Infrastructure as Code with Terraform on AWS: Securing EC2 Instances with Security Groups
In the fast-paced world of cloud computing, Infrastructure as Code (IaC) has emerged as a powerful paradigm for automating and managing cloud resources. Among the various IaC tools available, Terraform stands out for its simplicity and ease of use. In this article, we will explore how to use Terraform to provision an EC2 instance on AWS and apply a security group to enhance its security.
What is Infrastructure as Code (IaC)?
Infrastructure as Code is an approach that enables developers and operations teams to manage, provision, and deploy infrastructure through machine-readable definition files. By using IaC, we can treat our infrastructure as software, applying software development practices like version control, automated testing, and collaborative workflows to infrastructure provisioning.
Why Terraform?
Terraform, developed by HashiCorp, is a widely adopted IaC tool known for its declarative syntax and extensive provider support. It allows us to define our infrastructure using simple configuration files and then creates, modifies, or destroys resources on the cloud provider based on those definitions.
Setting up Terraform with AWS
Before we dive into creating an EC2 instance with a security group, we need to set up Terraform to work with AWS. Here are the steps to follow:
01. Install Terraform: Download and install Terraform on your local machine by following the instructions for your operating system, available on the official Terraform website.
02. Configure AWS Credentials: Ensure you have valid AWS credentials (Access Key ID and Secret Access Key) configured on your machine. You can either set them as environment variables or use an AWS credentials file.
Creating an EC2 Instance with a Security Group
Now that we have Terraform set up with AWS credentials, let’s proceed with creating an EC2 instance and applying a security group to it.
Step 1: Initialize Terraform Configuration
Create a new directory for your Terraform project and create a file named “main.tf” within it. This file will contain the Terraform configuration.
Open “main.tf” with a text editor and add the following code
provider "aws" {
region = "us-east-1"
}
resource "aws_instance" "app_server" {
ami = "ami-024fc608af8f886bc"
instance_type = "t2.micro"
tags = {
Name = "NayanaTerraformEC2"
}
}Step 2: Initialize and Apply Configuration
Open your terminal, navigate to the project directory, and run the following commands:
terraform init
terraform applyTerraform will initialize and then prompt you to confirm the creation of resources. Type “yes” and hit Enter to proceed.
Step 3: Creating a Security Group
To apply a security group to our EC2 instance, we need to modify our Terraform configuration. Update “main.tf” as follows:
provider "aws" {
region = "us-east-1"
}
resource "aws_instance" "app_server" {
ami = "ami-024fc608af8f886bc"
instance_type = "t2.micro"
tags = {
Name = "NayanaTerraformEC2"
}
security_groups = ["web_server_sg"]
}
resource "aws_security_group" "web_server_sg" {
name_prefix = "web_server_sg"
description = "Security group for the web server"
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["YOUR_PUBLIC_IP/32"] # Replace this with your public IP address
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}The updated configuration creates a security group named “web_server_sg” with ingress rules to allow HTTP traffic from any source and SSH traffic only from your specified public IP.
Step 4: Apply the Updated Configuration
Run the following commands to apply the changes:
terraform applyTerraform will show you the planned changes, and you will need to confirm by typing “yes.”
Happy coding with Terraform and AWS!
