Deploy an Ubuntu/Debian Amazon Web Services Server with Terraform

Overviews

This guide provides the information you need to deploy an Ubuntu/Debian Amazon Web Services Cloud Server with systemd and a bastion to your Advanced Server Access team with Terraform. Depending on your target server and enrollment type some topics in this guide may not apply to you, such as if your team's project will not be using terraform or if you plan to add a different server type to your project. Modify your steps as needed to fit your team or refer to a different guide on the cloud deployments page.

Creating a cloud server with Terraform means installing the Terraform tool on your personal machine and using an Access ID, enrollment token, and secret ID to create servers on the Amazon Web Services console. Once created, your new servers should list automatically within your team's console in Advanced Server Access.

Note: For this guide we used the ScaleFT ubuntu-behind-bastion StarterKit provided by Okta on Github as our terraform module. For your setup, use your company's Terraform repo for you production environment instead, though you should still end up with similar configuration values in your terraform.tfvars file.

Prerequisites

You need the following permissions you need to deploy an Amazon Web Services Server with Terraform

Amazon Web Services

Requirement Description
Amazon Web Services Account An Amazon Web Services account is needed to access the AWS Management console, where you can create a Virtual Machine for your team.

Advanced Server Access

Requirement Description
Advanced Server Access Team This is the top-level object that is representing an organization within Advanced Server Access.
Advanced Server Access Project This is the authorization-scope of your team, organizing your Users, Groups, and Servers.

Procedures

Deploying an Amazon Web Services Server with Terraform can be done in 3 steps:

  1. Download and Install Terraform
  2. Locate your Amazon Web Services Security Credentials
  3. Configure Terraform to work with Amazon Web Services and Advanced Server Access

 

Download and Install Terraform

  1. Download the Terraform installer from the official site

  2. Unzip the downloaded file and run the unix executable

Locate and Save your Amazon Web Services Security Credentials

  1. Navigate to the Amazon Web Services console and log in to your account
  2. Click the dropdown next to your username in the top-right corner of the console and select My Security Credentials

    If prompted with another window concerning AWS Identity and Access Management users, click the Continue to Security Credentials button

  3. Click the Access keys (access key ID and secret access key) dropdown menu
  4. Click the Create New Access Key button, and click the Hide Access Key dropdown to see your new Access Key ID and Secret Access Key
  5. Copy and store both the Access Key ID and Secret Access Key and save in a secure location

Configure Terraform to work with Advanced Server Access and Amazon Web Services

  1. Open your machine's console and run the ls -a command to see the folders in your home directory

  2. Create a file named terraform.tfvars and add the following lines:

    access_key:"<access-key>"
    secret_key:"<secret-key>"
    enrollment_token:"<enrollment-token>"
  3. Save the file and place it in your Terraform module

  4. In your machine's console, run the which terraform command to confirm that your terraform path exists. Depending on your platform, the output should look something like the following: 

    /Users/user/bin/terraform

  5. Confirm that you are in your terrform module before running the terraform init command to initialize the terraform program
  6. Confirm that the information you saved to you terraform.tfvars file is correct by running the terraform plan command. If you receive any errors, troubleshoot as needed before proceeding
  7. Run terraform apply to begin creating your servers. If prompted for approval, type yes and press return on your keyboard

Navigate to the Advanced Server Access console and confirm that your new servers are listed before attempting to SSH into your team's servers.

Top