Task 1: Launching an app in AWS by Terraform

This is my 1st task in hybrid multi cloud training under the Mentorship of @vimaldaga Sir So here in this task we were supposed to launch an app in AWS using Terraform code. Whose steps are as follows along with some screenshots and snippets:

#describing provider
provider "aws" {
   region = "ap-south-1"
   access_key = "AK***************NLU"  
  secret_key = "R2***********************************Dn+"
 }


#Creating Key
resource "tls_private_key" "tls_key" {
  algorithm = "RSA"
}


#Generating Key-Value Pair
resource "aws_key_pair" "mykey" {
  key_name   = "zoomkey"
  public_key = "${tls_private_key.tls_key.public_key_openssh}"
}


resource "aws_security_group" "morning-ssh-http" {
  name        = "morning-ssh-http"
  description = "allow ssh and http traffic"


  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }




  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
  egress {
    from_port       = 0
    to_port         = 0
    protocol        = "-1"
    cidr_blocks     = ["0.0.0.0/0"]
  }
}




#Creating a S3 Bucket
resource "aws_s3_bucket" "web-bucket" {
  bucket = "my-web-static-data-buckett"
  acl    = "public-read"
}


#Putting Objects in S3 Bucket
resource "aws_s3_bucket_object" "web-object1" {
  bucket = "${aws_s3_bucket.web-bucket.bucket}"
  key    = "image.png"
  source = "image.png"
  acl    = "public-read"
}


#Creating CloutFront with S3 Bucket Origin
resource "aws_cloudfront_distribution" "s3-web-distribution" {
  origin {
    domain_name = "${aws_s3_bucket.web-bucket.bucket_regional_domain_name}"
    origin_id   = "${aws_s3_bucket.web-bucket.id}"
  }


  enabled             = true
  is_ipv6_enabled     = true
  comment             = "S3 Web Distribution"


  default_cache_behavior {
    allowed_methods  = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
    cached_methods   = ["GET", "HEAD"]
    target_origin_id = "${aws_s3_bucket.web-bucket.id}"


    forwarded_values {
      query_string = false


      cookies {
        forward = "none"
      }
    }


    viewer_protocol_policy = "allow-all"
    min_ttl                = 0
    default_ttl            = 3600
    max_ttl                = 86400
  }


  restrictions {
    geo_restriction {
      restriction_type = "whitelist"
      locations        = ["IN"]
    }
  }


  tags = {
    Name        = "Web-CF-Distribution"
    Environment = "Production"
  }


  viewer_certificate {
    cloudfront_default_certificate = true
  }


  depends_on = [
    aws_s3_bucket.web-bucket
  ]
}


resource "aws_instance" "good-morning" {
  ami               = "ami-0447a12f28fddb066"
  instance_type     = "t2.micro"
  availability_zone = "ap-south-1a"
  security_groups   = ["${aws_security_group.morning-ssh-http.name}","default"]
  key_name = "zoomkey"
  user_data = <<-EOF
                #! /bin/bash
                sudo yum install httpd -y
                sudo systemctl start httpd
                sudo systemctl enable httpd
                echo "<h1>Sample Webserver Network Nuts </h1><br><img src='https://${aws_cloudfront_distribution.s3-web-distribution.domain_name}/image.png'>" | sudo tee  /var/www/html/index.html
  EOF




  tags = {
        Name = "webserver"
  }


}




#creating and attaching ebs volume


resource "aws_ebs_volume" "data-vol" {
 availability_zone = "ap-south-1a"
 size = 1
 tags = {
        Name = "data-volume"
 }


}
#
resource "aws_volume_attachment" "good-morning-vol" {
 device_name = "/dev/sdc"
 volume_id = "${aws_ebs_volume.data-vol.id}"
 instance_id = "${aws_instance.good-morning.id}"
}


#Creating EBS Snapshot
resource "aws_ebs_snapshot" "ebs_snapshot" {
  volume_id   = "${aws_ebs_volume.data-vol.id}"
  description = "Snapshot of our EBS volume"
  
  tags = {
    env = "Production"
  }


  depends_on = [
    aws_volume_attachment.good-morning-vol
  ]




}


resource "null_resource" "chrome" {
provisioner "local-exec" {
 command = "start chrome ${aws_instance.good-morning.public_ip}/index.html"
}


}

Applied code snippet :

1. Create the key and security group which allow the port 80.

2. Launch EC2 instance.

3. In this Ec2 instance use the key and security group which we have created in step 1.

4. Launch one Volume (EBS) and mount that volume into /var/www/html

5. Developer have uploded the code into github repo also the repo has some images.

6. Copy the github repo code into /var/www/html

7. Create S3 bucket, and copy/deploy the images from github repo into the s3 bucket and change the permission to public readable.

8 Create a Cloudfront using s3 bucket(which contains images) and use the Cloudfront URL to update in code in /var/www/html