Creating Cloud Infrastructure using Terraform : Sankalp Rajabhoj

1. Configuring AWS and Terraform

        aws configure --profile srb
AWS Access Key ID [****************O65D]:
AWS Secret Access Key [****************najE]:
Default region name [ap-south-1]:
Default output format [json]:
      

        provider "aws"{
	region = "ap-south-1"
	profile = "srborg"
}
      

2. Creating VPC(Virtual Private Cloud)

        //creating vpc

resource "aws_vpc" "taskvpc" {
  cidr_block       = "10.0.0.0/16"
  instance_tenancy = "default"
  tags = {
    Name = "Task"
  }
}
      

3. Creating Internet gateway

        resource "aws_internet_gateway" "gateway" {
  vpc_id = "${aws_vpc.taskvpc.id}"

  tags = {
    description = "allow connection to VPC"
  }
}
      

4. Creating Route Table

        resource "aws_route_table" "r" {
  vpc_id = "${aws_vpc.taskvpc.id}"

  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = "${aws_internet_gateway.gateway.id}"
  }

  tags = {
    description = "route table for inbound traffic to vpc"
  }
  depends_on = [
	aws_internet_gateway.gateway
]
}
      

5. Creating a subnet in VPC

        resource "aws_subnet" "tasksub" {
  vpc_id     = aws_vpc.taskvpc.id
  availability_zone = "ap-south-1a"
  cidr_block = "10.0.1.0/24"
  map_public_ip_on_launch = true

  tags = {
    Name = "tasksub"
  }
  depends_on = [
	aws_vpc.taskvpc
]
}
      

6. Creating an association

        resource "aws_route_table_association" "associate" {
  subnet_id      = aws_subnet.tasksub.id
  route_table_id = aws_route_table.r.id
  depends_on = [
	aws_subnet.tasksub , aws_route_table.r 
]
}
      

7. Creating an EBS volume

        resource "aws_ebs_volume" "myebs" {
  availability_zone = aws_instance.webserver.availability_zone
  size              = 1

  tags = {
    Name = "taskebs"
  }
  depends_on = [
	aws_instance.webserver
]
}
      

8. Creating a Security Group

        
resource "aws_security_group" "task" {
  name        = "taskfw"
  description = "Allow SSH and Port 80"
  vpc_id      = aws_vpc.taskvpc.id

  ingress {
    from_port   = 80
    to_port     =  80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    from_port   = 443
    to_port     =  443
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    from_port   = 22
    to_port     =  22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"] 
  }
  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
  tags = {
    Name = "Task1FirewallT"
  }
depends_on = [
	aws_vpc.taskvpc
]
}
      

9. Creating a key pair

        //generating a private_key

resource "tls_private_key" "mykey" {
  algorithm = "RSA"
  depends_on = [
	aws_security_group.task
]
}

//creating an aws_key_pair

resource "aws_key_pair" "taskK" {
  key_name   = "TaskKey"
  public_key = tls_private_key.mykey.public_key_openssh 
  depends_on = [
    tls_private_key.mykey
  ]
}
      

10. Creating S3 bucket

        //s3 bucket to store image

resource "aws_s3_bucket" "taskbucket" {
  bucket = "taskenvbucket123"
  acl    = "public-read"

  tags = {
    Name        = "My Task bucket"
  }
}

//uploading image to s3 bucket

resource "aws_s3_bucket_object" "object" {
  bucket = aws_s3_bucket.taskbucket.bucket
  key    = "taskobject.jpg"
  source = "C:/Users/sanka/Pictures/task.jpg"
  content_type = "image/jpg"
  acl = "public-read"
  depends_on = [
	aws_s3_bucket.taskbucket
]
}
      

11. CloudFront Distribution

        locals {
  s3_origin_id = "new_s3_task"
}

resource "aws_cloudfront_distribution" "task_distribution" {
  origin {
    domain_name = "${aws_s3_bucket.taskbucket.bucket_regional_domain_name}"
    origin_id   = "${local.s3_origin_id}"
  }

  enabled             = true
  is_ipv6_enabled     = true

  default_cache_behavior {
    allowed_methods  = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
    cached_methods   = ["GET", "HEAD"]
    target_origin_id = "${local.s3_origin_id}"

    forwarded_values {
      query_string = false

      cookies {
        forward = "none"
      }
    }

    viewer_protocol_policy = "allow-all"
  }

  restrictions {
    geo_restriction {
      restriction_type = "none"
    }
  }

  tags = {
    Environment = "task"
  }

  viewer_certificate {
    cloudfront_default_certificate = true
  }
  depends_on = [
	 aws_s3_bucket_object.object
]
}

      

12. Creating and launching an instance

        resource "aws_instance" "webserver" {
  ami           = "ami-0447a12f28fddb066"
  instance_type = "t2.micro"
  key_name = aws_key_pair.taskK.key_name
  vpc_security_group_ids = ["${aws_security_group.task.id}"]
  subnet_id = aws_subnet.tasksub.id 

  connection {
    type     = "ssh"
    user     = "ec2-user"
    private_key = tls_private_key.mykey.private_key_pem
    host     = aws_instance.webserver.public_ip
  }

  provisioner "remote-exec" {
    inline = [
      "sudo yum install httpd  php git -y",
      "sudo systemctl start httpd",
      "sudo systemctl enable httpd",
    ]
  }

  tags = {
    Name = "taskos"
  }
  depends_on = [
	aws_key_pair.taskK
]
}
      

13. Attaching the EBS volume

        resource "aws_volume_attachment" "ebsattach" {
  device_name = "/dev/sdf"
  volume_id   = "${aws_ebs_volume.myebs.id}"
  instance_id = "${aws_instance.webserver.id}"
  force_detach = true

  connection {
    type     = "ssh"
    user     = "ec2-user"
    private_key = tls_private_key.mykey.private_key_pem
    host     = aws_instance.webserver.public_ip
  }

provisioner "remote-exec" {
    inline = [
      "sudo mkfs.ext4  /dev/xvdf",
      "sudo mount  /dev/xvdf  /var/www/html",
      "sudo rm -rf /var/www/html/*",
      "sudo git clone https://github.com/sankalprb/Terraform_Task1.git /var/www/html/"
    ]
  }

  depends_on = [
	aws_instance.webserver
]
}
      

14. Adding image to the webpage

        resource "null_resource" "image"  {
depends_on = [
    aws_instance.webserver, aws_cloudfront_distribution.task_distribution, aws_volume_attachment.ebsattach
  ]
connection {
    type     = "ssh"
    user     = "ec2-user"
    private_key = tls_private_key.mykey.private_key_pem
    host     = aws_instance.webserver.public_ip
  }
  provisioner "remote-exec" {
    inline = [
	"echo '<img src='https://${aws_cloudfront_distribution.task_distribution.domain_name}/taskobject.jpg' width='600' height='200'>'  | sudo tee -a /var/www/html/index.php"
]
  }
}

      

15. Opening the webpage in chrome

        
resource "null_resource" "chrome"  {


depends_on = [
    null_resource.image
  ]

	provisioner "local-exec" {
	    command = "start chrome ${aws_instance.webserver.public_ip}"
  	}
}
      

16. Creating the whole infrastructure

        Terraform apply --auto-approve

17. Final Output