Deploying An EC2 Instance AWS Using Terraform
AWS allows several ways to spin up an EC2 service on your account: the console, the AWS command line, or programmatic methods (API calls).
How can you deploy an EC2 instance on AWS using Terraform? We will get to that in a bit.
Here are the prerequisites.
An IAM user access and secret keys
Terraform installed & authenticated to your AWS account
IAM stands for (Identity and Access Management)
After Terraform is set to control resources within your AWS account, the next thing is to get coding out of the infrastructure; for that, we will need to configure the following resources.
aws_vpc
aws_subnet
aws_internet_gateway
aws_route_table
aws_route_table_association
aws_security_group
aws_vpc_security_group_ingress_rule
aws_key_pair
tls_private_key
local_file
aws_instance
IAM user access and secret keys
Follow the steps below to get IAM user access and a secret key. You must log in as the root user in your AWS management console.
Search for IAM in services, then click on Users on the right-hand menu.
Type in the user's name (it can be anything, but make it related) and click Next. Under the “permission option,” choose “Attach policies directly,” select “AdministratorAccess” from the list of policies, and click on Next.
You are brought to the “Review and Create” page to check through your selected option. When satisfied, click “Create” or use the previous button to change any option.
Creating Access Key
After the user is created, it will appear on the list of users. Click on the newly created user and go under the “Security Credentials” tab.
Scroll down and click on “Create Access Key.”
Select “Command Line Interface” under the Use case options.
Check the confirmation box and click on Next.
You can add a description tag, which is optional, or click “Create access key.”
Ensure you download the CSV file because you cannot download it again. After downloading the file, click on “Done.”
Terraform Installation and Configuration
Follow this link to download the latest version of Terraform and instructions on installing it on your operating system.
For Windows users, choose AMD64 for 64-bit OS and 386 for 32-bit OS.
Configuring Terraform to link your AWS is pretty straightforward.
I prefer to use the terminal on VSCode.
So, using the terminal on VScode, which is opened in your project directory, enter the following command:
aws configure
Enter the required details, the newly created user's Access Key & Secret Key. You will find those in the CSV you downloaded.
Enter your default region or hit enter to use the preset. Press enter for the “Default Output Format” option to use “None.”
After completing that, Terraform installed on your local machine is set to use your AWS account as the user you created.
Note: Another way to connect Terraform to your AWS account is to set the Access and Secret keys within your Terraform configuration, but that is not advisable.
Now, let’s get coding.
Open your preferred directory on VScode; that will be your configuration directory.
Here is the code that does this task, along with comments that explain what each Terraform Resource is doing.
#create a VPC
resource "aws_vpc" "demo_vpc" {
cidr_block = "10.0.0.0/16"
tags = {
Name = "demo VPC"
}
}
#create a subnet within the VPC
resource "aws_subnet" "demo_subnet" {
vpc_id = aws_vpc.demo_vpc.id
cidr_block = "10.0.1.0/24"
tags = {
Name = "Demo subnet"
}
depends_on = [aws_vpc.demo_vpc]
}
#creates an internet gateway for the VPC
resource "aws_internet_gateway" "demo_gateway" {
vpc_id = aws_vpc.demo_vpc.id
tags = {
Name = "gateway for demo VPC"
}
depends_on = [aws_vpc.demo_vpc]
}
resource "aws_egress_only_internet_gateway" "demo_ipv6_gateway" {
vpc_id = aws_vpc.demo_vpc.id
tags = {
Name = "1pv6_gateway"
}
}
# Creates a route table for the subnet to route to the internet
resource "aws_route_table" "demo_rt" {
vpc_id = aws_vpc.demo_vpc.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.demo_gateway.id
}
route {
ipv6_cidr_block = "::/0"
egress_only_gateway_id = aws_egress_only_internet_gateway.demo_ipv6_gateway.id
}
tags = {
Name = "demo_rt"
}
}
# Associate the created route table with the subnet making it a public subnet
resource "aws_route_table_association" "demo_public_rt_association" {
subnet_id = aws_subnet.demo_subnet.id
route_table_id = aws_route_table.demo_rt.id
}
# Creates a security group
resource "aws_security_group" "demo_SG" {
name = "demo SG"
description = "Demo SG to allow SSH"
vpc_id = aws_vpc.demo_vpc.id
tags = {
Name = "SG_SSH"
}
}
# Create an ingress security group rule
resource "aws_vpc_security_group_ingress_rule" "demo_allow_tls_ipv4" {
security_group_id = aws_security_group.demo_SG.id
cidr_ipv4 = aws_vpc.demo_vpc.cidr_block
from_port = 22
ip_protocol = "tcp"
to_port = 22
}
# Creates an RSA encryption for keypair
resource "tls_private_key" "demo_rsa" {
algorithm = "RSA"
rsa_bits = 4096
}
# Creates a keypair using the above created encryption
resource "aws_key_pair" "demo_key" {
key_name = var.keypair
public_key = tls_private_key.demo_rsa.public_key_openssh
}
# Stores the private key in local system
resource "local_file" "private_key" {
content = tls_private_key.demo_rsa.private_key_pem
filename = var.keypairfilepath
}
#Creates an EC2 instance and apply security group and keypair to it
resource "aws_instance" "demo_instance" {
ami = var.instance_ami
instance_type = var.instance_type
subnet_id = aws_subnet.demo_subnet.id
key_name = aws_key_pair.demo_key.key_name
vpc_security_group_ids = [
aws_security_group.demo_SG.id
]
}
Ensure to create a “variables.tf” file to save the variables required for this code to work.
variable "keypair" {
default = "key_pair"
}
variable "keypairfilepath" {
default = "localprivatekey"
}
variable "instance_ami" {
default = "ami-07d9b9ddc6cd8dd30"
}
variable "instance_type" {
default = "t2.micro"
}
