telescope
telescope copied to clipboard
Seneca-CDOT
Cloud Formation template for Telescope development on AWS
Recently, I looked into a tool called Terraform, an Infrastructure as Code. While reading the document to use vscode ssh, I think it would be a nice plus to have a terraform file to build all the AWS instances, so we can skip the AWS step and only do the ssh connection with vscode.
I'd like this, we need it. I think Cloud Formation might be better, though. Not because CF is better (I prefer Terraform), but because it will be easier to run in the context of the Learner Lab environment.
I'm going to be teaching Cloud Formation in a few weeks in the cloud course. You can write them in JSON or YAML, and they look like this:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-ec2.html
We would transform @cindyledev's doc into a template that Cloud Formation runs in order to create the actual resources. It's magic.
@humphd I have a working terraform file in my local, that run Vscode ssh steps but missing elastic IP.
Ah, nice. You don't find it clunky to run with the Learner Lab and changing credentials?
Ah, nice. You don't find it clunky to run with the Learner Lab and changing credentials?
I don't very mind it. It's a few seconds of copying and pasting keys.
I think one thing you need is replace those
provider "aws" {
region = "us-east-1"
access_key = <ACCESS_TOKEN>
secret_key = <SECRET_KEY>
token = <TOKEN>
}
If first time you need setup ssh key
resource "aws_key_pair" "deployer" {
key_name = "telescope-ssh-key"
public_key = <PUBLIC_SSH_KEY>
}
Then to run it
terraform plan // Checking everything is correct
terraform apply // Apply our change to AWS
The thing about using Cloud Formation is that we could do it in AWS and not worry about passing around keys, credentials at all.
We can do both, too!
The thing about using Cloud Formation is that we could do it in AWS and not worry about passing around keys, credentials at all.
We can do both, too!
That works too, I'm open to learn Cloud Formation
Finish the Terraform and then do CF later if you want. We can have both options.
This would be awesome to have. I'll probably have time to play around with CF this week to see what I can get.
Tag me to review the Terrafrom stuff @Kevan-Y. Super excited for it.
Ah, nice. You don't find it clunky to run with the Learner Lab and changing credentials?
I don't very mind it. It's a few seconds of copying and pasting keys.
I think one thing you need is replace those
provider "aws" { region = "us-east-1" access_key = <ACCESS_TOKEN> secret_key = <SECRET_KEY> token = <TOKEN> }
I would suggest creating a profile using the AWS cli to store your login info using aws configure. By default it creates a default profile like the following in .aws/credentials (sorry image is a little cut off)
you can then use the following to avoid explicitly typing in your credentials
// this allows you not to use your secret or access key
provider "aws" {
profile = "default"
region = "ca-central-1" //or whatever region you want
}
The tricky part about what we're doing is that every time you start the learner lab environment, you'd have to redo this (i.e., the credentials change every time). This is part of why I don't think Terraform is a great user experience, since it relies on stable credentials.
In that case how about using .tfvars?
provider "aws" {
region = var.region
access_key = var.access_key
secret_key = var.secret_key
}
in a vars.tf file
variable "access_key" {
type = string
sensitive = true
}
variable "access_token" {
type = string
sensitive = true
}
variable "region" {
default = "ca-central-1" //or whatever region
type = string
}
in a .tfvars file
access_key = //access key here
access_token = //access token here
allows you the freedom to either use the vars file when using terraform apply -var-file="<tfvarsFileNameHere>" or be prompted for them in the cli if you use terraform apply only?