Welcome back to the series of Deploying On AWS Cloud Using Terraform π¨π»βπ». In this entire series, we will focus on our core concepts of Terraform by launching important basic services from scratch which will take your infra-as-code journey from beginner to advanced. This series would start from beginner to advance with real life Usecases and Youtube Tutorials.
If you are a beginner for Terraform and want to start your journey towards infra-as-code developer as part of your devops role buckle up π΄ββοΈ and lets get started and understand core Terraform concepts by implementing it…π¬
Let’s understand it in 2 scenarios
Create 5 IAM users and a Developer group, and align all users as part of this Developer Group.
Create IAM Policies and assign this to the Developer group.
πBasic Terraform Configurationsπ
As part of basic configuration we are going to setup 3 terraform files
1. Providers File:- Terraform relies on plugins called “providers” to interact with cloud providers, SaaS providers, and other APIs.
Providers are distributed separately from Terraform itself, and each provider has its own release cadence and version numbers.
The Terraform Registry is the main directory of publicly available Terraform providers, and hosts providers for most major infrastructure platforms. Each provider has its own documentation, describing its resource types and their arguments.
We would be using AWS Provider for our terraform series. Make sure to refer Terraform AWS documentation for up-to-date information.
Provider documentation in the Registry is versioned; you can use the version menu in the header to change which version you’re viewing.
provider "aws" { region = "var.AWS_REGION" shared_credentials_file = "" }
2.Β Variables File:- Terraform variables lets us customize aspects of Terraform modules without altering the module’s own source code. This allows us to share modules across different Terraform configurations, reusing same data at multiple places.
When you declare variables in the root terraform module of your configuration, you can set their values using CLI options and environment variables. When you declare them in child modules, the calling module should pass values in the module block.
variable "AWS_REGION" { variable "AWS_REGION" { default = "us-east-1" }
3.Β Versions File:- It’s always a best practice to maintain a version file where you specific version based on which your stack is testing and live on production.
terraform { required_version = ">= 0.12" }
Scenario 1:-Create 5 IAM users and a Developer group, and align all users as part of this Developer Group
Let’s create a variable to type a list to pass our user names for whom the IAM user profile needs to be created in AWS.
variable "usernames" { type = list(string) default = ["Dheeraj","Sandip","Avinash","Vishal","Sankalp"] }
π³Β Resource
β¦Β aws_iam_user:- This resource is used to create an AWS IAM user.
π³Β Arguments
β¦Β name:- This is a mandatory argument to define user name as part of resource creation.
β¦Β count:- Variable to take the length of the user list and save it.
β¦Β element:- It’s an intrinsic function of terraform to retrieve a single element from a list.
resource "aws_iam_user" "userlist" { count = "${length(var.username)}" name = "${element(var.username,count.index )}" }
π³Β Resource
β¦Β aws_iam_group:- This resource is used to create an AWS IAM group.
π³Β Arguments
β¦Β name:- This is a mandatory argument to define group name as part of resource creation.
resource "aws_iam_group" "dev_group" { name = "Developer" }
π³Β Resource
β¦Β aws_iam_user_group_membership:- This resource is used to associate AWS IAM users to single or multiple groups.
π³Β Arguments
β¦Β name:- This is a mandatory argument to define this group membership association.
β¦Β user:- This is a mandatory argument to provide a list of users to be associated with the group.
β¦Β groups:- This is a mandatory argument to provide a list of groups to be associated.
β¦Β count:- Variable to take the length of the user list and save it.
β¦Β element:- It’s an intrinsic function of terraform to retrieve a single element from a list.
resource "aws_iam_user_group_membership" "user_group_membership" { count = length(var.username) user = element(var.username, count.index) groups = [aws_iam_group.dev_group.name, ] }
Scenario 2:-Create IAM Policies and assign this to the Developer group.
π³Β Resource
β¦Β aws_iam_policy:- This resource is used to create IAM policy and define JSON policy within it.
π³Β Arguments
β¦Β name:- This is an optional argument to define the IAM policy name.
β¦Β description:- This is an optional argument to provide more details about the IAM policy.
β¦Β policy:- This is a mandatory argument to JSON policy document.
resource "aws_iam_policy" "dev_group_policy" { name = "dev-policy" description = "My test policy" policy = jsonencode({ Version = "2012-10-17" Statement = [ { Action = [ "ec2:Describe*", "ec2:Get*", ] Effect = "Allow" Resource = "*" }, ] }) }
π³Β Resource
β¦Β aws_iam_group_policy_attachment:- This resource is used to attach the AWS IAM policy to the group.
π³Β Arguments
β¦Β group:- This is a mandatory argument to provide the name of the group to which the policy needs to be attached.
β¦Β policy_arn:- This is a mandatory argument to provide AWS IAM policy arn which needs to be associated with the group.
resource "aws_iam_group_policy_attachment" "custom_policy" { group = aws_iam_group.dev_group.name policy_arn = aws_iam_policy.dev_group_policy.arn }
π³ Output File
Output values make information about your infrastructure available on the command line, and can expose information for other Terraform configurations to use. Output values are similar to return values in programming languages.
output "user_arn" { description = "Provide the IAM user names which are created as part of this resource" value = aws_iam_user.userlist.*.arn } output "dev-group-id" { value = aws_iam_group.dev_group.id description = "A reference to the created IAM group" }
πTo view the entire GitHub code clickΒ here
Β 1οΈβ£Β The terraform fmt command is used to rewrite Terraform configuration files to a canonical format and styleπ¨βπ».
terraform fmt
2οΈβ£Β Initialize the working directory by running the command below. The initialization includes installing the plugins and providers necessary to work with resources.Β π¨βπ»
terraform init
3οΈβ£Β Create an execution plan based on your Terraform configurations.Β π¨βπ»
terraform plan
4οΈβ£Β Execute the execution plan that the terraform plan command proposed.Β π¨βπ»
terraform apply --auto-approve
πβπ¨πβπ¨ YouTube Tutorial π½
βοΈβοΈImportant DocumentationβοΈβοΈ
βοΈΒ Hashicorp Terraform
βοΈΒ AWS CLI
βοΈΒ Hashicorp Terraform Extension Guide
βοΈΒ Terraform Autocomplete Extension Guide
βοΈΒ AWS IAM Policy
βοΈΒ IAM Policy Group Attachment
βοΈΒ AWS IAM Group Membership
βοΈΒ AWS IAM Group
βοΈΒ AWS IAM User
π₯π₯ Conclusion π₯π₯
In this blog, we have configured the below resources
β¦ AWS IAM User.
β¦ AWS IAM Group.
β¦ AWS IAM Policy.
I have also referenced what arguments and documentation we are going to use so that while you are writing the code it would be easy for you to understand terraform official documentation. Stay with me for the next blog where we will be doing deep dive into Target Group, Elastic Load Balancer & ELB Listener Using Terraform.
π’Β Stay tuned for my next blog…..
So, did you find my content helpful? If you did or like my other content, feel free to buy me a coffee. Thanks
![Dheeraj_Pic1 (2)](https://www.dheeraj3choudhary.com/wp-content/uploads/2018/09/Dheeraj_Pic1-2.jpg)
Author - Dheeraj Choudhary
RELATED ARTICLES
Automate S3 Data ETL Pipelines With AWS Glue Using Terraform
Discover how to automate your S3 data ETL pipelines using AWS Glue and Terraform in this step-by-step tutorial. Learn to efficiently manage and process your data, leveraging the power of AWS Glue for seamless data transformation. Follow along as we demonstrate how to set up Terraform scripts, configure AWS Glue, and automate data workflows.
Automating AWS Infrastructure with Terraform Functions
IntroductionManaging cloud infrastructure can be complex and time-consuming. Terraform, an open-source Infrastructure as Code (IaC) tool, si ...
hey there and thank you for your info β I have certainly picked up anything
new from right here. I did however expertise some technical points using this site, as I experienced to reload the
website many times previous to I could get it to load correctly.
I had been wondering if your web host is OK? Not that I am complaining,
but sluggish loading instances times will often affect
your placement in google and could damage your quality score if advertising and marketing with Adwords.
Anyway Iβm adding this RSS to my email and could look out for much
more of your respective exciting content. Make sure you update this again soon..
Escape roomy lista
Real great info can be found on site..
Very interesting details you have mentioned, regards for
posting.Raise blog range
Iβm amazed, I must say. Seldom do I encounter a blog thatβs equally educative and entertaining, and without a doubt, you have hit the nail on the head. The issue is something which not enough people are speaking intelligently about. Now i’m very happy I stumbled across this during my search for something relating to this.
Hi, I do think this is an excellent site. I stumbledupon it π I may return yet again since I book marked it. Money and freedom is the greatest way to change, may you be rich and continue to guide others.
Way cool! Some very valid points! I appreciate you writing this article and the rest of the website is really good.
Great article! We will be linking to this great post on our website. Keep up the good writing.