Category: Amazon Web Services

Terraform – Reference Resources During Deployment

Terraform is a powerful infrastructure as code (IaC) application. For example, it may be used to deploy an Amazon Virtual Private Cloud (Amazon VPC) along with it’s various components, such as a subnet. Doing so requires you to provide the Amazon VPC ID where the subnet will be deployed.

However, how do you provide Terraform with the VPC ID if it has not already been created? The Terraform solution is to reference the Amazon VPC in the code and below is an example of this (aws_vpc.TERRAFORM-VPC.id). You must specify the service provider and resource type (in this case it is aws_vpc) and append the id attribute.

resource “aws_vpc” “TERRAFORM-VPC” {
cidr_block = “10.0.0.0/16”
enable_dns_support = “true”
enable_dns_hostnames = “true”

tags = {
Name = “VPC-01”
}
}

resource “aws_subnet” “TERRAFORM-SUBNET” {
cidr_block = “10.0.1.0/24”
vpc_id = aws_vpc.TERRAFORM-VPC.id

tags = {
Name = “SUBNET-01”
}
}


Terraform – Specify EC2 Instance Security Group

Using Terraform, you may specify the security group that will be associated with the Elastic Network Interface (ENI) of an Amazon EC2 instance during provisioning using the vpc_security_group_ids argument and the security group ID.

The syntax for the vpc_security_group_ids argument is displayed below.

vpc_security_group_ids = [aws_security_group.security-group.id]


Terraform – EC2 Security Group ICMP Rule

Using Terraform, you may configure a security group for an Amazon EC2 instance. The rule below will create an ingress rule that will allow all ICMP IPv4 traffic from any network.

As this is an example for education purposes, you may consider restricting the source IP address(es) in the cidr_blocks argument.

ingress {
description = “Allow all incoming ICMP – IPv4 traffic”
from_port = -1
to_port = -1
protocol = “icmp”
cidr_blocks = [“0.0.0.0/0”]
}


Amazon Web Services – IAM Role for VPC Flow Logs

Configuring VPC flow logs to publish to CloudWatch logs will require an IAM role to publish the logs to the specified log group in CloudWatch. Amazon Web Services provides great documentation on this which may be found here.

The IAM policy for the role must at a minimum include the following permission.


Amazon Web Services – AWS CLI Command Reference

You may use this link to access the documentation for the AWS CLI Command Reference. Additionally, according to the official AWS documentation “The AWS Command Line Interface is a unified tool that provides a consistent interface for interacting with all parts of AWS.”


Amazon Web Services – Configure Password Policy with AWS CLI

You may use the following command from the AWS Command Line Interface to configure the account password policy. This is an example configure and more information may be found here.

aws iam update-account-password-policy –minimum-password-length 8 –require-uppercase-characters –require-lowercase-characters –require-numbers –no-require-symbols –max-password-age 60 –hard-expiry –allow-users-to-change-password –password-reuse-prevention 24


Amazon Web Services – Certification

I am officially an Amazon Web Services Certified Solutions Architect.


Amazon Web Services – Verify AWS CLI Installation

You may use the following link to receive instructions on installing the AWS CLI. Additionally, to verify the installation, navigate to C:\Program Files\Amazon\AWSCLI for x64 operating systems and C:\Program Files (x86)\Amazon\AWSCLI for x86 operating systems.

Lastly, you may verify the version of the AWS CLI using the aws –version command from a Windows Command Prompt or Windows PowerShell session.


Amazon Web Services – Bootstrapping – Apache Installation

You may use the following commands to configure an Amazon EC2 instance to install and start the Apache web server upon boot. The commands should be placed in the Advanced Details dialog box during during the provisioning process of an EC2 instance.

#!/bin/bash
sudo su –
yum install -y httpd
systemctl start httpd