# Terraform Security Groups

### Introduction

In the last lesson, we saw how to launch an EC2 instance using terraform.  To accomplish this, we worked with two terraform blocks, the `provider` block and the `resource` block.

The provider block is where we specified the aws service and the related region.

```bash
provider "aws" {
  region = "us-east-2"
}
```

And the resource block is where we specified that we would be using the ec2 instance, called `aws_instance` and the configuration details like the `ami` and `instance_type`.

```bash
resource "aws_instance" "example" {
  ami           = "ami-0c55b159cbfafe1f0"
  instance_type = "t2.micro"
}
```

In this lesson, we'll look at adding our security group information to our ec2 instance.

### Adding a Web Application

We can see this by setting up a little server directly on our AWS machine like so.

```bash
resource "aws_instance" "example" {
  ami           = "ami-0c55b159cbfafe1f0"
  instance_type = "t2.micro"
  
  user_data = <<-EOF
              #!/bin/bash
              echo "Hello, World" > index.html
              nohup busybox httpd -f -p 8080 &
              EOF
}
```

Let's take a closer look at the newly added code.

```bash
user_data = <<-EOF
              #!/bin/bash
              echo "Hello World" > index.html
              nohup busybox httpd -f -p 80 &
              EOF
```

* **user_data**

The `user_data` is property is not something we'll use very often.  We're simply taking advantage of the fact that it's run by terraform after our instance sets up.  

* **EOF**

EOF is simply the delimiter for a multiline string in bash (called a docstring).  Notice that we begin with `<<-EOF` and end with `EOF`.  

> It's equivalent to the `"""` in Python.  

* **Our Server**

Then we write `Hello World` into an `index.html` file.  And that file is then served via the busybox server on port 80, and and the process is run as a background job.

Now let's apply our changes.

Now if we try to access our string server by visiting our public ip address, we'll see an error.

### The Issue

Remember that in AWS, every EC2 instance is placed behind a firewall that determines how traffic from flows to and from EC2 machine.  By default, no traffic is allowed to flow into our EC2 machine.  

```bash
resource "aws_security_group" "instance" {
  name = "terraform-example-instance"
  ingress {
    from_port   = 8080
    to_port     = 8080
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
}
```


Where PROVIDER is the name of the provider (e.g., aws), TYPE is the type of resource (e.g., security_group), NAME is the name of that resource (e.g., the security group is named "instance"), and ATTRIBUTE is either one of the arguments of that resource (e.g., name) or one of the attributes exported by the resource (you can find the list of available attributes in the documentation for each resource—e.g., here are the attributes for aws_security_group). The security group exports an attribute called id, so the expression to reference it will look like this:


```bash
resource attribute reference,
which uses the following syntax:
<PROVIDER>_<TYPE>.<NAME>.<ATTRIBUTE>
```

* Potentially, need to talk about nginx and an AWS load balancer.

### Resources

[Introducing Terraform](https://blog.gruntwork.io/an-introduction-to-terraform-f17df9c6d180)

[Terraform with Docker](https://www.airpair.com/aws/posts/ntiered-aws-docker-terraform-guide)