© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. Optimizing AWS workflows with the CDK for Terraform S P O N S O R E D B Y H A S H I C O R P Kyle Ruddy (he/him) C O P 4 0 2 - S Senior Technical Product Marketing Manager HashiCorp Taylor Dolezal (he/him) Senior Developer Advocate HashiCorp

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. Agenda • Terraform: Year in review • Terraform Cloud • What is the CDK for Terraform? • CDK workflows • Demo

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. Terraform: Year in review

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. Terraform 0.14 – User experience • Concise diffs • Sensitive value masking • Easier upgrades

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. Terraform 0.15 – Preparing for 1.0 • Unified CLI Experience • 1.0 Stabilization • Undeclared variable use no longer deprecated

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. Terraform 1.0 – Stability No significant changes (as planned!)

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. Terraform state compatibility • Terraform 0.15 is forward-compatible with state files to 1.0 • Backward-compatible to >0.14.0 0.14 0.15 1.0

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. Remote state Terraform remote-state data sources are forward-compatible 0.12 0.13 0.14 0.15 1.0 0.12.30 0.13.6

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. Sensitive function Introduction of a new set of sensitive/non-sensitive functions to help organizations build on Terraform’s sensitivity resource “aws_db_instance” “mydb” { password = sensitive(data.resource.name.id) ... }

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. Terraform Cloud

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. Terraform Cloud F U L L Y - M A N A G E D I N F R A S T R U C T U R E A S C O D E C L O U D S E R V I C E Developers Plan Cost Estimation PRIVATE MODULE REGISTRY Operations Apply Sentinel Policy Run Tasks

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. What is the CDK for Terraform?

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. Why? Anonymous

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. Because. Anonymous

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. HashiCorp Configuration Language (HCL)

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. HCL • Providers • Resources • Functions

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. HCL • Variables (inputs, outputs, locals) • Modules

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. HCL

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. Ecosystem

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. Ecosystem

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. Success? © 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. Success? © 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. CDK for Terraform The CDK for Terraform is a project that allows users to define infrastructure using programming languages CDK for (CRDS) HCL JSON

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. CDK for Terraform Supported languages include • TypeScript • Python • Java • C# • Go

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. CDK for Terraform Packages • cdktf-cli – A CLI that allows users to run commands to initialize, import, and synthesize CDK for Terraform applications • cdktf – A library for defining Terraform resources using programming constructs

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. CDK workflows

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. CDK commands • cdktf init • cdktf synth • cdktf diff • cdktf deploy

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. Architecture © 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. Code bindings

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. Providers and resources import { Construct } from "constructs"; import { App, TerraformStack } from "cdktf"; import { AwsProvider } from "./.gen/providers/aws"; ... new AwsProvider(this, "aws", { region: "us-west-2", });

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. Stacks class MyStack extends TerraformStack { constructor(scope: Construct, id: string) { super(scope, id); // Your Infrastructure Here } } const app = new App(); new MyStack(app, "a-single-stack"); app.synth();

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. Functions import { Fn, TerraformOutput } from "cdktf"; import { DataAwsAvailabilityZones } from "@cdktf/provider-aws"; const zones = new DataAwsAvailabilityZones(this, "zones", { state: "available", }); new TerraformOutput(this, "first-zone", { value: Fn.element(zones.names, 0), });

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. Tokens const vpc = new Vpc(this, vpcName, { name: vpcName, publicSubnets: ["10.0.1.0/24", "10.0.2.0/24"], }); new Eks(this, "EksModule", { clusterName: "my-kubernetes-cluster", subnets: Token.asList(vpc.publicSubnetsOutput), clusterLogRetentionInDays: logRetention.numberValue, });

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. Thank you! © 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. Kyle Ruddy (he/him) @kmruddy [email protected] Taylor Dolezal (he/him) @onlydole [email protected]