Day 2
28th April 2024
Terraform Course
Module 1: Getting Started with Terraform
Introduction to Terraform and IaC
In this session, we’ll introduce you to the fundamental concepts of Terraform and Infrastructure as Code (IaC). Learn why Terraform is crucial for managing infrastructure and how IaC streamlines provisioning.
Installing Terraform on MacOS, Linux and Windows
Get your hands dirty by installing Terraform on both MacOS, Linux and Windows. We’ll guide you through the process with clear instructions and commands.
Setting up Terraform for AWS
Dive into AWS integration with Terraform. You’ll learn how to set up your AWS credentials and configure the AWS provider within Terraform to start provisioning resources.
Writing Your First Terraform Code
Start writing actual Terraform code with a simple example. Learn about the basic structure of a Terraform configuration file and how to define resources using the HCL language.
Terraform Lifecycle
Understand the lifecycle of terraform. What is terraform init, plan and apply.
Launching an EC2 Instance
Take your skills up a notch by provisioning an EC2 instance on AWS using Terraform. Explore attributes like instance type, AMI, and tags to customize your instance.
Terraform State Basics
Understand the importance of Terraform state files. Learn about desired and current states, and how Terraform manages these states to ensure infrastructure consistency.
Module 2: Advanced Terraform Configuration
Understanding Providers and Resources
Deepen your knowledge of providers and resources. Explore the role of different providers for various cloud platforms and understand how resources define infrastructure components.
Variables and Outputs in Terraform
Discover the power of variables for dynamic configurations. Learn how to define, declare, and utilize variables effectively. Explore outputs to retrieve and display essential information.
Conditional Expressions and Functions
Elevate your configurations with conditional expressions, adding logic to your code. We’ll introduce you to Terraform’s built-in functions for tasks like string manipulation and calculations.
Debugging and Formatting Terraform Files
Master the art of debugging Terraform configurations.Plus, learn why proper formatting with terraform fmt is crucial.
Module 3: Building Reusable Infrastructure with Modules
Creating Modular Infrastructure with Terraform Modules
Unlock the potential of reusability with Terraform modules. Understand how modules enable you to create shareable and organized infrastructure components.
Local Values and Data Sources
Simplify complex expressions using local values. Dive into data sources and learn how to fetch data from existing resources or external systems, enhancing your configurations’ flexibility.
Using Variables and Inputs with Modules
Explore the versatility of using variables within modules to customize their behavior. Learn how inputs work within modules and the benefits they offer.
Leveraging Outputs from Modules
Utilize module outputs to access critical information or propagate data to your root configuration. Learn how to make your modules more informative and useful.
Exploring Terraform Registry for Modules
Embark on a journey through the Terraform Registry. Discover pre-built, community-contributed modules and learn how to incorporate them into your own configurations.
Module 4: Collaboration and State Management
Collaborating with Git and Version Control
Collaborate effectively using Git and version control. Grasp fundamental Git commands such as cloning, pulling, and pushing repositories to enhance teamwork.
Handling Sensitive Data and .gitignore
Tackle security challenges associated with sensitive data in version control. Explore the importance of .gitignore to exclude sensitive files from being committed.
Introduction to Terraform Backends
Uncover the role of Terraform backends in remote state storage. Learn why they’re essential for maintaining infrastructure state and configurations.
Implementing S3 Backend for State Storage
Get hands-on experience configuring an S3 bucket as a backend for remote state storage. Understand how this setup improves collaboration and state management.
State Locking with DynamoDB
Dive into state locking and the prevention of concurrent updates. Implement state locking using DynamoDB as a backend mechanism, ensuring state consistency.
Module 5 : Provisioning and Provisioners
Understanding Provisioners in Terraform
Learn about provisioners, mechanisms for executing actions on resources during creation and destruction. Understand how they facilitate customization.
Remote-exec and Local-exec Provisioners
Differentiate between remote-exec and local-exec provisioners. Explore how remote-exec provisions actions on remote servers, while local-exec performs tasks locally.
Applying Provisioners at Creation and Destruction
Discover when to use provisioners during resource creation or destruction. Configure provisioners within resource blocks to execute specific actions.
Failure Handling for Provisioners
Gain insights into handling provisioner failures. Learn about retry mechanisms, timeouts, and the on_failure attribute to control provisioner behavior on failure.
Notes :
Use case:: `
AWS Hardening Guidelines – 100’s of AWS Account and provision resourses in different regions
One IaaC tool for 100’s of providers
Binary approach
—————–
Download for Windows
https://www.terraform.io/downloads.html
copy and paste the binary file in binaries folder and set the environment variable
Download for Linux: (reference: https://sysadminxpert.com/steps-to-install-terraform-on-amazon-linux/)
sudo yum install wget unzip
wget https://releases.hashicorp.com/terraform/1.1.0/terraform_1.1.0_linux_amd64.zip
unzip <package>
echo $PATH
mv terraform /usr/local/bin
Package Manager Approach
————————-
https://www.tecmint.com/install-terraform-in-linux/
Install Terraform On Windows:
https://developer.hashicorp.com/terraform/install
GITHUB Codespce
$ terraform –version
$ aws –version
> Codespace: Add dev container configuration files –> terraform (ticked mark)
> Codespace: Add dev container configuration files –> aws (ticker mark)
> Codespace: Rebuild
AWS Account 767398072957 (george)
$aws configure
AKIA3FLD5KJ62A3Q5J4C
ciXZOq3pMi+1Xf0i1EP31MgmT2gYJ5vCHoovzfHS
$ aws s3 ls
main.tf
$ terraform init (initialize the configuration – creds/plugin
The .terraform.lock.hcl file generated by Terraform during initialization is used to record the specific versions of provider plugins selected for the current configuration. This file helps ensure consistency in your Terraform environment by locking the provider versions.
Here’s what the lock file contains and why it’s important:
1. Provider Selections: The lock file lists the exact versions of provider plugins that Terraform has selected based on the provider requirements specified in your configuration files. In your example, it indicates that Terraform has selected version 5.47.0 of the hashicorp/aws provider.
2. Version Control: By including the lock file in your version control system (such as Git), you ensure that all team members use the same provider versions. This prevents unexpected changes in behavior due to updates in provider versions between Terraform runs.
3. Consistent Environment: With the lock file, Terraform guarantees that subsequent runs of terraform init will use the same provider versions unless explicitly updated. This consistency is crucial for reproducibility and stability in infrastructure management.T he lock file helps maintain a consistent and reproducible Terraform environment by recording and enforcing specific provider versions for your infrastructure.
$ terraform apply
$ terraform plan
$ terraform destroy
terraform.tfstate
The terraform.tfstate file is another important artifact generated and managed by Terraform. It serves as the state file for your infrastructure managed by Terraform. Here’s what it contains and why it’s crucial:
1. State Information: The terraform.tfstate file stores the current state of your infrastructure as managed by Terraform. It includes details about all resources managed by Terraform, such as their current configuration, metadata, and dependencies.
2. Resource Mapping: For each resource defined in your Terraform configuration files, the state file tracks its corresponding real-world counterpart, such as an AWS EC2 instance or an Azure Virtual Machine. It maintains a mapping between the desired state (defined in your configuration) and the actual state (as observed in the cloud provider).
3. Concurrency Control: The state file also helps Terraform manage concurrent operations from multiple users or processes. It locks the state file during operations to prevent concurrent modifications that could lead to conflicts or inconsistencies in the infrastructure.
4. Dependency Management: Terraform uses the state file to understand the dependencies between resources. When you make changes to your infrastructure, Terraform analyzes the state file to determine the order in which resources need to be created, modified, or destroyed to achieve the desired state.
5. Sensitive Data: Depending on your configuration, the state file may contain sensitive information such as resource IDs, IP addresses, or access keys. It’s important to treat the state file with care and ensure that it’s stored securely, especially in shared or version-controlled environments.
In summary, the terraform.tfstate file is a critical component of Terraform’s functionality, providing a snapshot of your infrastructure’s current state and enabling Terraform to manage resources effectively and safely.
*******************************************************************************************************************
Topics:
——–
providers
multi-region providers
multi-cloud providers
variables – input, output, tfvars
conditional operators
build-in functions
Terraform structure
******************************************************************************************************************
Topics:
——–
Modules
Terraform registry – Public modules
******************************************************************************************************************
Topics:
——-
statefiles (adv and disadv)
$ terraform show (to read the state file)
Locking mechanism in terraform
******************************************************************************************************************
Topics:
——-
Provisioners
$ ssh-keygen -t rsa
file
remote-exec
$ ssh -i ~/.ssh/id_rsa ubuntu@<IP>
$ python3
$ sudo ps -ef | grep python
$ sudo pyton3 app.py
******************************************************************************************************************
terraform -version
terraform init – start downloading the plugins associated with the provider (aws)
terraform init -upgrade – download the latest plugin based on the constraints defined in the configuration (version = “~> 3.0” ), and updates the .terraform.lock.hcl
terraform plan – terraform plans to change the current state infra resources to the desired state infra resources
terraform plan -out=plan.out
terraform show plan.out
terraform show -json plan.out
terraform show or terraform state list – it would simply show the state file
terraform apply – create the resource
terraform apply -target <>.<>
terraform apply -target aws_instance.myec2
terraform apply -auto-approve
terraform apply plan.out
terraform validate – to check for syntax error
#Dealing with large infrastructure
terraform -refresh=false #it would simple abondon the state file refresh inturn mitigates the no. of api calls made for larger infrastructure
terraform -refresh=false -target=resource.localname #operate an isolated portion of very large configurations.
terraform destroy #wipe the resources in .tf,state file
terraform destroy -target aws_instance.myec2
terraform destroy -target github_repository.repo
or
comment the resource block /*……..*/
Desired State = Current State – Terraform plan -> Infrastructure is up-to-date
Desired State != Current State – Terraform plan -> Terraform would try to match the state to desired state.
terraform refresh – fetches the current state information of the resources deployed, and also updates the state file
terraform plan – Terraform compares your real infrastructure against your configuration (interanlly terraform refresh happens) – at some times, resources would be replaced/recreated terraform finds any changes in real infra and terraform desired config – please read the plan and execute apply)
terraform apply
Note: Terraform’s primary function is to create, modify, and destroy infrastructure resources to match the desired state desired state described in a Terraform configuration.
Thus specify all the things in terraform desired configuration .tf file. (Ex: change the security group)
State file:
– contains all the details/information infrastructure resources that are currently live
Desired State and Current State (Terraform tries to ensure that the deployed infrastructure is based on the desired state)
– former denoted the resources which we mention in our .tf file
– latter denotes the infrastructure resource
Understand the Resource Type and Local Resource Name
Queries :
1. Modules and Variables approach – keeping variable as common for multiple projects
2. How to handle different environment in terraform ?
3. add and copy in the docker file ?
4. Docker vs Docker Swarm
5. Git hub actions vs jenkins
6. Grafana Holistic approach
7. Docker volume
Terrform – 50%
Docker – 80%
GIT – 90%
P&G – 90%
S3 – 100%
K8’s – HLD EKS ? or K8’s end to end and the EKS ?
1. Terrafrom
2. variables.tf, vars.tf (next session)
3. Modules – structure – one query ?
4. state management
5. Provisioner