From ff79f4fd31eb45e6c620e290aeae8fd02451a367 Mon Sep 17 00:00:00 2001 From: Ryan Malloy Date: Sat, 9 Nov 2024 12:23:43 -0700 Subject: [PATCH] first commit --- main.tf | 155 +++++++++++++++++++++++++++++++++++++++++++++++++++ outputs.tf | 19 +++++++ variables.tf | 52 +++++++++++++++++ 3 files changed, 226 insertions(+) create mode 100644 main.tf create mode 100644 outputs.tf create mode 100644 variables.tf diff --git a/main.tf b/main.tf new file mode 100644 index 0000000..bae8bf2 --- /dev/null +++ b/main.tf @@ -0,0 +1,155 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "4.45.0" + } + } +} + +provider "aws" { + region = var.aws_region + access_key = var.aws_access_key + secret_key = var.aws_secret_key +} + +resource "aws_vpc" "main_vpc" { + cidr_block = var.vpc_cidr + tags = { + Name = "main-vpc" + } +} + +resource "aws_internet_gateway" "igw" { + vpc_id = aws_vpc.main_vpc.id + tags = { + Name = "main-igw" + } +} + +resource "aws_subnet" "public_subnet" { + vpc_id = aws_vpc.main_vpc.id + cidr_block = var.public_cidr + availability_zone = "${var.aws_region}a" + map_public_ip_on_launch = true + tags = { + Name = "public-subnet" + } +} + +# Create a route table with a route to the internet through the Internet Gateway +resource "aws_route_table" "public_rt" { + vpc_id = aws_vpc.main_vpc.id + route { + cidr_block = "0.0.0.0/0" + gateway_id = aws_internet_gateway.igw.id + } +} + +# Associate route table with the public subnet, enabling outgoing traffic to reach the internet. +resource "aws_route_table_association" "public_rt_association" { + subnet_id = aws_subnet.public_subnet.id + route_table_id = aws_route_table.public_rt.id +} + + +resource "tls_private_key" "ssh_key" { + algorithm = "RSA" + rsa_bits = 4096 +} + +resource "local_file" "private_key" { + content = tls_private_key.ssh_key.private_key_pem + filename = "./.ssh/terraform_rsa" +} + +resource "local_file" "public_key" { + content = tls_private_key.ssh_key.public_key_openssh + filename = "./.ssh/terraform_rsa.pub" +} + +resource "aws_key_pair" "deployer" { + key_name = "ubuntu_ssh_key" + public_key = tls_private_key.ssh_key.public_key_openssh +} + +# Firewall +resource "aws_security_group" "allow_ssh_http_https" { + vpc_id = aws_vpc.main_vpc.id + + ingress { + from_port = 22 + to_port = 22 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + ingress { + from_port = 80 + to_port = 80 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + ingress { + from_port = 443 + to_port = 443 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } + +} +data "aws_ami" "latest_ecs" { + most_recent = true + owners = ["591542846629"] # AWS + + filter { + name = "name" + values = ["*amazon-ecs-optimized"] + } + + filter { + name = "virtualization-type" + values = ["hvm"] + } +} + +data "aws_ami" "ubuntu" { + most_recent = true + owners = ["099720109477"] # Cannonical / Ubuntu + + filter { + name = "name" + values = ["ubuntu/images/hvm-ssd/ubuntu-focal-24.04-amd64-server-*"] + } + + filter { + name = "virtualization-type" + values = ["hvm"] + } + +} + +resource "aws_instance" "ubuntu_instance" { + ami = data.aws_ami.ubuntu.ami # Ubuntu "ami-0a0e5d9c7acc336f1" +# ami = data.aws_ami.latest_ecs.ami # Amazon Linux + instance_type = var.instance_size + subnet_id = aws_subnet.public_subnet.id + vpc_security_group_ids = [aws_security_group.allow_ssh_http_https.id] + key_name = aws_key_pair.deployer.key_name + associate_public_ip_address = true + + depends_on = [ + aws_security_group.allow_ssh_http_https, + aws_internet_gateway.igw + ] + + user_data = var.user_data +} diff --git a/outputs.tf b/outputs.tf new file mode 100644 index 0000000..185082d --- /dev/null +++ b/outputs.tf @@ -0,0 +1,19 @@ +output "ubuntu_ami" { + value = data.aws_ami.ubuntu + description = "AMI selected to build instance from" +} + +output "private_key" { + value = tls_private_key.ssh_key.private_key_pem + description = "SSH Private Key (PEM format)" +} + +output "public_key" { + value = tls_private_key.ssh_key.public_key_openssh + description "SSH Public Key (OpenSSH format)" +} + +output "ubuntu_instance_public_ip" { + value = aws_instance.ubuntu_instance.public_ip +} + diff --git a/variables.tf b/variables.tf new file mode 100644 index 0000000..efe3bf9 --- /dev/null +++ b/variables.tf @@ -0,0 +1,52 @@ +# Variables + +variable "user_data" { + description = "Cloud Init 'user_data'" + default = <<-EOF + #!/bin/bash + sudo apt update -y + sudo apt-get -y install ca-certificates curl + sudo install -y -m 0755 -d /etc/apt/keyrings + sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc + sudo chmod a+r /etc/apt/keyrings/docker.asc + + # Add the repository to Apt sources: + echo \ + "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \ + $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \ + sudo tee /etc/apt/sources.list.d/docker.list > /dev/null + + sudo apt-get update + sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin + EOF +} + +variable "instance_size" { + description = "Size of instance to create" + default = "t2.micro" +} + +variable "vpc_cidr" { + description = "CIDR of VPC Subnet" + default = "10.0.0.0/16" +} + +variable "public_cidr" { + description = "CIDR of Public Subnet" + default = "10.0.1.0/24" +} + +variable "aws_region" { + description = "Region Preference" + default = "us-west-2" +} + +variable "aws_access_key" { + description = "AWS Access Key" + type = string +} + +variable "aws_secret_key" { + description = "AWS Secret Key" + type = string +}