devopsacademyau · julio-pimentel · Aug 25, 2022
@@ -0,0 +1,31 @@
+# C04-IAC01
+
+## Terraform code 
+- [_backend.tf](_backend.tf)
+- [_provider.tf](_provider.tf)
+- [ec2.tf](ec2.tf)
+- [iam.tf](iam.tf)
+- [s3.tf](s3.tf)
+- [security-group.tf](security-group.tf)
+
+## Command Execution Output
+- [output.txt](output.txt)
+
+# Command Execution to install Terraform in AWS Console
+
+# 1. Install Terraform on AWS Console 
+sudo yum install -y yum-utils
+sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/AmazonLinux/hashicorp.repo
+sudo yum -y install terraform
+
+# 2. Deploy Terraform infra
+
+terraform init
+terraform plan 
+terraform apply 
+
+
+<!-- Don't change anything below this point-->
+<!-- Before commiting, remove both commented lines--> 
+***
+Answer for exercise [c04-iac01](https://github.com/devopsacademyau/academy/blob/af71c8c5c94a36439854d642cc64ac103d8507e3/classes/04class/exercises/c04-iac01/README.md)
@@ -0,0 +1,6 @@
+# Define where the terraform state will be stored
+terraform {
+  backend "local" {
+    path = "./terraform.tfstate"
+  }
+}
@@ -0,0 +1,5 @@
+# Configure the AWS Provider
+provider "aws" {
+  version = "~> 2.0"
+  region  = "ap-southeast-2"
+}
@@ -0,0 +1,30 @@
+# Define variables
+variable "instance_type" {
+  type = string
+  default = "t2.micro"
+}
+
+variable "ami_id" {
+    type = string
+    default = "ami-0c641f2290e9cd048"
+}
+
+variable "key_name" {
+    type = string 
+    default = "kp-devops-academy"
+}
+
+resource "aws_iam_instance_profile" "ec2_profile" {
+  name = "ec2_profile"
+  role = aws_iam_role.ec2_trust_role_1.name
+}
+
+resource "aws_instance" "ec2_c01_iac01" {
+    ami = var.ami_id
+    instance_type = var.instance_type
+    key_name = var.key_name
+    iam_instance_profile = aws_iam_instance_profile.ec2_profile.name
+    tags = {
+        Name = "c04-iac01"
+    }
+}
@@ -0,0 +1,57 @@
+resource "aws_iam_role" "ec2_trust_role_1" {
+  name = "ec2_trust_role_1"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "ec2.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+EOF
+
+  tags = {
+    tag-key = "c04-iac01"
+  }
+}
+
+
+resource "aws_iam_policy" "s3_read_policy_1" {
+  name        = "s3_read_policy_1"
+  description = "S3 read only policy"
+  policy = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "s3:GetBucketLocation",
+                "s3:ListAllMyBuckets"
+            ],
+            "Resource": "arn:aws:s3:::*"
+        },
+        {
+            "Effect": "Allow",
+            "Action": "s3:*",
+            "Resource": [
+                "arn:aws:s3:::${aws_s3_bucket.bucket_c04_iac01_1.bucket}",
+                "arn:aws:s3:::${aws_s3_bucket.bucket_c04_iac01_1.bucket}/*"
+            ]
+        }
+    ]
+}
+
+  EOF
+}
+
+resource "aws_iam_role_policy_attachment" "attach_s3_read_policy_1" {
+  role       = aws_iam_role.ec2_trust_role_1.name
+  policy_arn = aws_iam_policy.s3_read_policy_1.arn
+}
@@ -0,0 +1,90 @@
+$ terraform plan 
+aws_security_group.c04_iac01_sg: Refreshing state... [id=sg-0daa8bbcadab8e554]
+aws_iam_role.ec2_trust_role_1: Refreshing state... [id=ec2_trust_role_1]
+aws_iam_instance_profile.ec2_profile: Refreshing state... [id=ec2_profile]
+aws_instance.ec2_c01_iac01: Refreshing state... [id=i-02158ec44cad0d628]
+aws_network_interface_sg_attachment.sg_attachment: Refreshing state... [id=sg-0daa8bbcadab8e554_eni-01dabb3aa396dac1e]
+
+Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+  + create
+
+Terraform will perform the following actions:
+
+  # aws_iam_policy.s3_read_policy_1 will be created
+  + resource "aws_iam_policy" "s3_read_policy_1" {
+      + arn         = (known after apply)
+      + description = "S3 read only policy"
+      + id          = (known after apply)
+      + name        = "s3_read_policy_1"
+      + path        = "/"
+      + policy      = jsonencode(
+            {
+              + Statement = [
+                  + {
+                      + Action   = [
+                          + "s3:GetBucketLocation",
+                          + "s3:ListAllMyBuckets",
+                        ]
+                      + Effect   = "Allow"
+                      + Resource = "arn:aws:s3:::*"
+                    },
+                  + {
+                      + Action   = "s3:*"
+                      + Effect   = "Allow"
+                      + Resource = [
+                          + "arn:aws:s3:::bucket-c04-iac01-1",
+                          + "arn:aws:s3:::bucket-c04-iac01-1/*",
+                        ]
+                    },
+                ]
+              + Version   = "2012-10-17"
+            }
+        )
+    }
+
+  # aws_iam_role_policy_attachment.attach_s3_read_policy_1 will be created
+  + resource "aws_iam_role_policy_attachment" "attach_s3_read_policy_1" {
+      + id         = (known after apply)
+      + policy_arn = (known after apply)
+      + role       = "ec2_trust_role_1"
+    }
+
+  # aws_s3_bucket.bucket_c04_iac01_1 will be created
+  + resource "aws_s3_bucket" "bucket_c04_iac01_1" {
+      + acceleration_status         = (known after apply)
+      + acl                         = "private"
+      + arn                         = (known after apply)
+      + bucket                      = "bucket-c04-iac01-1"
+      + bucket_domain_name          = (known after apply)
+      + bucket_regional_domain_name = (known after apply)
+      + force_destroy               = false
+      + hosted_zone_id              = (known after apply)
+      + id                          = (known after apply)
+      + region                      = (known after apply)
+      + request_payer               = (known after apply)
+      + tags                        = {
+          + "Name" = "c04-iac01"
+        }
+      + website_domain              = (known after apply)
+      + website_endpoint            = (known after apply)
+
+      + versioning {
+          + enabled    = (known after apply)
+          + mfa_delete = (known after apply)
+        }
+    }
+
+Plan: 3 to add, 0 to change, 0 to destroy.
+╷
+│ Warning: Version constraints inside provider configuration blocks are deprecated
+│ 
+│   on _provider.tf line 3, in provider "aws":
+│    3:   version = "~> 2.0"
+│ 
+│ Terraform 0.13 and earlier allowed provider version constraints inside the provider configuration block, but that is now deprecated and will be removed in a future version of Terraform. To silence this
+│ warning, move the provider version constraint into the required_providers block.
+╵
+
+───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
+
+Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply" now.
@@ -0,0 +1,8 @@
+resource "aws_s3_bucket" "bucket_c04_iac01_1" {
+  bucket = "bucket-c04-iac01-1"
+  acl    = "private"
+
+  tags = {
+    Name   = "c04-iac01"
+  }
+}
@@ -0,0 +1,16 @@
+ resource "aws_security_group" "c04_iac01_sg" {
+  name = "c04_iac01_sg"
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  tags = {
+    name = "c04-iac01"
+  }
+}
+resource "aws_network_interface_sg_attachment" "sg_attachment" {
+  security_group_id    = aws_security_group.c04_iac01_sg.id
+  network_interface_id = aws_instance.ec2_c01_iac01.primary_network_interface_id
+}