Terraform day02

1. • Terraform State
Terraform must store state about your managed infrastructure and configuration.
This state is used by Terraform to map real world resources to your configuration,
keep track of metadata, and to improve performance for large infrastructures.
This state is stored by default in a local file named "terraform.
Desired State:
It is the state where you have defined in your configuration, with the actual state of
your existing resources.
Current State:
Current configuration which is running in the environment and mentioned in the
local file.

3. To refresh the current state:
terraform refresh
Scenario:
If you change a parameter manually in any services inside AWS and
then you want to roll back to previous value then it is mandatory to
have it inside the desired state files.

4. • D. Interpolation, Attributes & Variables:
• Attributes and Output Values
Resource instances managed by Terraform each export attributes whose values
can be used elsewhere in configuration. Output values are a way to expose some
of that information to the user of your module.
Note: For brevity, output values are often referred to as just "outputs" when the
meaning is clear from context.

6. provider "aws" {
region = "us-west-2"
access_key = "PUT-YOUR-ACCESS-KEY-HERE"
secret_key = "PUT-YOUR-SECRET-KEY-HERE"
}
resource "aws_eip" "lb" {
vpc = true
}
output "eip" {
value = aws_eip.lb
}
resource "aws_s3_bucket" "mys3" {
bucket = "kplabs-attribute-demo-001"
}
output "mys3bucket" {
value = aws_s3_bucket.mys3
}

8. provider "aws" {
region = "us-west-2"
access_key = "PUT-YOUR-ACCESS-KEY-HERE"
secret_key = "PUT-YOUR-SECRET-KEY-HERE"
}
resource "aws_instance" "myec2" {
ami = "ami-082b5a644766e0e6f"
instance_type = "t2.micro"
}
resource "aws_eip" "lb" {
vpc = true
}
resource "aws_eip_association" "eip_assoc" {
instance_id = aws_instance.myec2.id
allocation_id = aws_eip.lb.id
}

10. resource "aws_security_group" "allow_tls" {
name = "kplabs-security-group"
ingress {
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["${aws_eip.lb.public_ip}/32"]
# cidr_blocks = [aws_eip.lb.public_ip/32]
}
}

11. Terraform Variables:

13. resource "aws_security_group" "var_demo" {
name = "kplabs-variables"
ingress {
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = [var.vpn_ip]
}
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = [var.vpn_ip]
}
ingress {
from_port = 53
to_port = 53
protocol = "tcp"
cidr_blocks = [var.vpn_ip]
}

14. variable "vpn_ip" {
default = "116.50.30.50/32"
}
Source:

15. Understanding Provisioners in Terraform

19. resource "aws_instance" "myec2" {
ami = "ami-082b5a644766e0e6f"
instance_type = "t2.micro"
provisioner "local-exec" {
command = "echo ${aws_instance.myec2.private_ip} >> private_ips.txt"
}
}
LOCAL EXEC PROVISIONERS

21. resource "aws_instance" "myec2" {
ami = "ami-082b5a644766e0e6f"
instance_type = "t2.micro"
key_name = "kplabs-terraform"
provisioner "remote-exec" {
inline = [
"sudo amazon-linux-extras install -y nginx1.12",
"sudo systemctl start nginx"
]
connection {
type = "ssh"
user = "ec2-user"
private_key = file("./kplabs-terraform.pem")
host = self.public_ip
}
}
}
Remote Exec Provisioners

22. Integrating Ansible with Terraform

23. • Steps:
1. Install Ansible on the system.
2. Write a playbook to install and configure the
applications.
3. Copy and paste the pem file which is tagged to the
instance.
4. Write your tf code to build and provision the instance
. Inside the tf code call ansible playbook to run it like
below.

24. Files:
nginx.yml

25. ec2.tf