DevSecOpsG · Cybertron-lab · Aug 7, 2024
diff --git a/shubh_resource_files/backend.tf b/shubh_resource_files/backend.tf
@@ -0,0 +1,8 @@
+# Backend configuration to store Terraform state file into S3 Bucket
+terraform {
+  backend "s3" {
+    bucket = "terra-bucket20234"
+    key    = "terra-backend/tfstate" # The path within the bucket for the state file
+    region = "ap-south-1"
+  }
+}
diff --git a/shubh_resource_files/ebs_vol.tf b/shubh_resource_files/ebs_vol.tf
@@ -0,0 +1,14 @@
+/*resource "aws_ebs_volume" "terra-EBS" {
+  availability_zone = var.ZONE1
+  size              = 2
+  tags = {
+    Name = "Extra Volume Attachment"
+  }
+}
+
+resource "aws_volume_attachment" "ebs_att" {
+  device_name = "/dev/xvdh"
+  volume_id   = aws_ebs_volume.terra-EBS.id
+  instance_id = aws_instance.EC2-Instance.id
+}
+*/
diff --git a/shubh_resource_files/instance.tf b/shubh_resource_files/instance.tf
@@ -0,0 +1,85 @@
+# AWS Key Pair
+resource "aws_key_pair" "key" {
+  key_name   = "terra-key"
+  public_key = file("terra-key.pub")
+}
+
+# Create EC2 Instance
+resource "aws_instance" "EC2-Instance" {
+  ami                    = var.AMIs[var.REGION]
+  instance_type          = var.INST_TYPE
+  subnet_id              = aws_subnet.public-subnet-1.id
+  vpc_security_group_ids = [aws_security_group.terra-SG.id]
+  key_name               = aws_key_pair.key.key_name
+  tags = {
+    Name    = "terraform instance"
+    Purpose = "Test of terraform code"
+  }
+
+  user_data = file("web.sh") # Userdata to bo executed after server provisioning
+  /**
+  # Transfer file from local env to server
+  provisioner "file" {
+    source      = "web.sh"
+    destination = "/tmp/web.sh"
+  }
+
+  # Remote commands on server
+  provisioner "remote-exec" {
+    inline = [
+      "chmod +x /tmp/web.sh",
+      "sudo /tmp/web.sh"
+    ]
+  }
+
+  # SSH into server
+  connection {
+    user        = var.user
+    private_key = file("terra-key")
+    host        = self.public_ip
+  } 
+  **/
+}
+
+
+
+# Allocate an Elastic IP
+resource "aws_eip" "ElasticIP" {
+  instance = aws_instance.EC2-Instance.id
+}
+
+# Create an RDS instance
+resource "aws_db_instance" "RDS" {
+  identifier             = "my-rds-instance"
+  instance_class         = "db.t3.micro" # Change to your desired instance type
+  engine                 = "mysql"       # Change to your preferred database engine (e.g., postgres, oracle)
+  engine_version         = "8.0"         # Change to the version of the engine you're using
+  allocated_storage      = 20            # Size in GB
+  username               = "admin"       # Master username
+  password               = "admin123"    # Master password
+  db_name                = "mydatabase"  # Initial database name
+  publicly_accessible    = true          # Set to false for private instances
+  vpc_security_group_ids = [aws_security_group.rds_sg.id]
+  storage_type           = "gp2" # General Purpose SSD
+  skip_final_snapshot    = true  # Set to false if you want to store final snapshot
+
+  tags = {
+    Name = "MyRDSInstance"
+  }
+}
+
+# Create extra EBS Volume
+resource "aws_ebs_volume" "terra-EBS" {
+  availability_zone = var.ZONE1
+  size              = 2
+  tags = {
+    Name = "Extra Volume Attachment"
+  }
+}
+
+# Attach extra EBS Volume to Instance
+resource "aws_volume_attachment" "extra_ebs_att" {
+  device_name = "/dev/xvdh"
+  volume_id   = aws_ebs_volume.terra-EBS.id
+  instance_id = aws_instance.EC2-Instance.id
+}
diff --git a/shubh_resource_files/output.tf b/shubh_resource_files/output.tf
@@ -0,0 +1,42 @@
+# Output Block for EC2 and RDS Instance
+
+output "ElasticIP" {
+  value = aws_eip.ElasticIP.public_ip
+}
+
+output "PrivateIP" {
+  value = aws_instance.EC2-Instance.private_ip
+}
+
+output "AMI" {
+  value = aws_instance.EC2-Instance.ami
+}
+
+output "ZONE" {
+  value = aws_instance.EC2-Instance.availability_zone
+}
+
+output "instance_type" {
+  value = aws_instance.EC2-Instance.instance_type
+}
+
+output "rds_instance_endpoint" {
+  description = "The endpoint of the RDS instance."
+  value       = aws_db_instance.RDS.endpoint
+}
+
+output "rds_instance_db_name" {
+  description = "The database name for the RDS instance."
+  value       = aws_db_instance.RDS.db_name
+}
+
+output "rds_instance_port" {
+  description = "The port of the RDS instance."
+  value       = aws_db_instance.RDS.port
+}
+
+
+output "rds_instance_id" {
+  description = "The ID of the RDS instance."
+  value       = aws_db_instance.RDS.id
+}
diff --git a/shubh_resource_files/providers.tf b/shubh_resource_files/providers.tf
@@ -0,0 +1,4 @@
+# AWS Provider
+provider "aws" {
+  region = var.REGION
+}
diff --git a/shubh_resource_files/s3-bucket.tf b/shubh_resource_files/s3-bucket.tf
@@ -0,0 +1,29 @@
+# Separate execution of s3 bucket creation should be done.
+# aws s3api create-bucket --bucket terra-bucket20234 --region ap-south-1 --create-bucket-configuration LocationConstraint=ap-south-1
+
+
+/**resource "aws_s3_bucket" "terraform_state" {
+  bucket = "terra-bucket20234"  # Replace with a globally unique bucket name
+  acl    = "private"
+
+  tags = {
+    Name        = "Terraform State Bucket"
+    Environment = "Terra-Project"
+  }
+}
+
+resource "aws_s3_bucket_versioning" "versioning" {
+  bucket = aws_s3_bucket.terraform_state.bucket
+
+  versioning_configuration {
+    status = "Enabled"
+  }
+}
+
+output "bucket_name" {
+  value = aws_s3_bucket.terraform_state.bucket
+}
+**/
+
+# Separate execution of s3 bucket creation should be done.
+# aws s3api create-bucket --bucket terra-bucket20234 --region ap-south-1 --create-bucket-configuration LocationConstraint=ap-south-1
diff --git a/shubh_resource_files/sec_grp.tf b/shubh_resource_files/sec_grp.tf
@@ -0,0 +1,75 @@
+# Security Group for EC2-instance
+
+resource "aws_security_group" "terra-SG" {
+  vpc_id      = aws_vpc.terraform_vpc.id
+  name        = "terra-SG"
+  description = "Sec_grp for SSH & HTTP"
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"] # your IP
+  }
+  /**
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  ingress {
+    from_port   = 443
+    to_port     = 443
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+**/
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  ingress {
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  tags = {
+    Name = "allow_SSH & HTTP"
+  }
+}
+
+# Define a security group to allow access to the RDS instance
+resource "aws_security_group" "rds_sg" {
+  name_prefix = "rds_sg_"
+
+  ingress {
+    from_port   = 3306 # Port for MySQL.
+    to_port     = 3306
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"] # your IP
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  tags = {
+    Name = "Allow 3306 for RDS Instance"
+  }
+}
+
diff --git a/shubh_resource_files/terra-key b/shubh_resource_files/terra-key
@@ -0,0 +1 @@
+### your private key ###
diff --git a/shubh_resource_files/terra-key.pub b/shubh_resource_files/terra-key.pub
@@ -0,0 +1 @@
+### Your Public Key ###
diff --git a/shubh_resource_files/vars.tf b/shubh_resource_files/vars.tf
@@ -0,0 +1,45 @@
+variable "REGION" {
+  default = "ap-south-1"
+}
+
+variable "ZONE1" {
+  default = "ap-south-1a"
+}
+
+variable "ZONE2" {
+  default = "ap-south-1b"
+
+}
+
+variable "ZONE3" {
+  default = "ap-south-1c"
+}
+
+variable "AMIs" {
+  type = map(any)
+  default = {
+    ap-south-1 = "ami-025fe52e1f2dc5044"
+    us-east-2  = "ami-0c11a84584d4e09dd"
+  }
+}
+
+variable "INST_TYPE" {
+  default = "t2.micro"
+}
+
+variable "user" {
+  default = "ec2-user"
+}
+
+variable "PUB_KEY" {
+  default = "terra-key.pub"
+}
+
+variable "PRI_KEY" {
+  default = "terra_key"
+}
+
+/**variable "MYIP" {
+  default = "152.57.xxx.xxx/32"
+}
+**/