Terraform quickstart

What is Terraform?

Terraform is an open-source IoC (infrastructure as code) software by HashiCorp. It allows us to define and provision infrastructure using a high-level configuration language.

For example, the following piece of code will create a server on AWS.

provider "aws" {
  region = "us-east-1"
}

resource "aws_instance" "example" {
  ami           = "ami-12345678"
  instance_type = "t2.micro"
}

To deploy it, we can just run one command:

> terraform apply

Great right? Here are some Terraform quick-basics:

We interact with Terraform with its CLI. Once we have created our .tf files (configuration files) in our Terraform project, we first need to run init command to initialize the directory as a starting point of our project.

> terraform init

The above command will download the provider and take all the actions required for project initialization.

Now Let’s say we want to check what changes will be made in our environment before applying it to our environment. We can run the following command for that.

> terraform plan

After checking the configuration that will be applied, if we want to proceed with deployment, we can run the apply command.

> terraform apply

The above command will deploy our configuration.

Secure VPC design using Terraform

To deploy any kind of Infrastructure in AWS environment, first we need to create a VPC in AWS. We don’t want to use default VPC provided by AWS as the default VPC is a VPC with public subnets only where each EC2 instance will automatically receive a public IP Address.

The following Terraform source creates a VPC with the following attributes:

– Has public and private subnets

– Has internet gateway

– EC2 instances in private subnets do not get public IP addresses

– Two route tables for public and private subnets

– Association of public route table to public subnets

– Association of private route table to private subnets

– NAT gateway in case EC2 instances in private subnets needs to connect to the internet (For example, fetching updates)

Create a main.tf file with the following configuration:

provider "aws" {
  region                  = "us-west-2"
  shared_credentials_file = "/home/user/.aws/credentials"
  profile                 = "default"
}

resource "aws_vpc" "aws_vpc_terraform" {
  cidr_block = "10.0.0.0/16"

  tags {
    Name  = "aws_vpc_terraform"
   }
}

resource "aws_internet_gateway" "aws_igw" {
  vpc_id = "${aws_vpc.aws_vpc_terraform.id}"

  tags {
    Name  = "aws_igw"
  }
}

resource "aws_subnet" "aws_public_1" {
  vpc_id                  = "${aws_vpc.aws_vpc_terraform.id}"
  cidr_block              = "10.0.1.0/24"
  map_public_ip_on_launch = true
  availability_zone       = "us-west-2a"

  tags = {
    Name  = "aws_public_1"
   }
}

resource "aws_subnet" "aws_public_3" {
  vpc_id                  = "${aws_vpc.aws_vpc_terraform.id}"
  cidr_block              = "10.0.5.0/24"
  map_public_ip_on_launch = true
  availability_zone       = "us-west-2c"

  tags = {
    Name  = "aws_public_3"
  }
}

resource "aws_subnet" "aws_public_2" {
  vpc_id                  = "${aws_vpc.aws_vpc_terraform.id}"
  cidr_block              = "10.0.3.0/24"
  map_public_ip_on_launch = true
  availability_zone       = "us-west-2b"

  tags = {
    Name  = "aws_public_2"
   }
}

resource "aws_subnet" "aws_private_1" {
  vpc_id            = "${aws_vpc.aws_vpc_terraform.id}"
  cidr_block        = "10.0.2.0/24"
  availability_zone = "us-west-2a"

  tags = {
    Name  = "aws_private_1"
  }
}

resource "aws_subnet" "aws_private_2" {
  vpc_id            = "${aws_vpc.aws_vpc_terraform.id}"
  cidr_block        = "10.0.4.0/24"
  availability_zone = "us-west-2b"

  tags = {
    Name  = "aws_private_2"
  }
}

resource "aws_subnet" "aws_private_3" {
  vpc_id            = "${aws_vpc.aws_vpc_terraform.id}"
  cidr_block        = "10.0.6.0/24"
  availability_zone = "us-west-2c"

  tags = {
    Name  = "aws_private_3"
  }
}

resource "aws_eip" "aws_eip_nat" {
  vpc        = <strong>true</strong>
  depends_on = ["aws_internet_gateway.aws_igw"]
}

resource "aws_nat_gateway" "aws_nat_gateway" {
  allocation_id = "${aws_eip.aws_eip_nat.id}"
  subnet_id     = "${aws_subnet.aws_public_3.id}"
  depends_on    = ["aws_internet_gateway.aws_igw"]
}

resource "aws_route_table" "aws_private_route_table" {
  vpc_id = "${aws_vpc.aws_vpc_terraform.id}"

  tags {
    Name  = "aws-3 private route table"
    Owner = "aws-3"
  }
}

resource "aws_route" "private_route" {
  route_table_id         = "${aws_route_table.aws_private_route_table.id}"
  destination_cidr_block = "0.0.0.0/0"
  nat_gateway_id         = "${aws_nat_gateway.aws_nat_gateway.id}"
}

resource "aws_route_table" "aws_public_route_table" {
  vpc_id = "${aws_vpc.aws_vpc_terraform.id}"

  tags {
    Name  = "aws-3 public route table"
  }
}

resource "aws_route" "public_route" {
  route_table_id         = "${aws_route_table.aws_public_route_table.id}"
  destination_cidr_block = "0.0.0.0/0"
  gateway_id             = "${aws_internet_gateway.aws_igw.id}"
}

resource "aws_route_table_association" "public_subnet_us_west_2a_association" {
  subnet_id      = "${aws_subnet.aws_public_1.id}"
  route_table_id = "${aws_route_table.aws_public_route_table.id}"
}

resource "aws_route_table_association" "public_subnet_us_west_2b_association" {
  subnet_id      = "${aws_subnet.aws_public_2.id}"
  route_table_id = "${aws_route_table.aws_public_route_table.id}"
}

resource "aws_route_table_association" "public_subnet_us_west_2c_association" {
  subnet_id      = "${aws_subnet.aws_public_3.id}"
  route_table_id = "${aws_route_table.aws_public_route_table.id}"
}

resource "aws_route_table_association" "private_subnet_us_west_2a_association" {
  subnet_id      = "${aws_subnet.aws_private_1.id}"
  route_table_id = "${aws_route_table.aws_private_route_table.id}"
}

resource "aws_route_table_association" "private_subnet_us_west_2b_association" {
  subnet_id      = "${aws_subnet.aws_private_2.id}"
  route_table_id = "${aws_route_table.aws_private_route_table.id}"
}

resource "aws_route_table_association" "private_subnet_us_west_2c_association" {
  subnet_id      = "${aws_subnet.aws_private_3.id}"
  route_table_id = "${aws_route_table.aws_private_route_table.id}"
}

We can now use terraform apply to create this VPC in our environment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s