add aws_vpc_peering

2026-02-10 06:45:01 +00:00 · 2023-11-17 16:59:14 -08:00
parent cd1b4531a2
commit a27a3737fc
4 changed files with 1563 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -13,3 +13,7 @@ aws/aws_simple/.terraform/providers/registry.terraform.io/hashicorp/template/2.2
 aws/aws_simple/.terraform/providers/registry.terraform.io/hashicorp/aws/5.26.0/linux_amd64/terraform-provider-aws_v5.26.0_x5
 aws/aws_simple/.terraform/terraform.tfstate
 aws/example-backend/terraform.tfstate
 aws/aws_vpc_peering/.terraform.lock.hcl
 aws/aws_vpc_peering/terraform.tfstate
 .gitignore
 aws/aws_vpc_peering/.terraform/providers/registry.terraform.io/hashicorp/aws/5.26.0/linux_amd64/terraform-provider-aws_v5.26.0_x5
--- a/aws/aws_vpc_peering/main.tf
+++ b/aws/aws_vpc_peering/main.tf
@@ -0,0 +1,303 @@
 # Define AWS provider with aliases for us-west-1 and us-east-1 regions
 provider "aws" {
    alias  = "us-west-1"
    region = "us-west-1"
 }
 provider "aws" {
    alias  = "us-east-1"
    region = "us-east-1"
 }
 # Create VPCs in us-west-1 and us-east-1 regions
 resource "aws_vpc" "us-west-1" {
    cidr_block = "10.0.0.0/16"
    provider   = aws.us-west-1
 }
 resource "aws_vpc" "us-east-1" {
    cidr_block = "10.1.0.0/16"
    provider   = aws.us-east-1
 }
 # Create subnets in us-west-1 VPC
 resource "aws_subnet" "us-west-1-subnet-1" {
    vpc_id            = aws_vpc.us-west-1.id
    cidr_block        = "10.0.1.0/24"
    availability_zone = "us-west-1c"
    provider = aws.us-west-1
 }
 resource "aws_subnet" "us-west-1-subnet-2" {
    vpc_id            = aws_vpc.us-west-1.id
    cidr_block        = "10.0.2.0/24"
    availability_zone = "us-west-1b"
    provider = aws.us-west-1
 }
 # Create subnets in us-east-1 VPC
 resource "aws_subnet" "us-east-1-subnet-1" {
    vpc_id            = aws_vpc.us-east-1.id
    cidr_block        = "10.1.1.0/24"
    availability_zone = "us-east-1c"
    provider = aws.us-east-1
 }
 resource "aws_subnet" "us-east-1-subnet-2" {
    vpc_id            = aws_vpc.us-east-1.id
    cidr_block        = "10.1.2.0/24"
    availability_zone = "us-east-1b"
    provider = aws.us-east-1
 }
 # Create VPC peering connection between us-west-1 and us-east-1 VPCs
 resource "aws_vpc_peering_connection" "peering_connection" {
    vpc_id        = aws_vpc.us-west-1.id
    peer_vpc_id   = aws_vpc.us-east-1.id
    peer_region   = "us-east-1"
    auto_accept   = false
    provider = aws.us-west-1
 }
 # Create VPC peering connection accepter in us-east-1 region
 resource "aws_vpc_peering_connection_accepter" "peering_accepter" {
  vpc_peering_connection_id = aws_vpc_peering_connection.peering_connection.id
  auto_accept = true
  provider = aws.us-east-1
 }
 # Create route tables for each VPC and associate them with the respective subnets
 resource "aws_route_table" "us-west-1-route-table" {
    vpc_id = aws_vpc.us-west-1.id
    provider = aws.us-west-1
 }
 resource "aws_route_table_association" "us-west-1-subnet-1-association" {
    subnet_id      = aws_subnet.us-west-1-subnet-1.id
    route_table_id = aws_route_table.us-west-1-route-table.id
    provider = aws.us-west-1
 }
 resource "aws_route_table_association" "us-west-1-subnet-2-association" {
    subnet_id      = aws_subnet.us-west-1-subnet-2.id
    route_table_id = aws_route_table.us-west-1-route-table.id
    provider = aws.us-west-1
 }
 resource "aws_route_table" "us-east-1-route-table" {
    vpc_id = aws_vpc.us-east-1.id
    provider = aws.us-east-1
 }
 resource "aws_route_table_association" "us-east-1-subnet-1-association" {
    subnet_id      = aws_subnet.us-east-1-subnet-1.id
    route_table_id = aws_route_table.us-east-1-route-table.id
    provider = aws.us-east-1
 }
 resource "aws_route_table_association" "us-east-1-subnet-2-association" {
    subnet_id      = aws_subnet.us-east-1-subnet-2.id
    route_table_id = aws_route_table.us-east-1-route-table.id
    provider = aws.us-east-1
 }
 # Create internet gateway for us-west-1 VPC
 resource "aws_internet_gateway" "us-west-1-igw" {
    vpc_id = aws_vpc.us-west-1.id
    provider = aws.us-west-1
    tags = {
        Name = "us-west-1-igw"
    }
 }
 # Create internet gateway for us-east-1 VPC
 resource "aws_internet_gateway" "us-east-1-igw" {
    vpc_id = aws_vpc.us-east-1.id
    provider = aws.us-east-1
    tags = {
        Name = "us-east-1-igw"
    }
 }
 # Attach internet gateway to the route table of each VPC
 resource "aws_route" "us-west-1-igw-route" {
    route_table_id         = aws_route_table.us-west-1-route-table.id
    destination_cidr_block = "0.0.0.0/0"
    gateway_id             = aws_internet_gateway.us-west-1-igw.id
    provider               = aws.us-west-1
 }
 resource "aws_route" "us-east-1-igw-route" {
    route_table_id         = aws_route_table.us-east-1-route-table.id
    destination_cidr_block = "0.0.0.0/0"
    gateway_id             = aws_internet_gateway.us-east-1-igw.id
    provider               = aws.us-east-1
 }
 # Create security groups for EC2 instances
 resource "aws_security_group" "us-west-1-instance-sg" {
    vpc_id    = aws_vpc.us-west-1.id
    provider  = aws.us-west-1
    tags = {
        Name = "instance-west-security-group"
    }
    # Allow inbound SSH, HTTP, and HTTPS traffic from any source
    ingress {
        from_port   = 22
        to_port     = 22
        protocol    = "tcp"
        cidr_blocks = ["0.0.0.0/0"]
    }
    ingress {
        from_port   = 80
        to_port     = 80
        protocol    = "tcp"
        cidr_blocks = ["0.0.0.0/0"]
    }
    ingress {
        from_port   = 443
        to_port     = 443
        protocol    = "tcp"
        cidr_blocks = ["0.0.0.0/0"]
    }
    # Allow outbound traffic to all private subnets in the VPC
    egress {
        from_port   = 0
        to_port     = 0
        protocol    = "-1"
        cidr_blocks = ["10.1.0.0/16", "0.0.0.0/0"]
    }
 }
 resource "aws_security_group" "us-east-1-instance-sg" {
    vpc_id    = aws_vpc.us-east-1.id
    provider  = aws.us-east-1
    tags = {
        Name = "instance-east-security-group"
    }
    # Allow inbound SSH, HTTP, and HTTPS traffic from any source
    ingress {
        from_port   = 22
        to_port     = 22
        protocol    = "tcp"
        cidr_blocks = ["0.0.0.0/0"]
    }
    ingress {
        from_port   = 80
        to_port     = 80
        protocol    = "tcp"
        cidr_blocks = ["0.0.0.0/0"]
    }
    ingress {
        from_port   = 443
        to_port     = 443
        protocol    = "tcp"
        cidr_blocks = ["0.0.0.0/0"]
    }
    # Allow outbound traffic to all private subnets in the VPC
    egress {
        from_port   = 0
        to_port     = 0
        protocol    = "-1"
        cidr_blocks = ["10.1.0.0/16", "0.0.0.0/0"]
    }
 }
 # Create EC2 instances in each subnet
 resource "aws_instance" "us-west-1-instance-1" {
    ami                    = "ami-0f3f6663da6750955"  # Ubuntu 20.04 AMI
    instance_type          = "t3.small"  # Add instance type
    subnet_id              = aws_subnet.us-west-1-subnet-1.id
    vpc_security_group_ids = [aws_security_group.us-west-1-instance-sg.id]
    associate_public_ip_address = true  # Set ephemeral public IP address
    user_data = base64encode(file("${path.module}/user-data.sh"))
    # Other necessary configurations for the instance
    provider = aws.us-west-1
    # ...
    tags = {
        Name = "us-west-1-instance-1"
        SecurityGroup = "instance-west-security-group"
    }
 }
 resource "aws_instance" "us-west-1-instance-2" {
    ami                    = "ami-0f3f6663da6750955"  # Ubuntu 20.04 AMI
    instance_type          = "t3.small"  # Add instance type
    subnet_id              = aws_subnet.us-west-1-subnet-2.id
    vpc_security_group_ids = [aws_security_group.us-west-1-instance-sg.id]
    associate_public_ip_address = true  # Set ephemeral public IP address
    user_data = base64encode(file("${path.module}/user-data.sh"))
    # Other necessary configurations for the instance
    provider = aws.us-west-1
    # ...
    tags = {
        Name = "us-west-1-instance-2"
        SecurityGroup = "instance-west-security-group"
    }
 }
 resource "aws_instance" "us-east-1-instance-1" {
    ami                    = "ami-04e369782a6d2125e"  # Ubuntu 20.04 AMI
    instance_type          = "t3.small"  # Add instance type
    subnet_id              = aws_subnet.us-east-1-subnet-1.id
    vpc_security_group_ids = [aws_security_group.us-east-1-instance-sg.id]
    associate_public_ip_address = true  # Set ephemeral public IP address
    user_data = base64encode(file("${path.module}/user-data.sh"))
    # Other necessary configurations for the instance
    provider = aws.us-east-1
    # ...
    tags = {
        Name = "us-east-1-instance-1"
        SecurityGroup = "instance-east-security-group"
    }
 }
 resource "aws_instance" "us-east-1-instance-2" {
    ami                    = "ami-04e369782a6d2125e"  # Ubuntu 20.04 AMI
    instance_type          = "t3.small"  # Add instance type
    subnet_id              = aws_subnet.us-east-1-subnet-2.id
    vpc_security_group_ids = [aws_security_group.us-east-1-instance-sg.id]
    associate_public_ip_address = true  # Set ephemeral public IP address
    user_data = base64encode(file("${path.module}/user-data.sh"))
    # Other necessary configurations for the instance
    provider = aws.us-east-1
    # ...
    tags = {
        Name = "us-east-1-instance-2"
        SecurityGroup = "instance-east-security-group"
    }
 }
 # ...
 output "us-west-1-instance-1-public-ip" {
    value = aws_instance.us-west-1-instance-1.public_ip
 }
 output "us-west-1-instance-2-public-ip" {
    value = aws_instance.us-west-1-instance-2.public_ip
 }
 output "us-east-1-instance-1-public-ip" {
    value = aws_instance.us-east-1-instance-1.public_ip
 }
 output "us-east-1-instance-2-public-ip" {
    value = aws_instance.us-east-1-instance-2.public_ip
 }
--- a/aws/aws_vpc_peering/terraform.tfstate.backup
+++ b/aws/aws_vpc_peering/terraform.tfstate.backup
--- a/aws/aws_vpc_peering/user-data.sh
+++ b/aws/aws_vpc_peering/user-data.sh
@@ -0,0 +1,31 @@
 #!/bin/bash
 # Install necessary packages
 sudo apt-get update
 sudo apt-get install -y git amazon-efs-utils vim-nox neofetch htop tmux curl wget nginx
 # Create new user with sudo privileges
 sudo useradd -m -s /bin/bash greg
 sudo usermod -aG sudo greg
 # Add authorized keys for your public key
 sudo mkdir -p /home/greg/.ssh
 sudo touch /home/greg/.ssh/authorized_keys
 sudo chmod 700 /home/greg/.ssh
 sudo chmod 600 /home/greg/.ssh/authorized_keys
 sudo chown -R greg:greg /home/greg/.ssh
 # Add your public key to authorized_keys
 sudo echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCdOF80z0piQEnYzNCu2OGvOJdm7+3wfDuiC+Jzi8VbSC5VW4iJAQXOuDNGLzyqNi6uMjI77xpEL6Xzn29uJiQti6Y/LxhOZwNNIQiGUpFco1wkBYeBFbtgHQxsMLwumrxQGEj2fyCiSrACAPyy/l1fP4mlN7abBGD5aozBrYKxXPS/kfwO5nsWmw27RgTzfHJzie2dUU3ew/kd7td3wEdWrRXq8wNbu+yvAyiog54huUUWmYZwY3QVwXr6R1wsVudawM6BEl45QFq+hdB4t83azHG94XLy2NCAncohdU7zP40nsbvIDyh+4wIKeU90z6TLrXfHUYuBT6/ky7qOFm/Ym1QG4zCDz3jin8Qoa31PGaObzj/zoMJXgOXKcp16W0j9SZAenvnSfuWUEfBR1yBRR0T5Wg5v1vi7KGBTATaz8el802uliL+yZbGtMbNpAPGR5nK5C4yorf8yVYvIgo/LJaWCDND2O1e2mdut1WyRmvIwMnq7PFZT8zAsgGXfhDM= greg@ligma" >> /home/greg/.ssh/authorized_keys
 # Set hostname
 INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id)
 AVAILABILITY_ZONE=$(curl -s http://169.254.169.254/latest/meta-data/placement/availability-zone)
 HOSTNAME="$INSTANCE_ID-$AVAILABILITY_ZONE"
 sudo hostnamectl set-hostname $HOSTNAME
 echo "hello world" >> /var/www/html/index.html
 systemctm restart nginx
 # Run cloud-init.sh script
 # sudo sh /path/to/cloud-init.sh