AWS, Terraform
AWS con Terraform (II). Módulos
El uso de modulos en Terraform nos va a permitir el reutilizar codigo . Podemos utilizar el mismo codigo en el entorno de integracion y en el de produccion facilitando la administracion de los entornos. Vamos a crear una estructura similar a esta:
- 1 VPC
- 1 Internet Gateway
- 2 Subnets Publicas
- 2 Subnets Publicas
- 2 Instancias
- 1 NAT
- 1 AutoScaling Group
- 1 Load Balancer
VPC
Elementos | configuración |
---|---|
Nombre | antoniovpc |
Alcance de la red | 10.0.0.0/16 |
INTERNET GATEWAY
Elementos | configuración |
---|---|
Nombre | igw |
vpc | vpc_ejempo |
SUBNET PUBLICA1
Elementos | configuración |
---|---|
Nombre | subnetpublica1 |
vpc | antoniovpc |
red | 10.0.1.0/24 |
Zona de disponibilidad | eu-west-1a |
SUBNET PUBLICA2
Elementos | configuración |
---|---|
Nombre | subnetpublica1 |
vpc | antoniovpc |
red | 10.0.2.0/24 |
Zona de disponibilidad | eu-west-1b |
SUBNET PRIVADA1
Elementos | configuración |
---|---|
Nombre | subnetprivada1 |
vpc | antoniovpc |
red | 10.0.3.0/24 |
Zona de disponibilidad | eu-west-1a |
SUBNET PRIVADA2
Elementos | configuración |
---|---|
Nombre | subnetprivada2 |
vpc | antoniovpc |
red | 10.0.4.0/24 |
Zona de disponibilidad | eu-west-1b |
TABLA DE RUTAS (Salida Internet)
Elementos | configuración |
---|---|
Nombre | rutas |
vpc | antoniovpc |
Alcance de la red | 0.0.0.0/0 |
Objetivo | Internet gw(igw) |
Subnet adjunta | subnetpublica1,subnetpublica2 |
TABLA DE RUTAS(Salida NAT
Elementos | configuración |
---|---|
Nombre | rutas |
vpc | antoniovpc |
Alcance de la red | 0.0.0.0/0 |
Objetivo | Instancia NAT |
Subnet adjunta | subnetprivada1,subnetprivada2 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
variable "cidr_block" { description = "cidr block" default = "10.0.0.0/16" } variable "subnetpublica1" { default = "10.0.1.0/24" } variable "subnetpublica2" { default = "10.0.2.0/24" } variable "subnetprivada1" { default = "10.0.3.0/24" } variable "subnetprivada2" { default = "10.0.4.0/24" } variable "avalibilityzones" { type = "list" default = ["eu-west-1a","eu-west-1a","eu-west-1a"] } |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
output "vpc_id" { value = "${aws_vpc.antoniovpc.id}" } output "subnetpublica1" { value = "${aws_subnet.subnetpublica1.id}" } output "subnetpublica2" { value = "${aws_subnet.subnetpublica2.id}" } output "subnetprivada1" { value = "${aws_subnet.subnetprivada1.id}" } output "subnetprivada2" { value = "${aws_subnet.subnetprivada2.id}" } |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 |
resource "aws_vpc" "antoniovpc" { cidr_block = "${var.cidr_block}" tags { Name = "antonio vpc" } } resource "aws_subnet" "subnetpublica1" { vpc_id = "${aws_vpc.antoniovpc.id}" cidr_block = "${var.subnetpublica1}" availability_zone = "${var.avalibilityzones[0]}" tags { Name = "publica1" } } resource "aws_subnet" "subnetpublica2" { vpc_id = "${aws_vpc.antoniovpc.id}" cidr_block = "${var.subnetpublica2}" availability_zone = "${var.avalibilityzones[1]}" tags { Name = "publica2" } } resource "aws_subnet" "subnetprivada1" { vpc_id = "${aws_vpc.antoniovpc.id}" cidr_block = "${var.subnetprivada1}" availability_zone = "${var.avalibilityzones[0]}" tags { Name = "privada1" } } resource "aws_subnet" "subnetprivada2" { vpc_id = "${aws_vpc.antoniovpc.id}" cidr_block = "${var.subnetprivada2}" availability_zone = "${var.avalibilityzones[1]}" tags { Name = "privada2" } } |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
variable "vpc_id" { description = "Id de vpc" } variable "subnetpublica1" { description = "Subnets publica1" } variable "subnetpublica2" { description = "Subnets publica2" } variable "subnetprivada1" { description = "Subnets privada1" } variable "subnetprivada2" { description = "Subnets privada2" } variable "nat" { description = "nat id" } |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 |
############GATEWAY######################### resource "aws_internet_gateway" "antoniogw" { vpc_id = "${var.vpc_id}" tags { Name = "antoniogw" } } #########Salida a INTERNET################## resource "aws_route_table" "internet" { vpc_id = "${var.vpc_id}" route { cidr_block = "0.0.0.0/0" gateway_id = "${aws_internet_gateway.antoniogw.id}" } tags { Name = "internet" } } resource "aws_route_table" "nat" { vpc_id = "${var.vpc_id}" route { cidr_block = "0.0.0.0/0" instance_id = "${var.nat}" } tags { Name = "NAT" } } #################Rutas Internet################# resource "aws_route_table_association" "rutapublica1" { subnet_id = "${var.subnetpublica1}" route_table_id = "${aws_route_table.internet.id}" } resource "aws_route_table_association" "rutapublica2" { subnet_id = "${var.subnetpublica2}" route_table_id = "${aws_route_table.internet.id}" } resource "aws_route_table_association" "rutaprivada1" { subnet_id = "${var.subnetprivada1}" route_table_id = "${aws_route_table.nat.id}" } resource "aws_route_table_association" "rutaprivada2" { subnet_id = "${var.subnetprivada2}" route_table_id = "${aws_route_table.nat.id}" } |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
variable "vpc_id" { description = "Id de vpc" } variable "apacheport" { type = "string" description = "Puerto Apache" default = "80" } variable "sshport" { type = "string" description = "Puerto SSH" default = "22" } |
1 2 3 4 5 6 7 8 |
output "natSG" { value = "${aws_security_group.natSG.id}" } output "apacheSG" { value = "${aws_security_group.apacheSG.id}" } |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 |
resource "aws_security_group" "apacheSG" { name = "apacheSG" description = "permite 80 y 22" vpc_id = "${var.vpc_id}" ingress { from_port = "${var.apacheport}" to_port = "${var.apacheport}" protocol = "tcp" cidr_blocks = ["10.0.0.0/16"] } ingress { from_port = "${var.sshport}" to_port = "${var.sshport}" protocol = "tcp" cidr_blocks = ["10.0.0.0/16"] } egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } tags { "Name" = "ApacheSG" } } resource "aws_security_group" "natSG" { name = "natSG" description = "permite 80 y 22" vpc_id = "${var.vpc_id}" ingress { from_port = "${var.sshport}" to_port = "${var.sshport}" protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } ingress { from_port = "${var.apacheport}" to_port = "${var.apacheport}" protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } tags { "Name" = "NatSG" } } |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 |
variable natSG { description = " NAT Security Group" } variable apacheSG { description = "APACHE Security Group" } variable subnetpublica1 { description = "Subnet Publica Nat" } variable amiNat { default = "ami-076d5d61" description = "AMI Nat" } variable amiApache { default = "ami-58d7e821" description = "AMI Apache" } variable subnetprivada1 { description = "Subnet privada1" } variable subnetprivada2 { description = "Subnet privada2" } |
1 2 3 |
output "nat" { value = "${aws_instance.nat.id}" } |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 |
resource "aws_instance" "nat" { ami = "${var.amiNat}" instance_type = "t2.micro" key_name = "ireland" vpc_security_group_ids = ["${var.natSG}"] subnet_id = "${var.subnetpublica1}" associate_public_ip_address = true source_dest_check = false tags { Name = "NAT" } } resource "aws_launch_configuration" "SGapache" { name = "SGapache" image_id = "${var.amiApache}" instance_type = "t2.micro" key_name = "ireland" security_groups = ["${var.apacheSG}"] user_data = <<EOF apt-get install apache2 -y EOF } resource "aws_elb" "ELB" { name = "ELB-terraform-elb" #availability_zones = ["${data.aws_availability_zones.all.names}"] security_groups = ["${var.apacheSG}"] subnets = ["${var.subnetprivada2}","${var.subnetprivada2}"] listener { instance_port = 80 instance_protocol = "http" lb_port = 80 lb_protocol = "http" } health_check { healthy_threshold = 2 unhealthy_threshold = 2 timeout = 3 target = "HTTP:80/" interval = 30 } cross_zone_load_balancing = true idle_timeout = 400 connection_draining = true connection_draining_timeout = 400 tags { Name = "terraform-elb" } } resource "aws_autoscaling_group" "autoscaling_apache" { name = "autoscaling_apache" max_size = 3 min_size = 2 health_check_grace_period = 300 health_check_type = "ELB" desired_capacity = 2 force_delete = true launch_configuration = "${aws_launch_configuration.SGapache.name}" vpc_zone_identifier = ["${var.subnetprivada1}","${var.subnetprivada2}"] load_balancers = ["${aws_elb.ELB.name}"] tag { key = "foo" value = "bar" propagate_at_launch = true } timeouts { delete = "15m" } tag { key = "lorem" value = "ipsum" propagate_at_launch = false } } |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
variable "access_key" { description = " Aws ACCESS_KEY" default = "AKIKKSM4AS346DrFL44UA" } variable "secret_key" { description = "Aws Secret Key" default = "wpVWusdstSREhLmEBDwy4fgvXOEr9n6NKqFiZe" } variable "region" { type = "string" description = "Region" default = "eu-west-1" } |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 |
provider "aws" { access_key = "${var.access_key}" secret_key = "${var.secret_key}" region = "${var.region}" } module "vpc" { source = "./modules/VPC" } module "rutas" { source = "./modules/rutas" vpc_id = "${module.vpc.vpc_id}" subnetpublica1 = "${module.vpc.subnetpublica1}" subnetpublica2 = "${module.vpc.subnetpublica2}" subnetprivada1 = "${module.vpc.subnetprivada1}" subnetprivada2 = "${module.vpc.subnetprivada2}" nat = "${module.servicios.nat}" } module "security" { source = "./modules/security" vpc_id = "${module.vpc.vpc_id}" } module "servicios" { source = "./modules/servicios" natSG = "${module.security.natSG}" apacheSG = "${module.security.apacheSG}" subnetpublica1 = "${module.vpc.subnetpublica1}" subnetprivada1 = "${module.vpc.subnetprivada1}" subnetprivada2 = "${module.vpc.subnetprivada2}" } |