Automating Software Distribution Using Terraform, GitHub and AWS

Charles Woodruff
4 min readDec 14, 2020

In the tech industry, change is the only constant. Software updates and bug fixes need to be easy to apply. Implementation needs to occur at the push of a button, and it needs to be reliable, swift and repeatable. This is accomplished using automation.

Automation is King.

There are many tools that meet those requirements. One of those tools is Terraform, which is used to deploy and manage cloud infrastructure as well as ensure it remains configured as expected.

GitHub is an online collaboration and version control environment that allows many people to work on the same set of files. All changes are tracked, making it easy to watch the progression of work efforts.

This article explains how both Terraform and GitHub work together to add infrastructure to the AWS public cloud and then automatically install software to the newly created cloud elements.

Let’s take a look at how Terraform works with AWS.

First, the provider is defined. This lets Terraform know which Cloud provider to use and where to create resources. In this case, the cloud provider is AWS, and cloud resources are created in Ohio (us-east-2).

The provider block shown above is a simple construct, as many other requirements can be passed to Terraform, including environmental variables, credentials, additional configuration data and service metadata.

A concise list of what can be used with the AWS Provider plugin can be found here.

A list of all supported Terraform providers can be found here.

Next, a Security Group is defined.

Security Groups are the Guardians of the computer instance, specifying what traffic can access the instance. In this case, Terraform declares the security group called “webserver_sg” that allows internet traffic (noted as to communicate over ports 22 and 80, using TCP.

In the next section, the compute instance is defined.

The Amazon Machine Image (AMI) for a Linux operating system is declared along with the size of the compute instance (t2.micro), the key used to access the operating system (terraform.pem) and a variable that ensures the previously created “webserver_sg” security group is assigned to the compute instance.

Normally, it is a better practice to create a “Golden Image”, an AMI template created from an existing compute instance that has all software and related configurations in place already. This saves time when spinning up new instances. For the sake of this article, however, Terraform is used to show how additional software is installed after a compute instance is created.

A “remote-exec” provisioner runs a single command or a sequence of instructions that run on a remote compute instance. In this example, the provisioner updates the operating system, installs Git and Apache, changes to the /var/www/html directory, pulls files from GitHub and does a recursive copy of the files that compose a sample web site.

In order for the “remote-exec” provisioner to access the server, it needs credentials (user and private key) and a connection method to use (ssh). Both of these are found in the “connection” section below.

The output section was added in order to capture the Public IP address of the compute instance, which is needed in order to display the web page.

Below is the complete Terraform file.

Now let’s execute the code.

First, run “terraform init” to initialize the working directory.

Next, run “terraform apply” to create the compute instance, install software and pull files from GitHub.

Below is part of Terraform’s output.

The “Outputs” section shows the ip address assigned to the compute instance.

Open a web browser, and enter in that ip address.

The sample web site successfully displays.

Now that the deployment has been verified it can be removed from the Cloud.

This is done using “terraform destroy -auto-approve”.

This is just one example of how easy it is to connect tools to automate the creation and removal of Cloud infrastructure and install software. There are many other tools that can be added to this work flow like Docker, TravisCI, Jenkins, Kubernetes and Ansible, to name a few.

Simply pick the tools best suited for the job, and design a flow that meets your project needs.