Day Six, on to Terraform (back to Day 5)
After a few days off last week and this week, I don’t remember where I live let alone what I was working on last week. But, I’ve recovered from this before, so let me get going.
Coming today: the Pluralsight course, “Terraform – Getting Started” course by Ned Bellavance. I am only slightly familiar with Terraform. I know it’s powerful and I am a fan of being able to reproduce and tear down an infrastructure as often as needed. I’m planning to get to a point were I have a usable infrastructure using the information I get from this course, then, maybe go on to something a bit more fun, like using the infrastructure to actually build a web site that someone can use.
First, the vagrant machine. I’m copying the stuff I did in the pizza app (previous Pluralsight courses). I also attempted to remove all of the AWS resources I built in that course.
Surprising that I’ve racked up a $.68 or so bill on Amazon. After a little reviewing on my billing page, I found that it was caused by an unused reserved VPC address. I’m pretty sure that means I had reserved a VPC that wasn’t being used by any EC2 instances (I deleted those last week). Live and learn. I thought less would cost less. Not always, apparently.
AWS costs continue to scare me! I don’t like the no ceiling thing.
Possible that I’m dragging my feet a bit. I may be suffering from “what if I don’t know what I’m doing” self-doubt (I’d say imposter syndrome, but that term is a bit worn). I’ll give myself a pep talk and get back at it.
This course is a very good follow-up to the AWS courses I took previously. It starts out with very simple set-ups. I’m just following along, creating and tearing down as told. I really like being able to tear down exactly what I built. I think I will end up loving Terraform.
Using the course files that are provided with the course, it was pretty easy to change a couple things and get an ec2 instance up and running quickly. It was just as easy to get a load-balanced set-up with two ec2 instances going.
Yes, mistakes were made!
I made a mistake while setting up the .tf files. They required pretty much no change (I used a different region, but nothing else). However, I thought the ec2 user would be the IAM account I used when providing credentials, so I change the “ec2_user” being provided for the ssh connection to my IAM user. That was wrong! Leave that user as “ec2_user”.
Don’t use Terraform for Provisioning!
One thing the course mentions is that, while Terraform has “provisioning” capability, it would be better to use something like Puppet or Chef to do this type of work. So, it looks like I need to go down another learning rabbit hole. Since I’m trying to follow best practices, though, I’m going to go ahead and take the side road. It’s amazing how much you can learn by doing this. I’ve never had that luxury in the past, but now I do, so I’m going to take advantage.
“environment variables…That doesn’t seem like a good solution to me”
Me…being wrong!
Storing the AWS key and secret is covered slightly in this course. I’ve used AWS secrets manager in the past. I’m not sure whether or not Terraform can get to secrets manager. It seems like a chicken/egg situation. Ned ends up using environment variables. That doesn’t seem like a good solution to me. He also mentions Hashicorp Vault. That’s probably the right way to do it. So, another rabbit hole to go down.
Again, looking back…
I ended up using environment variables. That’s what everyone does. If you don’t commit them to source control it seems to be fine and what everyone considers best practice.