#100DaysOfAzureSecurity Posts Notes Talks Tags Categories About

Learning Terraform

Terraform is:

  • Declarative : define all the required resources - like a blueprint. Running the terraform module will create required resources and running the same module again will not create another set of resources but ensure that the required resources exist.

  • Pluggable by design : it is modularized. Has a good community whose modules can be used.

  • DevOps First : Can easily create a similar stack for multiple environments. Eg: Dev, Test, Intg, etc

  • Terraform has expamded is role to support not only IaaS but also Saas and PaaS.

  • Few commands:

    • terraform plan - Compares the desired state with what actually exists
    • terraform apply - Creates the required resources

  • Terraform is infra provisioning tool. Allows to store cloud infra set up as code

  • Supports multiple cloud providers

  • To use AWS:

    1
2
3
4

    provider "aws" {
  version = "~> 2.0"
  region = "us-east-1"
}

  • Commands:

    • terraform init - Initializes and downloads the required plugins for providers mentioned in .tf file
    • terraform destroy - Destroys the setup that terraform created

Terraform Course - Automate your AWS cloud infrastructure

  • VSCode extension: Terraform

Terraform Overview:

  • The filename of terraform can be anything
  • Version in the provider is optional
  • Commands:
    • terraform init
    • terraform plan
    • terraform apply

Simple module to spin up an EC2 instance in us-east-1 region:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13

provider "aws" {
  region = "us-east-1"
  access_key = "XXXXXXXXXXXXXXXXXXXX"
  secret_key = "YYYYYYYYYYYYYYYYYYYY"
}

resource "aws_instance" "first-server-name" {
  ami = "ami-09876543210"
  instance_type = "t2.micro"
  tags = {
    Name = "ubuntu"
  }
}

Modifying Resources:

You can add / modify existing resources in the same module and run terraform apply. It will change the resource.

Delete Resources:

terraform destroy - This destroys all resources. To destroy single resource, the resource can be commented out or deleted from code and then execute terraform apply.

Reference Resources:

  • Every resource has an id property that we can reference
  • Order of declarating the resources doesnt matter. The resource that uses reference (eg. AWS VPN subnet) can be declared way before the block which creates the referenced resource (eg. AWS VPC).
  • terraform apply --auto-approve : Creates the resource without the interruption to get user’s consent to apply changes

Simple module to create a VPC and then add a VPC subnet

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20

provider "aws" {
  region = "us-east-1"
  access_key = "XXXXXXXXXXXXXXXXXXXX"
  secret_key = "YYYYYYYYYYYYYYYYYYYY"
}

resource "aws_vpc" "first-vpc" {
  cidr_block = "10.0.0.0/16"
  tags = {
    Name = "production"
  }
}

resource "aws_subnet" "subnet-1" {
  vpc_id = aws_vpc.first-vpc.id
  cidr_block = "10.0.1.0/24"
  tags = {
    Name = "prod-subnet"
  }
}

Terraform files:

  • .terraform/ folder gets created when doing terraform init
  • terraform.tfstate - File that stores the state of the resources created using terraform. Changing the contents of the file will break the terraform stuff.

Practice Project:

1
2
3
4
5
6
7
8
9

1. Create vpc
2. Create Internet Gateway
3. Create Custom Route Table
4. Create Subnet
5. Associate subnet with route table
6. Create security group to allow port 22,80,443
7. Create a network interface with an ip in the subnet that was created in step 4
8. Assign an elastic IP to the network interface created in step 7
9. Create Ubuntu server and install/enable apache2
  • Do not install terraform using Snap package manager
    • It is not maintained by Hashicorp. By an independent publisher called Nathan Handler
    • Its not the latest version of terraform
    • Trying to access the AWS credentials stored by AWS Cli config is not possible from the terraform