capturing my experience with everything devopsy
I have a reasonable level of understanding of the relationship between AWS Identity and Access Management (IAM) policy, role, user, and group. I have also implemented the concept of assumed-role and the trusted and trusting account association. You can read more about that at -Creating IAM assume-role relationship between two AWS accounts. So, when I … Continue reading Attach IAM role to Amazon EC2 instance using Terraform
User data is a feature that allows customization of Amazon Elastic Compute Cloud (virtual machine) when it is created and (if desired) with each restart after being provisioned.As we all know, Amazon EC2 instance (virtual machine) is the legacy approach to hosting applications. Last year, I attended a webinar sponsored by AWS where the presenter, … Continue reading Working with Amazon EC2 user data and Terraform
One of the first components I created on the AWS cloud was an Amazon Elastic Compute Cloud (Amazon EC2) instance by watching hands-on tutorials. Little did I know about the infrastructure bits that went behind that. In this note, I list the AWS infrastructure and the configurations I created to host an Amazon EC2 instance … Continue reading Create Amazon EC2 using Terraform
A few weeks ago, I worked on a use case to create an Amazon EC2 instance from an Amazon Machine Image using Terraform. I had worked on that concept without automation, and my approach was to (i) identify an AMI and (ii) create an instance out of that AMI. I'll cover the network bits to … Continue reading Create an Amazon EC2 instance from an Amazon Machine Image (AMI) using Terraform
Terraform uses AWS IAM user credentials to manage resources in the AWS cloud. It does so by utilizing the secret key and access key of the IAM user. Hence, Terraform's ability to manage (create/update/delete) resources depend on the permission associated with the AWS IAM user. When I started working with Terraform to manage resources in … Continue reading Strengthen security posture with Terraform and AWS IAM to manage AWS cloud resources
A few months back, I came across an interesting concept of deploying infrastructure in a layered fashion, and I wish I had the URL saved to refer to it again. Nevertheless, the gist of the idea was that you could build an application product environment by deploying layer after layer of infrastructure. A layer of … Continue reading Terraform remote state file as a data source to support a layered IAC approach
A few weeks ago, I created a peering relationship between two Amazon VPCs that belonged to separate AWS accounts using Terraform. This note captures my learning from that exercise. But before I do so, let me briefly give an overview of VPC peering and then walk through the process of creating one. Per AWS, "Amazon … Continue reading VPC Peering using Terraform across separate AWS accounts
This note focuses on using Azure DevOps with Terraform workspace to automate the ideas discussed in the previous two notes (i) CI/CD using Terraform and Azure Pipelines -ideation and (ii) Terraform workspace with multiple AWS accounts. If you are new to Azure DevOps, I would suggest you familiarize yourself with either Azure DevOps build and … Continue reading CI/CD of Terraform workspace with YAML based Azure Pipelines
My objective was to use Terraform to provision resources across environments in the AWS cloud infrastructure. Following a typical CI/CD model, my idea was to build once and deploy multiple. Since there was nothing to build in terraform, I wanted to apply the same terraform code across all environments. So I thought, let's run terraform … Continue reading Terraform workspace with multiple AWS accounts
In this post, I discuss step by step using AWS CLI how to create a trust relationship between a user in the Trusted account and a role in the Trusting account. The idea is, in the end, we will have the credentials of a user in the Trusted AWS account that can manage resources in … Continue reading Creating IAM assume-role relationship between two AWS accounts
My Devops Journal 