manage aws infrastructure as code using terraform
TRANSCRIPT
![Page 1: Manage AWS infrastructure as code using Terraform](https://reader035.vdocuments.mx/reader035/viewer/2022081414/586fb4701a28abe57d8b715f/html5/thumbnails/1.jpg)
MANAGE AWS INFRASTRUCTURE AS CODEUSING TERRAFORM
![Page 2: Manage AWS infrastructure as code using Terraform](https://reader035.vdocuments.mx/reader035/viewer/2022081414/586fb4701a28abe57d8b715f/html5/thumbnails/2.jpg)
Hello!I AM ANTON BABENKO
I enjoy AWS, DevOps, solutions architecture & web-development
github.com/antonbabenkolinkedin.com/in/antonbabenko
![Page 3: Manage AWS infrastructure as code using Terraform](https://reader035.vdocuments.mx/reader035/viewer/2022081414/586fb4701a28abe57d8b715f/html5/thumbnails/3.jpg)
COOL COMPANIES
![Page 4: Manage AWS infrastructure as code using Terraform](https://reader035.vdocuments.mx/reader035/viewer/2022081414/586fb4701a28abe57d8b715f/html5/thumbnails/4.jpg)
0.AGENDA
![Page 5: Manage AWS infrastructure as code using Terraform](https://reader035.vdocuments.mx/reader035/viewer/2022081414/586fb4701a28abe57d8b715f/html5/thumbnails/5.jpg)
0.AGENDA
1.State of things2.Terraform 101
●Getting started with Terraform3.Terraform 201
●Advanced concepts in Terraform● Demos
4.CI/CD with Terraform●Demo
![Page 6: Manage AWS infrastructure as code using Terraform](https://reader035.vdocuments.mx/reader035/viewer/2022081414/586fb4701a28abe57d8b715f/html5/thumbnails/6.jpg)
1.STATE OF THINGS
AWS + Infrastructure as code
![Page 7: Manage AWS infrastructure as code using Terraform](https://reader035.vdocuments.mx/reader035/viewer/2022081414/586fb4701a28abe57d8b715f/html5/thumbnails/7.jpg)
AVAILABLE TOOLS
○AWS CloudFormation○Puppet, Chef, Ansible, Salt…○AWS API, libraries (Boto, Fog)○Terraform by HashiCorp
![Page 8: Manage AWS infrastructure as code using Terraform](https://reader035.vdocuments.mx/reader035/viewer/2022081414/586fb4701a28abe57d8b715f/html5/thumbnails/8.jpg)
AVAILABLE TOOLS
○AWS CloudFormation●http://www.slideshare.net/AntonBabenko/ma
naging-aws-infrastructure-using-cloudformation
○Puppet, Chef, Ansible, Salt…○AWS API, libraries (Boto, Fog)○Terraform by HashiCorp
![Page 9: Manage AWS infrastructure as code using Terraform](https://reader035.vdocuments.mx/reader035/viewer/2022081414/586fb4701a28abe57d8b715f/html5/thumbnails/9.jpg)
![Page 10: Manage AWS infrastructure as code using Terraform](https://reader035.vdocuments.mx/reader035/viewer/2022081414/586fb4701a28abe57d8b715f/html5/thumbnails/10.jpg)
““HashiCorp is Atlassian for
DevOps.”
Someone at DevOps conference
![Page 11: Manage AWS infrastructure as code using Terraform](https://reader035.vdocuments.mx/reader035/viewer/2022081414/586fb4701a28abe57d8b715f/html5/thumbnails/11.jpg)
TERRAFORMTerraform is a tool for building, changing, and versioning infrastructure safely and
efficiently.www.terraform.io
![Page 12: Manage AWS infrastructure as code using Terraform](https://reader035.vdocuments.mx/reader035/viewer/2022081414/586fb4701a28abe57d8b715f/html5/thumbnails/12.jpg)
Latest version: 0.6.8 (released 2.12.2015)
Open-source, written in Golang.
Very active development:○CHANGELOG.md (ca. 1 release per month)○GitHub Issues (ca. 5-15 issues resolving daily)○Growing community (IRC, Mailing list, Stack
Overflow)
TERRAFORM FACTS
![Page 13: Manage AWS infrastructure as code using Terraform](https://reader035.vdocuments.mx/reader035/viewer/2022081414/586fb4701a28abe57d8b715f/html5/thumbnails/13.jpg)
TERRAFORM VS CLOUDFORMATION
Principles
![Page 14: Manage AWS infrastructure as code using Terraform](https://reader035.vdocuments.mx/reader035/viewer/2022081414/586fb4701a28abe57d8b715f/html5/thumbnails/14.jpg)
CloudFormation Terraform
Configuration format JSON HCL/JSONState management No Yes
Execution control No Yes!Logical comparisons Yes LimitedSupports iterations No YesManage already created resources No Yes (hard)Providers supported Only AWS 20+ (incl. AWS,
GCE, Azure)
![Page 15: Manage AWS infrastructure as code using Terraform](https://reader035.vdocuments.mx/reader035/viewer/2022081414/586fb4701a28abe57d8b715f/html5/thumbnails/15.jpg)
CloudFormation Terraform
AWS resource types 121 103Resource properties and operations completeness
90% Work in progress
Handle failures * Optional rollback Fix it & retry
Contribute? No Yes!GH issue #28
AWS SPECIFICS
![Page 16: Manage AWS infrastructure as code using Terraform](https://reader035.vdocuments.mx/reader035/viewer/2022081414/586fb4701a28abe57d8b715f/html5/thumbnails/16.jpg)
AWS CLOUDFORMATION DESIGNER
![Page 17: Manage AWS infrastructure as code using Terraform](https://reader035.vdocuments.mx/reader035/viewer/2022081414/586fb4701a28abe57d8b715f/html5/thumbnails/17.jpg)
TERRAFORM GRAPH
![Page 18: Manage AWS infrastructure as code using Terraform](https://reader035.vdocuments.mx/reader035/viewer/2022081414/586fb4701a28abe57d8b715f/html5/thumbnails/18.jpg)
2.TERRAFORM
Commands
![Page 19: Manage AWS infrastructure as code using Terraform](https://reader035.vdocuments.mx/reader035/viewer/2022081414/586fb4701a28abe57d8b715f/html5/thumbnails/19.jpg)
TERRAFORM COMMANDS$ terraformusage: terraform [--version] [--help] <command> [<args>]
Available commands are: apply Builds or changes infrastructure destroy Destroy Terraform-managed infrastructure get Download and install modules for the configuration graph Create a visual graph of Terraform resources init Initializes Terraform configuration from a module output Read an output from a state file plan Generate and show an execution plan refresh Update local state file against real resources remote Configure remote state storage show Inspect Terraform state or plan taint Manually mark a resource for recreation version Prints the Terraform version
![Page 20: Manage AWS infrastructure as code using Terraform](https://reader035.vdocuments.mx/reader035/viewer/2022081414/586fb4701a28abe57d8b715f/html5/thumbnails/20.jpg)
TERRAFORM COMMANDS$ terraformusage: terraform [--version] [--help] <command> [<args>]
Available commands are: apply Builds or changes infrastructure destroy Destroy Terraform-managed infrastructure get Download and install modules for the configuration graph Create a visual graph of Terraform resources init Initializes Terraform configuration from a module output Read an output from a state file plan Generate and show an execution plan refresh Update local state file against real resources remote Configure remote state storage show Inspect Terraform state or plan taint Manually mark a resource for recreation version Prints the Terraform version
![Page 21: Manage AWS infrastructure as code using Terraform](https://reader035.vdocuments.mx/reader035/viewer/2022081414/586fb4701a28abe57d8b715f/html5/thumbnails/21.jpg)
TERRAFORM REMOTEConfigures remote state storage with Terraform
*.tf
AWSinfrastructur
e
terraform.tfstate
S3,Atlas, Consul,
etcd, HTTP
![Page 22: Manage AWS infrastructure as code using Terraform](https://reader035.vdocuments.mx/reader035/viewer/2022081414/586fb4701a28abe57d8b715f/html5/thumbnails/22.jpg)
TERRAFORM PLANGenerates an execution plan for Terraform
*.tf
AWSinfrastructur
e
terraform.tfstate
![Page 23: Manage AWS infrastructure as code using Terraform](https://reader035.vdocuments.mx/reader035/viewer/2022081414/586fb4701a28abe57d8b715f/html5/thumbnails/23.jpg)
TERRAFORM APPLYBuilds or changes infrastructure according to Terraform configuration files
*.tf
AWSinfrastructur
e
terraform.tfstate
![Page 24: Manage AWS infrastructure as code using Terraform](https://reader035.vdocuments.mx/reader035/viewer/2022081414/586fb4701a28abe57d8b715f/html5/thumbnails/24.jpg)
TERRAFORM REFRESHUpdate the state file of your infrastructure with metadata that matches the physical resources they are tracking
*.tf
AWSinfrastructur
e
terraform.tfstate
![Page 25: Manage AWS infrastructure as code using Terraform](https://reader035.vdocuments.mx/reader035/viewer/2022081414/586fb4701a28abe57d8b715f/html5/thumbnails/25.jpg)
TERRAFORM DESTROYDestroy Terraform-managed infrastructure
*.tf
AWSinfrastructur
e
terraform.tfstate
![Page 26: Manage AWS infrastructure as code using Terraform](https://reader035.vdocuments.mx/reader035/viewer/2022081414/586fb4701a28abe57d8b715f/html5/thumbnails/26.jpg)
TERRAFORM TAINTManually mark a resource as tainted, forcing a destroy and recreate on the next plan/apply
*.tf
AWSinfrastructur
e
terraform.tfstate
![Page 27: Manage AWS infrastructure as code using Terraform](https://reader035.vdocuments.mx/reader035/viewer/2022081414/586fb4701a28abe57d8b715f/html5/thumbnails/27.jpg)
TERRAFORM GRAPHDraw nice visual dependency graph of Terraform resources according to configuration files
$ terraform graph -draw-cycles | dot -Tpng -o graph.png
![Page 28: Manage AWS infrastructure as code using Terraform](https://reader035.vdocuments.mx/reader035/viewer/2022081414/586fb4701a28abe57d8b715f/html5/thumbnails/28.jpg)
TERRAFORM etc
$ terraform --help
![Page 29: Manage AWS infrastructure as code using Terraform](https://reader035.vdocuments.mx/reader035/viewer/2022081414/586fb4701a28abe57d8b715f/html5/thumbnails/29.jpg)
3.TERRAFORM
Warm up...
![Page 30: Manage AWS infrastructure as code using Terraform](https://reader035.vdocuments.mx/reader035/viewer/2022081414/586fb4701a28abe57d8b715f/html5/thumbnails/30.jpg)
TERRAFORM - WARM-UP
Keep Terraform shared state files on Amazon S3 and enable bucket versioning:
aws s3api create-bucket \--bucket my-terraform-states \--acl authenticated-read \--create-bucket-configuration LocationConstraint=eu-west-1
aws s3api put-bucket-versioning \--bucket my-terraform-states \--versioning-configuration Status=Enabled
![Page 31: Manage AWS infrastructure as code using Terraform](https://reader035.vdocuments.mx/reader035/viewer/2022081414/586fb4701a28abe57d8b715f/html5/thumbnails/31.jpg)
TERRAFORMWARM-UP QUESTIONS?
○ How many environments?○ How many AWS regions?○ How many DevOps will be involved?
● It is not so important.
![Page 32: Manage AWS infrastructure as code using Terraform](https://reader035.vdocuments.mx/reader035/viewer/2022081414/586fb4701a28abe57d8b715f/html5/thumbnails/32.jpg)
TERRAFORM
In action
![Page 33: Manage AWS infrastructure as code using Terraform](https://reader035.vdocuments.mx/reader035/viewer/2022081414/586fb4701a28abe57d8b715f/html5/thumbnails/33.jpg)
TERRAFORM - DEMO 1
There was nothing in AWS account, so let’s create new VPC, subnets and deploy heavy web-app
Complete code and slides:http://github.com/antonbabenko/terraform-aws-devops
![Page 34: Manage AWS infrastructure as code using Terraform](https://reader035.vdocuments.mx/reader035/viewer/2022081414/586fb4701a28abe57d8b715f/html5/thumbnails/34.jpg)
PROJECTS/SHARED-AWS
![Page 35: Manage AWS infrastructure as code using Terraform](https://reader035.vdocuments.mx/reader035/viewer/2022081414/586fb4701a28abe57d8b715f/html5/thumbnails/35.jpg)
PROJECTS/HEAVY
![Page 36: Manage AWS infrastructure as code using Terraform](https://reader035.vdocuments.mx/reader035/viewer/2022081414/586fb4701a28abe57d8b715f/html5/thumbnails/36.jpg)
TERRAFORMWAYS TO STRUCTURE CONFIGS
○ One-in-all:● Good for partial and disposable setups
○ Separate by environments:● One project = one environment● Each environment may contain different modules● Read more
○ Layered projects (shared infrastructure):● Separate responsibilities (eg, “read-only” shared infrastructure for app
developers)● Easy to extend layers independently (using modules)● Small = fast
![Page 37: Manage AWS infrastructure as code using Terraform](https://reader035.vdocuments.mx/reader035/viewer/2022081414/586fb4701a28abe57d8b715f/html5/thumbnails/37.jpg)
TERRAFORMHOW TO STRUCTURE CONFIGS
○ Keep 1 Terraform state for each combination of project per environment (in 1 AWS region)
● eg, one-in-all = 1 Terraform state per environment
○ More environments = more combinations
○ Global AWS resources (eg, S3 buckets, EIP, IAM, Route53 zones, CodeDeploy applications):
● Keep them in Terraform states without separation by environments
○ Use environment in resource tags
○ Use modules
![Page 38: Manage AWS infrastructure as code using Terraform](https://reader035.vdocuments.mx/reader035/viewer/2022081414/586fb4701a28abe57d8b715f/html5/thumbnails/38.jpg)
TERRAFORM - MODULES
“Modules in Terraform are self-contained packages of Terraform configurations that are managed as a group.”
Support versioning:
Community modules - https://github.com/terraform-community-modules/
module "vpc" { source = "github.com/terraform-community-modules/tf_aws_vpc_only?ref=v1.0.0" cidr = "${var.vpc_cidr}"}
![Page 39: Manage AWS infrastructure as code using Terraform](https://reader035.vdocuments.mx/reader035/viewer/2022081414/586fb4701a28abe57d8b715f/html5/thumbnails/39.jpg)
Let’s import very important S3 bucket into Terraform configs, so that we can manage that resource using Terraform.
Explanation: Import of already created resources to Terraform state is not supported by Terraform natively, but it is possible.
TERRAFORM - DEMO 2
New resource!
![Page 40: Manage AWS infrastructure as code using Terraform](https://reader035.vdocuments.mx/reader035/viewer/2022081414/586fb4701a28abe57d8b715f/html5/thumbnails/40.jpg)
Our application ELB should contain custom security policy with specific set of SSL ciphers.
Explanation: “SSL ciphers” is not implemented as aws_elb resource type property.
TERRAFORM - DEMO 3
Updated!
![Page 41: Manage AWS infrastructure as code using Terraform](https://reader035.vdocuments.mx/reader035/viewer/2022081414/586fb4701a28abe57d8b715f/html5/thumbnails/41.jpg)
Our Heavy application team needs Redshift cluster available, so that developers can query it.
Explanation: Redshift is not among supported resource types by Terraform, but it is supported by AWS CloudFormation.
TERRAFORM - DEMO 4
![Page 42: Manage AWS infrastructure as code using Terraform](https://reader035.vdocuments.mx/reader035/viewer/2022081414/586fb4701a28abe57d8b715f/html5/thumbnails/42.jpg)
Terraform can create and manage AWS infrastructure which is:
○ New (has no resources)
○ Contains already existing resources
Terraform can:
○ Supplement resource types properties currently not supported natively
○ Supplement resource types currently not supported natively.
TERRAFORM - DEMO SUMMARY
![Page 43: Manage AWS infrastructure as code using Terraform](https://reader035.vdocuments.mx/reader035/viewer/2022081414/586fb4701a28abe57d8b715f/html5/thumbnails/43.jpg)
4.TERRAFORM
Demo: Continuous Integration &Continuous Deployment (beta)
![Page 44: Manage AWS infrastructure as code using Terraform](https://reader035.vdocuments.mx/reader035/viewer/2022081414/586fb4701a28abe57d8b715f/html5/thumbnails/44.jpg)
○ Using feature branches
○ Lock master branch
○ New push into feature branch:● terraform production init + plan
○ Feature merged into master branch:● terraform production init + plan + apply
○ Too risky? Combine:● terraform plan -out=plan_${GIT_SHA}.out● terraform apply plan_${GIT_SHA}.out
○ Terraform plugin for Jenkins, if you ask
TERRAFORM - CI/CD
![Page 45: Manage AWS infrastructure as code using Terraform](https://reader035.vdocuments.mx/reader035/viewer/2022081414/586fb4701a28abe57d8b715f/html5/thumbnails/45.jpg)
Responsibly deploy applications and make changes to infrastructure with Atlas by
HashiCorpatlas.hashicorp.com
![Page 46: Manage AWS infrastructure as code using Terraform](https://reader035.vdocuments.mx/reader035/viewer/2022081414/586fb4701a28abe57d8b715f/html5/thumbnails/46.jpg)
SUMMARYTerraform is cool, isn’t it ?
![Page 47: Manage AWS infrastructure as code using Terraform](https://reader035.vdocuments.mx/reader035/viewer/2022081414/586fb4701a28abe57d8b715f/html5/thumbnails/47.jpg)
I REALLY LIKE QUESTIONS
![Page 48: Manage AWS infrastructure as code using Terraform](https://reader035.vdocuments.mx/reader035/viewer/2022081414/586fb4701a28abe57d8b715f/html5/thumbnails/48.jpg)
THANK YOU!
All code from this talk:https://github.com/antonbabenko/terraform-aws-devops