The latest articles on DEV Community by RK (@ryandam9). https://dev.to/ryandam9 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1219079%2F89a7e76a-20d8-4c5c-87a5-ef2704f37a13.png https://dev.to/ryandam9 en RK Mon, 27 Nov 2023 07:03:12 +0000 https://dev.to/ryandam9/aws-default-vpc-4953 https://dev.to/ryandam9/aws-default-vpc-4953 <p>A Default VPC is created in each region when an AWS account is created. The default VPC comes up with few already configured VPC elements. They're:</p> <ul> <li>Subnet in each Availability Zone</li> <li>Main Route table</li> <li>Main Network Access Control List (NACL)</li> <li>Internet Gateway</li> <li>Security Group</li> </ul> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fe5b4xglrbb37fwbnhg3m.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fe5b4xglrbb37fwbnhg3m.png" alt="VPC"></a></p> <h2> VPC </h2> <ul> <li>In this case, the VPC CIDR (Classless Inter-Domain Routing) range is <code>172.31.0.0/16</code> </li> <li> <code>/16</code> means the first <code>16</code> bits of this range is fixed. It allows a maximum of <code>65536</code> IP addresses, starting with <code>172.31.0.0</code> and ending with <code>172.31.255.255</code> </li> <li>This is the largest VPC that AWS allows.</li> </ul> <h2> Subnets </h2> <ul> <li>Subnet is nothing but <em>Sub network</em> </li> <li>The address space of VPC (In this case, the pool of 65536 addresses) can be sub-divided into multiple networks.</li> </ul> <h3> Subnet 1 </h3> <ul> <li>CIDR is <code>172.31.0.0/20</code> </li> <li>This gives <code>4096</code> IP addresses (first 20 bits fixed. This leaves 32 - 20 = 12 bits for the Subnet. 2 Power 12 is 4096)</li> <li>Out of these, AWS reserves <code>5</code> addresses for management.</li> <li>This allows <code>4091</code> addresses for the subnet. </li> <li>First address in the subnet is <code>172.31.0.0</code> and last address is <code>172.31.15.255</code> </li> </ul> <h3> Subnet 2 </h3> <ul> <li>CIDR is <code>172.31.16.0/20</code> </li> <li>The subnet has <code>4091</code> addresses (After leaving <code>5</code> for AWS)</li> <li>First address is <code>172.31.16.0</code> , last address is <code>172.31.31.255</code> </li> </ul> <h3> Subnet 3 </h3> <ul> <li>CIDR is <code>172.31.32.0/20</code> </li> <li>The subnet has <code>4091</code> addresses (After leaving <code>5</code> for AWS)</li> <li>First address is <code>172.31.32.0</code>, last address is <code>172.31.47.255</code> </li> </ul> <h2> Default Route </h2> <ul> <li>Route tables are associated with Subnets.</li> <li>Every Subnet in a VPC should be associated with a route table. </li> <li>If a Subnet has no <em>explicit association</em> with a route table, It will be implicitly associated with the <strong>main route table.</strong> </li> <li>In the Default VPC, all subnets are <em>implicitly associated</em> with the following route table.</li> <li>A Route table directs <em>network traffic</em> in the VPC.</li> </ul> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F01avcab7g0ugoh2oin47.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F01avcab7g0ugoh2oin47.png" alt="default-route"></a></p> <p>The way to interpret the following table is:</p> <ul> <li><p>Any traffic destined for any of VPC addresses (the 65K addresses) will remain local to the VPC.</p></li> <li><p>Any traffic destined for the internet (<code>0.0.0.0/0</code>), will be directed to the Internet Gateway that is already created and attached to the VPC.</p></li> </ul> <h2> Default NACL </h2> <ul> <li>NACL is the Security Layer for Subnet. </li> <li>Any Inbound/Outbound rule defined in a NACL impacts all the services defined in the subnet with which the NACL is associated.</li> <li>The Default NACL Inbound rule allows <em>traffic from internet (<code>0.0.0.0/0</code>) on any Protocol/Port</em>. Similarly, <em>the default outbound rule allows traffic to leave the subnet on any Protocol/Port.</em> </li> <li> <strong><em>In other words, the default NACL does not do any favor to protect the Subnet as it allows traffic to enter and leave the subnet.</em></strong> </li> <li>This is the reason the Subnets are dipected as <strong><em>Public Subnets</em></strong> as they're reachable from the Internet.</li> </ul> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1w8r8manchix7hn804sf.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1w8r8manchix7hn804sf.png" alt="NACL"></a></p> <h2> Default Security Group </h2> <ul> <li>Security Groups act as firewalls for Instances in a Subnet.</li> <li>Once traffic pass the screening @ subnet level (via NACLs), It is evaluated again by Security Group Rules before reaching the Destination (For Inbound)</li> <li>Unlike NACLs, there is no DENY configuration for Security Groups. There should be an explicit rule specified in the security group in order for the traffic to be passed. otherwise, traffic is not allowed.</li> <li>As per AWS documentation, the default Inbound rule <em>allows traffic from network interfaces that are assigned to the same security group</em>. </li> <li>The Default Outbound rule allows all traffic to leave the Instance. </li> </ul> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4rskiult4sdtp2h9na8m.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4rskiult4sdtp2h9na8m.png" alt="default-sg"></a></p> <h2> Finding Default VPC components from CLI </h2> <h3> VPC ID </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Print Default VPC ID (in the region configured when setting up CLI)</span> aws ec2 describe-vpcs <span class="nt">--filters</span> <span class="s2">"Name=isDefault,Values=true"</span> <span class="nt">--query</span> <span class="s1">'Vpcs[].VpcId'</span> <span class="nt">--output</span> table </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nt">------------------</span> | DescribeVpcs | +----------------+ | vpc-522b2535 | +----------------+ </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">VPC_ID</span><span class="o">=</span><span class="si">$(</span>aws ec2 describe-vpcs <span class="nt">--filters</span> <span class="s2">"Name=isDefault,Values=true"</span> <span class="nt">--query</span> <span class="s1">'Vpcs[].VpcId'</span> <span class="nt">--output</span> text<span class="si">)</span> <span class="o">&amp;&amp;</span> <span class="nb">echo</span> <span class="k">${</span><span class="nv">VPC_ID</span><span class="k">}</span> <span class="nb">echo</span> <span class="nv">$VPC_ID</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>vpc-522b2535 </code></pre> </div> <h3> Describe Subnets in the VPC </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Describe Subnets</span> aws ec2 describe-subnets <span class="se">\</span> <span class="nt">--filters</span> <span class="s2">"Name=vpc-id,Values=</span><span class="k">${</span><span class="nv">VPC_ID</span><span class="k">}</span><span class="s2">"</span> <span class="se">\</span> <span class="nt">--query</span> <span class="s1">'Subnets[].[SubnetId,CidrBlock,AvailabilityZone, Tags[?Key==`Name`]|[0].Value]'</span> <span class="se">\</span> <span class="nt">--output</span> table </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>+-----------------+------------------+-------------------+-------+ | subnet-f82987a1| 172.31.0.0/20 | ap-southeast-1c | None | | subnet-2234d76a| 172.31.32.0/20 | ap-southeast-1a | None | | subnet-2c45b64a| 172.31.16.0/20 | ap-southeast-1b | None | +-----------------+------------------+-------------------+-------+ </code></pre> </div> <h3> Describe Security Groups </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Security Groups</span> aws ec2 describe-security-groups <span class="se">\</span> <span class="nt">--filters</span> <span class="s2">"Name=vpc-id,Values=</span><span class="k">${</span><span class="nv">VPC_ID</span><span class="k">}</span><span class="s2">"</span> <span class="se">\</span> <span class="nt">--query</span> <span class="s1">'SecurityGroups[].[GroupId, Description]'</span> <span class="se">\</span> <span class="nt">--output</span> table </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nt">-----------------------------------------------</span> | DescribeSecurityGroups | +--------------+------------------------------+ | sg-4b59a835 | default VPC security group | +--------------+------------------------------+ </code></pre> </div> <h3> Describe Main Route table </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>aws ec2 describe-route-tables <span class="se">\</span> <span class="nt">--filters</span> <span class="s2">"Name=vpc-id,Values=</span><span class="k">${</span><span class="nv">VPC_ID</span><span class="k">}</span><span class="s2">"</span> <span class="se">\</span> <span class="nt">--filters</span> <span class="s2">"Name=association.main,Values=true"</span> <span class="se">\</span> <span class="nt">--query</span> <span class="s1">'RouteTables[].Associations[].{RouteTableId:RouteTableId}'</span> <span class="se">\</span> <span class="nt">--output</span> table </code></pre> </div> aws vpc networking subnetwork RK Mon, 27 Nov 2023 06:51:25 +0000 https://dev.to/ryandam9/ways-to-deploy-apis-on-aws-8cd https://dev.to/ryandam9/ways-to-deploy-apis-on-aws-8cd <p>I am trying to learn different options to deploy a website/APIs using AWS. I am planning to use FastAPI going forward to create new APIs. I have some experience with Spring Boot. I like to write in Go as well. But, at this point, my focus is on FastAPI. </p> <p>I like to go with:</p> <ul> <li>Python &amp; FastAPI</li> <li>Docker</li> <li>Kubernetes (EKS)</li> <li>GitHub Actions</li> </ul> <h2> Options I am going to explore </h2> <ul> <li>Static website using S3</li> <li>Python, FastAPI, Uvicorn, Guricorn, EC2, Route53, Let's Encrypt (For TLS certificate)</li> <li>Docker, ECS Fargate, ALB, ACM, Route53, ACM</li> <li>Docker, ECS using EC2 Instances, ALB, ACM, Route53</li> <li>Docker, EKS, ACM, Route53</li> <li>API Gateway, Lambda</li> </ul> <h2> 1. Static website using S3 </h2> <p>My website <a href="https://ryandam.net">https://ryandam.net</a> is hosted on S3. It is also using CloudFront. </p> <h2> 2. ECS Fargate </h2> <p>I followed this course <a href="https://testdriven.io/courses/scalable-fastapi-aws/">https://testdriven.io/courses/scalable-fastapi-aws/</a> to learn CI/CD using GitLab, Terraform.</p> <h2> 3. ECS + EC2 Instances </h2> <h2> 4. Running a web server on EC2 </h2> <ul> <li>This time I will not use Docker images. </li> <li>I will directly run the code on EC2 <ul> <li>Python, FastAPI, Uvicorn, EC2, Route53</li> </ul> </li> <li>Deployment script - <a href="https://ryandam.net/blog/1900/01/01/deploy-https-api-on-ec2/index.html"></a><a href="https://ryandam.net/blog/1900/01/01/deploy-https-api-on-ec2/index.html">https://ryandam.net/blog/1900/01/01/deploy-https-api-on-ec2/index.html</a> </li> </ul> <h2> 5. EKS </h2> aws api eks fastapi RK Sun, 26 Nov 2023 09:18:26 +0000 https://dev.to/ryandam9/deploying-https-enabled-fastapi-services-on-aws-ec2-instance-23ii https://dev.to/ryandam9/deploying-https-enabled-fastapi-services-on-aws-ec2-instance-23ii <h2> Deploying HTTPS enabled FastAPI Services on AWS EC2 Instance </h2> <h2> Overview </h2> <blockquote> <p>[!info]<br> This page talks about setting up a HTTPS enabled FastAPI web application on AWS EC2 Instance. It assumes that, a Domain is already purchased using AWS Route 53.</p> </blockquote> <h2> Prerequisites </h2> <h3> 1.Software </h3> <p>This deployment uses <a href="https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html">AWS CLI</a> and <a href="https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli">Terraform</a> to create resources on AWS. Below commands can be used to verify their setup.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>aws <span class="nt">--version</span> aws configure list </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>aws-cli/2.13.36 Python/3.11.6 Linux/6.2.0-36-generic exe/x86_64.ubuntu.22 prompt/off </code></pre> </div> <p>A user with admin privileges is configured using <code>aws configure</code> command.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> Name Value Type Location <span class="nt">----</span> <span class="nt">-----</span> <span class="nt">----</span> <span class="nt">--------</span> profile &lt;not <span class="nb">set</span><span class="o">&gt;</span> None None access_key <span class="k">****************</span>ABCD shared-credentials-file secret_key <span class="k">****************</span>XYZA shared-credentials-file region ap-southeast-2 config-file ~/.aws/config </code></pre> </div> <p>Terraform is also installed<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>terraform <span class="nt">--version</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>Terraform v1.6.4 on linux_amd64 </code></pre> </div> <h3> 2.Domain name </h3> <p>A Domain is already registered using Route 53. Following output should verify this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>aws route53domains get-domain-detail <span class="nt">--region</span> us-east-1 <span class="nt">--domain-name</span> example.com </code></pre> </div> <h3> 3. Python </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>python3 <span class="nt">--version</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>Python 3.10.12 </code></pre> </div> <h2> GitHub Repo </h2> <p>GitHub Repo - <a href="https://github.com/ryandam9/deploy-https-api-on-ec2">https://github.com/ryandam9/deploy-https-api-on-ec2</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">ls</span> <span class="nt">-l</span> deploy-https-api-on-ec2/infrastructure </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">.</span> ├── deploy.sh ├── domain.py ├── keys ├── reference_files │   ├── cloud_init_template.yaml │   ├── nginx_http.conf │   └── nginx_https.conf ├── remote_setup.sh ├── terraform_templates │   └── main.tf └── working_dir </code></pre> </div> <h3> deploy.sh </h3> <ul> <li>This is a driver shell script. It needs to be executed on the local machine.</li> <li>It deploys a Terraform template, executes a Python script to deal with Route 53, and finally executes a shell script on the EC2 Instance to configure Nginx.</li> </ul> <h3> domain.py </h3> <ul> <li>To reach the API from internet, a Hosted zone needs to be created in Route 53.</li> <li>Another requirement is to ensure that the Name servers in the Route 53 hosted zone &amp; the ones in the "<strong>Registered Domains</strong>" section should be same. </li> <li>This python script performs these activities.</li> </ul> <h3> reference_files/cloud_init_template.yaml </h3> <ul> <li>This is used in the Terraform template</li> <li>It is used to bootstrap EC2 Instance (Cloud Init)</li> <li>It creates a user <code>ray</code> on the EC2 Instance</li> <li>It also installs few packages</li> </ul> <h3> reference_files/nginx_http.conf &amp; reference_files/nginx_https.conf </h3> <ul> <li>Very Basic Nginx configuration files to configure http and https</li> </ul> <h3> remote_setup.sh </h3> <ul> <li>This is executed on the EC2 Instance after it is created.</li> <li>It clones a sample FastAPI repo from GitHub, and executes it using <code>uvicorn</code>. </li> <li>It also obtains a TLS certificate from <a href="https://letsencrypt.org/">https://letsencrypt.org/</a> by using tool <strong>certbot</strong> in batch mode. More details can be found here. <ul> <li><a href="https://letsencrypt.org/getting-started/">https://letsencrypt.org/getting-started/</a></li> <li><a href="https://certbot.eff.org/">https://certbot.eff.org/</a></li> <li><a href="https://datatracker.ietf.org%0A/doc/html/rfc8555">ACME Protocol</a></li> </ul> </li> </ul> <h3> terraform_templates/main.tf </h3> <ul> <li>Create few AWS Resources - EC2 Instance, Security groups to allow traffic on ports 22 (SSH), 88 (HTTP), 443 (HTTPS).</li> <li>It uses Ubuntu AMI (22.10). It identifies the AMI ID using a Data block.</li> </ul> <blockquote> <p>[!info]</p> <ul> <li>To shell into the EC2 Instance, a private key is needed. <code>deploy.sh</code> creates a RSA key and stores it (Both private &amp; public key) in the <code>keys</code> directory. The public is also used to setup user <code>ray</code>'s <code>ssh_authorized_keys</code> file in the EC2 Instance (Can be found under <code>/home/ray/.ssh/</code>)</li> <li> <code>working_dir</code> contains working copies of Bootstrap YAML file &amp; Nginx configuration files.</li> </ul> <p>[!info]<br> The TLS certificate expires in 3 months. It will have to renewed at that time.</p> </blockquote> <h2> Where to make changes prior to running this script? </h2> <ul> <li>No changes are needed.</li> </ul> <h2> How to execute the script </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>Usage: deploy.sh &lt;domain_name&gt; &lt;email&gt; &lt;github_repo&gt; </code></pre> </div> <ul> <li>The web domain already purchased using Route 53 (Sample - <code>example.com</code>)</li> <li>Email - This is needed to register with Let's Encrypt.</li> <li>GitHub Repo - This repo will be deployed on the EC2 Instance. It is expected to be a FastAPI Python app. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">cd </span>deploy-https-api-on-ec2/infrastructure sh ./deploy.sh <span class="s2">"example.com"</span> <span class="s2">"example@example.com"</span> <span class="s2">"https://github.com/ryandam9/test-web-app"</span> </code></pre> </div> <p>Sample output is here:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>Private key doesn<span class="s1">'t exist. Creating one... Initializing the backend... Initializing modules... Initializing provider plugins... - Reusing previous version of hashicorp/aws from the dependency lock file - Using previously-installed hashicorp/aws v5.26.0 Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary. module.ec2-instance.data.aws_partition.current: Reading... ... Apply complete! Resources: 6 added, 0 changed, 0 destroyed. Outputs: public_ip = "3.26.234.234" 2023-11-26 18:33:40,121 INFO: [@ credentials.py:1255] ==&gt; Found credentials in shared credentials file: ~/.aws/credentials 2023-11-26 18:33:41,495 INFO: [@ domain.py:170] ==&gt; Hosted zone already exists for domain example.com 2023-11-26 18:33:41,495 INFO: [@ domain.py:171] ==&gt; Hosted zone id: /hostedzone/Z03175032C2EFZXCEO8TF 2023-11-26 18:33:43,050 INFO: [@ domain.py:179] ==&gt; Hosted Zone Name servers: ['</span>ns-43.awsdns-05.com<span class="s1">', '</span>ns-1452.awsdns-53.org<span class="s1">', '</span>ns-2045.awsdns-63.co.uk<span class="s1">', '</span>ns-595.awsdns-10.net<span class="s1">'] 2023-11-26 18:33:44,521 INFO: [@ domain.py:188] ==&gt; Domain registrar name servers: ['</span>ns-43.awsdns-05.com<span class="s1">', '</span>ns-1452.awsdns-53.org<span class="s1">', '</span>ns-2045.awsdns-63.co.uk<span class="s1">', '</span>ns-595.awsdns-10.net<span class="s1">'] 2023-11-26 18:33:44,522 INFO: [@ domain.py:207] ==&gt; Domain registrar &amp; hosted zone name servers are same. No update required! 2023-11-26 18:33:44,522 INFO: [@ domain.py:212] ==&gt; Creating alias record in hosted zone using example.com and 3.26.234.234 2023-11-26 18:33:47,531 INFO: [@ domain.py:214] ==&gt; Change id: /change/C02452623U12345678 2023-11-26 18:33:47,532 INFO: [@ domain.py:215] ==&gt; Done! Warning: Permanently added '</span>3.26.234.234<span class="s1">' (ED25519) to the list of known hosts. nginx_http.conf 100% 676 27.1KB/s 00:00 nginx_https.conf 100% 1198 51.3KB/s 00:00 Using Email: example@example.com Using Domain Name: example.com Using GitHub Repo: https://github.com/ryandam9/test-web-app Cloning into '</span>test-web-app<span class="s1">'... Collecting fastapi Downloading fastapi-0.104.1-py3-none-any.whl (92 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 92.9/92.9 KB 1.7 MB/s eta 0:00:00 ... Installing collected packages: typing-extensions, sniffio, exceptiongroup, annotated-types, pydantic-core, anyio, starlette, pydantic, fastapi Successfully installed annotated-types-0.6.0 anyio-3.7.1 exceptiongroup-1.2.0 fastapi-0.104.1 pydantic-2.5.2 pydantic-core-2.14.5 sniffio-1.3.0 starlette-0.27.0 typing-extensions-4.8.0 WARNING: Running pip as the '</span>root<span class="s1">' user can result in broken permissions and conflicting behaviour with the system package manager. It is recommended to use a virtual environment instead: https://pip.pypa.io/warnings/venv WARNING: apt does not have a stable CLI interface. Use with caution in scripts. Reading package lists... Building dependency tree... Reading state information... The following packages were automatically installed and are no longer required: python3-acme python3-certbot python3-configargparse python3-icu python3-josepy python3-parsedatetime python3-requests-toolbelt python3-rfc3339 python3-zope.component python3-zope.event python3-zope.hookable python3-zope.interface Use '</span><span class="nb">sudo </span>apt autoremove<span class="s1">' to remove them. INFO: Started server process [11336] INFO: Waiting for application startup. INFO: Application startup complete. INFO: Uvicorn running on http://127.0.0.1:8000 (Press CTRL+C to quit) The following packages will be REMOVED: certbot 0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded. After this operation, 63.5 kB disk space will be freed. (Reading database ... 91231 files and directories currently installed.) Removing certbot (1.21.0-1build1) ... debconf: unable to initialize frontend: Dialog debconf: (Dialog frontend will not work on a dumb terminal, an emacs shell buffer, or without a controlling terminal.) debconf: falling back to frontend: Readline certbot 2.7.4 from Certbot Project (certbot-eff**) installed certbot 2.7.4 Account registered. Requesting a certificate for example.com Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/example.com/fullchain.pem Key is saved at: /etc/letsencrypt/live/example.com/privkey.pem This certificate expires on 2024-02-24. These files will be updated when the certificate renews. Certbot has set up a scheduled task to automatically renew this certificate in the background. Deploying certificate Successfully deployed certificate for example.com to /etc/nginx/nginx.conf Congratulations! You have successfully enabled HTTPS on https://example.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - If you like Certbot, please consider supporting our work by: * Donating to ISRG / Let'</span>s Encrypt: https://letsencrypt.org/donate <span class="k">*</span> Donating to EFF: https://eff.org/donate-le - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Saving debug log to /var/log/letsencrypt/letsencrypt.log HTTPS Certificate Installed Successfully.● nginx.service - A high performance web server and a reverse proxy server Loaded: loaded <span class="o">(</span>/lib/systemd/system/nginx.service<span class="p">;</span> enabled<span class="p">;</span> vendor preset: enabled<span class="o">)</span> Active: active <span class="o">(</span>running<span class="o">)</span> since Sun 2023-11-26 07:36:43 UTC<span class="p">;</span> 9ms ago Docs: man:nginx<span class="o">(</span>8<span class="o">)</span> Process: 11831 <span class="nv">ExecStartPre</span><span class="o">=</span>/usr/sbin/nginx <span class="nt">-t</span> <span class="nt">-q</span> <span class="nt">-g</span> daemon on<span class="p">;</span> master_process on<span class="p">;</span> <span class="o">(</span><span class="nv">code</span><span class="o">=</span>exited, <span class="nv">status</span><span class="o">=</span>0/SUCCESS<span class="o">)</span> Process: 11832 <span class="nv">ExecStart</span><span class="o">=</span>/usr/sbin/nginx <span class="nt">-g</span> daemon on<span class="p">;</span> master_process on<span class="p">;</span> <span class="o">(</span><span class="nv">code</span><span class="o">=</span>exited, <span class="nv">status</span><span class="o">=</span>0/SUCCESS<span class="o">)</span> Main PID: 11833 <span class="o">(</span>nginx<span class="o">)</span> Tasks: 1 <span class="o">(</span>limit: 1121<span class="o">)</span> Memory: 2.6M CPU: 37ms CGroup: /system.slice/nginx.service ├─11833 <span class="s2">"nginx: master process /usr/sbin/nginx -g daemon on; master_process on;"</span> └─11835 <span class="s2">"nginx: master process /usr/sbin/nginx -g daemon on; master_process on;"</span> Nov 26 07:36:42 ip-172-31-31-16 systemd[1]: Starting A high performance web server and a reverse proxy server... Nov 26 07:36:43 ip-172-31-31-16 systemd[1]: Started A high performance web server and a reverse proxy server. </code></pre> </div> <h2> Destroying resources </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">cd </span>deploy-https-api-on-ec2/infrastructure terraform <span class="nt">-chdir</span><span class="o">=</span>./terraform_templates destroy </code></pre> </div> <h2> Code walkthrough </h2> <h3> <code>cloud_init_template.yaml</code> </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1">#cloud-config</span> <span class="na">groups</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">ubuntu</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">root</span><span class="pi">,</span><span class="nv">sys</span><span class="pi">]</span> <span class="pi">-</span> <span class="s">testgroup</span> <span class="na">users</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">default</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">ray</span> <span class="na">gecos</span><span class="pi">:</span> <span class="s">Ra.y</span> <span class="na">shell</span><span class="pi">:</span> <span class="s">/bin/bash</span> <span class="na">primary_group</span><span class="pi">:</span> <span class="s">testgroup</span> <span class="na">sudo</span><span class="pi">:</span> <span class="s">ALL=(ALL) NOPASSWD:ALL</span> <span class="na">groups</span><span class="pi">:</span> <span class="s">users, admin</span> <span class="na">lock_passwd</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">ssh_authorized_keys</span><span class="pi">:</span> <span class="c1"># Place the public key generated from the pem file here.</span> <span class="pi">-</span> <span class="s">PUBLIC_KEY</span> <span class="na">package_update</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">package_upgrade</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">packages</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">nginx</span> <span class="pi">-</span> <span class="s">git</span> <span class="pi">-</span> <span class="s">python3-pip</span> <span class="pi">-</span> <span class="s">vim</span> <span class="pi">-</span> <span class="s">net-tools</span> <span class="pi">-</span> <span class="s">certbot</span> <span class="pi">-</span> <span class="s">uvicorn</span> <span class="pi">-</span> <span class="s">lsof</span> <span class="na">runcmd</span><span class="pi">:</span> <span class="c1"># In Ubuntu 22.04, after a package is installed, it is asking for an interactive confirmation.</span> <span class="c1"># This is a workaround to avoid the interactive confirmation. </span> <span class="pi">-</span> <span class="s">sed -i "/#\$nrconf{restart} = 'i';/s/.*/\$nrconf{restart} = 'a';/" /etc/needrestart/needrestart.conf</span> <span class="pi">-</span> <span class="s">nginx -s reload</span> <span class="pi">-</span> <span class="s">sudo systemctl restart nginx</span> </code></pre> </div> <ul> <li>This Cloud-init script is used by Terraform when creating the EC2 Instance. </li> <li>It creates a user, installs some packages.</li> <li>For more details - <a href="https://cloudinit.readthedocs.io/en/latest/reference/examples.html">https://cloudinit.readthedocs.io/en/latest/reference/examples.html</a> ### <code>main.tf</code> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1">#-----------------------------------------------------------------------------#</span> <span class="c1"># Create an EC2 Instance using Ubuntu Image #</span> <span class="c1"># Following resources will be deployed: #</span> <span class="c1"># - EC2 Instance #</span> <span class="c1"># #</span> <span class="c1"># Prerequisites: #</span> <span class="c1"># - A Key pair key #</span> <span class="c1">#-----------------------------------------------------------------------------#</span> <span class="n">terraform</span> <span class="p">{</span> <span class="n">required_providers</span> <span class="p">{</span> <span class="n">aws</span> <span class="o">=</span> <span class="p">{</span> <span class="n">source</span> <span class="o">=</span> <span class="s2">"hashicorp/aws"</span> <span class="n">version</span> <span class="o">=</span> <span class="s2">"~&gt; 5.26.0"</span> <span class="p">}</span> <span class="p">}</span> <span class="n">required_version</span> <span class="o">=</span> <span class="s2">"&gt;= 1.6.4"</span> <span class="p">}</span> <span class="n">provider</span> <span class="s2">"aws"</span> <span class="p">{</span> <span class="n">region</span> <span class="o">=</span> <span class="s2">"ap-southeast-2"</span> <span class="p">}</span> <span class="c1">#-----------------------------------------------------------------------------#</span> <span class="c1"># Varibles #</span> <span class="c1">#-----------------------------------------------------------------------------#</span> <span class="n">variable</span> <span class="s2">"instance_type"</span> <span class="p">{</span> <span class="n">description</span> <span class="o">=</span> <span class="s2">"Type of EC2 Instance"</span> <span class="n">type</span> <span class="o">=</span> <span class="n">string</span> <span class="n">default</span> <span class="o">=</span> <span class="s2">"t2.micro"</span> <span class="p">}</span> <span class="n">variable</span> <span class="s2">"key_pair_name"</span> <span class="p">{</span> <span class="n">description</span> <span class="o">=</span> <span class="s2">"Key pair name"</span> <span class="n">type</span> <span class="o">=</span> <span class="n">string</span> <span class="n">default</span> <span class="o">=</span> <span class="s2">"ray"</span> <span class="p">}</span> <span class="n">variable</span> <span class="s2">"public_key_file_name"</span> <span class="p">{</span> <span class="n">description</span> <span class="o">=</span> <span class="s2">"Location of public key file"</span> <span class="n">type</span> <span class="o">=</span> <span class="n">string</span> <span class="n">default</span> <span class="o">=</span> <span class="s2">"../keys/id_rsa.pub"</span> <span class="p">}</span> <span class="c1">#-----------------------------------------------------------------------------#</span> <span class="c1"># Locals</span> <span class="c1">#-----------------------------------------------------------------------------#</span> <span class="n">locals</span> <span class="p">{</span> <span class="n">inbound_ports</span> <span class="o">=</span> <span class="p">[</span><span class="mi">22</span><span class="p">,</span> <span class="mi">80</span><span class="p">,</span> <span class="mi">443</span><span class="p">]</span> <span class="n">user_data</span> <span class="o">=</span> <span class="n">file</span><span class="p">(</span><span class="s2">"../working_dir/bootstrap.yaml"</span><span class="p">)</span> <span class="nb">name</span> <span class="o">=</span> <span class="s2">"ex-${basename(path.cwd)}"</span> <span class="n">tags</span> <span class="o">=</span> <span class="p">{</span> <span class="no">Name</span> <span class="o">=</span> <span class="n">local</span><span class="p">.</span><span class="nf">name</span> <span class="no">Example</span> <span class="o">=</span> <span class="n">local</span><span class="p">.</span><span class="nf">name</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">#-----------------------------------------------------------------------------#</span> <span class="c1"># Data</span> <span class="c1">#-----------------------------------------------------------------------------#</span> <span class="c1"># Find latest Ubuntu AMI</span> <span class="c1"># https://ubuntu.com/server/docs/cloud-images/amazon-ec2</span> <span class="n">data</span> <span class="s2">"aws_ami"</span> <span class="s2">"ubuntu"</span> <span class="p">{</span> <span class="n">most_recent</span> <span class="o">=</span> <span class="kp">true</span> <span class="n">owners</span> <span class="o">=</span> <span class="p">[</span><span class="s2">"099720109477"</span><span class="p">]</span> <span class="n">name_regex</span> <span class="o">=</span> <span class="s2">"^.*22.04.*$"</span> <span class="n">filter</span> <span class="p">{</span> <span class="nb">name</span> <span class="o">=</span> <span class="s2">"root-device-type"</span> <span class="n">values</span> <span class="o">=</span> <span class="p">[</span><span class="s2">"ebs"</span><span class="p">]</span> <span class="p">}</span> <span class="n">filter</span> <span class="p">{</span> <span class="nb">name</span> <span class="o">=</span> <span class="s2">"virtualization-type"</span> <span class="n">values</span> <span class="o">=</span> <span class="p">[</span><span class="s2">"hvm"</span><span class="p">]</span> <span class="p">}</span> <span class="n">filter</span> <span class="p">{</span> <span class="nb">name</span> <span class="o">=</span> <span class="s2">"state"</span> <span class="n">values</span> <span class="o">=</span> <span class="p">[</span><span class="s2">"available"</span><span class="p">]</span> <span class="p">}</span> <span class="n">filter</span> <span class="p">{</span> <span class="nb">name</span> <span class="o">=</span> <span class="s2">"architecture"</span> <span class="n">values</span> <span class="o">=</span> <span class="p">[</span><span class="s2">"x86_64"</span><span class="p">]</span> <span class="p">}</span> <span class="n">filter</span> <span class="p">{</span> <span class="nb">name</span> <span class="o">=</span> <span class="s2">"hypervisor"</span> <span class="n">values</span> <span class="o">=</span> <span class="p">[</span><span class="s2">"xen"</span><span class="p">]</span> <span class="p">}</span> <span class="n">filter</span> <span class="p">{</span> <span class="nb">name</span> <span class="o">=</span> <span class="s2">"creation-date"</span> <span class="n">values</span> <span class="o">=</span> <span class="p">[</span><span class="s2">"2023-09-*"</span><span class="p">]</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">#-----------------------------------------------------------------------------#</span> <span class="c1"># Resources</span> <span class="c1">#-----------------------------------------------------------------------------#</span> <span class="c1"># Security group to accept traffic from the internet</span> <span class="c1"># on http &amp; https</span> <span class="n">resource</span> <span class="s2">"aws_security_group"</span> <span class="s2">"sg_webserver"</span> <span class="p">{</span> <span class="nb">name</span> <span class="o">=</span> <span class="s2">"webserver-sg"</span> <span class="n">description</span> <span class="o">=</span> <span class="s2">"Security Group for Web Servers"</span> <span class="n">dynamic</span> <span class="s2">"ingress"</span> <span class="p">{</span> <span class="n">for_each</span> <span class="o">=</span> <span class="n">local</span><span class="p">.</span><span class="nf">inbound_ports</span> <span class="n">content</span> <span class="p">{</span> <span class="n">from_port</span> <span class="o">=</span> <span class="n">ingress</span><span class="p">.</span><span class="nf">value</span> <span class="n">to_port</span> <span class="o">=</span> <span class="n">ingress</span><span class="p">.</span><span class="nf">value</span> <span class="n">protocol</span> <span class="o">=</span> <span class="s2">"tcp"</span> <span class="n">cidr_blocks</span> <span class="o">=</span> <span class="p">[</span><span class="s2">"0.0.0.0/0"</span><span class="p">]</span> <span class="p">}</span> <span class="p">}</span> <span class="n">egress</span> <span class="p">{</span> <span class="n">cidr_blocks</span> <span class="o">=</span> <span class="p">[</span><span class="s2">"0.0.0.0/0"</span><span class="p">]</span> <span class="n">protocol</span> <span class="o">=</span> <span class="s2">"-1"</span> <span class="n">from_port</span> <span class="o">=</span> <span class="mi">0</span> <span class="n">to_port</span> <span class="o">=</span> <span class="mi">0</span> <span class="p">}</span> <span class="p">}</span> <span class="c1"># Create a Key using locally generated public key</span> <span class="n">resource</span> <span class="s2">"aws_key_pair"</span> <span class="s2">"key_pair"</span> <span class="p">{</span> <span class="n">key_name</span> <span class="o">=</span> <span class="n">var</span><span class="p">.</span><span class="nf">key_pair_name</span> <span class="n">public_key</span> <span class="o">=</span> <span class="n">trimspace</span><span class="p">(</span><span class="n">file</span><span class="p">(</span><span class="n">var</span><span class="p">.</span><span class="nf">public_key_file_name</span><span class="p">))</span> <span class="p">}</span> <span class="c1"># Spin up an EC2 instance</span> <span class="n">module</span> <span class="s2">"ec2-instance"</span> <span class="p">{</span> <span class="n">source</span> <span class="o">=</span> <span class="s2">"terraform-aws-modules/ec2-instance/aws"</span> <span class="n">version</span> <span class="o">=</span> <span class="s2">"5.5.0"</span> <span class="nb">name</span> <span class="o">=</span> <span class="n">local</span><span class="p">.</span><span class="nf">name</span> <span class="n">ami</span> <span class="o">=</span> <span class="n">data</span><span class="p">.</span><span class="nf">aws_ami</span><span class="p">.</span><span class="nf">ubuntu</span><span class="p">.</span><span class="nf">id</span> <span class="n">instance_type</span> <span class="o">=</span> <span class="n">var</span><span class="p">.</span><span class="nf">instance_type</span> <span class="n">vpc_security_group_ids</span> <span class="o">=</span> <span class="p">[</span><span class="n">aws_security_group</span><span class="p">.</span><span class="nf">sg_webserver</span><span class="p">.</span><span class="nf">id</span><span class="p">]</span> <span class="n">associate_public_ip_address</span> <span class="o">=</span> <span class="kp">true</span> <span class="n">disable_api_stop</span> <span class="o">=</span> <span class="kp">false</span> <span class="n">create_iam_instance_profile</span> <span class="o">=</span> <span class="kp">true</span> <span class="n">user_data</span> <span class="o">=</span> <span class="n">local</span><span class="p">.</span><span class="nf">user_data</span> <span class="n">user_data_replace_on_change</span> <span class="o">=</span> <span class="kp">true</span> <span class="n">enable_volume_tags</span> <span class="o">=</span> <span class="kp">false</span> <span class="n">key_name</span> <span class="o">=</span> <span class="n">aws_key_pair</span><span class="p">.</span><span class="nf">key_pair</span><span class="p">.</span><span class="nf">key_name</span> <span class="n">tags</span> <span class="o">=</span> <span class="n">local</span><span class="p">.</span><span class="nf">tags</span> <span class="n">iam_role_description</span> <span class="o">=</span> <span class="s2">"IAM role for EC2 instance"</span> <span class="n">iam_role_policies</span> <span class="o">=</span> <span class="p">{</span> <span class="no">AdministratorAccess</span> <span class="o">=</span> <span class="s2">"arn:aws:iam::aws:policy/AdministratorAccess"</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">#-----------------------------------------------------------------------------#</span> <span class="c1"># Outputs</span> <span class="c1">#-----------------------------------------------------------------------------#</span> <span class="n">output</span> <span class="s2">"public_ip"</span> <span class="p">{</span> <span class="n">value</span> <span class="o">=</span> <span class="n">module</span><span class="p">.</span><span class="nf">ec2</span><span class="o">-</span><span class="n">instance</span><span class="p">.</span><span class="nf">public_ip</span> <span class="n">description</span> <span class="o">=</span> <span class="s2">"The public IP address of the web server"</span> <span class="p">}</span> </code></pre> </div> <ul> <li>Creates a Security group to allow SSH, HTTP, HTTPS traffic. </li> <li>Spins up an EC2 Instance using latest Ubuntu AMI.</li> <li>Bootstraps the instance using <code>bootstrap.yaml</code> ### <code>deploy.sh</code> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/bin/sh</span> <span class="c"># ----------------------------------------------------------------------------#</span> <span class="c"># deploy.sh #</span> <span class="c"># Script to deploy a FastAPI application on an EC2 instance. #</span> <span class="c"># #</span> <span class="c"># This is a script that combines multiple commands to deploy the FastAPI #</span> <span class="c"># application on EC2 instance. #</span> <span class="c"># #</span> <span class="c"># Summary: #</span> <span class="c"># 1. Execute a Terraform template to create EC2 instance #</span> <span class="c"># 2. Creates Route53 hosted zone &amp; creates an A record #</span> <span class="c"># 3. Deploy application git repo and start server on port 8000 #</span> <span class="c"># 4. Install Certbot to get TLS certificate for HTTPS #</span> <span class="c"># 5. Get HTTPS certificate &amp; configure Nginx #</span> <span class="c"># #</span> <span class="c"># Prerequisites: #</span> <span class="c"># 1. A Domain name registered with AWS Route53. #</span> <span class="c"># 2. A key pair created in AWS EC2 console &amp; private key is available (pem) #</span> <span class="c"># Its public key needs to be updated in the following places: #</span> <span class="c"># a. Terraform template #</span> <span class="c"># #</span> <span class="c"># To generate public key from pem file: "ssh-keygen -y -f &lt;pem-file.pem&gt;" #</span> <span class="c"># ----------------------------------------------------------------------------#</span> <span class="c"># Check if all the arguments are passed</span> <span class="k">if</span> <span class="o">[</span> <span class="nv">$# </span><span class="nt">-ne</span> 3 <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"Usage: </span><span class="nv">$0</span><span class="s2"> &lt;domain_name&gt; &lt;email&gt; &lt;github_repo&gt;"</span> <span class="nb">echo</span> <span class="s2">"sh deploy.sh example.com email@example.com https://github.com/ryandam9/test-web-app"</span> <span class="nb">exit </span>1 <span class="k">fi</span> <span class="c"># Check if any of the arguments are empty</span> <span class="k">if</span> <span class="o">[</span> <span class="nt">-z</span> <span class="s2">"</span><span class="nv">$1</span><span class="s2">"</span> <span class="o">]</span> <span class="o">||</span> <span class="o">[</span> <span class="nt">-z</span> <span class="s2">"</span><span class="nv">$2</span><span class="s2">"</span> <span class="o">]</span> <span class="o">||</span> <span class="o">[</span> <span class="nt">-z</span> <span class="s2">"</span><span class="nv">$3</span><span class="s2">"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"Usage: </span><span class="nv">$0</span><span class="s2"> &lt;domain_name&gt; &lt;email&gt; &lt;github_repo&gt;"</span> <span class="nb">echo</span> <span class="s2">"sh deploy.sh example.com email@example.com https://github.com/ryandam9/test-web-app"</span> <span class="nb">exit </span>1 <span class="k">fi </span><span class="nv">domain_name</span><span class="o">=</span><span class="s2">"</span><span class="nv">$1</span><span class="s2">"</span> <span class="nv">email</span><span class="o">=</span><span class="s2">"</span><span class="nv">$2</span><span class="s2">"</span> <span class="nv">github_repo</span><span class="o">=</span><span class="s2">"</span><span class="nv">$3</span><span class="s2">"</span> <span class="c"># This user is created by Terraform (Refer bootstrap.yaml)</span> <span class="nv">remote_host_user</span><span class="o">=</span><span class="s2">"ray"</span> <span class="nb">mkdir</span> <span class="nt">-p</span> <span class="s2">"./keys"</span> <span class="nb">mkdir</span> <span class="nt">-p</span> <span class="s2">"./working_dir"</span> <span class="c"># ----------------------------------------------------------------------------#</span> <span class="c"># Create a SSH Key locally #</span> <span class="c"># ----------------------------------------------------------------------------#</span> <span class="nv">key_file</span><span class="o">=</span><span class="s2">"./keys/id_rsa"</span> <span class="c"># If the key file doesn't exist, create one</span> <span class="c"># otherwise, use the existing key</span> <span class="k">if</span> <span class="o">[</span> <span class="o">!</span> <span class="nt">-f</span> ./keys/id_rsa <span class="o">]</span> <span class="o">&amp;&amp;</span> <span class="o">[</span> <span class="o">!</span> <span class="nt">-f</span> ./keys/id_rsa.pub <span class="o">]</span><span class="p">;</span> <span class="k">then</span> <span class="c"># -q - quiet mode</span> <span class="c"># -t - Type of key to be created</span> <span class="c"># -N - Passphrase to be used to encrypt the key</span> <span class="c"># -f - Filename of the key file</span> <span class="nb">echo</span> <span class="s2">"Private key doesn't exist. Creating one..."</span> ssh-keygen <span class="nt">-q</span> <span class="nt">-t</span> rsa <span class="nt">-N</span> <span class="s2">""</span> <span class="nt">-f</span> <span class="s2">"</span><span class="k">${</span><span class="nv">key_file</span><span class="k">}</span><span class="s2">"</span> <span class="k">else </span><span class="nb">echo</span> <span class="s2">"Private key already exists in ./keys directory. Using the existing key..."</span> <span class="k">fi </span><span class="nv">public_key</span><span class="o">=</span><span class="si">$(</span><span class="nb">cat</span> ./keys/id_rsa.pub<span class="si">)</span> <span class="c"># Use awk to replace the text in the target file</span> <span class="nb">awk</span> <span class="nt">-v</span> <span class="nv">r</span><span class="o">=</span><span class="s2">"</span><span class="nv">$public_key</span><span class="s2">"</span> <span class="s1">'{gsub(/PUBLIC_KEY/, r)}1'</span> ./reference_files/cloud_init_template.yaml <span class="o">&gt;</span> temp_file.txt <span class="o">&amp;&amp;</span> <span class="se">\</span> <span class="nb">mv </span>temp_file.txt ./working_dir/bootstrap.yaml <span class="c"># ----------------------------------------------------------------------------#</span> <span class="c"># 1. Execute a Terraform template to create EC2 instance #</span> <span class="c"># ----------------------------------------------------------------------------#</span> terraform <span class="nt">-chdir</span><span class="o">=</span>./terraform_templates init terraform <span class="nt">-chdir</span><span class="o">=</span>./terraform_templates apply <span class="nt">-auto-approve</span> <span class="c"># Get EC2 Public IP from Terrafform output</span> <span class="nv">ec2_public_ip</span><span class="o">=</span><span class="si">$(</span>terraform output <span class="nt">-state</span><span class="o">=</span>./terraform_templates/terraform.tfstate <span class="nt">-raw</span> public_ip<span class="si">)</span> <span class="c"># ----------------------------------------------------------------------------#</span> <span class="c"># 2. Creates Route53 hosted zone &amp; creates an A record #</span> <span class="c"># ----------------------------------------------------------------------------#</span> python3 domain.py <span class="s2">"</span><span class="k">${</span><span class="nv">domain_name</span><span class="k">}</span><span class="s2">"</span> <span class="s2">"</span><span class="k">${</span><span class="nv">ec2_public_ip</span><span class="k">}</span><span class="s2">"</span> <span class="k">if</span> <span class="o">[</span> <span class="nv">$?</span> <span class="nt">-ne</span> 0 <span class="o">]</span><span class="p">;</span> <span class="k">then </span>print <span class="s2">"Failed to create Route53 hosted zone &amp; A record"</span> <span class="nb">exit </span>1 <span class="k">fi</span> <span class="c"># Wait a bit prior to SSHing to the instance</span> <span class="c"># Cloud-init might still be running to download few packages and installing</span> <span class="c"># them. There should be a better way to do this.</span> <span class="nb">sleep </span>120 <span class="c"># ----------------------------------------------------------------------------#</span> <span class="c"># 3. Copy nginx.conf to remote host. #</span> <span class="c"># ----------------------------------------------------------------------------#</span> <span class="nb">sed</span> <span class="s2">"s/example.com/</span><span class="k">${</span><span class="nv">domain_name</span><span class="k">}</span><span class="s2">/g"</span> ./reference_files/nginx_http.conf <span class="o">&gt;</span>./working_dir/nginx_http.conf <span class="nb">sed</span> <span class="s2">"s/example.com/</span><span class="k">${</span><span class="nv">domain_name</span><span class="k">}</span><span class="s2">/g"</span> ./reference_files/nginx_https.conf <span class="o">&gt;</span>./working_dir/nginx_https.conf scp <span class="nt">-o</span> <span class="nv">StrictHostKeyChecking</span><span class="o">=</span>no <span class="nt">-i</span> <span class="s2">"</span><span class="k">${</span><span class="nv">key_file</span><span class="k">}</span><span class="s2">"</span> <span class="se">\</span> ./working_dir/nginx_http.conf <span class="se">\</span> <span class="s2">"</span><span class="k">${</span><span class="nv">remote_host_user</span><span class="k">}</span><span class="s2">@</span><span class="k">${</span><span class="nv">ec2_public_ip</span><span class="k">}</span><span class="s2">:/tmp"</span> scp <span class="nt">-i</span> <span class="s2">"</span><span class="k">${</span><span class="nv">key_file</span><span class="k">}</span><span class="s2">"</span> <span class="se">\</span> ./working_dir/nginx_https.conf <span class="se">\</span> <span class="s2">"</span><span class="k">${</span><span class="nv">remote_host_user</span><span class="k">}</span><span class="s2">@</span><span class="k">${</span><span class="nv">ec2_public_ip</span><span class="k">}</span><span class="s2">:/tmp"</span> <span class="c"># This runs on EC2 instance</span> ssh <span class="nt">-i</span> <span class="s2">"</span><span class="k">${</span><span class="nv">key_file</span><span class="k">}</span><span class="s2">"</span> <span class="se">\</span> <span class="s2">"</span><span class="k">${</span><span class="nv">remote_host_user</span><span class="k">}</span><span class="s2">@</span><span class="k">${</span><span class="nv">ec2_public_ip</span><span class="k">}</span><span class="s2">"</span> <span class="se">\</span> <span class="s2">"sudo bash -s"</span> &lt; ./remote_setup.sh <span class="s2">"</span><span class="k">${</span><span class="nv">email</span><span class="k">}</span><span class="s2">"</span> <span class="s2">"</span><span class="k">${</span><span class="nv">domain_name</span><span class="k">}</span><span class="s2">"</span> <span class="s2">"</span><span class="k">${</span><span class="nv">github_repo</span><span class="k">}</span><span class="s2">"</span> <span class="nb">exit </span>0 </code></pre> </div> <h3> <code>remote_setup.sh</code> </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/bin/sh</span> <span class="c"># ----------------------------------------------------------------------------#</span> <span class="c"># This script runs on EC2. #</span> <span class="c"># #</span> <span class="c"># 1. It downloads code from GitHub repo and starts the server on port 8000. #</span> <span class="c"># 2. It installs Certbot to get TLS certificate for HTTPS. #</span> <span class="c"># 3. Configures Nginx to serve HTTPS traffic. #</span> <span class="c"># ----------------------------------------------------------------------------#</span> <span class="nv">EMAIL</span><span class="o">=</span><span class="s2">"</span><span class="nv">$1</span><span class="s2">"</span> <span class="nv">DOMAIN_NAME</span><span class="o">=</span><span class="s2">"</span><span class="nv">$2</span><span class="s2">"</span> <span class="nv">GITHUB_REPO</span><span class="o">=</span><span class="s2">"</span><span class="nv">$3</span><span class="s2">"</span> <span class="nb">printf</span> <span class="s2">"</span><span class="se">\n</span><span class="s2">Using Email: %s"</span> <span class="s2">"</span><span class="k">${</span><span class="nv">EMAIL</span><span class="k">}</span><span class="s2">"</span> <span class="nb">printf</span> <span class="s2">"</span><span class="se">\n</span><span class="s2">Using Domain Name: %s"</span> <span class="s2">"</span><span class="k">${</span><span class="nv">DOMAIN_NAME</span><span class="k">}</span><span class="s2">"</span> <span class="nb">printf</span> <span class="s2">"</span><span class="se">\n</span><span class="s2">Using GitHub Repo: %s</span><span class="se">\n</span><span class="s2">"</span> <span class="s2">"</span><span class="k">${</span><span class="nv">GITHUB_REPO</span><span class="k">}</span><span class="s2">"</span> <span class="c"># ----------------------------------------------------------------------------#</span> <span class="c"># 1. Deploy application git repo and start server on port 8000 #</span> <span class="c"># ----------------------------------------------------------------------------#</span> <span class="nb">cd</span> ~ <span class="o">||</span> <span class="nb">exit </span>git clone <span class="s2">"</span><span class="k">${</span><span class="nv">GITHUB_REPO</span><span class="k">}</span><span class="s2">"</span> <span class="nb">cd</span> <span class="s2">"test-web-app"</span> <span class="o">||</span> <span class="nb">exit </span>pip3 <span class="nb">install</span> <span class="nt">-r</span> requirements.txt <span class="c"># Kill any process running on port 8000</span> <span class="nv">port_to_kill</span><span class="o">=</span>8000<span class="p">;</span> lsof <span class="nt">-i</span> :<span class="nv">$port_to_kill</span> <span class="nt">-t</span> | xargs <span class="nt">-I</span> <span class="o">{}</span> <span class="nb">kill</span> <span class="o">{}</span> uvicorn app:app &amp; <span class="nb">cd</span> ~ <span class="o">||</span> <span class="nb">exit</span> <span class="c"># ----------------------------------------------------------------------------#</span> <span class="c"># 2. Install Certbot to get TLS certificate for HTTPS #</span> <span class="c"># ----------------------------------------------------------------------------#</span> <span class="nb">cp</span> /tmp/nginx_http.conf /etc/nginx/nginx.conf apt <span class="nt">-y</span> remove certbot snap <span class="nb">install</span> <span class="nt">--classic</span> certbot certbot <span class="nt">--version</span> <span class="nb">ln</span> <span class="nt">-s</span> /snap/bin/certbot /usr/bin/certbot <span class="c"># ----------------------------------------------------------------------------#</span> <span class="c"># Get HTTPS certificate &amp; configure Nginx #</span> <span class="c"># ----------------------------------------------------------------------------#</span> <span class="c"># This step generates a certificate for the domain name</span> certbot run <span class="nt">-n</span> <span class="nt">--nginx</span> <span class="nt">-m</span> <span class="s2">"</span><span class="k">${</span><span class="nv">EMAIL</span><span class="k">}</span><span class="s2">"</span> <span class="nt">--agree-tos</span> <span class="nt">-d</span> <span class="s2">"</span><span class="k">${</span><span class="nv">DOMAIN_NAME</span><span class="k">}</span><span class="s2">"</span> <span class="k">if</span> <span class="o">[</span> <span class="nv">$?</span> <span class="nt">-ne</span> 0 <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">printf</span> <span class="s2">"Unable to Install HTTPS Certificate."</span> <span class="nb">exit </span>1 <span class="k">else </span><span class="nb">printf</span> <span class="s2">"HTTPS Certificate Installed Successfully."</span> <span class="k">fi </span><span class="nb">rm</span> <span class="nt">-rf</span> /etc/nginx/nginx.conf <span class="nb">mv</span> /tmp/nginx_https.conf /etc/nginx/nginx.conf systemctl restart nginx systemctl status nginx <span class="nb">exit </span>0 </code></pre> </div> <h3> <code>nginx_http.conf</code> </h3> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="n">user</span> <span class="n">www</span><span class="o">-</span><span class="n">data</span><span class="p">;</span> <span class="n">worker_processes</span> <span class="n">auto</span><span class="p">;</span> <span class="n">pid</span> <span class="sr">/run/n</span><span class="n">ginx</span><span class="p">.</span><span class="nf">pid</span><span class="p">;</span> <span class="kp">include</span> <span class="sr">/etc/n</span><span class="n">ginx</span><span class="o">/</span><span class="n">modules</span><span class="o">-</span><span class="n">enabled</span><span class="o">/*</span><span class="p">.</span><span class="nf">conf</span><span class="p">;</span> <span class="n">events</span> <span class="p">{</span> <span class="n">worker_connections</span> <span class="mi">768</span><span class="p">;</span> <span class="c1"># multi_accept on;</span> <span class="p">}</span> <span class="n">http</span> <span class="p">{</span> <span class="n">sendfile</span> <span class="n">on</span><span class="p">;</span> <span class="n">tcp_nopush</span> <span class="n">on</span><span class="p">;</span> <span class="n">types_hash_max_size</span> <span class="mi">2048</span><span class="p">;</span> <span class="kp">include</span> <span class="sr">/etc/n</span><span class="n">ginx</span><span class="o">/</span><span class="n">mime</span><span class="p">.</span><span class="nf">types</span><span class="p">;</span> <span class="n">default_type</span> <span class="n">application</span><span class="o">/</span><span class="n">octet</span><span class="o">-</span><span class="n">stream</span><span class="p">;</span> <span class="n">access_log</span> <span class="sr">/var/</span><span class="n">log</span><span class="o">/</span><span class="n">nginx</span><span class="o">/</span><span class="n">access</span><span class="p">.</span><span class="nf">log</span><span class="p">;</span> <span class="n">error_log</span> <span class="sr">/var/</span><span class="n">log</span><span class="o">/</span><span class="n">nginx</span><span class="o">/</span><span class="n">error</span><span class="p">.</span><span class="nf">log</span><span class="p">;</span> <span class="n">gzip</span> <span class="n">on</span><span class="p">;</span> <span class="kp">include</span> <span class="sr">/etc/n</span><span class="n">ginx</span><span class="o">/</span><span class="n">conf</span><span class="p">.</span><span class="nf">d</span><span class="o">/*</span><span class="p">.</span><span class="nf">conf</span><span class="p">;</span> <span class="kp">include</span> <span class="sr">/etc/n</span><span class="n">ginx</span><span class="o">/</span><span class="n">sites</span><span class="o">-</span><span class="n">enabled</span><span class="o">/*</span><span class="p">;</span> <span class="n">server</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="vg">$host</span> <span class="o">=</span> <span class="n">example</span><span class="p">.</span><span class="nf">com</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="mi">301</span> <span class="n">https</span><span class="ss">:/</span><span class="o">/</span><span class="vg">$host$request_uri</span><span class="p">;</span> <span class="p">}</span> <span class="n">listen</span> <span class="mi">80</span><span class="p">;</span> <span class="n">server_name</span> <span class="n">example</span><span class="p">.</span><span class="nf">com</span><span class="p">;</span> <span class="k">return</span> <span class="mi">404</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> <code>nginx_https.conf</code> </h3> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="n">user</span> <span class="n">www</span><span class="o">-</span><span class="n">data</span><span class="p">;</span> <span class="n">worker_processes</span> <span class="n">auto</span><span class="p">;</span> <span class="n">pid</span> <span class="sr">/run/n</span><span class="n">ginx</span><span class="p">.</span><span class="nf">pid</span><span class="p">;</span> <span class="kp">include</span> <span class="sr">/etc/n</span><span class="n">ginx</span><span class="o">/</span><span class="n">modules</span><span class="o">-</span><span class="n">enabled</span><span class="o">/*</span><span class="p">.</span><span class="nf">conf</span><span class="p">;</span> <span class="n">events</span> <span class="p">{</span> <span class="n">worker_connections</span> <span class="mi">768</span><span class="p">;</span> <span class="c1"># multi_accept on;</span> <span class="p">}</span> <span class="n">http</span> <span class="p">{</span> <span class="n">sendfile</span> <span class="n">on</span><span class="p">;</span> <span class="n">tcp_nopush</span> <span class="n">on</span><span class="p">;</span> <span class="n">types_hash_max_size</span> <span class="mi">2048</span><span class="p">;</span> <span class="kp">include</span> <span class="sr">/etc/n</span><span class="n">ginx</span><span class="o">/</span><span class="n">mime</span><span class="p">.</span><span class="nf">types</span><span class="p">;</span> <span class="n">default_type</span> <span class="n">application</span><span class="o">/</span><span class="n">octet</span><span class="o">-</span><span class="n">stream</span><span class="p">;</span> <span class="n">access_log</span> <span class="sr">/var/</span><span class="n">log</span><span class="o">/</span><span class="n">nginx</span><span class="o">/</span><span class="n">access</span><span class="p">.</span><span class="nf">log</span><span class="p">;</span> <span class="n">error_log</span> <span class="sr">/var/</span><span class="n">log</span><span class="o">/</span><span class="n">nginx</span><span class="o">/</span><span class="n">error</span><span class="p">.</span><span class="nf">log</span><span class="p">;</span> <span class="n">gzip</span> <span class="n">on</span><span class="p">;</span> <span class="kp">include</span> <span class="sr">/etc/n</span><span class="n">ginx</span><span class="o">/</span><span class="n">conf</span><span class="p">.</span><span class="nf">d</span><span class="o">/*</span><span class="p">.</span><span class="nf">conf</span><span class="p">;</span> <span class="kp">include</span> <span class="sr">/etc/n</span><span class="n">ginx</span><span class="o">/</span><span class="n">sites</span><span class="o">-</span><span class="n">enabled</span><span class="o">/*</span><span class="p">;</span> <span class="n">server</span> <span class="p">{</span> <span class="n">listen</span> <span class="mi">443</span> <span class="n">ssl</span><span class="p">;</span> <span class="c1"># managed by Certbot</span> <span class="n">ssl_certificate</span> <span class="sr">/etc/</span><span class="n">letsencrypt</span><span class="o">/</span><span class="n">live</span><span class="o">/</span><span class="n">example</span><span class="p">.</span><span class="nf">com</span><span class="o">/</span><span class="n">fullchain</span><span class="p">.</span><span class="nf">pem</span><span class="p">;</span> <span class="c1"># managed by Certbot</span> <span class="n">ssl_certificate_key</span> <span class="sr">/etc/</span><span class="n">letsencrypt</span><span class="o">/</span><span class="n">live</span><span class="o">/</span><span class="n">example</span><span class="p">.</span><span class="nf">com</span><span class="o">/</span><span class="n">privkey</span><span class="p">.</span><span class="nf">pem</span><span class="p">;</span> <span class="c1"># managed by Certbot</span> <span class="kp">include</span> <span class="sr">/etc/</span><span class="n">letsencrypt</span><span class="o">/</span><span class="n">options</span><span class="o">-</span><span class="n">ssl</span><span class="o">-</span><span class="n">nginx</span><span class="p">.</span><span class="nf">conf</span><span class="p">;</span> <span class="c1"># managed by Certbot</span> <span class="n">ssl_dhparam</span> <span class="sr">/etc/</span><span class="n">letsencrypt</span><span class="o">/</span><span class="n">ssl</span><span class="o">-</span><span class="n">dhparams</span><span class="p">.</span><span class="nf">pem</span><span class="p">;</span> <span class="c1"># managed by Certbot</span> <span class="n">location</span> <span class="o">/</span> <span class="p">{</span> <span class="n">proxy_pass</span> <span class="n">http</span><span class="ss">:/</span><span class="o">/</span><span class="mf">127.0</span><span class="o">.</span><span class="mf">0.1</span><span class="p">:</span><span class="mi">8000</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="n">server</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="vg">$host</span> <span class="o">=</span> <span class="n">example</span><span class="p">.</span><span class="nf">com</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="mi">301</span> <span class="n">https</span><span class="ss">:/</span><span class="o">/</span><span class="vg">$host$request_uri</span><span class="p">;</span> <span class="p">}</span> <span class="c1"># managed by Certbot</span> <span class="n">listen</span> <span class="mi">80</span><span class="p">;</span> <span class="n">server_name</span> <span class="n">example</span><span class="p">.</span><span class="nf">com</span><span class="p">;</span> <span class="k">return</span> <span class="mi">404</span><span class="p">;</span> <span class="c1"># managed by Certbot</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> <code>domain.py</code> </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># --------------------------------------------------------------------------------------------------# # This script deals with the Route53 to perform the following: # # 1. Create a Route53 hosted zone if it does not exist for the domain # # # 2. Identifies the Name servers from NS records from the hosted zone # # 4. Update the Name servers in the domain registrar, if required # # 2. Creates an Alias (A) record in the hosted zone to point the Public IP of the # # EC2 instance # # # # Assumption: # # Prior to running this script, the domain name should be registered with AWS Route53 # # Domain Registrar and the domain name should be visible in the "Registered domains" section # # of the Route53 console. # # # # --------------------------------------------------------------------------------------------------# </span><span class="kn">import</span> <span class="n">boto3</span> <span class="kn">import</span> <span class="n">argparse</span> <span class="kn">import</span> <span class="n">logging</span> <span class="kn">import</span> <span class="n">sys</span> <span class="n">logging</span><span class="p">.</span><span class="nf">basicConfig</span><span class="p">(</span> <span class="n">level</span><span class="o">=</span><span class="n">logging</span><span class="p">.</span><span class="n">INFO</span><span class="p">,</span> <span class="nb">format</span><span class="o">=</span><span class="sh">"</span><span class="s">%(asctime)s %(levelname)s: [@ %(filename)s:%(lineno)d] ==&gt; %(message)s</span><span class="sh">"</span><span class="p">,</span> <span class="p">)</span> <span class="n">logger</span> <span class="o">=</span> <span class="n">logging</span><span class="p">.</span><span class="nf">getLogger</span><span class="p">(</span><span class="n">__name__</span><span class="p">)</span> <span class="k">def</span> <span class="nf">flatten_json</span><span class="p">(</span><span class="n">json_doc</span><span class="p">):</span> <span class="n">out</span> <span class="o">=</span> <span class="p">{}</span> <span class="k">def</span> <span class="nf">flatten</span><span class="p">(</span><span class="n">x</span><span class="p">,</span> <span class="n">name</span><span class="o">=</span><span class="sh">""</span><span class="p">):</span> <span class="k">if</span> <span class="nf">type</span><span class="p">(</span><span class="n">x</span><span class="p">)</span> <span class="ow">is</span> <span class="nb">dict</span><span class="p">:</span> <span class="k">for</span> <span class="n">a</span> <span class="ow">in</span> <span class="n">x</span><span class="p">:</span> <span class="nf">flatten</span><span class="p">(</span><span class="n">x</span><span class="p">[</span><span class="n">a</span><span class="p">],</span> <span class="n">name</span> <span class="o">+</span> <span class="n">a</span> <span class="o">+</span> <span class="sh">"</span><span class="s">.</span><span class="sh">"</span><span class="p">)</span> <span class="k">elif</span> <span class="nf">type</span><span class="p">(</span><span class="n">x</span><span class="p">)</span> <span class="ow">is</span> <span class="nb">list</span><span class="p">:</span> <span class="n">i</span> <span class="o">=</span> <span class="mi">0</span> <span class="k">for</span> <span class="n">a</span> <span class="ow">in</span> <span class="n">x</span><span class="p">:</span> <span class="nf">flatten</span><span class="p">(</span><span class="n">a</span><span class="p">,</span> <span class="n">name</span> <span class="o">+</span> <span class="nf">str</span><span class="p">(</span><span class="n">i</span><span class="p">)</span> <span class="o">+</span> <span class="sh">"</span><span class="s">.</span><span class="sh">"</span><span class="p">)</span> <span class="n">i</span> <span class="o">+=</span> <span class="mi">1</span> <span class="k">else</span><span class="p">:</span> <span class="n">out</span><span class="p">[</span><span class="n">name</span><span class="p">[:</span><span class="o">-</span><span class="mi">1</span><span class="p">]]</span> <span class="o">=</span> <span class="n">x</span> <span class="nf">flatten</span><span class="p">(</span><span class="n">json_doc</span><span class="p">)</span> <span class="k">return</span> <span class="n">out</span> <span class="k">def</span> <span class="nf">print_dict</span><span class="p">(</span><span class="n">d</span><span class="p">:</span> <span class="nb">dict</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="bp">None</span><span class="p">:</span> <span class="sh">"""</span><span class="s"> Prints a dictionary </span><span class="sh">"""</span> <span class="k">for</span> <span class="n">k</span><span class="p">,</span> <span class="n">v</span> <span class="ow">in</span> <span class="n">d</span><span class="p">.</span><span class="nf">items</span><span class="p">():</span> <span class="n">logger</span><span class="p">.</span><span class="nf">debug</span><span class="p">(</span><span class="sh">"</span><span class="s">{}: {}</span><span class="sh">"</span><span class="p">.</span><span class="nf">format</span><span class="p">(</span><span class="n">k</span><span class="p">,</span> <span class="n">v</span><span class="p">))</span> <span class="k">def</span> <span class="nf">check_hosted_zone</span><span class="p">(</span><span class="n">domain_name</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">bool</span><span class="p">:</span> <span class="sh">"""</span><span class="s">Check if the hosted zone exists in Route53</span><span class="sh">"""</span> <span class="n">client</span> <span class="o">=</span> <span class="n">boto3</span><span class="p">.</span><span class="nf">client</span><span class="p">(</span><span class="sh">"</span><span class="s">route53</span><span class="sh">"</span><span class="p">)</span> <span class="n">response</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="nf">list_hosted_zones_by_name</span><span class="p">(</span><span class="n">DNSName</span><span class="o">=</span><span class="n">domain_name</span><span class="p">)</span> <span class="nf">print_dict</span><span class="p">(</span><span class="nf">flatten_json</span><span class="p">(</span><span class="n">response</span><span class="p">))</span> <span class="n">zone_found</span> <span class="o">=</span> <span class="bp">False</span> <span class="n">zone_id</span> <span class="o">=</span> <span class="bp">None</span> <span class="k">for</span> <span class="n">zone</span> <span class="ow">in</span> <span class="n">response</span><span class="p">[</span><span class="sh">"</span><span class="s">HostedZones</span><span class="sh">"</span><span class="p">]:</span> <span class="k">if</span> <span class="n">zone</span><span class="p">[</span><span class="sh">"</span><span class="s">Name</span><span class="sh">"</span><span class="p">][:</span><span class="o">-</span><span class="mi">1</span><span class="p">]</span> <span class="o">==</span> <span class="n">domain_name</span><span class="p">:</span> <span class="n">zone_found</span> <span class="o">=</span> <span class="bp">True</span> <span class="n">zone_id</span> <span class="o">=</span> <span class="n">zone</span><span class="p">[</span><span class="sh">"</span><span class="s">Id</span><span class="sh">"</span><span class="p">]</span> <span class="nf">return </span><span class="p">(</span><span class="n">zone_found</span><span class="p">,</span> <span class="n">zone_id</span><span class="p">)</span> <span class="k">def</span> <span class="nf">create_hosted_zone</span><span class="p">(</span><span class="n">domain_name</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">str</span><span class="p">:</span> <span class="sh">"""</span><span class="s">Create a hosted zone in Route53</span><span class="sh">"""</span> <span class="n">client</span> <span class="o">=</span> <span class="n">boto3</span><span class="p">.</span><span class="nf">client</span><span class="p">(</span><span class="sh">"</span><span class="s">route53</span><span class="sh">"</span><span class="p">)</span> <span class="n">response</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="nf">create_hosted_zone</span><span class="p">(</span><span class="n">Name</span><span class="o">=</span><span class="n">domain_name</span><span class="p">,</span> <span class="n">CallerReference</span><span class="o">=</span><span class="sh">"</span><span class="s">string</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print_dict</span><span class="p">(</span><span class="nf">flatten_json</span><span class="p">(</span><span class="n">response</span><span class="p">))</span> <span class="k">return</span> <span class="n">response</span><span class="p">[</span><span class="sh">"</span><span class="s">HostedZone</span><span class="sh">"</span><span class="p">][</span><span class="sh">"</span><span class="s">Id</span><span class="sh">"</span><span class="p">]</span> <span class="k">def</span> <span class="nf">get_hosted_zone_id</span><span class="p">(</span><span class="n">domain_name</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">str</span><span class="p">:</span> <span class="sh">"""</span><span class="s">Get the hosted zone id</span><span class="sh">"""</span> <span class="n">client</span> <span class="o">=</span> <span class="n">boto3</span><span class="p">.</span><span class="nf">client</span><span class="p">(</span><span class="sh">"</span><span class="s">route53</span><span class="sh">"</span><span class="p">)</span> <span class="n">response</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="nf">list_hosted_zones_by_name</span><span class="p">(</span><span class="n">DNSName</span><span class="o">=</span><span class="n">domain_name</span><span class="p">)</span> <span class="nf">print_dict</span><span class="p">(</span><span class="nf">flatten_json</span><span class="p">(</span><span class="n">response</span><span class="p">))</span> <span class="k">return</span> <span class="n">response</span><span class="p">[</span><span class="sh">"</span><span class="s">HostedZones</span><span class="sh">"</span><span class="p">][</span><span class="mi">0</span><span class="p">][</span><span class="sh">"</span><span class="s">Id</span><span class="sh">"</span><span class="p">]</span> <span class="k">def</span> <span class="nf">get_hosted_zone_name_servers</span><span class="p">(</span><span class="n">hosted_zone_id</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">list</span><span class="p">:</span> <span class="sh">"""</span><span class="s">Get the name servers from the hosted zone</span><span class="sh">"""</span> <span class="n">client</span> <span class="o">=</span> <span class="n">boto3</span><span class="p">.</span><span class="nf">client</span><span class="p">(</span><span class="sh">"</span><span class="s">route53</span><span class="sh">"</span><span class="p">)</span> <span class="n">response</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="nf">get_hosted_zone</span><span class="p">(</span><span class="n">Id</span><span class="o">=</span><span class="n">hosted_zone_id</span><span class="p">)</span> <span class="nf">print_dict</span><span class="p">(</span><span class="nf">flatten_json</span><span class="p">(</span><span class="n">response</span><span class="p">))</span> <span class="k">return</span> <span class="n">response</span><span class="p">[</span><span class="sh">"</span><span class="s">DelegationSet</span><span class="sh">"</span><span class="p">][</span><span class="sh">"</span><span class="s">NameServers</span><span class="sh">"</span><span class="p">]</span> <span class="k">def</span> <span class="nf">get_domain_registrar_name_servers</span><span class="p">(</span><span class="n">domain_name</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">list</span><span class="p">:</span> <span class="sh">"""</span><span class="s">Get the name servers from the domain registrar</span><span class="sh">"""</span> <span class="n">client</span> <span class="o">=</span> <span class="n">boto3</span><span class="p">.</span><span class="nf">client</span><span class="p">(</span><span class="sh">"</span><span class="s">route53domains</span><span class="sh">"</span><span class="p">,</span> <span class="n">region_name</span><span class="o">=</span><span class="sh">"</span><span class="s">us-east-1</span><span class="sh">"</span><span class="p">)</span> <span class="n">response</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="nf">get_domain_detail</span><span class="p">(</span><span class="n">DomainName</span><span class="o">=</span><span class="n">domain_name</span><span class="p">)</span> <span class="nf">print_dict</span><span class="p">(</span><span class="nf">flatten_json</span><span class="p">(</span><span class="n">response</span><span class="p">))</span> <span class="k">return</span> <span class="n">response</span><span class="p">[</span><span class="sh">"</span><span class="s">Nameservers</span><span class="sh">"</span><span class="p">]</span> <span class="k">def</span> <span class="nf">create_alias_record</span><span class="p">(</span><span class="n">domain_name</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">public_ip</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">str</span><span class="p">:</span> <span class="sh">"""</span><span class="s"> Create Alias record in Hosted Zone </span><span class="sh">"""</span> <span class="k">try</span><span class="p">:</span> <span class="n">client</span> <span class="o">=</span> <span class="n">boto3</span><span class="p">.</span><span class="nf">client</span><span class="p">(</span><span class="sh">"</span><span class="s">route53</span><span class="sh">"</span><span class="p">)</span> <span class="n">hosted_zone_id_full</span> <span class="o">=</span> <span class="nf">get_hosted_zone_id</span><span class="p">(</span><span class="n">domain_name</span><span class="p">)</span> <span class="n">hosted_zone_id</span> <span class="o">=</span> <span class="n">hosted_zone_id_full</span><span class="p">.</span><span class="nf">split</span><span class="p">(</span><span class="sh">"</span><span class="s">/</span><span class="sh">"</span><span class="p">)[</span><span class="o">-</span><span class="mi">1</span><span class="p">]</span> <span class="n">response</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="nf">change_resource_record_sets</span><span class="p">(</span> <span class="n">HostedZoneId</span><span class="o">=</span><span class="n">hosted_zone_id</span><span class="p">,</span> <span class="n">ChangeBatch</span><span class="o">=</span><span class="p">{</span> <span class="sh">"</span><span class="s">Comment</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Alias record for EC2 instance</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Changes</span><span class="sh">"</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="sh">"</span><span class="s">Action</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">UPSERT</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">ResourceRecordSet</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">Name</span><span class="sh">"</span><span class="p">:</span> <span class="n">domain_name</span><span class="p">,</span> <span class="sh">"</span><span class="s">Type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">A</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">TTL</span><span class="sh">"</span><span class="p">:</span> <span class="mi">60</span><span class="p">,</span> <span class="sh">"</span><span class="s">ResourceRecords</span><span class="sh">"</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="sh">"</span><span class="s">Value</span><span class="sh">"</span><span class="p">:</span> <span class="n">public_ip</span><span class="p">,</span> <span class="p">},</span> <span class="p">],</span> <span class="p">},</span> <span class="p">},</span> <span class="p">],</span> <span class="p">},</span> <span class="p">)</span> <span class="nf">print_dict</span><span class="p">(</span><span class="nf">flatten_json</span><span class="p">(</span><span class="n">response</span><span class="p">))</span> <span class="k">return</span> <span class="n">response</span><span class="p">[</span><span class="sh">"</span><span class="s">ChangeInfo</span><span class="sh">"</span><span class="p">][</span><span class="sh">"</span><span class="s">Id</span><span class="sh">"</span><span class="p">]</span> <span class="k">except</span> <span class="nb">Exception</span> <span class="k">as</span> <span class="n">err</span><span class="p">:</span> <span class="n">logger</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="sh">"</span><span class="s">Unable to create alias record in hosted zone</span><span class="sh">"</span><span class="p">)</span> <span class="n">logger</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="n">err</span><span class="p">)</span> <span class="n">sys</span><span class="p">.</span><span class="nf">exit</span><span class="p">(</span><span class="mi">1</span><span class="p">)</span> <span class="k">if</span> <span class="n">__name__</span> <span class="o">==</span> <span class="sh">"</span><span class="s">__main__</span><span class="sh">"</span><span class="p">:</span> <span class="n">parser</span> <span class="o">=</span> <span class="n">argparse</span><span class="p">.</span><span class="nc">ArgumentParser</span><span class="p">(</span><span class="n">description</span><span class="o">=</span><span class="sh">"</span><span class="s">Process domain name</span><span class="sh">"</span><span class="p">)</span> <span class="n">parser</span><span class="p">.</span><span class="nf">add_argument</span><span class="p">(</span><span class="sh">"</span><span class="s">domain_name</span><span class="sh">"</span><span class="p">,</span> <span class="nb">type</span><span class="o">=</span><span class="nb">str</span><span class="p">,</span> <span class="n">help</span><span class="o">=</span><span class="sh">"</span><span class="s">domain name</span><span class="sh">"</span><span class="p">)</span> <span class="n">parser</span><span class="p">.</span><span class="nf">add_argument</span><span class="p">(</span><span class="sh">"</span><span class="s">public_ip</span><span class="sh">"</span><span class="p">,</span> <span class="nb">type</span><span class="o">=</span><span class="nb">str</span><span class="p">,</span> <span class="n">help</span><span class="o">=</span><span class="sh">"</span><span class="s">public ip of the ec2 instance</span><span class="sh">"</span><span class="p">)</span> <span class="n">args</span> <span class="o">=</span> <span class="n">parser</span><span class="p">.</span><span class="nf">parse_args</span><span class="p">()</span> <span class="n">domain_name</span> <span class="o">=</span> <span class="n">args</span><span class="p">.</span><span class="n">domain_name</span> <span class="n">public_ip</span> <span class="o">=</span> <span class="n">args</span><span class="p">.</span><span class="n">public_ip</span> <span class="k">if</span> <span class="n">domain_name</span> <span class="ow">is</span> <span class="bp">None</span><span class="p">:</span> <span class="n">logger</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="sh">"</span><span class="s">Domain name is required</span><span class="sh">"</span><span class="p">)</span> <span class="n">sys</span><span class="p">.</span><span class="nf">exit</span><span class="p">(</span><span class="mi">1</span><span class="p">)</span> <span class="k">if</span> <span class="n">public_ip</span> <span class="ow">is</span> <span class="bp">None</span><span class="p">:</span> <span class="n">logger</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="sh">"</span><span class="s">Public IP is required</span><span class="sh">"</span><span class="p">)</span> <span class="n">sys</span><span class="p">.</span><span class="nf">exit</span><span class="p">(</span><span class="mi">1</span><span class="p">)</span> <span class="c1"># Check if the hosted zone exists </span> <span class="n">zone_flag</span><span class="p">,</span> <span class="n">hosted_zone_id</span> <span class="o">=</span> <span class="nf">check_hosted_zone</span><span class="p">(</span><span class="n">domain_name</span><span class="p">)</span> <span class="k">if</span> <span class="n">zone_flag</span><span class="p">:</span> <span class="n">logger</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Hosted zone already exists for domain </span><span class="si">{</span><span class="n">domain_name</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="n">logger</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Hosted zone id: </span><span class="si">{</span><span class="n">hosted_zone_id</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="k">else</span><span class="p">:</span> <span class="n">logger</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="sh">"</span><span class="s">Hosted zone does not exist yet for domain {domain_name}</span><span class="sh">"</span><span class="p">)</span> <span class="n">hosted_zone_id</span> <span class="o">=</span> <span class="nf">create_hosted_zone</span><span class="p">(</span><span class="n">domain_name</span><span class="p">)</span> <span class="n">logger</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Hosted zone created: </span><span class="si">{</span><span class="n">hosted_zone_id</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Get name servers from hosted zone </span> <span class="n">hosted_zone_name_servers</span> <span class="o">=</span> <span class="nf">get_hosted_zone_name_servers</span><span class="p">(</span><span class="n">hosted_zone_id</span><span class="p">)</span> <span class="n">logger</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Hosted Zone Name servers: </span><span class="si">{</span><span class="n">hosted_zone_name_servers</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Get name servers from domain registrar </span> <span class="n">name_servers</span> <span class="o">=</span> <span class="nf">get_domain_registrar_name_servers</span><span class="p">(</span><span class="n">domain_name</span><span class="p">)</span> <span class="n">domain_registrar_name_servers</span> <span class="o">=</span> <span class="nf">list</span><span class="p">()</span> <span class="k">for</span> <span class="n">ns</span> <span class="ow">in</span> <span class="n">name_servers</span><span class="p">:</span> <span class="n">domain_registrar_name_servers</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="n">ns</span><span class="p">[</span><span class="sh">"</span><span class="s">Name</span><span class="sh">"</span><span class="p">])</span> <span class="n">logger</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Domain registrar name servers: </span><span class="si">{</span><span class="n">domain_registrar_name_servers</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># If Hosted zone name servers and domain registrar name servers are different, </span> <span class="c1"># update the domain registrar. </span> <span class="k">if</span> <span class="nf">sorted</span><span class="p">(</span><span class="n">hosted_zone_name_servers</span><span class="p">)</span> <span class="o">!=</span> <span class="nf">sorted</span><span class="p">(</span><span class="n">domain_registrar_name_servers</span><span class="p">):</span> <span class="n">logger</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="sh">"</span><span class="s">Updating domain registrar name servers ...</span><span class="sh">"</span><span class="p">)</span> <span class="n">client</span> <span class="o">=</span> <span class="n">boto3</span><span class="p">.</span><span class="nf">client</span><span class="p">(</span><span class="sh">"</span><span class="s">route53domains</span><span class="sh">"</span><span class="p">,</span> <span class="n">region_name</span><span class="o">=</span><span class="sh">"</span><span class="s">us-east-1</span><span class="sh">"</span><span class="p">)</span> <span class="n">response</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="nf">update_domain_nameservers</span><span class="p">(</span> <span class="n">DomainName</span><span class="o">=</span><span class="n">domain_name</span><span class="p">,</span> <span class="n">Nameservers</span><span class="o">=</span><span class="p">[</span> <span class="p">{</span><span class="sh">"</span><span class="s">Name</span><span class="sh">"</span><span class="p">:</span> <span class="n">hosted_zone_name_servers</span><span class="p">[</span><span class="mi">0</span><span class="p">]},</span> <span class="p">{</span><span class="sh">"</span><span class="s">Name</span><span class="sh">"</span><span class="p">:</span> <span class="n">hosted_zone_name_servers</span><span class="p">[</span><span class="mi">1</span><span class="p">]},</span> <span class="p">{</span><span class="sh">"</span><span class="s">Name</span><span class="sh">"</span><span class="p">:</span> <span class="n">hosted_zone_name_servers</span><span class="p">[</span><span class="mi">2</span><span class="p">]},</span> <span class="p">{</span><span class="sh">"</span><span class="s">Name</span><span class="sh">"</span><span class="p">:</span> <span class="n">hosted_zone_name_servers</span><span class="p">[</span><span class="mi">3</span><span class="p">]},</span> <span class="p">],</span> <span class="p">)</span> <span class="n">logger</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="sh">"</span><span class="s">Domain registrar name servers updated</span><span class="sh">"</span><span class="p">)</span> <span class="k">else</span><span class="p">:</span> <span class="n">logger</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span> <span class="sh">"</span><span class="s">Domain registrar &amp; hosted zone name servers are same. No update required!</span><span class="sh">"</span> <span class="p">)</span> <span class="c1"># Create alias record in hosted zone </span> <span class="n">logger</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Creating alias record in hosted zone using </span><span class="si">{</span><span class="n">domain_name</span><span class="si">}</span><span class="s"> and </span><span class="si">{</span><span class="n">public_ip</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="n">change_id</span> <span class="o">=</span> <span class="nf">create_alias_record</span><span class="p">(</span><span class="n">domain_name</span><span class="p">,</span> <span class="n">public_ip</span><span class="p">)</span> <span class="n">logger</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Change id: </span><span class="si">{</span><span class="n">change_id</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="n">logger</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="sh">"</span><span class="s">Done!</span><span class="sh">"</span><span class="p">)</span> <span class="n">sys</span><span class="p">.</span><span class="nf">exit</span><span class="p">(</span><span class="mi">0</span><span class="p">)</span> </code></pre> </div> aws fastapi terraform infrastructureascode