Kode Kloud: Terraform

Task: Create Key Pair Using Terraform 
Date: 06May2025
The Nautilus DevOps team is strategizing the migration of a portion of their infrastructure to the AWS cloud. Recognizing the scale of this undertaking, they have opted to approach the migration in incremental steps rather than as a single massive transition. To achieve this, they have segmented large tasks into smaller, more manageable units. This granular approach enables the team to execute the migration in gradual phases, ensuring smoother implementation and minimizing disruption to ongoing operations. By breaking down the migration into smaller tasks, the Nautilus DevOps team can systematically progress through each stage, allowing for better control, risk mitigation, and optimization of resources throughout the migration process.
For this task, create a key pair using Terraform with the following requirements:
  • Name of the key pair should be devops-kp.
  • Key pair type must be rsa.
  • The private key file should be saved under /home/bob.
The Terraform working directory is /home/bob/terraform. Create the main.tf file (do not create a different .tf file) to accomplish this task.
Note: Right-click under the EXPLORER section in VS Code and select Open in Integrated Terminal to launch the terminal.

Solution: 
Create main.tf file. 

# cd /home/bob/terraform
# vi main.tf
resource "tls_private_key" "nautilus_private_key" {
  algorithm = "RSA"
  rsa_bits  = 2048
}
resource "aws_key_pair" "nautilus_kp" {
  key_name   = "nautilus-kp"
  public_key = tls_private_key.nautilus_private_key.public_key_openssh
}
output "private_key_pem" {
  value      = tls_private_key.nautilus_private_key.private_key_pem
  sensitive  = true
}
output "key_pair_name" {
  value = aws_key_pair.nautilus_kp.key_name
}

bob@iac-server ~/terraform via 💠 default ✖ terraform init 
Initializing the backend...
Initializing provider plugins...
- Finding hashicorp/aws versions matching "5.91.0"...
- Finding latest version of hashicorp/tls...
- Installing hashicorp/aws v5.91.0...
- Installed hashicorp/aws v5.91.0 (signed by HashiCorp)
- Installing hashicorp/tls v4.1.0...
- Installed hashicorp/tls v4.1.0 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
bob@iac-server ~/terraform via 💠 default ➜  terraform validate
Success! The configuration is valid.

bob@iac-server ~/terraform via 💠 default ➜  terraform plan
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create
Terraform will perform the following actions:
  # aws_key_pair.nautilus_kp will be created
  + resource "aws_key_pair" "nautilus_kp" {
      + arn             = (known after apply)
      + fingerprint     = (known after apply)
      + id              = (known after apply)
      + key_name        = "nautilus-kp"
      + key_name_prefix = (known after apply)
      + key_pair_id     = (known after apply)
      + key_type        = (known after apply)
      + public_key      = (known after apply)
      + tags_all        = (known after apply)
    }
  # tls_private_key.nautilus_private_key will be created
  + resource "tls_private_key" "nautilus_private_key" {
      + algorithm                     = "RSA"
      + ecdsa_curve                   = "P224"
      + id                            = (known after apply)
      + private_key_openssh           = (sensitive value)
      + private_key_pem               = (sensitive value)
      + private_key_pem_pkcs8         = (sensitive value)
      + public_key_fingerprint_md5    = (known after apply)
      + public_key_fingerprint_sha256 = (known after apply)
      + public_key_openssh            = (known after apply)
      + public_key_pem                = (known after apply)
      + rsa_bits                      = 2048
    }
Plan: 2 to add, 0 to change, 0 to destroy.
Changes to Outputs:
  + key_pair_name   = "nautilus-kp"
  + private_key_pem = (sensitive value)
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply"
now.
bob@iac-server ~/terraform via 💠 default ➜  terraform apply 
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create
Terraform will perform the following actions:
  # aws_key_pair.nautilus_kp will be created
  + resource "aws_key_pair" "nautilus_kp" {
      + arn             = (known after apply)
      + fingerprint     = (known after apply)
      + id              = (known after apply)
      + key_name        = "nautilus-kp"
      + key_name_prefix = (known after apply)
      + key_pair_id     = (known after apply)
      + key_type        = (known after apply)
      + public_key      = (known after apply)
      + tags_all        = (known after apply)
    }
  # tls_private_key.nautilus_private_key will be created
  + resource "tls_private_key" "nautilus_private_key" {
      + algorithm                     = "RSA"
      + ecdsa_curve                   = "P224"
      + id                            = (known after apply)
      + private_key_openssh           = (sensitive value)
      + private_key_pem               = (sensitive value)
      + private_key_pem_pkcs8         = (sensitive value)
      + public_key_fingerprint_md5    = (known after apply)
      + public_key_fingerprint_sha256 = (known after apply)
      + public_key_openssh            = (known after apply)
      + public_key_pem                = (known after apply)
      + rsa_bits                      = 2048
    }
Plan: 2 to add, 0 to change, 0 to destroy.
Changes to Outputs:
  + key_pair_name   = "nautilus-kp"
  + private_key_pem = (sensitive value)
Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.
  Enter a value: yes
tls_private_key.nautilus_private_key: Creating...
tls_private_key.nautilus_private_key: Creation complete after 0s [id=1aaa475d1581e8114fd44282e84ef1d6e11768f5]
aws_key_pair.nautilus_kp: Creating...
aws_key_pair.nautilus_kp: Creation complete after 2s [id=nautilus-kp]
Apply complete! Resources: 2 added, 0 changed, 0 destroyed.
Outputs:
key_pair_name = "nautilus-kp"
private_key_pem = <sensitive>

Save the Private Key Locally
bob@iac-server ~/terraform via 💠 default ➜  terraform output -raw private_key_pem > /home/bob/nautilus-kp.pem
bob@iac-server ~/terraform via 💠 default ➜  chmod 600 /home/bob/nautilus-kp.pem
bob@iac-server ~/terraform via 💠 default ➜  aws ec2 describe-key-pairs --key-name nautilus-kp
{
    "KeyPairs": [
        {
            "KeyPairId": "key-3e5a23b1f0a2e53a4",
            "CreateTime": "2025-05-06T11:07:30.973000Z",
            "KeyName": "nautilus-kp",
            "KeyFingerprint": "70:44:7e:3a:08:1f:01:1e:bd:8e:c6:6f:eb:71:fb:5a"
        }
    ]
}
bob@iac-server ~/terraform via 💠 default ➜  ls /home/bob/
.aws/                .bashrc              .config/             .profile             .vscode/             nautilus-kp.pem   .bash_logout         .cache/              .local/              .terraform.d/        .vscode-terminal.sh  terraform/
bob@iac-server ~/terraform via 💠 default ➜ 


Task: Create Security Group Using Terraform 
Date: 06May2025
The Nautilus DevOps team is strategizing the migration of a portion of their infrastructure to the AWS cloud. Recognizing the scale of this undertaking, they have opted to approach the migration in incremental steps rather than as a single massive transition. To achieve this, they have segmented large tasks into smaller, more manageable units. This granular approach enables the team to execute the migration in gradual phases, ensuring smoother implementation and minimizing disruption to ongoing operations. By breaking down the migration into smaller tasks, the Nautilus DevOps team can systematically progress through each stage, allowing for better control, risk mitigation, and optimization of resources throughout the migration process.
Use Terraform to create a security group under the default VPC with the following requirements:
1) The name of the security group must be devops-sg.
2) The description must be Security group for Nautilus App Servers.
3) Add an inbound rule of type HTTP, with a port range of 80, and source CIDR range 0.0.0.0/0.
4) Add another inbound rule of type SSH, with a port range of 22, and source CIDR range 0.0.0.0/0.
Ensure that the security group is created in the us-east-1 region using Terraform. The Terraform working directory is /home/bob/terraform. Create the main.tf file (do not create a different .tf file) to accomplish this task.

Note: Right-click under the EXPLORER section in VS Code and select Open in Integrated Terminal to launch the terminal.

Solution: 

bob@iac-server ~/terraform via 💠 default ➜  pwd
/home/bob/terraform
bob@iac-server ~/terraform via 💠 default ➜ vi main.tf
resource "aws_security_group" "devops_sg" {
  name        = "devops-sg"
  description = "Security group for Nautilus App Servers"
  vpc_id      = data.aws_vpc.default.id

  ingress {
    description = "Allow HTTP traffic"
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"] # Replace 0.0.0.0 with the actual IP address
  }

  ingress {
    description = "Allow SSH traffic"
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"] # Replace 0.0.0.0 with the actual IP address
  }

  egress {
    description = "Allow all outbound traffic"
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }

  tags = {
    Name = "devops-sg"
  }
}

data "aws_vpc" "default" {
  default = true
}

bob@iac-server ~/terraform via 💠 default ➜  terraform init 
Initializing the backend...
Initializing provider plugins...
- Finding hashicorp/aws versions matching "5.91.0"...
- Installing hashicorp/aws v5.91.0...
- Installed hashicorp/aws v5.91.0 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

bob@iac-server ~/terraform via 💠 default ➜  terraform validate
Success! The configuration is valid.


bob@iac-server ~/terraform via 💠 default ➜  terraform plan
data.aws_vpc.default: Reading...
data.aws_vpc.default: Read complete after 2s [id=vpc-adf2d958aae8f02c5]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_security_group.devops_sg will be created
  + resource "aws_security_group" "devops_sg" {
      + arn                    = (known after apply)
      + description            = "Security group for Nautilus App Servers"
      + egress                 = [
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + description      = "Allow all outbound traffic"
              + from_port        = 0
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "-1"
              + security_groups  = []
              + self             = false
              + to_port          = 0
            },
        ]
      + id                     = (known after apply)
      + ingress                = [
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + description      = "Allow HTTP traffic"
              + from_port        = 80
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 80
            },
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + description      = "Allow SSH traffic"
              + from_port        = 22
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 22
            },
        ]
      + name                   = "devops-sg"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "Name" = "devops-sg"
        }
      + tags_all               = {
          + "Name" = "devops-sg"
        }
      + vpc_id                 = "vpc-adf2d958aae8f02c5"
    }

Plan: 1 to add, 0 to change, 0 to destroy.

───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply"
now.

bob@iac-server ~/terraform via 💠 default ➜  terraform apply
data.aws_vpc.default: Reading...
data.aws_vpc.default: Read complete after 0s [id=vpc-adf2d958aae8f02c5]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_security_group.devops_sg will be created
  + resource "aws_security_group" "devops_sg" {
      + arn                    = (known after apply)
      + description            = "Security group for Nautilus App Servers"
      + egress                 = [
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + description      = "Allow all outbound traffic"
              + from_port        = 0
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "-1"
              + security_groups  = []
              + self             = false
              + to_port          = 0
            },
        ]
      + id                     = (known after apply)
      + ingress                = [
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + description      = "Allow HTTP traffic"
              + from_port        = 80
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 80
            },
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + description      = "Allow SSH traffic"
              + from_port        = 22
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 22
            },
        ]
      + name                   = "devops-sg"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "Name" = "devops-sg"
        }
      + tags_all               = {
          + "Name" = "devops-sg"
        }
      + vpc_id                 = "vpc-adf2d958aae8f02c5"
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

aws_security_group.devops_sg: Creating...
aws_security_group.devops_sg: Creation complete after 0s [id=sg-9ee7bf73d93591307]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

bob@iac-server ~/terraform via 💠 default ➜  aws ec2 describe-security-groups --group-names devops-sg
{
    "SecurityGroups": [
        {
            "GroupId": "sg-9ee7bf73d93591307",
            "IpPermissionsEgress": [
                {
                    "IpProtocol": "-1",
                    "UserIdGroupPairs": [],
                    "IpRanges": [
                        {
                            "Description": "Allow all outbound traffic",
                            "CidrIp": "0.0.0.0/0"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": []
                }
            ],
            "Tags": [
                {
                    "Key": "Name",
                    "Value": "devops-sg"
                }
            ],
            "VpcId": "vpc-adf2d958aae8f02c5",
            "SecurityGroupArn": "arn:aws:ec2:us-east-1:000000000000:security-group/sg-9ee7bf73d93591307",
            "OwnerId": "000000000000",
            "GroupName": "devops-sg",
            "Description": "Security group for Nautilus App Servers",
            "IpPermissions": [
                {
                    "IpProtocol": "tcp",
                    "FromPort": 22,
                    "ToPort": 22,
                    "UserIdGroupPairs": [],
                    "IpRanges": [
                        {
                            "Description": "Allow SSH traffic",
                            "CidrIp": "0.0.0.0/0"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": []
                },
                {
                    "IpProtocol": "tcp",
                    "FromPort": 80,
                    "ToPort": 80,
                    "UserIdGroupPairs": [],
                    "IpRanges": [
                        {
                            "Description": "Allow HTTP traffic",
                            "CidrIp": "0.0.0.0/0"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": []
                }
            ]
        }
    ]
}

bob@iac-server ~/terraform via 💠 default ➜  


Tasks: Create VPC Using Terraform
Date: 11 May 2025

The Nautilus DevOps team is strategizing the migration of a portion of their infrastructure to the AWS cloud. Recognizing the scale of this undertaking, they have opted to approach the migration in incremental steps rather than as a single massive transition. To achieve this, they have segmented large tasks into smaller, more manageable units. This granular approach enables the team to execute the migration in gradual phases, ensuring smoother implementation and minimizing disruption to ongoing operations. By breaking down the migration into smaller tasks, the Nautilus DevOps team can systematically progress through each stage, allowing for better control, risk mitigation, and optimization of resources throughout the migration process.

> Create a VPC named devops-vpc in region us-east-1 with any IPv4 CIDR block through terraform.
> The Terraform working directory is /home/bob/terraform. Create the main.tf file (do not create a different .tf file) to accomplish this task.

Note: Right-click under the EXPLORER section in VS Code and select Open in Integrated Terminal to launch the terminal.

Solution: 
bob@iac-server ~/terraform via 💠 default ➜  pwd
/home/bob/terraform

bob@iac-server ~/terraform via 💠 default ➜  ls
README.MD  main.tf  provider.tf

bob@iac-server ~/terraform via 💠 default ➜  cat main.tf 
resource "aws_vpc" "devops_vpc" {
  cidr_block           = "10.0.0.0/16" # Replace this with your desired IPv4 CIDR block
  enable_dns_support   = true
  enable_dns_hostnames = true
  tags = {
    Name = "devops-vpc"
  }
}


bob@iac-server ~/terraform via 💠 default ➜  terraform init 
Initializing the backend...
Initializing provider plugins...
- Finding hashicorp/aws versions matching "5.91.0"...
- Installing hashicorp/aws v5.91.0...
- Installed hashicorp/aws v5.91.0 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

bob@iac-server ~/terraform via 💠 default ➜  terraform validate
Success! The configuration is valid.


bob@iac-server ~/terraform via 💠 default ➜  terraform plan

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_vpc.devops_vpc will be created
  + resource "aws_vpc" "devops_vpc" {
      + arn                                  = (known after apply)
      + cidr_block                           = "10.0.0.0/16"
      + default_network_acl_id               = (known after apply)
      + default_route_table_id               = (known after apply)
      + default_security_group_id            = (known after apply)
      + dhcp_options_id                      = (known after apply)
      + enable_dns_hostnames                 = true
      + enable_dns_support                   = true
      + enable_network_address_usage_metrics = (known after apply)
      + id                                   = (known after apply)
      + instance_tenancy                     = "default"
      + ipv6_association_id                  = (known after apply)
      + ipv6_cidr_block                      = (known after apply)
      + ipv6_cidr_block_network_border_group = (known after apply)
      + main_route_table_id                  = (known after apply)
      + owner_id                             = (known after apply)
      + tags                                 = {
          + "Name" = "devops-vpc"
        }
      + tags_all                             = {
          + "Name" = "devops-vpc"
        }
    }

Plan: 1 to add, 0 to change, 0 to destroy.

───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply"
now.

bob@iac-server ~/terraform via 💠 default ➜  terraform apply

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_vpc.devops_vpc will be created
  + resource "aws_vpc" "devops_vpc" {
      + arn                                  = (known after apply)
      + cidr_block                           = "10.0.0.0/16"
      + default_network_acl_id               = (known after apply)
      + default_route_table_id               = (known after apply)
      + default_security_group_id            = (known after apply)
      + dhcp_options_id                      = (known after apply)
      + enable_dns_hostnames                 = true
      + enable_dns_support                   = true
      + enable_network_address_usage_metrics = (known after apply)
      + id                                   = (known after apply)
      + instance_tenancy                     = "default"
      + ipv6_association_id                  = (known after apply)
      + ipv6_cidr_block                      = (known after apply)
      + ipv6_cidr_block_network_border_group = (known after apply)
      + main_route_table_id                  = (known after apply)
      + owner_id                             = (known after apply)
      + tags                                 = {
          + "Name" = "devops-vpc"
        }
      + tags_all                             = {
          + "Name" = "devops-vpc"
        }
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

aws_vpc.devops_vpc: Creating...
aws_vpc.devops_vpc: Still creating... [10s elapsed]
aws_vpc.devops_vpc: Creation complete after 11s [id=vpc-b51761788020b0253]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

bob@iac-server ~/terraform via 💠 default ➜  aws ec2 describe-vpcs-filters "Name=tag:Name,Values=devops-vpc"
Note: AWS CLI version 2, the latest major version of the AWS CLI, is now stable and recommended for general use. For more information, see the AWS CLI version 2 installation instructions at: https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html

usage: aws [options] <command> <subcommand> [<subcommand> ...] [parameters]
To see help text, you can run:

  aws help
  aws <command> help
  aws <command> <subcommand> help
aws: error: argument operation: Invalid choice, valid choices are:

accept-address-transfer                  | accept-capacity-reservation-billing-ownership
accept-reserved-instances-exchange-quote | accept-transit-gateway-multicast-domain-associations
accept-transit-gateway-peering-attachment | accept-transit-gateway-vpc-attachment   
accept-vpc-endpoint-connections          | accept-vpc-peering-connection           
advertise-byoip-cidr                     | allocate-address                        
allocate-hosts                           | allocate-ipam-pool-cidr                 
apply-security-groups-to-client-vpn-target-network | assign-ipv6-addresses                   
assign-private-ip-addresses              | assign-private-nat-gateway-address      
associate-address                        | associate-capacity-reservation-billing-owner
associate-client-vpn-target-network      | associate-dhcp-options                  
associate-enclave-certificate-iam-role   | associate-iam-instance-profile          
associate-instance-event-window          | associate-ipam-byoasn                   
associate-ipam-resource-discovery        | associate-nat-gateway-address           
associate-route-server                   | associate-route-table                   
associate-security-group-vpc             | associate-subnet-cidr-block             
associate-transit-gateway-multicast-domain | associate-transit-gateway-policy-table  
associate-transit-gateway-route-table    | associate-trunk-interface               
associate-vpc-cidr-block                 | attach-classic-link-vpc                 
attach-internet-gateway                  | attach-network-interface                
attach-verified-access-trust-provider    | attach-volume                           
attach-vpn-gateway                       | authorize-client-vpn-ingress            
authorize-security-group-egress          | authorize-security-group-ingress        
bundle-instance                          | cancel-bundle-task                      
cancel-capacity-reservation              | cancel-capacity-reservation-fleets      
cancel-conversion-task                   | cancel-declarative-policies-report      
cancel-export-task                       | cancel-image-launch-permission          
cancel-import-task                       | cancel-reserved-instances-listing       
cancel-spot-fleet-requests               | cancel-spot-instance-requests           
confirm-product-instance                 | copy-fpga-image                         
copy-image                               | copy-snapshot                           
create-capacity-reservation              | create-capacity-reservation-by-splitting
create-capacity-reservation-fleet        | create-carrier-gateway                  
create-client-vpn-endpoint               | create-client-vpn-route                 
create-coip-cidr                         | create-coip-pool                        
create-customer-gateway                  | create-default-subnet                   
create-default-vpc                       | create-dhcp-options                     
create-egress-only-internet-gateway      | create-fleet                            
create-flow-logs                         | create-fpga-image                       
create-image                             | create-instance-connect-endpoint        
create-instance-event-window             | create-instance-export-task             
create-internet-gateway                  | create-ipam                             
create-ipam-external-resource-verification-token | create-ipam-pool                        
create-ipam-resource-discovery           | create-ipam-scope                       
create-key-pair                          | create-launch-template                  
create-launch-template-version           | create-local-gateway-route              
create-local-gateway-route-table         | create-local-gateway-route-table-virtual-interface-group-association
create-local-gateway-route-table-vpc-association | create-managed-prefix-list              
create-nat-gateway                       | create-network-acl                      
create-network-acl-entry                 | create-network-insights-access-scope    
create-network-insights-path             | create-network-interface                
create-network-interface-permission      | create-placement-group                  
create-public-ipv4-pool                  | create-replace-root-volume-task         
create-reserved-instances-listing        | create-restore-image-task               
create-route                             | create-route-server                     
create-route-server-endpoint             | create-route-server-peer                
create-route-table                       | create-security-group                   
create-snapshot                          | create-snapshots                        
create-spot-datafeed-subscription        | create-store-image-task                 
create-subnet                            | create-subnet-cidr-reservation          
create-tags                              | create-traffic-mirror-filter            
create-traffic-mirror-filter-rule        | create-traffic-mirror-session           
create-traffic-mirror-target             | create-transit-gateway                  
create-transit-gateway-connect           | create-transit-gateway-connect-peer     
create-transit-gateway-multicast-domain  | create-transit-gateway-peering-attachment
create-transit-gateway-policy-table      | create-transit-gateway-prefix-list-reference
create-transit-gateway-route             | create-transit-gateway-route-table      
create-transit-gateway-route-table-announcement | create-transit-gateway-vpc-attachment   
create-verified-access-endpoint          | create-verified-access-group            
create-verified-access-instance          | create-verified-access-trust-provider   
create-volume                            | create-vpc                              
create-vpc-block-public-access-exclusion | create-vpc-endpoint                     
create-vpc-endpoint-connection-notification | create-vpc-endpoint-service-configuration
create-vpc-peering-connection            | create-vpn-connection                   
create-vpn-connection-route              | create-vpn-gateway                      
delete-carrier-gateway                   | delete-client-vpn-endpoint              
delete-client-vpn-route                  | delete-coip-cidr                        
delete-coip-pool                         | delete-customer-gateway                 
delete-dhcp-options                      | delete-egress-only-internet-gateway     
delete-fleets                            | delete-flow-logs                        
delete-fpga-image                        | delete-instance-connect-endpoint        
delete-instance-event-window             | delete-internet-gateway                 
delete-ipam                              | delete-ipam-external-resource-verification-token
delete-ipam-pool                         | delete-ipam-resource-discovery          
delete-ipam-scope                        | delete-key-pair                         
delete-launch-template                   | delete-launch-template-versions         
delete-local-gateway-route               | delete-local-gateway-route-table        
delete-local-gateway-route-table-virtual-interface-group-association | delete-local-gateway-route-table-vpc-association
delete-managed-prefix-list               | delete-nat-gateway                      
delete-network-acl                       | delete-network-acl-entry                
delete-network-insights-access-scope     | delete-network-insights-access-scope-analysis
delete-network-insights-analysis         | delete-network-insights-path            
delete-network-interface                 | delete-network-interface-permission     
delete-placement-group                   | delete-public-ipv4-pool                 
delete-queued-reserved-instances         | delete-route                            
delete-route-server                      | delete-route-server-endpoint            
delete-route-server-peer                 | delete-route-table                      
delete-security-group                    | delete-snapshot                         
delete-spot-datafeed-subscription        | delete-subnet                           
delete-subnet-cidr-reservation           | delete-tags                             
delete-traffic-mirror-filter             | delete-traffic-mirror-filter-rule       
delete-traffic-mirror-session            | delete-traffic-mirror-target            
delete-transit-gateway                   | delete-transit-gateway-connect          
delete-transit-gateway-connect-peer      | delete-transit-gateway-multicast-domain 
delete-transit-gateway-peering-attachment | delete-transit-gateway-policy-table     
delete-transit-gateway-prefix-list-reference | delete-transit-gateway-route            
delete-transit-gateway-route-table       | delete-transit-gateway-route-table-announcement
delete-transit-gateway-vpc-attachment    | delete-verified-access-endpoint         
delete-verified-access-group             | delete-verified-access-instance         
delete-verified-access-trust-provider    | delete-volume                           
delete-vpc                               | delete-vpc-block-public-access-exclusion
delete-vpc-endpoint-connection-notifications | delete-vpc-endpoint-service-configurations
delete-vpc-endpoints                     | delete-vpc-peering-connection           
delete-vpn-connection                    | delete-vpn-connection-route             
delete-vpn-gateway                       | deprovision-byoip-cidr                  
deprovision-ipam-byoasn                  | deprovision-ipam-pool-cidr              
deprovision-public-ipv4-pool-cidr        | deregister-image                        
deregister-instance-event-notification-attributes | deregister-transit-gateway-multicast-group-members
deregister-transit-gateway-multicast-group-sources | describe-account-attributes             
describe-address-transfers               | describe-addresses                      
describe-addresses-attribute             | describe-aggregate-id-format            
describe-availability-zones              | describe-aws-network-performance-metric-subscriptions
describe-bundle-tasks                    | describe-byoip-cidrs                    
describe-capacity-block-extension-history | describe-capacity-block-extension-offerings
describe-capacity-block-offerings        | describe-capacity-reservation-billing-requests
describe-capacity-reservation-fleets     | describe-capacity-reservations          
describe-carrier-gateways                | describe-classic-link-instances         
describe-client-vpn-authorization-rules  | describe-client-vpn-connections         
describe-client-vpn-endpoints            | describe-client-vpn-routes              
describe-client-vpn-target-networks      | describe-coip-pools                     
describe-conversion-tasks                | describe-customer-gateways              
describe-declarative-policies-reports    | describe-dhcp-options                   
describe-egress-only-internet-gateways   | describe-elastic-gpus                   
describe-export-image-tasks              | describe-export-tasks                   
describe-fast-launch-images              | describe-fast-snapshot-restores         
describe-fleet-history                   | describe-fleet-instances                
describe-fleets                          | describe-flow-logs                      
describe-fpga-image-attribute            | describe-fpga-images                    
describe-host-reservation-offerings      | describe-host-reservations              
describe-hosts                           | describe-iam-instance-profile-associations
describe-id-format                       | describe-identity-id-format             
describe-image-attribute                 | describe-images                         
describe-import-image-tasks              | describe-import-snapshot-tasks          
describe-instance-attribute              | describe-instance-connect-endpoints     
describe-instance-credit-specifications  | describe-instance-event-notification-attributes
describe-instance-event-windows          | describe-instance-image-metadata        
describe-instance-status                 | describe-instance-topology              
describe-instance-type-offerings         | describe-instance-types                 
describe-instances                       | describe-internet-gateways              
describe-ipam-byoasn                     | describe-ipam-external-resource-verification-tokens
describe-ipam-pools                      | describe-ipam-resource-discoveries      
describe-ipam-resource-discovery-associations | describe-ipam-scopes                    
describe-ipams                           | describe-ipv6-pools                     
describe-key-pairs                       | describe-launch-template-versions       
describe-launch-templates                | describe-local-gateway-route-table-virtual-interface-group-associations
describe-local-gateway-route-table-vpc-associations | describe-local-gateway-route-tables     
describe-local-gateway-virtual-interface-groups | describe-local-gateway-virtual-interfaces
describe-local-gateways                  | describe-locked-snapshots               
describe-mac-hosts                       | describe-managed-prefix-lists           
describe-moving-addresses                | describe-nat-gateways                   
describe-network-acls                    | describe-network-insights-access-scope-analyses
describe-network-insights-access-scopes  | describe-network-insights-analyses      
describe-network-insights-paths          | describe-network-interface-attribute    
describe-network-interface-permissions   | describe-network-interfaces             
describe-placement-groups                | describe-prefix-lists                   
describe-principal-id-format             | describe-public-ipv4-pools              
describe-regions                         | describe-replace-root-volume-tasks      
describe-reserved-instances              | describe-reserved-instances-listings    
describe-reserved-instances-modifications | describe-reserved-instances-offerings   
describe-route-server-endpoints          | describe-route-server-peers             
describe-route-servers                   | describe-route-tables                   
describe-scheduled-instance-availability | describe-scheduled-instances            
describe-security-group-references       | describe-security-group-rules           
describe-security-group-vpc-associations | describe-security-groups                
describe-snapshot-attribute              | describe-snapshot-tier-status           
describe-snapshots                       | describe-spot-datafeed-subscription     
describe-spot-fleet-instances            | describe-spot-fleet-request-history     
describe-spot-fleet-requests             | describe-spot-instance-requests         
describe-spot-price-history              | describe-stale-security-groups          
describe-store-image-tasks               | describe-subnets                        
describe-tags                            | describe-traffic-mirror-filter-rules    
describe-traffic-mirror-filters          | describe-traffic-mirror-sessions        
describe-traffic-mirror-targets          | describe-transit-gateway-attachments    
describe-transit-gateway-connect-peers   | describe-transit-gateway-connects       
describe-transit-gateway-multicast-domains | describe-transit-gateway-peering-attachments
describe-transit-gateway-policy-tables   | describe-transit-gateway-route-table-announcements
describe-transit-gateway-route-tables    | describe-transit-gateway-vpc-attachments
describe-transit-gateways                | describe-trunk-interface-associations   
describe-verified-access-endpoints       | describe-verified-access-groups         
describe-verified-access-instance-logging-configurations | describe-verified-access-instances      
describe-verified-access-trust-providers | describe-volume-attribute               
describe-volume-status                   | describe-volumes                        
describe-volumes-modifications           | describe-vpc-attribute                  
describe-vpc-block-public-access-exclusions | describe-vpc-block-public-access-options
describe-vpc-classic-link                | describe-vpc-classic-link-dns-support   
describe-vpc-endpoint-associations       | describe-vpc-endpoint-connection-notifications
describe-vpc-endpoint-connections        | describe-vpc-endpoint-service-configurations
describe-vpc-endpoint-service-permissions | describe-vpc-endpoint-services          
describe-vpc-endpoints                   | describe-vpc-peering-connections        
describe-vpcs                            | describe-vpn-connections                
describe-vpn-gateways                    | detach-classic-link-vpc                 
detach-internet-gateway                  | detach-network-interface                
detach-verified-access-trust-provider    | detach-volume                           
detach-vpn-gateway                       | disable-address-transfer                
disable-allowed-images-settings          | disable-aws-network-performance-metric-subscription
disable-ebs-encryption-by-default        | disable-fast-launch                     
disable-fast-snapshot-restores           | disable-image                           
disable-image-block-public-access        | disable-image-deprecation               
disable-image-deregistration-protection  | disable-ipam-organization-admin-account 
disable-route-server-propagation         | disable-serial-console-access           
disable-snapshot-block-public-access     | disable-transit-gateway-route-table-propagation
disable-vgw-route-propagation            | disable-vpc-classic-link                
disable-vpc-classic-link-dns-support     | disassociate-address                    
disassociate-capacity-reservation-billing-owner | disassociate-client-vpn-target-network  
disassociate-enclave-certificate-iam-role | disassociate-iam-instance-profile       
disassociate-instance-event-window       | disassociate-ipam-byoasn                
disassociate-ipam-resource-discovery     | disassociate-nat-gateway-address        
disassociate-route-server                | disassociate-route-table                
disassociate-security-group-vpc          | disassociate-subnet-cidr-block          
disassociate-transit-gateway-multicast-domain | disassociate-transit-gateway-policy-table
disassociate-transit-gateway-route-table | disassociate-trunk-interface            
disassociate-vpc-cidr-block              | enable-address-transfer                 
enable-allowed-images-settings           | enable-aws-network-performance-metric-subscription
enable-ebs-encryption-by-default         | enable-fast-launch                      
enable-fast-snapshot-restores            | enable-image                            
enable-image-block-public-access         | enable-image-deprecation                
enable-image-deregistration-protection   | enable-ipam-organization-admin-account  
enable-reachability-analyzer-organization-sharing | enable-route-server-propagation         
enable-serial-console-access             | enable-snapshot-block-public-access     
enable-transit-gateway-route-table-propagation | enable-vgw-route-propagation            
enable-volume-io                         | enable-vpc-classic-link                 
enable-vpc-classic-link-dns-support      | export-client-vpn-client-certificate-revocation-list
export-client-vpn-client-configuration   | export-image                            
export-transit-gateway-routes            | export-verified-access-instance-client-configuration
get-allowed-images-settings              | get-associated-enclave-certificate-iam-roles
get-associated-ipv6-pool-cidrs           | get-aws-network-performance-data        
get-capacity-reservation-usage           | get-coip-pool-usage                     
get-console-output                       | get-console-screenshot                  
get-declarative-policies-report-summary  | get-default-credit-specification        
get-ebs-default-kms-key-id               | get-ebs-encryption-by-default           
get-flow-logs-integration-template       | get-groups-for-capacity-reservation     
get-host-reservation-purchase-preview    | get-image-block-public-access-state     
get-instance-metadata-defaults           | get-instance-tpm-ek-pub                 
get-instance-types-from-instance-requirements | get-instance-uefi-data                  
get-ipam-address-history                 | get-ipam-discovered-accounts            
get-ipam-discovered-public-addresses     | get-ipam-discovered-resource-cidrs      
get-ipam-pool-allocations                | get-ipam-pool-cidrs                     
get-ipam-resource-cidrs                  | get-launch-template-data                
get-managed-prefix-list-associations     | get-managed-prefix-list-entries         
get-network-insights-access-scope-analysis-findings | get-network-insights-access-scope-content
get-password-data                        | get-reserved-instances-exchange-quote   
get-route-server-associations            | get-route-server-propagations           
get-route-server-routing-database        | get-security-groups-for-vpc             
get-serial-console-access-status         | get-snapshot-block-public-access-state  
get-spot-placement-scores                | get-subnet-cidr-reservations            
get-transit-gateway-attachment-propagations | get-transit-gateway-multicast-domain-associations
get-transit-gateway-policy-table-associations | get-transit-gateway-policy-table-entries
get-transit-gateway-prefix-list-references | get-transit-gateway-route-table-associations
get-transit-gateway-route-table-propagations | get-verified-access-endpoint-policy     
get-verified-access-endpoint-targets     | get-verified-access-group-policy        
get-vpn-connection-device-sample-configuration | get-vpn-connection-device-types         
get-vpn-tunnel-replacement-status        | import-client-vpn-client-certificate-revocation-list
import-image                             | import-key-pair                         
import-snapshot                          | list-images-in-recycle-bin              
list-snapshots-in-recycle-bin            | lock-snapshot                           
modify-address-attribute                 | modify-availability-zone-group          
modify-capacity-reservation              | modify-capacity-reservation-fleet       
modify-client-vpn-endpoint               | modify-default-credit-specification     
modify-ebs-default-kms-key-id            | modify-fleet                            
modify-fpga-image-attribute              | modify-hosts                            
modify-id-format                         | modify-identity-id-format               
modify-image-attribute                   | modify-instance-attribute               
modify-instance-capacity-reservation-attributes | modify-instance-cpu-options             
modify-instance-credit-specification     | modify-instance-event-start-time        
modify-instance-event-window             | modify-instance-maintenance-options     
modify-instance-metadata-defaults        | modify-instance-metadata-options        
modify-instance-network-performance-options | modify-instance-placement               
modify-ipam                              | modify-ipam-pool                        
modify-ipam-resource-cidr                | modify-ipam-resource-discovery          
modify-ipam-scope                        | modify-launch-template                  
modify-local-gateway-route               | modify-managed-prefix-list              
modify-network-interface-attribute       | modify-private-dns-name-options         
modify-reserved-instances                | modify-route-server                     
modify-security-group-rules              | modify-snapshot-attribute               
modify-snapshot-tier                     | modify-spot-fleet-request               
modify-subnet-attribute                  | modify-traffic-mirror-filter-network-services
modify-traffic-mirror-filter-rule        | modify-traffic-mirror-session           
modify-transit-gateway                   | modify-transit-gateway-prefix-list-reference
modify-transit-gateway-vpc-attachment    | modify-verified-access-endpoint         
modify-verified-access-endpoint-policy   | modify-verified-access-group            
modify-verified-access-group-policy      | modify-verified-access-instance         
modify-verified-access-instance-logging-configuration | modify-verified-access-trust-provider   
modify-volume                            | modify-volume-attribute                 
modify-vpc-attribute                     | modify-vpc-block-public-access-exclusion
modify-vpc-block-public-access-options   | modify-vpc-endpoint                     
modify-vpc-endpoint-connection-notification | modify-vpc-endpoint-service-configuration
modify-vpc-endpoint-service-payer-responsibility | modify-vpc-endpoint-service-permissions 
modify-vpc-peering-connection-options    | modify-vpc-tenancy                      
modify-vpn-connection                    | modify-vpn-connection-options           
modify-vpn-tunnel-certificate            | modify-vpn-tunnel-options               
monitor-instances                        | move-address-to-vpc                     
move-byoip-cidr-to-ipam                  | move-capacity-reservation-instances     
provision-byoip-cidr                     | provision-ipam-byoasn                   
provision-ipam-pool-cidr                 | provision-public-ipv4-pool-cidr         
purchase-capacity-block                  | purchase-capacity-block-extension       
purchase-host-reservation                | purchase-reserved-instances-offering    
purchase-scheduled-instances             | reboot-instances                        
register-image                           | register-instance-event-notification-attributes
register-transit-gateway-multicast-group-members | register-transit-gateway-multicast-group-sources
reject-capacity-reservation-billing-ownership | reject-transit-gateway-multicast-domain-associations
reject-transit-gateway-peering-attachment | reject-transit-gateway-vpc-attachment   
reject-vpc-endpoint-connections          | reject-vpc-peering-connection           
release-address                          | release-hosts                           
release-ipam-pool-allocation             | replace-iam-instance-profile-association
replace-image-criteria-in-allowed-images-settings | replace-network-acl-association         
replace-network-acl-entry                | replace-route                           
replace-route-table-association          | replace-transit-gateway-route           
replace-vpn-tunnel                       | report-instance-status                  
request-spot-fleet                       | request-spot-instances                  
reset-address-attribute                  | reset-ebs-default-kms-key-id            
reset-fpga-image-attribute               | reset-image-attribute                   
reset-instance-attribute                 | reset-network-interface-attribute       
reset-snapshot-attribute                 | restore-address-to-classic              
restore-image-from-recycle-bin           | restore-managed-prefix-list-version     
restore-snapshot-from-recycle-bin        | restore-snapshot-tier                   
revoke-client-vpn-ingress                | revoke-security-group-egress            
revoke-security-group-ingress            | run-instances                           
run-scheduled-instances                  | search-local-gateway-routes             
search-transit-gateway-multicast-groups  | search-transit-gateway-routes           
send-diagnostic-interrupt                | start-declarative-policies-report       
start-instances                          | start-network-insights-access-scope-analysis
start-network-insights-analysis          | start-vpc-endpoint-service-private-dns-verification
stop-instances                           | terminate-client-vpn-connections        
terminate-instances                      | unassign-ipv6-addresses                 
unassign-private-ip-addresses            | unassign-private-nat-gateway-address    
unlock-snapshot                          | unmonitor-instances                     
update-security-group-rule-descriptions-egress | update-security-group-rule-descriptions-ingress
withdraw-byoip-cidr                      | wait                                    
help                                    

bob@iac-server ~/terraform via 💠 default ✖ aws ec2 describe-vpcs --filters "Name=tag:Name,Values=devops-vpc"
{
    "Vpcs": [
        {
            "OwnerId": "000000000000",
            "InstanceTenancy": "default",
            "Ipv6CidrBlockAssociationSet": [],
            "CidrBlockAssociationSet": [
                {
                    "AssociationId": "vpc-cidr-assoc-d80a31d4fb79ebd63",
                    "CidrBlock": "10.0.0.0/16",
                    "CidrBlockState": {
                        "State": "associated"
                    }
                }
            ],
            "IsDefault": false,
            "Tags": [
                {
                    "Key": "Name",
                    "Value": "devops-vpc"
                }
            ],
            "VpcId": "vpc-b51761788020b0253",
            "State": "available",
            "CidrBlock": "10.0.0.0/16",
            "DhcpOptionsId": "default"
        }
    ]
}

bob@iac-server ~/terraform via 💠 default ➜  


Task: Create VPC with CIDR Using Terraform
Date: 15 May 2025

The Nautilus DevOps team is strategically planning the migration of a portion of their infrastructure to the AWS cloud. Acknowledging the magnitude of this endeavor, they have chosen to tackle the migration incrementally rather than as a single, massive transition. Their approach involves creating Virtual Private Clouds (VPCs) as the initial step, as they will be provisioning various services under different VPCs.

1> Create a VPC named xfusion-vpc in us-east-1 region with 192.168.0.0/24 IPv4 CIDR using terraform.

The Terraform working directory is /home/bob/terraform. Create the main.tf file (do not create a different .tf file) to accomplish this task.
Solution: 
bob@iac-server ~/terraform via 💠 default ➜  pwd
/home/bob/terraform

bob@iac-server ~/terraform via 💠 default ➜  cat main.tf 
resource "aws_vpc" "xfusion-vpc" {
  cidr_block           = "192.168.0.0/24" # Replace this with your desired IPv4 CIDR block
  enable_dns_support   = true
  enable_dns_hostnames = true
  tags = {
    Name = "xfusion-vpc"
  }
}


bob@iac-server ~/terraform via 💠 default ➜  terraform init
Initializing the backend...
Initializing provider plugins...
- Finding hashicorp/aws versions matching "5.91.0"...
- Installing hashicorp/aws v5.91.0...
- Installed hashicorp/aws v5.91.0 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

bob@iac-server ~/terraform via 💠 default  terraform validate
Success! The configuration is valid.


bob@iac-server ~/terraform via 💠 default ➜  terraform plan

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_vpc.xfusion-vpc will be created
  + resource "aws_vpc" "xfusion-vpc" {
      + arn                                  = (known after apply)
      + cidr_block                           = "192.168.0.0/24"
      + default_network_acl_id               = (known after apply)
      + default_route_table_id               = (known after apply)
      + default_security_group_id            = (known after apply)
      + dhcp_options_id                      = (known after apply)
      + enable_dns_hostnames                 = true
      + enable_dns_support                   = true
      + enable_network_address_usage_metrics = (known after apply)
      + id                                   = (known after apply)
      + instance_tenancy                     = "default"
      + ipv6_association_id                  = (known after apply)
      + ipv6_cidr_block                      = (known after apply)
      + ipv6_cidr_block_network_border_group = (known after apply)
      + main_route_table_id                  = (known after apply)
      + owner_id                             = (known after apply)
      + tags                                 = {
          + "Name" = "xfusion-vpc"
        }
      + tags_all                             = {
          + "Name" = "xfusion-vpc"
        }
    }

Plan: 1 to add, 0 to change, 0 to destroy.

───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply"
now.

bob@iac-server ~/terraform via 💠 default ➜  terraform apply

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_vpc.xfusion-vpc will be created
  + resource "aws_vpc" "xfusion-vpc" {
      + arn                                  = (known after apply)
      + cidr_block                           = "192.168.0.0/24"
      + default_network_acl_id               = (known after apply)
      + default_route_table_id               = (known after apply)
      + default_security_group_id            = (known after apply)
      + dhcp_options_id                      = (known after apply)
      + enable_dns_hostnames                 = true
      + enable_dns_support                   = true
      + enable_network_address_usage_metrics = (known after apply)
      + id                                   = (known after apply)
      + instance_tenancy                     = "default"
      + ipv6_association_id                  = (known after apply)
      + ipv6_cidr_block                      = (known after apply)
      + ipv6_cidr_block_network_border_group = (known after apply)
      + main_route_table_id                  = (known after apply)
      + owner_id                             = (known after apply)
      + tags                                 = {
          + "Name" = "xfusion-vpc"
        }
      + tags_all                             = {
          + "Name" = "xfusion-vpc"
        }
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

aws_vpc.xfusion-vpc: Creating...
aws_vpc.xfusion-vpc: Still creating... [10s elapsed]
aws_vpc.xfusion-vpc: Creation complete after 12s [id=vpc-1cba1058cbd1b201a]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

bob@iac-server ~/terraform via 💠 default ➜  aws ec2 describe-vpcs --filters "Name=tag:Name,Values=xfusion-vpc"
{
    "Vpcs": [
        {
            "OwnerId": "000000000000",
            "InstanceTenancy": "default",
            "Ipv6CidrBlockAssociationSet": [],
            "CidrBlockAssociationSet": [
                {
                    "AssociationId": "vpc-cidr-assoc-99209b471c4295983",
                    "CidrBlock": "192.168.0.0/24",
                    "CidrBlockState": {
                        "State": "associated"
                    }
                }
            ],
            "IsDefault": false,
            "Tags": [
                {
                    "Key": "Name",
                    "Value": "xfusion-vpc"
                }
            ],
            "VpcId": "vpc-1cba1058cbd1b201a",
            "State": "available",
            "CidrBlock": "192.168.0.0/24",
            "DhcpOptionsId": "default"
        }
    ]
}

bob@iac-server ~/terraform via 💠 default ➜  

Task: Create VPC with IPv6 Using Terraform
Date: 21May2025
The Nautilus DevOps team is strategically planning the migration of a portion of their infrastructure to the AWS cloud. Acknowledging the magnitude of this endeavor, they have chosen to tackle the migration incrementally rather than as a single, massive transition. Their approach involves creating Virtual Private Clouds (VPCs) as the initial step, as they will be provisioning various services under different VPCs.

For this task, create a VPC named xfusion-vpc in the us-east-1 region with the Amazon-provided IPv6 CIDR block using terraform.

The Terraform working directory is /home/bob/terraform. Create the main.tf file (do not create a different .tf file) to accomplish this task.

Solution

bob@iac-server ~/terraform via 💠 default ➜  pwd
/home/bob/terraform

bob@iac-server ~/terraform via 💠 default ➜  cat main.tf 
resource "aws_vpc" "xfusion_vpc" {
  cidr_block           = "10.0.0.0/16" # Specify an IPv4 CIDR block
  assign_generated_ipv6_cidr_block = true # Enable Amazon-provided IPv6 CIDR block
  enable_dns_support   = true
  enable_dns_hostnames = true

  tags = {
    Name = "xfusion-vpc"
  }
}
bob@iac-server ~/terraform via 💠 default ➜  terraform init
Initializing the backend...
Initializing provider plugins...
- Finding hashicorp/aws versions matching "5.91.0"...
- Installing hashicorp/aws v5.91.0...
- Installed hashicorp/aws v5.91.0 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

bob@iac-server ~/terraform via 💠 default ➜  terraform validate
Success! The configuration is valid.


bob@iac-server ~/terraform via 💠 default ➜  terraform plan

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_vpc.xfusion_vpc will be created
  + resource "aws_vpc" "xfusion_vpc" {
      + arn                                  = (known after apply)
      + assign_generated_ipv6_cidr_block     = true
      + cidr_block                           = "10.0.0.0/16"
      + default_network_acl_id               = (known after apply)
      + default_route_table_id               = (known after apply)
      + default_security_group_id            = (known after apply)
      + dhcp_options_id                      = (known after apply)
      + enable_dns_hostnames                 = true
      + enable_dns_support                   = true
      + enable_network_address_usage_metrics = (known after apply)
      + id                                   = (known after apply)
      + instance_tenancy                     = "default"
      + ipv6_association_id                  = (known after apply)
      + ipv6_cidr_block                      = (known after apply)
      + ipv6_cidr_block_network_border_group = (known after apply)
      + main_route_table_id                  = (known after apply)
      + owner_id                             = (known after apply)
      + tags                                 = {
          + "Name" = "xfusion-vpc"
        }
      + tags_all                             = {
          + "Name" = "xfusion-vpc"
        }
    }

Plan: 1 to add, 0 to change, 0 to destroy.

───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply"
now.

bob@iac-server ~/terraform via 💠 default ➜  terraform apply

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_vpc.xfusion_vpc will be created
  + resource "aws_vpc" "xfusion_vpc" {
      + arn                                  = (known after apply)
      + assign_generated_ipv6_cidr_block     = true
      + cidr_block                           = "10.0.0.0/16"
      + default_network_acl_id               = (known after apply)
      + default_route_table_id               = (known after apply)
      + default_security_group_id            = (known after apply)
      + dhcp_options_id                      = (known after apply)
      + enable_dns_hostnames                 = true
      + enable_dns_support                   = true
      + enable_network_address_usage_metrics = (known after apply)
      + id                                   = (known after apply)
      + instance_tenancy                     = "default"
      + ipv6_association_id                  = (known after apply)
      + ipv6_cidr_block                      = (known after apply)
      + ipv6_cidr_block_network_border_group = (known after apply)
      + main_route_table_id                  = (known after apply)
      + owner_id                             = (known after apply)
      + tags                                 = {
          + "Name" = "xfusion-vpc"
        }
      + tags_all                             = {
          + "Name" = "xfusion-vpc"
        }
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

aws_vpc.xfusion_vpc: Creating...
aws_vpc.xfusion_vpc: Still creating... [10s elapsed]
aws_vpc.xfusion_vpc: Still creating... [20s elapsed]
aws_vpc.xfusion_vpc: Creation complete after 22s [id=vpc-cadb04adb05820e1a]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

bob@iac-server ~/terraform via 💠 default ➜  aws ec2 describe-vpcs --filter "Name=tag:Name,Values=xfusion-vpc"
{
    "Vpcs": [
        {
            "OwnerId": "000000000000",
            "InstanceTenancy": "default",
            "Ipv6CidrBlockAssociationSet": [
                {
                    "AssociationId": "vpc-cidr-assoc-5e6fc4cb62345293a",
                    "Ipv6CidrBlock": "2400:6500:8d70:a200::/56",
                    "Ipv6CidrBlockState": {
                        "State": "associated"
                    },
                    "NetworkBorderGroup": "us-east-1",
                    "Ipv6Pool": "Amazon"
                }
            ],
            "CidrBlockAssociationSet": [
                {
                    "AssociationId": "vpc-cidr-assoc-055fe1f7cc875d20d",
                    "CidrBlock": "10.0.0.0/16",
                    "CidrBlockState": {
                        "State": "associated"
                    }
                }
            ],
            "IsDefault": false,
            "Tags": [
                {
                    "Key": "Name",
                    "Value": "xfusion-vpc"
                }
            ],
            "VpcId": "vpc-cadb04adb05820e1a",
            "State": "available",
            "CidrBlock": "10.0.0.0/16",
            "DhcpOptionsId": "default"
        }
    ]
}

bob@iac-server ~/terraform via 💠 default ➜  

Task: Create Elastic IP Using Terraform 
Date: 22May2025
The Nautilus DevOps team is strategizing the migration of a portion of their infrastructure to the AWS cloud. Recognizing the scale of this undertaking, they have opted to approach the migration in incremental steps rather than as a single massive transition. To achieve this, they have segmented large tasks into smaller, more manageable units. This granular approach enables the team to execute the migration in gradual phases, ensuring smoother implementation and minimizing disruption to ongoing operations. By breaking down the migration into smaller tasks, the Nautilus DevOps team can systematically progress through each stage, allowing for better control, risk mitigation, and optimization of resources throughout the migration process.

For this task, allocate an Elastic IP address named nautilus-eip using Terraform.

The Terraform working directory is /home/bob/terraform. Create the main.tf file (do not create a different .tf file) to accomplish this task.


Solution

bob@iac-server ~/terraform via 💠 default ➜  pwd
/home/bob/terraform

bob@iac-server ~/terraform via 💠 default ➜  cat main.tf 
resource "aws_eip" "nautilus_eip" {
  tags = {
    Name = "nautilus-eip"
  }
}
bob@iac-server ~/terraform via 💠 default ➜  terraform init
Initializing the backend...
Initializing provider plugins...
- Finding hashicorp/aws versions matching "5.91.0"...
- Installing hashicorp/aws v5.91.0...
- Installed hashicorp/aws v5.91.0 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

bob@iac-server ~/terraform via 💠 default ➜  terraform validate
Success! The configuration is valid.


bob@iac-server ~/terraform via 💠 default ➜  terraform plan

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_eip.nautilus_eip will be created
  + resource "aws_eip" "nautilus_eip" {
      + allocation_id        = (known after apply)
      + arn                  = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = (known after apply)
      + id                   = (known after apply)
      + instance             = (known after apply)
      + ipam_pool_id         = (known after apply)
      + network_border_group = (known after apply)
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + ptr_record           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = (known after apply)
      + tags                 = {
          + "Name" = "nautilus-eip"
        }
      + tags_all             = {
          + "Name" = "nautilus-eip"
        }
      + vpc                  = (known after apply)
    }

Plan: 1 to add, 0 to change, 0 to destroy.

───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply"
now.

bob@iac-server ~/terraform via 💠 default ➜  terraform apply

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_eip.nautilus_eip will be created
  + resource "aws_eip" "nautilus_eip" {
      + allocation_id        = (known after apply)
      + arn                  = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = (known after apply)
      + id                   = (known after apply)
      + instance             = (known after apply)
      + ipam_pool_id         = (known after apply)
      + network_border_group = (known after apply)
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + ptr_record           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = (known after apply)
      + tags                 = {
          + "Name" = "nautilus-eip"
        }
      + tags_all             = {
          + "Name" = "nautilus-eip"
        }
      + vpc                  = (known after apply)
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

aws_eip.nautilus_eip: Creating...
aws_eip.nautilus_eip: Creation complete after 2s [id=eipalloc-4d64dcf5d16c14e67]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

bob@iac-server ~/terraform via 💠 default ➜  aws ec2 describe-addresses --filters "Name=tag:Name,Values=nautilus-eip"
{
    "Addresses": [
        {
            "AllocationId": "eipalloc-4d64dcf5d16c14e67",
            "Domain": "vpc",
            "NetworkInterfaceId": "",
            "Tags": [
                {
                    "Key": "Name",
                    "Value": "nautilus-eip"
                }
            ],
            "InstanceId": "",
            "PublicIp": "127.122.160.174"
        }
    ]
}

bob@iac-server ~/terraform via 💠 default ➜  

Task: Create EC2 Instance Using Terraform
Date: 29May2025
The Nautilus DevOps team is strategizing the migration of a portion of their infrastructure to the AWS cloud. Recognizing the scale of this undertaking, they have opted to approach the migration in incremental steps rather than as a single massive transition. To achieve this, they have segmented large tasks into smaller, more manageable units.
For this task, create an EC2 instance using Terraform with the following requirements:
1. The name of the instance must be nautilus-ec2.
2. Use the Amazon Linux ami-0c101f26f147fa7fd to launch this instance.
3. The Instance type must be t2.micro.
4. Create a new RSA key named nautilus-kp.
5. Attach the default (available by default) security group.


bob@iac-server ~/terraform via 💠 default ➜  pwd
/home/bob/terraform

bob@iac-server ~/terraform via 💠 default ➜  cat main.tf 
# Create a new RSA key pair
resource "tls_private_key" "nautilus_private_key" {
  algorithm = "RSA"
  rsa_bits  = 2048
}

resource "aws_key_pair" "nautilus_kp" {
  key_name   = "nautilus-kp"
  public_key = tls_private_key.nautilus_private_key.public_key_openssh
}

# Fetch the default VPC and security group
data "aws_vpc" "default" {
  default = true
}

data "aws_security_group" "default" {
  vpc_id = data.aws_vpc.default.id
  name   = "default"
}

# Create the EC2 instance
resource "aws_instance" "nautilus_ec2" {
  ami           = "ami-0c101f26f147fa7fd" # Amazon Linux AMI
  instance_type = "t2.micro"
  key_name      = aws_key_pair.nautilus_kp.key_name
  security_groups = [data.aws_security_group.default.name]

  tags = {
    Name = "nautilus-ec2"
  }
}

# Output the private key
output "private_key_pem" {
  value      = tls_private_key.nautilus_private_key.private_key_pem
  sensitive  = true
}

bob@iac-server ~/terraform via 💠 default ➜  terraform init
Initializing the backend...
Initializing provider plugins...
- Finding hashicorp/aws versions matching "5.91.0"...
- Finding latest version of hashicorp/tls...
- Installing hashicorp/tls v4.1.0...
- Installed hashicorp/tls v4.1.0 (signed by HashiCorp)
- Installing hashicorp/aws v5.91.0...
- Installed hashicorp/aws v5.91.0 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

bob@iac-server ~/terraform via 💠 default ➜  terraform validate
Success! The configuration is valid.


bob@iac-server ~/terraform via 💠 default ➜  terraform plan
data.aws_vpc.default: Reading...
data.aws_vpc.default: Read complete after 1s [id=vpc-148d80bfe1c21df8d]
data.aws_security_group.default: Reading...
data.aws_security_group.default: Read complete after 0s [id=sg-1875ce1cc27de9330]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_instance.nautilus_ec2 will be created
  + resource "aws_instance" "nautilus_ec2" {
      + ami                                  = "ami-0c101f26f147fa7fd"
      + arn                                  = (known after apply)
      + associate_public_ip_address          = (known after apply)
      + availability_zone                    = (known after apply)
      + cpu_core_count                       = (known after apply)
      + cpu_threads_per_core                 = (known after apply)
      + disable_api_stop                     = (known after apply)
      + disable_api_termination              = (known after apply)
      + ebs_optimized                        = (known after apply)
      + enable_primary_ipv6                  = (known after apply)
      + get_password_data                    = false
      + host_id                              = (known after apply)
      + host_resource_group_arn              = (known after apply)
      + iam_instance_profile                 = (known after apply)
      + id                                   = (known after apply)
      + instance_initiated_shutdown_behavior = (known after apply)
      + instance_lifecycle                   = (known after apply)
      + instance_state                       = (known after apply)
      + instance_type                        = "t2.micro"
      + ipv6_address_count                   = (known after apply)
      + ipv6_addresses                       = (known after apply)
      + key_name                             = "nautilus-kp"
      + monitoring                           = (known after apply)
      + outpost_arn                          = (known after apply)
      + password_data                        = (known after apply)
      + placement_group                      = (known after apply)
      + placement_partition_number           = (known after apply)
      + primary_network_interface_id         = (known after apply)
      + private_dns                          = (known after apply)
      + private_ip                           = (known after apply)
      + public_dns                           = (known after apply)
      + public_ip                            = (known after apply)
      + secondary_private_ips                = (known after apply)
      + security_groups                      = [
          + "default",
        ]
      + source_dest_check                    = true
      + spot_instance_request_id             = (known after apply)
      + subnet_id                            = (known after apply)
      + tags                                 = {
          + "Name" = "nautilus-ec2"
        }
      + tags_all                             = {
          + "Name" = "nautilus-ec2"
        }
      + tenancy                              = (known after apply)
      + user_data                            = (known after apply)
      + user_data_base64                     = (known after apply)
      + user_data_replace_on_change          = false
      + vpc_security_group_ids               = (known after apply)

      + capacity_reservation_specification (known after apply)

      + cpu_options (known after apply)

      + ebs_block_device (known after apply)

      + enclave_options (known after apply)

      + ephemeral_block_device (known after apply)

      + instance_market_options (known after apply)

      + maintenance_options (known after apply)

      + metadata_options (known after apply)

      + network_interface (known after apply)

      + private_dns_name_options (known after apply)

      + root_block_device (known after apply)
    }

  # aws_key_pair.nautilus_kp will be created
  + resource "aws_key_pair" "nautilus_kp" {
      + arn             = (known after apply)
      + fingerprint     = (known after apply)
      + id              = (known after apply)
      + key_name        = "nautilus-kp"
      + key_name_prefix = (known after apply)
      + key_pair_id     = (known after apply)
      + key_type        = (known after apply)
      + public_key      = (known after apply)
      + tags_all        = (known after apply)
    }

  # tls_private_key.nautilus_private_key will be created
  + resource "tls_private_key" "nautilus_private_key" {
      + algorithm                     = "RSA"
      + ecdsa_curve                   = "P224"
      + id                            = (known after apply)
      + private_key_openssh           = (sensitive value)
      + private_key_pem               = (sensitive value)
      + private_key_pem_pkcs8         = (sensitive value)
      + public_key_fingerprint_md5    = (known after apply)
      + public_key_fingerprint_sha256 = (known after apply)
      + public_key_openssh            = (known after apply)
      + public_key_pem                = (known after apply)
      + rsa_bits                      = 2048
    }

Plan: 3 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + private_key_pem = (sensitive value)

───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply"
now.

bob@iac-server ~/terraform via 💠 default ➜  terraform apply
data.aws_vpc.default: Reading...
data.aws_vpc.default: Read complete after 0s [id=vpc-148d80bfe1c21df8d]
data.aws_security_group.default: Reading...
data.aws_security_group.default: Read complete after 0s [id=sg-1875ce1cc27de9330]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_instance.nautilus_ec2 will be created
  + resource "aws_instance" "nautilus_ec2" {
      + ami                                  = "ami-0c101f26f147fa7fd"
      + arn                                  = (known after apply)
      + associate_public_ip_address          = (known after apply)
      + availability_zone                    = (known after apply)
      + cpu_core_count                       = (known after apply)
      + cpu_threads_per_core                 = (known after apply)
      + disable_api_stop                     = (known after apply)
      + disable_api_termination              = (known after apply)
      + ebs_optimized                        = (known after apply)
      + enable_primary_ipv6                  = (known after apply)
      + get_password_data                    = false
      + host_id                              = (known after apply)
      + host_resource_group_arn              = (known after apply)
      + iam_instance_profile                 = (known after apply)
      + id                                   = (known after apply)
      + instance_initiated_shutdown_behavior = (known after apply)
      + instance_lifecycle                   = (known after apply)
      + instance_state                       = (known after apply)
      + instance_type                        = "t2.micro"
      + ipv6_address_count                   = (known after apply)
      + ipv6_addresses                       = (known after apply)
      + key_name                             = "nautilus-kp"
      + monitoring                           = (known after apply)
      + outpost_arn                          = (known after apply)
      + password_data                        = (known after apply)
      + placement_group                      = (known after apply)
      + placement_partition_number           = (known after apply)
      + primary_network_interface_id         = (known after apply)
      + private_dns                          = (known after apply)
      + private_ip                           = (known after apply)
      + public_dns                           = (known after apply)
      + public_ip                            = (known after apply)
      + secondary_private_ips                = (known after apply)
      + security_groups                      = [
          + "default",
        ]
      + source_dest_check                    = true
      + spot_instance_request_id             = (known after apply)
      + subnet_id                            = (known after apply)
      + tags                                 = {
          + "Name" = "nautilus-ec2"
        }
      + tags_all                             = {
          + "Name" = "nautilus-ec2"
        }
      + tenancy                              = (known after apply)
      + user_data                            = (known after apply)
      + user_data_base64                     = (known after apply)
      + user_data_replace_on_change          = false
      + vpc_security_group_ids               = (known after apply)

      + capacity_reservation_specification (known after apply)

      + cpu_options (known after apply)

      + ebs_block_device (known after apply)

      + enclave_options (known after apply)

      + ephemeral_block_device (known after apply)

      + instance_market_options (known after apply)

      + maintenance_options (known after apply)

      + metadata_options (known after apply)

      + network_interface (known after apply)

      + private_dns_name_options (known after apply)

      + root_block_device (known after apply)
    }

  # aws_key_pair.nautilus_kp will be created
  + resource "aws_key_pair" "nautilus_kp" {
      + arn             = (known after apply)
      + fingerprint     = (known after apply)
      + id              = (known after apply)
      + key_name        = "nautilus-kp"
      + key_name_prefix = (known after apply)
      + key_pair_id     = (known after apply)
      + key_type        = (known after apply)
      + public_key      = (known after apply)
      + tags_all        = (known after apply)
    }

  # tls_private_key.nautilus_private_key will be created
  + resource "tls_private_key" "nautilus_private_key" {
      + algorithm                     = "RSA"
      + ecdsa_curve                   = "P224"
      + id                            = (known after apply)
      + private_key_openssh           = (sensitive value)
      + private_key_pem               = (sensitive value)
      + private_key_pem_pkcs8         = (sensitive value)
      + public_key_fingerprint_md5    = (known after apply)
      + public_key_fingerprint_sha256 = (known after apply)
      + public_key_openssh            = (known after apply)
      + public_key_pem                = (known after apply)
      + rsa_bits                      = 2048
    }

Plan: 3 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + private_key_pem = (sensitive value)

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

tls_private_key.nautilus_private_key: Creating...
tls_private_key.nautilus_private_key: Creation complete after 1s [id=d3c5168ea3d2306dbc16811aa6733b1af08a99d3]
aws_key_pair.nautilus_kp: Creating...
aws_key_pair.nautilus_kp: Creation complete after 0s [id=nautilus-kp]
aws_instance.nautilus_ec2: Creating...
aws_instance.nautilus_ec2: Still creating... [10s elapsed]
aws_instance.nautilus_ec2: Creation complete after 10s [id=i-3a748ab26261982ad]

Apply complete! Resources: 3 added, 0 changed, 0 destroyed.

Outputs:

private_key_pem = <sensitive>

bob@iac-server ~/terraform via 💠 default ➜  terraform output -raw private_key_pem > /home/bob/nautilus-kp.pem

bob@iac-server ~/terraform via 💠 default ➜  chmod 600 /home/bob/nautilus-kp.pem

bob@iac-server ~/terraform via 💠 default ➜  aws ec2 describe-instances --filters "Name=tag:Name,Values=nautilus-ec2"
{
    "Reservations": [
        {
            "ReservationId": "r-e59f22b427658c1b3",
            "OwnerId": "000000000000",
            "Groups": [],
            "Instances": [
                {
                    "Architecture": "x86_64",
                    "BlockDeviceMappings": [
                        {
                            "DeviceName": "/dev/sda1",
                            "Ebs": {
                                "AttachTime": "2025-05-29T09:26:41Z",
                                "DeleteOnTermination": true,
                                "Status": "in-use",
                                "VolumeId": "vol-b803c04032d5e3c5c"
                            }
                        }
                    ],
                    "ClientToken": "ABCDE0000000000003",
                    "EbsOptimized": false,
                    "Hypervisor": "xen",
                    "NetworkInterfaces": [
                        {
                            "Association": {
                                "IpOwnerId": "000000000000",
                                "PublicIp": "54.214.202.227"
                            },
                            "Attachment": {
                                "AttachTime": "2015-01-01T00:00:00Z",
                                "AttachmentId": "eni-attach-ecc5f86c1270233b7",
                                "DeleteOnTermination": true,
                                "DeviceIndex": 0,
                                "Status": "attached"
                            },
                            "Description": "Primary network interface",
                            "Groups": [
                                {
                                    "GroupId": "sg-1875ce1cc27de9330",
                                    "GroupName": "default"
                                }
                            ],
                            "MacAddress": "1b:2b:3c:4d:5e:6f",
                            "NetworkInterfaceId": "eni-7a2fb83ffcbed1cdc",
                            "OwnerId": "000000000000",
                            "PrivateIpAddress": "10.216.183.20",
                            "PrivateIpAddresses": [
                                {
                                    "Association": {
                                        "IpOwnerId": "000000000000",
                                        "PublicIp": "54.214.202.227"
                                    },
                                    "Primary": true,
                                    "PrivateIpAddress": "10.216.183.20"
                                }
                            ],
                            "SourceDestCheck": true,
                            "Status": "in-use",
                            "SubnetId": "subnet-177bc9738cfecc467",
                            "VpcId": "vpc-148d80bfe1c21df8d"
                        }
                    ],
                    "RootDeviceName": "/dev/sda1",
                    "RootDeviceType": "ebs",
                    "SecurityGroups": [
                        {
                            "GroupId": "sg-1875ce1cc27de9330",
                            "GroupName": "default"
                        }
                    ],
                    "SourceDestCheck": true,
                    "StateReason": {
                        "Code": "",
                        "Message": ""
                    },
                    "Tags": [
                        {
                            "Key": "Name",
                            "Value": "nautilus-ec2"
                        }
                    ],
                    "VirtualizationType": "paravirtual",
                    "HibernationOptions": {
                        "Configured": false
                    },
                    "InstanceId": "i-3a748ab26261982ad",
                    "ImageId": "ami-0c101f26f147fa7fd",
                    "State": {
                        "Code": 16,
                        "Name": "running"
                    },
                    "PrivateDnsName": "ip-10-216-183-20.ec2.internal",
                    "PublicDnsName": "ec2-54-214-202-227.compute-1.amazonaws.com",
                    "StateTransitionReason": "",
                    "KeyName": "nautilus-kp",
                    "AmiLaunchIndex": 0,
                    "InstanceType": "t2.micro",
                    "LaunchTime": "2025-05-29T09:26:41Z",
                    "Placement": {
                        "GroupName": "",
                        "Tenancy": "default",
                        "AvailabilityZone": "us-east-1a"
                    },
                    "KernelId": "None",
                    "Monitoring": {
                        "State": "disabled"
                    },
                    "SubnetId": "subnet-177bc9738cfecc467",
                    "VpcId": "vpc-148d80bfe1c21df8d",
                    "PrivateIpAddress": "10.216.183.20",
                    "PublicIpAddress": "54.214.202.227"
                }
            ]
        }
    ]
}

bob@iac-server ~/terraform via 💠 default ➜  


Task: Create AMI Using Terraform 
Date: 01June2025
The Nautilus DevOps team is strategizing the migration of a portion of their infrastructure to the AWS cloud. Recognizing the scale of this undertaking, they have opted to approach the migration in incremental steps rather than as a single massive transition. To achieve this, they have segmented large tasks into smaller, more manageable units. This granular approach enables the team to execute the migration in gradual phases, ensuring smoother implementation and minimizing disruption to ongoing operations. By breaking down the migration into smaller tasks, the Nautilus DevOps team can systematically progress through each stage, allowing for better control, risk mitigation, and optimization of resources throughout the migration process.
1. For this task, create an AMI from an existing EC2 instance named datacenter-ec2 using Terraform.
2. Name of the AMI should be datacenter-ec2-ami, make sure AMI is in available state.
The Terraform working directory is /home/bob/terraform. Update the main.tf file (do not create a separate .tf file) to create the AMI.
Note: Right-click under the EXPLORER section in VS Code and select Open in Integrated Terminal to launch the terminal.
Solution: 
bob@iac-server ~/terraform via 💠 default ➜  pwd
/home/bob/terraform

bob@iac-server ~/terraform via 💠 default ➜  cat main.tf 
# Provision EC2 instance
resource "aws_instance" "ec2" {
  ami           = "ami-0c101f26f147fa7fd"
  instance_type = "t2.micro"
  vpc_security_group_ids = [
    "sg-bd61ebd3f73870ece"
  ]

  tags = {
    Name = "datacenter-ec2"
  }
}

bob@iac-server ~/terraform via 💠 default ➜ echo "After adding the code to main.tf file"
After adding the code to main.tf file
bob@iac-server ~/terraform via 💠 default ➜  cat main.tf 
# Provision EC2 instance
resource "aws_instance" "ec2" {
  ami           = "ami-0c101f26f147fa7fd"
  instance_type = "t2.micro"
  vpc_security_group_ids = [
    "sg-bd61ebd3f73870ece"
  ]

  tags = {
    Name = "datacenter-ec2"
  }
}

# Create an AMI from the EC2 instance
resource "aws_ami_from_instance" "datacenter_ami" {
  source_instance_id = aws_instance.ec2.id
  name               = "datacenter-ec2-ami"
  description        = "AMI created from datacenter-ec2 instance"

  tags = {
    Name = "datacenter-ec2-ami"
  }
}

# Output the AMI ID
output "ami_id" {
  value = aws_ami_from_instance.datacenter_ami.id
}


bob@iac-server ~/terraform via 💠 default ➜  terraform init
Initializing the backend...
Initializing provider plugins...
- Reusing previous version of hashicorp/aws from the dependency lock file
- Using previously-installed hashicorp/aws v5.91.0

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

bob@iac-server ~/terraform via 💠 default ➜  terraform validate
Success! The configuration is valid.


bob@iac-server ~/terraform via 💠 default ➜  terraform plan
aws_instance.ec2: Refreshing state... [id=i-3791371cd9d9a4d50]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_ami_from_instance.datacenter_ami will be created
  + resource "aws_ami_from_instance" "datacenter_ami" {
      + architecture         = (known after apply)
      + arn                  = (known after apply)
      + boot_mode            = (known after apply)
      + description          = "AMI created from datacenter-ec2 instance"
      + ena_support          = (known after apply)
      + hypervisor           = (known after apply)
      + id                   = (known after apply)
      + image_location       = (known after apply)
      + image_owner_alias    = (known after apply)
      + image_type           = (known after apply)
      + imds_support         = (known after apply)
      + kernel_id            = (known after apply)
      + manage_ebs_snapshots = (known after apply)
      + name                 = "datacenter-ec2-ami"
      + owner_id             = (known after apply)
      + platform             = (known after apply)
      + platform_details     = (known after apply)
      + public               = (known after apply)
      + ramdisk_id           = (known after apply)
      + root_device_name     = (known after apply)
      + root_snapshot_id     = (known after apply)
      + source_instance_id   = "i-3791371cd9d9a4d50"
      + sriov_net_support    = (known after apply)
      + tags                 = {
          + "Name" = "datacenter-ec2-ami"
        }
      + tags_all             = {
          + "Name" = "datacenter-ec2-ami"
        }
      + tpm_support          = (known after apply)
      + uefi_data            = (known after apply)
      + usage_operation      = (known after apply)
      + virtualization_type  = (known after apply)

      + ebs_block_device (known after apply)

      + ephemeral_block_device (known after apply)
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + ami_id = (known after apply)

───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply"
now.

bob@iac-server ~/terraform via 💠 default ➜  terraform apply
aws_instance.ec2: Refreshing state... [id=i-3791371cd9d9a4d50]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_ami_from_instance.datacenter_ami will be created
  + resource "aws_ami_from_instance" "datacenter_ami" {
      + architecture         = (known after apply)
      + arn                  = (known after apply)
      + boot_mode            = (known after apply)
      + description          = "AMI created from datacenter-ec2 instance"
      + ena_support          = (known after apply)
      + hypervisor           = (known after apply)
      + id                   = (known after apply)
      + image_location       = (known after apply)
      + image_owner_alias    = (known after apply)
      + image_type           = (known after apply)
      + imds_support         = (known after apply)
      + kernel_id            = (known after apply)
      + manage_ebs_snapshots = (known after apply)
      + name                 = "datacenter-ec2-ami"
      + owner_id             = (known after apply)
      + platform             = (known after apply)
      + platform_details     = (known after apply)
      + public               = (known after apply)
      + ramdisk_id           = (known after apply)
      + root_device_name     = (known after apply)
      + root_snapshot_id     = (known after apply)
      + source_instance_id   = "i-3791371cd9d9a4d50"
      + sriov_net_support    = (known after apply)
      + tags                 = {
          + "Name" = "datacenter-ec2-ami"
        }
      + tags_all             = {
          + "Name" = "datacenter-ec2-ami"
        }
      + tpm_support          = (known after apply)
      + uefi_data            = (known after apply)
      + usage_operation      = (known after apply)
      + virtualization_type  = (known after apply)

      + ebs_block_device (known after apply)

      + ephemeral_block_device (known after apply)
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + ami_id = (known after apply)

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

aws_ami_from_instance.datacenter_ami: Creating...
aws_ami_from_instance.datacenter_ami: Creation complete after 5s [id=ami-268413f50e093a447]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

Outputs:

ami_id = "ami-268413f50e093a447"

bob@iac-server ~/terraform via 💠 default ➜  aws ec2 describe-images --filters "Name=name,Values=datacenter-ec2-ami"
{
    "Images": [
        {
            "BlockDeviceMappings": [
                {
                    "Ebs": {
                        "DeleteOnTermination": false,
                        "SnapshotId": "snap-6f596d2ded64fa12b",
                        "VolumeSize": 15,
                        "VolumeType": "standard"
                    },
                    "DeviceName": "/dev/sda1"
                }
            ],
            "Description": "AMI created from datacenter-ec2 instance",
            "Hypervisor": "xen",
            "ImageOwnerAlias": "amazon",
            "Name": "datacenter-ec2-ami",
            "RootDeviceName": "/dev/sda1",
            "RootDeviceType": "standard",
            "Tags": [
                {
                    "Key": "Name",
                    "Value": "datacenter-ec2-ami"
                }
            ],
            "VirtualizationType": "paravirtual",
            "ImageId": "ami-268413f50e093a447",
            "ImageLocation": "None",
            "State": "available",
            "OwnerId": "000000000000",
            "CreationDate": "2025-06-01T06:49:10.000Z",
            "Public": false,
            "Architecture": "x86_64",
            "ImageType": "machine",
            "KernelId": "None",
            "RamdiskId": "ari-1a2b3c4d"
        }
    ]
}

bob@iac-server ~/terraform via 💠 default ➜  


Task: Create EBS Volume Using Terraform
Date: 02July2025
The Nautilus DevOps team is strategizing the migration of a portion of their infrastructure to the AWS cloud. Recognizing the scale of this undertaking, they have opted to approach the migration in incremental steps rather than as a single massive transition. To achieve this, they have segmented large tasks into smaller, more manageable units. This granular approach enables the team to execute the migration in gradual phases, ensuring smoother implementation and minimizing disruption to ongoing operations. By breaking down the migration into smaller tasks, the Nautilus DevOps team can systematically progress through each stage, allowing for better control, risk mitigation, and optimization of resources throughout the migration process.

For this task, create an AWS EBS volume using Terraform with the following requirements:
1. Name of the volume should be xfusion-volume.
2. Volume type must be gp3.
3. Volume size must be 2 GiB.
4. Ensure the volume is created in us-east-1.

Solution:

bob@iac-server ~/terraform via 💠 default ➜  pwd
/home/bob/terraform

bob@iac-server ~/terraform via 💠 default ➜  cat main.tf 
# Create an EBS volume
resource "aws_ebs_volume" "xfusion_volume" {
  availability_zone = "us-east-1a" # Specify an availability zone in the region
  size              = 2           # Volume size in GiB
  type              = "gp3"       # Volume type

  tags = {
    Name = "xfusion-volume"
  }
}

# Output the Volume ID
output "volume_id" {
  value = aws_ebs_volume.xfusion_volume.id
}

bob@iac-server ~/terraform via 💠 default ➜  terraform init
Initializing the backend...
Initializing provider plugins...
- Finding hashicorp/aws versions matching "5.91.0"...
- Installing hashicorp/aws v5.91.0...
- Installed hashicorp/aws v5.91.0 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

bob@iac-server ~/terraform via 💠 default ➜  terraform validate
Success! The configuration is valid.


bob@iac-server ~/terraform via 💠 default ➜  terraform plan

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_ebs_volume.xfusion_volume will be created
  + resource "aws_ebs_volume" "xfusion_volume" {
      + arn               = (known after apply)
      + availability_zone = "us-east-1a"
      + encrypted         = (known after apply)
      + final_snapshot    = false
      + id                = (known after apply)
      + iops              = (known after apply)
      + kms_key_id        = (known after apply)
      + size              = 2
      + snapshot_id       = (known after apply)
      + tags              = {
          + "Name" = "xfusion-volume"
        }
      + tags_all          = {
          + "Name" = "xfusion-volume"
        }
      + throughput        = (known after apply)
      + type              = "gp3"
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + volume_id = (known after apply)

───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply"
now.

bob@iac-server ~/terraform via 💠 default ➜  terraform apply

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_ebs_volume.xfusion_volume will be created
  + resource "aws_ebs_volume" "xfusion_volume" {
      + arn               = (known after apply)
      + availability_zone = "us-east-1a"
      + encrypted         = (known after apply)
      + final_snapshot    = false
      + id                = (known after apply)
      + iops              = (known after apply)
      + kms_key_id        = (known after apply)
      + size              = 2
      + snapshot_id       = (known after apply)
      + tags              = {
          + "Name" = "xfusion-volume"
        }
      + tags_all          = {
          + "Name" = "xfusion-volume"
        }
      + throughput        = (known after apply)
      + type              = "gp3"
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + volume_id = (known after apply)

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

aws_ebs_volume.xfusion_volume: Creating...
aws_ebs_volume.xfusion_volume: Still creating... [10s elapsed]
aws_ebs_volume.xfusion_volume: Creation complete after 12s [id=vol-a1d396e30dd722be7]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

Outputs:

volume_id = "vol-a1d396e30dd722be7"
bob@iac-server ~/terraform via 💠 default ➜  aws ec2 describe-volumes --filters "Name=tag:Name,Values=xfusion-volume"
{
    "Volumes": [
        {
            "Iops": 3000,
            "Tags": [
                {
                    "Key": "Name",
                    "Value": "xfusion-volume"
                }
            ],
            "VolumeType": "gp3",
            "VolumeId": "vol-a1d396e30dd722be7",
            "Size": 2,
            "SnapshotId": "",
            "AvailabilityZone": "us-east-1a",
            "State": "available",
            "CreateTime": "2025-06-02T15:09:03Z",
            "Attachments": [],
            "Encrypted": false
        }
    ]
}

bob@iac-server ~/terraform via 💠 default ➜  

Task: Create Snapshot Using Terraform 
Date: 24June2025

The Nautilus DevOps team has some volumes in different regions in their AWS account. They are going to setup some automated backups so that all important data can be backed up on regular basis. For now they shared some requirements to take a snapshot of one of the volumes they have.
Create a snapshot of an existing volume named nautilus-vol in us-east-1 region using terraform.
1) The name of the snapshot must be nautilus-vol-ss.
2) The description must be Nautilus Snapshot.
3) Make sure the snapshot status is completed before submitting the task.
The Terraform working directory is /home/bob/terraform. Update the main.tf file (do not create a separate .tf file) to accomplish this task.

Solution: Before starting main.tf file 
bob@iac-server ~/terraform via 💠 default ➜  cat main.tf 
resource "aws_ebs_volume" "k8s_volume" {
  availability_zone = "us-east-1a"
  size              = 5
  type              = "gp2"

  tags = {
    Name        = "nautilus-vol"
  }
}
bob@iac-server ~/terraform via 💠 default ➜  pwd
/home/bob/terraform
bob@iac-server ~/terraform via 💠 default ✖ cat main.tf 
resource "aws_ebs_volume" "k8s_volume" {
  availability_zone = "us-east-1a"
  size              = 5
  type              = "gp2"

  tags = {
    Name        = "nautilus-vol"
  }
}

# Create a snapshot of the existing volume
resource "aws_ebs_snapshot" "nautilus_snapshot" {
  volume_id  = aws_ebs_volume.k8s_volume.id
  description = "Nautilus Snapshot"

  tags = {
    Name = "nautilus-vol-ss"
  }
}

# Output the Snapshot ID
output "snapshot_id" {
  value = aws_ebs_snapshot.nautilus_snapshot.id
}
bob@iac-server ~/terraform via 💠 default ➜  terraform init
Initializing the backend...
Initializing provider plugins...
- Reusing previous version of hashicorp/aws from the dependency lock file
- Using previously-installed hashicorp/aws v5.91.0

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

bob@iac-server ~/terraform via 💠 default ➜  terraform validate
Success! The configuration is valid.


bob@iac-server ~/terraform via 💠 default ➜  terraform plan
aws_ebs_volume.k8s_volume: Refreshing state... [id=vol-b4a4cb483576edeae]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_ebs_snapshot.nautilus_snapshot will be created
  + resource "aws_ebs_snapshot" "nautilus_snapshot" {
      + arn                    = (known after apply)
      + data_encryption_key_id = (known after apply)
      + description            = "Nautilus Snapshot"
      + encrypted              = (known after apply)
      + id                     = (known after apply)
      + kms_key_id             = (known after apply)
      + owner_alias            = (known after apply)
      + owner_id               = (known after apply)
      + storage_tier           = (known after apply)
      + tags                   = {
          + "Name" = "nautilus-vol-ss"
        }
      + tags_all               = {
          + "Name" = "nautilus-vol-ss"
        }
      + volume_id              = "vol-b4a4cb483576edeae"
      + volume_size            = (known after apply)
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + snapshot_id = (known after apply)

───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply"
now.

bob@iac-server ~/terraform via 💠 default ➜  terraform apply
aws_ebs_volume.k8s_volume: Refreshing state... [id=vol-b4a4cb483576edeae]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_ebs_snapshot.nautilus_snapshot will be created
  + resource "aws_ebs_snapshot" "nautilus_snapshot" {
      + arn                    = (known after apply)
      + data_encryption_key_id = (known after apply)
      + description            = "Nautilus Snapshot"
      + encrypted              = (known after apply)
      + id                     = (known after apply)
      + kms_key_id             = (known after apply)
      + owner_alias            = (known after apply)
      + owner_id               = (known after apply)
      + storage_tier           = (known after apply)
      + tags                   = {
          + "Name" = "nautilus-vol-ss"
        }
      + tags_all               = {
          + "Name" = "nautilus-vol-ss"
        }
      + volume_id              = "vol-b4a4cb483576edeae"
      + volume_size            = (known after apply)
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + snapshot_id = (known after apply)

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

aws_ebs_snapshot.nautilus_snapshot: Creating...
aws_ebs_snapshot.nautilus_snapshot: Creation complete after 0s [id=snap-66b94c6855e20884b]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

Outputs:

snapshot_id = "snap-66b94c6855e20884b"

bob@iac-server ~/terraform via 💠 default ➜  aws ec2 describe-snapshots --filters "Name=tag:Name,Values=nautilus-vol-ss" --query "Snapshots[*].State"
[
    "completed"
]

bob@iac-server ~/terraform via 💠 default ➜  

No comments:

Post a Comment