CategoryDevOps
Date Published
April 4, 2022

Infrastructure-as-Code Pipeline for Terraform using AWS Developer Tools

Our Lead DevOps Engineer, Talib Idris, shows the importance of understanding AWS Developer tools, and how they can be applied to Terraform when building infrastructure-as-code pipelines. Checkout our DevOps themed article below, including step-by-step instructions that you can follow to achieve the same effect.

What is Infrastructure-as-Code (IaC)?

Infrastructure as code is the provisioning and management of infrastructure such as Physical servers, virtual machines, routers, firewalls and load balancers through code rather than through manual processes or GUIs.

This practice introduces benefits usually reserved for software development to infrastructure configuration and management. For example, the ability to track and manage changes to software code via version control systems (e.g. Git) can be extended to infrastructure allowing a team of DevOps Engineers to collaborate on deploying and managing infrastructure at scales not previously possible with error-prone manual configuration.

Other benefits of IaC include Increased deployment speeds, cost reduction, eliminating/detecting configuration drift and enabling cloud migrations.

Figure 1 – AWS IaC pipeline for Terraform

Why have a pipeline?

A key benefit of Infrastructure-as-code that we have yet to mention is Automation. Now that we have the ability to represent our infrastructure, logically introducing a pipeline ensures that the process can be automated, leading to reduction in human error.

In software development, a pipeline directs CI/CD process as our infrastructure code can go through the same processes of building, testing and deployment.

What is Terraform?

Figure 2 – Terraform by HashiCorp

Terraform is a popular open-source infrastructure as code tool developed by HashiCorp that enables you to define your infrastructure in a configuration language (HCL) and manages the logical dependencies between infrastructure components.

Figure 3 – Snippet of code showing basic configuration of an AWS EC2 instance with Terraform

Terraform works across multiple vendors and cloud providers allowing you to manage inter-connected hybrid environments from a single code base. Terraform is extensible with concepts such as modules allowing you to create reusable stacks of infrastructure with best practice and security already baked in.

What are AWS Developer Tools?

Amazon Web Services offers customers through the AWS developer tools an integrated suite of services that deliver functionality necessary for software development from SDKs to Code editors. This set of tools allows you to host, build, test and deploy your applications – or in our case: your Infrastructure code – quickly and effectively while leveraging the scalability, reliability and economics of the AWS Cloud.

Let’s have a quick look at the AWS services we’ll be leveraging in creating our IaC pipeline:

CodeCommit

AWS CodeCommit is a secure, highly scalable, managed source control service that allows you to host private Git repositories. This is where our terraform code will be stored and managed. Code eliminates the need for us to worry about hosting your own source control servers. Access is also secured automatically thanks to the integration with the AWS Identity Access Management service.

CodeBuild

AWS CodeBuild is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy. With Terraform there is now source code to compile we will use code build to run the individual stages in our pipeline.

CodePipeline

To create a pipeline out of individual CodeBuild stages we can take advantage of CodePipeline. AWS describes CodePipeline as a “a fully managed continuous delivery service that helps you automate your release pipelines for fast and reliable application and infrastructure updates.”

Pipeline tools

Terraform commands
Terraform Commands will be the main steps of our pipeline tools used.
Terraform init: This is a command used to initialise a directory containing Terraform configuration files. It runs several different tools.

Terraform fmt: This is a command used to rewrite Terraform configuration files to a canonical format and style, based on the Terraform language style conventions. This can also be configured to run locally as a pre-commit hook before your code is saved to the repo.

Terraform validate: The terraform validate command runs checks to verify whether the set of config files are syntactically correct and consistent, but does not attempt to access the remote state or AWS APIs.

Terraform plan: The terraform plan command creates an execution plan, which lets you preview the changes that Terraform plans to make to your infrastructure.

Terraform apply:

TFSec
TFSec is a static analysis security scanner for your Terraform code.

Terratest

Terratest is a Go library that provides patterns and helper functions for testing infrastructure, with 1st-class support for Terraform and AWS.

TFLint
TFLint is a Linter for Terraform. In software development a linter is a tool that analyses your source code to identify errors. TFLint has AWS plugins that can be used to detect issues like illegal instance types, deprecated syntax and unused declarations.

Getting started

1. Create a repository in CodeCommit to store our Terraform code. This can be done from the AWS Console under Developer Tools > CodeCommit > Repositories.

Or via the AWS CLI using the command below:

To access the repository from your Git client you will need to set up credentials via IAM.

2. Create your build stages in CodeBuild as individual build projects in the AWS Console under Developer Tools > CodeBuild > Build projects > Create build project.

Or via the AWS CLI using the commands below:

3. Create your pipeline in CodePipeline with your build stages and CodeCommit source:

To add the manual approval stage edit your pipeline to add the an additional stage:

Add and action to the Stage with the manual approval Action provider:

AWS Developer tools provide an excellent set of fully integrated tools that allow you to quickly and repeatably create infrastructure-as-code pipelines.