Blog -
Using Terraform for Infrastructure as Code
If you’re like me, you have some hobby projects you run on AWS (Amazon Web Services). It’s usually just me running these projects, so logging into the AWS Web Console and clicking buttons to create new resources is perfectly fine. I’m just one person, accountable only to myself. If I forget how I set something up or make a mistake, there isn’t a whole lot on the line.
Why IaC?
Away from the comfort of my couch, the needs of a business are so different, even more so in the FinTech (Financial Technology) world. Accountability is extremely important, as are repeatable processes and staff redundancy. If I’m out sick or enjoying a vacation day, none of my peers should ever end up in a situation where they’d want to call me to ask how something was set up. And when voluntary auditing season is upon us, our third-party vendors will request all sorts of logs and proof that these systems are in place and air-gapped.
Enter our hero in this post, a practice known as Infrastructure as Code- (IaC, “eye-aye-see”). In IaC, we express all of the things we might otherwise do by hand, in code. Now, any engineer at the company (or an auditor) can look in the codebase and understand exactly how something works and, if I’ve documented my code well, why it works that way.
Which IaC?
There are many IaC choices- CloudFormation
and Chef
to name a couple, and the one we’ve elected for use at FloQast, Terraform
. It’s a heavy-hitter in the space used also by companies like Slack and Instacart. We love it because it’s open-source, public cloud-agnostic, and has powerful providers we use to manage many non-AWS things! Perhaps now I’ve piqued your interest and you want to give Terraform a test run. The simple example below uses Terraform to launch an EC2 Instance in your AWS account with an EBS volume (persistent storage).
A Demo
First, you’ll want to install Terraform, have an AWS account, and create a temporary directory on your local machine with a file we’ll name test.tf
. Paste the below content into that file:
# You can generate the access_key and secret_key below in your AWS account -> IAM -> Users. See https://aws.amazon.com/premiumsupport/knowledge-center/create-access-key/ for help
provider "aws" {
region = "us-west-2"
access_key = "AKIA..."
secret_key = "..."
}
variable "aws_amazonlinux_ami_id" {
type = "string"
default = "ami-0c13873ede4682a27"
}
resource "aws_instance" "web" {
ami = "${var.aws_amazonlinux_ami_id}"
availability_zone = "us-west-2a"
instance_type = "t1.micro"
tags = {
Name = "Terraform-Test"
}
}
resource "aws_ebs_volume" "example" {
availability_zone = "us-west-2a"
size = 10 # Ten GBs
}
# Attaches the two resources created above, the EC2 instance and the EBS volume
resource "aws_volume_attachment" "ebs_att" {
device_name = "/dev/sdh"
volume_id = "${aws_ebs_volume.example.id}"
instance_id = "${aws_instance.web.id}"
}
Here’s a screencap of me running this Terraform in a terminal window, sped up for your enjoyment:
Here’s what’s happening. I run:
terraform init
to initialize Terraform in our little project’s directory. It goes and downloads theaws
provider declared in the first non-comment line in our example code above.terraform plan
to see what actions it intends to take. When that looks good, I typeyes
and hit enter, and it creates the resources in my AWS account.terraform destroy
when we’re ready to tear down our project. Likeplan
, it proposes its intentions and when I decide they look good, I reply withyes
.
And that’s all for today! I hope this simple Terraform demo shows how easy IaC can be, and maybe even acts as the nudge some of us need to move our hobby projects into code…
Continue your Terraform journey by diving into their Official Getting Started Guide.
Back to Blog