The previous chapter was especially fun: we were able to deploy Ubuntu in the cloud, utilizing Amazon Web Services (AWS). Deploying infrastructure in the cloud is very powerful and allows us to accomplish things that are not normally possible (or are very tedious) with physical infrastructure. We can spin up Ubuntu instances in minutes, and even set up auto-healing to cover us in situations that would normally result in complete service disruption.

This time around, we’re going to work with cloud deployments again, and check out an awesome tool called Terraform that will allow us to automate the provisioning of our cloud resources. We’ve already explored the concept of automation back in Chapter 15, Automating Server Configuration with Ansible, when we learned about the basics of Ansible. Terraform allows us to take our automation to the next level and even interact with providers such as AWS directly.

In this chapter...

Automation with regards to infrastructure is an expansive topic, and it easily deserves a book of its own. In fact, there are not only books dedicated to it but entire online courses as well. There are many different utilities you can use, each with its own pros and cons. We have configuration management tools, such as Ansible, Chef, and Puppet. We looked at Ansible earlier in the book and worked through some examples to see how powerful it is. When we worked with that earlier, I’m sure you immediately saw the benefit—not having to build a solution manually is a beautiful thing.

The importance of not having to build solutions manually cannot be overstated. Perhaps the most obvious benefit is the fact that it can save you hours, or even days of work. When I first started working in IT, setting up servers was always a manual task. Sure, you could create a Bash script and automate some tasks that way, but tools...

Terraform is an amazing tool created by a company called Hashicorp that can automate your infrastructure at a level lower than Ansible, Puppet, or other configuration management solutions. In fact, Terraform typically doesn’t replace those but complements them. With configuration management tools, we generally have to create the initial server and set up the operating system first before we can implement them. With Ansible, there are actually methods of using it to create infrastructure components, but that’s beyond the scope of the book.

Not only that, but while Ansible is able to create some types of infrastructure, that’s not what it does best. To understand where something like Terraform fits, it’s best to think of Terraform as making things exist and Ansible as taking things that already exist and ensuring they’re configured properly.

When it comes to Terraform itself...

The process of running Terraform and using it to provision your cloud resources is generally initiated on your local laptop or desktop. Terraform itself is downloaded from its website, and it’s available for all of the leading operating systems.

Unlike the majority of applications, there’s no installer. Terraform is run directly from the file you download; there’s no installation process to go through. You can install it system-wide if you want to do so, but you can run it from any directory you wish. Download files for Terraform are located at the following website: https://www.terraform.io/.

Once there, you should see a Download button:

Figure 20.1: The Terraform website

After clicking the Download button, you’ll see a new page that will offer Terraform for six different operating systems, including the usual suspects such as Linux, macOS, and Windows. Most likely, it will automatically select the operating system...

Let’s take a look at an example Terraform configuration file that will allow us to build an EC2 instance:

provider "aws" {
    region = "us-east-1"
}
resource "aws_instance" "my-server-1" {
    ami                                   = "ami-09d56f8956ab235b3"
    associate_public_ip_address = "true"
    instance_type                         = "t2.micro"
    key_name                              = "jay_ssh"
    vpc_security_group_ids                = [ "sg-0597d57383be308b0" ]
    tags = {
        Name = "Web Server 1"
    }
}

Terraform files are saved with a .tf filename extension, and as for the actual name, you can call it whatever you wish. I named mine terraform_example_1.tf. The underscores in the filename aren’t required but make it easier to use on the command line since you won’t have to escape spaces. I placed...

Security groups, as you learned in the previous chapter, allow you to control what is able to communicate with your resources. In the previous section, we reused the security group that we created last time, but it would be useful to understand how to create one from scratch.

Here’s the example Terraform file again, with some new code added:

provider "aws" {
    region = "us-east-1"
}
resource "aws_instance" "my-server-1" {
    ami                                   = "ami-09d56f8956ab235b3"
    associate_public_ip_address = "true"
    instance_type                         = "t2.micro"
    key_name                              = "jay_ssh"
    vpc_security_group_ids        = [   "${aws_security_group.external_access.id}" ]
    tags = {
        Name = "Web Server 1"
    }
}
  resource "aws_security_group" "external_access...

Although Terraform’s primary purpose is to create infrastructure, it can also be used to delete infrastructure as well. This function is known as a Terraform destroy. With destroy, Terraform will attempt to remove all infrastructure that’s defined in your configuration file. At this point, our configuration file creates an EC2 instance, as well as a security group. If we run destroy against it, then both resources will be removed.

Removing infrastructure with Terraform will likely be a use case you won’t utilize as often as creating resources. One of the values of the destroy functionality, though, is that you can use it to “reset” a test environment, by removing everything defined in the file. Then you’re free to use the same script to create everything again. On my end, I learn a lot faster by breaking things and fixing them repeatedly. You really shouldn’t run a destroy job against...

One of the best things about automation tools is that they can often be combined to offer a shared benefit. Ansible is one of my favorite tools: you can automate the installation of packages, the creation of users, the copying of files, or most other tasks you can think of. If you are able to perform a task on the command line, chances are Ansible can automate it. Terraform, as you just saw, is really good at creating new infrastructure and automating the initial setup of servers, as well as networks and settings for AWS and other platforms. If we combine the two, it gets even better.

I find the duo of Terraform and Ansible to be a great fit. Combining these two solutions works well in my experience; we can use Terraform to create our initial server and infrastructure builds, and then use Ansible to automate future enhancements. But it’s actually even better than that; we can configure Terraform to actually...

There are many configuration management and provisioning tools available for automating our infrastructure builds. In this chapter, we took a look at Terraform, and then we even combined it with Ansible, which we were already using. Using Terraform, we were able to automate the creation of an EC2 instance in AWS, along with a security group to control how it can be accessed. Terraform is a very large subject, and the concepts contained in this chapter are only the beginning. There’s so much more you can do with Terraform, and I highly recommend you keep practicing with it and coming up to speed.

In the next chapter, we’re going to learn some methods we can utilize to add additional security to our Ubuntu servers. While no server is bulletproof, there’s a basic level of security we can implement that will make it less likely for our server to be compromised. It will be a very important chapter, so you won’t want to miss it.

Join our community...