In this tutorial we will continue to add features to our existing EC2 instance that was deployed in Terraform — Getting started Part 1. We will be assigning the EC2 instance a name and running Apache on it so that it can respond to HTTP requests.
Topics
- Use tags to set the EC2 Instance name
- Terraform User Data configuration
- Shell script
- Cloud-init directive
- Terraform heredoc syntax
- AWS Security Group
Naming Your Instance
We will be adding onto our To assign an instance a name, you can add a tag with the key, Name, to the aws_instance resource.
Note: The logical name, testInstance, is referred to by Terraform. Creating a tag with the Name attribute will name the instance in AWS.
# main.tfresource "aws_instance" "testInstance" {
ami = "ami-0577b787189839998"
instance_type = "t2.micro" tags = {
Name = "tf-webserver-example"
}
}
Configure an Apache Webserver
You will need to run a script to configure the web server. To run the script, pass it into the argument called user_data.
Shell Script
Passing a shell script to user_data
The approach is not common, but is useful if you have a short script and would like to get your instance running quickly. We will be using Terraform’s heredoc syntax to insert our multiline script so we don’t need to use newline characters.
# main.tf
resource "aws_instance" "testInstance" {
ami = "ami-0577b787189839998"
instance_type = "t2.micro"
vpc_security_group_ids = [aws_security_group.testInstanceSG.id]
tags = {
Name = "tf-webserver-example"
} user_data = <<-EOF # <<-EOF ignores all leading spaces
#!/bin/bash
yum update -y # Update each package already installed
yum install -y httpd # Install pache
service httpd start # Start apache
chkconfig httpd on # Start apache whenever the VM starts up
echo "My web server configured with Terraform!" > /var/www/html/index.html # Create a file called index.html in the webserver's root directory
EOF # EOF indicates the end of file
}
Configure Security Groups
Apache is running and ready to handle requests, however, all incoming traffic are blocked by default. We will need to create a security group that will allow HTTP/HTTPS traffic from all IP addresses.
Create a Security Group
Note: Security groups are stateful, this means any traffic that is allow in, will automatically be allowed out through the same port.
Let’s create a Security group resource to allow the following:
- SSH
- HTTP
- HTTPS
# main.tfresource "aws_security_group" "testInstanceSG" {
# Port 22 is the default port for SSH
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
} # Port 80 is the default port for HTTP
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
} # Port 443 is the default port for HTTPS
ingress {
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
}
Associate the security group to your EC2 Instance
After creating your security group, assign it to your EC2 instance by passing the security group ID as an array to the property, vpc_security_group_ids.
# main.tfresource "aws_instance" "testInstance" {
ami = "ami-0577b787189839998"
instance_type = "t2.micro"
vpc_security_group_ids = [aws_security_group.testInstanceSG.id]tags = {
Name = "tf-webserver-example"
}
}
In your terminal, run terraform plan to see the expected changes. Run terraform apply to execute the changes.
After your EC2 instance is deployed, open your favorite web browser and type the public IP address of the EC2 instance you just created.
🎉If all goes well, you should see a short message in your browser. Congratulations you’ve deployed an Apache web server with Terraform!
