diff --git a/README.md b/README.md index ace42f1..e4f3e9f 100644 --- a/README.md +++ b/README.md @@ -1 +1 @@ -# terraformcode \ No newline at end of file +# terraform_code diff --git a/eks/main.tf b/eks/main.tf index 93ae5b0..efb1d4d 100644 --- a/eks/main.tf +++ b/eks/main.tf @@ -1,60 +1,301 @@ +# Configure AWS Provider provider "aws" { region = "us-east-1" } +# ============================================ +# VPC Configuration +# ============================================ + # Create VPC resource "aws_vpc" "eks_vpc" { - cidr_block = "10.0.0.0/16" + cidr_block = "10.0.0.0/16" + enable_dns_hostnames = true + enable_dns_support = true + + tags = { + Name = "eks-vpc" + } +} + +# Create Internet Gateway +resource "aws_internet_gateway" "eks_igw" { + vpc_id = aws_vpc.eks_vpc.id + + tags = { + Name = "eks-igw" + } } -# Create Subnets +# Create Route Table +resource "aws_route_table" "eks_rt" { + vpc_id = aws_vpc.eks_vpc.id + + route { + cidr_block = "0.0.0.0/0" + gateway_id = aws_internet_gateway.eks_igw.id + } + + tags = { + Name = "eks-rt" + } +} + +# ============================================ +# Subnets Configuration +# ============================================ + +# Create Subnet A resource "aws_subnet" "eks_subnet_a" { - vpc_id = aws_vpc.eks_vpc.id - cidr_block = "10.0.1.0/24" - availability_zone = "us-east-1a" + vpc_id = aws_vpc.eks_vpc.id + cidr_block = "10.0.1.0/24" + availability_zone = "us-east-1a" + map_public_ip_on_launch = true + + tags = { + Name = "eks-subnet-a" + } } +# Create Subnet B resource "aws_subnet" "eks_subnet_b" { - vpc_id = aws_vpc.eks_vpc.id - cidr_block = "10.0.2.0/24" - availability_zone = "us-east-1b" + vpc_id = aws_vpc.eks_vpc.id + cidr_block = "10.0.2.0/24" + availability_zone = "us-east-1b" + map_public_ip_on_launch = true + + tags = { + Name = "eks-subnet-b" + } } -# Create IAM Role for EKS Cluster +# Associate Subnets with Route Table +resource "aws_route_table_association" "eks_rta_a" { + subnet_id = aws_subnet.eks_subnet_a.id + route_table_id = aws_route_table.eks_rt.id +} + +resource "aws_route_table_association" "eks_rta_b" { + subnet_id = aws_subnet.eks_subnet_b.id + route_table_id = aws_route_table.eks_rt.id +} + +# ============================================ +# Security Groups +# ============================================ + +# Security Group for EKS Cluster +resource "aws_security_group" "eks_cluster_sg" { + name = "eks-cluster-sg" + description = "Security group for EKS cluster" + vpc_id = aws_vpc.eks_vpc.id + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } + + tags = { + Name = "eks-cluster-sg" + } +} + +# Security Group for EKS Nodes +resource "aws_security_group" "eks_node_sg" { + name = "eks-node-sg" + description = "Security group for EKS nodes" + vpc_id = aws_vpc.eks_vpc.id + + ingress { + from_port = 0 + to_port = 65535 + protocol = "tcp" + cidr_blocks = ["10.0.0.0/16"] + } + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } + + tags = { + Name = "eks-node-sg" + } +} + +# ============================================ +# IAM Roles and Policies - EKS Cluster +# ============================================ + +# IAM Role for EKS Cluster resource "aws_iam_role" "eks_cluster_role" { name = "eks-cluster-role" assume_role_policy = jsonencode({ - Version = "2012-10-17", + Version = "2012-10-17" Statement = [{ - Action = "sts:AssumeRole", - Effect = "Allow", + Action = "sts:AssumeRole" + Effect = "Allow" Principal = { Service = "eks.amazonaws.com" } }] }) + + tags = { + Name = "eks-cluster-role" + } } -# Attach EKS Policy to IAM Role +# Attach EKS Cluster Policy resource "aws_iam_role_policy_attachment" "eks_cluster_policy" { role = aws_iam_role.eks_cluster_role.name policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy" } -# Create EKS Cluster -resource "aws_eks_cluster" "example" { +# Attach VPC Resource Controller Policy +resource "aws_iam_role_policy_attachment" "eks_vpc_resource_controller" { + role = aws_iam_role.eks_cluster_role.name + policy_arn = "arn:aws:iam::aws:policy/AmazonEKSVPCResourceController" +} + +# ============================================ +# IAM Roles and Policies - Node Group +# ============================================ + +# IAM Role for Node Group +resource "aws_iam_role" "eks_node_role" { + name = "eks-node-role" + + assume_role_policy = jsonencode({ + Version = "2012-10-17" + Statement = [{ + Action = "sts:AssumeRole" + Effect = "Allow" + Principal = { + Service = "ec2.amazonaws.com" + } + }] + }) + + tags = { + Name = "eks-node-role" + } +} + +# Attach EKS Worker Node Policy +resource "aws_iam_role_policy_attachment" "eks_worker_node_policy" { + role = aws_iam_role.eks_node_role.name + policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy" +} + +# Attach EKS CNI Policy +resource "aws_iam_role_policy_attachment" "eks_cni_policy" { + role = aws_iam_role.eks_node_role.name + policy_arn = "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy" +} + +# Attach ECR Read Only Policy +resource "aws_iam_role_policy_attachment" "eks_registry_policy" { + role = aws_iam_role.eks_node_role.name + policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" +} + +# ============================================ +# EKS Cluster +# ============================================ + +resource "aws_eks_cluster" "main" { name = "my-eks-cluster" role_arn = aws_iam_role.eks_cluster_role.arn + version = "1.33" vpc_config { - subnet_ids = [ - aws_subnet.eks_subnet_a.id, - aws_subnet.eks_subnet_b.id, - ] + subnet_ids = [aws_subnet.eks_subnet_a.id, aws_subnet.eks_subnet_b.id] + security_group_ids = [aws_security_group.eks_cluster_sg.id] + endpoint_private_access = true + endpoint_public_access = true } + # Enable Control Plane Logging + enabled_cluster_log_types = ["api", "audit", "authenticator", "controllerManager", "scheduler"] + depends_on = [ aws_iam_role_policy_attachment.eks_cluster_policy, + aws_iam_role_policy_attachment.eks_vpc_resource_controller, ] + + tags = { + Name = "my-eks-cluster" + } +} + +# ============================================ +# EKS Node Group +# ============================================ + +resource "aws_eks_node_group" "main" { + cluster_name = aws_eks_cluster.main.name + node_group_name = "my-node-group" + node_role_arn = aws_iam_role.eks_node_role.arn + subnet_ids = [aws_subnet.eks_subnet_a.id, aws_subnet.eks_subnet_b.id] + version = "1.33" + + scaling_config { + desired_size = 2 + max_size = 4 + min_size = 1 + } + + instance_types = ["t3.medium"] + + disk_size = 20 + + tags = { + Name = "my-node-group" + } + + depends_on = [ + aws_iam_role_policy_attachment.eks_worker_node_policy, + aws_iam_role_policy_attachment.eks_cni_policy, + aws_iam_role_policy_attachment.eks_registry_policy, + ] +} + +# ============================================ +# Outputs +# ============================================ + +output "cluster_id" { + description = "EKS cluster ID" + value = aws_eks_cluster.main.id +} + +output "cluster_arn" { + description = "EKS cluster ARN" + value = aws_eks_cluster.main.arn +} + +output "cluster_endpoint" { + description = "Endpoint for EKS control plane" + value = aws_eks_cluster.main.endpoint +} + +output "cluster_security_group_id" { + description = "Security group ID attached to the EKS cluster" + value = aws_security_group.eks_cluster_sg.id +} + +output "node_group_id" { + description = "EKS node group ID" + value = aws_eks_node_group.main.id +} + +output "node_group_status" { + description = "Status of the EKS node group" + value = aws_eks_node_group.main.status }