Creating a Terraform module for deploying secure EC2 instances with proper security configurations, including the utilization of the AWS AMI data source.
This module can be easily invoked by other team members using Terraform module blocks
- This project for creating infrastructure of following:--
- "Module-1 for EC2 instance", don't need to define ami_id for instance because here terraform "Data source" is used for retrieving ami_id for instance, This is name of ami_id for Free tier amazon linux ami (al2023-ami-*-x86_64); 'variables for name of instance & instance type'.
- "Module-2 for aws_security_grp" which allow inbound traffic to EC2; 'variables for VPC id & security grp name'.
- NOTE: This modules kept in seperate folder and this modules will be called by TeamA, TeamB, TeamC for lanching instance
- "Calling module block by using module block for launching EC2 instance with security group" for calling I created three Team folder where i put individual plugins info and calling module blocks.
- Follwing is lists of folders for this project:
Inside the module folder one more folder created named as 'ec2-module' here i kept my Modules.
In module folder only put code of infrastucture & and apply this infrastructure in others folder named as TeamA, TeamB, TeamC.
In this file contain 'Data source' "aws_ami" for retrieving ami id for instance , The information retrieve before resource creates is known as Data source.
"most_recent": is set to true, indicating that the most recent version of the AMI should be used.
"owners": is set to ["amazon"], specifying that only AMIs owned by Amazon should be considered.
"Filter": is sub block of data source for specify 'data type' information.
- Three filters are applied for AMIs:
AMI name matching the pattern "al2023-ami-*-x86_64".
Root device type is set to "ebs".
Virtualization type is set to "hvm".
"ami": attribute of the "aws_instance" resource is being assigned the value of 'data.aws_ami.amazonaminame.id' attribute referance this take ami id form data block.
notepad main.tf
"aws_security_group" = AWS security group resource named "allow" is defined for create security group.
"name": attribute is set to "terra_allow_" followed by the value of the variable "security_grp_name", likely creating a unique name for the security group.
"description": attribute is set to describe the purpose of the security group.
"vpc_id": attribute is set to the value of the variable "vpcID", specifying the VPC in which the security group is to be created.
"ingress" = block Inside a dynamic block, the "ingress" block is defined to allow inbound traffic, Dynamic is make to manage ingress block dyanamically. (ingress = inbound rule)
"for_each": argument iterates over each element in the list of ports. for each is type of loop, var.sgports varible for providing lists of port numbers,
"iterator": argument assigns a name to the current element in the iteration, which is referenced as "port" within the block.
"Content" = block of dynamic block where we put things which want to manage dynamically.
"protocol": Specifies the protocol for the traffic, in this case, "tcp.
"cidr_blocks": Allows traffic from any source IP ("0.0.0.0/0").
"egress" = block which control outbound traffic from the instances associated with the security group.
"from_port" and "to_port": attributes are set to 0, indicating that all ports are allowed for outbound traffic.
"protocol": attribute is set to "-1", indicating that all protocols are allowed for outbound traffic.
"cidr_blocks": attribute is set to ["0.0.0.0/0"], allowing outbound traffic to any destination IP address.
notepad sec_grp.tf &
Step-3: [Create variables.tf file for varibles of main.tf & sec_grp.tf (in HCL file i provided i keep varibles in modules not created separate file]
Here varibles for resource ec2 & security group:
notepad variables.tf &
Create main.tf file for plugin with AWS provider, credentials, "module block calling":
Here "terraform" block for plugin with AWS provider, "provider" block for credentials (AAWS CLI tool used for access & secret key of AMI user.
"module" = block for calling module ,
"source": attribute specifies the relative path to the directory containing the module configuration. In this case, it's "../module/ec2-module".
"tagname": This module varible for name instance tag.
"OStype": this is for type of instance such t2.micro , t2.large ,etc.
"security_grp_name": this is for name security grp which connect to EC2 instance.
Terraform init coomand use to plugin:
terraform init
Terraform apply cmd for to create entire infrastucture as code:
terraform apply
Create main.tf file for plugin with AWS provider , credentials, "module block calling"
Terraform init command use to plugins:
terraform init
Terraform apply cmd for to create entire infrastucture as code:
terraform apply
Create main.tf file for plugin with AWS provider, Credentials,"module block calling"
Terraform init command use to plugins:
terraform init
Terraform apply cmd for to create entire infrastucture as code:
terraform apply
Instances is lanuched by TeamA, TeamB, TeamC by using Terraform IaC :
Also security group is created by TeamA, TeamB, TeamC:
security_grp for TeamA:
security_grp for TeamB:
security_grp for TeamC: