Get Started with Terraform AWS
Overview
Terraform is an infrastructure as code (IaC) tool that enables us to define and manage infrastructure using configuration files rather than a graphical user interface. IaC tools assist in automating infrastructure creation with the aid of configuration files to minimize the need for manual actions on the user interface. IaC tools enhance features like configuration file versioning, extensibility, and reusability. Terraform allows us to interact with multiple cloud platforms such as AWS, Azure, and GCP, as well as other services such as GitHub, Kubernetes, Helm, etc.
What is Terraform?
Developed and maintained by HashiCorp, Terraform is an infrastructure as code (IaC) tool. Simply put, Terraform as a tool reduces the workload associated with manually managing and maintaining infrastructure by defining resources and infrastructure in the form of configuration files that are simple to read and maintain. Terraform makes it simple to provision and destroy infrastructure across a variety of cloud platforms.
By maintaining a state file that records all resource changes within the infrastructure, Terraform keeps track of all infrastructure. Additionally, by committing Terraform code to a version control system, multiple developers can easily collaborate, which would have been very time-consuming to do if the entire infrastructure had to be created and maintained manually using a graphical user interface like the AWS console.
Terraform interacts with the cloud providers' application programming interfaces (APIs) in the background through the use of plugins known as Terraform providers.
Why Terraform?
Using Terraform has the following advantages over manually configuring the infrastructure :
- Version control :
Infrastructure as Code enables the storage of configuration files in version control systems, allowing for the easy management of different versions of code, making infrastructure changes much easier to implement. It also enables multiple developers to collaborate easily. - Code Reusability :
Instead of having to perform each deployment for each resource in each environment from scratch, you can package your infrastructure into reusable modules that can be used to spin up a new environment using the same code. - Infrastructure Validation :
Terraform makes it possible to perform infrastructure validation at any time, thereby lowering the possibility of errors. - Automate manual tasks :
Terraform makes it possible to automate manual tasks that would otherwise be carried out using the user interface. It increases the productivity and efficiency of developers.
How Terraform Works?
By directly interacting with the cloud platforms and other service APIs, Terraform works by creating and managing resources according to the definitions in the configuration files. The pre-built plugins known as Terraform providers are used by Terraform to communicate with the cloud platforms and other services APIs. A set of resources that are specific to each cloud platform or service are defined by providers; using these resources, custom configuration files can be written to build infrastructure as needed.
Within the Terraform Registry, Terraform maintains a record of the providers that are available for various cloud platforms and services.
Terraform keeps a state file in which it stores data about the infrastructure, which it uses to manage the resources provisioned using Terraform. For Terraform to identify and make any changes to the infrastructure, the state file serves as a single source of truth. This state can be stored remotely, in addition to being held by default in a local file called terraform.tfstate To keep the infrastructure in working order, state files must be securely stored. Additionally, it is advised against making manual changes to the state file.
Terraform Workflow
The three stages of the Terraform workflow are as follows :
- Write :
As the foundation for resource provisioning, you define the resources in one or more configuration files at this stage. As an example, you can specify a Terraform configuration to create an S3 bucket and upload a few objects to it. - Plan :
In this stage, you execute the terraform plan command, which causes Terraform to create an execution plan and display any additions, deletions, or changes that are required in light of the defined configurations and existing infrastructure. - Apply :
At this point, you run terraform apply, and terraform then executes the specified actions in the proper sequence to provision the resources. The existing infrastructure may be added to, deleted from, or otherwise altered from the cloud infrastructure.
Terraform Setup with AWS
Download and Install Terraform
- By using the link, you can download and install Terraform for your operating system.
- Run the command terraform -help in the terminal to confirm the installation.
Define Terraform AWS Provider
Create a file main.tf and define the AWS provider using the following code.
The required provider must be declared by the Terraform module before Terraform can install and use them. The provider block's version parameter can also be used to specify the version. The providers are updated by Terraform by adding new functionality, which can be found at link for version information. Use the most recent version for the majority of use cases.
Define Provider Local Name
The following code can be used in the main.tf to give the provider a local name so that it can be referred to elsewhere in the code.
Authenticating an AWS Account with Hard-Coded Credentials
Next, add the AWS IAM user's login information to the provider block's access_key and secret_key parameters.
Securing Credentials by Declaring Environment Variables
The following terminal commands can add the AWS credentials as an environment variable.
Declaring the Assume Role in AWS Provider
Another method for providing temporary credentials to access the AWS account is through an AWS role. To do this, specify the AWS Role ARN in the Terraform provider block.
Declaring Multiple AWS Providers
A single AWS provider works well with a single AWS Region to provision resources. Although, it is frequently necessary to provision cloud resources in multiple AWS Regions for global availability or business requirements. Multiple configurations for the AWS provider can be set up in the Terraform configuration using the alias parameter to provision resources across multiple cloud regions.
AWS providers are configured for two different AWS Regions in the configuration below.
Adding Tags
Tags are Key-value pairs used in AWS to manage the cloud resources. In Terraform, tags can be defined at the provider level to automatically add tags to all cloud resources. Resources for different environments, such as Dev, Staging, Production, etc., can be easily identified using tags. The provider-level configuration shown below demonstrates how to add tags.
Ignoring Tags
Terraform offers the ignore tags parameter, which can be used to prevent default tags from being added to specific resources. Terraform will disregard those resources in this manner and won't apply default tags to them. The use of ignore_tags is demonstrated by the provider-level configuration below. The tags are defined under the keys parameter, where each key can be entered into a list.
Creating an AWS S3 Bucket
The configuration shown below demonstrates how to use Terraform to create an S3 bucket in AWS. Create a bucket by specifying a resource with the aws_s3_bucket Terraform resource and specifying the bucket name under the bucket parameter. Additional tags may be added by designating necessary key-value pairs as tags and using the tags block.
Creating AWS EC2 Instances
The configuration shown below demonstrates how to use Terraform to launch an EC2 instance. By using the Terraform resource aws_instance and the parameters ami and instance_type, you can create an EC2 instance by providing the AMI ID and the instance type. Using the tags parameter, additional tags can also be added. Here ec2_server denotes the local resource name within the Terraform configuration.
Creating IAM User
The configuration displayed below illustrates how to create an IAM user using Terraform. To create an IAM user, use the resource aws_iam_user and enter the IAM user's name in the name parameter.
This section explained how to use Terraform to create various AWS resources like an S3 bucket, EC2 instance, or an IAM user, etc.
Working with Terraform Commands
Let's learn how to use the configuration and Terraform commands to create an S3 bucket on AWS, now that we know how to write Terraform configuration.
Create a file main.tf and define the configuration using the following code.
Execute the following commands in the order listed from the working directory.
- terraform init :
This command sets up the current working directory for Terraform by performing several initialization tasks. - terraform validate :
This command verifies that the configuration files contained in a directory are consistent and accurate. - terraform plan :
You can preview the changes that Terraform intend to make to your infrastructure by using the terraform plan command, which generates an execution plan. - terraform apply :
Upon user approval, this command carries out the suggested actions in a Terraform plan.
You can use terraform destroy to destroy the built-up infrastructure.
Conclusion
- Terraform is an infrastructure as code (IaC) tool that enables us to define and manage infrastructure using configuration files rather than a graphical user interface on the AWS Management Console.
- Terraform allows you to interact with multiple cloud platforms such as AWS, Azure, and GCP, as well as other services such as GitHub, Kubernetes, Helm, etc.
- Terraform makes it simple to provision and destroy infrastructure across a variety of cloud platforms. By maintaining a state file that records all resource changes within the infrastructure, Terraform keeps track of all infrastructure.
- Additionally, by committing Terraform code to a version control system, multiple developers can easily collaborate.
- The Terraform write a plan and apply workflow can be used to add to, remove from, or otherwise modify the existing infrastructure.
- Terraform can be configured to work with AWS using hard-coded credentials, environment variables, or IAM roles as well.
- Different AWS resources such as an S3 bucket, EC2 instance, IAM user, etc can be easily created using Terraform.