AWS, Terraform

AWS con Terraform (II). Módulos

June 21, 2018

El uso de modulos en Terraform nos va a permitir el reutilizar codigo . Podemos utilizar el mismo codigo en el entorno de integracion y en el de produccion facilitando la administracion de los entornos. Vamos a crear una estructura similar a esta:

- 1 VPC
- 1 Internet Gateway
- 2 Subnets Publicas
- 2 Subnets Publicas
- 2 Instancias
- 1 NAT
- 1 AutoScaling Group
- 1 Load Balancer

VPC

Elementos	configuración
Nombre	antoniovpc
Alcance de la red	10.0.0.0/16

INTERNET GATEWAY

Elementos	configuración
Nombre	igw
vpc	vpc_ejempo

SUBNET PUBLICA1

Elementos	configuración
Nombre	subnetpublica1
vpc	antoniovpc
red	10.0.1.0/24
Zona de disponibilidad	eu-west-1a

SUBNET PUBLICA2

Elementos	configuración
Nombre	subnetpublica1
vpc	antoniovpc
red	10.0.2.0/24
Zona de disponibilidad	eu-west-1b

SUBNET PRIVADA1

Elementos	configuración
Nombre	subnetprivada1
vpc	antoniovpc
red	10.0.3.0/24
Zona de disponibilidad	eu-west-1a

SUBNET PRIVADA2

Elementos	configuración
Nombre	subnetprivada2
vpc	antoniovpc
red	10.0.4.0/24
Zona de disponibilidad	eu-west-1b

TABLA DE RUTAS (Salida Internet)

Elementos	configuración
Nombre	rutas
vpc	antoniovpc
Alcance de la red	0.0.0.0/0
Objetivo	Internet gw(igw)
Subnet adjunta	subnetpublica1,subnetpublica2

TABLA DE RUTAS(Salida NAT

Elementos	configuración
Nombre	rutas
vpc	antoniovpc
Alcance de la red	0.0.0.0/0
Objetivo	Instancia NAT
Subnet adjunta	subnetprivada1,subnetprivada2

La estructura de directorios va a ser esta: . ├── main.tf ├── modules │ ├── rutas │ │ ├── main.tf │ │ └── vars.tf │ ├── security │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── vars.tf │ ├── servicios │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── vars.tf │ └── VPC │ ├── main.tf │ ├── outputs.tf │ └── vars.tf ├── terraform.tfstate ├── terraform.tfstate.backup └── vars.tf Los modulos se van a dividir en rutas,security,servicios y VPC. Cada uno de los modulos tendra su fichero principal otro de variables y otro de valores que se exportan(outputs). Empecemos con el modulo VPC donde definiremos la VPC y las subnets:

variable "cidr_block" {
        description = "cidr block"
        default = "10.0.0.0/16"
        }

variable "subnetpublica1" {
        default = "10.0.1.0/24"
}

variable "subnetpublica2" {
        default = "10.0.2.0/24"
}

variable "subnetprivada1" {
        default = "10.0.3.0/24"
}

variable "subnetprivada2" {
        default = "10.0.4.0/24"
}


variable "avalibilityzones" {
        type = "list"
        default = ["eu-west-1a","eu-west-1a","eu-west-1a"]
}

variable "cidr_block" {

description = "cidr block"

default = "10.0.0.0/16"

}

variable "subnetpublica1" {

default = "10.0.1.0/24"

}

variable "subnetpublica2" {

default = "10.0.2.0/24"

}

variable "subnetprivada1" {

default = "10.0.3.0/24"

}

variable "subnetprivada2" {

default = "10.0.4.0/24"

}

variable "avalibilityzones" {

type = "list"

default = ["eu-west-1a","eu-west-1a","eu-west-1a"]

}

output "vpc_id" {
        value = "${aws_vpc.antoniovpc.id}"
}

output "subnetpublica1" {
        value = "${aws_subnet.subnetpublica1.id}"
}

output "subnetpublica2" {
        value = "${aws_subnet.subnetpublica2.id}"
}

output "subnetprivada1" {
        value = "${aws_subnet.subnetprivada1.id}"
}

output "subnetprivada2" {
        value = "${aws_subnet.subnetprivada2.id}"
}

output "vpc_id" {

value = "${aws_vpc.antoniovpc.id}"

}

output "subnetpublica1" {

value = "${aws_subnet.subnetpublica1.id}"

}

output "subnetpublica2" {

value = "${aws_subnet.subnetpublica2.id}"

}

output "subnetprivada1" {

value = "${aws_subnet.subnetprivada1.id}"

}

output "subnetprivada2" {

value = "${aws_subnet.subnetprivada2.id}"

}

resource "aws_vpc" "antoniovpc" {
  cidr_block = "${var.cidr_block}"
  tags {
    Name = "antonio vpc"
  }
}

resource "aws_subnet" "subnetpublica1" {
        vpc_id     = "${aws_vpc.antoniovpc.id}"
        cidr_block = "${var.subnetpublica1}"
        availability_zone = "${var.avalibilityzones[0]}"
         tags {
           Name = "publica1"
  }
}

resource "aws_subnet" "subnetpublica2" {
        vpc_id     = "${aws_vpc.antoniovpc.id}"
        cidr_block = "${var.subnetpublica2}"
        availability_zone = "${var.avalibilityzones[1]}"
         tags {
           Name = "publica2"
  }
}

resource "aws_subnet" "subnetprivada1" {
        vpc_id     = "${aws_vpc.antoniovpc.id}"
        cidr_block = "${var.subnetprivada1}"
        availability_zone = "${var.avalibilityzones[0]}"
         tags {
           Name = "privada1"
  }
}

resource "aws_subnet" "subnetprivada2" {
        vpc_id     = "${aws_vpc.antoniovpc.id}"
        cidr_block = "${var.subnetprivada2}"
        availability_zone = "${var.avalibilityzones[1]}"
         tags {
           Name = "privada2"
  }
}

resource "aws_vpc" "antoniovpc" {

cidr_block = "${var.cidr_block}"

tags {

Name = "antonio vpc"

}

resource "aws_subnet" "subnetpublica1" {

vpc_id = "${aws_vpc.antoniovpc.id}"

cidr_block = "${var.subnetpublica1}"

availability_zone = "${var.avalibilityzones[0]}"

tags {

Name = "publica1"

}

resource "aws_subnet" "subnetpublica2" {

vpc_id = "${aws_vpc.antoniovpc.id}"

cidr_block = "${var.subnetpublica2}"

availability_zone = "${var.avalibilityzones[1]}"

tags {

Name = "publica2"

}

resource "aws_subnet" "subnetprivada1" {

vpc_id = "${aws_vpc.antoniovpc.id}"

cidr_block = "${var.subnetprivada1}"

availability_zone = "${var.avalibilityzones[0]}"

tags {

Name = "privada1"

}

resource "aws_subnet" "subnetprivada2" {

vpc_id = "${aws_vpc.antoniovpc.id}"

cidr_block = "${var.subnetprivada2}"

availability_zone = "${var.avalibilityzones[1]}"

tags {

Name = "privada2"

}

En el modulo rutas definiremos las rutas :

variable "vpc_id" {
        description = "Id de vpc"
        }
variable "subnetpublica1" {
        description = "Subnets publica1"
        }

variable "subnetpublica2" {
        description = "Subnets publica2"
        }

variable "subnetprivada1" {
        description = "Subnets privada1"
        }

variable "subnetprivada2" {
        description = "Subnets privada2"
        }

variable "nat" {
        description = "nat id"
}

variable "vpc_id" {

description = "Id de vpc"

}

variable "subnetpublica1" {

description = "Subnets publica1"

}

variable "subnetpublica2" {

description = "Subnets publica2"

}

variable "subnetprivada1" {

description = "Subnets privada1"

}

variable "subnetprivada2" {

description = "Subnets privada2"

}

variable "nat" {

description = "nat id"

}

############GATEWAY#########################

resource "aws_internet_gateway" "antoniogw" {
  vpc_id = "${var.vpc_id}"

  tags {
    Name = "antoniogw"
  }
}

#########Salida a INTERNET##################

resource "aws_route_table" "internet" {
  vpc_id = "${var.vpc_id}"

  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = "${aws_internet_gateway.antoniogw.id}"
  }
        tags {
            Name = "internet"
  }
}

resource "aws_route_table" "nat" {
  vpc_id = "${var.vpc_id}"

  route {
    cidr_block = "0.0.0.0/0"
    instance_id = "${var.nat}"
  }
        tags {
            Name = "NAT"
  }
}


#################Rutas Internet#################

resource "aws_route_table_association" "rutapublica1" {
  subnet_id      = "${var.subnetpublica1}"
  route_table_id = "${aws_route_table.internet.id}"
}

resource "aws_route_table_association" "rutapublica2" {
  subnet_id      = "${var.subnetpublica2}"
  route_table_id = "${aws_route_table.internet.id}"
}

resource "aws_route_table_association" "rutaprivada1" {
  subnet_id      = "${var.subnetprivada1}"
  route_table_id = "${aws_route_table.nat.id}"
}

resource "aws_route_table_association" "rutaprivada2" {
  subnet_id      = "${var.subnetprivada2}"
  route_table_id = "${aws_route_table.nat.id}"
}

############GATEWAY#########################

resource "aws_internet_gateway" "antoniogw" {

vpc_id = "${var.vpc_id}"

tags {

Name = "antoniogw"

}

#########Salida a INTERNET##################

resource "aws_route_table" "internet" {

vpc_id = "${var.vpc_id}"

route {

cidr_block = "0.0.0.0/0"

gateway_id = "${aws_internet_gateway.antoniogw.id}"

}

tags {

Name = "internet"

}

resource "aws_route_table" "nat" {

vpc_id = "${var.vpc_id}"

route {

cidr_block = "0.0.0.0/0"

instance_id = "${var.nat}"

}

tags {

Name = "NAT"

}

#################Rutas Internet#################

resource "aws_route_table_association" "rutapublica1" {

subnet_id = "${var.subnetpublica1}"

route_table_id = "${aws_route_table.internet.id}"

}

resource "aws_route_table_association" "rutapublica2" {

subnet_id = "${var.subnetpublica2}"

route_table_id = "${aws_route_table.internet.id}"

}

resource "aws_route_table_association" "rutaprivada1" {

subnet_id = "${var.subnetprivada1}"

route_table_id = "${aws_route_table.nat.id}"

}

resource "aws_route_table_association" "rutaprivada2" {

subnet_id = "${var.subnetprivada2}"

route_table_id = "${aws_route_table.nat.id}"

}

En el modulo security pondremos todo lo referente a la seguridad:

variable "vpc_id" {
        description = "Id de vpc"
        }


variable "apacheport" {
        type = "string"
        description = "Puerto Apache"
        default = "80"
}

variable "sshport" {
        type = "string"
        description = "Puerto SSH"
        default = "22"
}

variable "vpc_id" {

description = "Id de vpc"

}

variable "apacheport" {

type = "string"

description = "Puerto Apache"

default = "80"

}

variable "sshport" {

type = "string"

description = "Puerto SSH"

default = "22"

}

output "natSG" {
        value = "${aws_security_group.natSG.id}"
}


output "apacheSG" {
        value = "${aws_security_group.apacheSG.id}"
}

output "natSG" {

value = "${aws_security_group.natSG.id}"

}

output "apacheSG" {

value = "${aws_security_group.apacheSG.id}"

}

resource "aws_security_group" "apacheSG" {
  name        = "apacheSG"
  description = "permite 80 y 22"
  vpc_id      = "${var.vpc_id}"

  ingress {
    from_port   = "${var.apacheport}"
    to_port     = "${var.apacheport}"
    protocol    = "tcp"
    cidr_blocks = ["10.0.0.0/16"]
  }
  ingress {
    from_port   = "${var.sshport}"
    to_port     = "${var.sshport}"
    protocol    = "tcp"
    cidr_blocks = ["10.0.0.0/16"]
  }

  egress {
    from_port       = 0
    to_port         = 0
    protocol        = "-1"
    cidr_blocks     = ["0.0.0.0/0"]
  }
  tags {
        "Name" = "ApacheSG"
        }

}

resource "aws_security_group" "natSG" {
  name        = "natSG"
  description = "permite 80 y 22"
  vpc_id      = "${var.vpc_id}"

  ingress {
    from_port   = "${var.sshport}"
    to_port     = "${var.sshport}"
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

   ingress {
    from_port   = "${var.apacheport}"
    to_port     = "${var.apacheport}"
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }


  egress {
    from_port       = 0
    to_port         = 0
    protocol        = "-1"
    cidr_blocks     = ["0.0.0.0/0"]
  }
  tags {
        "Name" = "NatSG"
        }
}

resource "aws_security_group" "apacheSG" {

name = "apacheSG"

description = "permite 80 y 22"

vpc_id = "${var.vpc_id}"

ingress {

from_port = "${var.apacheport}"

to_port = "${var.apacheport}"

protocol = "tcp"

cidr_blocks = ["10.0.0.0/16"]

}

ingress {

from_port = "${var.sshport}"

to_port = "${var.sshport}"

protocol = "tcp"

cidr_blocks = ["10.0.0.0/16"]

}

egress {

from_port = 0

to_port = 0

protocol = "-1"

cidr_blocks = ["0.0.0.0/0"]

}

tags {

"Name" = "ApacheSG"

}

resource "aws_security_group" "natSG" {

name = "natSG"

description = "permite 80 y 22"

vpc_id = "${var.vpc_id}"

ingress {

from_port = "${var.sshport}"

to_port = "${var.sshport}"

protocol = "tcp"

cidr_blocks = ["0.0.0.0/0"]

}

ingress {

from_port = "${var.apacheport}"

to_port = "${var.apacheport}"

protocol = "tcp"

cidr_blocks = ["0.0.0.0/0"]

}

egress {

from_port = 0

to_port = 0

protocol = "-1"

cidr_blocks = ["0.0.0.0/0"]

}

tags {

"Name" = "NatSG"

}

En los servicios pondremos el NAT,ELB,AutoscalingGroup, etc

variable natSG {
        description = " NAT Security Group"
}

variable apacheSG {
        description = "APACHE Security Group"
}

variable subnetpublica1 {
        description = "Subnet Publica Nat"

}

variable amiNat {
      default = "ami-076d5d61"
      description = "AMI Nat"
}


variable amiApache {
      default = "ami-58d7e821"
      description = "AMI Apache"
}

variable subnetprivada1 {
        description = "Subnet privada1"
}

variable subnetprivada2 {
        description = "Subnet privada2"
}

variable natSG {

description = " NAT Security Group"

}

variable apacheSG {

description = "APACHE Security Group"

}

variable subnetpublica1 {

description = "Subnet Publica Nat"

}

variable amiNat {

default = "ami-076d5d61"

description = "AMI Nat"

}

variable amiApache {

default = "ami-58d7e821"

description = "AMI Apache"

}

variable subnetprivada1 {

description = "Subnet privada1"

}

variable subnetprivada2 {

description = "Subnet privada2"

}

output  "nat" {
    value = "${aws_instance.nat.id}"
}

output "nat" {

value = "${aws_instance.nat.id}"

}

resource "aws_instance" "nat" {
  ami           = "${var.amiNat}"
  instance_type = "t2.micro"
  key_name = "ireland"
  vpc_security_group_ids = ["${var.natSG}"]
  subnet_id = "${var.subnetpublica1}"
  associate_public_ip_address = true
  source_dest_check = false


  tags {
    Name = "NAT"
  }
}

resource "aws_launch_configuration" "SGapache" {
  name          = "SGapache"
  image_id      = "${var.amiApache}"
  instance_type = "t2.micro"
  key_name = "ireland"
  security_groups = ["${var.apacheSG}"]
  user_data = <<EOF
        apt-get install apache2 -y
       EOF

}


resource "aws_elb" "ELB" {
  name               = "ELB-terraform-elb"
  #availability_zones = ["${data.aws_availability_zones.all.names}"]
  security_groups = ["${var.apacheSG}"]
  subnets =  ["${var.subnetprivada2}","${var.subnetprivada2}"]


  listener {
    instance_port     = 80
    instance_protocol = "http"
    lb_port           = 80
    lb_protocol       = "http"
  }


  health_check {
    healthy_threshold   = 2
    unhealthy_threshold = 2
    timeout             = 3
    target              = "HTTP:80/"
    interval            = 30
  }

  cross_zone_load_balancing   = true
  idle_timeout                = 400
  connection_draining         = true
  connection_draining_timeout = 400

  tags {
    Name = "terraform-elb"
  }
}

resource "aws_autoscaling_group" "autoscaling_apache" {
  name                      = "autoscaling_apache"
  max_size                  = 3
  min_size                  = 2
  health_check_grace_period = 300
  health_check_type         = "ELB"
  desired_capacity          = 2
  force_delete              = true
  launch_configuration      = "${aws_launch_configuration.SGapache.name}"
  vpc_zone_identifier       = ["${var.subnetprivada1}","${var.subnetprivada2}"]
  load_balancers = ["${aws_elb.ELB.name}"]


  tag {
    key                 = "foo"
    value               = "bar"
    propagate_at_launch = true
  }

  timeouts {
    delete = "15m"
  }

  tag {
    key                 = "lorem"
    value               = "ipsum"
    propagate_at_launch = false
  }
}

resource "aws_instance" "nat" {

ami = "${var.amiNat}"

instance_type = "t2.micro"

key_name = "ireland"

vpc_security_group_ids = ["${var.natSG}"]

subnet_id = "${var.subnetpublica1}"

associate_public_ip_address = true

source_dest_check = false

tags {

Name = "NAT"

}

resource "aws_launch_configuration" "SGapache" {

name = "SGapache"

image_id = "${var.amiApache}"

instance_type = "t2.micro"

key_name = "ireland"

security_groups = ["${var.apacheSG}"]

user_data = <<EOF

apt-get install apache2 -y

EOF

}

resource "aws_elb" "ELB" {

name = "ELB-terraform-elb"

#availability_zones = ["${data.aws_availability_zones.all.names}"]

security_groups = ["${var.apacheSG}"]

subnets = ["${var.subnetprivada2}","${var.subnetprivada2}"]

listener {

instance_port = 80

instance_protocol = "http"

lb_port = 80

lb_protocol = "http"

}

health_check {

healthy_threshold = 2

unhealthy_threshold = 2

timeout = 3

target = "HTTP:80/"

interval = 30

}

cross_zone_load_balancing = true

idle_timeout = 400

connection_draining = true

connection_draining_timeout = 400

tags {

Name = "terraform-elb"

}

resource "aws_autoscaling_group" "autoscaling_apache" {

name = "autoscaling_apache"

max_size = 3

min_size = 2

health_check_grace_period = 300

health_check_type = "ELB"

desired_capacity = 2

force_delete = true

launch_configuration = "${aws_launch_configuration.SGapache.name}"

vpc_zone_identifier = ["${var.subnetprivada1}","${var.subnetprivada2}"]

load_balancers = ["${aws_elb.ELB.name}"]

tag {

key = "foo"

value = "bar"

propagate_at_launch = true

}

timeouts {

delete = "15m"

}

tag {

key = "lorem"

value = "ipsum"

propagate_at_launch = false

}

Por ultimo el programa principal

variable "access_key" {
        description = " Aws ACCESS_KEY"
        default = "AKIKKSM4AS346DrFL44UA"
        }

variable "secret_key" {
        description = "Aws Secret Key"
        default = "wpVWusdstSREhLmEBDwy4fgvXOEr9n6NKqFiZe"
        }

variable "region" {
        type = "string"
        description = "Region"
        default = "eu-west-1"
        }

variable "access_key" {

description = " Aws ACCESS_KEY"

default = "AKIKKSM4AS346DrFL44UA"

}

variable "secret_key" {

description = "Aws Secret Key"

default = "wpVWusdstSREhLmEBDwy4fgvXOEr9n6NKqFiZe"

}

variable "region" {

type = "string"

description = "Region"

default = "eu-west-1"

}

provider "aws" {
  access_key = "${var.access_key}"
  secret_key = "${var.secret_key}"
  region     = "${var.region}"

}


module "vpc" {
  source = "./modules/VPC"
}

module "rutas" {
  source = "./modules/rutas"
  vpc_id = "${module.vpc.vpc_id}"
  subnetpublica1 = "${module.vpc.subnetpublica1}"
  subnetpublica2 = "${module.vpc.subnetpublica2}"
  subnetprivada1 = "${module.vpc.subnetprivada1}"
  subnetprivada2 = "${module.vpc.subnetprivada2}"
  nat = "${module.servicios.nat}"
}


module "security" {
   source = "./modules/security"
   vpc_id = "${module.vpc.vpc_id}"
}

module "servicios" {
  source = "./modules/servicios"
  natSG = "${module.security.natSG}"
  apacheSG = "${module.security.apacheSG}"
  subnetpublica1 = "${module.vpc.subnetpublica1}"
  subnetprivada1 = "${module.vpc.subnetprivada1}"
  subnetprivada2 = "${module.vpc.subnetprivada2}"

}

provider "aws" {

access_key = "${var.access_key}"

secret_key = "${var.secret_key}"

region = "${var.region}"

}

module "vpc" {

source = "./modules/VPC"

}

module "rutas" {

source = "./modules/rutas"

vpc_id = "${module.vpc.vpc_id}"

subnetpublica1 = "${module.vpc.subnetpublica1}"

subnetpublica2 = "${module.vpc.subnetpublica2}"

subnetprivada1 = "${module.vpc.subnetprivada1}"

subnetprivada2 = "${module.vpc.subnetprivada2}"

nat = "${module.servicios.nat}"

}

module "security" {

source = "./modules/security"

vpc_id = "${module.vpc.vpc_id}"

}

module "servicios" {

source = "./modules/servicios"

natSG = "${module.security.natSG}"

apacheSG = "${module.security.apacheSG}"

subnetpublica1 = "${module.vpc.subnetpublica1}"

subnetprivada1 = "${module.vpc.subnetprivada1}"

subnetprivada2 = "${module.vpc.subnetprivada2}"

}

Tags: AWS Terraform cloud

Author

AWS, Terraform

AWS con Terraform (II). Módulos

VPC

INTERNET GATEWAY

SUBNET PUBLICA1

SUBNET PUBLICA2

SUBNET PRIVADA1

SUBNET PRIVADA2

TABLA DE RUTAS (Salida Internet)

TABLA DE RUTAS(Salida NAT

YOU MIGHT ALSO LIKE THESE

AWS con Terraform (I)

AWS, Terraform

REPLY A MESSAGE Cancel reply