SketchScript

Infrastructure

What did I learn about infra during this project

IaC

This was my first time using Terraform and really my first time diving deep into IaC To effectively write the IaC, I had to learn about Gateways, VPCs, and what an EC2 even is.

🛠️ Infrastructure Overview

This document explains the AWS resources and Terraform blocks used to provision a secure, internet-accessible EC2 instance within a custom VPC.

☁️ VPC (Virtual Private Cloud)

A VPC is your own private network in the AWS cloud. It defines the IP range and forms the base layer of your infrastructure.

resource "aws_vpc" "main" {
  cidr_block = "10.0.0.0/16"
}
📦 Subnet
A subnet is a segmented block of IPs within your VPC, typically bound to an availability zone.

hcl
Copy
Edit
resource "aws_subnet" "main" {
  vpc_id            = aws_vpc.main.id
  cidr_block        = "10.0.1.0/24"
  availability_zone = "us-east-1a"
}
🌐 Internet Gateway (IGW)
An internet gateway enables outbound internet access from your VPC.

hcl
Copy
Edit
resource "aws_internet_gateway" "gw" {
  vpc_id = aws_vpc.main.id
}
🧭 Route Table & Association
A route table defines how traffic is routed. You associate it with a subnet to apply routing rules.

hcl
Copy
Edit
resource "aws_route_table" "r" {
  vpc_id = aws_vpc.main.id

  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = aws_internet_gateway.gw.id
  }
}

resource "aws_route_table_association" "a" {
  subnet_id      = aws_subnet.main.id
  route_table_id = aws_route_table.r.id
}
🔐 Security Group
Security groups act as firewalls controlling traffic to/from instances.

hcl
Copy
Edit
resource "aws_security_group" "ssh_sg" {
  name        = "allow_ssh"
  description = "Allow SSH inbound traffic"
  vpc_id      = aws_vpc.main.id

  ingress {
    description = "SSH"
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["${trimspace(data.http.my_ip.body)}/32"]
  }

  ingress {
    from_port   = 443
    to_port     = 443
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}
🔑 IAM Role & Policy
IAM roles define what an EC2 instance can access. Here, we attach S3 read-only permissions.

h
Copy
Edit
resource "aws_iam_role" "ec2_role" {
  name = "my-istance-role-ec2"

  assume_role_policy = jsonencode({
    Version = "2012-10-17",
    Statement = [{
      Effect = "Allow",
      Principal = {
        Service = "ec2.amazonaws.com"
      },
      Action = "sts:AssumeRole"
    }]
  })
}

resource "aws_iam_role_policy_attachment" "attach_s3_readonly" {
  role       = aws_iam_role.ec2_role.name
  policy_arn = "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"
}
## 💻 EC2 Instance
This provisions a t3.micro Amazon Linux 2023 EC2 instance.

````hcl
resource "aws_instance" "web" {
  ami                    = "ami-0c101f26f147fa7fd"
  instance_type          = var.instance_type
  subnet_id              = aws_subnet.main.id
  key_name               = var.key_name
  vpc_security_group_ids = [aws_security_group.ssh_sg.id]
  iam_instance_profile   = aws_iam_instance_profile.ec2_instance_profile.name

  tags = {
    Name = "api-ec2"
  }
}

Overview

What did you learn contributing to SketchScript

Getting Started

Figure out how you can help out at SketchScript

On this page

IaC🛠️ Infrastructure Overview☁️ VPC (Virtual Private Cloud)