Learn AWS Services With Terraform

Photo by Sam Moqadam on Unsplash

Before I made my transition to IT years ago, my understanding of “The Cloud” was mainly based on the services I interacted with. My understanding of its capabilities was limited to massive storage, because my interaction with the cloud was to download a song I had purchased, that I previously didn’t want stored on my device at the time, or I thought of file sharing with DropBox. Fast forward a few years later at my first IT job, and delving into the world of Amazon Web Services. I was completely overwhelmed with the multitude of services. Signing into the console made me scared to touch anything. Fast forward a few more years and I have a couple of certifications under my belt and three plus years experience working with AWS in production. Some of my biggest leaps in understanding how the services work was not in the console, but using AWS CLI or coding infrastructure builds with Boto (AWS SDK for Python). I also learned to write IaC (infrastructure as code) using CloudFormation and Terraform. If I were to develop a curriculum to learn AWS services in a meaningful way, I would start by just having a basic, high-level understanding of the services. I then would start with Terraform builds and then compare those builds to its manifestation in the console (GUI). In addition to being a very useful tool for deploying infrastructure, coding in Terraform is a great way of learning AWS resources.

If you would like to see the full Terraform configuration in addition to the snippets I will place in the article, you can check out a couple of my Terraform configurations here. The first is a “web server” (minus a database) and the second is an SQS triggered Lambda function.

AWS Service Basics

resource "aws_instance" "web_server" {ami                         = var.amivpc_security_group_ids      = ["${aws_security_group.webserver-   sg.id}"]instance_type               = var.instance-typesubnet_id                   = aws_subnet.public.idcount                       = var.ec2countassociate_public_ip_address = trueuser_data        = var.user_datauser_data_base64 = var.user_data_base_64key_name         = var.key_name}

You can clearly see the ami (Amazon Machine Image), vpc security group id (virtual private cloud), instance type (referring to size and/or IO of the virtual server), subnet id to place your instance in, and a public ip so that your server is reachable outside of the VPC. The remaining declarations are optional. The bare minimum for your ec2 instance to be created is ami and instance type. On a more advanced level you would need to know how the different instance types would effect the performance of an application or if an AMI you chose is suited for your purposes. In addition, you can see that this service calls other services in the configuration. Terraform has helpful documentation for most services. In the documentation it will show you what is required and what is optional. It also shows code examples. I see these as cliff notes to understanding the service on a more technical and practical level.

Understanding Multi-Service Dependencies

resource "aws_security_group" "webserver-sg" {depends_on = [aws_vpc.my-vpc,aws_subnet.public,aws_subnet.private]description = "HTTP, PING, SSH"# Name of the security Groupname = "webserver-sg"# VPC ID in which Security group has to be createdvpc_id = aws_vpc.my-vpc.id# Created an inbound rule for webserver accessingress {description = "HTTP for webserver"from_port   = 80to_port     = 80protocol    = "tcp"cidr_blocks = ["0.0.0.0/0"]}ingress {description = "HTTPS for webserver"from_port   = 443to_port     = 443protocol    = "tcp"cidr_blocks = ["0.0.0.0/0"]}# Created an inbound rule for pingingress {description = "Ping"from_port   = 0to_port     = 0protocol    = "ICMP"cidr_blocks = ["0.0.0.0/0"]}# Outward Network Traffic for the webserveregress {description = "output from webserver"from_port   = 0to_port     = 0protocol    = "-1"cidr_blocks = ["0.0.0.0/0"]}}

One of the first things you can see is the “depends_on” section of this resource. As you can see, this resource, as configured, depends on the vpc resource as well as two separate subnet resources. Drilling down into the configuration with the resources we allow you to understand the bigger picture of how everything is connected in this configuration. This understanding helps the student get past understanding the services in an abstract manner and makes one think of the services in a more functional way. In other words, it demystifies the typical technical jargon and, in my view, makes the “cloud” more simple.

Feedback Loop

Best Practices

The amount of services in the different cloud platforms are too much for one person to retain detailed knowledge to long term memory. Attempting to learn a cloud service merely by just knowing superfluous details is no way to become efficient in DevOps tooling. I would suggest using Terraform to build actual infrastructures and test those infrastructures to maintain a deep but practical knowledge and understating of services. If I knew what I know now when I first started learning AWS, I would have saved countless hours reading up on unnecessary information.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store