Auto Scaling helps you maintain application availability and allows to dynamically scale Amazon instances capacity up or down automatically according to defined conditions. Auto Scaling detects impaired Amazon EC2 instances and unhealthy applications, and replace the instances without user intervention.

key.tf

Creating key pair

lifecycle {
ignore_changes = [“public_key”]
}

don’t recreate key pair if public key/path to public key changes

resource "aws_key_pair" "mykeypair" { 
key_name = "mykeypair"
public_key = "${file("${var.PATH_TO_PUBLIC_KEY}")}"
lifecycle { 
ignore_changes = ["public_key"]
} 
}

sg.tf

Define security group which will allow ssh traffic from everywhere

resource "aws_security_group" "allow-ssh" {
vpc_id = "${aws_vpc.main.id}"
name = "allow-ssh"
description = "security group that allows ssh and all egress traffic"
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
tags {
Name = "allow-ssh"
}
}

vars.tf

Define variables for Access keys,Private and public keys as well as AWS regions and AMIs

variable "AWS_ACCESS_KEY" {}
variable "AWS_SECRET_KEY" {}
variable "AWS_REGION" {
default = "eu-west-1"
}
variable "PATH_TO_PRIVATE_KEY" {
default = "mykey"
}
variable "PATH_TO_PUBLIC_KEY" {
default = "mykey.pub"
}
variable "AMIS" {
type = "map"
default = {
us-east-1 = "ami-13be557e"
us-west-2 = "ami-06b94666"
eu-west-1 = "ami-844e0bf7"
}
}

terraform.tfvars

specify AWS access keys

AWS_ACCESS_KEY="key"
AWS_SECRET_KEY="key"

provider.tf

point to variable in vars.tf and terraform.tfvars

provider "aws" {
region = "${var.AWS_REGION}"
access_key="${var.AWS_ACCESS_KEY}"
secret_key="${var.AWS_SECRET_KEY}"
}

vpc.tf

Creates Virtual Private Cloud (subnets, internet gateway and modifies default route

# Internet VPC
resource "aws_vpc" "main" {
    cidr_block = "10.0.0.0/16"
    instance_tenancy = "default"
    enable_dns_support = "true"
    enable_dns_hostnames = "true"
    enable_classiclink = "false"
    tags {
        Name = "main"
    }
}


# Subnets
resource "aws_subnet" "main-public-1" {
    vpc_id = "${aws_vpc.main.id}"
    cidr_block = "10.0.1.0/24"
    map_public_ip_on_launch = "true"
    availability_zone = "eu-west-1a"

    tags {
        Name = "main-public-1"
    }
}
resource "aws_subnet" "main-public-2" {
    vpc_id = "${aws_vpc.main.id}"
    cidr_block = "10.0.2.0/24"
    map_public_ip_on_launch = "true"
    availability_zone = "eu-west-1b"

    tags {
        Name = "main-public-2"
    }
}
resource "aws_subnet" "main-public-3" {
    vpc_id = "${aws_vpc.main.id}"
    cidr_block = "10.0.3.0/24"
    map_public_ip_on_launch = "true"
    availability_zone = "eu-west-1c"

    tags {
        Name = "main-public-3"
    }
}
resource "aws_subnet" "main-private-1" {
    vpc_id = "${aws_vpc.main.id}"
    cidr_block = "10.0.4.0/24"
    map_public_ip_on_launch = "false"
    availability_zone = "eu-west-1a"

    tags {
        Name = "main-private-1"
    }
}
resource "aws_subnet" "main-private-2" {
    vpc_id = "${aws_vpc.main.id}"
    cidr_block = "10.0.5.0/24"
    map_public_ip_on_launch = "false"
    availability_zone = "eu-west-1b"

    tags {
        Name = "main-private-2"
    }
}
resource "aws_subnet" "main-private-3" {
    vpc_id = "${aws_vpc.main.id}"
    cidr_block = "10.0.6.0/24"
    map_public_ip_on_launch = "false"
    availability_zone = "eu-west-1c"

    tags {
        Name = "main-private-3"
    }
}

# Internet GW
resource "aws_internet_gateway" "main-gw" {
    vpc_id = "${aws_vpc.main.id}"

    tags {
        Name = "main"
    }
}

# route tables
resource "aws_route_table" "main-public" {
    vpc_id = "${aws_vpc.main.id}"
    route {
        cidr_block = "0.0.0.0/0"
        gateway_id = "${aws_internet_gateway.main-gw.id}"
    }

    tags {
        Name = "main-public-1"
    }
}

# route associations public
resource "aws_route_table_association" "main-public-1-a" {
    subnet_id = "${aws_subnet.main-public-1.id}"
    route_table_id = "${aws_route_table.main-public.id}"
}
resource "aws_route_table_association" "main-public-2-a" {
    subnet_id = "${aws_subnet.main-public-2.id}"
    route_table_id = "${aws_route_table.main-public.id}"
}
resource "aws_route_table_association" "main-public-3-a" {
    subnet_id = "${aws_subnet.main-public-3.id}"
    route_table_id = "${aws_route_table.main-public.id}"
}

 

autoscaling.tf

contains definition for launch configuration and auto scaling group

launch configuration is a template that an Auto Scaling group uses to launch EC2 instances.

An Auto Scaling group contains a collection of EC2 instances that share similar characteristics and are treated as a logical grouping for the purposes of instance scaling and management.

File defines launch configuration first (instance AMI and type) and keypair,

then defines autoscaling group (deployed in 2 subnets), it will start with one instance, if after 300 seconds instance is unhelathy it will spin-up another one (health_check_type = “EC2”)

resource "aws_launch_configuration" "example-launchconfig" {
name_prefix = "example-launchconfig"
image_id = "${lookup(var.AMIS, var.AWS_REGION)}"
instance_type = "t2.micro"
key_name = "${aws_key_pair.mykeypair.key_name}"
security_groups = ["${aws_security_group.allow-ssh.id}"]
}
resource "aws_autoscaling_group" "example-autoscaling" {
name = "example-autoscaling"
vpc_zone_identifier = ["${aws_subnet.main-public-1.id}", "${aws_subnet.main-public-2.id}"]
launch_configuration = "${aws_launch_configuration.example-launchconfig.name}"
min_size = 1
max_size = 2
health_check_grace_period = 300
health_check_type = "EC2"
force_delete = true
tag {
key = "Name"
value = "ec2 instance"
propagate_at_launch = true
}
}

autoscalingpolicy.tf

This file contains autoscaling policy

Here we define how we want to scale in response to changing demand

We specified increasing instance by 1 (scaling_adjustment = “1”), period without scaling (5 minutes-cooldown), policy type,Simple scaling—Increase or decrease the current capacity of the group based on a single scaling adjustment.Then we created cloudwatch alarm wich triggers autoscaling policy which will compare CPU utilization.If average of CPU utilization is higher than 30 % then new instance will be created

# scale up alarm
resource "aws_autoscaling_policy" "example-cpu-policy" {
name = "example-cpu-policy"
autoscaling_group_name = "${aws_autoscaling_group.example-autoscaling.name}"
adjustment_type = "ChangeInCapacity"
scaling_adjustment = "1"
cooldown = "300"
policy_type = "SimpleScaling"
}
resource "aws_cloudwatch_metric_alarm" "example-cpu-alarm" {
alarm_name = "example-cpu-alarm"
alarm_description = "example-cpu-alarm"
comparison_operator = "GreaterThanOrEqualToThreshold"
evaluation_periods = "2"
metric_name = "CPUUtilization"
namespace = "AWS/EC2"
period = "120"
statistic = "Average"
threshold = "30"
dimensions = {
"AutoScalingGroupName" = "${aws_autoscaling_group.example-autoscaling.name}"
}
actions_enabled = true
alarm_actions = ["${aws_autoscaling_policy.example-cpu-policy.arn}"]
}
# scale down alarm
resource "aws_autoscaling_policy" "example-cpu-policy-scaledown" {
name = "example-cpu-policy-scaledown"
autoscaling_group_name = "${aws_autoscaling_group.example-autoscaling.name}"
adjustment_type = "ChangeInCapacity"
scaling_adjustment = "-1"
cooldown = "300"
policy_type = "SimpleScaling"
}
resource "aws_cloudwatch_metric_alarm" "example-cpu-alarm-scaledown" {
alarm_name = "example-cpu-alarm-scaledown"
alarm_description = "example-cpu-alarm-scaledown"
comparison_operator = "LessThanOrEqualToThreshold"
evaluation_periods = "2"
metric_name = "CPUUtilization"
namespace = "AWS/EC2"
period = "120"
statistic = "Average"
threshold = "5"
dimensions = {
"AutoScalingGroupName" = "${aws_autoscaling_group.example-autoscaling.name}"
}
actions_enabled = true
alarm_actions = ["${aws_autoscaling_policy.example-cpu-policy-scaledown.arn}"]
}

As usual, test it first:

terraform init && terraform plan
Advertisements

In one of the previous posts we  deployed blank Amazon VM without any software,in this one we’ll launch EC2 instance with some software installed.We’ll update ubuntu VM and install ans start nginx.To accomplish it, we’ll copy script to Amazon VM

script.sh

#!/bin/bash
# sleep until instance is ready
until [[ -f /var/lib/cloud/instance/boot-finished ]]; do
  sleep 1
done
# install nginx
apt-get update
apt-get -y install nginx
# make sure nginx is started
service nginx start

Declaring varibles:

vars.tf:

variable "AWS_ACCESS_KEY" {}
variable "AWS_SECRET_KEY" {}
variable "AWS_REGION" {
default = "eu-west-1"
}

variable "PATH_TO_PRIVATE_KEY" {
default = "mykey"
}
variable "PATH_TO_PUBLIC_KEY" {
default = "mykey.pub"
}
variable "AMIS" {
type = "map"
default = {
us-east-1 = "ami-13be557e"
us-west-2 = "ami-06b94666"
eu-west-1 = "ami-844e0bf7"
}
}

variable "INSTANCE_USERNAME" {
default = "ubuntu"
}

provider.tf (how to connect to AWS)

provider "aws" {
region = "${var.AWS_REGION}"
access_key="${var.AWS_ACCESS_KEY}"
secret_key="${var.AWS_SECRET_KEY}"
}

terraform.tfvars

File where AWS access keys are stored

AWS_ACCESS_KEY="keys"
AWS_SECRET_KEY="keys"

  

instance.tf

In this file we’ll define instance, security group and key pair,copy script to it, make connection (using key pair),make it executable and run

resource "aws_instance" "example" {
ami = "${lookup(var.AMIS, var.AWS_REGION)}"
instance_type = "t2.micro"
# the VPC subnet
subnet_id = "${aws_subnet.main-public-1.id}"
# the security group
vpc_security_group_ids = ["${aws_security_group.allow-ssh.id}"]
# the public SSH key
key_name = "${aws_key_pair.mykeypair.key_name}"
provisioner "file" {
source="script.sh"
destination="/tmp/script.sh"
}
provisioner "remote-exec" {
inline=[
"chmod +x /tmp/script.sh",
"sudo /tmp/script.sh"
]
}
connection {
user="${var.INSTANCE_USERNAME}"
private_key="${file("${var.PATH_TO_PRIVATE_KEY}")}"
}

securitygroup.tf

Creating security group (allow ingress traffic on port 22 and 80

resource "aws_security_group" "allow-ssh" {
vpc_id = "${aws_vpc.main.id}"
name = "allow-ssh"
description = "security group that allows ssh and all egress traffic"
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
} 
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}

ingress {

from_port=80
to_port =80
protocol="tcp"
cidr_blocks=["0.0.0.0/0"]
}
tags {
Name = "allow-ssh_HTTP"
}
}

vpc.tf

Creating Virtual Private Cloud (subnets,internet gateway and route table)

# Internet VPC
resource "aws_vpc" "main" {
    cidr_block = "10.0.0.0/16"
    instance_tenancy = "default"
    enable_dns_support = "true"
    enable_dns_hostnames = "true"
    enable_classiclink = "false"
    tags {
        Name = "main"
    }
}


# Subnets
resource "aws_subnet" "main-public-1" {
    vpc_id = "${aws_vpc.main.id}"
    cidr_block = "10.0.1.0/24"
    map_public_ip_on_launch = "true"
    availability_zone = "eu-west-1a"

    tags {
        Name = "main-public-1"
    }
}
resource "aws_subnet" "main-public-2" {
    vpc_id = "${aws_vpc.main.id}"
    cidr_block = "10.0.2.0/24"
    map_public_ip_on_launch = "true"
    availability_zone = "eu-west-1b"

    tags {
        Name = "main-public-2"
    }
}
resource "aws_subnet" "main-public-3" {
    vpc_id = "${aws_vpc.main.id}"
    cidr_block = "10.0.3.0/24"
    map_public_ip_on_launch = "true"
    availability_zone = "eu-west-1c"

    tags {
        Name = "main-public-3"
    }
}
resource "aws_subnet" "main-private-1" {
    vpc_id = "${aws_vpc.main.id}"
    cidr_block = "10.0.4.0/24"
    map_public_ip_on_launch = "false"
    availability_zone = "eu-west-1a"

    tags {
        Name = "main-private-1"
    }
}
resource "aws_subnet" "main-private-2" {
    vpc_id = "${aws_vpc.main.id}"
    cidr_block = "10.0.5.0/24"
    map_public_ip_on_launch = "false"
    availability_zone = "eu-west-1b"

    tags {
        Name = "main-private-2"
    }
}
resource "aws_subnet" "main-private-3" {
    vpc_id = "${aws_vpc.main.id}"
    cidr_block = "10.0.6.0/24"
    map_public_ip_on_launch = "false"
    availability_zone = "eu-west-1c"

    tags {
        Name = "main-private-3"
    }
}

# Internet GW
resource "aws_internet_gateway" "main-gw" {
    vpc_id = "${aws_vpc.main.id}"

    tags {
        Name = "main"
    }
}

# route tables
resource "aws_route_table" "main-public" {
    vpc_id = "${aws_vpc.main.id}"
    route {
        cidr_block = "0.0.0.0/0"
        gateway_id = "${aws_internet_gateway.main-gw.id}"
    }

    tags {
        Name = "main-public-1"
    }
}

# route associations public
resource "aws_route_table_association" "main-public-1-a" {
    subnet_id = "${aws_subnet.main-public-1.id}"
    route_table_id = "${aws_route_table.main-public.id}"
}
resource "aws_route_table_association" "main-public-2-a" {
    subnet_id = "${aws_subnet.main-public-2.id}"
    route_table_id = "${aws_route_table.main-public.id}"
}
resource "aws_route_table_association" "main-public-3-a" {
    subnet_id = "${aws_subnet.main-public-3.id}"
    route_table_id = "${aws_route_table.main-public.id}"
}

Create key pair:

ssh-keygen -f mykey

test configuration

terraform init & terrform plan

execute it

echo "yes" | terraform apply

Capture

1

In one of previous posts we deployed Linux Amazon instance using Terraform, now we’ll deploy Windows Server. Unlike previous approach, now we’ll store AWS Access Keys in separate file.

I created terraform.tfvars and stored keys there

AWS_ACCESS_KEY="some key"
AWS_SECRET_KEY="some keys"
INSTANCE_PASSWORD="Passw0rd012345"

There i also put Windows Server password

File vars.tf contains variable and AMIs

variable "AWS_ACCESS_KEY" {}
variable "AWS_SECRET_KEY" {}
variable "AWS_REGION" { 
default = "eu-west-1" 
}
variable "WIN_AMIS" {
type = "map" default = { 
us-east-1 = "ami-30540427"
us-west-2 = "ami-9f5efbff"
eu-west-1 = "ami-cddc5bb4" 
} 
} 
variable "PATH_TO_PRIVATE_KEY" { default = "mykey" } 
variable "PATH_TO_PUBLIC_KEY" { default = "mykey.pub" 
} 
variable "INSTANCE_USERNAME" { default = "admin" } 
variable "INSTANCE_PASSWORD" { }

In order to find out Window server AMI in AWS console go to EC2-Launch instance-Community AMIs, in search box type Windows, scroll until you find desired image and locate AMI-put that value into vars.tf

1.png

in provider.tf i put reference to terraform.tfvars

provider "aws" { 
access_key = "${var.AWS_ACCESS_KEY}"
secret_key = "${var.AWS_SECRET_KEY}"
region = "${var.AWS_REGION}" }

In windows-instance.tf is code for deploying Windows server:

It will create key pair, set AMI, and WinRM, copy local file to new instance and create security group and add EC2 instance to it
#Creating KeyPair:
resource “aws_key_pair” “mykey” {
key_name = “mykey”
public_key = “${file(“${var.PATH_TO_PUBLIC_KEY}”)}”
}
#looking up ami and region from vars.tf file
resource “aws_instance” “win-example” {
ami = “${lookup(var.WIN_AMIS, var.AWS_REGION)}”
instance_type = “t2.micro”
key_name = “${aws_key_pair.mykey.key_name}”
#user data section adds user to local admin group and sets winrm

user_data = <<EOF
net user ${var.INSTANCE_USERNAME} '${var.INSTANCE_PASSWORD}' /add /y
net localgroup administrators ${var.INSTANCE_USERNAME} /add

winrm quickconfig -q
winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="300"}'
winrm set winrm/config '@{MaxTimeoutms="1800000"}'
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
winrm set winrm/config/service/auth '@{Basic="true"}'

netsh advfirewall firewall add rule name="WinRM 5985" protocol=TCP dir=in localport=5985 action=allow
netsh advfirewall firewall add rule name="WinRM 5986" protocol=TCP dir=in localport=5986 action=allow

net stop winrm
sc.exe config winrm start=auto
net start winrm
EOF

#copying local file to Windows Server EC2

provisioner "file" {
source = "test.txt"
destination = "C:/test.txt"
}
connection {
type = "winrm"
timeout = "10m"
user = "${var.INSTANCE_USERNAME}"
password = "${var.INSTANCE_PASSWORD}"
}

#Creating rule in security group
vpc_security_group_ids=["${aws_security_group.allow-all.id}"]

}

getting public IP as output

output "ip" {

value="${aws_instance.win-example.public_ip}"

}

File sg.tf contain security group definition, i just allowed traffic to all ports from anywhere (not a good security practice)

resource "aws_security_group" "allow-all" {
name="allow-all"
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 0
to_port = 6556
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
tags {
Name = "allow-RDP"
}
}

 

Create key pair:

ssh-keygen -f mykey

  

Now test for errors and apply configuration :

 terraform init && terraform plan && terraform apply

 

 

2.png

 

 

Capture.PNG

In last post we deployed EC2 instance to AWS, but we’re unable to make connection (EC2 currently receives only private IP)

Providing Public IP

Firs we need to provide public IP address to instance

edit template.tf:

resource “aws_subnet” “public” {
vpc_id=”${aws_vpc.my_vpc.id}”
cidr_block=”10.0.1.0/24″
map_public_ip_on_launch=true
tags {

Name=”public-subnet”
}
}

Add at the end of file:

output “mashina1_public_ip” {
value = “${module.mashina1.public_ip}”
}

add following line at the end of ./modules/application/application.tf

output “public_ip” {
value = “${aws_instance.app-server.public_ip}”
}

Now whenever we type terraform apply, we’ll get EC2 instance public IP

Capture

Creating Internet Gateway and modifying default route

In order to connect to EC2 instance from internet we need Internet Gateway and to create route to the outside by newly created internet gateway

Modify again template.tf,add following code

create internet gateway:

resource "aws_internet_gateway" "gw" {
vpc_id = "${aws_vpc.my_vpc.id}"
}

Modify default route:

resource "aws_default_route_table" "default_routing" {
default_route_table_id = "${aws_vpc.my_vpc.default_route_table_id}"
route {
cidr_block = "0.0.0.0/0"
gateway_id = "${aws_internet_gateway.gw.id}"
}
}

Adding Key pair

To authenticate against EC2 instance we need public/private key pair

In AWS portal:Services-EC2-Key Pairs-Create Key Pair

Capture.PNG

Specify name and save private key (pem file), we’ll need it when connecting

In my case i keypair name is mykey

Capture.PNG

In application.tf we specified “template for every new EC2 instance-to avoid creating duplicate code every time when creating new instance. In template.tf we just need to create “pointer” to module in ./modules/application/application.tf

In application.tf add following line

key_name="mykey"
instance_type="t2.micro"
subnet_id="${var.subnet_id}"
vpc_security_group_ids=["${aws_security_group.allow_http.id}"]
tags {
Name="${var.name}"
}
}

Test if all is fine

terraform init && terraform get && terraform plan

If yes, commit code

terraform init && terraform get && terraform plan

For info how to connect by PuTTY from Windows, see my older post

In   one of the previous posts we deployed VPC and EC2 instance, now we’ll deploy 2 machines to VPC specified in template file.

In order to avoid code duplication (using new code block for every VM) we’ll use modules.Modules are used to group codes and facilitate code organization

I created new folders inside main terraform folder (./modules/application)

Inside that folder i created module file (application.tf)

Bellow is code from application.tf

 

Define variables:

Variables defined bellow are specified in main (root) module-template.tf (created in this post), so we just need to “link” main module (template.tf) with this one (application.tf)

variable "vpc_id" {}
variable "subnet_id" {}
variable "name" {}

Variables will be specified by var(variable name)

Create security groups:

code bellow will create Security group (name of SG will consist of VM name and SG name (VM name allow_http), it will use variables to construct SG names

resource "aws_security_group" "allow_http" {
name="${var.name} allow_http"
description="Allow HTTP traffic"
vpc_id="${var.vpc_id}"

ingress {
from_port=80
to_port=80
protocol="tcp"
cidr_blocks=["0.0.0.0/0"]
}

egress {

from_port=0
to_port=0
protocol="-1"
cidr_blocks=["0.0.0.0/0"]

}
}

Code bellow will be used to create EC2 instance (every new instance will use code bellow-no need to duplicate code)

Machines will be created ad t2.micro,will be added to VPC subnet (defined in template.tf) ,appended to Security group “allow_http” and tagged by value specified in name variable (Mashine1/Mashine2)

resource "aws_instance" "app-server" {
ami="ami-1a962263"
instance_type="t2.micro"
subnet_id="${var.subnet_id}"
vpc_security_group_ids=["${aws_security_group.allow_http.id}"]
tags {
Name="${var.name}"
}
}

 

Bellow is code from template.tf (located in “root” terraform directory)

Connecting to AWS:

provider "aws" {
access_key = "mykey"
secret_key = "mysecretkey"
region = "eu-west-1"
}

 

#----------------------------------------------------------

#VPC

resource "aws_vpc" "my_vpc" {
cidr_block="10.0.0.0/16"

tags {

Name="my-vpc"
}
}

resource "aws_subnet" "public" {
vpc_id="${aws_vpc.my_vpc.id}"
cidr_block="10.0.1.0/24"

tags {

Name="public-subnet"
}
}

Code bellow is used to pass VM definitions to ./modules/applicaton/application.tf module

There are 3 references:

vpc_id

subnet_id

name

That’s why in application.tf we defined varaibles for these 3 references (so we can pass it to application.tf module).Names of the machines are Machina1 and Machine2

module "mashina1" {
source="./modules/application"
vpc_id="${aws_vpc.my_vpc.id}"
subnet_id="${aws_subnet.public.id}"
name="Mashina1"
}

module "mashina2" {
source ="./modules/application"
vpc_id="${aws_vpc.my_vpc.id}"
subnet_id="${aws_subnet.public.id}"
name="Mashina2"
}

Run bellow command (to initialize modules and check for errors)

terraform init && terraform get && terraform plan

To deploy terraform configuration type

echo "yes" | terraform apply

 

Machines and Security groups are created

1.PNG

 

1.PNG

In previous post   we deployed EC2 instance, now we’ll add directives to template.cf file to deploy VPC/subnet

Creating VPC

Add following lines to template.tf

#VPC

resource "aws_vpc" "my_vpc" {
cidr_block="10.0.0.0/16"

tags {

Name="my-vpc"
}
}

This will create VPC named “my_vpc with 10.0.0.0/16 IP address block

Creating subnet

Add following lines below VPC code:

resource "aws_subnet" "my-subnet" {
vpc_id="${aws_vpc.my_vpc.id}"
cidr_block="10.0.1.0/24"

tags {

Name="public-subnet"
}
}

Code above will add subnet to VPC “my_vpc” named “my-subnet”

vpc_id=”${aws_vpc.my_vpc.id}” is reference to “my_vpc” VPC

In previous post  we installed Terraform, now we’ll use it to deploy VM to Amazon

I used Hyper-V CentOS VM on my lap-top.

Preparing Access Keys

In order to connect to Amazon we need Access key and secret access key.

From Amazon console go to Identity and Access Management (IAM)-Users,

Untitled.png

select user who has Administrator Access-Security Credentials tab

Generate access key

1-1.png

export key to csv file

now open template.tf file (created in previous post ) and add following lines

provider "aws" {
access_key = "some key"
secret_key = "secret keys"
region = "eu-west-1"
}

# Resource configuration
resource "aws_instance" "hello-instance" {
ami = "ami-1a962263"
instance_type = "t2.micro"
tags {
Name = "hello-instance"
}
}

For region list refer to https://docs.aws.amazon.com/general/latest/gr/rande.html

I copied ami from portal

2.PNG

Now type terraform init && terraform apply and new instance will be created