DEV Community: Harshvardhan Scindia The latest articles on DEV Community by Harshvardhan Scindia (@harshscindia). https://dev.to/harshscindia https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F40646%2F6c92e87d-51bd-41d9-9ff1-256a3885230f.png DEV Community: Harshvardhan Scindia https://dev.to/harshscindia en Getting started with Terraform Harshvardhan Scindia Wed, 13 Dec 2023 08:23:16 +0000 https://dev.to/harshscindia/getting-started-with-terraform-4g4a https://dev.to/harshscindia/getting-started-with-terraform-4g4a <p>Terraform is an open-source and cloud-agnostic Infrastructure as Code (IaC) tool. Terraform uses declarative configuration files. The configuration files are written in Hashicorp Configuration Language (HCL).</p> <p>Terraform Features:</p> <ul> <li>Installable modules</li> <li>Plan and predict changes</li> <li>Dependency graphing</li> <li>Terraform registry with 1000+ providers</li> </ul> <h2> Installing Terraform and VS Code </h2> <p>We will be using VS Code to write Terraform code. We will also be installing the VS Code extension for Terraform for syntax highlighting.</p> <h3> Installing VS Code </h3> <ul> <li>VS Code: VS Code can be downloaded from <a href="https://code.visualstudio.com/download">https://code.visualstudio.com/download</a> </li> <li>VS Code Extensions: <ul> <li>Terraform: <a href="https://marketplace.visualstudio.com/items?itemName=4ops.terraform">https://marketplace.visualstudio.com/items?itemName=4ops.terraform</a> </li> </ul> </li> </ul> <h3> Installing Terraform </h3> <p>Terraform is distributed as a single binary. Below are the steps to download and install Terraform on Windows.</p> <p>Download Link: <a href="https://developer.hashicorp.com/terraform/install">https://developer.hashicorp.com/terraform/install</a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--EIrh3t2C--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/y4vtrht37jc9iojqfdpa.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--EIrh3t2C--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/y4vtrht37jc9iojqfdpa.png" alt="Image description" width="800" height="450"></a></p> <ol> <li>Download the zip file from the above link</li> <li>Create a <code>terraform</code> directory in the <code>C:</code> drive <img src="https://res.cloudinary.com/practicaldev/image/fetch/s--J3L7mVQT--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/gzp5eeg1r9l8a0qbsc1q.png" alt="Image description" width="800" height="430"> </li> <li>Copy <code>terraform_1.6.5_windows_amd64.zip</code> from <code>Downloads</code> folder to <code>C:\terraform</code>.</li> <li>Unzip <code>terraform_1.6.5_windows_amd64.zip</code>. <img src="https://res.cloudinary.com/practicaldev/image/fetch/s---uZG4wn---/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/1t8p0r28k92zf87ybkh7.PNG" alt="Image description" width="614" height="454"> </li> <li>Adding terraform binary to Windows <code>Path</code>. <img src="https://res.cloudinary.com/practicaldev/image/fetch/s--XTk5Bs_O--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/025w06mv3o5mqznsakal.png" alt="Environment Variable Search" width="800" height="648"> <center>Searching for environment variables in windows search</center> <img src="https://res.cloudinary.com/practicaldev/image/fetch/s--BjohbE2K--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/5npputxzn2cqvzbueqa0.PNG" alt="System Properties" width="412" height="468"><center>System Properties</center> <img src="https://res.cloudinary.com/practicaldev/image/fetch/s--Kkz25qBO--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/r5oojm256uohgvrwepno.png" alt="Path Variable" width="745" height="711"> <center>Environment Variables</center> <img src="https://res.cloudinary.com/practicaldev/image/fetch/s--u5fRL9fa--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/57g1vzji3vt6dheivrmx.png" alt="Terraform Path" width="800" height="449"><center>Edit Environment Variable</center> <img src="https://res.cloudinary.com/practicaldev/image/fetch/s--dtsG2ZRx--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/nxii27oru6oaynbgnj43.PNG" alt="Completed Terraform Path" width="527" height="501"><center>Added Terraform to <code>path</code> environment variable</center> </li> <li>Verify the terraform installation with the following commands </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>terraform <span class="nt">-help</span> terraform <span class="nt">-version</span> </code></pre> </div> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--bHwjYeM8--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/yn2zf8r1wu7m2ef8myed.PNG" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--bHwjYeM8--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/yn2zf8r1wu7m2ef8myed.PNG" alt="Verifying Terraform Installtion" width="800" height="430"></a></p> <h2> Configuring AWS Provider and Init </h2> <p>Create a hcl file called as <code>providers.tf</code> and paste the below code in it.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">terraform</span> <span class="p">{</span> <span class="nx">required_providers</span> <span class="p">{</span> <span class="nx">aws</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">source</span> <span class="p">=</span> <span class="s2">"hashicorp/aws"</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="nx">provider</span> <span class="s2">"aws"</span> <span class="p">{</span> <span class="nx">region</span> <span class="p">=</span> <span class="s2">"us-west-2"</span> <span class="p">}</span> </code></pre> </div> <h3> Terraform init </h3> <p>Run the <code>terraform init</code> command to initialize the terraform directory to download and install the aws provider.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>terraform init </code></pre> </div> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--jtu9HAXw--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/iixvcnzsg2pfyfk08lzn.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--jtu9HAXw--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/iixvcnzsg2pfyfk08lzn.png" alt="Terraform Init" width="800" height="450"></a></p> <h2> Creating a VPC resource </h2> <p>VPC is a logically isolated section of the AWS Cloud where we can launch AWS resources. A VPC consists of the following resources.</p> <ul> <li>Security Groups: Acts as a firewall at the instance level.</li> <li>Subnets: A logical partition of the VPC into multiple smaller network segments.</li> <li>NACLs (Network Access Control Lists): Acts as the firewall at the subnet level.</li> <li>Route Tables: Determine where network traffic from subnets is directed.</li> <li>Internet Gateway: Enable access to the Internet. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="c1">// aws resource logical name</span> <span class="c1">// | |</span> <span class="c1">// V V </span> <span class="nx">resource</span> <span class="s2">"aws_vpc"</span> <span class="s2">"mtc_vpc"</span> <span class="p">{</span> <span class="nx">cidr_block</span> <span class="p">=</span> <span class="s2">"10.123.0.0/16"</span> <span class="nx">enable_dns_hostnames</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">enable_dns_support</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">tags</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">Name</span> <span class="p">=</span> <span class="s2">"dev"</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Subnets </h3> <p>Subnets are a logical partition of the VPC into multiple smaller network segments. Subnets can be public or private.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">resource</span> <span class="s2">"aws_subnet"</span> <span class="s2">"mtc_public_subnet"</span> <span class="p">{</span> <span class="c1">// Reference the VPC using the id</span> <span class="nx">vpc_id</span> <span class="p">=</span> <span class="nx">aws_vpc</span><span class="p">.</span><span class="nx">mtc_vpc</span><span class="p">.</span><span class="nx">id</span> <span class="nx">cidr_block</span> <span class="p">=</span> <span class="s2">"10.12.0.0/24"</span> <span class="nx">map_public_ip_on_launch</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">availability_zone</span> <span class="p">=</span> <span class="s2">"us-west-2a"</span> <span class="nx">tags</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"dev-public"</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Internet Gateway </h3> <ul> <li>Allows resources (e.g. EC2 Instances) in a VPC to connect to the Internet.</li> <li>Must be created separately from a VPC</li> <li>One VPC can only be attached to one IGW and vice versa.</li> <li>Internet Gateways on their own do not allow Internet access route tables must also be edited. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">resource</span> <span class="s2">"aws_internet_gateway"</span> <span class="s2">"mtc_internet_gateway"</span> <span class="p">{</span> <span class="nx">vpc_id</span> <span class="p">=</span> <span class="nx">aws_vpc</span><span class="p">.</span><span class="nx">mtc_vpc</span><span class="p">.</span><span class="nx">id</span> <span class="nx">tags</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">Name</span><span class="p">=</span> <span class="s2">"dev-igw"</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Route table </h3> <p>We need to create a route table to route traffic from our subnet to internet gateway.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">resource</span> <span class="s2">"aws_route_table"</span> <span class="s2">"mtc_public_rt"</span> <span class="p">{</span> <span class="nx">vpc_id</span> <span class="p">=</span> <span class="nx">aws_vpc</span><span class="p">.</span><span class="nx">mtc_vpc</span><span class="p">.</span><span class="nx">id</span> <span class="nx">tags</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">Name</span> <span class="p">=</span> <span class="s2">"dev_public_rt"</span> <span class="p">}</span> <span class="p">}</span> <span class="nx">resource</span> <span class="s2">"aws_route"</span> <span class="s2">"default_route"</span> <span class="p">{</span> <span class="nx">route_table_id</span> <span class="p">=</span> <span class="nx">aws_route_table</span><span class="p">.</span><span class="nx">mtc_public_rt</span><span class="p">.</span><span class="nx">id</span> <span class="nx">destination_cidr_block</span> <span class="p">=</span> <span class="s2">"0.0.0.0/0"</span> <span class="nx">gateway_id</span> <span class="p">=</span> <span class="nx">aws_internet_gateway</span><span class="p">.</span><span class="nx">mtc_internet_gateway</span><span class="p">.</span><span class="nx">id</span> <span class="p">}</span> </code></pre> </div> <h3> Route table association </h3> <p>We need to create an association between the route table and subnet.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">resource</span> <span class="s2">"aws_route_table_association"</span> <span class="s2">"mtc_public_access"</span> <span class="p">{</span> <span class="nx">subnet_id</span> <span class="p">=</span> <span class="nx">aws_subnet</span><span class="p">.</span><span class="nx">mtc_public_subnet</span><span class="p">.</span><span class="nx">id</span> <span class="nx">route_table_id</span> <span class="p">=</span> <span class="nx">aws_route_table</span><span class="p">.</span><span class="nx">mtc_public_rt</span><span class="p">.</span><span class="nx">id</span> <span class="p">}</span> </code></pre> </div> <h2> AMI Data source </h2> <ul> <li>AMI = Amazon Machine Image </li> <li>AMI are a customization of an EC2 instance <ul> <li>You add your own software, configuration, operating system, monitoring</li> <li>Faster boot / configuration time because all software is pre-packaged.</li> </ul> </li> <li>AMIs are build for a specific region (and can be copied across regions)</li> </ul> <p>Create a new file <code>datasources.tf</code> and copy the below code<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">data</span> <span class="s2">"aws_ami"</span> <span class="s2">"server_ami"</span> <span class="p">{</span> <span class="nx">most_recent</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">owners</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"099720109477"</span><span class="p">]</span> <span class="nx">filter</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"name"</span> <span class="nx">values</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-*"</span><span class="p">]</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Security Groups </h3> <ul> <li>Security groups are the fundamental of network security in AWS. They control how traffic is allowed into or out of our EC2 Instances.</li> <li>Security groups only contain allow rules.</li> <li>Security groups rules can reference by IP or by security group.</li> <li>Security groups act as a firewall on EC2 Instances</li> <li>They regulate: <ul> <li>Access to ports.</li> <li>Authorized IP ranges - IPv4 AND IPv6</li> <li>Control of inbound network.</li> <li>Control of outbound network. </li> </ul> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">resource</span> <span class="s2">"aws_security_group"</span> <span class="s2">"mtc_sg"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"dev_sg"</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"dev security group"</span> <span class="nx">vpc_id</span> <span class="p">=</span> <span class="nx">aws_vpc</span><span class="p">.</span><span class="nx">mtc_vpc</span><span class="p">.</span><span class="nx">id</span> <span class="nx">ingress</span> <span class="p">{</span> <span class="nx">from_port</span> <span class="p">=</span> <span class="mi">0</span> <span class="nx">to_port</span> <span class="p">=</span> <span class="mi">0</span> <span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"-1"</span> <span class="nx">cidr_blocks</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"0.0.0.0/0"</span><span class="p">]</span> <span class="p">}</span> <span class="nx">egress</span> <span class="p">{</span> <span class="nx">from_port</span> <span class="p">=</span> <span class="mi">0</span> <span class="nx">to_port</span> <span class="p">=</span> <span class="mi">0</span> <span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"-1"</span> <span class="nx">cidr_blocks</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"0.0.0.0/0"</span><span class="p">]</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> Key Pair </h2> <p>Generating a <code>Key Pair</code> for SSH<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ssh-keygen <span class="nt">-t</span> ed25519 </code></pre> </div> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--wHAcgQiS--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/4962kuas99fj138qtau2.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--wHAcgQiS--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/4962kuas99fj138qtau2.png" alt="Generating SSH keypair using ssh-keygen" width="800" height="359"></a> </p> <center>Generating SSH keypair using ssh-keygen</center> <br> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">resource</span> <span class="s2">"aws_key_pair"</span> <span class="s2">"mtc_auth"</span> <span class="p">{</span> <span class="nx">key_name</span> <span class="p">=</span> <span class="s2">"mtc_key"</span> <span class="nx">public_key</span> <span class="p">=</span> <span class="nx">file</span><span class="p">(</span><span class="s2">"~/.ssh/mtckey.pub"</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <h2> Creating an EC2 Instance </h2> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">resource</span> <span class="s2">"aws_instance"</span> <span class="s2">"dev_node"</span> <span class="p">{</span> <span class="nx">instance_type</span> <span class="p">=</span> <span class="s2">"t2.micro"</span> <span class="c1">// free tier</span> <span class="nx">ami</span> <span class="p">=</span> <span class="nx">data</span><span class="p">.</span><span class="nx">aws_ami</span><span class="p">.</span><span class="nx">server_ami</span><span class="p">.</span><span class="nx">id</span> <span class="nx">tags</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">Name</span> <span class="p">=</span> <span class="s2">"dev-node"</span> <span class="p">}</span> <span class="nx">key_name</span> <span class="p">=</span> <span class="nx">aws_key_pair</span><span class="p">.</span><span class="nx">mtc_auth</span><span class="p">.</span><span class="nx">id</span> <span class="nx">vpc_security_group_ids</span> <span class="p">=</span> <span class="p">[</span><span class="nx">aws_security_group</span><span class="p">.</span><span class="nx">mtc_sg</span><span class="p">.</span><span class="nx">id</span><span class="p">]</span> <span class="nx">subnet_id</span> <span class="p">=</span> <span class="nx">aws_subnet</span><span class="p">.</span><span class="nx">mtc_public</span><span class="p">.</span><span class="nx">id</span> <span class="nx">root_block_device</span> <span class="p">{</span> <span class="nx">volume_size</span> <span class="p">=</span> <span class="mi">10</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> SSH login </h2> <p>login to EC2 Instance using SSH.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ssh ~<span class="se">\.</span>ssh<span class="se">\m</span>tckey ubuntu@public-ip-address </code></pre> </div> <h2> Cleanup </h2> <p>We need to clean up all the created resources using terraform destroy.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>terraform destroy </code></pre> </div> terraform aws infrastructureascode devops