diff --git a/EC2 VPC & S3 Bucket/main.tf b/EC2 VPC & S3 Bucket/main.tf new file mode 100644 index 0000000..9b4f2b2 --- /dev/null +++ b/EC2 VPC & S3 Bucket/main.tf @@ -0,0 +1,55 @@ +provider "aws" { + region = "ap-south-1" +} + +resource "aws_instance" "web_server" { + ami = "ami-0c55b159cbfafe1f0" # Example for Amazon Linux 2 in us-west-2 + instance_type = "t2.micro" + + tags = { + Name = "MyWebServer" + } + + key_name = "your-key-pair-name" # Replace with your key pair +} +resource "aws_db_instance" "default" { + allocated_storage = 20 + engine = "mysql" + engine_version = "8.0" + instance_class = "db.t3.micro" + name = "mydb" + username = "admin" + password = "adminpassword123" # use secrets manager in production! + parameter_group_name = "default.mysql8.0" + skip_final_snapshot = true + + tags = { + Name = "MyRDSInstance" + } +} +resource "aws_security_group" "allow_web" { + name = "allow_web" + description = "Allow HTTP and MySQL" + + ingress { + from_port = 80 + to_port = 80 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + ingress { + from_port = 3306 + to_port = 3306 + protocol = "tcp" + cidr_blocks = ["your-ec2-ip/32"] # Only allow EC2 to access RDS + } + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } +} + diff --git a/EKS cluster/main.tf b/EKS cluster/main.tf new file mode 100644 index 0000000..a27478e --- /dev/null +++ b/EKS cluster/main.tf @@ -0,0 +1,113 @@ +# Copyright (c) HashiCorp, Inc. +# SPDX-License-Identifier: MPL-2.0 + +provider "aws" { + region = var.region +} + +# Filter out local zones, which are not currently supported +# with managed node groups +data "aws_availability_zones" "available" { + filter { + name = "opt-in-status" + values = ["opt-in-not-required"] + } +} + +locals { + cluster_name = "education-eks-${random_string.suffix.result}" +} + +resource "random_string" "suffix" { + length = 8 + special = false +} + +module "vpc" { + source = "terraform-aws-modules/vpc/aws" + version = "5.8.1" + + name = "education-vpc" + + cidr = "10.0.0.0/16" + azs = slice(data.aws_availability_zones.available.names, 0, 3) + + private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] + public_subnets = ["10.0.4.0/24", "10.0.5.0/24", "10.0.6.0/24"] + + enable_nat_gateway = true + single_nat_gateway = true + enable_dns_hostnames = true + + public_subnet_tags = { + "kubernetes.io/role/elb" = 1 + } + + private_subnet_tags = { + "kubernetes.io/role/internal-elb" = 1 + } +} + +module "eks" { + source = "terraform-aws-modules/eks/aws" + version = "20.8.5" + + cluster_name = local.cluster_name + cluster_version = "1.29" + + cluster_endpoint_public_access = true + enable_cluster_creator_admin_permissions = true + + cluster_addons = { + aws-ebs-csi-driver = { + service_account_role_arn = module.irsa-ebs-csi.iam_role_arn + } + } + + vpc_id = module.vpc.vpc_id + subnet_ids = module.vpc.private_subnets + + eks_managed_node_group_defaults = { + ami_type = "AL2_x86_64" + + } + + eks_managed_node_groups = { + one = { + name = "node-group-1" + + instance_types = ["t3.small"] + + min_size = 1 + max_size = 3 + desired_size = 2 + } + + two = { + name = "node-group-2" + + instance_types = ["t3.small"] + + min_size = 1 + max_size = 2 + desired_size = 1 + } + } +} + + +# https://aws.amazon.com/blogs/containers/amazon-ebs-csi-driver-is-now-generally-available-in-amazon-eks-add-ons/ +data "aws_iam_policy" "ebs_csi_policy" { + arn = "arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy" +} + +module "irsa-ebs-csi" { + source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc" + version = "5.39.0" + + create_role = true + role_name = "AmazonEKSTFEBSCSIRole-${module.eks.cluster_name}" + provider_url = module.eks.oidc_provider + role_policy_arns = [data.aws_iam_policy.ebs_csi_policy.arn] + oidc_fully_qualified_subjects = ["system:serviceaccount:kube-system:ebs-csi-controller-sa"] +} diff --git a/RDS/main.tf b/RDS/main.tf new file mode 100644 index 0000000..b3c783e --- /dev/null +++ b/RDS/main.tf @@ -0,0 +1,89 @@ +provider "aws" { + region = "ap-south-1" +} + +# VPC +resource "aws_vpc" "custom" { + cidr_block = "10.0.0.0/16" + enable_dns_support = true + enable_dns_hostnames = true + + tags = { + Name = "VPC" + } +} + +# Subnet 1 - ap-south-1a +resource "aws_subnet" "subnet1" { + vpc_id = aws_vpc.custom.id + cidr_block = "10.0.1.0/24" + availability_zone = "ap-south-1a" + map_public_ip_on_launch = true + + tags = { + Name = "Subnet-1" + } +} + +# Subnet 2 - ap-south-1b +resource "aws_subnet" "subnet2" { + vpc_id = aws_vpc.custom.id + cidr_block = "10.0.3.0/24" + availability_zone = "ap-south-1b" + map_public_ip_on_launch = true + + tags = { + Name = "Subnet-2" + } +} + +# DB Subnet Group +resource "aws_db_subnet_group" "example" { + name = "example-db-subnet-group" + subnet_ids = [aws_subnet.subnet1.id, aws_subnet.subnet2.id] + + tags = { + Name = "example-db-subnet-group" + } +} + +# Security Group for RDS +resource "aws_security_group" "rds_sg" { + name = "rds-sg" + description = "Allow MySQL access" + vpc_id = aws_vpc.custom.id + + ingress { + from_port = 3306 + to_port = 3306 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] # Open to public (not recommended for prod) + } + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } + + tags = { + Name = "rds-sg" + } +} + +# RDS Instance +resource "aws_db_instance" "example" { + allocated_storage = 20 + engine = "mysql" + engine_version = "8.0" + instance_class = "db.t3.micro" + db_name = "exampledb" + username = "admin" + password = "admin1234" + skip_final_snapshot = true + identifier = "example-db-instance" + db_subnet_group_name = aws_db_subnet_group.example.name + vpc_security_group_ids = [aws_security_group.rds_sg.id] + publicly_accessible = true +}