Enterprise DevOps & Cloud Infrastructure

Terraform Cloud Setup

Erik Reinert

Erik Reinert

Enterprise DevOps & Cloud Infrastructure

Check out a free preview of the full Enterprise DevOps & Cloud Infrastructure course

The "Terraform Cloud Setup" Lesson is part of the full, Enterprise DevOps & Cloud Infrastructure course featured in this preview video. Here's what you'd learn in this lesson:

Erik sets up a Terraform Cloud account and generates an API token for accessing the Terraform Cloud API. The API token is added to Doppler.


Transcript from the "Terraform Cloud Setup" Lesson

>> So once we've got that, we're actually okay with GitHub for right now, right? Cuz what we're really trying to do, is we're just trying to set up everything so we don't have to think about it later, okay? So we've set up Doppler, right? We've set up GitHub, and now we wanna set up Terraform Cloud, right?

So the next thing you're gonna wanna do is you're gonna wanna navigate to your Terraform Cloud account. So it's like app.terraform.io. Now again, I already have workspaces in here, but this is an example of what Terraform Cloud looks like. You've got a lot of the fundamentals in your mind now.

So this should make a little sense, right, of what these workspaces are, what resources they manage, right? As you'll notice in my existing resources I have a cache, right? This is all my cache resources. Here's my cluster resources. And you'll notice that I have, why is Bulbasaur in there?

>> Right, that's how I version my infrastructure. So instead of Version 1, Version 2, I got nerdy with it and I said, all of my versions are off of Pokemon. So technically, this cluster is the first version of the AWS cluster for dev. Why do we do that?

Why do we version our clusters like that? Well, it makes it so that I can have multiple clusters per environment, right? So if I wanted to have an active and a passive cluster, right, this is where these workspaces really come into play. I could have an AWS cluster bulbasaur, or AWS cluster active-dev, AWS cluster passive-dev, right?

Each workspace manages its own cluster, and then when I wanna shift between one to the other, I just change the name, right? So having good naming conventions is really crucial when it comes to setting up resources. Another thing you'll notice is what's the first thing you read in my workspaces?

That answers what question?
>> Provider.
>> Exactly, so if I was a developer and I came in here and I said, where are they? Where, Amazon. What, cache. When, Bulbasaur, right? So you've got where, what, and when, basically, all in your naming conventions. This is crucial to scale.

It is, it really is. Naming is crucial. Knowing what is something and what that name is, is very, very crucial, because it makes it easier for people to find things, yep.
>> So this first time into Terraform Cloud, it gives you the option to pick between provisioning example resources for a new user, creating a new organization with a blank slate.

>> Create a new org with blank slate, yeah, go ahead and do that, yeah, yeah. So if you do get asked to create a new org, just create an organization, make it your own name that you want. Basically get to the point where you have a blank page with just what you see here without any resources in it, yeah.

And again, you can see here, hey, look at that! Even I have a GitHub and a TFE, right? And this is because, again, I follow that same mentality of automate everything. The next thing we wanna do, is we actually wanna create a token. All we're doing right now is just setting up our environment, so we gotta have access to everything when we go to start creating our automation.

So I'm gonna click up in the top here on my little profile, and then I'm gonna click User Settings. Now, there's two ways to create tokens in Terraform Cloud, but there's a caveat in one way, which is a token cannot manage itself. Does that make sense? Does anyone know maybe why a token cannot manage itself?

>> Because it'll expire?
>> Sure, well, it could delete itself, right? It could manipulate or change things and things like that. And so, if you wanted to, there is actually a way in Terraform Cloud to create tokens for organizations. But they don't let you manage everything because the user is what has complete access to everything in Terraform Cloud.

So this is a little bit of a caveat here, which is, if you want to manage teams and higher level resources, it actually is just easier to create a user token. Because this is like the admin of the admin, essentially, and it has access to every org, every permission.

This is something I ran into. So we're gonna go to tokens for our user, and then we're gonna click Create an API Token, right? I'm gonna type in my token, example token. 90 days again, set an expiration, right? Then I'm gonna generate token. Now, there's my token, right?

There's a button right here that allows me to copy that token. So I'm gonna click Copy, and then I'm gonna click Delete so that no one can delete anything. And then I'm gonna go back, once again, to Doppler. And Just like we did with Github, I'm gonna go to My Project, and I'm gonna add another token, two technically, sorry, one TFE token, and we're gonna paste the value there, and then another one is TF_Token_App_Terraform_io.

Now you might be like, why do we have both of these with the same value? It's because one is for native connection to Terraform Cloud, whereas the second one is using it with the provider, all right? So the first one is to make sure that the TFE token can actually access everything, but when we run it with Terraform itself, it uses TFE token underscore app provider, because Terraform actually allows you to have your own hosting service if you wanted.

So they make it so that this is how you target which Terraform cloud you're trying to talk to, essentially, and what key you're using. And since we're using the official TerraForm cloud, we just use App_TerraForm_IO, so.
>> Is that for the runner itself?
>> What's that?
>> Is that for the runner?

>> Well, we're gonna be doing runs locally, but yeah, it's for the runner itself, yeah. And again, as far as I know, this is still required. It might not be, but we're just gonna add there just to be safe, right? So I'm gonna do this again, 12345, 123456, right?

I'm gonna save, and save.

Learn Straight from the Experts Who Shape the Modern Web

  • In-depth Courses
  • Industry Leading Experts
  • Learning Paths
  • Live Interactive Workshops
Get Unlimited Access Now