backup_solution_terraform

100daysofdevops · 100daysofdevops · commit 17b68f78ee5c · 2019-03-27T21:10:40.000-07:00
diff --git a/backup_solution/ec2_instance_s3_role/main.tf b/backup_solution/ec2_instance_s3_role/main.tf
@@ -0,0 +1,70 @@
+resource "aws_instance" "my-test-instance" {
+  ami                     = "${var.test_ami}"
+  instance_type           = "${var.instance_type}"
+  iam_instance_profile    = "${aws_iam_instance_profile.my-test-profile.name}"
+  key_name                = "vpcflowlogs"
+  disable_api_termination = false
+
+  tags {
+    Name = "my-test-instance"
+  }
+}
+
+resource "aws_iam_role" "my-test-instance-role" {
+  name = "my-testnew-instance-role"
+
+  assume_role_policy = <<EOF
+{
+"Version": "2012-10-17",
+"Statement": [
+{
+"Action": "sts:AssumeRole",
+"Principal": {
+ "Service": "ec2.amazonaws.com"
+},
+"Effect": "Allow"
+}
+]
+}
+EOF
+
+  tags = {
+    tag-key = "my-test-instance-role"
+  }
+}
+
+resource "aws_iam_instance_profile" "my-test-profile" {
+  name = "my-testnew-profile"
+  role = "${aws_iam_role.my-test-instance-role.name}"
+}
+
+resource "aws_iam_role_policy" "my-test-policy" {
+  name = "my-testnew-policy"
+  role = "${aws_iam_role.my-test-instance-role.id}"
+
+  policy = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "s3:PutAccountPublicAccessBlock",
+                "s3:GetAccountPublicAccessBlock",
+                "s3:ListAllMyBuckets",
+                "cloudwatch:*",
+                "s3:HeadBucket"
+            ],
+            "Resource": "*"
+        },
+        {
+            "Sid": "VisualEditor1",
+            "Effect": "Allow",
+            "Action": "s3:*",
+            "Resource": "*"
+        }
+    ]
+}
+EOF
+}
diff --git a/backup_solution/ec2_instance_s3_role/variables.tf b/backup_solution/ec2_instance_s3_role/variables.tf
@@ -0,0 +1,2 @@
+variable "test_ami" {}
+variable "instance_type" {}
diff --git a/backup_solution/main.tf b/backup_solution/main.tf
@@ -0,0 +1,19 @@
+provider "aws" {
+  region = "us-west-2"
+}
+
+module "ec2_instance" {
+  source        = "./ec2_instance_s3_role"
+  test_ami      = "ami-01ed306a12b7d1c96"
+  instance_type = "t2.micro"
+}
+
+module "vpc_endpoint" {
+  source      = "./vpc_endpoint"
+  vpc_id      = "vpc-03e162e6b83d51d68"
+  route_table = "rtb-0af53c788e56135ea"
+}
+
+module "s3_bucket_policy" {
+  source = "./s3_bucket_policy"
+}
diff --git a/backup_solution/s3_bucket_policy/main.tf b/backup_solution/s3_bucket_policy/main.tf
@@ -0,0 +1,18 @@
+resource "aws_s3_bucket" "bucket" {
+  bucket = "terraform-20190327040316452900000001"
+  acl    = "private"
+
+  lifecycle_rule {
+    enabled = true
+
+    transition {
+      days          = 30
+      storage_class = "STANDARD_IA"
+    }
+
+    transition {
+      days          = 60
+      storage_class = "GLACIER"
+    }
+  }
+}
diff --git a/backup_solution/vpc_endpoint/main.tf b/backup_solution/vpc_endpoint/main.tf
@@ -0,0 +1,17 @@
+resource "aws_vpc_endpoint" "s3" {
+  vpc_id       = "${var.vpc_id}"
+  service_name = "com.amazonaws.us-west-2.s3"
+
+  policy = <<POLICY
+{
+    "Statement": [
+        {
+            "Action": "*",
+            "Effect": "Allow",
+            "Resource": "*",
+            "Principal": "*"
+        }
+    ]
+}
+POLICY
+}
diff --git a/backup_solution/vpc_endpoint/variables.tf b/backup_solution/vpc_endpoint/variables.tf
@@ -0,0 +1,2 @@
+variable "vpc_id" {}
+variable "route_table" {}

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+variable "test_ami" {}`
	`2`	`+variable "instance_type" {}`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+variable "vpc_id" {}`
	`2`	`+variable "route_table" {}`