DEV Community: Pin Xiong The latest articles on DEV Community by Pin Xiong (@pinxiongcn). https://dev.to/pinxiongcn https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F837571%2Fafceac1d-8ec2-4d31-873e-70cab9a495cc.jpg DEV Community: Pin Xiong https://dev.to/pinxiongcn en Easy to use ECS Pin Xiong Fri, 15 Jul 2022 14:00:09 +0000 https://dev.to/aws-builders/easy-to-use-ecs-2700 https://dev.to/aws-builders/easy-to-use-ecs-2700 <p>Elastic Container Service(ECS) is a highly scalable and fast container management service that makes it easy to run, stop, and manage containers on a cluster.</p> <p>Today, I'll show you how to use it!</p> <h3> Architecture </h3> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ff136jzpwhbjhwy83x5z4.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ff136jzpwhbjhwy83x5z4.png" alt="Architecture"></a></p> <p>There are several steps as below, and all of source codes have been put in my github repo(<a href="https://github.com/pinxiong/infrastructure/tree/ecs" rel="noopener noreferrer">infrastructure</a> and <a href="https://github.com/pinxiong/golang-web" rel="noopener noreferrer">golang-web</a>).</p> <h3> Prerequisites </h3> <ul> <li>Create an <a href="https://aws.amazon.com/" rel="noopener noreferrer">aws account</a> with the IAM <code>AdministratorAccess</code> permission</li> <li>Install and configure <a href="https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-welcome.html" rel="noopener noreferrer">aws CLI</a> </li> <li>Install and configure <a href="https://www.terraform.io/downloads" rel="noopener noreferrer">Terraform</a> </li> </ul> <h3> Setup environment </h3> <p>Terraform saves all changes in <code>*.tfstate</code> file, so we'd better store <code>*.tfstate</code> in <code>aws s3 bucket</code> instead of local machine. This step will build a <code>aws s3 bucket</code> to store <code>*.tfstate</code> file.</p> <ul> <li>Init Terraform</li> </ul> <p>Download <a href="https://github.com/pinxiong/infrastructure/tree/ecs" rel="noopener noreferrer">infrastructure</a> first<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">cd </span>setup <span class="nv">$ </span>terraform init </code></pre> </div> <ul> <li>Create s3 bucket </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>terraform apply </code></pre> </div> <p>You will be prompted to enter an <code>aws region code</code>, such as <code>us-east-1</code>. After that, you need to make sure the listed resources that will be crated and then enter <code>yes</code></p> <p>You can see the output <code>s3_bucket_terraform_state</code> below<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>Outputs: s3_bucket_terraform_state <span class="o">=</span> <span class="s2">"**********-us-east-1"</span> </code></pre> </div> <h3> Build resources </h3> <p>Now, we begin to build the resources including VPC, subnets, ECS and Pipeline.</p> <ul> <li>Setup remote backup </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">cd</span> ../region/virginia </code></pre> </div> <p>and then, update the block of <code>s3</code> in <code>providers.tf</code> file<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code><span class="nx">backend</span> <span class="s2">"s3"</span> <span class="p">{</span> <span class="nx">bucket</span> <span class="p">=</span> <span class="s2">"**********-us-east-1"</span> <span class="nx">key</span> <span class="p">=</span> <span class="s2">"terraform/backend.tfstate"</span> <span class="nx">region</span> <span class="p">=</span> <span class="s2">"us-east-1"</span> <span class="nx">encrypt</span> <span class="p">=</span> <span class="s2">"true"</span> <span class="p">}</span> </code></pre> </div> <p>The following things maybe need to be modified:</p> <ol> <li>Set <code>bucket</code> as the output of <code>s3_bucket_terraform_state</code> </li> <li>Set <code>key</code> as the path to store <code>*.tfstate</code> file in s3 bucket</li> <li>Update <code>region</code> as the region code that you entered when creating s3 bucket above</li> <li>Set <code>encrypt</code> as <code>true</code> </li> </ol> <ul> <li>Create resources</li> </ul> <p>You can modify the configuration in the <code>main.tf</code> file according to your needs, and then run the following commands<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>terraform init <span class="nv">$ </span>terraform apply </code></pre> </div> <p>You will be prompted to enter <code>yes</code> after confirmed the listed resources.<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fafxy234gbhf8zh8ei14s.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fafxy234gbhf8zh8ei14s.png" alt="Confirm the listed resources"></a></p> <p>After 10 minutes, all resources are created.<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1i27tz01mtqjxnspsbqy.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1i27tz01mtqjxnspsbqy.png" alt="All resources are created"></a></p> <h3> Deploy your code </h3> <p>Download <a href="https://github.com/pinxiong/golang-web" rel="noopener noreferrer">golang-web</a> first and then set your git remote as below<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>git remote add aws ssh://git-codecommit.us-east-1.amazonaws.com/v1/repos/golang-web <span class="nv">$ </span>git remote <span class="nt">-v</span> </code></pre> </div> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhvx1oca56tkhz4dhdi0u.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhvx1oca56tkhz4dhdi0u.png" alt="git remote -v"></a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>git push aws master:master Enumerating objects: 62, <span class="k">done</span><span class="nb">.</span> Counting objects: 100% <span class="o">(</span>62/62<span class="o">)</span>, <span class="k">done</span><span class="nb">.</span> Delta compression using up to 12 threads Compressing objects: 100% <span class="o">(</span>55/55<span class="o">)</span>, <span class="k">done</span><span class="nb">.</span> Writing objects: 100% <span class="o">(</span>62/62<span class="o">)</span>, 25.36 KiB | 6.34 MiB/s, <span class="k">done</span><span class="nb">.</span> Total 62 <span class="o">(</span>delta 26<span class="o">)</span>, reused 3 <span class="o">(</span>delta 0<span class="o">)</span>, pack-reused 0 To ssh://git-codecommit.us-east-1.amazonaws.com/v1/repos/golang-web <span class="k">*</span> <span class="o">[</span>new branch] master -&gt; master </code></pre> </div> <p>Now, everything is done, let's take a look at the outputs in aws.</p> <h3> Outputs </h3> <p>First, we can see VPC and subnet have been created.</p> <ul> <li>VPC <img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftf26varnh1rbx4krj7sw.png" alt="VPC"> </li> <li>Subnets <img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbh4ks37jvy7jt3enttve.png" alt="Subnets"> </li> </ul> <p>and then the codepipe has been built</p> <ul> <li><p>CodeCommit<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fviaqbpc200pmwsh5h8fh.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fviaqbpc200pmwsh5h8fh.png" alt="CodeCommit"></a></p></li> <li><p>CodeBuild<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fotbu4zki7zb8odkjoo81.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fotbu4zki7zb8odkjoo81.png" alt="CodeBuild"></a></p></li> <li><p>CodePipeline<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbn4uca8kz4olcgxgitv4.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbn4uca8kz4olcgxgitv4.png" alt="CodePipeline"></a><br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fl8cpjnakuv6rcq0sfy0z.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fl8cpjnakuv6rcq0sfy0z.png" alt="CodePipeline"></a></p></li> <li><p>ECR<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwmwvylvdoei4r7hoz9lw.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwmwvylvdoei4r7hoz9lw.png" alt="ECR"></a> </p></li> </ul> <p>we also can see that a public endpoint is created.</p> <ul> <li><p>ELB<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1f6qa13xz8yho641a1bq.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1f6qa13xz8yho641a1bq.png" alt="ELB"></a></p></li> <li><p>Target group<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fv77vfyq7rlhyqd52aoti.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fv77vfyq7rlhyqd52aoti.png" alt="Target group"></a></p></li> </ul> <p>Now, It's time to see CES</p> <ul> <li><p>ECS Dashboard<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7au7snbtq40iyz5j4j4x.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7au7snbtq40iyz5j4j4x.png" alt="ECS Dashboard"></a></p></li> <li><p>ECS Cluster<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvekjc2l6qv2199ap8ssl.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvekjc2l6qv2199ap8ssl.png" alt="ECS Cluster"></a></p></li> <li><p>ECS Service<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8wi1vggo0icman9mz5e2.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8wi1vggo0icman9mz5e2.png" alt="ECS Service"></a></p></li> <li><p>Task Definition<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F22835bpabtcbant582tm.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F22835bpabtcbant582tm.png" alt="Task Definition"></a></p></li> </ul> <h3> Verification </h3> <ul> <li><p>Access public endpoint<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fw9tpt30t6j9zo40jndev.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fw9tpt30t6j9zo40jndev.png" alt="Access public endpoint"></a></p></li> <li><p>Scale out<br> Access <code>start</code> api will exhaust CPU resource serval times<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgnw6mu6bgc9x56o1c25s.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgnw6mu6bgc9x56o1c25s.png" alt="Exhaust CPU resource"></a></p></li> </ul> <p>and then see the monitor in Cloud watch<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F39ss7aetqljsf79d6260.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F39ss7aetqljsf79d6260.png" alt="Cloud watch"></a></p> <p>the ecs has been created 2 new tasks<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0d9x4osgzo0gm38gr4cy.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0d9x4osgzo0gm38gr4cy.png" alt="Created 2 new tasks"></a></p> <ul> <li>Scale in Access <code>stop</code> api will release CPU resource serval times <img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpj0u3rdbihx1uk2hnnd1.png" alt="Release CPU resource"> </li> </ul> <p>and then see the monitor in Cloud watch<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flot0uec1qd7ge9loktp1.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flot0uec1qd7ge9loktp1.png" alt="Cloud watch"></a></p> <p>the ecs has been draining tasks<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwajc9fv1873jo3d1fkvw.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwajc9fv1873jo3d1fkvw.png" alt="Drain tasks"></a></p> ecs terraform How to build EKS with Terraform Pin Xiong Sat, 23 Apr 2022 12:32:15 +0000 https://dev.to/aws-builders/how-to-build-eks-with-terraform-54pl https://dev.to/aws-builders/how-to-build-eks-with-terraform-54pl <p>ESK(Amazon Elastic Kubernetes Service) is a fully managed Kubernetes cluster by aws. Now, we want to build EKS with Terraform. All the codes have been put in <a href="https://github.com/pinxiong/infrastructure" rel="noopener noreferrer">github</a>.</p> <h2> Preparation </h2> <p>We need to build VPC first and then build EKS, you can refer to <a href="https://dev.to/aws-builders/how-to-build-vpc-with-terraform-36ek">How to build VPC with Terraform</a></p> <h2> Code structure </h2> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">infrastructure</span> <span class="err">├──</span> <span class="n">module</span> <span class="err">│</span> <span class="err">├──</span> <span class="n">networking</span> <span class="err">│</span> <span class="err">├──</span> <span class="n">eks</span> <span class="err">│</span> <span class="err">│</span> <span class="err">├──</span> <span class="n">main</span><span class="p">.</span><span class="n">tf</span> <span class="err">│</span> <span class="err">│</span> <span class="err">├──</span> <span class="n">outputs</span><span class="p">.</span><span class="n">tf</span> <span class="err">│</span> <span class="err">│</span> <span class="err">└──</span> <span class="n">variables</span><span class="p">.</span><span class="n">tf</span> <span class="err">│</span> <span class="err">└──</span> <span class="n">jumpserver</span> <span class="err">│</span> <span class="err">├──</span> <span class="n">main</span><span class="p">.</span><span class="n">tf</span> <span class="err">│</span> <span class="err">├──</span> <span class="n">outputs</span><span class="p">.</span><span class="n">tf</span> <span class="err">│</span> <span class="err">└──</span> <span class="n">variables</span><span class="p">.</span><span class="n">tf</span> <span class="err">├──</span> <span class="n">region</span> <span class="err">│</span> <span class="err">└──</span> <span class="n">virginia</span> <span class="err">│</span> <span class="err">├──</span> <span class="n">main</span><span class="p">.</span><span class="n">tf</span> <span class="err">│</span> <span class="err">└──</span> <span class="n">providers</span><span class="p">.</span><span class="n">tf</span> <span class="err">└──</span> <span class="n">setup</span> <span class="err">├──</span> <span class="n">main</span><span class="p">.</span><span class="n">tf</span> <span class="err">├──</span> <span class="n">outputs</span><span class="p">.</span><span class="n">tf</span> <span class="err">├──</span> <span class="n">providers</span><span class="p">.</span><span class="n">tf</span> <span class="err">└──</span> <span class="n">variables</span><span class="p">.</span><span class="n">tf</span> </code></pre> </div> <h2> EKS </h2> <p>Now, we begin to build EKS, the source codes in <code>eks</code> folder are listed as below:</p> <ul> <li>main.tf </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nb">locals</span> <span class="p">{</span> <span class="n">name</span> <span class="o">=</span> <span class="n">var</span><span class="p">.</span><span class="n">name</span> <span class="n">vpc_id</span> <span class="o">=</span> <span class="n">var</span><span class="p">.</span><span class="n">vpc_id</span> <span class="n">public_subnets_id</span> <span class="o">=</span> <span class="n">var</span><span class="p">.</span><span class="n">public_subnets_id</span> <span class="n">private_subnets_id</span> <span class="o">=</span> <span class="nf">distinct</span><span class="p">(</span><span class="nf">flatten</span><span class="p">(</span><span class="n">var</span><span class="p">.</span><span class="n">private_subnets_id</span><span class="p">))</span> <span class="n">desired_size</span> <span class="o">=</span> <span class="n">var</span><span class="p">.</span><span class="n">desired_size</span> <span class="n">max_size</span> <span class="o">=</span> <span class="n">var</span><span class="p">.</span><span class="n">max_size</span> <span class="n">min_size</span> <span class="o">=</span> <span class="n">var</span><span class="p">.</span><span class="n">min_size</span> <span class="n">security_group_ids</span> <span class="o">=</span> <span class="n">var</span><span class="p">.</span><span class="n">security_group_ids</span> <span class="n">tags</span> <span class="o">=</span> <span class="n">var</span><span class="p">.</span><span class="n">eks_tags</span> <span class="p">}</span> <span class="c1"># Define the role to be attached EKS </span><span class="n">resource</span> <span class="sh">"</span><span class="s">aws_iam_role</span><span class="sh">"</span> <span class="sh">"</span><span class="s">eks_role</span><span class="sh">"</span> <span class="p">{</span> <span class="n">name</span> <span class="o">=</span> <span class="sh">"</span><span class="s">eks-role</span><span class="sh">"</span> <span class="n">assume_role_policy</span> <span class="o">=</span> <span class="nf">jsonencode</span><span class="p">({</span> <span class="sh">"</span><span class="s">Version</span><span class="sh">"</span> <span class="p">:</span> <span class="sh">"</span><span class="s">2012-10-17</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Statement</span><span class="sh">"</span> <span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="sh">"</span><span class="s">Effect</span><span class="sh">"</span> <span class="p">:</span> <span class="sh">"</span><span class="s">Allow</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Action</span><span class="sh">"</span> <span class="p">:</span> <span class="p">[</span> <span class="sh">"</span><span class="s">sts:AssumeRole</span><span class="sh">"</span> <span class="p">],</span> <span class="sh">"</span><span class="s">Principal</span><span class="sh">"</span> <span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">Service</span><span class="sh">"</span> <span class="p">:</span> <span class="p">[</span> <span class="sh">"</span><span class="s">eks.amazonaws.com</span><span class="sh">"</span> <span class="p">]</span> <span class="p">}</span> <span class="p">}</span> <span class="p">]</span> <span class="p">})</span> <span class="n">tags</span> <span class="o">=</span> <span class="nf">merge</span><span class="p">({</span> <span class="n">Name</span> <span class="p">:</span> <span class="sh">"</span><span class="s">EKS Role</span><span class="sh">"</span> <span class="p">},</span> <span class="n">local</span><span class="p">.</span><span class="n">tags</span><span class="p">)</span> <span class="p">}</span> <span class="c1"># Attach the CloudWatchFullAccess policy to EKS role </span><span class="n">resource</span> <span class="sh">"</span><span class="s">aws_iam_role_policy_attachment</span><span class="sh">"</span> <span class="sh">"</span><span class="s">eks_CloudWatchFullAccess</span><span class="sh">"</span> <span class="p">{</span> <span class="n">policy_arn</span> <span class="o">=</span> <span class="sh">"</span><span class="s">arn:aws:iam::aws:policy/CloudWatchFullAccess</span><span class="sh">"</span> <span class="n">role</span> <span class="o">=</span> <span class="n">aws_iam_role</span><span class="p">.</span><span class="n">eks_role</span><span class="p">.</span><span class="n">name</span> <span class="p">}</span> <span class="n">resource</span> <span class="sh">"</span><span class="s">aws_iam_role_policy_attachment</span><span class="sh">"</span> <span class="sh">"</span><span class="s">eks_AmazonEKSClusterPolicy</span><span class="sh">"</span> <span class="p">{</span> <span class="n">policy_arn</span> <span class="o">=</span> <span class="sh">"</span><span class="s">arn:aws:iam::aws:policy/AmazonEKSClusterPolicy</span><span class="sh">"</span> <span class="n">role</span> <span class="o">=</span> <span class="n">aws_iam_role</span><span class="p">.</span><span class="n">eks_role</span><span class="p">.</span><span class="n">name</span> <span class="p">}</span> <span class="c1"># Optionally, enable Security Groups for Pods </span><span class="n">resource</span> <span class="sh">"</span><span class="s">aws_iam_role_policy_attachment</span><span class="sh">"</span> <span class="sh">"</span><span class="s">eks_AmazonEKSVPCResourceController</span><span class="sh">"</span> <span class="p">{</span> <span class="n">policy_arn</span> <span class="o">=</span> <span class="sh">"</span><span class="s">arn:aws:iam::aws:policy/AmazonEKSVPCResourceController</span><span class="sh">"</span> <span class="n">role</span> <span class="o">=</span> <span class="n">aws_iam_role</span><span class="p">.</span><span class="n">eks_role</span><span class="p">.</span><span class="n">name</span> <span class="p">}</span> <span class="c1"># Default Security Group of EKS </span><span class="n">resource</span> <span class="sh">"</span><span class="s">aws_security_group</span><span class="sh">"</span> <span class="sh">"</span><span class="s">security_group</span><span class="sh">"</span> <span class="p">{</span> <span class="n">name</span> <span class="o">=</span> <span class="sh">"</span><span class="s">${local.name} Security Group</span><span class="sh">"</span> <span class="n">description</span> <span class="o">=</span> <span class="sh">"</span><span class="s">Default SG to allow traffic from the EKS</span><span class="sh">"</span> <span class="n">vpc_id</span> <span class="o">=</span> <span class="n">local</span><span class="p">.</span><span class="n">vpc_id</span> <span class="n">ingress</span> <span class="p">{</span> <span class="n">from_port</span> <span class="o">=</span> <span class="sh">"</span><span class="s">0</span><span class="sh">"</span> <span class="n">to_port</span> <span class="o">=</span> <span class="sh">"</span><span class="s">0</span><span class="sh">"</span> <span class="n">protocol</span> <span class="o">=</span> <span class="sh">"</span><span class="s">TCP</span><span class="sh">"</span> <span class="n">security_groups</span> <span class="o">=</span> <span class="n">local</span><span class="p">.</span><span class="n">security_group_ids</span> <span class="p">}</span> <span class="n">tags</span> <span class="o">=</span> <span class="nf">merge</span><span class="p">({</span> <span class="n">Name</span> <span class="o">=</span> <span class="sh">"</span><span class="s">${local.name} Security Group</span><span class="sh">"</span> <span class="p">},</span> <span class="n">local</span><span class="p">.</span><span class="n">tags</span><span class="p">)</span> <span class="p">}</span> <span class="c1"># EKS Cluster </span><span class="n">resource</span> <span class="sh">"</span><span class="s">aws_eks_cluster</span><span class="sh">"</span> <span class="sh">"</span><span class="s">eks</span><span class="sh">"</span> <span class="p">{</span> <span class="n">name</span> <span class="o">=</span> <span class="n">local</span><span class="p">.</span><span class="n">name</span> <span class="n">version</span> <span class="o">=</span> <span class="sh">"</span><span class="s">1.22</span><span class="sh">"</span> <span class="n">enabled_cluster_log_types</span> <span class="o">=</span> <span class="p">[</span> <span class="sh">"</span><span class="s">api</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">audit</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">authenticator</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">controllerManager</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">scheduler</span><span class="sh">"</span> <span class="p">]</span> <span class="n">role_arn</span> <span class="o">=</span> <span class="n">aws_iam_role</span><span class="p">.</span><span class="n">eks_role</span><span class="p">.</span><span class="n">arn</span> <span class="n">timeouts</span> <span class="p">{}</span> <span class="n">vpc_config</span> <span class="p">{</span> <span class="n">endpoint_private_access</span> <span class="o">=</span> <span class="n">true</span> <span class="n">endpoint_public_access</span> <span class="o">=</span> <span class="n">true</span> <span class="n">public_access_cidrs</span> <span class="o">=</span> <span class="p">[</span> <span class="sh">"</span><span class="s">0.0.0.0/0</span><span class="sh">"</span><span class="p">,</span> <span class="p">]</span> <span class="n">security_group_ids</span> <span class="o">=</span> <span class="p">[</span> <span class="n">aws_security_group</span><span class="p">.</span><span class="n">security_group</span><span class="p">.</span><span class="nb">id</span> <span class="p">]</span> <span class="n">subnet_ids</span> <span class="o">=</span> <span class="nf">flatten</span><span class="p">([</span><span class="n">var</span><span class="p">.</span><span class="n">public_subnets_id</span><span class="p">,</span> <span class="n">var</span><span class="p">.</span><span class="n">private_subnets_id</span><span class="p">])</span> <span class="p">}</span> <span class="n">tags</span> <span class="o">=</span> <span class="nf">merge</span><span class="p">({</span> <span class="n">Name</span> <span class="o">=</span> <span class="n">local</span><span class="p">.</span><span class="n">name</span> <span class="p">},</span> <span class="n">local</span><span class="p">.</span><span class="n">tags</span><span class="p">)</span> <span class="p">}</span> <span class="n">resource</span> <span class="sh">"</span><span class="s">aws_iam_role</span><span class="sh">"</span> <span class="sh">"</span><span class="s">node_group_role</span><span class="sh">"</span> <span class="p">{</span> <span class="n">name</span> <span class="o">=</span> <span class="nf">format</span><span class="p">(</span><span class="sh">"</span><span class="s">%s-node-group-role</span><span class="sh">"</span><span class="p">,</span> <span class="nf">lower</span><span class="p">(</span><span class="n">aws_eks_cluster</span><span class="p">.</span><span class="n">eks</span><span class="p">.</span><span class="n">name</span><span class="p">))</span> <span class="n">path</span> <span class="o">=</span> <span class="sh">"</span><span class="s">/</span><span class="sh">"</span> <span class="n">force_detach_policies</span> <span class="o">=</span> <span class="n">false</span> <span class="n">max_session_duration</span> <span class="o">=</span> <span class="mi">3600</span> <span class="n">assume_role_policy</span> <span class="o">=</span> <span class="nf">jsonencode</span><span class="p">(</span> <span class="p">{</span> <span class="n">Statement</span> <span class="o">=</span> <span class="p">[</span> <span class="p">{</span> <span class="n">Action</span> <span class="o">=</span> <span class="sh">"</span><span class="s">sts:AssumeRole</span><span class="sh">"</span> <span class="n">Effect</span> <span class="o">=</span> <span class="sh">"</span><span class="s">Allow</span><span class="sh">"</span> <span class="n">Principal</span> <span class="o">=</span> <span class="p">{</span> <span class="n">Service</span> <span class="o">=</span> <span class="sh">"</span><span class="s">ec2.amazonaws.com</span><span class="sh">"</span> <span class="p">}</span> <span class="p">},</span> <span class="p">]</span> <span class="n">Version</span> <span class="o">=</span> <span class="sh">"</span><span class="s">2012-10-17</span><span class="sh">"</span> <span class="p">}</span> <span class="p">)</span> <span class="p">}</span> <span class="n">resource</span> <span class="sh">"</span><span class="s">aws_iam_role_policy_attachment</span><span class="sh">"</span> <span class="sh">"</span><span class="s">node_group_AmazonEC2ContainerRegistryReadOnly</span><span class="sh">"</span> <span class="p">{</span> <span class="n">policy_arn</span> <span class="o">=</span> <span class="sh">"</span><span class="s">arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly</span><span class="sh">"</span> <span class="n">role</span> <span class="o">=</span> <span class="n">aws_iam_role</span><span class="p">.</span><span class="n">node_group_role</span><span class="p">.</span><span class="nb">id</span> <span class="p">}</span> <span class="n">resource</span> <span class="sh">"</span><span class="s">aws_iam_role_policy_attachment</span><span class="sh">"</span> <span class="sh">"</span><span class="s">node_group_AmazonEKSWorkerNodePolicy</span><span class="sh">"</span> <span class="p">{</span> <span class="n">policy_arn</span> <span class="o">=</span> <span class="sh">"</span><span class="s">arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy</span><span class="sh">"</span> <span class="n">role</span> <span class="o">=</span> <span class="n">aws_iam_role</span><span class="p">.</span><span class="n">node_group_role</span><span class="p">.</span><span class="nb">id</span> <span class="p">}</span> <span class="n">resource</span> <span class="sh">"</span><span class="s">aws_iam_role_policy_attachment</span><span class="sh">"</span> <span class="sh">"</span><span class="s">node_group_AmazonEC2RoleforSSM</span><span class="sh">"</span> <span class="p">{</span> <span class="n">policy_arn</span> <span class="o">=</span> <span class="sh">"</span><span class="s">arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM</span><span class="sh">"</span> <span class="n">role</span> <span class="o">=</span> <span class="n">aws_iam_role</span><span class="p">.</span><span class="n">node_group_role</span><span class="p">.</span><span class="nb">id</span> <span class="p">}</span> <span class="n">resource</span> <span class="sh">"</span><span class="s">aws_iam_role_policy_attachment</span><span class="sh">"</span> <span class="sh">"</span><span class="s">node_group_AmazonEKS_CNI_Policy</span><span class="sh">"</span> <span class="p">{</span> <span class="n">policy_arn</span> <span class="o">=</span> <span class="sh">"</span><span class="s">arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy</span><span class="sh">"</span> <span class="n">role</span> <span class="o">=</span> <span class="n">aws_iam_role</span><span class="p">.</span><span class="n">node_group_role</span><span class="p">.</span><span class="nb">id</span> <span class="p">}</span> <span class="n">resource</span> <span class="sh">"</span><span class="s">aws_iam_role_policy_attachment</span><span class="sh">"</span> <span class="sh">"</span><span class="s">node_group_CloudWatchAgentServerPolicy</span><span class="sh">"</span> <span class="p">{</span> <span class="n">policy_arn</span> <span class="o">=</span> <span class="sh">"</span><span class="s">arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy</span><span class="sh">"</span> <span class="n">role</span> <span class="o">=</span> <span class="n">aws_iam_role</span><span class="p">.</span><span class="n">node_group_role</span><span class="p">.</span><span class="nb">id</span> <span class="p">}</span> <span class="n">resource</span> <span class="sh">"</span><span class="s">aws_eks_node_group</span><span class="sh">"</span> <span class="sh">"</span><span class="s">node_group</span><span class="sh">"</span> <span class="p">{</span> <span class="n">cluster_name</span> <span class="o">=</span> <span class="n">aws_eks_cluster</span><span class="p">.</span><span class="n">eks</span><span class="p">.</span><span class="n">name</span> <span class="n">disk_size</span> <span class="o">=</span> <span class="mi">0</span> <span class="n">capacity_type</span> <span class="o">=</span> <span class="sh">"</span><span class="s">SPOT</span><span class="sh">"</span> <span class="n">labels</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">"</span><span class="s">eks/cluster-name</span><span class="sh">"</span> <span class="o">=</span> <span class="n">aws_eks_cluster</span><span class="p">.</span><span class="n">eks</span><span class="p">.</span><span class="n">name</span> <span class="sh">"</span><span class="s">eks/nodegroup-name</span><span class="sh">"</span> <span class="o">=</span> <span class="nf">format</span><span class="p">(</span><span class="sh">"</span><span class="s">nodegroup_%s</span><span class="sh">"</span><span class="p">,</span> <span class="nf">lower</span><span class="p">(</span><span class="n">aws_eks_cluster</span><span class="p">.</span><span class="n">eks</span><span class="p">.</span><span class="n">name</span><span class="p">))</span> <span class="p">}</span> <span class="n">node_group_name</span> <span class="o">=</span> <span class="nf">format</span><span class="p">(</span><span class="sh">"</span><span class="s">nodegroup_%s</span><span class="sh">"</span><span class="p">,</span> <span class="nf">lower</span><span class="p">(</span><span class="n">aws_eks_cluster</span><span class="p">.</span><span class="n">eks</span><span class="p">.</span><span class="n">name</span><span class="p">))</span> <span class="n">node_role_arn</span> <span class="o">=</span> <span class="n">aws_iam_role</span><span class="p">.</span><span class="n">node_group_role</span><span class="p">.</span><span class="n">arn</span> <span class="n">subnet_ids</span> <span class="o">=</span> <span class="n">local</span><span class="p">.</span><span class="n">private_subnets_id</span> <span class="n">scaling_config</span> <span class="p">{</span> <span class="n">desired_size</span> <span class="o">=</span> <span class="n">local</span><span class="p">.</span><span class="n">desired_size</span> <span class="n">max_size</span> <span class="o">=</span> <span class="n">local</span><span class="p">.</span><span class="n">max_size</span> <span class="n">min_size</span> <span class="o">=</span> <span class="n">local</span><span class="p">.</span><span class="n">min_size</span> <span class="p">}</span> <span class="n">timeouts</span> <span class="p">{}</span> <span class="n">lifecycle</span> <span class="p">{</span> <span class="n">create_before_destroy</span> <span class="o">=</span> <span class="n">true</span> <span class="p">}</span> <span class="n">tags</span> <span class="o">=</span> <span class="nf">merge</span><span class="p">({</span> <span class="n">Name</span> <span class="o">=</span> <span class="n">local</span><span class="p">.</span><span class="n">name</span> <span class="sh">"</span><span class="s">eks/cluster-name</span><span class="sh">"</span> <span class="o">=</span> <span class="n">local</span><span class="p">.</span><span class="n">name</span> <span class="sh">"</span><span class="s">eks/nodegroup-name</span><span class="sh">"</span> <span class="o">=</span> <span class="nf">format</span><span class="p">(</span><span class="sh">"</span><span class="s">%s Node Group</span><span class="sh">"</span><span class="p">,</span> <span class="n">aws_eks_cluster</span><span class="p">.</span><span class="n">eks</span><span class="p">.</span><span class="n">name</span><span class="p">)</span> <span class="sh">"</span><span class="s">eks/nodegroup-type</span><span class="sh">"</span> <span class="o">=</span> <span class="sh">"</span><span class="s">managed</span><span class="sh">"</span> <span class="p">},</span> <span class="n">local</span><span class="p">.</span><span class="n">tags</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <ul> <li>variables.tf </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">variable</span> <span class="sh">"</span><span class="s">name</span><span class="sh">"</span> <span class="p">{</span> <span class="n">description</span> <span class="o">=</span> <span class="sh">"</span><span class="s">The EKS name</span><span class="sh">"</span> <span class="p">}</span> <span class="n">variable</span> <span class="sh">"</span><span class="s">vpc_id</span><span class="sh">"</span> <span class="p">{</span> <span class="nb">type</span> <span class="o">=</span> <span class="n">string</span> <span class="n">description</span> <span class="o">=</span> <span class="sh">"</span><span class="s">The VPC id</span><span class="sh">"</span> <span class="p">}</span> <span class="n">variable</span> <span class="sh">"</span><span class="s">public_subnets_id</span><span class="sh">"</span> <span class="p">{</span> <span class="n">description</span> <span class="o">=</span> <span class="sh">"</span><span class="s">The public subnets id</span><span class="sh">"</span> <span class="nb">type</span> <span class="o">=</span> <span class="nb">list</span> <span class="p">}</span> <span class="n">variable</span> <span class="sh">"</span><span class="s">private_subnets_id</span><span class="sh">"</span> <span class="p">{</span> <span class="n">description</span> <span class="o">=</span> <span class="sh">"</span><span class="s">The private subnets id</span><span class="sh">"</span> <span class="nb">type</span> <span class="o">=</span> <span class="nb">list</span> <span class="p">}</span> <span class="n">variable</span> <span class="sh">"</span><span class="s">desired_size</span><span class="sh">"</span> <span class="p">{</span> <span class="n">description</span> <span class="o">=</span> <span class="sh">"</span><span class="s">The desired size of node</span><span class="sh">"</span> <span class="nb">type</span> <span class="o">=</span> <span class="n">number</span> <span class="n">default</span> <span class="o">=</span> <span class="mi">1</span> <span class="p">}</span> <span class="n">variable</span> <span class="sh">"</span><span class="s">max_size</span><span class="sh">"</span> <span class="p">{</span> <span class="n">description</span> <span class="o">=</span> <span class="sh">"</span><span class="s">The maximum size of node</span><span class="sh">"</span> <span class="nb">type</span> <span class="o">=</span> <span class="n">number</span> <span class="p">}</span> <span class="n">variable</span> <span class="sh">"</span><span class="s">min_size</span><span class="sh">"</span> <span class="p">{</span> <span class="n">description</span> <span class="o">=</span> <span class="sh">"</span><span class="s">The minimum size of node</span><span class="sh">"</span> <span class="nb">type</span> <span class="o">=</span> <span class="n">number</span> <span class="n">default</span> <span class="o">=</span> <span class="mi">0</span> <span class="p">}</span> <span class="n">variable</span> <span class="sh">"</span><span class="s">security_group_ids</span><span class="sh">"</span> <span class="p">{</span> <span class="n">description</span> <span class="o">=</span> <span class="sh">"</span><span class="s">The security groups to access EKS</span><span class="sh">"</span> <span class="nb">type</span> <span class="o">=</span> <span class="nb">list</span> <span class="n">default</span> <span class="o">=</span> <span class="p">[]</span> <span class="p">}</span> <span class="n">variable</span> <span class="sh">"</span><span class="s">eks_tags</span><span class="sh">"</span> <span class="p">{</span> <span class="n">description</span> <span class="o">=</span> <span class="sh">"</span><span class="s">A map of tags to add to EKS</span><span class="sh">"</span> <span class="nb">type</span> <span class="o">=</span> <span class="nf">map</span><span class="p">(</span><span class="n">string</span><span class="p">)</span> <span class="n">default</span> <span class="o">=</span> <span class="p">{}</span> <span class="p">}</span> </code></pre> </div> <ul> <li>outputs.tf </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">output</span> <span class="sh">"</span><span class="s">endpoint</span><span class="sh">"</span> <span class="p">{</span> <span class="n">value</span> <span class="o">=</span> <span class="n">aws_eks_cluster</span><span class="p">.</span><span class="n">eks</span><span class="p">.</span><span class="n">endpoint</span> <span class="p">}</span> </code></pre> </div> <h2> Jump Server </h2> <p>We cannot access EKS directly, so we can use a EC2 as jump server to do it. The source codes in <code>jumpserver</code> folder are listed as below:</p> <ul> <li>main.tf </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nb">locals</span> <span class="p">{</span> <span class="n">vpc_id</span> <span class="o">=</span> <span class="n">var</span><span class="p">.</span><span class="n">vpc_id</span> <span class="n">instance_type</span> <span class="o">=</span> <span class="n">var</span><span class="p">.</span><span class="n">instance_type</span> <span class="n">instance_ami</span> <span class="o">=</span> <span class="n">var</span><span class="p">.</span><span class="n">instance_ami</span> <span class="n">subnet_id</span> <span class="o">=</span> <span class="n">var</span><span class="p">.</span><span class="n">public_subnets_id</span><span class="p">[</span><span class="mi">0</span><span class="p">][</span><span class="mi">0</span><span class="p">]</span> <span class="n">security_group_ids</span> <span class="o">=</span> <span class="n">var</span><span class="p">.</span><span class="n">security_group_ids</span> <span class="n">tags</span> <span class="o">=</span> <span class="n">var</span><span class="p">.</span><span class="n">shared_tags</span> <span class="p">}</span> <span class="c1"># Define the security group for jump server. </span><span class="n">resource</span> <span class="sh">"</span><span class="s">aws_security_group</span><span class="sh">"</span> <span class="sh">"</span><span class="s">jump-server</span><span class="sh">"</span> <span class="p">{</span> <span class="n">name</span> <span class="o">=</span> <span class="sh">"</span><span class="s">Security group for jump server</span><span class="sh">"</span> <span class="n">vpc_id</span> <span class="o">=</span> <span class="n">local</span><span class="p">.</span><span class="n">vpc_id</span> <span class="n">ingress</span> <span class="p">{</span> <span class="n">from_port</span> <span class="o">=</span> <span class="mi">22</span> <span class="n">protocol</span> <span class="o">=</span> <span class="sh">"</span><span class="s">TCP</span><span class="sh">"</span> <span class="n">to_port</span> <span class="o">=</span> <span class="mi">22</span> <span class="n">cidr_blocks</span> <span class="o">=</span> <span class="p">[</span><span class="sh">"</span><span class="s">0.0.0.0/0</span><span class="sh">"</span><span class="p">]</span> <span class="n">description</span> <span class="o">=</span> <span class="sh">"</span><span class="s">Allow SSH inbound traffic</span><span class="sh">"</span> <span class="p">}</span> <span class="c1"># Allow all outbound traffic </span> <span class="n">egress</span> <span class="p">{</span> <span class="n">from_port</span> <span class="o">=</span> <span class="mi">0</span> <span class="n">protocol</span> <span class="o">=</span> <span class="sh">"</span><span class="s">-1</span><span class="sh">"</span> <span class="n">to_port</span> <span class="o">=</span> <span class="mi">0</span> <span class="n">cidr_blocks</span> <span class="o">=</span> <span class="p">[</span><span class="sh">"</span><span class="s">0.0.0.0/0</span><span class="sh">"</span><span class="p">]</span> <span class="n">ipv6_cidr_blocks</span> <span class="o">=</span> <span class="p">[</span><span class="sh">"</span><span class="s">::/0</span><span class="sh">"</span><span class="p">]</span> <span class="n">description</span> <span class="o">=</span> <span class="sh">"</span><span class="s">Allow all outbound traffic</span><span class="sh">"</span> <span class="p">}</span> <span class="n">tags</span> <span class="o">=</span> <span class="nf">merge</span><span class="p">({</span> <span class="n">Name</span> <span class="p">:</span> <span class="sh">"</span><span class="s">Security group for jump server</span><span class="sh">"</span> <span class="p">},</span> <span class="n">local</span><span class="p">.</span><span class="n">tags</span><span class="p">)</span> <span class="p">}</span> <span class="c1"># Define the role to be attached ec2 instance of the jump server </span><span class="n">resource</span> <span class="sh">"</span><span class="s">aws_iam_role</span><span class="sh">"</span> <span class="sh">"</span><span class="s">jump-server</span><span class="sh">"</span> <span class="p">{</span> <span class="n">name</span> <span class="o">=</span> <span class="sh">"</span><span class="s">jump-server-role</span><span class="sh">"</span> <span class="n">assume_role_policy</span> <span class="o">=</span> <span class="nf">jsonencode</span><span class="p">({</span> <span class="sh">"</span><span class="s">Version</span><span class="sh">"</span> <span class="p">:</span> <span class="sh">"</span><span class="s">2012-10-17</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Statement</span><span class="sh">"</span> <span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="sh">"</span><span class="s">Effect</span><span class="sh">"</span> <span class="p">:</span> <span class="sh">"</span><span class="s">Allow</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Action</span><span class="sh">"</span> <span class="p">:</span> <span class="p">[</span> <span class="sh">"</span><span class="s">sts:AssumeRole</span><span class="sh">"</span> <span class="p">],</span> <span class="sh">"</span><span class="s">Principal</span><span class="sh">"</span> <span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">Service</span><span class="sh">"</span> <span class="p">:</span> <span class="p">[</span> <span class="sh">"</span><span class="s">ec2.amazonaws.com</span><span class="sh">"</span> <span class="p">]</span> <span class="p">}</span> <span class="p">}</span> <span class="p">]</span> <span class="p">})</span> <span class="n">tags</span> <span class="o">=</span> <span class="nf">merge</span><span class="p">({</span> <span class="n">Name</span> <span class="p">:</span> <span class="sh">"</span><span class="s">Jump Server Role</span><span class="sh">"</span> <span class="p">},</span> <span class="n">local</span><span class="p">.</span><span class="n">tags</span><span class="p">)</span> <span class="p">}</span> <span class="c1"># Attach the AdministratorAccess policy to jump server role </span><span class="n">resource</span> <span class="sh">"</span><span class="s">aws_iam_role_policy_attachment</span><span class="sh">"</span> <span class="sh">"</span><span class="s">jump-server-AdministratorAccess</span><span class="sh">"</span> <span class="p">{</span> <span class="n">policy_arn</span> <span class="o">=</span> <span class="sh">"</span><span class="s">arn:aws:iam::aws:policy/AdministratorAccess</span><span class="sh">"</span> <span class="n">role</span> <span class="o">=</span> <span class="n">aws_iam_role</span><span class="p">.</span><span class="n">jump</span><span class="o">-</span><span class="n">server</span><span class="p">.</span><span class="n">name</span> <span class="p">}</span> <span class="c1"># Define iam instance profile for ec2 instance of the message transmission service </span><span class="n">resource</span> <span class="sh">"</span><span class="s">aws_iam_instance_profile</span><span class="sh">"</span> <span class="sh">"</span><span class="s">jump-server-profile</span><span class="sh">"</span> <span class="p">{</span> <span class="n">name</span> <span class="o">=</span> <span class="sh">"</span><span class="s">jump-server-profile</span><span class="sh">"</span> <span class="n">role</span> <span class="o">=</span> <span class="n">aws_iam_role</span><span class="p">.</span><span class="n">jump</span><span class="o">-</span><span class="n">server</span><span class="p">.</span><span class="n">name</span> <span class="n">tags</span> <span class="o">=</span> <span class="nf">merge</span><span class="p">({</span> <span class="n">Name</span> <span class="p">:</span> <span class="sh">"</span><span class="s">Jump Server Profile</span><span class="sh">"</span> <span class="p">},</span> <span class="n">local</span><span class="p">.</span><span class="n">tags</span><span class="p">)</span> <span class="p">}</span> <span class="c1"># Define the ec2 instance </span><span class="n">resource</span> <span class="sh">"</span><span class="s">aws_instance</span><span class="sh">"</span> <span class="sh">"</span><span class="s">jump-server</span><span class="sh">"</span> <span class="p">{</span> <span class="n">count</span> <span class="o">=</span> <span class="mi">1</span> <span class="n">instance_type</span> <span class="o">=</span> <span class="n">local</span><span class="p">.</span><span class="n">instance_type</span> <span class="n">ami</span> <span class="o">=</span> <span class="n">local</span><span class="p">.</span><span class="n">instance_ami</span> <span class="n">associate_public_ip_address</span> <span class="o">=</span> <span class="n">true</span> <span class="n">hibernation</span> <span class="o">=</span> <span class="n">false</span> <span class="n">subnet_id</span> <span class="o">=</span> <span class="n">local</span><span class="p">.</span><span class="n">subnet_id</span> <span class="n">vpc_security_group_ids</span> <span class="o">=</span> <span class="nf">setunion</span><span class="p">([</span><span class="n">aws_security_group</span><span class="p">.</span><span class="n">jump</span><span class="o">-</span><span class="n">server</span><span class="p">.</span><span class="nb">id</span><span class="p">],</span> <span class="n">local</span><span class="p">.</span><span class="n">security_group_ids</span><span class="p">)</span> <span class="n">iam_instance_profile</span> <span class="o">=</span> <span class="n">aws_iam_instance_profile</span><span class="p">.</span><span class="n">jump</span><span class="o">-</span><span class="n">server</span><span class="o">-</span><span class="n">profile</span><span class="p">.</span><span class="n">name</span> <span class="n">tags</span> <span class="o">=</span> <span class="nf">merge</span><span class="p">({</span> <span class="n">Name</span> <span class="o">=</span> <span class="sh">"</span><span class="s">Jumper Server</span><span class="sh">"</span> <span class="p">},</span> <span class="n">local</span><span class="p">.</span><span class="n">tags</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <ul> <li>variables.tf </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">variable</span> <span class="sh">"</span><span class="s">vpc_id</span><span class="sh">"</span> <span class="p">{</span> <span class="nb">type</span> <span class="o">=</span> <span class="n">string</span> <span class="p">}</span> <span class="n">variable</span> <span class="sh">"</span><span class="s">instance_type</span><span class="sh">"</span> <span class="p">{</span> <span class="nb">type</span> <span class="o">=</span> <span class="n">string</span> <span class="n">default</span> <span class="o">=</span> <span class="sh">"</span><span class="s">t3.micro</span><span class="sh">"</span> <span class="p">}</span> <span class="n">variable</span> <span class="sh">"</span><span class="s">instance_ami</span><span class="sh">"</span> <span class="p">{</span> <span class="nb">type</span> <span class="o">=</span> <span class="n">string</span> <span class="n">default</span> <span class="o">=</span> <span class="sh">"</span><span class="s">ami-0f9fc25dd2506cf6d</span><span class="sh">"</span> <span class="p">}</span> <span class="n">variable</span> <span class="sh">"</span><span class="s">public_subnets_id</span><span class="sh">"</span> <span class="p">{</span> <span class="n">description</span> <span class="o">=</span> <span class="sh">"</span><span class="s">The public subnet id</span><span class="sh">"</span> <span class="nb">type</span> <span class="o">=</span> <span class="nb">list</span> <span class="p">}</span> <span class="n">variable</span> <span class="sh">"</span><span class="s">security_group_ids</span><span class="sh">"</span> <span class="p">{</span> <span class="n">description</span> <span class="o">=</span> <span class="sh">"</span><span class="s">The security group for jump server</span><span class="sh">"</span> <span class="nb">type</span> <span class="o">=</span> <span class="nb">list</span> <span class="n">default</span> <span class="o">=</span> <span class="p">[]</span> <span class="p">}</span> <span class="n">variable</span> <span class="sh">"</span><span class="s">shared_tags</span><span class="sh">"</span> <span class="p">{</span> <span class="n">description</span> <span class="o">=</span> <span class="sh">"</span><span class="s">A map of tags to add to Jump Server</span><span class="sh">"</span> <span class="nb">type</span> <span class="o">=</span> <span class="nf">map</span><span class="p">(</span><span class="n">string</span><span class="p">)</span> <span class="n">default</span> <span class="o">=</span> <span class="p">{}</span> <span class="p">}</span> </code></pre> </div> <ul> <li>outputs.tf </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">output</span> <span class="sh">"</span><span class="s">jump-server-security-group-id</span><span class="sh">"</span> <span class="p">{</span> <span class="n">value</span> <span class="o">=</span> <span class="n">aws_security_group</span><span class="p">.</span><span class="n">jump</span><span class="o">-</span><span class="n">server</span><span class="p">.</span><span class="nb">id</span> <span class="p">}</span> </code></pre> </div> <h2> Virginia </h2> <p>The source code <code>region/virginia</code> folder are listed as below:</p> <ul> <li>providers.tf </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">terraform</span> <span class="p">{</span> <span class="n">required_version</span> <span class="o">=</span> <span class="sh">"</span><span class="s">&gt;= 0.13.7</span><span class="sh">"</span> <span class="n">required_providers</span> <span class="p">{</span> <span class="n">aws</span> <span class="o">=</span> <span class="p">{</span> <span class="n">source</span> <span class="o">=</span> <span class="sh">"</span><span class="s">hashicorp/aws</span><span class="sh">"</span> <span class="n">version</span> <span class="o">=</span> <span class="sh">"</span><span class="s">&gt;= 4.8.0</span><span class="sh">"</span> <span class="p">}</span> <span class="n">random</span> <span class="o">=</span> <span class="p">{</span> <span class="n">source</span> <span class="o">=</span> <span class="sh">"</span><span class="s">hashicorp/random</span><span class="sh">"</span> <span class="n">version</span> <span class="o">=</span> <span class="sh">"</span><span class="s">3.1.0</span><span class="sh">"</span> <span class="p">}</span> <span class="n">null</span> <span class="o">=</span> <span class="p">{</span> <span class="n">source</span> <span class="o">=</span> <span class="sh">"</span><span class="s">hashicorp/null</span><span class="sh">"</span> <span class="n">version</span> <span class="o">=</span> <span class="sh">"</span><span class="s">3.1.0</span><span class="sh">"</span> <span class="p">}</span> <span class="n">local</span> <span class="o">=</span> <span class="p">{</span> <span class="n">source</span> <span class="o">=</span> <span class="sh">"</span><span class="s">hashicorp/local</span><span class="sh">"</span> <span class="n">version</span> <span class="o">=</span> <span class="sh">"</span><span class="s">2.1.0</span><span class="sh">"</span> <span class="p">}</span> <span class="n">template</span> <span class="o">=</span> <span class="p">{</span> <span class="n">source</span> <span class="o">=</span> <span class="sh">"</span><span class="s">hashicorp/template</span><span class="sh">"</span> <span class="n">version</span> <span class="o">=</span> <span class="sh">"</span><span class="s">2.2.0</span><span class="sh">"</span> <span class="p">}</span> <span class="c1"># Kubernetes Provider </span> <span class="n">kubernetes</span> <span class="o">=</span> <span class="p">{</span> <span class="n">source</span> <span class="o">=</span> <span class="sh">"</span><span class="s">hashicorp/kubernetes</span><span class="sh">"</span> <span class="n">version</span> <span class="o">=</span> <span class="sh">"</span><span class="s">2.1.0</span><span class="sh">"</span> <span class="p">}</span> <span class="p">}</span> <span class="n">backend</span> <span class="sh">"</span><span class="s">s3</span><span class="sh">"</span> <span class="p">{</span> <span class="n">bucket</span> <span class="o">=</span> <span class="sh">"</span><span class="s">pin-terraform-state-us-east-1</span><span class="sh">"</span> <span class="n">key</span> <span class="o">=</span> <span class="sh">"</span><span class="s">terraform/backend.tfstate</span><span class="sh">"</span> <span class="n">region</span> <span class="o">=</span> <span class="sh">"</span><span class="s">us-east-1</span><span class="sh">"</span> <span class="n">encrypt</span> <span class="o">=</span> <span class="sh">"</span><span class="s">true</span><span class="sh">"</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <ul> <li>main.tf </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nb">locals</span> <span class="p">{</span> <span class="n">region</span> <span class="o">=</span> <span class="sh">"</span><span class="s">us-east-1</span><span class="sh">"</span> <span class="n">availability_zones</span> <span class="o">=</span> <span class="p">[</span><span class="sh">"</span><span class="s">${local.region}a</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">${local.region}b</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">${local.region}c</span><span class="sh">"</span><span class="p">]</span> <span class="n">tags</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">"</span><span class="s">Environment</span><span class="sh">"</span> <span class="p">:</span> <span class="sh">"</span><span class="s">PROD</span><span class="sh">"</span> <span class="sh">"</span><span class="s">Project</span><span class="sh">"</span> <span class="p">:</span> <span class="sh">"</span><span class="s">Infrastructure</span><span class="sh">"</span> <span class="p">}</span> <span class="p">}</span> <span class="n">provider</span> <span class="sh">"</span><span class="s">aws</span><span class="sh">"</span> <span class="p">{</span> <span class="n">region</span> <span class="o">=</span> <span class="n">local</span><span class="p">.</span><span class="n">region</span> <span class="p">}</span> <span class="n">module</span> <span class="sh">"</span><span class="s">Networking</span><span class="sh">"</span> <span class="p">{</span> <span class="n">source</span> <span class="o">=</span> <span class="sh">"</span><span class="s">../../module/networking</span><span class="sh">"</span> <span class="n">name</span> <span class="o">=</span> <span class="sh">"</span><span class="s">VPC</span><span class="sh">"</span> <span class="n">availability_zones</span> <span class="o">=</span> <span class="n">local</span><span class="p">.</span><span class="n">availability_zones</span> <span class="n">vpc_cidr_block</span> <span class="o">=</span> <span class="sh">"</span><span class="s">10.0.0.0/16</span><span class="sh">"</span> <span class="n">public_subnets_cidr_block</span> <span class="o">=</span> <span class="p">[</span><span class="sh">"</span><span class="s">10.0.32.0/24</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">10.0.96.0/24</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">10.0.224.0/24</span><span class="sh">"</span><span class="p">]</span> <span class="n">private_subnets_cidr_block</span> <span class="o">=</span> <span class="p">[</span><span class="sh">"</span><span class="s">10.0.0.0/19</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">10.0.64.0/19</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">10.0.128.0/19</span><span class="sh">"</span><span class="p">]</span> <span class="n">vpc_tags</span> <span class="o">=</span> <span class="n">local</span><span class="p">.</span><span class="n">tags</span> <span class="p">}</span> <span class="n">module</span> <span class="sh">"</span><span class="s">JumpServer</span><span class="sh">"</span> <span class="p">{</span> <span class="n">source</span> <span class="o">=</span> <span class="sh">"</span><span class="s">../../module/jumpserver</span><span class="sh">"</span> <span class="n">vpc_id</span> <span class="o">=</span> <span class="n">module</span><span class="p">.</span><span class="n">Networking</span><span class="p">.</span><span class="n">vpc_id</span> <span class="n">public_subnets_id</span> <span class="o">=</span> <span class="n">module</span><span class="p">.</span><span class="n">Networking</span><span class="p">.</span><span class="n">public_subnets_id</span> <span class="n">shared_tags</span> <span class="o">=</span> <span class="n">local</span><span class="p">.</span><span class="n">tags</span> <span class="p">}</span> <span class="n">module</span> <span class="sh">"</span><span class="s">EKS</span><span class="sh">"</span> <span class="p">{</span> <span class="n">source</span> <span class="o">=</span> <span class="sh">"</span><span class="s">../../module/eks</span><span class="sh">"</span> <span class="n">name</span> <span class="o">=</span> <span class="sh">"</span><span class="s">EKS</span><span class="sh">"</span> <span class="n">vpc_id</span> <span class="o">=</span> <span class="n">module</span><span class="p">.</span><span class="n">Networking</span><span class="p">.</span><span class="n">vpc_id</span> <span class="n">public_subnets_id</span> <span class="o">=</span> <span class="n">module</span><span class="p">.</span><span class="n">Networking</span><span class="p">.</span><span class="n">public_subnets_id</span> <span class="n">private_subnets_id</span> <span class="o">=</span> <span class="n">module</span><span class="p">.</span><span class="n">Networking</span><span class="p">.</span><span class="n">private_subnets_id</span> <span class="n">desired_size</span> <span class="o">=</span> <span class="mi">4</span> <span class="n">max_size</span> <span class="o">=</span> <span class="mi">16</span> <span class="n">eks_tags</span> <span class="o">=</span> <span class="n">local</span><span class="p">.</span><span class="n">tags</span> <span class="p">}</span> </code></pre> </div> <p>Now, we can build it<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>terraform init </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>terraform apply </code></pre> </div> <h2> Result </h2> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5m75k6xknjpmn9d1ogup.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5m75k6xknjpmn9d1ogup.png" alt="Image description"></a></p> devops ica kubernetes terraform How to build VPC with Terraform Pin Xiong Wed, 20 Apr 2022 14:39:31 +0000 https://dev.to/aws-builders/how-to-build-vpc-with-terraform-36ek https://dev.to/aws-builders/how-to-build-vpc-with-terraform-36ek <p>It's one of the most important things that everyone need to build VPC after applied a new aws account. The purpose of this blog is to help you build it using Terraform. All the codes have been put in <a href="https://github.com/pinxiong/infrastructure" rel="noopener noreferrer">github</a>.</p> <h2> Design for networking </h2> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fk6bx0if6b5nuvqxaro0v.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fk6bx0if6b5nuvqxaro0v.png" alt="Image description"></a></p> <ul> <li>Public subnet: Deploying websites can be accessed directly by the Internet</li> <li>Private subnet: Deploying applications only can be accessed by the websites in <strong>Public subnet</strong>. Also, the application can access to the Internet through <strong>NAT Gateway</strong> </li> </ul> <h2> How to build </h2> <p>Before creating a VPC, we need to install <a href="https://www.terraform.io/downloads" rel="noopener noreferrer">TerraForm</a> first.</p> <h3> Code structure </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>infrastructure ├── module │ └── networking │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── region │ └── virginia │ ├── main.tf │ └── providers.tf └── setup ├── main.tf ├── outputs.tf ├── providers.tf └── variables.tf </code></pre> </div> <h3> Setup environment </h3> <p>The source codes in <code>setup</code> folder are listed as below:</p> <ul> <li>main.tf </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nb">locals</span> <span class="p">{</span> <span class="n">region</span> <span class="o">=</span> <span class="n">var</span><span class="p">.</span><span class="n">region</span> <span class="p">}</span> <span class="c1"># Define a s3 bucket to store terraform state file. </span><span class="n">resource</span> <span class="sh">"</span><span class="s">aws_s3_bucket</span><span class="sh">"</span> <span class="sh">"</span><span class="s">terraform_state</span><span class="sh">"</span> <span class="p">{</span> <span class="n">bucket</span> <span class="o">=</span> <span class="nf">format</span><span class="p">(</span><span class="sh">"</span><span class="s">terraform-state-%s</span><span class="sh">"</span><span class="p">,</span> <span class="n">local</span><span class="p">.</span><span class="n">region</span><span class="p">)</span> <span class="n">force_destroy</span> <span class="o">=</span> <span class="n">false</span> <span class="n">lifecycle</span> <span class="p">{</span> <span class="n">ignore_changes</span> <span class="o">=</span> <span class="p">[</span><span class="n">bucket</span><span class="p">]</span> <span class="p">}</span> <span class="p">}</span> <span class="n">resource</span> <span class="sh">"</span><span class="s">aws_s3_bucket_versioning</span><span class="sh">"</span> <span class="sh">"</span><span class="s">terraform_state</span><span class="sh">"</span> <span class="p">{</span> <span class="n">bucket</span> <span class="o">=</span> <span class="n">aws_s3_bucket</span><span class="p">.</span><span class="n">terraform_state</span><span class="p">.</span><span class="nb">id</span> <span class="n">versioning_configuration</span> <span class="p">{</span> <span class="n">status</span> <span class="o">=</span> <span class="sh">"</span><span class="s">Enabled</span><span class="sh">"</span> <span class="p">}</span> <span class="p">}</span> <span class="n">resource</span> <span class="sh">"</span><span class="s">aws_s3_bucket_server_side_encryption_configuration</span><span class="sh">"</span> <span class="sh">"</span><span class="s">terraform_state</span><span class="sh">"</span> <span class="p">{</span> <span class="n">bucket</span> <span class="o">=</span> <span class="n">aws_s3_bucket</span><span class="p">.</span><span class="n">terraform_state</span><span class="p">.</span><span class="n">bucket</span> <span class="n">rule</span> <span class="p">{</span> <span class="n">apply_server_side_encryption_by_default</span> <span class="p">{</span> <span class="n">sse_algorithm</span> <span class="o">=</span> <span class="sh">"</span><span class="s">AES256</span><span class="sh">"</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <ul> <li>outputs.tf </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">output</span> <span class="sh">"</span><span class="s">s3_bucket_terraform_state</span><span class="sh">"</span> <span class="p">{</span> <span class="n">value</span> <span class="o">=</span> <span class="n">aws_s3_bucket</span><span class="p">.</span><span class="n">terraform_state</span><span class="p">.</span><span class="n">bucket</span> <span class="p">}</span> </code></pre> </div> <ul> <li>providers.tf </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">terraform</span> <span class="p">{</span> <span class="n">required_version</span> <span class="o">=</span> <span class="sh">"</span><span class="s">&gt;= 0.13.7</span><span class="sh">"</span> <span class="n">required_providers</span> <span class="p">{</span> <span class="n">aws</span> <span class="o">=</span> <span class="p">{</span> <span class="n">source</span> <span class="o">=</span> <span class="sh">"</span><span class="s">hashicorp/aws</span><span class="sh">"</span> <span class="n">version</span> <span class="o">=</span> <span class="sh">"</span><span class="s">&gt;= 4.8.0</span><span class="sh">"</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <ul> <li>variables.tf </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">variable</span> <span class="sh">"</span><span class="s">region</span><span class="sh">"</span> <span class="p">{</span> <span class="n">description</span> <span class="o">=</span> <span class="sh">"</span><span class="s">The name of the aws Region</span><span class="sh">"</span> <span class="nb">type</span> <span class="o">=</span> <span class="n">string</span> <span class="p">}</span> </code></pre> </div> <p>And then, we need to create s3 bucket for remote backend, the s3 bucket name is the output of <code>s3_bucket_terraform_state</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>terraform init </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>terraform apply </code></pre> </div> <h3> Networking </h3> <p>The source codes in <code>networking</code> folder are listed as below:</p> <ul> <li>main.tf </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nb">locals</span> <span class="p">{</span> <span class="n">name</span> <span class="o">=</span> <span class="n">var</span><span class="p">.</span><span class="n">name</span> <span class="n">cidr_block</span> <span class="o">=</span> <span class="n">var</span><span class="p">.</span><span class="n">vpc_cidr_block</span> <span class="n">public_subnets_cidr_block</span> <span class="o">=</span> <span class="n">var</span><span class="p">.</span><span class="n">public_subnets_cidr_block</span> <span class="n">private_subnets_cidr_block</span> <span class="o">=</span> <span class="n">var</span><span class="p">.</span><span class="n">private_subnets_cidr_block</span> <span class="n">availability_zones</span> <span class="o">=</span> <span class="n">var</span><span class="p">.</span><span class="n">availability_zones</span> <span class="n">tags</span> <span class="o">=</span> <span class="n">var</span><span class="p">.</span><span class="n">vpc_tags</span> <span class="p">}</span> <span class="c1"># VPC </span><span class="n">resource</span> <span class="sh">"</span><span class="s">aws_vpc</span><span class="sh">"</span> <span class="sh">"</span><span class="s">vpc</span><span class="sh">"</span> <span class="p">{</span> <span class="n">cidr_block</span> <span class="o">=</span> <span class="n">local</span><span class="p">.</span><span class="n">cidr_block</span> <span class="n">enable_dns_hostnames</span> <span class="o">=</span> <span class="n">true</span> <span class="n">enable_dns_support</span> <span class="o">=</span> <span class="n">true</span> <span class="n">tags</span> <span class="o">=</span> <span class="nf">merge</span><span class="p">(</span> <span class="p">{</span> <span class="n">Name</span> <span class="o">=</span> <span class="n">local</span><span class="p">.</span><span class="n">name</span> <span class="p">},</span> <span class="n">local</span><span class="p">.</span><span class="n">tags</span><span class="p">)</span> <span class="p">}</span> <span class="c1"># Subnets # Internet Gateway for Public Subnet </span><span class="n">resource</span> <span class="sh">"</span><span class="s">aws_internet_gateway</span><span class="sh">"</span> <span class="sh">"</span><span class="s">internet_gateway</span><span class="sh">"</span> <span class="p">{</span> <span class="n">vpc_id</span> <span class="o">=</span> <span class="n">aws_vpc</span><span class="p">.</span><span class="n">vpc</span><span class="p">.</span><span class="nb">id</span> <span class="n">tags</span> <span class="o">=</span> <span class="nf">merge</span><span class="p">({</span> <span class="n">Name</span> <span class="o">=</span> <span class="sh">"</span><span class="s">${local.name} Internet Gateway</span><span class="sh">"</span> <span class="p">},</span> <span class="n">local</span><span class="p">.</span><span class="n">tags</span><span class="p">)</span> <span class="p">}</span> <span class="c1"># EIP for NAT </span><span class="n">resource</span> <span class="sh">"</span><span class="s">aws_eip</span><span class="sh">"</span> <span class="sh">"</span><span class="s">nat_eip</span><span class="sh">"</span> <span class="p">{</span> <span class="n">vpc</span> <span class="o">=</span> <span class="n">true</span> <span class="n">depends_on</span> <span class="o">=</span> <span class="p">[</span><span class="n">aws_internet_gateway</span><span class="p">.</span><span class="n">internet_gateway</span><span class="p">]</span> <span class="p">}</span> <span class="c1"># NAT </span><span class="n">resource</span> <span class="sh">"</span><span class="s">aws_nat_gateway</span><span class="sh">"</span> <span class="sh">"</span><span class="s">nat_gateway</span><span class="sh">"</span> <span class="p">{</span> <span class="n">allocation_id</span> <span class="o">=</span> <span class="n">aws_eip</span><span class="p">.</span><span class="n">nat_eip</span><span class="p">.</span><span class="nb">id</span> <span class="n">subnet_id</span> <span class="o">=</span> <span class="nf">element</span><span class="p">(</span><span class="n">aws_subnet</span><span class="p">.</span><span class="n">public_subnet</span><span class="p">.</span><span class="o">*</span><span class="p">.</span><span class="nb">id</span><span class="p">,</span> <span class="mi">0</span><span class="p">)</span> <span class="n">tags</span> <span class="o">=</span> <span class="nf">merge</span><span class="p">({</span> <span class="n">Name</span> <span class="o">=</span> <span class="sh">"</span><span class="s">${local.name} Nat Gateway</span><span class="sh">"</span> <span class="p">},</span> <span class="n">local</span><span class="p">.</span><span class="n">tags</span><span class="p">)</span> <span class="p">}</span> <span class="c1"># Public subnet </span><span class="n">resource</span> <span class="sh">"</span><span class="s">aws_subnet</span><span class="sh">"</span> <span class="sh">"</span><span class="s">public_subnet</span><span class="sh">"</span> <span class="p">{</span> <span class="n">vpc_id</span> <span class="o">=</span> <span class="n">aws_vpc</span><span class="p">.</span><span class="n">vpc</span><span class="p">.</span><span class="nb">id</span> <span class="n">count</span> <span class="o">=</span> <span class="nf">length</span><span class="p">(</span><span class="n">local</span><span class="p">.</span><span class="n">public_subnets_cidr_block</span><span class="p">)</span> <span class="n">cidr_block</span> <span class="o">=</span> <span class="nf">element</span><span class="p">(</span><span class="n">local</span><span class="p">.</span><span class="n">public_subnets_cidr_block</span><span class="p">,</span> <span class="n">count</span><span class="p">.</span><span class="n">index</span><span class="p">)</span> <span class="n">availability_zone</span> <span class="o">=</span> <span class="nf">element</span><span class="p">(</span><span class="n">local</span><span class="p">.</span><span class="n">availability_zones</span><span class="p">,</span> <span class="n">count</span><span class="p">.</span><span class="n">index</span><span class="p">)</span> <span class="n">map_public_ip_on_launch</span> <span class="o">=</span> <span class="n">true</span> <span class="n">tags</span> <span class="o">=</span> <span class="nf">merge</span><span class="p">(</span> <span class="p">{</span> <span class="n">Name</span> <span class="o">=</span> <span class="sh">"</span><span class="s">${local.name} Public Subnet ${element(var.availability_zones, count.index)}</span><span class="sh">"</span> <span class="p">},</span> <span class="n">local</span><span class="p">.</span><span class="n">tags</span><span class="p">)</span> <span class="p">}</span> <span class="c1"># Private Subnet </span><span class="n">resource</span> <span class="sh">"</span><span class="s">aws_subnet</span><span class="sh">"</span> <span class="sh">"</span><span class="s">private_subnet</span><span class="sh">"</span> <span class="p">{</span> <span class="n">vpc_id</span> <span class="o">=</span> <span class="n">aws_vpc</span><span class="p">.</span><span class="n">vpc</span><span class="p">.</span><span class="nb">id</span> <span class="n">count</span> <span class="o">=</span> <span class="nf">length</span><span class="p">(</span><span class="n">local</span><span class="p">.</span><span class="n">private_subnets_cidr_block</span><span class="p">)</span> <span class="n">cidr_block</span> <span class="o">=</span> <span class="nf">element</span><span class="p">(</span><span class="n">local</span><span class="p">.</span><span class="n">private_subnets_cidr_block</span><span class="p">,</span> <span class="n">count</span><span class="p">.</span><span class="n">index</span><span class="p">)</span> <span class="n">availability_zone</span> <span class="o">=</span> <span class="nf">element</span><span class="p">(</span><span class="n">local</span><span class="p">.</span><span class="n">availability_zones</span><span class="p">,</span> <span class="n">count</span><span class="p">.</span><span class="n">index</span><span class="p">)</span> <span class="n">map_public_ip_on_launch</span> <span class="o">=</span> <span class="n">false</span> <span class="n">tags</span> <span class="o">=</span> <span class="nf">merge</span><span class="p">({</span> <span class="n">Name</span> <span class="o">=</span> <span class="sh">"</span><span class="s">${local.name} Private Subnet ${element(var.availability_zones, count.index)}</span><span class="sh">"</span> <span class="p">},</span> <span class="n">local</span><span class="p">.</span><span class="n">tags</span><span class="p">)</span> <span class="p">}</span> <span class="c1"># Routing tables to route traffic for Private Subnet </span><span class="n">resource</span> <span class="sh">"</span><span class="s">aws_route_table</span><span class="sh">"</span> <span class="sh">"</span><span class="s">private</span><span class="sh">"</span> <span class="p">{</span> <span class="n">vpc_id</span> <span class="o">=</span> <span class="n">aws_vpc</span><span class="p">.</span><span class="n">vpc</span><span class="p">.</span><span class="nb">id</span> <span class="n">tags</span> <span class="o">=</span> <span class="nf">merge</span><span class="p">({</span> <span class="n">Name</span> <span class="o">=</span> <span class="sh">"</span><span class="s">${local.name} Private Route Table</span><span class="sh">"</span> <span class="p">},</span> <span class="n">local</span><span class="p">.</span><span class="n">tags</span><span class="p">)</span> <span class="p">}</span> <span class="c1"># Routing tables to route traffic for Public Subnet </span><span class="n">resource</span> <span class="sh">"</span><span class="s">aws_route_table</span><span class="sh">"</span> <span class="sh">"</span><span class="s">public</span><span class="sh">"</span> <span class="p">{</span> <span class="n">vpc_id</span> <span class="o">=</span> <span class="n">aws_vpc</span><span class="p">.</span><span class="n">vpc</span><span class="p">.</span><span class="nb">id</span> <span class="n">tags</span> <span class="o">=</span> <span class="nf">merge</span><span class="p">({</span> <span class="n">Name</span> <span class="o">=</span> <span class="sh">"</span><span class="s">${local.name} Public Route Table</span><span class="sh">"</span> <span class="p">},</span> <span class="n">local</span><span class="p">.</span><span class="n">tags</span><span class="p">)</span> <span class="p">}</span> <span class="c1"># Route for Internet Gateway </span><span class="n">resource</span> <span class="sh">"</span><span class="s">aws_route</span><span class="sh">"</span> <span class="sh">"</span><span class="s">public_internet_gateway</span><span class="sh">"</span> <span class="p">{</span> <span class="n">route_table_id</span> <span class="o">=</span> <span class="n">aws_route_table</span><span class="p">.</span><span class="n">public</span><span class="p">.</span><span class="nb">id</span> <span class="n">destination_cidr_block</span> <span class="o">=</span> <span class="sh">"</span><span class="s">0.0.0.0/0</span><span class="sh">"</span> <span class="n">gateway_id</span> <span class="o">=</span> <span class="n">aws_internet_gateway</span><span class="p">.</span><span class="n">internet_gateway</span><span class="p">.</span><span class="nb">id</span> <span class="p">}</span> <span class="c1"># Route for NAT </span><span class="n">resource</span> <span class="sh">"</span><span class="s">aws_route</span><span class="sh">"</span> <span class="sh">"</span><span class="s">private_nat_gateway</span><span class="sh">"</span> <span class="p">{</span> <span class="n">route_table_id</span> <span class="o">=</span> <span class="n">aws_route_table</span><span class="p">.</span><span class="n">private</span><span class="p">.</span><span class="nb">id</span> <span class="n">destination_cidr_block</span> <span class="o">=</span> <span class="sh">"</span><span class="s">0.0.0.0/0</span><span class="sh">"</span> <span class="n">nat_gateway_id</span> <span class="o">=</span> <span class="n">aws_nat_gateway</span><span class="p">.</span><span class="n">nat_gateway</span><span class="p">.</span><span class="nb">id</span> <span class="p">}</span> <span class="c1"># Route table associations for Public Subnets </span><span class="n">resource</span> <span class="sh">"</span><span class="s">aws_route_table_association</span><span class="sh">"</span> <span class="sh">"</span><span class="s">public</span><span class="sh">"</span> <span class="p">{</span> <span class="n">count</span> <span class="o">=</span> <span class="nf">length</span><span class="p">(</span><span class="n">local</span><span class="p">.</span><span class="n">public_subnets_cidr_block</span><span class="p">)</span> <span class="n">subnet_id</span> <span class="o">=</span> <span class="nf">element</span><span class="p">(</span><span class="n">aws_subnet</span><span class="p">.</span><span class="n">public_subnet</span><span class="p">.</span><span class="o">*</span><span class="p">.</span><span class="nb">id</span><span class="p">,</span> <span class="n">count</span><span class="p">.</span><span class="n">index</span><span class="p">)</span> <span class="n">route_table_id</span> <span class="o">=</span> <span class="n">aws_route_table</span><span class="p">.</span><span class="n">public</span><span class="p">.</span><span class="nb">id</span> <span class="p">}</span> <span class="c1"># Route table associations for Private Subnets </span><span class="n">resource</span> <span class="sh">"</span><span class="s">aws_route_table_association</span><span class="sh">"</span> <span class="sh">"</span><span class="s">private</span><span class="sh">"</span> <span class="p">{</span> <span class="n">count</span> <span class="o">=</span> <span class="nf">length</span><span class="p">(</span><span class="n">local</span><span class="p">.</span><span class="n">private_subnets_cidr_block</span><span class="p">)</span> <span class="n">subnet_id</span> <span class="o">=</span> <span class="nf">element</span><span class="p">(</span><span class="n">aws_subnet</span><span class="p">.</span><span class="n">private_subnet</span><span class="p">.</span><span class="o">*</span><span class="p">.</span><span class="nb">id</span><span class="p">,</span> <span class="n">count</span><span class="p">.</span><span class="n">index</span><span class="p">)</span> <span class="n">route_table_id</span> <span class="o">=</span> <span class="n">aws_route_table</span><span class="p">.</span><span class="n">private</span><span class="p">.</span><span class="nb">id</span> <span class="p">}</span> <span class="c1"># Default Security Group of VPC </span><span class="n">resource</span> <span class="sh">"</span><span class="s">aws_security_group</span><span class="sh">"</span> <span class="sh">"</span><span class="s">security_group</span><span class="sh">"</span> <span class="p">{</span> <span class="n">name</span> <span class="o">=</span> <span class="sh">"</span><span class="s">${local.name} Security Group</span><span class="sh">"</span> <span class="n">description</span> <span class="o">=</span> <span class="sh">"</span><span class="s">Default SG to allow traffic from the VPC</span><span class="sh">"</span> <span class="n">vpc_id</span> <span class="o">=</span> <span class="n">aws_vpc</span><span class="p">.</span><span class="n">vpc</span><span class="p">.</span><span class="nb">id</span> <span class="n">depends_on</span> <span class="o">=</span> <span class="p">[</span> <span class="n">aws_vpc</span><span class="p">.</span><span class="n">vpc</span> <span class="p">]</span> <span class="n">ingress</span> <span class="p">{</span> <span class="n">from_port</span> <span class="o">=</span> <span class="sh">"</span><span class="s">0</span><span class="sh">"</span> <span class="n">to_port</span> <span class="o">=</span> <span class="sh">"</span><span class="s">0</span><span class="sh">"</span> <span class="n">protocol</span> <span class="o">=</span> <span class="sh">"</span><span class="s">-1</span><span class="sh">"</span> <span class="n">self</span> <span class="o">=</span> <span class="n">true</span> <span class="p">}</span> <span class="n">egress</span> <span class="p">{</span> <span class="n">from_port</span> <span class="o">=</span> <span class="sh">"</span><span class="s">0</span><span class="sh">"</span> <span class="n">to_port</span> <span class="o">=</span> <span class="sh">"</span><span class="s">0</span><span class="sh">"</span> <span class="n">protocol</span> <span class="o">=</span> <span class="sh">"</span><span class="s">-1</span><span class="sh">"</span> <span class="n">self</span> <span class="o">=</span> <span class="sh">"</span><span class="s">true</span><span class="sh">"</span> <span class="p">}</span> <span class="n">tags</span> <span class="o">=</span> <span class="nf">merge</span><span class="p">({},</span> <span class="n">local</span><span class="p">.</span><span class="n">tags</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <ul> <li>outputs.tf </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">output</span> <span class="sh">"</span><span class="s">vpc_id</span><span class="sh">"</span> <span class="p">{</span> <span class="n">value</span> <span class="o">=</span> <span class="n">aws_vpc</span><span class="p">.</span><span class="n">vpc</span><span class="p">.</span><span class="nb">id</span> <span class="p">}</span> <span class="n">output</span> <span class="sh">"</span><span class="s">public_subnets_id</span><span class="sh">"</span> <span class="p">{</span> <span class="n">value</span> <span class="o">=</span> <span class="p">[</span><span class="n">aws_subnet</span><span class="p">.</span><span class="n">public_subnet</span><span class="p">.</span><span class="o">*</span><span class="p">.</span><span class="nb">id</span><span class="p">]</span> <span class="p">}</span> <span class="n">output</span> <span class="sh">"</span><span class="s">private_subnets_id</span><span class="sh">"</span> <span class="p">{</span> <span class="n">value</span> <span class="o">=</span> <span class="p">[</span><span class="n">aws_subnet</span><span class="p">.</span><span class="n">private_subnet</span><span class="p">.</span><span class="o">*</span><span class="p">.</span><span class="nb">id</span><span class="p">]</span> <span class="p">}</span> <span class="n">output</span> <span class="sh">"</span><span class="s">security_groups_ids</span><span class="sh">"</span> <span class="p">{</span> <span class="n">value</span> <span class="o">=</span> <span class="p">[</span><span class="n">aws_security_group</span><span class="p">.</span><span class="n">security_group</span><span class="p">.</span><span class="nb">id</span><span class="p">]</span> <span class="p">}</span> <span class="n">output</span> <span class="sh">"</span><span class="s">public_route_table</span><span class="sh">"</span> <span class="p">{</span> <span class="n">value</span> <span class="o">=</span> <span class="n">aws_route_table</span><span class="p">.</span><span class="n">public</span><span class="p">.</span><span class="nb">id</span> <span class="p">}</span> </code></pre> </div> <ul> <li>variables.tf </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">variable</span> <span class="sh">"</span><span class="s">name</span><span class="sh">"</span> <span class="p">{</span> <span class="n">description</span> <span class="o">=</span> <span class="sh">"</span><span class="s">The VPC name</span><span class="sh">"</span> <span class="p">}</span> <span class="n">variable</span> <span class="sh">"</span><span class="s">vpc_cidr_block</span><span class="sh">"</span> <span class="p">{</span> <span class="n">description</span> <span class="o">=</span> <span class="sh">"</span><span class="s">CIDR block of the vpc</span><span class="sh">"</span> <span class="p">}</span> <span class="n">variable</span> <span class="sh">"</span><span class="s">public_subnets_cidr_block</span><span class="sh">"</span> <span class="p">{</span> <span class="nb">type</span> <span class="o">=</span> <span class="nb">list</span> <span class="n">description</span> <span class="o">=</span> <span class="sh">"</span><span class="s">CIDR block for Public Subnet</span><span class="sh">"</span> <span class="p">}</span> <span class="n">variable</span> <span class="sh">"</span><span class="s">private_subnets_cidr_block</span><span class="sh">"</span> <span class="p">{</span> <span class="nb">type</span> <span class="o">=</span> <span class="nb">list</span> <span class="n">description</span> <span class="o">=</span> <span class="sh">"</span><span class="s">CIDR block for Private Subnet</span><span class="sh">"</span> <span class="p">}</span> <span class="n">variable</span> <span class="sh">"</span><span class="s">availability_zones</span><span class="sh">"</span> <span class="p">{</span> <span class="nb">type</span> <span class="o">=</span> <span class="nb">list</span> <span class="n">description</span> <span class="o">=</span> <span class="sh">"</span><span class="s">AZ in which all the resources will be deployed</span><span class="sh">"</span> <span class="p">}</span> <span class="n">variable</span> <span class="sh">"</span><span class="s">vpc_tags</span><span class="sh">"</span> <span class="p">{</span> <span class="n">description</span> <span class="o">=</span> <span class="sh">"</span><span class="s">A map of tags to add to VPC</span><span class="sh">"</span> <span class="nb">type</span> <span class="o">=</span> <span class="nf">map</span><span class="p">(</span><span class="n">string</span><span class="p">)</span> <span class="n">default</span> <span class="o">=</span> <span class="p">{}</span> <span class="p">}</span> </code></pre> </div> <h3> Build VPC </h3> <p>The source codes in <code>virginia</code> folder are listed as below:</p> <ul> <li>main.tf </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nb">locals</span> <span class="p">{</span> <span class="o">//</span> <span class="n">the</span> <span class="n">region</span> <span class="n">code</span> <span class="n">of</span> <span class="n">virginia</span> <span class="n">region</span> <span class="o">=</span> <span class="sh">"</span><span class="s">us-east-1</span><span class="sh">"</span> <span class="n">availability_zones</span> <span class="o">=</span> <span class="p">[</span><span class="sh">"</span><span class="s">${local.region}a</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">${local.region}b</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">${local.region}c</span><span class="sh">"</span><span class="p">]</span> <span class="n">tags</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">"</span><span class="s">Environment</span><span class="sh">"</span> <span class="p">:</span> <span class="sh">"</span><span class="s">PROD</span><span class="sh">"</span> <span class="sh">"</span><span class="s">Project</span><span class="sh">"</span> <span class="p">:</span> <span class="sh">"</span><span class="s">Infrastructure</span><span class="sh">"</span> <span class="p">}</span> <span class="p">}</span> <span class="n">provider</span> <span class="sh">"</span><span class="s">aws</span><span class="sh">"</span> <span class="p">{</span> <span class="n">region</span> <span class="o">=</span> <span class="n">local</span><span class="p">.</span><span class="n">region</span> <span class="p">}</span> <span class="n">module</span> <span class="sh">"</span><span class="s">Networking</span><span class="sh">"</span> <span class="p">{</span> <span class="n">source</span> <span class="o">=</span> <span class="sh">"</span><span class="s">../../module/networking</span><span class="sh">"</span> <span class="n">name</span> <span class="o">=</span> <span class="sh">"</span><span class="s">VPC</span><span class="sh">"</span> <span class="n">availability_zones</span> <span class="o">=</span> <span class="n">local</span><span class="p">.</span><span class="n">availability_zones</span> <span class="n">vpc_cidr_block</span> <span class="o">=</span> <span class="sh">"</span><span class="s">10.0.0.0/16</span><span class="sh">"</span> <span class="n">public_subnets_cidr_block</span> <span class="o">=</span> <span class="p">[</span><span class="sh">"</span><span class="s">10.0.32.0/24</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">10.0.96.0/24</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">10.0.224.0/24</span><span class="sh">"</span><span class="p">]</span> <span class="n">private_subnets_cidr_block</span> <span class="o">=</span> <span class="p">[</span><span class="sh">"</span><span class="s">10.0.0.0/19</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">10.0.64.0/19</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">10.0.128.0/19</span><span class="sh">"</span><span class="p">]</span> <span class="n">vpc_tags</span> <span class="o">=</span> <span class="n">local</span><span class="p">.</span><span class="n">tags</span> <span class="p">}</span> </code></pre> </div> <ul> <li>providers.tf </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">terraform</span> <span class="p">{</span> <span class="n">required_version</span> <span class="o">=</span> <span class="sh">"</span><span class="s">&gt;= 0.13.7</span><span class="sh">"</span> <span class="n">required_providers</span> <span class="p">{</span> <span class="n">aws</span> <span class="o">=</span> <span class="p">{</span> <span class="n">source</span> <span class="o">=</span> <span class="sh">"</span><span class="s">hashicorp/aws</span><span class="sh">"</span> <span class="n">version</span> <span class="o">=</span> <span class="sh">"</span><span class="s">&gt;= 4.8.0</span><span class="sh">"</span> <span class="p">}</span> <span class="p">}</span> <span class="n">backend</span> <span class="sh">"</span><span class="s">s3</span><span class="sh">"</span> <span class="p">{</span> <span class="o">//</span> <span class="n">the</span> <span class="n">s3</span> <span class="n">bucket</span> <span class="n">name</span> <span class="n">bucket</span> <span class="o">=</span> <span class="sh">"</span><span class="s">*********</span><span class="sh">"</span> <span class="n">key</span> <span class="o">=</span> <span class="sh">"</span><span class="s">terraform/backend.tfstate</span><span class="sh">"</span> <span class="n">region</span> <span class="o">=</span> <span class="sh">"</span><span class="s">us-east-1</span><span class="sh">"</span> <span class="n">encrypt</span> <span class="o">=</span> <span class="sh">"</span><span class="s">true</span><span class="sh">"</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Now, we can build the VPC<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>terraform init </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>terraform apply </code></pre> </div> <h2> Result </h2> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fs87cxf8vqjh0cfi3id5y.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fs87cxf8vqjh0cfi3id5y.png" alt="Image description"></a></p> iac vpc terraform aws