IT 3110 : DevOps Automation

Terraform

Terraform Intro

See this video - here

What is infrastructure as code?

  • The process of managing infrastructure in a file or files rather than manually configuring resources in a user interface.
  • Why not just use a GUI?

Advantages of Terraform

  • Platform agnostic
    • Same workflow can manage AWS, Azure, GCP, by specifying what you want in your config file
  • State management
    • You define what state you want your resources to be in, and Terraform takes care of putting them in that state
  • Operator confidence
    • Easily repeatable
    • Affirm changes prior to implementation to reduce accidental disruption

Installation

See the page here

You want to make sure that you follow the video or manual instructions so that you get the latest version of terraform. (If you install from ubuntu repo, it will be outdated).

To enable auto tab completion:

  • terraform -install-autocomplete

More about AWS management

Create a ~/.aws/credentials file. If you read the section of your account details (from aws educate), it says to copy and paste stuff into that file.

create a terraform configuration file

  • Create a directory to put your work in, (i.e. mkdir tf-sample)
  • create a config file in that directory
  • Here is what my config file looks like.

I had to make sure that my config file was:

  • using the us-east-1 region. If you use a region other than us-east-1, you will also need to change your ami, since AMI IDs are region specific.
  • And select a current AMI

Config file explained

  • The terraform {} block is required so Terraform knows which provider to download.
  • Good practice to use a version, since newer versions might break things.- See what version.

Config file explained (Providers)

  • A provider is a plugin that translate terraform commands to API calls.
    • examples: Azure, Aws, Google cloud, Kubernetes, etc...
  • profile directs Terraform to use credentials in the default location (~/.aws/credentials)

Config file explained

  • The resource block defined the piece of infrastructure to create (i.e. EC2 instance, or database or VPC or ??

The format is generally:

   resource "provider-type" "name" {
   CONFIG
   }

Terraform commands

  • terraform init - this will read your tf file and decide what plugins you are using and install them. Creates a .terraform directory in your working directory.
  • terraform plan- shows what changes will be made without making them
  • terraform fmt - will format your file to look all pretty
  • terraform validate - will check your config file for errors

Terraform

  • terraform apply - shows the money!! This should apply all of the changes for you (after you indicate yes)
  • Double check on your web interface that things were created.
  • Look at terraform.tfstate file after applying. Has ALLL your AWS info, so terraform knows what it is managing.

Terraform

  • terraform show will show all the information from the state file.
  • Should keep that secure (probably not public repo on github)

Change state

  • Change something in the state file and the apply your changes again.. (i.e. change micro to nano or medium)
  • Changed file here

Destroy

  • terraform destroy terminates resources described in your config file, the opposite of terraform apply.

More examples

Terraform expressions

In the previous example, we had to attach the sg to the instance, but at creation time we don't actually know the id's for any of these. An expression allows us to select the approprate sg by accessing other parts of your code.

A resource attribute reference is a type of expression that we used in the example <Provider>_<type>.<name>.<attribute>. In the example it was, aws_security_group.instance.id

Best practice

Check your tf files into git... but not any credentials.