• Deploy your infrastucture resources with code.
• It enables DevOps, version control, better collabration
• Declarative - code in a readable format not worring about api
• speed, cost , reduced risk

below code is an example for IAC, thi is a code to get current VPCs from AWS environment

example

• Terrform is declarative
• Codify your Software defined networking
• all cloud IAC solution (AWS,GCP,Azure) , cloud agnostic
• check out all providers for terraform, LINK

Write -> Plan -> Deploy

Write the code, plan and review the code & once you are happy Apply to deploy the resources.

• it initialize the directory
• which means it will add modules and plugins.
• setup up backend

terraform plan

• it allow the users to review the code
• helps to understand what are you deploying
• your Auth keys are used only if needed

terrform apply

• deploy the code , create resources in your cloud
• updates the statefile, terraform.tfstate
• tfstate can store in local and remote

terraform destroy

• destroy all your resources from cloud acording to the config file, that you created using code.

aws , google , azure

terraform {
 required_providers {
 aws = {
 source = "hashicorp/aws"
 version = "4.8.0"
 }
 }
}
provider "aws" {
 # Configuration options
}

resource "aws_vpc" "example" {
 cidr_block = "10.0.0.0/16"
}

call it by resource.aws_vpc.example

data "aws_ami" "web" {
 provider = aws.west
 #...
}

you can call it by data.aws_ami.web

terrform will look for providers first while excuting the .tf files in the folder.

• Install on linux, Windows, Mac.

• Extention - HashiCorp Terraform, Terraform doc snippets

Method One

• Not a good practice but one way of doing it

terraform {
 required_providers {
 aws = {
 source = "hashicorp/aws"
 version = "4.6.0"
 }
 }
}
provider "aws" {
 region = "ap-southeast-2"
 aceess_key= ""
 secert_key = ""
}

Method Two

• Use IAM Programatic access with least privilage access
• then configure

Method Three

$ export AWS_ACCESS_KEY_ID="anaccesskey"
$ export AWS_SECRET_ACCESS_KEY="asecretkey"
$ export AWS_DEFAULT_REGION="us-west-2"
$ terraform plan

Method Four

terraform {
 required_providers {
 aws = {
 source = "hashicorp/aws"
 version = "4.6.0"
 }
 }
}
provider "aws" {
 profile = "default"
 region = "ap-southeast-2"
}

terraform -help

Main commands:

init - Prepare your working directory for other commands.
validate - Check whether the configuration is valid / Making sure syntax is correct.
plan - Show changes required by the current configuration / lets us know what terraform will do with the script.
apply - Create or update infrastructure/ deploy Infrastucture.
destroy - Destroy previously-created infrastructure.

All other commands:

console - an interactive command prompt.
fmt - Reformat your configuration in the standard style.
output - output values from your root module.
force-unlock Release a stuck lock on the current workspace. get Install or upgrade remote Terraform modules.
graph Generate a Graphviz graph of the steps in an operation.
import Associate existing infrastructure with a Terraform resource.
login Obtain and save credentials for a remote host.
logout Remove locally-stored credentials for a remote host.
providers Show the providers required for this configuration.
refresh Update the state to match remote systems.
show Show the current state or a saved plan.
state Advanced state management.
taint Mark a resource instance as not fully functional.
test Experimental support for module integration testing.
untaint Remove the 'tainted' state from a resource instance.
version Show the current Terraform version.
workspace Workspace management.

• track your resources state.

• identify the changes and othe details about the deployed infrastructure is shown in this file

• json format

• sensitive file

• can be kept in remote storage place (example: - S3)

• tracked and stored in terraform.tfstate

• terraform.tfstate.backup is a backup file

• helps to detect drift

• terraform refresh - helps to find drift

• store state in local and can setup to store in remote like s3

• remote state is more secure

• terrform state can be locked and locks by default by terraform locally

examples how variables are declared.

variable "availability_zone" {
 type = string
 default = "us-west-1a"
}

variable "my-variable"{}

• use it separate in variable.tfvars file.
• you can add validation during running variables
• can add sensitive to data, its a bool value - true or false

• string
  • example

   variable "image_id" {
   type = string
   description = "The id of the machine image (AMI) to use for the server."
   }
  

• number
• bool
  • example

    variable "user_information" {
     type = object({
     name = string
     address = string
     })
     sensitive = true 
    }
    resource "some_resource" "a" {
     name = var.user_information.name
     address = var.user_information.address
    }
    

• list

  • example

  variable "az_names"{
   type = list(string)
   default=["ap-southeast-2"]
  }
  

• set

• map

• object

• tuple

output "instance_ip_addr" {
 value = aws_instance.server.private_ip
}

• return values from the config file
• if you declare it, you will get outputs printed acording to the code

run script locally or on remote resources

There are Two type of Provisioners

• Create-time , run when resource creation
• Destroy-time , run when resource distruction

Best Practice

• if there is a inherent way to pass the script by public cloud provider , use that.
• terraform cannot track through state files.

if the script running on a resource fails it taint the resource and re-provission on next terraform apply.

Official Documentation

• example

resource "null_resource" "mk" {
 provisioner "local-exec" {
 command = "echo '0' > status.txt"
 }
 provisioner "local-exec" {
 # this runs only during when destroy 
 when = destroy
 command = "echo '1' > status.txt"
 }
}

• Real world resources mapped to terraform code locally
• default Stored locally named terraforms.tfstate
• checks the state before modification.
• metadata tracked via.tfstate

• State Management
• terraform state list - helps to list all resources.
• terraform state rm - delete a resource from state file to untrack or unmanage. (resource will not be removed when you run terraform destroy)
• terraform state show - shows details of a resource.

By defaut terraform state files stored locally

Ex: s3, google storage

• can use version control
• allows work between teams

• Helps to lock the .tfstate file.
• supports on s3 , google cloud and Hasicrop Cosole.
• Contains output values if defined.

• Container which have codes for reusability.

• refer from public terraform library.

• can host private registery.

• can store locally and reference.

• can provide outputs if configured to main block.

• example for a terraform-aws-modules from terraform registry.

  module "ec2_instances" {
  source = "terraform-aws-modules/ec2-instance/aws"
  version = "2.12.0"
  name = "my-ec2-cluster"
  instance_count = 2
  ami = "ami-0c5204531f799e0c6"
  instance_type = "t2.micro"
  vpc_security_group_ids = [module.vpc.default_security_group_id]
  subnet_id = module.vpc.public_subnets[0]
  tags = {
  Terraform = "true"
  Environment = "dev"
   }
  }
  

• Inputs that passed to Modules

• Output can be called in main module using module.module_name.output_name

https://www.terraform.io/language/functions

• file
• max
• log(50, 10)

are some examples

Sigle type value number = 3 stringtype- "this is a string" boolvalue = "true"

Collections type list() map() set()

Structrural object(type) tuple(type) set(type)

Helps to create repatable nested configarations

• data blocks
• resources block
• provider block
• provissioner block

Dynamic blocks makes code cleaner but bit harder than normal so use it with caution.

terraform fmt

• Format code for readability
• can run at any time
• doesnot change anything else

terraform taint resource_address

• marks the resources neeed to be tainted, recreate on next apply.
• Modify only statefile.

terraform import resource_address_id

• import already deployed resources to terraform.

Terraform configuration block

 terraform {
 required_providers {
 aws = {
 source = "hashicorp/aws"
 version = "4.8.0"
 }
 }
}
provider "aws" {
 # Configuration options
}

• always have default workspace.
• used for multipple work environments
• like dev-test-prod
• Check terraform workspace -help

• create new work space

• jump into new workspace

• Turn on verbose for logging

• to export log into file name called terraform.log

terraform fmt - beautify the code and make syntax consistant.
terraform taint - mark a resource to del , and it will be deleted on next terraform apply
terraform import - bring already build resources to terraform.

• Policy as code
• Has its own laungage
• Version control
• Testing and Automation
• ex :- enforce CIS Security standards

• Secrets Management Software
• Pass temparory creds

• Modules are stored in registry
• Publically accessable
• Anyone can contribute to Registry

• workspaces hold in cloud rather than in local
• records activity
• Can trigger via github actions

• Create statefile locally
• Variables are stored in.tfvars file
• creds are stord locally

• Version control
• communicated via API/CLi
• State files stored in Cloud
• variables are stored in cloud work space
• creds are stord in cloud

• remote execution
• workspace on org model
• version control
• manage remotely
• Private registry avilable to host privately
• cost estimation
• policy as code with sentinal