This repository is deprecated. Please check out hknews.
Automates HK News server provisioning and configurations. Made with ❤
- Use Terraform to provision AWS EC2 instances
- Use Ansible to setup application server, database, SSL certificate and system monitoring tools
You will need Terraform and Ansible to run the scripts in this repository.
Follow the official documentation to install Terraform.
Follow the official documentation to install Ansible.
You will need the following policies attached to the AWS user account used to run the scripts:
- AmazonEC2FullAccess
- AmazonVPCFullAccess
- CloudWatchActionsEC2Access
You will need AWS Access Key and Secret Key to manage resources of your AWS account.
- Create an IAM group with the required permissions described above
- Create an IAM user for programmatic access
- Follow the instruction to get your Access Key and Secret Key
- Export the keys as environment variables:
export TF_VAR_access_key=abc123 export TF_VAR_secret_key=xyz789
You will need a key pair for connecting the newly provisioned instance using SSH. Currently Terraform does not support creating key pairs so you have to supply your own.
- Follow AWS documentation to create your key pair
- Save your private key to
~/.ssh/hknews.pem
(or as specified in variables.tf) - Save your public key to
~/.ssh/hknews.pub
(or as specified in variables.tf) - Change the variables defined in variables.tf and playbook.yml to fit your needs
The SSH certificate password is encrypted by Ansible Vault. You will need to specify a Vault password file in order to decrypt the password during the Ansible automation process. The file path is defined in Let's Encrypt role.
We prefer to use an external DNS provider instead of AWS Route53 to manage the server public domain.
The Elastic public IPv4 address of the EC2 instance created will be printed out in your console during the Terraform automation process. You are expected to configure your DNS to resolve the domain name to this IP address. Let's Encrypt role will wait for at most 30 minutes for this.
- Go to terraform directory
cd terraform
- Initialize Terraform backend and plugins
terraform init
- Plan for the changes
terraform plan -out main
- If the potential changes look fine, apply them
terraform apply main