Deploying Terrfaform Infrastructure Using Github, CodeBuild, and CloudFormation:

• AWS Account Required
• May be outside of the free tier

Log-in to your AWS Account:

-Preferably with admin permissions to make it easy to provision (not a best practice)

- create a key pair named tf-demo (or whichever name you have in your Terraform config file)

For the public key generation as required by terraform I ran the command in my local cli if you need assistance generating a public key navigate here: https://download.asperasoft.com/download/docs/ascp/3.5.2/html/dita/creating_public_key_cmd.html

You will be able to change the permission in your ec2 instance after connecting via ssh (chmod 400<key pair name>.pem)

Cloudformation — Deploying resources

Next, we will navigate to Cloudformation upload the JSON file before we create a stack that will deploy our CodeBuild projects, necessary IAM role & S3 bucket. Use the file located here:

https://github.com/bmwitcher/tfcicd/blob/master/codebuild.json

Before we start for your environment if you want to use your Github account for this code be sure to alter the below line in the JSON file before uploading it to CloudFormation.

Let’s head to CloudFormation and create our stack:

Name your stack and provide any parameters you would like then click Next. Make no changes on the next screen and click next.

At the bottom on the following screen do not forget to check the box allow AWS to create an IAM role so that your resources are allowed to be provisioned.

The stack will take a few seconds to a minute to provision. Once complete you should see a “CREATE_COMPLETE. Let’s Verify.

S3:

IAM: we can tell this was created from CloudFormation by the name tfcicd as you will see most of our other resources are named.

CodeBuild: Again we can tell by the name that our CodeBuild was provisioned properly

Before we deploy our stack lets look at our Terraform configuration files to see what we will deploy.

If you are deploying this code in your local environment you will need to run this command to import your key pair from AWS that should be created before deploying. On our ec2 we are deploying a simple apache test page, where only “I” will be able to access it by setting “my ip address” in the security group below.

Above you will see only I can access this ec2 instance (ref. cidr _blocks range)

Above we are associating the security group with the ec2 instance.

We have verified our resources were created properly, we have looked at the resources that will hopefully provision (hint: I’ve already tested it out so it will work 😬). Let’s go to CodeBuild to deploy our infrastructure and then after we have verified a few resources we will destroy it also using CodeBuild, then we will delete the stack which will remove everything we have created today.

Go to CodeBuild and click on our tfcicd project.

Scroll to the bottom of this screen…

Click on start build. All of the environment variables were created using cloud formation. We will revisit this at we very that our infrastructure has successfully provisioned.

Ok, everything appears to have successfully provisioned. Lets double check because this can say “successful” but not provisioned in which case you will have to check the build logs to debug the issue (which I had to do before testing this out). Let’s check our account.

EC2 and proper type created & Security group associated!

SG group created and attached to our EC2, and inbound/outbound rules attached

Now we see the power of Github for source control, Terraform & CloudFormation for its automation for Infrastructure as a Code, and CodeBuild for testing, provisioning, and destroying infrastructure.

Destroying our Environment:

Let’s go back to CodeBuild and change our environment variable destroy = “True”. This will destroy the resources that terraform provisioned for us.

Change the destroy value to “True”. Scroll to the bottom and click update environment

If you get a policy error retry but unchecking the following box

On the following screen click on start build again and check your ec2 instance to ensure it has been terminated, along with the security groups …etc. This will take a few minutes.

Next, navigate back to CloudFormation and delete the stack. All of the resources we provisioned before Terraform will now delete as well.

Next steps TO BE CONTINUED….the next step in this process is to use CodePipleline where I want to implement manual approvals for the application of the terraform configurations. I am currently studying for the AWS certified developer associate and on this attempt did not figure out how to implement this step YET. Come back for future updates on my journey from law enforcement to the cloud ☁️