KodeKloud Lab: Setting Up Terraform
This page contains lab questions and solutions for setting up Terraform with AWS.
Lab Exercises
Question:
Create an S3 bucket for remote state storage.
Name the bucket my-terraform-state-[your-name-or-unique-string], ensuring it's a globally unique name.
Replace [your-name-or-unique-string] with your name or a unique string. Enable versioning on the S3 bucket and configure it to block all public access, keeping it private.
Solution:
Create a main.tf file in the terraform-projects folder:
resource "aws_s3_bucket" "terraform_state" {
bucket = "my-terraform-state-johndoe123"
}
resource "aws_s3_bucket_versioning" "versioning" {
bucket = aws_s3_bucket.terraform_state.id
versioning_configuration {
status = "Enabled"
}
}
resource "aws_s3_bucket_public_access_block" "block_public_access" {
bucket = aws_s3_bucket.terraform_state.id
block_public_acls = true
ignore_public_acls = true
block_public_policy = true
restrict_public_buckets = true
}
Visual Flow:
mermaid
graph LR
S3[aws_s3_bucket.terraform_state] --> VER[aws_s3_bucket_versioning.versioning]
S3 --> PAB[aws_s3_bucket_public_access_block.block_public_access]
Question:
Configure terraform to use the S3 bucket for state management. Add the required block in a new file called backend.tf.
For key, add terraform-state-file.
Note
Do not apply the file yet.
Solution:
Create the following file titled backend.tf:
terraform {
backend "s3" {
bucket = "my-terraform-state-johndoe123" # Replace with your unique bucket name
key = "terraform-state-file"
region = "us-east-1"
}
}
Visual Flow:
mermaid
graph TD
TF[Terraform CLI] --> |Stores State| S3[(AWS S3 Bucket)]
S3 -.-> |Key: terraform-state-file| OBJ[State Object]
Question:
Store sensitive information securely using AWS Secrets Manager by creating a new secret.
Name the secret my-database-password-<randomString> and store a value "YourSecurePassword".
Warning
Create this secret using the AWS CLI and ensure that the name is unique.
Solution:
Create a secret in AWS Secrets Manager named my-database-password using the command:
aws secretsmanager create-secret --name my-database-password-johndoe --secret-string "YourSecurePassword"
Visual Flow:
mermaid
graph LR
CLI[AWS CLI] --> |create-secret| SM[AWS Secrets Manager]
SM --> |Stores| SEC[Secret Value]
Question:
Using terraform, create an RDS database resource called my_secret_db with the following specs:
- identifier:
rds-db-instance - allocated_storage:
20 - storage_type:
gp2 - engine:
mysql - engine_version:
8.0.43 - instance_class:
db.t3.micro - username:
admin
Utilize the data source aws_secretsmanager_secret_version to retrieve the secret prefixed my-database-password- and use it in the resource as password.
Initialize the repository, generate an execution plan and apply the configuration.
Solution:
Append the following content to the main.tf file:
data "aws_secretsmanager_secret_version" "database_password" {
secret_id = "my-database-password-johndoe"
}
resource "aws_db_instance" "my_secret_db" {
identifier = "rds-db-instance"
allocated_storage = 20
storage_type = "gp2"
engine = "mysql"
engine_version = "8.0.43"
instance_class = "db.t3.micro"
username = "admin"
password = data.aws_secretsmanager_secret_version.database_password.secret_string
}
Run:
Visual Flow:
mermaid
graph TD
SM[AWS Secrets Manager] --> DS[data.aws_secretsmanager_secret_version]
DS --> |Password Value| RDS[aws_db_instance.my_secret_db]
End-to-End Dependency Flow (DAG):
```mermaid graph TD subgraph "S3 Backend Infrastructure" S3[aws_s3_bucket.terraform_state] --> VER[aws_s3_bucket_versioning.versioning] S3 --> PAB[aws_s3_bucket_public_access_block.block_public_access] end
subgraph "Secrets & Database"
CLI[AWS CLI: create-secret] -.-> |Created Externally| SM[AWS Secrets Manager]
SM --> DS[data.aws_secretsmanager_secret_version.database_password]
DS --> RDS[aws_db_instance.my_secret_db]
end
RDS -.-> |Uses State| S3
```
Graph Legend
- Solid Arrow: Implicit dependency (Terraform resource reference).
- Dotted Arrow: Logical dependency (external creation or state usage).