User Identity and Access Management – What’s the Deal with IDP?
What user identity is? Why managing access is essential for businesses? How an IDP (Identity Provider) works? You will find the answer to these questions in the article.
Today, as Innokrea, we invite you to a series presenting the Infrastructure as Code (IaC) approach using the Terraform tool. If you’re wondering why this approach has become so popular in the DevOps culture over the past few years, you’re in the right place. We will try to convey this knowledge to you using Terraform and examples using AWS cloud services.
What is Terraform?
Terraform is an open-source IAC tool primarily used by DevOps teams to automate various infrastructure-related tasks. It is cloud provider-agnostic, written in the Go language, and created by HashiCorp. It’s worth mentioning that tools like Ansible/Chef/Puppet are used for managing and installing software on existing servers. Terraform and CloudFormation, on the other hand, are infrastructure orchestration tools, which means they can handle the provisioning of servers and infrastructure. It’s worth noting that both categories are frequently used by DevOps teams for infrastructure management.
Provisioning, what exactly it is?
In the context of IaC, provisioning refers to the automatically executed process of creating and configuring infrastructure resources using code and configuration files. It involves defining the desired state of the infrastructure through declarations and then deploying it using IaC tools such as Terraform or CloudFormation.
In practice, using such tools involves defining resources such as servers, networks, disks, and security policies in the form of code. The code describes the desired state of the infrastructure, including specific configurations, dependencies, and can also be versioned, ensuring consistency. We always achieve the same result, and we always know, or at least we should know, the state of the infrastructure we manage. This introduces versioning and control into server management. Changes become manageable, systematic, and reviewed through code reviews, and there is also the possibility of reverting changes without manually entering commands on multiple servers.
Figure 1: Difference between Terraform and Ansible in the context of AWS infrastructure, source: medium.com.
Declarative Nature
The Terraform programming language is declarative, which means that we describe the intended goal rather than specific steps, as in the imperative programming paradigm.
Figure 2: Example Terraform code.
Installation and Editor
To install the Terraform software, you need to visit the website and download the appropriate file for your operating system. Then, add the path to the $PATH variable in the Windows system.
As for the editor used, we recommend Visual Studio Code with the necessary extensions that assist with Terraform syntax.
Figure 3: Example extensions in VSC for Terraform.
Concept of Providers and Plugins
Terraform supports multiple server and cloud service providers, allowing us to launch a specific service with a specific provider using Terraform code and documentation. Software components delivered as separate files are called plugins and are developed both with the support of HashiCorp and independently. Therefore, in a production environment, it is necessary to specify the specific plugin versions we want to use in the code because otherwise, the latest versions will be downloaded, which may cause everything to stop working.
To use the appropriate plugin and thereby utilize the API of services like AWS, we need to specify the required_providers section in the code. There can only be one such section in the configuration files.
Figure 4: Code snippet responsible for plugin retrieval and establishing an API connection with AWS.
Basic Workflow
To manage infrastructure using Terraform, it’s important to ensure that there is a plugin for the desired provider. While it’s obvious that there is a plugin for AWS, smaller providers may not have a plugin, making it impossible to manipulate the infrastructure from Terraform. If we already know that the plugin exists, we need to search the documentation or the internet to learn how to utilize the API from Terraform. It usually requires using a token generated in the service we want to manage.
Figure 5: Obtaining a token in AWS service.
Next, we need to know what we want to create. For AWS, for example, we can create an EC2 server instance. To do this, we need to declare three things:
Figure 6: Declaring an EC2 server resource in AWS. AMI represents the server image.
All the parameters that need to be provided in the provider and resource sections depend on the service and provider, so the relevant information should be sought in the documentation.
Basic Commands
If we already have a .tf file with declarations and have completed the previous steps, we need to issue the terraform init command to install the declared plugins.
Figure 7: Initializing Terraform with declared plugins.
Next, we run the terraform plan command, which generates an execution plan. It displays the resources that Terraform will create, modify, or delete. It provides a summary of changes, including displaying any potential errors or conflicts in the terminal, and allows us to review the changes before applying them.
Figure 8: Previewing planned changes, in this case, renaming a server.
Finally, we use the terraform apply command to apply the changes to our infrastructure. Terraform reads the configuration files and applies the changes. If any errors occur during the creation process, Terraform displays error messages, and the apply process is halted.
Figure 9: Applying changes, in this case, changing the server’s name.
When we want to destroy the infrastructure, we can use the terraform destroy command.
Figure 10: Destruction of created resources using terraform destroy.
Summary
Terraform software uses a declarative language to create infrastructure with supported providers. We then use the terraform init, plan, and apply commands sequentially.
Figure 11: Workflow summary, source: brendanthompson.com.
That’s all we have prepared for you this week, but don’t worry because next week there will be another article about Terraform software. If you’re interested in expanding your knowledge in infrastructure management, including security, feel free to join us!
Sources:
User Identity and Access Management – What’s the Deal with IDP?
What user identity is? Why managing access is essential for businesses? How an IDP (Identity Provider) works? You will find the answer to these questions in the article.
Security
Hey, hey... Programmer, this is another article for you! The second part of the article on design patterns. Get to know Adapter and Memento.
Programming
Programmer, this article is for you! Grab a handful of useful information about design patterns.
Programming