Terraform in Action introduces the infrastructure-as-code (IaC) model that lets you instantaneously create new components and respond efficiently to changes in demand. You’ll use the Terraform automation tool to design and manage servers that can be provisioned, shared, changed, tested, and deployed with a single command.
About the technology
Provision, deploy, scale, and clone your entire stack to the cloud at the touch of a button. In Terraform, you create a collection of simple declarative scripts that define and manage application infrastructure. This powerful infrastructure-as-code approach automates key tasks like versioning and testing for everything from low-level networking to cloud services.
About the book
Terraform in Action shows you how to automate and scale infrastructure programmatically using the Terraform toolkit. Using practical, relevant examples, you’ll use Terraform to provision a Kubernetes cluster, deploy a multiplayer game, and configure other hands-on projects. As you progress to advanced techniques like zero-downtime deployments, you’ll discover how to think in Terraform rather than just copying and pasting scripts.
What's inside
• Cloud architecture with Terraform
• Terraform module sharing and the private module registry
• Terraform security in a multitenant environment
• Strategies for performing blue/green deployments
• Refactoring for code maintenance and reusability
• Running Terraform at scale
• Creating your own Terraform provider
• Using Terraform as a continuous development/continuous delivery platform
About the reader
For readers experienced with a major cloud platform such as AWS. Examples in JavaScript and Golang.
About the author
Scott Winkler is a DevOps engineer and a distinguished Terraform expert. He has spoken multiple times at HashiTalks and HashiConf, and was selected as a HashiCorp Ambassador and Core Contributor in 2020.
Author(s): Scott Winkler
Edition: 1
Publisher: Manning Publications
Year: 2021
Language: English
Commentary: Vector PDF
Pages: 408
City: Shelter Island, NY
Tags: DevOps; Google Cloud Platform; Amazon Web Services; Microsoft Azure; Cloud Computing; Security; JavaScript; Web Applications; Functional Programming; Docker; Refactoring; Go; Continuous Delivery; Continuous Integration; Automation; Testing; Terraform; Infrastructure as Code; Serverless Applications; Serverless Architecture
Terraform in Action
contents
foreword
preface
acknowledgments
about this book
Who should read this book
How this book is organized: A roadmap
About the code
liveBook discussion forum
about the author
about the cover illustration
Part 1 Terraform bootcamp
1 Getting started with Terraform
1.1 What makes Terraform so great?
1.1.1 Provisioning tool
1.1.2 Easy to use
1.1.3 Free and open source software
1.1.4 Declarative programming
1.1.5 Cloud-agnostic
1.1.6 Richly expressive and highly extensible
1.2 “Hello Terraform!”
1.2.1 Writing the Terraform configuration
1.2.2 Configuring the AWS provider
1.2.3 Initializing Terraform
1.2.4 Deploying the EC2 instance
1.2.5 Destroying the EC2 instance
1.3 Brave new “Hello Terraform!”
1.3.1 Modifying the Terraform configuration
1.3.2 Applying changes
1.3.3 Destroying the infrastructure
1.4 Fireside chat
Summary
2 Life cycle of a Terraform resource
2.1 Process overview
2.1.1 Life cycle function hooks
2.2 Declaring a local file resource
2.3 Initializing the workspace
2.4 Generating an execution plan
2.4.1 Inspecting the plan
2.5 Creating the local file resource
2.6 Performing No-Op
2.7 Updating the local file resource
2.7.1 Detecting configuration drift
2.7.2 Terraform refresh
2.8 Deleting the local file resource
2.9 Fireside chat
Summary
3 Functional programming
3.1 Fun with Mad Libs
3.1.1 Input variables
3.1.2 Assigning values with a variable definition file
3.1.3 Validating variables
3.1.4 Shuffling lists
3.1.5 Functions
3.1.6 Output values
3.1.7 Templates
3.1.8 Printing output
3.2 Generating many Mad Libs stories
3.2.1 for expressions
3.2.2 Local values
3.2.3 Implicit dependencies
3.2.4 count parameter
3.2.5 Conditional expressions
3.2.6 More templates
3.2.7 Local file
3.2.8 Zipping files
3.2.9 Applying changes
3.3 Fireside chat
Summary
4 Deploying a multi-tiered web application in AWS
4.1 Architecture
4.2 Terraform modules
4.2.1 Module syntax
4.2.2 What is the root module?
4.2.3 Standard module structure
4.3 Root module
4.3.1 Code
4.4 Networking module
4.5 Database module
4.5.1 Passing data from the networking module
4.5.2 Generating a random password
4.6 Autoscaling module
4.6.1 Trickling down data
4.6.2 Templating a cloudinit_config
4.7 Deploying the web application
4.8 Fireside chat
Summary
Part 2 Terraform in the wild
5 Serverless made easy
5.1 The “two-penny website”
5.2 Architecture and planning
5.2.1 Sorting by group and then by size
5.3 Writing the code
5.3.1 Resource group
5.3.2 Storage container
5.3.3 Storage blob
5.3.4 Function app
5.3.5 Final touches
5.4 Deploying to Azure
5.5 Combining Azure Resource Manager (ARM) with Terraform
5.5.1 Deploying unsupported resources
5.5.2 Migrating from legacy code
5.5.3 Generating configuration code
5.6 Fireside chat
Summary
6 Terraform with friends
6.1 Standard and enhanced backends
6.2 Developing an S3 backend module
6.2.1 Architecture
6.2.2 Flat modules
6.2.3 Writing the code
6.3 Sharing modules
6.3.1 GitHub
6.3.2 Terraform Registry
6.4 Everyone gets an S3 backend
6.4.1 Deploying the S3 backend
6.4.2 Storing state in the S3 backend
6.5 Reusing configuration code with workspaces
6.5.1 Deploying multiple environments
6.5.2 Cleaning up
6.6 Introducing Terraform Cloud
6.7 Fireside chat
Summary
7 CI/CD pipelines as code
7.1 A tale of two deployments
7.2 CI/CD for Docker containers on GCP
7.2.1 Designing the pipeline
7.2.2 Detailed engineering
7.3 Initial workspace setup
7.3.1 Organizing the directory structure
7.4 Dynamic configurations and provisioners
7.4.1 for_each vs. count
7.4.2 Executing scripts with provisioners
7.4.3 Null resource with a local-exec provisioner
7.4.4 Dealing with repeating configuration blocks
7.4.5 Dynamic blocks: Rare boys
7.5 Configuring a serverless container
7.6 Deploying static infrastructure
7.7 CI/CD of a Docker container
7.7.1 Kicking off the CI/CD pipeline
7.8 Fireside chat
Summary
8 A multi-cloud MMORPG
8.1 Hybrid-cloud load balancing
8.1.1 Architectural overview
8.1.2 Code
8.1.3 Deploy
8.2 Deploying an MMORPG on a federated Nomad cluster
8.2.1 Cluster federation 101
8.2.2 Architecture
8.2.3 Stage 1: Static infrastructure
8.2.4 Stage 2: Dynamic infrastructure
8.2.5 Ready player one
8.3 Re-architecting the MMORPG to use managed services
8.3.1 Code
8.3.2 Ready player two
8.4 Fireside chat
Summary
Part 3 Mastering Terraform
9 Zero-downtime deployments
9.1 Lifecycle customizations
9.1.1 Zero-downtime deployments with create_before_destroy
9.1.2 Additional considerations
9.2 Blue/Green deployments
9.2.1 Architecture
9.2.2 Code
9.2.3 Deploy
9.2.4 Blue/Green cutover
9.2.5 Additional considerations
9.3 Configuration management
9.3.1 Combining Terraform with Ansible
9.3.2 Code
9.3.3 Infrastructure deployment
9.3.4 Application deployment
9.4 Fireside chat
Summary
10 Testing and refactoring
10.1 Self-service infrastructure provisioning
10.1.1 Architecture
10.1.2 Code
10.1.3 Preliminary deployment
10.1.4 Tainting and rotating access keys
10.2 Refactoring Terraform configuration
10.2.1 Modularizing code
10.2.2 Module expansions
10.2.3 Replacing multi-line strings with local values
10.2.4 Looping through multiple module instances
10.2.5 New IAM module
10.3 Migrating Terraform state
10.3.1 State file structure
10.3.2 Moving resources
10.3.3 Redeploying
10.3.4 Importing resources
10.4 Testing infrastructure as code
10.4.1 Writing a basic Terraform test
10.4.2 Test fixtures
10.4.3 Running the test
10.5 Fireside chat
Summary
11 Extending Terraform by writing a custom provider
11.1 Blueprints for a Terraform provider
11.1.1 Terraform provider basics
11.1.2 Petstore provider architecture
11.2 Writing the Petstore provider
11.2.1 Setting up the Go project
11.2.2 Configuring the provider schema
11.3 Creating a pet resource
11.3.1 Defining Create()
11.3.2 Defining Read()
11.3.3 Defining Update()
11.3.4 Defining Delete()
11.4 Writing acceptance tests
11.4.1 Testing the provider schema
11.4.2 Testing the pet resource
11.5 Build, test, deploy
11.5.1 Deploying the Petstore API
11.5.2 Testing and building the provider
11.5.3 Installing the provider
11.5.4 Pets as code
11.6 Fireside chat
Summary
12 Automating Terraform
12.1 Poor person’s Terraform Enterprise
12.1.1 Reverse-engineering Terraform Enterprise
12.1.2 Design details
12.2 Beginning at the root
12.3 Developing a Terraform CI/CD pipeline
12.3.1 Declaring input variables
12.3.2 IAM roles and policies
12.3.3 Building the Plan and Apply stages
12.3.4 Configuring environment variables
12.3.5 Declaring the pipeline as code
12.3.6 Touching base
12.4 Deploying the Terraform CI/CD pipeline
12.4.1 Creating a source repository
12.4.2 Creating a least-privileged deployment policy
12.4.3 Configuring Terraform variables
12.4.4 Deploying to AWS
12.4.5 Connecting to GitHub
12.5 Deploying “Hello World!” with the pipeline
12.5.1 Queuing a destroy run
12.6 Fireside chat
12.6.1 FAQ
Summary
13 Security and secrets management
13.1 Securing Terraform state
13.1.1 Removing unnecessary secrets from Terraform state
13.1.2 Least-privileged access control
13.1.3 Encryption at rest
13.2 Securing logs
13.2.1 What sensitive information?
13.2.2 Dangers of local-exec provisioners
13.2.3 Dangers of external data sources
13.2.4 Dangers of the HTTP provider
13.2.5 Restricting access to logs
13.3 Managing static secrets
13.3.1 Environment variables
13.3.2 Terraform variables
13.3.3 Redirecting sensitive Terraform variables
13.4 Using dynamic secrets
13.4.1 HashiCorp Vault
13.4.2 AWS Secrets Manager
13.5 Sentinel and policy as code
13.5.1 Writing a basic Sentinel policy
13.5.2 Blocking local-exec provisioners
13.6 Final words
Summary
appendix A Authenticating to AWS
A.1 Creating an AWS account
A.2 Creating an IAM user
A.3 Installing the AWS CLI (optional)
A.4 Configuring the credentials file
A.5 Configuring the AWS provider in Terraform
appendix B Authenticating to Azure
B.1 Creating an Azure account
B.2 Installing the Azure CLI
B.3 Obtaining credentials via the CLI
B.4 Configuring Azure CLI authentication in Terraform
appendix C Authenticating to GCP
C.1 Creating a GCP account
C.2 Creating a new project
C.3 Installing the Google Cloud SDK
C.4 Authenticating with the Google Cloud SDK
C.5 Configuring the GCP provider in Terraform
appendix D Creating custom resources with the Shell provider
D.1 Installing the provider
D.2 Using the provider
D.3 Final thoughts
appendix E Creating a Petstore data source
E.1 Registering the data source
E.2 Creating the data source
E.3 Writing acceptance tests
E.3.1 Running acceptance tests
E.4 Using the data source
index
A
B
C
D
E
F
G
H
I
J
L
M
N
O
P
Q
R
S
T
U
V
W
Z
Terraform in Action - back