# Launching AWS EC2 Webserver Instance in Terraform.

We have already created [an EC2 instance using Terraform](https://medium.com/@developer.shubham.rasal/create-aws-ec2-instance-using-terraform-3a3a2d273048). Now its time to configure that instance as a webserver.  
Let us discuss what we are going to do. The plan is simple we want the webserver with our custom security group which will have our Github repository code.

#### 1: Configure AWS

provider “aws” {  
 region = “ap-south-1”  
 profile = “shubham”  
}

for more information check [how to configure and launch ec2](https://medium.com/@developer.shubham.rasal/create-aws-ec2-instance-using-terraform-3a3a2d273048)

#### 2: Create a Key Pair

resource “tls\_private\_key” “webserver\_private\_key” {  
 algorithm = “RSA”  
 rsa\_bits = 4096  
}  
resource “local\_file” “private\_key” {  
 content = tls\_private\_key.webserver\_private\_key.private\_key\_pem  
 filename = “webserver\_key.pem”  
 file\_permission = 0400  
}

resource “aws\_key\_pair” “webserver\_key” {  
 key\_name = “webserver”  
 public\_key = tls\_private\_key.webserver\_private\_key.public\_key\_openssh  
}

Here you need to do first ***terraform init*** to download plugins. We are creating a private key and storing it locally so we can access the server using ssh.

#### 3.Create a Security Group

resource “aws\_security\_group” “allow\_http\_ssh” {  
 name = “allow\_http”  
 description = “Allow http inbound traffic”

ingress {  
 description = “http”  
 from\_port = 80  
 to\_port = 80  
 protocol = “tcp”  
 cidr\_blocks = \[“0.0.0.0/0”\]  
   
 }  
ingress {  
 description = “ssh”  
 from\_port = 22  
 to\_port = 22  
 protocol = “tcp”  
 cidr\_blocks = \[“0.0.0.0/0”\]  
 }  
 egress {  
 from\_port = 0  
 to\_port = 0  
 protocol = “-1”  
 cidr\_blocks = \[“0.0.0.0/0”\]  
 }

tags = {  
 Name = “allow\_http\_ssh”  
 }  
}

Ingress rules are for the traffic that enters the boundary of a network. Egress rules imply to traffic exits instance or network.

#### 4\. Create Instance and configure.

  
resource “aws\_instance” “webserver” {  
 ami = “ami-0447a12f28fddb066”  
 instance\_type = “t2.micro”   
 key\_name = aws\_key\_pair.webserver\_key.key\_name  
 security\_groups=\[“${aws\_security\_group.allow\_http\_ssh.name}”\]  
 user\_data = <<-EOF  
 #! /bin/bash  
       sudo yum install httpd -y  
       sudo yum install git -y  
       sudo rm -rf /var/www/html/\*  
       git clone [https://github.com/ShubhamRasal/demo.git](https://github.com/ShubhamRasal/demo.git) /var/www/html/  
       sudo systemctl start httpd  
       sudo systemctl enable httpd  
 EOF  
 tags = {  
 Name = “webserver\_githubcode”  
 }  
}

Here we created an instance of amazon Linux (ami-0447a12f28fddb066).  
We used user\_data to configure our instance.  
We cloned our code files from GitHub and extract into the root folder of the webserver. To clone successfully /var/www/html folder should be empty so sudo rm -rf /var/www/html/\* will delete old files.

output “webserver-ip”{  
 value=aws\_instance.webserver.public\_ip  
}

above code will give us the IP of our webserver.

#### 5\. Check Output

Now time to run our code: ***terraform apply.*** You will get output like below.

Outputs:

webserver-ip = 13.234.217.119

Copy the IP into the browser to see the output.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1685729038483/b612bace-bcdf-495c-914d-9c2576c1e437.png)

output

For simplicity, I am providing a whole code again.

//webserver.tf  
provider "aws" {  
   region  = "ap-south-1"  
   profile = "shubham"  
}  
resource "tls\_private\_key" "webserver\_private\_key" {  
    algorithm   =  "RSA"  
    rsa\_bits    =  4096  
}  
resource "local\_file" "private\_key" {  
    content         =  tls\_private\_key.webserver\_private\_key.private\_key\_pem  
    filename        =  "webserver\_key.pem"  
    file\_permission =  0400  
}

resource "aws\_key\_pair" "webserver\_key" {  
    key\_name   = "webserver"  
    public\_key = tls\_private\_key.webserver\_private\_key.public\_key\_openssh  
}

resource "aws\_security\_group" "allow\_http\_ssh" {  
  name        = "allow\_http"  
  description = "Allow http inbound traffic"

ingress {  
    description = "http"  
    from\_port   = 80  
    to\_port     = 80  
    protocol    = "tcp"  
    cidr\_blocks = \["0.0.0.0/0"\]  
   
  }  
ingress {  
    description = "ssh"  
    from\_port   = 22  
    to\_port     = 22  
    protocol    = "tcp"  
    cidr\_blocks = \["0.0.0.0/0"\]  
   }  
  egress {  
    from\_port   = 0  
    to\_port     = 0  
    protocol    = "-1"  
    cidr\_blocks = \["0.0.0.0/0"\]  
  }

tags = {  
    Name = "allow\_http\_ssh"  
  }  
}  
resource "aws\_instance" "webserver" {  
  ami           = "ami-0447a12f28fddb066"  
  instance\_type = "t2.micro"   
  key\_name  = aws\_key\_pair.webserver\_key.key\_name  
  security\_groups=\["${aws\_security\_group.allow\_http\_ssh.name}"\]  
  user\_data = <<-EOF  
                #! /bin/bash  
                sudo yum install httpd -y  
  sudo yum install git -y  
  sudo rm -rf /var/www/html/\*  
  git clone [https://github.com/ShubhamRasal/demo.git](https://github.com/ShubhamRasal/demo.git) /var/www/html/  
  sudo systemctl start httpd  
                sudo systemctl enable httpd  
  EOF

tags = {  
    Name = "webserver\_task1"  
  }  
}  
output "webserver-ip"{  
 value=aws\_instance.webserver.public\_ip  
}

To destroy what we created just simply do: ***terraform destroy***

#### Conclusion

We have created a simple EC2 instance webserver which will clone code from our GitHub repository.
