Copyright © 2020 HashiCorp Understanding the AWS Provider for Terraform

Kerim Satirli (He/Him) Developer Advocate at HashiCorp

@ksatirli on GitHub and Twitter Developer Advocate at HashiCorp

Infrastructure as Code ▪ executable documentation ▪ enables collaboration ▪ safe and predictable

Agenda Introducing Terraform basic concepts Managing AWS with Terraform provisioning resources Scaling Terraform expanding your knowledge

Introducing Terraform

Terraform 125+ Official Providers AWS, GCP, Docker, etc. 175+ Community Providers 1Password, Stripe, Unifi, etc.

HashiCorp Configuration Language CODE EDITOR service { key = "value" }

HashiCorp Configuration Language CODE EDITOR service "http" "web_proxy" { listen_addr = "127.0.0.1:8080" process "server" { command = ["proxy-app", "server"] } } variable "port" { description = "Port for web_proxy" default = 8080 }

HashiCorp Configuration Language CODE EDITOR service "http" "web_proxy" { listen_addr = "127.0.0.1:${var.port}" process "server" { command = ["proxy-app", "server"] } } variable "port" { description = "Port for web_proxy" default = 8080 }

Provider set-up CODE EDITOR provider "docker" { version = "~> 2.7" host = "tcp://localhost:2376" registry_auth { address = "registry.hub.docker.com" config_file = "/Users/me/.docker/config.json" } }

TERMINAL > terraform init Initializing the backend... Initializing provider plugins... - Checking for available provider plugins... - Downloading plugin for provider "docker" (terraform-providers/docker) 2.7.0... Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary.

TERMINAL > tree .terraform/ └── plugins └── darwin_amd64 ├── lock.json └── terraform-provider-docker_v2.7.0_x4

Docker Container CODE EDITOR resource "docker_image" "hello_world" { name = "hello-world:${var.image_version}" } variable "image_version" { type = string description = "version of Docker Image to pull" default = "latest" }

Command: terraform fmt TERMINAL > terraform fmt main.tf

Command: terraform validate TERMINAL > terraform fmt main.tf > terraform validate Success! The configuration is valid.

Command: terraform help TERMINAL > terraform help Usage: terraform [-version] [-help] [args] The available commands for execution are listed below. The most common, useful commands are shown first, followed by less common or more advanced commands. Common commands: apply Builds or changes infrastructure destroy Destroy Terraform-managed infrastructure fmt Rewrites config files to canonical format output Read an output from a state file

Command: terraform plan TERMINAL > terraform plan -out="docker.tfplan" Terraform will perform the following actions: # docker_image.hello_world will be created + resource "docker_image" "hello_world" { + id = (known after apply) + latest = (known after apply) + name = "hello-world:latest" } Plan: 1 to add, 0 to change, 0 to destroy.

Command: terraform apply TERMINAL > terraform apply "docker.tfplan"

Command: terraform apply TERMINAL docker_image.hello_world: Creating... docker_image.hello_world: Still creating... docker_image.hello_world: Creation complete after 5s Apply complete! Resources: 1 added, 0 changed, 0 destroyed. The state of your infrastructure has been saved to the path below. This state is required to modify and destroy your infrastructure, so keep it safe. State path: terraform.tfstate

Terraform State ▪ maps real-world resources to your configuration ▪ keeps track of (resource) metadata ▪ improves performance for large infrastructures ▪ stored locally (by default), can be stored remotely

Docker Container CODE EDITOR resource "docker_image" "hello_world" { name = "hello-world:${var.image_version}" } variable "image_version" { type = string description = "version of Docker Image to pull" default = "latest" }

Command: terraform plan TERMINAL > terraform plan -out="docker.tfplan" var.image_version version of Docker Image to pull Enter a value: latest

Command: terraform plan TERMINAL Refreshing Terraform state in-memory prior to plan... The refreshed state will be used to calculate this plan, but will not be persisted to local or remote state storage. No changes. Infrastructure is up-to-date. This means that Terraform did not detect any differences between your configuration and real physical resources that exist. As a result, no actions need to be performed.

Variable Definition Files CODE EDITOR image_version = "latest"

Variable Definition Files ▪ contain key-value definitions of variables ▪ automatically loaded if named: ▪ "terraform.tfvars" or "terraform.tfvars.json" ▪ ".auto.tfvars" or ".auto.tfvars.json"

Docker Container CODE EDITOR resource "docker_image" "hello_world" { name = "hello-world:${var.image_version}" } resource "docker_container" "hello_world" { name = "hello-world" image = docker_image.hello_world.name }

Command: terraform apply TERMINAL docker_container.hello_world: Creating... docker_container.hello_world: Creation complete after 0s [id=3d5...966] Apply complete! Resources: 1 added, 0 changed, 0 destroyed. The state of your infrastructure has been saved to the path below. This state is required to modify and destroy your infrastructure, so keep it safe. To inspect the complete state use the `terraform show` command.

Managing AWS with Terraform

AWS Provider for Terraform hashi.co/tf-aws-provider-changelog

AWS Provider CODE EDITOR provider "aws" { version = "~> 2.60" region = "ap-south-1" access_key = "AKIAIOSFODNN7EXAMPLE" secret_access_key = "wJalrXUtnFEMI/K7MDEN" }

AWS Provider CODE EDITOR provider "aws" { version = "~> 2.60" region = "ap-south-1" access_key = var.aws_access_key secret_access_key = var.aws_secret_access_key }

AWS Provider CODE EDITOR provider "aws" { version = "~> 2.60" region = "ap-south-1" shared_credentials_file = "/Users/me/.aws/creds" secret_access_key = "hug-demo" }

AWS Provider TERMINAL > export AWS_ACCESS_KEY_ID="AKIAIOSFODNN7EXAMPLE" > export AWS_SECRET_ACCESS_KEY="wJalrXUtnFEMI/K7MDEN" CODE EDITOR provider "aws" { version = "~> 2.60" region = "ap-south-1" profile. = "hug-demo" }

EC2 Instance CODE EDITOR variable "ami_id" { type = string description = "AMI ID to use" default = "ami-0470e33cd681b2476" } variable "instance_type" { type = string description = "Instance type to use" default = "t2.micro" }

EC2 Instance CODE EDITOR resource "aws_instance" "hug_demo" { ami = var.ami_id instance_type = var.instance_type availability_zone = var.availability_zone }

EC2 Instance TERMINAL > terraform plan -out="aws.tfplan" Terraform will perform the following actions: # aws_instance.hug_demo will be created + resource "aws_instance" "hug_demo" Plan: 1 to add, 0 to change, 0 to destroy. This plan was saved to: aws.tfplan

EC2 Instance TERMINAL > terraform apply "aws.tfplan" aws_instance.hug_demo: Creating... aws_instance.hug_demo: Still creating... [10s elapsed] aws_instance.hug_demo: Still creating... [20s elapsed] aws_instance.hug_demo: Creation complete after 22s Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

EC2 Instance ap-south-1.console.aws.amazon.com/ec2

EBS Volume CODE EDITOR resource "aws_instance" "hug_demo" { ... } resource "aws_ebs_volume" "hug_demo" { ... } resource "aws_volume_attachment" "hug_demo" { ... }

EBS Volume CODE EDITOR output "volume_device_name" { value = aws_volume_attachment.hug_demo.device_name }

Command: terraform apply TERMINAL > terraform apply "aws.tfplan" aws_ebs_volume.hug_demo: Refreshing state... aws_instance.hug_demo: Refreshing state... aws_volume_attachment.hug_demo: Refreshing state... Apply complete! Resources: 0 added, 0 changed, 0 destroyed. Outputs: volume_device_name = /dev/sdh

Command: terraform output TERMINAL > terraform output volume_device_name = /dev/sdh

Command: terraform output TERMINAL > terraform output volume_device_name /dev/sdh

Command: terraform destroy TERMINAL > terraform plan -destroy -out="aws.tfplan"

Command: terraform destroy TERMINAL > terraform apply "aws.tfplan"

Command: terraform destroy TERMINAL > terraform apply "aws.tfplan" aws_ebs_volume.hug_demo: Destroying... aws_instance.hug_demo: Destroying... aws_volume_attachment.hug_demo: Destroying… Apply complete! Resources: 0 added, 0 changed, 3 destroyed.

Terraform lifecycle ▪ terraform init ▪ terraform fmt ▪ terraform validate ▪ terraform plan -out="terraform.tfplan" ▪ terraform apply "terraform.tfplan" ▪ terraform plan -destroy

Scaling Terraform

Importing existing resources CODE EDITOR resource "aws_s3_bucket" "hug_demo" { bucket = "hug-demo" }

Command: terraform import TERMINAL > terraform import \ aws_s3_bucket.hug_demo "hug-demo"

Command: terraform import TERMINAL > terraform import \ aws_s3_bucket.hug_demo "hug-demo" aws_s3_bucket.hug_demo: Importing from ID "hug-demo"... aws_s3_bucket.hug_demo: Import prepared! Prepared aws_s3_bucket for import aws_s3_bucket.hug_demo: Refreshing state... [id=hug- demo] Import successful!

Review ▪ Providers ▪ Lifecycle ▪ State

Materials ▪ slides: hashi.co/tf-basics-for-aws ▪ code: hashi.co/tf-basics-for-aws-code ▪ guides: hashi.co/tf-learn-aws ▪ forums: hashi.co/tf-forum-aws

No content

Thank You kerim@hashicorp.com