AWS Configuration for Resiliency

Questions and Answers

What does toggling between Taco Team Server 1 and Taco Team Server 2 indicate?

• The deployment is only partially successful.
• There is an error in the load balancer configuration.
• Both instances are running and responding correctly. (correct)
• The servers are undergoing maintenance.

Why is it important to treat the state data with respect?

• A corrupt state can lead to severe operational issues. (correct)
• State data is optional in Terraform configurations.
• It allows you to create new servers automatically.
• It avoids the need to read documentation.

What is the purpose of checking the documentation for the AWS provider?

• To ensure all resources have been deleted.
• To understand the commands for managing cluster scaling.
• To avoid using any third-party libraries.
• To find arguments and syntax for new resources. (correct)

What is being introduced regarding providers in the next module?

The process of adding another provider and managing versions. (A)

What is suggested about the use of provisioners?

They should probably be avoided. (D)

What is the primary concern with the current architecture setup?

It lacks resiliency. (B)

Why is adding a second availability zone beneficial?

It protects the application from a zone failure. (B)

Which component must be added to ensure both instances are accessible?

Load balancer (D)

What is a single point of failure in this architecture?

Using a single EC2 instance (D)

What is the first step in updating the architecture design?

Determining what new resources need to be added. (D)

What aspect should be maintained even when adding new resources according to John?

Readability of the code (C)

What is the purpose of updating configuration with new resources?

To improve architecture resiliency. (B)

What does adding locals, outputs, and variables contribute to the configuration?

Allows better management of resources. (B)

What is the purpose of adding an application load balancer in the updated architecture?

To serve as a public endpoint and direct traffic (A)

Why is it important to specify an availability zone for each subnet in the new architecture?

To ensure redundancy and fault tolerance (D)

Which resource is not explicitly needed for setting up the application load balancer?

aws_ec2_instance (C)

What is a more dynamic way to specify availability zones for subnets?

Using a data source to get a list of availability zones (A)

What is the recommended approach for moving configuration files in Terraform?

Organizing resources into separate dedicated files (B)

What should be done first when creating new resources for the load balancer?

Add comments to the configuration file (B)

Which documentation resource is mentioned as essential for configuring Terraform resources?

Terraform registry (C)

What is one of the first steps mentioned when using the Terraform AWS Provider?

Understanding how to authenticate to the provider (D)

Which resource is directly responsible for listening to traffic on port 80 for the load balancer?

aws_lb_listener (B)

What file is suggested to rename to 'network.tf' in the restructuring process?

main.tf (C)

Which method is emphasized for gaining information about Terraform resources?

Reading the documentation (D)

What is the primary benefit of splitting resources into separate files?

Enhanced code readability and reusability (D)

In the context of AWS architecture, what does EC2 stand for?

Elastic Compute Cloud (C)

What command should be used to remove a resource from Terraform management without destroying it?

terraform state rm (A)

What happens if you only remove a resource from the configuration without updating the state?

Terraform will destroy the resource on the next apply. (A)

Which command is recommended to ensure a Terraform configuration file is correctly formatted?

terraform fmt (B)

What is a reason WHY to avoid manually editing the state data in Terraform?

It can lead to confused state and resource management. (C)

Which of the following best describes the result of changing the ingress rules for a security group?

It can be updated in place. (A)

What should you check after altering the output for your Terraform resources?

Run terraform validate. (A)

What command allows you to see a summary of changes before applying them in your Terraform configuration?

terraform plan (A)

What is the main purpose of locking state data during operations in Terraform?

To prevent multiple changes that could conflict (B)

When using the terraform apply command, what does the ‑auto‑approve flag do?

Automatically accept changes without a prompt. (D)

Which of the following is NOT a supported remote back end for Terraform state data storage?

Google Cloud SQL (A)

Which of the following is NOT advisable when using Terraform to manage resources?

Directly modifying state files. (D)

What happens when an AWS instance is deleted manually and a plan run is executed in Terraform?

Terraform will plan to create the instance again and update the state data (C)

What should you expect if a resource's availability zone is changed in the configuration?

The resource will be deleted and recreated. (D)

How does Terraform identify the difference between a managed resource and a data source in the state file?

By the mode indicated in the state data (C)

When defining outputs, what should you ensure regarding the output name?

It should not use underscores. (C)

Which command is used to display all resources managed by Terraform?

terraform state list (A)

What command can you use to check the current resources and data sources in your state?

terraform state list (A)

Which option is a best practice when configuring and applying changes in Terraform?

Always run terraform validate before applying. (B)

What could result from removing an entry from the state data while the resource still exists in the target environment?

Terraform will plan to create a new resource in the environment (A)

When Terraform executes a plan run and identifies a missing configuration resource, what action does it take?

It attempts to create the resource in the target environment (B)

What is the purpose of the command terraform state show?

To display detailed information about a resource. (C)

What is indicated by the serial number in Terraform's state file?

The number of updates made to the state data (A)

How should users handle direct modifications to the terraform.tfstate file?

Changes should never be made directly to this file (A)

What is the purpose of workspaces in Terraform?

To allow multiple instances of a deployment with separate states (D)

What command is used to move an item in the state file to a different address?

terraform state mv (C)

What occurs during a plan run if the configuration no longer includes an existing resource?

Terraform will destroy the resource in the target environment (D)

Which element in the state file indicates the specific version of the state data format used?

Metadata section (D)

What is the purpose of the data source as described?

To provide information about availability zones (A)

Which argument can be specified to filter availability zones?

state (A)

What does the names attribute return from the data source?

A list of availability zone names (B)

How is the availability zone referenced in the configuration?

data.aws_availability_zones.available[0] (D)

How should the new variable for subnet blocks be defined?

As a list of strings (A)

Which element in the list is used to reference the second subnet's network?

1 (A)

What is the purpose of updating the existing security group for instances after adding a load balancer?

To allow traffic only from addresses within the VPC (D)

Which attribute must be set to false when configuring a public-facing load balancer?

internal (A)

What is one change made when adding the second subnet configuration?

Changing the availability zone to 1 (D)

What is done to differentiate the second instance for web pages?

Changing the echo command message (C)

What happens if the terraform state data is manually altered?

It may lead to unexpected behavior (A)

What is the primary reason for using a data source in this context?

To reduce manual input errors (D)

Which of the following is the correct identifier for an AWS instance resource in Terraform state data?

EC2 instance ID (C)

When updating subnet configurations, what is essential to reference?

The availability zone names (D)

What is the function of the 'aws_lb_listener' in Terraform configuration?

To handle incoming traffic on a specified port and protocol (B)

Which command is used in Terraform to apply the updated configuration to the environment?

terraform apply (B)

What is the correct format for defining the CIDR block list in the new variable?

[10.0.0.0/24, 10.0.1.0/24] (B)

What optimization can be made for adding multiple subnets?

Implementing looping constructs (C)

When adding a load balancer, which of the following properties must be included in the configuration?

target_group_arn (A)

How does Terraform determine what changes need to be made to the deployed environment?

By querying the deployment environment and comparing with state data (C)

Which AWS resource was primarily copied to create the second EC2 instance?

Existing EC2 instance (B)

For what reason might a second security group be created?

To permit port 80 traffic from anywhere (A)

What is the significance of the ingress block in a security group definition?

It allows traffic coming into the security group (A)

What value should the 'enable_deletion_protection' property have when configuring resources that might need to be easily deleted?

false (C)

Which of the following correctly describes a load balancer type in the configuration?

application (C)

What is the purpose of the tags argument in load balancer configuration?

To categorize and manage resources effectively (A)

What must be included in the subnets argument while configuring a load balancer?

A list of subnet IDs (B)

What should be done when creating a new security group for a load balancer?

Copy parameters from an existing group and modify them (B)

Flashcards

Availability Zone

A separate physical data center in an AWS region ensuring redundancy and failover capabilities.

Subnet

A logical grouping of network resources within a single availability zone. It serves as a building block for resource isolation and efficient network management.

EC2 Instance

A virtual machine in the cloud hosted on AWS, providing the foundation for application deployments. It delivers on-demand compute power with flexibility in configuration and scaling.

Load Balancer

A service that distributes incoming traffic across multiple instances, ensuring high availability and load balancing across your infrastructure.

Single Point of Failure

A single point of failure occurs when the failure of a single component will cause the entire system to fail. Eliminating these points improves overall reliability and redundancy.

High Availability

A common approach in cloud computing to ensure resilience by distributing your resources across multiple availability zones. This safeguards against a single zone's failure, ensuring continuous operation of your service.

Infrastructure Update Planning

Planning for potential challenges in deployment and ensuring a smooth transition to live environments. This helps to avoid disruptions and unexpected downtime.

Resilient Deployment

Creating a resilient deployment by incorporating redundant services and infrastructure components, ensuring continued operation even when a failure occurs.

CIDR Block

A block of IP addresses in your VPC that is associated with a subnet. It specifies the range of IPs available for your instances within that subnet.

Security Group

A resource that allows you to manage network traffic. It acts as a firewall, controlling inbound and outbound traffic.

Resource Block

A collection of related resources, such as your subnets, security groups, and instances.

AWS Availability Zones Data Source

A resource that provides you with a list of available zones within your region.

Availability Zone Argument

The setting that defines the subnet's location within an availability zone.

Availability Zone Name

Refers to the name of the availability zone.

Variables File (variables.tf)

A collection of variables used to manage and configure resources.,

Network Configuration File (network.tf)

A configuration file that defines resources like subnets, security groups, and instances.

Variable Substitution

A process for using variables to make code more flexible and reusable.

Route Table

A list of rules that control which traffic is permitted to enter or leave your resource.

Route Table Association

A process of associating a route table with a specific subnet. Allowing the subnet's traffic to follow the rules defined in the route table.

Nginx Web Server

A web server designed for serving static content. Often used for websites and other content.

ALB Security Group

A security group specific to an Application Load Balancer.

VPC-Only Security Group

A security group that allows traffic from within the same VPC, allowing for a secure communication environment.

Load Balancing

A process that automatically balances traffic between multiple instances, ensuring a consistent and efficient user experience.

Application Load Balancer (ALB)

A type of load balancer optimized for handling web applications, including HTTP and HTTPS traffic.

Target Group

A collection of targets for the load balancer to route traffic to, usually a group of EC2 instances.

Load Balancer Listener

An entry point into the load balancer, specifying the port, protocol, and rules for handling incoming traffic.

Load Balancer Listener Default Action

The action taken by a load balancer to forward traffic to a specific target group after receiving an incoming request.

Target Group Attachment

A mechanism for associating targets, such as EC2 instances, with a specific target group, enabling traffic routing to those targets.

Terraform State

A record of resources, data sources, and outputs managed by Terraform, used to track changes and ensure consistency during deployments. It acts as a memory of the infrastructure.

Terraform Execution Plan

A process of comparing the current state of the infrastructure with the configuration defined in Terraform, identifying changes needed to match the desired state.

Terraform Configuration File

A file containing configuration instructions for Terraform, defining the desired state of infrastructure.

Terraform Resource Deletion

The ability of Terraform to destroy and remove resources from the infrastructure when they are removed from the configuration.

Terraform State Refresh

Terraform's ability to query the deployment environment and refresh the state data, ensuring accuracy and consistency.

aws_availability_zone

The aws_availability_zone data source retrieves all available zones in the current region. This data source is essential for dynamically assigning subnets to different availability zones.

aws_lb_target_group

The aws_lb_target_group resource defines a group of targets, such as EC2 instances, that the load balancer can direct traffic to.

aws_lb_listener

The aws_lb_listener resource defines a listener that accepts incoming requests on a specific port (e.g., port 80 for HTTP traffic).

aws_lb_target_group_attachment

The aws_lb_target_group_attachment resource associates a target group with a specific instance or other load balancer target.

aws_lb

The aws_lb resource creates a classic application load balancer (ALB) which acts as a public endpoint for your application and directs traffic to the instances in the target group.

What is the aws_lb resource used for?

The aws_lb resource is used to create a classic application load balancer (ALB). This ALB handles incoming requests and directs traffic to the appropriate instances in the target group.

What does the aws_lb_listener resource do?

The aws_lb_listener resource listens for incoming requests on a specific port. For example, on port 80 for HTTP traffic.

What does the aws_lb_target_group_attachment resource do?

The aws_lb_target_group_attachment resource associates a specific target group with a specific target, such as an EC2 instance. It essentially connects the group to the servers that are part of it.

What does the aws_lb_target_group resource do?

The aws_lb_target_group resource defines a group of targets that the load balancer can direct traffic to. For example, this group could consist of multiple EC2 instances.

Why is the aws_availability_zone data source helpful in a Terraform configuration?

This aws_availability_zone data source can be used instead of defining separate availability zones. It works by listing the existing availability zones in the current region.

How does the aws_availability_zone data source contribute to more efficient deployments?

The aws_availability_zone data source allows dynamic assignment of subnets to different availability zones based on the available zones in the current region. This makes the configuration more efficient and flexible.

What is the primary benefit of using the aws_availability_zone data source?

The aws_availability_zone data source makes configurations more dynamic and efficient by avoiding manual configuration of availability zones. It automates the process of identifying and selecting available zones for resources.

How does the aws_lb_target_group_attachment resource enable traffic routing in a load balancer configuration?

The aws_lb_target_group_attachment resource allows you to associate specific targets, such as EC2 instances, with a target group. This connection ensures that the load balancer can direct traffic to the correct group of servers.

What is the role of the aws_lb_target_group_attachment resource in traffic routing?

The aws_lb_target_group_attachment resource forms a critical link between the load balancer and the target group. By associating the target group with specific targets, it enables the load balancer to direct traffic to the appropriate servers.

What is Terraform's state data?

Terraform's record of the configuration and deployment, essential for tracking changes and restoring infrastructure. A corrupted state file can lead to problems.

What are provisioners in Terraform?

A feature that enables you to apply code to a resource after it's been created. It's best to avoid them as their implementation is more complex.

What is a variables file (variables.tf)?

A configuration file used in Terraform to store variables that affect resource settings. This makes your code more flexible and reusable.

What is variable substitution?

A way to enhance code flexibility by using variables instead of hardcoded values. It allows you to easily modify settings without changing the code itself.

What does a route table do?

A collection of rules defining traffic flow within a subnet, allowing or blocking specific traffic based on defined criteria like protocols and ports.

Terraform First principle

Using Terraform commands to manage changes, ensuring consistency and preventing conflicts. Avoid manually editing the state data or using the cloud console for configurations.

terraform validate

Terraform's command that checks for syntax errors and potential issues in your configuration files.

terraform fmt

Terraform's command to format configuration files, ensuring consistent coding style and readability.

terraform plan

The process of testing your Terraform changes before applying them to the cloud environment. This can help you identify potential problems early and prevent unintended consequences.

terraform apply

A Terraform command to apply planned changes to the cloud infrastructure, creating, updating, or deleting resources.

terraform state list

A Terraform command to list the resources and data sources that are part of your state data.

terraform state show

A Terraform command to show more information about a specific resource or data source in the state data.

Removing a Terraform resource without destroying it

The process of removing a resource from Terraform management without destroying it in the cloud.

load balancer name

The name given to a load balancer in the Terraform configuration.

Load Balancer's DNS name

The address used to access the application load balancer from the internet.

dns_name

The attribute that holds the DNS name of the load balancer in the terraform state data.

terraform apply -auto-approve

A flag that can be used with the terraform apply command to automatically approve changes without prompting the user.

Updating Terraform configuration

The process of updating or modifying your Terraform configuration to reflect changes in your cloud infrastructure or requirements.

Terraform plan output

A visual representation of the proposed changes that Terraform will make to your infrastructure.

Terraform state Data

A data structure used by Terraform to track the state of infrastructure managed by it. It stores information about resources, their configurations, and their IDs in the target environment.

Terraform Workspace

A feature that enables Terraform to work with multiple instances of a deployment, each with its own independent state data, allowing for separate configurations and deployments.

Terraform State Lock

A mechanism that prevents concurrent modifications to the state data, ensuring data integrity and consistency, especially when multiple users work on the same infrastructure.

Remote State Backend

Refers to storing Terraform state data in centralized locations such as cloud storage or a remote server, enabling collaboration, backup, and improved accessibility.

Greenfield Scenario

When a resource is missing from the state data, Terraform will create it in the target environment and then update the state data accordingly.

Resource Deletion from Target Environment

When a resource exists in your configuration and state but is deleted from the target environment, Terraform will detect this discrepancy and plan to recreate the resource.

Resource Removed from Configuration

When a resource is removed from the configuration but is still present in the state data and target environment, Terraform will plan to destroy the resource and then remove its entry from the state data.

Resource Missing from State Data

When a resource exists in your configuration and target environment but is missing from the state data, Terraform will plan to create a new resource in the target environment and then add an entry to the state data.

Data Source in Terraform state

A special type of resource that retrieves data from an external source, like a database or API, and makes it available within your Terraform configuration,

terraform state list Command

A Terraform command used to list all the resources managed by Terraform, providing a comprehensive overview of your infrastructure.

terraform state show Command

A Terraform command that provides detailed information about a specific resource in the state data, including its attributes and configuration.

terraform state mv Command

A Terraform command that allows you to move a resource to a different location within the state file. Useful for renaming or reorganizing your infrastructure resources.

terraform.tfstate File

A file that stores important metadata about the Terraform state data, such as version information, serial numbers, and lineage details.

Terraform's Goal: Bringing Reality into Alignment with your Configuration

Terraform's primary goal is to ensure that the resources in target environments match the configurations defined in your Terraform code. It plans changes and applies them to make reality match your expectations.

Directly Editing the Terraform State File

Directly editing the Terraform state file is generally not recommended due to the risk of corrupting the data and causing unexpected behavior in your infrastructure.

Study Notes

Updating Configuration for Resiliency

• Updated architecture for production deployment, moving from a single EC2 instance to a more resilient design with two availability zones, two instances, and a load balancer.
• Two separate subnets in distinct availability zones, providing fault tolerance.
• Two identical EC2 instances, one per subnet, for redundancy.
• Application Load Balancer for routing traffic to instances.
• Configuration files reorganized in network.tf, load_balancer.tf, and instances.tf for modularity.

Adding New Resources

• Used aws_availability_zones data source to dynamically retrieve AZs, avoiding hardcoding values.
• Required resources: aws_lb (Load Balancer), aws_lb_target_group, aws_lb_listener, aws_lb_target_group_attachment.
• Added placeholders for load balancer resources in load_balancer.tf.
• Migrated instance configuration and aws_ssm_parameter data source to instances.tf.

Utilizing Documentation

• Emphasized using HashiCorp provider documentation (developer.hashicorp.com/terraform, registry.terraform.io).
• Used relevant AWS documentation, especially for accessing details of specific aws provider resources like aws_availability_zone and aws_lb.
• Utilized example usage and parameter/attribute references to ensure accurate resource configurations.
• Sourced, copied, and adapted example code from documentation instead of reinventing.

Network and Instance Configuration

• Modified subnet resources to include availability_zone using the dynamically obtained data from aws_availability_zones data source.
• Modified vpc_public_subnets_cider_block variable to a list of strings to support multiple CIDR blocks.
• Updated subnet configurations to use appropriate elements from the list.
• Created a secondary subnet, route table association, and EC2 instance within the network.tf and instances.tf files.

Load Balancer Resources

• Updated and copied loadbalancer resource from documentation.
• Specified globo_web_alb as the load balancer name.
• Defined application load balancer type and false for internal.
• Changed the security group list to nginx_alb_sg.
• Added subnet IDs to the subnets list using .id attribute.
• Added and configured aws_lb_target_group, aws_lb_listener, and aws_lb_target_group_attachment resources referencing the load balancer and target group.
• Configured target_group_attachment resource IDs for each EC2 instance.

Working with State Data

• State data maps configuration to the deployment environment, managing resource changes and deletion.
• Storage format is JSON, not to be manually altered.
• Terraform commands (terraform state list, show, mv, rm) to interact safely instead of directly editing the state file.
• Maintaining Terraform's configuration as the primary source of truth.
• Using Terraform to automatically manage changes from configuration to the target environment.

Deploying the Updated Architecture

• Performed configuration validation (terraform validate) before applying changes.
• Applied updates to the target environment (terraform apply).
• Fixed name error related to underscores in load balancer, correcting the name to use hyphens.

Updating Outputs

• Updated output to display aws_alb_public_dns instead of aws_instance.

• Obtained load balancer DNS using terraform state show aws_lb.nginx and adjusted output accordingly.

• Summary of Key Concepts*

• Resiliency: Adding multiple availability zones, instances, and a load balancer to enhance the system's resistance to failures.

• Modularity: Structuring configuration files (network.tf, load_balancer.tf, instances.tf) for improved organization and potential reuse.

• Dynamic Data: Leveraging aws_availability_zones for dynamic data retrieval, which avoids hard-coding.

• Documentation: Using and referencing the official Terraform and AWS provider documentation for accurate resource definitions.

• Terraform State: Understanding how Terraform state maps configuration to the deployment environment and managing the state via commands.