Infrastructure as Code and Secrets Management – Lesson 5

### Lesson 5 Overview
In this lesson we’ll destroy all the web server resource that we created in lesson 2
which will naturally also destroy the vault server that we configured in lesson 3.
Please make sure that the terraform destroy completes successfully before you leave this
lab or your will incur resource charges
 
### Lesson 5
 
  1. Run Terraform destroy from the provisioning host
 
* Go back to provisioning host (remember the IP address you wrote down in lesson 1?)
  • This processes usually takes about 10 minutes.
 
  • cd ~/iac_lab/terraform/
  • terraform destroy
 
* **WARNING**: Let the terraform destroy process finish completely before you move onto step 2
  • or you risk leaving orphaned resources in your AWS account that may cost you money!
 
  • * EXAMPLE OUTPUT
  • > aws_subnet.database_subnet[0]: Destruction complete after 0s <br>
  • > aws_subnet.database_subnet[1]: Destruction complete after 0s<br>
  • > aws_subnet.database_subnet[2]: Destruction complete after 0s<br>
  • > aws_vpc.vpc: Destroying… (ID: vpc-cbde16a3)<br>
  • > aws_vpc.vpc: Destruction complete after 0s<br>
  • ><br>
  • > Destroy complete! Resources: 75 destroyed.<br>
 
  1. Self destruct the provisioning host
 
  • * The following command run from an EC2 host with IAM admin privs will allow it to self destruct
  •  
  • export AWS_DEFAULT_REGION=`curl -s http://169.254.169.254/latest/meta-data/placement/availability-zone | sed -e ‘s:\([0-9][0-9]*\)[a-z]*\$:\\1:’`
  • curl -s http://169.254.169.254/latest/meta-data/instance-id | xargs -i aws ec2 terminate-instances –instance-ids {}
 
  • * EXAMPLE OUTPUT
  • > [ec2-user@ip-172-31-19-221 terraform]$ curl -s http://169.254.169.254/latest/meta-data/instance-id | xargs -i aws ec2 terminate-instances –instance-ids {}<br>
  • > ….<br>
  • > [ec2-user@ip-172-31-19-221 terraform]$ Connection to 18.217.76.173 closed by remote host.<br>
 
* good night folks!
 
## Lesson 5 Summary
 
In this lesson, we completed the following tasks:
 
  1. Ran terraform destroy to delete our AWS resources
  2. Ran a self destruct command to terminate our ec2 provisioning server
 
Things to try next
 
  1. Fork this project in github and use it as a template to manage all of your EC2 web
  • deployment so that each application in its own secure VPC
  1. Improve this project by implementing certificates and SSL communications between all resources
  2. Improve the high availability of the vault environment by adding a [Hashicorp Consul](https://www.consul.io/) cluster for storage
  3. Checkout hashicorp pro and enterprise products so that you don’t have to manage provisioning & vault servers!