Merge pull request #1 from NotHarshhaa/master

DevOps: Push DevOps-Project-11

Author: sudarshan0797

DevOps Project-11/README.md

@@ -0,0 +1,84 @@
+# Two-Tier AWS Infrastructure with Terraform
+[![LinkedIn](https://img.shields.io/badge/Connect%20with%20me%20on-LinkedIn-blue.svg)](https://www.linkedin.com/in/harshhaa-vardhan-reddy/)
+[![GitHub](https://img.shields.io/github/stars/NotHarshhaa.svg?style=social)](https://github.com/NotHarshhaa)
+[![AWS](https://img.shields.io/badge/AWS-%F0%9F%9B%A1-orange)](https://aws.amazon.com)
+[![Terraform](https://img.shields.io/badge/Terraform-%E2%9C%A8-lightgrey)](https://www.terraform.io)
+
+![two-tier](https://imgur.com/X4dGBg6.gif)
+
+## Overview
+
+Welcome to the Terraform project for deploying a Two-Tier architecture on AWS! This project adopts a modular and security-enhanced approach to create a scalable and maintainable infrastructure.
+
+## Features
+
+- **Modular Structure:** The project is organized into dedicated modules for each AWS service, promoting reusability and maintainability.
+- **Security Focus:** Utilize IAM roles and policies to ensure a secure infrastructure.
+- **Infrastructure as Code (IaC):** Deploy and manage your infrastructure using Terraform, enabling version control and reproducibility.
+- **Service-Specific Modules:** Each module corresponds to a specific AWS service, allowing for targeted management.
+
+## Getting Started
+
+Follow these steps to deploy the Two-Tier architecture:
+
+1. **Clone the Repository:**
+
+   ```bash
+   git clone https://github.com/NotHarshhaa/DevOps-Projects
+   cd DevOps-Projects/DevOps Project-11/
+   ```
+
+2.  **Plan and Apply:**
+    ```bash
+    terraform init
+    terraform plan -var-file=variables.tfvars
+    terraform apply -var-file=variables.tfvars --auto-approve
+    ```
+
+3. **Cleanup:**
+When done the exploration, run the following to destroy the infrastructure
+    ```bash
+    terraform destroy -var-file=variables.tfvars --auto-approve
+    ```
+
+## Project Highlights
+
+- **VPC: The Foundation**: Create a robust Virtual Private Cloud (VPC) to establish a secure and isolated environment for your application.
+
+- **Load Balancing Magic**: Harness the power of the Application Load Balancer (ALB) to intelligently distribute incoming traffic across multiple EC2 instances, ensuring optimal performance and high availability.
+
+- **Auto Scaling Wonders**: Leverage the Auto Scaling Group to dynamically adjust the number of EC2 instances based on demand. This ensures your application scales seamlessly, providing resilience and cost efficiency.
+
+- **Database Sorcery**: Dive into the world of managed databases with Amazon RDS. Easily deploy, scale, and manage relational databases without the operational overhead.
+
+- **DNS Mastery**: Achieve domain registration and DNS management excellence with Amazon Route 53. Seamlessly connect your applications to the internet while ensuring high availability and low-latency responses.
+
+- **Web Application Firewall (WAF) Protection**: Safeguard your applications from web exploits and ensure a secure user experience with AWS WAF, a web application firewall that helps protect your web applications from common web exploits.
+
+- **Content Delivery Network (CDN) Acceleration**: Boost the delivery of your content globally with a Content Delivery Network. Accelerate load times, enhance user experience, and reduce latency using Amazon CloudFront.
+
+- **SSL Certificate Management with ACM**: Ensure secure communication between your users and the application with Amazon Certificate Manager (ACM). Easily provision, manage, and deploy SSL/TLS certificates.
+
+- **IAM for Robust Security**: Implement robust security measures with Identity and Access Management (IAM). Define granular permissions and access controls to secure your AWS resources.
+
+- **Infrastructure as Code (IaC) Excellence**: Embrace Infrastructure as Code (IaC) with Terraform, facilitating the provisioning and management of AWS resources in a declarative and scalable manner.
+
+These project highlights showcase the comprehensive AWS services integrated into the Two-Tier architecture, providing a solid foundation for your applications with security, scalability, and performance at the forefront.
+
+
+## Detailed Guide
+
+For an in-depth walkthrough of the project, check out the detailed guide on [Hashnode](https://harshhaa.hashnode.dev/deploy-two-tier-architecture-on-aws-using-terraform).
+
+## Connect with Me
+
+- GitHub: [GitHub Profile](https://github.com/NotHarshhaa)
+- LinkedIn: [LinkedIn Profile](https://www.linkedin.com/in/harshhaa-vardhan-reddy/)
+
+## Contributions
+
+Feel free to contribute and adapt this project to suit your needs. We welcome your ideas and improvements.
+
+## License
+
+This project is licensed under the [MIT License](LICENSE).

DevOps Project-11/backend.tf

@@ -0,0 +1,16 @@
+terraform {
+  backend "s3" {
+    bucket         = "my-ews-baket1"
+    region         = "us-east-1"
+    key            = "DevOps Project-11/terraform.tfstate"
+    dynamodb_table = "Lock-Files"
+    encrypt        = true
+  }
+  required_version = ">=0.13.0"
+  required_providers {
+    aws = {
+      version = ">= 2.7.0"
+      source  = "hashicorp/aws"
+    }
+  }
+}

DevOps Project-11/main.tf

@@ -0,0 +1,100 @@
+module "vpc" {
+  source = "../modules/aws-vpc"
+
+  vpc-name        = var.VPC-NAME
+  vpc-cidr        = var.VPC-CIDR
+  igw-name        = var.IGW-NAME
+  public-cidr1    = var.PUBLIC-CIDR1
+  public-subnet1  = var.PUBLIC-SUBNET1
+  public-cidr2    = var.PUBLIC-CIDR2
+  public-subnet2  = var.PUBLIC-SUBNET2
+  private-cidr1   = var.PRIVATE-CIDR1
+  private-subnet1 = var.PRIVATE-SUBNET1
+  private-cidr2   = var.PRIVATE-CIDR2
+  private-subnet2 = var.PRIVATE-SUBNET2
+  eip-name1       = var.EIP-NAME1
+  eip-name2       = var.EIP-NAME2
+
+  ngw-name1        = var.NGW-NAME1
+  ngw-name2        = var.NGW-NAME2
+  public-rt-name1  = var.PUBLIC-RT-NAME1
+  public-rt-name2  = var.PUBLIC-RT-NAME2
+  private-rt-name1 = var.PRIVATE-RT-NAME1
+  private-rt-name2 = var.PRIVATE-RT-NAME2
+}
+
+module "security-group" {
+  source = "../modules/security-group"
+
+  vpc-name    = var.VPC-NAME
+  alb-sg-name = var.ALB-SG-NAME
+  web-sg-name = var.WEB-SG-NAME
+  db-sg-name  = var.DB-SG-NAME
+
+  depends_on = [module.vpc]
+}
+
+module "rds" {
+  source = "../modules/aws-rds"
+
+  sg-name              = var.SG-NAME
+  private-subnet-name1 = var.PRIVATE-SUBNET1
+  private-subnet-name2 = var.PRIVATE-SUBNET2
+  db-sg-name           = var.DB-SG-NAME
+  rds-username         = var.RDS-USERNAME
+  rds-pwd              = var.RDS-PWD
+  db-name              = var.DB-NAME
+  rds-name             = var.RDS-NAME
+
+  depends_on = [module.security-group]
+}
+
+module "alb" {
+  source = "../modules/alb-tg"
+
+  public-subnet-name1 = var.PUBLIC-SUBNET1
+  public-subnet-name2 = var.PUBLIC-SUBNET2
+  web-alb-sg-name     = var.ALB-SG-NAME
+  alb-name            = var.ALB-NAME
+  tg-name             = var.TG-NAME
+  vpc-name            = var.VPC-NAME
+
+  depends_on = [module.rds]
+}
+
+module "iam" {
+  source = "../modules/aws-iam"
+
+  iam-role              = var.IAM-ROLE
+  iam-policy            = var.IAM-POLICY
+  instance-profile-name = var.INSTANCE-PROFILE-NAME
+
+  depends_on = [module.alb]
+}
+
+module "autoscaling" {
+  source = "../modules/aws-autoscaling"
+
+  ami_name              = var.AMI-NAME
+  launch-template-name  = var.LAUNCH-TEMPLATE-NAME
+  instance-profile-name = var.INSTANCE-PROFILE-NAME
+  web-sg-name           = var.WEB-SG-NAME
+  tg-name               = var.TG-NAME
+  iam-role              = var.IAM-ROLE
+  public-subnet-name1   = var.PUBLIC-SUBNET1
+  public-subnet-name2   = var.PUBLIC-SUBNET2
+  asg-name              = var.ASG-NAME
+
+  depends_on = [module.iam]
+}
+
+module "route53" {
+  source = "../modules/aws-waf-cdn-acm-route53"
+
+  domain-name  = var.DOMAIN-NAME
+  cdn-name     = var.CDN-NAME
+  alb-name     = var.ALB-NAME
+  web_acl_name = var.WEB-ACL-NAME
+
+  depends_on = [ module.autoscaling ]
+}

DevOps Project-11/modules/alb-tg/gather.tf

@@ -0,0 +1,27 @@
+data "aws_subnet" "public-subnet1" {
+  filter {
+    name   = "tag:Name"
+    values = [var.public-subnet-name1]
+  }
+}
+
+data "aws_subnet" "public-subnet2" {
+  filter {
+    name   = "tag:Name"
+    values = [var.public-subnet-name2]
+  }
+}
+
+data "aws_security_group" "web-alb-sg" {
+  filter {
+    name   = "tag:Name"
+    values = [var.web-alb-sg-name]
+  }
+}
+
+data "aws_vpc" "vpc" {
+  filter {
+    name   = "tag:Name"
+    values = [var.vpc-name]
+  }
+}

DevOps Project-11/modules/alb-tg/main.tf

@@ -0,0 +1,55 @@
+# Creating ALB for Web Tier
+resource "aws_lb" "web-elb" {
+  name = var.alb-name
+  internal           = false
+  load_balancer_type = "application"
+  subnets            = [data.aws_subnet.public-subnet1.id, data.aws_subnet.public-subnet2.id]
+  security_groups    = [data.aws_security_group.web-alb-sg.id]
+  ip_address_type    = "ipv4"
+  enable_deletion_protection = false
+  tags = {
+    Name = var.alb-name
+  }
+}
+
+# Creating Target Group for Web-Tier 
+resource "aws_lb_target_group" "web-tg" {
+  name = var.tg-name
+  health_check {
+    enabled = true
+    interval            = 10
+    path                = "/"
+    protocol            = "HTTP"
+    timeout             = 5
+    healthy_threshold   = 5
+    unhealthy_threshold = 2
+  }
+  target_type = "instance"
+  port     = 80
+  protocol = "HTTP"
+  vpc_id   = data.aws_vpc.vpc.id
+
+  tags = {
+    Name = var.tg-name
+  }
+
+  lifecycle {
+    prevent_destroy = false
+  } 
+  depends_on = [ aws_lb.web-elb ]
+}
+
+
+# Creating ALB listener with port 80 and attaching it to Web-Tier Target Group
+resource "aws_lb_listener" "web-alb-listener" {
+  load_balancer_arn = aws_lb.web-elb.arn
+  port              = 80
+  protocol          = "HTTP"
+
+  default_action {
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.web-tg.arn
+  }
+
+  depends_on = [ aws_lb.web-elb ]
+}

DevOps Project-11/modules/alb-tg/variables.tf

@@ -0,0 +1,6 @@
+variable "public-subnet-name1" {}
+variable "public-subnet-name2" {}
+variable "web-alb-sg-name" {}
+variable "alb-name" {}
+variable "tg-name" {}
+variable "vpc-name" {}

DevOps Project-11/modules/aws-autoscaling/deploy.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+
+apt-get update -y
+apt-get upgrade -y
+apt-get -y install nginx
+cd /var/www/html
+wget https://www.tooplate.com/zip-templates/2135_mini_finance.zip
+apt install unzip
+unzip 2135_mini_finance.zip
+rm -rf 2135_mini_finance.zip index.nginx-debian.html
+cd 2135_mini_finance/
+mv * ../
+rm -rf 2135_mini_finance/
+systemctl enable nginx
+systemctl restart nginx
+apt install mysql-server -y

DevOps Project-11/modules/aws-autoscaling/gather.tf

@@ -0,0 +1,41 @@
+data "aws_ami" "ami" {
+  most_recent = true
+
+  filter {
+    name   = "name"
+    values = ["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*"]
+  }
+
+  owners = ["099720109477"] 
+}
+
+data "aws_security_group" "web-sg" {
+  filter {
+    name   = "tag:Name"
+    values = [var.web-sg-name]
+  }
+}
+
+data "aws_subnet" "public-subnet1" {
+  filter {
+    name   = "tag:Name"
+    values = [var.public-subnet-name1]
+  }
+}
+
+data "aws_subnet" "public-subnet2" {
+  filter {
+    name   = "tag:Name"
+    values = [var.public-subnet-name2]
+  }
+}
+
+data "aws_lb_target_group" "tg" {
+  tags = {
+    Name = var.tg-name
+  }
+}
+
+data "aws_iam_instance_profile" "instance-profile" {
+  name = var.instance-profile-name
+}