/terraform-ec2

terraform script to automated aws ec2 deployment for reactjs web application

Primary LanguageHCL

terraform-ec2

summary

This Terraform script provisions infrastructure on AWS, including:

Security groups: Creates a security group named "ssh_access_sg" allowing SSH access on port 22 and configures additional ingress rules for your React app on port 3000 and Node.js backend on port 3001.

EC2 instances: Launches EC2 instances using a separate module and associates them with the created security group.

IAM

Create a policy for terraform:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ec2:DescribeInstances",
        "ec2:DescribeInstanceTypes",
        "ec2:DescribeInstanceCreditSpecifications",
        "ec2:DescribeInstanceAttribute",
        "ec2:DescribeVolumes",
        "ec2:RunInstances",
        "ec2:CreateVpc",
        "ec2:CreateSubnet",
        "ec2:CreateSecurityGroup",
        "ec2:DescribeSecurityGroups",
        "ec2:DeleteSecurityGroup",
        "ec2:AttachNetworkInterface",
        "ec2:DescribeNetworkInterfaces",
        "ec2:RevokeSecurityGroupEgress",
        "ec2:AuthorizeSecurityGroupEgress",
        "ec2:AuthorizeSecurityGroupIngress",
        "ec2:CreateKeyPair",
        "ec2:DeleteKeyPair",
        "ec2:DescribeKeyPairs",
        "ec2:CreateTags",
        "ec2:DescribeTags",
        "ec2:TerminateInstances",
        "iam:PassRole",
        "iam:ListRoles"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": "ec2:ImportKeyPair",
      "Resource": "arn:aws:ec2:region:account_id:key-pair/*"
    },
    {
      "Effect": "Allow",
      "Action": ["s3:GetObject", "s3:PutObject", "s3:ListBucket"],
      "Resource": ["arn:aws:s3:::bucket-name", "arn:aws:s3:::bucket-name/*"]
    },
    {
      "Effect": "Allow",
      "Action": [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents"
      ],
      "Resource": "arn:aws:logs:region:account_id:*"
    }
  ]
}

Then create a IAM role, TerraformAssumeRole that has the policy attached and can be assumed.

command:

terraform plan -var-file=tfvars/${VARS_FILE}.tfvars

terraform apply -var-file=tfvars/${VARS_FILE}.tfvars -auto-approve

terraform destroy -var-file=tfvars/${VARS_FILE}.tfvars -auto-approve

The output will be the ips of the ec2 instances. A inventory.ini file is generated for ansible to leverage in order to configure the ec2 instances.

Ensure a tfvars directory exists in the project directory and contains a .tfvars file which contains something like:

ami           = "ami-123456789"
instance_type = "t2.micro"
key_name      = "name_ec2_key"
number_of_instances = 1
name = "name"
ingress_cidr = ["0.0.0.0/24"]
account_id = "123456789"