Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Terraform
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Andy Gale
October 08, 2014
Technology
1k
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Terraform
Lightening introduction to Terraform given at PHPSW on 8th October
Andy Gale
October 08, 2014
More Decks by Andy Gale
See All by Andy Gale
TekCurious
andygale
0
86
Mitigating DDOS Attacks with Terraform
andygale
0
840
Container Security
andygale
0
550
Nobody likes you Jenkins
andygale
2
1.1k
PHP Migrations with Phinx
andygale
1
2k
Test-Driven Infrastructure
andygale
2
630
Chef and Docker
andygale
3
530
Auto-scaling PHP applications using Chef and AWS
andygale
2
1.2k
Testing Javascript
andygale
9
1.5k
Other Decks in Technology
See All in Technology
Bucharest Tech Week 2026 - Guardians of the Cloud-Native Galaxy
edeandrea
PRO
0
120
気づかぬうちにセキュリティ負債を生むAPIキー運用
sgwrmctk
0
180
Oracle AI Database@Google Cloud:サービス概要のご紹介
oracle4engineer
PRO
6
1.5k
脱SaaS!FDEを支えるプロビジョニングと分離設計
knih
0
240
OTel × Datadog で 「AI活用」を計測し、改善に繋げる
shihochan
1
410
PostgreSQL 19 新機能概要 OSC Hokkaido 2026
nori_shinoda
0
110
SONiC Scale-Up Working Group から探る Scale-UpやUltraEthernet機能の実装方法
ebiken
PRO
2
410
AIのReact習熟度を測る
uhyo
2
650
生成 AI 実践ガイド (概略版) AIガバナンス編
asei
0
120
AI時代のコスト管理を考えよう〜明日から使える実践AWSノウハウ~
yoshimi0227
0
290
ぼっちではじめた登壇が「51名」「241件」の発信に化けた
subroh0508
1
240
MUSUBI 田中裕一『AIと共に行う「しごとのリデザイン」- スモールバックオフィス編』AI Ops Lab #4
musubi
0
260
Featured
See All Featured
The Curse of the Amulet
leimatthew05
1
13k
Navigating the Design Leadership Dip - Product Design Week Design Leaders+ Conference 2024
apolaine
1
350
Lessons Learnt from Crawling 1000+ Websites
charlesmeaden
PRO
1
1.3k
Building a Scalable Design System with Sketch
lauravandoore
463
34k
Tell your own story through comics
letsgokoyo
1
960
Ethics towards AI in product and experience design
skipperchong
2
310
The Mindset for Success: Future Career Progression
greggifford
PRO
0
360
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
31
10k
Documentation Writing (for coders)
carmenintech
77
5.4k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
31
3.2k
We Are The Robots
honzajavorek
0
250
Art, The Web, and Tiny UX
lynnandtonic
304
22k
Transcript
Terraform Andy Gale DevOps Consultancy
About me Andy Gale Web Consultant Hello Future http://hellofutu.re !
@andygale @hellofutur3 DevOps Consultancy
Infrastructure as code • AWS ec2 instances • Digital Ocean
droplets • Google Cloud Compute Engine • Dedicated boxes Ansible, Puppet, Chef DevOps Consultancy
Terraform • AWS security groups, VPC, VPC Subnets, Amazon RDS
• DNS with Digital Ocean, DNSimple, Route 53 DevOps Consultancy
Terraform http://www.terraform.io/downloads.html Install DevOps Consultancy
Terraform Digital Ocean example resource "digitalocean_droplet" "web" { image =
"ubuntu-14-04-x64" name = "web-1" region = "nyc2" size = "512mb" } DevOps Consultancy
Terraform AWS security group example # Security group for web
server ! resource "aws_security_group" "hello_web" { name = "hello-elb-sg" description = "Security Group for web servers" ! # HTTP access from anywhere ingress { from_port = 80 to_port = 80 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } } DevOps Consultancy
Terraform AWS security group example $ terraform plan ! +
aws_security_group.hello_web description: "" => "Security Group for web servers" ingress.#: "" => "1" ingress.0.cidr_blocks.#: "" => "1" ingress.0.cidr_blocks.0: "" => "0.0.0.0/0" ingress.0.from_port: "" => "80" ingress.0.protocol: "" => "tcp" ingress.0.to_port: "" => "80" name: "" => "hello-elb-sg" owner_id: "" => "<computed>" ! DevOps Consultancy
Terraform AWS security group example $ terraform apply ! aws_security_group.hello_web:
Creating... description: "" => "Security Group for web servers" ingress.#: "" => "1" ingress.0.cidr_blocks.#: "" => "1" ingress.0.cidr_blocks.0: "" => "0.0.0.0/0" ingress.0.from_port: "" => "80" ingress.0.protocol: "" => "tcp" ingress.0.to_port: "" => "80" name: "" => "hello-elb-sg" owner_id: "" => "<computed>" aws_security_group.hello_web: Creation complete ! Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
# Security group for web server ! resource "aws_security_group" "hello_web"
{ name = "hello-elb-sg" description = "Security Group for web servers" ! # HTTP access from anywhere ingress { from_port = 80 to_port = 80 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } ! ingress { from_port = 443 to_port = 443 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } } Adding HTTPS DevOps Consultancy
$ terraform plan ! -/+ aws_security_group.hello_web description: "Security Group for
web servers" => "Security Group for web servers" ingress.#: "1" => "2" ingress.0.cidr_blocks.#: "1" => "1" ingress.0.cidr_blocks.0: "0.0.0.0/0" => "0.0.0.0/0" ingress.0.from_port: "80" => "80" ingress.0.protocol: "tcp" => "tcp" ingress.0.to_port: "80" => "80" ingress.1.cidr_blocks.#: "" => "1" ingress.1.cidr_blocks.0: "" => "0.0.0.0/0" ingress.1.from_port: "" => "443" ingress.1.protocol: "" => "tcp" ingress.1.to_port: "" => "443" name: "hello-elb-sg" => "hello-elb-sg" owner_id: "803559457126" => "<computed>" vpc_id: "vpc-8f18e0ea" => "" (forces new resource) ! ! ! DevOps Consultancy Terraform tells us what it will do
$ terraform apply ! aws_security_group.hello_web: Refreshing state... (ID: sg-393a8c5c) aws_security_group.hello_web:
Destroying... aws_security_group.hello_web: Destruction complete aws_security_group.hello_web: Modifying... description: "Security Group for web servers" => "Security Group for web servers" ingress.#: "1" => "2" ingress.0.cidr_blocks.#: "1" => "1" ingress.0.cidr_blocks.0: "0.0.0.0/0" => "0.0.0.0/0" ingress.0.from_port: "80" => "80" ingress.0.protocol: "tcp" => "tcp" ingress.0.to_port: "80" => "80" ingress.1.cidr_blocks.#: "" => "1" ingress.1.cidr_blocks.0: "" => "0.0.0.0/0" ingress.1.from_port: "" => "443" ingress.1.protocol: "" => "tcp" ingress.1.to_port: "" => "443" name: "hello-elb-sg" => "hello-elb-sg" owner_id: "803559457126" => "<computed>" vpc_id: "vpc-8f18e0ea" => "" aws_security_group.hello_web: Modifications complete ! Apply complete! Resources: 0 added, 1 changed, 1 destroyed. Terraform applies configuration
Adding an instance DevOps Consultancy
Variables variable "access_key" {} variable "secret_key" {} ! variable "key_name"
{} variable "key_path" {} ! variable "region" { default = "eu-west-1" } ! variable "amis" { default = { eu-west-1 = "ami-f4b11183" us-east-1 = "ami-9aaa1cf2" us-west-2 = "ami-39501209" } } DevOps Consultancy
Terraform terraform.tfvars access_key = "XXXXXXXXXXXXXXXXXXXX" secret_key = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" key_path =
".ssh/mykey.pem" key_name = "mykey" You’d likely keep this in .gitignore DevOps Consultancy
resource "aws_instance" "web" { ! connection { user = "ubuntu"
key_file = "${var.key_path}" } ! instance_type = "t2.micro" ami = "${lookup(var.amis, var.region)}" ! key_name = "${var.key_name}" ! security_groups = ["${aws_security_group.hello_web.name}"] ! provisioner "remote-exec" { inline = [ "sudo apt-get -y update", "sudo apt-get -y install nginx", "sudo service nginx start" ] } } DevOps Consultancy Create instance
# Security group for web server ! resource "aws_security_group" "hello_web"
{ name = "hello-elb-sg" description = "Security Group for web servers" ! # HTTP access from anywhere ingress { from_port = 80 to_port = 80 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } ! ingress { from_port = 22 to_port = 22 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } ! } Adding SSH DevOps Consultancy
$ terraform apply aws_security_group.hello_web: Creating... description: "" => "Security Group
for web servers" ingress.#: "" => "2" ingress.0.cidr_blocks.#: "" => "1" ingress.0.cidr_blocks.0: "" => "0.0.0.0/0" ingress.0.from_port: "" => "22" ingress.0.protocol: "" => "tcp" ingress.0.to_port: "" => "22" ingress.1.cidr_blocks.#: "" => "1" ingress.1.cidr_blocks.0: "" => "0.0.0.0/0" ingress.1.from_port: "" => "80" ingress.1.protocol: "" => "tcp" ingress.1.to_port: "" => "80" name: "" => "hello-elb-sg" owner_id: "" => "<computed>" aws_security_group.hello_web: Creation complete aws_instance.web: Creating... ami: "" => "ami-f4b11183" availability_zone: "" => "<computed>" instance_type: "" => "t2.micro" key_name: "" => "hellofuture" private_dns: "" => "<computed>" private_ip: "" => "<computed>" public_dns: "" => "<computed>" public_ip: "" => "<computed>" security_groups.#: "" => "1" security_groups.0: "" => "hello-elb-sg" subnet_id: "" => "<computed>" aws_instance.web: Provisioning with 'remote-exec'... aws_instance.web: Creation complete ! Apply complete! Resources: 2 added, 0 changed, 0 destroyed. Terraform applies configuration
resource "aws_instance" "web" { ! connection { user = "ubuntu"
key_file = "${var.key_path}" } ! instance_type = "t2.micro" ami = "${lookup(var.amis, var.region)}" ! key_name = "${var.key_name}" ! security_groups = ["${aws_security_group.hello_web.name}"] ! provisioner "local-exec" { command = "knife bootstrap ${aws_instance.example.public_ip}" } } } DevOps Consultancy Using with Chef
Packer • Terraform works well with AMIs generated by Packer
• http://www.packer.io/ DevOps Consultancy
Terraform • Amazon autoscaling groups, RDS, ELB, EIP, S3, VPC
• Cloudflare DNS • Consul • Digital Ocean DNS • Google Cloud • Herkou • Mailgun DevOps Consultancy What else can you do
andygale
edeandrea
sgwrmctk
oracle4engineer
knih
shihochan
nori_shinoda
ebiken
uhyo
asei
yoshimi0227
subroh0508
musubi
leimatthew05
apolaine
charlesmeaden
lauravandoore
letsgokoyo
skipperchong
greggifford
eileencodes
carmenintech
danielanewman
honzajavorek
lynnandtonic
