Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Infrastructure as Code Cookbook
Infrastructure as Code Cookbook

Infrastructure as Code Cookbook: Automate complex infrastructures

Arrow left icon
Profile Icon Stephane Jourdan Profile Icon Pierre Pomès
Arrow right icon
€22.99 €32.99
Full star icon Full star icon Full star icon Full star icon Empty star icon 4 (1 Ratings)
eBook Feb 2017 440 pages 1st Edition
eBook
€22.99 €32.99
Paperback
€41.99
Subscription
Free Trial
Renews at €18.99p/m
Arrow left icon
Profile Icon Stephane Jourdan Profile Icon Pierre Pomès
Arrow right icon
€22.99 €32.99
Full star icon Full star icon Full star icon Full star icon Empty star icon 4 (1 Ratings)
eBook Feb 2017 440 pages 1st Edition
eBook
€22.99 €32.99
Paperback
€41.99
Subscription
Free Trial
Renews at €18.99p/m
eBook
€22.99 €32.99
Paperback
€41.99
Subscription
Free Trial
Renews at €18.99p/m

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Table of content icon View table of contents Preview book icon Preview Book

Infrastructure as Code Cookbook

Chapter 2. Provisioning IaaS with Terraform

In this chapter, we will cover the following recipes:

  • Configuring the Terraform AWS provider
  • Creating and using an SSH key pair to use on AWS
  • Using AWS security groups with Terraform
  • Creating an Ubuntu EC2 instance with Terraform
  • Generating meaningful outputs with Terraform
  • Using contextual defaults with Terraform
  • Managing S3 storage with Terraform
  • Creating private Docker repositories with Terraform
  • Creating a PostgreSQL RDS database with Terraform
  • Enabling CloudWatch Logs for Docker with Terraform
  • Managing IAM users with Terraform

Introduction

A modern infrastructure often uses multiple providers Amazon Web Services (AWS), OpenStack, Google Cloud, Digital Ocean, and many others), combined with multiple external services (DNS, mail, monitoring, and others). Many providers propose their own automation tool, but the power of Terraform is that it allows you to manage it all from one place, all using code. With it, you can dynamically create machines at two IaaS providers depending on the environment, register their names at another DNS provider, enable monitoring at a third-party monitoring company, while configuring the company GitHub account and sending the application logs to an appropriate service. On top of that, it can delegate configuration to those who do it well (configuration management tools such as Chef, Puppet, and so on), all with the same tool. The state of your infrastructure is described, stored, versioned, and shared.

In this chapter, we'll discover how to use Terraform to bootstrap a fully capable...

Configuring the Terraform AWS provider

We can use Terraform with many IaaS providers, such as Google Cloud or Digital Ocean. Here, we'll configure Terraform to be used with AWS and stick with this provider for the rest of the chapter.

For Terraform to interact with an IaaS, it needs to have a provider configured.

Getting ready

To step through this recipe, you will need the following:

  • An AWS account with keys
  • A working Terraform installation
  • An empty directory to store your infrastructure code
  • An Internet connection

How to do it…

To configure the AWS provider in Terraform, we'll need the following three files:

  • A file declaring our variables, an optional description, and an optional default for each (variables.tf)
  • A file setting the variables for the whole project (terraform.tfvars)
  • A provider file (provider.tf)

Lets declare our variables in the variables.tf file. We can start by declaring what's usually known as the AWS_DEFAULT_REGION, AWS_ACCESS_KEY_ID, and AWS_SECRET_ACCESS_KEY...

Creating and using an SSH key pair to use on AWS

Now we have our AWS provider configured in Terraform, let's add a SSH key pair to use on a default account of the virtual machines we intend to launch soon.

Getting ready

To step through this recipe, you will need the following:

  • A working Terraform installation
  • An AWS provider configured in Terraform
  • Generate a pair of SSH keys somewhere you remember, for example, in the keys folder at the root of your repo:
    $ mkdir keys
    $ ssh-keygen -q -f keys/aws_terraform -C aws_terraform_ssh_key -N ''
    
  • An Internet connection

How to do it…

The resource we want for this is named aws_key_pair. Let's use it inside a keys.tf file, and paste the public key content:

resource "aws_key_pair" "admin_key" {
  key_name   = "admin_key"
  public_key = "ssh-rsa AAAAB3[…]"
}

This will simply upload your public key to your AWS account under the name admin_key:

$ terraform apply
aws_key_pair.admin_key: Creating...

Using AWS security groups with Terraform

Amazon's security groups are similar to traditional firewalls, with ingress (incoming traffic) and egress (outgoing traffic) rules applied to EC2 instances. Those rules can be updated on-demand. We'll create an initial security group allowing ingress Secure Shell (SSH) traffic only for our own IP address, while allowing all outgoing traffic.

Getting ready

To step through this recipe, you will need the following:

  • A working Terraform installation
  • An AWS provider configured in Terraform (refer to the previous recipe)
  • An Internet connection

How to do it…

The resource we're using is called aws_security_group. Here's the basic structure:

resource "aws_security_group" "base_security_group" {
  name        = "base_security_group"
  description = "Base Security Group"

  ingress { }

  egress { }

}

We know we want to allow inbound TCP/22 for SSH only for our own IP (replace 1.2.3.4/32 with yours!...

Creating an Ubuntu EC2 instance with Terraform

We have previously created the requirements to launch a standard virtual machine on AWS EC2 (an SSH key pair and a security group). Let's now launch this virtual machine on EC2, using the specified SSH key pair to log into it and placed inside the security group, so (in our case) SSH is only available from a specific IP address.

Note

This example uses the t2.micro instance available for free in the AWS Free Tier.

Getting ready

To step through this recipe, you will need the following:

  • A working Terraform installation
  • An AWS provider, a SSH key pair, and a Security Group configured in Terraform (refer to the previous recipes)
  • An Internet connection

How to do it…

First, you need to find the correct AMI for your machine. An AMI is like a system disk image for AWS, and is referred to by its ID (that is: ami-df3bceb0 or ami-f2fc9d81). In the Ubuntu case, you can find the AMI you want by going to their Amazon EC2 AMI Locator page (https://cloud...

Generating meaningful outputs with Terraform

Wouldn't it be great if Terraform could show us useful, informational output after a successful run? Following what we've done so far, it would be helpful to know how to connect to the instance, what are the local and public IP addresses, or see the security groups used. That's what Terraform's outputs are for.

Getting ready

To step through this recipe, you will need the following:

  • A working Terraform installation
  • An AWS provider and an EC2 instance (using a SSH keypair and a Security Group), all configured in Terraform (refer to the previous recipes)
  • An Internet connection

How to do it…

Thankfully, we can use the same syntax we're already using to access variables and attributes of references, but this time in an output resource.

Let's start by simply adding a line in outputs.tf that would show us how to connect to our virtual machine, using the public_ip attribute of our dev EC2 instance:

output "login&quot...

Introduction


A modern infrastructure often uses multiple providers Amazon Web Services (AWS), OpenStack, Google Cloud, Digital Ocean, and many others), combined with multiple external services (DNS, mail, monitoring, and others). Many providers propose their own automation tool, but the power of Terraform is that it allows you to manage it all from one place, all using code. With it, you can dynamically create machines at two IaaS providers depending on the environment, register their names at another DNS provider, enable monitoring at a third-party monitoring company, while configuring the company GitHub account and sending the application logs to an appropriate service. On top of that, it can delegate configuration to those who do it well (configuration management tools such as Chef, Puppet, and so on), all with the same tool. The state of your infrastructure is described, stored, versioned, and shared.

In this chapter, we'll discover how to use Terraform to bootstrap a fully capable infrastructure...

Configuring the Terraform AWS provider


We can use Terraform with many IaaS providers, such as Google Cloud or Digital Ocean. Here, we'll configure Terraform to be used with AWS and stick with this provider for the rest of the chapter.

For Terraform to interact with an IaaS, it needs to have a provider configured.

Getting ready

To step through this recipe, you will need the following:

  • An AWS account with keys

  • A working Terraform installation

  • An empty directory to store your infrastructure code

  • An Internet connection

How to do it…

To configure the AWS provider in Terraform, we'll need the following three files:

  • A file declaring our variables, an optional description, and an optional default for each (variables.tf)

  • A file setting the variables for the whole project (terraform.tfvars)

  • A provider file (provider.tf)

Lets declare our variables in the variables.tf file. We can start by declaring what's usually known as the AWS_DEFAULT_REGION, AWS_ACCESS_KEY_ID, and AWS_SECRET_ACCESS_KEY environment variables...

Creating and using an SSH key pair to use on AWS


Now we have our AWS provider configured in Terraform, let's add a SSH key pair to use on a default account of the virtual machines we intend to launch soon.

Getting ready

To step through this recipe, you will need the following:

  • A working Terraform installation

  • An AWS provider configured in Terraform

  • Generate a pair of SSH keys somewhere you remember, for example, in the keys folder at the root of your repo:

    $ mkdir keys
    $ ssh-keygen -q -f keys/aws_terraform -C aws_terraform_ssh_key -N ''
    
  • An Internet connection

How to do it…

The resource we want for this is named aws_key_pair. Let's use it inside a keys.tf file, and paste the public key content:

resource "aws_key_pair" "admin_key" {
  key_name   = "admin_key"
  public_key = "ssh-rsa AAAAB3[…]"
}

This will simply upload your public key to your AWS account under the name admin_key:

$ terraform apply
aws_key_pair.admin_key: Creating...
  fingerprint: "" => "<computed>"
  key_name:    "" =&gt...

Using AWS security groups with Terraform


Amazon's security groups are similar to traditional firewalls, with ingress (incoming traffic) and egress (outgoing traffic) rules applied to EC2 instances. Those rules can be updated on-demand. We'll create an initial security group allowing ingress Secure Shell (SSH) traffic only for our own IP address, while allowing all outgoing traffic.

Getting ready

To step through this recipe, you will need the following:

  • A working Terraform installation

  • An AWS provider configured in Terraform (refer to the previous recipe)

  • An Internet connection

How to do it…

The resource we're using is called aws_security_group. Here's the basic structure:

resource "aws_security_group" "base_security_group" {
  name        = "base_security_group"
  description = "Base Security Group"

  ingress { }

  egress { }

}

We know we want to allow inbound TCP/22 for SSH only for our own IP (replace 1.2.3.4/32 with yours!), and allow everything outbound. Here's how it looks:

ingress {
  from_port...

Creating an Ubuntu EC2 instance with Terraform


We have previously created the requirements to launch a standard virtual machine on AWS EC2 (an SSH key pair and a security group). Let's now launch this virtual machine on EC2, using the specified SSH key pair to log into it and placed inside the security group, so (in our case) SSH is only available from a specific IP address.

Note

This example uses the t2.micro instance available for free in the AWS Free Tier.

Getting ready

To step through this recipe, you will need the following:

  • A working Terraform installation

  • An AWS provider, a SSH key pair, and a Security Group configured in Terraform (refer to the previous recipes)

  • An Internet connection

How to do it…

First, you need to find the correct AMI for your machine. An AMI is like a system disk image for AWS, and is referred to by its ID (that is: ami-df3bceb0 or ami-f2fc9d81). In the Ubuntu case, you can find the AMI you want by going to their Amazon EC2 AMI Locator page (https://cloud-images.ubuntu...

Generating meaningful outputs with Terraform


Wouldn't it be great if Terraform could show us useful, informational output after a successful run? Following what we've done so far, it would be helpful to know how to connect to the instance, what are the local and public IP addresses, or see the security groups used. That's what Terraform's outputs are for.

Getting ready

To step through this recipe, you will need the following:

  • A working Terraform installation

  • An AWS provider and an EC2 instance (using a SSH keypair and a Security Group), all configured in Terraform (refer to the previous recipes)

  • An Internet connection

How to do it…

Thankfully, we can use the same syntax we're already using to access variables and attributes of references, but this time in an output resource.

Let's start by simply adding a line in outputs.tf that would show us how to connect to our virtual machine, using the public_ip attribute of our dev EC2 instance:

output "login" {
  value = "ssh ubuntu@${aws_instance.dev.public_ip...
Left arrow icon Right arrow icon

Key benefits

  • Over 90 practical, actionable recipes to automate, test, and manage your infrastructure quickly and effectively
  • About This Book
  • • Bring down your delivery timeline from days to hours by treating your server configurations and VMs as code, just like you would with software code.
  • • Take your existing knowledge and skill set with your existing tools (Puppet, Chef, or Docker) to the next level and solve IT infrastructure challenges.
  • • Use practical recipes to use code to provision and deploy servers and applications and have greater control of your infrastructure.
  • Who This Book Is For
  • This book is for DevOps engineers and developers working in cross-functional teams or operations and would now switch to IAC to manage complex infrastructures.
  • What You Will Learn
  • • Provision local and remote development environments with Vagrant
  • • Automate production infrastructures with Terraform, Ansible and Cloud-init on AWS, OpenStack, Google Cloud, Digital Ocean, and more
  • • Manage and test automated systems using Chef and Puppet
  • • Build, ship, and debug optimized Docker containers
  • • Explore the best practices to automate and test everything from cloud infrastructures to operating system configuration
  • In Detail
  • Infrastructure as Code (IAC) is a key aspect of the DevOps movement, and this book will show you how to transform the way you work with your infrastructure—by treating it as software.
  • This book is dedicated to helping you discover the essentials of infrastructure automation and its related practices; the over 90 organized practical solutions will demonstrate how to work with some of the very best tools and cloud solutions.
  • You will learn how to deploy repeatable infrastructures and services on AWS, OpenStack, Google Cloud, and Digital Ocean. You will see both Ansible and Terraform in action, manipulate the best bits from cloud-init to easily bootstrap instances, and simulate consistent environments locally or remotely using Vagrant. You will discover how to automate and test a range of system tasks using Chef or Puppet. You will also build, test, and debug various Docker containers having developers’ interests in mind.
  • This book will help you to use the right tools, techniques, and approaches to deliver working solutions for today’s modern infrastructure challenges.
  • Style and approach
  • This is a recipe-based book that allows you to venture into some of the most cutting-edge practices and techniques about IAC and solve immediate problems when trying to implement them.

Description

Para 1: Infrastructure as code is transforming the way we solve infrastructural challenges. This book will show you how to make managing servers in the cloud faster, easier and more effective than ever before. With over 90 practical recipes for success, make the very most out of IAC.

Who is this book for?

This book is for DevOps engineers and developers working in cross-functional teams or operations and would now switch to IAC to manage complex infrastructures.

What you will learn

  • With this book, you?ll learn about: ? Provisioning local and remote development environments with Vagrant ? Automating production infrastructures with Terraform, Ansible and Cloud-init on AWS, OpenStack, Google Cloud, Digital Ocean, and more ? Bringing down your delivery timeline from days to hours by treating your server configurations and VMs as code, just like you would with software code ? Managing and testing automated systems using Chef and Puppet ? Using code to provision and deploy servers and applications and have greater control of your infrastructure ? Building, shipping, and debugging optimized Docker containers ? Exploring the best practices to automate and test everything from cloud infrastructures to operating system configuration ? Taking knowledge with existing tools (Puppet, Chef, or Docker) to the next level

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Feb 17, 2017
Length: 440 pages
Edition : 1st
Language : English
ISBN-13 : 9781786461292
Vendor :
HashiCorp
Tools :

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want

Product Details

Publication date : Feb 17, 2017
Length: 440 pages
Edition : 1st
Language : English
ISBN-13 : 9781786461292
Vendor :
HashiCorp
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
€18.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
€189.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts
€264.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total 103.97
Getting Started with Terraform
€24.99
AWS Administration ??? The  Definitive Guide
€36.99
Infrastructure as Code Cookbook
€41.99
Total 103.97 Stars icon

Table of Contents

11 Chapters
1. Vagrant Development Environments Chevron down icon Chevron up icon
2. Provisioning IaaS with Terraform Chevron down icon Chevron up icon
3. Going Further with Terraform Chevron down icon Chevron up icon
4. Automating Complete Infrastructures with Terraform Chevron down icon Chevron up icon
5. Provisioning the Last Mile with Cloud-Init Chevron down icon Chevron up icon
6. Fundamentals of Managing Servers with Chef and Puppet Chevron down icon Chevron up icon
7. Testing and Writing Better Infrastructure Code with Chef and Puppet Chevron down icon Chevron up icon
8. Maintaining Systems Using Chef and Puppet Chevron down icon Chevron up icon
9. Working with Docker Chevron down icon Chevron up icon
10. Maintaining Docker Containers Chevron down icon Chevron up icon
Index Chevron down icon Chevron up icon

Customer reviews

Rating distribution
Full star icon Full star icon Full star icon Full star icon Empty star icon 4
(1 Ratings)
5 star 0%
4 star 100%
3 star 0%
2 star 0%
1 star 0%
Brian Dworak Feb 11, 2018
Full star icon Full star icon Full star icon Full star icon Empty star icon 4
Excellent reference guide. I keep it on hand.
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

How do I buy and download an eBook? Chevron down icon Chevron up icon

Where there is an eBook version of a title available, you can buy it from the book details for that title. Add either the standalone eBook or the eBook and print book bundle to your shopping cart. Your eBook will show in your cart as a product on its own. After completing checkout and payment in the normal way, you will receive your receipt on the screen containing a link to a personalised PDF download file. This link will remain active for 30 days. You can download backup copies of the file by logging in to your account at any time.

If you already have Adobe reader installed, then clicking on the link will download and open the PDF file directly. If you don't, then save the PDF file on your machine and download the Reader to view it.

Please Note: Packt eBooks are non-returnable and non-refundable.

Packt eBook and Licensing When you buy an eBook from Packt Publishing, completing your purchase means you accept the terms of our licence agreement. Please read the full text of the agreement. In it we have tried to balance the need for the ebook to be usable for you the reader with our needs to protect the rights of us as Publishers and of our authors. In summary, the agreement says:

  • You may make copies of your eBook for your own use onto any machine
  • You may not pass copies of the eBook on to anyone else
How can I make a purchase on your website? Chevron down icon Chevron up icon

If you want to purchase a video course, eBook or Bundle (Print+eBook) please follow below steps:

  1. Register on our website using your email address and the password.
  2. Search for the title by name or ISBN using the search option.
  3. Select the title you want to purchase.
  4. Choose the format you wish to purchase the title in; if you order the Print Book, you get a free eBook copy of the same title. 
  5. Proceed with the checkout process (payment to be made using Credit Card, Debit Cart, or PayPal)
Where can I access support around an eBook? Chevron down icon Chevron up icon
  • If you experience a problem with using or installing Adobe Reader, the contact Adobe directly.
  • To view the errata for the book, see www.packtpub.com/support and view the pages for the title you have.
  • To view your account details or to download a new copy of the book go to www.packtpub.com/account
  • To contact us directly if a problem is not resolved, use www.packtpub.com/contact-us
What eBook formats do Packt support? Chevron down icon Chevron up icon

Our eBooks are currently available in a variety of formats such as PDF and ePubs. In the future, this may well change with trends and development in technology, but please note that our PDFs are not Adobe eBook Reader format, which has greater restrictions on security.

You will need to use Adobe Reader v9 or later in order to read Packt's PDF eBooks.

What are the benefits of eBooks? Chevron down icon Chevron up icon
  • You can get the information you need immediately
  • You can easily take them with you on a laptop
  • You can download them an unlimited number of times
  • You can print them out
  • They are copy-paste enabled
  • They are searchable
  • There is no password protection
  • They are lower price than print
  • They save resources and space
What is an eBook? Chevron down icon Chevron up icon

Packt eBooks are a complete electronic version of the print edition, available in PDF and ePub formats. Every piece of content down to the page numbering is the same. Because we save the costs of printing and shipping the book to you, we are able to offer eBooks at a lower cost than print editions.

When you have purchased an eBook, simply login to your account and click on the link in Your Download Area. We recommend you saving the file to your hard drive before opening it.

For optimal viewing of our eBooks, we recommend you download and install the free Adobe Reader version 9.