Setting up Terraform
Terraform is a great tool. It can make managing your infrastructure nice and efficient.
Lets go through how to set it up when starting to create infrastructure on AWS.
Download Terraform
Head on over to Hashicorp, the lovely people who make Terraform. You’ll need to choose the right kind for your operating system. There are versions for Windows, macOS, Linux, FreeBSD etc.
I’m not going to copy the instruction of how to do this for your OS, but you should end up with the ability to do the following.
$ terraform
Usage: terraform [-version] [-help] <command> [args]
The available commands for execution are listed below.
The most common, useful commands are shown first, followed by
less common or more advanced commands. If you're just getting
started with Terraform, stick with the common commands. For the
other commands, please read the help and docs before usage.
Common commands:
apply Builds or changes infrastructure
...With that sorted we’re now ready to get Terraform setup and connected to AWS. I’ve chosen AWS here as an example as it’s the biggest cloud provider, but this will work with Google Cloud, or any other provider available - we’ll cover providers next.
Providers
Terraform providers docs - https://www.terraform.io/docs/providers/index.html
Providers are very simply modules that enable Terraform for communicate with services and their APIs.
You will find that there are providers for many services available already, from AWS to Github and more.
Lets look at the AWS provider as it’s very mature and you will find there are many examples in the wild if you get stuck.
Let’s start writing some Terraform. Create a new file and write the following to it (feel free to change the region, i’m going to assume you know a little bit about AWS)
# Using the AWS Provider provider "aws" { version = "~> 2.0" region = "eu-west-1" }
We have specified a provider block here, or type “aws” and with both a version and region parameter. The version is then locked by this giving us some stability during use.
You might be wondering where the authentication is at this point, as you AWS account isn’t generally open for use by anyone.
There are 3 ways of sorting that out.
Credentials
access_key = "my-access-key" secret_key = "my-secret-key"
Pretty simple right? We’re just specifying the access key and secret in the Terraform. I should point out this isn’t a super secure way of doing it and actually unless you’re testing this really isn’t a good solution. If you’re going to add this to a repo, github for example, anyone with access to that repo would be able to see them.
Environment Variables
This is a much better solution, especially for environments like CI or any form of automation.
The access key and secret are just held as environment variables and can be used automatically by the provider. You can also set other variables as environment variables, region for example but below I have shown how they can be mixed; some are environment variables and others are in the Terraform code.
$ export AWS_ACCESS_KEY_ID="my-key" $ export AWS_SECRET_ACCESS_KEY="my-secret" provider "aws" { region = "eu-west-1" version = "~> 2.0" }
Shared Credential File
This is similar to the environment variables but instead of storing them like that, we’re just going to store them in a text file and give Terraform the location.
The creds file contains the access key and secret - this is a fairly standard way of setting AWS access credentials on a normal workstation.
provider "aws" { region = "eu-west-1" shared_credentials_file = "/home/crzy/.aws/creds" profile = "terraform" }