diff options
Diffstat (limited to 'Terraform/AWS/instance-with-basic-configs')
10 files changed, 587 insertions, 0 deletions
diff --git a/Terraform/AWS/instance-with-basic-configs/files/vyos_user_data.tfpl b/Terraform/AWS/instance-with-basic-configs/files/vyos_user_data.tfpl new file mode 100644 index 0000000..62b2892 --- /dev/null +++ b/Terraform/AWS/instance-with-basic-configs/files/vyos_user_data.tfpl @@ -0,0 +1,7 @@ +#cloud-config
+vyos_config_commands:
+ - set system host-name 'VyOS-for-Lab'
+ - set system login banner pre-login 'Welcome to the VyOS for Lab on AWS'
+ - set interfaces ethernet eth0 description 'WAN'
+ - set interfaces ethernet eth1 description 'LAN'
+ - set interfaces ethernet eth1 dhcp-options no-default-route
\ No newline at end of file diff --git a/Terraform/AWS/instance-with-basic-configs/keys/vyos_demo_private_key.pem b/Terraform/AWS/instance-with-basic-configs/keys/vyos_demo_private_key.pem new file mode 100644 index 0000000..4c8d388 --- /dev/null +++ b/Terraform/AWS/instance-with-basic-configs/keys/vyos_demo_private_key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAvZj8U767XO84ws+eng0bviq0hUvc+iP2q5Gc+3XPDWEu3S9s +ajBsvtEuLzlZk5QThRxRfjFuB1h+rWLJN2qawv978qpcySqi9IhHfVWLLbIgDuPr +hh8qXkaZ9W/FpLsRR0m+jcrcA1Efvr8cpMSvjHpFfLoH6KI2mbRC05OyfOij7ccz +ahxgBV3G3nil53PkNa5lTDuBYurx3K3jmvmlsC6Du5MSA5dOZ6QXeOT6RTbqJbSj +vSoL9/ku1DjGzTS0bghXWk1l7MkAYG6egMXQkJQmnYlwken1dxSCsH5HaPv8vkEZ +rakdejfRWgqil+OlHrp6D3lWoQbok58WmHH/qQIDAQABAoIBAQCJQH2x1kpmnZr2 +lDxcaFrkEKA8Os4OmwhP7Yq6Eu+/3NGDN3iBaurePCn178tj5Xc4DmcENp5TXQHf +XLsTje3ZKgA9jIy86EutQBaYqdumSeOhQ+fVYSxXsT51CeQHO5DnjYAPv4IEOK8F +c+41bVk0FbPF9hoRk5R5MqCJ78rvVm7q8gpGxftWIKMwVc7lSi2IH9GkrUGe6Y/W +lR6EqXDUHWep7rZN59bHXa82HYy98TzydeQtxBIWTSqfL5X2MGwfOkgNcBI9N4gi +Gj37Ng9lCWLgTfN/bs7chHKo8GrEmzxmSwP7ly+8fEGSvOQOwQ8ITmXN7rrnlTA8 +L0T/1qNNAoGBAOrunMHaZZ6moFU86aBhEJcxth3n10YpXl7AjwrvuquWYa76Hczp +PVs+f4uUYHG4lHwxLtvMVAw89MxRQnLB860l85qkwotoA5s8HIkhANLC/PbY/uHc +rEtrMQEV9z2vtcpFvxHlxut3a8hKONRaXJGJpnOYxKn5vnm3xoVQ/nU7AoGBAM6Z +nqIkYbWOySKbiWy7lKy7jIXlaiNn+vM7hQ5OS60mzDY0Z+yqV2u8y4VeufhiFQd+ +PSXpvosmKGBO4SB3HfE67y4JUFd3Nli6T0884QqsAeL1RIC/H+YK0DAUXLl6/oBL +LKCRt9c99rCnk/8CxqLzYuRPmpSbf2hvgj9c1QBrAoGBALUmhI0dwBnTVfIj4+mc +rtRGqqzopiAdqfzZ8fJ247OHY48uoWftuTfwOxz/rlZCA4y3x/AH4A8HuaMKTXh7 +gU/T4cEupiwkahN7CG3cmuvpGnGk5PR32grVfpXdwCU6paxwl2JPkVDjZqKsSKHF +g3ddcpHUDGEch/kG8fa+e1cdAoGAeaVCHj5Fud1E2Le0Bu278KjNaNlX0VkcDbNx ++KZpMJ6zhwb8WgFCUBFt1C2eWn2F3E+cOYKTyuLAy1QmgjMg0jTdN8IMKDPtL/kj +UYiLCPmWcsfvec8PPSgIxQZ4Qk4FJA0fTbv+/yFg60sAfRppUvDzvXKRlgao0hk2 +G5DRadkCgYAvPYH5NCk/jOa5Mv/6VfUPPaIhzHwADBv9ZXxg8jxw23zwxmozOUHa +v8sZF60s/4Kfd8NKnRPWlFPuvBqEkMQhfbJmP9lUmZkqxnYsXBV8wlPKIx7XAi+3 +CUBSZqJ6SrVewKc2Dx0on5Tr4OFTscK4NdFlp5PrQzZK9cuEn9rWgA== +-----END RSA PRIVATE KEY----- diff --git a/Terraform/AWS/instance-with-basic-configs/keys/vyos_demo_public_key.pem b/Terraform/AWS/instance-with-basic-configs/keys/vyos_demo_public_key.pem new file mode 100644 index 0000000..2b662ee --- /dev/null +++ b/Terraform/AWS/instance-with-basic-configs/keys/vyos_demo_public_key.pem @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9mPxTvrtc7zjCz56eDRu+KrSFS9z6I/arkZz7dc8NYS7dL2xqMGy+0S4vOVmTlBOFHFF+MW4HWH6tYsk3aprC/3vyqlzJKqL0iEd9VYstsiAO4+uGHypeRpn1b8WkuxFHSb6NytwDUR++vxykxK+MekV8ugfoojaZtELTk7J86KPtxzNqHGAFXcbeeKXnc+Q1rmVMO4Fi6vHcreOa+aWwLoO7kxIDl05npBd45PpFNuoltKO9Kgv3+S7UOMbNNLRuCFdaTWXsyQBgbp6AxdCQlCadiXCR6fV3FIKwfkdo+/y+QRmtqR16N9FaCqKX46UeunoPeVahBuiTnxaYcf+p Admin@DESKTOP-R1T9R87 diff --git a/Terraform/AWS/instance-with-basic-configs/main.tf b/Terraform/AWS/instance-with-basic-configs/main.tf new file mode 100644 index 0000000..ddc27ef --- /dev/null +++ b/Terraform/AWS/instance-with-basic-configs/main.tf @@ -0,0 +1,84 @@ +# EC2 KEY PAIR
+
+resource "aws_key_pair" "ec2_key" {
+ key_name = "${var.prefix}-${var.key_pair_name}"
+ public_key = file(var.public_key_path)
+
+ tags = {
+ Name = "${var.prefix}-${var.key_pair_name}"
+ }
+}
+
+
+# THE LATEST AMAZON VYOS 1.4 IMAGE
+
+data "aws_ami" "vyos" {
+ most_recent = true
+ owners = ["679593333241"]
+
+ filter {
+ name = "name"
+ values = ["VyOS 1.4*"]
+ }
+
+ filter {
+ name = "virtualization-type"
+ values = ["hvm"]
+ }
+
+}
+
+
+# VYOS INSTANCE
+
+resource "aws_instance" "vyos" {
+ ami = data.aws_ami.vyos.id
+ instance_type = var.vyos_instance_type
+ key_name = "${var.prefix}-${var.key_pair_name}"
+ availability_zone = var.availability_zone
+
+ user_data_base64 = base64encode(templatefile("${path.module}/files/vyos_user_data.tfpl", {}))
+
+ depends_on = [
+ aws_network_interface.vyos_public_nic,
+ aws_network_interface.vyos_private_nic
+ ]
+
+ network_interface {
+ network_interface_id = aws_network_interface.vyos_public_nic.id
+ device_index = 0
+ }
+
+ network_interface {
+ network_interface_id = aws_network_interface.vyos_private_nic.id
+ device_index = 1
+ }
+
+ tags = {
+ Name = "${var.prefix}-${var.vyos_instance_name}"
+ }
+}
+
+# NETWORK INTERFACES
+
+resource "aws_network_interface" "vyos_public_nic" {
+ subnet_id = aws_subnet.public_subnet.id
+ security_groups = [aws_security_group.public_sg.id]
+ private_ips = [var.vyos_pub_nic_ip_address]
+
+ tags = {
+ Name = "${var.prefix}-${var.vyos_instance_name}-PublicNIC"
+ }
+}
+
+resource "aws_network_interface" "vyos_private_nic" {
+ subnet_id = aws_subnet.private_subnet.id
+ security_groups = [aws_security_group.private_sg.id]
+ private_ips = [var.vyos_priv_nic_address]
+
+ source_dest_check = false
+
+ tags = {
+ Name = "${var.prefix}-${var.vyos_instance_name}-PrivateNIC"
+ }
+}
diff --git a/Terraform/AWS/instance-with-basic-configs/network.tf b/Terraform/AWS/instance-with-basic-configs/network.tf new file mode 100644 index 0000000..4e2ebc0 --- /dev/null +++ b/Terraform/AWS/instance-with-basic-configs/network.tf @@ -0,0 +1,84 @@ +# VPC
+
+resource "aws_vpc" "vpc" {
+ cidr_block = var.vpc_cidr
+ instance_tenancy = "default"
+
+ tags = {
+ Name = "${var.prefix}-${var.vpc_name}"
+ }
+}
+
+# PUBLIC SUBNET
+
+resource "aws_subnet" "public_subnet" {
+ vpc_id = aws_vpc.vpc.id
+ cidr_block = var.public_subnet_cidr
+ availability_zone = var.availability_zone
+ map_public_ip_on_launch = false
+
+ tags = {
+ Name = "${var.prefix}-${var.vpc_name}-${var.public_subnet_name}"
+ }
+
+ depends_on = [aws_internet_gateway.igw]
+}
+
+# PRIVATE SUBNET
+
+resource "aws_subnet" "private_subnet" {
+ vpc_id = aws_vpc.vpc.id
+ cidr_block = var.private_subnet_cidr
+ availability_zone = var.availability_zone
+ map_public_ip_on_launch = false
+
+ tags = {
+ Name = "${var.prefix}-${var.vpc_name}-${var.private_subnet_name}"
+ }
+}
+
+# INTERNET GATEWAY
+
+resource "aws_internet_gateway" "igw" {
+ vpc_id = aws_vpc.vpc.id
+
+ tags = {
+ Name = join("-", [var.prefix, var.igw_name])
+ }
+}
+
+# ELASTICS IP FOR VYOS
+
+resource "aws_eip" "vyos_eip" {
+ domain = "vpc"
+ depends_on = [aws_internet_gateway.igw]
+
+ tags = {
+ Name = join("-", [var.prefix, var.vyos_eip_name])
+ }
+}
+
+resource "aws_eip_association" "vyos_eip_association" {
+ allocation_id = aws_eip.vyos_eip.id
+ network_interface_id = aws_network_interface.vyos_public_nic.id
+}
+
+# PUBLIC ROUTE TABLE
+
+resource "aws_route_table" "public_rtb" {
+ vpc_id = aws_vpc.vpc.id
+
+ route {
+ cidr_block = "0.0.0.0/0"
+ gateway_id = aws_internet_gateway.igw.id
+ }
+
+ tags = {
+ Name = join("-", [var.prefix, var.public_rtb_name])
+ }
+}
+
+resource "aws_route_table_association" "public_rtb_assn" {
+ subnet_id = aws_subnet.public_subnet.id
+ route_table_id = aws_route_table.public_rtb.id
+}
\ No newline at end of file diff --git a/Terraform/AWS/instance-with-basic-configs/output.tf b/Terraform/AWS/instance-with-basic-configs/output.tf new file mode 100644 index 0000000..047d9a7 --- /dev/null +++ b/Terraform/AWS/instance-with-basic-configs/output.tf @@ -0,0 +1,16 @@ +
+output "vyos_public_ip" {
+ value = aws_instance.vyos.public_ip
+}
+
+output "vyos_pub_nic_ip" {
+ value = aws_network_interface.vyos_public_nic.private_ip
+}
+
+output "vyos_priv_nic_01_ip" {
+ value = aws_network_interface.vyos_private_nic.private_ip
+}
+
+output "vyos_key_name" {
+ value = aws_instance.vyos.key_name
+}
diff --git a/Terraform/AWS/instance-with-basic-configs/provider.tf b/Terraform/AWS/instance-with-basic-configs/provider.tf new file mode 100644 index 0000000..c6b24ff --- /dev/null +++ b/Terraform/AWS/instance-with-basic-configs/provider.tf @@ -0,0 +1,22 @@ +# AWS PROVIDER CONFIGURATION
+
+terraform {
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ version = "~> 5.0"
+ }
+ }
+}
+
+provider "aws" {
+ region = var.aws_region
+ default_tags {
+ tags = {
+ Company = "VyOS Inc"
+ Project = "VyOS-Demo"
+ Environment = "Lab"
+ ManagedBy = "Terraform"
+ }
+ }
+}
\ No newline at end of file diff --git a/Terraform/AWS/instance-with-basic-configs/readme.md b/Terraform/AWS/instance-with-basic-configs/readme.md new file mode 100644 index 0000000..c070d77 --- /dev/null +++ b/Terraform/AWS/instance-with-basic-configs/readme.md @@ -0,0 +1,119 @@ +# Terraform Project for deploying VyOS on AWS
+
+This Terraform project is designed to deploy VyOS instances on AWS. This script deploys a VyOS instance from the AWS Marketplace.
+
+## Prerequisites
+
+Before applying this module, ensure you have:
+
+### AWS Requirements
+
+- An active AWS account.
+- AWS CLI installed. [Installation link](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html)
+- Terraform installed. [Installation link](https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli)
+
+### Set AWS environment variables
+
+- Run the following commands in your terminal to set the AWS environment variables:
+
+```sh
+export AWS_ACCESS_KEY_ID="<AWS_ACCESS_KEY_ID>"
+export AWS_SECRET_ACCESS_KEY="<WS_SECRET_ACCESS_KEY>"
+export AWS_SESSION_TOKEN="<AWS_SESSION_TOKEN>"
+export AWS_DEFAULT_REGION="<AWS_REGION>" # e.g us-east-1
+```
+
+### Fetch AMI ID and Owner ID (Required for main.tf)
+First, you must subscribe to VyOS in the AWS Marketplace.
+Then, use the following AWS CLI command to find the correct AMI ID, Owner ID, and ensure you're querying the correct region (e.g., `us-east-1`):
+
+```sh
+aws ec2 describe-images \
+ --owners aws-marketplace \
+ --filters "Name=product-code,Values=8wqdkv3u2b9sa0y73xob2yl90" \
+ --query 'Images[*].[ImageId,OwnerId,Name]' \
+ --output table
+```
+Alternatively, you can hardcode the latest AMI ID for your region in `variables.tf` adding the `vyos_ami_id` variable.
+
+### Generate SSH keypair
+
+A demo SSH keypair is included in the `keys/` folder.
+
+To generate a new key (optional):
+
+```sh
+ssh-keygen -b 2048 -t rsa -m PEM -f keys/vyos_custom_key.pem
+```
+
+## Project Structure
+
+```
+.
+├── files/ # VyOS user-data
+├── keys/ # Pre-generated SSH keys
+├── network.tf # Network setup
+├── provider.tf # Provider configuration
+├── security_groups.tf # Security group configurations
+├── variables.tf # Input variables for customization
+├── vyos_instance.tf # VyOS virtual machine deployment (AWS)
+└── README.md # Documentation
+```
+
+## Usage
+
+### Setup Variables
+
+All variables needed for customization are defined in `variables.tf`. Adjust them according to your requirements, such as EC2 instance type and networking configurations. Before deployment, ensure you check `aws_region`, `availability_zone`, and update `vyos_ami_id` as necessary.
+
+## How to Run the Module
+
+Follow these steps to initialize, plan, apply, and manage your infrastructure with Terraform:
+
+1. **Initialize the Module**
+ ```sh
+ terraform init
+ ```
+
+2. **Format the Terraform Code**
+ ```sh
+ terraform fmt
+ ```
+
+3. **Validate Configuration**
+ ```sh
+ terraform validate
+ ```
+
+4. **Preview Infrastructure Changes Before Deployment**
+ ```sh
+ terraform plan
+ ```
+
+5. **Apply the Configuration**
+ ```sh
+ terraform apply
+ ```
+ Confirm the execution when prompted to provision the infrastructure.
+
+6. **View Outputs**
+ ```sh
+ terraform output
+ ```
+ This will display the management IP and test results for the VyOS instance.
+
+## Management
+
+To manage the VyOS instance, use the `vyos_public_ip` from `terraform output`:
+```sh
+ssh vyos@<vyos_public_ip> -i keys/vyos_demo_private_key.pem
+```
+
+## Destroying Resources
+
+To clean up the deployed infrastructure:
+```sh
+terraform destroy
+```
+Confirm the execution when prompted to remove all provisioned resources.
+
diff --git a/Terraform/AWS/instance-with-basic-configs/security_groups.tf b/Terraform/AWS/instance-with-basic-configs/security_groups.tf new file mode 100644 index 0000000..d8653ae --- /dev/null +++ b/Terraform/AWS/instance-with-basic-configs/security_groups.tf @@ -0,0 +1,111 @@ +# SECURITY GROUP FOR PUBLIC RESOURCES
+
+resource "aws_security_group" "public_sg" {
+ name = join("-", [var.prefix, var.public_sg_name])
+ description = "Security Group for public resources"
+ vpc_id = aws_vpc.vpc.id
+
+ # Allow SSH Traffic
+ ingress {
+ description = "Allow SSH"
+ from_port = 22
+ to_port = 22
+ protocol = "tcp"
+ cidr_blocks = ["0.0.0.0/0"]
+ }
+
+ # Allow Wireguard Traffic
+ ingress {
+ description = "Allow Wireguard"
+ from_port = 51820
+ to_port = 51820
+ protocol = "udp"
+ cidr_blocks = ["0.0.0.0/0"]
+ }
+
+ # Allow OpenVPN Traffic
+ ingress {
+ description = "Allow OpenVPN"
+ from_port = 1194
+ to_port = 1194
+ protocol = "udp"
+ cidr_blocks = ["0.0.0.0/0"]
+ }
+
+ # Allow ESP Traffic
+ ingress {
+ description = "Allow ESP"
+ from_port = 0
+ to_port = 0
+ protocol = "50"
+ cidr_blocks = ["0.0.0.0/0"]
+ }
+
+ # Allow IKE Traffic
+ ingress {
+ description = "Allow IKE"
+ from_port = 500
+ to_port = 500
+ protocol = "udp"
+ cidr_blocks = ["0.0.0.0/0"]
+ }
+
+ # Allow IPSEC Traffic
+ ingress {
+ description = "Allow IPSEC"
+ from_port = 1701
+ to_port = 1701
+ protocol = "udp"
+ cidr_blocks = ["0.0.0.0/0"]
+ }
+
+ # Allow NAT Traversal
+ ingress {
+ description = "Allow NAT Traversal"
+ from_port = 4500
+ to_port = 4500
+ protocol = "udp"
+ cidr_blocks = ["0.0.0.0/0"]
+ }
+
+ # Allow all outbound traffic
+ egress {
+ description = "Allow all outbound traffic"
+ from_port = 0
+ to_port = 0
+ protocol = "-1"
+ cidr_blocks = ["0.0.0.0/0"]
+ }
+
+ tags = {
+ Name = join("-", [var.prefix, var.public_sg_name])
+ }
+}
+
+# SECURITY GROUP FOR PRIVATE RESOURCES
+
+resource "aws_security_group" "private_sg" {
+ name = join("-", [var.prefix, var.private_sg_name])
+ description = "Security Group for private resources"
+ vpc_id = aws_vpc.vpc.id
+
+ ingress {
+ description = "Allow all inbound traffic"
+ from_port = 0
+ to_port = 0
+ protocol = "-1"
+ cidr_blocks = ["0.0.0.0/0"]
+ }
+
+ egress {
+ description = "Allow all outbound traffic"
+ from_port = 0
+ to_port = 0
+ protocol = "-1"
+ cidr_blocks = ["0.0.0.0/0"]
+ }
+
+ tags = {
+ Name = join("-", [var.prefix, var.private_sg_name])
+ }
+}
\ No newline at end of file diff --git a/Terraform/AWS/instance-with-basic-configs/variables.tf b/Terraform/AWS/instance-with-basic-configs/variables.tf new file mode 100644 index 0000000..3493252 --- /dev/null +++ b/Terraform/AWS/instance-with-basic-configs/variables.tf @@ -0,0 +1,116 @@ +variable "aws_region" {
+ description = "AWS Region"
+ type = string
+ default = "us-east-1"
+}
+
+variable "availability_zone" {
+ description = "AWS Availability Zone"
+ type = string
+ default = "us-east-1a"
+}
+
+variable "prefix" {
+ type = string
+ description = "Prefix for the resource names and Name tags"
+ default = "demo"
+}
+
+variable "key_pair_name" {
+ description = "SSH key pair name"
+ type = string
+ default = "vyos-demo-key"
+}
+
+variable "private_key_path" {
+ description = "Path to the private key file"
+ default = "keys/vyos_demo_private_key.pem"
+}
+
+variable "public_key_path" {
+ description = "Path to the private key file"
+ default = "keys/vyos_demo_public_key.pem"
+}
+
+variable "vpc_name" {
+ description = "Name for VPC"
+ default = "test-vpc"
+}
+
+variable "public_subnet_name" {
+ description = "The name of the public subnet"
+ type = string
+ default = "pub-subnet"
+}
+
+variable "private_subnet_name" {
+ description = "The name of the private subnet 01"
+ type = string
+ default = "priv-subnet"
+}
+
+variable "vpc_cidr" {
+ description = "CIDR block for VPC"
+ type = string
+ default = "172.16.0.0/16"
+}
+
+variable "public_subnet_cidr" {
+ description = "CIDR block for public subnet"
+ default = "172.16.1.0/24"
+}
+
+variable "private_subnet_cidr" {
+ description = "CIDR block for private subnet"
+ type = string
+ default = "172.16.11.0/24"
+}
+
+variable "vyos_pub_nic_ip_address" {
+ description = "VyOS Instance Public address"
+ type = string
+ default = "172.16.1.11"
+}
+
+variable "vyos_priv_nic_address" {
+ description = "VyOS Instance Private NIC address"
+ type = string
+ default = "172.16.11.11"
+}
+
+variable "vyos_instance_type" {
+ description = "The type of the VyOS Instance"
+ type = string
+ default = "c5n.xlarge"
+}
+
+variable "vyos_instance_name" {
+ type = string
+ default = "VyOS"
+}
+
+variable "igw_name" {
+ type = string
+ default = "igw"
+}
+
+variable "vyos_eip_name" {
+ type = string
+ default = "vyos"
+}
+
+variable "public_rtb_name" {
+ type = string
+ default = "public-rtb"
+
+}
+
+variable "public_sg_name" {
+ type = string
+ default = "public-sg"
+}
+
+variable "private_sg_name" {
+ type = string
+ default = "private-sg"
+}
|