Terraform module which creates a complete EC2 environment on AWS.
This module is the result of my personal studies using Terraform in AWS. These are the mainly concepts used:
- VPC Network
- Subnets:
- public = webserver
- private_with_nat = monitoring
- private = database
- Network ACLs
- Security groups
- Route tables
- Internet gateway
- NAT gateway
- EC2 instances
module "ec2_cluster" {
source = "github.com/marcelomansur/my-terraform-ec2-module"
version = "v0.1"
aws_region = "us-east-1"
# VPC cidr blocks used
vpc_name = "my_vpc"
vpc_cidr = "10.0.0.0/16"
# VPC Subnets
public_subnets = ["10.0.101.0/24"]
private_with_nat_subnets = ["10.0.201.0/24"]
private_subnets = ["10.0.1.0/24"]
# EC2 instances
webserver_instances = {
webserver-example = {
instance_name = "webserver-example"
instance_type = "t2.micro",
}
}
monitoring_instances = {
monitoring-example = {
instance_name = "monitoring-example"
instance_type = "t2.micro"
}
}
database_instances = {
database-example = {
instance_name = "database-example"
instance_type = "t2.micro"
}
}
}
- This basic example shows how to use this module to create a basic environment with 3 instances and 3 subnets.
A virtual private cloud (VPC) is a virtual network dedicated to your AWS account. It is logically isolated from other virtual networks in the AWS Cloud. After creating a VPC, you can add one or more subnets. This module provides three subnet types to build an environment:
public_subnets
: List of subnets used for webservers. They have a public IP and internet access provided by a Internet Gateway. Users can connect to it using SSH key pairs informed on variablemy_key_file
.private_with_nat_subnets
: List of subnets used for monitoring or middlewares. It has outbound internet access using a NAT Gateway.private_subnets
: List of subnets used for databases. It has NOT internet access.
A network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. In this module, each subnet has a network ACL associated to it:
default_inbound_acl_rules
anddefault_outbound_acl_rules
: Inbound and outbound rules merged to all others subnet. Put the default rules here and don't repeat it on others variables.public_inbound_acl_rules
andpublic_outbound_acl_rules
: Inbound and outbound rules for the public subnet. It opens ports likehttp
andhttps
.private_with_nat_inbound_acl_rules
andprivate_with_nat_outbound_acl_rules
: Inbound and outbound rules for the private_with_nat subnet. It opens ports likehttp
andhttps
for outbound rules.private_inbound_acl_rules
andprivate_outbound_acl_rules
: Inbound and outbound rules for the private subnet. It must contain the most restrictive rules.
For study purposes, this module configures SSH port open by default for all subnets.
A security group (SG) acts as a virtual firewall for your instance to control inbound and outbound traffic. This module provides these security group types:
default_inbound_sg_rules
anddefault_outbound_sg_rules
: Inbound and outbound rules merged to all others subnet. Put the default rules here and don't repeat it on others variables.public_inbound_sg_rules
andpublic_outbound_sg_rules
: Inbound and outbound rules for the public instances. It opens ports likehttp
andhttps
.private_with_nat_inbound_sg_rules
andprivate_with_nat_outbound_sg_rules
: Inbound and outbound rules for the private_with_nat instances.private_inbound_sg_rules
andprivate_outbound_sg_rules
: Inbound and outbound rules for the private instance. It must contain the most restrictive rules.
For study purposes, this module configures SSH port open by default for all subnets.
A Elastic Compute Cloud (EC2) is a web service that provides secure, resizable compute capacity in the cloud. This module provides some EC2 instances:
webserver_instances
: Map of objects, each one represents a instance of webserver.monitoring_instances
: Map of objects, each one represents a instance of monitoring server.database_instances
: Map of objects, each one represents a instance of database server.
Name | Version |
---|---|
terraform | >= 1.0.0 |
aws | 3.44.0 |
Name | Version |
---|---|
aws | 3.44.0 |
Name | Description | Type | Default | Required |
---|---|---|---|---|
ami_name | A list of names for searching the AMI | list(string) |
[ |
no |
ami_owner | A list of owners for searching the AMI | list(string) |
[ |
no |
my_key_file | The public ssh RSA key file used for connection | string |
"ssh/aws_rsa.pub" |
no |
vpc_name | The VPC name | string |
"my_vpc" |
no |
vpc_cidr | The CIDR block for the VPC | string |
n/a | yes |
vpc_tags | Tags to identify VPC | map(string) |
{} |
no |
public_subnets | A list of public subnets | list(string) |
n/a | yes |
private_with_nat_subnets | A list of private subnets with a NAT gateway | list(string) |
n/a | yes |
private_subnets | A list of private subnets | list(string) |
n/a | yes |
default_inbound_acl_rules | The network ACLs default inbound rules | map(map(any)) |
{ |
no |
default_outbound_acl_rules | The network ACLs default outbound rules | map(map(any)) |
{ |
no |
public_inbound_acl_rules | The network ACLs public inbound rules | map(map(any)) |
{ |
no |
public_outbound_acl_rules | The network ACLs public outbound rules | map(map(any)) |
{ |
no |
private_with_nat_inbound_acl_rules | The network ACLs private_with_nat inbound rules | map(map(any)) |
{} |
no |
private_with_nat_outbound_acl_rules | The network ACLs private_with_nat outbound rules | map(map(any)) |
{ |
no |
private_inbound_acl_rules | The network ACLs private inbound rules | map(map(any)) |
{} |
no |
private_outbound_acl_rules | The network ACLs private outbound rules | map(map(any)) |
{} |
no |
default_inbound_sg_rules | The network ACLs default inbound rules | map(map(any)) |
{ |
no |
default_outbound_sg_rules | The network ACLs default outbound rules | map(map(any)) |
{ |
no |
public_inbound_sg_rules | The network ACLs public inbound rules | map(map(any)) |
{ |
no |
public_outbound_sg_rules | The network ACLs public outbound rules | map(map(any)) |
{} |
no |
private_with_nat_inbound_sg_rules | The network ACLs private_with_nat inbound rules | map(map(any)) |
{} |
no |
private_with_nat_outbound_sg_rules | The network ACLs private_with_nat outbound rules | map(map(any)) |
{} |
no |
private_inbound_sg_rules | The network ACLs private inbound rules | map(map(any)) |
{} |
no |
private_outbound_sg_rules | The network ACLs private outbound rules | map(map(any)) |
{} |
no |
webserver_instances | The EC2 instances for webserver cluster | map(map(any)) |
{ |
no |
monitoring_instances | The EC2 instances for monitoring cluster | map(map(any)) |
{ |
no |
database_instances | The EC2 instances for database cluster | map(map(any)) |
{ |
no |
Name | Description |
---|---|
webserver_public_ip | EC2 webserver instance public IP |
webserver_private_ip | EC2 webserver instance private IP |
monitoring_private_ip | EC2 monitoring instance private IP |
database_private_ip | EC2 database instance private IP |