55> Si has destruidfo el entorno recrealo
66
77``` bash
8+ cd lab/lc_web_app/
89terraform plan -out d1.tfplan
910terraform apply " d1.tfplan"
1011```
1112
1213## Pasos
1314
14- ### Paso 1. Crear un fichero de variables
15+ ### Paso 1. Crear un fichero de variables e inncluir las credenciales como variables
1516
16- Crear ` ./lab/globo_web_app /variables.tf ` .
17+ Crear ` ./lab/lc_web_app /variables.tf ` .
1718
1819``` tf
1920# variables.tf
@@ -24,6 +25,271 @@ variable "aws_access_key" {
2425}
2526```
2627
28+ Ahora podemos actualizar ` main.tf `
29+
30+ ``` diff
31+ provider "aws" {
32+ + access_key = var.aws_access_key
33+ secret_key = "UTsppKB0IGfTVVWi9PVtSe8USNbvc07JgyNtAijh"
34+ region = "eu-west-3"
35+ }
36+ ```
37+
38+ Hagamos lo mismo con el secreto de AWS, actualizamos ` main.tf `
39+
40+ ``` diff
41+ variable "aws_access_key" {
42+ type = string
43+ description = "AWS Access Key"
44+ sensitive = true
45+ }
46+ +
47+ + variable "aws_secret_key" {
48+ + type = string
49+ + description = "AWS Secret Key"
50+ + sensitive = true
51+ + }
52+ +
53+ ```
54+
55+ Actualizamos ` main.tf `
56+
57+ ``` diff
58+ provider "aws" {
59+ access_key = var.aws_access_key
60+ + secret_key = var.aws_secret_key
61+ region = "eu-west-3"
62+ }
63+ ```
64+
65+ ### Paso 2. Incluimos la región
66+
67+ Actualizamos ` variables.tf `
68+
69+ ``` diff
70+ # ....
71+ +
72+ + variable "aws_region" {
73+ + type = string
74+ + description = "AWS Region to use for resources"
75+ + default = "eu-west-3"
76+ + }
77+ ```
78+
79+ Actualizamos ` main.tf `
80+
81+ ``` diff
82+ provider "aws" {
83+ access_key = var.aws_access_key
84+ secret_key = var.aws_secret_key
85+ + region = var.aws_region
86+ }
87+ ```
88+
89+ ### Paso 3. Actualizar Networking
90+
91+ Vamos a crear nuevas entradas en ` variables.tf ` para los recursos de Networking.
92+
93+ ``` tf
94+ # ....
95+ # NETWORKING
96+ variable "vpc_cidr_block" {
97+ type = string
98+ description = "VPC cidr block"
99+ default = "10.0.0.0/16"
100+ }
101+
102+ variable "vpc_enable_dns_hostnames" {
103+ type = bool
104+ description = "Enable / Disable DNS hostnames on VPC"
105+ default = true
106+ }
107+
108+ variable "subnet_cidr_block" {
109+ type = string
110+ description = "Subnet cidr block"
111+ default = "10.0.0.0/24"
112+ }
113+
114+ variable "subnet_map_public_ip_on_launch" {
115+ type = bool
116+ description = "Launched instances into subnet assign a public IP"
117+ default = true
118+ }
119+ ```
120+
121+ Actualizamos ` main.tf `
122+
123+ ``` diff
124+ # NETWORKING #
125+ resource "aws_vpc" "vpc" {
126+ - cidr_block = "10.0.0.0/16"
127+ + cidr_block = var.vpc_cidr_block
128+ - enable_dns_hostnames = "true"
129+ + enable_dns_hostnames = var.vpc_enable_dns_hostnames
130+ }
131+
132+ resource "aws_internet_gateway" "igw" {
133+ vpc_id = aws_vpc.vpc.id
134+ }
135+
136+ resource "aws_subnet" "subnet1" {
137+ - cidr_block = "10.0.0.0/24"
138+ + cidr_block = var.subnet_cidr_block
139+ vpc_id = aws_vpc.vpc.id
140+ - map_public_ip_on_launch = "true"
141+ + map_public_ip_on_launch = var.subnet_map_public_ip_on_launch
142+ }
143+
144+ # ROUTING #
145+ ```
146+
147+ ### Paso 4. Actualizamos Routing
148+
149+ Creamos nuevas entradas en ` variables.tf ` para los recursos de routing.
150+
151+ ``` diff
152+ variable "subnet_map_public_ip_on_launch" {
153+ type = bool
154+ description = "Launched instances into subnet assign a public IP"
155+ default = true
156+ }
157+ +
158+ + # ROUTING
159+ + variable "route_table_cidr_block" {
160+ + type = string
161+ + description = "IP's to redirect to the internet by default all of them"
162+ + default = "0.0.0.0/0"
163+ + }
164+ ```
165+
166+ Actualizamos ` main.tf `
167+
168+ ``` diff
169+
170+ # ROUTING #
171+ resource "aws_route_table" "rtb" {
172+ vpc_id = aws_vpc.vpc.id
173+
174+ route {
175+ - cidr_block = "0.0.0.0/0"
176+ + cidr_block = var.route_table_cidr_block
177+ gateway_id = aws_internet_gateway.igw.id
178+ }
179+ }
180+ ```
181+
182+ ### Paso 5. Actualizamos Security Group
183+
184+ Creamos nuevas entradas en ` variables.tf ` par los recusos de los SG
185+
186+ ``` tf
187+ # ....
188+
189+ # SECURITY GROUPS
190+ variable "sg_ingress_cidr_blocks" {
191+ type = list(string)
192+ description = "cidr blocks allow for ingress"
193+ default = ["0.0.0.0/0"]
194+ }
195+
196+ variable "sg_ingress_port" {
197+ type = number
198+ description = "Ingress port to listen TCP"
199+ default = 80
200+ }
201+
202+ variable "sg_egress_cidr_blocks" {
203+ type = list(string)
204+ description = "cidr blocks allow for egress"
205+ default = ["0.0.0.0/0"]
206+ }
207+
208+ variable "sg_egress_port" {
209+ type = number
210+ description = "Egress port"
211+ default = 0
212+ }
213+ ```
214+
215+ Actualizamos ` main.tf `
216+
217+ ``` diff
218+ # ....
219+ # SECURITY GROUPS #
220+ resource "aws_security_group" "nginx-sg" {
221+ name = "nginx_sg"
222+ vpc_id = aws_vpc.vpc.id
223+
224+ # HTTP access from anywhere
225+ ingress {
226+ - from_port = 80
227+ + from_port = var.sg_ingress_port
228+ - to_port = 80
229+ + to_port = var.sg_ingress_port
230+ protocol = "tcp"
231+ - cidr_blocks = ["0.0.0.0/0"]
232+ + cidr_blocks = var.sg_ingress_cidr_blocks
233+ }
234+
235+ # outbound internet access
236+ egress {
237+ - from_port = 0
238+ + from_port = var.sg_egress_port
239+ - to_port = 0
240+ + to_port = var.sg_egress_port
241+ protocol = "-1"
242+ - cidr_blocks = ["0.0.0.0/0"]
243+ + cidr_blocks = var.sg_egress_cidr_blocks
244+ }
245+ }
246+ # ....
247+ ```
248+
249+ ### Paso 6. Actualizamos las instancias
250+
251+ Creamos nuevas entradas en ` variables.tf ` para las instancias
252+
253+ ``` diff
254+
255+ variable "sg_egress_port" {
256+ type = number
257+ description = "Egress port"
258+ default = 0
259+ }
260+ +
261+ + # INSTANCES
262+ + variable "aws_instance_type" {
263+ + type = string
264+ + description = "The EC2 instance to be used"
265+ + default = "t2.micro"
266+ + }
267+ +
268+ ```
269+
270+ Actualizamos ` main.tf `
271+
272+ ``` diff
273+ # INSTANCES #
274+ resource "aws_instance" "nginx1" {
275+ ami = nonsensitive(data.aws_ssm_parameter.ami.value)
276+ - instance_type = "t2.micro"
277+ + instance_type = var.aws_instance_type
278+ subnet_id = aws_subnet.subnet1.id
279+ vpc_security_group_ids = [aws_security_group.nginx-sg.id]
280+
281+ user_data = <<EOF
282+ # ! /bin/bash
283+ sudo amazon-linux-extras install -y nginx1
284+ sudo service nginx start
285+ sudo rm /usr/share/nginx/html/index.html
286+ echo '<html><head><title>Lemon Land Server</title></head><body style=\"background-color:#1F778D\"><p style=\"text-align: center;\"><span style=\"color:#FFFFFF;\"><span style=\"font-size:28px;\">Welcome to 🍋 land</span></span></p></body></html>' | sudo tee /usr/share/nginx/html/index.html
287+ EOF
288+
289+ }
290+
291+ ```
292+
27293## Clean Up
28294
29295``` bash
0 commit comments