SPARC Wiki

AWS Demo Environment

Owned by Chris Ortman
Last updated: Apr 24, 2018Version comment

This guide will show you how to set up a SPARC environment running on AWS provisioned with Terraform https://www.terraform.io

The example code is https://github.com/ui-icts/sparc-aws-deploy

This code is not meant to be a shared tool, it is intended for you to copy and use as a starting point in your own projects. The reason is that each team is likely to have their own set of constraints and environments for deploying in to and it will make more sense for your SPARC aws resources to be a part of that whole. Most of this terraform code is boiler plate for any environment where there is a database and web server. The SPARC specific stuff is in the ec2 provisioning beginning around line 281 https://github.com/ui-icts/sparc-aws-deploy/blob/master/default.tf#L281

Step 1

Obtain a copy of the example code

git clone git@github.com:ui-icts/sparc-aws-deploy.git

Step 2

Create an IAM user that will have credentials for provisioning AWS resources. This user should have PowerUserAccess permissions.
There will be a screen that shows you the access_key and hidden secret_key for your user. Click the 'show' button and then copy & paste the access key and secret key into the sparc-aws-deploy/default.tf file you got from git clone.

You many put any value you like for the dept_mfk variable. At Iowa this is how we mark a resource that belongs to our department because we have campus wide AWS.

Explanation if you are new to AWS

This confused me quite a bit at first. Every time I tried using any command line tools for AWS I kept thinking I should be telling it how to connect as me

but this isn't how AWS works.

If you want to use a command line tool (or provision AWS using its API's since that is what the CLI tools do) you need to create separate credentials for each tool.

Think of it like API keys for a user account, but each key gets its own set of groups and associated permissions.

So when I look at IAM (Identity and Access Management) in AWS I see things like ChrisO TerraForm User and a Terraform Permissions Group and that Terraform Permissions group gets the PowerUserAccess

I also see ChrisO Laptop CLI access user, which is the 'user' I connect to AWS using the AWS CLI tool

This guide can walk you through creating the user and permissions. https://docs.aws.amazon.com/IAM/latest/UserGuide/getting-started_create-admin-group.html

Depending on if you want 1 terraform user per each member of your team or a single shared set of credentials will tell you how many users to create. 
We have 'protected' git repositories that store secrets, so it would make sense for our team to have a single terraform user whose credentials are stored in the repo. If everything is in a public github repo, then you probably want everyone to have their own user.

Step 3

Create an SSH key pair that you can use to login to the created EC2 boxes. You may use an existing key pair if you wish, but the terraform scripts you cloned from github are coded to look for a ~/.ssh/terraform.pub key pair.

To create the key pair run

ssh-keygen

When prompted to enter a file use:

~/.ssh/terraform

Enter a passphrase if you would like. More Info


Step 4

Install Terraform https://www.terraform.io/downloads.html

I use the home-brew version

Step 5

In the directory where you cloned the code to (and edited the default.tf file) run 

terraform init

If you would like to see what terraform is going to do run

terraform plan

Otherwise to create everything run

terraform apply

After terraform finishes its work the IP of your website will be in a file called sparc-web-ip.txt

2011-2021 © MUSC Foundation for Research Development