Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Terraform AWS modules

659 views

Published on

Talk by Anton Babenko at Singapore DevOps meetup primarily about Terraform modules and https://github.com/terraform-aws-modules on 26.3.2018

Published in: Software
  • Be the first to comment

Terraform AWS modules

  1. 1. Terraform AWS modules and more DevOps Singapore, 26.3.2018
  2. 2. Agenda 1. Frequent Terraform Questions 2. Terraform AWS modules 3. Q&A Question/problem with the code - open an issue! Follow me on twitter and github - @antonbabenko anton@antonbabenko.com https://medium.com/@anton.babenko/
  3. 3. Anton Babenko Terraform AWS fanatic ● Open-source: ○ https://github.com/terraform-aws-modules ○ https://modules.tf (work in progress) ○ https://github.com/antonbabenko - more projects ● Organize AWS User Group Norway, HashiCorp User Group Oslo, DevOpsDays Oslo ● Solving problems & open-source solutions PS: I am looking for Terraform companions to join me!
  4. 4. Featuring... Write, Plan, and Create Infrastructure as Code
  5. 5. Terraform training material https://www.slideshare.net/AntonBabenko/continuously-delivering-infrastructure-using-terrafo rm-and-packer-training-material
  6. 6. Frequent Terraform Questions (FTQ)
  7. 7. So, how to get started with Terraform? 1. https://www.terraform.io/intro/getting-started/install.html 2. Follow instructions in README.md, check examples, open issues and pull requests 3. Read a book (Getting Started with Terraform or Terraform Up & Running)
  8. 8. Why Terraform and not AWS CloudFormation/Azure ARM templates/Google Cloud Deployment Manager? Terraform manages 70+ providers, has easier syntax (HCL), has native support for modules and remote states, has teamwork related features. Terraform is an open-source project. https://medium.com/@piotrgospodarek/cloudformation-vs-terraform-990318d6a7de https://cloudonaut.io/cloudformation-vs-terraform/
  9. 9. What are the tools/solutions out there? ● Terraform Registry (https://registry.terraform.io/) - collection of public Terraform modules for common infrastructure configurations for any provider. I maintain verified AWS modules there. ● Thin wrapper for Terraform that provides extra tools for working with multiple Terraform modules - https://github.com/gruntwork-io/terragrunt ● Terraform linter to detect errors that can not be detected by `terraform plan` - https://github.com/wata727/tflint ● Terraform version manager - https://github.com/kamatama41/tfenv ● A web dashboard to inspect Terraform States - https://github.com/camptocamp/terraboard ● Jsonnet - The data templating language - http://jsonnet.org ● A unified workflow for collaborating on Terraform through GitHub and GitLab - https://atlantis.run/ This list is much longer, really…
  10. 10. How to handle secrets in Terraform? 1. Can you accept secrets to be saved in state file in plaintext? Probably not. a. AWS IAM password & access secret keys - use PGP as keybase.io b. AWS RDS - set dummy password and change after DB is created c. AWS RDS - use iam_database_authentication_enabled = true d. EC2 instance user-data + AWS KMS e. EC2 instance user-data + AWS System Manager’s Parameter Store 2. Other options: a. Secure remote state location (S3 bucket policy, KMS key)
  11. 11. How to integrate Terraform with ...? ● Use outputs (human-friendly) ● Use null_resource + local-provisioner for WAF associations resource "null_resource" "auto_instructions" { triggers = { waf_acl_id = "${aws_waf_web_acl .this.id}" } provisioner "local-exec" { command = "aws waf-regional associate-web-acl --web-acl-id ${ aws_waf_web_acl .this.id} --resource-arn ${data. terraform_remote_state .alb_public.this_alb_arn }" } }
  12. 12. Terraform Modules
  13. 13. Types of Terraform modules Resource modules (terraform-aws-modules, for eg): ● Create resources (obviously) ● Few relations to other modules (usually) ● Very flexible Infrastructure modules: ● Use specific version of resource modules ● Company-wide standards (eg, tags and names) ● May use code generators (jsonnet, cookiecutter, etc) Compositions: ● Use specific version of infrastructure or resource modules ● Provide all the values for region, environment, module, etc ● Terragrunt is awesome
  14. 14. https://github.com/terraform-aws-modules
  15. 15. Some facts about terraform-aws-modules ● Terraform AWS modules - 900K+ downloads from the Terraform Registry ● Terraform AWS security group module was mostly written offline ● ~ 100 contributors over 3 years ● Modules for: ○ VPC ○ Autoscaling groups ○ ALB, ELB ○ EC2 instances ○ RDS, Redshift ○ Security group ○ SNS, SQS ○ SNS/Lambda to notify Slack ○ IAM, ECS ○ … https://registry.terraform.io/modules/terraform-aws-modules
  16. 16. Traits of good Terraform modules ● Clean code ● Feature-rich ● Sane defaults ● Tests ● Examples ● Documentation ● … (secure, versioning, lifecycle-readiness) Read more: https://medium.com/@anton.babenko/using-terraform-continuously-common-traits-in-modu les-8036b71764db
  17. 17. Demo Resource modules Infrastructure modules Composition
  18. 18. What’s next? ● Involve more people and code-generators (Terrible, Terrapin, modules.tf) ● Improve automatic test coverage ● Join open-source program to cover some of my time ● Maybe (finally) get acknowledgement and support from AWS :)
  19. 19. What is your Terraform question or problem? Hints: Testing? Versioning? Code structure? Working as a team? CI/CD? Automation? Integration with other tools? modules.tf ? Code generation? Missing tools/features? Syntax sugar (features and types of variables)? How to contribute?
  20. 20. Thank you! Contact me: anton@antonbabenko.com twitter.com/antonbabenko linkedin.com/in/antonbabenko github.com/antonbabenko

×