46dba077d0
* Update Terraform backend configuration and add backend.conf sample --------- Co-authored-by: Damien A <sepales.pret0h@icloud.com>
Terraform Deployment
This directory contains the Terraform configuration files for deploying an AWS EC2 instance with ContainerLab.
Prerequisites
- Terraform installed on your local machine
- AWS CLI configured with your credentials
- An AWS account with the necessary permissions
Configuration
-
Backend Configuration
To easily manage the backend configuration, we will store the tfstate files on an S3 bucket.
To update it, please adapt thebackend.conffile, using the provided sample as a reference. -
Set AWS Credentials and Variables
Rename the
terraform.tfvars.sampletoterraform.tfvarsand update the following variables with your own values:AWS_ACCESS_KEY = "your_access_key" AWS_SECRET_KEY = "your_secret_key" AWS_KEY_NAME = "your_key_pair_name" AWS_KEY_LOCATION = "path_to_your_private_key"Important : Never commit
terraform.tfvarsto version control as it contains sensitive information. -
Customize Terraform Variables
You can customize the deployment by modifying the Terraform variables in variables.tf.
Action made by the EC2.tf file
-
AWS Provider Configuration: It sets up the AWS provider with the region, access key, and secret key specified in the Terraform variables.
provider "aws" { region = var.AWS_REGION access_key = var.AWS_ACCESS_KEY secret_key = var.AWS_SECRET_KEY } -
Security Group Creation: It creates a new AWS security group named
netlab_sg. This security group allows all outbound traffic and only inbound SSH (port 22) traffic from the IP address specified in theAWS_LOCAL_IPvariable.resource "aws_security_group" "netlab_sg" { ... } -
EC2 Instance Creation: It creates a new AWS EC2 instance with the specified AMI, instance type, and key pair. The instance is associated with the
netlab_sgsecurity group. The instance is tagged with the name "ContainerLab".resource "aws_instance" "containerlab_host" { ... } -
Root Block Device Configuration: It configures the root block device of the EC2 instance with a volume size of 128 GB, a volume type of
gp2, encryption disabled, and deletion on termination enabled.root_block_device { ... } -
Local Provisioners: It uses two local provisioners to perform actions on the local machine after the EC2 instance is created:
-
The first provisioner writes the public IP address of the newly created EC2 instance to the
../ansible/inventoryfile.provisioner "local-exec" { command = "echo ${aws_instance.containerlab_host.public_ip} > ../ansible/inventory" } -
The second provisioner waits for 20 seconds and then runs the Ansible playbook
install_containerlab.ymlusing theansible-playbookcommand. The playbook is run against the new EC2 instance.provisioner "local-exec" { command = <<EOT sleep 20 ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook \ -u admin \ -i ../ansible/inventory \ --private-key ${var.AWS_KEY_LOCATION} \ ../ansible/install_containerlab.yml EOT }
-
These actions together set up an AWS environment with a configured EC2 instance ready to run ContainerLab.