Building infrastructure with Terraform (Google)Radek Simko
Building your infrastructure as one-off thing by clicking in the UI of your chosen cloud provider may be easy, but that isn't scalable nor fun in long-term nor in team.
Terraform is a tool for building, changing, and versioning infrastructure safely and efficiently. Terraform can manage existing and popular service providers as well as custom in-house solutions.
Hashidays London 2017 - Evolving your Infrastructure with Terraform By Nicki ...OpenCredo
So you are using Terraform to manage your infrastructure, fantastic! However have you ever accidentally destroyed your production setup? Or managed to change some part of your infrastructure you were not expecting to?
This talk explores some common pain points experienced by users on different parts of their Terraform journey and provides insight into how you can evolve your Terraform setup to manage and address these challenges.
Building infrastructure with Terraform (Google)Radek Simko
Building your infrastructure as one-off thing by clicking in the UI of your chosen cloud provider may be easy, but that isn't scalable nor fun in long-term nor in team.
Terraform is a tool for building, changing, and versioning infrastructure safely and efficiently. Terraform can manage existing and popular service providers as well as custom in-house solutions.
Hashidays London 2017 - Evolving your Infrastructure with Terraform By Nicki ...OpenCredo
So you are using Terraform to manage your infrastructure, fantastic! However have you ever accidentally destroyed your production setup? Or managed to change some part of your infrastructure you were not expecting to?
This talk explores some common pain points experienced by users on different parts of their Terraform journey and provides insight into how you can evolve your Terraform setup to manage and address these challenges.
A presentation from Hashiconf 2016.
Terraform is a wonderful tool for describing infrastructure as code. It’s fast, flexible, automatically resolves dependencies, and is rapidly improving.
But in some ways, Terraform is flexible like AWS is flexible. You can do pretty much anything, but it’s also easy to shoot yourself in the foot if you aren’t careful.
In the past year, we’ve started managing thousands of resources with Terraform, allowing a lot more of the dev team to change the underlying infrastructure. During that time, we’ve learned a lot about how to set up our terraform modules so that they are easy to manage and reuse.
This talk will cover how we manage tfstate, separate environments, specific module definitions, and how use terraform to boot new services in production. I’ll also discuss the challenges we’re currently facing, and how we plan to attack them going forward.
Modern infrastructure can sometimes look like a wedding cake with many different layers. It’s no surprise for seasoned users that Terraform was able to provision the most lower layers - compute - for a long while. Skipping a few layers in between, workload scheduler like Kubernetes is typically represented as the top one, exposing high-level APIs for scheduling and scaling pods, managing persistent volumes and restrictions & limits for scheduling.
Terraform 0.10 comes with Kubernetes provider which supports all stable (v1) Kubernetes resources from K8S 1.6.
In this talk you’ll hear about particular examples of where it’s useful to use Terraform for managing K8S resources, what benefits do you get compared to other solutions and demo gods permitting you’ll also see how to get from zero to an application running on K8S.
https://www.hashiconf.com/talks/radek-simko.html
Recording: https://www.youtube.com/watch?v=-UtqHkrvFro
Managing modern infrastructure presents many different challenges. While the main operational aspects of infrastructure like durability, availability, scalability, security are very important, there’s also one aspect which should enable and support all the others - automation. Automation is a very abstract word, so the talk will briefly explain what benefits does IaC approach bring to the table and why configuration management (often driven by tools like Ansible, Puppet, Salt, Chef etc.) is just one of many layers in an automated production infrastructure. Then we will walk through the main design goals of an open source IaC tool (Terraform) that enables users to write, plan and apply changes of a production infrastructure in Google Cloud, and explain how to do it.
https://devfest.gdg.org.ua/schedule/day1?sessionId=143
Demo: https://github.com/radeksimko/devfest-ua-2017-talk-demo
Terraform: Configuration Management for Cloud ServicesMartin Schütte
Hashicorp's Terraform provides a declarative notation (like Puppet) to describe various cloud resources. It is an open-source tool, provider-independent, and thus able to combine resources from multiple cloud platforms and to be extended through plugins.
The talk demonstrates how to describe a small web application with Terraform, showing how easily all related components can be started, updated, and stopped. It also shows how to organise larger projects using modules and gives an introduction to writing plugins for one’s own services.
Scaling terraform environments infracoders sydney 30 nov 2017William Tsoi
This presentation looks at scaling patterns for Terraform, an infrastructure provisioning tool/language/framework.
I will also demonstrate a code generator that I have written that will ensure that teams can adopt the Terraservices pattern as easily as possible.
https://github.com/williamtsoi1/generator-terraform-environments
A working example of the terraservices pattern is here: https://github.com/williamtsoi1/terraservices-example
This is the story of a company that had 10s of customers and were facing severe scaling issues. They approached us. They had a good product predicting a few hundred customers within 6 months. VCs went to them. Infrastructure scaling was the only unknown; funding for software-defined data centers. We introduced Terraform for infrastructure creation, Chef for OS hardening, and then Packer for supporting AWS as well as VSphere. Then, after a few more weeks, when there was a need for faster response from the data center, we went into Serf to immediately trigger chef-clients and then to Consul for service monitoring.
Want to describe this journey.
Finally, we did the same exact thing in at a Fortune 500 customer to replace 15 year-old scripts. We will also cover sleek ways of dealing with provisioning in different Availability Zones across various AWS regions with Terraform.
Hashicorp’s Terraform provides a declarative notation (like Puppet) to describe various Cloud resources. It is an open-source tool, provider-independent, and thus able to combine resources from multiple cloud platforms and to be extended through plugins. The talk demonstrates how to describe web application infrastructure with Terraform, showing how easily all related components can be started, updated, and stopped.
My talk at FullStackFest, 4.9.2017. Become more familiar with managing infrastructure using Terraform, Packer and deployment pipeline. Code repository - https://github.com/antonbabenko/terraform-deployment-pipeline-talk
Terraform, is no doubt very flexible and powerful. The question is, how do we write Terraform code and construct our infrastructure in a reproducible fashion that makes sense? How can we keep code DRY, segment state, and reduce the risk of making changes to our service/stack/infrastructure?
HashiCorp’s infrastructure management tool, Terraform, is no doubt very flexible and powerful. The question is, how do we write Terraform code and construct our infrastructure in a reproducible fashion that makes sense? How can we keep code DRY, segment state, and reduce the risk of making changes to our service/stack/infrastructure?
This talk describes a design pattern to help answer the previous questions. The talk is divided into two sections, with the first section describing and defining the design pattern with a Deployment Example. The second part uses a multi-repository GitHub organization to create a Real World Example of the design pattern.
A presentation from Hashiconf 2016.
Terraform is a wonderful tool for describing infrastructure as code. It’s fast, flexible, automatically resolves dependencies, and is rapidly improving.
But in some ways, Terraform is flexible like AWS is flexible. You can do pretty much anything, but it’s also easy to shoot yourself in the foot if you aren’t careful.
In the past year, we’ve started managing thousands of resources with Terraform, allowing a lot more of the dev team to change the underlying infrastructure. During that time, we’ve learned a lot about how to set up our terraform modules so that they are easy to manage and reuse.
This talk will cover how we manage tfstate, separate environments, specific module definitions, and how use terraform to boot new services in production. I’ll also discuss the challenges we’re currently facing, and how we plan to attack them going forward.
Modern infrastructure can sometimes look like a wedding cake with many different layers. It’s no surprise for seasoned users that Terraform was able to provision the most lower layers - compute - for a long while. Skipping a few layers in between, workload scheduler like Kubernetes is typically represented as the top one, exposing high-level APIs for scheduling and scaling pods, managing persistent volumes and restrictions & limits for scheduling.
Terraform 0.10 comes with Kubernetes provider which supports all stable (v1) Kubernetes resources from K8S 1.6.
In this talk you’ll hear about particular examples of where it’s useful to use Terraform for managing K8S resources, what benefits do you get compared to other solutions and demo gods permitting you’ll also see how to get from zero to an application running on K8S.
https://www.hashiconf.com/talks/radek-simko.html
Recording: https://www.youtube.com/watch?v=-UtqHkrvFro
Managing modern infrastructure presents many different challenges. While the main operational aspects of infrastructure like durability, availability, scalability, security are very important, there’s also one aspect which should enable and support all the others - automation. Automation is a very abstract word, so the talk will briefly explain what benefits does IaC approach bring to the table and why configuration management (often driven by tools like Ansible, Puppet, Salt, Chef etc.) is just one of many layers in an automated production infrastructure. Then we will walk through the main design goals of an open source IaC tool (Terraform) that enables users to write, plan and apply changes of a production infrastructure in Google Cloud, and explain how to do it.
https://devfest.gdg.org.ua/schedule/day1?sessionId=143
Demo: https://github.com/radeksimko/devfest-ua-2017-talk-demo
Terraform: Configuration Management for Cloud ServicesMartin Schütte
Hashicorp's Terraform provides a declarative notation (like Puppet) to describe various cloud resources. It is an open-source tool, provider-independent, and thus able to combine resources from multiple cloud platforms and to be extended through plugins.
The talk demonstrates how to describe a small web application with Terraform, showing how easily all related components can be started, updated, and stopped. It also shows how to organise larger projects using modules and gives an introduction to writing plugins for one’s own services.
Scaling terraform environments infracoders sydney 30 nov 2017William Tsoi
This presentation looks at scaling patterns for Terraform, an infrastructure provisioning tool/language/framework.
I will also demonstrate a code generator that I have written that will ensure that teams can adopt the Terraservices pattern as easily as possible.
https://github.com/williamtsoi1/generator-terraform-environments
A working example of the terraservices pattern is here: https://github.com/williamtsoi1/terraservices-example
This is the story of a company that had 10s of customers and were facing severe scaling issues. They approached us. They had a good product predicting a few hundred customers within 6 months. VCs went to them. Infrastructure scaling was the only unknown; funding for software-defined data centers. We introduced Terraform for infrastructure creation, Chef for OS hardening, and then Packer for supporting AWS as well as VSphere. Then, after a few more weeks, when there was a need for faster response from the data center, we went into Serf to immediately trigger chef-clients and then to Consul for service monitoring.
Want to describe this journey.
Finally, we did the same exact thing in at a Fortune 500 customer to replace 15 year-old scripts. We will also cover sleek ways of dealing with provisioning in different Availability Zones across various AWS regions with Terraform.
Hashicorp’s Terraform provides a declarative notation (like Puppet) to describe various Cloud resources. It is an open-source tool, provider-independent, and thus able to combine resources from multiple cloud platforms and to be extended through plugins. The talk demonstrates how to describe web application infrastructure with Terraform, showing how easily all related components can be started, updated, and stopped.
My talk at FullStackFest, 4.9.2017. Become more familiar with managing infrastructure using Terraform, Packer and deployment pipeline. Code repository - https://github.com/antonbabenko/terraform-deployment-pipeline-talk
Terraform, is no doubt very flexible and powerful. The question is, how do we write Terraform code and construct our infrastructure in a reproducible fashion that makes sense? How can we keep code DRY, segment state, and reduce the risk of making changes to our service/stack/infrastructure?
HashiCorp’s infrastructure management tool, Terraform, is no doubt very flexible and powerful. The question is, how do we write Terraform code and construct our infrastructure in a reproducible fashion that makes sense? How can we keep code DRY, segment state, and reduce the risk of making changes to our service/stack/infrastructure?
This talk describes a design pattern to help answer the previous questions. The talk is divided into two sections, with the first section describing and defining the design pattern with a Deployment Example. The second part uses a multi-repository GitHub organization to create a Real World Example of the design pattern.
The why, what and how to leverage Terraform to manage Cloud resources safely.
Experience feedback from adoption by Leboncoin DataEngineering team.
In these slides you will find introduction material for beginners and advanced use cases you will quickly be facing when working within a team and with enterprise constraints.
A Hands-on Introduction on Terraform Best Concepts and Best Practices Nebulaworks
At our OC DevOps Meetup, we invited Rami Al-Ghami, a Sr. Software engineer at Workday to deliver a presentation on a Hands-On Terraform Best Concepts and Best Practices.
The software lifecycle does not end when the developer packages their code and makes it ready for deployment. The delivery of this code is an integral part of shipping a product. Infrastructure orchestration and resource configuration should follow a similar lifecycle (and process) to that of the software delivered on it. In this talk, Rami will discuss how to use Terraform to automate your infrastructure and software delivery.
Slides form Config Management Camp, looking at how you can take a collaborative GitFlow approach to Terraform using Remote State, Modules and Dynamically Generated Credentials using Vault
PuppetConf 2016: The Challenges with Container Configuration – David Lutterko...Puppet
Here are the slides from David Lutterkort's PuppetConf 2016 presentation called The Challenges with Container Configuration. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
Introducing containers into your infrastructure brings new capabilities, but also new challenges, in particular around configuration. This talk will take a look under the hood at some of those operational challenges including:
* The difference between runtime and build-time configuration, and the importance of relating the two together.
* Configuration drift, immutable mental models and mutable container file systems.
* Who configures the orchestrators?
* Emergent vs. model driven configuration.
In the process we will identify some common problems and talk about potential solutions.
Talk from PuppetConf 2016
Abstract: At DataRobot we deal with automation challenges every day. This talk will give insight into how we use Python tools built around Ansible, Terraform, and Docker to solve real-world problems in infrastructure and automation.
Presentación empleada en el primer MeetUp AWS del grupo de usuarios de Valencia.
Infraestructura como código empleando Terraform. Se muestra las principales características de esta tecnología que nos permite ser más ágiles y rápidos desplegando nuestras plataformas en AWS.
Vous avez récemment commencé à travailler sur Spark et vos jobs prennent une éternité pour se terminer ? Cette présentation est faite pour vous.
Himanshu Arora et Nitya Nand YADAV ont rassemblé de nombreuses bonnes pratiques, optimisations et ajustements qu'ils ont appliqué au fil des années en production pour rendre leurs jobs plus rapides et moins consommateurs de ressources.
Dans cette présentation, ils nous apprennent les techniques avancées d'optimisation de Spark, les formats de sérialisation des données, les formats de stockage, les optimisations hardware, contrôle sur la parallélisme, paramétrages de resource manager, meilleur data localité et l'optimisation du GC etc.
Ils nous font découvrir également l'utilisation appropriée de RDD, DataFrame et Dataset afin de bénéficier pleinement des optimisations internes apportées par Spark.
May Marketo Masterclass, London MUG May 22 2024.pdfAdele Miller
Can't make Adobe Summit in Vegas? No sweat because the EMEA Marketo Engage Champions are coming to London to share their Summit sessions, insights and more!
This is a MUG with a twist you don't want to miss.
Unleash Unlimited Potential with One-Time Purchase
BoxLang is more than just a language; it's a community. By choosing a Visionary License, you're not just investing in your success, you're actively contributing to the ongoing development and support of BoxLang.
Navigating the Metaverse: A Journey into Virtual Evolution"Donna Lenk
Join us for an exploration of the Metaverse's evolution, where innovation meets imagination. Discover new dimensions of virtual events, engage with thought-provoking discussions, and witness the transformative power of digital realms."
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus
As part of the DOE Integrated Research Infrastructure (IRI) program, NERSC at Lawrence Berkeley National Lab and ALCF at Argonne National Lab are working closely with General Atomics on accelerating the computing requirements of the DIII-D experiment. As part of the work the team is investigating ways to speedup the time to solution for many different parts of the DIII-D workflow including how they run jobs on HPC systems. One of these routes is looking at Globus Compute as a way to replace the current method for managing tasks and we describe a brief proof of concept showing how Globus Compute could help to schedule jobs and be a tool to connect compute at different facilities.
AI Pilot Review: The World’s First Virtual Assistant Marketing SuiteGoogle
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
👉👉 Click Here To Get More Info 👇👇
https://sumonreview.com/ai-pilot-review/
AI Pilot Review: Key Features
✅Deploy AI expert bots in Any Niche With Just A Click
✅With one keyword, generate complete funnels, websites, landing pages, and more.
✅More than 85 AI features are included in the AI pilot.
✅No setup or configuration; use your voice (like Siri) to do whatever you want.
✅You Can Use AI Pilot To Create your version of AI Pilot And Charge People For It…
✅ZERO Manual Work With AI Pilot. Never write, Design, Or Code Again.
✅ZERO Limits On Features Or Usages
✅Use Our AI-powered Traffic To Get Hundreds Of Customers
✅No Complicated Setup: Get Up And Running In 2 Minutes
✅99.99% Up-Time Guaranteed
✅30 Days Money-Back Guarantee
✅ZERO Upfront Cost
See My Other Reviews Article:
(1) TubeTrivia AI Review: https://sumonreview.com/tubetrivia-ai-review
(2) SocioWave Review: https://sumonreview.com/sociowave-review
(3) AI Partner & Profit Review: https://sumonreview.com/ai-partner-profit-review
(4) AI Ebook Suite Review: https://sumonreview.com/ai-ebook-suite-review
Large Language Models and the End of ProgrammingMatt Welsh
Talk by Matt Welsh at Craft Conference 2024 on the impact that Large Language Models will have on the future of software development. In this talk, I discuss the ways in which LLMs will impact the software industry, from replacing human software developers with AI, to replacing conventional software with models that perform reasoning, computation, and problem-solving.
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxrickgrimesss22
Discover the essential features to incorporate in your Winzo clone app to boost business growth, enhance user engagement, and drive revenue. Learn how to create a compelling gaming experience that stands out in the competitive market.
Cyaniclab : Software Development Agency Portfolio.pdfCyanic lab
CyanicLab, an offshore custom software development company based in Sweden,India, Finland, is your go-to partner for startup development and innovative web design solutions. Our expert team specializes in crafting cutting-edge software tailored to meet the unique needs of startups and established enterprises alike. From conceptualization to execution, we offer comprehensive services including web and mobile app development, UI/UX design, and ongoing software maintenance. Ready to elevate your business? Contact CyanicLab today and let us propel your vision to success with our top-notch IT solutions.
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...informapgpstrackings
Keep tabs on your field staff effortlessly with Informap Technology Centre LLC. Real-time tracking, task assignment, and smart features for efficient management. Request a live demo today!
For more details, visit us : https://informapuae.com/field-staff-tracking/
In software engineering, the right architecture is essential for robust, scalable platforms. Wix has undergone a pivotal shift from event sourcing to a CRUD-based model for its microservices. This talk will chart the course of this pivotal journey.
Event sourcing, which records state changes as immutable events, provided robust auditing and "time travel" debugging for Wix Stores' microservices. Despite its benefits, the complexity it introduced in state management slowed development. Wix responded by adopting a simpler, unified CRUD model. This talk will explore the challenges of event sourcing and the advantages of Wix's new "CRUD on steroids" approach, which streamlines API integration and domain event management while preserving data integrity and system resilience.
Participants will gain valuable insights into Wix's strategies for ensuring atomicity in database updates and event production, as well as caching, materialization, and performance optimization techniques within a distributed system.
Join us to discover how Wix has mastered the art of balancing simplicity and extensibility, and learn how the re-adoption of the modest CRUD has turbocharged their development velocity, resilience, and scalability in a high-growth environment.
Check out the webinar slides to learn more about how XfilesPro transforms Salesforce document management by leveraging its world-class applications. For more details, please connect with sales@xfilespro.com
If you want to watch the on-demand webinar, please click here: https://www.xfilespro.com/webinars/salesforce-document-management-2-0-smarter-faster-better/
Listen to the keynote address and hear about the latest developments from Rachana Ananthakrishnan and Ian Foster who review the updates to the Globus Platform and Service, and the relevance of Globus to the scientific community as an automation platform to accelerate scientific discovery.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
How Recreation Management Software Can Streamline Your Operations.pptxwottaspaceseo
Recreation management software streamlines operations by automating key tasks such as scheduling, registration, and payment processing, reducing manual workload and errors. It provides centralized management of facilities, classes, and events, ensuring efficient resource allocation and facility usage. The software offers user-friendly online portals for easy access to bookings and program information, enhancing customer experience. Real-time reporting and data analytics deliver insights into attendance and preferences, aiding in strategic decision-making. Additionally, effective communication tools keep participants and staff informed with timely updates. Overall, recreation management software enhances efficiency, improves service delivery, and boosts customer satisfaction.
First Steps with Globus Compute Multi-User EndpointsGlobus
In this presentation we will share our experiences around getting started with the Globus Compute multi-user endpoint. Working with the Pharmacology group at the University of Auckland, we have previously written an application using Globus Compute that can offload computationally expensive steps in the researcher's workflows, which they wish to manage from their familiar Windows environments, onto the NeSI (New Zealand eScience Infrastructure) cluster. Some of the challenges we have encountered were that each researcher had to set up and manage their own single-user globus compute endpoint and that the workloads had varying resource requirements (CPUs, memory and wall time) between different runs. We hope that the multi-user endpoint will help to address these challenges and share an update on our progress here.
4. OUR INFRASTRUCTURE
➤ 2 AWS Regions
➤ EU-WEST-1
➤ US-EAST-1
➤ Highly elastic platform
➤ 6M RPM average traffic
➤ Peak around 8.5 M
➤ 77% Europe
➤ 23% US
US-EAST-1
EU-WEST-1
5. OUR NEEDS
➤ Operate a 3rd region
➤ Reverse engineer existing regions
➤ Build a staging environment
➤ Better support turnover
➤ Track infra changes and revert them easily
6. ONE SOLUTION
➤ Infrastructure as code
➤ Templates describing your infra
➤ Documentation is in the code
➤ Easier to create a staging env
➤ Code is versioned via Git
7. OUR CHOICE
➤ Terraform
➤ Support for many providers
➤ Cloud IAAS : AWS / GCP / Azure
➤ Virtualization : vSphere / vCloud Director
➤ Monitoring : Datadog / Grafana / statuscake
➤ Alerting : PagerDuty
➤ Open source & Well maintained by HashiCorp
➤ Highly declarative and easily readable
16. TEAMWORK :: BACKENDS
➤ Store your state file(s) remotely using terraform backend
➤ Many different backend available (azure, gcs, consul, s3, http…)
➤ S3 is a great choice for this use case
➤ Enable encryption
➤ Enable versioning
terraform {
backend "s3" {
bucket = "terraform"
key = "myProd.tfstate"
region = "eu-west-1"
profile = "perso"
}
}
17. TEAMWORK :: STATE LOCKING
➤ Locking is pretty new
➤ introduced in 0.9.0
➤ Only works with S3, Consul and Local backends
➤ S3 locking involves DynamoDB
➤ Seems pretty straightforward (haven’t tested it)
terraform {
backend "s3" {
bucket = "terraform"
key = "myProd.tfstate"
region = "eu-west-1"
profile = "perso"
lock_table = "terraform_lock"
}
}
18. TEAMWORK :: REMOTE APPLY (CI)
➤ Mutual agreement from team
➤ No-one should apply from its machine
➤ Jenkins only will apply
➤ Job concurrency == 1
➤ Needs discipline but works well
➤ Enforces the use of Pull-Requests
20. WHAT ARE MODULES ?
➤ A module
➤ is just a folder containing terraform templates
➤ defines a reusable component
➤ is composed of multiple resources
➤ can and should be versioned, tagged
➤ By convention
➤ main.tf : contains resources declaration
➤ variables.tf : contains input variable declaration (with default values)
➤ outputs.tf : contains output variable names and values
21. MODULE DECLARATION :: MAIN.TF
#VPC
resource "aws_vpc" "vpc" {
cidr_block = "${var.vpc_cidr}"
enable_dns_hostnames = true
enable_dns_support = true
instance_tenancy = "default"
enable_classiclink = false
}
# DHCP options
# This is important to populate search section in /etc/resolv.conf
resource "aws_vpc_dhcp_options" "vpc_dhcp_options" {
domain_name = "${var.domain_name}.${var.env} ${var.aws_region}.compute.internal"
domain_name_servers = ["AmazonProvidedDNS"]
}
# DHCP association
# the option needs to be associated with the VPC
resource "aws_vpc_dhcp_options_association" "vpc_dhcp_options_association" {
vpc_id = "${aws_vpc.vpc.id}"
dhcp_options_id = "${aws_vpc_dhcp_options.vpc_dhcp_options.id}"
}
# Internet Gateway, required so that instances get access/be accessed from the Internet
resource "aws_internet_gateway" "internet_gateway" {
vpc_id = "${aws_vpc.vpc.id}"
}
# S3 VPC endpoint, required so that instances with private IPs can get access to S3
resource "aws_vpc_endpoint" "s3_endpoint" {
vpc_id = "${aws_vpc.vpc.id}"
service_name = "com.amazonaws.${var.aws_region}.s3"
}
22. MODULE DECLARATION :: OUTPUTS.TF
output "vpc_id" {
value = "${aws_vpc.vpc.id}"
}
output "main_route_id" {
value = "${aws_vpc.vpc.main_route_table_id}"
}
output "cidr_block" {
value = "${aws_vpc.vpc.cidr_block}"
}
output "igw_id" {
value = "${aws_internet_gateway.internet_gateway.id}"
}
output "s3_endpoint_id" {
value = "${aws_vpc_endpoint.s3_endpoint.id}"
}
25. USING MODULES :: OUTPUTS.TF
output "vpc_staging_id" {
value = "${module.vpc_staging.vpc_id}"
}
output "vpc_prod_id" {
value = "${module.vpc_prod.vpc_id}"
}
output "vpc_staging_igw_id" {
value = "${module.vpc_staging.igw_id}"
}
output "vpc_staging_main_route_id" {
value = "${module.vpc_staging.main_route_id}"
}
output "vpc_staging_cidr_block" {
value = "${module.vpc_staging.cidr_block}"
}
output "vpc_staging_s3_endpoint_id" {
value = "${module.vpc_staging.s3_endpoint_id}"
}
output "vpc_staging_main_vpn_gateway_id" {
value = "${module.vpc_staging.main_vpn_gateway_id}"
}
26. USING MODULES
➤ Modules allows to reuse the same code in different environments
➤ The same module can be used with different input variables in staging
and production environment
➤ The same module can be sourced multiple times, even in the same file
➤ Modules should be sourced from git tags / branches
➤ This allows to update a module while not breaking apply capacity
➤ Use terraform get -update command to source the module before
planning / applying
28. A FEW RULES :: SOURCE CONTROL
➤ Jenkins and Jenkins only will apply
➤ Work on Feature Branch, plan on Feature Branch (through Jenkins)
➤ Pull-Request before merging to master
➤ Only master gets applied
➤ Always Plan before Apply and then Plan again
➤ No silver bullet
➤ Pretty strict rules
➤ Master can be broken
29. A FEW RULES :: ENVIRONMENTS
➤ No unit tests available
➤ Use a staging environment
➤ Always test your code / module in staging before prod
➤ Even to change the name of a Security Group
30. A FEW RULES :: ISOLATION
➤ Large state files are impractical
➤ Changing something may lead to risking everything
➤ The smaller the component, the smaller the risk
➤ Each component has its own state
➤ Reference state from one component in another one
data "terraform_remote_state" "vpc" {
backend = "s3"
config {
bucket = "terraform"
key = "vpc.tfstate"
region = "us-east-1"
profile = "perso"
}
}
31. A FEW RULES :: DIRECTORY STRUCTURE
➤ Define directory level variables
➤ i.e. : environment.tf
➤ contains env and profiles variables
➤ Directories are duplicated between staging and
production
➤ Directories are duplicated between regions
➤ This is the granularity that we need
33. STILL NOT 1.0
➤ Development is very active
➤ New releases will break compatibility
➤ Read changelog before updating
➤ Secret management out-of-the-box is scary
➤ Apply will fail
➤ Even when plan is ok
➤ Example : Wrong CIDR in a subnet attached to a VPC
34. STILL NOT 1.0
➤ RTFM
➤ and read it carefully
➤ ex : Security Group name / description
➤ Declarative, Declarative, Declarative
➤ Stay away from those loops and arrays
➤ Depends on providers so YMMV