Stackarmour

DevOps with Terraform on AWS GovCloud

We are an AWS Advanced Partner with a Public Sector and AWS GovCloud competencies and support rapid deployments of secure and compliant environments on the AWS GovCloud Region. Our cloud solution architects must enable rapid deployments to stand-up the basic infrastructure, spin up instances and install software components in support of the DevOps project.

Clearly, there exist many tool choices for DevOps based orchestration and provisioning automation including Chef, Ansible, Puppet, Cloudformation, Saltstack and Terraform amongst others. Many times the client has a preference for one of the tools and our engineers obviously support the client selected tool suite. However, on some of our recent projects at GSA and for US Federal Contractors looking for a NIST 800-171 and FedRAMP compliant service, we have found great benefit and speed from using Terraform.

Using Terraform

Terraform by HashiCorp, is an “infrastructure as code” tool similar to AWS CloudFormation that allows the creation and updating of the AWS infrastructure. In a typical project there are three files.  Variable.tf allows you to define custom settings using the IDs for each AWS or any custom value for a tag or something else. Outputs.tf is basically to define what to output to the use such as an ELB DNS once its created.  Main.tf is where are the definitions are stored for each resource you want to provision. You run that using Terraform plan which then creates a plan like this:

 

The next step is to type in terraform apply which kicks off the process to start provisioning AWS components.  A great feature of Terraform is that it keeps track of the state of your infrastructure. So it you change your template it recognizes then change and only runs that change and it will tell you like this:

 

Effectively Terraform helps with your configuration management.  The ability to create re-usable modules for VPC, Security Groups, etc. The ability to maintain state of the infrastructure is a powerful feature for environments that may need to be changed once they have been stood up.

Learn more

This article assumes you have some familiarity with Terraform already. There is an awesome amount of information on the web and HashiCorp documentation for getting started is a great resources to understand the basics of Terraform. Also here is a great blog from the AWS SA team on using Terraform.