Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added solution.md for Day 2: Terraform Configuration Using HCL Syntax - S3 Bucket Resource and Provider Setup #22

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Added solution.md for Day 2: Terraform Configuration Using HCL Syntax - S3 Bucket Resource and Provider Setup #22

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
4b22e6f
Added solution.md
Amitabh-DevOps Dec 2, 2024
6155707
Added solution.md
Amitabh-DevOps Dec 4, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
221 changes: 221 additions & 0 deletions day01/solution.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,221 @@
# TerraWeek Day 1

### **Day 1: Introduction to Terraform and Terraform Basics**

#### **What is Terraform, and how can it help you manage Infrastructure as Code?**
Terraform is an open-source tool by HashiCorp that allows you to define, manage, and provision infrastructure as code (IaC). It uses a declarative configuration language, HCL (HashiCorp Configuration Language), to describe the desired state of infrastructure. By applying these configurations, Terraform ensures that the actual infrastructure matches the desired state.


Key benefits of Terraform:

- **Consistency:** The same configurations can be reused across environments (e.g., dev, staging, production).
- **Version Control:** Infrastructure definitions are stored in source control systems like Git.
- **Automation:** Removes the need for manual intervention during resource creation.
- **Cloud-Agnostic:** Supports multiple cloud providers like AWS, Azure, GCP, and even on-prem solutions.

---

#### **Why do we need Terraform, and how does it simplify infrastructure provisioning?**
1. **Eliminates Manual Effort:** Automates the provisioning, scaling, and configuration of resources.
2. **Infrastructure as Code:** Maintains infrastructure as code for better tracking, auditing, and collaboration.
3. **Cross-Cloud Compatibility:** Provides a unified approach to managing multi-cloud and hybrid environments.
4. **Dependency Management:** Automatically understands and manages dependencies between resources.
5. **Cost and Time Efficiency:** Reduces operational overhead and human error, enabling rapid infrastructure changes.

---

#### **How Can You Install Terraform and Set Up the Environment for AWS?**

#### **Before You Begin: Create an EC2 Instance for Running Commands**

To execute the following commands in an isolated environment, create an Ubuntu EC2 instance using AWS Management Console:

##### **Launch an EC2 Instance:**

1. Go to the **EC2 Dashboard** on AWS.
2. Click **Launch Instance**.
3. Configure:
- **Name:** Terraform-Setup
- **AMI:** Ubuntu Server 22.04 LTS
- **Instance Type:** t2.micro (free tier eligible)
- **Key Pair:** Create or select an existing key pair.
- **Network Settings:** Allow SSH traffic (port 22) from your IP address.
- **Storage:** Keep the default 8 GiB or adjust as needed.

##### **Connect to the Instance:**

Use an SSH client or AWS CloudShell to connect:

```bash
ssh -i "your-key-pair.pem" ubuntu@<EC2-Public-IP>
```

##### **Update the Instance:**

Run the following commands after connecting:

```bash
sudo apt update && sudo apt upgrade -y
```

Now proceed with the installation of Terraform and setting up AWS credentials.


##### 1. **Install Terraform on Ubuntu:**

To install Terraform on Ubuntu, follow these steps:

- **Add the HashiCorp GPG Key and Repository:**

```bash
wget -O - https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
```

- **Update the Package List and Install Terraform:**

```bash
sudo apt update && sudo apt install terraform
```

- **Verify Installation:**

Confirm that Terraform is installed correctly by checking its version:

```bash
terraform version
```

---

##### 2. **Set Up Terraform for AWS:**

- **Create an IAM User in AWS:**

- Go to the **IAM Management Console** in AWS.
- Create a new IAM user with **programmatic access**.
- Attach the necessary policies (e.g., `AdministratorAccess` or policies tailored to your use case).
- Note down the **Access Key ID** and **Secret Access Key**.

- **Install the AWS CLI:**

Install the AWS CLI to configure credentials:
```bash
sudo apt update && sudo apt install awscli
```

- **Configure AWS CLI Credentials:**

Run the following command and enter your IAM user details:
```bash
aws configure
```

Provide:
- **Access Key ID**
- **Secret Access Key**
- **Default region** (e.g., `us-east-1`)
- Output format (default: `json`)


- **Verify AWS CLI Configuration:**

Check your AWS CLI configuration:
```bash
aws sts get-caller-identity
```

- **Use AWS as a Provider in Terraform:**
Add the provider configuration to your Terraform `.tf` file:

```hcl
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "5.65.0"
}
}
}

provider "aws" {
region = "us-east-1"
}
```
Comment on lines +132 to +144
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codebase verification

Update AWS provider version to the latest stable release (5.79.0)

The current AWS provider version (5.65.0) is outdated. The latest stable version available from the Terraform Registry is 5.79.0. Updating to the latest version ensures access to bug fixes, security patches, and new features.

  • Update the version constraint in day01/solution.md:
terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "5.79.0"
    }
  }
}
🔗 Analysis chain

Verify AWS provider version and add security best practices

The AWS provider version is pinned to 5.65.0. While version pinning is good practice, we should verify if this is the latest stable version.

Additionally, consider adding security best practices:

  1. Mention using AWS Vault or similar tools for secure credential management
  2. Add a note about following the principle of least privilege when assigning IAM policies
🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check latest AWS provider version from Terraform registry
curl -s https://registry.terraform.io/v1/providers/hashicorp/aws/versions | jq -r '.versions[] | select(.version | contains("-") | not)' | jq -r '.version' | sort -V | tail -n 1

Length of output: 184


With these steps, your environment is ready to manage AWS infrastructure using Terraform.



#### **Important Terminologies of Terraform**

1. **Provider:**

- Defines the cloud service (e.g., AWS, Azure) or on-premises platform you are interacting with.

- Example:

```hcl
provider "aws" {
region = "us-west-2"
}
```

2. **Resource:**

- A fundamental element (e.g., an EC2 instance, an S3 bucket) described in the Terraform configuration.

- Example:

```hcl
resource "aws_s3_bucket" "example" {
bucket = "example-bucket"
tags = {
Name = "example-bucket"
}
}
```
Comment on lines +171 to +177
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Enhance S3 bucket example with security best practices

The S3 bucket example could be improved by including security best practices such as versioning and encryption.

 resource "aws_s3_bucket" "example" {
   bucket = "example-bucket"
   tags = {
        Name = "example-bucket"
   }
 }

+# Enable versioning
+resource "aws_s3_bucket_versioning" "example" {
+  bucket = aws_s3_bucket.example.id
+  versioning_configuration {
+    status = "Enabled"
+  }
+}
+
+# Enable server-side encryption
+resource "aws_s3_bucket_server_side_encryption_configuration" "example" {
+  bucket = aws_s3_bucket.example.id
+  rule {
+    apply_server_side_encryption_by_default {
+      sse_algorithm = "AES256"
+    }
+  }
+}
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
resource "aws_s3_bucket" "example" {
bucket = "example-bucket"
tags = {
Name = "example-bucket"
}
}
```
resource "aws_s3_bucket" "example" {
bucket = "example-bucket"
tags = {
Name = "example-bucket"
}
}
# Enable versioning
resource "aws_s3_bucket_versioning" "example" {
bucket = aws_s3_bucket.example.id
versioning_configuration {
status = "Enabled"
}
}
# Enable server-side encryption
resource "aws_s3_bucket_server_side_encryption_configuration" "example" {
bucket = aws_s3_bucket.example.id
rule {
apply_server_side_encryption_by_default {
sse_algorithm = "AES256"
}
}
}


3. **State:**

- A file that tracks the current state of your infrastructure. It helps Terraform understand the desired state versus the actual state.

- Example:

Terraform generates a `terraform.tfstate` file during execution.


4. **Module:**

- A reusable and logical grouping of resources defined in separate files or directories.

- Example:

```hcl
module "vpc" {
source = "./modules/vpc"
cidr = "10.0.0.0/16"
}
```

5. **Data Source:**

- Allows fetching data from external sources (e.g., the details of an existing AWS AMI).

- Example:
```hcl
data "aws_ami" "ubuntu" {
most_recent = true
filter {
name = "name"
values = ["ubuntu/images/*"]
}
}
```

These terminologies form the backbone of understanding and working with Terraform effectively!



Watch this [Reference Video](https://www.youtube.com/live/965CaSveIEI?feature=share)

Binary file added day02/images/task3.1.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added day02/images/task3.2.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added day02/images/task3.3.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
13 changes: 13 additions & 0 deletions day02/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 3.0"
}
Comment on lines +4 to +6
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Update AWS provider version to latest stable release

The current provider version constraint ~> 3.0 is outdated. The latest AWS provider version is in the 5.x series, which includes important security fixes and new features.

       aws = {
         source = "hashicorp/aws"
-        version = "~> 3.0"
+        version = "~> 5.0"
       }
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
source = "hashicorp/aws"
version = "~> 3.0"
}
source = "hashicorp/aws"
version = "~> 5.0"
}

}
}


provider "aws" {
region = "us-west-2"
}
98 changes: 98 additions & 0 deletions day02/solution.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,98 @@
# TerraWeek Day 2


## Task 1: Familiarize yourself with HCL syntax used in Terraform
HCL (HashiCorp Configuration Language) is used to define infrastructure in Terraform. Here are the key components:

- **Blocks**: These define a configuration in Terraform, e.g., `resource`, `provider`, `output`.
Example:
```hcl
resource "aws_s3_bucket" "example" {
bucket = "my-unique-bucket-name"
}
```
- **Parameters**: These define values within a block, e.g., `bucket`.
- **Arguments**: These are the specific values provided to parameters. For example, `"my-unique-bucket-name"` is an argument for the `bucket` parameter.

**Resources** in Terraform represent infrastructure objects like instances, buckets, and databases. **Data sources** fetch information about existing infrastructure, such as querying for AWS instance details.

## Task 2: Understand variables, data types, and expressions in HCL
- **Variables**: Variables allow you to reuse configuration and pass values dynamically. Define a variable in `variables.tf`.

Example of a `variables.tf`:
```hcl
variable "bucket_name" {
description = "The name of the S3 bucket"
type = string
default = "my-default-bucket"
}
```

- **Use the variable in `main.tf`**:
```hcl
resource "aws_s3_bucket" "example" {
bucket = var.bucket_name
}
```

## Task 3: Practice writing Terraform configurations using HCL syntax
- **Required Providers**: In your `main.tf`, specify providers such as Docker or AWS.
Example:
```hcl
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 3.0"
}
}
}
```

- **Testing Configuration**: To test the configuration:
1. Initialize the Terraform working directory:
```bash
terraform init
```

![task3.1](images/task3.1.png)


2. Run a plan to check for errors and preview changes:
```bash
terraform plan
```

![task3.2](images/task3.2.png)


3. Apply the configuration:
```bash
terraform apply
```

![task3.3](images/task3.3.png)


4. If necessary, adjust the configuration and reapply.


## Example of a `main.tf` file:
```hcl
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 3.0"
}
}
}

provider "aws" {
region = "us-west-2"
}

resource "aws_s3_bucket" "example" {
bucket = var.bucket_name
}
Comment on lines +95 to +97
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Add versioning and encryption to S3 bucket example

The S3 bucket example should demonstrate security best practices by enabling versioning and encryption.

Update the example:

 resource "aws_s3_bucket" "example" {
   bucket = var.bucket_name
 }
+
+resource "aws_s3_bucket_versioning" "example" {
+  bucket = aws_s3_bucket.example.id
+  versioning_configuration {
+    status = "Enabled"
+  }
+}
+
+resource "aws_s3_bucket_server_side_encryption_configuration" "example" {
+  bucket = aws_s3_bucket.example.id
+  rule {
+    apply_server_side_encryption_by_default {
+      sse_algorithm = "AES256"
+    }
+  }
+}
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
resource "aws_s3_bucket" "example" {
bucket = var.bucket_name
}
resource "aws_s3_bucket" "example" {
bucket = var.bucket_name
}
resource "aws_s3_bucket_versioning" "example" {
bucket = aws_s3_bucket.example.id
versioning_configuration {
status = "Enabled"
}
}
resource "aws_s3_bucket_server_side_encryption_configuration" "example" {
bucket = aws_s3_bucket.example.id
rule {
apply_server_side_encryption_by_default {
sse_algorithm = "AES256"
}
}
}

```
5 changes: 5 additions & 0 deletions day02/variable.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
variable "bucket_name" {
description = "The name of the S3 bucket"
type = string
default = "my-default-bucket"
}
Comment on lines +1 to +5
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Add validation block for S3 bucket naming rules

While the variable definition is good, S3 bucket names must follow strict AWS naming rules. Consider adding a validation block to ensure compliance with AWS S3 bucket naming conventions.

 variable "bucket_name" {
   description = "The name of the S3 bucket"
   type        = string
   default     = "my-default-bucket"
+  validation {
+    condition     = can(regex("^[a-z0-9][a-z0-9-]{1,61}[a-z0-9]$", var.bucket_name))
+    error_message = "S3 bucket name must be between 3 and 63 characters, contain only lowercase letters, numbers, and hyphens, and cannot start or end with a hyphen."
+  }
 }
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
variable "bucket_name" {
description = "The name of the S3 bucket"
type = string
default = "my-default-bucket"
}
variable "bucket_name" {
description = "The name of the S3 bucket"
type = string
default = "my-default-bucket"
validation {
condition = can(regex("^[a-z0-9][a-z0-9-]{1,61}[a-z0-9]$", var.bucket_name))
error_message = "S3 bucket name must be between 3 and 63 characters, contain only lowercase letters, numbers, and hyphens, and cannot start or end with a hyphen."
}
}