SlideShare a Scribd company logo

Manage AWS infrastructure as code using Terraform

Download as PPTX, PDF
Anton Babenko
Anton Babenko

Update (June 2017): There is more recent version of similar talk by me -https://www.slideshare.net/AntonBabenko/continuously-delivering-infrastructure-using-terraform-and-packer-training-material State of AWS infrastructure management tools. Getting started with Terraform. Feature comparison with AWS Cloudformation. Multiple demos of how Terraform can supplement 100% of AWS features. Continuous Integration & Continuous Deployment greenfield demo. All code demonstrated during this presentation is open-source.

Technology
1 of 48
MANAGE AWS INFRASTRUCTURE AS CODE USING TERRAFORM
Hello! I AM ANTON BABENKO I enjoy AWS, DevOps, solutions architecture & web-development github.com/antonbabenko linkedin.com/in/antonbabenko
COOL COMPANIES
0. AGENDA
0. AGENDA 1.State of things 2.Terraform 101 ●Getting started with Terraform 3.Terraform 201 ●Advanced concepts in Terraform ● Demos 4.CI/CD with Terraform ●Demo
1. STATE OF THINGS AWS + Infrastructure as code
AVAILABLE TOOLS ○AWS CloudFormation ○Puppet, Chef, Ansible, Salt… ○AWS API, libraries (Boto, Fog) ○Terraform by HashiCorp
AVAILABLE TOOLS ○AWS CloudFormation ●http://www.slideshare.net/AntonBabenko/mana ging-aws-infrastructure-using-cloudformation ○Puppet, Chef, Ansible, Salt… ○AWS API, libraries (Boto, Fog) ○Terraform by HashiCorp
““HashiCorp is Atlassian for DevOps.” Someone at DevOps conference
TERRAFORM Terraform is a tool for building, changing, and versioning infrastructure safely and efficiently. www.terraform.io
Latest version: 0.6.8 (released 2.12.2015) Open-source, written in Golang. Very active development: ○CHANGELOG.md (ca. 1 release per month) ○GitHub Issues (ca. 5-15 issues resolving daily) ○Growing community (IRC, Mailing list, Stack Overflow) TERRAFORM FACTS
TERRAFORM VS CLOUDFORMATION Principles
CloudFormation Terraform Configuration format JSON HCL/JSON State management No Yes Execution control No Yes! Logical comparisons Yes Limited Supports iterations No Yes Manage already created resources No Yes (hard) Providers supported Only AWS 20+ (incl. AWS, GCE, Azure)
CloudFormation Terraform AWS resource types 121 103 Resource properties and operations completeness 90% Work in progress Handle failures * Optional rollback Fix it & retry Contribute? No Yes! GH issue #28 AWS SPECIFICS
AWS CLOUDFORMATION DESIGNER
TERRAFORM GRAPH
2. TERRAFORM Commands
TERRAFORM COMMANDS $ terraform usage: terraform [--version] [--help] <command> [<args>] Available commands are: apply Builds or changes infrastructure destroy Destroy Terraform-managed infrastructure get Download and install modules for the configuration graph Create a visual graph of Terraform resources init Initializes Terraform configuration from a module output Read an output from a state file plan Generate and show an execution plan refresh Update local state file against real resources remote Configure remote state storage show Inspect Terraform state or plan taint Manually mark a resource for recreation version Prints the Terraform version
TERRAFORM COMMANDS $ terraform usage: terraform [--version] [--help] <command> [<args>] Available commands are: apply Builds or changes infrastructure destroy Destroy Terraform-managed infrastructure get Download and install modules for the configuration graph Create a visual graph of Terraform resources init Initializes Terraform configuration from a module output Read an output from a state file plan Generate and show an execution plan refresh Update local state file against real resources remote Configure remote state storage show Inspect Terraform state or plan taint Manually mark a resource for recreation version Prints the Terraform version
TERRAFORM REMOTE Configures remote state storage with Terraform *.tf AWS infrastructure terraform.tfstate S3, Atlas, Consul, etcd, HTTP
TERRAFORM PLAN Generates an execution plan for Terraform *.tf AWS infrastructure terraform.tfstate
TERRAFORM APPLY Builds or changes infrastructure according to Terraform configuration files *.tf AWS infrastructure terraform.tfstate
TERRAFORM REFRESH Update the state file of your infrastructure with metadata that matches the physical resources they are tracking *.tf AWS infrastructure terraform.tfstate
TERRAFORM DESTROY Destroy Terraform-managed infrastructure *.tf AWS infrastructure terraform.tfstate
TERRAFORM TAINT Manually mark a resource as tainted, forcing a destroy and recreate on the next plan/apply *.tf AWS infrastructure terraform.tfstate
TERRAFORM GRAPH Draw nice visual dependency graph of Terraform resources according to configuration files $ terraform graph -draw-cycles | dot -Tpng -o graph.png
TERRAFORM etc $ terraform --help
3. TERRAFORM Warm up...
TERRAFORM - WARM-UP Keep Terraform shared state files on Amazon S3 and enable bucket versioning: aws s3api create-bucket --bucket my-terraform-states --acl authenticated-read --create-bucket-configuration LocationConstraint=eu-west-1 aws s3api put-bucket-versioning --bucket my-terraform-states --versioning-configuration Status=Enabled
TERRAFORM WARM-UP QUESTIONS? ○ How many environments? ○ How many AWS regions? ○ How many DevOps will be involved? ● It is not so important.
TERRAFORM In action
TERRAFORM - DEMO 1 There was nothing in AWS account, so let’s create new VPC, subnets and deploy heavy web-app Complete code and slides: http://github.com/antonbabenko/terraform-aws-devops
PROJECTS /SHARED-AWS
PROJECTS /HEAVY
TERRAFORM WAYS TO STRUCTURE CONFIGS ○ One-in-all: ● Good for partial and disposable setups ○ Separate by environments: ● One project = one environment ● Each environment may contain different modules ● Read more ○ Layered projects (shared infrastructure): ● Separate responsibilities (eg, “read-only” shared infrastructure for app developers) ● Easy to extend layers independently (using modules) ● Small = fast
TERRAFORM HOW TO STRUCTURE CONFIGS ○ Keep 1 Terraform state for each combination of project per environment (in 1 AWS region) ● eg, one-in-all = 1 Terraform state per environment ○ More environments = more combinations ○ Global AWS resources (eg, S3 buckets, EIP, IAM, Route53 zones, CodeDeploy applications): ● Keep them in Terraform states without separation by environments ○ Use environment in resource tags ○ Use modules
TERRAFORM - MODULES “Modules in Terraform are self-contained packages of Terraform configurations that are managed as a group.” Support versioning: Community modules - https://github.com/terraform-community-modules/ module "vpc" { source = "github.com/terraform-community-modules/tf_aws_vpc_only?ref=v1.0.0" cidr = "${var.vpc_cidr}" }
Let’s import very important S3 bucket into Terraform configs, so that we can manage that resource using Terraform. Explanation: Import of already created resources to Terraform state is not supported by Terraform natively, but it is possible. TERRAFORM - DEMO 2 New resource!
Our application ELB should contain custom security policy with specific set of SSL ciphers. Explanation: “SSL ciphers” is not implemented as aws_elb resource type property. TERRAFORM - DEMO 3 Updated!
Our Heavy application team needs Redshift cluster available, so that developers can query it. Explanation: Redshift is not among supported resource types by Terraform, but it is supported by AWS CloudFormation. TERRAFORM - DEMO 4
Terraform can create and manage AWS infrastructure which is: ○ New (has no resources) ○ Contains already existing resources Terraform can: ○ Supplement resource types properties currently not supported natively ○ Supplement resource types currently not supported natively. TERRAFORM - DEMO SUMMARY
4. TERRAFORM Demo: Continuous Integration & Continuous Deployment (beta)
○ Using feature branches ○ Lock master branch ○ New push into feature branch: ● terraform production init + plan ○ Feature merged into master branch: ● terraform production init + plan + apply ○ Too risky? Combine: ● terraform plan -out=plan_${GIT_SHA}.out ● terraform apply plan_${GIT_SHA}.out ○ Terraform plugin for Jenkins, if you ask TERRAFORM - CI/CD
Responsibly deploy applications and make changes to infrastructure with Atlas by HashiCorp atlas.hashicorp.com
SUMMARY Terraform is cool, isn’t it ?
I REALLY LIKE QUESTIONS
THANK YOU! All code from this talk: https://github.com/antonbabenko/terraform-aws-devops

Recommended

Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...
Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...
Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...
Amazon Web Services
 
Building infrastructure with Terraform (Google)
Building infrastructure with Terraform (Google)Building infrastructure with Terraform (Google)
Building infrastructure with Terraform (Google)
Radek Simko
 
Comprehensive Terraform Training
Comprehensive Terraform TrainingComprehensive Terraform Training
Comprehensive Terraform Training
Yevgeniy Brikman
 
Using Terraform.io (Human Talks Montpellier, Epitech, 2014/09/09)
Using Terraform.io (Human Talks Montpellier, Epitech, 2014/09/09)Using Terraform.io (Human Talks Montpellier, Epitech, 2014/09/09)
Using Terraform.io (Human Talks Montpellier, Epitech, 2014/09/09)
Stephane Jourdan
 
CloudFormation vs Terraform vs Ansible
CloudFormation vs Terraform vs AnsibleCloudFormation vs Terraform vs Ansible
CloudFormation vs Terraform vs Ansible
Mattias Gees
 
Managing AWS infrastructure using CloudFormation
Managing AWS infrastructure using CloudFormationManaging AWS infrastructure using CloudFormation
Managing AWS infrastructure using CloudFormation
Anton Babenko
 
An intro to Docker, Terraform, and Amazon ECS
An intro to Docker, Terraform, and Amazon ECSAn intro to Docker, Terraform, and Amazon ECS
An intro to Docker, Terraform, and Amazon ECS
Yevgeniy Brikman
 
Infrastructure as code with Terraform
Infrastructure as code with TerraformInfrastructure as code with Terraform
Infrastructure as code with Terraform
Sam Bashton
 

Recommended

Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...
Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...
Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...
Amazon Web Services
 
Building infrastructure with Terraform (Google)
Building infrastructure with Terraform (Google)Building infrastructure with Terraform (Google)
Building infrastructure with Terraform (Google)
Radek Simko
 
Comprehensive Terraform Training
Comprehensive Terraform TrainingComprehensive Terraform Training
Comprehensive Terraform Training
Yevgeniy Brikman
 
Using Terraform.io (Human Talks Montpellier, Epitech, 2014/09/09)
Using Terraform.io (Human Talks Montpellier, Epitech, 2014/09/09)Using Terraform.io (Human Talks Montpellier, Epitech, 2014/09/09)
Using Terraform.io (Human Talks Montpellier, Epitech, 2014/09/09)
Stephane Jourdan
 
CloudFormation vs Terraform vs Ansible
CloudFormation vs Terraform vs AnsibleCloudFormation vs Terraform vs Ansible
CloudFormation vs Terraform vs Ansible
Mattias Gees
 
Managing AWS infrastructure using CloudFormation
Managing AWS infrastructure using CloudFormationManaging AWS infrastructure using CloudFormation
Managing AWS infrastructure using CloudFormation
Anton Babenko
 
An intro to Docker, Terraform, and Amazon ECS
An intro to Docker, Terraform, and Amazon ECSAn intro to Docker, Terraform, and Amazon ECS
An intro to Docker, Terraform, and Amazon ECS
Yevgeniy Brikman
 
Infrastructure as code with Terraform
Infrastructure as code with TerraformInfrastructure as code with Terraform
Infrastructure as code with Terraform
Sam Bashton
 
Terraform: An Overview & Introduction
Terraform: An Overview & IntroductionTerraform: An Overview & Introduction
Terraform: An Overview & Introduction
Lee Trout
 
Terraform Modules and Continuous Deployment
Terraform Modules and Continuous DeploymentTerraform Modules and Continuous Deployment
Terraform Modules and Continuous Deployment
Zane Williamson
 
Orchestrating Docker with Terraform and Consul by Mitchell Hashimoto
Orchestrating Docker with Terraform and Consul by Mitchell Hashimoto Orchestrating Docker with Terraform and Consul by Mitchell Hashimoto
Orchestrating Docker with Terraform and Consul by Mitchell Hashimoto
Docker, Inc.
 
Infrastructure as code: running microservices on AWS using Docker, Terraform,...
Infrastructure as code: running microservices on AWS using Docker, Terraform,...Infrastructure as code: running microservices on AWS using Docker, Terraform,...
Infrastructure as code: running microservices on AWS using Docker, Terraform,...
Yevgeniy Brikman
 
Terraform Introduction
Terraform IntroductionTerraform Introduction
Terraform Introduction
soniasnowfrog
 
Effective terraform
Effective terraformEffective terraform
Effective terraform
Calvin French-Owen
 
Terraform: Cloud Configuration Management (WTC/IPC'16)
Terraform: Cloud Configuration Management (WTC/IPC'16)Terraform: Cloud Configuration Management (WTC/IPC'16)
Terraform: Cloud Configuration Management (WTC/IPC'16)
Martin Schütte
 
Delivering Go.CD with Terraform and Docker
Delivering Go.CD with Terraform and DockerDelivering Go.CD with Terraform and Docker
Delivering Go.CD with Terraform and Docker
Jorrit Salverda
 
Dust.js
Dust.jsDust.js
Dust.js
Yevgeniy Brikman
 
Startup DNA: Speed Wins
Startup DNA: Speed WinsStartup DNA: Speed Wins
Startup DNA: Speed Wins
Yevgeniy Brikman
 
Rapid prototyping
Rapid prototypingRapid prototyping
Rapid prototyping
Yevgeniy Brikman
 
Build Features, Not Apps
Build Features, Not AppsBuild Features, Not Apps
Build Features, Not Apps
Natasha Murashev
 
AWS CloudFormation: Infrastructure as Code | AWS Public Sector Summit 2016
AWS CloudFormation: Infrastructure as Code | AWS Public Sector Summit 2016AWS CloudFormation: Infrastructure as Code | AWS Public Sector Summit 2016
AWS CloudFormation: Infrastructure as Code | AWS Public Sector Summit 2016
Amazon Web Services
 
Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...
Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...
Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...
Nati Shalom
 
Startup Ideas and Validation
Startup Ideas and ValidationStartup Ideas and Validation
Startup Ideas and Validation
Yevgeniy Brikman
 
Terraform: Configuration Management for Cloud Services
Terraform: Configuration Management for Cloud ServicesTerraform: Configuration Management for Cloud Services
Terraform: Configuration Management for Cloud Services
Martin Schütte
 
Go.cd - the tool that Jenkins ain't
Go.cd - the tool that Jenkins ain'tGo.cd - the tool that Jenkins ain't
Go.cd - the tool that Jenkins ain't
Fredrik Wendt
 
Rhodix-blog-Satellite-Ansible-xor
Rhodix-blog-Satellite-Ansible-xorRhodix-blog-Satellite-Ansible-xor
Rhodix-blog-Satellite-Ansible-xor
Stefan van Oirschot
 
foreman_provision – Infrastructure as code
foreman_provision – Infrastructure as codeforeman_provision – Infrastructure as code
foreman_provision – Infrastructure as code
inovex GmbH
 
Infrastructure as code: Cloud-Umgebungen mit Terraform verwalten
Infrastructure as code: Cloud-Umgebungen mit Terraform verwaltenInfrastructure as code: Cloud-Umgebungen mit Terraform verwalten
Infrastructure as code: Cloud-Umgebungen mit Terraform verwalten
inovex GmbH
 
Manage any AWS resources with Terraform 0.12 - April 2020
Manage any AWS resources with Terraform 0.12 - April 2020Manage any AWS resources with Terraform 0.12 - April 2020
Manage any AWS resources with Terraform 0.12 - April 2020
Anton Babenko
 
Terraform 0.12 + Terragrunt
Terraform 0.12 + TerragruntTerraform 0.12 + Terragrunt
Terraform 0.12 + Terragrunt
Anton Babenko
 

More Related Content

Viewers also liked

Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...
Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...
Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...
Nati Shalom
 
Rhodix-blog-Satellite-Ansible-xor
Rhodix-blog-Satellite-Ansible-xorRhodix-blog-Satellite-Ansible-xor
Rhodix-blog-Satellite-Ansible-xor
Stefan van Oirschot
 
foreman_provision – Infrastructure as code
foreman_provision – Infrastructure as codeforeman_provision – Infrastructure as code
foreman_provision – Infrastructure as code
inovex GmbH
 
Infrastructure as code: Cloud-Umgebungen mit Terraform verwalten
Infrastructure as code: Cloud-Umgebungen mit Terraform verwaltenInfrastructure as code: Cloud-Umgebungen mit Terraform verwalten
Infrastructure as code: Cloud-Umgebungen mit Terraform verwalten
inovex GmbH
 

Viewers also liked (20)

Terraform: An Overview & Introduction
Terraform: An Overview & IntroductionTerraform: An Overview & Introduction
Terraform: An Overview & Introduction
 
Terraform Modules and Continuous Deployment
Terraform Modules and Continuous DeploymentTerraform Modules and Continuous Deployment
Terraform Modules and Continuous Deployment
 
Orchestrating Docker with Terraform and Consul by Mitchell Hashimoto
Orchestrating Docker with Terraform and Consul by Mitchell Hashimoto Orchestrating Docker with Terraform and Consul by Mitchell Hashimoto
Orchestrating Docker with Terraform and Consul by Mitchell Hashimoto
 
Infrastructure as code: running microservices on AWS using Docker, Terraform,...
Infrastructure as code: running microservices on AWS using Docker, Terraform,...Infrastructure as code: running microservices on AWS using Docker, Terraform,...
Infrastructure as code: running microservices on AWS using Docker, Terraform,...
 
Terraform Introduction
Terraform IntroductionTerraform Introduction
Terraform Introduction
 
Effective terraform
Effective terraformEffective terraform
Effective terraform
 
Terraform: Cloud Configuration Management (WTC/IPC'16)
Terraform: Cloud Configuration Management (WTC/IPC'16)Terraform: Cloud Configuration Management (WTC/IPC'16)
Terraform: Cloud Configuration Management (WTC/IPC'16)
 
Delivering Go.CD with Terraform and Docker
Delivering Go.CD with Terraform and DockerDelivering Go.CD with Terraform and Docker
Delivering Go.CD with Terraform and Docker
 
Dust.js
Dust.jsDust.js
Dust.js
 
Startup DNA: Speed Wins
Startup DNA: Speed WinsStartup DNA: Speed Wins
Startup DNA: Speed Wins
 
Rapid prototyping
Rapid prototypingRapid prototyping
Rapid prototyping
 
Build Features, Not Apps
Build Features, Not AppsBuild Features, Not Apps
Build Features, Not Apps
 
AWS CloudFormation: Infrastructure as Code | AWS Public Sector Summit 2016
AWS CloudFormation: Infrastructure as Code | AWS Public Sector Summit 2016AWS CloudFormation: Infrastructure as Code | AWS Public Sector Summit 2016
AWS CloudFormation: Infrastructure as Code | AWS Public Sector Summit 2016
 
Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...
Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...
Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...
 
Startup Ideas and Validation
Startup Ideas and ValidationStartup Ideas and Validation
Startup Ideas and Validation
 
Terraform: Configuration Management for Cloud Services
Terraform: Configuration Management for Cloud ServicesTerraform: Configuration Management for Cloud Services
Terraform: Configuration Management for Cloud Services
 
Go.cd - the tool that Jenkins ain't
Go.cd - the tool that Jenkins ain'tGo.cd - the tool that Jenkins ain't
Go.cd - the tool that Jenkins ain't
 
Rhodix-blog-Satellite-Ansible-xor
Rhodix-blog-Satellite-Ansible-xorRhodix-blog-Satellite-Ansible-xor
Rhodix-blog-Satellite-Ansible-xor
 
foreman_provision – Infrastructure as code
foreman_provision – Infrastructure as codeforeman_provision – Infrastructure as code
foreman_provision – Infrastructure as code
 
Infrastructure as code: Cloud-Umgebungen mit Terraform verwalten
Infrastructure as code: Cloud-Umgebungen mit Terraform verwaltenInfrastructure as code: Cloud-Umgebungen mit Terraform verwalten
Infrastructure as code: Cloud-Umgebungen mit Terraform verwalten
 

More from Anton Babenko

More from Anton Babenko (20)

Manage any AWS resources with Terraform 0.12 - April 2020
Manage any AWS resources with Terraform 0.12 - April 2020Manage any AWS resources with Terraform 0.12 - April 2020
Manage any AWS resources with Terraform 0.12 - April 2020
 
Terraform 0.12 + Terragrunt
Terraform 0.12 + TerragruntTerraform 0.12 + Terragrunt
Terraform 0.12 + Terragrunt
 
Terraform Best Practices - DevOps Unicorns 2019
Terraform Best Practices - DevOps Unicorns 2019Terraform Best Practices - DevOps Unicorns 2019
Terraform Best Practices - DevOps Unicorns 2019
 
Terraform AWS modules and some best practices - September 2019
Terraform AWS modules and some best practices - September 2019Terraform AWS modules and some best practices - September 2019
Terraform AWS modules and some best practices - September 2019
 
What you see is what you get for AWS infrastructure
What you see is what you get for AWS infrastructureWhat you see is what you get for AWS infrastructure
What you see is what you get for AWS infrastructure
 
Terraform AWS modules and some best-practices - May 2019
Terraform AWS modules and some best-practices - May 2019Terraform AWS modules and some best-practices - May 2019
Terraform AWS modules and some best-practices - May 2019
 
Terraform modules and some of best-practices - March 2019
Terraform modules and some of best-practices - March 2019Terraform modules and some of best-practices - March 2019
Terraform modules and some of best-practices - March 2019
 
What you see is what you get for AWS infrastructure
What you see is what you get for AWS infrastructureWhat you see is what you get for AWS infrastructure
What you see is what you get for AWS infrastructure
 
Gotchas using Terraform in a secure delivery pipeline
Gotchas using Terraform in a secure delivery pipelineGotchas using Terraform in a secure delivery pipeline
Gotchas using Terraform in a secure delivery pipeline
 
Описание инфраструктуры с Terraform на будущее
Описание инфраструктуры с Terraform на будущееОписание инфраструктуры с Terraform на будущее
Описание инфраструктуры с Terraform на будущее
 
Preview of Terraform 0.12 + modules.tf - Kiev HUG meetup
Preview of Terraform 0.12 + modules.tf - Kiev HUG meetupPreview of Terraform 0.12 + modules.tf - Kiev HUG meetup
Preview of Terraform 0.12 + modules.tf - Kiev HUG meetup
 
Terraform modules and (some of) best practices
Terraform modules and (some of) best practicesTerraform modules and (some of) best practices
Terraform modules and (some of) best practices
 
Terraform modules and (some of) best practices
Terraform modules and (some of) best practicesTerraform modules and (some of) best practices
Terraform modules and (some of) best practices
 
Terraform modules and best-practices - September 2018
Terraform modules and best-practices - September 2018Terraform modules and best-practices - September 2018
Terraform modules and best-practices - September 2018
 
Building infrastructure as code using Terraform - DevOps Krakow
Building infrastructure as code using Terraform - DevOps KrakowBuilding infrastructure as code using Terraform - DevOps Krakow
Building infrastructure as code using Terraform - DevOps Krakow
 
Terraform Q&A - HashiCorp User Group Oslo
Terraform Q&A - HashiCorp User Group OsloTerraform Q&A - HashiCorp User Group Oslo
Terraform Q&A - HashiCorp User Group Oslo
 
"I’ve heard you know infrastructure"
"I’ve heard you know infrastructure""I’ve heard you know infrastructure"
"I’ve heard you know infrastructure"
 
Terraform in deployment pipeline
Terraform in deployment pipelineTerraform in deployment pipeline
Terraform in deployment pipeline
 
"Continuously delivering infrastructure using Terraform and Packer" training ...
"Continuously delivering infrastructure using Terraform and Packer" training ..."Continuously delivering infrastructure using Terraform and Packer" training ...
"Continuously delivering infrastructure using Terraform and Packer" training ...
 
Continuous delivery in AWS
Continuous delivery in AWSContinuous delivery in AWS
Continuous delivery in AWS
 

Recently uploaded

Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
FIDO Alliance
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overview
DianaGray10
 
The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...
The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...
The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...
SOFTTECHHUB
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc
 

Recently uploaded (20)

ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptx
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
 
AI mind or machine power point presentation
AI mind or machine power point presentationAI mind or machine power point presentation
AI mind or machine power point presentation
 
Microsoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireMicrosoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - Questionnaire
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overview
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate Guide
 
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
 
Top 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTop 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development Companies
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...
The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...
The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
 
Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream Processing
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!
 
Overview of Hyperledger Foundation
Overview of Hyperledger FoundationOverview of Hyperledger Foundation
Overview of Hyperledger Foundation
 
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
 
Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxSimplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptx
 
Generative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdfGenerative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdf
 

Manage AWS infrastructure as code using Terraform

  • 2. Hello! I AM ANTON BABENKO I enjoy AWS, DevOps, solutions architecture & web-development github.com/antonbabenko linkedin.com/in/antonbabenko
  • 5. 0. AGENDA 1.State of things 2.Terraform 101 ●Getting started with Terraform 3.Terraform 201 ●Advanced concepts in Terraform ● Demos 4.CI/CD with Terraform ●Demo
  • 6. 1. STATE OF THINGS AWS + Infrastructure as code
  • 7. AVAILABLE TOOLS ○AWS CloudFormation ○Puppet, Chef, Ansible, Salt… ○AWS API, libraries (Boto, Fog) ○Terraform by HashiCorp
  • 9.
  • 10. ““HashiCorp is Atlassian for DevOps.” Someone at DevOps conference
  • 11. TERRAFORM Terraform is a tool for building, changing, and versioning infrastructure safely and efficiently. www.terraform.io
  • 12. Latest version: 0.6.8 (released 2.12.2015) Open-source, written in Golang. Very active development: ○CHANGELOG.md (ca. 1 release per month) ○GitHub Issues (ca. 5-15 issues resolving daily) ○Growing community (IRC, Mailing list, Stack Overflow) TERRAFORM FACTS
  • 14. CloudFormation Terraform Configuration format JSON HCL/JSON State management No Yes Execution control No Yes! Logical comparisons Yes Limited Supports iterations No Yes Manage already created resources No Yes (hard) Providers supported Only AWS 20+ (incl. AWS, GCE, Azure)
  • 15. CloudFormation Terraform AWS resource types 121 103 Resource properties and operations completeness 90% Work in progress Handle failures * Optional rollback Fix it & retry Contribute? No Yes! GH issue #28 AWS SPECIFICS
  • 19. TERRAFORM COMMANDS $ terraform usage: terraform [--version] [--help] <command> [<args>] Available commands are: apply Builds or changes infrastructure destroy Destroy Terraform-managed infrastructure get Download and install modules for the configuration graph Create a visual graph of Terraform resources init Initializes Terraform configuration from a module output Read an output from a state file plan Generate and show an execution plan refresh Update local state file against real resources remote Configure remote state storage show Inspect Terraform state or plan taint Manually mark a resource for recreation version Prints the Terraform version
  • 20. TERRAFORM COMMANDS $ terraform usage: terraform [--version] [--help] <command> [<args>] Available commands are: apply Builds or changes infrastructure destroy Destroy Terraform-managed infrastructure get Download and install modules for the configuration graph Create a visual graph of Terraform resources init Initializes Terraform configuration from a module output Read an output from a state file plan Generate and show an execution plan refresh Update local state file against real resources remote Configure remote state storage show Inspect Terraform state or plan taint Manually mark a resource for recreation version Prints the Terraform version
  • 21. TERRAFORM REMOTE Configures remote state storage with Terraform *.tf AWS infrastructure terraform.tfstate S3, Atlas, Consul, etcd, HTTP
  • 22. TERRAFORM PLAN Generates an execution plan for Terraform *.tf AWS infrastructure terraform.tfstate
  • 23. TERRAFORM APPLY Builds or changes infrastructure according to Terraform configuration files *.tf AWS infrastructure terraform.tfstate
  • 24. TERRAFORM REFRESH Update the state file of your infrastructure with metadata that matches the physical resources they are tracking *.tf AWS infrastructure terraform.tfstate
  • 25. TERRAFORM DESTROY Destroy Terraform-managed infrastructure *.tf AWS infrastructure terraform.tfstate
  • 26. TERRAFORM TAINT Manually mark a resource as tainted, forcing a destroy and recreate on the next plan/apply *.tf AWS infrastructure terraform.tfstate
  • 27. TERRAFORM GRAPH Draw nice visual dependency graph of Terraform resources according to configuration files $ terraform graph -draw-cycles | dot -Tpng -o graph.png
  • 30. TERRAFORM - WARM-UP Keep Terraform shared state files on Amazon S3 and enable bucket versioning: aws s3api create-bucket --bucket my-terraform-states --acl authenticated-read --create-bucket-configuration LocationConstraint=eu-west-1 aws s3api put-bucket-versioning --bucket my-terraform-states --versioning-configuration Status=Enabled
  • 31. TERRAFORM WARM-UP QUESTIONS? ○ How many environments? ○ How many AWS regions? ○ How many DevOps will be involved? ● It is not so important.
  • 33. TERRAFORM - DEMO 1 There was nothing in AWS account, so let’s create new VPC, subnets and deploy heavy web-app Complete code and slides: http://github.com/antonbabenko/terraform-aws-devops
  • 36. TERRAFORM WAYS TO STRUCTURE CONFIGS ○ One-in-all: ● Good for partial and disposable setups ○ Separate by environments: ● One project = one environment ● Each environment may contain different modules ● Read more ○ Layered projects (shared infrastructure): ● Separate responsibilities (eg, “read-only” shared infrastructure for app developers) ● Easy to extend layers independently (using modules) ● Small = fast
  • 37. TERRAFORM HOW TO STRUCTURE CONFIGS ○ Keep 1 Terraform state for each combination of project per environment (in 1 AWS region) ● eg, one-in-all = 1 Terraform state per environment ○ More environments = more combinations ○ Global AWS resources (eg, S3 buckets, EIP, IAM, Route53 zones, CodeDeploy applications): ● Keep them in Terraform states without separation by environments ○ Use environment in resource tags ○ Use modules
  • 38. TERRAFORM - MODULES “Modules in Terraform are self-contained packages of Terraform configurations that are managed as a group.” Support versioning: Community modules - https://github.com/terraform-community-modules/ module "vpc" { source = "github.com/terraform-community-modules/tf_aws_vpc_only?ref=v1.0.0" cidr = "${var.vpc_cidr}" }
  • 39. Let’s import very important S3 bucket into Terraform configs, so that we can manage that resource using Terraform. Explanation: Import of already created resources to Terraform state is not supported by Terraform natively, but it is possible. TERRAFORM - DEMO 2 New resource!
  • 40. Our application ELB should contain custom security policy with specific set of SSL ciphers. Explanation: “SSL ciphers” is not implemented as aws_elb resource type property. TERRAFORM - DEMO 3 Updated!
  • 41. Our Heavy application team needs Redshift cluster available, so that developers can query it. Explanation: Redshift is not among supported resource types by Terraform, but it is supported by AWS CloudFormation. TERRAFORM - DEMO 4
  • 42. Terraform can create and manage AWS infrastructure which is: ○ New (has no resources) ○ Contains already existing resources Terraform can: ○ Supplement resource types properties currently not supported natively ○ Supplement resource types currently not supported natively. TERRAFORM - DEMO SUMMARY
  • 43. 4. TERRAFORM Demo: Continuous Integration & Continuous Deployment (beta)
  • 44. ○ Using feature branches ○ Lock master branch ○ New push into feature branch: ● terraform production init + plan ○ Feature merged into master branch: ● terraform production init + plan + apply ○ Too risky? Combine: ● terraform plan -out=plan_${GIT_SHA}.out ● terraform apply plan_${GIT_SHA}.out ○ Terraform plugin for Jenkins, if you ask TERRAFORM - CI/CD
  • 45. Responsibly deploy applications and make changes to infrastructure with Atlas by HashiCorp atlas.hashicorp.com
  • 47. I REALLY LIKE QUESTIONS
  • 48. THANK YOU! All code from this talk: https://github.com/antonbabenko/terraform-aws-devops

Editor's Notes

  1. Organizer of AWS user group norway AWS certified solution architect and sysops Doing web-development, devops for the last 10+ years. Doing AWS for the last 5 years. open-source, team leadership windsurfing, sailing, paragliding
  2. Who is using AWS API directly or using libraries (like Troposphere written in Python) ?
  3. Who is using AWS API directly or using libraries (like Troposphere written in Python) ?
  4. State management - TF has local tfstate file describing metadata of created resources Execution control = well controlled. Plan => output file or limit by targets => apply with confidence. CF can only validate syntax. Logical comparisons = more, less, equal value. In TF you can use “count=0” or “count=1” resource parameter instead of boolean true/false to control resource creation. Manage already created resources like EIP, S3 buckets, VPC is not possible without deleting them first.
  5. Some resource properties (for example, ec2 keypair) can be created using AWS API, but not available in CloudFormation. Terraform uses AWS API, so you can get/update missing properties in many cases. update_rollback_failed = contact customer service --- Handle failures => Partial State and Error Handling If an error happens at any stage in the lifecycle of a resource, Terraform stores a partial state of the resource. This behavior is critical for Terraform to ensure that you don't end up with any zombie resources: resources that were created by Terraform but no longer managed by Terraform due to a loss of state.
  6. Atlas, Consul, etcd, S3 or HTTP Terraform will automatically update remote state file once where are any changes in it. There are also ways to pull and push to remote state file.
  7. Refresh state locally and generate execution plan based on tf configs
  8. Apply the changes required to reach the desired state of the configuration. Or the pre-determined set of actions generated by a terraform plan execution plan.
  9. Refresh state locally and generate execution plan based on tf configs
  10. Destroy resources managed by Terraform. Can be previewed by running “$ terraform plan -destroy”. Also can be limited by using “-target” and it will delete resources which were dependent on targets.
  11. This will not modify your infrastructure. This command changes your state to mark a resource as tainted so that during the next plan or apply, that resource will be destroyed and recreated.
  12. This will not modify your infrastructure. This command changes your state to mark a resource as tainted so that during the next plan or apply, that resource will be destroyed and recreated.