nealalan.github.io/LAB-AWS_webserver_via_terraform

Project Goal

Project Files

You should have a good understanding of the files involved and the filesystem used on your computer and the webserver. Also you will need to know how to edit the files. I am using atom in my examples, but you can replace if with code is you use VisualStudio Code.

Terraform Files

*.tf - terraform files (infrastructure as code) to create a VPC, infrastructure components and an Ubuntu webserver in a Public Subnet

Shell Script File

Your system and ‘Hidden’ files the system uses

You will need to understand what these files are and be able to edit these files

Section 1 - AWS Account Setup.

Billing

Lets talk about billing. Even though you are using the Free Tier, it is your responsibility to understand the limits and stay within them.

Section 2 - AWS Security

First, you need a password manager! If you’re not using a password manager, USE ONE! You will have keys and passwords to keep track of and a password manager is the best way!

Identity and Access Management (IAM) & Account Security

Create new users in IAM

New User: administrator user

New User: terraform user

Public / Private Access Keys

Generate a Private key

Use the Private key to generate a Public key

$ cd
$ mkdir .ssh
$ cd .ssh
# set the permissions on the key for it to be used by ssh utilities
$ chmod 500 web-site.pem
# generate a public key from the private key file
$ ssh-keygen -y -f web-site.pem > web-site-pub-key.pem

Section 3 - Domain Name

The cost is pretty cheap for first year and renewal years, as listed, for some “tld’s” (top level domains).

Pick Your Domain Name

You have a couple choices for domain names.

1) Register and manage with GoDaddy or other registrar services. Or choose the cheapest one possible by searching “cheapest tld”.

2) Registered and manager with AWS Route 53.

Create a Hosted Zone in Route 53

The hosted zone in route 53 has a monthly charge of about 50 cents. If you choose, you can manage your DNS records outside of AWS as mentioned in the last section.

Section 4 - Terraform Script

Install Terraform

Go to the Hashicorp Terraform site.

# if on a Mac, try
$ brew install terraform

Setup Credentials

Add the keys created in AWS IAM to your ~/.aws/credentials file.

$ cd
$ mkdir .aws
$ cd .aws
$ atom credentials

In the credentials file you want to add an entry:

[terraform]
aws_access_key_id = A*******************
aws_secret_access_key = z9************************************

We will be referring to these in our variables in our terraform script.

Create an Elastic IP address

Customize the scripts

Most of the changes will take place in the variables.tf file.

  1. Remove documentation that is irrelevant to the your site.
  2. Change variables project_name. This is what your VPC will be named.
  3. Set your pub_key_path. This is the file you created from the private key in the .ssh/ folder.
  4. Set your creds_path and creds_profile. The creds fields are the AWS keys we saved.
  5. Add the instance_assigned_elastic_ip as the Elastic IP address you created.
  6. Find your local IP address as add_my_inbound_ip_cidr:
    $ curl ifconfig.co
    
  7. (optional) Set your CIDR ranges. For this project we only need a couple of IP addresses, but you also want to learn CIDR addressing from a scalable perspective.
  8. Change variables subnet_1_name and subnet_2_name.
  9. Name your pub_key_name what you want it to be called in the AWS Keys library. Likely best to keep it whatever the file of the key is called, without the .pem extension.
  10. The ami variable should be fine unless you want to install a different version of Ubuntu.

Regarding the rest of the script, as of now, you shouldn’t have to edit any of it, at least not for the scope of this lab.

Run the script!

  1. TEST: This will show you potential errors and give you details of resources that will be created by terraform.
    terraform plan
    
  2. RUN the script for real! After the script complets, you can explore your new Infrascture on AWS under VPC and EC2.
    $ terraform apply
    
  3. CONNECT:
    $ ssh -i ~/.ssh/web-site.pem ubuntu@ip
    

Note: If your IP changes, for example you’re on a VPN, you will need to add your new IP address to the VPC Security Group. I do this nearly everytime I go to a new coffee shop.

Section 5 - NGINX and server configuration script

Download

Download the generic version of the script and then make the script executable.

$ curl https://raw.githubusercontent.com/nealalan/tf-nealalan.com/master/install.sh > install.sh
$ chmod +x ./install.sh

Customize the script

$ nano install.sh
  1. Remove documentation that is irrelevant to the your site.
  2. Change all references of nealalan.com to your domain name.
  3. Remove all reference to neonaluminum.com (or change it to another domain or subdomain or for whatever you have the Elastic IP assigned to a DNS record.)
  4. On the “sudo certbot –authenticator” line, PLEASE change the email address to your email address.
  5. Remove the “git clone” lines for nealalan.com and neonaluminum.com unless you want to clone your websites. If you do remove them you will simply need to create your own.

Run the script!

This will take a few minutes, and if you edited everything correctly, you should be kicked out of the ssh connection.

$ ./install.sh

Section 6 - Your page

In the script, links were automatically made to the folders holding your website. So, for example, from my ~/ (home directory) I can just perform:

$ cd nealalan.com
$ nano -m index.html

My page

Section 7 - Undo, undo, undo

To get rid of everything:

TO-DO

[edit]