presentations/terraform-workshop/index.md

186 lines
3.4 KiB
Markdown
Raw Normal View History

2024-11-21 18:30:57 +00:00
# Terraform Workshop
---
## What is Terraform
IaC (Infrastructure as Code) framework which enables programatic definition,
2024-11-27 03:11:55 +00:00
deployment and management of infrastructure resources for cloud and on-premises
2024-11-21 18:30:57 +00:00
in a declarative manner. It targets all major cloud platforms (GCP, AWS, Azure, DO etc.)
---
## Why do We Need it
* Standardization of deployment to ensure a consistent state
* Version control
* Deploying an additional clone env for testing
* Easier auditability to improve quality and security
* Modular - reuse & ease of understanding
* Resource Graph (dependency graph + parallel execution when possible)
* Version control
* Enables use of hardened deployment pipelines
* Enables immutable infrastructure
---
## Human-Readible Configuration Language
2024-11-27 03:11:55 +00:00
HashiCorp Configuration Language (HCL) or JSON
2024-11-21 18:30:57 +00:00
```
provider "aws" {
region = "us-west-2"
}
resource "aws_instance" "example" {
ami = "ami-0c55b159cbfafe1f0" # Amazon Linux 2 AMI ID
instance_type = "t2.micro"
tags = {
Name = "HelloWorldEC2Instance"
}
}
output "instance_public_ip" {
value = aws_instance.example.public_ip
}
2024-11-27 03:11:55 +00:00
```
2024-11-21 18:30:57 +00:00
---
2024-11-27 03:11:55 +00:00
# Workflow
2024-11-21 18:30:57 +00:00
* Write your configuration file
2024-11-27 03:11:55 +00:00
* Use `terraform init` to initialize a Terraform workspace
2024-11-21 18:30:57 +00:00
* Use the the `terraform plan` action to simulate deployment of resources and assess the outcome
* Use `terraform apply` to actually deploy resources
---
# Exercise
* Set up local credentials for your cloud platform of choice
* Write a file that deploys an EC2 instance
* Use `terraform plan` and `terraform apply` in order to deploy the resource
2024-11-27 03:11:55 +00:00
* Remove the resource by using `terraform destroy`
* Take advantage of terraform docs and providers:
* https://registry.terraform.io/
* https://developer.hashicorp.com/terraform
---
# Solution
```
# Specify the provider
provider "aws" {
region = "us-west-2"
}
# Create an EC2 instance
resource "aws_instance" "my_ec2" {
ami = "ami-03e383d33727f4804"
instance_type = "t2.micro"
tags = {
Name = "TestEC2Instance"
}
}
```
2024-11-21 18:30:57 +00:00
---
# Extend Configuration
* Add a VPC
* Define security group that limits ingress and egress to port 22
* Add SSH key(s) which may connect to the instance
---
2024-11-27 03:11:55 +00:00
# Solution
```
# Specify the provider
provider "aws" {
region = "us-west-2"
}
# Create a security group
resource "aws_security_group" "allow_ssh" {
name = "allow_ssh"
description = "Allow SSH access"
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
2024-11-27 03:35:34 +00:00
}
resource "aws_security_group" "default_egress" {
name = "default_egress"
description = "Specify egress for instance"
2024-11-27 03:11:55 +00:00
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
# Specify the provider
provider "aws" {
region = "us-west-2"
}
# Create an EC2 instance
resource "aws_instance" "my_ec2" {
ami = "ami-03e383d33727f4804"
instance_type = "t2.micro"
security_groups = [aws_security_group.allow_ssh.name]
tags = {
Name = "TestEC2Instance"
}
}
```
---
# Additional Notes
* Typically the terraform state is stored online in a manner that makes it retrievable by others
---
# SOPS for Secrets Management
* Download from https://github.com/getsops/sops
* Encrypt config file: `sops -e --pgp <key_id> credentials > credentials.enc`
2024-11-21 18:30:57 +00:00
2024-11-27 03:11:55 +00:00
* Decrypt and set: `eval $(sops -d credentials.enc | sed 's/: /=/g')`
2024-11-21 18:30:57 +00:00