Added solution.md for Day 2: Terraform Configuration Using HCL Syntax - S3 Bucket Resource and Provider Setup

[Amitabh-DevOps]

This PR covers the implementation of Terraform configurations using HCL syntax as part of TerraWeek Day 2 tasks. The following changes are included:

• Familiarized with HCL syntax: Defined Terraform blocks such as resource and provider for creating an AWS S3 bucket.
• Introduced variables: Created a variables.tf file to define the variable bucket_name, which is then used in the main.tf file to dynamically configure the S3 bucket name.
• Configured AWS provider: Specified the required provider for AWS and defined the region in the provider block.
• Tested the configuration: Included steps to initialize Terraform, preview changes using terraform plan, and apply the configuration using terraform apply.

Screenshots from the execution of the terraform init, terraform plan, and terraform apply commands are included in the PR.

This work helps establish a solid foundation for creating and managing infrastructure using Terraform and HCL syntax.

Summary by CodeRabbit

• New Features

  • Introduced comprehensive guides on Terraform, covering installation, configuration, and key concepts.
  • Added a new Terraform configuration file for AWS provider setup, specifying the region and version.
  • Created a variable for configurable S3 bucket naming.

• Documentation

  • Provided structured guides for using HashiCorp Configuration Language (HCL) with practical examples and tasks.

[coderabbitai]

Walkthrough

The changes introduce several new Terraform-related files and documentation. A comprehensive guide on Terraform is added in day01/solution.md, covering its functionalities, installation, and AWS integration. The day02/main.tf file specifies the AWS provider configuration, while day02/solution.md provides structured tasks to familiarize users with HashiCorp Configuration Language (HCL) and practical configuration writing. Additionally, day02/variable.tf introduces a new variable for S3 bucket naming.

Changes

File	Change Summary
day01/solution.md	Added a guide on Terraform, covering its introduction, installation, and AWS setup.
day02/main.tf	Introduced AWS provider configuration with version constraint and region setting.
day02/solution.md	Added structured tasks for learning HCL, including resource definitions and variable usage.
day02/variable.tf	Introduced a new variable bucket_name for configurable S3 bucket naming.

Poem

In the land of cloud and code,
A rabbit hops, where Terraform glowed.
With guides and tasks, we learn and play,
Building our dreams in a structured way.
Buckets named with care and cheer,
In the world of IaC, we have no fear! 🐇✨

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 5

🧹 Outside diff range and nitpick comments (6)

day02/main.tf (1)

11-13: Make AWS region configurable via variable

The region is hardcoded. Consider making it configurable through a variable to support different deployment environments.

+variable "aws_region" {
+  description = "AWS region for all resources"
+  type        = string
+  default     = "us-west-2"
+}

 provider "aws" {
-  region = "us-west-2"
+  region = var.aws_region
 }

day02/solution.md (2)

52-77: Enhance testing configuration section with security and state management guidance

The testing configuration section should include important security considerations and state management best practices.

Add the following sections before the testing steps:

### Important Security Considerations
- Never commit sensitive credentials to version control
- Use remote state storage (e.g., S3 + DynamoDB) for team collaboration
- Enable state encryption at rest
- Use state locking to prevent concurrent modifications

### State Management
```terraform
terraform {
  backend "s3" {
    bucket         = "terraform-state-bucket"
    key            = "day02/terraform.tfstate"
    region         = "us-west-2"
    encrypt        = true
    dynamodb_table = "terraform-state-lock"
  }
}

---

80-98: Add output values to the example configuration

The example configuration should demonstrate how to use output values to expose important resource attributes.

Add output values to the example:

output "bucket_id" {
  description = "The name of the bucket"
  value       = aws_s3_bucket.example.id
}

output "bucket_arn" {
  description = "The ARN of the bucket"
  value       = aws_s3_bucket.example.arn
}

🧰 Tools

🪛 Markdownlint (0.35.0)

80-80: Punctuation: ':'
Trailing punctuation in heading

(MD026, no-trailing-punctuation)

day01/solution.md (3)

3-3: Maintain proper heading hierarchy

The document starts with a level 3 heading (###). For better document structure and accessibility, start with a level 2 heading (##) and increment levels one at a time.

-### **Day 1: Introduction to Terraform and Terraform Basics**
+## **Day 1: Introduction to Terraform and Terraform Basics**

🧰 Tools

🪛 Markdownlint (0.35.0)

3-3: Expected: h2; Actual: h3
Heading levels should only increment by one level at a time

(MD001, heading-increment)

---

207-214: Improve AMI data source example with more specific filters

The current AMI filter is too broad. Consider adding more specific filters to ensure the correct AMI is selected.

 data "aws_ami" "ubuntu" {
   most_recent = true
+  owners      = ["099720109477"] # Canonical
   filter {
     name   = "name"
-    values = ["ubuntu/images/*"]
+    values = ["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*"]
   }
+  filter {
+    name   = "virtualization-type"
+    values = ["hvm"]
+  }
+  filter {
+    name   = "root-device-type"
+    values = ["ebs"]
+  }
 }

---

220-220: Add context to the reference video link

Consider adding a brief description of what topics are covered in the video to help users decide if it's relevant to their learning needs.

-Watch this [Reference Video](https://www.youtube.com/live/965CaSveIEI?feature=share)
+Watch this [Reference Video](https://www.youtube.com/live/965CaSveIEI?feature=share) for a detailed walkthrough of Terraform installation, AWS provider setup, and creating your first infrastructure as code.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 6a69991 and 6155707.

⛔ Files ignored due to path filters (3)

• day02/images/task3.1.png is excluded by !**/*.png
• day02/images/task3.2.png is excluded by !**/*.png
• day02/images/task3.3.png is excluded by !**/*.png

📒 Files selected for processing (4)

• day01/solution.md (1 hunks)
• day02/main.tf (1 hunks)
• day02/solution.md (1 hunks)
• day02/variable.tf (1 hunks)

🧰 Additional context used

🪛 Markdownlint (0.35.0)

day02/solution.md

80-80: Punctuation: ':'
Trailing punctuation in heading

(MD026, no-trailing-punctuation)

day01/solution.md

3-3: Expected: h2; Actual: h3
Heading levels should only increment by one level at a time

(MD001, heading-increment)

🪛 LanguageTool

day01/solution.md

[uncategorized] ~6-~6: Possible missing article found.
Context: ...uage), to describe the desired state of infrastructure. By applying these configurations, Terr...

(AI_HYDRA_LEO_MISSING_THE)

🔇 Additional comments (1)

day02/main.tf (1)

1-13: Add provider authentication configuration

The AWS provider block is missing authentication configuration. While it might use default credentials, it's better to explicitly document the authentication method in the configuration.

Consider adding explicit provider authentication configuration:

provider "aws" {
  region = var.aws_region
  # Choose one of the following authentication methods:
  # 1. Shared credentials file
  shared_credentials_files = ["~/.aws/credentials"]
  profile                 = "default"
  
  # 2. Environment variables (recommended for CI/CD)
  # AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY
  
  # 3. IAM role (recommended for EC2 instances)
  # assume_role {
  #   role_arn = "arn:aws:iam::ACCOUNT_ID:role/ROLE_NAME"
  # }
}

[coderabbitai]

🛠️ Refactor suggestion

Add validation block for S3 bucket naming rules

While the variable definition is good, S3 bucket names must follow strict AWS naming rules. Consider adding a validation block to ensure compliance with AWS S3 bucket naming conventions.

 variable "bucket_name" {
   description = "The name of the S3 bucket"
   type        = string
   default     = "my-default-bucket"
+  validation {
+    condition     = can(regex("^[a-z0-9][a-z0-9-]{1,61}[a-z0-9]$", var.bucket_name))
+    error_message = "S3 bucket name must be between 3 and 63 characters, contain only lowercase letters, numbers, and hyphens, and cannot start or end with a hyphen."
+  }
 }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	variable "bucket_name" {
	description = "The name of the S3 bucket"
	type = string
	default = "my-default-bucket"
	}
	variable "bucket_name" {
	description = "The name of the S3 bucket"
	type = string
	default = "my-default-bucket"
	validation {
	condition = can(regex("^[a-z0-9][a-z0-9-]{1,61}[a-z0-9]$", var.bucket_name))
	error_message = "S3 bucket name must be between 3 and 63 characters, contain only lowercase letters, numbers, and hyphens, and cannot start or end with a hyphen."
	}
	}

[coderabbitai]

🛠️ Refactor suggestion

Update AWS provider version to latest stable release

The current provider version constraint ~> 3.0 is outdated. The latest AWS provider version is in the 5.x series, which includes important security fixes and new features.

       aws = {
         source = "hashicorp/aws"
-        version = "~> 3.0"
+        version = "~> 5.0"
       }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	source = "hashicorp/aws"
	version = "~> 3.0"
	}
	source = "hashicorp/aws"
	version = "~> 5.0"
	}

[coderabbitai]

🛠️ Refactor suggestion

Add versioning and encryption to S3 bucket example

The S3 bucket example should demonstrate security best practices by enabling versioning and encryption.

Update the example:

 resource "aws_s3_bucket" "example" {
   bucket = var.bucket_name
 }
+
+resource "aws_s3_bucket_versioning" "example" {
+  bucket = aws_s3_bucket.example.id
+  versioning_configuration {
+    status = "Enabled"
+  }
+}
+
+resource "aws_s3_bucket_server_side_encryption_configuration" "example" {
+  bucket = aws_s3_bucket.example.id
+  rule {
+    apply_server_side_encryption_by_default {
+      sse_algorithm = "AES256"
+    }
+  }
+}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	resource "aws_s3_bucket" "example" {
	bucket = var.bucket_name
	}
	resource "aws_s3_bucket" "example" {
	bucket = var.bucket_name
	}
	resource "aws_s3_bucket_versioning" "example" {
	bucket = aws_s3_bucket.example.id
	versioning_configuration {
	status = "Enabled"
	}
	}
	resource "aws_s3_bucket_server_side_encryption_configuration" "example" {
	bucket = aws_s3_bucket.example.id
	rule {
	apply_server_side_encryption_by_default {
	sse_algorithm = "AES256"
	}
	}
	}

[coderabbitai]

🛠️ Refactor suggestion

Enhance S3 bucket example with security best practices

The S3 bucket example could be improved by including security best practices such as versioning and encryption.

 resource "aws_s3_bucket" "example" {
   bucket = "example-bucket"
   tags = {
        Name = "example-bucket"
   }
 }

+# Enable versioning
+resource "aws_s3_bucket_versioning" "example" {
+  bucket = aws_s3_bucket.example.id
+  versioning_configuration {
+    status = "Enabled"
+  }
+}
+
+# Enable server-side encryption
+resource "aws_s3_bucket_server_side_encryption_configuration" "example" {
+  bucket = aws_s3_bucket.example.id
+  rule {
+    apply_server_side_encryption_by_default {
+      sse_algorithm = "AES256"
+    }
+  }
+}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	resource "aws_s3_bucket" "example" {
	bucket = "example-bucket"
	tags = {
	Name = "example-bucket"
	}
	}
	```
	resource "aws_s3_bucket" "example" {
	bucket = "example-bucket"
	tags = {
	Name = "example-bucket"
	}
	}
	# Enable versioning
	resource "aws_s3_bucket_versioning" "example" {
	bucket = aws_s3_bucket.example.id
	versioning_configuration {
	status = "Enabled"
	}
	}
	# Enable server-side encryption
	resource "aws_s3_bucket_server_side_encryption_configuration" "example" {
	bucket = aws_s3_bucket.example.id
	rule {
	apply_server_side_encryption_by_default {
	sse_algorithm = "AES256"
	}
	}
	}

[coderabbitai]

💡 Codebase verification

Update AWS provider version to the latest stable release (5.79.0)

The current AWS provider version (5.65.0) is outdated. The latest stable version available from the Terraform Registry is 5.79.0. Updating to the latest version ensures access to bug fixes, security patches, and new features.

• Update the version constraint in day01/solution.md:

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "5.79.0"
    }
  }
}

🔗 Analysis chain

Verify AWS provider version and add security best practices

The AWS provider version is pinned to 5.65.0. While version pinning is good practice, we should verify if this is the latest stable version.

Additionally, consider adding security best practices:

1. Mention using AWS Vault or similar tools for secure credential management
2. Add a note about following the principle of least privilege when assigning IAM policies

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check latest AWS provider version from Terraform registry
curl -s https://registry.terraform.io/v1/providers/hashicorp/aws/versions | jq -r '.versions[] | select(.version | contains("-") | not)' | jq -r '.version' | sort -V | tail -n 1

Length of output: 184