Basics of Terraform

So to create a structure for Azure or for AWS we will create our first .tf file in the folder, and assuming we want to build something on AWS we would put a code like that:

provider "aws" {
  region  = "eu-west-2"
  version = "~> 2.7"
}

Now this section above tells the terraform that it will be using AWS as provider, if it’s another provider you would provide correct details based on the documentation for providers. As well the sections inside are dependent on the provider, and for example with AWS we have to provide details of the region, as well as version – the line above tells the terraform that it needs to use at least version 2.7 of the provider. The providers are continuously worked on so you might have to update that value if a new feature have been enabled on latest version. You can as well lock it to a specific version if required as well.

Now that we told the terraform we can start adding a resources, as it’s AWS let’s create IAM User account for Terraform to use:

resource "aws_iam_user" "terraform_executor_user" {
  name = "terraform-init"
}

The structure of the code is as follow:

• resource – this tells the terraform that this is going to create a resource on the provider
• “aws_iam_user” – this is a type of the resource – in this case it is IAM User, you can locate all the types of resources that are part of the specific provider on the same link as above : https://www.terraform.io/docs/providers/index.html
• “terraform_executor_user” – this is the name that you have provided to the resource internally
• { } – between those we provide all required values that that resource is expecting, you can see that in the documentation, so for example for the aws_iam_user here are the details: https://www.terraform.io/docs/providers/aws/r/iam_user.html

Now if you were to run the Terraform assuming we have the AWS credentials correctly stored the system would connect to AWS and create IAM user named: terraform-init on your account. The approach of the terraform is going to scan all the .tf files in the folder root, and will compile all different requests before deciding how and what to initiate first. Let’s say we have a group that we were to create and make that user account member of that group, terraform would determine that group needs to be created first and only after that it would create the user account that needs to be added to the group.

With this way of creating the code the state file that terraform uses to compare what is in the cloud vs what it needs to be created would be stored locally on the machine, while it’s OK if you are to only be building and managing, it it’s prone to errors as well it’s possible to lose that data making it tricky to recover. That’s why as a last point we will store our state file in the S3 Bucket in this scenario.

To do that we need to add terraform runtime details, those are going to be looking like that:

terraform {
  backend "s3" {
    bucket = "tf-state"
    key    = "master.tfstate"
    region = "eu-west-2"
  }
}

This require us to create S3 Bucket with name: tf-state in the eu-west-2 region. And Terraform will then create the file called master.tfstate that it will use to store the state of the environment in. Terraform supports multiple different locations for storing the state file and you can find the details of it here: https://www.terraform.io/docs/backends/index.html

Next week we will look at structuring the code and working with modules.

If you got any questions or you would like us to help you enable the value of Terraform in your organisation please feel free to reach out!