Infrastructure as Code: Deployment to AWS using Terraform Part 1

In this section of our series, we will focus on how to get our environment ready and how we can create simple infrastructure with few lines of Terraform code.

Create your AWS IAM user with access key and secret

We will be using AWS for our infrastructure. Since it’s not a good idea to use the root account we will need to create an IAM user with policies like:

  • EC2FullAccess
  • RDSFullAccess
  • S3FullAccess

This serverless stack article illustrates what we are hoping to achieve with our IAM permission, but instead of using the admin policy as illustrated in the article, rather dilute it a little with the 3 managed policies listed above.

Optionally install the AWS CLI

This step was important for my setup because I manage multiple AWS accounts and leverage on aws cli profile . If this is your first time using aws-cli, you would soon enough find out how straightforward it is.

You will need to configure the cli after installation with the aws_access_key_id and aws_secret_access_key got from IAM creation above. In case you have the aws-cli already configured, it’s up to you to use a new profile or use your default IAM user etc. The command below shows how to get the cli installed through pip and how to configure it.

Initialize Terraform

Let’s create our terraform project folder and the _main.tf file. Because terraform supports the creation of an infrastructure in multiple cloud providers it needs specific provider plugins in order to execute the instructions in a specific provider cloud platform. We will be using AWS so our plugin will be aws.

Our _main.ft should similar to the snippet below

Let’s initialize our terraform with the code below

Proof of concept infrastructure

In this proof of concept, we will only launch an EC2 node with 2 lines of Terraform, but can’t really do much with the node though. In the code below we used an Amazon Linux AMI Id and the instance type/size t2.nano. The codes for this part of the tutorial is available at https://github.com/kdjomeda/intro-to-terraform/tree/terraform-poc

In the code above, we used the aws_instance resource of Terraform and defined an AMI (Amazon Linux AMI id) and the instance_type.

Though optional these days, we should run the Terraform plan to see the actions that will be performed. Now, at the risk of making this tutorial too long, I would like to explain the output of the Terraform Plan command

Though it can look meaningless there are a number of symbols you need to understand each of them, as some of them would mean that your resource will be replaced thus destroyed first then recreated. I think it’s really important to understand the implications of the actions. Above you have more or less the + sign which means most of the other resources will be created and in this case, using default values from AWS aside those we specified ourselves. The rest of the symbols are explained below:

  • + create (will create the resource)
  • destroy (will destroy the resource )
  • -/+ replace (will destroy and then create, or vice-versa if create-before-destroy is used)
  • ~ update in-place (will update by adding or remove extra properties without creating or destroying)
  • <= read (will read the resource, usually defined data resource)

To execute the plan shown for the terraform plan command, we need a Terraform Apply command which outputs information similar to the one of terraform plan. But this requires confirmation from its prompt

AWS EC2 Consele
Created EC2 node

The command Terraform Destroy is what we need to remove everything we have set up using the apply command. Just like the Apply command the Destroy command requires a “yes” confirmation.

Creating a simple infra with no VPC

In this part of our tutorial, we will be creating the same kind of infrastructure but this time we will use a CentOS AMI and we will create our instance so that we can log into it using ssh, unlike the previous infra with which we can’t do anything with. The codes for this part of the tutorial is available at https://github.com/kdjomeda/intro-to-terraform/tree/single-instance-no-vpc

What do we really need to have a node only we can connect to?

Before we jump to the code, let’s create our own key pair. Of course we could use one already generated by AWS but I just want to use this opportunity to show how you could create and maintain our own that will be part of your automation .

This will create the private key MyIdentity.pem and its public Key MyIdentity.pem.pub. We will use the public key in Terraform on the aws_key_pair resource. Your code should look similar to the one below. Please note that the public_key property of the aws_key_pair will have the content of the created MyIndentity.pem.pub

You can choose to execute the terraform plan before but here I encourage you to use the terraform apply to see the difference.

SingleNodeNoVPC box created with Terraform

At the end of the execution, we could see the AWS assigned public IP to our box (We could see this from the Terraform output that we will talk about later). Let’s try and ssh into the box:

In the part 2 of this tutorial, we will launch our EC2 instance in a VPC

Leave a Comment

Your email address will not be published. Required fields are marked *

captcha * Time limit is exhausted. Please reload the CAPTCHA.

This site uses Akismet to reduce spam. Learn how your comment data is processed.