Terraform AWS Security Full Tutorial | LAB-10 | VPC, EC2, S3, IGW & Security Groups
Автор: KAILASH CHANDRA - DEVOPS | WEB DEVELOPMENT
Загружено: 2026-01-07
Просмотров: 44
This video explains Terraform AWS Security with real-world architecture covering VPC, EC2, S3, Internet Gateway (IGW), Security Groups, and IAM. This course is production-ready and ideal for DevOps engineers, cloud engineers, and beginners who want to build secure AWS infrastructure using Infrastructure as Code (IaC).
-----------------------------TERRAFORM-SECURITY-CODE---------------------------------
-----------------------------------------PROVIDER---------------------------------------
provider "aws" {
region = "us-east-1"
}
-----------------------------------VARIABLES---------------------------------
variable "instance_type" {
description = "EC2 instance type"
default = "t3.micro"
}
variable "key_name" {
description = "EC2 Key Pair name (created from AWS Console)"
default = "awskey"
}
variable "allowed_ip" {
description = "Your public IPv4 for SSH"
default = "49.47.71.254"
}
--------------------------------REMOTE BACKEND (S3 MUST EXIST)----------------------------------
terraform {
backend "s3" {
bucket = "terra-security-lab"
key = "prod/terraform.tfstate"
region = "us-east-1"
encrypt = true
}
}
----------------------------------------DYNAMODB TABLE (STATE LOCK)---------------------------
resource "aws_dynamodb_table" "terraform_lock" {
name = "terraform-lock"
billing_mode = "PAY_PER_REQUEST"
hash_key = "LockID"
attribute {
name = "LockID"
type = "S"
}
}
-------------------VPC----------------------------------
resource "aws_vpc" "secure_vpc" {
cidr_block = "10.0.0.0/16"
tags = {
Name = "secure-vpc"
}
}
--------------------------------------------PUBLIC SUBNET------------------------------------------------
resource "aws_subnet" "public_subnet" {
vpc_id = aws_vpc.secure_vpc.id
cidr_block = "10.0.1.0/24"
availability_zone = "us-east-1a"
map_public_ip_on_launch = true
tags = {
Name = "public-subnet"
}
}
------------------------------------------------NTERNET GATEWAY-------------------------------------
resource "aws_internet_gateway" "igw" {
vpc_id = aws_vpc.secure_vpc.id
tags = {
Name = "secure-igw"
}
}
-----------------------------------------------------ROUTE TABLE----------------------------------
resource "aws_route_table" "public_rt" {
vpc_id = aws_vpc.secure_vpc.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.igw.id
}
tags = {
Name = "public-rt"
}
}
-----------------------------ROUTE TABLE ASSOCIATION-----------------------
resource "aws_route_table_association" "public_assoc" {
subnet_id = aws_subnet.public_subnet.id
route_table_id = aws_route_table.public_rt.id
}
--------------------SECURITY GROUP------------------------------------
resource "aws_security_group" "secure_sg" {
name = "secure-sg"
vpc_id = aws_vpc.secure_vpc.id
ingress {
description = "SSH access from my IP"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["${var.allowed_ip}/32"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "secure-sg"
}
}
----------------------- EC2 INSTANCE (WINDOWS / LINUX BOTH OK)-------------------
resource "aws_instance" "secure_ec2" {
ami = "ami-068c0051b15cdb816"
instance_type = var.instance_type
key_name = var.key_name
subnet_id = aws_subnet.public_subnet.id
vpc_security_group_ids = [aws_security_group.secure_sg.id]
associate_public_ip_address = true
tags = {
Name = "Terra-Security-EC2"
}
}
------------------SECURE S3 BUCKET (APPLICATION USE)-------------------------------
resource "aws_s3_bucket" "secure_bucket" {
bucket = "terra-security-app-bucket-123456"
force_destroy = false
tags = {
Name = "secure-app-bucket"
}
}
resource "aws_s3_bucket_versioning" "bucket_versioning" {
bucket = aws_s3_bucket.secure_bucket.id
versioning_configuration {
status = "Enabled"
}
}
resource "aws_s3_bucket_public_access_block" "bucket_block" {
bucket = aws_s3_bucket.secure_bucket.id
block_public_acls = true
block_public_policy = true
ignore_public_acls = true
restrict_public_buckets = true
}
----------------OUTPUTS---------------------------------------------------------------
output "ec2_public_ip" {
value = aws_instance.secure_ec2.public_ip
}
output "vpc_id" {
value = aws_vpc.secure_vpc.id
}
output "security_group_id" {
value = aws_security_group.secure_sg.id
}
output "s3_bucket_name" {
value = aws_s3_bucket.secure_bucket.bucket
}
-----------------------------TERRAFORM-SECURITY-CODE----------CLOSE-----------------------
#Terraform #TerraformAWS #AWSSecurity #VPC #EC2 #S3 #SecurityGroups #DevOps #TerraformTutorial , https://softapptechnologies.com
Доступные форматы для скачивания:
Скачать видео mp4
-
Информация по загрузке:
