update terraform workshop
This commit is contained in:
parent
2ccd58cbb2
commit
ebdac33de9
|
@ -30,7 +30,7 @@ in a declarative manner. It targets all major cloud platforms (GCP, AWS, Azure,
|
|||
|
||||
## Human-Readible Configuration Language
|
||||
|
||||
* HashiCorp Configuration Language (HCL) or JSON
|
||||
HashiCorp Configuration Language (HCL) or JSON
|
||||
|
||||
```
|
||||
provider "aws" {
|
||||
|
@ -54,10 +54,12 @@ output "instance_public_ip" {
|
|||
|
||||
---
|
||||
|
||||
## Workflow
|
||||
# Workflow
|
||||
|
||||
* Write your configuration file
|
||||
|
||||
* Use `terraform init` to initialize a Terraform workspace
|
||||
|
||||
* Use the the `terraform plan` action to simulate deployment of resources and assess the outcome
|
||||
|
||||
* Use `terraform apply` to actually deploy resources
|
||||
|
@ -72,7 +74,35 @@ output "instance_public_ip" {
|
|||
|
||||
* Use `terraform plan` and `terraform apply` in order to deploy the resource
|
||||
|
||||
* Remove the resource by updating your configuration file and using `terraform plan` and `terraform apply`
|
||||
* Remove the resource by using `terraform destroy`
|
||||
|
||||
* Take advantage of terraform docs and providers:
|
||||
|
||||
* https://registry.terraform.io/
|
||||
|
||||
* https://developer.hashicorp.com/terraform
|
||||
|
||||
---
|
||||
|
||||
# Solution
|
||||
|
||||
```
|
||||
# Specify the provider
|
||||
provider "aws" {
|
||||
region = "us-west-2"
|
||||
}
|
||||
|
||||
# Create an EC2 instance
|
||||
resource "aws_instance" "my_ec2" {
|
||||
ami = "ami-03e383d33727f4804"
|
||||
instance_type = "t2.micro"
|
||||
|
||||
|
||||
tags = {
|
||||
Name = "TestEC2Instance"
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
|
@ -86,7 +116,65 @@ output "instance_public_ip" {
|
|||
|
||||
---
|
||||
|
||||
# Next Steps
|
||||
# Solution
|
||||
|
||||
* ...
|
||||
```
|
||||
# Specify the provider
|
||||
provider "aws" {
|
||||
region = "us-west-2"
|
||||
}
|
||||
|
||||
# Create a security group
|
||||
resource "aws_security_group" "allow_ssh" {
|
||||
name = "allow_ssh"
|
||||
description = "Allow SSH access"
|
||||
|
||||
ingress {
|
||||
from_port = 22
|
||||
to_port = 22
|
||||
protocol = "tcp"
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
}
|
||||
|
||||
egress {
|
||||
from_port = 0
|
||||
to_port = 0
|
||||
protocol = "-1"
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
}
|
||||
}
|
||||
|
||||
# Specify the provider
|
||||
provider "aws" {
|
||||
region = "us-west-2"
|
||||
}
|
||||
|
||||
# Create an EC2 instance
|
||||
resource "aws_instance" "my_ec2" {
|
||||
ami = "ami-03e383d33727f4804"
|
||||
instance_type = "t2.micro"
|
||||
|
||||
security_groups = [aws_security_group.allow_ssh.name]
|
||||
|
||||
tags = {
|
||||
Name = "TestEC2Instance"
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
# Additional Notes
|
||||
|
||||
* Typically the terraform state is stored online in a manner that makes it retrievable by others
|
||||
|
||||
---
|
||||
|
||||
# SOPS for Secrets Management
|
||||
|
||||
* Download from https://github.com/getsops/sops
|
||||
|
||||
* Encrypt config file: `sops -e --pgp <key_id> credentials > credentials.enc`
|
||||
|
||||
* Decrypt and set: `eval $(sops -d credentials.enc | sed 's/: /=/g')`
|
||||
|
||||
|
|
Loading…
Reference in New Issue