Terraform Workshop

This is the code for my Terraform Workshop.

Please note that I routinely make destructive changes (a.k.a git push -f) to this repository. If you wish to keep a copy around, I highly recommend you fork this, and git pull upstream judiciously.

Agenda

  • The place for, and benefits of "Everything as Code" alongside GitOps
  • Terraform's architecture
  • Terraform 101
    • Introduction to HCL
    • What are providers?
    • Initializing terraform and providers
  • Dive right in! Creating your first resource in AWS using Terraform
  • Understanding references, dependencies
  • apply-ing terraform
  • Using output and data in your terraform scripts
  • Variables and the HCL type-system
  • DRY with Terraform modules
  • Understanding how Terraform manages state
  • Using S3 as a backend
  • Collaboration using Terraform
  • Terraform ecosystem, testing, and GitOps
  • Closing arguments, final Q/A, discussion

Setup

AWS Account Setup

I HIGHLY recommend NOT using your company (assuming you have one) account credentials for this workshop. If you do not have a personal AWS account see below on how to set it up.

Secondly, if you already have an AWS account, then please make sure you have a Default VPC. If you do not have one, see this on how to create one.

  • If you don't already have an AWS account, head over to https://aws.amazon.com/ and create an account
    • NOTE — This account will have admin privileges, and you do not want to use this on a day-to-day basis! Store these credentials securely.
    • Please look over Security Best Practices in IAM and make sure you are following best practices here (Be sure to set up MFA as well)
  • Once you have done that (or if you already have an admin account), then you will need to create a special user that you will use for this workshop.
  • Log into the AWS Console using your admin credentials and follow the steps here
    • Be sure to check the Programmatic access and AWS Management Console access boxes on the first screen
    • For Step No.6 — Use the Attach existing policies directly tab and search for AdministratorAccess — Use that
    • (Optional) I generally Tag this user with something like Key = bot-user, Value = true
  • On the Success page capture
    • User
    • Access key ID
    • Secret access key
    • Password
    • AWS Management Console access URL (Looks something like https://641995674308.signin.aws.amazon.com/console)
    • Follow the AWS Management Console access URL and login — It will ask you to change your password. Do that.
    • Use your password manager, or wherever you store credentials, and tuck the User, Access key ID, Secret access key and Password away

Once again, save ALL credentials SAFELY!

I cannot emphasize this enough! Both the admin and the newly created user have the ability to create infrastructure on your behalf. Treat these with care!

Install Terraform

  • Follow the steps here

Clone this repository

  • Go to the location where you cloned this repository
  • Modify 0000-setup/main.tf and modify the provider block with your Access key ID and Secret access key like so
# Be sure to use "double-quotes" around your keys
provider "aws" {
  access_key = "YOUR_AWS_KEY_ID_HERE"
  secret_key = "YOUR_SECRET_ACCESS_KEY_HERE"
  region     = "us-east-1"
}
  • Go to the console, cd to /path/where/you/cloned/this/repo/0000-setup
  • Run terraform init
  • Run terraform apply
  • Terraform will ask if you are sure. Type yes
  • Go to https://console.aws.amazon.com/ec2/v2/home and you should see Running Instances 1
  • Go back to your console, and run terraform destroy — Again, at the prompt, type yes
  • Go back to https://console.aws.amazon.com/ec2/v2/home and you should see Running Instances 0