Prerequisites
- AWS CLI installed
- Terraform installed
- VS Code installed (text editor)
Set up Project
Create a folder in VS code
aws configure: your credentials
=in the terminal run aws configure
create key pair in aws and download on your system
Under EC2 > Key pairs > Create key pair
Download the key pair and copy it to the folder you will be working from
Create configuration files
terraform configuration
main.tf
locals { name = "monitoring-server" } resource "aws_instance" "poc" { ami = var.ami instance_type = var.instance_type key_name = var.key_id vpc_security_group_ids = [aws_security_group.allow_ssh.id] tags = { Name = local.name } } data "aws_vpcs" "default" {} resource "aws_security_group" "allow_ssh" { name = "allow_ssh" description = "Allow SSH inbound traffic" ingress { description = "SSH from anywhere" from_port = 22 to_port = 22 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] ipv6_cidr_blocks = ["::/0"] } tags = { Name = "poc_sg" } } variables.tf
variable "region" { type = string default = "eu-west-1" } variable "ami" { type = string default = "ami-0905a3c97561e0b69" } variable "instance_type" { type = string default = "t2.micro" } variable "aws_s3_bucket_terraform" { default = "my-poc-backend-bucket-test" } variable "key_id" { default = "poc-key" } remote stste
backend.tf
resource "aws_s3_bucket" "poc_bucket" { bucket = var.aws_s3_bucket_terraform } resource "aws_s3_bucket_server_side_encryption_configuration" "poc" { bucket = var.aws_s3_bucket_terraform rule { apply_server_side_encryption_by_default { kms_master_key_id = aws_kms_key.poc-bucket-key.arn sse_algorithm = "aws:kms" } } } resource "aws_kms_key" "poc-bucket-key" { description = "This key is used to encrypt bucket objects" deletion_window_in_days = 10 enable_key_rotation = true } resource "aws_kms_alias" "key-alias" { name = "alias/poc-bucket-key" target_key_id = aws_kms_key.poc-bucket-key.key_id } ==remeber to change the bucket name and bucket key name, more than one user cant use the same bucket name so choose personal bucket name of choice if not you ay get an error during bucket creation.
create the instance first, not the alarm
To create the instance
terraform init terraform fmt terraform plan terraform apply Run the commands individually and not at once.
==remember to explain what each one does
Once creation is complete, log in to your aws account to see the created instance.
Create Cloudwatch alarm
Copy the instance id fo your running instance on AWS. In your variable.tf, add the below section at the bottom of your configuration, replacing with your instance id of the just created instance
variable "instance_id" { default= "i-0842ca4d32c8861fa" } Now create a cloudwatch.tf file in your text editor and paste the below
resource "aws_cloudwatch_metric_alarm" "cpu_utilization_high" { alarm_name = "cpu-utilization-high" comparison_operator = "GreaterThanOrEqualToThreshold" evaluation_periods = 1 metric_name = "CPUUtilization" namespace = "AWS/EC2" period = 60 statistic = "Average" threshold = 80 alarm_description = "This metric triggers when CPU utilization exceeds 80%" alarm_actions = [aws_sns_topic.alarm.arn] dimensions = { InstanceId = var.instance_id } } resource "aws_sns_topic" "alarm" { name = "CloudWatch_Alarm_Topic" } resource "aws_sns_topic_subscription" "alarm_subscription" { topic_arn = aws_sns_topic.alarm.arn protocol = "email" endpoint = "kuberneteslinux@gmail.com" } Replace the endpoint with your preferred email address.
Create the alarm by running
terraform init terraform plan terraform apply Once the alarm and SNS topic have been created, you should immediately receive an email at the email address specified as your endpoint.
The email will ask for you to confirm your subscription.
Test the alarm
SSH into the created instance using your key pair
remember to first ste permissions on the key
chmod 400 "test.pem" then
ssh -i "test.pem" ubuntu@ec2-54-170-241-216.eu-west-1.compute.amazonaws.com change the key name to your key name
Once logged in,
sudo apt update sudo apt install stress Stress is a cli tool used to simulate load on= rewrite
Then, you generate load on the instance using the stress tool just installed.
stress --vm-bytes $(awk '/MemAvailable/{printf "%d\n", $2 * 0.8;}' < /proc/meminfo)k --vm-keep -m 1 This should cause the CPU utilization of your instance to exceed 80%, thus triggering the alarm.
The SNS topic will pick this up and send you an email notification about this.
Top comments (0)