets" - type = bool - default = false -} - -variable "intra_inbound_acl_rules" { - description = "Intra subnets inbound network ACLs" - type = list(map(string)) - default = [ - { - rule_number = 100 - rule_action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_block = "0.0.0.0/0" - }, - ] -} - -variable "intra_outbound_acl_rules" { - description = "Intra subnets outbound network ACLs" - type = list(map(string)) - default = [ - { - rule_number = 100 - rule_action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_block = "0.0.0.0/0" - }, - ] -} - -variable "intra_acl_tags" { - description = "Additional tags for the intra subnets network ACL" - type = map(string) - default = {} -} - -################################################################################ -# Outpost Subnets -################################################################################ - -variable "outpost_subnets" { - description = "A list of outpost subnets inside the VPC" - type = list(string) - default = [] -} - -variable "outpost_subnet_assign_ipv6_address_on_creation" { - description = "Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is `false`" - type = bool - default = false -} - -variable "outpost_az" { - description = "AZ where Outpost is anchored" - type = string - default = null -} - -variable "customer_owned_ipv4_pool" { - description = "The customer owned IPv4 address pool. Typically used with the `map_customer_owned_ip_on_launch` argument. The `outpost_arn` argument must be specified when configured" - type = string - default = null -} - -variable "outpost_subnet_enable_dns64" { - description = "Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true`" - type = bool - default = true -} - -variable "outpost_subnet_enable_resource_name_dns_aaaa_record_on_launch" { - description = "Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true`" - type = bool - default = true -} - -variable "outpost_subnet_enable_resource_name_dns_a_record_on_launch" { - description = "Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false`" - type = bool - default = false -} - -variable "outpost_subnet_ipv6_prefixes" { - description = "Assigns IPv6 outpost subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list" - type = list(string) - default = [] -} - -variable "outpost_subnet_ipv6_native" { - description = "Indicates whether to create an IPv6-only subnet. Default: `false`" - type = bool - default = false -} - -variable "map_customer_owned_ip_on_launch" { - description = "Specify true to indicate that network interfaces created in the subnet should be assigned a customer owned IP address. The `customer_owned_ipv4_pool` and `outpost_arn` arguments must be specified when set to `true`. Default is `false`" - type = bool - default = false -} - -variable "outpost_arn" { - description = "ARN of Outpost you want to create a subnet in" - type = string - default = null -} - -variable "outpost_subnet_private_dns_hostname_type_on_launch" { - description = "The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name`" - type = string - default = null -} - -variable "outpost_subnet_names" { - description = "Explicit values to use in the Name tag on outpost subnets. If empty, Name tags are generated" - type = list(string) - default = [] -} - -variable "outpost_subnet_suffix" { - description = "Suffix to append to outpost subnets name" - type = string - default = "outpost" -} - -variable "outpost_subnet_tags" { - description = "Additional tags for the outpost subnets" - type = map(string) - default = {} -} - -################################################################################ -# Outpost Network ACLs -################################################################################ - -variable "outpost_dedicated_network_acl" { - description = "Whether to use dedicated network ACL (not default) and custom rules for outpost subnets" - type = bool - default = false -} - -variable "outpost_inbound_acl_rules" { - description = "Outpost subnets inbound network ACLs" - type = list(map(string)) - default = [ - { - rule_number = 100 - rule_action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_block = "0.0.0.0/0" - }, - ] -} - -variable "outpost_outbound_acl_rules" { - description = "Outpost subnets outbound network ACLs" - type = list(map(string)) - default = [ - { - rule_number = 100 - rule_action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_block = "0.0.0.0/0" - }, - ] -} - -variable "outpost_acl_tags" { - description = "Additional tags for the outpost subnets network ACL" - type = map(string) - default = {} -} - -################################################################################ -# Internet Gateway -################################################################################ - -variable "create_igw" { - description = "Controls if an Internet Gateway is created for public subnets and the related routes that connect them" - type = bool - default = true -} - -variable "create_egress_only_igw" { - description = "Controls if an Egress Only Internet Gateway is created and its related routes" - type = bool - default = true -} - -variable "igw_tags" { - description = "Additional tags for the internet gateway" - type = map(string) - default = {} -} - -################################################################################ -# NAT Gateway -################################################################################ - -variable "enable_nat_gateway" { - description = "Should be true if you want to provision NAT Gateways for each of your private networks" - type = bool - default = false -} - -variable "nat_gateway_destination_cidr_block" { - description = "Used to pass a custom destination route for private NAT Gateway. If not specified, the default 0.0.0.0/0 is used as a destination route" - type = string - default = "0.0.0.0/0" -} - -variable "single_nat_gateway" { - description = "Should be true if you want to provision a single shared NAT Gateway across all of your private networks" - type = bool - default = false -} - -variable "one_nat_gateway_per_az" { - description = "Should be true if you want only one NAT Gateway per availability zone. Requires `var.azs` to be set, and the number of `public_subnets` created to be greater than or equal to the number of availability zones specified in `var.azs`" - type = bool - default = false -} - -variable "reuse_nat_ips" { - description = "Should be true if you don't want EIPs to be created for your NAT Gateways and will instead pass them in via the 'external_nat_ip_ids' variable" - type = bool - default = false -} - -variable "external_nat_ip_ids" { - description = "List of EIP IDs to be assigned to the NAT Gateways (used in combination with reuse_nat_ips)" - type = list(string) - default = [] -} - -variable "external_nat_ips" { - description = "List of EIPs to be used for `nat_public_ips` output (used in combination with reuse_nat_ips and external_nat_ip_ids)" - type = list(string) - default = [] -} - -variable "nat_gateway_tags" { - description = "Additional tags for the NAT gateways" - type = map(string) - default = {} -} - -variable "nat_eip_tags" { - description = "Additional tags for the NAT EIP" - type = map(string) - default = {} -} - -################################################################################ -# Customer Gateways -################################################################################ - -variable "customer_gateways" { - description = "Maps of Customer Gateway's attributes (BGP ASN and Gateway's Internet-routable external IP address)" - type = map(map(any)) - default = {} -} - -variable "customer_gateway_tags" { - description = "Additional tags for the Customer Gateway" - type = map(string) - default = {} -} - -################################################################################ -# VPN Gateway -################################################################################ - -variable "enable_vpn_gateway" { - description = "Should be true if you want to create a new VPN Gateway resource and attach it to the VPC" - type = bool - default = false -} - -variable "vpn_gateway_id" { - description = "ID of VPN Gateway to attach to the VPC" - type = string - default = "" -} - -variable "amazon_side_asn" { - description = "The Autonomous System Number (ASN) for the Amazon side of the gateway. By default the virtual private gateway is created with the current default Amazon ASN" - type = string - default = "64512" -} - -variable "vpn_gateway_az" { - description = "The Availability Zone for the VPN Gateway" - type = string - default = null -} - -variable "propagate_intra_route_tables_vgw" { - description = "Should be true if you want route table propagation" - type = bool - default = false -} - -variable "propagate_private_route_tables_vgw" { - description = "Should be true if you want route table propagation" - type = bool - default = false -} - -variable "propagate_public_route_tables_vgw" { - description = "Should be true if you want route table propagation" - type = bool - default = false -} - -variable "vpn_gateway_tags" { - description = "Additional tags for the VPN gateway" - type = map(string) - default = {} -} - -################################################################################ -# Default VPC -################################################################################ - -variable "manage_default_vpc" { - description = "Should be true to adopt and manage Default VPC" - type = bool - default = false -} - -variable "default_vpc_name" { - description = "Name to be used on the Default VPC" - type = string - default = null -} - -variable "default_vpc_enable_dns_support" { - description = "Should be true to enable DNS support in the Default VPC" - type = bool - default = true -} - -variable "default_vpc_enable_dns_hostnames" { - description = "Should be true to enable DNS hostnames in the Default VPC" - type = bool - default = true -} - -variable "default_vpc_tags" { - description = "Additional tags for the Default VPC" - type = map(string) - default = {} -} - -variable "manage_default_security_group" { - description = "Should be true to adopt and manage default security group" - type = bool - default = true -} - -variable "default_security_group_name" { - description = "Name to be used on the default security group" - type = string - default = null -} - -variable "default_security_group_ingress" { - description = "List of maps of ingress rules to set on the default security group" - type = list(map(string)) - default = [] -} - -variable "default_security_group_egress" { - description = "List of maps of egress rules to set on the default security group" - type = list(map(string)) - default = [] -} - -variable "default_security_group_tags" { - description = "Additional tags for the default security group" - type = map(string) - default = {} -} - -################################################################################ -# Default Network ACLs -################################################################################ - -variable "manage_default_network_acl" { - description = "Should be true to adopt and manage Default Network ACL" - type = bool - default = true -} - -variable "default_network_acl_name" { - description = "Name to be used on the Default Network ACL" - type = string - default = null -} - -variable "default_network_acl_ingress" { - description = "List of maps of ingress rules to set on the Default Network ACL" - type = list(map(string)) - default = [ - { - rule_no = 100 - action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_block = "0.0.0.0/0" - }, - { - rule_no = 101 - action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - ipv6_cidr_block = "::/0" - }, - ] -} - -variable "default_network_acl_egress" { - description = "List of maps of egress rules to set on the Default Network ACL" - type = list(map(string)) - default = [ - { - rule_no = 100 - action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_block = "0.0.0.0/0" - }, - { - rule_no = 101 - action = "allow" - from_port = 0 - to_port = 0 - protocol = "-1" - ipv6_cidr_block = "::/0" - }, - ] -} - -variable "default_network_acl_tags" { - description = "Additional tags for the Default Network ACL" - type = map(string) - default = {} -} - -################################################################################ -# Default Route -################################################################################ - -variable "manage_default_route_table" { - description = "Should be true to manage default route table" - type = bool - default = true -} - -variable "default_route_table_name" { - description = "Name to be used on the default route table" - type = string - default = null -} - -variable "default_route_table_propagating_vgws" { - description = "List of virtual gateways for propagation" - type = list(string) - default = [] -} - -variable "default_route_table_routes" { - description = "Configuration block of routes. See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_route_table#route" - type = list(map(string)) - default = [] -} - -variable "default_route_table_tags" { - description = "Additional tags for the default route table" - type = map(string) - default = {} -} - -################################################################################ -# Flow Log -################################################################################ - -variable "enable_flow_log" { - description = "Whether or not to enable VPC Flow Logs" - type = bool - default = false -} - -variable "vpc_flow_log_permissions_boundary" { - description = "The ARN of the Permissions Boundary for the VPC Flow Log IAM Role" - type = string - default = null -} - -variable "flow_log_max_aggregation_interval" { - description = "The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: `60` seconds or `600` seconds" - type = number - default = 600 -} - -variable "flow_log_traffic_type" { - description = "The type of traffic to capture. Valid values: ACCEPT, REJECT, ALL" - type = string - default = "ALL" -} - -variable "flow_log_destination_type" { - description = "Type of flow log destination. Can be s3 or cloud-watch-logs" - type = string - default = "cloud-watch-logs" -} - -variable "flow_log_log_format" { - description = "The fields to include in the flow log record, in the order in which they should appear" - type = string - default = null -} - -variable "flow_log_destination_arn" { - description = "The ARN of the CloudWatch log group or S3 bucket where VPC Flow Logs will be pushed. If this ARN is a S3 bucket the appropriate permissions need to be set on that bucket's policy. When create_flow_log_cloudwatch_log_group is set to false this argument must be provided" - type = string - default = "" -} - -variable "flow_log_file_format" { - description = "(Optional) The format for the flow log. Valid values: `plain-text`, `parquet`" - type = string - default = null -} - -variable "flow_log_hive_compatible_partitions" { - description = "(Optional) Indicates whether to use Hive-compatible prefixes for flow logs stored in Amazon S3" - type = bool - default = false -} - -variable "flow_log_per_hour_partition" { - description = "(Optional) Indicates whether to partition the flow log per hour. This reduces the cost and response time for queries" - type = bool - default = false -} - -variable "vpc_flow_log_tags" { - description = "Additional tags for the VPC Flow Logs" - type = map(string) - default = {} -} - -################################################################################ -# Flow Log CloudWatch -################################################################################ - -variable "create_flow_log_cloudwatch_log_group" { - description = "Whether to create CloudWatch log group for VPC Flow Logs" - type = bool - default = false -} - -variable "create_flow_log_cloudwatch_iam_role" { - description = "Whether to create IAM role for VPC Flow Logs" - type = bool - default = false -} - -variable "flow_log_cloudwatch_iam_role_arn" { - description = "The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group. When flow_log_destination_arn is set to ARN of Cloudwatch Logs, this argument needs to be provided" - type = string - default = "" -} - -variable "flow_log_cloudwatch_log_group_name_prefix" { - description = "Specifies the name prefix of CloudWatch Log Group for VPC flow logs" - type = string - default = "/aws/vpc-flow-log/" -} - -variable "flow_log_cloudwatch_log_group_name_suffix" { - description = "Specifies the name suffix of CloudWatch Log Group for VPC flow logs" - type = string - default = "" -} - -variable "flow_log_cloudwatch_log_group_retention_in_days" { - description = "Specifies the number of days you want to retain log events in the specified log group for VPC flow logs" - type = number - default = null -} - -variable "flow_log_cloudwatch_log_group_kms_key_id" { - description = "The ARN of the KMS Key to use when encrypting log data for VPC flow logs" - type = string - default = null -} - -variable "flow_log_cloudwatch_log_group_skip_destroy" { - description = " Set to true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time, and instead just remove the log group from the Terraform state" - type = bool - default = false -} - -variable "putin_khuylo" { - description = "Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo!" - type = bool - default = true -} diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/versions.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/versions.tf deleted file mode 100644 index 19d87b78..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/versions.tf +++ /dev/null @@ -1,10 +0,0 @@ -terraform { - required_version = ">= 1.6" - - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 5.0" - } - } -} diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/vpc-flow-logs.tf b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/vpc-flow-logs.tf deleted file mode 100644 index 127d7e01..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/modules/aws-vpc/vpc-flow-logs.tf +++ /dev/null @@ -1,115 +0,0 @@ -locals { - # Only create flow log if user selected to create a VPC as well - enable_flow_log = var.create_vpc && var.enable_flow_log - - create_flow_log_cloudwatch_iam_role = local.enable_flow_log && var.flow_log_destination_type != "s3" && var.create_flow_log_cloudwatch_iam_role - create_flow_log_cloudwatch_log_group = local.enable_flow_log && var.flow_log_destination_type != "s3" && var.create_flow_log_cloudwatch_log_group - - flow_log_destination_arn = local.create_flow_log_cloudwatch_log_group ? try(aws_cloudwatch_log_group.flow_log[0].arn, null) : var.flow_log_destination_arn - flow_log_iam_role_arn = var.flow_log_destination_type != "s3" && local.create_flow_log_cloudwatch_iam_role ? try(aws_iam_role.vpc_flow_log_cloudwatch[0].arn, null) : var.flow_log_cloudwatch_iam_role_arn - flow_log_cloudwatch_log_group_name_suffix = var.flow_log_cloudwatch_log_group_name_suffix == "" ? local.vpc_id : var.flow_log_cloudwatch_log_group_name_suffix -} - -################################################################################ -# Flow Log -################################################################################ - -resource "aws_flow_log" "this" { - count = local.enable_flow_log ? 1 : 0 - - log_destination_type = var.flow_log_destination_type - log_destination = local.flow_log_destination_arn - log_format = var.flow_log_log_format - iam_role_arn = local.flow_log_iam_role_arn - traffic_type = var.flow_log_traffic_type - vpc_id = local.vpc_id - max_aggregation_interval = var.flow_log_max_aggregation_interval - - dynamic "destination_options" { - for_each = var.flow_log_destination_type == "s3" ? [true] : [] - - content { - file_format = var.flow_log_file_format - hive_compatible_partitions = var.flow_log_hive_compatible_partitions - per_hour_partition = var.flow_log_per_hour_partition - } - } - - tags = merge(var.tags, var.vpc_flow_log_tags) -} - -################################################################################ -# Flow Log CloudWatch -################################################################################ - -resource "aws_cloudwatch_log_group" "flow_log" { - count = local.create_flow_log_cloudwatch_log_group ? 1 : 0 - - name = "${var.flow_log_cloudwatch_log_group_name_prefix}${local.flow_log_cloudwatch_log_group_name_suffix}" - retention_in_days = var.flow_log_cloudwatch_log_group_retention_in_days - kms_key_id = var.flow_log_cloudwatch_log_group_kms_key_id - skip_destroy = var.flow_log_cloudwatch_log_group_skip_destroy - - tags = merge(var.tags, var.vpc_flow_log_tags) -} - -resource "aws_iam_role" "vpc_flow_log_cloudwatch" { - count = local.create_flow_log_cloudwatch_iam_role ? 1 : 0 - - name_prefix = "vpc-flow-log-role-" - assume_role_policy = data.aws_iam_policy_document.flow_log_cloudwatch_assume_role[0].json - permissions_boundary = var.vpc_flow_log_permissions_boundary - - tags = merge(var.tags, var.vpc_flow_log_tags) -} - -data "aws_iam_policy_document" "flow_log_cloudwatch_assume_role" { - count = local.create_flow_log_cloudwatch_iam_role ? 1 : 0 - - statement { - sid = "AWSVPCFlowLogsAssumeRole" - - principals { - type = "Service" - identifiers = ["vpc-flow-logs.amazonaws.com"] - } - - effect = "Allow" - - actions = ["sts:AssumeRole"] - } -} - -resource "aws_iam_role_policy_attachment" "vpc_flow_log_cloudwatch" { - count = local.create_flow_log_cloudwatch_iam_role ? 1 : 0 - - role = aws_iam_role.vpc_flow_log_cloudwatch[0].name - policy_arn = aws_iam_policy.vpc_flow_log_cloudwatch[0].arn -} - -resource "aws_iam_policy" "vpc_flow_log_cloudwatch" { - count = local.create_flow_log_cloudwatch_iam_role ? 1 : 0 - - name_prefix = "vpc-flow-log-to-cloudwatch-" - policy = data.aws_iam_policy_document.vpc_flow_log_cloudwatch[0].json - tags = merge(var.tags, var.vpc_flow_log_tags) -} - -data "aws_iam_policy_document" "vpc_flow_log_cloudwatch" { - count = local.create_flow_log_cloudwatch_iam_role ? 1 : 0 - - statement { - sid = "AWSVPCFlowLogsPushToCloudWatch" - - effect = "Allow" - - actions = [ - "logs:CreateLogStream", - "logs:PutLogEvents", - "logs:DescribeLogGroups", - "logs:DescribeLogStreams", - ] - - resources = ["*"] - } -} diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/terraform.tfvars b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/terraform.tfvars deleted file mode 100644 index d423925d..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/terraform.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# Generic Variables -aws_region = "us-east-1" -environment = "stag" -business_divsion = "HR" - - - - - - - diff --git a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/vpc.auto.tfvars b/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/vpc.auto.tfvars deleted file mode 100644 index fc45bf29..00000000 --- a/V1-UPDATES-DEC2023/18-Develop-Terraform-Modules-Locally/terraform-manifests/vpc.auto.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# VPC Variables -vpc_name = "myvpc" -vpc_cidr_block = "10.0.0.0/16" -vpc_availability_zones = ["us-east-1a", "us-east-1b"] -vpc_public_subnets = ["10.0.101.0/24", "10.0.102.0/24"] -vpc_private_subnets = ["10.0.1.0/24", "10.0.2.0/24"] -vpc_database_subnets= ["10.0.151.0/24", "10.0.152.0/24"] -vpc_create_database_subnet_group = true -vpc_create_database_subnet_route_table = true -vpc_enable_nat_gateway = true -vpc_single_nat_gateway = true \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/19-Develop-Terraform-Module-from-scratch/README-old.md b/V1-UPDATES-DEC2023/19-Develop-Terraform-Module-from-scratch/README-old.md deleted file mode 100644 index 1282aabb..00000000 --- a/V1-UPDATES-DEC2023/19-Develop-Terraform-Module-from-scratch/README-old.md +++ /dev/null @@ -1,273 +0,0 @@ ---- -title: Build Terraform Module from Scratch -description: Create Terraform Modules locally ---- -# Build a Terraform Module - -## Step-01: Introduction -- Build a Terraform Module - - Create a Terraform module - - Use local Terraform modules in your configuration - - Configure modules with variables - - Use module outputs - - We are going to write a local re-usable module for the following usecase. -- **Usecase: Hosting a static website with AWS S3 buckets** -1. Create an S3 Bucket -2. Create Public Read policy for the bucket -3. Once above two are ready, we can deploy Static Content -4. For steps, 1 and 2 we are going to create a re-usable module in Terraform -- **How are we going to do this?** -- We are going to do this in 3 sections -- **Section-1 - Full Manual:** Create Static Website on S3 using AWS Management Consoleand host static content and test -- **Section-2 - Terraform Resources:** Automate section-1 using Terraform Resources -- **Section-3 - Terraform Modules:** Create a re-usable module for hosting static website by referencing section-2 terraform configuration files. - -## Step-02: Hosting a Static Website with AWS S3 using AWS Management Console -- **Reference Sub-folder:** v1-create-static-website-on-s3-using-aws-mgmt-console -- We are going to host a static website with AWS S3 using AWS Management console -### Step-02-01: Create AWS S3 Bucket -- Go to AWS Services -> S3 -> Create Bucket -- **Bucket Name:** mybucket-1045 (Note: Bucket name should be unique across AWS) -- **Region:** US.East (N.Virginia) -- Rest all leave to defaults -- Click on **Create Bucket** - -### Step-02-02: Enable Static website hosting -- Go to AWS Services -> S3 -> Buckets -> mybucket-1045 -> Properties Tab -> At the end -- Edit to enable **Static website hosting** -- **Static website hosting:** enable -- **Index document:** index.html -- Click on **Save Changes** - -### Step-02-03: Remove Block public access (bucket settings) -- Go to AWS Services -> S3 -> Buckets -> mybucket-1045 -> Permissions Tab -- Edit **Block public access (bucket settings)** -- Uncheck **Block all public access** -- Click on **Save Changes** -- Provide text `confirm` and Click on **Confirm** - -### Step-02-04: Add Bucket policy for public read by bucket owners -- Update your bucket name in the below listed policy -- **Location:** v1-create-static-website-on-s3-using-aws-mgmt-console/policy-public-read-access-for-website.json -```json -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "PublicReadGetObject", - "Effect": "Allow", - "Principal": "*", - "Action": [ - "s3:GetObject" - ], - "Resource": [ - "arn:aws:s3:::mybucket-1045/*" - ] - } - ] -} -``` -- Go to AWS Services -> S3 -> Buckets -> mybucket-1045 -> Permissions Tab -- Edit -> **Bucket policy** -> Copy paste the policy above with your bucket name -- Click on **Save Changes** - -### Step-02-05: Upload index.html -- **Location:** v1-create-static-website-on-s3-using-aws-mgmt-console/index.html -- Go to AWS Services -> S3 -> Buckets -> mybucket-1045 -> Objects Tab -- Upload **index.html** - -### Step-02-06: Access Static Website using S3 Website Endpoint -- Access the newly uploaded index.html to S3 bucket using browser -``` -# Endpoint Format -http://example-bucket.s3-website.Region.amazonaws.com/ - -# Replace Values (Bucket Name, Region) -http://mybucket-1045.s3-website.us-east-1.amazonaws.com/ -``` - -### Step-02-07: Conclusion -- We have used multiple manual steps to host a static website on AWS -- Now all the above manual steps automate using Terraform in next step - -## Step-03: Create Terraform Configuration to Host a Static Website on AWS S3 -- **Reference Sub-folder:** v2-host-static-website-on-s3-using-terraform-manifests -- We are going to host a static website on AWS S3 using general terraform configuration files -### Step-03-01: Create Terraform Configuration Files step by step -1. versions.tf -2. main.tf -3. variables.tf -4. outputs.tf -5. terraform.tfvars - -### Step-03-02: Execute Terraform Commands & Verify the bucket -```t -# Terraform Initialize -terraform init - -# Terraform Validate -terraform validate - -# Terraform Format -terraform fmt - -# Terraform Plan -terraform plan - -# Terraform Apply -terraform apply -auto-approve - -# Verify -1. Bucket has static website hosting enabled -2. Bucket has public read access enabled using policy -3. Bucket has "Block all public access" unchecked -``` - -### Step-03-03: Upload index.html and test -``` -# Endpoint Format -http://example-bucket.s3-website.Region.amazonaws.com/ - -# Replace Values (Bucket Name, Region) -http://mybucket-1046.s3-website.us-east-1.amazonaws.com/ -``` -### Step-03-04: Destroy and Clean-Up -```t -# Terraform Destroy -terraform destroy -auto-approve - -# Delete Terraform files -rm -rf .terraform* -rm -rf terraform.tfstate* -``` - - -### Step-03-05: Conclusion -- Using above terraform configurations we have hosted a static website in AWS S3 in seconds. -- In next step, we will convert these **terraform configuration files** to a Module which will be re-usable just by calling it. - - -## Step-04: Build a Terraform Module to Host a Static Website on AWS S3 -- **Reference Sub-folder:** v3-build-a-module-to-host-static-website-on-aws-s3 -- We will build a Terraform module to host a static website on AWS S3 - -### Step-04-01: Create Module Folder Structure -- We are going to create `modules` folder and in that we are going to create a module named `aws-s3-static-website-bucket` -- We will copy required files from previous section for this respective module. -- Terraform Working Directory: v3-build-a-module-to-host-static-website-on-aws-s3 - - modules - - Module-1: aws-s3-static-website-bucket - - main.tf - - variables.tf - - outputs.tf - - README.md - - LICENSE -- Inside `modules/aws-s3-static-website-bucket`, copy below listed three files from `v2-host-static-website-on-s3-using-terraform-manifests` - - main.tf - - variables.tf - - outputs.tf - - -### Step-04-02: Call Module from Terraform Work Directory (Root Module) -- Create Terraform Configuration in Root Module by calling the newly created module -- c1-versions.tf -- c2-variables.tf -- c3-s3bucket.tf -- c4-outputs.tf -```t -module "website_s3_bucket" { - source = "./modules/aws-s3-static-website-bucket" - bucket_name = var.my_s3_bucket - tags = var.my_s3_tags -} -``` -### Step-04-03: Execute Terraform Commands -``` -# Terraform Initialize -terraform init -Observation: -1. Verify ".terraform", you will find "modules" folder in addition to "providers" folder -2. Verify inside ".terraform/modules" folder too. - -# Terraform Validate -terraform validate - -# Terraform Format -terraform fmt - -# Terraform Plan -terraform plan - -# Terraform Apply -terraform apply -auto-approve - -# Verify -1. Bucket has static website hosting enabled -2. Bucket has public read access enabled using policy -3. Bucket has "Block all public access" unchecked -``` - -### Step-04-04: Upload index.html and test -``` -# Endpoint Format -http://example-bucket.s3-website.Region.amazonaws.com/ - -# Replace Values (Bucket Name, Region) -http://mybucket-1047.s3-website.us-east-1.amazonaws.com/ -``` - -### Step-04-05: Destroy and Clean-Up -```t -# Terraform Destroy -terraform destroy -auto-approve - -# Delete Terraform files -rm -rf .terraform* -rm -rf terraform.tfstate* -``` - -### Step-04-06: Understand terraform get command -- We have used `terraform init` to download providers from terraform registry and at the same time to download `modules` present in local modules folder in terraform working directory. -- Assuming we already have initialized using `terraform init` and later we have created `module` configs, we can `terraform get` to download the same. -- Whenever you add a new module to a configuration, Terraform must install the module before it can be used. -- Both the `terraform get` and `terraform init` commands will install and update modules. -- The `terraform init` command will also initialize backends and install plugins. -``` -# Delete modules in .terraform folder -ls -lrt .terraform/modules -rm -rf .terraform/modules -ls -lrt .terraform/modules - -# Terraform Get -terraform get -ls -lrt .terraform/modules -``` -### Step-04-07: Major difference between Local and Remote Module -- When installing a remote module, Terraform will download it into the .terraform directory in your configuration's root directory. -- When installing a local module, Terraform will instead refer directly to the source directory. -- Because of this, Terraform will automatically notice changes to local modules without having to re-run terraform init or terraform get. - -## Step-05: Conclusion -- Created a Terraform module -- Used local Terraform modules in your configuration -- Configured modules with variables -- Used module outputs - - - - - - - - - - - - - - - - - - - diff --git a/V1-UPDATES-DEC2023/19-Develop-Terraform-Module-from-scratch/README.md b/V1-UPDATES-DEC2023/19-Develop-Terraform-Module-from-scratch/README.md deleted file mode 100644 index 1282aabb..00000000 --- a/V1-UPDATES-DEC2023/19-Develop-Terraform-Module-from-scratch/README.md +++ /dev/null @@ -1,273 +0,0 @@ ---- -title: Build Terraform Module from Scratch -description: Create Terraform Modules locally ---- -# Build a Terraform Module - -## Step-01: Introduction -- Build a Terraform Module - - Create a Terraform module - - Use local Terraform modules in your configuration - - Configure modules with variables - - Use module outputs - - We are going to write a local re-usable module for the following usecase. -- **Usecase: Hosting a static website with AWS S3 buckets** -1. Create an S3 Bucket -2. Create Public Read policy for the bucket -3. Once above two are ready, we can deploy Static Content -4. For steps, 1 and 2 we are going to create a re-usable module in Terraform -- **How are we going to do this?** -- We are going to do this in 3 sections -- **Section-1 - Full Manual:** Create Static Website on S3 using AWS Management Consoleand host static content and test -- **Section-2 - Terraform Resources:** Automate section-1 using Terraform Resources -- **Section-3 - Terraform Modules:** Create a re-usable module for hosting static website by referencing section-2 terraform configuration files. - -## Step-02: Hosting a Static Website with AWS S3 using AWS Management Console -- **Reference Sub-folder:** v1-create-static-website-on-s3-using-aws-mgmt-console -- We are going to host a static website with AWS S3 using AWS Management console -### Step-02-01: Create AWS S3 Bucket -- Go to AWS Services -> S3 -> Create Bucket -- **Bucket Name:** mybucket-1045 (Note: Bucket name should be unique across AWS) -- **Region:** US.East (N.Virginia) -- Rest all leave to defaults -- Click on **Create Bucket** - -### Step-02-02: Enable Static website hosting -- Go to AWS Services -> S3 -> Buckets -> mybucket-1045 -> Properties Tab -> At the end -- Edit to enable **Static website hosting** -- **Static website hosting:** enable -- **Index document:** index.html -- Click on **Save Changes** - -### Step-02-03: Remove Block public access (bucket settings) -- Go to AWS Services -> S3 -> Buckets -> mybucket-1045 -> Permissions Tab -- Edit **Block public access (bucket settings)** -- Uncheck **Block all public access** -- Click on **Save Changes** -- Provide text `confirm` and Click on **Confirm** - -### Step-02-04: Add Bucket policy for public read by bucket owners -- Update your bucket name in the below listed policy -- **Location:** v1-create-static-website-on-s3-using-aws-mgmt-console/policy-public-read-access-for-website.json -```json -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "PublicReadGetObject", - "Effect": "Allow", - "Principal": "*", - "Action": [ - "s3:GetObject" - ], - "Resource": [ - "arn:aws:s3:::mybucket-1045/*" - ] - } - ] -} -``` -- Go to AWS Services -> S3 -> Buckets -> mybucket-1045 -> Permissions Tab -- Edit -> **Bucket policy** -> Copy paste the policy above with your bucket name -- Click on **Save Changes** - -### Step-02-05: Upload index.html -- **Location:** v1-create-static-website-on-s3-using-aws-mgmt-console/index.html -- Go to AWS Services -> S3 -> Buckets -> mybucket-1045 -> Objects Tab -- Upload **index.html** - -### Step-02-06: Access Static Website using S3 Website Endpoint -- Access the newly uploaded index.html to S3 bucket using browser -``` -# Endpoint Format -http://example-bucket.s3-website.Region.amazonaws.com/ - -# Replace Values (Bucket Name, Region) -http://mybucket-1045.s3-website.us-east-1.amazonaws.com/ -``` - -### Step-02-07: Conclusion -- We have used multiple manual steps to host a static website on AWS -- Now all the above manual steps automate using Terraform in next step - -## Step-03: Create Terraform Configuration to Host a Static Website on AWS S3 -- **Reference Sub-folder:** v2-host-static-website-on-s3-using-terraform-manifests -- We are going to host a static website on AWS S3 using general terraform configuration files -### Step-03-01: Create Terraform Configuration Files step by step -1. versions.tf -2. main.tf -3. variables.tf -4. outputs.tf -5. terraform.tfvars - -### Step-03-02: Execute Terraform Commands & Verify the bucket -```t -# Terraform Initialize -terraform init - -# Terraform Validate -terraform validate - -# Terraform Format -terraform fmt - -# Terraform Plan -terraform plan - -# Terraform Apply -terraform apply -auto-approve - -# Verify -1. Bucket has static website hosting enabled -2. Bucket has public read access enabled using policy -3. Bucket has "Block all public access" unchecked -``` - -### Step-03-03: Upload index.html and test -``` -# Endpoint Format -http://example-bucket.s3-website.Region.amazonaws.com/ - -# Replace Values (Bucket Name, Region) -http://mybucket-1046.s3-website.us-east-1.amazonaws.com/ -``` -### Step-03-04: Destroy and Clean-Up -```t -# Terraform Destroy -terraform destroy -auto-approve - -# Delete Terraform files -rm -rf .terraform* -rm -rf terraform.tfstate* -``` - - -### Step-03-05: Conclusion -- Using above terraform configurations we have hosted a static website in AWS S3 in seconds. -- In next step, we will convert these **terraform configuration files** to a Module which will be re-usable just by calling it. - - -## Step-04: Build a Terraform Module to Host a Static Website on AWS S3 -- **Reference Sub-folder:** v3-build-a-module-to-host-static-website-on-aws-s3 -- We will build a Terraform module to host a static website on AWS S3 - -### Step-04-01: Create Module Folder Structure -- We are going to create `modules` folder and in that we are going to create a module named `aws-s3-static-website-bucket` -- We will copy required files from previous section for this respective module. -- Terraform Working Directory: v3-build-a-module-to-host-static-website-on-aws-s3 - - modules - - Module-1: aws-s3-static-website-bucket - - main.tf - - variables.tf - - outputs.tf - - README.md - - LICENSE -- Inside `modules/aws-s3-static-website-bucket`, copy below listed three files from `v2-host-static-website-on-s3-using-terraform-manifests` - - main.tf - - variables.tf - - outputs.tf - - -### Step-04-02: Call Module from Terraform Work Directory (Root Module) -- Create Terraform Configuration in Root Module by calling the newly created module -- c1-versions.tf -- c2-variables.tf -- c3-s3bucket.tf -- c4-outputs.tf -```t -module "website_s3_bucket" { - source = "./modules/aws-s3-static-website-bucket" - bucket_name = var.my_s3_bucket - tags = var.my_s3_tags -} -``` -### Step-04-03: Execute Terraform Commands -``` -# Terraform Initialize -terraform init -Observation: -1. Verify ".terraform", you will find "modules" folder in addition to "providers" folder -2. Verify inside ".terraform/modules" folder too. - -# Terraform Validate -terraform validate - -# Terraform Format -terraform fmt - -# Terraform Plan -terraform plan - -# Terraform Apply -terraform apply -auto-approve - -# Verify -1. Bucket has static website hosting enabled -2. Bucket has public read access enabled using policy -3. Bucket has "Block all public access" unchecked -``` - -### Step-04-04: Upload index.html and test -``` -# Endpoint Format -http://example-bucket.s3-website.Region.amazonaws.com/ - -# Replace Values (Bucket Name, Region) -http://mybucket-1047.s3-website.us-east-1.amazonaws.com/ -``` - -### Step-04-05: Destroy and Clean-Up -```t -# Terraform Destroy -terraform destroy -auto-approve - -# Delete Terraform files -rm -rf .terraform* -rm -rf terraform.tfstate* -``` - -### Step-04-06: Understand terraform get command -- We have used `terraform init` to download providers from terraform registry and at the same time to download `modules` present in local modules folder in terraform working directory. -- Assuming we already have initialized using `terraform init` and later we have created `module` configs, we can `terraform get` to download the same. -- Whenever you add a new module to a configuration, Terraform must install the module before it can be used. -- Both the `terraform get` and `terraform init` commands will install and update modules. -- The `terraform init` command will also initialize backends and install plugins. -``` -# Delete modules in .terraform folder -ls -lrt .terraform/modules -rm -rf .terraform/modules -ls -lrt .terraform/modules - -# Terraform Get -terraform get -ls -lrt .terraform/modules -``` -### Step-04-07: Major difference between Local and Remote Module -- When installing a remote module, Terraform will download it into the .terraform directory in your configuration's root directory. -- When installing a local module, Terraform will instead refer directly to the source directory. -- Because of this, Terraform will automatically notice changes to local modules without having to re-run terraform init or terraform get. - -## Step-05: Conclusion -- Created a Terraform module -- Used local Terraform modules in your configuration -- Configured modules with variables -- Used module outputs - - - - - - - - - - - - - - - - - - - diff --git a/V1-UPDATES-DEC2023/19-Develop-Terraform-Module-from-scratch/index.html b/V1-UPDATES-DEC2023/19-Develop-Terraform-Module-from-scratch/index.html deleted file mode 100644 index 7d6d85ab..00000000 --- a/V1-UPDATES-DEC2023/19-Develop-Terraform-Module-from-scratch/index.html +++ /dev/null @@ -1,8 +0,0 @@ - - - -
{
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_action": "allow",
"rule_number": 100,
"to_port": 0
}
]
Terraform Demo
-Application Version: V1
- - \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/19-Develop-Terraform-Module-from-scratch/v1-create-static-website-on-s3-using-aws-mgmt-console/index.html b/V1-UPDATES-DEC2023/19-Develop-Terraform-Module-from-scratch/v1-create-static-website-on-s3-using-aws-mgmt-console/index.html deleted file mode 100644 index 3c12553c..00000000 --- a/V1-UPDATES-DEC2023/19-Develop-Terraform-Module-from-scratch/v1-create-static-website-on-s3-using-aws-mgmt-console/index.html +++ /dev/null @@ -1,10 +0,0 @@ - - -Terraform Modules - Step by Step
- - \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/19-Develop-Terraform-Module-from-scratch/v1-create-static-website-on-s3-using-aws-mgmt-console/policy-public-read-access-for-website.json b/V1-UPDATES-DEC2023/19-Develop-Terraform-Module-from-scratch/v1-create-static-website-on-s3-using-aws-mgmt-console/policy-public-read-access-for-website.json deleted file mode 100644 index 1b47fe4f..00000000 --- a/V1-UPDATES-DEC2023/19-Develop-Terraform-Module-from-scratch/v1-create-static-website-on-s3-using-aws-mgmt-console/policy-public-read-access-for-website.json +++ /dev/null @@ -1,16 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "PublicReadGetObject", - "Effect": "Allow", - "Principal": "*", - "Action": [ - "s3:GetObject" - ], - "Resource": [ - "arn:aws:s3:::mybucket-1045/*" - ] - } - ] -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/19-Develop-Terraform-Module-from-scratch/v2-host-static-website-on-s3-using-terraform-manifests/main.tf b/V1-UPDATES-DEC2023/19-Develop-Terraform-Module-from-scratch/v2-host-static-website-on-s3-using-terraform-manifests/main.tf deleted file mode 100644 index 267a5763..00000000 --- a/V1-UPDATES-DEC2023/19-Develop-Terraform-Module-from-scratch/v2-host-static-website-on-s3-using-terraform-manifests/main.tf +++ /dev/null @@ -1,81 +0,0 @@ -# S3 static website bucket - -# Resource-1: aws_s3_bucket -resource "aws_s3_bucket" "mywebsite" { - bucket = var.bucket_name - tags = var.tags - force_destroy = true -} - -# Resource-2: aws_s3_bucket_website_configuration -resource "aws_s3_bucket_website_configuration" "mywebsite" { - bucket = aws_s3_bucket.mywebsite.id - index_document { - suffix = "index.html" - } - error_document { - key = "error.html" - } -} - -# Resource-3: aws_s3_bucket_versioning -resource "aws_s3_bucket_versioning" "mywebsite" { - bucket = aws_s3_bucket.mywebsite.id - versioning_configuration { - status = "Enabled" - } -} - -# Resource-4: aws_s3_bucket_ownership_controls -resource "aws_s3_bucket_ownership_controls" "mywebsite" { - bucket = aws_s3_bucket.mywebsite.id - rule { - object_ownership = "BucketOwnerPreferred" - } -} - -# Resource-5: aws_s3_bucket_public_access_block -resource "aws_s3_bucket_public_access_block" "mywebsite" { - bucket = aws_s3_bucket.mywebsite.id - block_public_acls = false - block_public_policy = false - ignore_public_acls = false - restrict_public_buckets = false -} - -# Resource-6: aws_s3_bucket_acl -resource "aws_s3_bucket_acl" "mywebsite" { - depends_on = [ - aws_s3_bucket_ownership_controls.mywebsite, - aws_s3_bucket_public_access_block.mywebsite - ] - bucket = aws_s3_bucket.mywebsite.id - acl = "public-read" -} - - -# Resource-7: aws_s3_bucket_policy -resource "aws_s3_bucket_policy" "mywebsite" { - bucket = aws_s3_bucket.mywebsite.id - - policy = <Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app1/index.html -sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app1/metadata.html - - diff --git a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c0-terraform-remote-state-datasource.tf b/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c0-terraform-remote-state-datasource.tf deleted file mode 100644 index e6f221f9..00000000 --- a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c0-terraform-remote-state-datasource.tf +++ /dev/null @@ -1,27 +0,0 @@ -# Terraform Remote State Datasource -data "terraform_remote_state" "vpc" { - backend = "s3" - config = { - bucket = "terraform-on-aws-for-ec2" - key = "dev/project1-vpc/terraform.tfstate" - region = "us-east-1" - } -} - -/* -1. Security Group -vpc_id = data.terraform_remote_state.vpc.outputs.vpc_id -ingress_cidr_blocks = [data.terraform_remote_state.vpc.outputs.vpc_cidr_block] - -2. Bastion Host -subnet_id = data.terraform_remote_state.vpc.outputs.public_subnets[0] - -3. ALB -subnets = data.terraform_remote_state.vpc.outputs.public_subnets - -4. ASG - vpc_zone_identifier = data.terraform_remote_state.vpc.outputs.private_subnets - -5. Null Resource - command = "echo VPC created on `date` and VPC ID: ${data.terraform_remote_state.vpc.outputs.vpc_id} >> creation-time-vpc-id.txt" -*/ \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c1-versions.tf b/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c1-versions.tf deleted file mode 100644 index c252f4a8..00000000 --- a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c1-versions.tf +++ /dev/null @@ -1,43 +0,0 @@ -# Terraform Block -terraform { - required_version = ">= 1.6" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 5.0" - } - null = { - source = "hashicorp/null" - version = "~> 3.0" - } - random = { - source = "hashicorp/random" - version = "~> 3.0" - } - } - # Adding Backend as S3 for Remote State Storage - backend "s3" { - bucket = "terraform-on-aws-for-ec2" - key = "dev/project2-app1/terraform.tfstate" - region = "us-east-1" - - # Enable during Step-09 - # For State Locking - dynamodb_table = "dev-project2-app1" - } -} - -# Provider Block -provider "aws" { - region = var.aws_region - profile = "default" -} -/* -Note-1: AWS Credentials Profile (profile = "default") configured on your local desktop terminal -$HOME/.aws/credentials -*/ - -# Create Random Pet Resource -resource "random_pet" "this" { - length = 2 -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c10-01-ALB-application-loadbalancer-variables.tf b/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c10-01-ALB-application-loadbalancer-variables.tf deleted file mode 100644 index 0aeebd65..00000000 --- a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c10-01-ALB-application-loadbalancer-variables.tf +++ /dev/null @@ -1,3 +0,0 @@ -# Terraform AWS Application Load Balancer Variables -# Place holder file for AWS ALB Variables - diff --git a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c10-02-ALB-application-loadbalancer.tf b/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c10-02-ALB-application-loadbalancer.tf deleted file mode 100644 index e04befc8..00000000 --- a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c10-02-ALB-application-loadbalancer.tf +++ /dev/null @@ -1,106 +0,0 @@ -# Terraform AWS Application Load Balancer (ALB) -## Github ISSUE: https://github.com/terraform-aws-modules/terraform-aws-alb/issues/316 -## Search for "create_attachment" to jump to that issue solution - -module "alb" { - source = "terraform-aws-modules/alb/aws" - #version = "5.16.0" - version = "9.2.0" - - name = "${local.name}-alb" - load_balancer_type = "application" - #vpc_id = module.vpc.vpc_id - #subnets = module.vpc.public_subnets - vpc_id = data.terraform_remote_state.vpc.outputs.vpc_id - subnets = data.terraform_remote_state.vpc.outputs.public_subnets - security_groups = [module.loadbalancer_sg.security_group_id] - - # For example only - enable_deletion_protection = false - -# Listeners - listeners = { - # Listener-1: my-http-https-redirect - my-http-https-redirect = { - port = 80 - protocol = "HTTP" - redirect = { - port = "443" - protocol = "HTTPS" - status_code = "HTTP_301" - } - } # End Listener-1: my-http-https-redirect - - # Listener-2: my-https-listener - my-https-listener = { - port = 443 - protocol = "HTTPS" - ssl_policy = "ELBSecurityPolicy-TLS13-1-2-Res-2021-06" - certificate_arn = module.acm.acm_certificate_arn - - # Fixed Response for Root Context - fixed_response = { - content_type = "text/plain" - message_body = "Fixed Static message - for Root Context" - status_code = "200" - }# End of Fixed Response - - # Load Balancer Rules - rules = { - # Rule-1: myapp1-rule - myapp1-rule = { - actions = [{ - type = "weighted-forward" - target_groups = [ - { - target_group_key = "mytg1" - weight = 1 - } - ] - stickiness = { - enabled = true - duration = 3600 - } - }] - conditions = [{ - path_pattern = { - values = ["/*"] - } - }] - }# End of myapp1-rule - }# End Rules Block - }# End my-https-listener Block - }# End Listeners Block - -# Target Groups - target_groups = { - # Target Group-1: mytg1 - mytg1 = { - # VERY IMPORTANT: We will create aws_lb_target_group_attachment resource separately when we use create_attachment = false, refer above GitHub issue URL. - ## Github ISSUE: https://github.com/terraform-aws-modules/terraform-aws-alb/issues/316 - ## Search for "create_attachment" to jump to that Github issue solution - create_attachment = false - name_prefix = "mytg1-" - protocol = "HTTP" - port = 80 - target_type = "instance" - deregistration_delay = 10 - load_balancing_cross_zone_enabled = false - protocol_version = "HTTP1" - health_check = { - enabled = true - interval = 30 - path = "/app1/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - protocol = "HTTP" - matcher = "200-399" - }# End Health Check Block - tags = local.common_tags # Target Group Tags - } # END of Target Group-1: mytg1 - } # END OF target_groups - tags = local.common_tags # ALB Tags -} - diff --git a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c10-03-ALB-application-loadbalancer-outputs.tf b/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c10-03-ALB-application-loadbalancer-outputs.tf deleted file mode 100644 index 25387755..00000000 --- a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c10-03-ALB-application-loadbalancer-outputs.tf +++ /dev/null @@ -1,41 +0,0 @@ -# Terraform AWS Application Load Balancer (ALB) Outputs - -output "lb_id" { - description = "The ID and ARN of the load balancer we created." - value = module.alb.id -} - -output "lb_arn" { - description = "The ID and ARN of the load balancer we created." - value = module.alb.arn -} - -output "lb_dns_name" { - description = "The DNS name of the load balancer." - value = module.alb.dns_name -} - -output "lb_arn_suffix" { - description = "ARN suffix of our load balancer - can be used with CloudWatch." - value = module.alb.arn_suffix -} - -output "lb_zone_id" { - description = "The zone_id of the load balancer to assist with creating DNS records." - value = module.alb.zone_id -} - -output "listener_rules" { - description = "Map of listeners rules created and their attributes" - value = module.alb.listener_rules -} - -output "listeners" { - description = "Map of listeners created and their attributes" - value = module.alb.listeners -} - -output "target_groups" { - description = "Map of target groups created and their attributes" - value = module.alb.target_groups -} diff --git a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c11-acm-certificatemanager.tf b/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c11-acm-certificatemanager.tf deleted file mode 100644 index 7788a43e..00000000 --- a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c11-acm-certificatemanager.tf +++ /dev/null @@ -1,26 +0,0 @@ -# ACM Module - To create and Verify SSL Certificates -module "acm" { - source = "terraform-aws-modules/acm/aws" - #version = "2.14.0" - #version = "3.0.0" - version = "5.0.0" - - domain_name = trimsuffix(data.aws_route53_zone.mydomain.name, ".") - zone_id = data.aws_route53_zone.mydomain.zone_id - - subject_alternative_names = [ - "*.devopsincloud.com" - ] - tags = local.common_tags - # Validation Method - validation_method = "DNS" - wait_for_validation = true -} - -# Output ACM Certificate ARN -output "this_acm_certificate_arn" { - description = "The ARN of the certificate" - #value = module.acm.this_acm_certificate_arn - value = module.acm.acm_certificate_arn -} - diff --git a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c12-route53-dnsregistration.tf b/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c12-route53-dnsregistration.tf deleted file mode 100644 index 80b1c22f..00000000 --- a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c12-route53-dnsregistration.tf +++ /dev/null @@ -1,13 +0,0 @@ -# DNS Registration -resource "aws_route53_record" "apps_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = "tf-multi-app-projects.devopsincloud.com" - type = "A" - alias { - #name = module.alb.lb_dns_name - #zone_id = module.alb.lb_zone_id - name = module.alb.dns_name - zone_id = module.alb.zone_id - evaluate_target_health = true - } -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c13-01-autoscaling-with-launchtemplate-variables.tf b/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c13-01-autoscaling-with-launchtemplate-variables.tf deleted file mode 100644 index 72ba1abd..00000000 --- a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c13-01-autoscaling-with-launchtemplate-variables.tf +++ /dev/null @@ -1,2 +0,0 @@ -# Autoscaling Input Variables -## Placeholder file \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c13-02-autoscaling-launchtemplate-resource.tf b/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c13-02-autoscaling-launchtemplate-resource.tf deleted file mode 100644 index 4f42bb45..00000000 --- a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c13-02-autoscaling-launchtemplate-resource.tf +++ /dev/null @@ -1,33 +0,0 @@ -# Launch Template Resource -resource "aws_launch_template" "my_launch_template" { - name = "my-launch-template" - description = "My Launch Template" - image_id = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - - vpc_security_group_ids = [module.private_sg.security_group_id] - key_name = var.instance_keypair - user_data = filebase64("${path.module}/app1-install.sh") - ebs_optimized = true - #default_version = 1 - update_default_version = true - block_device_mappings { - device_name = "/dev/sda1" - ebs { - volume_size = 10 - #volume_size = 20 # LT Update Testing - Version 2 of LT - delete_on_termination = true - volume_type = "gp2" # default is gp2 - } - } - monitoring { - enabled = true - } - - tag_specifications { - resource_type = "instance" - tags = { - Name = "myasg" - } - } -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c13-03-autoscaling-resource.tf b/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c13-03-autoscaling-resource.tf deleted file mode 100644 index 96aa5828..00000000 --- a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c13-03-autoscaling-resource.tf +++ /dev/null @@ -1,32 +0,0 @@ -# Autoscaling Group Resource -resource "aws_autoscaling_group" "my_asg" { - name_prefix = "myasg-" - desired_capacity = 2 - max_size = 10 - min_size = 2 - #vpc_zone_identifier = module.vpc.private_subnets - vpc_zone_identifier = data.terraform_remote_state.vpc.outputs.private_subnets - #target_group_arns = module.alb.target_group_arns - target_group_arns = [module.alb.target_groups["mytg1"].arn] # UPDATED NOV2023 - health_check_type = "EC2" - #health_check_grace_period = 300 # default is 300 seconds - launch_template { - id = aws_launch_template.my_launch_template.id - version = aws_launch_template.my_launch_template.latest_version - } - # Instance Refresh - instance_refresh { - strategy = "Rolling" - preferences { - # instance_warmup = 300 # Default behavior is to use the Auto Scaling Groups health check grace period value - min_healthy_percentage = 50 - } - triggers = [ "desired_capacity" ] # You can add any argument from ASG here, if those has changes, ASG Instance Refresh will trigger - } - tag { - key = "Owners" - value = "Web-Team" - propagate_at_launch = true - } -} - diff --git a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c13-04-autoscaling-with-launchtemplate-outputs.tf b/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c13-04-autoscaling-with-launchtemplate-outputs.tf deleted file mode 100644 index a23e76f4..00000000 --- a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c13-04-autoscaling-with-launchtemplate-outputs.tf +++ /dev/null @@ -1,26 +0,0 @@ -# Launch Template Outputs -output "launch_template_id" { - description = "Launch Template ID" - value = aws_launch_template.my_launch_template.id -} - -output "launch_template_latest_version" { - description = "Launch Template Latest Version" - value = aws_launch_template.my_launch_template.latest_version -} - -# Autoscaling Outputs -output "autoscaling_group_id" { - description = "Autoscaling Group ID" - value = aws_autoscaling_group.my_asg.id -} - -output "autoscaling_group_name" { - description = "Autoscaling Group Name" - value = aws_autoscaling_group.my_asg.name -} - -output "autoscaling_group_arn" { - description = "Autoscaling Group ARN" - value = aws_autoscaling_group.my_asg.arn -} diff --git a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c13-05-autoscaling-notifications.tf b/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c13-05-autoscaling-notifications.tf deleted file mode 100644 index e2c85343..00000000 --- a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c13-05-autoscaling-notifications.tf +++ /dev/null @@ -1,27 +0,0 @@ -# Autoscaling Notifications -## AWS Bug for SNS Topic: https://stackoverflow.com/questions/62694223/cloudwatch-alarm-pending-confirmation -## Due to that create SNS Topic with unique name - -## SNS - Topic -resource "aws_sns_topic" "myasg_sns_topic" { - name = "myasg-sns-topic-${random_pet.this.id}" -} - -## SNS - Subscription -resource "aws_sns_topic_subscription" "myasg_sns_topic_subscription" { - topic_arn = aws_sns_topic.myasg_sns_topic.arn - protocol = "email" - endpoint = "stacksimplify@gmail.com" -} - -## Create Autoscaling Notification Resource -resource "aws_autoscaling_notification" "myasg_notifications" { - group_names = [aws_autoscaling_group.my_asg.id] - notifications = [ - "autoscaling:EC2_INSTANCE_LAUNCH", - "autoscaling:EC2_INSTANCE_TERMINATE", - "autoscaling:EC2_INSTANCE_LAUNCH_ERROR", - "autoscaling:EC2_INSTANCE_TERMINATE_ERROR", - ] - topic_arn = aws_sns_topic.myasg_sns_topic.arn -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c13-06-autoscaling-ttsp.tf b/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c13-06-autoscaling-ttsp.tf deleted file mode 100644 index d5ed577d..00000000 --- a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c13-06-autoscaling-ttsp.tf +++ /dev/null @@ -1,39 +0,0 @@ -###### Target Tracking Scaling Policies ###### -# TTS - Scaling Policy-1: Based on CPU Utilization -# Define Autoscaling Policies and Associate them to Autoscaling Group -resource "aws_autoscaling_policy" "avg_cpu_policy_greater_than_xx" { - name = "avg-cpu-policy-greater-than-xx" - policy_type = "TargetTrackingScaling" # Important Note: The policy type, either "SimpleScaling", "StepScaling" or "TargetTrackingScaling". If this value isn't provided, AWS will default to "SimpleScaling." - autoscaling_group_name = aws_autoscaling_group.my_asg.id - estimated_instance_warmup = 180 # defaults to ASG default cooldown 300 seconds if not set - # CPU Utilization is above 50 - target_tracking_configuration { - predefined_metric_specification { - predefined_metric_type = "ASGAverageCPUUtilization" - } - target_value = 50.0 - } - -} - -# TTS - Scaling Policy-2: Based on ALB Target Requests -resource "aws_autoscaling_policy" "alb_target_requests_greater_than_yy" { - name = "alb-target-requests-greater-than-yy" - policy_type = "TargetTrackingScaling" # Important Note: The policy type, either "SimpleScaling", "StepScaling" or "TargetTrackingScaling". If this value isn't provided, AWS will default to "SimpleScaling." - autoscaling_group_name = aws_autoscaling_group.my_asg.id - estimated_instance_warmup = 120 # defaults to ASG default cooldown 300 seconds if not set - # Number of requests > 10 completed per target in an Application Load Balancer target group. - target_tracking_configuration { - predefined_metric_specification { - predefined_metric_type = "ALBRequestCountPerTarget" - #resource_label = "${module.alb.lb_arn_suffix}/${module.alb.target_group_arn_suffixes[0]}" - resource_label = "${module.alb.arn_suffix}/${module.alb.target_groups["mytg1"].arn_suffix}" # UPDATED NOV2023 - } - target_value = 10.0 - } -} - -# Updated Nov2023 -output "asg_build_resource_label" { - value = "${module.alb.arn_suffix}/${module.alb.target_groups["mytg1"].arn_suffix}" -} diff --git a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c13-07-autoscaling-scheduled-actions.tf b/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c13-07-autoscaling-scheduled-actions.tf deleted file mode 100644 index f8d000b4..00000000 --- a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c13-07-autoscaling-scheduled-actions.tf +++ /dev/null @@ -1,23 +0,0 @@ -## Create Scheduled Actions -### Create Scheduled Action-1: Increase capacity during business hours -resource "aws_autoscaling_schedule" "increase_capacity_7am" { - scheduled_action_name = "increase-capacity-7am" - min_size = 2 - max_size = 10 - desired_capacity = 8 - start_time = "2030-03-30T11:00:00Z" # Time should be provided in UTC Timezone (11am UTC = 7AM EST) - recurrence = "00 09 * * *" - autoscaling_group_name = aws_autoscaling_group.my_asg.id -} -### Create Scheduled Action-2: Decrease capacity during business hours -resource "aws_autoscaling_schedule" "decrease_capacity_5pm" { - scheduled_action_name = "decrease-capacity-5pm" - min_size = 2 - max_size = 10 - desired_capacity = 2 - start_time = "2030-03-30T21:00:00Z" # Time should be provided in UTC Timezone (9PM UTC = 5PM EST) - recurrence = "00 21 * * *" - autoscaling_group_name = aws_autoscaling_group.my_asg.id -} - - diff --git a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c2-generic-variables.tf b/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c2-generic-variables.tf deleted file mode 100644 index c238ceaa..00000000 --- a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c2-generic-variables.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Input Variables -# AWS Region -variable "aws_region" { - description = "Region in which AWS Resources to be created" - type = string - default = "us-east-1" -} -# Environment Variable -variable "environment" { - description = "Environment Variable used as a prefix" - type = string - default = "dev" -} -# Business Division -variable "business_divsion" { - description = "Business Division in the large organization this Infrastructure belongs" - type = string - default = "sap" -} diff --git a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c3-local-values.tf b/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c3-local-values.tf deleted file mode 100644 index ba7f09c2..00000000 --- a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c3-local-values.tf +++ /dev/null @@ -1,25 +0,0 @@ -# Define Local Values in Terraform -locals { - owners = var.business_divsion - environment = var.environment - name = "${var.business_divsion}-${var.environment}" - #name = "${local.owners}-${local.environment}" - common_tags = { - owners = local.owners - environment = local.environment - } - - asg_tags = [ - { - key = "Project" - value = "megasecret" - propagate_at_launch = true - }, - { - key = "foo" - value = "" - propagate_at_launch = true - }, - ] - -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c5-01-securitygroup-variables.tf b/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c5-01-securitygroup-variables.tf deleted file mode 100644 index fecdef54..00000000 --- a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c5-01-securitygroup-variables.tf +++ /dev/null @@ -1,2 +0,0 @@ -# AWS EC2 Security Group Terraform Variables -## Placeholder file for Variables diff --git a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c5-02-securitygroup-outputs.tf b/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c5-02-securitygroup-outputs.tf deleted file mode 100644 index 2bd8f58c..00000000 --- a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c5-02-securitygroup-outputs.tf +++ /dev/null @@ -1,46 +0,0 @@ -# AWS EC2 Security Group Terraform Outputs - -# Public Bastion Host Security Group Outputs -## public_bastion_sg_group_id -output "public_bastion_sg_group_id" { - description = "The ID of the security group" - #value = module.public_bastion_sg.this_security_group_id - value = module.public_bastion_sg.security_group_id -} - -## public_bastion_sg_group_vpc_id -output "public_bastion_sg_group_vpc_id" { - description = "The VPC ID" - #value = module.public_bastion_sg.this_security_group_vpc_id - value = module.public_bastion_sg.security_group_vpc_id -} - -## public_bastion_sg_group_name -output "public_bastion_sg_group_name" { - description = "The name of the security group" - #value = module.public_bastion_sg.this_security_group_name - value = module.public_bastion_sg.security_group_name -} - -# Private EC2 Instances Security Group Outputs -## private_sg_group_id -output "private_sg_group_id" { - description = "The ID of the security group" - #value = module.private_sg.this_security_group_id - value = module.private_sg.security_group_id -} - -## private_sg_group_vpc_id -output "private_sg_group_vpc_id" { - description = "The VPC ID" - #value = module.private_sg.this_security_group_vpc_id - value = module.private_sg.security_group_vpc_id -} - -## private_sg_group_name -output "private_sg_group_name" { - description = "The name of the security group" - #value = module.private_sg.this_security_group_name - value = module.private_sg.security_group_name -} - diff --git a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c5-03-securitygroup-bastionsg.tf b/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c5-03-securitygroup-bastionsg.tf deleted file mode 100644 index 01c6aedf..00000000 --- a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c5-03-securitygroup-bastionsg.tf +++ /dev/null @@ -1,19 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Public Bastion Host -module "public_bastion_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - #version = "4.0.0" - version = "5.1.0" - - name = "public-bastion-sg" - description = "Security Group with SSH port open for everybody (IPv4 CIDR), egress ports are all world open" - #vpc_id = module.vpc.vpc_id - vpc_id = data.terraform_remote_state.vpc.outputs.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} diff --git a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c5-04-securitygroup-privatesg.tf b/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c5-04-securitygroup-privatesg.tf deleted file mode 100644 index 9779a7d1..00000000 --- a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c5-04-securitygroup-privatesg.tf +++ /dev/null @@ -1,20 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Private EC2 Instances -module "private_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - #version = "4.0.0" - version = "5.1.0" - - name = "private-sg" - description = "Security Group with HTTP & SSH port open for entire VPC Block (IPv4 CIDR), egress ports are all world open" - #vpc_id = module.vpc.vpc_id - vpc_id = data.terraform_remote_state.vpc.outputs.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp", "http-80-tcp", "http-8080-tcp"] - ingress_cidr_blocks = [data.terraform_remote_state.vpc.outputs.vpc_cidr_block] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} - diff --git a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c5-05-securitygroup-loadbalancersg.tf b/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c5-05-securitygroup-loadbalancersg.tf deleted file mode 100644 index 3c0dd4fd..00000000 --- a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c5-05-securitygroup-loadbalancersg.tf +++ /dev/null @@ -1,31 +0,0 @@ -# Security Group for Public Load Balancer -module "loadbalancer_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - #version = "4.0.0" - version = "5.1.0" - - name = "loadbalancer-sg" - description = "Security Group with HTTP open for entire Internet (IPv4 CIDR), egress ports are all world open" - #vpc_id = module.vpc.vpc_id - vpc_id = data.terraform_remote_state.vpc.outputs.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["http-80-tcp", "https-443-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags - - # Open to CIDRs blocks (rule or from_port+to_port+protocol+description) - ingress_with_cidr_blocks = [ - { - from_port = 81 - to_port = 81 - protocol = 6 - description = "Allow Port 81 from internet" - cidr_blocks = "0.0.0.0/0" - }, - ] -} - - diff --git a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c6-01-datasource-ami.tf b/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c6-01-datasource-ami.tf deleted file mode 100644 index c292b608..00000000 --- a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c6-01-datasource-ami.tf +++ /dev/null @@ -1,21 +0,0 @@ -# Get latest AMI ID for Amazon Linux2 OS -data "aws_ami" "amzlinux2" { - most_recent = true - owners = [ "amazon" ] - filter { - name = "name" - values = [ "amzn2-ami-hvm-*-gp2" ] - } - filter { - name = "root-device-type" - values = [ "ebs" ] - } - filter { - name = "virtualization-type" - values = [ "hvm" ] - } - filter { - name = "architecture" - values = [ "x86_64" ] - } -} diff --git a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c6-02-datasource-route53-zone.tf b/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c6-02-datasource-route53-zone.tf deleted file mode 100644 index a30979d5..00000000 --- a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c6-02-datasource-route53-zone.tf +++ /dev/null @@ -1,16 +0,0 @@ -# Get DNS information from AWS Route53 -data "aws_route53_zone" "mydomain" { - name = "devopsincloud.com" -} - -# Output MyDomain Zone ID -output "mydomain_zoneid" { - description = "The Hosted Zone id of the desired Hosted Zone" - value = data.aws_route53_zone.mydomain.zone_id -} - -# Output MyDomain name -output "mydomain_name" { - description = " The Hosted Zone name of the desired Hosted Zone." - value = data.aws_route53_zone.mydomain.name -} diff --git a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c7-01-ec2instance-variables.tf b/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c7-01-ec2instance-variables.tf deleted file mode 100644 index 5067bec2..00000000 --- a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c7-01-ec2instance-variables.tf +++ /dev/null @@ -1,23 +0,0 @@ -# AWS EC2 Instance Terraform Variables -# EC2 Instance Variables - -# AWS EC2 Instance Type -variable "instance_type" { - description = "EC2 Instance Type" - type = string - default = "t3.micro" -} - -# AWS EC2 Instance Key Pair -variable "instance_keypair" { - description = "AWS EC2 Key pair that need to be associated with EC2 Instance" - type = string - default = "terraform-key" -} - -# AWS EC2 Private Instance Count -variable "private_instance_count" { - description = "AWS EC2 Private Instances Count" - type = number - default = 1 -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c7-02-ec2instance-outputs.tf b/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c7-02-ec2instance-outputs.tf deleted file mode 100644 index 14415a3f..00000000 --- a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c7-02-ec2instance-outputs.tf +++ /dev/null @@ -1,15 +0,0 @@ -# AWS EC2 Instance Terraform Outputs -# Public EC2 Instances - Bastion Host - -## ec2_bastion_public_instance_ids -output "ec2_bastion_public_instance_ids" { - description = "List of IDs of instances" - value = module.ec2_public.id -} - -## ec2_bastion_public_ip -output "ec2_bastion_public_ip" { - description = "List of public IP addresses assigned to the instances" - value = module.ec2_public.public_ip -} - diff --git a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c7-03-ec2instance-bastion.tf b/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c7-03-ec2instance-bastion.tf deleted file mode 100644 index 81345be0..00000000 --- a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c7-03-ec2instance-bastion.tf +++ /dev/null @@ -1,20 +0,0 @@ -# AWS EC2 Instance Terraform Module -# Bastion Host - EC2 Instance that will be created in VPC Public Subnet -module "ec2_public" { - source = "terraform-aws-modules/ec2-instance/aws" - #version = "2.17.0" - version = "5.5.0" - # insert the 10 required variables here - name = "${var.environment}-BastionHost" - #instance_count = 5 - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - #subnet_id = module.vpc.public_subnets[0] - subnet_id = data.terraform_remote_state.vpc.outputs.public_subnets[0] - #vpc_security_group_ids = [module.public_bastion_sg.this_security_group_id] - vpc_security_group_ids = [module.public_bastion_sg.security_group_id] - tags = local.common_tags -} - diff --git a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c8-elasticip.tf b/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c8-elasticip.tf deleted file mode 100644 index d18a219e..00000000 --- a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c8-elasticip.tf +++ /dev/null @@ -1,24 +0,0 @@ -# Create Elastic IP for Bastion Host -# Resource - depends_on Meta-Argument -resource "aws_eip" "bastion_eip" { - #depends_on = [ module.ec2_public, module.vpc ] - depends_on = [ module.ec2_public, /*module.vpc*/ ] - tags = local.common_tags - - # COMMENTED - #instance = module.ec2_public.id[0] - #vpc = true - - # UPDATED - instance = module.ec2_public.id - domain = "vpc" - - -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) - provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } -} diff --git a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c9-nullresource-provisioners.tf b/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c9-nullresource-provisioners.tf deleted file mode 100644 index ce2506dc..00000000 --- a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/c9-nullresource-provisioners.tf +++ /dev/null @@ -1,42 +0,0 @@ -# Create a Null Resource and Provisioners -resource "null_resource" "name" { - depends_on = [module.ec2_public] - # Connection Block for Provisioners to connect to EC2 Instance - connection { - type = "ssh" - host = aws_eip.bastion_eip.public_ip - user = "ec2-user" - password = "" - private_key = file("private-key/terraform-key.pem") - } - -## File Provisioner: Copies the terraform-key.pem file to /tmp/terraform-key.pem - provisioner "file" { - source = "private-key/terraform-key.pem" - destination = "/tmp/terraform-key.pem" - } -## Remote Exec Provisioner: Using remote-exec provisioner fix the private key permissions on Bastion Host - provisioner "remote-exec" { - inline = [ - "sudo chmod 400 /tmp/terraform-key.pem" - ] - } -## Local Exec Provisioner: local-exec provisioner (Creation-Time Provisioner - Triggered during Create Resource) - provisioner "local-exec" { - command = "echo VPC created on `date` and VPC ID: ${data.terraform_remote_state.vpc.outputs.vpc_id} >> creation-time-vpc-id.txt" - working_dir = "local-exec-output-files/" - #on_failure = continue - } -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) -/* provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } - */ - -} - -# Creation Time Provisioners - By default they are created during resource creations (terraform apply) -# Destory Time Provisioners - Will be executed during "terraform destroy" command (when = destroy) \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/ec2instance.auto.tfvars b/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/ec2instance.auto.tfvars deleted file mode 100644 index 2d1c0446..00000000 --- a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/ec2instance.auto.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -# EC2 Instance Variables -instance_type = "t3.micro" -instance_keypair = "terraform-key" -private_instance_count = 2 diff --git a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/local-exec-output-files/creation-time-vpc-id.txt b/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/local-exec-output-files/creation-time-vpc-id.txt deleted file mode 100644 index aed32ac7..00000000 --- a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/local-exec-output-files/creation-time-vpc-id.txt +++ /dev/null @@ -1,14 +0,0 @@ -VPC created on Tue Apr 20 13:59:45 IST 2021 and VPC ID: vpc-0325dc1acd7eec103 -VPC created on Fri Apr 23 14:38:18 IST 2021 and VPC ID: vpc-0159283c216ac75de -VPC created on Tue Apr 27 10:44:49 IST 2021 and VPC ID: vpc-0f27dbec1d02214ac -VPC created on Tue Apr 27 11:43:16 IST 2021 and VPC ID: vpc-0919ae691ce17b447 -VPC created on Tue Apr 27 15:46:33 IST 2021 and VPC ID: vpc-0c049ce82c2fef9d3 -VPC created on Wed Apr 28 07:46:02 IST 2021 and VPC ID: vpc-0d39babb1eceb9575 -VPC created on Wed Apr 28 09:38:00 IST 2021 and VPC ID: vpc-09e48c566409ec82d -VPC created on Wed Apr 28 10:24:07 IST 2021 and VPC ID: vpc-09022e15de01c4a50 -VPC created on Wed Apr 28 10:50:57 IST 2021 and VPC ID: vpc-092812c768984d8be -VPC created on Wed Apr 28 11:34:10 IST 2021 and VPC ID: vpc-01adbaf8ac37d8544 -VPC created on Thu Apr 29 07:49:39 IST 2021 and VPC ID: vpc-076756b5a8528bb7c -VPC created on Thu Apr 29 14:42:12 IST 2021 and VPC ID: vpc-0c1dc4b0f2ac20dcb -VPC created on Mon May 10 17:50:17 IST 2021 and VPC ID: vpc-096d7d24188ba6aeb -VPC created on Thu Nov 30 13:56:13 IST 2023 and VPC ID: vpc-0a5a20e1ce0928a46 diff --git a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/local-exec-output-files/destroy-time-prov.txt b/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/local-exec-output-files/destroy-time-prov.txt deleted file mode 100644 index 34379747..00000000 --- a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/local-exec-output-files/destroy-time-prov.txt +++ /dev/null @@ -1,14 +0,0 @@ -Destroy time prov Tue Apr 20 14:11:11 IST 2021 -Destroy time prov Fri Apr 23 16:06:53 IST 2021 -Destroy time prov Tue Apr 27 11:10:39 IST 2021 -Destroy time prov Tue Apr 27 13:09:09 IST 2021 -Destroy time prov Tue Apr 27 16:20:51 IST 2021 -Destroy time prov Wed Apr 28 08:12:01 IST 2021 -Destroy time prov Wed Apr 28 10:12:10 IST 2021 -Destroy time prov Wed Apr 28 10:39:23 IST 2021 -Destroy time prov Wed Apr 28 11:24:38 IST 2021 -Destroy time prov Wed Apr 28 13:05:25 IST 2021 -Destroy time prov Thu Apr 29 11:15:01 IST 2021 -Destroy time prov Thu Apr 29 16:03:46 IST 2021 -Destroy time prov Mon May 10 17:56:23 IST 2021 -Destroy time prov Thu Nov 30 14:17:20 IST 2023 diff --git a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/private-key/terraform-key.pem b/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/private-key/terraform-key.pem deleted file mode 100644 index fab1eb2a..00000000 --- a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/private-key/terraform-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAnzQtbXStFNU4znotckbPpAbQvymSYBvIRhObDObmhZLzs/Qm -lm57HBU18NcdAeEmKjHyu/2CI4Wwor3TJ+LTKHIldHmCt+26dSN5889Km99Af674 -nuPg9fTt8IXhY83aO0AeEnFivC+lk9+6Xezv7J7Llsmyx3kvUGE4uUEPNPuNcjdU -OrSlQ/Th9FPWBsTL8wLQCfQaPIQhZT8fXnvNGViTpZ/YqcoKGmkXcMl/+Pi0Xccs -ID3Egl18sV5uWr6T1DSMqhhwWYbl+IagZYUeKQ6Lg5znAtnX2/OHhDep6pGcf+aE -jbRkhQWgfLIVYhNXkAGxdxBEA2fQO0wvnaKI6wIDAQABAoIBABmUZqApmQ253LDA -TMEJw58VQUEVyuEKVbl8uPLvvqZDoEiPuAt/oOQ4PDyAM7bzmBA7ikbOSrSubF0Z -pu3HsinTfVUjmO84kTb1Bkk4S0KUMmbRlDzjXGfofLqiqD5C+wd+G9bWxQh7l10V -G3qv8TTRpuCJc+I9BG8jz9tkKq9WYtnGKXktVIAmEXK+ein8A5yj+szV1CyP0y6Y -6D1KApk+o1hLEXCBxaK6JgD4elJWgU0jCIhRFZzae93yozNIfJc2WZfPc8Ro6GBa -8H57q3E241P7S65VewhZlln9AUcRFYc587ohcCIW8mOWQ8NA3IMP+oVxa2p334Ll -duhR2jECgYEAyf7a1/+/c82B+ENyo53Y5CK2UM28oOJjiyCaWG2Dxj6V2+ZSXPrS -YTo43L9XiqT0Ry2eHjb4pJDsEeW5FnaDFO6NVUP+vfzaqWtozQmVAl3GQybbSh6g -+KJoEQff2Obadp9ZVhLFTiBedvGqPD43hs7jtmk5RfMjpLOvidfe+/UCgYEAycSJ -etYYHMMQm2NgX1/4dcbgOiu33N+x1H7LaXuvJMaZw0wB7fUyu65CAexEanDtiKs3 -jVG4tAzdMmHg7VxKR7eiCvQaSlxdWdcWtL2eFVq2TaQeowbpJUtsR0h6W0vpaN9A -VYW/oAH4fzQskwmWSlBMxB/Ie14hBCBckTXSRV8CgYEAql6WXpCK/jVbZfYdfvrn -sKPGeijM7DWGGBaLmAHmnxKyeyKsXVgAkZj11NpeD8ZJcq97Kajb1pGVSxMjJVsX -/FOoST5sYfoew76gSi/GypQlYQYo9z8WLh9s/tBRcTRlFqAYTYzPdbG/ezshhmZD -lyRw0620bNdCPOyBJhY5MPECgYA/3tFOazuSz0UQi3LUfkLetagBghlf+AgJJmIp -8BdPYvcF1ae+tiHrO4x1o188+qaW3uxk9fusM25KJqXXPaHd9gl7wi4YYAjFCcuM -R4IlbGPNTCjOnr9rKOcL4aup/uvSYOmyqPYyJq2NRuzdVumWeLj0VMNYGkIFVmE3 -LnxzrQKBgG5loEjdSKt40YOMXtYvUYUKDGvWgoQEb0hj3OqiBXz+w4YD3/iX7dbQ -qra1gCxE42Z9beiBiti6zi6zGcoVj/pfNUoyxTLMSwaytbF+g1u6ksXcmC9PXcmk -kJDR0DJcm/rcL8tp3PKo22GDB7sobm9gk5je6y8z+dQs3SQbWzb0 ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/terraform.tfvars b/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/terraform.tfvars deleted file mode 100644 index 8b9f8d7c..00000000 --- a/V1-UPDATES-DEC2023/21-terraform-remote-state-datasource/project-2-app1-with-asg-and-alb/terraform.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# Generic Variables -aws_region = "us-east-1" -environment = "stag" -business_divsion = "hr" - - - - - - - diff --git a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/.gitignore b/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/.gitignore deleted file mode 100644 index 7a3e2fd0..00000000 --- a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/.gitignore +++ /dev/null @@ -1,29 +0,0 @@ -# Local .terraform directories -**/.terraform/* - -# .tfstate files -*.tfstate -*.tfstate.* - -# Crash log files -crash.log - -# Ignore any .tfvars files that are generated automatically for each Terraform run. Most -# .tfvars files are managed as part of configuration and so should be included in -# version control. -# -# example.tfvars - -# Ignore override files as they are usually used to override resources locally and so -# are not checked in -override.tf -override.tf.json -*_override.tf -*_override.tf.json - -# Include override files you do wish to add to version control using negated pattern -# -# !example_override.tf - -# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan -# example: *tfplan* diff --git a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/README.md b/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/README.md deleted file mode 100644 index d95b023b..00000000 --- a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/README.md +++ /dev/null @@ -1,2 +0,0 @@ -# terraform-iacdevops-with-aws-codepipeline -terraform-iacdevops-with-aws-codepipeline diff --git a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/buildspec-dev.yml b/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/buildspec-dev.yml deleted file mode 100644 index 94e84eeb..00000000 --- a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/buildspec-dev.yml +++ /dev/null @@ -1,43 +0,0 @@ -version: 0.2 - -env: - variables: - TERRAFORM_VERSION: "0.15.3" - TF_COMMAND: "apply" - #TF_COMMAND: "destroy" - parameter-store: - AWS_ACCESS_KEY_ID: "/CodeBuild/MY_AWS_ACCESS_KEY_ID" - AWS_SECRET_ACCESS_KEY: "/CodeBuild/MY_AWS_SECRET_ACCESS_KEY" - -phases: - install: - runtime-versions: - python: 3.7 - on-failure: ABORT - commands: - - tf_version=$TERRAFORM_VERSION - - wget https://releases.hashicorp.com/terraform/"$TERRAFORM_VERSION"/terraform_"$TERRAFORM_VERSION"_linux_amd64.zip - - unzip terraform_"$TERRAFORM_VERSION"_linux_amd64.zip - - mv terraform /usr/local/bin/ - pre_build: - on-failure: ABORT - commands: - - echo terraform execution started on `date` - build: - on-failure: ABORT - commands: - # Project-1: AWS VPC, ASG, ALB, Route53, ACM, Security Groups and SNS - - cd "$CODEBUILD_SRC_DIR/terraform-manifests" - - ls -lrt "$CODEBUILD_SRC_DIR/terraform-manifests" - - terraform --version - - terraform init -input=false --backend-config=dev.conf - - terraform validate - - terraform plan -lock=false -input=false -var-file=dev.tfvars - - terraform $TF_COMMAND -input=false -var-file=dev.tfvars -auto-approve - post_build: - on-failure: CONTINUE - commands: - - echo terraform execution completed on `date` - - - \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/buildspec-stag.yml b/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/buildspec-stag.yml deleted file mode 100644 index ebbe5a85..00000000 --- a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/buildspec-stag.yml +++ /dev/null @@ -1,43 +0,0 @@ -version: 0.2 - -env: - variables: - TERRAFORM_VERSION: "0.15.3" - TF_COMMAND: "apply" - #TF_COMMAND: "destroy" - parameter-store: - AWS_ACCESS_KEY_ID: "/CodeBuild/MY_AWS_ACCESS_KEY_ID" - AWS_SECRET_ACCESS_KEY: "/CodeBuild/MY_AWS_SECRET_ACCESS_KEY" - -phases: - install: - runtime-versions: - python: 3.7 - on-failure: ABORT - commands: - - tf_version=$TERRAFORM_VERSION - - wget https://releases.hashicorp.com/terraform/"$TERRAFORM_VERSION"/terraform_"$TERRAFORM_VERSION"_linux_amd64.zip - - unzip terraform_"$TERRAFORM_VERSION"_linux_amd64.zip - - mv terraform /usr/local/bin/ - pre_build: - on-failure: ABORT - commands: - - echo terraform execution started on `date` - build: - on-failure: ABORT - commands: - # Project-1: AWS VPC, ASG, ALB, Route53, ACM, Security Groups and SNS - - cd "$CODEBUILD_SRC_DIR/terraform-manifests" - - ls -lrt "$CODEBUILD_SRC_DIR/terraform-manifests" - - terraform --version - - terraform init -input=false --backend-config=stag.conf - - terraform validate - - terraform plan -lock=false -input=false -var-file=stag.tfvars - - terraform $TF_COMMAND -input=false -var-file=stag.tfvars -auto-approve - post_build: - on-failure: CONTINUE - commands: - - echo terraform execution completed on `date` - - - \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/app1-install.sh b/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/app1-install.sh deleted file mode 100644 index f697dd1d..00000000 --- a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/app1-install.sh +++ /dev/null @@ -1,12 +0,0 @@ -#! /bin/bash -# Instance Identity Metadata Reference - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html -sudo yum update -y -sudo yum install -y httpd -sudo systemctl enable httpd -sudo service httpd start -sudo echo 'Terraform Demo
Application Version: V1
' | sudo tee /var/www/html/app1/index.html -sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app1/metadata.html - - diff --git a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c1-versions.tf b/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c1-versions.tf deleted file mode 100644 index fc55f88c..00000000 --- a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c1-versions.tf +++ /dev/null @@ -1,35 +0,0 @@ -# Terraform Block -terraform { - required_version = ">= 1.6" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 5.0" - } - null = { - source = "hashicorp/null" - version = "~> 3.0" - } - random = { - source = "hashicorp/random" - version = "~> 3.0" - } - } - # Adding Backend as S3 for Remote State Storage - backend "s3" {} -} - -# Provider Block -provider "aws" { - region = var.aws_region - profile = "default" -} -/* -Note-1: AWS Credentials Profile (profile = "default") configured on your local desktop terminal -$HOME/.aws/credentials -*/ - -# Create Random Pet Resource -resource "random_pet" "this" { - length = 2 -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf b/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf deleted file mode 100644 index 0aeebd65..00000000 --- a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf +++ /dev/null @@ -1,3 +0,0 @@ -# Terraform AWS Application Load Balancer Variables -# Place holder file for AWS ALB Variables - diff --git a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c10-02-ALB-application-loadbalancer.tf b/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c10-02-ALB-application-loadbalancer.tf deleted file mode 100644 index d926286a..00000000 --- a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c10-02-ALB-application-loadbalancer.tf +++ /dev/null @@ -1,100 +0,0 @@ -# Terraform AWS Application Load Balancer (ALB) -module "alb" { - source = "terraform-aws-modules/alb/aws" - #version = "5.16.0" - version = "9.2.0" - - name = "${local.name}-alb" - load_balancer_type = "application" - vpc_id = module.vpc.vpc_id - subnets = module.vpc.public_subnets - security_groups = [module.loadbalancer_sg.security_group_id] - - # For example only - enable_deletion_protection = false - -# Listeners - listeners = { - # Listener-1: my-http-https-redirect - my-http-https-redirect = { - port = 80 - protocol = "HTTP" - redirect = { - port = "443" - protocol = "HTTPS" - status_code = "HTTP_301" - } - }# End my-http-https-redirect Listener - - # Listener-2: my-https-listener - my-https-listener = { - port = 443 - protocol = "HTTPS" - ssl_policy = "ELBSecurityPolicy-TLS13-1-2-Res-2021-06" - certificate_arn = module.acm.acm_certificate_arn - - # Fixed Response for Root Context - fixed_response = { - content_type = "text/plain" - message_body = "Fixed Static message - for Root Context" - status_code = "200" - }# End of Fixed Response - - # Load Balancer Rules - rules = { - # Rule-1: myapp1-rule - myapp1-rule = { - actions = [{ - type = "weighted-forward" - target_groups = [ - { - target_group_key = "mytg1" - weight = 1 - } - ] - stickiness = { - enabled = true - duration = 3600 - } - }] - conditions = [{ - path_pattern = { - values = ["/*"] - } - }] - }# End of myapp1-rule - }# End Rules Block - }# End my-https-listener Block - }# End Listeners Block - -# Target Groups - target_groups = { - # Target Group-1: mytg1 - mytg1 = { - # VERY IMPORTANT: We will create aws_lb_target_group_attachment resource separately when we use create_attachment = false, refer above GitHub issue URL. - ## Github ISSUE: https://github.com/terraform-aws-modules/terraform-aws-alb/issues/316 - ## Search for "create_attachment" to jump to that Github issue solution - create_attachment = false - name_prefix = "mytg1-" - protocol = "HTTP" - port = 80 - target_type = "instance" - deregistration_delay = 10 - load_balancing_cross_zone_enabled = false - protocol_version = "HTTP1" - health_check = { - enabled = true - interval = 30 - path = "/app1/index.html" - port = "traffic-port" - healthy_threshold = 3 - unhealthy_threshold = 3 - timeout = 6 - protocol = "HTTP" - matcher = "200-399" - }# End of Health Check Block - tags = local.common_tags # Target Group Tags - } # END of Target Group-1: mytg1 - } # END OF target_groups - tags = local.common_tags # ALB Tags -}# End of alb module \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf b/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf deleted file mode 100644 index 25387755..00000000 --- a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf +++ /dev/null @@ -1,41 +0,0 @@ -# Terraform AWS Application Load Balancer (ALB) Outputs - -output "lb_id" { - description = "The ID and ARN of the load balancer we created." - value = module.alb.id -} - -output "lb_arn" { - description = "The ID and ARN of the load balancer we created." - value = module.alb.arn -} - -output "lb_dns_name" { - description = "The DNS name of the load balancer." - value = module.alb.dns_name -} - -output "lb_arn_suffix" { - description = "ARN suffix of our load balancer - can be used with CloudWatch." - value = module.alb.arn_suffix -} - -output "lb_zone_id" { - description = "The zone_id of the load balancer to assist with creating DNS records." - value = module.alb.zone_id -} - -output "listener_rules" { - description = "Map of listeners rules created and their attributes" - value = module.alb.listener_rules -} - -output "listeners" { - description = "Map of listeners created and their attributes" - value = module.alb.listeners -} - -output "target_groups" { - description = "Map of target groups created and their attributes" - value = module.alb.target_groups -} diff --git a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c11-acm-certificatemanager.tf b/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c11-acm-certificatemanager.tf deleted file mode 100644 index 3c2d5e65..00000000 --- a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c11-acm-certificatemanager.tf +++ /dev/null @@ -1,27 +0,0 @@ -# ACM Module - To create and Verify SSL Certificates -module "acm" { - source = "terraform-aws-modules/acm/aws" - #version = "2.14.0" - #version = "3.0.0" - version = "5.0.0" - - domain_name = trimsuffix(data.aws_route53_zone.mydomain.name, ".") - zone_id = data.aws_route53_zone.mydomain.zone_id - - subject_alternative_names = [ - #"*.devopsincloud.com" - var.dns_name - ] - tags = local.common_tags - # Validation Method - validation_method = "DNS" - wait_for_validation = true -} - -# Output ACM Certificate ARN -output "this_acm_certificate_arn" { - description = "The ARN of the certificate" - #value = module.acm.this_acm_certificate_arn - value = module.acm.acm_certificate_arn -} - diff --git a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c12-route53-dnsregistration.tf b/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c12-route53-dnsregistration.tf deleted file mode 100644 index 149c1009..00000000 --- a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c12-route53-dnsregistration.tf +++ /dev/null @@ -1,18 +0,0 @@ -# DNS Name Input Variable -variable "dns_name" { - description = "DNS Name to support multiple environments" - type = string -} -# DNS Registration -resource "aws_route53_record" "apps_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = var.dns_name - type = "A" - alias { - #name = module.alb.lb_dns_name - #zone_id = module.alb.lb_zone_id - name = module.alb.dns_name - zone_id = module.alb.zone_id - evaluate_target_health = true - } -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c13-01-autoscaling-with-launchtemplate-variables.tf b/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c13-01-autoscaling-with-launchtemplate-variables.tf deleted file mode 100644 index 72ba1abd..00000000 --- a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c13-01-autoscaling-with-launchtemplate-variables.tf +++ /dev/null @@ -1,2 +0,0 @@ -# Autoscaling Input Variables -## Placeholder file \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c13-02-autoscaling-launchtemplate-resource.tf b/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c13-02-autoscaling-launchtemplate-resource.tf deleted file mode 100644 index 0b7249a7..00000000 --- a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c13-02-autoscaling-launchtemplate-resource.tf +++ /dev/null @@ -1,36 +0,0 @@ -# Launch Template Resource -resource "aws_launch_template" "my_launch_template" { - name_prefix = "${local.name}-" - #name = "my-launch-template" - description = "My Launch template" - image_id = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - - vpc_security_group_ids = [ module.private_sg.security_group_id ] - key_name = var.instance_keypair - user_data = filebase64("${path.module}/app1-install.sh") - ebs_optimized = true - #default_version = 1 - update_default_version = true - block_device_mappings { - device_name = "/dev/sda1" - ebs { - #volume_size = 10 - volume_size = 20 # LT Update Testing - Version 2 of LT - delete_on_termination = true - volume_type = "gp2" # default is gp2 - } - } - monitoring { - enabled = true - } - tag_specifications { - resource_type = "instance" - tags = { - #Name = "myasg" - Name = local.name - } - } - -} - diff --git a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c13-03-autoscaling-resource.tf b/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c13-03-autoscaling-resource.tf deleted file mode 100644 index 5af23313..00000000 --- a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c13-03-autoscaling-resource.tf +++ /dev/null @@ -1,33 +0,0 @@ -# Autoscaling Group Resource -resource "aws_autoscaling_group" "my_asg" { - #name_prefix = "myasg-" - name_prefix = "${local.name}-" - max_size = 10 - min_size = 2 - #min_size = 4 - desired_capacity = 2 - #desired_capacity = 4 - vpc_zone_identifier = module.vpc.private_subnets - #target_group_arns = module.alb.target_group_arns - target_group_arns = [module.alb.target_groups["mytg1"].arn] # UPDATED NOV2023 - health_check_type = "EC2" - #health_check_grace_period = 300 # default is 300 seconds - launch_template { - id = aws_launch_template.my_launch_template.id - version = aws_launch_template.my_launch_template.latest_version - } - # Instance Refresh - instance_refresh { - strategy = "Rolling" - preferences { - # instance_warmup = 300 # Default behavior is to use the Auto Scaling Groups health check grace period value - min_healthy_percentage = 50 - } - triggers = [ "desired_capacity" ] # You can add any argument from ASG here, if those has changes, ASG Instance Refresh will trigger - } - tag { - key = "Owners" - value = "Web-Team" - propagate_at_launch = true - } -} diff --git a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c13-04-autoscaling-with-launchtemplate-outputs.tf b/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c13-04-autoscaling-with-launchtemplate-outputs.tf deleted file mode 100644 index 4a67007c..00000000 --- a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c13-04-autoscaling-with-launchtemplate-outputs.tf +++ /dev/null @@ -1,29 +0,0 @@ -# Launch Template Outputs -## launch_template_id -output "launch_template_id" { - description = "Launch Template ID" - value = aws_launch_template.my_launch_template.id -} -## launch_template_latest_version -output "launch_template_latest_version" { - description = "Launch Template Latest Version" - value = aws_launch_template.my_launch_template.latest_version -} - -# Autoscaling Outputs -## autoscaling_group_id -output "autoscaling_group_id" { - description = "Autoscaling Group ID" - value = aws_autoscaling_group.my_asg.id -} - -## autoscaling_group_name -output "autoscaling_group_name" { - description = "Autoscaling Group Name" - value = aws_autoscaling_group.my_asg.name -} -## autoscaling_group_arn -output "autoscaling_group_arn" { - description = "Autoscaling Group ARN" - value = aws_autoscaling_group.my_asg.arn -} diff --git a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c13-05-autoscaling-notifications.tf b/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c13-05-autoscaling-notifications.tf deleted file mode 100644 index 224468f3..00000000 --- a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c13-05-autoscaling-notifications.tf +++ /dev/null @@ -1,28 +0,0 @@ -# Autoscaling Notifications -## AWS Bug for SNS Topic: https://stackoverflow.com/questions/62694223/cloudwatch-alarm-pending-confirmation -## Due to that create SNS Topic with unique name - -## SNS - Topic -resource "aws_sns_topic" "myasg_sns_topic" { - #name = "myasg-sns-topic-${random_pet.this.id}" - name = "${local.name}-${random_pet.this.id}" -} - -## SNS - Subscription -resource "aws_sns_topic_subscription" "myasg_sns_topic_subscription" { - topic_arn = aws_sns_topic.myasg_sns_topic.arn - protocol = "email" - endpoint = "stacksimplify@gmail.com" -} - -## Create Autoscaling Notification Resource -resource "aws_autoscaling_notification" "myasg_notifications" { - group_names = [aws_autoscaling_group.my_asg.id] - notifications = [ - "autoscaling:EC2_INSTANCE_LAUNCH", - "autoscaling:EC2_INSTANCE_TERMINATE", - "autoscaling:EC2_INSTANCE_LAUNCH_ERROR", - "autoscaling:EC2_INSTANCE_TERMINATE_ERROR", - ] - topic_arn = aws_sns_topic.myasg_sns_topic.arn -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c13-06-autoscaling-ttsp.tf b/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c13-06-autoscaling-ttsp.tf deleted file mode 100644 index 284ba9a7..00000000 --- a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c13-06-autoscaling-ttsp.tf +++ /dev/null @@ -1,39 +0,0 @@ -###### Target Tracking Scaling Policies ###### -# TTS - Scaling Policy-1: Based on CPU Utilization -# Define Autoscaling Policies and Associate them to Autoscaling Group -resource "aws_autoscaling_policy" "avg_cpu_policy_greater_than_xx" { - name = "${local.name}-avg-cpu-policy-greater-than-xx" - policy_type = "TargetTrackingScaling" # Important Note: The policy type, either "SimpleScaling", "StepScaling" or "TargetTrackingScaling". If this value isn't provided, AWS will default to "SimpleScaling." - autoscaling_group_name = aws_autoscaling_group.my_asg.id - estimated_instance_warmup = 180 # defaults to ASG default cooldown 300 seconds if not set - # CPU Utilization is above 50 - target_tracking_configuration { - predefined_metric_specification { - predefined_metric_type = "ASGAverageCPUUtilization" - } - target_value = 50.0 - } - -} - -# TTS - Scaling Policy-2: Based on ALB Target Requests -resource "aws_autoscaling_policy" "alb_target_requests_greater_than_yy" { - name = "${local.name}-alb-target-requests-greater-than-yy" - policy_type = "TargetTrackingScaling" # Important Note: The policy type, either "SimpleScaling", "StepScaling" or "TargetTrackingScaling". If this value isn't provided, AWS will default to "SimpleScaling." - autoscaling_group_name = aws_autoscaling_group.my_asg.id - estimated_instance_warmup = 120 # defaults to ASG default cooldown 300 seconds if not set - # Number of requests > 10 completed per target in an Application Load Balancer target group. - target_tracking_configuration { - predefined_metric_specification { - predefined_metric_type = "ALBRequestCountPerTarget" - #resource_label = "${module.alb.lb_arn_suffix}/${module.alb.target_group_arn_suffixes[0]}" - resource_label = "${module.alb.arn_suffix}/${module.alb.target_groups["mytg1"].arn_suffix}" # UPDATED NOV2023 - } - target_value = 10.0 - } -} - -# Updated Nov2023 -output "asg_build_resource_label" { - value = "${module.alb.arn_suffix}/${module.alb.target_groups["mytg1"].arn_suffix}" -} diff --git a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c13-07-autoscaling-scheduled-actions.tf b/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c13-07-autoscaling-scheduled-actions.tf deleted file mode 100644 index f8d000b4..00000000 --- a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c13-07-autoscaling-scheduled-actions.tf +++ /dev/null @@ -1,23 +0,0 @@ -## Create Scheduled Actions -### Create Scheduled Action-1: Increase capacity during business hours -resource "aws_autoscaling_schedule" "increase_capacity_7am" { - scheduled_action_name = "increase-capacity-7am" - min_size = 2 - max_size = 10 - desired_capacity = 8 - start_time = "2030-03-30T11:00:00Z" # Time should be provided in UTC Timezone (11am UTC = 7AM EST) - recurrence = "00 09 * * *" - autoscaling_group_name = aws_autoscaling_group.my_asg.id -} -### Create Scheduled Action-2: Decrease capacity during business hours -resource "aws_autoscaling_schedule" "decrease_capacity_5pm" { - scheduled_action_name = "decrease-capacity-5pm" - min_size = 2 - max_size = 10 - desired_capacity = 2 - start_time = "2030-03-30T21:00:00Z" # Time should be provided in UTC Timezone (9PM UTC = 5PM EST) - recurrence = "00 21 * * *" - autoscaling_group_name = aws_autoscaling_group.my_asg.id -} - - diff --git a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c2-generic-variables.tf b/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c2-generic-variables.tf deleted file mode 100644 index c238ceaa..00000000 --- a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c2-generic-variables.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Input Variables -# AWS Region -variable "aws_region" { - description = "Region in which AWS Resources to be created" - type = string - default = "us-east-1" -} -# Environment Variable -variable "environment" { - description = "Environment Variable used as a prefix" - type = string - default = "dev" -} -# Business Division -variable "business_divsion" { - description = "Business Division in the large organization this Infrastructure belongs" - type = string - default = "sap" -} diff --git a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c3-local-values.tf b/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c3-local-values.tf deleted file mode 100644 index ba7f09c2..00000000 --- a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c3-local-values.tf +++ /dev/null @@ -1,25 +0,0 @@ -# Define Local Values in Terraform -locals { - owners = var.business_divsion - environment = var.environment - name = "${var.business_divsion}-${var.environment}" - #name = "${local.owners}-${local.environment}" - common_tags = { - owners = local.owners - environment = local.environment - } - - asg_tags = [ - { - key = "Project" - value = "megasecret" - propagate_at_launch = true - }, - { - key = "foo" - value = "" - propagate_at_launch = true - }, - ] - -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c4-01-vpc-variables.tf b/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c4-01-vpc-variables.tf deleted file mode 100644 index b68d0a48..00000000 --- a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c4-01-vpc-variables.tf +++ /dev/null @@ -1,77 +0,0 @@ -# VPC Input Variables - -# VPC Name -variable "vpc_name" { - description = "VPC Name" - type = string - default = "myvpc" -} - -# VPC CIDR Block -variable "vpc_cidr_block" { - description = "VPC CIDR Block" - type = string - default = "10.0.0.0/16" -} - -# VPC Availability Zones -variable "vpc_availability_zones" { - description = "VPC Availability Zones" - type = list(string) - default = ["us-east-1a", "us-east-1b"] -} - -# VPC Public Subnets -variable "vpc_public_subnets" { - description = "VPC Public Subnets" - type = list(string) - default = ["10.0.101.0/24", "10.0.102.0/24"] -} - -# VPC Private Subnets -variable "vpc_private_subnets" { - description = "VPC Private Subnets" - type = list(string) - default = ["10.0.1.0/24", "10.0.2.0/24"] -} - -# VPC Database Subnets -variable "vpc_database_subnets" { - description = "VPC Database Subnets" - type = list(string) - default = ["10.0.151.0/24", "10.0.152.0/24"] -} - -# VPC Create Database Subnet Group (True / False) -variable "vpc_create_database_subnet_group" { - description = "VPC Create Database Subnet Group" - type = bool - default = true -} - -# VPC Create Database Subnet Route Table (True or False) -variable "vpc_create_database_subnet_route_table" { - description = "VPC Create Database Subnet Route Table" - type = bool - default = true -} - - -# VPC Enable NAT Gateway (True or False) -variable "vpc_enable_nat_gateway" { - description = "Enable NAT Gateways for Private Subnets Outbound Communication" - type = bool - default = true -} - -# VPC Single NAT Gateway (True or False) -variable "vpc_single_nat_gateway" { - description = "Enable only single NAT Gateway in one Availability Zone to save costs during our demos" - type = bool - default = true -} - - - - - diff --git a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c4-02-vpc-module.tf b/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c4-02-vpc-module.tf deleted file mode 100644 index b23f27ac..00000000 --- a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c4-02-vpc-module.tf +++ /dev/null @@ -1,44 +0,0 @@ -# Create VPC Terraform Module -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - #version = "2.78.0" - #version = "3.0.0" - version = "5.2.0" - - # VPC Basic Details - name = "${local.name}-${var.vpc_name}" - cidr = var.vpc_cidr_block - azs = var.vpc_availability_zones - public_subnets = var.vpc_public_subnets - private_subnets = var.vpc_private_subnets - - # Database Subnets - database_subnets = var.vpc_database_subnets - create_database_subnet_group = var.vpc_create_database_subnet_group - create_database_subnet_route_table = var.vpc_create_database_subnet_route_table - # create_database_internet_gateway_route = true - # create_database_nat_gateway_route = true - - # NAT Gateways - Outbound Communication - enable_nat_gateway = var.vpc_enable_nat_gateway - single_nat_gateway = var.vpc_single_nat_gateway - - # VPC DNS Parameters - enable_dns_hostnames = true - enable_dns_support = true - - - tags = local.common_tags - vpc_tags = local.common_tags - - # Additional Tags to Subnets - public_subnet_tags = { - Type = "Public Subnets" - } - private_subnet_tags = { - Type = "Private Subnets" - } - database_subnet_tags = { - Type = "Private Database Subnets" - } -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c4-03-vpc-outputs.tf b/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c4-03-vpc-outputs.tf deleted file mode 100644 index c144e991..00000000 --- a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c4-03-vpc-outputs.tf +++ /dev/null @@ -1,37 +0,0 @@ -# VPC Output Values - -# VPC ID -output "vpc_id" { - description = "The ID of the VPC" - value = module.vpc.vpc_id -} - -# VPC CIDR blocks -output "vpc_cidr_block" { - description = "The CIDR block of the VPC" - value = module.vpc.vpc_cidr_block -} - -# VPC Private Subnets -output "private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc.private_subnets -} - -# VPC Public Subnets -output "public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc.public_subnets -} - -# VPC NAT gateway Public IP -output "nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_public_ips -} - -# VPC AZs -output "azs" { - description = "A list of availability zones spefified as argument to this module" - value = module.vpc.azs -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c5-01-securitygroup-variables.tf b/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c5-01-securitygroup-variables.tf deleted file mode 100644 index fecdef54..00000000 --- a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c5-01-securitygroup-variables.tf +++ /dev/null @@ -1,2 +0,0 @@ -# AWS EC2 Security Group Terraform Variables -## Placeholder file for Variables diff --git a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c5-02-securitygroup-outputs.tf b/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c5-02-securitygroup-outputs.tf deleted file mode 100644 index 2bd8f58c..00000000 --- a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c5-02-securitygroup-outputs.tf +++ /dev/null @@ -1,46 +0,0 @@ -# AWS EC2 Security Group Terraform Outputs - -# Public Bastion Host Security Group Outputs -## public_bastion_sg_group_id -output "public_bastion_sg_group_id" { - description = "The ID of the security group" - #value = module.public_bastion_sg.this_security_group_id - value = module.public_bastion_sg.security_group_id -} - -## public_bastion_sg_group_vpc_id -output "public_bastion_sg_group_vpc_id" { - description = "The VPC ID" - #value = module.public_bastion_sg.this_security_group_vpc_id - value = module.public_bastion_sg.security_group_vpc_id -} - -## public_bastion_sg_group_name -output "public_bastion_sg_group_name" { - description = "The name of the security group" - #value = module.public_bastion_sg.this_security_group_name - value = module.public_bastion_sg.security_group_name -} - -# Private EC2 Instances Security Group Outputs -## private_sg_group_id -output "private_sg_group_id" { - description = "The ID of the security group" - #value = module.private_sg.this_security_group_id - value = module.private_sg.security_group_id -} - -## private_sg_group_vpc_id -output "private_sg_group_vpc_id" { - description = "The VPC ID" - #value = module.private_sg.this_security_group_vpc_id - value = module.private_sg.security_group_vpc_id -} - -## private_sg_group_name -output "private_sg_group_name" { - description = "The name of the security group" - #value = module.private_sg.this_security_group_name - value = module.private_sg.security_group_name -} - diff --git a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c5-03-securitygroup-bastionsg.tf b/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c5-03-securitygroup-bastionsg.tf deleted file mode 100644 index bd9f6f73..00000000 --- a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c5-03-securitygroup-bastionsg.tf +++ /dev/null @@ -1,18 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Public Bastion Host -module "public_bastion_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - #version = "4.0.0" - version = "5.1.0" - #name = "public-bastion-sg" - name = "${local.name}-public-bastion-sg" - description = "Security Group with SSH port open for everybody (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} diff --git a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c5-04-securitygroup-privatesg.tf b/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c5-04-securitygroup-privatesg.tf deleted file mode 100644 index a3781072..00000000 --- a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c5-04-securitygroup-privatesg.tf +++ /dev/null @@ -1,20 +0,0 @@ -# AWS EC2 Security Group Terraform Module -# Security Group for Private EC2 Instances -module "private_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - #version = "4.0.0" - version = "5.1.0" - - #name = "private-sg" - name = "${local.name}-private-sg" - description = "Security Group with HTTP & SSH port open for entire VPC Block (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["ssh-tcp", "http-80-tcp", "http-8080-tcp"] - ingress_cidr_blocks = [module.vpc.vpc_cidr_block] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags -} - diff --git a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf b/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf deleted file mode 100644 index 574731ae..00000000 --- a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c5-05-securitygroup-loadbalancersg.tf +++ /dev/null @@ -1,31 +0,0 @@ -# Security Group for Public Load Balancer -module "loadbalancer_sg" { - source = "terraform-aws-modules/security-group/aws" - #version = "3.18.0" - #version = "4.0.0" - version = "5.1.0" - - #name = "loadbalancer-sg" - name = "${local.name}-loadbalancer-sg" - description = "Security Group with HTTP open for entire Internet (IPv4 CIDR), egress ports are all world open" - vpc_id = module.vpc.vpc_id - # Ingress Rules & CIDR Blocks - ingress_rules = ["http-80-tcp", "https-443-tcp"] - ingress_cidr_blocks = ["0.0.0.0/0"] - # Egress Rule - all-all open - egress_rules = ["all-all"] - tags = local.common_tags - - # Open to CIDRs blocks (rule or from_port+to_port+protocol+description) - ingress_with_cidr_blocks = [ - { - from_port = 81 - to_port = 81 - protocol = 6 - description = "Allow Port 81 from internet" - cidr_blocks = "0.0.0.0/0" - }, - ] -} - - diff --git a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c6-01-datasource-ami.tf b/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c6-01-datasource-ami.tf deleted file mode 100644 index c292b608..00000000 --- a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c6-01-datasource-ami.tf +++ /dev/null @@ -1,21 +0,0 @@ -# Get latest AMI ID for Amazon Linux2 OS -data "aws_ami" "amzlinux2" { - most_recent = true - owners = [ "amazon" ] - filter { - name = "name" - values = [ "amzn2-ami-hvm-*-gp2" ] - } - filter { - name = "root-device-type" - values = [ "ebs" ] - } - filter { - name = "virtualization-type" - values = [ "hvm" ] - } - filter { - name = "architecture" - values = [ "x86_64" ] - } -} diff --git a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c6-02-datasource-route53-zone.tf b/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c6-02-datasource-route53-zone.tf deleted file mode 100644 index a30979d5..00000000 --- a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c6-02-datasource-route53-zone.tf +++ /dev/null @@ -1,16 +0,0 @@ -# Get DNS information from AWS Route53 -data "aws_route53_zone" "mydomain" { - name = "devopsincloud.com" -} - -# Output MyDomain Zone ID -output "mydomain_zoneid" { - description = "The Hosted Zone id of the desired Hosted Zone" - value = data.aws_route53_zone.mydomain.zone_id -} - -# Output MyDomain name -output "mydomain_name" { - description = " The Hosted Zone name of the desired Hosted Zone." - value = data.aws_route53_zone.mydomain.name -} diff --git a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c7-01-ec2instance-variables.tf b/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c7-01-ec2instance-variables.tf deleted file mode 100644 index 5067bec2..00000000 --- a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c7-01-ec2instance-variables.tf +++ /dev/null @@ -1,23 +0,0 @@ -# AWS EC2 Instance Terraform Variables -# EC2 Instance Variables - -# AWS EC2 Instance Type -variable "instance_type" { - description = "EC2 Instance Type" - type = string - default = "t3.micro" -} - -# AWS EC2 Instance Key Pair -variable "instance_keypair" { - description = "AWS EC2 Key pair that need to be associated with EC2 Instance" - type = string - default = "terraform-key" -} - -# AWS EC2 Private Instance Count -variable "private_instance_count" { - description = "AWS EC2 Private Instances Count" - type = number - default = 1 -} \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c7-02-ec2instance-outputs.tf b/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c7-02-ec2instance-outputs.tf deleted file mode 100644 index 14415a3f..00000000 --- a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c7-02-ec2instance-outputs.tf +++ /dev/null @@ -1,15 +0,0 @@ -# AWS EC2 Instance Terraform Outputs -# Public EC2 Instances - Bastion Host - -## ec2_bastion_public_instance_ids -output "ec2_bastion_public_instance_ids" { - description = "List of IDs of instances" - value = module.ec2_public.id -} - -## ec2_bastion_public_ip -output "ec2_bastion_public_ip" { - description = "List of public IP addresses assigned to the instances" - value = module.ec2_public.public_ip -} - diff --git a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c7-03-ec2instance-bastion.tf b/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c7-03-ec2instance-bastion.tf deleted file mode 100644 index b818ad8b..00000000 --- a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c7-03-ec2instance-bastion.tf +++ /dev/null @@ -1,19 +0,0 @@ -# AWS EC2 Instance Terraform Module -# Bastion Host - EC2 Instance that will be created in VPC Public Subnet -module "ec2_public" { - source = "terraform-aws-modules/ec2-instance/aws" - #version = "2.17.0" - version = "5.5.0" - # insert the 10 required variables here - name = "${var.environment}-BastionHost" - #instance_count = 5 - ami = data.aws_ami.amzlinux2.id - instance_type = var.instance_type - key_name = var.instance_keypair - #monitoring = true - subnet_id = module.vpc.public_subnets[0] - #vpc_security_group_ids = [module.public_bastion_sg.this_security_group_id] - vpc_security_group_ids = [module.public_bastion_sg.security_group_id] - tags = local.common_tags -} - diff --git a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c8-elasticip.tf b/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c8-elasticip.tf deleted file mode 100644 index 4af91860..00000000 --- a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c8-elasticip.tf +++ /dev/null @@ -1,13 +0,0 @@ -# Create Elastic IP for Bastion Host -# Resource - depends_on Meta-Argument -resource "aws_eip" "bastion_eip" { - depends_on = [ module.ec2_public, module.vpc ] - tags = local.common_tags - # COMMENTED - #instance = module.ec2_public.id[0] - #vpc = true - - # UPDATED - instance = module.ec2_public.id - domain = "vpc" -} diff --git a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c9-nullresource-provisioners.tf b/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c9-nullresource-provisioners.tf deleted file mode 100644 index 78243332..00000000 --- a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/c9-nullresource-provisioners.tf +++ /dev/null @@ -1,28 +0,0 @@ -# Create a Null Resource and Provisioners -resource "null_resource" "name" { - depends_on = [module.ec2_public] - # Connection Block for Provisioners to connect to EC2 Instance - connection { - type = "ssh" - host = aws_eip.bastion_eip.public_ip - user = "ec2-user" - password = "" - private_key = file("private-key/terraform-key.pem") - } - -## File Provisioner: Copies the terraform-key.pem file to /tmp/terraform-key.pem - provisioner "file" { - source = "private-key/terraform-key.pem" - destination = "/tmp/terraform-key.pem" - } -## Remote Exec Provisioner: Using remote-exec provisioner fix the private key permissions on Bastion Host - provisioner "remote-exec" { - inline = [ - "sudo chmod 400 /tmp/terraform-key.pem" - ] - } -} - - -# Creation Time Provisioners - By default they are created during resource creations (terraform apply) -# Destory Time Provisioners - Will be executed during "terraform destroy" command (when = destroy) \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/dev.conf b/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/dev.conf deleted file mode 100644 index bd8e4872..00000000 --- a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/dev.conf +++ /dev/null @@ -1,6 +0,0 @@ -bucket = "terraform-on-aws-for-ec2" -key = "iacdevops/dev/terraform.tfstate" -region = "us-east-1" -dynamodb_table = "iacdevops-dev-tfstate" - - diff --git a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/dev.tfvars b/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/dev.tfvars deleted file mode 100644 index 7a1789f5..00000000 --- a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/dev.tfvars +++ /dev/null @@ -1,22 +0,0 @@ -# Environment -environment = "dev" -# VPC Variables -vpc_name = "myvpc" -vpc_cidr_block = "10.0.0.0/16" -vpc_availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"] -vpc_public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"] -vpc_private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] -vpc_database_subnets= ["10.0.151.0/24", "10.0.152.0/24", "10.0.153.0/24"] -vpc_create_database_subnet_group = true -vpc_create_database_subnet_route_table = true -vpc_enable_nat_gateway = true -vpc_single_nat_gateway = true - -# EC2 Instance Variables -instance_type = "t3.micro" -instance_keypair = "terraform-key" -private_instance_count = 2 - -# DNS Name -dns_name = "devdemo5.devopsincloud.com" - diff --git a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/private-key/terraform-key.pem b/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/private-key/terraform-key.pem deleted file mode 100644 index fab1eb2a..00000000 --- a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/private-key/terraform-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAnzQtbXStFNU4znotckbPpAbQvymSYBvIRhObDObmhZLzs/Qm -lm57HBU18NcdAeEmKjHyu/2CI4Wwor3TJ+LTKHIldHmCt+26dSN5889Km99Af674 -nuPg9fTt8IXhY83aO0AeEnFivC+lk9+6Xezv7J7Llsmyx3kvUGE4uUEPNPuNcjdU -OrSlQ/Th9FPWBsTL8wLQCfQaPIQhZT8fXnvNGViTpZ/YqcoKGmkXcMl/+Pi0Xccs -ID3Egl18sV5uWr6T1DSMqhhwWYbl+IagZYUeKQ6Lg5znAtnX2/OHhDep6pGcf+aE -jbRkhQWgfLIVYhNXkAGxdxBEA2fQO0wvnaKI6wIDAQABAoIBABmUZqApmQ253LDA -TMEJw58VQUEVyuEKVbl8uPLvvqZDoEiPuAt/oOQ4PDyAM7bzmBA7ikbOSrSubF0Z -pu3HsinTfVUjmO84kTb1Bkk4S0KUMmbRlDzjXGfofLqiqD5C+wd+G9bWxQh7l10V -G3qv8TTRpuCJc+I9BG8jz9tkKq9WYtnGKXktVIAmEXK+ein8A5yj+szV1CyP0y6Y -6D1KApk+o1hLEXCBxaK6JgD4elJWgU0jCIhRFZzae93yozNIfJc2WZfPc8Ro6GBa -8H57q3E241P7S65VewhZlln9AUcRFYc587ohcCIW8mOWQ8NA3IMP+oVxa2p334Ll -duhR2jECgYEAyf7a1/+/c82B+ENyo53Y5CK2UM28oOJjiyCaWG2Dxj6V2+ZSXPrS -YTo43L9XiqT0Ry2eHjb4pJDsEeW5FnaDFO6NVUP+vfzaqWtozQmVAl3GQybbSh6g -+KJoEQff2Obadp9ZVhLFTiBedvGqPD43hs7jtmk5RfMjpLOvidfe+/UCgYEAycSJ -etYYHMMQm2NgX1/4dcbgOiu33N+x1H7LaXuvJMaZw0wB7fUyu65CAexEanDtiKs3 -jVG4tAzdMmHg7VxKR7eiCvQaSlxdWdcWtL2eFVq2TaQeowbpJUtsR0h6W0vpaN9A -VYW/oAH4fzQskwmWSlBMxB/Ie14hBCBckTXSRV8CgYEAql6WXpCK/jVbZfYdfvrn -sKPGeijM7DWGGBaLmAHmnxKyeyKsXVgAkZj11NpeD8ZJcq97Kajb1pGVSxMjJVsX -/FOoST5sYfoew76gSi/GypQlYQYo9z8WLh9s/tBRcTRlFqAYTYzPdbG/ezshhmZD -lyRw0620bNdCPOyBJhY5MPECgYA/3tFOazuSz0UQi3LUfkLetagBghlf+AgJJmIp -8BdPYvcF1ae+tiHrO4x1o188+qaW3uxk9fusM25KJqXXPaHd9gl7wi4YYAjFCcuM -R4IlbGPNTCjOnr9rKOcL4aup/uvSYOmyqPYyJq2NRuzdVumWeLj0VMNYGkIFVmE3 -LnxzrQKBgG5loEjdSKt40YOMXtYvUYUKDGvWgoQEb0hj3OqiBXz+w4YD3/iX7dbQ -qra1gCxE42Z9beiBiti6zi6zGcoVj/pfNUoyxTLMSwaytbF+g1u6ksXcmC9PXcmk -kJDR0DJcm/rcL8tp3PKo22GDB7sobm9gk5je6y8z+dQs3SQbWzb0 ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/stag.conf b/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/stag.conf deleted file mode 100644 index e924a17c..00000000 --- a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/stag.conf +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "terraform-on-aws-for-ec2" -key = "iacdevops/stag/terraform.tfstate" -region = "us-east-1" -dynamodb_table = "iacdevops-stag-tfstate" \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/stag.tfvars b/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/stag.tfvars deleted file mode 100644 index 653323b3..00000000 --- a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/stag.tfvars +++ /dev/null @@ -1,22 +0,0 @@ -# Environment -environment = "stag" -# VPC Variables -vpc_name = "myvpc" -vpc_cidr_block = "10.0.0.0/16" -vpc_availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"] -vpc_public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"] -vpc_private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] -vpc_database_subnets= ["10.0.151.0/24", "10.0.152.0/24", "10.0.153.0/24"] -vpc_create_database_subnet_group = true -vpc_create_database_subnet_route_table = true -vpc_enable_nat_gateway = true -vpc_single_nat_gateway = true - -# EC2 Instance Variables -instance_type = "t3.micro" -instance_keypair = "terraform-key" -private_instance_count = 2 - -# DNS Name -dns_name = "stagedemo5.devopsincloud.com" - diff --git a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/terraform.tfvars b/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/terraform.tfvars deleted file mode 100644 index 4c74aefc..00000000 --- a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files/terraform-manifests/terraform.tfvars +++ /dev/null @@ -1,10 +0,0 @@ -# Generic Variables -aws_region = "us-east-1" -business_divsion = "hr" - - - - - - - diff --git a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/README.md b/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/README.md deleted file mode 100644 index 0ad18154..00000000 --- a/V1-UPDATES-DEC2023/22-IaC-DevOps-using-AWS-CodePipeline/README.md +++ /dev/null @@ -1,749 +0,0 @@ ---- -title: Terraform IaC DevOps using AWS CodePipeline -description: Create AWS CodePipeline with Multiple Environments Dev and Staging ---- -# IaC DevOps using AWS CodePipeline - -## Step-00: Introduction -1. Terraform Backend with backend-config -2. How to create multiple environments related Pipeline with single TF Config files in Terraform ? -3. As part of Multiple environments we are going to create `dev` and `stag` environments -4. We are going build IaC DevOps Pipelines using -- AWS CodeBuild -- AWS CodePipeline -- Github -5. We are going to streamline the `terraform-manifests` taken from `section-15` and streamline that to support Multiple environments. - -[](https://stacksimplify.com/course-images/terraform-aws-codepipeline-iac-devops-1.png) - -[](https://stacksimplify.com/course-images/terraform-aws-codepipeline-iac-devops-2.png) - -[](https://stacksimplify.com/course-images/terraform-aws-codepipeline-iac-devops-3.png) - -[](https://stacksimplify.com/course-images/terraform-aws-codepipeline-iac-devops-4.png) - -## Step-01: Copy terraform-manifests from Section-15 -- Copy `terraform-manifests` from Section-15 `15-Autoscaling-with-Launch-Templates` -- Update `private-key\terraform-key.pem` with your private key with same name. - - -## Step-02: c1-versions.tf - Terraform Backends -### Step-02-01 Add backend block as below -```t - # Adding Backend as S3 for Remote State Storage - backend "s3" { } -``` -### Step-02-02: Create file named `dev.conf` -```t -bucket = "terraform-on-aws-for-ec2" -key = "iacdevops/dev/terraform.tfstate" -region = "us-east-1" -dynamodb_table = "iacdevops-dev-tfstate" -``` -### Step-02-03: Create file named `stag.conf` -```t -bucket = "terraform-on-aws-for-ec2" -key = "iacdevops/stag/terraform.tfstate" -region = "us-east-1" -dynamodb_table = "iacdevops-stag-tfstate" -``` -### Step-02-04: Create S3 Bucket related folders for both environments for Terraform State Storage -- Go to Services -> S3 -> terraform-on-aws-for-ec2 -- Create Folder `iacdevops` -- Create Folder `iacdevops\dev` -- Create Folder `iacdevops\stag` - -### Step-02-05: Create DynamoDB Tables for Both Environments for Terraform State Locking -- Create Dynamo DB Table for Dev Environment - - **Table Name:** iacdevops-dev-tfstate - - **Partition key (Primary Key):** LockID (Type as String) - - **Table settings:** Use default settings (checked) - - Click on **Create** -- Create Dynamo DB Table for Staging Environment - - **Table Name:** iacdevops-stag-tfstate - - **Partition key (Primary Key):** LockID (Type as String) - - **Table settings:** Use default settings (checked) - - Click on **Create** - -## Step-03: Pipeline Build Out - Decisions -- We have two options here. -### Step-03-01: Option-1: Create separate folders per environment and have same TF Config files (c1 to c13) maintained per environment - - More work as we need to manage many environment related configs - - Dev - C1 to C13 - Approximate 30 files - - QA - C1 to C13 - Approximate 30 files - - Stg - C1 to C13 - Approximate 30 files - - Prd - C1 to C13 - Approximate 30 files - - DR - C1 to C13 - Approximate 30 files -- Close to 150 files you need to manage changes. -- For critical projects which you want to isolate as above, Terraform also recommends this approach but its all case to case basis on the environment we have built, skill level and organization level standards. - -### Step-03-02: Option-2: Create only 1 folder and leverage same C1 to C13 files (approx 30 files) across environments. - - Only 30 files to manage across Dev, QA, Staging, Production and DR environments. - - We are going to take this `option-2` and build the pipeline for Dev and Staging environments - -## Step-04: Merge vpc.auto.tfvars and ec2instance.auto.tfvars -- Merge `vpc.auto.tfvars` and `ec2instance.auto.tfvars` to environment specific `.tfvars` example `dev.tfvars` and `stag.tfvats` -- Also don't provide `.auto.` in `dev.tfvars` or `stag.tfvars` if we want to leverage same TF Config files across environmets. -- We are going to pass the `.tfvars` file as `-var-file` argument to `terraform apply` command -```t -terraform apply -input=false -var-file=dev.tfvars -auto-approve -``` -### Step-04-01: dev.tfvars -```t -# Environment -environment = "dev" -# VPC Variables -vpc_name = "myvpc" -vpc_cidr_block = "10.0.0.0/16" -vpc_availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"] -vpc_public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"] -vpc_private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] -vpc_database_subnets= ["10.0.151.0/24", "10.0.152.0/24", "10.0.153.0/24"] -vpc_create_database_subnet_group = true -vpc_create_database_subnet_route_table = true -vpc_enable_nat_gateway = true -vpc_single_nat_gateway = true - -# EC2 Instance Variables -instance_type = "t3.micro" -instance_keypair = "terraform-key" -private_instance_count = 2 -``` -### Step-04-01: stag.tfvars -```t -# Environment -environment = "stag" -# VPC Variables -vpc_name = "myvpc" -vpc_cidr_block = "10.0.0.0/16" -vpc_availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"] -vpc_public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"] -vpc_private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] -vpc_database_subnets= ["10.0.151.0/24", "10.0.152.0/24", "10.0.153.0/24"] -vpc_create_database_subnet_group = true -vpc_create_database_subnet_route_table = true -vpc_enable_nat_gateway = true -vpc_single_nat_gateway = true - -# EC2 Instance Variables -instance_type = "t3.micro" -instance_keypair = "terraform-key" -private_instance_count = 2 -``` -- Remove / Delete the following two files - - vpc.auto.tfvars - - ec2instance.auto.tfvars - -## Step-05: terraform.tfvars -- `terraform.tfvars` which autoloads for all environment creations will have only generic variables. -```t -# Generic Variables -aws_region = "us-east-1" -business_divsion = "hr" -``` - - - -## Step-06: Remove local-exec Provisioners -### Step-06-01: c9-nullresource-provisioners.tf -- Remove Local Exec Provisioner which is not applicable in CodePipeline -> CodeBuild case. -```t -## Local Exec Provisioner: local-exec provisioner (Creation-Time Provisioner - Triggered during Create Resource) - provisioner "local-exec" { - command = "echo VPC created on `date` and VPC ID: ${module.vpc.vpc_id} >> creation-time-vpc-id.txt" - working_dir = "local-exec-output-files/" - #on_failure = continue - } -``` -- Remove the folder `local-exec-output-files` -### Step-06-02: c8-elasticip.tf -- Remove Local Exec Provisioner which is not applicable in CodePipeline -> CodeBuild case. -```t -## Local Exec Provisioner: local-exec provisioner (Destroy-Time Provisioner - Triggered during deletion of Resource) - provisioner "local-exec" { - command = "echo Destroy time prov `date` >> destroy-time-prov.txt" - working_dir = "local-exec-output-files/" - when = destroy - #on_failure = continue - } -``` - -## Step-07: To Support Multiple Environments -### Step-07-01: c5-03-securitygroup-bastionsg.tf -```t -# Before - name = "public-bastion-sg" -# After - name = "${local.name}-public-bastion-sg" -``` -### Step-07-02: c5-04-securitygroup-privatesg.tf -```t -# Before - name = "private-sg" -# After - name = "${local-name}-private-sg" -``` - -### Step-07-03: c5-05-securitygroup-loadbalancersg.tf -```t -# Before - name = "loadbalancer-sg" -# After - name = "${local.name}-loadbalancer-sg" -``` - -### Step-07-04: Create Variable for DNS Name to support multiple environments -#### Step-07-04-01: c12-route53-dnsregistration.tf -```t -# DNS Name Input Variable -variable "dns_name" { - description = "DNS Name to support multiple environments" - type = string -} -``` -#### Step-07-04-02: c12-route53-dnsregistration.tf -```t -# DNS Registration -resource "aws_route53_record" "apps_dns" { - zone_id = data.aws_route53_zone.mydomain.zone_id - name = var.dns_name - type = "A" - alias { - name = module.alb.lb_dns_name - zone_id = module.alb.lb_zone_id - evaluate_target_health = true - } -} -``` -#### Step-07-04-03: dev.tfvars -```t -# DNS Name -dns_name = "devdemo1.devopsincloud.com" -``` -#### Step-07-04-04: stag.tfvars -```t -# DNS Name -dns_name = "stagedemo1.devopsincloud.com" -``` - -### Step-07-05: c11-acm-certificatemanager.tf -- In your case, the domain names will change as per this step. -```t -# Before - subject_alternative_names = [ - "*.devopsincloud.com" - ] - -# After - subject_alternative_names = [ - #"*.devopsincloud.com" - var.dns_name - ] -``` - -### Step-07-06: c13-02-autoscaling-launchtemplate-resource.tf -```t -# Before - name = "my-launch-template" -# After - name_prefix = "${local.name}-" -``` -### Step-07-07: c13-02-autoscaling-launchtemplate-resource.tf -```t -# Before - tag_specifications { - resource_type = "instance" - tags = { - Name = "myasg" - } - } -# After - tag_specifications { - resource_type = "instance" - tags = { - #Name = "myasg" - Name = local.name - } - } -``` -### Step-07-08: c13-03-autoscaling-resource.tf -```t -# Before - name_prefix = "myasg-" -# After - name_prefix = "${local.name}-" -``` -### Step-07-09: c13-06-autoscaling-ttsp.tf -```t -# Before - name = "avg-cpu-policy-greater-than-xx" - name = "alb-target-requests-greater-than-yy" -# After - name = "${local.name}-avg-cpu-policy-greater-than-xx" - name = "${local.name}-alb-target-requests-greater-than-yy" -``` - -## Step-08: Create Secure Parameters in Parameter Store -### Step-08-01: Create MY_AWS_SECRET_ACCESS_KEY -- Go to Services -> Systems Manager -> Application Management -> Parameter Store -> Create Parameter - - Name: /CodeBuild/MY_AWS_ACCESS_KEY_ID - - Descritpion: My AWS Access Key ID for Terraform CodePipeline Project - - Tier: Standard - - Type: Secure String - - Rest all defaults - - Value: ABCXXXXDEFXXXXGHXXX - -### Step-08-02: Create MY_AWS_SECRET_ACCESS_KEY -- Go to Services -> Systems Manager -> Application Management -> Parameter Store -> Create Parameter - - Name: /CodeBuild/MY_AWS_SECRET_ACCESS_KEY - - Descritpion: My AWS Secret Access Key for Terraform CodePipeline Project - - Tier: Standard - - Type: Secure String - - Rest all defaults - - Value: abcdefxjkdklsa55dsjlkdjsakj - - -## Step-09: buildspec-dev.yml -- Discuss about following Environment variables we are going to pass -- TERRAFORM_VERSION - - which version of terraform codebuild should use - - As on today `0.15.3` is latest we will use that -- TF_COMMAND - - We will use `apply` to create resources - - We will use `destroy` in CodeBuild Environment -- AWS_ACCESS_KEY_ID: /CodeBuild/MY_AWS_ACCESS_KEY_ID - - AWS Access Key ID is safely stored in Parameter Store -- AWS_SECRET_ACCESS_KEY: /CodeBuild/MY_AWS_SECRET_ACCESS_KEY - - AWS Secret Access Key is safely stored in Parameter Store -```yaml -version: 0.2 - -env: - variables: - TERRAFORM_VERSION: "0.15.3" - TF_COMMAND: "apply" - #TF_COMMAND: "destroy" - parameter-store: - AWS_ACCESS_KEY_ID: "/CodeBuild/MY_AWS_ACCESS_KEY_ID" - AWS_SECRET_ACCESS_KEY: "/CodeBuild/MY_AWS_SECRET_ACCESS_KEY" - -phases: - install: - runtime-versions: - python: 3.7 - on-failure: ABORT - commands: - - tf_version=$TERRAFORM_VERSION - - wget https://releases.hashicorp.com/terraform/"$TERRAFORM_VERSION"/terraform_"$TERRAFORM_VERSION"_linux_amd64.zip - - unzip terraform_"$TERRAFORM_VERSION"_linux_amd64.zip - - mv terraform /usr/local/bin/ - pre_build: - on-failure: ABORT - commands: - - echo terraform execution started on `date` - build: - on-failure: ABORT - commands: - # Project-1: AWS VPC, ASG, ALB, Route53, ACM, Security Groups and SNS - - cd "$CODEBUILD_SRC_DIR/terraform-manifests" - - ls -lrt "$CODEBUILD_SRC_DIR/terraform-manifests" - - terraform --version - - terraform init -input=false --backend-config=dev.conf - - terraform validate - - terraform plan -lock=false -input=false -var-file=dev.tfvars - - terraform $TF_COMMAND -input=false -var-file=dev.tfvars -auto-approve - post_build: - on-failure: CONTINUE - commands: - - echo terraform execution completed on `date` -``` - -## Step-10: buildspec-stag.yml -```yaml -version: 0.2 - -env: - variables: - TERRAFORM_VERSION: "0.15.3" - TF_COMMAND: "apply" - #TF_COMMAND: "destroy" - parameter-store: - AWS_ACCESS_KEY_ID: "/CodeBuild/MY_AWS_ACCESS_KEY_ID" - AWS_SECRET_ACCESS_KEY: "/CodeBuild/MY_AWS_SECRET_ACCESS_KEY" - -phases: - install: - runtime-versions: - python: 3.7 - on-failure: ABORT - commands: - - tf_version=$TERRAFORM_VERSION - - wget https://releases.hashicorp.com/terraform/"$TERRAFORM_VERSION"/terraform_"$TERRAFORM_VERSION"_linux_amd64.zip - - unzip terraform_"$TERRAFORM_VERSION"_linux_amd64.zip - - mv terraform /usr/local/bin/ - pre_build: - on-failure: ABORT - commands: - - echo terraform execution started on `date` - build: - on-failure: ABORT - commands: - # Project-1: AWS VPC, ASG, ALB, Route53, ACM, Security Groups and SNS - - cd "$CODEBUILD_SRC_DIR/terraform-manifests" - - ls -lrt "$CODEBUILD_SRC_DIR/terraform-manifests" - - terraform --version - - terraform init -input=false --backend-config=stag.conf - - terraform validate - - terraform plan -lock=false -input=false -var-file=stag.tfvars - - terraform $TF_COMMAND -input=false -var-file=stag.tfvars -auto-approve - post_build: - on-failure: CONTINUE - commands: - - echo terraform execution completed on `date` -``` - -## Step-11: Create Github Repository and Check-In file -### Step-11-01: Create New Github Repository -- Go to github.com and login with your credentials -- URL: https://github.com/stacksimplify (my git repo url) -- Click on **Repositories Tab** -- Click on **New** to create a new repository -- **Repository Name:** terraform-iacdevops-with-aws-codepipeline -- **Description:** Implement Terraform IAC DevOps for AWS Project with AWS CodePipeline -- **Repository Type:** Private -- **Choose License:** Apache License 2.0 -- Click on **Create Repository** -- Click on **Code** and Copy Repo link -### Step-11-02: Clone Remote Repo and Copy all related files -```t -# Change Directory -cd demo-repos - -# Execute Git Clone -git clone https://github.com/stacksimplify/terraform-iacdevops-with-aws-codepipeline.git - -# Copy all files from Section-22 Git-Repo-Files folder -1. Source Folder Path: 22-IaC-DevOps-using-AWS-CodePipeline/Git-Repo-Files -2. Copy all files from Source Folder to Destination Folder -3. Destination Folder Path: demo-repos/terraform-iacdevops-with-aws-codepipeline - -# Verify Git Status -git status - -# Git Commit -git commit -am "First Commit" - -# Push files to Remote Repository -git push - -# Verify same on Remote Repository -https://github.com/stacksimplify/terraform-iacdevops-with-aws-codepipeline.git -``` - -## Step-12: Verify if AWS Connector for GitHub already installed on your Github -- Go to below url and verify -- **URL:** https://github.com/settings/installations - -## Step-13: Create Github Connection from AWS Developer Tools -- Go to Services -> CodePipeline -> Create Pipeline -- In Developer Tools -> Click on **Settings** -> Connections -> Create Connection -- **Select Provider:** Github -- **Connection Name:** terraform-iacdevops-aws-cp-con1 -- Click on **Connect to Github** -- GitHub Apps: Click on **Install new app** -- It should redirect to github page `Install AWS Connector for GitHub` -- **Only select repositories:** terraform-iacdevops-with-aws-codepipeline -- Click on **Install** -- Click on **Connect** -- Verify Connection Status: It should be in **Available** state -- Go to below url and verify -- **URL:** https://github.com/settings/installations -- You should see `Install AWS Connector for GitHub` app installed - -## Step-14: Create AWS CodePipeline -- Go to Services -> CodePipeline -> Create Pipeline -### Pipeline settings -- **Pipeline Name:** tf-iacdevops-aws-cp1 -- **Service role:** New Service Role -- rest all defaults - - Artifact store: Default Location - - Encryption Key: Default AWS Managed Key -- Click **Next** -### Source Stage -- **Source Provider:** Github (Version 2) -- **Connection:** terraform-iacdevops-aws-cp-con1 -- **Repository name:** terraform-iacdevops-with-aws-codepipeline -- **Branch name:** main -- **Change detection options:** leave to defaults as checked -- **Output artifact format:** leave to defaults as `CodePipeline default` -### Add Build Stage -- **Build Provider:** AWS CodeBuild -- **Region:** N.Virginia -- **Project Name:** Click on **Create Project** - - **Project Name:** codebuild-tf-iacdevops-aws-cp1 - - **Description:** CodeBuild Project for Dev Stage of IAC DevOps Terraform Demo - - **Environment image:** Managed Image - - **Operating System:** Amazon Linux 2 - - **Runtimes:** Standard - - **Image:** latest available today (aws/codebuild/amazonlinux2-x86_64-standard:3.0) - - **Environment Type:** Linux - - **Service Role:** New (leave to defaults including Role Name) - - **Build specifications:** use a buildspec file - - **Buildspec name - optional:** buildspec-dev.yml (Ensure that this file is present in root folder of your github repository) - - Rest all leave to defaults - - Click on **Continue to CodePipeline** -- **Project Name:** This value should be auto-populated with `codebuild-tf-iacdevops-aws-cp1` -- **Build Type:** Single Build -- Click **Next** -### Add Deploy Stage -- Click on **Skip Deploy Stage** -### Review Stage -- Click on **Create Pipeline** - - -## Step-15: Verify the Pipeline created -- **Verify Source Stage:** Should pass -- **Verify Build Stage:** should fail with error -- Verify Build Stage logs by clicking on **details** in pipeline screen -```log -[Container] 2021/05/11 06:24:06 Waiting for agent ping -[Container] 2021/05/11 06:24:09 Waiting for DOWNLOAD_SOURCE -[Container] 2021/05/11 06:24:09 Phase is DOWNLOAD_SOURCE -[Container] 2021/05/11 06:24:09 CODEBUILD_SRC_DIR=/codebuild/output/src851708532/src -[Container] 2021/05/11 06:24:09 YAML location is /codebuild/output/src851708532/src/buildspec-dev.yml -[Container] 2021/05/11 06:24:09 Processing environment variables -[Container] 2021/05/11 06:24:09 Decrypting parameter store environment variables -[Container] 2021/05/11 06:24:09 Phase complete: DOWNLOAD_SOURCE State: FAILED -[Container] 2021/05/11 06:24:09 Phase context status code: Decrypted Variables Error Message: AccessDeniedException: User: arn:aws:sts::180789647333:assumed-role/codebuild-codebuild-tf-iacdevops-aws-cp1-service-role/AWSCodeBuild-97595edc-1db1-4070-97a0-71fa862f0993 is not authorized to perform: ssm:GetParameters on resource: arn:aws:ssm:us-east-1:180789647333:parameter/CodeBuild/MY_AWS_ACCESS_KEY_ID -``` -## Step-16: Fix ssm:GetParameters IAM Role issues -### Step-16-01: Get IAM Service Role used by CodeBuild Project -- Get the IAM Service Role name CodeBuild Project is using -- Go to CodeBuild -> codebuild-tf-iacdevops-aws-cp1 -> Edit -> Environment -- Make a note of Service Role ARN -```t -# CodeBuild Service Role ARN -arn:aws:iam::180789647333:role/service-role/codebuild-codebuild-tf-iacdevops-aws-cp1-service-role -``` -### Step-16-02: Create IAM Policy with Systems Manager Get Parameter Read Permission -- Go to Services -> IAM -> Policies -> Create Policy -- **Service:** Systems Manager -- **Actions:** Get Parameters (Under Read) -- **Resources:** All -- Click **Next Tags** -- Click **Next Review** -- **Policy name:** systems-manger-get-parameter-access -- **Policy Description:** Read Parameters from Parameter Store in AWS Systems Manager Service -- Click on **Create Policy** - -### Step-16-03: Associate this Policy to IAM Role -- Go to Services -> IAM -> Roles -> Search for `codebuild-codebuild-tf-iacdevops-aws-cp1-service-role` -- Attach the polic named `systems-manger-get-parameter-access` - -## Step-17: Re-run the CodePipeline -- Go to Services -> CodePipeline -> tf-iacdevops-aws-cp1 -- Click on **Release Change** -- **Verify Source Stage:** - - Should pass -- **Verify Build Stage:** - - Verify Build Stage logs by clicking on **details** in pipeline screen - - Verify `Cloudwatch -> Log Groups` logs too (Logs saved in CloudWatch for additional reference) - - -## Step-18: Verify Resources -0. Confirm SNS Subscription in your email -1. Verify EC2 Instances -2. Verify Launch Templates (High Level) -3. Verify Autoscaling Group (High Level) -4. Verify Load Balancer -5. Verify Load Balancer Target Group - Health Checks -7. Access and Test -```t -# Access and Test -http://devdemo1.devopsincloud.com -http://devdemo1.devopsincloud.com/app1/index.html -http://devdemo1.devopsincloud.com/app1/metadata.html -``` - -## Step-19: Add Approval Stage before deploying to staging environment -- Go to Services -> AWS CodePipeline -> tf-iacdevops-aws-cp1 -> Edit -### Add Stage - - Name: Email-Approval -### Add Action Group -- Action Name: Email-Approval -- Action Provider: Manual Approval -- SNS Topic: Select SNS Topic from drop down -- Comments: Approve to deploy to staging environment - -## Step-20: Add Staging Environment Deploy Stage -- Go to Services -> AWS CodePipeline -> tf-iacdevops-aws-cp1 -> Edit -### Add Stage - - Name: Stage-Deploy -### Add Action Group -- Action Name: Stage-Deploy -- Region: US East (N.Virginia) -- Action Provider: AWS CodeBuild -- Input Artifacts: Source Artifact -- **Project Name:** Click on **Create Project** - - **Project Name:** stage-deploy-tf-iacdevops-aws-cp1 - - **Description:** CodeBuild Project for Staging Environment of IAC DevOps Terraform Demo - - **Environment image:** Managed Image - - **Operating System:** Amazon Linux 2 - - **Runtimes:** Standard - - **Image:** latest available today (aws/codebuild/amazonlinux2-x86_64-standard:3.0) - - **Environment Type:** Linux - - **Service Role:** New (leave to defaults including Role Name) - - **Build specifications:** use a buildspec file - - **Buildspec name - optional:** buildspec-stag.yml (Ensure that this file is present in root folder of your github repository) - - Rest all leave to defaults - - Click on **Continue to CodePipeline** -- **Project Name:** This value should be auto-populated with `stage-deploy-tf-iacdevops-aws-cp1` -- **Build Type:** Single Build -- Click on **Done** -- Click on **Save** - -## Step-21: Update the IAM Role -- Update the IAM Role created as part of this `stage-deploy-tf-iacdevops-aws-cp1` CodeBuild project by adding the policy `systems-manger-get-parameter-access1` - -## Step-22: Run the Pipeline -- Go to Services -> AWS CodePipeline -> tf-iacdevops-aws-cp1 -- Click on **Release Change** -- Verify Source Stage -- Verify Build Stage (Dev Environment - Dev Depploy phase) -- Verify Manual Approval Stage - Approve the change -- Verify Stage Deploy Stage - - Verify build logs - -## Step-23: Verify Staging Environment -0. Confirm SNS Subscription in your email -1. Verify EC2 Instances -2. Verify Launch Templates (High Level) -3. Verify Autoscaling Group (High Level) -4. Verify Load Balancer -5. Verify Load Balancer Target Group - Health Checks -7. Access and Test -```t -# Access and Test -http://stagedemo1.devopsincloud.com -http://stagedemo1.devopsincloud.com/app1/index.html -http://stagedemo1.devopsincloud.com/app1/metadata.html -``` - -## Step-24: Make a change and test the entire pipeline -### Step-24-01: c13-03-autoscaling-resource.tf -- Increase minimum EC2 Instances from 2 to 3 -```t -# Before - desired_capacity = 2 - max_size = 10 - min_size = 2 -# After - desired_capacity = 4 - max_size = 10 - min_size = 4 -``` -### Step-24-02: Commit Changes via Git Repo -```t -# Verify Changes -git status - -# Commit Changes to Local Repository -git add . -git commit -am "ASG Min Size from 2 to 4" - -# Push changes to Remote Repository -git push -``` -### Step-24-03: Review Build Logs -- Go to Services -> CodePipeline -> tf-iacdevops-aws-cp1 -- Verify Dev Deploy Logs -- Approve at `Manual Approval` stage -- Verify Stage Deploy Logs - -### Step-24-04: Verify EC2 Instances -- Go to Services -> EC2 Instances -- Newly created instances should be visible. -- hr-dev: 4 EC2 Instances -- hr-stag: 4 EC2 Instances - -## Step-25: Destroy Resources -### Step-25-01: Update buildspec-dev.yml -```t -# Before - TF_COMMAND: "apply" - #TF_COMMAND: "destroy" -# After - #TF_COMMAND: "apply" - TF_COMMAND: "destroy" -``` -### Step-25-02: Update buildspec-stag.yml -```t -# Before - TF_COMMAND: "apply" - #TF_COMMAND: "destroy" -# After - #TF_COMMAND: "apply" - TF_COMMAND: "destroy" -``` -### Step-25-03: Commit Changes via Git Repo -```t -# Verify Changes -git status - -# Commit Changes to Local Repository -git add . -git commit -am "Destroy Resources" - -# Push changes to Remote Repository -git push -``` -### Step-25-03: Review Build Logs -- Go to Services -> CodePipeline -> tf-iacdevops-aws-cp1 -- Verify Dev Deploy Logs -- Approve at `Manual Approval` stage -- Verify Stage Deploy Logs - - -## Step-26: Change Everything back to original Demo State -### Step-26-01: c13-03-autoscaling-resource.tf -- Change them back to original state -```t -# Before - desired_capacity = 4 - max_size = 10 - min_size = 4 -# After - desired_capacity = 2 - max_size = 10 - min_size = 2 -``` -### Step-26-02: buildspec-dev.yml and buildspec-stag.yml -- Change them back to original state -```t -# Before - #TF_COMMAND: "apply" - TF_COMMAND: "destroy" -# After - TF_COMMAND: "apply" - #TF_COMMAND: "destroy" -``` -### Step-26-03: Commit Changes via Git Repo -```t -# Verify Changes -git status - -# Commit Changes to Local Repository -git add . -git commit -am "Fixed all the changes back to demo state" - -# Push changes to Remote Repository -git push -``` - - - - -## References -- [1:Backend configuration Dynamic](https://www.terraform.io/docs/cli/commands/init.html) -- [2:Backend configuration Dynamic](https://www.terraform.io/docs/language/settings/backends/configuration.html#partial-configuration) -- [AWS CodeBuild Builspe file reference](https://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html#build-spec.env) \ No newline at end of file diff --git a/V1-UPDATES-DEC2023/presentation/Terraform-On-AWS-v2.pptx b/V1-UPDATES-DEC2023/presentation/Terraform-On-AWS-v2.pptx deleted file mode 100644 index 36e58d3e..00000000 Binary files a/V1-UPDATES-DEC2023/presentation/Terraform-On-AWS-v2.pptx and /dev/null differ diff --git a/git-deploy.sh b/git-deploy.sh deleted file mode 100755 index 0e6ec500..00000000 --- a/git-deploy.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh - -echo "Add files and do local commit" -git add . -git commit -am "Welcome to StackSimplify" - -echo "Pushing to Github Repository" -git push diff --git a/presentation/Terraform-On-AWS-v2.pptx b/presentation/Terraform-On-AWS-v2.pptx deleted file mode 100644 index d5174670..00000000 Binary files a/presentation/Terraform-On-AWS-v2.pptx and /dev/null differ diff --git a/presentation/Terraform-On-AWS-v3.pptx b/presentation/Terraform-On-AWS-v3.pptx deleted file mode 100644 index e88ec683..00000000 Binary files a/presentation/Terraform-On-AWS-v3.pptx and /dev/null differ