Skip to main content

Posts

Showing posts with the label terraform

Securing Terraform and You Part 1 -- rego, Tfsec, and Terrascan

 Sometimes, I write articles even when things don't work. It's about showing a learning process.  Using IaC means consistency, and one thing you don't want to do is have 5 open S3 buckets on AWS that anyone on the internet can reach.  That's where tools such as Terrascan and Tfsec come in, where we can make our own policies and rules to be checked against our code before we init.  As this was contract work, I can't show you the exact code used, but I can tell you that this blog post by Cesar Rodriguez of Cloud Security Musings was quite helpful, as well as this one by Chris Ayers . The issue is using Rego; I found a cool VS Code Extension; Terrascan Rego Editor , as well as several courses on Styra Academy; Policy Authoring and Policy Essentials . The big issue was figuring out how to tell Terrascan to follow a certain policy; I made it, put it in a directory, and ran the program while in that directory, and it didn't seem to see it. If you need help, check out

I Attempted Terraform Remote and Imploded VS Code - Here’s How I Fixed It

 Find a better formatted version of this post on my Notion . Photo by Susan Wilkinson on Unsplash It’s used more when there are multiple developers working on one thing, so someone’s state isn’t totally overwritten. Why Did You Try It? To see if I could! What Did You Do? The code worked - It was my S3 bucket permissions that were a little off, and did not allow me to place anything in there unless I went into the GUI and did it myself - which is time intensive and defeats the purpose of this project a bit. What Happened Afterward? Uh, well, VS Code suddenly had a lot of issues with permissions - It seems to have imploded the executable on my machine. I couldn’t start it, (’The location of this file could not be found’), but it wasn’t in my list of programs to uninstall - It was a ghost program. Could You Delete the Files? In theory - My permissions had gone screwy as well, and no amount of adjusting or using 3rd party, but Microsoft Approved tools worked. Is It Fixed? Yes! Re

Using Dynamic Blocks in Terraform

 Want to read it with nice formatting? Check out the Notion page. Continuing from the post about Modules , let's look at Dynamic Blocks. What are they? You put inside of resource blocks, to potentially repeat multiples of a same block type. Is This a Dynamic Block? I’ve done something like this, but it involved the multiple function (*) and a stand-in variable ${var.ex} . network_interface_ids = ["${element(azurerm_network_interface.CA-NetInt.*.id, 01)}"] The index (01) was the number of network_interface_ids one would want. Was that unknowingly a dynamic block, or something else? By all means, comment what you think. Apparently, It Wasn’t resource "aws_elastic_beanstalk_environment" "tfenvtest" { name = "tf-test-name" application = "${aws_elastic_beanstalk_application.tftest.name}" solution_stack_name = "64bit Amazon Linux 2018.03 v2.11.4 running Go 1.12.6" dynamic "setting

Using Terraform and AWS Cloud9

Wanted to try Cloud9 but didn't feel like making an EC2 instance in the GUI. So I made a Terraform file instead, remade a default VPC, and it took 20 minutes of troubleshooting. #AWS — Morgan (@runtcpip) February 1, 2022     👉🏾 Find the Notion page of this post here , if it's easier for you. It certainly looks nicer!   Setup: An EC2 instance A reference to the default VPC, which I had to remake, as I had deleted mine.    Downloading Terraform into Cloud9: Instructions here . Done and Done. Now, How About Using It? The kicker (or blessing) is that Cloud9 doesn't auto save, like I’ve set my VSCode up to do. Had to do a lot of manual saving, but it wasn’t a struggle. The lock file is created, but I don't see it in my file system to the left until resources have been pushed, so I made a simple bucket to try it out. Because this instance is attached to my AWS account, I suppose anything I make within this will be as well. Let's see! Does Every Terraform Command

Building AWS Infrastructure with Python (+ Learning the Code)

Follow along with more DevOps stuff! It's not only CloudFormation and YAML we can use to build infrastructure in AWS - The ever-popular Python is here. I like how the docs say it should take around 6 minutes, and I'm here on maybe...minute 34 waiting for packages to finish installing. I'm sure it doesn't account for setup, but for a while, I was concerned I had misconfigured something. No, there are just a ton of packages to download.   Node.js had to not only open Powershell, but update my chocolatey and some VS Code components. Importing Python packages happens in consoles/terminals . You have to import them each session.  So, I open a terminal in VS Code to install this Pipenv Virtual Environment Package in theory. The hardest part is always installing Python packages, as I never remember what command works in Windows Terminal.  It's never pip install or apt-get, but 'python -m pip install [package], when you are not in the Python prompt. Now, into the cmd

Working With Terraform Modules for AWS (Part 1)

 Terraform for AWS is somewhat clearer than Terraform for Azure - easier to grasp than YAML and it's finicky formatting. After pushing some DevOps Terraform (TF) configurations live to AWS, I wondered if I could push a static webpage. Situation - Why Would You Use This? To quickly spin up the front-end for a simple webpage that might take user input after attaching it to back end services that accept and hold the data.  What Other Options Are There? I've documented hosting static webpages through Azure before on here through various methods - The process is somewhat intensive and relies strongly on interconnected systems. GitHub to host the code Azure Webapps to take the code and display it Another option would be using Netlify,  but that works best for truly single-page apps like this . It looks like it has different pages to the untrained eye, but it's only one. Task - How Is It Done? Here, the simple webpage is hosted from a bucket. There's an index and error page. A

Totally Terraform (Or, Introducing Terraform DevOps Cloud Engineer Proceedures to A Company) [Updated March 2022]

 Want to share this post easily? Here's a Notion page !   I got to teach myself Terraform, but that's what this entire blog is about; Teaching myself things and hoping for work sometimes to make money and being employed by multiple people. You can be the next one! Anyway, what do I like about Terraform? A lot. Including all the troubleshooting and digging into new things. The Numbers on What Was Made: Project : 1 Resources created : 7 Virtual Machine Network Interface Virtual Network Security Rule attached to Security Group Security Group (with outputs) Subnet Public IP address Many of these resources are attached to each other - The Network Interface is attached to the Virtual Machine, and they’re both in a Security Group which has Security Rules attached to it. The Virtual Network is attached to the Subnet, and the Public IP address is attached to the Network Security Group. This way, The Virtual Machine has internet access, but also has rules about who can access it