Terraform is really helpful when working with cloud providers because you can easily manage your resources without having to move around the AWS management console. In my case, I got a surprising bill from AWS because I had some instances I left running and forgot about. Deleting these resources on the console was time-consuming as some resources depend on each other, but with Terraform, a simple ‘terraform destroy’ can pull down all the resources that are no longer needed.
- Terraform Installed
- AWS account
WHAT IS TERRAFORM?
Terraform is an open-source infrastructure as code tool that allows programmers to provision, change, and version infrastructure using a high-level configuration language, HCL (HashiCorp Configuration Language).
WHAT IS AN EC2 INSTANCE?
EC2, Elastic Compute Cloud, is a service that allows you request and provision a compute virtual server in AWS cloud.
Amazon provides various types of instances with different configurations of CPU, memory, storage, and networking resources to suit user needs. Each type is available in various sizes to address specific workload requirements.
Instances are created from Amazon Machine Images (AMI). The machine images are like templates, they are configured with an operating system (OS) and other software, which determine the user’s operating environment.
We will be setting up our ec2 instance using an Ubuntu Server 20.04 LTS (HVM), SSD Volume Type AMI.
CREATE THE PROVIDERS.TF FILE
The terraform block specifies the provider we are downloading from the Terraform Registry and their version constraint.
Above we are specifying that we will be using an AWS provider. The shared_ credentials_file argument is pointing to where we have our credentials, which are the access key and secret access key. To learn more about setting up your AWS credentials, check here , Set up AWS Credentials.
CREATE THE MAIN.TF FILE
In the main.tf file, we will configure the resources required to create the EC2 resource and also the EC2 resource itself. These resources include
- A VPC (Virtual private cloud)
- Internet gateway
- Route table
- Route table association
- Security Group
- Instance AMI
- Key pair and finally
- EC2 instance
- The VPC
Note, “resource” above specifies that we are creating a resource, “aws_vpc” is the resource type and “my_vpc” is the resource name.
A vpc is an isolated portion on the AWS cloud infrastructure that allows you to launch your AWS resources with particular rules and policies that you define. including selection of your own IP address range, creation of subnets, configuration of route tables etc. This is mainly for security reasons.
“10.123.0.0/16″ simply means that any instances inside the vpc will have an IP of “10.123.X.Y” where X and Y can be any number between 2 and 254.
To learn more about cidr blocks refer to this article, What is CIDR (Classless Inter-Domain Routing)? — Whizlabs Blog.
2. The subnet(Sub Network)
A subnet is simply a range of IP addresses in your VPC and we are going to provision our resources in one subnet.
“aws_vpc.my_vpc.id” is an implicit reference to the vpc we created above. We are getting the vpc id which is one of the attributes that is created after deploying our vpc.
This subnet will be a public subnet with a route which will be connected to a route table and the route table will have an internet gateway attached that will allow information to flow in and out of the subnet to and from the internet.
3. The Internet gateway
To give the instances in our VPC the ability to connect to the internet from the amazon network, we need to attach an internet gateway.
4. Public route table
A route table contains a set of rules, called routes, that are used to determine where network traffic is directed. So basically how traffic can flow amongst the members of the vpc(subnets, instances etc) and also out of the vpc e.g to the internet.
We are creating a route table to route traffic from our subnet to our internet gateway.
Here we are adding an internet gateway route to the route table we created above.
“0.0.0.0/0” means that anytime our resources want to communicate(both inbound and outbound) with the internet they have to pass through the internet gateway.
6. Route table association
We want to bridge the gap between our route table and our subnet by providing a route table association.
Now we need to attach the subnet we created to the route table. By attaching the subnet to this table which already has an internet gateway route, we are basically creating a Public subnet because it has access to the internet. A Private subnet on the other hand does not have access to the internet. To create a private subnet, you can attach the subnet to a route table that does not have an internet gateway route.
7. Security Groups
A security group acts as a virtual firewall for your instance to control inbound and outbound traffic.
Ingress: The Ingress or Inbound Rules control the traffic that’s allowed to reach the instance. Here we are allowing traffic from all ports but in the cidr_block you can put in your IP address to specify that you want to access the instances in your vpc from only your IP. To get your public IP, Just type in “What is my Public IP?” in your browser.
egress: Egress or Outbound Rules controls the traffic going out of the instance. Here the cidr_block is “0.0.0.0/0″ because we want it to be able to access the internet.
8. Instance AMI
DATA SOURCES (DATASOURCES.TF FILE)
We need to provide the AMI of the ec2 instance we will be deploying, to do this we can make use of a Terraform Data Source. In our case its a query of the AWS API to receive information needed to deploy a resource.
“aws_ami” is the name of the data source and to get the particular AMI owner ID , refer to this, Get AMI owner ID.
9. Key pair
We will create a key pair which the EC2 resource will use, so that we can ssh into the instance. To do this you can run the code below in the terminal. Provide the necessary file path to the key and rename it to “my_key”.
The terraform file function allows us specify the path to the key.
9. EC2 instance
Finally we can now configure our ec2 instance resource.
DEPLOYING THE CREATED RESOURCES
- Initialize your directory to download the AWS plugins by running “terraform init”.
2. Run “terraform plan” to generate an execution plan , allowing you to see a preview of the infrastructure modifications.
3. Run “terraform apply” to deploy the resources.
Congratulations! you have successfully deployed an ec2 instance using Terraform. To confirm, you can go to your management console and check it out!
4. Run “terraform destroy” to terminate all the resources.
ADDITIONAL TERRAFORM COMMANDS