Search for previous posts

Blog History

February 27, 2021

AWS Terraform automation: Round 2

This is a round 2 update on my Terraform playbook(my initial playbook was just one giant file). I decided to learn how to break everything up into three separate sections while referencing the outputs from other files, enabling me to selectively apply sections. There is the VPC portion, the logging portion, and finally launching the EC2 instances. You can run only one or all of them depending on your needs. I have thoroughly commented everything so it should be readily understandable. 

NOTE: When using this to continually manage resources, it's very important to keep state files safe and in a central place for team access. They can be uploaded to remote cloud destinations, such as a S3 bucket, through a Terraform module. In my example, everything is just kept local.

I also included a picture below of my VSCode setup, as it might give you a helpful visual of how to efficiently work with this powerful tool, as well as understand the moving pieces a little better. I would advise using VSCode, as there are great extensions for many different languages, and more importantly their folder sidebar enables you to pop in and out of directories/files, or have them split screen. It also has a built in shell to run the code. This makes it easy to work the code in a single monitor. Another feature is the shortcut "Ctrl + /", which will enable you to comment out a whole block of code that is already highlighted. VERY helpful when trying to build/test code, or to just delete a whole resource without deleting your code.

Use Chocolatey to install and update Terraform. IMPORTANT: I have updated the code to utilize some newer features that enable segmentation. You must have version 14> for this code to work.

You can find the files here at my GitHub:

https://github.com/centifanto/Terraform

For each region, you will need to copy whole file structure into a separate folder. Would look like this:

  • Terraform
    • East
      • 1VPC
      • 2Logging
      • 3EC2

As mentioned, each one of these can be applied separately. The steps are initialize, plan, and apply. You need to do this in each directory to apply the code:

  • terraform init
    • This initializes the directory that you are in, downloading modules and dependencies for that specific plan.
  • terraform plan -var-file="cidr_region.tfvars" -out test.tfplan
    • This will validate the plan to ensure syntax and variables are correct. It uses .tfvars files to input the unique variables for the CIDR and region. It then spits this into a ready to go plan.
    • When in directories != 1VPC, you will need to specify the path to this tfvars file like this:
      • "C:\Users\%userprofile%\OneDrive\VScode\Terraform\Terraform_demo\1VPC\cidr_region.tfvars"
  • terraform apply test.tfplan
    • Builds your plan
  • terraform destroy -var-file="cidr_region.tfvars"
    • Destroys all of the resources you just built
    • Conversely, you can also comment out items in your config and Terraform will see them as "removed". The next time you run "apply" it will ask you if you want to destroy those commented out resources.
Pay attention to the red boxes in the image below.
  • You will need a data.tf file in each directory that is not 1VPC. This data file points the directory back to find the information from the terraform.tfstate file.
  • The terraform.tfstate file contains all of the actual resource ID's. This state file also has hooks into the outputs.tf file that enable you to define any information you want extracted and usable by other config files.



No comments:

Post a Comment