Terraform Locals & Providers

[00:00:00]
>> Erik Reinert: So now what I'm going to do is I'm going to go into my terraform directory and we're going to set up a couple of files. The first file we're going to set up is actually a locals tf and inside of that locals TF file I'm going to copy and paste a variable.

[00:00:19]
Just one variable. It's the only variable I need. But can anyone guess why I need this variable? To interact with the ECS cluster? Kind of, yeah. So when I built this, I wanted to evaluate whether or not I was going to use a VPN for this solution. I decided not to, just because it's just more work, more effort.

[00:00:46]
An easier approach would just be to set up what's called a bastion host. Can anyone tell me what a bastion host is? It's like a jump box that lets you jump and access things that you're not supposed to. Through a middleman? Yeah, pretty much, yeah. So a bastion host is basically like a backdoor into your network through a machine.

[00:01:09]
And so this is kind of like a, it's a little bit more of an older school approach to handling this. Like normally you would drop a VPN into the network and then you would just connect into the network via that VPN. But unfortunately Amazon VPNs aren't cheap and they take a while to provision, so it just didn't really work very well with the course.

[00:01:27]
But what we can do is we can at least put an instance that's publicly accessible, but only permits your IP address or wherever you're from to access it. So that's exactly what this is here. Effectively what we would do is we would put in our public IP address.

[00:01:46]
The long story short of is though, that if we wanted to make it so that we could at least get some kind of backdoor into our network on the cloud, this is at least one very simple approach of doing it, which is just putting an instance in there.

[00:01:58]
Just make that one instance public. But then you can SSH into that machine and that instance can have all of your SSH keys to everything else that you need access to. What's nice about a bastion host is I will say is that you can kind of automate it into your environment.

[00:02:14]
So again, you can create a bastion host that already has like SSH key set up and everything. So all you have to do is give access to your developers to that and then that's it. They don't need to have access to everything else, you just give them access to the bastion bastion host and then they get access through that host.

[00:02:32]
So they're actually really nice. I kind of miss using Bastion hosts more, but VPNs are just nice because they directly drop you into the network. You don't have to connect to anything, right? Right, so So if you wanted to, you could swap out the implementation in here with a VPN is really all I'm trying to say.

[00:02:48]
And you'd be able to connect to the service or the environment as well. All right, so we're going to save that file and then the next thing we're going to do is we're going to create what's called a Providers file. So Providers tf and then I'm going to copy and paste one provider.

[00:03:08]
It's just the Amazon main Hashicorp provider, if you don't know. Hashicorp actually has a lot of really, really great documentation on the Internet for Terraform. And if you're doing a lot of Terraform, you will be using it like a Wikipedia or an index. You will be constantly referencing that thing.

[00:03:29]
I cannot tell you when I'm making Terraform, how often I'm pulling up that site and looking for attributes or things. Whenever you're building automation, there's normally two things I suggest with Terraform specifically, and I would at, you know, put these as a note because I do think that these are kind of game changers for me.

[00:03:48]
The first one is. Yeah, the Terraform docs, right. So, for example, if I just did Terraform aws, I can go and find the complete documentation around everything related to aws, the provider, how to configure it, all of the resources that I can provision. Sorry, I have dark mode on.

[00:04:10]
There you go. Sorry to blind everybody. All of the resources, how to configure. And again, you can see here, this is a lot. What's really cool about Terraform is it can manage a lot of things. One of the things I love to show, I don't know if you knew this, but you can actually manage Spotify with Terraform.

[00:04:29]
So if you wanted to manage all your music with Terraform, you totally could. But there's a lot of really great stuff out there. If you're a home lab person like myself, and if you've ever deployed a Proxmox cluster, you can actually have the same experience locally as you may a cloud, right, where you can write Terraform and then it'll provision your instances on your little Proxmox server and it'll have that same automation experience.

[00:04:56]
And this is actually something I've been working with Lately on my stream, which has been really fun. But you can do a lot of other things too. I mean you can manage kubernetes with Terraform, you can manage a lot of different stuff and it's really all here. So I would recommend, if you're looking for something to manage, just search in the Terraform registry.

[00:05:13]
More than likely you'll find something that does what you're trying to do. The second thing that I highly recommend are things called Terraform modules. Terraform by itself provides what are called resources. For example, if I went to VPC here and then I clicked on default vpc, this is a resource, this is a one unit, it's one resource that Terraform will create and or manage for me.

[00:05:42]
However, when you talk about something like this, there's way more than one resource here. As a matter of fact, even though this is in depth as it is, this doesn't even really. This is just the tip of the iceberg with the actual amount of automation it takes to build this.

[00:06:02]
We are going to be in LEGO world really for all of today. Sorry. There are other things out there that the community has created and managed that makes it so that you can have almost like pre built solutions to the things that you're trying to solve. And those are called Terraform modules.

[00:06:24]
So again, Terraform resources and Terraform modules are two different things. So for example, in this scenario, again going back to the vpc, let me go and show you really quickly. So here if I go to vpc, this is all I get. So I get CIDR block, instant Tennessee tags, and then just VPC related stuff.

[00:06:46]
But what if I don't want to have to think about subnets and routing and security groups and all that other stuff. Well, what you can do is you can go Terraform, aws, VPC and if you Google that, you'll see, if you scroll down a little bit, you'll see AWS vpc, Terraform module.

[00:07:08]
These are also on the registry, but these are community built, driven and maintained modules that solve problems on Amazon. So this is more of a step towards I want to solve a problem versus I want to run Terraform. What's nice about this is that if we go to the module on the Terraform registry itself, you can see that this module is actually way more in depth.

[00:07:34]
This module lets us actually select AZS that we want to provision in private subnets and their IP or their CIDRs, public subnets and their CIDRs. It has NAT Gateway support, it has VPN Gateway support. The reason why you would Use something like this over just the VPC resource that I showed you earlier is that you want to care more about these settings than figuring out every single resource you need to create what you're trying to create.

[00:08:01]
Because this underneath the hood will do all of that for you via the customization and the settings on the module. So these are really powerful. We use these a lot at where I work because in all honesty, I don't want to have to think about how to create a VPC with four subnets and routing and a NAT gateway and public access versus private access and blah blah blah.

[00:08:24]
It's like bro, this is just like at this point I just want ChatGPT to do it for me, right? However, there are really nice communities and really, really great projects that exist that will solve these problems. Another one that I would recommend, if you are trying to get into the Kubernetes world on Amazon, I highly recommend you use this module.

[00:08:47]
I do not recommend you use the Terraform resource module because that's just one module and there's auto scaling groups and a bunch of other stuff that you have to add to make Kubernetes work as well. This gives you an out of the box Kubernetes cluster that will just work.

[00:09:03]
It makes going from nothing to Kubernetes very, very easy and very, very simple. You can lean on these modules if you want to and we will be leaning on some of these modules as well as we go through the course. But yeah, just as two takeaways like I said.

[00:09:19]
One, look up resources in the terraform documentation. And then two, look up, look up modules that you can find that can kind of solve these problems for you. And again you'll notice that these modules are massively used. This had 1.1 million downloads just this week. So it's being deployed across tons of infrastructure.

[00:09:42]
You know that it's being built well, it's being maintained well, it's being supported across tons of different situations. And so you'll get this value out of using one of these rather than building it yourself.