Prerequisites
- AWS CLI installed
- Terraform installed
- VS Code installed (text editor)
Set up Project
Create a folder in VS code
aws configure: your credentials
=in the terminal run aws configure
create key pair in aws and download on your system
Under EC2 > Key pairs > Create key pair
Download the key pair and copy it to the folder you will be working from
Create configuration files
terraform configuration
main.tf
locals {
name = "monitoring-server"
}
resource "aws_instance" "poc" {
ami = var.ami
instance_type = var.instance_type
key_name = var.key_id
vpc_security_group_ids = [aws_security_group.allow_ssh.id]
tags = {
Name = local.name
}
}
data "aws_vpcs" "default" {}
resource "aws_security_group" "allow_ssh" {
name = "allow_ssh"
description = "Allow SSH inbound traffic"
ingress {
description = "SSH from anywhere"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
}
tags = {
Name = "poc_sg"
}
}
variables.tf
variable "region" {
type = string
default = "eu-west-1"
}
variable "ami" {
type = string
default = "ami-0905a3c97561e0b69"
}
variable "instance_type" {
type = string
default = "t2.micro"
}
variable "aws_s3_bucket_terraform" {
default = "my-poc-backend-bucket-test"
}
variable "key_id" {
default = "poc-key"
}
remote stste
backend.tf
resource "aws_s3_bucket" "poc_bucket" {
bucket = var.aws_s3_bucket_terraform
}
resource "aws_s3_bucket_server_side_encryption_configuration" "poc" {
bucket = var.aws_s3_bucket_terraform
rule {
apply_server_side_encryption_by_default {
kms_master_key_id = aws_kms_key.poc-bucket-key.arn
sse_algorithm = "aws:kms"
}
}
}
resource "aws_kms_key" "poc-bucket-key" {
description = "This key is used to encrypt bucket objects"
deletion_window_in_days = 10
enable_key_rotation = true
}
resource "aws_kms_alias" "key-alias" {
name = "alias/poc-bucket-key"
target_key_id = aws_kms_key.poc-bucket-key.key_id
}
==remeber to change the bucket name and bucket key name, more than one user cant use the same bucket name so choose personal bucket name of choice if not you ay get an error during bucket creation.
create the instance first, not the alarm
To create the instance
terraform init
terraform fmt
terraform plan
terraform apply
Run the commands individually and not at once.
==remember to explain what each one does
Once creation is complete, log in to your aws account to see the created instance.
Create Cloudwatch alarm
Copy the instance id fo your running instance on AWS. In your variable.tf, add the below section at the bottom of your configuration, replacing with your instance id of the just created instance
variable "instance_id" {
default= "i-0842ca4d32c8861fa"
}
Now create a cloudwatch.tf
file in your text editor and paste the below
resource "aws_cloudwatch_metric_alarm" "cpu_utilization_high" {
alarm_name = "cpu-utilization-high"
comparison_operator = "GreaterThanOrEqualToThreshold"
evaluation_periods = 1
metric_name = "CPUUtilization"
namespace = "AWS/EC2"
period = 60
statistic = "Average"
threshold = 80
alarm_description = "This metric triggers when CPU utilization exceeds 80%"
alarm_actions = [aws_sns_topic.alarm.arn]
dimensions = {
InstanceId = var.instance_id
}
}
resource "aws_sns_topic" "alarm" {
name = "CloudWatch_Alarm_Topic"
}
resource "aws_sns_topic_subscription" "alarm_subscription" {
topic_arn = aws_sns_topic.alarm.arn
protocol = "email"
endpoint = "kuberneteslinux@gmail.com"
}
Replace the endpoint with your preferred email address.
Create the alarm by running
terraform init
terraform plan
terraform apply
Once the alarm and SNS topic have been created, you should immediately receive an email at the email address specified as your endpoint.
The email will ask for you to confirm your subscription.
Test the alarm
SSH into the created instance using your key pair
remember to first ste permissions on the key
chmod 400 "test.pem"
then
ssh -i "test.pem" ubuntu@ec2-54-170-241-216.eu-west-1.compute.amazonaws.com
change the key name to your key name
Once logged in,
sudo apt update
sudo apt install stress
Stress is a cli tool used to simulate load on= rewrite
Then, you generate load on the instance using the stress tool just installed.
stress --vm-bytes $(awk '/MemAvailable/{printf "%d\n", $2 * 0.8;}' < /proc/meminfo)k --vm-keep -m 1
This should cause the CPU utilization of your instance to exceed 80%, thus triggering the alarm.
The SNS topic will pick this up and send you an email notification about this.
Top comments (0)