- Terraform installed.
- AWS Credentials: Ensure your environment is set up with the necessary AWS credentials. This can be done in various ways, such as:
- Setting the
access_key
andsecret_key
variable in Terraform. - Setting up environment variables (
AWS_ACCESS_KEY_ID
andAWS_SECRET_ACCESS_KEY
). - Configuring using the AWS CLI.
- Using IAM roles with necessary permissions if you're running Terraform on an AWS EC2 instance.
- For more information on configuring AWS credentials for Terraform, see the official documentation.
- Setting the
- A working knowledge of Terraform and AWS resources
Before applying any Terraform script, initialize your Terraform working directory:
terraform init
The script is designed with modularity and reusability in mind. Various parameters like region, instance count, instance type, etc., are exposed as variables for easier customization.
For the full configuration list, please refer to the doc.
To modify the default values, you can create a terraform.tfvars
file in the
same directory as your Terraform script:
cat <<EOF > terraform.tfvars
region = "ap-southeast-1"
access_key = "<access_key>"
secret_key = "<secret_key>"
storage = "rds-postgresql"
extra_tags = {
"Environment" = "Production"
}
EOF
After adjusting your configuration, test and apply the script:
terraform plan
terraform apply
Warning
Security Attention: two security rules are created for the bastion host:
ssh-access
: Allows SSH access from any IP (0.0.0.0/0
). Please note that this is potentially insecure and you should restrict the IP range by setting the variablebastion_ssh_cidr_blocks
.public-egress-access
: Allows egress access to the internet for the instances.
After all the resources are created, you can head to the Ansible part to start deploying SkyWalking.
You don't usually need to directly SSH into the bastion host, but if you want, you can SSH into the bastion host with the command:
KEY_FILE=$(terraform output -raw ssh_user_key_file)
BASTION_IP=$(terraform output -json bastion_ips | jq -r '.[0]')
ssh -i "$KEY_FILE" ec2-user@"$BASTION_IP"
If you set the variable create_lb
to
true
(this is set by default, so if you didn't set it to false
, you should
have an ALB), you can access the SkyWalking UI ALB with the command:
terraform output -raw alb_dns_name
When you open the URL in your browser, you should see something like this:
503 Service Temporarily Unavailable
This is because you didn't deploy SkyWalking yet, after you complete the steps in the Ansible part, you should be able to see the SkyWalking UI then.
To destroy the resources when they are no longer needed:
terraform destroy
This command will prompt you to confirm before destroying the resources.