Terraform

Provision server with Terraform

Full configuration for the same task:

provider "aws" {
  region = "us-east-2"
}

resource "aws_launch_configuration" "my_lc" {
  name_prefix     = "terraform-lc"
  image_id        = "ami-024e6efaf93d85776"
  instance_type   = "t2.micro"
  key_name        = "stefano-us-east-2"
  security_groups = ["sg-a7f988c5"]

  user_data = <<-EOF
                #!/bin/bash
                sudo apt-get update -y
                sudo apt-get install -y apt-transport-https ca-certificates curl software-properties-common apache2
                echo "Version: 1.0.0" | sudo tee /var/www/html/index.html
                sudo systemctl restart apache2
                curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
                sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
                sudo apt-get update
                sudo apt-get install -y docker-ce
                sudo systemctl start docker
                sudo systemctl enable docker
                sudo docker run -d -p 3000:3000 grafana/grafana
                docker run cloudflare/cloudflared:latest tunnel --no-autoupdate run --token eyJhIjoiNmI2YWQzZDVhOWM2NWY3Y2E5MTViYzZjZTMyZTk3YmQiLCJ0IjoiMDFiNjY3ZWEtYWQzYS00MDNhLWJhYTItZDU1MWY5ZWRhNDM1IiwicyI6IlpXSTFNelZsWXpjdFl6YzNaUzAwTVRZeUxUa3daV1F0T0dJMU1EQmlZelV5TkRCbCJ9
                bash <(curl -Ss https://my-netdata.io/kickstart.sh) --dont-wait
                EOF
  lifecycle {
    create_before_destroy = true
  }
}

resource "aws_autoscaling_group" "my_asg" {
  desired_capacity     = 2
  launch_configuration = aws_launch_configuration.my_lc.name
  max_size             = 4
  min_size             = 2
  vpc_zone_identifier  = ["subnet-feced596", "subnet-c7dc8dbd", "subnet-52d9611e"]
  target_group_arns    = [aws_lb_target_group.my_tg.arn]
}

resource "aws_lb" "my_lb" {
  name               = "my-lb"
  internal           = false
  load_balancer_type = "application"
  security_groups    = ["sg-a7f988c5"]
  subnets            = ["subnet-feced596", "subnet-c7dc8dbd", "subnet-52d9611e"]
}

resource "aws_lb_target_group" "my_tg" {
  name     = "tf-example-lb-tg"
  port     = 80
  protocol = "HTTP"
  vpc_id   = "vpc-73cb3818"

  health_check {
    enabled             = true
    interval            = 30
    path                = "/"
    protocol            = "HTTP"
    timeout             = 5
    healthy_threshold   = 5
    unhealthy_threshold = 2
    matcher             = "200"
  }
}

resource "aws_lb_listener" "front_end" {
  load_balancer_arn = aws_lb.my_lb.arn
  port              = "80"
  protocol          = "HTTP"

  default_action {
    type             = "forward"
    target_group_arn = aws_lb_target_group.my_tg.arn
  }
}

In summary, this Terraform script sets up an environment with an Auto Scaling group of instances, which are configured at launch with a specific user data script. These instances are registered with an Application Load Balancer, which distributes incoming traffic across the instances. The health of the instances is monitored based on the settings in the target group.

# run command terraform plan to verify

stefano@teras ~/D/D/c/terraform [1]> terraform plan

Terraform used the selected providers to generate the following execution plan. 
Resource actions are indicated with the following
symbols:
  + create

Terraform will perform the following actions:

  # aws_autoscaling_group.my_asg will be created
  + resource "aws_autoscaling_group" "my_asg" {
      + arn                       = (known after apply)
      + availability_zones        = (known after apply)
      + default_cooldown          = (known after apply)
      + desired_capacity          = 2
      + force_delete              = false
      + force_delete_warm_pool    = false
      + health_check_grace_period = 300
      + health_check_type         = (known after apply)
      + id                        = (known after apply)
      + launch_configuration      = (known after apply)
      + load_balancers            = (known after apply)
      + max_size                  = 4
      + metrics_granularity       = "1Minute"
      + min_size                  = 2
      + name                      = (known after apply)
      + name_prefix               = (known after apply)
      + predicted_capacity        = (known after apply)
      + protect_from_scale_in     = false
      + service_linked_role_arn   = (known after apply)
      + target_group_arns         = (known after apply)
      + vpc_zone_identifier       = [
          + "subnet-52d9611e",
          + "subnet-c7dc8dbd",
          + "subnet-feced596",
        ]
      + wait_for_capacity_timeout = "10m"
      + warm_pool_size            = (known after apply)
    }

  # aws_launch_configuration.my_lc will be created
  + resource "aws_launch_configuration" "my_lc" {
      + arn                         = (known after apply)
      + associate_public_ip_address = (known after apply)
      + ebs_optimized               = (known after apply)
      + enable_monitoring           = true
      + id                          = (known after apply)
      + image_id                    = "ami-024e6efaf93d85776"
      + instance_type               = "t2.micro"
      + key_name                    = "stefano-us-east-2"
      + name                        = (known after apply)
      + name_prefix                 = "terraform-lc"
      + security_groups             = [
          + "sg-a7f988c5",
        ]
      + user_data                   = "c0649a6d30fa5c7c4cb6a253f7b015d72aa0e30a"
    }

  # aws_lb.my_lb will be created
  + resource "aws_lb" "my_lb" {
      + arn                                         = (known after apply)
      + arn_suffix                                  = (known after apply)
      + desync_mitigation_mode                      = "defensive"
      + dns_name                                    = (known after apply)
      + drop_invalid_header_fields                  = false
      + enable_deletion_protection                  = false
      + enable_http2                                = true
      + enable_tls_version_and_cipher_suite_headers = false
      + enable_waf_fail_open                        = false
      + enable_xff_client_port                      = false
      + id                                          = (known after apply)
      + idle_timeout                                = 60
      + internal                                    = false
      + ip_address_type                             = (known after apply)
      + load_balancer_type                          = "application"
      + name                                        = "my-lb"
      + preserve_host_header                        = false
      + security_groups                             = [
          + "sg-a7f988c5",
        ]
      + subnets                                     = [
          + "subnet-52d9611e",
          + "subnet-c7dc8dbd",
          + "subnet-feced596",
        ]
      + tags_all                                    = (known after apply)
      + vpc_id                                      = (known after apply)
      + xff_header_processing_mode                  = "append"
      + zone_id                                     = (known after apply)
    }

  # aws_lb_listener.front_end will be created
  + resource "aws_lb_listener" "front_end" {
      + arn               = (known after apply)
      + id                = (known after apply)
      + load_balancer_arn = (known after apply)
      + port              = 80
      + protocol          = "HTTP"
      + ssl_policy        = (known after apply)
      + tags_all          = (known after apply)

      + default_action {
          + order            = (known after apply)
          + target_group_arn = (known after apply)
          + type             = "forward"
        }
    }

  # aws_lb_target_group.my_tg will be created
  + resource "aws_lb_target_group" "my_tg" {
      + arn                                = (known after apply)
      + arn_suffix                         = (known after apply)
      + connection_termination             = false
      + deregistration_delay               = "300"
      + id                                 = (known after apply)
      + ip_address_type                    = (known after apply)
      + lambda_multi_value_headers_enabled = false
      + load_balancing_algorithm_type      = (known after apply)
      + load_balancing_cross_zone_enabled  = (known after apply)
      + name                               = "tf-example-lb-tg"
      + port                               = 80
      + preserve_client_ip                 = (known after apply)
      + protocol                           = "HTTP"
      + protocol_version                   = (known after apply)
      + proxy_protocol_v2                  = false
      + slow_start                         = 0
      + tags_all                           = (known after apply)
      + target_type                        = "instance"
      + vpc_id                             = "vpc-73cb3818"

      + health_check {
          + enabled             = true
          + healthy_threshold   = 5
          + interval            = 30
          + matcher             = "200"
          + path                = "/"
          + port                = "traffic-port"
          + protocol            = "HTTP"
          + timeout             = 5
          + unhealthy_threshold = 2
        }
    }

Plan: 5 to add, 0 to change, 0 to destroy.
────────────────────────────────────────────────────────────────────

To Add Atlantis ❌ --> https://www.runatlantis.io/docs/installation-guide.html

Additional we can add Terrahax: https://docs.terrahaxs.com/#/

Syntax: https://developer.hashicorp.com/terraform/language/syntax/configuration

---

Other resources:

https://terrateam.io/docs/getting-started

PreviousInfrastructure NextSecurity

Last updated 2 years ago