This document is a presentation on using Terraform to manage infrastructure as code. It introduces Terraform and explains why it is useful compared to other configuration management tools. It provides examples of defining AWS resources like EC2 instances, Auto Scaling groups, and load balancers in Terraform code. It also demonstrates passing variables, using modules, and rolling out updates. The presentation emphasizes how Terraform allows defining infrastructure in a declarative way and improves reproducibility of environments.

1. Building with Terraform
Volodymyr Tsap Provectus DevOps Meetup 2018

2. About Author
15 years supporting Linux for
money
8 years as a CTO in own
company SHALB.com
10 years Enterprise Business
Applications and SDK’s
support at Genesys

3. Introducing Terraform
● Infrastructure as a code tool
● Environment orchestration
● Reproducible stacks
● Same workflow for all providers

4. Configuration management in numbers
* https://devops-survey.io/DevopsSurveyResults2017.pdf

5. But why we need extra tool beside:
Ansible, Chef, Puppet, SaltStack?

6. Configuration Management vs. Orchestration
Conf Manager tools Orchestration tools
Steps to get the stack state
Install software
Manage config files
Adjust OS parameters
Manage firewalls
Describe desired stack state
Create and map EC2, ELB, SG
Manage cloud-specific
services
Manage security groups

7. Procedural vs. Declarative code style
Ansible
# Add 5 more
- ec2:
count: 5
image: aws-ami
Instance_type: t2.micro
Terraform
# Make sure that we have 5
resource "aws_instance"
"ec2ins" {
count = 5
ami = "aws-ami"
instance_type = "t2.micro"
}

8. Terraform is best for:
● Multi-tier applications
● Self-service infrastructure
● Production, development, and testing
environments
● Continuous delivery

9. Architecture. Agent-less
Terraform
Core
Plugins
Providers
AWS
GCE
K8
Upstream API’s

10. Sample of Supported Providers

11. Setting an Environment
To use with AWS

12. Download Binary. Install. Add AWS keys
That's All!

13. Syntax Highlights

14. Syntax Highlight. Provider Definition

15. Syntax Highlight. Resource Definition

16. Demo Samples
https://github.com/voatsap/provectus

17. Defining our first instance
## Define provider
provider "aws" {
region = "eu-central-1"
}
## Get instance AMI
data "aws_ami" "ubuntu" {
most_recent = true
filter {
name = "name"
values = ["ubuntu/images/hvm-ssd/ubuntu-*-16.04-amd64-server-*"
}
}
# Define the instance
resource "aws_instance" "test-ec2instance" {
ami = "${data.aws_ami.ubuntu.id}"
instance_type = "t2.micro"
}

18. Init Terraform and plan execution

19. Apply and launch our first instance

20. Sample 1. Graphing Sample Instance

21. Sample 2. Parametrizing with Variables
terraform.tfvars
# String
region = "eu-central-1"
# List
vpc_security_group_ids= [ "sg-84e649ed", "sg-90ea45fa" ]
# Map
instance_type = {
production = "t2.micro"
development = "m3.medium"
}

22. Sample 2. Map of Lists
# Map of Lists
vpc_security_group_ids_map = {
eu-central-1 = [ "sg-84e649ed", "sg-90ea45fa" ]
eu-west-1 = [ "sg-1d4ab664", "sg-90ea45fa" ]
}

23. Sample 2. Parametrizing with Variables.
# Define the instance
resource "aws_instance" "test-ec2instance" {
ami = "${data.aws_ami.ubuntu.id}"
vpc_security_group_ids = [ "${var.vpc_security_group_ids[1]}" ]
instance_type = "${lookup(var.instance_type, var.environment)}"
count = 2
}

24. Sample 2. Instance Graph

25. Sample 3. Build custom image using Packer
● Configure AMI using Packer xp-ami-
packer.json
● Install required software to our AMI provision-
ami.sh
● Build new AMI
● Attach to terraform

26. Sample 3. Provisioners
resource "aws_instance" "provectus-instance" {
provisioner "file" {
content = "$(provectus-{count.index + 1}}"
destination = "/etc/hostname"
}
provisioner "remote-exec" {
script = "files/bootstrap_ansible.sh"
}
#AWS user_data
user_data = <<EOF
#!/bin/bash
hostname provectus${count.index + 1} && hostname > /etc/hostname
EOF
}

27. Sample 3. Create RDS and config DB Endpoint
resource "aws_db_instance" "db-instance" {
allocated_storage = 10
engine = "mysql"
engine_version = "5.7.17"
instance_class = "db.t2.micro"
name = "wisehandsdb"
username = "root"
password = "dfe6iWTjxOgeY"
# Passing to app config
sed -i 's/mysql-database-endpoint/${aws_db_instance.db-
instance.username}:${aws_db_instance.db-
instance.password}@${aws_db_instance.db-
instance.endpoint}/${aws_db_instance.db-instance.name}/g'
/home/ubuntu/wisehands.me/conf/application.conf

28. Sample 3. Graphing Stack

29. Sample 4. Templates
data "template_file" "init" {
template = "${file("files/init.tpl")}"
count = "${length(var.instance_suffix)}"
vars {
dbendpoint="${aws_db_instance.db-instance.username}"
instancehostname="provectus-
${var.instance_suffix[count.index]"
}
}
files/init.tpl:
#!/bin/bash
echo ${instancehostname} > /etc/hostname

30. Sample 4. Create multiple resources
terraform.tfvars:
# Define instance suffix
instance_suffix = ["blue","green"]
instance.tf:
resource "aws_instance" "provectus-instance" {
ami = "${data.aws_ami.provectus-ami.id}"
name="provectus-${var.instance_suffix[count.index]}-
${count.index}
…
# Nubmer of instances
count = "${length(var.instance_suffix)}"
}

31. Sample 4. Adding IAM profile
# Define a policy
resource "aws_iam_policy" "ec2-ro-policy"
# STS AssumeRole Data
data "aws_iam_policy_document" "instance-assume-role-policy"
# Add EC2 instance role
resource "aws_iam_role" "ec2-instance-role"
# Attach policy to role
resource "aws_iam_policy_attachment" "ec2-policy-attachment"
# Create instance profile and attach the role
resource "aws_iam_instance_profile" "ec2-instance-profile"

32. Sample 4. Graphing an Environment

33. Sample 5. Building VPC. Define Variables
vpc_cidr = {
production = "10.10.0.0/16"
development = "10.3.0.0/16"
default_subnet_cidr_block = {
production = "10.10.0.0/22"
development = "10.3.0.0/22"
default_db_subnet_cidr_block = { … }
default_subnet_availability_zone = { … }
default_db_subnet_availability_zone = { … }
production = "eu-central-1b"
development = "eu-west-1b"
}

34. Sample 5. Building a Module

35. Sample 5. Launch Conf, ASG, Metrics
# Creating launch configuration
resource "aws_launch_configuration" "launch-provectus"
# Add Auto Scaling Group
resource "aws_autoscaling_group" "asg-provectus"
# Autoscale policy
resource "aws_autoscaling_policy" "scale_in_provectus"
# Autoscale Alarm Metrics
resource "aws_cloudwatch_metric_alarm"
metric_alarm_cpu_high_provectus"

36. Sample 5. LoadBalancers, DNS, Certificates
● Define a Load Balancer
● Create Route53 record
● Add Certificates via ACM
● Attach Cert to ELB
● Attach Route53 record to ELB

37. Sample 5. Finishing the Stack
Zoom: http://auth.shalb.com/sample5.png

38. Appendix A. Performing a rolling update
# Set the lifecycle for launch configuration and ASG
lifecycle { create_before_destroy = true }
# The launch configuration omit name definition
# allowing the terraform to set it
# ASG interpolates the LC name into its name so any changes
# force a replacement of the ASG.
name = "asg-${aws_launch_configuration.launch-
provectus.name}”
# Define the minimum node capacity per group
wait_for_elb_capacity =
“${var.instance_count_provectus_min}”

39. Terraform Hints
● Terraforming
● External data sources
● HTTP Data Source
● AWS Service Limits
● Delegate outputs via remote state
● .tfstate diff versioning via s3 snapshots
● erraform best practices

40. Terraform Drawbacks
● A big effort to import large infrastructure
● Plans could fail, even valid ones
● There is no rollback
● Eventual consistency because of async
● No manual intervention allowed

41. Terraform Summary
● DRY IaaC
● It’s Simple and human friendly
● Fast prototyping, quick implementation
● Cool for teamwork
● The next step in infrastructure management

42. Thank you!
Volodymyr Tsap
Co-founder/CTO at SHALB.com
Email: voa@shalb.com
Skype: volodymyr.tsap
Linkedin: voatsap
Facebook: volodymyr.tsap
https://github.com/voatsap/provectus