Task: Create Key Pair Using Terraform
Date: 06May2025
The Nautilus DevOps team is strategizing the migration of a portion of their infrastructure to the AWS cloud. Recognizing the scale of this undertaking, they have opted to approach the migration in incremental steps rather than as a single massive transition. To achieve this, they have segmented large tasks into smaller, more manageable units. This granular approach enables the team to execute the migration in gradual phases, ensuring smoother implementation and minimizing disruption to ongoing operations. By breaking down the migration into smaller tasks, the Nautilus DevOps team can systematically progress through each stage, allowing for better control, risk mitigation, and optimization of resources throughout the migration process.
For this task, create a key pair using Terraform with the following requirements:
Note: Right-click under the EXPLORER section in VS Code and select Open in Integrated Terminal to launch the terminal.
For this task, create a key pair using Terraform with the following requirements:
- Name of the key pair should be devops-kp.
- Key pair type must be rsa.
- The private key file should be saved under /home/bob.
Note: Right-click under the EXPLORER section in VS Code and select Open in Integrated Terminal to launch the terminal.
Solution:
Create main.tf file.
# cd /home/bob/terraform
# vi main.tf
resource "tls_private_key" "nautilus_private_key" {
algorithm = "RSA"
rsa_bits = 2048
}
resource "aws_key_pair" "nautilus_kp" {
key_name = "nautilus-kp"
public_key = tls_private_key.nautilus_private_key.public_key_openssh
}
output "private_key_pem" {
value = tls_private_key.nautilus_private_key.private_key_pem
sensitive = true
}
output "key_pair_name" {
value = aws_key_pair.nautilus_kp.key_name
}
bob@iac-server ~/terraform via 💠default ✖ terraform init
Initializing the backend...
Initializing provider plugins...
- Finding hashicorp/aws versions matching "5.91.0"...
- Finding latest version of hashicorp/tls...
- Installing hashicorp/aws v5.91.0...
- Installed hashicorp/aws v5.91.0 (signed by HashiCorp)
- Installing hashicorp/tls v4.1.0...
- Installed hashicorp/tls v4.1.0 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
bob@iac-server ~/terraform via 💠default ➜ terraform validate
Success! The configuration is valid.
bob@iac-server ~/terraform via 💠default ➜ terraform plan
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_key_pair.nautilus_kp will be created
+ resource "aws_key_pair" "nautilus_kp" {
+ arn = (known after apply)
+ fingerprint = (known after apply)
+ id = (known after apply)
+ key_name = "nautilus-kp"
+ key_name_prefix = (known after apply)
+ key_pair_id = (known after apply)
+ key_type = (known after apply)
+ public_key = (known after apply)
+ tags_all = (known after apply)
}
# tls_private_key.nautilus_private_key will be created
+ resource "tls_private_key" "nautilus_private_key" {
+ algorithm = "RSA"
+ ecdsa_curve = "P224"
+ id = (known after apply)
+ private_key_openssh = (sensitive value)
+ private_key_pem = (sensitive value)
+ private_key_pem_pkcs8 = (sensitive value)
+ public_key_fingerprint_md5 = (known after apply)
+ public_key_fingerprint_sha256 = (known after apply)
+ public_key_openssh = (known after apply)
+ public_key_pem = (known after apply)
+ rsa_bits = 2048
}
Plan: 2 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ key_pair_name = "nautilus-kp"
+ private_key_pem = (sensitive value)
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply"
now.
bob@iac-server ~/terraform via 💠default ➜ terraform apply
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_key_pair.nautilus_kp will be created
+ resource "aws_key_pair" "nautilus_kp" {
+ arn = (known after apply)
+ fingerprint = (known after apply)
+ id = (known after apply)
+ key_name = "nautilus-kp"
+ key_name_prefix = (known after apply)
+ key_pair_id = (known after apply)
+ key_type = (known after apply)
+ public_key = (known after apply)
+ tags_all = (known after apply)
}
# tls_private_key.nautilus_private_key will be created
+ resource "tls_private_key" "nautilus_private_key" {
+ algorithm = "RSA"
+ ecdsa_curve = "P224"
+ id = (known after apply)
+ private_key_openssh = (sensitive value)
+ private_key_pem = (sensitive value)
+ private_key_pem_pkcs8 = (sensitive value)
+ public_key_fingerprint_md5 = (known after apply)
+ public_key_fingerprint_sha256 = (known after apply)
+ public_key_openssh = (known after apply)
+ public_key_pem = (known after apply)
+ rsa_bits = 2048
}
Plan: 2 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ key_pair_name = "nautilus-kp"
+ private_key_pem = (sensitive value)
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
tls_private_key.nautilus_private_key: Creating...
tls_private_key.nautilus_private_key: Creation complete after 0s [id=1aaa475d1581e8114fd44282e84ef1d6e11768f5]
aws_key_pair.nautilus_kp: Creating...
aws_key_pair.nautilus_kp: Creation complete after 2s [id=nautilus-kp]
Apply complete! Resources: 2 added, 0 changed, 0 destroyed.
Outputs:
key_pair_name = "nautilus-kp"
private_key_pem = <sensitive>
algorithm = "RSA"
rsa_bits = 2048
}
resource "aws_key_pair" "nautilus_kp" {
key_name = "nautilus-kp"
public_key = tls_private_key.nautilus_private_key.public_key_openssh
}
output "private_key_pem" {
value = tls_private_key.nautilus_private_key.private_key_pem
sensitive = true
}
output "key_pair_name" {
value = aws_key_pair.nautilus_kp.key_name
}
bob@iac-server ~/terraform via 💠default ✖ terraform init
Initializing the backend...
Initializing provider plugins...
- Finding hashicorp/aws versions matching "5.91.0"...
- Finding latest version of hashicorp/tls...
- Installing hashicorp/aws v5.91.0...
- Installed hashicorp/aws v5.91.0 (signed by HashiCorp)
- Installing hashicorp/tls v4.1.0...
- Installed hashicorp/tls v4.1.0 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
bob@iac-server ~/terraform via 💠default ➜ terraform validate
Success! The configuration is valid.
bob@iac-server ~/terraform via 💠default ➜ terraform plan
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_key_pair.nautilus_kp will be created
+ resource "aws_key_pair" "nautilus_kp" {
+ arn = (known after apply)
+ fingerprint = (known after apply)
+ id = (known after apply)
+ key_name = "nautilus-kp"
+ key_name_prefix = (known after apply)
+ key_pair_id = (known after apply)
+ key_type = (known after apply)
+ public_key = (known after apply)
+ tags_all = (known after apply)
}
# tls_private_key.nautilus_private_key will be created
+ resource "tls_private_key" "nautilus_private_key" {
+ algorithm = "RSA"
+ ecdsa_curve = "P224"
+ id = (known after apply)
+ private_key_openssh = (sensitive value)
+ private_key_pem = (sensitive value)
+ private_key_pem_pkcs8 = (sensitive value)
+ public_key_fingerprint_md5 = (known after apply)
+ public_key_fingerprint_sha256 = (known after apply)
+ public_key_openssh = (known after apply)
+ public_key_pem = (known after apply)
+ rsa_bits = 2048
}
Plan: 2 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ key_pair_name = "nautilus-kp"
+ private_key_pem = (sensitive value)
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply"
now.
bob@iac-server ~/terraform via 💠default ➜ terraform apply
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_key_pair.nautilus_kp will be created
+ resource "aws_key_pair" "nautilus_kp" {
+ arn = (known after apply)
+ fingerprint = (known after apply)
+ id = (known after apply)
+ key_name = "nautilus-kp"
+ key_name_prefix = (known after apply)
+ key_pair_id = (known after apply)
+ key_type = (known after apply)
+ public_key = (known after apply)
+ tags_all = (known after apply)
}
# tls_private_key.nautilus_private_key will be created
+ resource "tls_private_key" "nautilus_private_key" {
+ algorithm = "RSA"
+ ecdsa_curve = "P224"
+ id = (known after apply)
+ private_key_openssh = (sensitive value)
+ private_key_pem = (sensitive value)
+ private_key_pem_pkcs8 = (sensitive value)
+ public_key_fingerprint_md5 = (known after apply)
+ public_key_fingerprint_sha256 = (known after apply)
+ public_key_openssh = (known after apply)
+ public_key_pem = (known after apply)
+ rsa_bits = 2048
}
Plan: 2 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ key_pair_name = "nautilus-kp"
+ private_key_pem = (sensitive value)
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
tls_private_key.nautilus_private_key: Creating...
tls_private_key.nautilus_private_key: Creation complete after 0s [id=1aaa475d1581e8114fd44282e84ef1d6e11768f5]
aws_key_pair.nautilus_kp: Creating...
aws_key_pair.nautilus_kp: Creation complete after 2s [id=nautilus-kp]
Apply complete! Resources: 2 added, 0 changed, 0 destroyed.
Outputs:
key_pair_name = "nautilus-kp"
private_key_pem = <sensitive>
Save the Private Key Locally
bob@iac-server ~/terraform via 💠default ➜ terraform output -raw private_key_pem > /home/bob/nautilus-kp.pem
bob@iac-server ~/terraform via 💠default ➜ chmod 600 /home/bob/nautilus-kp.pem
bob@iac-server ~/terraform via 💠default ➜ aws ec2 describe-key-pairs --key-name nautilus-kp
{
"KeyPairs": [
{
"KeyPairId": "key-3e5a23b1f0a2e53a4",
"CreateTime": "2025-05-06T11:07:30.973000Z",
"KeyName": "nautilus-kp",
"KeyFingerprint": "70:44:7e:3a:08:1f:01:1e:bd:8e:c6:6f:eb:71:fb:5a"
}
]
}
bob@iac-server ~/terraform via 💠default ➜ ls /home/bob/
.aws/ .bashrc .config/ .profile .vscode/ nautilus-kp.pem .bash_logout .cache/ .local/ .terraform.d/ .vscode-terminal.sh terraform/
bob@iac-server ~/terraform via 💠default ➜
bob@iac-server ~/terraform via 💠default ➜ terraform output -raw private_key_pem > /home/bob/nautilus-kp.pem
bob@iac-server ~/terraform via 💠default ➜ chmod 600 /home/bob/nautilus-kp.pem
bob@iac-server ~/terraform via 💠default ➜ aws ec2 describe-key-pairs --key-name nautilus-kp
{
"KeyPairs": [
{
"KeyPairId": "key-3e5a23b1f0a2e53a4",
"CreateTime": "2025-05-06T11:07:30.973000Z",
"KeyName": "nautilus-kp",
"KeyFingerprint": "70:44:7e:3a:08:1f:01:1e:bd:8e:c6:6f:eb:71:fb:5a"
}
]
}
bob@iac-server ~/terraform via 💠default ➜ ls /home/bob/
.aws/ .bashrc .config/ .profile .vscode/ nautilus-kp.pem .bash_logout .cache/ .local/ .terraform.d/ .vscode-terminal.sh terraform/
bob@iac-server ~/terraform via 💠default ➜
Task: Create Security Group Using Terraform
Task: Create VPC with CIDR Using Terraform
Date: 06May2025
The Nautilus DevOps team is strategizing the migration of a portion of their infrastructure to the AWS cloud. Recognizing the scale of this undertaking, they have opted to approach the migration in incremental steps rather than as a single massive transition. To achieve this, they have segmented large tasks into smaller, more manageable units. This granular approach enables the team to execute the migration in gradual phases, ensuring smoother implementation and minimizing disruption to ongoing operations. By breaking down the migration into smaller tasks, the Nautilus DevOps team can systematically progress through each stage, allowing for better control, risk mitigation, and optimization of resources throughout the migration process.
Use Terraform to create a security group under the default VPC with the following requirements:
1) The name of the security group must be devops-sg.
2) The description must be Security group for Nautilus App Servers.
3) Add an inbound rule of type HTTP, with a port range of 80, and source CIDR range 0.0.0.0/0.
4) Add another inbound rule of type SSH, with a port range of 22, and source CIDR range 0.0.0.0/0.
Ensure that the security group is created in the us-east-1 region using Terraform. The Terraform working directory is /home/bob/terraform. Create the main.tf file (do not create a different .tf file) to accomplish this task.
Note: Right-click under the EXPLORER section in VS Code and select Open in Integrated Terminal to launch the terminal.
Solution:
bob@iac-server ~/terraform via 💠default ➜ pwd
/home/bob/terraform
bob@iac-server ~/terraform via 💠default ➜ vi main.tf
resource "aws_security_group" "devops_sg" {
name = "devops-sg"
description = "Security group for Nautilus App Servers"
vpc_id = data.aws_vpc.default.id
ingress {
description = "Allow HTTP traffic"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"] # Replace 0.0.0.0 with the actual IP address
}
ingress {
description = "Allow SSH traffic"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"] # Replace 0.0.0.0 with the actual IP address
}
egress {
description = "Allow all outbound traffic"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "devops-sg"
}
}
data "aws_vpc" "default" {
default = true
}
bob@iac-server ~/terraform via 💠default ➜ terraform init
Initializing the backend...
Initializing provider plugins...
- Finding hashicorp/aws versions matching "5.91.0"...
- Installing hashicorp/aws v5.91.0...
- Installed hashicorp/aws v5.91.0 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
bob@iac-server ~/terraform via 💠default ➜ terraform validate
Success! The configuration is valid.
bob@iac-server ~/terraform via 💠default ➜ terraform plan
data.aws_vpc.default: Reading...
data.aws_vpc.default: Read complete after 2s [id=vpc-adf2d958aae8f02c5]
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_security_group.devops_sg will be created
+ resource "aws_security_group" "devops_sg" {
+ arn = (known after apply)
+ description = "Security group for Nautilus App Servers"
+ egress = [
+ {
+ cidr_blocks = [
+ "0.0.0.0/0",
]
+ description = "Allow all outbound traffic"
+ from_port = 0
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "-1"
+ security_groups = []
+ self = false
+ to_port = 0
},
]
+ id = (known after apply)
+ ingress = [
+ {
+ cidr_blocks = [
+ "0.0.0.0/0",
]
+ description = "Allow HTTP traffic"
+ from_port = 80
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_groups = []
+ self = false
+ to_port = 80
},
+ {
+ cidr_blocks = [
+ "0.0.0.0/0",
]
+ description = "Allow SSH traffic"
+ from_port = 22
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_groups = []
+ self = false
+ to_port = 22
},
]
+ name = "devops-sg"
+ name_prefix = (known after apply)
+ owner_id = (known after apply)
+ revoke_rules_on_delete = false
+ tags = {
+ "Name" = "devops-sg"
}
+ tags_all = {
+ "Name" = "devops-sg"
}
+ vpc_id = "vpc-adf2d958aae8f02c5"
}
Plan: 1 to add, 0 to change, 0 to destroy.
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply"
now.
bob@iac-server ~/terraform via 💠default ➜ terraform apply
data.aws_vpc.default: Reading...
data.aws_vpc.default: Read complete after 0s [id=vpc-adf2d958aae8f02c5]
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_security_group.devops_sg will be created
+ resource "aws_security_group" "devops_sg" {
+ arn = (known after apply)
+ description = "Security group for Nautilus App Servers"
+ egress = [
+ {
+ cidr_blocks = [
+ "0.0.0.0/0",
]
+ description = "Allow all outbound traffic"
+ from_port = 0
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "-1"
+ security_groups = []
+ self = false
+ to_port = 0
},
]
+ id = (known after apply)
+ ingress = [
+ {
+ cidr_blocks = [
+ "0.0.0.0/0",
]
+ description = "Allow HTTP traffic"
+ from_port = 80
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_groups = []
+ self = false
+ to_port = 80
},
+ {
+ cidr_blocks = [
+ "0.0.0.0/0",
]
+ description = "Allow SSH traffic"
+ from_port = 22
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_groups = []
+ self = false
+ to_port = 22
},
]
+ name = "devops-sg"
+ name_prefix = (known after apply)
+ owner_id = (known after apply)
+ revoke_rules_on_delete = false
+ tags = {
+ "Name" = "devops-sg"
}
+ tags_all = {
+ "Name" = "devops-sg"
}
+ vpc_id = "vpc-adf2d958aae8f02c5"
}
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
aws_security_group.devops_sg: Creating...
aws_security_group.devops_sg: Creation complete after 0s [id=sg-9ee7bf73d93591307]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
bob@iac-server ~/terraform via 💠default ➜ aws ec2 describe-security-groups --group-names devops-sg
{
"SecurityGroups": [
{
"GroupId": "sg-9ee7bf73d93591307",
"IpPermissionsEgress": [
{
"IpProtocol": "-1",
"UserIdGroupPairs": [],
"IpRanges": [
{
"Description": "Allow all outbound traffic",
"CidrIp": "0.0.0.0/0"
}
],
"Ipv6Ranges": [],
"PrefixListIds": []
}
],
"Tags": [
{
"Key": "Name",
"Value": "devops-sg"
}
],
"VpcId": "vpc-adf2d958aae8f02c5",
"SecurityGroupArn": "arn:aws:ec2:us-east-1:000000000000:security-group/sg-9ee7bf73d93591307",
"OwnerId": "000000000000",
"GroupName": "devops-sg",
"Description": "Security group for Nautilus App Servers",
"IpPermissions": [
{
"IpProtocol": "tcp",
"FromPort": 22,
"ToPort": 22,
"UserIdGroupPairs": [],
"IpRanges": [
{
"Description": "Allow SSH traffic",
"CidrIp": "0.0.0.0/0"
}
],
"Ipv6Ranges": [],
"PrefixListIds": []
},
{
"IpProtocol": "tcp",
"FromPort": 80,
"ToPort": 80,
"UserIdGroupPairs": [],
"IpRanges": [
{
"Description": "Allow HTTP traffic",
"CidrIp": "0.0.0.0/0"
}
],
"Ipv6Ranges": [],
"PrefixListIds": []
}
]
}
]
}
bob@iac-server ~/terraform via 💠default ➜
Tasks: Create VPC Using Terraform
Date: 11 May 2025
The Nautilus DevOps team is strategizing the migration of a portion of their infrastructure to the AWS cloud. Recognizing the scale of this undertaking, they have opted to approach the migration in incremental steps rather than as a single massive transition. To achieve this, they have segmented large tasks into smaller, more manageable units. This granular approach enables the team to execute the migration in gradual phases, ensuring smoother implementation and minimizing disruption to ongoing operations. By breaking down the migration into smaller tasks, the Nautilus DevOps team can systematically progress through each stage, allowing for better control, risk mitigation, and optimization of resources throughout the migration process.
> Create a VPC named devops-vpc in region us-east-1 with any IPv4 CIDR block through terraform.
> The Terraform working directory is /home/bob/terraform. Create the main.tf file (do not create a different .tf file) to accomplish this task.
Note: Right-click under the EXPLORER section in VS Code and select Open in Integrated Terminal to launch the terminal.
Solution:
bob@iac-server ~/terraform via 💠default ➜ pwd
/home/bob/terraform
bob@iac-server ~/terraform via 💠default ➜ ls
README.MD main.tf provider.tf
bob@iac-server ~/terraform via 💠default ➜ cat main.tf
resource "aws_vpc" "devops_vpc" {
cidr_block = "10.0.0.0/16" # Replace this with your desired IPv4 CIDR block
enable_dns_support = true
enable_dns_hostnames = true
tags = {
Name = "devops-vpc"
}
}
bob@iac-server ~/terraform via 💠default ➜ terraform init
Initializing the backend...
Initializing provider plugins...
- Finding hashicorp/aws versions matching "5.91.0"...
- Installing hashicorp/aws v5.91.0...
- Installed hashicorp/aws v5.91.0 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
bob@iac-server ~/terraform via 💠default ➜ terraform validate
Success! The configuration is valid.
bob@iac-server ~/terraform via 💠default ➜ terraform plan
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_vpc.devops_vpc will be created
+ resource "aws_vpc" "devops_vpc" {
+ arn = (known after apply)
+ cidr_block = "10.0.0.0/16"
+ default_network_acl_id = (known after apply)
+ default_route_table_id = (known after apply)
+ default_security_group_id = (known after apply)
+ dhcp_options_id = (known after apply)
+ enable_dns_hostnames = true
+ enable_dns_support = true
+ enable_network_address_usage_metrics = (known after apply)
+ id = (known after apply)
+ instance_tenancy = "default"
+ ipv6_association_id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ ipv6_cidr_block_network_border_group = (known after apply)
+ main_route_table_id = (known after apply)
+ owner_id = (known after apply)
+ tags = {
+ "Name" = "devops-vpc"
}
+ tags_all = {
+ "Name" = "devops-vpc"
}
}
Plan: 1 to add, 0 to change, 0 to destroy.
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply"
now.
bob@iac-server ~/terraform via 💠default ➜ terraform apply
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_vpc.devops_vpc will be created
+ resource "aws_vpc" "devops_vpc" {
+ arn = (known after apply)
+ cidr_block = "10.0.0.0/16"
+ default_network_acl_id = (known after apply)
+ default_route_table_id = (known after apply)
+ default_security_group_id = (known after apply)
+ dhcp_options_id = (known after apply)
+ enable_dns_hostnames = true
+ enable_dns_support = true
+ enable_network_address_usage_metrics = (known after apply)
+ id = (known after apply)
+ instance_tenancy = "default"
+ ipv6_association_id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ ipv6_cidr_block_network_border_group = (known after apply)
+ main_route_table_id = (known after apply)
+ owner_id = (known after apply)
+ tags = {
+ "Name" = "devops-vpc"
}
+ tags_all = {
+ "Name" = "devops-vpc"
}
}
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
aws_vpc.devops_vpc: Creating...
aws_vpc.devops_vpc: Still creating... [10s elapsed]
aws_vpc.devops_vpc: Creation complete after 11s [id=vpc-b51761788020b0253]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
bob@iac-server ~/terraform via 💠default ➜ aws ec2 describe-vpcs-filters "Name=tag:Name,Values=devops-vpc"
Note: AWS CLI version 2, the latest major version of the AWS CLI, is now stable and recommended for general use. For more information, see the AWS CLI version 2 installation instructions at: https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html
usage: aws [options] <command> <subcommand> [<subcommand> ...] [parameters]
To see help text, you can run:
aws help
aws <command> help
aws <command> <subcommand> help
aws: error: argument operation: Invalid choice, valid choices are:
accept-address-transfer | accept-capacity-reservation-billing-ownership
accept-reserved-instances-exchange-quote | accept-transit-gateway-multicast-domain-associations
accept-transit-gateway-peering-attachment | accept-transit-gateway-vpc-attachment
accept-vpc-endpoint-connections | accept-vpc-peering-connection
advertise-byoip-cidr | allocate-address
allocate-hosts | allocate-ipam-pool-cidr
apply-security-groups-to-client-vpn-target-network | assign-ipv6-addresses
assign-private-ip-addresses | assign-private-nat-gateway-address
associate-address | associate-capacity-reservation-billing-owner
associate-client-vpn-target-network | associate-dhcp-options
associate-enclave-certificate-iam-role | associate-iam-instance-profile
associate-instance-event-window | associate-ipam-byoasn
associate-ipam-resource-discovery | associate-nat-gateway-address
associate-route-server | associate-route-table
associate-security-group-vpc | associate-subnet-cidr-block
associate-transit-gateway-multicast-domain | associate-transit-gateway-policy-table
associate-transit-gateway-route-table | associate-trunk-interface
associate-vpc-cidr-block | attach-classic-link-vpc
attach-internet-gateway | attach-network-interface
attach-verified-access-trust-provider | attach-volume
attach-vpn-gateway | authorize-client-vpn-ingress
authorize-security-group-egress | authorize-security-group-ingress
bundle-instance | cancel-bundle-task
cancel-capacity-reservation | cancel-capacity-reservation-fleets
cancel-conversion-task | cancel-declarative-policies-report
cancel-export-task | cancel-image-launch-permission
cancel-import-task | cancel-reserved-instances-listing
cancel-spot-fleet-requests | cancel-spot-instance-requests
confirm-product-instance | copy-fpga-image
copy-image | copy-snapshot
create-capacity-reservation | create-capacity-reservation-by-splitting
create-capacity-reservation-fleet | create-carrier-gateway
create-client-vpn-endpoint | create-client-vpn-route
create-coip-cidr | create-coip-pool
create-customer-gateway | create-default-subnet
create-default-vpc | create-dhcp-options
create-egress-only-internet-gateway | create-fleet
create-flow-logs | create-fpga-image
create-image | create-instance-connect-endpoint
create-instance-event-window | create-instance-export-task
create-internet-gateway | create-ipam
create-ipam-external-resource-verification-token | create-ipam-pool
create-ipam-resource-discovery | create-ipam-scope
create-key-pair | create-launch-template
create-launch-template-version | create-local-gateway-route
create-local-gateway-route-table | create-local-gateway-route-table-virtual-interface-group-association
create-local-gateway-route-table-vpc-association | create-managed-prefix-list
create-nat-gateway | create-network-acl
create-network-acl-entry | create-network-insights-access-scope
create-network-insights-path | create-network-interface
create-network-interface-permission | create-placement-group
create-public-ipv4-pool | create-replace-root-volume-task
create-reserved-instances-listing | create-restore-image-task
create-route | create-route-server
create-route-server-endpoint | create-route-server-peer
create-route-table | create-security-group
create-snapshot | create-snapshots
create-spot-datafeed-subscription | create-store-image-task
create-subnet | create-subnet-cidr-reservation
create-tags | create-traffic-mirror-filter
create-traffic-mirror-filter-rule | create-traffic-mirror-session
create-traffic-mirror-target | create-transit-gateway
create-transit-gateway-connect | create-transit-gateway-connect-peer
create-transit-gateway-multicast-domain | create-transit-gateway-peering-attachment
create-transit-gateway-policy-table | create-transit-gateway-prefix-list-reference
create-transit-gateway-route | create-transit-gateway-route-table
create-transit-gateway-route-table-announcement | create-transit-gateway-vpc-attachment
create-verified-access-endpoint | create-verified-access-group
create-verified-access-instance | create-verified-access-trust-provider
create-volume | create-vpc
create-vpc-block-public-access-exclusion | create-vpc-endpoint
create-vpc-endpoint-connection-notification | create-vpc-endpoint-service-configuration
create-vpc-peering-connection | create-vpn-connection
create-vpn-connection-route | create-vpn-gateway
delete-carrier-gateway | delete-client-vpn-endpoint
delete-client-vpn-route | delete-coip-cidr
delete-coip-pool | delete-customer-gateway
delete-dhcp-options | delete-egress-only-internet-gateway
delete-fleets | delete-flow-logs
delete-fpga-image | delete-instance-connect-endpoint
delete-instance-event-window | delete-internet-gateway
delete-ipam | delete-ipam-external-resource-verification-token
delete-ipam-pool | delete-ipam-resource-discovery
delete-ipam-scope | delete-key-pair
delete-launch-template | delete-launch-template-versions
delete-local-gateway-route | delete-local-gateway-route-table
delete-local-gateway-route-table-virtual-interface-group-association | delete-local-gateway-route-table-vpc-association
delete-managed-prefix-list | delete-nat-gateway
delete-network-acl | delete-network-acl-entry
delete-network-insights-access-scope | delete-network-insights-access-scope-analysis
delete-network-insights-analysis | delete-network-insights-path
delete-network-interface | delete-network-interface-permission
delete-placement-group | delete-public-ipv4-pool
delete-queued-reserved-instances | delete-route
delete-route-server | delete-route-server-endpoint
delete-route-server-peer | delete-route-table
delete-security-group | delete-snapshot
delete-spot-datafeed-subscription | delete-subnet
delete-subnet-cidr-reservation | delete-tags
delete-traffic-mirror-filter | delete-traffic-mirror-filter-rule
delete-traffic-mirror-session | delete-traffic-mirror-target
delete-transit-gateway | delete-transit-gateway-connect
delete-transit-gateway-connect-peer | delete-transit-gateway-multicast-domain
delete-transit-gateway-peering-attachment | delete-transit-gateway-policy-table
delete-transit-gateway-prefix-list-reference | delete-transit-gateway-route
delete-transit-gateway-route-table | delete-transit-gateway-route-table-announcement
delete-transit-gateway-vpc-attachment | delete-verified-access-endpoint
delete-verified-access-group | delete-verified-access-instance
delete-verified-access-trust-provider | delete-volume
delete-vpc | delete-vpc-block-public-access-exclusion
delete-vpc-endpoint-connection-notifications | delete-vpc-endpoint-service-configurations
delete-vpc-endpoints | delete-vpc-peering-connection
delete-vpn-connection | delete-vpn-connection-route
delete-vpn-gateway | deprovision-byoip-cidr
deprovision-ipam-byoasn | deprovision-ipam-pool-cidr
deprovision-public-ipv4-pool-cidr | deregister-image
deregister-instance-event-notification-attributes | deregister-transit-gateway-multicast-group-members
deregister-transit-gateway-multicast-group-sources | describe-account-attributes
describe-address-transfers | describe-addresses
describe-addresses-attribute | describe-aggregate-id-format
describe-availability-zones | describe-aws-network-performance-metric-subscriptions
describe-bundle-tasks | describe-byoip-cidrs
describe-capacity-block-extension-history | describe-capacity-block-extension-offerings
describe-capacity-block-offerings | describe-capacity-reservation-billing-requests
describe-capacity-reservation-fleets | describe-capacity-reservations
describe-carrier-gateways | describe-classic-link-instances
describe-client-vpn-authorization-rules | describe-client-vpn-connections
describe-client-vpn-endpoints | describe-client-vpn-routes
describe-client-vpn-target-networks | describe-coip-pools
describe-conversion-tasks | describe-customer-gateways
describe-declarative-policies-reports | describe-dhcp-options
describe-egress-only-internet-gateways | describe-elastic-gpus
describe-export-image-tasks | describe-export-tasks
describe-fast-launch-images | describe-fast-snapshot-restores
describe-fleet-history | describe-fleet-instances
describe-fleets | describe-flow-logs
describe-fpga-image-attribute | describe-fpga-images
describe-host-reservation-offerings | describe-host-reservations
describe-hosts | describe-iam-instance-profile-associations
describe-id-format | describe-identity-id-format
describe-image-attribute | describe-images
describe-import-image-tasks | describe-import-snapshot-tasks
describe-instance-attribute | describe-instance-connect-endpoints
describe-instance-credit-specifications | describe-instance-event-notification-attributes
describe-instance-event-windows | describe-instance-image-metadata
describe-instance-status | describe-instance-topology
describe-instance-type-offerings | describe-instance-types
describe-instances | describe-internet-gateways
describe-ipam-byoasn | describe-ipam-external-resource-verification-tokens
describe-ipam-pools | describe-ipam-resource-discoveries
describe-ipam-resource-discovery-associations | describe-ipam-scopes
describe-ipams | describe-ipv6-pools
describe-key-pairs | describe-launch-template-versions
describe-launch-templates | describe-local-gateway-route-table-virtual-interface-group-associations
describe-local-gateway-route-table-vpc-associations | describe-local-gateway-route-tables
describe-local-gateway-virtual-interface-groups | describe-local-gateway-virtual-interfaces
describe-local-gateways | describe-locked-snapshots
describe-mac-hosts | describe-managed-prefix-lists
describe-moving-addresses | describe-nat-gateways
describe-network-acls | describe-network-insights-access-scope-analyses
describe-network-insights-access-scopes | describe-network-insights-analyses
describe-network-insights-paths | describe-network-interface-attribute
describe-network-interface-permissions | describe-network-interfaces
describe-placement-groups | describe-prefix-lists
describe-principal-id-format | describe-public-ipv4-pools
describe-regions | describe-replace-root-volume-tasks
describe-reserved-instances | describe-reserved-instances-listings
describe-reserved-instances-modifications | describe-reserved-instances-offerings
describe-route-server-endpoints | describe-route-server-peers
describe-route-servers | describe-route-tables
describe-scheduled-instance-availability | describe-scheduled-instances
describe-security-group-references | describe-security-group-rules
describe-security-group-vpc-associations | describe-security-groups
describe-snapshot-attribute | describe-snapshot-tier-status
describe-snapshots | describe-spot-datafeed-subscription
describe-spot-fleet-instances | describe-spot-fleet-request-history
describe-spot-fleet-requests | describe-spot-instance-requests
describe-spot-price-history | describe-stale-security-groups
describe-store-image-tasks | describe-subnets
describe-tags | describe-traffic-mirror-filter-rules
describe-traffic-mirror-filters | describe-traffic-mirror-sessions
describe-traffic-mirror-targets | describe-transit-gateway-attachments
describe-transit-gateway-connect-peers | describe-transit-gateway-connects
describe-transit-gateway-multicast-domains | describe-transit-gateway-peering-attachments
describe-transit-gateway-policy-tables | describe-transit-gateway-route-table-announcements
describe-transit-gateway-route-tables | describe-transit-gateway-vpc-attachments
describe-transit-gateways | describe-trunk-interface-associations
describe-verified-access-endpoints | describe-verified-access-groups
describe-verified-access-instance-logging-configurations | describe-verified-access-instances
describe-verified-access-trust-providers | describe-volume-attribute
describe-volume-status | describe-volumes
describe-volumes-modifications | describe-vpc-attribute
describe-vpc-block-public-access-exclusions | describe-vpc-block-public-access-options
describe-vpc-classic-link | describe-vpc-classic-link-dns-support
describe-vpc-endpoint-associations | describe-vpc-endpoint-connection-notifications
describe-vpc-endpoint-connections | describe-vpc-endpoint-service-configurations
describe-vpc-endpoint-service-permissions | describe-vpc-endpoint-services
describe-vpc-endpoints | describe-vpc-peering-connections
describe-vpcs | describe-vpn-connections
describe-vpn-gateways | detach-classic-link-vpc
detach-internet-gateway | detach-network-interface
detach-verified-access-trust-provider | detach-volume
detach-vpn-gateway | disable-address-transfer
disable-allowed-images-settings | disable-aws-network-performance-metric-subscription
disable-ebs-encryption-by-default | disable-fast-launch
disable-fast-snapshot-restores | disable-image
disable-image-block-public-access | disable-image-deprecation
disable-image-deregistration-protection | disable-ipam-organization-admin-account
disable-route-server-propagation | disable-serial-console-access
disable-snapshot-block-public-access | disable-transit-gateway-route-table-propagation
disable-vgw-route-propagation | disable-vpc-classic-link
disable-vpc-classic-link-dns-support | disassociate-address
disassociate-capacity-reservation-billing-owner | disassociate-client-vpn-target-network
disassociate-enclave-certificate-iam-role | disassociate-iam-instance-profile
disassociate-instance-event-window | disassociate-ipam-byoasn
disassociate-ipam-resource-discovery | disassociate-nat-gateway-address
disassociate-route-server | disassociate-route-table
disassociate-security-group-vpc | disassociate-subnet-cidr-block
disassociate-transit-gateway-multicast-domain | disassociate-transit-gateway-policy-table
disassociate-transit-gateway-route-table | disassociate-trunk-interface
disassociate-vpc-cidr-block | enable-address-transfer
enable-allowed-images-settings | enable-aws-network-performance-metric-subscription
enable-ebs-encryption-by-default | enable-fast-launch
enable-fast-snapshot-restores | enable-image
enable-image-block-public-access | enable-image-deprecation
enable-image-deregistration-protection | enable-ipam-organization-admin-account
enable-reachability-analyzer-organization-sharing | enable-route-server-propagation
enable-serial-console-access | enable-snapshot-block-public-access
enable-transit-gateway-route-table-propagation | enable-vgw-route-propagation
enable-volume-io | enable-vpc-classic-link
enable-vpc-classic-link-dns-support | export-client-vpn-client-certificate-revocation-list
export-client-vpn-client-configuration | export-image
export-transit-gateway-routes | export-verified-access-instance-client-configuration
get-allowed-images-settings | get-associated-enclave-certificate-iam-roles
get-associated-ipv6-pool-cidrs | get-aws-network-performance-data
get-capacity-reservation-usage | get-coip-pool-usage
get-console-output | get-console-screenshot
get-declarative-policies-report-summary | get-default-credit-specification
get-ebs-default-kms-key-id | get-ebs-encryption-by-default
get-flow-logs-integration-template | get-groups-for-capacity-reservation
get-host-reservation-purchase-preview | get-image-block-public-access-state
get-instance-metadata-defaults | get-instance-tpm-ek-pub
get-instance-types-from-instance-requirements | get-instance-uefi-data
get-ipam-address-history | get-ipam-discovered-accounts
get-ipam-discovered-public-addresses | get-ipam-discovered-resource-cidrs
get-ipam-pool-allocations | get-ipam-pool-cidrs
get-ipam-resource-cidrs | get-launch-template-data
get-managed-prefix-list-associations | get-managed-prefix-list-entries
get-network-insights-access-scope-analysis-findings | get-network-insights-access-scope-content
get-password-data | get-reserved-instances-exchange-quote
get-route-server-associations | get-route-server-propagations
get-route-server-routing-database | get-security-groups-for-vpc
get-serial-console-access-status | get-snapshot-block-public-access-state
get-spot-placement-scores | get-subnet-cidr-reservations
get-transit-gateway-attachment-propagations | get-transit-gateway-multicast-domain-associations
get-transit-gateway-policy-table-associations | get-transit-gateway-policy-table-entries
get-transit-gateway-prefix-list-references | get-transit-gateway-route-table-associations
get-transit-gateway-route-table-propagations | get-verified-access-endpoint-policy
get-verified-access-endpoint-targets | get-verified-access-group-policy
get-vpn-connection-device-sample-configuration | get-vpn-connection-device-types
get-vpn-tunnel-replacement-status | import-client-vpn-client-certificate-revocation-list
import-image | import-key-pair
import-snapshot | list-images-in-recycle-bin
list-snapshots-in-recycle-bin | lock-snapshot
modify-address-attribute | modify-availability-zone-group
modify-capacity-reservation | modify-capacity-reservation-fleet
modify-client-vpn-endpoint | modify-default-credit-specification
modify-ebs-default-kms-key-id | modify-fleet
modify-fpga-image-attribute | modify-hosts
modify-id-format | modify-identity-id-format
modify-image-attribute | modify-instance-attribute
modify-instance-capacity-reservation-attributes | modify-instance-cpu-options
modify-instance-credit-specification | modify-instance-event-start-time
modify-instance-event-window | modify-instance-maintenance-options
modify-instance-metadata-defaults | modify-instance-metadata-options
modify-instance-network-performance-options | modify-instance-placement
modify-ipam | modify-ipam-pool
modify-ipam-resource-cidr | modify-ipam-resource-discovery
modify-ipam-scope | modify-launch-template
modify-local-gateway-route | modify-managed-prefix-list
modify-network-interface-attribute | modify-private-dns-name-options
modify-reserved-instances | modify-route-server
modify-security-group-rules | modify-snapshot-attribute
modify-snapshot-tier | modify-spot-fleet-request
modify-subnet-attribute | modify-traffic-mirror-filter-network-services
modify-traffic-mirror-filter-rule | modify-traffic-mirror-session
modify-transit-gateway | modify-transit-gateway-prefix-list-reference
modify-transit-gateway-vpc-attachment | modify-verified-access-endpoint
modify-verified-access-endpoint-policy | modify-verified-access-group
modify-verified-access-group-policy | modify-verified-access-instance
modify-verified-access-instance-logging-configuration | modify-verified-access-trust-provider
modify-volume | modify-volume-attribute
modify-vpc-attribute | modify-vpc-block-public-access-exclusion
modify-vpc-block-public-access-options | modify-vpc-endpoint
modify-vpc-endpoint-connection-notification | modify-vpc-endpoint-service-configuration
modify-vpc-endpoint-service-payer-responsibility | modify-vpc-endpoint-service-permissions
modify-vpc-peering-connection-options | modify-vpc-tenancy
modify-vpn-connection | modify-vpn-connection-options
modify-vpn-tunnel-certificate | modify-vpn-tunnel-options
monitor-instances | move-address-to-vpc
move-byoip-cidr-to-ipam | move-capacity-reservation-instances
provision-byoip-cidr | provision-ipam-byoasn
provision-ipam-pool-cidr | provision-public-ipv4-pool-cidr
purchase-capacity-block | purchase-capacity-block-extension
purchase-host-reservation | purchase-reserved-instances-offering
purchase-scheduled-instances | reboot-instances
register-image | register-instance-event-notification-attributes
register-transit-gateway-multicast-group-members | register-transit-gateway-multicast-group-sources
reject-capacity-reservation-billing-ownership | reject-transit-gateway-multicast-domain-associations
reject-transit-gateway-peering-attachment | reject-transit-gateway-vpc-attachment
reject-vpc-endpoint-connections | reject-vpc-peering-connection
release-address | release-hosts
release-ipam-pool-allocation | replace-iam-instance-profile-association
replace-image-criteria-in-allowed-images-settings | replace-network-acl-association
replace-network-acl-entry | replace-route
replace-route-table-association | replace-transit-gateway-route
replace-vpn-tunnel | report-instance-status
request-spot-fleet | request-spot-instances
reset-address-attribute | reset-ebs-default-kms-key-id
reset-fpga-image-attribute | reset-image-attribute
reset-instance-attribute | reset-network-interface-attribute
reset-snapshot-attribute | restore-address-to-classic
restore-image-from-recycle-bin | restore-managed-prefix-list-version
restore-snapshot-from-recycle-bin | restore-snapshot-tier
revoke-client-vpn-ingress | revoke-security-group-egress
revoke-security-group-ingress | run-instances
run-scheduled-instances | search-local-gateway-routes
search-transit-gateway-multicast-groups | search-transit-gateway-routes
send-diagnostic-interrupt | start-declarative-policies-report
start-instances | start-network-insights-access-scope-analysis
start-network-insights-analysis | start-vpc-endpoint-service-private-dns-verification
stop-instances | terminate-client-vpn-connections
terminate-instances | unassign-ipv6-addresses
unassign-private-ip-addresses | unassign-private-nat-gateway-address
unlock-snapshot | unmonitor-instances
update-security-group-rule-descriptions-egress | update-security-group-rule-descriptions-ingress
withdraw-byoip-cidr | wait
help
bob@iac-server ~/terraform via 💠default ✖ aws ec2 describe-vpcs --filters "Name=tag:Name,Values=devops-vpc"
{
"Vpcs": [
{
"OwnerId": "000000000000",
"InstanceTenancy": "default",
"Ipv6CidrBlockAssociationSet": [],
"CidrBlockAssociationSet": [
{
"AssociationId": "vpc-cidr-assoc-d80a31d4fb79ebd63",
"CidrBlock": "10.0.0.0/16",
"CidrBlockState": {
"State": "associated"
}
}
],
"IsDefault": false,
"Tags": [
{
"Key": "Name",
"Value": "devops-vpc"
}
],
"VpcId": "vpc-b51761788020b0253",
"State": "available",
"CidrBlock": "10.0.0.0/16",
"DhcpOptionsId": "default"
}
]
}
bob@iac-server ~/terraform via 💠default ➜
Task: Create VPC with CIDR Using Terraform
Date: 15 May 2025
The Nautilus DevOps team is strategically planning the migration of a portion of their infrastructure to the AWS cloud. Acknowledging the magnitude of this endeavor, they have chosen to tackle the migration incrementally rather than as a single, massive transition. Their approach involves creating Virtual Private Clouds (VPCs) as the initial step, as they will be provisioning various services under different VPCs.
1> Create a VPC named xfusion-vpc in us-east-1 region with 192.168.0.0/24 IPv4 CIDR using terraform.
The Terraform working directory is /home/bob/terraform. Create the main.tf file (do not create a different .tf file) to accomplish this task.
Solution:
bob@iac-server ~/terraform via 💠default ➜ pwd
/home/bob/terraform
bob@iac-server ~/terraform via 💠default ➜ cat main.tf
resource "aws_vpc" "xfusion-vpc" {
cidr_block = "192.168.0.0/24" # Replace this with your desired IPv4 CIDR block
enable_dns_support = true
enable_dns_hostnames = true
tags = {
Name = "xfusion-vpc"
}
}
bob@iac-server ~/terraform via 💠default ➜ terraform init
Initializing the backend...
Initializing provider plugins...
- Finding hashicorp/aws versions matching "5.91.0"...
- Installing hashicorp/aws v5.91.0...
- Installed hashicorp/aws v5.91.0 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
bob@iac-server ~/terraform via 💠default ➜ terraform validate
Success! The configuration is valid.
bob@iac-server ~/terraform via 💠default ➜ terraform plan
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_vpc.xfusion-vpc will be created
+ resource "aws_vpc" "xfusion-vpc" {
+ arn = (known after apply)
+ cidr_block = "192.168.0.0/24"
+ default_network_acl_id = (known after apply)
+ default_route_table_id = (known after apply)
+ default_security_group_id = (known after apply)
+ dhcp_options_id = (known after apply)
+ enable_dns_hostnames = true
+ enable_dns_support = true
+ enable_network_address_usage_metrics = (known after apply)
+ id = (known after apply)
+ instance_tenancy = "default"
+ ipv6_association_id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ ipv6_cidr_block_network_border_group = (known after apply)
+ main_route_table_id = (known after apply)
+ owner_id = (known after apply)
+ tags = {
+ "Name" = "xfusion-vpc"
}
+ tags_all = {
+ "Name" = "xfusion-vpc"
}
}
Plan: 1 to add, 0 to change, 0 to destroy.
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply"
now.
bob@iac-server ~/terraform via 💠default ➜ terraform apply
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_vpc.xfusion-vpc will be created
+ resource "aws_vpc" "xfusion-vpc" {
+ arn = (known after apply)
+ cidr_block = "192.168.0.0/24"
+ default_network_acl_id = (known after apply)
+ default_route_table_id = (known after apply)
+ default_security_group_id = (known after apply)
+ dhcp_options_id = (known after apply)
+ enable_dns_hostnames = true
+ enable_dns_support = true
+ enable_network_address_usage_metrics = (known after apply)
+ id = (known after apply)
+ instance_tenancy = "default"
+ ipv6_association_id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ ipv6_cidr_block_network_border_group = (known after apply)
+ main_route_table_id = (known after apply)
+ owner_id = (known after apply)
+ tags = {
+ "Name" = "xfusion-vpc"
}
+ tags_all = {
+ "Name" = "xfusion-vpc"
}
}
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
aws_vpc.xfusion-vpc: Creating...
aws_vpc.xfusion-vpc: Still creating... [10s elapsed]
aws_vpc.xfusion-vpc: Creation complete after 12s [id=vpc-1cba1058cbd1b201a]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
bob@iac-server ~/terraform via 💠default ➜ aws ec2 describe-vpcs --filters "Name=tag:Name,Values=xfusion-vpc"
{
"Vpcs": [
{
"OwnerId": "000000000000",
"InstanceTenancy": "default",
"Ipv6CidrBlockAssociationSet": [],
"CidrBlockAssociationSet": [
{
"AssociationId": "vpc-cidr-assoc-99209b471c4295983",
"CidrBlock": "192.168.0.0/24",
"CidrBlockState": {
"State": "associated"
}
}
],
"IsDefault": false,
"Tags": [
{
"Key": "Name",
"Value": "xfusion-vpc"
}
],
"VpcId": "vpc-1cba1058cbd1b201a",
"State": "available",
"CidrBlock": "192.168.0.0/24",
"DhcpOptionsId": "default"
}
]
}
bob@iac-server ~/terraform via 💠default ➜
Task: Create VPC with IPv6 Using Terraform
Date: 21May2025
The Nautilus DevOps team is strategically planning the migration of a portion of their infrastructure to the AWS cloud. Acknowledging the magnitude of this endeavor, they have chosen to tackle the migration incrementally rather than as a single, massive transition. Their approach involves creating Virtual Private Clouds (VPCs) as the initial step, as they will be provisioning various services under different VPCs.
For this task, create a VPC named xfusion-vpc in the us-east-1 region with the Amazon-provided IPv6 CIDR block using terraform.
The Terraform working directory is /home/bob/terraform. Create the main.tf file (do not create a different .tf file) to accomplish this task.
Solution
bob@iac-server ~/terraform via 💠default ➜ pwd
/home/bob/terraform
bob@iac-server ~/terraform via 💠default ➜ cat main.tf
resource "aws_vpc" "xfusion_vpc" {
cidr_block = "10.0.0.0/16" # Specify an IPv4 CIDR block
assign_generated_ipv6_cidr_block = true # Enable Amazon-provided IPv6 CIDR block
enable_dns_support = true
enable_dns_hostnames = true
tags = {
Name = "xfusion-vpc"
}
}
bob@iac-server ~/terraform via 💠default ➜ terraform init
Initializing the backend...
Initializing provider plugins...
- Finding hashicorp/aws versions matching "5.91.0"...
- Installing hashicorp/aws v5.91.0...
- Installed hashicorp/aws v5.91.0 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
bob@iac-server ~/terraform via 💠default ➜ terraform validate
Success! The configuration is valid.
bob@iac-server ~/terraform via 💠default ➜ terraform plan
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_vpc.xfusion_vpc will be created
+ resource "aws_vpc" "xfusion_vpc" {
+ arn = (known after apply)
+ assign_generated_ipv6_cidr_block = true
+ cidr_block = "10.0.0.0/16"
+ default_network_acl_id = (known after apply)
+ default_route_table_id = (known after apply)
+ default_security_group_id = (known after apply)
+ dhcp_options_id = (known after apply)
+ enable_dns_hostnames = true
+ enable_dns_support = true
+ enable_network_address_usage_metrics = (known after apply)
+ id = (known after apply)
+ instance_tenancy = "default"
+ ipv6_association_id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ ipv6_cidr_block_network_border_group = (known after apply)
+ main_route_table_id = (known after apply)
+ owner_id = (known after apply)
+ tags = {
+ "Name" = "xfusion-vpc"
}
+ tags_all = {
+ "Name" = "xfusion-vpc"
}
}
Plan: 1 to add, 0 to change, 0 to destroy.
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply"
now.
bob@iac-server ~/terraform via 💠default ➜ terraform apply
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_vpc.xfusion_vpc will be created
+ resource "aws_vpc" "xfusion_vpc" {
+ arn = (known after apply)
+ assign_generated_ipv6_cidr_block = true
+ cidr_block = "10.0.0.0/16"
+ default_network_acl_id = (known after apply)
+ default_route_table_id = (known after apply)
+ default_security_group_id = (known after apply)
+ dhcp_options_id = (known after apply)
+ enable_dns_hostnames = true
+ enable_dns_support = true
+ enable_network_address_usage_metrics = (known after apply)
+ id = (known after apply)
+ instance_tenancy = "default"
+ ipv6_association_id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ ipv6_cidr_block_network_border_group = (known after apply)
+ main_route_table_id = (known after apply)
+ owner_id = (known after apply)
+ tags = {
+ "Name" = "xfusion-vpc"
}
+ tags_all = {
+ "Name" = "xfusion-vpc"
}
}
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
aws_vpc.xfusion_vpc: Creating...
aws_vpc.xfusion_vpc: Still creating... [10s elapsed]
aws_vpc.xfusion_vpc: Still creating... [20s elapsed]
aws_vpc.xfusion_vpc: Creation complete after 22s [id=vpc-cadb04adb05820e1a]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
bob@iac-server ~/terraform via 💠default ➜ aws ec2 describe-vpcs --filter "Name=tag:Name,Values=xfusion-vpc"
{
"Vpcs": [
{
"OwnerId": "000000000000",
"InstanceTenancy": "default",
"Ipv6CidrBlockAssociationSet": [
{
"AssociationId": "vpc-cidr-assoc-5e6fc4cb62345293a",
"Ipv6CidrBlock": "2400:6500:8d70:a200::/56",
"Ipv6CidrBlockState": {
"State": "associated"
},
"NetworkBorderGroup": "us-east-1",
"Ipv6Pool": "Amazon"
}
],
"CidrBlockAssociationSet": [
{
"AssociationId": "vpc-cidr-assoc-055fe1f7cc875d20d",
"CidrBlock": "10.0.0.0/16",
"CidrBlockState": {
"State": "associated"
}
}
],
"IsDefault": false,
"Tags": [
{
"Key": "Name",
"Value": "xfusion-vpc"
}
],
"VpcId": "vpc-cadb04adb05820e1a",
"State": "available",
"CidrBlock": "10.0.0.0/16",
"DhcpOptionsId": "default"
}
]
}
bob@iac-server ~/terraform via 💠default ➜
Task: Create Elastic IP Using Terraform
Date: 22May2025
The Nautilus DevOps team is strategizing the migration of a portion of their infrastructure to the AWS cloud. Recognizing the scale of this undertaking, they have opted to approach the migration in incremental steps rather than as a single massive transition. To achieve this, they have segmented large tasks into smaller, more manageable units. This granular approach enables the team to execute the migration in gradual phases, ensuring smoother implementation and minimizing disruption to ongoing operations. By breaking down the migration into smaller tasks, the Nautilus DevOps team can systematically progress through each stage, allowing for better control, risk mitigation, and optimization of resources throughout the migration process.
For this task, allocate an Elastic IP address named nautilus-eip using Terraform.
The Terraform working directory is /home/bob/terraform. Create the main.tf file (do not create a different .tf file) to accomplish this task.
Solution
bob@iac-server ~/terraform via 💠default ➜ pwd
/home/bob/terraform
bob@iac-server ~/terraform via 💠default ➜ cat main.tf
resource "aws_eip" "nautilus_eip" {
tags = {
Name = "nautilus-eip"
}
}
bob@iac-server ~/terraform via 💠default ➜ terraform init
Initializing the backend...
Initializing provider plugins...
- Finding hashicorp/aws versions matching "5.91.0"...
- Installing hashicorp/aws v5.91.0...
- Installed hashicorp/aws v5.91.0 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
bob@iac-server ~/terraform via 💠default ➜ terraform validate
Success! The configuration is valid.
bob@iac-server ~/terraform via 💠default ➜ terraform plan
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_eip.nautilus_eip will be created
+ resource "aws_eip" "nautilus_eip" {
+ allocation_id = (known after apply)
+ arn = (known after apply)
+ association_id = (known after apply)
+ carrier_ip = (known after apply)
+ customer_owned_ip = (known after apply)
+ domain = (known after apply)
+ id = (known after apply)
+ instance = (known after apply)
+ ipam_pool_id = (known after apply)
+ network_border_group = (known after apply)
+ network_interface = (known after apply)
+ private_dns = (known after apply)
+ private_ip = (known after apply)
+ ptr_record = (known after apply)
+ public_dns = (known after apply)
+ public_ip = (known after apply)
+ public_ipv4_pool = (known after apply)
+ tags = {
+ "Name" = "nautilus-eip"
}
+ tags_all = {
+ "Name" = "nautilus-eip"
}
+ vpc = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply"
now.
bob@iac-server ~/terraform via 💠default ➜ terraform apply
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_eip.nautilus_eip will be created
+ resource "aws_eip" "nautilus_eip" {
+ allocation_id = (known after apply)
+ arn = (known after apply)
+ association_id = (known after apply)
+ carrier_ip = (known after apply)
+ customer_owned_ip = (known after apply)
+ domain = (known after apply)
+ id = (known after apply)
+ instance = (known after apply)
+ ipam_pool_id = (known after apply)
+ network_border_group = (known after apply)
+ network_interface = (known after apply)
+ private_dns = (known after apply)
+ private_ip = (known after apply)
+ ptr_record = (known after apply)
+ public_dns = (known after apply)
+ public_ip = (known after apply)
+ public_ipv4_pool = (known after apply)
+ tags = {
+ "Name" = "nautilus-eip"
}
+ tags_all = {
+ "Name" = "nautilus-eip"
}
+ vpc = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
aws_eip.nautilus_eip: Creating...
aws_eip.nautilus_eip: Creation complete after 2s [id=eipalloc-4d64dcf5d16c14e67]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
bob@iac-server ~/terraform via 💠default ➜ aws ec2 describe-addresses --filters "Name=tag:Name,Values=nautilus-eip"
{
"Addresses": [
{
"AllocationId": "eipalloc-4d64dcf5d16c14e67",
"Domain": "vpc",
"NetworkInterfaceId": "",
"Tags": [
{
"Key": "Name",
"Value": "nautilus-eip"
}
],
"InstanceId": "",
"PublicIp": "127.122.160.174"
}
]
}
bob@iac-server ~/terraform via 💠default ➜
Task: Create EC2 Instance Using Terraform
Date: 29May2025
The Nautilus DevOps team is strategizing the migration of a portion of their infrastructure to the AWS cloud. Recognizing the scale of this undertaking, they have opted to approach the migration in incremental steps rather than as a single massive transition. To achieve this, they have segmented large tasks into smaller, more manageable units.
For this task, create an EC2 instance using Terraform with the following requirements:
1. The name of the instance must be nautilus-ec2.
2. Use the Amazon Linux ami-0c101f26f147fa7fd to launch this instance.
3. The Instance type must be t2.micro.
4. Create a new RSA key named nautilus-kp.
5. Attach the default (available by default) security group.
bob@iac-server ~/terraform via 💠default ➜ pwd
/home/bob/terraform
bob@iac-server ~/terraform via 💠default ➜ cat main.tf
# Create a new RSA key pair
resource "tls_private_key" "nautilus_private_key" {
algorithm = "RSA"
rsa_bits = 2048
}
resource "aws_key_pair" "nautilus_kp" {
key_name = "nautilus-kp"
public_key = tls_private_key.nautilus_private_key.public_key_openssh
}
# Fetch the default VPC and security group
data "aws_vpc" "default" {
default = true
}
data "aws_security_group" "default" {
vpc_id = data.aws_vpc.default.id
name = "default"
}
# Create the EC2 instance
resource "aws_instance" "nautilus_ec2" {
ami = "ami-0c101f26f147fa7fd" # Amazon Linux AMI
instance_type = "t2.micro"
key_name = aws_key_pair.nautilus_kp.key_name
security_groups = [data.aws_security_group.default.name]
tags = {
Name = "nautilus-ec2"
}
}
# Output the private key
output "private_key_pem" {
value = tls_private_key.nautilus_private_key.private_key_pem
sensitive = true
}
bob@iac-server ~/terraform via 💠default ➜ terraform init
Initializing the backend...
Initializing provider plugins...
- Finding hashicorp/aws versions matching "5.91.0"...
- Finding latest version of hashicorp/tls...
- Installing hashicorp/tls v4.1.0...
- Installed hashicorp/tls v4.1.0 (signed by HashiCorp)
- Installing hashicorp/aws v5.91.0...
- Installed hashicorp/aws v5.91.0 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
bob@iac-server ~/terraform via 💠default ➜ terraform validate
Success! The configuration is valid.
bob@iac-server ~/terraform via 💠default ➜ terraform plan
data.aws_vpc.default: Reading...
data.aws_vpc.default: Read complete after 1s [id=vpc-148d80bfe1c21df8d]
data.aws_security_group.default: Reading...
data.aws_security_group.default: Read complete after 0s [id=sg-1875ce1cc27de9330]
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_instance.nautilus_ec2 will be created
+ resource "aws_instance" "nautilus_ec2" {
+ ami = "ami-0c101f26f147fa7fd"
+ arn = (known after apply)
+ associate_public_ip_address = (known after apply)
+ availability_zone = (known after apply)
+ cpu_core_count = (known after apply)
+ cpu_threads_per_core = (known after apply)
+ disable_api_stop = (known after apply)
+ disable_api_termination = (known after apply)
+ ebs_optimized = (known after apply)
+ enable_primary_ipv6 = (known after apply)
+ get_password_data = false
+ host_id = (known after apply)
+ host_resource_group_arn = (known after apply)
+ iam_instance_profile = (known after apply)
+ id = (known after apply)
+ instance_initiated_shutdown_behavior = (known after apply)
+ instance_lifecycle = (known after apply)
+ instance_state = (known after apply)
+ instance_type = "t2.micro"
+ ipv6_address_count = (known after apply)
+ ipv6_addresses = (known after apply)
+ key_name = "nautilus-kp"
+ monitoring = (known after apply)
+ outpost_arn = (known after apply)
+ password_data = (known after apply)
+ placement_group = (known after apply)
+ placement_partition_number = (known after apply)
+ primary_network_interface_id = (known after apply)
+ private_dns = (known after apply)
+ private_ip = (known after apply)
+ public_dns = (known after apply)
+ public_ip = (known after apply)
+ secondary_private_ips = (known after apply)
+ security_groups = [
+ "default",
]
+ source_dest_check = true
+ spot_instance_request_id = (known after apply)
+ subnet_id = (known after apply)
+ tags = {
+ "Name" = "nautilus-ec2"
}
+ tags_all = {
+ "Name" = "nautilus-ec2"
}
+ tenancy = (known after apply)
+ user_data = (known after apply)
+ user_data_base64 = (known after apply)
+ user_data_replace_on_change = false
+ vpc_security_group_ids = (known after apply)
+ capacity_reservation_specification (known after apply)
+ cpu_options (known after apply)
+ ebs_block_device (known after apply)
+ enclave_options (known after apply)
+ ephemeral_block_device (known after apply)
+ instance_market_options (known after apply)
+ maintenance_options (known after apply)
+ metadata_options (known after apply)
+ network_interface (known after apply)
+ private_dns_name_options (known after apply)
+ root_block_device (known after apply)
}
# aws_key_pair.nautilus_kp will be created
+ resource "aws_key_pair" "nautilus_kp" {
+ arn = (known after apply)
+ fingerprint = (known after apply)
+ id = (known after apply)
+ key_name = "nautilus-kp"
+ key_name_prefix = (known after apply)
+ key_pair_id = (known after apply)
+ key_type = (known after apply)
+ public_key = (known after apply)
+ tags_all = (known after apply)
}
# tls_private_key.nautilus_private_key will be created
+ resource "tls_private_key" "nautilus_private_key" {
+ algorithm = "RSA"
+ ecdsa_curve = "P224"
+ id = (known after apply)
+ private_key_openssh = (sensitive value)
+ private_key_pem = (sensitive value)
+ private_key_pem_pkcs8 = (sensitive value)
+ public_key_fingerprint_md5 = (known after apply)
+ public_key_fingerprint_sha256 = (known after apply)
+ public_key_openssh = (known after apply)
+ public_key_pem = (known after apply)
+ rsa_bits = 2048
}
Plan: 3 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ private_key_pem = (sensitive value)
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply"
now.
bob@iac-server ~/terraform via 💠default ➜ terraform apply
data.aws_vpc.default: Reading...
data.aws_vpc.default: Read complete after 0s [id=vpc-148d80bfe1c21df8d]
data.aws_security_group.default: Reading...
data.aws_security_group.default: Read complete after 0s [id=sg-1875ce1cc27de9330]
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_instance.nautilus_ec2 will be created
+ resource "aws_instance" "nautilus_ec2" {
+ ami = "ami-0c101f26f147fa7fd"
+ arn = (known after apply)
+ associate_public_ip_address = (known after apply)
+ availability_zone = (known after apply)
+ cpu_core_count = (known after apply)
+ cpu_threads_per_core = (known after apply)
+ disable_api_stop = (known after apply)
+ disable_api_termination = (known after apply)
+ ebs_optimized = (known after apply)
+ enable_primary_ipv6 = (known after apply)
+ get_password_data = false
+ host_id = (known after apply)
+ host_resource_group_arn = (known after apply)
+ iam_instance_profile = (known after apply)
+ id = (known after apply)
+ instance_initiated_shutdown_behavior = (known after apply)
+ instance_lifecycle = (known after apply)
+ instance_state = (known after apply)
+ instance_type = "t2.micro"
+ ipv6_address_count = (known after apply)
+ ipv6_addresses = (known after apply)
+ key_name = "nautilus-kp"
+ monitoring = (known after apply)
+ outpost_arn = (known after apply)
+ password_data = (known after apply)
+ placement_group = (known after apply)
+ placement_partition_number = (known after apply)
+ primary_network_interface_id = (known after apply)
+ private_dns = (known after apply)
+ private_ip = (known after apply)
+ public_dns = (known after apply)
+ public_ip = (known after apply)
+ secondary_private_ips = (known after apply)
+ security_groups = [
+ "default",
]
+ source_dest_check = true
+ spot_instance_request_id = (known after apply)
+ subnet_id = (known after apply)
+ tags = {
+ "Name" = "nautilus-ec2"
}
+ tags_all = {
+ "Name" = "nautilus-ec2"
}
+ tenancy = (known after apply)
+ user_data = (known after apply)
+ user_data_base64 = (known after apply)
+ user_data_replace_on_change = false
+ vpc_security_group_ids = (known after apply)
+ capacity_reservation_specification (known after apply)
+ cpu_options (known after apply)
+ ebs_block_device (known after apply)
+ enclave_options (known after apply)
+ ephemeral_block_device (known after apply)
+ instance_market_options (known after apply)
+ maintenance_options (known after apply)
+ metadata_options (known after apply)
+ network_interface (known after apply)
+ private_dns_name_options (known after apply)
+ root_block_device (known after apply)
}
# aws_key_pair.nautilus_kp will be created
+ resource "aws_key_pair" "nautilus_kp" {
+ arn = (known after apply)
+ fingerprint = (known after apply)
+ id = (known after apply)
+ key_name = "nautilus-kp"
+ key_name_prefix = (known after apply)
+ key_pair_id = (known after apply)
+ key_type = (known after apply)
+ public_key = (known after apply)
+ tags_all = (known after apply)
}
# tls_private_key.nautilus_private_key will be created
+ resource "tls_private_key" "nautilus_private_key" {
+ algorithm = "RSA"
+ ecdsa_curve = "P224"
+ id = (known after apply)
+ private_key_openssh = (sensitive value)
+ private_key_pem = (sensitive value)
+ private_key_pem_pkcs8 = (sensitive value)
+ public_key_fingerprint_md5 = (known after apply)
+ public_key_fingerprint_sha256 = (known after apply)
+ public_key_openssh = (known after apply)
+ public_key_pem = (known after apply)
+ rsa_bits = 2048
}
Plan: 3 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ private_key_pem = (sensitive value)
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
tls_private_key.nautilus_private_key: Creating...
tls_private_key.nautilus_private_key: Creation complete after 1s [id=d3c5168ea3d2306dbc16811aa6733b1af08a99d3]
aws_key_pair.nautilus_kp: Creating...
aws_key_pair.nautilus_kp: Creation complete after 0s [id=nautilus-kp]
aws_instance.nautilus_ec2: Creating...
aws_instance.nautilus_ec2: Still creating... [10s elapsed]
aws_instance.nautilus_ec2: Creation complete after 10s [id=i-3a748ab26261982ad]
Apply complete! Resources: 3 added, 0 changed, 0 destroyed.
Outputs:
private_key_pem = <sensitive>
bob@iac-server ~/terraform via 💠default ➜ terraform output -raw private_key_pem > /home/bob/nautilus-kp.pem
bob@iac-server ~/terraform via 💠default ➜ chmod 600 /home/bob/nautilus-kp.pem
bob@iac-server ~/terraform via 💠default ➜ aws ec2 describe-instances --filters "Name=tag:Name,Values=nautilus-ec2"
{
"Reservations": [
{
"ReservationId": "r-e59f22b427658c1b3",
"OwnerId": "000000000000",
"Groups": [],
"Instances": [
{
"Architecture": "x86_64",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"AttachTime": "2025-05-29T09:26:41Z",
"DeleteOnTermination": true,
"Status": "in-use",
"VolumeId": "vol-b803c04032d5e3c5c"
}
}
],
"ClientToken": "ABCDE0000000000003",
"EbsOptimized": false,
"Hypervisor": "xen",
"NetworkInterfaces": [
{
"Association": {
"IpOwnerId": "000000000000",
"PublicIp": "54.214.202.227"
},
"Attachment": {
"AttachTime": "2015-01-01T00:00:00Z",
"AttachmentId": "eni-attach-ecc5f86c1270233b7",
"DeleteOnTermination": true,
"DeviceIndex": 0,
"Status": "attached"
},
"Description": "Primary network interface",
"Groups": [
{
"GroupId": "sg-1875ce1cc27de9330",
"GroupName": "default"
}
],
"MacAddress": "1b:2b:3c:4d:5e:6f",
"NetworkInterfaceId": "eni-7a2fb83ffcbed1cdc",
"OwnerId": "000000000000",
"PrivateIpAddress": "10.216.183.20",
"PrivateIpAddresses": [
{
"Association": {
"IpOwnerId": "000000000000",
"PublicIp": "54.214.202.227"
},
"Primary": true,
"PrivateIpAddress": "10.216.183.20"
}
],
"SourceDestCheck": true,
"Status": "in-use",
"SubnetId": "subnet-177bc9738cfecc467",
"VpcId": "vpc-148d80bfe1c21df8d"
}
],
"RootDeviceName": "/dev/sda1",
"RootDeviceType": "ebs",
"SecurityGroups": [
{
"GroupId": "sg-1875ce1cc27de9330",
"GroupName": "default"
}
],
"SourceDestCheck": true,
"StateReason": {
"Code": "",
"Message": ""
},
"Tags": [
{
"Key": "Name",
"Value": "nautilus-ec2"
}
],
"VirtualizationType": "paravirtual",
"HibernationOptions": {
"Configured": false
},
"InstanceId": "i-3a748ab26261982ad",
"ImageId": "ami-0c101f26f147fa7fd",
"State": {
"Code": 16,
"Name": "running"
},
"PrivateDnsName": "ip-10-216-183-20.ec2.internal",
"PublicDnsName": "ec2-54-214-202-227.compute-1.amazonaws.com",
"StateTransitionReason": "",
"KeyName": "nautilus-kp",
"AmiLaunchIndex": 0,
"InstanceType": "t2.micro",
"LaunchTime": "2025-05-29T09:26:41Z",
"Placement": {
"GroupName": "",
"Tenancy": "default",
"AvailabilityZone": "us-east-1a"
},
"KernelId": "None",
"Monitoring": {
"State": "disabled"
},
"SubnetId": "subnet-177bc9738cfecc467",
"VpcId": "vpc-148d80bfe1c21df8d",
"PrivateIpAddress": "10.216.183.20",
"PublicIpAddress": "54.214.202.227"
}
]
}
]
}
bob@iac-server ~/terraform via 💠default ➜
Task: Create AMI Using Terraform
Date: 01June2025
The Nautilus DevOps team is strategizing the migration of a portion of their infrastructure to the AWS cloud. Recognizing the scale of this undertaking, they have opted to approach the migration in incremental steps rather than as a single massive transition. To achieve this, they have segmented large tasks into smaller, more manageable units. This granular approach enables the team to execute the migration in gradual phases, ensuring smoother implementation and minimizing disruption to ongoing operations. By breaking down the migration into smaller tasks, the Nautilus DevOps team can systematically progress through each stage, allowing for better control, risk mitigation, and optimization of resources throughout the migration process.
1. For this task, create an AMI from an existing EC2 instance named datacenter-ec2 using Terraform.
2. Name of the AMI should be datacenter-ec2-ami, make sure AMI is in available state.
The Terraform working directory is /home/bob/terraform. Update the main.tf file (do not create a separate .tf file) to create the AMI.
Note: Right-click under the EXPLORER section in VS Code and select Open in Integrated Terminal to launch the terminal.
Solution:
bob@iac-server ~/terraform via 💠default ➜ pwd
/home/bob/terraform
bob@iac-server ~/terraform via 💠default ➜ cat main.tf
# Provision EC2 instance
resource "aws_instance" "ec2" {
ami = "ami-0c101f26f147fa7fd"
instance_type = "t2.micro"
vpc_security_group_ids = [
"sg-bd61ebd3f73870ece"
]
tags = {
Name = "datacenter-ec2"
}
}
bob@iac-server ~/terraform via 💠default ➜ echo "After adding the code to main.tf file"
After adding the code to main.tf file
bob@iac-server ~/terraform via 💠default ➜ cat main.tf
# Provision EC2 instance
resource "aws_instance" "ec2" {
ami = "ami-0c101f26f147fa7fd"
instance_type = "t2.micro"
vpc_security_group_ids = [
"sg-bd61ebd3f73870ece"
]
tags = {
Name = "datacenter-ec2"
}
}
# Create an AMI from the EC2 instance
resource "aws_ami_from_instance" "datacenter_ami" {
source_instance_id = aws_instance.ec2.id
name = "datacenter-ec2-ami"
description = "AMI created from datacenter-ec2 instance"
tags = {
Name = "datacenter-ec2-ami"
}
}
# Output the AMI ID
output "ami_id" {
value = aws_ami_from_instance.datacenter_ami.id
}
bob@iac-server ~/terraform via 💠default ➜ terraform init
Initializing the backend...
Initializing provider plugins...
- Reusing previous version of hashicorp/aws from the dependency lock file
- Using previously-installed hashicorp/aws v5.91.0
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
bob@iac-server ~/terraform via 💠default ➜ terraform validate
Success! The configuration is valid.
bob@iac-server ~/terraform via 💠default ➜ terraform plan
aws_instance.ec2: Refreshing state... [id=i-3791371cd9d9a4d50]
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_ami_from_instance.datacenter_ami will be created
+ resource "aws_ami_from_instance" "datacenter_ami" {
+ architecture = (known after apply)
+ arn = (known after apply)
+ boot_mode = (known after apply)
+ description = "AMI created from datacenter-ec2 instance"
+ ena_support = (known after apply)
+ hypervisor = (known after apply)
+ id = (known after apply)
+ image_location = (known after apply)
+ image_owner_alias = (known after apply)
+ image_type = (known after apply)
+ imds_support = (known after apply)
+ kernel_id = (known after apply)
+ manage_ebs_snapshots = (known after apply)
+ name = "datacenter-ec2-ami"
+ owner_id = (known after apply)
+ platform = (known after apply)
+ platform_details = (known after apply)
+ public = (known after apply)
+ ramdisk_id = (known after apply)
+ root_device_name = (known after apply)
+ root_snapshot_id = (known after apply)
+ source_instance_id = "i-3791371cd9d9a4d50"
+ sriov_net_support = (known after apply)
+ tags = {
+ "Name" = "datacenter-ec2-ami"
}
+ tags_all = {
+ "Name" = "datacenter-ec2-ami"
}
+ tpm_support = (known after apply)
+ uefi_data = (known after apply)
+ usage_operation = (known after apply)
+ virtualization_type = (known after apply)
+ ebs_block_device (known after apply)
+ ephemeral_block_device (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ ami_id = (known after apply)
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply"
now.
bob@iac-server ~/terraform via 💠default ➜ terraform apply
aws_instance.ec2: Refreshing state... [id=i-3791371cd9d9a4d50]
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_ami_from_instance.datacenter_ami will be created
+ resource "aws_ami_from_instance" "datacenter_ami" {
+ architecture = (known after apply)
+ arn = (known after apply)
+ boot_mode = (known after apply)
+ description = "AMI created from datacenter-ec2 instance"
+ ena_support = (known after apply)
+ hypervisor = (known after apply)
+ id = (known after apply)
+ image_location = (known after apply)
+ image_owner_alias = (known after apply)
+ image_type = (known after apply)
+ imds_support = (known after apply)
+ kernel_id = (known after apply)
+ manage_ebs_snapshots = (known after apply)
+ name = "datacenter-ec2-ami"
+ owner_id = (known after apply)
+ platform = (known after apply)
+ platform_details = (known after apply)
+ public = (known after apply)
+ ramdisk_id = (known after apply)
+ root_device_name = (known after apply)
+ root_snapshot_id = (known after apply)
+ source_instance_id = "i-3791371cd9d9a4d50"
+ sriov_net_support = (known after apply)
+ tags = {
+ "Name" = "datacenter-ec2-ami"
}
+ tags_all = {
+ "Name" = "datacenter-ec2-ami"
}
+ tpm_support = (known after apply)
+ uefi_data = (known after apply)
+ usage_operation = (known after apply)
+ virtualization_type = (known after apply)
+ ebs_block_device (known after apply)
+ ephemeral_block_device (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ ami_id = (known after apply)
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
aws_ami_from_instance.datacenter_ami: Creating...
aws_ami_from_instance.datacenter_ami: Creation complete after 5s [id=ami-268413f50e093a447]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
Outputs:
ami_id = "ami-268413f50e093a447"
bob@iac-server ~/terraform via 💠default ➜ aws ec2 describe-images --filters "Name=name,Values=datacenter-ec2-ami"
{
"Images": [
{
"BlockDeviceMappings": [
{
"Ebs": {
"DeleteOnTermination": false,
"SnapshotId": "snap-6f596d2ded64fa12b",
"VolumeSize": 15,
"VolumeType": "standard"
},
"DeviceName": "/dev/sda1"
}
],
"Description": "AMI created from datacenter-ec2 instance",
"Hypervisor": "xen",
"ImageOwnerAlias": "amazon",
"Name": "datacenter-ec2-ami",
"RootDeviceName": "/dev/sda1",
"RootDeviceType": "standard",
"Tags": [
{
"Key": "Name",
"Value": "datacenter-ec2-ami"
}
],
"VirtualizationType": "paravirtual",
"ImageId": "ami-268413f50e093a447",
"ImageLocation": "None",
"State": "available",
"OwnerId": "000000000000",
"CreationDate": "2025-06-01T06:49:10.000Z",
"Public": false,
"Architecture": "x86_64",
"ImageType": "machine",
"KernelId": "None",
"RamdiskId": "ari-1a2b3c4d"
}
]
}
bob@iac-server ~/terraform via 💠default ➜
Task: Create EBS Volume Using Terraform
Date: 02July2025
The Nautilus DevOps team is strategizing the migration of a portion of their infrastructure to the AWS cloud. Recognizing the scale of this undertaking, they have opted to approach the migration in incremental steps rather than as a single massive transition. To achieve this, they have segmented large tasks into smaller, more manageable units. This granular approach enables the team to execute the migration in gradual phases, ensuring smoother implementation and minimizing disruption to ongoing operations. By breaking down the migration into smaller tasks, the Nautilus DevOps team can systematically progress through each stage, allowing for better control, risk mitigation, and optimization of resources throughout the migration process.
For this task, create an AWS EBS volume using Terraform with the following requirements:
1. Name of the volume should be xfusion-volume.
2. Volume type must be gp3.
3. Volume size must be 2 GiB.
4. Ensure the volume is created in us-east-1.
Solution:
bob@iac-server ~/terraform via 💠default ➜ pwd
/home/bob/terraform
bob@iac-server ~/terraform via 💠default ➜ cat main.tf
# Create an EBS volume
resource "aws_ebs_volume" "xfusion_volume" {
availability_zone = "us-east-1a" # Specify an availability zone in the region
size = 2 # Volume size in GiB
type = "gp3" # Volume type
tags = {
Name = "xfusion-volume"
}
}
# Output the Volume ID
output "volume_id" {
value = aws_ebs_volume.xfusion_volume.id
}
bob@iac-server ~/terraform via 💠default ➜ terraform init
Initializing the backend...
Initializing provider plugins...
- Finding hashicorp/aws versions matching "5.91.0"...
- Installing hashicorp/aws v5.91.0...
- Installed hashicorp/aws v5.91.0 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
bob@iac-server ~/terraform via 💠default ➜ terraform validate
Success! The configuration is valid.
bob@iac-server ~/terraform via 💠default ➜ terraform plan
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_ebs_volume.xfusion_volume will be created
+ resource "aws_ebs_volume" "xfusion_volume" {
+ arn = (known after apply)
+ availability_zone = "us-east-1a"
+ encrypted = (known after apply)
+ final_snapshot = false
+ id = (known after apply)
+ iops = (known after apply)
+ kms_key_id = (known after apply)
+ size = 2
+ snapshot_id = (known after apply)
+ tags = {
+ "Name" = "xfusion-volume"
}
+ tags_all = {
+ "Name" = "xfusion-volume"
}
+ throughput = (known after apply)
+ type = "gp3"
}
Plan: 1 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ volume_id = (known after apply)
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply"
now.
bob@iac-server ~/terraform via 💠default ➜ terraform apply
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_ebs_volume.xfusion_volume will be created
+ resource "aws_ebs_volume" "xfusion_volume" {
+ arn = (known after apply)
+ availability_zone = "us-east-1a"
+ encrypted = (known after apply)
+ final_snapshot = false
+ id = (known after apply)
+ iops = (known after apply)
+ kms_key_id = (known after apply)
+ size = 2
+ snapshot_id = (known after apply)
+ tags = {
+ "Name" = "xfusion-volume"
}
+ tags_all = {
+ "Name" = "xfusion-volume"
}
+ throughput = (known after apply)
+ type = "gp3"
}
Plan: 1 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ volume_id = (known after apply)
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
aws_ebs_volume.xfusion_volume: Creating...
aws_ebs_volume.xfusion_volume: Still creating... [10s elapsed]
aws_ebs_volume.xfusion_volume: Creation complete after 12s [id=vol-a1d396e30dd722be7]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
Outputs:
volume_id = "vol-a1d396e30dd722be7"
bob@iac-server ~/terraform via 💠default ➜ aws ec2 describe-volumes --filters "Name=tag:Name,Values=xfusion-volume"
{
"Volumes": [
{
"Iops": 3000,
"Tags": [
{
"Key": "Name",
"Value": "xfusion-volume"
}
],
"VolumeType": "gp3",
"VolumeId": "vol-a1d396e30dd722be7",
"Size": 2,
"SnapshotId": "",
"AvailabilityZone": "us-east-1a",
"State": "available",
"CreateTime": "2025-06-02T15:09:03Z",
"Attachments": [],
"Encrypted": false
}
]
}
bob@iac-server ~/terraform via 💠default ➜
Task: Create Snapshot Using Terraform
Date: 24June2025
The Nautilus DevOps team has some volumes in different regions in their AWS account. They are going to setup some automated backups so that all important data can be backed up on regular basis. For now they shared some requirements to take a snapshot of one of the volumes they have.
Create a snapshot of an existing volume named nautilus-vol in us-east-1 region using terraform.
1) The name of the snapshot must be nautilus-vol-ss.
2) The description must be Nautilus Snapshot.
3) Make sure the snapshot status is completed before submitting the task.
The Terraform working directory is /home/bob/terraform. Update the main.tf file (do not create a separate .tf file) to accomplish this task.
Solution: Before starting main.tf file
bob@iac-server ~/terraform via 💠default ➜ cat main.tf
resource "aws_ebs_volume" "k8s_volume" {
availability_zone = "us-east-1a"
size = 5
type = "gp2"
tags = {
Name = "nautilus-vol"
}
}
bob@iac-server ~/terraform via 💠default ➜ pwd
/home/bob/terraform
bob@iac-server ~/terraform via 💠default ✖ cat main.tf
resource "aws_ebs_volume" "k8s_volume" {
availability_zone = "us-east-1a"
size = 5
type = "gp2"
tags = {
Name = "nautilus-vol"
}
}
# Create a snapshot of the existing volume
resource "aws_ebs_snapshot" "nautilus_snapshot" {
volume_id = aws_ebs_volume.k8s_volume.id
description = "Nautilus Snapshot"
tags = {
Name = "nautilus-vol-ss"
}
}
# Output the Snapshot ID
output "snapshot_id" {
value = aws_ebs_snapshot.nautilus_snapshot.id
}
bob@iac-server ~/terraform via 💠default ➜ terraform init
Initializing the backend...
Initializing provider plugins...
- Reusing previous version of hashicorp/aws from the dependency lock file
- Using previously-installed hashicorp/aws v5.91.0
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
bob@iac-server ~/terraform via 💠default ➜ terraform validate
Success! The configuration is valid.
bob@iac-server ~/terraform via 💠default ➜ terraform plan
aws_ebs_volume.k8s_volume: Refreshing state... [id=vol-b4a4cb483576edeae]
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_ebs_snapshot.nautilus_snapshot will be created
+ resource "aws_ebs_snapshot" "nautilus_snapshot" {
+ arn = (known after apply)
+ data_encryption_key_id = (known after apply)
+ description = "Nautilus Snapshot"
+ encrypted = (known after apply)
+ id = (known after apply)
+ kms_key_id = (known after apply)
+ owner_alias = (known after apply)
+ owner_id = (known after apply)
+ storage_tier = (known after apply)
+ tags = {
+ "Name" = "nautilus-vol-ss"
}
+ tags_all = {
+ "Name" = "nautilus-vol-ss"
}
+ volume_id = "vol-b4a4cb483576edeae"
+ volume_size = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ snapshot_id = (known after apply)
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply"
now.
bob@iac-server ~/terraform via 💠default ➜ terraform apply
aws_ebs_volume.k8s_volume: Refreshing state... [id=vol-b4a4cb483576edeae]
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_ebs_snapshot.nautilus_snapshot will be created
+ resource "aws_ebs_snapshot" "nautilus_snapshot" {
+ arn = (known after apply)
+ data_encryption_key_id = (known after apply)
+ description = "Nautilus Snapshot"
+ encrypted = (known after apply)
+ id = (known after apply)
+ kms_key_id = (known after apply)
+ owner_alias = (known after apply)
+ owner_id = (known after apply)
+ storage_tier = (known after apply)
+ tags = {
+ "Name" = "nautilus-vol-ss"
}
+ tags_all = {
+ "Name" = "nautilus-vol-ss"
}
+ volume_id = "vol-b4a4cb483576edeae"
+ volume_size = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ snapshot_id = (known after apply)
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
aws_ebs_snapshot.nautilus_snapshot: Creating...
aws_ebs_snapshot.nautilus_snapshot: Creation complete after 0s [id=snap-66b94c6855e20884b]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
Outputs:
snapshot_id = "snap-66b94c6855e20884b"
bob@iac-server ~/terraform via 💠default ➜ aws ec2 describe-snapshots --filters "Name=tag:Name,Values=nautilus-vol-ss" --query "Snapshots[*].State"
[
"completed"
]
bob@iac-server ~/terraform via 💠default ➜
No comments:
Post a Comment