Infrastructure as Code with
AWS and Terraform
Infrastructure as Code with AWS and Terraform
ObjectiveThis blog serves as a brief introduction to what Infrastructure as Code is, as well as how to get started using it with Terraform. Although Terraform can be used with many cloud providers, the blog focuses particularly on deploying entire stack of AWS resources for deploying application with a database connected to it.
Infrastructure as code
It is a powerful infrastructure as code (IaC) tool enables us to safely and predictably create, change, and improve infrastructure. It is an open-source tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.
Advantages of Terraform for cloud provisioningThe Selection of Terraform as a tool for cloud provisioning is decided after taking various aspects into consideration. A few of which to be mentioned are:
Terraform workflowThe core Terraform workflow has three steps:
Getting started with terraform and provisioning infrastructure
To get started with Terraform, download and install the Terraform command line. Then create a directory to store the infrastructure code.
Process required for provisioning infrastructure
A. Connecting terraform with AWS cloud:
B. Creating Infrastructure on the cloud to deploy application and database behind it:
A. Connecting terraform with AWS cloud
B. Creating Infrastructure on the cloud to deploy application and database behind it
Step 1Writing the configuration files mentioning the AWS provider and resources required to build the infrastructure, the following resources are being used:
- Here we are using, Static credentials these can be provided by adding an access_key and secret_key in-line in the AWS provider block.
- Create a file with the provider configuration (Terraform files have the .tf extension)
Writing the configuration files mentioning the AWS provider and resources required to build the infrastructure, the following resources are being used:
1. Virtual Private Cloud (VPC)
A VPC is a virtual private network that can be used to logically separate cloud resources. development and production. First, we’ll define the VPC in the “main.tf” file:
Resources: aws_vpc and its required arguments
Like the VPC, the subnet is used to logically separate cloud resources but inside VPC. Modify the configuration file to add two subnets:
- Public subnet: To deploy the application
- Private subnet: To place the database
In the configuration file, we need to add the resource “aws_subnet” and define the arguments like VPC ID using a reference from the other resource.
3. IGW , NAT, Routetable:
- To make the public subnet addressable by the Internet, we need an Internet Gateway, and a private subnet is inaccessible to the internet hence can be accessed through NAT gateway.
- The route table is used to determine the network traffic from subnet or gateway is directed
Resources: aws_internet_gateway, aws_nat_gateway, aws_route_table.
- Two instances are created, one in a public subnet and the other in a private subnet, and a keypair is we need to create a key pair in order to connect to the instances via SSH.
- We need to give the same keypair to the instances present in the public subnet and private subnet, to get them connected with each other.
- Security group resource is created and attached to the instance to define the incoming and outgoing traffic to the instances.
Resources : aws_instance,aws_keypair,aws_security_group
Sample Terraform code snippet for creating EC2 instance:
- The first command that we need to use after writing the terraform configuration files is the ‘terraform init’ command it is used to initialize a working directory containing Terraform configuration files.
- This will download the correct provider plug-ins for the project.
- Once the resource files are created, use the plan action verify the creation process generate the plan action using the “terraform plan” command.
- The plan command lets you see what Terraform will do before actually doing it. This is a great way to sanity check your changes before unleashing them onto the world.
- The output of the plan command is a little like the output of the diff command: resources with a plus sign (+) are going to be created, resources with a minus sign (-) are going to be deleted, and resources with a tilde sign (~) are going to be modified in-place.
- To actually create the instance, run the terraform apply command.
- You’ll notice that the apply command shows you the same plan output and asks you to confirm if you actually want to proceed with this plan. So while plan is available as a separate command, it’s mainly useful for quick sanity checks and during code reviews, and most of the time you’ll run apply directly and review the plan output it shows you.
- Apply the plan to provision reproducible infrastructure using “terraform apply”
Finally, the whole infrastructure has been provisioned on the AWS cloud using the tool Terraform. Now, Terraform helps with infrastructure as code and automation could be completed in a quick and efficient manner.