Host a Static Website on AWS S3 Using Terraform
In this project, we aim to simplify the infrastructure setup required for hosting a static website using Terraform, Amazon Web Services (AWS), and Tooplate Website. The key objective is to demonstrate automated provisioning and deployment processes, ensuring a seamless experience for hosting static websites.
Prerequisites:
- AWS Account
- AWS Configuration
- Terraform Installation
- IDE Installation: IntelliJ IDEA or Visual Studio Code
- Bash Scripting Knowledge
- Go to AWS Signup.
- Navigate to IAM:
- Create Security Credentials
- Generate Access Keys
- Save Access Keys Locally
-
Open Terminal:
- Run
aws configure
- Enter Access Key ID
- Enter Secret Access Key
- Select region (e.g., eu-west-1)
- Output format (e.g., json)
- Run
-
Install Terraform on your local environment Visit Terraform Installation.
To create a Terraform configuration file, use .tf
extension (e.g., main.tf
) to define the infrastructure as code.
Refer to the AWS Provider Documentation:
- Define the AWS provider:
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "5.37.0"
}
}
}
provider "aws" {
region = "eu-west-2"
}
- Navigate to the directory containing your configuration files in your IDE's terminal. Run the following command to initialize Terraform and prepare it for use with AWS.
Folder Structure
└── Foldername
├── main.tf
├── resource
├── variable
├── output
└── data
- Create an AWS instance following the above structure.
- add script to provision tooplate-apache2-installer.sh
- create ssh-key for Key Pairs to access aws. (change the public_key with your ssh-key name)
- Open your terminal or command prompt.
- Use the ssh-keygen command to generate a new SSH key pair. You can specify the name of the key pair and the directory where you want to save it
- ssh-keygen -t rsa -b 2048 -f ~/.ssh/aws_key
- Now, you can use the public key (aws_key.pub) in your AWS configurations. Replace "your_public_key" in the Terraform configuration with the name of your SSH key (e.g., aws_key.pub).
ssh-keygen -t rsa -b 2048 -f ~/.ssh/aws_key
public_key = "aws_key.pub"
Remember to keep the private key (aws_key) secure and never share it with anyone. This private key will be used for authentication when accessing AWS instances.
Once you have your SSH key pair generated and configured in your AWS account, you can use it to securely connect to your AWS instances via SSH.
- Ensure secure access to your website by creating a security group opening ports 22 (SSH), 80 (HTTP), and 443 (HTTPS).
- Configure Inbound Rules for Security Group:
- HTTP - port 80
- HTTPS - port 443
- SSH - port 22 (Use your IP Address for access)
VPC (Virtual Private Cloud) and subnets are essential for AWS infrastructure, even for static websites, for several reasons:
- Isolation and Security: VPC isolates resources within the AWS cloud, enhancing security.
- Network Segmentation: Subnets allow logical organization of resources with different security policies.
- Availability and Redundancy: Deploy resources across multiple Availability Zones (AZs) for high availability.
- Scalability: VPC scales with infrastructure needs.
- Traffic Management: Subnets can be associated with route tables to direct traffic efficiently.
Create VPC and Subnets (Networking)
- Choose the VPC region.
- Create Public & Private Subnets.
- Create Route Tables and Associations.
- Create an Internet Gateway.
Implement an Application Load Balancer (ALB) to distribute incoming network traffic across multiple servers or instances.
Create Application Load Balancer (ALB)
- Add a load balancer target group.
- Configure 2 load balancer listeners (HTTP - 80, HTTPS - 443).
Create Load Balancer Target Group
- Add a load balancer target group.
- Add a load balancer listener (HTTPS - 443).
Creating an SSL Certificate with ACM
Request SSL certificates for your main domain and subdomains in ACM. Configure CNAME records in Route 53 for SSL certificate validation.
Configuring Route 53
Set up Route 53 to link your domain name to the main static website bucket.
- create s3 bucket
- add s3 bucket to EC2 instance region
Security is paramount when working with Terraform, especially when managing infrastructure in cloud environments.
To enhance security and manage sensitive information effectively, follow these steps:
1. Create terraform.tfvars
file
Create a file named terraform.tfvars
in your Terraform project directory.
2. Add the following sensitive variables in terraform.tfvars
:
vpc_cidr = "your_vpc_cidr"
vpc_name = "your_vpc_name"
cidr_public_subnet = "your_public_subnet_cidr"
cidr_private_subnet = "your_private_subnet_cidr"
availability_zone = "your_availability_zone"
public_key = "your_public_key"
ec2_ami_id = "your_ec2_ami_id"
domain_name = "your_domain_name"
bucket_name = "your_bucket_name"
Ensure you replace "your_value"
placeholders with your actual sensitive information.
3. Protect terraform.tfvars
- Ensure
terraform.tfvars
is included in your.gitignore
file to prevent accidental exposure of sensitive information. - Store
terraform.tfvars
securely, possibly encrypted, and limit access only to authorized personnel. - Utilize a secrets management tool if available for secure storage and retrieval of sensitive information.
By following these steps, you can effectively manage sensitive data and enhance the security of your Terraform infrastructure provisioning process.