Infrastructure As Code - Terraform and AWS.

Build AWS infrastructure using Terraform

Terraform is a tool for building, changing, and versioning infrastructure safely and efficiently. Terraform can manage existing and popular service providers as well as custom in-house solutions.
Here i use "AWS" provider to build the infrastructure using terraform but Terraform can manage many providers, including multiple providers in a single configuration, check here for list of providers https://www.terraform.io/docs/providers/index.html .
If you don't have an AWS account, create one now. For the getting started guide, we'll only be using resources which qualify under the AWS free-tier, meaning it will be free.Make sure to select the free tier ami before building the infrastructure, which will be discussed later in this document.
Terraform uses text files to describe infrastructure and to set variables. These text files are called Terraform configurations and end in .tf . Refer For more information about configuration file format .
Clone my terraform script from by GIT Repo .
You can see two file's inside the repo. We'll go over each file and its contents.

1. variables.tf

Here i used "variables.tf" file to store the env variable required for AWS build. You can use any name for your file with '.tf' extension.
Replace the ACCESS_KEY_HERE and SECRET_KEY_HERE with your AWS access key and secret key. 
If you leave value with BLANK i.e default = "" , you will be promoted to type the value during the terraform apply stage.
variable "access_key" {
  default = "ACCESS_KEY_HERE"
 }
variable "secret_key" {
 default = "paste_your_secret_key_here"
 }
Replace the "YOUR_REGION_HERE" with you region. for eg.I used Mumbai region "ap-south-1"
 variable "region" {
  default = "YOUR_REGION_HERE" 
 }
Replace the "YOUR_REGION_HERE" and "YOUR_AMI_HERE".I used Mumbai region Free tier image.
variable "ami" {
 type = "map"
    default = {
     "YOUR_REGION_HERE" = "YOUR_AMI_HERE" 
    }
 }
Below blocks used to connect ec2 instance to install and configure apache .
Replace "YOUR_PRIVATE_KEY_PATH_HERE" ,  "YOUR_PUBLIC_KEY_PATH_HERE"  and "YOUR_INSTANCE_USERNAME_HERE" .
By default instance are created with user 'ec2-user' ,You can use the same.
variable "PATH_TO_PRIVATE_KEY" {
  default = "YOUR_PRIVATE_KEY_PATH_HERE"
}

variable "PATH_TO_PUBLIC_KEY" {
  default = "YOUR_PUBLIC_KEY_PATH_HERE"
}

variable "INSTANCE_USERNAME" {
  default = "YOUR_INSTANCE_USERNAME_HERE"
}

1. ec2.tf

Provider Block :

This block is used to define the provider in our case its "AWS" provider.As mentioned earlier Terraform can manage many providers, including multiple providers in a single configuration.
variable gets the value from the file 'variables.tf' ,which we defined earlier.
provider "aws" {
   access_key  = "${var.access_key}"
   secret_key  = "${var.secret_key}"
   region      = "${var.region}"
}

Resource Block :

The resource block defines a resource that exists within the infrastructure. A resource might be a physical component such as an EC2 instance, or it can be a logical resource such as a Heroku application.
In our case i have defined two Resource blocks ,one is for creating AWS instance and other is for Creating Security group and assigning firewall rules.
This blocks create's an aws t2.micro instance with name "web" and will be tagged with security group "My-SG".
resource "aws_instance" "web" {
   ami = "${lookup(var.ami, var.region)}"
   instance_type = "t2.micro"
   key_name = "your_key_name"
   security_groups = [
   "My-SG"
  ]
Once instance is created ,remote-exec will invoke shell and execute below shell commands on ec2 instance.
  provisioner "remote-exec" {
    inline = [
     "sudo yum install -y httpd",
     "sudo echo 'Welcome to my web page' > /var/www/html/index.html",
     "sudo /bin/systemctl restart httpd.service",
    ]
  }
This block will be used to connect to remote ec2 instance to invoke remote-exec commands.
  connection {
      type     = "ssh"
      user="${var.INSTANCE_USERNAME}"
      private_key="${file("${var.PATH_TO_PRIVATE_KEY}")}"
   }

  tags {
     name = "My-web"
    }
}
And this is our second resource block.This block creates a security group "My-SG". resource "aws_security_group" "My-SG" .
Below block create's OUTBOUND security rule and allow port 80 and 443 from any IP.
If you dont create this rule ,apache Yum installation will be failed.
 egress {
    from_port = 80
    to_port = 80
    protocol = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
 }

egress {
   from_port = 443
   to_port = 443
   protocol = "tcp"
   cidr_blocks = ["0.0.0.0/0"]
}
Below blocks define the security rule for INBOUND ec2 connection.
Here i allowed SSH  and http port to access the web page.
ingress {
  from_port = 80
  to_port = 80
  protocol = "tcp"
  cidr_blocks = ["0.0.0.0/0"]
 }

ingress {
   from_port = 22
   to_port = 22
   protocol = "tcp"
   cidr_blocks = ["0.0.0.0/0"]
}
output Block is used to print ouput of ec2 variables.
For eg. below blocks print the Public IP and FQDN of newly created ec2 instance.
 output "public_ip" {
  value = "${aws_instance.web.public_ip}"
 }

output "public_dns" {
   value = "${aws_instance.web.public_dns}"
 }

Comments

Post a Comment

Popular posts from this blog

Docker ,MakeFile and Jenkins pipeline

Networking Basics

Continuous Deployment - Jenkins , Capistrano And Docker.