Voiced by Amazon Polly |
Introduction
In the dynamic landscape of modern IT infrastructure, where agility and scalability are paramount, the need for efficient and reproducible management of resources has given rise to Infrastructure as Code (IaC) tools. Terraform redefines how infrastructure is provisioned and managed, offering a declarative and version-controlled approach to safely and efficiently building, modifying, and versioning infrastructure safely and efficiently.
This blog post aims to unravel the core concepts of Terraform, exploring how it enables users to define and automate infrastructure deployment across various cloud providers, on-premises data centers, and other service providers.
Pioneers in Cloud Consulting & Migration Services
- Reduced infrastructural costs
- Accelerated application deployment
Pre-requisites
Terraform Installed:
Make sure that Terraform is installed on your local machine. You can download the latest version of Terraform from the official HashiCorp website. Having Terraform installed lets you define and provision your infrastructure using Terraform configuration files.
AWS CLI (Command Line Interface):
The AWS CLI should be installed and configured with the necessary credentials on your local machine. Terraform uses these credentials to authenticate and interact with your AWS account. Ensure the AWS CLI is set up correctly with the required access keys.
Terraform Configuration Files:
Create Terraform configuration files (typically with a .tf extension) that define the infrastructure you want to manage. These files will specify the AWS provider, resources (such as Amazon EC2 instances), and any additional configurations needed for your automation.
Steps to Automate the Amazon EC2 instance
Step 1: Go to the AWS IAM section, create a user with administrator access, and copy the access and secret keys used to help create the infrastructure.
Step 2: Note the access key and secret key of the user.
Step 3: Install the terraform in local systems, open the visual studio, and create one directory. Inside that, create a file name as main.tf and update the below script.
- In the place of access key and secret, update the details that are copied in step 2, and also mention the region where you want to create the infrastructure.
- Update the timings in the cron job when you want to start and stop the Amazon EC2 Instance in the Amazon CloudWatch event rule.
- The lines that are marked in yellow need to be updated.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 |
provider "aws" { access_key = "update the access_key " secret_key = " update the secret_key " region = "us-east-1" } resource "aws_instance" "Demo" { ami = "ami-052efd3df9dad4825" instance_type = "t2.micro" tags = { Name = "Demo" } } resource "aws_iam_policy" "stop_start_ec2_policy" { name = "StopStartEC2Policy" path = "/" description = "IAM policy for stop and start EC2 from a lambda" policy = <<EOF { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": "arn:aws:logs:*:*:*" }, { "Effect": "Allow", "Action": [ "ec2:Start*", "ec2:Stop*", "ec2:DescribeInstances*" ], "Resource": "*" } ] } EOF } resource "aws_iam_role" "stop_start_ec2_role" { name = "StopStartEC2Role" assume_role_policy = <<EOF { "Version": "2012-10-17", "Statement": [ { "Action": "sts:AssumeRole", "Principal": { "Service": "lambda.amazonaws.com" }, "Effect": "Allow", "Sid": "" } ] } EOF } resource "aws_iam_role_policy_attachment" "lambda_role_policy" { role = "${aws_iam_role.stop_start_ec2_role.name}" policy_arn = "${aws_iam_policy.stop_start_ec2_policy.arn}" } resource "aws_lambda_function" "stop_ec2_lambda" { filename = "ec2_lambda_handler.zip" function_name = "stopEC2Lambda" role = "${aws_iam_role.stop_start_ec2_role.arn}" handler = "ec2_lambda_handler.stop" source_code_hash = "${filebase64sha256("ec2_lambda_handler.zip")}" runtime = "python3.7" memory_size = "250" timeout = "60" } resource "aws_cloudwatch_event_rule" "ec2_stop_rule" { name = "StopEC2Instances" description = "Stop EC2 nodes at 19:00 from Monday to friday" schedule_expression = "cron(45 12 ? * 1-7 *)" } resource "aws_cloudwatch_event_target" "ec2_stop_rule_target" { rule = "${aws_cloudwatch_event_rule.ec2_stop_rule.name}" arn = "${aws_lambda_function.stop_ec2_lambda.arn}" } resource "aws_lambda_permission" "allow_cloudwatch_stop" { statement_id = "AllowExecutionFromCloudWatch" action = "lambda:InvokeFunction" function_name = "${aws_lambda_function.stop_ec2_lambda.function_name}" principal = "events.amazonaws.com" } resource "aws_lambda_function" "start_ec2_lambda" { filename = "ec2_lambda_handler.zip" function_name = "startEC2Lambda" role = "${aws_iam_role.stop_start_ec2_role.arn}" handler = "ec2_lambda_handler.stop" source_code_hash = "${filebase64sha256("ec2_lambda_handler.zip")}" runtime = "python3.7" memory_size = "250" timeout = "60" } resource "aws_cloudwatch_event_rule" "ec2_start_rule" { name = "StartEC2Instances" description = "Start EC2 nodes at 6:30 from Monday to friday" schedule_expression = "cron(30 6 ? * 2-6 *)" } resource "aws_cloudwatch_event_target" "ec2_start_rule_target" { rule = "${aws_cloudwatch_event_rule.ec2_start_rule.name}" arn = "${aws_lambda_function.start_ec2_lambda.arn}" } resource "aws_lambda_permission" "allow_cloudwatch_start" { statement_id = "AllowExecutionFromCloudWatch" action = "lambda:InvokeFunction" function_name = "${aws_lambda_function.start_ec2_lambda.function_name}" principal = "events.amazonaws.com" } output "instance_id" { description = "ID of the EC2 instance" value = aws_instance.Demo.id } |
Step 4: Create another file called ec2_lambda_handler.py and update the below script inside that file. Update the Amazon EC2 instance ID once the infrastructure is created in your account. You can get the instance ID from the output of the terraform script.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 |
import boto3 region = 'us-east-1' ec2 = boto3.client('ec2', region_name=region) response = ec2.describe_instances(Filters=[ { 'Name': 'tag:Demo', 'Values': [ 'true', ] }, ]) instances = ['i-05511ff545bba37eb'] for reservation in response["Reservations"]: for instance in reservation["Instances"]: instances.append(instance["InstanceId"]) def stop(event, context): ec2.stop_instances(InstanceIds=instances) print('stopped instances: ' + str(instances)) def start(event, context): ec2.start_instances(InstanceIds=instances) print('started instances: ' + str(instances)) |
Step 5: Create the ec2_lambda_handler.zip file inside the same directory after updating the instance ID in the ec2_lambda_handler.py file and run the following commands to create the infrastructure in your account.
Terraform Commands to Run:
1 2 3 |
--> terraform init --> terraform plan --> terraform apply |
If you want to delete the infrastructure, you can run.
1 |
--> terraform destroy |
Conclusion
Automating the start and stop of Amazon EC2 instances through Terraform unveils a powerful paradigm shift in infrastructure management. Addressing the prerequisites outlined in this guide lays the groundwork for a streamlined and efficient automation process. Terraform’s declarative approach to Infrastructure as Code (IaC) empowers you to define, version, and automate your AWS infrastructure effortlessly, enhancing agility and reducing operational costs. Harnessing the potential of Terraform, you not only simplify the complexities of infrastructure provisioning but also embrace a scalable and reproducible model that aligns seamlessly with the demands of modern cloud computing.
Drop a query if you have any questions regarding Amazon EC2 and Terraform, and we will get back to you quickly.
Making IT Networks Enterprise-ready – Cloud Management Services
- Accelerated cloud migration
- End-to-end view of the cloud environment
About CloudThat
CloudThat is an official AWS (Amazon Web Services) Advanced Consulting Partner and Training partner, AWS Migration Partner, AWS Data and Analytics Partner, AWS DevOps Competency Partner, Amazon QuickSight Service Delivery Partner, Amazon EKS Service Delivery Partner, Microsoft Gold Partner, and many more, helping people develop knowledge of the cloud and help their businesses aim for higher goals using best-in-industry cloud computing practices and expertise. We are on a mission to build a robust cloud computing ecosystem by disseminating knowledge on technological intricacies within the cloud space. Our blogs, webinars, case studies, and white papers enable all the stakeholders in the cloud computing sphere.
To get started, go through our Consultancy page and Managed Services Package, CloudThat’s offerings.
FAQs
1. What is Terraform?
ANS: – Terraform is an open-source Infrastructure as Code (IaC) tool developed by HashiCorp. It enables users to define and provision infrastructure using a declarative configuration language. Terraform supports various cloud providers, on-premises data centers, and other infrastructure platforms.
2. Why automate the start and stop of Amazon EC2 instances?
ANS: – Automating the start and stop of Amazon EC2 instances helps optimize costs by ensuring that resources are active only when necessary. This is especially beneficial for non-production environments, or instances used intermittently, allowing users to scale their infrastructure based on demand and reduce overall operational expenses.
3. Can I schedule the start and stop of Amazon EC2 instances at specific times?
ANS: – Yes, Terraform provides flexibility through variables and external tools to schedule the start and stop of Amazon EC2 instances at specific times. Users can integrate Terraform with external schedulers or leverage native cloud provider features for scheduled actions.
WRITTEN BY Yamini Reddy
Click to Comment