DEV Community

Cover image for 5 things Terraform can automate in AWS ⚙️
Ari 🪐
Ari 🪐

Posted on • Edited on

5 things Terraform can automate in AWS ⚙️

Terraform is an orchestration tool that can provision infrastructure with code. Instead of opening the AWS Management Console to create our resources, we can do that directly in our editor with HCL (HashiCorp's Configuration Langauge).🎉

Let's look at some things we can automate in AWS.

Alt text of image

Prerequisites

Note: A step-by-step guide for setup can be found in the Github README.md

TODOs

Launch an EC2 Instance
Create an S3 Bucket
Create a backend state with S3
Create IAM group and policy
Add IAM users to a group


Launch an EC2 Instance

#variables.tf
variable "region" {
  description = "AWS region"
  default     = "us-east-2"
}

variable "ami" {
  default     =  "ami-0c8110836d05ad7bd"
}

#main.tf
provider "aws" {
  region  = var.region
}

terraform {
  required_version = ">= 0.12"
}

resource "aws_instance" "ec2_example" {
  ami           = var.ami
  instance_type = "t2.micro"
}
Enter fullscreen mode Exit fullscreen mode

In this example, we are creating an AWS resource of type aws_intstance with a unique name ec2_example. This resource spins up an ec2 server by launching a copy of the AMI(Amazon Machine Image).

The AMI is a dynamic value and needs to be updated when creating instances. You can find these on the AWS console or search for ubuntu images here (For t2.micro select hvm:ebs-ssd).

Create an S3 Bucket

#variables.tf
variable "region" {
  description = "AWS region"
  default     = "us-east-2"
}

#outputs.tf
output "s3-bucket" {
  value = aws_s3_bucket.b_example.bucket
}

#main.tf
provider "aws" {
  region  = var.region
}

resource "aws_s3_bucket" "b_example" {
  bucket = "bucket-example-tmed232323"
  force_destroy = true
  acl    = "private"

  versioning {
    enabled = true
  }
}
Enter fullscreen mode Exit fullscreen mode

An s3 bucket is used for storage. To create a bucket a unique name is required. If you do not add one AWS will create one for you. To grant access to a bucket acl can be used. By default it is set to private. force_destory=true is set for testing purposes. This will allow us to delete the bucket with terraform destroy even if it is not empty.

versioning keeps different variants of an object in the bucket and outputs.tf will output the results of the file to the console after an apply.

Create a backend state with S3

#main.tf
terraform {
  backend "s3" {
    bucket = "bucket-example-tmed232323"
    key    = "terraform-aws-automation/create-s3-backend-state/terraform.tfstate"
  }
}
Enter fullscreen mode Exit fullscreen mode

In this example, remote state is being stored with a terraform.tfstate file. This is common practice when using Terraform with more than one person so state does not get locked and only one person can make changes at a time on the latest copy. Since the bucket we created is using versioning there will be a history of changes stored as well.

To add an object to a bucket the unique bucket name is required along with the key which defines the path of the file that's created in AWS.

Create IAM group and policy

#variables.tf
variable "region" {
  description = "AWS region"
  default     = "us-east-2"
}
#main.tf
provider "aws" {
  region  = var.region
}

resource "aws_iam_group" "admin_example" {
  name = "admin_example"
}

resource "aws_iam_policy_attachment" "admin-attachement" {
  name       = "admin-attachement"
  groups     = [aws_iam_group.admin_example.name]
  policy_arn = "arn:aws:iam::aws:policy/AdministratorAccess"
}

Enter fullscreen mode Exit fullscreen mode

Groups are collections of IAM users that share specific privileges or policies.

Two resources are created here, one for the IAM group and another to attach a policy to that group. The attribute policy_arn is set to attach the Administrator Access policy to the IAM group.

Add IAM users to a group

#variables.tf
variable "region" {
  description = "AWS region"
  default     = "us-east-2"
}

#main.tf
provider "aws" {
  region  = var.region
}

resource "aws_iam_user" "admin_example_1" {
  name = "admin_example_1"
}

resource "aws_iam_user" "admin_example_2" {
  name = "admin_example_2"
}

resource "aws_iam_group_membership" "admin-user-group-example" {
  name = "admin-user-group-example"
  users = [
    aws_iam_user.admin_example_1.name,
    aws_iam_user.admin_example_2.name,
  ]
  group = "admin_example"
}

Enter fullscreen mode Exit fullscreen mode

After an IAM group is created we can add new users to it. This is down with the resource type aws_iam_group_membership. Users are passed to this resource along with the name of the group.


To run these examples locally, clone the repo and navigate to the root directory. In your terminal cd into one of the above directories and follow these steps:

  1. Initialize Terraform: terraform init
  2. Check the plan to make sure the configuration will do what we expect: terraform plan
  3. Apply the execution plan and build the stack: terraform apply
  4. Check the resource is up: terraform state list or terraform state show 'type.name' ex. aws_instance.ec2_example
  5. Tear down all provisions: terraform destroy

If you found this article useful give the repo a ⭐️ and check back later for more examples of automating AWS with Terraform. 🙂✌🏾

GitHub logo ari-hacks / terraform-aws-automation

⚙️ Examples of provisioning AWS resources with Terraform

Automating AWS with Terraform

External Resources

Amazon EC2 AMI Locator

Pre-requisite Setup

AWS Account - Free Tier

  • Sign up for AWS Free Tier account if you do not already have one

Create an IAM user

  1. Log into your root AWS account
  2. Select Services > IAM
  3. On the left nav bar select 'Users'
  4. Select 'Add user'
  5. Create a username 'terraform-admin'
  6. Select AWS access type as Programmatic access (and AWS management console access to view resources on the dashboard)
  7. Select Next: Permissions
  8. Select Create group
  9. Add a group name 'admins'
  10. Check AdministratorsAccess and Create group, check group
  11. Select Next: Tags
  12. Select Next: Review
  13. Select Create User
  14. You will need the generated access key Id, and the secret access key (Download the csv provided or store these values)

Top comments (0)