- Semantic Versioning
- Install Terraform CLI
- Project Root Environment Variables
- Install AWS CLI
- Terraform Basics
This project is utilising semantic versioning for its tagging. semver.org
For example:
MAJOR.MINOR.PATCH, e.g. 1.0.1
- MAJOR version when you make incompatible API changes
- MINOR version when you add functionality in a backward compatible manner
- PATCH version when you make backward compatible bug fixes
The Terraform CLI installation instrcutions have changed due to gpg keyring changes. So we need to refer to the latest install CLI instructions via Terraform Documentation and change the scripting for install.
This project is built against Ubuntu. Be aware of Linux Distribution and make adjustments accordingly. To check Linux Version:
cat /etc/os-releaseWhile fixing the terraform CLI gpg deprecation issues we notice that bash script steps were a considerable amount more code. So we decided to create a bash script to install the Terraform CLI.
- This will keep the Gitpod Task File (.gitpod.yml) tidy.
- This allows us an easier to debug and execute manually Terraform CLI install.
- This will allow better portability for other projects that need to install Terraform CLI.
A Shebang (pronounced Sha-bang) tells the bash script what program that will interpret the script.
#!/usr/bin/env bashWhen executing the bash script we can use the ./ shorthand notation to execute the bash script.
e.g. ./bin/install_terraform_cli
If we are using the scropt in .gitpod.yml we need to point the script to a program to interpret it.
e.g. source ./bin/install_terraform_cli
In order to change the permissions of a file, i.e `executable`` for a bash script, we must use chmod to change the mode.
chmod u+x ./bin/install_terraform_clior:
chmod 744 ./bin/install_terraform_cliNeed to be careful when using the Init because it will rerun if we restart an exisiting workspace.
The env command displays all the environment variables (Env Vars) that are currently set.
env | grep terraform-beginner-bootcamp-2023
- The use of
grepallows filtering, in this case, specifying terraform-beginner-bootcamp-2023 related environment variables.
To avoid accidently dispoting junk files into the root directory when running a script. You can change directory by one into the workspace then change it back into root after the scropt is done.
#!/usr/bin/env bash
cd /workspace
# script
cd $PROJECT_ROOT- Instead of hardcoding path, you can use an environment variable to make it more reusable.
Example - setting AWS credentials as env vars.
Enter the following into the terminal once you have generated access keys on AWS, replacing values with your own and making sure no credentials are exposed:
export AWS_ACCESS_KEY_ID="AKIAIOSFODNN7EXAMPLE"
export AWS_SECRET_ACCESS_KEY="wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
export AWS_DEFAULT_REGION="eu-west-2"
gp env AWS_ACCESS_KEY_ID="AKIAIOSFODNN7EXAMPLE"
gp env AWS_SECRET_ACCESS_KEY="wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
gp env AWS_DEFAULT_REGION="eu-west-2"AWS CLI is installed for this project and specific env var are set. Installation via bash script install_aws_cli.
We can check if our AWS credentials are configured corrrectly by running the AWS CLI command:
aws sts get-caller-identityIf successful, you should see a json payload return like this:
{
"UserId": "ABSGERGERGEGKEGFF",
"Account": "154353534545",
"Arn": "arn:aws:iam::154353534545:user/IAMterraformer"
}To utilise the AWS CLI, we need to generate AWS CLI credentials from AWS IAM by generating access keys.
- Mistakes made using
git revertduring aws bash script and having to use git reset command:git reset --hard HEAD^^
- To undo and remove changes from the last two commits, specified by caret or hat operator, (
^).
Terraform sources their providers and modules from the Terraform registry which can be found at registry.terraform.io.
- Providers are an interface between the API of cloud/service providers, allows creation of resources.
- Modules are a template for configuring resources in a more organised and reusable way.
We can see a list of all Terraform commands by typing terraform.
Most common commands use are the following:
terraform init initialises the working directory for terraform workflow and should be done before any state viewing/altering commands, i.e. plan, apply or destroy
When you run terraform init, the specific version of the provider is installed. Terraform will create a .terraform.lock.hcl file to record these provider settings. This should be commited to Version sontrol System (VCS) e.g. Github.
Example:
terraform plan shows an execution plan without performing the actual resource provisioning. The plan includes counts of resources being added, changed or destroyed.
Example:
terraform apply is how we provision infrastructure and it summarises of resources to be created provided.
Just using terraform apply with no flags means a confirmation is required to proceed.
Example:
Note: Auto confirmation possible: terraform apply -auto-approve. For frequent small incremental changes for dev test environments.
When running terraform apply, a .tfstate file is generated which that contains data on the current state of your infrastructure.
Note: This should NOT be commited to VCS as it may contain sensitive data.
If you lose this file, you lose knowing the state of your infrastuture.
.terraform.tfstate.backup is the previous version of state file.
terraform destroy deconstructs all provisioned infrastructure in the current state file. Specified infrastructure can be targeted by using the -target flag, e.g. terraform destroy -target='resource.name'.
You can use auto confirmation by using terraform destroy -auto-approve instead.
During assignment of random string as bucket name, it became apparent that the S3 Bucket Naming Rules would cause the apply command to fail.
Therefore, explicity stating use of lowercase and avoiding uppercase values allowed acceptable bucket names to be generated.
resource "random_string" "bucket_name" {
lower = true
upper = false
length = 32
special = false
}Difficulties getting Terraform Login to work properly with Gitpod.
To fix this we had to write an bash script which automates the workaround that deals with the Terraform Login issue, bin/generate_tfrc_credentials. So this process runs for each gitpod workspace.
Replace terraform with tf for quicker workflow by setting alias in ./bash_profile.
Found the use of the logic/conditionals when covering this bash script interesting.
To check if a string already exists in a file, you can use:
grep -q 'string' target_fileNext is #?, which is a special variable in bash that holds the exit status of the last command. An exit status of 0 means success or command execute with no problems. This can be used in a conditional statement to execute a given command if a given string is not present in this case:
if [ $? -ne 0 ]; then
echo 'string' >> target_file
echo 'Command executed successfully'
else
echo 'String already exist'
fiNOTE: I'll be sure to make use of this in the future.