Enterprise DevOps & Cloud Infrastructure

Generating the AWS Services

Erik Reinert

Erik Reinert

Enterprise DevOps & Cloud Infrastructure

Check out a free preview of the full Enterprise DevOps & Cloud Infrastructure course

The "Generating the AWS Services" Lesson is part of the full, Enterprise DevOps & Cloud Infrastructure course featured in this preview video. Here's what you'd learn in this lesson:

Erik generates the AWS services and uses the AWS UI to highlight what was created by Terraform Cloud. SSH key pairs are still required to finish the automation. They can be generated from EC2 interface.


Transcript from the "Generating the AWS Services" Lesson

>> So let's do this. Let's do AWS cluster, and I'm gonna provision my AWS cluster as well, so I'm gonna say, New run. Now, you'll notice one thing that's actually pretty cool about this is I can actually also show data sources, right? So I can see what data sources were looked up.

And then I can also see, cool, well the VPC was in fact found. So this would not have worked if we hadn't applied network yet, because that VPC name isn't there for us to look up in this repo. That's how the Legos stack on top of each other, right?

So now I'm gonna hit Confirm and Apply, and I'm gonna let it apply. Now, really quickly, while this is happening, let's go to Amazon, right? We just provisioned a bunch of infrastructure, let's see what it looks like. So I'm gonna go here, I'm gonna log in with my account.

And let's go see. While this is provisioning, right, we can see it's provisioning stuff. Let's go see what it's made. Cool, and again, I know it's failing purposely. So don't worry, I have a plan. So while that's failing, just let it keep going, it's okay. If something fails, it's fine, just let it keep going, right?

Let's go to VPC. Okay, your VPCs. I'm in Northern California, we should probably switch to the right region before I freak out. [LAUGH] And then look at that. There's our VPC, fem-eci. And here's what's really cool, look at this, everything's already there. The CIDR's set up. The ACL is the main route table.

I can even go to the resource map and see how the routing works. Okay, public goes out here. ElastiCache goes out here. Intra is in this one, right? These are the route tables and these are the network connections, right? So you can really kinda start to get an idea of how this infrastructure is created.

So let's go back to our automation really quickly. So it's at Create Failed. Hm, it's interesting, I wonder why that happened, right? That's a little bit peculiar. Sometimes with Amazon, it's easier to create them manually. And you might be like, whoa, what? Why are you saying this for?

It's the only time I genuinely think this is easier to be done manually. So, whenever you work with ECS clusters, you need a key pair. You need some type of key to give the instances that are gonna be created so that you can access them, right? Now you have two choices here, you can either take an existing key pair and import it into your automation and then have it apply that for you, right?

Or you can do another thing, which is you can actually just use the key pair infrastructure in Amazon and download a freshly generated one for you. And that's what I prefer to do. So if you run into this error, which you will, bam, look at that, key pair does not exist.

Fair enough. So, this cluster couldn't create because the instances it wants to have can't create or can't use a key so that you can connect to them, right? We need an SSH key of some sort. I don't wanna use mine, right? Because what happens when I leave the company?

[LAUGH] Right? So what we're gonna do is we're gonna make it so that the company keeps that responsibility. I'm gonna go to EC2, And I'm gonna go to Key Pairs. And you'll actually see that I've got a couple, I've got one right there even already, but that's not the one I need, so I'm just gonna delete that really quickly.

And I'm gonna create a new one, Create key pair. And I'm gonna paste in the value it expects, right? eci-ereinert-prod-cluster-ecs, and then I'm gonna hit, Create key pair. When you do that, did you notice that it also downloaded something for me? That's why it's nice to do this approach.

Because now your key pair is stored in Amazon, it's secure in there, you can start using it wherever you want, right? And you have it now downloaded available to you, that you can store the private key somewhere if you wanna connect to your instances, right? So now that we have that, we can actually go back to our run and rerun.

>> I think you mentioned it, but Terraform could have generated that as well, correct?
>> It can, but the problem is it won't give you the key. I don't know why, but the resource doesn't actually give you the key when you create it in Terraform. So the best way in my personal opinion is to just go in, create it manually.

Download the key, store it somewhere safe, and then just utilize that. And so you can see here that now this all got created. And I don't know why, but my UI is not fully updating. It didn't get created. Sorry, gotta confirm it. This time it should get created.

So while that's working, we can go back to Amazon, and we can go to ECS. And look at that, I have a fem-eciep-ereinhardt=prod and my other one, which is my alt4llc-bulbasaur-dev. Now you might be wondering why do you have Bulbasaur here? [LAUGH] It's because I version my infrastructure in Pokemon.

Version one is Bulbasaur, version two, version three, version four, so on. So it's just a nerdy way that I name all of my versions of my environments. That's another layer that you guys might want to take a look at in the future, which is active and passive, right?

I have an active cluster and a passive cluster that are both for dev, right? How do I switch between active and passive even though it's in dev? That's another layer to it. Look at that, class, [LAUGH] we have four greens across the board here. And that's because now we have Terraform tfe completely synced and automated.

Terraform eci-github, completely synced and automated. Terraform aws-network got its own network created for it with its own parameters, right, but it is in fact aws-network. And then eci-cluster got created, right? And it was attached to the repository that we need. So in about an hour, we created all of the workspaces we needed, all the repositories we needed.

And not only that, we created a whole network on Amazon as well as a cluster for all of our services.

Learn Straight from the Experts Who Shape the Modern Web

  • In-depth Courses
  • Industry Leading Experts
  • Learning Paths
  • Live Interactive Workshops
Get Unlimited Access Now