Terraform usage
Install Terraform
- If you're using MacOS, then you can run the next command to install TF:
$ brew install terraformNOTE: you must install HOMEBREW to your host something like:
$ sudo /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)"- For Unix/Linux OS you might go to the official Terraform site and download bin-file with software.
Init
First of all, you should clone this repo to your local machine. I provided modules with simple examples. After, go to needed example and run the next command:
$ terrafrom initThis command will init everything to provision module(s).
Plan
When you set terraform init you will be able to see which services are going to create with the next command:
$ terraform planIf you're using tfvars, you can run the following command:
$ terraform plan -var-file terraform.tfvarsIt's a good point to use tfvars for multiple environments, - as example.
Apply
To apply your stack, you can use:
$ terraform applyOr:
$ terraform apply -var-file terraform.tfvarsAlso, you can use -auto-approve command to automatically apply the stack.
Destroy
To terminate the stack, use:
$ terraform destroyOr:
$ terraform destroy -var-file terraform.tfvarsAlso, you can use -auto-approve command to automatically terminate the stack.
graph
If you're using mac OS, you must install the next package:
$ brew install graphvizThen, run:
$ terraform graph | dot -Tsvg > graph.svg
$ terraform graph | dot -Tpng > graph.pngHelp
To get help, use:
$ terraform help
Usage: terraform [-version] [-help] <command> [args]
The available commands for execution are listed below.
The most common, useful commands are shown first, followed by
less common or more advanced commands. If you're just getting
started with Terraform, stick with the common commands. For the
other commands, please read the help and docs before usage.
Common commands:
apply Builds or changes infrastructure
console Interactive console for Terraform interpolations
destroy Destroy Terraform-managed infrastructure
env Workspace management
fmt Rewrites config files to canonical format
get Download and install modules for the configuration
graph Create a visual graph of Terraform resources
import Import existing infrastructure into Terraform
init Initialize a Terraform working directory
login Obtain and save credentials for a remote host
logout Remove locally-stored credentials for a remote host
output Read an output from a state file
plan Generate and show an execution plan
providers Prints a tree of the providers used in the configuration
refresh Update local state file against real resources
show Inspect Terraform state or plan
taint Manually mark a resource for recreation
untaint Manually unmark a resource as tainted
validate Validates the Terraform files
version Prints the Terraform version
workspace Workspace management
All other commands:
0.12upgrade Rewrites pre-0.12 module source code for v0.12
0.13upgrade Rewrites pre-0.13 module source code for v0.13
debug Debug output management (experimental)
force-unlock Manually unlock the terraform state
push Obsolete command for Terraform Enterprise legacy (v1)
state Advanced state management``` Auto-switching Terraform version
The tfswitch command line tool lets you switch between different versions of terraform. If you do not have a particular version of terraform installed, tfswitch lets you download the version you desire. The installation is minimal and easy. Once installed, simply select the version you require from the dropdown and start using terraform.
To install this tool for macOS:
$ brew install warrensbox/tap/tfswitchLinux:
$ curl -L https://raw.githubusercontent.com/warrensbox/terraform-switcher/release/install.sh | bashSnapcraft for CentOS, Ubuntu, Linux Mint, RHEL, Debian, Fedora:
$ sudo snap install tfswitchAutomatically switch with bash
Add the following to the end of your ~/.bashrc file: (Use either .tfswitchrc or .tfswitch.toml or .terraform-version):
cdtfswitch(){
builtin cd "$@";
cdir=$PWD;
if [ -e "$cdir/.tfswitchrc" ]; then
tfswitch
fi
}
alias cd='cdtfswitch'Automatically switch with zsh
Add the following to the end of your ~/.zshrc file:
load-tfswitch() {
local tfswitchrc_path=".tfswitchrc"
if [ -f "$tfswitchrc_path" ]; then
tfswitch
fi
}
add-zsh-hook chpwd load-tfswitch
load-tfswitchTo get list of the supported version of the software, run the next command:
$ tfswitch -lOr:
$ tfswitch --list-allScroll up or down to see versions. Click on needed to use it.
If a *.tf file with the terraform constrain is included in the current directory, it should automatically download or switch to that terraform version. For example, the following should automatically switch terraform to the lastest version:
terraform {
required_version = ">= 0.13.9"
required_providers {
aws = ">= 2.52.0"
kubernetes = ">= 1.11.1"
}
}I really like this tool and it can be used for your locally run as well as for CI/CD.
Module Sources
The source argument in a module block tells Terraform where to find the source code for the desired child module.
Terraform uses this during the module installation step of terraform init to download the source code to a directory on local disk so that it can be used by other Terraform commands.
Local Paths
Local path references allow for factoring out portions of a configuration within a single source repository:
module "vpc" {
source = "../aws/modules/vpc"
}
A local path must begin with either ./ or ../ to indicate that a local path is intended, to distinguish from a module registry address.
Local paths are special in that they are not "installed" in the same sense that other sources are: the files are already present on local disk (possibly as a result of installing a parent module) and so can just be used directly. Their source code is automatically updated if the parent module is upgraded.
Terraform Registry
A module registry is the native way of distributing Terraform modules for use across multiple configurations, using a Terraform-specific protocol that has full support for module versioning.
Terraform Registry is an index of modules shared publicly using this protocol. This public registry is the easiest way to get started with Terraform and find modules created by others in the community:
module "consul" {
source = "hashicorp/consul/aws"
version = "0.1.0"
}
GitHub
Terraform will recognize unprefixed github.com URLs and interpret them automatically as Git repository sources:
module "consul" {
source = "github.com/hashicorp/example"
}
Or:
module "ram" {
source = "git@github.com:SebastianUA/terraform.git//aws/modules/ram?ref=dev"
}
Arbitrary Git repositories can be used by prefixing the address with the special git:: prefix. After this prefix, any valid Git URL can be specified to select one of the protocols supported by Git.
For example, to use HTTPS or SSH:
module "vpc" {
source = "git::https://example.com/vpc.git"
}
module "storage" {
source = "git::ssh://username@example.com/storage.git"
}
Fetching archives over HTTP
As a special case, if Terraform detects that the URL has a common file extension associated with an archive file format then it will bypass the special terraform-get=1 redirection described above and instead just use the contents of the referenced archive as the module source code:
module "vpc" {
source = "https://example.com/vpc-module.zip"
}
S3 Bucket
You can use archives stored in S3 as module sources using the special s3:: prefix, followed by an S3 bucket object URL:
module "consul" {
source = "s3::https://s3-eu-west-1.amazonaws.com/examplecorp-terraform-modules/vpc.zip"
}
And others.
Using Terraform for multiple AWS accounts
You can optionally define multiple configurations for the same provider, and select which one to use on a per-resource or per-module basis. The primary reason for this is to support multiple regions for a cloud platform; other examples include targeting multiple Docker hosts, multiple Consul hosts, etc.
To create multiple configurations for a given provider, include multiple provider blocks with the same provider name. For each additional non-default configuration, use the alias meta-argument to provide an extra name segment. For example:
#
# MAINTAINER Vitaliy Natarov "vitaliy.natarov@yahoo.com"
#
terraform {
required_version = "~> 0.13"
}
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Account from resoure will be shared (owner)
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
provider "aws" {
region = "us-east-1"
shared_credentials_file = pathexpand("~/.aws/credentials")
profile = "owner"
alias = "owner"
}
module "ram_owner" {
source = "git@github.com:SebastianUA/terraform.git//aws/modules/ram?ref=dev"
name = "tmp"
environment = "dev"
providers = {
aws = aws.owner
}
# RAM resource share
enable_ram_resource_share = true
ram_resource_share_name = "test-ram-shared-resource-1"
ram_resource_share_allow_external_principals = true
# RAM resource association
enable_ram_resource_association = true
ram_resource_association_resource_arn = "arn:aws:ec2:YOUR_REGION_HERE:YOUR_AWSID_HERE:transit-gateway/tgw-095a7bb025f42d2b0"
tags = map("Env", "stage", "Orchestration", "Terraform")
}
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Account to resoure will be shared (main)
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
provider "aws" {
region = "us-east-1"
shared_credentials_file = pathexpand("~/.aws/credentials")
profile = "main"
}
module "ram_main_accepter" {
source = "git@github.com:SebastianUA/terraform.git//aws/modules/ram?ref=dev"
name = "tmp"
environment = "dev"
# RAM principal association
enable_ram_principal_association = true
ram_principal_association_resource_share_arn = module.ram_owner.ram_resource_share_id
ram_principal_association_principal = data.aws_caller_identity.current.account_id
# RAM resource share accepter
enable_ram_resource_share_accepter = true
ram_resource_share_accepter_share_arn = module.ram_owner.ram_principal_association_id
depends_on = [
module.ram_owner
]
}
The official documentation is https://www.terraform.io/docs/language/providers/configuration.html#provider-versions.
Cloud cost estimates for Terraform
Infracost shows cloud cost estimates for infrastructure-as-code projects such as Terraform. It helps developers, devops and others to quickly see a cost breakdown and compare different options upfront.
Installation
-
Assuming Terraform is already installed, get the latest Infracost release:
macOS Homebrew:
brew install infracostLinux/macOS manual download:
os=$(uname | tr '[:upper:]' '[:lower:]') && \ arch=$(uname -m | tr '[:upper:]' '[:lower:]' | sed -e s/x86_64/amd64/) && \ curl -s -L https://github.com/infracost/infracost/releases/latest/download/infracost-$os-$arch.tar.gz | tar xz -C /tmp && \ sudo mv /tmp/infracost-$os-$arch /usr/local/bin/infracostDocker and Windows users see here.
-
Register for a free API key:
infracost registerThe key is saved in
~/.config/infracost/credentials.yml. -
Run Infracost using our example Terraform project to see how it works:
git clone https://github.com/infracost/example-terraform.git cd example-terraform # Play with sample1/main.tf and re-run to compare costs infracost breakdown --path sample1 # Show diff of monthly costs, edit the yaml file and re-run to compare costs infracost diff --path sample1 --usage-file sample1/infracost-usage.yml
Please watch/star this repo as we add new cloud resources every week or so.
Usage
The infracost CLI has the following main commands, their usage is described in our short getting started page:
breakdown: show full breakdown of costsdiff: show diff of monthly costs between current and planned state
As mentioned in our FAQ, no cloud credentials, secrets, tags or resource identifiers are sent to the Cloud Pricing API. That API does not become aware of your cloud spend; it simply returns cloud prices to the CLI so calculations can be done on your machine. Infracost does not make any changes to your Terraform state or cloud resources.
CI/CD integrations
The following CI/CD integrations can be used to automatically add a pull request comment showing the diff of monthly costs between the current and planned state:
If you run into any issues with CI/CD integrations, please join our community Slack channel, we'd be happy to guide you through it. The GitHub page is https://github.com/infracost/infracost.
Auto-generate documentation for Terraform modules
I have a python script to generate the README.md file-based on Terraform modules and examples that I'm supporting. The code can be found here: generate-tf-docs.
Authors
Created and maintained by Vitaliy Natarov. An email: vitaliy.natarov@yahoo.com.
License
Apache 2 Licensed. See LICENSE for full details.