bendbennett/aws-terraform

AWS - Terraform

This repo contains Terraform code for the provisioning of AWS resources.

A Symfony API is used to illustrate how a web application which can be run within a Docker-based local development environment can be set-up to run on AWS.

Requirements

• Install Terraform
• Set-up Terraform for authenticating with the AWS Provider.

  • I'm using environment variables so have just added something like the following to my ~/.bash_profile

    export AWS_ACCESS_KEY_ID=******************
    export AWS_SECRET_ACCESS_KEY=**************  
    

Clone this repo

    git clone git@github.com:bendbennett/aws-terraform.git

Register domain name

• Register a domain name using AWS Route 53.
• Create a public hosted zone for the domain.
• Add the public hosted zone id (e.g., Z1G0NDBZXXXXXX) and name (e.g., domain.net) to hosted_zone_public_id and hosted_zone_public_name in global/private.tf.
• Add the name you want to use to prefix your private hosted zone (e.g., internal) to hosted_zone_private_prefix in global/private.tf.

HTTPS

• Create a certificate for *.hosted_zone_public_name (i.e., name inserted for hosted_zone_public_name in the previous step).
• Add the SSL certificate ARN (e.g., arn:aws:acm:eu-west-1:123456789:certificate/xxxx) to ssl_certificate_id in global/private.tf.

Key name

• Add the name of the key (e.g., my-key-name) that you want to user to connect to the EC2 instances to key_name in global/private.tf.

S3

• Create an S3 bucket and add the name of the bucket (e.g., my-templates) to s3_template_bucket in global/private.tf.
• Edit global/files/upsert-resource-record-set.sh and replace internal.synaptology.net with hosted_zone_private_prefix.hosted_zone_public_name to this bucket.
• Upload upsert-resource-record-set.sh to the bucket you just created.

Provision IAM roles, VPC and API

cd aws-terraform/global
terraform get
terraform init
terraform plan
terraform apply

cd aws-terraform/prod/vpc
terraform get
terraform init
terraform plan
terraform apply   

cd aws-terraform/prod/services/api
terraform get
terraform init
terraform plan
terraform apply

Remove API, VPC and IAM roles

cd aws-terraform/prod/services/api
terraform destroy

cd aws-terraform/prod/vpc    
terraform destroy

cd aws-terraform/global
terraform destroy     

Inspiration

The directory layout, modularization and a bunch of other stuff was inspired by Charity Majors, Yvegeniy Brikman / Gruntwork and a couple of postings on Stack Overflow.

To Do

• Switch to using a versioned S3 bucket for storing remote state.
• Switch to using git tags for module source.