Terraform Examples
AWS
Below are basic resources creation that can be created within Terraform and be deployed without needing to view the management console within AWS.
Creating and Populating S3 Bucket
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
}
}
}
provider "aws" {
alias = "user"
region = var.region
profile = var.profile
}
resource "aws_s3_bucket" "example" {
provider = aws.user
bucket = var.bucket_name
acl = var.acl_value
force_destroy = "false" # Will prevent destruction of bucket with contents inside
}
resource "aws_s3_bucket_object" "object2" {
for_each = fileset("myfiles/", "*")
bucket = aws_s3_bucket.example.bucket
key = "new_objects"
source = "myfiles/${each.value}"
etag = filemd5("myfiles/${each.value}")
}
Create a new file called "s3bucket.tf" and input the code above. Perform terraform init
to setup the environment and then terraform plan -out=s3.plan
to view the changes and save them. Finally, run terraform apply s3.plan
to apply those exact changes after approval.
Creating EC2 Instance
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
}
}
}
provider "aws" {
alias = "user"
region = var.region
profile = var.profile
}
resource "aws_security_group" "instance" {
name = "tf-test"
# Inbound HTTP from anywhere
ingress {
from_port = var.server_port
to_port = var.server_port
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
# Inbound SSH from management ip
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = [var.mgmt_ip]
}
# Outbound web for package downloading
egress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
# Outbound web for package downloading
egress {
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = var.server_port
to_port = var.server_port
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "aws_instance" "example" {
ami = var.ami_tamu_ubuntu
instance_type = var.instance_type
vpc_security_group_ids = [aws_security_group.instance.id]
tags = {
Name = "EC2EXAMPLE"
}
}
terraform init
to setup the environment and then terraform plan -out=s3.plan
to view the changes and save them. Finally, run terraform apply s3.plan
to apply those exact changes after approval.
Creating a DynamoDB Table
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
}
}
}
provider "aws" {
alias = "user"
region = var.region
profile = var.profile
}
resource "aws_dynamodb_table" "my_first_table" {
name = "${var.table_name}"
billing_mode = "${var.table_billing_mode}"
hash_key = "employee-id"
attribute {
name = "employee-id"
type = "S"
}
tags = {
environment = "${var.environment}"
}
}
terraform init
to setup the environment and then terraform plan -out=s3.plan
to view the changes and save them. Finally, run terraform apply s3.plan
to apply those exact changes after approval.
Azure
Create Storage Container
terraform {
required_version = ">=0.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~>2.0"
}
}
}
provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "example" {
name = "example-resources"
location = "US"
}
resource "azurerm_storage_account" "example" {
name = "example-storrage"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
account_tier = "Standard"
account_replication_type = "LRS"
tags = {
environment = "example"
}
}
resource "azurerm_storage_container" "example" {
name = "example-name"
storage_account_name = azurerm_storage_account.example.name
container_access_type = "private"
}
Create Azure Storage Table
terraform {
required_version = ">=0.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~>2.0"
}
}
}
provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "example" {
name = "example-resources"
location = "US"
}
resource "azurerm_storage_account" "example" {
name = "example-storrage"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
account_tier = "Standard"
account_replication_type = "LRS"
tags = {
environment = "example"
}
}
resource "azurerm_storage_table" "example" {
name = "mysampletable"
storage_account_name = azurerm_storage_account.example.name
}
Create VM
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~> 2.50"
}
}
}
provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "main" {
name = "terraform-test-${var.image}"
location = var.where
}
resource "azurerm_virtual_network" "main" {
name = "vnet-${var.image}"
address_space = ["10.0.0.0/16"]
location = azurerm_resource_group.main.location
resource_group_name = azurerm_resource_group.main.name
}
resource "azurerm_subnet" "subnet" {
name = "subnet-${var.image}"
address_prefixes = ["10.0.17.0/24"]
resource_group_name = azurerm_resource_group.main.name
virtual_network_name = azurerm_virtual_network.main.name
}
resource "azurerm_public_ip" "pubip" {
name = "pubip-${var.image}"
resource_group_name = azurerm_resource_group.main.name
location = azurerm_resource_group.main.location
allocation_method = "Dynamic"
}
# Create Network Security Group and rule
resource "azurerm_network_security_group" "nsg" {
name = "myNetworkSecurityGroup"
location = azurerm_resource_group.main.location
resource_group_name = azurerm_resource_group.main.name
}
resource "azurerm_network_security_rule" "ssh" {
name = "SSH"
priority = 1001
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "22"
source_address_prefix = var.mgmt_ip
destination_address_prefix = "*"
resource_group_name = azurerm_resource_group.main.name
network_security_group_name = azurerm_network_security_group.nsg.name
}
resource "azurerm_network_security_rule" "http" {
name = "HTTP"
priority = 1002
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = var.server_port
source_address_prefix = var.mgmt_ip
destination_address_prefix = "*"
resource_group_name = azurerm_resource_group.main.name
network_security_group_name = azurerm_network_security_group.nsg.name
}
resource "azurerm_network_interface" "main" {
name = "nic-${var.image}"
location = azurerm_resource_group.main.location
resource_group_name = azurerm_resource_group.main.name
ip_configuration {
name = "terraform-test-nwconfiguration1"
subnet_id = azurerm_subnet.subnet.id
private_ip_address_allocation = "Dynamic"
public_ip_address_id = azurerm_public_ip.pubip.id
}
}
resource "azurerm_network_interface_security_group_association" "example" {
network_interface_id = azurerm_network_interface.main.id
network_security_group_id = azurerm_network_security_group.nsg.id
}
resource "azurerm_linux_virtual_machine" "main" {
name = "vm-${var.image}"
location = azurerm_resource_group.main.location
resource_group_name = azurerm_resource_group.main.name
network_interface_ids = [azurerm_network_interface.main.id]
size = "Standard_B1s"
admin_username = "ubuntu"
admin_ssh_key {
username = "ubuntu"
public_key = tls_private_key.ghc_tf_test_ssh_keypair.public_key_openssh
}
source_image_id = var.cloud_image_id
os_disk {
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}
custom_data = base64encode(local.user_data)
}