LINKS-IMP-2024

https://github.com/bregman-arie/devops-exercises/blob/895ac0f15530d3047f95d6dfac83b04cdbf0d1c4/topics/aws/exercises/s3/new_bucket/terraform/main.tf#L17
https://github.com/bregman-arie/devops-exercises/tree/master/topics/aws/exercises
https://github.com/antonputra/tutorials/tree/235cb18a078e5c499b32cfa3a9448995e414042a/lessons/020
https://github.com/btkrausen/hashicorp/blob/master/terraform/Lab%20Prerequisites/Section%2004%20-%20Understand%20Terraform%20Basics/Terraform%20Configuration%20Block/main.tf

mrc
https://github.com/AlexRogalskiy/examples-1/blob/4a43cf25f9de4e694829f1497bb23160a2e53f71/multiregion/docs/multiregion.rst   --russina
https://github.com/justinrlee/terraform-templates/blob/708e8b997c3b9ccd4a9b11ebfb6f75e088148d69/multi-region-vpc/terraform.tfvars#L10  --chi


kraft
https://github.com/confluentinc/cp-ansible/blob/7.6.0-post/docs/sample_inventories/sasl_ssl_kraft.yml

----
terraform plan -target="module.aws-network-vpc-r1" -target="module.aws-network-vpc-r2"
terraform apply -target="module.aws-network-vpc-r1" -target="module.aws-network-vpc-r2"
----

# Default DNS resolution (us-west-2)
export BOOTSTRAP=lkc-oq77vj.dom8w13j4p7.us-west-2.aws.confluent.cloud
https://lkc-oq77vj.dom8w13j4p7.us-west-2.aws.confluent.cloud:443

# Private DNS resolution (us-east-)

export BOOTSTRAP=lkc-zgzzxz.dom4g2q9ngr.us-east-1.aws.confluent.cloud

https://lkc-zgzzxz.dom4g2q9ngr.us-east-1.aws.confluent.cloud:443
openssl s_client -connect $BOOTSTRAP:9092 -servername $BOOTSTRAP -verify_hostname $BOOTSTRAP </dev/null 2>/dev/null | grep -E 'Verify return code|BEGIN CERTIFICATE' | xargs

openssl s_client -connect $BOOTSTRAP:9092 </dev/null


## Important notes
1) DNS private hosted zones make sure both the VPC are added in the private hosted zones
2) Make sure private subnets are listed on the route tables , VPc peering is between private subnets

## commands
# for bastion hosts 
ssh-add ~/.ssh/<Path to key>.pem
ssh-add -L 
ssh -A ec2-user@public-ip-address-to-jumbox-bastion

#once inside jumpbox
ssh -A ec2-user@private-ip-address ( same region or cross region)


terraform plan -target="module.aws-network-vpc-r1" -target="module.aws-network-vpc-r2"
terraform apply -target="module.aws-network-vpc-r1" -target="module.aws-network-vpc-r2"

Bastion command notes:
ssh -v -A publicdns/ip
Once inside
ssh privateIp/dns ( it should work)




Terraform:


terraform init -var-file="amithdemo.cp.full.aws.cacentral.tfvars"
terraform plan -var-file="amithdemo.cp.full.aws.cacentral.tfvars"
terraform apply -var-file="amithdemo.cp.full.aws.cacentral.tfvars"
terraform destroy -var-file="amithdemo.cp.full.aws.cacentral.tfvars"
terraform output > run-results.txt
Terraform commands: ( other) 
terraform state list 
terraform state show aws_key_pair.platform

terraform destroy -target RESOURCE_TYPE.NAME
terraform destroy -target RESOURCE_TYPE.NAME -target RESOURCE_TYPE2.NAME

# Remove a Resource
$ terraform state rm module.foo.packet_device.worker[0]

# Remove a Module
$ terraform state rm module.foo

example:
terraform state show aws_key_pair.platform
terraform state rm  aws_instance.component["kafka-0"]
terraform destroy -target aws_instance -target component["schemaregistry-0"]

https://github.com/ebarros29/terraform-diagrams
pip install --no-cache-dir -r requirements.txt
python3 diagrams_aws.py


terraform graph | dot -Tsvg > graph.svg 


# terraform graph
brew install inframap
#https://github.com/cycloidio/inframap

inframap generate state.tfstate | dot -Tpng > graph.png
inframap generate state.tfstate | graph-easy


export EKS_K8_CLUSTER_NAME=
export AWS_ARN_ACCT_IAM=arn:aws:iam::XXXXXX:role/XXXXROLE

aws eks update-kubeconfig --region us-east-1 --name  $EKS_K8_CLUSTER_NAME

eksctl create iamidentitymapping --cluster $EKS_K8_CLUSTER_NAME --arn $AWS_ARN_ACCT_IAM --username admin --group system:masters