update terraform workshop

This commit is contained in:
Anton Livaja 2024-11-26 22:11:55 -05:00
parent 2ccd58cbb2
commit ebdac33de9
Signed by: anton
GPG Key ID: 44A86CFF1FDF0E85
1 changed files with 95 additions and 7 deletions

View File

@ -30,7 +30,7 @@ in a declarative manner. It targets all major cloud platforms (GCP, AWS, Azure,
## Human-Readible Configuration Language ## Human-Readible Configuration Language
* HashiCorp Configuration Language (HCL) or JSON HashiCorp Configuration Language (HCL) or JSON
``` ```
provider "aws" { provider "aws" {
@ -54,10 +54,12 @@ output "instance_public_ip" {
--- ---
## Workflow # Workflow
* Write your configuration file * Write your configuration file
* Use `terraform init` to initialize a Terraform workspace
* Use the the `terraform plan` action to simulate deployment of resources and assess the outcome * Use the the `terraform plan` action to simulate deployment of resources and assess the outcome
* Use `terraform apply` to actually deploy resources * Use `terraform apply` to actually deploy resources
@ -72,7 +74,35 @@ output "instance_public_ip" {
* Use `terraform plan` and `terraform apply` in order to deploy the resource * Use `terraform plan` and `terraform apply` in order to deploy the resource
* Remove the resource by updating your configuration file and using `terraform plan` and `terraform apply` * Remove the resource by using `terraform destroy`
* Take advantage of terraform docs and providers:
* https://registry.terraform.io/
* https://developer.hashicorp.com/terraform
---
# Solution
```
# Specify the provider
provider "aws" {
region = "us-west-2"
}
# Create an EC2 instance
resource "aws_instance" "my_ec2" {
ami = "ami-03e383d33727f4804"
instance_type = "t2.micro"
tags = {
Name = "TestEC2Instance"
}
}
```
--- ---
@ -86,7 +116,65 @@ output "instance_public_ip" {
--- ---
# Next Steps # Solution
* ... ```
# Specify the provider
provider "aws" {
region = "us-west-2"
}
# Create a security group
resource "aws_security_group" "allow_ssh" {
name = "allow_ssh"
description = "Allow SSH access"
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
# Specify the provider
provider "aws" {
region = "us-west-2"
}
# Create an EC2 instance
resource "aws_instance" "my_ec2" {
ami = "ami-03e383d33727f4804"
instance_type = "t2.micro"
security_groups = [aws_security_group.allow_ssh.name]
tags = {
Name = "TestEC2Instance"
}
}
```
---
# Additional Notes
* Typically the terraform state is stored online in a manner that makes it retrievable by others
---
# SOPS for Secrets Management
* Download from https://github.com/getsops/sops
* Encrypt config file: `sops -e --pgp <key_id> credentials > credentials.enc`
* Decrypt and set: `eval $(sops -d credentials.enc | sed 's/: /=/g')`