Introduction
Terraform is an open-source infrastructure as code software tool, it allows you to manage and automate the infrastructure of the application. Terraform uses declarative language, it means we don't have to define every step of the control flow, but it focuses in what end result we want and Terraform will find a way of how to execute it.
Infrastructure as code (IaC) is the management and provisionment of infrastructure (networks, virtual machines, load balancers, and connection topology) through machine-readable definition files, rather than physical hardware configuration or interactive configuration tools. This makes a valued tool for many DevOps engineers.
Terraform can manage a lot of cloud infrastructure providers such as Amazon Web Services, Microsoft Azure, IBM Cloud, Google Cloud Platform, DigitalOcean, Linode, Oracle Cloud Infrastructure and also in-house solutions.
Installation
Terraform can be installed in Linux, Mac or Windows. The available downloads for the operative system can be found here https://www.terraform.io/downloads.html. The installation is very simple, in this case for CentOS/RHEL we have to run a few commands
sudo yum install -y yum-utils
sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo
sudo yum -y install terraform
terraform -help
We can also run Terraform using Docker
docker pull hashicorp/terraform
docker run -it -v $PWD:/workspace -w /workspace hashicorp/terraform:light validate
The -w flag creates the /workspace directory and sets it as the new working directory, overwriting the terraform image’s default. The above example will run the Terraform validate command.
Configuration file
The configuration files will contain the descriptions of the infrastructure, these files by convention end with .tf. Terraform language uses blocks to represent the configuration of some kind of object, like a resource.
The provider block configures the named provider, in this case aws. The region attribute is where the instance will be created, the code us-east-1 means the instance will be created in US East (N. Virginia).
The AWS provider offers several ways of providing credentials for authentication.
Static credentials: these credentials can be provided by adding the user's security credentials access_key and secret_key in-line in the AWS provider block. This configuration is not recommended, and risks secret leakage should this file ever be committed to a public version control system
provider "aws" {
region = "us-east-1"
access_key = "ABCDEFGHIJKLMNOP"
secret_key = "ABCDEFGHIJKLMNOPABCDEFGHIJKLMNOP"
}
Environment variables: we can use the environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY. We can create the variables in the terminal
export AWS_ACCESS_KEY_ID="ABCDEFGHIJKLMNOP"
export AWS_SECRET_ACCESS_KEY="ABCDEFGHIJKLMNOPABCDEFGHIJKLMNOP"
Shared credentials file: we can use an AWS credentials or configuration file to specify your credentials. We will need to create a file named ~/.aws/credentials and it will contain
[default]
aws_access_key_id=ABCDEFGHIJKLMNOP
aws_secret_access_key=ABCDEFGHIJKLMNOPABCDEFGHIJKLMNOP
The provider block for the environment variables and shared credentials file we will need only to specify the attribute region in the configuration file
provider "aws" {
region = "us-east-1"
}
In the resource block, the ami attribute is the id of the instance, this instance must be in the same region we added above. The instance_type is the type of instance we will create. The final configuration file will look like this example
provider "aws" {
region = "us-east-1"
}
resource "aws_instance" "example" {
ami = "ami-1122334455667788"
instance_type = "t2.micro"
}
The first step is to run the command init to download the plugin provider
terraform init
After we run the command we will see the message Terraform has been successfully initialized!. The next step is to create an execution plan using the command plan.
terraform plan
The Terraform apply command is used to build or make changes to reach the desired state of the configuration
terraform apply
The command Terraform destroy is used to destroy the Terraform-managed infrastructure. It will will delete all resources declared in the configuration file, so in case we need to destroy only some resources we can just delete the specific resource in the file and run terraform apply so Terraform will check the state differences and make the changes.
terraform destroy
Conclusion
This was a quick overview of the Terraform fundamentals. You can find more information about providers, resources, data sources, modules, state, variables and documentation in the following links:
- AWS Provider: https://registry.terraform.io/providers/hashicorp/aws/latest/docs and https://learn.hashicorp.com/tutorials/terraform/aws-build
- AWS cli configuration files: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html
- Terraform Docker container: https://hub.docker.com/r/hashicorp/terraform/