LinkedInLearning · JReaves10 · May 21, 2025 · May 21, 2025 · May 21, 2025 · May 22, 2025
diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -0,0 +1,7 @@
+{
+    "cSpell.words": [
+        "jreavesbucket",
+        "mysqldb",
+        "remotestate"
+    ]
+}
diff --git a/...taLocalTempvscode-tf-commands_outterraform-validate-2025-05-23T23-18-40.955Z.validate.txt b/...taLocalTempvscode-tf-commands_outterraform-validate-2025-05-23T23-18-40.955Z.validate.txt
@@ -0,0 +1,2 @@
+[32m[1mSuccess![0m The configuration is valid.
+[0m
diff --git a/backend.tf b/backend.tf
@@ -0,0 +1,9 @@
+# terraform {
+#   backend "s3" {
+#     bucket         = "remotestate-jreavesbucket-dev"
+#     key            = "global/s3/terraform.tfstate"
+#     region         = "us-east-1"
+#     dynamodb_table = "terraform-locks" # <- This enables locking
+#     encrypt        = true
+#   }
+# }
diff --git a/cicd_bootstrap/providers.tf b/cicd_bootstrap/providers.tf
@@ -0,0 +1,3 @@
+provider "aws" {
+  region = "us-east-1"
+}
diff --git a/main.tf b/main.tf
@@ -1,125 +1,127 @@
-### PROVIDER
-provider "google" {
-  project = var.project-id
-  region  = var.region
-  zone    = var.zone
-}
+terraform {
+  required_version = "~> 1.11.4"
 
-### NETWORK
-data "google_compute_network" "default" {
-  name                    = "default"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.96.0"
+    }
+  }
 }
 
-## SUBNET
-resource "google_compute_subnetwork" "subnet-1" {
-  name                     = var.subnet-name
-  ip_cidr_range            = var.subnet-cidr
-  network                  = data.google_compute_network.default.self_link
-  region                   = var.region
-  private_ip_google_access = var.private_google_access
+provider "aws" {
+  region = var.region
 }
 
-resource "google_compute_firewall" "default" {
-  name    = "test-firewall"
-  network = data.google_compute_network.default.self_link
+data "aws_ami" "amazon_linux" {
+  most_recent = true
+  owners      = [var.ami_owner]
 
-  allow {
-    protocol = "icmp"
+  filter {
+    name   = "name"
+    values = [var.ami_name]
   }
+}
 
-  allow {
-    protocol = "tcp"
-    ports    = var.firewall-ports
+resource "aws_instance" "nginx_proxy" {
+  ami                         = data.aws_ami.amazon_linux.id
+  instance_type               = var.instance_type
+  subnet_id                   = aws_subnet.subnet-1.id
+  vpc_security_group_ids      = [aws_security_group.web_sg.id]
+  associate_public_ip_address = true
+
+  tags = {
+    Name = "nginx-proxy"
   }
 
-  source_tags = var.compute-source-tags
+  user_data = <<-EOF
+              #!/bin/bash
+              sudo yum install -y nginx
+              sudo systemctl enable nginx
+              sudo systemctl start nginx
+              EOF
 }
 
-### COMPUTE
-## NGINX PROXY
-resource "google_compute_instance" "nginx_instance" {
-  name         = "nginx-proxy"
-  machine_type = "f1-micro"
-  tags = var.compute-source-tags
+resource "aws_instance" "web-instances" {
+  count                  = 3
+  ami                    = data.aws_ami.amazon_linux.id
+  instance_type          = var.instance_type
+  subnet_id              = aws_subnet.subnet-1.id
+  vpc_security_group_ids = [aws_security_group.web_sg.id]
 
-  boot_disk {
-    initialize_params {
-      image = "debian-cloud/debian-11"
-    }
+  tags = {
+    Name        = "web-instance-${count.index + 1}"
+    Environment = var.target_environment
   }
 
-  network_interface {
-    network = data.google_compute_network.default.self_link
-    subnetwork = google_compute_subnetwork.subnet-1.self_link
-    access_config {
-
-    }
-  }
+  user_data = <<-EOF
+              #!/bin/bash
+              sudo yum install -y httpd
+              sudo systemctl enable httpd
+              sudo systemctl start httpd
+              EOF
 }
 
-## WEB1
-resource "google_compute_instance" "web1" {
-  name         = "web1"
-  machine_type = "f1-micro"
-
-  boot_disk {
-    initialize_params {
-      image = "debian-cloud/debian-11"
-    }
-  }
+resource "aws_instance" "web-map-instances" {
+  for_each = var.environment_instance_settings
 
-  network_interface {
-    # A default network is created for all GCP projects
-    network = data.google_compute_network.default.self_link
-    subnetwork = google_compute_subnetwork.subnet-1.self_link
-  }
-}
-## WEB2
-resource "google_compute_instance" "web2" {
-  name         = "web2"
-  machine_type = "f1-micro"
-
-  boot_disk {
-    initialize_params {
-      image = "debian-cloud/debian-11"
-    }
-  }
+  ami                    = data.aws_ami.amazon_linux.id
+  instance_type          = each.value.instance_type
+  subnet_id              = aws_subnet.subnet-1.id
+  vpc_security_group_ids = [aws_security_group.web_sg.id]
 
-  network_interface {
-    network = data.google_compute_network.default.self_link
-    subnetwork = google_compute_subnetwork.subnet-1.self_link
-  }
-}
-## WEB3
-resource "google_compute_instance" "web3" {
-  name         = "web3"
-  machine_type = "f1-micro"
-
-  boot_disk {
-    initialize_params {
-      image = "debian-cloud/debian-11"
-    }
-  }
+  tags = each.value.tags
 
-  network_interface {
-    network = data.google_compute_network.default.self_link
-    subnetwork = google_compute_subnetwork.subnet-1.self_link
-  }  
+  user_data = <<-EOF
+              #!/bin/bash
+              sudo yum install -y httpd
+              sudo systemctl enable httpd
+              sudo systemctl start httpd
+              EOF
 }
 
-## DB
-resource "google_compute_instance" "mysqldb" {
-  name         = "mysqldb"
-  machine_type = "f1-micro"
-
-  boot_disk {
-    initialize_params {
-      image = "debian-cloud/debian-11"
-    }
-  }
+# resource "aws_dynamodb_table" "mysqldb" {
+#   name         = "mysqldb"
+#   billing_mode = "PAY_PER_REQUEST"
+#   hash_key     = "id"
+
+#   attribute {
+#     name = "id"
+#     type = "S"
+#   }
+
+#   tags = {
+#     Name = "mysqldb"
+#   }
+# }
+
+# module "remote_state_bucket" {
+#   source  = "terraform-aws-modules/s3-bucket/aws"
+#   version = "~> 4.0"
+
+#   bucket = "remotestate-jreavesbucket-dev"
+#   acl    = "private"
+
+#   control_object_ownership = true
+#   object_ownership         = "ObjectWriter"
+
+#   versioning = {
+#     enabled = true
+#   }
+
+#   tags = {
+#     Environment = "dev"
+#     Purpose     = "Terraform Remote State"
+#   }
+# }
+
+# resource "aws_dynamodb_table" "terraform_locks" {
+#   name         = "terraform-locks"
+#   billing_mode = "PAY_PER_REQUEST"
+#   hash_key     = "LockID"
 
-  network_interface {
-    network = data.google_compute_network.default.self_link
-    subnetwork = google_compute_subnetwork.subnet-1.self_link
-  }  
-}
+#   attribute {
+#     name = "LockID"
+#     type = "S"
+#   }
+#}
diff --git a/modules/iam_environment_roles/main.tf b/modules/iam_environment_roles/main.tf
@@ -0,0 +1,46 @@
+resource "aws_iam_role" "iam-role" {
+  name = "terraform-${var.env}-role"
+
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = "sts:AssumeRole"
+        Effect = "Allow"
+        Sid    = ""
+        Principal = {
+          AWS = "arn:aws:iam::${var.aws_account_id}:root"
+        }
+      }
+    ]
+  })
+
+  tags = {
+    tag-key = "tag-${var.env}-role"
+  }
+}
+
+resource "aws_iam_role_policy_attachment" "role-policy" {
+  role       = aws_iam_role.iam-role.name
+  policy_arn = "arn:aws:iam::aws:policy/AdministratorAccess"
+}
+
+module "dev_role" {
+    source = "./modules/iam_environment_roles"
+    env = "dev"
+}
+
+module "staging_role" {
+    source = "./modules/iam_environment_roles"
+    env = "staging"
+}
+
+module "prod_role" {
+    source = "./modules/iam_environment_roles"
+    env = "prod"
+}
+
+module "test_role" {
+    source = "./modules/iam_environment_roles"
+    env = "test"
+}
diff --git a/modules/iam_environment_roles/outputs.tf b/modules/iam_environment_roles/outputs.tf
@@ -0,0 +1,3 @@
+output "role_arn" {
+  value = aws_iam_role.iam-role.arn
+}
diff --git a/modules/iam_environment_roles/variables.tf b/modules/iam_environment_roles/variables.tf
@@ -0,0 +1,10 @@
+variable "env" {
+    description = "The environment name"
+    type = string
+}
+
+variable "aws_account_id" {
+    description = "The AWS account ID"
+    type = string
+    default = "986559698266"
+}
diff --git a/networking.tf b/networking.tf
@@ -0,0 +1,71 @@
+resource "aws_vpc" "main" {
+  cidr_block           = var.vpc_cidr
+  enable_dns_hostnames = true
+  tags = {
+    Name = "main-vpc"
+  }
+}
+
+# SUBNET
+resource "aws_subnet" "subnet-1" {
+  vpc_id                  = aws_vpc.main.id
+  cidr_block              = var.subnet_cidr
+  map_public_ip_on_launch = true
+  tags = {
+    Name = var.subnet_name
+  }
+}
+
+resource "aws_internet_gateway" "igw" {
+  vpc_id = aws_vpc.main.id
+
+  tags = {
+    Name = "main-igw"
+  }
+}
+
+resource "aws_route_table" "public_rt" {
+  vpc_id = aws_vpc.main.id
+
+  route {
+    cidr_block = var.sg_cidr
+    gateway_id = aws_internet_gateway.igw.id
+  }
+
+  tags = {
+    Name = "public-rt"
+  }
+}
+
+resource "aws_route_table_association" "a" {
+  subnet_id      = aws_subnet.subnet-1.id
+  route_table_id = aws_route_table.public_rt.id
+}
+
+resource "aws_security_group" "web_sg" {
+  name        = "main-web-sg"
+  description = "Allow SSH, HTTP, HTTPS"
+  vpc_id      = aws_vpc.main.id
+
+  dynamic "ingress" {
+    for_each = var.allowed_ports
+    content {
+      from_port   = ingress.value
+      to_port     = ingress.value
+      protocol    = "tcp"
+      cidr_blocks = [var.sg_cidr]
+    }
+  }
+
+  egress {
+    description = "Allow all outbound"
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = [var.sg_cidr]
+  }
+
+  tags = {
+    Name = "web-sg"
+  }
+}
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		[32m[1mSuccess![0m The configuration is valid.
		[0m