terraform_w9

TF files and notes from w9 terraform course

------------
first_resource

Initialize
$ terraform init

Check state
$ terraform plan

Execute the terraform script
$ terraform apply

Delete resource 
$ terraform destroy

CIDR IP quantity = (2 ^ (32 - n)) - 5
eg: 10.0.0.0/16 where we n is 16, so we have 65531 
    255 * 255 = 65025
    Range = 10.0.0.0 - 10.0.255.255
------------
variables

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc
eg: aws_vpc.myvpc.id or aws_vpc.myvpc.arn

------------
challenge1

Create a VPC named TerraformVPC
CIDR Range: 192.168.0.0/24

------------
ec2

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance

------------
eip Elastic IP

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip

------------
sg Security Group
stateless involves setting an inbound and outbound rule to ensure flow of traffic.
Is stateful: Return traffic is automatically allowed, regardless of any rules
Is stateless: Return traffic must be explicitly allowed by rules

------------
dynamic Dynamic Blocks
Allows us to go through a list and turn every element into tf code. 
One use case is to interate though a list of ports to allow in a security group.

------------
challenge2 ec2
Create a DB server and output the private IP.
Create a web server and ensure it has a fixed public IP.
Create a security group for the web server, opening ports 80 and 443.
Run the provided scripts on the web server. 

------------
Modules
A module is a forewarder with code inside it. 
Allows to extend the functionality of terraform to reuse code. 
Terraform registry has community modules we can use. 
https://registry.terraform.io/

------------
challenge3_modules
Modularise challenge2

------------
iam
Its recommended to make the policy from console and copy the JSON
EOF stands from End Of File and will contain the JSON policy
There is a limit to size of JSON policy, so will need to split files if too long. 

------------
rds 
Going through the aws console setup for rds will give us a better idea of all the fields we need to set in terraform. 
name is the database name eg: customers, 
and identifier is unique name for the instance eg: prod-customer-db-server. 
username and password should ideally be in a secrets manager like vault and be injected when needed.
skip_final_spanshot must be set to true, and during destroy it will try and take spanshot and fail.

------------
backend
The state file is a very important in terraform. Loosing it will disasterours. 
We can store it in S3.
key specifies the location and file name, "terraform/tfstate.tfstate".
Leaving access_key and secret_key blank will prompt you to enter it when we run the tf file. 
On mac or linux we can use "$ cat ~/.aws/credentials" to find our access_key and secret_key

------------
dep Dependencies
Suppose we have a tf file where we have are builing multiple ec2 instances,
and we need db server to build before web server, 
we can specify in web server "depends_on = [aws_instance.db]"
One of the common use cases is for EIP for an EC2 instance as it may take longer to provision. 

------------
count_demo
Helps us create multiple resources

------------
count_adv
One use case is inaddition to setting a count, can set multiple server names from a list.

------------
vars 
Instead of creating multiple terraform files for each environment, 
we can instead have variable files. 

------------
import 
With import we can bring in control of resources not managed by terraform but active on console into control of terraform. 
eg: for a vpc that we create on console, we specify same in tf file,
    then in command line "$ terraform import aws_vpc. "

------------
data_sources
Data Sources are a way to query aws and get a result.
It makes an API request to get information.
We can use it for amis, backups, users, ...
We specify the data filter and output
"$ terraform apply -auto-approve"

------------