AWS - First Lab

For my AWS labs I am using a LinuxAcademy AWS sandbox.

Authentication

A wrong approach to your secrets is having them hard-coded in your Terraform code. You should not do that, it is not safe. But yeah, you can.

provider "aws" {
  region     = "us-west-2"
  access_key = "my-access-key"
  secret_key = "my-secret-key"
}

The right way to do it is to keep the secrets in enviromental variables. BTW, I don't see any harm in keeping the default region setting hard-coded.

export AWS_ACCESS_KEY_ID="anaccesskey"
export AWS_SECRET_ACCESS_KEY="asecretkey"
export AWS_DEFAULT_REGION="us-west-1"

Let's roll

terraform init
Initializing the backend...

Initializing provider plugins...
- Reusing previous version of hashicorp/aws from the dependency lock file
- Installing hashicorp/aws v3.20.0...
- Installed hashicorp/aws v3.20.0 (signed by HashiCorp)

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work.

If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary.

All good, next step:

terraform plan

Now we're getting a lot of related information, skip it for now.

terraform apply

And done! Phew.

Let's check what we have just created:

terraform show
# aws_instance.web:
resource "aws_instance" "web" {
    ami                          = "ami-0870650fde0fef2d4"
    arn                          = "arn:aws:ec2:us-east-1:003901371818:instance/i-0e04ccb1c77bd3032"
    associate_public_ip_address  = true
    availability_zone            = "us-east-1f"
    cpu_core_count               = 1
    cpu_threads_per_core         = 2
    disable_api_termination      = false
    ebs_optimized                = false
    get_password_data            = false
    hibernation                  = false
    id                           = "i-0e04ccb1c77bd3032"
    instance_state               = "running"
    instance_type                = "t3.micro"
    ipv6_address_count           = 0
    ipv6_addresses               = []
    monitoring                   = false
    primary_network_interface_id = "eni-0ba13e3422e4b53dd"
    private_dns                  = "ip-172-31-65-190.ec2.internal"
    private_ip                   = "172.31.65.190"
    public_dns                   = "ec2-3-234-214-167.compute-1.amazonaws.com"
    public_ip                    = "3.234.214.167"
    secondary_private_ips        = []
    security_groups              = [
        "default",
    ]
    source_dest_check            = true
    subnet_id                    = "subnet-06f5b6d3d9c6acff9"
    tags                         = {
        "Name" = "HelloWorld"
    }
    tenancy                      = "default"
    volume_tags                  = {}
    vpc_security_group_ids       = [
        "sg-0b36ba38d4c1d7686",
    ]

    credit_specification {
        cpu_credits = "unlimited"
    }

    metadata_options {
        http_endpoint               = "enabled"
        http_put_response_hop_limit = 1
        http_tokens                 = "optional"
    }

    root_block_device {
        delete_on_termination = true
        device_name           = "/dev/sda1"
        encrypted             = false
        iops                  = 100
        volume_id             = "vol-09053437bff3997e0"
        volume_size           = 8
        volume_type           = "gp2"
    }
}

# aws_vpc.example:
resource "aws_vpc" "example" {
    arn                              = "arn:aws:ec2:us-east-1:003901371818:vpc/vpc-009d9b537d5a04398"
    assign_generated_ipv6_cidr_block = false
    cidr_block                       = "10.0.0.0/16"
    default_network_acl_id           = "acl-0d5a6e4f48d0ed3ae"
    default_route_table_id           = "rtb-08b1f4377033412ec"
    default_security_group_id        = "sg-01db0d31a4a9c8647"
    dhcp_options_id                  = "dopt-07d3e069b3881239f"
    enable_classiclink               = false
    enable_classiclink_dns_support   = false
    enable_dns_hostnames             = false
    enable_dns_support               = true
    id                               = "vpc-009d9b537d5a04398"
    instance_tenancy                 = "default"
    main_route_table_id              = "rtb-08b1f4377033412ec"
    owner_id                         = "003901371818"
}

# data.aws_ami.ubuntu:
data "aws_ami" "ubuntu" {
    architecture          = "x86_64"
    arn                   = "arn:aws:ec2:us-east-1::image/ami-0870650fde0fef2d4"
    block_device_mappings = [
        {
            device_name  = "/dev/sda1"
            ebs          = {
                "delete_on_termination" = "true"
                "encrypted"             = "false"
                "iops"                  = "0"
                "snapshot_id"           = "snap-0345140af47f128da"
                "volume_size"           = "8"
                "volume_type"           = "gp2"
            }
            no_device    = ""
            virtual_name = ""
        },
        {
            device_name  = "/dev/sdb"
            ebs          = {}
            no_device    = ""
            virtual_name = "ephemeral0"
        },
        {
            device_name  = "/dev/sdc"
            ebs          = {}
            no_device    = ""
            virtual_name = "ephemeral1"
        },
    ]
    creation_date         = "2020-12-03T18:45:10.000Z"
    description           = "Canonical, Ubuntu, 20.04 LTS, amd64 focal image build on 2020-12-01"
    hypervisor            = "xen"
    id                    = "ami-0870650fde0fef2d4"
    image_id              = "ami-0870650fde0fef2d4"
    image_location        = "099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20201201"
    image_type            = "machine"
    most_recent           = true
    name                  = "ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20201201"
    owner_id              = "099720109477"
    owners                = [
        "099720109477",
    ]
    product_codes         = []
    public                = true
    root_device_name      = "/dev/sda1"
    root_device_type      = "ebs"
    root_snapshot_id      = "snap-0345140af47f128da"
    sriov_net_support     = "simple"
    state                 = "available"
    state_reason          = {
        "code"    = "UNSET"
        "message" = "UNSET"
    }
    tags                  = {}
    virtualization_type   = "hvm"

    filter {
        name   = "name"
        values = [
            "ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*",
        ]
    }
    filter {
        name   = "virtualization-type"
        values = [
            "hvm",
        ]
    }
}

Awesome.

You can find the terraform source here.