Learn Terraform Installation and how to write an AWS Terraform Script
Before diving into the terraform installation and template of creating AWS resources & setting up the network. We will have a brief about, What is Infrastructure as code? What is Terraform?
What is Infrastructure as Code (IaC)?
Infrastructure as code templates all infrastructure like virtual machines, networks, data centers, storage. Launching all the resources using template script skipping all the manual installation process.
Terraform is open-sourced infrastructure as a code software tool. It supports all the major cloud providers (AWS, Azure, Google Cloud, Kubernetes, Oracle Cloud, and Alibaba Cloud. Developers can plan, create and destroy all cloud resources using a terraform script.
How to install a Terraform and create a VPC connection and attach it to an EC2 Instance?
Step 1: Installing Terraform
1. Update the system packages.
2. And make sure gnupg, software-properties-common, and curl packages are installed.
3. Add the HashiCorp GPG key. Once steps 1 & 2 are done.
4. Add the official HashiCorp Linux repository.
5. Update the system again to add the repository
6. Run the terraform install
7. Verify the installation by checking the terraform version
Step 2: Creating a VPC connection and attaching it to an EC2 Instance using Terraform
1. Creating a directory and creating a .tf file
2. AWS terraform script file
check-in-to the file, we will start adding the VPC connection required resource's snippet in the file
a. AWS virtual Private Cloud.
i. Virtual Private cloudAWS Virtual Private Cloud is a virtual network isolated to your AWS account where AWS resources can be launched in that virtual network.
VPC lets having complete control over virtual networking environment, including selecting own IP address ranges. If VPC wants to work, it needs to create some other couple of components like subnets, gateways, and route tables.
Terraform AWS VPC resource creation Declare your cidr_block address where you want to create your VPC connection.
ii. SubnetA subnet is a concept that divides an extensive network into sub-networks. Subnet leverage in launching multiple instances in multiple sub-networks or subnets. And dividing two or more networks is called subnetting.
AWS provides two types of subnetting: public, which allows the internet to access the machine, and private, which is hidden from the internet.
In this example, we will create one public and one private subnet.
To differentiate whether the subnet is public or private. Do not miss adding this config.
It makes this a public subnet. Default it will be like a private subnet.
Declare different cidr_block addresses for public and private subnets. If it is the same then it will cause an issue.
And attach the VPC id for which you want to create the subnet.
Terraform AWS Subnet creation.
iii. Internet Gateway
An Internet Gateway (IGW) is a logical connection between an Amazon VPC and the internet. Without having an Internet Gateway in our VPC, we can not access the resources from the internet which are present in that VPC.
Attach the VPC id for which you want to create the subnet
Terraform AWS Internet Gateway.
iv. Elastic IP
An Elastic IP address is a public static IPv4 address reachable from the internet. AWS uses elastic IP addresses to manage its dynamic cloud computing services.
When launching an EC2 instance, the public IP address will be generated by which that instance is reachable from the internet. Once stopping that instance and restarting it, a new public IP address will generate for the same instance.
So it is a problem to connect instances from the internet for not having a static IP. We attach an Elastic IP to an Instance that does not change after stopping/starting the instance to overcome this problem.
A static IP address is useful in many situations such as DNS configurations, load balancing, failover, etc.
Terraform AWS Elastic IP
v. Network Address Translation (NAT) Gateway
NAT gateway enables instances present in a private subnet to help connect to the internet or AWS services.
Attach the elastic IP address and private subnet id created above.
Terraform AWS NAT Gateway
vi. Route Table
A Route Table contains information that determines where the network traffic of a subnet or gateway will direct.
Each VPC has a default route table connected to each subnet. On the other hand, we can create our route table to define traffic flow within VPC.
We will create a Route Table for the VPC and attach one route table to an Internet gateway and another Route table to NAT Gateway.
Attach the VPC, internet gateway, and NAT gateway which created. Moreover, keep the cidr_block "0.0.0.0/0" to access from the internet anywhere.
Terraform AWS Route Table
vii. Route Table Association
Route table association creates an association between a Route table and a subnet, internet gateway, or virtual private gateway.
For attaching the Route table to a subnet, we will create a route table association.
viii. Security Group
A security group is a route traffic rule table for EC2 instances to control inbound and outbound traffic.
Security group and Route table are both used to create traffic rules, but Route tables are used in VPC for traffic direction at a subnet level, while SG is for instance level.
In the Ingress block, you can define your own traffic rules as per your requirement and attach the VPC id..
We are done with configuring the VPC connection. We will now create an ec2 instance with a key pair and attach the created VPC connection.
b. EC2 Instance
Check-in to the file, we will start adding the EC2 connection required resource's snippet in the file.
i. Key Pair Generation
Key pair generation can be done on the local machine itself. Just run ssh-keygen, and it should prompt details on where to create the key.
Note: If you run the above command on your local machine, it will generate both the public key and the private key. Use the generated public key pair.
ii. EC2 instance creation
An Amazon EC2 is a feature where it provides virtual machines. Using EC2 instance, we can run applications on the AWS infrastructure. In AWS, virtual machines/servers are named as an instance. An instance creation can be done by configuring the memory, storage, availability zone where it should be available, and a lot more can be configured.
Use the AWS AMI id, which is suitable for the requirement.
3. Intializing a Terraform
The terraform init command initializes the terraform configuration files in the working directory.
Terraform must initialize the provider before it can be used. Initialization downloads and installs the provider's plugin to later be executed.
Check into the directory of the VPC and run the terraform init command to download all required plugins of the provider & resources.
Repeat step 1 for the ec2 folder as well.
4. Doing a dry-run of the terraform script
Run the terraform validate command before the plan. It validates script format and attributes are correct or not.
Run terraform plan now, which is used to create an execution plan. It will not modify things in infrastructure. It just helps in understanding what resources are going to create.
Check into the directory of the VPC and run the terraform validate and plan command to validate and see the resources that will create.
Repeat step 1 for the ec2 folder as well.
5. Applying the terraform script.
The terraform apply the command is used to apply the changes required to reach the desired state of the configuration.
From steps 3 & 4, We made sure configured .tf files, initialized & validated.
Now we are one step away from creating the resources.
Now run the VPC .tf file first.
Once all VPC resources are created successfully. Copy-paste id values of the VPC and public subnet id; otherwise, using the dynamic variables, we can get the values of the other to terraform script-generated value. Run the apply command for EC2 terraform file as well.
Finally, created an ec2 instance in a virtual private cloud defining our own CIDR-blocks, route table & security group as well.