Code all the Things: Terraform x AWS

Jacquie Grindrod (She/Her) Developer Advocate at HashiCorp

Kerim Satirli (He/Him) Developer Advocate at HashiCorp

Agenda Infrastructure as Code what even is it? First Steps putting the pieces together Next Steps expanding your knowledge

Infrastructure as Code

Infrastructure as Code ▪ executable documentation ▪ enables collaboration ▪ safe and predictable

HashiCorp Configuration Language

HashiCorp Configuration Language CODE EDITOR service "http" "web_proxy" { listen_addr = "127.0.0.1:8080" process "server" { command = ["proxy-app", "server"] } } variable "port" { description = "Port for web_proxy" default = 8080 }

HashiCorp Configuration Language CODE EDITOR service "http" "web_proxy" { listen_addr = "127.0.0.1:${var.port}" process "server" { command = ["proxy-app", "server"] } } variable "port" { description = "Port for web_proxy" default = 8080 }

Introducing Terraform

Terraform 125+ Official Providers AWS, Linode, GitHub, etc. 175+ Community Providers Auth0, Domino’s Pizza etc.

First Steps

AWS Provider CODE EDITOR provider "aws" { version = "~> 2.65" region = "us-east-1" access_key = "AKIAIOSFODNN7EXAMPLE" secret_access_key = "wJalrXUtnFEMI/K7MDEN" }

AWS Provider CODE EDITOR provider "aws" { version = "~> 2.65" region = "us-east-1" access_key = var.aws_access_key secret_access_key = var.aws_secret_access_key }

Command: terraform init TERMINAL > terraform init Initializing the backend... Initializing provider plugins... - Checking for available provider plugins... - Downloading plugin for provider "aws" (terraform-providers/aws) 2.65.0... Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary.

EC2 Instance CODE EDITOR variable "ami_id" { type = string description = "AMI ID to use" default = "ami-09d95fab7fff3776c" } variable "instance_type" { type = string description = "Instance type to use" default = "t2.micro" }

EC2 Instance CODE EDITOR resource "aws_instance" "hack_the_ne" { ami = var.ami_id instance_type = var.instance_type availability_zone = var.availability_zone }

Command: terraform plan TERMINAL > terraform plan -out="aws.tfplan" Terraform will perform the following actions: # aws_instance.hack_the_ne will be created + resource "aws_instance" "hack_the_ne" Plan: 1 to add, 0 to change, 0 to destroy. This plan was saved to: aws.tfplan

Command: terraform apply TERMINAL > terraform apply "aws.tfplan" aws_instance.hack_the_ne: Creating... aws_instance.hack_the_ne: Still creating... [10s elapsed] aws_instance.hack_the_ne: Still creating... [20s elapsed] aws_instance.hack_the_ne: Creation complete after 22s Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

EC2 Instance http://us-east-1.console.aws.amazon.com/ec2

EBS Volume CODE EDITOR resource "aws_instance" "hack_the_ne" { ... } resource "aws_ebs_volume" "hack_the_ne" { ... } resource "aws_volume_attachment" "hack_the_ne" { ... }

Command: terraform apply TERMINAL > terraform apply "aws.tfplan" aws_ebs_volume.hack_the_ne: Refreshing state... aws_instance.hack_the_ne: Refreshing state... aws_volume_attachment.hack_the_ne: Refreshing state... Apply complete! Resources: 0 added, 0 changed, 0 destroyed. Outputs: volume_device_name = /dev/sdh

Command: terraform output TERMINAL > terraform output volume_device_name = /dev/sdh

Command: terraform output TERMINAL > terraform output volume_device_name /dev/sdh

Command: terraform destroy TERMINAL > terraform plan -destroy -out="aws.tfplan"

Command: terraform destroy TERMINAL > terraform apply "aws.tfplan"

Command: terraform destroy TERMINAL > terraform apply "aws.tfplan" aws_ebs_volume.hack_the_ne: Destroying... aws_instance.hack_the_ne: Destroying... aws_volume_attachment.hack_the_ne: Destroying… Apply complete! Resources: 0 added, 0 changed, 3 destroyed.

Command: terraform fmt TERMINAL > terraform fmt main.tf

Command: terraform validate TERMINAL > terraform fmt main.tf > terraform validate Success! The configuration is valid.

Command: terraform help TERMINAL > terraform help Usage: terraform [-version] [-help] [args] The available commands for execution are listed below. The most common, useful commands are shown first, followed by less common or more advanced commands. Common commands: apply Builds or changes infrastructure destroy Destroy Terraform-managed infrastructure fmt Rewrites config files to canonical format output Read an output from a state file

Next Steps

Terraform lifecycle ▪ terraform init ▪ terraform fmt ▪ terraform validate ▪ terraform plan -out="terraform.tfplan" ▪ terraform apply "terraform.tfplan" ▪ terraform plan -destroy

Terraform State ▪ maps real-world resources to your configuration ▪ keeps track of (resource) metadata ▪ improves performance for large infrastructures ▪ stored locally (by default), can be stored remotely

Security Groups CODE EDITOR service "aws_security_group_rule" "allow_from_self" { description = "Allow all inbound access from local" type = "ingress" from_port = 0 to_port = 65535 protocol = "tcp" cidr_blocks = ["${chomp(data.http.icanhazip.body)}/32"] }

Review ▪ Infrastructure as Code ▪ Introduction to Terraform ▪ Deployed Resources

Materials ▪ slides: hashi.co/htne-slides ▪ code: hashi.co/htne-code ▪ guides: hashi.co/tf-learn

No content

Thank You jacquie@hashicorp.com kerim@hashicorp.com