DevOps, Uncategorized

In this article, you will get a brief idea of how to use Terraform and GitHub Actions together to automate the process of creating and deploying cloud resources in AWS.

What is Terraform ??

Terraform is a popular Infrastructure as Code (IAC) tool that allows developers to define and provision infrastructure as code, which enables them to automate the process of creating and managing cloud resources.

The article or guide would likely cover how to use Terraform to provision resources on various cloud providers like AWS, Azure and GCP. It would also explain how to use Terraform to manage existing infrastructure, and how to use Terraform modules to organize and reuse code.

It may also explain how to use Terraform to manage state and how to use Terraform’s built-in functions and modules to create reusable and composable infrastructure that can be easily shared and reused across different projects and teams.

By using Terraform, developers can streamline the process of creating and deploying cloud resources, improve the efficiency and speed of the development process, and ensure that the code adheres to best practices and is ready for deployment to production.

Advantages of Using Terraform ??

  • Version Control: Terraform code can be stored in version control systems like git, which allows you to track changes and collaborate with other team members.
  • Reusability: Terraform code can be organized into reusable modules, which makes it easy to share and reuse infrastructure across different projects and teams.
  • Flexibility: Terraform supports multiple cloud providers such as AWS, Azure, and GCP, as well as on-premises and other infrastructure, making it a versatile tool for managing infrastructure.
  • Automation: Terraform allows you to automate the process of creating and managing infrastructure, which can improve the efficiency and speed of the development process.
  • Dry-run: Terraform has a dry-run feature (terraform plan) which allows you to preview the changes that will be made to the infrastructure before actually applying them.
  • State Management: Terraform keeps track of the state of the infrastructure it manages, which allows it to make incremental changes to the infrastructure, and detect drift from the desired state.
  • Cost Management: Terraform allows you to define the resources you need and their respective costs, this will help you in cost
Download Terraform :

There are several ways to download Terraform, depending on your operating system:

Go to Terraform Documentation : https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli

Steps to create the flow

The Terraform code for the SpringBoot Application Project is organized in a specific directory structure. Inside the modules folder, we have defined Terraform code for various resources such as EC2 Instance, ECR, Security Group, IAM, IAM Policy, and IAM Instance Profile. The folder contains Terraform files for outputs and variables that are used to manage these resources.

Here, in terraform_code folder  main.tf we are defining the module of ECR, EC2, IAM and IAM Instance Profile. So, a module is a collection of related resources that are organized together to perform a specific task or function. Modules allow you to reuse and share code across multiple projects, making it easier to manage and maintain your Terraform codebase.

backened.tf → It defines where terraform stores its state data files, we are storing the files in the s3 Bucket.

main.tf → This is where modules of the AWS resources are mentioned and they are pointing to the modules folder.

provider.tf →Defines AWS as the provider

terraform.tfvars →It is a is a file that is used to store values for variables in Terraform. It is a local configuration file that is used to set values for variables that are used in the Terraform configuration files. These values are used to customize the behavior of Terraform when it creates and manages infrastructure.

variables.tf →This is a file in Terraform that is used to define variables that can be used in the Terraform configuration files

modules →This directory contains all resources files which we want to create in AWS account.

For each AWS resources we are creating in AWS, we are creating a separating directory in modules folder.

Let’s check the modules folder one by one :

SECURITY GROUP

This is the security-group terraform file – This creates a security group in AWS. Here, we are passing the name, cidr_blocks and ENV variable using variables terraform file and we are adding 3 ingress rule allowing port 8082, 9000 and 22 port.

This is the output file for security group . This will help us in later stage as it will be used to pass information about the security group to EC2 Terraform modules in the later stages of infrastructure provisioning and management.

IAM

 This is the IAM  terraform file – This creates a IAM role and policy  in AWS. Here, we are passing the name and ENV variable using variables terraform file. Here, we are creating a role to assign it to EC2 Instance and assign it a policy of ECR Full Access.

 

This is the variables terraform file defined for IAM role and policy.

This is the output file for IAM. This will help us in later stage as it will be used to pass information about the IAM to IAM Instance Profile module in the later stages of infrastructure provisioning and management.

IAM Instance Profile

 This is the IAM  Instance Profile terraform file – This creates a IAM Instance Profile in AWS. Here, we are passing the name and IAM role which will be assigning this role created above, variable using variables terraform file. Here, we are creating a IAM Instance Profile which EC2 will be using.

This is the variables terraform file defined for IAM Instance Profile.

This is the output file for IAM Instance Profile. This will help us in later stage as it will be used to pass information about the IAM Instance Profile to EC2 module in the later stages of infrastructure provisioning and management.

EC2 Instance

 This is the EC2 terraform file – This creates EC2 in AWS. Here, we are passing the instance_type, security_ids, instance_profile, Name and ENV variables using variables terraform file. Terraform is getting the AMI id of ubuntu machine using Data sources, where we have defined that we will take most_recent version of ubuntu. The root block of EC2 Instance size is 30 GB and it is encrypted. Here, we will be installing Docker to build images, SonarQube to do code quality checks and Minikube to deploy our spring boot application.

This is the variables terraform file defined for EC2.

ECR

 This is the ECR terraform file – This creates a ECR in AWS. Here, we are passing the name and image_tag_mutability, scan_on_push (enable) , encryption_type (KMS encryption) as variable using variables terraform file. Here, we are creating ECR to store docker images.

This is the variables terraform file defined for ECR.

This is the main terraform files in which we are calling the different resources from modules folder.

Modules in Terraform are useful for organizing and reusing code, as well as for abstraction and encapsulation of resources. They also allow you to create reusable and composable infrastructure that can be easily shared and reused across different projects and teams.

In this , we are having 5 modules (EC2, Security Group, IAM, IAM Instance Profile, ECR) where source is the path where it is calling module resources and the values which are passed are the variables which we are passing using terraform.tfvars file. To pass one value from one module to another module, we use syntax as “module.module_name.output_name”

These are the variables for the outer main terraform file.

This is the provider terraform  file for AWS

This is the backend terraform file – the s3 bucket where we are storing the terraform state files.

It defines where terraform stores its state data files, we are storing the files in the s3 Bucket. This state is stored by default in a local file named “terraform. tfstate”, but it is a best practice to stored it remotely, which works better in a team environment. Storing your state remotely also adds an increased layer of durability, it’s a lot harder to accidentally delete your tfstate file when it is stored remotely. It also provides locking support which prevents anybody from writing to the remote state file whilst someone else is writing to it.

Here we are passing bucket name in bucket attribute and prefix is the directory where you want to create your .tfstate file(“terraform” directory will create automatically after terraform apply command).

This is the terraform.tfvars file where all the values of the variables are getting passed.

This file is used to set the actual values of the variables. So, the workflow is terraform first check the terraform.tfvars file for variables value and if not found take the default values defined in variables.tf file. Example: Assume in terraform.tfvars file, we have set “name” variable as “demo” and in variables.tf we have set “name” variable as “test” . So it will take “demo” as value .

If in case in “name” variable is not mentioned in terraform.tfvars file , then it will take “test” as value (which is mentioned in variables.tf file).

 End Result – Resources created in AWS

Security Group for EC2 Instance

IAM and Instance Profile for EC2 Instance

EC2 Instance to deploy SonarQube, Minikube and Docker

ECR to store docker containers

Terraform Tfstate files in s3 Bucket

To get the whole code for Terraform : Checkout the DevOps Project Github Link

 

Leave a comment

Your email address will not be published. Required fields are marked *