terraform aws iac

View Repository

What it is

This project uses Infrastructure as Code (IaC) to deploy and manage AWS infrastructure for a web application with Terraform modules. It organizes networking, compute, and database resources into reusable configurations, with state managed through HCP Terraform. This setup enables a VCS-driven workflow, where updates to configuration files trigger infrastructure changes automatically.

How it’s built

The infrastructure is divided into three primary modules, making it modular and scalable:

  1. Network Module: Creates the Virtual Private Cloud (VPC), subnets, internet gateway, and security groups.
  2. Compute Module: Sets up EC2 instances for the web application with automated configurations via user data and cloud-init
  3. Database Module: Manages AWS RDS instances
module "network" {
  source = "./modules/network"
  # VPC and subnet variables here
}

module "compute" {
  source       = "./modules/compute"
  vpc_id       = module.network.vpc_id
  # other compute-related variables here
}

module "database" {
  source       = "./modules/database"
  subnet_ids   = module.network.subnet_ids
  # database variables here
}

Each module is designed for reusability and customization, allowing for configuration adjustments. By separating concerns into modules, the project attempts to make the infrastructure more maintainable and scalable, as each layer can be updated or scaled independently.

A diagram of the architecture

Network

  • VPC: Creates a dedicated Virtual Private Cloud (VPC) for isolating and securing resources.
  • Subnets:
    • 2 Public Subnets: For the web server instances, allowing access to the internet.
    • 2 Private Subnets: For the database, restricting internet access and increasing security.
  • Internet Gateway (IGW): Attached to the VPC to allow internet access for resources within the public subnets.
  • Route Tables and Routes:
    • Public Route Table: Configured to direct traffic from the public subnets to the Internet Gateway for internet access.
    • Private Route Table: Used to keep the private subnets isolated, with no direct internet access.
  • Security Groups:
    • Web Server Security Group: Allows HTTP/HTTPS access from the internet and restricts other ports.
    • Database Security Group: Allows only MySQL traffic from the web server security group, enhancing network security by preventing public access to the database.

Compute

  • EC2 Instances: Provisioned with appropriate instance types and connected to the public subnets for web traffic.
  • nginx Web Server: Installed via user data script during instance launch to serve as a basic web server.
user_data   = <<EOF
            #cloud-config
            groups:
            - cloud-users
            users:
            - default
            - name: devops
                gecos: DevOps
                primary_group: cloud-users
                groups: users, admin
                lock_passwd: false
                passwd: $6$rounds=4096$
            - name: cloud-user
                gecos: Cloud User
                primary_group: cloud-users
                groups: users, admin
                lock_passwd: false
                passwd: $6$rounds=4096$
            package_update: true
            package_upgrade: true
            packages:
            - git
            - python3
            runcmd:
            - dnf install -y nginx mariadb105
            - systemctl start nginx
            - systemctl enable nginx
            - systemctl status nginx
            - echo "<html><h1>Hello World</h1></html>" > /usr/share/nginx/html/index.html
            - systemctl start mariadb
            - systemctl enable mariadb
            - systemctl status mariadb
            - nginx -v
            - mariadb --version
            EOF

Database

  • RDS Instance: Creates a MySQL database in the private subnet group for application data.
  • DB Subnet Group: Configures subnets specifically for RDS to ensure redundancy and isolation within the private subnets.

Technologies

  • Terraform: Used for defining, managing, and provisioning infrastructure across AWS.
  • HCP Terraform: Provides managed state storage and workspaces, enabling a VCS-driven workflow to automate and control infrastructure changes.
  • AWS (EC2, VPC, RDS): Cloud platform for hosting the web application, managing the network, and storing data.
  • GitHub: Version control to manage and track changes in infrastructure configuration.
  • User Data and Cloud-Init: Used for provisioning EC2 instance with configurations and software to run the web application.

Lessons learned

  1. The Power of Modularity: Breaking down infrastructure into modules increased reusability and made it easy to replicate environments across different stages.
  2. Efficiency of VCS-Driven Workflow: The VCS-driven workflow with HCP Terraform helped streamline updates. With automatic runs triggered by changes in the repository, deployments were fast. However, I will remember to always validate locally before pushing changes.
  3. Cloud-Init and User Data for EC2 Provisioning: Using user data and cloud-init was effective for bootstrapping EC2 instances with necessary software. For more complex installations I would probably choose to use containers.