Skip to content

MISSION1.md

Latest commit

 

History

History
206 lines (148 loc) · 9.17 KB

MISSION1.md

File metadata and controls

206 lines (148 loc) · 9.17 KB

Mission 1: Provisioning resources on AWS AND GCP with TERRAFORM

You'll learn how to enable a MultiCloud architecture deployment through Terraform, with resources running in AWS and Google Cloud Platform.

What you need :

An AWS account

https://aws.amazon.com/free/

A Google Cloud Account GCP (For GCP) Open your browser in an Anonymous | Private | Cognito way and go to:

https://console.cloud.google.com/freetrial

Advice: We strongly recommend creating a new Gmail account, instead of using your personal!

Steps in Amazon Web Services (AWS)

Creating the terraform-en-1 user using the IAM service

  • Access the AWS console (https://aws.amazon.com) and log in with your newly created account. In the search bar, type IAM. In the Services section, click on IAM.

  • Click on Users and then Add users, enter the name terraform-en-1, and click Next to create a programmatic type user. Untitled

  • After advancing, in Set permissions, click on the Attach existing policies directly button.

Screenshot_2023-02-03_at_09 27 44

  • Type AmazonS3FullAccess in Search.

  • Select AmazonS3FullAccess Untitled (1)

  • Click on Next

  • Review all the details

  • Click on Create user

Creating the Access Key for the terraform-en-1 user using the IAM service

  • Access the terraform-en-1 user Untitled (2)
  • Click on the Security credentials tab Untitled (3)
  • Navigate to the Access keys section
  • Click on Create access key Untitled (4)
  • Select Command Line Interface (CLI) and I understand the above recommendation and want to proceed to create an access key. Untitled (5)
  • Click on Next.
  • Click on Create access key Untitled (6) Click on Download .csv file Untitled (7)
  • After the download finishes, click on Done.
  • Once the download is complete, rename the .csv file to key.csv

Steps in Google Cloud Platform (GCP)

Preparing the environment to run Terraform

Result Untitled (9)

  • Upload the key.csv and mission1.zip files to the Cloud Shell using the browser

  • Step 1 Untitled (10)

  • Step 2 Untitled (11)

  • Step 3 Untitled (12)

  • Verify if the mission1.zip and key.csv files are in the folder in the Cloud Shell using the command below

    ls

Result Untitled (13)

  • Execute the file preparation commands:

mkdir mission1_en

mv mission1.zip mission1_en

cd mission1_en

unzip mission1.zip

mv key.csv mission1/en

cd mission1/en

chmod +x *.sh

Result Untitled(14)

  • Execute the commands below to prepare the AWS and GCP environment

    mkdir -p ~/.aws/

    touch ~/.aws/credentials_multiclouddeploy

    ./aws_set_credentials.sh key.csv

    gcloud config set project <GOOGLE_CLOUD_PROJECT_ID>

NOTE: To get Project ID and EDIT the <GOOGLE_CLOUD_PROJECT_ID>

  • Drag down the Cloud shell

  • Click on the MY FIRST PROJECT dropdown Screenshot (24)

  • COPY your project ID and past on the terminal of the Cloud shell Screenshot (25)

  • Click on Authorize Untitled(14)

  • Execute the command below to set the project in the Google Cloud Shell

    ./gcp_set_project.sh

  • Execute the commands to enable the Kubernetes, Container Registry, and Cloud SQL APIs

    gcloud services enable containerregistry.googleapis.com

    gcloud services enable container.googleapis.com ​

    gcloud services enable sqladmin.googleapis.com ​

IMPORTANT( DO NOT SKIP)

Screenshot (26) To open the text editor

  • Go to the right-hand-side of your Google Cloud shell terminal

  • Click on the Text editor Screenshot (27)

  • On the Text editor, Click on the mission1_en folder Screenshot (28)

  • Click on Mission1 folder

  • Click on en folder Screenshot (29)

  • Click on Terraform folder

  • locate the file named tcb_aws_storage.tf Screenshot (31)

  • Click on tcb_aws_storage.tf and edit the LINE 4 XXXX with unique number of your choice(This is because AWS requires you to create a unique name for your Aws S3 Buckets) Screenshot (32) AFTER EDITING RETURN TO THE CLOUD SHELL TERMINAL

Running Terraform to provision MultiCloud infrastructure in AWS and Google Cloud

  • Execute the following commands to provision infrastructure resources

cd ~/mission1/en/terraform/

terraform init

terraform plan

terraform apply

Attention: The provisioning process can take between 15 to 25 minutes to finish. Keep the CloudShell open during the process. If disconnected, click on Reconnect when the session expires (the session expires after 5 minutes of inactivity by default)

IMPORTANT (DO NOT SKIP)

Screenshot (36) NOTE: To do this

  • Search and Click on the SQL instance that has been created in the Google Cloud Platform using Terraform
  • Click on Connections
  • Under the Networking section, Check-box the Private IP
  • Under the Private IP; On the network dropdown, Select default
  • Go down and Click on ADD NETWORK
  • NAME: Public Access (Testing Only)
  • NETWORK: 0.0.0.0/0
  • Click Done
  • Scroll down and click on Save

Appendix I - Destroying the environment and starting over

In case you have encountered any problem/error and want to reset the environment to start over, follow the step-by-step instructions below to remove the entire MultiCloud environment.

[Google Cloud] Delete VPC Peering

Untitled (14)

[Google Cloud] Delete remaining resources w/ Terraform - Cloud Shell

cd ~/mission1/en/terraform/ ​ terraform destroy ​

Clean the Cloud Shell in AWS and Google Cloud

AWS

cd ~ ​

rm -rf mission*

Google Cloud

cd ~

rm -rf mission*

rm -rf .ssh

Security Tips

  • For production environments, it's recommended to use only the Private Network for database access.
  • Never provide public network access (0.0.0.0/0) to production databases. ⚠️

By reaching this point, you have completed the implementation of the first part of the Hands-on Project and have implemented resources in a MultiCloud (AWS and Google Cloud) environment using Terraform!

Congratulations! 🚀🎉