Feat: Add Terraform setup for EC2 instance with remote state management (S3 + DynamoDB)

.gitignore

@@ -1,2 +1,31 @@
 node_modules
-.env
+.env
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+
+# Exclude all .tfvars files, which are likely to contain sentitive data, such as
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
+# to change depending on the environment.
+#
+*.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+
+.idea/

terraform/backend/main.tf

@@ -0,0 +1,36 @@
+provider "aws" {
+  region = var.aws_region
+}
+
+# S3 bucket to store remote Terraform state
+resource "aws_s3_bucket" "tf_state" {
+  bucket = var.s3_bucket_name
+
+  tags = {
+    Name = var.s3_bucket_name
+  }
+}
+
+# Enable versioning
+resource "aws_s3_bucket_versioning" "enabled" {
+  bucket = aws_s3_bucket.tf_state.id
+  versioning_configuration {
+    status = "Enabled"
+  }
+}
+
+# DynamoDB table for state locking
+resource "aws_dynamodb_table" "tf_lock" {
+  name         = var.dynamodb_table_name
+  billing_mode = "PAY_PER_REQUEST"
+  hash_key     = "LockID"
+
+  attribute {
+    name = "LockID"
+    type = "S"
+  }
+
+  tags = {
+    Name = var.dynamodb_table_name
+  }
+}

terraform/backend/variables.tf

@@ -0,0 +1,16 @@
+variable "aws_region" {
+  description = "AWS region where resources will be provisioned"
+  type        = string
+  default     = "ap-south-1"
+}
+
+variable "s3_bucket_name" {
+  description = "Unique S3 bucket name for Terraform remote state"
+  type        = string
+}
+
+variable "dynamodb_table_name" {
+  description = "DynamoDB table name for Terraform state locking"
+  type        = string
+  default     = "terraform_locks"
+}

terraform/ec2-instance/main.tf

@@ -0,0 +1,83 @@
+# Fetch default VPC
+data "aws_vpc" "default" {
+  default = true
+}
+
+# Get all subnets in the default VPC
+data "aws_subnets" "default" {
+  filter {
+    name   = "vpc-id"
+    values = [data.aws_vpc.default.id]
+  }
+}
+
+# Create SSH key pair in AWS from local public key
+resource "aws_key_pair" "ssh" {
+  key_name   = "aws_ec2_key_pair"
+  public_key = var.public_key
+}
+
+# Security Group to allow traffic
+resource "aws_security_group" "ec2_sg" {
+  name        = "aws_ec2_sg"
+  description = "Allow SSH, HTTP, HTTPS"
+  vpc_id      = data.aws_vpc.default.id
+
+  tags = {
+    Name = "aws_ec2_sg"
+  }
+}
+
+# Allow SSH
+resource "aws_vpc_security_group_ingress_rule" "ssh_in" {
+  security_group_id = aws_security_group.ec2_sg.id
+  from_port         = 22
+  to_port           = 22
+  ip_protocol       = "tcp"
+  cidr_ipv4         = "0.0.0.0/0"
+}
+
+# Allow HTTP
+resource "aws_vpc_security_group_ingress_rule" "http_in" {
+  security_group_id = aws_security_group.ec2_sg.id
+  from_port         = 80
+  to_port           = 80
+  ip_protocol       = "tcp"
+  cidr_ipv4         = "0.0.0.0/0"
+}
+
+# Allow HTTPS
+resource "aws_vpc_security_group_ingress_rule" "https_in" {
+  security_group_id = aws_security_group.ec2_sg.id
+  from_port         = 443
+  to_port           = 443
+  ip_protocol       = "tcp"
+  cidr_ipv4         = "0.0.0.0/0"
+}
+
+# Allow all outbound traffic
+resource "aws_vpc_security_group_egress_rule" "all_out" {
+  security_group_id = aws_security_group.ec2_sg.id
+  ip_protocol       = "-1"
+  cidr_ipv4         = "0.0.0.0/0"
+}
+
+# Create EC2 instance
+resource "aws_instance" "resource_machine" {
+  count                       = var.instance_count
+  ami                         = var.ami_id
+  instance_type               = var.instance_type
+  key_name                    = aws_key_pair.ssh.key_name
+  vpc_security_group_ids      = [aws_security_group.ec2_sg.id]
+  subnet_id                   = data.aws_subnets.default.ids[0]
+  associate_public_ip_address = true
+
+  root_block_device {
+    volume_size = var.root_volume_size
+    volume_type = var.root_volume_type
+  }
+
+  tags = {
+    Name = "aws_ec2_machine"
+  }
+}

terraform/ec2-instance/output.tf

@@ -0,0 +1,7 @@
+output "public_ip" {
+  value = aws_instance.resource_machine[*].public_ip
+}
+
+output "public_dns" {
+  value = aws_instance.resource_machine[*].public_dns
+}

terraform/ec2-instance/terraform.tf

@@ -0,0 +1,19 @@
+terraform {
+  backend "s3" {
+    bucket         = "chat-app-s3-bucket-for-state-management"
+    key            = "ec2-instance/terraform.tfstate"
+    region         = "ap-south-1"
+    dynamodb_table = "terraform_locks"
+    encrypt        = true
+  }
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">=6.0"
+    }
+  }
+}
+
+provider "aws" {
+  region = var.aws_region
+}

terraform/ec2-instance/variables.tf

@@ -0,0 +1,35 @@
+variable "aws_region" {
+  type    = string
+  default = "ap-south-1"
+}
+
+variable "ami_id" {
+  description = "AMI ID for EC2 instance"
+  type        = string
+  default     = "ami-02d26659fd82cf299"
+}
+
+variable "instance_type" {
+  type    = string
+  default = "t2.micro"
+}
+
+variable "instance_count" {
+  type    = number
+  default = 1
+}
+
+variable "public_key" {
+  description = "SSH public key for EC2"
+  type        = string
+}
+
+variable "root_volume_size" {
+  type    = number
+  default = 30
+}
+
+variable "root_volume_type" {
+  type    = string
+  default = "gp3"
+}