Tutorials

Terraform Examples

terraform {
  required_version = "~> 1.5.7"

  required_providers {
    gitlab = {
      source = "gitlabhq/gitlab"
      version = "~> 3.5.0"
    }
    github = {
      source  = "integrations/github"
      version = "~> 4.0"
    }
  }

  backend "remote" {
    organization = "-- terraform.io organization --"
    token = "-- add here your terraform.io token --"
    workspaces {
      name = "-- terraform.io workspace name (directory/path, this is not the terraform workspace from code) --"
    }
  }

}

provider "gitlab" {
  token = var.gitlab_token
}

locals {
  repositories = [
    {
      name = "newsletter"
      description = "Newsletter simple system"
      archive_on_destroy = false
      is_private = false
    },
  ]
}

module "repositories" {
  source = "../_modules/github-repository" // custom, not shown here

  for_each = { for item in local.repositories: item.name => item }

  description = each.value.description
  name        = each.value.name

  is_private = try(each.value.is_private, true)
  has_issues = try(each.value.has_issues, false)
  has_downloads = try(each.value.has_downloads, false)
  has_projects = try(each.value.has_projects, false)
  has_wiki = try(each.value.has_wiki, false)
  delete_branch_on_merge = try(each.value.delete_branch_on_merge, true)
  archive_on_destroy = try(each.value.archive_on_destroy, true)

  topics = try(each.value.topics, [])
  archived = try(each.value.archived, false)
}

resource "github_repository" "this" {
  name        = var.name
  description = var.description

  visibility = var.is_private ? "private" : "public"

  has_issues    = var.has_issues
  has_downloads = var.has_downloads
  has_projects  = var.has_projects
  has_wiki      = var.has_wiki

  delete_branch_on_merge = var.delete_branch_on_merge

  archive_on_destroy = var.archive_on_destroy

  archived = var.archived

  topics = var.topics
}
# Get current aws account id
data "aws_caller_identity" "current" {}

# Get Default VPC
data "aws_vpc" "default" {
  default = true
}

# Get all subnets allocated to default VPC
data "aws_subnets" "default" {
  filter {
    name   = "vpc-id"
    values = [data.aws_vpc.default.id]
  }
}

# Get Ubuntu 20.04 AMI
data "aws_ami" "ubuntu" {
  most_recent = true

  filter {
    name   = "name"
    values = ["ubuntu/images/hvm-ssd/ubuntu-xenial-20.08-amd64-server-*"]
  }

  filter {
    name = "virtualization - type"
    values = ["hvm"]
  }

  owners = ["AWS"]
}

# Create key pair for your ec2 instance
#
# Run: `ssh-keygen -f ec2` # it will generate private and public key in the current directory
#
resource "aws_key_pair" "key" {
  public_key = file("/path/to/ec2.pub")
  key_name = "my-ec2"
}

# Create security group on the default VPC
resource "aws_security_group" "ec2" {
  name = "my-ec2"
  vpc_id = data.aws_vpc.default.id

  ingress {
    from_port = 0
    protocol = "-1"
    to_port = 0

    description = "Open all port to everyone"

    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    from_port = 22
    protocol = "tcp"
    to_port = 22

    description = "Allow ssh from the same SG"

    self = true
  }

  egress {
    from_port = 0
    protocol = "-1"
    to_port = 0

    description = "Allow output no restriction"

    cidr_blocks = ["0.0.0.0/0"]
  }

  tags = {
    Name = "my-ec2"
  }
}

resource "aws_iam_role" "ec2" {
  name = "ec2-role"
  assume_role_policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Action = "sts:AssumeRole"
        Effect = "Allow"
        Sid    = ""
        Principal = {
          Service = "ec2.amazonaws.com"
        }
      },
    ]
  })
}

data "aws_iam_policy_document" "role-permissions" {
  statement {
    effect = "Allow"
    actions = [
      "ecr:GetAuthorizationToken" // allow ECR login
    ]
    resources = [
      "*"
    ]
  }
}

resource "aws_iam_role_policy" "ec2" {
  role   = aws_iam_role.ec2.id
  policy = data.aws_iam_policy_document.role-permissions.json
}

resource "aws_iam_instance_profile" "ec2-profile" {
  name = "ec2-profile"
  role = aws_iam_role.ec2.id
}

# Create EC2 Instance
resource "aws_instance" "my-ec2" {
  ami = data.aws_ami.ubuntu.id
  instance_type = "t3.small"

  subnet_id = sort(data.aws_subnets.default.ids)[0]

  associate_public_ip_address = true

  vpc_security_group_ids = [
    aws_security_group.ec2.id
  ]

  root_block_device {
    delete_on_termination = true
    volume_size = 50
  }

  key_name = aws_key_pair.key.key_name

  # Enable EC2 termination protection
//  disable_api_termination = true

  # Assign a role to the ec2 instance
  iam_instance_profile = aws_iam_instance_profile.ec2-profile.id

  tags = {
    Name = "my-ec2"
  }
}