# EC2 and RDS Instances - TF Fullstack

### Introduction

So in the previous lesson, we accomplished some of the initial setup of both updating our code, and dockerizing our flask api.  In this lesson, we'll move forward with some of the terraform setup.  That means, we'll need a backend database that connects to an EC2 instance.  And the ec2 instance is where we'll ultimately deploy our flask api and streamlit frontend.

Ok, let's get started.

### Setting up the database

The first step will be to set up the rds instance.  You can see that we already got you started with setting up the rds instance.  And you can see it setup in the `tf/rds.tf` file.  Here's what you'll still need to do:
    
1. Use local variables
    * So currently `db_name`, `username`, `password` and `db_name` are hardcoded.  Move to using the local variables that are defined above.
    > In production you can look into using the aws secrets manager, or you could imagine just having the local variables in a `tf` file that is in a .gitignore and so not pushed up to github.  But you can skip that.
    
    *  Notice that on the database instance, we already set `publicly_accessible = true`.

2. Set up the security group

Next, you'll need to setup a security group that allows for any computer to access the database on port 5432.  

3. Attach the security group 

* We already declared a security group for you, and.  Still, **you'll need** to *attach* the security group to the rds instance.

You can do this by adding a property of:

* `vpc_security_group_ids` and associating the security group id from the security group defined in the file.

4. Specify how to connect

We should also output how to connect to our database.  We can do so with the output below.  But you'll need to use some string interpolation, and reference the database resource properties to output the database name, host domain name, and the user to connect to the database.

```bash
output "rds_connection_instructions" {
  value = "psql -d  -h  -U "
}
```

At this point, it's a good idea to apply our terraform code.  Then connect to the database, and confirm there is the database name that you specified.

**B. Setting up the EC2 instance**

1. Set up the EC2 instance

Next up, is to set up the EC2 instance.  You can define this in the `web_app.tf` file. You can start off with the following.  

```bash
resource "aws_instance" "backend_server" {
  ami           = "ami-07d9b9ddc6cd8dd30"
  instance_type = "t2.micro"
}
```

> **Note**: Your ami may differ, based on region, but do check that you are working with an Ubuntu ami.  You can make sure you are working with an ubuntu ami, by going to `EC2 > Launch Instance` and then selecting Ubuntu, and finding the associated AMI.

> <img src="./select-ubuntu.png" width="60%">

We'll leave to you to add the following:

* Add the key name
    * You'll need to add the `key_name` attribute, and match this to one of the key pairs (matching a .pem file you can use to ssh into. 
    
* Name the instance 
    * Use the `tags` property to give it a name of `backend server`

2. Create a security group


Next, create a security group, and create two ingress rules:

* ssh access on port 22 to for any computer
* access on port 80 to any computer

3. Attach the security group

* Add the appropriate security group id to the ec2 definition.  This should attach the `aws_security_group` that you just created.


4. One last step

Now at this point, we should have our ec2 machine set up, and also have our rds instance set up.  But we need to tell our rds instance to allow access to our ec2 machine.  Remember why?  Our Ec2 machine will host our backend api, which will need to connect to the database in RDS.

To accomplish this, we'll need to go back to the `rds.tf` file, and update the `aws_security_group.postgres_access` definition to the following.

```bash
resource "aws_security_group" "postgres_access" {
    # your original code
    
    security_groups = [aws_security_group.web_app.id]
  }
}
```

So here, we essentially added a tag to the postgres security group.  And that tag tells the postgres security group to allow access to any aws resource associated to the `web_app` security group.  So now our web app, should have access. 

Let's try to say this again.

* The `postgres_access` security group gives rds instance access to...
* Resources associated with the `web_app` security group
* And we attached the `web_app` security group to the ec2 instance 
* Thus giving ec2 access to our rds instance.



### Check your work

Ok, so now let's deploy our terraform resources.  To do this, from the `tf` folder we'll need to run the following:

```bash
terraform init
terraform apply
```

And then from there we should first `psql` into the postgres instance to confirm that we can connect to the database from our laptop.  Also confirm that the database name that you set up is available.

> <img src="./job-scraper-access.png">

Then move onto the ec2 instance.  So ssh into the ec2 instance.  And then we'll want to confirm that we can connect to our database from the ec2 instance.

```bash
sudo apt-get update
sudo apt-get install postgresql-client-common
sudo apt-get install postgresql-client
```

From there, you should be able to use psql to connect to the rds instance from ec2.  

> If you cannot, use AWS's web interface to confirm that the security group is properly set up.

### Encoding the setup


Now, one thing we'll have to make sure of, is that the ec2 instance is setup *after* the rds instance is established.  After all, that's the only way to get our `DB_HOST` value.  So do this we can add the following property to our EC2 setup.  

```bash
depends_on = [aws_db_instance.postgres_db]
```

So now, our `backend_server` resource will look something like the following:

```bash
resource "aws_instance" "backend_server" {
  ami           = "ami-07d9b9ddc6cd8dd30"
  instance_type = "t2.micro"
  key_name = "your key name here"
  # 
  depends_on = [aws_db_instance.postgres_db]
  
  ...
  }
```

Ok, so now reapply your changes.  And then sh into the ec2 machine, and then confirm that the environmental variables have been set up.

`echo $DB_HOST`

If you need to see how your changes were applied, you can see a log of what occurred in your ec2 instance, by executing the following. 

```bash
cat /var/log/cloud-init-output.log
cat /var/log/cloud-init.log
```

Ok, so if you did all of that, you done with this phase!

### Summary

In this lesson, we set up our the infrastructure for our terraform stack.  We did so by setting up the database and the ec2 instance.

We did so in stages, using `psql` to make sure we could connect to our rds instance, and sshing into our ec2 instance.  We also ensured that we could connect from our ec2 instance to our database with something like the following.

```
resource "aws_security_group" "postgres_access" {
    # your original code
    
    security_groups = [aws_security_group.web_app.id]
  }
}
```

### Resources

[Terraform template working with Following](https://discuss.hashicorp.com/t/template-v2-2-0-does-not-have-a-package-available-mac-m1/35099/3)