Listings HashiCorp Terraform

Listing 1: Referenzierung von Attributen anderer Ressourcen (Crossreferenzierung)
resource "aws_subnet" "public" {
  vpc_id                  = "${aws_vpc.main.id}"
  cidr_block           = "${var.private_cidr}"
  map_public_ip_on_launch = true
}

resource "aws_security_group" "security_group" {
  vpc_id      = "${aws_vpc.main.id}"

  ingress {
    from_port   = 22
    to_port        = 22
    protocol      = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
}


Listing 2: Data Sources abfragen und einbinden
data "aws_ami" "amazon-linux-2" {
  most_recent = true

  filter {
    name   = "owner-alias"
    values = ["amazon"]
  }

  filter {
    name   = "name"
    values = ["amzn2-ami-hvm*"]
  }
}

resource "aws_instance" "ec2" {
  ami                                    = "${data.aws_ami.amazon-linux-2.id}"
  instance_type                 = "t2.micro"
  subnet_id                         = "${aws_subnet.public.id}"
  vpc_security_group_ids = ["${aws_security_group.security_group.id}"]
}


Listing 3: Gruppierung der Terraform-Elemente in Dateien
# vars.tf
variable "vpc_id" {}
variable "cidr_block" {}
variable "public" {}

# outputs.tf
output "id" {
  value = "${aws_subnet.vpc_subnet.id}"
}

# main.tf
resource "aws_subnet" "public" {
  vpc_id                                    = "${var.vpc_id}"
  cidr_block                              = "${var.cidr_block}"
  map_public_ip_on_launch = "${var.public}"
}


Listing 4: Verschiedene Variablen anlegen
variable "region" {
  default = "eu-central-1"
}

variable "vpc_cidr_block" {
  default = "10.0.0.0/16"
}

variable "project" {
    default = "Terraform_Beispiel"
}

variable "shared_credentials_file" {
  default = "~/.aws/credentials"
}


Listing 5: Availability Zones und AMI-ID ermitteln
provider "aws" {
  shared_credentials_file = "${var.shared_credentials_file}"
  region                                = "${var.region}"
}

data "aws_availability_zones" "available" {}

data "aws_ami" "amazon-linux-2" {
  most_recent = true

  filter {
    name   = "owner-alias"
    values  = ["amazon"]
  }

  filter {
    name   = "name"
    values  = ["amzn2-ami-hvm*"]
  }
}


Listing 6: Grundgerst mit VPC, Gateways und Subnetzen
resource "aws_vpc" "main" {
  cidr_block = "${var.vpc_cidr_block}"
}

resource "aws_internet_gateway" "igw" {
  vpc_id = "${aws_vpc.main.id}"
}

resource "aws_subnet" "public" {
  vpc_id                    = "${aws_vpc.main.id}"
  cidr_block              = "10.0.1.0/28"
  availability_zone  = "${data.aws_availability_zones.available.names[1]}"
  map_public_ip_on_launch = true
}

resource "aws_subnet" "private" {
  vpc_id                     = "${aws_vpc.main.id}"
  cidr_block              = "10.0.2.0/24"
  availability_zone  = "${data.aws_availability_zones.available.names[1]}"
  map_public_ip_on_launch = false
}

resource "aws_eip" "eip" {
  vpc = true
}

resource "aws_nat_gateway" "nat_gw" {
  allocation_id   = "${aws_eip.eip.id}"
  subnet_id        = "${aws_subnet.public.id}"
  depends_on    = ["aws_internet_gateway.igw"]
}


Listing 7: Routing-Tabellen mit Subnetzen verknpfen
resource "aws_route_table" "public_rt" {
  vpc_id = "${aws_vpc.main.id}"

  route {
    cidr_block   = "0.0.0.0/0"
    gateway_id = "${aws_internet_gateway.igw.id}"
  }
}

resource "aws_route_table" "private_rt" {
  vpc_id = "${aws_vpc.main.id}"

  route {
    cidr_block   = "0.0.0.0/0"
    gateway_id = "${aws_nat_gateway.nat_gw.id}"
  }
}

resource "aws_route_table_association" "public_rta" {
  subnet_id          = "${aws_subnet.public.id}"
  route_table_id = "${aws_route_table.public_rt.id}"
}

resource "aws_route_table_association" "private_rta" {
  subnet_id          = "${aws_subnet.private.id}"
  route_table_id = "${aws_route_table.private_rt.id}"
}


Listing 8: Die Security Group kontrolliert die Verbindungen auf den Ports
resource "aws_security_group" "instance_sg_head_node" {
  vpc_id = "${aws_vpc.main.id}"

  ingress {
    from_port   = 22
    to_port        = 22
    protocol       = "tcp"
    cidr_blocks  = ["0.0.0.0/0"]
  }

  egress {
    from_port   = 0
    to_port        = 0
    protocol       = -1
    cidr_blocks  = ["0.0.0.0/0"]
  }
}

resource "aws_security_group" "instance_sg_compute_node" {
  vpc_id = "${aws_vpc.main.id}"

  ingress {
    from_port     = 22
    to_port         = 22
    protocol        = "tcp"
    security_groups = ["${aws_security_group.instance_sg_head_node.id}"]
  }

  ingress {
    from_port = 22
    to_port      = 22
    protocol     = "tcp"
    self             = true
  }

  egress {
    from_port   = 0
    to_port        = 0
    protocol       = -1
    cidr_blocks  = ["0.0.0.0/0"]
  }

}


Listing 9: Head Node als einzelne Instanz erstellen
resource "aws_key_pair" "cluster_ssh_key" {
  key_name   = "cluster_ssh_key"
  public_key = "${file("~/.ssh/id_rsa.pub")}"
}

resource "aws_instance" "head_node" {
  ami                                    = "${data.aws_ami.amazon-linux-2.id}"
  instance_type                  = "t2.micro"
  subnet_id                          = "${aws_subnet.public.id}"
  vpc_security_group_ids = ["${aws_security_group.instance_sg_head_node.id}"]
  key_name                         = "${aws_key_pair.cluster_ssh_key.key_name}"
  user_data                          = "${file("install_head_node.sh")}"
}


Listing 10: Die Launch Configuration legt die Parameter fest
resource "aws_launch_configuration" "launch_configuration" {
  name                                          = "${var.project}-launch-configuration"
  image_id                                    = "${var.ami}"
  instance_type                           = "t2.micro"
  associate_public_ip_address = false
  security_groups                        = ["${aws_security_group.instance_sg.id}"]
  user_data                                   = "${file("install_compute_node.sh")}"

  lifecycle {
    create_before_destroy = true
  }
}

resource "aws_autoscaling_group" "autoscaling_group" {
  name_prefix                          = "asg"
  max_size                                 = "${terraform.workspace == "dev" ? 2 : 10}"
  min_size                                  = 1
  health_check_grace_period = 300
  health_check_type                 = "EC2"
  desired_capacity                    = "${terraform.workspace == "dev" ? 2 : 10}"
  force_delete                           = true
  launch_configuration            = "${aws_launch_configuration.launch_configuration.id}"
  vpc_zone_identifier              = ["${aws_subnet.private.id}"]
