Introduction to Infastructure as code with Terraform and Amazon Web Services

1. Infrastructure As Code
with Terraform
by Mario Inga C.
@mario21ic

2. Who am I?
• Mario J. Inga Cahuana
• Software Developer
• Job: DevOps en Yarkan
• Music: Metal m/
• https://github.com/mario21ic

3. The problem
• Environment like Prod
• Replication
• Fragile
• Versioning
• Documentation

4. Terraform
• Execution plans
• Resource graph
• Change automation
• Agnostic
• HCL is the HashiCorp configuration language.
• Development with Go
https://github.com/hashicorp/terraform

5. Example
provider "aws" {
region = "${var.region}"
}
resource "aws_vpc" "vpc" {
cidr_block = "${var.vpc_cidr}"
instance_tenancy = "default"
enable_dns_support = true
enable_dns_hostnames = true
}

6. Providers
• IaaS (e.g. AWS, GCP, Azure, OpenStack), PaaS
(e.g. Heroku), or SaaS (e.g. Atlas, DNSimple,
Cloudflare).
• https://www.terraform.io/docs/providers/

7. Provisioners
• Used to execute scripts on a local or remote
machine as part of resource creation or
destruction.
• Can be used to bootstrap a resource, cleanup
before destroy, run configuration management, etc.
• There are: chef, connection, file, local-exec,
remote-exec, null_resource

8. Demo
• 1 VPC
• 1 Route Table
• 4 Subnets: 2 publics and 2 privates
• 2 Zones
• 2 EC2
• Move to another region

9. Demo

10. Infrastructure As Code

11. HCL - Provider

12. HCL - Resource

13. Stacks
• Plan:
• plan
• plan -destroy
• Create / Modify: apply
• Read: show
• Delete: destroy

14. State
• Generate files:
• terraform.tfstate
• terraform.tfstate.backup

15. Targets
• Plan:
• terraform plan -target=module.vpc
• terraform plan -destroy -target=module.vpc
• Destroy
• terraform destroy -target=module.vpc
• Show
• terraform show -target=module.vpc

16. Filters data
• No more aws cli
• No more tags
• No more tricks
• Use:
data "aws_ami" "ami" {
most_recent = true
filter {
name = "name"
values = ["${var.ami_name}"]
}
filter {
name = "virtualization-type"
values = ["hvm"]
}
}
"${data.aws_ami.ami.id}"

17. Variables input file
• Default: terraform.tfvars
• Alternative: -var-file="dev.tfvars"
region = "eu-west-1"
name = "dev"
# VPC
vpc_cidr = "10.0.0.0/16"

18. All files in one
• main.tf
• data.tf
• provider.tf
• variables.tf
• terraform.tfvars
• outputs.tf

19. Environments
• List:
$ terraform env list
• Create
$ terraform env new dev
• Select
$ terraform env select dev

20. Module
• DRY, Don't Repeat Yourself
• Supports:
• Local file paths
• Github
• Bitbucket
• Http urls
• S3

21. Module
• Download: terraform get -update=true
module "vpc" {
source = "github.com/mario21ic/terraform-aws-vpc"
region = "${var.region}"
name = “${var.name}"
…
}

22. Recomendaciones
• Automatizar todo lo que se pueda y deba.
• Usa un storage para los states
• No existe la bala de plata
• La nube no la controlamos al 100%, ejem: la caída
de Aws S3
• Es mejor tener un plan a no tener ninguno

23. Material
• https://github.com/mario21ic/infrastructure-as-code-
terraform-aws
• https://www.terraform.io/docs/
• Ebooks:
• The Terraform Book - James Turnbull
https://terraformbook.com
• Terraform up & running - Yevgeniy Brikman
http://shop.oreilly.com/product/0636920061939.do

24. Preguntas?
@mario21ic