starting from the nugget on linux academy https://linuxacademy.com/cp/nuggets/view/id/124
Terraform works like cloud formation but it can creates in multiple providers not only aws
Editor
Documentation
My articles about terraform
- Introduction to Terraform Modules https://linuxacademy.com/cp/socialize/index/type/community_post/id/12369
- A complete AWS environment with Terraform https://linuxacademy.com/cp/socialize/index/type/community_post/id/13922
Tips and Tricks
very nice article, all the website is anyway full of terraform info
https://blog.gruntwork.io/terraform-tips-tricks-loops-if-statements-and-gotchas-f739bbae55f9#.1aa1e6lk4
Windows Installation
Configuration Documentation Section
In my opinion before starting to write tons of lines code it is a good idea understand some basic terraform code concepts
Terraform Configuration Documentation Section
COMMANDS (CLI)
Terraform and auth0
I didn't succeed on this yet:
- https://community.auth0.com/t/auth0-terraform-provider/11780
- https://github.com/alexkappa/terraform-provider-auth0
- https://hceris.com/setting-up-auth0-with-terraform/
STATE
https://www.terraform.io/docs/state/index.html
terraform create a state file on your local this obsiosly can be a problem when you work as a team. You need to save your state in a remote repos, there is the atlas commercial solution created by them or you can upload on s3, artifactory, azure ecc
MODULES
Run Terraform inside a lambda
fantastic idea from this video https://www.youtube.com/watch?v=EbLhfiXVP6Q minute 23
there is a github project here https://github.com/wellcometrust/terraform-lambda
don't forget that lambda run max for 5 minutes
Syntaxt Summary and examples
- AWS syntax documentation https://www.terraform.io/docs/providers/aws/
- many examples https://github.com/hashicorp/terraform/tree/master/examples
- the whole vpc creation from zero https://www.airpair.com/aws/posts/ntiered-aws-docker-terraform-guide
- My Syntax
simple machine
Run terraform inside codebuild
- base starting point https://ruempler.eu/2017/02/26/continuous-infrastructure-delivery-pipeline-aws-codepipeline-codebuild-terraform/
- my working solution posted at the end of this group https://groups.google.com/forum/#!msg/terraform-tool/HzlVvGTLg6g/QWt6lVi2CQAJ
Filter what is changed and what is not
you can use landscape and install it from here https://github.com/coinbase/terraform-landscape
or a regular expression in atom
^.*\"(.*)\" => \"(\1)\"$\n
replacing what this match with empty
Terraform 0.12 updates
Here a list of articles with all the new update and syntax for terraform 0.12
- https://www.hashicorp.com/blog/terraform-0-1-2-preview/
- https://www.hashicorp.com/blog/announcing-terraform-0-12/
- https://www.hashicorp.com/blog/hashicorp-terraform-0-12-preview-for-and-for-each/
- https://www.hashicorp.com/blog/terraform-0-12-preview-first-class-expressions/
- https://www.hashicorp.com/blog/terraform-0-12-conditional-operator-improvements/
complex policy contructur
variable "teams_minus_red" { default = ["blue","green"]}
# this tags come from https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonrds.html
locals {
mytags = {
1 = "ec2:ResourceTag/service"
2 = "rds:subgrp-tag/service"
3 = "rds:es-tag/service"
4 = "rds:snapshot-tag/service"
5 = "rds:secgrp-tag/service"
6 = "rds:pg-tag/service"
7 = "rds:og-tag/service"
8 = "rds:db-tag/service"
9 = "rds:cluster-tag"
10 = "rds:cluster-pg-tag"
11 = "rds:cluster-snapshot-tag"
12 = "rds:ri-tag"
}
}
data "aws_iam_policy_document" "deny_all_except_red" {
dynamic "statement" {
for_each = local.mytags
content {
actions = ["*"]
resources = ["*"]
effect = "Deny"
condition {
test = "StringLike"
variable = statement.value
values = var.teams_minus_red
}
}
}
}
Terraform in a Pipeline
I did a project to check the Terraform state and send an email if there are unexpected changes with python and codebuild. It was wonderful I should publish soon or later.
Anton Babenko Pipeline
It is possible to find 2 conferences in youtube when it talks a lot also about Terraform in general here the slides of it
- 2017 https://www.slideshare.net/AntonBabenko/terraform-in-deployment-pipeline
- 2018 https://www.slideshare.net/AntonBabenko/gotchas-using-terraform-in-a-secure-delivery-pipeline
In the end, he uses Atlantis https://www.runatlantis.io/ and Circle CI, he didn't show how to configure in the 2018 conference but only how to use it. I didn't like it so much I was looking for something more detailed.
In the slides, there are also some useful suggest tools to use it. It was more useful for people that want to start to use Terraform.
Here there is the code for the pipeline https://github.com/antonbabenko/terraform-deployment-pipeline-talk
Atlantis
It can run inside a Fargate Cluster I have tested using the module of Anton Babenko successfully probably with this module https://registry.terraform.io/modules/terraform-aws-modules/atlantis/aws/2.5.0
There is also another one from CloudPose here https://registry.terraform.io/modules/cloudposse/ecs-atlantis/aws/0.14.0
reddit comment about CI and Atlantis
https://www.reddit.com/r/devops/comments/cakyfp/psa_love_terraform_love_cicd_you_want_to_run/
Terraform Cloud
- September 2019 Terraform released Terraform cloud free https://www.hashicorp.com/blog/announcing-terraform-cloud/ probably it comes because they hired Atlantis developer and bought the project https://medium.com/runatlantis/joining-hashicorp-200ee9572dc5
All inside gitlab ci
Interesting tutorial if you want to run your terraform inside the gitlab ci/cd without any integration with the Terraform Cloud.
https://www.youtube.com/watch?v=G7JOjI6V3AY
Terraform Inside Jenkins
You can use it inside Jenkins, in Linux Academy, they dedicate 1 chapter to this call
«Using Terraform in a CI/CD Environment»
Inside the course https://linuxacademy.com/course/managing-applications-and-infrastructure-with-terraform/