Infrastructure as Code with
AWS and Terraform
Objective
This blog serves as a brief introduction to what Infrastructure as Code is, as well as how to get started using it with Terraform. Although Terraform can be used with many cloud providers, the blog focuses particularly on deploying entire stack of AWS resources for deploying application with a database connected to it.
Infrastructure as code
- “Infrastructure as Code” (IAC) enables us to describe our infrastructure and applications in source code
- In many modern environments, infrastructure also includes more complex services or Software-as-a-Service (SaaS) products delivered by third parties such as DNS, Content Delivery Networks (CDN), databases, job scheduling, queues, and monitoring.
- To fully realize the promise of IAC, we see tools that cater for these building blocks and integrate with some of the existing tools to bridge into managing operating systems and applications.
- One of those tools: Terraform.
Terraform
It is a powerful infrastructure as code (IaC) tool enables us to safely and predictably create, change, and improve infrastructure. It is an open-source tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.
Advantages of Terraform for cloud provisioning
The Selection of Terraform as a tool for cloud provisioning is decided after taking various aspects into consideration. A few of which to be mentioned are:- Orchestration, not merely configuration
- Improved multi-cloud infrastructure deployment
- Automated infrastructure management
- Infrastructure as code
- Reduced time to provision
- Declarative, not procedural code
Terraform workflow
The core Terraform workflow has three steps:- Write - Author infrastructure as code.
- Plan - Preview changes before applying.
- Apply - Provision reproducible infrastructure.
Getting started with terraform and provisioning infrastructure
To get started with Terraform, download and install the Terraform command line. Then create a directory to store the infrastructure code.
Process required for provisioning infrastructure
A. Connecting terraform with AWS cloud:
B. Creating Infrastructure on the cloud to deploy application and database behind it:
Prerequisites
- AWS Account
- User-Created in the AWS with Programmatic Access
- The access key and secret key of the user
A. Connecting terraform with AWS cloud
- The Amazon Web Services (AWS) provider is used to interact with the many resources supported by AWS.
- The provider needs to be configured with the proper credentials.
- The AWS provider offers a flexible means of providing credentials for authentication the following are few methods which are supported:
- Static credentials
- Environment variables
- Shared credentials/configuration file
- Code Build, ECS, and EKS Roles
- EC2 Instance Metadata Service (IMDS and IMDSv2)
B. Creating Infrastructure on the cloud to deploy application and database behind it
Step 1
Writing the configuration files mentioning the AWS provider and resources required to build the infrastructure, the following resources are being used:- Here we are using, Static credentials these can be provided by adding an access_key and secret_key in-line in the AWS provider block.
- Create a file with the provider configuration (Terraform files have the .tf extension)
Step 2
Writing the configuration files mentioning the AWS provider and resources required to build the infrastructure, the following resources are being used:
1. Virtual Private Cloud (VPC)
A VPC is a virtual private network that can be used to logically separate cloud resources. development and production. First, we’ll define the VPC in the “main.tf” file:
Resources: aws_vpc and its required arguments
2. Subnet
Like the VPC, the subnet is used to logically separate cloud resources but inside VPC. Modify the configuration file to add two subnets:
- Public subnet: To deploy the application
- Private subnet: To place the database
In the configuration file, we need to add the resource “aws_subnet” and define the arguments like VPC ID using a reference from the other resource.
3. IGW , NAT, Routetable:
- To make the public subnet addressable by the Internet, we need an Internet Gateway, and a private subnet is inaccessible to the internet hence can be accessed through NAT gateway.
- The route table is used to determine the network traffic from subnet or gateway is directed
Resources: aws_internet_gateway, aws_nat_gateway, aws_route_table.
4. Instance
- Two instances are created, one in a public subnet and the other in a private subnet, and a keypair is we need to create a key pair in order to connect to the instances via SSH.
- We need to give the same keypair to the instances present in the public subnet and private subnet, to get them connected with each other.
- Security group resource is created and attached to the instance to define the incoming and outgoing traffic to the instances.
Resources : aws_instance,aws_keypair,aws_security_group
Sample Terraform code snippet for creating EC2 instance:
Step 3
- The first command that we need to use after writing the terraform configuration files is the ‘terraform init’ command it is used to initialize a working directory containing Terraform configuration files.
- This will download the correct provider plug-ins for the project.
Step 4
- Once the resource files are created, use the plan action verify the creation process generate the plan action using the “terraform plan” command.
- The plan command lets you see what Terraform will do before actually doing it. This is a great way to sanity check your changes before unleashing them onto the world.
- The output of the plan command is a little like the output of the diff command: resources with a plus sign (+) are going to be created, resources with a minus sign (-) are going to be deleted, and resources with a tilde sign (~) are going to be modified in-place.
Step 5
- To actually create the instance, run the terraform apply command.
- You’ll notice that the apply command shows you the same plan output and asks you to confirm if you actually want to proceed with this plan. So while plan is available as a separate command, it’s mainly useful for quick sanity checks and during code reviews, and most of the time you’ll run apply directly and review the plan output it shows you.
- Apply the plan to provision reproducible infrastructure using “terraform apply”
Conclusion
Finally, the whole infrastructure has been provisioned on the AWS cloud using the tool Terraform. Now, Terraform helps with infrastructure as code and automation could be completed in a quick and efficient manner.