Yagyesh.blogs
TerraWeek Day -6 : Terraform Providers

TerraWeek Day -6 : Terraform Providers

Yagyesh Jha's photo
Yagyesh Jha
·

7 min read

Table of contents

Task 1: Learn and Compare Terraform Providers

What is Terraform Providers:

A provider in Terraform is a plugin that enables interaction with an API. This includes cloud providers, SaaS providers, and other APIs. The providers are specified in the Terraform configuration code. They tell Terraform which services it needs to interact with.

Each cloud provider typically offers its own Terraform provider, tailored to its specific services and resources.

AWS (Amazon Web Services) Provider

  • Comprehensive coverage of AWS services.

  • High-level constructs for common infrastructure patterns (e.g., autoscaling groups).

  • Support for AWS-specific features like CloudFront distributions, Elastic Beanstalk environments, etc.

Supported resources

  • Compute: EC2 instances, ECS clusters, Lambda functions.

  • Networking: VPC, Subnets, Security Groups, Route53 DNS records, Load Balancers.

  • Storage: S3 buckets, EBS volumes, EFS file systems.

  • Databases: RDS instances, DynamoDB tables, ElastiCache clusters.

  • Identity & Access Management: IAM roles, policies, users, groups.

Here is an example of how to use the aws provider in a Terraform configuration:

provider "aws" {
  region = "ap-south-1"
}

resource "aws_instance" "example" {
  ami = "ami-abcd123" # Change the AMI 
  instance_type = "t2.micro"
}

In this example, we are first defining the aws provider. We are specifying the region as us-east-1. Then, we are defining the aws_instance resource. We are specifying the AMI ID and the instance type.

When Terraform runs, it will first install the aws provider. Then, it will use the aws provider to create the virtual machine.

Here are some other examples of providers:

  • Azure Provider

    • Management of Azure resources using Azure Resource Manager (ARM) templates.

    • Support for provisioning and configuring Azure services and features.

    • Integration with Azure DevOps for continuous deployment and pipeline automation.

Supported resources

  • Compute: Virtual machines, Virtual machine scale sets, App Services, Functions.

  • Networking: Virtual networks, Subnets, Load Balancers, Application Gateways.

  • Storage: Blob storage, File storage, Managed Disks, Storage Accounts.

  • Databases: Azure SQL Database, Cosmos DB, MySQL, PostgreSQL.

  • Identity & Access Management: Azure Active Directory, Service Principals.

GCP (Google Cloud Platform) Provider

  • Management of GCP resources using Google Cloud Deployment Manager.

  • Support for provisioning and configuring GCP services and features.

  • Integration with Google Cloud Build for CI/CD pipelines.

Supported resources

  • Compute: Compute Engine instances, GKE clusters, App Engine applications.

  • Networking: VPC networks, Subnets, Load Balancers, Cloud DNS.

  • Storage: Cloud Storage buckets, Persistent Disks.

  • Databases: Cloud SQL instances, Firestore, Datastore.

  • Identity & Access Management: Cloud IAM roles, Service Accounts.

There are many other providers available, and new ones are being added all the time.

Providers are an essential part of Terraform. They allow Terraform to interact with a wide variety of cloud providers and other APIs. This makes Terraform a very versatile tool that can be used to manage a wide variety of infrastructure.

Different ways to configure providers in terraform

There are three main ways to configure providers in Terraform:

In the root module

This is the most common way to configure providers. The provider configuration block is placed in the root module of the Terraform configuration. This makes the provider configuration available to all the resources in the configuration.

provider "aws" {
  region = "ap-south-1"
}

resource "aws_instance" "example" {
  ami = "ami-abcd1234"
  instance_type = "t2.micro"
}

In a child module

You can also configure providers in a child module. This is useful if you want to reuse the same provider configuration in multiple resources.

module "aws_vpc" {
  source = "./aws_vpc"
  providers = {
    aws = aws.ap-south-1
  }
}

resource "aws_instance" "example" {
  ami = "abcd1234"
  instance_type = "t2.micro"
  depends_on = [module.aws_vpc]
}

In the required_providers block

You can also configure providers in the required_providers block. This is useful if you want to make sure that a specific provider version is used.

terraform {
  required_providers {
    aws = {
      source = "hashicorp/aws"
      version = "~> 3.79"
    }
  }
}

resource "aws_instance" "example" {
  ami = "ami-1234abcd"
  instance_type = "t2.micro"
}

The best way to configure providers depends on your specific needs. If you are only using a single provider, then configuring it in the root module is the simplest option. If you are using multiple providers, or if you want to reuse the same provider configuration in multiple resources, then configuring it in a child module is a good option. And if you want to make sure that a specific provider version is used, then configuring it in the required_providers block is the best option.

Task 2: Provider Configuration and Authentication

Provider Configuration:

  • Provider configuration in Terraform involves setting up and specifying the details for interacting with a specific cloud platform or infrastructure service.

  • A provider block is used to define the configuration for each provider in your Terraform configuration files.

  • The provider block specifies the provider's name and contains its configuration settings.

  • Common provider configuration settings include access keys, regions, endpoint URLs, authentication mechanisms, and more.

  • Provider configuration is specific to each cloud provider and requires provider-specific settings to be provided.

  • Set up authentication for each provider on your local machine to establish the necessary credentials for interaction with the respective cloud platforms.

Authentication mechanisms in Terraform:

Here are some common authentication mechanisms in Terraform:

  1. Access Keys/Secret Keys

    • Many cloud providers use access keys (also called access tokens) and secret keys for authentication.

    • These keys are typically obtained from the provider's console and provided in the provider configuration.

    • Examples include AWS Access Key ID and Secret Access Key, Azure Client ID and Client Secret, etc.

  2. Environment Variables

    • Terraform supports authentication through environment variables.

    • You can set environment variables with your access keys and secret keys, and Terraform will automatically use them for authentication.

    • Common environment variables include AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY for AWS, AZURE_CLIENT_ID and AZURE_CLIENT_SECRET for Azure, etc.

  3. Shared Credentials File

    • Terraform can use a shared credentials file for authentication.

    • The file typically resides in your user's home directory and contains access keys and secret keys.

    • You specify the profile name in the provider configuration to use the corresponding credentials.

To set up authentication for each provider on your local machine, follow these general steps for popular cloud providers:

AWS (Amazon Web Services)

  1. Create an IAM user in the AWS Management Console.

  2. Assign appropriate permissions to the IAM user based on your requirements.

  3. After the user is created click on the security credentials tab of the user.

  4. Click on Create an access key.

  5. Select CLI and click on next.

  6. Access keys and secrets are generated, copy from here and configure locally by using the aws configure command

  7. Configure the AWS CLI or set environment variables (AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY) with the credentials. If AWS CLI not installed then first install then then apply aws configure command:

    Azure (Microsoft Azure)

    1. Create an Azure Active Directory (AAD) application registration.

    2. Obtain the Client ID, Client Secret, and Tenant ID for the application registration.

    3. Assign the necessary roles and permissions to the application registration.

    4. Configure the Azure CLI or set environment variables (AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, and AZURE_TENANT_ID) with the credentials.

GCP (Google Cloud Platform)

  1. Create a GCP service account and generate a key file (JSON format).

  2. Assign the appropriate roles and permissions to the service account.

  3. Set the GOOGLE_APPLICATION_CREDENTIALS environment variable to the path of the key file.

Task 3: Practice Using Providers

Create a main.tf file in the directory. Define VPC, Internet Gateway, Subnet, Route Table, security Group, Associate security group with route table, Key Pair and EC2 Instance. Add the following Terraform resource blocks to create a VPC, subnet, route table, and internet gateway, Security Group, Key Pair and EC2 Instance.

  • You can find the GitHub code here

https://github.com/Yagyeshjha/terraform-zero-to-hero/blob/main/Day-5/main.tf

I am writing a simple python code and run on this EC2 instance using provisionar

Run the terraform init command to initialize Terraform:

Then run terraform plan command to see what resources will be created.

Run the terraform apply command to apply the Terraform configuration and create the EC2 instance. You can check the public IP in the output.

Here we can see VPC, Route Table, Subnets, Internet Gateway and EC2 instance are created.

Run the Public IP in the browser and you can see the Python application is installed and running.

Now Run terraform destroy command to destroy the Terraform configuration.

  1. Thank You.

#TWSTerraformTerraweekchallengeCloudDevopsTrainWithShubham Abhishek Veeramalla