Access Jenkins Dashboard

--> Open your Jenkins dashboard.

Navigate to Plugin Installation

--> Click on "Manage Jenkins" in the dashboard.

Access System Configuration

--> Under "System Configuration," locate the "Plugins" section.

Search for AWS Credentials Plugin

-->In the "Plugins" section, click on "Available Plugins." Use the search bar to find "AWS Credentials" among the available plugins.

Install the AWS Credentials Plugin

--> Once you locate the "AWS Credentials" plugin, click on "Install."

Restart Jenkins

--> After the installation is complete, restart Jenkins to apply the changes

Part 2: Configure AWS Access Key ID and Secret Access Key Using the Plugin

Access Jenkins Dashboard

--> Open your Jenkins dashboard.

Navigate to Credentials

--> Under "Security," click on "Credentials."

Access Global Credentials (Unrestricted)

--> Click on "System" and then "Global credentials (unrestricted)."

Add AWS Credentials

--> Click on "Add credentials."

Select AWS Credentials

--> In the "Kind" section, select "AWS Credentials."

Configure AWS Credentials

Fill in the following details:

--> ID: Give your credentials a unique identifier.

--> Description: Add a description of your credentials.

--> Access Key ID: Enter your AWS Access Key ID.

--> Secret Access Key: Enter your AWS Secret Access Key.

Save Credentials Save the credentials to store them securely.

Part 3: Build a Pipeline project to List Buckets Using AWS Credentials

Access Jenkins Dashboard

--> Open your Jenkins dashboard.

Create a New Pipeline

--> Click on "New item" and select the "Pipeline" option.

--> Name your pipeline, e.g., "configure-aws-credentials-using-pipeline."

Go to the pipeline project

--> Click on "Configure" and navigate to the "Pipeline" section.

--> Add the following script in the Pipeline section.

pipeline {
    agent any
    stages {
        stage('configure aws credentials') {
            steps {
                withCredentials([[
                $class: 'AmazonWebServicesCredentialsBinding',
                accessKeyVariable: 'AWS_ACCESS_KEY_ID',
                secretKeyVariable: 'AWS_SECRET_ACCESS_KEY',
                credentialsId: 'dev-user-aws-credentials']]) 
                {
                    script 
                    {
                        sh 'aws configure set aws_access_key_id $AWS_ACCESS_KEY_ID'
                        sh 'aws configure set aws_secret_access_key $AWS_SECRET_ACCESS_KEY'
                        sh 'aws s3 ls'
                    }
                }
            }
        }
    }
}

Save the Pipeline

--> Save this pipeline configuration.

Build the Pipeline

--> After saving the pipeline click on "Build Now" to run the pipeline and configure AWS credentials.

Step 1: Project Setup

Create a directory named "Module_EC2_Instance_Windows_Project" for the project.

Inside "Module_EC2_Instance_Windows_Project," create two more directories:

"aws_ec2_instance_windows"

"module"

************************************************************************

Step 2: Module Directory

Navigate to the "module" directory.

Create four subdirectories in the module directory.

2.1: Key_Pair

2.2: VPC

2.3: Security_Group

2.4: EC2_Instance_Windows

####################################################

Step 2.1: Key_Pair Module

Inside the "Key_Pair" directory, create three files:

2.1.1: main.tf

2.1.2: variables.tf

2.1.3: outputs.tf

Step 2.1.1: Configure main.tf

Add the following code to the main.tf file in the "Key_Pair" directory:

# https://registry.terraform.io/modules/terraform-aws-modules/key-pair/aws/latest
#####################
## Key Pair - Main ##
#####################

# Generates a secure private key and encodes it as PEM
resource "tls_private_key" "key_pair" {
  algorithm = "RSA"
  rsa_bits  = 4096
}

# Create the Key Pair
resource "aws_key_pair" "key_pair" {
  key_name   = "${lower(var.app_name)}-${lower(var.app_environment)}-windows-${lower(var.region)}"  
  public_key = tls_private_key.key_pair.public_key_openssh
}

# Save file
resource "local_file" "ssh_key" {
  filename = "${aws_key_pair.key_pair.key_name}.pem"
  content  = tls_private_key.key_pair.private_key_pem
}

Step 2.1.2: Configure variables.tf

Add the necessary variables to the variables.tf file.

#######################
## Key Pair - Variables ##
#######################


variable "app_name" {}
variable "app_environment" {}
variable "region" {}

Step 2.1.3: Configure outputs.tf

Add the necessary output and their values to the outputs.tf file.

output "aws_key_name" {
  value = aws_key_pair.key_pair.key_name
}

#######################################################

Step 2.2: VPC Module

Inside the "VPC" directory, create three files:

2.2.1: main.tf

2.2.2: variables.tf

2.2.3: outputs.tf

Step 2.2.1: Configure main.tf

Add the following code to the main.tf file in the "VPC" directory:

##########################################
## Network Single AZ Public Only - Main ##
##########################################

# Create the VPC
resource "aws_vpc" "vpc" {
  cidr_block            = var.vpc_cidr
  enable_dns_hostnames  = var.dns_hostnames
  tags = {
    Name                = "${lower(var.app_name)}-${lower(var.app_environment)}-vpc"
    Environment         = var.app_environment
  }
}

# use data source to get all avalablility zones in region
data "aws_availability_zones" "available_zones" {}

# Define the public subnet
resource "aws_subnet" "public-subnet" {
  vpc_id            = aws_vpc.vpc.id
  cidr_block        = var.public_subnet_cidr
  availability_zone = data.aws_availability_zones.available_zones.names[0]
  tags = {
    Name            = "${lower(var.app_name)}-${lower(var.app_environment)}-public-subnet"
    Environment     = var.app_environment
  }
}

# Define the internet gateway
resource "aws_internet_gateway" "ig" {
  vpc_id        = aws_vpc.vpc.id
  tags = {
    Name        = "${lower(var.app_name)}-${lower(var.app_environment)}-igw"
    Environment = var.app_environment
  }
}

# Define the public route table
resource "aws_route_table" "public-rt" {
  vpc_id        = aws_vpc.vpc.id
  route {
    cidr_block  = var.public_rt_cidr_block
    gateway_id  = aws_internet_gateway.ig.id
  }
  tags = {
    Name        = "${lower(var.app_name)}-${lower(var.app_environment)}-public-subnet-rt"
    Environment = var.app_environment
  }
}

# Assign the public route table to the public subnet
resource "aws_route_table_association" "public-rt-association" {
  subnet_id      = aws_subnet.public-subnet.id
  route_table_id = aws_route_table.public-rt.id
}

Step 2.2.2: Configure variables.tf

Add the necessary variables to the variables.tf file.

##########################################
## Network Single AZ Public Only - Main ##
##########################################

# vpc variables

variable "vpc_cidr" {}
variable "dns_hostnames" {}
variable "app_name" {}
variable "app_environment" {}

#public subnet
variable "public_subnet_cidr" {}

#public route table
variable "public_rt_cidr_block" {}

#region
variable "region" {}

Step 2.2.3: Configure outputs.tf

Add the necessary output and their values to the outputs.tf file.

output "region" {
  value = var.region
}

output "app_name" {
  value = var.app_name
}

output "app_environment" {
  value = var.app_environment
}

output "vpc_id" {
  value = aws_vpc.vpc.id
}


output "publiic_subnet_id" {
  value = aws_subnet.public-subnet.id
}

output "internet_gateway" {
  value = aws_internet_gateway.ig
}

#######################################################

Step 2.3: Security_Group Module

Inside the "Security_Group" directory, create three files:

2.3.1: main.tf

2.3.2: variables.tf

2.3.3: outputs.tf

Step 2.3.1: Configure main.tf

Add the following code to the main.tf file in the "Security_Group" directory:

# Define the security group for the Windows server
resource "aws_security_group" "aws-windows-sg" {
  name        = "${lower(var.app_name)}-${var.app_environment}-windows-sg"
  description = "Allow incoming connections"
  vpc_id      = var.vpc_id

  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
    description = "Allow incoming HTTP connections"
  }

  ingress {
    from_port   = 3389
    to_port     = 3389
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
    description = "Allow incoming RDP connections"
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }

  tags = {
    Name        = "${lower(var.app_name)}-${var.app_environment}-windows-sg"
    Environment = var.app_environment
  }
}

Step 2.3.2: Configure variables.tf

Add the necessary variables to the variables.tf file.

##########################################
## Security Group ##
##########################################

variable "vpc_id" {}
variable "app_name" {}
variable "app_environment" {}

Step 2.3.3: Configure outputs.tf

Add the necessary output and their values to the outputs.tf file.

output "aws_security_group_id" {
  value = aws_security_group.aws-windows-sg.id
}

######################################################

Step 2.4: EC2_Instance_Windows Module

Inside the "EC2_Instance_Windows" directory, create three files:

2.4.1: main.tf

2.4.2: variables.tf

2.4.3: outputs.tf

2.4.4: windows-versions.tf

Step 2.4.1: Configure main.tf

Add the following code to the main.tf file in the "EC2_Instance_Windows" directory:

###################################
## Virtual Machine Module - Main ##
###################################

# Bootstrapping PowerShell Script
data "template_file" "windows-userdata" {
  template = <<EOF
<powershell>
# Rename Machine
Rename-Computer -NewName "${var.windows_instance_name}" -Force;

# Install IIS
Install-WindowsFeature -name Web-Server -IncludeManagementTools;

# Restart machine
shutdown -r -t 10;
</powershell>
EOF
}

# Create EC2 Instance
resource "aws_instance" "windows-server" {
  ami                         = data.aws_ami.windows-2019.id
  instance_type               = var.windows_instance_type
  subnet_id                   = var.publiic_subnet_id
  vpc_security_group_ids      = [var.aws_security_group_id]
  associate_public_ip_address = var.windows_associate_public_ip_address
  source_dest_check           = var.source_dest_check_tf
  key_name                    = var.aws_key_name
  user_data                   = data.template_file.windows-userdata.rendered

  # root disk
  root_block_device {
    volume_size           = var.windows_root_volume_size
    volume_type           = var.windows_root_volume_type
    encrypted             = var.root_encrypted_tf
    delete_on_termination = var.root_delete_on_termination
  }

  # extra disk
  ebs_block_device {
    device_name           = "/dev/xvda"
    volume_size           = var.windows_data_volume_size
    volume_type           = var.windows_data_volume_type
    encrypted             = var.ebs_data_encrypted
    delete_on_termination = var.ebs_delete_on_termination
  }

  tags = {
    Name        = "${lower(var.app_name)}-${var.app_environment}-windows-server"
    Environment = var.app_environment
  }
}

# Create Elastic IP for the EC2 instance
resource "aws_eip" "windows-eip" {
  domain = "vpc"  
  tags = {
    Name        = "${lower(var.app_name)}-${var.app_environment}-windows-eip"
    Environment = var.app_environment
  }
}


# Associate Elastic IP to Windows Server
resource "aws_eip_association" "windows-eip-association" {
  instance_id   = aws_instance.windows-server.id
  allocation_id = aws_eip.windows-eip.id
}

Step 2.4.2: Configure variables.tf

Add the necessary variables to the variables.tf file.

########################################
## Virtual Machine Module - Variables ##
########################################

variable "app_name" {}
variable "app_environment" {}

variable "windows_instance_name" {}

variable "windows_instance_type" {}
variable "publiic_subnet_id" {}
variable "aws_security_group_id" {}
variable "windows_associate_public_ip_address" {}
variable "source_dest_check_tf" {}
variable "aws_key_name" {}

variable "windows_root_volume_size" {}
variable "windows_root_volume_type" {}
variable "root_encrypted_tf" {}
variable "root_delete_on_termination" {}

variable "windows_data_volume_size" {}
variable "windows_data_volume_type" {}
variable "ebs_data_encrypted" {}
variable "ebs_delete_on_termination" {}

Step 2.4.3: Configure outputs.tf

Add the necessary output and their values to the outputs.tf file.

#####################################
## Virtual Machine Module - Output ##
#####################################

output "vm_windows_server_instance_name" {
  value = var.windows_instance_name
}

output "vm_windows_server_instance_id" {
  value = aws_instance.windows-server.id
}

output "vm_windows_server_instance_public_dns" {
  value = aws_instance.windows-server.public_dns
}

output "vm_windows_server_instance_public_ip" {
  value = aws_eip.windows-eip.public_ip
}

output "vm_windows_server_instance_private_ip" {
  value = aws_instance.windows-server.private_ip
}

2.4.4: Configure windows-versions.tf

Add resources to get the latest ami of windows versions.

# https://github.com/guillermo-musumeci/terraform-aws-latest-ami/blob/master/Get-Latest-Windows-AMI.tf
################################################
# Get latest Windows Server AMI with Terraform #
################################################

# Get latest Windows Server 2012R2 AMI
data "aws_ami" "windows-2012-r2" {
  most_recent = true
  owners      = ["amazon"]
  filter {
    name   = "name"
    values = ["Windows_Server-2012-R2_RTM-English-64Bit-Base-*"]
  }
}

# Get latest Windows Server 2016 AMI
data "aws_ami" "windows-2016" {
  most_recent = true
  owners      = ["amazon"]
  filter {
    name   = "name"
    values = ["Windows_Server-2016-English-Full-Base*"]
  }
}

# Get latest Windows Server 2019 AMI
data "aws_ami" "windows-2019" {
  most_recent = true
  owners      = ["amazon"]
  filter {
    name   = "name"
    values = ["Windows_Server-2019-English-Full-Base*"]
  }
}

# Get latest Windows Server 2022 AMI
data "aws_ami" "windows-2022" {
  most_recent = true
  owners      = ["amazon"]
  filter {
    name   = "name"
    values = ["Windows_Server-2022-English-Full-Base*"]
  }
}

Step 3: AWS_EC2_Instance_Windows Directory

Navigate to the "aws_ec2_instance_windows" directory.

Create four files:

3.1: providers.tf

3.2: main.tf

3.3: variables.tf

3.4: terraform.tfvars

Step 3.1: Configure providers.tf for EC2 instance

Add the following code to the providers.tf file in the "aws_ec2_instance_windows" directory:

# https://registry.terraform.io/providers/hashicorp/aws/latest/docs
################################
## AWS Provider Module - Main ##
################################

# AWS Provider

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 5.0"
    }
  }
}

# Configure the AWS Provider
provider "aws" {
  region = var.region
}

Step 3.2: Configure main.tf for the EC2 instance

Add the following code to the main.tf file in the "aws_ec2_instance_windows" directory:

# vpc module

module "aws_vpc" {
  source               = "../module/VPC"
  region               = var.region
  vpc_cidr             = var.vpc_cidr
  dns_hostnames        = var.dns_hostnames 
  app_name             = var.app_name
  app_environment      = var.app_environment
  public_subnet_cidr   = var.public_subnet_cidr
  public_rt_cidr_block = var.public_rt_cidr_block

}

# key_pair module

module "aws_key_pair" {
  source          = "../module/Key_Pair"
  app_name        = module.aws_vpc.app_name
  app_environment = module.aws_vpc.app_environment
  region          = module.aws_vpc.region
}

#Security group module

module "security_group" {
  source          = "../module/Security_Group"
  vpc_id          = module.aws_vpc.vpc_id
  app_name        = module.aws_vpc.app_name
  app_environment = module.aws_vpc.app_environment
}

#instance module

module "aws_instance" {
  source                              = "../module/ec2-instance-windows"
  app_name                            = module.aws_vpc.app_name
  app_environment                     = module.aws_vpc.app_environment
  windows_instance_name               = var.windows_instance_name
  windows_instance_type               = var.windows_instance_type
  publiic_subnet_id                   = module.aws_vpc.publiic_subnet_id
  aws_security_group_id               = module.security_group.aws_security_group_id
  windows_associate_public_ip_address = var.windows_associate_public_ip_address
  source_dest_check_tf                = var.source_dest_check_tf
  aws_key_name                        = module.aws_key_pair.aws_key_name
  windows_root_volume_size            = var.windows_root_volume_size
  windows_root_volume_type            = var.windows_root_volume_type
  root_encrypted_tf                   = var.root_encrypted_tf
  root_delete_on_termination          = var.root_delete_on_termination
  windows_data_volume_size            = var.windows_data_volume_size
  windows_data_volume_type            = var.windows_data_volume_type
  ebs_data_encrypted                  = var.ebs_data_encrypted
  ebs_delete_on_termination           = var.ebs_delete_on_termination
}

Step 3.3 Configure variables.tf for EC2 instance

Add the necessary variables to the variables.tf file in the "aws_ec2_instance_windows" directory.

##############################################
## Network Single AZ Public Only - Variables #
##############################################

variable "vpc_cidr" {}
variable "dns_hostnames" {}
variable "app_name" {}
variable "app_environment" {}

#public subnet
variable "public_subnet_cidr" {}

#public route table
variable "public_rt_cidr_block" {}

#region
variable "region" {}



########################################
## Virtual Machine Module - Variables ##
########################################

variable "windows_instance_name" {}

variable "windows_instance_type" {}
variable "windows_associate_public_ip_address" {}
variable "source_dest_check_tf" {}

# root device 
variable "windows_root_volume_size" {}
variable "windows_root_volume_type" {}
variable "root_encrypted_tf" {}
variable "root_delete_on_termination" {}

# ebs device
variable "windows_data_volume_size" {}
variable "windows_data_volume_type" {}
variable "ebs_data_encrypted" {}
variable "ebs_delete_on_termination" {}

Step 4.2: Configure terraform.tfvars for EC2 instance

Add your specific variable and values to the terraform.tfvars file in the "aws_ec2_instance_windows" directory.

# Application Definition 
app_name        = "netflix" # Do NOT enter any spaces
app_environment = "dev"       # Dev, Test, Staging, Prod, etc

# Network
vpc_cidr           = "172.31.0.0/16"
dns_hostnames      = "true"
public_subnet_cidr = "172.31.0.0/20"
public_rt_cidr_block = "0.0.0.0/0"
region     = "ap-south-1"

# Windows Virtual Machine
windows_instance_name               = "test-windows-ec2"
windows_instance_type               = "t2.micro"
windows_associate_public_ip_address = true
source_dest_check_tf                = false
windows_root_volume_size            = 30
windows_root_volume_type            = "gp3"
root_encrypted_tf                   = true    
root_delete_on_termination          = true
windows_data_volume_size            = 10
windows_data_volume_type            = "gp3"
ebs_data_encrypted                  = true
ebs_delete_on_termination           = true

Step 5: Terraform Commands

Open a command prompt or terminal and navigate to the "aws_ec2_instance_windows" directory.

Run the following commands:

5.1: terraform init: Initialize Terraform.

5.2: terraform validate: Validate your Terraform configuration.

5.3: terraform plan: Preview the changes Terraform will make.

5.4: terraform apply --auto-approve: Apply the Terraform configuration, creating the security group.

Step 1: Project Setup

1. Create a directory named "module-security-group-project" for the project.

2. Inside "module-security-group-project," create two more directories:

   • "aws-security-group"

   • "module"

Step 2: Module Directory

1. Navigate to the "module" directory.

2. Create a subdirectory named "security-group" within the "module" directory.

Step 3: Security Group Module

1. Inside the "security-group" directory, create three files:

   • main.tf

   • variables.tf

   • outputs.tf

Step 4: Configure main.tf

1. Add the following code to the main.tf file in the "security-group" directory:

resource "aws_security_group" "demo_sg01_sg" {
  name        = var.demo_sg01_sg_name
  description = var.demo_sg01_sg_description
  vpc_id      = var.demo_sg01_sg_vpc
  ingress {
    description      = var.demo_sg01_insgress_description
    from_port        = var.demo_sg01_ingress_from_port
    to_port          = var.demo_sg01_ingress_to_port
    protocol         = var.demo_sg01_ingress_protocol
    cidr_blocks      = [var.my_ip_address]
    }

  egress {
    from_port        = var.demo_sg01_egress_from_port
    to_port          = var.demo_sg01_egress_to_port
    protocol         = var.demo_sg01_egress_protocol
    cidr_blocks      = [var.demo_sg01_egress_cidr_block]
    }

  tags = {
    Name = var.demo_sg01_tag_name
  }
}


resource "aws_security_group" "demo_sg02_sg" {
  name        = var.demo_sg02_sg_name
  description = var.demo_sg02_sg_description
  vpc_id      = var.demo_sg02_sg_vpc

  ingress {
    description      = var.demo_sg02_insgress_description
    from_port        = var.demo_sg02_ingress_from_port
    to_port          = var.demo_sg02_ingress_to_port
    protocol         = var.demo_sg02_ingress_protocol
    security_groups = [aws_security_group.demo_sg01_sg.id]
    }

  egress {
    from_port        = var.demo_sg02_egress_from_port
    to_port          = var.demo_sg02_egress_to_port
    protocol         = var.demo_sg02_egress_protocol
    cidr_blocks      = [var.demo_sg02_egress_cidr_block]
    }

  tags = {
    Name = var.demo_sg02_tag_name
  }
}

Step 5: Configure variables.tf

1. Add the necessary variables and their descriptions to the variables.tf file.

# Define variables

variable "my_ip_address" {}
variable "demo_sg01_sg_name" {}
variable "demo_sg01_sg_description" {}
variable "demo_sg01_sg_vpc" {}

variable "demo_sg01_insgress_description" {}
variable "demo_sg01_ingress_from_port" {}
variable "demo_sg01_ingress_to_port" {}
variable "demo_sg01_ingress_protocol" {}


variable "demo_sg01_egress_from_port" {}
variable "demo_sg01_egress_to_port" {}
variable "demo_sg01_egress_protocol" {}
variable "demo_sg01_egress_cidr_block" {}

variable "demo_sg01_tag_name" {}


#########################################

variable "demo_sg02_sg_name" {}
variable "demo_sg02_sg_description" {}
variable "demo_sg02_sg_vpc" {}

variable "demo_sg02_insgress_description" {}
variable "demo_sg02_ingress_from_port" {}
variable "demo_sg02_ingress_to_port" {}
variable "demo_sg02_ingress_protocol" {}


variable "demo_sg02_egress_from_port" {}
variable "demo_sg02_egress_to_port" {}
variable "demo_sg02_egress_protocol" {}
variable "demo_sg02_egress_cidr_block" {}

variable "demo_sg02_tag_name" {}

Step 6: Configure outputs.tf

1. Add the necessary variables and their descriptions to the outputs.tf file.

output "demo_sg01_sg_id" {
  value = aws_security_group.demo_sg01_sg.id
}

output "demo_sg02_sg_id" {
  value = aws_security_group.demo_sg02_sg.id
}

Step 7: AWS Security Group Directory

1. Navigate to the "aws-security-group" directory.

2. Create three files:

   • main.tf

   • variables.tf

   • terraform.tfvars

Step 8: Configure main.tf for Security Group

1. Add the following code to the main.tf file in the "security-group" directory:

# configure aws provider

provider "aws" {
  region = var.region
  }


#create security group

module "security_groups" {
  source                          = "../modules/security-group"
  my_ip_address                   = var.my_ip_address
  demo_sg01_sg_name               =  var.demo_sg01_sg_name    
  demo_sg01_sg_description        = var.demo_sg01_sg_description
  demo_sg01_sg_vpc                = var.demo_sg01_sg_vpc      

  demo_sg01_insgress_description  = var.demo_sg01_insgress_description     
  demo_sg01_ingress_from_port     = var.demo_sg01_ingress_from_port   
  demo_sg01_ingress_to_port       =  var.demo_sg01_ingress_to_port  
  demo_sg01_ingress_protocol      =  var.demo_sg01_ingress_protocol  

  demo_sg01_egress_from_port      =  var.demo_sg01_egress_from_port   
  demo_sg01_egress_to_port        =  var.demo_sg01_egress_to_port   
  demo_sg01_egress_protocol       = var.demo_sg01_egress_protocol   
  demo_sg01_egress_cidr_block     = var.demo_sg01_egress_cidr_block   

  demo_sg01_tag_name              =  var.demo_sg01_tag_name  

  demo_sg02_sg_name                = var.demo_sg02_sg_name      
  demo_sg02_sg_description         = var.demo_sg02_sg_description
  demo_sg02_sg_vpc                 = var.demo_sg02_sg_vpc

  demo_sg02_insgress_description   = var.demo_sg02_insgress_description    
  demo_sg02_ingress_from_port      = var.demo_sg02_ingress_from_port
  demo_sg02_ingress_to_port        = var.demo_sg02_ingress_to_port  
  demo_sg02_ingress_protocol       = var.demo_sg02_ingress_protocol    

  demo_sg02_egress_from_port       = var.demo_sg02_egress_from_port     
  demo_sg02_egress_to_port         = var.demo_sg02_egress_to_port  
  demo_sg02_egress_protocol        = var.demo_sg02_egress_protocol     
  demo_sg02_egress_cidr_block      = var.demo_sg02_egress_cidr_block

  demo_sg02_tag_name               = var.demo_sg02_tag_name 

}

Step 9: Configure variables.tf for Security Group

1. Add the necessary variables and their descriptions to the variables.tf file in the "security-group" directory.

variable "region" {}

##################################
# Define variables

variable "my_ip_address" {}
variable "demo_sg01_sg_name" {}
variable "demo_sg01_sg_description" {}
variable "demo_sg01_sg_vpc" {}

variable "demo_sg01_insgress_description" {}
variable "demo_sg01_ingress_from_port" {}
variable "demo_sg01_ingress_to_port" {}
variable "demo_sg01_ingress_protocol" {}


variable "demo_sg01_egress_from_port" {}
variable "demo_sg01_egress_to_port" {}
variable "demo_sg01_egress_protocol" {}
variable "demo_sg01_egress_cidr_block" {}

variable "demo_sg01_tag_name" {}


#########################################

variable "demo_sg02_sg_name" {}
variable "demo_sg02_sg_description" {}
variable "demo_sg02_sg_vpc" {}

variable "demo_sg02_insgress_description" {}
variable "demo_sg02_ingress_from_port" {}
variable "demo_sg02_ingress_to_port" {}
variable "demo_sg02_ingress_protocol" {}


variable "demo_sg02_egress_from_port" {}
variable "demo_sg02_egress_to_port" {}
variable "demo_sg02_egress_protocol" {}
variable "demo_sg02_egress_cidr_block" {}

variable "demo_sg02_tag_name" {}

Step 10: Configure terraform.tfvars for Security Group

1. Add your specific variable values to the terraform.tfvars file in the "security-group" directory.

region="ap-south-1"

#########################################
#secutiry group

my_ip_address="198.187.653.159/32"
demo_sg01_sg_name="demo-ec2-windows-sg-sg"
demo_sg01_sg_description="this is demo-ec2-windows-sg sg"     
demo_sg01_sg_vpc="vpc-0965d56f"     

demo_sg01_insgress_description="allow all ports in demo-ec2-windows-sg sg"     
demo_sg01_ingress_from_port=0     
demo_sg01_ingress_to_port=65535     
demo_sg01_ingress_protocol="tcp"     

demo_sg01_egress_from_port=0     
demo_sg01_egress_to_port=0     
demo_sg01_egress_protocol="-1"     
demo_sg01_egress_cidr_block="0.0.0.0/0"     

demo_sg01_tag_name="Demo-Ec2-Windows-Security-Group"   


demo_sg02_sg_name="demo-ec2-linux-sg sg"     
demo_sg02_sg_description="this is demo-ec2-linux-sg sg"     
demo_sg02_sg_vpc="vpc-0965d56f"

demo_sg02_insgress_description="allow all tcp in demo-ec2-linux-sg sg"    
demo_sg02_ingress_from_port=0  
demo_sg02_ingress_to_port=65535   
demo_sg02_ingress_protocol="tcp"     

demo_sg02_egress_from_port=0     
demo_sg02_egress_to_port=0   
demo_sg02_egress_protocol="-1"     
demo_sg02_egress_cidr_block="0.0.0.0/0"     

demo_sg02_tag_name="Demo-Ec2-Linux-Security-Group"

Step 11: Terraform Commands

1. Open a command prompt or terminal and navigate to the "security-group" directory.

2. Run the following commands:

• terraform init: Initialize Terraform.

• terraform validate: Validate your Terraform configuration.

• terraform plan: Preview the changes Terraform will make.

• terraform apply --auto-approve: Apply the Terraform configuration, creating the security group.

Step 1: Project Setup

1. Create a directory named "module-key-pair-project" for the project.

2. Inside "module-key-pair-project," create two more directories:

   • "aws-key-pair"

   • "module"

Step 2: Module Directory

1. Navigate to the "module" directory.

2. Create a subdirectory named "key-pair" within the "module" directory.

Step 3: Key Pair Module

1. Inside the "key-pair" directory, create two files:

   • main.tf

   • variables.tf

Step 4: Configure main.tf

1. Add the following code to the main.tf file in the "key-pair" directory:

resource "aws_key_pair" "key_pairs" {
  count = length(var.key_pairs)
  key_name   = var.key_pairs[count.index].key_name
  public_key = tls_private_key.key_pairs[count.index].public_key_openssh
}

resource "tls_private_key" "key_pairs" {
  count      = length(var.key_pairs)
  algorithm  = "RSA"
  rsa_bits   = var.key_pairs[count.index].rsa_bits
}

resource "local_file" "private_key" {
  count       = length(var.key_pairs)
  content     = tls_private_key.key_pairs[count.index].private_key_pem
  filename    = "${var.key_pairs[count.index].key_name}.pem"
}

resource "local_file" "putty_key" {
  count       = length(var.key_pairs)
  content     = tls_private_key.key_pairs[count.index].private_key_pem
  filename    = "${var.key_pairs[count.index].key_name}.ppk"
  provisioner "local-exec" {
   command = "puttygen ${var.key_pairs[count.index].key_name}.pem -o ${var.key_pairs[count.index].key_name}.ppk"
  }
  provisioner "local-exec" {
   command = "cp -r ${var.key_pairs[count.index].key_name}.pem /home/anil/aws/" 
  }
}

Step 5: Configure variables.tf

1. Add the necessary variables and their descriptions to the variables.tf file.

variable "key_pairs" {
  type = list(object({
    key_name  = string
    rsa_bits  = number
  }))
}

Step 6: AWS Key Pair Directory

1. Navigate to the "aws-key-pair" directory.

2. Create three files:

   • main.tf

   • variables.tf

   • terraform.tfvars

Step 7: Configure main.tf for AWS Key Pair

1. Add the following code to the main.tf file in the "aws-key-pair" directory:

# configure aws provider

provider "aws" {
  region = var.region
  }

module "aws_key_pair" {
  source     = "../modules/key-pair"
  key_pairs  = var.key_pairs
}

Step 8: Configure variables.tf for AWS Key Pair

1. Add the necessary variables and their descriptions to the variables.tf file in the "aws-key-pair" directory.

variable "region" {}


######################################################3
variable "key_pairs" {
  type = list(object({
    key_name  = string
    rsa_bits  = number
  }))
}

Step 9: Configure terraform.tfvars for AWS Key Pair

1. Add your specific variable values to the terraform.tfvars file in the "aws-key-pair" directory.

region="ap-south-1"

key_pairs = [
  {
    key_name = "aws_key_pair01"
    rsa_bits = 4096
  },
  {
    key_name = "aws_key_pair02"
    rsa_bits = 4096
  },
  {
    key_name = "aws_key_pair03"
    rsa_bits = 4096
  }
]

Step 10: Terraform Commands

1. Open a command prompt or terminal and navigate to the "aws-key-pair" directory.

2. Run the following commands:

• terraform init: Initialize Terraform.

• terraform validate: Validate your Terraform configuration.

• terraform plan: Preview the changes Terraform will make.

• terraform apply --auto-approve: Apply the Terraform configuration, creating the AWS key pair.

Step 11: Conclusion

1. After executing these commands, you will receive output confirming the successful creation of the AWS key pair using Terraform.

Congratulations! You've successfully created an AWS key pair using Terraform's modular approach.