Terraform Day 02: Provider Block ,Resource Block , S3 backend , Data Source , Remote Data Source Backend

Infrastructure as Code (IaC) has revolutionized the way we manage cloud resources. In this blog, we’ll dive into Terraform’s fundamentals and explore its core concepts, comparing it with Cloud Native Tools (CNT) like AWS CloudFormation (CFT), Azure Resource Manager (ARM), and GCP Deployment Manager. We’ll also demonstrate practical Terraform code examples, focusing on AWS.

Code used in the blog

Tools Overview

AWS: CloudFormation (CFT)
Azure: Azure Resource Manager (ARM)
GCP: Deployment Manager

Key Differences between CNT (CFT, ARM) and Terraform

Feature	CFT & ARM	Terraform
Language	JSON or YAML (all configs in one file)	HashiCorp Configuration Language (HCL)
Complexity	Learning JSON/YAML is difficult	HCL is simpler and modular
Cloud Compatibility	AWS (CFT), Azure (ARM) only	Multi-cloud (AWS, Azure, GCP)
Module Support	No	Yes, with reusable modules
Workspace Support	No	Yes, supports multiple workspaces
Dry-Run Capability	Limited	`terraform plan` for effective dry-run
Importing Resources	Complex in AWS, not available in ARM	Simple with `terraform import`

Terraform and Other HashiCorp Tools

Terraform is a cloud-agnostic tool, enabling multi-cloud resource management with a unified configuration language. Other HashiCorp tools include:

Packer: Image automation
Consul: Service discovery and cluster management
Vault: Secure secrets management
Nomad: Workload orchestration (an alternative to Kubernetes)

Getting Started with Terraform

1. Main Configuration (`main.tf`)

The primary file where we define the cloud provider:

provider "aws" {
  region = "ap-south-1"
}

# Other resource definitions will follow...

Tip: Avoid hard-coding credentials. Use aws configure after installing the AWS CLI.

2. Create Your First VPC (`vpc.tf`)

Terraform refers to any cloud resource as a resource. Below is an example of creating a VPC and Internet Gateway:

resource "aws_vpc" "my_vpc" {
  cidr_block = "10.0.0.0/16"
  tags = {
    Name = "My-VPC"
  }
}

resource "aws_internet_gateway" "igw" {
  vpc_id = aws_vpc.my_vpc.id
  tags = {
    Name = "My-Internet-Gateway"
  }
}

Run terraform init terraform plan terraform apply to provision resources

3. Using Data Sources

Data sources fetch information about existing resources in your cloud environment. For example, fetching a VPC by its id:

data "aws_vpc" "Test-Vpc" {
  id = var.vpc_id
}

resource "aws_internet_gateway" "igw" {
  vpc_id = data.aws_vpc.Test-Vpc.id
}

Existing VPC on aws console without internet gateway

we can attach internet gateway to existing vpc using data source

Enter terraform apply and check aws vpc console for changes

4. Remote State Management

Terraform generates a state file after deployment. Use remote state for managing infrastructure across projects:

provider "aws" {
  region = "us-east-1"
}

terraform {
  backend "s3" {
    bucket = "terraformbucket1212"
    key    = "Base-infra.tfstate"
    region = "us-east-1"
  }
}

resource "aws_vpc" "default" {
  cidr_block           = "10.1.0.0/16"
  enable_dns_hostnames = true
  tags = {
    Name  = "terraform-aws-testing"
    Owner = "kiran"
  }
}

resource "aws_internet_gateway" "default" {
  vpc_id = aws_vpc.default.id
  tags = {
    Name = "terraform-aws-igw"
  }
}

resource "aws_subnet" "subnet1-public" {
  vpc_id            = aws_vpc.default.id
  cidr_block        = "10.1.1.0/24"
  availability_zone = "us-east-1a"
  tags = {
    Name = "Terraform_Public_Subnet1-testing"
  }
}

resource "aws_subnet" "subnet2-public" {
  vpc_id            = aws_vpc.default.id
  cidr_block        = "10.1.2.0/24"
  availability_zone = "us-east-1b"
  tags = {
    Name = "Terraform_Public_Subnet2-testing"
  }
}

resource "aws_subnet" "subnet3-public" {
  vpc_id            = aws_vpc.default.id
  cidr_block        = "10.1.3.0/24"
  availability_zone = "us-east-1c"
  tags = {
    Name = "Terraform_Public_Subnet3-testing"
  }
}

resource "aws_route_table" "terraform-public" {
  vpc_id = aws_vpc.default.id

  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = aws_internet_gateway.default.id
  }

  tags = {
    Name = "Terraform_Main_table-testing"
  }
}

resource "aws_route_table_association" "terraform-public" {
  subnet_id      = aws_subnet.subnet1-public.id
  route_table_id = aws_route_table.terraform-public.id
}

resource "aws_security_group" "allow_all" {
  name        = "allow_all"
  description = "Allow all inbound traffic"
  vpc_id      = aws_vpc.default.id

  ingress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

Initialize the backend with terraform init.

5.Remote Data Source Backend

Terraform can fetch data from remote backends, such as S3 or other Terraform configurations, using terraform_remote_state.

we can see new state file created based on previous state file of our infra setup Base-infra.tf configuration

Sample Workflow

Write Configuration: Create resource files (e.g., vpc.tf, ec2.tf).
Initialize: Run terraform init to set up the environment.
Plan: Run terraform plan to preview changes.
Apply: Run terraform apply to provision resources.
State Management: Use remote state for large infrastructures.

Additional Resources

AWS Resources: VPCs, Internet Gateways, Subnets, Security Groups, EC2 instances.
Data Sources: Reuse existing resources effectively.
Remote State Management: Ensure consistency across environments.

Conclusion

Terraform provides unparalleled flexibility and multi-cloud support compared to CNT tools like CloudFormation and Azure Resource Manager. It simplifies infrastructure management with modules, reusable configurations, and robust state management.

Start your Terraform journey today and experience the power of IaC!