diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl new file mode 100644 index 000000000..655870d80 --- /dev/null +++ b/.terraform.lock.hcl @@ -0,0 +1,59 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "3.42.0" + constraints = "3.42.0" + hashes = [ + "h1:quV6hK7ewiHWBznGWCb/gJ6JAPm6UtouBUrhAjv6oRY=", + "zh:126c856a6eedddd8571f161a826a407ba5655a37a6241393560a96b8c4beca1a", + "zh:1a4868e6ac734b5fc2e79a4a889d176286b66664aad709435aa6acee5871d5b0", + "zh:40fed7637ab8ddeb93bef06aded35d970f0628025b97459ae805463e8aa0a58a", + "zh:68def3c0a5a1aac1db6372c51daef858b707f03052626d3427ac24cba6f2014d", + "zh:6db7ec9c8d1803a0b6f40a664aa892e0f8894562de83061fa7ac1bc51ff5e7e5", + "zh:7058abaad595930b3f97dc04e45c112b2dbf37d098372a849081f7081da2fb52", + "zh:8c25adb15a19da301c478aa1f4a4d8647cabdf8e5dae8331d4490f80ea718c26", + "zh:8e129b847401e39fcbc54817726dab877f36b7f00ff5ed76f7b43470abe99ff9", + "zh:d268bb267a2d6b39df7ddee8efa7c1ef7a15cf335dfa5f2e64c9dae9b623a1b8", + "zh:d6eeb3614a0ab50f8e9ab5666ae5754ea668ce327310e5b21b7f04a18d7611a8", + "zh:f5d3c58055dff6e38562b75d3edc908cb2f1e45c6914f6b00f4773359ce49324", + ] +} + +provider "registry.terraform.io/hashicorp/null" { + version = "3.2.3" + hashes = [ + "h1:+AnORRgFbRO6qqcfaQyeX80W0eX3VmjadjnUFUJTiXo=", + "zh:22d062e5278d872fe7aed834f5577ba0a5afe34a3bdac2b81f828d8d3e6706d2", + "zh:23dead00493ad863729495dc212fd6c29b8293e707b055ce5ba21ee453ce552d", + "zh:28299accf21763ca1ca144d8f660688d7c2ad0b105b7202554ca60b02a3856d3", + "zh:55c9e8a9ac25a7652df8c51a8a9a422bd67d784061b1de2dc9fe6c3cb4e77f2f", + "zh:756586535d11698a216291c06b9ed8a5cc6a4ec43eee1ee09ecd5c6a9e297ac1", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:9d5eea62fdb587eeb96a8c4d782459f4e6b73baeece4d04b4a40e44faaee9301", + "zh:a6355f596a3fb8fc85c2fb054ab14e722991533f87f928e7169a486462c74670", + "zh:b5a65a789cff4ada58a5baffc76cb9767dc26ec6b45c00d2ec8b1b027f6db4ed", + "zh:db5ab669cf11d0e9f81dc380a6fdfcac437aea3d69109c7aef1a5426639d2d65", + "zh:de655d251c470197bcbb5ac45d289595295acb8f829f6c781d4a75c8c8b7c7dd", + "zh:f5c68199f2e6076bce92a12230434782bf768103a427e9bb9abee99b116af7b5", + ] +} + +provider "registry.terraform.io/hashicorp/tls" { + version = "4.0.6" + hashes = [ + "h1:dYSb3V94K5dDMtrBRLPzBpkMTPn+3cXZ/kIJdtFL+2M=", + "zh:10de0d8af02f2e578101688fd334da3849f56ea91b0d9bd5b1f7a243417fdda8", + "zh:37fc01f8b2bc9d5b055dc3e78bfd1beb7c42cfb776a4c81106e19c8911366297", + "zh:4578ca03d1dd0b7f572d96bd03f744be24c726bfd282173d54b100fd221608bb", + "zh:6c475491d1250050765a91a493ef330adc24689e8837a0f07da5a0e1269e11c1", + "zh:81bde94d53cdababa5b376bbc6947668be4c45ab655de7aa2e8e4736dfd52509", + "zh:abdce260840b7b050c4e401d4f75c7a199fafe58a8b213947a258f75ac18b3e8", + "zh:b754cebfc5184873840f16a642a7c9ef78c34dc246a8ae29e056c79939963c7a", + "zh:c928b66086078f9917aef0eec15982f2e337914c5c4dbc31dd4741403db7eb18", + "zh:cded27bee5f24de6f2ee0cfd1df46a7f88e84aaffc2ecbf3ff7094160f193d50", + "zh:d65eb3867e8f69aaf1b8bb53bd637c99c6b649ba3db16ded50fa9a01076d1a27", + "zh:ecb0c8b528c7a619fa71852bb3fb5c151d47576c5aab2bf3af4db52588722eeb", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/README.md b/README.md index 934a33302..0c479fd04 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,7 @@ -# hashicat-aws -Hashicat: A terraform built application for use in Hashicorp workshops - -Includes "Meow World" website. - -[![infrastructure-tests](https://github.com/hashicorp/hashicat-aws/actions/workflows/infrastructure-tests.yml/badge.svg)](https://github.com/hashicorp/hashicat-aws/actions/workflows/infrastructure-tests.yml) +# hashicat-aws +Hashicat: A terraform built application for use in Hashicorp workshops + +Includes "Meow World" website. + +[![infrastructure-tests](https://github.com/hashicorp/hashicat-aws/actions/workflows/infrastructure-tests.yml/badge.svg)](https://github.com/hashicorp/hashicat-aws/actions/workflows/infrastructure-tests.yml) +seunghun.yeom \ No newline at end of file diff --git a/files/deploy_app.sh b/files/deploy_app.sh index 1a1a7db07..b6ff52e10 100644 --- a/files/deploy_app.sh +++ b/files/deploy_app.sh @@ -1,22 +1,22 @@ -#!/bin/bash -# Script to deploy a very simple web application. -# The web app has a customizable image and some text. - -cat << EOM > /var/www/html/index.html - - Meow! - -
- - -
-

Meow World!

- Welcome to ${PREFIX}'s app. Replace this text with your own. - - -
- - -EOM - -echo "Script complete." +#!/bin/bash +# Script to deploy a very simple web application. +# The web app has a customizable image and some text. + +cat << EOM > /var/www/html/index.html + + Meow! + +
+ + +
+

Meow World!

+ Welcome to ${PREFIX}'s app. hello ACME world. + + +
+ + +EOM + +echo "Script complete." diff --git a/main.tf b/main.tf index aa5ee2725..ddf81879d 100644 --- a/main.tf +++ b/main.tf @@ -1,199 +1,200 @@ -terraform { - required_providers { - aws = { - source = "hashicorp/aws" - version = "=3.42.0" - } - } -} - -provider "aws" { - region = var.region -} - -resource "aws_vpc" "hashicat" { - cidr_block = var.address_space - enable_dns_hostnames = true - - tags = { - name = "${var.prefix}-vpc-${var.region}" - environment = "Production" - } -} - -resource "aws_subnet" "hashicat" { - vpc_id = aws_vpc.hashicat.id - cidr_block = var.subnet_prefix - - tags = { - name = "${var.prefix}-subnet" - } -} - -resource "aws_security_group" "hashicat" { - name = "${var.prefix}-security-group" - - vpc_id = aws_vpc.hashicat.id - - ingress { - from_port = 22 - to_port = 22 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - } - - ingress { - from_port = 80 - to_port = 80 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - } - - ingress { - from_port = 443 - to_port = 443 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - } - - egress { - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] - prefix_list_ids = [] - } - - tags = { - Name = "${var.prefix}-security-group" - } -} - -resource "aws_internet_gateway" "hashicat" { - vpc_id = aws_vpc.hashicat.id - - tags = { - Name = "${var.prefix}-internet-gateway" - } -} - -resource "aws_route_table" "hashicat" { - vpc_id = aws_vpc.hashicat.id - - route { - cidr_block = "0.0.0.0/0" - gateway_id = aws_internet_gateway.hashicat.id - } -} - -resource "aws_route_table_association" "hashicat" { - subnet_id = aws_subnet.hashicat.id - route_table_id = aws_route_table.hashicat.id -} - -data "aws_ami" "ubuntu" { - most_recent = true - - filter { - name = "name" - #values = ["ubuntu/images/hvm-ssd/ubuntu-disco-19.04-amd64-server-*"] - values = ["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*"] - } - - filter { - name = "virtualization-type" - values = ["hvm"] - } - - owners = ["099720109477"] # Canonical -} - -resource "aws_eip" "hashicat" { - instance = aws_instance.hashicat.id - vpc = true -} - -resource "aws_eip_association" "hashicat" { - instance_id = aws_instance.hashicat.id - allocation_id = aws_eip.hashicat.id -} - -resource "aws_instance" "hashicat" { - ami = data.aws_ami.ubuntu.id - instance_type = var.instance_type - key_name = aws_key_pair.hashicat.key_name - associate_public_ip_address = true - subnet_id = aws_subnet.hashicat.id - vpc_security_group_ids = [aws_security_group.hashicat.id] - - tags = { - Name = "${var.prefix}-hashicat-instance" - } -} - -# We're using a little trick here so we can run the provisioner without -# destroying the VM. Do not do this in production. - -# If you need ongoing management (Day N) of your virtual machines a tool such -# as Chef or Puppet is a better choice. These tools track the state of -# individual files and can keep them in the correct configuration. - -# Here we do the following steps: -# Sync everything in files/ to the remote VM. -# Set up some environment variables for our script. -# Add execute permissions to our scripts. -# Run the deploy_app.sh script. -resource "null_resource" "configure-cat-app" { - depends_on = [aws_eip_association.hashicat] - - triggers = { - build_number = timestamp() - } - - provisioner "file" { - source = "files/" - destination = "/home/ubuntu/" - - connection { - type = "ssh" - user = "ubuntu" - private_key = tls_private_key.hashicat.private_key_pem - host = aws_eip.hashicat.public_ip - } - } - - provisioner "remote-exec" { - inline = [ - "sudo apt -y update", - "sleep 15", - "sudo apt -y update", - "sudo apt -y install apache2", - "sudo systemctl start apache2", - "sudo chown -R ubuntu:ubuntu /var/www/html", - "chmod +x *.sh", - "PLACEHOLDER=${var.placeholder} WIDTH=${var.width} HEIGHT=${var.height} PREFIX=${var.prefix} ./deploy_app.sh", - "sudo apt -y install cowsay", - "cowsay Mooooooooooo!", - ] - - connection { - type = "ssh" - user = "ubuntu" - private_key = tls_private_key.hashicat.private_key_pem - host = aws_eip.hashicat.public_ip - } - } -} - -resource "tls_private_key" "hashicat" { - algorithm = "ED25519" -} - -locals { - private_key_filename = "${var.prefix}-ssh-key.pem" -} - -resource "aws_key_pair" "hashicat" { - key_name = local.private_key_filename - public_key = tls_private_key.hashicat.public_key_openssh -} +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "=3.42.0" + } + } +} + +provider "aws" { + region = var.region +} + +resource "aws_vpc" "hashicat" { + cidr_block = var.address_space + enable_dns_hostnames = true + + tags = { + name = "${var.prefix}-vpc-${var.region}" + environment = "Production" + } +} + +resource "aws_subnet" "hashicat" { + vpc_id = aws_vpc.hashicat.id + cidr_block = var.subnet_prefix + + tags = { + name = "${var.prefix}-subnet" + } +} + +resource "aws_security_group" "hashicat" { + name = "${var.prefix}-security-group" + + vpc_id = aws_vpc.hashicat.id + + ingress { + from_port = 22 + to_port = 22 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + ingress { + from_port = 80 + to_port = 80 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + ingress { + from_port = 443 + to_port = 443 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + prefix_list_ids = [] + } + + tags = { + Name = "${var.prefix}-security-group" + } +} + +resource "aws_internet_gateway" "hashicat" { + vpc_id = aws_vpc.hashicat.id + + tags = { + Name = "${var.prefix}-internet-gateway" + } +} + +resource "aws_route_table" "hashicat" { + vpc_id = aws_vpc.hashicat.id + + route { + cidr_block = "0.0.0.0/0" + gateway_id = aws_internet_gateway.hashicat.id + } +} + +resource "aws_route_table_association" "hashicat" { + subnet_id = aws_subnet.hashicat.id + route_table_id = aws_route_table.hashicat.id +} + +data "aws_ami" "ubuntu" { + most_recent = true + + filter { + name = "name" + #values = ["ubuntu/images/hvm-ssd/ubuntu-disco-19.04-amd64-server-*"] + values = ["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*"] + } + + filter { + name = "virtualization-type" + values = ["hvm"] + } + + owners = ["099720109477"] # Canonical +} + +resource "aws_eip" "hashicat" { + instance = aws_instance.hashicat.id + vpc = true +} + +resource "aws_eip_association" "hashicat" { + instance_id = aws_instance.hashicat.id + allocation_id = aws_eip.hashicat.id +} + +resource "aws_instance" "hashicat" { + ami = data.aws_ami.ubuntu.id + instance_type = var.instance_type + key_name = aws_key_pair.hashicat.key_name + associate_public_ip_address = true + subnet_id = aws_subnet.hashicat.id + vpc_security_group_ids = [aws_security_group.hashicat.id] + + tags = { + Name = "${var.prefix}-hashicat-instance" + Department = "devops" + } +} + +# We're using a little trick here so we can run the provisioner without +# destroying the VM. Do not do this in production. + +# If you need ongoing management (Day N) of your virtual machines a tool such +# as Chef or Puppet is a better choice. These tools track the state of +# individual files and can keep them in the correct configuration. + +# Here we do the following steps: +# Sync everything in files/ to the remote VM. +# Set up some environment variables for our script. +# Add execute permissions to our scripts. +# Run the deploy_app.sh script. +resource "null_resource" "configure-cat-app" { + depends_on = [aws_eip_association.hashicat] + + triggers = { + build_number = timestamp() + } + + provisioner "file" { + source = "files/" + destination = "/home/ubuntu/" + + connection { + type = "ssh" + user = "ubuntu" + private_key = tls_private_key.hashicat.private_key_pem + host = aws_eip.hashicat.public_ip + } + } + + provisioner "remote-exec" { + inline = [ + "sudo apt -y update", + "sleep 15", + "sudo apt -y update", + "sudo apt -y install apache2", + "sudo systemctl start apache2", + "sudo chown -R ubuntu:ubuntu /var/www/html", + "chmod +x *.sh", + "PLACEHOLDER=${var.placeholder} WIDTH=${var.width} HEIGHT=${var.height} PREFIX=${var.prefix} ./deploy_app.sh", + "sudo apt -y install cowsay", + "cowsay Mooooooooooo!", + ] + + connection { + type = "ssh" + user = "ubuntu" + private_key = tls_private_key.hashicat.private_key_pem + host = aws_eip.hashicat.public_ip + } + } +} + +resource "tls_private_key" "hashicat" { + algorithm = "ED25519" +} + +locals { + private_key_filename = "${var.prefix}-ssh-key.pem" +} + +resource "aws_key_pair" "hashicat" { + key_name = local.private_key_filename + public_key = tls_private_key.hashicat.public_key_openssh +} diff --git a/remote_backend.tf b/remote_backend.tf new file mode 100644 index 000000000..01e36380e --- /dev/null +++ b/remote_backend.tf @@ -0,0 +1,9 @@ +terraform { + backend "remote" { + hostname = "app.terraform.io" + organization = "yeom-demo" + workspaces { + name = "hashicat-aws" + } + } +} diff --git a/s3-bucket.tf b/s3-bucket.tf new file mode 100644 index 000000000..3cb5564f0 --- /dev/null +++ b/s3-bucket.tf @@ -0,0 +1,4 @@ +module "s3-bucket" { + source = "app.terraform.io/yeom-demo/s3-bucket/aws" + version = "2.8.0" +} diff --git a/terraform.tfvars.example b/terraform.tfvars.example deleted file mode 100644 index 0d7ce6eb6..000000000 --- a/terraform.tfvars.example +++ /dev/null @@ -1,5 +0,0 @@ -# Rename or copy this file to terraform.tfvars -# Prefix must be all lowercase letters, digits, and hyphens. -# Make sure it is at least 5 characters long. - -# prefix = "yourname"