DevOps 1: IaC with Terraform and AWS
In the realm of DevOps and cloud computing, the ability to automate the provisioning and management of infrastructure is a game-changer. Infrastructure as Code (IaC) has revolutionized how we deploy and manage our cloud resources, making it faster, more reliable, and scalable. Among the tools at the forefront of this revolution is Terraform by HashiCorp, a powerful tool that allows you to create, update, and manage your infrastructure across a variety of cloud providers with simple, declarative configuration files.
This article kicks off my series by focusing on setting up the necessary AWS infrastructure for an Amazon Elastic Kubernetes Service (EKS) cluster using Terraform. We’ll cover the essentials: VPCs, subnets, and security groups—laying the groundwork for a scalable and secure Kubernetes environment.
Why Terraform?
Terraform’s declarative configuration language allows you to describe your desired infrastructure state, which Terraform then works to achieve by making API calls to cloud providers like AWS. This approach not only automates the process but also documents your infrastructure in code, enabling version control, peer reviews, and history tracking.
Benefits:
- Consistency and Repeatability: Terraform ensures your infrastructure is deployed the same way every time, eliminating “it works on my machine” problems.
- Collaboration: Infrastructure code can be shared among team members, reviewed, and improved, much like application code.
- Change Management: Terraform tracks state, allowing you to see how infrastructure changes over time and roll back to previous states if needed.
Setting Up Your Terraform Environment
Before diving into the code, ensure you have both Terraform and the AWS CLI installed and configured on your machine.
1. Install Terraform
Follow the instructions on the Terraform website to download and install Terraform for your operating system.
2. Install and Configure the AWS CLI
If you haven’t already, install the AWS CLI and configure it with your AWS credentials. This allows Terraform to interact with your AWS account.
Install the AWS CLI
Instructions can be found on the AWS CLI documentation page.
Configure the AWS CLI
Run the following command to configure the AWS CLI with your credentials:
aws configure
You will be prompted to enter your AWS Access Key ID, Secret Access Key, default region name, and default output format.
3. Set Up an S3 Backend for Terraform State
Using an S3 bucket to store your Terraform state is a best practice, especially in team environments. This ensures your state file is accessible to all team members and maintains a single source of truth.
Create an S3 Bucket
First, create an S3 bucket for your Terraform state:
aws s3api create-bucket --bucket my-terraform-state-bucket --region us-east-1
Remember your bucket needs to be globally unique, so use uuidv4 if needed.
Enable Versioning on the S3 Bucket
Enable versioning to keep a history of your state files:
aws s3api put-bucket-versioning --bucket my-terraform-state-bucket --versioning-configuration Status=Enabled
4. Configure Terraform to Use the S3 Backend
In your Terraform configuration directory, create a backend.tf
file and configure the S3 backend:
terraform {
backend "s3" {
bucket = "my-terraform-state-bucket"
key = "terraform/eks-cluster.tfstate"
region = "us-east-1"
}
}
Creating the Infrastructure
With Terraform installed, AWS CLI configured, and the S3 backend set up, let’s start by creating the Terraform configuration files for our AWS infrastructure.
Step 1: Create a Terraform Configuration File
Create a file named main.tf
. This file will contain the definition of the AWS resources needed for our EKS cluster.
VPC
resource "aws_vpc" "eks_vpc" {
cidr_block = "10.0.0.0/16"
enable_dns_support = true
enable_dns_hostnames = true
tags = {
Name = "eks_vpc"
}
}
Subnets
resource "aws_subnet" "eks_subnet1" {
vpc_id = aws_vpc.eks_vpc.id
cidr_block = "10.0.1.0/24"
availability_zone = "us-east-1a"
map_public_ip_on_launch = true
tags = {
Name = "eks_subnet1"
}
}
resource "aws_subnet" "eks_subnet2" {
vpc_id = aws_vpc.eks_vpc.id
cidr_block = "10.0.2.0/24"
availability_zone = "us-east-1b"
map_public_ip_on_launch = true
tags = {
Name = "eks_subnet2"
}
}
Security Groups
resource "aws_security_group" "eks_sg" {
name = "eks_sg"
description = "Security group for EKS cluster"
vpc_id = aws_vpc.eks_vpc.id
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "eks_sg"
}
}
Step 2: Initialize and Apply Terraform Configuration
Navigate to your project directory in the terminal and run:
terraform init
This command initializes the Terraform environment. Then, apply the configuration with:
terraform apply
Terraform will show you a plan of the resources to be created and ask for confirmation. Type yes
to proceed.
Conclusion
By following these steps, you’ve successfully laid the groundwork for your Amazon EKS cluster using Terraform. You’ve created a VPC, subnets, and a security group—all essential components for a scalable and secure Kubernetes environment. This infrastructure-as-code approach not only streamlines the setup process but also sets a solid foundation for deploying and managing containerized applications with Amazon EKS.
Gotchas and Tips
- Version Control: Treat your Terraform files as you would application code. Use version control systems like Git to track changes and collaborate with your team.
- Module Use: As your infrastructure grows, organize your Terraform code into modules for reusability and maintainability.
In the next part, we will work on setting up the Amazon EKS cluster on this infrastructure, taking our project to the next level of cloud-native application deployment.