AWS services used:
- VPC
- EC2
Region: us-east-1
- AWS account
- AWS credentails populated in ~/.aws/credentials. You can run
aws configureto populate this file. - AWS CLI installed on machine where you plan to deploy from
- Terraform (version 12.0.0+) installed on machine where you plan to deploy from
- Python boto3 and botocore modules installed on machine where you plan to deploy from `pip install boto3
Versions I used:
- OS Ubuntu 16.04
- Terraform v0.13.3
- aws-cli 1.18.69
Firstly clone this repo and then cd into the repo directory.
Next, before you can deploy this environment, you need to create an AWS S3 bucket. This bucket is used to store Terraform state.
aws s3api create-bucket --bucket <bucket name>
Populate the above command with a unique name of your S3 bucket.
You need to change the terraform code so it knows the name of your S3 bucket you created earlier. This is inside the backend.tf file.
backend "s3" {
region = "us-east-1"
profile = "default"
key = "terraform-state-file"
bucket = "<bucket-name>"
}
}
Next, create a ssh key which will be deloyed to ec2. You can change the location of where your ssh key file is output if you want, but you need to ensure you update instances.tf with the new location.
ssh-keygen -f /var/tmp/aws_id_rsa -t rsa
You can now deploy the environment with Terraform.
terraformin init and then terraform plan will show you what terraform plans to do, i.e how many resources it will add.
If you are happy with the output, then terraform apply. Type 'yes' when prompted.
Once the deployment has completed, a single VPC with exist with a private and public subnet.
A bastion host will reside in the public subnet and a 'private server' will reside in the private subnet. Both instances have appropriate security groups.
You can destroy the environment with terraform destroy.
This will remove all resources apart from the S3 bucket. To destroy the S3 bucket you can use the aws cli command aws s3 rb s3://bucket-name --force