Project: Automating AWS Infrastructure Provisioning using Terraform & Ansible

1. Project Overview

The goal of this project is to automate the provisioning of AWS infrastructure using Terraform and configure instances using Ansible. This will enable a scalable, repeatable, and efficient deployment process.

2. Tech Stack

• Cloud Provider: AWS
• Infrastructure as Code (IaC): Terraform
• Configuration Management: Ansible
• Compute: Amazon EC2
• Networking: VPC, Subnets, Security Groups
• Database: Amazon RDS
• Storage & State Management: S3 + DynamoDB for Terraform state locking
• Version Control: Git/GitHub
• CI/CD: (Optional) Jenkins for automation

3. Architecture Diagram

• A VPC with public and private subnets
• An EC2 instance in the public subnet (for Ansible)
• A Private EC2 instance (Application Server)
• An RDS MySQL database in a private subnet
• Security Groups for secure access
• Terraform backend in S3 + DynamoDB for state management

4. Implementation Plan

Step 1: Setup Terraform for Infrastructure Provisioning

1. Install Terraform on your local machine or CI/CD pipeline.
2. Define Terraform provider (AWS) in a provider.tf file.
3. Create a VPC with CIDR block 10.0.0.0/16.
4. Define public and private subnets:
• Public subnet: 10.0.1.0/24
• Private subnet: 10.0.2.0/24
5. Setup an Internet Gateway & Route Table for public subnet access.
6. Define Security Groups:
• Allow SSH (22) from a specific IP range.
• Allow HTTP/HTTPS traffic (80/443) for web applications.
• Restrict access to RDS to only the application servers.
7. Create EC2 Instances:
• One public instance (Ansible controller).
• One private instance (Application server).
8. Deploy RDS Instance (MySQL) in the private subnet.

Step 2: Use Terraform Modules for Reusability

• Create separate modules for VPC, EC2, RDS, and Security Groups.
• Parameterize them for different environments (dev, staging, prod).

Step 3: Store Terraform State in S3 with DynamoDB Locking

• Create an S3 bucket to store the Terraform state file.
• Enable DynamoDB table for state locking.

Example backend.tf file:

    terraform {
      backend "s3" {
        bucket         = "my-terraform-state"
        key            = "prod/terraform.tfstate"
        region         = "us-east-1"
        dynamodb_table = "terraform-lock"
      }
    }
    

Step 4: Deploy Infrastructure Using Terraform

• Initialize Terraform: terraform init
• Validate configuration: terraform validate
• Plan changes: terraform plan
• Apply changes: terraform apply -auto-approve

5. Configuration Management with Ansible

Ansible Setup on the Public EC2 Instance

1. Install Ansibleon the public EC2 instance.
2. Generate an SSH Key Pair and distribute it to the private instances.
3. Define an Inventory File (inventory.ini):

    [app_servers]
    10.0.2.10 ansible_user=ec2-user ansible_ssh_private_key_file=~/.ssh/id_rsa
    

4. Write Playbooks for Configuration
   • Install packages (Nginx, MySQL client).
   • Deploy application code from GitHub.

Example Playbook (setup_app.yml)

- hosts: app_servers
  become: yes
  tasks:
    - name: Install Nginx
      yum:
        name: nginx
        state: present
    
    - name: Start and enable Nginx
      service:
        name: nginx
        state: started
        enabled: yes

5. Run the Playbook:

ansible-playbook -i inventory.ini setup_app.yml

6. CI/CD Pipeline (Optional)

If you want to integrate this into a CI/CD pipeline:

• Use Jenkins to trigger Terraform and Ansible jobs.
• Store Terraform & Ansible code in GitHub/GitLab.
• Automate Infrastructure Updates via Jenkins pipeline.

7. Testing & Validation

• Verify resources using AWS Console and CLI.
• Check Security Group rules and connectivity.
• Test Ansible configurations by SSH into EC2.
• Connect the application to the RDS database.

8. Cleanup & Cost Optimization

• Destroy resources using terraform destroy after testing.
• Use AWS Budgets to monitor costs.

Conclusion

This project provides a fully automated AWS Infrastructure setup using Terraform and Ansible, ensuring reusability, scalability, and security.