Giter VIP home page Giter VIP logo

my-terraform-ec2-module's Introduction

AWS EC2 environment Terraform module

Terraform module which creates a complete EC2 environment on AWS.

This module is the result of my personal studies using Terraform in AWS. These are the mainly concepts used:

  • VPC Network
  • Subnets:
    • public = webserver
    • private_with_nat = monitoring
    • private = database
  • Network ACLs
  • Security groups
  • Route tables
  • Internet gateway
  • NAT gateway
  • EC2 instances

Usage

module "ec2_cluster" {
  source                 = "github.com/marcelomansur/my-terraform-ec2-module"
  version                = "v0.1"

  aws_region = "us-east-1"
  # VPC cidr blocks used
  vpc_name = "my_vpc"
  vpc_cidr = "10.0.0.0/16"
  # VPC Subnets
  public_subnets           = ["10.0.101.0/24"]
  private_with_nat_subnets = ["10.0.201.0/24"]
  private_subnets          = ["10.0.1.0/24"]
  # EC2 instances
  webserver_instances = {
    webserver-example = {
      instance_name = "webserver-example"
      instance_type = "t2.micro",
    }
  }
  monitoring_instances = {
    monitoring-example = {
      instance_name = "monitoring-example"
      instance_type = "t2.micro"
    }
  }
  database_instances = {
    database-example = {
      instance_name = "database-example"
      instance_type = "t2.micro"
    }
  }
}

Examples

  • This basic example shows how to use this module to create a basic environment with 3 instances and 3 subnets.

Subnet types variables

A virtual private cloud (VPC) is a virtual network dedicated to your AWS account. It is logically isolated from other virtual networks in the AWS Cloud. After creating a VPC, you can add one or more subnets. This module provides three subnet types to build an environment:

  • public_subnets: List of subnets used for webservers. They have a public IP and internet access provided by a Internet Gateway. Users can connect to it using SSH key pairs informed on variable my_key_file.
  • private_with_nat_subnets: List of subnets used for monitoring or middlewares. It has outbound internet access using a NAT Gateway.
  • private_subnets: List of subnets used for databases. It has NOT internet access.

Network ACLs variables

A network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. In this module, each subnet has a network ACL associated to it:

  • default_inbound_acl_rules and default_outbound_acl_rules: Inbound and outbound rules merged to all others subnet. Put the default rules here and don't repeat it on others variables.
  • public_inbound_acl_rules and public_outbound_acl_rules: Inbound and outbound rules for the public subnet. It opens ports like http and https.
  • private_with_nat_inbound_acl_rules and private_with_nat_outbound_acl_rules: Inbound and outbound rules for the private_with_nat subnet. It opens ports like http and https for outbound rules.
  • private_inbound_acl_rules and private_outbound_acl_rules: Inbound and outbound rules for the private subnet. It must contain the most restrictive rules.

For study purposes, this module configures SSH port open by default for all subnets.

Security groups variables

A security group (SG) acts as a virtual firewall for your instance to control inbound and outbound traffic. This module provides these security group types:

  • default_inbound_sg_rules and default_outbound_sg_rules: Inbound and outbound rules merged to all others subnet. Put the default rules here and don't repeat it on others variables.
  • public_inbound_sg_rules and public_outbound_sg_rules: Inbound and outbound rules for the public instances. It opens ports like http and https.
  • private_with_nat_inbound_sg_rules and private_with_nat_outbound_sg_rules: Inbound and outbound rules for the private_with_nat instances.
  • private_inbound_sg_rules and private_outbound_sg_rules: Inbound and outbound rules for the private instance. It must contain the most restrictive rules.

For study purposes, this module configures SSH port open by default for all subnets.

EC2 instances variables

A Elastic Compute Cloud (EC2) is a web service that provides secure, resizable compute capacity in the cloud. This module provides some EC2 instances:

  • webserver_instances: Map of objects, each one represents a instance of webserver.
  • monitoring_instances: Map of objects, each one represents a instance of monitoring server.
  • database_instances: Map of objects, each one represents a instance of database server.

Requirements

Name Version
terraform >= 1.0.0
aws 3.44.0

Providers

Name Version
aws 3.44.0

Resources

Name
aws_ami
aws_eip
aws_instance
aws_internet_gateway
aws_key_pair
aws_nat_gateway
aws_network_acl
aws_network_acl_rule
aws_route_table
aws_route_table_association
aws_security_group
aws_security_group_rule
aws_subnet
aws_vpc

Inputs

Name Description Type Default Required
ami_name A list of names for searching the AMI list(string) 
[
  "iac-ubuntu-v0.3*"
]
 no
ami_owner A list of owners for searching the AMI list(string) 
[
  "self"
]
 no
my_key_file The public ssh RSA key file used for connection string "ssh/aws_rsa.pub" no
vpc_name The VPC name string "my_vpc" no
vpc_cidr The CIDR block for the VPC string n/a yes
vpc_tags Tags to identify VPC map(string) {} no
public_subnets A list of public subnets list(string) n/a yes
private_with_nat_subnets A list of private subnets with a NAT gateway list(string) n/a yes
private_subnets A list of private subnets list(string) n/a yes
default_inbound_acl_rules The network ACLs default inbound rules map(map(any)) 
{
  "ephemeral": {
    "cidr_block": "0.0.0.0/0",
    "from_port": 1024,
    "protocol": "tcp",
    "rule_action": "allow",
    "rule_number": 901,
    "to_port": 65535
  },
  "ssh": {
    "cidr_block": "0.0.0.0/0",
    "from_port": 22,
    "protocol": "tcp",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 22
  }
}
 no
default_outbound_acl_rules The network ACLs default outbound rules map(map(any)) 
{
  "ephemeral": {
    "cidr_block": "0.0.0.0/0",
    "from_port": 1024,
    "protocol": "tcp",
    "rule_action": "allow",
    "rule_number": 901,
    "to_port": 65535
  },
  "ssh": {
    "cidr_block": "0.0.0.0/0",
    "from_port": 22,
    "protocol": "tcp",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 22
  }
}
 no
public_inbound_acl_rules The network ACLs public inbound rules map(map(any)) 
{
  "http": {
    "cidr_block": "0.0.0.0/0",
    "from_port": 80,
    "protocol": "tcp",
    "rule_action": "allow",
    "rule_number": 110,
    "to_port": 80
  },
  "https": {
    "cidr_block": "0.0.0.0/0",
    "from_port": 443,
    "protocol": "tcp",
    "rule_action": "allow",
    "rule_number": 120,
    "to_port": 443
  }
}
 no
public_outbound_acl_rules The network ACLs public outbound rules map(map(any)) 
{
  "http": {
    "cidr_block": "0.0.0.0/0",
    "from_port": 80,
    "protocol": "tcp",
    "rule_action": "allow",
    "rule_number": 110,
    "to_port": 80
  },
  "https": {
    "cidr_block": "0.0.0.0/0",
    "from_port": 443,
    "protocol": "tcp",
    "rule_action": "allow",
    "rule_number": 120,
    "to_port": 443
  }
}
 no
private_with_nat_inbound_acl_rules The network ACLs private_with_nat inbound rules map(map(any)) {} no
private_with_nat_outbound_acl_rules The network ACLs private_with_nat outbound rules map(map(any)) 
{
  "http": {
    "cidr_block": "0.0.0.0/0",
    "from_port": 80,
    "protocol": "tcp",
    "rule_action": "allow",
    "rule_number": 110,
    "to_port": 80
  },
  "https": {
    "cidr_block": "0.0.0.0/0",
    "from_port": 443,
    "protocol": "tcp",
    "rule_action": "allow",
    "rule_number": 120,
    "to_port": 443
  }
}
 no
private_inbound_acl_rules The network ACLs private inbound rules map(map(any)) {} no
private_outbound_acl_rules The network ACLs private outbound rules map(map(any)) {} no
default_inbound_sg_rules The network ACLs default inbound rules map(map(any)) 
{
  "ssh-tcp": {
    "from_port": 22,
    "protocol": "tcp",
    "to_port": 22
  }
}
 no
default_outbound_sg_rules The network ACLs default outbound rules map(map(any)) 
{
  "ssh-tcp": {
    "from_port": 0,
    "protocol": -1,
    "to_port": 0
  }
}
 no
public_inbound_sg_rules The network ACLs public inbound rules map(map(any)) 
{
  "http-tcp": {
    "from_port": 80,
    "protocol": "tcp",
    "to_port": 80
  },
  "https-tcp": {
    "from_port": 443,
    "protocol": "tcp",
    "to_port": 443
  }
}
 no
public_outbound_sg_rules The network ACLs public outbound rules map(map(any)) {} no
private_with_nat_inbound_sg_rules The network ACLs private_with_nat inbound rules map(map(any)) {} no
private_with_nat_outbound_sg_rules The network ACLs private_with_nat outbound rules map(map(any)) {} no
private_inbound_sg_rules The network ACLs private inbound rules map(map(any)) {} no
private_outbound_sg_rules The network ACLs private outbound rules map(map(any)) {} no
webserver_instances The EC2 instances for webserver cluster map(map(any)) 
{
  "webserver-example": {
    "instance_name": "webserver-example",
    "instance_type": "t2.micro",
    "monitoring": true
  }
}
 no
monitoring_instances The EC2 instances for monitoring cluster map(map(any)) 
{
  "monitoring-example": {
    "instance_name": "monitoring-example",
    "instance_type": "t2.micro",
    "monitoring": false
  }
}
 no
database_instances The EC2 instances for database cluster map(map(any)) 
{
  "database-example": {
    "instance_name": "database-example",
    "instance_type": "t2.micro",
    "monitoring": true
  }
}
 no

Outputs

Name Description
webserver_public_ip EC2 webserver instance public IP
webserver_private_ip EC2 webserver instance private IP
monitoring_private_ip EC2 monitoring instance private IP
database_private_ip EC2 database instance private IP

my-terraform-ec2-module's People

Contributors

marcelomansur avatar

Stargazers

Jon Clayton avatar Yassue Kimura avatar Edson C. avatar

Watchers

James Cloos avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.