Open in app

Sign in

Write

Sign in

Infrastructure as a Code (Part 1)

Faroug Mohammed
4 min readJul 27, 2022

Automate the creation of a Complete AWS Infrastructure by Terraform

First, I’d like to apologize that you are about to read my first story :). I will try to update it to be clear in context and meaning.
There are a lot of ideas and changes that might confuse you in my code, But I will try my best to explain them.
Please be aware that this might follow many other parts that will form a big picture of some of the DevOps technology.

Photo by <a href=”https://unsplash.com/@subagjav?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Rizky Subagja</a> on <a href=”https://unsplash.com/s/photos/coffe?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Unsplash</a>
Photo by Rizky Subagja on Unsplash

Second, This is intended for those who know AWS and want to automate their infrastructure using Terraform. or those who know Terraform and want to have a reference.

In case you want to view the other parts of Infrastructure as a Cod on AWS

Don’t worry about the code, it’s there with branches for each part :) → https://github.com/FAROUG/aws_infrastructure_terraform.git

»What is Terraform?

»How does Terraform work?

»Why Terraform?

We will use the principle of separation of concerns by defining and grouping each resource as one file.

README.md   instance.tf   provider.tf   terraform.tfvarsbash-scripts   instance_ami.tf   route_tables.tf   vars.tfdocumentdb.tf   internet_gateway.tf  s3_buckets.tf   vpc.tfec2_autoscaling.tf  keypair.tf   security_groups.tf  vpc_peering.tfefs.tf    launch_templates.tf  subnets.tfiam_policies.tf   nat_gateways.tf   terraform.tfstateiam_roles.tf   out.terraform   terraform.tfstate.backup

First, let’s create a new directory, define AWS as the provider and initialize it to prepare the new directory for use with Terraform.

Defining Terraform Provider

Feel free to use your favourite code editor.

mkdir aws_infrastructure_terrafor
cd aws_infrastructure_terrafor
code . ## using the vscode editor
cat provider.tfterraform {   required_providers {      aws = {         source  = "hashicorp/aws"         version = "~> 4.0"
        }    }}provider "aws" {   profile    = var.AWS_SWITCH_ROLE   access_key = var.AWS_ACCESS_KEY   secret_key = var.AWS_SECRET_KEY   region     = var.AWS_REGION}

In the above provider file, we set the parameter configuration of (profile, access_key, secret_key and region) and its value as a variable.

We will define next on the variable file (vars.tf).
Refer to the below documentation link for more information https://registry.terraform.io/providers/hashicorp/aws/latest/docs

Defining the variable file(vars.tf)

The variable file is used to declare the variables that we will use across all the other terraform files. Variables can have a default value.

cat vars.tfvariable "AWS_ACCESS_KEY" {}variable "AWS_SECRET_KEY" {}variable "AWS_REGION" {default = "us-east-1"}

Variables Management (terraform.tfvars)

Let’s create the terraform.tfvars file to supply the values of both variables (access key and secret key)

Please make sure to include terraform.tfvars file as part of the .gitignore file.

cat terraform.tfvars
AWS_ACCESS_KEY = "OIWNEIN9AW8OININOAIHD"AWS_SECRET_KEY = "5$NnSSEWOINEOINOINA[6;"# AWS_REGION = ""## the below is used on applying this terraform to another aws account that using the swith role access# AWS_SWITCH_ROLE = "other_aws_account_role"

The files are supposed to be like the below pic. Note that on the .gitignore I’ve added the terraform.tfvars (but make sure it’s there under the same folder)

if you have set up the AWS configuration locally using the aws config command. You can then comment out these variables, and at the planning or applying phase, it’ll get these values. See the photo beneath

terraform.tfvars

Now, before we proceed with creating resources by adding new files to the directory. let’s initialize the directory to be used with terraform and let terraform download its necessary files.

terraform init
Terraform initialization

okay so let’s test it out and check if all is good. I’m using the access and secret keys stored on my ~/.aws/config

terraform plan -out out.terraform

The terraform plan command creates an execution plan, which lets you preview the changes that Terraform plans to make to your infrastructure. By default, when Terraform creates a plan it:

  • Reads the current state of any already-existing remote objects to make sure that the Terraform state is up-to-date.
  • Compares the current configuration to the prior state and noting any differences.
  • Proposes a set of change actions that should, if applied, make the remote objects match the configuration.

Refer to this document for more information terraform plan

The terraform plan command will create some files (.terraform, .terraform.lock.hcl, and out.terraform) that we don’t want to include in the repository, so ensure to add them in the .gitignore.

.gitignore
Terraform
AWS
Terraform Aws
Infrastructure As Code
DevOps

--

--

Faroug Mohammed

Written by Faroug Mohammed

3 Followers

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams