Deploy a Secure EC2 Web Server with Terraform, VPC, and Remote State on AWS
Are you looking to automate your AWS infrastructure and deploy a web server with best practices? In this guide, you'll learn how to use Terraform to:
- Provision a secure VPC with public/private subnets
- Launch an EC2 instance running Apache with a sample website
- Manage SSH keys and security groups
- Store your Terraform state remotely in S3 for safety and collaboration
Let's get started!
What Does This Project Do?
- Creates a VPC with public and private subnets across multiple Availability Zones
- Sets up an Internet Gateway and routing for public subnets
- Launches an EC2 instance in a public subnet
- Configures a Security Group for SSH and HTTP access
- Manages SSH Key Pairs for secure access
- Provisions Apache Web Server with a sample website using a shell script
- Stores Terraform state remotely in an S3 bucket for collaboration and safety
Prerequisites
- Terraform installed
-
AWS CLI installed and configured (
aws configure
) - An AWS account with permissions to create EC2, VPC, and S3 resources
File Overview
- Provider.tf: AWS provider configuration
- vpc.tf: VPC, subnets, internet gateway, and route tables
- Instance.tf: EC2 instance definition and provisioning
- KeyPair.tf: SSH key pair resource
- SecurityGroup.tf: Security group for SSH/HTTP access
- vars.tf: Variables for region, AMI, zones, etc.
- backend.tf: Remote state backend (S3)
- web.sh: Script to install Apache and deploy a sample website
- .gitignore: Ignore sensitive files and Terraform state
- terraform-vpc-ssh-key / .pub: SSH keys (do not commit private key!)
Quick Start
# 1. Clone the repo
git clone https://github.com/tej6667/terraform-aws-vpc-ec2-webserver.git
# 2. Initialize Terraform
terraform init
# 3. Review the plan
terraform plan
# 4. Apply the configuration
terraform apply
# Type 'yes' when prompted
# 5. Destroy resources when done
terraform destroy
# Type 'yes' when prompted
Customization
-
Region & Zones: Edit
vars.tf
for your preferred AWS region and availability zones. -
AMI: Update the
amiID
map invars.tf
for your region. -
Security Group: Change allowed IPs in
SecurityGroup.tf
. -
S3 Backend: Set your S3 bucket name in
backend.tf
. -
SSH Key: Replace with your own key in
KeyPair.tf
and upload your public key.
Notes & Best Practices
- Never commit AWS credentials or private keys.
- Review security group rules before applying.
- Remote state in S3 is critical for team collaboration and disaster recovery.
- Remember to destroy resources to avoid AWS charges.
Learn More
Questions?
Drop a comment below or check out the GitHub repo for more details!
Top comments (1)
Some comments may only be visible to logged-in visitors. Sign in to view all comments.