Automating AWS Infrastructure using Terraform

What is Terraform?

Terraform is a tool for building, changing, and versioning infrastructure safely and efficiently. Terraform generates an execution plan describing what it will do to reach the desired state, and then executes it to build the described infrastructure.

Here I have automated AWS Infrastructure with the help of Terraform.

Prerequisites :

1. Install AWS CLI
2. Install Terraform

Commands used :

1. Terraform init

2. Terraform validate

3. Terraform apply-auto-approve

4. Terraform destroy-auto-approve

Step 1 : Firstly, here I configure AWS

?provider  "aws" {
              profile = "muskanlw"
              region = "ap-south-1"
               }

Step 2 : Now here in this step I created the key pair through which we can connect to our EC2 instance and we will save it to our local system .

resource "tls_private_key" "my-key"{
           algorithm = "RSA"
           rsa_bits = "4096"
            }
resource "aws_key_pair" "generate_key" {
           key_name = "myterrakey1"
           public_key = "${tls_private_key.my-key.public_key_openssh}"
 
 depends_on = [ 
                   tls_private_key.my-key
                ]
    }
 
resource "local_file" "key-file" {
         content = "${tls_private_key.my-key.private_key_pem}"
         filename = "myterrakey1.pem"


   depends_on = [
             tls_private_key.my-key
                ]
}

Step 3 : Now I have created Security Group where I allow ssh and port 80 for accessing the website from anywhere .

resource "aws_security_group" "sec_grp" {
name = "sec_grp"
description = "allow ssh and HTTPD"


 ingress {
           description = "SSh"
           from_port =22
           to_port = 22
           protocol = "tcp"
           cidr_blocks = ["0.0.0.0/0"]
        }
 ingress {
            
           description = "HTTPD"
           from_port = 80
           to_port = 80
           protocol = "tcp"
           cidr_blocks = ["0.0.0.0/0"]
          } 
 egress {
     
           from_port = 0
           to_port = 0
           protocol = "-1"
           cidr_blocks = ["0.0.0.0/0"]
       } 
  tags = {
            Name = "sec-grp"
          }
 }
 

Step 4 : Now here I launced Ec2 instance and connect this instance with previously created key and installed appache webserver and git. After installing all these I restarted httpd service and enable it so that after instance reboot our installation will now down.

resource "aws_instance" "os11" {
 ami = "ami-0447a12f28fddb066"
 instance_type = "t2.micro"
 key_name = aws_key_pair.generate_key.key_name
 security_groups = [ "sec_grp"]


provisioner "remote-exec" {
    connection {
    type = "ssh"
    user = "ec2-user"
    private_key = "${tls_private_key.my-key.private_key_pem}"
    host = "${aws_instance.os11.public_ip}"
}


  inline = [
            "sudo yum install httpd git -y",
            "sudo systemctl restart httpd" ,
            "sudo systemctl enable httpd" ,
            ]
}
  tags = {
          Name = "os11"
  
}
}

Step 5 : In this step I created one EBS volume and mount that volume into /var/www/html and I have uploaded my code into github repo and from that git hub repo I glone that code into /var/www/html

resource "aws_volume_attachment" "ebs_attach"{
  device_name = "/dev/sdh"
  volume_id = aws_ebs_volume.ebs11.id
  instance_id = aws_instance.os11.id
  force_detach = true
  }
  
 output "myip" {
    value = aws_instance.os11.public_ip
  
}


resource "null_resource" "nullip" {
  provisioner "local-exec" {
  command = "echo ${aws_instance.os11.public_ip} > publicip.txt "
    }
}


 resource "null_resource" "nullmount" {
   depends_on = [
                 aws_volume_attachment.ebs_attach,
]


 connection {
    type = "ssh"
    user = "ec2-user"
    private_key = "${tls_private_key.my-key.private_key_pem}"
    host = "${aws_instance.os11.public_ip}"
   }
 
  provisioner "remote-exec" {
   inline = [ 
    "sudo mkfs.ext4 /dev/xvdh" ,
    "sudo mount /dev/xvdh /var/www/html/",
    "sudo rm -rf /var/www/html/*",
    "sudo git clone https://github.com/Muskankhoiya/muskanrepo12.git /var/www/html/"
   ]
      }
}
 

Step 6 : In this step I created S3 bucket ,and deploy the images from github repo into the S3 bucket and change the permission to public readable.

resource "aws_s3_bucket"  "terra-bucket1" {
   bucket = "muskanbucket26"
   acl = "public-read"


  versioning { 
         enabled = true 
      }
   
  tags = { 
        Name = "my-terra-bucket1" 
        Environment = "Dev"
         }
}


   

Step 7 : And here I created a cloudfront using S3 bucket and use the cloudfront URL to update in the code in /var/www/html

 resource "aws_cloudfront_distribution" "terra-cloudfront1"
   origin {
            domain_name = "muskanbucket26.s3.amazonaws.com"
            origin_id = "S3-muskanbucket26"


          custom_origin_config {
           http_port = 80
           origin_protocol_policy = "match-viewer"
           origin_ssl_protocols = ["TLSv1", "TLSv1.1", "TLSv1.2"]
         }
}


 enabled = true
   
 default_cache_behavior {
     allowed_methods = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "PUT"]
     cached-methods = ["GET" , "HEAD" ]
     target_origin-id = "S3-muskanbucket26"
     
   forwarded_values {
            query_string = false 


            cookies {
                  forward = "none"
             }
}
 
 viewer_protocol_policy = "allow-all"
 min_ttl = 0
 default_ttl = 3600
 max_ttl = 86400


 }


 restrictions { 
         geo_restriction {
                      restriction_type = "none"
              } 
 }


 viewer_certificate {
              cloudfront_default_certification = true
}


resource "null_resource" "nullremote" {
   depends_on = [ 
    null_resource.nullmount
     ]


}
 */

>> And now run command "Terraform apply" and our website launched!!!!

See my website launched successfully!!

Thankyou !! For reading...