AUTOMATE PROVISIONING OF
AWS STORAGE INFRASTRUCTURE ON CLOUD USING TERRAFORM
Explore our Case Studies
Explore our Blogs
What is Terraform?
Infrastructure as Code (IaC) is the process of managing and provisioning infrastructure through code instead of manual intervention. Today, IaC is becoming more popular due to the rapid adoption of cloud technologies and the increased focus of companies on DevOps tools and techniques. There are a wide variety of IaC tools available in the market, and a few of them have been listed below.
-
Terraform
-
Pulumi
-
AWS Cloud Formation
-
Azure Resource Manager
-
Google Cloud Deployment manager
-
Ansible
-
Puppet
​
Among these, Terraform is the most popular tool widely used in many organizations. Terraform is developed by Hashicorp and is written in the Go Programming language. Terraform is cloud agnostic, which means it can work with multiple cloud providers and this is one of the reasons for the wide adoption of this tool. In this blog, we'll concentrate on the key Terraform components and how we can use them to set up an AWS infrastructure.
Providers
Providers are used for API interactions and exposing resources. A sample AWS provider configuration is shown below.
provider "aws" {
region = "us-east-1"
}
All the available providers can be viewed at https://registry.terraform.io/browse/providers
​
We can hardcode the access and secret keys along with the provider configuration, but it is not a security best practice. Instead, it should be safely stored in a key vault and should be accessed during runtime.
We can do a terraform init to download the plugins associated with the provider and make use of it. We can also explicitly add a version constraint in the provider block, to download that particular version of the provider.
Resources
A resource block defines the actual resource that is going to be created using terraform like EC2 instance, S3 bucket, etc. A sample resource block for ec2 instance creation is shown below.
resource "aws_s3_bucket" "bucket1" {
bucket = "my-test-bucket"
tags = {
Name = "Dev - bucket"
Environment = "Dev"
}
}
Modules
Terraform modules are used to group resources and reuse them at a later point in time. Every terraform configuration has a root module. A module can call other modules which allow us to include child module resources in the configuration.
module "servers" {
source = “./app-cluster”
servers = 5
}
Creating Infrastructure using Terraform
Once the terraform configurations are ready, the "terraform fmt" command can be used to rewrite Terraform configuration files to a canonical format and style. "Terraform validate" to check whether the configurations are syntactically correct, or not.
The "Terraform plan" command is used to evaluate the terraform configuration to determine the desired state of all the resources it declares, and then compares that desired state to the real infrastructure objects being managed with the current working directory and workspace. The "terraform apply" command is used to create the resources and update the state file. The "terraform destroy" command is used to destroy the resources created using Terraform. A sample terraform apply is shown below.
$ terraform apply## ... Output truncated ...An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ createTerraform will perform the following actions:# aws_instance.example will be created
+ resource "aws_instance" "example" {
+ ami = " ami-1234abcd"
+ arn = (known after apply)
+ associate_public_ip_address = (known after apply)
+ availability_zone = (known after apply)
+ cpu_core_count = (known after apply)
+ cpu_threads_per_core = (known after apply)
+ get_password_data = false
+ host_id = (known after apply)
+ id = (known after apply)
+ instance_state = (known after apply)
+ instance_type = "t2.micro"
+ ipv6_address_count = (known after apply)
+ ipv6_addresses = (known after apply)## ... Output truncated ...Plan: 1 to add, 0 to change, 0 to destroy.
Terraform State
When the terraform apply command is executed, it will create a file known as "terraform.tfstate", which in turn contains the details of the resources which terraform had created. For a production environment, it is recommended to store the state in a safe location preferably in a remote backend like AWS DynamoDB. We can inspect the state using terraform state list command and can alter or delete the state file using terraform state mv and rm commands.
​
References
Terraform AWS documentation - https://learn.hashicorp.com/collections/terraform/aws-get-started
Terraform language guide - https://www.terraform.io/language/syntax/configuration
Terraform modules - https://learn.hashicorp.com/collections/terraform/modules
​
Author
Cyril Johnson, StarOne IT Solutions