Terraform is an IaC(infrastructure as code) software tool, which created by HashiCorp.
Listed as a recommended tool for Infrastructure Provisioning at DevOps Roadmap,
Terraform is a perfect tool for those engaged in occupations such as IT infrastructure engineer, DevOps engineer, and SRE.
- Based on the content for help junior SRE onboarding used in-house. -> Drecom
- A practice repository for using terraform via hands-on to show you how terraform working and what's Drecom-style.
- Please note that the Drecom-style terraform usage patterns are included, these may not be best practice but we use them for our daily work.
- AWS Resources used:
- IAM
- S3
- Api-gateway
- Lambda function
- ECR
- App Runner
- Terraform beginners
- Junior DevOps engineers
- Junior SREs
- etc.
- Terminal application(e.g. iTerm2, wsl2)
- curl
- AWS account(with access key & secret access key)
- A modern browser
- Terraform(0.12+)
- Used Ver. 1.0.0 here
- docker
- Set your AWS Credentials into a example file
- service_account_id = ""
- aws_access_key = ""
- aws_secret_key = ""
- region = "ap-northeast-1"
$ mv terraform.tfvars.example terraform.tfvars
$ vi terraform.tfvars
- To prevent the resources of each environment (staging, production, etc.) from being influenced by each other, Drecom use terraform workspace to get it done.
- Firstly, make a workspace called 'common' to build IAM, S3 bucket resources to your AWS env, via terraform plan & apply
- Secondly, make a workspace called 'system' to build lambda-function, api-gateway, ecr resources to your AWS env, via terraform plan & apply
- Finally, make a workspace called 'production' to build apprunner resources to your AWS env, via terraform plan & apply
- Be free to add other .tf files to see how to build others resources.
- Discussion with your partner based on issues, and see what you can do togerther.
- Don't forget to clear up all AWS resources after workshop, or you may recieve a surprise bill from AWS. :)
You may found the tfstate files are stored here in the local environment,
but the truth is we do all that stuff via CI tool(gitlab-ci, in our case),
since it has some sensitive information that not suitable to be published, so let's do it locally here.
$ git clone git@github.com:drecom/terraform-onboarding.git
$ cd terraform-onboarding
$ mv terraform.tfvars.example terraform.tfvars
$ vi terraform.tfvars
# Several variables are defined by variables.tf
# Before running other command, you may take a look at it.
$ vi variables.tf
$ terraform init
# show all existing workspaces
$ terraform workspace list
$ terraform workspace select common
$ terraform plan
$ terraform apply
See drecom/demo-box's README for more details.
$ terraform workspace select system
$ terraform plan
$ terraform apply
# on workspace system
$ terraform output | grep deployment-invoke-url | awk '{print $3}' | xargs curl
{"drecom": "with entertainment <TIME_NOW+0900>"}
See sample-app's README for more details.
$ terraform workspace select production
$ terraform plan
# It usually takes several minutes
$ terraform apply
- apprunner-url
$ terraform workspace select production
# switch “production = false” to “production = true”
$ vi ec2_variables.tf
$ terraform plan
# It usually takes several minutes
$ terraform apply
# until instance healthy(about 3min)
# check it via AWS console
$ terraform output | grep practice-ec2-public-dns | awk '{print $3}' | xargs curl
$ terraform workspace select production
$ terraform destroy
$ terraform workspace select system
$ terraform destroy
$ terraform workspace select common
$ terraform destroy