A Throwaway EC2 Terraform Workstation

Series: [Disposable Cloud Workstation]

This is a culmination of posts that I’ve made up until this point.

Code for this post is here:

What I Wanted

I wanted to set up a throwaway server so that I could test and learn some new things, particularly devops. My requirements were:

  • Easy to start.
  • Easy to discard.
  • Easy SSH management.
  • Cheap to run.

So, I created the above repos to help me create that type of environment. Initially, I’m focused on Terraform, but will reorganize in the future so that I can do one-off tests without installing a bunch of software on my personal machines.

To create an EC2 instance and do an inital terraform apply, I locally run:

ansible-playbook terraform.yml --tags=create,install,deploy-infra

To do a terraform destroy and delete an EC2 instance, I locally run:

ansible-playbook terraform_teardown.yml --tags=destroy-infra,destroy

Features

The two repos above contain code that will:

  • Set up an EC2 instance with SSH keys and a security group.
  • Configure and update localhost (your local computer) with the SSH private key, ~/.ssh/config entry, and Ansible hosts entry.
  • Install some software (currently just vim).
  • Install a shutdown script that checks for an SSH connection that runs via cron. Will shutdown the instance after inactivity.
  • Install credentials to be used with the AWS CLI.
  • Install Terraform.
  • Copy a local project infrastructure path and terraform apply it.
  • Manage Terraform apply and destroy. This is mainly for convenience on creation and deletion of an instance.
  • Tear down Terraform infrastructure and delete the EC2 instance.

Future Improvements

Better shutdown

Currently, the connection will close based on the bash variable TMOUT in /etc/profile. This is to prevent the instance from running if I’m not using it. The session won’t close if I have a file open. I don’t know if I like this yet.

I’m trying this out since the disconnect-on-idle-ssh behavior was factored out of OpenSSH 8.

I may do this with AWS CloudWatch or another monitoring software.

Connect through AWS SSM

Right now, everything happens over SSH. This is fine, but using Session Manager would probably smooth some things out. For example, the instance will shutdown on inactivity. To “seamlessly” ssh into it again, I need to call the ec2 helper script to start it and put the new IP address in my ~/.ssh/config.

I might not do this, since I like that I can use this with other cloud providers.

Pull a Terraform config from git

This is next on the todo list. I may also save state with a 3rd party provider.

Bonus

I’m mostly a vim/tmux user, but I’ve been trying out VS Code. I found that there are some Microsoft extensions that will let you remote in from VS Code (Remote - SSH, Remote Explorer).

Since all the SSH config is automatic in the above setup, using VS Code remotely is a pretty seamless experience.

This is a post in the [Disposable Cloud Workstation] series.
Other posts in this series: