.gitignore

@@ -0,0 +1 @@
+.terraform*

terraform/aws.tf

@@ -0,0 +1,41 @@
+// Proveedor que utiliza Terraform
+provider "aws" {
+  region = "us-west-2"
+}
+
+// Espacio para alnacenar el estado de Terraform
+// Se sugiere no manipularlo con Terraform mismo
+resource "aws_s3_bucket" "tut-tf-state" {
+  acl    = "private"
+  bucket = "tut-tf-state"
+
+  versioning {
+    enabled = false
+  }
+}
+
+// Tabla para bloqueo de modificaciones
+// Para trabajo en conlaboración
+// Evita que múltiples personas realicen cambios al mismo tiempo
+// Se sugiere no manipularlo con Terraform mismo
+resource "aws_dynamodb_table" "tut-tf-lock" {
+  name           = "tut-tf-lock"
+  hash_key       = "LockID"
+  read_capacity  = 20
+  write_capacity = 20
+
+  attribute {
+    name = "LockID"
+    type = "S"
+  }
+}
+
+// Configuración de Terraform para guardar en la nube
+terraform {
+  backend "s3" {
+    bucket         = "tut-tf-state"
+    dynamodb_table = "tut-tf-lock"
+    key            = "aws-session"
+    region         = "us-west-2"
+  }
+}

terraform/ec2.tf

@@ -0,0 +1,28 @@
+// Instancia (servidor) virtual
+// Necesita direcciones IP de la subred que tenemos en la VPC
+// Requiere de una llave pública SSH para acceso
+// Requiere de una regla que permita la salida a Internet
+// Ejecuta comandos contenidos en el libreto scripts/instance-start.sh
+resource "aws_instance" "tut-instance" {
+  ami = "ami-0ca5c3bd5a268e7db"
+  instance_type = "t2.micro"
+  key_name = "tut-key"
+  subnet_id = aws_subnet.tut-subnet-1.id
+  user_data = file("scripts/instance-start.sh")
+
+  root_block_device {
+    delete_on_termination = true
+    volume_size = 10
+    volume_type = "gp2"
+  }
+
+  tags = {
+    Name = "Tutorial Instance"
+  }
+
+  vpc_security_group_ids = [
+    aws_security_group.tut-egress.id,
+    aws_security_group.tut-public-ssh.id,
+    aws_security_group.tut-public-web.id
+  ]
+}

terraform/keys.tf

@@ -0,0 +1,5 @@
+// Llave SSH pública para ingresar a la instancia virtual
+resource "aws_key_pair" "tut-key" {
+  key_name = "tut-key"
+  public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDEy+D2IE70rAKw1MMxS54/IUl76haMZS4+0XLsQLcNE2i3qk9hpDhqzd/H7J+TLAwY3QXW5dMuoOTbppDK5fFyZub5CKzxEp9tsoYjGREFU+UCBuQc1YHTjx6vrO+R8Sl9wiWQTLn8tf3r0vo4JmnSv8Y5IVQKIHN7cpapFimdRVEV61ZoUViPcrSN4Wqu7zwbiVcpPR4+uddKdpTAKIT+xHm4bnnZDog9g/XDbAYHrQvD/DH/7W4HcBoJxKvfgCANF1htVkNjiCSgqfVrI5UWOvvEGXsg8XBj+SjOBMqznd+G1AFVj51xfsKU6jadtC+a6BO60h+QJj2JW/IdKclRzObdkQBvJ5HV0wlWCzwjhr7kIrYUGUTPJ5Q4kXQ4FwsUBH7+bNCI+0We7vlzdutP7HV1elHydMe8op47xvgb4HVhl43XKZMBp7HW/KvqFMjIbE3+6TciPJ8iZ2sfpB2jxKzO0VkF5iKG429TicGHlvoqr+YKeMkuh0UI6YrBXx0= efren@Syavne-PC"
+}

terraform/scripts/instance-start.sh

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+export DEBIAN_FRONTEND=noninteractive
+apt-get update
+apt-get install software-properties-common -y
+add-apt-repository universe
+apt-get update
+apt-get install nginx -y
+

terraform/security.tf

@@ -0,0 +1,63 @@
+// Reglas para que la pared de fuego permita salir a Internet
+// Se adjunta a la VPC
+resource "aws_security_group" "tut-egress" {
+  name = "tut-egress"
+  vpc_id = aws_vpc.tut-vpc.id
+
+  egress {
+    cidr_blocks = [ "0.0.0.0/0" ]
+    from_port   = 0
+    protocol    = "-1"
+    to_port     = 0
+  }
+
+  egress {
+    ipv6_cidr_blocks = [ "::/0" ]
+    from_port   = 0
+    protocol    = "-1"
+    to_port     = 0
+  }
+}
+
+// Reglas para que la pared de fuego permita la entrada por SSH
+// Se adjunta a la VPC
+resource "aws_security_group" "tut-public-ssh" {
+  name = "tut-public-ssh"
+  vpc_id = aws_vpc.tut-vpc.id
+
+  ingress {
+    cidr_blocks = [ "0.0.0.0/0" ]
+    from_port   = 22
+    protocol    = "tcp"
+    to_port     = 22
+  }
+
+  ingress {
+    ipv6_cidr_blocks = [ "::/0" ]
+    from_port   = 22
+    protocol    = "tcp"
+    to_port     = 22
+  }
+}
+
+
+// Reglas para que la pared de fuego permita la entrada por HTTP
+// Se adjunta a la VPC
+resource "aws_security_group" "tut-public-web" {
+  name = "tut-public-web"
+  vpc_id = aws_vpc.tut-vpc.id
+
+  ingress {
+    cidr_blocks = [ "0.0.0.0/0" ]
+    from_port   = 80
+    protocol    = "tcp"
+    to_port     = 80
+  }
+
+  ingress {
+    ipv6_cidr_blocks = [ "::/0" ]
+    from_port   = 80
+    protocol    = "tcp"
+    to_port     = 80
+  }
+}

terraform/vpc.tf

@@ -0,0 +1,63 @@
+// Recurso principal para redes
+resource "aws_vpc" "tut-vpc" {
+  assign_generated_ipv6_cidr_block = true
+  cidr_block                       = "10.0.0.0/16"
+  enable_dns_hostnames             = true
+  enable_dns_support               = true
+
+  tags = {
+    Name = "Tutorial"
+  }
+}
+
+// Puerta de enlace para salida a Internet
+// Se adjunta a la VPC
+resource "aws_internet_gateway" "tut-gateway" {
+  vpc_id = aws_vpc.tut-vpc.id
+
+  tags = {
+    Name = "Tutorial"
+  }
+}
+
+// Sub-red para instancias
+// Se adjunta a la VPC
+// Se definen sus direcciones
+resource "aws_subnet" "tut-subnet-1" {
+  assign_ipv6_address_on_creation = true
+  availability_zone               = "us-west-2a"
+  cidr_block                      = cidrsubnet(aws_vpc.tut-vpc.cidr_block, 8, 1)
+  ipv6_cidr_block                 = cidrsubnet(aws_vpc.tut-vpc.ipv6_cidr_block, 8, 1)
+  map_public_ip_on_launch         = true
+  vpc_id                          = aws_vpc.tut-vpc.id
+
+  tags = {
+    Name = "Tutorial"
+  }
+}
+
+// Rutas para salida a Internet
+// Toma por defecto la tabla predefinida en la VPC
+resource "aws_default_route_table" "tut-routes" {
+  default_route_table_id = aws_vpc.tut-vpc.default_route_table_id
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id  = aws_internet_gateway.tut-gateway.id
+  }
+
+  route {
+    ipv6_cidr_block = "::/0"
+    gateway_id  = aws_internet_gateway.tut-gateway.id
+  }
+
+  tags = {
+    Name = "Tutorial"
+  }
+}
+
+// Adjunta las rutas par salida a Internet en la sub-red
+resource "aws_route_table_association" "tut-route-1" {
+  subnet_id      = aws_subnet.tut-subnet-1.id
+  route_table_id = aws_default_route_table.tut-routes.id
+}