top of page
Walid El Sayed Aly

Create AWS EC2 instance with SSH access via GitHub CI/CD Actions and Terraform Cloud


The following technologies are used in this article:

  • AWS Services EC2: https://go.aws/31M3D6k

  • GitHub Workflow: https://bit.ly/3bTXp5Y

  • Terraform Cloud: https://bit.ly/3wsn3s0

If you want to get your hands dirty and run the article, you need an account with the previous technologies.

What is AWS EC2?

In summary Amazon Elastic Cloud (AWS EC2) is a web service that provides resizable compute capacity in the cloud. Amazon EC2 reduces the time required to obtain and boot new server instances to minutes, allowing you to quickly scale capacity, both up and down, as your computing requirements change.

There are the following ways to create an AWS EC2 instance:

  • Manually: via the AWS console.

  • Automatically: via an IaC Infrastructure as a Service tool such as CloudFormation or Terraform as in our example.

What is GitHub Action?

GitHub Actions help you automate tasks within your software development life cycle. With GitHub Actions you can make it easy to automate your apps Workflow. With GitHub Aktion you can build, test and deploy your changes to the desired environment. I use the AWS Cloud Services as a cloud service provider will turn them into real.

What is Terraform Cloud?

Terraform is a great APP to manage your infrastructure. Terraform is an Infrastructure as Code (IaC) that allows you to create and modify your infrastructure changes securely and efficiently.

Terraform Cloud is an application that can help you use Terraform with your CI/CD application like GitHub, Gitlab, Bitbucket. It manages Terraform in a consistent and reliable environment and includes easy access to shared state and secret data, access controls for approving changes to the infrastructure, a private registry for sharing Terraform modules, detailed policy controls for controlling the content of Terraform configurations, and more.

Terraform Cloud supports the following VCS providers:
  • GitHub.com

  • GitHub.com (OAuth)

  • GitHub Enterprise

  • GitLab.com

  • GitLab EE and CE

  • Bitbucket Cloud

  • Bitbucket Server

  • Azure DevOps Server

  • Azure DevOps Services

let’s do it 😄

In our examples, I want to create a new AWS EC2 instance. For example, when creating the AWS EC2 instance, our project needs to have the following features:

  • There should be two instances created.

  • There should be a possibility to access the new instance with SSH.

  • The new instance should first be created in our region Frankfurt.

  • Amazon Linux 2 AMI (HVM) is used as an image.

Here you can perform these steps via the console and select AWS Console -> EC2 -> Launch EC2 and then the image. Finally, create the security group with the SSH 22 port, create a key pair for EC2 and so on and so forth. As you can see, these are all the steps for creating an AWS EC2 instance.

How to automate all these steps and even integrate them via a CI/CD Pipeline?

  1. Create Terraform for AWS EC2 Instance

First let’s make this change in a directory named aws-ec2-terraform:

mkdir aws-ec2-terraform

After that you create the terraform main:

code main.tf

you need for our example only the AWS Terraform Provider in the main.tf:


terraform 
    {
    required_providers 
    {    
    aws = {      source  ="hashicorp/aws"      version ="~> 3.27"    }  }  
    required_version =">= 1.0.4"
    }


After that you define the profile, region, and the AWS credentials:


In separate file you create the variables. I will explain in step 3, how you can secure this AWS credentials in Terraform Cloud workspace.

You create variables.tf file in the same directory and let’s define the two variables:


variable "AWS_ACCESS_KEY_ID" 
{  type = string}
variable 
"AWS_SECRET_ACCESS_KEY" {  type = string}

The following configurations are defined in our main.tf:

  • the count of the instance // count

  • I have chosen this image: Amazon Linux 2 AMI (HVM). You can get the AMI ID from AWS EC2 when you try to start a launch new instance.

  • The instance type

  • A reference on our following security group.

  • Tags: here is taken as the name of the instance.

  • Our new instance should be accessed via SSH. Here you can set SSH as the connection type.


In the next block I define our Security Group for the new instance. Is’ need:

  • Egress: as input you should take the IP 0.0.0.0/0

  • Ingress: as output you also take this IP with the PORT 22 for the SSH access



If you want to access the new AW EC2 machine via SSH, you need a Private and Public Keys. This you can do before, here is a tutorial on how to create a public and private key.

In the last resource in our main.tf is our aws_key_pair for the SSH access:

  • key_name: what you generated with SSH-Keygen

  • public_key: The Value of the Public-Key: what you generated before.

Your private key is stored on locale machine where you run the SSH afterwards.


resource"aws_key_pair""deployer" {  key_name   ="ec2-deployer-key-pair"  public_key ="your public_key look like that ssh-rsa AAAAB3N…”}

That’s all you need in Terraform to create a new AWS EC2 instance with a specific security group.

I recommend to be executed this before your change:

  • Use “terraform fmt”: to rewrite all Terraform configuration files to a canonical format.

  • Use “terraform plan”: to create a speculative execution plan that shows what actions Terraform would take to apply the current configuration. This command will not actually execute the planned actions.

Normally, you can now play this change with terraform apply on AWS. But that was not our goal. I would like to make this change via GitHub action. This will lead us to the next steps


2. Create GitHub action Terraform workflow for your project

In the same directory you need to create a “.github” folder. Under this directory you create a workflows folder with a terraform.yml file

With terraform.yaml you can define your GitHub workflow pipeline.

  • Here you can define your GitHub action as terraform.

  • It is determined under which action this pipeline is to be defined. And which branches. In our example, main is the name of our branch.

  • The Terraform Jobs

Here is a terraform.yml Example:


see more: https://gist.githubusercontent.com/welsayedaly/4e520623d21b4649e39990984f4a1ebe/raw/7e5912b3d0eae2df070232b86add5e7a89f52665/terraform.yml

3. Create new Terraform Workspace in Terraform Cloud

You need a Terraform Cloud account to run the GitHub workflow. You can create an account at https://app.terraform.io/app.

  • First you need to create a workspace, then choose a version control workflow.

  • Then connect to GitHub and select the GitHub repo that was previously pushed to gitHub.

  • Finally, you will have a workspace in Terraform Cloud.

  • I mentioned at the beginning of the article that you need to secure your AWS credentials in Terraform Cloud. In the Terraform Cloud Workspace Variables section, you define these variables. You can also define other Terraform variables.

  • In the workspace, select the Variables section and add the two variables from our Terraform project. AWS_ACCESS_KEY_ID & AWS_SECRET_ACCESS_KEY



4. Fire it up

Once one create a pull request to this project, the change will be automatically deployed to AWS. You can also explicitly run the Terraform Apply Step in Terraform Cloud, so it doesn’t leave WorkFlow open via GitHub.



You can also find the code here: https://github.com/es-cloud-consulting/terraform

I hope this article has helped you.



10 Ansichten0 Kommentare

Aktuelle Beiträge

Alle ansehen

Commentaires


bottom of page