kuzemkon · September 4, 2024 15:14
diff --git a/aws-ec2-acm.tf b/aws-ec2-acm.tf
 // main.tf

 // Specify the AWS provider version
 provider "aws" {
  version = "5.64.0"
  region  = "us-east-1" // Adjust the region as needed
 }

 // Data source to get the default VPC
 data "aws_vpc" "default" {
  default = true
 }

 // Data source to get all subnets within the default VPC
 data "aws_subnets" "default" {
  filter {
    name   = "vpc-id"
    values = [data.aws_vpc.default.id]
  }
 }

 // Create a security group for the ALB
 resource "aws_security_group" "alb_sg" {
  name        = "alb_security_group"
  description = "Allow HTTP and HTTPS inbound traffic for ALB"
  vpc_id      = data.aws_vpc.default.id

  // Allow inbound HTTP traffic
  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  // Allow inbound HTTPS traffic
  ingress {
    from_port   = 443
    to_port     = 443
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  // Allow all outbound traffic
  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
 }

 // Create the EC2 instance
 resource "aws_instance" "web_server" {
  ami           = "ami-0c55b159cbfafe1f0" // Replace with your preferred AMI
  instance_type = "t2.micro"
  subnet_id     = element(data.aws_subnets.default.ids, 0)

  tags = {
    Name = "WebServer"
  }
 }

 // Create the ALB
 resource "aws_lb" "app_lb" {
  name               = "application-load-balancer"
  internal           = false
  load_balancer_type = "application"
  security_groups    = [aws_security_group.alb_sg.id]
  subnets            = data.aws_subnets.default.ids

  enable_deletion_protection = false
 }

 // Create the target group for the ALB
 resource "aws_lb_target_group" "web_tg" {
  name        = "web-target-group"
  port        = 80
  protocol    = "HTTP"
  vpc_id      = data.aws_vpc.default.id
  target_type = "instance"

  health_check {
    interval            = 30
    path                = "/"
    protocol            = "HTTP"
    healthy_threshold   = 5
    unhealthy_threshold = 2
    timeout             = 5
  }
 }

 // Register the EC2 instance with the target group
 resource "aws_lb_target_group_attachment" "web_tg_attachment" {
  target_group_arn = aws_lb_target_group.web_tg.arn
  target_id        = aws_instance.web_server.id
  port             = 80
 }

 // Create a listener for the ALB on port 80 (HTTP) with a rule to redirect to HTTPS
 resource "aws_lb_listener" "http_listener" {
  load_balancer_arn = aws_lb.app_lb.arn
  port              = "80"
  protocol          = "HTTP"

  default_action {
    type = "redirect"

    redirect {
      protocol = "HTTPS"
      port     = "443"
      status_code = "HTTP_301"
    }
  }
 }

 // Create a listener for the ALB on port 443 (HTTPS)
 resource "aws_lb_listener" "https_listener" {
  load_balancer_arn = aws_lb.app_lb.arn
  port              = "443"
  protocol          = "HTTPS"
  ssl_policy        = "ELBSecurityPolicy-2016-08"
  certificate_arn   = aws_acm_certificate.cert.arn

  default_action {
    type             = "forward"
    target_group_arn = aws_lb_target_group.web_tg.arn
  }
 }

 // Request an ACM certificate
 resource "aws_acm_certificate" "cert" {
  domain_name       = "yourdomain.com" // Replace with your domain name
  validation_method = "DNS"

  tags = {
    Name = "WebServerCert"
  }
 }

 // Create Route53 record for ACM certificate validation
 resource "aws_route53_record" "cert_validation" {
  for_each = {
    for dvo in aws_acm_certificate.cert.domain_validation_options : dvo.domain_name => {
      name   = dvo.resource_record_name
      type   = dvo.resource_record_type
      record = dvo.resource_record_value
    }
  }

  zone_id = "YOUR_ZONE_ID" // Replace with your Route53 hosted zone ID
  name    = each.value.name
  type    = each.value.type
  ttl     = 60
  records = [each.value.record]
 }

 // Create Route53 record for ALB
 resource "aws_route53_record" "alb_record" {
  zone_id = "YOUR_ZONE_ID" // Replace with your Route53 hosted zone ID
  name    = "yourdomain.com" // Replace with your domain name
  type    = "A"

  alias {
    name                   = aws_lb.app_lb.dns_name
    zone_id                = aws_lb.app_lb.zone_id
    evaluate_target_health = true
  }
 }

 // Output the ALB DNS name
 output "alb_dns_name" {
  description = "The DNS name of the ALB"
  value       = aws_lb.app_lb.dns_name
 }
	// main.tf

	// Specify the AWS provider version
	provider "aws" {
	version = "5.64.0"
	region = "us-east-1" // Adjust the region as needed
	}

	// Data source to get the default VPC
	data "aws_vpc" "default" {
	default = true
	}

	// Data source to get all subnets within the default VPC
	data "aws_subnets" "default" {
	filter {
	name = "vpc-id"
	values = [data.aws_vpc.default.id]
	}
	}

	// Create a security group for the ALB
	resource "aws_security_group" "alb_sg" {
	name = "alb_security_group"
	description = "Allow HTTP and HTTPS inbound traffic for ALB"
	vpc_id = data.aws_vpc.default.id

	// Allow inbound HTTP traffic
	ingress {
	from_port = 80
	to_port = 80
	protocol = "tcp"
	cidr_blocks = ["0.0.0.0/0"]
	}

	// Allow inbound HTTPS traffic
	ingress {
	from_port = 443
	to_port = 443
	protocol = "tcp"
	cidr_blocks = ["0.0.0.0/0"]
	}

	// Allow all outbound traffic
	egress {
	from_port = 0
	to_port = 0
	protocol = "-1"
	cidr_blocks = ["0.0.0.0/0"]
	}
	}

	// Create the EC2 instance
	resource "aws_instance" "web_server" {
	ami = "ami-0c55b159cbfafe1f0" // Replace with your preferred AMI
	instance_type = "t2.micro"
	subnet_id = element(data.aws_subnets.default.ids, 0)

	tags = {
	Name = "WebServer"
	}
	}

	// Create the ALB
	resource "aws_lb" "app_lb" {
	name = "application-load-balancer"
	internal = false
	load_balancer_type = "application"
	security_groups = [aws_security_group.alb_sg.id]
	subnets = data.aws_subnets.default.ids

	enable_deletion_protection = false
	}

	// Create the target group for the ALB
	resource "aws_lb_target_group" "web_tg" {
	name = "web-target-group"
	port = 80
	protocol = "HTTP"
	vpc_id = data.aws_vpc.default.id
	target_type = "instance"

	health_check {
	interval = 30
	path = "/"
	protocol = "HTTP"
	healthy_threshold = 5
	unhealthy_threshold = 2
	timeout = 5
	}
	}

	// Register the EC2 instance with the target group
	resource "aws_lb_target_group_attachment" "web_tg_attachment" {
	target_group_arn = aws_lb_target_group.web_tg.arn
	target_id = aws_instance.web_server.id
	port = 80
	}

	// Create a listener for the ALB on port 80 (HTTP) with a rule to redirect to HTTPS
	resource "aws_lb_listener" "http_listener" {
	load_balancer_arn = aws_lb.app_lb.arn
	port = "80"
	protocol = "HTTP"

	default_action {
	type = "redirect"

	redirect {
	protocol = "HTTPS"
	port = "443"
	status_code = "HTTP_301"
	}
	}
	}

	// Create a listener for the ALB on port 443 (HTTPS)
	resource "aws_lb_listener" "https_listener" {
	load_balancer_arn = aws_lb.app_lb.arn
	port = "443"
	protocol = "HTTPS"
	ssl_policy = "ELBSecurityPolicy-2016-08"
	certificate_arn = aws_acm_certificate.cert.arn

	default_action {
	type = "forward"
	target_group_arn = aws_lb_target_group.web_tg.arn
	}
	}

	// Request an ACM certificate
	resource "aws_acm_certificate" "cert" {
	domain_name = "yourdomain.com" // Replace with your domain name
	validation_method = "DNS"

	tags = {
	Name = "WebServerCert"
	}
	}

	// Create Route53 record for ACM certificate validation
	resource "aws_route53_record" "cert_validation" {
	for_each = {
	for dvo in aws_acm_certificate.cert.domain_validation_options : dvo.domain_name => {
	name = dvo.resource_record_name
	type = dvo.resource_record_type
	record = dvo.resource_record_value
	}
	}

	zone_id = "YOUR_ZONE_ID" // Replace with your Route53 hosted zone ID
	name = each.value.name
	type = each.value.type
	ttl = 60
	records = [each.value.record]
	}

	// Create Route53 record for ALB
	resource "aws_route53_record" "alb_record" {
	zone_id = "YOUR_ZONE_ID" // Replace with your Route53 hosted zone ID
	name = "yourdomain.com" // Replace with your domain name
	type = "A"

	alias {
	name = aws_lb.app_lb.dns_name
	zone_id = aws_lb.app_lb.zone_id
	evaluate_target_health = true
	}
	}

	// Output the ALB DNS name
	output "alb_dns_name" {
	description = "The DNS name of the ALB"
	value = aws_lb.app_lb.dns_name
	}