CentOS-Linux4U: Kode Kloud: Terraform

Task: Create Key Pair Using Terraform

Date: 06May2025

The Nautilus DevOps team is strategizing the migration of a portion of their infrastructure to the AWS cloud. Recognizing the scale of this undertaking, they have opted to approach the migration in incremental steps rather than as a single massive transition. To achieve this, they have segmented large tasks into smaller, more manageable units. This granular approach enables the team to execute the migration in gradual phases, ensuring smoother implementation and minimizing disruption to ongoing operations. By breaking down the migration into smaller tasks, the Nautilus DevOps team can systematically progress through each stage, allowing for better control, risk mitigation, and optimization of resources throughout the migration process.
For this task, create a key pair using Terraform with the following requirements:

Name of the key pair should be devops-kp.
Key pair type must be rsa.
The private key file should be saved under /home/bob.

The Terraform working directory is /home/bob/terraform. Create the main.tf file (do not create a different .tf file) to accomplish this task.
Note: Right-click under the EXPLORER section in VS Code and select Open in Integrated Terminal to launch the terminal.

Solution:

Create main.tf file.

# cd /home/bob/terraform

# vi main.tf

resource "tls_private_key" "nautilus_private_key" {
algorithm = "RSA"
rsa_bits = 2048
}
resource "aws_key_pair" "nautilus_kp" {
key_name = "nautilus-kp"
public_key = tls_private_key.nautilus_private_key.public_key_openssh
}
output "private_key_pem" {
value = tls_private_key.nautilus_private_key.private_key_pem
sensitive = true
}
output "key_pair_name" {
value = aws_key_pair.nautilus_kp.key_name
}
bob@iac-server ~/terraform via 💠 default ✖ terraform init
Initializing the backend...
Initializing provider plugins...
- Finding hashicorp/aws versions matching "5.91.0"...
- Finding latest version of hashicorp/tls...
- Installing hashicorp/aws v5.91.0...
- Installed hashicorp/aws v5.91.0 (signed by HashiCorp)
- Installing hashicorp/tls v4.1.0...
- Installed hashicorp/tls v4.1.0 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
bob@iac-server ~/terraform via 💠 default ➜ terraform validate
Success! The configuration is valid.

bob@iac-server ~/terraform via 💠 default ➜ terraform plan
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_key_pair.nautilus_kp will be created
+ resource "aws_key_pair" "nautilus_kp" {
+ arn = (known after apply)
+ fingerprint = (known after apply)
+ id = (known after apply)
+ key_name = "nautilus-kp"
+ key_name_prefix = (known after apply)
+ key_pair_id = (known after apply)
+ key_type = (known after apply)
+ public_key = (known after apply)
+ tags_all = (known after apply)
}
# tls_private_key.nautilus_private_key will be created
+ resource "tls_private_key" "nautilus_private_key" {
+ algorithm = "RSA"
+ ecdsa_curve = "P224"
+ id = (known after apply)
+ private_key_openssh = (sensitive value)
+ private_key_pem = (sensitive value)
+ private_key_pem_pkcs8 = (sensitive value)
+ public_key_fingerprint_md5 = (known after apply)
+ public_key_fingerprint_sha256 = (known after apply)
+ public_key_openssh = (known after apply)
+ public_key_pem = (known after apply)
+ rsa_bits = 2048
}
Plan: 2 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ key_pair_name = "nautilus-kp"
+ private_key_pem = (sensitive value)
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply"
now.
bob@iac-server ~/terraform via 💠 default ➜ terraform apply
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_key_pair.nautilus_kp will be created
+ resource "aws_key_pair" "nautilus_kp" {
+ arn = (known after apply)
+ fingerprint = (known after apply)
+ id = (known after apply)
+ key_name = "nautilus-kp"
+ key_name_prefix = (known after apply)
+ key_pair_id = (known after apply)
+ key_type = (known after apply)
+ public_key = (known after apply)
+ tags_all = (known after apply)
}
# tls_private_key.nautilus_private_key will be created
+ resource "tls_private_key" "nautilus_private_key" {
+ algorithm = "RSA"
+ ecdsa_curve = "P224"
+ id = (known after apply)
+ private_key_openssh = (sensitive value)
+ private_key_pem = (sensitive value)
+ private_key_pem_pkcs8 = (sensitive value)
+ public_key_fingerprint_md5 = (known after apply)
+ public_key_fingerprint_sha256 = (known after apply)
+ public_key_openssh = (known after apply)
+ public_key_pem = (known after apply)
+ rsa_bits = 2048
}
Plan: 2 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ key_pair_name = "nautilus-kp"
+ private_key_pem = (sensitive value)
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
tls_private_key.nautilus_private_key: Creating...
tls_private_key.nautilus_private_key: Creation complete after 0s [id=1aaa475d1581e8114fd44282e84ef1d6e11768f5]
aws_key_pair.nautilus_kp: Creating...
aws_key_pair.nautilus_kp: Creation complete after 2s [id=nautilus-kp]
Apply complete! Resources: 2 added, 0 changed, 0 destroyed.
Outputs:
key_pair_name = "nautilus-kp"
private_key_pem = <sensitive>

Save the Private Key Locally
bob@iac-server ~/terraform via 💠 default ➜ terraform output -raw private_key_pem > /home/bob/nautilus-kp.pem
bob@iac-server ~/terraform via 💠 default ➜ chmod 600 /home/bob/nautilus-kp.pem
bob@iac-server ~/terraform via 💠 default ➜ aws ec2 describe-key-pairs --key-name nautilus-kp
{
"KeyPairs": [
{
"KeyPairId": "key-3e5a23b1f0a2e53a4",
"CreateTime": "2025-05-06T11:07:30.973000Z",
"KeyName": "nautilus-kp",
"KeyFingerprint": "70:44:7e:3a:08:1f:01:1e:bd:8e:c6:6f:eb:71:fb:5a"
}
]
}
bob@iac-server ~/terraform via 💠 default ➜ ls /home/bob/
.aws/ .bashrc .config/ .profile .vscode/ nautilus-kp.pem .bash_logout .cache/ .local/ .terraform.d/ .vscode-terminal.sh terraform/
bob@iac-server ~/terraform via 💠 default ➜

Task: Create Security Group Using Terraform

Date: 06May2025

Use Terraform to create a security group under the default VPC with the following requirements:

1) The name of the security group must be devops-sg.

2) The description must be Security group for Nautilus App Servers.

3) Add an inbound rule of type HTTP, with a port range of 80, and source CIDR range 0.0.0.0/0.

4) Add another inbound rule of type SSH, with a port range of 22, and source CIDR range 0.0.0.0/0.

Ensure that the security group is created in the us-east-1 region using Terraform. The Terraform working directory is /home/bob/terraform. Create the main.tf file (do not create a different .tf file) to accomplish this task.

Note: Right-click under the EXPLORER section in VS Code and select Open in Integrated Terminal to launch the terminal.

Solution:

bob@iac-server ~/terraform via 💠 default ➜ pwd

/home/bob/terraform

bob@iac-server ~/terraform via 💠 default ➜ vi main.tf

resource "aws_security_group" "devops_sg" {

name = "devops-sg"

description = "Security group for Nautilus App Servers"

vpc_id = data.aws_vpc.default.id

ingress {

description = "Allow HTTP traffic"

from_port = 80

to_port = 80

protocol = "tcp"

cidr_blocks = ["0.0.0.0/0"] # Replace 0.0.0.0 with the actual IP address

}

ingress {

description = "Allow SSH traffic"

from_port = 22

to_port = 22

protocol = "tcp"

cidr_blocks = ["0.0.0.0/0"] # Replace 0.0.0.0 with the actual IP address

}

egress {

description = "Allow all outbound traffic"

from_port = 0

to_port = 0

protocol = "-1"

cidr_blocks = ["0.0.0.0/0"]

}

tags = {

Name = "devops-sg"

}

data "aws_vpc" "default" {

default = true

}

bob@iac-server ~/terraform via 💠 default ➜ terraform init

Initializing the backend...

Initializing provider plugins...

- Finding hashicorp/aws versions matching "5.91.0"...

- Installing hashicorp/aws v5.91.0...

- Installed hashicorp/aws v5.91.0 (signed by HashiCorp)

Terraform has created a lock file .terraform.lock.hcl to record the provider

selections it made above. Include this file in your version control repository

so that Terraform can guarantee to make the same selections by default when

you run "terraform init" in the future.

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see

any changes that are required for your infrastructure. All Terraform commands

should now work.

If you ever set or change modules or backend configuration for Terraform,

rerun this command to reinitialize your working directory. If you forget, other

commands will detect it and remind you to do so if necessary.

bob@iac-server ~/terraform via 💠 default ➜ terraform validate

Success! The configuration is valid.

bob@iac-server ~/terraform via 💠 default ➜ terraform plan

data.aws_vpc.default: Reading...

data.aws_vpc.default: Read complete after 2s [id=vpc-adf2d958aae8f02c5]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:

+ create

Terraform will perform the following actions:

# aws_security_group.devops_sg will be created

+ resource "aws_security_group" "devops_sg" {

+ arn = (known after apply)

+ description = "Security group for Nautilus App Servers"

+ egress = [

+ {

+ cidr_blocks = [

+ "0.0.0.0/0",

]

+ description = "Allow all outbound traffic"

+ from_port = 0

+ ipv6_cidr_blocks = []

+ prefix_list_ids = []

+ protocol = "-1"

+ security_groups = []

+ self = false

+ to_port = 0

]

+ id = (known after apply)

+ ingress = [

+ {

+ cidr_blocks = [

+ "0.0.0.0/0",

]

+ description = "Allow HTTP traffic"

+ from_port = 80

+ ipv6_cidr_blocks = []

+ prefix_list_ids = []

+ protocol = "tcp"

+ security_groups = []

+ self = false

+ to_port = 80

+ {

+ cidr_blocks = [

+ "0.0.0.0/0",

]

+ description = "Allow SSH traffic"

+ from_port = 22

+ ipv6_cidr_blocks = []

+ prefix_list_ids = []

+ protocol = "tcp"

+ security_groups = []

+ self = false

+ to_port = 22

]

+ name = "devops-sg"

+ name_prefix = (known after apply)

+ owner_id = (known after apply)

+ revoke_rules_on_delete = false

+ tags = {

+ "Name" = "devops-sg"

}

+ tags_all = {

+ "Name" = "devops-sg"

}

+ vpc_id = "vpc-adf2d958aae8f02c5"

}

Plan: 1 to add, 0 to change, 0 to destroy.

───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply"

now.

bob@iac-server ~/terraform via 💠 default ➜ terraform apply

data.aws_vpc.default: Reading...

data.aws_vpc.default: Read complete after 0s [id=vpc-adf2d958aae8f02c5]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:

+ create

Terraform will perform the following actions:

# aws_security_group.devops_sg will be created

+ resource "aws_security_group" "devops_sg" {

+ arn = (known after apply)

+ description = "Security group for Nautilus App Servers"

+ egress = [

+ {

+ cidr_blocks = [

+ "0.0.0.0/0",

]

+ description = "Allow all outbound traffic"

+ from_port = 0

+ ipv6_cidr_blocks = []

+ prefix_list_ids = []

+ protocol = "-1"

+ security_groups = []

+ self = false

+ to_port = 0

]

+ id = (known after apply)

+ ingress = [

+ {

+ cidr_blocks = [

+ "0.0.0.0/0",

]

+ description = "Allow HTTP traffic"

+ from_port = 80

+ ipv6_cidr_blocks = []

+ prefix_list_ids = []

+ protocol = "tcp"

+ security_groups = []

+ self = false

+ to_port = 80

+ {

+ cidr_blocks = [

+ "0.0.0.0/0",

]

+ description = "Allow SSH traffic"

+ from_port = 22

+ ipv6_cidr_blocks = []

+ prefix_list_ids = []

+ protocol = "tcp"

+ security_groups = []

+ self = false

+ to_port = 22

]

+ name = "devops-sg"

+ name_prefix = (known after apply)

+ owner_id = (known after apply)

+ revoke_rules_on_delete = false

+ tags = {

+ "Name" = "devops-sg"

}

+ tags_all = {

+ "Name" = "devops-sg"

}

+ vpc_id = "vpc-adf2d958aae8f02c5"

}

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?

Terraform will perform the actions described above.

Only 'yes' will be accepted to approve.

Enter a value: yes

aws_security_group.devops_sg: Creating...

aws_security_group.devops_sg: Creation complete after 0s [id=sg-9ee7bf73d93591307]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

bob@iac-server ~/terraform via 💠 default ➜ aws ec2 describe-security-groups --group-names devops-sg

{

"SecurityGroups": [

{

"GroupId": "sg-9ee7bf73d93591307",

"IpPermissionsEgress": [

{

"IpProtocol": "-1",

"UserIdGroupPairs": [],

"IpRanges": [

{

"Description": "Allow all outbound traffic",

"CidrIp": "0.0.0.0/0"

}

"Ipv6Ranges": [],

"PrefixListIds": []

}

"Tags": [

{

"Key": "Name",

"Value": "devops-sg"

}

"VpcId": "vpc-adf2d958aae8f02c5",

"SecurityGroupArn": "arn:aws:ec2:us-east-1:000000000000:security-group/sg-9ee7bf73d93591307",

"OwnerId": "000000000000",

"GroupName": "devops-sg",

"Description": "Security group for Nautilus App Servers",

"IpPermissions": [

{

"IpProtocol": "tcp",

"FromPort": 22,

"ToPort": 22,

"UserIdGroupPairs": [],

"IpRanges": [

{

"Description": "Allow SSH traffic",

"CidrIp": "0.0.0.0/0"

}

"Ipv6Ranges": [],

"PrefixListIds": []

{

"IpProtocol": "tcp",

"FromPort": 80,

"ToPort": 80,

"UserIdGroupPairs": [],

"IpRanges": [

{

"Description": "Allow HTTP traffic",

"CidrIp": "0.0.0.0/0"

}

"Ipv6Ranges": [],

"PrefixListIds": []

}

]

}

]

}

bob@iac-server ~/terraform via 💠 default ➜

Tasks: Create VPC Using Terraform

Date: 11 May 2025

> Create a VPC named devops-vpc in region us-east-1 with any IPv4 CIDR block through terraform.

> The Terraform working directory is /home/bob/terraform. Create the main.tf file (do not create a different .tf file) to accomplish this task.

Note: Right-click under the EXPLORER section in VS Code and select Open in Integrated Terminal to launch the terminal.

Solution:

bob@iac-server ~/terraform via 💠 default ➜ pwd

/home/bob/terraform

bob@iac-server ~/terraform via 💠 default ➜ ls

README.MD main.tf provider.tf

bob@iac-server ~/terraform via 💠 default ➜ cat main.tf

resource "aws_vpc" "devops_vpc" {

cidr_block = "10.0.0.0/16" # Replace this with your desired IPv4 CIDR block

enable_dns_support = true

enable_dns_hostnames = true

tags = {

Name = "devops-vpc"

}

bob@iac-server ~/terraform via 💠 default ➜ terraform init

Initializing the backend...

Initializing provider plugins...

- Finding hashicorp/aws versions matching "5.91.0"...

- Installing hashicorp/aws v5.91.0...

- Installed hashicorp/aws v5.91.0 (signed by HashiCorp)

Terraform has created a lock file .terraform.lock.hcl to record the provider

selections it made above. Include this file in your version control repository

so that Terraform can guarantee to make the same selections by default when

you run "terraform init" in the future.

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see

any changes that are required for your infrastructure. All Terraform commands

should now work.

If you ever set or change modules or backend configuration for Terraform,

rerun this command to reinitialize your working directory. If you forget, other

commands will detect it and remind you to do so if necessary.

bob@iac-server ~/terraform via 💠 default ➜ terraform validate

Success! The configuration is valid.

bob@iac-server ~/terraform via 💠 default ➜ terraform plan

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:

+ create

Terraform will perform the following actions:

# aws_vpc.devops_vpc will be created

+ resource "aws_vpc" "devops_vpc" {

+ arn = (known after apply)

+ cidr_block = "10.0.0.0/16"

+ default_network_acl_id = (known after apply)

+ default_route_table_id = (known after apply)

+ default_security_group_id = (known after apply)

+ dhcp_options_id = (known after apply)

+ enable_dns_hostnames = true

+ enable_dns_support = true

+ enable_network_address_usage_metrics = (known after apply)

+ id = (known after apply)

+ instance_tenancy = "default"

+ ipv6_association_id = (known after apply)

+ ipv6_cidr_block = (known after apply)

+ ipv6_cidr_block_network_border_group = (known after apply)

+ main_route_table_id = (known after apply)

+ owner_id = (known after apply)

+ tags = {

+ "Name" = "devops-vpc"

}

+ tags_all = {

+ "Name" = "devops-vpc"

}

Plan: 1 to add, 0 to change, 0 to destroy.

Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply"

now.

bob@iac-server ~/terraform via 💠 default ➜ terraform apply

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:

+ create

Terraform will perform the following actions:

# aws_vpc.devops_vpc will be created

+ resource "aws_vpc" "devops_vpc" {

+ arn = (known after apply)

+ cidr_block = "10.0.0.0/16"

+ default_network_acl_id = (known after apply)

+ default_route_table_id = (known after apply)

+ default_security_group_id = (known after apply)

+ dhcp_options_id = (known after apply)

+ enable_dns_hostnames = true

+ enable_dns_support = true

+ enable_network_address_usage_metrics = (known after apply)

+ id = (known after apply)

+ instance_tenancy = "default"

+ ipv6_association_id = (known after apply)

+ ipv6_cidr_block = (known after apply)

+ ipv6_cidr_block_network_border_group = (known after apply)

+ main_route_table_id = (known after apply)

+ owner_id = (known after apply)

+ tags = {

+ "Name" = "devops-vpc"

}

+ tags_all = {

+ "Name" = "devops-vpc"

}

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?

Terraform will perform the actions described above.

Only 'yes' will be accepted to approve.

Enter a value: yes

aws_vpc.devops_vpc: Creating...

aws_vpc.devops_vpc: Still creating... [10s elapsed]

aws_vpc.devops_vpc: Creation complete after 11s [id=vpc-b51761788020b0253]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

bob@iac-server ~/terraform via 💠 default ➜ aws ec2 describe-vpcs-filters "Name=tag:Name,Values=devops-vpc"

Note: AWS CLI version 2, the latest major version of the AWS CLI, is now stable and recommended for general use. For more information, see the AWS CLI version 2 installation instructions at: https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html

usage: aws [options] <command> <subcommand> [<subcommand> ...] [parameters]

To see help text, you can run:

aws help

aws <command> help

aws <command> <subcommand> help

aws: error: argument operation: Invalid choice, valid choices are:

accept-address-transfer | accept-capacity-reservation-billing-ownership

accept-reserved-instances-exchange-quote | accept-transit-gateway-multicast-domain-associations

accept-transit-gateway-peering-attachment | accept-transit-gateway-vpc-attachment

accept-vpc-endpoint-connections | accept-vpc-peering-connection

advertise-byoip-cidr | allocate-address

allocate-hosts | allocate-ipam-pool-cidr

apply-security-groups-to-client-vpn-target-network | assign-ipv6-addresses

assign-private-ip-addresses | assign-private-nat-gateway-address

associate-address | associate-capacity-reservation-billing-owner

associate-client-vpn-target-network | associate-dhcp-options

associate-enclave-certificate-iam-role | associate-iam-instance-profile

associate-instance-event-window | associate-ipam-byoasn

associate-ipam-resource-discovery | associate-nat-gateway-address

associate-route-server | associate-route-table

associate-security-group-vpc | associate-subnet-cidr-block

associate-transit-gateway-multicast-domain | associate-transit-gateway-policy-table

associate-transit-gateway-route-table | associate-trunk-interface

associate-vpc-cidr-block | attach-classic-link-vpc

attach-internet-gateway | attach-network-interface

attach-verified-access-trust-provider | attach-volume

attach-vpn-gateway | authorize-client-vpn-ingress

authorize-security-group-egress | authorize-security-group-ingress

bundle-instance | cancel-bundle-task

cancel-capacity-reservation | cancel-capacity-reservation-fleets

cancel-conversion-task | cancel-declarative-policies-report

cancel-export-task | cancel-image-launch-permission

cancel-import-task | cancel-reserved-instances-listing

cancel-spot-fleet-requests | cancel-spot-instance-requests

confirm-product-instance | copy-fpga-image

copy-image | copy-snapshot

create-capacity-reservation | create-capacity-reservation-by-splitting

create-capacity-reservation-fleet | create-carrier-gateway

create-client-vpn-endpoint | create-client-vpn-route

create-coip-cidr | create-coip-pool

create-customer-gateway | create-default-subnet

create-default-vpc | create-dhcp-options

create-egress-only-internet-gateway | create-fleet

create-flow-logs | create-fpga-image

create-image | create-instance-connect-endpoint

create-instance-event-window | create-instance-export-task

create-internet-gateway | create-ipam

create-ipam-external-resource-verification-token | create-ipam-pool

create-ipam-resource-discovery | create-ipam-scope

create-key-pair | create-launch-template

create-launch-template-version | create-local-gateway-route

create-local-gateway-route-table | create-local-gateway-route-table-virtual-interface-group-association

create-local-gateway-route-table-vpc-association | create-managed-prefix-list

create-nat-gateway | create-network-acl

create-network-acl-entry | create-network-insights-access-scope

create-network-insights-path | create-network-interface

create-network-interface-permission | create-placement-group

create-public-ipv4-pool | create-replace-root-volume-task

create-reserved-instances-listing | create-restore-image-task

create-route | create-route-server

create-route-server-endpoint | create-route-server-peer

create-route-table | create-security-group

create-snapshot | create-snapshots

create-spot-datafeed-subscription | create-store-image-task

create-subnet | create-subnet-cidr-reservation

create-tags | create-traffic-mirror-filter

create-traffic-mirror-filter-rule | create-traffic-mirror-session

create-traffic-mirror-target | create-transit-gateway

create-transit-gateway-connect | create-transit-gateway-connect-peer

create-transit-gateway-multicast-domain | create-transit-gateway-peering-attachment

create-transit-gateway-policy-table | create-transit-gateway-prefix-list-reference

create-transit-gateway-route | create-transit-gateway-route-table

create-transit-gateway-route-table-announcement | create-transit-gateway-vpc-attachment

create-verified-access-endpoint | create-verified-access-group

create-verified-access-instance | create-verified-access-trust-provider

create-volume | create-vpc

create-vpc-block-public-access-exclusion | create-vpc-endpoint

create-vpc-endpoint-connection-notification | create-vpc-endpoint-service-configuration

create-vpc-peering-connection | create-vpn-connection

create-vpn-connection-route | create-vpn-gateway

delete-carrier-gateway | delete-client-vpn-endpoint

delete-client-vpn-route | delete-coip-cidr

delete-coip-pool | delete-customer-gateway

delete-dhcp-options | delete-egress-only-internet-gateway

delete-fleets | delete-flow-logs

delete-fpga-image | delete-instance-connect-endpoint

delete-instance-event-window | delete-internet-gateway

delete-ipam | delete-ipam-external-resource-verification-token

delete-ipam-pool | delete-ipam-resource-discovery

delete-ipam-scope | delete-key-pair

delete-launch-template | delete-launch-template-versions

delete-local-gateway-route | delete-local-gateway-route-table

delete-local-gateway-route-table-virtual-interface-group-association | delete-local-gateway-route-table-vpc-association

delete-managed-prefix-list | delete-nat-gateway

delete-network-acl | delete-network-acl-entry

delete-network-insights-access-scope | delete-network-insights-access-scope-analysis

delete-network-insights-analysis | delete-network-insights-path

delete-network-interface | delete-network-interface-permission

delete-placement-group | delete-public-ipv4-pool

delete-queued-reserved-instances | delete-route

delete-route-server | delete-route-server-endpoint

delete-route-server-peer | delete-route-table

delete-security-group | delete-snapshot

delete-spot-datafeed-subscription | delete-subnet

delete-subnet-cidr-reservation | delete-tags

delete-traffic-mirror-filter | delete-traffic-mirror-filter-rule

delete-traffic-mirror-session | delete-traffic-mirror-target

delete-transit-gateway | delete-transit-gateway-connect

delete-transit-gateway-connect-peer | delete-transit-gateway-multicast-domain

delete-transit-gateway-peering-attachment | delete-transit-gateway-policy-table

delete-transit-gateway-prefix-list-reference | delete-transit-gateway-route

delete-transit-gateway-route-table | delete-transit-gateway-route-table-announcement

delete-transit-gateway-vpc-attachment | delete-verified-access-endpoint

delete-verified-access-group | delete-verified-access-instance

delete-verified-access-trust-provider | delete-volume

delete-vpc | delete-vpc-block-public-access-exclusion

delete-vpc-endpoint-connection-notifications | delete-vpc-endpoint-service-configurations

delete-vpc-endpoints | delete-vpc-peering-connection

delete-vpn-connection | delete-vpn-connection-route

delete-vpn-gateway | deprovision-byoip-cidr

deprovision-ipam-byoasn | deprovision-ipam-pool-cidr

deprovision-public-ipv4-pool-cidr | deregister-image

deregister-instance-event-notification-attributes | deregister-transit-gateway-multicast-group-members

deregister-transit-gateway-multicast-group-sources | describe-account-attributes

describe-address-transfers | describe-addresses

describe-addresses-attribute | describe-aggregate-id-format

describe-availability-zones | describe-aws-network-performance-metric-subscriptions

describe-bundle-tasks | describe-byoip-cidrs

describe-capacity-block-extension-history | describe-capacity-block-extension-offerings

describe-capacity-block-offerings | describe-capacity-reservation-billing-requests

describe-capacity-reservation-fleets | describe-capacity-reservations

describe-carrier-gateways | describe-classic-link-instances

describe-client-vpn-authorization-rules | describe-client-vpn-connections

describe-client-vpn-endpoints | describe-client-vpn-routes

describe-client-vpn-target-networks | describe-coip-pools

describe-conversion-tasks | describe-customer-gateways

describe-declarative-policies-reports | describe-dhcp-options

describe-egress-only-internet-gateways | describe-elastic-gpus

describe-export-image-tasks | describe-export-tasks

describe-fast-launch-images | describe-fast-snapshot-restores

describe-fleet-history | describe-fleet-instances

describe-fleets | describe-flow-logs

describe-fpga-image-attribute | describe-fpga-images

describe-host-reservation-offerings | describe-host-reservations

describe-hosts | describe-iam-instance-profile-associations

describe-id-format | describe-identity-id-format

describe-image-attribute | describe-images

describe-import-image-tasks | describe-import-snapshot-tasks

describe-instance-attribute | describe-instance-connect-endpoints

describe-instance-credit-specifications | describe-instance-event-notification-attributes

describe-instance-event-windows | describe-instance-image-metadata

describe-instance-status | describe-instance-topology

describe-instance-type-offerings | describe-instance-types

describe-instances | describe-internet-gateways

describe-ipam-byoasn | describe-ipam-external-resource-verification-tokens

describe-ipam-pools | describe-ipam-resource-discoveries

describe-ipam-resource-discovery-associations | describe-ipam-scopes

describe-ipams | describe-ipv6-pools

describe-key-pairs | describe-launch-template-versions

describe-launch-templates | describe-local-gateway-route-table-virtual-interface-group-associations

describe-local-gateway-route-table-vpc-associations | describe-local-gateway-route-tables

describe-local-gateway-virtual-interface-groups | describe-local-gateway-virtual-interfaces

describe-local-gateways | describe-locked-snapshots

describe-mac-hosts | describe-managed-prefix-lists

describe-moving-addresses | describe-nat-gateways

describe-network-acls | describe-network-insights-access-scope-analyses

describe-network-insights-access-scopes | describe-network-insights-analyses

describe-network-insights-paths | describe-network-interface-attribute

describe-network-interface-permissions | describe-network-interfaces

describe-placement-groups | describe-prefix-lists

describe-principal-id-format | describe-public-ipv4-pools

describe-regions | describe-replace-root-volume-tasks

describe-reserved-instances | describe-reserved-instances-listings

describe-reserved-instances-modifications | describe-reserved-instances-offerings

describe-route-server-endpoints | describe-route-server-peers

describe-route-servers | describe-route-tables

describe-scheduled-instance-availability | describe-scheduled-instances

describe-security-group-references | describe-security-group-rules

describe-security-group-vpc-associations | describe-security-groups

describe-snapshot-attribute | describe-snapshot-tier-status

describe-snapshots | describe-spot-datafeed-subscription

describe-spot-fleet-instances | describe-spot-fleet-request-history

describe-spot-fleet-requests | describe-spot-instance-requests

describe-spot-price-history | describe-stale-security-groups

describe-store-image-tasks | describe-subnets

describe-tags | describe-traffic-mirror-filter-rules

describe-traffic-mirror-filters | describe-traffic-mirror-sessions

describe-traffic-mirror-targets | describe-transit-gateway-attachments

describe-transit-gateway-connect-peers | describe-transit-gateway-connects

describe-transit-gateway-multicast-domains | describe-transit-gateway-peering-attachments

describe-transit-gateway-policy-tables | describe-transit-gateway-route-table-announcements

describe-transit-gateway-route-tables | describe-transit-gateway-vpc-attachments

describe-transit-gateways | describe-trunk-interface-associations

describe-verified-access-endpoints | describe-verified-access-groups

describe-verified-access-instance-logging-configurations | describe-verified-access-instances

describe-verified-access-trust-providers | describe-volume-attribute

describe-volume-status | describe-volumes

describe-volumes-modifications | describe-vpc-attribute

describe-vpc-block-public-access-exclusions | describe-vpc-block-public-access-options

describe-vpc-classic-link | describe-vpc-classic-link-dns-support

describe-vpc-endpoint-associations | describe-vpc-endpoint-connection-notifications

describe-vpc-endpoint-connections | describe-vpc-endpoint-service-configurations

describe-vpc-endpoint-service-permissions | describe-vpc-endpoint-services

describe-vpc-endpoints | describe-vpc-peering-connections

describe-vpcs | describe-vpn-connections

describe-vpn-gateways | detach-classic-link-vpc

detach-internet-gateway | detach-network-interface

detach-verified-access-trust-provider | detach-volume

detach-vpn-gateway | disable-address-transfer

disable-allowed-images-settings | disable-aws-network-performance-metric-subscription

disable-ebs-encryption-by-default | disable-fast-launch

disable-fast-snapshot-restores | disable-image

disable-image-block-public-access | disable-image-deprecation

disable-image-deregistration-protection | disable-ipam-organization-admin-account

disable-route-server-propagation | disable-serial-console-access

disable-snapshot-block-public-access | disable-transit-gateway-route-table-propagation

disable-vgw-route-propagation | disable-vpc-classic-link

disable-vpc-classic-link-dns-support | disassociate-address

disassociate-capacity-reservation-billing-owner | disassociate-client-vpn-target-network

disassociate-enclave-certificate-iam-role | disassociate-iam-instance-profile

disassociate-instance-event-window | disassociate-ipam-byoasn

disassociate-ipam-resource-discovery | disassociate-nat-gateway-address

disassociate-route-server | disassociate-route-table

disassociate-security-group-vpc | disassociate-subnet-cidr-block

disassociate-transit-gateway-multicast-domain | disassociate-transit-gateway-policy-table

disassociate-transit-gateway-route-table | disassociate-trunk-interface

disassociate-vpc-cidr-block | enable-address-transfer

enable-allowed-images-settings | enable-aws-network-performance-metric-subscription

enable-ebs-encryption-by-default | enable-fast-launch

enable-fast-snapshot-restores | enable-image

enable-image-block-public-access | enable-image-deprecation

enable-image-deregistration-protection | enable-ipam-organization-admin-account

enable-reachability-analyzer-organization-sharing | enable-route-server-propagation

enable-serial-console-access | enable-snapshot-block-public-access

enable-transit-gateway-route-table-propagation | enable-vgw-route-propagation

enable-volume-io | enable-vpc-classic-link

enable-vpc-classic-link-dns-support | export-client-vpn-client-certificate-revocation-list

export-client-vpn-client-configuration | export-image

export-transit-gateway-routes | export-verified-access-instance-client-configuration

get-allowed-images-settings | get-associated-enclave-certificate-iam-roles

get-associated-ipv6-pool-cidrs | get-aws-network-performance-data

get-capacity-reservation-usage | get-coip-pool-usage

get-console-output | get-console-screenshot

get-declarative-policies-report-summary | get-default-credit-specification

get-ebs-default-kms-key-id | get-ebs-encryption-by-default

get-flow-logs-integration-template | get-groups-for-capacity-reservation

get-host-reservation-purchase-preview | get-image-block-public-access-state

get-instance-metadata-defaults | get-instance-tpm-ek-pub

get-instance-types-from-instance-requirements | get-instance-uefi-data

get-ipam-address-history | get-ipam-discovered-accounts

get-ipam-discovered-public-addresses | get-ipam-discovered-resource-cidrs

get-ipam-pool-allocations | get-ipam-pool-cidrs

get-ipam-resource-cidrs | get-launch-template-data

get-managed-prefix-list-associations | get-managed-prefix-list-entries

get-network-insights-access-scope-analysis-findings | get-network-insights-access-scope-content

get-password-data | get-reserved-instances-exchange-quote

get-route-server-associations | get-route-server-propagations

get-route-server-routing-database | get-security-groups-for-vpc

get-serial-console-access-status | get-snapshot-block-public-access-state

get-spot-placement-scores | get-subnet-cidr-reservations

get-transit-gateway-attachment-propagations | get-transit-gateway-multicast-domain-associations

get-transit-gateway-policy-table-associations | get-transit-gateway-policy-table-entries

get-transit-gateway-prefix-list-references | get-transit-gateway-route-table-associations

get-transit-gateway-route-table-propagations | get-verified-access-endpoint-policy

get-verified-access-endpoint-targets | get-verified-access-group-policy

get-vpn-connection-device-sample-configuration | get-vpn-connection-device-types

get-vpn-tunnel-replacement-status | import-client-vpn-client-certificate-revocation-list

import-image | import-key-pair

import-snapshot | list-images-in-recycle-bin

list-snapshots-in-recycle-bin | lock-snapshot

modify-address-attribute | modify-availability-zone-group

modify-capacity-reservation | modify-capacity-reservation-fleet

modify-client-vpn-endpoint | modify-default-credit-specification

modify-ebs-default-kms-key-id | modify-fleet

modify-fpga-image-attribute | modify-hosts

modify-id-format | modify-identity-id-format

modify-image-attribute | modify-instance-attribute

modify-instance-capacity-reservation-attributes | modify-instance-cpu-options

modify-instance-credit-specification | modify-instance-event-start-time

modify-instance-event-window | modify-instance-maintenance-options

modify-instance-metadata-defaults | modify-instance-metadata-options

modify-instance-network-performance-options | modify-instance-placement

modify-ipam | modify-ipam-pool

modify-ipam-resource-cidr | modify-ipam-resource-discovery

modify-ipam-scope | modify-launch-template

modify-local-gateway-route | modify-managed-prefix-list

modify-network-interface-attribute | modify-private-dns-name-options

modify-reserved-instances | modify-route-server

modify-security-group-rules | modify-snapshot-attribute

modify-snapshot-tier | modify-spot-fleet-request

modify-subnet-attribute | modify-traffic-mirror-filter-network-services

modify-traffic-mirror-filter-rule | modify-traffic-mirror-session

modify-transit-gateway | modify-transit-gateway-prefix-list-reference

modify-transit-gateway-vpc-attachment | modify-verified-access-endpoint

modify-verified-access-endpoint-policy | modify-verified-access-group

modify-verified-access-group-policy | modify-verified-access-instance

modify-verified-access-instance-logging-configuration | modify-verified-access-trust-provider

modify-volume | modify-volume-attribute

modify-vpc-attribute | modify-vpc-block-public-access-exclusion

modify-vpc-block-public-access-options | modify-vpc-endpoint

modify-vpc-endpoint-connection-notification | modify-vpc-endpoint-service-configuration

modify-vpc-endpoint-service-payer-responsibility | modify-vpc-endpoint-service-permissions

modify-vpc-peering-connection-options | modify-vpc-tenancy

modify-vpn-connection | modify-vpn-connection-options

modify-vpn-tunnel-certificate | modify-vpn-tunnel-options

monitor-instances | move-address-to-vpc

move-byoip-cidr-to-ipam | move-capacity-reservation-instances

provision-byoip-cidr | provision-ipam-byoasn

provision-ipam-pool-cidr | provision-public-ipv4-pool-cidr

purchase-capacity-block | purchase-capacity-block-extension

purchase-host-reservation | purchase-reserved-instances-offering

purchase-scheduled-instances | reboot-instances

register-image | register-instance-event-notification-attributes

register-transit-gateway-multicast-group-members | register-transit-gateway-multicast-group-sources

reject-capacity-reservation-billing-ownership | reject-transit-gateway-multicast-domain-associations

reject-transit-gateway-peering-attachment | reject-transit-gateway-vpc-attachment

reject-vpc-endpoint-connections | reject-vpc-peering-connection

release-address | release-hosts

release-ipam-pool-allocation | replace-iam-instance-profile-association

replace-image-criteria-in-allowed-images-settings | replace-network-acl-association

replace-network-acl-entry | replace-route

replace-route-table-association | replace-transit-gateway-route

replace-vpn-tunnel | report-instance-status

request-spot-fleet | request-spot-instances

reset-address-attribute | reset-ebs-default-kms-key-id

reset-fpga-image-attribute | reset-image-attribute

reset-instance-attribute | reset-network-interface-attribute

reset-snapshot-attribute | restore-address-to-classic

restore-image-from-recycle-bin | restore-managed-prefix-list-version

restore-snapshot-from-recycle-bin | restore-snapshot-tier

revoke-client-vpn-ingress | revoke-security-group-egress

revoke-security-group-ingress | run-instances

run-scheduled-instances | search-local-gateway-routes

search-transit-gateway-multicast-groups | search-transit-gateway-routes

send-diagnostic-interrupt | start-declarative-policies-report

start-instances | start-network-insights-access-scope-analysis

start-network-insights-analysis | start-vpc-endpoint-service-private-dns-verification

stop-instances | terminate-client-vpn-connections

terminate-instances | unassign-ipv6-addresses

unassign-private-ip-addresses | unassign-private-nat-gateway-address

unlock-snapshot | unmonitor-instances

update-security-group-rule-descriptions-egress | update-security-group-rule-descriptions-ingress

withdraw-byoip-cidr | wait

help

bob@iac-server ~/terraform via 💠 default ✖ aws ec2 describe-vpcs --filters "Name=tag:Name,Values=devops-vpc"

{

"Vpcs": [

{

"OwnerId": "000000000000",

"InstanceTenancy": "default",

"Ipv6CidrBlockAssociationSet": [],

"CidrBlockAssociationSet": [

{

"AssociationId": "vpc-cidr-assoc-d80a31d4fb79ebd63",

"CidrBlock": "10.0.0.0/16",

"CidrBlockState": {

"State": "associated"

}

"IsDefault": false,

"Tags": [

{

"Key": "Name",

"Value": "devops-vpc"

}

"VpcId": "vpc-b51761788020b0253",

"State": "available",

"CidrBlock": "10.0.0.0/16",

"DhcpOptionsId": "default"

}

]

}

bob@iac-server ~/terraform via 💠 default ➜

Task: Create VPC with CIDR Using Terraform
Date: 15 May 2025

The Nautilus DevOps team is strategically planning the migration of a portion of their infrastructure to the AWS cloud. Acknowledging the magnitude of this endeavor, they have chosen to tackle the migration incrementally rather than as a single, massive transition. Their approach involves creating Virtual Private Clouds (VPCs) as the initial step, as they will be provisioning various services under different VPCs.

1> Create a VPC named xfusion-vpc in us-east-1 region with 192.168.0.0/24 IPv4 CIDR using terraform.

The Terraform working directory is /home/bob/terraform. Create the main.tf file (do not create a different .tf file) to accomplish this task.

Solution:

bob@iac-server ~/terraform via 💠 default ➜ pwd

/home/bob/terraform

bob@iac-server ~/terraform via 💠 default ➜ cat main.tf

resource "aws_vpc" "xfusion-vpc" {

cidr_block = "192.168.0.0/24" # Replace this with your desired IPv4 CIDR block

enable_dns_support = true

enable_dns_hostnames = true

tags = {

Name = "xfusion-vpc"

}

bob@iac-server ~/terraform via 💠 default ➜ terraform init

Initializing the backend...

Initializing provider plugins...

- Finding hashicorp/aws versions matching "5.91.0"...

- Installing hashicorp/aws v5.91.0...

- Installed hashicorp/aws v5.91.0 (signed by HashiCorp)

Terraform has created a lock file .terraform.lock.hcl to record the provider

selections it made above. Include this file in your version control repository

so that Terraform can guarantee to make the same selections by default when

you run "terraform init" in the future.

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see

any changes that are required for your infrastructure. All Terraform commands

should now work.

If you ever set or change modules or backend configuration for Terraform,

rerun this command to reinitialize your working directory. If you forget, other

commands will detect it and remind you to do so if necessary.

bob@iac-server ~/terraform via 💠 default ➜ terraform validate

Success! The configuration is valid.

bob@iac-server ~/terraform via 💠 default ➜ terraform plan

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:

+ create

Terraform will perform the following actions:

# aws_vpc.xfusion-vpc will be created

+ resource "aws_vpc" "xfusion-vpc" {

+ arn = (known after apply)

+ cidr_block = "192.168.0.0/24"

+ default_network_acl_id = (known after apply)

+ default_route_table_id = (known after apply)

+ default_security_group_id = (known after apply)

+ dhcp_options_id = (known after apply)

+ enable_dns_hostnames = true

+ enable_dns_support = true

+ enable_network_address_usage_metrics = (known after apply)

+ id = (known after apply)

+ instance_tenancy = "default"

+ ipv6_association_id = (known after apply)

+ ipv6_cidr_block = (known after apply)

+ ipv6_cidr_block_network_border_group = (known after apply)

+ main_route_table_id = (known after apply)

+ owner_id = (known after apply)

+ tags = {

+ "Name" = "xfusion-vpc"

}

+ tags_all = {

+ "Name" = "xfusion-vpc"

}

Plan: 1 to add, 0 to change, 0 to destroy.

Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply"

now.

bob@iac-server ~/terraform via 💠 default ➜ terraform apply

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:

+ create

Terraform will perform the following actions:

# aws_vpc.xfusion-vpc will be created

+ resource "aws_vpc" "xfusion-vpc" {

+ arn = (known after apply)

+ cidr_block = "192.168.0.0/24"

+ default_network_acl_id = (known after apply)

+ default_route_table_id = (known after apply)

+ default_security_group_id = (known after apply)

+ dhcp_options_id = (known after apply)

+ enable_dns_hostnames = true

+ enable_dns_support = true

+ enable_network_address_usage_metrics = (known after apply)

+ id = (known after apply)

+ instance_tenancy = "default"

+ ipv6_association_id = (known after apply)

+ ipv6_cidr_block = (known after apply)

+ ipv6_cidr_block_network_border_group = (known after apply)

+ main_route_table_id = (known after apply)

+ owner_id = (known after apply)

+ tags = {

+ "Name" = "xfusion-vpc"

}

+ tags_all = {

+ "Name" = "xfusion-vpc"

}

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?

Terraform will perform the actions described above.

Only 'yes' will be accepted to approve.

Enter a value: yes

aws_vpc.xfusion-vpc: Creating...

aws_vpc.xfusion-vpc: Still creating... [10s elapsed]

aws_vpc.xfusion-vpc: Creation complete after 12s [id=vpc-1cba1058cbd1b201a]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

bob@iac-server ~/terraform via 💠 default ➜ aws ec2 describe-vpcs --filters "Name=tag:Name,Values=xfusion-vpc"

{

"Vpcs": [

{

"OwnerId": "000000000000",

"InstanceTenancy": "default",

"Ipv6CidrBlockAssociationSet": [],

"CidrBlockAssociationSet": [

{

"AssociationId": "vpc-cidr-assoc-99209b471c4295983",

"CidrBlock": "192.168.0.0/24",

"CidrBlockState": {

"State": "associated"

}

"IsDefault": false,

"Tags": [

{

"Key": "Name",

"Value": "xfusion-vpc"

}

"VpcId": "vpc-1cba1058cbd1b201a",

"State": "available",

"CidrBlock": "192.168.0.0/24",

"DhcpOptionsId": "default"

}

]

}

bob@iac-server ~/terraform via 💠 default ➜

Task: Create VPC with IPv6 Using Terraform

Date: 21May2025

For this task, create a VPC named xfusion-vpc in the us-east-1 region with the Amazon-provided IPv6 CIDR block using terraform.

The Terraform working directory is /home/bob/terraform. Create the main.tf file (do not create a different .tf file) to accomplish this task.

Solution

bob@iac-server ~/terraform via 💠 default ➜ pwd

/home/bob/terraform

bob@iac-server ~/terraform via 💠 default ➜ cat main.tf

resource "aws_vpc" "xfusion_vpc" {

cidr_block = "10.0.0.0/16" # Specify an IPv4 CIDR block

assign_generated_ipv6_cidr_block = true # Enable Amazon-provided IPv6 CIDR block

enable_dns_support = true

enable_dns_hostnames = true

tags = {

Name = "xfusion-vpc"

}

bob@iac-server ~/terraform via 💠 default ➜ terraform init

Initializing the backend...

Initializing provider plugins...

- Finding hashicorp/aws versions matching "5.91.0"...

- Installing hashicorp/aws v5.91.0...

- Installed hashicorp/aws v5.91.0 (signed by HashiCorp)

Terraform has created a lock file .terraform.lock.hcl to record the provider

selections it made above. Include this file in your version control repository

so that Terraform can guarantee to make the same selections by default when

you run "terraform init" in the future.

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see

any changes that are required for your infrastructure. All Terraform commands

should now work.

If you ever set or change modules or backend configuration for Terraform,

rerun this command to reinitialize your working directory. If you forget, other

commands will detect it and remind you to do so if necessary.

bob@iac-server ~/terraform via 💠 default ➜ terraform validate

Success! The configuration is valid.

bob@iac-server ~/terraform via 💠 default ➜ terraform plan

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:

+ create

Terraform will perform the following actions:

# aws_vpc.xfusion_vpc will be created

+ resource "aws_vpc" "xfusion_vpc" {

+ arn = (known after apply)

+ assign_generated_ipv6_cidr_block = true

+ cidr_block = "10.0.0.0/16"

+ default_network_acl_id = (known after apply)

+ default_route_table_id = (known after apply)

+ default_security_group_id = (known after apply)

+ dhcp_options_id = (known after apply)

+ enable_dns_hostnames = true

+ enable_dns_support = true

+ enable_network_address_usage_metrics = (known after apply)

+ id = (known after apply)

+ instance_tenancy = "default"

+ ipv6_association_id = (known after apply)

+ ipv6_cidr_block = (known after apply)

+ ipv6_cidr_block_network_border_group = (known after apply)

+ main_route_table_id = (known after apply)

+ owner_id = (known after apply)

+ tags = {

+ "Name" = "xfusion-vpc"

}

+ tags_all = {

+ "Name" = "xfusion-vpc"

}

Plan: 1 to add, 0 to change, 0 to destroy.

Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply"

now.

bob@iac-server ~/terraform via 💠 default ➜ terraform apply

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:

+ create

Terraform will perform the following actions:

# aws_vpc.xfusion_vpc will be created

+ resource "aws_vpc" "xfusion_vpc" {

+ arn = (known after apply)

+ assign_generated_ipv6_cidr_block = true

+ cidr_block = "10.0.0.0/16"

+ default_network_acl_id = (known after apply)

+ default_route_table_id = (known after apply)

+ default_security_group_id = (known after apply)

+ dhcp_options_id = (known after apply)

+ enable_dns_hostnames = true

+ enable_dns_support = true

+ enable_network_address_usage_metrics = (known after apply)

+ id = (known after apply)

+ instance_tenancy = "default"

+ ipv6_association_id = (known after apply)

+ ipv6_cidr_block = (known after apply)

+ ipv6_cidr_block_network_border_group = (known after apply)

+ main_route_table_id = (known after apply)

+ owner_id = (known after apply)

+ tags = {

+ "Name" = "xfusion-vpc"

}

+ tags_all = {

+ "Name" = "xfusion-vpc"

}

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?

Terraform will perform the actions described above.

Only 'yes' will be accepted to approve.

Enter a value: yes

aws_vpc.xfusion_vpc: Creating...

aws_vpc.xfusion_vpc: Still creating... [10s elapsed]

aws_vpc.xfusion_vpc: Still creating... [20s elapsed]

aws_vpc.xfusion_vpc: Creation complete after 22s [id=vpc-cadb04adb05820e1a]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

bob@iac-server ~/terraform via 💠 default ➜ aws ec2 describe-vpcs --filter "Name=tag:Name,Values=xfusion-vpc"

{

"Vpcs": [

{

"OwnerId": "000000000000",

"InstanceTenancy": "default",

"Ipv6CidrBlockAssociationSet": [

{

"AssociationId": "vpc-cidr-assoc-5e6fc4cb62345293a",

"Ipv6CidrBlock": "2400:6500:8d70:a200::/56",

"Ipv6CidrBlockState": {

"State": "associated"

"NetworkBorderGroup": "us-east-1",

"Ipv6Pool": "Amazon"

}

"CidrBlockAssociationSet": [

{

"AssociationId": "vpc-cidr-assoc-055fe1f7cc875d20d",

"CidrBlock": "10.0.0.0/16",

"CidrBlockState": {

"State": "associated"

}

"IsDefault": false,

"Tags": [

{

"Key": "Name",

"Value": "xfusion-vpc"

}

"VpcId": "vpc-cadb04adb05820e1a",

"State": "available",

"CidrBlock": "10.0.0.0/16",

"DhcpOptionsId": "default"

}

]

}

bob@iac-server ~/terraform via 💠 default ➜

Task: Create Elastic IP Using Terraform

Date: 22May2025

For this task, allocate an Elastic IP address named nautilus-eip using Terraform.

The Terraform working directory is /home/bob/terraform. Create the main.tf file (do not create a different .tf file) to accomplish this task.

Solution

bob@iac-server ~/terraform via 💠 default ➜ pwd

/home/bob/terraform

bob@iac-server ~/terraform via 💠 default ➜ cat main.tf

resource "aws_eip" "nautilus_eip" {

tags = {

Name = "nautilus-eip"

}

bob@iac-server ~/terraform via 💠 default ➜ terraform init

Initializing the backend...

Initializing provider plugins...

- Finding hashicorp/aws versions matching "5.91.0"...

- Installing hashicorp/aws v5.91.0...

- Installed hashicorp/aws v5.91.0 (signed by HashiCorp)

Terraform has created a lock file .terraform.lock.hcl to record the provider

selections it made above. Include this file in your version control repository

so that Terraform can guarantee to make the same selections by default when

you run "terraform init" in the future.

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see

any changes that are required for your infrastructure. All Terraform commands

should now work.

If you ever set or change modules or backend configuration for Terraform,

rerun this command to reinitialize your working directory. If you forget, other

commands will detect it and remind you to do so if necessary.

bob@iac-server ~/terraform via 💠 default ➜ terraform validate

Success! The configuration is valid.

bob@iac-server ~/terraform via 💠 default ➜ terraform plan

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:

+ create

Terraform will perform the following actions:

# aws_eip.nautilus_eip will be created

+ resource "aws_eip" "nautilus_eip" {

+ allocation_id = (known after apply)

+ arn = (known after apply)

+ association_id = (known after apply)

+ carrier_ip = (known after apply)

+ customer_owned_ip = (known after apply)

+ domain = (known after apply)

+ id = (known after apply)

+ instance = (known after apply)

+ ipam_pool_id = (known after apply)

+ network_border_group = (known after apply)

+ network_interface = (known after apply)

+ private_dns = (known after apply)

+ private_ip = (known after apply)

+ ptr_record = (known after apply)

+ public_dns = (known after apply)

+ public_ip = (known after apply)

+ public_ipv4_pool = (known after apply)

+ tags = {

+ "Name" = "nautilus-eip"

}

+ tags_all = {

+ "Name" = "nautilus-eip"

}

+ vpc = (known after apply)

}

Plan: 1 to add, 0 to change, 0 to destroy.

Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply"

now.

bob@iac-server ~/terraform via 💠 default ➜ terraform apply

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:

+ create

Terraform will perform the following actions:

# aws_eip.nautilus_eip will be created

+ resource "aws_eip" "nautilus_eip" {

+ allocation_id = (known after apply)

+ arn = (known after apply)

+ association_id = (known after apply)

+ carrier_ip = (known after apply)

+ customer_owned_ip = (known after apply)

+ domain = (known after apply)

+ id = (known after apply)

+ instance = (known after apply)

+ ipam_pool_id = (known after apply)

+ network_border_group = (known after apply)

+ network_interface = (known after apply)

+ private_dns = (known after apply)

+ private_ip = (known after apply)

+ ptr_record = (known after apply)

+ public_dns = (known after apply)

+ public_ip = (known after apply)

+ public_ipv4_pool = (known after apply)

+ tags = {

+ "Name" = "nautilus-eip"

}

+ tags_all = {

+ "Name" = "nautilus-eip"

}

+ vpc = (known after apply)

}

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?

Terraform will perform the actions described above.

Only 'yes' will be accepted to approve.

Enter a value: yes

aws_eip.nautilus_eip: Creating...

aws_eip.nautilus_eip: Creation complete after 2s [id=eipalloc-4d64dcf5d16c14e67]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

bob@iac-server ~/terraform via 💠 default ➜ aws ec2 describe-addresses --filters "Name=tag:Name,Values=nautilus-eip"

{

"Addresses": [

{

"AllocationId": "eipalloc-4d64dcf5d16c14e67",

"Domain": "vpc",

"NetworkInterfaceId": "",

"Tags": [

{

"Key": "Name",

"Value": "nautilus-eip"

}

"InstanceId": "",

"PublicIp": "127.122.160.174"

}

]

}

bob@iac-server ~/terraform via 💠 default ➜

Task: Create EC2 Instance Using Terraform

Date: 29May2025

For this task, create an EC2 instance using Terraform with the following requirements:

1. The name of the instance must be nautilus-ec2.

2. Use the Amazon Linux ami-0c101f26f147fa7fd to launch this instance.

3. The Instance type must be t2.micro.

4. Create a new RSA key named nautilus-kp.

5. Attach the default (available by default) security group.

bob@iac-server ~/terraform via 💠 default ➜ pwd

/home/bob/terraform

bob@iac-server ~/terraform via 💠 default ➜ cat main.tf

# Create a new RSA key pair

resource "tls_private_key" "nautilus_private_key" {

algorithm = "RSA"

rsa_bits = 2048

}

resource "aws_key_pair" "nautilus_kp" {

key_name = "nautilus-kp"

public_key = tls_private_key.nautilus_private_key.public_key_openssh

}

# Fetch the default VPC and security group

data "aws_vpc" "default" {

default = true

}

data "aws_security_group" "default" {

vpc_id = data.aws_vpc.default.id

name = "default"

}

# Create the EC2 instance

resource "aws_instance" "nautilus_ec2" {

ami = "ami-0c101f26f147fa7fd" # Amazon Linux AMI

instance_type = "t2.micro"

key_name = aws_key_pair.nautilus_kp.key_name

security_groups = [data.aws_security_group.default.name]

tags = {

Name = "nautilus-ec2"

}

# Output the private key

output "private_key_pem" {

value = tls_private_key.nautilus_private_key.private_key_pem

sensitive = true

}

bob@iac-server ~/terraform via 💠 default ➜ terraform init

Initializing the backend...

Initializing provider plugins...

- Finding hashicorp/aws versions matching "5.91.0"...

- Finding latest version of hashicorp/tls...

- Installing hashicorp/tls v4.1.0...

- Installed hashicorp/tls v4.1.0 (signed by HashiCorp)

- Installing hashicorp/aws v5.91.0...

- Installed hashicorp/aws v5.91.0 (signed by HashiCorp)

Terraform has created a lock file .terraform.lock.hcl to record the provider

selections it made above. Include this file in your version control repository

so that Terraform can guarantee to make the same selections by default when

you run "terraform init" in the future.

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see

any changes that are required for your infrastructure. All Terraform commands

should now work.

If you ever set or change modules or backend configuration for Terraform,

rerun this command to reinitialize your working directory. If you forget, other

commands will detect it and remind you to do so if necessary.

bob@iac-server ~/terraform via 💠 default ➜ terraform validate

Success! The configuration is valid.

bob@iac-server ~/terraform via 💠 default ➜ terraform plan

data.aws_vpc.default: Reading...

data.aws_vpc.default: Read complete after 1s [id=vpc-148d80bfe1c21df8d]

data.aws_security_group.default: Reading...

data.aws_security_group.default: Read complete after 0s [id=sg-1875ce1cc27de9330]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:

+ create

Terraform will perform the following actions:

# aws_instance.nautilus_ec2 will be created

+ resource "aws_instance" "nautilus_ec2" {

+ ami = "ami-0c101f26f147fa7fd"

+ arn = (known after apply)

+ associate_public_ip_address = (known after apply)

+ availability_zone = (known after apply)

+ cpu_core_count = (known after apply)

+ cpu_threads_per_core = (known after apply)

+ disable_api_stop = (known after apply)

+ disable_api_termination = (known after apply)

+ ebs_optimized = (known after apply)

+ enable_primary_ipv6 = (known after apply)

+ get_password_data = false

+ host_id = (known after apply)

+ host_resource_group_arn = (known after apply)

+ iam_instance_profile = (known after apply)

+ id = (known after apply)

+ instance_initiated_shutdown_behavior = (known after apply)

+ instance_lifecycle = (known after apply)

+ instance_state = (known after apply)

+ instance_type = "t2.micro"

+ ipv6_address_count = (known after apply)

+ ipv6_addresses = (known after apply)

+ key_name = "nautilus-kp"

+ monitoring = (known after apply)

+ outpost_arn = (known after apply)

+ password_data = (known after apply)

+ placement_group = (known after apply)

+ placement_partition_number = (known after apply)

+ primary_network_interface_id = (known after apply)

+ private_dns = (known after apply)

+ private_ip = (known after apply)

+ public_dns = (known after apply)

+ public_ip = (known after apply)

+ secondary_private_ips = (known after apply)

+ security_groups = [

+ "default",

]

+ source_dest_check = true

+ spot_instance_request_id = (known after apply)

+ subnet_id = (known after apply)

+ tags = {

+ "Name" = "nautilus-ec2"

}

+ tags_all = {

+ "Name" = "nautilus-ec2"

}

+ tenancy = (known after apply)

+ user_data = (known after apply)

+ user_data_base64 = (known after apply)

+ user_data_replace_on_change = false

+ vpc_security_group_ids = (known after apply)

+ capacity_reservation_specification (known after apply)

+ cpu_options (known after apply)

+ ebs_block_device (known after apply)

+ enclave_options (known after apply)

+ ephemeral_block_device (known after apply)

+ instance_market_options (known after apply)

+ maintenance_options (known after apply)

+ metadata_options (known after apply)

+ network_interface (known after apply)

+ private_dns_name_options (known after apply)

+ root_block_device (known after apply)

}

# aws_key_pair.nautilus_kp will be created

+ resource "aws_key_pair" "nautilus_kp" {

+ arn = (known after apply)

+ fingerprint = (known after apply)

+ id = (known after apply)

+ key_name = "nautilus-kp"

+ key_name_prefix = (known after apply)

+ key_pair_id = (known after apply)

+ key_type = (known after apply)

+ public_key = (known after apply)

+ tags_all = (known after apply)

}

# tls_private_key.nautilus_private_key will be created

+ resource "tls_private_key" "nautilus_private_key" {

+ algorithm = "RSA"

+ ecdsa_curve = "P224"

+ id = (known after apply)

+ private_key_openssh = (sensitive value)

+ private_key_pem = (sensitive value)

+ private_key_pem_pkcs8 = (sensitive value)

+ public_key_fingerprint_md5 = (known after apply)

+ public_key_fingerprint_sha256 = (known after apply)

+ public_key_openssh = (known after apply)

+ public_key_pem = (known after apply)

+ rsa_bits = 2048

}

Plan: 3 to add, 0 to change, 0 to destroy.

Changes to Outputs:

+ private_key_pem = (sensitive value)

Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply"

now.

bob@iac-server ~/terraform via 💠 default ➜ terraform apply

data.aws_vpc.default: Reading...

data.aws_vpc.default: Read complete after 0s [id=vpc-148d80bfe1c21df8d]

data.aws_security_group.default: Reading...

data.aws_security_group.default: Read complete after 0s [id=sg-1875ce1cc27de9330]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:

+ create

Terraform will perform the following actions:

# aws_instance.nautilus_ec2 will be created

+ resource "aws_instance" "nautilus_ec2" {

+ ami = "ami-0c101f26f147fa7fd"

+ arn = (known after apply)

+ associate_public_ip_address = (known after apply)

+ availability_zone = (known after apply)

+ cpu_core_count = (known after apply)

+ cpu_threads_per_core = (known after apply)

+ disable_api_stop = (known after apply)

+ disable_api_termination = (known after apply)

+ ebs_optimized = (known after apply)

+ enable_primary_ipv6 = (known after apply)

+ get_password_data = false

+ host_id = (known after apply)

+ host_resource_group_arn = (known after apply)

+ iam_instance_profile = (known after apply)

+ id = (known after apply)

+ instance_initiated_shutdown_behavior = (known after apply)

+ instance_lifecycle = (known after apply)

+ instance_state = (known after apply)

+ instance_type = "t2.micro"

+ ipv6_address_count = (known after apply)

+ ipv6_addresses = (known after apply)

+ key_name = "nautilus-kp"

+ monitoring = (known after apply)

+ outpost_arn = (known after apply)

+ password_data = (known after apply)

+ placement_group = (known after apply)

+ placement_partition_number = (known after apply)

+ primary_network_interface_id = (known after apply)

+ private_dns = (known after apply)

+ private_ip = (known after apply)

+ public_dns = (known after apply)

+ public_ip = (known after apply)

+ secondary_private_ips = (known after apply)

+ security_groups = [

+ "default",

]

+ source_dest_check = true

+ spot_instance_request_id = (known after apply)

+ subnet_id = (known after apply)

+ tags = {

+ "Name" = "nautilus-ec2"

}

+ tags_all = {

+ "Name" = "nautilus-ec2"

}

+ tenancy = (known after apply)

+ user_data = (known after apply)

+ user_data_base64 = (known after apply)

+ user_data_replace_on_change = false

+ vpc_security_group_ids = (known after apply)

+ capacity_reservation_specification (known after apply)

+ cpu_options (known after apply)

+ ebs_block_device (known after apply)

+ enclave_options (known after apply)

+ ephemeral_block_device (known after apply)

+ instance_market_options (known after apply)

+ maintenance_options (known after apply)

+ metadata_options (known after apply)

+ network_interface (known after apply)

+ private_dns_name_options (known after apply)

+ root_block_device (known after apply)

}

# aws_key_pair.nautilus_kp will be created

+ resource "aws_key_pair" "nautilus_kp" {

+ arn = (known after apply)

+ fingerprint = (known after apply)

+ id = (known after apply)

+ key_name = "nautilus-kp"

+ key_name_prefix = (known after apply)

+ key_pair_id = (known after apply)

+ key_type = (known after apply)

+ public_key = (known after apply)

+ tags_all = (known after apply)

}

# tls_private_key.nautilus_private_key will be created

+ resource "tls_private_key" "nautilus_private_key" {

+ algorithm = "RSA"

+ ecdsa_curve = "P224"

+ id = (known after apply)

+ private_key_openssh = (sensitive value)

+ private_key_pem = (sensitive value)

+ private_key_pem_pkcs8 = (sensitive value)

+ public_key_fingerprint_md5 = (known after apply)

+ public_key_fingerprint_sha256 = (known after apply)

+ public_key_openssh = (known after apply)

+ public_key_pem = (known after apply)

+ rsa_bits = 2048

}

Plan: 3 to add, 0 to change, 0 to destroy.

Changes to Outputs:

+ private_key_pem = (sensitive value)

Do you want to perform these actions?

Terraform will perform the actions described above.

Only 'yes' will be accepted to approve.

Enter a value: yes

tls_private_key.nautilus_private_key: Creating...

tls_private_key.nautilus_private_key: Creation complete after 1s [id=d3c5168ea3d2306dbc16811aa6733b1af08a99d3]

aws_key_pair.nautilus_kp: Creating...

aws_key_pair.nautilus_kp: Creation complete after 0s [id=nautilus-kp]

aws_instance.nautilus_ec2: Creating...

aws_instance.nautilus_ec2: Still creating... [10s elapsed]

aws_instance.nautilus_ec2: Creation complete after 10s [id=i-3a748ab26261982ad]

Apply complete! Resources: 3 added, 0 changed, 0 destroyed.

Outputs:

private_key_pem = <sensitive>

bob@iac-server ~/terraform via 💠 default ➜ terraform output -raw private_key_pem > /home/bob/nautilus-kp.pem

bob@iac-server ~/terraform via 💠 default ➜ chmod 600 /home/bob/nautilus-kp.pem

bob@iac-server ~/terraform via 💠 default ➜ aws ec2 describe-instances --filters "Name=tag:Name,Values=nautilus-ec2"

{

"Reservations": [

{

"ReservationId": "r-e59f22b427658c1b3",

"OwnerId": "000000000000",

"Groups": [],

"Instances": [

{

"Architecture": "x86_64",

"BlockDeviceMappings": [

{

"DeviceName": "/dev/sda1",

"Ebs": {

"AttachTime": "2025-05-29T09:26:41Z",

"DeleteOnTermination": true,

"Status": "in-use",

"VolumeId": "vol-b803c04032d5e3c5c"

}

"ClientToken": "ABCDE0000000000003",

"EbsOptimized": false,

"Hypervisor": "xen",

"NetworkInterfaces": [

{

"Association": {

"IpOwnerId": "000000000000",

"PublicIp": "54.214.202.227"

"Attachment": {

"AttachTime": "2015-01-01T00:00:00Z",

"AttachmentId": "eni-attach-ecc5f86c1270233b7",

"DeleteOnTermination": true,

"DeviceIndex": 0,

"Status": "attached"

"Description": "Primary network interface",

"Groups": [

{

"GroupId": "sg-1875ce1cc27de9330",

"GroupName": "default"

}

"MacAddress": "1b:2b:3c:4d:5e:6f",

"NetworkInterfaceId": "eni-7a2fb83ffcbed1cdc",

"OwnerId": "000000000000",

"PrivateIpAddress": "10.216.183.20",

"PrivateIpAddresses": [

{

"Association": {

"IpOwnerId": "000000000000",

"PublicIp": "54.214.202.227"

"Primary": true,

"PrivateIpAddress": "10.216.183.20"

}

"SourceDestCheck": true,

"Status": "in-use",

"SubnetId": "subnet-177bc9738cfecc467",

"VpcId": "vpc-148d80bfe1c21df8d"

}

"RootDeviceName": "/dev/sda1",

"RootDeviceType": "ebs",

"SecurityGroups": [

{

"GroupId": "sg-1875ce1cc27de9330",

"GroupName": "default"

}

"SourceDestCheck": true,

"StateReason": {

"Code": "",

"Message": ""

"Tags": [

{

"Key": "Name",

"Value": "nautilus-ec2"

}

"VirtualizationType": "paravirtual",

"HibernationOptions": {

"Configured": false

"InstanceId": "i-3a748ab26261982ad",

"ImageId": "ami-0c101f26f147fa7fd",

"State": {

"Code": 16,

"Name": "running"

"PrivateDnsName": "ip-10-216-183-20.ec2.internal",

"PublicDnsName": "ec2-54-214-202-227.compute-1.amazonaws.com",

"StateTransitionReason": "",

"KeyName": "nautilus-kp",

"AmiLaunchIndex": 0,

"InstanceType": "t2.micro",

"LaunchTime": "2025-05-29T09:26:41Z",

"Placement": {

"GroupName": "",

"Tenancy": "default",

"AvailabilityZone": "us-east-1a"

"KernelId": "None",

"Monitoring": {

"State": "disabled"

"SubnetId": "subnet-177bc9738cfecc467",

"VpcId": "vpc-148d80bfe1c21df8d",

"PrivateIpAddress": "10.216.183.20",

"PublicIpAddress": "54.214.202.227"

}

]

}

]

}

bob@iac-server ~/terraform via 💠 default ➜

Task: Create AMI Using Terraform

Date: 01June2025

1. For this task, create an AMI from an existing EC2 instance named datacenter-ec2 using Terraform.

2. Name of the AMI should be datacenter-ec2-ami, make sure AMI is in available state.

The Terraform working directory is /home/bob/terraform. Update the main.tf file (do not create a separate .tf file) to create the AMI.

Note: Right-click under the EXPLORER section in VS Code and select Open in Integrated Terminal to launch the terminal.

Solution:

bob@iac-server ~/terraform via 💠 default ➜ pwd

/home/bob/terraform

bob@iac-server ~/terraform via 💠 default ➜ cat main.tf

# Provision EC2 instance

resource "aws_instance" "ec2" {

ami = "ami-0c101f26f147fa7fd"

instance_type = "t2.micro"

vpc_security_group_ids = [

"sg-bd61ebd3f73870ece"

]

tags = {

Name = "datacenter-ec2"

}

bob@iac-server ~/terraform via 💠 default ➜ echo "After adding the code to main.tf file"

After adding the code to main.tf file

bob@iac-server ~/terraform via 💠 default ➜ cat main.tf

# Provision EC2 instance

resource "aws_instance" "ec2" {

ami = "ami-0c101f26f147fa7fd"

instance_type = "t2.micro"

vpc_security_group_ids = [

"sg-bd61ebd3f73870ece"

]

tags = {

Name = "datacenter-ec2"

}

# Create an AMI from the EC2 instance

resource "aws_ami_from_instance" "datacenter_ami" {

source_instance_id = aws_instance.ec2.id

name = "datacenter-ec2-ami"

description = "AMI created from datacenter-ec2 instance"

tags = {

Name = "datacenter-ec2-ami"

}

# Output the AMI ID

output "ami_id" {

value = aws_ami_from_instance.datacenter_ami.id

}

bob@iac-server ~/terraform via 💠 default ➜ terraform init

Initializing the backend...

Initializing provider plugins...

- Reusing previous version of hashicorp/aws from the dependency lock file

- Using previously-installed hashicorp/aws v5.91.0

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see

any changes that are required for your infrastructure. All Terraform commands

should now work.

If you ever set or change modules or backend configuration for Terraform,

rerun this command to reinitialize your working directory. If you forget, other

commands will detect it and remind you to do so if necessary.

bob@iac-server ~/terraform via 💠 default ➜ terraform validate

Success! The configuration is valid.

bob@iac-server ~/terraform via 💠 default ➜ terraform plan

aws_instance.ec2: Refreshing state... [id=i-3791371cd9d9a4d50]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:

+ create

Terraform will perform the following actions:

# aws_ami_from_instance.datacenter_ami will be created

+ resource "aws_ami_from_instance" "datacenter_ami" {

+ architecture = (known after apply)

+ arn = (known after apply)

+ boot_mode = (known after apply)

+ description = "AMI created from datacenter-ec2 instance"

+ ena_support = (known after apply)

+ hypervisor = (known after apply)

+ id = (known after apply)

+ image_location = (known after apply)

+ image_owner_alias = (known after apply)

+ image_type = (known after apply)

+ imds_support = (known after apply)

+ kernel_id = (known after apply)

+ manage_ebs_snapshots = (known after apply)

+ name = "datacenter-ec2-ami"

+ owner_id = (known after apply)

+ platform = (known after apply)

+ platform_details = (known after apply)

+ public = (known after apply)

+ ramdisk_id = (known after apply)

+ root_device_name = (known after apply)

+ root_snapshot_id = (known after apply)

+ source_instance_id = "i-3791371cd9d9a4d50"

+ sriov_net_support = (known after apply)

+ tags = {

+ "Name" = "datacenter-ec2-ami"

}

+ tags_all = {

+ "Name" = "datacenter-ec2-ami"

}

+ tpm_support = (known after apply)

+ uefi_data = (known after apply)

+ usage_operation = (known after apply)

+ virtualization_type = (known after apply)

+ ebs_block_device (known after apply)

+ ephemeral_block_device (known after apply)

}

Plan: 1 to add, 0 to change, 0 to destroy.

Changes to Outputs:

+ ami_id = (known after apply)

Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply"

now.

bob@iac-server ~/terraform via 💠 default ➜ terraform apply

aws_instance.ec2: Refreshing state... [id=i-3791371cd9d9a4d50]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:

+ create

Terraform will perform the following actions:

# aws_ami_from_instance.datacenter_ami will be created

+ resource "aws_ami_from_instance" "datacenter_ami" {

+ architecture = (known after apply)

+ arn = (known after apply)

+ boot_mode = (known after apply)

+ description = "AMI created from datacenter-ec2 instance"

+ ena_support = (known after apply)

+ hypervisor = (known after apply)

+ id = (known after apply)

+ image_location = (known after apply)

+ image_owner_alias = (known after apply)

+ image_type = (known after apply)

+ imds_support = (known after apply)

+ kernel_id = (known after apply)

+ manage_ebs_snapshots = (known after apply)

+ name = "datacenter-ec2-ami"

+ owner_id = (known after apply)

+ platform = (known after apply)

+ platform_details = (known after apply)

+ public = (known after apply)

+ ramdisk_id = (known after apply)

+ root_device_name = (known after apply)

+ root_snapshot_id = (known after apply)

+ source_instance_id = "i-3791371cd9d9a4d50"

+ sriov_net_support = (known after apply)

+ tags = {

+ "Name" = "datacenter-ec2-ami"

}

+ tags_all = {

+ "Name" = "datacenter-ec2-ami"

}

+ tpm_support = (known after apply)

+ uefi_data = (known after apply)

+ usage_operation = (known after apply)

+ virtualization_type = (known after apply)

+ ebs_block_device (known after apply)

+ ephemeral_block_device (known after apply)

}

Plan: 1 to add, 0 to change, 0 to destroy.

Changes to Outputs:

+ ami_id = (known after apply)

Do you want to perform these actions?

Terraform will perform the actions described above.

Only 'yes' will be accepted to approve.

Enter a value: yes

aws_ami_from_instance.datacenter_ami: Creating...

aws_ami_from_instance.datacenter_ami: Creation complete after 5s [id=ami-268413f50e093a447]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

Outputs:

ami_id = "ami-268413f50e093a447"

bob@iac-server ~/terraform via 💠 default ➜ aws ec2 describe-images --filters "Name=name,Values=datacenter-ec2-ami"

{

"Images": [

{

"BlockDeviceMappings": [

{

"Ebs": {

"DeleteOnTermination": false,

"SnapshotId": "snap-6f596d2ded64fa12b",

"VolumeSize": 15,

"VolumeType": "standard"

"DeviceName": "/dev/sda1"

}

"Description": "AMI created from datacenter-ec2 instance",

"Hypervisor": "xen",

"ImageOwnerAlias": "amazon",

"Name": "datacenter-ec2-ami",

"RootDeviceName": "/dev/sda1",

"RootDeviceType": "standard",

"Tags": [

{

"Key": "Name",

"Value": "datacenter-ec2-ami"

}

"VirtualizationType": "paravirtual",

"ImageId": "ami-268413f50e093a447",

"ImageLocation": "None",

"State": "available",

"OwnerId": "000000000000",

"CreationDate": "2025-06-01T06:49:10.000Z",

"Public": false,

"Architecture": "x86_64",

"ImageType": "machine",

"KernelId": "None",

"RamdiskId": "ari-1a2b3c4d"

}

]

}

bob@iac-server ~/terraform via 💠 default ➜

Task: Create EBS Volume Using Terraform

Date: 02July2025

For this task, create an AWS EBS volume using Terraform with the following requirements:

1. Name of the volume should be xfusion-volume.

2. Volume type must be gp3.

3. Volume size must be 2 GiB.

4. Ensure the volume is created in us-east-1.

Solution:

bob@iac-server ~/terraform via 💠 default ➜ pwd

/home/bob/terraform

bob@iac-server ~/terraform via 💠 default ➜ cat main.tf

# Create an EBS volume

resource "aws_ebs_volume" "xfusion_volume" {

availability_zone = "us-east-1a" # Specify an availability zone in the region

size = 2 # Volume size in GiB

type = "gp3" # Volume type

tags = {

Name = "xfusion-volume"

}

# Output the Volume ID

output "volume_id" {

value = aws_ebs_volume.xfusion_volume.id

}

bob@iac-server ~/terraform via 💠 default ➜ terraform init

Initializing the backend...

Initializing provider plugins...

- Finding hashicorp/aws versions matching "5.91.0"...

- Installing hashicorp/aws v5.91.0...

- Installed hashicorp/aws v5.91.0 (signed by HashiCorp)

Terraform has created a lock file .terraform.lock.hcl to record the provider

selections it made above. Include this file in your version control repository

so that Terraform can guarantee to make the same selections by default when

you run "terraform init" in the future.

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see

any changes that are required for your infrastructure. All Terraform commands

should now work.

If you ever set or change modules or backend configuration for Terraform,

rerun this command to reinitialize your working directory. If you forget, other

commands will detect it and remind you to do so if necessary.

bob@iac-server ~/terraform via 💠 default ➜ terraform validate

Success! The configuration is valid.

bob@iac-server ~/terraform via 💠 default ➜ terraform plan

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:

+ create

Terraform will perform the following actions:

# aws_ebs_volume.xfusion_volume will be created

+ resource "aws_ebs_volume" "xfusion_volume" {

+ arn = (known after apply)

+ availability_zone = "us-east-1a"

+ encrypted = (known after apply)

+ final_snapshot = false

+ id = (known after apply)

+ iops = (known after apply)

+ kms_key_id = (known after apply)

+ size = 2

+ snapshot_id = (known after apply)

+ tags = {

+ "Name" = "xfusion-volume"

}

+ tags_all = {

+ "Name" = "xfusion-volume"

}

+ throughput = (known after apply)

+ type = "gp3"

}

Plan: 1 to add, 0 to change, 0 to destroy.

Changes to Outputs:

+ volume_id = (known after apply)

Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply"

now.

bob@iac-server ~/terraform via 💠 default ➜ terraform apply

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:

+ create

Terraform will perform the following actions:

# aws_ebs_volume.xfusion_volume will be created

+ resource "aws_ebs_volume" "xfusion_volume" {

+ arn = (known after apply)

+ availability_zone = "us-east-1a"

+ encrypted = (known after apply)

+ final_snapshot = false

+ id = (known after apply)

+ iops = (known after apply)

+ kms_key_id = (known after apply)

+ size = 2

+ snapshot_id = (known after apply)

+ tags = {

+ "Name" = "xfusion-volume"

}

+ tags_all = {

+ "Name" = "xfusion-volume"

}

+ throughput = (known after apply)

+ type = "gp3"

}

Plan: 1 to add, 0 to change, 0 to destroy.

Changes to Outputs:

+ volume_id = (known after apply)

Do you want to perform these actions?

Terraform will perform the actions described above.

Only 'yes' will be accepted to approve.

Enter a value: yes

aws_ebs_volume.xfusion_volume: Creating...

aws_ebs_volume.xfusion_volume: Still creating... [10s elapsed]

aws_ebs_volume.xfusion_volume: Creation complete after 12s [id=vol-a1d396e30dd722be7]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

Outputs:

volume_id = "vol-a1d396e30dd722be7"

bob@iac-server ~/terraform via 💠 default ➜ aws ec2 describe-volumes --filters "Name=tag:Name,Values=xfusion-volume"

{

"Volumes": [

{

"Iops": 3000,

"Tags": [

{

"Key": "Name",

"Value": "xfusion-volume"

}

"VolumeType": "gp3",

"VolumeId": "vol-a1d396e30dd722be7",

"Size": 2,

"SnapshotId": "",

"AvailabilityZone": "us-east-1a",

"State": "available",

"CreateTime": "2025-06-02T15:09:03Z",

"Attachments": [],

"Encrypted": false

}

]

}

bob@iac-server ~/terraform via 💠 default ➜

Task: Create Snapshot Using Terraform

Date: 24June2025

The Nautilus DevOps team has some volumes in different regions in their AWS account. They are going to setup some automated backups so that all important data can be backed up on regular basis. For now they shared some requirements to take a snapshot of one of the volumes they have.

Create a snapshot of an existing volume named nautilus-vol in us-east-1 region using terraform.

1) The name of the snapshot must be nautilus-vol-ss.

2) The description must be Nautilus Snapshot.

3) Make sure the snapshot status is completed before submitting the task.

The Terraform working directory is /home/bob/terraform. Update the main.tf file (do not create a separate .tf file) to accomplish this task.

Solution: Before starting main.tf file

bob@iac-server ~/terraform via 💠 default ➜ cat main.tf

resource "aws_ebs_volume" "k8s_volume" {

availability_zone = "us-east-1a"

size = 5

type = "gp2"

tags = {

Name = "nautilus-vol"

}

bob@iac-server ~/terraform via 💠 default ➜ pwd

/home/bob/terraform

bob@iac-server ~/terraform via 💠 default ✖ cat main.tf

resource "aws_ebs_volume" "k8s_volume" {

availability_zone = "us-east-1a"

size = 5

type = "gp2"

tags = {

Name = "nautilus-vol"

}

# Create a snapshot of the existing volume

resource "aws_ebs_snapshot" "nautilus_snapshot" {

volume_id = aws_ebs_volume.k8s_volume.id

description = "Nautilus Snapshot"

tags = {

Name = "nautilus-vol-ss"

}

# Output the Snapshot ID

output "snapshot_id" {

value = aws_ebs_snapshot.nautilus_snapshot.id

}

bob@iac-server ~/terraform via 💠 default ➜ terraform init

Initializing the backend...

Initializing provider plugins...

- Reusing previous version of hashicorp/aws from the dependency lock file

- Using previously-installed hashicorp/aws v5.91.0

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see

any changes that are required for your infrastructure. All Terraform commands

should now work.

If you ever set or change modules or backend configuration for Terraform,

rerun this command to reinitialize your working directory. If you forget, other

commands will detect it and remind you to do so if necessary.

bob@iac-server ~/terraform via 💠 default ➜ terraform validate

Success! The configuration is valid.

bob@iac-server ~/terraform via 💠 default ➜ terraform plan

aws_ebs_volume.k8s_volume: Refreshing state... [id=vol-b4a4cb483576edeae]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:

+ create

Terraform will perform the following actions:

# aws_ebs_snapshot.nautilus_snapshot will be created

+ resource "aws_ebs_snapshot" "nautilus_snapshot" {

+ arn = (known after apply)

+ data_encryption_key_id = (known after apply)

+ description = "Nautilus Snapshot"

+ encrypted = (known after apply)

+ id = (known after apply)

+ kms_key_id = (known after apply)

+ owner_alias = (known after apply)

+ owner_id = (known after apply)

+ storage_tier = (known after apply)

+ tags = {

+ "Name" = "nautilus-vol-ss"

}

+ tags_all = {

+ "Name" = "nautilus-vol-ss"

}

+ volume_id = "vol-b4a4cb483576edeae"

+ volume_size = (known after apply)

}

Plan: 1 to add, 0 to change, 0 to destroy.

Changes to Outputs:

+ snapshot_id = (known after apply)

Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply"

now.

bob@iac-server ~/terraform via 💠 default ➜ terraform apply

aws_ebs_volume.k8s_volume: Refreshing state... [id=vol-b4a4cb483576edeae]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:

+ create

Terraform will perform the following actions:

# aws_ebs_snapshot.nautilus_snapshot will be created

+ resource "aws_ebs_snapshot" "nautilus_snapshot" {

+ arn = (known after apply)

+ data_encryption_key_id = (known after apply)

+ description = "Nautilus Snapshot"

+ encrypted = (known after apply)

+ id = (known after apply)

+ kms_key_id = (known after apply)

+ owner_alias = (known after apply)

+ owner_id = (known after apply)

+ storage_tier = (known after apply)

+ tags = {

+ "Name" = "nautilus-vol-ss"

}

+ tags_all = {

+ "Name" = "nautilus-vol-ss"

}

+ volume_id = "vol-b4a4cb483576edeae"

+ volume_size = (known after apply)

}

Plan: 1 to add, 0 to change, 0 to destroy.

Changes to Outputs:

+ snapshot_id = (known after apply)

Do you want to perform these actions?

Terraform will perform the actions described above.

Only 'yes' will be accepted to approve.

Enter a value: yes

aws_ebs_snapshot.nautilus_snapshot: Creating...

aws_ebs_snapshot.nautilus_snapshot: Creation complete after 0s [id=snap-66b94c6855e20884b]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

Outputs:

snapshot_id = "snap-66b94c6855e20884b"

bob@iac-server ~/terraform via 💠 default ➜ aws ec2 describe-snapshots --filters "Name=tag:Name,Values=nautilus-vol-ss" --query "Snapshots[*].State"

[

"completed"

]

bob@iac-server ~/terraform via 💠 default ➜

CentOS-Linux4U

Kode Kloud: Terraform

Task: Create VPC with CIDR Using Terraform
Date: 15 May 2025

No comments:

Post a Comment

Kode Kloud: Terraform

Task: Create VPC with CIDR Using TerraformDate: 15 May 2025

No comments:

Post a Comment

Task: Create VPC with CIDR Using Terraform
Date: 15 May 2025