Secure (SSL) Web Hosting on AWS using Terraform Automation.

🔰 Welcome Back, Today Let’s Discuss about a powerful & highly demanded DevOps tool known as Terraform 😀.

Here’s the Demonstration for the Project, If you find it interesting, then do go through the blog below where every line is explained in detail, Thanks !

Swaroop Shinde on LinkedIn: Hello Everyone... 🙂 🔰 Here's a Project which I've created to " | 26…

🔰 In this Project we will Provision Infrastructure using terraform to Host a website with Secured SSL (HTTPS) connection Protocol on AWS Cloud. There will be number of AWS services which will be covered in this project such as :

🔹 EC2 (Elastic Compute Cloud).

🔹 ELB (Elastic Load Balancer).

🔹 VPC (Virtual Private Cloud) with subtopics like Subnets, Internet Getway, Route tables, etc.

🔹 Route53.

🔹 Amazon Certificate Manager.

🔹 Security Group

— — — — — — — — — — — — — — — — — — — — — — — —

✰ Let’s First Understand the Whole Architecture and How each Component will contribute to the Project 👍.

✅ Understanding the Architecture :

A) VPC (Virtual Private Cloud)

🔹 A virtual private cloud (VPC) is a virtual network dedicated to your AWS account. It is logically isolated from other virtual networks in the AWS Cloud. You can specify an IP address range for the VPC, add subnets, add gateways, and associate security groups. A subnet is a range of IP addresses in your VPC.

🔹 For now, assume VPC as a Huge Box, and inside that Box we will create our resources.

🔹 In the above Diagram you can see the VPC range is 10.0.0.0/16 ,means the first two octets i.e. 10.0.0.0 will remain constant and rest two octets will differ from 0 to 254 i.e. 10.0.255.255 so will have 65,536 total IP addresses within the VPC which we can later distribute according to our requirements.

— — — — — — — — — — — — — — — — — — — — — — — —

B) Subnets :

✰ A subnet, or subnetwork, is a segmented piece of a larger network. More specifically, subnets are a logical partition of an IP network into multiple, smaller network segments. The Internet Protocol (IP) is the method for sending data from one computer to another over the internet.

✰ Means we have 65,536 IP’s, so using subnets we can differentiate these IP for example one Subnet_1 : 10.0.1.0/24 means first 3 octets (8 x 3)will remain constant and remain last 0 will differ between 0 -254. so out of 10.0.0.0/16 i.e 65,536 IP’s, we allocate 10.0.1.0/24 i.e 255 IP’s to the Subnet. Similarly if you want one more subnet i.e. 10.0.2.0/24, again 255 IPs will be separated from 65,536 IP’s and so on.

— — — — — — — — — — — — — — — — — — — — — — — —

C) Security Group:

A security group acts as a virtual firewall for your EC2 instances to control incoming and outgoing traffic. Inbound rules control the incoming traffic to your instance, and outbound rules control the outgoing traffic from your instance.

We want to enable post 22 for SSH connectivity, post 80 which is by default http protocol and 443 which is used for secured SSL connection (https).

— — — — — — — — — — — — — — — — — — — — — — — —

D) EC2 (Elastic Compute Cloud):

◼ To put it simply, an EC2 is a virtual machine that represents a physical server for you to deploy your applications. Instead of purchasing your own hardware and connecting it to a network, Amazon gives you nearly unlimited virtual machines to run your applications while they take care of the hardware.

◼ we will Have 2 Instance with same Web Page in Each because we will be using Load balancer which will keep routing the traffic and balancing them on Both the Instance.

— — — — — — — — — — — — — — — — — — — — — — — —

E) Elastic Load Balancer :

Elastic Load Balancing (ELB) automatically distributes incoming application traffic across multiple targets and virtual appliances in one or more Availability Zones (AZs). That’s It.

E) Route Table :

🔹 A route table contains a set of rules, called routes, that determine where network traffic from your subnet or gateway is directed.

🔹 A routing table is a set of rules, often viewed in table format, that is used to determine where data packets traveling over an Internet Protocol (IP) network will be directed. All IP-enabled devices, including routers and switches, use routing tables.;

— — — — — — — — — — — — — — — — — — — — — — — —

E) Internet gateway :

A computer that sits between different networks or applications. The gateway converts information, data or other communications from one protocol or format to another. A router may perform some of the functions of a gateway. An Internet gateway can transfer communications between an enterprise network and the Internet.

— — — — — — — — — — — — — — — — — — — — — — — —

E) Route 53 :

✰ Route 53 sends automated requests over the internet to a resource, such as a web server, to verify that it’s reachable, available, and functional. You also can choose to receive notifications when a resource becomes unavailable and choose to route internet traffic away from unhealthy resources.

✰ when we will have a domain name for our web app, using route 53 we will associate the load balancer with the domain name so that whenever user will access the domain name, they will be able to view the web page.

— — — — — — — — — — — — — — — — — — — — — — — —

F) Amazon Certificate manager (ACM) :

✰ AWS Certificate Manager is a service that lets you easily provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services and your internal connected resources.

✰ Also this certificate will be used by load balancer for the secure SSL connection with ec2 instances.

— — — — — — — — — — — — — — — — — — — — — — — —

✰ Okay, so That’s all about the AWS services, now lets have a look at the Most important project plot i.e.

✅ Terraform :

➣ HashiCorp Terraform is an infrastructure as code tool that lets you define both cloud and on-prem resources in human-readable configuration files that you can version, reuse, and share. You can then use a consistent workflow to provision and manage all of your infrastructure throughout its lifecycle.

➣ Terraform by HashiCorp, an AWS Partner Network (APN) Advanced Technology Partner and member of the AWS DevOps Competency, is an “infrastructure as code” tool similar to AWS Cloud Formation that allows you to create, update, and version your Amazon Web Services (AWS) infrastructure.

➣ In Other words, If you want to provision your Infrastructure on any Cloud Service, You don’t have to every time go on AWS/other cloud to create resources. Instead, we will give the access ID & key to terraform & then we will define our resources with certain Syntax.

➣ The Installation of Terraform is very simple :

➣ Go to the official Website and download based on your OS environment.

➣ A zip file will be downloaded which will contain terraform.exe file.

➣ simply extract it and then in the start menu, type env so we can add the path to environment variables.

➣ Click on path & then edit.

➣ Copy the location where the terraform file is extracted.

➣ Click on New and then add the location, make sure that you’ve mentioned /terraform at the end which specifies the program.

➣ Now to ensure that terraform has been successfully setup or not, open command prompt and type terraform

➣ You can see variety of command/arguments that can be used with terraform came up here.

➣ next step is to tell terraform which cloud it should use for provisioning, whether it’s AWS, GCP, Azure, etc.

➣ since our Requirement is based on AWS. We will install AWS CLI to configure our access and secret key over here, we can specify the access key in the terraform provider.tf file too, but just to ensure that our credentials are not exposed publicly, we use AWS CLI.

➣ So install AWS CLI:

➤Simply download and Run the Installer for your OS and then use AWS command in CMD to ensure whether it’s correctly installed or not :

➤ Here we have it. now use AWS configure command where you will have to enter the Access key and Password:

➤ Go to your AWS account and create a user which we have already seen how to do in the Previous Jenkins & Ansible Project.

➤ Hit enter if default configuration is correct & We’re Done with Our setup of configuring AWS & terraform. Let’s Start writing Code and see how it will provision the resources in backend.

➤I’ll be using Git bash instead of Windows CMD because git bash enables using Linux command like ls, cd, mkdir inside windows.

— — — — — — — — — — — — — — — — — — — — — — — —

These are the files which we have in all and will be used to provision the infrastructure :

➤Let’s Start with the provider.tf which will specify that terraform should use which Cloud for provisioning :

— — — — — — — — — — — — — — — — — — — — — — — —

➤ Use the Amazon Web Services (AWS) provider to interact with the many resources supported by AWS. You must configure the provider with the proper credentials before you can use it.

➤ Basically, Provider is responsible to enable terraform to set up communication with AWS cloud Resources.

➤ Now we have, our get way for AWS, let’s start with the very 1st resource/service which will be the Base for Our whole web app i.e. VPC.

— — — — — — — — — — — — — — — — — — — — — — — —

✅ Create VPC using Terraform :

➸What this syntax means is, the resource which we wish to provision is VPC, so to make it understandable for the terraform, the right keyword i.e. aws_vpc. the next “main” is the name given for the terraform to create an identity for the vpc, which means whenever we want to use this part of terraform i.e. aws_vpc, we will use the “main” word which will refer to this VPC and the syntax will go something like this : aws_vpc.main.<data you wish to retrieve>.

➸ Next we have to give curly braces to specify the attributes which comes under VPC. So it’s mainly a CIDR block which we already saw in above VPC section. And tags will give name to the VPC on AWS.

Note : main is the name for the terraform reference, and tags will give name for the resource on AWS cloud. Also its not necessary to memorize this at all, you simply need to search for the resource on internet, For example if I want to get syntax for VPC :

➸Click on the link which gives you the appropriate answer :

➸And here you go, you will see ample of examples which will help you to create your own terraform file :

➸ Now since we have created our VPC, let’s distribute the IP address using Subnets, so here we have the subnet file :

— — — — — — — — — — — — — — — — — — — — — — — —

✅ Create Subnets using Terraform :

➸If you want to create AWS subnet, you can use the below Terraform registry to look for the syntax of subnet :

➸ On the left side, click on filter & search with proper syntax what you’re looking for, so we got the aws_subnet resource block.

➸And we landed on subnet page, let’s see how our terraform file for subnet looks like :

➸ As you can see, the name for the terraform reference is public since we already used main in aws_vpc.tf file. Now for subnets it first asks for the VPC which is to be used while creating subnets, so here we want to used the VPC which will be created by terraform, hence we use the syntax aws_vpc.main.id as discussed earlier, the id will be fetched once the VPC will be created.

➸Next we have the cidr_block, here a new word is introduced which is var, this var is nothing but variable. This var will refer to the variable file which will contain the following info :

➸You can see the name given for the variable is cidr, hence we use var.cidr in the subnet file and now to specify the count, you can see I've mentioned count = 2, which means it will iterate the resource block the number of times specified in count, so since we store the cidr range in variable file in form of list, so to retrieve these blocks, count.index wich means the index position of this cidr blocks will get retrieved and hence 2 subnets will be created, same goes with the availability zones, two subnets we need in 2 different availability zones so we have specified the same. Don’t scroll down, let’s bring the subnet file right back :

➸The data keyword is used to fetch the resources which are already present in the AWS, so it will filter out the the VPC created by terraform.

➸Now since we’ve created the VPC and subnets, I think we’re good to go with the provisioning of EC2 Instance. So let’s dive into the terraform file for the :

— — — — — — — — — — — — — — — — — — — — — — — —

✅ Create EC2 Instances using Terraform :

➸Let’s Break down this file into small components:

➸If you’ve seen my previous article on Ansible project where we provisioned EC2 Instance using Ansible, the process is exactly the same, the only difference is in the the Syntax, The Resource block used is aws_instance and the reference name is given as web. Rest entries are standard but the subnet ID’s, we’ve created two subnets, & we have to create 2 Instances both in different zones, so here count keyword will help.

➸ The count is a meta-argument defined by the Terraform language. It can be used with modules and with every resource type. The count meta-argument accepts a whole number, and creates that many instances of the resource or module.

➸So count.index will iterate 2 times and ever time when the resource block will be repeated, this index number will keep on shifting and hence 2 instances will be created with 2 different subnets.

➸The next argument is for the security Group :

— — — — — — — — — — — — — — — — — — — — — — — —

✅ Create Security Group using Terraform :

➸ Let’s have a look at the security group terraform file:

➸aws_security_group resource will be used, you can refer terraform registry for the same. give the name and description as per your choice. the VPC we have to use is the one which will be created by terraform and since we’ve given name as main so we’re using aws_vpc.main.id. below that the Rules/Ports which should be allowed for the Traffic are given as arguments, so port 80 for http, 433 for secured https and 22 for SSH connectivity protocol.

➸We need public IP since users will connect to access the web page so give value as true, and the name for the instances on web will be given as Web server.

➸Now, why are we provisioning EC2 instances ? because we want to host a web page on it right !!, So to install httpd package, then adding an index.html page, we need some thing that will do the work as ansible does which is configuration. So the next Block which will come under ec2 is the provisioners :

♐ Provisioners are used to execute scripts on a local or remote machine as part of resource creation or destruction. Provisioners can be used to bootstrap a resource, cleanup before destroy, run configuration management, etc.

♐ The local-exec provisioner invokes a local executable after a resource is created. This invokes a process on the machine running Terraform, not on the resource. See the remote-exec provisioner to run commands on the resource.

♐ We are using remote-exec beause The remote-exec provisioner invokes a script on a remote resource after it is created. This can be used to run a configuration management tool, bootstrap into a cluster, etc. To invoke a local process, see the local-exec provisioner instead. The remote-exec provisioner requires a connection and supports both ssh and winrm.

♐ We will use SSH connection and to connect EC2 Instance, the connection block which is below provisioner block is used to connect to instance, so the type is SSH, host is the IP address which will be retrieved while creating instances, the user is ec2-user since we cant access using root and now, to specify the .pem file which contains the private key to connect to the instance, it is not at all secure to directly Copy paste the passcode over here so the syntax used is : ${file(“./terraform_key.pem”)}

♐ This means the private key belongs to the files which is present in . i.e. current location with the file name as terraform_key.pem

Note : make sure to change the file permission using chmod 400 command.

♐The Lines of code written within the inline are purely Linux Based Commands, There are just installing HTTP server, starting the service and downloading the pre-created web page from free-css website.

♐ Next resource which will be needed is the internet getway because, we created VPC, subnets, Instances but there’s still no internet access to the Instances.

♐ So Lets look at the internet getway file :

— — — — — — — — — — — — — — — — — — — — — — — —

✅ Create Internet Getway using Terraform :

♐ This Simply Means that we want to create internet getway for the VPC which will be created by AWS and the tag : Name is given as main.

♐Now we’ve created internet getway, but how will instances come to know that which getway to use for internet connection, In other words which rout to use for Internet Getway, So here the next terraform file will come to play i.e. for the route table.

— — — — — — — — — — — — — — — — — — — — — — — —

✅ Create Route Table using Terraform :

➡ aws_route_table resource will be used for this, again it will be created under the same VPC. And now inside the route block you specify the internet getway ID which is created in the above terraform file and cidr_block is giving public assess.

➡ The route table for internet getaway will be created, now since our Instance is created under two subnets, so here we will have to route the internet to two subnets and hence one more time we will use the count parameter in the aws_route_table_accociation block & the route table ID will be fetched from the the above aws_route_table resource while it will get created.

➡ Next Resource we have is Load Balancer.

— — — — — — — — — — — — — — — — — — — — — — — —

✅ Create Load Balancer using Terraform :

Why Load balancer ?

➡ Load balancers improve application availability and responsiveness and prevent server overload. Each load balancer sits between client devices and backend servers, receiving and then distributing incoming requests to any available server capable of fulfilling them.

➡ We have 2 Instances, so every time user will hit port number 80, so they will be directed to any one of the instances which also means, it will split the traffic and balance it.

➡ Let’s look at the terraform File for the same :

➡Don’t be Overwhelmed Mate, It’s as simple as huge it looks, Let’s break it down into small components.

➡ Starting with the resource i.e. aws_lb, the reference name given as alb. The Load Balancer Type is application Load Balancer.

➡ An Application Load Balancer makes routing decisions at the application layer (HTTP/HTTPS), supports path-based routing, and can route requests to one or more ports on each container instance in your cluster. Application Load Balancers support dynamic host port mapping. For example, if your task’s container definition specifies port 80 for an NGINX container port, and port 0 for the host port, then the host port is dynamically chosen from the ephemeral port range of the container instance (such as 32768 to 61000 on the latest Amazon ECS-optimized AMI).

➡ we need an Application Load Balancer Because we will be using HTTPS protocol for secured connection. The Security groups used over here is same as it is used while creating EC2 Instance.

➡ Now in the subnets Syntax, as we have Count attribute, Similarly there is one more method to iterate i.e. for loop, the syntax for subnet in aws_subnet.public : subnet.id means for subnet (variable) in aws_subnet(resource).public(reference name) : subnet.id will be fetched.

➡ Next block is of Target Group.

➡ Means we created Load balancer. now we need to specify for which port number it should refer so that when traffic will come, which port number it should re direct the IP to, so for this aws_lb_target_group is used. the arguments are straight forward, port = 80, protocal =HTTP and target_type is instance cause we want to use our web servers for this. The VPC should be correctly specified, then the health check is takes by default as was mentioned in official terraform documentation,

➡Lastly we have to assign the Instances to this lb target group so aws_lb_target_group_attachment is used, again count to add 2 ip addresses of 2 different instances & the arn of the load balancer which will be created by terraform should be specified.

➡ Amazon Resource Names (ARNs) uniquely identify AWS resources. We require an ARN when you need to specify a resource unambiguously across all of AWS, such as in IAM policies, Amazon Relational Database Service (Amazon RDS) tags, and API calls.

➡So far we discussed about VPC, Subnets, EC2, route table, internet getway and load balancer, This much is enough to host a web page, Let’s move to git bash and start messing around terraform command.

➡Don’t worry about the terraform. files, those are created automatically while running terraform commands which we will see :

— — — — — — — — — — — — — — — — — — — — — — — —

✅ Terraform Commands :

☞ The terraform validate command validates the configuration files in a directory, referring only to the configuration and not accessing any remote services such as remote state, provider APIs, etc.

☞ Basically this will check if the syntax, resource blocks, reference attributes are correct or not. Here we Got success means nothing to Discuss !!

☞ Next Command is Terraform init.

☞ The terraform init command is used to initialize a working directory containing Terraform configuration files. This is the first command that should be run after writing a new Terraform configuration or cloning an existing one from version control. It is safe to run this command multiple times.

☞This command will download all the necessary files, plugins required to provision the Resources. & this is what the terraform. files belong.

☞Next Command is terraform plan

☞ The terraform plan command creates an execution plan, which lets you preview the changes that Terraform plans to make to your infrastructure. By default, when Terraform creates a plan it: Reads the current state of any already-existing remote objects to make sure that the Terraform state is up-to-date.

Note : You don’t have to take care about whether terraform will create resource in proper order or not, For example; Creating VPC before Subnets, Creating Instances before assigning them to Load Balancers, Creating Route table before Internet Getway, etc. Terraform will handle all by its Own.

You can see the arguments which we specified are appended Here, and rest will be know after apply means retrieved after it will be created.

‣ Lastly it says 15 Resources to Plan and at the end we will get the DNS name which will be retrieved after the load balancer will be created.

‣ The terraform apply command performs a plan just like terraform plan does, but then actually carries out the planned changes to each resource using the relevant infrastructure provider’s API. It asks for confirmation from the user before making any changes, unless it was explicitly told to skip approval.

‣Enter yes as confirmation to provision the resources :

‣ Enjoy the View for few minutes & it will say 15 added means 15 resources are provisioned & we got the DNS name as the output of Load balancer.

‣Now Copy this DNS name and Paste it in the web browser to check if the load balancer is working & redirecting correctly.

‣ Boom !! we have the Web page loaded on port number 80. Let’s have a look at the resources which it provisioned just now.

‣ 2 EC2 Instances with public IP assigned and running :

‣ Security group with port numbers Exposed Correctly :

‣ Load Balancer with two Instances connect and in healthy state :

‣ VPC which is created at the very beginning of execution :

‣ 2 Public Subnets :

‣Route Table :

‣ & Internet Getway which is associated with the VPC

‣ Now Let’s make it user friendly, Suppose you plan to Give This DNS name to your Friends or Other crew mates, obviosoukly they will be able to access the web page, but they will have no clue about what this link contains. For example when you search google.com, you know that search engine is gonna appear, similarly in our case to make others aware about wtat the we bapge contains, we will have to give a Domain Name.

‣So Let’s get a Domain Name for free from website called freenom :

— — — — — — — — — — — — — — — — — — — — — — — —

✅ Get Domain Name for Free :

‣ The User Interface is very simple, you have to just search for the domain name you’re looking for, obviously you wont get .com, .in or other extension for free but there are still some other random extensions available, like this :

‣ I searched for traveler and since It is most commonly used key word so mostly all are taken away, but there’s still one more left because someone kept it reserved specially for our Project. So click on get it now on the right of the domain name.

‣ Click on checkout:

‣The period is 3 because we haven't yet created account on free nom, so click on continue.

‣You can verify Email If you haven’t created account. I already have one so i will sign in :

‣ Now when you sign in, you can see a long list of time line came up,

‣ Select according to your preference and Complete the Order :

‣ Now We have a Domain Name, In Order to attach our Load balancer DNS name to Our Domain Name, the service which will be used is Route 53 :

— — — — — — — — — — — — — — — — — — — — — — — —

✅ Route53 :

‣ Amazon Route 53 is a highly available and scalable Domain Name System (DNS) web service. Route 53 connects user requests to internet applications running on AWS or on-premises.

☞You need to Create a Hosted Zone :

☞ A hosted zone is an Amazon Route 53 concept. A hosted zone is analogous to a traditional DNS zone file; it represents a collection of records that can be managed together, belonging to a single parent domain name. All resource record sets within a hosted zone must have the hosted zone’s domain name as a suffix.

☞Make sure that you enter the Hosted zone name same as the purchased Domain name :

☞ Leave the rest Configuration As it is and create the Hosted Zone :

☞ Amazon Route 53 automatically creates a name server (NS) record that has the same name as your hosted zone. It lists the four name servers that are the authoritative name servers for your hosted zone. Except in rare circumstances, we recommend that you don’t add, change, or delete name servers in this record.

☞Now go to the freenom website cause we have to update the Name Servers Over there :

☞Click on Manage Domain on the right of domain name

☞ Click on Nameservers:

☞Select use Custom Nameservers Option and Copy paste the same from the Route 53 Hosted Zone :

☞Now Click on Change Nameservers:

☞ Next is we have to create a Record Set in Hosted Zone. This Record Set will specify the Load balancer DNS name to the domain name so whenever the user will search using the domain name, the web page will reflect, So click on Create Record Set :

— — — — — — — — — — — — — — — — — — — — — — — —

✅ Create Record :

☞ Give the Record Name i.e the sub Domain name you wish, this means we can write any sub domain name before .traveler.ga like dw.traveler.ga or ig.traveler.ga, etc. we are using www.traveler.ga

☞ the record Type is A because An A record maps a domain name to the IP address (Version 4) of the computer hosting the domain. An A record uses a domain name to find the IP address of a computer connected to the internet. The A in A record stands for Address.

☞Since we have a Load Balancer, so Click on the Alias option below the sub Domain Name :

☞ Now Select the End Point as where you want to route the domain name. Our’s is application Load balancer.

☞Select the Region where you’re created the Load Balancer. & Lastlty choose the Load balancer Available in that region :

☞Click on Save :

☞A record is Created, now if you search www.traveler.ga on web browser :

☞ & the Web Page Came Up. Now There’s One More way of Doing This using Terraform, so Let’s go back to the Git bash :

— — — — — — — — — — — — — — — — — — — — — — — —

✅ Create Record using Terraform :

☞ we have one directory called route53, Let’s cd and check what it contains :

☞This terraform file Contains :

➡As Simple as we saw in above terraform files. The resource used is aws_route53_zone and reference name is route53_zone. But there’s one difference over here, instead of resource we have data keyword over here

➡Data sources allow Terraform to use information defined outside of Terraform, defined by another separate Terraform configuration, or modified by functions.

➡Means when we want to fetch the Info about resource what were not created by terraform and are already created on Cloud, OS here you can use data keyword.

➡Make sure you give the Route 53 Zone name correctly otherwise it will give error.

➡Now it will fetch the data from AWS and we can create a Record Set Now :

➡So we use aws_route53_record recourse. The Zone ID is fetched from Above resource block, the subdomain name is lb so it will become lb.traveler.ga after it will get created

➡A Canonical Name or CNAME record is a type of DNS record that maps an alias name to a true or canonical domain name. CNAME records are typically used to map a subdomain such as www or mail to the domain hosting that subdomain’s content.

➡& Now give the DNS name correctly correctly in the records. go back to Git bash and run the terraform Commands.

➡Let’s check if its working fine on Web Browser :

➡Damn ! Now Let’s make this Website Secure using SSL connection. for this we will use ACM.

➡ AWS Certificate Manager is a service that lets you easily provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services and your internal connected resources.

➡We will use Terraform to request the SSL Certificate :

— — — — — — — — — — — — — — — — — — — — — — — —

✅ Request & Validate SSL Certificate using Terraform :

🟩Let’s Break it Down into Small Parts :

🔰 The resource is aws _acm_certificate, specify the Domain name for which you want to request the Certificate. the subject_alternative_names means for all the sub domain names this certificate will be applicable, The validation method is DNS.

🔰 We are using DNS method for validation, & we have our Domain name in Route53 service. so again we will have to fetch the data from AWS :

🔰 Now we’ll have the Hosted Zone Info.

🔰 Next we create a Record, this record will Contain the necessary Information that ACM service will use to validate and approve the Certificate. the syntax below that is taken from the Official Terraform Documentation. Just make sure that the aws_acm_certificate name in for loop and the zone_id at the very last are specified correctly and there’re relevant to the resources present on AWS.

🔰 Lastly when the record will be created, use the validation resource to validate the info, again the syntax is taken from official Documentation and give the ARN name correctly. Get Back to Git Bash and Run the Commands :

🔰Now 4 resources are added, go to the route 53 server and check if you get a new record set.

🔰 There we have it, Now we need to associate this with the Load balancer, so go to the EC2 dashboard and select load balancer on the left side menu.

— — — — — — — — — — — — — — — — — — — — — — — —

✅ Associate the SSL Certificate with the Load Balancer :

🔹 Edit the Listener.

🔹 Change the port 80 to 443 i.e. HTTP to HTTPS and we’ve already exposed port 443 in the Security Group.

🔹Scroll all the way up and below you’ll see From ACM option, there select the certificate which we just created. and click on save changes :

🔹 Now on the browser, use https:// protocol before the domain name and hit enter.

🔹 And we have a Secured Website, As you can see the certificate is issued by Amazon & issued to our Domain Name.

— — — — — — — — — — — — — — — — — — — — — — — —

🔰 So From the Above Article we learnt how to use terraform Automation to Host a Secured Website on AWS cloud. If you Find This Interesting then Do Follow & Connect 😄.

THANK YOU !!

— — — — — — — — — — — — — — — — — — — — — — — —