Tuesday, 31 May 2022

Terraform Modules

 

Terraform considers every .tf file in configuration directory as configuration file. This means that we can define all resources in a single .tf file or divide them into multiple .tf files. 
 
In practice, there can be hundreds of resources and both options above prevent reusability. 

Terraform module is any configuration directory which contains configuration files.

A module where we run Terraform commands is called a root module.

To include a module A (in directory A) in a configuration file in module B (in directory B) we can do the following:

../my-projects/A/
../my-projects/A/main.tf
../my-projects/A/variables.tf
../my-projects/B/
../my-projects/B/main.tf

where ../my-projects/B/main.tf:
 
module "project-B" {
    source = "../A"
}
 
Module A is a child module of module B. project-B is the logical name of the module. source is a a required argument in module block. Its value is a relative or an absolute path to the child directory. 

In practice, all reusable modules should be stored in a modules directory, grouped by their projects:
 

../my-projects/modules/
../my-projects/modules/A/app_server.tf
../my-projects/modules/A/dynamodb_table.tf
../my-projects/modules/A/s3_bucket.tf
../my-projects/modules/A/variables.tf
 
This example shows the project outline and configuration for provisioning resources for application that needs to be deployed in various AWS regions.
 
../my-projects/modules/
../my-projects/modules/my-app/app_server.tf
../my-projects/modules/my-app/dynamodb_table.tf
../my-projects/modules/my-app/s3_bucket.tf
../my-projects/modules/my-app/variables.tf
 
 
../my-projects/modules/my-app/app_server.tf:
 
resource "aws_instance" "my_app_server" {
    ami = var.ami
    instance_type = "t2.medium" 
    tags = {
        Name = "${var.app_region}-my-app-server"
    }
    depends_on= [
        aws_dynamodb_table.orders_db,
        aws_s3_bucket.products_data
    ]
}
 
../my-projects/modules/my-app/s3_bucket.tf:
 
resource "aws_s3_bucket" "products_data" {
    bucket = "${var.app_region}-${var.bucket}"
}

../my-projects/modules/my-app/dynamodb_table.tf:
 
resource "aws_dynamodb_table" "orders_db" {
    name = "orders_data" 
    billing_mode = "PAY_PER_REQUEST"
    hash_key = "OrderID"
    attribute {
        name = "OrderID" 
        type = "N"
    }
}

../my-projects/modules/my-app/variables.tf:
 
variable "app_region" {
    type = string
}

variable "bucket" {
    default = "product-manuals"
}

variable "ami" {
    type = string
}


If we want to deploy this infrastructure stack to e.g. eu-west-1 region (Ireland) we can create a directory ../my-projects/my-app-ie/ and in it:
 
../my-projects/my-app-ie/provider.tf:
 
provider "aws" {
    region = "eu-west-1"
}
 
../my-projects/my-app-ie/main.tf:
 
module "my_app_ie" {
    source = "../modules/my-app"
    app_region = "eu-west-1"
    ami = "ami-01234567890"
}
 
We can see that there are only two variables that differentiate deployment to each region. To provision this infrastructure stack in this region we just need to cd into ../my-projects/my-app-ie/ and execute:
 
$ terraform init
$ terraform apply

If we want to deploy it in e.g. Brasil, we'll have:
 
../my-projects/my-app-br/provider.tf:
 
provider "aws" {
    region = "sa-east-1"


../my-projects/my-app-br/main.tf:
 
module "my_app_br" {
    source = "../modules/my-app"
    app_region = "sa-east-1"
    ami = "ami-3456789012"
}
 
 

Using modules from the public registry

 
Apart from provider plugins, Terraform registry also contains modules:



Modules are grouped by the provider for which they are created. There are two types of modules:

  • verified - tested and maintained by Hashicorp
  • community - not validated by Hashicorp
 
Example of verified module: AWS module security-group, used to create EC2-VPC security groups on AWS. 
 

 
 
To use it in our own configuration we can first copy-paste code snippet which can be found under Provision Instructions section:

module "security-group" {
  source  = "terraform-aws-modules/security-group/aws"
  version = "4.9.0"
  # insert the 3 required variables here
}


module security-group has ssh submodule which can be used to create predefined security groups like this one which allows inbound SSH:

module "security-group_ssh" {
    source  = "terraform-aws-modules/security-group/aws//modules/ssh"
    version = "4.9.0"
    # insert the 2 required variables here
    vpc_id = "vpc-0123456789" 
    ingress_cidr_blocks = [ "10.11.0.0/16" ]
    name = "ssh-access"
}
 
terraform get only downloads module from the registry:
 
$ terraform get

When using 3rd party modules, terraform apply might be provisioning additional resources (on top of those we explicitly add to the configuration), as per module's configuration.

1 comment:

FIRMWARE HACKS said...

⚠️CRYPTO TRADING SCAM ALERT⚠️

❌ Crypro Trading, Forex Trading, Stock Trading and their likes are a means of making money but it’s more like gambling. There are no sure means to guarantee that a person could make profit with them and that’s why it can also be reasoned to be scam. Let’s not forget that some individuals even give you 💯 % guarantee of making profits and end up running away with your money.

❌ You might have also come across some individuals that say they will give you guarantee on successful trades but they only end up as SCAMMERS as well. You here them say stuffs like 200% guaranteed in just 2 weeks and when you go into trade with them, they start telling you to pay profits percentage before you can get your income. These are all liars please avoid them. But if you have been a victim of this guys, then you should contact FIRMWARE now‼️

The internet today is full of Recovery Scam, you see so much testimonies been shared about how a firm or Company helped them recover what they lost to this Trading, but believe it, it’s just a way to lure more people and end up scamming them.


✳️The big Question is “Can someone Recover their money lost to Binary Option and Scam⁉️
I will say yes, and will tell you how.

The only way to Recovery your money back is by hiring HACKERS to help you break into the Firms Database Security System using the information you provide them with, Extract your file and get back your money. It seems like a really impossible thing to do, I will tell you, it should be impossible, but with the use of specially designed softwares known to HACKERS and Authorities (such as The FBI, CIA e.t.c) it is possible and the only way to recover your money.

✅FIRMWARE are a group of hackers who use their hacking skill to hunt down SCAMMERS and help individuals recovery their money from Internet SCAMMERS.
We just need the contact details of the SCAMMERS and Paymnet Info and within 4-8 hours your money will be return to you.

This are services we offer-:
🟢Crypto scam money recovery
🟢lost loan money recovery
🟢money laundry recovery
🟢Device hack
🟢Bank issues
🟢Access to school/company/fellowship/organization files
🟢Lost cars tracking
🟢fraud payment
🟢Access to cheating husband/wife device
🟢extending and subtracting of stamped file concerning a giving end line period of time
🟢tracing and recovering lost emails/conversations/contacts / and accessories
ETC


✳️ You can contact us via the emails below-:
firmwarehacks@gmail.com
Firmwarehacks@gmail.com
FIRMWARE HACKERS ©️
2022 All right reserved ®️