diff --git a/terraform_private_ec2_lab_natgateway/README_fr.md b/terraform_private_ec2_lab_natgateway/README_fr.md new file mode 100644 index 0000000..48e08ac --- /dev/null +++ b/terraform_private_ec2_lab_natgateway/README_fr.md @@ -0,0 +1,70 @@ +# Laboratoire Terraform pour le Déploiement d'une EC2, une passerelle NAT et un ALB sur AWS + +Ce laboratoire fournit un exemple de configuration Terraform pour déployer une instance EC2, une passerelle NAT et un Application Load Balancer (ALB) sur Amazon Web Services (AWS). Il inclut la mise en place de ressources dans des sous-réseaux publics et privés, la configuration des groupes de sécurité, et la création d'un VPC pour héberger l'infrastructure. + +## Prérequis + +Avant de commencer, assurez-vous de disposer des prérequis suivants : + +- Terraform +- Un compte AWS avec les autorisations nécessaires pour créer des instances EC2, des passerelles NAT, des ALB, des VPC, des sous-réseaux et des groupes de sécurité. + +## Configuration + +1. **Clonage du Répertoire :** Commencez par cloner ce dépôt Git sur votre machine locale : + +```bash +git clone https://github.com/example/aws-terraform-ec2-nat-alb-lab.git +``` + +2. **Initialisation du Répertoire :** Accédez au répertoire cloné et initialisez Terraform : + +```bash +cd aws-terraform-ec2-nat-alb-lab +terraform init +``` + +3. **Configuration des Variables :** Éditez le fichier `var.tf` pour définir les variables Terraform nécessaires telles que la région, les clés d'accès, etc. + +4. **Validation de la Configuration :** Avant de déployer les ressources, validez votre configuration Terraform : + +```bash +terraform plan +``` + +5. **Déploiement des Ressources :** Une fois la configuration validée, déployez les ressources : + +```bash +terraform apply +``` + +## Structure du Projet + +``` +aws-terraform-ec2-nat-alb-lab/ +│ +├── providers.tf # Fichier définissant les fournisseurs Terraform +├── var.tf # Fichier définissant les variables Terraform +├── outputs.tf # Fichier définissant les sorties Terraform +├── terraform.tfstate # Fichier d'état Terraform (généré après le déploiement) +├── README.md # Ce fichier README décrivant le laboratoire +├── natgateway.tf # Fichier de configuration pour la passerelle NAT +├── alb.tf # Fichier de configuration pour l'Application Load Balancer +├── vpc.tf # Fichier de configuration pour le VPC +├── ec2.tf # Fichier de configuration pour EC2 +├── subnets.tf # Fichier de configuration pour les sous-réseaux +└── securitygroups.tf # Fichier de configuration pour les groupes de sécurité +``` + +## Nettoyage + +Après avoir terminé le laboratoire, pensez à détruire les ressources déployées pour éviter des frais inutiles sur votre compte AWS : + +```bash +terraform destroy +``` + +## Remarques + +- Assurez-vous de comprendre les coûts associés à l'utilisation des ressources AWS telles que les instances EC2, les passerelles NAT, les ALB, etc. +- Ce laboratoire est fourni à des fins d'apprentissage et de démonstration. Il est recommandé de ne pas utiliser ces configurations en production sans une évaluation appropriée de la sécurité et des performances. \ No newline at end of file diff --git a/terraform_private_ec2_lab_natgateway/README_us.md b/terraform_private_ec2_lab_natgateway/README_us.md new file mode 100644 index 0000000..91fed69 --- /dev/null +++ b/terraform_private_ec2_lab_natgateway/README_us.md @@ -0,0 +1,70 @@ +# Terraform Lab for Deploying an EC2, NAT Gateway, and ALB on AWS + +This lab provides an example Terraform configuration for deploying an EC2 instance, a NAT Gateway, and an Application Load Balancer (ALB) on Amazon Web Services (AWS). It includes setting up resources in both public and private subnets, configuring security groups, and creating a VPC to host the infrastructure. + +## Prerequisites + +Before getting started, ensure you have the following prerequisites: + +- Terraform +- An AWS account with necessary permissions to create EC2 instances, NAT Gateways, ALBs, VPCs, subnets, and security groups. + +## Configuration + +1. **Clone the Repository:** Start by cloning this Git repository to your local machine: + +```bash +git clone https://github.com/example/aws-terraform-ec2-nat-alb-lab.git +``` + +2. **Initialize the Directory:** Navigate to the cloned directory and initialize Terraform: + +```bash +cd aws-terraform-ec2-nat-alb-lab +terraform init +``` + +3. **Configure Variables:** Edit the `var.tf` file to define the necessary AWS variables such as region, access keys, etc. + +4. **Validate Configuration:** Before deploying resources, validate your Terraform configuration: + +```bash +terraform plan +``` + +5. **Deploy Resources:** Once the configuration is validated, deploy the resources: + +```bash +terraform apply +``` + +## Project Structure + +``` +aws-terraform-ec2-nat-alb-lab/ +│ +├── providers.tf # File defining Terraform providers +├── var.tf # File defining Terraform variables +├── outputs.tf # File defining Terraform outputs +├── terraform.tfstate # Terraform state file (generated after deployment) +├── README.md # This README file describing the lab +├── natgateway.tf # Configuration file for NAT Gateway +├── alb.tf # Configuration file for Application Load Balancer +├── vpc.tf # Configuration file for VPC +├── ec2.tf # Configuration file for ec2 +├── subnets.tf # Configuration file for subnets +└── securitygroups.tf # Configuration file for security groups +``` + +## Cleanup + +After completing the lab, remember to destroy the deployed resources to avoid unnecessary AWS charges: + +```bash +terraform destroy +``` + +## Notes + +- Ensure you understand the costs associated with running resources in AWS, including EC2 instances, NAT Gateways, ALBs, etc. +- This lab is provided for learning and demonstration purposes. It is recommended not to use these configurations in production without proper evaluation of security and performance. \ No newline at end of file diff --git a/terraform_private_ec2_lab_natgateway/alb.tf b/terraform_private_ec2_lab_natgateway/alb.tf new file mode 100644 index 0000000..4f8ba8b --- /dev/null +++ b/terraform_private_ec2_lab_natgateway/alb.tf @@ -0,0 +1,50 @@ +#Create the ALB +resource "aws_lb" "alb_test" { + name = "albtest" + internal = false + load_balancer_type = "application" + subnets = [aws_subnet.subnet_public_test.id, aws_subnet.subnet_public_test_2.id] + security_groups = [aws_security_group.sg_alb_test.id] + + + enable_deletion_protection = false +} + +# Create the target group of the ALB +resource "aws_lb_target_group" "tg_test" { // Target Group A + name = "target-instance" + port = 80 + protocol = "HTTP" + vpc_id = aws_vpc.vpc_test.id + + health_check { + path = "/" + port = 80 + protocol = "HTTP" + interval = 30 + timeout = 10 + healthy_threshold = 3 + unhealthy_threshold = 3 + } + +} + +# Create the attachement for the target group +resource "aws_lb_target_group_attachment" "tg_attachment_test" { + target_group_arn = aws_lb_target_group.tg_test.arn + target_id = aws_instance.instance_test.id + port = 80 +} + + +resource "aws_lb_listener" "alb_listener_test" { + load_balancer_arn = aws_lb.alb_test.arn + port = "${var.server_port}" + protocol = "HTTP" + + default_action { + type = "forward" + target_group_arn = aws_lb_target_group.tg_test.arn + } +} + diff --git a/terraform_private_ec2_lab_natgateway/ec2.tf b/terraform_private_ec2_lab_natgateway/ec2.tf new file mode 100644 index 0000000..965f9ab --- /dev/null +++ b/terraform_private_ec2_lab_natgateway/ec2.tf @@ -0,0 +1,21 @@ +# Create an EC2 instance +resource "aws_instance" "instance_test" { + ami = "${var.ec2_micro_ami}" + instance_type = "${var.ec2_micro}" + vpc_security_group_ids = ["${aws_security_group.sg_instance_test.id}"] + subnet_id = aws_subnet.subnet_private_test.id + + user_data = <<-EOF + #!/bin/bash + yum update -y + yum install -y httpd + systemctl start httpd + systemctl enable httpd + echo "

Hello World from $(hostname -f)

" > /var/www/html/index.html + EOF + + + tags = { + name = "ec2_test" + } +} \ No newline at end of file diff --git a/terraform_private_ec2_lab_natgateway/natgateway.tf b/terraform_private_ec2_lab_natgateway/natgateway.tf new file mode 100644 index 0000000..07f3b39 --- /dev/null +++ b/terraform_private_ec2_lab_natgateway/natgateway.tf @@ -0,0 +1,18 @@ +# Create the Elastic IP +resource "aws_eip" "eip_test" { + domain = "vpc" +} + +# Create the NatGateway and allocate the EIP +resource "aws_nat_gateway" "nat_gw_test" { + allocation_id = aws_eip.eip_test.id + subnet_id = aws_subnet.subnet_public_test.id + + tags = { + Name = "gw_NAT_test" + } + + # To ensure proper ordering, it is recommended to add an explicit dependency + # on the Internet Gateway for the VPC. + depends_on = [aws_internet_gateway.gw_test] +} \ No newline at end of file diff --git a/terraform_private_ec2_lab_natgateway/outputs.tf b/terraform_private_ec2_lab_natgateway/outputs.tf new file mode 100644 index 0000000..e122b7b --- /dev/null +++ b/terraform_private_ec2_lab_natgateway/outputs.tf @@ -0,0 +1,12 @@ +# Output variable: Public IP address +output "ec2_private_ip" { + value = "${aws_instance.instance_test.private_ip}" +} + +output "alb_dns_name" { + value = aws_lb.alb_test.dns_name +} + +output "nat_gw_eip" { + value = aws_eip.eip_test.public_ip +} diff --git a/terraform_private_ec2_lab_natgateway/provider.tf b/terraform_private_ec2_lab_natgateway/provider.tf new file mode 100644 index 0000000..d9c349e --- /dev/null +++ b/terraform_private_ec2_lab_natgateway/provider.tf @@ -0,0 +1,3 @@ +provider "aws" { + region = "${var.region}" +} \ No newline at end of file diff --git a/terraform_private_ec2_lab_natgateway/securitygroups.tf b/terraform_private_ec2_lab_natgateway/securitygroups.tf new file mode 100644 index 0000000..b1a93e4 --- /dev/null +++ b/terraform_private_ec2_lab_natgateway/securitygroups.tf @@ -0,0 +1,42 @@ +# Create a Security Group for an EC2 instance +resource "aws_security_group" "sg_instance_test" { + name = "sg_instance_test" + vpc_id = aws_vpc.vpc_test.id + + # Allow incoming traffic on port 80 (HTTP) from the ALB + ingress { + from_port = 80 + to_port = 80 + protocol = "TCP" + security_groups = [aws_security_group.sg_alb_test.id] # Autoriser l'accès depuis le groupe de sécurité de l'ALB + } + + # Allow outgoing traffic to the Internet + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } +} + +# Create a Security Group for the ALB +resource "aws_security_group" "sg_alb_test" { + name = "sg_alb_test" + vpc_id = aws_vpc.vpc_test.id + + ingress { + from_port = 80 + to_port = 80 + protocol = "TCP" + cidr_blocks = ["0.0.0.0/0"] + } + + ingress { + from_port = 443 + to_port = 443 + protocol = "TCP" + cidr_blocks = ["0.0.0.0/0"] + } + +} \ No newline at end of file diff --git a/terraform_private_ec2_lab_natgateway/subnets.tf b/terraform_private_ec2_lab_natgateway/subnets.tf new file mode 100644 index 0000000..a938db9 --- /dev/null +++ b/terraform_private_ec2_lab_natgateway/subnets.tf @@ -0,0 +1,67 @@ +##PUBLIC + +# Create route tables +resource "aws_route_table" "rt_public_test" { + vpc_id = aws_vpc.vpc_test.id + + route { + cidr_block = "0.0.0.0/0" + gateway_id = aws_internet_gateway.gw_test.id + } +} + +# Configure the public Subnet in the VPC +resource "aws_subnet" "subnet_public_test" { + vpc_id = aws_vpc.vpc_test.id + cidr_block = "${var.subnet_public_cidr}" + availability_zone = "${var.subnets_region_a}" + tags = { + name = "subnet_public_test" + } +} +# Associate the route table to the Subnet +resource "aws_route_table_association" "rt_association_public_test" { + subnet_id = aws_subnet.subnet_public_test.id + route_table_id = aws_route_table.rt_public_test.id +} +# Configure the public Subnet 2 in the VPC +resource "aws_subnet" "subnet_public_test_2" { + vpc_id = aws_vpc.vpc_test.id + cidr_block = "${var.subnet_public_cidr_2}" + availability_zone = "${var.subnets_region_b}" + tags = { + name = "subnet_public_test_2" + } +} +# Associate the route table to the Subnet +resource "aws_route_table_association" "rt_association_public_test_2" { + subnet_id = aws_subnet.subnet_public_test_2.id + route_table_id = aws_route_table.rt_public_test.id +} + +##PRIVATE + +# Create route tables +resource "aws_route_table" "rt_private_test" { + vpc_id = aws_vpc.vpc_test.id + + route { + cidr_block = "0.0.0.0/0" + nat_gateway_id = aws_nat_gateway.nat_gw_test.id + } +} + +# Configure the Private Subnet in the VPC +resource "aws_subnet" "subnet_private_test" { + vpc_id = aws_vpc.vpc_test.id + cidr_block = "${var.subnet_private_cidr}" + availability_zone = "${var.subnets_region_a}" + tags = { + name = "subnet_private_test" + } +} +# Associate the route table to the private Subnet +resource "aws_route_table_association" "rt_association_private_test" { + subnet_id = aws_subnet.subnet_private_test.id + route_table_id = aws_route_table.rt_private_test.id +} diff --git a/terraform_private_ec2_lab_natgateway/terraform.tfstate b/terraform_private_ec2_lab_natgateway/terraform.tfstate new file mode 100644 index 0000000..b96ba47 --- /dev/null +++ b/terraform_private_ec2_lab_natgateway/terraform.tfstate @@ -0,0 +1,9 @@ +{ + "version": 4, + "terraform_version": "1.5.7", + "serial": 110, + "lineage": "bdc1507b-2383-87c7-c60f-b21266cd38e5", + "outputs": {}, + "resources": [], + "check_results": null +} diff --git a/terraform_private_ec2_lab_natgateway/var.tf b/terraform_private_ec2_lab_natgateway/var.tf new file mode 100644 index 0000000..66f0f66 --- /dev/null +++ b/terraform_private_ec2_lab_natgateway/var.tf @@ -0,0 +1,63 @@ +# Input variable: region +variable "region" { + description = "The region which will be used to create ressources" + default = "eu-west-3" +} + +variable "subnets_region_a" { + description = "The region which will be used to create ressources" + default = "eu-west-3a" +} + +variable "subnets_region_b" { + description = "The region which will be used to create ressources" + default = "eu-west-3b" +} + +# Input variable: server port +variable "server_port" { + description = "The port the server will use for HTTP requests" + default = "80" +} + +# Input variable: server port +variable "ssh_port" { + description = "The port the server will use for SSH requests" + default = "22" +} + +# Input variable : vpc cidr +variable "vpc_cidr" { + description = "The cidr bloc to use in the VPC" + default = "192.168.0.0/16" +} + +# Input variable : public subnet cidr +variable "subnet_public_cidr" { + description = "The cidr bloc to use for the Subnet" + default = "192.168.0.0/26" +} + +# Input variable : public subnet cidr 2 +variable "subnet_public_cidr_2" { + description = "The cidr bloc to use for the Subnet" + default = "192.168.0.64/26" +} + +# Input variable : private subnet cidr +variable "subnet_private_cidr" { + description = "The cidr bloc to use for the Subnet" + default = "192.168.0.128/26" +} + +# Input variable : ami +variable "ec2_micro_ami" { + description = "Ami of the t2.micro EC2 AWS 2023" + default = "ami-06f64fb0331ab61a0" +} + +# Input variable : instance type +variable "ec2_micro" { + description = "Type of the EC2" + default = "t2.micro" +} \ No newline at end of file diff --git a/terraform_private_ec2_lab_natgateway/vpc.tf b/terraform_private_ec2_lab_natgateway/vpc.tf new file mode 100644 index 0000000..9bcb821 --- /dev/null +++ b/terraform_private_ec2_lab_natgateway/vpc.tf @@ -0,0 +1,12 @@ +# Configure the VPC +resource "aws_vpc" "vpc_test" { + cidr_block = "${var.vpc_cidr}" # Changer le bloc CIDR selon votre VPC + tags = { + name = "vpc_test" + } +} + +# Create the Internet Gateway +resource "aws_internet_gateway" "gw_test" { + vpc_id = aws_vpc.vpc_test.id +} \ No newline at end of file