Terraform
Class 14th Terraform Apr 29th (Devops):
How many ways to AWS resources we can build:
How many ways to AWS resources we can build:
AWS management console,
AWS CLI
SDK (Python,Java,.net)
IAC--Infra as code
AWS -Cloud formation (only for aws suport)
Terraform (you can build any infra any could enviornment ,AWS,oracl,Google,azure..etc)
Terraform (you can build any infra any could enviornment ,AWS,oracl,Google,azure..etc)
What is Terraform and how it works?
Terraform is an
infrastructure as a code (IAAC) tool developed by Mitchel Hashimoto in 2014 .
It was developed in “GO” language. We use HCL (Hashicorp configuration language) to create the infra
It was developed in “GO” language. We use HCL (Hashicorp configuration language) to create the infra
Terraform simplified muti-cloud deployment with a single tool
HCL language similar to Json language
Why terraform (advantages)?
Terraform is a tool used to make infrastructure automation,it is free(but,not open source),easy to understand and platform independent.
It has many advantages
- Reusability ,Time saving ,Automation ,Avoiding mistakes ,Multi cloud support
Different IAAC tools/services available in the market?
AWS(Cloud information template),Terraform ,GCP(Deployment manager),Azure(ARM/Bicep),CHEF
Puppet,Cloudify,pulumi
Step1: Build infra using terraform, We use Ec2 for build infra
Need create Ec2 instance in Aws using Default Network setting
https://developer.hashicorp.com/terraform/install#linux
sudo yum install -y yum-utils shadow-utils
sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/AmazonLinux/hashicorp.repo
sudo yum -y install terraform
Installed:
git-2.47.1-1.amzn2023.0.2.x86_64 git-core-2.47.1-1.amzn2023.0.2.x86_64 git-core-doc-2.47.1-1.amzn2023.0.2.noarch
perl-Error-1:0.17029-5.amzn2023.0.2.noarch perl-File-Find-1.37-477.amzn2023.0.6.noarch perl-Git-2.47.1-1.amzn2023.0.2.noarch
perl-TermReadKey-2.38-9.amzn2023.0.2.x86_64 perl-lib-0.65-477.amzn2023.0.6.x86_64 terraform-1.11.4-1.x86_64
Complete!
Terraform Providers (AWS,Azure,..),partner,community (they will give terrafrom code for reference)
https://registry.terraform.io/browse/providers
https://registry.terraform.io/browse/providers?tier=partner
https://registry.terraform.io/browse/providers?tier=community
Terraform Commands
terraform init
terrafrom plan
terraform apply
terraform destroy
terraform state -list
terraform validate
terraform fmt
terraform destroy -auto-approve
Step3: follow the below steps, prepared the script build the infra every instance has ami id
Amazon machine image ID: ami-04e7764922e1e3a57
for create instance need permission security admin ,Go to i am user take security key for user
Creating IAM admin user
Step4:
Add policy AdministratorAccess
and then create accesskey,access generate succesfully
Access key ID Secret access key
AKIATFBMO7H4MQLOWPFY XENq4+tXP+d2YkSV6BRDWnwu+8Vd6ST1ZlE8Z0bF
Step5:
[root@ip-172-31-47-99 ccit]# mkdir ccit
[root@ip-172-31-47-99 ccit]# cat cloudinfra.tf
provider "aws"{
region="eu-west-1a"
access_key="AKIATFBMO7H4MQLOWPFY"
secret_key="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"
}
resource "aws_instance" "ccitinst" {
ami="ami-04e7764922e1e3a57"
instance_type="t2.micro"
}
just for reference https://registry.terraform.io/providers/hashicorp/aws/latest
[root@ip-172-31-47-99 ccit]# terraform init
Initializing the backend...
Initializing provider plugins...
- Finding latest version of hashicorp/aws...
- Installing hashicorp/aws v5.97.0...
- Installed hashicorp/aws v5.97.0 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.
Terraform has been successfully initialized!
Step7:Terraform plan command it will given you the execution plan for the .tf file
here it is failed plan itself region given Region eu-west-1 name should a-z available zone only 3,so remove a execute plan again
[root@ip-172-31-47-99 ccit]# terraform plan
Planning failed. Terraform encountered an error while generating this plan.
│ Error: invalid AWS Region: eu-west-1a
│
│ with provider["registry.terraform.io/hashicorp/aws"],
│ on cloudinfra.tf line 1, in provider "aws":
│ 1: provider "aws"{
[root@ip-172-31-47-99 ccit]# terraform plan
Plan: 1 to add, 0 to change, 0 to destroy.
Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run
"terraform apply" now.
[root@ip-172-31-47-99 ccit]# terraform validate
Success! The configuration is valid.
Step8:Terraform apply this build the infra, just confirmation it will approval yes /no given yes confirmation for build infra
[root@ip-172-31-47-99 ccit]# terraform apply
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
aws_instance.ccitinst: Creating...
aws_instance.ccitinst: Still creating... [10s elapsed]
aws_instance.ccitinst: Creation complete after 12s [id=i-049509c279d3d43b6]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
Step9:Successfully build infra
[root@ip-172-31-47-99 ccit]# ll
total 12
-rw-r--r--. 1 root root 220 May 1 20:45 cloudinfra.tf
-rw-r--r--. 1 root root 4808 May 1 20:49 terraform.tfstate
[root@ip-172-31-47-99 ccit]#vi cloudinfra.tf
Step11: tag name for instance ,
[root@ip-172-31-47-99 ccit]# terraform apply
provider "aws"{
region="eu-west-1"
access_key="AKIATFBMO7H4MQLOWPFY"
secret_key="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"
}
resource "aws_instance" "ccitinst" {
ami="ami-04e7764922e1e3a57"
instance_type="t2.micro"
tags={
Name="CCIT-TF"
}
}
Plan: 0 to add, 1 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
aws_instance.ccitinst: Modifying... [id=i-049509c279d3d43b6]
aws_instance.ccitinst: Modifications complete after 1s [id=i-049509c279d3d43b6]
Apply complete! Resources: 0 added, 1 changed, 0 destroyed.
See here just added tag for the instance
Step12: see here it will preprent latest state of the file terraform.tfstate,backup is before what is state of infra
[root@ip-172-31-47-99 ccit]# ls -lrt
total 20
-rw-r--r--. 1 root root 250 May 1 21:06 cloudinfra.tf
-rw-r--r--. 1 root root 4808 May 1 21:07 terraform.tfstate.backup
-rw-r--r--. 1 root root 4896 May 1 21:07 terraform.tfstate
Step13: terraform apply -auto-approve (it will not ask you confirmation)
[root@ip-172-31-47-99 ccit]# terraform apply -auto-approve
Step14: below , format the structure all .tf files
[root@ip-172-31-47-99 ccit]# terraform fmt
Step15:terraform destroy destroy the resource, it will destroy the instance which was we have created
[root@ip-172-31-47-99 ccit]# terraform destroy -auto-approve
Plan: 0 to add, 0 to change, 1 to destroy.
aws_instance.ccitinst: Destroying... [id=i-049509c279d3d43b6]
aws_instance.ccitinst: Still destroying... [id=i-049509c279d3d43b6, 10s elapsed]
aws_instance.ccitinst: Still destroying... [id=i-049509c279d3d43b6, 20s elapsed]
aws_instance.ccitinst: Destruction complete after 30s
Destroy complete! Resources: 1 destroyed.
see nothing resource showing null there present tf file ,because you have destroyed the instance
[root@ip-172-31-47-99 ccit]# cat terraform.tfstate
{
"version": 4,
"terraform_version": "1.11.4",
"serial": 7,
"lineage": "062265ed-0f8c-fd3d-4fc0-5474e2b01614",
"outputs": {},
"resources": [],
"check_results": null
}
Step13 :Now created two instance our tf file need count
count =2
provider "aws" {
region = "eu-west-1"
access_key = "AKIATFBMO7H4MQLOWPFY"
secret_key = "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"
}
resource "aws_instance" "ccitinst" {
ami = "ami-04e7764922e1e3a57"
instance_type = "t2.micro"
count =2
tags = {
Name = "CCIT-123"
}
Step14:we need destroy particular instance ,use the command
terraform state list you see here ,we created same resouce ccitinst two instance that why came 0,2
[root@ip-172-31-47-99 ccit]# terraform state list
aws_instance.ccitinst[0]
aws_instance.ccitinst[1]
You can do create instance like below also
resource "aws_instance" "ccitinst1" {
ami = "ami-04e7764922e1e3a57"
instance_type = "t2.micro"
tags = {
Name = "CCIT-123"
}
resource "aws_instance" "ccitinst2" {
ami = "ami-04e7764922e1e3a57"
instance_type = "t2.micro"
tags = {
Name = "CCIT-1234"
}
Step15:if you want delete particular instance give name target name enter
[root@ip-172-31-47-99 ccit]# terraform destroy -auto-approve -target=aws_instance.ccitinst[1]
Destroy complete! Resources: 1 destroyed.
Step16: Instance destroyed , every resource has unique identity you give that it will destroy
Step17: Syntax Resource name should be unique
provider "<<provider>>"{
region=""
}
resource "<resource type>>" "<<resource name (logical name)>>"
{ <<arguments (configuration settings)>>
}
Step18: Alias ,using alias argument allow multiple configure same provider
- you can deploy resources in multiple Aws regions
- you can deploy in multiple AWS accounts
- you can deploy to different service providers(AWS,azure..etc)
Step19: aws configure command used for your AWS CLI credentials and default configuration
see below none, need to set use aws configure command
[root@ip-172-31-47-99 ~]# aws configure list
Name Value Type Location
---- ----- ---- --------
profile <not set> None None
access_key <not set> None None
secret_key <not set> None None
region eu-west-1 imds
[root@ip-172-31-47-99 ~]# aws configure
AWS Access Key ID [None]: AKIATFBMO7H4MQLOWPFY
AWS Secret Access Key [None]: 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
Default region name [None]:
Default output format [None]:
See below now set the accesskey
[root@ip-172-31-47-99 ~]# aws configure list
Name Value Type Location
---- ----- ---- --------
profile <not set> None None
access_key ****************WPFY shared-credentials-file
secret_key ****************Z0bF shared-credentials-file
region eu-west-1 imds
Resource S3 Bucket Create using default profile password
Step1: See below ,i have given any access key or secretkey ,we have mention profile default
in the code, so that me we already set the password default above configuration it will take automatically
[root@ip-172-31-47-99 ccit]# cat cloudinfra.tf
provider "aws" {
region = "eu-west-1"
profile = "default"
}
resource "aws_s3_bucket" "ccitbucket" {
bucket = "ccit-apr2025"
}
[root@ip-172-31-47-99 ccit]# terraform plan
Plan: 1 to add, 0 to change, 1 to destroy.
Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run
"terraform apply" now.
Step2: you see below 1 was destroyed ,due previous tf file has one instance ,we complete change to s3 bucket ,so that is the reason existing instance destroyed and create s3 bucket
Plan: 1 to add, 0 to change, 1 to destroy.
aws_instance.ccitinst[0]: Destroying... [id=i-0ee6f94dee0ed6f89]
aws_s3_bucket.ccitbucket: Creating...
aws_s3_bucket.ccitbucket: Creation complete after 1s [id=ccit-apr2025]
aws_instance.ccitinst[0]: Still destroying... [id=i-0ee6f94dee0ed6f89, 10s elapsed]
aws_instance.ccitinst[0]: Still destroying... [id=i-0ee6f94dee0ed6f89, 20s elapsed]
aws_instance.ccitinst[0]: Still destroying... [id=i-0ee6f94dee0ed6f89, 30s elapsed]
aws_instance.ccitinst[0]: Still destroying... [id=i-0ee6f94dee0ed6f89, 40s elapsed]
aws_instance.ccitinst[0]: Still destroying... [id=i-0ee6f94dee0ed6f89, 50s elapsed]
aws_instance.ccitinst[0]: Still destroying... [id=i-0ee6f94dee0ed6f89, 1m0s elapsed]
aws_instance.ccitinst[0]: Destruction complete after 1m0s
Apply complete! Resources: 1 added, 0 changed, 1 destroyed.
Step3:
Step4: Destroy the bucket
[root@ip-172-31-47-99 ccit]# terraform destroy -auto-approve
aws_s3_bucket.ccitbucket: Refreshing state... [id=ccit-apr2025]
Destroy complete! Resources: 1 destroyed.
Create Bucket multiple regions using profiles aws configuration
Step1:
to see the credentials physically default already exist ,we add new profile key ccit
[root@ip-172-31-47-99 ccit]# vim ~/.aws/credentials
[root@ip-172-31-47-99 ccit]# cat ~/.aws/credentials
[default]
aws_access_key_id = AKIATFBMO7H4MQLOWPFY
aws_secret_access_key = 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
[ccit]
aws_access_key_id = AKIATFBMO7H4MQLOWPFY
aws_secret_access_key = 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
Step2: you see below tf file mention profile name, because two regions plan to create bukets
[root@ip-172-31-47-99 ccit]# vi cloudinfra.tf
provider "aws" {
region = "eu-west-1"
profile = "default"
}
provider "aws" {
alias ="west2"
region = "eu-west-2"
profile = "ccit"
}
resource "aws_s3_bucket" "ccitwest1bucket" {
provider=aws
bucket = "ccit-apr2025west1"
}
resource "aws_s3_bucket" "ccitwest2bucket" {
provider=aws.west2
bucket = "ccit-apr2025west2"
}
you see below plan is good adding 2 bucket apply now
[root@ip-172-31-47-99 ccit]# terraform plan
Plan: 2 to add, 0 to change, 0 to destroy.
Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run
"terraform apply" now.
Step2: Successfully
[root@ip-172-31-47-99 ccit]# terraform apply -auto-approve
Plan: 2 to add, 0 to change, 0 to destroy.
aws_s3_bucket.ccitwest2bucket: Creating...
aws_s3_bucket.ccitwest1bucket: Creating...
aws_s3_bucket.ccitwest1bucket: Creation complete after 1s [id=ccit-apr2025west1]
aws_s3_bucket.ccitwest2bucket: Creation complete after 1s [id=ccit-apr2025west2]
Apply complete! Resources: 2 added, 0 changed, 0 destroyed
Step3:Now you see two buckets added different regions.
[root@ip-172-31-47-99 ccit]# terraform destroy -auto-approve
Plan: 0 to add, 0 to change, 2 to destroy.
aws_s3_bucket.ccitwest1bucket: Destroying... [id=ccit-apr2025west1]
aws_s3_bucket.ccitwest2bucket: Destroying... [id=ccit-apr2025west2]
aws_s3_bucket.ccitwest1bucket: Destruction complete after 0s
aws_s3_bucket.ccitwest2bucket: Destruction complete after 1s
Destroy complete! Resources: 2 destroyed.
Step4: Below reference for different providers
Terraform variables
This variable
bucket = "ccit-apr2025west2"
Step1: you see here given variable declared
[root@ip-172-31-47-99 ccit]# cat cloudinfra.tf
provider "aws" {
region = "eu-west-1"
}
resource "aws_s3_bucket" "ccitwest1bucket" {
bucket=var.s3bucket
}
variable "s3bucket" {
type=string
default= "ccit-apr2025west1"
}
Step2:
[root@ip-172-31-47-99 ccit]# terraform apply -auto-approveStep3: Bucket created
--Thanks
No comments:
Post a Comment