Hashicorp Terraform

Get up and running with Terraform

Last updated 5 months ago

Was this helpful?

What is Terraform?

is an open-source, declarative Infrastructure as Code language from HashiCorp.

are used to define the resources to build. These abstract the underlying API calls made to build, modify, and destroy resources by wrapping this into HCL syntax. In other words, you just worry about writing Terraform code without having to understand and work with the underlying APIs.

# Installing via Homebrew on MacOS brew tap hashicorp/tap brew install hashicorp/tap/terraform brew update brew upgrade hashicorp/tap/terraformh # Enabling tab completion terraform -install-autocomplete # Restarting shell . ~/.zshrc # bash is ~/.bashrc

Example

Typically, Terraform code is defined in a main.tf file and variables found in that file can be declared in variables.tf

Variables are not required and you could hard code everything into main.tf if desired.

main.tf

# Create the bucket
resource "aws_s3_bucket" "s3-bucket-1" {
  bucket = var.mybucketname
}

# Enable server-side encryption
resource "aws_s3_bucket_server_side_encryption_configuration" "s3-encryption-config" {
  bucket = aws_s3_bucket.s3-bucket-1.bucket # defines bucket name

  rule {
    apply_server_side_encryption_by_default {
      sse_algorithm = var.sse-algorithm # defines encryption type
    }
  }

  depends_on = [
    aws_s3_bucket.s3-bucket-1 # ensures bucket is created before trying to apply encryption
  ]
}

# Configure bucket policy, set to deny HTTP requests
resource "aws_s3_bucket_policy" "s3-bucket-policy" {
  bucket = aws_s3_bucket.s3-bucket-1.id

  # defines bucket policy below, SecureTransport false means it blocks HTTP access
  policy = <<POLICY
  {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Deny",
            "Principal": "*",
            "Action": "s3:*",
            "Resource": "arn:aws:s3:::${var.mybucketname}/*",
            "Condition": {
                "Bool": {
                    "aws:SecureTransport": "false"
                }
            }
        }
    ]
}
POLICY
}

# Block public access to the bucket
resource "aws_s3_bucket_public_access_block" "s3-bucket-access-control" {
  bucket = aws_s3_bucket.s3-bucket-1.id

  block_public_acls       = var.s3-bucket-ac["block_public_acls"]
  block_public_policy     = var.s3-bucket-ac["block_public_policy"]
  ignore_public_acls      = var.s3-bucket-ac["ignore_public_acls"]
  restrict_public_buckets = var.s3-bucket-ac["restrict_public_buckets"]
}

variables.tf

variable "mybucketname" {
  description = "Set a unique bucket name"
  type        = string
}

variable "sse-algorithm" {
  description = "Specify the encryption type to use"
  type        = string
  default     = "AES256"
}

variable "s3-bucket-ac" {
  description = "Block public access"
  type        = map(any)
  default = {
    block_public_acls       = "true"
    block_public_policy     = "true"
    ignore_public_acls      = "true"
    restrict_public_buckets = "true"
  }
}

What is Terraform?

is an open-source, declarative Infrastructure as Code language from HashiCorp.

Example

Typically, Terraform code is defined in a main.tf file and variables found in that file can be declared in variables.tf

Variables are not required and you could hard code everything into main.tf if desired.

Here's an example of configuring an AWS S3 bucket in Terraform utilizing the .

main.tf

# Create the bucket
resource "aws_s3_bucket" "s3-bucket-1" {
  bucket = var.mybucketname
}

# Enable server-side encryption
resource "aws_s3_bucket_server_side_encryption_configuration" "s3-encryption-config" {
  bucket = aws_s3_bucket.s3-bucket-1.bucket # defines bucket name

  rule {
    apply_server_side_encryption_by_default {
      sse_algorithm = var.sse-algorithm # defines encryption type
    }
  }

  depends_on = [
    aws_s3_bucket.s3-bucket-1 # ensures bucket is created before trying to apply encryption
  ]
}

# Configure bucket policy, set to deny HTTP requests
resource "aws_s3_bucket_policy" "s3-bucket-policy" {
  bucket = aws_s3_bucket.s3-bucket-1.id

  # defines bucket policy below, SecureTransport false means it blocks HTTP access
  policy = <<POLICY
  {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Deny",
            "Principal": "*",
            "Action": "s3:*",
            "Resource": "arn:aws:s3:::${var.mybucketname}/*",
            "Condition": {
                "Bool": {
                    "aws:SecureTransport": "false"
                }
            }
        }
    ]
}
POLICY
}

# Block public access to the bucket
resource "aws_s3_bucket_public_access_block" "s3-bucket-access-control" {
  bucket = aws_s3_bucket.s3-bucket-1.id

  block_public_acls       = var.s3-bucket-ac["block_public_acls"]
  block_public_policy     = var.s3-bucket-ac["block_public_policy"]
  ignore_public_acls      = var.s3-bucket-ac["ignore_public_acls"]
  restrict_public_buckets = var.s3-bucket-ac["restrict_public_buckets"]
}

variables.tf

variable "mybucketname" {
  description = "Set a unique bucket name"
  type        = string
}

variable "sse-algorithm" {
  description = "Specify the encryption type to use"
  type        = string
  default     = "AES256"
}

variable "s3-bucket-ac" {
  description = "Block public access"
  type        = map(any)
  default = {
    block_public_acls       = "true"
    block_public_policy     = "true"
    ignore_public_acls      = "true"
    restrict_public_buckets = "true"
  }
}

Hashicorp Terraform

Hashicorp Terraform

What is Terraform?

Installation

Commands

Example

What is Terraform?

Installation

Commands

Example