2014-07-27 21:58:49 +02:00
|
|
|
---
|
|
|
|
layout: "intro"
|
|
|
|
page_title: "Basic Two-Tier AWS Architecture"
|
|
|
|
sidebar_current: "examples-aws"
|
|
|
|
---
|
|
|
|
|
|
|
|
# Basic Two-Tier AWS Architecture
|
|
|
|
|
|
|
|
This provides a template for running a simple two-tier architecture on Amazon
|
|
|
|
Web services.
|
|
|
|
|
|
|
|
The basic premise is you have stateless app servers running behind
|
2014-07-28 03:23:42 +02:00
|
|
|
an ELB serving traffic. State for your application is stored in an RDS
|
2014-07-27 21:58:49 +02:00
|
|
|
database.
|
|
|
|
|
2014-07-28 03:23:42 +02:00
|
|
|
To simplify the example, this intentionally ignores deploying and
|
|
|
|
getting your application onto the servers. However, you could do so either via
|
|
|
|
[provisioners](/docs/provisioners/index.html) and a configuration
|
|
|
|
management tool, or by pre-baking configured AMIs with
|
|
|
|
[Packer](http://www.packer.io).
|
|
|
|
|
|
|
|
After you run `terraform apply` on this configuration, it will
|
|
|
|
automatically output the DNS address of the ELB. After your instance
|
|
|
|
registers, this should respond with the default nginx web page.
|
2014-07-27 21:58:49 +02:00
|
|
|
|
|
|
|
## Configuration
|
|
|
|
|
|
|
|
```
|
2014-07-28 03:23:42 +02:00
|
|
|
# Our default security group to access
|
|
|
|
# the instances over SSH and HTTP
|
|
|
|
resource "aws_security_group" "default" {
|
|
|
|
name = "terraform_example"
|
|
|
|
description = "Used in the terraform"
|
|
|
|
|
|
|
|
# SSH access from anywhere
|
|
|
|
ingress {
|
|
|
|
from_port = 22
|
|
|
|
to_port = 22
|
|
|
|
protocol = "tcp"
|
|
|
|
cidr_blocks = ["0.0.0.0/0"]
|
|
|
|
}
|
|
|
|
|
|
|
|
# HTTP access from anywhere
|
|
|
|
ingress {
|
|
|
|
from_port = 80
|
|
|
|
to_port = 80
|
|
|
|
protocol = "tcp"
|
|
|
|
cidr_blocks = ["0.0.0.0/0"]
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
resource "aws_elb" "web" {
|
|
|
|
name = "terraform-example-elb"
|
|
|
|
|
|
|
|
# The same availability zone as our instance
|
|
|
|
availability_zones = ["${aws_instance.web.availability_zone}"]
|
|
|
|
|
|
|
|
listener {
|
|
|
|
instance_port = 80
|
|
|
|
instance_protocol = "http"
|
|
|
|
lb_port = 80
|
|
|
|
lb_protocol = "http"
|
|
|
|
}
|
|
|
|
|
|
|
|
# The instance is registered automatically
|
|
|
|
instances = ["${aws_instance.web.id}"]
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
resource "aws_instance" "web" {
|
|
|
|
# The connection block tells our provisioner how to
|
|
|
|
# communicate with the resource (instance)
|
|
|
|
connection {
|
|
|
|
# The default username for our AMI
|
|
|
|
user = "ubuntu"
|
|
|
|
|
|
|
|
# The path to your keyfile
|
|
|
|
key_file = "/Users/pearkes/Desktop/hashicorp-demo.pem"
|
|
|
|
}
|
|
|
|
|
|
|
|
instance_type = "m1.small"
|
|
|
|
|
|
|
|
# ubuntu-precise-12.04-amd64-server
|
|
|
|
ami = "ami-4fccb37f"
|
|
|
|
|
|
|
|
# The name of our SSH keypair you've created and downloaded
|
|
|
|
# from the AWS console.
|
|
|
|
#
|
|
|
|
# https://console.aws.amazon.com/ec2/v2/home?region=us-west-2#KeyPairs:
|
|
|
|
#
|
|
|
|
key_name = "hashicorp-demo"
|
|
|
|
|
|
|
|
# Our Security group to allow HTTP and SSH access
|
|
|
|
security_groups = ["${aws_security_group.default.name}"]
|
|
|
|
|
|
|
|
# We run a remote provisioner on the instance after creating it.
|
|
|
|
# In this case, we just install nginx and start it. By default,
|
|
|
|
# this should be on port 80
|
|
|
|
provisioner "remote-exec" {
|
|
|
|
inline = [
|
|
|
|
"sudo apt-get -y update",
|
|
|
|
"sudo apt-get -y install nginx",
|
|
|
|
"sudo service nginx start",
|
|
|
|
]
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
output "address" {
|
|
|
|
value = "${aws_elb.web.dns_name}"
|
|
|
|
}
|
2014-07-27 21:58:49 +02:00
|
|
|
```
|