Creating the base project, see [First Issue](#1) for more info on wha…

…ts in this commit

.gitignore

@@ -0,0 +1,38 @@
+# Local .terraform directories
+**/.terraform/*
+.terraform
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+
+# Exclude secrets.tfvars files, which are likely to contain sentitive data, such as
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
+# to change depending on the environment.
+#
+secrets.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+#
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+
+# Ignore lock file
+.terraform.lock.hcl

.ssh/aws-multi

@@ -0,0 +1,49 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn
+NhAAAAAwEAAQAAAgEAv46MbfQmc93EO2/GbG1paCJApLqyxZiSSJughEswfnB+a1jcxq+y
+ibPHVLsPXTT85PFgdbMJZvhvLu6U98daiLuX9E/WKq+anfqUaVG0rYyN7LKoyDbEnH6Cbk
+KIvGa5cU2Y22XT2MJc6+7F5gnLEvD+tgbTdyMQPwrBbSl/3Fb2//F/kcstrOe6nKoFgT9m
+L5/tfnCI97mB2E/RbGzlW/zRXU7KLY5c7B53YaAYR/5tYHowpPvSU7W0a9FyN269VmQCxJ
+xKqC0G5e98UXwjQlVpBCDViLWzP5pN8VprUbDxgdnK3mlElPRd4j6A6syN8m1M0zAQvgjO
+zadDVvm89mY8JrVGunndgrUj81HeOBuN37aLk8Zb7WHAITmNghAdd50HflDzqyywMA0gXU
+VUyn8+kZPNDPWRS05lwHNcv18idvBghAXRQvHxRWIKv4XloyvnFwpxQUswkjo6+Jy/t1LL
+MzQMPm+n0MHQL9M/nX5qp3OKYQQpaeyFhaRB2gBmjlT3Cpo5qknoEdxU1ruyP4NwokFiAy
+5ljSF5bCRDtbBgwEs4xevQ7+I1dttjIr6yKsVxt5GHvfgi0QE9Mu/iRcK8VanmHmFNegHf
+i7RYa05URpywn1rqlp4IVW0GQii/Z7AZizZlDfqAfSY4CP6v2Ixl8V+l8cR9gcg4s86KcD
+0AAAdQ8ZpR6fGaUekAAAAHc3NoLXJzYQAAAgEAv46MbfQmc93EO2/GbG1paCJApLqyxZiS
+SJughEswfnB+a1jcxq+yibPHVLsPXTT85PFgdbMJZvhvLu6U98daiLuX9E/WKq+anfqUaV
+G0rYyN7LKoyDbEnH6CbkKIvGa5cU2Y22XT2MJc6+7F5gnLEvD+tgbTdyMQPwrBbSl/3Fb2
+//F/kcstrOe6nKoFgT9mL5/tfnCI97mB2E/RbGzlW/zRXU7KLY5c7B53YaAYR/5tYHowpP
+vSU7W0a9FyN269VmQCxJxKqC0G5e98UXwjQlVpBCDViLWzP5pN8VprUbDxgdnK3mlElPRd
+4j6A6syN8m1M0zAQvgjOzadDVvm89mY8JrVGunndgrUj81HeOBuN37aLk8Zb7WHAITmNgh
+Add50HflDzqyywMA0gXUVUyn8+kZPNDPWRS05lwHNcv18idvBghAXRQvHxRWIKv4Xloyvn
+FwpxQUswkjo6+Jy/t1LLMzQMPm+n0MHQL9M/nX5qp3OKYQQpaeyFhaRB2gBmjlT3Cpo5qk
+noEdxU1ruyP4NwokFiAy5ljSF5bCRDtbBgwEs4xevQ7+I1dttjIr6yKsVxt5GHvfgi0QE9
+Mu/iRcK8VanmHmFNegHfi7RYa05URpywn1rqlp4IVW0GQii/Z7AZizZlDfqAfSY4CP6v2I
+xl8V+l8cR9gcg4s86KcD0AAAADAQABAAACAGde330+cbm5BPomGWfNq0IcqdG7RlnHObmg
+8gAyKxswTahULd+yVKBmubyJrYLY41gQwcMCOKKukiE7cnw7wiljQl7+7k3esYtq+8fR5b
+R50uTWjKpuk673vh8OHIe+z3fLLh/HVYj1afuPwI+g3Ut9bZaBHICAFXZPsY3dBTi8XVJE
+2lis0hsqedOtFIdo1RYCMcE3rVIxc1ZtzE+8fBEl3z2BFS18U7y/vCCcqj2/mPqlNbbyhc
+/SkGhWgFJVmisSkUPUK52RntVaZTX7zXMwcBlgNpstomtCM6l4580PtWQjSYy4NeBD9p3u
+qNcMR9V5EiotF/vU+PSVvIsk/cjxaoGoEp5FXLhxHRhqsIvp/X/pms36lyJhRv8SA8/8rP
+8MrYVIVBtxEsqzML7Kd/KWElmKWSnmQMOY8Ze0BcIfC5rmq6VTIIoUXW7/CsGBla3givOP
+HFMzJS7N556l67qUZG7v77jm3IIwrSy8hKJPqe82PohaNtLw2s6vPClfZ3lR3AslgaFlW5
+rmPivKF9ZNx02iFiZFU7EIK6AtrIdCAwa0t7E1+d+gwv99qAYm19rG5aknHTjWOEdbwKiX
+C29XgM7K4AyzAOnIHakGGNM9QLNuau9wH+GsDkO9F6Bnah7D740F6LjU/BlBkbnSiIXcdD
+WUlwdrA0A6uTvWl76pAAABAQCgkLVgyJj/Fsf4+P6jBQxp7Usvhg9Xxdu01UstzmHohbFV
+s3vBhD5U4jepJ3g/+uXtIrNjuWoqVZJmNGyUP/SpfKN4MyZ2+lTbe8R0QrBbVt7s3Pyrwx
+fjTg2a4hGmEpJnUsAOEV47J20gdcRzppvyOa02TBNZ/FF76UkYR0WwQoF01ZRTfd4jdxek
+0N8a7UFSZe7duWF3fe1iRmZfws+sAljDQpAv3jk0SdfvAPAi7hI92wHW87hN1+pH/T/RQr
+spMr8YCb8TmOlMGN595yVrPdLs0QCnBVvuOoJoG8hcox7Lx5v3BEMCt2w21TSBK/RwrOs6
+wWypmRoYve5WM9pNAAABAQD3gsDIz6tkEBAHGgK1VoJ4PuAhwHt3sebrsBecRnMTCPoH9N
+M9oXt80Dj/okVDb72yzTeoXfmwH9sY1pRcWfIGqXaF+N6XcxbnPZOXLYSprLYiQ7EQX4cV
+BaCzyS4MZQWwhvDmW/+w0y9CDYZdxLpmJ/Qk0hBu3z/pj5eafHZSCoCFKSr/bkdJuFMn55
+xQZ2fo3OIxmc2YyozNf1K/+p0kGAEbJ5aKbtnbQ61nXoNr0/FyAiTqCBdmOVG5QqLhoK8Z
+iTi7IM2nlpNMjsgYBq+sHjSc9YjQHb5w75h1tkX6Ad3CUzWhD6pxrhbVxEAOa2WXa75ndU
+W1ht10NPngo4p3AAABAQDGIH8yWC02WsLbDT58WtciXVTbufFH+2xkXI+5QW1KF25xCPu6
+m/pnBiSczmJll/6rMkbn9Erh4PUGZgJIVq6PsMwMuBTbPLxJMGBpqoqVZ+iE581jC0waG7
+MIpjHVO+W1GBgObtEP5IE01MM+t6gC4D/OqBxJQvI0ULDMpGuh2F1AuxbaVEbDWJy2pf40
+48pur2fqHTASh4Msfi+8L5SR8VQSrPISarA4D59gtYGF/Khf/ABMgcANyQcmN8UPDWGJkO
+EsVgv67Cg1xorNzamUfL4yaatf2e7rln0KG8FL3Vu7Uck7IMmwBPPF8SWxJPVU1IswCebz
+ifAwVQphWJPrAAAAGHRvcmluZGVhbndvbGZmQGdtYWlsLmNvbQEC
+-----END OPENSSH PRIVATE KEY-----

.ssh/aws-multi.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/joxt9CZz3cQ7b8ZsbWloIkCkurLFmJJIm6CESzB+cH5rWNzGr7KJs8dUuw9dNPzk8WB1swlm+G8u7pT3x1qIu5f0T9Yqr5qd+pRpUbStjI3ssqjINsScfoJuQoi8ZrlxTZjbZdPYwlzr7sXmCcsS8P62BtN3IxA/CsFtKX/cVvb/8X+Ryy2s57qcqgWBP2Yvn+1+cIj3uYHYT9FsbOVb/NFdTsotjlzsHndhoBhH/m1gejCk+9JTtbRr0XI3br1WZALEnEqoLQbl73xRfCNCVWkEINWItbM/mk3xWmtRsPGB2creaUSU9F3iPoDqzI3ybUzTMBC+CM7Np0NW+bz2ZjwmtUa6ed2CtSPzUd44G43ftouTxlvtYcAhOY2CEB13nQd+UPOrLLAwDSBdRVTKfz6Rk80M9ZFLTmXAc1y/XyJ28GCEBdFC8fFFYgq/heWjK+cXCnFBSzCSOjr4nL+3UsszNAw+b6fQwdAv0z+dfmqnc4phBClp7IWFpEHaAGaOVPcKmjmqSegR3FTWu7I/g3CiQWIDLmWNIXlsJEO1sGDASzjF69Dv4jV222MivrIqxXG3kYe9+CLRAT0y7+JFwrxVqeYeYU16Ad+LtFhrTlRGnLCfWuqWnghVbQZCKL9nsBmLNmUN+oB9JjgI/q/YjGXxX6XxxH2ByDizzopwPQ== [email protected]

keys.tf

@@ -0,0 +1,8 @@
+variable "public_key_path" {
+  default = "~/.ssh/aws-multi.pub"
+}
+
+resource "aws_key_pair" "deployer" {
+  key_name   = "deployer-key"
+  public_key = file(var.public_key_path)
+}

main.tf

@@ -0,0 +1,260 @@
+provider "aws" {
+  region     = "us-east-1"
+  access_key = var.aws_access_key
+  secret_key = var.aws_secret_key
+}
+
+resource "aws_vpc" "main" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_subnet" "webapp1" {
+  vpc_id     = aws_vpc.main.id
+  cidr_block = "10.0.1.0/24"
+  availability_zone = "us-east-1a"
+}
+
+resource "aws_subnet" "webapp2" {
+  vpc_id     = aws_vpc.main.id
+  cidr_block = "10.0.2.0/24"
+  availability_zone = "us-east-1b"
+}
+
+resource "aws_subnet" "db" {
+  vpc_id     = aws_vpc.main.id
+  cidr_block = "10.0.0.0/24"
+}
+
+resource "aws_subnet" "agent" {
+  vpc_id     = aws_vpc.main.id
+  cidr_block = "10.0.3.0/24"
+}
+
+resource "aws_subnet" "cpx" {
+  vpc_id     = aws_vpc.main.id
+  cidr_block = "10.0.4.0/24"
+}
+
+resource "aws_subnet" "windows" {
+  vpc_id     = aws_vpc.main.id
+  cidr_block = "10.0.5.0/24"
+}
+
+resource "aws_security_group" "webapp_sg" {
+  vpc_id = aws_vpc.main.id
+
+  ingress {
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  ingress {
+    from_port   = 443
+    to_port     = 443
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_security_group" "db_sg" {
+  vpc_id = aws_vpc.main.id
+
+  ingress {
+    from_port   = 5432
+    to_port     = 5432
+    protocol    = "tcp"
+    cidr_blocks = ["10.0.0.0/16"]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_security_group" "agent_sg" {
+  vpc_id = aws_vpc.main.id
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_security_group" "cpx_sg" {
+  vpc_id = aws_vpc.main.id
+
+  ingress {
+    from_port   = 3389
+    to_port     = 3389
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+
+resource "aws_instance" "webapp1" {
+  ami           = "ami-0c55b159cbfafe1f0" # Replace with a valid Ubuntu AMI
+  instance_type = "t2.micro"
+  subnet_id     = aws_subnet.webapp1.id
+  security_groups = [aws_security_group.webapp_sg.id]
+  key_name      = aws_key_pair.deployer.key_name
+
+  tags = {
+    Name = "NCS WebApp 1"
+  }
+}
+
+resource "aws_instance" "webapp2" {
+  ami           = "ami-0c55b159cbfafe1f0"
+  instance_type = "t2.micro"
+  subnet_id     = aws_subnet.webapp2.id
+  security_groups = [aws_security_group.webapp_sg.id]
+  key_name      = aws_key_pair.deployer.key_name
+
+  tags = {
+    Name = "NCS WebApp 2"
+  }
+}
+
+resource "aws_instance" "db" {
+  ami           = "ami-0c55b159cbfafe1f0"
+  instance_type = "t2.micro"
+  subnet_id     = aws_subnet.db.id
+  security_groups = [aws_security_group.db_sg.id]
+  key_name      = aws_key_pair.deployer.key_name
+
+  tags = {
+    Name = "NCS DB"
+  }
+}
+
+resource "aws_instance" "agent" {
+  ami           = "ami-0c55b159cbfafe1f0"
+  instance_type = "t2.micro"
+  subnet_id     = aws_subnet.agent.id
+  security_groups = [aws_security_group.agent_sg.id]
+  key_name      = aws_key_pair.deployer.key_name
+
+  tags = {
+    Name = "NCS Kasm Agent"
+  }
+}
+
+resource "aws_instance" "cpx" {
+  ami           = "ami-0c55b159cbfafe1f0"
+  instance_type = "t2.micro"
+  subnet_id     = aws_subnet.cpx.id
+  security_groups = [aws_security_group.cpx_sg.id]
+  key_name      = aws_key_pair.deployer.key_name
+
+  tags = {
+    Name = "NCS CPX"
+  }
+}
+
+resource "aws_internet_gateway" "igw" {
+  vpc_id = aws_vpc.main.id
+}
+
+resource "aws_nat_gateway" "nat_gw" {
+  allocation_id = aws_eip.nat.id
+  subnet_id     = aws_subnet.webapp1.id
+}
+
+resource "aws_eip" "nat" {
+    domain = "vpc"
+}
+
+resource "aws_route_table" "public" {
+  vpc_id = aws_vpc.main.id
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.igw.id
+  }
+}
+
+resource "aws_route_table_association" "public_webapp1" {
+  subnet_id      = aws_subnet.webapp1.id
+  route_table_id = aws_route_table.public.id
+}
+
+resource "aws_route_table_association" "public_webapp2" {
+  subnet_id      = aws_subnet.webapp2.id
+  route_table_id = aws_route_table.public.id
+}
+
+resource "aws_lb" "public" {
+  name               = "public-alb"
+  internal           = false
+  load_balancer_type = "application"
+  security_groups    = [aws_security_group.webapp_sg.id]
+  subnets            = [aws_subnet.webapp1.id, aws_subnet.webapp2.id]
+}
+
+resource "aws_lb_listener" "webapp" {
+  load_balancer_arn = aws_lb.public.arn
+  port              = "80"
+  protocol          = "HTTP"
+
+  default_action {
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.webapp.arn
+  }
+}
+
+resource "aws_lb_target_group" "webapp" {
+  name     = "webapp-tg"
+  port     = 80
+  protocol = "HTTP"
+  vpc_id   = aws_vpc.main.id
+
+  health_check {
+    interval            = 30
+    path                = "/"
+    timeout             = 5
+    healthy_threshold   = 5
+    unhealthy_threshold = 2
+    matcher             = "200-299"
+  }
+}
+
+resource "aws_lb_target_group_attachment" "webapp1" {
+  target_group_arn = aws_lb_target_group.webapp.arn
+  target_id        = aws_instance.webapp1.id
+  port             = 80
+}
+
+resource "aws_lb_target_group_attachment" "webapp2" {
+  target_group_arn = aws_lb_target_group.webapp.arn
+  target_id        = aws_instance.webapp2.id
+  port             = 80
+}

run.sh

@@ -0,0 +1,3 @@
+terraform init
+terraform plan -var-file secrets.tfvars
+terraform apply -var-file secrets.tfvars

takedown.sh

@@ -0,0 +1 @@
+terraform destroy -var-file secrets.tfvars

variables.tf

@@ -0,0 +1,2 @@
+variable "aws_access_key" {}
+variable "aws_secret_key" {}