Skip to main content

Working With Terraform Modules for AWS

9/20/2023: The open source version of Terraform is now OpenTofu

 Terraform (now OpenTofu) for AWS is somewhat clearer than Terraform for Azure - easier to grasp than YAML and it's finicky formatting.

After pushing some DevOps Terraform (TF) configurations live to AWS, I wondered if I could push a static webpage.

Situation - Why Would You Use This?

To quickly spin up the front-end for a simple webpage that might take user input after attaching it to back end services that accept and hold the data. 

What Other Options Are There?

I've documented hosting static webpages through Azure before on here through various methods - The process is somewhat intensive and relies strongly on interconnected systems.

Another option would be using Netlify,  but that works best for truly single-page apps like this. It looks like it has different pages to the untrained eye, but it's only one.

Task - How Is It Done?

Here, the simple webpage is hosted from a bucket. There's an index and error page.

A curious aspect is the website sub-resource-category;

website {
    index_document = "index.html"
    error_document = "error.html"

I couldn't find a CSS option in the documentation - So put your CSS inline, or have a very plain webpage!

The Part About The Modules

You don't need to have separate folders, one to actually push the files to an s3 instance, but it makes it easier. 

The module parts are the ones I had the most trouble wrapping my head around - it wants to link to a folder system, not an individual file. 

So I made a modules directory with folders for specific modules - static-site and webserver, from a tutorial listed below, to get a better grasp on things.

And, everything did work once I got the file paths idea hammered in.

Action - How Can It Be Hosted on AWS?

Several ways; Mostly using CloudFront.

I decided to use the website endpoint as the origin with public access. Some things are already in the configuration file, the acl access option under the bucket.

The CNAME and DNS resolution could be helpful if the page content changes but the URL doesn't, think the Stash Stock Parties - They require, not counting login - about 2 pages.

Let's compare this implementation plan to one of the AWS Five Pillars - 

AWS WAF Operational Excellence

Operational Checklist

  • Am I ready to run this workload? 
  • Is my account attached to my VS Code?
  • Do I have the appropriate keys to log into EC2 Instances?
  • Are my modules folders properly placed?
  • Do I have the 0.40$ USD to test this config?

Planning Checklist - For paid projects, it's:

  • When is this expected? 
  • What tools does the company have that I can use right now to make this more efficient? 
  • Can I get feedback in a timely (3-day turnaround) manner?

Implementation is more of the following:
"This is the closest we can get with the built in tools available, but I see from some research, in the future, X Company is creating a tool that will enable us to do Y. We can set aside some budget of both time and money to implement this in a few months."

Troubleshooting - Check Your Module Files

Situation - Why was I getting a loop when I tried to terraform init?

The 'Why' - Because I had two module codes - one in the modules/budget/, and one in the main file. It was a loop calling something that already existed.

Solution - Comment out the one in the main file with a note -  so it only pulls from one.

Thanks to - Craig Samuelson and Brian Mccall on Twitter.

Security Checklist

  • What is the intended access to this element?
  • Who do I want to reach it?
  • Are there any holes in my policies or configurations that can grant unwanted access?
  • How can I secure this the best way for my needs? Sometimes, in testing, a block/allow list will suffice, other times, you need more.

Result - GitHub:

Resources Used:


Popular posts from this blog

Connecting IoT Devices to a Registration Server (Packet Tracer, Cisco)

 If you're seeing this post, I'm helping you, and you probably have LI presence: React and share this post to help me in return.   In Packet Tracer, a demo software made by Cisco Systems. It certainly has changed a lot since 2016. It's almost an Olympic feat to even get started with it now, but it does look snazzy. This is for the new CCNA, that integrates, among other things, IoT and Automation, which I've worked on here before. Instructions here . I don't know if this is an aspect of "Let's make sure people are paying attention and not simply following blindly", or an oversight - The instructions indicate a Meraki Server, when a regular one is the working option here. I have to enable the IoT service on this server. Also, we assign the server an IPv4 address from a DHCP pool instead of giving it a static one. For something that handles our IoT business, perhaps that's safer; Getting a new IPv4 address every week or so is a minimal step against an

Create a Simple Network (Packet Tracer) + A Walkthrough

Again; I've done this, but now there's so many new things, I'm doing it again. The truly new portions were...everything on the right side of this diagram; The cloud needed a coax connector and a copper Ethernet connector. It's all easy to install, turn off the cloud (Weird), install the modules. Getting the Cable section of Connections was an unusual struggle - The other drop down menu had nothing within. It required going into the Ethernet options and setting the Provider Network to 'cable', which is the next step AFTER the drop-downs. The rest was typical DHCP and DNS setups, mainly on the Cisco server down there. The post is rather short - How about adding a video to it? Find out what A Record means - This site says 'Maps a name to an IP address', which is DNS. So it's another name for DNS? You can change them (presumably in a local context) to associate an IP address to another name.

Securing Terraform and You Part 1 -- rego, Tfsec, and Terrascan

9/20: The open source version of Terraform is now  OpenTofu     Sometimes, I write articles even when things don't work. It's about showing a learning process.  Using IaC means consistency, and one thing you don't want to do is have 5 open S3 buckets on AWS that anyone on the internet can reach.  That's where tools such as Terrascan and Tfsec come in, where we can make our own policies and rules to be checked against our code before we init.  As this was contract work, I can't show you the exact code used, but I can tell you that this blog post by Cesar Rodriguez of Cloud Security Musings was quite helpful, as well as this one by Chris Ayers . The issue is using Rego; I found a cool VS Code Extension; Terrascan Rego Editor , as well as several courses on Styra Academy; Policy Authoring and Policy Essentials . The big issue was figuring out how to tell Terrascan to follow a certain policy; I made it, put it in a directory, and ran the program while in that directory