resource "aws_iam_role" "cw_logs_role" {
name = "cw_logs_role"
assume_role_policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = "sts:AssumeRole"
Effect = "Allow"
Principal = {
Service = "logs.amazonaws.com"
}
},
]
})
}
resource "aws_iam_policy" "cw_logs_policy" {
name = "cwLogsPolicy"
description = "Policy for CloudWatch Logs access"
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:DescribeLogStreams"
],
Effect = "Allow",
Resource = "arn:aws:logs:*:*:*"
},
]
})
}
resource "aws_iam_role_policy_attachment" "cw_logs_attach" {
role = aws_iam_role.cw_logs_role.name
policy_arn = aws_iam_policy.cw_logs_policy.arn
}
28. IAM Role for Elastic Beanstalk Environment
resource "aws_iam_role" "eb_role" {
name = "eb_role"
assume_role_policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = "sts:AssumeRole"
Effect = "Allow"
Principal = {
Service = "elasticbeanstalk.amazonaws.com"
}
},
]
})
}
resource "aws_iam_role_policy" "eb_policy" {
role = aws_iam_role.eb_role.id
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = [
"ec2:Describe*",
"elasticloadbalancing:Describe*",
"autoscaling:Describe*",
"s3:GetObject"
],
Effect = "Allow",
Resource = "*"
},
]
})
}
29. IAM Role for DynamoDB Access
resource "aws_iam_role" "dynamodb_role" {
name = "dynamodb_role"
assume_role_policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = "sts:AssumeRole"
Effect = "Allow"
Principal = {
Service = "dynamodb.amazonaws.com"
}
},
]
})
}
resource "aws_iam_policy" "dynamodb_policy" {
name = "DynamoDBAccessPolicy"
description = "Policy that allows access to DynamoDB"
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = [
"dynamodb:GetItem",
"dynamodb:PutItem",
"dynamodb:UpdateItem",
"dynamodb:DeleteItem"
],
Effect = "Allow",
Resource = "arn:aws:dynamodb:us-west-2:123456789012:table/MyTable"
},
]
})
}
resource "aws_iam_role_policy_attachment" "dynamodb_attach" {
role = aws_iam_role.dynamodb_role.name
policy_arn = aws_iam_policy.dynamodb_policy.arn
}
30. IAM Role for EKS Cluster
resource "aws_iam_role" "eks_role" {
name = "eks_role"
assume_role_policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = "sts:AssumeRole"
Effect = "Allow"
Principal = {
Service = "eks.amazonaws.com"
}
},
]
})
}
resource "aws_iam_policy" "eks_policy" {
name = "EKSClusterPolicy"
description = "Policy for EKS cluster management"
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = [
"eks:CreateCluster",
"eks:DeleteCluster",
"eks:DescribeCluster",
"eks:ListClusters",
"eks:UpdateClusterVersion",
"eks:UpdateClusterConfig"
],
Effect = "Allow",
Resource = "*"
},
]
})
}
resource "aws_iam_role_policy_attachment" "eks_attach" {
role = aws_iam_role.eks_role.name
policy_arn = aws_iam_policy.eks_policy.arn
}
31-40: RDS and DynamoDB Instances
31. Basic RDS Instance
resource "aws_db_instance" "example_rds" {
allocated_storage = 20
engine = "mysql"
engine_version = "5.7"
instance_class = "db.t2.micro"
name = "mydb"
username = "user"
password = "pass1234"
}
32. Multi-AZ RDS for High Availability
resource "aws_db_instance" "example_rds_multi_az" {
allocated_storage = 20
engine = "mysql"
engine_version = "5.7"
instance_class = "db.t2.micro"
multi_az = true
name = "mydb"
username = "user"
password = "pass1234"
}
33. RDS with Read Replica
resource "aws_db_instance" "example_rds_replica" {
replicate_source_db = aws_db_instance.example_rds.id
instance_class = "db.t2.micro"
}
34. Encrypted RDS Instance
resource "aws_db_instance" "example_rds_encrypted" {
allocated_storage = 20
engine = "mysql"
engine_version = "5.7"
instance_class = "db.t2.micro"
storage_encrypted = true
name = "mydb"
username = "user"
password = "pass1234"
}
35. DynamoDB Table with Auto Scaling
resource "aws_dynamodb_table" "example_dynamodb" {
name = "example_table"
billing_mode = "PROVISIONED"
read_capacity = 5
write_capacity = 5
hash_key = "id"
attribute {
name = "id"
type = "S"
}
}
36. RDS Instance with Backup Configuration
resource "aws_db_instance" "example_rds_backup" {
allocated_storage = 20
engine = "mysql"
engine_version = "5.7"
instance_class = "db.t2.micro"
backup_retention_period = 7
name = "mydb"
username = "user"
password = "pass1234"
}
37. DynamoDB Table for Session Management
resource "aws_dynamodb_table" "example_dynamodb_sessions" {
name = "sessions_table"
billing_mode = "PROVISIONED"
read_capacity = 10
write_capacity = 10
hash_key = "session_id"
attribute {
name = "session_id"
type = "S"
}
}
38. RDS Instance with Parameter Group
resource "aws_db_parameter_group" "example_param_group" {
name = "example_parameter_group"
family = "mysql5.7"
parameter {
name = "character_set_server"
value = "utf8mb4"
}
}
resource "aws_db_instance" "example_rds_param" {
allocated_storage = 20
engine = "mysql"
engine_version = "5.7"
instance_class = "db.t2.micro"
parameter_group_name = aws_db_parameter_group.example_param_group.name
name = "mydb"
username = "user"
password = "pass1234"
}
39. DynamoDB Table with Stream Enabled
resource "aws_dynamodb_table" "example_dynamodb_streams" {
name = "example_streams_table"
billing_mode = "PROVISIONED"
read_capacity = 10
write_capacity = 10
hash_key = "id"
attribute {
name = "id"
type = "S"
}
stream_enabled = true
stream_view_type = "NEW_AND_OLD_IMAGES"
}
40. RDS Instance with Enhanced Monitoring
resource "aws_db_instance" "example_rds_monitoring" {
allocated_storage = 20
engine = "mysql"
engine_version = "5.7"
instance_class = "db.t2.micro"
monitoring_interval = 30
monitoring_role_arn = aws_iam_role.example_monitoring_role.arn
name = "mydb"
username = "user"
password = "pass1234"
}
41-50: VPC and Networking
41. Basic VPC Creation
resource "aws_vpc" "example_vpc" {
cidr_block = "10.0.0.0/16"
}
42. Subnet in a VPC
resource "aws_subnet" "example_subnet" {
vpc_id = aws_vpc.example_vpc.id
cidr_block = "10.0.1.0/24"
}
43. Internet Gateway for a VPC
resource "aws_internet_gateway" "example_igw" {
vpc_id = aws_vpc.example_vpc.id
}
44. NAT Gateway for Private Subnet
resource "aws_eip" "example_eip" {
vpc = true
}
resource "aws_nat_gateway" "example_nat" {
subnet_id = aws_subnet.example_subnet.id
allocation_id = aws_eip.example_eip.id
}
45. VPC Peering Connection
resource "aws_vpc_peering_connection" "example_peer" {
peer_vpc_id = aws_vpc.peer_vpc.id
vpc_id = aws_vpc.example_vpc.id
}
46. Security Group with Custom Rules
resource "aws_security_group" "example_sg" {
vpc_id = aws_vpc.example_vpc.id
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
}
47. Route Table for Subnet
resource "aws_route_table" "example_rt" {
vpc_id = aws_vpc.example_vpc.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.example_igw.id
}
}
48. Elastic Load Balancer (ELB) in VPC
resource "aws_elb" "example_elb" {
name = "example-elb"
availability_zones = ["us-west-2a", "us-west-2b"]
listener {
instance_port = 80
instance_protocol = "HTTP"
lb_port = 80
lb_protocol = "HTTP"
}
}
49. VPN Connection to a VPC
resource "aws_vpn_connection" "example_vpn" {
customer_gateway_id = aws_customer_gateway.example_cg.id
type = "ipsec.1"
vpn_gateway_id = aws_vpn_gateway.example_vgw.id
}
50. AWS Direct Connect for a VPC
resource "aws_dx_connection" "example_dx" {
name = "example-dx-conn"
bandwidth = "1Gbps"
location = "EqDC2"
}
No comments:
Post a Comment