日本語版はこちらになります

Terraform is an IaC(infrastructure as code) software tool, which created by HashiCorp.
Listed as a recommended tool for Infrastructure Provisioning at DevOps Roadmap,
Terraform is a perfect tool for those engaged in occupations such as IT infrastructure engineer, DevOps engineer, and SRE.

• Based on the content for help junior SRE onboarding used in-house. -> Drecom
• A practice repository for using terraform via hands-on to show you how terraform working and what's Drecom-style.
• Please note that the Drecom-style terraform usage patterns are included, these may not be best practice but we use them for our daily work.
• AWS Resources used:
  • IAM
  • S3
  • Api-gateway
  • Lambda function
  • ECR
  • App Runner

• Terraform beginners
• Junior DevOps engineers
• Junior SREs
• etc.

• Terminal application(e.g. iTerm2, wsl2)
• curl
• AWS account(with access key & secret access key)
• A modern browser
• Terraform(0.12+)
  • Used Ver. 1.0.0 here
• docker

• Set your AWS Credentials into a example file
  • service_account_id = ""
  • aws_access_key = ""
  • aws_secret_key = ""
  • region = "ap-northeast-1"

$ mv terraform.tfvars.example terraform.tfvars
$ vi terraform.tfvars

• To prevent the resources of each environment (staging, production, etc.) from being influenced by each other, Drecom use terraform workspace to get it done.
• Firstly, make a workspace called 'common' to build IAM, S3 bucket resources to your AWS env, via terraform plan & apply
• Secondly, make a workspace called 'system' to build lambda-function, api-gateway, ecr resources to your AWS env, via terraform plan & apply
• Finally, make a workspace called 'production' to build apprunner resources to your AWS env, via terraform plan & apply
  • Be free to add other .tf files to see how to build others resources.
  • Discussion with your partner based on issues, and see what you can do togerther.
• Don't forget to clear up all AWS resources after workshop, or you may recieve a surprise bill from AWS. :)

You may found the tfstate files are stored here in the local environment,
but the truth is we do all that stuff via CI tool(gitlab-ci, in our case),
since it has some sensitive information that not suitable to be published, so let's do it locally here.

$ git clone [email protected]:drecom/terraform-onboarding.git
$ cd terraform-onboarding
$ mv terraform.tfvars.example terraform.tfvars
$ vi terraform.tfvars
# Several variables are defined by variables.tf   
# Before running other command, you may take a look at it.  
$ vi variables.tf
$ terraform init
# show all existing workspaces
$ terraform workspace list
$ terraform workspace select common
$ terraform plan
$ terraform apply

See drecom/demo-box's README for more details.

$ terraform workspace select system
$ terraform plan
$ terraform apply

# on workspace system
$ terraform output | grep deployment-invoke-url | awk '{print $3}' | xargs curl
{"drecom": "with entertainment <TIME_NOW+0900>"}

See sample-app's README for more details.

$ terraform workspace select production
$ terraform plan
# It usually takes several minutes
$ terraform apply

• apprunner-url

$ terraform workspace select production
# switch “production = false” to “production = true”
$ vi ec2_variables.tf
$ terraform plan
# It usually takes several minutes
$ terraform apply
# until instance healthy(about 3min)
# check it via AWS console
$ terraform output | grep practice-ec2-public-dns | awk '{print $3}' | xargs curl

$ terraform workspace select production
$ terraform destroy
$ terraform workspace select system
$ terraform destroy
$ terraform workspace select common
$ terraform destroy

• We use some runtime manager to help us handling different versions of terraform. (e.g.
  • asdf
  • anyenv
  • etc.