first commit

Author: Anthony Klein

.gitignore

@@ -0,0 +1,5 @@
+/.DS_Store
+/.terraform
+/.terraform.lock.hcl
+/terraform.tfstate
+/terraform.tfstate.backup

doc/Terraform+Notes+PPT+27-02-2024+-+KPLABS.pdf

@@ -0,0 +1,168 @@
+# Create a Key Pair
+resource "tls_private_key" "deployer" {
+  algorithm = "RSA"
+  rsa_bits  = 2048
+}
+
+resource "aws_key_pair" "my_key_pair" {
+  key_name   = "tf-key-pair"
+  public_key = tls_private_key.deployer.public_key_openssh
+}
+
+resource "local_file" "private_key" {
+  content        = tls_private_key.deployer.private_key_pem
+  filename       = "${path.module}/tf-key-pair.pem"
+  file_permission = "0400"
+}
+
+# Create a VPC
+resource "aws_vpc" "kode_vpc" {
+  cidr_block = var.vpc_cidr
+
+  tags = {
+    Name = var.vpc_name
+  }
+}
+
+# Create an Internet Gateway
+resource "aws_internet_gateway" "kode_igw" {
+  vpc_id = aws_vpc.kode_vpc.id
+
+  tags = {
+    Name = "kode-igw"
+  }
+}
+
+# Create a Route Table
+resource "aws_route_table" "kode_rt" {
+  vpc_id = aws_vpc.kode_vpc.id
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.kode_igw.id
+  }
+
+  tags = {
+    Name = "kode-route-table"
+  }
+}
+
+# Associate the Route Table with the Subnets
+resource "aws_route_table_association" "kode_rta_1" {
+  subnet_id      = aws_subnet.kode_subnet_1.id
+  route_table_id = aws_route_table.kode_rt.id
+}
+
+resource "aws_route_table_association" "kode_rta_2" {
+  subnet_id      = aws_subnet.kode_subnet_2.id
+  route_table_id = aws_route_table.kode_rt.id
+}
+
+# Create Subnets CIDR Blocks
+resource "aws_subnet" "kode_subnet_1" {
+  vpc_id            = aws_vpc.kode_vpc.id
+  cidr_block        = var.subnet1_cidr
+  availability_zone = var.subnet1_az
+}
+
+resource "aws_subnet" "kode_subnet_2" {
+  vpc_id            = aws_vpc.kode_vpc.id
+  cidr_block        = var.subnet2_cidr
+  availability_zone = var.subnet2_az
+}
+
+# Create a Bastion Host
+resource "aws_instance" "bastion" {
+  ami           = var.ec2_ami # Reference the variable
+  instance_type = "t2.micro"
+  subnet_id     = aws_subnet.kode_subnet_1.id
+  key_name      = aws_key_pair.my_key_pair.key_name
+  associate_public_ip_address = true
+  vpc_security_group_ids = [aws_security_group.bastion_sg.id]
+
+  tags = {
+    Name = "BastionHost"
+  }
+}
+
+# Create an Application Load Balancer
+resource "aws_lb" "kode_alb" {
+  name               = "kode-alb"
+  internal           = false
+  load_balancer_type = "application"
+  security_groups    = [aws_security_group.kode_sg.id]
+  subnets            = [
+    aws_subnet.kode_subnet_1.id,
+    aws_subnet.kode_subnet_2.id
+  ]
+
+  enable_deletion_protection = false
+}
+
+# Create a Target Group
+resource "aws_lb_target_group" "kode_tg" {
+  name     = "kode-tg"
+  port     = 80
+  protocol = "HTTP"
+  vpc_id   = aws_vpc.kode_vpc.id
+
+  health_check {
+    interval            = 30
+    path                = "/"
+    timeout             = 5
+    healthy_threshold   = 5
+    unhealthy_threshold = 2
+    matcher             = "200-304"
+  }
+}
+
+# Register the EC2 Instances with the Target Group
+resource "aws_lb_target_group_attachment" "kode_tg_attachment" {
+  count            = 2
+  target_group_arn = aws_lb_target_group.kode_tg.arn
+  target_id        = aws_instance.kode_web[count.index].id
+  port             = 80
+}
+
+# Create a Listener
+resource "aws_lb_listener" "kode_listener" {
+  load_balancer_arn = aws_lb.kode_alb.arn
+  port              = 80
+  protocol          = "HTTP"
+
+  default_action {
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.kode_tg.arn
+  }
+}
+
+# Create Web EC2 Instances
+resource "aws_instance" "kode_web" {
+  count         = 2
+  ami           = "ami-07d2649d67dbe8900" # Ubuntu Server 24.04 LTS AMI
+  instance_type = "var.ec2_instance_type"
+  subnet_id     = aws_subnet.kode_subnet_1.id
+  vpc_security_group_ids = [aws_security_group.kode_sg.id]
+  key_name      = aws_key_pair.my_key_pair.key_name  # key pair name
+  associate_public_ip_address = true
+
+  user_data = <<-EOF
+              #!/bin/bash -ex
+
+              apt-get update -y
+              apt-get install nginx -y
+
+              # Replace the default Nginx HTML file
+              echo '<html>
+              <head><title>Klein's Custom Nginx Page</title></head>
+              <body><h1>Hello, World from Terraform!</h1></body>
+              </html>' > /var/www/html/index.nginx-debian.html
+
+              systemctl start nginx
+              systemctl enable nginx
+              EOF
+
+  tags = {
+    Name = var.instance_name
+  }
+}

main.tf

@@ -0,0 +1,30 @@
+# Output the ID of the VPC
+output "vpc_id" {
+  description = "The ID of the VPC"
+  value       = aws_vpc.kode_vpc.id
+}
+
+# Output the ID of the EC2 instances
+output "instance_ids" {
+  description = "The IDs of the EC2 instances"
+  value       = aws_instance.kode_web[*].id
+}
+
+# Output the DNS name of the Application Load Balancer
+output "alb_dns_name" {
+  description = "The DNS name of the Application Load Balancer"
+  value       = aws_lb.kode_alb.dns_name
+}
+
+# Output the public IP addresses of the EC2 instances
+output "instance_public_ips" {
+  description = "The public IP addresses of the EC2 instances"
+  value       = [for instance in aws_instance.kode_web : instance.public_ip]
+}
+
+# Output the ARN of the Target Group
+output "target_group_arn" {
+  description = "The ARN of the Target Group"
+  value       = aws_lb_target_group.kode_tg.arn
+}
+

outputs.tf

@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.0"
+    }
+  }
+}
+
+# Configure the AWS Provider
+provider "aws" {
+  profile = "default"
+  region = "us-east-1"
+
+  assume_role {
+    role_arn = "arn:aws:iam::925717497924:role/terraform"
+  }
+}
+

provider.tf

@@ -0,0 +1,51 @@
+# Bastion Host Security Group
+resource "aws_security_group" "bastion_sg" {
+  vpc_id = aws_vpc.kode_vpc.id
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = var.bastion_ip  # Replace with your IP in tfvars
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+# EC2 Web Server Security Group
+resource "aws_security_group" "kode_sg" {
+  vpc_id = aws_vpc.kode_vpc.id
+
+  ingress {
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = var.public_ip # Restrict SSH access to your IP
+  }
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    security_groups = [aws_security_group.bastion_sg.id]  # Allow SSH from Bastion Host
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}

sg.tf

@@ -0,0 +1,76 @@
+# Define the Target Group for SSH
+resource "aws_lb_target_group" "ssh_target_group" {
+  name     = "ssh-tg"
+  port     = 22
+  protocol = "TCP"
+  vpc_id   = aws_vpc.kode_vpc.id
+
+  health_check {
+    port                = "22"
+    protocol            = "TCP"
+    interval            = 30
+    timeout             = 5
+    healthy_threshold   = 3
+    unhealthy_threshold = 2
+  }
+}
+
+# Security Group for the Load Balancer
+resource "aws_security_group" "lb_sg" {
+  vpc_id = aws_vpc.kode_vpc.id
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["70.175.32.184/32"]  # my public IP
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+# Create the Load Balancer for SSH
+resource "aws_lb" "ssh_lb" {
+  name               = "ssh-lb"
+  internal           = false
+  load_balancer_type = "network"
+  security_groups    = [aws_security_group.lb_sg.id]
+  subnets            = [
+    aws_subnet.kode_subnet_1.id,
+    aws_subnet.kode_subnet_2.id
+  ]
+
+  enable_deletion_protection = false
+}
+
+# Create a Listener for SSH
+resource "aws_lb_listener" "ssh_listener" {
+  load_balancer_arn = aws_lb.ssh_lb.arn
+  port              = 22
+  protocol          = "TCP"
+
+  default_action {
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.ssh_target_group.arn
+  }
+}
+
+# Register the EC2 Instances with the SSH Target Group
+resource "aws_lb_target_group_attachment" "ssh_tg_attachment" {
+  count            = 2
+  target_group_arn = aws_lb_target_group.ssh_target_group.arn
+  target_id        = aws_instance.kode_web[count.index].id
+  port             = 22
+}
+
+# Register the First EC2 Instance with the SSH Target Group
+#resource "aws_lb_target_group_attachment" "ssh_tg_attachment" {
+#  target_group_arn = aws_lb_target_group.ssh_target_group.arn
+#  target_id        = aws_instance.kode_web[0].id  # Register only the first instance
+#  port             = 22
+#}

ssh_load_balancer.tf

@@ -0,0 +1,4 @@
+bastion_ip = ["70.175.32.184/32"] # my public IP address
+public_ip = ["70.175.32.184/32"] # my public IP address
+ec2_instance_type = "t2.micro"
+instance_name = "kode_web_instance"