Managing AWS Using Terraform AWS Atlanta 2018-07-18

Managing AWS using Terraform
Given by Derek C. Ashmore
AWS Atlanta
July 18, 2018
©2018 Derek C. Ashmore, All Rights Reserved 1

Who am I?
• Professional Geek
since 1987
• Java/J2EE/Java EE
since 1999
• AWS since 2010
• Specialties
• Cloud
Workshops
• Cloud-native
Applications
• Yes – I still code!

Discussion Resources
• This slide deck
– http://www.slideshare.net/derekashmore
• Example Terraform project on my GitHub
– https://github.com/Derek-Ashmore/terraform-hands-on-lab
• Slide deck has hyper-links!
– Don’t bother writing down URLs

Agenda
Introduction
Terraform
Basics
Terraform
Competitors
Terraform
with Teams
Summary /
Q&A

Infrastructure as Code
• Manual changes
– Increase errors
– Increase unwanted differences
between environments
– Increase admin workload
• Scripted/Coded changes
– Larger upfront cost, but…..
– Less busywork
– Leverage Others Work
– Decreases Errors
– Errors fixed in one place
– Eliminates unwanted differences
– Change history (with source control)

Terraform
• Cloud Management
– Open Source
• Very active community
– Extensible to any cloud vendor
• AWS, Azure, GCP, AliCloud, Digital Ocean, OpenStack
– Supported for Cloud Support products
• Chef, Consul, Kubernetes, Datadog
• 62 Providers as of April, 2017 and growing

Agenda
Introduction
Terraform
Basics
Terraform
Competitors
Terraform
with Teams
Summary /
Q&A

Terraform Basics
• Declarative Programming Paradigm
– Describe what the end product contains
• Terraform figures out how to get there
• Like SQL
– Terraform Resources
• Describes deployed artifacts
– Network  Virtual Networks, Subnets, Network ACLs, Gateways, ELB/ALB
– Hosts  Virtual Machines, Databases
– Security  Security groups/policies/roles/groups/users
– Much more

Terraform Basics (con’t)
• Coding Statement Order
– All *.tf files loaded  Terraform decides execution order
– No GUI  All command line and text editor
• Top Commands
– Terraform plan  Describes planned changes
– Terraform apply  Makes planned changes
– Terraform taint  Forces re-creation of a resource
– Terraform destroy  deletes all resources
– Terraform refresh  shows configuration drift

Terraform Resources
• AWS Subnet Resource
– Count = 3  Three subnets created
– Availability Zones come from a data source (lookup)
– CIDR blocks are input variables
• Sample source

Terraform Data Sources
• Example Data Sources (lookups)
• Sample source

Terraform Providers
• Example Provider
• Sample AWS source
• Azure Provider

Terraform Input Variables
• Example Provider
• Sample source

Reusing Terraform Templates
• Example Template Reuse
• Sample source

Typical Project Structure

Terraform State
• Terraform stores state
– Local file terraform.tfstate
• Teams need to manage state centrally
– Terraform Backends
• Locks so that only one person at a time can update
• Remote storage
– S3, Azure containers, Google cloud storage, etc.

Agenda
Introduction
Terraform
Basics
Terraform
Competitors
Terraform
with Teams
Summary /
Q&A

Terraform vs. Ansible/Chef
• Terraform designed for infrastructure
– Not designed for configuration management
– Terraform deploys images
• Not good at maintaining what’s on those images
• If deployments update existing VMs
– You need Ansible, Chef, or Puppet
• If deployments are “new” VMs
– Terraform can handle deployments too

Paradigm Shift
• Deployment as new infrastructure
– New version  new VMs
• Software versions baked into images
– Advantages
• Facilitates Canary Deployments
– Route53 Routing Policies
• Go-live operation has less risk
– Deploy/Backout is just a load balancer switch
– Disadvantages
• More moving parts
• Impossible to do manually

Terraform vs CloudFormation
Terraform
• Scripting skills translate to Azure,
Google Cloud, etc.
• Less verbose (>50%)
• Data Lookups
• Custom Plug-ins possible
• Active Community Support
• Configuration Drift Detection
(‘refresh’)
CloudFormation
• Quicker to follow AWS enhancements
• GUI support
• Automatic centralized state
• Vendor Support

Agenda
Introduction
Terraform
Basics
Terraform
Competitors
Terraform
with Teams
Summary /
Q&A

Terraform with Multiple Admins
• State Management
– Backends
• Terraform Enterprise Enhancements
– Collaboration
– Security
– Audit History

Managing Terraform State
• Terraform State
– JSON format
– File terraform.tfstate
(Default)
• Backend Options
– S3 Bucket
– Azure
– Terraform Enterprise
– Many more……

Managing State using S3
• S3 as a Backend
– Requires bucket name, key, region
• Key == folder name within bucket
• S3:ListBucket, GetObject,
PutObject
– Supports Encryption
• You provide KMS key
– Locks using DynamoDB table
• Primary Key = LockID
– Supports Assuming IAM Role
• Best Practices
– Turn on versioning!
– Establish Naming Convention
• Clearly identify environment, terraform
project used.
– Configure back-end in
implementation projects, not re-
used modules.

Terraform Enterprise Add-Ons
• “Jenkins” for Infrastructure build-outs
– Provides non-command line UI
– Terraform runs on central server
• Laptop install not required
– Provides automatic audit history and output from previous runs
– User security by Workspace
– Workspaces associated with
• AWS Keys (integration with HashiCorp Vault)
• back-end configuration

Further Reading
• This slide deck
– http://www.slideshare.net/derekashmore
• The Gruntwork Blog
– https://blog.gruntwork.io/

Questions?
• Derek Ashmore:
– Blog: www.derekashmore.com
– LinkedIn: www.linkedin.com/in/derekashmore
• Connect Invites from attendees welcome
– Twitter: https://twitter.com/Derek_Ashmore
– GitHub: https://github.com/Derek-Ashmore
– Book: http://dvtpress.com/

Managing AWS Using Terraform AWS Atlanta 2018-07-18

More Related Content

What's hot (6)

Similar to Managing AWS Using Terraform AWS Atlanta 2018-07-18 (20)

Recently uploaded (20)

Managing AWS Using Terraform AWS Atlanta 2018-07-18