Terraform script to deploy a DynamoDB table, an S3 bucket, and an EC2 server

 

 

Write a Terraform code to deploy a DynamoDB table, an S3 bucket, and an EC2 server with the below configuration:

1. A VPC Configuration in any region with subnets in multiple Availability Zones.
2. At least one subnet having IGW configured and another without it for Databases.
3. EC2 (t2-micro – free tier) instance (called PSI_Cricket_<env_name>_1) running in a subnet having IGW configured
4. A DynamoDB table (called Cricket_Match_List_<env_name>) with 2 fields defined in the table (Match_ID (int) and Match_Location (string) – Match_ID can be a primary key).
5. Two user groups viz DE and DS with DE having Admin access and DS group having S3 read-only access
6. A S3 bucket with the name (PSI_Cricket_<env_name> )

 

 

Solution:

# Install aws client and terraform on the Windows machine.
# Create an AWS account and browse to IAM services and get access and secret keys to authenticate AWS (download keys file for configuration)
# In the command prompt of the Windows machine authenticate AWS
# Open terminal $ aws configure>>>give credentials from the downloaded file

 

#Then we need to move to the working directory which has the .tf file(located)
#terraform init     – this command initializes terraform
#terraform plan     – this command plans to do the tasks provided in the .tf file and displays what happens next and errors(if any)
#if there are no errors(syntax) then suggest applying terraform apply and give yes the required infra provided in .tf file will be created in your AWS account.
#Go to aws in the browser and check. The provided infra in the .tf file is created.

 

 


provider "aws" {
region = "ap-south-1" # Replace with your desired region
}

 

# Create a VPC
resource "aws_vpc" "my_vpc" {
cidr_block = "10.0.0.0/16" # Replace with your desired CIDR block
}

 

# Create subnets in multiple availability zones
resource "aws_subnet" "subnet_1" {
vpc_id = aws_vpc.my_vpc.id
cidr_block = "10.0.1.0/24" # Replace with your desired CIDR block
availability_zone = "ap-south-1a" # Replace with your desired AZ
map_public_ip_on_launch = true
}

 

resource "aws_subnet" "subnet_2" {
vpc_id = aws_vpc.my_vpc.id
cidr_block = "10.0.2.0/24" # Replace with your desired CIDR block
availability_zone = "ap-south-1b" # Replace with your desired AZ
}

 

# Create an Internet Gateway
resource "aws_internet_gateway" "my_igw" {
vpc_id = aws_vpc.my_vpc.id
}

 

# Attach the Internet Gateway to the subnet with IGW configured
resource "aws_route_table" "public_subnet_route_table" {
vpc_id = aws_vpc.my_vpc.id
}

 

resource "aws_route" "internet_gateway_route" {
route_table_id = aws_route_table.public_subnet_route_table.id
destination_cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.my_igw.id
}

 

# Create an EC2 instance in the subnet with IGW configured
resource "aws_instance" "psi_cricket_instance" {
ami = "ami-02bb7d8191b50f4bb" # Replace with your desired AMI ID
instance_type = "t2.micro"
subnet_id = aws_subnet.subnet_1.id

tags = {
Name = "PSI_Cricket_dev_1"
}
}
resource "aws_dynamodb_table" "cricket_match_table" {
name = "Cricket_Match_List_dev" # Adjust for your environment
billing_mode = "PAY_PER_REQUEST" # Or "PROVISIONED" if you prefer provisioned capacity
hash_key = "Match_ID"

attribute {
name = "Match_ID"
type = "N"
}

attribute {
name = "Match_Location"
type = "S"
}

 

# Define a Global Secondary Index (GSI) if needed
global_secondary_index {
name = "MatchLocationIndex" # Index name
hash_key = "Match_Location" # Indexed attribute
projection_type = "ALL" # Adjust projection type as needed
}
}

# Create IAM groups
resource "aws_iam_group" "de_group" {
name = "DE"
}

resource "aws_iam_group" "ds_group" {
name = "DS"
}

# Create IAM policies
resource "aws_iam_policy" "admin_policy" {
name = "AdminAccessPolicy"
description = "Full admin access"
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "*",
"Resource": "*"
}
]
}
EOF
}

resource "aws_iam_policy" "s3_readonly_policy" {
name = "S3ReadOnlyAccessPolicy"
description = "Read-only access to S3"
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:Get*",
"s3:List*"
],
"Resource": "*"
}
]
}
EOF
}

# Attach policies to groups
resource "aws_iam_group_policy_attachment" "de_admin_attachment" {
policy_arn = aws_iam_policy.admin_policy.arn
group = aws_iam_group.de_group.name
}

resource "aws_iam_group_policy_attachment" "ds_s3_readonly_attachment" {
policy_arn = aws_iam_policy.s3_readonly_policy.arn
group = aws_iam_group.ds_group.name
}

#s3 bucket creation
resource "aws_s3_bucket" "psi_cricket" {
bucket = "psi-cricket-${var.env_name}"
}

variable "env_name" {
description = "the env name (dev, test, prod)"
default = "dev"
}

Leave a Reply

Your email address will not be published. Required fields are marked *