- Mon 10 July 2023
- DevOps
- #terraform, #dataops, #devops, #cloud
This article is part of a series.
Understanding the basics of Terraform
- [ Introduction to Terraform ]
- Creating an AWS RDS instance with Terraform
- Creating an AWS EC2 instance with Terraform
- Creating an AWS IAM role with Terraform
- Creating an AWS IAM user with Terraform
TL;DR
Terraform is a tool used in the field of infrastructure as code (IaC) to create and manage computer resources – servers, networks, databases, and so on. It allows us to define a desired infrastructure in a configuration file using a simple and declarative language.
Once a Terraform project is started, the state of the managed infrastructure and configuration needs to be stored somewhere - usually locally or on AWS S3. Then, that state file is used by Terraform essentially to map real-world resources to our configuration file and keep track of metadata.
Here are some important Terraform commands to know:
terraform plan
: Generates an execution plan, showing changes to infrastructure resources that would be made when appliedterraform apply
: Applies the changes defined in Terraform configuration to create or update infrastructure resourcesterraform destroy
: Destroys and removes all resources created by Terraform for a given configurationterraform show
: Displays the current state or details of Terraform-managed resourcesterraform import
: Imports existing infrastructure resources into Terraform's state for management
What is Terraform?
Before we jump into coding things out, let's go over some key concepts of Terraform.
Terraform is a tool used in the field of infrastructure as code (IaC) to create and manage computer resources – servers, networks, databases, and so on. It allows us to define a desired infrastructure in a configuration file using a simple and declarative language.
Once we have defined our infrastructure configuration, Terraform takes care of provisioning and managing the resources. It interacts with cloud providers like Amazon Web Services (AWS) to create and update infrastructure based on the configuration provided in the file.
Using Terraform enables us to treat infrastructure as code – we can version control it, collaborate with others, and easily replicate or rebuild it in a consistent and repeatable manner.
And since we're going to be provisioning infrastructure in AWS, it's also important to understand the difference between a resource, an instance, and a service.
- A resource is a logical entity that represents a piece of AWS infrastructure – an S3 bucket, an EC2 instance, an RDS database
- An instance is a specific occurrence of a resource that is created from a particular template or configuration – an EC2 instance is a virtual server that is launched from an Amazon Machine Image (AMI). Each instance is a unique copy of the AMI, with its own IP address, storage, and other attributes
- A service is a collection of related AWS resources and API operations that work together to perform a specific function – AWS offers over 200 different services, including compute, storage, database, analytics, machine learning, and more
Getting the environment ready
There are a few steps we need to go through in order to get our development environment ready:
- Install AWS CLI
- Run
aws configure
on the terminal and provide the following parametersAWS Access Key ID
AWS Secret Access Key
Default region name
Default output format
- Run
- Install Terraform CLI
Project structure
Here's the project structure we are working with:
my-project/
└── terraform/
└── main.tf
And here's the boilerplate code we're starting with:
# Specify AWS resource
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 4.0"
}
}
}
# Configure the AWS Provider
provider "aws" {
region = "us-east-1"
}
# Define where the state will be stored
terraform {
backend "local" {
path = ".tfstate"
}
}
To start the Terraform project, we navigate to the my-project/terraform/ directory and run terraform init
which essentially downloads all necessary modules and defines the backend.
Wait, what is this backend thing?
To understand what the Terraform backend is, let's quickly cover what a Terraform state is first.
You probably saw some state-related code in the code snippet I provided earlier:
# Define where the state will be stored
terraform {
backend "local" {
path = ".tfstate"
}
}
Once a Terraform project is started, the state of the managed infrastructure and configuration needs to be stored somewhere, and that state is used by Terraform essentially to map real-world resources to our configuration file and keep track of metadata.
Here are some key aspects of the Terraform state:
- Its primary purpose is to store bindings between objects in a remote system (e.g. an EC2 instance) and resource instances declared in a configuration file
- It's generally saved in a file called
terraform.tfstate
- It can be stored locally – recommended for developing purposes
- It can be stored in the cloud (e.g S3) – recommended for deployment purposes, so it can be versioned, encrypted, and securely shared
The backend simply defines where Terraform stores its state.
How to "run" terraform code
We already have some Terraform code, can't we just run it? Kinda. Let's take a look at the following commands:
terraform plan
terraform apply
terraform destroy
terraform show
terraform import
Terraform plan
The terraform plan
command creates a plan. It can be used to preview the planned changes to the infrastructure.
Under the hood, the command:
- Reads the current state of any remote objects to make sure that the Terraform state is up-to-date
- Compares the current configuration to the prior state and notes any differences
- Proposes a set of change actions that should, if applied, make the remote objects match the configuration
Terraform apply
The terraform plan
command applies the changes to the infrastructure to get to the state where the remote objects match the configuration. terraform apply
can be run without running terraform plan
first although it's not recommended.
Terraform destroy
The terraform destroy
command is used to destroy all mapped objects. terraform plan -destroy
can be used to see what destruction will be made beforehand.
It is also worth mentioning that if the infrastructure has already been provisioned with terraform apply
, removing objects from the Terraform code and running terraform apply
again will also destroy them.
Terraform show
The terraform show
command can be used at any time to inspect the configuration of a Terraform state.
Terraform import
The terraform import
command can be used for bringing existing resources under Terraform management.
With that in our toolkit, it's time to get our hands dirty.