Terraform

Intro, Installation, Creating instance by providing VPC, Subnet, NIC  
syntax, argument, attributes, Multiple .tf files to create instance.  
provider, resource, instance with VPC, subnet, NIC, SG, keypair, EIP.  
variables: String, List, Map, project1:  
count parameter, loop, data sources AMI, EBS Volume,  
Output Value,  project2:  
  creating an instance. Filter Example, Execution,  
Condition Statement, IAM: user create example1, Example3  
Local value IAM: Policies example2  
shared storage of state file,    
provisioner,    
Terraform Refresh, Terraform Taint, graph, Module,    

 

Sanjay  
Terraform Introduction.  
API, Installation, create an instance.  
Create VPC, Subnet, NIC, Instance.  
Create SG, Keypair, EIP, Instance.  
AMI,  
EBS Volume,  
project1:  
Variable part1,    
Variable part2,  
Count Parameter,  
Conditions,  
Local Value,  
Output Value,  
state Management: shared storage of state file part1  
state Management: shared storage of state file Lab 1,  
state Management: shared storage of state file Lab 2,  
Provisioner part1: File  
Provisioner Part2: Remote  
Provisioner Part3: Local  

  

 

 Multiple .tf files to create infrastrcture.

Project1: creation of VPC, Subnets, IGW, SG, RT, Instance, Key pair, EIP.

variable "accesskey" {
type = string
default = "AKIAX2XVEK27GJNREDX4"
}
variable "secretkey" {
type = string
default = "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"
}
variable "region" {
type = string
default = "eu-west-2"
}
provider "aws" {
access_key = var.accesskey
secret_key = var.secretkey
region = var.region
}

resource "aws_vpc" "star_vpc" {
cidr_block = "10.0.0.0/16"
instance_tenancy = "default"

tags = {
Name = "star_vpc"
}
}
resource "aws_subnet" "public_subnet" {
cidr_block = "10.0.1.0/24"
vpc_id = aws_vpc.star_vpc.id

tags = {
Name = "public_subnet"
}
}
resource "aws_subnet" "private_subnet" {
cidr_block = "10.0.2.0/24"
vpc_id = aws_vpc.star_vpc.id

tags = {
Name = "private_subnet"
}
}
resource "aws_security_group" "star_sg" {
name = "star_sg"
description = "Star Security group"
vpc_id = aws_vpc.star_vpc.id

ingress {
description = "Inbound rule"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}

tags = {
Name = "star_sg"
}
}
resource "aws_internet_gateway" "star_igw" {
vpc_id = aws_vpc.star_vpc.id

tags = {
Name = "star_igw"
}
}

resource "aws_route_table" "star_rt" {
vpc_id = aws_vpc.star_vpc.id

route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.star_igw.id
}
tags = {
Name = "star_rt"
}
}
resource "aws_route_table_association" "rt_association" {
subnet_id = aws_subnet.public_subnet.id
route_table_id = aws_route_table.star_rt.id
}
resource "aws_route_table" "star_rt_nat" {
vpc_id = aws_vpc.star_vpc.id

route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_nat_gateway.star_nat.id
}
tags = {
Name = "star_rt_nat"
}
}
resource "aws_route_table_association" "rt_nat_association" {
subnet_id = aws_subnet.private_subnet.id
route_table_id = aws_route_table.star_rt_nat.id
}

resource "aws_key_pair" "tf1" {
key_name = "tf1"
public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxUo3b6A/KXzrt/Wy/Ngu5RHRYKHneK1uOg4OcozuBIUGiVpnyO0U/0DQ5cShemEHRuK+Y3mSxrWGwHxE9Zq8RMCuCa/vny1we+yE/FlkIeXKDaA7Jz
RlFN0cW12NoZ2dqTVWAlR/6U5LgN/UfDqJXP4QnXZPLeE6KZTzgdYcZMRZsvB4ZJRVOG+uWKPRKBsld4YR5RyLFHNiuQU8w4B3UDGu5pjKH86QOVbTXJsGc9VF4xNkePu2zBtPAc2JLWIdRJEGszGv8mmmKz62IB+pBS5uIfLnmgw
ZLMSGeF9P//WZEdANdFPXJrQfIGDiJI6HYKL0yFPMskjOjR1DSln ec2-user@ip-172-31-22-179.eu-west-2.compute.internal"
}
resource "aws_instance" "starweb" {
ami = "ami-0dbec48abfe298cab"
instance_type ="t2.micro"
subnet_id = aws_subnet.public_subnet.id
vpc_security_group_ids = [aws_security_group.star_sg.id]
key_name = "tf1"

tags = {
Name = "starweb"
}
}
resource "aws_instance" "stardb" {
ami = "ami-0dbec48abfe298cab"
instance_type ="t2.micro"
subnet_id = aws_subnet.private_subnet.id
vpc_security_group_ids = [aws_security_group.star_sg.id]
key_name = "tf1"

tags = {
Name = "stardb"
}
}

resource "aws_eip" "star_eip" {
instance = aws_instance.starweb.id
vpc = true
}
resource "aws_eip" "star_nateip" {
vpc = true
}
resource "aws_nat_gateway" "star_nat" {
allocation_id = aws_eip.star_nateip.id
subnet_id = aws_subnet.public_subnet.id

tags = {
Name = "star_nat"
}
}
}
resource "aws_route_table_association" "rt_nat_association" {
subnet_id = aws_subnet.private_subnet.id
route_table_id = aws_route_table.star_rt_nat.id
}

 

 

 


 

Loop: Create 3 subnets in different availability zones using terraform loop, count, element and length:

variable "vpccidr" {
  type = string
  default = "10.0.0.0/16"
}

variable "publicsubnet" {
  type = string
  default = "10.0.1.0/24"
}
variable "privatesubnet"{
 type = list
 default = ["10.0.2.0/24","10.0.3.0/2","10.0.4.0/24"]
}
resource "aws_vpc" "star_vpc" {
  cidr_block = var.vpccidr
  instance_tenancy = "default"

  tags = {
  Name = "star_vpc"
  }
}

resource "aws_subnet" "publicsubnet" {
  vpc_id = aws_vpc.star_vpc.id
 

  tags = {
  Name = "public_subnet"
  }
}

resource "aws_subnet" "privatesubnet" {
  vpc_id = aws_vpc.star_vpc.id
  cidr_block = element(var.privatesubnet,count.index)
  count = 3
 
#to define tag name to every subnet
  tags = {
  Name = "private_subnet-count.index+1"
 }
}

Defining Availability Zones for multiple subnets: 3 subnets and 3 availability zone:

  1. defining subnets CIDR dynamically
  2. defining availability zone to subnets
  3. variable "vpccidr" {
      type = string
      default = "10.0.0.0/16"
    }

    variable "publicsubnet" {
      type = string
      default = "10.0.1.0/24"
    }
    variable "privatesubnet"{
     type = list
     default = ["10.0.2.0/24","10.0.3.0/2","10.0.4.0/24"]
    }
    variable "az" {
     type = list
     default = ["eu-west2a", "eu-west-2b","eu-west-2c"]
    resource "aws_vpc" "star_vpc" {
      cidr_block = var.vpccidr
      instance_tenancy = "default"

      tags = {
      Name = "star_vpc"
      }
    }

    resource "aws_subnet" "publicsubnet" {
      vpc_id = aws_vpc.star_vpc.id
     

      tags = {
      Name = "public_subnet"
      }
    }

    resource "aws_subnet" "privatesubnet" {
      count = length(var.az)
      vpc_id = aws_vpc.star_vpc.id
      cidr_block = element(var.privatesubnet,count.index)

     
    #to define tag name to every subnet
      tags = {
      Name = "private_subnet-${count.index+1}"
     }
    }
  4. when creating multiple subnets need to define multiple cidr block for subnet and call function to it can use one element at a time .  define element in function (list, index) which picks one value at a time.
  5. It creates 3 subnets, In the first iteration count is 0 which picks az = eu-west-2a and second iteration count is 1 and will eu-west-2b and go on
  6. subnet tag name should be different, used count.index.+1, it start with 0.
  7. Availability zone is still hardcoded, use data source to get availability zone from aws.

Data Sources: Based on region the availability zone should be picked using source data. 

 

variable "vpccidr" {
  type = string
  default = "10.0.0.0/16"
}

variable "publicsubnet" {
  type = string
  default = "10.0.1.0/24"
}
variable "privatesubnet"{
 type = string
 default = ["10.0.2.0/24","10.0.3.0/2","10.0.4.0/24"]
}
 
#variable "az" {
# type = list
# default = ["eu-west-2a","eu-west-2b","eu-west-2c"]
#}
 
#Declare the data source
data "aws_availability_zones" "az" {
}
 
resource "aws_vpc" "star_vpc" {
  cidr_block = var.vpccidr
  instance_tenancy = "default"

  tags = {
  Name = "star_vpc"
  }
}

resource "aws_subnet" "publicsubnet" {
  vpc_id = aws_vpc.star_vpc.id
 

  tags = {
  Name = "public_subnet"
  }
}

resource "aws_subnet" "privatesubnet" {
  vpc_id = aws_vpc.star_vpc.id
  cidr_block = element(var.privatesubnet,count.index)
  availability_zone = element(data.aws_availability_zones.az.names,count.index)
  count = length(data.aws_availability_zones.az.names)
  tags = {
  Name = "private_subnet-count.index+1"
 }
}

Defining Load Balancer: click for AWS_LoadBalancer,

Elastic Load Balancer in AWS supports the following load balancers:

  1. Classic LB (ELB):
  2. Application LB:
  3. Network LB:
  4. Gateway LB:

Application LB: Link for tutorial,

Lab Setup: variable, provider, VPC, IGW, Securitygroup, instances, install_httpd.sh, alb

ALB key words:

ELB: Elastic Load Balancer: link for turorial,

Lab setup: created the following files: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb

Files: provider, variable, instances, vpc, igw, securitygroup, httpd_insall.sh, classicELB

Things to define in ELB (classic Load Balancer, VPC ELB)

 

Output Value: When infra is created and you want to see values assigned by provider, example: resource IDs, Public IP, Private IP etc.. 

                        https://www.terraform.io/docs/language/values/outputs.html

Syntax of output: During resource creation the required output value will be displayed.

#Syntax:
output "logical name" {
value = "resource_type.resoruce_name.public_ip"
}

#Add the below code in the source file.
output "publicIP"
value = "aws_instance.webserver.public_IP"
}

#If you have multiple servers or resources.

output "publicIP"
value = "aws_instance.webserver.*.public_IP"
}

Once the resource is created and want to display the output value:

Get console: run command at the terraform folder prompt # terraform console

> aws_instance.webserver.*.public_ip

You can display any attribute (attribute is output value generated by resouce provider)

> aws_instance.webserver.id

 

 

 

Variable defined in a file: To set lots of variables, it is more convenient to specify their values in a variable definitions file (with a filename ending in either .tfvars or .tfvars.json) and then specify that file on the command line with -var-file:

variable.tfvars

 

 


 Terraform Refresh:

Terraform Taint:

Graph:

Output:

AMI:

Method1`: Create AMI with snapshot of an instance. (To create an snapshot> got to volume and create snapshot) 

Volume => snapshot => AMI

Instance => AMI

provider "aws" {
access_key = "AKIAX2XVEK27GJNREDX4"
secret_key = "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"
region = "eu-west-2"
}
resource = "aws_ami" "terraform_ami" {
name = "terraform_ami"
virtualization_type = "hvm"
root_device_name = "/dev/xvda"

ebs_block_device {
device_name = "/dev/xvda"
snapshot_id = "snap-0326a948b1c91c5a2"
volume_size = 8
}
}

Copy AMI to different Region: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ami_copy

provider "aws" {
access_key = "AKIAX2XVEK27GJNREDX4"
secret_key = "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"
region = "us-east-1"
}
resource "aws_ami_copy" "terraform_london_ami-copy" {
name = "terraform_london_ami-copy"
description = "A copy of ami terraform eu-west-2"
source_ami_id = "ami-0371f85fc88e9007c"
source_ami_region = "eu-west-2"

tags = {
Name = "ami_terraform-eu-west-2_copy"
}
}

Method2: Create AMI from Instance: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ami_from_instance

provider "aws" {
access_key = "AKIAX2XVEK27GJNREDX4"
secret_key = "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"
region = "eu-west-2"
}
resource "aws_ami_from_instance" "terraform_ami2" {
name = "terraform_ami2"
source_instance_id = "i-0b31e653a4e810c4a"
}

AMI Launch Permission: Give AMI access to other account ID: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ami_launch_permission

provider "aws" {
access_key = "AKIAX2XVEK27GJNREDX4"
secret_key = "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"
region = "eu-west-2"
}
resource "aws_ami_launch_permission" "terraform_eu-west-2" {
image_id = "ami-0371f85fc88e9007c"
account_id = "723581589149"
}

 

EBS Volume:

  1. Create EBS Volume (disk)
  2. Increase size of EBS volume
  3. Snapshot of EBS volume
  4. copy snapshot taken from EBS volume to other region.

1. Create EBS Volume: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ebs_volume

provider "aws" {
access_key = "AKIAX2XVEK27GJNREDX4"
secret_key = "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"
region = "eu-west-2"
}
resource "aws_ebs_volume" "terraform-server_volume" {
availability_zone = "eu-west-2a"
size = 8

tags = {
Name = "terraform-server-volume"
}
}

2. Increase size of volume to 20 GB.

provider "aws" {
access_key = "AKIAX2XVEK27GJNREDX4"
secret_key = "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"
region = "eu-west-2"
}
resource "aws_ebs_volume" "terraform-server_volume" {
availability_zone = "eu-west-2a"
size = 20

tags = {
Name = "terraform-server-volume"
}
}

3. Create snapshot from volume: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ebs_snapshot

provider "aws" {
access_key = "AKIAX2XVEK27GJNREDX4"
secret_key = "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"
region = "eu-west-2"
}

resource "aws_ebs_volume" "terraform-server_volume" {
availability_zone = "eu-west-2a"
size = 20

tags = {
Name = "terraform-server-volume"
}
}
resource "aws_ebs_snapshot" "terraform-server_snapshot" {
volume_id = aws_ebs_volume.terraform-server_volume.id

tags = {
Name = "terraform-server_snapshot"
}
}

4. Copy snapshot to different region: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ebs_snapshot_copy

provider "aws" {
access_key = "AKIAX2XVEK27GJNREDX4"
secret_key = "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"
region = "us-east-1"
}


resource "aws_ebs_snapshot_copy" "terraform-server_snapshot_copy" {
source_snapshot_id = "snap-01934ae510a9f2008"
source_region = "eu-west-2"

tags = {
Name = "terraform-server_snapshot_copy"
}
}

Condition Statement:

provider "aws" {
access_key = "AKIAX2XVEK27GJNREDX4"
secret_key = "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"
region = "eu-west-2"
}

variable "instance_type" {
type = map
default = {
"dev" = "t2.micro",
"test" = "t2.micro",
"prod" = "t2.micro"
}
}

variable input {}

resource "aws_instance" "dev" {
instance_type = var.instance_type["dev"]
ami = "ami-0dbec48abfe298cab"
count = var.input == "dev" ? 1 : 0
}

provider "aws" {
access_key = "AKIAX2XVEK27GJNREDX4"
secret_key = "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"
region = "eu-west-2"
}

variable "instance_type" {
type = map
default = {
"dev" = "t2.micro",
"test" = "t2.micro",
"prod" = "t2.micro"
}
}

variable input {}

resource "aws_instance" "dev" {
instance_type = var.instance_type["dev"]
ami = "ami-0dbec48abfe298cab"
count = var.input == "dev" ? 1 : 0

tags = {
Name = "dev"
}
}

resource "aws_instance" "test" {
instance_type = var.instance_type["test"]
ami = "ami-0dbec48abfe298cab"
count = var.input == "test" ? 1 : 0

tags = {
Name = "test"
}
}
resource "aws_instance" "prod" {
instance_type = var.instance_type["prod"]
ami = "ami-0dbec48abfe298cab"
count = var.input == "prod" ? 1 : 0

tags = {
Name = "prod"
}
}

 Local Value: used for tag names for all resources.

locals

 

provider "aws" {
access_key = "AKIAX2XVEK27GJNREDX4"
secret_key = "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"
region = "eu-west-2"
}

locals {
common_tag = {
Name = "accounts-dept"
owner = "abdul"
}
}
resource "aws_vpc" "star_vpc" {
cidr_block = "10.0.0.0/16"
instance_tenancy = "default"

tags = local.common_tag

}
resource "aws_instance" "starweb" {
ami = "ami-0dbec48abfe298cab"
instance_type ="t2.micro"

tags = local.common_tag
}

resource "aws_ebs_volume" "ebs_volume" {
availability_zone = "eu-west-2a"
size = 10

tags = local.common_tag
}

with tags

provider "aws" {
access_key = "AKIAX2XVEK27GJNREDX4"
secret_key = "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"
region = "eu-west-2"
}

resource "aws_vpc" "star_vpc" {
cidr_block = "10.0.0.0/16"
instance_tenancy = "default"

tags = {
Name = "star_vpc"
}
}
resource "aws_instance" "starweb" {
ami = "ami-0dbec48abfe298cab"
instance_type ="t2.micro"

tags = {
Name = "starweb"
}
}
resource "aws_ebs_volume" "ebs_volume" {
availability_zone = "eu-west-2"
size = 10

tags = {
Name = "ebs_volume"
}
}

For multiple departments or branches: if you need to change the name then change it in variable which will reflect in all resources.

provider "aws" {
access_key = "AKIAX2XVEK27GJNREDX4"
secret_key = "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"
region = "eu-west-2"
}

locals {
common_tag = {
Name = "accounts-dept"
owner = "abdul"
}
}
locals {
hr_tag = {
Name = "hr-dept"
owner = "abdul"
}
}

resource "aws_vpc" "star_vpc" {
cidr_block = "10.0.0.0/16"
instance_tenancy = "default"

tags = local.common_tag

}
resource "aws_instance" "starweb" {
ami = "ami-0dbec48abfe298cab"
instance_type ="t2.micro"

tags = local.common_tag
}

resource "aws_ebs_volume" "ebs_volume" {
availability_zone = "eu-west-2a"
size = 10

tags = local.common_tag
}


resource "aws_vpc" "star_vpc1" {
cidr_block = "10.0.0.0/16"
instance_tenancy = "default"

tags = local.hr_tag

}
resource "aws_instance" "starweb1" {
ami = "ami-0dbec48abfe298cab"
instance_type ="t2.micro"

tags = local.hr_tag
}

resource "aws_ebs_volume" "ebs_volume1" {
availability_zone = "eu-west-2a"
size = 10

tags = local.hr_tag
}

Terraform State Managementshared storage of sate file locally, shared storage of state file remotely, staging and production environment.

Shared storage of terraform.tfstate file Locally:

shared state file locally

 

 

 Shared storage of state file remotely:

 

code:

provider "aws" {
access_key = "AKIAX2XVEK27GJNREDX4"
provider "aws" {
access_key = "AKIAX2XVEK27GJNREDX4"
secret_key = "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"
region = "us-east-2"
}
terraform {
  backend "s3" {
   bucket = "starsharedstatefile"
   key = "starsharedstatefile/project"
   region = "eu-west-2"
   access_key = "AX2XVEK27GJNREDX4"
   secret_key = "xQ39qJKLyo3/jhJJfxsGQ4er7iLEvWoVXDaAAU9/"
}
}
resource "aws_instance" "webserver" {
ami = "ami-0dbec48abfe298cab"
instance_type = "t2.micro"

tags = {
Name = "webserver"
}
}
resource "aws_instance" "db" {
ami = "ami-0dbec48abfe298cab"
instance_type = "t2.micro"

tags = {
Name = "db"
}
}

 

Staging and Production Environment:

Manual Method 1 and Method 2:

staging and production environment

 Method 3 = Terraform workspace:

 Provisioner:

Project2provision of instance and Apache configuration in AWS through terraform using file:

provider "aws" {
access_key = "AKIAX2XVEK27GJNREDX4"
secret_key = "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"
region = "eu-west-2"
}

resource "aws_key_pair" "tf1" {
key_name = "tf1"
public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxUo3b6A/KXzrt/Wy/Ngu5RHRYKHneK1uOg4OcozuBIUGiVpnyO0UW/0DQ5cShemEHRuK+Y3mSxrWGwHxE9Zq8RMCuCau/vny1we+yE/FlkIeXKDaA7Jz
RlFN0cW12NoZ2dqTVWAlR/6U5LgN/UfDqJXP4QnXZPLeE6KZTzgdYcZMRZsvB4ZJRVOG+uWKPRKBsld4YR5RyLFHNiuQU8w4B3UDGu5pjKH86QOVbTXJsGc9VF4xNkePu2zBtPAc2JLWIdRJEGszGv8mmmKz62IB+pBS5uIfLnmgw
ZLMSGeF9P//WZEdANdFPXJrQfIGDiJI6HYKL0yFPMskjOjR1DSln ec2-user@ip-172-31-22-179.eu-west-2.compute.internal"
}


resource "aws_instance" "star_webserver" {
ami = "ami-0dbec48abfe298cab"
instance_type = "t2.micro"
key_name = "tf1"

tags = {
Name = "star_webserver"
}
provisioner "file" {
source = "/home/ec2-user/provisioner/index.html"
destination = "/tmp/index.html"
}
provisioner "remote-exec" {
inline = [
"sudo yum install httpd -y",
"sudo systemctl start httpd",
"sudo systemctl enable httpd",
"sudo cp /tmp/index.html /var/www/html",
"sudo systemctl restart httpd"
]
}
connection {
host = self.public_ip
user = "ec2-user"
type = "ssh"
private_key = file("./tf1")
}
}
resource "aws_instance" "star_db" {
ami = "ami-0dbec48abfe298cab"
instance_type = "t2.micro"
key_name = "tf1"

tags = {
Name = "star_db"
}
}

 

 IAM: user creation

Example1: Creating IAM user only and user ARN output..

Files: variable, provider, users, output

variable "accesskey" {
type = string
default = "AKIAX2XVEK27GJNREDX4"
}

variable "secretkey" {
type = string
default = "xQ39qJKLyo3/jhJJfxsGQ4er7iLEvWoVXDaAAU9/"
}

variable "region" {
type = string
default ="eu-west-2"
}

variable "username" {
type = list
default =["abdul","aziz"]
}

provider "aws" {
access_key = var.accesskey
secret_key = var.secretkey
region = var.region
}

#1. syntax to create a user
 resource "aws_iam_user" "newuser" {
 name = "abdul"

 tags = {
  Name = "abdul"
  }
}

#2. syntax to create multiple users using count index

resource "aws_iam_user" "newuser" {
name = "user${count.index}"
count = 3

 tags = {
  Name = "user${count.index}"
  }
}


#3. syntax to create multiple users using variable list and call in the below.

resource "aws_iam_user" "newuser" {
  count = length(var.username)
  name = element(var.username,count.index)

 tags = {
  Name = var.username[count.index]
  }

}

 

output "user_arn" {
  value = aws_iam_user.newuser.*.arn
}

 Example2: Creating IAM policy only with ec2 describe permissio:

 Files: policy1

resource "aws_iam_policy" "policy1" {
name = "ec2-describe"

 policy = <<EOF
 {
  "Version": "2012-10-17",
"Statement": [
{
"Action": [
"ec2:Describe*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
EOF
}

Example3:  Lets attach the above policy1(ec2-describe) policy to both users created in example1.

Files: variable, provider, users, output, policy1, policy_attach

resource "aws_iam_policy_attachment" "policy1-attachment" {
name = "policy1-attachment"
users = aws_iam_user.newuser.*.name
policy_arn = aws_iam_policy.policy1.arn
}

Login with the above created users, users can describe or display instances.

 

 

 

Module:

Welcome To The Best Online HTML Web Editor!

You can type your text directly in the editor or paste it from a Word Doc, PDF, Excel etc.

The visual editor on the right and the source editor on the left are linked together and the changes are reflected in the other one as you type! smiley

Name City Age
John Chicago 23
Lucy Wisconsin 19
Amanda Madison 22

This is a table you can experiment with.