8/16/2023 0 Comments Terraform aws bastion hostTerraform will perform the actions described above.Įnter a value: yes aws_security_group.http_access: Creating. If the provisioner is not able to perform the given operation within 4 minutes, it throws an error. Private_key – Path to the private key file named tfsn.cer stored locally User – Amazon Linux AMIs have ec2-user as the default user Host – specifies the public IP address of the EC2 instance that will be created The connection block used by the file provisioner to SSH into the EC2 instance to copy the file. Source – is a path to the file on the Terraform hostĭestination – is a path on the target EC2 instance, where the source file should be copied The file provisioner block contains information about the source and destination. Reference to the Security Group name as created in the previous section. Name of the key file as created in the AWS console in the previous section. Below is an example configuration of the security group in Terraform. We would need this for validation when we discuss the remote-exec provisioner. In the Terraform configuration, add the configuration for a new security group that enables HTTP traffic from the internet to access it via browser and SSH login required by provisioners. Additionally, we would use this key pair to SSH into the EC2 instance ourselves for validation purposes. This information is used by Terraform provisioners to SSH into the EC2 instance. The name of the key file downloaded locally on my machine is “tfsn.cer”. I have created the key pair and named it “tfsn”. Navigate to the AWS console and manually create a key pair and save the private key file locally – on the Terraform host. Security group to open up the HTTP access.To enable Terraform to SSH into our Linux-based EC2 instance, we need a couple of things: The file provisioner and remote-exec provisioners – both operate on the target resource that is created in the future. Read more about how to create AWS EC2 instance using Terraform.īefore we proceed to the next sections, it is important to discuss the connection block. We will take a look at these provisioners in detail in the next sections. This is because the credentials used to log in to an EC2 instance are AWS key pairs (public and private keys) primarily. Local-exec provisioner executes the commands or scripts on the host system and works on the data generated by the given Terraform configuration or data made available on the host machine.Īs far as the target resources are concerned, we have to set up certain mechanisms to provide connection details to perform actions on the target machines. It is simply because, unlike remote-exec and file provisioners, local-exec provisioners do not require connecting to the newly created resources to perform their tasks. If the Terraform is installed on the developer’s local machine, the local-exec provisioner would run on the same machine. The local-exec provisioner is the simplest provisioner as it executes on the machine that hosts and executes Terraform commands. In the entire plan-apply-destroy cycle of Terraform, provisioners are employed at various stages to accomplish certain tasks. More about this is described in the concluding section. Hashicorp suggests the usage of Terraform provisioners should only be considered in those cases where we are left with no other option. The main reason here is that there are dedicated tools and platforms available that align well with the use cases discussed in this post. In this post, we will understand the scenarios handled by provisioners, how they are implemented, and what are the better ways to do it.īut before we go ahead, it is worth noting that using Terraform Provisioners for the activities described in this post should be considered a last resort. Such tasks are performed using provisioners in Terraform. Additionally, it is also possible to perform some of the above tasks when the EC2 instance boots or is destroyed. Terraform is a great IaC tool that helps us build infrastructure using code. Clearly, there are more actions to be performed on this instance – installing a web server, applications, databases, set network firewall, etc – to enable it for its function. Maybe the EC2 instance is responsible for executing heavy workloads, acts as a bastion host, or simply serves as the frontend for all incoming requests. There are more actions performed on it to make it functional and useful.įor example, when we create an EC2 instance, we create it to accomplish certain tasks. We do not create cloud infrastructure just for the sake of it. Every time we provision a new set of cloud infrastructure, there is a purpose behind it.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |