Skip to content

Instantly share code, notes, and snippets.

@douglasmiranda

douglasmiranda/terraform.md

Last active February 10, 2019 23:59
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save douglasmiranda/ec2baf28d8cb7215d4033de3aad17025 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save douglasmiranda/ec2baf28d8cb7215d4033de3aad17025 to your computer and use it in GitHub Desktop.
Download ZIP
Notes on Terraform
Raw
terraform.md

Infrastructure Provisioning with Terraform

terraform.io

General stuff

git

You may want to add to your .gitignore:

.terraform/
terraform.tfstate*

Linode

How do I set regions when creating a instance?

If you're in Linode's dashboard you'll see something like "US, Dallas, TX", but what you really need in your terraform file is something like "us-central".

If you check Linode API:

curl https://api.linode.com/v4/regions

and you will get:

{
  ...
  "data": [
    {
      "id": "us-central",
      "country": "us"
    },
    {
      "id": "us-west",
      "country": "us"
    },
    ...
  ]
}

Well.. still not what you want, so instead look at: https://www.linode.com/speedtest

Terraform Region Linode Dashboard
us-east US, Newark, NJ
us-southeast US, Atlanta, GA
us-central US, Dallas, TX
us-west US, Fremont, CA
eu-central EU, Frankfurt, DE
eu-west EU, London, UK
ap-south SG, Singapore, SG
ap-northeast JP, Tokyo2, JP

Example:

resource "linode_instance" "my_instance" {
  image = "linode/debian9"
  region = "us-southeast" # US, Atlanta, GA
  # ...
}

Digital Ocean

Example simple droplet + cloud firewall

  • prompt for var.digitalocean_token}. Get your token in your Digital Ocean panel.
  • let's say you have your public key in your account, and the name is "Douglas"
  • specs:
    • Debian Stretch
    • 1gb/1cpu
    • monitoring agent installed
    • private networking enabled
    • and access with ssh key
  • with the droplet created, let's add Digital Ocean Cloud Firewall rules to our new droplet
    • allow incoming traffic in http, https and ssh
    • allow all outcomming traffic
provider "digitalocean" {
  # create a file 
  token = "${var.digitalocean_token}"
}

data "digitalocean_ssh_key" "douglas" {
  name = "Douglas"
}

resource "digitalocean_droplet" "mydroplet" {
  image = "debian-9-x64"
  name = "mydroplet-web-1"
  region = "nyc3"
  size = "s-1vcpu-1gb"
  monitoring = true
  private_networking = true
  tags = ["mydroplet", "web"]

  ssh_keys = ["${data.digitalocean_ssh_key.douglas.fingerprint}"]
}

resource "digitalocean_firewall" "web" {
  name = "only-22-80-and-443"

  droplet_ids = ["${digitalocean_droplet.mydroplet.id}"]

  inbound_rule = [
    {
      protocol = "tcp"
      port_range = "22"
      source_addresses = ["0.0.0.0/0", "::/0"]
    },
    {
      protocol = "tcp"
      port_range = "80"
      source_addresses = ["0.0.0.0/0", "::/0"]
    },
    {
      protocol = "tcp"
      port_range = "443"
      source_addresses = ["0.0.0.0/0", "::/0"]
    },
    {
      protocol = "icmp"
      source_addresses = ["0.0.0.0/0", "::/0"]
    },
  ]

  outbound_rule = [
    {
      protocol = "tcp"
      port_range = "1-6553"
      destination_addresses   = ["0.0.0.0/0", "::/0"]
    },
    {
      protocol = "udp"
      port_range = "1-6553"
      destination_addresses = ["0.0.0.0/0", "::/0"]
    },
    {
      protocol = "icmp"
      destination_addresses = ["0.0.0.0/0", "::/0"]
    }
  ]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment