Author: Noel Alvarez

Terraform – Reference Resources During Deployment

Terraform is a powerful infrastructure as code (IaC) application. For example, it may be used to deploy an Amazon Virtual Private Cloud (Amazon VPC) along with it’s various components, such as a subnet. Doing so requires you to provide the Amazon VPC ID where the subnet will be deployed.

However, how do you provide Terraform with the VPC ID if it has not already been created? The Terraform solution is to reference the Amazon VPC in the code and below is an example of this (aws_vpc.TERRAFORM-VPC.id). You must specify the service provider and resource type (in this case it is aws_vpc) and append the id attribute.

resource “aws_vpc” “TERRAFORM-VPC” {
cidr_block = “10.0.0.0/16”
enable_dns_support = “true”
enable_dns_hostnames = “true”

tags = {
Name = “VPC-01”
}
}

resource “aws_subnet” “TERRAFORM-SUBNET” {
cidr_block = “10.0.1.0/24”
vpc_id = aws_vpc.TERRAFORM-VPC.id

tags = {
Name = “SUBNET-01”
}
}


Ansible – Installation on Amazon EC2 Instance

You may use the following commands to install and verify the installation of Ansible on an Amazon EC2 instance. In this example, the AMI is Amazon Linux 2 AMI (HVM) (ami-0c02fb55956c7d316) and is provisioned in the Northern Virginia (US-EAST-1) region.

[root@ip-10-0-1-11 ~]# sudo amazon-linux-extras install ansible2 -y
[root@ip-10-0-1-11 ~]# ansible –version
ansible 2.9.23
config file = /etc/ansible/ansible.cfg
configured module search path = [u’/root/.ansible/plugins/modules’, u’/usr/share/ansible/plugins/modules’]
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.18 (default, Jun 10 2021, 00:11:02) [GCC 7.3.1 20180712 (Red Hat 7.3.1-13)]


Terraform – Specify EC2 Instance Security Group

Using Terraform, you may specify the security group that will be associated with the Elastic Network Interface (ENI) of an Amazon EC2 instance during provisioning using the vpc_security_group_ids argument and the security group ID.

The syntax for the vpc_security_group_ids argument is displayed below.

vpc_security_group_ids = [aws_security_group.security-group.id]


Terraform – EC2 Security Group ICMP Rule

Using Terraform, you may configure a security group for an Amazon EC2 instance. The rule below will create an ingress rule that will allow all ICMP IPv4 traffic from any network.

As this is an example for education purposes, you may consider restricting the source IP address(es) in the cidr_blocks argument.

ingress {
description = “Allow all incoming ICMP – IPv4 traffic”
from_port = -1
to_port = -1
protocol = “icmp”
cidr_blocks = [“0.0.0.0/0”]
}


Linktree – Noel Alvarez

You may find my Linktree URL here.

At the time of this post it contains this blog, my GitHub account, and Twitter account.


Amazon Web Services – IAM Role for VPC Flow Logs

Configuring VPC flow logs to publish to CloudWatch logs will require an IAM role to publish the logs to the specified log group in CloudWatch. Amazon Web Services provides great documentation on this which may be found here.

The IAM policy for the role must at a minimum include the following permission.


Amazon Web Services – AWS CLI Command Reference

You may use this link to access the documentation for the AWS CLI Command Reference. Additionally, according to the official AWS documentation “The AWS Command Line Interface is a unified tool that provides a consistent interface for interacting with all parts of AWS.”


Amazon Web Services – Configure Password Policy with AWS CLI

You may use the following command from the AWS Command Line Interface to configure the account password policy. This is an example configure and more information may be found here.

aws iam update-account-password-policy –minimum-password-length 8 –require-uppercase-characters –require-lowercase-characters –require-numbers –no-require-symbols –max-password-age 60 –hard-expiry –allow-users-to-change-password –password-reuse-prevention 24


VMware – Linux CentOS VMware Tools Installation

The article in this link provides step by step instructions for installing VMware Tools on Linux virtual machines.

Additionally, upon executing the command ./vmware-install.pl, as the root user, I was met with an access denied error. The solution was to run the command perl ./vmware-install.pl.


Amazon Web Services – Certification

I am officially an Amazon Web Services Certified Solutions Architect.