main file to define our infrastructure resources

akhil27051999 · akhil27051999 · commit 66a17e34f2ef · 2025-11-06T19:25:25.000Z
diff --git a/terraform/main.tf b/terraform/main.tf
@@ -0,0 +1,206 @@
+# This block configures Terraform itself - it's like "settings" for how Terraform should run our code.
+# This prevents surprises and makes our infrastructure more reliable!
+
+terraform {
+    required_version = ">=1.0"
+    required_providers {
+        aws = {
+            source = "hashicorp/aws"
+            version = "~>5.0"
+        }
+    }
+}
+
+# AWS provider
+
+provider "aws" {
+    region = var.aws_region
+}
+
+# VPC
+
+resource "aws_vpc" "main" {
+    cidr_block = var.vpc_cidr
+    enable_dns_hostnames = true
+    enable_dns_support = true
+
+    tags = {
+        Name = "${var.project_name}-vpc"
+    }
+}
+
+# Internet Gateway
+
+resource "aws_internet_gateway" "main" {
+    vpc_id = aws_vpc.main.id
+
+    tags = {
+        Name = "${var.project_name}-igw"
+    }
+}
+
+# Public Subnet
+resource "aws_subnet" "public" {
+    vpc_id = aws_vpc.main.id
+    cidr_block = var.public_subnet_cidr
+    availability_zone = var.availability_zone
+    map_public_ip_on_launch = true
+
+    tags = {
+        Name = "${var.project_name}-public-subnet"
+    }
+}
+
+# Route Table for Public Subnet
+resource "aws_route_table" "public" {
+    vpc_id = aws_vpc.main.id
+
+    route {
+        cidr_block = "0.0.0.0/0"
+        gateway_id = aws_internet_gateway.main.id
+    }
+
+    tags = {
+        Name = "${var.project_name}-public-rt"
+    }
+}
+
+# Route Table Association
+resource "aws_route_table_association" "public" {
+    subnet_id = aws_subnet.public.id
+    route_table_id = aws_route_table.public.id
+}
+
+# Security Group
+resource "aws_security_group" "api_server" {
+    name = "${var.project_name}-sg"
+    description = "Security group for API server"
+    vpc_id = aws_vpc.main.id
+
+    ingress {
+        description = "SSH"
+        from_port = 22
+        to_port = 22
+        protocol = "tcp"
+        cidr_blocks = ["0.0.0.0/0"]
+    }
+
+    ingress {
+        description = "HTTP"
+        from_port = 80
+        to_port = 80
+        protocol = "tcp"
+        cidr_blocks = ["0.0.0.0/0"]
+    }
+
+    ingress {
+        description = "HTTPS"
+        from_port = 443
+        to_port = 443
+        protocol = "tcp"
+        cidr_blocks = ["0.0.0.0/0"]
+    }
+
+    ingress {
+        description = "Kubernetes API"
+        from_port = 6443
+        to_port = 6443
+        protocol = "tcp"
+        cidr_blocks = ["0.0.0.0/0"]
+    }
+
+    egress {
+        from_port = 0
+        to_port = 0
+        protocol = "-1"
+        cidr_blocks = ["0.0.0.0/0"]
+    }
+
+    tags = {
+        Name = "${var.project_name}-sg"
+    }
+}
+
+# IAM Role for EC2
+
+resource "aws_iam_role" "ec2_role" {
+    name = "${var.project_name}-ec2-role"
+
+    assume_role_policy = jsonencode({
+        Version = "2012-10-17"
+        Statement = [
+            {
+                Action = "sts:AssumeRole"
+                Effect = "Allow"
+                Principal = {
+                    Service = "ec2.amazonaws.com"
+                }
+            }
+        ]
+
+    })
+
+    tags = {
+        Name = "${var.project_name}-ec2-role"
+    }
+}
+
+# IAM Role Policy Attachment
+
+resource "aws_iam_role_policy_attachment" "ec2_ssm" {
+    role = aws_iam_role.ec2_role.name
+    policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
+}
+
+resource "aws_iam_role_policy_attachment" "ec2_s3" {
+    role       = aws_iam_role.ec2_role.name
+    policy_arn = "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"
+}
+
+resource "aws_iam_role_policy_attachment" "ec2_ecr" {
+    role       = aws_iam_role.ec2_role.name
+    policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
+}
+
+# IAM Instance Profile
+
+resource "aws_iam_instance_profile" "ec2_profile" {
+    name = "${var.project_name}-ec2-profile"
+    role = aws_iam_role.ec2_role.name
+}
+
+# EC2 Instance
+
+resource "aws_instance" "api_server" {
+    ami = var.ami_id
+    instance_type = var.instance_type
+    key_name = var.key_name
+    subnet_id = aws_subnet.public.id
+    vpc_security_group_ids = [aws_security_group.api_server.id]
+    iam_instance_profile = aws_iam_instance_profile.ec2_profile.name
+
+    root_block_device {
+        volume_type = "gp3"
+        volume_size = 50
+        encrypted = true
+    }
+
+    tags = {
+        Name = "${var.project_name}-api_server"
+    }
+
+    lifecycle {
+        ignore_changes = [ami]
+    }
+}
+
+# Elastic IP
+
+resource "aws_eip" "api_server" {
+    instance = aws_instance.api_server.id
+    domain = "vpc"
+
+    tags = {
+        Name = "${var.project_name}-eip"
+    }
+}
