Terraformdsl.rb is a DSL library to generate *.tf files of Terraform.
See 'examples/' directory for examples.
Add this line to your application's Gemfile:
gem 'terraformdsl'
And then execute:
$ bundle
Or install it yourself as:
$ gem install terraformdsl
See 'examples/' directory for practical examples.
myproj-infra.rb:
require 'terraformdsl/aws'
region = ENV['AWS_DEFAULT_REGION']
prefix = "myproj"
vpc = nil
public_dns_records = []
private_dns_records = []
output = TerraformDSL::Outputs.new
var = TerraformDSL::Variables.new
var.define :base_domain , "ex: example.com"
var.define :office_ip , "ex: 123.123.123.123"
aws_infra = TerraformDSL::AWS.infra()
aws_infra.region(region) {
## Availability Zone
az_a = AZ("#{region}a") # ex: 'ap-east-1a'
az_b = AZ("#{region}b") # ex: 'ap-east-1b'
az_c = AZ("#{region}c") # ex: 'ap-east-1c'
az_d = AZ("#{region}d") # ex: 'ap-east-1d'
## AMI
ubuntu_ami = AMI('ubuntu18lts', "099720109477",
"ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-20190212.1"
)
## VPC
vpc = VPC("#{prefix}-vpc", "10.0.0.0/16") {|vpc|
sshkey_name = "#{prefix}-ubuntu"
### Internet Gateway
gateway = InternetGateway("#{prefix}-gateway")
## Route Table
public_rt = RouteTable("#{prefix}-public-routing") {
Route(nil, gateway: gateway)
}
private_rt = RouteTable("#{prefix}-private-routing") {
#Route(nil, gateway: gateway)
}
### Subnet
public_a = Subnet("#{prefix}-public-a" , "10.0.1.0/24" , az_a, public_rt)
public_b = Subnet("#{prefix}-public-b" , "10.0.2.0/24" , az_b, public_rt)
private_a = Subnet("#{prefix}-private-a", "10.0.11.0/24", az_a, private_rt)
private_b = Subnet("#{prefix}-private-b", "10.0.12.0/24", az_b, private_rt)
## Security Group
public_secgrp = SecurityGroup("#{prefix}-public-secgrp", "allows http,https") {
Ingress(:any , 0, :self)
Ingress(:tcp , 22, "#{var.office_ip}/32")
Ingress(:tcp , 80, nil)
Ingress(:tcp , 443, nil)
Ingress(:icmp, nil, vpc.cidr)
Egress( :any , 0, nil)
}
### EC2 and EIP
let public_a, public_secgrp, ubuntu_ami, sshkey_name do
|sn, sg, ami, kn|
www_ec2 = EC2("#{prefix}-www-ec2" , "t3.micro", ami, sn, sg, kn)
www_ip = EIP("#{prefix}-www-ip" , www_ec2)
public_dns_records << [:A, "www" , www_ip]
private_dns_records << [:A, "www" , www_ec2]
output[:www_ip] = www_ip.attr(:public_ip)
end
}#vpc
}#region
aws_infra.global {
## DNS
Route53() {
Zone("public-dns", var.base_domain) {
public_dns_records.each do |type, name, value|
Record(type, name, value)
end
}
PrivateZone("private-dns", "internal", vpc) {
private_dns_records.each do |type, name, value|
Record(type, name, value)
end
}
}
}
if __FILE__ == $0
puts var.generate_tf()
puts aws_infra.generate_tf()
puts output.generate_tf()
end
Generate *.tf file:
$ ruby myproj-infra.rb > myproj-infra.tf
myproj-infra.tf (genareated)
variable "base_domain" {
description = "ex: example.com"
}
variable "office_ip" {
description = "ex: 123.123.123.123"
}
provider "aws" {
#access_key = "${var.access_key}"
#secret_key = "${var.secret_key}"
region = "us-east-1"
}
data "aws_ami" "ubuntu18lts" {
most_recent = true
owners = ["099720109477"]
filter {
name = "name"
values = ["ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-20190212.1"]
}
}
resource "aws_vpc" "myproj-vpc" {
cidr_block = "10.0.0.0/16"
enable_dns_support = true
enable_dns_hostnames = true
tags {
Name = "myproj-vpc"
}
}
resource "aws_internet_gateway" "myproj-gateway" {
vpc_id = "${aws_vpc.myproj-vpc.id}"
tags {
Name = "myproj-gateway"
}
}
resource "aws_route_table" "myproj-public-routing" {
vpc_id = "${aws_vpc.myproj-vpc.id}"
tags {
Name = "myproj-public-routing"
}
route {
cidr_block = "0.0.0.0/0"
gateway_id = "${aws_internet_gateway.myproj-gateway.id}"
}
}
resource "aws_route_table" "myproj-private-routing" {
vpc_id = "${aws_vpc.myproj-vpc.id}"
tags {
Name = "myproj-private-routing"
}
}
resource "aws_subnet" "myproj-public-a" {
vpc_id = "${aws_vpc.myproj-vpc.id}"
availability_zone = "us-east-1a"
cidr_block = "10.0.1.0/24"
tags {
Name = "myproj-public-a"
}
}
resource "aws_route_table_association" "myproj-public-routing-myproj-public-a" {
route_table_id = "${aws_route_table.myproj-public-routing.id}"
subnet_id = "${aws_subnet.myproj-public-a.id}"
}
resource "aws_subnet" "myproj-public-b" {
vpc_id = "${aws_vpc.myproj-vpc.id}"
availability_zone = "us-east-1b"
cidr_block = "10.0.2.0/24"
tags {
Name = "myproj-public-b"
}
}
resource "aws_route_table_association" "myproj-public-routing-myproj-public-b" {
route_table_id = "${aws_route_table.myproj-public-routing.id}"
subnet_id = "${aws_subnet.myproj-public-b.id}"
}
resource "aws_subnet" "myproj-private-a" {
vpc_id = "${aws_vpc.myproj-vpc.id}"
availability_zone = "us-east-1a"
cidr_block = "10.0.11.0/24"
tags {
Name = "myproj-private-a"
}
}
resource "aws_route_table_association" "myproj-private-routing-myproj-private-a" {
route_table_id = "${aws_route_table.myproj-private-routing.id}"
subnet_id = "${aws_subnet.myproj-private-a.id}"
}
resource "aws_subnet" "myproj-private-b" {
vpc_id = "${aws_vpc.myproj-vpc.id}"
availability_zone = "us-east-1b"
cidr_block = "10.0.12.0/24"
tags {
Name = "myproj-private-b"
}
}
resource "aws_route_table_association" "myproj-private-routing-myproj-private-b" {
route_table_id = "${aws_route_table.myproj-private-routing.id}"
subnet_id = "${aws_subnet.myproj-private-b.id}"
}
resource "aws_security_group" "myproj-public-secgrp" {
name = "myproj-public-secgrp"
description = "allows http,https"
vpc_id = "${aws_vpc.myproj-vpc.id}"
tags {
Name = "myproj-public-secgrp"
}
ingress {
from_port = "0"
to_port = "0"
protocol = "-1"
self = true
}
ingress {
from_port = "22"
to_port = "22"
protocol = "tcp"
cidr_blocks = ["${var.office_ip}/32"]
}
ingress {
from_port = "80"
to_port = "80"
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = "443"
to_port = "443"
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = "-1"
to_port = "-1"
protocol = "icmp"
cidr_blocks = ["10.0.0.0/16"]
}
egress {
from_port = "0"
to_port = "0"
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "aws_instance" "myproj-www-ec2" {
instance_type = "t3.micro"
ami = "${data.aws_ami.ubuntu18lts.image_id}"
subnet_id = "${aws_subnet.myproj-public-a.id}"
vpc_security_group_ids = ["${aws_security_group.myproj-public-secgrp.id}"]
key_name = "myproj-ubuntu"
credit_specification {
cpu_credits = "unlimited"
}
tags {
Name = "myproj-www-ec2"
}
}
resource "aws_eip" "myproj-www-ip" {
vpc = true
instance = "${aws_instance.myproj-www-ec2.id}"
tags {
Name = "myproj-www-ip"
}
}
resource "aws_route53_zone" "public-dns" {
name = "${var.base_domain}"
tags {
Name = "public-dns"
}
}
resource "aws_route53_record" "public-dns-www-A" {
zone_id = "${aws_route53_zone.public-dns.zone_id}"
type = "A"
name = "www"
ttl = "5"
records = ["${aws_eip.myproj-www-ip.public_ip}"]
}
resource "aws_route53_zone" "private-dns" {
name = "internal"
vpc {
vpc_id = "${aws_vpc.myproj-vpc.id}"
}
tags {
Name = "private-dns"
}
}
resource "aws_route53_record" "private-dns-www-A" {
zone_id = "${aws_route53_zone.private-dns.zone_id}"
type = "A"
name = "www"
ttl = "5"
records = ["${aws_instance.myproj-www-ec2.private_ip}"]
}
output "www_ip" {
value = "${aws_eip.myproj-www-ip.public_ip}"
}
MIT License
FAQs
Unknown package
We found that terraformdsl demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PyPI confirms no security flaws were exploited in the Ultralytics supply chain attack and highlights improvements for safer package publishing.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.