SlideShare a Scribd company logo

Terraform AWS modules

Anton Babenko
Anton Babenko

Talk by Anton Babenko at Singapore DevOps meetup primarily about Terraform modules and https://github.com/terraform-aws-modules on 26.3.2018

Software
1 of 21
Download to read offline
Terraform AWS modules and more DevOps Singapore, 26.3.2018
Agenda 1. Frequent Terraform Questions 2. Terraform AWS modules 3. Q&A Question/problem with the code - open an issue! Follow me on twitter and github - @antonbabenko anton@antonbabenko.com https://medium.com/@anton.babenko/
Anton Babenko Terraform AWS fanatic ● Open-source: ○ https://github.com/terraform-aws-modules ○ https://modules.tf (work in progress) ○ https://github.com/antonbabenko - more projects ● Organize AWS User Group Norway, HashiCorp User Group Oslo, DevOpsDays Oslo ● Solving problems & open-source solutions PS: I am looking for Terraform companions to join me!
Featuring... Write, Plan, and Create Infrastructure as Code
Terraform training material https://www.slideshare.net/AntonBabenko/continuously-delivering-infrastructure-using-terrafo rm-and-packer-training-material
Frequent Terraform Questions (FTQ)
So, how to get started with Terraform? 1. https://www.terraform.io/intro/getting-started/install.html 2. Follow instructions in README.md, check examples, open issues and pull requests 3. Read a book (Getting Started with Terraform or Terraform Up & Running)
Why Terraform and not AWS CloudFormation/Azure ARM templates/Google Cloud Deployment Manager? Terraform manages 70+ providers, has easier syntax (HCL), has native support for modules and remote states, has teamwork related features. Terraform is an open-source project. https://medium.com/@piotrgospodarek/cloudformation-vs-terraform-990318d6a7de https://cloudonaut.io/cloudformation-vs-terraform/
What are the tools/solutions out there? ● Terraform Registry (https://registry.terraform.io/) - collection of public Terraform modules for common infrastructure configurations for any provider. I maintain verified AWS modules there. ● Thin wrapper for Terraform that provides extra tools for working with multiple Terraform modules - https://github.com/gruntwork-io/terragrunt ● Terraform linter to detect errors that can not be detected by `terraform plan` - https://github.com/wata727/tflint ● Terraform version manager - https://github.com/kamatama41/tfenv ● A web dashboard to inspect Terraform States - https://github.com/camptocamp/terraboard ● Jsonnet - The data templating language - http://jsonnet.org ● A unified workflow for collaborating on Terraform through GitHub and GitLab - https://atlantis.run/ This list is much longer, really…
How to handle secrets in Terraform? 1. Can you accept secrets to be saved in state file in plaintext? Probably not. a. AWS IAM password & access secret keys - use PGP as keybase.io b. AWS RDS - set dummy password and change after DB is created c. AWS RDS - use iam_database_authentication_enabled = true d. EC2 instance user-data + AWS KMS e. EC2 instance user-data + AWS System Manager’s Parameter Store 2. Other options: a. Secure remote state location (S3 bucket policy, KMS key)
How to integrate Terraform with ...? ● Use outputs (human-friendly) ● Use null_resource + local-provisioner for WAF associations resource "null_resource" "auto_instructions" { triggers = { waf_acl_id = "${aws_waf_web_acl .this.id}" } provisioner "local-exec" { command = "aws waf-regional associate-web-acl --web-acl-id ${ aws_waf_web_acl .this.id} --resource-arn ${data. terraform_remote_state .alb_public.this_alb_arn }" } }
Terraform Modules
Types of Terraform modules Resource modules (terraform-aws-modules, for eg): ● Create resources (obviously) ● Few relations to other modules (usually) ● Very flexible Infrastructure modules: ● Use specific version of resource modules ● Company-wide standards (eg, tags and names) ● May use code generators (jsonnet, cookiecutter, etc) Compositions: ● Use specific version of infrastructure or resource modules ● Provide all the values for region, environment, module, etc ● Terragrunt is awesome
https://github.com/terraform-aws-modules
Some facts about terraform-aws-modules ● Terraform AWS modules - 900K+ downloads from the Terraform Registry ● Terraform AWS security group module was mostly written offline ● ~ 100 contributors over 3 years ● Modules for: ○ VPC ○ Autoscaling groups ○ ALB, ELB ○ EC2 instances ○ RDS, Redshift ○ Security group ○ SNS, SQS ○ SNS/Lambda to notify Slack ○ IAM, ECS ○ … https://registry.terraform.io/modules/terraform-aws-modules
Traits of good Terraform modules ● Clean code ● Feature-rich ● Sane defaults ● Tests ● Examples ● Documentation ● … (secure, versioning, lifecycle-readiness) Read more: https://medium.com/@anton.babenko/using-terraform-continuously-common-traits-in-modu les-8036b71764db
Demo Resource modules Infrastructure modules Composition
What’s next? ● Involve more people and code-generators (Terrible, Terrapin, modules.tf) ● Improve automatic test coverage ● Join open-source program to cover some of my time ● Maybe (finally) get acknowledgement and support from AWS :)
What is your Terraform question or problem? Hints: Testing? Versioning? Code structure? Working as a team? CI/CD? Automation? Integration with other tools? modules.tf ? Code generation? Missing tools/features? Syntax sugar (features and types of variables)? How to contribute?
Thank you! Contact me: anton@antonbabenko.com twitter.com/antonbabenko linkedin.com/in/antonbabenko github.com/antonbabenko

Recommended

Manage any AWS resources with Terraform 0.12 - April 2020
Manage any AWS resources with Terraform 0.12 - April 2020Manage any AWS resources with Terraform 0.12 - April 2020
Manage any AWS resources with Terraform 0.12 - April 2020Anton Babenko
 
Terraform 0.12 + Terragrunt
Terraform 0.12 + TerragruntTerraform 0.12 + Terragrunt
Terraform 0.12 + TerragruntAnton Babenko
 
Terraform Best Practices - DevOps Unicorns 2019
Terraform Best Practices - DevOps Unicorns 2019Terraform Best Practices - DevOps Unicorns 2019
Terraform Best Practices - DevOps Unicorns 2019Anton Babenko
 
Terraform AWS modules and some best practices - September 2019
Terraform AWS modules and some best practices - September 2019Terraform AWS modules and some best practices - September 2019
Terraform AWS modules and some best practices - September 2019Anton Babenko
 
What you see is what you get for AWS infrastructure
What you see is what you get for AWS infrastructureWhat you see is what you get for AWS infrastructure
What you see is what you get for AWS infrastructureAnton Babenko
 
Terraform AWS modules and some best-practices - May 2019
Terraform AWS modules and some best-practices - May 2019Terraform AWS modules and some best-practices - May 2019
Terraform AWS modules and some best-practices - May 2019Anton Babenko
 
Terraform modules and some of best-practices - March 2019
Terraform modules and some of best-practices - March 2019Terraform modules and some of best-practices - March 2019
Terraform modules and some of best-practices - March 2019Anton Babenko
 
What you see is what you get for AWS infrastructure
What you see is what you get for AWS infrastructureWhat you see is what you get for AWS infrastructure
What you see is what you get for AWS infrastructureAnton Babenko
 

Recommended

Manage any AWS resources with Terraform 0.12 - April 2020
Manage any AWS resources with Terraform 0.12 - April 2020Manage any AWS resources with Terraform 0.12 - April 2020
Manage any AWS resources with Terraform 0.12 - April 2020Anton Babenko
 
Terraform 0.12 + Terragrunt
Terraform 0.12 + TerragruntTerraform 0.12 + Terragrunt
Terraform 0.12 + TerragruntAnton Babenko
 
Terraform Best Practices - DevOps Unicorns 2019
Terraform Best Practices - DevOps Unicorns 2019Terraform Best Practices - DevOps Unicorns 2019
Terraform Best Practices - DevOps Unicorns 2019Anton Babenko
 
Terraform AWS modules and some best practices - September 2019
Terraform AWS modules and some best practices - September 2019Terraform AWS modules and some best practices - September 2019
Terraform AWS modules and some best practices - September 2019Anton Babenko
 
What you see is what you get for AWS infrastructure
What you see is what you get for AWS infrastructureWhat you see is what you get for AWS infrastructure
What you see is what you get for AWS infrastructureAnton Babenko
 
Terraform AWS modules and some best-practices - May 2019
Terraform AWS modules and some best-practices - May 2019Terraform AWS modules and some best-practices - May 2019
Terraform AWS modules and some best-practices - May 2019Anton Babenko
 
Terraform modules and some of best-practices - March 2019
Terraform modules and some of best-practices - March 2019Terraform modules and some of best-practices - March 2019
Terraform modules and some of best-practices - March 2019Anton Babenko
 
What you see is what you get for AWS infrastructure
What you see is what you get for AWS infrastructureWhat you see is what you get for AWS infrastructure
What you see is what you get for AWS infrastructureAnton Babenko
 
Gotchas using Terraform in a secure delivery pipeline
Gotchas using Terraform in a secure delivery pipelineGotchas using Terraform in a secure delivery pipeline
Gotchas using Terraform in a secure delivery pipelineAnton Babenko
 
Описание инфраструктуры с Terraform на будущее
Описание инфраструктуры с Terraform на будущееОписание инфраструктуры с Terraform на будущее
Описание инфраструктуры с Terraform на будущееAnton Babenko
 
Preview of Terraform 0.12 + modules.tf - Kiev HUG meetup
Preview of Terraform 0.12 + modules.tf - Kiev HUG meetupPreview of Terraform 0.12 + modules.tf - Kiev HUG meetup
Preview of Terraform 0.12 + modules.tf - Kiev HUG meetupAnton Babenko
 
Terraform modules and (some of) best practices
Terraform modules and (some of) best practicesTerraform modules and (some of) best practices
Terraform modules and (some of) best practicesAnton Babenko
 
Terraform modules and (some of) best practices
Terraform modules and (some of) best practicesTerraform modules and (some of) best practices
Terraform modules and (some of) best practicesAnton Babenko
 
Terraform modules and best-practices - September 2018
Terraform modules and best-practices - September 2018Terraform modules and best-practices - September 2018
Terraform modules and best-practices - September 2018Anton Babenko
 
Building infrastructure as code using Terraform - DevOps Krakow
Building infrastructure as code using Terraform - DevOps KrakowBuilding infrastructure as code using Terraform - DevOps Krakow
Building infrastructure as code using Terraform - DevOps KrakowAnton Babenko
 
Terraform Q&A - HashiCorp User Group Oslo
Terraform Q&A - HashiCorp User Group OsloTerraform Q&A - HashiCorp User Group Oslo
Terraform Q&A - HashiCorp User Group OsloAnton Babenko
 
"I’ve heard you know infrastructure"
"I’ve heard you know infrastructure""I’ve heard you know infrastructure"
"I’ve heard you know infrastructure"Anton Babenko
 
Terraform in deployment pipeline
Terraform in deployment pipelineTerraform in deployment pipeline
Terraform in deployment pipelineAnton Babenko
 
"Continuously delivering infrastructure using Terraform and Packer" training ...
"Continuously delivering infrastructure using Terraform and Packer" training ..."Continuously delivering infrastructure using Terraform and Packer" training ...
"Continuously delivering infrastructure using Terraform and Packer" training ...Anton Babenko
 
Continuous delivery in AWS
Continuous delivery in AWSContinuous delivery in AWS
Continuous delivery in AWSAnton Babenko
 
Tools exist for a reason
Tools exist for a reasonTools exist for a reason
Tools exist for a reasonAnton Babenko
 
AWS CodeDeploy - basic intro
AWS CodeDeploy - basic introAWS CodeDeploy - basic intro
AWS CodeDeploy - basic introAnton Babenko
 
Managing AWS infrastructure using CloudFormation
Managing AWS infrastructure using CloudFormationManaging AWS infrastructure using CloudFormation
Managing AWS infrastructure using CloudFormationAnton Babenko
 
Designing for elasticity on AWS - 9.11.2015
Designing for elasticity on AWS - 9.11.2015Designing for elasticity on AWS - 9.11.2015
Designing for elasticity on AWS - 9.11.2015Anton Babenko
 
Recap of AWS re:invent 2015
Recap of AWS re:invent 2015Recap of AWS re:invent 2015
Recap of AWS re:invent 2015Anton Babenko
 
Designing for elasticity on AWS
Designing for elasticity on AWSDesigning for elasticity on AWS
Designing for elasticity on AWSAnton Babenko
 
Build & deploy PHP application (intro level)
Build & deploy PHP application (intro level)Build & deploy PHP application (intro level)
Build & deploy PHP application (intro level)Anton Babenko
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidPhilip Schwarz
 
BUS PASS MANGEMENT SYSTEM USING PHP.pptx
BUS PASS MANGEMENT SYSTEM USING PHP.pptxBUS PASS MANGEMENT SYSTEM USING PHP.pptx
BUS PASS MANGEMENT SYSTEM USING PHP.pptxalwaysnagaraju26
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2
 

More Related Content

More from Anton Babenko

Gotchas using Terraform in a secure delivery pipeline
Gotchas using Terraform in a secure delivery pipelineGotchas using Terraform in a secure delivery pipeline
Gotchas using Terraform in a secure delivery pipelineAnton Babenko
 
Описание инфраструктуры с Terraform на будущее
Описание инфраструктуры с Terraform на будущееОписание инфраструктуры с Terraform на будущее
Описание инфраструктуры с Terraform на будущееAnton Babenko
 
Preview of Terraform 0.12 + modules.tf - Kiev HUG meetup
Preview of Terraform 0.12 + modules.tf - Kiev HUG meetupPreview of Terraform 0.12 + modules.tf - Kiev HUG meetup
Preview of Terraform 0.12 + modules.tf - Kiev HUG meetupAnton Babenko
 
Terraform modules and (some of) best practices
Terraform modules and (some of) best practicesTerraform modules and (some of) best practices
Terraform modules and (some of) best practicesAnton Babenko
 
Terraform modules and (some of) best practices
Terraform modules and (some of) best practicesTerraform modules and (some of) best practices
Terraform modules and (some of) best practicesAnton Babenko
 
Terraform modules and best-practices - September 2018
Terraform modules and best-practices - September 2018Terraform modules and best-practices - September 2018
Terraform modules and best-practices - September 2018Anton Babenko
 
Building infrastructure as code using Terraform - DevOps Krakow
Building infrastructure as code using Terraform - DevOps KrakowBuilding infrastructure as code using Terraform - DevOps Krakow
Building infrastructure as code using Terraform - DevOps KrakowAnton Babenko
 
Terraform Q&A - HashiCorp User Group Oslo
Terraform Q&A - HashiCorp User Group OsloTerraform Q&A - HashiCorp User Group Oslo
Terraform Q&A - HashiCorp User Group OsloAnton Babenko
 
"I’ve heard you know infrastructure"
"I’ve heard you know infrastructure""I’ve heard you know infrastructure"
"I’ve heard you know infrastructure"Anton Babenko
 
Terraform in deployment pipeline
Terraform in deployment pipelineTerraform in deployment pipeline
Terraform in deployment pipelineAnton Babenko
 
"Continuously delivering infrastructure using Terraform and Packer" training ...
"Continuously delivering infrastructure using Terraform and Packer" training ..."Continuously delivering infrastructure using Terraform and Packer" training ...
"Continuously delivering infrastructure using Terraform and Packer" training ...Anton Babenko
 
Continuous delivery in AWS
Continuous delivery in AWSContinuous delivery in AWS
Continuous delivery in AWSAnton Babenko
 
Tools exist for a reason
Tools exist for a reasonTools exist for a reason
Tools exist for a reasonAnton Babenko
 
AWS CodeDeploy - basic intro
AWS CodeDeploy - basic introAWS CodeDeploy - basic intro
AWS CodeDeploy - basic introAnton Babenko
 
Managing AWS infrastructure using CloudFormation
Managing AWS infrastructure using CloudFormationManaging AWS infrastructure using CloudFormation
Managing AWS infrastructure using CloudFormationAnton Babenko
 
Designing for elasticity on AWS - 9.11.2015
Designing for elasticity on AWS - 9.11.2015Designing for elasticity on AWS - 9.11.2015
Designing for elasticity on AWS - 9.11.2015Anton Babenko
 
Recap of AWS re:invent 2015
Recap of AWS re:invent 2015Recap of AWS re:invent 2015
Recap of AWS re:invent 2015Anton Babenko
 
Designing for elasticity on AWS
Designing for elasticity on AWSDesigning for elasticity on AWS
Designing for elasticity on AWSAnton Babenko
 
Build & deploy PHP application (intro level)
Build & deploy PHP application (intro level)Build & deploy PHP application (intro level)
Build & deploy PHP application (intro level)Anton Babenko
 

More from Anton Babenko (19)

Gotchas using Terraform in a secure delivery pipeline
Gotchas using Terraform in a secure delivery pipelineGotchas using Terraform in a secure delivery pipeline
Gotchas using Terraform in a secure delivery pipeline
 
Описание инфраструктуры с Terraform на будущее
Описание инфраструктуры с Terraform на будущееОписание инфраструктуры с Terraform на будущее
Описание инфраструктуры с Terraform на будущее
 
Preview of Terraform 0.12 + modules.tf - Kiev HUG meetup
Preview of Terraform 0.12 + modules.tf - Kiev HUG meetupPreview of Terraform 0.12 + modules.tf - Kiev HUG meetup
Preview of Terraform 0.12 + modules.tf - Kiev HUG meetup
 
Terraform modules and (some of) best practices
Terraform modules and (some of) best practicesTerraform modules and (some of) best practices
Terraform modules and (some of) best practices
 
Terraform modules and (some of) best practices
Terraform modules and (some of) best practicesTerraform modules and (some of) best practices
Terraform modules and (some of) best practices
 
Terraform modules and best-practices - September 2018
Terraform modules and best-practices - September 2018Terraform modules and best-practices - September 2018
Terraform modules and best-practices - September 2018
 
Building infrastructure as code using Terraform - DevOps Krakow
Building infrastructure as code using Terraform - DevOps KrakowBuilding infrastructure as code using Terraform - DevOps Krakow
Building infrastructure as code using Terraform - DevOps Krakow
 
Terraform Q&A - HashiCorp User Group Oslo
Terraform Q&A - HashiCorp User Group OsloTerraform Q&A - HashiCorp User Group Oslo
Terraform Q&A - HashiCorp User Group Oslo
 
"I’ve heard you know infrastructure"
"I’ve heard you know infrastructure""I’ve heard you know infrastructure"
"I’ve heard you know infrastructure"
 
Terraform in deployment pipeline
Terraform in deployment pipelineTerraform in deployment pipeline
Terraform in deployment pipeline
 
"Continuously delivering infrastructure using Terraform and Packer" training ...
"Continuously delivering infrastructure using Terraform and Packer" training ..."Continuously delivering infrastructure using Terraform and Packer" training ...
"Continuously delivering infrastructure using Terraform and Packer" training ...
 
Continuous delivery in AWS
Continuous delivery in AWSContinuous delivery in AWS
Continuous delivery in AWS
 
Tools exist for a reason
Tools exist for a reasonTools exist for a reason
Tools exist for a reason
 
AWS CodeDeploy - basic intro
AWS CodeDeploy - basic introAWS CodeDeploy - basic intro
AWS CodeDeploy - basic intro
 
Managing AWS infrastructure using CloudFormation
Managing AWS infrastructure using CloudFormationManaging AWS infrastructure using CloudFormation
Managing AWS infrastructure using CloudFormation
 
Designing for elasticity on AWS - 9.11.2015
Designing for elasticity on AWS - 9.11.2015Designing for elasticity on AWS - 9.11.2015
Designing for elasticity on AWS - 9.11.2015
 
Recap of AWS re:invent 2015
Recap of AWS re:invent 2015Recap of AWS re:invent 2015
Recap of AWS re:invent 2015
 
Designing for elasticity on AWS
Designing for elasticity on AWSDesigning for elasticity on AWS
Designing for elasticity on AWS
 
Build & deploy PHP application (intro level)
Build & deploy PHP application (intro level)Build & deploy PHP application (intro level)
Build & deploy PHP application (intro level)
 

Recently uploaded

Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidPhilip Schwarz
 
BUS PASS MANGEMENT SYSTEM USING PHP.pptx
BUS PASS MANGEMENT SYSTEM USING PHP.pptxBUS PASS MANGEMENT SYSTEM USING PHP.pptx
BUS PASS MANGEMENT SYSTEM USING PHP.pptxalwaysnagaraju26
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...masabamasaba
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Bert Jan Schrijver
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2
 
WSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - KeynoteWSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - KeynoteWSO2
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...SelfMade bd
 
WSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AIWSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AIWSO2
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...Shane Coughlan
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park masabamasaba
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...Jittipong Loespradit
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...masabamasaba
 
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2
 
WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...
WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...
WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...WSO2
 
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...chiefasafspells
 

Recently uploaded (20)

Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
BUS PASS MANGEMENT SYSTEM USING PHP.pptx
BUS PASS MANGEMENT SYSTEM USING PHP.pptxBUS PASS MANGEMENT SYSTEM USING PHP.pptx
BUS PASS MANGEMENT SYSTEM USING PHP.pptx
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
 
Abortion Pill Prices Boksburg [(+27832195400*)] 🏥 Women's Abortion Clinic in ...
Abortion Pill Prices Boksburg [(+27832195400*)] 🏥 Women's Abortion Clinic in ...Abortion Pill Prices Boksburg [(+27832195400*)] 🏥 Women's Abortion Clinic in ...
Abortion Pill Prices Boksburg [(+27832195400*)] 🏥 Women's Abortion Clinic in ...
 
WSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - KeynoteWSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - Keynote
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 
WSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AIWSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AI
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
 
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
 
WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...
WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...
WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...
 
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
 

Terraform AWS modules

  • 1. Terraform AWS modules and more DevOps Singapore, 26.3.2018
  • 2. Agenda 1. Frequent Terraform Questions 2. Terraform AWS modules 3. Q&A Question/problem with the code - open an issue! Follow me on twitter and github - @antonbabenko anton@antonbabenko.com https://medium.com/@anton.babenko/
  • 3. Anton Babenko Terraform AWS fanatic ● Open-source: ○ https://github.com/terraform-aws-modules ○ https://modules.tf (work in progress) ○ https://github.com/antonbabenko - more projects ● Organize AWS User Group Norway, HashiCorp User Group Oslo, DevOpsDays Oslo ● Solving problems & open-source solutions PS: I am looking for Terraform companions to join me!
  • 4.
  • 5. Featuring... Write, Plan, and Create Infrastructure as Code
  • 8. So, how to get started with Terraform? 1. https://www.terraform.io/intro/getting-started/install.html 2. Follow instructions in README.md, check examples, open issues and pull requests 3. Read a book (Getting Started with Terraform or Terraform Up & Running)
  • 9. Why Terraform and not AWS CloudFormation/Azure ARM templates/Google Cloud Deployment Manager? Terraform manages 70+ providers, has easier syntax (HCL), has native support for modules and remote states, has teamwork related features. Terraform is an open-source project. https://medium.com/@piotrgospodarek/cloudformation-vs-terraform-990318d6a7de https://cloudonaut.io/cloudformation-vs-terraform/
  • 10. What are the tools/solutions out there? ● Terraform Registry (https://registry.terraform.io/) - collection of public Terraform modules for common infrastructure configurations for any provider. I maintain verified AWS modules there. ● Thin wrapper for Terraform that provides extra tools for working with multiple Terraform modules - https://github.com/gruntwork-io/terragrunt ● Terraform linter to detect errors that can not be detected by `terraform plan` - https://github.com/wata727/tflint ● Terraform version manager - https://github.com/kamatama41/tfenv ● A web dashboard to inspect Terraform States - https://github.com/camptocamp/terraboard ● Jsonnet - The data templating language - http://jsonnet.org ● A unified workflow for collaborating on Terraform through GitHub and GitLab - https://atlantis.run/ This list is much longer, really…
  • 11. How to handle secrets in Terraform? 1. Can you accept secrets to be saved in state file in plaintext? Probably not. a. AWS IAM password & access secret keys - use PGP as keybase.io b. AWS RDS - set dummy password and change after DB is created c. AWS RDS - use iam_database_authentication_enabled = true d. EC2 instance user-data + AWS KMS e. EC2 instance user-data + AWS System Manager’s Parameter Store 2. Other options: a. Secure remote state location (S3 bucket policy, KMS key)
  • 12. How to integrate Terraform with ...? ● Use outputs (human-friendly) ● Use null_resource + local-provisioner for WAF associations resource "null_resource" "auto_instructions" { triggers = { waf_acl_id = "${aws_waf_web_acl .this.id}" } provisioner "local-exec" { command = "aws waf-regional associate-web-acl --web-acl-id ${ aws_waf_web_acl .this.id} --resource-arn ${data. terraform_remote_state .alb_public.this_alb_arn }" } }
  • 14. Types of Terraform modules Resource modules (terraform-aws-modules, for eg): ● Create resources (obviously) ● Few relations to other modules (usually) ● Very flexible Infrastructure modules: ● Use specific version of resource modules ● Company-wide standards (eg, tags and names) ● May use code generators (jsonnet, cookiecutter, etc) Compositions: ● Use specific version of infrastructure or resource modules ● Provide all the values for region, environment, module, etc ● Terragrunt is awesome
  • 16. Some facts about terraform-aws-modules ● Terraform AWS modules - 900K+ downloads from the Terraform Registry ● Terraform AWS security group module was mostly written offline ● ~ 100 contributors over 3 years ● Modules for: ○ VPC ○ Autoscaling groups ○ ALB, ELB ○ EC2 instances ○ RDS, Redshift ○ Security group ○ SNS, SQS ○ SNS/Lambda to notify Slack ○ IAM, ECS ○ … https://registry.terraform.io/modules/terraform-aws-modules
  • 17. Traits of good Terraform modules ● Clean code ● Feature-rich ● Sane defaults ● Tests ● Examples ● Documentation ● … (secure, versioning, lifecycle-readiness) Read more: https://medium.com/@anton.babenko/using-terraform-continuously-common-traits-in-modu les-8036b71764db
  • 19. What’s next? ● Involve more people and code-generators (Terrible, Terrapin, modules.tf) ● Improve automatic test coverage ● Join open-source program to cover some of my time ● Maybe (finally) get acknowledgement and support from AWS :)
  • 20. What is your Terraform question or problem? Hints: Testing? Versioning? Code structure? Working as a team? CI/CD? Automation? Integration with other tools? modules.tf ? Code generation? Missing tools/features? Syntax sugar (features and types of variables)? How to contribute?