Making sense of our template

So far, we have created a VPC with a single subnet. While we played around with master-slave instances and dependencies between them, these were just temporal changes to show how Terraform handles these use cases. Now it's time to add more meat to the template: let's create an instance, with a security group attached to it.

Let's say we have a web application named MightyTrousers and we need a server for this, protected from unwanted traffic by a security group:

resource "aws_security_group" "allow_http" { 
  name = "allow_http" 
  description = "Allow HTTP traffic" 
  vpc_id = "${aws_vpc.my_vpc.id}" 
 
  ingress { 
    from_port = 80 
    to_port = 80 
    protocol = "tcp" 
    cidr_blocks = ["0.0.0.0/0"] 
  } 
 
  egress { 
    from_port = 0 
    to_port = 0 
    protocol = "-1" 
    cidr_blocks = ["0.0.0.0/0"] 
  } 
} 
 
resource "aws_instance" "mighty-trousers" { 
  ami = "ami-9bf712f4" 
  instance_type = "t2.micro" 
  subnet_id = "${aws_subnet.public.id}" 
  vpc_security_group_ids = ["${aws_security_group.allow_http.id}"] 
}

Given that we have only single web application, our Terraform template would represent a complete production-ready template for the whole infrastructure. It handles dependencies very well, updates changes, and in general, solves the problem of templating all used AWS services. The problem is that single VPC with single server is probably the least complicated infrastructure one could imagine. But it's a good start.

After a little while your company grows beyond original small web application, of course. Developers have written a new app, named CrazyFoods. Now you need to template it too.

At first, we will be tempted to simply copy and paste the configuration of MightyTrousers application, replace some strings in few places, and call it a day. But soon we realize that it wouldn't be the job well done: we just duplicated a bunch of code for no reason. As we really want both applications to have the same setup, we now have to make sure that this new huge template is properly updated in two places--once for the MightyTrousers application (security group + instance) and then again for the CrazyFoods app (also a security group + instance).

Wouldn't it be nice to reuse existing configuration and update it from single place? Enter Terraform modules.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.223.32.230