- Terraform
- Requirements
- Infrastructure as code (IaC)
- What is Terraform?
- Terraform vs. Chef, Puppet, etc.
- Installing Terraform - Windows
- Installing Terraform - Linux
- Create AWS IAM user
- Creating credentials file
- Git init & terraform init
- Format and validate the configuration
- Logging for Terraform
- Terraform apply
- Terraform plan
- Terraform state
- Terraform graph
- Terraform Resources
- Terraform Variables
- Terraform Provisioner
- Perform Dynamic Operations with Functions
- Query Data Sources
- Protect Sensitive Input Variables
- Manage Kubernetes Resources via Terraform
- Reuse Configuration with Modules
- Links
- Challenges & Workarounds
- AWS Account
- Git
- Basics in System administration and networking basics
terraform [command] -help
syntax for a command
- Introduction to Infrastructure as Code with Terraform
- Advantages of Infrastructure as code
- Easily Repeatable
- Easily Readable
- Operational certainty with "terraform plan"
- Standardized environment builds
- Quickly provisioned development environment
- Disaster Recovery
- Terraform is a tool for building, changing, and versioning infrastructure safely and efficiently. Terraform can manage existing and popular service providers as well as custom in-house solutions.
- Infrastructure management tool made by HashiCorp or open-source infrastructure as code software tool
- Provision, manage, and maintain cloud resources like servers, networking, storage.
- Terraform is for managing the base infrastructure Not a configuration Management System
- Terraform works with Docker, Kubernetes, Cloud.
- Terraform presently supports more than 70 providers.
Configuration management tools install and manage software on a machine that already exists. Terraform is not a configuration management tool, and it allows existing tooling to focus on their strengths: bootstrapping and initializing resources.
Terraform focuses on the higher-level abstraction of the datacenter and associated services, while allowing you to use configuration management tools on individual systems. It also aims to bring the same benefits of codification of your system configuration to infrastructure management.
If you are using traditional configuration management within your compute instances, you can use Terraform to configure bootstrapping software like cloud-init to activate your configuration management software on first system boot.
- Visit Terraform Download CLI > choose the operating system.
- Choose folder to download in
%USERPROFILE%\bin
create bin folder if not available - Extract the file into
%USERPROFILE%\bin
- Search for
Environment Variable
on your machine > clickEnvironment Variables...
on User variables for "your-user" highlightPath
clickNew
type into the field%USERPROFILE%\bin
clickOK
thenOK
thenOK
to exit Environment Variables. - Open a new PowerShell and type
terraform
to check if Terraform was inserted into your Path correctly.
Visit Install Terraform Documentation
wget https://releases.hashicorp.com/terraform/0.14.6/terraform_0.14.6_linux_amd64.zip
64-bit Terraform Download CLIunzip terraform_0.14.6_linux_amd64.zip
sudo mv terraform /bin
rm terraform_0.14.6_linux_amd64.zip
terraform --version
- Login to AWS Account
- Click
Users
on Dashboard thenAdd user
- Insert a username. Example
terraform
- Select AWS access type
Programmatic access
- Go next select
Attach existing policies directly
then checkAdministratorAccess
this is bad practice and should be avoided if you know what policies to assign your username to use terraform - Click Next and Review
- Download the .CSV file containing the credentials
- Open credential file from previous step and edit using vscode
- Delete the first line containing headings
- Delete username comma and password field
- Delete the website at the end
- Add
[default]
at the beginning of the file - Add before Access key ID
aws_access_key_id=
- Add before Secret access key
aws_secret_access_key=
- Save in
%USERPROFILE%\.aws\credentials
credentials file has no extension so make sure it don't have via the command line mv new_user_credentials.csv credentials
- Open GitBash and type command
mkdir ~/Desktop/terraform
cd ~/Desktop/terraform
then init git bygit init
- Create file first_code.tf by command
vim first_code.tf
- To change the default location of the credentials file use
shared_credentials_file = "credentials path"
beneathregion = "us-west-2"
infirst_code.tf
file - Add terraform to .gitignore (Important security measurement)
- .gitignore can be downloaded or forked from this repo
- Contains windows/linux/mac/terraform
- Create your own via Toptal
git add *
thengit commit -m "init commit and config file"
terraform init
git push
- The
terraform fmt
command automatically updates configurations in the current directory for easy readability and consistency. - Terraform will return the names of the files it formatted. In the case, your configuration file was already formatted correctly, Terraform won't return any file names.
- the built in
terraform validate
command will check and report errors within modules, attribute names, and value types.
Instructions for Windows & Linux
- Executing
terraform apply
will generate a plan and prompt to execute. terraform apply filename.plan
will apply without prompting yes/no assumes you have already revised the planterraform apply -auto-approve
generate plan, apply plan without prompting yes/no use at your own risk
- Will execute automatically if
terraform apply
executed - Plan will show each step that will be executed
- Will check the state between your configurations and real physical resources
- Use [option]
-out=filename.plan
to generate plan and save it to a file, otherwise the plan generated might not be the same when getting to apply stage. - To inspect the plan
terraform show filename.plan
cat filename.plan
don't work since it's a binary file
cat terraform.tfstate
this will show json information about the local state\ ** local state and remote state might be out of sync until terraform pull the state from the infrastructure **- The file may include sensitive information therefore, the need to make sure to include the
.tfstate
extension in.gitignore
file is necessary in order to disable git pushing to a public github - Below is a screenshot from Terraform Documentation
- Remote State is part of a feature on Terraform call
Backends
Read more about Backends here terraform state
has a two handy subcommandslist
that shows a list of resources andshow [resource]
shows a specific resource.terraform show
will dump all resources state.
-
Terraform builds a graph part of the plan and can be exported then rendered visually.
-
Visualizing DOT require a graph visualizer. Ex: http://webgraphviz.com
- Building blocks of Terraform
- Define the "what" of your infrastructure
- Different settings for every provider
- Find
Create an SSH key and a security group resource
- Perform Dynamic Operations with Functions Link
- SaaS vs PaaS vs IaaS: What’s The Difference & How To Choose
- Terraform deprecated the Chef Provisioner in the 0.13.4 release
- Terraform Cheat Sheet
- Ansible and HashiCorp: Better Together github used in video
- One-click environment creation with Terraform & Ansible in under 10'
If terraform validate
was successful and your apply still failed, you may be encountering a common error.
-
If you use a region other than
us-east-1
, you will also need to change yourami
, since AMI IDs are region specific. Choose an AMI ID specific to your region by following these instructions, and modify*.tf
with this ID. Then re-runterraform apply
. -
If you do not have a default VPC in your AWS account in the correct region, navigate to the AWS VPC Dashboard in the web UI, create a new VPC in your region, and associate a subnet and security group to that VPC. Then add the security group ID (
vpc_security_group_ids
) and subnet ID (subnet_id
) into youraws_instance
resource, and replace the values with the ones from your new security group and subnet.Save the changes to
*.tf
, and re-runterraform apply
. full article here