Understanding the Infrastructure as Code Project

Lab Steps

lock
Logging in to the Amazon Web Services Console
lock
Opening the AWS Cloud9 IDE
lock
Understanding the Infrastructure as Code Project
lock
Using Terraform's Built-In Analysis Capabilities
lock
Working with TFLint
lock
Working With Terrascan
lock
Configuring the Jenkins Automation Server
lock
Triggering Jenkins Builds
lock
Creating and Subscribing to an SNS Topic
lock
Receiving Build Alerts
Need help? Contact our support team

Here you can find the instructions for this specific Lab Step.

If you are ready for a real environment experience please start the Lab. Keep in mind that you'll need to start from the first step.

Introduction

This Lab focuses on demonstrating the capabilities of static analysis of Infrastructure as Code (IaC) and automated alerting based on the static analysis results. For the sake of the Lab, a specific IaC tool must be selected. Terraform is the IaC tool used in this Lab. The Lab uses static analysis tools specifically for Terraform, although comparable tools often exist for alternative IaC tools, such as AWS CloudFormation, Chef, or Ansible.

This Lab Step sets up Terraform configuration files in your AWS Cloud9 IDE. The configuration is for a highly-available website deployed in AWS. Although Terraform can orchestrate infrastructure on multiple clouds, the static analysis tools for Terraform are most mature for AWS. This Lab does not focus on explaining the configuration, and it is not required to have prior experience with Terraform to complete this Lab. Other Terraform AWS Labs on Cloud Academy go through the process of building and understanding the configuration. Look at the following environment diagram to understand the major AWS resources maintained by the configuration: 

alt

At a high level, the infrastructure load balances website traffic across multiple availability zones. Web servers are in private subnets as a security best practice. Only traffic from the load balancer in the public subnets can reach the web servers.

 

Instructions

1. In the AWS Cloud9 terminal at the bottom of the window, enter the following command to download the configuration to a zip archive named tf.zip:

Copy code
wget https://github.com/cloudacademy/terraform-highly-available-website-on-aws/raw/master/config.zip -O tf.zip

 

2. Extract the archive to a directory named tf, remove the zip file, and change into the tf directory:

Copy code
unzip -d tf tf.zip
rm tf.zip
cd tf

alt

The archive includes four files: three Terraform configuration files ending in .tf, and one shell script used to bootstrap a basic website on web server instances.

 

3. In the Environment tab on the left of the Cloud9 IDE, expand the tf directory and open the main.tf file:

alt

main.tf is often used as the name of the root configuration file in Terraform, by convention.

 

4. Briefly scan the file to see the types of AWS resources, which are listed after lines beginning with the keyword resource:

alt

That is all you need to understand in the Terraform configuration files for a basic understanding of the IaC. Terraform interprets these files and makes appropriate API calls to create and update the infrastructure based on the configuration files.

Tip: Cloud9 includes syntax highlighting for HashiCorp Configuration Language (HCL) that Terraform configuration files are written in. It should automatically be enabled. You can confirm this by viewing the ViewSyntax menu and verifying that Terraform is selected.

 

Summary

In this Lab Step, you downloaded and briefly reviewed a sample Terraform IaC configuration.

Learning Pathnavigation