The ramblings of a computer geek
Although there are a few ways to do it, here is an example of how you can use the null_resource to make Terraform wait for an EC2 instance to be ready before continuning. In this example we have an EC2 instance called mgmt_host which will using the “trigger” set the Terraform into a loop to … Read more
So you have an EC2 instance you’ve deployed from Terraform, but as part of the run of your template you want to run some other commands. Sure, you can use the “user data” section to run commands at deployment time, but what if you want to run something later on? Well, you can use a … Read more
A simple VPC deployment pattern which includes a simple configuration that has been tested and can be used to build a new infrastructure from. It uses Terraform and uses local state storage (within a directory called “state_data”), for production uses it is mandated to use some form of remote state storage. The pattern within the … Read more
When using with Terraform with Keeper Secrets Manager (KSM) a provider is needed to be configured, the Keeper documentation details how this can be configured. Keeper: Terraform Provider Documentation. However, a short version can be found below. https://docs.keeper.io/en/keeperpam/secrets-manager/integrations/terraform You need to have already created a Keeper Secrets Manager (KSM) profile which you can use for authentication, this … Read more
Here’s a quick example of how you can use Terraform’s cidrsubnet function to streamline your use of IP Subnets and calculate a number of different subnets from a single CIDR range (or supernet). https://developer.hashicorp.com/terraform/language/functions/cidrsubnet Explaination The cidrsubnet function can be a bit weird when first looking at it. But we’re going to have an example … Read more
Firstly, a disclaimer. Although you can store values, specifically secrets (e.g. passwords) within Environment Variables so that you are not storing them in your Terraform template code there are better ways, for example by use of a formal Secrets Management solution. However, this article will show you how you can use Environment Variables to “safely” … Read more
We use IaC (Infrastructure as Code) for the deployment and management of all cloud (AWS) workloads to ensure we can manage and update infrastructure and applications that are deployed in the cloud rapidily and on an ongoing basis, while maintaining flexibility, security and availability. However issues may occur when changes are made using automated processes, … Read more
A potential scenario is to have a single Terraform template repository where you need to manage AWS resources across a number of different AWS Accounts. However, because each AWS Account is the edge of its authentication and authorisation profile, there is a need to be able cross this boundary within your Terraform to be able … Read more
You can force a replacement of an AWS EC2 instance within Terraform by issuing the following command. The previous command “taint” has now been deprecated. Where your instance is called “My-Instance-1” within the Terraform template. When you run this the instance will be destroyed and replaced (as if it was the first time it was … Read more
AWS CloudFront allows you to front your application (be it on EC2 instances or REST API etc.) so you can provide high availability, caching and protection (with WAF) to the workload. When configuring your application, you don’t want the application to be directly accessible without using CloudFront, so therefore you need to add some restrictions, … Read more