Terraform Configuration Language 

Terraform Configuration Language

Use the Terraform configuration language to describe the infrastructure that Terraform manages.

This is the documentation for Terraform’ s configuration language. It is relevant to users of Terraform CLI, Terraform Cloud, and Terraform Enterprise. Terraform’ s language is its primary user interface. Configuration files you write in Terraform language tell Terraform what plugins to install, what infrastructure to create, and what data to fetch. Terraform language also lets you define dependencies between resources and create multiple similar resources from a single configuration block.

The main purpose of the Terraform language is declaring resources, which represent infrastructure objects. All other language features exist only to make the definition of resources more flexible and convenient.

The syntax of the Terraform language consists of only a few basic elements:

resource "aws_vpc" "main" {

  cidr_block = var.base_cidr_block

}

<BLOCK TYPE> "<BLOCK LABEL>" "<BLOCK LABEL>" {

  # Block body

  <IDENTIFIER> = <EXPRESSION> # Argument

}

Blocks are containers for other content and usually represent the configuration of some kind of object, like a resource. Blocks have a block type, can have zero or more labels, and have a body that contains any number of arguments and nested blocks. Most of Terraform's features are controlled by top-level blocks in a configuration file.

Arguments assign a value to a name. They appear within blocks.

Expressions represent a value, either literally or by referencing and combining other values. They appear as values for arguments, or within other expressions.

The Terraform language is declarative, describing an intended goal rather than the steps to reach that goal. The ordering of blocks and the files they are organized into are generally not significant; Terraform only considers implicit and explicit relationships between resources when determining an order of operations.

Overview - Configuration Language | Terraform | HashiCorp Developer

Terraform Providers:

Terraform providers are plugins that allow Terraform to manage resources on different cloud providers and infrastructure platforms. Each provider defines a set of resources that can be managed, as well as the API calls that Terraform can use to create, update, and delete those resources.

Terraform providers are available for a wide range of platforms, including AWS, Azure, Google Cloud Platform, Kubernetes, and Oracle Cloud Infrastructure. To use a provider, you first need to install it. Terraform can automatically download providers from the Terraform registry, or you can manually download them from the provider's website.

Prerequisites

Before you dive into terraform configuration & infrastructure automation, make sure you have the following in place:

●        An Amazon Web Services account (AWS).

●        An IAM user with an access key ID and secret key set up on your local machine.

●        AWS_restart learners can get the above keys from lab instructions page or sandbox environment.

●        Terraform installed.

●        Install GIT in local machine.

●        Setup GITHUB account & create a repository to maintain capstone project.

●        Setup Terraform cloud account to implement CI/CD

To find a provider, search for the required provider on the Terraform website.

Requiring Providers

Each Terraform module must declare which providers it requires, so that Terraform can install and use them. Provider requirements are declared in a required_providers block.

A provider requirement consists of a local name, a source location, and a version constraint:

terraform {

  required_providers {

mycloud = {

   source  = "mycorp/mycloud"

   version = "~> 1.0"

}

  }

}

The required_providers block must be nested inside the top-level terraform block (which can also contain other settings).

Each argument in the required_providers block enables one provider. The key determines the provider's local name (its unique identifier within this module), and the value is an object with the following elements:

source - the global source address for the provider you intend to use, such as hashicorp/aws.

version - a version constraint specifying which subset of available provider versions the module is compatible with.

Once a provider is installed, you can use it to manage resources in your Terraform configuration. To do this, you need to specify the provider’s name and the resource type that you want to manage.

Here are some of the benefits of using Terraform providers:

●        Portability: Terraform providers allow you to use the same Terraform configuration to manage resources on different platforms. This can save you time and effort when you need to deploy your infrastructure to multiple clouds.

●        Consistency: Terraform providers can help you to create consistent infrastructure across different platforms. This can help to improve the reliability and security of your infrastructure.

●        Automation: Terraform providers can help you to automate the creation, update, and deletion of resources. This can free up your time to focus on other tasks.

Terraform variables

Terraform variables are values that can be used in Terraform configuration files. They can be used to make your configuration more flexible and reusable.

Variables can be defined in a few different ways:

●        In a variables.tf file: This is the most common way to define variables. The variables.tf file is loaded by Terraform before any other files, so variables defined in this file can be used by all other files in your configuration.

●        In a resource block: You can define variables within a resource block to specify values that are specific to that resource.

●        On the command line: You can pass variables to Terraform on the command line using the -var flag.

Once a variable is defined, you can use it in your configuration by using the var keyword. For example, the following code defines a variable called name and then uses it to set the name of an AWS instance:

Code snippet

variable "name" {

  type = string

}

resource "aws_instance" "example" {

  name = var.name

}

When you run Terraform, it will prompt you for the value of the name variable. You can also set the value of the variable in a variables.tf file or on the command line.

Variables are a powerful way to make your Terraform configuration more flexible and reusable. By using variables, you can avoid hard-coding values in your configuration and make it easier to share your configuration with others.

Here are some of the benefits of using Terraform variables:

●        Flexibility: Variables allow you to make your configuration more flexible by allowing you to specify values at runtime. This can be useful for things like changing the name of a resource or the region in which a resource is created.

●        Reusability: Variables can be used to make your configuration more reusable by allowing you to share values across different configurations. This can save you time and effort when you need to create multiple similar configurations.

●        Security: Variables can be used to store sensitive information, such as passwords and API keys, in a secure location. This can help to protect your infrastructure from unauthorized access.

Terraform Data types

Terraform data types are the different types of values that can be used in Terraform configuration files. There are four main types of data in Terraform:

●        Strings: Strings are sequences of characters. They can be used to represent text, such as the name of a resource or a password.

●        Numbers: Numbers can represent integers or floating-point values. They can be used to represent things like the number of instances in a cluster or the size of a disk.

●        Booleans: Booleans can represent either true or false. They can be used to represent things like whether a resource is enabled or disabled.

●        Lists: Lists are sequences of values. They can be used to represent things like a list of IP addresses or a list of users.

In addition to these four main types, terraform also supports several other types, such as maps, sets, and objects.

●        Maps: Maps are like lists, but they use named keys to access values. They can be used to represent things like a map of IP addresses to hostnames or a map of usernames to passwords.

●        Sets: Sets are like lists, but they do not allow duplicate values. They can be used to represent things like a set of allowed IP addresses or a set of users who are allowed to access a resource.

●        Objects: Objects are like maps, but they use dot notation to access values. They can be used to represent complex data structures, such as JSON objects.

Terraform data types are used to define the values of variables, the arguments of resources, and the outputs of resources. By using data types, you can ensure that the values in your configuration are valid and consistent.

Here are some of the benefits of using Terraform data types:

●        Type safety: Data types help to ensure that the values in your configuration are valid. This can help to prevent errors and make your configuration more reliable.

●        Consistency: Data types help to ensure that the values in your configuration are consistent. This can make your configuration easier to understand and maintain.

●        Reusability: Data types can be used to define reusable modules and templates. This can help you to save time and effort when creating new infrastructure.

 How does AWS connect to Terraform?

As previously stated, for Terraform to connect to Amazon Web Services, you need the Terraform AWS provider, which calls the AWS API and manages the cloud resources.

There are multiple ways Terraform providers allow you to declare credentials for authenticating and connecting to Amazon Web Services. Let’s discuss all the ways in the upcoming sections.

Declaring static credentials

The easiest way for Terraform to authenticate using an Amazon Web Services account is by adding static credentials in the AWS provider block, as shown below. Still, it is not good practice to hardcode access keys. And using secret keys is risky and they can be compromised by attackers.

To declare static credentials in the AWS provider block, you must declare the AWS region name and the static credentials, i.e., access_key and secret_key, within the aws provider block.

provider "aws" {

region = "us-east-2"

access_key = "us-east-2-access-key"

secret_key = "us-east-2-secret-key"

}

Declaring environment variables

You learned to declare static credentials in the AWS provider in the previous section. Instead of declaring the credentials directly in the provider block, you can declare them as environment variables representing your Amazon Web Services access key and secret key, respectively.

Again, environment variables are risky to use and can be leaked but using them is better than declaring static credentials. To declare the AWS provider using environment variables, execute the export command first on the machine where you intend to use the AWS provider followed by the provider block.

export AWS_ACCESS_KEY_ID="aws_accesskey"

export AWS_SECRET_ACCESS_KEY="aws_secretkey"

export AWS_DEFAULT_REGION="us-east-2"

Finally, declare the provider after executing the export commands as shown below.

provider "aws" {}

Declaring shared credentials in the AWS provider

Another way of specifying the credentials in the AWS provider is by using shared credentials. Shared credentials are different Amazon Web Services profiles that you create on your machine by adding an access key, a secret key, and a region in the. aws folder. These details are stored in the credentials file inside your home directory and are safe to use.

 # Declaring the aws provider

provider "aws" {

# Specifying the region of AWS

region = "us-east-2"

shared_credentials_file = "/Users/testuser/.aws/creds"

profile = "testprofile"

}

References

How to Install Terraform on Windows, Linux, and MacOS (phoenixnap.com)

How to Use the Terraform AWS Provider - Petri IT Knowledgebase

DevOps Big Picture (On-Premises) | Medium

Google Bard, ChatGPT