End-to-End Cloud Automation - E2ECA

End-to-End Cloud Automation - E2ECA

What is Cloud?

"The cloud" refers to servers that are accessed over the Internet, and the software and databases that run on those servers. Cloud servers are located in data centers all over the world. By using "cloud computing", users and companies don't have to manage physical servers or data centers -Infrastructure- themselves or run software applications on their own machines.

If we want to execute any program we need Operating System and it runs on top of RAM&CPU. Here RAM&CPU is combined as one and named compute system. Hence if we want to perform computing over cloud its called "Cloud Computing".

No alt text provided for this image

What is public and private cloud?

In nutshell "public cloud" is service which is accessed by individuals, large and small scale companies. Hence the services are provided for all on equal basis, it might be paid sometimes. One of the best example of public cloud is AWS, GCP, Azure, Alibaba. On counterpart "private cloud" means having cloud setup on our local servers and hardware of the company. One of the best example of private cloud is Openstack.

No alt text provided for this image

What is Hybrid cloud?

Need of Hybrid Cloud arose because of the scaling of the business and with that increase in user data and services they provide. Start-ups needs to invest huge in infrastructure. Hence they adopt to use cloud services provided by service providers like amazon. Now, here we face some issues like, some services are paid, there's always a feel of insecurity regarding the data as it will be on public cloud. Hence private cloud came up but with it we need to setup the whole infrastructure by investing huge. So, finally we came up with a idea to collaborate some services from public cloud and some of private to create a hybrid cloud setup.

No alt text provided for this image

E2ECA - End-to-End Cloud Automation

I have build this "IaaS -Infrastructure as a Code-" for deploying your websites on cloud by "automating end-to-end". This doesn't mean you are just scaled inside your territory, I have made it to scale globally for "less latency". Here, I have used one of the leading public cloud computing service AWS and using Terraform, I have created IaaS, which will automatically pull the code from GitHub. You just need aws and terraform installed in your system with aws account. That's it, then you just have to give your github link where you have your code and run. It will do the following things for you:

  1. Launch ec2 instance with httpd, git, php and made the httpd service enabled.
  2. Creating EBS volume and mounting it to /var/www/html.
  3. Creating Security Group for instance.
  4. Download Code from github and downloading it in /var/www/html
  5. Creating S3 bucket and adding static content of website to it.
  6. Using cloud front make it globally available in whole world.
No alt text provided for this image

What is ec2 instance?

It is the compute unit provided by aws as Caas -Computing as a Service- it gives us an operating system with some RAM, CPU and storage according to our need. In nutshell it provides on system on cloud. Hence it is named Elastic Cloud Computing -EC2.

What is EBS?

It stands for Elastic Block Storage. We have three ways to store and data i.e. 1. Block Storage : You can do partition in it hence you can run OS on top of it. 2. Object Storage : Here you can just upload, edit, download the data. 3. File Storage : As the name suggest it store data in hierarchical structure.

EBS is block storage, hence we can run OS in cloud service.

What is Security Group?

It is like a firewall which have rules for inbound and outbound traffic, here in AWS it's also called ingress and egress respectively.

What is S3 Bucket?

It is Object storage service provided by aws. It stands for Simple Storage Service. It helps in storing static content which you want to be permanent even if the instance is shut down or terminated.

What is CloudFront?

It is a CDN service provided by aws. AWS has 250+ small data center called Edge and around 28 big data center called AZ -Availability Zone. So CloudFront creates a local cache of the static data which we have in S3 bucket in all the edge locations (depends on our requirement). This will help us to scale our business worldwide and the customers will face less latency and delay.

These are some of the services provided by AWS which we are gonna use to build E2ECA. Here we can do everything using the WebUI of AWS, but it will be completely manual as we need to manually select services and configure it to perform task. Hence we will use a product of HashiCorp .i.e. terraform and works on HCL -HashiCorp Language. It is an intelligent tool which can communicate to almost all the major cloud service providers. Hence we can even build a hybrid cloud infrastructure using it and make Iaas which will make things automated. It basically works on api's.

So let's start building our Iaas and make automation on Cloud platforms.


1. Make a free account on AWS here.

2. Download aws cli here we have two version of cli we will download v2.

3. Download Terraform here. Add environmental variables in Path for aws and terraform.

4. Login to aws using cli using "aws configure" command.

No alt text provided for this image

Here you have to give Access Key ID and Secret Access Key which you will get when you will got to My Security Credential--->AccessKeys--->Create Access Key--->Download it.

No alt text provided for this image

5. Create one folder specific for this project and create a file using "notepad job.tf", make sure you give extension as .tf , it represents terraform file.

F:\Hybrid-Multi-Cloud\terra\job1> notepad job.tf

F:\Hybrid-Multi-Cloud\terra\job1 is my folder for this project. This is necessary because on later part it will download some plugins and maintain state file which needs to be in one folder.

6. To tell terraform which loud we need to contact with, here it's called provider

#To declare which provider we want
provider "aws" {
	region  = "ap-south-1"
No alt text provided for this image

AWS has many data center all over the world hence we need to specify where we want to do our activities.

7. Now let's create our Security Group

#To create security group with http and ssh
resource "aws_security_group" "webos-sg" {
  name        = "webos-sg"
  description = "allow ssh and http traffic"

  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = [""]

  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = [""]

  egress {
    from_port       = 0
    to_port         = 0
    protocol        = "-1"
    cidr_blocks     = [""]
No alt text provided for this image

This will only allow SSH and HTTP to connect to websites hosted.

8. Now we will create EBS volume.

#To create EBS Volume
resource "aws_ebs_volume" "web" {
	availability_zone  = "ap-south-1a"
	type	   = "gp2"
	size		   = 1
	tags		   = {
		Name = "webebs"
No alt text provided for this image

Here we created one EBS volume in the mumbai region and with "gp2" type.

9. Now we will create our EC2 Instance

#To create instance 
resource "aws_instance" "webosec2" {
	ami		   = "ami-005956c5f0f757d37"
	availability_zone  = "ap-south-1a"
	instance_type	   = "t2.micro"
	key_name	   = "amzlinux"     #"${aws_key_pair.generated_key.key_name}"
	security_groups	   = ["${aws_security_group.webos-sg.name}"]
	user_data	   = <<-EOF
			       #! /bin/bash
			       sudo su - root
			       yum install httpd -y
			       yum install php -y
			       yum install git -y
			       yum update -y
			       service httpd start
			       chkconfig --add httpd

	tags		   = {
		Name = "webserver-php"
No alt text provided for this image

Here we choose the same region as the ebs volume because it's necessary as OS can connect to Hard Disk present in the same region. Then we used here key "amzlinux" which we will need to create only once manually. The commented code there is used if we create key pair using code itself. Here we gave our requirement which we need to be installed in our system and made httpd service permanent using "chkconfig --add httpd".

10. Now lets attach EBS to our instance

#To attach the EBS volume
resource "aws_volume_attachment" "ebs_att" {
	device_name  = "/dev/sdc"
	volume_id    = "${aws_ebs_volume.web.id}"
	instance_id  = "${aws_instance.webosec2.id}"
    force_detach = true
No alt text provided for this image

Here we have made force_detach true because usually once it's attached and mount it's not destroyed when we want to destroy the whole infrastructure that time we need to manually go and delete it, hence we set force_detach true by default it will be true.

11. To download code from GitHub and put it in the instance and store it in the EBS, here we will also first mount the attached EBS volume.

#To format mount and download git data into dir
resource "null_resource" "format_git" {

	connection {
		type  = "ssh"
		user  = "ec2-user"
		private_key  = file("F:/Hybrid-Multi-Cloud/terra/job1/amzlinux.pem")
		host  = aws_instance.webosec2.public_ip
	provisioner "remote-exec" {
		inline = [ 
			     "sudo mkfs -t ext4 /dev/xvdc",
			     "sudo mount /dev/xvdc /var/www/html",
			     "sudo rm -rf /var/www/html/*",
			     "sudo git clone https://github.com/AnonMrNone/mutli-hybrid-cloud-1.git /var/www/html/",
	depends_on  = ["aws_volume_attachment.ebs_att"]
No alt text provided for this image

Here we used provisioner "local-exec" which is used to execute commands in local system, but here we used null_resource because for provisioner to run it need any kind of resource and our objective is to just run local commands so instead of using some resource we used null which will save our space and computing.

12. To create S3 Bucket

#To create S3 bucket
resource "aws_s3_bucket" "shubhambtesting1234" {
  bucket = "shubhambtesting1234"
  acl    = "public-read"
  force_destroy  = true
  cors_rule {
    allowed_headers = ["*"]
    allowed_methods = ["PUT", "POST"]
    allowed_origins = ["https://shubhambtesting1234"]
    expose_headers  = ["ETag"]
    max_age_seconds = 3000
No alt text provided for this image

Here we need to keep in mind that the name of the bucket needs to be unique because S3 service is global service i.e. it doesn't need any location name to be created like instance and EBS volume. Here also I have enabled force_destroy and added cors_rules which means how you cant S3 to behave.

13. To upload data to S3 bucket

#To upload data to S3 bucket
resource "null_resource" "remove_and_upload_to_s3" {
  provisioner "local-exec" {
    command = "F:/Hybrid-Multi-Cloud/terra/job1/s3update.bat"
  depends_on  = ["aws_s3_bucket.shubhambtesting1234"]
No alt text provided for this image

You can see we have used here provisioner with null resource. Here, I am running one .bat file which contains some command line command to be executed, since it is windows machine, I have written it in .bat file.

This is the code of that .bat file

git clone https://github.com/AnonMrNone/mutli-hybrid-cloud-1.git 
aws s3 sync F:/Hybrid-Multi-Cloud/terra/job1/mutli-hybrid-cloud-1/ s3://shubhambtesting1234/
aws s3api put-object-acl --bucket shubhambtesting1234 --key index.html --acl 
aws s3api put-object-acl --bucket shubhambtesting1234 --key shubham.jpg --acl public-read
No alt text provided for this image

This code will download the github code and upload it to S3 bucket and make it publicly available as we need to host it as website and we need our clients to be connected. Just write this code and save it with .bat extension.

14. Now we have to create CloudFront distribution which will be the biggest and the most important because this will help us for scale our website world wide.

# Create Cloudfront distribution
resource "aws_cloudfront_distribution" "distribution" {
    origin {
        domain_name = "${aws_s3_bucket.shubhambtesting1234.bucket_regional_domain_name}"
        origin_id = "S3-${aws_s3_bucket.shubhambtesting1234.bucket}"
        custom_origin_config {
            http_port = 80
            https_port = 443
            origin_protocol_policy = "match-viewer"
            origin_ssl_protocols = ["TLSv1", "TLSv1.1", "TLSv1.2"]
    # By default, show index.html file
    default_root_object = "index.html"
    enabled = true

    # If there is a 404, return index.html with a HTTP 200 Response
    custom_error_response {
        error_caching_min_ttl = 3000
        error_code = 404
        response_code = 200
        response_page_path = "/index.html"

    default_cache_behavior {
        allowed_methods = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
        cached_methods = ["GET", "HEAD"]
        target_origin_id = "S3-${aws_s3_bucket.shubhambtesting1234.bucket}"

        #Not Forward all query strings, cookies and headers
        forwarded_values {
            query_string = false
	    cookies {
		forward = "none"

        viewer_protocol_policy = "redirect-to-https"
        min_ttl = 0
        default_ttl = 3600
        max_ttl = 86400

    # Distributes content to all
    price_class = "PriceClass_All"

    # Restricts who is able to access this content
    restrictions {
        geo_restriction {
            # type of restriction, blacklist, whitelist or none
            restriction_type = "none"

    # SSL certificate for the service.
    viewer_certificate {
        cloudfront_default_certificate = true
No alt text provided for this image

Here first we gave the origin which means from where we need to take the data which we need on CDN -Content Delivery Network. Then we have to give custom error response which makes our site more robust. default cache behavior allows us to adjust the behavior of the local cache which it will create on all the edge location. Then we need to set the viewer policy which helps us to make some extra security which will automatically redirect http to https request only. Then we have set price class which means where we want this content to be placed we set it to all that means to all around the world. Then restriction is the section where we can blacklist the countries where we don't want any customer to access our website. At last we set the SSL certificate.

15. To get the URL of our deployed website globally using cloudfront.

output "cloudfront_ip_addr" {
  value = aws_cloudfront_distribution.distribution.domain_name

No alt text provided for this image

This will give us the url of the cloudfront which hosted our website on all edge location which removes the cache everyday.

At last you have to combine this whole code snippet, it will look something like this.

#To declare which provider we want
provider "aws" {
	region  = "ap-south-1"

#To create security group with http and ssh
resource "aws_security_group" "webos-sg" {
  name        = "webos-sg"
  description = "allow ssh and http traffic"

  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = [""]

  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = [""]

  egress {
    from_port       = 0
    to_port         = 0
    protocol        = "-1"
    cidr_blocks     = [""]
#To create EBS Volume
resource "aws_ebs_volume" "web" {
	availability_zone  = "ap-south-1a"
	type	   = "gp2"
	size		   = 1
	tags		   = {
		Name = "webebs"
#To create instance 
resource "aws_instance" "webosec2" {
	ami		   = "ami-005956c5f0f757d37"
	availability_zone  = "ap-south-1a"
	instance_type	   = "t2.micro"
	key_name	   = "amzlinux"     #"${aws_key_pair.generated_key.key_name}"
	security_groups	   = ["${aws_security_group.webos-sg.name}"]
	user_data	   = <<-EOF
			       #! /bin/bash
			       sudo su - root
			       yum install httpd -y
			       yum install php -y
			       yum install git -y
			       yum update -y
			       service httpd start
			       chkconfig --add httpd

	tags		   = {
		Name = "webserver-php"
#To attach the EBS volume
resource "aws_volume_attachment" "ebs_att" {
	device_name  = "/dev/sdc"
	volume_id    = "${aws_ebs_volume.web.id}"
	instance_id  = "${aws_instance.webosec2.id}"
	force_detach = true
#To format mount and download git data into dir
resource "null_resource" "format_git" {

	connection {
		type  = "ssh"
		user  = "ec2-user"
		private_key  = file("F:/Hybrid-Multi-Cloud/terra/job1/amzlinux.pem")
		host  = aws_instance.webosec2.public_ip
	provisioner "remote-exec" {
		inline = [ 
			     "sudo mkfs -t ext4 /dev/xvdc",
			     "sudo mount /dev/xvdc /var/www/html",
			     "sudo rm -rf /var/www/html/*",
			     "sudo git clone https://github.com/AnonMrNone/mutli-hybrid-cloud-1.git /var/www/html/",
	depends_on  = ["aws_volume_attachment.ebs_att"]
#To create S3 bucket
resource "aws_s3_bucket" "shubhambtesting1234" {
  bucket = "shubhambtesting1234"
  acl    = "public-read"
  force_destroy  = true
  cors_rule {
    allowed_headers = ["*"]
    allowed_methods = ["PUT", "POST"]
    allowed_origins = ["https://shubhambtesting1234"]
    expose_headers  = ["ETag"]
    max_age_seconds = 3000
#To upload data to S3 bucket
resource "null_resource" "remove_and_upload_to_s3" {
  provisioner "local-exec" {
    command = "F:/Hybrid-Multi-Cloud/terra/job1/s3update.bat"
  depends_on  = ["aws_s3_bucket.shubhambtesting1234"]

# Create Cloudfront distribution
resource "aws_cloudfront_distribution" "distribution" {
    origin {
        domain_name = "${aws_s3_bucket.shubhambtesting1234.bucket_regional_domain_name}"
        origin_id = "S3-${aws_s3_bucket.shubhambtesting1234.bucket}"
        custom_origin_config {
            http_port = 80
            https_port = 443
            origin_protocol_policy = "match-viewer"
            origin_ssl_protocols = ["TLSv1", "TLSv1.1", "TLSv1.2"]
    # By default, show index.html file
    default_root_object = "index.html"
    enabled = true

    # If there is a 404, return index.html with a HTTP 200 Response
    custom_error_response {
        error_caching_min_ttl = 3000
        error_code = 404
        response_code = 200
        response_page_path = "/index.html"

    default_cache_behavior {
        allowed_methods = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
        cached_methods = ["GET", "HEAD"]
        target_origin_id = "S3-${aws_s3_bucket.shubhambtesting1234.bucket}"

        #Not Forward all query strings, cookies and headers
        forwarded_values {
            query_string = false
	    cookies {
		forward = "none"

        viewer_protocol_policy = "redirect-to-https"
        min_ttl = 0
        default_ttl = 3600
        max_ttl = 86400

    # Distributes content to all
    price_class = "PriceClass_All"

    # Restricts who is able to access this content
    restrictions {
        geo_restriction {
            # type of restriction, blacklist, whitelist or none
            restriction_type = "none"

    # SSL certificate for the service.
    viewer_certificate {
        cloudfront_default_certificate = true
output "cloudfront_ip_addr" {
  value = aws_cloudfront_distribution.distribution.domain_name

This is the final code of job.tf, running this will create the whole infrastructure just in sometime without any human intervention. We have created IaaS for automating Cloud service using Terraform.

16. Now to execute it, first run "terraform init", this will download all the required plugins by automatically reading the .tf file.

F:\Hybrid-Multi-Cloud\terra\job1>terraform init
No alt text provided for this image

Then run "terraform validate" this will validate the syntactical error if any.

F:\Hybrid-Multi-Cloud\terra\job1>terraform validate
No alt text provided for this image

There are some warning which tells we don't need some syntactical functions in current version but still it will work properly.

Now, finally we are going to run it using "terraform apply"

F:\Hybrid-Multi-Cloud\terra\job1>terraform apply

This will give a lot of output in between, I will show the last Screen Shot where we will finally get on url which cloudfront will provide for your website. This will give access to all the people of the world and with no latency and delay.

No alt text provided for this image

It will ask this, just give "yes", if you want even this thing to not pop up run this command

F:\Hybrid-Multi-Cloud\terra\job1>terraform apply -auto-approve

Here you can see it created 8 new things and finally gave our url.

No alt text provided for this image

Now anyone from all around the world can connect to this website with almost no latency.

No alt text provided for this image

Similarly we can destroy the whole set-up if we require by "terraform destroy" we can even add "-auto-approve" to skip the "yes" confirmation part.

F:\Hybrid-Multi-Cloud\terra\job1>terraform destroy -auto-approve
No alt text provided for this image

You can clearly see it destroyed all the 8 created services, the speed of creating and deleting depends upon your internet connection, so if it takes longer that means it's because of your connectivity.

GitHub: E2ECA

So thanks for reading this with keen interest?? Fell free to write your comments and ask query about this.??? Enjoy your auto deployment of service on cloud.????

Abhishek Chouhan

DevOps Engineer at Toorak Capital

4 年

GooD JoB BuDdy !

Neelesh Tiwari, CISSP, CISM

Security Manager || | Innovating in AI and Cloud Security at McKinsey & Company

4 年

Really Nice

Vimal Daga

World Record Holder | 2x TEDx Speaker | Philanthropist | Sr. Principal Consultant | Entrepreneur | Founder LW Informatics | Founder Hash13 pvt ltd | Founder IIEC

4 年


Swapnil Khairnar

DevOps Engineer @o9 Solutions | 3 × Redhat Certificated | RHCE

4 年

Great work ????


Shubham Bhalala的更多文章

