Terraform
28 July 21
Infrastructure as a Code - For provisioning, configuring and managing services.
Open Source, written in Go and developed by Hashicorp. We can deploy resources in the cloud using code. We can use terraform for this process.
For provisioning we use terraform, for configuring we use Ansible.
Terraform three main parts - A core engine, tf file, provider.
The 1st operation is refresh which is done by the core engine. It checks according to the request. Then it will Plan and after that it will Apply. These are Day 1 activities
Configuration or creation will be day 2 activity. We refresh to check whether it is present and also check the state. And it’s decided and at last it will plan and apply.
State file and Provider
Provider helps us for provisioning, core can’t perform these types of wider activities. Providers of AWS can use the target services using APIs.
Providers define a set of resource types(EC2 instance) and data source(details about resource).
Additional file we can see in our tf file is the state file. It captures the real world entity. And when we destroy and apply again, this state file helps in provisioning
A state lock file is also associated, it locks when we apply the build. So that if any change is made in between it will not be affected.
Terraform config file It's a declaration. It's designed by hashicorp and we save it as a .tf file. There will be a file like main.tf file. The core can understand these types of files. Module is also can be written in the main.tf file.
Terraform implementation
We use terraform cmds in our CLI.
After writing a config file the first step we do isterraform init command.
The we useterraform validate
Next we use the terraform plan which says what we have requested. It's like a summary or details we are implementing
At last we use terraform Apply then our build starts
terraform destroy we use to destroy what we have built.
State Management
There will be a state file in the code. It contains consolidated details.
Best practice is to use the state file locally.
terraform refresh checks the real world state and gives the update.
State push to push from local to remote.
Terraform Cloud
It does state management, so no need to bother about real world platforms.
It contains the state file details as logs.
Credential passing
Underlying instances we manage using IAM roles.
KMS in AWS, Vault by terraform can be used.