DevOps Tools/Configuration/Terraform
(One intermediate revision by one user not shown) | |||
Line 61: | Line 61: | ||
'''note:''' Should you need to find the latest Amazon Linux 2 AMI ID, you can use this [https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/finding-an-ami.html aws cli query I found here.] | '''note:''' Should you need to find the latest Amazon Linux 2 AMI ID, you can use this [https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/finding-an-ami.html aws cli query I found here.] | ||
<nowiki>~$ aws ec2 describe-images --owners amazon --filters 'Name=name,Values=amzn2-ami-hvm-2.0.????????-x86_64-gp2' 'Name=state,Values=available' --query 'reverse(sort_by(Images, &CreationDate))[:1].ImageId' --output text</nowiki> | <nowiki>~$ aws ec2 describe-images --owners amazon --filters 'Name=name,Values=amzn2-ami-hvm-2.0.????????-x86_64-gp2' 'Name=state,Values=available' --query 'reverse(sort_by(Images, &CreationDate))[:1].ImageId' --output text</nowiki> | ||
+ | |||
+ | =Deploy basic S3 bucket= | ||
+ | Same as with the EC2 deployment, you will need a <code>variables.tf</code> and <code>providers.tf</code>.<br> | ||
+ | Within the <code>main.tf</code> you'll want to add this resource: | ||
+ | <nowiki>~$ vim main.tf | ||
+ | resource "aws_s3_bucket" "bucket" { | ||
+ | bucket = "r00tedvw-test-bucket" | ||
+ | acl = "private" | ||
+ | region = "us-east-1" | ||
+ | |||
+ | tags = { | ||
+ | Name = "r00tedvw-test-bucket" | ||
+ | Environment = "r00tedvw" | ||
+ | } | ||
+ | }</nowiki> | ||
+ | |||
+ | =Deploy basic security group= | ||
+ | Building off the prior steps, we can create a security group to allow external access to resources as AWS does not do this by default.<br> | ||
+ | create a new file: <code>security_group.tf</code> | ||
+ | <nowiki>~$ vim security_group.tf | ||
+ | resource "aws_security_group" "instance" { | ||
+ | name = "r00tedvw-tf-group" | ||
+ | |||
+ | ingress { | ||
+ | from_port = 8888 | ||
+ | to_port = 8888 | ||
+ | protocol = "tcp" | ||
+ | cidr_blocks = ["0.0.0.0/0"] | ||
+ | } | ||
+ | }</nowiki> | ||
+ | With that in place, we can call on this new security group using a terraform expression for our EC2 deployment. | ||
+ | <nowiki>~$ vim main.tf | ||
+ | resource "aws_instance" "web" { | ||
+ | ami = "ami-0b898040803850657" | ||
+ | instance_type = "t2.micro" | ||
+ | vpc_security_group_ids = [aws_security_group.instance.id] | ||
+ | |||
+ | tags = { | ||
+ | Name = "tf-test-vm" | ||
+ | Environment = "r00tedvw" | ||
+ | } | ||
+ | }</nowiki> |
Latest revision as of 14:55, 30 September 2019
Terraform
Contents |
[edit] Installation
[edit] CentOS7
Update cache
~$ sudo yum check-update
Download dependencies
~$ sudo yum install -y wget unzip
Download terraform binary in zip from downloads page.
~$ wget https://releases.hashicorp.com/terraform/0.11.13/terraform_0.11.13_linux_amd64.zip
Extract to PATH directory
~$ sudo unzip ./terraform_0.11.13_linux_amd64.zip -d /usr/local/bin/
Verify
~$ terraform -v Terraform v0.11.13
[edit] Deploy basic ec2
[edit] Setup AWS
If you've not done so already, you will need to install the AWS CLI and create a new account for terraform to access aws programmatically. For this example i've opted to give my terraform user admin rights and it also needs programatic access (just an access id/secret key pair).
[edit] Create folder and files
For terraform you will need a folder with at least (3) files.
~$ mkdir ~/terraform && cd ~/terraform ~$ touch main.tf providers.tf variables.tf
[edit] variables.tf
This is our variable store, it will contain the values for variables we can call from other tf files.
~$ vim variables.tf variable "aws_access_key" { default = "23Y8932D923YHDH2RHR4R" } variable "aws_secret_key" { default = "DFHuiofh49fyh92h34dfasdryh7893f" } variable "aws_region" { default = "us-east-1" }
[edit] providers.tf
This is our providers file, it has detailed information about the cloud provider you will be using.
~$ vim providers.tf provider "aws" { access_key = "${var.aws_access_key}" secret_key = "${var.aws_secret_key}" region = "${var.aws_region}" }
[edit] main.tf
This is our main file, it contains the instructions about what we want to setup.
~$ resource "aws_instance" "web" { ami = "ami-0b898040803850657" instance_type = "t2.micro" tags = { Name = "r00tedvw" } }
note: Should you need to find the latest Amazon Linux 2 AMI ID, you can use this aws cli query I found here.
~$ aws ec2 describe-images --owners amazon --filters 'Name=name,Values=amzn2-ami-hvm-2.0.????????-x86_64-gp2' 'Name=state,Values=available' --query 'reverse(sort_by(Images, &CreationDate))[:1].ImageId' --output text
[edit] Deploy basic S3 bucket
Same as with the EC2 deployment, you will need a variables.tf
and providers.tf
.
Within the main.tf
you'll want to add this resource:
~$ vim main.tf resource "aws_s3_bucket" "bucket" { bucket = "r00tedvw-test-bucket" acl = "private" region = "us-east-1" tags = { Name = "r00tedvw-test-bucket" Environment = "r00tedvw" } }
[edit] Deploy basic security group
Building off the prior steps, we can create a security group to allow external access to resources as AWS does not do this by default.
create a new file: security_group.tf
~$ vim security_group.tf resource "aws_security_group" "instance" { name = "r00tedvw-tf-group" ingress { from_port = 8888 to_port = 8888 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } }
With that in place, we can call on this new security group using a terraform expression for our EC2 deployment.
~$ vim main.tf resource "aws_instance" "web" { ami = "ami-0b898040803850657" instance_type = "t2.micro" vpc_security_group_ids = [aws_security_group.instance.id] tags = { Name = "tf-test-vm" Environment = "r00tedvw" } }