From d1e7574cf9bf794d458937356eb15965b2032efd Mon Sep 17 00:00:00 2001 From: witch Date: Mon, 16 Jun 2025 18:48:28 -0700 Subject: [PATCH] Finish lab 3 --- lab-3/terraform/main.tf | 135 +++++++++++++++++++++++++++++++++++ lab-3/terraform/providers.tf | 20 ++++++ 2 files changed, 155 insertions(+) create mode 100644 lab-3/terraform/main.tf create mode 100644 lab-3/terraform/providers.tf diff --git a/lab-3/terraform/main.tf b/lab-3/terraform/main.tf new file mode 100644 index 0000000..b32c9b1 --- /dev/null +++ b/lab-3/terraform/main.tf @@ -0,0 +1,135 @@ +resource "aws_instance" "my_first_linux" { + instance_type = "t2.micro" + ami = "ami-06971c49acd687c30" + + security_groups = ["ssh-access-witch"] + + tags = { + Name = "labs" + } +} + +resource "aws_s3_bucket" "resume-bucket" { + tags = { + Name = "labs" + } +} + +resource "aws_s3_bucket" "lab-bucket" { + tags = { + Name = "labs" + } +} + +## Security Group +resource "aws_security_group" "ec2_security_group" { + description = "Restrict SSH to my IP" +} + +resource "aws_security_group" "default" { + description = "default VPC security group" +} + + +## Roles +resource "aws_iam_role" "daphodell_role" { + assume_role_policy = jsonencode({ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Service": "ec2.amazonaws.com" + }, + "Action": "sts:AssumeRole" + }, + { + "Effect": "Allow", + "Principal": { + "AWS": var.ACCOUNT_ROOT_ARN + }, + "Action": "sts:AssumeRole", + "Condition": { + "BoolIfExists": { + "aws:MultiFactorAuthPresent": "true" + } + } + } + ]}) + tags = { + Name = "labs" + } +} + +## Policies +## Allow user CLI -> S3 read/write +resource "aws_iam_policy" "assume_role_s3_policy" { + policy = jsonencode({ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": "sts:AssumeRole", + "Resource": aws_iam_role.daphodell_role.arn + } + ] + }) + tags = { + Name = "labs" + } +} + +## Allow ec2 -> s3 read/write +resource "aws_iam_policy" "ec2_s3_policy" { + policy = jsonencode({ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": "s3:ListBucket", + "Resource": "arn:aws:s3:::witch-lab-3" + }, + { + "Effect": "Allow", + "Action": "s3:GetObject", + "Resource": "arn:aws:s3:::witch-lab-3/*" + } + ] + }) + tags = { + Name = "labs" + } +} + +# Create AMI +resource "aws_ami_from_instance" "ami_snapshot" { + name = "ami-snapshot-2025-06-17" + source_instance_id = aws_instance.my_first_linux.id + snapshot_without_reboot = true + + tags = { + Name = "labs" + } +} + +# Launch new instance from AMI +resource "aws_instance" "my_second_linux" { + instance_type = "t2.micro" + ami = aws_ami_from_instance.ami_snapshot.id + security_groups = ["ssh-access-witch"] + + tags = { + Name = "labs" + } +} + + + + + + + + + + + \ No newline at end of file diff --git a/lab-3/terraform/providers.tf b/lab-3/terraform/providers.tf new file mode 100644 index 0000000..b801095 --- /dev/null +++ b/lab-3/terraform/providers.tf @@ -0,0 +1,20 @@ +provider "aws" { + region = "us-east-2" +} + +variable "EC2_INSTANCE_ID" { + description = "ID of the EC2 instance" + type = string +} + +variable "ASSUME_ROLE_POLICY" { + type = string +} + +variable "EC2_POLICY" { + type = string +} + +variable "ACCOUNT_ROOT_ARN" { + type = string +} \ No newline at end of file