Microservices Architecture on AWS

This is the working github repository for the "Learning Live with AWS & HashiCorp" series. We'll discuss the foundations of a microservices architecture, the problem space it solves, where service mesh fits into all of this, and then begin from scratch - setting up a Terraform project, creating a Virtual Private Cloud (VPC), and explaining all of the concepts along the way.

This repo will be updated after each episode!

This repo is split into branches, each representing a part in the series:

• Part 1 - Setting up the Terraform project and creating a VPC
• Part 2 - Creating your first containerized microservice on Amazon ECS with Terraform
• Part 3 - Extending your application with private microservices
• Part 4 - Introducing a Service Mesh with Consul
• Part 5 - Setting Up Your Service Mesh Servers
• Part 6 - Connecting Amazon ECS Services to Consul Servers
• Part-7 (this branch) - Collaboration and CI/CD on Amazon ECS with Terraform

The Architecture

Our first section of episodes will work towards building out the following architecture:

The second section of episodes will work towards refactoring the first section's architecture into using a Service Mesh.

Getting Started

Prerequisites

1. Have an AWS Account.

2. Install HashiCorp Terraform.

3. Have the AWS CLI Installed.

4. Create an AWS IAM User with Admin or Power User Permissions.

• this user will only be used locally

5. Configure the AWS CLI with the IAM User from Step 4.

• Terraform will read your credentials via the AWS CLI
• Other Authentication Methods with AWS and Terraform

Using this Code Locally

1. Clone this repo to an empty directory.

2. Run terraform plan to see what resources will be created.

3. Run terraform apply to create the infrastructure on AWS!

4. Open your Consul Server's Load Balancer (output as consul_server_endpoint).

5. Run bash scripts/post-apply.sh and follow the instructions OR open your terraform statefile and copy your Consul Bootstrap Token. Use this to Login to the Consul UI.

• It may take a few moments for all of the services to come on line.

6. Click on Services in the side navigation.

7. Select our "Client" service and then click on the Topology tab.

8. Find the red arrow lines between the client service and the fruits / vegetables services. Click on one of the red arrows to reveal a dialogue box that will ask if you'd like to create an intention. Click Create.

9. Navigate to your Client Application Load Balancer (output as client_alb_dns) to confirm that everything is working.

• It may take a few moments for the new intentions to be recognized.

10. Run terraform destroy when you're done to get rid of the infrastructure.

Using this Code with Terraform Cloud

Part-7 of this series, which the main git branch is tied to, sets up our infrastructure on Terraform Cloud instead of running things locally. You'll need to follow the below steps to get it up and running.

The below instructions point to generalized documentation and learn guides in the correct order. For exact instructions using this code base, please see Episode 7 of the series where we cover it.

1. Fork this Repository.

2. Signup for Terraform Cloud

3. Setup your Terraform Cloud Account

4. Connect Terraform Cloud to your AWS Account

5. Create a Workspace in Terraform Cloud

6. Connect Your Forked Repository to Terraform Cloud

7. Set All Required Variables specified in variables.tf

8. Trigger a Run to Plan and Apply Infrastructure

Managing the Consul Cluster with Terraform

As shown in Episode 7, we can also use Terraform to manage our live Consul Cluster deployed by this code.

The below instructions point to generalized documentation and learn guides in the correct order. For exact instructions using this code base, please see Episode 7 of the series where we cover it.

1. Fork the Consul Configuration Repo

2. Create a Workspace in Terraform Cloud

3. Connect Your Forked Repository to Terraform Cloud

4. Set All Required Variables specified in variables.tf

• tfc_organization is the name of your Terraform Cloud Organization
• tfc_workspace_tag is the tag you'd like to organize all of these related project under
• tfc_workspace should be the name of the workspace that deployed the consul cluster
• consul_token is the consul_bootstrap_token output from the workspace that deployed the consul cluster

5. Set the AWS Credentials as Variables in this Workspace

6. Trigger a Run to Plan and Apply Infrastructure

Guarding Your TFC Workspaces With HashiCorp Sentinel

We can also insert an addition step between the terraform plan and terraform apply phases that checks our code, plan, statefile, and run data using HashiCorp Sentinel.

The below instructions point to generalized documentation and learn guides in the correct order. For exact instructions using this code base, please see Episode 7 of the series where we cover it.

1. Fork the Sentinel Policy Repo

2. Head to Settings in your Terraform Cloud console

3. Click on Policy Sets in the side navigation bar

4. Click on Connect a new policy set in the Policy Sets screen

5. Follow the Connect a Policy Set step-by-step

6. Name the policy set whatever you'd like

7. Under the Workspaces area, select the specific workspaces you'd like this policy to guard.

8. Click Connect policy set

9. Optionally trigger a run in any of your workspaces to view the policy in action.

Questions? Suggestions? Comments?

Reach out to either Jenna Pederson or J. Cole Morrison. Also, feel free to leave any issues you run into on this Github Repo!