Using Terraform to spin up EC2 instances and AWS Systems Manager configuration with Amazon SNS for automated security agents installation on the EC2 instances.
In this project, I deployed a set of EC2 instances in an automated way using Terraform and also installed a specific agent on all the instances in an automated way.
AWS systems manager and its component Command Run was used to install the security agent. I used the Amazon Simple Notification Service (SNS) to send email notifications informing the whole process status.
These are the following steps taken to complete the project.
- Download any suitable code editor (VSCode was my chosen editor). You may download this here — https://code.visualstudio.com/download and install the Terraform extension for proper syntax highlighting and autocompletion.
2. Create a Terraform main.tf file using the VSCode. I chose to create the EC2 instances in the North Virginia region (us-east-1) using the default VPC and the subnets.
3. Create a Key Pair.
4. Install Terraform on AWS Cloud Shell with the following commands
sudo yum install -y yum-utils
sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/AmazonLinux/hashicorp.repo
sudo yum -y install terraform
5. Zip and Upload your terraform code to AWS Cloud Shell and unzip it. Change the directory to the terraform folder/directory and run the following commands.
After executing terraform plan and terraform apply, two EC2 instances were created as specified in the main.tf file.
AWS Systems Manager Configuration
- Create an IAM role called “ SystemsManagerToSNS” and attach the AmazonSNSFullAccess policy to it.
2. Create a Notification Topic called “ ServerUpdateSNSNotification”
3. Create a subscription — select the Topic ARN created and for the Protocol choose Email, and supply a valid email address for the Endpoint. Then create the subscription. A notification email is sent to the Endpoint for confirmation. Sample below.
4. Run the System Manager Quick Setup | Create Configuration | Target — Select “Current Region” — Select “Manual” to manually pick the instances to configure. Select all the EC2 instances and click the “create” button. And the System Manager will initiate the configuration process for the hosts. Ensure that the configuration deployment status shows “success”.
Go to Session Manager and click the “Start Session” button.
If the EC2 instances do not appear on this page. Go back to the EC2 instance dashboard and reboot the EC2 instances. This is a common issue that is corrected by rebooting the instances.
5. Execute “Run Command” to deploy the “security agent installation”.
Select the type of the command to use. I selected “AWS-RunShellScript”. Paste the shell commands in the command parameter text box provided(This is only for simulation).
sudo wget -q https://tcb-bootcamps.s3.amazonaws.com/bootcamp-aws/en/install_security_agent.sh -P /tmp
sudo chmod +x /tmp/install_security_agent.sh
ls -ltr /usr/bin/security_agent
For Target | Choose instances manually is selected. Select all the target instances. Uncheck “Enable writing to S3 Bucket”. Expand “SNS Notification” and check “Enable SNS Notification”. We would select the IAM Role earlier created and the SNS ARN Topic should be pasted in the available text box. Select “All Events” for Event notification. Select “command status on each instance changes” for Change notifications. Click the “Run” button. Check the endpoint email to see the progress statuses of the execution exercise.
See below the command output page on one of the instances.
It’s time to remove all the infrastructure from AWS. Open the AWS Cloudshell and run this command.
I deployed two EC2 instances in this project using a powerful Infrastructure as Code (IaC) tool called Terraform. I configured AWS Systems Manager to install agents on the two instances and created an Amazon Simple Notification Service to send emails about the progress of the process status.
I hope this article has been informative and I want to thank you for your time. Kindly give as many claps as possible. This will surely encourage me. See you in the next one. Cheers!