From bedfd2a64e7e7b2129785aff4cd872f851750852 Mon Sep 17 00:00:00 2001 From: Jordan Reaves Date: Wed, 21 May 2025 00:26:55 -0400 Subject: [PATCH 01/12] formated and added outputs --- main.tf | 242 ++++++++++++++++++++++++++++++++------------------- outputs.tf | 29 ++++++ variables.tf | 120 +++++++++++++------------ 3 files changed, 247 insertions(+), 144 deletions(-) create mode 100644 outputs.tf diff --git a/main.tf b/main.tf index 00d0c67..1d84c08 100644 --- a/main.tf +++ b/main.tf @@ -1,125 +1,187 @@ -### PROVIDER -provider "google" { - project = var.project-id - region = var.region - zone = var.zone +terraform { + required_version = "~> 1.11.4" + + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 5.96.0" + } + } } -### NETWORK -data "google_compute_network" "default" { - name = "default" +provider "aws" { + region = var.region } -## SUBNET -resource "google_compute_subnetwork" "subnet-1" { - name = var.subnet-name - ip_cidr_range = var.subnet-cidr - network = data.google_compute_network.default.self_link - region = var.region - private_ip_google_access = var.private_google_access +# VPC +resource "aws_vpc" "main" { + cidr_block = var.vpc_cidr + enable_dns_hostnames = true + tags = { + Name = "main-vpc" + } } -resource "google_compute_firewall" "default" { - name = "test-firewall" - network = data.google_compute_network.default.self_link +# SUBNET +resource "aws_subnet" "subnet-1" { + vpc_id = aws_vpc.main.id + cidr_block = var.subnet_cidr + map_public_ip_on_launch = true + tags = { + Name = var.subnet_name + } +} + +resource "aws_internet_gateway" "igw" { + vpc_id = aws_vpc.main.id - allow { - protocol = "icmp" + tags = { + Name = "main-igw" } +} + +resource "aws_route_table" "public_rt" { + vpc_id = aws_vpc.main.id - allow { - protocol = "tcp" - ports = var.firewall-ports + route { + cidr_block = var.sg_cidr + gateway_id = aws_internet_gateway.igw.id } - source_tags = var.compute-source-tags + tags = { + Name = "public-rt" + } +} + +resource "aws_route_table_association" "a" { + subnet_id = aws_subnet.subnet-1.id + route_table_id = aws_route_table.public_rt.id } -### COMPUTE -## NGINX PROXY -resource "google_compute_instance" "nginx_instance" { - name = "nginx-proxy" - machine_type = "f1-micro" - tags = var.compute-source-tags +resource "aws_security_group" "web_sg" { + name = "main-web-sg" + description = "Allow SSH, HTTP, HTTPS" + vpc_id = aws_vpc.main.id - boot_disk { - initialize_params { - image = "debian-cloud/debian-11" + dynamic "ingress" { + for_each = var.allowed_ports + content { + from_port = ingress.value + to_port = ingress.value + protocol = "tcp" + cidr_blocks = [var.sg_cidr] } } - network_interface { - network = data.google_compute_network.default.self_link - subnetwork = google_compute_subnetwork.subnet-1.self_link - access_config { - - } + egress { + description = "Allow all outbound" + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = [var.sg_cidr] + } + + tags = { + Name = "web-sg" } } -## WEB1 -resource "google_compute_instance" "web1" { - name = "web1" - machine_type = "f1-micro" - - boot_disk { - initialize_params { - image = "debian-cloud/debian-11" - } +data "aws_ami" "amazon_linux" { + most_recent = true + owners = [var.ami_owner] + + filter { + name = "name" + values = [var.ami_name] } +} + +resource "aws_instance" "nginx_proxy" { + ami = data.aws_ami.amazon_linux.id + instance_type = var.instance_type + subnet_id = aws_subnet.subnet-1.id + vpc_security_group_ids = [aws_security_group.web_sg.id] + associate_public_ip_address = true - network_interface { - # A default network is created for all GCP projects - network = data.google_compute_network.default.self_link - subnetwork = google_compute_subnetwork.subnet-1.self_link + tags = { + Name = "nginx-proxy" } + + user_data = <<-EOF + #!/bin/bash + sudo yum install -y nginx + sudo systemctl enable nginx + sudo systemctl start nginx + EOF } -## WEB2 -resource "google_compute_instance" "web2" { - name = "web2" - machine_type = "f1-micro" - - boot_disk { - initialize_params { - image = "debian-cloud/debian-11" - } + + +resource "aws_instance" "web1" { + ami = data.aws_ami.amazon_linux.id + instance_type = var.instance_type + subnet_id = aws_subnet.subnet-1.id + vpc_security_group_ids = [aws_security_group.web_sg.id] + + tags = { + Name = "${lower(var.target_environment)}-instance" + Environment = var.target_environment } - network_interface { - network = data.google_compute_network.default.self_link - subnetwork = google_compute_subnetwork.subnet-1.self_link + user_data = <<-EOF + #!/bin/bash + sudo yum install -y httpd + sudo systemctl enable httpd + sudo systemctl start httpd + EOF +} + +resource "aws_instance" "web2" { + ami = data.aws_ami.amazon_linux.id + instance_type = var.environment_instance_settings[var.target_environment].instance_type + subnet_id = aws_subnet.subnet-1.id + vpc_security_group_ids = [aws_security_group.web_sg.id] + tags = { + Name = "${lower(var.target_environment)}-instance" + Environment = var.target_environment } + user_data = <<-EOF + #!/bin/bash + sudo yum install -y httpd + sudo systemctl enable httpd + sudo systemctl start httpd + EOF } -## WEB3 -resource "google_compute_instance" "web3" { - name = "web3" - machine_type = "f1-micro" - - boot_disk { - initialize_params { - image = "debian-cloud/debian-11" - } + +resource "aws_instance" "web3" { + ami = data.aws_ami.amazon_linux.id + instance_type = var.environment_instance_settings[var.target_environment].instance_type + subnet_id = aws_subnet.subnet-1.id + vpc_security_group_ids = [aws_security_group.web_sg.id] + + tags = { + Name = "${lower(var.target_environment)}-instance" + Environment = var.target_environment } - network_interface { - network = data.google_compute_network.default.self_link - subnetwork = google_compute_subnetwork.subnet-1.self_link - } + user_data = <<-EOF + #!/bin/bash + sudo yum install -y httpd + sudo systemctl enable httpd + sudo systemctl start httpd + EOF } -## DB -resource "google_compute_instance" "mysqldb" { +resource "aws_dynamodb_table" "mysqldb" { name = "mysqldb" - machine_type = "f1-micro" - - boot_disk { - initialize_params { - image = "debian-cloud/debian-11" - } + billing_mode = "PAY_PER_REQUEST" + hash_key = "id" + + attribute { + name = "id" + type = "S" } - network_interface { - network = data.google_compute_network.default.self_link - subnetwork = google_compute_subnetwork.subnet-1.self_link - } -} \ No newline at end of file + tags = { + Name = "mysqldb" + } +} diff --git a/outputs.tf b/outputs.tf new file mode 100644 index 0000000..8ef7456 --- /dev/null +++ b/outputs.tf @@ -0,0 +1,29 @@ +output "vpc_id" { + description = "VPC ID" + value = aws_vpc.main.id +} + +output "public_subnet_ids" { + description = "Public Subnet IDs" + value = aws_subnet.subnet-1.*.id +} + +output "internet_gateway" { + description = "Internet Gateway ID" + value = aws_internet_gateway.igw.id +} + +output "route_table" { + description = "Route Table ID" + value = aws_route_table.public_rt.id +} + +output "nginx_id" { + description = "Nginx Instance ID" + value = aws_instance.nginx_proxy.id +} + +output "nginx_public_ip" { + description = "Nginx Public IPcl" + value = aws_instance.nginx_proxy.public_ip +} \ No newline at end of file diff --git a/variables.tf b/variables.tf index 2ca35f9..2040a7f 100644 --- a/variables.tf +++ b/variables.tf @@ -1,90 +1,102 @@ -### VARIABLES -variable "project-id" { - type = string +variable "region" { + type = string + default = "us-east-1" } -variable "region" { - type = string - default = "us-central1" +variable "vpc_cidr" { + type = string + default = "10.0.0.0/16" +} + +variable "subnet_name" { + type = string + default = "public-subnet-1" } -variable "zone" { - type = string - default = "us-central1-a" +variable "subnet_cidr" { + type = string + default = "10.0.1.0/24" } -variable "subnet-name" { - type = string - default = "subnet1" +variable "ami_owner" { + type = string + default = "amazon" } -variable "subnet-cidr" { - type = string - default = "10.127.0.0/20" +variable "ami_name" { + type = string + default = "amzn2-ami-hvm-*-x86_64-gp2" } -variable "private_google_access" { - type = bool - default = true +variable "instance_type" { + type = string + default = "t2.micro" } -variable "firewall-ports" { - type = list - default = ["80", "8080", "1000-2000", "22"] +variable "allowed_ports" { + type = list(number) + default = [22, 80, 443] } -variable "compute-source-tags" { - type = list - default = ["web"] +variable "sg_cidr" { + type = string + default = "0.0.0.0/0" } variable "target_environment" { - default = "DEV" + description = "The target environment to deploy into" + type = string + default = "DEV" } variable "environment_list" { - type = list(string) - default = ["DEV","QA","STAGE","PROD"] + type = list(string) + default = ["DEV", "QA", "STAGE", "PROD"] } variable "environment_map" { type = map(string) default = { - "DEV" = "dev", - "QA" = "qa", + "DEV" = "dev", + "QA" = "qa", "STAGE" = "stage", - "PROD" = "prod" - } -} - -variable "environment_machine_type" { - type = map(string) - default = { - "DEV" = "f1-micro", - "QA" = "f1-micro", - "STAGE" = "f1-micro", - "PROD" = "f1-micro" + "PROD" = "prod" } } variable "environment_instance_settings" { - type = map(object({machine_type=string, tags=list(string)})) + type = map(object({ + instance_type = string + tags = map(string) + })) default = { "DEV" = { - machine_type = "f1-micro" - tags = ["dev"] - }, - "QA" = { - machine_type = "f1-micro" - tags = ["qa"] - }, + instance_type = "t2.micro", + tags = { + Name = "dev-instance", + Environment = "DEV" + } + } + "QA" = { + instance_type = "t2.micro", + tags = { + Name = "qa-instance", + Environment = "QA" + } + } "STAGE" = { - machine_type = "f1-micro" - tags = ["stage"] - }, + instance_type = "t2.micro", + tags = { + Name = "stage-instance", + Environment = "STAGE" + } + } "PROD" = { - machine_type = "f1-micro" - tags = ["prod"] + instance_type = "t2.micro", + tags = { + Name = "prod-instance", + Environment = "PROD" + } } } -} \ No newline at end of file +} From 80597cd5e11ff760313a289437c661cb9d3bd108 Mon Sep 17 00:00:00 2001 From: Jordan Reaves Date: Wed, 21 May 2025 00:27:18 -0400 Subject: [PATCH 02/12] created outputs --- outputs.tf | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/outputs.tf b/outputs.tf index 8ef7456..95e44f5 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,29 +1,29 @@ output "vpc_id" { - description = "VPC ID" - value = aws_vpc.main.id + description = "VPC ID" + value = aws_vpc.main.id } output "public_subnet_ids" { - description = "Public Subnet IDs" - value = aws_subnet.subnet-1.*.id + description = "Public Subnet IDs" + value = aws_subnet.subnet-1.id } output "internet_gateway" { - description = "Internet Gateway ID" - value = aws_internet_gateway.igw.id + description = "Internet Gateway ID" + value = aws_internet_gateway.igw.id } output "route_table" { - description = "Route Table ID" - value = aws_route_table.public_rt.id + description = "Route Table ID" + value = aws_route_table.public_rt.id } output "nginx_id" { - description = "Nginx Instance ID" - value = aws_instance.nginx_proxy.id + description = "Nginx Instance ID" + value = aws_instance.nginx_proxy.id } output "nginx_public_ip" { - description = "Nginx Public IPcl" - value = aws_instance.nginx_proxy.public_ip + description = "Nginx Public IPcl" + value = aws_instance.nginx_proxy.public_ip } \ No newline at end of file From 564731202a925178701dedc0732339b8c18d1053 Mon Sep 17 00:00:00 2001 From: Jordan Reaves Date: Wed, 21 May 2025 15:04:21 -0400 Subject: [PATCH 03/12] created and formatted --- main.tf | 105 +++------------------------------------------ networking.tf | 71 ++++++++++++++++++++++++++++++ outputs.tf | 29 +++++++------ serviceaccounts.tf | 22 ++++++++++ stroage.tf | 9 ++++ 5 files changed, 126 insertions(+), 110 deletions(-) create mode 100644 networking.tf create mode 100644 serviceaccounts.tf create mode 100644 stroage.tf diff --git a/main.tf b/main.tf index 1d84c08..5588ad6 100644 --- a/main.tf +++ b/main.tf @@ -13,79 +13,6 @@ provider "aws" { region = var.region } -# VPC -resource "aws_vpc" "main" { - cidr_block = var.vpc_cidr - enable_dns_hostnames = true - tags = { - Name = "main-vpc" - } -} - -# SUBNET -resource "aws_subnet" "subnet-1" { - vpc_id = aws_vpc.main.id - cidr_block = var.subnet_cidr - map_public_ip_on_launch = true - tags = { - Name = var.subnet_name - } -} - -resource "aws_internet_gateway" "igw" { - vpc_id = aws_vpc.main.id - - tags = { - Name = "main-igw" - } -} - -resource "aws_route_table" "public_rt" { - vpc_id = aws_vpc.main.id - - route { - cidr_block = var.sg_cidr - gateway_id = aws_internet_gateway.igw.id - } - - tags = { - Name = "public-rt" - } -} - -resource "aws_route_table_association" "a" { - subnet_id = aws_subnet.subnet-1.id - route_table_id = aws_route_table.public_rt.id -} - -resource "aws_security_group" "web_sg" { - name = "main-web-sg" - description = "Allow SSH, HTTP, HTTPS" - vpc_id = aws_vpc.main.id - - dynamic "ingress" { - for_each = var.allowed_ports - content { - from_port = ingress.value - to_port = ingress.value - protocol = "tcp" - cidr_blocks = [var.sg_cidr] - } - } - - egress { - description = "Allow all outbound" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = [var.sg_cidr] - } - - tags = { - Name = "web-sg" - } -} - data "aws_ami" "amazon_linux" { most_recent = true owners = [var.ami_owner] @@ -115,15 +42,15 @@ resource "aws_instance" "nginx_proxy" { EOF } - -resource "aws_instance" "web1" { +resource "aws_instance" "web-instances" { + count = 3 ami = data.aws_ami.amazon_linux.id instance_type = var.instance_type subnet_id = aws_subnet.subnet-1.id vpc_security_group_ids = [aws_security_group.web_sg.id] tags = { - Name = "${lower(var.target_environment)}-instance" + Name = "web-instance-${count.index + 1}" Environment = var.target_environment } @@ -135,33 +62,15 @@ resource "aws_instance" "web1" { EOF } -resource "aws_instance" "web2" { - ami = data.aws_ami.amazon_linux.id - instance_type = var.environment_instance_settings[var.target_environment].instance_type - subnet_id = aws_subnet.subnet-1.id - vpc_security_group_ids = [aws_security_group.web_sg.id] - tags = { - Name = "${lower(var.target_environment)}-instance" - Environment = var.target_environment - } - user_data = <<-EOF - #!/bin/bash - sudo yum install -y httpd - sudo systemctl enable httpd - sudo systemctl start httpd - EOF -} +resource "aws_instance" "web-map-instances" { + for_each = var.environment_instance_settings -resource "aws_instance" "web3" { ami = data.aws_ami.amazon_linux.id - instance_type = var.environment_instance_settings[var.target_environment].instance_type + instance_type = each.value.instance_type subnet_id = aws_subnet.subnet-1.id vpc_security_group_ids = [aws_security_group.web_sg.id] - tags = { - Name = "${lower(var.target_environment)}-instance" - Environment = var.target_environment - } + tags = each.value.tags user_data = <<-EOF #!/bin/bash diff --git a/networking.tf b/networking.tf new file mode 100644 index 0000000..5f51d53 --- /dev/null +++ b/networking.tf @@ -0,0 +1,71 @@ +resource "aws_vpc" "main" { + cidr_block = var.vpc_cidr + enable_dns_hostnames = true + tags = { + Name = "main-vpc" + } +} + +# SUBNET +resource "aws_subnet" "subnet-1" { + vpc_id = aws_vpc.main.id + cidr_block = var.subnet_cidr + map_public_ip_on_launch = true + tags = { + Name = var.subnet_name + } +} + +resource "aws_internet_gateway" "igw" { + vpc_id = aws_vpc.main.id + + tags = { + Name = "main-igw" + } +} + +resource "aws_route_table" "public_rt" { + vpc_id = aws_vpc.main.id + + route { + cidr_block = var.sg_cidr + gateway_id = aws_internet_gateway.igw.id + } + + tags = { + Name = "public-rt" + } +} + +resource "aws_route_table_association" "a" { + subnet_id = aws_subnet.subnet-1.id + route_table_id = aws_route_table.public_rt.id +} + +resource "aws_security_group" "web_sg" { + name = "main-web-sg" + description = "Allow SSH, HTTP, HTTPS" + vpc_id = aws_vpc.main.id + + dynamic "ingress" { + for_each = var.allowed_ports + content { + from_port = ingress.value + to_port = ingress.value + protocol = "tcp" + cidr_blocks = [var.sg_cidr] + } + } + + egress { + description = "Allow all outbound" + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = [var.sg_cidr] + } + + tags = { + Name = "web-sg" + } +} \ No newline at end of file diff --git a/outputs.tf b/outputs.tf index 95e44f5..41063df 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,29 +1,34 @@ output "vpc_id" { - description = "VPC ID" - value = aws_vpc.main.id + description = "VPC ID" + value = aws_vpc.main.id } output "public_subnet_ids" { - description = "Public Subnet IDs" - value = aws_subnet.subnet-1.id + description = "Public Subnet IDs" + value = aws_subnet.subnet-1.id +} + +output "web_instance_ips" { + description = "Web Instance IPs" + value = [for instance in aws_instance.web-instances : instance.private_ip] } output "internet_gateway" { - description = "Internet Gateway ID" - value = aws_internet_gateway.igw.id + description = "Internet Gateway ID" + value = aws_internet_gateway.igw.id } output "route_table" { - description = "Route Table ID" - value = aws_route_table.public_rt.id + description = "Route Table ID" + value = aws_route_table.public_rt.id } output "nginx_id" { - description = "Nginx Instance ID" - value = aws_instance.nginx_proxy.id + description = "Nginx Instance ID" + value = aws_instance.nginx_proxy.id } output "nginx_public_ip" { - description = "Nginx Public IPcl" - value = aws_instance.nginx_proxy.public_ip + description = "Nginx Public IPcl" + value = aws_instance.nginx_proxy.public_ip } \ No newline at end of file diff --git a/serviceaccounts.tf b/serviceaccounts.tf new file mode 100644 index 0000000..98f1dda --- /dev/null +++ b/serviceaccounts.tf @@ -0,0 +1,22 @@ +module "iam_assumable_roles" { + source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role" + version = "~> 5.0" + + for_each = var.environment_instance_settings + + trusted_role_arns = [ + "arn:aws:iam::986559698266:root", + "arn:aws:iam::986559698266:user/jreaves" + ] + + create_role = true + + role_name = "${each.key}-role" + role_requires_mfa = true + + custom_role_policy_arns = [ + "arn:aws:iam::aws:policy/AmazonEC2FullAccess", + "arn:aws:iam::aws:policy/AmazonS3FullAccess" + ] + number_of_custom_role_policy_arns = 2 +} \ No newline at end of file diff --git a/stroage.tf b/stroage.tf new file mode 100644 index 0000000..eb98be2 --- /dev/null +++ b/stroage.tf @@ -0,0 +1,9 @@ +resource "aws_s3_bucket" "environment_buckets" { + for_each = toset(var.environment_list) + bucket = "${lower(each.key)}-jreaves-environment" + + tags = { + Name = "environment-${each.key}" + Environment = upper(each.key) + } +} \ No newline at end of file From 77c6ca51c19f7579ac9701cbc825ffdfadb9653b Mon Sep 17 00:00:00 2001 From: Jordan Reaves Date: Thu, 22 May 2025 17:14:39 -0400 Subject: [PATCH 04/12] changes --- main.tf | 31 +++++++++++++++++++++++++++++++ remotestate/main.tf | 18 ++++++++++++++++++ 2 files changed, 49 insertions(+) create mode 100644 remotestate/main.tf diff --git a/main.tf b/main.tf index 5588ad6..a046474 100644 --- a/main.tf +++ b/main.tf @@ -94,3 +94,34 @@ resource "aws_dynamodb_table" "mysqldb" { Name = "mysqldb" } } + +module "remote_state_bucket" { + source = "terraform-aws-modules/s3-bucket/aws" + version = "~> 4.0" + + bucket = "remotestate-jreavesbucket-${var.target_environment}" + acl = "private" + + control_object_ownership = true + object_ownership = "ObjectWriter" + + versioning = { + enabled = true + } + + tags = { + Environment = var.target_environment + Purpose = "Terraform Remote State" + } +} + +resource "aws_dynamodb_table" "terraform_locks" { + name = "terraform-locks" + billing_mode = "PAY_PER_REQUEST" + hash_key = "LockID" + + attribute { + name = "LockID" + type = "S" + } +} \ No newline at end of file diff --git a/remotestate/main.tf b/remotestate/main.tf new file mode 100644 index 0000000..59bfbc2 --- /dev/null +++ b/remotestate/main.tf @@ -0,0 +1,18 @@ +terraform { + required_version = "~> 1.11.4" + + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 5.96.0" + } + } + + backend "s3" { + bucket = "remotestate-DEV" + key = "global/s3/terraform.tfstate" + region = "us-east-1" + dynamodb_table = "terraform-locks" # <- This enables locking + encrypt = true + } +} \ No newline at end of file From c352069c74d95e9d1d36fed21b60d799c8b08fff Mon Sep 17 00:00:00 2001 From: Jordan Reaves Date: Thu, 22 May 2025 17:24:59 -0400 Subject: [PATCH 05/12] changessss --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index a046474..8f3cce3 100644 --- a/main.tf +++ b/main.tf @@ -99,7 +99,7 @@ module "remote_state_bucket" { source = "terraform-aws-modules/s3-bucket/aws" version = "~> 4.0" - bucket = "remotestate-jreavesbucket-${var.target_environment}" + bucket = "remotestate-jreavesbucket-dev" acl = "private" control_object_ownership = true From 0eb45d9d346cfb5c288f3f25cbc7c6d01e33997a Mon Sep 17 00:00:00 2001 From: Jordan Reaves Date: Thu, 22 May 2025 18:59:34 -0400 Subject: [PATCH 06/12] changeesess --- main.tf | 2 +- remotestate/main.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/main.tf b/main.tf index 8f3cce3..86bea7a 100644 --- a/main.tf +++ b/main.tf @@ -110,7 +110,7 @@ module "remote_state_bucket" { } tags = { - Environment = var.target_environment + Environment = "dev" Purpose = "Terraform Remote State" } } diff --git a/remotestate/main.tf b/remotestate/main.tf index 59bfbc2..7aa5505 100644 --- a/remotestate/main.tf +++ b/remotestate/main.tf @@ -9,7 +9,7 @@ terraform { } backend "s3" { - bucket = "remotestate-DEV" + bucket = "remotestate-jreavesbucket-dev" key = "global/s3/terraform.tfstate" region = "us-east-1" dynamodb_table = "terraform-locks" # <- This enables locking From 975a42a7f7954c95410d7f9602d1ca16963a7e4a Mon Sep 17 00:00:00 2001 From: Jordan Reaves Date: Thu, 22 May 2025 19:33:03 -0400 Subject: [PATCH 07/12] changesssssss --- backend.tf | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 backend.tf diff --git a/backend.tf b/backend.tf new file mode 100644 index 0000000..d57eb76 --- /dev/null +++ b/backend.tf @@ -0,0 +1,3 @@ +terraform { + backend "s3" {} +} \ No newline at end of file From 71b7f7cabd599867042bb5a468ea009933812bdf Mon Sep 17 00:00:00 2001 From: Jordan Reaves Date: Thu, 22 May 2025 23:58:34 -0400 Subject: [PATCH 08/12] versioning --- backend.tf | 6 +++--- main.tf | 2 +- remotestate/main.tf | 16 ++++++++-------- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/backend.tf b/backend.tf index d57eb76..03e7a8e 100644 --- a/backend.tf +++ b/backend.tf @@ -1,3 +1,3 @@ -terraform { - backend "s3" {} -} \ No newline at end of file +# terraform { +# backend "s3" {} +# } \ No newline at end of file diff --git a/main.tf b/main.tf index 86bea7a..07f7800 100644 --- a/main.tf +++ b/main.tf @@ -1,5 +1,5 @@ terraform { - required_version = "~> 1.11.4" + required_version = "~> 1.11.4, < 2.0.0" required_providers { aws = { diff --git a/remotestate/main.tf b/remotestate/main.tf index 7aa5505..c73719e 100644 --- a/remotestate/main.tf +++ b/remotestate/main.tf @@ -1,5 +1,5 @@ terraform { - required_version = "~> 1.11.4" + required_version = "~> 1.11.4, < 2.0.0" required_providers { aws = { @@ -8,11 +8,11 @@ terraform { } } - backend "s3" { - bucket = "remotestate-jreavesbucket-dev" - key = "global/s3/terraform.tfstate" - region = "us-east-1" - dynamodb_table = "terraform-locks" # <- This enables locking - encrypt = true - } + # backend "s3" { + # bucket = "remotestate-jreavesbucket-dev" + # key = "global/s3/terraform.tfstate" + # region = "us-east-1" + # dynamodb_table = "terraform-locks" # <- This enables locking + # encrypt = true + # } } \ No newline at end of file From ffe09e5d239fa15dc89a61d98eb9993867debc0a Mon Sep 17 00:00:00 2001 From: Jordan Reaves Date: Fri, 23 May 2025 00:34:23 -0400 Subject: [PATCH 09/12] do it --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 07f7800..deb3f74 100644 --- a/main.tf +++ b/main.tf @@ -1,5 +1,5 @@ terraform { - required_version = "~> 1.11.4, < 2.0.0" + required_version = "~> 1.12.1" required_providers { aws = { From e88ad777cddc83db7499115a603877435b2d3ad7 Mon Sep 17 00:00:00 2001 From: Jordan Reaves Date: Fri, 23 May 2025 19:01:44 -0400 Subject: [PATCH 10/12] quick changes --- .vscode/settings.json | 7 ++++ backend.tf | 12 ++++-- cicd_bootstrap/providers.tf | 3 ++ main.tf | 2 +- modules/iam_environment_roles/main.tf | 46 ++++++++++++++++++++++ modules/iam_environment_roles/outputs.tf | 3 ++ modules/iam_environment_roles/variables.tf | 10 +++++ remotestate/main.tf | 8 ---- serviceaccounts.tf | 1 - 9 files changed, 79 insertions(+), 13 deletions(-) create mode 100644 .vscode/settings.json create mode 100644 cicd_bootstrap/providers.tf create mode 100644 modules/iam_environment_roles/main.tf create mode 100644 modules/iam_environment_roles/outputs.tf create mode 100644 modules/iam_environment_roles/variables.tf diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..063723d --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,7 @@ +{ + "cSpell.words": [ + "jreavesbucket", + "mysqldb", + "remotestate" + ] +} \ No newline at end of file diff --git a/backend.tf b/backend.tf index 03e7a8e..0bf3f97 100644 --- a/backend.tf +++ b/backend.tf @@ -1,3 +1,9 @@ -# terraform { -# backend "s3" {} -# } \ No newline at end of file +terraform { + backend "s3" { + bucket = "remotestate-jreavesbucket-dev" + key = "global/s3/terraform.tfstate" + region = "us-east-1" + dynamodb_table = "terraform-locks" # <- This enables locking + encrypt = true + } +} \ No newline at end of file diff --git a/cicd_bootstrap/providers.tf b/cicd_bootstrap/providers.tf new file mode 100644 index 0000000..e70fb2f --- /dev/null +++ b/cicd_bootstrap/providers.tf @@ -0,0 +1,3 @@ +provider "aws" { + region = "us-east-1" +} \ No newline at end of file diff --git a/main.tf b/main.tf index deb3f74..86bea7a 100644 --- a/main.tf +++ b/main.tf @@ -1,5 +1,5 @@ terraform { - required_version = "~> 1.12.1" + required_version = "~> 1.11.4" required_providers { aws = { diff --git a/modules/iam_environment_roles/main.tf b/modules/iam_environment_roles/main.tf new file mode 100644 index 0000000..c65085f --- /dev/null +++ b/modules/iam_environment_roles/main.tf @@ -0,0 +1,46 @@ +resource "aws_iam_role" "iam-role" { + name = "terraform-${var.env}-role" + + assume_role_policy = jsonencode({ + Version = "2012-10-17" + Statement = [ + { + Action = "sts:AssumeRole" + Effect = "Allow" + Sid = "" + Principal = { + AWS = "arn:aws:iam::${var.aws_account_id}:root" + } + } + ] + }) + + tags = { + tag-key = "tag-${var.env}-role" + } +} + +resource "aws_iam_role_policy_attachment" "role-policy" { + role = aws_iam_role.iam-role.name + policy_arn = "arn:aws:iam::aws:policy/AdministratorAccess" +} + +module "dev_role" { + source = "./modules/iam_environment_roles" + env = "dev" +} + +module "staging_role" { + source = "./modules/iam_environment_roles" + env = "staging" +} + +module "prod_role" { + source = "./modules/iam_environment_roles" + env = "prod" +} + +module "test_role" { + source = "./modules/iam_environment_roles" + env = "test" +} \ No newline at end of file diff --git a/modules/iam_environment_roles/outputs.tf b/modules/iam_environment_roles/outputs.tf new file mode 100644 index 0000000..04c2475 --- /dev/null +++ b/modules/iam_environment_roles/outputs.tf @@ -0,0 +1,3 @@ +output "role_arn" { + value = aws_iam_role.iam-role.arn +} \ No newline at end of file diff --git a/modules/iam_environment_roles/variables.tf b/modules/iam_environment_roles/variables.tf new file mode 100644 index 0000000..f4957bf --- /dev/null +++ b/modules/iam_environment_roles/variables.tf @@ -0,0 +1,10 @@ +variable "env" { + description = "The environment name" + type = string +} + +variable "aws_account_id" { + description = "The AWS account ID" + type = string + default = "986559698266" +} \ No newline at end of file diff --git a/remotestate/main.tf b/remotestate/main.tf index c73719e..67bc900 100644 --- a/remotestate/main.tf +++ b/remotestate/main.tf @@ -7,12 +7,4 @@ terraform { version = "~> 5.96.0" } } - - # backend "s3" { - # bucket = "remotestate-jreavesbucket-dev" - # key = "global/s3/terraform.tfstate" - # region = "us-east-1" - # dynamodb_table = "terraform-locks" # <- This enables locking - # encrypt = true - # } } \ No newline at end of file diff --git a/serviceaccounts.tf b/serviceaccounts.tf index 98f1dda..b1e7cf4 100644 --- a/serviceaccounts.tf +++ b/serviceaccounts.tf @@ -18,5 +18,4 @@ module "iam_assumable_roles" { "arn:aws:iam::aws:policy/AmazonEC2FullAccess", "arn:aws:iam::aws:policy/AmazonS3FullAccess" ] - number_of_custom_role_policy_arns = 2 } \ No newline at end of file From f834696f6d44645ffd5aba8c66088f7f4fb05896 Mon Sep 17 00:00:00 2001 From: Jordan Reaves Date: Fri, 23 May 2025 19:46:59 -0400 Subject: [PATCH 11/12] push --- ...tterraform-validate-2025-05-23T23-18-40.955Z.validate.txt" | 2 ++ backend.tf | 4 ++-- variables.tf | 4 ++++ 3 files changed, 8 insertions(+), 2 deletions(-) create mode 100644 "C\357\200\272Usersj_c_rAppDataLocalTempvscode-tf-commands_outterraform-validate-2025-05-23T23-18-40.955Z.validate.txt" diff --git "a/C\357\200\272Usersj_c_rAppDataLocalTempvscode-tf-commands_outterraform-validate-2025-05-23T23-18-40.955Z.validate.txt" "b/C\357\200\272Usersj_c_rAppDataLocalTempvscode-tf-commands_outterraform-validate-2025-05-23T23-18-40.955Z.validate.txt" new file mode 100644 index 0000000..e83eb0e --- /dev/null +++ "b/C\357\200\272Usersj_c_rAppDataLocalTempvscode-tf-commands_outterraform-validate-2025-05-23T23-18-40.955Z.validate.txt" @@ -0,0 +1,2 @@ +Success! The configuration is valid. + diff --git a/backend.tf b/backend.tf index 0bf3f97..ce62456 100644 --- a/backend.tf +++ b/backend.tf @@ -1,9 +1,9 @@ terraform { - backend "s3" { + backend "s3" { bucket = "remotestate-jreavesbucket-dev" key = "global/s3/terraform.tfstate" region = "us-east-1" - dynamodb_table = "terraform-locks" # <- This enables locking + dynamodb_table = "terraform-locks" # <- This enables locking encrypt = true } } \ No newline at end of file diff --git a/variables.tf b/variables.tf index 2040a7f..506b406 100644 --- a/variables.tf +++ b/variables.tf @@ -100,3 +100,7 @@ variable "environment_instance_settings" { } } } + +variable "tfcloud_organization" { + type = string +} \ No newline at end of file From a9d0c1535103a7cad077c1128058caec390a2b5a Mon Sep 17 00:00:00 2001 From: Jordan Reaves Date: Fri, 23 May 2025 19:53:59 -0400 Subject: [PATCH 12/12] override backend --- backend.tf | 18 +++++------ main.tf | 90 ++++++++++++++++++++++++++-------------------------- override.tf | 3 ++ variables.tf | 4 --- 4 files changed, 57 insertions(+), 58 deletions(-) create mode 100644 override.tf diff --git a/backend.tf b/backend.tf index ce62456..6802b6d 100644 --- a/backend.tf +++ b/backend.tf @@ -1,9 +1,9 @@ -terraform { - backend "s3" { - bucket = "remotestate-jreavesbucket-dev" - key = "global/s3/terraform.tfstate" - region = "us-east-1" - dynamodb_table = "terraform-locks" # <- This enables locking - encrypt = true - } -} \ No newline at end of file +# terraform { +# backend "s3" { +# bucket = "remotestate-jreavesbucket-dev" +# key = "global/s3/terraform.tfstate" +# region = "us-east-1" +# dynamodb_table = "terraform-locks" # <- This enables locking +# encrypt = true +# } +# } \ No newline at end of file diff --git a/main.tf b/main.tf index 86bea7a..9bd6253 100644 --- a/main.tf +++ b/main.tf @@ -80,48 +80,48 @@ resource "aws_instance" "web-map-instances" { EOF } -resource "aws_dynamodb_table" "mysqldb" { - name = "mysqldb" - billing_mode = "PAY_PER_REQUEST" - hash_key = "id" - - attribute { - name = "id" - type = "S" - } - - tags = { - Name = "mysqldb" - } -} - -module "remote_state_bucket" { - source = "terraform-aws-modules/s3-bucket/aws" - version = "~> 4.0" - - bucket = "remotestate-jreavesbucket-dev" - acl = "private" - - control_object_ownership = true - object_ownership = "ObjectWriter" - - versioning = { - enabled = true - } - - tags = { - Environment = "dev" - Purpose = "Terraform Remote State" - } -} - -resource "aws_dynamodb_table" "terraform_locks" { - name = "terraform-locks" - billing_mode = "PAY_PER_REQUEST" - hash_key = "LockID" - - attribute { - name = "LockID" - type = "S" - } -} \ No newline at end of file +# resource "aws_dynamodb_table" "mysqldb" { +# name = "mysqldb" +# billing_mode = "PAY_PER_REQUEST" +# hash_key = "id" + +# attribute { +# name = "id" +# type = "S" +# } + +# tags = { +# Name = "mysqldb" +# } +# } + +# module "remote_state_bucket" { +# source = "terraform-aws-modules/s3-bucket/aws" +# version = "~> 4.0" + +# bucket = "remotestate-jreavesbucket-dev" +# acl = "private" + +# control_object_ownership = true +# object_ownership = "ObjectWriter" + +# versioning = { +# enabled = true +# } + +# tags = { +# Environment = "dev" +# Purpose = "Terraform Remote State" +# } +# } + +# resource "aws_dynamodb_table" "terraform_locks" { +# name = "terraform-locks" +# billing_mode = "PAY_PER_REQUEST" +# hash_key = "LockID" + +# attribute { +# name = "LockID" +# type = "S" +# } +#} \ No newline at end of file diff --git a/override.tf b/override.tf new file mode 100644 index 0000000..abe357a --- /dev/null +++ b/override.tf @@ -0,0 +1,3 @@ +terraform { + backend "local" {} +} \ No newline at end of file diff --git a/variables.tf b/variables.tf index 506b406..2040a7f 100644 --- a/variables.tf +++ b/variables.tf @@ -100,7 +100,3 @@ variable "environment_instance_settings" { } } } - -variable "tfcloud_organization" { - type = string -} \ No newline at end of file