From 034c618b082b4affbf933a980f45cf8e6d71c720 Mon Sep 17 00:00:00 2001 From: Paul Buetow Date: Mon, 18 Dec 2023 09:51:52 +0200 Subject: add base --- README.md | 8 +-- org-buetow-base/efs.tf | 49 ++++++++++++++++ org-buetow-base/main.tf | 12 ++++ org-buetow-base/network.tf | 136 +++++++++++++++++++++++++++++++++++++++++++ org-buetow-base/variables.tf | 5 ++ 5 files changed, 205 insertions(+), 5 deletions(-) create mode 100644 org-buetow-base/efs.tf create mode 100644 org-buetow-base/main.tf create mode 100644 org-buetow-base/network.tf create mode 100644 org-buetow-base/variables.tf diff --git a/README.md b/README.md index 21ed679..52cd817 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,5 @@ -# Terraform playground +# Terraform -Maybe one day I can: +First create VPC, subnets and EFS in org-buetow-production -* Setup NextCloud -* Setup AnkiDroid -* Setup Wallabag +Then, create subdirectories in EFS diff --git a/org-buetow-base/efs.tf b/org-buetow-base/efs.tf new file mode 100644 index 0000000..7f35d41 --- /dev/null +++ b/org-buetow-base/efs.tf @@ -0,0 +1,49 @@ +resource "aws_efs_file_system" "my_self_hosted_services_efs" { + creation_token = "my-self-hosted-services-efs" + encrypted = true + + tags = { + Name = "${var.environment}-my-self-hosted-services-efs" + } +} + +resource "aws_efs_mount_target" "efs_mt_a" { + file_system_id = aws_efs_file_system.my_self_hosted_services_efs.id + subnet_id = aws_subnet.my_public_subnet_a.id + security_groups = [aws_security_group.efs_self_hosted_services_sg.id] +} + +resource "aws_efs_mount_target" "efs_mt_b" { + file_system_id = aws_efs_file_system.my_self_hosted_services_efs.id + subnet_id = aws_subnet.my_public_subnet_b.id + security_groups = [aws_security_group.efs_self_hosted_services_sg.id] +} + +resource "aws_efs_mount_target" "efs_mt_c" { + file_system_id = aws_efs_file_system.my_self_hosted_services_efs.id + subnet_id = aws_subnet.my_public_subnet_c.id + security_groups = [aws_security_group.efs_self_hosted_services_sg.id] +} + +resource "aws_security_group" "efs_self_hosted_services_sg" { + vpc_id = aws_vpc.my_vpc.id # Replace with your VPC ID + + ingress { + from_port = 2049 # NFS port + to_port = 2049 + protocol = "tcp" + cidr_blocks = ["10.0.0.0/16"] + } + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } + + tags = { + Name = "efs-sg" + Name = "${var.environment}-efs-sg" + } +} diff --git a/org-buetow-base/main.tf b/org-buetow-base/main.tf new file mode 100644 index 0000000..62dd352 --- /dev/null +++ b/org-buetow-base/main.tf @@ -0,0 +1,12 @@ +terraform { + backend "s3" { + bucket = "org-buetow-tfstate" + key = "org-buetow-base/terraform.tfstate" + region = "eu-central-1" + encrypt = true + } +} + +provider "aws" { + region = "eu-central-1" # or your preferred AWS region +} diff --git a/org-buetow-base/network.tf b/org-buetow-base/network.tf new file mode 100644 index 0000000..f8fca2d --- /dev/null +++ b/org-buetow-base/network.tf @@ -0,0 +1,136 @@ +resource "aws_vpc" "my_vpc" { + cidr_block = "10.0.0.0/16" # Specify your CIDR block + enable_dns_support = true + enable_dns_hostnames = true + + tags = { + Name = "${var.environment}-my-vpc" + } +} + +resource "aws_internet_gateway" "my_igw" { + vpc_id = aws_vpc.my_vpc.id + + tags = { + Name = "${var.environment}-my-igw" + } +} + +resource "aws_subnet" "my_public_subnet_a" { + vpc_id = aws_vpc.my_vpc.id + cidr_block = "10.0.1.0/24" + availability_zone = "eu-central-1a" + map_public_ip_on_launch = true + + tags = { + Name = "${var.environment}-my-public-subnet-a" + } +} + +resource "aws_subnet" "my_public_subnet_b" { + vpc_id = aws_vpc.my_vpc.id + cidr_block = "10.0.2.0/24" + availability_zone = "eu-central-1b" + map_public_ip_on_launch = true + + tags = { + Name = "${var.environment}-my-public-subnet-b" + } +} + +resource "aws_subnet" "my_public_subnet_c" { + vpc_id = aws_vpc.my_vpc.id + cidr_block = "10.0.3.0/24" + availability_zone = "eu-central-1c" + map_public_ip_on_launch = true + + tags = { + Name = "${var.environment}-my-public-subnet-c" + } +} + +resource "aws_route_table" "my_route_table" { + vpc_id = aws_vpc.my_vpc.id + + route { + cidr_block = "0.0.0.0/0" + gateway_id = aws_internet_gateway.my_igw.id + } + + tags = { + Name = "${var.environment}-my-route-table" + } +} + +resource "aws_route_table_association" "a" { + subnet_id = aws_subnet.my_public_subnet_a.id + route_table_id = aws_route_table.my_route_table.id +} + +resource "aws_route_table_association" "b" { + subnet_id = aws_subnet.my_public_subnet_b.id + route_table_id = aws_route_table.my_route_table.id +} + +resource "aws_route_table_association" "c" { + subnet_id = aws_subnet.my_public_subnet_c.id + route_table_id = aws_route_table.my_route_table.id +} + +resource "aws_security_group" "allow_ssh" { + name = "allow_ssh" + description = "Allow SSH inbound traffic" + vpc_id = aws_vpc.my_vpc.id + + ingress { + from_port = 22 + to_port = 22 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + tags = { + Name = "${var.environment}-allow-ssh" + } +} + +resource "aws_security_group" "allow_web" { + name = "allow_http" + description = "Allow HTTP inbound traffic" + vpc_id = aws_vpc.my_vpc.id + + ingress { + from_port = 80 + to_port = 80 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + ingress { + from_port = 443 + to_port = 443 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + tags = { + Name = "${var.environment}-allow_web" + } +} + +resource "aws_security_group" "allow_outbound" { + name = "allow_outbound" + description = "Allow outbound traffic" + vpc_id = aws_vpc.my_vpc.id + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" # -1 means all protocols + cidr_blocks = ["0.0.0.0/0"] # Allows outbound traffic to all IP addresses + } + + tags = { + Name = "${var.environment}-allow-outbound" + } +} diff --git a/org-buetow-base/variables.tf b/org-buetow-base/variables.tf new file mode 100644 index 0000000..20fd78c --- /dev/null +++ b/org-buetow-base/variables.tf @@ -0,0 +1,5 @@ +variable "environment" { + description = "The production environment" + type = string + default = "production" +} -- cgit v1.2.3