🚀 Overview:

Modern infrastructure demands automation, scalability, and repeatability. Manual provisioning of cloud resources and configuration management quickly becomes error-prone and unmaintainable as environments grow.

This project demonstrates how to build a fully automated, production-grade infrastructure pipeline using Terraform for infrastructure provisioning and Ansible with dynamic AWS inventory for configuration management.

The solution provisions multiple EC2 instances across environments (dev, stage, prod), dynamically discovers them using AWS APIs, and configures them automatically — all without hardcoded IP addresses or manual intervention.

🔧 Problem Statement

Traditional infrastructure workflows often suffer from:

• Hardcoded server IPs in configuration files

• Manual SSH access and host inventory management

• Inconsistent environments across dev, stage, and prod

• Infrastructure drift due to manual changes

• Difficulty scaling across availability zones and environments

Additionally, many teams struggle with:

• Incorrect subnet placement

• SSH connectivity failures due to networking misconfigurations

• Poor separation between provisioning and configuration

This project solves these problems by combining Infrastructure as Code (IaC) with dynamic configuration orchestration.

💽 Techonology Stack

📌 Architecture Diagram

┌──────────────────┐

Local Machine (Deploy Scripts)

└─────────┬────────┘

▼

┌──────────────────────────┐

Terraform (IaC)

- VPC & Subnets (existing)

- EC2 Controller

- EC2 Application Nodes

- Security Groups

- SSH Key Pair │

└─────────┬────────────────┘

▼

┌──────────────────────────┐

• • AWS EC2 Instances

    • - Dev / Stage / Prod

- Auto-assigned Public IP

└─────────┬────────────────┘

▼

┌──────────────────────────┐

Ansible Dynamic Inventory

- AWS API Discovery

- Tag-based Grouping

└─────────┬────────────────┘

▼

┌──────────────────────────┐

Ansible Playbooks

- Configure environments

- Apply roles

└──────────────────────────┘

Key Architectural Decisions

• Dynamic inventory eliminates static host files

• Tag-based grouping separates dev/stage/prod automatically

• Terraform-generated SSH keypair ensures secure access

• Public subnet detection via route tables prevents silent networking failures

• Preflight validation ensures infrastructure readiness before configuration

🌟 Project Requirements

• AWS account with permissions for EC2, VPC, IAM

• Terraform ≥ 1.5

• Ansible ≥ 2.15

• AWS CLI configured (aws configure)

• Bash shell

• Git

📋 Table of Contents

I - Terraform Configuration files

Step 1: Provider Configuration

Step 2: Variables Configuration

Step 3: Main Configuration

Step 4: Iam role Configuration

Step 5: Output Configuration

Step 6: User-data

II - Ansible files

Step 7: Inventory file

Step 8: Ansible configuration file

Step 9: Playbook file

Step 10: Requirements file

Step 11: Handlers

Step 12: Tasks

Step 13: Template files

III - Scripting files

Step 14: Deploy file

Step 15: Destroy file

IV - Instructions of Deployment

Step 16: Clone Repository

Step 17: Run Deployment

Step 18: Destroy Infrastructure

✨Terraform Configuration files

You need to write different files generating resources

Step 1: Provider Configuration

Here we declare our cloud provider and we specify the region where we will be launching resources

• provider Configuration

Step 2: Variables Configuration

This is where we declare all variables and their value. It includes the list of element that can vary or change. They can be reuse values throughout our code without repeating ourselves and help make the code dynamic

• variables Configuration

Step 3: Main Configuration

This is where you create the basement, foundation and networking where all the resources will be launch. It includes keypair, Security groups and EC2 instances,

• Main Configuration

Step 4: IAM Role Configuration

We define the temporary access to the instances via the role. it is a simple way of allow the controller to SSH via the others instances.

• IAM Role Configuration

Step 5: Output Configuration

Know as Output Value : it is a convenient way to get useful information about your infrastructure printed on the CLI. It is showing all public IP of the instances.(Controller and nodes)

• Output Configuration

Step 6: User-data

user data is a script or custom data that you provide to an EC2 instance to be executed automatically on its first launch. It's used to automate the initial setup of an instance, such as installing software, configuring settings, or running commands needed to make the instance ready for use. In our case we will have two user data one for the controller where ansible and all dependencies will be install. The the one for the nodes where Python3 will be install.

• Userdata-controller

• Userdata-node

✨Ansible files

You need to write different files generating resources

Step 7 : Inventory file

The Ansible AWS EC2 inventory plugin dynamically discovers EC2 instances directly from AWS using API calls instead of static host files. Instances are grouped automatically based on tags, regions, or environments, ensuring inventories stay accurate as infrastructure scales or changes.

• Inventory : AWS plugin

Step 8: Ansible Configuration

The ansible.cfg file defines global Ansible behavior such as inventory location, SSH settings, privilege escalation, and retry behavior. It standardizes execution across environments and prevents inconsistencies caused by user-specific defaults.

• ansible.cfg

Step 9: Playbook file

An Ansible playbook is a declarative YAML file that defines which tasks run on which hosts and in what order. It orchestrates configuration, package installation, and service management in a repeatable and idempotent manner.

• playbook.yml

Step 10: Requirements file

The requirements.yml file defines external Ansible roles or collections required by the project. This ensures consistent dependencies across environments and allows easy setup using a single installation command.

• requirements.yml

Step 11: Handlers file

Handlers are special Ansible tasks that run only when triggered by a change in another task. They are commonly used for operations like restarting services, ensuring actions occur only when necessary and avoiding unnecessary disruptions.

• main.yml

Step 12: Tasks file

This is where you create the basement, foundation and networking where all the resources will be launch. It includes keypair, Security groups and EC2 instances,

• main.yml

Step 13: Template files

The index.html template is a Jinja2-based HTML file dynamically rendered by Ansible during deployment. It allows environment-specific values (such as hostnames or environment names) to be injected into web content automatically. Deploys environment-specific index.html pages:

• prod.html. → Portfolio UI with achievements, skills, certifications, socials, and image.

• dev.html. → Minimal UI with a developer theme.

• stage.html. → Modern preview UI.

✨ Scripting files

You need to write different bash script files generating and destroying resources. The file will contains all step by step meaning all terraform command and ansible management for the execution of the process.

Step 14: Deploy file

Here we declare the initialization of the folder, the validation of the configuration, the plan of resources to be create and apply of the execution where we will be launching resources, then we will SSH in the controller and pursuit the deployment of the index webpage in all 6 instances in three environment..

• Deploy file

Step 15: Destroy file

This is where we declare the script that will allow terraform command to destroy all the resources created and all other dependencies and ansible to be destroy.

• Destroy file

💼 Instructions of Deployment

Follow these steps to deploy the architecture:

Step 16: Clone Repository:

Clone the repository in your local machine using the command "git clone" then enter the folder

git clone https://github.com/Joebaho/Terra-Ansible-Dynamic.git

cd Terra-Ansible-Dynamic

Step 17: Run Deployment

For a one time deployment of the infrastructures and configuration of the application you must type both commands bellow. These would launch the process and get everything ready. Terraform and Ansible would apply the configuration and management of the webpages in each environments.

chmod +x deploy.sh

./deploy.sh

The process will execute all terraform command and display the following steps. You must see this image

Terraform init: Initialize the folder. Terraform fmt & validate: Check for any syntax error and valid the status of the configuration files

Terraform apply: confirm all resources created and Terraform output: show all the output information to be use by user.

After all infrastructure deploy, Ansible now take over and starting process by first via the aws ec2 plugin will collect the public Ip of all the instances.

Then ansible will run the playbook

Continue the play following each stage or environment

Playbook completed you will have the confirmation

Going back in the console we can see all instances created

By picking any public IP and paste that in a new window on the browser and the web page will display. As we had three environments we will have three webpage

Prod webpage

Dev Webpage

stage webpage

Step 18: Destroy infrastructure

After you are done with the infrastructure and you are ready to destroy you can run the command. First you make the file executable then you apply execution.

chmod +x destroy.sh

./destroy.sh

After typing or pasting the command, the process will destroy all infrastructures and configuration files. You will get bellow image as confirmation

📌 Learning Outcomes

• Through this project, you will learn how to:

  • Build production-ready Terraform modules

  • Avoid common AWS networking pitfalls (public vs private subnets)

  • Use Ansible dynamic inventory with AWS

  • Eliminate static inventory files

  • Secure SSH access using Terraform-managed keys

  • Debug real-world infrastructure issues (timeouts, subnet routing)

  • Structure deploy/destroy workflows professionally

  • Create reusable DevOps portfolio projects

🔗 Resources

• • Terraform AWS Provider Documentation
    https://registry.terraform.io/providers/hashicorp/aws/latest/docs

    • Ansible Dynamic Inventory (AWS EC2) https://docs.ansible.com/ansible/latest/plugins/inventory/aws_ec2.html

    • AWS VPC Routing Concepts https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html

    • Infrastructure as Code Best Practices https://www.hashicorp.com/resources/infrastructure-as-code

🤝 Contributing

Your perspective is valuable! Whether you see potential for improvement or appreciate what's already here, your contributions are welcomed and appreciated. Thank you for considering joining us in making this project even better. Feel free to follow me for updates on this project and others, and to explore opportunities for collaboration. Together, we can create something amazing!

Contributions are welcome 🚀

If you’d like to improve this project:

1. Fork the repository

2. Create a feature branch

3. Submit a pull request

Ideas for contributions:

• Add private subnet + NAT architecture

• Introduce Ansible roles

• Add CI/CD validation

• Extend to multi-region deployments

📄 License

This project is licensed under the JoebahoCloud License

🚀 Overview:

The building of the infrastructure and deploy of a web page on AWS using Terraform aims to create a scalable and resilient infrastructure that leverages the power of Amazon Web Services (AWS) cloud platform. This project utilizes Terraform, an Infrastructure as Code (IaC) tool, to provision and manage the infrastructure components, enabling automation, repeatability, and scalability. This project demonstrates how to provision, deploy and destroy infrastructure on AWS using Terraform and automate the deployment with bash Scripting. A deployment script (deploy.sh) and a destroy script (destroy.sh) are use for the automation process. It’s a hands-on DevOps project showing Infrastructure as Code (IaC) and automation.

🔧 Problem Statement

Terraform is an IaC software tool that provides a consistent command line interface (CLI) workflow to manage hundreds of cloud services. Terraform codifies cloud APIs into declarative configuration files. In this specific case you need to create foundation Networking(VPC, Subnets, route table, IGW, NAT Gateway...), Terraform will automatically use the configuration files to provide the infrastructure resources where we can run application needed. Terraform will use his deployment to provide all AWS needed elements avoiding us to use the console and it will automate the setup, ensuring consistency and reducing human error. The bash scripting and the other hands will facilitate the deploy by simply automating the process.

💽 Techonology Stack

The architecture consists of the following three tiers:

• AWS VPC: AWS VPC

• Subnets: AWS Subnets

• Route table: AWS route table

• NACL: AWS NACL

• Internet Gateway: AWS IGW

• Elastic Load Balancer: AWS ELB

📌 Architecture Diagram

┌──────────────────────────┐

│ Developers │ │ Push Code to GitHub │

└─────────────┬────────────┘

┌──────────────────────────┐

│ Terraform Configuration files │

- main.tf

- providers.tf

- variables.tf

└─────────────┬────────────┘ ┌────────────────────────────┐

│ Bash Scripting │

- Deploy.sh

- Destroy.sh

└────────────┬────────────────┘ ┌────────────────────────────┐

│ NGINX │

- Install and configuration

- Copy index.html

└─────────────┬──────────────┘ ┌────────────────────────────┐

│ Elastic Load Balancer│

- Distributes traffic

- Performs health checks

└─────────────┬──────────────┘ ┌────────────────────────────┐

│ End Users │ │ Access via ELB DNS NAME │

└────────────────────────────┘

🌟 Project Requirements

Before you get started, make sure you have the following prerequisites in place:

• Terraform installed on your local machine.

• AWS IAM credentials configured in your text editor. In this case we will use VSCODE.

• Git installed on your local machine and Github account set up Github

• Git for cloning the repository.

You must also know Terraform workflow

📋 Table of Contents

I - Terraform Configuration files

Step 1: Provider Configuration

Step 2: Variables Configuration

Step 3: Main Configuration

Step 4: Output Configuration

Step 5: User-data

II - Scripting files

Step 6: Deploy file

Step 7: Destroy file

III - Instructions of Deployment

Step 8: Clone Repository

Step 9: Run Deployment

Step 10: Destroy Infrastructure

✨Terraform Configuration files

You need to write different files generating resources

Step 1: Provider Configuration

Here we declare our cloud provider and we specify the region where we will be launching resources

• provider Configuration

Step 2: Variables Configuration

This is where we declare all variables and their value. It includes

• Variables: List of element that can vary or change. They can be reuse values throughout our code without repeating ourselves and help make the code dynamic

• values: values attributed to each variables.

We have

• variables Configuration

• value Configuration

Step 3: Main Configuration

This is where you create the basement, foundation and networking where all the resources will be launch. It includes VPC, Subnets, IGW, Route tables, Security groups, EC2 instances, Targets group and Elastic load balancer

• Main Configuration

Step 4: Output Configuration

Know as Output Value : it is a convenient way to get useful information about your infrastructure printed on the CLI. It is showing the DNS name of the load balancer and public IP of the instances.

• Output Configuration

Step 5: User-data

user data is a script or custom data that you provide to an EC2 instance to be executed automatically on its first launch. It's used to automate the initial setup of an instance, such as installing software, configuring settings, or running commands needed to make the instance ready for use. In our case the user data will update the server, install Nginx and copy the index.html file to the correspondant folder.

• User-data

✨Bash Scripting files

You need to write different bash script files generating and destroying resources. The file will contains all step by step meaning all terraform command for the execution of the process.

Step 6: Deploy file

Here we declare the initialization of the folder, the validation of the configuration, the plan of resources to be create and apply of the execution where we will be launching resources.

• Deploy file

Step 7: Destroy file

This is where we declare the terraform command to destroy all the resources created.

• Destroy file

💼 Instructions of Deployment

Follow these steps to deploy the architecture:

Step 8: Clone Repository:

Clone the repository in your local machine using the command "git clone" then enter the folder

git clone https://github.com/Joebaho/Flipkart-Deploy.git

cd Flipkart-Deploy

Step 9: Run Deployment

Initialize the folder containing configuration files that were clone to Terraform and apply the configuration by typing the following command

chmod +x deploy.sh

./deploy.sh

The process will execute all terraform command and display the following steps. You must see this image

Terraform init: Initialize the folder

Terraform fmt & validate: Check for any syntax error and valid the status of the configuration files

Terraform plan: confirm the numbers of resources that will be create

Terraform apply: confirm all resources created

Terraform output: show all the output information to be use by user.

After copy the ELB dns name in the output section you can go paste that in a new window on the browser and the web page will display.

Step 10: Destroy infrastructure

After you are done with the infrastructure and you are ready to destroy you can run the command. First you make the file executable then you apply execution.

chmod +x destroy.sh

./destroy.sh

After typing or pasting the command you will get images

You will need to confirm the destruction of the deployment. Then all the 16 resources created before will be destroyed.

📌 Learning Outcomes

• Understand Terraform basics (providers, resources, state management)

• Automate deployments with Shell scripting

• Hands-on AWS infrastructure provisioning

🔗 Resources

• Terraform AWS Provider Docs

• Terraform CLI Docs

🤝 Contributing

Your perspective is valuable! Whether you see potential for improvement or appreciate what's already here, your contributions are welcomed and appreciated. Thank you for considering joining us in making this project even better. Feel free to follow me for updates on this project and others, and to explore opportunities for collaboration. Together, we can create something amazing!

📄 License

This project is licensed under the JoebahoCloud License

🚀 Overview:

VPC peering across two AWS regions is a network connection that allows Virtual Private Clouds (VPCs) in different geographic locations to communicate securely and directly with each other, enabling seamless data transfer and resource access while maintaining the isolation and security of each VPC. This inter-region connectivity facilitates distributed application architectures, disaster recovery setups, and data replication scenarios, enhancing the versatility and global reach of AWS infrastructure for businesses and organizations. This project utilizes Terraform, an Infrastructure as Code (IaC) tool, to provision and manage the infrastructure components, enabling automation, repeatability, and scalability. The primary objective of this project is to design and deploy two virtual Private Cloud on AWS in two separated region “us-west-2” and “us-east-1” then we will create a VPC peering to link both VPCs and finally launch two EC2 instances in both private subnets then test connectivity between them.

🔧 Problem Statement

Terraform is an IaC software tool that provides a consistent command line interface (CLI) workflow to manage hundreds of cloud services. Terraform codifies cloud APIs into declarative configuration files. In this specific case you need to create VPC peering across two AWS regions. It is a network connection that allows Virtual Private Clouds (VPCs) in different geographic locations to communicate securely and directly with each other, enabling seamless data transfer and resource access while maintaining the isolation and security of each VPC. This inter-region connectivity facilitates distributed application architectures, disaster recovery setups, and data replication scenarios, enhancing the versatility and global reach of AWS infrastructure for businesses and organizations. Terraform will use his deployment to provide all AWS needed elements avoiding us to use the console and it will automate the setup, ensuring consistency and reducing human error.

💽 Techonology Stack

The architecture consists of the following services tiers:

• VPC: AWS VPC

• Subnets: AWS Subnets

• Route table: AWS route table

• NACL: AWS NACL

• Internet Gateway: AWS IGW

• NatGateway : AWS NATGATEWAY

• SSM Role: AWS IAM

• EC2 Instance: AWS EC2

• Peering Connection: AWS VPC Peering

📌 Architecture Diagram

🌟 Project Requirements

Before you get started, make sure you have the following prerequisites in place:

• Terraform installed on your local machine.

• AWS IAM credentials configured in your text editor. In this case we will use VSCODE.

• Git installed on your local machine and Github account set up Github

• Git for cloning the repository.

• AWS VPC services

You must know the goal of the peering connection:

To achieve VPC peering across regions, first, create the necessary VPCs in each region, ensuring they have unique CIDR blocks. Next, create VPC peering connections in both regions, accepting the peer requests. Update the route tables in each VPC to include routes for the peer VPC's CIDR block, pointing to the peering connection. Finally, configure security groups and network ACLs to allow the required traffic between the peered VPCs. This setup enables seamless and secure communication between resources in the US East and US west regions while maintaining network isolation. We will skip the completion of these manual steps and we will use Terraform where cade with all those steps were wrote and now will just be run and deploy.

📋 Table of Contents

I - Terraform Configuration files

Step 1: Providers Configuration

Step 2: Variables Configuration

Step 3: VPCs Configuration

Step 4: Main Configuration

Step 5: Output Configuration

II - Instructions of Deployment

Step 1: Clone Repository

Step 2: Initialize Folder

Step 3: Format Files

Step 4: Validate Files

Step 5: Plan

Step 6: Apply

Step 7: Review of Resources

Step 8: Testing Connectivity

Step 9: Destroy

✨Terraform Configuration files

You need to write different files generating resources

Step 1: Provider Configuration

Here we declare our cloud provider and we specify the regions where we will be launching resources. The regions us-east-1 and us-west-2 are the two to be precise.

• providers Configuration

Step 2: Variables Configuration

This is where we declare all variables and their value. It includes

Variables: List of element that can vary or change. They can be reuse values throughout our code without repeating ourselves and help make the code dynamic. We can de declare stuff like CIDR blocks, ports numbers, key name, instance type, count VPCs and subnets name.

Value: Declare different default value of each variables

We have

• variables Configuration

• value Configuration

Step 3: VPCs Configuration

This is where you create the basement, foundation and networking where all the resources will be launch. It includes VPC, Subnets, IGW, NatGateway, EIP, NCAL and Route tables

• vpc-east

• vpc-west

We have here

• VPC: Virtual Private Cloud the main and private environment where all resources will be launch

• Subnets: is a segmented portion of a virtual private cloud (VPC) that allows you to partition your network resources. Subnets are used to organize and manage your cloud resources more effectively by providing isolation and control over network traffic. We will be having two public and private in each VPCs

• Internet Gateway: it plays a crucial role in enabling internet connectivity for resources within a VPC, allowing instances to access services, applications, and data hosted on the public internet while providing scalability, redundancy, and security features. One for the each will allow access to internet for each VPCs.

• Route Tables: is a fundamental networking component that controls the routing of network traffic within a Virtual Private Cloud (VPC). Route tables define the rules for directing traffic from one subnet to another or to external networks, such as the internet or on-premises networks. As we need to are peering tow VPCs we will need to route the traffic from local to internet and the private link between the two close environment.

• NCAL: Network Access Control Lists (NACLs) are a security layer in AWS that act as a firewall for controlling traffic in and out of one or more subnets within a Virtual Private Cloud (VPC).

• Security Groups: a security group acts as a virtual firewall for controlling inbound and outbound traffic to AWS resources, such as EC2 instances, RDS databases, and other services within a Virtual Private Cloud (VPC). Security groups allow you to define rules that specify the type of traffic allowed or denied based on protocols, ports, and IP addresses.

Step 4: Main Configuration

This is where we declare the file for the peering which is the main file. The main file is the one containing the goal of the project which is the peering of both VPCs. This is where the link and the attachment and connectivity of the VPCs is done.

. main

The SSM file will be the role because we will connect to the instance using the private IP and as we will connect to the instance securely. The easier way will be by SSM connect

. ssm-role

The both instances will bee launched in the private subnets of each VPCs. Here are the contains of each files that will launch the instances

. ec2-east

. ec2-west

Step 5: Output Configuration

Know as Output Value : it is a convenient way to get useful information about your infrastructure printed on the CLI. It is showing the ARN, name or ID of a resource. In this case we are bringing out the both VPCs Id and both EC2 private IP. we gonna us those private IPs to test the connectivity

• Output Configuration

💼 Instructions of Deployment

Follow these steps to deploy the architecture:

Step 1: Clone Repository:

Clone the repository in your local machine using the command "git clone"

git clone https://github.com/Joebaho/VPC-PEERING

Step 2: Initialize Folder

Initialize the folder containing configuration files that were clone to Terraform and apply the configuration by typing the following command

terraform init

You must see this image

Step 3: Format Files

Apply any changes on files and Review the changes and confirm the good format with command:

terraform fmt

Step 4: Validate Files

Ensure that every files are syntactically valid and ready to go with the command:

terraform validate

If everything is good you will have something like this

Step 5: Plan

Create an execution plan to provide the achievement of the desired state. It Check and confirm the numbers of resources that will be create. Use command:

terraform plan

The list of all resources in stage of creation will appear and you can see all properties(arguments and attributs) of each resources

Step 6: Apply

Bring all desired state resources on life. It Launch and create all resources listed in the configuration files. The command to perform the task is:

terraform apply -auto-approve

Now, the creation will start and you will be able to see which resources is on the way to be create and the time it taking to create.

At the end you will receive a prompt message showing all resources status: created, changed and the numbers of them.

Here are the outputs :

Step 7: Review of resources

Go back on the console and check all actual state resources one by one to see. You will have

• VPC-EAST

In the VPC option, we can see here the VPC, subnets( Public & Private) routes tables ( public & Private), Internet Gateway , Nat Gateway deployed in the us-east-1 region.

This shows route for the connectivity. Every communication from the CDIR block of the other VPC will have as target the VPC peering, for local one use the CDIR block of the requester VPC. If you want to access internet the Internet Gateway or the Nat Gateway will be the way to go.

• VPC_WEST

We can see here the VPC, subnets( Public & Private) routes tables ( public & Private), Internet Gateway , Nat Gateway deployed in the us-west-2 region.

This shows route for the connectivity. Every communication from the CDIR block of the other VPC will have as target the VPC peering, for local one use the CDIR block of the requester VPC. If you want to access internet the Internet Gateway or the Nat Gateway will be the way to go.

• Peering Connection east

VPC peering connects two VPCs privately. The requester VPC-west initiates the connection, and the accepter VPC-east approves it. Both configure route tables for traffic flow between the VPCs. Manually this process needs acceptance confirmation of the accepter but in this case we placed that automatically in the code.

• Peering Connection west

VPC peering connects two VPCs privately. The requester VPC-west initiates the connection, and the accepter VPC-east approves it.

• EC2-WEST

• EC2-EAST

• Server-west connect

After selecting the instance, we may now look for a way to connect to it. As we added the SSM role we will have to select it and hit on “Connect” that will land us directly in the server.

• Server-east connect

Step 8: Testing Connectivity

The testing process will require to use the ping command to see if there is any response from the server. We need to grab the private IP of ec2-east server and test it the ec2-west server. As you can see on the both Screenshots each ping return a response this mean the connectivity is perfect and going through

• Ping server west

• Ping server east

Step 9: Destroy

Destroy the terraform managed infrastructure meaning all resources created will be shut down. This action can be done with the command "terraform destroy"

terraform destroy -auto-approve

At the end you will receive a prompt message showing all resources has been destroyed. The 53 resources created for the purpose of this project will all be destroyed and instances terminated. After typing the command the process of deleting resources will be launch and at the end there will be a confirmation message. See screenshot bellow:

🤝 Contributing

Your perspective is valuable! Whether you see potential for improvement or appreciate what's already here, your contributions are welcomed and appreciated. Thank you for considering joining us in making this project even better. Feel free to follow me for updates on this project and others, and to explore opportunities for collaboration. Together, we can create something amazing!

📄 License

This project is licensed under the JoebahoCloud License

Building a quadratic equation solver application using Docker, Terraform, Bash scripting and Cloudformation.

🚀 Overview:

This project aims to develop and deploy a scalable web application that solves quadratic equations, incorporating modern DevOps practices and cloud infrastructure automation. The application will provide users with a simple interface to input coefficients (a, b, c) of a quadratic equation (ax² + bx + c = 0) and receive calculated roots in real-time.

The technical implementation leverages containerization through Docker for consistent deployment environments, Infrastructure as Code (IaC) using both Terraform and AWS CloudFormation for cloud resource management, and Bash scripting for automation and operational tasks. This multi-tool approach demonstrates the integration of various DevOps technologies while solving a practical mathematical problem.

🔧 Problem Statement

Educational institutions and students often need quick access to quadratic equation solutions, but existing calculators are typically standalone applications or simple websites that lack scalability and modern deployment practices. Additionally, organizations face several challenges when deploying and maintaining such applications:

1. Consistency Issues: Different development and production environments lead to deployment failures and inconsistent behavior.

2. Manual Infrastructure Setup: Traditional deployment methods require manual configuration, making it time-consuming and error-prone to set up new environments.

3. Limited Scalability: Most existing solutions cannot easily scale to handle varying loads of user requests.

4. Complex Maintenance: Without proper automation and infrastructure management, maintaining and updating the application becomes increasingly difficult.

This project addresses these challenges by:

• Containerizing the application to ensure consistency across environments

• Automating infrastructure provisioning using both Terraform and CloudFormation

• Implementing efficient deployment pipelines using Bash scripting

• Creating a repeatable and maintainable cloud infrastructure setup

The solution will demonstrate how modern DevOps tools and practices can be applied to create a reliable, scalable, and maintainable application, while serving as a practical example for educational purposes in both mathematics and cloud computing.

💽 Techonology Stack

The project consists of using the following technologies:

• CloudFormation:

• EC2:

• Docker:

• Terraform:

• Bash Scripting:

📌 Architecture Diagram

🌟 Project Requirements

Before you get started, make sure you have the following prerequisites in place:

• AWS IAM credentials configured in your text editor. In this case we will use VSCODE.

• Git installed on your local machine and Github account set up Github

• Git for cloning the repository.

• Understand CloudFormation stack.

• Familiar with Docker and Bash script commands.

• Know the Terraform work flow and commands.

📋 Table of Contents

I - CloudFormation Templates

Step 1: Provide the template

Step 2: Launch the Host server

Step 3: Connect to the launched server

II - Terraform Configuration files

Step 1: Provider Configuration

Step 2: Variables Configuration

Step 3: Main Configuration

III - Python Application

Step 1: Provide file app.py

Step 2: Web page file

IV - Dockerfile

Step 1: Writing Dockerfile

V - Bash Scripting

Step 1: Writing the Bash script file

VI - Instructions of Deployment

Step 1: Copy all files in the EC2 server

Step 2: Initialize Folder

Step 3: Format Files

Step 4: Validate Files

Step 5: Plan

Step 6: Apply

Step 7: Bash Scripting execution

Step 8: Review of Resources

Step 9: Destroy

✨CloudFormation

You need to write the template generating EC2 server. We will add User-data that will install Docker and Terraform in the server. This will automate the launch f instance and avoid to login and perform installation manually. The User-data is the piece of the code that will contains all instructions og the Docker and Terraform installation.

Step 1: Provide the template

Here we declare the contains of the server in with we will be working. It is an Amazon linux 2 server with “t2.micro” as instance type and will be launch in an existant VPC. Below is the link to the template.

• CloudFormation template

Step 2: Launch the EC2 server process

Here is the process of launching the server using Cloudformation. You must login in your account via console and navigate to CloudFormation option. Click on “Create Stack”

Then, select the type and the location of the file.this will help CloudFormation to localise the file the upload it to the stack.

You will provide informations such as “stack Name”, “Instance_type”, “key_name”, “SSH Unique IP address which is your personal public IP”. You will select an existing public subnet in the list also the VPC.

Check the acknowledgement option on the bottom of the page then hit next and after on the next page hit “Submit”

The process of creating resources will launch and resources will be on slowly and one after another base of what were declare in the template.

Keep refreshing with the circle arrow in order to see the evolution of the creation.

When completed you will get the get the massege saying “Create Completed”

Step 3: Connect to the launched EC2 server

On the console open another tab where you will navigate till get to EC2. Select the running instance and click on “Connect”

The following windows will appear. On your ligne of command be on the folder that contains your private key pair. Copy each command and type to the command ligne

The two commands will prompt to a validation and then connect securely to your EC2 server.

✨Terraform Configuration files

You need to write different files generating the build of Docker image, run the container base of the image. To perform the task you will need sets of terraform files such as providers, variables and main. Let each of those files.

Step 1: Provider Configuration

Here we declare our cloud provider and we specify the region where we will be launching resources

• provider Configuration

Step 2: Variables Configuration

This is where we declare all variables and their value. It includes

• Variables: List of element that can vary or change. They can be reuse values throughout our code without repeating ourselves and help make the code dynamic. Here we have only the Docker username and password.

• values: values attributed to each variables.

We have

• variables Configuration

• value Configuration

Step 3: Main Configuration

This is where you build the Docker image and run the container with that image created.

• Main Configuration

✨Python Application

You need to write the application itself using the programming language call Python. The file will contains all instructions for doing the calculation base of coefficients enter by the user. We will also gonna add the layout of the web page by adding the file name index.html.

Step 1: Provide the file app.py

Here we declare the contains of the file in with we will be working.

• Python app file

Step 2: Web page file

Here is the contains of the web page. The file will provide the layout of the web page. This file must be inside a folder name “templates”.

• index.html

✨Dockerfile

You need to write the step of instructions that will help the application to be display. it will follow instructions to produce image that will help in the creation of the container on top of the where the application will run.

Step 1: Writing Dockerfile

Here we declare the contains of the file in with we will be working.

• Dockerfile

✨Bash Scripting

You need to write the step of instructions that will help push the Docker image created to the Dockerhub repository.

Step 1: Writing the Bash Scripting file

Here we declare the contains of the file in with we will be working.

• image_push.sh

  You will get back on this later on in the execution or deployment of the application.

💼 Instructions of Deployment

Follow these steps to deploy the architecture:

Step 1: Copy all files in the server:

You will have to create a folder that will contains all these files. Call the folder “Terraform-Docker”

mkdir Terraform-Docker

cd Terraform-Docker

You will use the “vi” command to create file and then insert the contains directly

Step 2: Initialize Folder

Ounce you done copying files you must Initialize the folder containing configuration files that were clone to Terraform and apply the configuration by typing the following command

terraform init

You must see this image

Step 3: Format Files

Apply any changes on files and Review the changes and confirm the good format with command:

terraform fmt

Step 4: Validate Files

Ensure that every files are syntactically valid and ready to go with the command:

terraform validate

If everything is good you will have something like this

Step 5: Plan

Create an execution plan to provide the achievement of the desired state. It Check and confirm the numbers of resources that will be create. Use command:

terraform plan

The list of all resources in stage of creation will appear and you can see all properties(arguments and attributs) of each resources. here we have only two resources the image and the container.

Step 6: Apply

Bring all desired state resources on life. It Launch and create all resources listed in the configuration files. The command to perform the task is:

terraform apply -auto-approve

Now, the creation will start and you will be able to see which resources is on the way to be create and the time it taking to create.

At the end you will receive a prompt message showing all resources status: created, changed and the numbers of them.

Here is the output :

We now need to go back on the EC2 instance in the console to grab the public ip of the instance.

Copy and paste that Ip on the browser the add colons and port 5000 and hit enter you will get the web page. The application is running in a container which is open on port “5000”. So the IP address to paste in the browser is “public_ip:5000”

After you add some coefficients you will get the result :

Step 7: Bash Scripting execution

Once you are set up and the image is now created and then the container is running you will have to push image to Dockerhub. To complete that you can use the Bash script you wrote before and you will follow those two steps:

- Make the script to be executable by changing modification command. This will give power or privilege to file so it can be executable without error.

chmod +x image_push.sh

- The process of pushing will follow ounce you type command and you will get results succeeded.

./image_push.sh

You will get the image :

Step 8: Review of resources

• After the image pushed to Dockerhub you can now go to the platform to see the repository or library. There you can see the image built.

  

  You can pull it to test by using the command:

  docker pull joebaho2/quadratic_solver_image:latest

Step 9: Destroy

Destroy the terraform managed infrastructure meaning all resources created will be shut down. This action can be done with the command "terraform destroy"

terraform destroy -auto-approve

At the end you will receive a prompt message showing all resources has been destroyed

Also you must go back to CloudFormation to delete the stack

🤝 Contributing

Your perspective is valuable! Whether you see potential for improvement or appreciate what's already here, your contributions are welcomed and appreciated. Thank you for considering joining us in making this project even better. Feel free to follow me for updates on this project and others, and to explore opportunities for collaboration. Together, we can create something amazing!

📄 License

This project is licensed under the JoebahoCloud License

🚀 Overview:

This project involves deploying an application using Amazon Elastic Container Service (ECS), Amazon Elastic Container Registry (ECR), and Docker. This combination allows for efficient containerization, storage, and orchestration of applications in the AWS cloud environment.

🔧 Problem Statement

The project goal is to implement a robust, scalable, and efficient deployment solution using AWS Elastic Container Service (ECS), Elastic Container Registry (ECR), and Docker. This solution should automate the deployment process, ensure environment consistency, improve resource utilization, enhance security, and provide better monitoring and scaling capabilities.

By successfully implementing this project, we expects to significantly reduce deployment times, minimize downtime, improve application performance, optimize resource usage, and ultimately deliver a better experience to their rapidly growing user base.

📌 Architecture Diagram

💽 Techonology Stack

The architecture consists of the following three tiers:

• Private Repository : AWS ECR

• Container: AWS ECS & Docker

• Terminal: AWS CLI

• Policies and User: AWS IAM

• Virtual Machine: AWS EC2

🌟 Project Requirements

Before you get started, make sure you have the following prerequisites in place:

• IAM User with access and secrets access keys .

• AWS IAM credentials configured in your text editor. In this case we will use VSCODE.

• A virtual machine EC2 with Docker install already

• Dockerfile and Index.html written

📋 Table of Contents

I - IAM configuration

Step 1: Create IAM Policy for ECR Access

Step 2: Attach policy to IAM user

Step 3: Configure your AWS Credentials on a running Ubuntu EC2

II - Create an ECR Repository

Step 1: Navigate to Amazon ECR

Step 2: Create a new Repository

Step 3: Configure setting

Step 4: Repository created

III - Push Docker Image to ECR

Step 1: Push commands for my-ecr-repo

Step 2: Creation Image and push to repository

IV - Create ECS

Step 1: Navigate to Amazon ECS

Step 2: Create a new ESC cluster

Step 3: Create Task Definition

Step 4: Create a Container

Step 5: Create ECS Service

Step 6: Create a Container

V - Access the web page

Step 1: Navigate to Configuration

Step 2: Check the result

✨IAM CONFIGURATION

Here is the place to set up permission and authentication for our user to access the repository

Step 1: Create IAM Policy for ECR Access

First, create an IAM policy that allows necessary permissions for Amazon ECR.

Go to AWS console, search for IAM service. In IAM Dashboard, click on Policies and then click on Create policy

Click on JSON , and Then use the following JSON code for the IAM user policy to provide Amazon ECR permissions for creating repositories and pushing images.

Click on Next and enter the name for your policy. In this case we will call it AWS-ECR-Task_Policy.

Click on Create policy

Step 2: Attach policy to IAM user

This is where we attach the new policy to a user that was created before. Or feel free to create you own user.

Go to the IAM Management console, navigate to user, find the user. under Set permissions, select Attach policies directly and select the policy created

Click on Add permission

Step 3: Configure your AWS Credentials on a running Ubuntu EC2

To perform this action as we said in the requirement you must have an Amazon Ubuntu EC2 running with Docker installed on it. Check my other project to see how to do that.

Configure AWS credentials using the aws configure command.

Provide your AWS Access Key ID, Secret Access Key, AWS Region, and output format as JSON

💼 Create an ECR Repository

Follow these steps to create an Elastic Container registry:

Step 1: Navigate to Amazon ECR

Use the AWS services search bar and search for ECR

Step 2: Create a new Repository

In the Amazon ECR console , click on Create

You will be prompt to a page where you will have to choose Public or private registry. For this project we will go with the private registry. then click Create repository

Step 3: Configure setting

In General setting give a repository name (my-ecr-repo) , the choose the image mutability. In Encryption setting stay with the standard AES-256.

Step 4: Repository created

The repository has been created successfully

💼 Push Docker image to ECR

Here we have to create the docker image and the push it to the ECR repository. To complete that we have first the Dockerfile and the index.html files created and save in the virtual machine.

Dockerfile

index.html

Step 1: Push commands for my-ecr-repo

To push go to the Amazon ECR, open the Repository name and click on View push commands

By following below steps, you can successfully push your Docker image to Amazon ECR and make it available for use in ECS
Run the following commands one by one.

Step 2: Creation Image and push to repository

Authenticate Docker to ECR

Build Docker Image

Tag image and push

List Images in ECR Repository:

Click on the refresh button to verify that the Docker image has been uploaded to the ECR repository .

📌 Create ECS

Step 1: Navigate to Amazon ECS

Go to the AWS Management Console and search for ECS

Step 2: Create a new ESC cluster

in the option, Enter name for your cluster put cluster1
Under the Infrastructure, choose "AWS Fargate". Click on Create

Cluster was created successfully

Step 3: Create Definition Task

Click on Create a new task definition

Under task definition family enter name for your task. Choose FARGATE launch type. For the operating system take Linux/x86_64.

Step 4: Create a container

Fill the option with

Name of container (web-server)
Image URL: Copy the URI from the Repository that we created earlier
Essential Container (Yes)
Port Mapping Container (Port 80), Port Name (httpd)

Then click create and the task will create

Step 5: Create ECS service

Here you have to Go back to the cluster we created. Scroll down and click Create under Services.

Under the Compute options menu. Select Capacity provider strategy. Select FARGATE as the capacity provider.

Under Deployment configuration, choose Task. In Task definition Select the created task definition, (i.e., ECR-httpd)

Under Networking, select your VPC and Subnets.

Click on Create new security group. Select HTTP and open to anywhere.

Click Create the task has been created successfully

✨Access the web page

Step 1: Navigate to Configuration

Return to the cluster1 open it , click on Tasks and click on the running task

Under Configuration, click on open address. Open the address in a web browser to access the HTTPD page.

Step 2: Check the result

🤝 Contributing

Your perspective is valuable! Whether you see potential for improvement or appreciate what's already here, your contributions are welcomed and appreciated. Thank you for considering joining us in making this project even better. Feel free to follow me for updates on this project and others, and to explore opportunities for collaboration. Together, we can create something amazing!

📄 License

This project is licensed under the JoebahoCloud License

🚀 Overview:

This project aims to demonstrate three different approaches to launching Amazon Linux 2 and Ubuntu EC2 instances on AWS and installing Docker and Jenkins on them. The three methods include using AWS CloudFormation, Terraform, and direct Bash scripting with user data.

🔧 Problem Statement

This project demonstrates three distinct methods to deploy Amazon Linux 2 and Ubuntu EC2 instances with Docker and Jenkins installed. Each approach showcases different infrastructure-as-code and automation techniques commonly used in DevOps practices.

💽 Techonology Stack

The architecture consists of the following three tiers:

• VPC: AWS VPC

• EC2 Instances: AWS EC2

• Containerization: Docker

• Cl/CD: Jenkins

• Scripting: Bashscript

📌 Architecture Diagram

                                      +-----------------------------+
                                      |         AWS Region          |
                                      |                             |
                                      | +-------------------------+ |
                                      | |       VPC               | |
                                      | |                         | |
                                      | | +-------------------+   | |
                                      | | | Availability Zone |   | |
                                      | | |         A         |   | |
                                      | | |                   |   | |
                                      | | | +-------------+   |   | |
                                      | | | |  Subnet A   |   |   | |
                                      | | | |             |   |   | |
                                      | | | | +--------+  |   |   | |
                                      | | | | | EC2     |  |   |   | |
                                      | | | | | Amazon  |  |   |   | |
                                      | | | | | Linux 2 |  |   |   | |
                                      | | | | +--------+  |   |   | |
                                      | | | +-------------+   |   | |
                                      | | +-------------------+   | |
                                      | |                         | |
                                      | | +-------------------+   | |
                                      | | | Availability Zone |   | |
                                      | | |         B         |   | |
                                      | | |                   |   | |
                                      | | | +-------------+   |   | |
                                      | | | |  Subnet B   |   |   | |
                                      | | | |             |   |   | |
                                      | | | | +--------+  |   |   | |
                                      | | | | | EC2     |  |   |   | |
                                      | | | | | Ubuntu  |  |   |   | |
                                      | | | | +--------+  |   |   | |
                                      | | | +-------------+   |   | |
                                      | | +-------------------+   | |
                                      | |                         | |
                                      | +-------------------------+ |
                                      |                             |
                                      +-----------------------------+

🌟 Project Requirements

Before you get started, make sure you have the following prerequisites in place:

• AWS account with an IAM user credentials configured in.

• An Infrastructure (VPC, Subnets, route table, Security groups, NACL...) ready to be use for the lab.

• An Amazon Linux 2 and Ubuntu EC2 instance running for the part for the bash scripting

• To install Jenkins on a server you must have minimum hardware requirements:

  256 MB of RAM 1 GB of drive space (although 10 GB is a recommended minimum if running Jenkins as a Docker container) Recommended hardware configuration for a small team: 4 GB+ of RAM 50 GB+ of drive space

• To install Jenkins on a server you must have minimum hardware requirements:

OS: 64-bit version of Ubuntu RAM: At least 2 GB, but Docker recommends more for larger deployments or resource-intensive applications Disk space: 100 GB of free space CPU: Sufficient amount, depending on the applications Kernel: 64-bit kernel with support for virtualization Virtualization: Support for KVM virtualization technology QEMU: Version 5.2 or later Init system: systemd init system Desktop environment: Gnome, KDE, or MATE Firewall: Firewall rulesets created with iptables or iptables6, and added to the DOCKER-USER chai.

📋 Table of Contents

I - AWS CloudFormation Template

Step 1: Description

Step 2: Instructions of deployment

Step 3: Results

Step 4: Clean up

II - Terraform Script

Step 1: Description

Step 2: Instructions of deployment

Step 3: Results

Step 4: Clean Up

III - Bash Script

Step 1: Description

Step 2: Instructions of deployment

Step 3: Results

Step 4: Clean Up

✨AWS CLOUDFORMATION TEMPLATE

Step 1: DESCRIPTION

AWS CloudFormation allows you to define your infrastructure as code. We will create a CloudFormation template that launches Amazon Linux 2 and Ubuntu EC2 instances and uses user data scripts to install Docker and Jenkins.

Step 2: INSTRUCTIONS OF DEPLOYMENT

• Create a CloudFormation template

  Use your VS Code to create both files "Linux_Docker_jenkins.yml" and "ubntu-docker-jenkins.yml"

• Define the resources for Amazon Linux 2 and Ubuntu EC2 instances. Here Use the UserData property to specify a script that installs Docker and Jenkins.

  Linux-Docker-Jenkins.yml

    AWSTemplateFormatVersion: '2010-09-09'
  
    Metadata:
     License: Apache-2.0
     Authors:
        Description: Joseph Mbatchou  
     Description: " This template launches an amazon Linux 2 ec2 instance in a custom VPC, with an IAM assume role attached to it
                  for SSM, then with the user data it will install Docker and Jenkins"
  
    Parameters:
      InstanceType:
        Description: EC2 instance type.
        Type: String
        AllowedValues:
          - t2.nano
          - t2.micro
          - t2.small
          - t2.medium
          - t2.large
      KeyName:
        Description: Name of an existing EC2 key pair for SSH access to the EC2 instance.
        Type: AWS::EC2::KeyPair::KeyName
      SSHLocation:
        Description: The IP address range that can be used to SSH to the EC2 instances
        Type: String
        MinLength: '9'
        MaxLength: '18'
        AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})" # IP Address
        ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
      ImageId:
        Type: AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>
        Default: /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2
      VpcId:
        Type: AWS::EC2::VPC::Id
        Description: Select an existing VPC
      SubnetId:
        Type: AWS::EC2::Subnet::Id
        Description: Select an existing subnet within the selected VPC
    Resources:
      IamRole:
        Type: 'AWS::IAM::Role'
        Properties:
          RoleName: Ec2RoleForSSM
          Description: EC2 IAM role for SSM access
          AssumeRolePolicyDocument:
            Version: '2012-10-17'
            Statement:
              - Effect: Allow
                Principal:
                  Service:
                    - ec2.amazonaws.com
                Action:
                  - 'sts:AssumeRole'
          Path: /
          ManagedPolicyArns:
            - 'arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore'
      Ec2InstanceProfile:
        Type: 'AWS::IAM::InstanceProfile'
        Properties:
          InstanceProfileName: Ec2RoleForSSM
          Path: /
          Roles:
            - Ref: IamRole
      WebServer:
        Type: AWS::EC2::Instance
        Properties:
          IamInstanceProfile: !Ref Ec2InstanceProfile
          ImageId: !Ref ImageId
          InstanceType: !Ref InstanceType 
          KeyName: !Ref KeyName
          NetworkInterfaces: 
          - AssociatePublicIpAddress: "true"
            DeviceIndex: "0"
            GroupSet: 
              - !Ref WebServerSecurityGroup
            SubnetId: !Ref SubnetId
          UserData:
            Fn::Base64: !Sub |
              #!/bin/bash
              sudo yum update -y
              sudo yum install python3-pip
              sudo amazon-linux-extras install docker
              sudo yum install -y docker
              sudo service docker start
              sudo systemctl enable docker
              sudo systemctl restart docker
              sudo usermod -aG docker ec2-user
              sudo yum update -y
              sudo sudo wget -O /etc/yum.repos.d/jenkins.repo \
              https://pkg.jenkins.io/redhat-stable/jenkins.repo
              sudo rpm --import https://pkg.jenkins.io/redhat-stable/jenkins.io-2023.key
              sudo yum upgrade
              sudo yum install java-17-amazon-corretto -y
              sudo yum install jenkins -y
              sudo systemctl start jenkins
              sudo systemctl enable jenkins
              sudo systemctl restart jenkins
              sudo usermod -aG jenkins ec2-user
              sudo reboot
  
          Tags:
           - Key: Name
             Value: Linux-Docker-Jenkins-Server
      WebServerSecurityGroup: 
        Type: AWS::EC2::SecurityGroup
        Properties:
          GroupDescription: 'Enable HTTP access via port 80 SSH access'
          VpcId: !Ref VpcId
          SecurityGroupIngress:
            - CidrIp: 0.0.0.0/0
              FromPort: 8080
              IpProtocol: tcp
              ToPort: 8080
            - CidrIp: !Ref SSHLocation
              FromPort: 22
              IpProtocol: tcp
              ToPort: 22
            - CidrIp: 0.0.0.0/0
              FromPort: 80
              IpProtocol: tcp
              ToPort: 80 
  
    Outputs:
      InstanceId:
        Description: ID of the EC2 instance
        Value: !Ref WebServer
      PublicDNS:
        Description: Public DNS name of the EC2 instance
        Value: !GetAtt WebServer.PublicDnsName
      PublicIP:
        Description: Public IP address of the EC2 instance
        Value: !GetAtt WebServer.PublicIp
  

  ubuntu-docker-jenkins.yml

AWSTemplateFormatVersion: '2010-09-09'

Metadata:
  License: Apache-2.0
  Authors:
    Description: Joseph Mbatchou  # The writer of this template
  Description: " This template launches an ubuntu ec2 instance in a custom VPC, with an IAM assume role attached to it
              for SSM, then with the user data it will install Docker and Jenkins"

Parameters:
  InstanceType:
    Description: EC2 instance type.
    Type: String
    AllowedValues:
      - t2.nano
      - t2.micro
      - t2.small
      - t2.medium
      - t2.large
  KeyName:
    Description: Name of an existing EC2 key pair for SSH access to the EC2 instance.
    Type: AWS::EC2::KeyPair::KeyName
  SSHLocation:
    Description: Place to enter your IP address. The IP address range that can be used to SSH to the EC2 instances
    Type: String
    MinLength: '9'
    MaxLength: '18'
    AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
    ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
  ImageId:
    Type: AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>
    Default: '/aws/service/canonical/ubuntu/server/jammy/stable/current/amd64/hvm/ebs-gp2/ami-id'
  VpcId:
    Type: AWS::EC2::VPC::Id
    Description: Select an existing VPC
  SubnetIds:
    Type: AWS::EC2::Subnet::Id
    Description: Select at least one subnet within the selected VPC  

Resources:
  IamRole:
    Type: 'AWS::IAM::Role'
    Properties:
      RoleName: !Sub "${AWS::StackName}-Ec2RoleForSSM"
      Description: EC2 IAM role for SSM access
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Principal:
              Service:
                - ec2.amazonaws.com
            Action:
              - 'sts:AssumeRole'
      Path: /
      ManagedPolicyArns:
        - 'arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore'

  Ec2InstanceProfile:
    Type: 'AWS::IAM::InstanceProfile'
    Properties:
      InstanceProfileName: !Sub "${AWS::StackName}-Ec2RoleForSSM"
      Path: /
      Roles:
        - !Ref IamRole

  WebServer:
    Type: AWS::EC2::Instance
    Properties:
      IamInstanceProfile: !Ref Ec2InstanceProfile
      ImageId: !Ref ImageId
      InstanceType: !Ref InstanceType
      KeyName: !Ref KeyName
      NetworkInterfaces: 
        - AssociatePublicIpAddress: "true"
          DeviceIndex: "0"
          GroupSet: 
            - !Ref WebServerSecurityGroup
          SubnetId: !Ref SubnetIds
      UserData:
        Fn::Base64: !Sub |
          #!/bin/bash
          sudo apt-get update 
          sudo apt-get install -y ca-certificates curl gnupg
          sudo install -m 0755 -d /etc/apt/keyrings
          curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
          sudo chmod a+r /etc/apt/keyrings/docker.gpg
          echo \
             "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
             $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
             sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
          sudo apt-get update 
          sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
          sudo systemctl start docker.service
          sudo systemctl enable docker.service
          sudo usermod -aG docker ubuntu
          sudo apt-get update -y
          sudo apt-get install openjdk-17-jdk -y
          sudo curl -fsSL https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key | sudo tee   /usr/share/keyrings/jenkins-keyring.asc > /dev/null
          sudo echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc]   https://pkg.jenkins.io/debian-stable binary/ | sudo tee   /etc/apt/sources.list.d/jenkins.list > /dev/null
          sudo apt-get update  
          sudo apt-get install jenkins -y
          sudo systemctl start jenkins
          sudo systemctl enable jenkins
          sudo usermod -aG jenkins ubuntu
          sudo ufw allow 8080
          sudo ufw allow OpenSSH
          sudo ufw enable
      Tags:     
        - Key: Name
          Value: Ubuntu-Docker-jenkins-server

  WebServerSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: 'Enable HTTP access via port 80 SSH access'
      VpcId: !Ref VpcId
      SecurityGroupIngress:
        - CidrIp: 0.0.0.0/0
          FromPort: 8080
          IpProtocol: tcp
          ToPort: 8080
        - CidrIp: !Ref SSHLocation
          FromPort: 22
          IpProtocol: tcp
          ToPort: 22
        - CidrIp: 0.0.0.0/0
          FromPort: 80
          IpProtocol: tcp
          ToPort: 80 

Outputs:
  InstanceId:
    Description: ID of the EC2 instance
    Value: !Ref WebServer
  PublicDNS:
    Description: Public DNS name of the EC2 instance
    Value: !GetAtt WebServer.PublicDnsName
  PublicIP:
    Description: Public IP address of the EC2 instance
    Value: !GetAtt WebServer.PublicIp

• Deploy the stack using the AWS Management Console.

On the console you must open CloudFormation option then hit on "Create Stack"

Linux-stack

ubuntu stack

After launching both stacks you will get the complete stage

Step 3: RESULTS

As result you will get first both instances running in the console

After connecting to each servers via Session manager or SSH you can check status and version of each application installed.

Linux instance

ubuntu instance

Step 4: CLEAN UP

You can clean up all resources created by just delete them via the CloudFormation stack . You just need to go back in the CloudFormation window select the stack and hit delete button till you get to the message saying "Delete Complete" .

✨TERRAFORM SCRIPT

Step 1: DESCRIPTION

Terraform is an open-source infrastructure as code software tool. We will create Terraform scripts to launch Amazon Linux 2 and Ubuntu EC2 instances and use user data to install Docker and Jenkins.

Step 2: INSTRUCTIONS OF DEPLOYMENT

Create a Terraform script

• Here you will have to create both (Linux-main.tf and ubuntu-main.tf) files and you will put each of them in a folder.

• Define the resources for Amazon Linux 2 and Ubuntu EC2 instances. Use the UserData property to specify a script that installs Docker and Jenkins.

  Here are the contains of each files

  Linux-main.tf

    terraform {
      required_providers {
        aws = {
          source  = "hashicorp/aws"
          version = "~> 4.0"
        }
      }
  
    }
    variable "aws_region" {
      type        = string
      description = "region where to launch"
      default = "us-west-2"
    }
    variable "instance_type" {
      type        = string
      description = "instance type of the instance"
      default = "ansible-key"
    }
  
    variable "key_name" {
      type        = string
      description = "rkey name of the instance"
      default = "t2.micro"
    }
    #Configure the AWS Provider
    provider "aws" {
      region = var.aws_region
    }# Data source for latest Amazon Linux 2 AMI
    data "aws_ami" "amazon_linux_2" {
      most_recent = true
      owners      = ["amazon"]
  
      filter {
        name   = "name"
        values = ["amzn2-ami-hvm-*-x86_64-gp2"]
      }
    }
    data "aws_vpc" "custom_vpc" {
      filter {
        name   = "tag:Name"
        values = ["c@licost-vpc"] # Replace with your VPC's name tag
      }
    }
    data "aws_subnet" "custom_subnet" {
      vpc_id = data.aws_vpc.custom_vpc.id
  
      filter {
        name   = "tag:Name"
        values = ["c@licost-subnet-public2-us-west-2b"] # Replace with your subnet's name tag
      }
    }
  
    # IAM Role
    resource "aws_iam_role" "ec2_ssm_role" {
      name = "Ec2RoleForSSM"
      assume_role_policy = jsonencode({
        Version = "2012-10-17"
        Statement = [
          {
            Action = "sts:AssumeRole"
            Effect = "Allow"
            Principal = {
              Service = "ec2.amazonaws.com"
            }
          }
        ]
      })
    }
  
    resource "aws_iam_role_policy_attachment" "ssm_policy_attachment" {
      role       = aws_iam_role.ec2_ssm_role.name
      policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
    }
  
    resource "aws_iam_instance_profile" "ec2_profile" {
      name = "Ec2RoleForSSM"
      role = aws_iam_role.ec2_ssm_role.name
    }
  
    # Security Group
    resource "aws_security_group" "web_server_sg" {
      name        = "WebServerSecurityGroup"
      description = "Enable HTTP access via port 80 SSH access"
      vpc_id      = data.aws_vpc.custom_vpc.id
  
      ingress {
        from_port   = 8080
        to_port     = 8080
        protocol    = "tcp"
        cidr_blocks = ["0.0.0.0/0"]
      }
  
      ingress {
        from_port   = 22
        to_port     = 22
        protocol    = "tcp"
        cidr_blocks = ["0.0.0.0/0"]
      }
  
      ingress {
        from_port   = 80
        to_port     = 80
        protocol    = "tcp"
        cidr_blocks = ["0.0.0.0/0"]
      }
  
      egress {
        from_port   = 0
        to_port     = 0
        protocol    = "-1"
        cidr_blocks = ["0.0.0.0/0"]
      }
    }
  
    # EC2 Instance
    resource "aws_instance" "web_server" {
      ami                    = data.aws_ami.amazon_linux_2.id
      instance_type          = var.instance_type
      key_name               = var.key_name
      subnet_id              = data.aws_subnet.custom_subnet.id
      vpc_security_group_ids = [aws_security_group.web_server_sg.id]
      iam_instance_profile   = aws_iam_instance_profile.ec2_profile.name
      associate_public_ip_address = "true"
  
      user_data = base64encode(<<-EOF
        #!/bin/bash
        sudo yum update -y
        sudo yum install python3-pip
        sudo amazon-linux-extras install docker
        sudo yum install -y docker
        sudo service docker start
        sudo systemctl enable docker
        sudo systemctl restart docker
        sudo usermod -aG docker ec2-user
        sudo yum update -y
        sudo sudo wget -O /etc/yum.repos.d/jenkins.repo \
        https://pkg.jenkins.io/redhat-stable/jenkins.repo
        sudo rpm --import https://pkg.jenkins.io/redhat-stable/jenkins.io-2023.key
        sudo yum upgrade
        sudo yum install java-17-amazon-corretto -y
        sudo yum install jenkins -y
        sudo systemctl start jenkins
        sudo systemctl enable jenkins
        sudo systemctl restart jenkins
        sudo usermod -aG jenkins ec2-user
        sudo reboot
      EOF
      )
  
      tags = {
        Name = "Linux-Docker-Jenkins-server"
      }
    }
    output "instance_id" {
      description = "ID of the EC2 instance"
      value       = aws_instance.web_server.id
    }
  
    output "public_dns" {
      description = "Public DNS name of the EC2 instance"
      value       = aws_instance.web_server.public_dns
    }
  
    output "public_ip" {
      description = "Public IP address of the EC2 instance"
      value       = aws_instance.web_server.public_ip
    }
  

  ubuntu-main.tf

    terraform {
      required_providers {
        aws = {
          source  = "hashicorp/aws"
          version = "~> 4.0"
        }
      }
    }
    #Configure the AWS Provider
    provider "aws" {
      region = var.aws_region
    }
    variable "aws_region" {
      type        = string
      description = "region where to launch"
      default = "us-west-2"
    }
    variable "instance_type" {
      type        = string
      description = "instance type of the instance"
      default = "ansible-key"
    }
  
    variable "key_name" {
      type        = string
      description = "rkey name of the instance"
      default = "t2.micro"
    }
  
    #Data source for latest Amazon Linux 2 AMI
    data "aws_ami" "ubuntu" {
      most_recent = true
      owners      = ["amazon"]
  
      filter {
        name   = "name"
        values = ["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*"]
      }
    }
    data "aws_vpc" "custom_vpc" {
      filter {
        name   = "tag:Name"
        values = ["c@licost-vpc"] # Replace with your VPC's name tag
      }
    }
    data "aws_subnet" "custom_subnet" {
      vpc_id = data.aws_vpc.custom_vpc.id
  
      filter {
        name   = "tag:Name"
        values = ["c@licost-subnet-public2-us-west-2b"] # Replace with your subnet's name tag
      }
    }
  
    # IAM Role
    resource "aws_iam_role" "ec2_ssm_role" {
      name = "Ec2RoleForSSM"
      assume_role_policy = jsonencode({
        Version = "2012-10-17"
        Statement = [
          {
            Action = "sts:AssumeRole"
            Effect = "Allow"
            Principal = {
              Service = "ec2.amazonaws.com"
            }
          }
        ]
      })
    }
  
    resource "aws_iam_role_policy_attachment" "ssm_policy_attachment" {
      role       = aws_iam_role.ec2_ssm_role.name
      policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
    }
  
    resource "aws_iam_instance_profile" "ec2_profile" {
      name = "Ec2RoleForSSM"
      role = aws_iam_role.ec2_ssm_role.name
    }
  
    # Security Group
    resource "aws_security_group" "web_server_sg" {
      name        = "WebServerSecurityGroup"
      description = "Enable HTTP access via port 80 SSH access"
      vpc_id      = data.aws_vpc.custom_vpc.id
  
      ingress {
        from_port   = 8080
        to_port     = 8080
        protocol    = "tcp"
        cidr_blocks = ["0.0.0.0/0"]
      }
  
      ingress {
        from_port   = 22
        to_port     = 22
        protocol    = "tcp"
        cidr_blocks = ["0.0.0.0/0"]
      }
  
      ingress {
        from_port   = 80
        to_port     = 80
        protocol    = "tcp"
        cidr_blocks = ["0.0.0.0/0"]
      }
  
      egress {
        from_port   = 0
        to_port     = 0
        protocol    = "-1"
        cidr_blocks = ["0.0.0.0/0"]
      }
    }
  
    # EC2 Instance
    resource "aws_instance" "web_server" {
      ami                         = data.aws_ami.ubuntu.id
      instance_type               = var.instance_type
      key_name                    = var.key_name
      subnet_id                   = data.aws_subnet.custom_subnet.id
      vpc_security_group_ids      = [aws_security_group.web_server_sg.id]
      iam_instance_profile        = aws_iam_instance_profile.ec2_profile.name
      associate_public_ip_address = "true"
  
      user_data = base64encode(<<-EOF
        #!/bin/bash
        sudo apt-get update 
        sudo apt-get install -y ca-certificates curl gnupg
        sudo install -m 0755 -d /etc/apt/keyrings
        curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
        sudo chmod a+r /etc/apt/keyrings/docker.gpg
        echo \
           "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
           $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
           sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
        sudo apt-get update 
        sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
        sudo systemctl start docker.service
        sudo systemctl enable docker.service
        sudo usermod -aG docker ubuntu
        sudo apt-get update -y
        sudo apt-get install openjdk-17-jdk -y
        sudo curl -fsSL https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key | sudo tee   /usr/share/keyrings/jenkins-keyring.asc > /dev/null
        sudo echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc]   https://pkg.jenkins.io/debian-stable binary/ | sudo tee   /etc/apt/sources.list.d/jenkins.list > /dev/null
        sudo apt-get update  
        sudo apt-get install jenkins -y
        sudo systemctl start jenkins
        sudo systemctl enable jenkins
        sudo usermod -aG jenkins ubuntu
        sudo ufw allow 8080
        sudo ufw allow OpenSSH
        sudo ufw enable
      EOF
      )
  
      tags = {
        Name = "Ubuntu-Docker-jenkins-server"
      }
    }
    output "instance_id" {
      description = "ID of the EC2 instance"
      value       = aws_instance.web_server.id
    }
  
    output "public_dns" {
      description = "Public DNS name of the EC2 instance"
      value       = aws_instance.web_server.public_dns
    }
  
    output "public_ip" {
      description = "Public IP address of the EC2 instance"
      value       = aws_instance.web_server.public_ip
    }
  

  Step 3: RESULTS

  After putting each files in a folder we have to go through the process of running terraform

  1. Initialise the folder

    terraform init

2. Check the correct syntax of the file

    terraform fmt

3. Valid the status of the file

    terraform validate

4. Plan to see which resources will be create

    terraform plan

5. Create the resources with command

    terraform apply

After all this we will get to the result images

• Linux instance

  

  In the console you have

  

  Ubutntu

  

  In the console

  

  After SSM connect to each instances we have the result of different version

  For Linux instance

• 

• For Ubuntu instance

  

  Step 4: CLEAN UP

  Use the command destroy to delete all the infrastructures

    terraform destroy
  

For the Linux instance

For the ubuntu instance

✨BASH SCRIPT

Step 1: DESCRIPTION

A Bash script can be used to manually launch EC2 instances and configure them using the AWS CLI. We will write a Bash script that launches Amazon Linux 2 and Ubuntu EC2 instances and uses user data to install Docker and Jenkins.

Step 2: INSTRUCTIONS OF DEPLOYMENT

• Create a Bash script (launch-instances.sh). This with contains the process of creating both Amazon linux and Ubuntu EC2 instances. The script included default value you can customize to your values.

    #!/bin/bash
  
    # Variables
    REGION="us-west-2"
    INSTANCE_TYPE="t2.micro"
    KEY_NAME="ansible-key"
    SECURITY_GROUP_ID=$(aws ec2 describe-security-groups --filters Name=group-name,Values=DevOps-SG --query 'SecurityGroups[0].GroupId' --output text --region $REGION)
  
    # Subnet IDs - replace these with your actual subnet IDs
    SUBNET_ID_1="subnet-0afe31980b7b724ac"
    SUBNET_ID_2="subnet-099fca76d17b2fd4f"
  
    # Launch Amazon Linux 2 Instance
    aws ec2 run-instances \
        --image-id ami-0648742c7600c103f \
        --count 1 \
        --instance-type $INSTANCE_TYPE \
        --associate-public-ip-address \
        --key-name $KEY_NAME \
        --security-group-ids $SECURITY_GROUP_ID \
        --subnet-id $SUBNET_ID_1 \
        --region $REGION \
        --user-data file:///users/josephmbatchou/amazon-linux-user-data.sh \
        --tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=AmazonLinux2-Instance},{Key=OS,Value=AmazonLinux2}]'
  
    # Launch Ubuntu Instance
    aws ec2 run-instances \
        --image-id ami-0075013580f6322a1 \
        --count 1 \
        --instance-type $INSTANCE_TYPE \
        --key-name $KEY_NAME \
        --associate-public-ip-address \
        --security-group-ids $SECURITY_GROUP_ID \
        --subnet-id $SUBNET_ID_2 \
        --region $REGION \
        --user-data file:///users/josephmbatchou/ubuntu-user-data.sh \
        --tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=Ubuntu-Instance},{Key=OS,Value=Ubuntu}]'
  

• Create both Bash script user data scripts to install Docker and Jenkins on the instances. Files are "amazon-linux-user-data.sh" and "ubuntu-user-data.sh"

amazon-linux-user-data.sh

#!/bin/bash

# install Jenkins
sudo yum update -y
sudo sudo wget -O /etc/yum.repos.d/jenkins.repo \
    https://pkg.jenkins.io/redhat-stable/jenkins.repo
sudo rpm --import https://pkg.jenkins.io/redhat-stable/jenkins.io-2023.key
sudo yum upgrade
sudo yum install java-17-amazon-corretto -y
sudo yum install jenkins -y
sudo systemctl start jenkins
sudo systemctl enable jenkins
sudo systemctl restart jenkins
sudo usermod -aG jenkins ec2-user

#install Docker
sudo yum update -y
sudo yum install python3-pip
sudo amazon-linux-extras install docker
sudo yum install -y docker
sudo service docker start
sudo systemctl enable docker
sudo systemctl restart docker
sudo usermod -aG docker ec2-user

ubuntu-user-data.sh

#!/bin/bash

#Install Jenkins
sudo apt-get update -y
sudo apt-get install openjdk-17-jdk -y
sudo curl -fsSL https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key | sudo tee   /usr/share/keyrings/jenkins-keyring.asc > /dev/null
sudo echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc]   https://pkg.jenkins.io/debian-stable binary/ | sudo tee   /etc/apt/sources.list.d/jenkins.list > /dev/null
sudo apt-get update
sudo apt-get install jenkins -y
sudo systemctl start jenkins
sudo systemctl enable jenkins
sudo usermod -aG jenkins ubuntu
sudo ufw allow 8080
sudo ufw allow OpenSSH
sudo ufw enabley

#install Docker
sudo apt-get update
sudo apt-get install -y ca-certificates curl gnupg
sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg
echo \
   "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
   $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
   sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
sudo systemctl start docker.service
sudo systemctl enable docker.service
sudo usermod -aG docker ubuntu

• Use the AWS CLI to launch Amazon Linux 2 and Ubuntu EC2 instances:

  In order to run the script to provision the infrastructure by using CLI you must be in the prompt where your AWS CLI is configure and in the default region. Our Default region here is "us-west-2" You can verify this by using command

aws configure

Once you are set up you will have to make each script to be executable by changing modification command.

chmod +x launch-instances.sh
chmod +x amazon-linux-user-data.sh
chmod +x ubuntu-user-data.sh

As the both user data script are incorporated in the instance script you will only have to run the launch instance script with the command

./launch-instance.sh

The process of launching resources will follow and you will get results succeeded.

Linux instance

Ubuntu instance

step 3: RESULTS

You can go to the console and see that two instances were created and by connecting to them via SSH you will check for tools installed.

As you will ssh to each instances you will now check for each applications version to confirm the installation.

Linux instance

Ubuntu instance

Step 4: CLEAN UP

To delete both instances you can only check for each instances Id and use command terminate-instance to destroy them.

aws ec2 terminate-instances --instance-ids <instance-id>

By using the command with the right instances id you will terminated the both instances.

📌 Conclusion

This project showcases three different approaches to launching and configuring EC2 instances with Docker and Jenkins. Each method has its advantages and can be chosen based on specific requirements and preferences. The use of infrastructure as code tools like CloudFormation and Terraform ensures reproducibility and ease of management, while Bash scripting provides flexibility and simplicity.

🤝 Contributing

Your perspective is valuable! Whether you see potential for improvement or appreciate what's already here, your contributions are welcomed and appreciated. Thank you for considering joining us in making this project even better. Feel free to follow me for updates on this project and others, and to explore opportunities for collaboration. Together, we can create something amazing!

📄 License

This project is licensed under the Joebaho Cloud License

🚀 Overview:

The project aims to explore the process of creating and connecting to a MySQL database using Amazon RDS (Relational Database Service). Amazon RDS is a managed database service that simplifies the process of setting up, operating, and scaling relational databases in the cloud. By leveraging Amazon RDS, users can create MySQL database instances with ease, benefiting from features such as automated backups, high availability, and scalability.

In this project, we will delve into the steps involved in setting up a MySQL database instance on Amazon RDS, configuring security settings, and establishing connections to the database from various client applications. Through hands-on experimentation, we will gain insights into the capabilities of Amazon RDS and understand how it streamlines database management tasks for developers and organizations.

🔧 Problem Statement

Despite the popularity of MySQL as a relational database management system, setting up and managing MySQL databases can be a complex and time-consuming task, especially for developers and organizations without extensive database administration expertise. Additionally, traditional on-premises database solutions may lack scalability and fault tolerance, leading to performance bottlenecks and downtime. By addressing these objectives, the project aims to equip participants with the knowledge and skills required to leverage Amazon RDS for creating and managing MySQL databases in a cloud environment effectively. Additionally, it seeks to highlight the advantages of adopting cloud-based database solutions for modern application development and deployment scenarios.

💽 Techonology Stack

The architecture consists of the following three tiers:

• VPC: AWS VPC

• EC2 Instances: AWS EC2

• Database: AWS RDS

• Database Client Connection: SQL WorkBench

📌 Architecture Diagram

🌟 Project Requirements

Before you get started, make sure you have the following prerequisites in place:

• AWS account with an IAM user credentials configured in.

• An Infrastructure (VPC, Subnets, route table, Security groups, NACL...) ready to be use for the lab.

• An EC2 instance with MySQL installed.

📋 Table of Contents

I - Infrastructure Configuration

Step 1: VPC Configuration

Step 2: Launch EC2 Instance

Step 3: MySQL installation on Instance

II - Instructions of Deployment

Step 1: Creation of the MySQL Database instance

Step 2: Download SQL client

Step 3: Connect to MySQL Database instance

Step 4: Clean Up

✨Infrastructure Configuration

You need to create all resources needed for the accomplishment of the project. We considered this part easy to do. So, we will present infrastructure that was prebuilt

Step 1: VPC Configuration

Here we declare our foundation or networking environment. We have here VPC, subnets, routable, security groups, NACL...

• VPC

• Web Security group

Here we will define the rule or way to access the EC@ instance that will be connect to the Database. Port 80 will be open from everywhere and port 22 SSh will allow access from our computer.

• Database Security group

We will be defining the firewall access to the Database. Here we set up access to the database by creating the security group where we gonna open access to port 3306 Mysql to everywhere and all traffic will depend from the security group of the instance.

• Database Subnet Group

We will have here to group subnets where we want the database to be launch in a group. For our case we will by grouping both private subnets. So, go to AWS Console navigate to RDS, choose option " Subnets group" and Create Subnet Group. You will be prompt to fill a name, Description and the VPC where to choose subnets.

Then you will have to chose the AZs Depending if you want to do Simple or Multi-AZ database you have to chose the number of AZs required. In our case we will choose only two AZs. You also have to know the Id of the private subnets you want to add to the group.

Finally hit " Create " and you will have a picture like bellow

Step 2: Launch EC2 Instance

In this step, we will use Amazon EC2 to create a EC2 Instance with name "web-server", Amazon Linux 2023 AMI, t2.micro instance type, One key pair, launch in the current VPC, on a public subnet and Web-SG, 8 GB of storage and we will add an SSM role. As a reminder, all of this is Free Tier eligible.

Open the AWS Management Console in a new browser window, so you can keep this step-by-step guide open. When the console opens, select EC2 from the left navigation pane and choose EC2 to open the launch Instance.

Give a name to the instance in this case will be : "web-server"

Network setting:

Volume Storage fixed to 8 Gb

Add the role SSM to connect to the instance via the console.

Finally Launch the instance

We will get to

Step 3:MySQL installation on Instance

To install MySQL on the instance we need to connect to the instance using the connect option.

As we are using Amazon Linux 2023 AI we need to install MySQL via the commands :

Update the system with command:

sudo yum update -y

Then Install MySQL with command:

sudo dnf install mariadb105-server

💼 Instructions of Deployment

Follow these steps to produce the deployment:

Step 1: Creation of MySQl database instance

In this step, we will use Amazon RDS to create a MySQL DB Instance with db.t2.micro DB instance class, 20 GB of storage, and automated backups enabled with a retention period of one day. As a reminder, all of this is Free Tier eligible.

a. Open the AWS Management Console in a new browser window, so you can keep this step-by-step guide open. When the console opens, select Database from the left navigation pane and choose RDS to open the Amazon RDS console.

b. In the Create database section, choose Create database.

c. You now have options to select your engine. For this tutorial, choose the MySQL icon, leave the default value of edition and engine version, and select the Free Tier template.

Settings:

Here you have to choice to define your username and password by yoursel or you can have AWS managed them for you. In our case we will be manage those credentials by ourselves. So we have to provide

• DB instance identifier: Type a name for the DB instance that is unique for your account in the Region that you selected. For this tutorial, we will name it Database-1.

• Master username: Type a username that you will use to log in to your DB instance. We will use masterUsername in this example.

• Master password: Type a password that contains from 8 to 41 printable ASCII characters (excluding /,", and @) for your master user password.

• Confirm password: Retype your password

  

  Instance specifications:

  • DB instance class: Select db.t3.micro — 2vCPUs, 1 GiB RAM. This equates to 1 GB memory and 2 vCPUs. To see a list of supported instance classes, see Amazon RDS Pricing.

    

  • Storage type: Select General Purpose(SSD). For more information about storage, see Storage for Amazon RDS.

  • Allocated storage: Select the default of 20 to allocate 20 GB of storage for your database. You can scale up to a maximum of 64 TB with Amazon RDS for MySQL.

    

  • Enable storage autoscaling: If your workload is cyclical or unpredictable, you would enable storage autoscaling to enable Amazon RDS to automatically scale up your storage when needed. This option does not apply to this tutorial.

  • Multi-AZ deployment: Disable because we only have 2 AZs. Note that you will have to pay for Multi-AZ deployment. Using a Multi-AZ deployment will automatically provision and maintain a synchronous standby replica in a different Availability Zone. For more information, see High Availability Deployment.

  • Connectivity

    • Compute resource: Choose Don’t connect to an EC2 compute resource. You can manually set up a connection to a compute resource later.

    • Virtual Private Cloud (VPC): Select Default VPC. For more information about VPC, see Amazon RDS and Amazon Virtual Private Cloud (VPC).

      

Additional connectivity configurations

• Subnet group: Choose the subnet group we created before.

• Public accessibility: Choose Yes. This will allocate an IP address for your database instance so that you can directly connect to the database from your own device.

• VPC security groups: Select the one we created before which is Database_sg

• Availability Zone: Choose No preference. See Regions and Availability Zones for more details.

• RDS Proxy: By using Amazon RDS Proxy, you can allow your applications to pool and share database connections to improve their ability to scale. Leave the RDS Proxy unchecked.

• Port: Leave the default value of 3306.

  

  

  Amazon RDS supports several ways to authenticate database users. Choose Password authentication from the list of options

  Monitoring

• Enhanced monitoring: Leave Enable enhanced monitoring unchecked to stay within the Free Tier. Enabling enhanced monitoring will give you metrics in real time for the operating system (OS) that your DB instance runs on. For more information, see Viewing DB Instance Metrics.

  

In the Additional configurations section

Database options

• Database name: Enter a database name that is 1 to 64 alphanumeric characters. If you do not provide a name, Amazon RDS will not automatically create a database on the DB instance you are creating.

• DB parameter group: Leave the default value. For more information, see Working with DB Parameter Groups.

• Option group: Leave the default value. Amazon RDS uses option groups to enable and configure additional features. For more information, see Working with Option Groups.

Encryption: This option is not available in the Free Tier. For more information, see Encrypting Amazon RDS Resources.

Backup

• Backup retention period: You can choose the number of days to retain the backup you take. For this tutorial, set this value to 1 day.

• Backup window: Use the default of**No preference.**

Maintenance

• Auto minor version upgrade: Select Enable auto minor version upgrade to receive automatic updates when they become available.

• Maintenance Window: Select No preference.

Deletion protection: Turn off Enable deletion protection for this tutorial. When this option is enabled, you're prevented from accidentally deleting the database.

Finally create the Database

Your DB instance is now being created.

Note: Depending on the DB instance class and storage allocated, it could take several minutes for the new DB instance to become available.

The new DB instance appears in the list of DB instances on the RDS console. The DB instance will have a status of creating until the DB instance is created and ready for use. When the state changes to available, you can connect to a database on the DB instance.

Feel free to move on to the next step as you wait for the DB instance to become available.

Step 2: Download SQL client

Once the database instance creation is complete and the status changes to available, you can connect to a database on the DB instance using any standard SQL client. In this step, we will download MySQL Workbench, which is a popular SQL client.

a. Go to the Download MySQL Workbench page to download and install MySQL Workbench. For more information on using MySQL, see the MySQL Documentation.

Note: Remember to run MySQL Workbench from the same device from which you created the DB instance. The security group your database is placed in is configured to allow connection only from the device from which you created the DB instance. base on which Operating System you are using you have to choose. For our case we are using MAC.

b. You will be prompted to log in, sign up, or begin your download. You can choose No thanks, just start my download for a quick download.

After Downloading and install client to your computer. You can access it by double clicking on the icon and you will be promt to the image bellow.

Step 3: Connect to MySQL Database instance

To connect to the Database we can use two methods. We can go through the CLI if we want to use command line or via the GUI for access through a graphic or console.

With the CLI we have to use command

mysql -h hostname -u admin -p

The hostname is the endpoint of the database, the username will be admin and password

So the final command will be

mysql -h database-1.c0ywy57rsm6g.us-west-1.rds.amazonaws.com -u admin -p

We will be prompt to enter the password of the Database. Then we will have the image bellow:

To connect via the MySQL client using a clear graphic GUI. Go open the MySQL client downloaded before. Then, hit the "plus sign"

A dialog box appears. Enter the following:

• Hostname: You can find your hostname on the Amazon RDS console as shown in the screenshot.

• Port: The default value should be 3306.

• Username: Type in the username you created for the Amazon RDS database. In this tutorial, it is 'masterUsername.'

• Password: Choose Store in Vault (or Store in Keychain on MacOS) and enter the password that you used when creating the Amazon RDS database.

Choose OK.

You will now enter the database and you will be able to add or remove date.

Step 4: Clean Up

The clean up here will consist of deleting the Database and Ec2 Instance just by terminating each of them.

For the Database you must select the database then chose "Actions option then delete.

The process of deletion will follow. It will take some minutes be patient.

For the EC2 select the instance to delete then chose "Instance state" option then "Terminate instance".

🤝 Contributing

Your perspective is valuable! Whether you see potential for improvement or appreciate what's already here, your contributions are welcomed and appreciated. Thank you for considering joining us in making this project even better. Feel free to follow me for updates on this project and others, and to explore opportunities for collaboration. Together, we can create something amazing!

📄 License

This project is licensed under the Joebaho Cloud License

🚀 Overview:

Building a resume on a secure static website and deploying it via a code pipeline on AWS involves creating a personal website to showcase your resume and portfolio securely. This project utilizes static website hosting on AWS S3, along with AWS CodePipeline for automating the deployment process. By leveraging AWS services, you can ensure the reliability, scalability, and security of your website while streamlining the deployment workflow.

🔧 Problem Statement

The goal of this project is to address the challenge of creating and maintaining a secure and professional-looking website to showcase their resume and portfolio. Then, manual deployment processes to avoid time-consuming and error-prone, leading to delays and inconsistencies in website updates. We will be creating a secure static website to host your resume and portfolio, and automating the deployment process using AWS services. By building a resume website on AWS S3 and deploying it via a code pipeline, you can ensure that your website is always up-to-date, secure, and accessible to potential employers or clients. This project will empower you to establish a professional online presence with minimal effort, allowing you to focus on advancing your career or growing your business.

💽 Techonology Stack

We will be using:

• Repository: Github

• S3: AWS S3

• Route 53: AWS Route 53

• Code Pipeline: AWS CodePipeline

• CloudFront: AWS CloudFront

• Certificate manager: AWS ACM

📌 Architecture Diagram

🌟 Project Requirements

Before you get started, make sure you have the following prerequisites in place:

• AWS IAM credentials configured in your text editor. In this case we will use VSCODE.

• Git installed on your local machine and Github account set up Github

• Git for cloning the repository.

• Files for the static web site are already dowloaded from internet to our local computer. All files were also modified to our use case.

📋 Table of Contents

Step 1: Create S3 Github repository

Step 2: Clone the repository to the local machine

Step 3: Download files in the repo and push code in github

Step 4: Create S3 bucket and configure to web static

Step 5: Download files and folder in the S3 bucket

Step 6: Register a domain name with Route 53

Step 7: Create record with S3 bucket as endpoint

Step 8: Set up SSl/Https with AWS Certificate Manager

Step 9: Create a cloudfront Distribution

Step 10: Configuration Pipeline

Step 11: Deployment

Step 12: Web page

💼 Instructions of Configuration and

Deployment

Step 1: Github repository creation

Here's a step-by-step guide on how to create a GitHub repository:

Sign in to GitHub:

Open your web browser and go to the GitHub website Github. Sign in to your GitHub account. If you don't have an account, you can sign up for free.

Navigate to Your Profile:

Once logged in, you'll be directed to your GitHub dashboard. Click on your profile icon in the top-right corner of the page to access your profile.

Create a New Repository:

On your profile page, click on the "Repositories" tab. Then click on the green "New" button located on the right side of the page.

Fill in Repository Details:

You'll be taken to the "Create a new repository" page. Enter a name for your repository in the "Repository name" field. Choose a descriptive name that reflects the purpose of your project. Optionally, you can add a description for your repository in the "Description" field. Choose the visibility of your repository (public or private) by selecting the appropriate radio button. If you want to initialize your repository with a README file, check the box next to "Initialize this repository with a README". You can also add a .gitignore file and choose a license for your project from the respective dropdown menus. Create the Repository: In our case the repository will be named " Resume", it will be public and no READMe.

Once you've filled in the necessary details, click on the green "Create repository" button at the bottom of the page. Congratulations!

Your GitHub repository has been successfully created. You'll be redirected to the repository page where you can start adding files, making commits, and collaborating with others. You will get a picture like bellow:

Step 2: Github repository clone to the local machine

If you want to work on your repository locally, you can clone it to your computer using Git. Click on the green "Code" button located on the right side of the page. Copy the URL provided (HTTPS or SSH) and use it to clone the repository using the Git command line or a Git client.Clone the repository in your local machine using the command "git clone"

   git clone https://github.com/Joebaho/RESUME.git

You will get image like the bellow

Step 3: Download files and push code to Github

We have the index.html file, javascript and css folders ready in our local machine. We just need to copy and paste them in the local repository. After this process we will be pushing them to remote Github repository created before. These will follow a set of commands.

To check status of the repository and see which branch and what has been made in the repository use

   git status

To add all new files of folders or any change made in the repo use

   git add .

To commit change or informe your collaborator on what has been made on the repo you use command

   git commit -M " Message to commit"

To create a branch to work on use command bellow. In this case we will use branch Master.

   git branch -M master

For you first push you mus speecific origin in order to synchronise with the remote repo with the command

git remote add origin https://github.com/Joebaho/RESUME.git

Then push all files in Github with command

   git push -u origin master

You will have all files and folders copy in Github repository. Check the image

Step 4: S3 Bucket creation

Here we create the S3 bucket and will configure it as hosting static web site

Sign in to the AWS Management Console:

Open your web browser and go to the AWS Management Console aws/console. Sign in to your AWS account.

Navigate to S3:

In the AWS Management Console, search for "S3" or navigate to the "Storage" section. Click on "S3" to open the Amazon S3 console.

Create a New Bucket:

In the S3 console, click on the "Create bucket" button. Enter a unique name for your bucket in the "Bucket name" field. This name must be globally unique across all existing S3 bucket names. Choose the AWS region where you want to create your bucket. Select the region that is closest to your target audience for improved performance. Click on the "Create" button to create the bucket. Because we creating the bucket for hosting the static web site the bucket name must match with the mane of the domain. So, here our bucket name will be "www.joebahoucloud.com" See image bellow

Configure Bucket Properties:

Once the bucket is created, select the bucket from the list to open its properties. Click on the "Properties" tab and then click on "Static website hosting". Enable Static Website Hosting: In the "Static website hosting" panel, select the option to "Use this bucket to host a website". Enter the name of the index document (e.g., index.html) and optionally, the name of the error document. Click on the "Save" button to save the changes.

Set Bucket Policy:

Next, you need to add a bucket policy to make the contents of your bucket publicly accessible. Click on the "Permissions" tab and then click on "Bucket Policy". Paste the following bucket policy into the bucket policy editor, replacing arn:aws:s3:::www.joebahocloud.com with the name of your bucket:

json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "PublicReadGetObject",
      "Effect": "Allow",
      "Principal": "*",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::arn:aws:s3:::www.joebahocloud.com/*"
    }
  ]
}

Click on the "Save" button to save the bucket policy.

Step 5: Downloading files in the S3 Bucket

Upload Website Files:

Go back to the "Overview" tab of your bucket. Click on the "Upload" button to upload your website files to the bucket. Make sure to include your index.html and any other assets (e.g., CSS, JavaScript) needed for your website. Once the files are uploaded, they will be publicly accessible via the bucket's website endpoint. You will have something like image bellow

Access Your Website:

To access your website, find the "Endpoint" URL under the "Static website hosting" panel in the bucket properties. Open a web browser and navigate to the endpoint URL to view your static website.

Step 6: Domain Name Registration

Go back in to the AWS Management Console and navigate to Route 53:

In the AWS Management Console, search for "Route 53" or navigate to the "Networking & Content Delivery" section. Click on "Route 53" to open the Route 53 console.

Register a New Domain:

In the Route 53 console, click on "Registered domains" in the left sidebar. Click on the "Register domain" button.

Search for a Domain Name:

Enter the domain name you want to register in the search box. In this case we will use "joebahocloud.com" Click on the "Check" button to see if the domain name is available. If the domain name is available, you'll see a message indicating that it's available for registration.

Add the Domain to Your Cart:

If the domain name is available, click on the "Add to cart" button next to the domain name. Review the details of the domain registration, including the registration period and pricing. Click on the "Continue" button to add the domain to your cart.

Complete the Registration Process:

Follow the prompts to complete the registration process. Provide the necessary information, such as contact details and payment information. Review and accept the terms and conditions of the registration. Click on the "Complete Purchase" or "Buy Now" button to finalize the registration.

Step 7: Creation of Record

Configure DNS Settings:

Once the domain registration is complete, you'll be redirected to the Route 53 console. Click on "Hosted zones" in the left sidebar to configure DNS settings for your domain. Click on the "Create Hosted Zone" button. Enter your domain name in the "Domain Name" field. Optionally, you can choose to associate the hosted zone with an existing VPC or enable DNSSEC. Click on the "Create" button to create the hosted zone.

Update Name Servers:

After creating the hosted zone, Route 53 will provide you with a set of name servers. Go to your domain registrar's website and update the name servers for your domain to point to the Route 53 name servers. This step may take some time to propagate DNS changes across the internet.

Step 8: Setup ACM Certificate

Go back in to the AWS Management Console and navigate to ACM:

In the AWS Management Console, search for "ACM" or navigate to the "Security, Identity, & Compliance" section. Click on "Certificate Manager" to open the ACM console.

Request a Certificate:

In the ACM console, click on the "Request a certificate" button.

Specify Domain Names:

On the "Request a certificate" page, enter the domain names you want to include in the certificate. You can enter multiple domain names separated by commas. Here our domain will be "joebaocloud.com" Optionally, you can also specify additional domain names (*.joebahocloud.com) using the "Add another name to this certificate" link.

Select Validation Method:

Choose a validation method to prove ownership of the domain(s). You can choose between DNS validation and Email validation. DNS validation requires you to add a DNS record to your domain's DNS configuration. Email validation requires you to respond to email verification requests sent to the domain owner's email addresses.

Review and Confirm:

Review the domain names and validation method you selected. Click on the "Confirm and request" button to submit the certificate request.

Validation:

If you selected DNS validation, ACM will provide you with a DNS record that you need to add to your domain's DNS configuration. If you selected Email validation, ACM will send verification emails to the domain owner's email addresses. Follow the instructions in the email to validate the domain ownership.

Wait for Validation:

Once you've completed the validation process, wait for ACM to validate the domain ownership. This may take a few minutes to several hours depending on the validation method you selected. Certificate Issued:

Once the domain ownership is validated, ACM will issue the SSL/TLS certificate. You can view and manage your certificates in the ACM console under the "Certificates" section.

Step 9: CloudFront Distribution

Go back in to the AWS Management Console and navigate to CloudFront:

In the AWS Management Console, search for "CloudFront" or navigate to the "Networking & Content Delivery" section. Click on "CloudFront" to open the CloudFront console.

Create a Distribution:

In the CloudFront console, click on the "Create Distribution" button.

Choose a Delivery Method:

Select the delivery method for your content. You can choose between: Web: For distributing websites and other HTTP content. RTMP: For streaming media files using Adobe Flash Media Server.

Configure Distribution Settings:

In the "Origin Settings" section, specify the origin of your content. This can be an S3 bucket, an EC2 instance, or a custom origin (e.g., a web server). Configure other settings such as cache behavior, viewer protocol policy, and allowed HTTP methods according to your requirements.

Configure Cache Settings:

Configure caching behavior for your distribution, including TTL (time to live), cache control headers, and query string parameters. You can also configure cache behaviors based on URL patterns.

Configure Distribution Settings:

Configure additional settings such as logging, custom SSL certificate (if required), and price class (the regions where you want your content to be distributed). Review the distribution settings and make any necessary adjustments.

Create the Distribution

Click on the "Create Distribution" button to create the CloudFront distribution. Note the distribution ID and other details provided by CloudFront.

Wait for Distribution Deployment

It may take some time for the CloudFront distribution to be deployed globally. Monitor the status of the distribution in the CloudFront console until it shows a status of "Enabled".

Test the Distribution:

Once the distribution is deployed, you can test it by accessing your content through the CloudFront domain name (e.g., d123456789.cloudfront.net). Verify that your content is being served correctly and that caching behavior is as expected.

Step 10: Code Pipeline Configuration

Go back in to the AWS Management Console and navigate to CodePipeline:

In the AWS Management Console, search for "CodePipeline" or navigate to the "Developer Tools" section. Click on "CodePipeline" to open the CodePipeline console.

Create a New Pipeline:

In the CodePipeline console, click on the "Create pipeline" button. Configure Pipeline Settings:

Enter a name for your pipeline in the "Pipeline name" field. Optionally, you can enter a description for your pipeline. Choose a service role for CodePipeline to use when executing pipeline actions. You can create a new service role or choose an existing one. Click on the "Next" button to proceed.

Add Source Stage:

In the "Source" stage configuration, select the source provider for your code repository. This can be AWS CodeCommit, GitHub, Amazon S3, or Bitbucket. For this case we will use Github as our code is located in Github

Configure the source settings, such as the repository name, branch, and authentication method.We will be promt to link with Github. hit on the link then provide Github credentials and choose which repository to source of the code.

Click on the "Next" button to proceed. We will skip the build stage and go directly to deploy stage

Configure Deploy Stage:

In the "Deploy" stage configuration, select the deployment provider for your application. This can be AWS Elastic Beanstalk, AWS ECS (Elastic Container Service), AWS Lambda, or AWS S3. The configuration here will be for S3 Configure the deployment settings, such as the deployment group, application name, and deployment configuration. Click on the "Next" button to proceed.

Review and Create:

Review the pipeline configuration to ensure that everything is set up correctly. Click on the "Create pipeline" button to create the pipeline. Run Pipeline:

Once the pipeline is created, it will automatically start running. Monitor the progress of the pipeline in the CodePipeline console.

Step 11: Deployment

When everything are well done and no error or mistake you see the deployment of the code in the page. See image bellow:

Step 12: Web page

In the browser type the url address https://www.joebahocloud.com and you will get the web page. See image bellow

🤝 Contributing

Your perspective is valuable! Whether you see potential for improvement or appreciate what's already here, your contributions are welcome and appreciated. Thank you for considering joining us in making this project even better. Feel free to follow me for updates on this project and others, and to explore opportunities for collaboration. Together, we can create something amazing!

📄 License

This project is licensed under the Joebahocloud License

🚀 Overview:

In modern cloud environments, managing infrastructure efficiently and securely is crucial for ensuring smooth operations and maximizing resource utilization. Ansible, a powerful automation tool, provides a flexible and scalable solution for configuration management, provisioning, and orchestration of infrastructure on AWS. By leveraging Ansible, organizations can streamline deployment processes, enforce consistent configurations, and accelerate time-to-market for their applications. The primary objective of this project is to design and deploy a controller Linux server, two Linux client servers and two Ubuntu client server on AWS. Then we will be writing a playbook that will be installing and configuring apache on all clients servers. The playbook will include also git installation.

🔧 Problem Statement

Terraform is an IaC software tool that provides a consistent command line interface (CLI) workflow to manage hundreds of cloud services. Terraform codifies cloud APIs into declarative configuration files. In this specific case you need to create 5 EC2 instances such as 1 Amazon Linux 2 that will call controller, then two clients or nodes with Amazon Linux 2 and 2 other with Ubuntu. Terraform will automatically use the configuration files to provide those resources and the user data placed in te controller will install Ansible on it. We will then use the Ansible playbook to update all hosts, install Apache and Git then copy te index.html file on each hosts. This deployment will provide all necessary tools and needed elements avoiding us to use the console. All process of working on nodes will be automate that will ensuring consistency and reducing human error.

💽 Techonology Stack

We will be using:

• EC2: AWS EC2

• Ansible Playbook: Ansible

• File Configuration: Terraform

📌 Architecture Diagram

🌟 Project Requirements

Before you get started, make sure you have the following prerequisites in place:

• Terraform installed on your local machine.

• AWS IAM credentials configured in your text editor. In this case we will use VSCODE.

• Git installed on your local machine and Github account set up Github

• Git for cloning the repository.

You must know and understand:

• Ansible playbook: is a YAML file that defines a series of tasks to be executed on remote hosts.

• Apache web Server: The Apache HTTP Server, commonly referred to as Apache, is an open-source web server software developed and maintained by the Apache Software Foundation. It is one of the most widely used web server applications globally and powers a significant portion of websites on the internet.

• Git: is a distributed version control system (VCS) that is widely used for tracking changes in source code during software development.

You must also know Terraform workflow

📋 Table of Contents

I - Terraform Configuration files

Step 1: Provider Configuration

Step 2: Variables Configuration

Step 3: Instances Configuration

Step 4: Output Configuration

II - Instructions of Deployment

Step 1: Clone Repository

Step 2: Initialize Folder

Step 3: Format Files

Step 4: Validate Files

Step 5: Plan

Step 6: Apply

Step 7: Review of Resources

Step 8: Connect to the Controller

Step 9: Connect to all Hosts

Step 10: Generate & Copy Key Pair

Step 11: Configuration on Controller

Step 12: Run Ansible Command

Step 13: Review of Changes

Step 14: Destroy

✨Terraform Configuration files

You need to write different files generating resources

Step 1: Provider Configuration

Here we declare our cloud provider and we specify the region where we will be launching resources

• provider Configuration

Step 2: Variables Configuration

This is where we declare all variables and their value. It includes

• Variables: List of element that can vary or change. They can be reuse values throughout our code without repeating ourselves and help make the code dynamic

• values: values attributed to each variables.

Reminder: Never push " terraform.tfvars" file on Github

We have

• variables Configuration

• value Configuration

Step 3: Instances Configuration

This is where you create all fives instances. The controller and two other nodes will be running on Amazon linux 2 and two other on Ubuntu. We will open port 80 (http) and 22 (ssh) on the security group.

• Instances Configuration

Step 4: Output Configuration

Know as Output Value : it is a convenient way to get useful information about your infrastructure printed on the CLI. It is showing the ARN, name or ID of a resource. In this case we are bringing out the DNS name of the web application Load balancer.

• Output Configuration

💼 Instructions of Deployment

Follow these steps to deploy the architecture:

Step 1: Clone Repository

Clone the repository in your local machine using the command "git clone"

   git clone https://github.com/Joebaho/Joebaho-Cloud-Platform/blob/main/site/ansible-terraform-on-aws

Step 2: Initialize Folder

Initialize the folder containing configuration files that were clone to Terraform and apply the configuration by typing the following command

   terraform init

You must see this image

Step 3: Format Files

Apply any changes on files and Review the changes and confirm the good format with command:

   terraform fmt

Step 4: Validate Files

Ensure that every files are syntactically valid and ready to go with the command:

   terraform validate

If everything is good you will have something like this

Step 5: Plan

Create an execution plan to provide the achievement of the desired state. It Check and confirm the numbers of resources that will be create. Use command:

   terraform plan

The list of all resources in stage of creation will appear and you can see all properties(arguments and attributs) of each resources

Step 6: Apply

Bring all desired state resources on life. It Launch and create all resources listed in the configuration files. The command to perform the task is:

   terraform apply -auto-approve

After typing this command the process of creation will start and you will be able to see which resources is on the way to be create and the time it taking to create.

At the end you will receive a prompt message showing all resources status: created, changed and the numbers of them.

Step 7: Review of resources

Go back on the console and check all actual state resources one by one to see. You will have

Instances running

Security groups

Step 8: Connect to the Controller

As we have our security group rule open on port SSH(22) we gonna use the CLI to connect to the controller instance. We must be on the folder that contains our private key pair. Then we go on the console select the instance hit on connect. you will have an image like the bellow:

Copy the Chmod command and paste on the CLI then type enter. Nothing will change. This command just chane the permission for SSH.

Copy the link second link and paste again CLI. Some instructions will run and you will be prompt to validate if you want to connect : type "yes" and you will have an image like bellow showing the connection to the server is been made.

The user date placed in the configuration file will install prerequisites needed to run Ansible such as Python3, amazon-linux extras and Ansible. take a look on the user data.

• user Data

We can now change the static name or IP address to the name " controller " with the command

   $ sudo hostnamectl set-hostname controller

After you must exit and reconnect (ssh) again in order to have the new name appear in the path.

We now need to go on root to perform other command. We can do that with the command

   $ sudo -i

We can verify if Ansible was correctly install by typing command:

   $ ansible --version

There we will have this result

Step 9: Connect to all Hosts

We also, going to use the same process we used to connect to the controller meaning we will be SSH on each server.

Go to each server on the console select one by one and connect via option connect. In the tab Copy the Chmod command and paste on the CLI then type enter. Nothing will change. this command just chane the permission for SSH.

Copy the link second link and paste again CLI. Some instructions will run and you will be prompt to validate if you want to connect : type "yes" the process will now connect to the server. Linux2 and Ubuntu. You going to use the command bellow to change name for each server

   $ sudo hostnamectl set-hostname <name of the server>

For the Amazon Linux type : Linux-nodes1 and Linux-nodes2.
For Ubuntu type : ubuntu-nodes1 and ubuntu-nodes2.
Remember to exit and reconnect again to have the command take effect. Right after you must go to the root of the server by typing command

   $ sudo -i

At the end you will have an image with all servers CLI like bellow showing the connection to the server is been made.

Step 10: Generate & Copy Key Pair

Return to the controller to generate key pair that will be use to link the host server and clients or nodes server. We will generate a key pair which have a public and private key. You will have to copy the public and paste it in the folder named authorized_key of each nodes.

-Generate key pair with the command: must be on the root to perform this

   $ ssh-keygen -t rsa

Keep typing enter after all question asked. The command will generate public key (id_rsa.pub) and private key (id_rsa). Both will be in the folder name ".ssh" Enter the folder to see both keys. Type

   $ cd .ssh

Then the next command will list the contains of the folder

   $ ls -al

See the result on the image bellow

-The private key will stay in the controller and the public key will be copy and paste in the nodes.

   $ cat id_rsa.pub

Copy the content and go paste it in the authorized_keys of the nodes. You will have to go to each nodes be on the root and then enter the folder ".SSH " by typing command

   $ cd .ssh

You can list what is the contain of the folder with command

   $ ls -al

You will have a file name authorized_keys. You will have to enter the file by:

   $ vi authorized_keys

The file will have the private key already. So, you will have to type I (insert) then " fn + right arrow " to go to the end, then enter to go down and paste the copied text there. Lastly type Esc + :wq! To save the change. Do the same for all your nodes.

Here are images for all steps:

Step 11: Configuration on Controller

You can now return to the controller and follow the configuration of the nodes by copy and paste the nodes Ip address in order to create the link between controller and nodes. Make sure to be in the ".SSH " folder then from there type version command

   $ ansible --version

There will be a config file with destination /etc/ansible/ansible.cfg. You must enter in the Ansible folder

   $ cd /etc/

Then

   $ cd ansible

And this command to see the content of the folder.

   $ ls -al

There will be three files (ansilbe.cfg, hosts and roles). You must enter the files hosts to add all hosts meaning all private IP of all the nodes in the Ex2 collection section. If you group make sure to put the name of the group in brackets [ubuntu-nodes] and [linux-nodes] and down the public or private IP address of the nodes.

Enter the hosts file to perform all changes:

   $ vi hosts

Type i (insert) then copy/paste all IP address of nodes in the IP section of the file, Lastly type Esc : wq! To save the change.

You must create a folder on the root named " web " and you must drop the "index.html" inside the folder.

Step 12: Run Ansible Command

To test the connectivity you can try with one nodes or all nodes One nodes type

   $ ssh root@<private Ip placed on the hosts lists>.                   Ex: $ ssh root@10.0.1.10

You will be prompt to valid the connection so you will press "y" to confirm and the connection will go through. To logout type exit.

For all servers type:

   $ ansible -m ping all

Step 13: Review of Changes

After making sure all connectives are done between the controller and nodes. We have to return to the root and create a folder named "web" with the command

   $ mkdir web

Then enter the folder with the command

   $ cd web

Once you inside the folder you must create two files " index.html " and " playbook.yml "

• index.html

• playbook.yml

As we have both files setup in the web folder. We will remain on the folder and we will use the Ansible command to perform all the requirements of the playbook file. Type command;

   $ ansible-playbook playbook.yml

the process will follow and you will have all the steps or plays written in the playbook been deploy. images will show what exactly are the outputs:

All tasks on the Linux nodes:

• Upgrade nodes

• Install latest Apache server

• Start Apache

• Enable Apache

• Copy Index.html from source to destination

• Install Git

The same tasks executed on Linux will also be done on Ubuntu nodes

Here is now the recap of all tasks done.

You can test the web page by copying any public Ip of nodes then paste it in the browser you will have this bellow result.

Step 14: Destroy

Destroy the terraform managed infrastructure meaning all resources created will be shut down. This action can be done with the command "terraform destroy"

   terraform destroy -auto-approve

At the end you will receive a prompt message showing all resources has been destroyed

🤝 Contributing

Your perspective is valuable! Whether you see potential for improvement or appreciate what's already here, your contributions are welcomed and appreciated. Thank you for considering joining us in making this project even better. Feel free to follow me for updates on this project and others, and to explore opportunities for collaboration. Together, we can create something amazing!

📄 License

This project is licensed under the Joebahocloud License

🚀 Overview:

The Static web site project on AWS using Terraform aims to create a scalable and resilient web static site hosted on S3 which is an Amazon Web Services (AWS) cloud platform. This project utilizes Terraform, an Infrastructure as Code (IaC) tool, to provision and manage the S3 bucket with all the parameters that will make it publicly accessible. The goal of this project is to design and deploy a web site host on S3 that will include all necessary components of the S3 bucket.

🔧 Problem Statement

Terraform is an IaC software tool that provides a consistent command line interface (CLI) workflow to manage hundreds of cloud services. Terraform codifies cloud APIs into declarative configuration files. In this specific case you need to create S3 bucket that will host a static web site. Terraform will use this deployment to provide all needed S3 elements that will make the web site to be accessible avoiding us to use the console and it will automate the setup, ensuring consistency and reducing human error.

💽 Techonology Stack

The architecture consists of the following three tiers:

• S3: AWS VPC

📌 Architecture Diagram

🌟 Project Requirements

Before you get started, make sure you have the following prerequisites in place:

• Terraform installed on your local machine.

• AWS IAM credentials configured in your text editor. In this case we will use VSCODE.

• Git installed on your local machine and Github account set up Github

• Git for cloning the repository.

You must also know Terraform workflow

📋 Table of Contents

I - Terraform Configuration files

Step 1: Provider Configuration

Step 2: S3 Configuration

Step 4: Output Configuration

II - Instructions of Deployment

Step 1: Clone Repository

Step 2: Initialize Folder

Step 3: Format Files

Step 4: Validate Files

Step 5: Plan

Step 6: Apply

Step 7: Review of Resources

Step 8: Destroy

✨Terraform Configuration files

You need to write different files generating resources

Step 1: Provider Configuration

Here we declare our cloud provider and we specify the region where we will be launching resources

• provider Configuration

Step 3: S3 Configuration

This is where you create the basement, foundation and networking where all the resources will be launch. It includes VPC, Subnets, IGW, NatGateway, EIP and Route tables

• S3 Configuration

We have here

• Bucket name:

• Permissions:

• Objects:

• Properties:

Step 4: Output Configuration

Know as Output Value : it is a convenient way to get useful information about your infrastructure printed on the CLI. It is showing the ARN, name or ID of a resource. In this case we are bringing out the DNS name of the web application Load balancer.

• Output Configuration

💼 Instructions of Deployment

Follow these steps to deploy the architecture:

Step 5: Clone Repository:

Clone the repository in your local machine using the command "git clone"

git clone https://github.com/Joebaho/Joebaho-Cloud-Platform/tree/main/docs/static-web-terraform-on-aws

Step 6: Initialize Folder

Initialize the folder containing configuration files that were clone to Terraform and apply the configuration by typing the following command

terraform init

You must see this image

Step 7: Format Files

Apply any changes on files and Review the changes and confirm the good format with command:

terraform fmt

Step 8: Validate Files

Ensure that every files are syntactically valid and ready to go with the command:

terraform validate

If everything is good you will have something like this

Step 9: Plan

Create an execution plan to provide the achievement of the desired state. It Check and confirm the numbers of resources that will be create. Use command:

terraform plan

The list of all resources in stage of creation will appear and you can see all properties(arguments and attributs) of each resources

Step 10: Apply

Bring all desired state resources on life. It Launch and create all resources listed in the configuration files. The command to perform the task is:

terraform apply -auto-approve

The process of creation will start and you will be able to see which resourse is on the way to be create and the time it taking to create.

At the end you will receive a prompt message showing all resources status: created, changed and the numbers of them.

Step 11: Review of resources

Go back on the console and check all actual state resources one by one to see. You will have

• S3

  

• Permissions

  

• objects

  

• properties

  

• web page

  

• error page

Step 12: Destroy

Destroy the terraform managed infrastructure meaning all resourcescreated will be shut down. This action can be done with the command "terraform destroy"

terraform destroy -auto-approve

At the end you will receive a prompt message showing all resources has been destroyed

🤝 Contributing

Your perspective is valuable! Whether you see potential for improvement or appreciate what's already here, your contributions are welcomed and appreciated. Thank you for considering joining us in making this project even better. Feel free to follow me for updates on this project and others, and to explore opportunities for collaboration. Together, we can create something amazing!

📄 License

This project is licensed under the Joebaho Cloud License

🚀 Overview:

The VPC Architecture project on AWS using Terraform aims to create a scalable and resilient infrastructure that leverages the power of Amazon Web Services (AWS) cloud platform. This project utilizes Terraform, an Infrastructure as Code (IaC) tool, to provision and manage the infrastructure components, enabling automation, repeatability, and scalability. The primary objective of this project is to design and deploy a virtual Private Cloud or Networking architecture on AWS that consists of multiple components, including basement, networking, traffic flow. All components will be deployed across two Availability Zones (AZs) for high availability and fault tolerance.

🔧 Problem Statement

Terraform is an IaC software tool that provides a consistent command line interface (CLI) workflow to manage hundreds of cloud services. Terraform codifies cloud APIs into declarative configuration files. In this specific case you need to create foundation Networking(VPC, Subnets, route table, IGW, NAT Gateway...), Terraform will automatically use the configuration files to provide the infrastructure resources where we can run application needed. Terraform will use his deployment to provide all AWS needed elements avoiding us to use the console and it will automate the setup, ensuring consistency and reducing human error.

💽 Techonology Stack

The architecture consists of the following three tiers:

• VPC: AWS VPC

• Subnets: AWS Subnets

• Route table: AWS route table

• NACL: AWS NACL

• Internet Gateway: AWS IGW

📌 Architecture Diagram

🌟 Project Requirements

Before you get started, make sure you have the following prerequisites in place:

• Terraform installed on your local machine.

• AWS IAM credentials configured in your text editor. In this case we will use VSCODE.

• Git installed on your local machine and Github account set up Github

• Git for cloning the repository.

You must also know Terraform workflow

📋 Table of Contents

I - Terraform Configuration files

Step 1: Provider Configuration

Step 2: Variables Configuration

Step 3: VPC Configuration

Step 4: Output Configuration

II - Instructions of Deployment

Step 5: Clone Repository

Step 6: Initialize Folder

Step 7: Format Files

Step 8: Validate Files

Step 9: Plan

Step 10: Apply

Step 11: Review of Resources

Step 12: Destroy

✨Terraform Configuration files

You need to write different files generating resources

Step 1: Provider Configuration

Here we declare our cloud provider and we specify the region where we will be launching resources

• provider Configuration

Step 2: Variables Configuration

This is where we declare all variables and their value. It includes

• Variables: List of element that can vary or change. They can be reuse values throughout our code without repeating ourselves and help make the code dynamic

• values: values attributed to each variables.

We have

• variables Configuration

• value Configuration

Step 3: VPC Configuration

This is where you create the basement, foundation and networking where all the resources will be launch. It includes VPC, Subnets, IGW, NatGateway, EIP and Route tables

• VPC Configuration

We have here

• VPC: Virtual Private Cloud the main and private environment where all resources will be launch

• Subnets: is a segmented portion of a virtual private cloud (VPC) that allows you to partition your network resources. Subnets are used to organize and manage your cloud resources more effectively by providing isolation and control over network traffic.

• Internet Gateway: it plays a crucial role in enabling internet connectivity for resources within a VPC, allowing instances to access services, applications, and data hosted on the public internet while providing scalability, redundancy, and security features.

• Route Tables: is a fundamental networking component that controls the routing of network traffic within a Virtual Private Cloud (VPC). Route tables define the rules for directing traffic from one subnet to another or to external networks, such as the internet or on-premises networks.

• NCAL: Network Access Control Lists (NACLs) are a security layer in AWS that act as a firewall for controlling traffic in and out of one or more subnets within a Virtual Private Cloud (VPC).

• Security Groups: a security group acts as a virtual firewall for controlling inbound and outbound traffic to AWS resources, such as EC2 instances, RDS databases, and other services within a Virtual Private Cloud (VPC). Security groups allow you to define rules that specify the type of traffic allowed or denied based on protocols, ports, and IP addresses.

Step 4: Output Configuration

Know as Output Value : it is a convenient way to get useful information about your infrastructure printed on the CLI. It is showing the ARN, name or ID of a resource. In this case we are bringing out the DNS name of the web application Load balancer.

• Output Configuration

💼 Instructions of Deployment

Follow these steps to deploy the architecture:

Step 5: Clone Repository:

Clone the repository in your local machine using the command "git clone"

git clone https://github.com/Joebaho/Joebaho-Cloud-Platform/tree/main/site/vpc-foundation-terraform-on-aws

Step 6: Initialize Folder

Initialize the folder containing configuration files that were clone to Terraform and apply the configuration by typing the following command

terraform init

You must see this image

Step 7: Format Files

Apply any changes on files and Review the changes and confirm the good format with command:

terraform fmt

Step 8: Validate Files

Ensure that every files are syntactically valid and ready to go with the command:

terraform validate

If everything is good you will have something like this

Step 9: Plan

Create an execution plan to provide the achievement of the desired state. It Check and confirm the numbers of resources that will be create. Use command:

terraform plan

The list of all resources in stage of creation will appear and you can see all properties(arguments and attributs) of each resources

Step 10: Apply

Bring all desired state resources on life. It Launch and create all resources listed in the configuration files. The command to perform the task is:

terraform apply -auto-approve

Now, the creation will start and you will be able to see which resources is on the way to be create and the time it taking to create.

At the end you will receive a prompt message showing all resources status: created, changed and the numbers of them.

Here are the outputs :

Step 11: Review of resources

Go back on the console and check all actual state resources one by one to see. You will have

• VPC

• 

  Subnets

• 

• IGW

• 

• Route Tables

• 

• NCAL

Step 12: Destroy

Destroy the terraform managed infrastructure meaning all resources created will be shut down. This action can be done with the command "terraform destroy"

terraform destroy -auto-approve

At the end you will receive a prompt message showing all resources has been destroyed

🤝 Contributing

Your perspective is valuable! Whether you see potential for improvement or appreciate what's already here, your contributions are welcomed and appreciated. Thank you for considering joining us in making this project even better. Feel free to follow me for updates on this project and others, and to explore opportunities for collaboration. Together, we can create something amazing!

📄 License

This project is licensed under the JoebahoCloud License

🚀 Overview:

The project aims to leverage VPC flow logs, a feature provided by Amazon Web Services (AWS), to enhance network visibility, security monitoring, and troubleshooting capabilities within the AWS environment. By enabling and analyzing VPC flow logs, the project seeks to provide valuable insights into network traffic patterns, detect security threats and anomalies, and optimize network performance. By implementing a robust VPC flow logs solution and integrating it into existing network monitoring and security frameworks, organizations can enhance their ability to manage and secure their AWS environments effectively, mitigating risks, improving operational efficiency, and ensuring compliance with regulatory requirements.

🔧 Problem Statement

In complex cloud environments hosted on AWS, maintaining comprehensive visibility into network traffic and ensuring robust security monitoring are critical challenges for organizations. Traditional network monitoring tools may not provide sufficient visibility into traffic flows within virtual private clouds (VPCs), making it difficult to detect and investigate security incidents, troubleshoot connectivity issues, and optimize network performance.To address these challenges, the project proposes leveraging VPC flow logs, a feature provided by AWS, to capture and analyze network traffic metadata at the VPC level. VPC flow logs provide detailed information about the traffic flowing to and from network interfaces in the VPC, including source and destination IP addresses, ports, protocols, and packet counts.

💽 Techonology Stack

The architecture consists of the following three tiers:

• VPC: AWS VPC

• IAM role: AWS IAM

• EC2 Instances: AWS EC2

• CloudWatch: AWS CloudWatch

• VPC Flowlogs: AWS VPC flow logs

📌 Architecture Diagram

🌟 Project Requirements

Before you get started, make sure you have the following prerequisites in place:

• AWS IAM credentials configured in your text editor. In this case we will use VSCODE.

• Git installed on your local machine and Github account set up Github

• Git for cloning the repository.

• An Infrastructure (VPC, Subnets, route table, Security groups, NACL...) ready to be use for the lab.

• Two instances running with a user data attached on each.

You must also know the goal of setting up a VPC flow logs which are:

1- Enhanced Network Visibility: Gain comprehensive visibility into network traffic patterns and behavior within the AWS VPC environment.
2- Improved Security Monitoring: Detect and investigate security threats, anomalies, and unauthorized access attempts in real-time.
3- Efficient Troubleshooting: Quickly diagnose and troubleshoot connectivity issues, performance bottlenecks, and network anomalies.
4- Optimized Network Performance: Identify opportunities to optimize network performance, resource utilization, and cost efficiency based on traffic analysis and insights.

📋 Table of Contents

I - Infrastructure Configuration

Step 1: VPC Configuration

Step 2: Instances Configuration

Step 3: Web page Output

II - Instructions of Deployment

Step 1: IAM Role

Step 2: Log Group creation

Step 3: FlowLogs Creation

Step 4: Checking Logs

Step 5: Understanding Logs

✨Infrastructure Configuration

You need to create all resources needed for the accomplishment of the project. We considered this part easy to do. So, we will present infrastructure that was prebuilt

Step 1: VPC Configuration

Here we declare our foundation or networking environment. We have here VPC, subnets, routable, security groups, NACL...

• VPC

Step 2: Instances Configuration

• EC2 instances

We will be launching two EC2 instances in the public subnets with user data attached on them. We will use the public Ip address to display the content on the browser.

User-data

Instance 1

Instance 2

Step 3: Web page output

We will use public IP address of each instances to see the web page on the browser. These are the two web pages showing the message posted in the user data.

💼 Instructions of Deployment

Follow these steps to produce the VPC Flowlogs:

Step 1: Create the IAM role

Create an IAM role that will allow the VPC to drop all logs in CloudWatch. The full access permission need to be add in the role and the trusted-entities in the role must be edit to "vpc-flow-logs.amazonaws.com"

Create role by giving name and a description

Add the CloudWatch full access permission

In the "Trust Relationship " you must change the trust policy by replacing the trusted-entities "ec2.amazonaws.com" to "vpc-flow-logs.amazonaws.com"

You have to follow this way : Trust relationship / click Edit trust policy / "vpc-flow-logs.amazonaws.com"

Step 2: Create the Log Group in the CloudWatch

Go on CloudWatch to create the log group by following the way:

CloudWatch > Log groups > Click Create log group

You will have to provide

• Name of the log group

• Retention period : giving the period of time when the logs can be kept

• Class : type of the log group.

Step 3: Create Flowlogs in VCP

You must go back on your VPC option, select the VPC you working then keep following the process

VPC > select your_vpc > click Flow Logs tab > click Create flow logs

In the flow log tab open you will add differents setting such as:

• Name: identifier of the Flowlogs

• filter : type of the traffic to be considered. It will be Accepted, Reject or both

• Maximun aggregation interval: the interval of time where the Flowlogs will capture record.

A destination where the logs will be dump must be specify.There are multiple place as you can see in the picture. In our case we gonna drop them in CloudWatch logs. The role created before is also need to be attached after.

At the end we have declare the format of the Output of the logs. Either we can customize it to use the AWS default format

Step 4: Check the logs

Here comes the time to see the result of the VPC Flowlogs. Remember we launched two EC2 instances. Each instances have an ENI(Elastic Network Interface) which is a virtual network interface that you can attach to an instance in a VPC (Virtual Private Cloud) in AWS. ENIs enable instances to communicate with other resources in the VPC and with the internet. In order to see the flow of access accepted or rejected to the instances we must go back on CloudWatch then follow the process

CloudWatch > Log groups > Choose the log group(vpc-flowlogs-group) >Log streams Tabs > Choose eni

A picture like the bellow one will appear

As you pick the first eni here come the Flowlogs of the specific eni.

Then the second eni will produce the logs bellow

Step 5: Understand the logs

Understanding VPC Flow Logs is essential for monitoring and analyzing network traffic within your AWS Virtual Private Cloud (VPC). VPC Flow Logs capture information about the traffic flowing in and out of network interfaces in your VPC, providing valuable insights into network activity, including the source and destination of traffic, the protocols used, and the number of packets and bytes transferred.

Here's how you can interpret and understand VPC Flow Logs:

1-Log Format:

VPC Flow Logs are stored in CloudWatch Logs and can be viewed in the AWS Management Console. Each log record contains information about a specific network flow, including fields such as source and destination IP addresses, ports, protocol, action (accepted or rejected), and timestamps. Understanding Fields:

2-Understanding Fields

Source/Destination IP Address: The source and destination IP addresses of the network traffic.
Source/Destination Port: The source and destination ports used in the network communication.
Protocol: The protocol used in the network communication (e.g., TCP, UDP, ICMP).
Packets/Bytes: The number of packets and bytes transferred in the network flow.
Action: Indicates whether the traffic was accepted or rejected by security groups or network ACLs.
Timestamp: The timestamp when the network flow occurred.

3- Traffic Patterns:

Analyze traffic patterns to identify trends and anomalies. Look for patterns such as spikes in traffic volume, unusual source/destination IP addresses, or unexpected protocols. This can help detect security threats, performance issues, or misconfigurations.

4- Security Analysis:

Use VPC Flow Logs for security analysis and monitoring. Identify and investigate suspicious or unauthorized network activity, such as unauthorized access attempts, port scans, or data exfiltration attempts. VPC Flow Logs can help you detect and respond to security incidents in real-time.

5- Troubleshooting:

Troubleshoot network connectivity issues by analyzing VPC Flow Logs. Identify failed connections, dropped packets, or misconfigured security group rules that may be causing connectivity problems. VPC Flow Logs provide valuable diagnostic information to help pinpoint the root cause of network issues.

6- Compliance and Auditing:

Use VPC Flow Logs for compliance and auditing purposes. Maintain records of network traffic for regulatory compliance requirements or internal auditing purposes. VPC Flow Logs provide a detailed audit trail of network activity within your VPC.

7- Integration with Other Tools:

Integrate VPC Flow Logs with other AWS services or third-party tools for advanced analysis and visualization. For example, you can use Amazon Athena or Amazon Elasticsearch Service to perform ad-hoc queries and visualize network traffic data for deeper insights.

Take a look an example of output

By understanding and analyzing VPC Flow Logs, you can gain valuable visibility into your AWS VPC's network traffic, enhance security monitoring, troubleshoot network issues, and ensure compliance with regulatory requirements.

🤝 Contributing

Your perspective is valuable! Whether you see potential for improvement or appreciate what's already here, your contributions are welcomed and appreciated. Thank you for considering joining us in making this project even better. Feel free to follow me for updates on this project and others, and to explore opportunities for collaboration. Together, we can create something amazing!

📄 License

This project is licensed under the Joebaho Cloud License