Terraform lab material to go with the Introduction to Terraform presentation. The goal of this presentation is to introduce people to terraform, its concepts and make them comfortable in reading terraform docs and code.
The lab follows the presentation and moves from one exercise to another. Below is the script for the lab. Note that lab may not make a lot of sense without the presentation ;).
The lab assumes you have an AWS Credentials file setup with a user profile. For the purposes of this lab, you should setup your environment to use this profile you created and us-west-2
as the default region. Execute the following commands:
export AWS_DEFAULT_REGION us-west-2
export AWS_ACCOUNT_ID=$(aws sts get-caller-identity | jq --raw-output '.Account')
export AWS_USER=$(aws sts get-caller-identity | jq --raw-output '.Arn' | awk -F'/' '{ print $2 }')
In this lab, we will be using DynamoDB for locking and S3 to keep our state. S3 bucket names need to be globally unique, keep that in mind when creating your bucket below. Therefore, we will be appending the AWS account ID to the bucket.
# Create DynamoDB table
aws dynamodb create-table \
--table-name tflab-terraform-statelock \
--attribute-definitions AttributeName=LockID,AttributeType=S \
--key-schema AttributeName=LockID,KeyType=HASH \
--provisioned-throughput ReadCapacityUnits=2,WriteCapacityUnits=2
# Create S3 Bucket
aws s3api create-bucket \
--acl private \
--region $AWS_DEFAULT_REGION \
--create-bucket-configuration LocationConstraint="$AWS_DEFAULT_REGION" \
--bucket tflab-terraform-statelock-${AWS_ACCOUNT_ID}
# Enable bucket versioning
aws s3api put-bucket-versioning \
--bucket tflab-terraform-statelock-${AWS_ACCOUNT_ID} \
--versioning-configuration Status=Enabled
# Enable default bucket encryption
aws s3api put-bucket-encryption \
--bucket tflab-terraform-statelock-${AWS_ACCOUNT_ID} \
--server-side-encryption-configuration '{"Rules": [{"ApplyServerSideEncryptionByDefault": {"SSEAlgorithm": "AES256"}}]}'
# Basic Setup (empty state)
cd 01-basic-setup
terraform init
terraform plan
tree -Ca .
cat .terraform/terraform.tfstate
cd ..
# Get some basic information about the account
cd 02-get-account-info
terraform init
terraform plan
terraform apply
cd ..
# Basic Networking setup
cd 03-networking-basic-1
terraform init
terraform plan
terraform apply
cd ..
# Introduce the use of variables and show there is no change in plan
cd 03-networking-basic-2
ln -s ../03-networking-basic-1/.terraform
terraform plan
# Change VPC name in AWS UI
terraform plan
terraform apply
# Destroy network setup to prepare for next lab component
terraform destroy
cd ..
# Use complex variables (and re-generate the networks)
cd 04-networking
terraform init
terraform apply
cd ..
# Use outputs to write a shared state for the networking component
cd 05-networking-output
ln -s ../04-networking/.terraform
terraform apply
# Check the output
terraform output
cd ..
# Deploy EC2 instances on the network that was created
cd 06-instances
terraform init
terraform apply
cd ..
Since AWS costs money, let us destroy what we created
cd 05-networking-output
terraform destroy
cd ../06-instances
terraform destroy
aws dynamodb delete-table --table-name tflab-terraform-statelock
aws s3api delete-bucket --bucket tflab-terraform-statelock-${AWS_ACCOUNT_ID} --region $AWS_DEFAULT_REGION