Implementation of a set of EC2 instances using Terraform and AWS Systems Manager configuration with Amazon Simple Notification Service for automated installation of security officers

Project 5 - Shared Responsibility Model, Shield & WAF, Inspector, Trusted Advisor, Cloud Trail, Systems Manager

In a dynamic real-world scenario, I was entrusted with spearheading this project as a DevSecOps Engineer. My mission was to deploy a set of EC2 instances and infrastructure using Terraform (Infrastructure as Code — IaC) in an automated manner.

A key requirement was to install a specific security agent on all these instances, leveraging Terraform for automation. Once the infrastructure was provisioned, AWS Systems Manager and the component ‘Command Run’ were used to automate the installation of the security agents.

Amazon Simple Notification Service (SNS) was utilized to send email notifications, keeping the team informed of the entire process status

Development, Security, & Operations - Infrastructure as code and Automation of a Security Agent Installation

Part 1: Terraform

Step 1: Download VSCode and install the Terraform extension

• VSCode Download Link
• Install the Terraform extension from the VSCode marketplace.

Step 2: Prepare Terraform Files

• Locate both ‘main.tf’ and ‘provider.tf’ terraform files for editing

Step 3: Edit Terraform main.tf file

• Update the VPC_ID and SUBNET_ID according to your default VPC.

Step 4: Create SSH Key Pair

• Name: sshkey1
• Format: .pem

Step 5: Upload and Unzip Terraform Code in AWS CloudShell

• Install Terraform on AWS CloudShell:

Step 6: Run Terraform Commands

• Initialize Terraform:

terraform initialization

• Plan and Apply Terraform:

terraform — plan & apply

Terraform Installation Log:

Install Terraform

Terraform key files to edit: ‘provider’.rf & ‘main’.tf terraform

Update the VPC_ID and SUBNET_ID (Visual Studio Code editor)

aws_instance “webserver1” and “webserver2”

Resources:

• Learn more about Terraform
• Terraform AWS Provider Documentation

Part 2: AWS Systems Manager

Step 1: Create an IAM Role for Systems Manager

• IAM | Role | Create Role
• Use cases for other AWS services: Systems Manager
• Policy: AmazonSNSFullAccess
• Role Name: SystemsManagerToSNS

Step 2: Create a Notification Topic in SNS

• SNS | Topic | Create Topic
• Type: Standard
• Name: DevOpsNotification
• Copy the ARN (Example: arn:aws:sns:us-east-1:339712775093)

Step 3: Create an Email Subscription for the Topic

• Protocol: Email
• Endpoint: email
• Confirm the subscription via your email.

Step 4: Set Up Systems Manager

• Systems Manager | Quick Setup
• Configuration types: Host Management
• Targets: Manual (select instances created via Terraform)
• Validate the configuration status as “Success.”

Step 5: Additional Provisioning

• Targets: Choose instances manually
• Uncheck Enable writing to S3 Bucket
• Enable SNS Notification
• IAM Role: SystemsManagerToSNS
• SNS Topic ARN: arn:aws:sns:us-east-1:510907048761

aws_security_group “allow_ssh”

Terraform creation of web servers averaged 32 seconds

AWS_System Manager (Two Instances created in Terraform)

Step 6: Verify Email Subscription / Security Agent

AWS notification subscription verification & confirmation

Security Agent verified

Conclusion:

This project was an invaluable experience in automating infrastructure deployment and management. I faced several challenges, including configuring Terraform scripts and ensuring seamless integration with AWS Systems Manager. Overcoming these hurdles required meticulous attention to detail and a thorough understanding of AWS services.

The use of Terraform and AWS Systems Manager proved crucial in streamlining the deployment process and enhancing the security of the infrastructure.

I encourage readers to explore these powerful tools and consider applying them in their projects to achieve efficient, scalable, and secure infrastructure management.