Terraform Introduction

Infrastructure as a Code (IaC):

So, what is IaC? It's just a fancy made-up term for deploying and controlling the cloud infrastructure as a series of configuration files instead of using the GUI and the most popular IaC tool is Terraform.

Terraform is a program written in the 'Go' language that lets us deploy infrastructure on different platforms using plugins called providers. Providers let us perform CRUD (Post Get Put Delete) operations on the Target APIs as depicted below:

Figure [1] Terraform calls

We write Terraform scripts in a Terraform Domain-Specific language called 'Hashicorp Configuration Language' (HCL).


Working with Terraform and AWS:

Terraform lets you declare infrastructure in a Declarative mannerModules are reusable Terraform configurations that may contain one or more providers.

Step 1 - Install Terraform (we will only cover RHEL 8 here for the sake of brevity):
sudo yum install -y yum-utils

sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo

sudo yum -y install terraform
Step 2 - Using the AWS provider:

One of the first steps to using the AWS provider is to set up the Authentication and Configuration, the following are the methods of setting up Authentication:
  1. Parameters in the provider configuration
  2. Environment variables
  3. Shared credentials files
  4. Shared configuration files
  5. Container credentials
  6. Instance profile credentials and region
Let's go for the easiest option, 'Parameters in the provider configuration', and explore more secure options at a later time.

On our machine, let's create a new directory, and create a 'main.tf' file with the following code in it. Please replace the "my-access-key" and "my-secret-key" with your account credentials.
terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 4.16"
    }
  }

  required_version = ">= 1.2.0"
}

provider "aws" {
  region     = "us-west-2"
  access_key = "my-access-key"
  secret_key = "my-secret-key"
}

resource "aws_instance" "app_server" {
  ami           = "ami-830c94e3"
  instance_type = "t2.micro"

  tags = {
    Name = "ExampleAppServerInstance"
  }
}
Our code above is organized into blocks, viz. 'terraform', 'provider', & 'resource' blocks. In the resource block, the type of resource is 'aws_instance' and the name of the block is 'app_server'.

Let's now initialize the terraform directory by running 'terraform init' command. The result of which should look as follows:
Figure [2] Terraform init

We will now have a '.terraform' directory with the 'aws' provider downloaded into it and also a '.terraform.lock.hcl' file that specifies the exact provider version used.

We will now run 'terraform fmt' & 'terraform validate' commands to automatically update all Terraform configuration files in the current directory to uniform formatting and perform the validation process ensuring that the configurations are syntactically valid. Following this, we will run the 'terraform plan' command that will let us preview changes that Terraform would make to our infrastructure.

After reviewing the plan, we can run 'terraform apply' to run the infrastructure. It will once again show us the plan and we can type in 'yes' to proceed.
Figure [3] Terraform apply

After applying the configuration, terraform keeps a record of the infrastructure in a file named 'terraform.tfstate', terraform does this so the resources deployed with Terraform can be updated or destroyed easily in the future. The best practice in production is to copy the state file to a remote location (such as an S3 bucket). To inspect the current state, we can run a 'terraform show' command.

Figure [4] Terraform show

We can list all the Terraform resources using the 'terraform state list' command. Once we're done with our environment, we can easily terminate all the resources we deployed with the 'terraform destroy' command.
Figure [5] Terraform destroy

We will discuss changing infrastructure, input variables, querying data with outputs, & storing state remotely in another post. Thank you for reading! :D

---

References:

[1] Terraform AWS provider - https://registry.terraform.io/providers/hashicorp/aws/latest/docs#assuming-an-iam-role

Comments

Post a Comment

Popular posts from this blog

Playing around with Dell R520 server

Image
After I got my first major tech job, I learned that a major part of the job would be working with Dell servers, setting up ESXi hosts, vCenter installation, etc. so I thought it would be a good idea to practice this at home in my own lab environment so I went and bought a Dell R520 server from the Facebook marketplace for around 300 CAD$. Let me explain how I set up the server. We'll go over the installation of ESXi in detail in another post. For now, let's assume that our server comes with ESXi pre-installed. Let's start by ensuring that the server is plugged in. Most servers come with 2 different PSUs (Power Supply Units). These are meant to go on different Power Strips for power outage redundancy. Once the server is plugged in, try to get your hands on an old monitor with a VGA cable, should cost about 20 CAD$ used. We also need a keyboard. In my case, ESXi was pre-installed so all I had to do was set up the hostname and IP address. Since the internal IP address in my ne
Read more

Experience Interviewing for an Infrastructure Engineer - Continuous Delivery position

Been a while since I got to write to this blog. Recently, I had the pleasure of interviewing for an Infrastructure Engineer - Continuous Delivery position for a company based in Dallas, Texas. I wanted to pen down my experience while the memory is fresh and possibly help others in the same pursuits. The first round was the typical HR round where the interviewer requested to know more about my experience in the DevOps / Infrastructure engineering field and gauge my interest in the position / learn about my background. It included a lot of open-ended questions such as can you please explain your role in your current position. The next round was considerably more interesting and included more pointed questions about my experience in particular tools and working platforms. The interviewer also took the time to explain the role and the need for this position.  After passing this round, I received a take-home exam, the exam question is as follows: Hi Srikar, We're excited to continue our
Read more

2023 Summer Reading List Summary

Image
This blogpost is going to be quite different from my regular posts. I would like to write something down by myself instead of just being a proxy for chatGPT like I did in the past few posts. Books I've read this summer: Thinking in Systems by Donella Meadows Extreme Ownership by Jockco Wilink and Leif Basin Financial Intelligence by Karen Berman Zero to One by Peter Thiel Stillness Is The Key by Ryan Holiday Let's talk about my takeaways book by book: Thinking In Systems , after reading this book, I try to think of everything happening around me in terms of a simple flow chart, on the one side is a 'source', then the other side is the 'output', & in the middle is a box that is an effect which acts on the source to produce the output. Here's an example from the book: Most systems along with having a 'source' and an output, also have feedback loops, they can broadly be classified into 2 types. One is a corrective loop, e.g. a thermostat on a an Air
Read more