Day 6 - Terraform Providers

Day 6 - Terraform Providers

Day 6 of TerraWeek

ยท

8 min read

Task 1: Learn and Compare Terraform Providers

Spend time learning about Terraform providers and their significance in managing resources across various cloud platforms or infrastructure services.

๐Ÿ›‘Terraform Providers

Terraform providers are plugins or connectors that enable Terraform, an infrastructure-as-code tool, to interact with different cloud platforms or infrastructure services. They serve as a bridge between Terraform and the APIs of these platforms/services.

By using the appropriate provider for your target cloud platform (such as AWS, Azure, or GCP), Terraform can create, update, or delete the resources for you based on the defined configuration. The provider handles all the details of making API calls and managing the resources, so you don't have to do it manually.

Here are the key points about the significance of Terraform providers in managing resources across various cloud platforms or infrastructure services:

  • Cross-platform resource management: Terraform providers enable managing resources across multiple cloud platforms or infrastructure services using a unified approach.

  • Infrastructure as Code: Providers allow defining infrastructure configurations as code, facilitating version control, collaboration, and automation.

  • Declarative resource management: Providers handle the complexity of making API calls and ensure that the actual infrastructure state matches the desired state declared in the configuration.

  • Automation and consistency: Providers enable automation of resource provisioning, configuration, and management, ensuring consistent infrastructure across different environments.

  • Resource lifecycle management: Providers facilitate creating, updating, and destroying resources, supporting the entire lifecycle management of infrastructure.

  • Extensibility and community support: Terraform's rich ecosystem of providers, contributed by the community and cloud service providers, allows for the support of various cloud platforms, infrastructure services, and technologies.

Compare the features and supported resources for each cloud platform's Terraform provider to gain a better understanding of their capabilities.

Each cloud provider typically offers its own Terraform provider, tailored to its specific services and resources.

AWS (Amazon Web Services) Provider

  • Comprehensive coverage of AWS services.

  • High-level constructs for common infrastructure patterns (e.g., autoscaling groups).

  • Support for AWS-specific features like CloudFront distributions, Elastic Beanstalk environments, etc.

Supported resources

  • Compute: EC2 instances, ECS clusters, Lambda functions.

  • Networking: VPC, Subnets, Security Groups, Route53 DNS records, Load Balancers.

  • Storage: S3 buckets, EBS volumes, EFS file systems.

  • Databases: RDS instances, DynamoDB tables, ElastiCache clusters.

  • Identity & Access Management: IAM roles, policies, users, groups.

Azure Provider

  • Management of Azure resources using Azure Resource Manager (ARM) templates.

  • Support for provisioning and configuring Azure services and features.

  • Integration with Azure DevOps for continuous deployment and pipeline automation.

Supported resources

  • Compute: Virtual machines, Virtual machine scale sets, App Services, Functions.

  • Networking: Virtual networks, Subnets, Load Balancers, Application Gateways.

  • Storage: Blob storage, File storage, Managed Disks, Storage Accounts.

  • Databases: Azure SQL Database, Cosmos DB, MySQL, PostgreSQL.

  • Identity & Access Management: Azure Active Directory, Service Principals.

GCP (Google Cloud Platform) Provider

  • Management of GCP resources using Google Cloud Deployment Manager.

  • Support for provisioning and configuring GCP services and features.

  • Integration with Google Cloud Build for CI/CD pipelines.

Supported resources

  • Compute: Compute Engine instances, GKE clusters, App Engine applications.

  • Networking: VPC networks, Subnets, Load Balancers, Cloud DNS.

  • Storage: Cloud Storage buckets, Persistent Disks.

  • Databases: Cloud SQL instances, Firestore, Datastore.

  • Identity & Access Management: Cloud IAM roles, Service Accounts.

IBM Cloud Provider

  • Management of IBM Cloud resources using IBM Cloud Schematics.

  • Support for provisioning and managing IBM Cloud services and features.

Supported resources

  • Compute: Virtual servers, VPC instances.

  • Networking: VPC networks, Subnets, Security Groups, Load Balancers.

  • Storage: Block storage volumes, Object storage buckets.

  • Databases: Databases for MongoDB, PostgreSQL, MySQL.

  • Identity & Access Management: IAM roles, Access Groups.

DigitalOcean Provider

  • Provisioning and management of DigitalOcean Droplets (virtual machines).

  • Support for other DigitalOcean resources like volumes, databases, and load balancers.

Supported resources

  • Compute: Droplets (virtual machines).

  • Networking: Floating IPs, Load Balancers.

  • Storage: Block storage volumes, Spaces (object storage).

  • Databases: Managed databases (PostgreSQL, MySQL).

Oracle Cloud Infrastructure (OCI) Provider

  • Management of Oracle Cloud Infrastructure resources and services.

  • Support for provisioning and managing OCI services and features.

Supported resources

  • Compute: Compute instances, Virtual Cloud Networks (VCNs).

  • Networking: Subnets, Load Balancers, Security Lists, DNS.

  • Storage: Block volumes, Object storage buckets.

  • Databases: Autonomous Database, VM DB systems, MySQL, NoSQL.

Task 2: Provider Configuration and Authentication

Explore provider configuration and authentication mechanisms in Terraform.

๐Ÿ›‘ Provider Configuration

  • Provider configuration in Terraform involves setting up and specifying the details for interacting with a specific cloud platform or infrastructure service.

  • A provider block is used to define the configuration for each provider in your Terraform configuration files.

  • The provider block specifies the provider's name and contains its configuration settings.

  • Common provider configuration settings include access keys, regions, endpoint URLs, authentication mechanisms, and more.

  • Provider configuration is specific to each cloud provider and requires provider-specific settings to be provided.

  • Version constraints can be specified in the provider block to ensure compatibility with a specific version of the provider.

  • Set up authentication for each provider on your local machine to establish the necessary credentials for interaction with the respective cloud platforms.

๐Ÿ›‘ Authentication mechanisms in Terraform

Here are some common authentication mechanisms in Terraform:

  1. Access Keys/Secret Keys

    • Many cloud providers use access keys (also called access tokens) and secret keys for authentication.

    • These keys are typically obtained from the provider's console and provided in the provider configuration.

    • Examples include AWS Access Key ID and Secret Access Key, Azure Client ID and Client Secret, etc.

  2. Environment Variables

    • Terraform supports authentication through environment variables.

    • You can set environment variables with your access keys and secret keys, and Terraform will automatically use them for authentication.

    • Common environment variables include AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY for AWS, AZURE_CLIENT_ID and AZURE_CLIENT_SECRET for Azure, etc.

  3. Shared Credentials File

    • Terraform can use a shared credentials file for authentication.

    • The file typically resides in your user's home directory and contains access keys and secret keys.

    • You specify the profile name in the provider configuration to use the corresponding credentials.

  4. Instance Metadata Service

    • Some cloud providers, like AWS, offer an instance metadata service.

    • This service provides temporary access credentials to EC2 instances or virtual machines.

    • Terraform can use the metadata service to authenticate on behalf of the instance, eliminating the need for explicit access keys.

  5. Managed Identity

    • Certain cloud providers, like Azure, support managed identity authentication.

    • With managed identity, you can assign an identity to a resource, such as a virtual machine or a function.

    • Terraform can use this assigned identity for authentication, eliminating the need for explicit access keys or secrets.

  6. Service Principal

    • In Azure, a service principal is a security identity used by applications and services to access Azure resources.

    • Terraform can authenticate using a service principal by providing the client ID, client secret, and tenant ID in the provider configuration.

Set up authentication for each provider on your local machine to establish the necessary credentials for interaction with the respective cloud platforms.

To set up authentication for each provider on your local machine, follow these general steps for popular cloud providers:

AWS (Amazon Web Services)

  1. Create an IAM user in the AWS Management Console.

  2. Assign appropriate permissions to the IAM user based on your requirements.

  3. After the user is created click on the security credentials tab of the user.

  4. Click on Create an access key.

  5. Select CLI and click on next.

  6. Access keys and secrets are generated, copy from here and configure locally by using the aws configure command

  7. Configure the AWS CLI or set environment variables (AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY) with the credentials.

Azure (Microsoft Azure)

  1. Create an Azure Active Directory (AAD) application registration.

  2. Obtain the Client ID, Client Secret, and Tenant ID for the application registration.

  3. Assign the necessary roles and permissions to the application registration.

  4. Configure the Azure CLI or set environment variables (AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, and AZURE_TENANT_ID) with the credentials.

GCP (Google Cloud Platform)

  1. Create a GCP service account and generate a key file (JSON format).

  2. Assign the appropriate roles and permissions to the service account.

  3. Set the GOOGLE_APPLICATION_CREDENTIALS environment variable to the path of the key file.

Task 3: Practice Using Providers

Create a Terraform configuration file named main.tf and configure the chosen provider within it.

  • You can find the GitHub code here

  • Create a main.tf file in the directory. Define VPC, Internet Gateway, Subnet, Route Table, and EC2 Instance. Add the following Terraform resource blocks to create a VPC, subnet, route table, and internet gateway.

  • Create a user data file with the following code.

Deploy a simple resource using the chosen provider. For example, if using AWS, you could provision a Virtual Private Cloud (VPC), Subnet Group, Route Table, Internet Gateway, or a virtual machine.

  • Run the terraform init command to initialize Terraform and run terraform plan command to see what resources will be created.

  • Run the terraform apply command to apply the Terraform configuration and create the EC2 instance. You can check the public IP in the output.

  • Here we can see VPC, Route Table, Subnets, Internet Gateway and EC2 instance are created.

  • Run the Public IP in the browser and you can see the nginx is installed and running.

Experiment with updating the resource configuration in your main.tf file and apply the changes using Terraform. Observe how Terraform intelligently manages the resource changes.

  • I have changed the name of EC2 instance and index file also.

  • Again run the terraform apply command and you can see it is replacing the EC2 instance.

  • The instance is created with a different name.

  • Paste the changed public IP in browser and you can see the changed content as well.

Once you are done experimenting, use the terraform destroy command to clean up and remove the created resources.

  • Run terraform destroy command to destroy the Terraform configuration.

Thank you for reading!!
~Shreya Gupta

Great initiative by the #trainwithshubham community. Thank you Shubham Londhe

#devops #terraweek #terraform #terrafromproviders

ย