Saturday, January 28, 2023

Module 34: Understanding Terraform

 Terraform is a platform-agnostic tool that allows you to build, change, and version infrastructure securely and efficiently. Terraform is an open-source tool and a Hashicorp-developed multi-cloud, infrastructure-as-code solution that uses the declarative Hashicorp Configuration Language. It aids in the management of established, well-known service providers such as GCP and AWS and specialized in-house solutions.

Terraform can manage both mainstream cloud service providers and unique in-house solutions. In addition, it collaborates with “providers” to manage external resources (public cloud infrastructure, private cloud infrastructure, software as a service, network appliances, and platform).

Terraform – An Infrastructure as Code Tool or IAC Tool

Since its release, terraform has grown in popularity as the first multi-cloud “Infrastructure as Code” technology. Another reason for its widespread use is the straightforward syntax for ensuring modularity. Terraform, classified as an IAC tool, works by treating and managing infrastructure code in the same way that software code is treated and managed.

How does Terraform work?

How does Terraform Work

Terraform users may define their whole infrastructure using only configuration files and version control. Terraform parses the code and transforms it into an application programming interface or API call to the resource provider when a command to deploy and execute a server, database, or load balancer is delivered. In addition, terraform is open source, meaning developers can always add to its functionality by writing new plugins or compiling different versions of existing ones.

Terraform Core and Terraform Plugins are the two most significant components of Terraform.

The reading and interpolation of resource plan implementations, resource graphs, state management features, and configuration files are handled by Terraform Core. Compiled binaries built in the Go programming language make up Core. In addition, every compiled binary serves as a command-line interface (CLI) for interacting with plugins via remote procedure calls (RPC).

Terraform Plugins are in charge of determining resources for certain Terraform services. This includes establishing trust with infrastructure providers and setting up the libraries used to make API requests. Terraform Plugins are executable binaries written in Go that may be used as a specialized service or a provisioner. (Provisioner plugins are used to run commands against a specific resource.)

Features of Terraform

Features of Terraform

  • Terraform is capable of managing many environments.
  • It is pretty simple to manage external service providers.
  • To boost failure tolerance, it can manage numerous clouds.
  • For speedier development, it uses a Declarative technique.
  • It aids in presenting the generated model in a graphical and understandable format.
  • Its modular code contributes significantly to consistency, reusability, and collaboration.

Importance of Terraform

  • All changes in an environment are tracked in the Terraform state file.
  • It provides a fantastic way to bundle and reuse standard code using modules.
  • Its modules are similar to scripting or programming languages’ functions or methods.
  • State files can also be used as a data source for other Terraform projects.
  • It helps to translate HCL code into JSON.
  • It make incremental changes to resources.
  • It imports current resources to a Terraform state, and
  • It provides support for software-defined networking.
  • It supports multiple cloud platforms
  • It lock modules before applying state changes to assure that only one person can make changes at a time.

Important concepts about Terraform

Providers- Providers are in charge of developing and managing resources. Terraform is built on a plugin architecture. The provider binary will be downloaded and installed using the ‘init’ command. AWS, Azure, Docker, Kubernetes, and others are examples.

Resources- These are small building pieces with one or more infrastructure components, such as a virtual machine, a subnet, or a load balancer. Because the resource name and type server serve as an identification for a specific resource, it must be unique.

Modules- Modules are used as containers for many resources that may be utilized to organize configuration code and make it reusable. At least one module, known as the ‘root’ module, is present in every Terraform configuration.

Input variables- The input variables are used to define your infrastructure’s configuration values. If it needs to be modified, these values can be utilized frequently without recalling every occurrence.

Output Variables- After the infrastructure has been deployed, the output variables are utilized to obtain information about it. These can be used for providing information to the server, such as IP addresses.

Terraform Remote- You can run Terraform in a remote environment with shared access to the state to share infrastructure responsibility. The remote backend’ is the name for this capability.

Important Terraform Commands

Terraform version- This displays the Terraform version currently installed on the system. This might be useful for identifying problems or new methods to work with the current version.

Terraform plan- Generates a plan for executing Terraform. To ensure that the Terraform state is up-to-date, it reads the current state of any pre-existing remote objects. Then, the current state is compared to the previous state, and the differences are calculated.

  • A set of change actions is proposed to make the remote objects fit the configuration. The changes will not be implemented as a result of this.
  • If this proposal meets your expectations, it can be implemented later.

Terraform fmt- This converts Terraform configuration files to a standard format. Because the canonical format may differ slightly between Terraform versions, this command should be executed on modules after upgraded Terraform.

Terraform providers- These display information about the configuration provider needs in the current working directory.

Terraform validate- This command verifies that a configuration is internally consistent and syntactically correct.

Terraform apply- The actions specified in a Terraform plan are carried out using this command.

Terraform destroy- This command destroys all remote objects handled by a Terraform setup.

Terraform import- Terraform may import infrastructure that already exists. This command enables us to put resources developed through other means under Terraform’s control.

Terraform show- Converts a state or plan file into a human-readable format. This can be used to check a plan to see if the planned operations are as expected or to check the present condition.

Terraform output- The value of an output variable is extracted from the state file by Terraform output. The result will show all of the root module’s outcomes with no further arguments.


Terraform is a fantastic and quickly evolving IaC solution that will undoubtedly boost the productivity of DevOps installations.

Terraform has a lot of advantages for both developers and enterprises. With the ability to interact with all major cloud service providers, this open-source solution can help you streamline your business objectives and take your DevOps projects to the next level of success.


Infrastructure as Code - Tools Overview
There are a lot of tools that allow you to deploy infrastructure as code:
  • Terraform
  • CloudFormation
  • Heat
  • Ansible
  • SaltStack
Chef, Puppet, Others

Not all of these tools are targeted for the same purpose. It is important to understand the difference between Configuration Management and Infrastructure Orchestration:
  • Ansible, Chef and Puppet are configuration management tools which means they are primarily designed to install and manage software on existing servers
  • Terraform and CloudFormation are infrastructure orchestration tools which are designed to provision servers and infrastructure themselves.

You can use infrastructure orchestration tools and configuration management tools in tandem. For example you could use Terraform to create a new EC2 instance on AWS, Terraform can then call Ansible to install and configure software and applications on the EC2 instance.

Terraform Simple Benefits Overview
  • Terraform supports multiple platforms - AWS, GCP, Azure etc.
  • Terraform has a simple language and a fast learning curve. The syntax is easy to read and understand.
  • Terraform is easy to integrate with configuration management tools like Ansible.
  • It is easily extensible with plugins.
  • It is free.





Creating a Simple EC2 Instance with Terraform
When launching a resource in AWS there are 3 things to consider:
  • How will you authenticate to AWS?
  • Which region will the resource be launched in?
  • Which resource do you want to launch?

There are various ways to authenticate to AWS but the easiest when first using Terraform is static credentials. These consist of a Key-Pair.
To use this you create a key pair for an AWS IAM User which Terraform will use to authenticate to AWS.
It is important to note that while static credentials in your main file is an easy method and useful as a tutorial or for hobby use it is not considered best practice.

First create a .tf file in this case I will use first_ec2.tf
Now you can edit the file to add Terraform code.

Example code for a simple EC2 instance:
provider "aws" {
region = "us-west-2"
access_key = "ExAmpLEKey21fjwljsfjkrf"
secret_key = "EXamPLeSECreTKEySDAHhhhsJJn23Ksda"
}
resource "aws_instance" "my_ec2" {
ami = "ami-05b622b5fa0269787"
instance_type = "t2.micro"
}


As you can see in this example code we have included answers to the "3 important things to consider".  Lets run through the code step-by-step:


Statement 1 (defines what platform, where to launch and method of authentication):
provider  - In this case it is "aws", the provider has to be specified and it is simply the platform that terraform will be provisioning infrastructure on.
region - This is the AWS Region we want to launch our EC2 instance into. In this case we have chosen "us-west-2"
access_key -  This is the 'access key' from the key pair we created for our AWS IAM User, it is part of what allows Terraform to authenticate to AWS.
secret_key - This is the 'secret key' from the key pair we created for our AWS IAM User.

Statement 2 (defines resource specfications):
resource - In this case we have specified "aws_instance" the terraform name for an AWS EC2 Instance and secondly "my_ec2" which is what we want to name the instance. Two resource blocks cannot have the same name "my_ec2" will be a unique name in the file.
ami - Specifies the Amazon Machine Image, ie. what image (OS specifics) we want to load on the EC2 Instance.
instance_type - In this case we have specified "t2.micro" this specifies what type of Amazon EC2 we want our instance to be. (How much memory, storage etc.)

Every AWS resource has mandatory elements and optional elements to include in a Terraform resource statement. For EC2 you need to specify the resource, ami and instance type.
However there are far more elements that optionally can be specified. They are not included here as this is as simple as it gets for launching an EC2.

You can view the requirements for each AWS resource at the Terraform Registry Documentation.

Now we have written our code and saved it with a .tf file type we can run the code with Terraform

Step 1: Run "terraform init" on the command line in the folder containing your tf file - This will initialise Terraform and install any dependencies your file requires.

Step 2: Run "terraform plan" this will generate a plan of the infrastructure your file will create.

Notice how the ami and instance_type are specified but a whole load of other options are "known after apply". These could have been specified but were optional. Bear in mind these options run a lot longer than this screenshot shows.

Step 3: If you are happy with the plan, run "terraform apply" to create the infrastructure.


Step 4: Terraform will show you the plan again and ask if you want to perform these actions. Say 'yes'.

Provided there are no errors during apply if you check your management console there will now be an EC2 Instance running.





Providers
Terraform supports multiple providers:

AWS, AZURE, GCP , ALIBABA, IBM, SALESFORCE etc 

Dependant on what type of infrastructure you want to launch you will have to use the appropriate provider in Terraform.

This is important for the initialisation phase:
Whenever you add a provider it is important to run "terraform init"  which will download plugins associated with the provider.

This is from the EC2 example above, notice how Terraform has realised we are using the AWS provider and has downloaded the associated AWS plugins.

In Terraform there are certain providers that are either "Hashicorp Maintained" (AWS, Azure etc.) or "Non-Hashicorp Maintained". Below is best practice syntax for establishing providers in your Terraform, notice how there are two blocks, one for what providers are required and another for each provider specific config.
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "3.33.0"
}
}
}

provider "aws" {
# Configuration options
}

In Terraform v13+ this provider syntax is actually deemed best practice for all providers. You can get this code block ready made from the Terraform Registry website.

If you are comfortable in Terraform in one provider it is easy to switch between providers as the overall Terraform syntax is the same and only provider specific terms and resources change.

let's use this official guide for this lecture
https://learn.hashicorp.com/tutorials/terraform/aws-build?in=terraform/aws-get-started
https://registry.terraform.io/

 Let's do this Lab here 

Deploying AWS EC2 instances with Terraform is one of the easiest ways to build infrastructure as code, and automate the provisioning, deployment and maintenance of resources to EC2 as well as custom solutions. This lab will walk you through the basics of configuring a single instance using a simple configuration file and the Terraform provider.

Prerequisites:

AWS access and secret keys are required to provision resources on AWS cloud.

  • Open Visual Code Studio then click on File Preferences > Extensions then search and install Terraform extension


























  • Login to AWS console, click on Username on top right corner and go to My Security Credentials



  • Click on Access Keys and Create New Key













Step I: Open File Explorer, navigate to Desktop and create a folder terraform_workspace.



















Step II: Once folder has been created, open Visual Code Studio and add folder to workspace













Step III: Create a new file main.tf and copy the below code in yellow color


















provider "aws" {

        access_key = "ACCESS KEY"
        secret_key  = "SECRET KEY"
        region         = "us-east-2"

}

resource "aws_instance" "ec2" {

  ami           = "ami-0a91cd140a1fc148a"

  instance_type = "t2.micro"
  vpc_security_group_ids = [aws_security_group.ec2_sg.id]
  tags = {
    Name = "ec2_instance"
  }

}


Add the block below in main.tf to output the Private IP, Public IP and EC2 Name after creation. (Note: This is not required)

output "ec2_ip" {

    value = [aws_instance.ec2.*.private_ip]

}


output "ec2_ip_public" {

    value = [aws_instance.ec2.*.public_ip]

}


output "ec2_name" {

    value = [aws_instance.ec2.*.tags.Name]

}



Step IV: Create a new file security.tf and copy the below code in yellow color

resource "aws_security_group" "ec2_sg" {
name = "ec2-dev-sg"
description = "EC2 SG"

ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["10.0.0.0/8"]
}

   ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["10.0.0.0/8"]
}

#Allow all outbound
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
    Name = "ec2-dev-sg"
  }
}


Step V: Open Terminal in VSCode
















Step V: Execute command below

terraform init
the above command will download the necessary plugins for AWS.

terraform plan
the above command will show how many resources will be added.
Plan: 2 to add, 0 to change, 0 to destroy.

Execute the below command
terraform apply
Plan: 2 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

Apply complete! Resources: 2 added, 0 changed, 0 destroyed.

Yay! 
We have successfully deployed our first ec2 instanc


Module 34: Understanding Terraform

  Terraform is a platform-agnostic tool that allows you to build, change, and version infrastructure securely and efficiently. Terraform is ...