Deploying a Two-Tier Architecture in AWS Using Terraform Modules in Terraform Cloud

This is the same continuation of my previous article on Deploying a two-tier architecture in AWS using Terraform Modules, but in Terraform Cloud.

Objectives are the same which are given below:

Objectives:

1. Create a highly available two-tier AWS architecture containing the following:

• 3 Public Subnets

• 3 Private Subnets

• Auto Scaling Group for Bastion Host and Web Server

• Internet-facing Application Load Balancer for Web Server

2. Use module blocks for ease of use and re-usability.

In this article, I am going to show only on how to deploy the same infra-structure in Terraform Cloud.

Used Terraform Cloud Documentation.

What you will need in addition is a Terraform Cloud Account.

What is Terraform Cloud?

Terraform is an infrastructure as code tool that lets you define and manage infrastructure resources through configuration files. It uses modules for readability and re-usability. It securely stores state and secret data, and can connect to version control systems so that you can develop your infrastructure. It helps you to collaborate with your teams in your organization so that all can review at the same time you plan a new change, and approve the plan before you apply it.

Click on my repository link below to clone it into Cloud9 IDE.

Create a Terraform Cloud account

• Sign into Terraform Cloud

• In your Terraform Cloud dashboard, navigate to Settings

• On the left hand, scroll down to Providers

• Click Add a VCS provider at the top right of screen

• Click GitHub and select GitHub.com (Custom)

• After making sure you are signed into your GitHub account, in the Terraform Cloud web page, click on the link register a new OAuth Application.

• Use the information given to fill out the fields in your GitHub account.

• Register application

• Finish without creating a SSH key pair.

• In Terraform Cloud dashboard, click to create a New Workspace

• Click Version control workflow

• click the GitHub custom you just created

• Select repository for this project, awsmine/2_tier_architecture_modules_terraform_cloud

• Create a name for this workspace and select Create workspace

• Click Go to workspace overview to add variables

• Click Configure variables.

• Click Add variable in the Environment Variable section.

• First add your 1st environment variable — AWS_ACCESS_KEY_ID for your IAM user with admin permissions.

• Ensure that you click Sensitive for these variable. This will prevent your variable value from being displayed.

• Then add your 2nd environment variable — AWS_SECRET_ACCESS_KEY for your IAM user with admin permissions.

• Ensure that you click Sensitive for these variable. This will prevent your variable value from being displayed.

• Then add your 3rd environment variable — for AWS_DEFAULT_REGION set to us-east-1

• Then add your 4th environment variable — create a CONFIRM_DESTROY variable set to 1. This is needed to destroy our infrastructure later.

• Instead of using a .tfvars file in the GitHub repo, we are adding our access_ip variable to the Terraform Variables. In our root main.tf, the access_ip is set up which determines the CIDR block that can SSH into our Bastion Host. Use 0.0.0.0/0, but you can also use your personal IP address.

• See the list of Environment and Terraform variables added

• Now click the Actions link at the top right and select Start new run

• Write test for Reason for starting run, Choose run type Plan and apply (standard) and click Start run

• Plan running

• Once Plan finished

• go all the way down , click Confirm & apply

• write test apply and click Confirm Plan

• you will see Apply running

• Apply errored
• Error: with the retirement of EC2-Classic no new non-VPC EIPs can be created

• But our infrastructure is completed.

VERIFY

DNS name

Security group for Bastion host

• Copy the Public IP of the Bastion host

• Using Putty and Putty Agent forwarding (use Pageant — Putty authentication agent), log into the putty session using the key name from the root main.tf (NVirKey) as your EC2 Key Pair name via SSH connection.

• Test Internet connection by ping google.com

• Validate 1st webserver (named as database server)
• Security group for webserver host

• copy the Private IP address of 1st webserver (database server)

• SSH from the bastion host

• verify internet connection — ping google.com

• Validate 2nd webserver (named as database server) Security group for webserver host

• copy the Private IP address of 2nd webserver (database server)

• SSH from the bastion host

• verify internet connection — ping google.com

Clean up

Navigate to your Workspace and click *Settings/Destruction and Deletion.
*

• First click Queue destroy plan and follow the below prompts

• Now Delete workspace from Terraform Cloud

• Delete workspace

• check to see that everything is cleaned up

What we have done so far

In Terraform Cloud, we created two Web servers placed in Private Subnets which has access to the internet through a Bastion host placed in Public Subnets with High availability and Load Balancing features.

Comments

[Mike Tyson of the Cloud]

Very long and exhaustive article on Terraform Cloud!
All these details seems amazingly complex -- why don't you switch to Brainboard?

[Revathi Joshi]

I have published it first on medium and I brought it over to DEV.to. Have not tried on any other platform. It is too much of a work...