Getting started terraforming of AWS

Once agan i came into pleasure to define some AWS infrastructure. And while i've had to remebember some of the steps, i've written them down this time for everyone...
This article is about getting started with Hashicorp's terraform and AWS resources.
If you interested in Google Cloud, please read Terraforming GCP...

So what do we need to start...

Terraform binary

Of course you need terraform binary. Download Terraform from
https://www.terraform.io/downloads.html
and put it in the PATH Eviroment variable of your system.

For most Linux distributuons the following comands will do the whole job:

#Linux example.
#1) download
wget https://releases.hashicorp.com/terraform/0.12.0/terraform_0.12.0_linux_amd64.zip  
#2) Unzip
unzip terraform_0.12.0_linux_amd64.zip  
#3) Install
sudo mv terrafrom /usr/bin/  

Probably there is newer terraforom version around when you reas this articel. Take newest.

Initial configuration

There is no configuration needed for terraform binary it self. So when you have a binary on you system you just can start work with it, for example by checkin version of it.

terrafrom -v  

or getting some help over basic comands.

terraform help  

I would say the rest of the configuration is project specifig not terraform specific.

Getting AWS credentials

Here we're looking on Amazon Cloud project, so first of all make sure you have an AWS Account and access to it with enough rights to provision needed resources.

Then you have to tell terraform to use credential of AWS user to accessy our AWS account.

AWS credentials

I believe the most convinient way to do so is using shared credentials file

In case of Linux terrafrom will check existence of ~/.aws/credentials configuration first. In fact this is the configuration file used by awscli (AWS console client).

You can create this file by installing awscli and configuring it like:

#install it
pip3 install awscli --upgrade --user  
#configure it
aws configure  
AWS Access Key ID [None]: XXXXXXXXXXXXXXXXEXAMPLE  
AWS Secret Access Key [None]: YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYEXAMPLEKEY  
Default region name [None]: eu-central-1  
Default output format [None]: json  

i recommend this way, but if you like your can create ~/.aws/credentials manually and fill it like this:

cat ~/.aws/credentials  
[default]
aws_access_key_id = XXXXXXXXXXXXXXXXEXAMPLE  
aws_secret_access_key = YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYEXAMPLEKEY  

exchange with your keys of course and it will work as well.

Terraform AWS config

Now there is minimum of config in your terraform project needed. Terraform need to know that aws provider will be used. The only needed prameter is default region in this case.

provider "aws" {  
  region     = "eu-central-1"
}

AWS regions list to help you find the right one.

Well that's all for a minimal start. You can start provisioning of desired resources. I will not cover this broad topic in this article, please leave comment if you like to see some information about it too.

Improvement: Remote state in AWS

Of course you can start and manage state of your AWS resources somehow localy or by commiting it into git. But in my opinion there is no reason not to start with remote state management. Especially if you plan to share your work or work as a team. Just do it from beginning.

And also thi this is relativly simple configuration task in terraform.

terraform {  
  backend "s3" {
    bucket = "terraform"
    key    = "infra-baseline"
    region = "eu-central-1"
  }
}

Obowe you see AWS S3 Bucket selected as remote state location to keep the terraform state. AWS S3 Bucket name is terraform and infrabaseline is a folder in that bucket.

Take a look on documentation for details

Make sure this bucket exists in advance for this configuration

Initialization

Now we are ready to create AWS resources. Let's check if terraform can init the provided configuration:

terraform init  

If triggered for the first time it should download missing modules (AWS provider in our case) and you should see something like:

Initializing the backend...

Initializing provider plugins...  
- Checking for available provider plugins...
- Downloading plugin for provider "aws" (terraform-providers/aws) 2.12.0...

The following providers do not have any version constraints in configuration,  
so the latest version was installed.

To prevent automatic upgrades to new major versions that may contain breaking  
changes, it is recommended to add version = "..." constraints to the  
corresponding provider blocks in configuration, with the constraint strings  
suggested below.

* provider.aws: version = "~> 2.12"

Terraform has been successfully initialized!  
...

Now you are really ready to go! So simple it was.


Might be interesting as well: 2017: Some notes on terrafoming of AWS and article on
Terraforming of GCP