Terraform Tutorial for Beginners | FULL COURSE in 1 Hour

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

welcome to this fast-paced terraform for beginners course this course is designed to be completed in just over an hour but it will provide you with a comprehensive introduction to terraform and its capabilities by the end of this course you'll have a solid understanding of the benefits of infrastructure as code as well as how terraform works you'll be able to use terraform to manage and provision your infrastructure during this course you'll learn about terraform's basic syntax and usage as well as how to use it to create and manage infrastructure on Docker and AWS you'll also learn about best practices for using terraform by the end of this course you'll have the skills necessary to use terraform to create manage and Version Control your infrastructure in a consistent and efficient way this will not only save you time and effort but also help you to avoid errors and ensure that your infrastructure is always in the desired state so whether you're a developer system administrator or devops engineer this course will help you to take your infrastructure management skills to the next level it'll also make your job easier and more efficient finally if you find that you need more of an in-depth course you can check out my terraform 101 certified terraform associate course which has more than 10 hours of video content well that's it for now let's get started with this course let's start with the agenda for this course what is infrastructure as code or IAC will spend some time over that talking about the benefits and advantages then we're going to focus on terraform why terraform what problem does it solve and then we're going to have a section on the Hands-On of terraform so we're going to run terraform in a lab we're going to have two examples a Docker example and an AWS example all right so what is infrastructure as code well infrastructure as code is the process of managing and provisioning infrastructure with machine readable definition files so think of it as an executable documentation if you will some of the advantages of infrastructure as code it provides configuration consistency and standardization for deployments it is simple to learn and write as it is more like configuration than development code it allows you to turn manual tasks into simple automated deployments you can create reusable modules for easy sharing and collaboration you can modify existing infrastructure safely by using a dry run before applying changes you can integrate with current application CI CD workflow pipelines for more mature automated deployments he creates a blueprint for your environment it is consistent repeatable item potent and predictable it allows you to create or recreate an application's infrastructure for Disaster Recovery terraform overview terraform is an immutable and declarative provisioning language based on hashicorps configuration language HCL for short or optionally you can use Json it is written in the golang programming language you can use it for a consistent workflow to provision and manage all your infrastructure on-prem or in the cloud throughout its life cycle terraform can manage low-level components like compute storage and networking resources as well as high level components like DNS entries and SAS features terraform is designed to work with almost any infrastructure that provides an API so terraform through the API talks to AWS for example terraform is a stateful application state is a necessary requirement for terraform to function state is kind of a database that allows terraform to map its configuration to the real world terraform is a cloud agnostic tool public or private and therefore isn't limited to a single cloud provider such as AWS cloud formation or Azure resource manager terraform allows it organizations to focus on learning a single tool for deploying its infrastructure regardless of what platform is being deployed on so it really is a multi-cloud deployment platform so what are other tools out there so you've probably seen shaft puppet ansible Powershell scripts bash scripts however these tools work well for configuring the operating system and preparing that operating system to host the application they're not really purpose built for provisioning infrastructure in general and Cloud infrastructure in particular and also platform services so some native Cloud provisioning tools are also available these are also infrastructures code tools and each cloud has its own yaml and or json-based provisioning tool terraform can be used across all major Cloud providers in VM hypervisors so it's kind of a lingua Franca if you will you learn it once you learn the syntax once and then you can use it with different providers all right so let's get started with the Hands-On lab so and we're going to start with lecture one and talk about the basic commands in terraform okay so you go to our GitHub repo and first thing you want to do is run a code space so you can go to the GitHub repo and click the code button and from here you can create a code space on Main you can also Fork this repo into your own repo and do the same thing run code space on Main either way works you don't really need full control over the GitHub repo so just running code space should be fine this will take a few minutes and then you'll be ready to go I'll pause the video in the meantime till we're ready all right so our environment is up and running excellent so as you can see here we have a number of folders and each one corresponds to a lecture that we're going to go through so you can see here from zero one all the way to zero nine and today and for this lecture we're going to talk about basic commands so if you open this a folder and you look here there is one file called main.tf and Dot TF is the terraform configuration extension for any of its files and if you open main.tf this is our main file that terraform is going to use to execute and it's broken into a number of block sections the first one is a terraform block section where we Define providers and as we saw before providers are plugins into the terraform core to be able to use it to extend or to basically talk to the apis of the different providers out there in this case we're going to talk to Docker so here we have a Docker provider and this is the source for it and the version that we're using and it's always a good practice to pin the version just in case in the future somebody else uses your code it will work and it will not go and default to the latest version and might have some and breaking points in the code that will not work now the next block here is called the provider block it depends on the provider sometimes you need to execute or put some options here but in this case for the docker provider we don't need to so we just leave it as is like that then we come to a number of resource blocks in this case we have two resource blocks and think of a resource block as a way to create a resource or provision a resource in this case the first element of the resource block is the type so in this case it's Docker underscore image and then we give it an arbitrary name any name you'd like to name it in this case it's engine underscore image so here this is fixed you can't change that and this one you can change give it whatever name you want and then every resource has some options to choose from in this case the name for our Docker image is engine X colon and the tag for that image the next resource is the docker container resource which allows us to create a container and in this case the arbitrary name we're giving it is nginx underscore container and the name of this container we're going to call it web server and the image we're pulling is the previous image we just pulled so the resource Docker underscore image pulls an image into your local Docker deployment or install and then the we call that image using this option here image Docker underscore image dot nginximage dot image ID so in order notice when we're referencing some other resource we just use the type which is the docker image right here followed by a DOT followed by the name which is the nginx underscore image followed by an attribute that this particular resource has and this attribute is the image underscore ID all this would be shown in the actual doc documentation which I'll show you in just a little bit then we want to expose some parts so the internal port for the container is Port 80. we're going to expose it to our host machine on Port 8080. okay so that's basically all it takes for us to pull an image and run a Docker container now let's run a few commands to get this all working so first of all let's change our directory into the basic commands directory from here our first command to learn on the CLI is terraform Emit and what terraform in it does it initializes our terraform folder here and you can see it says initializing the back end initializes provider plugins so the cruise worker Docker I can't really say the name very well and version is matching 3.0.1 which is right here so it's pulling that provider into our folder here and it tells you terraform has been successfully initialized and notice what happens it created a DOT terraform folder with the provider that we have here and a bunch of code that you can see here there's the binary for that particular provider so that won't open up because it is a binary all right looks great so now let's move on to our next command and also it created this lock file which we will look and understand a little bit more in the next lecture now let's move on to the next command and this one is terraform format Now telephone format will clean up our code so I intentionally put some Extra Spaces here uh maybe a space here and make it look not as neat and tidy so when you write terraformat here it's go ahead gonna go ahead and look through the entire configuration files within your folder and clean it up to make it look a lot nicer so you can see the tabs and the spaces are all fixed and looks a lot nicer that way so that's terraform format the next one is terraform validate so let's make a let's make something here let's make an error somehow and say instead of name Nam and type terraform validate and when you do that you're going to get an error message missing required argument argument name is required and it sometimes even gives you a hint did you mean name with an E here and certainly that's what we meant so back to line 17 put in E and notice in GitHub code spaces I don't need to hit Ctrl s to save it automatically saves my files for me which is really neat and let's run again terraform validate and this time it successfully validates our configuration so the syntax looks well looks good let's go ahead and move to the next next command which is careful plan and what terraform plan does it goes through our entire configuration and gives you a dry run of what terraform is about to provision in this case you can see that let's make this bigger when we ran the command it went through the configuration anything with a green plus sign means it's going to create so the first thing is going to create a Docker container nginx container and it has a bunch of things it will create as you can see attach Bridge command and health checks if we had any labels ports here the ports that we just specified and then also the image we're pulling the docker underscore image and you can see the name of the image as well in total or finally as a summary it tells you the plan will create two resources zero to change Zero to destroy and that's it really it's a dry run you could save this dry run into a file and then run the next Commander from apply or uh an easier way for us is we're just gonna run the next command which is terraform apply and what terraform apply does it will run a plan ahead of the apply and it's the same plan we saw before but then it gives you a prompt asking you do you want to continue we say yes and that will go ahead and create our resources our Docker image and our Docker container for us so we give it a second or two that gets created it gives you apply complete resources to add it I'll even have the port exposed already I can open this in a browser and there we go we will see our nginx default page show up just momentarily and here we go successful we have been able to we're using terraform create a Docker in order pull a Docker image and create a container out of it expose the proper ports everything works very very well and if you notice after this is done a new file gets created called terraform State and we will discuss what this terraform State file along with the terraform block file in our next lecture so the final command we are going to go through is terraform destroy and that as the name implies it will go ahead and destroy our infrastructure that we just created before we destroy that let me run Docker PS for you just to show you the container running as you can see it's running right here with the exposed ports and the web server is the name of the container as we saw in the configuration if you run Docker images you'll also see the nginx image as well so now let's run Docker sorry terraform destroy and what it does similar to terraform apply is going to create a plan for us and in this plan we see that it's going to destroy two resources the docker image here and also the docker container as well so it will run the plan and then ask you whether you want to go ahead and destroy this or not you have to type yes to do so that will destroy our environment for us all right so that is it for this lecture and I will see you in the next one let's now take a look at the Lock and state files so we're back in our repo here and we are in lecture two so lock and state files and if you notice if you go to main.tf it is exactly the same file that we saw before so let's change the directory into this particular folder and once again initialize our folder with terraform so terraform initialized and I'm going to show you a way to deploy this with terraform apply and a flag called Auto approve now this flag is pretty dangerous and not to be used in production because it it doesn't prompt you whether you want to deploy or not it's just going to go ahead and auto approve the deployment now where would you use this do you use this in a csud pipeline and in that pipeline you would have a peer review before you push into production and that will go and deploy for you but again you have to have the review ahead of time once again this has created our container for us and you see nginx running so all looks good all I need to focus on in this lecture really is two files the lock file here and what this lock file does it locks the version of the providers that we're working with so remember the the provider we're working with here is the docker provider and this is the source of it and the version is 3.0.1 so the purpose of the lock file is to make sure we don't shoot ourselves in the foot later down the road and maybe this provider has now version 3.0.2 and we don't want to have somebody else who's using our code um use a newer version that might actually not work with what we have here so that's the purpose of the log file it will sit here in the repo with us and there's no harm in having it here the next one is the terraform State file now this is a sensitive file and that's why you see it's grade out here because in my DOT get ignore you'll see all the state files are uh are ignored when we're pushing into GitHub okay so that's important also the dot terraform folder as you can see is also um not to be pushed into into GitHub okay so back to our state file the reason why is that there can be sensitive information and we'll see in just a few lectures one example of that and as you can see here it really keeps track of the state of our infrastructure so if we scroll down you can see outputs we don't have any outputs here resources we've got a couple of resources so the First Resource is mentioned here which is the docker container and the name of it is engine X container as we saw and it keeps it keeps track of a bunch of things every one of these resources has an ID and uh and so on so you can see all the different parameters you can see the ports to use the external the internal ports and the second resource is that Docker image that we mentioned also has an ID and has some parameters and options as well so this is important when we are keeping track it's a terraform is a stateful application which is amazing because now it can keep track of what has been deployed in the real world through the state file so you can add more to your resources remove some and so on all right so I just want to show you now that when I destroy this resource or these two resources the state file is going to get updated as well so if we run terraform destroyed and I'm going to Cowboy this and say Auto approve again not to be done in production but just to speed things along this will automatically remove our resources and as you can see the state file also got uh got updated now I promised in the previous lecture to show you the actual documentation and where I got this and how I implemented this so let's go ahead and do that and if you type and see let's say Docker actually just to make it easier let's look up this provider so let's go here and say terraform registry and paste this so the terraform registry is a place where you can anybody can create a provider and upload it to this public registry and other folks can basically use those use those providers similar to Docker Hub if you're familiar with Docker hub okay so we are right in our Docker uh provider here and there are some very important things to look at the first one is how to use this provider if you click here it will tell you exactly how to use it so you can grab this copy this code and put it right here and that's exactly what we just what we have right so very simple to start now there's also an example usage that you can work with here one of the parameters for the provider Docker is the uh is to use the Unix sock here but because we're using this locally we don't have to specify it it's fine here's an example of pulling an image just like what we were doing and an example of creating a container so you can grab some of this code here the examples and play around with them test them out to make sure you know what you're doing now the second thing to look at is on the left hand side you would have something called resources and data sources data sources we will cover in a later lecture but resources we saw before remember the docker image and the docker container so Docker image if you click on it it will give you example usage Docker image and remember this is a a keyword that is locked you can't really make changes but this one is the name of the resource that is arbitrary that you can change here's a Docker image and here is also the docker container and you can look at the different options that are are here the required options are the image and the name to use the container and some optional parameters as well that you can see here and at the end usually of each one of those is a this is quite quite a lot of options there is usually a command to show you how to import this so sometimes you might have resources in your infrastructure that have been deployed outside of terraform and you want to import them into terraform so this allows you to do that with terraform import this is outside the scope of this beginners course but you can find it of course in my detailed terraform 101 course all right so that is pretty much it for this lecture we covered what the log file is what terraform State file is and also what to look in in the documentation how to navigate the terraform registry documentation uh for your purposes I'll see you in the next lecture now a very important topic in any uh language programming language is variables so let's tackle that in this lecture and let's go back to our our code here our repo and let's close up all these files and now we're in zero three variables so let's go in and take a look at our file here and as you can see let's make this bigger as you can see now we have a few blocks here called variable blocks and these variable blocks have the keyword variable and then a name for this variable in this case the image underscore name image tag internal Port external port and each one has a type now you don't have to put a type or description or default you can just leave it empty you can leave it like this okay but it is a good practice to give a type for this variable so in this case it is a string so a bunch of letters and numbers the description for it is also good practice so this is the name of the docker image a default a reasonable default that you might need so nginx is is the default in this case it might not it might not make sense to put an nginx as a default image so you can remove this default line but we'll leave it for now because I want to show you something here the next one is the image tag once again at the type the description and in this case 1.23.3 the variable internal Port this is of type number in this case it's digits basically which is Port 80. I give it a description but I did not give it a default and we'll see what happens when you don't give defaults same thing with external Port it's a typed number and I don't have a default for it now these variables we need to reference them right so in our actual code you can see our resource the docker image here we're using something called string interpolation so if you recall in the previous lectures our main image had the the docker image resource had the form of nginx colon 1.23.3 now what we're trying to do is we're trying to build that same format but using variables so in this case I use the keyword VAR dot the name of the variable which is image underscore name here separate by a colon uh and then once again the dollar sign and the curly braces VAR dot image tag right which is this so this all is uh surrounded by parentheses here as you can see double quotes and these double quotes take any kinds of variables with anything in between like I can instead of a colon I can put Dash dash dash for example but of course that doesn't make sense it will give us an error because the the container is looking for the proper syntax which is the name of the image followed by a colon followed by the tack so that's string interpolation the next part here if you don't want or if you just need to reference a variable such as in this case we want the internal and external ports you can just use VAR dot internalport VAR dot external Port we don't need to surround those with the dollar sign and the braces or the the actual um double quotes as well terraform will understand this directly as you can see here now you might not think that this is really that important I can just write whatever I need here the image name the tag and external interim ports so while this is true for this simple example but as you start to write a lot of terraform code it makes a lot more sense to use variables because now you can change the variable assignment here and it will change that multiple places in your code which is really the benefit of having variables in any programming language so let's see this in action and let's change our directory to zero three variables once again we need to terraform initialize this directory since we are we are working in a new directory and now let's run a terraform plan just to remind you of what a plan does and notice when you run telephone plan it's going to ask you for the external Port remember here internal and external ports we did not Define a default so terraform has no way to figure out what port we want or what number we want so external Port let's put 8080 and then you get another prompt for internal Port let's put 80 and then it's going to go ahead and run the plan for you okay so similar to what we saw before so now if we want to run terraform apply once again is going to ask us for the ports so external port 8080 the internal Port is 80 and do we want to proceed yes and that will go ahead and create the container image and the container for us as we've seen before and run everything for us nicely if we run Docker PS it will show us the container once again open a container in the browser we see welcome engine X everything is good to go now I want to show you another way of doing this and what we're going to do is we're going to provide the variable assignments through the CLI itself the way to do that you can run terraform apply and run and use the dash VAR keyword and in here you can surround your external port let's say equals 8080 sorry equals 8080. let's around that with a single quote and then Dash bar again and say internal internal Port equals 80. in this case I put 90. so what you'll see here actually that's a good exercise because now what we'll see it's going to want to destroy something and recreate something so that's the first time you've seen this so plan one and to change nothing is to destroy one because this forces a replacement in place this will have to work or this will have to change now say no because this will break our container because the container listens on Port 80 but what we can do instead just to show you that this will destroy the container is let's change the external port to 80 90 and leave the internal port at 80. now that's another way of providing uh of providing variables into our into terraform and now let's just say yes to deploy that will go ahead and deploy things for us now you can see that we're reading Port 80 90 instead of port 8080 and if we look here it's going to take a second or two to get nginx to run and there we go it's running very well and we've got that covered so now let's go and destroy this environment and now I'll show you a different command to destroy the environment and this is terraform apply with the flag destroy so terraform apply Dash destroy it's the same as terraform destroy and we have to run the same thing we did before so the external Port of 80 90. and our internal internal Port equals to 80. that will run a plan things look good hit yes and that will destroy our environment for us and that is it for this electron variables in the next lecture we will continue looking at variables as well let's continue our discussion on variables so now we are going to go into folder zero four variables continued so let's go and change our directory to that zero four and um before we go ahead and initialize terraform let me show you what this folder contains so we have our main.tf file and here you can see the same thing we saw earlier we have a Docker image and a Docker container resources and we're using variables as we saw earlier so that hasn't changed what has changed is that we moved our variable blocks into a new file called variables.tf if you go into variables.tf you'll see the exact same variable blocks that that were there in the main.tf file now we've moved them over and there is a new file called terraform.tfvars and here is where we're actually assigning all the variables so you might notice that here we have some default values but remember image name and image tag didn't have any defaults and earlier we were defining them or assigning them through the CLI command or we were getting a prompt so now we can actually make all the assignments in a separate file called terraform.tf bars and one key concept about terraform is that it doesn't matter how many files how many terraform files you have in a folder terraform is going to merge them all together as it runs so separating this out to multiple files is completely fine and as you can see here we're assigning nginx 123.3 for the image tag the internal Port is 80 external Port is 8080. I'm going to change this to 80 90 just to show you that this will override the defaults that we have here for the external Port so you can suggest some defaults but at the same time inside of terraform.tfrs that will override your default also if you're running it through the CIA LI or through a prompt that will also override the defaults as well so let's go ahead and terraform in it this folder to get everything set up for us and we will quickly run terraform apply Auto approve just to move faster and here we don't need to specify anything through the CLI and also no prompts will happen it will go ahead and create our container image and also our container for us and we'll see that it will generate this over Port 8090 as you can see here 80 90 and let's open this in a browser and once again welcome to nginx message comes up so everything worked very very well let's go back and destroy our infrastructure terraform destroy Auto approve remember Auto approve is not to be used in production this is just for our demos here and our course and that is it for the selection and I'll catch you in the next one okay let's continue our course here and focus now on creating resources in AWS all right so we will continue here and move to our section five and this section we have two files the first one is main.tf which is now you're used to it our main terraform configuration file here we're using the AWS provider and pinning it to a specific version and this provider requires the region to be specified in the provider block and it takes one resource because we're creating an ec2 instance we need this AWS underscore instance keyword we're going to give web server the name for this resource and it requires the Emi and an instance type here we've hardcorted the Emi later we'll see how we're going to use a data block to get a particular Ami by searching for it and we're also using the my instance type variable to specify T2 micro which we'll see in just a little bit now there's a new block here that we're introducing called the output block and in this case it's the public IP again this is a name that you can give it it's arbitrary and the value is the thing that you need to add or give the output block and in this case we're outputting the AWS instance you can see here that type of the resource dot the name of the resource which is web server dot an attribute in this case our attribute is public underscore IP and also as a good practice to give it a description now the other file variables.tf has two variables region and my instance type region we're going to give it the default Us East one and T2 micro for my instance type so in this case we don't need another file a terraform.tf vars file we're just skipping that giving defaults and we should be good to go so let's go ahead and run terraform init I'm already inside of my inside of my folder here so that ran well now uh you're gonna need an AWS account for this part so if you're part of the terror to the tekkenade subscription for technique Academy then you can simply launch an AWS environment and that will give you the access that you need to an account that Tekken 8 has and it will give you the username password the access keys that you need so you can simply grab this which exports the environment variables that terraform needs to uh to run this is the way that terraform is going to connect to aws's API to create this ec2 instance now we can run a terraform plan and this will again plan what we need here public IP will show up as an output we're creating one resource here which is the instance so we can run terraform apply and let's Auto approve this just to make it go faster and that will create our instance for us so we can wait on that in the meantime we can log into our AWS console so let's grab this URL and grab our password and also our username right here so let's use this is my username and this is the new password I have let's sign in while this signs in let's check on our resource it's still being created oh it's done and the output gives us the public IP of this instance right here this has been successful now let's see our ec2 instance let's go to ec2 and just verify that it is there with the same IP address and we will be done with this lecture shortly all right instance is running let's go in here all right and I can see the instance that's running here and it's the 100.26.227.178 uh exactly what we see here so we've created it with terraform and now we can simply destroy everything as we're used to terraform destroy Auto approve and that will destroy our instance for us and again we can verify in the console that is that it is terminating it takes a couple seconds here and during that period if you quickly peek here and just refresh I guess we didn't do it fast enough or if you just remove instances running you will see that this is our instance and it's shutting down right now while it's still actually in fact shutting down so you just gotta be a little bit patient and give it a few more seconds and it will be good to go there we go it's all done and now we're able to create our first instance in the cloud rather than locally on our machine with Docker now we're using the AWS provider and we'll continue to use it throughout the next few lectures I'll see you in the next lecture in this lecture we're going to talk about data blocks so let's get started now we are in lecture six data blocks so make sure you're there let's change directory to data blocks and now the only difference that we made actually two things we've made um main.tf we now have this block called Data blocks or data block and it's called AWS Ami and what this does it is a get request that goes to um for the AWS API basically and get something to be included in a resource that we want to create so remember resource blocks creates a resource and a data block gets something right so here we're going to get the AWS Ami ID and then we're going to reference it here instead of hard coding the Ami or passing a variable of that Ami what I want to do here is I want to look for the Ubuntu Ami so what happens is I am going to use this most recent option equal to true and I'm going to filter so I'm going to filter on the name and in here I'm looking for Ubuntu images hvm SSD Ubuntu focal 2004 and giving it a wild card here also including virtualization type HF hvm with the owner being the canonical owner and you can you can see more details in this article but basically what this is going to do it's going to return a an ID for a specific Ami the latest Ami for Ubuntu 2004 and I'm going to now reference it down here in the AWS instance resource notice how I'm referencing it I'm using the data keyword here dot the name or the type awsa my DOT the name Ubuntu dot ID to get the Emi ID which again gets passed to the AWS instance to spin that up now the other change that I made here is that I move the outputs to a an output or outputs file here and as I mentioned before in terraform it doesn't matter you can split your configuration across multiple files terraform is intelligent enough to merge everything together so really nothing changed other than moving this output into its own output file and at a minimum usually a good practice is to have a main.tf a variables.tf and an output or outputs.tf file in your in your configuration you may add more things maybe networking or storage as your configuration grows just to kind of split it up a bit but at minimum you have a main variables and output so now let's go ahead and initialized our folder here and we are going to run terraform apply Auto approve right away and just to speed things along and this again should work fine it will create everything we asked it to create and it's going to reference our Ami the data block that we used for the Emi see you can see here data.aws.ami Ubuntu is reading right so it's reading it's getting information and and it will supply this information to our instance which is right here so you can see it grabbed this Ami ID and fed it to the to the ec2 instance and this is complete here's our public IP the dot 155 again if we go into the console you'll see that it is up and running all is good and that is really it for this lecture go ahead and destroy your infrastructure and I will see you in the next lecture in this lecture we're going to see how to include another provider in our terraform configuration so let's get started now we are in seven another provider folder so let's change the directory to that folder and in here what we've done is we've added another provider here called TLS notice we can add as many providers as we want so really you can add an AWS provider a gcp provider an Azure provider really it doesn't matter in this case we want to use the TLs provider which allows us to create a private public key pair and then we're going to push the public key into our ec2 instance so we can SSH into it so so far we haven't been sshing into the ece2 instance all we were seeing is just that it got created in the console that's about it but really not very useful so um right here what we did is we've added a number of resources uh just two to be exact first one is the TLs private key resource and we called it my key and this is using RSA as the algorithm and the RSA bits is 40.96 then we are referencing it using this resource AWS key pair so it's creating a key pair inside of AWS and we're giving it a name here and then we're giving it a uh the public key which is taken from over here TLS private key.mykey Dot Public key openssh is the attribute used to pass the public key over and then in the AWS instance resource we're doing a couple of extra things the first one is the key name which is this key name that we just created AWS key pair mykey.key name so now we're telling the instance to use this key that we just created in AWS and also we need to create a security group to allow SSH inbound and all the internet traffic outbound so you can see here this VPC Security Group IDs is referencing this new resource AWS Security Group dot Security Group one dot ID right here as you can see in Ingress of everything for SSH Port 22 protocol TCP egress is everything from the ec2 instance so let's go ahead and run this so terraform in it as usual to initialize our folder and from here we are going to run a terraform plan just to show you what's going to happen okay in this case we are getting two outputs a private key and a public IP so we need this private key to be able to SSH into the machine public IP we've seen before and we're actually creating four resources this time and the ones that we just went through a little bit ago so here this private key is sensitive it says sensitive value and I'll talk a little bit about what that means in just a bit so for now let's go ahead and apply this configuration while that happens let's take a quick look at our output file and this output file has our public IP from before but now it has our private key as well and this keyword sensitive true means that when the output comes out it's not going to show us that private key and the value here is tlspruitkey.mykey.private keypem as opposed to the public key pem that we saw up here or the public key open SSH that we saw up here okay now you will see that once this create gets created I'll show you that the state file will actually still contain the private key which is very important it's a very important concept to understand when you're working with terraform that sensitive and secrets will appear in your state file so you need to have a mechanism to secure that state file make sure it's encrypted at rest and have some sort of role base Access Control around it to know who exactly gets access to that state file okay as as I mentioned before the private key here doesn't show up it's sensitive The Pledge public key is right here let's hop into our state file really quickly to show you where the private key is it's right here if I do alt Zed you can see private key is obviously right here we see the entire private key um in the output also if you scroll down as part of the resource down here you will be able to see the public key but also the private key as well okay so that's what I wanted to show you as to how it's important to secure your state file okay so now what we want to show you what I want to show you is that you can still even see the output um either like if you run terraform output you're going to see the exact same output that we saw here but if you run terraform output Dash raw and then you type private key that is actually going to show you the private key as well so once again you need to know these things as you're working in production now we want to test our SSH see if we can actually SSH into the machine so let's do that so the first thing you want to do is output this into a file so terraform output raw private key and let's put this in a MyKey dot pem file so that should show up right here so now our private key is stored here the next step is to change the permissions on this file because right now it has it's too permissive so we got to type tighten it up a bit and now finally we can run the SSH command and use the dash I flag to use the um to use the the key file that we just created and also I'll show you how this is a trick where you can use just typical bash to run the terraform output Raw public IP to uh to Output this into this command so the the um the output of this command is going to get replaced here so you can Ubuntu you can SSH with username Ubuntu at this IP address of the output so with that done we can say yes and now we are sshing into that machine and sure enough we are in the machine here as you can see and also if you check check the console you can see our console here here's the 3.94.211.74. so that worked as expected and that is pretty much it for this lecture just make sure that you exit here and destroy the infrastructure and I will see you in the next lecture in this lecture we're going to discuss the topic of modules let's get started all right so we are in the zero eight folder modules so let's make sure we're there and I believe we are perfect and now we're going to talk about modules and we kind of talked about this before but we're we're gonna dig a little bit deeper here and the concept of modules is to basically reuse code so you might be it devops engineer or platform engineer responsible for creating those modules that they can be consumed by developers or by application teams and so on so what you want to do is kind of create some sort of abstraction sometimes so you can put a few resources in a module and create specific things for your organization specific resources that you need to provision you can Version Control modules of course and you can create different versions of them and so on for today's demo we're just going to create a module based on one resource which you typically wouldn't do you probably would use more than one resource in a module but just for explaining purposes we are going to take our TLS resource that we saw before and we're going to put it in a new module so right here this is called the root module where we have our main.tf outputs.tf and variables.tf files and then there is a directory here called modules and inside of modules we have our TLS module or all the other modules that you might include and inside of the module as a best practice is to have at least five files a license file a readme file explaining how to use this module and a main in outputs and a variables file as well of course you can add more if you need to but at minimum you would have these files okay so let's go ahead and take a look at our root module and this root module calls on the TLs child module and we'll see how that works in here we have our AWS and TLS providers and we've got our data uh block we've got some resource blocks we saw before the AWS key pair the AWS instance Security Group then there's a new block here called module and here's where we're calling our child module TLS The Source in this case is local to our folder structure so it's calling modules TLS you may use a source that calls upon a module in a private module registry for example in maybe terraform cloud or any other provider or it could be a public module that you would reference as well in here we're passing some variables into the module so the algorithm is RSA and the RSA bits is 4096 so that goes into the module these variables and these variables can be also defined at the variables level of the root module so we can pass a variable from here all you do is just say algorithm equals VAR dot algorithm for example and that will take the variable from the root module and pass it down to the uh to the child module now we can access outputs from module as well and actually we're doing that right here with the public key that we're going to use with our AWS key pair resource and the way to do that is you call on the module using module keyword dot the name of the module TLS dot the actual output that the module is giving us which we'll see shortly furthermore in the outputs file we can output from the module and back out to the root module in this case we've seen public IP that's straightforward but the private key is actually taken from the module dot TLS dot the private key output that comes from the module itself so the flow of of data comes from the module the TLs module out to the root module out to the user so now let's go into the actual main.tf file inside of the module TLS and you can see all we did is we've taken the resource TLS private key and put it in here and this algorithm RSA bits are looking for variables algorithm RSA bits which we Define here similar to what we do in root modules nothing has changed really same syntax so variables are defined here and then finally the outputs that I told you was coming out of the module going out to the root module we've got two of them private key out and public key out and you can see the values are taken directly from the resource within the module and those are passed out to the root module so that is uh pretty much what a module looks like how you can create a module of course you can consume modules from other folks in the public registry or maybe again internally if you have an internal private registry you can consume those modules as well but it's helpful to create a module yourself so you can know how to utilize others modules okay so let's go ahead and terraform init and we're doing terrible minute at the root module okay and as you can see during the initialization process terraform sees the TLs module in modules.tls so that has registered with terraform now let's run terraform plan make sure everything checks out looks good to me and now let's just run terraform apply and let's Auto approve that and once that's complete let's go ahead and uh double check by sshing into our ec2 instance that we just created or are creating to make sure that the TLs resource that we put into the module is is working and everything is good to go I'm gonna pause the recording it might take a few seconds here and come back to it all right it's successful so let's go and take a look at the um the console here so we see the dot 189 and the dot white 189 everything looks good and let's use the same commands that I showed you in a previous lecture so we're going to grab the output from terraform and we're going to store it in a new file called mikey.pemp and now let's change the permissions on that file and finally let's SSH into that machine all right okay looks good excellent so we're able to SSH into the machine no problem so that is pretty much it for uh this this lecture I hope you uh learned something new and enjoyed it and I will catch you in the next lecture you've made it to the final lecture and in this lecture we're going to put everything together that we've learned so far to create a web server inside of ec2 inside of an ec2 instance in AWS why don't we get started all right so now we are in folder zero nine a web server so let's go there and here what we have is we've got our main.tf file and I will just show you what is new here and all that's new are these two lines the user data and user data are placed on change and this user data is actually referencing a file called install underscore libraries.sh it's a shell script and we're using the file function to call that and if you're if you're familiar with user data it is a way for a new machine that comes up in AWS in most Cloud environments has that and these Cloud environments will give you that option to run a script on launching of their one of their instances to run whatever you want in that script and in this case we're going to run the install libraries sh script which will update apps and install tree install nginx and in nginx we're going to put an HTML body here and just in our index.html file that is the default that nginx is going to render for us and we're going to reload nginx and then we're going to see our website up and running so really that's all that I wanted to show you here and it's quite simple to do with terraform just using this user data option in the AWS instance and we've pretty much captured everything we've seen before in the previous lectures so the outputs we're going to see are public IP our our variables are here as well and um and we also included one more thing before I forget in the security group we've now added our uh http ports to the Ingress so that we can access the web server on Port 80. and uh and that's it so let's go ahead and run this terraform emits and I'll run a terraform plan everything looks good let's run terraform apply Auto approve and it's going to go ahead and deploy this for us we'll take a couple of seconds so I will pause the video and we'll come back after all right so it has completed successfully and let's go and take a look at our new website so let's copy the public IP open a new tab paste that in there and there we go here's our web server nice shiny web server with nginx running we have a picture we have a bunch of really cool stuff going on here so that is pretty much it for this terraform course make sure you go and destroy the infrastructure once you create it you don't want it to to go on running and I hope you learned how to use terraform and why use terraform and the whole point of infrastructure is coding you saw some examples we talked about Docker in a local environment and also how to run ec2 instance in AWS in a cloud so go ahead test it run with it ask questions if you have questions put them in the description of this video let me know what you think of this video and I will catch you in another video [Music] thank you [Music]

Info

Channel: TeKanAid

Views: 10,831

Rating: undefined out of 5

Keywords: terraform tutorial for beginners, terraform tutorial, terraform aws, infrastructure as code, terraform course, terraform tutorial aws, terraform aws tutorial, terraform course for beginners, terraform modules, terraform course youtube, terraform tutorial for beginners aws, terraform tutorial for beginners full course, hashicorp terraform for beginners, hashicorp terraform associate exam, terraform docker, terraform tutorial for begginers

Id: HbG3zVBVYvM

Channel Id: undefined

Length: 64min 6sec (3846 seconds)

Published: Wed Feb 01 2023