Implementation of a set of EC2 instances using Terraform and AWS Systems Manager configuration with Amazon Simple Notification Service for automated installation of security officers.
In this project based on a real-world scenario, I acted as DevSecOps Engineer, and I deployed a set of EC2 instances and infrastructure in an automated way using Terraform (infrastructure as code — IaC). Also, it was necessary to install a specific security agent on all these instances in an automated way.
Once I provisioned the infrastructure, AWS System Manager and its component Command Run were used to install the security agents in an automated way. I used the Amazon Simple Notification Service — SNS to send an email informing the whole process status.
Step-by-Step Guide:
- Terraform Setup
- Run the following commands to initialize Terraform, plan the deployment, and apply the configuration:
$ terraform init $ terraform plan $ terraform apply
2.1. IAM Role Creation
- Create an IAM role named SystemsManagerToSNS with the policy AmazonSNSFullAccess.
2.2. Notification Topic Creation
- Create an Amazon SNS Topic named DevOpsNotification.
2.3. Subscription Setup
- Create a subscription for the SNS Topic with an email address.
2.4. Systems Manager Quick Setup
- Run the Systems Manager Quick Setup
2.5. Configuration Validation
- Validate the configuration by checking the “Success” status.
2.6. Run Command Execution
- Execute the “Run Command” to deploy the security agent installation with the following details:
- Command Document: AWS-RunShellScript
- Enable SNS Notification with the following settings:
- IAM Role: SystemsManagertoSNS
- SNS Topic: <ARN>
- Events Notifications: All Events
- Change Notifications: Notify me on an instance basis.
