lab0 and part of lab1

2024-12-02 21:32:48 +01:00 · 2024-12-02 21:32:48 +01:00 · 51da0f7cc8
commit 51da0f7cc8
11 changed files with 295 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,40 @@
+.env
+keypairs/*
+
+### Terraform ###
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+
+# End of https://www.toptal.com/developers/gitignore/api/terraform
--- a/.tool-versions
+++ b/.tool-versions
@ -0,0 +1,2 @@
+terraform 1.10.0
+packer 1.11.2
--- a/cmd.txt
+++ b/cmd.txt
@ -0,0 +1,3 @@
+ssh -o ControlMaster=no -o IdentitiesOnly=yes -i keypairs/user0 admin@
+
+curl -fsS http://169.254.169.254/latest/meta-data/ami-id
--- a/keypairs/.keep
+++ b/keypairs/.keep
--- a/lab0/disassociate_role.sh
+++ b/lab0/disassociate_role.sh
@ -0,0 +1,8 @@
+#!/bin/sh -eu
+
+export AWS_PAGER=""
+
+aws ec2 describe-iam-instance-profile-associations --filters "Name=instance-id,Values=$1" \
+| jq -r '.IamInstanceProfileAssociations[0].AssociationId' \
+| xargs -n 1 aws ec2 disassociate-iam-instance-profile --association-id 
+
--- a/lab0/gen_keypairs.sh
+++ b/lab0/gen_keypairs.sh
@ -0,0 +1,11 @@
+#!/bin/sh -eu
+
+N=${1}  # how many keys to create
+
+mkdir -p keypairs
+
+for i in $(seq $N);
+do
+  keyfile="../keypairs/user${i}"
+  [ -s $keyfile ] || ssh-keygen -q -t ed25519 -P "" -C "user${i}@packerlab" -f $keyfile 
+done
--- a/lab0/main.tf
+++ b/lab0/main.tf
@ -0,0 +1,67 @@
+provider "aws" {
+  region = var.region
+}
+
+resource "aws_key_pair" "my_keys" {
+  count = var.group_count
+  key_name   = "user${count.index}-key"
+  public_key = file("../keypairs/user${count.index}.pub")
+}
+
+resource "aws_security_group" "allow_ssh" {
+  name        = "allow_ssh"
+  description = "Allow SSH inbound traffic"
+  
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["82.67.50.62/32"]  # Allow SSH from this IP
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"  # Allow all outbound traffic
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_instance" "labtops" {
+  count = var.group_count
+  ami           = var.ami_id
+  instance_type = var.instance_type
+  key_name      = aws_key_pair.my_keys[count.index].key_name
+  security_groups = [aws_security_group.allow_ssh.name]
+
+  #iam_instance_profile = aws_iam_instance_profile.ec2_ami_instance_profile.name
+
+  tags = {
+    Name = "labtop #${count.index}"
+    Owner = "seco"
+  }
+
+  # Enable public IP
+  associate_public_ip_address = true
+}
+
+output "instance_id" {
+  value = aws_instance.labtops[*].id
+}
+
+output "public_ip" {
+  value = aws_instance.labtops[*].public_ip
+}
+
+variable "region" {
+  type = string
+}
+variable "group_count" {
+  type = number
+}
+variable "ami_id" {
+  type = string
+}
+variable "instance_type" {
+  type = string
+}
--- a/lab0/role.tf
+++ b/lab0/role.tf
@ -0,0 +1,68 @@
+# Create an IAM role
+resource "aws_iam_role" "ec2_ami_role" {
+  name = "ec2-ami-role"
+
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action    = "sts:AssumeRole"
+        Principal = {
+          Service = "ec2.amazonaws.com"
+        }
+        Effect    = "Allow"
+        Sid       = ""
+      },
+    ]
+  })
+}
+
+# Attach the policy that allows creating AMIs
+resource "aws_iam_policy" "ec2_ami_policy" {
+  name        = "ec2-ami-policy"
+  description = "Policy to allow EC2 instances to create AMIs"
+
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Effect = "Allow"
+        Action = [
+          "ec2:DescribeRegions",
+          "ec2:DescribeImages",
+          "ec2:DescribeInstances",
+          "ec2:DescribeVolumes",
+          "ec2:DescribeTags",
+          "ec2:CreateTags",
+          "ec2:CreateKeyPair",
+          "ec2:DeleteKeyPair",
+          "ec2:CreateImage",
+          "ec2:ModifyImageAttribute",
+          "ec2:DeregisterImage",
+          "ec2:DeleteSnapshot",
+          "ec2:RunInstances",
+          "ec2:StopInstances",
+          "ec2:TerminateInstances",
+          "ec2:CreateSecurityGroup",
+          "ec2:DescribeSecurityGroups",
+          "ec2:AuthorizeSecurityGroupIngress",
+          "ec2:AuthorizeSecurityGroupEgress",
+          "ec2:DeleteSecurityGroup",
+        ]
+        Resource = "*"
+      },
+    ]
+  })
+}
+
+# Attach the policy to the role
+resource "aws_iam_role_policy_attachment" "ec2_ami_role_policy_attachment" {
+  role       = aws_iam_role.ec2_ami_role.name
+  policy_arn = aws_iam_policy.ec2_ami_policy.arn
+}
+
+# Create an IAM instance profile to associate the role with the EC2 instance
+resource "aws_iam_instance_profile" "ec2_ami_instance_profile" {
+  name = "ec2-ami-instance-profile"
+  role = aws_iam_role.ec2_ami_role.name
+}
--- a/lab0/terraform.tfvars
+++ b/lab0/terraform.tfvars
@ -0,0 +1,4 @@
+region = "eu-west-1"
+group_count = 1
+ami_id = "ami-0715d656023fe21b4"  # Debian 12
+instance_type = "t2.micro"
--- a/lab1/debian-apache-ami.pkr.hcl
+++ b/lab1/debian-apache-ami.pkr.hcl
@ -0,0 +1,53 @@
+packer {
+  required_plugins {
+    amazon = {
+      version = ">= 1.3"
+      source  = "github.com/hashicorp/amazon"
+    }
+  }
+}
+
+variable "region" {
+  type    = string
+  default = "eu-west-1"  # ireland
+}
+
+variable "ami_source_id" {
+  type    = string
+  default = "ami-0715d656023fe21b4"  # debian 12 ireland
+}
+
+variable "ami_name" {
+  type    = string
+  default = "debian-apache-{{timestamp}}"
+}
+
+source "amazon-ebs" "debian" {
+  #access_key   = var.aws_access_key
+  #secret_key   = var.aws_secret_key
+  region       = var.region
+  source_ami   = var.ami_source_id
+  instance_type = "t2.micro"
+  ssh_username  = "admin"
+  ami_name      = var.ami_name
+  ami_description = "Debian AMI with Apache HTTP Server"
+  ssh_wait_timeout = "10m"
+  tags = {
+    Name        = var.ami_name
+    Purpose = "packer lab"
+  }
+}
+
+build {
+  sources = ["source.amazon-ebs.debian"]
+
+  provisioner "shell" {
+    inline = [
+      "sudo apt-get update",
+      "sudo DEBIAN_FRONTEND=noninteractive apt-get install -y apache2",
+      "echo '<h1>hello lab one</h1>' | sudo tee /var/www/html/index.html",
+      "sudo systemctl enable apache2",
+      "sudo systemctl start apache2"
+    ]
+  }
+}
--- a/lab1/main.tf
+++ b/lab1/main.tf
@ -0,0 +1,39 @@
+provider "aws" {
+  region = "eu-west-1"
+}
+
+resource "aws_security_group" "allow_http" {
+  name        = "allow_http"
+  description = "Allow HTTP inbound traffic"
+  
+  ingress {
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]  # Allow HTTP from anywhere
+  }
+}
+
+resource "aws_instance" "my_webserver" {
+  ami           = var.ami_id
+  instance_type = "t2.micro"
+  security_groups = [aws_security_group.allow_http.name]
+
+  tags = {
+    Name = "my http server"
+  }
+
+  associate_public_ip_address = true
+}
+
+output "instance_id" {
+  value = aws_instance.my_webserver.id
+}
+
+output "public_ip" {
+  value = aws_instance.my_webserver.public_ip
+}
+
+variable "ami_id" {
+  type = string
+}