IaC

IaC: Infrastructure as Code

Different IaC Tools:

ad-hoc scripts
configuration management tools (ansible, puppet, docker)
server templating tools (on Amazon images)
orchestration tools (k8s, but is program)
provisioning tools (terraform)

Declarative: specify end state

Imperative: specify commands

Terraform

Basic Setup

Install Terraform by following Here
For AWS, go to IAM and create user named terraform-user and a user group named terraform-group with permissions and add terraform-user to terraform-group: AmazonRDSFullAccess, AmazonEC2FullAccess, IAMFullAccess, AmazonS3FullAccess, AmazonDynamoDBFullAccess, AmazonRoute53FullAccess, AmazonVPCFullAccess, AdministratorAccess
install AWS command line
make sure you have payment method setup
use export TF_LOG="DEBUG" and export TF_LOG_PATH="tmp/terraform.log" for debugging

Terraform interact with providers (like AWS CLI) to talk to clouds.

Here is a list of all providers terraform supports. You can also program your own provider.

Then run aws configure [accessKeyID] and you can create a CLI access key for user terraform-user with the following set up

AWS_ACCESS_KEY=AK????
AWS_SECRET_KEY=AL+???
AWS_REGION=us-east-1
AWS_OUTPUT_FORMAT=json

and it will generate .aws directory.

You then install VSCode plugin. Create a file named main.tf and setup an example instance like the following (see Here for documentation about AWS instances)


# https://registry.terraform.io/providers/hashicorp/aws/latest

Backend: a terraform state file where terraform store a representation of what is deployed. It is in json readable format containing sensitive information like password. Can either be local or remote, can collaborate.

terraform init command will initialize backend in the current working directory.

The command will download the providers in .terraform/providers directory in the working directory.
It will generate a .terraform.lock.hcl file as well.
.terraform/modules will be created if you use modules.

terraform plan command will query cached state file and compare desired specification to state file.

note that state file should not be modified manually

terraform apply will create the resources

terraform destroy will tear down all resources (everything in state file)

AWS

Account Level: Billing, IAM, Route53

Region Level: S3, DynamoDB

Zone Level: EC2, RDS, EBS

Here is a good video for a introduction of all kinds of Amazon services.

Also the reason why Amazon calls DNS service Route53 is because DNS port is 53

EFS vs S3: The core difference in the EFS vs S3 use case is EFS is designed to be attached to the file as a networked drive where as S3 is designed to be accessed via an API. If you need one networked drive attached to the file system of several EC2 instance / containers simultaneously then go with EFS. If you need highly redundant storage which your application can access via an API then go with S3.

EBS vs S3: The core difference in the EBS vs S3 use case is EBS is designed to be attached to the file system as a drive where as S3 is designed to be accessed via an API. If you need another drive for your EC2 instance then use EBS, if you need to program redundant, high availability storage for you application, be it running on EC2, a container, or a lambda, then S3 is what you need to use.

Table of Content