top of page
Sarvesh Kaushik

Implementation of a set of EC2 instances using Terraform and AWS Systems Manager configuration with Amazon Simple Notification Service for automated installation of security officers


In this real-world project, I took on the role of a DevSecOps Engineer to automate the deployment of EC2 instances and infrastructure using Terraform (Infrastructure as Code — IaC). Additionally, automating the installation of a specific security agent across all instances was a crucial task.


After provisioning the infrastructure, I utilized AWS Systems Manager and its Command Run component for the automated installation of the security agents. To keep stakeholders informed, I employed Amazon Simple Notification Service (SNS) to send email notifications regarding the process status.


Terraform is an open-source infrastructure as code (IaC) tool developed by HashiCorp. It enables users to define and provision infrastructure resources such as virtual machines, networks, storage, and more, using a declarative configuration language.

Terraform helps automate the process of building, modifying, and managing infrastructure across various cloud providers and on-premises environments. Its modular and reusable configuration files allow for consistent and scalable infrastructure deployment, making it a preferred choice for DevOps teams and cloud architects aiming to achieve infrastructure automation and agility.


I’ve crafted Terraform scripts and uploaded them using AWS Console which automates the provisioning of AWS resources by defining the appropriate data, variables, and resources.


Sample Code:

# Configure the AWS provider
provider "aws" {
  region = "us-west-2"
}

# Create a security group
resource "aws_security_group" "web-sg" {
  name        = "web-sg"
  description = "Security group for web servers"

  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

egress {
    from_port        = 0
    to_port          = 0
    protocol         = "-1"
    cidr_blocks      = ["0.0.0.0/0"]
    ipv6_cidr_blocks = ["::/0"]
  }
}
# Create two EC2 instances
resource "aws_instance" "web" {
  count         = 2
  ami           = "ami-a0cfeed8"
  instance_type = "t2.micro"
  vpc_security_group_ids = [aws_security_group.web-sg.id]

  tags = {
    Name = "Web Server ${count.index + 1}"
  }
}

Once Terraform files were in place, installing and initiating Terraform would allow to provision of required AWS resources using Infrastructure as code.

sudo yum install -y yum-utils
sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/AmazonLinux/hashicorp.repo
sudo yum -y install terraform
terraform -v

terraform init
terraform plan
terraform apply
ls  | a new file was created: 'terraform.tfstate'


Key components of the system architecture included leveraging SNS and AWS Systems Manager to notify users about the progress of Security Agent installations on individual resources. AWS offers versatile tools like Systems Manager for executing automated patching scripts and installing agents across multiple EC2 instances seamlessly.


AWS Systems Manager provides a unified user interface for managing and monitoring AWS resources. It simplifies operational tasks such as patch management, configuration management, and automation, enabling users to maintain their infrastructure securely and efficiently at scale. With Systems Manager, administrators gain insights into their resource configurations, automate tasks using runbooks, and ensure compliance across their AWS environment.




Amazon SNS topic functions as a logical access point to publish messages, and subscribers can then receive these messages via various protocols or endpoints. Subscriptions, on the other hand, define the delivery endpoints for messages published to a specific SNS Topic. Subscribers can choose from a range of delivery protocols such as HTTP, HTTPS, email, SMS, or even SQS (Simple Queue Service), enabling flexible and scalable messaging solutions within AWS.




Within AWS System Manager AWS provides Session Manager Service, It is a managed service that provides you with one-click secure access to your instances without the need to open inbound ports and manage bastion hosts. You have centralized access control over who can access your instances and full auditing capabilities to ensure compliance with corporate policies.



t automatically fetches the number of EC2 instances provisioned, I have selected EC2 instances and started the session.


AWS Run command under node management allows you to apply patches, and run shell script to single or multiple instances through System Manager.




After running the shell script command, security agents were successfully installed on provisioned EC2 instances. Terraform is also capable of deleting provisioned resources.


terraform destroy



2 views0 comments

Comments


bottom of page