Code all the Things: Terraform x AWS

Transcript

1. Code all the Things: Terraform x AWS

2. Jacquie Grindrod (She/Her) Developer Advocate at HashiCorp

3. Kerim Satirli (He/Him) Developer Advocate at HashiCorp

4. Agenda Infrastructure as Code what even is it? First Steps

   putting the pieces together Next Steps expanding your knowledge

5. Infrastructure as Code

6. Infrastructure as Code ▪ executable documentation ▪ enables collaboration ▪

   safe and predictable

7. HashiCorp Configuration Language

8. HashiCorp Configuration Language CODE EDITOR service "http" "web_proxy" { listen_addr

   = "127.0.0.1:8080" process "server" { command = ["proxy-app", "server"] } } variable "port" { description = "Port for web_proxy" default = 8080 }

9. HashiCorp Configuration Language CODE EDITOR service "http" "web_proxy" { listen_addr

   = "127.0.0.1:${var.port}" process "server" { command = ["proxy-app", "server"] } } variable "port" { description = "Port for web_proxy" default = 8080 }

10. Introducing Terraform

11. Terraform 125+ Official Providers AWS, Linode, GitHub, etc. 175+ Community

    Providers Auth0, Domino’s Pizza etc.

12. First Steps

13. AWS Provider CODE EDITOR provider "aws" { version = "~>

    2.65" region = "us-east-1" access_key = "AKIAIOSFODNN7EXAMPLE" secret_access_key = "wJalrXUtnFEMI/K7MDEN" }

14. AWS Provider CODE EDITOR provider "aws" { version = "~>

    2.65" region = "us-east-1" access_key = var.aws_access_key secret_access_key = var.aws_secret_access_key }

15. Command: terraform init TERMINAL > terraform init Initializing the backend...

    Initializing provider plugins... - Checking for available provider plugins... - Downloading plugin for provider "aws" (terraform-providers/aws) 2.65.0... Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary.

16. EC2 Instance CODE EDITOR variable "ami_id" { type = string

    description = "AMI ID to use" default = "ami-09d95fab7fff3776c" } variable "instance_type" { type = string description = "Instance type to use" default = "t2.micro" }

17. EC2 Instance CODE EDITOR resource "aws_instance" "hack_the_ne" { ami =

    var.ami_id instance_type = var.instance_type availability_zone = var.availability_zone }

18. Command: terraform plan TERMINAL > terraform plan -out="aws.tfplan" Terraform will

    perform the following actions: # aws_instance.hack_the_ne will be created + resource "aws_instance" "hack_the_ne" Plan: 1 to add, 0 to change, 0 to destroy. This plan was saved to: aws.tfplan

19. Command: terraform apply TERMINAL > terraform apply "aws.tfplan" aws_instance.hack_the_ne: Creating...

    aws_instance.hack_the_ne: Still creating... [10s elapsed] aws_instance.hack_the_ne: Still creating... [20s elapsed] aws_instance.hack_the_ne: Creation complete after 22s Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

20. EC2 Instance http://us-east-1.console.aws.amazon.com/ec2

21. EBS Volume CODE EDITOR resource "aws_instance" "hack_the_ne" { ... }

    resource "aws_ebs_volume" "hack_the_ne" { ... } resource "aws_volume_attachment" "hack_the_ne" { ... }

22. Command: terraform apply TERMINAL > terraform apply "aws.tfplan" aws_ebs_volume.hack_the_ne: Refreshing

    state... aws_instance.hack_the_ne: Refreshing state... aws_volume_attachment.hack_the_ne: Refreshing state... Apply complete! Resources: 0 added, 0 changed, 0 destroyed. Outputs: volume_device_name = /dev/sdh

23. Command: terraform output TERMINAL > terraform output volume_device_name = /dev/sdh

24. Command: terraform output TERMINAL > terraform output volume_device_name /dev/sdh

25. Command: terraform destroy TERMINAL > terraform plan -destroy -out="aws.tfplan"

26. Command: terraform destroy TERMINAL > terraform apply "aws.tfplan"

27. Command: terraform destroy TERMINAL > terraform apply "aws.tfplan" aws_ebs_volume.hack_the_ne: Destroying...

    aws_instance.hack_the_ne: Destroying... aws_volume_attachment.hack_the_ne: Destroying… Apply complete! Resources: 0 added, 0 changed, 3 destroyed.

28. Command: terraform fmt TERMINAL > terraform fmt main.tf

29. Command: terraform validate TERMINAL > terraform fmt main.tf > terraform

    validate Success! The configuration is valid.

30. Command: terraform help TERMINAL > terraform help Usage: terraform [-version]

    [-help] <command> [args] The available commands for execution are listed below. The most common, useful commands are shown first, followed by less common or more advanced commands. Common commands: apply Builds or changes infrastructure destroy Destroy Terraform-managed infrastructure fmt Rewrites config files to canonical format output Read an output from a state file

31. Next Steps

32. Terraform lifecycle ▪ terraform init ▪ terraform fmt ▪ terraform

    validate ▪ terraform plan -out="terraform.tfplan" ▪ terraform apply "terraform.tfplan" ▪ terraform plan -destroy

33. Terraform State ▪ maps real-world resources to your configuration ▪

    keeps track of (resource) metadata ▪ improves performance for large infrastructures ▪ stored locally (by default), can be stored remotely

34. Security Groups CODE EDITOR service "aws_security_group_rule" "allow_from_self" { description =

    "Allow all inbound access from local" type = "ingress" from_port = 0 to_port = 65535 protocol = "tcp" cidr_blocks = ["${chomp(data.http.icanhazip.body)}/32"] }

35. Review ▪ Infrastructure as Code ▪ Introduction to Terraform ▪

    Deployed Resources

36. Materials ▪ slides: hashi.co/htne-slides ▪ code: hashi.co/htne-code ▪ guides: hashi.co/tf-learn

37. None

38. Thank You [email protected] [email protected]