In our last practical we encountered some issues so for that, so we changed the .json file
IAM user -> Users (Add users) -> Attach policies directly
Then click on Create policy, This is where we can create own custom permissions
we created .json file in this way π
so this issue is resolved, Next issue is we won't be able to ssh into our ec2 instance, our ec2 instance was created inside our iam_user and we're not able to ssh
Last time the mistake made was that we did not associate our security rule with our instance. so we're creating security-group under the default vpc because we specified the default vpc-id
Also, we restructured everything accordingly π
what more was that when our iam user is created in the output you will see three things which will be outputted
The last thing is the iam_password which is outputted which we use to login our console
Now we commented ec2.tf file completely , do terraform init and terraform plan
also terraform apply --auto-approve, auto-approve is used so that it doesn't ask for the prompt
we kept secret as sensitive π, Now we will verify whether the iam_role has been created or not
Now login to the iam role by giving username as komiser-aws-user and password as below
Now it's time to configure the access key and secret key for the komiser-aws-user
we even changed the profile name from manogna to komiser-aws-user
Now it's time to create an ec2-instance so uncomment everything in the ec2.tf file and do terraform plan
depends-on means before a particular resource is created what does it depend on, for example before the ec2_instance has been created the sg should be created, so simply our ec2_instance depends on the creation of the sg
once the IP-address is created we have to associate it π
Now do the terraform-plan and then terraform apply --auto-approve, and ofcourse we got some errors
so we removed this from the ec2.tf file πand some other changes
resource "aws_internet_gateway" "gw"{
vpc_id = "vpc-0ca30903d8725db1c"
}
do terraform plan and terraform apply --auto-approve
we got some errors, so we need to do some changes π
and also we changed the name of sg so Terraform can create other
resource "aws_security_group" "allow_tls_1" {
name = "allow_tls_1"
description = "Allow TLS inbound traffic"
vpc_id = "vpc-0ca30903d8725db1c" # default
and delete this π
data "aws_security_group" "sg_group" {
id = "sg-046d319635a5d3eae"
}
and also changed this π
vpc_security_group_ids = [
aws_security_group.allow_tls_1.id
]
Now again do terraform apply --auto-approve and finally sg has been created
π Note: If we want to update it we can use terraform refresh
Now let's do the ssh
ssh -i ~/.shh/komiser-aws ubuntu@3.212.100.53
It finally worked, for our initial Ec2 configuration script what we want is we want that in our instance we run sudo apt-update and docker installed
πReference
Create a new file install.sh
πReference π
Also add this to the ec2.tf π
do terraform-plan and then terraform apply --auto-approve and now let's ssh using ssh -i ~/.shh/komiser-aws ubuntu@3.212.100.53
let's check whether the docker is installed or not
so we do sudo apt update manually and then
sudo apt install -y docker
sudo usermod -aG docker ubuntu
Now this π throws an error
May be because we're using ubuntu so let's change the script
πReference
change install.sh file name into install.tpl and then terraform apply --auto-approve and terraform init -upgrade
Well more errors so we can tackle this next time and if your still trying your hands-on or reading this blog kudos folks
Now let's destroy some resources
terraform desroy -target=aws_eip_association.eip_association
terraform desroy -target=aws_instance.komiser_instance -target=aws_eip.komiser_instance_ip
let's continue in the next part π
π**Resources**:
Part1 Blog :
https://manogna.hashnode.dev/cloud-cost-monitoring-using-komiser-part-1
Part3 Blog :
https://manogna.hashnode.dev/cloud-cost-monitoring-using-komiser-part-3
Kubesimplify Github :
https://github.com/kubesimplify/cloudnative-lab
My Github :