Terraform

Agenda
• What is infrastructure as a code (Iac)?
• What is Terraform
• Why Terraform?
• How Terraform works?
– Terraform core
– Terraform plugins
• Installation
• Terraform concepts

2 Saturday, April 03, 2021

C2 General
 What is infrastructure as a code?

• Infrastructure as Code (IaC) is the management of infrastructure (networks, virtual

machines, load balancers, and connection topology) in a descriptive model, using
the same versioning as DevOps team uses for source code. Like the principle that
the same source code generates the same binary, an IaC model generates the
same environment every time it is applied.

• Idempotence is a principle of Infrastructure as Code. Idempotence is the property

that a deployment command always sets the target environment into the same
configuration, regardless of the environment’s starting state

3 Saturday, April 03, 2021

C2 General
 What is Terraform?
• Terraform is a tool for building, changing, and versioning infrastructure safely and
efficiently. Terraform can manage existing and popular service providers as well as
custom in-house solutions.
• Open source
• Mozila public license 2.0
• Created by Hashicorp
• Started in 2014
• Written in Go

4 Saturday, April 03, 2021

C2 General
 why Terraform?
• lets you define infrastructure in config/code and will enable you to rebuild/change
and track changes to infrastructure with ease. Terraform provides a high-level
description of infrastructure.
• is the only sophisticated tool that is completely platform agnostic as well as
supports other services while there are a few alternatives, but they are focused on a
single cloud provider.
• enables you to implement all kinds of coding principles like having your code in
source control, the ability to write automated tests, etc
• has a lively community and is open source; there is a massive community
developing around this tool
• speed and operations are exceptional. One cool thing about Terraform is, it’s plan
command lets you see what changes you’re about to apply before you apply them..

5 Saturday, April 03, 2021

C2 General
 How Terraform works?

• Terraform is logically split into two main parts: Terraform Core and Terraform Plugins.
Terraform Core uses remote procedure calls (RPC) to communicate with Terraform Plugins,
and offers multiple ways to discover and load plugins to use.

6 Saturday, April 03, 2021

C2 General
 Terraform core

• Terraform Core is a statically-compiled binary written in the Go programming language. The

compiled binary is the command line tool (CLI) terraform, the entrypoint for anyone using
Terraform. The code is open source and hosted at github.com/hashicorp/terraform.

• The primary responsibilities of Terraform Core are:

– Infrastructure as code: reading and interpolating configuration files and modules
– Resource state management
– Construction of the Resource Graph
– Plan execution
– Communication with plugins over RPC

7 Saturday, April 03, 2021

C2 General
 Terraform plugins
• Terraform Plugins are written in Go and are executable binaries invoked by Terraform Core
over RPC. Each plugin exposes an implementation for a specific service, such as AWS, or
provisioner, such as bash. All Providers and Provisioners used in Terraform configurations are
plugins. They are executed as a separate process and communicate with the main Terraform
binary over an RPC interface.
• Terraform Plugins are responsible for the domain specific implementation of their type.
• The primary responsibilities of Provider Plugins are:
– Initialization of any included libraries used to make API calls
– Authentication with the Infrastructure Provider
– Define Resources that map to specific Services
• The primary responsibilities of Provisioner Plugins are:
– Executing commands or scripts on the designated Resource after creation, or on destruction.

8 Saturday, April 03, 2021

C2 General
Terraform installation
Terraform concepts
 providers
• Terraform is used to create, manage, and update infrastructure resources such as
physical machines, VMs, network switches, containers, and more. Almost any
infrastructure type can be represented as a resource in Terraform.
• A provider is responsible for understanding API interactions and exposing
resources. Providers generally are an IaaS (e.g. Alibaba Cloud, AWS, GCP,
Microsoft Azure, OpenStack), PaaS (e.g. Heroku), or SaaS services (e.g. Terraform
Cloud, DNSimple, Cloudflare).

provider "aws" {
version = "~> 2.0“
region = "us-east-1"
}

11 Saturday, April 03, 2021

C2 General
 init
• The terraform init command is used to initialize a working directory containing
Terraform configuration files. This is the first command that should be run after
writing a new Terraform configuration or cloning an existing one from version
control. It is safe to run this command multiple times.

terraform init [options] [DIR]

12 Saturday, April 03, 2021

C2 General
 plan
• The terraform plan command is used to create an execution plan. Terraform
performs a refresh, unless explicitly disabled, and then determines what actions are
necessary to achieve the desired state specified in the configuration files.

• This command is a convenient way to check whether the execution plan for a set of
changes matches your expectations without making any changes to real resources
or to the state.

terraform plan [options] [dir]

13 Saturday, April 03, 2021

C2 General
 apply
• The terraform apply command is used to apply the changes required to reach the
desired state of the configuration, or the pre-determined set of actions generated by
a terraform plan execution plan.

terraform apply [options] [dir-or-plan]

14 Saturday, April 03, 2021

C2 General
 State file
• Terraform must store state about your managed infrastructure and configuration.
This state is used by Terraform to map real world resources to your configuration,
keep track of metadata, and to improve performance for large infrastructures.

• This state is stored by default in a local file named "terraform.tfstate", but it can also
be stored remotely, which works better in a team environment.

15 Saturday, April 03, 2021

C2 General
 State command
• The terraform state command is used for advanced state management. As your
Terraform usage becomes more advanced, there are some cases where you may
need to modify the Terraform state. Rather than modify the state directly,
the terraform state commands can be used in many cases instead.

• This command is a nested subcommand, meaning that it has further subcommands.

These subcommands are listed to the left.

terraform state <subcommand> [options] [args]

16 Saturday, April 03, 2021

C2 General
 graph command
The terraform graph command is used to generate a visual representation of either a
configuration or execution plan. The output is in the DOT format, which can be used
by GraphViz to generate charts.

terraform graph | dot -Tsvg > graph.svg

17 Saturday, April 03, 2021

C2 General
 fmt command
The terraform fmt command is used to rewrite Terraform configuration files to a
canonical format and style. This command applies a subset of the Terraform
language style conventions, along with other minor adjustments for readability.

terraform fmt [options] [DIR]

18 Saturday, April 03, 2021

C2 General
 Import command

• Terraform is able to import existing infrastructure. This allows you take resources
you've created by some other means and bring it under Terraform management.

• This is a great way to slowly transition infrastructure to Terraform, or to be able to be

confident that you can use Terraform in the future if it potentially doesn't support
every feature you need today.

terraform import [args]

19 Saturday, April 03, 2021

C2 General
 destroy
• The terraform destroy command is used to destroy the Terraform-managed
infrastructure.

terraform destroy [options] [dir]

20 Saturday, April 03, 2021

C2 General
 variables
• Input variables serve as parameters for a Terraform module, allowing aspects of the
module to be customized without altering the module's own source code, and
allowing modules to be shared between different configurations.

• When you declare variables in the root module of your configuration, you can set
their values using CLI options and environment variables.

variable "image_id" {
type = string
}

21 Saturday, April 03, 2021

C2 General
 Variables definition files .tfvars

• To set lots of variables, it is more convenient to specify their values in a variable

definitions file (with a filename ending in either .tfvars or .tfvars.json) and then
specify that file on the command line with -var-file

terraform apply -var-file="testing.tfvars"

22 Saturday, April 03, 2021

C2 General
 Workspaces & environments
• Terraform starts with a single workspace named "default". This workspace is special
both because it is the default and also because it cannot ever be deleted. If you've
never explicitly used workspaces, then you've only ever worked on the "default"
workspace.

Workspaces are managed with the terraform workspace set of commands. To create
a new workspace and switch to it, you can use terraform workspace new; to switch
workspaces you can use terraform workspace select; etc.

23 Saturday, April 03, 2021

C2 General
 output
• Output values are like the return values of a Terraform module, and have several
uses:
– A child module can use outputs to expose a subset of its resource attributes to a parent module.
– A root module can use outputs to print certain values in the CLI output after running terraform apply.
– When using remote state, root module outputs can be accessed by other configurations via a
terraform_remote_state data source.

• Resource instances managed by Terraform each export attributes whose values can
be used elsewhere in configuration. Output values are a way to expose some of that
information to the user of your module.

output "instance_ip_addr" {
value = aws_instance.server.private_ip
} 24 Saturday, April 03, 2021
C2 General
 provisioners
• Provisioners can be used to model specific actions on the local machine or on a
remote machine in order to prepare servers or other infrastructure objects for
service.

resource "aws_instance" "web" {

# ... provisioner "local-exec" {
command = "echo The server's IP address is ${self.private_ip}“
}
}

25 Saturday, April 03, 2021

C2 General
 Modules
• A module is a container for multiple resources that are used together.

• Every Terraform configuration has at least one module, known as its root module,
which consists of the resources defined in the .tf files in the main working directory.

• A module can call other modules, which lets you include the child module's
resources into the configuration in a concise way. Modules can also be called
multiple times, either within the same configuration or in separate configurations,
allowing resource configurations to be packaged and re-used.

26 Saturday, April 03, 2021

C2 General
Let’s write Terraform code
 • Configure provider
• Create vpc
• Create two subnets in the vpc
• Create two instances in each subnet
• Create security group and allow only https port in the inbound
• Output the private ips of the created instances
• Add provisioner printing private ip of each instance
• Destroy the environment

28 Saturday, April 03, 2021

C2 General
Thanks