Skip to main content
HashnodeTerraform_Part2

Command Palette

Search for a command to run...

Terraform Modules, State file, Remote State file, VPC Creation and VPC Networking.

Updated
7 min read
V
VIJAY KAMMARI

What is state file in Terraform ??

  1. Terraform uses this state file to track what it is created in the cloud.

  2. .tf files => expectation / desired / declared
    actual infra => reality / existing
    state file => for comparision

  3. For the very first time when you create the infra , Then terraform creates the state file and writes to it what it was created. ( terraform apply -auto-approve ). When you run the command second time , it refreshes the state means it checks what ever the infra present in the state file was actually present in the cloud or not , And check the .tf files to create new infra and shows 1 to add 0 to change 0 to destroy.

  4. If someone changed the name of the resource in the console , and you run terraform apply -auto-approve then refreshes the state and checks the infra in the cloud with the help of the state file so in the state file we have different name and in the actual infra we have the different name so it changes the name of the resource in the actual infra with the name present in the state file. 0 to add 1 to change 0 to destroy.

  5. So in ansible we don't have any state concept , So ansible is for the configuration and Terraform is for the infra creation. (Infra as code)

What is remote state file ??

While creating infra using terraform basically the .tfstate file will be created locally as shown in the above image. But there is a disadvantage that our developers may change the state that is the big risk.

  1. So in the remote state file, We keep our state file in the S3 bucket and all the changes of the .tfstate file takes place in the S3 bucket , for this we need to configure the backend in the provider.tf as shown in the below image.

So in the S3 bucket we can find the file vpc-module-state under the vpc-module-terraform bucket. As shown below.

What are modules in terraform ??

  1. Basically in companies we maintain the infra consistent across the all environment , So this can be done in terraform in 3 methods.
    1 . using tfvars
    2 . using workspaces
    3. Maintaining the individual repos for each environment

  2. So here the with the first method we having the risk in the creating the infra and we should frequently changes the backend for the state file , Because we should maintain the separate state file for the each environment (dev , uat , pre-prod, prod). But the code is constant code re-use is done by overriding the variables for each environment.

  3. Using the workspaces the advantage is state file is taken care by the workspace and still there is some rick in the changing the workspace from one environment to another environment.

  4. Instead of the if we maintain the different repos for each environment . It would be good , dev/ , uat/ , pre-prod/ , prod/ . There is chances of doing mistakes is low and we have more control and clarity :)
    But the disadvantage is code is used in each repo . code re-use is not done but we have very clear clarity over here when compare to others.

    To address this issue they introduced the concept called Modules.
    Simply we write the code .tf files as we seen previously and store it in the github and while creating the infra we pass environment related variables to the files.

  5. Please go through this github links
    Module_example
    Module_test

VPC and Networking

  1. VPC means virtual private cloud , we are isolating our resources in the cloud where we will be having more security and full control of it.

  2. VPC is created by allocating the CIDR (classless inter domain routing) eg: 10.0.0.0/16 that means 16 bits are for the network and remaining bits are hosts so we will be having the 2^16 hosts.

  3. We can create the multiple subnets in the VPC for example public subnet , private subnet. And we also allocate the CIDR for these subnets please have a look in the below image will get full clarity.

  4. We do communicate with the servers inside this vpc through the private ip only. If we use public ip then the request goes to the internet and return to the server inside this vpc this increases the latency issue.

  5. Route tables are created for the each subnet , where it is used to the requests.

  6. IGW is the internet gateway where it is the entry point of our vpc , and translate the private ip to the public ip and vice-versa.

  7. NAT gateway is used for the ec2 instances present in the private subnet to communicate with the internet. (used for the patching the server , installing packages).

Networking

  1. If the ec2 in the public subnet want to send request to the internet first the data packets will be sent to the vpc router (logical given by aws) , And vpc router will check the route table of the subnet the instace located in and forward to the IGW , Here the igw will change the private ip associated with the data packets to the public ip of the instance and send in the internet.

  2. If the ec2 in the public subnet want to receive the data request from the internet then, the data packets will come to the internet gateway and here igw will convert the public ip of the packet to the private ip of the ec2, with the help of the state table present in the igw. and sends to the vpc router , and vpc router will send to the ec2 in the public subnet.

  3. If the ec2 in the private subnet want to connect with internet then it will send the request to the vpc router and router will check the route table associated to that subnet and forward to the nat gateway , and nat gateway will replace the private ip of the ec2 instance with it's nat gateway private ip and sends to the vpc router , and vpc router will check the route table associated with the subnet and sends to the igw And igw will replace the private ip of the nat gateway with the public ip of the nat gateway and igw will send to the internet.

  4. Then the response packet will be sent to the IGW. The IGW replaces the public IP of the NAT Gateway with the private IP of the NAT Gateway and sends it into the VPC. The VPC router then delivers this packet directly to the NAT Gateway. The NAT Gateway replaces its own private IP with the original EC2's private IP and sends the packet back to the VPC router, which finally delivers it to the EC2 instance

VPC creation using Terraform

  1. Please go through the github links and added the Readme.MD file for better readability what ever we discussed i have implemented using terraform with Modules concepts.
    VPC_Module
    VPC_Module_test

  2. Only thing you should do before running the .tf files is terraform init , So that all the required plugins will get installed in your machine.

Thanks for the interest :)
Good Luck.

16 views

Comments

Join the discussion

No comments yet. Be the first to comment.