Building a Development Environment on AWS Using Terraform

 Project Objective

The objective of this project is to set up a fully automated development environment on AWS, accessible directly from VS Code. By using Terraform, I configured AWS infrastructure components such as a Virtual Private Cloud (VPC), subnets, security groups, and an EC2 instance. Additionally, I set up VS Code to automatically retrieve the instance IP and configure SSH access dynamically, allowing us to seamlessly manage the environment within the IDE.

This blog documents the project, following the same steps demonstrated in this YouTube tutorial for an in-depth reference.

Project Architecture Diagram

Below is an architecture diagram representing the project structure:

In the architecture:

  • The VPC contains a public subnet, which hosts the EC2 instance.
  • The internet gateway connects to the public subnet, enabling internet access.
  • VS Code is configured locally to retrieve and dynamically update the SSH IP of the instance, allowing for efficient, automated SSH access.

Key Learnings

This project offered extensive learning opportunities in Terraform, AWS networking, and automated environment configuration. Here are some of the main things I learned:

  1. Core Terraform Concepts and Structure:

    • Provider Configuration: I learned to configure the AWS provider and structure Terraform files to work with VS Code and the AWS CLI.
    • File Structure and Syntax: I gained experience in structuring Terraform projects effectively, creating modular files like main.tf, providers.tf, and variables.tf.
    • Using Variables and Outputs: Learned how to create variables and output blocks, allowing flexibility and readability in configurations.

  2. Setting Up AWS Networking Components:

    • VPC, Subnets, and Internet Gateway: Configuring isolated networking components, such as VPCs and subnets, while ensuring secure access to AWS resources.
    • Security Groups for Controlled Access: Setting up security groups specifically for SSH access, ensuring controlled access through port 22.
    • Route Tables and Associations: Learned to manage routing and connectivity, with a focus on understanding how resources communicate within AWS.

  3. EC2 Instance Provisioning and Automation:

    • Provisioning EC2 Instances with SSH Key Pairs: Configured EC2 instances to allow SSH access using predefined AWS key pairs.
    • Automating Software Installation Using User Data: Leveraged Terraform’s user_data to automate software installations or configurations, providing a ready-to-use instance on launch.

  4. Automating SSH Configuration with VS Code:

    • Template File Integration: Used templatefile functions to dynamically pull the EC2 instance IP address, allowing automatic SSH configuration.
    • Dynamic SSH Access Management: Configured VS Code to fetch updated IP addresses automatically, removing the need for manual updates and enabling smooth, automated access to the instance.

  5. Terraform Workflow Commands:

    • Using Terraform Init, Apply, and Destroy: Practiced initializing, applying, and destroying configurations, which streamlined my understanding of the Terraform workflow.
    • Troubleshooting and Debugging in Terraform: Encountered and resolved common issues such as access errors and syntax mistakes, helping me become proficient in reading and fixing Terraform error messages.

  6. Managing Terraform State:

    • State File Management: Understood the importance of the state file, which allows Terraform to track changes and apply updates precisely.
    • Using Terraform fmt and Validate: Applied best practices with terraform fmt for formatting and terraform validate to catch syntax errors early in the process.

  7. Working with External Resources and Data Sources:

    • AMI Data Source: Gained insights into using data sources like aws_ami to dynamically pull Amazon Machine Images (AMIs), ensuring instances are up-to-date.
    • Key Pairs and Secure Access: Configured key pairs securely, learning to manage and store keys for access to the EC2 instance.

  8. Troubleshooting and Error Resolution:

    • Access and Permissions Errors: Faced errors related to IAM permissions and access policies, which helped deepen my understanding of AWS access management.
    • Public/Private Access Configurations: Configured public-read and private ACL settings, navigating access controls for optimal security.
    • Handling Terraform Errors: Learned to troubleshoot and fix common Terraform issues, including misconfigurations in the .tf files and IP address restrictions.

Code Walkthrough: The main.tf file

The following code walkthrough reflects the main components in main.tf used to automate the setup and management of a development environment on AWS, making it accessible directly from VS Code. If you'd like to explore the code, you can find the full project on my GitHub repository here.

AWS Provider Configuration

The initial configuration specifies the AWS provider, linking Terraform to your AWS account and desired region:

provider "aws" {
  region = var.region
}

This provider block specifies the region for AWS resources as defined by var.region. The credentials are shared through the VS Code extension for AWS, which is configured separately, streamlining secure access.

VPC and Subnet Creation

A Virtual Private Cloud (VPC) and its subnet form the foundation of our AWS infrastructure:

resource "aws_vpc" "dev_vpc" {
  cidr_block = "172.16.0.0/16"
}
resource "aws_subnet" "public_subnet" {
  vpc_id            = aws_vpc.dev_vpc.id
  cidr_block        = "172.16.1.0/24"
}
  • The aws_vpc block creates a VPC with a specific CIDR block, which isolates our resources.
  • The aws_subnet within this VPC provides a public IP range to host our EC2 instance.

Internet Gateway and Routing

The Internet Gateway (IGW) connects the VPC to the internet, while a route table handles outbound traffic:

resource "aws_internet_gateway" "dev_igw" {
  vpc_id = aws_vpc.dev_vpc.id
}
resource "aws_route_table" "public_routes" {
  vpc_id = aws_vpc.dev_vpc.id

  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = aws_internet_gateway.dev_igw.id
  }
}
resource "aws_route_table_association" "public_association" {
  subnet_id      = aws_subnet.public_subnet.id
  route_table_id = aws_route_table.public_routes.id
}
  • The aws_internet_gateway resource provides the VPC with internet access.
  • aws_route_table sets a route for outgoing traffic, allowing external connectivity.
  • The aws_route_table_association links the subnet with the route table, ensuring the instance within the subnet has internet access.

Security Group for SSH Access

This security group manages SSH access to the EC2 instance:

resource "aws_security_group" "ssh_access" {
  vpc_id = aws_vpc.dev_vpc.id

  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}
  • The ingress rule allows SSH access over port 22 from any IP address. For production, limiting access to trusted IPs is recommended.
  • The egress rule enables outbound access for all traffic, allowing the instance to connect to external services as needed.

EC2 Instance with User Data and SSH Key Pair

The EC2 instance is configured with the necessary attributes and a user data script to automate initial setup:

resource "aws_instance" "dev_instance" {
  ami           = data.aws_ami.ubuntu.id
  instance_type = "t2.micro"
  subnet_id     = aws_subnet.public_subnet.id
  key_name      = aws_key_pair.dev_key.key_name

  user_data = file("userdata.tpl")
}
  • The ami attribute uses an AMI data source to retrieve the latest Ubuntu image, which provides flexibility and reliability.
  • The user_data script automates tasks upon instance launch, such as installing software packages or initializing settings, ensuring a ready-to-use development environment.

Key Pair for Secure Access

An SSH key pair is created to enable secure access to the instance:

resource "aws_key_pair" "dev_key" {
  key_name   = "dev-key"
  public_key = file("~/.ssh/id_rsa.pub")
}

The key pair links Terraform to your existing SSH key, allowing secure, password-less access to the instance. This approach simplifies login while maintaining security.

SSH Configuration Automation for VS Code

The following configuration creates an SSH file to dynamically manage access in VS Code:

resource "local_file" "ssh_config" {
  content  = templatefile("ssh-config.tpl", { instance_ip = aws_instance.dev_instance.public_ip })
  filename = "${path.module}/ssh-config"
}

This local_file resource generates an ssh-config file containing the EC2 instance’s public IP address. Using the templatefile function, the IP is automatically inserted into the configuration, making VS Code connections seamless.

Using Template Files and Provisioners

This final section ensures VS Code has access to the EC2 instance using the generated configuration:

output "instance_ip" {
  value = aws_instance.dev_instance.public_ip
}

The output block displays the public IP of the EC2 instance, which VS Code uses to automate SSH access. This further simplifies the login process and removes the need for manual IP tracking.

Results

After completing the configurations and deployment, the result is a fully integrated, cloud-based development environment accessible directly through VS Code. With SSH access to our AWS EC2 instance, we’re able to interact with it as though it were a local machine. Here’s what we achieved:

  • VS Code Terminal Access
    This screenshot shows the VS Code terminal connected to the EC2 instance. Using SSH, we can now access the server’s console, enabling us to run commands, install packages, and perform all command-line operations seamlessly from VS Code. I have checked that the docker is installed in the ec2 instance, because we have configured the "user_data.tpl" script to automatically install the docker in the ec2 instance.

  • Workspace and File Access
    Through VS Code’s file explorer, we have direct access to the instance’s filesystem. This feature allows us to open, create, edit, and manage files directly on the EC2 instance. For example, you can update configuration files, create new directories, or edit code—all saved directly on the server. 

  • Real-Time File Management
    Thanks to the ssh-config and Terraform setup, VS Code automatically pulls the instance’s IP and credentials, making it easy to navigate and manage the workspace. This capability is particularly powerful for development workflows, enabling us to modify server files without needing separate upload/download steps.

These results underscore the practical impact of the project: we’ve created a streamlined, cloud-based workspace that combines remote compute resources with local-like access, boosting productivity and efficiency in development environments.

What I Learned

This project offered hands-on experience with Terraform, AWS, and environment configuration. Here’s a summary of the key takeaways:

  • Terraform Fundamentals: Learned Terraform’s configuration syntax, structure, and workflow, including modules, variables, outputs, and state management.
  • AWS Resource Management: Gained experience setting up AWS networking components like VPCs, subnets, security groups, and EC2 instances with Terraform.
  • Dynamic Access with VS Code: Configured VS Code to automatically retrieve and update SSH credentials, allowing direct access to the EC2 instance with minimal manual steps.
  • Template Files and Provisioners: Used template files for dynamic configuration and provisioners for automation, deepening my understanding of Infrastructure as Code (IaC) best practices.
  • Effective Troubleshooting: Resolved IAM permission issues, IP address access restrictions, and other Terraform-specific errors, enhancing problem-solving skills in cloud infrastructure management.
  • State and Security Management: Practiced managing Terraform state files for consistency, configured access controls securely, and set up SSH keys, adding to my knowledge of cloud security best practices.

Conclusion

Completing this project helped me develop a well-automated AWS-based development environment directly accessible through VS Code. It strengthened my knowledge of Terraform, AWS resource management, and Infrastructure as Code (IaC) best practices. Following this YouTube tutorial, this blog serves as documentation of the key configurations and valuable insights from the experience.

Comments

Post a Comment

Popular posts from this blog

Deploying My Portfolio Website on AWS: A Complete Guide Using S3 and CloudFront

Image
In this blog post, I’ll walk you through the process of deploying a portfolio website on AWS, leveraging a private S3 bucket and CloudFront distribution to securely deliver content over the web. This setup ensures that your website is not only fast and reliable but also secure, with controlled access to your S3 bucket. By the end of this guide, you’ll have a clear understanding of how to host a static website on AWS, how to secure your S3 bucket, and how to distribute content globally using CloudFront. I’ll also share screenshots at each step to make the process easier to follow. Project Overview The goal of this project was to deploy a portfolio website on AWS using the following services: Amazon S3: For secure and scalable storage of the website’s files. Amazon CloudFront: For content delivery, ensuring the website is fast and available globally. Prerequisites Before you begin, make sure you have the following: AWS Account: You’ll need an active AWS account to access the AWS Manage...
Read more

Tracking Website Views Using AWS Lambda and DynamoDB

Image
In this phase of my portfolio website project ( AWS Cloud Resume Challenge ), I added a view counter to track the number of visitors to the site. To achieve this, I used AWS Lambda , DynamoDB , and JavaScript . The Lambda function increments and fetches the current view count stored in DynamoDB every time a user visits the website, and this count is displayed on the site using JavaScript. In this blog, I’ll guide you through the following steps: Creating a DynamoDB table to store the view count. Developing an AWS Lambda function that increments and fetches the view count. Using the Lambda Function URL to call the Lambda function directly from the website via JavaScript. By the end of this blog, you’ll have a working setup to track and display view counts on your website. Project Overview AWS DynamoDB : Stores the view count. AWS Lambda : Increments and fetches the view count from DynamoDB. JavaScript : Calls the Lambda function URL and displays the view count on the website. Prerequis...
Read more

Automating Frontend Deployment with GitHub Actions: A CI/CD Pipeline for AWS S3

Image
As I continue my journey through the Cloud Resume Challenge , I’ve completed the first two phases where I deployed my portfolio website using AWS services like S3 and CloudFront and integrated a dynamic view counter with Lambda and DynamoDB . In this phase, I’ve implemented Continuous Integration/Continuous Deployment (CI/CD) using GitHub Actions to automate the deployment of my website every time I push updates to the repository. This ensures that my website is always live with the latest changes without manual intervention.
Read more