Lab 1 Infrastructure Deployment
AWS Infrastructure Creation using Terraform
Helpful Terraform Links:
Prerequisites/Requirements:
Windows OS
Install Visual Studio Code or VSCodium(https://vscodium.com/#install)
Install AWS CLI
Install Git for Windows
Download Terraform
Extract the executable to a desired location for this lab
Set the executable's PATH on Windows
AWS - Cloud Instances
Create AWS free tier account
SonarCloud - SAST
Create SonarCloud Account
Snyk - SCA
Create Snyk Account
Step 1: Log in to AWS console and Create AWS Admin User
Search IAM
Click Users Tab and Add new user
Set a usernme
Select Attach policies
Assign
AdministratorAccess
Click Next
Look for
User created successfully
Step 2: Create User Access Keys - Docs:
Select the newly created user in the IAM section
In the user's IAM profile area, select security credentials tab
Go to the access keys section and select
Create Access Key
Select CLI, accept recommendations and click next
OPTIONAL: Provide a tag
Select
Create Access Key
IMPORTANT!: Ensure to document these access keys for later use
Step 3: Clone this repo
Open Windows Terminal in desired location for full copy of repo
Run git clone command below
Step 4: Open Folder in VSCode
Step 3: Modify .tfvars file
Here we will be modifying the dev-east-1.tfvars
file so that we can use Terraform to deploy an EC2 instance
Create AWS Key Pair for EC2 via Terraform
Go to Amazon EC2 Dashboard
Click
Launch Instance
Scroll to
Key Pair (login)
and selectcreate key pair
Select RSA and PPK for key file
Select
Create Key Pair
Save file in cloned repo folder (devsecopslab1infra)
Scroll to Network Settings and Document VPC ID
Make a note of the region, vpc_id, CIDR, and key_name
Paste corresponding information into dev-east-1.tfvars
dev-east-1.tfvars Explanation
Here's a breakdown of what each line in my .tfvars
file does:
aws_region = "us-east-1"
: This line specifies that the AWS region you want Terraform to operate in isus-east-1
.vpc_id = "vpc-070993d5821f87610"
: This line sets the value of thevpc_id
variable to"vpc-070993d5821f87610"
. This ID is used when creating or configuring resources that are associated with a specific VPC in AWS.cidr_block = "172.31.0.0/16"
: This line sets thecidr_block
variable to"172.31.0.0/16"
. A CIDR block is a notation for IP address range, it is used here to specify the IP range for your AWS VPC or subnet. However, it seems this variable is not used in the Terraform code you provided earlier.key_name = "devsecopslab-1"
: This line sets thekey_name
variable to"devsecopslab-1"
. This is the name of the key pair that you will use to SSH into your EC2 instances.
When you run Terraform commands, the Terraform CLI will use these values for the corresponding variables in your configurations. If a variable is defined in both the .tfvars
file and as an environment variable, the environment variable will take precedence.
Remember to keep your .tfvars
file secure and avoid committing sensitive information like keys and passwords to source control. Consider using other means to securely provide these values, such as environment variables or storing sensitive data in a secure store such as AWS Secrets Manager or HashiCorp Vault.
Step 5: Modify Main.tf
Main.tf Explanation
Here is a breakdown of the Terraform file:
Terraform Settings Block
This block sets the minimum required version of Terraform to 0.12.
AWS Provider Block
The provider block configures the AWS provider for Terraform. The AWS region is obtained from the aws_region
variable.
Variables
These variable blocks declare three variables aws_region
, vpc_id
and key_name
, all of string type. These are parameters used by this Terraform configuration. Their values can be set in a variety of ways, including from the command line, from environment variables, or from a separate variables file.
AWS Security Group
This block defines a security group named jenkins_sg
that allows incoming traffic to specific ports (8081 for Jenkins and 22 for SSH), from any IP address (0.0.0.0/0
). The security group also allows any outgoing traffic.
AWS AMI Data Source
This data block retrieves the most recent Amazon Linux AMI that meets the filters specified.
AWS IAM Role
This block creates an IAM role named test_role
which can be assumed by EC2 instances.
AWS IAM Instance Profile
This block creates an IAM instance profile named test_profile
associated with the IAM role test_role
.
AWS IAM Role Policy
This block attaches an IAM policy named test_policy
to the IAM role test_role
. The policy grants full access ("") to all resources ("").
AWS Instance
This block creates an EC2 instance of type t2.medium
using the Amazon Linux AMI found earlier. The instance is associated with the security group jenkins_sg
, the IAM instance profile test_profile
, and the SSH key specified in the key_name
variable. User data is specified, meaning a script named install_jenkins.sh
will be run on instance startup. The instance is tagged with the name "Jenkins".
Remember to replace the variables with the appropriate values (like aws_region
, vpc_id
, key_name
, etc.) when you run the Terraform scripts. Also, ensure that the IAM role has the appropriate permissions necessary for your use case - the "*"
specified here grants full access to all AWS services, which might not be what you want for security reasons.
Step 6: Analyze Jenkins.sh Install Script
Step 7: Initialize Terraform in Text Editor
Step 8: Plan Resources
Step 9: Apply Resources
Step 10: Visit Jenkins Instance in the Browser
Go to EC2 Dashboard and click Instances
Click the instance that was created for this lab
Open the Public DNS Address on your configured port to visit the jenkins home page
The URL for my Jenkins instance looks like this
http://ec2-xx-xxx-xxx-xxx.us-east-1.compute.amazonaws.com:8081
Commands to get the Jenkins admin password via command line
Connect via the console ad run this command to retrieve password
Or remotely connect to this instance like this:
Some Useful Commands for Training Pipeline1
Cleanup Terraform Resources
Last updated