Terraform Cloud Series – Part 2

Reading Time: 5 minutes

So, Let’s continue from where we have left off at, In this blog, I will focus on the same build process of AWS VPC, but this time code will reside in a git repository (Gitlab for this demos). Assuming the audience is familiar with what is GitLab/GitHub – otherwise, I would recommend understanding the basics of Git before continuing with the rest of the demo.

For Part 2 of this series, I will be creating a new workspace for simplicity purposes.

And I will break the blog into the following areas:

  • Connect to a version control provider
    • Setup/Configure application
    • Generate Tokens
  • Integrate Terraform Cloud with Gitlab
  • Create AWS VPC network using git repo
  • Setup Cloud provider tokens/run time vars
  • Update the code base in git

Connect to a version control provider

Once signed into Terraform Cloud, click create “New workspace” you would be asked to set up the backend repository and cloud provider token:

For the purpose of this lab, I will be using Gitlab to setup my backend.

Note: If you planning on using GitHub or GitLab, one thing is to keep in mind is that each environment lifecycle should be a repo/project. If you combine your code with the root repo, it will be very difficult to manage the stack deployment and organization.

Setup/Configure application

Note: You will need to get properties from both GitLab and terraform cloud, hence I suggest that you open two windows/tabs to work in parallel.

Once you have signed into Gitlab, goto your account sections and applications:

Here we will create a new application that will integrate with Terraform Cloud, I am going to call my application “TerraformCloudisFun

Notice the Redirect URL is garbage value; that is on purpose. We will come back to this and fix it later. go ahead and save the application.

Now, let’s configure the Terraform Cloud section:

  • You should be already on “VCS Providers” section under your organization:
  • If not, you will need to get VCS Provider by clicking –> org –> New Workspace –> VCS provider
  • Again, I am calling my provider “TerraformCloudisFun” to keep the naming consistent.
  • We will need to provide application ID & Secret generated in step above
  • Add VCS provider and application is created.

Integrate Terraform Cloud with Gitlab

Locate the call-back URL and copy the URL – we need to modify with the Gitlab application we created in an earlier step.

  • If you are still on application created page, click the edit button and update callback URL with Terraform Cloud Callback URL:
  • Save & update the application.
  • Now, back to Terraform Cloud and click “connect organization
  • Terraform will try to access GitLab.com and authorize the application.

That’s it – Backend is configured and ready to be used.

Create AWS VPC network using git repo

Now that we have our backend ready, let us try to create the AWS VPC by pulling the code directly from version control.

Terraform application we created will fetch the repos/projects from Gitlab.com:

Select your repository or working project for provisioning and create workspace:

You might have to wait a bit before the workspace is ready to be configured.

Hit the configure button and provide the required properties for the cloud provider:

Setup Cloud provider tokens/run time vars

I will add my AWS IAM user Access Key and Secret which is needed to create the stack in AWS.

  1. AWS Access Key
  2. AWS Access Secret
  3. Additional tag values

Notice that TF Cloud allows you to encrypt the secret values, but this information may appear in TF outputs/debug logs.

  • Select the “Sensitive” checkbox & save the variables.

Now we are ready to create the stack using TF Cloud.

Hit the “Queue Plan” button and stack creation will generate plan and if there any errors, it will stop:

If all looks good, TF Cloud will ask the user to verify and apply the changes:

Apply the changes and provide comments.

While it is creating the stack, you can look at the raw logs:

If everything goes as planned, job will change the status to success:

Update the code base in git

For the final piece, I will update one of the subnet CIDR range in TF code block from 10.10.104.0/24 to 10.10.105.0/24 – Push the changes to Gitlab.

From:

module "vpc" {
  source = "terraform-aws-modules/vpc/aws"
  version = "2.29.0"

  # insert the 12 required variables here
  name = "poc-vpc-${var.prefix}"
  cidr = "10.10.0.0/16"
   azs             = ["us-east-1a", "us-east-1b", "us-east-1c"]
  private_subnets = ["10.10.1.0/24"]
  public_subnets  = ["10.10.104.0/24"]

  enable_nat_gateway = true
  enable_vpn_gateway = true
  enable_s3_endpoint = true

  tags = var.default_tags
}

To:

module "vpc" {
  source = "terraform-aws-modules/vpc/aws"
  version = "2.29.0"

  # insert the 12 required variables here
  name = "poc-vpc-${var.prefix}"
  cidr = "10.10.0.0/16"
   azs             = ["us-east-1a", "us-east-1b", "us-east-1c"]
  private_subnets = ["10.10.1.0/24"]
  public_subnets  = ["10.10.105.0/24"]

  enable_nat_gateway = true
  enable_vpn_gateway = true
  enable_s3_endpoint = true

  tags = var.default_tags
}


Terraform detected the changes from backend and generated the new infra plan:

Changes are detected as we can see the subnet will be re-created.

It is obvious that pushing this change impacts the network, I have the ability to discard the run with the provided comment:

In the next series, we will discuss organizations of the projects/workspace, state file, and advance features.

Hope this post helped to get you started with Terraform Cloud.

Leave a Reply

Your email address will not be published. Required fields are marked *