yanivomc · MaorShtern · Jun 29, 2025 · Jun 29, 2025 · Jul 2, 2025 · Jul 6, 2025
diff --git a/AWS-Maor-Labs/101-lab/main.tf b/AWS-Maor-Labs/101-lab/main.tf
@@ -0,0 +1,55 @@
+
+# Define Provider Configuration
+provider "aws" {
+  region = var.region
+}
+
+variable "region" {
+  default = "us-east-1"
+}
+
+
+#  Define a security group to allow SSH access to the VM
+resource "aws_security_group" "sg-Maor" {
+
+ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+
+#  create an EC2 instance
+resource "aws_instance" "vm" {
+  ami           = "ami-0c02fb55956c7d316" # Amazon Linux 2 AMI in us-east-1
+  instance_type = "t2.micro"
+
+  vpc_security_group_ids = [aws_security_group.sg-Maor.id]
+
+  tags = {
+    Name = "Maor-vm"
+  }
+}
+
+
+#   To retrieve the public IP of the virtual machine, use the following output configuration:
+output "vm_public_ip" {
+  value       = aws_instance.vm.public_ip
+  description = "Public IP address of the VM"
+}
+
+
+
+
+
+
+
diff --git a/AWS-Maor-Labs/102-lab/main.tf b/AWS-Maor-Labs/102-lab/main.tf
@@ -0,0 +1,75 @@
+
+# Define Provider Configuration
+provider "aws" {
+  region = var.region
+}
+
+variable "region" {
+  default = "us-east-1"
+}
+
+
+
+#  Define a security group to allow SSH access to the VM
+resource "aws_security_group" "sg-Maor" {
+
+ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+
+#  create an EC2 instance
+resource "aws_instance" "vm" {
+  ami           = "ami-0c02fb55956c7d316" # Amazon Linux 2 AMI in us-east-1
+  instance_type = "t2.micro"
+  subnet_id = "subnet-06acd0b316280afeb"
+  vpc_security_group_ids = [aws_security_group.sg-Maor.id]
+
+  tags = {
+    Name = "Maor-vm"
+  }
+}
+
+
+resource "time_sleep" "wait_for_ip" {
+  create_duration = "10s"  # Wait for 10 seconds
+  depends_on = [ aws_instance.vm ]
+}
+
+
+
+#  This command checks if the public IP address (${aws_instance.vm.public_ip}) is empty (-z).
+resource "null_resource" "check_public_ip" {
+
+  #  If it is empty, it outputs an error message and terminates with an exit code status 1, causing Terraform to stop with an error.
+  provisioner "local-exec" {
+    command = <<EOT
+      if [ -z "${aws_instance.vm.public_ip}" ]; then
+        echo "ERROR: Public IP address was not assigned." >&2
+        exit 1
+      fi
+    EOT
+  }
+
+  depends_on = [aws_instance.vm]
+}
+
+
+
+
+
+
+
+
+
diff --git a/AWS-Maor-Labs/102-lab/output.tf b/AWS-Maor-Labs/102-lab/output.tf
@@ -0,0 +1,7 @@
+#   To retrieve the public IP of the virtual machine, use the following output configuration:
+output "vm_public_ip" {
+  value      = aws_instance.vm.public_ip
+  depends_on = [null_resource.check_public_ip]
+  description = "Public IP address of the VM"
+}
+
diff --git a/AWS-Maor-Labs/102-lab/provider.tf b/AWS-Maor-Labs/102-lab/provider.tf
@@ -0,0 +1,4 @@
+module "iam" {
+  source  = "terraform-aws-modules/iam/aws"
+  version = "5.59.0"
+}
diff --git a/AWS-Maor-Labs/103-lab/apache_install.tf b/AWS-Maor-Labs/103-lab/apache_install.tf
@@ -0,0 +1,38 @@
+
+
+
+# Null Resource for Apache Installation
+resource "null_resource" "provision_apache" {
+  depends_on = [aws_instance.vm]
+
+  # Trigger to force rerun whenever timestamp changes
+  # This will force terraform to rerun the provisioner and update the welcome.html file if changed
+  triggers = {
+    always_run = timestamp()
+  }
+
+  provisioner "remote-exec" {
+    inline = [
+      "sudo apt update",
+      "sudo apt install -y apache2",
+      "echo '<h1>Welcome to the Web Server!</h1>' | sudo tee /var/www/html/welcome.html",
+      "sudo systemctl start apache2",
+      "sudo systemctl enable apache2"
+    ]
+
+    connection {
+      type     = "ssh"
+      user     = "ubuntu"
+      password = var.admin_password
+      host     = aws_instance.vm.public_ip
+      timeout  = "1m"
+    }
+  }
+}
+
+
+# Updated Output for Server Information to use data source
+output "server_info" {
+  value       = "Please browse: http://${aws_instance.vm.public_ip}/welcome.html"
+  description = "Instructions to access the server, note that port 80 is currently blocked."
+}
diff --git a/AWS-Maor-Labs/103-lab/global.tf b/AWS-Maor-Labs/103-lab/global.tf
@@ -0,0 +1,30 @@
+#  This file defines the provider (AWS) and the global variables for your configuration.
+
+
+provider "aws" {
+ region = var.region
+}
+
+variable "region" {
+ default = "us-west-2"
+}
+
+
+variable "ami" {
+ default = "ami-04feae287ec8b0244"
+ }
+variable "vm_name" {
+ default = "vm-Maor"
+}
+
+variable "admin_username" {
+ default = "admin-user"
+}
+
+variable "admin_password" {
+ default = "Password123!"
+}
+
+variable "vm_size" {
+ default = "t2.micro"
+}
diff --git a/AWS-Maor-Labs/103-lab/network.tf b/AWS-Maor-Labs/103-lab/network.tf
@@ -0,0 +1,54 @@
+
+
+resource "aws_security_group" "sg" {
+ ingress {
+   from_port   = 22
+   to_port     = 22
+   protocol    = "tcp"
+   cidr_blocks = ["0.0.0.0/0"]
+ }
+
+
+ egress {
+   from_port   = 0
+   to_port     = 0
+   protocol    = "-1"
+   cidr_blocks = ["0.0.0.0/0"]
+ }
+}
+
+
+
+
+
+
+
+
+# #  Network Configuration File
+
+
+# resource "aws_security_group" "sg" {
+#   #     allow port 22 to be open
+#   ingress {
+#    from_port   = 22
+#    to_port     = 22
+#    protocol    = "tcp"
+#    cidr_blocks = ["0.0.0.0/0"]
+#   }
+
+#   #     allow port 80 to be open
+#   ingress {
+#     from_port   = 80
+#     to_port     = 80
+#     protocol    = "tcp"
+#     cidr_blocks = ["0.0.0.0/0"]
+#   }
+
+#   #     All outbound traffic (egress) to the internet — no restriction.
+#  egress {
+#    from_port   = 0
+#    to_port     = 0
+#    protocol    = "-1"
+#    cidr_blocks = ["0.0.0.0/0"]
+#  }
+# }
diff --git a/AWS-Maor-Labs/103-lab/validate_ip.tf b/AWS-Maor-Labs/103-lab/validate_ip.tf
@@ -0,0 +1,28 @@
+resource "time_sleep" "wait_for_ip" {
+ create_duration = "1m"  # Wait for 1 minute to allow AWS to allocate the IP
+}
+
+
+#  The null_resource runs a local script to validate the IP allocation, retrying a few times if needed.
+#  The data source fetches the latest IP once the validation completes successfully.
+
+resource "null_resource" "validate_ip" {
+ provisioner "local-exec" {
+   command = <<EOT
+     retries=4
+     interval=30
+     for i in $(seq 1 $retries); do
+       if [ -z "${aws_instance.vm.public_ip}" ]; then
+         echo "Attempt $i: Public IP address not assigned yet, retrying in $interval seconds..."
+         sleep $interval
+       else
+         echo "Public IP address assigned: ${aws_instance.vm.public_ip}"
+         exit 0
+       fi
+     done
+     echo "ERROR: Public IP address was not assigned after $retries attempts." >&2
+     exit 1
+   EOT
+ }
+ depends_on = [time_sleep.wait_for_ip]
+}
diff --git a/AWS-Maor-Labs/103-lab/vm.tf b/AWS-Maor-Labs/103-lab/vm.tf
@@ -0,0 +1,50 @@
+resource "aws_instance" "vm" {
+ ami                         = var.ami
+ instance_type               = var.vm_size
+ vpc_security_group_ids      = [aws_security_group.sg.id]
+
+ tags = {
+   Name = var.vm_name
+ }
+
+ user_data = <<-EOF
+   #cloud-config
+   users:
+     - name: ${var.admin_username}
+       groups: sudo
+       shell: /bin/bash
+       sudo: ["ALL=(ALL) NOPASSWD:ALL"]
+       lock_passwd: false
+       passwd: $(echo ${var.admin_password} | openssl passwd -6 -stdin)
+   EOF
+
+ }
+
+output "vm_public_ip" {
+ value = aws_instance.vm.public_ip
+}
+
+
+# -----------------------------------------------------------
+# Notes regarding the user login configuration:
+# 
+# Explanation:
+# 1. Cloud-Init:
+#   - user_data allows you to pass initialization scripts to the EC2 instance during boot.
+#   - The #cloud-config syntax is used to create users and set passwords.
+#
+# 2. Password Encryption:
+#   - The `passwd` field requires a hashed password.
+#   - Use `openssl passwd -6` to generate a secure hash for the password.
+#   - Replace the hash generation dynamically if needed (e.g., in CI/CD pipelines).
+#
+# 3. Locking SSH:
+#   - By not specifying an SSH key and relying on user_data, you enable user/password login.
+#   - Ensure the AWS security group allows SSH (port 22) if required for initial configuration.
+#
+# 4. Security Considerations (TBD):
+#   - Avoid hardcoding sensitive credentials in your Terraform code.
+#   - Use secure methods to pass secrets, such as:
+#     - Terraform variables stored in encrypted state files
+#     - A secrets management solution (e.g., AWS Secrets Manager)
+# -----------------------------------------------------------
diff --git a/AWS-Maor-Labs/104-lab/mock_outputs.tf b/AWS-Maor-Labs/104-lab/mock_outputs.tf
@@ -0,0 +1,35 @@
+
+
+# Mock the number of virtual machines needed
+output "vm_count" {
+  value = var.high_availability ? 3 : 1
+  description = "Number of VMs required for the environment. If high availability is true, 3 VMs are needed; otherwise, 1."
+}
+
+# Mocking network requirements based on environment
+output "network_configuration" {
+  value = var.environment == "prod" ? "Production Network - Full Scale" : "Development/Staging Network - Limited Scale"
+  description = "Provides the network configuration type based on the environment."
+}
+
+# Example of conditional logic using a ternary operator
+output "ha_status_message" {
+  value = var.high_availability ? "High availability is enabled - multiple VMs are needed." : "High availability is disabled - a single VM is sufficient."
+  description = "A message indicating if high availability is enabled or disabled."
+}
+
+# Mocking subnet creation using for_each
+locals {
+  subnets = var.high_availability ? ["subnet-a", "subnet-b", "subnet-c"] : ["subnet-a"]
+}
+
+output "mock_subnet_list" {
+  value = [for subnet in local.subnets : "Configured ${subnet}"]
+  description = "A mocked list of subnets that would be created based on high availability."
+}
+
+
+
+
+
+