Mastering AWS Infrastructure as Code: The Ultimate Step-by-Step Tutorial

Welcome to the first hands-on blog of our "Mastering AWS DevOps" series! As you dive into Chapter 9 of the book, in this blog, we will look at the art of designing cloud architecture using code, opening up a world where creativity has no limits. In this wide blog, we will dive into the world of AWS Infrastructure as Code, exploring its importance, benefits, and step-by-step implementation with practical examples.

In the modern cloud computing world, Infrastructure as Code (IaC) has become a critical practice for managing and provisioning virtual infrastructure in a scalable, efficient, and automated manner. Amazon Web Services (AWS) offers a wide set of services and tools that enable developers and operations teams to implement IaC effectively.

So let’s understand the IaC concept.

In this topic, we will try to “understand Infrastructure as Code” but before that, we will study “what is Infrastructure as Code?”.

What Is Infrastructure As Code (IaC)?

Imagine you're building a super cool city in a video game. You need to place buildings, roads, parks, and all sorts of stuff to make the city work smoothly.

Now, instead of manually placing each building and road, what if you could just write down instructions for the computer to create your city exactly how you want it? That's like what Infrastructure as Code (IaC) does but in the real world.

Okay, let's bring this idea to the real world of software engineering. You know companies have to set up their IT infrastructure, like servers, networks, and databases, to run their apps and websites, right? However, doing all this setup manually can be slow and liable to mistakes.

That's where Infrastructure as Code comes in. Instead of manually setting up everything, you write down instructions in the form of code using any one of the programming languages. This code tells computers how to create and configure all the necessary parts of the IT infrastructure.

Instead of spending hours clicking buttons and typing commands, you simply write configuration files using formats like YAML or JSON.

Now you will be thinking about what this YAML or JSON is exactly. I will explain what exactly YAML or JSON means in short. So, you will get a clear idea about this YAML or JSON.

Here is a simple explanation:

YAML: YAML stands for “yet another markup language”.

The code writing with this language is like writing a to-do list in a clear, easy-to-read way.

The YAML format closely resembles how one would naturally document structured data on physical paper. It is designed purposefully to be easier for humans to read.

JSON: JSON stands for “JavaScript Object Notation”.

It is a way to structure and represent data in a format that is easy for both humans and computers to understand. In JSON, data is organized into key-value pairs, where each key is associated with a value.

In short, use YAML for simplicity and readability, and JSON for complexity and compatibility code writing. You will execute the code, and the computers set up everything exactly as you planned. It's way faster and much less likely to be mistaken.

Plus, since everything is written in code, you can save it, share it, and even change it whenever you need to. Let's say the company needs to add more servers later. Instead of going through the whole setup process again, you just update your code to include the new servers, and the computer takes care of the rest.

So, Infrastructure as Code is like giving computers the power to build and manage the servers, networks, and all that tech stuff we use every day while developing software. It's efficient, less error-prone, and makes life easier for engineers.

Understanding Infrastructure as Code (IaC)

Now that we understand IaC in these simple words, let's go ahead and define this concept.

Infrastructure as Code (IaC) is a way of building and managing cloud infrastructure using descriptive code and instructions. Instead of setting up each thing manually, you write down how your infrastructure will be in a special language. Then, tools understand these instructions and build your application infrastructure exactly the way you described. It's like offering precise guidance to construct a complex structure but for computer elements in the cloud.

Infrastructure as Code means creating and setting up IT infrastructure using code and automation. This makes it easy to do things the same way every time.

Infrastructure as Code (IaC) is an efficient method for managing and setting up computer infrastructure using code and automation. Instead of manual configurations, it uses a specialized language to control and organize everything. This approach streamlines the process, much like how software developers build and manage their applications.

So, in this blog, we will start with the definition of Infrastructure of code, why it is important, and its benefits.

Infrastructure as Code Defined:

At its core, IaC involves writing code to define, configure, and deploy infrastructure components. These components can include virtual machines, networks, storage, load balancers, databases, and more.

By expressing infrastructure configurations as code, organizations can ensure that their infrastructure is consistent, repeatable, and easily manageable across various environments, such as development, testing, and production.

We have discussed the definition of Infrastructure as a code. Now let’s understand what is the importance of IaC?

Importance of Infrastructure as Code (IaC):

Infrastructure as Code (IaC) plays an important role in modern IT environments, offering numerous benefits. Here are the key reasons why IaC is important:

1) Consistency and Reproducibility: IaC has Consistency and Reproducibility. Traditional manual setups can lead to configuration drift, where different environments have slight differences in settings. IaC ensures that infrastructure configurations are identical each time they are deployed, reducing errors caused by inconsistency. With IaC, your computer systems are set up the same way every time, which reduces mistakes caused by differences.

2) Version Control: Think of Infrastructure as Code as a special notebook where you write down changes. It helps you remember who did what and when. This is like having a book that tracks the changes made in a story. In the same way, Infrastructure code can be stored in version control systems like Git. This allows teams to track changes, review history, and collaborate effectively, similar to how developers collaborate on software projects.

3) Efficiency:Manual provisioning of infrastructure can be time-consuming and susceptible to errors. IaC automates the process, resulting in faster deployments and reduced operational overhead.

4) Scalability:When we need more copies of a document, we use a photocopy machine to produce the desired number of extra copies with ease. Similarly, with IaC, we can effortlessly create additional infrastructure resources by making changes to the configuration file, often referred to as code. By modifying this file, you can easily scale the number of instances, resources, or services up or down as needed.

5) Disaster Recovery:Suppose a big sea wave came and destroyed the sand castle that you built. However, if you had a picture of the castle, it would be easy for you to build it exactly in the same way and in less time. IaC works similarly in what’s called Disaster Recovery. If there's a problem, you can rebuild the IT infrastructure exactly as it was, using the configuration file.

Now you have got the importance of IaC using key points.

Now we will discuss examples of IaC tools that help to set up various IT infrastructures.

Examples of IaC Tools:

Well, here we got to know that by using the IaC concept, we can deploy IT infrastructure in less time and with consistency. However, are we going to sit and write the code in the configuration file every time? Certainly not!

We have a lot of tools to make this task easier, efficient and manageable. These tools will bring in automation, consistency, speed, reproducibility, version control, scaling, testing, modularity, documentation and collaboration. These tools will simply make the process easier.

So, let’s see how tools like AWS CloudFormation, Terraform, and AWS CDK codes are used to do this task easily.

Next, we'll discuss various IaC tools with practical examples. This will give you a clear understanding of how IaC works in practice

AWS CloudFormation:

Firstly, AWS CloudFormation is a service provided by Amazon Web Services (AWS) and is a key tool for IaC. In this, we will discuss AWS CloudFormation concepts in detail.

AWS CloudFormation allows you to define and manage your cloud infrastructure in a structured and automated way. Instead of setting up the resources in AWS one by one, it lets you describe your desired cloud resources and their configurations using a template. This template is written in JSON or YAML.

CloudFormation then takes this template and handles the provisioning and management of your resources, ensuring consistency, scalability, and ease of deployment across different environments.

In simpler terms, AWS CloudFormation helps you set up and control your AWS cloud resources without everything manually.

Amazon Web Services (AWS) CloudFormation is a powerful service that allows you to define, deploy, and manage AWS infrastructure resources using code templates. It serves as a fundamental part for implementing Infrastructure as Code (IaC) within the AWS environment.

With CloudFormation, you can create, update, or delete resources in a consistent and controlled manner, making it an essential tool for managing complex infrastructures.

AWS CloudFormation is a native AWS service that uses JSON or YAML templates to define and manage AWS resources.

Now, we will discuss more about all the key concepts of AWS CloudFormation one by one.

To understand key concepts of AWS CloudFormation easily we can refer to one image as shown below:

Here are some key concepts of AWS CloudFormation as given below:

1) Templates:CloudFormation templates are JSON or YAML files that describe the resources you want to create, their properties, and any dependencies between them. Templates can be versioned, stored in source control, and reused across different environments.

2) Stacks:CloudFormation templates are JSON or YAML files that describe the resources you want to create, their properties, and any dependencies between them. Templates can be versioned, stored in source control, and reused across different environments.

3) Resources:Resources are the individual components that make up your infrastructure, such as Amazon EC2 instances, Amazon RDS databases, Amazon S3 buckets, etc. Resources are defined in your CloudFormation template.

4) Parameters: Parameters are inputs that you can provide when creating or updating a stack. They allow you to customize the behaviour of your CloudFormation template without modifying the template itself.

5) Mappings:Mappings are sets of key-value pairs that can be used in templates to specify conditional values based on certain input parameters or conditions.

6) Outputs:Outputs are values that CloudFormation exports from the stack after it's created or updated. These values can be used by other AWS services or resources.

7) Change Sets:Before applying updates to a stack, CloudFormation allows you to review the proposed changes using a change set. A change set shows the differences between the current stack and the updated template, giving you a chance to review and approve changes before applying them.

8) Nested Stacks:You can use nested stacks to break down complex templates into smaller, reusable components. Each nested stack is treated as a separate CloudFormation stack, allowing you to manage and update different parts of your infrastructure independently.

9) Cross-Stack References:CloudFormation enables you to reference resources from other stacks using cross-stack references. This can be useful when you have resources in different stacks that need to interact with each other.

10) Stack Policies:Stack policies allow you to control the permissions for updates to specific resources within a stack. This can help prevent accidental modifications to critical resources.

11) Drift Detection:CloudFormation offers drift detection, which helps you identify and compare the actual resources in your stack with the expected template configuration. This can be useful for identifying unauthorized changes.

CloudFormation simplifies the process of managing and scaling your AWS infrastructure by automating resource provisioning and tracking changes over time. It's a powerful tool for infrastructure as code (IaC) practices, allowing you to maintain consistency, version control, and reproducibility in your cloud environment.

Now we will discuss AWS CloudFormation concepts using practical examples. Let's start one by one:

Templates

As we already discussed the theory about templates. Here's an example of a CloudFormation template that demonstrates the various components and steps involved.

This template creates an Amazon S3 bucket and an Amazon DynamoDB table

Remember that this is a simplified example for demonstration purposes, and actual templates can be much more complex.


AWSTemplateFormatVersion: '2010-09-09'
Description: Example CloudFormation Template

Parameters:
  BucketName:
    Type: String
    Description: Name of the S3 bucket
    Default: my-example-bucket

Resources:
  MyS3Bucket:
    Type: 'AWS::S3::Bucket'
    Properties:
      BucketName: !Ref BucketName

  MyDynamoDBTable:
    Type: 'AWS::DynamoDB::Table'
    Properties:
      TableName: my-example-table
      AttributeDefinitions:
        - AttributeName: id
          AttributeType: N
      KeySchema:
        - AttributeName: id
          KeyType: HASH
      ProvisionedThroughput:
        ReadCapacityUnits: 5
        WriteCapacityUnits: 5

Outputs:
  BucketOutput:
    Description: S3 Bucket Name
    Value: !Ref MyS3Bucket
    Export:
      Name:!Sub "${AWS::StackName}-S3Bucket"

  TableOutput:
    Description: DynamoDB Table Name
    Value:!Ref MyDynamoDBTable
    Export:
      Name:!Sub "${AWS::StackName}-DynamoDBTable"

Explanation of the above steps:

AWSTemplateFormatVersion: It specifies the CloudFormation template version. In this case, it's using the '2010-09-09' version.

Description: It provides a short description of the template's purpose.

Parameters: It defines a parameter named "BucketName" that allows users to provide a name for the S3 bucket. The default value is set to "my-example-bucket."

Resources: It describes the AWS resources to be created. It defines two resources:

MyS3Bucket: It creates an S3 bucket with the specified name from the "BucketName" parameter.
MyDynamoDBTable: It creates a DynamoDB table with an "id" attribute as the primary key and specified provisioned throughput.

Outputs: It specifies values to be exported from the stack for reference by other resources.

BucketOutput: It exports the name of the S3 bucket using!Ref and create an export name using ${AWS::StackName}-S3Bucket.
TableOutput: It exports the name of the DynamoDB table in a similar manner.

In this example, users would provide the "BucketName" parameter value when creating the stack.

The outputs of the stack would be the names of the created S3 bucket and DynamoDB table, which can be referenced by other AWS resources within the same AWS account and region.

To deploy this template, you would use AWS CloudFormation Console, AWS CLI, or SDKs to create a stack using the template file. The result would be the creation of the specified S3 bucket and DynamoDB table.

Now we will discuss the 2nd key concept of CloudFormation i.e Stack.

A fundamental concept in CloudFormation is the "stack." In AWS CloudFormation, a "stack" refers to a collection of AWS resources that you create, manage, and delete as a single unit. It's like packaging up all the parts of your application or infrastructure into one bunch.

When you create a stack, you define the resources you want, like servers, databases, and networks, in a template. Then, CloudFormation takes care of provisioning and managing those resources for you.

Stacks make it easier to manage complex applications because you can create, update, or delete all the related resources in a consistent and controlled way.

So let's walk through the process of creating a CloudFormation stack step-by-step.

Step 1: Writing a CloudFormation Template

These templates define the desired state of your infrastructure, including resources, properties, and dependencies.

Save the CloudFormation template from the previous example as a file named stack-template.yaml:


AWSTemplateFormatVersion: '2010-09-09'
Description: Example CloudFormation Template

Parameters:
  BucketName:
    Type: String
    Description: Name of the S3 bucket
    Default: my-example-bucket

Resources:
  MyS3Bucket:
    Type: 'AWS::S3::Bucket'
    Properties:
      BucketName: !Ref BucketName

  MyDynamoDBTable:
    Type: 'AWS::DynamoDB::Table'
    Properties:
      TableName: my-example-table
      AttributeDefinitions:
        - AttributeName: id
          AttributeType: N
      KeySchema:
        - AttributeName: id
          KeyType: HASH
      ProvisionedThroughput:
        ReadCapacityUnits: 5
        WriteCapacityUnits: 5

Outputs:
  BucketOutput:
    Description: S3 Bucket Name
    Value: !Ref MyS3Bucket
    Export:
      Name: !Sub "${AWS::StackName}-S3Bucket"

  TableOutput:
    Description: DynamoDB Table Name
    Value: !Ref MyDynamoDBTable
    Export:
      Name: !Sub "${AWS::StackName}-DynamoDBTable"

The above example is already explained in the Template creation. So, we are taking the above example as a reference for the stack creation. So, you will clearly understand the stack creation.

Run the following command to create the CloudFormation stack: Create stack

Replace my-stack with a desired name for your stack and my-bucket-name with the desired S3 bucket name.

Now let's discuss the above commands as below:

Let's break down the AWS CloudFormation command you provided step by step:

aws cloudformation create-stack:

This part of the command tells the AWS Command Line Interface (CLI) to use the AWS CloudFormation service and create a new stack.

--stack-name my-stack:

Here, you specify the name you want to give to your CloudFormation stack. In this example, it's named "my-stack." The stack name must be unique within your AWS account.

--template-body file://stack-template.yaml:

This part of the command tells CloudFormation where to find the template that defines your stack. --template-body is followed by file://stack-template.yaml. The meaning of the above command is the template is stored locally on your computer with the filename "stack-template.yaml." CloudFormation will read this file to understand how to create your stack.

--parameters ParameterKey=BucketName, ParameterValue=my-bucket-name:

In CloudFormation templates, you can define parameters that allow you to customize your stack when you create it. This part of the command sets a parameter named "BucketName" to the value "my-bucket-name." It's important to note that parameter values are typically provided as key-value pairs in the format ParameterKey=SomeKey, ParameterValue=SomeValue.

So, in summary, this AWS CloudFormation command is creating a new stack named "my-stack" based on the template found in the "stack-template.yaml" file. It also sets the value of a parameter called "BucketName" to "my-bucket-name" during stack creation. This is a simplified example.

Step 2: Wait for Stack Creation

To complete, you can use the following command to wait until the stack creation process completes:

Now, let's break down this command:

aws cloudformation wait stack-create-complete:

This part of the command tells AWS CloudFormation to wait until the specified stack's creation is complete. It means the stack is fully set up and ready to use.

--stack-name my-stack:

Here, you specify the name of the stack you want to wait for. Replace "my-stack" with the actual name of your CloudFormation stack.

After you run this command, AWS CloudFormation will continuously check the status of your stack until it's created successfully. Once the stack creation is complete, the command will exit, and you can proceed with other tasks or operations knowing that your stack is ready for use.

Remember to replace "my-stack" with the name of your specific CloudFormation stack. This command can be particularly useful when you're automating cloud infrastructure provisioning and want to ensure that subsequent steps in your automation process only run when the stack is fully operational.

Step 3: Check Stack Outputs

Once the stack creation step is complete, you can retrieve the stack outputs using this command:

aws cloudformation describe-stacks --stack-name my-stack-name --query "Stacks[0].Outputs"

This command will display the exported values from the outputs section of your CloudFormation template.

Certainly, let's break down the AWS CloudFormation command aws cloudformation describe-stacks --stack-name my-stack-name --query "Stacks[0].Outputs":

aws cloudformation describe-stacks:

This part of the command is using the AWS Command Line Interface (CLI) to interact with the AWS CloudFormation service. Specifically, it uses the describe-stacks operation, which retrieves information about one or more stacks.

--stack-name my-stack-name:

Here, you specify the name of the stack you want to describe. Replace "my-stack-name" with the actual name of the CloudFormation stack you want to retrieve information about.

--query "Stacks[0].Outputs":

This part of the command uses the --query option to filter and format the output. It's like telling AWS CLI to give you only specific information from the stack description.

"Stacks[0].Outputs":

This query instructs AWS CLI to retrieve the "Outputs" section of the first stack ([0] refers to the first stack in case you have multiple stacks with the same name) and display it in the output.

In summary, when you run this command, it will retrieve and display the output values (if any) of the specified CloudFormation stack.

Output values typically contain information that's useful for other parts of your infrastructure or applications, such as endpoint URLs, resource IDs, or configuration details.

Congratulations! You've created a CloudFormation stack using the AWS CLI. This process allows you to automate the creation and management of your AWS resources using infrastructure as code.

Step 4: Monitoring and Handling Errors

CloudFormation provides real-time status updates during stack creation. You can monitor progress and view any errors that occur.

If an error occurs, CloudFormation can automatically roll back the stack to its previous state, ensuring that you don't end up with a partially deployed environment.

Now let us try to understand “Stack Creation” through one real example.

Example:

Launching a Web Application Stack.

Let's consider an example where you're deploying a simple web application stack using CloudFormation:

Scenario: Launching a Web Application Stack

We want to build a simple web application. Instead of setting up each component manually, AWS CloudFormation allows you to define everything in code. Here is a small piece of what your CloudFormation template might look like:

AWS CloudFormation Template:

In this, you're creating an EC2 instance for the web server and an RDS database instance using just a few lines of code. You specify instance types, security settings, and even scripts to run when the case instances start.

Let's break down each part of the code:

This CloudFormation code defines two AWS resources: a web server (EC2 instance) and a database (RDS instance).

WebServer:

Type: AWS::EC2::Instance:

This parameter specifies that you are creating an Amazon Elastic Compute Cloud (EC2) instance.

InstanceType: t2.micro:

This parameter sets the EC2 instance type to "t2.micro," which is a small, general-purpose instance type.

ImageId: ami-0123456:

This parameter specifies the Amazon Machine Image (AMI) ID to use for the instance.

KeyName: my-key-pair:

This parameter specifies the name of the AWS Key Pair to use for SSH access to the EC2 instance.

UserData:

This section provides user data, which is a script that runs when the instance is launched. In this case, it updates the package manager, installs the Apache web server starts it, and creates a basic HTML file.

Database:

Type: AWS::RDS::DBInstance:

This parameter specifies that you're creating an Amazon Relational Database Service (RDS) DB instance.

Engine: mysql:

This parameter sets the database engine to MySQL.

DBInstanceClass: db.t2.micro:

This parameter sets the RDS instance type to "db.t2.micro," which is a small, general-purpose database instance.

AllocatedStorage: 20:

This parameter specifies the allocated storage in gigabytes for the RDS instance.

MasterUsername: admin:

This parameter sets the master username for the database.

MasterUserPassword: mysecretpassword:

This parameter sets the master user's password for the database.

DBName: mydb:

This parameter specifies the name of the database to create.

By deploying this CloudFormation template, AWS will automatically handle creating and configuring the instances, ensuring your web application stack is up and running without manual interference.

This approach makes deployment efficient, promotes consistency, and enables easy replication across different environments.

Now you have a clear idea about stack creation in AWS CloudFormation.

Now we will discuss the second IaC tool which is “terraform“.

Terraform:

Before we discuss Terraform as one of the IAC tools, we will discuss why we need Terraform. Why not other tools? What exactly does Terraform do? As given below:

Why do we need Terraform?

Let’s say you want to build and manage your IT infrastructure, like servers and databases, in the cloud. But different clouds have different rules and languages for building. Terraform is like a universal translator that lets you build and manage your infrastructure in different clouds using the same language.

Terraform is an IAC tool that helps you build and manage your IT infrastructure, like servers, databases, and networks, using a clear and structured approach. Instead of manually setting up each part, you describe what you want in a special programming language. Terraform then takes your description and creates or manages these resources for you, making it easier to set up and maintain your technology infrastructure.

Terraform uses its own domain-specific language called HashiCorp Configuration Language (HCL). It's designed specifically for defining and managing infrastructure resources in a human-readable and declarative way. HCL is not a general-purpose programming language like Python or JavaScript, but it's designed to describe the configuration and relationships of the resources you want to create or manage with Terraform.

The full name of the tool is "HashiCorp Terraform." HashiCorp is the company that created the Terraform tool.

So, you don't have to learn each cloud's rules, and you can easily switch between clouds if you want. It saves your time, reduces mistakes, and makes everything simpler!

Now we will discuss Terraform in technical language. What exactly does Terraform do?

Introduction to Terraform:

Terraform is an open-source tool for building, changing, and versioning infrastructure safely and efficiently.

Terraform is a powerful open-source tool designed to simplify and automate infrastructure provisioning across multiple cloud providers, including AWS. It enables you to define your infrastructure as code using a declarative language, making it easier to create, modify, and manage resources in a consistent and predictable manner.

Till now we have discussed why we need the Terraform tool?, Introduction of Terraform. Now we discuss key concepts of Terraform

Key Concepts Of Terraform:

Terraform introduces several key concepts that contribute to its effectiveness as an Infrastructure as a Code tool:

Declarative Configuration:

With Terraform, you define the desired state of your infrastructure using a declarative syntax. Terraform then takes care of the details of how to achieve that state.

Providers:

Providers are plugins that enable Terraform to interact with various infrastructure platforms, such as AWS, Azure, Google Cloud, etc. The AWS provider allows you to manage AWS resources using Terraform.

Resources:

Resources represent individual infrastructure components, such as EC2 instances, S3 buckets, and VPCs. The things you want to create, like virtual machines, databases, and networks. You define what resources you need in your code.

State:

Terraform keeps track of what you've built and its current status. It's like a checklist showing what you have and what's changed.

Plan:

"Plan" in Terraform is like a preview before you build. It analyzes your infrastructure code and current state and then shows exactly what changes it will make. It's your chance to review and confirm modifications—like looking at a blueprint before building a Lego model. This helps catch errors, prevents surprises, and ensures you're getting the desired outcome before Terraform takes action.

Apply:

"Apply" in Terraform is the action step. After you've planned changes, running Terraform Apply brings your desired infrastructure to life. It compares your code plan with the actual setup, creating, updating, or deleting resources as needed. It's similar to putting together Lego pieces using a plan you've made beforehand. Apply executes changes safely and precisely.

Variables:

In Terraform, variables act as flexible empty spaces for values, allowing you to easily modify attributes like names or sizes in your code. They serve as dynamic slots in your instructions, permitting you to substitute different values as needed. Essentially, they provide adaptability and customization capabilities, similar to having variables in a mathematical equation that can be adjusted to produce various outcomes. This way, you can reuse your code with different values.

Modules:

Modules are like ready-made templates for your infrastructure. They collect resources and settings together, making it simple to reuse and share complex setups. Think of them as pre-built building blocks you can assemble into bigger structures. Modules save time, promote consistency, and let you build with ease, similar to using distinct components for various sections of a model. Think of them as building blocks for your code. Modules are like small building blocks that you can use again and again to create larger setups without having to start everything from the beginning. Modules are reusable, collections of resources that can be shared across projects.

Version Control:

Version control is like keeping different drafts of your Terraform code, just like saving different versions of a story. It helps to track changes, collaborate with others, and return to previous versions if needed. Storing your code in a safe place, like saving different versions of your favourite story. It helps you track changes, work with others, and go back to older versions if needed.

Till now we covered what is Terraform?, the Definition Of Terraform, and the Key Concepts of Terraform.

Now, we will discuss the concept of Terraform practically. Practical implementation of Terraform as discussed below:

Implementing Infrastructure with Terraform:

Implementing infrastructure with Terraform involves several steps:

Step 1: Writing a Configuration File

You define your infrastructure using HashiCorp Configuration Language (HCL), a human-readable domain-specific language.

HashiCorp Configuration Language (HCL) is a domain-specific language developed by HashiCorp, the company behind tools like Terraform, Consul, and Vault. HCL is designed specifically for writing configuration files that define infrastructure resources, settings, and configurations within HashiCorp's ecosystem of tools.

HCL is designed to be easy to read and write, striking a balance between being human-friendly and machine-friendly.

Create a file named main.tf and define your infrastructure using HCL:

Configuration files contain resource definitions, variables, and other settings needed to describe your infrastructure.

The code provided is written in HashiCorp Configuration Language (HCL), commonly used for writing infrastructure as code (IaC) configurations using Terraform.

Let's break down each part of the code:

provider "aws" { region = "us-west-1" }:

This block specifies the configuration for an AWS provider, which is the cloud provider you're targeting. In this case, you're using AWS as the provider.

region = "us-west-1":

This line specifies the AWS region (in this case, "us-west-1") where your AWS resources will be created. AWS regions represent geographically isolated data centers.

resource "aws_instance" "web_server" { ... }:

This block defines an AWS EC2 instance resource named "web_server." It specifies the characteristics and configuration for creating an EC2 instance.

Inside the resource block, the following attributes are defined:

ami = "ami-0123456":

This line specifies the Amazon Machine Image (AMI) to use for the EC2 instance. An AMI is a pre-configured template for creating EC2 instances. In this case, "ami-0123456" is a placeholder; you would typically use a valid AMI ID from the AWS Marketplace or one you've created.

instance_type = "t2.micro":

This line specifies the instance type for the EC2 instance. The "t2.micro" instance type is a low-cost, general-purpose instance type with limited CPU and memory resources. You can choose different instance types based on your requirements.

tags = { Name = "Web Server" }:

This line defines tags for the EC2 instance. Tags are key-value pairs used for organising and identifying resources in AWS.

In this case, you have assigned a tag with the key "Name" and the value "Web Server" to help identify this EC2 instance in the AWS Management Console or through AWS CLI commands.

The provided code is a simplified example. In practice, you would typically have more comprehensive configurations and may use variables and modules for better organisation and reusability in your Terraform project. Additionally, you would need to initialize and apply the Terraform configuration to create the AWS resources defined in this code.

Step 2: Initializing the Project

In this step, Run the “terraform init” command to initialize your project. This downloads the necessary providers and sets up the backend configuration.

In the same directory as your main.tf file, run:

terraform init

The terraform init command is an essential step when working with Terraform, an infrastructure as code (IaC) tool used for provisioning and managing infrastructure resources. This command initializes a new or existing Terraform project and ensures that the necessary plugins and modules are downloaded and set up correctly.

Here's a breakdown of what the terraform init command does:

Plugin Initialization: Initially, we understand “what are plugins?” in short. "Plugins" refers to software components or extensions that can be added to an existing program or application to provide additional functionality or features. Terraform uses providers and plugins to interact with various cloud providers and services. The terraform init command initializes and installs the required plugins for your specific project. These plugins are responsible for translating your infrastructure code into actions that interact with the target infrastructure.
Module Installation: If your Terraform configuration references external modules (either from the Terraform Registry or custom modules), terraform init will download and install these modules. Modules are reusable pieces of infrastructure code that can be used to create and manage resources.
Backend Configuration: If your project uses a remote backend (such as AWS S3, Azure Storage, or HashiCorp's Terraform Cloud), terraform init will also configure the backend settings. The backend is where Terraform stores its state file, which keeps track of the resources it manages and their current state. This enables collaboration and state management in a multi-user environment.
State Initialization: If you are starting a new project or haven't previously configured Terraform for a specific workspace, terraform init may initialize the state for your project. State files are crucial for Terraform to understand the existing state of your infrastructure and plan changes accordingly.
Validation: terraform init also performs some basic validation of your configuration files, checking for syntax errors and verifying that required providers and modules are correctly defined.

After running terraform init command, your Terraform project is ready for further actions, such as planning (terraform plan) and applying (terraform apply) your infrastructure changes.

Remember that you typically need to run terraform init only once for each Terraform configuration, unless you update your configuration or change your dependencies (like providers or modules).

Step 3: Previewing Changes

In this step, use the terraform plan command to preview the changes that Terraform will make to your infrastructure. It shows what resources will be created, modified, or destroyed.

Generate a preview of the changes using:

Step 4: Applying Changes

Apply your configuration using terraform apply. Terraform will execute the plan and create, update, or delete resources accordingly.

Apply the changes to create resources:

The terraform apply command in Terraform is used to execute the changes specified in your infrastructure code and bring your infrastructure into the desired state as defined in your configuration files.

It's important to use terraform apply with caution, especially in production environments, as it directly impacts your infrastructure. Always review the plan generated by terraform plan before applying changes to ensure they align with your intentions. Additionally, consider implementing change control and testing procedures to minimize risks associated with infrastructure changes.

Step 5: Managing State

Terraform maintains a state file that tracks the current state of your infrastructure. It's important for Terraform to manage this state to understand what resources exist and their configurations.

Terraform will automatically manage the state, you don't need to write code for this step.

These code examples follow the outlined steps to implement infrastructure with Terraform. Just make sure to replace placeholders like ami-0123456 with actual values according to your requirements.

Now we will discuss CDK (Cloud Development Kit) 3rd and last tool of IaC.

At the heart of the AWS CDK are "constructs." Constructs are reusable building blocks that represent AWS resources or groups of resources. CDK provides a rich library of pre-built constructs that correspond to AWS services. These constructs can be customized and composed to create a more complex infrastructure.

Now let’s get into some action and see how to create IT infrastructure using CDK.

Developing Infrastructure with CDK:

Developing infrastructure with AWS CDK involves a set of steps that are advantageous for your chosen programming language:

Step 1: Installing CDK and Setting Up the Project

You install the AWS CDK CLI, create a new project directory, and initialize it for your chosen programming language (e.g., TypeScript).

Step 1.1 Install CDK CLI:

Install the AWS CDK CLI globally using npm (Node.js package manager):

The command npm install -g aws-cdk is used to globally install the AWS Cloud Development Kit (CDK) package using the Node Package Manager (npm).

Let’s understand this command:

npm: This is the Node Package Manager, a tool commonly used in the JavaScript and Node.js ecosystem to manage packages and dependencies.
install: This is an npm command used to install packages or dependencies.
-g: This is a flag that stands for "global." It tells npm to install the specified package globally on your computer rather than locally within a specific project directory. Global installations are typically used for command-line tools or utilities that you want to be available across your entire system.
aws-cdk: This is the package name for the AWS Cloud Development Kit (CDK), a framework for defining cloud infrastructure as code using programming languages like TypeScript, Python, Java, and others.

By installing the AWS CDK globally, you make the cdk command-line tool available system-wide, allowing you to create and manage AWS infrastructure using the CDK from any directory on your computer.

After running this command, you are able to use the cdk command to work with the AWS CDK and define cloud resources in your preferred programming language.

Step 1.2. Create a New Project:

In this step, create a new directory for your CDK project and navigate to it in your terminal:

Let's break down each command:

mkdir cdk-project:

mkdir: This is short for "make directory." It's a command used to create a new directory (folder) in the file system.
cdk-project: This is the argument to the “mkdir” command and represents the name of the new directory you want to create. In this case, you're creating a directory called "cdk-project."

So, when you run mkdir cdk-project, you are creating a new directory called "cdk-project" in your current location.

cd cdk-project:

cd: This is short for "change directory." It's a command used to change your current working directory to a specified location.
cdk-project: This is the argument to the “cd” command and represents the directory you want to change into.

When you run cd cdk-project immediately after creating the "cdk-project" directory, you are changing your current working directory to the newly created "cdk-project" directory. This allows you to navigate into and work within that specific directory in your command-line environment.

Step 1.3. Initialize Project:

In this step, initialize your CDK project using your chosen programming language.

For example, if you are using TypeScript then:

The command cdk init app --language=typescript is used to initialize a new AWS Cloud Development Kit (CDK) application project in TypeScript.

Let's break down each part of the command:

cdk init:

cdk: This refers to the AWS Cloud Development Kit, a framework for defining cloud infrastructure in code.
init: This is a subcommand of the cdk command used to initialize a new CDK application or project.

App:

“app” is an argument provided to the “cdk init” command, specifying the type of CDK project you want to create. In this case, you're initializing an application-level project. CDK supports various project types, including "app," "library," and "sample-app."

--language=typescript:

--language: This is an option or flag used with the “cdk init” command to specify the programming language you want to use for your CDK project.
typescript: In this case, you're specifying TypeScript as the language for your CDK project. TypeScript is a statically typed superset of JavaScript that is commonly used for writing CDK infrastructure code.

When you run the “cdk init app --language=typescript” command, it sets up a new CDK application project using TypeScript as the chosen programming language. This command typically creates a project structure, initializes necessary configuration files, and provides you with a starting point for defining cloud resources and infrastructure in code using the AWS CDK. You can then proceed to define and deploy AWS resources using TypeScript within your CDK project.

Step 2: Writing Constructs Using TypeScript

In this step, define constructs in your chosen programming language, using classes and methods provided by the AWS CDK libraries.

These constructs represent AWS resources like S3 buckets, Lambda functions, and DynamoDB tables.

In your TypeScript code, you define constructs that represent an API Gateway, Lambda functions, and associated resources. You configure routes, methods, and integrations.

In your lib directory (which was created during the project initialization), you'll find a file named cdk-project-stack.ts (for TypeScript). This is where you define your constructs.

Here's an example construct for creating an S3 bucket:

Let's break down each part of the code:

These lines import the necessary modules from the AWS CDK library.

import * as cdk from 'aws-cdk-lib'; imports the CDK library.

import * as s3 from 'aws-cdk-lib/aws-s3'; imports the module specifically related to Amazon S3.

Above line defines a TypeScript class named “CdkProjectStack” that extends the “cdk.Stack” class.

In CDK, a "stack" represents a set of AWS resources that are created, updated, or deleted together as a unit.

This is the constructor method for the CdkProjectStack class. It takes three parameters:

scope: cdk.Construct:

This parameter represents the parent construct in the CDK hierarchy. It is used to define the scope of the stack.

id: string:

This parameter represents the unique identifier for the stack.

props?: cdk.StackProps:

This parameter is optional and represents additional stack properties.

super(scope, id, props);: This line calls the constructor of the parent class (cdk.Stack) and passes the provided parameters to it.

These lines define an Amazon S3 bucket within the CDK stack.

new s3.Bucket(this, 'MyS3Bucket', { ... });:

This parameter creates a new S3 bucket resource. “this” refers to the current CDK stack (CdkProjectStack). 'MyS3Bucket' is the logical ID of the S3 bucket.

removalPolicy: cdk.RemovalPolicy.DESTROY,:

This parameter specifies the removal policy for the S3 bucket. In this case, it's set to DESTROY, which means that when the CDK stack is destroyed, the S3 bucket will also be deleted. Be cautious with this setting in a production environment.

That is a basic explanation of the TypeScript code, which defines a CDK stack and an S3 bucket resource within that stack. This is just the starting point for building AWS infrastructure using CDK. We can add more resources and configurations as needed.

Step 3: Synthesizing the CDK App

In this step, run the CDK synthesis process, which generates an AWS CloudFormation template that corresponds to your constructs and configurations.

Run the CDK synthesis process to generate the CloudFormation template:

The “cdk synth” command is used in the AWS Cloud Development Kit (CDK) to generate a CloudFormation template from your CDK application.

Let's break down each part of the command:

Cdk:

This is the command-line interface (CLI) for the AWS CDK, which you use to interact with and manage your CDK applications and stacks.

Synth:

This is a subcommand of the cdk CLI used to synthesize (generate) a CloudFormation template based on the AWS infrastructure defined in your CDK application.

When you run the cdk synth command, here's what happens:

The CDK inspects your application code, specifically the constructs and resources you've defined using the CDK framework.
It translates your CDK constructs into the equivalent AWS CloudFormation resources and configurations.
It generates a CloudFormation template in JSON or YAML format that represents the infrastructure defined in your CDK application.

Running “cdk synth” is a crucial step in the CDK development process as it provides a visible representation of your infrastructure code in the form of a CloudFormation template that you can interact with. It allows you to deploy it with confidence.

The generated CloudFormation template can be reviewed before deploying.

Step 4: Deploying the Infrastructure

In this step, using cdk deploy, AWS CDK deploys the infrastructure by creating a CloudFormation stack with the defined resources.

Deploy the infrastructure using the following command:

The cdk deploy command is used in the AWS Cloud Development Kit (CDK) to deploy your AWS infrastructure based on the definitions you've specified in your CDK application.

Let's break down each part of the command:

cdk:

This is the command-line interface (CLI) for the AWS CDK, which you use to interact with and manage your CDK applications and stacks.

Deploy:

This is a subcommand of the cdk CLI used to initiate the deployment of your CDK application's infrastructure to your AWS account.

When you run the cdk deploy command, here's what happens:

The CDK CLI compiles your CDK application code and synthesizes (generates) a CloudFormation template from it. This step is similar to what cdk synth does but is performed automatically before deployment.
It deploys the AWS resources defined in your CDK application to your AWS account based on the generated CloudFormation template.
During deployment, the CDK CLI may prompt you for confirmation to proceed with the deployment. You may need to confirm by typing "y" or "yes."
It monitors the progress of the deployment and provides feedback in the terminal, showing the status of each resource being created.
Once the deployment is complete, it provides a summary of the deployed stack, including the stack name, AWS resources created, and their status.

In summary, cdk deploy is a command used to take your CDK application and deploy the defined AWS infrastructure into your AWS account, making it available for use.

CDK will create a CloudFormation stack and deploy the defined resources. Make sure to follow the commands and confirm the deployment.

Till now, we have deeply studied the 3rd IaC tool that is the CDK (Cloud Development Kit) in detail. Now, we will study when and how to use Infrastructure As Code?

4. When & how to use Infrastructure as Code?

In this topic, we will discuss when and how to use Infrastructure As Code? one by one.

4.1 When to Use IaC?

You should use IaC when you want to create and manage your IT infrastructure and services in a consistent, reliable, and efficient way.

Here are some situations or conditions where IaC comes in handy:

Setting up Environments:

When you need to create different environments like testing, development, or production, IaC helps you set them up quickly and exactly the same way every time.

Scaling Resources:

If your website or app becomes more popular and you need more servers or resources to handle the increased traffic. In this case, you can use Scaling Resources.

Consistency:

When you want to ensure that your infrastructure is consistent across different environments. This will help to reduce configuration deviation and inconsistencies between the computers.

Versioning:

Versioning is crucial when you require robust version control for your infrastructure configurations. It serves as a mechanism for enabling efficient collaboration among team members, ensuring that everyone works with the most up-to-date codebase.

Additionally, versioning facilitates auditing and compliance efforts by tracking who made changes and when they occurred. Moreover, it provides a safety net for easy rollback to known-working configurations in case unexpected issues arise during infrastructure changes or updates.

Scalability:

Scalability becomes essential when you aim to effortlessly adjust the size of your infrastructure, whether increasing or decreasing its capacity, by making modifications to your codebase, all without the need for repetitive and manual tasks.

This enables you to efficiently accommodate fluctuating workloads and changing requirements while maintaining the benefits of automation and consistency in your infrastructure management.

Reproducibility:

Reproducibility is invaluable when you require the ability to swiftly recreate an entire environment, whether for testing, development, or disaster recovery scenarios. By having your infrastructure defined as code, you can easily duplicate complex setups, ensuring consistency and accuracy across environments, reducing the risk of errors, and significantly expediting the process of rebuilding or provisioning resources when needed.

This reproducibility ensures that your infrastructure can be reliably and rapidly recreated, promoting both efficiency and resilience in your operations.

Automation:

When you aim to automate the setup and management of your infrastructure, reducing human error and speeding up deployment.

In these situations or conditions, we can use IaC (Infrastructure as Code). Now, we will learn how to use IaC.

4.2 How to Use IaC?

Having discussed the IaC concept and various tools to automate IT infrastructure creation, let us quickly summarize the use of the IaC concept. IaC involves a few steps, just like building with a blueprint. They are given below:

Choose a Tool:

Use any one of the tools discussed above such as Terraform, AWS CloudFormation, and AWS CDK that help you write code to define your infrastructure.

Write Code:

You write code that describes the resources you need, like servers, networks, databases, and more.

Version Control:

Store your code in a version control system like Git. This keeps track of changes and allows you to collaborate with others safely.

Deploy:

"Deploy" involves using a deployment tool or process to execute your code, typically infrastructure as code (IaC).

When you deploy your code, the tool interprets your instructions and takes action in your target environment, which could be cloud-based or on-premises. Depending on your code's configuration, it can create new resources, update existing ones to match your desired state, or delete resources that are no longer needed.

Automation:

With IaC, you can automate the entire process. If you need to make changes, you update the code and deploy it, and the tool takes care of the rest.

As we have discussed when and how to use IaC?

Now, in any tool or concept, we need to adhere to best practices to achieve better results, reduce risks, and ensure continuous improvement. So let us discuss a few best practices to be followed while implementing the IaC concept.

5. Best Practices for AWS IaC

Implementing Infrastructure as Code (IaC) brings significant benefits, but to ensure the effectiveness, reliability, and security of your deployments, it's important to follow best practices.

In this section, we'll dive into key best practices that will help you successfully manage your AWS IaC projects.

Modularity and Reusability:

Best Practice:

Design your IaC templates, modules, or constructs in a modular fashion. Break down your infrastructure components into reusable modules that can be shared across projects.

Benefits:

This approach enhances maintainability, promotes consistency, and accelerates the development of new projects by leveraging existing components.

Parameterization and Dynamic Configurations:

Best Practice:

Use input parameters to make your IaC templates adaptable to different environments and scenarios. Avoid hardcoding values that may change across environments.

Benefits:

Parameterization makes templates flexible, allowing you to use the same codebase with different configurations. Dynamic configurations enhance reusability.

3. Version Control and CI/CD Integration:

Best Practice:

Store your IaC code in version control systems like Git to track changes, collaborate effectively, and maintain a history of modifications.

Benefits:

Version control facilitates collaboration among team members and integration with Continuous Integration and Continuous Deployment (CI/CD) pipelines, ensuring automated and consistent deployments.

4. Testing and Validation:

Best Practice:

Implement automated testing for your IaC code to catch issues early in the development process. Use tools like AWS CloudFormation Linter or Terratest for Terraform to validate your code.

Benefits:

Automated tests help identify errors, ensure correctness, and prevent issues from propagating to production deployments.

5. Security and Compliance:

Best Practice:

Apply security best practices to your IaC code, including proper IAM permissions, secure credentials handling, and least privilege principles.

Benefits:

By adhering to security guidelines, you reduce the risk of unauthorized access and data breaches. Additionally, ensure compliance with regulatory requirements.

6. Documentation:

Best Practice:

Document your IaC code, including explanations of resources, their interactions, and deployment procedures. Describe the purpose and expected behavior of each component.

Benefits:

Comprehensive documentation simplifies onboarding, troubleshooting, and collaboration, especially when team members change or new members join.

7. Continuous Improvement:

Best Practice:

Regularly review and update your IaC code as your infrastructure evolves. Address technical debt, optimize configurations, and integrate feedback from operations teams.

Benefits:

Continuous improvement ensures that your infrastructure remains efficient, secure, and aligned with changing requirements.

8. Rollback and Drift Detection:

Best Practice:

Set up processes for handling stack rollbacks in case of deployment failures. Additionally, implement deviation detection to identify changes made outside of IaC.

Benefits:

Being prepared for failures and detecting deviation early helps to maintain the integrity and consistency of your infrastructure.

Conclusion

In this blog tutorial, we have explored the significance of AWS Infrastructure as Code and dived into three powerful tools: AWS CloudFormation, Terraform, and AWS CDK.

By following the step-by-step examples, you have gained insights into provisioning infrastructure resources consistently, efficiently, and programmatically.

Embracing Infrastructure as Code empowers you to streamline deployments, improve collaboration, and build robust and scalable AWS architectures. With the knowledge gained here, you're well-equipped to embark on your journey towards mastering AWS IaC.

Share this post:

Back