diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 000000000..8a90ccaa9 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,7 @@ +version: 2 + +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" \ No newline at end of file diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml new file mode 100644 index 000000000..9f6fe4a22 --- /dev/null +++ b/.github/workflows/actionlint.yml @@ -0,0 +1,14 @@ +# If the repository is public, be sure to change to GitHub hosted runners +name: Lint GitHub Actions Workflows +on: + push: + pull_request: +permissions: + contents: read +jobs: + actionlint: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + - name: "Check workflow files" + uses: docker://docker.mirror.hashicorp.services/rhysd/actionlint:latest diff --git a/.github/workflows/infrastructure-tests.yml b/.github/workflows/infrastructure-tests.yml new file mode 100644 index 000000000..1e73d5f7f --- /dev/null +++ b/.github/workflows/infrastructure-tests.yml @@ -0,0 +1,19 @@ +name: hashicorp/hashicat-aws/infrastructure-tests +on: + workflow_dispatch: + push: + branches: + - 'master' +jobs: + terraform-validate: + runs-on: ubuntu-latest + container: + image: docker.mirror.hashicorp.services/hashicorp/terraform:light + steps: + - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + - name: Terraform Validate + run: |- + terraform init + terraform validate +permissions: + contents: read \ No newline at end of file diff --git a/.gitignore b/.gitignore new file mode 100644 index 000000000..f90c7d6b9 --- /dev/null +++ b/.gitignore @@ -0,0 +1,16 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# .tfvars files +*.tfvars + +# no creds +*.pem + +# terraformrc file +terraform.rc +.terraformrc \ No newline at end of file diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl new file mode 100644 index 000000000..2f966185c --- /dev/null +++ b/.terraform.lock.hcl @@ -0,0 +1,44 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "3.42.0" + constraints = "3.42.0" + hashes = [ + "h1:C6/yDp6BhuDFx0qdkBuJj/OWUJpAoraHTJaU6ac38Rw=", + "h1:bAg7V1/GGQxKCodxBj48DmNR1meOqD/nd3EhFL/LypQ=", + "h1:jIfbj0hq7PxQZS4FgWAFjoCq+JvrT2NbQ2HxJqn1Dr4=", + "h1:quV6hK7ewiHWBznGWCb/gJ6JAPm6UtouBUrhAjv6oRY=", + "h1:vNtu0xqKEd4LDugYp9FRJJb6K/oCP00LV/3+f1rd/Jc=", + "zh:126c856a6eedddd8571f161a826a407ba5655a37a6241393560a96b8c4beca1a", + "zh:1a4868e6ac734b5fc2e79a4a889d176286b66664aad709435aa6acee5871d5b0", + "zh:40fed7637ab8ddeb93bef06aded35d970f0628025b97459ae805463e8aa0a58a", + "zh:68def3c0a5a1aac1db6372c51daef858b707f03052626d3427ac24cba6f2014d", + "zh:6db7ec9c8d1803a0b6f40a664aa892e0f8894562de83061fa7ac1bc51ff5e7e5", + "zh:7058abaad595930b3f97dc04e45c112b2dbf37d098372a849081f7081da2fb52", + "zh:8c25adb15a19da301c478aa1f4a4d8647cabdf8e5dae8331d4490f80ea718c26", + "zh:8e129b847401e39fcbc54817726dab877f36b7f00ff5ed76f7b43470abe99ff9", + "zh:d268bb267a2d6b39df7ddee8efa7c1ef7a15cf335dfa5f2e64c9dae9b623a1b8", + "zh:d6eeb3614a0ab50f8e9ab5666ae5754ea668ce327310e5b21b7f04a18d7611a8", + "zh:f5d3c58055dff6e38562b75d3edc908cb2f1e45c6914f6b00f4773359ce49324", + ] +} + +provider "registry.terraform.io/hashicorp/hcp" { + version = "0.75.0" + hashes = [ + "h1:QaffJMGitzQ+PpNDmBgCu4UY82I6NjqMIkmHhdu7MWU=", + "zh:0faa59649e3d7af41e730b4be99f03046eb748b4905bb98d5f6eaae06d0b073f", + "zh:1f31bd3468a06233442e404a003d1a9fd81305ece69df2100a687b2725ab5ee9", + "zh:320b0c281617a9ae9f1763ef783afe46f22f66633c3ac57f4579d74381c9b1f3", + "zh:3b4ea54c9537d4216f1b66e5d91f35923660e1c07b9d9b515c58bbc1ec916071", + "zh:41cf885665714fada5d2dfa19f18b43f24318efe536aba9d2324005d5669d8ef", + "zh:541d4532c875b2ee7ecb98da9a1461e76788893b623b0adf7c634d9fff7770e3", + "zh:7859b7310020d2fa7d1eaf5aa26d1a3b1907aa9533b6e709e8e47daf91ac0a1c", + "zh:80088235e13fad169707976dc01259561101ff4c6cda4f010046ad4d42485d1f", + "zh:89fe987f43c2958fe22e9fb3549f3f613da619d3bd96619efbca9ca7c9e6f640", + "zh:97daa665ccbd183915cc2ada00da5c7d39ef3a9d4494fe8363f7b6abd87efc83", + "zh:99abc921955bb60770549ee4c5faecf462bc793cd2ea20689f544b955860829d", + "zh:eaa0910876388c19f699a17c5f8aff89863a22363091e65f36dbac60f0ef80e3", + ] +} diff --git a/.vscode/shipyard.json b/.vscode/shipyard.json new file mode 100644 index 000000000..4f5d158e2 --- /dev/null +++ b/.vscode/shipyard.json @@ -0,0 +1,4 @@ +{ + "tabs": [], + "terminals": [] +} \ No newline at end of file diff --git a/CODEOWNERS b/CODEOWNERS new file mode 100644 index 000000000..82e57790c --- /dev/null +++ b/CODEOWNERS @@ -0,0 +1 @@ +* @hashicorp/customer-design-labs diff --git a/LICENSE b/LICENSE new file mode 100644 index 000000000..f434f48e8 --- /dev/null +++ b/LICENSE @@ -0,0 +1,203 @@ +Copyright (c) 2021 HashiCorp, Inc. + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/README.md b/README.md new file mode 100644 index 000000000..934a33302 --- /dev/null +++ b/README.md @@ -0,0 +1,6 @@ +# hashicat-aws +Hashicat: A terraform built application for use in Hashicorp workshops + +Includes "Meow World" website. + +[![infrastructure-tests](https://github.com/hashicorp/hashicat-aws/actions/workflows/infrastructure-tests.yml/badge.svg)](https://github.com/hashicorp/hashicat-aws/actions/workflows/infrastructure-tests.yml) diff --git a/exercises/main.tf.completed b/exercises/main.tf.completed new file mode 100644 index 000000000..5e98edaa4 --- /dev/null +++ b/exercises/main.tf.completed @@ -0,0 +1,196 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "=3.42.0" + } + } +} + +provider "aws" { + region = var.region +} + +resource "aws_vpc" "hashicat" { + cidr_block = var.address_space + enable_dns_hostnames = true + + tags = { + name = "${var.prefix}-vpc-${var.region}" + environment = "Production" + } +} + +resource "aws_subnet" "hashicat" { + vpc_id = aws_vpc.hashicat.id + cidr_block = var.subnet_prefix + + tags = { + name = "${var.prefix}-subnet" + } +} + +resource "aws_security_group" "hashicat" { + name = "${var.prefix}-security-group" + + vpc_id = aws_vpc.hashicat.id + + ingress { + from_port = 22 + to_port = 22 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + ingress { + from_port = 80 + to_port = 80 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + ingress { + from_port = 443 + to_port = 443 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + prefix_list_ids = [] + } + + tags = { + Name = "${var.prefix}-security-group" + } +} + +resource "aws_internet_gateway" "hashicat" { + vpc_id = aws_vpc.hashicat.id + + tags = { + Name = "${var.prefix}-internet-gateway" + } +} + +resource "aws_route_table" "hashicat" { + vpc_id = aws_vpc.hashicat.id + + route { + cidr_block = "0.0.0.0/0" + gateway_id = aws_internet_gateway.hashicat.id + } +} + +resource "aws_route_table_association" "hashicat" { + subnet_id = aws_subnet.hashicat.id + route_table_id = aws_route_table.hashicat.id +} + +data "aws_ami" "ubuntu" { + most_recent = true + + filter { + name = "name" + values = ["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*"] + } + + filter { + name = "virtualization-type" + values = ["hvm"] + } + + owners = ["099720109477"] # Canonical +} + +resource "aws_eip" "hashicat" { + instance = aws_instance.hashicat.id + vpc = true +} + +resource "aws_eip_association" "hashicat" { + instance_id = aws_instance.hashicat.id + allocation_id = aws_eip.hashicat.id +} + +resource "aws_instance" "hashicat" { + ami = data.aws_ami.ubuntu.id + instance_type = var.instance_type + key_name = aws_key_pair.hashicat.key_name + associate_public_ip_address = true + subnet_id = aws_subnet.hashicat.id + vpc_security_group_ids = [aws_security_group.hashicat.id] + + tags = { + Name = "${var.prefix}-hashicat-instance" + } +} + +# We're using a little trick here so we can run the provisioner without +# destroying the VM. Do not do this in production. + +# If you need ongoing management (Day N) of your virtual machines a tool such +# as Chef or Puppet is a better choice. These tools track the state of +# individual files and can keep them in the correct configuration. + +# Here we do the following steps: +# Sync everything in files/ to the remote VM. +# Set up some environment variables for our script. +# Add execute permissions to our scripts. +# Run the deploy_app.sh script. +resource "null_resource" "configure-cat-app" { + depends_on = [aws_eip_association.hashicat] + + triggers = { + build_number = timestamp() + } + + provisioner "file" { + source = "files/" + destination = "/home/ubuntu/" + + connection { + type = "ssh" + user = "ubuntu" + private_key = tls_private_key.hashicat.private_key_pem + host = aws_eip.hashicat.public_ip + } + } + + provisioner "remote-exec" { + inline = [ + "sudo apt -y update", + "sleep 15", + "sudo apt -y update", + "sudo apt -y install apache2", + "sudo systemctl start apache2", + "sudo chown -R ubuntu:ubuntu /var/www/html", + "chmod +x *.sh", + "PLACEHOLDER=${var.placeholder} WIDTH=${var.width} HEIGHT=${var.height} PREFIX=${var.prefix} ./deploy_app.sh", + ] + + connection { + type = "ssh" + user = "ubuntu" + private_key = tls_private_key.hashicat.private_key_pem + host = aws_eip.hashicat.public_ip + } + } +} + +resource "tls_private_key" "hashicat" { + algorithm = "ED25519" +} + +locals { + private_key_filename = "${var.prefix}-ssh-key.pem" +} + +resource "aws_key_pair" "hashicat" { + key_name = local.private_key_filename + public_key = tls_private_key.hashicat.public_key_openssh +} diff --git a/exercises/main.tf.cowsay b/exercises/main.tf.cowsay new file mode 100644 index 000000000..d2994e6ca --- /dev/null +++ b/exercises/main.tf.cowsay @@ -0,0 +1,198 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "=3.42.0" + } + } +} + +provider "aws" { + region = var.region +} + +resource "aws_vpc" "hashicat" { + cidr_block = var.address_space + enable_dns_hostnames = true + + tags = { + name = "${var.prefix}-vpc-${var.region}" + environment = "Production" + } +} + +resource "aws_subnet" "hashicat" { + vpc_id = aws_vpc.hashicat.id + cidr_block = var.subnet_prefix + + tags = { + name = "${var.prefix}-subnet" + } +} + +resource "aws_security_group" "hashicat" { + name = "${var.prefix}-security-group" + + vpc_id = aws_vpc.hashicat.id + + ingress { + from_port = 22 + to_port = 22 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + ingress { + from_port = 80 + to_port = 80 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + ingress { + from_port = 443 + to_port = 443 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + prefix_list_ids = [] + } + + tags = { + Name = "${var.prefix}-security-group" + } +} + +resource "aws_internet_gateway" "hashicat" { + vpc_id = aws_vpc.hashicat.id + + tags = { + Name = "${var.prefix}-internet-gateway" + } +} + +resource "aws_route_table" "hashicat" { + vpc_id = aws_vpc.hashicat.id + + route { + cidr_block = "0.0.0.0/0" + gateway_id = aws_internet_gateway.hashicat.id + } +} + +resource "aws_route_table_association" "hashicat" { + subnet_id = aws_subnet.hashicat.id + route_table_id = aws_route_table.hashicat.id +} + +data "aws_ami" "ubuntu" { + most_recent = true + + filter { + name = "name" + values = ["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*"] + } + + filter { + name = "virtualization-type" + values = ["hvm"] + } + + owners = ["099720109477"] # Canonical +} + +resource "aws_eip" "hashicat" { + instance = aws_instance.hashicat.id + vpc = true +} + +resource "aws_eip_association" "hashicat" { + instance_id = aws_instance.hashicat.id + allocation_id = aws_eip.hashicat.id +} + +resource "aws_instance" "hashicat" { + ami = data.aws_ami.ubuntu.id + instance_type = var.instance_type + key_name = aws_key_pair.hashicat.key_name + associate_public_ip_address = true + subnet_id = aws_subnet.hashicat.id + vpc_security_group_ids = [aws_security_group.hashicat.id] + + tags = { + Name = "${var.prefix}-hashicat-instance" + } +} + +# We're using a little trick here so we can run the provisioner without +# destroying the VM. Do not do this in production. + +# If you need ongoing management (Day N) of your virtual machines a tool such +# as Chef or Puppet is a better choice. These tools track the state of +# individual files and can keep them in the correct configuration. + +# Here we do the following steps: +# Sync everything in files/ to the remote VM. +# Set up some environment variables for our script. +# Add execute permissions to our scripts. +# Run the deploy_app.sh script. +resource "null_resource" "configure-cat-app" { + depends_on = [aws_eip_association.hashicat] + + triggers = { + build_number = timestamp() + } + + provisioner "file" { + source = "files/" + destination = "/home/ubuntu/" + + connection { + type = "ssh" + user = "ubuntu" + private_key = tls_private_key.hashicat.private_key_pem + host = aws_eip.hashicat.public_ip + } + } + + provisioner "remote-exec" { + inline = [ + "sudo apt -y update", + "sleep 15", + "sudo apt -y update", + "sudo apt -y install apache2", + "sudo systemctl start apache2", + "sudo chown -R ubuntu:ubuntu /var/www/html", + "chmod +x *.sh", + "PLACEHOLDER=${var.placeholder} WIDTH=${var.width} HEIGHT=${var.height} PREFIX=${var.prefix} ./deploy_app.sh", + "sudo apt -y install cowsay", + "cowsay Mooooooooooo!", + ] + + connection { + type = "ssh" + user = "ubuntu" + private_key = tls_private_key.hashicat.private_key_pem + host = aws_eip.hashicat.public_ip + } + } +} + +resource "tls_private_key" "hashicat" { + algorithm = "ED25519" +} + +locals { + private_key_filename = "${var.prefix}-ssh-key.pem" +} + +resource "aws_key_pair" "hashicat" { + key_name = local.private_key_filename + public_key = tls_private_key.hashicat.public_key_openssh +} diff --git a/exercises/main.tf.start b/exercises/main.tf.start new file mode 100644 index 000000000..c3f93a5e7 --- /dev/null +++ b/exercises/main.tf.start @@ -0,0 +1,196 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "=3.42.0" + } + } +} + +provider "aws" { + region = var.region +} + +resource "aws_vpc" "hashicat" { + cidr_block = var.address_space + enable_dns_hostnames = true + + tags = { + name = "${var.prefix}-vpc-${var.region}" + } + +} + +# resource "aws_subnet" "hashicat" { +# vpc_id = aws_vpc.hashicat.id +# cidr_block = var.subnet_prefix + +# tags = { +# name = "${var.prefix}-subnet" +# } +# } + +# resource "aws_security_group" "hashicat" { +# name = "${var.prefix}-security-group" + +# vpc_id = aws_vpc.hashicat.id + +# ingress { +# from_port = 22 +# to_port = 22 +# protocol = "tcp" +# cidr_blocks = ["0.0.0.0/0"] +# } + +# ingress { +# from_port = 80 +# to_port = 80 +# protocol = "tcp" +# cidr_blocks = ["0.0.0.0/0"] +# } + +# ingress { +# from_port = 443 +# to_port = 443 +# protocol = "tcp" +# cidr_blocks = ["0.0.0.0/0"] +# } + +# egress { +# from_port = 0 +# to_port = 0 +# protocol = "-1" +# cidr_blocks = ["0.0.0.0/0"] +# prefix_list_ids = [] +# } + +# tags = { +# Name = "${var.prefix}-security-group" +# } +# } + +# resource "aws_internet_gateway" "hashicat" { +# vpc_id = aws_vpc.hashicat.id + +# tags = { +# Name = "${var.prefix}-internet-gateway" +# } +# } + +# resource "aws_route_table" "hashicat" { +# vpc_id = aws_vpc.hashicat.id + +# route { +# cidr_block = "0.0.0.0/0" +# gateway_id = aws_internet_gateway.hashicat.id +# } +# } + +# resource "aws_route_table_association" "hashicat" { +# subnet_id = aws_subnet.hashicat.id +# route_table_id = aws_route_table.hashicat.id +# } + +# data "aws_ami" "ubuntu" { +# most_recent = true + +# filter { +# name = "name" +# values = ["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*"] +# } + +# filter { +# name = "virtualization-type" +# values = ["hvm"] +# } + +# owners = ["099720109477"] # Canonical +# } + +# resource "aws_eip" "hashicat" { +# instance = aws_instance.hashicat.id +# vpc = true +# } + +# resource "aws_eip_association" "hashicat" { +# instance_id = aws_instance.hashicat.id +# allocation_id = aws_eip.hashicat.id +# } + +# resource "aws_instance" "hashicat" { +# ami = data.aws_ami.ubuntu.id +# instance_type = var.instance_type +# key_name = aws_key_pair.hashicat.key_name +# associate_public_ip_address = true +# subnet_id = aws_subnet.hashicat.id +# vpc_security_group_ids = [aws_security_group.hashicat.id] + +# tags = { +# Name = "${var.prefix}-hashicat-instance" +# } +# } + +# # We're using a little trick here so we can run the provisioner without +# # destroying the VM. Do not do this in production. + +# # If you need ongoing management (Day N) of your virtual machines a tool such +# # as Chef or Puppet is a better choice. These tools track the state of +# # individual files and can keep them in the correct configuration. + +# # Here we do the following steps: +# # Sync everything in files/ to the remote VM. +# # Set up some environment variables for our script. +# # Add execute permissions to our scripts. +# # Run the deploy_app.sh script. +# resource "null_resource" "configure-cat-app" { +# depends_on = [aws_eip_association.hashicat] + +# triggers = { +# build_number = timestamp() +# } + +# provisioner "file" { +# source = "files/" +# destination = "/home/ubuntu/" + +# connection { +# type = "ssh" +# user = "ubuntu" +# private_key = tls_private_key.hashicat.private_key_pem +# host = aws_eip.hashicat.public_ip +# } +# } + +# provisioner "remote-exec" { +# inline = [ +# "sudo apt -y update", +# "sleep 15", +# "sudo apt -y update", +# "sudo apt -y install apache2", +# "sudo systemctl start apache2", +# "sudo chown -R ubuntu:ubuntu /var/www/html", +# "chmod +x *.sh", +# "PLACEHOLDER=${var.placeholder} WIDTH=${var.width} HEIGHT=${var.height} PREFIX=${var.prefix} ./deploy_app.sh", +# ] + +# connection { +# type = "ssh" +# user = "ubuntu" +# private_key = tls_private_key.hashicat.private_key_pem +# host = aws_eip.hashicat.public_ip +# } +# } +# } + +# resource "tls_private_key" "hashicat" { +# algorithm = "ED25519" +# } + +# locals { +# private_key_filename = "${var.prefix}-ssh-key.pem" +# } + +# resource "aws_key_pair" "hashicat" { +# key_name = local.private_key_filename +# public_key = tls_private_key.hashicat.public_key_openssh +# } diff --git a/exercises/outputs.tf.completed b/exercises/outputs.tf.completed new file mode 100644 index 000000000..4c80603e0 --- /dev/null +++ b/exercises/outputs.tf.completed @@ -0,0 +1,8 @@ +# Outputs file +output "catapp_url" { + value = "http://${aws_eip.hashicat.public_dns}" +} + +output "catapp_ip" { + value = "http://${aws_eip.hashicat.public_ip}" +} diff --git a/exercises/outputs.tf.start b/exercises/outputs.tf.start new file mode 100644 index 000000000..ac2f8d2ab --- /dev/null +++ b/exercises/outputs.tf.start @@ -0,0 +1,4 @@ +# Outputs file +#output "catapp_url" { +# value = "http://${aws_instance.hashicat.public_dns}" +#} \ No newline at end of file diff --git a/files/deploy_app.sh b/files/deploy_app.sh new file mode 100644 index 000000000..1a1a7db07 --- /dev/null +++ b/files/deploy_app.sh @@ -0,0 +1,22 @@ +#!/bin/bash +# Script to deploy a very simple web application. +# The web app has a customizable image and some text. + +cat << EOM > /var/www/html/index.html + + Meow! + +
+ + +
+

Meow World!

+ Welcome to ${PREFIX}'s app. Replace this text with your own. + + +
+ + +EOM + +echo "Script complete." diff --git a/main.tf b/main.tf new file mode 100644 index 000000000..96e118943 --- /dev/null +++ b/main.tf @@ -0,0 +1,128 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "=3.42.0" + } + } +} + +provider "aws" { + region = var.region +} + +resource "aws_vpc" "hashicat" { + cidr_block = var.address_space + enable_dns_hostnames = true + + tags = { + name = "${var.prefix}-vpc-${var.region}" + environment = "Production" + } +} + +resource "aws_subnet" "hashicat" { + vpc_id = aws_vpc.hashicat.id + cidr_block = var.subnet_prefix + + tags = { + name = "${var.prefix}-subnet" + } +} + +resource "aws_security_group" "hashicat" { + name = "${var.prefix}-security-group" + + vpc_id = aws_vpc.hashicat.id + + ingress { + from_port = 22 + to_port = 22 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + ingress { + from_port = 80 + to_port = 80 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + ingress { + from_port = 443 + to_port = 443 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + prefix_list_ids = [] + } + + tags = { + Name = "${var.prefix}-security-group" + } +} + +resource "aws_internet_gateway" "hashicat" { + vpc_id = aws_vpc.hashicat.id + + tags = { + Name = "${var.prefix}-internet-gateway" + } +} + +resource "aws_route_table" "hashicat" { + vpc_id = aws_vpc.hashicat.id + + route { + cidr_block = "0.0.0.0/0" + gateway_id = aws_internet_gateway.hashicat.id + } +} + +resource "aws_route_table_association" "hashicat" { + subnet_id = aws_subnet.hashicat.id + route_table_id = aws_route_table.hashicat.id +} + + + +resource "aws_eip" "hashicat" { + instance = aws_instance.hashicat.id + vpc = true +} + +resource "aws_eip_association" "hashicat" { + instance_id = aws_instance.hashicat.id + allocation_id = aws_eip.hashicat.id +} + +data "hcp_packer_image" "hashicat-aws" { + bucket_name = "hashicat-aws" + channel = "latest" + cloud_provider = "aws" + region = "us-east-1" +} + +# Then replace your existing references with +# data.hcp_packer_image.hashicat-aws.cloud_image_id + +resource "aws_instance" "hashicat" { + ami = data.hcp_packer_image.hashicat-aws.cloud_image_id + instance_type = var.instance_type + associate_public_ip_address = true + subnet_id = aws_subnet.hashicat.id + vpc_security_group_ids = [aws_security_group.hashicat.id] + + tags = { + Name = "${var.prefix}-hashicat-instance" + } +} + + diff --git a/outputs.tf b/outputs.tf new file mode 100644 index 000000000..4c80603e0 --- /dev/null +++ b/outputs.tf @@ -0,0 +1,8 @@ +# Outputs file +output "catapp_url" { + value = "http://${aws_eip.hashicat.public_dns}" +} + +output "catapp_ip" { + value = "http://${aws_eip.hashicat.public_ip}" +} diff --git a/packer/backup.sh b/packer/backup.sh new file mode 100644 index 000000000..4fb4df2e2 --- /dev/null +++ b/packer/backup.sh @@ -0,0 +1,91 @@ +packer { + required_plugins { + amazon = { + version = ">= 1.0.1" + source = "github.com/hashicorp/amazon" + } + } +} +variable "placeholder" { + default = "placekitten.com" + description = "Image-as-a-service URL. Some other fun ones to try are fillmurray.com, placecage.com, placebeard.it, loremflickr.com, baconmockup.com, placeimg.com, placebear.com, placeskull.com, stevensegallery.com, placedog.net" +} + +variable "admin_username" { + description = "Administrator user name for mysql" + default = "hashicorp" +} + +variable "height" { + default = "400" + description = "Image height in pixels." +} + +variable "width" { + default = "600" + description = "Image width in pixels." +} + +variable "prefix" { + description = "This prefix will be included in the name of most resources." + default = "hashicat" +} + +variable "version" { + type = string + default = "1.0.0" +} + +data "amazon-ami" "ubuntu-jammy-east" { + region = "us-east-1" + filters = { + name = "ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*" + } + most_recent = true + owners = ["099720109477"] +} + +source "amazon-ebs" "hashicat-aws-east" { + region = "us-east-1" + source_ami = data.amazon-ami.ubuntu-jammy-east.id + instance_type = "t2.small" + ssh_username = "ubuntu" + ssh_agent_auth = false + ami_name = "packer_AWS_{{timestamp}}_v${var.version}" +} + +build { + hcp_packer_registry { + bucket_name = "hashicat-aws" + description = < /var/www/html/index.html + + Meow! + +
+ + +
+

Meow World!

+ Welcome to ${PREFIX}'s app. Replace this text with your own. + + +
+ + +EOM + +echo "Script complete." diff --git a/packer/ubuntu.pkr.hcl b/packer/ubuntu.pkr.hcl new file mode 100644 index 000000000..a876ffec1 --- /dev/null +++ b/packer/ubuntu.pkr.hcl @@ -0,0 +1,99 @@ +packer { + required_plugins { + amazon = { + version = ">= 1.0.1" + source = "github.com/hashicorp/amazon" + } + } +} +variable "placeholder" { + default = "placekitten.com" + description = "Image-as-a-service URL. Some other fun ones to try are fillmurray.com, placecage.com, placebeard.it, loremflickr.com, baconmockup.com, placeimg.com, placebear.com, placeskull.com, stevensegallery.com, placedog.net" +} + +variable "admin_username" { + description = "Administrator user name for mysql" + default = "hashicorp" +} + +variable "height" { + default = "400" + description = "Image height in pixels." +} + +variable "width" { + default = "600" + description = "Image width in pixels." +} + +variable "prefix" { + description = "This prefix will be included in the name of most resources." + default = "hashicat" +} + +variable "version" { + type = string + default = "1.0.0" +} + +data "amazon-ami" "ubuntu-jammy-east" { + region = "us-east-1" + filters = { + name = "ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*" + } + most_recent = true + owners = ["099720109477"] +} + +source "amazon-ebs" "hashicat-aws-east" { + region = "us-east-1" + source_ami = data.amazon-ami.ubuntu-jammy-east.id + instance_type = "t2.small" + ssh_username = "ubuntu" + temporary_key_pair_type = "ed25519" + ssh_agent_auth = false + ami_name = "packer_AWS_{{timestamp}}_v${var.version}" +} + +build { + hcp_packer_registry { + bucket_name = "hashicat-aws" + description = <