Versions Compared

Old Version 1

changes.mady.by.user Jean-luc KRIKER

Saved on

compared with

New Version 2

changes.mady.by.user Jean-luc KRIKER

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


1- Copy the terraform.tf file to the new directory

2- run the plan and apply command

3- find out the Public IP@ of the vSRX

4- SSH to 


.\terraform.exe plan
21 .\terraform.exe apply



Code Block
titleterraform.tf
collapsetrue
# Create VPC-iGW-VGW + Subnet + Linux and vSRX Instance
# 0- AWS access and secret key to access AWS
# 1- create an VPC
# 1a- create an Internet Gateway
# 1b- create an default Route in the Main RT
# 1c- create Mgt Security Groups ( Allow Inbound SSH)
# 1d- create IPsec Security Groups ( Allow Indbound IPSec )
# 2b- create Public IPSec subnet ( for Data IPSec Tunnel)
# 2c- create Public Mgmt subnet ( for vSRX Mgmt)
# 2d- associate Public subnet to Main routing table
# 2e- associate Mgmt subnet to Main routing table
# 3- Create an Key pair to access the VM
# 5- create a vSRX instance
# 6- add Network interface to the vSRX Instance
# 7- create an "second" Elastic IP address

# define variables and point to terraform.tfvars
variable "name" {}
variable "access_key" {}
variable "secret_key" {}
variable my_cidr_block {}
variable "region" {}
variable pub_sub0 {}
variable pub_sub1 {}
variable pri_sub2 {}
variable myvsrxami {}

# 0- AWS access and secret key to access AWS
provider "aws" {
        access_key = "${var.access_key}"
        secret_key = "${var.secret_key}"
        region = "${var.region}"
}

# 1- create an VPC in aws
resource "aws_vpc" "vpc" {
  cidr_block           = "${var.my_cidr_block}"
  enable_dns_support   = true
  enable_dns_hostnames = true
  tags {
    Name = "${var.name}"
  }
}

# 1a- create an Internet Gateway
resource "aws_internet_gateway" "gw" {
  vpc_id = "${aws_vpc.vpc.id}"
  tags {
    Name = "${var.name}-igw"
  }
}

# 1b- create an Route in the RT
resource "aws_route" "internet_access" {
  route_table_id         = "${aws_vpc.vpc.main_route_table_id}"
  destination_cidr_block = "0.0.0.0/0"
  gateway_id             = "${aws_internet_gateway.gw.id}"
}

# 1c- create Mgt Security Groups
resource "aws_security_group" "allow_ssh" {
  name = "allow_inbound_SSH"
  description = "Allow inbound SSH traffic from any IP@"
  vpc_id = "${aws_vpc.vpc.id}"
  ingress {
    from_port = 22
    to_port = 22
    protocol = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
  egress {
    from_port       = 0
    to_port         = 0
    protocol        = "-1"
    cidr_blocks     = ["0.0.0.0/0"]
    #prefix_list_ids = ["pl-12c4e678"]
  }
  tags {
    Name = "${var.name}-SG Allow SSH"
    }
}

# 1d- create IPsec Security Groups
#UDP packets on port 500 (and port 4500 if using NAT traversal)
resource "aws_security_group" "allow_IPSec" {
  name = "allow_inbound_IPSec"
  description = "Allow inbound IPSec traffic from any IP@"
  vpc_id = "${aws_vpc.vpc.id}"
  ingress {
    from_port = 22
    to_port = 22
    protocol = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
  ingress {
    from_port = 500
    to_port = 500
    protocol = "udp"
    cidr_blocks = ["0.0.0.0/0"]
  }
  egress {
    from_port       = 0
    to_port         = 0
    protocol        = "-1"
    cidr_blocks     = ["0.0.0.0/0"]
  }
  tags {
    Name = "${var.name}-SG Allow IPSec"
    }
}


# 2b- create Public IPSec subnet ( for Data IPSec Tunnel )
resource "aws_subnet" "public" {
  vpc_id = "${aws_vpc.vpc.id}"
  cidr_block = "${var.pub_sub0}"
  # availability_zone =
  tags {
    Name = "${var.name}-public"
  }
}

# 2c- create Public Mgmt subnet ( for vSRX Mgmt)
resource "aws_subnet" "mgmt" {
  vpc_id = "${aws_vpc.vpc.id}"
  cidr_block = "${var.pub_sub1}"
  availability_zone = "${aws_subnet.public.availability_zone }"
  tags {
    Name = "${var.name}-Mgmt"
  }
}

# 2d- associate Public subnet to Main routing table
resource "aws_route_table_association" "assoc-public" {
  subnet_id      = "${aws_subnet.public.id}"
  route_table_id = "${aws_vpc.vpc.main_route_table_id}"
  #route_table_id = #"${aws_route_table..id}"
}

# 2e- associate Mgmt subnet to Main routing table
resource "aws_route_table_association" "assoc-mgmt" {
  subnet_id      = "${aws_subnet.mgmt.id}"
  route_table_id = "${aws_vpc.vpc.main_route_table_id}"
  #route_table_id = #"${aws_route_table..id}"
}

#3- Create an Key pair to access the VM
#resource "aws_key_pair" "admin_key" {
#  key_name   = "admin_key"
#  public_key = "ssh-rsa AAAAB3[…]"
#}



# 5- create an vSRX instance
resource "aws_instance" "vSRX" {
        #ami = "ami-f4958c90"
        ami = "${var.myvsrxami}"
        instance_type = "m4.xlarge"
        key_name = "TerraformKeyPair"
        subnet_id = "${aws_subnet.mgmt.id}"
        security_groups= ["${aws_security_group.allow_ssh.id}"]
        associate_public_ip_address = true
        availability_zone = "${aws_subnet.public.availability_zone }"
        tags {
         Name = "${var.name}-vSRX1"
        }
}

# 6- add Network interface to the vSRX Instance
resource "aws_network_interface" "ge0-0-0" {
  subnet_id       = "${aws_subnet.public.id}"
  #private_ips     = ["10.0.0.2"]
  security_groups = ["${aws_security_group.allow_IPSec.id}"]
  attachment {
    instance     = "${aws_instance.vSRX.id}"
    device_index = 1
  }
}
# 7- create an "second" Elastic IP address
resource "aws_eip" "eip" {
  #instance = "${aws_instance.web.id}"
  network_interface = "${aws_network_interface.ge0-0-0.id}"
  vpc      = true
}

...