Like I've said in an older blog, I have been learning about automation and CI/CD.
oh no! "CI/CD" not there yet.
Here's what curious me to focus on Automation of infrastructure,
This year I did the research so call "Mult-Cloud Docker Container Communication using SDN" in which I built our own platform for 3rd level infrastructure to deploy the container on cross-cloud platforms with SDN technology and I developed a tool to provision container communication just like Kubernetes. So, Automation in the end achieved and gave me some interest.
Alright! let's move on to Topic,
In this tutorial, I am gonna cover AWS instance deployment using terraform and Other key things below.
Please refer the Architecture below to understand my idea
The figure shows how VPC and Subnet are being created to have an isolated virtual network to deploy instances.
Assume in the AWS selected region we have 3 Availability Zone(AZ1, AZ2, AZ3) and on top of it, I have created a VPC (10.1.0.0/16) and on each AZ, I create Public Subnets and Private Subnets.
Then, I created aws_internet_gateway (main-gw) which is to connect the internet and I have created Public Gateway (main-public) for the public subnets and I did create route associations of all public instance in multiple availability_zone to the main-public route table.
That is pretty much it. let move on to the steps to do it.
find the code here
1. mkdir terraform-code
2. In order to create an instance via CLI or anything, we need AWS IAM roles. please make sure you have created IAM roles as with admin privileges.
3. Create these files in your working directory to add AWS IAM keys.
terraform.tfvars
provider.tf
this is something like a variable which refer from tfvar file
vars.tf
this is where we store actual variables. below code is what region we are going to deploy our instances and as per our region, we are selecting AWS AMI for instances.
So, our IAM key is being passed and since we are launching a VM it needs to be accessed through SSH. So, we have to have private key in our machine and upload the public key to the instance.
To generate key type below code in your terminal. it will create private and public keys in your directory.
ssh-keygen -f
those key to be uploaded so,
modify the vars.tf file below
vars.tf
# this ssh private key and compulsory to ssh AWS instance
# I create ssh key by ssh-keygen -f command in my working directory
# I have created a variable for my private key which points to my key location
variable "PATH_TO_PRIVATE_KEY" {
default = "mykey"
}
# I have created a variable for my public key path which points to my key location
variable "PATH_TO_PUBLIC_KEY" {
default = "mykey.pub"
}
create key.tf to announce aws key resource
key.tf
resource "aws_key_pair" "mykeypair" {
key_name = "mykeypair"
#this is refer my vars.tf file and vars.tf file points to the key location
public_key = "${(file("${var.PATH_TO_PUBLIC_KEY}")}"
}
Create VPC and Subnets
A virtual private cloud (VPC) is a virtual network dedicated to your AWS account. It is logically isolated from other virtual networks in the AWS Cloud. You can launch your AWS resources, such as Amazon EC2 instances, into your VPC.
for more VPC & Subnet refer here
As I mentioned earlier just create vpc.tf file and enter this code
Create a Security Group to allow certain traffic to an instance
create securitygroup.tf
ingress - the traffic which we are allowing meaning that and instance opened ssh port for listening.
egress -allow all IP meaning that anyone incoming IP is accepted
#protoc -1 = all protocol
resource "aws_security_group" "allow-ssh" {
vpc_id = "${var.aws_vpc.main.id}"
name = "allow-ssh"
description = "security group that allows ssh and all egress traffic"
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "allow-ssh"
}
}
So, let's create instance.tf file to specify instance resource including additional volume.
| resource "aws_instance" "example" { | |
| ami = "${lookup(var.AMIS, var.AWS_REGION)}" | |
| instance_type = "t2.micro" | |
| # the VPC subnet | |
| #launch instances from public subnet | |
| subnet_id = "${aws_subnet.main-public-1.id}" | |
| # the security group | |
| vpc_security_group_ids = ["${aws_security_group.allow-ssh.id}"] | |
| # the public SSH key | |
| key_name = "${aws_key_pair.mykeypair.key_name}" | |
| } |
1. We create an instance group called "example" (to identify a group of resource)
2. We are selecting AMI type (looking based on our region passed through vars.tf)
3. Instance type t2.micro free tier
4. Assing VPC and Subnet to the instance
5. As I mention about key.tf file, we are referring public key to upload
on the same file lets add root volume and addtional volume.
| resource "aws_ebs_volume" "ebs-volume-1" { | |
| availability_zone = "eu-west-1a" | |
| size = 20 | |
| type = "gp2" | |
| tags = { | |
| Name = "extra volume data" | |
| } | |
| } | |
| resource "aws_volume_attachment" "ebs-volume-1-attachment" { | |
| device_name = "/dev/xvdh" | |
| volume_id = "${aws_ebs_volume.ebs-volume-1.id}" | |
| instance_id = "${aws_instance.example.id}" | |
| } |
find the full code here
No comments:
Post a Comment