Maine Goal
: Primary goal of this post is to explain core concept of terraform
Terraform
: Infrastructure as Code Tool
Services
: Basic AWS Services to demonstrate terraform concept
- Virtual Machine ( EC2 )
- Firewall ( Security Groups )
- AWS Users ( IAM Users )
- IP Address ( Elastic IP )
Basics of Firewall
Ports
- ports acts as a endpoint of communication to identify a given application or process on an linux operating system
- to know what ports are opened on a system we use
netstat -ntlp
Firewall
- it's network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules
- for AWS we call it as security group
- Create Security group using terraform
resource "aws_security_group" "allow_tls" {
name = "allow_tls"
description = "Managed from Terraform | Allow TLS inbout traffic and all outbound traffic"
vpc_id = aws_vpc.main.id
tags = {
Name = "allow_tls"
}
}
- Block of code to add inboud or outboud rules to terraform
// Ingress : inbound rules
// Egress : Outbound rules
resource "aws_vpc_security_group_ingress_rule" "allow_tls_ipv4" {
security_group_id = aws_security_group.allow_tls.id
cidr_ipv4 = aws_vpc.main.cidr_block
from_port = 80
ip_protocol = "tcp"
to_port = 80
}
resource "aws_vpc_security_group_egress_rule" "allow_all_traffic_ipv4" {
security_group_id = aws_security_group.allow_tls.id
cidr_ipv4 = "0.0.0.0/0"
ip_protocol = "-1" # semantically equivalent to all ports
}
Top comments (0)