OpenSec Atlas

aws-ec2-ha-cluster: An Open Source Template for Cloud Security | OpenSec Atlas

Cloud Security

Template

aws-ec2-ha-cluster

AWS EC2 HA Cluster is a Terraform template for provisioning a high-availability EC2 cluster with Auto Scaling Groups and an Application Load Balancer.

View on GitHub

About This Tool

EC2 running Auto Scaling Groups with Application Load Balancer

Primary Use Case

This tool is primarily used for deploying a highly available EC2 cluster in AWS, making it suitable for developers and system administrators looking to ensure uptime and scalability of their applications. It automates the creation of infrastructure components and handles encryption for security.

Key Features

Provisioning of high-availability EC2 clusters
Integration with Auto Scaling Groups
Application Load Balancer setup
AMI creation with encryption
Terraform-based infrastructure management
Support for KMS permissions management

Insights & Recommendations

Ensure that you have the necessary AWS permissions and IAM roles configured for KMS and Auto Scaling operations.

Installation

Create a temporary key pair using 'ssh-keygen -f ./tmp_rsa'
Initialize Terraform in the 'ami' directory with 'terraform -chdir="ami" init'
Apply the Terraform configuration in the 'ami' directory with 'terraform -chdir="ami" apply -auto-approve'
Create the AMI and encrypted snapshots as per the commands provided in the README
Create the 'cluster/.auto.tfvars' file with the appropriate AMI ID and KMS key ARN
Initialize Terraform in the 'cluster' directory with 'terraform -chdir="cluster" init'
Apply the Terraform configuration in the 'cluster' directory with 'terraform -chdir="cluster" apply -auto-approve'
Clean up resources using 'terraform -chdir="cluster" destroy -auto-approve' and 'terraform -chdir="ami" destroy -auto-approve'

Usage

ssh-keygen -f ./tmp_rsa

Creates a temporary key pair for SSH access.

terraform -chdir="ami" init

Initializes Terraform in the 'ami' directory.

terraform -chdir="ami" apply -auto-approve

Applies the Terraform configuration to create the base infrastructure.

aws ec2 create-snapshot --volume-id 'vol-0123456789abcdef' --description 'Unencrypted'

Creates an unencrypted snapshot of a specified volume.

aws ec2 copy-snapshot --source-region 'sa-east-1' --source-snapshot-id 'snap-0123456789abcdef' --encrypted

Copies a snapshot and encrypts it.

aws ec2 register-image --name "ec2ha-encrypted" --region='us-east-2' --description "AMI_from_snapshot_EBS"

Registers an AMI from the encrypted snapshot.

terraform -chdir="cluster" init

Initializes Terraform in the 'cluster' directory.

terraform -chdir="cluster" apply -auto-approve

Applies the Terraform configuration to create the EC2 cluster.

curl http://ec2ha-lb-0123456789.sa-east-1.elb.amazonaws.com

Accesses the Apache server using the load balancer URL.

terraform -chdir="cluster" destroy -auto-approve

Destroys the resources created in the 'cluster' directory.

Smart Usage Notes

Integrate with AWS CloudTrail for enhanced logging and monitoring.Utilize AWS Config to continuously monitor and evaluate the configurations of AWS resources.Implement automated remediation scripts to address configuration drift.Combine with a CI/CD pipeline to ensure security is built into the development lifecycle.Leverage AWS Lambda for serverless automation of security checks and responses.