AWS EC2 instance deployment with Terraform

Terraform AWS DB Instance
Terraform AWS DB Instance

EC2 instance deployment with Terraform

Terraform is an open source “infrastructure as code” tool, which is used for building, changing, and versioning infrastructure safely and efficiently. Through terraform we can manage multi service provider as well as custom in-house solutions. Terraform is performing core role in devOps to manage the infra. Terraform talks to VMWare, AWS, GCP, Azure etc. Terraform extension is “.tf” .

So today we are going to learn, so many things like:-
Create VPC Subnet
Create EC2 Instance
Create Security Group and assign Rules

Prerequisites:-
AWS Account
Configure AWS CLI or Use Credentials Directly
IAM User with permissions

So lets Start “EC2 instance deployment with Terraform

So first we will create a variables file with the name of “variables.tf”

vim variables.tf

 

## In this file we are assigning the variables for reuse

variable “aws_region” {
  description = “Region for the VPC”
  default = “ap-northeast-1”
}

variable “vpc_cidr” {
  description = “CIDR for the VPC”
  default = “10.0.0.0/16”
}

variable “public_subnet_cidr” {
  description = “CIDR for the public subnet”
  default = “10.0.1.0/24”
}

variable “private_subnet_cidr” {
  description = “CIDR for the private subnet”
  default = “10.0.2.0/24”
}

variable “ami” {
  description = “centos7 AMI”
  default = “ami-045f38c93733dd48d”
}

variable “key_path” {
  description = “SSH Public Key path”
  default = “public_key”
}


Now, our next step is to create provider file in which we will define on which cloud we need to deploy.

vim provider.tf

# Define AWS as our provider

provider “aws” {
  region = “${var.aws_region}”
}


Our next step is to create VPC, Subnet, Internet Gateway, Route Table, Security Group etc.

vim vpc.tf

 

# Define our VPC
resource “aws_vpc” “lhvpc” {
  cidr_block = “${var.vpc_cidr}”
  enable_dns_hostnames = true
  tags = {
    Name = “lh-vpc”
  }
}

# Define the public subnet
resource “aws_subnet” “public-subnet” {
  vpc_id = “${aws_vpc.lhvpc.id}”
  cidr_block = “${var.public_subnet_cidr}”
  availability_zone = “ap-northeast-1a”
  tags = {
    Name = “Web Public Subnet”
  }
}

# Define the private subnet
resource “aws_subnet” “private-subnet” {
  vpc_id = “${aws_vpc.lhvpc.id}”
  cidr_block = “${var.private_subnet_cidr}”
  availability_zone = “ap-northeast-1c”
  tags = {
    Name = “Database Private Subnet”
  }
}

# Define the internet gateway
resource “aws_internet_gateway” “gw” {
  vpc_id = “${aws_vpc.lhvpc.id}”
  tags = {
    Name = “VPC IGW”
  }
}

# Define the route table
resource “aws_route_table” “web-public-rt” {
  vpc_id = “${aws_vpc.lhvpc.id}”
  route {
    cidr_block = “0.0.0.0/0”
    gateway_id = “${aws_internet_gateway.gw.id}”
  }
  tags = {
    Name = “Public Subnet RT”
  }
}

# Assign the route table to the public Subnet
resource “aws_route_table_association” “web-public-rt” {
  subnet_id = “${aws_subnet.public-subnet.id}”
  route_table_id = “${aws_route_table.web-public-rt.id}”
}

# Define the security group for public subnet
resource “aws_security_group” “sgweb” {
  name = “vpc_test_web”
  description = “Allow incoming HTTP connections & SSH access”

  ingress {
    from_port = 80
    to_port = 80
    protocol = “tcp”
    cidr_blocks = [“0.0.0.0/0”]
  }

  ingress {
    from_port = 443
    to_port = 443
    protocol = “tcp”
    cidr_blocks = [“0.0.0.0/0”]
  }

  ingress {
    from_port = -1
    to_port = -1
    protocol = “icmp”
    cidr_blocks = [“0.0.0.0/0”]
  }

  ingress {
    from_port = 22
    to_port = 22
    protocol = “tcp”
    cidr_blocks =  [“0.0.0.0/0”]
  }

  egress {
    from_port       = 0
    to_port         = 0
    protocol        = “-1”
    cidr_blocks     = [“0.0.0.0/0”]
  }

  vpc_id=”${aws_vpc.lhvpc.id}”
  tags = {
    Name = “Web Server SG”
  }
}

# Define the security group for private subnet

resource “aws_security_group” “sgdb”{
  name = “sg_test_web”
  description = “Allow traffic from public subnet”

  ingress {
    from_port = 3306
    to_port = 3306
    protocol = “tcp”
    cidr_blocks = [“${var.public_subnet_cidr}”]
  }

  ingress {
    from_port = -1
    to_port = -1
    protocol = “icmp”
    cidr_blocks = [“${var.public_subnet_cidr}”]
  }

  ingress {
    from_port = 22
    to_port = 22
    protocol = “tcp”
    cidr_blocks = [“${var.public_subnet_cidr}”]
  }

  vpc_id = “${aws_vpc.lhvpc.id}”
  tags = {
    Name = “DB SG”
  }
}


Our next step is to create resource file for EC2 instance, we will create 2 instances one is webserver and another one is for database server.

vim resource.tf

# Define SSH key pair for our instances

resource “aws_key_pair” “default” {
  key_name = “jenkins”
  public_key = “${file(“${var.key_path}”)}” 
}

# Define webserver inside the public subnet

resource “aws_instance” “wb” {
   ami  = “${var.ami}”
   instance_type = “t2.micro”
   key_name = “${aws_key_pair.default.id}”
   subnet_id = “${aws_subnet.public-subnet.id}”
   vpc_security_group_ids = [“${aws_security_group.sgweb.id}”]
   associate_public_ip_address = true
   source_dest_check = false
   user_data = “${file(“userdata.sh”)}”
  tags = {
    Name = “webserver”
  }
}

# Define database inside the private subnet

resource “aws_instance” “db” {
   ami  = “${var.ami}”
   instance_type = “t2.micro”
   key_name = “${aws_key_pair.default.id}”
   subnet_id = “${aws_subnet.private-subnet.id}”
   vpc_security_group_ids = [“${aws_security_group.sgdb.id}”]
   source_dest_check = false
  tags = {
    Name = “database”
  }
}

# Create an AMI fo an instance

resource “aws_ami_from_instance” “wb-ami” {
name = “wb ami”
source_instance_id = “${aws_instance.wb.id}”
}


Now we will create a script file to install basic requirements like HTTPD apache

vim userdata.sh

#!bin/bash

yum install -y httpd
systemctl start httpd
systemctl enable httpd

echo “Welcome to DevOpsCheetah.com” > /var/www/html/index.html

Thanks to all you i hope you enjoyed the todays blog ” Terraform AWS DB Instance, EC2 Instance deployment with Terraform

Leave a Reply

Your email address will not be published. Required fields are marked *