Day 64 - Terraform with AWS

Prerequisites

AWS CLI installed

  • The AWS Command Line Interface (AWS CLI) is a unified tool to manage your AWS services. With just one tool to download and configure, you can control multiple AWS services from the command line and automate them through scripts.
sudo apt-get install awscli -y

AWS IAM user

  • IAM (Identity Access Management) AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources.

In order to connect your AWS account and Terraform, you need the access keys and secret access keys exported to your machine.

  • Open your AWS console and log in with your credentials. Search for IAM and click on it. Under 'Users,' select 'Create user' at the top right corner. Assign a username for your IAM, such as 'Terraform-IAM.' Proceed to the next step, choose 'Attach policies directly,' and select 'AdministratorAccess' from the list. Click 'Next,' then 'Create user.' Once created, access your IAM User, navigate to 'Security credentials,' and choose 'Create access key' under 'Access key.' Select for 'Command Line Interface (CLI),' proceed to the next step, and create the access key. Your Access Key ID and Secret Access Key are now generated. For the best example here⬇️ are the images

  • The above⬆️ images and points are to create an IAM user of the AWS access key

In order to connect your AWS account and Terraform, you need the access keys and secret access keys exported to your machine.

aws configure
AWS Access Key ID [None]: <your access key
AWS Secret Access Key [None]: <your Secret Access Key>

Task-01

  • Now, let's provision an EC2 instance using Terraform.

  • Create a folder named terraform-ec2-instance and inside it, create a file named terraform.tf as we need to install the required providers to set up the EC2 instance.

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 5.0"
    }
  }
}

  • Next, we require providers to specify the region for our EC2 instance. For that, let's create a file named providers.tf .
provider "aws" {
    region = "us-east-1"
}

  • Next, we require ec2.tf as we need an AMI, for our EC2 instance. For that, let's create a file named ec2.tf.
resource "aws_instance" "demo_instance" {
    count = 2
    ami = "ami-0c7217cdde317cfec"
    instance_type = "t2.micro"
    tags = {
    Name = "demo-instance"
}
}

  • After completing all the steps mentioned in Day 61's blog, we can use a command to get our ec2 instance.
terraform init
terraform validate
terraform plan
terraform apply

  • Now, open your AWS console, navigate to 'Instances,' and refresh the page. You'll see that your instance has been created using Terraform.

  • But this instance will not run because we didn't add a security group allowing SSH and incoming/outgoing traffic. To make our instance operational, we need to include these settings in our ec2.tf file.

  • Next, we need to configure the firewall (security groups) and CIDR blocks to enable SSH connections to our EC2 instance. For this purpose, let's create a file named ec2.tf.

  • To create a login key pair, we need to generate an SSH key.

# come back to your folders and do this to generate ssh key
cd .ssh
ssh-keygen

  • Now, go to your terraform-ec2-instance folder, access the ec2.tf file, and include the key pair, firewall (security groups), and CIDR blocks. This setup will enable SSH connections to our EC2 instance, allowing it's up and running.
resource "aws_instance" "demo-instance" {
        count = 2
        ami = "ami-0c7217cdde317cfec"
        instance_type = "t2.micro"
        security_groups = [aws_security_group.allow-ssh.name]
        tags = {
        Name = "demo-instance"
}
}

resource "aws_key_pair" "key-code" {
  key_name   = "terra-code-key"
  public_key = file("/home/ubuntu/.ssh/T-key.pub")
}

resource "aws_default_vpc" "default_vpc" {

}

 resource "aws_security_group" "allow-ssh" {
  name        = "allow-ssh"
  description = "Allow ssh inbound traffic"

  # using default VPC
  vpc_id      = aws_default_vpc.default_vpc.id
  ingress {
    description = "TLS from VPC"

    # we should allow incoming and outoging
    # TCP packets
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"

    # allow all traffic
    cidr_blocks = ["0.0.0.0/0"]
  }

  tags = {
    Name = "allow-ssh"
  }
}

  • After completing all the steps mentioned in Day 61's blog, we can use a command to get our ec2 instance again.
terraform init
terraform validate
terraform plan
terraform apply

  • Now your instance will run which you have created from terraform