Understanding the AWS Provider for Terraform

Transcript

1. Copyright © 2020 HashiCorp Understanding the AWS Provider for Terraform

2. Kerim Satirli (He/Him) Developer Advocate at HashiCorp

3. @ksatirli on GitHub and Twitter Developer Advocate at HashiCorp

4. Infrastructure as Code ▪ executable documentation ▪ enables collaboration ▪

   safe and predictable

5. Agenda Introducing Terraform basic concepts Managing AWS with Terraform provisioning

   resources Scaling Terraform expanding your knowledge

6. Introducing Terraform

7. Terraform 125+ Official Providers AWS, GCP, Docker, etc. 175+ Community

   Providers 1Password, Stripe, Unifi, etc.

8. HashiCorp Configuration Language CODE EDITOR service { key = "value"

   }

9. HashiCorp Configuration Language CODE EDITOR service "http" "web_proxy" { listen_addr

   = "127.0.0.1:8080" process "server" { command = ["proxy-app", "server"] } } variable "port" { description = "Port for web_proxy" default = 8080 }

10. HashiCorp Configuration Language CODE EDITOR service "http" "web_proxy" { listen_addr

    = "127.0.0.1:${var.port}" process "server" { command = ["proxy-app", "server"] } } variable "port" { description = "Port for web_proxy" default = 8080 }

11. Provider set-up CODE EDITOR provider "docker" { version = "~>

    2.7" host = "tcp://localhost:2376" registry_auth { address = "registry.hub.docker.com" config_file = "/Users/me/.docker/config.json" } }

12. TERMINAL > terraform init Initializing the backend... Initializing provider plugins...

    - Checking for available provider plugins... - Downloading plugin for provider "docker" (terraform-providers/docker) 2.7.0... Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary.

13. TERMINAL > tree .terraform/ └── plugins └── darwin_amd64 ├── lock.json

    └── terraform-provider-docker_v2.7.0_x4

14. Docker Container CODE EDITOR resource "docker_image" "hello_world" { name =

    "hello-world:${var.image_version}" } variable "image_version" { type = string description = "version of Docker Image to pull" default = "latest" }

15. Command: terraform fmt TERMINAL > terraform fmt main.tf

16. Command: terraform validate TERMINAL > terraform fmt main.tf > terraform

    validate Success! The configuration is valid.

17. Command: terraform help TERMINAL > terraform help Usage: terraform [-version]

    [-help] <command> [args] The available commands for execution are listed below. The most common, useful commands are shown first, followed by less common or more advanced commands. Common commands: apply Builds or changes infrastructure destroy Destroy Terraform-managed infrastructure fmt Rewrites config files to canonical format output Read an output from a state file

18. Command: terraform plan TERMINAL > terraform plan -out="docker.tfplan" Terraform will

    perform the following actions: # docker_image.hello_world will be created + resource "docker_image" "hello_world" { + id = (known after apply) + latest = (known after apply) + name = "hello-world:latest" } Plan: 1 to add, 0 to change, 0 to destroy.

19. Command: terraform apply TERMINAL > terraform apply "docker.tfplan"

20. Command: terraform apply TERMINAL docker_image.hello_world: Creating... docker_image.hello_world: Still creating... docker_image.hello_world:

    Creation complete after 5s Apply complete! Resources: 1 added, 0 changed, 0 destroyed. The state of your infrastructure has been saved to the path below. This state is required to modify and destroy your infrastructure, so keep it safe. State path: terraform.tfstate

21. Terraform State ▪ maps real-world resources to your configuration ▪

    keeps track of (resource) metadata ▪ improves performance for large infrastructures ▪ stored locally (by default), can be stored remotely

22. Docker Container CODE EDITOR resource "docker_image" "hello_world" { name =

    "hello-world:${var.image_version}" } variable "image_version" { type = string description = "version of Docker Image to pull" default = "latest" }

23. Command: terraform plan TERMINAL > terraform plan -out="docker.tfplan" var.image_version version

    of Docker Image to pull Enter a value: latest

24. Command: terraform plan TERMINAL Refreshing Terraform state in-memory prior to

    plan... The refreshed state will be used to calculate this plan, but will not be persisted to local or remote state storage. No changes. Infrastructure is up-to-date. This means that Terraform did not detect any differences between your configuration and real physical resources that exist. As a result, no actions need to be performed.

25. Variable Definition Files CODE EDITOR image_version = "latest"

26. Variable Definition Files ▪ contain key-value definitions of variables ▪

    automatically loaded if named: ▪ "terraform.tfvars" or "terraform.tfvars.json" ▪ ".auto.tfvars" or ".auto.tfvars.json"

27. Docker Container CODE EDITOR resource "docker_image" "hello_world" { name =

    "hello-world:${var.image_version}" } resource "docker_container" "hello_world" { name = "hello-world" image = docker_image.hello_world.name }

28. Command: terraform apply TERMINAL docker_container.hello_world: Creating... docker_container.hello_world: Creation complete after

    0s [id=3d5...966] Apply complete! Resources: 1 added, 0 changed, 0 destroyed. The state of your infrastructure has been saved to the path below. This state is required to modify and destroy your infrastructure, so keep it safe. To inspect the complete state use the `terraform show` command.

29. Managing AWS with Terraform

30. AWS Provider for Terraform hashi.co/tf-aws-provider-changelog

31. AWS Provider CODE EDITOR provider "aws" { version = "~>

    2.60" region = "ap-south-1" access_key = "AKIAIOSFODNN7EXAMPLE" secret_access_key = "wJalrXUtnFEMI/K7MDEN" }

32. AWS Provider CODE EDITOR provider "aws" { version = "~>

    2.60" region = "ap-south-1" access_key = var.aws_access_key secret_access_key = var.aws_secret_access_key }

33. AWS Provider CODE EDITOR provider "aws" { version = "~>

    2.60" region = "ap-south-1" shared_credentials_file = "/Users/me/.aws/creds" secret_access_key = "hug-demo" }

34. AWS Provider TERMINAL > export AWS_ACCESS_KEY_ID="AKIAIOSFODNN7EXAMPLE" > export AWS_SECRET_ACCESS_KEY="wJalrXUtnFEMI/K7MDEN" CODE

    EDITOR provider "aws" { version = "~> 2.60" region = "ap-south-1" profile. = "hug-demo" }

35. EC2 Instance CODE EDITOR variable "ami_id" { type = string

    description = "AMI ID to use" default = "ami-0470e33cd681b2476" } variable "instance_type" { type = string description = "Instance type to use" default = "t2.micro" }

36. EC2 Instance CODE EDITOR resource "aws_instance" "hug_demo" { ami =

    var.ami_id instance_type = var.instance_type availability_zone = var.availability_zone }

37. EC2 Instance TERMINAL > terraform plan -out="aws.tfplan" Terraform will perform

    the following actions: # aws_instance.hug_demo will be created + resource "aws_instance" "hug_demo" Plan: 1 to add, 0 to change, 0 to destroy. This plan was saved to: aws.tfplan

38. EC2 Instance TERMINAL > terraform apply "aws.tfplan" aws_instance.hug_demo: Creating... aws_instance.hug_demo:

    Still creating... [10s elapsed] aws_instance.hug_demo: Still creating... [20s elapsed] aws_instance.hug_demo: Creation complete after 22s Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

39. EC2 Instance ap-south-1.console.aws.amazon.com/ec2

40. EBS Volume CODE EDITOR resource "aws_instance" "hug_demo" { ... }

    resource "aws_ebs_volume" "hug_demo" { ... } resource "aws_volume_attachment" "hug_demo" { ... }

41. EBS Volume CODE EDITOR output "volume_device_name" { value = aws_volume_attachment.hug_demo.device_name

    }

42. Command: terraform apply TERMINAL > terraform apply "aws.tfplan" aws_ebs_volume.hug_demo: Refreshing

    state... aws_instance.hug_demo: Refreshing state... aws_volume_attachment.hug_demo: Refreshing state... Apply complete! Resources: 0 added, 0 changed, 0 destroyed. Outputs: volume_device_name = /dev/sdh

43. Command: terraform output TERMINAL > terraform output volume_device_name = /dev/sdh

44. Command: terraform output TERMINAL > terraform output volume_device_name /dev/sdh

45. Command: terraform destroy TERMINAL > terraform plan -destroy -out="aws.tfplan"

46. Command: terraform destroy TERMINAL > terraform apply "aws.tfplan"

47. Command: terraform destroy TERMINAL > terraform apply "aws.tfplan" aws_ebs_volume.hug_demo: Destroying...

    aws_instance.hug_demo: Destroying... aws_volume_attachment.hug_demo: Destroying… Apply complete! Resources: 0 added, 0 changed, 3 destroyed.

48. Terraform lifecycle ▪ terraform init ▪ terraform fmt ▪ terraform

    validate ▪ terraform plan -out="terraform.tfplan" ▪ terraform apply "terraform.tfplan" ▪ terraform plan -destroy

49. Scaling Terraform

50. Importing existing resources CODE EDITOR resource "aws_s3_bucket" "hug_demo" { bucket

    = "hug-demo" }

51. Command: terraform import TERMINAL > terraform import \ aws_s3_bucket.hug_demo "hug-demo"

52. Command: terraform import TERMINAL > terraform import \ aws_s3_bucket.hug_demo "hug-demo"

    aws_s3_bucket.hug_demo: Importing from ID "hug-demo"... aws_s3_bucket.hug_demo: Import prepared! Prepared aws_s3_bucket for import aws_s3_bucket.hug_demo: Refreshing state... [id=hug- demo] Import successful!

53. Review ▪ Providers ▪ Lifecycle ▪ State

54. Materials ▪ slides: hashi.co/tf-basics-for-aws ▪ code: hashi.co/tf-basics-for-aws-code ▪ guides: hashi.co/tf-learn-aws

    ▪ forums: hashi.co/tf-forum-aws
55. None

56. Thank You [email protected]