Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Understanding the AWS Provider for Terraform

Understanding the AWS Provider for Terraform

In this talk, I look at the basics concepts of HashiCorp Terraform and explain them, using the Docker Provider. Then, I show how to use Terraform to manage AWS resources efficiently and reliably.

This version of the presentation was given at a virtual event for the Bangalore HashiCorp User Group in May 2020.

---

Companion Code: github.com/ksatirli/understanding-the-aws-provider-for-terraform

Kerim Satirli
PRO

May 02, 2020
Tweet

More Decks by Kerim Satirli

Other Decks in Programming

Transcript

  1. Copyright © 2020 HashiCorp Understanding the AWS Provider for Terraform

  2. Kerim Satirli (He/Him) Developer Advocate at HashiCorp

  3. @ksatirli on GitHub and Twitter Developer Advocate at HashiCorp

  4. Infrastructure as Code ▪ executable documentation ▪ enables collaboration ▪

    safe and predictable
  5. Agenda Introducing Terraform basic concepts Managing AWS with Terraform provisioning

    resources Scaling Terraform expanding your knowledge
  6. Introducing Terraform

  7. Terraform 125+ Official Providers AWS, GCP, Docker, etc. 175+ Community

    Providers 1Password, Stripe, Unifi, etc.
  8. HashiCorp Configuration Language CODE EDITOR service { key = "value"

    }
  9. HashiCorp Configuration Language CODE EDITOR service "http" "web_proxy" { listen_addr

    = "127.0.0.1:8080" process "server" { command = ["proxy-app", "server"] } } variable "port" { description = "Port for web_proxy" default = 8080 }
  10. HashiCorp Configuration Language CODE EDITOR service "http" "web_proxy" { listen_addr

    = "127.0.0.1:${var.port}" process "server" { command = ["proxy-app", "server"] } } variable "port" { description = "Port for web_proxy" default = 8080 }
  11. Provider set-up CODE EDITOR provider "docker" { version = "~>

    2.7" host = "tcp://localhost:2376" registry_auth { address = "registry.hub.docker.com" config_file = "/Users/me/.docker/config.json" } }
  12. TERMINAL > terraform init Initializing the backend... Initializing provider plugins...

    - Checking for available provider plugins... - Downloading plugin for provider "docker" (terraform-providers/docker) 2.7.0... Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary.
  13. TERMINAL > tree .terraform/ └── plugins └── darwin_amd64 ├── lock.json

    └── terraform-provider-docker_v2.7.0_x4
  14. Docker Container CODE EDITOR resource "docker_image" "hello_world" { name =

    "hello-world:${var.image_version}" } variable "image_version" { type = string description = "version of Docker Image to pull" default = "latest" }
  15. Command: terraform fmt TERMINAL > terraform fmt main.tf

  16. Command: terraform validate TERMINAL > terraform fmt main.tf > terraform

    validate Success! The configuration is valid.
  17. Command: terraform help TERMINAL > terraform help Usage: terraform [-version]

    [-help] <command> [args] The available commands for execution are listed below. The most common, useful commands are shown first, followed by less common or more advanced commands. Common commands: apply Builds or changes infrastructure destroy Destroy Terraform-managed infrastructure fmt Rewrites config files to canonical format output Read an output from a state file
  18. Command: terraform plan TERMINAL > terraform plan -out="docker.tfplan" Terraform will

    perform the following actions: # docker_image.hello_world will be created + resource "docker_image" "hello_world" { + id = (known after apply) + latest = (known after apply) + name = "hello-world:latest" } Plan: 1 to add, 0 to change, 0 to destroy.
  19. Command: terraform apply TERMINAL > terraform apply "docker.tfplan"

  20. Command: terraform apply TERMINAL docker_image.hello_world: Creating... docker_image.hello_world: Still creating... docker_image.hello_world:

    Creation complete after 5s Apply complete! Resources: 1 added, 0 changed, 0 destroyed. The state of your infrastructure has been saved to the path below. This state is required to modify and destroy your infrastructure, so keep it safe. State path: terraform.tfstate
  21. Terraform State ▪ maps real-world resources to your configuration ▪

    keeps track of (resource) metadata ▪ improves performance for large infrastructures ▪ stored locally (by default), can be stored remotely
  22. Docker Container CODE EDITOR resource "docker_image" "hello_world" { name =

    "hello-world:${var.image_version}" } variable "image_version" { type = string description = "version of Docker Image to pull" default = "latest" }
  23. Command: terraform plan TERMINAL > terraform plan -out="docker.tfplan" var.image_version version

    of Docker Image to pull Enter a value: latest
  24. Command: terraform plan TERMINAL Refreshing Terraform state in-memory prior to

    plan... The refreshed state will be used to calculate this plan, but will not be persisted to local or remote state storage. No changes. Infrastructure is up-to-date. This means that Terraform did not detect any differences between your configuration and real physical resources that exist. As a result, no actions need to be performed.
  25. Variable Definition Files CODE EDITOR image_version = "latest"

  26. Variable Definition Files ▪ contain key-value definitions of variables ▪

    automatically loaded if named: ▪ "terraform.tfvars" or "terraform.tfvars.json" ▪ ".auto.tfvars" or ".auto.tfvars.json"
  27. Docker Container CODE EDITOR resource "docker_image" "hello_world" { name =

    "hello-world:${var.image_version}" } resource "docker_container" "hello_world" { name = "hello-world" image = docker_image.hello_world.name }
  28. Command: terraform apply TERMINAL docker_container.hello_world: Creating... docker_container.hello_world: Creation complete after

    0s [id=3d5...966] Apply complete! Resources: 1 added, 0 changed, 0 destroyed. The state of your infrastructure has been saved to the path below. This state is required to modify and destroy your infrastructure, so keep it safe. To inspect the complete state use the `terraform show` command.
  29. Managing AWS with Terraform

  30. AWS Provider for Terraform hashi.co/tf-aws-provider-changelog

  31. AWS Provider CODE EDITOR provider "aws" { version = "~>

    2.60" region = "ap-south-1" access_key = "AKIAIOSFODNN7EXAMPLE" secret_access_key = "wJalrXUtnFEMI/K7MDEN" }
  32. AWS Provider CODE EDITOR provider "aws" { version = "~>

    2.60" region = "ap-south-1" access_key = var.aws_access_key secret_access_key = var.aws_secret_access_key }
  33. AWS Provider CODE EDITOR provider "aws" { version = "~>

    2.60" region = "ap-south-1" shared_credentials_file = "/Users/me/.aws/creds" secret_access_key = "hug-demo" }
  34. AWS Provider TERMINAL > export AWS_ACCESS_KEY_ID="AKIAIOSFODNN7EXAMPLE" > export AWS_SECRET_ACCESS_KEY="wJalrXUtnFEMI/K7MDEN" CODE

    EDITOR provider "aws" { version = "~> 2.60" region = "ap-south-1" profile. = "hug-demo" }
  35. EC2 Instance CODE EDITOR variable "ami_id" { type = string

    description = "AMI ID to use" default = "ami-0470e33cd681b2476" } variable "instance_type" { type = string description = "Instance type to use" default = "t2.micro" }
  36. EC2 Instance CODE EDITOR resource "aws_instance" "hug_demo" { ami =

    var.ami_id instance_type = var.instance_type availability_zone = var.availability_zone }
  37. EC2 Instance TERMINAL > terraform plan -out="aws.tfplan" Terraform will perform

    the following actions: # aws_instance.hug_demo will be created + resource "aws_instance" "hug_demo" Plan: 1 to add, 0 to change, 0 to destroy. This plan was saved to: aws.tfplan
  38. EC2 Instance TERMINAL > terraform apply "aws.tfplan" aws_instance.hug_demo: Creating... aws_instance.hug_demo:

    Still creating... [10s elapsed] aws_instance.hug_demo: Still creating... [20s elapsed] aws_instance.hug_demo: Creation complete after 22s Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
  39. EC2 Instance ap-south-1.console.aws.amazon.com/ec2

  40. EBS Volume CODE EDITOR resource "aws_instance" "hug_demo" { ... }

    resource "aws_ebs_volume" "hug_demo" { ... } resource "aws_volume_attachment" "hug_demo" { ... }
  41. EBS Volume CODE EDITOR output "volume_device_name" { value = aws_volume_attachment.hug_demo.device_name

    }
  42. Command: terraform apply TERMINAL > terraform apply "aws.tfplan" aws_ebs_volume.hug_demo: Refreshing

    state... aws_instance.hug_demo: Refreshing state... aws_volume_attachment.hug_demo: Refreshing state... Apply complete! Resources: 0 added, 0 changed, 0 destroyed. Outputs: volume_device_name = /dev/sdh
  43. Command: terraform output TERMINAL > terraform output volume_device_name = /dev/sdh

  44. Command: terraform output TERMINAL > terraform output volume_device_name /dev/sdh

  45. Command: terraform destroy TERMINAL > terraform plan -destroy -out="aws.tfplan"

  46. Command: terraform destroy TERMINAL > terraform apply "aws.tfplan"

  47. Command: terraform destroy TERMINAL > terraform apply "aws.tfplan" aws_ebs_volume.hug_demo: Destroying...

    aws_instance.hug_demo: Destroying... aws_volume_attachment.hug_demo: Destroying… Apply complete! Resources: 0 added, 0 changed, 3 destroyed.
  48. Terraform lifecycle ▪ terraform init ▪ terraform fmt ▪ terraform

    validate ▪ terraform plan -out="terraform.tfplan" ▪ terraform apply "terraform.tfplan" ▪ terraform plan -destroy
  49. Scaling Terraform

  50. Importing existing resources CODE EDITOR resource "aws_s3_bucket" "hug_demo" { bucket

    = "hug-demo" }
  51. Command: terraform import TERMINAL > terraform import \ aws_s3_bucket.hug_demo "hug-demo"

  52. Command: terraform import TERMINAL > terraform import \ aws_s3_bucket.hug_demo "hug-demo"

    aws_s3_bucket.hug_demo: Importing from ID "hug-demo"... aws_s3_bucket.hug_demo: Import prepared! Prepared aws_s3_bucket for import aws_s3_bucket.hug_demo: Refreshing state... [id=hug- demo] Import successful!
  53. Review ▪ Providers ▪ Lifecycle ▪ State

  54. Materials ▪ slides: hashi.co/tf-basics-for-aws ▪ code: hashi.co/tf-basics-for-aws-code ▪ guides: hashi.co/tf-learn-aws

    ▪ forums: hashi.co/tf-forum-aws
  55. None
  56. Thank You kerim@hashicorp.com