Sky Cone


Welcome to my blog. The topics here include: public clouds (AWS, Alibaba Cloud, Azure, Tencent Cloud and Google Cloud), big data, Serverless, DevOps, and IaC. Any question try to contact me: leo@tianzhui.cloud.

Managing Applications and Infrastructure with Terraform-Deploying Infrastructure with Terraform-(2)Terraform for AWS-(12)Compute Part 4: The Root Module

2018年10月04日


Managing Applications and Infrastructure with Terraform-Deploying Infrastructure with Terraform
2. Terraform for AWS
12. Compute Part 4: The Root Module

Content of the compute/main.tf file.

#---compute/main.tf

data "aws_ami" "server_ami" {
    most_recent = true
    owners = ["amazon"]

    filter {
        name = "owner-alias"
        values = ["amazon"]
    }
    
    filter {
        name = "name"
        values = ["amzn-ami-hvm*-x86_64-gp2"]
    }
}

resource "aws_key_pair" "tf_auth" {
    key_name = var.key_name
    public_key = file(var.public_key_path)
}

data "template_file" "user-init" {
    count = 2
    template = file("${path.module}/userdata.tpl")
    
    vars = {
        firewall_subnets = element(var.subnet_ips, count.index)
    }
}

resource "aws_instance" "tf_server" {
    count = var.instance_count
    instance_type = var.instance_type
    ami = data.aws_ami.server_ami.id
    tags = {
        Name = "tf_server-${count.index +1}"
    }
    key_name = aws_key_pair.tf_auth.id
    vpc_security_group_ids = [var.security_group]
    subnet_id = element(var.subnets, count.index)
    user_data = data.template_file.user-init.*.rendered[count.index]
}

Edit the compute/variables.tf file.
#---compute/variables.tf

variable "key_name" {}

variable "public_key_path" {}

variable "subnet_ips" {
    type = list
}

variable "instance_count" {}

variable "instance_type" {}

variable "security_group" {}

variable "subnets" {
    type = list
}

Content of the userdata.tpl file.
#!/bin/bash
yum install httpd -y
echo "Subnet for Firewall: ${firewall_subnets}" >> /var/www/html/index.html
service httpd start
chkconfig httpd on

Content of the networking/main.tf file.
#---networking/main.tf
 
data "aws_availability_zones" "available" {}
 
resource "aws_vpc" "tf_vpc" {
    cidr_block = var.vpc_cidr
    enable_dns_hostnames = true
    enable_dns_support = true
     
    tags = {
        Name = "tf_vpc"
    }
}
 
resource "aws_internet_gateway" "tf_internet_gateway" {
    vpc_id = aws_vpc.tf_vpc.id
     
    tags = {
        Name = "tf_igw"
    }
}
 
resource "aws_route_table" "tf_public_rt" {
    vpc_id = aws_vpc.tf_vpc.id
     
    route {
        cidr_block = "0.0.0.0/0"
        gateway_id = aws_internet_gateway.tf_internet_gateway.id
    }
     
    tags = {
        Name = "tf_public"
    }
}
 
resource "aws_default_route_table" "tf_private_rt" {
    default_route_table_id = aws_vpc.tf_vpc.default_route_table_id
     
    tags = {
        Name = "tf_private"
    }
}
 
resource "aws_subnet" "tf_public_subnet" {
    count = 2
    vpc_id = aws_vpc.tf_vpc.id
    cidr_block = var.public_cidrs[count.index]
    map_public_ip_on_launch = true
    availability_zone = data.aws_availability_zones.available.names[count.index]
     
    tags = {
        Name = "tf_public_${count.index + 1}"
    }
}
 
resource "aws_route_table_association" "tf_public_assoc" {
    count = length(aws_subnet.tf_public_subnet)
    subnet_id = aws_subnet.tf_public_subnet.*.id[count.index]
    route_table_id = aws_route_table.tf_public_rt.id
}
 
resource "aws_security_group" "tf_public_sg" {
    name = "tf_public_sg"
    description = "Used for access to the public instances"
    vpc_id = aws_vpc.tf_vpc.id
     
    #SSH
    ingress {
        from_port = 22
        to_port   = 22
        protocol = "tcp"
        cidr_blocks = [var.accessip]
    }
     
    #HTTP
    ingress {
        from_port = 80
        to_port = 80
        protocol = "tcp"
        cidr_blocks = [var.accessip]
    }
     
    egress {
        from_port = 0
        to_port = 0
        protocol = "-1"
        cidr_blocks = ["0.0.0.0/0"]
    }
}

Edit the networking/outputs.tf file.
#---networking/outputs.tf

output "public_subnets" {
    value = aws_subnet.tf_public_subnet.*.id
}

output "public_sg" {
    value = aws_security_group.tf_public_sg.id
}

output "subnet_ips" {
    value = aws_subnet.tf_public_subnet.*.cidr_block
}

Edit the AWS/main.tf file.
provider "aws" {
    region = var.aws_region
}

# Deploy Storage Resource
module "storage" {
    source = "./storage"
    project_name = var.project_name
}

# Deploy Networking Resources

module "networking" {
    source = "./networking"
    vpc_cidr = var.vpc_cidr
    public_cidrs = var.public_cidrs
    accessip = var.accessip
}

# Deploy Compute Resources
module "compute" {
    source = "./compute"
    instance_count = var.instance_count
    key_name = var.key_name
    public_key_path = var.public_key_path
    instance_type = var.server_instance_type
    subnets = module.networking.public_subnets
    security_group = module.networking.public_sg
    subnet_ips = module.networking.subnet_ips
}

Edit the AWS/variables.tf file.
variable "aws_region" {}

#---storage variables

variable "project_name" {}

#---networking variables

variable "vpc_cidr" {}
variable "public_cidrs" {
    type = list
}
variable "accessip" {}

#---storage variables

variable "key_name" {}

variable "public_key_path" {}

variable "server_instance_type" {}

variable "instance_count" {
    default = 1
}

Edit the AWS/terraform.tfvars file.
aws_region = "us-west-2"
project_name = "la-terrafrom"
vpc_cidr = "10.123.0.0/16"
public_cidrs = [
    "10.123.1.0/24",
    "10.123.2.0/24"
    ]
accessip = "0.0.0.0/0"
key_name = "tf_key"
public_key_path = "/home/ec2-user/.ssh/id_rsa.pub"
server_instance_type = "t2.micro"
instance_count = 2

Edit the AWS/outputs.tf file.
#---outputs.tf---

output "Bucket_Name" {
    value = module.storage.bucketname
}

ec2-user:~/environment/AWS/compute $ pwd
/home/ec2-user/environment/AWS/compute

ec2-user:~/environment/AWS/compute $ cd ..



Category: orchestration Tags: public

Upvote


Downvote