Deploy development virtual machines on AWS

This page details the Terraform configuration required for deploying development virtual machines (VMs) on AWS with multiple operating system options and automated Netprobe deployment. This environment creates development VMs on AWS with:

Template files Copied

The environment contains the following Terraform configuration files:

Prerequisites Copied

  1. Terraform version 1.0 or higher installed

  2. AWS CLI version 2.0 or higher installed

  3. AWS authentication configured

    Select one method:

    # Method 1: Default profile
aws configure

# Method 2: Named profile  
aws configure --profile my-profile

# Method 3: Environment variables
export AWS_ACCESS_KEY_ID="your-access-key"
export AWS_SECRET_ACCESS_KEY="your-secret-key"
export AWS_DEFAULT_REGION="us-east-1"

  4. SSH key pair for instance access (choose one method)

    • Import an existing public key to AWS:

      # Generate SSH key pair if you don't already have one
ssh-keygen -t rsa -b 4096 -f ../../../../../resources/id_rsa

# Import the public key as an EC2 key pair
aws ec2 import-key-pair --key-name my-key --public-key-material fileb://../../../../../resources/id_rsa.pub

    • Or create an AWS-managed key pair and download the private key:

      aws ec2 create-key-pair --key-name my-key --query 'KeyMaterial' --output text > my-key.pem
chmod 400 my-key.pem

  5. IAM permissions, where the user or role must have:

    • EC2 full access
    • VPC full access
    • IAM PassRole permission (if using roles)

Authentication overview Copied

This deployment requires two types of authentication:

  1. Terraform authentication (infrastructure creation) to allow Terraform to create virtual machines, networks, and cloud resources. For AWS, you need to configure the AWS CLI profiles or environment variables. Select only one method:

    • Default AWS CLI profile — makes use of the default AWS CLI profile configured on your system.

      aws_region = "us-east-1"
key_name = "your-key-pair-name"

    • Specific AWS CLI profile — makes use of a named AWS CLI profile.

      aws_region = "us-east-1"
aws_profile = "my-profile"
key_name = "your-key-pair-name"

    • Assume IAM role — assumes a specific IAM role for deployment.

      aws_region = "us-east-1"
assume_role_arn = "arn:aws:iam::123456789012:role/TerraformRole"
assume_role_session_name = "terraform-deployment"
key_name = "your-key-pair-name"

  2. Application authentication (cloud storage access) to allow applications running on virtual machines to download the deployment resources from the respective cloud storage. This is configured in the netprobe.yml file for each environment. Refer to AWS authentication for detailed authentication configuration.

Deployment setup Copied

  1. Copy the example configuration.

    # For Ubuntu 22.04 (default)
cp terraform.tfvars.example terraform.tfvars

# For Ubuntu 24.04
cp terraform.tfvars.ubuntu24.example terraform.tfvars

# For RHEL 8
cp terraform.tfvars.rhel8.example terraform.tfvars

# For RHEL 9
cp terraform.tfvars.rhel9.example terraform.tfvars

  2. Update the terraform.tfvars configuration file with your AWS settings.

    nano terraform.tfvars

  3. Deploy the infrastructure.

    terraform init
terraform plan
terraform apply

Configuration files Copied

Select the appropriate configuration file for your operating system:

Operating system Configuration file
Ubuntu 22.04 LTS (default) terraform.tfvars.example
Ubuntu 24.04 LTS terraform.tfvars.ubuntu24.example
RHEL 8 terraform.tfvars.rhel8.example
RHEL 9 terraform.tfvars.rhel9.example

In the selected configuration file, configure the parameters outlined below.

AWS account configuration Copied

Parameter Description Default Required
aws_region AWS region for deployment “us-east-1” Yes
aws_profile AWS CLI profile to use null No

EC2 instance configuration Copied

Parameter Description Default Required
aws_instance_profile IAM instance profile name to attach to EC2 instances null Yes

You must create the instance profile before running Terraform. This instance profile will be attached to the VM instances during creation. To create an instance profile:

# Create the IAM role for EC2 instances
aws iam create-role \
   --role-name dev-instance-role \
   --assume-role-policy-document file://trust-policy.json

# Create the instance profile
aws iam create-instance-profile \
   --instance-profile-name dev-instance-profile

# Add role to instance profile
aws iam add-role-to-instance-profile \
   --instance-profile-name dev-instance-profile \
   --role-name dev-instance-role

Deployment configuration Copied

Parameter Description Default Required
deployment_count Number of identical VM deployments to create 1 Yes
tags Resource tags to assign to all created resources {} No

Network configuration Copied

Parameter Description Default Required
subnet_id Subnet ID for deployment "" - uses default VPC’s first subnet Yes
security_group_ids Security group IDs [] - creates default security group Yes

Virtual machine configuration Copied

Virtual machine configurations are based on the Netprobe system requirements. The default instance type follows the ITRS AWS AMI specifications.

Parameter Description Default Required
vm_name Base name for EC2 instances “vm-template” Yes
vm_type EC2 instance type “t3.large” Yes
operating_system OS to use: “ubuntu22”, “ubuntu24”, “rhel7”, “rhel8”, “rhel9” “ubuntu22” Yes
ami_name_filter AMI name filter pattern varies by OS Yes
ami_owners List of AMI owner IDs [“099720109477”] Yes
architecture AMI architecture “x86_64” Yes

SSH access configuration Copied

Parameter Description Default Required
ssh_public_key AWS EC2 key pair name for SSH access “id_rsa” Yes
ssh_user SSH username for VM access “ubuntu” Yes

Ansible deployment configuration Copied

Parameter Description Default Required
ansible_playbook_path Path to Ansible playbook “../../../../ansible/netprobe.yml” Yes
ansible_operation Deployment operation “install” Yes
additional_args Additional Ansible playbook arguments "" - Use -vvv for verbose output No

Terraform commands Copied

Run the following Terraform commands to deploy the infrastructure.

Command Command
Initialize Terraform 
terraform init
Plan the deployment 
terraform plan -var-file="terraform.tfvars"
Apply the deployment 
terraform apply -var-file="terraform.tfvars"
Show the deployment options 
terraform output
Destroy the deployment 
terraform destroy -var-file="terraform.tfvars"

Resources created Copied

The following AWS infrastructure resources and outputs will be created:

Resource Description
EC2 instance Selected OS version with automatic AMI detection
Ansible deployment Automated Netprobe service installation

Outputs Copied

The following outputs will be available after deployment:

Output Description
Instance_IP Public IP address of the EC2 instance
Instance_DNS Public DNS name of the EC2 instance
AMI_ID AMI ID automatically detected for the selected operating system
Operating_System Operating system version selected
Default_User Default SSH user for the operating system
AWS_Region AWS region where the instance is deployed
deployment_summary Summary of all deployed resources

Ansible integration Copied

Ansible playbooks are automatically executed after the creation of the virtual machine. These are used to:

Troubleshooting Copied

You can run the given commands if you encounter the following issues:

Issue type Command
Authentication issues 
# Check current AWS identity
aws sts get-caller-identity

# Check AWS CLI configuration
aws configure list

# Test specific profile
aws sts get
Instance issues 
# Check instance status via AWS CLI
aws ec2 describe-instances --instance-ids <instance-id>

# Check via Terraform
terraform show

# View Terraform state
terraform state list
AMI detection issues 
# Check available Ubuntu AMIs
aws ec2 describe-images --owners 099720109477 \
  --filters "Name=name,Values=ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*"

# Check available RHEL AMIs
aws ec2 describe-images --owners 309956199498 \
  --filters "Name=name,Values=RHEL-9*"
SSH connection issues 
# Check security group rules
aws ec2 describe-security-groups --group-ids <security-group-id>

# Verify key pair exists
aws ec2 describe-key-pairs --key-names <key-name>

# Test SSH connection
ssh -i /path/to/key.pem ubuntu@<instance-ip>
Ansible deployment issues 
# Check Ansible logs in Terraform output
terraform apply -auto-approve

# Manual Ansible execution
ansible-playbook -i <instance-ip>, ../../../../ansible/netprobe.yml \
  --private-key ../../../../../resources/id_rsa \
  --user ubuntu \
  --extra-vars "operation=install"

Netprobe configuration Copied

The netprobe.yml file contains Ansible configuration for Netprobe deployment. For general configuration structure and available parameters, refer to Ansible configuration.

Update the following environment-specific settings in netprobe.yml file for your AWS development environment:

SSH configuration Copied 

# SSH connection configuration (required)
ansible_ssh_private_key_file: "../../../../../resources/id_rsa"
ansible_ssh_common_args: "-o ControlMaster=no -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"

Bootstrap configuration Copied 

# Set to false for dev environments (minimal bootstrap)
perform_bootstrap: false

# AWS-specific bootstrap if perform_bootstrap is true
additional_bootstrap: ""

Cloud provider configuration Copied

For AWS S3 authentication configuration (downloading deployment resources), see authentication overview.

resources:
  source:
    aws:
      # Authentication configuration varies by method
  container: geneos  # S3 bucket name
  # Resource paths
  path: netprobe.tar.gz
  setupfile:
    path: netprobe.setup_template.xml

Gateway connection Copied 

env_vars:
  # Gateway information (configure for your setup)
  GATEWAY_HOST: "0.0.0.0"
  GATEWAY_PORT: "7039"

Netprobe connection Copied 

env_vars:
  # Netprobe information
  SERVICE_PARAM: "-port 7036 -setup {{ workspace_dir }}/{{ resources.setupfile.path | basename }}"
["Geneos"] ["Geneos > Netprobe"] ["User Guide"]

Was this topic helpful?