aws_playground

- experiments in aws with terraform
git clone git://git.acid.vegas/aws_playground.git
Log | Files | Refs | Archive | README

README.md (6266B)

      1 # AWS Playground
      2 
      3 Exploration and documentation of my experiments deploying Elasticsearch and the various facets of the ELK stack *(Elasticsearch, Logstash, and Kibana)* using the sophisticated amalgamation of Terraform and Amazon Web Services *(AWS)*.
      4 
      5 This narrative not only encapsulates the mechanistic aspects of automated deployments but also delves into the intricate challenges and nuances that such an integration presents.
      6 
      7 While not primed for production, it offers invaluable insights, underscoring my dedication to mastering cutting-edge technologies and showcasing my intellectual rigor in navigating complex cloud-based infrastructures.
      8 
      9 ## Getting Started
     10 1. Sign up an [AWS account](https://aws.amazon.com/)
     11 2. Create an [IAM User](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html)
     12   - Add the `AmazonEC2FullAccess` permission policy to a new group
     13 3. Create an [EC2 Key Pair](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html)
     14 4. Create an [EC2 Security Group](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html)
     15   - For IPv6, edit your VPC & add a IPv6 CDIR 
     16 5. Launch an [EC2 Instance](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EC2_GetStarted.html)
     17     - Select `debian`, on a `t2.micro`, using your keypair & security group created earlier
     18 
     19 ## AWS CLI
     20 ```shell
     21 sudo apt-get install -y awscli && aws configure
     22 ```
     23 
     24 **Note:** If you get errors about `ImportError: cannot import name 'DEFAULT_CIPHERS' from 'urllib3.util.ssl_'`: `python -m pip install requests "urllib3<2`
     25 
     26 ## Terraform
     27 ```shell
     28 sudo apt-get install -y gnupg software-properties-common
     29 wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor | sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg
     30 gpg --no-default-keyring --keyring /usr/share/keyrings/hashicorp-archive-keyring.gpg --fingerprint
     31 echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
     32 sudo apt-get update && sudo apt-get install -y terraform
     33 ```
     34 
     35 ## Elasticsearch
     36 ```shell
     37 sudo apt-get install -y gnupg apt-transport-https
     38 wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg
     39 echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-8.x.list
     40 sudo apt-get update && sudo apt-get install elasticsearch kibana logstash
     41 sudo certbot certonly --standalone --preferred-challenges http -d elastic.domain.org
     42 ```
     43 
     44 * Copy your certificates to `/etc/elasticsearch/certs`:
     45 ```shell
     46 mkdir -p /etc/elasticsearch/certs/
     47 sudo cp /etc/letsencrypt/live/elastic.domain.org/fullchain.pem /etc/elasticsearch/certs/fullchain.pem
     48 sudo cp /etc/letsencrypt/live/elastic.domain.org/privkey.pem   /etc/elasticsearch/certs/privkey.pem
     49 sudo chmod -R 777 /etc/elasticsearch/certs/
     50 ```
     51 
     52 * Edit your `/etc/elasticsearch/elasticsearch.yml` and change the follow options:
     53 ```yaml
     54 cluster.name: BeeHive
     55 node.name: gibson
     56 network.host: 0.0.0.0    
     57 bootstrap.memory_lock: true
     58 xpack.security.audit.enabled: true
     59 xpack.security.http.ssl:
     60   enabled: true
     61   key: /etc/elasticsearch/ssl/privkey.pem
     62   certificate: /etc/elasticsearch/ssl/fullchain.pem
     63 ```
     64 
     65 * System changes:
     66 ```shell
     67 sudo su  
     68 	ulimit -n 65535
     69 	ulimit -u 4096
     70 
     71 echo "elasticsearch  -  nofile  65535" > /etc/security/limits.conf
     72 mkdir -p /etc/systemd/system/elasticsearch.service.d/
     73 echo "[Service]\nLimitMEMLOCK=infinity" > /etc/systemd/system/elasticsearch.service.d/override.conf
     74 sudo swapoff -a
     75 sudo sysctl -w vm.swappiness=1         # Add these
     76 sudo sysctl -w vm.max_map_count=262144 # to /etc/systctl.conf
     77 sudo sysctl -w net.ipv4.tcp_retries2=5 # 
     78 ```
     79 
     80 * Set the password for Kibana:
     81 `./usr/share/elasticsearch/bin/elasticsearch-reset-password -u kibana_system`
     82 
     83 `./usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token --scope kibana # Save this for when we access Kibana the first time`
     84 
     85 `./usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node # enrollment token for a new node`
     86 
     87 ## Setup Kibana
     88 * Copy your certificates to `/etc/kibana/certs`:
     89 ```shell
     90 mkdir -p /etc/kibana/certs/
     91 sudo cp /etc/letsencrypt/live/elastic.domain.org/fullchain.pem /etc/kibana/certs/fullchain.pem
     92 sudo cp /etc/letsencrypt/live/elastic.domain.org/privkey.pem   /etc/kibana/certs/privkey.pem
     93 ```
     94 
     95 * Edit your `/etc/kibana/kibana.yml` and change the follow options:
     96 ```yaml
     97 server.host: "0.0.0.0"
     98 server.publicBaseUrl: "https://elastic.domain.org"
     99 server.ssl.enabled: true 
    100 server.ssl.certificate: /etc/kibana/certs/fullchain.pem
    101 server.ssl.key: /etc/kibana/certs/privkey.pem
    102 elasticsearch.hosts: ["https://elastic.domain.org:9200"]
    103 elasticsearch.username: "kibana_system"
    104 elasticsearch.password: "changeme" # Use the password from the reset command we did earlier
    105 ```
    106 
    107 ## Setup Logstash
    108 * Copy your certificates to `/etc/logstash/certs`:
    109 ```shell
    110 mkdir -p /etc/logstash/certs/
    111 sudo cp /etc/letsencrypt/live/elastic.domain.org/fullchain.pem /etc/logstash/certs/cacert.pem
    112 ```
    113 
    114 * Edit your `/etc/logstash/logstash.yml` and change the follow options:
    115 ```yaml
    116 input {
    117   beats {
    118     port => 5044
    119   }
    120 }
    121 output {
    122   elasticsearch {
    123     hosts => ["https://elastic.domain.org:9200"]
    124     index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
    125     user => "elastic"
    126     password => "changeme"
    127     cacert => "/etc/logstash/cacert.pem"
    128   }
    129 }
    130 ```
    131 
    132 * `logstash-plugin install logstash-input-irc`
    133 
    134 ## Start the ELK stack:
    135 ```shell
    136 sudo systemctl daemon-reload
    137 sudo systemctl enable elasticsearch.service && sudo systemctl start elasticsearch.service
    138 sudo systemctl enable kibana.service        && sudo systemctl start kibana.service
    139 sudo systemctl enable logstash.service      && sudo systemctl start logstash.service
    140 ```
    141 
    142 ___
    143 
    144 ###### Mirrors for this repository: [acid.vegas](https://git.acid.vegas/aws_playground) • [SuperNETs](https://git.supernets.org/acidvegas/aws_playground) • [GitHub](https://github.com/acidvegas/aws_playground) • [GitLab](https://gitlab.com/acidvegas/aws_playground) • [Codeberg](https://codeberg.org/acidvegas/aws_playground)