Terraform Automation Hands-On Project on AWS | Deploy Apache WebApp with EC2 ASG, ALB, CloudWatch and SNS

Bhavuk MudgalBhavuk Mudgal
4 min read

Application Architecture:

Automating AWS Infrastructure with Terraform. This project deploys:

  1. A Web Application on AWS EC2 Instances as part of an AutoScaling Group (ASG)

  2. The AutoScaling Group is integrated with an Application Load Balancer (ALB) and a Launch template (LT)

  3. The LT utilizes a custom AWS AMI (Amazon Machine Image) that already has a static website code with an Apache web server configured

  4. The ASG also has a Dynamic Scaling policy to increase the number of instances in the ASG automatically when the Average CPU Utilization of the ASG breaches the threshold of 40 percent

  5. The scaling event is triggered via a CloudWatch Alarm that also sends an AWS SNS (Simple Notification Service) based Email to the users.

Steps to use the Terraform script to automatically deploy the infrastructure:

Resources that should be provisioned before using the Terraform script:

  1. An AWS Account with a Bastion Host (EC2 with Amazon Linux 2023 OS) where Terraform is installed and configured. An AWS SSH keypair named “kp”.

For help on AWS EC2 Instance Creation (with Terraform script) and Terraform Installation: https://youtu.be/JkxB_d8XLN8

2. An IAM Role is attached to the Bastion Host with “Administrator” access.

For help with IAM Role creation, see the following YouTube Video: https://youtu.be/TF9oisb1QJQ

3. AWS CLI configured on the Bastion Host (In case we need it. Amazon Linux AMI already has AWS CLI installed, so no need to install or configure if you use that AMI).

4. The AMI ID should already be available to be used with the Launch Template. I am keeping it separate from the Terraform project so that when I destroy the project (terraform destroy), the AMI is still available as I use it with different projects. If help is required to create this AMI, please refer:

YouTube Video: https://youtu.be/FOHXylL8e2Q

5. The Security Groups for the LT and ALB should already be available. The reason for doing that is the same as in point number 4. If you need help with the creation of Security Groups, please refer:

YouTube Video: https://youtu.be/FOHXylL8e2Q

6. The infrastructure is deployed in a default VPC and subnets that are available per region (in this case, us-east-1) in an AWS account.

7. An IAM role (for enabling AWS Session Manager) that will be associated with the 2 AWS EC2 Instances that will be part of the LT and ASG, hosting the static Apache website. Again, keeping it separate as I use it in other projects as well. Name the IAM role as: ec2-ssm

Please follow the below steps to configure AWS Session Manager on an AWS EC2 Instance:

A. Create an IAM Role for EC2 Instance and attach 𝙰𝚖𝚊𝚣𝚘𝚗𝚂𝚂𝙼𝙼𝚊𝚗𝚊𝚐𝚎𝚍𝙸𝚗𝚜𝚝𝚊𝚗𝚌𝚎𝙲𝚘𝚛𝚎 IAM policy to the role.

B. No need to install the amazon-ssm-agent if you are using Amazon Linux AMI, as it is pre-installed. For other AMIs, refer to: https://docs.aws.amazon.com/systems-manager/latest/userguide/manually-install-ssm-agent-linux.html

8. SSH to your bastion host and follow the instructions below (commands highlighted in Italic font):

(A). Become root: sudo su -

(B). Create a directory: mkdir terraform

©. cd to the new directory: cd terraform

(D). Create the main.tf file: vim main.tf (file is available in this repo — please fill out the 7 placeholders in the file — MANDATORY STEP)

7 Placeholders (subnet-id-1 and subnet-id-2 are at 2 places): your-ami-id, LT-security-group-id, your-email-id, alb-security-group-id, your-vpc-id, subnet-id-1, subnet-id-2

Note: You may use Terraform variables for all the placeholders.

(E). Initiate Terraform backend: terraform init

(F). Check Terraform syntax: terraform validate

(G). Perform a dry run to confirm Terraform resources that will be created: terraform plan

(H). Create Terraform resources: terraform apply

9. Head over to your AWS Management console to see the created project resources.

10. Copy the LB DNS and try accessing the website on a browser. Test if it loads.

11. Please confirm the AWS SNS Topic subscription by checking your email. This will ensure that you receive the CloudWatch Alarm-based alert email.

12. SSH into one of the 2 EC2 instances from the AutoScaling Group via AWS Session Manager and then run the following commands to stress out CPU utilization. Please run the below 2 commands in sequence:

yum install stress -y

stress — cpu 1 — timeout 800 &

13. Head over to your ASG Instances section and check if a new EC2 Instance has been created. Also, check your email if you received the alert. This completes the project successfully.

14. Destroy all terraform resources: terraform destroy

GitHub Repo for all the project files: https://github.com/bhavukm/tf-aws-asg-lb-cw.git

YouTube Video for step-by-step instructions: https://youtu.be/ThEk09lV0vo

YouTube Video for this entire AWS Project Deployed Manually from UI: https://youtu.be/dMUQTQS1l3g

YouTube Video for help on AWS EC2 Instance Creation (Manually from UI): https://youtu.be/FOHXylL8e2Q

0
Subscribe to my newsletter

Read articles from Bhavuk Mudgal directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

Bhavuk Mudgal
Bhavuk Mudgal