Terraform 10 of 10: Provisioners using AWS Cloud9

Background

This tutorial deals with Provisioners. AWS Cloud9 is the environment. Please note that Terraform only recommends Provisioners as a "last resort" and that you should attempt other methods before dealing with provisioners. Provisioners run within the resources themselves, so Provisioners add complexity and uncertainty.

1 of 14. Open the documentation for "Provisioners"

This documentation is not all-inclusive. You may find other documentation in the "Reference" section.

Provisioners

2 of 14. Open your AWS Cloud9 environment

Creating An Integrated Developer Environment (IDE) in the Cloud in Two Minutes!: AWS Cloud9(Step-by-Step)

3 of 14. Setup project directory and create files

Make sure to start from your "environment" before creating the directory. This directory will be used for this project. Make sure to run project operations from within that directory.

pwd mkdir terraform-provisioners-example && cd terraform-provisioners-example touch main.tf resources.tf outputs.tf

4 of 14. Generate SSH-Keys

ssh-keygen -f ec2-key

5 of 14. Modify terraform files: "main.tf", "resources.tf" and "outputs.tf"

"main.tf

provider "aws" { region = "us-east-1" }

"resources.tf". Keep in mind that the AMI is region-specific. This lab was run on this specific OS/image. It refers to the ssh key you previously made.

resource "aws_security_group" "example" { name = "example" ingress { from_port = 22 to_port = 22 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } } resource "aws_key_pair" "key" { key_name = "aws_tf_key" public_key = file("./ec2-key.pub") } resource "aws_instance" "ec2" { ami = "ami-0c7217cdde317cfec" #Canonical, Ubuntu, 22.04 LTS, amd64 jammy image build on 2023-12-07 instance_type = "t2.micro" key_name = aws_key_pair.key.key_name vpc_security_group_ids = [aws_security_group.example.id] }

"outputs.tf"

output "ec2_pub_ip" { value = aws_instance.ec2.public_ip }

6 of 14. Create the resources

terraform init && terraform apply -auto-approve

7 of 14. Validate SSH

Note that the IP address here should match what was in the output of your 'terraform apply'

ssh -i ec2-key ubuntu@203.0.113.20

8 of 14. Destroy resources.

Make sure to exit your Ubuntu session first, else your command might not be understood.

exit terraform destroy -auto-approve

9 of 14. Create a sample dump file

echo "This is a sample dump file" > dump echo "Beep Boop Bleep Bloop Whoops!" >> dump cat dump

10 of 14. Update "resources.tf" with provisioners.

Think of provisioners as running operations on the resource itself. All additions will be to the "ec2" resource, because these Provisioners run inside the ec2 instance itself. Look at the various types of commands: "local-exec" runs on the host running terraform. "remote-exec" is a remote command, "file" is a file operation. The "connection" refers to the connection that Terraform will make to the host to run the commands.

resource "aws_security_group" "example" { name = "example" ingress { from_port = 22 to_port = 22 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } } resource "aws_key_pair" "key" { key_name = "aws_tf_key" public_key = file("./ec2-key.pub") } resource "aws_instance" "ec2" { ami = "ami-0c7217cdde317cfec" #Canonical, Ubuntu, 22.04 LTS, amd64 jammy image build on 2023-12-07 instance_type = "t2.micro" key_name = aws_key_pair.key.key_name vpc_security_group_ids = [aws_security_group.example.id] tags = { "Name" = "webserver01" } provisioner "local-exec" { command = "echo ${self.public_ip} >> ec2-public-ip.txt" } provisioner "file" { source = "./dump" ## Do not forget to create fictitious 'dump' file destination = "/tmp/dump-onp" } provisioner "file" { content = "EC2 AZ: ${self.availability_zone}" destination = "/tmp/ec2-az.txt" } provisioner "remote-exec" { inline = [ "echo EC2 ARN: ${self.arn} >> /tmp/arn.txt", "echo EC2 Public DNS: ${self.public_dns} >> /tmp/public_dns.txt", "echo EC2 Private IP: ${self.private_ip} >> /tmp/private_ip.txt" ] } connection { type = "ssh" user = "ubuntu" private_key = file("./ec2-key") host = self.public_ip } }

11 of 14. Init and apply

This is a lab environment, but be wary of "auto-approve" in production unless it has been approved.

terraform fmt terraform validate terraform init && terraform apply -auto-approve

12 of 14. Check what ran for "local-exec"

Check for that "ec2-public-ip.txt" file

cat ec2-public-ip.txt

13 of 14. Check your Ubuntu host

Logon the Ubuntu host, then check for the created files and their contents. The previous warning about checking for the correct IP for your host before connecting still applies.

ssh -i ec2-key ubuntu@203.0.113.20 ls /tmp cat /tmp/dump-onp cat /tmp/ec2-az.txt cat /tmp/arn.txt cat /tmp/public_dns.txt cat /tmp/private_ip.txt

14 of 14. Cleanup

>Cleanup what you did. Exit your Ubuntu host first. I could have auto-approved here also, but it's a habit I don't want to start.

exit terraform destroy

Reference

Provisioners

Creating An Integrated Developer Environment (IDE) in the Cloud in Two Minutes!: AWS Cloud9(Step-by-Step)

ssh-keygen (Ubuntu man-pages)

Finding an Amazon Machine Image (AMI)

Manage users on your Linux instance

Resource: aws_key_pair

RFC 5737 IPv4 Address Blocks Reserved for Documentation

Comments

Post a Comment

Popular posts from this blog

Orphaned No More: Adopting AWS Lambda

Image
Background HumanGov is a Model Automated Multi-Tenant Architecture (MAMA) that is meant to be used by the 50 states for personnel tracking. Currently the architecture is fully automated on AWS. The architecture is not ready for go-live. All actions so far are for a proof-of-concept that is presented to the Chief Technical Officer (CTO) for review. During the weekly team meeting, Ko (User Experience Lead) reports that his team has performed thousands of tests against the infrastructure, with moves, adds, and changes, and is not finding any issues in the application user interface. Woo (Infrastructure Lead) reports that there are hundreds of 'orphaned' files in the S3 bucket. (These files are considered 'orphaned' because they do not have corresponding records in the DynamoDB table.) Kim (Tech Lead) reports that there is not a trigger to delete the file from the bucket when a user is deleted from the DynamoDB database. Brady (Lawyer) reports that not deleting t
Read more

Containing the Chaos! | A Three-Part Series Demonstrating the Usefulness of Containerization to HumanGov

Background HumanGov is a Model Automated Multi-Tenant Architecture (MAMA) that is meant to be used by the 50 states for personnel tracking. Currently the architecture requires Amazon Elastic Compute Cloud (EC2) instances that are maintained by the HumanGov systems administrators. The systems administrators handle all the patching, operations, etc. Due to states wanting their data separate from each other, each state gets a separate set of EC2 instances, which means that as the application scales from one state up to 50 states, the systems administrators will have to patch 50x as many EC2 instances. The system administrators report that they have begun to schedule more and more overtime to handle the maintenance windows for updating the EC2 instances. The lead developer remarked that it was taking longer and longer for new application deployments to get rolled out as the infrastructure grew and more states came on board. By the way, the development environment does not have standa
Read more

Ansible is the Answer! | A Three-Part Series Demonstrating the Usefulness of Ansible to HumanGov

This is a three (3) part series that demonstrates how Ansible can be useful/leveraged for configuring your infrastructure. The background story here is that HumanGov is a multi-tenant cloud application that requires that each of the fifty (50) states has its own separate infrastructure. The HumanGov Infrastructure Engineers are trying to figure out how they can get it done, and they are considering using Ansible to help them deploy the application. Part 1 sets up the base infrastructure for the scenario. The HumanGov Infrastructure Engineers are accustomed to using Terraform to efficiently deploy infrastructure, but they are not very experienced with Ansible. Part 1 of 3: HumanGov: Ansible is the Answer! | Terraform | AWS Cloud9 | AWS IAM | AWS EC2 | AWS DynamoDB | AWS S3 Part 2 attempts to setup HumanGov via a MANUAL process. Part 2 goes through the steps to MANUALLY install Python, Nginx AND application files as well as MANUALLY configuring the firewall in Ubuntu. After g
Read more