Terraform training 🎒 - Basic

Live
Terraform in 45 min
By Brainboard’s team

Chafik, CEO & Founder
@Brainboard
Engineer, +15 years of experience.
Former CTO @Scaleway

Brainboard
Visually build & manage cloud infrastructures.

Objective of the training
✅ Learn how to manage cloud infrastructures with Terraform.
No theory

What you will learn
1. How Terraform works
2. Syntax (HCL)
3. Configuration
4. Resources
5. Data sources
6. Modules
7. Inputs (variables) & outputs
8. Functions
9. Scenarios / use cases
10. How to handle post provisioning actions

IaC - Infrastructure as Code
Applying code principles into the infrastructure.

Life with code
After
Specs Delivered
infrastructure
Code
Deployment
workflow
Before
Design Code Test Review Validate
Document
Few minutes to deploy
Days, weeks or months

How Terraform works ⚙️ mechanics
Installation: binary or docker image
Use: CLI
terraform ${action(s)}
Language: HCL
using Terraform = writing HCL code (you can use json)
How: describing the final cloud architecture state you want to achieve. Not the how-
to.
Wrapper on cloud providers APIs:
1. Terraform the binary
https://github.com/hashicorp/terraform
1. Cloud provider: providing a set of resources (not only cloud providers) AWS,
Azure, Datadog…
https://github.com/hashicorp/terraform-provider-aws → https://registry.terraform.io/providers/hashicorp/aws/latest/docs

Some of the most used subcommands:
terraform init
terraform apply
terraform destroy
terraform validate
terraform fmt
terraform state list | show

Refresh
Save
.tf files
Saved plan
Configuration files
tfstate file
Cloud providers
(APIs)
Cloud
infrastructure State
to achieve
Compare
changes
Preflight
checks
create
destroy
destroy & recreate
update

Syntax (HCL) 📝
Declarative → describing the final state
Supported files: .ft and .tf.json
Combine all files as a single document (root module, you are always using modules)
Everything is a block
<BLOCK TYPE> "<BLOCK LABEL>" "<BLOCK LABEL>" { #comment
# Block body
// comment
<IDENTIFIER> = <EXPRESSION> # Argument
}
Identifiers: letters, digits, underscores (_), and hyphens (-).
The first character must not be a digit.
Styling: terraform fmt

Configuration 📌
Types of configuration:
1. Terraform:
Version
Env variables
Remote backend
1. Cloud provider
Credentials / authentication
Specific params
Versions
1. The environment that will provision the infrastructure using Terraform
How files & folders are organized 🔥
- Files
- Environments

Configuration 📌
Goal: Having a structure that eases maintenance (for all teams) + readability
Obvious ones:
variables.tf
outputs.tf
main.tf
providers.tf
versions.tf
Terraform files: KISS it (Keep It Simple, Stupid)
- Infrastructure logic
database.tf → database / main.tf
compute.tf → compute / main.tf
network.tf → network / main.tf
loadbalancer.tf → loadbalancer / main.tf
- Application logic
backend.tf → backend / main.tf
frontend.tf → frontend / main.tf
microservice1.tf → microservices |- microservice1.tf
microservice2.tf → |- microservice2.tf

Configuration 📌
Environments:
- Git branches (infra repo)
- Terraform workspaces
- Separate folders
- Brainboard environments
App / Infra
Dev Production
Staging

Configuration 📌
Considerations:
- How to promote architectures from one environment to another?
- How to share / scope variables?
- How to manage secrets?
- How to manage cloud provider credentials?
- How tfstate files are managed?
- Who is authorized to do changes?

Questions 🙋♂️🙋♀️

Resources 🧱
Resources = cloud infrastructure object with given settings.
resource <NAME> {
# Configuration
}
2 categories:
1. Belonging to a cloud provider: provided by the cloud provider plugin.
Format: cloud_provider.name_of_resource
aws_vpc, aws_subnet, azurerm_resource_group, google_cloudfunctions_functions
1. Native (Hashicorp providers)
random_password
local_file
dns
https
null_resource

Providers ▶️
- It’s a plugin, downloaded during terraform init
- It provides both resources and data sources
- You can pin the version and provide the source to fetch the provider
👉 Terraform assumes latest as the version if not provided and namespace
hashicorp/provider_name
⚠️ Third-party providers may have confusing namespace
jfrog/artifactory
- Support alias for specific configurations
- required_providers

Resources 🧱
Type (provider)
Cloud information
Meta argument
Post deployment
Anatomy
Actions Attributes
- Create
- Destroy
- Update
- Destroy &
recreate
- Id
- ARN
- Specific

Resources 🧱
Execution: parallel creation of resources, that’s why you may need to specify
dependencies
Exported attributes: resources has attributes, some of them are accessible.
<RESOURCE TYPE>.<NAME>.<ATTRIBUTE>
Meta argument
depends_on
count (index) it’s an array starting at 0
for_each (each) it’s key, value for every attribute
provider
lifecycle

Data sources
Usage: provide information defined outside of Terraform.
data.<DATA TYPE>.<SOURCE>.<ATTRIBUTE>
It can be local actions. For e.g. local_file
Support dependencies
Has meta argument

Modules
What: containers of resources
Root: always there
Childs: local or remote from public or private registry
It’s also a resource, so a block, it supports meta argument 😀
module <NAME> {
# Block
}
Source: mandatory argument.
Version: can be provided for pinning.
Output: make the encapsulated resources' information accessible.

Live
Learn Terraform in 45 min
By Brainboard’s team
(Focus: Variables)

Objective of the training today
✅ Learn everything about Terraform variables and how to use them.

What you will learn
1. How variables works and their types
2. CLI & environment variables
3. Locals
4. How to use variables
5. Variables in CI/CD
6. Secrets
7. Best practices

Variables & locals
Input: means variables
It’s… a block 😀
variable <NAME> {
# Block
}
Arguments
type can be:
1/ string, number, bool.
2/ list, tuple, map, object, set.
3/ any 😀
👉 you can combine types
default if present, the variable is optional
description
validation conditions to accept the variable
sensitive hidden from logs & outputs
nullable can be null or not?
💡Tips
- Start with the simplest form possible and add
constraints organically.
- Use Terraform function
- sensitive is also a Terraform function

Variables’ values
Where do we put the values then?
1. In a file:
- terraform.tfvars (terraform.tfvars.json)
- *.auto.tfvars (*.auto.tfvars.json)
2. Command line “-var=’value_1’”
3. Environment variables TF_VAR_*
💡Tips
- Avoid vars in command line if possible
- Pick one method and use it, don’t mix
- Usually *.tfvars is the best way
4. Internal variables:
module.<NAME>.<OUTPUT>
path.module
count.index
each in for_each

Precedence
Env vars
terraform.tfvars
*.auto.tfvars
Command line
💪💪💪💪
💪💪💪
💪💪
💪

Variables in CI/CD
Best practices:
- Never put the values of variables in the *.tf
- Never commit the *.tfvars to git
- Using terraform.tfvars or *.auto.tfvars in your workflow is more useful for
complex structures
- Naming variables is extremely important
variables.tf = containers of the variables vs *.tfvars that are real values

Locals
local: is more like an alias to an expression (that may include variables)
It’s… a block 😀 but a whole block
locals {
cidr = var.cidr
}
💡Tips
- Are extremely flexible compared to vars
- Use it as an alias to access repeatedly the same expression
- Central place for repeated expressions
- Don’t confuse them with variables

Secrets
Secrets should be treated as secrets:
- Lifecycle
- Fetched from an external source
- Should be revoked easily
- Blast radius of a secret
- Secrets ≠ variables
- It’s better to use a vault (Vault, KMS, Azure Key Vault…)
- Use Terraform vault provider to use them

Join our Slack Community 🙋♂️🙋♀️
https://join.slack.com/t/brainboard-community/shared_invite/zt-19hmgmc92-MixDFmaADwxexAPSa5N~pg

Terraform training 🎒 - Basic

More Related Content

What's hot (20)

Similar to Terraform training 🎒 - Basic (20)

Recently uploaded (20)

Terraform training 🎒 - Basic

Editor's Notes