Terraform

The Hashicorp Terraform uses main.tf & variable.tf files in which you den define your
Tenant details along with its VRF, BD, Subnets, Application Profiles, Policies, and
Contracts.

You can push/remote the configuration on your ACI Fabric via APIC using a 4 step
procedure on Terraform:
1. Terraform Init - Terraform downloads all defined providers in your main.tf file.
2. Terraform Plan - Analyze your main.tf file and compare it to the state file
terraform.tfstate (if it exists) to determine what part of the plan must be deployed,
updated, or destroyed.
3. Terraform Apply - Apply the changes described by the plan command to the third-
party systems and update the terraform.tfstate file with the current configuration state
for the resources described in the plan.
4. Terraform Destroy - Remove or "unconfigure" all the resources previously deployed.
Terraform tracks those resources by using the state file terraform.tfstate.

Main.tf: Google:

/**

* Copyright 2021 Google LLC

* Licensed under the Apache License, Version 2.0 (the "License");

* you may not use this file except in compliance with the License.

* You may obtain a copy of the License at

* http://www.apache.org/licenses/LICENSE-2.0

* Unless required by applicable law or agreed to in writing, software

* distributed under the License is distributed on an "AS IS" BASIS,

* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

* See the License for the specific language governing permissions and

* limitations under the License.

*/
locals {

env_code = element(split("", var.environment), 0)

source_repos = setintersection(

toset(keys(var.app_infra_pipeline_service_accounts)),

toset(keys(var.sa_roles))

pipeline_roles = var.enable_cloudbuild_deploy ? flatten([

for repo in local.source_repos : [

for role in var.sa_roles[repo] :

repo = repo

role = role

sa = var.app_infra_pipeline_service_accounts[repo]

]) : []

network_user_role = var.enable_cloudbuild_deploy ? flatten([

for repo in local.source_repos : [

for subnet in var.shared_vpc_subnets :

repo = repo

subnet = element(split("/", subnet), index(split("/", subnet), "subnetworks", ) + 1, )

region = element(split("/", subnet), index(split("/", subnet), "regions") + 1, )

sa = var.app_infra_pipeline_service_accounts[repo]

]) : []
}

module "project" {

source = "terraform-google-modules/project-factory/google"

version = "~> 14.1"

random_project_id = true

random_project_id_length = 4

activate_apis = distinct(concat(var.activate_apis, ["billingbudgets.googleapis.com"]))

name = "${var.project_prefix}-${var.business_code}-${local.env_code}-${var.project_suffix}"

org_id = var.org_id

billing_account = var.billing_account

folder_id = var.folder_id

svpc_host_project_id = var.shared_vpc_host_project_id

shared_vpc_subnets = var.shared_vpc_subnets # Optional: To enable subnetting, replace to

vpc_service_control_attach_enabled = var.vpc_service_control_attach_enabled

vpc_service_control_perimeter_name = var.vpc_service_control_perimeter_name

vpc_service_control_sleep_duration = var.vpc_service_control_sleep_duration

labels = {

environment = var.environment

application_name = var.application_name

billing_code = var.billing_code

primary_contact = element(split("@", var.primary_contact), 0)

secondary_contact = element(split("@", var.secondary_contact), 0)

business_code = var.business_code
 env_code = local.env_code

vpc_type = var.vpc_type

budget_alert_pubsub_topic = var.project_budget.alert_pubsub_topic

budget_alert_spent_percents = var.project_budget.alert_spent_percents

budget_amount = var.project_budget.budget_amount

# Additional roles to the App Infra Pipeline service account

resource "google_project_iam_member" "app_infra_pipeline_sa_roles" {

for_each = { for pr in local.pipeline_roles : "${pr.repo}-${pr.sa}-${pr.role}" => pr }

project = module.project.project_id

role = each.value.role

member = "serviceAccount:${each.value.sa}"

resource "google_folder_iam_member" "folder_network_viewer" {

for_each = var.app_infra_pipeline_service_accounts

folder = var.folder_id

role = "roles/compute.networkViewer"

member = "serviceAccount:${each.value}"

resource "google_compute_subnetwork_iam_member" "service_account_role_to_vpc_subnets" {

provider = google-beta

for_each = { for nr in local.network_user_role : "${nr.repo}-${nr.subnet}-${nr.sa}" => nr }

role = "roles/compute.networkUser"

region = each.value.region

project = var.shared_vpc_host_project_id

member = "serviceAccount:${each.value.sa}"

Terraform AWS:
https://github.com/mdb/terraform-example/blob/master/terraform/main.tf

variable "region" {

default = "us-west-2"

variable "domain_name" {

default = "mikeball.me"

provider "aws" {

region = "${var.region}"

resource "aws_s3_bucket" "site" {

bucket = "${var.domain_name}"

region = "${var.region}"

acl = "public-read"

website {

index_document = "index.html"
 error_document = "error.html"

policy = <<EOF

"Version": "2012-10-17",

"Statement": [{

"Sid": "PublicReadForGetBucketObjects",

"Effect": "Allow",

"Principal": "*",

"Action": "s3:GetObject",

"Resource": ["arn:aws:s3:::${var.domain_name}/*"]

}]

EOF

resource "aws_s3_bucket" "wwwsite" {

bucket = "www.${var.domain_name}"

region = "${var.region}"

acl = "public-read"

website {

redirect_all_requests_to = "${var.domain_name}"

resource "aws_s3_bucket_object" "index_file" {

bucket = "${var.domain_name}"

source = "../dist/index.html"

key = "index.html"
 etag = "${md5(file("../dist/index.html"))}"

content_type = "text/html"

depends_on = [

"aws_s3_bucket.site"

resource "aws_s3_bucket_object" "error_file" {

bucket = "${var.domain_name}"

source = "../dist/error.html"

key = "error.html"

etag = "${md5(file("../dist/error.html"))}"

content_type = "text/html"

depends_on = [

"aws_s3_bucket.site"

resource "aws_s3_bucket_object" "css_file" {

bucket = "${var.domain_name}"

source = "../dist/assets/stylesheets/application.css"

key = "assets/stylesheets/application.css"

etag = "${md5(file("../dist/assets/stylesheets/application.css"))}"

content_type = "text/css"

depends_on = [

"aws_s3_bucket.site"

}
resource "aws_s3_bucket_object" "image_file" {

bucket = "${var.domain_name}"

source = "../dist/assets/images/scape_long.png"

key = "assets/images/scape_long.png"

etag = "${md5(file("../dist/assets/images/scape_long.png"))}"

content_type = "image/png"

depends_on = [

"aws_s3_bucket.site"

resource "aws_route53_zone" "primary" {

name = "${var.domain_name}"

resource "aws_route53_record" "site" {

zone_id = "${aws_route53_zone.primary.zone_id}"

name = "${var.domain_name}"

type = "A"

alias {

name = "${aws_s3_bucket.site.website_domain}"

zone_id = "${aws_s3_bucket.site.hosted_zone_id}"

evaluate_target_health = false

Variable.tf:
# variable.tf

# No default value

variable "instance_type" {

type = string

description = "EC2 Instance Type"

# No default value

variable "tag" {

type = string

description = "The tag for the EC2 instance"

# default value for the variable location

variable "location" {

type = string

description = "The project region"

default = "eu-central1"