Use Terraform to create a Lab in AWS

The problem

When using AWS to create VMs for a Lab, I always worry about the cost. Of course, I try to create only free tier resources. But, unfortunately, sometimes this is not possible.

Besides, when studying a technology that is new for me, it's often necessary to keep using the resources for days or weeks. This can generate costs, even if I stop an EC2 instance, there may be costs related to other resources.

To solve this problem, I invested some time studying Terraform. My objective was to design a terraform module to create all the resources I needed in the morning and destroy them all at the end of the day.

What is a Terraform Module

A Terraform module is a set of Terraform configuration files in a single directory. Even a simple configuration consisting of a single directory with one or more .tf files is a module.

A configuration can use module blocks to call modules in other directories. When Terraform encounters a module block, it loads and processes that module´s configuration files.

Modules can either be loaded from the local filesystem or a remote source, like Terraform Registry.

More information about Terraform Modules can be obtained at: https://developer.hashicorp.com/terraform/tutorials/modules/module .

A Use Case

In the course “Linux do Zero”, at Dio.me, I used Terraform to create three EC2 Instances (Linux Virtual Machines), within a VPC, in AWS, then I created a Docker Swarm cluster with these VMs.

All the process is documented in this repository:

https://github.com/szalbuque/app-deploy-with-docker-swarm-and-nginx .

In this repository, there is a folder called terraform, which contains a rfREADME.md file that describes all the steps I took to create the Terraform Module and test it.

Prepare the Environment

I use a Dell laptop with Windows 11. So, the instructions may be different for other operating systems.

First, it is necessary to create a user in AWS IAM with “programmatic access” and attached with a “AmazonEC2FullAccess” policy. You must generate the access key and save it to your computer.

Then, download Terraform from https://developer.hashicorp.com/terraform/downloads and extract to a folder. I put it in “c:\Program Files (x86)\Terraform”. Include this path in the Windows PATH environment variable.

After that, install AWS CLI and configure it with the command aws configure, using the access key created before.

The resources

Think about the resources you need before starting to code the terraform module.

In my case, I needed three linux virtual machines with minimal hardware requirements and a VPC with public and private subnets and a nat gateway.

I also needed a key pair to access the virtual machines from my computer, using SSH.

The modules

I decided to use modules from the Terraform Registry. These modules use variables stored in a file called variables.tf .

You can see these variables here.

In the next section I'll explain each block of the main.tf file.

The main.tf file

Terraform block

This block informs the cloud provider where the resources will be created, the required version of Terraform and the default region for the resources.

VPC (Virtual Private Cloud) block

This block defines the source of the module, which is in the Terraform Registry, and its version.

Using the definitions in the file variables.tf, it also defines:

• Name: the name of the VPC;
• CIDR (Classless Inter-Domain Routing): defines the range of IP addresses of the VPC;
• AZS: the availability zones for the VPC;
• Private subnets: the CIDR for the private subnets of this VPC;
• Public subnets: the CIDR for the public subnets of this VPC;
• Enable NAT gateway: if true, the public subnets will provide a NAT gateway, so that the private subnets can access the internet;
• Tags: just to identify the resource.

Key-pair block

This block creates a key pair into the EC2 service, which is going to be attached to EC2 instances.

It uses a public key created locally. 

This key will be used to access the EC2 instances by SSH.

EC2 instances block

Finally, the EC2 instances block defines how the virtual machines will be created.

It uses the Terraform Registry to create three instances.

The names of the instances will be:

• dio-app-ec2-cluster-0
• dio-app-ec2-cluster-1
• dio-app-ec2-cluster-2

AMI (Amazon Machine Image) is the ID of the image of the operating system used to initiate the virtual machine, in this case, Amazon Linux.

T2.micro is a type of instance that is a low-cost, general purpose that provides a baseline level of CPU performance with the ability to burst above the baseline when needed.

Key_name is defined by the module key-pair, above.

The VPC security group is the one created with the VPC previously declared.

These instances will be created in the public subnet, so they will have one public IP address each.

Once these resources are created, it’s necessary to add an inbound rule to the security group, allowing access to the SSH default port: 22.

It’s possible to describe the desired configuration of the security group in the Terraform module, but I did it manually, in the AWS console.

This is the image of the EC2 instances created:

Creating and destroying

Using this Terraform module, I created the resources so that I could take all the necessary steps of the course exercise. At the end of the day, I destroyed them all, with a single command:

> terraform destroy

This means: peace!