We can use Terraform with many IaaS providers, such as Google Cloud or Digital Ocean. Here, we'll configure Terraform to be used with AWS and stick with this provider for the rest of the chapter.
For Terraform to interact with an IaaS, it needs to have a provider configured.
To step through this recipe, you will need the following:
- An AWS account with keys
- A working Terraform installation
- An empty directory to store your infrastructure code
- An Internet connection
To configure the AWS provider in Terraform, we'll need the following three files:
- A file declaring our variables, an optional description, and an optional default for each (
variables.tf) - A file setting the variables for the whole project (
terraform.tfvars) - A provider file (
provider.tf)
Lets declare our variables in the variables.tf file. We can start by declaring what's usually known as the AWS_DEFAULT_REGION, AWS_ACCESS_KEY_ID, and AWS_SECRET_ACCESS_KEY environment variables:
variable "aws_access_key" {
description = "AWS Access Key"
}
variable "aws_secret_key" {
description = "AWS Secret Key"
}
variable "aws_region" {
default = "eu-west-1"
description = "AWS Region"
}Set the two variables matching the AWS account in the terraform.tfvars file. It's not recommended to check this file into source control: it's better to use an example file instead (that is: terraform.tfvars.example). It's also recommended to use a dedicated Terraform user for AWS, not the root account keys:
aws_access_key = "< your AWS_ACCESS_KEY >" aws_secret_key = "< your AWS_SECRET_KEY >"
Now, let's tie all this together into a single file, provider.tf:
provider "aws" {
access_key = "${var.aws_access_key}"
secret_key = "${var.aws_secret_key}"
region = "${var.aws_region}"
}Apply the following Terraform code:
$ terraform apply Apply complete! Resources: 0 added, 0 changed, 0 destroyed.
It only means the code is valid, not that it can really authenticate with AWS (try with a bad pair of keys). For this, we'll need to create a resource on AWS.
This first encounter with HashiCorp Configuration Language (HCL), the language used by Terraform, and other Hashicorp products looks pretty familiar: it's a structured language fully compatible with JSON. We can find more information about HCL here: https://github.com/hashicorp/hcl. In this case, we've declared variables with an optional description for reference. We could have declared them simply with the following:
variable "aws_access_key" { }All variables are referenced to use the following structure:
${var.variable_name}If the variable has been declared with a default, as our aws_region has been declared with a default of eu-west-1; this value will be used if there's no override in the terraform.tfvars file.
What would have happened if we didn't provide a safe default for our variable? Terraform would have asked us for a value when executed:
$ terraform apply var.aws_region AWS Region Enter a value:
We've used values directly inside the Terraform code to configure our AWS credentials. If you're already using AWS on the command line, chances are you already have a set of standard environment variables:
$ echo ${AWS_ACCESS_KEY_ID} <your AWS_ACCESS_KEY_ID> $ echo ${AWS_SECRET_ACCESS_KEY} <your AWS_SECRET_ACCESS_KEY> $ echo ${AWS_DEFAULT_REGION} eu-west-1
If not, you can simply set them as follows:
$ export AWS_ACCESS_KEY_ID="123" $ export AWS_SECRET_ACCESS_KEY="456" $ export AWS_DEFAULT_REGION="eu-west-1"
Then Terraform can use them directly, and the only code you have to type would be to declare your provider! That's handy when working with different tools.
The provider.tf will then look as simple as this:
provider "aws" { }