Terraform Script to Automate Infrastructure

Hello Guys,

In the last blog about Terraform we talked about how Terraform works and we wrote a simple script to fire an EC2 instance. In this blog , we will take it a step further and write a Terraform script to achieve the following goals:

provider "Aws" {
    profile = "myprofile"
    region = "us-east-1"
}

resource "aws_vpc" "demo-vpc" {
    cider_block = "10.0.0.0/16"
    }

resource "aws_subnet" "public-subnet"{
    vpc_id = ["${aws_vpc.demo-vpc.id}"]
    cider_block = "10.0.1.0/24"

    tags = {
        Name = "public-subnet"
    }
}
resource "aws_subnet" "public-subnet2" {
    vpc_id = ["${aws_vpc.demo-vpc.id}"]
    cider_block = "10.0.2.0/24"

    tags = {
        Name = "public-subnet2"
    }
}

resource  "Aws_internet_gateway" "vpc-igw" {
    vpc_id = ["${aws_vpc.demo-vpc.id}"]
}

resource  "aws_network_acl" "public-nacl" {
    vpc_id = "${aws_vpc.demo-vpc.id}"
    subnet_ids = ["${aws_subnet.public-subnet.id}", "${aws_subnet.public-subnet2.id}"]

    ingress {
        rule_no = "100"
        protocol = "TCP"
        from_port = "80"
        to_port = "80"
        action = "allow"
        cider_block = "0.0.0.0/0"
            }

       ingress {
        rule_no = "200"
        protocol = "TCP"
        from_port = "1024"
        to_port = "65535"
        action = "allow"
        cider_block = "0.0.0.0/0"
       }

       ingress {
        rule_no = "300"
        protocol = "TCP"
        from_port = "22"
        to_port = "22"
        action = "allow"
        cider_block = "0.0.0.0/0"
       }

    egress {
        rule_no = "100"
        protocol = "TCP"
        from_port = "80"
        to_port = "80"
        action = "allow"
        cider_block = "0.0.0.0/0"
    }

    egress {
         rule_no = "200"
        protocol = "TCP"
        from_port = "1024"
        to_port = "65535"
        action = "allow"
        cider_block = "0.0.0.0/0"
    }
     
    egress {
        rule_no = "300"
        protocol = "TCP"
        from_port = "22"
        to_port = "22"
        action = "allow"
        cider_block = "0.0.0.0/0"
    }

}

resource "aws_security_group" "my-sg"{
      Name = "my-sg"
      description = "Security group for webserver"
      vpc_id = "${aws_vpc.demo-vpc.id}"

      ingress {
        protocol = "TCP"  
        from_port = "80"
        to_port = "80"
        cider_block = "0.0.0.0/0"
        
      }  

      ingress {
        protocol = "TCP"  
        from_port = "22"
        to_port = "22"
        cider_block = "0.0.0.0/0"
      }  
}

resource "aws_security_group" "mysgdb"{
      Name = "mysgdb"
      description = "Security group for DB"
      vpc_id = "${aws_vpc.demo-vpc.id}"


      ingress {
        protocol = "TCP"  
        from_port = "3306"
        to_port = "3306"
        cider_block = "0.0.0.0/0"
        
      }  

      
}

resource "aws_instance" "webserver1"{
    ami = "ami-0cff7528ff583bf9a"
    instance_type = "t2.micro"
    vpc_security_group_ids = ["${aws_security_group.my-sg.id}"] 
    key_name = "gl"
    subnet_id = ["${aws_subnet.public-subnet.id}"]
     
}
 
 resource "aws_instance" "webserver2" {
    ami = "ami-0cff7528ff583bf9a"
    instance_type = "t2.micro"
    vpc_security_group_ids = ["${aws_security_group.my-sg.id}"] 
    key_name = "gl"
    subnet_id = ["${aws_subnet.public-subnet2.id}"]
     
}
resource "aws_alb" "webalb" {
    name = "webalb"
    internal = "false"
    load_balancer_type = "application"
    subnets = ["${aws_subnet.public-subnet.id}", "${aws_subnet.public-subnet2.id}"]  
    vpc_security_group_ids = ["${aws_security_group.my-sg.id}"]      
        
}

resource "aws_alb_listener" "webalb-list" {
    load_balancer_arn = ["${aws_lb.webalb.arn}"]
    port = "80"
    protocol = "HTTP"
    default_action {
      type = "forward"
      target_group_arn = ["${aws_lb_target_group.web-tg.id}"]
    }
     
}

resource "aws_alb_target_group" "web-tg" {
    name = "web-tg"
    port = "80"
    protocol = "HTTP"
    vpc_id = ["${aws_vpc.demo-vpc.id}"]

}
  
resource "aws_alb_target_group_attachment" "web-tg-attach" {
    target_group_arn = ["${aws_alb_target_group.web-tg.arn}"]
    target_id = ["${aws_instance.webserver1.id}"]
    port = "80"

}
resource "aws_alb_target_group_attachment" "web-tg-attach2" {
    target_group_arn = ["${aws_alb_target_group.web-tg.arn}"]
    target_id = ["${aws_instance.webserver2.id}"]
    port = "80"
    
}

resource "aws_db_subnet_group" "mysql-subnet-group" {
  name = "mysql-subnet-group"
  subnet_ids = ["${aws_subnet.public-subnet.id}" , "${aws_subnet.public-subnet2.id }" ]
}


resource "aws_db_instance" "mydb" {
    allocated_storage = "20"
    storage_type = "gp2"
    engine = "mysql"
    engine_version = "8.0.29"
    instance_class = "db.t2.micro"
    name = "mydb"
    username = "mysql-user"
    password = "mysql-password"
    db_subnet_group_name = "${aws_db_subnet_group.mysql-subnet-group.id}"
    vpc_security_group_ids = ["${aws_security_group.my-sg-db.id}"]
}

Once we run this code , we will provision an entire set of infrastructure in cloud by just writing the code and without having to touch the console. We can reuse this as many times as we want.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Website Powered by WordPress.com.

Up ↑

%d bloggers like this: