Infrastructure as Code with Terraform

Drupal Camp Asheville 2024 - July 12th-14th

By Wilfred Arambhan

This article will discuss:

  1. What is Infrastructure as Code (IaC)?
  2. Task Categories in IaC
  3. IaC Tools
  4. What is Terraform?
  5. Terraform Commands

Before reading you should have a high-level understanding of: 

  1. Devops
  2. AWS
  3. Drupal or any Three-Tier Architecture 
  4. Deployment process

What is Infrastructure as Code?

Infrastructure as Code (IaC) is a concept where all the knowledge and expertise of system administrators and operations teams are packed together as various programs or applications that help carry out all these tasks.

Try this - https://github.com/wilfi/Terraform-Demo


DevOps before Automation

Long back in the past when we wanted to deploy an application on a server, we would go and get some servers, set it up, configure networks, install the necessary software required to run the application, set up a database, and so on and so forth. After the initial setup and configuration, the application would run on the server.

Now, applications are publicly available, which means all the activities done before have to be repeated again with some additional configuration to ensure the application is secure, highly available, scalable, etc. This can be achieved through adding additional firewall configuration, a load balancer, and multiple web server instances to distribute the request load; provisioning a CDN for better performance; or cloning the web server into multiple data centers (or subnet and regions with AWS terminology). 

Applications would be built manually across multiple environments. Manual work brings more maintenance; for example, deploying a new release, taking regular db backups, disaster recovery, modifying network configurations, etc. 

With manual work comes:

  • More effort and time
  • Higher chance of human error
  • High human resource cost

DevOps after Automation

All the tasks and processes mentioned above will be curated with Infrastructure as Code (IaC) -- a concept where all the knowledge and expertise of system administrators and operations teams are packed together as various programs or applications that help carry out tasks.

There are multiple IaC tools that can carry out these operations.

We’ll revisit these tools later in the article.
 

Benefits of Automation

  1. ReuseLet's take a typical case of multiple environments like DEV, QA, UAT, PROD, for example. The program that your team has built for the DEV environment can be easily reused for your other environments. This reduces the effort and time, and nullifies any last minute surprises which might pop up in other environments.
  2. Version control & code review - The code can be committed to a repository where the rest of the team will have access for peer review. This reduces the overall dependency on a particular individual or team.
  3. Testing & documentation - The infrastructure can be torn down, recreated easily, and tested out. Each resource in the infrastructure can be documented to show exactly the purpose it serves. This reduces human error and resource costs. 

Task Categories of IaC

There are three main task categories involved in IaC

  1. Infrastructure provisioning- This includes spinning up servers, initial network configurations, load balancers, and other configurations on the infrastructure lever.
  2. Configuration of provisioned infrastructure- This includes installing the required software to run the application, managing that software, and making the infrastructure ready for deployment.
  3. Deployment of application in the provisioned and configured infrastructureThis includes the actual deployment of the application and various other steps that involve the deployment; like running the deployment pipeline and managing the deployment across various environments. Deployment of application in the provisioned and configured infrastructure

IaC Tools

So, why are IaC tools important? 

With the different categories for different phases of IaC, there are tools that are ideal for particular categories. It's best practice to combine two or more tools to accomplish the whole IaC cycle. For example, Terraform can be ideal when it's used for initial infrastructure setup, managing the infrastructure, and initial application setup, whereas a tool like Ansible is better for managing and maintaining the application.

What is Terraform

Terraform is an open source tool designed to automate and manage your infrastructure. It fits in the provisioning infrastructure stage and managing the infrastructure. It was created by HashiCorp and uses HashiCorp Configuration Language (HCL)

Terraform uses declarative programming, meaning it describes an intended goal rather than the steps to reach the goal. Terraform considers only the direct relation between resources when deciding the order of operations.

Below is a high-level illustration of the order of operations to install a Docker in AWS.

Terraform Components

There are two main components involved: Core and Providers 

Core

In the core provider, there are two input sources:

a. Terraform config is the place that defines what our resources are going to be like. This is a terraform file (with .tf extension) containing resource blocks and their configuration. Below is an example of aws_iam_policy which provides an Amazon IAM Policy.

 

Image Source: Example usage of an aws_iam_policy

b. Terraform state - Terraform knows the current state of the infrastructure in terms of configuration and metadata. This is usually a Terraform. tfstate file which will be saved locally in the terraform project root. When Terraform creates a resource with respect to the new tf-config, it will store that identity of the resource against a particular resource instance, and then potentially update or delete that resource with respect to future tf-config.

Providers

Providers are plugins that let Terraform know which Cloud provider, SaaS provider, or any other APIs it should interact with. Tf-config should declare which provider it should use so that Terraform can install it and use it directly. Each provider adds a set of resource types that Terraform can manage. The below screenshot illustrates how to define an AWS provider, and thereby access aws_vpc resource. 

Terraform Commands

  • tf init-This is the first command to run and initiate a working directory containing the TF configuration files. This command will generate a .terraform directory in Terraform's current working directory to manage cached providers and record the last known backend configuration.
  • tf plan - This creates an execution plan and does a dry run. This command is useful when dealing with a large number of infrastructure resources. It will show exactly how many new resources are going to be created, updated, or deleted. 
  • tf apply -This follows the tf plan. It creates the resources for the defined provider and executes the plan.
  • tf destroy -This command is useful for tearing down the resources and infrastructure created for test or temporary basis.


Code to spin up a Drupal in AWS with Terraform

Terraform Demo is a sample code that helps get you started with Terraforms on AWS by creating resources on AWS required to provision a Drupal application. There are a few prerequisites to run this code that need to be reviewed first, however. 

After running locally running the code, the AWS account will provision the below resources:

  1. AWS Security group
  2. VPC
  3. RDS Instance with MySQL
  4. EC2 Instance
  5. Drupal on EC2

Next Steps and Potential Improvements

 


While the code provided gives you a head start on using Terraform commands and its configurations, it can be streamlined better with: 

  1. Usage of Terraform modules
  2. Leveraging Ansible to install Drupal instead of Bash script
  3. Deploying to an existing Drupal instance
  4. Terraform cloud
  5. Infrastructure enhancements like the addition of a Load balancer with an Autoscaling group, CDN, SSL certificate, and DNS Configuration.

Stay tuned for Part 2 with even more enhancements.