- Terraform
- Requirements
- Infrastructure as code (IaC)
- What is Terraform?
- Terraform vs. Chef, Puppet, etc.
- Installing Terraform - Windows
- Installing Terraform - Linux
- Create AWS IAM user
- Creating credentials file
- Git init & terraform init
- Format and validate the configuration
- Logging for Terraform
- Terraform apply
- Terraform plan
- Terraform state
- Terraform graph
- Terraform Resources
- Terraform Variables
- Terraform Provisioner
- Perform Dynamic Operations with Functions
- Query Data Sources
- Protect Sensitive Input Variables
- Manage Kubernetes Resources via Terraform
- Reuse Configuration with Modules
- Links
- Challenges & Workarounds
- AWS Account
- Git
- Basics in System administration and networking basics
terraform [command] -helpsyntax for a command
- Introduction to Infrastructure as Code with Terraform
- Advantages of Infrastructure as code
- Easily Repeatable
- Easily Readable
- Operational certainty with "terraform plan"
- Standardized environment builds
- Quickly provisioned development environment
- Disaster Recovery
- Terraform is a tool for building, changing, and versioning infrastructure safely and efficiently. Terraform can manage existing and popular service providers as well as custom in-house solutions.
- Infrastructure management tool made by HashiCorp or open-source infrastructure as code software tool
- Provision, manage, and maintain cloud resources like servers, networking, storage.
- Terraform is for managing the base infrastructure Not a configuration Management System
- Terraform works with Docker, Kubernetes, Cloud.
- Terraform presently supports more than 70 providers.
Configuration management tools install and manage software on a machine that already exists. Terraform is not a configuration management tool, and it allows existing tooling to focus on their strengths: bootstrapping and initializing resources.
Terraform focuses on the higher-level abstraction of the datacenter and associated services, while allowing you to use configuration management tools on individual systems. It also aims to bring the same benefits of codification of your system configuration to infrastructure management.
If you are using traditional configuration management within your compute instances, you can use Terraform to configure bootstrapping software like cloud-init to activate your configuration management software on first system boot.
- Visit Terraform Download CLI > choose the operating system.
- Choose folder to download in
%USERPROFILE%\bincreate bin folder if not available - Extract the file into
%USERPROFILE%\bin - Search for
Environment Variableon your machine > clickEnvironment Variables...on User variables for "your-user" highlightPathclickNewtype into the field%USERPROFILE%\binclickOKthenOKthenOKto exit Environment Variables. - Open a new PowerShell and type
terraformto check if Terraform was inserted into your Path correctly.
Visit Install Terraform Documentation
wget https://releases.hashicorp.com/terraform/0.14.6/terraform_0.14.6_linux_amd64.zip64-bit Terraform Download CLIunzip terraform_0.14.6_linux_amd64.zipsudo mv terraform /binrm terraform_0.14.6_linux_amd64.zipterraform --version
- Login to AWS Account
- Click
Userson Dashboard thenAdd user - Insert a username. Example
terraform - Select AWS access type
Programmatic access - Go next select
Attach existing policies directlythen checkAdministratorAccessthis is bad practice and should be avoided if you know what policies to assign your username to use terraform - Click Next and Review
- Download the .CSV file containing the credentials
- Open credential file from previous step and edit using vscode
- Delete the first line containing headings
- Delete username comma and password field
- Delete the website at the end
- Add
[default]at the beginning of the file - Add before Access key ID
aws_access_key_id= - Add before Secret access key
aws_secret_access_key= - Save in
%USERPROFILE%\.aws\credentialscredentials file has no extension so make sure it don't have via the command line
mv new_user_credentials.csv credentials
- Open GitBash and type command
mkdir ~/Desktop/terraform cd ~/Desktop/terraformthen init git bygit init- Create file first_code.tf by command
vim first_code.tf
- To change the default location of the credentials file use
shared_credentials_file = "credentials path"beneathregion = "us-west-2"infirst_code.tffile - Add terraform to .gitignore (Important security measurement)
- .gitignore can be downloaded or forked from this repo
- Contains windows/linux/mac/terraform
- Create your own via Toptal
git add *thengit commit -m "init commit and config file"terraform init
git push
- The
terraform fmtcommand automatically updates configurations in the current directory for easy readability and consistency. - Terraform will return the names of the files it formatted. In the case, your configuration file was already formatted correctly, Terraform won't return any file names.
- the built in
terraform validatecommand will check and report errors within modules, attribute names, and value types.
Instructions for Windows & Linux
- Executing
terraform applywill generate a plan and prompt to execute.
terraform apply filename.planwill apply without prompting yes/no assumes you have already revised the planterraform apply -auto-approvegenerate plan, apply plan without prompting yes/no use at your own risk
- Will execute automatically if
terraform applyexecuted - Plan will show each step that will be executed
- Will check the state between your configurations and real physical resources
- Use [option]
-out=filename.planto generate plan and save it to a file, otherwise the plan generated might not be the same when getting to apply stage. - To inspect the plan
terraform show filename.plan
cat filename.plandon't work since it's a binary file
cat terraform.tfstatethis will show json information about the local state\ ** local state and remote state might be out of sync until terraform pull the state from the infrastructure **- The file may include sensitive information therefore, the need to make sure to include the
.tfstateextension in.gitignorefile is necessary in order to disable git pushing to a public github - Below is a screenshot from Terraform Documentation
- Remote State is part of a feature on Terraform call
BackendsRead more about Backends here
terraform statehas a two handy subcommandslistthat shows a list of resources andshow [resource]shows a specific resource.terraform showwill dump all resources state.
-
Terraform builds a graph part of the plan and can be exported then rendered visually.
-
terraform graphthe syntax of the output is DOT
-
Visualizing DOT require a graph visualizer. Ex: http://webgraphviz.com
- Building blocks of Terraform
- Define the "what" of your infrastructure
- Different settings for every provider
- Find
Create an SSH key and a security group resource - Perform Dynamic Operations with Functions Link
- SaaS vs PaaS vs IaaS: What’s The Difference & How To Choose
- Terraform deprecated the Chef Provisioner in the 0.13.4 release
- Terraform Cheat Sheet
- Ansible and HashiCorp: Better Together github used in video
- One-click environment creation with Terraform & Ansible in under 10'
If terraform validate was successful and your apply still failed, you may be encountering a common error.
-
If you use a region other than
us-east-1, you will also need to change yourami, since AMI IDs are region specific. Choose an AMI ID specific to your region by following these instructions, and modify*.tfwith this ID. Then re-runterraform apply. -
If you do not have a default VPC in your AWS account in the correct region, navigate to the AWS VPC Dashboard in the web UI, create a new VPC in your region, and associate a subnet and security group to that VPC. Then add the security group ID (
vpc_security_group_ids) and subnet ID (subnet_id) into youraws_instanceresource, and replace the values with the ones from your new security group and subnet.
Save the changes to *.tf, and re-runterraform apply. full article here
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent