Infrastructure As Code - Terraform and AWS.

-

Build AWS infrastructure using Terraform

Terraform is a tool for building, changing, and versioning infrastructure safely and efficiently. Terraform can manage existing and popular service providers as well as custom in-house solutions.
Here i use "AWS" provider to build the infrastructure using terraform but Terraform can manage many providers, including multiple providers in a single configuration, check here for list of providers https://www.terraform.io/docs/providers/index.html .
If you don't have an AWS account, create one now. For the getting started guide, we'll only be using resources which qualify under the AWS free-tier, meaning it will be free.Make sure to select the free tier ami before building the infrastructure, which will be discussed later in this document.
Terraform uses text files to describe infrastructure and to set variables. These text files are called Terraform configurations and end in .tf . Refer For more information about configuration file format .
Clone my terraform script from by GIT Repo .
You can see two file's inside the repo. We'll go over each file and its contents.

1. variables.tf

Here i used "variables.tf" file to store the env variable required for AWS build. You can use any name for your file with '.tf' extension.
Replace the ACCESS_KEY_HERE and SECRET_KEY_HERE with your AWS access key and secret key. 
If you leave value with BLANK i.e default = "" , you will be promoted to type the value during the terraform apply stage.
variable "access_key" {
  default = "ACCESS_KEY_HERE"
 }
variable "secret_key" {
 default = "paste_your_secret_key_here"
 }
Replace the "YOUR_REGION_HERE" with you region. for eg.I used Mumbai region "ap-south-1"
 variable "region" {
  default = "YOUR_REGION_HERE" 
 }
Replace the "YOUR_REGION_HERE" and "YOUR_AMI_HERE".I used Mumbai region Free tier image.
variable "ami" {
 type = "map"
    default = {
     "YOUR_REGION_HERE" = "YOUR_AMI_HERE" 
    }
 }
Below blocks used to connect ec2 instance to install and configure apache .
Replace "YOUR_PRIVATE_KEY_PATH_HERE" ,  "YOUR_PUBLIC_KEY_PATH_HERE"  and "YOUR_INSTANCE_USERNAME_HERE" .
By default instance are created with user 'ec2-user' ,You can use the same.
variable "PATH_TO_PRIVATE_KEY" {
  default = "YOUR_PRIVATE_KEY_PATH_HERE"
}

variable "PATH_TO_PUBLIC_KEY" {
  default = "YOUR_PUBLIC_KEY_PATH_HERE"
}

variable "INSTANCE_USERNAME" {
  default = "YOUR_INSTANCE_USERNAME_HERE"
}

1. ec2.tf

Provider Block :

This block is used to define the provider in our case its "AWS" provider.As mentioned earlier Terraform can manage many providers, including multiple providers in a single configuration.
variable gets the value from the file 'variables.tf' ,which we defined earlier.
provider "aws" {
   access_key  = "${var.access_key}"
   secret_key  = "${var.secret_key}"
   region      = "${var.region}"
}

Resource Block :

The resource block defines a resource that exists within the infrastructure. A resource might be a physical component such as an EC2 instance, or it can be a logical resource such as a Heroku application.
In our case i have defined two Resource blocks ,one is for creating AWS instance and other is for Creating Security group and assigning firewall rules.
This blocks create's an aws t2.micro instance with name "web" and will be tagged with security group "My-SG".
resource "aws_instance" "web" {
   ami = "${lookup(var.ami, var.region)}"
   instance_type = "t2.micro"
   key_name = "your_key_name"
   security_groups = [
   "My-SG"
  ]
Once instance is created ,remote-exec will invoke shell and execute below shell commands on ec2 instance.
  provisioner "remote-exec" {
    inline = [
     "sudo yum install -y httpd",
     "sudo echo 'Welcome to my web page' > /var/www/html/index.html",
     "sudo /bin/systemctl restart httpd.service",
    ]
  }
This block will be used to connect to remote ec2 instance to invoke remote-exec commands.
  connection {
      type     = "ssh"
      user="${var.INSTANCE_USERNAME}"
      private_key="${file("${var.PATH_TO_PRIVATE_KEY}")}"
   }

  tags {
     name = "My-web"
    }
}
And this is our second resource block.This block creates a security group "My-SG". resource "aws_security_group" "My-SG" .
Below block create's OUTBOUND security rule and allow port 80 and 443 from any IP.
If you dont create this rule ,apache Yum installation will be failed.
 egress {
    from_port = 80
    to_port = 80
    protocol = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
 }

egress {
   from_port = 443
   to_port = 443
   protocol = "tcp"
   cidr_blocks = ["0.0.0.0/0"]
}
Below blocks define the security rule for INBOUND ec2 connection.
Here i allowed SSH  and http port to access the web page.
ingress {
  from_port = 80
  to_port = 80
  protocol = "tcp"
  cidr_blocks = ["0.0.0.0/0"]
 }

ingress {
   from_port = 22
   to_port = 22
   protocol = "tcp"
   cidr_blocks = ["0.0.0.0/0"]
}
output Block is used to print ouput of ec2 variables.
For eg. below blocks print the Public IP and FQDN of newly created ec2 instance.
 output "public_ip" {
  value = "${aws_instance.web.public_ip}"
 }

output "public_dns" {
   value = "${aws_instance.web.public_dns}"
 }

Comments

Post a Comment

Popular posts from this blog

Docker ,MakeFile and Jenkins pipeline

-
How to create a re-usable MakeFile for build, push and deploy docker containers? and automate build using Jenkins pipeline.? Typing a long docker commands is always a pain.We can create a script to help us out. Bash can be used here, but using a Makefile for more convenient than script, as the syntax is easy to get started with. Clone below repo [ MakeFile_repo ] and go to the directory.  git clone git@github.com:Prashanth-Pullaikodi/Makefile_Docker_Build.git Repo contains below files and folders. 1. MakeFile: Contains make configuration to build, push and deploy containers. Inorder to run the make command you needs to have docker installed and docker hub account . 2. Nginx: Contains Dockerfile to build NGINX . 3. Jenkinsfile: Contains CD pipile line defintion of automating this build ,push deploy task. Inorder have to use this file you needs to have Jenkins installed and configured with pipeline ,Git plugins. You can use Makefile without Jenkins as well . Makefile
Read more

SAN and NAS Interview questions

-
What is a SAN? SAN is short for Storage Area Network. It is a high-speed network of storage elements, similar in form and function to a LAN that establishes direct and indirect connections between multiple servers and multiple storage elements. The SAN is an extension of the server’s storage bus https://devops-geek.blogspot.com/2011/12/san-and-nas-interview-questions.html What does a SAN do? SANs create connectivity. SANs offer a method of attaching storage that improves data reliability, availability and performance SAN overcomes traditional network bottlenecks by connecting in three ways: Server-to-storage (direct attached storage) Server-to-server (network attached storage) Storage-to-storage (SAN Attached Storage) Name some of the SAN topologies and Explain each of them ? Point-to-point, arbitrated loop, and switched fabric topologies Point-to-Point  A point-to-point connection is the simplest topology. It is used when there are exactly two nodes and future
Read more