Uly.me

cloud engineer

  • Home
  • About
  • Archives
Home/Archives for terraform

August 2, 2019

Terraform Launch EC2 Instance

Here’s the template for launching an EC2 instance via Terraform.

provider "aws" {
  region                  = "us-east-1"
  shared_credentials_file = "/home/username/.aws/credentials"
  profile                 = "default"
}
resource "aws_security_group" "hostname-sg" {
	name = "allow ssh"
	vpc_id = ""
	ingress {
		cidr_blocks = [ "10.0.0.0/8" ]
		from_port = 22
		to_port = 22
		protocol = "tcp"
	}
	egress {
		from_port = 0
		to_port = 0
		protocol = "-1"
		cidr_blocks = [ "0.0.0.0/0" ]
	}
}
resource "aws_instance" "hostname" {
	ami = "ami-xxxxxxxxxx"
	key_name = "your-key"
	instance_type = "t2.large"
	subnet_id = "subnet-xxxxxxxx"
	security_groups	= ["${aws_security_group.hostname-sg.id}"]
	tags {
		Name = "hostname"
		Environment = "development"
	}
}

provider "aws" { region = "us-east-1" shared_credentials_file = "/home/username/.aws/credentials" profile = "default" } resource "aws_security_group" "hostname-sg" { name = "allow ssh" vpc_id = "" ingress { cidr_blocks = [ "10.0.0.0/8" ] from_port = 22 to_port = 22 protocol = "tcp" } egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = [ "0.0.0.0/0" ] } } resource "aws_instance" "hostname" { ami = "ami-xxxxxxxxxx" key_name = "your-key" instance_type = "t2.large" subnet_id = "subnet-xxxxxxxx" security_groups = ["${aws_security_group.hostname-sg.id}"] tags { Name = "hostname" Environment = "development" } }

April 9, 2019

Encrypt Volume via Terraform

Here’s the Terraform script to encrypt an unencrypted volume. It creates a snapshot, encrypts a snapshot, and encrypts the volume.

#
# Set Variables
#
variable "volume" {
  description = "The Volume to encrypt: vol-12345678901234567"
}
variable "region" {
  description = "The Region: us-east-2"
}
variable "az" {
  description = "The AZ: us-east-2a"
}
 
#
# Set Credentials
#
provider "aws" {
	access_key = "put-your-access-key-here"
	secret_key = "put-your-secret-key-here"
	region = "${var.region}"
}
 
/*
#
# Create Unencrypted Volume
#
resource "aws_ebs_volume" "unencrypted_volume" {
  availability_zone = "${var.az}"
  size              = 10
  tags = {
    Name = "Unencrypted_Volume"
  }
}
*/
 
#
# Create Unencrypted Snapshot
#
resource "aws_ebs_snapshot" "unencrypted_snapshot" {
  #volume_id = "${aws_ebs_volume.unencrypted_volume.id}"
  volume_id = "${var.volume}"
  tags = {
    Name = "Unencrypted_Snapshot"
  }
}
 
#
# Create Encrypted Snapshot
#
resource "aws_ebs_snapshot_copy" "encrypted_snapshot" {
  source_snapshot_id = "${aws_ebs_snapshot.unencrypted_snapshot.id}"
  source_region      = "${var.region}"
  encrypted = true
  tags = {
    Name = "Encrypted_Snapshot"
  }
}
 
#
# Created Encrypted Volume
#
resource "aws_ebs_volume" "encrypted_volume" {
  availability_zone = "${var.az}"
  snapshot_id = "${aws_ebs_snapshot_copy.encrypted_snapshot.id}"
  tags = {
    Name = "Encrypted_Volume"
  }
}

# # Set Variables # variable "volume" { description = "The Volume to encrypt: vol-12345678901234567" } variable "region" { description = "The Region: us-east-2" } variable "az" { description = "The AZ: us-east-2a" } # # Set Credentials # provider "aws" { access_key = "put-your-access-key-here" secret_key = "put-your-secret-key-here" region = "${var.region}" } /* # # Create Unencrypted Volume # resource "aws_ebs_volume" "unencrypted_volume" { availability_zone = "${var.az}" size = 10 tags = { Name = "Unencrypted_Volume" } } */ # # Create Unencrypted Snapshot # resource "aws_ebs_snapshot" "unencrypted_snapshot" { #volume_id = "${aws_ebs_volume.unencrypted_volume.id}" volume_id = "${var.volume}" tags = { Name = "Unencrypted_Snapshot" } } # # Create Encrypted Snapshot # resource "aws_ebs_snapshot_copy" "encrypted_snapshot" { source_snapshot_id = "${aws_ebs_snapshot.unencrypted_snapshot.id}" source_region = "${var.region}" encrypted = true tags = { Name = "Encrypted_Snapshot" } } # # Created Encrypted Volume # resource "aws_ebs_volume" "encrypted_volume" { availability_zone = "${var.az}" snapshot_id = "${aws_ebs_snapshot_copy.encrypted_snapshot.id}" tags = { Name = "Encrypted_Volume" } }

April 9, 2019

Terraform Installation

Where did I install Terraform?

cd /usr/local/bin/
terraform --version

cd /usr/local/bin/ terraform --version

December 30, 2018

Terraform

Hashicorp has a product called Terraform, which is a provisioning tool for the cloud. It works with most major providers like AWS, GCP, Azure and many more. Unlike CloudFormation, Resource Manager and Deployment Manager, Terraform will work with not just its own, but with many cloud providers. Here’s an example of how to provision a single instance to AWS, and assign an elastic IP to it. The cloud resources in the example were redacted. Placeholder values were placed instead for security purposes.

provider "aws" {
	access_key = "xxxxxxxx"
	secret_key = "xxxxxxxxxxxxxxxxxxxxxxxxxx"
	region = "us-east-2"
}
 
resource "aws_instance" "server1" {
	ami = "ami-xxxxxxxxxxxxxx"
	key_name = "tfc-ohio"
	instance_type = "c5.2xlarge"
	subnet_id = "subnet-xxxxxxxx"
	security_groups	= ["sg-xxxxxxxxxxxxxxx"]
	private_ip = "10.0.4.100"
	tags {
		Name = "Server One"
	}
}
 
resource "aws_eip_association" "server1-eip" {
  instance_id = "${aws_instance.server1.id}"
  allocation_id = "eipalloc-xxxxxxxx"
}

provider "aws" { access_key = "xxxxxxxx" secret_key = "xxxxxxxxxxxxxxxxxxxxxxxxxx" region = "us-east-2" } resource "aws_instance" "server1" { ami = "ami-xxxxxxxxxxxxxx" key_name = "tfc-ohio" instance_type = "c5.2xlarge" subnet_id = "subnet-xxxxxxxx" security_groups = ["sg-xxxxxxxxxxxxxxx"] private_ip = "10.0.4.100" tags { Name = "Server One" } } resource "aws_eip_association" "server1-eip" { instance_id = "${aws_instance.server1.id}" allocation_id = "eipalloc-xxxxxxxx" }

To provision an instance, just run:

terraform apply

terraform apply

When you are done, just run:

terraform destroy

terraform destroy

  • « Previous Page
  • 1
  • 2
  • Cloud
  • Linux
  • Git

Copyright © 2012–2021