4 min read

Terraform: NetBox IPAM on AWS

This Terraform project launches NetBox onto a t2.micro Ubuntu 18.04 LTS instance after several minutes of downloading dependencies and instantiating/populating the database/Redis cache.
Terraform: NetBox IPAM on AWS

I have been spending the last several years learning "DevOps" or "Cloud/Git Ops" because that is where the entire industry is headed. Despite the fact I have been doing tech (we will start from my first install of Linux) for about twenty years, I never really was much of a coder/scripter/developer - so having to learn how to use an IDE and all of the particulars of 'cloud native' tools was incredibly foreign to me.

Thankfully, I have some very patient tutors and kept up with it to the best of my ability - and now I finally have a project that is actually worth sharing with the world: a Terraform project that instantiates an Ubuntu instance and uses Docker to install the popular NetBox IPAM/DCIM (Internet Protocol Address Manager / Datacenter Infrastructure Management) which serves as a single 'point of truth' for production infrastructure.

This repository is intended to allow for installing the popular NetBox DCIM/IPAM on an AWS EC2 instance via Terraform. - phillhocking/netbox-aws

I had a lot of help (well it would be more fair to just say he basically did all the heavy lifting for me) from my friend Brandon who has agreed to volunteer his valuable time to help me with many of our projects at the agency which require enterprise-scale expertise that I do not possess. We had abandoned this particular project as it was dependent upon another project to actually implement - but I wanted to use it as an example to show a couple of my other nerdy friends (hey Chris and Geoffrey!) how cool Terraform is, so I went to this old project and ran it - only to find it was broken somehow. My cool demo turned into me trying to figure out why the damn thing was broken, and it turns out that even though I had pinned the branch git was pulling from - the developers changed it downstream as part of bundling for a new release.

I spent a couple hours figuring out what was going on and tracked the issue to changes being made to the docker-compose setup after hopping on a Slack channel with the project maintainers. After I worked out my particular issue, I figured that I could clean stuff up a little bit, remove some extraneous stuff, and actually publish a repo that might be of use to someone else at a later date.

Here is what as of today's date constitutes the entire project however you really should look at/clone the repo as the .gitignore and the plain shell script to do the same thing for testing if you ever get stuck with cloud-init formatting nonsense when refactoring for later on is all in there:

The variables are the first thing that needs to be instantiated in the Terraform workspace; they mostly are self explanatory - IAM key/secret, CIDR block for management bastion/network, and the name of the SSH key you already have provisioned in the AWS console for the instances. You can choose your own region as well if you prefer, but I have it defaulted to the one which I use most frequently.

A little note here about Terraform - many people prefer the CLI version of the tool, but personally, I prefer Terraform Cloud because you can set up Git workflows for Continuous Delivery. It is free for up to five users, and then you get bumped up to a paid subscription of which I am not sure of the pricing. What I enjoy about Terraform Cloud is that it is not only able to have workflows and approvals, but also saves your state in the cloud which is just 'one less thing to worry about' as having to keep track of manual state files with multiple developers can be a real pain.

This code launches NetBox onto a t2.micro Ubuntu 18.04 LTS instance after several minutes of downloading dependencies and instantiating/populating the database/Redis cache. This sits out on the world naked on HTTP port 80, so really in a production setting we would have this on a private VPC (Virtual Private Cloud) with NACL (Network Access Control List) and Security Groups (fancy AWS term for firewall rulesets) and serve requests via an ALB (Application Load Balancer) over HTTPS, but that is beyond the scope of this writeup.

It feels pretty good to actually have a project out there that works, should remain working for the foreseeable future (as all the versions are pinned), and hopefully is easy to refactor for new releases of Ubuntu/netbox-docker. My next step is going to be deploying this into a private VPC and serving up content over HTTPS!

Please drop me a line on social or phillhocking@gmail.com if there are any issues, questions, complaints, or compliments!