WebApp on AWS Cloud (EC2, EFS S3, CloudFront) using SDK-Terraform!!
In a previous article of Cloud Computing, I gave a glimpse into how we can create different resources provided by Amazon through AWS, using Terraform. We saw the use of services like EC2, EBS, S3, CloudFront, etc. In this article, we will be looking at another storage service offered by AWS called EFS. We will also work with the concept of modules, input variables, and output values in Terraform.
1. Create Security group which allow the port 80.
2. Launch EC2 instance.
3. In this Ec2 instance use the existing key or provided key and security group which we have created in step 1.
4. Launch one Volume using the EFS service and attach it in your vpc, then mount that volume into /var/www/html
5. Developer have uploded the code into github repo also the repo has some images.
6. Copy the github repo code into /var/www/html
7. Create S3 bucket, and copy/deploy the images from github repo into the s3 bucket and change the permission to public readable.
8 Create a Cloudfront using s3 bucket(which contains images) and use the Cloudfront URL to update in code in /var/www/html
- Those who are familiar with jenkins or are in devops AL have to integrate jenkins in this task wherever you feel can be integrated.
What if our requirements change and we need to allow the same website to be accessed by multiple EC2 instances simultaneously?
In such scenarios, we can use the Elastic File System (EFS), which can be mounted to different AWS services and accessed from multiple instances simultaneously. EFS also offers other additional benefits:
a) It offers throughput as per the demand of the workload.
b) It can autoscale the storage as per requirements. This also saves cost as the user only needs to pay for the storage being used.
c) It is a service completely managed by Amazon, which means the user does not need to worry about any issues with the file system. They will be handled by AWS itself.
d) It also offers data encryption and different levels of access to the file system of the user. This increases the security of the data.
As with the other Amazon Services, EFS can also be provisioned using Terraform.
1. Make a free tier account on AWS .
2. Download aws cli v2.
3. Download Terraform. Add environmental variables in Path for aws and terraform.
4. Login to aws using cli using “aws configure” command.
The Amazon Web Services (AWS) provider is used to interact with the many resources supported by AWS. The provider needs to be configured with the proper credentials before it can be used.
create the security group needed for both the EFS as well as the EC2 instance. The security group allows all inbound traffic on the ports 80 (for HTTP), 22 (for SSH access), and 2049 (For NFS protocol). It also allows all outbound traffic.
Let’s launch an ec2 instance which has setup in the public which is already having the security group allowing port 80 and nfs server. We have here used remote exec which will run provided commands directly into the created os. Here we have used pre-created key for authentication of os.
Launch one Volume using the EFS service and attach it in your subnet, then mount that volume into /var/www/html.
Now make a null resource for formatting the the volume (hardisk) attached and mounting it to the /var/www/html folder where the code of the webpages of the webserver is kept.
Then clone the code from github (web pages) uploaded by the developer in the /var/www/html and it will be stored in the volume as we have mounted it.
Also before cloning the code in the folder it should be empty as git clone requires the folder in which we are copying to be empty.
Create S3 bucket, and copy/deploy the images from github repo into the s3 bucket and change the permission to public readable.
Cloudfront we have to give a custom error response which makes our site more robust. default cache behavior allows us to adjust the behavior of the local cache which it will create on all the edge locations. Then we need to set the viewer policy which helps us to make some extra security which will automatically redirect HTTP to HTTPS request only. Then we have set price class which means where we want this content to be placed we set it to all that means to all around the world. Then restriction is the section where we can blacklist the countries where we don’t want any customer to access our website. At last, we set the SSL certificate.
Launch the service by following command.
terraform apply auto-approve