SlideShare une entreprise Scribd logo

Comprehensive Terraform Training

Yevgeniy Brikman
Yevgeniy Brikman

A comprehensive walkthrough of how to manage infrastructure-as-code using Terraform. This presentation includes an introduction to Terraform, a discussion of how to manage Terraform state, how to use Terraform modules, an overview of best practices (e.g. isolation, versioning, loops, if-statements), and a list of gotchas to look out for. For a written and more in-depth version of this presentation, check out the "Comprehensive Guide to Terraform" blog post series: https://blog.gruntwork.io/a-comprehensive-guide-to-terraform-b3d32832baca

Technologie
1  sur  148
Télécharger pour lire hors ligne
COMPREHENSIVE TRAINING TERRAFORM Taught by Gruntwork http://gruntwork.io
We’ve pre-written Terraform packages for the most common AWS components. We test, update, and support these packages. When a software team purchases a package, they get 100% of the source code. http://gruntwork.io Gruntwork
• Network Topology (VPC) • Monitoring and Alerting • Docker Cluster • Continuous Delivery Sample Packages http://gruntwork.io Gruntwork
Code samples: github.com/gruntwork-io/infrastructure-as-code-training
1. Intro 2. State 3. Modules 4. Best practices 5. Gotchas 6. Recap Outline
1. Intro 2. State 3. Modules 4. Best practices 5. Gotchas 6. Recap Outline
Terraform is a tool for provisioning infrastructure TERRAFORM
It supports many providers (cloud agnostic)
And many resources for each provider
You define resources as code in Terraform templates
provider "aws" { region = "us-east-1" } resource "aws_instance" "example" { ami = "ami-408c7f28" instance_type = "t2.micro" tags { Name = "terraform-example" } } This template creates a single EC2 instance in AWS
> terraform plan + aws_instance.example ami: "" => "ami-408c7f28" instance_type: "" => "t2.micro" key_name: "" => "<computed>" private_ip: "" => "<computed>" public_ip: "" => "<computed>" Plan: 1 to add, 0 to change, 0 to destroy. Use the plan command to see what you’re about to deploy
> terraform apply aws_instance.example: Creating... ami: "" => "ami-408c7f28" instance_type: "" => "t2.micro" key_name: "" => "<computed>" private_ip: "" => "<computed>" public_ip: "" => "<computed>” aws_instance.example: Creation complete Apply complete! Resources: 1 added, 0 changed, 0 destroyed. Use the apply command to apply the changes
Now the EC2 instance is running!
You can parameterize your templates using variables
variable "name" { description = "The name of the EC2 instance" } Define a variable. description, default, and type are optional.
resource "aws_instance" "example" { ami = "ami-408c7f28" instance_type = "t2.micro" tags { Name = "${var.name}" } } Note the use of ${} syntax to reference var.name in tags variable "name" { description = "The name of the EC2 instance" }
> terraform plan var.name Enter a value: foo ~ aws_instance.example tags.Name: "terraform-example" => "foo" Use plan to verify your changes. It prompts you for the variable.
> terraform apply -var name=foo aws_instance.example: Refreshing state... aws_instance.example: Modifying... tags.Name: "terraform-example" => "foo" aws_instance.example: Modifications complete Apply complete! Resources: 0 added, 1 changed, 0 destroyed. You can also pass variables using the -var parameter
You can create dependencies between resources
resource "aws_eip" "example" { instance = "${aws_instance.example.id}” } Notice the use of ${} to depend on the id of the aws_instance resource "aws_instance" "example" { ami = "ami-408c7f28" instance_type = "t2.micro" tags { Name = "${var.name}" } }
Terraform automatically builds a dependency graph
You can clean up all resources you created with Terraform
> terraform destroy aws_instance.example: Refreshing state... (ID: i-f3d58c70) aws_elb.example: Refreshing state... (ID: example) aws_elb.example: Destroying... aws_elb.example: Destruction complete aws_instance.example: Destroying... aws_instance.example: Destruction complete Apply complete! Resources: 0 added, 0 changed, 2 destroyed. Just use the destroy command
> terraform destroy aws_instance.example: Refreshing state... (ID: i-f3d58c70) aws_elb.example: Refreshing state... (ID: example) aws_elb.example: Destroying... aws_elb.example: Destruction complete aws_instance.example: Destroying... aws_instance.example: Destruction complete Apply complete! Resources: 0 added, 0 changed, 2 destroyed. But how did Terraform know what to destroy?
1. Intro 2. State 3. Modules 4. Best practices 5. Gotchas 6. Recap Outline
Terraform records state of everything it has done
> ls -al -rw-r--r-- 6024 Apr 5 17:58 terraform.tfstate -rw-r--r-- 6024 Apr 5 17:58 terraform.tfstate.backup By default, state is stored locally in .tfstate files
> terraform remote config -backend=s3 -backend-config=bucket=my-s3-bucket -backend-config=key=terraform.tfstate -backend-config=encrypt=true -backend-config=region=us-east-1 You can enable remote state storage in S3, Atlas, Consul, etc.
Only Atlas provides locking, but it can be expensive
One alternative: manual coordination (+ CI job)
Better alternative: terragrunt github.com/gruntwork-io/terragrunt
Terragrunt is a thin, open source wrapper for Terraform
It provides locking using DynamoDB
dynamoDbLock = { stateFileId = "mgmt/bastion-host" } remoteState = { backend = "s3" backendConfigs = { bucket = "acme-co-terraform-state" key = "mgmt/bastion-host/terraform.tfstate" } } Terragrunt looks for a .terragrunt file for its configuration.
> terragrunt plan > terragrunt apply > terragrunt destroy Use all the normal Terraform commands with Terragrunt
> terragrunt apply [terragrunt] Acquiring lock for bastion-host in DynamoDB [terragrunt] Running command: terraform apply aws_instance.example: Creating... ami: "" => "ami-0d729a60" instance_type: "" => "t2.micro” [...] Apply complete! Resources: 1 added, 0 changed, 0 destroyed. [terragrunt] Releasing lock for bastion-host in DynamoDB Terragrunt automatically acquires and releases locks on apply/destroy
1. Intro 2. State 3. Modules 4. Best practices 5. Gotchas 6. Recap Outline
Terraform supports modules
That you can reuse, configure, and version control
Think of them like blueprints
A module is just a folder with Terraform templates
Most Gruntwork Infrastructure Packages are Terraform modules
Our conventions:
1. vars.tf 2. main.tf 3. outputs.tf
variable "name" { description = "The name of the EC2 instance" } variable "ami" { description = "The AMI to run on the EC2 instance" } variable "port" { description = "The port to listen on for HTTP requests" } Specify module inputs in vars.tf
resource "aws_instance" "example" { ami = "${var.ami}" instance_type = "t2.micro" user_data = "${template_file.user_data.rendered}" tags { Name = "${var.name}" } } Create resources in main.tf
output "url" { value = "http://${aws_instance.example.ip}:${var.port}" } Specify outputs in outputs.tf
See example modules: gruntwork.io/#what-we-do
Using a module:
module "example_rails_app" { source = "./rails-module" } The source parameter specifies what module to use
module "example_rails_app" { source = "git::git@github.com:foo/bar.git//module?ref=0.1" } It can even point to a versioned Git URL
module "example_rails_app" { source = "git::git@github.com:foo/bar.git//module?ref=0.1" name = "Example Rails App" ami = "ami-123asd1" port = 8080 } Specify the module’s inputs like any other Terraform resource
module "example_rails_app_stg" { source = "./rails-module" name = "Example Rails App staging" } module "example_rails_app_prod" { source = "./rails-module" name = "Example Rails App production" } You can reuse the same module multiple times
> terraform get -update Get: file:///home/ubuntu/modules/rails-module Get: file:///home/ubuntu/modules/rails-module Get: file:///home/ubuntu/modules/asg-module Get: file:///home/ubuntu/modules/vpc-module Run the get command before running plan or apply
1. Intro 2. State 3. Modules 4. Best practices 5. Gotchas 6. Recap Outline
1. Plan before apply
2. Stage before prod
3. Isolated environments
It’s tempting to define everything in 1 template stage prod mgmt
But then a mistake anywhere could break everything stage prod mgmt
What you really want is isolation for each environment stage prod mgmt
stage prod mgmt That way, a problem in stage doesn’t affect prod
Recommended folder structure (simplified):
global (Global resources such as IAM, SNS, S3) └ main.tf └ .terragrunt stage (Non-production workloads, testing) └ main.tf └ .terragrunt prod (Production workloads, user-facing apps) └ main.tf └ .terragrunt mgmt (DevOps tooling such as Jenkins, Bastion Host) └ main.tf └ .terragrunt
global (Global resources such as IAM, SNS, S3) └ main.tf └ .terragrunt stage (Non-production workloads, testing) └ main.tf └ .terragrunt prod (Production workloads, user-facing apps) └ main.tf └ .terragrunt mgmt (DevOps tooling such as Jenkins, Bastion Host) └ main.tf └ .terragruntEach folder gets its own .tfstate
global (Global resources such as IAM, SNS, S3) └ main.tf └ .terragrunt stage (Non-production workloads, testing) └ main.tf └ .terragrunt prod (Production workloads, user-facing apps) └ main.tf └ .terragrunt mgmt (DevOps tooling such as Jenkins, Bastion Host) └ main.tf └ .terragrunt Use terraform_remote_state to share state between them
4. Isolated components
It’s tempting to define everything in 1 template VPC MySQL Redis Bastion Frontend Backend
VPC MySql Redis Bastion Frontend Backend But then a mistake anywhere could break everything
What you really want is isolation for each component MySQL VPC Frontend
MySQL VPC Frontend That way, a problem in MySQL doesn’t affect the whole VPC
Recommended folder structure (full):
global (Global resources such as IAM, SNS, S3) └ iam └ sns stage (Non-production workloads, testing) └ vpc └ mysql └ frontend prod (Production workloads, user-facing apps) └ vpc └ mysql └ frontend mgmt (DevOps tooling such as Jenkins, Bastion Host) └ vpc └ bastion
global (Global resources such as IAM, SNS, S3) └ iam └ sns stage (Non-production workloads, testing) └ vpc └ mysql └ frontend prod (Production workloads, user-facing apps) └ vpc └ mysql └ frontend mgmt (DevOps tooling such as Jenkins, Bastion Host) └ vpc └ bastion Each component in each environment gets its own .tfstate
global (Global resources such as IAM, SNS, S3) └ iam └ sns stage (Non-production workloads, testing) └ vpc └ mysql └ frontend prod (Production workloads, user-facing apps) └ vpc └ mysql └ frontend mgmt (DevOps tooling such as Jenkins, Bastion Host) └ vpc └ bastion Use terraform_remote_state to share state between them
5. Use modules
stage └ vpc └ mysql └ frontend prod └ vpc └ mysql └ frontend How do you avoid copy/pasting code between stage and prod?
stage └ vpc └ mysql └ frontend prod └ vpc └ mysql └ frontend modules └ vpc └ mysql └ frontend Define reusable modules!
stage └ vpc └ mysql └ frontend prod └ vpc └ mysql └ frontend modules └ vpc └ mysql └ frontend └ main.tf └ outputs.tf └ vars.tf Each module defines one reusable component
variable "name" { description = "The name of the EC2 instance" } variable "ami" { description = "The AMI to run on the EC2 instance" } variable "memory" { description = "The amount of memory to allocate" } Define inputs in vars.tf to configure the module
module "frontend" { source = "./modules/frontend" name = "frontend-stage" ami = "ami-123asd1" memory = 512 } Use the module in stage (stage/frontend/main.tf)
module "frontend" { source = "./modules/frontend" name = "frontend-prod" ami = "ami-123abcd" memory = 2048 } And in prod (prod/frontend/main.tf)
6. Use versioned modules
stage └ vpc └ mysql └ frontend prod └ vpc └ mysql └ frontend modules └ vpc └ mysql └ frontend If stage and prod point to the same folder, you lose isolation
stage └ vpc └ mysql └ frontend prod └ vpc └ mysql └ frontend modules └ vpc └ mysql └ frontend Any change in modules/frontend affects both stage and prod
infrastructure-live └ stage └ vpc └ mysql └ frontend └ prod └ vpc └ mysql └ frontend infrastructure-modules └ vpc └ mysql └ frontend Solution: define modules in a separate repository
infrastructure-live └ stage └ vpc └ mysql └ frontend └ prod └ vpc └ mysql └ frontend infrastructure-modules └ vpc └ mysql └ frontend Now stage and prod can use different versioned URLs 0.1 0.2
module "frontend" { source = "git::git@github.com:foo/infrastructure- modules.git//frontend?ref=0.2" name = "frontend-prod" ami = "ami-123abcd" memory = 2048 } Example Terraform code (prod/frontend/main.tf)
7. State file storage
Use terragrunt github.com/gruntwork-io/terragrunt
dynamoDbLock = { stateFileId = "mgmt/bastion-host" } Use a custom lock (stateFileId) for each set of templates
remoteState = { backend = "s3" backendConfigs = { bucket = "acme-co-terraform-state" key = "mgmt/bastion-host/terraform.tfstate" encrypt = "true" } } Use an S3 bucket with encryption for remote state storage
Enable versioning on the S3 bucket!
7. Loops
Terraform is declarative, so very little “logic” is possible…
But you can “loop” to create multiple resources using count
resource "aws_instance" "example" { count = 1 ami = "${var.ami}" instance_type = "t2.micro" tags { Name = "${var.name}" } } Create one EC2 Instance
resource "aws_instance" "example" { count = 3 ami = "${var.ami}" instance_type = "t2.micro" tags { Name = "${var.name}" } } Create three EC2 Instances
Use count.index to modify each “iteration”
resource "aws_instance" "example" { count = 3 ami = "${var.ami}" instance_type = "t2.micro" tags { Name = "${var.name}-${count.index}" } } Create three EC2 Instances, each with a different name
Do even more with interpolation functions: terraform.io/docs/configuration/interpolation.html
resource "aws_instance" "example" { count = 3 ami = "${element(var.amis, count.index)}" instance_type = "t2.micro" tags { Name = "${var.name}-${count.index}" } } variable "amis" { type = "list" default = ["ami-abc123", "ami-abc456", "ami-abc789"] } Create three EC2 Instances, each with a different AMI
output "all_instance_ids" { value = ["${aws_instance.example.*.id}"] } output "first_instance_id" { value = "${aws_instance.example.0.id}" } Note: resources with count are actually lists of resources!
8. If-statements
Terraform is declarative, so very little “logic” is possible…
But you can do a limited form of if-statement using count
resource "aws_instance" "example" { count = "${var.should_create_instance}" ami = "ami-abcd1234" instance_type = "t2.micro" tags { Name = "${var.name}" } } variable "should_create_instance" { default = true } Note the use of a boolean in the count parameter
In HCL: • true = 1 • false = 0
resource "aws_instance" "example" { count = "${var.should_create_instance}" ami = "ami-abcd1234" instance_type = "t2.micro" tags { Name = "${var.name}" } } variable "should_create_instance" { default = true } So this creates 1 EC2 Instance if should_create_instance is true
resource "aws_instance" "example" { count = "${var.should_create_instance}" ami = "ami-abcd1234" instance_type = "t2.micro" tags { Name = "${var.name}" } } variable "should_create_instance" { default = true } Or 0 EC2 Instances if should_create_instance is false
It’s equivalent to: if (should_create_instance) create_instance()
There are many permutations of this trick (e.g. using length)
1. Intro 2. State 3. Modules 4. Best practices 5. Gotchas 6. Recap Outline
1. Valid plans can fail
Valid plan to create IAM instance profiles > terraform plan + aws_iam_instance_profile.instance_profile arn: "<computed>" create_date: "<computed>" name: "stage-iam-nat-role" path: "/" roles.2760019627: "stage-iam-nat-role" unique_id: "<computed>” Plan: 1 to add, 0 to change, 0 to destroy.
But the instance profile already exists in IAM!
You get an error > terraform apply Error applying plan: * Error creating IAM role stage-iam-nat-role: EntityAlreadyExists: Role with name stage-iam-nat-role already exists status code: 409, requestId: [e6812c4c-6fac-495c-be9d]
Conclusion: Never make out-of- band changes.
2. AWS is eventually consistent
Terraform doesn’t always wait for a resource to propagate
Which causes a variety of intermittent bugs:
> terraform apply ... * aws_route.internet-gateway: error finding matching route for Route table (rtb-5ca64f3b) and destination CIDR block (0.0.0.0/0)
> terraform apply ... * Resource 'aws_eip.nat' does not have attribute 'id' for variable 'aws_eip.nat.id'
> terraform apply ... * aws_subnet.private-persistence.2: InvalidSubnetID.NotFound: The subnet ID 'subnet-xxxxxxx' does not exist
> terraform apply ... * aws_route_table.private-persistence.2: InvalidRouteTableID.NotFound: The routeTable ID 'rtb-2d0d2f4a' does not exist
> terraform apply ... * aws_iam_instance_profile.instance_profile: diffs didn't match during apply. This is a bug with Terraform and should be reported. * aws_security_group.asg_security_group_stg: diffs didn't match during apply. This is a bug with Terraform and should be reported. The most generic one: diffs didn’t match during apply
Most of these are harmless. Just re-run terraform apply.
And try to run Terraform close to your AWS region (replica lag)
3. Avoid inline resources
resource "aws_route_table" "main" { vpc_id = "${aws_vpc.main.id}" route { cidr_block = "10.0.1.0/24" gateway_id = "${aws_internet_gateway.main.id}" } } Some resources allow blocks to be defined inline…
resource "aws_route_table" "main" { vpc_id = "${aws_vpc.main.id}" } resource "aws_route" "internet" { route_table_id = "${aws_route_table.main.id}" cidr_block = "10.0.1.0/24" gateway_id = "${aws_internet_gateway.main.id}" } Or in a separate resource
resource "aws_route_table" "main" { vpc_id = "${aws_vpc.main.id}" } resource "aws_route" "internet" { route_table_id = "${aws_route_table.main.id}" cidr_block = "10.0.1.0/24" gateway_id = "${aws_internet_gateway.main.id}" } Pick one technique or the other (separate resource is preferable)
resource "aws_route_table" "main" { vpc_id = "${aws_vpc.main.id}" } resource "aws_route" "internet" { route_table_id = "${aws_route_table.main.id}" cidr_block = "10.0.1.0/24" gateway_id = "${aws_internet_gateway.main.id}" } If you use both, you’ll get confusing errors!
Affected resources: • aws_route_table • aws_security_group • aws_elb • aws_network_acl
4. Count interpolation
There is a significant limitation on the count parameter:
You cannot compute count from dynamic data
Example: this code won’t work data "aws_availability_zones" "zones" {} resource "aws_subnet" "public" { count = "${length(data.aws_availability_zones.zones.names)}" cidr_block = "${cidrsubnet(var.cidr_block, 5, count.index}" availability_zone = "${element(data.aws_availability_zones.zones.names, count.index)}" }
> terraform apply ... * strconv.ParseInt: parsing "${length(data.aws_availability_zones.zones.names)}": invalid syntax
data.aws_availability_zones won’t work since it fetches data resource "aws_subnet" "public" { count = "${length(data.aws_availability_zones.zones.names)}" cidr_block = "${cidrsubnet(var.cidr_block, 5, count.index}" availability_zone = "${element(data.aws_availability_zones.zones.names, count.index)}" }
A fixed number is OK resource "aws_subnet" "public" { count = 3 cidr_block = "${cidrsubnet(var.cidr_block, 5, count.index}" availability_zone = "${element(data.aws_availability_zones.zones.names, count.index)}" }
So is a hard-coded variable resource "aws_subnet" "public" { count = "${var.num_availability_zones}" cidr_block = "${cidrsubnet(var.cidr_block, 5, count.index}" availability_zone = "${element(data.aws_availability_zones.zones.names, count.index)}" } variable "num_availability_zones" { default = 3 }
For more info, see: github.com/hashicorp/terraform/issues/3888
1. Intro 2. State 3. Modules 4. Best practices 5. Gotchas 6. Recap Outline
Advantages of Terraform: 1. Define infrastructure-as-code 2. Concise, readable syntax 3. Reuse: inputs, outputs, modules 4. Plan command! 5. Cloud agnostic 6. Very active development
Disadvantages of Terraform: 1. Maturity. You will hit bugs. 2. Collaboration on Terraform state is tricky (but not with terragrunt) 3. No rollback 4. Poor secrets management
Questions? Want to know when we share additional DevOps training? Sign up for our Newsletter. gruntwork.io/newsletter

Recommandé

Terraform
TerraformTerraform
TerraformPathum Fernando ☁
 
Terraform introduction
Terraform introductionTerraform introduction
Terraform introductionJason Vance
 
Final terraform
Final terraformFinal terraform
Final terraformGourav Varma
 
Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...
Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...
Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...Amazon Web Services
 
Best Practices of Infrastructure as Code with Terraform
Best Practices of Infrastructure as Code with TerraformBest Practices of Infrastructure as Code with Terraform
Best Practices of Infrastructure as Code with TerraformDevOps.com
 
Terraform Basics
Terraform BasicsTerraform Basics
Terraform BasicsMohammed Fazuluddin
 
Terraform
TerraformTerraform
TerraformPhil Wilkins
 
Terraform: An Overview & Introduction
Terraform: An Overview & IntroductionTerraform: An Overview & Introduction
Terraform: An Overview & IntroductionLee Trout
 

Recommandé

Terraform
TerraformTerraform
TerraformPathum Fernando ☁
 
Terraform introduction
Terraform introductionTerraform introduction
Terraform introductionJason Vance
 
Final terraform
Final terraformFinal terraform
Final terraformGourav Varma
 
Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...
Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...
Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...Amazon Web Services
 
Best Practices of Infrastructure as Code with Terraform
Best Practices of Infrastructure as Code with TerraformBest Practices of Infrastructure as Code with Terraform
Best Practices of Infrastructure as Code with TerraformDevOps.com
 
Terraform Basics
Terraform BasicsTerraform Basics
Terraform BasicsMohammed Fazuluddin
 
Terraform
TerraformTerraform
TerraformPhil Wilkins
 
Terraform: An Overview & Introduction
Terraform: An Overview & IntroductionTerraform: An Overview & Introduction
Terraform: An Overview & IntroductionLee Trout
 
Terraform
TerraformTerraform
TerraformChristophe Marchal
 
Terraform -- Infrastructure as Code
Terraform -- Infrastructure as CodeTerraform -- Infrastructure as Code
Terraform -- Infrastructure as CodeMartin Schütte
 
Infrastructure-as-Code (IaC) using Terraform
Infrastructure-as-Code (IaC) using TerraformInfrastructure-as-Code (IaC) using Terraform
Infrastructure-as-Code (IaC) using TerraformAdin Ermie
 
Terraform modules and best-practices - September 2018
Terraform modules and best-practices - September 2018Terraform modules and best-practices - September 2018
Terraform modules and best-practices - September 2018Anton Babenko
 
Terraform
TerraformTerraform
TerraformDiego Pacheco
 
An introduction to terraform
An introduction to terraformAn introduction to terraform
An introduction to terraformJulien Pivotto
 
Terraform modules restructured
Terraform modules restructuredTerraform modules restructured
Terraform modules restructuredAmi Mahloof
 
Terraform 0.12 + Terragrunt
Terraform 0.12 + TerragruntTerraform 0.12 + Terragrunt
Terraform 0.12 + TerragruntAnton Babenko
 
Terraform Introduction
Terraform IntroductionTerraform Introduction
Terraform Introductionsoniasnowfrog
 
Building infrastructure as code using Terraform - DevOps Krakow
Building infrastructure as code using Terraform - DevOps KrakowBuilding infrastructure as code using Terraform - DevOps Krakow
Building infrastructure as code using Terraform - DevOps KrakowAnton Babenko
 
Terraform on Azure
Terraform on AzureTerraform on Azure
Terraform on AzureJulien Corioland
 
Introduce to Terraform
Introduce to TerraformIntroduce to Terraform
Introduce to TerraformSamsung Electronics
 
Terraform on Azure
Terraform on AzureTerraform on Azure
Terraform on AzureMithun Shanbhag
 
Introduction to Kubernetes Workshop
Introduction to Kubernetes WorkshopIntroduction to Kubernetes Workshop
Introduction to Kubernetes WorkshopBob Killen
 
Terraform
TerraformTerraform
TerraformHarish Kumar
 
Advanced Terraform
Advanced TerraformAdvanced Terraform
Advanced TerraformSamsung Electronics
 
Terraform
TerraformTerraform
TerraformMarcelo Serpa
 
How to test infrastructure code: automated testing for Terraform, Kubernetes,...
How to test infrastructure code: automated testing for Terraform, Kubernetes,...How to test infrastructure code: automated testing for Terraform, Kubernetes,...
How to test infrastructure code: automated testing for Terraform, Kubernetes,...Yevgeniy Brikman
 
Kubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation SlidesKubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation SlidesSlideTeam
 
infrastructure as code
infrastructure as codeinfrastructure as code
infrastructure as codeAmazon Web Services
 
An intro to Docker, Terraform, and Amazon ECS
An intro to Docker, Terraform, and Amazon ECSAn intro to Docker, Terraform, and Amazon ECS
An intro to Docker, Terraform, and Amazon ECSYevgeniy Brikman
 
Play Framework: async I/O with Java and Scala
Play Framework: async I/O with Java and ScalaPlay Framework: async I/O with Java and Scala
Play Framework: async I/O with Java and ScalaYevgeniy Brikman
 

Contenu connexe

Tendances

Terraform -- Infrastructure as Code
Terraform -- Infrastructure as CodeTerraform -- Infrastructure as Code
Terraform -- Infrastructure as CodeMartin Schütte
 
Infrastructure-as-Code (IaC) using Terraform
Infrastructure-as-Code (IaC) using TerraformInfrastructure-as-Code (IaC) using Terraform
Infrastructure-as-Code (IaC) using TerraformAdin Ermie
 
Terraform modules and best-practices - September 2018
Terraform modules and best-practices - September 2018Terraform modules and best-practices - September 2018
Terraform modules and best-practices - September 2018Anton Babenko
 
An introduction to terraform
An introduction to terraformAn introduction to terraform
An introduction to terraformJulien Pivotto
 
Terraform modules restructured
Terraform modules restructuredTerraform modules restructured
Terraform modules restructuredAmi Mahloof
 
Terraform 0.12 + Terragrunt
Terraform 0.12 + TerragruntTerraform 0.12 + Terragrunt
Terraform 0.12 + TerragruntAnton Babenko
 
Terraform Introduction
Terraform IntroductionTerraform Introduction
Terraform Introductionsoniasnowfrog
 
Building infrastructure as code using Terraform - DevOps Krakow
Building infrastructure as code using Terraform - DevOps KrakowBuilding infrastructure as code using Terraform - DevOps Krakow
Building infrastructure as code using Terraform - DevOps KrakowAnton Babenko
 
Introduction to Kubernetes Workshop
Introduction to Kubernetes WorkshopIntroduction to Kubernetes Workshop
Introduction to Kubernetes WorkshopBob Killen
 
How to test infrastructure code: automated testing for Terraform, Kubernetes,...
How to test infrastructure code: automated testing for Terraform, Kubernetes,...How to test infrastructure code: automated testing for Terraform, Kubernetes,...
How to test infrastructure code: automated testing for Terraform, Kubernetes,...Yevgeniy Brikman
 
Kubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation SlidesKubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation SlidesSlideTeam
 

Tendances (20)

Terraform
TerraformTerraform
Terraform
 
Terraform -- Infrastructure as Code
Terraform -- Infrastructure as CodeTerraform -- Infrastructure as Code
Terraform -- Infrastructure as Code
 
Infrastructure-as-Code (IaC) using Terraform
Infrastructure-as-Code (IaC) using TerraformInfrastructure-as-Code (IaC) using Terraform
Infrastructure-as-Code (IaC) using Terraform
 
Terraform modules and best-practices - September 2018
Terraform modules and best-practices - September 2018Terraform modules and best-practices - September 2018
Terraform modules and best-practices - September 2018
 
Terraform
TerraformTerraform
Terraform
 
An introduction to terraform
An introduction to terraformAn introduction to terraform
An introduction to terraform
 
Terraform modules restructured
Terraform modules restructuredTerraform modules restructured
Terraform modules restructured
 
Terraform 0.12 + Terragrunt
Terraform 0.12 + TerragruntTerraform 0.12 + Terragrunt
Terraform 0.12 + Terragrunt
 
Terraform Introduction
Terraform IntroductionTerraform Introduction
Terraform Introduction
 
Building infrastructure as code using Terraform - DevOps Krakow
Building infrastructure as code using Terraform - DevOps KrakowBuilding infrastructure as code using Terraform - DevOps Krakow
Building infrastructure as code using Terraform - DevOps Krakow
 
Terraform on Azure
Terraform on AzureTerraform on Azure
Terraform on Azure
 
Introduce to Terraform
Introduce to TerraformIntroduce to Terraform
Introduce to Terraform
 
Terraform on Azure
Terraform on AzureTerraform on Azure
Terraform on Azure
 
Introduction to Kubernetes Workshop
Introduction to Kubernetes WorkshopIntroduction to Kubernetes Workshop
Introduction to Kubernetes Workshop
 
Terraform
TerraformTerraform
Terraform
 
Advanced Terraform
Advanced TerraformAdvanced Terraform
Advanced Terraform
 
Terraform
TerraformTerraform
Terraform
 
How to test infrastructure code: automated testing for Terraform, Kubernetes,...
How to test infrastructure code: automated testing for Terraform, Kubernetes,...How to test infrastructure code: automated testing for Terraform, Kubernetes,...
How to test infrastructure code: automated testing for Terraform, Kubernetes,...
 
Kubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation SlidesKubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation Slides
 
infrastructure as code
infrastructure as codeinfrastructure as code
infrastructure as code
 

En vedette

An intro to Docker, Terraform, and Amazon ECS
An intro to Docker, Terraform, and Amazon ECSAn intro to Docker, Terraform, and Amazon ECS
An intro to Docker, Terraform, and Amazon ECSYevgeniy Brikman
 
Play Framework: async I/O with Java and Scala
Play Framework: async I/O with Java and ScalaPlay Framework: async I/O with Java and Scala
Play Framework: async I/O with Java and ScalaYevgeniy Brikman
 
Reusable, composable, battle-tested Terraform modules
Reusable, composable, battle-tested Terraform modulesReusable, composable, battle-tested Terraform modules
Reusable, composable, battle-tested Terraform modulesYevgeniy Brikman
 
Azure Infrastructure as Code and Hashicorp Terraform
Azure Infrastructure as Code and Hashicorp TerraformAzure Infrastructure as Code and Hashicorp Terraform
Azure Infrastructure as Code and Hashicorp TerraformAlex Mags
 
Microsoft Azure IaaS and Terraform
Microsoft Azure IaaS and TerraformMicrosoft Azure IaaS and Terraform
Microsoft Azure IaaS and TerraformAlex Mags
 
Alex Magnay - Azure Infrastructure as Code with Hashicorp Terraform
Alex Magnay - Azure Infrastructure as Code with Hashicorp TerraformAlex Magnay - Azure Infrastructure as Code with Hashicorp Terraform
Alex Magnay - Azure Infrastructure as Code with Hashicorp TerraformWinOps Conf
 
Six Startup Lessons & The Essence of Venture Capital
Six Startup Lessons & The Essence of Venture CapitalSix Startup Lessons & The Essence of Venture Capital
Six Startup Lessons & The Essence of Venture CapitalAllan Martinson
 
The Truth About Startups: What I wish someone had told me about entrepreneurs...
The Truth About Startups: What I wish someone had told me about entrepreneurs...The Truth About Startups: What I wish someone had told me about entrepreneurs...
The Truth About Startups: What I wish someone had told me about entrepreneurs...Yevgeniy Brikman
 
Gruntwork Executive Summary
Gruntwork Executive SummaryGruntwork Executive Summary
Gruntwork Executive SummaryYevgeniy Brikman
 
Business Model Innovation by Business Models Inc. Training Summary
Business Model Innovation by Business Models Inc. Training SummaryBusiness Model Innovation by Business Models Inc. Training Summary
Business Model Innovation by Business Models Inc. Training SummaryBusiness Models Inc.
 
Virtual Business Incubator Framework for Enriching Innovation Ecosystem 2013
Virtual Business Incubator Framework for Enriching Innovation Ecosystem 2013Virtual Business Incubator Framework for Enriching Innovation Ecosystem 2013
Virtual Business Incubator Framework for Enriching Innovation Ecosystem 2013Vasily Ryzhonkov
 
Effective Marketing for the Public Practitioner - Presentation by Michael 'M...
Effective Marketing for the Public Practitioner - Presentation by Michael 'M...Effective Marketing for the Public Practitioner - Presentation by Michael 'M...
Effective Marketing for the Public Practitioner - Presentation by Michael 'M...Practice Paradox
 
Presentation Global Innovation Forum London Nov 2014
Presentation Global Innovation Forum London Nov 2014Presentation Global Innovation Forum London Nov 2014
Presentation Global Innovation Forum London Nov 2014Business Models Inc.
 

En vedette (20)

An intro to Docker, Terraform, and Amazon ECS
An intro to Docker, Terraform, and Amazon ECSAn intro to Docker, Terraform, and Amazon ECS
An intro to Docker, Terraform, and Amazon ECS
 
Play Framework: async I/O with Java and Scala
Play Framework: async I/O with Java and ScalaPlay Framework: async I/O with Java and Scala
Play Framework: async I/O with Java and Scala
 
Reusable, composable, battle-tested Terraform modules
Reusable, composable, battle-tested Terraform modulesReusable, composable, battle-tested Terraform modules
Reusable, composable, battle-tested Terraform modules
 
Rapid prototyping
Rapid prototypingRapid prototyping
Rapid prototyping
 
Dust.js
Dust.jsDust.js
Dust.js
 
Hackdays and [in]cubator
Hackdays and [in]cubatorHackdays and [in]cubator
Hackdays and [in]cubator
 
Azure Infrastructure as Code and Hashicorp Terraform
Azure Infrastructure as Code and Hashicorp TerraformAzure Infrastructure as Code and Hashicorp Terraform
Azure Infrastructure as Code and Hashicorp Terraform
 
Microsoft Azure IaaS and Terraform
Microsoft Azure IaaS and TerraformMicrosoft Azure IaaS and Terraform
Microsoft Azure IaaS and Terraform
 
Alex Magnay - Azure Infrastructure as Code with Hashicorp Terraform
Alex Magnay - Azure Infrastructure as Code with Hashicorp TerraformAlex Magnay - Azure Infrastructure as Code with Hashicorp Terraform
Alex Magnay - Azure Infrastructure as Code with Hashicorp Terraform
 
Six Startup Lessons & The Essence of Venture Capital
Six Startup Lessons & The Essence of Venture CapitalSix Startup Lessons & The Essence of Venture Capital
Six Startup Lessons & The Essence of Venture Capital
 
Agility Requires Safety
Agility Requires SafetyAgility Requires Safety
Agility Requires Safety
 
The Truth About Startups: What I wish someone had told me about entrepreneurs...
The Truth About Startups: What I wish someone had told me about entrepreneurs...The Truth About Startups: What I wish someone had told me about entrepreneurs...
The Truth About Startups: What I wish someone had told me about entrepreneurs...
 
Gruntwork Executive Summary
Gruntwork Executive SummaryGruntwork Executive Summary
Gruntwork Executive Summary
 
Great Value Proposition Design
Great Value Proposition DesignGreat Value Proposition Design
Great Value Proposition Design
 
Business Model Innovation by Business Models Inc. Training Summary
Business Model Innovation by Business Models Inc. Training SummaryBusiness Model Innovation by Business Models Inc. Training Summary
Business Model Innovation by Business Models Inc. Training Summary
 
Virtual Business Incubator Framework for Enriching Innovation Ecosystem 2013
Virtual Business Incubator Framework for Enriching Innovation Ecosystem 2013Virtual Business Incubator Framework for Enriching Innovation Ecosystem 2013
Virtual Business Incubator Framework for Enriching Innovation Ecosystem 2013
 
Effective Marketing for the Public Practitioner - Presentation by Michael 'M...
Effective Marketing for the Public Practitioner - Presentation by Michael 'M...Effective Marketing for the Public Practitioner - Presentation by Michael 'M...
Effective Marketing for the Public Practitioner - Presentation by Michael 'M...
 
ANAHIT Initiative
ANAHIT InitiativeANAHIT Initiative
ANAHIT Initiative
 
Business Models Template E145
Business Models Template E145Business Models Template E145
Business Models Template E145
 
Presentation Global Innovation Forum London Nov 2014
Presentation Global Innovation Forum London Nov 2014Presentation Global Innovation Forum London Nov 2014
Presentation Global Innovation Forum London Nov 2014
 

Similaire à Comprehensive Terraform Training

Terraform in deployment pipeline
Terraform in deployment pipelineTerraform in deployment pipeline
Terraform in deployment pipelineAnton Babenko
 
"Continuously delivering infrastructure using Terraform and Packer" training ...
"Continuously delivering infrastructure using Terraform and Packer" training ..."Continuously delivering infrastructure using Terraform and Packer" training ...
"Continuously delivering infrastructure using Terraform and Packer" training ...Anton Babenko
 
Terraform infraestructura como código
Terraform infraestructura como códigoTerraform infraestructura como código
Terraform infraestructura como códigoVictor Adsuar
 
Terraform Modules Restructured
Terraform Modules RestructuredTerraform Modules Restructured
Terraform Modules RestructuredDoiT International
 
Terraform Modules and Continuous Deployment
Terraform Modules and Continuous DeploymentTerraform Modules and Continuous Deployment
Terraform Modules and Continuous DeploymentZane Williamson
 
Infrastructure-as-Code (IaC) Using Terraform (Advanced Edition)
Infrastructure-as-Code (IaC) Using Terraform (Advanced Edition)Infrastructure-as-Code (IaC) Using Terraform (Advanced Edition)
Infrastructure-as-Code (IaC) Using Terraform (Advanced Edition)Adin Ermie
 
DevOps Enabling Your Team
DevOps Enabling Your TeamDevOps Enabling Your Team
DevOps Enabling Your TeamGR8Conf
 
PuppetDB: Sneaking Clojure into Operations
PuppetDB: Sneaking Clojure into OperationsPuppetDB: Sneaking Clojure into Operations
PuppetDB: Sneaking Clojure into Operationsgrim_radical
 
Introduction to PowerShell
Introduction to PowerShellIntroduction to PowerShell
Introduction to PowerShellBoulos Dib
 
Declare your infrastructure: InfraKit, LinuxKit and Moby
Declare your infrastructure: InfraKit, LinuxKit and MobyDeclare your infrastructure: InfraKit, LinuxKit and Moby
Declare your infrastructure: InfraKit, LinuxKit and MobyMoby Project
 
Terraform Abstractions for Safety and Power
Terraform Abstractions for Safety and PowerTerraform Abstractions for Safety and Power
Terraform Abstractions for Safety and PowerCalvin French-Owen
 
Using Terraform to manage the configuration of a Cisco ACI fabric.
Using Terraform to manage the configuration of a Cisco ACI fabric.Using Terraform to manage the configuration of a Cisco ACI fabric.
Using Terraform to manage the configuration of a Cisco ACI fabric.Joel W. King
 
Immutable Deployments with AWS CloudFormation and AWS Lambda
Immutable Deployments with AWS CloudFormation and AWS LambdaImmutable Deployments with AWS CloudFormation and AWS Lambda
Immutable Deployments with AWS CloudFormation and AWS LambdaAOE
 
Aprovisionamiento multi-proveedor con Terraform - Plain Concepts DevOps day
Aprovisionamiento multi-proveedor con Terraform - Plain Concepts DevOps dayAprovisionamiento multi-proveedor con Terraform - Plain Concepts DevOps day
Aprovisionamiento multi-proveedor con Terraform - Plain Concepts DevOps dayPlain Concepts
 
Jan Stępień - GraalVM: Fast, Polyglot, Native - Codemotion Berlin 2018
Jan Stępień - GraalVM: Fast, Polyglot, Native - Codemotion Berlin 2018Jan Stępień - GraalVM: Fast, Polyglot, Native - Codemotion Berlin 2018
Jan Stępień - GraalVM: Fast, Polyglot, Native - Codemotion Berlin 2018Codemotion
 
LAMP Stack (Reloaded) - Infrastructure as Code with Terraform & Packer
LAMP Stack (Reloaded) - Infrastructure as Code with Terraform & PackerLAMP Stack (Reloaded) - Infrastructure as Code with Terraform & Packer
LAMP Stack (Reloaded) - Infrastructure as Code with Terraform & PackerJan-Christoph Küster
 
Debasihish da final.ppt
Debasihish da final.pptDebasihish da final.ppt
Debasihish da final.pptKalkey
 
Infrastructure as Code with Terraform
Infrastructure as Code with TerraformInfrastructure as Code with Terraform
Infrastructure as Code with TerraformPedro J. Molina
 

Similaire à Comprehensive Terraform Training (20)

Terraform in deployment pipeline
Terraform in deployment pipelineTerraform in deployment pipeline
Terraform in deployment pipeline
 
"Continuously delivering infrastructure using Terraform and Packer" training ...
"Continuously delivering infrastructure using Terraform and Packer" training ..."Continuously delivering infrastructure using Terraform and Packer" training ...
"Continuously delivering infrastructure using Terraform and Packer" training ...
 
London HUG 12/4
London HUG 12/4London HUG 12/4
London HUG 12/4
 
Terraform infraestructura como código
Terraform infraestructura como códigoTerraform infraestructura como código
Terraform infraestructura como código
 
Terraform Modules Restructured
Terraform Modules RestructuredTerraform Modules Restructured
Terraform Modules Restructured
 
Terraform Modules and Continuous Deployment
Terraform Modules and Continuous DeploymentTerraform Modules and Continuous Deployment
Terraform Modules and Continuous Deployment
 
Infrastructure-as-Code (IaC) Using Terraform (Advanced Edition)
Infrastructure-as-Code (IaC) Using Terraform (Advanced Edition)Infrastructure-as-Code (IaC) Using Terraform (Advanced Edition)
Infrastructure-as-Code (IaC) Using Terraform (Advanced Edition)
 
DevOps Enabling Your Team
DevOps Enabling Your TeamDevOps Enabling Your Team
DevOps Enabling Your Team
 
PuppetDB: Sneaking Clojure into Operations
PuppetDB: Sneaking Clojure into OperationsPuppetDB: Sneaking Clojure into Operations
PuppetDB: Sneaking Clojure into Operations
 
Terraform training 🎒 - Basic
Terraform training 🎒 - BasicTerraform training 🎒 - Basic
Terraform training 🎒 - Basic
 
Introduction to PowerShell
Introduction to PowerShellIntroduction to PowerShell
Introduction to PowerShell
 
Declare your infrastructure: InfraKit, LinuxKit and Moby
Declare your infrastructure: InfraKit, LinuxKit and MobyDeclare your infrastructure: InfraKit, LinuxKit and Moby
Declare your infrastructure: InfraKit, LinuxKit and Moby
 
Terraform Abstractions for Safety and Power
Terraform Abstractions for Safety and PowerTerraform Abstractions for Safety and Power
Terraform Abstractions for Safety and Power
 
Using Terraform to manage the configuration of a Cisco ACI fabric.
Using Terraform to manage the configuration of a Cisco ACI fabric.Using Terraform to manage the configuration of a Cisco ACI fabric.
Using Terraform to manage the configuration of a Cisco ACI fabric.
 
Immutable Deployments with AWS CloudFormation and AWS Lambda
Immutable Deployments with AWS CloudFormation and AWS LambdaImmutable Deployments with AWS CloudFormation and AWS Lambda
Immutable Deployments with AWS CloudFormation and AWS Lambda
 
Aprovisionamiento multi-proveedor con Terraform - Plain Concepts DevOps day
Aprovisionamiento multi-proveedor con Terraform - Plain Concepts DevOps dayAprovisionamiento multi-proveedor con Terraform - Plain Concepts DevOps day
Aprovisionamiento multi-proveedor con Terraform - Plain Concepts DevOps day
 
Jan Stępień - GraalVM: Fast, Polyglot, Native - Codemotion Berlin 2018
Jan Stępień - GraalVM: Fast, Polyglot, Native - Codemotion Berlin 2018Jan Stępień - GraalVM: Fast, Polyglot, Native - Codemotion Berlin 2018
Jan Stępień - GraalVM: Fast, Polyglot, Native - Codemotion Berlin 2018
 
LAMP Stack (Reloaded) - Infrastructure as Code with Terraform & Packer
LAMP Stack (Reloaded) - Infrastructure as Code with Terraform & PackerLAMP Stack (Reloaded) - Infrastructure as Code with Terraform & Packer
LAMP Stack (Reloaded) - Infrastructure as Code with Terraform & Packer
 
Debasihish da final.ppt
Debasihish da final.pptDebasihish da final.ppt
Debasihish da final.ppt
 
Infrastructure as Code with Terraform
Infrastructure as Code with TerraformInfrastructure as Code with Terraform
Infrastructure as Code with Terraform
 

Plus de Yevgeniy Brikman

Cloud adoption fails - 5 ways deployments go wrong and 5 solutions
Cloud adoption fails - 5 ways deployments go wrong and 5 solutionsCloud adoption fails - 5 ways deployments go wrong and 5 solutions
Cloud adoption fails - 5 ways deployments go wrong and 5 solutionsYevgeniy Brikman
 
Lessons learned from writing over 300,000 lines of infrastructure code
Lessons learned from writing over 300,000 lines of infrastructure codeLessons learned from writing over 300,000 lines of infrastructure code
Lessons learned from writing over 300,000 lines of infrastructure codeYevgeniy Brikman
 
Infrastructure as code: running microservices on AWS using Docker, Terraform,...
Infrastructure as code: running microservices on AWS using Docker, Terraform,...Infrastructure as code: running microservices on AWS using Docker, Terraform,...
Infrastructure as code: running microservices on AWS using Docker, Terraform,...Yevgeniy Brikman
 
Startup Ideas and Validation
Startup Ideas and ValidationStartup Ideas and Validation
Startup Ideas and ValidationYevgeniy Brikman
 
A Guide to Hiring for your Startup
A Guide to Hiring for your StartupA Guide to Hiring for your Startup
A Guide to Hiring for your StartupYevgeniy Brikman
 
Node.js vs Play Framework (with Japanese subtitles)
Node.js vs Play Framework (with Japanese subtitles)Node.js vs Play Framework (with Japanese subtitles)
Node.js vs Play Framework (with Japanese subtitles)Yevgeniy Brikman
 
Composable and streamable Play apps
Composable and streamable Play appsComposable and streamable Play apps
Composable and streamable Play appsYevgeniy Brikman
 
The Play Framework at LinkedIn
The Play Framework at LinkedInThe Play Framework at LinkedIn
The Play Framework at LinkedInYevgeniy Brikman
 
Startup DNA: the formula behind successful startups in Silicon Valley (update...
Startup DNA: the formula behind successful startups in Silicon Valley (update...Startup DNA: the formula behind successful startups in Silicon Valley (update...
Startup DNA: the formula behind successful startups in Silicon Valley (update...Yevgeniy Brikman
 

Plus de Yevgeniy Brikman (13)

Cloud adoption fails - 5 ways deployments go wrong and 5 solutions
Cloud adoption fails - 5 ways deployments go wrong and 5 solutionsCloud adoption fails - 5 ways deployments go wrong and 5 solutions
Cloud adoption fails - 5 ways deployments go wrong and 5 solutions
 
Lessons learned from writing over 300,000 lines of infrastructure code
Lessons learned from writing over 300,000 lines of infrastructure codeLessons learned from writing over 300,000 lines of infrastructure code
Lessons learned from writing over 300,000 lines of infrastructure code
 
Infrastructure as code: running microservices on AWS using Docker, Terraform,...
Infrastructure as code: running microservices on AWS using Docker, Terraform,...Infrastructure as code: running microservices on AWS using Docker, Terraform,...
Infrastructure as code: running microservices on AWS using Docker, Terraform,...
 
Startup Ideas and Validation
Startup Ideas and ValidationStartup Ideas and Validation
Startup Ideas and Validation
 
A Guide to Hiring for your Startup
A Guide to Hiring for your StartupA Guide to Hiring for your Startup
A Guide to Hiring for your Startup
 
Startup DNA: Speed Wins
Startup DNA: Speed WinsStartup DNA: Speed Wins
Startup DNA: Speed Wins
 
Node.js vs Play Framework (with Japanese subtitles)
Node.js vs Play Framework (with Japanese subtitles)Node.js vs Play Framework (with Japanese subtitles)
Node.js vs Play Framework (with Japanese subtitles)
 
Node.js vs Play Framework
Node.js vs Play FrameworkNode.js vs Play Framework
Node.js vs Play Framework
 
Composable and streamable Play apps
Composable and streamable Play appsComposable and streamable Play apps
Composable and streamable Play apps
 
The Play Framework at LinkedIn
The Play Framework at LinkedInThe Play Framework at LinkedIn
The Play Framework at LinkedIn
 
Kings of Code Hack Battle
Kings of Code Hack BattleKings of Code Hack Battle
Kings of Code Hack Battle
 
Startup DNA: the formula behind successful startups in Silicon Valley (update...
Startup DNA: the formula behind successful startups in Silicon Valley (update...Startup DNA: the formula behind successful startups in Silicon Valley (update...
Startup DNA: the formula behind successful startups in Silicon Valley (update...
 
LinkedIn Overview
LinkedIn OverviewLinkedIn Overview
LinkedIn Overview
 

Dernier

How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 

Dernier (20)

How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 

Comprehensive Terraform Training

  • 2. We’ve pre-written Terraform packages for the most common AWS components. We test, update, and support these packages. When a software team purchases a package, they get 100% of the source code. http://gruntwork.io Gruntwork
  • 3. • Network Topology (VPC) • Monitoring and Alerting • Docker Cluster • Continuous Delivery Sample Packages http://gruntwork.io Gruntwork
  • 5. 1. Intro 2. State 3. Modules 4. Best practices 5. Gotchas 6. Recap Outline
  • 6. 1. Intro 2. State 3. Modules 4. Best practices 5. Gotchas 6. Recap Outline
  • 7. Terraform is a tool for provisioning infrastructure TERRAFORM
  • 8. It supports many providers (cloud agnostic)
  • 9. And many resources for each provider
  • 10. You define resources as code in Terraform templates
  • 11. provider "aws" { region = "us-east-1" } resource "aws_instance" "example" { ami = "ami-408c7f28" instance_type = "t2.micro" tags { Name = "terraform-example" } } This template creates a single EC2 instance in AWS
  • 12. > terraform plan + aws_instance.example ami: "" => "ami-408c7f28" instance_type: "" => "t2.micro" key_name: "" => "<computed>" private_ip: "" => "<computed>" public_ip: "" => "<computed>" Plan: 1 to add, 0 to change, 0 to destroy. Use the plan command to see what you’re about to deploy
  • 13. > terraform apply aws_instance.example: Creating... ami: "" => "ami-408c7f28" instance_type: "" => "t2.micro" key_name: "" => "<computed>" private_ip: "" => "<computed>" public_ip: "" => "<computed>” aws_instance.example: Creation complete Apply complete! Resources: 1 added, 0 changed, 0 destroyed. Use the apply command to apply the changes
  • 14. Now the EC2 instance is running!
  • 15. You can parameterize your templates using variables
  • 16. variable "name" { description = "The name of the EC2 instance" } Define a variable. description, default, and type are optional.
  • 17. resource "aws_instance" "example" { ami = "ami-408c7f28" instance_type = "t2.micro" tags { Name = "${var.name}" } } Note the use of ${} syntax to reference var.name in tags variable "name" { description = "The name of the EC2 instance" }
  • 18. > terraform plan var.name Enter a value: foo ~ aws_instance.example tags.Name: "terraform-example" => "foo" Use plan to verify your changes. It prompts you for the variable.
  • 19. > terraform apply -var name=foo aws_instance.example: Refreshing state... aws_instance.example: Modifying... tags.Name: "terraform-example" => "foo" aws_instance.example: Modifications complete Apply complete! Resources: 0 added, 1 changed, 0 destroyed. You can also pass variables using the -var parameter
  • 20. You can create dependencies between resources
  • 21. resource "aws_eip" "example" { instance = "${aws_instance.example.id}” } Notice the use of ${} to depend on the id of the aws_instance resource "aws_instance" "example" { ami = "ami-408c7f28" instance_type = "t2.micro" tags { Name = "${var.name}" } }
  • 22. Terraform automatically builds a dependency graph
  • 23. You can clean up all resources you created with Terraform
  • 24. > terraform destroy aws_instance.example: Refreshing state... (ID: i-f3d58c70) aws_elb.example: Refreshing state... (ID: example) aws_elb.example: Destroying... aws_elb.example: Destruction complete aws_instance.example: Destroying... aws_instance.example: Destruction complete Apply complete! Resources: 0 added, 0 changed, 2 destroyed. Just use the destroy command
  • 25. > terraform destroy aws_instance.example: Refreshing state... (ID: i-f3d58c70) aws_elb.example: Refreshing state... (ID: example) aws_elb.example: Destroying... aws_elb.example: Destruction complete aws_instance.example: Destroying... aws_instance.example: Destruction complete Apply complete! Resources: 0 added, 0 changed, 2 destroyed. But how did Terraform know what to destroy?
  • 26. 1. Intro 2. State 3. Modules 4. Best practices 5. Gotchas 6. Recap Outline
  • 27. Terraform records state of everything it has done
  • 28. > ls -al -rw-r--r-- 6024 Apr 5 17:58 terraform.tfstate -rw-r--r-- 6024 Apr 5 17:58 terraform.tfstate.backup By default, state is stored locally in .tfstate files
  • 29. > terraform remote config -backend=s3 -backend-config=bucket=my-s3-bucket -backend-config=key=terraform.tfstate -backend-config=encrypt=true -backend-config=region=us-east-1 You can enable remote state storage in S3, Atlas, Consul, etc.
  • 30. Only Atlas provides locking, but it can be expensive
  • 33. Terragrunt is a thin, open source wrapper for Terraform
  • 34. It provides locking using DynamoDB
  • 35. dynamoDbLock = { stateFileId = "mgmt/bastion-host" } remoteState = { backend = "s3" backendConfigs = { bucket = "acme-co-terraform-state" key = "mgmt/bastion-host/terraform.tfstate" } } Terragrunt looks for a .terragrunt file for its configuration.
  • 36. > terragrunt plan > terragrunt apply > terragrunt destroy Use all the normal Terraform commands with Terragrunt
  • 37. > terragrunt apply [terragrunt] Acquiring lock for bastion-host in DynamoDB [terragrunt] Running command: terraform apply aws_instance.example: Creating... ami: "" => "ami-0d729a60" instance_type: "" => "t2.micro” [...] Apply complete! Resources: 1 added, 0 changed, 0 destroyed. [terragrunt] Releasing lock for bastion-host in DynamoDB Terragrunt automatically acquires and releases locks on apply/destroy
  • 38. 1. Intro 2. State 3. Modules 4. Best practices 5. Gotchas 6. Recap Outline
  • 40. That you can reuse, configure, and version control
  • 41. Think of them like blueprints
  • 42. A module is just a folder with Terraform templates
  • 43. Most Gruntwork Infrastructure Packages are Terraform modules
  • 46. variable "name" { description = "The name of the EC2 instance" } variable "ami" { description = "The AMI to run on the EC2 instance" } variable "port" { description = "The port to listen on for HTTP requests" } Specify module inputs in vars.tf
  • 47. resource "aws_instance" "example" { ami = "${var.ami}" instance_type = "t2.micro" user_data = "${template_file.user_data.rendered}" tags { Name = "${var.name}" } } Create resources in main.tf
  • 48. output "url" { value = "http://${aws_instance.example.ip}:${var.port}" } Specify outputs in outputs.tf
  • 51. module "example_rails_app" { source = "./rails-module" } The source parameter specifies what module to use
  • 52. module "example_rails_app" { source = "git::git@github.com:foo/bar.git//module?ref=0.1" } It can even point to a versioned Git URL
  • 53. module "example_rails_app" { source = "git::git@github.com:foo/bar.git//module?ref=0.1" name = "Example Rails App" ami = "ami-123asd1" port = 8080 } Specify the module’s inputs like any other Terraform resource
  • 54. module "example_rails_app_stg" { source = "./rails-module" name = "Example Rails App staging" } module "example_rails_app_prod" { source = "./rails-module" name = "Example Rails App production" } You can reuse the same module multiple times
  • 55. > terraform get -update Get: file:///home/ubuntu/modules/rails-module Get: file:///home/ubuntu/modules/rails-module Get: file:///home/ubuntu/modules/asg-module Get: file:///home/ubuntu/modules/vpc-module Run the get command before running plan or apply
  • 56. 1. Intro 2. State 3. Modules 4. Best practices 5. Gotchas 6. Recap Outline
  • 57. 1. Plan before apply
  • 60. It’s tempting to define everything in 1 template stage prod mgmt
  • 61. But then a mistake anywhere could break everything stage prod mgmt
  • 62. What you really want is isolation for each environment stage prod mgmt
  • 63. stage prod mgmt That way, a problem in stage doesn’t affect prod
  • 65. global (Global resources such as IAM, SNS, S3) └ main.tf └ .terragrunt stage (Non-production workloads, testing) └ main.tf └ .terragrunt prod (Production workloads, user-facing apps) └ main.tf └ .terragrunt mgmt (DevOps tooling such as Jenkins, Bastion Host) └ main.tf └ .terragrunt
  • 66. global (Global resources such as IAM, SNS, S3) └ main.tf └ .terragrunt stage (Non-production workloads, testing) └ main.tf └ .terragrunt prod (Production workloads, user-facing apps) └ main.tf └ .terragrunt mgmt (DevOps tooling such as Jenkins, Bastion Host) └ main.tf └ .terragruntEach folder gets its own .tfstate
  • 67. global (Global resources such as IAM, SNS, S3) └ main.tf └ .terragrunt stage (Non-production workloads, testing) └ main.tf └ .terragrunt prod (Production workloads, user-facing apps) └ main.tf └ .terragrunt mgmt (DevOps tooling such as Jenkins, Bastion Host) └ main.tf └ .terragrunt Use terraform_remote_state to share state between them
  • 69. It’s tempting to define everything in 1 template VPC MySQL Redis Bastion Frontend Backend
  • 70. VPC MySql Redis Bastion Frontend Backend But then a mistake anywhere could break everything
  • 71. What you really want is isolation for each component MySQL VPC Frontend
  • 72. MySQL VPC Frontend That way, a problem in MySQL doesn’t affect the whole VPC
  • 74. global (Global resources such as IAM, SNS, S3) └ iam └ sns stage (Non-production workloads, testing) └ vpc └ mysql └ frontend prod (Production workloads, user-facing apps) └ vpc └ mysql └ frontend mgmt (DevOps tooling such as Jenkins, Bastion Host) └ vpc └ bastion
  • 75. global (Global resources such as IAM, SNS, S3) └ iam └ sns stage (Non-production workloads, testing) └ vpc └ mysql └ frontend prod (Production workloads, user-facing apps) └ vpc └ mysql └ frontend mgmt (DevOps tooling such as Jenkins, Bastion Host) └ vpc └ bastion Each component in each environment gets its own .tfstate
  • 76. global (Global resources such as IAM, SNS, S3) └ iam └ sns stage (Non-production workloads, testing) └ vpc └ mysql └ frontend prod (Production workloads, user-facing apps) └ vpc └ mysql └ frontend mgmt (DevOps tooling such as Jenkins, Bastion Host) └ vpc └ bastion Use terraform_remote_state to share state between them
  • 78. stage └ vpc └ mysql └ frontend prod └ vpc └ mysql └ frontend How do you avoid copy/pasting code between stage and prod?
  • 79. stage └ vpc └ mysql └ frontend prod └ vpc └ mysql └ frontend modules └ vpc └ mysql └ frontend Define reusable modules!
  • 80. stage └ vpc └ mysql └ frontend prod └ vpc └ mysql └ frontend modules └ vpc └ mysql └ frontend └ main.tf └ outputs.tf └ vars.tf Each module defines one reusable component
  • 81. variable "name" { description = "The name of the EC2 instance" } variable "ami" { description = "The AMI to run on the EC2 instance" } variable "memory" { description = "The amount of memory to allocate" } Define inputs in vars.tf to configure the module
  • 82. module "frontend" { source = "./modules/frontend" name = "frontend-stage" ami = "ami-123asd1" memory = 512 } Use the module in stage (stage/frontend/main.tf)
  • 83. module "frontend" { source = "./modules/frontend" name = "frontend-prod" ami = "ami-123abcd" memory = 2048 } And in prod (prod/frontend/main.tf)
  • 84. 6. Use versioned modules
  • 85. stage └ vpc └ mysql └ frontend prod └ vpc └ mysql └ frontend modules └ vpc └ mysql └ frontend If stage and prod point to the same folder, you lose isolation
  • 86. stage └ vpc └ mysql └ frontend prod └ vpc └ mysql └ frontend modules └ vpc └ mysql └ frontend Any change in modules/frontend affects both stage and prod
  • 87. infrastructure-live └ stage └ vpc └ mysql └ frontend └ prod └ vpc └ mysql └ frontend infrastructure-modules └ vpc └ mysql └ frontend Solution: define modules in a separate repository
  • 88. infrastructure-live └ stage └ vpc └ mysql └ frontend └ prod └ vpc └ mysql └ frontend infrastructure-modules └ vpc └ mysql └ frontend Now stage and prod can use different versioned URLs 0.1 0.2
  • 89. module "frontend" { source = "git::git@github.com:foo/infrastructure- modules.git//frontend?ref=0.2" name = "frontend-prod" ami = "ami-123abcd" memory = 2048 } Example Terraform code (prod/frontend/main.tf)
  • 90. 7. State file storage
  • 92. dynamoDbLock = { stateFileId = "mgmt/bastion-host" } Use a custom lock (stateFileId) for each set of templates
  • 93. remoteState = { backend = "s3" backendConfigs = { bucket = "acme-co-terraform-state" key = "mgmt/bastion-host/terraform.tfstate" encrypt = "true" } } Use an S3 bucket with encryption for remote state storage
  • 94. Enable versioning on the S3 bucket!
  • 96. Terraform is declarative, so very little “logic” is possible…
  • 97. But you can “loop” to create multiple resources using count
  • 98. resource "aws_instance" "example" { count = 1 ami = "${var.ami}" instance_type = "t2.micro" tags { Name = "${var.name}" } } Create one EC2 Instance
  • 99. resource "aws_instance" "example" { count = 3 ami = "${var.ami}" instance_type = "t2.micro" tags { Name = "${var.name}" } } Create three EC2 Instances
  • 100. Use count.index to modify each “iteration”
  • 101. resource "aws_instance" "example" { count = 3 ami = "${var.ami}" instance_type = "t2.micro" tags { Name = "${var.name}-${count.index}" } } Create three EC2 Instances, each with a different name
  • 102. Do even more with interpolation functions: terraform.io/docs/configuration/interpolation.html
  • 103. resource "aws_instance" "example" { count = 3 ami = "${element(var.amis, count.index)}" instance_type = "t2.micro" tags { Name = "${var.name}-${count.index}" } } variable "amis" { type = "list" default = ["ami-abc123", "ami-abc456", "ami-abc789"] } Create three EC2 Instances, each with a different AMI
  • 104. output "all_instance_ids" { value = ["${aws_instance.example.*.id}"] } output "first_instance_id" { value = "${aws_instance.example.0.id}" } Note: resources with count are actually lists of resources!
  • 106. Terraform is declarative, so very little “logic” is possible…
  • 107. But you can do a limited form of if-statement using count
  • 108. resource "aws_instance" "example" { count = "${var.should_create_instance}" ami = "ami-abcd1234" instance_type = "t2.micro" tags { Name = "${var.name}" } } variable "should_create_instance" { default = true } Note the use of a boolean in the count parameter
  • 109. In HCL: • true = 1 • false = 0
  • 110. resource "aws_instance" "example" { count = "${var.should_create_instance}" ami = "ami-abcd1234" instance_type = "t2.micro" tags { Name = "${var.name}" } } variable "should_create_instance" { default = true } So this creates 1 EC2 Instance if should_create_instance is true
  • 111. resource "aws_instance" "example" { count = "${var.should_create_instance}" ami = "ami-abcd1234" instance_type = "t2.micro" tags { Name = "${var.name}" } } variable "should_create_instance" { default = true } Or 0 EC2 Instances if should_create_instance is false
  • 112. It’s equivalent to: if (should_create_instance) create_instance()
  • 113. There are many permutations of this trick (e.g. using length)
  • 114. 1. Intro 2. State 3. Modules 4. Best practices 5. Gotchas 6. Recap Outline
  • 115. 1. Valid plans can fail
  • 116. Valid plan to create IAM instance profiles > terraform plan + aws_iam_instance_profile.instance_profile arn: "<computed>" create_date: "<computed>" name: "stage-iam-nat-role" path: "/" roles.2760019627: "stage-iam-nat-role" unique_id: "<computed>” Plan: 1 to add, 0 to change, 0 to destroy.
  • 117. But the instance profile already exists in IAM!
  • 118. You get an error > terraform apply Error applying plan: * Error creating IAM role stage-iam-nat-role: EntityAlreadyExists: Role with name stage-iam-nat-role already exists status code: 409, requestId: [e6812c4c-6fac-495c-be9d]
  • 119. Conclusion: Never make out-of- band changes.
  • 120. 2. AWS is eventually consistent
  • 121. Terraform doesn’t always wait for a resource to propagate
  • 122. Which causes a variety of intermittent bugs:
  • 123. > terraform apply ... * aws_route.internet-gateway: error finding matching route for Route table (rtb-5ca64f3b) and destination CIDR block (0.0.0.0/0)
  • 124. > terraform apply ... * Resource 'aws_eip.nat' does not have attribute 'id' for variable 'aws_eip.nat.id'
  • 125. > terraform apply ... * aws_subnet.private-persistence.2: InvalidSubnetID.NotFound: The subnet ID 'subnet-xxxxxxx' does not exist
  • 126. > terraform apply ... * aws_route_table.private-persistence.2: InvalidRouteTableID.NotFound: The routeTable ID 'rtb-2d0d2f4a' does not exist
  • 127. > terraform apply ... * aws_iam_instance_profile.instance_profile: diffs didn't match during apply. This is a bug with Terraform and should be reported. * aws_security_group.asg_security_group_stg: diffs didn't match during apply. This is a bug with Terraform and should be reported. The most generic one: diffs didn’t match during apply
  • 128. Most of these are harmless. Just re-run terraform apply.
  • 129. And try to run Terraform close to your AWS region (replica lag)
  • 130. 3. Avoid inline resources
  • 131. resource "aws_route_table" "main" { vpc_id = "${aws_vpc.main.id}" route { cidr_block = "10.0.1.0/24" gateway_id = "${aws_internet_gateway.main.id}" } } Some resources allow blocks to be defined inline…
  • 132. resource "aws_route_table" "main" { vpc_id = "${aws_vpc.main.id}" } resource "aws_route" "internet" { route_table_id = "${aws_route_table.main.id}" cidr_block = "10.0.1.0/24" gateway_id = "${aws_internet_gateway.main.id}" } Or in a separate resource
  • 133. resource "aws_route_table" "main" { vpc_id = "${aws_vpc.main.id}" } resource "aws_route" "internet" { route_table_id = "${aws_route_table.main.id}" cidr_block = "10.0.1.0/24" gateway_id = "${aws_internet_gateway.main.id}" } Pick one technique or the other (separate resource is preferable)
  • 134. resource "aws_route_table" "main" { vpc_id = "${aws_vpc.main.id}" } resource "aws_route" "internet" { route_table_id = "${aws_route_table.main.id}" cidr_block = "10.0.1.0/24" gateway_id = "${aws_internet_gateway.main.id}" } If you use both, you’ll get confusing errors!
  • 135. Affected resources: • aws_route_table • aws_security_group • aws_elb • aws_network_acl
  • 137. There is a significant limitation on the count parameter:
  • 138. You cannot compute count from dynamic data
  • 139. Example: this code won’t work data "aws_availability_zones" "zones" {} resource "aws_subnet" "public" { count = "${length(data.aws_availability_zones.zones.names)}" cidr_block = "${cidrsubnet(var.cidr_block, 5, count.index}" availability_zone = "${element(data.aws_availability_zones.zones.names, count.index)}" }
  • 140. > terraform apply ... * strconv.ParseInt: parsing "${length(data.aws_availability_zones.zones.names)}": invalid syntax
  • 141. data.aws_availability_zones won’t work since it fetches data resource "aws_subnet" "public" { count = "${length(data.aws_availability_zones.zones.names)}" cidr_block = "${cidrsubnet(var.cidr_block, 5, count.index}" availability_zone = "${element(data.aws_availability_zones.zones.names, count.index)}" }
  • 142. A fixed number is OK resource "aws_subnet" "public" { count = 3 cidr_block = "${cidrsubnet(var.cidr_block, 5, count.index}" availability_zone = "${element(data.aws_availability_zones.zones.names, count.index)}" }
  • 143. So is a hard-coded variable resource "aws_subnet" "public" { count = "${var.num_availability_zones}" cidr_block = "${cidrsubnet(var.cidr_block, 5, count.index}" availability_zone = "${element(data.aws_availability_zones.zones.names, count.index)}" } variable "num_availability_zones" { default = 3 }
  • 144. For more info, see: github.com/hashicorp/terraform/issues/3888
  • 145. 1. Intro 2. State 3. Modules 4. Best practices 5. Gotchas 6. Recap Outline
  • 146. Advantages of Terraform: 1. Define infrastructure-as-code 2. Concise, readable syntax 3. Reuse: inputs, outputs, modules 4. Plan command! 5. Cloud agnostic 6. Very active development
  • 147. Disadvantages of Terraform: 1. Maturity. You will hit bugs. 2. Collaboration on Terraform state is tricky (but not with terragrunt) 3. No rollback 4. Poor secrets management
  • 148. Questions? Want to know when we share additional DevOps training? Sign up for our Newsletter. gruntwork.io/newsletter