In this blog post, I’ll show you how to create an Amazon EC2 instance and install packages into it using a cloud-agnostic infrastructure as a code tool known as Terraform. For better understanding, it is advised that you follow along in this hands-on demo. To get started, sign up for a free tier account from AWS. Once you have the account, create a new user and grant it administrative privileges. Also, you will need to generate AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY for the new user and configure AWS CLI on your local machine.
Kindly refer to this guide. You will also need to install Terraform on your local machine, refer to this guide if you’re installing on Linux, otherwise, refer to this link. Kindly refer to our related AWS guides: Creating IAM Users, Adding MFA and Policies on AWS, how to manage cost with AWS Budgets, how to deploy an Angular App to AWS S3, and how to deploy a Dynamic Website to AWS EC2.
Steps to Deploy using Terraform
After successfully completing the recommended installations above, continue with the following steps.
- Create a directory named terraform-ec-2 and change it into the directory
mkdir ~/terraform-ec-2
cd ~/terraform-ec-22. Create two files main.tf and provider.tf
vim main.tf
vim provider.tf3. In the the main.tf file, paste the following code block (Beware of the syntax);
resource "aws_vpc" "lifebit_vpc" {
cidr_block = "172.16.0.0/16"
enable_dns_hostnames = true
enable_dns_support = true
tags = {
Name = "lifebit-vpc"
}
}
resource "aws_subnet" "lifebit_subnet" {
vpc_id = aws_vpc.lifebit_vpc.id
cidr_block = "${cidrsubnet(aws_vpc.lifebit_vpc.cidr_block, 3, 1)}"
availability_zone = "eu-west-2a"
tags = {
Name = "lifebit-subnets"
}
}
locals {
ports_in = [22,80,3000]
ports_out = [0]
}
resource "aws_security_group" "lifebit_SG" {
name = "lifebit_SG"
description = "Allow TLS inbound traffic"
vpc_id = "${aws_vpc.lifebit_vpc.id}"
dynamic "ingress" {
for_each = toset(local.ports_in)
content {
description = "TLS from VPC"
from_port = ingress.value
to_port = ingress.value
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
}
dynamic "egress" {
for_each = toset(local.ports_out)
content {
description = "TLS from VPC"
from_port = egress.value
to_port = egress.value
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
tags = {
Name = "allow_tls"
}
}
resource "aws_instance" "lifebit" {
ami = "ami-0de842d2477e3b337"
instance_type = "t2.micro"
key_name = aws_key_pair.lifebit.key_name
security_groups = ["${aws_security_group.lifebit_SG.id}"]
user_data = <<EOF
#!/bin/bash
#Installing git and cloning the repository
yum install git -y
mkdir lifebit_test
cd lifebit_test
git clone https://github.com/nodejs/examples.git
cd examples/servers/express/api-with-express-and-handlebars
Installing Nodejs
yum -y install curl
curl -sL https://rpm.nodesource.com/setup_14.x | sudo bash -
yum install -y nodejs
npm install
npm start &
EOF
tags = {
Name = "LifeBitVM"
}
subnet_id = "${aws_subnet.lifebit_subnet.id}"
}
resource "aws_key_pair" "lifebit" {
key_name = "lifebit"
public_key = "${file("${path.module}/lifebit.pub")}"
}
resource "aws_eip" "lifebit_eip" {
instance = "${aws_instance.lifebit.id}"
vpc = true
}
resource "aws_internet_gateway" "lifebit_gw" {
vpc_id = "${aws_vpc.lifebit_vpc.id}"
tags = {
Name = "LifeBit_gw"
}
}
resource "aws_route_table" "lifebit_RTB" {
vpc_id = "${aws_vpc.lifebit_vpc.id}"
route {
cidr_block = "0.0.0.0/0"
gateway_id = "${aws_internet_gateway.lifebit_gw.id}"
}
tags = {
Name = "lifebit_RTB"
}
}
resource "aws_route_table_association" "lifebit_RTB_AS" {
subnet_id = "${aws_subnet.lifebit_subnet.id}"
route_table_id = "${aws_route_table.lifebit_RTB.id}"
}
4. In the the provider.tf file, paste the following code block;
provider "aws" {
region = "eu-west-2"
access_key = "xxxxxxAKIA63J"
secret_key = "xxxxxvt8a5yzNJyY"
}- Examine the main.tf and provider.tf files. The main.tf file contains scripts to deploy the following resources: VPC, Subnet, Route Table, Internet-Gateway, Security Group, Key-Pair, EC2 instance, User_Data, and Elastic IP. You can update the “ami” and the availability zone of your choice. The user_data contains a bash script that configures and deploys a nodejs application.
- To understand the providers.tf file, refer to this link. Update it with the access key and secret key as obtained in the instructions referred to above. (Note: For security reasons, it is more appropriate not to hardcode these values, rather, input them as environment variables, which can then be referenced externally.)
5. Generate an SSH key. In this example, it’s named ‘lifebit’
ssh-keygen -f "lifebit"Accept all the defaults and use the command ll to confirm you now have a lifebit.pub file.
3. Run the following terraform commands in the appropriate directory
terraform initThe terraform init command is used to initialize a working directory containing Terraform configuration files. This is the first command that should be run after writing a new Terraform configuration or cloning an existing one from version control. It is safe to run this command multiple times.
terraform planThe terraform plan the command creates an execution plan, which lets you preview the changes that Terraform plans to make to your infrastructure.
terraform apply The terraform apply the command executes the actions proposed in a Terraform plan. After successfully running the above commands, terraform deploys the required resources as specified in the main.tf file.
To verify that the installed packages were successfully deployed, copy the public IP of the EC2 instance to a browser and append port 3000 as shown in the screenshot below.
4. To avoid accumulating huge bills from AWS, it’s advised to shut down created resources immediately. Use the command below.
terraform destroyI hope you found this blog post helpful. If you have any questions, please let me know in the comment session.