More about Infrastructure as Code AWS
August 17, 2020
Topics: Cloud Volumes ONTAP AWSElementary7 minute readAutomation
Terraform enables you to configure and manage your infrastructure as code. You can use Terraform on a wide range of cloud platforms, including AWS. As opposed to AWS CloudFormation, you can use Terraform for multicloud and hybrid cloud deployments, using APIs to integrate with your existing pipelines.
In this post, we’ll examine how you can leverage Terraform to manage Infrastructure as Code on AWS, and provide a Terraform AWS example tutorial. We will also show how NetApp Cloud Volumes ONTAP can help you to simplify the management of multi-vendor and hybrid cloud environments.
In this article, you will learn:
- Why use Terraform on AWS
- Deploying a Terraform Enterprise Cluster on AWS
- Leveraging Terraform to manage AWS infrastructure
- Terraform AWS with Cloud Volumes ONTAP
Why Use Terraform on AWS?
Terraform is an open source tool, created by HashiCorp, that enables you to declare your infrastructure as code. You can use it to create versioned configuration files that can be managed the same as an application codebase. With Terraform, you can automate infrastructure as code (IaC) deployments across complex cloud environments.
Using Terraform with AWS you can deploy environments as needed with minimal chance for error. The tool takes your configuration information and performs all of the necessary API calls to deploy your resources.
There is a tool available from AWS that can perform similar tasks called AWS CloudFormation. However, CloudFormation is a proprietary tool with a steep learning curve. By using Terraform instead, you are able to get started faster, use the same tool for multi and hybrid-cloud deployments, and easily integrate with your existing pipelines.
Learn more in our article about Terraform for EBS and EFS.
Learn about other options for automating AWS in our article about Ansible on AWS.
Deploying a Terraform Enterprise Cluster on AWS
Below you’ll see a tutorial explaining how to deploy a Terraform Enterprise Cluster to AWS. Before you get started there are a few things you need to prepare and verify. Once you have met the prerequisites you can continue to the preparation steps. For a full description, see the Terraform documentation here.
- Decide which Terraform operational mode you are using
This mode determines how your stateful data is stored. With AWS, your options include storage in S3, AWS RDS, or AWS EBS volume. You also need to verify that whatever storage you choose meets the requirements of your operational mode.
- Verify you have the proper credentials
This includes a Terraform Enterprise license and a TLS certificate. When obtaining this certificate, make sure that you make it available to the AWS Certificate Manager (ACM) and that it matches the domain provided.
Prepare an Instance for Terraform
If you do not already have an instance for Terraform to run in AWS, you need to create one. When setting up this instance make sure that you have installed the latest 0.11 release and made it available in the PATH.
Prepare your Infrastructure
Next, you need to prepare your infrastructure. This involves verifying the following elements are available and accessible:
- A virtual private cloud (VPC)
- Public and private subnets that span multiple availability zones (AZs)
- A DNS zone
Define Terraform Configuration
Once your preparation is complete, you can define your Terraform configuration plan.
- From your web browser, go to the Terraform Registry and select the hashicorp/terraform-enterprise/aws module.
- Review the input variables of the module to confirm your choice.
- Define a new Terraform configuration that calls your module:
- From the module's Terraform Registry page, copy the "Provision Instructions"
- Define your input variables and confirm values are correct.
- Define optional variables as needed or use the default variables. Default variables will create a mid-sized cluster running in the Demo operational mode.
- Map your module output values to root-level outputs. This ensures that Terraform displays outputs after configuration.
Apply Your Configuration
After your configuration is defined, you are ready to implement it.
- Initialize your Terraform instance and run your defined plan. The fastest way is to do this from the CLI using the following commands:
$ terraform init
$ terraform plan -out planfile
- Assuming your plan runs without issues, you can apply it with the following command. If you do encounter issues, you need to reconfigure your plan and run it again before applying.
$ terraform apply planfile
After the plan is applied you should see the root-level outputs you configured. Your infrastructure is now deployed, and you are ready to move to the application installation. Application installation is done through the web console which may take up to 30 minutes to appear after infrastructure deployment.
- Once your site is available, go to the installer dashboard. You can find the address for this defined in your installer_dashboard_url output.
- Using the credentials you defined in your installer_dashboard_password output, log in. From there, you should create your admin credentials, your admin API, and your organization.
Once your configurations are complete and the application is deployed you can make adjustments as needed. To do this, you need to change your module inputs and re-apply the configuration as necessary.
Leveraging Terraform to Manage AWS Infrastructure
With Terraform set up, you’re ready to begin managing your AWS infrastructure. There are many practices that can help you ensure smooth operations but two important ones to start with involve managing your secrets and creating a modular infrastructure.
You can directly provide an AWS access key to Terraform. However, you should consider accessing keys through one of the credential profiles included in the AWS Software Developer Kits (SDKs). Doing so eliminates the need to manage secrets in multiple locations and reduces the chance of secrets being included in versioning documents.
Alternatively, you can run Terraform from a control server managed by AWS Identity and Access Management (IAM) profiles. If you choose this option, you need to make sure to create policies that appropriately restrict permissions. For example, you may want to allow developers to create resources on Elastic Load Balancers but restrict them from creating IAM roles.
To set up the use of IAM profiles with Terraform, you need to remove access_key and secret_key declarations AWS provider block. You should also remove any variables that reference these values. Once removed, Terraform automatically defaults to profiles for credentialing.
Create a modular infrastructure
One of the advantages of IaC is the ability to define your infrastructure in terms of components. Component definitions make it easier to update and modify infrastructure.
These definitions can also serve a double purpose as documentation for your infrastructure. This dual use can greatly reduce the time spent managing infrastructure while ensuring that documentation is always up to date.
When creating your infrastructure definitions, keep in mind that Terraform enables you to segment definitions into multiple files. This requires carefully deciding on a logical structure for your plans.
Breakdowns to consider include plans grouped by application, microservice, AWS service, or security boundary. For example, you can create one group of files for application frontends and another for back-end databases.
You should also try to leverage Terraform modules. Modules are constructs that enable you to reuse infrastructure code like building blocks.
These constructs can be shared across teams or organizations for faster deployment and better standardization of practices. These modules are particularly useful for enabling self-service deployments and ensuring that users deploy in compliance with organization policies.
Terraform AWS with Cloud Volumes ONTAP
NetApp Cloud Volumes ONTAP, the leading enterprise-grade storage management solution, delivers secure, proven storage management services on AWS, Azure and Google Cloud. Cloud Volumes ONTAP supports up to a capacity of 368TB, and supports various use cases such as file services, databases, DevOps or any other enterprise workload, with a strong set of features including high availability, data protection, storage efficiencies, Kubernetes integration, and more.
In particular, Cloud Volumes ONTAP provides Cloud Manager, a UI and APIs for management, automation and orchestration, supporting hybrid & multi-cloud architectures, and letting you treat pools of storage as one more element in your Infrastructure as Code setup.
Cloud Manager is completely API driven and is highly geared towards automating cloud operations. Cloud Volumes ONTAP and Cloud Manager deployment through infrastructure- as- code automation helps to address the DevOps challenges faced by organizations when it comes to configuring enterprise cloud storage solutions. When implementing infrastructure as code, Cloud Volumes ONTAP and Cloud Manager go hand in hand with Terraform to achieve the level of efficiency expected in large scale cloud storage deployment in AWS.