Convert AWS CloudFormation to Terraform template

4,081 views
Skip to first unread message

Trung Nguyen Kien

unread,
Jun 5, 2017, 2:32:39 PM6/5/17
to Terraform
Hi,

I'm trying to convert an AWS CloudFormation to Terraform template but running into issues when doing terraform apply.

The CloudFormation template i'm using is from AWS Sample: https://s3.amazonaws.com/cloudformation-templates-us-east-1/WordPress_Multi_AZ.template

And my main.tf is: 

provider "aws" {
  region = "${var.region}"
}

resource "aws_alb" "ApplicationLoadBalancer" {
  name = "ApplicationLoadBalancer"
  subnets = ["${var.Subnets}"]
}

resource "aws_alb_listener" "ALBListener" {
  default_action {
    target_group_arn = "${aws_alb_target_group.ALBTargetGroup.arn}"
    type = "forward"
  }
  load_balancer_arn = "${aws_alb.ApplicationLoadBalancer.arn}"
  port = 80
  protocol = "http"
}

resource "aws_alb_target_group" "ALBTargetGroup" {
  name = "ALBTargetGroup"
  port = 80
  protocol = "http"
  vpc_id = "${var.VpcId}"
  health_check {
    path = "/wordpress/wp-admin/install.php"
    healthy_threshold = 2
    unhealthy_threshold = 5
    interval = 10
    timeout = 5
    port = "80"
    protocol = "http"
  }

  stickiness {
    type = "lb_cookie"
    cookie_duration = 600
  }
}

resource "aws_security_group" "WebServerSecurityGroup" {
  name = "WebServerSecurityGroup"
  description = "Type=AWS::EC2::SecurityGroup, Enable HTTP access via port 80 locked down to the load balancer + SSH access"
  vpc_id = "${var.VpcId}"

  # {"IpProtocol" : "tcp", "FromPort" : "80", "ToPort" : "80", "SourceSecurityGroupId" : {"Fn::Select" : [0, {"Fn::GetAtt" : ["ApplicationLoadBalancer", "SecurityGroups"]}]}},
  ingress {
    from_port = 80
    protocol = "tcp"
    to_port = 80
    security_groups = ["${aws_alb.ApplicationLoadBalancer.security_groups}"]
  }

  ingress {
    from_port = 22
    protocol = "tcp"
    to_port = 22
    cidr_blocks = ["${var.SSHLocation}"]
  }
}

#"CreationPolicy" : {
#   "ResourceSignal" : {
#      "Timeout" : "PT15M"
#   }
#},
#"UpdatePolicy": {
#   "AutoScalingRollingUpdate": {
#       "MinInstancesInService": "1",
#       "MaxBatchSize": "1",
#       "PauseTime" : "PT15M",
#       "WaitOnResourceSignals": "true"
#   }
#}
resource "aws_autoscaling_group" "WebServerGroup" {
  name = "WebServerGroup"
  vpc_zone_identifier = ["${var.Subnets}"]
  launch_configuration = ""
  max_size = 5
  min_size = 1
  desired_capacity = "${var.WebServerCapacity}"
  target_group_arns = ["${aws_alb_target_group.ALBTargetGroup.arn}}"]
  launch_configuration = "${aws_launch_configuration.LaunchConfig.name}"
}
# TODO missing CreationPolicy and UpdatePolicy
#resource "aws_autoscaling_policy" "" {
#  adjustment_type = ""
#  autoscaling_group_name = "${aws_autoscaling_group.WebServerGroup.name}"
#  name = ""
#}

resource "aws_launch_configuration" "LaunchConfig" {
  name = "LaunchConfig"
  image_id = "${lookup(var.AWSRegionArch2AMI, format("%s.%s", var.region, lookup(var.AWSInstanceType2Arch, format("%s.arch", var.InstanceType))))}"
  instance_type = "${var.InstanceType}"
  security_groups = ["${aws_security_group.WebServerSecurityGroup.id}"]
  key_name = "${var.KeyName}"
  user_data = "${file("scripts/install_wp.sh")}"
}

# "EC2VpcId" : { "Ref" : "VpcId" }
resource "aws_db_security_group" "DBSecurityGroup" {
  name = "DBSecurityGroup"
  description = "database access"
  # FIXME EC2VpcID mapping is actually in aws_db_instance
  "ingress" {
    security_group_id = "${aws_security_group.WebServerSecurityGroup.id}"
  }
}

resource "aws_db_instance" "DBInstance" {
  name = "${var.DBName}"
  instance_class = "${var.DBClass}"
  multi_az = "${var.MultiAZDatabase}"
  vpc_security_group_ids = ["${var.VpcId}}"]
  username = "${var.DBUser}"
  password = "${var.DBPassword}"
  allocated_storage = "${var.DBAllocatedStorage}"
  engine = "MySQL"
}

I got an error:

Error refreshing state: 1 error(s) occurred:

* aws_db_security_group.DBSecurityGroup: 1 error(s) occurred:

* aws_db_security_group.DBSecurityGroup: aws_db_security_group.DBSecurityGroup: Unable to find DB Security Group: []*rds.DBSecurityGroup{{
  DBSecurityGroupArn: "arn:aws:rds:us-east-1:744357503917:secgrp:dbsecuritygroup",
  DBSecurityGroupDescription: "database access",
  DBSecurityGroupName: "dbsecuritygroup",
  OwnerId: "744357503917",
  VpcId: "vpc-fdf3f59b"
}}

Can anyone shed some lights?

Thanks,

Trung



Lowe Schmidt

unread,
Jun 6, 2017, 8:00:09 AM6/6/17
to terrafo...@googlegroups.com

--
Lowe Schmidt | +46 723 867 157

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/terraform/issues
IRC: #terraform-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Terraform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to terraform-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/d48b69ca-3d4d-4eb2-b1b4-d93143de77a3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Trung Nguyen Kien

unread,
Jun 8, 2017, 12:01:52 PM6/8/17
to Terraform
Thanks Lowe, the issue with DB security group is no longer there.
To unsubscribe from this group and stop receiving emails from it, send an email to terraform-too...@googlegroups.com.

tanuj....@gmail.com

unread,
Sep 19, 2017, 12:25:43 PM9/19/17
to Terraform
Hi Trung,

Can you please provide me your terraform template of Wordpress for AWS ?

Thanks in advance.

Regards,
Tanuj

Wilson Mar

unread,
Oct 16, 2017, 12:01:59 PM10/16/17
to Terraform
Trung, I would appreciate it as well.

// Wilson

Trung Nguyen Kien

unread,
Oct 23, 2017, 9:00:12 AM10/23/17
to Terraform
Hope this would give you a good start: https://github.com/trung/cloudformation-terraform
Reply all
Reply to author
Forward
0 new messages