{"id":20697629,"url":"https://github.com/epomatti/aws-ec2-ha-cluster","last_synced_at":"2026-04-13T08:31:50.946Z","repository":{"id":108711857,"uuid":"510911304","full_name":"epomatti/aws-ec2-ha-cluster","owner":"epomatti","description":"EC2 running Auto Scaling Groups with Application Load Balancer","archived":false,"fork":false,"pushed_at":"2023-09-24T13:18:05.000Z","size":152,"stargazers_count":0,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-08-03T10:12:03.666Z","etag":null,"topics":["auto-scaling-group","aws","aws-security","ec2","efs","terraform"],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/epomatti.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-07-05T22:24:19.000Z","updated_at":"2023-09-24T12:24:13.000Z","dependencies_parsed_at":null,"dependency_job_id":"ba3bcfb7-6bf5-4033-9314-dbd74a54e2f5","html_url":"https://github.com/epomatti/aws-ec2-ha-cluster","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/epomatti/aws-ec2-ha-cluster","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/epomatti%2Faws-ec2-ha-cluster","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/epomatti%2Faws-ec2-ha-cluster/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/epomatti%2Faws-ec2-ha-cluster/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/epomatti%2Faws-ec2-ha-cluster/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/epomatti","download_url":"https://codeload.github.com/epomatti/aws-ec2-ha-cluster/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/epomatti%2Faws-ec2-ha-cluster/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31746101,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-13T06:26:45.479Z","status":"ssl_error","status_checked_at":"2026-04-13T06:26:44.645Z","response_time":93,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["auto-scaling-group","aws","aws-security","ec2","efs","terraform"],"created_at":"2024-11-17T00:19:14.132Z","updated_at":"2026-04-13T08:31:50.921Z","avatar_url":"https://github.com/epomatti.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# AWS EC2 HA Cluster\n\nHigh-availability EC2 cluster provisioned with Terraform.\n\n\u003cimg src=\".diagrams/aws.drawio.png\" /\u003e\n\n## 1 - Create the base instance \u0026 infrastructure\n\nStart by creating a temporary key pair:\n\n```sh\nssh-keygen -f ./tmp_rsa\n```\n\nCreate the base infrastructure:\n\n```sh\nterraform -chdir=\"ami\" init\nterraform -chdir=\"ami\" apply -auto-approve\n```\n\nThe Apache instance should be available on port 80.\n\n\n## 2 - Create the AMI\n\nThis instance is not encrypted, so create an encrypted snapshot:\n\n```sh\n# List the volumes\naws ec2 describe-volumes\n\n# Create a snapshot\naws ec2 create-snapshot --volume-id 'vol-0123456789abcdef' --description 'Unencrypted' --tag-specifications 'ResourceType=snapshot,Tags=[{Key=Name,Value=Unencrypted}]'\n\n# Make an encrypted copy of a snapshot\naws ec2 copy-snapshot \\\n  --source-region 'sa-east-1' \\\n  --source-snapshot-id 'snap-0123456789abcdef' \\\n  --description 'Encrypted' \\\n  --encrypted \\\n  --kms-key-id '00000000-0000-0000-0000-000000000000'\n```\n\nNow. create the image from the snapshot:\n\n```sh\naws ec2 register-image \\\n\t--name \"ec2ha-encrypted\" \\\n\t--region='us-east-2' \\\n\t--description \"AMI_from_snapshot_EBS\" \\\n\t--architecture arm64 \\\n\t--virtualization-type hvm \\\n\t--block-device-mappings 'DeviceName=/dev/sda1,Ebs={SnapshotId=snap-00000000000000000}' \\\n\t--root-device-name \"/dev/sda1\"\n```\n\nThe image should now be available to be used for new launches.\n\nOptionally, creating an image directly from a running instance is possible:\n\n```sh\naws ec2 create-image \\\n  --instance-id i-1234567890abcdef0 \\\n  --name \"My server\" \\\n  --description \"An AMI for my server\"\n```\n\nCopy the AMI ID to use when creating the cluster.\n\n## 3 - EC2 launch without KMS permissions\n\nTo simulate the permission issue, login with the `ec2launcher` IAM user and launch an instance.\n\nThis user doesn't have KMS permissions, and the launch should fail due to that. Immediately after launching, the instance will go to `Shutting-down` state and terminate.\n\n💡 For the auto scaler, [special permissions][1] are required and implemented into the Terraform recipe.\n\n\n## 4 - Create the HA cluster\n\nCreate the `cluster/.auto.tfvars` file that points to the AMI:\n\n```terraform\nami_id      = \"ami-0123456789abcdef\"\nkms_key_arn = \"00000000\"\n```\n\nCreate the EC2 cluster:\n\n```sh\nterraform -chdir=\"cluster\" init\nterraform -chdir=\"cluster\" apply -auto-approve\n```\n\n💡 As explained earlier, [KMS permissions][1] are granted to the AWS account Autoscaling role to access the KMS-encrypted AMI.\n\nYou should now be able to access the Apache server using the balancer URL:\n\n```sh\ncurl http://ec2ha-lb-0123456789.sa-east-1.elb.amazonaws.com\n```\n\n---\n\n### Clean-up\n\nDestroy the resources:\n\n```sh\nterraform -chdir=\"cluster\" destroy -auto-approve\nterraform -chdir=\"ami\" destroy -auto-approve\n```\n\nDelete the volumes and images created.\n\n[1]: https://docs.aws.amazon.com/autoscaling/ec2/userguide/key-policy-requirements-EBS-encryption.html#policy-example-cmk-access\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fepomatti%2Faws-ec2-ha-cluster","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fepomatti%2Faws-ec2-ha-cluster","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fepomatti%2Faws-ec2-ha-cluster/lists"}