Akshat Soni

Jun 14, 2020

5 min read

TASK1_HCC_LAUNCHING AN APP/SERVER USING TERRAFORM-2

In my previous blog i have explained how to setup the complete infrastructure using terraform. But after learning the concept of provisioning i have improvised the infrastructure and added alot more new things.

I have explained how to create a key using the puttygen and now i am gonna continue from that part. You can get the .pem file of the key from the puttygen. For this goto Load-> select the .ppk file ->Conversions ->Export openSSH key -> click yes -> give keyname.pem and then Save.

The 2nd way for creating the key and saving the file directly is to use the tls_private_key function.

After creating the key we can now create the security groups. I have explained about that part in my previous blog. But if we use multiple instances and then use same security groups than it will give us error while destroying the security group because it will remain in a busy state in that condition. To overcome this part we need to use lifecycle {create_before_destroy = true}argument in the security group block as it will create a copy before destroying it and can be deleted while deleting one infrastructure.

In this thing there are 3 things which are in busy state the security goups , attached volume and the S3 bucket as we are uploading the data in it. If suitable arguments are not given inside the block then they will give error while destroying the infrastructure. I have explained the creation of these parts and now I am giving the screenshots of those keyword which can be used to destroy them.

After using these keywords we can easily destroy the infrastructure in one go.

Now to connect the bucket with the CloudFront we need the origin access identity or the cannonical user id without this we wont set the bucket policy rules accordingly. Use these keywords to create the origin access identity.

Use the OAI keyword inside the CDN

After this you can set the bucket policy rules inside the aws_s3_policy block.

After defining the policy rules we can upload the files in the S3 bucket. Not only the images we can upload the txt, html files , java applications etc but for this we need to describe the content_type and also we have to set the object policy rules.

Now after uploading the object on the bucket we can access the object only from the cloudfront domain name. So we need to update the html code

Here we can either give the cloudfront name to the developer and then he will update in the code manually or we can replace that url in the code using Streamx editor(sed) or using Heredoc syntax in the terraform, this will be done by doing the remote execution to the instance. Also heredoc syntax will be useful only when we need to attach one block or line in the end of the complete code , while sed can be a great tool as we can substitute multiple lines in the code.

Use this link to learn how to use this tool : https://www.geeksforgeeks.org/sed-command-in-linux-unix-with-examples/

I have written url in the html code you can use the url you have written and use delimiter + instead of /othervice it will give error in updating some part.

After changing the code open the webserver using the instance’s public ip using the terraform

Finally use terraform apply to build the complete infrastructure.

One more thing we can do here. We can store only a particular data from each block in a txt file. For example if we would like to store complete output of the instances we cant do that instead we can store one particular output from the complete instance block. To store the complete data we can either use “aws ec2 describe-instances > file.json” or we can use the “jqwin64.exe” command to store the data into a json file, so that it can be further used by the developers for more information

I have explained all the part which i have changed in my code. Read the previous blog in case of any confusion. And if you dont understand any part feel free to contact me.

Previous Blog link :- https://medium.com/@akshatsoni396/launching-an-app-server-using-terraform-f1c95c778c8f

Github link :- https://github.com/akshat-crypto/HCC_Task1

Linkedin profile:- https://www.linkedin.com/in/akshat-soni-011b461a6/