Skip to content

Commit ec34b21

Browse files
committed
incorporando recursos demos finalizado
1 parent d630388 commit ec34b21

4 files changed

Lines changed: 596 additions & 2 deletions

File tree

05-iac/00-terraform/04-incorporando-recursos/09-demo.md

Lines changed: 228 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,4 +10,231 @@ terraform plan -out d1.tfplan
1010
terraform apply "d2.tfplan"
1111
```
1212

13-
## Pasos
13+
## Pasos
14+
15+
Ahora que hemos añadido la fuente de datos de las `avaibility zones`, vamos a actualizar los `security groups` relacionados con las `subnets` y las instancias EC2.
16+
17+
## Paso 1. Preparandos para la nueva subnet
18+
19+
Actualizamos `network.tf`
20+
21+
```diff
22+
resource "aws_subnet" "subnet1" {
23+
cidr_block = var.subnet_cidr_block
24+
vpc_id = aws_vpc.vpc.id
25+
map_public_ip_on_launch = var.subnet_map_public_ip_on_launch
26+
+ availability_zone = data.aws_availability_zones.available.names[0]
27+
28+
tags = local.common_tags
29+
}
30+
```
31+
32+
Antes que creemos la segunda `availability zone`, recordemos que hemos definido el `cidr block` en un variable, sería mejor si tuvieramos un sólo lugar donde definir los `cidr blocks` de ambas.
33+
34+
Actualizamos `variables.tf`
35+
36+
```diff
37+
# ....
38+
-variable "subnet_cidr_block" {
39+
- type = string
40+
- description = "Subnet cidr block"
41+
- default = "10.0.0.0/24"
42+
-}
43+
+
44+
+variable "subnets_cidr_block" {
45+
+ type = string
46+
+ description = "Subnet cidr block"
47+
+ default = ["10.0.0.0/24", "10.0.1.0/24"]
48+
+}
49+
# ....
50+
```
51+
52+
Ahora podemos actualizar la subnet de la siguienete manera:
53+
54+
Actualizamos `network.tf`
55+
56+
```diff
57+
# ....
58+
resource "aws_subnet" "subnet1" {
59+
- cidr_block = var.subnet_cidr_block
60+
+ cidr_block = var.subents_cidr_block[0]
61+
vpc_id = aws_vpc.vpc.id
62+
map_public_ip_on_launch = var.subnet_map_public_ip_on_launch
63+
availability_zone = data.aws_availability_zones.available.names[0]
64+
65+
tags = local.common_tags
66+
}
67+
# ....
68+
```
69+
70+
### Paso 2. Añadimos la nueva subnet
71+
72+
Actualizamos `network.tf`
73+
74+
```diff
75+
resource "aws_subnet" "subnet1" {
76+
cidr_block = var.subents_cidr_block[0]
77+
vpc_id = aws_vpc.vpc.id
78+
map_public_ip_on_launch = var.subnet_map_public_ip_on_launch
79+
availability_zone = data.aws_availability_zones.available.names[0]
80+
81+
tags = local.common_tags
82+
}
83+
+
84+
+resource "aws_subnet" "subnet2" {
85+
+ cidr_block = var.subents_cidr_block[1]
86+
+ vpc_id = aws_vpc.vpc.id
87+
+ map_public_ip_on_launch = var.subnet_map_public_ip_on_launch
88+
+ availability_zone = data.aws_availability_zones.available.names[1]
89+
+
90+
+ tags = local.common_tags
91+
+}
92+
```
93+
94+
### Paso 3. Actualizando las route tables
95+
96+
Ahora que hemos generado una nueva subnet, debemos crear una nueva asociación con la `route table` a fin de poder redirigir el tráfico desde la nueva EC2 hacia el exterior.
97+
98+
```diff
99+
# ....
100+
resource "aws_route_table_association" "rta-subnet1" {
101+
subnet_id = aws_subnet.subnet1.id
102+
route_table_id = aws_route_table.rtb.id
103+
}
104+
+
105+
+resource "aws_route_table_association" "rta-subnet2" {
106+
+ subnet_id = aws_subnet.subnet2.id
107+
+ route_table_id = aws_route_table.rtb.id
108+
+}
109+
# ....
110+
```
111+
112+
### Paso 4. Creamos una nueva instancia EC2
113+
114+
Actualizamo `instances.tf`
115+
116+
```tf
117+
# INSTANCES #
118+
resource "aws_instance" "nginx1" {
119+
ami = nonsensitive(data.aws_ssm_parameter.ami.value)
120+
instance_type = var.aws_instance_type
121+
subnet_id = aws_subnet.subnet1.id
122+
vpc_security_group_ids = [aws_security_group.nginx-sg.id]
123+
124+
user_data = <<EOF
125+
#! /bin/bash
126+
sudo amazon-linux-extras install -y nginx1
127+
sudo service nginx start
128+
sudo rm /usr/share/nginx/html/index.html
129+
echo '<html><head><title>Lemon Land Server</title></head><body style=\"background-color:#1F778D\"><p style=\"text-align: center;\"><span style=\"color:#FFFFFF;\"><span style=\"font-size:28px;\">Welcome to &#127819; land</span></span></p></body></html>' | sudo tee /usr/share/nginx/html/index.html
130+
EOF
131+
132+
tags = local.common_tags
133+
134+
}
135+
136+
#-----------diff-------------#
137+
resource "aws_instance" "nginx2" {
138+
ami = nonsensitive(data.aws_ssm_parameter.ami.value)
139+
instance_type = var.aws_instance_type
140+
subnet_id = aws_subnet.subnet2.id
141+
vpc_security_group_ids = [aws_security_group.nginx-sg.id]
142+
143+
user_data = <<EOF
144+
#! /bin/bash
145+
sudo amazon-linux-extras install -y nginx1
146+
sudo service nginx start
147+
sudo rm /usr/share/nginx/html/index.html
148+
echo '<html><head><title>Lemon Land Server</title></head><body style=\"background-color:#1F778D\"><p style=\"text-align: center;\"><span style=\"color:#FFFFFF;\"><span style=\"font-size:28px;\">Welcome to &#127819; land</span></span></p></body></html>' | sudo tee /usr/share/nginx/html/index.html
149+
EOF
150+
151+
tags = local.common_tags
152+
153+
}
154+
#-----------diff-------------#
155+
```
156+
157+
### Paso 5. Añadir un security group
158+
159+
Necesitamos crear un `security group` adicional para el balanceador de carga, de manera que permita el tráfico al puerto 80 desde cualquier dirección. Simplemente vamos a duplicar el que ya tenemos:
160+
161+
Actualizamos `network.tf`
162+
163+
```tf
164+
# SECURITY GROUPS #
165+
resource "aws_security_group" "nginx-sg" {
166+
name = "nginx_sg"
167+
vpc_id = aws_vpc.vpc.id
168+
169+
# HTTP access from anywhere
170+
ingress {
171+
from_port = var.sg_ingress_port
172+
to_port = var.sg_ingress_port
173+
protocol = "tcp"
174+
cidr_blocks = var.sg_ingress_cidr_blocks
175+
}
176+
177+
# outbound internet access
178+
egress {
179+
from_port = var.sg_egress_port
180+
to_port = var.sg_egress_port
181+
protocol = "-1"
182+
cidr_blocks = var.sg_egress_cidr_blocks
183+
}
184+
185+
tags = local.common_tags
186+
}
187+
#-----------diff-------------#
188+
resource "aws_security_group" "alb_sg" {
189+
name = "nginx_alb_sg"
190+
vpc_id = aws_vpc.vpc.id
191+
192+
# HTTP access from anywhere
193+
ingress {
194+
from_port = var.sg_ingress_port
195+
to_port = var.sg_ingress_port
196+
protocol = "tcp"
197+
cidr_blocks = var.sg_ingress_cidr_blocks
198+
}
199+
200+
# outbound internet access
201+
egress {
202+
from_port = var.sg_egress_port
203+
to_port = var.sg_egress_port
204+
protocol = "-1"
205+
cidr_blocks = var.sg_egress_cidr_blocks
206+
}
207+
208+
tags = local.common_tags
209+
}
210+
#-----------diff-------------#
211+
```
212+
213+
Ahora que vamos a tener un load balancer por delante de nuestras instancias, sólo queremos aceptar táfico que venga desde dentro de la `VPC`
214+
215+
Actualizamos `network.tf`
216+
217+
```diff
218+
219+
# SECURITY GROUPS #
220+
resource "aws_security_group" "nginx-sg" {
221+
name = "nginx_sg"
222+
vpc_id = aws_vpc.vpc.id
223+
224+
# HTTP access from anywhere
225+
ingress {
226+
from_port = var.sg_ingress_port
227+
to_port = var.sg_ingress_port
228+
protocol = "tcp"
229+
- cidr_blocks = var.sg_ingress_cidr_blocks
230+
+ cidr_blocks = [var.vpc_cidr_block]
231+
}
232+
233+
```
234+
235+
236+
## Clean Up
237+
238+
```bash
239+
terraform destroy
240+
```
Lines changed: 100 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,100 @@
1+
# Incorporando los Recursos del Balanceador de Carga
2+
3+
## Pre requisitos
4+
5+
> Si has destruidfo el entorno recrealo
6+
7+
```bash
8+
cd lab/lc_web_app/
9+
terraform plan -out d1.tfplan
10+
terraform apply "d2.tfplan"
11+
```
12+
13+
## Pasos
14+
15+
### Paso 1. Buscar en la documentación
16+
17+
Si buscamos en la documentación `elastic load balancing v2`, encontraremos `aws_lb` bajo `Resources` y `Data`.
18+
19+
> Lo tenemos debajo Data, porque podemos utilizar uno que ya existiera.
20+
21+
> EXERCISE: A partir de la documentación actualizar `loadbalancer.tf`
22+
23+
```tf
24+
## aws_lb
25+
resource "aws_lb" "nginx" {
26+
name = "lc_web_alb"
27+
internal = false
28+
load_balancer_type = "application"
29+
security_groups = [aws_security_group.alb_sg.id]
30+
subnets = [aws_subnet.subnet1.id, aws_subnet.subnet2.id]
31+
32+
enable_deletion_protection = false
33+
34+
tags = local.common_tags
35+
}
36+
37+
```
38+
39+
### Paso 2. Añadimos el target group
40+
41+
Incorporamos el recurso `aws_lb_target_group`
42+
43+
```diff
44+
45+
## aws_lb_target_group
46+
+resource "aws_lb_target_group" "nginx" {
47+
+ name = "lc_web_alb_tg"
48+
+ port = 80
49+
+ protocol = "HTTP"
50+
+ vpc_id = aws_vpc.vpc.id
51+
+
52+
+ tags = local.common_tags
53+
+}
54+
```
55+
56+
### Paso 3. Añadimos el listener
57+
58+
Incorporamos el recurso `aws_lb_listener`
59+
60+
```diff
61+
## aws_lb_listener
62+
+resource "aws_lb_listener" "nginx" {
63+
+ load_balancer_arn = aws_lb.nginx.arn
64+
+ port = "80"
65+
+ protocol = "HTTP"
66+
+
67+
+ default_action {
68+
+ type = "forward"
69+
+ target_group_arn = aws_lb_target_group.nginx.arn
70+
+ }
71+
+
72+
+ tags = local.common_tags
73+
+}
74+
```
75+
76+
### Paso 4. Enlazamos las instancias
77+
78+
Incorporamos el recurso `aws_lb_target_group_attachment`
79+
80+
```diff
81+
## aws_lb_target_group_attachment
82+
+resource "aws_lb_target_group_attachment" "nginx1" {
83+
+ target_group_arn = aws_lb_target_group.nginx.arn
84+
+ target_id = aws_instance.nginx1.id
85+
+ port = 80
86+
+}
87+
+
88+
+resource "aws_lb_target_group_attachment" "nginx2" {
89+
+ target_group_arn = aws_lb_target_group.nginx.arn
90+
+ target_id = aws_instance.nginx2.id
91+
+ port = 80
92+
+}
93+
```
94+
95+
96+
## Clean Up
97+
98+
```bash
99+
terraform destroy
100+
```

0 commit comments

Comments
 (0)