Deploy an AWS server with Terraform
This topic explains how to deploy an Ubuntu or Debian Amazon Web Services (AWS) cloud server with systemd and a bastion to your Advanced Server Access team with Terraform. You may need to modify this process to fit your specific needs.
Creating a cloud server with Terraform means installing the Terraform tool on your personal machine and using an access ID, enrollment token, and secret ID to create servers on the AWS console. After being created, your new servers should appear automatically within the Advanced Server Access dashboard.
This topic uses the ScaleFT Starter Kit as the Terraform module. View the kit on GitHub. For your setup, use your company's Terraform repository for your production environment. The configuration values in your terraform.tfvars file should be similar to those in this guide.
- Download and install Terraform
- Locate and save your AWS security credentials
- Configure Terraform for Advanced Server Access and AWS
- Next steps
Amazon Web Services
|Amazon Web Services Account||An Amazon Web Services account is needed to access the AWS Management console, where you create virtual machines for your team.|
Advanced Server Access
|Advanced Server Access team||The top-level object that represents an Okta org within Advanced Server Access.|
|Advanced Server Access project||The authorization-scope of your team, organizing your users, groups, and servers.|
- Download the Terraform installer. See the Terraform website.
- Unzip the downloaded file and run the unix executable.
- Navigate to the AWS console and sign in to your account.
- Click the dropdown next to your username in the top-right corner of the console and select My Security Credentials.
If prompted with another window concerning AWS Identity and Access Management users, click Continue to Security Credentials.
- Expand Access Keys (Access Key ID and Secret Access Key).
- Click Create New Access Key, then expand Hide Access Key to see your new access key ID and secret access key.
- Copy the access key ID and then secret access key and save them both in a secure location.
- Create a file named terraform.tfvars and add the following lines:
- Replace <access-key> and <secret-key> in terraform.tfvars with the access key ID and secret access key values that you copied earlier.
- Replace <enrollment-token> in terraform.tfvars with your Advanced Server Access enrollment token.
- Save the file and place it in your Terraform module.
- In your machine's console, run which terraform to confirm that your Terraform path exists.
Depending on your platform, the output should look something like:
- Confirm that you are in your Terraform module, then run terraform init
- Confirm that the information in terraform.tfvars is correct by running terraform plan.
If you receive any errors, troubleshoot as needed before proceeding.
- Run terraform apply to begin creating your servers. Enter yes if prompted for approval.
Confirm that your new servers are listed in Advanced Server Access before you attempt to connect to them.