Terraform Day 02: Provider Block ,Resource Block , S3 backend , Data Source , Remote Data Source Backend
Kiran Pawar
Infrastructure as Code (IaC) has revolutionized the way we manage cloud resources. In this blog, we’ll dive into Terraform’s fundamentals and explore its core concepts, comparing it with Cloud Native Tools (CNT) like AWS CloudFormation (CFT), Azure Resource Manager (ARM), and GCP Deployment Manager. We’ll also demonstrate practical Terraform code examples, focusing on AWS.
Tools Overview
AWS: CloudFormation (CFT)
Azure: Azure Resource Manager (ARM)
GCP: Deployment Manager
Key Differences between CNT (CFT, ARM) and Terraform
| Feature | CFT & ARM | Terraform |
| Language | JSON or YAML (all configs in one file) | HashiCorp Configuration Language (HCL) |
| Complexity | Learning JSON/YAML is difficult | HCL is simpler and modular |
| Cloud Compatibility | AWS (CFT), Azure (ARM) only | Multi-cloud (AWS, Azure, GCP) |
| Module Support | No | Yes, with reusable modules |
| Workspace Support | No | Yes, supports multiple workspaces |
| Dry-Run Capability | Limited | terraform plan for effective dry-run |
| Importing Resources | Complex in AWS, not available in ARM | Simple with terraform import |
Terraform and Other HashiCorp Tools
Terraform is a cloud-agnostic tool, enabling multi-cloud resource management with a unified configuration language. Other HashiCorp tools include:
Packer: Image automation
Consul: Service discovery and cluster management
Vault: Secure secrets management
Nomad: Workload orchestration (an alternative to Kubernetes)
Getting Started with Terraform
1. Main Configuration (main.tf)
The primary file where we define the cloud provider:
provider "aws" {
region = "ap-south-1"
}
# Other resource definitions will follow...
Tip: Avoid hard-coding credentials. Use
aws configureafter installing the AWS CLI.
2. Create Your First VPC (vpc.tf)
Terraform refers to any cloud resource as a resource. Below is an example of creating a VPC and Internet Gateway:
resource "aws_vpc" "my_vpc" {
cidr_block = "10.0.0.0/16"
tags = {
Name = "My-VPC"
}
}
resource "aws_internet_gateway" "igw" {
vpc_id = aws_vpc.my_vpc.id
tags = {
Name = "My-Internet-Gateway"
}
}
Run terraform init terraform plan terraform apply to provision resources
3. Using Data Sources
Data sources fetch information about existing resources in your cloud environment. For example, fetching a VPC by its id:
data "aws_vpc" "Test-Vpc" {
id = var.vpc_id
}
resource "aws_internet_gateway" "igw" {
vpc_id = data.aws_vpc.Test-Vpc.id
}
Existing VPC on aws console without internet gateway
we can attach internet gateway to existing vpc using data source
Enter terraform apply and check aws vpc console for changes
4. Remote State Management
Terraform generates a state file after deployment. Use remote state for managing infrastructure across projects:
provider "aws" {
region = "us-east-1"
}
terraform {
backend "s3" {
bucket = "terraformbucket1212"
key = "Base-infra.tfstate"
region = "us-east-1"
}
}
resource "aws_vpc" "default" {
cidr_block = "10.1.0.0/16"
enable_dns_hostnames = true
tags = {
Name = "terraform-aws-testing"
Owner = "kiran"
}
}
resource "aws_internet_gateway" "default" {
vpc_id = aws_vpc.default.id
tags = {
Name = "terraform-aws-igw"
}
}
resource "aws_subnet" "subnet1-public" {
vpc_id = aws_vpc.default.id
cidr_block = "10.1.1.0/24"
availability_zone = "us-east-1a"
tags = {
Name = "Terraform_Public_Subnet1-testing"
}
}
resource "aws_subnet" "subnet2-public" {
vpc_id = aws_vpc.default.id
cidr_block = "10.1.2.0/24"
availability_zone = "us-east-1b"
tags = {
Name = "Terraform_Public_Subnet2-testing"
}
}
resource "aws_subnet" "subnet3-public" {
vpc_id = aws_vpc.default.id
cidr_block = "10.1.3.0/24"
availability_zone = "us-east-1c"
tags = {
Name = "Terraform_Public_Subnet3-testing"
}
}
resource "aws_route_table" "terraform-public" {
vpc_id = aws_vpc.default.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.default.id
}
tags = {
Name = "Terraform_Main_table-testing"
}
}
resource "aws_route_table_association" "terraform-public" {
subnet_id = aws_subnet.subnet1-public.id
route_table_id = aws_route_table.terraform-public.id
}
resource "aws_security_group" "allow_all" {
name = "allow_all"
description = "Allow all inbound traffic"
vpc_id = aws_vpc.default.id
ingress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
Initialize the backend with
terraform init.
5.Remote Data Source Backend
Terraform can fetch data from remote backends, such as S3 or other Terraform configurations, using terraform_remote_state.
we can see new state file created based on previous state file of our infra setup Base-infra.tf configuration
Sample Workflow
Write Configuration: Create resource files (e.g.,
vpc.tf,ec2.tf).Initialize: Run
terraform initto set up the environment.Plan: Run
terraform planto preview changes.Apply: Run
terraform applyto provision resources.State Management: Use remote state for large infrastructures.
Additional Resources
AWS Resources: VPCs, Internet Gateways, Subnets, Security Groups, EC2 instances.
Data Sources: Reuse existing resources effectively.
Remote State Management: Ensure consistency across environments.
Conclusion
Terraform provides unparalleled flexibility and multi-cloud support compared to CNT tools like CloudFormation and Azure Resource Manager. It simplifies infrastructure management with modules, reusable configurations, and robust state management.
Start your Terraform journey today and experience the power of IaC!
Subscribe to my newsletter
Read articles from Kiran Pawar directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
Kiran Pawar
Kiran Pawar
"Hello, I'm Kiran Pawar, a passionate Cloud and Devops Engineer with a strong background in cloud automation, configuration, and deployment. My journey in the world of technology has been a thrilling adventure, where I've had the privilege to work with cutting-edge tools and practices. 🚀 As a DevOps Engineer: I specialize in automating, configuring, and deploying instances in cloud environments and data centers. My expertise extends to DevOps, GitOps, CI/CD pipeline management, HashiCorp Terraform, and containerization. I'm proficient in AWS and Linux/Unix administration, ensuring robust infrastructure and application performance. 🔧 My Tech Stack: Front-end skills: HTML, CSS, SCSS, Tailwind CSS, Bootstrap, React, Material-UI, JavaScript DevOps toolbox: GIT, OWASP,Nexus,Trivy, Github, Gitlab, Terraform, Ansible, Docker, Kubernetes, Helm, Jenkins, Prometheus, Grafana, Argo CD, AWS EKS. 🌐 My Cloud Expertise: I have hands-on experience managing AWS services, including EC2, S3, EBS, VPC, ELB, RDS, IAM, Route53, and more. 🔒 Networking and Security: My skills include managing networking concepts such as TCP/IP protocols, security policies, and subnet interfacing. I have a strong understanding of infrastructure and networking, covering topics like firewalls, IP addressing, DNS, and more. 💡 What Sets Me Apart: I bring a positive attitude, a strong work ethic, and a collaborative spirit to every project. I'm a self-starter, a fast learner, and an effective team player with strong interpersonal skills. In addition to my DevOps skills, I've developed shell scripts (Bash) for automating tasks and have proficiency in Python scripting. My ability to communicate and manage projects, along with a track record of resolving client issues, adds value to every team I work with. If you're looking for a DevOps engineer who is also well-versed in front-end technologies, feel free to connect with me. Let's explore new possibilities and create exceptional technical solutions together!"