DevOps(2) : Terraform setup and ec2 instance running with terraform
Terraform
It's an IAC ( Infrastructure as a code ) tool, which let you write simple configuration files ( which you can share, reuse and version ) to manage and define cloud-based/on-premise infrastructure.
you can integrate your cloud [ AWS, AZURE, GCP, Oracle cloud platform, etc] infrastructure with Terraform tool, you can create the infrastructure and destroy it.
additional resource: https://spacelift.io/blog/how-to-destroy-terraform-resources
Terraform setup
visit https://www.terraform.io/downloads, and there download the binary according to your device, in my case I am using an amd64 device with Linux os, so I will wget the respective binary.
$ wget --no-check-certificate
https://releases.hashicorp.com/terraform/1.1.9/terraform_1.1.9_linux_arm64.zip
$ unzip terraform_1.1.9_linux_amd64.zip
$ echo $PATH
and then move the binary, to any of the listed paths
Running EC2 instance on AWS using terraform
now there are mainly five stages for using terraform ( .tf ) configuration files, for IAC
- writing configuration files
each file consists of mainly two-portion i) provider [ AWS/AZURE/GCP ] ii) resource we are going to use from provider [ EC2/S3/RDS ]
in our case provider is AWS, so first, we need to create a user with admin permission using whose keys we will get authenticated and authorized for creating resources.
open AWS console management, and search for IAM to open the IAM console, it will look like as shown in the below image
Click on the Users section on the left panel,
add user,
give programmatic access, click on next
create a group with administrative access
and attach the user to it, click next, next
review and then create a user
we will have an access key and secret access key, save this to a file.
2. Defining the AWS provider in the configuration file
create a folder terraform, then a create a file instance.tf and open it in any editor, put the following code to define the AWS provider
provider “aws” {
region = “ap-south-1”
access_key = “ACCESS_KEY”
secret_key = “SECRET_ACCESS_KEY”
}
here we are going to create resources in the ap-south-1 region
now we need to mention the ec2 type, AMI id, in the resource section to create the instance.
I am going to create a t2.micro ubuntu machine instance in ap-south-1, so I can copy the AMI id from the ec2 console, for this click on launch instance on the EC2 dashboard, select ubuntu, and copy the AMI id
AMI id : ami-0756a1c858554433e
put below code in instance.tf for giving instance properties
resource “aws_instance” “ap-south-1” {
ami = “ami-0756a1c858554433e”
instance_type = “t2.micro”
tags = {
Name = “HelloWorld”
}
}
Note: the same image has different AMI id in different regions of AWS
3. starting terraform
terraform works in 4different stages
i) init => by this terraform detect the .tf configuration file, check the validity of keys, this will clone the version control files and prepare the directory for further
$ terraform init
ii) plan => The terraform plan
command evaluates a Terraform configuration to determine the desired state of all the resources it declares, then compares that desired state to the real infrastructure objects being managed with the current working directory and workspace
$ terraform plan
iii) apply => This will show the user the changes which are going to happen and then ask the user for the final confirmation, if the user allows the changes will be made
before apply
$ terraform apply
after this
iv) terraform destroy
The terraform destroy
command destroys all of the resources being managed by the current working directory and workspace, using state data to determine which real-world objects correspond to managed resources. Like terraform apply
, it asks for confirmation before proceeding.
and the instance will be terminated from the dashboard
Note: make sure that your computer time is syncing with the internet, sometime timestamps will give errors if the computer time is wrong.
For more DevOps, CTFs and bug bounty writeup, or content related to ethical hacking, android penetration testing. follow me on:
Youtube: https://www.youtube.com/channel/UC17W_Ircv7EmIIdbJeOQ_BQ
Instagram: https://www.instagram.com/hackpeas/
Linkedin: https://www.linkedin.com/in/viraj-vaishnav-19b0a61aa/
Twitter: https://twitter.com/VirajVaishnav16
Thank You..