Author(s): Julius Nyerere Nyambok Originally published on Towards AI. Historically, cloud infrastructure management involved manual configuration on web consoles or command line interfaces. This approach was prone to human errors, inconsistencies, and maintaining version controls. The growing complexity of cloud environments and the demand for faster, more reliable, and reproducible infrastructure management practices highlighted the need for a more efficient solution.Infrastructure-as-code (IaC) is a DevOps practice that uses code to define and deploy infrastructure. Terraform by HarshiCorp is an IaC tool that allows you to define and provision cloud resources using a declarative language called HashiCorp Configuration Language.In this article, we will deploy resources on AWS through Terraform and create a CI/CD pipeline on Gitlab to automate the deployment process. Figure 1: Terraform basic flowchart Part I: Introduction In this project, we will define the AWS infrastructure, write terraform code that defines our AWS infrastructure, build our infrastructure, and automate our infrastructure creation using GitLab CI/CD pipelines so that when a change is made, the pipeline will run the terraform commands, and update the infrastructure. You require the following tools for this project: AWS account and a user account — Preferred cloud computing resources provider that offers a free tier. AWS CLI — A command line interface to authenticate our AWS credentials. Terraform — Infrastructure-as-code tool to deploy cloud resources via code. You can follow this tutorial to install it. GitLab account — To store our code in a repository and create our CI/CD pipeline. Any code editor you prefer i.e VS Code. Here is the link to the GitLab repository which I have successfully mirrored on my GitHub. GitHub – Jnyambok/Terraform-CI-CD-Pipeline: AWS infrastructure that consists of a VPC and Amazon… AWS infrastructure consists of a VPC and Amazon EC2 instance deployed through Terraform.Repository mirrored from… github.com Part II: Infrastructure Definition A Virtual Private Cloud (VPC) is a private, isolated section of the AWS cloud where you can launch resources. It’s akin to a private data center within the public cloud that allows you to customize the configuration, including subnets, routing tables, and security groups.An Elastic Compute Cloud (EC2) instance is a virtual server in the cloud that provides on-demand computing capacity and resources like CPU, memory, and storage.A security group is a firewall configuration for your services that defines what ports on the machine are open to incoming traffic. Figure 2: Our basic AWS infrastructure Imagine you want to create an application on AWS. You would first create a VPC to provide a private network for your web application. Then, you would launch EC2 instances within the VPC to run your application. The VPC, through a security group, would define the network configurations for the EC2 instances to ensure they communicate with each other and the outside world. This infrastructure is what we will build. An Amazon Machine Image (AMI) is a template for creating EC2 instances. It contains the software and configuration information required to launch an instance. Think of it as a pre-packaged set of instructions for building a virtual server. Figure 3: AMIs in action Part III: Terraform structure definition and configuration. Terraform projects are typically structured like this: Figure 4: Terraform structure definition In Terraform, modules are reusable blocks of infrastructure code that encapsulate and organize related resources into a single unit making your configurations more modular. Our VPC and EC2 configurations are defined within folders within our project. These are our modules. We have three main files that are defined in the root module. main. tf — This is the primary Terraform configuration file. When the file is within a module, it defines the resources you want to provision i.e virtual machines, databases, and containers. When the file is in the root folder, it acts as a messenger between modules to pass vital information. provider. tf (optional) — This file configures Terraform providers to interact with specific cloud platforms or services. variable. tf (optional) — This file helps you define reusable variables with types and optional default values. It’s useful if you have a large cloud infrastructure. I have provided this basic template for this project on my GitHub. Go ahead and git pull this repository. Go through Terraform’s basic syntax to understand. Let’s begin by configuring our Virtual Private Cloud. Navigate to your /vpc/main.tf and paste this block. ##We will create 1 vpc , 1 subnet and 1 security group# A VPC is a private, isolated section of the AWS cloud where you can launch resourcesresource "aws_vpc" "myvpc" { cidr_block = "10.0.0.0/16" enable_dns_hostnames = true enable_dns_support = true tags = { Name = "myvpc" } }#A subnet is a division of a VPC that defines a range of IP addresses.resource "aws_subnet" "pb_sn" { vpc_id = aws_vpc.myvpc.id cidr_block = "10.0.1.0/24" map_public_ip_on_launch = true availability_zone = "eu-north-1a" tags = { Name = "pb_sn1" }}#A security group is a virtual firewall that controls inbound and outbound traffic to resources within a VPC.resource "aws_security_group" "sg" { vpc_id = aws_vpc.myvpc.id name = "my_sg" description = "Public Security" # Ingress refers to incoming traffic to a resource within the VPC. It specifies which ports and protocols can be accessed from outside the VPC. #This rule allows inbound SSH traffic (port 22) from any IP addres ingress { from_port = 22 to_port = 22 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } #Egress refers to outgoing traffic from a resource within the VPC. It specifies which ports and protocols can be accessed from within the VPC egress { from_port = 0 to_port = 0 protocol = "-1" #This specifies that the rule applies to all protocols (TCP, UDP, ICMP, etc.). cidr_blocks = ["0.0.0.0/0"] #This indicates that the rule applies to all destination IP addresses (the entire internet } }#In essence, this rule grants the security group complete outbound connectivity, allowing it to communicate with any resource on the internet. This might be useful for certain scenarios, but it's generally considered a security risk as it exposes the resources within the security group to potential threats We have configured a VPC, […]
↧