Using Terraform with AWS

AWS Meetup Munich Using Terraform with AWS

Seth Vargo Director of Evangelism, HashiCorp @sethvargo

Agenda 1. Introduction to Terraform 2. Infrastructure as Code 3.
Variables, outputs, and meta-parameters 4. State 5. Modules

Introduction

Terraform Provisions Infrastructure Resources

Terraform's Goals Unify the view of resources using infrastructure as
code Support the modern data center (IaaS, PaaS, SaaS) Expose a way to safely and predictably change infrastructure Provide a workﬂow that is technology agnostic

Terraform vs. Other Tools Provides a high-level abstraction of infrastructure
(IaC) Allows for composition and combination Supports parallel management of resources (graph, fast) Separates planning from execution (dry-run)

Glossary

Glossary Provider A provider is an abstraction of the API/service
provider such as AWS, GCP, DNSimple, or Fastly. Providers typically require some sort of conﬁguration data such as an API key or credential ﬁle.

Glossary Resource A resource represents a component of a provider
such as an "AWS instance", "DNSimple Record", or "Fastly service". Resources have both arguments (inputs) and attributes (outputs) which are speciﬁc to the resource. Resources also have meta-parameters such as count and lifecycle.

Glossary (Resource) Argument An argument is an input or conﬁguration
option to a resource. An AWS EC2 instance accepts ami as an input parameter. This makes ami an argument to the aws_instance resource.

Glossary (Resource) Attribute An attribute is an output or computed
value available only after resource creation. An AWS EC2 instance provides public_ip as an output parameter. This makes public_ip an attribute to the aws_instance resource. This makes sense, because an instance's IP address is assigned during creation.

Glossary Graph The graph is the internal structure for Terraform's
resource dependencies and order. The graph implements a directed acyclic graph (DAG) which allows Terraform to optimize for parallelism while adhering to dependency ordering. It is possible to generate the graph as a DOT ﬁle for human viewing.

Glossary (Remote/Local) State Terraform stores the last-known arguments and attributes
for all resources. These contents known as "state" can be stored locally as a JSON ﬁle (local state) or stored in a remote shared location like Atlas (remote state).

Glossary Module A module is a self-contained package of Terraform
conﬁgurations. Modules are like abstract classes that are imported into other Terraform conﬁgurations. Parallels: Chef Cookbook, Puppet Module, Ruby gem

Glossary Variable A variable is a user or machine-supplied input
in Terraform configurations. Variables can be supplied via environment variables, CLI flags, or variable files. Combined with modules, variables help make Terraform flexible, sharable, and extensible.

Glossary Interpolation Terraform includes a built-in syntax for referencing attributes
of other resources. This technique is called interpolation. Terraform also provides built-in functions for performing string manipulations, evaluating math operations, and doing list comprehensions.

Glossary HashiCorp Conﬁguration Language (HCL) Terraform's syntax and interpolation are
part of an open source language and speciﬁcation called HCL.

Infrastructure as Code

Infrastructure as Code Provide a codified workflow to create infrastructure
Expose a workflow for managing updates to existing infrastructure Integrate with application code workflows (Git, SCM, Code Review) Provide modular, sharable components for separation of concerns

Infrastructure as Code (Terraform) Human-readable configuration (HCL) is designed for
human consumption so users can quickly interpret and understand their infrastructure configuration. HCL is fully JSON-compatible for machine-generated configurations.

resource "aws_instance" "web" { ami = "ami-9a562df2" instance_type = "t2.micro"
} main.tf

Infrastructure as Code (Terraform) Conﬁguration format is very VCS friendly
with support for multi- line lists, trailing commas, and auto-formatting.

resource "aws_instance" "web" { ami = "ami-9a562df2" - instance_type =
"t2.micro" + instance_type = "m1.small" } main.tf

Infrastructure as Code (Terraform) Reference values from other resources, building
the implicit dependency graph.

} resource "dnsimple_record" "web" { domain = "hashicorp.com" name = "web" ttl = "3600" type = "A" value = "${aws_instance.web.public_ip}" } main.tf

Infrastructure as Code (Terraform) Configuration can be in a single
file or split across multiple files. Terraform will merge all files in the current working directory which end in .tf or .tf.json.

Terminal $ ls main.tf outputs.tf variables.tf

Terminal $ ls instances.tf load-balancers.tf shared.tf

Terminal $ ls everything.tf

Conﬁguration Format

} main.tf

} main.tf resource

} main.tf "aws_instance"

} main.tf "web"

} resource "aws_instance" "web" { ami = "ami-6b563df1" instance_type = "t2.micro" } main.tf "web"

} resource "aws_instance" "web-2" { ami = "ami-6b563df1" instance_type = "t2.micro" } main.tf "web"

} resource "digitalocean_droplet" "web" { ami = "ami-6b563df1" instance_type = "t2.micro" } main.tf "web"

} main.tf ami instance_type

} main.tf

} resource "dnsimple_record" "web" { domain = "hashicorp.com" name = "web" ttl = "3600" type = "A" value = "${aws_instance.web.public_ip}" } "${aws_instance.web.public_ip}" main.tf

} resource "dnsimple_record" "web" { domain = "hashicorp.com" name = "web" ttl = "3600" type = "A" value = "${aws_instance.web.public_ip}" } # This is a comment main.tf // This is a comment as well

Syntax Highlighting Plugins for HCL exist for most major editors
If not: - "javascript" if using // comments  - "ruby" if using # comments Community leans toward # comments

Resource Graph

Resource Graph The resource graph is an internal representation of
all resources and their dependencies. A human-readable graph can be generated using the  terraform graph command. Can optionally draw cycles (advanced).

Demo: Run terraform graph Run the terraform graph command against
the sample Terraform conﬁgurations.

Terraform Graph Useful for visualizing infrastructure and dependencies Builds upon
existing visualization technologies and open formats such as DOT

Command Line Interface

Command Line Interface All interactions with Terraform occur via the
CLI. Terraform is a local tool (runs on the current machine).

Terminal $ terraform help Available commands are: apply Builds or
changes infrastructure destroy Destroy Terraform-managed infrastructure fmt Rewrites config files to canonical format get Download and install modules for the configuration graph Create a visual graph of Terraform resources init Initializes Terraform configuration from a module output Read an output from a state file plan Generate and show an execution plan push Upload this Terraform module to Atlas to run refresh Update local state file against real resources remote Configure remote state storage show Inspect Terraform state or plan taint Manually mark a resource for recreation untaint Manually unmark a resource as tainted validate Validates the Terraform files version Prints the Terraform version

Command: terraform plan The plan shows you what will happen
You can save plans to guarantee what will happen Plans show reasons for certain actions (such as re-create) Prior to Terraform, users had to guess change ordering, parallelization, and rollout effect

Demo: Run terraform plan

Command: terraform apply Executes changes in order based on the
resource graph Parallelizes changes when possible Handles and recovers transient errors

Demo: Run terraform apply

Command: terraform apply Updates existing resources when updates are allowed
Re-creates existing resources when updates are not allowed

Demo: In-place Upate Edit the main Terraform ﬁle an add
tags to the AWS instance.

Variables, Outputs, & Meta Parameters

Variables Define the parameterization of Terraform configurations Can have defaults,
be provided with a variables file, asked for at execution, or overridden via the CLI Values can be strings or maps Must be defined before used

variable "aws_access_key" {} provider "aws" { access_key = "..." secret_key
= "..." region = "us-east-1" } resource "aws_instance" "web" { ami = "ami-50759d3d" instance_type = "t2.micro" } main.tf

Variables Variables are available in the interpolation syntax.

variable "aws_access_key" {} variable "aws_secret_key" {} variable "aws_region" { default
= "us-east-1" } provider "aws" { access_key = "${var.aws_access_key}" secret_key = "..." region = "us-east-1" } resource "aws_instance" "web" { ami = "ami-50759d3d" instance_type = "t2.micro" } main.tf

Demo: Show tfvars ﬁle Reads from tfvars by default Prompts
for input if not provided

Outputs deﬁne values that will be highlighted to the user
when Terraform applies. Outputs can be queried using the terraform output command. Outputs

variable "aws_access_key" {} provider "aws" { access_key = "..." secret_key
= "..." region = "us-east-1" } resource "aws_instance" "web" { ami = "ami-50759d3d" instance_type = "t2.micro" } output "public_ip" { value = "${aws_instance.web.public_ip}" } main.tf

Demo: Query Output Use the terraform output command to for
all outputs. Use the terraform output command to query for a single output.

Meta-Parameters Meta-parameters allow for higher-level control ﬂow and lifecycle management
in Terraform.

Meta-Parameters Count The count attribute allows for N number of
identical resources to be created. This removes the need for complex variable iteration with "for" or "while" loops.

Meta-Parameters Depends On The depends_on attribute allows for declaration of
explicit dependencies. This is useful where interpolation is not required, but explicit ordering is desired.

Meta-Parameters Lifecycle The lifecycle attribute allow explicit conﬁguration of resource
lifecycle such as preventing destruction or ignoring property chanegs. This is an advanced option and is not recommended for users who are getting started with Terraform.

Demo: Change count Increase the count parameter on the AWS
instance to two (5). Run terraform plan and verify the output. Run terraform apply to apply the changes.

Terraform stores the state of your managed infrastructure from the
last time Terraform was run. Terraform uses this state to create plans and make changes to your infrastructure. It is critical that this state is maintained appropriately so future runs operate as expected. State

Terminal $ cat terraform.tfstate { "version": 1, "serial": 14, "modules":
[ { "path": [ "root" ], "outputs": { "public_ip": "54.164.13.128" }, "resources": { "aws_instance.example": { "type": "aws_instance", "primary": { "id": "i-d829670c", "attributes": {

Local State State is stored locally on one machine in
JSON format Generally acceptable for individuals and small teams Does not scale to large teams Resolving JSON git-diffs is hard

Remote State State is stored on a shared remote source
such as Atlas or Consul Remote storage is responsible for handling merging and locking Unnecessary overhead for small teams Best-suited for large or distributed teams

Transitioning from Local to Remote Transitioning is a one-time operation
After conﬁgured, Terraform will no longer store local state

Modules

Modules Portable Terraform conﬁgurations (packages) Allow separation of concerns and
responsibilities among teams Parallels: Chef Cookbook, Puppet Module, Ruby gem

Modules Spoiler Alert! Modules are just Terraform conﬁgurations inside a
folder - there's nothing special about them.

Modules Variables => Arguments Outputs => Attributes Conﬁguration is sandbox/blackbox

Demo: Consul Module Suppose I want an entire Consul cluster,
but I know nothing about best practices for setting up Consul.

Questions & More Information Terraform Guides & Docs  terraform.io Terraform
OSS (Golang)  github.com/hashicorp/terraform Best Practices Repo  github.com/hashicorp/best-practices

Using Terraform with AWS

Using Terraform with AWS

More Decks by Seth Vargo

Other Decks in Technology

Featured

Transcript