DEV Community: Yaroslav Muravskyi The latest articles on DEV Community by Yaroslav Muravskyi (@myarik). https://dev.to/myarik https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F649802%2F7d31faea-0a38-4260-900b-08e742dd439b.png DEV Community: Yaroslav Muravskyi https://dev.to/myarik en Establishing a Secure Remote Development Environment with AWS EC2 and Terraform Yaroslav Muravskyi Fri, 17 Nov 2023 13:52:08 +0000 https://dev.to/myarik/establishing-a-secure-remote-development-environment-with-aws-ec2-and-terraform-3dja https://dev.to/myarik/establishing-a-secure-remote-development-environment-with-aws-ec2-and-terraform-3dja <h3> Introduction </h3> <p><strong>Remote development environments (RDEs)</strong> allow software engineers to develop and deploy software remotely rather than on their local machine. RDEs are popular among software engineers for several reasons, including company security policies, requirements for specific resources, access to internal resources, and the ability to develop from different devices.</p> <p>This article provides a complete guide on setting up an RDE using an Amazon EC2 instance. We will cover everything from choosing the right instance type to troubleshooting common problems. By the end of this article, you will have a fully configured RDE that you can use to develop and deploy software from anywhere in the world.</p> <h3> Setting up AWS EC2 Instance </h3> <p>We will use Terraform to create an Amazon EC2 instance with EBS volume. <a href="https://www.terraform.io/">Terraform</a> is an <a href="https://en.wikipedia.org/wiki/Infrastructure_as_code">infrastructure as code</a> (IaC) tool used for building, changing, and versioning infrastructure through code. This can also be accomplished using the AWS Console or AWS SDK.</p> <h4> Setup Network Infrastructure </h4> <p>Before provisioning an Amazon EC2 instance, we must establish the necessary network infrastructure. This process involves creating a VPC, subnet, and route table and configuring an internet gateway. If you already have it, you can skip this step.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="err">###</span> <span class="nx">VPC</span> <span class="nx">resource</span> <span class="dl">"</span><span class="s2">aws_vpc</span><span class="dl">"</span> <span class="dl">"</span><span class="s2">vpc-dev</span><span class="dl">"</span> <span class="p">{</span> <span class="nx">cidr_block</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">10.10.0.0/21</span><span class="dl">"</span> <span class="nx">enable_dns_support</span> <span class="o">=</span> <span class="kc">true</span> <span class="nx">enable_dns_hostnames</span> <span class="o">=</span> <span class="kc">true</span> <span class="nx">tags</span> <span class="o">=</span> <span class="nx">merge</span><span class="p">(</span><span class="nx">tomap</span><span class="p">({</span> <span class="nx">Name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">dev-vpc</span><span class="dl">"</span><span class="p">,</span> <span class="p">}),</span> <span class="nx">local</span><span class="p">.</span><span class="nx">common_tags</span><span class="p">)</span> <span class="p">}</span> <span class="err">###</span> <span class="nx">Public</span> <span class="nx">subnet</span> <span class="nx">resource</span> <span class="dl">"</span><span class="s2">aws_subnet</span><span class="dl">"</span> <span class="dl">"</span><span class="s2">public-subnet</span><span class="dl">"</span> <span class="p">{</span> <span class="nx">cidr_block</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">10.10.1.0/24</span><span class="dl">"</span> <span class="nx">vpc_id</span> <span class="o">=</span> <span class="nx">aws_vpc</span><span class="p">.</span><span class="nx">vpc</span><span class="o">-</span><span class="nx">dev</span><span class="p">.</span><span class="nx">id</span> <span class="nx">availability_zone</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">eu-west-2a</span><span class="dl">"</span> <span class="nx">map_public_ip_on_launch</span> <span class="o">=</span> <span class="kc">true</span> <span class="nx">tags</span> <span class="o">=</span> <span class="nx">merge</span><span class="p">(</span><span class="nx">tomap</span><span class="p">({</span> <span class="nx">Name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">dev-public</span><span class="dl">"</span> <span class="p">}),</span> <span class="nx">local</span><span class="p">.</span><span class="nx">common_tags</span><span class="p">)</span> <span class="p">}</span> <span class="err">###</span> <span class="nx">Route</span> <span class="nx">tables</span> <span class="k">for</span> <span class="nx">the</span> <span class="nx">subnet</span> <span class="nx">resource</span> <span class="dl">"</span><span class="s2">aws_route_table</span><span class="dl">"</span> <span class="dl">"</span><span class="s2">public-route-table-dev</span><span class="dl">"</span> <span class="p">{</span> <span class="nx">vpc_id</span> <span class="o">=</span> <span class="nx">aws_vpc</span><span class="p">.</span><span class="nx">vpc</span><span class="o">-</span><span class="nx">dev</span><span class="p">.</span><span class="nx">id</span> <span class="nx">tags</span> <span class="o">=</span> <span class="nx">merge</span><span class="p">(</span><span class="nx">tomap</span><span class="p">({</span> <span class="nx">Name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">public-route-table</span><span class="dl">"</span><span class="p">,</span> <span class="p">}),</span> <span class="nx">local</span><span class="p">.</span><span class="nx">common_tags</span><span class="p">)</span> <span class="p">}</span> <span class="err">###</span> <span class="nx">Associate</span> <span class="nx">the</span> <span class="nx">newly</span> <span class="nx">created</span> <span class="nx">route</span> <span class="nx">tables</span> <span class="nx">to</span> <span class="nx">the</span> <span class="nx">subnet</span> <span class="nx">resource</span> <span class="dl">"</span><span class="s2">aws_route_table_association</span><span class="dl">"</span> <span class="dl">"</span><span class="s2">public-route-association</span><span class="dl">"</span> <span class="p">{</span> <span class="nx">route_table_id</span> <span class="o">=</span> <span class="nx">aws_route_table</span><span class="p">.</span><span class="kr">public</span><span class="o">-</span><span class="nx">route</span><span class="o">-</span><span class="nx">table</span><span class="o">-</span><span class="nx">dev</span><span class="p">.</span><span class="nx">id</span> <span class="nx">subnet_id</span> <span class="o">=</span> <span class="nx">aws_subnet</span><span class="p">.</span><span class="kr">public</span><span class="o">-</span><span class="nx">subnet</span><span class="p">.</span><span class="nx">id</span> <span class="p">}</span> <span class="err">###</span> <span class="nx">Internet</span> <span class="nx">Gateway</span> <span class="k">for</span> <span class="nx">the</span> <span class="kr">public</span> <span class="nx">subnet</span> <span class="nx">resource</span> <span class="dl">"</span><span class="s2">aws_internet_gateway</span><span class="dl">"</span> <span class="dl">"</span><span class="s2">igw-dev</span><span class="dl">"</span> <span class="p">{</span> <span class="nx">vpc_id</span> <span class="o">=</span> <span class="nx">aws_vpc</span><span class="p">.</span><span class="nx">vpc</span><span class="o">-</span><span class="nx">dev</span><span class="p">.</span><span class="nx">id</span> <span class="nx">tags</span> <span class="o">=</span> <span class="nx">merge</span><span class="p">(</span><span class="nx">tomap</span><span class="p">({</span> <span class="nx">Name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">publick-igw</span><span class="dl">"</span><span class="p">,</span> <span class="p">}),</span> <span class="nx">local</span><span class="p">.</span><span class="nx">common_tags</span><span class="p">)</span> <span class="p">}</span> <span class="err">###</span> <span class="nx">Route</span> <span class="nx">the</span> <span class="kr">public</span> <span class="nx">subnet</span> <span class="nx">traffic</span> <span class="nx">through</span> <span class="nx">the</span> <span class="nx">Internet</span> <span class="nx">Gateway</span> <span class="nx">resource</span> <span class="dl">"</span><span class="s2">aws_route</span><span class="dl">"</span> <span class="dl">"</span><span class="s2">public-internet-igw-route-dev</span><span class="dl">"</span> <span class="p">{</span> <span class="nx">route_table_id</span> <span class="o">=</span> <span class="nx">aws_route_table</span><span class="p">.</span><span class="kr">public</span><span class="o">-</span><span class="nx">route</span><span class="o">-</span><span class="nx">table</span><span class="o">-</span><span class="nx">dev</span><span class="p">.</span><span class="nx">id</span> <span class="nx">gateway_id</span> <span class="o">=</span> <span class="nx">aws_internet_gateway</span><span class="p">.</span><span class="nx">igw</span><span class="o">-</span><span class="nx">dev</span><span class="p">.</span><span class="nx">id</span> <span class="nx">destination_cidr_block</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">0.0.0.0/0</span><span class="dl">"</span> <span class="p">}</span> </code></pre> </div> <h4> Create Security Group </h4> <p>We'll now create an AWS Security Group to ensure secure network access to an AWS EC2 instance.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="err">###</span> <span class="nx">Dev</span> <span class="nx">Environment</span> <span class="nx">Security</span> <span class="nx">group</span> <span class="p">(</span><span class="nx">traffic</span> <span class="nx">Local</span> <span class="nx">ssh</span> <span class="o">-&gt;</span> <span class="nx">EC2</span><span class="p">)</span> <span class="nx">resource</span> <span class="dl">"</span><span class="s2">aws_security_group</span><span class="dl">"</span> <span class="dl">"</span><span class="s2">dev_environment</span><span class="dl">"</span> <span class="p">{</span> <span class="nx">name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Dev Environment Security Group</span><span class="dl">"</span> <span class="nx">description</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Allows inbound access from the SSH only</span><span class="dl">"</span> <span class="nx">vpc_id</span> <span class="o">=</span> <span class="nx">aws_vpc</span><span class="p">.</span><span class="nx">vpc</span><span class="o">-</span><span class="nx">dev</span><span class="p">.</span><span class="nx">id</span> <span class="err">#</span> <span class="nx">For</span> <span class="nx">connecting</span> <span class="nx">to</span> <span class="nx">your</span> <span class="nx">EC2</span> <span class="k">from</span> <span class="nx">your</span> <span class="nx">local</span> <span class="nx">machine</span><span class="p">,</span> <span class="nx">you</span> <span class="nx">need</span> <span class="nx">to</span> <span class="nx">add</span> <span class="nx">your</span> <span class="nx">IP</span> <span class="nx">address</span> <span class="nx">ingress</span> <span class="p">{</span> <span class="nx">from_port</span> <span class="o">=</span> <span class="mi">22</span> <span class="nx">to_port</span> <span class="o">=</span> <span class="mi">22</span> <span class="nx">protocol</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">tcp</span><span class="dl">"</span> <span class="nx">cidr_blocks</span> <span class="o">=</span> <span class="p">[</span> <span class="dl">"</span><span class="s2">192.168.0.1/32</span><span class="dl">"</span> <span class="p">]</span> <span class="p">}</span> <span class="nx">egress</span> <span class="p">{</span> <span class="nx">from_port</span> <span class="o">=</span> <span class="mi">0</span> <span class="nx">to_port</span> <span class="o">=</span> <span class="mi">0</span> <span class="nx">protocol</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">-1</span><span class="dl">"</span> <span class="nx">cidr_blocks</span> <span class="o">=</span> <span class="p">[</span> <span class="dl">"</span><span class="s2">0.0.0.0/0</span><span class="dl">"</span> <span class="p">]</span> <span class="p">}</span> <span class="nx">tags</span> <span class="o">=</span> <span class="nx">merge</span><span class="p">(</span><span class="nx">tomap</span><span class="p">({</span> <span class="nx">Name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Dev Environment Security Group</span><span class="dl">"</span> <span class="p">}),</span> <span class="nx">local</span><span class="p">.</span><span class="nx">common_tags</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>This security group restricts SSH connections to only allow access from IP 192.168.0.1. To enable access from your public IP, replace 192.168.0.1 with your public IP address. If you want to allow SSH connections from any IP, replace 192.168.0.1 with 0.0.0.0.</p> <h4> Create EC2 Instance </h4> <p>With the network infrastructure in place, we're ready to create an AWS EC2 instance for our remote development environment.</p> <p>Ubuntu 22.04 LTS is used in this article because it is a popular and well-supported operating system for remote development environments. However, you can use any operating system that meets your needs.</p> <p>Suppose you use IntelliJ IDEA for remote development. To achieve optimal performance and low latency in your remote development environment (RDE), I recommend running an Amazon EC2 instance of type t3.large or r5.large. However, if you are not planning to use IntelliJ IDEA, you can choose a type that suits your needs. Additionally, we will be using a persistent EBS volume for data storage.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">resource</span> <span class="dl">"</span><span class="s2">aws_key_pair</span><span class="dl">"</span> <span class="dl">"</span><span class="s2">ssh_key_dev_environment</span><span class="dl">"</span> <span class="p">{</span> <span class="nx">key_name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">ssh_key_dev_environment</span><span class="dl">"</span> <span class="nx">public_key</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">ssh-rsa AAAAB3Nza</span><span class="dl">"</span> <span class="p">}</span> <span class="err">#</span> <span class="nx">instance</span> <span class="nx">data</span> <span class="nx">data</span> <span class="dl">"</span><span class="s2">aws_ami</span><span class="dl">"</span> <span class="dl">"</span><span class="s2">ubuntu_22_04</span><span class="dl">"</span> <span class="p">{</span> <span class="nx">most_recent</span> <span class="o">=</span> <span class="kc">true</span> <span class="nx">filter</span> <span class="p">{</span> <span class="nx">name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">name</span><span class="dl">"</span> <span class="nx">values</span> <span class="o">=</span> <span class="p">[</span><span class="dl">"</span><span class="s2">ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*</span><span class="dl">"</span><span class="p">]</span> <span class="p">}</span> <span class="nx">filter</span> <span class="p">{</span> <span class="nx">name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">architecture</span><span class="dl">"</span> <span class="nx">values</span> <span class="o">=</span> <span class="p">[</span><span class="dl">"</span><span class="s2">x86_64</span><span class="dl">"</span><span class="p">]</span> <span class="p">}</span> <span class="nx">owners</span> <span class="o">=</span> <span class="p">[</span><span class="dl">"</span><span class="s2">099720109477</span><span class="dl">"</span><span class="p">]</span> <span class="err">#</span> <span class="nx">Canonical</span> <span class="p">}</span> <span class="nx">locals</span> <span class="p">{</span> <span class="nx">development_environment_user_data</span> <span class="o">=</span> <span class="o">&lt;&lt;</span><span class="nx">EOT</span><span class="cp"> #!/bin/bash </span><span class="err">#</span> <span class="nx">on_cloud_init</span><span class="p">.</span><span class="nx">sh</span> <span class="err">#</span> <span class="o">----------------------------------------------------------------------------</span> <span class="err">#</span> <span class="nx">This</span> <span class="nx">script</span> <span class="nx">is</span> <span class="nx">passed</span> <span class="k">as</span> <span class="nx">user</span> <span class="nx">data</span> <span class="nx">during</span> <span class="nx">EC2</span> <span class="nx">launch</span> <span class="nx">and</span> <span class="nx">executed</span> <span class="err">#</span> <span class="nx">when</span> <span class="nx">the</span> <span class="nx">EC2</span> <span class="nx">instance</span> <span class="nx">is</span> <span class="nx">booted</span> <span class="k">for</span> <span class="nx">the</span> <span class="nx">first</span> <span class="nx">time</span><span class="p">.</span> <span class="err">#</span> <span class="nx">Since</span> <span class="nx">all</span> <span class="nx">user</span> <span class="nx">data</span> <span class="nx">scripts</span> <span class="nx">are</span> <span class="nx">executed</span> <span class="k">as</span> <span class="nx">root</span> <span class="nx">there</span><span class="dl">'</span><span class="s1">s not need for sudo # ---------------------------------------------------------------------------- set -eu installPackages() { echo </span><span class="dl">'</span><span class="o">***</span> <span class="nx">Installing</span> <span class="nx">packages</span> <span class="o">***</span><span class="dl">'</span><span class="s1"> sudo apt-get update sudo apt-get install awscli net-tools mc -y } installPackages export AWS_REGION=eu-central-1 export PROJECT_DATA_VOLUME_MARKER=/data/.data_volume mountDataVolume() { DATA_BLOCK_DEVICE=/dev/xvdf echo </span><span class="dl">'</span><span class="o">***</span> <span class="nx">Mounting</span> <span class="nx">data</span> <span class="nx">volume</span> <span class="o">***</span><span class="dl">'</span><span class="s1"> echo "Wait for data volume to be attached" while ! lsblk $DATA_BLOCK_DEVICE ; do echo "/dev/xvdf is not attached yet. Waiting 5 seconds" sleep 5 done echo "Check if filesystem ext is on data volume" if [ "$(lsblk -f $DATA_BLOCK_DEVICE -o FSTYPE -n)" == "ext4" ] then echo "filesystem ext4 is already on data volume" else echo "creating filesystem ext4 on data volume" sudo mkfs -t ext4 $DATA_BLOCK_DEVICE fi echo "mount data volume at /data" sudo mkdir -p /data echo "UUID=$(blkid -s UUID -o value $DATA_BLOCK_DEVICE) /data ext4 defaults,nofail 0 2" | sudo tee /etc/fstab -a mount -a sudo mount | grep </span><span class="dl">'</span><span class="o">/</span><span class="nx">data</span><span class="dl">'</span><span class="s1"> } echo "Check if data volume is already mounted" if [ -e "$PROJECT_DATA_VOLUME_MARKER" ] then echo </span><span class="dl">'</span><span class="o">***</span> <span class="nx">project</span> <span class="nx">data</span> <span class="nx">volume</span> <span class="nx">already</span> <span class="nx">mounted</span> <span class="o">***</span><span class="dl">'</span><span class="s1"> else mountDataVolume echo "Marking data volumes as mounted" echo "DO NOT DELETE OR RENAME THIS FILE</span><span class="se">\</span><span class="s1">!" &gt; $PROJECT_DATA_VOLUME_MARKER fi EOT } resource "aws_instance" "development_environment" { ami = data.aws_ami.ubuntu_22_04.id instance_type = "t2.micro" subnet_id = aws_subnet.public-subnet.id vpc_security_group_ids = [ aws_security_group.dev_environment.id, ] root_block_device { volume_size = 10 volume_type = "gp3" } user_data = local.development_environment_user_data key_name = aws_key_pair.ssh_key_dev_environment.key_name monitoring = false tags = merge(tomap({ Name = "Development Environment" }), local.common_tags) } # Create and attache EBS resource aws_ebs_volume application_data { availability_zone = "eu-west-2a" encrypted = true size = 100 type = "gp3" tags = merge({ Name = "vol-remote-dev-data" }, local.common_tags) } resource aws_volume_attachment env_data { device_name = "/dev/sdf" instance_id = aws_instance.development_environment.id volume_id = aws_ebs_volume.application_data.id } </span></code></pre> </div> <p>Please replace the provided SSH public key with your own. You can apply the desired changes and complete the EC2 instance provisioning process.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>terraform plan <span class="nv">$ </span>terraform apply </code></pre> </div> <p>Congratulations! You have successfully provisioned an EC2 instance suitable for remote development. To connect to the VM, utilise its public IP address.</p> <h3> Connecting to a Remote Environment using an IDE: </h3> <p>IntelliJ IDEA and Visual Studio Code are popular Integrated Development Environments (IDEs) supporting remote development. In this article, we will demonstrate using IntelliJ IDEA. Nevertheless, setting up Visual Studio Code is straightforward and should pose no issues.</p> <p>IntelliJ IDEA supports two workflows for remote development: server-to-client and client-to-server.</p> <p>The client-to-server workflow is straightforward:</p> <p><em>Choose the "Remote Development" option from the IntelliJ IDEA menu.</em><br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--S5h1vcnM--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/vs6axi33honp1u3shqlx.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--S5h1vcnM--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/vs6axi33honp1u3shqlx.png" alt="Image description" width="290" height="582"></a></p> <p><em>Select a connection via SSH and specify the SSH connection details to establish a connection with your remote instance.</em><br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--KDuQf6sO--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/3bm47jg391789hy7glj6.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--KDuQf6sO--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/3bm47jg391789hy7glj6.png" alt="Image description" width="800" height="629"></a></p> <p>IntelliJ IDEA will automatically install the necessary IDE components on your remote instance, and you will be ready to start developing. Configuring the server-to-client can be found in the <a href="https://www.jetbrains.com/help/idea/remote-development-overview.html#workflow">official documentation</a>.</p> <h3> Tips </h3> <h4> Easy SSH Access </h4> <p>EC2 instances are assigned dynamic IP addresses by default, meaning the IP address changes each time the instance is stopped and restarted. Consistent instance access can be challenging, especially when working remotely for development purposes. You can address this issue using Elastic IP or a VPN tunnel.</p> <p>Elastic IP provides a static IP address that can be associated with your EC2 instance. It ensures the instance has the same IP address, even if it's stopped and restarted. At the same time, Elastic IP incurs a monthly fee.</p> <p>If you prefer to avoid the additional cost of Elastic IP, you can create a VPN tunnel between your local machine and the EC2 instance. This tunnel establishes a secure private network connection, allowing you to access the instance as if it were on your local network. For this scenario, I recommend using Tailscale, a user-friendly and free option for up to 100 devices.</p> <h4> Port Forwarding </h4> <p>With IntelliJ IDEA, you can effortlessly establish port forwarding from your EC2 instance to your local machine. Alternatively, if you prefer to configure a port forwarding tunnel manually, utilise the following command:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>ssh -N -L &lt;LOCAL PORT&gt;:localhost:&lt;REMOTE PORT&gt; ubuntu@&lt;IP ADDRESS&gt; </code></pre> </div> <h3> Conclusion </h3> <p>This guide covered the process of establishing a remote development environment using AWS EC2 instances and Terraform. The remote development environment offers the flexibility to work from anywhere, eliminates hardware limitations, and enables collaboration among developers. The possibilities are endless, and the power of remote development lies in its adaptability and flexibility.</p> terraform aws development tutorial