Terraform Cheat Sheet PDF
Document Details
Uploaded by PreciseBaltimore
Aalborg University
Tags
Summary
This document is a Terraform cheat sheet, providing summaries of Terraform Cloud, various Infrastructure as Code (IAC) tools, and an introduction to HCL (Hashicorp Configuration Language). It includes examples and commands for initializing and using Terraform.
Full Transcript
Multiple Choice Quiz Certification Details 60 Minutes 70.50 USD Valid for 2 years Multiple Choice Questions Online proctored Multiple Options No VM’s True/False PSI Secure Browser ~57 questions No Addit...
Multiple Choice Quiz Certification Details 60 Minutes 70.50 USD Valid for 2 years Multiple Choice Questions Online proctored Multiple Options No VM’s True/False PSI Secure Browser ~57 questions No Additional Monitors / Headphones Webcam, Speakers and Microphone ON Quiet, well lit and clean room Register https://www.hashicorp.com/certification/terraform-associate Multiple Choice Quiz Introduction to Terraform Cloud Terraform Cloud Physical Machines.tf files terraform.tfstate VMWare AWS GCP Azure Terraform Cloud Version Control.tf files terraform.tfstate Terraform Cloud 1.0 0.12 Terraform Cloud Shared State Consistent and Reliable Environment UI Interface Secret Management Access Controls Private Registry Policy Controls Multiple Choice Quiz Terraform Cloud Plans https://www.hashicorp.com/products/terraform/pricing Terraform Cloud FREE PLAN TEAM PLAN TEAM and GOVERNANCE Remote State Team Management Team Management Remote Operations Policy as Code (Sentinel) Private Module Registry Policy Enforcement Community Support Cloud SLA and Support Terraform Cloud BUSINESS SSO Custom Concurrency Self-hosted options Premium Support Multiple Choice Quiz Recap - Infrastructure as Code Types of IAC Tools Types of IAC Tools Configuration Management Server Templating Provisioning Tools Types of IAC Tools Configuration Management Designed to Install and Manage Software Maintains Standard Structure Version Control Idempotent Server Templating Tools Pre Installed Software and Dependencies Virtual Machine or Docker Images Immutable Infrastructure Provisioning Tools Deploy Immutable Infrastructure resources Servers, Databases, Network Components etc. Multiple Providers Which IaC Tools Should I Use? ec2.yaml - name: Provision AWS Resources Configuration Management hosts: localhost tasks: - name: provision EC2 instances using Ansible ec2: key_name: appserver instance_tags: Name: appserver instance_type: t2.micro image: ami-0d8ad3ab25e7abc51 region: ca-central-1 wait: yes count: 2 Which IaC Tools Should I Use? ec2.yaml - name: Provision AWS Resources Configuration Management hosts: localhost tasks: - name: provision EC2 instances using Ansible ec2: key_name: appserver instance_tags: Name: appserver instance_type: t2.micro image: ami-0d8ad3ab25e7abc51 region: ca-central-1 wait: yes count: 2 > ansible-playbook ec2.yaml.. PLAY RECAP ************************************************************************* localhost : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 Which IaC Tools Should I Use? ec2.yaml - name: Provision AWS Resources Configuration Management hosts: localhost tasks: - name: provision EC2 instances using Ansible ec2: key_name: appserver instance_tags: Name: appserver instance_type: t2.micro image: ami-0d8ad3ab25e7abc51 region: ca-central-1 wait: yes count: 2 > ansible-playbook ec2.yaml.. PLAY RECAP ************************************************************************* localhost : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 Which IaC Tools Should I Use? ec2.yaml - name: Provision AWS Resources Configuration Management hosts: localhost tasks: - name: provision EC2 instances using Ansible ec2: key_name: appserver instance_tags: Name: appserver instance_type: t2.micro image: ami-0d8ad3ab25e7abc51 region: ca-central-1 wait: yes count: 2 exact_count: 2 count_tag: Name: appserver - name: Delete Instances ec2: state: 'absent’ instance_ids: '{{ ec2.instance_ids }}' Which IaC Tools Should I Use? ec2.tf resource "aws_instance" "app" { Provisioning Tools ami = "ami-0d8ad3ab25e7abc51" instance_type = "t2.micro" count = 2 key_name = "appserver" tags = { Name = "appserver" } } > terraform apply.... No changes. Your infrastructure aws_instance.app: matchesafter Creation complete the configuration. 33s [id=i-014c93c14e12a6442] aws_instance.app: Creation complete after 33s [id=i-0fc7d85da32d24c63] Terraform has compared your real infrastructure against your configuration and terraform.tfstate found no differences, Apply complete! so no2changes Resources: added, are needed.0 destroyed. 0 changed, Apply complete! Resources: 0 added, 0 changed, 0 destroyed. Which IaC Tools Should I Use? ec2.tf resource "aws_instance" "app" { Provisioning Tools ami = "ami-0d8ad3ab25e7abc51" instance_type = "t2.micro" count = 2 key_name = "appserver" tags = { Name = "appserver" } } > terraform destroy.. aws_instance.app: Destroying... [id=i-0fc7d85da32d24c63] aws_instance.app: Destroying... [id=i-014c93c14e12a6442]. terraform.tfstate aws_instance.app: Destruction complete after 50s Destroy complete! Resources: 2 destroyed. Which IaC Tools Should I Use? Physical Machines VMWare AWS GCP Azure Multiple Choice Quiz Installing Terraform & HCL Basics >_ $ wget https://releases.hashicorp.com/terraform/0.13.0/terraform_0.13.0_linux_amd64.zip $ unzip terraform_0.13.0_linux_amd64.zip $ mv terraform /usr/local/bin $ terraform version Terraform v0.13.0 HCL – Declarative Language local.tf resource "local_file" "pet" { filename = "/root/pets.txt" content = "We love pets!" } local=provider file=resource Block Resource Resource Name Type Name filename content local.tf resource "local_file" "pet" { { filename = "/root/pets.txt" Arguments content = "We love pets!" } aws=provider instance=resource Block Resource Resource Name Type Name ami instance_type aws.tf resource "aws_instance" "web" {{ ami = "ami-0c2f25c1f66a1ff4d" Arguments instance_type = "t2.micro" } aws-s3.tf resource "aws_s3_bucket" "data" { bucket = "webserver-bucket-org-2207" acl = "private" } Resource local.tf resource "local_file" "pet" { filename = "/root/pets.txt" content = "We love pets!" } Init Plan Apply local.tf resource "local_file" "pet" { filename = "/root/pets.txt" content = "We love pets!" } >_ $ terraform init Initializing the backend... Initializing provider plugins... - Finding latest version of hashicorp/local... - Installing hashicorp/local v1.4.0... - Installed hashicorp/local v1.4.0 (signed by HashiCorp) The following providers do not have any version constraints in configuration, so the latest version was installed. To prevent automatic upgrades to new major versions that may contain breaking changes, we recommend adding version constraints in a required_providers block in your configuration, with the constraint strings suggested below. * hashicorp/local: version = "~> 1.4.0" Terraform has been successfully initialized! >_ $ terraform plan Refreshing Terraform state in-memory prior to plan... The refreshed state will be used to calculate this plan, but will not be persisted to local or remote state storage. ------------------------------------------------------------------------ An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # local_file.pet will be created + resource "local_file" "pet" { + content = "We love pets!" + directory_permission = "0777" + file_permission = "0777" + filename = "/root/pets.txt" + id = (known after apply) } Plan: 1 to add, 0 to change, 0 to destroy. ------------------------------------------------------------------------ Note: You didn't specify an "-out" parameter to save this plan, so Terraform can't guarantee that exactly these actions will be performed if "terraform apply" is subsequently run. >_ $ terraform apply An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # local_file.pet will be created + resource "local_file" "pet" { + content = "We love pets!" + directory_permission = "0777" + file_permission = "0777" + filename = "/root/pets.txt" + id = (known after apply) } Plan: 1 to add, 0 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes local_file.new_file: Creating... local_file.new_file: Creation complete after 0s [id=521c5c732c78cb42cc9513ecc7c0638c4a115b55] Apply complete! Resources: 1 added, 0 changed, 0 destroyed. $ cat /root/pets.txt We love pets! >_ $ terraform apply –auto-approve An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # local_file.pet will be created + resource "local_file" "pet" { + content = "We love pets!" + directory_permission = "0777" + file_permission = "0777" + filename = "/root/pets.txt" + id = (known after apply) } Plan: 1 to add, 0 to change, 0 to destroy. local_file.new_file: Creating... local_file.new_file: Creation complete after 0s [id=521c5c732c78cb42cc9513ecc7c0638c4a115b55] Apply complete! Resources: 1 added, 0 changed, 0 destroyed. $ cat /root/pets.txt We love pets! >_ $ terraform show # local_file.pet: resource "local_file" “pet" { content = "We love pets!" directory_permission = "0777" file_permission = "0777" filename = "/root/pets.txt" id = "cba595b7d9f94ba1107a46f3f731912d95fb3d2c" } local.tf resource "local_file" "pet" { filename = "/root/pets.txt" Arguments content = "We love pets!" } provider resource_type Argument-1 Argument-1 Argument-1 Argument-1 Argument-1 Argument-1 Arguments Argument-2 Argument-2 Argument-2 Argument-2 Argument-2 Argument-2 Argument-X Argument-X Argument-X Argument-X Argument-X Argument-X https://registry.terraform.io/providers/hashicorp/local/latest/docs provider Local provider resource_type local_file filename (required) Content (optional) Arguments file_permission (optional) directory_permission (optional) sensitive_content (optional) content_base64 (optional) Multiple Choice Quiz Update and Destroy Infrastructure >_ $ terraform plan local_file.pet: Refreshing state... [id=5f8fb950ac60f7f23ef968097cda0a1fd3c11bdf] ---------------------------------------------------------------------- local.tf An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: resource "local_file" "pet" { -/+ destroy and then create replacement filename = "/root/pets.txt" Terraform will perform the following actions: content = "We love pets!" # local_file.pet must be replaced file_permission = "0700" -/+ resource "local_file" "pet" { content = "We love pets!" } directory_permission = "0777" ~ file_permission = "0777" -> "0700" # forces replacement filename = "/root/pet.txt" ~ id = "5f8fb950ac60f7f23ef968097cda0a1fd3c11bdf" -> (known after apply) } Plan: 1 to add, 0 to change, 1 to destroy. ---------------------------------------------------------------------- Note: You didn't specify an "-out" parameter to save this plan, so Terraform can't guarantee that exactly these actions will be performed if "terraform apply" is subsequently run. >_ $ terraform apply local_file.pet: Refreshing state... [id=fefacccdae259f25533749abfb90e27558256459] local.tf -/+ destroy and then create replacement resource "local_file" "pet" {. filename = "/root/pets.txt". content = "We love pets!" Plan: 1 to add, 0 to change, 1 to destroy. file_permission = "0700" Do you want to perform these actions? } Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes local_file.pet: Destroying... [id=fefacccdae259f25533749abfb90e27558256459] local_file.pet: Destruction complete after 0s local_file.pet: Creating... local_file.pet: Creation complete after 0s [id=fefacccdae259f25533749abfb90e27558256459] Apply complete! Resources: 1 added, 0 changed, 1 destroyed. >_ $ terraform destroy local_file.pet: Refreshing state... [id=5f8fb950ac60f7f23ef968097cda0a1fd3c11bdf] An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: - destroy Terraform will perform the following actions: # local_file.pet will be destroyed - resource "local_file" "pet" { - content = "My favorite pet is a gold fish" -> null - directory_permission = "0777" -> null - file_permission = "0700" -> null - filename = "/root/pet.txt" -> null - id = "5f8fb950ac60f7f23ef968097cda0a1fd3c11bdf" - > null } Plan: 0 to add, 0 to change, 1 to destroy. Do you really want to destroy all resources? Terraform will destroy all your managed infrastructure, as shown above. There is no undo. Only 'yes' will be accepted to confirm. Enter a value: yes local_file.pet: Destroying... [id=5f8fb950ac60f7f23ef968097cda0a1fd3c11bdf] local_file.pet: Destruction complete after 0s Destroy complete! Resources: 1 destroyed. >_ [terraform-local-file]$ ls /root/terraform-local-file local.tf local.tf cat.tf resource "local_file" "pet" { resource "local_file" "cat" { filename = "/root/pets.txt" filename = "/root/cat.txt" content = "We love pets!" content = "My favorite pet is Mr. Whiskers" } } local.tf cat.tf resource "local_file" "cat" { resource "local_file" "pet" { filename = "/root/cat.txt" filename = "/root/pets.txt" content = "My favorite pet is Mr. Whiskers" content = "We love pets!" } } main.tf File Name Purpose Main configuration file containing resource main.tf definition variables.tf Contains variable declarations outputs.tf Contains outputs from resources provider.tf Contains Provider definition terraform.tf Configure Terraform behaviour Multiple Choice Quiz Recap Using Terraform Providers >_ $ terraform init Official Verified Community registry.terraform.io >_ >_ $ terraform init $ ls /root/terraform-local-file/.terraform Initializing the backend... plugins Initializing provider plugins... - Finding latest version of hashicorp/local... - Installing hashicorp/local v2.0.0... - Installed hashicorp/local v2.0.0 (signed by HashiCorp) The following providers do not have any version constraints in configuration, so the latest version was installed. To prevent automatic upgrades to new major versions that may contain breaking changes, we recommend adding version constraints in a required_providers block in your configuration, with the constraint strings suggested below. * hashicorp/local: version = "~> 2.0.0" Terraform has been successfully initialized! To prevent automatic upgrades to new maj contain breaking changes, we recommend adding version con required_providers block in your configuration, with the constrai below. * hashicorp/local: version = "~> 2.0.0" Organizational Type Namespace To prevent automatic upgrades to new maj contain breaking changes, we recommend adding version con required_providers block in your configuration, with the constrai below. * registry.terraform.io/ hashicorp/loc Hostname Organizational Ty Namespace Multiple Choice Quiz Multiple Providers main.tf resource "local_file" "pet" { filename = "/root/pets.txt" content = "We love pets!" } resource "random_pet" "my-pet" { prefix = "Mrs" separator = "." length = "1" } >_ $ terraform init Initializing the backend... Initializing provider plugins... - Using previously-installed hashicorp/local v2.0.0 - Finding latest version of hashicorp/random... - Installing hashicorp/random v2.3.0... - Installed hashicorp/random v2.3.0 (signed by HashiCorp) The following providers do not have any version constraints in configuration, so the latest version was installed. To prevent automatic upgrades to new major versions that may contain breaking changes, we recommend adding version constraints in a required_providers block in your configuration, with the constraint strings suggested below. * hashicorp/local: version = "~> 2.0.0" * hashicorp/random: version = "~> 2.3.0" Terraform has been successfully initialized! >_ $ terraform plan Refreshing Terraform state in-memory prior to plan... The refreshed state will be used to calculate this plan, but will not be persisted to local or remote state storage. local_file.pet: Refreshing state... [id=d1a31467f206d6ea8ab1cad382bc106bf46df69e].. # random_pet.my-pet will be created + resource "random_pet" "my-pet" { + id = (known after apply) + length = 1 + prefix = "Mrs" + separator = "." } Plan: 1 to add, 0 to change, 0 to destroy. >_ $ terraform apply local_file.new_file: Refreshing state... [id=d1a31467f206d6ea8ab1cad382bc106bf46df69e] An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # random_pet.my-pet will be created + resource "random_pet" "my-pet" { Mrs.hen + id = (known after apply) + length = 1 + prefix = "Mrs" + separator = "." } Plan: 1 to add, 0 to change, 0 to destroy. random_pet.my-pet: Creating... random_pet.my-pet: Creation complete after 0s [id=Mrs.hen] Apply complete! Resources: 1 added, 0 changed, 0 destroyed. main.tf resource "random_string" "server-suffix" { length = 6 upper = false special = false } id=6r923x resource "aws_instance" "web" { ami = "ami-06178cf087598769c" instance_type = "m5.large" tags = { Name = "web-${random_string.server-suffix.id}" } } Name = web-6r923x Multiple Choice Quiz Version Constraints main.tf >_ resource "local_file" "pet" { $ terraform init filename = "/root/pet.txt" Initializing the backend... content = "We love pets!" Initializing provider plugins... } - Finding latest version of hashicorp/local... - Installing hashicorp/local v1.4.0... - Installed hashicorp/local v1.4.0 (signed by HashiCorp) The following providers do not have any version constraints in configuration, so the latest version was installed. To prevent automatic upgrades to new major versions that may contain breaking changes, we recommend adding version constraints in a required_providers block in your configuration, with the constraint strings suggested below. * hashicorp/local: version = "~> 1.4.0" Terraform has been successfully initialized! main.tf resource "local_file" "pet" { filename = "/root/pet.txt" content = "We love pets!" } main.tf resource "local_file" "pet" { filename = "/root/pet.txt" content = "We love pets!" } main.tf resource "local_file" "pet" { filename = "/root/pet.txt" content = "We love pets!" } main.tf terraform { required_providers { local = { source = "hashicorp/local" version = "1.4.0" } } } resource "local_file" "pet" { filename = "/root/pet.txt" content = "We love pets!" } main.tf >_ terraform { $ terraform init required_providers { Initializing the backend... local = { Initializing provider plugins... source = "hashicorp/local" - Finding hashicorp/local versions matching "1.4.0"... - Installing hashicorp/local v1.4.0... version = "1.4.0" - Installed hashicorp/local v1.4.0 (signed by HashiCorp) } Terraform has been successfully initialized! } } You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All resource "local_file" "pet" { Terraform commands filename = "/root/pet.txt" should now work. content = "We love pets!" If you ever set or change modules or backend configuration for } Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary. main.tf >_ terraform { $ terraform init required_providers { Initializing the backend... local = { Initializing provider plugins... source = "hashicorp/local" - Finding hashicorp/local versions matching "> 1.2.0, < version version == "1.4.0" "> "< "!=1.2.0, 1.4.0" 1.1.0" 2.0.0"< 2.0.0, != 1.4.0" 2.0.0, != 1.4.0"... } - Installing hashicorp/local v1.3.0... } - Installed hashicorp/local v1.3.0 (signed by HashiCorp) } Terraform has been successfully initialized! resource "local_file" "pet" { filename = "/root/pet.txt" content = "We love pets!" } main.tf >_ terraform { $ terraform init required_providers { Initializing the backend... local = { Initializing provider plugins... source = "hashicorp/local" - Finding hashicorp/local versions matching "~> version version === "1.4.0" version "> "!=1.2.0, "< "~> 2.0.0"< 2.0.0, != 1.4.0" 1.4.0" 1.1.0" 1.2" 1.2.0" 1.2.0"... } - Installing hashicorp/local v1.2.2... } - Installed hashicorp/local v1.2.2 (signed by HashiCorp) } Terraform has been successfully initialized! resource "local_file" "pet" { filename = "/root/pet.txt" content = "We love pets!" } Multiple Choice Quiz Aliases main.tf resource "aws_key_pair" "alpha" { key_name = "alpha" public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3……alpha@a-server" } resource "aws_key_pair" "beta" { key_name = "beta" provider.tf public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3………beta@b-server" provider "aws" { provider =. aws.central region = "us-east-1" } } provider "aws" { region = "ca-central-1“ alias = "central" } >_ $ terraform show # aws_key_pair.alpha: resource "aws_key_pair" "alpha" { arn = "arn:aws:ec2:us-east-1::key-pair/alpha" fingerprint = "d7:ff:a6:63:18:64:9c:57:a1:ee:ca:a4:ad:c2:81:62" id = "alpha" key_name = "alpha" public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3F6tyPEFEzV0LX3X8BsXdMsQz1x2cEikKDEY0aIj41qgxMCP/iteneqXSIFZBp5vizPvaoIR3Um9xK7PGoW8gi upGn+EPuxIA4cDM4vzOqOkiMPhz5XK0whEjkVzTo4+S0puvDZuwIsdiW9mxhJc7tgBNL0cYlWSYVkz4G/fslNfRPW5mYAM49f4fhtxPb5ok4Q2Lg9dPKV HO/Bgeu5woMc7RY0p1ej6D4CKFE6lymSDJpW0YHX/wqE9+cfEauh7xZcG0q9t2ta6F6fmX0agvpFyZo8aFbXeUBr7osSCJNgvavWbM/06niWrOvYX2xwW dhXmXSrbX8ZbabVohBK41 alpha@a-server" tags_all = {} } # aws_key_pair.beta: resource "aws_key_pair" "beta" { arn = "arn:aws:ec2:ca-central-1::key-pair/beta" fingerprint = "d7:ff:a6:63:18:64:9c:57:a1:ee:ca:a4:ad:c2:81:62" id = "beta" key_name = "beta" public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3F6tyPEFEzV0LX3X8BsXdMsQz1x2cEikKDEY0aIj41qgxMCP/iteneqXSIFZBp5vizPvaoIR3Um9xK7PGoW8gi upGn+EPuxIA4cDM4vzOqOkiMPhz5XK0whEjkVzTo4+S0puvDZuwIsdiW9mxhJc7tgBNL0cYlWSYVkz4G/fslNfRPW5mYAM49f4fhtxPb5ok4Q2Lg9dPKV HO/Bgeu5woMc7RY0p1ej6D4CKFE6lymSDJpW0YHX/wqE9+cfEauh7xZcG0q9t2ta6F6fmX0agvpFyZo8aFbXeUBr7osSCJNgvavWbM/06niWrOvYX2xwW dhXmXSrbX8ZbabVohBK41 beta@b-server" tags_all = {} } Multiple Choice Quiz Define Input Variables main.tf variables.tf resource "local_file" "pet" { variable "filename" { filename = "/root/pets.txt" default = "/root/pets.txt" content = "We love pets!" } variable "content" { } default = "We love pets!" } resource "random_pet" "my-pet" { variable "prefix" { prefix = "Mrs" default = "Mrs" separator = "." } length = "1" variable "separator" { } default = "." } variable "length" { default = "1" } main.tf variables.tf resource "local_file" "pet" { variable "filename" { filename = var.filename "/root/pets.txt" default = "/root/pets.txt" var.content content = "We love pets!" } variable "content" { } default = "We love pets!" } resource "random_pet" "my-pet" { variable "prefix" { prefix = var.prefix "Mrs" default = "Mrs" separator = var.separator "." } length = var.length "1" variable "separator" { } default = "." } variable "length" { default = "1" } >_ $ terraform apply # local_file.pet will be created + resource "local_file" "pet" { + content = “We love pets!" + directory_permission = "0777" + file_permission = "0777" + filename = "/root/pet.txt" + id = (known after apply) } # random_pet.my-pet will be created + resource "random_pet" "my-pet" { + id = (known after apply) + length = 1 + prefix = "Mrs" + separator = "." } Plan: 2 to add, 0 to change, 0 to destroy... random_pet.my-pet: Creating... random_pet.my-pet: Creation complete after 0s [id=Mrs.ram] local_file.pet: Creating... local_file.pet: Creation complete after 0s [id=f392b4bcf5db76684f719bf72061627a9a177de1] main.tf variables.tf resource "local_file" "pet" { variable "filename" { filename = var.filename "/root/pets.txt" default = "/root/pets.txt" var.content content = "We love pets!" } variable "content" { } default = "My "We favorite love pets!" pet is Mrs. Whiskers" } resource "random_pet" "my-pet" { variable "prefix" { prefix = var.prefix "Mrs" default = "Mrs" separator = var.separator "." } length = var.length "1" variable "separator" { } default = "." } variable "length" { default = "1" "2" } >_ $ terraform apply Terraform will perform the following actions: -/+ resource "local_file" "pet" { ~ content = “We love pets!" -> "My favorite pet is Mrs. Whiskers!" # forces replacement directory_permission = "0777" file_permission = "0777" filename = "/root/pet.txt" ~ id = "bc9cabef1d8b0071d3c4ae9959a9c328f35fe697" -> (known after apply) } # random_pet.my-pet must be replaced -/+ resource "random_pet" "my-pet" { ~ id = "Mrs.Hen" -> (known after apply) ~ length = 1 -> 2 # forces replacement prefix = "Mrs" separator = "." } Plan: 2 to add, 0 to change, 2 to destroy. random_pet.my-pet: Destroying... [id=Mrs.hen] random_pet.my-pet: Destruction complete after 0s local_file.pet: Destroying... [id=bc9cabef1d8b0071d3c4ae9959a9c328f35fe697] local_file.pet: Destruction complete after 0s random_pet.my-pet: Creating... local_file.pet: Creating... main.tf variables.tf resource "aws_instance" "webserver" { variable "ami" { ami = var.ami var.ami default = "ami-0edab43b6fa892279" instance_type = var.instance_type var.instance_type } } variable "instance_type" { default = "t2.micro" } main.tf variables.tf resource "aws_instance" "webserver" { variable "ami" { ami = var.ami var.ami instance_type = var.instance_type var.instance_type } } variable "instance_type" { } Interactive Mode >_ $ terraform apply var.ami Enter a value: ami-0edab43b6fa892279 var.instance_type Enter a value: t2.micro Command Line Flags >_ $ terraform apply -var "ami=ami-0edab43b6fa892279" -var "instance_type=t2.micro" Environment Variables >_ $ export TF_VAR_instance_type="t2.micro" $ export TF_VAR_ami="ami-0edab43b6fa892279" $ terraform apply Variable Definition Files variable.tfvars ami="ami-0edab43b6fa892279" instance_type="t2.micro" >_ $ terraform apply -var-file variable.tfvars terraform.tfvars | terraform.tfvars.json Automatically Loaded *.auto.tfvars | *.auto.tfvars.json Variable Definition Precedence Order Option >_ 1 Environment Variables $ export TF_VAR_type= "t2.nano" 1? 2 terraform.tfvars 3 *.auto.tfvars (alphabetical order) terraform.tfvars 4 -var or –var-file (command-line flags) type = "t3.micro" 2? variable.auto.tfvars type = "t3.small" 3? >_ $ terraform apply -var "type=t2.medium" 4? Multiple Choice Quiz Understanding the Variable Block variables.tf variable "ami" { } variable "instance_type" { } variables.tf variable "ami" { default = "ami-0edab43b6fa892279" description = "Type of AMI to use" type = string sensitive = true } variable "instance_type" { default = "t2.micro" description = "Size of EC2" type = string sensitive = false } variables.tf variable "ami" { type = string description = "The id of the machine image (AMI) to use for the server." validation { condition = substr(var.ami, 0, 4) == "ami-" error_message = "The AMI should start with \"ami-\"." } } >_ $ terraform apply –var "ami=abc-11223" Error: Invalid value for variable on main.tf line 1: 1: variable "ami" { The image_id value must be a valid AMI id, starting with "ami-". This was checked by the validation rule at main.tf:5,3-13. variables.tf variable "ami" { Type Example default = "ami-0edab43b6fa892279" string "/root/pets.txt" description = "Type of AMI to use" type = string number 1 } bool true/false variable "instance_type" { default = "t2.micro" any Default Value description = "Size of EC2" type = string } variable "count" { default = 2 type = number description = "Count of VM’s" } variable "monitoring" { default = true type = bool description = "Enable detailed monitoring" } Type Example string "t2.micro" number 2 bool true/false any Default Value list ["web1", “web2"] region1 = us-east-1 map region2 = us-west-2 Complex Data object Structure Complex Data tuple Structure variables.tf variable "count" { default = 2 type = number description = "Count of VM’s" } variable "monitoring" { default = true type = bool description = "Enable detailed monitoring" } variables.tf variable "count" { default = 2"2" type = number description = "Count of VM’s" } variable "monitoring" { default = "true" true type = bool description = "Enable detailed monitoring" } variables.tf variable "monitoring" { default = 1 type = bool description = "Enable detailed monitoring" } >_ $ terraform init There are some problems with the configuration, described below. The Terraform configuration must be valid before initialization so that Terraform can determine which modules and providers need to be installed. Error: Invalid default value for variable on variables.tf line 3, in variable "monitoring": 3: default = 1 This default value is not compatible with the variable's type constraint: bool required. List variables.tf maint.tf variable "servers" { resource "aws_instance" "web" { default = ["web1", "web2", "web3"] ami = var.ami type = list 0 1 2 instance_type = var.instance_type } tags = { name = var.servers } } Index Value 0 web1 1 web2 2 web3 Map variables.tf maint.tf variable instance_type { resource "aws_instance" "prodcution" { type = map ami = var.ami default = { instance_type =var.instance_type["development"] var.instance_type "production" = "m5.large" tags = { "development" = "t2.micro" name = var.servers } } } } Key Value production m5.large development t2.micro List of a Type variables.tf variables.tf variable "servers" { variable "servers" { default = ["web1", "web2", "web3"] default = ["web1", "web2", "web3"] type = list(string) type = list(number) } } variables.tf >_ $ terraform plan variable "prefix" { Error: Invalid default value for variable default = [1, 2, 3] on variables.tf line 3, in variable "prefix": type = list(number) 3: default = ["Mr", "Mrs", "Sir"] } This default value is not compatible with the variable's type constraint: a number is required. Map of a Type variables.tf variables.tf variable "instance_type" { variable "server_count" { default = { default = { "production" = "m5.large" "web" = 3 "development" = "t2.micro" "db" = 1 } "agent" = 2 type = map(string) } } type = map(number) } Set variables.tf variables.tf variable "servers" { variable "prefix" { default = ["web1", "web2", "web3"] default = ["web1", "web2", "web2"] type = set(string) type = set(string) } } variables.tf variables.tf variable "db" { variable "db" { default = ["db1", "db2"] default = ["db1", "db2", "db1" ] type = set(string) type = set(string) } } variables.tf variables.tf variable "count" { variable "count" { default = [10, 12, 15] default = [10, 12, 15, 10] type = set(number) type = set(number) } } Objects Key Example Type variables.tf name bella string variable "bella" { color brown string type = object({ name = string age 7 number color = string age = number food ["fish", "chicken", "turkey"] list food = list(string) favorite_pet true bool favorite_pet = bool }) default = { name = "bella" color = "brown" age = 7 food = ["fish", "chicken", "turkey"] favorite_pet = true } } Tuples variables.tf variable web { type = tuple([string, number, bool]) default = ["web1", 3, true] } variables.tf >_ $ terraform plan variable db { Error: Invalid default value for variable type = tuple([string, number, bool]) default = ["db1", 1, true, "db2"] on variables.tf line 3, in variable "db": 3: default = ["db1", 1, true, "db2"] } This default value is not compatible with the variable's type constraint: tuple required. Multiple Choice Quiz Resource Attributes and Dependencies https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/key_pair#attributes-reference main.tf resource "aws_key_pair" "alpha" { key_name = "alpha" public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3……alpha@a-server" } >_ $ terraform show # aws_key_pair.alpha: resource "aws_key_pair" "alpha" { arn = "arn:aws:ec2:us-east-1::key-pair/alpha" fingerprint = "d7:ff:a6:63:18:64:9c:57:a1:ee:ca:a4:ad:c2:81:62" id = "alpha" key_name = "alpha" public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3F6tyPEFEzV0LX3X8BsXdMsQz1x2cEikKDEY0aIj41qgxMCP/iteneqXSIFZBp5vizPvaoIR3Um9xK7PGoW8gi upGn+EPuxIA4cDM4vzOqOkiMPhz5XK0whEjkVzTo4+S0puvDZuwIsdiW9mxhJc7tgBNL0cYlWSYVkz4G/fslNfRPW5mYAM49f4fhtxPb5ok4Q2Lg9dPKV HO/Bgeu5woMc7RY0p1ej6D4CKFE6lymSDJpW0YHX/wqE9+cfEauh7xZcG0q9t2ta6F6fmX0agvpFyZo8aFbXeUBr7osSCJNgvavWbM/06niWrOvYX2xwW dhXmXSrbX8ZbabVohBK41 alpha@a-server" tags_all = {} } ami key_name public_key key_name instance_type main.tf key_name resource "aws_key_pair" "alpha" { key_name = "alpha" public_key = "ssh-rsa…" } resource "aws_instance" "cerberus" {.. ami = var.ami instance_type = var.instance_type key_name = aws_key_pair.alpha.key_name } >_ $ terraform apply... 2 1 aws_key_pair.alpha: Creating... aws_key_pair.alpha: Creation complete after 1s [id=alpha] aws_instance.cerberus: Creating... aws_instance.cerberus: Still creating... [10s elapsed] aws_instance.cerberus: Creation complete after 10s [id=i- c791dc46a6639d4a7] Apply complete! Resources: 2 added, 0 changed, 0 destroyed main.tf resource "aws_instance" "db" { 2 1 ami = var.db_ami instance_type = var.web_instance_type } resource "aws_instance" "web" { ami = var.web_ami instance_type = var.db_instance_type web db depends_on = [ aws_instance.db ] } Multiple Choice Quiz Resource Targetting main.tf resource "random_string" "server-suffix" { length = 6 upper = false special = false } id=6r923x resource "aws_instance" "web" { ami = "ami-06178cf087598769c" instance_type = "m5.large" tags = { Name = "web-${random_string.server-suffix.id}" } } Name = web-6r923x main.tf resource "random_string" "server-suffix" { length = 65 upper = false special = false } id=6r923x resource "aws_instance" "web" { ami = "ami-06178cf087598769c" instance_type = "m5.large" tags = { Name = "web-${random_string.server-suffix.id}" } } Name = web-6r923x >_ $ terraform apply.. Plan: 1 to add, 1 to change, 1 to destroy. Do you want to perform these actions? id=6r923x id= nglmpo Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes random_string.server-suffix: Destroying... [id= 6r923x] random_string.server-suffix: Destruction complete after 0s random_string.server-suffix: Creating... random_string.server-suffix: Creation complete after 0s [id= nglmpo] aws_instance.web: Modifying... [id=i-67428769e06ae2901] aws_instance.web: Modifications complete after 0s [id=i- 67428769e06ae2901] Name = web-6r923x web-nglmpo Apply complete! Resources: 1 added, 1 changed, 1 destroyed. >_ $ terraform apply –target random_string.server-suffix.. Terraform will perform the following actions: # random_string.server-suffix must be replaced id=6r923x id= nglmpo -/+ resource "random_string" "server-suffix" { ~ id = "bl12qd" -> (known after apply) ~ length = 6 -> 5 # forces replacement.. Plan: 1 to add, 0 to change, 1 to destroy. Warning: Resource targeting is in effect.. random_string.server-suffix: Destroying... [id= 6r923x] random_string.server-suffix: Destruction complete after 0s random_string.server-suffix: Creating... Name = web-6r923x web-nglmpo random_string.server-suffix: Creation complete after 0s [id= nglmpo] Warning: Applied changes may be incomplete Apply complete! Resources: 1 added, 0 changed, 1 destroyed. Multiple Choice Quiz Output Variables main.tf variables.tf resource "aws_instance" "cerberus" { variable "ami" { ami = var.ami default = "ami-06178cf087598769c" instance_type = var.instance_type } } variable "instance_type" { default = "m5.large" } output "pub_ip" { value = aws_instance.cerberus.public_ip variable "region" { description = "print the public IPv4 address" default = "eu-west-2" } } output "" { value = "" } >_ $ terraform apply.... Outputs: pub_ip = 54.214.145.69 >_ $ terraform output pub_ip = 54.214.145.69 >_ $ terraform output pub_ip 54.214.145.69 Output Variable SHELL SCRIPTS Multiple Choice Quiz Recap Terraform State >_ main.tf $ terraform apply resource "aws_instance" "cerberus" {. ami = var.ami. instance_type = var.instance_type. } aws_instance.cerberus: Creating... aws_instance.cerberus: Still creating... [10s elapsed] variables.tf aws_instance.cerberus: Creation complete after 10s [id=i- c791dc46a6639d4a7] variable "ami" { default = "ami-06178cf087598769c" Apply complete! Resources: 1 added, 0 changed, 0 destroyed } variable "instance_type" { default = "m5.large" } >_ $ ls main.tf variables.tf terraform.tfstate terraform.tfstate.backup >_ [terraform-local-file]$ cat terraform.tfstate { "version": 4, "terraform_version": "0.13.3", "serial": 2, "lineage": "ccd95cf0-9966-549b-c7d1-1d2683b3119b", "outputs": {}, "resources": [ { "mode": "managed", "type": "aws_instance", "name": "cerberus", "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", "instances": [ { "schema_version": 1, "attributes": { "ami": "ami-06178cf087598769c", "arn": "arn:aws:ec2:eu-west-2::instance/i-1db6bfe81bd1e3ed7", "associate_public_ip_address": true, "availability_zone": "eu-west-2a", "capacity_reservation_specification": [], "cpu_core_count": null, "cpu_threads_per_core": null, "credit_specification": [], "disable_api_termination": false, "ebs_block_device": [], >_ apply $ terraform plan Refreshing Terraform state in-memory prior to plan... The refreshed state will be used to calculate this plan, but will not be persisted to local or remote state storage. aws_instance.cerberus: Refreshing state... [id=i-1db6bfe81bd1e3ed7] ------------------------------------------------------------------------ No changes. Infrastructure is up-to-date. This means that Terraform did not detect any differences between your configuration and real physical resources that exist. As a result, no actions need to be performed. >_ $ terraform apply -refresh=false Apply complete! Resources: 0 added, 0 changed, 0 destroyed. >_ variables.tf [terraform-local-file]$ cat terraform.tfstate variable "ami" { default = "ami-06178cf087598769c" { } "version": 4, variable "instance_type" { "terraform_version": "0.13.3", default = "m5.large" "serial": 1, "t3.micro" } "lineage": "160ca48f-cd6a-bd64-fc1b-0e2e78c2bc10", "outputs": {}, "resources": [ { "mode": "managed", "type": "aws_instance", Plan "name": "cerberus", "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", "instances": [ { "schema_version": 1, "attributes": { "ami": "ami-06178cf087598769c", "arn": "arn:aws:ec2:eu-west-2::instance/i- 9d394a982f158e887", " "instance_state": "running", "instance_type": "m5.large", >_ Plan Init $ terraform plan Refreshing Terraform state in-memory prior to plan... The refreshed state will be used to calculate this plan, but will not be persisted to local or remote state storage. aws_instance.cerberus: Refreshing state... [id=i-9d394a982f158e887].. Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # aws_instance.cerberus will be updated in-place ~ resource "aws_instance" "cerberus" { ami = "ami-06178cf087598769c" arn = "arn:aws:ec2:eu-west-2::instance/i-9d394a982f158e887" associate_public_ip_address = true availability_zone = "eu-west-2a" disable_api_termination = false ebs_optimized = false get_password_data = false id = "i-9d394a982f158e887" instance_state = "running" ~ instance_type = "m5.large" -> "t3.micro" Real World Infrastructure terraform.tfstate main.tf >_ resource "aws_instance" "db" { [terraform-local-file]$ cat terraform.tfstate ami = var.ami { instance_type = var.instance_type "mode": "managed", } "type": "aws_instance", "name": "web", resource "aws_instance" "web" { "provider": ami = var.ami "provider[\"registry.terraform.io/hashicorp/aws\"]", instance_type = var.instance_type "instances": [ depends_on = [ aws_instance.db ] { "schema_version": 1, "attributes": { } "ami": "ami-06178cf087598769c", "arn": "arn:aws:ec2:eu-west-2::instance/i- 33b55018bd1a8d8ca",.. db. "dependencies": [ "aws_instance.db" ] web Sensitive Data terraform.tfstate { "mode": "managed", "type": "aws_instance", "name": "web", "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", "instances": [ { "schema_version": 1, "attributes": { "ami": "ami-0a634ae95e11c6f91",... "primary_network_interface_id": "eni-0ccd57b1597e633e0", "private_dns": "ip-172-31-7-21.us-west-2.compute.internal", "private_ip": "172.31.7.21", "public_dns": "ec2-54-71-34-19.us-west-2.compute.amazonaws.com", "public_ip": "54.71.34.19", "root_block_device": [ { "delete_on_termination": true, "device_name": "/dev/sda1", "encrypted": false, "iops": 100, Terraform State Considerations Remote State Backends Version Control terraform.tfstate main.tf { resource "aws_instance" "db" { "mode": "managed", "type": "aws_instance", ami = var.ami "name": "web", instance_type = var.instance_type "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", } "instances": [ { "schema_version": 1, resource "aws_instance" "web" { "attributes": { ami = var.ami "ami": "ami-0a634ae95e11c6f91",. instance_type = var.instance_type. depends_on = [ aws_instance.db ]. "primary_network_interface_id": "eni-0ccd57b1597e633e0", "private_dns": "ip-172-31-7-21.us-west-2.compute.internal", } "private_ip": "172.31.7.21", "public_dns": "ec2-54-71-34-19.us-west-2.compute.amazonaws.com", "public_ip": "54.71.34.19", "root_block_device": [ { "delete_on_termination": true, "device_name": "/dev/sda1", "encrypted": false, "iops": 100, "kms_key_id": "", "volume_id": "vol-070720a3636979c22", No Manual Edits terraform.tfstate { "mode": "managed", "type": "aws_instance", "name": "dev-ec2", "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", "instances": [ { "schema_version": 1, "attributes": { "ami": "ami-0a634ae95e11c6f91",... "primary_network_interface_id": "eni-0ccd57b1597e633e0", "private_dns": "ip-172-31-7-21.us-west-2.compute.internal", "private_ip": "172.31.7.21", "public_dns": "ec2-54-71-34-19.us-west-2.compute.amazonaws.com", "public_ip": "54.71.34.19", "root_block_device": [ { "delete_on_termination": true, "device_name": "/dev/sda1", "encrypted": false, "iops": 100, Multiple Choice Quiz Remote State >_ Mapping Configuration to Real World $ ls Tracking Metadata main.tf variables.tf terraform.tfstate Performance Collaboration Version Control terraform.tfstate main.tf { "mode": "managed", "type": "aws_instance", resource "aws_instance" "dev-ec2" { "name": "dev-ec2", "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", ami = var.ami "instances": [ { instance_type = var.instance_type "schema_version": 1, } "attributes": { "ami": "ami-0a634ae95e11c6f91",... "primary_network_interface_id": "eni-0ccd57b1597e633e0", "private_dns": "ip-172-31-7-21.us-west-2.compute.internal", "private_ip": "172.31.7.21", "public_dns": "ec2-54-71-34-19.us-west-2.compute.amazonaws.com", "public_ip": "54.71.34.19", "root_block_device": [ { "delete_on_termination": true, "device_name": "/dev/sda1", "encrypted": false, "iops": 100, "kms_key_id": "", "volume_id": "vol-070720a3636979c22", "volume_size": 8, "volume_type": "gp2" } >_ Terminal 1 >_ Terminal 2 $ terraform apply $ terraform apply. Error: Error locking state: Error acquiring the state. lock: resource temporarily unavailable." Lock Info: + server_side_encryption = (known after apply) ID: fefe3806-007c-084b-be61-cef4cdc77dee + storage_class = (known after apply) Path: terraform.tfstate + version_id = (known after apply) Operation: OperationTypeApply } Who: root@iac-server Version: 0.13.3 Plan: 2 to add, 0 to change, 0 to destroy. Created: 2020-09-22 20:35:27.051330492 +0000 UTC Info: Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Terraform acquires a state lock to protect the state from being written Enter a value: yes by multiple users at the same time. Please resolve the issue above and try aws_s3_bucket_object.finance-2020: Creating... again. For most commands, you can disable locking with aws_s3_bucket.finance: Creating... the "-lock=false" aws_s3_bucket_object.finance-2020: Still creating... flag, but this is not recommended. [10s elapsed] aws_s3_bucket.finance: Still creating... [10s elapsed] aws_s3_bucket_object.finance-2020: Still creating... [20s elapsed] aws_s3_bucket.finance: Still creating... [20s State Locking Infrastructure Operation 1 Terraform State Local Operation 2 main.tf terraform.tfstate user1 user2 main.tf terraform.tfstate main.tf terraform.tfstate S3 bucket State Locking AWS S3 Terraform State Google Cloud Storage HashiCorp Consul Terraform Cloud Remote State Backend Infrastructure Operation 1 Local Operation 2 State Locking AWS S3 Terraform State Google Cloud Storage HashiCorp Consul Terraform Cloud Remote State Backend Automatically Load and Upload State File Many Backends Support State Locking Security Remote Backend Terraform State State Locking Remote State Backend Object Value Bucket kodekloud-terraform-state-bucket01 Key finance/terraform.tfstate Local Region us-west-1 DynamoDB Table state-locking main.tf terraform.tf resource "local_file" "pet" { terraform { $ ls filename = "/root/pets.txt" backend "s3"main.tf { terraform.tfstate content = "We love pets!" bucket = "kodekloud-terraform-state-bucket01" } key = "finance/terraform.tfstate" region = "us-west-1" dynamodb_table = "state-locking" } } Object Value Bucket kodekloud-terraform-state-bucket01 Key finance/terraform.tfstate Region us-west-1 DynamoDB Table state-locking main.tf terraform.tf resource "local_file" "pet" { terraform { filename = "/root/pets.txt" backend "s3" { content = "We love pets!" bucket = "kodekloud-terraform-state-bucket01" } key = "finance/terraform.tfstate" region = "us-west-1" dynamodb_table = "state-locking" } } >_ $ terraform apply Backend reinitialization required. Please run "terraform init". Reason: Initial configuration of the requested backend "s3" The "backend" is the interface that Terraform uses to store state, perform operations, etc. If this message is showing up, it means that the Terraform configuration you're using is using a custom configuration for the Terraform backend. Changes to backend configurations require reinitialization. This allows Terraform to setup the new configuration, copy existing state, etc. This is only done during "terraform init". Please run that command now then try again. Error: Initialization required. Please see the error message above. >_ $ terraform init Initializing the backend... Do you want to copy existing state to the new backend? Pre-existing state was found while migrating the previous "local" backend to the newly configured "s3" backend. No existing state was found in the newly configured "s3" backend. Do you want to copy this state to the new "s3" backend? Enter "yes" to copy and "no" to start with an empty state. Enter a value: yes Successfully configured the backend "s3"! Terraform will automatically use this backend unless the backend configuration changes. Initializing provider plugins... - Using previously-installed hashicorp/aws v3.7.0..[Output Truncated] >_ $ rm –rf terraform.tfstate >_ $ terraform apply Acquiring state lock. This may take a few moments... Local_file.pet: Refreshing state... [id=a676sd5665sd] Apply complete! Resources: 0 added, 0 changed, 0 destroyed. Releasing state lock. This may take a few moments. Multiple Choice Quiz Terraform Commands terraform validate main.tf >_ resource "local_file" "pet" { $ terraform validate filename = "/root/pets.txt" Success! The configuration is valid. content = "We love pets!" file_permissions = "0700" } $ terraform validate Error: Unsupported argument on main.tf line 4, in resource "local_file" "pet": 4: file_permissions = "0777" An argument named "file_permissions" is not expected here. Did you mean "file_permission"? terraform fmt main.tf >_ resource "local_file" "pet" { $ terraform fmt filename = "/root/pets.txt" content = "We love pets!" file_permission = "0700" } terraform fmt main.tf >_ resource "local_file" "pet" { $ terraform fmt filename = "/root/pets.txt" main.tf content = "We love pets!" file_permission = "0700" } terraform show >_ >_ $ terraform show $ terraform show -json # local_file.pet: {"format_version":"0.1","terraform_version":"0.13.0 resource "local_file" "pet" { ","values":{"root_module":{"resources":[{"address": content = "We love pets!" "local_file.pet","mode":"managed","type":"local_fil directory_permission = "0777" e","name":"pet","provider_name":"registry.terraform file_permission = "0777".io/hashicorp/local","schema_version":0,"values":{" filename = "/root/pets.txt" content":"We love id = pets!","content_base64":null,"directory_permission" "cba595b7d9f94ba1107a46f3f731912d95fb3d2c" :"0777","file_permission":"0777","filename":"/root/ } pets.txt","id":"cba595b7d9f94ba1107a46f3f731912d95f b3d2c","sensitive_content":null}}]}}} terraform providers main.tf >_ resource "aws_instance" "db" { $ terraform providers ami = var.ami Providers required by configuration: instance_type = var.instance_type. } └── provider[registry.terraform.io/hashicorp/aws] Providers required by state: provider[registry.terraform.io/hashicorp/aws] terraform output main.tf >_ resource "local_file" "pet" { $ terraform output filename = "/root/pets.txt" content = "We love pets!" content = We love pets! file_permission = "0777" pet-name = huge-owl } resource "random_pet" "cat" { length = "2" separator = "-" } $ terraform output pet-name output content { value = local_file.pet.content pet-name = huge-owl sensitive = false description = "Print the content of the file" } output pet-name { value = random_pet.cat.id sensitive = false description = "Print the name of the pet" } terraform refresh main.tf >_ resource "local_file" "pet" { $ terraform plan filename = "/root/pets.txt" Refreshing Terraform state in-memory prior to plan... content = "We love pets!" The refreshed state will be used to calculate this file_permission = "0777" plan, but will not be } persisted to local or remote state storage. resource "random_pet" "cat" { length = "2" random_pet.cat: Refreshing state... [id=huge-owl] separator = "-" local_file.pet: Refreshing state... } [id=cba595b7d9f94ba1107a46f3f731912d95fb3d2c] ------------------------------------------------------ No changes. Infrastructure is up-to-date. $ terraform refresh random_pet.cat: Refreshing state... [id=huge-owl] local_file.pet: Refreshing state... [id=cba595b7d9f94ba1107a46f3f731912d95fb3d2c] terraform graph >_ $ terraform graph digraph { compound = "true" newrank = "true" subgraph "root" { "[root] aws_instance.cerberus (expand)" [label = "aws_instance.cerberus", shape = "box"] "[root] provider[\"registry.terraform.io/hashicorp/aws\"]" [label = "provider[\"registry.terraform.io/hashicorp/aws\"]", shape = "diamond"] "[root] var.ami" [label = "var.ami", shape = "note"] "[root] var.instance_type" [label = "var.instance_type", shape = "note"] "[root] var.region" [label = "var.region", shape = "note"] "[root] aws_instance.cerberus (expand)" -> "[root] provider[\"registry.terraform.io/hashicorp/aws\"]" "[root] aws_instance.cerberus (expand)" -> "[root] var.ami" "[root] aws_instance.cerberus (expand)" -> "[root] var.instance_type" "[root] meta.count-boundary (EachMode fixup)" -> "[root] aws_instance.cerberus (expand)" "[root] provider[\"registry.terraform.io/hashicorp/aws\"] (close)" -> "[root] aws_instance.cerberus (expand)" "[root] provider[\"registry.terraform.io/hashicorp/aws\"]" -> "[root] var.region" "[root] root" -> "[root] meta.count-boundary (EachMode fixup)" "[root] root" -> "[root] provider[\"registry.terraform.io/hashicorp/aws\"] (close)" } } terraform.tfstate >_ { "mode": "managed", $ vi terraform.tfstate "type": "aws_instance", "name": "dev-ec2", $ terraform state show aws_s3_bucket.finance "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", "instances": [ { # terraform state [options] [args] "schema_version": 1, "attributes": { "ami": "ami-0a634ae95e11c6f91",... Sub-command "primary_network_interface_id": "eni-0ccd57b1597e633e0", "private_dns": "ip-172-31-7-21.us-west-2.compute.internal", "private_ip": "172.31.7.21", list "public_dns": "ec2-54-71-34-19.us-west-2.compute.amazonaws.com", "public_ip": "54.71.34.19", "root_block_device": [ mv { "delete_on_termination": true, "device_name": "/dev/sda1", pull "encrypted": false, "iops": 100, "kms_key_id": "", rm "volume_id": "vol-070720a3636979c22", "volume_size": 8, "volume_type": "gp2" show } ], push >_ # terraform state list [options] [address] $ terraform state list aws_dynamodb_table.cars aws_s3_bucket.finance-2020922 $ terraform state list aws_s3_bucket.cerberus-finance aws_s3_bucket.cerberus-finance >_ # terraform state show [options] [address] $ terraform state show aws_s3_bucket.cerberus-finance resource "aws_s3_bucket" "terraform-state" { acl = "private" arn = "arn:aws:s3:::cerberus-finance" bucket = "cerberus-finance" bucket_domain_name = "cerberus-finance.s3.amazonaws.com" bucket_regional_domain_name = "cerberus-finance.s3.us-west-1.amazonaws.com" force_destroy = false hosted_zone_id = "Z2F5ABCDE1ACD" id = "cerberus-finance" region = "us-west-1" request_payer = "BucketOwner" tags = { "Description" = "Bucket to store Finance and Payroll Information" } versioning { enabled = false mfa_delete = false } } main.tf terraform.tfstate resource "aws_dynamodb_table" "state-locking-db" "state-locking" { "resources": [ name = "state-locking" { billing_mode = "PAY_PER_REQUEST" "mode": "managed", hash_key = "LockID" "type": "aws_dynamodb_table", attribute { "name": "state-locking-db" "state-locking", name = "LockID" "provider": type = "S" "provider[\"registry.terraform.io/hashicorp/aws\" } ]", }.. >_ # terraform state mv [options] SOURCE DESTINATION $ terraform state mv aws_dynamodb_table.state-locking aws_dynamodb_table.state-locking-db Move "aws_dynamodb_table.state-locking" to "aws_dynamodb_table.state-locking-db" Successfully moved 1 object(s). aws_dynamodb_table.state-locking-db: Refreshing state... [id=state-locking] $ terraform apply Apply complete! Resources: 0 added, 0 changed, 0 destroyed. >_ $ ls main.tf provider.tf # terraform state pull [options] SOURCE DESTINATION $ terraform state pull { "version": 4, "terraform_version": "0.13.0", "serial": 0, Terraform State "lineage": "b6e2cf0e-ef8d-3c59-1e11-c6520dcd745c", "resources": [ { "mode": "managed", Remote State Backend "type": "aws_dynamodb_table", "name": "state-locking-db", "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", "instances": [ { "schema_version": 1, "attributes": {... $ terraform state pull | jq '.resources[] | select(.name == "state-locking- db")|.instances[].attributes.hash_key' "LockID" Local >_ # terraform state rm ADDRESS $ terraform state rm aws_s3_bucket.finance-2020922 Acquiring state lock. This may take a few moments... Removed aws_s3_bucket.finance-2020922 Successfully removed 1 resource instance(s). Releasing state lock. This may take a few moments... >_ # terraform state push PATH $ terraform state push./terraform.tfstate >_ $ terraform state push./randomstate/terraform.tfstate Failed to write state: cannot import state with lineage "1dc19ee8-2b7f- d87a-4786-4be724b24988" over unrelated state with lineage "6d167ba6-5171- a624-6bad-2e6bfec62c28" Multiple Choice Quiz Lifecycle Rules create_before_destroy main.tf >_ $ terraform apply resource "aws_instance" "cerberus" { aws_instance.cerberus: Refreshing state... [id=i-a6e22ec5303190252 ami = "ami-06178cf087598769c" "ami-2158cf087598787a" An execution plan has been generated and is shown below. instance_type = "m5.large“ Resource actions are indicated with the following symbols: +/- create replacement and then destroy tags = { Name = "Cerberus-Webserver" Terraform will perform the following actions: lifecycle { # aws_instance.cerberus must be replaced create_before_destroy = true +/- resource "aws_instance" "cerberus" { } ~ ami = "ami- 06178cf087598769c" -> "ami-2158cf087598787a" # forces replacement Plan: 1 to add, 0 to change, 1 to destroy. }... aws_instance.cerberus: Creating... aws_instance.cerberus: Still creating... [10s elapsed] aws_instance.cerberus: Creation complete after 10s [id=i- 477150603640c96f4] aws_instance.cerberus: Destroying... [id=i-a6e22ec5303190252] aws_instance.cerberus: Still destroying... [id=i-a6e22ec5303190252 10s elapsed] aws_instance.cerberus: Destruction complete after 10s Apply complete! Resources: 1 added, 0 changed, 1 destroyed. ami-06178cf087598769c ami-2158cf087598787a prevent_destroy main.tf >_ $ terraform apply resource "aws_instance" "cerberus" { aws_instance.cerberus: Refreshing state... [id=i- ami "ami-2158cf087598787a" = "ami-06178cf087598769c" 477150603640c96f4] instance_type = "m5.large" Error: Instance cannot be destroyed tags = { Name = "Cerberus-Webserver" on main.tf line 6: 6: resource "aws_instance" "cerberus" { lifecycle { prevent_destroy = true Resource aws_instance.cerberus has } lifecycle.prevent_destroy set, but the plan calls for this resource to be destroyed. To avoid this } error and continue with the plan, either disable lifecycle.prevent_destroy or reduce the scope of the plan using the -target flag. ami-2158cf087598787a ignore_changes main.tf >_ $ terraform apply resource "aws_instance" "cerberus" { aws_instance.webserver: Refreshing state... [id=i- ami "ami-2158cf087598787a" = "ami-06178cf087598769c" 05cd83b221911acd5] instance_type = "m5.large" Apply complete! Resources: 0 added, 0 changed, 0 destroyed. tags = { Name = "Cerberus-Webserver" "Cerberus-Webserver-1" lifecycle lifecycle {{ ignore_changes ignore_changes == [all tags ] } }} Name = Cerberus-Webserver Multiple Choice Quiz Data Sources main.tf resource "aws_key_pair" "alpha" { key_name = "alpha" public_key = "ssh-rsa…" } resource "aws_instance" "cerberus" { ami = var.ami instance_type = var.instance_type key_name = aws_key_pair.alpha.key_name } https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/key_pair main.tf data "aws_key_pair" "cerberus-key" { key_name = "alpha" } resource "aws_instance" "cerberus" { ami = var.ami instance_type = var.instance_type key_name = data.aws_key_pair.cerberus-key.key_name } https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/key_pair https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/key_pair main.tf data "aws_key_pair" "cerberus-key" { key_name filter = { "alpha" name = "tag:project" values = ["cerberus"] } } resource "aws_instance" "cerberus" { ami = var.ami instance_type = var.instance_type key_name = data.aws_key_pair.cerberus-key.key_name } terraform.tfstate Resource Data Source Keyword: resource Keyword: data Creates, Updates, Destroys Only Reads Infrastructure Infrastructure Also called Managed Resources Also called Data Resources Multiple Choice Quiz count and for-each count main.tf variables.tf resource "aws_instance" "web" { variable "ami" { ami = var.ami default = "ami-06178cf087598769c" instance_type = var.instance_type } count = 3 variable "instance_type" { default = "m5.large" } } >_ $ terraform apply [Output Truncated] Terraform will perform the following actions:... # # aws_instance.web will be created. + volume_size = (known after apply) + volume_type = (known after apply) } } Plan: 3 to add, 0 to change, 0 to d
