IaC: Infrastructure as Code
Different IaC Tools:
ad-hoc scripts
configuration management tools (ansible, puppet, docker)
server templating tools (on Amazon images)
orchestration tools (k8s, but is program)
provisioning tools (terraform)
Declarative: specify end state
Imperative: specify commands
Basic Setup
Install Terraform by following Here
For AWS, go to IAM and create user named terraform-user
and a user group named terraform-group
with permissions and add terraform-user
to terraform-group
: AmazonRDSFullAccess
, AmazonEC2FullAccess
, IAMFullAccess
, AmazonS3FullAccess
, AmazonDynamoDBFullAccess
, AmazonRoute53FullAccess
, AmazonVPCFullAccess
, AdministratorAccess
install AWS command line
make sure you have payment method setup
use export TF_LOG="DEBUG"
and
export TF_LOG_PATH="tmp/terraform.log"
for debugging
Here is a list of all providers terraform supports. You can also program your own provider.
Then run aws configure [accessKeyID]
and you can create a CLI access key for user terraform-user
with the following set up
AWS_ACCESS_KEY=AK????
AWS_SECRET_KEY=AL+???
AWS_REGION=us-east-1
AWS_OUTPUT_FORMAT=json
and it will generate .aws
directory.
You then install VSCode plugin. Create a file named main.tf
and setup an example instance like the following (see Here for documentation about AWS instances)
# https://registry.terraform.io/providers/hashicorp/aws/latest
Backend: a terraform state file where terraform store a representation of what is deployed. It is in json readable format containing sensitive information like password. Can either be local or remote, can collaborate.
terraform init
command will initialize backend in the current working directory.
The command will download the providers in .terraform/providers
directory in the working directory.
It will generate a .terraform.lock.hcl
file as well.
.terraform/modules
will be created if you use modules.
terraform plan
command will query cached state file and compare desired specification to state file.
terraform apply
will create the resources
terraform destroy
will tear down all resources (everything in state file)
Account Level: Billing, IAM, Route53
Region Level: S3, DynamoDB
Zone Level: EC2, RDS, EBS
Here is a good video for a introduction of all kinds of Amazon services.
EFS vs S3: The core difference in the EFS vs S3 use case is EFS is designed to be attached to the file as a networked drive where as S3 is designed to be accessed via an API. If you need one networked drive attached to the file system of several EC2 instance / containers simultaneously then go with EFS. If you need highly redundant storage which your application can access via an API then go with S3.
EBS vs S3: The core difference in the EBS vs S3 use case is EBS is designed to be attached to the file system as a drive where as S3 is designed to be accessed via an API. If you need another drive for your EC2 instance then use EBS, if you need to program redundant, high availability storage for you application, be it running on EC2, a container, or a lambda, then S3 is what you need to use.
Table of Content