search

tenongene / quotegen_infra

Aws cloud infrastructure for quotegen app in Terraform
0 stars 0 forks source link

Writing Terraform manifests for deployment on AWS #1

Open tenongene opened 10 months ago

tenongene commented 10 months ago

Wrote manifest files to deploy application on AWS via an autoscaling group of EC2 instances.

Configured the VPC using the Terraform provider VPC module.

Image

Entered security group rules for load balancer access, SSH and metrics export for possible observability. Created 4 public subnets, 1 in each of 4 availability zones which will each host the application, for high availability.

tenongene commented 10 months ago

Configured an autoscaling group using the Terraform AWS provider autoscaling module.

Image

Entered the autoscaling group launch templates as required by the module. As this is a simple exercise, did not go into much detail as to configuring launch configurations, scaling rules and instance lifecycles as may be required in production settings. Specified the desired capacity to 4 with the intent on placing an instance in each subnet per availability zone.

Obtained an ami id number from the console to use in the manifest.

Registered the autoscaling group as targets to the load balancer target group by referencing the target group arn.

Entered a base64 encoded user data script which will bootstrap the EC2 instances on launch with instructions to install Docker onto the instance, login to the docker registry, run a docker container by pulling the image that was built and pushed to docker hub. Mapped the application port 7272 to the instance port.

tenongene commented 10 months ago

Configured an network load balancer using the Terraform AWS provider ALB module.

Image

Defined the target groups for subsequent registering of autoscaling group. Associated the VPC by it's id. Configure an http listener for the load balancer, with ingress at port 80 with a backend target port of 7272 for the instances/application via the autoscaling group.

Initially had access to application from both the instances and load balancer as I had configured the security group to allow access to port 7272 from everywhere ("0.0.0.0/0"). However I later realized this did not satisfy the requirement of access only via the load balancer. Thus created a second security group resource unique to the load balancer. Configured the default security group in the ASG to accepting incoming traffic into port 7272 only from the load balancer security group.

Wrote an output file for important infrastructure resources identification.

Image