4

I'm looking into Terraform and how to use it to setup an AWS environment. So far I have the scripts for setting up a VPC with 3 public subnets, 3 private subnets, an Internet Gateway and 3 Nat Gateways. However I'm confused as to how one would go about deploy and redeploying applications in private subnets?

In my scenario we build micro-services using Spring Boot. The idea is to move to a state where we can have Elastic Load Balancers attached to the public subnets and host our applications in autoscale groups in the private subnets. However I can't find any good tutorials regarding Terraform that show you how to do this in a way that applications can be redeployed from Jenkins.

So far I've read about Opsworks and Code Deploy so would I need to use Terraform to setup these resources and then trigger the deployment scripts to send artefacts to S3 that are then redeployed?

ROMANIA_engineer
  • 54,432
  • 29
  • 203
  • 199
Alexei Blue
  • 1,762
  • 3
  • 21
  • 36
  • 1
    There are way to many different (and right) ways to achieve this, you should probably investigate further and then come with more specific question. But keep in mind that generally, terraform is used for the environment/server provisioning part (which you already did), but not so often for app deployment. – Dusan Bajic May 18 '16 at 11:27
  • I clicked here to see if there's new thinking on this, but afaik @DusanBajic is right, it's IaC not Config Management. – Randy L Jan 16 '18 at 19:56

3 Answers3

2

For deploy/redeploy, you can use another solution by Hashicorp: Nomad. It uses the same language as Terraform to program tasks that you can run on a cluster. Tasks can be anything, for example: redeploy all my web app instances.

Thach Mai
  • 915
  • 1
  • 6
  • 16
  • Or Consul, also by Hashicorp, can be used to trigger a custom script to deploy an app - eg., a clone from Github. – PeterM May 30 '16 at 19:28
2

I'm using CodeDeploy with Terraform/Chef. The setup I'm using goes something like this:

1) Manually setup the CodeDeploy IAM Roles ahead of time.

2) Setup the CodeDeploy App/Group ahead of time.

3) Setup the Instance Profile using Terraform, like this:

resource "aws_iam_instance_profile" "code_deploy" {
    name = "CodeDeploy"
    roles = ["${var.codedeploy_instance_role}"]
}

4) Use the Instance Profile and the correct tags (that match your CodeDeploy app) when making an instance, like this:

iam_instance_profile = "${aws_iam_instance_profile.code_deploy.id}"
tags {
   CD = "${var.tag_cd}"
}

5) Use Chef (or whatever your provisioner is) to setup CodeDeploy on the instance.

Then you're good to use CodeDeploy like normal.

PeterM
  • 439
  • 2
  • 9
  • I this is the approach I'm currently going for, just trying to get a cloud config server setup to pull config in to my private instances and then bootstrap them, will let you know how it goes. – Alexei Blue May 31 '16 at 11:24
  • Ok, ya. Btw, if you want my chef recipe for AWS CD, I'd be happy to share that. It's nothing amazing, just a chef version if Amazon's install instructions. – PeterM May 31 '16 at 15:37
  • Yeah sure, you could post it on GitHub :) we currently use Jenkins but it would be nice to have it should we ever need it – Alexei Blue Jun 01 '16 at 12:51
1

Adding this so that in case someone is looking for more information, might find this useful.

Building on the Solution from Peter, I am setting up the CodeDeploy IAM Roles and CodeDeploy App/Group from Terraform as well. Here is what I have:

resource "aws_iam_role" "codedeploy_role_name" {
  name = "codedeploy_role_name"

  assume_role_policy = <<EOF
{
    "Version": "2012-10-17",
    "Statement": [
      {
        "Effect": "Allow",
        "Principal": {
          "Service": [
            "codedeploy.amazonaws.com",
            "ec2.amazonaws.com"
          ]
        },
        "Action": "sts:AssumeRole"
      }
    ]
}
EOF
}

resource "aws_codedeploy_app" "analytics_app" {
  name = "analytics_app"
}

resource "aws_codedeploy_deployment_config" "analytics_deployment_config" {
  deployment_config_name = "analytics_deployment_config"

  minimum_healthy_hosts {
    type  = "HOST_COUNT"
    value = 2
  }
}

resource "aws_codedeploy_deployment_group" "analytics_group" {
  app_name              = "${aws_codedeploy_app.analytics_app.name}"
  deployment_group_name = "analytics_group"
  service_role_arn      = "${aws_iam_role.codedeploy_role_name.arn}"
  deployment_config_name = "analytics_deployment_config"

  ec2_tag_filter {
    key   = "CodeDeploy"
    type  = "KEY_AND_VALUE"
    value = "analytics"
  }

  auto_rollback_configuration {
    enabled = true
    events  = ["DEPLOYMENT_FAILURE"]
  }

}
Animesh
  • 227
  • 2
  • 9