├── Section 5 - Remote State Management
├── remote-backend
│ ├── eip.tf
│ ├── providers.tf
│ └── backend.tf
├── terraform-multistate
│ ├── ec2
│ │ ├── providers.tf
│ │ ├── ec2.tf
│ │ └── backend.tf
│ └── eip
│ │ ├── providers.tf
│ │ ├── eip.tf
│ │ └── data_get.tf
├── sleep.tf
├── team-collaboration.md
├── state-locking.md
├── tf-import.md
├── backend.md
├── s3-backend.md
├── demofile.md
├── Readme.md
├── risks-state-file-git.md
├── remote-state-data-source.md
└── state-management.md
├── Section 2 - Read, Generate, Modify Congiruations
├── variables.tf
├── fetch-ami-data-source-usecase.md
├── count.md
├── eip.md
├── data-source-format.md
├── variable-precedence.md
├── id_rsa.pub
├── terraform-validate.md
├── taint.md
├── challenge-count.md
├── data-type-set.md
├── map-data-type.md
├── terraform-format.md
├── variable-assignment.md
├── splat-expression.md
├── plan-to-file.md
├── tf-comments.tf
├── interpolation.tf
├── resource-target.md
├── varsdemo.tf
├── fetch-values-variables.tf
├── zipmap.md
├── debugging.md
├── attributes.md
├── list-data-type.md
├── settings.md
├── conditional.md
├── implicit.md
├── create-before-destroy.md
├── meta-argument.md
├── tfvars.md
├── output-values.md
├── prevent-destroy.md
├── data-types.md
├── fetch-ami-data-source-practical.md
├── challenge-functions.md
├── resource-dependency.md
├── env-variable-assignment.md
├── for_each.md
├── reference.tf
├── cross-reference-attributes.md
├── doc-code-changes.md
├── solution-functions.md
├── firewall.md
├── terraform-providers.md
├── object.md
├── state-management.md
├── count-index.md
├── local-values.md
├── graph.md
├── data-sources.md
├── ignore-changes.md
├── load-order.md
├── approach-to-variable-assignment.md
├── large-infra.md
├── conditional-expression.md
├── dynamic-block.md
├── reference.md
├── terraform-variables.md
├── functions.md
└── Readme.md
├── Section 4 - Terraform Modules & Workspaces
├── module-locals
│ ├── projects
│ │ └── B
│ │ │ ├── providers.tf
│ │ │ └── my-sg.tf
│ └── modules
│ │ └── sg
│ │ └── sg.tf
├── kplabs-modules
│ ├── projects
│ │ └── A
│ │ │ ├── myec2.tf
│ │ │ └── providers.tf
│ └── modules
│ │ └── ec2
│ │ └── ec2.tf
├── module-outputs
│ ├── projects
│ │ └── C
│ │ │ ├── providers.tf
│ │ │ └── my-sg.tf
│ └── modules
│ │ └── sg
│ │ └── sg.tf
├── creating-module.md
├── local-paths.md
├── module-sources.md
├── variables-custom-module.md
├── ec2-module.md
├── terraform-registry.md
├── kplabs-workspace.md
├── provider-custom-module.md
├── module-multi-provider.md
├── module-outputs.md
├── Readme.md
└── note-points-modules.md
├── Section 1 - Deploying Infrastructure with Terraform
├── destroy.md
├── state-file.md
├── clarity-state-file.md
├── refresh.tf
├── resource-providers.md
├── example.tf
├── aws-provider-auth.md
├── desired-current-state.md
├── provider-versioning.md
├── resp01.md
├── first-ec2.md
├── provider-tiers.md
├── github.md
└── Readme.md
├── Section 3 - Terraform Provisioners
├── local-exec.tf
├── failure-behaviour.md
├── local-exec.md
├── points-to-note.md
├── Readme.md
├── create-destroy-time-provisioner.md
├── remote-exec.md
├── null.md
└── provisioner-types.md
├── Section 6 - Security Primer
├── vault.tf
├── credentials.md
├── dependency-lock.tf
├── multiple-providers.md
├── Readme.md
├── tfstate-git.md
├── multi-provider.md
└── sensitive.md
├── Section 7 - Terraform Cloud & Enterprise Capabilities
├── terraform-cloud.md
├── Readme.md
├── sentinel.md
└── remote-backend.md
└── Readme.md
/Section 5 - Remote State Management/remote-backend/eip.tf:
--------------------------------------------------------------------------------
1 | resource "aws_eip" "lb" {
2 | domain = "vpc"
3 | }
4 |
--------------------------------------------------------------------------------
/Section 5 - Remote State Management/remote-backend/providers.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 | region = "us-west-2"
3 | }
4 |
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/variables.tf:
--------------------------------------------------------------------------------
1 | variable "vpn_ip" {
2 | default = "116.50.30.50/32"
3 | }
4 |
--------------------------------------------------------------------------------
/Section 5 - Remote State Management/terraform-multistate/ec2/providers.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 | region = "us-west-1"
3 | }
4 |
--------------------------------------------------------------------------------
/Section 5 - Remote State Management/terraform-multistate/eip/providers.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 | region = "us-west-1"
3 | }
4 |
--------------------------------------------------------------------------------
/Section 5 - Remote State Management/sleep.tf:
--------------------------------------------------------------------------------
1 | resource "time_sleep" "wait_300_seconds" {
2 |
3 | create_duration = "300s"
4 | }
5 |
--------------------------------------------------------------------------------
/Section 4 - Terraform Modules & Workspaces/module-locals/projects/B/providers.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 | region = "us-west-2"
3 | }
4 |
--------------------------------------------------------------------------------
/Section 4 - Terraform Modules & Workspaces/kplabs-modules/projects/A/myec2.tf:
--------------------------------------------------------------------------------
1 | module "ec2module" {
2 | source = "../../modules/ec2"
3 | }
4 |
--------------------------------------------------------------------------------
/Section 4 - Terraform Modules & Workspaces/module-locals/projects/B/my-sg.tf:
--------------------------------------------------------------------------------
1 | module "sgmodule" {
2 | source = "../../modules/sg"
3 | }
4 |
--------------------------------------------------------------------------------
/Section 4 - Terraform Modules & Workspaces/module-outputs/projects/C/providers.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 | region = "us-west-2"
3 | }
4 |
--------------------------------------------------------------------------------
/Section 1 - Deploying Infrastructure with Terraform/destroy.md:
--------------------------------------------------------------------------------
1 | ```sh
2 | terraform destroy
3 | terraform destroy -target aws_instance.myec2
4 | ```
5 |
--------------------------------------------------------------------------------
/Section 5 - Remote State Management/terraform-multistate/eip/eip.tf:
--------------------------------------------------------------------------------
1 | resource "aws_eip" "myeip" {
2 | instance = "${data.terraform_remote_state.myec2.ec2ip}"
3 | }
4 |
--------------------------------------------------------------------------------
/Section 4 - Terraform Modules & Workspaces/kplabs-modules/modules/ec2/ec2.tf:
--------------------------------------------------------------------------------
1 | resource "aws_instance" "myec2" {
2 | ami = "ami-082b5a644766e0e6f"
3 | instance_type = var.instance_type
4 | }
5 |
--------------------------------------------------------------------------------
/Section 4 - Terraform Modules & Workspaces/kplabs-modules/projects/A/providers.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 | region = "us-west-2"
3 | access_key = "YOUR-KEY-HERE"
4 | secret_key = "YOUR-KEY-HERE"
5 | }
6 |
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/fetch-ami-data-source-usecase.md:
--------------------------------------------------------------------------------
1 | ### Base Code used:
2 |
3 | ```sh
4 | resource "aws_instance" "web" {
5 | ami = ""
6 | instance_type = "t2.micro"
7 | }
8 | ```
--------------------------------------------------------------------------------
/Section 5 - Remote State Management/remote-backend/backend.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | backend "s3" {
3 | bucket = "kplabs-terraform-backend"
4 | key = "network/terraform.tfstate"
5 | region = "us-east-1"
6 | }
7 | }
8 |
--------------------------------------------------------------------------------
/Section 3 - Terraform Provisioners/local-exec.tf:
--------------------------------------------------------------------------------
1 | resource "aws_instance" "myec2" {
2 | ami = "ami-082b5a644766e0e6f"
3 | instance_type = "t2.micro"
4 |
5 | provisioner "local-exec" {
6 | command = "echo ${aws_instance.myec2.private_ip} >> private_ips.txt"
7 | }
8 | }
9 |
--------------------------------------------------------------------------------
/Section 5 - Remote State Management/terraform-multistate/eip/data_get.tf:
--------------------------------------------------------------------------------
1 |
2 | data "terraform_remote_state" "myec2" {
3 | backend = "s3"
4 | config {
5 | bucket = "kplabs-remote-backend"
6 | key = "ec2demo.tfstate"
7 | region = "us-west-1"
8 | }
9 | }
10 |
--------------------------------------------------------------------------------
/Section 4 - Terraform Modules & Workspaces/creating-module.md:
--------------------------------------------------------------------------------
1 | ### Module Code Used in the Video
2 |
3 | ```sh
4 | provider "aws" {
5 | region = "us-east-1"
6 | }
7 |
8 | resource "aws_instance" "myec2" {
9 | ami = "ami-0bb84b8ffd87024d8"
10 | instance_type = "t2.micro"
11 | }
12 | ```
--------------------------------------------------------------------------------
/Section 6 - Security Primer/vault.tf:
--------------------------------------------------------------------------------
1 |
2 | provider "vault" {
3 | address = "http://127.0.0.1:8200"
4 | }
5 |
6 | data "vault_generic_secret" "demo" {
7 | path = "secret/db_creds"
8 | }
9 |
10 | output "vault_secrets" {
11 | value = data.vault_generic_secret.demo.data_json
12 | sensitive = "true"
13 | }
14 |
--------------------------------------------------------------------------------
/Section 1 - Deploying Infrastructure with Terraform/state-file.md:
--------------------------------------------------------------------------------
1 | ### Base Code Used
2 |
3 | ```sh
4 | resource "aws_instance" "myec2" {
5 | ami = "ami-0fa3fe0fa7920f68e"
6 | instance_type = "t2.micro"
7 | }
8 | ```
9 |
10 | ### Commands Used
11 | ```sh
12 | terraform apply
13 |
14 | terraform destroy
15 | ```
--------------------------------------------------------------------------------
/Section 1 - Deploying Infrastructure with Terraform/clarity-state-file.md:
--------------------------------------------------------------------------------
1 | ### Base Code Used
2 |
3 | ```sh
4 | resource "aws_instance" "myec2" {
5 | ami = "ami-0fa3fe0fa7920f68e"
6 | instance_type = "t2.micro"
7 | }
8 | ```
9 |
10 | ### Commands Used
11 | ```sh
12 | terraform apply
13 |
14 | terraform destroy
15 | ```
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/count.md:
--------------------------------------------------------------------------------
1 |
2 | ### Base Code Used
3 |
4 | ```sh
5 | resource "aws_instance" "myec2" {
6 | ami = "ami-00c39f71452c08778"
7 | instance_type = "t2.micro"
8 | }
9 | ```
10 |
11 |
12 | ```sh
13 | resource "aws_iam_user" "this" {
14 | name = "payments-user"
15 | }
16 | ```
--------------------------------------------------------------------------------
/Section 1 - Deploying Infrastructure with Terraform/refresh.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 | region = "us-east-1"
3 | access_key = "PUT-YOUR-ACCESS-KEY-HERE"
4 | secret_key = "PUT-YOUR-SECRET-KEY-HERE"
5 | }
6 |
7 | resource "aws_instance" "myec2" {
8 | ami = "ami-00c39f71452c08778"
9 | instance_type = "t2.micro"
10 | }
11 |
12 |
13 |
--------------------------------------------------------------------------------
/Section 5 - Remote State Management/terraform-multistate/ec2/ec2.tf:
--------------------------------------------------------------------------------
1 |
2 | resource "aws_instance" "myec2" {
3 | ami = "ami-bf5540df"
4 | instance_type = "t2.micro"
5 | key_name = "remotepractical"
6 |
7 | tags {
8 | Name = "remote-states"
9 | }
10 |
11 | }
12 |
13 | output "ec2ip" {
14 | value = "${aws_instance.myec2.id}"
15 | }
16 |
--------------------------------------------------------------------------------
/Section 5 - Remote State Management/team-collaboration.md:
--------------------------------------------------------------------------------
1 |
2 | #### main.tf
3 | ```sh
4 | resource "aws_security_group" "allow_tls" {
5 | name = var.sg_name
6 | description = "Managed from Terraform"
7 | }
8 | ```
9 |
10 | #### variables.tf
11 | ```sh
12 | variable "sg_name" {}
13 | ```
14 |
15 | #### terraform.tfvars
16 | ```sh
17 | sg_name = "kplabs-firewall"
18 | ```
--------------------------------------------------------------------------------
/Section 5 - Remote State Management/terraform-multistate/ec2/backend.tf:
--------------------------------------------------------------------------------
1 |
2 | terraform {
3 | backend "s3" {
4 | bucket = "kplabs-remote-backend"
5 | key = "ec2demo.tfstate"
6 | region = "us-west-1"
7 | access_key = "AKIAJXBRJCPEBT4AUO6A"
8 | secret_key = "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"
9 | dynamodb_table = "s3-state-lock"
10 | }
11 | }
12 |
--------------------------------------------------------------------------------
/Section 6 - Security Primer/credentials.md:
--------------------------------------------------------------------------------
1 | ### eip.tf
2 | ```sh
3 | resource "aws_eip" "myeip" {
4 | vpc = "true"
5 | }
6 | ```
7 | ### providers.tf
8 |
9 | ```sh
10 | provider "aws" {
11 | region = "us-west-1"
12 | }
13 | ```
14 |
15 |
16 | ### Documentation for Installing AWS CLI
17 |
18 | https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html
19 |
20 |
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/eip.md:
--------------------------------------------------------------------------------
1 | ## Documentation Referred:
2 |
3 | https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip
4 |
5 | ### eip.tf
6 |
7 | ```sh
8 | resource "aws_eip" "lb" {
9 | domain = "vpc"
10 | }
11 | ```
12 |
13 | ### Commands Used:
14 | ```sh
15 | terraform apply -auto-approve
16 | terraform destroy -auto-approve
17 | ```
--------------------------------------------------------------------------------
/Section 4 - Terraform Modules & Workspaces/local-paths.md:
--------------------------------------------------------------------------------
1 | ### Documentation Referenced:
2 |
3 | https://developer.hashicorp.com/terraform/language/modules/sources
4 |
5 | ### Code used in Practical to Reference to EC2 Module from Teams A Folder
6 |
7 | ```sh
8 | module "ec2" {
9 | source = "../../modules/ec2"
10 | }
11 | ```
12 |
13 | ```sh
14 | terraform init
15 | terraform plan
16 | ```
--------------------------------------------------------------------------------
/Section 4 - Terraform Modules & Workspaces/module-outputs/projects/C/my-sg.tf:
--------------------------------------------------------------------------------
1 | module "sgmodule" {
2 | source = "../../modules/sg"
3 | }
4 |
5 | resource "aws_instance" "web" {
6 | ami = "ami-0ca285d4c2cda3300"
7 | instance_type = "t3.micro"
8 | vpc_security_group_ids = [module.sgmodule.sg_id]
9 | }
10 |
11 | output "sg_id_output" {
12 | value = module.sgmodule.sg_id
13 | }
14 |
--------------------------------------------------------------------------------
/Section 6 - Security Primer/dependency-lock.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_providers {
3 | aws = {
4 | source = "hashicorp/aws"
5 | version = "4.60"
6 | }
7 | }
8 | }
9 |
10 | # Configure the AWS Provider
11 | provider "aws" {
12 | region = "us-east-1"
13 | }
14 |
15 |
16 |
17 | resource "aws_instance" "web" {
18 | ami = ami-123
19 | instance_type = "t2.micro"
20 | }
21 |
22 |
23 |
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/data-source-format.md:
--------------------------------------------------------------------------------
1 | ## Documentation Referred:
2 |
3 | https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/instance
4 |
5 | ## data-source-format.tf
6 |
7 | ```sh
8 | provider "aws" {
9 | region = "us-east-1"
10 | }
11 |
12 | data "aws_instance" "example" {
13 | filter {
14 | name = "tag:Team"
15 | values = ["Production"]
16 | }
17 | }
18 | ```
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/variable-precedence.md:
--------------------------------------------------------------------------------
1 | ### Base Code
2 |
3 | ```sh
4 | resource "aws_instance" "myec2" {
5 | ami = "ami-0e670eb768a5fc3d4"
6 | instance_type = var.instance_type
7 | }
8 | ```
9 | ### variables.tf
10 | ```sh
11 | variable "instance_type" {
12 | default = "t2.micro"
13 | }
14 | ```
15 |
16 | Commands to remember:
17 | ```sh
18 | terraform plan -var="instance_type=m5.large"
19 | ```
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/id_rsa.pub:
--------------------------------------------------------------------------------
1 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8qO8KcNnKUm04ZC7H5s0WyJwpo/bxG/kJovGUqSz6ViEAhVxC9Tq/piJ9Kk9IUEOkfAjY8Yr5zn9ThRbOVJ4AEHTjSwIie7YMMLjN+OdTn8+cqnfh9RNN3633ixGVP9CpbiDiB7gMsZ78Q2ps/gcxQuuW1XSt8Y0jcgHL0KJQsjU0eS7vhGCjRQ9snrgJxYg+UYM8dOWINhbiVTQbydHGjcYUMZv6cWxZDQPyejObcFsmDY7UcD4ZnuzG/1VaSh+fXjNzqK6TjoY7ajH3F6WVW1Nbh6F/4hJipmT4Q5TxK51s28PCYveWZypc66PTw2D1WHerCXQbuSnMlqpwip/f root@46400bafe371
2 |
--------------------------------------------------------------------------------
/Section 5 - Remote State Management/state-locking.md:
--------------------------------------------------------------------------------
1 | ### Documentation Referenced:
2 |
3 | https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep.html
4 |
5 | ### Base File Used
6 |
7 | ```sh
8 | resource "time_sleep" "wait_100_seconds" {
9 | create_duration = "100s"
10 | }
11 | ```
12 |
13 | ```sh
14 | terraform init
15 |
16 | terraform apply -auto-approve
17 |
18 | terraform plan (from next terminal tab)
19 | ```
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/terraform-validate.md:
--------------------------------------------------------------------------------
1 | ```sh
2 | provider "aws" {
3 | region = "us-west-2"
4 | access_key = "YOUR-ACCESS-KEY"
5 | secret_key = "YOUR-SECRET-KEY"
6 | }
7 |
8 | resource "aws_instance" "myec2" {
9 | ami = "ami-082b5a644766e0e6f"
10 | instance_type = var.instancetype
11 | sky = "blue"
12 | }
13 | ```
14 |
15 | ### Command for Validating
16 |
17 | ```sh
18 | terraform validate
19 | ```
20 |
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/taint.md:
--------------------------------------------------------------------------------
1 |
2 | ### taint.tf
3 | ```sh
4 | provider "aws" {
5 | region = "us-east-1"
6 | access_key = "YOUR-ACCESS-KEY"
7 | secret_key = "YOUR-SECRET-KEY"
8 | }
9 |
10 | resource "aws_instance" "myec2" {
11 | ami = "ami-00c39f71452c08778"
12 | instance_type = "t2.micro"
13 | }
14 |
15 | ```
16 |
17 | ### Recreating the resource:
18 | ```sh
19 | terraform apply -replace="aws_instance.myec2"
20 | ```
21 |
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/challenge-count.md:
--------------------------------------------------------------------------------
1 |
2 |
3 | ### Base Example Used in Video:
4 | ```sh
5 | provider "aws" {
6 | region = "us-west-2"
7 | access_key = ""
8 | secret_key = ""
9 | }
10 |
11 | variable "iam_names" {
12 | type = list
13 | default = ["user-01","user-02","user-03"]
14 | }
15 |
16 | resource "aws_iam_user" "iam" {
17 | name = var.iam_names[count.index]
18 | count = 3
19 | path = "/system/"
20 | }
21 | ```
22 |
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/data-type-set.md:
--------------------------------------------------------------------------------
1 |
2 | ### Example 1 - List
3 |
4 | ```sh
5 | variable "my-list" {
6 | type = list
7 | default = ["hello","world","hello"]
8 | }
9 |
10 | output "mylist" {
11 | value = var.my-list
12 | }
13 | ```
14 |
15 | ### Example 2 - SET
16 | ```sh
17 | variable "my-set" {
18 | type = set(string)
19 | default = ["alice","bob","john"]
20 | }
21 |
22 | output "myset" {
23 | value = var.my-set
24 | }
25 | ```
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/map-data-type.md:
--------------------------------------------------------------------------------
1 | ### map-data-type.tf (Base Code)
2 | ```sh
3 | variable "my-map" {
4 | type = map
5 | }
6 |
7 | output "variable_value" {
8 | value = var.my-map
9 | }
10 | ```
11 | ### map-data-type.tf (Final Code)
12 |
13 | ```sh
14 | variable "my-map" {
15 | type = map
16 | default = {
17 | Name = "Alice"
18 | Team = "Payments"
19 | }
20 | }
21 |
22 | output "variable_value" {
23 | value = var.my-map
24 | }
25 | ```
26 |
--------------------------------------------------------------------------------
/Section 7 - Terraform Cloud & Enterprise Capabilities/terraform-cloud.md:
--------------------------------------------------------------------------------
1 | ## Documentation Referred:
2 |
3 | https://registry.terraform.io/providers/hashicorp/aws/latest/docs
4 |
5 |
6 | ### ec2.tf file
7 |
8 | ```sh
9 | resource "aws_instance" "myec2" {
10 | ami = "ami-00c39f71452c08778"
11 | instance_type = "t2.micro"
12 | }
13 | ```
14 | ### Environment Variables to Add in Terraform Cloud
15 | ```sh
16 | AWS_ACCESS_KEY_ID
17 | AWS_SECRET_ACCESS_KEY
18 | AWS_REGION
19 | ```
20 |
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/terraform-format.md:
--------------------------------------------------------------------------------
1 |
2 | ### test.fmt.tf
3 |
4 | ```sh
5 | provider "aws" {
6 | region = "us-west-2"
7 | access_key = "YOUR-ACCESS-KEY"
8 | secret_key = "YOUR-SECRET"
9 | version = ">=2.10,<=2.30"
10 | }
11 |
12 | resource "aws_instance" "myec2" {
13 | ami = "ami-082b5a644766e0e6f"
14 | instance_type = "t2.micro"
15 | }
16 | ```
17 |
18 | Command for Formatting
19 |
20 | ```sh
21 | terraform fmt
22 | ```
23 |
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/variable-assignment.md:
--------------------------------------------------------------------------------
1 |
2 | ### variable-assignment.tf
3 |
4 | ```sh
5 | resource "aws_instance" "myec2" {
6 | ami = "ami-0e670eb768a5fc3d4"
7 | instance_type = "t2.micro
8 | }
9 | ```
10 |
11 |
12 | ### CLI Commands
13 |
14 | ```sh
15 | terraform plan -var="instance_type=m5.large"
16 | ```
17 |
18 | ### Environment Variables in Windows
19 |
20 | Open the System Properties using following command:
21 |
22 | ```sh
23 | sysdm.cpl
24 | ```
25 |
--------------------------------------------------------------------------------
/Section 5 - Remote State Management/tf-import.md:
--------------------------------------------------------------------------------
1 |
2 | ### import.tf
3 |
4 | ```sh
5 | provider "aws" {
6 | region = "us-east-1"
7 | }
8 |
9 | import {
10 | to = aws_security_group.mysg
11 | id = "sg-07f13feb262ba8b6f"
12 | }
13 | ```
14 |
15 | ### Command To Autogenerate Code for Imported Resource
16 |
17 | ```sh
18 | terraform plan -generate-config-out=mysg.tf
19 | ```
20 |
21 | ### Command To Generate the Final State file
22 |
23 | ```sh
24 | terraform apply -auto-approve
25 | ```
26 |
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/splat-expression.md:
--------------------------------------------------------------------------------
1 | ## This snippet is from the Splat Expression Video.
2 |
3 | ### splat.tf
4 |
5 | ```sh
6 |
7 | provider "aws" {
8 | region = "us-west-2"
9 | access_key = "YOUR-ACCESS-KEY"
10 | secret_key = "YOUR-SECRET-KEY"
11 | }
12 | resource "aws_iam_user" "lb" {
13 | name = "iamuser.${count.index}"
14 | count = 3
15 | path = "/system/"
16 | }
17 |
18 | output "arns" {
19 | value = aws_iam_user.lb[*].arn
20 | }
21 | ```
22 |
23 |
--------------------------------------------------------------------------------
/Section 4 - Terraform Modules & Workspaces/module-sources.md:
--------------------------------------------------------------------------------
1 | ### Documentation Referred:
2 |
3 | https://developer.hashicorp.com/terraform/language/modules/sources
4 |
5 | ### Sample EC2 GitHub Repository Referred:
6 |
7 | https://github.com/zealvora/sample-kplabs-terraform-ec2-module
8 |
9 | ### Code Used In Video
10 |
11 | ```sh
12 | module "ec2" {
13 | source = "github.com/zealvora/sample-kplabs-terraform-ec2-module"
14 | }
15 | ```
16 |
17 | ```sh
18 | terraform init
19 | terraform plan
20 | ```
--------------------------------------------------------------------------------
/Section 5 - Remote State Management/backend.md:
--------------------------------------------------------------------------------
1 | ### Documentation Referenced:
2 |
3 | https://developer.hashicorp.com/terraform/language/backend
4 |
5 | https://developer.hashicorp.com/terraform/language/backend/local
6 |
7 | ### Base sg.tf file
8 | ```sh
9 | resource "aws_security_group" "prod" {
10 | name = "production-sg"
11 | }
12 | ```
13 |
14 | ### Adding Explicit Local Backend
15 | ```sh
16 | terraform {
17 | backend "local" {
18 | path = "prod.tfstate"
19 | }
20 | }
21 | ```
22 |
23 |
--------------------------------------------------------------------------------
/Section 1 - Deploying Infrastructure with Terraform/resource-providers.md:
--------------------------------------------------------------------------------
1 | ### first_ec2.tf
2 |
3 | ```sh
4 | provider "aws" {
5 | region = "us-east-1"
6 | access_key = "PUT-YOUR-ACCESS-KEY-HERE"
7 | secret_key = "PUT-YOUR-SECRET-KEY-HERE"
8 | }
9 |
10 | resource "aws_instance" "myec2" {
11 | ami = "ami-00c39f71452c08778"
12 | instance_type = "t2.micro"
13 | }
14 |
15 | resource "aws_instance" "myec2" {
16 | ami = "ami-123"
17 | instance_type = "t3.micro"
18 | }
19 |
20 | provider azurerm {}
21 | ```
22 |
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/plan-to-file.md:
--------------------------------------------------------------------------------
1 | ## This snippet is from the "Savings Terraform Plan To File" video.
2 |
3 | ### local_file.tf
4 |
5 | ```sh
6 | resource "local_file" "foo" {
7 | content = "Hello World"
8 | filename = "terraform.txt"
9 | }
10 | ```
11 |
12 | ### Commands Used:
13 | ```sh
14 | terraform plan -out=infra.plan
15 | terraform apply infra.plan
16 | ```
17 | ```sh
18 | terraform show infra.plan
19 | terraform show -json infra.plan
20 | ```
21 | ```sh
22 | terraform show -json infra.plan | jq
23 | ```
--------------------------------------------------------------------------------
/Section 6 - Security Primer/multiple-providers.md:
--------------------------------------------------------------------------------
1 | ### eip.tf
2 | ```sh
3 | resource "aws_eip" "myeip" {
4 | vpc = "true"
5 | }
6 |
7 | resource "aws_eip" "myeip01" {
8 | domain = "vpc"
9 | provider = "aws.aws02"
10 | }
11 | ```
12 |
13 | #### 1st EIP -- one region
14 | #### 2nd EIP -- second region
15 |
16 | ### providers.tf
17 | ```sh
18 | provider "aws" {
19 | region = "us-west-1"
20 | }
21 |
22 | provider "aws" {
23 | alias = "aws02"
24 | region = "ap-south-1"
25 | profile = "account02"
26 | }
27 | ```
28 |
29 |
30 |
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/tf-comments.tf:
--------------------------------------------------------------------------------
1 |
2 | # We are running Null Provisioner.
3 | // This is second type of comment.
4 |
5 | /*
6 | Line 1
7 | Line 2
8 | Line 3
9 | */
10 | resource "null_resource" "demo_run" {
11 |
12 | provisioner "local-exec" {
13 |
14 | command = "echo Null Provisioner has completed > sample.txt"
15 |
16 | }
17 | }
18 |
19 | /*
20 | resource "null_resource" "demo_run2" {
21 |
22 | provisioner "local-exec" {
23 |
24 | command = "echo Null Provisioner has completed > sample.txt"
25 |
26 | }
27 | }
28 | */
29 |
--------------------------------------------------------------------------------
/Section 3 - Terraform Provisioners/failure-behaviour.md:
--------------------------------------------------------------------------------
1 |
2 | ### Base Code
3 |
4 | ```sh
5 | resource "aws_iam_user" "lb" {
6 | name = "demo-provisioner-user"
7 |
8 | provisioner "local-exec" {
9 | command = "echo1 This is creation time provisioner"
10 | }
11 | }
12 | ```
13 |
14 | ### Final Code (on-failure to continue)
15 |
16 | ```sh
17 | resource "aws_iam_user" "lb" {
18 | name = "demo-provisioner-user"
19 |
20 | provisioner "local-exec" {
21 | command = "echo1 This is creation time provisioner"
22 | on_failure = continue
23 | }
24 | }
25 | ```
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/interpolation.tf:
--------------------------------------------------------------------------------
1 |
2 | provider "aws" {
3 | region = "us-west-2"
4 | access_key = "PUT-YOUR-ACCESS-KEY-HERE"
5 | secret_key = "PUT-YOUR-SECRET-KEY-HERE"
6 | }
7 |
8 | resource "aws_eip" "myeip" {
9 | domain = "vpc"
10 | }
11 |
12 | #18.12.30.50
13 |
14 | resource "aws_security_group" "allow_all" {
15 | name = "interpolation-demo"
16 |
17 |
18 | ingress {
19 | from_port = 0
20 | to_port = 0
21 | protocol = "-1"
22 | cidr_blocks = ["${aws_eip.myeip.public_ip}/32"]
23 | }
24 | }
25 |
--------------------------------------------------------------------------------
/Section 1 - Deploying Infrastructure with Terraform/example.tf:
--------------------------------------------------------------------------------
1 | data "aws_ami" "ubuntu" {
2 | most_recent = true
3 |
4 | filter {
5 | name = "name"
6 | values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"]
7 | }
8 |
9 | filter {
10 | name = "virtualization-type"
11 | values = ["hvm"]
12 | }
13 |
14 | owners = ["099720109477"] # Canonical
15 | }
16 |
17 | resource "aws_instance" "web" {
18 | ami = data.aws_ami.ubuntu.id
19 | instance_type = "t3.micro"
20 |
21 | tags = {
22 | Name = "HelloWorld"
23 | }
24 | }
25 |
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/resource-target.md:
--------------------------------------------------------------------------------
1 |
2 | ### Base Code Used
3 |
4 | ```sh
5 | resource "aws_iam_user" "this" {
6 | name = "test-aws-user"
7 | }
8 |
9 | resource "aws_security_group" "allow_tls" {
10 | name = "terraform-firewall"
11 | }
12 |
13 | resource "local_file" "foo" {
14 | content = "foo!"
15 | filename = "${path.module}/foo.txt"
16 | }
17 | ```
18 |
19 | ### Commands used
20 |
21 | ```sh
22 | terraform plan -target local_file.foo
23 | terraform apply -target local_file.foo
24 | terraform destroy -target local_file.foo
25 | ```
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/varsdemo.tf:
--------------------------------------------------------------------------------
1 | resource "aws_security_group" "var_demo" {
2 | name = "kplabs-variables"
3 |
4 | ingress {
5 | from_port = 443
6 | to_port = 443
7 | protocol = "tcp"
8 | cidr_blocks = [var.vpn_ip]
9 | }
10 |
11 | ingress {
12 | from_port = 80
13 | to_port = 80
14 | protocol = "tcp"
15 | cidr_blocks = [var.vpn_ip]
16 | }
17 |
18 | ingress {
19 | from_port = 53
20 | to_port = 53
21 | protocol = "tcp"
22 | cidr_blocks = [var.vpn_ip]
23 | }
24 | }
25 |
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/fetch-values-variables.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 | region = "us-west-2"
3 | access_key = "YOUR-KEY"
4 | secret_key = "YOUR-KEY"
5 | }
6 |
7 | resource "aws_instance" "myec2" {
8 | ami = "ami-082b5a644766e0e6f"
9 | instance_type = var.list[1]
10 | }
11 |
12 | variable "list" {
13 | type = list
14 | default = ["m5.large","m5.xlarge","t2.medium"]
15 | }
16 |
17 | variable "types" {
18 | type = map
19 | default = {
20 | us-east-1 = "t2.micro"
21 | us-west-2 = "t2.nano"
22 | ap-south-1 = "t2.small"
23 | }
24 | }
25 |
--------------------------------------------------------------------------------
/Section 4 - Terraform Modules & Workspaces/variables-custom-module.md:
--------------------------------------------------------------------------------
1 | ### Final Main Module Code
2 |
3 | ```sh
4 |
5 | provider "aws" {
6 | region = var.region
7 | }
8 |
9 | resource "aws_instance" "myec2" {
10 | ami = var.ami
11 | instance_type = var.instance_type
12 | }
13 |
14 |
15 | variable "ami" {}
16 | variable "instance_type" {}
17 | variable "region" {}
18 | ```
19 |
20 | ### Final Calling Module Code
21 |
22 | ```sh
23 | module "ec2" {
24 | source = "../../modules/ec2"
25 | instance_type = "t2.large"
26 | ami = "ami-123"
27 | region = "ap-south-1"
28 | }
29 | ```
--------------------------------------------------------------------------------
/Section 3 - Terraform Provisioners/local-exec.md:
--------------------------------------------------------------------------------
1 | Documentation Referenced:
2 |
3 | https://developer.hashicorp.com/terraform/language/resources/provisioners/local-exec
4 |
5 | ### Base Code:
6 | ```sh
7 | resource "aws_instance" "myec2" {
8 | ami = "ami-04e5276ebb8451442"
9 | instance_type = "t2.micro"
10 | }
11 | ```
12 |
13 | ### Final Code:
14 |
15 | ```sh
16 | resource "aws_instance" "myec2" {
17 | ami = "ami-04e5276ebb8451442"
18 | instance_type = "t2.micro"
19 |
20 | provisioner "local-exec" {
21 | command = "echo ${self.private_ip} >> server_ip.txt"
22 | }
23 | }
24 | ```
--------------------------------------------------------------------------------
/Section 3 - Terraform Provisioners/points-to-note.md:
--------------------------------------------------------------------------------
1 | ### Base Code
2 |
3 | ```sh
4 | resource "aws_iam_user" "lb" {
5 | name = "demoiamuser"
6 |
7 | provisioner "local-exec" {
8 | command = "echo local-exec provisioner is starting"
9 | }
10 | }
11 | ```
12 | ### Scenerio 2
13 |
14 | ```sh
15 | resource "aws_iam_user" "lb" {
16 | name = "demoiamuser"
17 |
18 | provisioner "local-exec" {
19 | command = "echo local-exec provisioner is starting"
20 | }
21 |
22 | provisioner "local-exec" {
23 | command = "echo local-exec provisioner is starting for 2nd time"
24 | }
25 | }
26 | ```
--------------------------------------------------------------------------------
/Section 1 - Deploying Infrastructure with Terraform/aws-provider-auth.md:
--------------------------------------------------------------------------------
1 | ### AWS Documentation Referenced:
2 |
3 | https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html
4 |
5 |
6 | ### aws-provider-config.tf
7 |
8 | ```sh
9 | provider "aws" {
10 | region = "us-east-1"
11 | }
12 |
13 | resource "aws_iam_user" "demouser" {
14 | name = "kplabs-demo-user"
15 | }
16 | ```
17 |
18 | ### CLI Commands Used:
19 | ```sh
20 | terraform apply -auto-approve
21 | terraform destroy -auto-approve
22 | ```
23 |
24 | ### AWS CLI commands Used:
25 | ```sh
26 | aws configure
27 | ```
28 |
--------------------------------------------------------------------------------
/Section 4 - Terraform Modules & Workspaces/ec2-module.md:
--------------------------------------------------------------------------------
1 | ### Documentation Referenced:
2 |
3 | https://registry.terraform.io/modules/terraform-aws-modules/ec2-instance/aws/latest
4 |
5 | ### Code Used:
6 |
7 | Change the `subnet_id` based on your environment.
8 |
9 | ```sh
10 | module "ec2-instance" {
11 | source = "terraform-aws-modules/ec2-instance/aws"
12 | version = "6.1.4"
13 | subnet_id = "subnet-03f8c90a72ead2e4d" (Change this value)
14 | }
15 | ```
16 |
17 | ### Commands used
18 |
19 | ```sh
20 | terraform init
21 | terraform apply -auto-approve
22 | terraform destroy -auto-approve
23 | ```
--------------------------------------------------------------------------------
/Section 1 - Deploying Infrastructure with Terraform/desired-current-state.md:
--------------------------------------------------------------------------------
1 | ### Base Code Used
2 |
3 | ```sh
4 | resource "aws_instance" "myec2" {
5 | ami = "ami-0fa3fe0fa7920f68e"
6 | instance_type = "t2.micro"
7 | }
8 | ```
9 |
10 | ### Commands Used
11 | ```sh
12 | terraform apply
13 | ```
14 |
15 | Manually modify instance type from t2.micro to t2.small.
16 |
17 | Verify if terraform shows changes between desired and current state.
18 |
19 | ```sh
20 | terraform plan
21 | ```
22 |
23 | Remove the contents of the ec2.tf file so that Desired state is empty.
24 | ```sh
25 | terraform apply
26 | ```
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/zipmap.md:
--------------------------------------------------------------------------------
1 | ```sh
2 | zipmap(["pineapple","oranges","strawberry"], ["yellow","orange","red"])
3 | ```
4 | ```sh
5 | provider "aws" {
6 | region = "us-west-2"
7 | access_key = "YOUR-ACCESS-KEY"
8 | secret_key = "YOUR-SECRET-KEY"
9 | }
10 |
11 | resource "aws_iam_user" "lb" {
12 | name = "demo-user.${count.index}"
13 | count = 3
14 | path = "/system/"
15 | }
16 |
17 | output "arns" {
18 | value = aws_iam_user.lb[*].arn
19 | }
20 |
21 |
22 | output "zipmap" {
23 | value = zipmap(aws_iam_user.lb[*].name, aws_iam_user.lb[*].arn)
24 | }
25 | ```
26 |
--------------------------------------------------------------------------------
/Section 7 - Terraform Cloud & Enterprise Capabilities/Readme.md:
--------------------------------------------------------------------------------
1 | # Domain - Terraform Cloud & Enterprise Capabilities
2 |
3 | The code mentioned in this document are used in the HashiCorp Certified Terraform Associate 2024 video course.
4 |
5 |
6 | # Video-Document Mapper
7 |
8 | | Sr No | Document Link |
9 | | ------ | ------ |
10 | | 1 | [HCP Terraform - Core Practical][PlDa] |
11 | | 2 | [Overview of Sentinel][PlDb] |
12 | | 3 | [Implementing Remote Backend Operations][PlDc] |
13 |
14 |
15 |
16 |
17 | [PlDa]: <./terraform-cloud.md>
18 | [PlDb]: <./sentinel.md>
19 | [PlDc]: <./remote-backend.md>
20 |
--------------------------------------------------------------------------------
/Section 4 - Terraform Modules & Workspaces/module-outputs/modules/sg/sg.tf:
--------------------------------------------------------------------------------
1 | resource "aws_security_group" "ec2-sg" {
2 | name = "myec2-sg"
3 |
4 | ingress {
5 | description = "Allow Inbound from Secret Application"
6 | from_port = 8433
7 | to_port = 8433
8 | protocol = "tcp"
9 | cidr_blocks = ["0.0.0.0/0"]
10 | }
11 |
12 | egress {
13 | from_port = 0
14 | to_port = 0
15 | protocol = "-1"
16 | cidr_blocks = ["0.0.0.0/0"]
17 | }
18 | }
19 |
20 | output "sg_id" {
21 | value = aws_security_group.ec2-sg.id
22 | }
23 |
--------------------------------------------------------------------------------
/Section 1 - Deploying Infrastructure with Terraform/provider-versioning.md:
--------------------------------------------------------------------------------
1 |
2 | ### Different Version Parameters used in video:
3 | ```sh
4 | version = "2.7"
5 | version = ">= 2.8"
6 | version = "<= 2.8"
7 | version = ">=2.10,<=2.30"
8 | ```
9 |
10 | ### Base Configuration - provider.versioning.tf
11 |
12 | ```sh
13 | provider "aws" {
14 | region = "us-west-2"
15 | access_key = "YOUR-ACCESS-KEY"
16 | secret_key = "YOUR-SECRET-KEY"
17 | version = ">=2.10,<=2.30"
18 | }
19 |
20 | resource "aws_instance" "myec2" {
21 | ami = "ami-082b5a644766e0e6f"
22 | instance_type = "t2.micro"
23 | }
24 | ```
25 |
--------------------------------------------------------------------------------
/Section 1 - Deploying Infrastructure with Terraform/resp01.md:
--------------------------------------------------------------------------------
1 | #### Documentation Referred:
2 |
3 | https://registry.terraform.io
4 |
5 | #### Azure Provider
6 |
7 | ```sh
8 | provider "azurerm" {}
9 | terraform init
10 | ```
11 |
12 | #### Digital Ocean Provider:
13 |
14 | https://registry.terraform.io/providers/digitalocean/digitalocean/latest/docs
15 |
16 | ```sh
17 | terraform {
18 | required_providers {
19 | digitalocean = {
20 | source = "digitalocean/digitalocean"
21 | version = "2.5.0"
22 | }
23 | }
24 | }
25 |
26 | provider "digitalocean" {}
27 | ```
28 | ```sh
29 | terraform init
30 | ```
31 |
--------------------------------------------------------------------------------
/Readme.md:
--------------------------------------------------------------------------------
1 | ## HashiCorp Certified Terraform: Associate
2 |
3 | This Git repository contains all the code files used throughout the HashiCorp Certified Terraform Associate course by Zeal Vora.
4 |
5 | We also have a new Discord community for any support related discussion as well as to connect to other students doing the same course. Feel free to join the community.
6 |
7 | ```sh
8 | https://kplabs.in/chat
9 | ```
10 |
11 | Welcome to the community again, and we look forward to seeing you certified! :)
12 |
13 |
14 | 
15 |
16 |
--------------------------------------------------------------------------------
/Section 1 - Deploying Infrastructure with Terraform/first-ec2.md:
--------------------------------------------------------------------------------
1 | ### Documentation Referred:
2 |
3 | https://registry.terraform.io/
4 |
5 | https://registry.terraform.io/providers/hashicorp/aws/latest/docs
6 |
7 | ### first_ec2.tf
8 |
9 | ```sh
10 | provider "aws" {
11 | region = "us-east-1"
12 | access_key = "PUT-YOUR-ACCESS-KEY-HERE"
13 | secret_key = "PUT-YOUR-SECRET-KEY-HERE"
14 | }
15 |
16 | resource "aws_instance" "myec2" {
17 | ami = "ami-00c39f71452c08778"
18 | instance_type = "t2.micro"
19 | }
20 | ```
21 |
22 | ### Commands:
23 |
24 | ```sh
25 | terraform init
26 | terraform plan
27 | terraform apply
28 | ```
29 |
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/debugging.md:
--------------------------------------------------------------------------------
1 | ## This snippet is from the Debugging Terraform video.
2 |
3 | ```sh
4 | export TF_LOG_PATH=/tmp/crash.log
5 | export TF_LOG=TRACE
6 | ```
7 |
8 | ### Base Code Used (tf-logs.tf)
9 |
10 | ```sh
11 | resource "local_file" "foo" {
12 | content = "foo!"
13 | filename = "${path.module}/foo.txt"
14 | }
15 | ```
16 |
17 | ### Set ENV Variable in Windows
18 | ```sh
19 | set TF_LOG=INFO
20 | set TF_LOG=TRACE
21 |
22 | set TF_LOG_PATH=terraform.txt
23 | ```
24 |
25 | ### Set ENV Variable in Linux / macOS
26 |
27 | ```sh
28 | export TF_LOG=INFO
29 | export TF_LOG=TRACE
30 |
31 | export TF_LOG_PATH=terraform.txt
32 | ```
33 |
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/attributes.md:
--------------------------------------------------------------------------------
1 | ## Documentation Referred:
2 |
3 | https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip
4 |
5 | https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance
6 |
7 | ### attributes.tf
8 |
9 | ```sh
10 | provider "aws"{
11 | region = "us-east-1"
12 | }
13 |
14 | resource "aws_eip" "lb" {
15 | domain = "vpc"
16 | }
17 |
18 | resource "aws_instance" "web" {
19 | ami = "ami-0440d3b780d96b29d"
20 | instance_type = "t2.micro"
21 | }
22 | ```
23 | ### Commands Used:
24 | ```sh
25 | terraform apply -auto-approve
26 | terraform destroy -auto-approve
27 | ```
28 |
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/list-data-type.md:
--------------------------------------------------------------------------------
1 | ## Documentation Referred:
2 |
3 | https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance
4 |
5 |
6 | ### list-data-type.md (Base Code)
7 |
8 | ```sh
9 | variable "my-list" {
10 | type = list
11 | }
12 |
13 | output "variable_value" {
14 | value = var.my-list
15 | }
16 | ```
17 | ### EC2 example
18 | ```sh
19 | resource "aws_instance" "web" {
20 | ami = "ami-123"
21 | instance_type = "t3.micro"
22 | vpc_security_group_ids = ["sg-1234"]
23 | }
24 | ```
25 |
26 | ### List Data Type with Restriction of Numbers
27 | ```sh
28 | variable "my-list" {
29 | type = list(number)
30 | }
31 | ```
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/settings.md:
--------------------------------------------------------------------------------
1 |
2 | ### Documentation Referenced:
3 |
4 | https://registry.terraform.io/providers/hashicorp/aws/latest
5 |
6 | https://developer.hashicorp.com/terraform/language/settings
7 |
8 | #### Base Code Used
9 |
10 | ```sh
11 | resource "aws_security_group" "sg_01" {
12 | name = "app_firewall"
13 | }
14 | ```
15 |
16 | ### Final Code Used
17 |
18 | ```sh
19 | terraform {
20 | required_version = "1.9.1"
21 |
22 | required_providers {
23 | aws = {
24 | version = "5.54.1"
25 | source = "hashicorp/aws"
26 | }
27 | }
28 | }
29 |
30 | resource "aws_security_group" "sg_01" {
31 | name = "app_firewall"
32 | }
33 |
34 | ```
--------------------------------------------------------------------------------
/Section 5 - Remote State Management/s3-backend.md:
--------------------------------------------------------------------------------
1 | ### Documentation Referenced:
2 |
3 | https://developer.hashicorp.com/terraform/language/backend/s3
4 |
5 | ### Base File (sg.tf)
6 | ```sh
7 | resource "aws_security_group" "prod" {
8 | name = "production-sg"
9 | }
10 | ```
11 | ### Backend File Configuration (backend.tf)
12 | > [!IMPORTANT]
13 | > Make sure to change the S3 bucket name.
14 | ```sh
15 | terraform {
16 | backend "s3" {
17 | bucket = "kplabs-demo-bucket-007"
18 | key = "production.tfstate"
19 | region = "us-east-1"
20 | use_lockfile = "true"
21 | }
22 | }
23 | ```
24 |
25 | ### Commands Used
26 | ```sh
27 | terraform init
28 |
29 | terraform apply -auto-approve
30 | ```
--------------------------------------------------------------------------------
/Section 6 - Security Primer/Readme.md:
--------------------------------------------------------------------------------
1 | # Domain - Security Primer
2 |
3 | The code mentioned in this document are used in the HashiCorp Certified Terraform Associate 2024 video course.
4 |
5 |
6 | # Video-Document Mapper
7 |
8 | | Sr No | Document Link |
9 | | ------ | ------ |
10 | | 1 | [Multiple Provider Configuration][PlDa] |
11 | | 2 | [Sensitive Parameter][PlDb] |
12 | | 3 |[Security Challenges in Commiting TFState to GIT][PlDc] |
13 | | 4 |[Terraform and Vault Integration][PlDd] |
14 | | 5 |[Dependency Lock File][PlDe] |
15 |
16 |
17 |
18 | [PlDa]: <./multi-provider.md>
19 | [PlDb]: <./sensitive.md>
20 | [PlDc]: <./tfstate-git.md>
21 | [PlDd]: <./vault.tf>
22 | [PlDe]: <./dependency-lock.tf>
23 |
--------------------------------------------------------------------------------
/Section 1 - Deploying Infrastructure with Terraform/provider-tiers.md:
--------------------------------------------------------------------------------
1 |
2 | ### Digital Ocean Provider (Partner Tier)
3 |
4 | https://registry.terraform.io/providers/digitalocean/digitalocean/latest/docs
5 |
6 |
7 | ### first_ec2.tf
8 |
9 |
10 | ```sh
11 | provider "aws" {
12 | region = "us-east-1"
13 | access_key = "PUT-YOUR-ACCESS-KEY-HERE"
14 | secret_key = "PUT-YOUR-SECRET-KEY-HERE"
15 | }
16 |
17 | resource "aws_instance" "myec2" {
18 | ami = "ami-00c39f71452c08778"
19 | instance_type = "t2.micro"
20 | }
21 |
22 | terraform {
23 | required_providers {
24 | digitalocean = {
25 | source = "digitalocean/digitalocean"
26 | version = "~> 2.0"
27 | }
28 | }
29 | }
30 |
31 | ```
32 |
--------------------------------------------------------------------------------
/Section 7 - Terraform Cloud & Enterprise Capabilities/sentinel.md:
--------------------------------------------------------------------------------
1 | ## Documentation Referred:
2 |
3 | https://www.terraform.io/cloud-docs/sentinel/examples
4 |
5 | ### Sentinel Policy
6 |
7 | ```sh
8 | import "tfplan"
9 |
10 | main = rule {
11 | all tfplan.resources.aws_instance as _, instances {
12 | all instances as _, r {
13 | (length(r.applied.tags) else 0) > 0
14 | }
15 | }
16 | }
17 | ```
18 |
19 | ### EC2 Instance with Tags Code:
20 |
21 | ```sh
22 | provider "aws" {
23 | region = "us-west-2"
24 | }
25 |
26 | resource "aws_instance" "myec2" {
27 | ami = "ami-082b5a644766e0e6f"
28 | instance_type = "t2.micro"
29 |
30 | tags = {
31 | Name = "HelloWorld"
32 | }
33 | }
34 | ```
35 |
--------------------------------------------------------------------------------
/Section 1 - Deploying Infrastructure with Terraform/github.md:
--------------------------------------------------------------------------------
1 |
2 | #### GitHub Provider Terraform:
3 |
4 | https://registry.terraform.io/providers/integrations/github/latest/docs
5 |
6 | Code Used:
7 |
8 | ```sh
9 |
10 | terraform {
11 | required_providers {
12 | github = {
13 | source = "integrations/github"
14 | version = "~> 5.0"
15 | }
16 | }
17 | }
18 |
19 | provider "github" {
20 | token = "your-token-here"
21 | }
22 |
23 | resource "github_repository" "example" {
24 | name = "example"
25 | description = "My awesome codebase"
26 |
27 | visibility = "public"
28 |
29 | }
30 | ```
31 | #### Initialize and Apply:
32 | ```sh
33 | terraform init
34 | terraform plan
35 | terraform apply
36 | ```
37 |
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/conditional.md:
--------------------------------------------------------------------------------
1 | ## This snippet is from the Conditional Expression Video.
2 |
3 | ### conditional.tf
4 |
5 | ```sh
6 |
7 | provider "aws" {
8 | region = "us-west-2"
9 | access_key = "YOUR-ACCESS-KEY"
10 | secret_key = "YOUR-SECRET-KEY"
11 | }
12 |
13 | variable "istest" {}
14 |
15 | resource "aws_instance" "dev" {
16 | ami = "ami-082b5a644766e0e6f"
17 | instance_type = "t2.micro"
18 | count = var.istest == true ? 3 : 0
19 | }
20 |
21 | resource "aws_instance" "prod" {
22 | ami = "ami-082b5a644766e0e6f"
23 | instance_type = "t2.large"
24 | count = var.istest == false ? 1 : 0
25 | }
26 | ```
27 |
28 | ### terraform.tfvars
29 |
30 | ```sh
31 | istest = false
32 | ```
33 |
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/implicit.md:
--------------------------------------------------------------------------------
1 | ### Base Code Used:
2 |
3 | ```sh
4 | resource "aws_instance" "example" {
5 | ami = "ami-0e449927258d45bc4"
6 | instance_type = "t2.micro"
7 | }
8 |
9 | resource "aws_security_group" "prod" {
10 | name = "production-sg"
11 | }
12 | ```
13 |
14 | ### Final Code
15 |
16 | ```sh
17 | resource "aws_instance" "example" {
18 | ami = "ami-0e449927258d45bc4"
19 | instance_type = "t2.micro"
20 | vpc_security_group_ids = [aws_security_group.prod.id]
21 | }
22 |
23 | resource "aws_security_group" "prod" {
24 | name = "production-sg"
25 | }
26 | ```
27 |
28 | ```sh
29 | terraform apply -auto-approve
30 |
31 | terraform destroy -auto-approve
32 | ```
--------------------------------------------------------------------------------
/Section 3 - Terraform Provisioners/Readme.md:
--------------------------------------------------------------------------------
1 | # Domain - Terraform Provisioners
2 |
3 | The code mentioned in this document are used in the HashiCorp Certified Terraform Associate 2024 video course.
4 |
5 |
6 | # Video-Document Mapper
7 |
8 | | Sr No | Document Link |
9 | | ------ | ------ |
10 | | 1 | [Practical - local-exec Provisioner][PlDa] |
11 | | 2 | [Practical - remote-exec Provisioner][PlDb] |
12 | | 3 | [Points to Note - Provisioners][PlDc] |
13 | | 3 | [Creation-Time and Destroy-Time Provisioners][PlDd] |
14 | | 4 | [Failure Behavior for Provisioners][PlDe] |
15 |
16 | [PlDa]: <./local-exec.md>
17 | [PlDb]: <./remote-exec.md>
18 | [PlDc]: <./points-to-note.md>
19 | [PlDd]: <./create-destroy-time-provisioner.md>
20 | [PlDe]: <./failure-behaviour.md>
21 |
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/create-before-destroy.md:
--------------------------------------------------------------------------------
1 | ### create-before-destroy.tf (Base Code)
2 | ```sh
3 | provider "aws" {
4 | region = "us-east-1"
5 | }
6 |
7 | resource "aws_instance" "myec2" {
8 | ami = "ami-0f34c5ae932e6f0e4"
9 | instance_type = "t2.micro"
10 |
11 | tags = {
12 | Name = "HelloEarth"
13 | }
14 | }
15 | ```
16 | ### create-before-destroy.tf (Final Code)
17 | ```sh
18 | provider "aws" {
19 | region = "us-east-1"
20 | }
21 |
22 | resource "aws_instance" "myec2" {
23 | ami = "ami-0f34c5ae932e6f0e4"
24 | instance_type = "t2.micro"
25 |
26 | tags = {
27 | Name = "HelloEarth"
28 | }
29 |
30 | lifecycle {
31 | create_before_destroy = true
32 | }
33 | }
34 | ```
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/meta-argument.md:
--------------------------------------------------------------------------------
1 |
2 | ### lifecycle-meta-argument.tf (Base Code)
3 | ```sh
4 | provider "aws" {
5 | region = "us-east-1"
6 | }
7 |
8 | resource "aws_instance" "myec2" {
9 | ami = "ami-0f34c5ae932e6f0e4"
10 | instance_type = "t2.micro"
11 |
12 | tags = {
13 | Name = "HelloEarth"
14 | }
15 | }
16 | ```
17 | ### lifecycle-meta-argument.tf (Final Code)
18 | ```sh
19 | provider "aws" {
20 | region = "us-east-1"
21 | }
22 |
23 | resource "aws_instance" "myec2" {
24 | ami = "ami-0f34c5ae932e6f0e4"
25 | instance_type = "t2.micro"
26 |
27 | tags = {
28 | Name = "HelloEarth"
29 | }
30 |
31 | lifecycle {
32 | ignore_changes = [tags]
33 | }
34 | }
35 | ```
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/tfvars.md:
--------------------------------------------------------------------------------
1 |
2 | ## Base Code
3 |
4 | ### variable-definition-file.tf
5 |
6 | ```sh
7 | resource "aws_instance" "myec2" {
8 | ami = "ami-0e670eb768a5fc3d4"
9 | instance_type = "t2.micro"
10 | }
11 | ```
12 |
13 | ## Final Code
14 |
15 | ### variable-definition-file.tf
16 |
17 | ```sh
18 | resource "aws_instance" "myec2" {
19 | ami = var.ami
20 | instance_type = "t2.micro"
21 | }
22 | ```
23 |
24 | ### variables.tf
25 |
26 | ```sh
27 | variable "ami" {}
28 | ```
29 |
30 | ### terraform.tfvars
31 |
32 | ```sh
33 | ami = "ami-0e670eb768a5fc3d4"
34 | ```
35 |
36 | ## Commands Used in Video
37 | ```sh
38 | terraform plan
39 | terraform apply
40 | terraform plan -var-file="prod.tfvars"
41 | ```
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/output-values.md:
--------------------------------------------------------------------------------
1 | ### output-values.tf
2 |
3 | ```sh
4 | provider "aws" {
5 | region = "us-east-1"
6 | }
7 |
8 | resource "aws_eip" "lb" {
9 | domain = "vpc"
10 | }
11 |
12 | output "public-ip" {
13 | value = aws_eip.lb.public_ip
14 | }
15 | ```
16 |
17 | ### Output Values Customization Shown in The Video:
18 |
19 | ```sh
20 | output "public-ip" {
21 | value = aws_eip.lb.public_ip
22 | }
23 | ```
24 |
25 | ```sh
26 | output "public-ip" {
27 | value = "https://${aws_eip.lb.public_ip}:8080"
28 | }
29 | ```
30 |
31 | ```sh
32 | output "public-ip" {
33 | value = aws_eip.lb
34 | }
35 | ```
36 |
37 | ### CLI Commands used:
38 | ```sh
39 | terraform apply -auto-approve
40 | terraform destroy -auto-approve
41 | ```
42 |
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/prevent-destroy.md:
--------------------------------------------------------------------------------
1 |
2 | ### prevent-destroy.tf (Base Code)
3 |
4 | ```sh
5 | provider "aws" {
6 | region = "us-east-1"
7 | }
8 |
9 | resource "aws_instance" "myec2" {
10 | ami = "ami-0f34c5ae932e6f0e4"
11 | instance_type = "t2.micro"
12 |
13 | tags = {
14 | Name = "HelloEarth"
15 | }
16 | }
17 | ```
18 |
19 | ### prevent-destroy.tf (Final Code)
20 |
21 | ```sh
22 | provider "aws" {
23 | region = "us-east-1"
24 | }
25 |
26 | resource "aws_instance" "myec2" {
27 | ami = "ami-0f34c5ae932e6f0e4"
28 | instance_type = "t2.micro"
29 |
30 | tags = {
31 | Name = "HelloEarth"
32 | }
33 |
34 | lifecycle {
35 | prevent_destroy = true
36 | }
37 | }
38 | ```
39 |
40 |
--------------------------------------------------------------------------------
/Section 5 - Remote State Management/demofile.md:
--------------------------------------------------------------------------------
1 |
2 | ## Documentation Referred:
3 |
4 | https://www.terraform.io/docs/modules/sources.html#github
5 |
6 | ## GIT Sources used during demo:
7 |
8 | ### Example 1: Generic GIT Repository:
9 |
10 | ```sh
11 | module "demomodule" {
12 | source = "git::https://github.com/zealvora/tmp-repo.git"
13 | }
14 | ```
15 |
16 | ### Example 2: Generic GIT Repository with Specific branch:
17 | ```sh
18 | module "demomodule" {
19 | source = "git::https://github.com/zealvora/tmp-repo.git?ref=development"
20 | }
21 | ```
22 |
23 | ### Example 3: GitHub Source:
24 | ```sh
25 | module "demomodule" {
26 | source = "github.com/zealvora/tmp-repo"
27 | }
28 | ```
29 |
30 | ### Initialization Command:
31 | ```sh
32 | terraform init
33 | ```
34 |
--------------------------------------------------------------------------------
/Section 6 - Security Primer/tfstate-git.md:
--------------------------------------------------------------------------------
1 | ### RDS Configuration File
2 | ```sh
3 | provider "aws" {
4 | region = "us-east-1"
5 | access_key = "YOUR-KEY"
6 | secret_key = "YOUR-KEY"
7 |
8 |
9 | resource "aws_db_instance" "default" {
10 | allocated_storage = 5
11 | storage_type = "gp2"
12 | engine = "mysql"
13 | engine_version = "5.7"
14 | instance_class = "db.t2.micro"
15 | name = "mydb"
16 | username = "foo"
17 | password = file("../rds_pass.txt")
18 | parameter_group_name = "default.mysql5.7"
19 | skip_final_snapshot = "true"
20 | }
21 | ```
22 | ### rds_pass.txt
23 |
24 | Please store this file outside of the folder of rds.tf
25 | ```sh
26 | mysecretpassword505
27 | ```
28 |
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/data-types.md:
--------------------------------------------------------------------------------
1 |
2 | ## Documentation Referred:
3 |
4 | https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance
5 |
6 | ## data-types.tf
7 |
8 | ### Base Code used in Video
9 |
10 | ```sh
11 | resource "aws_iam_user" "lb" {
12 | name = "loadbalancer"
13 | }
14 | ```
15 |
16 | ### Final Code with Data Type Restriction for Variable
17 |
18 | ```sh
19 | variable "username {
20 | type = number
21 | }
22 | resource "aws_iam_user" "lb" {
23 | name = var.username
24 | }
25 | ```
26 |
27 | ### EC2 Instance Code Example
28 |
29 | ```sh
30 | resource "aws_instance" "web" {
31 | ami = "ami-0c101f26f147fa7fd"
32 | instance_type = "t3.micro"
33 | vpc_security_group_ids = ["sg-06dc77ed59c310f03"]
34 | }
35 | ```
36 |
--------------------------------------------------------------------------------
/Section 4 - Terraform Modules & Workspaces/terraform-registry.md:
--------------------------------------------------------------------------------
1 | ### Terraform Registry URL:
2 |
3 | https://registry.terraform.io/
4 |
5 | ### Demo Code used in Video:
6 |
7 | ```sh
8 | provider "aws" {
9 | region = "us-west-2"
10 | access_key = "YOUR-ACCESS-KEY"
11 | secret_key = "YOUR-SECRET-KEY"
12 | }
13 |
14 | module "ec2_cluster" {
15 | source = "terraform-aws-modules/ec2-instance/aws"
16 | version = "~> 2.0"
17 |
18 | name = "my-cluster"
19 | instance_count = 1
20 |
21 | ami = "ami-0d6621c01e8c2de2c"
22 | instance_type = "t2.micro"
23 | subnet_id = "subnet-4dbfb206"
24 |
25 | tags = {
26 | Terraform = "true"
27 | Environment = "dev"
28 | }
29 | }
30 | ```
31 |
--------------------------------------------------------------------------------
/Section 4 - Terraform Modules & Workspaces/kplabs-workspace.md:
--------------------------------------------------------------------------------
1 | ### Terraform Workspace commands:
2 | ```sh
3 | terraform workspace
4 | terraform workspace show
5 | terraform workspace new dev
6 | terraform workspace new prod
7 | terraform workspace list
8 | terraform workspace select dev
9 | ```
10 |
11 | ### Base Code
12 | ```sh
13 |
14 | resource "aws_instance" "myec2" {
15 | ami = "ami-08a0d1e16fc3f61ea"
16 | instance_type = "t2.micro"
17 | }
18 | ```
19 |
20 | ### Final Code
21 | ```sh
22 | locals {
23 | instance_type = {
24 | default = "t2.nano"
25 | dev = "t2.micro"
26 | prod = "m5.large"
27 | }
28 | }
29 |
30 | resource "aws_instance" "myec2" {
31 | ami = "ami-08a0d1e16fc3f61ea"
32 | instance_type = local.instance_type[terraform.workspace]
33 | }
34 | ```
35 |
36 |
37 |
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/fetch-ami-data-source-practical.md:
--------------------------------------------------------------------------------
1 | ## Documentation Referred:
2 |
3 | https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami
4 |
5 | ### Base Code used:
6 |
7 | ```sh
8 | resource "aws_instance" "web" {
9 | ami = ""
10 | instance_type = "t2.micro"
11 | }
12 | ```
13 |
14 | ### Final Code:
15 |
16 | ```sh
17 | provider "aws" {
18 | region = "ap-south-1"
19 | }
20 |
21 | data "aws_ami" "myimage" {
22 | most_recent = true
23 | owners = ["amazon"]
24 |
25 | filter {
26 | name = "name"
27 | values = ["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*"]
28 | }
29 | }
30 |
31 | resource "aws_instance" "web" {
32 | ami = data.aws_ami.myimage.image_id
33 | instance_type = "t2.micro"
34 | }
35 | ```
36 |
--------------------------------------------------------------------------------
/Section 7 - Terraform Cloud & Enterprise Capabilities/remote-backend.md:
--------------------------------------------------------------------------------
1 | ### Documentation Referred:
2 |
3 | https://www.terraform.io/language/settings/backends/remote
4 |
5 | ### remote-backend.tf
6 | ```sh
7 | terraform {
8 | cloud {
9 | organization = "mykplabs-org"
10 |
11 | workspaces {
12 | name = "remote-operation"
13 | }
14 | }
15 | }
16 | ```
17 |
18 | ### iam.tf
19 |
20 | ```sh
21 | provider "aws" {
22 | region = "us-west-2"
23 | access_key = "YOUR-ACCESS-KEY"
24 | secret_key = "YOUR-SECRET-KEY"
25 | }
26 |
27 | resource "aws_iam_user" "lb" {
28 | name = "loadbalancer"
29 | path = "/system/"
30 | }
31 | ```
32 |
33 | ### CLI Commands used
34 | ```sh
35 | terraform login
36 | terraform init
37 | terraform plan
38 | terraform apply -auto-approve
39 | terraform destroy -auto-approve
40 | ```
41 |
--------------------------------------------------------------------------------
/Section 3 - Terraform Provisioners/create-destroy-time-provisioner.md:
--------------------------------------------------------------------------------
1 |
2 | ### create-destroy-time-provisioner.tf (Base Code)
3 |
4 | ```sh
5 | resource "aws_iam_user" "lb" {
6 | name = "provisioner-user"
7 |
8 | provisioner "local-exec" {
9 | command = "echo This is creation time provisioner"
10 | }
11 |
12 | provisioner "local-exec" {
13 | command = "echo This is destroy time provisioner"
14 | when = destroy
15 | }
16 | }
17 | ```
18 |
19 | ### Simulating failure to see Tainting of Resource
20 |
21 | ```sh
22 | resource "aws_iam_user" "lb" {
23 | name = "provisioner-user"
24 |
25 | provisioner "local-exec" {
26 | command = "This is creation time provisioner"
27 | }
28 |
29 | provisioner "local-exec" {
30 | command = "echo This is destroy time provisioner"
31 | when = destroy
32 | }
33 | }
34 | ```
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/challenge-functions.md:
--------------------------------------------------------------------------------
1 | ### Base Challenge Code
2 |
3 | ```sh
4 | provider "aws" {
5 | region = var.region
6 | }
7 |
8 | variable "region" {
9 | default = "us-east-1"
10 | }
11 |
12 | variable "tags" {
13 | type = list
14 | default = ["firstec2","secondec2"]
15 | }
16 |
17 | variable "ami" {
18 | type = map
19 | default = {
20 | "us-east-1" = "ami-08a0d1e16fc3f61ea"
21 | "us-west-2" = "ami-0b20a6f09484773af"
22 | "ap-south-1" = "ami-0e1d06225679bc1c5"
23 | }
24 | }
25 |
26 |
27 | resource "aws_instance" "app-dev" {
28 | ami = lookup(var.ami,var.region)
29 | instance_type = "t2.micro"
30 | count = length(var.tags)
31 |
32 | tags = {
33 | Name = element(var.tags,count.index)
34 | CreationDate = formatdate("DD MMM YYYY hh:mm ZZZ",timestamp())
35 | }
36 | }
37 | ```
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/resource-dependency.md:
--------------------------------------------------------------------------------
1 |
2 | ### Base Code Used in Video
3 |
4 | > [!IMPORTANT]
5 | > Make sure to change S3 bucket name as it needs to be unique across all AWS Accounts.
6 |
7 |
8 | ```sh
9 | resource "aws_instance" "example" {
10 | ami = "ami-0e449927258d45bc4"
11 | instance_type = "t2.micro"
12 | }
13 |
14 | resource "aws_s3_bucket" "example" {
15 | bucket = "kplabs-demo-s3-007"
16 | }
17 | ```
18 |
19 |
20 | ### Final Code
21 | ```sh
22 | resource "aws_instance" "example" {
23 | ami = "ami-0e449927258d45bc4"
24 | instance_type = "t2.micro"
25 | depends_on = [aws_s3_bucket.example]
26 | }
27 |
28 | resource "aws_s3_bucket" "example" {
29 | bucket = "kplabs-demo-s3-007"
30 | }
31 | ```
32 | ```sh
33 | terraform apply -auto-approve
34 |
35 | terraform destroy -auto-approve
36 | ```
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/env-variable-assignment.md:
--------------------------------------------------------------------------------
1 | ### Documentation Referred for Installaling Terraform in Linux
2 |
3 | https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli
4 |
5 | ### List all ENV Variables
6 |
7 | ```sh
8 | printenv```
9 |
10 | ### Base Code Used
11 | ```sh
12 | nano demo.tf
13 | ```
14 | ```sh
15 | provider "aws" {
16 | region = "us-west-2"
17 | access_key = "my-access-key"
18 | secret_key = "my-secret-key"
19 | }
20 |
21 | variable "instance_type" {}
22 |
23 | resource "aws_instance" "myec2" {
24 | ami = "ami-0e670eb768a5fc3d4"
25 | instance_type = var.instance_type
26 | }
27 | ```
28 |
29 | ### Creating ENV Variable in Linux
30 | ```sh
31 | export TF_VAR_instance_type=m5.large
32 | ```
33 | ### Verify ENV Variable
34 | ```sh
35 | echo $TF_VAR_instance_type
36 | ```
37 |
38 |
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/for_each.md:
--------------------------------------------------------------------------------
1 | ### Documentation Referenced:
2 |
3 | https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance
4 |
5 |
6 | ### Example 1 - for_each with SET
7 |
8 | ```sh
9 | variable "user_names" {
10 | type = set(string)
11 | default = ["alice","bob","john","james"]
12 | }
13 |
14 | resource "aws_iam_user" "this" {
15 | for_each = var.user_names
16 | name = each.value
17 | }
18 | ```
19 |
20 | ### Example 2 - for_each with MAP
21 |
22 | ```sh
23 | variable "my-map" {
24 | default = {
25 | key = "value"
26 | key1 = "value1"
27 | }
28 | }
29 |
30 | resource "aws_instance" "web" {
31 | for_each = var.my-map
32 | ami = each.value
33 | instance_type = "t3.micro"
34 |
35 | tags = {
36 | Name = each.key
37 | }
38 | }
39 | ```
40 |
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/reference.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 | region = "us-west-2"
3 | access_key = "PUT-YOUR-ACCESS-KEY-HERE"
4 | secret_key = "PUT-YOUR-SECRET-KEY-HERE"
5 | }
6 |
7 |
8 |
9 | resource "aws_instance" "myec2" {
10 | ami = "ami-082b5a644766e0e6f"
11 | instance_type = "t2.micro"
12 | }
13 |
14 | resource "aws_eip" "lb" {
15 | domain = "vpc"
16 | }
17 |
18 | resource "aws_eip_association" "eip_assoc" {
19 | instance_id = aws_instance.myec2.id
20 | allocation_id = aws_eip.lb.id
21 | }
22 |
23 |
24 | resource "aws_security_group" "allow_tls" {
25 | name = "kplabs-security-group"
26 |
27 | ingress {
28 | from_port = 443
29 | to_port = 443
30 | protocol = "tcp"
31 | cidr_blocks = ["${aws_eip.lb.public_ip}/32"]
32 |
33 | # cidr_blocks = [aws_eip.lb.public_ip/32]
34 | }
35 | }
36 |
--------------------------------------------------------------------------------
/Section 4 - Terraform Modules & Workspaces/provider-custom-module.md:
--------------------------------------------------------------------------------
1 | ### Documentation Referenced:
2 |
3 | https://developer.hashicorp.com/terraform/language/providers/requirements
4 |
5 | https://registry.terraform.io/providers/hashicorp/aws/latest/docs
6 |
7 | ### Final Main Module Code:
8 |
9 | ```sh
10 | terraform {
11 | required_providers {
12 | aws = {
13 | source = "hashicorp/aws"
14 | version = ">= 5.50"
15 | }
16 | }
17 | }
18 |
19 | resource "aws_instance" "myec2" {
20 | ami = var.ami
21 | instance_type = var.instance_type
22 | }
23 |
24 |
25 | variable "ami" {}
26 | variable "instance_type" {}
27 | ```
28 |
29 | ### Final Calling Module Code
30 | ```sh
31 | provider "aws" {
32 | region = "ap-south-1"
33 | }
34 |
35 | module "ec2" {
36 | source = "../../modules/ec2"
37 | instance_type = "t2.large"
38 | ami = "ami-123"
39 | }
40 | ```
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/cross-reference-attributes.md:
--------------------------------------------------------------------------------
1 | ### Documentation Referred:
2 |
3 | https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip
4 |
5 | https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance
6 |
7 |
8 | ### cross-reference-attributes.tf
9 |
10 | ```sh
11 | resource "aws_eip" "lb" {
12 | domain = "vpc"
13 | }
14 |
15 | resource "aws_security_group" "example" {
16 | name = "attribute-sg"
17 | }
18 |
19 | resource "aws_vpc_security_group_ingress_rule" "example" {
20 | security_group_id = aws_security_group.example.id
21 |
22 | cidr_ipv4 = "${aws_eip.lb.public_ip}/32"
23 | from_port = 443
24 | ip_protocol = "tcp"
25 | to_port = 443
26 | }
27 | ```
28 |
29 | ### Commands Used:
30 | ```sh
31 | terraform apply -auto-approve
32 | terraform destroy -auto-approve
33 | ```
34 |
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/doc-code-changes.md:
--------------------------------------------------------------------------------
1 | ### Documentation Referred:
2 |
3 | https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group
4 |
5 | ### old-approach-firewall.tf
6 |
7 | ```sh
8 |
9 | provider "aws" {
10 | region = "us-east-1"
11 | }
12 |
13 | resource "aws_security_group" "old_approach" {
14 | name = "allow_tls"
15 | description = "Allow TLS inbound traffic"
16 |
17 |
18 | ingress {
19 | description = "TLS from VPC"
20 | from_port = 443
21 | to_port = 443
22 | protocol = "tcp"
23 | cidr_blocks = ["10.77.32.50/32"]
24 | }
25 |
26 | egress {
27 | from_port = 0
28 | to_port = 0
29 | protocol = "-1"
30 | cidr_blocks = ["0.0.0.0/0"]
31 | ipv6_cidr_blocks = ["::/0"]
32 | }
33 |
34 | }
35 | ```
36 |
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/solution-functions.md:
--------------------------------------------------------------------------------
1 |
2 | ###
3 |
4 | This file contains the output that we had added as part of test.tf after analyzing each function
5 |
6 | ```sh
7 | {
8 | a="ay"
9 | b="bee"
10 | }
11 | ```
12 | ```sh
13 | lookup({"us-east-1" = "ami-08a0d1e16fc3f61ea","us-west-2" = "ami-0b20a6f09484773af","ap-south-1" = "ami-0e1d06225679bc1c5"},"us-east-1")
14 | ```
15 | ```sh
16 | resource "aws_instance" "app-dev" {
17 | ami = "ami-08a0d1e16fc3f61ea"
18 | instance_type = "t2.micro"
19 | count = 2
20 |
21 | tags = {
22 | Name = element(var.tags,count.index)
23 | CreationDate = "17 Jun 2024 17:51 UTC"
24 | }
25 | }
26 | ```
27 | ```sh
28 | length(["firstec2","secondec2"])
29 | ```
30 | ```sh
31 | element(["firstec2","secondec2"],1)
32 | ```
33 |
34 | ```sh
35 | formatdate("DD MMM YYYY hh:mm ZZZ", "2024-06-17T17:51:34Z")
36 | ```
--------------------------------------------------------------------------------
/Section 4 - Terraform Modules & Workspaces/module-multi-provider.md:
--------------------------------------------------------------------------------
1 |
2 | ### Module of Network - Child Module
3 |
4 | Path: `modules/network/sg.tf`
5 |
6 | ```sh
7 | terraform {
8 | required_providers {
9 | aws = {
10 | source = "hashicorp/aws"
11 | version = "~> 5.0"
12 | configuration_aliases = [ aws.prod ]
13 | }
14 | }
15 | }
16 |
17 | resource "aws_security_group" "dev" {
18 | name = "dev-sg"
19 | }
20 |
21 | resource "aws_security_group" "prod" {
22 | name = "prod-sg"
23 | provider = aws.prod
24 | }
25 | ```
26 |
27 |
28 | ### Root Module - main.tf
29 |
30 | ```sh
31 | provider "aws" {
32 | region = "us-east-1"
33 | }
34 |
35 | provider "aws" {
36 | alias = "mumbai"
37 | region = "ap-south-1"
38 | }
39 |
40 | module "sg" {
41 | source = "./modules/network"
42 | providers = {
43 | aws.prod = aws.mumbai
44 | }
45 | }
46 | ```
--------------------------------------------------------------------------------
/Section 6 - Security Primer/multi-provider.md:
--------------------------------------------------------------------------------
1 |
2 | ### Base Code (multi-provider-config.tf)
3 |
4 | ```sh
5 |
6 | provider "aws" {
7 | region = "ap-southeast-1"
8 | }
9 |
10 | resource "aws_security_group" "allow_tls" {
11 | name = "prod_firewall"
12 | provider = aws.usa
13 | }
14 |
15 | resource "aws_security_group" "allow_tls" {
16 | name = "staging_firewall"
17 | provider = aws.mumbai
18 | }
19 | ```
20 |
21 | ### Final Code
22 |
23 | ```sh
24 | provider "aws" {
25 | region = "ap-southeast-1"
26 | }
27 |
28 | provider "aws" {
29 | alias = "mumbai"
30 | region = "ap-south-1"
31 | }
32 |
33 | provider "aws" {
34 | alias = "usa"
35 | region = "us-east-1"
36 | }
37 |
38 | resource "aws_security_group" "sg_1" {
39 | name = "prod_firewall"
40 | provider = aws.usa
41 | }
42 |
43 | resource "aws_security_group" "sg_2" {
44 | name = "staging_firewall"
45 | provider = aws.mumbai
46 | }
47 | ```
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/firewall.md:
--------------------------------------------------------------------------------
1 | ### Documentation Referred:
2 |
3 | https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group
4 |
5 |
6 | ### firewall.tf
7 |
8 | ```sh
9 |
10 | provider "aws" {
11 | region = "us-east-1"
12 | }
13 |
14 | resource "aws_security_group" "allow_tls" {
15 | name = "terraform-firewall"
16 | description = "Managed from Terraform"
17 | }
18 |
19 | resource "aws_vpc_security_group_ingress_rule" "allow_tls_ipv6" {
20 | security_group_id = aws_security_group.allow_tls.id
21 | cidr_ipv4 = "0.0.0.0/0"
22 | from_port = 80
23 | ip_protocol = "tcp"
24 | to_port = 80
25 | }
26 |
27 | resource "aws_vpc_security_group_egress_rule" "allow_all_traffic_ipv4" {
28 | security_group_id = aws_security_group.allow_tls.id
29 | cidr_ipv4 = "0.0.0.0/0"
30 | ip_protocol = "-1" # semantically equivalent to all ports
31 | }
32 | ```
33 |
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/terraform-providers.md:
--------------------------------------------------------------------------------
1 | ## This snippet is from the "Type of Providers" video.
2 |
3 | ### Provider Documentation
4 |
5 | https://www.terraform.io/docs/providers/index.html
6 |
7 | ### aws.tf
8 |
9 | ```sh
10 | provider "aws" {
11 | version = "~> 2.0"
12 | region = "us-east-1"
13 | }
14 | ```
15 |
16 | ### wavefront.tf
17 | ```sh
18 | provider "wavefront" {
19 | address = "spaceape.wavefront.com"
20 | }
21 | ```
22 | ### Downloading the Wavefront provider plugin
23 |
24 | ```sh
25 | wget https://github.com/spaceapegames/terraform-provider-wavefront/releases/download/v2.1.1/terraform-provi
26 | der-wavefront_v2.1.1_darwin_amd64
27 | ```
28 |
29 | ### Creating Plugin Directory and moving provider plugin
30 |
31 | ```sh
32 | mkdir ~/terraform.d/plugins
33 | mv terraform-provider-wavefront_v2.1.1_darwin_amd64 terraform-provider-wavefront_v2.1.1
34 | mv terraform-provider-wavefront_v2.1.1 ~/.terraform.d/plugins/
35 | ```
36 |
--------------------------------------------------------------------------------
/Section 5 - Remote State Management/Readme.md:
--------------------------------------------------------------------------------
1 | # Domain - Remote State Management
2 |
3 | The code mentioned in this document are used in the HashiCorp Certified Terraform Associate 2024 video course.
4 |
5 |
6 | ### Video-Document Mapper
7 |
8 |
9 | | Sr No | Document Link |
10 | | ------ | ------ |
11 | | 1 | [Git for Team Collaboration][PlDa] |
12 | | 2 | [Security Risks of Storing Terraform State File in Git][PlDb] |
13 | | 3 | [Terraform Backends][PlDc] |
14 | | 4 | [State Locking][PlDd] |
15 | | 5 | [S3 Backend][PlDe] |
16 | | 6 | [Terraform State Management][PlDf] | |
17 | | 7 | [Remote State Data Source Practical][PlDg]
18 | | 8 | [Terraform Import Practical][PlDh]
19 |
20 |
21 | [PlDa]: <./team-collaboration.md>
22 | [PlDb]: <./risks-state-file-git.md>
23 | [PlDc]: <./backend.md>
24 | [PlDd]: <./state-locking.md>
25 | [PlDe]: <./s3-backend.md>
26 | [PlDf]: <./state-management.md>
27 | [PlDg]: <./remote-state-data-source.md>
28 | [PlDh]: <./tf-import.md>
29 |
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/object.md:
--------------------------------------------------------------------------------
1 | ### Base Code Used
2 | ```sh
3 | variable "my-map" {
4 | type = map
5 | }
6 |
7 | output "variable_value" {
8 | value = var.my-map
9 | }
10 | ```
11 | Test Cases:
12 | ```sh
13 | {"Name"="Zeal", "Age"="32"}
14 | {"Name"="Zeal", "Age"="32","Location"="India"}
15 | ```
16 |
17 | ### Map That allows numbers only
18 |
19 | ```sh
20 | variable "my-map" {
21 | type = map(number)
22 | }
23 |
24 | output "variable_value" {
25 | value = var.my-map
26 | }
27 | ```
28 | Test Cases:
29 | ```sh
30 | {"Name"="Zeal", "Age"="32","Location"="India"}
31 | {"Name"="12", "Age"="32","Location"="45"}
32 | ```
33 |
34 |
35 | ### Object Data Type Example
36 |
37 | ```sh
38 | variable "my-object" {
39 | type = object({Name = string, userID = number})
40 | }
41 |
42 | output "variable_value" {
43 | value = var.my-object
44 | }
45 | ```
46 |
47 | Test cases
48 |
49 | ```sh
50 | {"Name"="Zeal", "userID"=1234}
51 | {"Name"="Zeal", "userID"="hello"}
52 |
53 | ```
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/state-management.md:
--------------------------------------------------------------------------------
1 | ## This snippet is from the Terraform State Management video.
2 |
3 | ## state-management.tf
4 | ```sh
5 | provider "aws" {
6 | region = "us-west-2"
7 | access_key = "YOUR-ACCESS-KEY"
8 | secret_key = "YOUR-SECRET-KEY"
9 | }
10 |
11 | resource "aws_instance" "myec2" {
12 | ami = "ami-082b5a644766e0e6f"
13 | instance_type = "t2.micro"
14 | }
15 |
16 | resource "aws_iam_user" "lb" {
17 | name = "loadbalancer"
18 | path = "/system/"
19 | }
20 |
21 | terraform {
22 | backend "s3" {
23 | bucket = "kplabs-remote-backends"
24 | key = "demo.tfstate"
25 | region = "us-east-1"
26 | access_key = "YOUR-ACCESS-KEY"
27 | secret_key = "YOUR-SECRET-KEY"
28 | }
29 | }
30 | ```
31 |
32 | ## Commands used for State Management
33 |
34 | ```sh
35 | terraform state list
36 | terraform state mv aws_instance.webapp aws_instance.myec2
37 | terraform state pull
38 | terraform state rm aws_instance.myec2
39 | ```
40 |
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/count-index.md:
--------------------------------------------------------------------------------
1 |
2 | ### Base Code Used:
3 | ```sh
4 | resource "aws_instance" "myec2" {
5 | ami = "ami-00c39f71452c08778"
6 | instance_type = "t2.micro"
7 | count = 3
8 |
9 | tags = {
10 | Name = "payments-system"
11 | }
12 | }
13 |
14 | resource "aws_iam_user" "this" {
15 | name = "payments-user"
16 | count = 3
17 | }
18 | ```
19 |
20 | ### Final Code Used
21 | ```sh
22 | resource "aws_instance" "myec2" {
23 | ami = "ami-00c39f71452c08778"
24 | instance_type = "t2.micro"
25 | count = 3
26 |
27 | tags = {
28 | Name = "payments-system-${count.index}"
29 | }
30 | }
31 |
32 | resource "aws_iam_user" "this" {
33 | name = "payments-user-${count.index}"
34 | count = 3
35 | }
36 |
37 | variable "users" {
38 | type = list
39 | default = ["alice", "bob", "johncorner","james","mrA"]
40 | }
41 | ```
42 | ```sh
43 | resource "aws_iam_user" "that" {
44 | name = var.users[count.index]
45 | count = 3
46 | }
47 | ```
48 |
--------------------------------------------------------------------------------
/Section 3 - Terraform Provisioners/remote-exec.md:
--------------------------------------------------------------------------------
1 | ### Documentation Referenced:
2 |
3 | https://www.terraform.io/language/resources/provisioners/remote-exec
4 |
5 | https://www.terraform.io/language/resources/provisioners/connection
6 |
7 | https://www.terraform.io/language/functions/file
8 |
9 | ### Base Code:
10 | ```sh
11 | resource "aws_instance" "myec2" {
12 | ami = "ami-04e5276ebb8451442"
13 | instance_type = "t2.micro"
14 | }
15 | ```
16 |
17 | ### Final Code:
18 |
19 | ```sh
20 | resource "aws_instance" "myec2" {
21 | ami = "ami-04e5276ebb8451442"
22 | instance_type = "t2.micro"
23 | key_name = "terraform-key"
24 | vpc_security_group_ids = ["sg-0edf854d7112cfbf4"]
25 |
26 | connection {
27 | type = "ssh"
28 | user = "ec2-user"
29 | private_key = file("./terraform-key.pem")
30 | host = self.public_ip
31 | }
32 |
33 | provisioner "remote-exec" {
34 | inline = [
35 | "sudo yum -y install nginx",
36 | "sudo systemctl start nginx",
37 | ]
38 | }
39 | }
40 | ```
41 |
--------------------------------------------------------------------------------
/Section 4 - Terraform Modules & Workspaces/module-locals/modules/sg/sg.tf:
--------------------------------------------------------------------------------
1 | resource "aws_security_group" "ec2-sg" {
2 | name = "myec2-sg"
3 |
4 | ingress {
5 | description = "Allow Inbound from Secret Application"
6 | from_port = 8433
7 | to_port = 8433
8 | protocol = "tcp"
9 | cidr_blocks = ["0.0.0.0/0"]
10 | }
11 |
12 | egress {
13 | from_port = 0
14 | to_port = 0
15 | protocol = "-1"
16 | cidr_blocks = ["0.0.0.0/0"]
17 | }
18 | }
19 |
20 |
21 | resource "aws_security_group" "elb-sg" {
22 | name = "myelb-sg"
23 |
24 |
25 | ingress {
26 | description = "Allow Inbound from Secret Application"
27 | from_port = 8433
28 | to_port = 8433
29 | protocol = "tcp"
30 | cidr_blocks = ["0.0.0.0/0"]
31 | }
32 |
33 | egress {
34 | from_port = 0
35 | to_port = 0
36 | protocol = "-1"
37 | cidr_blocks = ["0.0.0.0/0"]
38 | }
39 | }
40 |
--------------------------------------------------------------------------------
/Section 3 - Terraform Provisioners/null.md:
--------------------------------------------------------------------------------
1 | ### null-example-1.tf:
2 | ```sh
3 | provider "aws" {
4 | region = "ap-southeast-1"
5 | access_key = "YOUR-KEY"
6 | secret_key = "YOUR-KEY"
7 | }
8 |
9 | resource "aws_eip" "lb" {
10 | vpc = true
11 | depends_on = [null_resource.health_check]
12 | }
13 |
14 |
15 | resource "null_resource" "health_check" {
16 |
17 | provisioner "local-exec" {
18 |
19 | command = "curl https://google.com"
20 | }
21 | }
22 | ```
23 |
24 | ### null-example-2.tf:
25 |
26 | ```sh
27 | provider "aws" {
28 | region = "ap-southeast-1"
29 | access_key = "YOUR-KEY"
30 | secret_key = "YOUR-KEY"
31 | }
32 |
33 | resource "aws_eip" "lb" {
34 | vpc = true
35 | count = 0
36 | }
37 |
38 |
39 | resource "null_resource" "ip_check" {
40 |
41 | triggers = {
42 | latest_ips = join(",", aws_eip.lb[*].public_ip)
43 | }
44 |
45 | provisioner "local-exec" {
46 |
47 | command = "echo Latest IPs are ${null_resource.ip_check.triggers.latest_ips} > sample.txt"
48 |
49 | }
50 | }
51 | ```
52 |
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/local-values.md:
--------------------------------------------------------------------------------
1 | ### Documentation Referred:
2 |
3 | https://developer.hashicorp.com/terraform/language/functions/formatdate
4 |
5 | ### Base Code of local-values.tf
6 |
7 | ```sh
8 | resource "aws_security_group" "sg_01" {
9 | name = "app_firewall"
10 | tags = {
11 | Name = "security-team"
12 | }
13 | }
14 |
15 | resource "aws_security_group" "sg_02" {
16 | name = "db_firewall"
17 | tags = {
18 | Name = "security-team"
19 | }
20 | }
21 |
22 | ```
23 |
24 | ### Final Code
25 |
26 | ```sh
27 | variable "tags" {
28 | type = map
29 | default = {
30 | Team = "security-team"
31 | }
32 | }
33 |
34 | locals {
35 | default = {
36 | Team = "security-teams"
37 | CreationDate = "date-${formatdate("DDMMYYYY",timestamp())}"
38 | }
39 | }
40 |
41 | resource "aws_security_group" "sg_01" {
42 | name = "app_firewall"
43 | tags = local.default
44 | }
45 |
46 | resource "aws_security_group" "sg_02" {
47 | name = "db_firewall"
48 | tags = local.default
49 | }
50 | ```
51 |
52 |
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/graph.md:
--------------------------------------------------------------------------------
1 | ## Documents and Websites Referenced
2 |
3 | 1. HashiCorp Documentation Related to GraphViz
4 |
5 | https://developer.hashicorp.com/terraform/cli/commands/graph
6 |
7 | 2. Onliner Website to create Visualization
8 |
9 | https://dreampuf.github.io/GraphvizOnline/
10 |
11 | ### sample-file.tf
12 | ```sh
13 | resource "aws_eip" "lb" {
14 | domain = "vpc"
15 | }
16 |
17 | resource "aws_security_group" "example" {
18 | name = "attribute-sg"
19 | }
20 |
21 | resource "aws_vpc_security_group_ingress_rule" "example" {
22 | security_group_id = aws_security_group.example.id
23 |
24 | cidr_ipv4 = "${aws_eip.lb.public_ip}/32"
25 | from_port = 443
26 | ip_protocol = "tcp"
27 | to_port = 443
28 | }
29 |
30 | resource "aws_instance" "web" {
31 | ami = "ami-0440d3b780d96b29d"
32 | instance_type = "t2.micro"
33 | }
34 | ```
35 |
36 | ### Commands Used:
37 | ```sh
38 | terraform graph
39 | apt install graphviz
40 | terraform graph | dot -Tsvg > graph.svg
41 | ```
42 |
43 |
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/data-sources.md:
--------------------------------------------------------------------------------
1 | ## Documentation Referred:
2 |
3 | https://registry.terraform.io/providers/digitalocean/digitalocean/latest/docs/data-sources/account
4 |
5 | https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance
6 |
7 | https://registry.terraform.io/providers/hashicorp/local/latest/docs/data-sources/file
8 |
9 | ## Code Used In Video:
10 |
11 | ### data-source-01.tf
12 | ```sh
13 | terraform {
14 | required_providers {
15 | digitalocean = {
16 | source = "digitalocean/digitalocean"
17 | }
18 | }
19 | }
20 |
21 | provider "digitalocean" {
22 | token = "your-token-here"
23 | }
24 |
25 | data "digitalocean_account" "example" {}
26 | ```
27 |
28 |
29 | ### data-source-02.tf
30 | ```sh
31 | data "local_file" "foo" {
32 | filename = "${path.module}/demo.txt"
33 | }
34 | ```
35 | ```sh
36 | output "data" {
37 | value = data.local_file.foo.content
38 | }
39 | ```
40 | ### data-source-03.tf
41 | ```sh
42 | provider "aws" {
43 | region = "us-east-1"
44 | }
45 |
46 | data "aws_instances" "example" {}
47 | ```
--------------------------------------------------------------------------------
/Section 4 - Terraform Modules & Workspaces/module-outputs.md:
--------------------------------------------------------------------------------
1 | ## Documentation Referenced:
2 |
3 | https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip
4 |
5 | ### Base Code of Child Module
6 | ```sh
7 | resource "aws_instance" "myec2" {
8 | ami = "ami-08a0d1e16fc3f61ea"
9 | instance_type = "t2.micro"
10 | }
11 | ```
12 | ### Base Code of ROOT Module
13 | ```sh
14 | provider "aws" {
15 | region = "us-east-1"
16 | }
17 |
18 | module "ec2" {
19 | source = "../../modules/ec2"
20 | }
21 |
22 | resource "aws_eip" "this" {
23 | domain = "vpc"
24 | }
25 | ```
26 |
27 | ### Final Code of Child Module
28 | ```sh
29 | resource "aws_instance" "myec2" {
30 | ami = "ami-08a0d1e16fc3f61ea"
31 | instance_type = "t2.micro"
32 | }
33 |
34 | output "instance_id" {
35 | value = aws_instance.myec2.id
36 | }
37 |
38 | ```
39 |
40 | ### Final Code of Root Module
41 | ```sh
42 | provider "aws" {
43 | region = "us-east-1"
44 | }
45 |
46 | module "ec2" {
47 | source = "../../modules/ec2"
48 | }
49 |
50 | resource "aws_eip" "this" {
51 | domain = "vpc"
52 | instance = module.ec2.instance_id
53 | }
54 | ```
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/ignore-changes.md:
--------------------------------------------------------------------------------
1 |
2 | ### ignore-changes.tf (Base Code)
3 |
4 | ```sh
5 | provider "aws" {
6 | region = "us-east-1"
7 | }
8 |
9 | resource "aws_instance" "myec2" {
10 | ami = "ami-0f34c5ae932e6f0e4"
11 | instance_type = "t2.micro"
12 |
13 | tags = {
14 | Name = "HelloEarth"
15 | }
16 | }
17 | ```
18 | ### ignore-changes.tf (Manual Added Attribute List)
19 |
20 | ```sh
21 | provider "aws" {
22 | region = "us-east-1"
23 | }
24 |
25 | resource "aws_instance" "myec2" {
26 | ami = "ami-0f34c5ae932e6f0e4"
27 | instance_type = "t2.micro"
28 |
29 | tags = {
30 | Name = "HelloWorld"
31 | }
32 |
33 | lifecycle {
34 | ignore_changes = [tags,instance_type]
35 | }
36 |
37 | }
38 | ```
39 |
40 |
41 | ### ignore-changes.tf (Using ALL)
42 |
43 | ```sh
44 | provider "aws" {
45 | region = "us-east-1"
46 | }
47 |
48 | resource "aws_instance" "myec2" {
49 | ami = "ami-0f34c5ae932e6f0e4"
50 | instance_type = "t2.micro"
51 |
52 | tags = {
53 | Name = "HelloWorld"
54 | }
55 |
56 | lifecycle {
57 | ignore_changes = all
58 | }
59 |
60 | }
61 | ```
--------------------------------------------------------------------------------
/Section 4 - Terraform Modules & Workspaces/Readme.md:
--------------------------------------------------------------------------------
1 | # Domain - Terraform Module & Workspaces
2 |
3 | The code mentioned in this document is used in the HashiCorp Certified Terraform Associate 2024 video course.
4 |
5 |
6 | ### Video-Document Mapper
7 |
8 | | Sr No | Document Link |
9 | | ------ | ------ |
10 | | 1 | [Creating EC2 instance using Modules][PlDa] |
11 | | 2 | [Creating Custom Module for EC2][PlDb] |
12 | | 3 | [Module Sources - Calling a Module][PlDc] |
13 | | 4 | [Using Local Paths to Call Custom Module][PlDd] |
14 | | 5 | [Converting Hardcoded Values to Variables in Custom Module][PlDe] |
15 | | 6 | [Improvements in Provider Configuration in Custom Module][PlDf] |
16 | | 7 | [Module Outputs][PlDg] |
17 | | 8 | [Multiple Provider Configuration in Modules][PlDh] |
18 | | 9 | [Implementing Terraform Workspace][PlDi] |
19 |
20 |
21 |
22 | [PlDa]: <./ec2-module.md>
23 | [PlDb]: <./creating-module.md>
24 | [PlDc]: <./module-sources.md>
25 | [PlDd]: <./local-paths.md>
26 | [PlDe]: <./variables-custom-module.md>
27 | [PlDf]: <./provider-custom-module.md>
28 | [PlDg]: <./module-outputs.md>
29 | [PlDh]: <./module-multi-provider.md>
30 | [PlDi]: <./kplabs-workspace.md>
31 |
--------------------------------------------------------------------------------
/Section 4 - Terraform Modules & Workspaces/note-points-modules.md:
--------------------------------------------------------------------------------
1 | ### Documentation Referenced:
2 |
3 | #### EC2 Instance Module Page
4 |
5 | https://registry.terraform.io/modules/terraform-aws-modules/ec2-instance/aws/latest
6 |
7 | #### EKS Module Page
8 |
9 | https://registry.terraform.io/modules/terraform-aws-modules/eks/aws/latest
10 |
11 | #### IAM Module Page
12 |
13 | https://registry.terraform.io/modules/terraform-aws-modules/iam/aws/latest
14 |
15 | ### Code Used
16 |
17 | #### EC2 Instance Module
18 |
19 | ```sh
20 | module "ec2-instance" {
21 | source = "terraform-aws-modules/ec2-instance/aws"
22 | version = "5.6.1"
23 | }
24 | ```
25 |
26 | #### EKS Instance Module
27 |
28 | ```sh
29 | module "eks" {
30 | source = "terraform-aws-modules/eks/aws"
31 | version = "20.11.1"
32 | }
33 | ```
34 |
35 | #### EKS Module Final Code
36 |
37 | ```sh
38 | module "eks" {
39 | source = "terraform-aws-modules/eks/aws"
40 | version = "20.11.1"
41 | subnet_ids = ["subnet-021e7b87db88e184a","subnet-039fe8d9eeb59eb60"]
42 | cluster_name = "test"
43 | }
44 | ```
45 |
46 |
47 | #### IAM Instance Module
48 |
49 | ```sh
50 | module "iam" {
51 | source = "terraform-aws-modules/iam/aws"
52 | version = "5.39.1"
53 | }
54 | ```
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/load-order.md:
--------------------------------------------------------------------------------
1 |
2 | ### ec2.tf
3 |
4 | ```sh
5 | resource "aws_instance" "myec2" {
6 | ami = "ami-082b5a644766e0e6f"
7 | instance_type = "t2.micro"
8 | }
9 |
10 | resource "aws_instance" "newec2" {
11 | ami = "ami-082b5a644766e0e6f"
12 | instance_type = "t2.micro"
13 | }
14 | ```
15 |
16 | ### iam_user.tf
17 |
18 | ```sh
19 | resource "aws_iam_user" "lb" {
20 | name = var.iam_user
21 | path = "/system/"
22 | }
23 | ```
24 |
25 | ### provider.tf
26 |
27 | ```sh
28 | provider "aws" {
29 | region = "us-west-2"
30 | access_key = "YOUR-ACCESS-KEY"
31 | secret_key = "YOUR-SECRET-KEY"
32 | }
33 | ```
34 |
35 | ### semantics.tf
36 |
37 | ```sh
38 | provider "aws" {
39 | region = "us-west-2"
40 | access_key = "YOUR-ACCESS-KEY"
41 | secret_key = "YOUR-SECRET-KEY"
42 | }
43 |
44 | variable "iam_user" {
45 | default = "demouser"
46 | }
47 |
48 | resource "aws_instance" "myec2" {
49 | ami = "ami-082b5a644766e0e6f"
50 | instance_type = "t2.micro"
51 | }
52 |
53 | resource "aws_iam_user" "lb" {
54 | name = var.iam_user
55 | path = "/system/"
56 | }
57 | ```
58 |
59 | ### variables.tf
60 |
61 | ```sh
62 | variable "iam_user" {
63 | default = "demouser"
64 | }
65 | ```
66 |
--------------------------------------------------------------------------------
/Section 1 - Deploying Infrastructure with Terraform/Readme.md:
--------------------------------------------------------------------------------
1 | # Domain - Deploying Infrastructure with Terraform
2 |
3 | The code mentioned in this document are used in the HashiCorp Certified Terraform Associate 2024 video course.
4 |
5 |
6 | # Video-Document Mapper
7 |
8 | | Sr No | Document Link |
9 | | ------ | ------ |
10 | | 1 | [Launch First Virtual Machine through Terraform][PlDa] |
11 | | 2 | [Resource and Providers][PlDb] |
12 | | 3 | [Provider Tiers][PlDc] |
13 | | 4 | [Create GitHub Repository through Terraform][PlDd] |
14 | | 5 | [Terraform Destroy][PlDe] |
15 | | 6 | [AWS Provider - Authentication Configuration][PlDf] |
16 | | 7 | [Overview of Terraform State File][PlDg] |
17 | | 8 | [Desired State vs Current State][PlDh] |
18 | | 9 | [More Clarity - Desired State vs Current State][PlDi] |
19 | | 10 | [Terraform Refresh][PlDj] |
20 | | 11 | [Terraform Provider Versioning][PlDk] |
21 |
22 |
23 | [PlDa]: <./first-ec2.md>
24 | [PlDb]: <./resource-providers.md>
25 | [PlDc]: <./provider-tiers.md>
26 | [PlDd]: <./github.md>
27 | [PlDe]: <./destroy.md>
28 | [PlDf]: <./aws-provider-auth.md>
29 | [PlDg]: <./state-file.md>
30 | [PlDh]: <./desired-current-state.md>
31 | [PlDi]: <./clarity-state-file.md>
32 | [PlDj]: <./refresh.tf>
33 | [PlDk]: <./provider-versioning.md>
34 |
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/approach-to-variable-assignment.md:
--------------------------------------------------------------------------------
1 |
2 |
3 | ### Base Terraform Configuration (Before any modification)
4 | ```sh
5 | provider "aws" {
6 | region = "us-west-2"
7 | access_key = "YOUR-ACCESS-KEY"
8 | secret_key = "YOUR-SECRET-KEY"
9 | }
10 |
11 | resource "aws_instance" "myec2" {
12 | ami = "ami-082b5a644766e0e6f"
13 | instance_type = "t2.micro"
14 | }
15 | ```
16 | ### Final Modified Terraform Configuration:
17 | ```sh
18 | provider "aws" {
19 | region = "us-west-2"
20 | access_key = "YOUR-ACCESS-KEY"
21 | secret_key = "YOUR-SECRET-KEY"
22 | }
23 |
24 | resource "aws_instance" "myec2" {
25 | ami = "ami-082b5a644766e0e6f"
26 | instance_type = var.instancetype
27 | }
28 | ```
29 | ### variables.tf
30 |
31 | ```sh
32 | variable "instancetype" {
33 | default = "t2.micro"
34 | }
35 | ```
36 | ### terraform.tfvars
37 |
38 | ```sh
39 | instancetype="t2.large"
40 | ```
41 | ## Loading Variable Values from CLI
42 | ```sh
43 | terraform plan -var="instancetype=t2.small"
44 | ```
45 | ### Loading from custom tfvars file
46 | ```sh
47 | terraform plan -var-file="custom.tfvars"
48 | ```
49 |
50 | ### Windows Specific Commands
51 | ```sh
52 | setx TF_VAR_instancetype m5.large
53 | echo %TF_VAR_instancetype
54 | ```
55 |
56 | ### Linux / MAC specific commands
57 |
58 | ```sh
59 | export TF_VAR_instancetype=t2.nano
60 | echo TF_VAR_instancetype
61 | ```
62 |
63 |
64 |
--------------------------------------------------------------------------------
/Section 5 - Remote State Management/risks-state-file-git.md:
--------------------------------------------------------------------------------
1 |
2 | ### 1 - Base Code for Creating RDS in AWS
3 |
4 | ```sh
5 | resource "aws_db_instance" "default" {
6 | allocated_storage = 10
7 | db_name = "mydb"
8 | engine = "mysql"
9 | engine_version = "8.0"
10 | instance_class = "db.t3.micro"
11 | username = "foo"
12 | password = "foobarbaz#321"
13 | parameter_group_name = "default.mysql8.0"
14 | skip_final_snapshot = true
15 | }
16 | ```
17 | ```sh
18 | terraform apply -auto-approve
19 | ```
20 | Verify State file for Plain Text Password
21 | ```sh
22 | terraform destroy -auto-approve
23 | ```
24 |
25 | ### 2 - Using File Function
26 | Create a file on path of `outside-folder/pass.txt` with following content.
27 | ```sh
28 | foobarbaz#321
29 | ```
30 | Modify the `db.tf` to use `file` function.
31 | ```sh
32 | resource "aws_db_instance" "default" {
33 | allocated_storage = 10
34 | db_name = "mydb"
35 | engine = "mysql"
36 | engine_version = "8.0"
37 | instance_class = "db.t3.micro"
38 | username = "foo"
39 | password = file("outside-folder/pass.txt")
40 | parameter_group_name = "default.mysql8.0"
41 | skip_final_snapshot = true
42 | }
43 | ```
44 |
45 | ```sh
46 | terraform apply -auto-approve
47 | ```
48 | Verify State file for Plain Text Password
49 | ```sh
50 | terraform destroy -auto-approve
51 | ```
--------------------------------------------------------------------------------
/Section 3 - Terraform Provisioners/provisioner-types.md:
--------------------------------------------------------------------------------
1 | ### Important Note:
2 |
3 | Make sure to have the ec2-key.pem file present in the working directory for the provisioner to be able to connect to the instance.
4 |
5 | ### Demo Code Used During Demo:
6 |
7 |
8 | ```sh
9 | provider "aws" {
10 | region = "ap-southeast-1"
11 | access_key = "YOUR-KEY"
12 | secret_key = "YOUR-KEY"
13 | }
14 |
15 |
16 | resource "aws_security_group" "allow_ssh" {
17 | name = "allow_ssh"
18 | description = "Allow SSH inbound traffic"
19 |
20 | ingress {
21 | description = "SSH into VPC"
22 | from_port = 22
23 | to_port = 22
24 | protocol = "tcp"
25 | cidr_blocks = ["0.0.0.0/0"]
26 | }
27 | egress {
28 | description = "Outbound Allowed"
29 | from_port = 0
30 | to_port = 65535
31 | protocol = "tcp"
32 | cidr_blocks = ["0.0.0.0/0"]
33 | }
34 | }
35 |
36 |
37 | resource "aws_instance" "myec2" {
38 | ami = "ami-0b1e534a4ff9019e0"
39 | instance_type = "t2.micro"
40 | key_name = "ec2-key"
41 | vpc_security_group_ids = [aws_security_group.allow_ssh.id]
42 |
43 | provisioner "remote-exec" {
44 | inline = [
45 | "sudo yum -y install nano"
46 | ]
47 | }
48 | provisioner "remote-exec" {
49 | when = destroy
50 | inline = [
51 | "sudo yum -y remove nano"
52 | ]
53 | }
54 | connection {
55 | type = "ssh"
56 | user = "ec2-user"
57 | private_key = file("./ec2-key.pem")
58 | host = self.public_ip
59 | }
60 | }
61 | ```
62 |
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/large-infra.md:
--------------------------------------------------------------------------------
1 | ### Base Code Used (larger-infra.tf)
2 |
3 | ```sh
4 | provider "aws" {
5 | region = "us-east-1"
6 | }
7 | module "vpc" {
8 | source = "terraform-aws-modules/vpc/aws"
9 |
10 | name = "my-vpc"
11 | version = "5.13.0"
12 | cidr = "10.0.0.0/16"
13 |
14 | azs = ["us-east-1a", "us-east-1b", "us-east-1c"]
15 | private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
16 | public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
17 |
18 | enable_nat_gateway = true
19 | enable_vpn_gateway = true
20 |
21 | tags = {
22 | Terraform = "true"
23 | Environment = "dev"
24 | }
25 | }
26 |
27 | resource "aws_security_group" "allow_tls" {
28 | name = "terraform-firewall"
29 | description = "Managed from Terraform"
30 | }
31 |
32 | resource "aws_vpc_security_group_ingress_rule" "allow_tls_ipv6" {
33 | security_group_id = aws_security_group.allow_tls.id
34 | cidr_ipv4 = "0.0.0.0/0"
35 | from_port = 80
36 | ip_protocol = "tcp"
37 | to_port = 80
38 | }
39 |
40 | resource "aws_vpc_security_group_egress_rule" "allow_all_traffic_ipv4" {
41 | security_group_id = aws_security_group.allow_tls.id
42 | cidr_ipv4 = "0.0.0.0/0"
43 | ip_protocol = "-1" # semantically equivalent to all ports
44 | }
45 |
46 | resource "aws_security_group" "allow_tls2" {
47 | name = "terraform-firewalls"
48 | description = "Managed from Terraform"
49 | }
50 | ```
51 |
52 | ### Commands used:
53 |
54 | ```sh
55 | terraform plan -refresh=false
56 | ```
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/conditional-expression.md:
--------------------------------------------------------------------------------
1 |
2 | ### Base Code of conditional-expression.tf
3 |
4 | ```sh
5 | variable "environment" {
6 | default = "development"
7 | }
8 |
9 | resource "aws_instance" "myec2" {
10 | ami = "ami-00c39f71452c08778"
11 | instance_type = "t2.micro
12 | }
13 | ```
14 |
15 | ### Final Code Used In Examples:
16 |
17 | ```sh
18 | variable "environment" {
19 | default = "production"
20 | }
21 |
22 | resource "aws_instance" "myec2" {
23 | ami = "ami-00c39f71452c08778"
24 | instance_type = var.environment == "development" ? "t2.micro" :"m5.large"
25 | }
26 | ```
27 | #### Using the NOT EQUALS to Operator !=
28 | ```sh
29 | variable "environment" {
30 | default = "production"
31 | }
32 |
33 | resource "aws_instance" "myec2" {
34 | ami = "ami-00c39f71452c08778"
35 | instance_type = var.environment != "development" ? "t2.micro" :"m5.large"
36 | }
37 | ```
38 |
39 | #### Empty Value Based Example
40 |
41 | ```sh
42 | variable "environment" {
43 | default = "production"
44 | }
45 |
46 | resource "aws_instance" "myec2" {
47 | ami = "ami-00c39f71452c08778"
48 | instance_type = var.environment != "development" ? "t2.micro" :"m5.large"
49 | }
50 | ```
51 |
52 |
53 | ### Example with Multipl Variables and Conditional Expressions
54 |
55 | ```sh
56 | variable "environment" {
57 | default = "production"
58 | }
59 |
60 | variable "region" {
61 | default = "ap-south-1"
62 | }
63 |
64 | resource "aws_instance" "myec2" {
65 | ami = "ami-00c39f71452c08778"
66 | instance_type = var.environment == "production" && var.region == "us-east-1" ? "m5.large" : "t2.micro"
67 | }
68 | ```
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/dynamic-block.md:
--------------------------------------------------------------------------------
1 | ### before.tf
2 |
3 | ```sh
4 | resource "aws_security_group" "demo_sg" {
5 | name = "sample-sg"
6 |
7 | ingress {
8 | from_port = 8200
9 | to_port = 8200
10 | protocol = "tcp"
11 | cidr_blocks = ["0.0.0.0/0"]
12 | }
13 |
14 | ingress {
15 | from_port = 8201
16 | to_port = 8201
17 | protocol = "tcp"
18 | cidr_blocks = ["0.0.0.0/0"]
19 | }
20 |
21 | ingress {
22 | from_port = 8300
23 | to_port = 8300
24 | protocol = "tcp"
25 | cidr_blocks = ["0.0.0.0/0"]
26 | }
27 |
28 | ingress {
29 | from_port = 9200
30 | to_port = 9200
31 | protocol = "tcp"
32 | cidr_blocks = ["0.0.0.0/0"]
33 | }
34 |
35 | ingress {
36 | from_port = 9500
37 | to_port = 9500
38 | protocol = "tcp"
39 | cidr_blocks = ["0.0.0.0/0"]
40 | }
41 | }
42 |
43 | ```
44 |
45 | ### dynamic-block.tf
46 |
47 | ```sh
48 |
49 |
50 |
51 | variable "sg_ports" {
52 | type = list(number)
53 | description = "list of ingress ports"
54 | default = [8200, 8201,8300, 9200, 9500]
55 | }
56 |
57 | resource "aws_security_group" "dynamicsg" {
58 | name = "dynamic-sg"
59 | description = "Ingress for Vault"
60 |
61 | dynamic "ingress" {
62 | for_each = var.sg_ports
63 | iterator = port
64 | content {
65 | from_port = port.value
66 | to_port = port.value
67 | protocol = "tcp"
68 | cidr_blocks = ["0.0.0.0/0"]
69 | }
70 | }
71 |
72 | dynamic "egress" {
73 | for_each = var.sg_ports
74 | content {
75 | from_port = egress.value
76 | to_port = egress.value
77 | protocol = "tcp"
78 | cidr_blocks = ["0.0.0.0/0"]
79 | }
80 | }
81 | }
82 |
83 | ```
84 |
--------------------------------------------------------------------------------
/Section 5 - Remote State Management/remote-state-data-source.md:
--------------------------------------------------------------------------------
1 |
2 | ## Documentation Referred:
3 |
4 | 1. Remote State Data Source
5 |
6 | https://developer.hashicorp.com/terraform/language/state/remote-state-data
7 |
8 | 2. Terraform S3 Backend
9 |
10 | https://developer.hashicorp.com/terraform/language/settings/backends/s3
11 |
12 | ### Base code for Network Team
13 |
14 | #### eip.tf
15 | ```sh
16 | resource "aws_eip" "lb" {
17 | domain = "vpc"
18 | }
19 |
20 | output "eip_addr" {
21 | value = aws_eip.lb.public_ip
22 | }
23 |
24 | ```
25 | #### backend.tf
26 | ```sh
27 | terraform {
28 | backend "s3" {
29 | bucket = ""
30 | key = "eip.tfstate"
31 | region = "us-east-1"
32 | }
33 | }
34 | ```
35 |
36 | ### Base Code for Security Team
37 |
38 | #### sg.tf
39 |
40 | ```sh
41 | resource "aws_security_group" "allow_tls" {
42 | name = "allow_tls"
43 | }
44 |
45 | resource "aws_vpc_security_group_ingress_rule" "allow_tls_ipv4" {
46 | security_group_id = aws_security_group.allow_tls.id
47 | cidr_ipv4 = "172.31.20.30/32"
48 | from_port = 443
49 | ip_protocol = "tcp"
50 | to_port = 443
51 | }
52 | ```
53 |
54 | #### data.tf
55 |
56 | ```sh
57 | data "terraform_remote_state" "vpc" {
58 | backend = "s3"
59 |
60 | config = {
61 | bucket = "kplabs-networking-bucket-demo"
62 | key = "eip.tfstate"
63 | region = "us-east-1"
64 | }
65 | }
66 | ```
67 |
68 |
69 |
70 | ### Final Code for Security Team SG.TF
71 |
72 | ```sh
73 | resource "aws_security_group" "allow_tls" {
74 | name = "allow_tls"
75 | }
76 |
77 |
78 | resource "aws_vpc_security_group_ingress_rule" "allow_tls_ipv4" {
79 | security_group_id = aws_security_group.allow_tls.id
80 | cidr_ipv4 = "${data.terraform_remote_state.vpc.outputs.eip_addr}/32"
81 | from_port = 443
82 | ip_protocol = "tcp"
83 | to_port = 443
84 | }
85 | ```
--------------------------------------------------------------------------------
/Section 6 - Security Primer/sensitive.md:
--------------------------------------------------------------------------------
1 | ## Documentation Referenced:
2 |
3 | https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file
4 |
5 | https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/sensitive_file
6 |
7 | https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance
8 |
9 | ### Base Code
10 |
11 | ```sh
12 | resource "local_file" "foo" {
13 | content = "supersecretpassw0rd"
14 | filename = "password.txt"
15 | }
16 | ```
17 |
18 | ### Code with Variable
19 |
20 | ```sh
21 | variable "password" {
22 | default = "supersecretpassw0rd"
23 | }
24 | resource "local_file" "foo" {
25 | content = var.password
26 | filename = "password.txt"
27 | }
28 | ```
29 |
30 | ### Code were Sensitive Parameter is set at Variable
31 |
32 | ```sh
33 | variable "password" {
34 | default = "supersecretpassw0rd"
35 | sensitive = "true"
36 | }
37 | resource "local_file" "foo" {
38 | content = var.password
39 | filename = "password.txt"
40 | }
41 | ```
42 | ### Using Local Sensitive File Resource Type
43 |
44 | ```sh
45 | resource "local_sensitive_file" "foo" {
46 | content = "supersecretpassw0rd"
47 | filename = "password.txt"
48 | }
49 | ```
50 |
51 | ### Code Block using Output Values
52 | ```sh
53 | resource "local_sensitive_file" "foo" {
54 | content = "supersecretpassw0rd"
55 | filename = "password.txt"
56 | }
57 |
58 |
59 | output "pass" {
60 | value = local_sensitive_file.foo.content
61 | }
62 | ```
63 |
64 | ### RDS Code Block
65 |
66 | ```sh
67 | resource "aws_db_instance" "default" {
68 | allocated_storage = 10
69 | db_name = "mydb"
70 | engine = "mysql"
71 | engine_version = "8.0"
72 | instance_class = "db.t3.micro"
73 | username = "foo"
74 | password = "foobarbaz"
75 | parameter_group_name = "default.mysql8.0"
76 | skip_final_snapshot = true
77 | }
78 | ```
79 |
--------------------------------------------------------------------------------
/Section 5 - Remote State Management/state-management.md:
--------------------------------------------------------------------------------
1 | Documentation Referenced:
2 |
3 | https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_security_group_ingress_rule
4 |
5 | ### Base Code Used:
6 |
7 | ```sh
8 | terraform {
9 | backend "s3" {
10 | bucket = "kplabs-terraform-backends"
11 | key = "demo.tfstate"
12 | region = "us-east-1"
13 | }
14 | }
15 |
16 | resource "aws_iam_user" "dev" {
17 | name = "kplabs-user-01"
18 | }
19 |
20 | resource "aws_security_group" "prod" {
21 | name = "terraform-firewalls"
22 | }
23 | ```
24 |
25 | ## State Management Commands:
26 |
27 | #### 1 - List the Resources Managed through Terraform:
28 | ```sh
29 | terraform state list
30 | ```
31 | #### 2 - Show Attributes of Resource
32 | ```sh
33 | terraform state show aws_security_group.prod
34 | ```
35 |
36 | #### 3 - Pull the State file From Remote Backend
37 |
38 | ```sh
39 | terraform state pull
40 | ```
41 | #### 4 - Terraform State RM
42 |
43 | Extra code used as part of this example
44 |
45 | ```sh
46 | resource "aws_vpc_security_group_ingress_rule" "example" {
47 | security_group_id = aws_security_group.prod.id
48 |
49 | cidr_ipv4 = "10.0.0.0/8"
50 | from_port = 80
51 | ip_protocol = "tcp"
52 | to_port = 80
53 | }
54 |
55 | resource "aws_vpc_security_group_ingress_rule" "example2" {
56 | security_group_id = aws_security_group.prod.id
57 |
58 | cidr_ipv4 = "10.0.0.0/8"
59 | from_port = 80
60 | ip_protocol = "tcp"
61 | to_port = 80
62 | }
63 | ```
64 | ```sh
65 | terraform state rm aws_security_group.prod
66 | terraform state rm aws_vpc_security_group_ingress_rule.example
67 | terraform state rm aws_vpc_security_group_ingress_rule.example2
68 | ```
69 |
70 | #### 5 - Moving Resource Address
71 | ```sh
72 | terraform state mv aws_iam_user.dev aws_iam_user.prod
73 | ```
74 |
75 | #### 6 - Replace Provider
76 | ```sh
77 | terraform state replace-provider hashicorp/aws kplabs.in/internal/aws
78 | ```
79 |
80 |
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/reference.md:
--------------------------------------------------------------------------------
1 | ### Important Note:
2 |
3 | In the latest AWS provider version,there is one small change to be added in the aws_security_group resource that was used in video. Otherwise you will get this error:
4 |
5 |
6 | 
7 |
8 |
9 | This issue will be fixed soon by HashiCorp in the next versions of AWS provider.
10 |
11 | Intermediate Solution to Resolve the Error:
12 |
13 | 1. Open the VPC Console in AWS through the following link:
14 |
15 | https://console.aws.amazon.com/vpc/home
16 |
17 | 2. Click on "Your VPC"
18 |
19 |
20 | 
21 |
22 |
23 | 3. There should be 1 default VPC with no name. Copy the VPC ID of this VPC.
24 |
25 |
26 |
27 | 
28 |
29 |
30 | 4. Add the VPC ID in the vpc_id argument in the aws_security_group.
31 |
32 |
33 | 
34 |
35 |
36 | Here is a sample code reference:
37 |
38 | ```sh
39 | resource "aws_security_group" "allow_tls" {
40 | name = "kplabs-security-group"
41 | vpc_id = "vpc-48ae592e"
42 | ```
43 |
44 | Make sure to use the correct VPC ID of the AWS region in which you are creating your resource.
45 |
46 | If you still get any error, feel free to raise your query in our Discord community.
47 |
48 | ### Code:
49 |
50 | ```sh
51 | provider "aws" {
52 | region = "us-west-2"
53 | access_key = "PUT-YOUR-ACCESS-KEY-HERE"
54 | secret_key = "PUT-YOUR-SECRET-KEY-HERE"
55 | }
56 |
57 |
58 |
59 | resource "aws_instance" "myec2" {
60 | ami = "ami-082b5a644766e0e6f"
61 | instance_type = "t2.micro"
62 | }
63 |
64 | resource "aws_eip" "lb" {
65 | vpc = true
66 | }
67 |
68 | resource "aws_eip_association" "eip_assoc" {
69 | instance_id = aws_instance.myec2.id
70 | allocation_id = aws_eip.lb.id
71 | }
72 |
73 |
74 | resource "aws_security_group" "allow_tls" {
75 | name = "kplabs-security-group"
76 | vpc_id =
77 |
78 | ingress {
79 | from_port = 443
80 | to_port = 443
81 | protocol = "tcp"
82 | cidr_blocks = ["${aws_eip.lb.public_ip}/32"]
83 |
84 | # cidr_blocks = [aws_eip.lb.public_ip/32]
85 | }
86 | }
87 | ```
88 |
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/terraform-variables.md:
--------------------------------------------------------------------------------
1 | ## This snippet is from the Terraform Variables Practical video.
2 |
3 | ### terraform-variables.tf (Base Code)
4 | ```sh
5 |
6 | resource "aws_security_group" "allow_tls" {
7 | name = "terraform-firewall"
8 | description = "Managed from Terraform"
9 | }
10 |
11 | resource "aws_vpc_security_group_ingress_rule" "app_port" {
12 | security_group_id = aws_security_group.allow_tls.id
13 | cidr_ipv4 = "101.20.30.50/32"
14 | from_port = 8080
15 | ip_protocol = "tcp"
16 | to_port = 8080
17 | }
18 |
19 | resource "aws_vpc_security_group_ingress_rule" "ssh_port" {
20 | security_group_id = aws_security_group.allow_tls.id
21 | cidr_ipv4 = "101.20.30.50/32"
22 | from_port = 22
23 | ip_protocol = "tcp"
24 | to_port = 22
25 | }
26 |
27 | resource "aws_vpc_security_group_ingress_rule" "ftp_port" {
28 | security_group_id = aws_security_group.allow_tls.id
29 | cidr_ipv4 = "101.20.30.50/32"
30 | from_port = 21
31 | ip_protocol = "tcp"
32 | to_port = 21
33 | }
34 |
35 | ```
36 |
37 | ## Final Code
38 |
39 | ### terraform-variables.tf
40 | ```sh
41 |
42 | resource "aws_security_group" "allow_tls" {
43 | name = "terraform-firewall"
44 | description = "Managed from Terraform"
45 | }
46 |
47 | resource "aws_vpc_security_group_ingress_rule" "app_port" {
48 | security_group_id = aws_security_group.allow_tls.id
49 | cidr_ipv4 = var.vpn_ip
50 | from_port = var.app_port
51 | ip_protocol = "tcp"
52 | to_port = var.app_port
53 | }
54 |
55 | resource "aws_vpc_security_group_ingress_rule" "ssh_port" {
56 | security_group_id = aws_security_group.allow_tls.id
57 | cidr_ipv4 = var.vpn_ip
58 | from_port = var.ssh_port
59 | ip_protocol = "tcp"
60 | to_port = var.ssh_port
61 | }
62 |
63 | resource "aws_vpc_security_group_ingress_rule" "ftp_port" {
64 | security_group_id = aws_security_group.allow_tls.id
65 | cidr_ipv4 = var.vpn_ip
66 | from_port = var.ftp_port
67 | ip_protocol = "tcp"
68 | to_port = var.ftp_port
69 | }
70 | ```
71 |
72 | ### variables.tf
73 |
74 | ```sh
75 | variable "vpn_ip" {
76 | default = "200.20.30.50/32"
77 | description = "This is a VPN Server Created in AWS"
78 | }
79 |
80 | variable "app_port" {
81 | default = "8080"
82 | }
83 |
84 | variable "ssh_port" {
85 | default = "22"
86 | }
87 |
88 | variable "ftp_port" {
89 | default = "21"
90 | }
91 | ```
92 |
93 |
94 |
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/functions.md:
--------------------------------------------------------------------------------
1 | ## Documentation for Functions
2 |
3 | https://developer.hashicorp.com/terraform/language/functions
4 |
5 | ### Commands used in the video:
6 | ```sh
7 | terraform console
8 | ```
9 | ```sh
10 | max(10,30,50)
11 | file("./random-file.txt)
12 | ```
13 | ### Base code of functions.tf
14 |
15 | ```sh
16 | resource "aws_iam_user" "this" {
17 | name = "demo-kplabs-user"
18 | }
19 |
20 | resource "aws_iam_user_policy" "lb_ro" {
21 | name = "demo-user-policy"
22 | user = aws_iam_user.this.name
23 |
24 | policy = jsonencode({
25 | "Version": "2012-10-17",
26 | "Statement": [
27 | {
28 | "Action": "ec2:*",
29 | "Effect": "Allow",
30 | "Resource": "*"
31 | },
32 | {
33 | "Effect": "Allow",
34 | "Action": "elasticloadbalancing:*",
35 | "Resource": "*"
36 | },
37 | {
38 | "Effect": "Allow",
39 | "Action": "cloudwatch:*",
40 | "Resource": "*"
41 | },
42 | {
43 | "Effect": "Allow",
44 | "Action": "autoscaling:*",
45 | "Resource": "*"
46 | },
47 | {
48 | "Effect": "Allow",
49 | "Action": "iam:CreateServiceLinkedRole",
50 | "Resource": "*",
51 | "Condition": {
52 | "StringEquals": {
53 | "iam:AWSServiceName": [
54 | "autoscaling.amazonaws.com",
55 | "ec2scheduled.amazonaws.com",
56 | "elasticloadbalancing.amazonaws.com",
57 | "spot.amazonaws.com",
58 | "spotfleet.amazonaws.com",
59 | "transitgateway.amazonaws.com"
60 | ]
61 | }
62 | }
63 | }
64 | ]
65 | })
66 | }
67 | ```
68 |
69 | ### Final Code of functions.tf
70 |
71 | ```sh
72 | resource "aws_iam_user" "this" {
73 | name = "demo-kplabs-user"
74 | }
75 |
76 | resource "aws_iam_user_policy" "lb_ro" {
77 | name = "demo-user-policy"
78 | user = aws_iam_user.this.name
79 |
80 | policy = file("./iam-user-policy.json")
81 | }
82 | ```
83 |
84 | ###iam-user-policy.json
85 |
86 | ```sh
87 | {
88 | "Version": "2012-10-17",
89 | "Statement": [
90 | {
91 | "Action": "ec2:*",
92 | "Effect": "Allow",
93 | "Resource": "*"
94 | },
95 | {
96 | "Effect": "Allow",
97 | "Action": "elasticloadbalancing:*",
98 | "Resource": "*"
99 | },
100 | {
101 | "Effect": "Allow",
102 | "Action": "cloudwatch:*",
103 | "Resource": "*"
104 | },
105 | {
106 | "Effect": "Allow",
107 | "Action": "autoscaling:*",
108 | "Resource": "*"
109 | },
110 | {
111 | "Effect": "Allow",
112 | "Action": "iam:CreateServiceLinkedRole",
113 | "Resource": "*",
114 | "Condition": {
115 | "StringEquals": {
116 | "iam:AWSServiceName": [
117 | "autoscaling.amazonaws.com",
118 | "ec2scheduled.amazonaws.com",
119 | "elasticloadbalancing.amazonaws.com",
120 | "spot.amazonaws.com",
121 | "spotfleet.amazonaws.com",
122 | "transitgateway.amazonaws.com"
123 | ]
124 | }
125 | }
126 | }
127 | ]
128 | }
129 | ```
--------------------------------------------------------------------------------
/Section 2 - Read, Generate, Modify Congiruations/Readme.md:
--------------------------------------------------------------------------------
1 | # Domain 4 - Read, Generate, Modify Configurations
2 |
3 | The code mentioned in this document are used in the HashiCorp Certified Terraform Associate 2024 video course.
4 |
5 |
6 | # Video-Document Mapper
7 |
8 | | Sr No | Document Link |
9 | | ------ | ------ |
10 | | 1 | [Creating Firewall Rules using Terraform][PlDa] |
11 | | 2 | [Dealing with Documentation Code Updates][PlDb] |
12 | | 3 | [Creating Elastic IP with Terraform][PlDc] |
13 | | 4 | [Basic of Attributes][PlDd] |
14 | | 5 | [Cross Reference Resource Attributes Practical][PlDe] |
15 | | 6 | [Output Values][PlDf] |
16 | | 7 | [Terraform Variables Practical][PlDg] |
17 | | 8 | [Variable Definitions File (TFVARS)][PlDh] |
18 | | 9 | [Approaches for Variable Assignment][PlDi] |
19 | | 10 | [Setting Environment variable in Linux][PlDj] |
20 | | 11 | [Variable Definition Precedence][PlDk] |
21 | | 12 | [Data Types][PlDl] |
22 | | 13 | [Data Type - LIST][PlDm] |
23 | | 14 | [Data Type - MAP][PlDn] |
24 | | 15 | [Fetching Values from Map and List in Variable][PlDn2] |
25 | | 16 | [The Count Meta-Argument][PlDo] |
26 | | 17 | [Count Index][PlDo1] |
27 | | 18 | [Conditional Expressions][PlDp] |
28 | | 19 | [Local Values][PlDq] |
29 | | 20 | [Terraform Functions][PlDr] |
30 | | 21 | [Challenge - Analyzing Terraform Code Containing Functions][PlDr2] |
31 | | 22 | [Solution - Analyzing Terraform Code Containing Functions][PlDr3] |
32 | | 23 | [Overview of Data Sources][PlDs] |
33 | | 24 | [Data Sources - Format][PlDs1] |
34 | | 25 | [Use:Case - Fetching OS Image using Data Sources][PlDs2] |
35 | | 26 | [Fetching OS Image using Data Sources - Practical][PlDs3] |
36 | | 27 | [Debugging In Terraform][PlDt] |
37 | | 28 | [Terraform Format][PlDu] |
38 | | 29 | [Terraform Validate][PlDv] |
39 | | 30 | [Load Order and Semantics][PlDw] |
40 | | 31 | [Dynamic Blocks][PlDx] |
41 | | 32 | [Tainting Resources][PlDy] |
42 | | 33 | [Splat Expression][PlDz] |
43 | | 34 | [Terraform Graph][PlEa] |
44 | | 35 | [Saving Terraform Plan to File][PlEb] |
45 | | 36 | [Terraform Settings][PlEc] |
46 | | 37 | [Resource Targeting][PlEc2] |
47 | | 38 | [Dealing with Large Infrastructure][PlEe] |
48 | | 39 | [Fetching Data for Maps and List in Variable][PlEf] |
49 | | 40 | [Zipmap Function][PlEg] |
50 | | 41 | [Comments in Terraform][PlEh] |
51 | | 42 | [Resource Behavior and Meta Arguments][PlEi] |
52 | | 43 | [LifeCycle Meta-Argument - Create Before Destroy][PlEj] |
53 | | 44 | [LifeCycle Meta-Argument - Prevent Destroy][PlEk] |
54 | | 45 | [LifeCycle Meta-Argument - Ignore Changes][PlEl] |
55 | | 46 | [Challenges with Count][PlEm] |
56 | | 47 | [Resource Dependency][PlEn] |
57 | | 48 | [Implicit vs Explicit Dependencies][PlEo] |
58 | | 49 | [Data Type - SET ][PlEp] |
59 | | 50 | [for_each in Terraform][PlEq] |
60 | | 51 | [Data Type - Object][PlEr] |
61 |
62 | [PlDa]: <./firewall.md>
63 | [PlDb]: <./doc-code-changes.md>
64 | [PlDc]: <./eip.md>
65 | [PlDd]: <./attributes.md>
66 | [PlDe]: <./cross-reference-attributes.md>
67 | [PlDf]: <./output-values.md>
68 | [PlDg]: <./terraform-variables.md>
69 | [PlDh]: <./tfvars.md>
70 | [PlDi]: <./variable-assignment.md>
71 | [PlDj]: <./env-variable-assignment.md>
72 | [PlDk]: <./variable-precedence.md>
73 | [PlDl]: <./data-types.md>
74 | [PlDm]: <./list-data-type.md>
75 | [PlDn]: <./map-data-type.md>
76 | [PlDn2]: <./fetch-values-variables.tf>
77 | [PlDo]: <./count.md>
78 | [PlDo1]: <./count-index.md>
79 | [PlDp]: <./conditional-expression.md>
80 | [PlDq]: <./local-values.md>
81 | [PlDr]: <./functions.md>
82 | [PlDr2]: <./challenge-functions.md>
83 | [PlDr3]: <./solution-functions.md>
84 | [PlDs]: <./data-sources.md>
85 | [PlDs1]: <./data-source-format.md>
86 | [PlDs2]: <./fetch-ami-data-source-usecase.md>
87 | [PlDs3]: <./fetch-ami-data-source-practical.md>
88 | [PlDt]: <./debugging.md>
89 | [PlDu]: <./terraform-format.md>
90 | [PlDv]: <./terraform-validate.md>
91 | [PlDw]: <./load-order.md>
92 | [PlDx]: <./dynamic-block.md>
93 | [PlDy]: <./taint.md>
94 | [PlDz]: <./splat-expression.md>
95 | [PlEa]: <./graph.md>
96 | [PlEb]: <./plan-to-file.md>
97 | [PlEc]: <./settings.md>
98 | [PlEc2]: <./resource-target.md>
99 | [PlEe]: <./large-infra.md>
100 | [PlEf]: <./fetch-values-variables.tf>
101 | [PlEg]: <./zipmap.md>
102 | [PlEh]: <./tf-comments.tf>
103 | [PlEi]: <./meta-argument.md>
104 | [PlEj]: <./create-before-destroy.md>
105 | [PlEk]: <./prevent-destroy.md>
106 | [PlEl]: <./ignore-changes.md>
107 | [PlEm]: <./challenge-count.md>
108 | [PlEn]: <./resource-dependency.md>
109 | [PlEo]: <./implicit.md>
110 | [PlEp]: <./data-type-set.md>
111 | [PlEq]: <./for_each.md>
112 | [PlEr]: <./object.md>
--------------------------------------------------------------------------------