diff --git a/terraform-workshop/index.md b/terraform-workshop/index.md index ef577c4..d0bcbc4 100644 --- a/terraform-workshop/index.md +++ b/terraform-workshop/index.md @@ -6,7 +6,7 @@ ## What is Terraform IaC (Infrastructure as Code) framework which enables programatic definition, -deployment and management of infrastructure resources for cloud and on-premises +deployment and management of infrastructure resources for cloud and on-premises in a declarative manner. It targets all major cloud platforms (GCP, AWS, Azure, DO etc.) --- @@ -30,7 +30,7 @@ in a declarative manner. It targets all major cloud platforms (GCP, AWS, Azure, ## Human-Readible Configuration Language -* HashiCorp Configuration Language (HCL) or JSON +HashiCorp Configuration Language (HCL) or JSON ``` provider "aws" { @@ -50,14 +50,16 @@ output "instance_public_ip" { value = aws_instance.example.public_ip } -``` +``` --- -## Workflow +# Workflow * Write your configuration file +* Use `terraform init` to initialize a Terraform workspace + * Use the the `terraform plan` action to simulate deployment of resources and assess the outcome * Use `terraform apply` to actually deploy resources @@ -72,7 +74,35 @@ output "instance_public_ip" { * Use `terraform plan` and `terraform apply` in order to deploy the resource -* Remove the resource by updating your configuration file and using `terraform plan` and `terraform apply` +* Remove the resource by using `terraform destroy` + +* Take advantage of terraform docs and providers: + + * https://registry.terraform.io/ + + * https://developer.hashicorp.com/terraform + +--- + +# Solution + +``` +# Specify the provider +provider "aws" { + region = "us-west-2" +} + +# Create an EC2 instance +resource "aws_instance" "my_ec2" { + ami = "ami-03e383d33727f4804" + instance_type = "t2.micro" + + + tags = { + Name = "TestEC2Instance" + } +} +``` --- @@ -86,7 +116,65 @@ output "instance_public_ip" { --- -# Next Steps +# Solution -* ... +``` +# Specify the provider +provider "aws" { + region = "us-west-2" +} + +# Create a security group +resource "aws_security_group" "allow_ssh" { + name = "allow_ssh" + description = "Allow SSH access" + + ingress { + from_port = 22 + to_port = 22 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } +} + +# Specify the provider +provider "aws" { + region = "us-west-2" +} + +# Create an EC2 instance +resource "aws_instance" "my_ec2" { + ami = "ami-03e383d33727f4804" + instance_type = "t2.micro" + + security_groups = [aws_security_group.allow_ssh.name] + + tags = { + Name = "TestEC2Instance" + } +} +``` + +--- + +# Additional Notes + +* Typically the terraform state is stored online in a manner that makes it retrievable by others + +--- + +# SOPS for Secrets Management + +* Download from https://github.com/getsops/sops + +* Encrypt config file: `sops -e --pgp credentials > credentials.enc` + +* Decrypt and set: `eval $(sops -d credentials.enc | sed 's/: /=/g')`