From 7694c75f8af6f025ae26f4467afe508c90569588 Mon Sep 17 00:00:00 2001 From: Pradip Babar <65601230+Pradipbabar@users.noreply.github.com> Date: Tue, 25 Jul 2023 16:58:20 +0530 Subject: [PATCH 01/13] setup infra --- baseinfra/provider.tf | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 baseinfra/provider.tf diff --git a/baseinfra/provider.tf b/baseinfra/provider.tf new file mode 100644 index 0000000..36a91ea --- /dev/null +++ b/baseinfra/provider.tf @@ -0,0 +1,18 @@ +terraform { + required_version = "~> 1.4.5" + required_providers{ + aws = { + source = "hashicorp/aws" + version = "~> 4.64.0" + } + } + backend "s3" { + + } +} + +provider "aws" { + region = var.aws_region + # access_key = var.aws_access_key + # secret_key = var.aws_secret_key +} From 6d8c05fa5e891d29e8075dfa0031ea4c27e0eeb8 Mon Sep 17 00:00:00 2001 From: Pradip Babar <65601230+Pradipbabar@users.noreply.github.com> Date: Tue, 25 Jul 2023 16:59:53 +0530 Subject: [PATCH 02/13] platform infra --- platforminfra/app.tf | 1 + 1 file changed, 1 insertion(+) create mode 100644 platforminfra/app.tf diff --git a/platforminfra/app.tf b/platforminfra/app.tf new file mode 100644 index 0000000..dc84e19 --- /dev/null +++ b/platforminfra/app.tf @@ -0,0 +1 @@ +# write a code From 9172761dafc0dc69da84580116e6af3aab5fa8a8 Mon Sep 17 00:00:00 2001 From: Pradip Babar <65601230+Pradipbabar@users.noreply.github.com> Date: Tue, 25 Jul 2023 17:06:13 +0530 Subject: [PATCH 03/13] Create README.md --- platforminfra/README.md | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 platforminfra/README.md diff --git a/platforminfra/README.md b/platforminfra/README.md new file mode 100644 index 0000000..3bc5aca --- /dev/null +++ b/platforminfra/README.md @@ -0,0 +1,2 @@ + +## Setting up Platform Infra Automation From 4c2f3811056079d0870361516ac694360ad8c57c Mon Sep 17 00:00:00 2001 From: Pradip Babar <65601230+Pradipbabar@users.noreply.github.com> Date: Tue, 25 Jul 2023 17:07:10 +0530 Subject: [PATCH 04/13] Create README.md --- baseinfra/README.md | 1 + 1 file changed, 1 insertion(+) create mode 100644 baseinfra/README.md diff --git a/baseinfra/README.md b/baseinfra/README.md new file mode 100644 index 0000000..a9bd606 --- /dev/null +++ b/baseinfra/README.md @@ -0,0 +1 @@ +## Setting up Base Infra Automation From 06b19a5f451e4eca1ea4e17dd1bcb5f80eb5bae2 Mon Sep 17 00:00:00 2001 From: Pradip Babar <65601230+Pradipbabar@users.noreply.github.com> Date: Tue, 25 Jul 2023 17:17:03 +0530 Subject: [PATCH 05/13] Update provider.tf --- baseinfra/provider.tf | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/baseinfra/provider.tf b/baseinfra/provider.tf index 36a91ea..d16b32f 100644 --- a/baseinfra/provider.tf +++ b/baseinfra/provider.tf @@ -13,6 +13,13 @@ terraform { provider "aws" { region = var.aws_region - # access_key = var.aws_access_key - # secret_key = var.aws_secret_key +} + +data "terraform_remote_state" "baseinfra" { + backend = "s3" + config = { + bucket = "${var.remote_state_bucket}" + key = "${var.remote_state_key}" + region = "${var.aws_region}" + } } From a3cb8825254e41a759932679f59f641242e4993d Mon Sep 17 00:00:00 2001 From: Pradip Babar <65601230+Pradipbabar@users.noreply.github.com> Date: Tue, 25 Jul 2023 17:18:53 +0530 Subject: [PATCH 06/13] Create variables.tf --- baseinfra/variables.tf | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 baseinfra/variables.tf diff --git a/baseinfra/variables.tf b/baseinfra/variables.tf new file mode 100644 index 0000000..58154f1 --- /dev/null +++ b/baseinfra/variables.tf @@ -0,0 +1,7 @@ +variable "aws_region" { + description = "Default AWS region" + default = "us-east-1" +} + +variable "remote_state_bucket" {} +variable "remote_state_key" {} From a32540053fc441962f55f6e85515b1a2ba3c86d2 Mon Sep 17 00:00:00 2001 From: Pradip Babar <65601230+Pradipbabar@users.noreply.github.com> Date: Tue, 25 Jul 2023 17:24:20 +0530 Subject: [PATCH 07/13] Create network.tf --- baseinfra/network.tf | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 baseinfra/network.tf diff --git a/baseinfra/network.tf b/baseinfra/network.tf new file mode 100644 index 0000000..18ab491 --- /dev/null +++ b/baseinfra/network.tf @@ -0,0 +1,26 @@ +module "vpc" { + source = "terraform-aws-modules/vpc/aws" + version = "5.0.0" + + name = "education-vpc" + + cidr = "10.0.0.0/16" + azs = slice(data.aws_availability_zones.available.names, 0, 3) + + private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] + public_subnets = ["10.0.4.0/24", "10.0.5.0/24", "10.0.6.0/24"] + + enable_nat_gateway = true + single_nat_gateway = true + enable_dns_hostnames = true + + public_subnet_tags = { + "kubernetes.io/cluster/${local.cluster_name}" = "shared" + "kubernetes.io/role/elb" = 1 + } + + private_subnet_tags = { + "kubernetes.io/cluster/${local.cluster_name}" = "shared" + "kubernetes.io/role/internal-elb" = 1 + } +} From 96b361a05a670bbedd5e11fcbac5bbd4928e7f0c Mon Sep 17 00:00:00 2001 From: pradipbabar Date: Fri, 18 Aug 2023 13:17:34 +0530 Subject: [PATCH 08/13] setup --- .gitignore | 1 + baseinfra/README.md | 2 ++ baseinfra/data.tf | 3 ++ baseinfra/env/base_infra.config | 3 ++ baseinfra/locals.tf | 3 ++ baseinfra/output.tf | 3 ++ baseinfra/provider.tf | 27 ++++++++------- baseinfra/sg.tf | 60 +++++++++++++++++++++++++++++++++ 8 files changed, 90 insertions(+), 12 deletions(-) create mode 100644 baseinfra/data.tf create mode 100644 baseinfra/env/base_infra.config create mode 100644 baseinfra/locals.tf create mode 100644 baseinfra/output.tf create mode 100644 baseinfra/sg.tf diff --git a/.gitignore b/.gitignore index 9b8a46e..72e6014 100644 --- a/.gitignore +++ b/.gitignore @@ -32,3 +32,4 @@ override.tf.json # Ignore CLI configuration files .terraformrc terraform.rc +**/.terraform.lock.hcl diff --git a/baseinfra/README.md b/baseinfra/README.md index a9bd606..3ab6d1b 100644 --- a/baseinfra/README.md +++ b/baseinfra/README.md @@ -1 +1,3 @@ +# + ## Setting up Base Infra Automation diff --git a/baseinfra/data.tf b/baseinfra/data.tf new file mode 100644 index 0000000..b32890e --- /dev/null +++ b/baseinfra/data.tf @@ -0,0 +1,3 @@ +data "aws_availability_zones" "available" { + +} \ No newline at end of file diff --git a/baseinfra/env/base_infra.config b/baseinfra/env/base_infra.config new file mode 100644 index 0000000..4f22c27 --- /dev/null +++ b/baseinfra/env/base_infra.config @@ -0,0 +1,3 @@ +# key="PROD/baseinfra.tfstate" +# bucket="ecs-terraform-backend-state" +# region="us-east-1" \ No newline at end of file diff --git a/baseinfra/locals.tf b/baseinfra/locals.tf new file mode 100644 index 0000000..517b273 --- /dev/null +++ b/baseinfra/locals.tf @@ -0,0 +1,3 @@ +locals { + cluster_name = "test" +} \ No newline at end of file diff --git a/baseinfra/output.tf b/baseinfra/output.tf new file mode 100644 index 0000000..f1a2a67 --- /dev/null +++ b/baseinfra/output.tf @@ -0,0 +1,3 @@ +output "vpc_id" { + value = module.vpc.default_vpc_id +} \ No newline at end of file diff --git a/baseinfra/provider.tf b/baseinfra/provider.tf index d16b32f..b750191 100644 --- a/baseinfra/provider.tf +++ b/baseinfra/provider.tf @@ -1,25 +1,28 @@ terraform { - required_version = "~> 1.4.5" + required_providers{ aws = { source = "hashicorp/aws" - version = "~> 4.64.0" + } } - backend "s3" { + # backend "s3" { - } + # } + backend "local" { + path = "/home/pradip/infra_ajit/eks-terraform/baseinfra/terraform.tfstate" + } } provider "aws" { region = var.aws_region } -data "terraform_remote_state" "baseinfra" { - backend = "s3" - config = { - bucket = "${var.remote_state_bucket}" - key = "${var.remote_state_key}" - region = "${var.aws_region}" - } -} +# data "terraform_remote_state" "baseinfra" { +# backend = "s3" +# config = { +# bucket = "${var.remote_state_bucket}" +# key = "${var.remote_state_key}" +# region = "${var.aws_region}" +# } +# } diff --git a/baseinfra/sg.tf b/baseinfra/sg.tf new file mode 100644 index 0000000..8454b17 --- /dev/null +++ b/baseinfra/sg.tf @@ -0,0 +1,60 @@ +resource "aws_security_group" "base_sg" { + name = "base-security-group" + description = "Base security group for VPC" + + // Inbound rules + ingress { + from_port = 22 + to_port = 22 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] # Limit this to your specific IPs + + description = "SSH Access" + } + + // Outbound rules + egress { + from_port = 0 + to_port = 0 + protocol = "-1" # All traffic + cidr_blocks = ["0.0.0.0/0"] + + description = "Outbound traffic" + } +} + +resource "aws_security_group_rule" "eks_cluster_ingress" { + type = "ingress" + from_port = 443 + to_port = 443 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] # Limit this to your specific IPs + security_group_id = aws_security_group.base_sg.id +} + +resource "aws_security_group_rule" "eks_cluster_egress" { + type = "egress" + from_port = 0 + to_port = 0 + protocol = "-1" # All traffic + cidr_blocks = ["0.0.0.0/0"] + security_group_id = aws_security_group.base_sg.id +} + +resource "aws_security_group_rule" "eks_nodes_ingress" { + type = "ingress" + from_port = 0 + to_port = 65535 # Example: Allow all ports for communication within nodes + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + security_group_id = aws_security_group.base_sg.id +} + +resource "aws_security_group_rule" "eks_nodes_egress" { + type = "egress" + from_port = 0 + to_port = 0 + protocol = "-1" # All traffic + cidr_blocks = ["0.0.0.0/0"] + security_group_id = aws_security_group.base_sg.id +} \ No newline at end of file From ad702f12cd4c3388225692d9851c15cee709f6d6 Mon Sep 17 00:00:00 2001 From: pradipbabar Date: Fri, 18 Aug 2023 13:35:40 +0530 Subject: [PATCH 09/13] setup --- baseinfra/iam.tf | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 baseinfra/iam.tf diff --git a/baseinfra/iam.tf b/baseinfra/iam.tf new file mode 100644 index 0000000..e69de29 From 55fb58c36e41b1ea4cf4f4202639da59a96ace08 Mon Sep 17 00:00:00 2001 From: pradipbabar Date: Fri, 18 Aug 2023 13:36:06 +0530 Subject: [PATCH 10/13] setup --- baseinfra/network.tf | 124 ++++++++++++++++++++++++++++++++++------- baseinfra/output.tf | 30 +++++++++- baseinfra/variables.tf | 32 +++++++++++ 3 files changed, 166 insertions(+), 20 deletions(-) diff --git a/baseinfra/network.tf b/baseinfra/network.tf index 18ab491..9fec38f 100644 --- a/baseinfra/network.tf +++ b/baseinfra/network.tf @@ -1,26 +1,112 @@ -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - version = "5.0.0" +# VPC Creation +resource "aws_vpc" "main" { + cidr_block = "${var.vpc_cidr_block}" + enable_dns_hostnames = true + tags = { + Name = "${var.environment}-vpc" + } +} + +# Public Subnet Creation +resource "aws_subnet" "public-subnet-1a" { + vpc_id = aws_vpc.main.id + cidr_block = var.public_subnet_1a_cidr_block + availability_zone = "us-east-1a" + + + tags = { + Name = "${var.environment}-public-subnet-1a" + } +} + +resource "aws_subnet" "public-subnet-1b" { + vpc_id = aws_vpc.main.id + cidr_block = var.public_subnet_1b_cidr_block + availability_zone = "us-east-1b" + tags = { + Name = "${var.environment}-public-subnet-1b" + } +} + +# Private Subnet Creation +resource "aws_subnet" "private-subnet-1a" { + vpc_id = aws_vpc.main.id + cidr_block = var.private_subnet_1a_cidr_block + availability_zone = "us-east-1a" + tags = { + Name = "${var.environment}-private-subnet-1a" + } +} + +resource "aws_subnet" "private-subnet-1b" { + vpc_id = aws_vpc.main.id + cidr_block = var.private_subnet_1b_cidr_block + availability_zone = "us-east-1b" + + tags = { + Name = "${var.environment}-private-subnet-1b" + } + +} + +# Route Table Creation - Public +resource "aws_route_table" "public-route-table" { + vpc_id = aws_vpc.main.id + + tags = { + Name = "${var.environment}-public-route-table" + } +} - name = "education-vpc" +# Route Table Creation - Private +resource "aws_route_table" "private-route-table" { + vpc_id = aws_vpc.main.id - cidr = "10.0.0.0/16" - azs = slice(data.aws_availability_zones.available.names, 0, 3) + tags = { + Name = "${var.environment}-private-route-table" + } +} + +# Route Table Association - Public + +resource "aws_route_table_association" "public-subnet-1a" { + subnet_id = aws_subnet.public-subnet-1a.id + route_table_id = aws_route_table.public-route-table.id +} + +resource "aws_route_table_association" "public-subnet-1b" { + subnet_id = aws_subnet.public-subnet-1b.id + route_table_id = aws_route_table.public-route-table.id +} + +# Route Table Association - Private + +resource "aws_route_table_association" "private-subnet-1a" { + subnet_id = aws_subnet.private-subnet-1a.id + route_table_id = aws_route_table.private-route-table.id +} + +resource "aws_route_table_association" "private-subnet-1b" { + subnet_id = aws_subnet.private-subnet-1b.id + route_table_id = aws_route_table.private-route-table.id +} - private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] - public_subnets = ["10.0.4.0/24", "10.0.5.0/24", "10.0.6.0/24"] - enable_nat_gateway = true - single_nat_gateway = true - enable_dns_hostnames = true +# Internet Gateway Creation - public_subnet_tags = { - "kubernetes.io/cluster/${local.cluster_name}" = "shared" - "kubernetes.io/role/elb" = 1 - } +resource "aws_internet_gateway" "main-igw" { + vpc_id = aws_vpc.main.id - private_subnet_tags = { - "kubernetes.io/cluster/${local.cluster_name}" = "shared" - "kubernetes.io/role/internal-elb" = 1 - } + tags = { + Name = "${var.environment}-IGW" + } } + + +# Public IGW & route table association [ public route] + +resource "aws_route" "igw-route" { + route_table_id = aws_route_table.public-route-table.id + gateway_id = aws_internet_gateway.main-igw.id + destination_cidr_block = "0.0.0.0/0" +} \ No newline at end of file diff --git a/baseinfra/output.tf b/baseinfra/output.tf index f1a2a67..422f76c 100644 --- a/baseinfra/output.tf +++ b/baseinfra/output.tf @@ -1,3 +1,31 @@ output "vpc_id" { - value = module.vpc.default_vpc_id + value = aws_vpc.main.id +} + +output "vpc_cidr_block" { + value = aws_vpc.main.cidr_block +} + +output "public_subnet_1a_id" { + value = aws_subnet.public-subnet-1a.id +} + +output "public_subnet_1b_id" { + value = aws_subnet.public-subnet-1b.id +} + +output "private_subnet_1a_id" { + value = aws_subnet.private-subnet-1a.id +} + +output "private_subnet_1b_id" { + value = aws_subnet.private-subnet-1b.id +} + +output "private_subnets" { + value = tolist([aws_subnet.private-subnet-1a.id, aws_subnet.private-subnet-1b.id]) +} + +output "public_subnets" { + value = tolist([aws_subnet.public-subnet-1a.id, aws_subnet.public-subnet-1b.id]) } \ No newline at end of file diff --git a/baseinfra/variables.tf b/baseinfra/variables.tf index 58154f1..b29180a 100644 --- a/baseinfra/variables.tf +++ b/baseinfra/variables.tf @@ -5,3 +5,35 @@ variable "aws_region" { variable "remote_state_bucket" {} variable "remote_state_key" {} + +variable "environment" { + default = "DEV" + description = "Environment name used a sprefix" +} + + +variable "vpc_cidr_block" { + default = "10.0.0.0/16" + description = "CIDR block for the VPC" +} + +variable "public_subnet_1a_cidr_block" { + description = "value of the public subnet 1a cidr block" + default = "10.0.1.0/24" +} + +variable "public_subnet_1b_cidr_block" { + description = "value of the public subnet 1b cidr block" + default = "10.0.2.0/24" +} + +variable "private_subnet_1a_cidr_block" { + description = "value of the private subnet 1a cidr block" + default = "10.0.10.0/24" +} + +variable "private_subnet_1b_cidr_block" { + description = "value of the private subnet 1b cidr block" + default = "10.0.11.0/24" +} + From b6b419c6f827bf3d20dfc7a4381eba00940eeb89 Mon Sep 17 00:00:00 2001 From: pradipbabar Date: Mon, 21 Aug 2023 13:15:24 +0530 Subject: [PATCH 11/13] iam --- baseinfra/iam.tf | 58 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) diff --git a/baseinfra/iam.tf b/baseinfra/iam.tf index e69de29..e4a712f 100644 --- a/baseinfra/iam.tf +++ b/baseinfra/iam.tf @@ -0,0 +1,58 @@ +# create an IAM role with the AmazonEKSClusterPolicy +resource "aws_iam_role" "demo" { + name = "eks-cluster-demo" + + assume_role_policy = < Date: Wed, 23 Aug 2023 13:16:01 +0530 Subject: [PATCH 12/13] platform --- baseinfra/README.md | 6 ++++-- baseinfra/env/base_infra.config | 6 +++--- baseinfra/output.tf | 11 ++++++++++ baseinfra/provider.tf | 27 +++++++++---------------- platforminfra/app.tf | 14 ++++++++++++- platforminfra/env/platform_infra.config | 3 +++ platforminfra/provider.tf | 27 +++++++++++++++++++++++++ platforminfra/variable.tf | 2 ++ 8 files changed, 72 insertions(+), 24 deletions(-) create mode 100644 platforminfra/env/platform_infra.config create mode 100644 platforminfra/provider.tf create mode 100644 platforminfra/variable.tf diff --git a/baseinfra/README.md b/baseinfra/README.md index 3ab6d1b..c511a4b 100644 --- a/baseinfra/README.md +++ b/baseinfra/README.md @@ -1,3 +1,5 @@ -# +# Setting up Base Infra Automation -## Setting up Base Infra Automation +**Command** + +- `terraform init -backend-config="./env/baseinfra.config"` diff --git a/baseinfra/env/base_infra.config b/baseinfra/env/base_infra.config index 4f22c27..a7a141f 100644 --- a/baseinfra/env/base_infra.config +++ b/baseinfra/env/base_infra.config @@ -1,3 +1,3 @@ -# key="PROD/baseinfra.tfstate" -# bucket="ecs-terraform-backend-state" -# region="us-east-1" \ No newline at end of file +key="EKS/baseinfra.tfstate" +bucket="eks-terraform-backend-state" +region="us-east-1" \ No newline at end of file diff --git a/baseinfra/output.tf b/baseinfra/output.tf index 422f76c..adf15db 100644 --- a/baseinfra/output.tf +++ b/baseinfra/output.tf @@ -28,4 +28,15 @@ output "private_subnets" { output "public_subnets" { value = tolist([aws_subnet.public-subnet-1a.id, aws_subnet.public-subnet-1b.id]) +} + +output "aws_iam_role_demo" { + value = aws_iam_role.demo.arn + +} +output "aws_iam_role_node" { + value = aws_iam_role.nodes +} +output "policy_attachment_demo_AmazonEKSClusterPolicy" { + value = aws_iam_role_policy_attachment.demo-AmazonEKSClusterPolicy } \ No newline at end of file diff --git a/baseinfra/provider.tf b/baseinfra/provider.tf index b750191..17695b4 100644 --- a/baseinfra/provider.tf +++ b/baseinfra/provider.tf @@ -1,28 +1,19 @@ terraform { - required_providers{ aws = { - source = "hashicorp/aws" - + source = "hashicorp/aws" } } - # backend "s3" { - - # } - backend "local" { - path = "/home/pradip/infra_ajit/eks-terraform/baseinfra/terraform.tfstate" - } -} + backend "s3" { + + } + # backend "local" { + # path = "/home/pradip/infra_ajit/eks-terraform/baseinfra/terraform.tfstate" + # } +} provider "aws" { region = var.aws_region } -# data "terraform_remote_state" "baseinfra" { -# backend = "s3" -# config = { -# bucket = "${var.remote_state_bucket}" -# key = "${var.remote_state_key}" -# region = "${var.aws_region}" -# } -# } + diff --git a/platforminfra/app.tf b/platforminfra/app.tf index dc84e19..61005e2 100644 --- a/platforminfra/app.tf +++ b/platforminfra/app.tf @@ -1 +1,13 @@ -# write a code +# Create AWS EKS Cluster using predefine arn and subnet ids +resource "aws_eks_cluster" "demo" { + name = "demo" + role_arn = data.terraform_remote_state.baseinfra.outputs.aws_iam_role_demo + vpc_config { + subnet_ids = [ + data.terraform_remote_state.baseinfra.outputs.public_subnet_1a_id, + data.terraform_remote_state.baseinfra.outputs.public_subnet_1b_id + ] + } + + depends_on = [data.terraform_remote_state.baseinfra.outputs.policy_attachment_demo_AmazonEKSClusterPolicy] +} \ No newline at end of file diff --git a/platforminfra/env/platform_infra.config b/platforminfra/env/platform_infra.config new file mode 100644 index 0000000..af99f07 --- /dev/null +++ b/platforminfra/env/platform_infra.config @@ -0,0 +1,3 @@ +key="EKS/platform_infra.tfstate" +bucket="eks-terraform-backend-state" +region="us-east-1" \ No newline at end of file diff --git a/platforminfra/provider.tf b/platforminfra/provider.tf new file mode 100644 index 0000000..f1485b9 --- /dev/null +++ b/platforminfra/provider.tf @@ -0,0 +1,27 @@ +terraform { + required_providers{ + aws = { + source = "hashicorp/aws" + } + } + backend "s3" { + + } + + # backend "local" { + # path = "/home/pradip/infra_ajit/eks-terraform/baseinfra/terraform.tfstate" + # } +} +provider "aws" { + region = var.aws_region +} + + +data "terraform_remote_state" "baseinfra" { + backend = "s3" + config = { + bucket = "${var.remote_state_bucket}" + key = "${var.remote_state_key}" + region = "${var.aws_region}" + } +} diff --git a/platforminfra/variable.tf b/platforminfra/variable.tf new file mode 100644 index 0000000..154574a --- /dev/null +++ b/platforminfra/variable.tf @@ -0,0 +1,2 @@ +variable "remote_state_bucket" {} +variable "remote_state_key" {} From 0ded7979561bc516f06c4ee73d380f93fecc0509 Mon Sep 17 00:00:00 2001 From: pradipbabar Date: Wed, 23 Aug 2023 14:17:53 +0530 Subject: [PATCH 13/13] README --- README.md | 94 ++++++++++++++++++++++++++++++++++++++++- baseinfra/README.md | 69 ++++++++++++++++++++++++++++-- platforminfra/README.md | 62 ++++++++++++++++++++++++++- 3 files changed, 219 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index a2fcb60..6534073 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,92 @@ -# eks-terraform -Building EKS cluster with Terraform + +# Amazon EKS with Terraform + +This repository provides Terraform scripts to deploy an Amazon EKS cluster along with base infrastructure and platform-specific infrastructure. + +## Folder Structure + +The repository is organized into the following folders: + +1. [`base_infra`](/baseinfra/): Contains Terraform scripts for setting up the base infrastructure, including VPC, subnets, and security groups. + +2. [`platform_infra`](/platforminfra/): Contains Terraform scripts for setting up the EKS cluster and nodes, as well as any additional resources required for your platform. + +## Prerequisites + +- [Terraform](https://www.terraform.io/downloads.html) (>= 0.13) +- [AWS CLI](https://aws.amazon.com/cli/) +- AWS account with appropriate IAM permissions + +## Workflow + +### Setting up Base Infrastructure + +1. Navigate to the `base_infra` folder: + +```bash +cd base_infra +``` + +2. Initialize Terraform with backend configuration: + +```bash +terraform init -backend-config="env/baseinfra.config" +``` + +3. Review and modify the `base_infra` configuration files as needed. + +4. Create an execution plan: + +```bash +terraform plan +``` + +5. Apply the changes to create base infrastructure: + +```bash +terraform apply +``` + +### Setting up Platform Infrastructure (EKS Cluster) + +1. Navigate to the `platform_infra` folder: + +```bash +cd platform_infra +``` + +2. Initialize Terraform with backend configuration: + +```bash +terraform init -backend-config="env/platforminfra.config" +``` + +3. Review and modify the `platform_infra` configuration files as needed. + +4. Create an execution plan: + +```bash +terraform plan +``` + +5. Apply the changes to create the EKS cluster and associated resources: + +```bash +terraform apply +``` + +## Cleanup + +To tear down the infrastructure when no longer needed: + +1. Navigate to each folder and run: + +```bash +terraform destroy +``` + +## Notes + +- Replace placeholders like `env/baseinfra.config` and `env/platforminfra.config` with the actual paths to your backend configurations. + +- Make sure to review and adjust security group rules, IAM policies, and configurations as needed. diff --git a/baseinfra/README.md b/baseinfra/README.md index c511a4b..5250ca1 100644 --- a/baseinfra/README.md +++ b/baseinfra/README.md @@ -1,5 +1,68 @@ -# Setting up Base Infra Automation +# Base Infrastructure Setup with Terraform -**Command** +This directory contains Terraform scripts for setting up the base infrastructure, including VPC, subnets, IAM roles, security groups, and more. -- `terraform init -backend-config="./env/baseinfra.config"` +## Folder Structure + +- `data.tf`: Defines any external data sources needed for the base infrastructure. +- `iam.tf`: Defines IAM roles and policies required for the base infrastructure. +- `locals.tf`: Contains local values to simplify configuration. +- `network.tf`: Defines the VPC, subnets, and other networking components. +- `provider.tf`: Specifies the AWS provider configuration. +- `security_group.tf`: Defines security groups and their associated rules. +- `variables.tf`: Declares input variables for the base infrastructure. +- `outputs.tf`: Specifies output values for reference. + +## Prerequisites + +- [Terraform](https://www.terraform.io/downloads.html) (>= 0.13) +- [AWS CLI](https://aws.amazon.com/cli/) +- AWS account with appropriate IAM permissions + +## Configuration + +1. Modify the variables in `variables.tf` to match your requirements. +2. Customize IAM roles and policies in `iam.tf` according to your security needs. +3. Adjust security group rules in `security_group.tf` to fit your organization's policies. +4. Review and modify networking settings in `network.tf` as needed. +5. Define any external data sources in `data.tf` if required. + +## Usage + +1. Initialize Terraform: + +```bash +terraform init +``` + +2. Review the execution plan: + +```bash +terraform plan +``` + +3. Apply the changes to create the base infrastructure: + +```bash +terraform apply +``` + +## Cleanup + +To tear down the base infrastructure when no longer needed: + +1. Run: + +```bash +terraform destroy +``` + +2. Confirm with "yes" when prompted. + +## Notes + +- Replace placeholders in the Terraform files with your actual configurations. + +- Ensure that security group rules and IAM policies align with your organization's security requirements. + +- Always practice best security practices when setting up IAM roles, security groups, and other resources. diff --git a/platforminfra/README.md b/platforminfra/README.md index 3bc5aca..222dc0c 100644 --- a/platforminfra/README.md +++ b/platforminfra/README.md @@ -1,2 +1,62 @@ +# Platform-Specific Infrastructure Setup with Terraform -## Setting up Platform Infra Automation +This directory contains Terraform scripts for setting up platform-specific infrastructure, including Amazon EKS cluster, nodes, application resources, and more. + +## Folder Structure + +- `app.tf`: Defines application-specific resources to deploy on the EKS cluster. +- `provider.tf`: Specifies the AWS provider configuration. +- `variable.tf`: Declares input variables for the platform-specific infrastructure. +- `outputs.tf`: Specifies output values for reference. + +## Prerequisites + +- [Terraform](https://www.terraform.io/downloads.html) (>= 0.13) +- [AWS CLI](https://aws.amazon.com/cli/) +- AWS account with appropriate IAM permissions + +## Configuration + +1. Modify the variables in `variable.tf` to match your requirements. +2. Customize application-specific resources in `app.tf` according to your application's needs. + +## Usage + +1. Ensure that the base infrastructure (VPC, subnets, security groups) has been set up using the `base_infra` module. +2. Initialize Terraform: + +```bash +terraform init +``` + +3. Review the execution plan: + +```bash +terraform plan +``` + +4. Apply the changes to create the platform-specific infrastructure: + +```bash +terraform apply +``` + +## Cleanup + +To tear down the platform-specific infrastructure when no longer needed: + +1. Run: + +```bash +terraform destroy +``` + +2. Confirm with "yes" when prompted. + +## Notes + +- Replace placeholders in the Terraform files with your actual configurations. + +- Ensure that the application resources in `app.tf` are aligned with your application's requirements. + +- Always follow best practices when deploying application resources on the EKS cluster. \ No newline at end of file