Launching AWS EC2 Webserver Instance in Terraform.
Greetings, fellow tech enthusiasts! I'm Shubham Rasal, but you might know me better as the SREngineered.
Over the last three years, I have immersed myself deeply in the intricate universe of DevOps and SRE. Along the way, I've brought life to various technologies and projects, utilizing everything from bash script automation to Kubernetes production clusters. My credentials include the Certified Kubernetes Administrator (CKA) and Ansible Certified Engineer titles, standing testament to my unwavering commitment to and understanding of our craft.
This blog is designed for kindred spirits who are passionate about engineering excellence. My goal is to share my experience, knowledge, and wisdom through tutorials, case studies, and Golang code examples that offer valuable solutions for navigating the continually evolving world of DevOps and SRE.
No matter where your interests lie within the vast landscape of DevOps/SRE, Automation, and Golang, this blog aims to offer valuable insights to help you elevate your skills and understanding. So, buckle in and join me on this journey into the thrilling world of cutting-edge engineering solutions!
When I'm not busy conjuring up elegant engineering solutions, I enjoy getting lost in the immersive worlds of movies and books. Feel free to connect with me on LinkedIn, Twitter, or through email.
We have already created an EC2 instance using Terraform. Now its time to configure that instance as a webserver.
Let us discuss what we are going to do. The plan is simple we want the webserver with our custom security group which will have our Github repository code.
1: Configure AWS
provider “aws” {
region = “ap-south-1”
profile = “shubham”
}
for more information check how to configure and launch ec2
2: Create a Key Pair
resource “tls_private_key” “webserver_private_key” {
algorithm = “RSA”
rsa_bits = 4096
}
resource “local_file” “private_key” {
content = tls_private_key.webserver_private_key.private_key_pem
filename = “webserver_key.pem”
file_permission = 0400
}
resource “aws_key_pair” “webserver_key” {
key_name = “webserver”
public_key = tls_private_key.webserver_private_key.public_key_openssh
}
Here you need to do first terraform init to download plugins. We are creating a private key and storing it locally so we can access the server using ssh.
3.Create a Security Group
resource “aws_security_group” “allow_http_ssh” {
name = “allow_http”
description = “Allow http inbound traffic”
ingress {
description = “http”
from_port = 80
to_port = 80
protocol = “tcp”
cidr_blocks = [“0.0.0.0/0”]
}
ingress {
description = “ssh”
from_port = 22
to_port = 22
protocol = “tcp”
cidr_blocks = [“0.0.0.0/0”]
}
egress {
from_port = 0
to_port = 0
protocol = “-1”
cidr_blocks = [“0.0.0.0/0”]
}
tags = {
Name = “allow_http_ssh”
}
}
Ingress rules are for the traffic that enters the boundary of a network. Egress rules imply to traffic exits instance or network.
4. Create Instance and configure.
resource “aws_instance” “webserver” {
ami = “ami-0447a12f28fddb066”
instance_type = “t2.micro”
key_name = aws_key_pair.webserver_key.key_name
security_groups=[“${aws_security_group.allow_http_ssh.name}”]
user_data = <<-EOF
#! /bin/bash
sudo yum install httpd -y
sudo yum install git -y
sudo rm -rf /var/www/html/*
git clone https://github.com/ShubhamRasal/demo.git /var/www/html/
sudo systemctl start httpd
sudo systemctl enable httpd
EOF
tags = {
Name = “webserver_githubcode”
}
}
Here we created an instance of amazon Linux (ami-0447a12f28fddb066).
We used user_data to configure our instance.
We cloned our code files from GitHub and extract into the root folder of the webserver. To clone successfully /var/www/html folder should be empty so sudo rm -rf /var/www/html/* will delete old files.
output “webserver-ip”{
value=aws_instance.webserver.public_ip
}
above code will give us the IP of our webserver.
5. Check Output
Now time to run our code: terraform apply. You will get output like below.
Outputs:
webserver-ip = 13.234.217.119
Copy the IP into the browser to see the output.
output
For simplicity, I am providing a whole code again.
//webserver.tf
provider "aws" {
region = "ap-south-1"
profile = "shubham"
}
resource "tls_private_key" "webserver_private_key" {
algorithm = "RSA"
rsa_bits = 4096
}
resource "local_file" "private_key" {
content = tls_private_key.webserver_private_key.private_key_pem
filename = "webserver_key.pem"
file_permission = 0400
}
resource "aws_key_pair" "webserver_key" {
key_name = "webserver"
public_key = tls_private_key.webserver_private_key.public_key_openssh
}
resource "aws_security_group" "allow_http_ssh" {
name = "allow_http"
description = "Allow http inbound traffic"
ingress {
description = "http"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "ssh"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "allow_http_ssh"
}
}
resource "aws_instance" "webserver" {
ami = "ami-0447a12f28fddb066"
instance_type = "t2.micro"
key_name = aws_key_pair.webserver_key.key_name
security_groups=["${aws_security_group.allow_http_ssh.name}"]
user_data = <<-EOF
#! /bin/bash
sudo yum install httpd -y
sudo yum install git -y
sudo rm -rf /var/www/html/*
git clone https://github.com/ShubhamRasal/demo.git /var/www/html/
sudo systemctl start httpd
sudo systemctl enable httpd
EOF
tags = {
Name = "webserver_task1"
}
}
output "webserver-ip"{
value=aws_instance.webserver.public_ip
}
To destroy what we created just simply do: terraform destroy
Conclusion
We have created a simple EC2 instance webserver which will clone code from our GitHub repository.
