Terraform 6 of 10: Terraform State using AWS Cloud9

Background

This tutorial deals with Terraform State. AWS Cloud9 is the environment.

1 of 10. Open the Terraform documentation for "random_password"

Terraform Registry > Providers > Utility > Random > Documentation > Resources > random_password

random_password (Resource)

2 of 10. Open your AWS Cloud9 environment

Creating An Integrated Developer Environment (IDE) in the Cloud in Two Minutes!: AWS Cloud9(Step-by-Step)

3 of 10. Run "terraform init"

Per the documentation, "A backend defines where Terraform stores its state data files."

Backend Configuration

terraform init

4 of 10. Update "resources.tf"

Remove existing content, and make it look like the below. It should be a random password generator. Then, we want to "terraform init", "terraform plan" and "terraform apply". Pause a moment before hitting "yes", and you will notice that a lock.info file is created.

resource "random_password" "password" { length = 16 special = true } terraform init terraform plan terraform apply

5 of 10. "terraform show" and "terraform show -json"

Because the random_password is a sensitive value, you won't see it in the "terraform show" output, but you can find it in the "terraform show -json" output. This is expected behavior, per the documentation for the "terraform show" command. Note that the "show" command is simply showing human readabout output from a file. If a file isn't specified, then it assumes the "state" file by default. You may want to secure your state file, now that you know your secrets are stored in plain text in the state file. Recommendation is a remote state file.

Command: show

terraform show terraform show -json

6 of 10. Update "outputs.tf" to try to view the password output value.

Terraform should encounter an error.

output "password" { value = random_password.password.result } terraform apply

7 of 10. Update "outputs.tf" per the advice of the error message, and try again.

Terraform should display that it is a sensitive value.

output "password" { value = random_password.password.result sensitive = true } terraform apply

8 of 10. Update "resources.tf" to create a shorter password.

This should force "re-creation" of the password.

resource "random_password" "password" { length = 8 special = true } terraform apply

9 of 10. View the terraform.tftstate and the terraform.tfstate.backup, comparing the two files.

You should see the prior version of the password in the backup file.

10 of 10. Cleanup

Destroy the resource you created.

terraform destroy

Reference

random_password (Resource)

Creating An Integrated Developer Environment (IDE) in the Cloud in Two Minutes!: AWS Cloud9(Step-by-Step)

State

Backend Configuration

Command: init

Command: show

Comments

Post a Comment

Popular posts from this blog

"This site uses cookies from Google to deliver its services and analyze traffic. Your IP address and user-agent are shared with Google along with performance and security metrics to ensure quality of service, generate usage statistics, and to detect and address abuse."
Read more

Orphaned No More: Adopting AWS Lambda

Image
Background HumanGov is a Model Automated Multi-Tenant Architecture (MAMA) that is meant to be used by the 50 states for personnel tracking. Currently the architecture is fully automated on AWS. The architecture is not ready for go-live. All actions so far are for a proof-of-concept that is presented to the Chief Technical Officer (CTO) for review. During the weekly team meeting, Ko (User Experience Lead) reports that his team has performed thousands of tests against the infrastructure, with moves, adds, and changes, and is not finding any issues in the application user interface. Woo (Infrastructure Lead) reports that there are hundreds of 'orphaned' files in the S3 bucket. (These files are considered 'orphaned' because they do not have corresponding records in the DynamoDB table.) Kim (Tech Lead) reports that there is not a trigger to delete the file from the bucket when a user is deleted from the DynamoDB database. Brady (Lawyer) reports that not deleting t
Read more

Containing the Chaos! | A Three-Part Series Demonstrating the Usefulness of Containerization to HumanGov

Background HumanGov is a Model Automated Multi-Tenant Architecture (MAMA) that is meant to be used by the 50 states for personnel tracking. Currently the architecture requires Amazon Elastic Compute Cloud (EC2) instances that are maintained by the HumanGov systems administrators. The systems administrators handle all the patching, operations, etc. Due to states wanting their data separate from each other, each state gets a separate set of EC2 instances, which means that as the application scales from one state up to 50 states, the systems administrators will have to patch 50x as many EC2 instances. The system administrators report that they have begun to schedule more and more overtime to handle the maintenance windows for updating the EC2 instances. The lead developer remarked that it was taking longer and longer for new application deployments to get rolled out as the infrastructure grew and more states came on board. By the way, the development environment does not have standa
Read more