AWS Cloud Automation Using Terraform
AWS and Terraform Series
In The Future of IT Infrastructure series, we looked at Infrastructure as Code, its necessity in cloud computing and areas where IaC needs innovation.
In case you missed it, Read: What is Infrastructure as Code? and Cloud Computing: The Main Enabler of Infrastructure as Code
In the AWS and Terraform series, we will explore the popular IaC tool Terraform and how it can be used to provision and automate cloud infrastructure, specifically the Amazon Web Services.
Tour de AWS
In 2003, Benjamin Black and Chris Pinkham of Amazon presented a paper describing a vision for Amazon’s vast computing infrastructure that was completely standardised and completely automated. Near the end, they mentioned the possibility of selling virtual servers as a service, proposing the company could generate revenue from the new infrastructure investment.
For more information, Read Benjamin Black’s blog.
Amazon always had many data centres. The servers in these data centres were not being used to their full capacity, so it was a good idea to offer virtual servers to other companies, start-ups and individuals as a service. This led to the creation of Amazon Web Services or AWS.
Initially, AWS offered services for computing, storage and networking. Unlike traditional server contracts, AWS has no contract, you can end a server (or any other resource) as you like.
Subscribers (the people or companies who use AWS) only pay for what they use. Once you stop using the services, you don’t have to pay additional costs or termination fees and AWS provides security for all your systems.
Start-ups like Airbnb, Netflix migrated their infrastructure to AWS. Once they began using AWS resources, concerns like maintaining data centres, scalability, traffic distribution were no longer a barrier to their growth.
Netflix which used to be a startup has now become a global entertainment superpower. It was able to become a global company because AWS has servers all over the world; it operates from many geographical locations and offers services that make it easy to serve a customer from anywhere on the planet.
As of 2021, AWS offers services for computing, storage, networking, database, analytics, application services, deployment, management, machine learning, mobile, developer tools, and tools for the Internet of Things. The most popular include Amazon Elastic Compute Cloud (EC2), Amazon Simple Storage Service (Amazon S3), Amazon Connect, and AWS Lambda (a server-less function). For more info, see Wikipedia.
A Brief Introduction to Terraform
Terraform is an Open-Source IaC tool developed by HashiCorp. Terraform is declarative which means you don’t have to give it the entire process of building the infrastructure instead, you only tell it the desired end state and it will build it for you.
In other words, Terraform works like a Genie. You tell Genie your wish (Place Taj Mahal in the middle of the desert) and it’ll be granted. You don’t have to know how the Genie pulled up the Taj Mahal out of thin air and placed it in the desert.
AWS automation using Terraform [Project 1]
The following is not a tutorial of the project but a detailed explanation of the functioning of AWS resources and Terraform AWS provider.
I’m assuming you have an AWS account and have used Terraform before.
Project 1
The end goal of this project is to deploy an EC2 instance in a VPC using Terraform.
AWS Resources
EC2
An EC2 instance is a virtual server offered by AWS. These instances have either a Linux or Windows OS.
There are all kinds of virtual servers available on AWS with various storage, memory, computing specifications.
VPC
A VPC is a Virtual Private Cloud. You can think of a VPC as a data centre that you own. Inside the VPC, you can have your servers, databases, etc and you decide who can access your resources. As it is private by default, no one can access it, unless you give them the permissions.
Subnet
If the VPC is your data centre, then the Subnet is a floor in the data centre building. On one floor you store servers, on another floor, you store storage devices and every floor has watchmen guarding it.
A Subnet is an IP address or addresses. The Subnet houses the EC2 instances and has a Network ACL that protects the instances inside them. Public subnets have a route to the internet and Private subnets do not.
Elastic IP
Elastic IP is a public IP address which is the address of your VPC that will be visible to your users while a private IP address is visible only to you.
Networking Resources
Network interface
A network interface like its physical counterpart, the network interface card is responsible for providing an internet connection to a resource.
Internet Gateway
The VPC doesn’t have an entry point of its own. You have to place an internet gateway or a door to let your customers access your servers. But the question arises how to allow x,y,z users to use the Subnet while disallowing q,w,e users?
The Answer: The Route Table
The Route table is attached to the internet gateway. It directs traffic from the internet gateway towards the subnets. Public subnets have a Route table attached to the internet gateway whereas private subnets don’t.
Security Resources
Network ACL
Network Access Control List is a layer of security that allows entry or denies entry to the subnet. The Network ACL is connected to a Route table on one side and a subnet on the other side. Based on the inbound and outbound rules, it allows certain users into the subnet and denies others.
Security Groups
All instances of AWS have security groups that are responsible for letting a packet or a message into an instance. The security groups are stateful and remember who entered and exited an instance.
Terraform AWS Provider
You can use the Terraform AWS Provider to build infrastructure on AWS. You can provide Terraform with an AWS access key directly through the provider to connect Terraform with your AWS account.
Having worked with Terraform, I can say that it is one of the easiest technologies to use. It has a well written and easy to understand documentation.
The Process
Use the documentation to create various parts of the infrastructure:
- Create a VPC
- Attach an Internet gateway to the VPC
- Create a subnet
- Create a Route table
- Attach Route table to the subnet
- Create a Network interface
- Assign an Elastic IP to the VPC
- Create an EC2 instance, attach the network interface to it and place it in the subnet.
- Use terraform apply to create the infrastructure
Github Link: https://github.com/ShreyaSinhaCoder/AWSandTerraform
© Shreya Sinha 2021.
Written by Shreya Sinha, Thank you for reading.
Follow the Author on Instagram: Click here
This post includes affiliate links.