You can use your current account but if you no longer have the free tier offers than running this workshop may cost more. We suggest using a new account as described here in order to get the free tier.
Currently, I have found no credits to help offset any potential costs to this lab. Most of what I will use is in the free tier. I will update any cost received with running this lab in under the span of an hour.
NOTE: In this lab we will be tearing down the infrastructure we will spin up. Be sure to double check that everything has been correctly torn down when you are down to ensure that you are not billed.
Now that we have our account set up we are going to do some basic security practices:
Begin by heading over to the Identity and Access Management (IAM) dashboard here. Here we will see five basic recommendations to lock down your account. The first one is completed for you. Activation MFA on your root account is up to you. We will start creating an IAM user for this workshop here.
1 ) Set your user details for this workshop. Make sure to check both Programmatic access and AWS Management Console access for this workshop. Once you understand Terraform you do not need console access (aka the web gui).
-
For permissions select
Attach existing policies directly
and then create policy. Select JSON and replace the default with what is in filepolicy.json
in themisc
folder. This will give our workshop user on the permissions needed to participate in this lab. -
No tags, review user, accept and then download the csv credentials.
-
Grab the AWS User sign in link for convenience. Looks like:
https://0497100681.signin.aws.amazon.com/console
-
Log into the console as your new user.
Lastly, before we proceed make sure that you select your working region dashboard us-west-2
Terraform is distributed as a single Golang binary. Install Terraform by unzipping it and moving it to a directory included in your system's PATH .
Instructions for installing Terraform binary can be found here.
~ Alterative install method
For those on Mac with brew: brew install terraform
For those on Linux with brew: brew install terraform
Test out your install with terraform -v
Incase you have not grabbed the code we are going to work with today, do so now.
git clone https://github.com/San-Jose-Technology-Group/Terraform_Workshop.git
In our workshop folder create a file called terraform.tfvars
and add your access key and secret key for your IAM user that we created:
access_key = "YOUR_ACCESS_KEY"
secret_key = "YOUR_SECRET_KEY"
Last step is to create a key pair to allow you to ssh into the system. Navigate to the EC2 dashboard and select Key Pair or use this link. Create a Key Pair, give it a name and download it.
Give your key pair proper permissions with chmod 600 your-ec2-keypair.pem
We will be using ssh key forwarding to move from our bastion instance to our webserver. To learn more about this check our this article
So what is Terraform? Terraform is a high level language used to manage infrastructure. It does this using the Hashicorp language (HCL). You can use it to interact, manage or work with all sort of infrastructure through their supported providers. It allows a versioned method for maintaining infrastructure.
To get a sense of the providers that are supported checkout: Providers
What may be a surprise is that many of the providers would be thought of as you only using their dashboard but now you can have accountability and transparency for provider settings.
All infra is defined in a state file that can be store remotely.
Live version of syntax coverage.
Here are the commands we are going to cover in our live workshop today. For more information check the docs here.
apply Builds or changes infrastructure
destroy Destroy Terraform-managed infrastructure
fmt Rewrites config files to canonical format
graph Create a visual graph of Terraform resources
init Initialize a Terraform working directory
plan Generate and show an execution plan
show Inspect Terraform state or plan
taint Manually mark a resource for recreation
untaint Manually unmark a resource as tainted
validate Validates the Terraform files
version Prints the Terraform version
In today's workshop we will be covering Infrastructure as Code, a basic web Infrastructure, setting you web Infrastructure with Terraform and bringing it all together in order to give you the stepping stones to implement your own Infrastructure as Code.
We will be deploying a photo gallery web app in Go. This can be found, learned and built over at https://www.usegolang.com/
Live version of architecture coverage.
Here is a scary version of our Terraform Graph
Here is a more palatable version!
Live version of code coverage.
To deploy the architecture, all that needs to be done is to run ./launch.sh
.
Be aware that this infrastructure does not use secure endpoints. If deploying for a real application you need to (at the very least) set up https on the load balancer and restrict traffic to the webservers from only the load balancer. We do not do this today so no one needs to come with a domain name and can deploy this infra with single script.
When you are done be sure to run terraform destroy
and confirm with yes
to remove the infrastructure that was deployed. FAILING TO DUE THIS CAN INCUR UNWANTED CHARGES!