Terraform Launch EC2 Instance

Here’s the template for launching an EC2 instance via Terraform.

provider "aws" {
  region                  = "us-east-1"
  shared_credentials_file = "/home/username/.aws/credentials"
  profile                 = "default"
}
resource "aws_security_group" "hostname-sg" {
	name = "allow ssh"
	vpc_id = ""
	ingress {
		cidr_blocks = [ "10.0.0.0/8" ]
		from_port = 22
		to_port = 22
		protocol = "tcp"
	}
	egress {
		from_port = 0
		to_port = 0
		protocol = "-1"
		cidr_blocks = [ "0.0.0.0/0" ]
	}
}
resource "aws_instance" "hostname" {
	ami = "ami-xxxxxxxxxx"
	key_name = "your-key"
	instance_type = "t2.large"
	subnet_id = "subnet-xxxxxxxx"
	security_groups	= ["${aws_security_group.hostname-sg.id}"]
	tags {
		Name = "hostname"
		Environment = "development"
	}
}

Encrypt Volume via Terraform

Here’s the Terraform script to encrypt an unencrypted volume. It creates a snapshot, encrypts a snapshot, and encrypts the volume.

#
# Set Variables
#
variable "volume" {
  description = "The Volume to encrypt: vol-12345678901234567"
}
variable "region" {
  description = "The Region: us-east-2"
}
variable "az" {
  description = "The AZ: us-east-2a"
}
 
#
# Set Credentials
#
provider "aws" {
	access_key = "put-your-access-key-here"
	secret_key = "put-your-secret-key-here"
	region = "${var.region}"
}
 
/*
#
# Create Unencrypted Volume
#
resource "aws_ebs_volume" "unencrypted_volume" {
  availability_zone = "${var.az}"
  size              = 10
  tags = {
    Name = "Unencrypted_Volume"
  }
}
*/
 
#
# Create Unencrypted Snapshot
#
resource "aws_ebs_snapshot" "unencrypted_snapshot" {
  #volume_id = "${aws_ebs_volume.unencrypted_volume.id}"
  volume_id = "${var.volume}"
  tags = {
    Name = "Unencrypted_Snapshot"
  }
}
 
#
# Create Encrypted Snapshot
#
resource "aws_ebs_snapshot_copy" "encrypted_snapshot" {
  source_snapshot_id = "${aws_ebs_snapshot.unencrypted_snapshot.id}"
  source_region      = "${var.region}"
  encrypted = true
  tags = {
    Name = "Encrypted_Snapshot"
  }
}
 
#
# Created Encrypted Volume
#
resource "aws_ebs_volume" "encrypted_volume" {
  availability_zone = "${var.az}"
  snapshot_id = "${aws_ebs_snapshot_copy.encrypted_snapshot.id}"
  tags = {
    Name = "Encrypted_Volume"
  }
}

Terraform

Hashicorp has a product called Terraform, which is a provisioning tool for the cloud. It works with most major providers like AWS, GCP, Azure and many more. Unlike CloudFormation, Resource Manager and Deployment Manager, Terraform will work with not just its own, but with many cloud providers. Here’s an example of how to provision a single instance to AWS, and assign an elastic IP to it. The cloud resources in the example were redacted. Placeholder values were placed instead for security purposes.

provider "aws" {
	access_key = "xxxxxxxx"
	secret_key = "xxxxxxxxxxxxxxxxxxxxxxxxxx"
	region = "us-east-2"
}
 
resource "aws_instance" "server1" {
	ami = "ami-xxxxxxxxxxxxxx"
	key_name = "tfc-ohio"
	instance_type = "c5.2xlarge"
	subnet_id = "subnet-xxxxxxxx"
	security_groups	= ["sg-xxxxxxxxxxxxxxx"]
	private_ip = "10.0.4.100"
	tags {
		Name = "Server One"
	}
}
 
resource "aws_eip_association" "server1-eip" {
  instance_id = "${aws_instance.server1.id}"
  allocation_id = "eipalloc-xxxxxxxx"
}

To provision an instance, just run:

terraform apply

When you are done, just run:

terraform destroy