Terraform Tutorial - Terraform commands cheat sheet

$ terraform version
Terraform v0.15.0
on darwin_amd64
+ provider registry.terraform.io/hashicorp/aws v3.37.0    

We'll use the following terraform files:

.
├── main.tf
├── providers.tf
└── variables.tf    

main.tf

terraform {
  required_version = ">= 0.12"
}

# 1. Create vpc
resource "aws_vpc" "prod-vpc" {
  cidr_block = "10.0.0.0/16"
  tags = {
    Name = "production"
  }
}

# 2. Create Internet Gateway
resource "aws_internet_gateway" "gw" {
  vpc_id = aws_vpc.prod-vpc.id
}

# 3. Create Custom Route Table
resource "aws_route_table" "prod-route-table" {
  vpc_id = aws_vpc.prod-vpc.id
  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = aws_internet_gateway.gw.id
  }
  route {
    ipv6_cidr_block = "::/0"
    gateway_id      = aws_internet_gateway.gw.id
  }

  tags = {
    Name = "Prod"
  }
}

# 4. Create subnets 
resource "aws_subnet" "subnet-1" {
  vpc_id            = aws_vpc.prod-vpc.id
  cidr_block        = var.subnet_cidr[0]
  availability_zone = "us-east-1a"
  tags = {
    Name = "subnet-1"
  }
}

resource "aws_subnet" "subnet-2" {
  vpc_id            = aws_vpc.prod-vpc.id
  cidr_block        = var.subnet_cidr[1]
  availability_zone = "us-east-1a"
  tags = {
    Name = "subnet-2"
  }
}
 
# 5. Associate subnet with Route Table
resource "aws_route_table_association" "a" {
  subnet_id      = aws_subnet.subnet-1.id
  route_table_id = aws_route_table.prod-route-table.id
}

# 6. Create Security Group to allow port 22,80,443
resource "aws_security_group" "allow_web" {
  name        = "allow_web_traffic"
  description = "Allow Web inbound traffic"
  vpc_id      = aws_vpc.prod-vpc.id
  ingress {
    description = "HTTPS"
    from_port   = 443
    to_port     = 443
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
  ingress {
    description = "HTTP"
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
  ingress {
    description = "SSH"
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"    # any protocol
    cidr_blocks = ["0.0.0.0/0"]
  }
  tags = {
    Name = "allow_web"
  }
}

# 7. Create a network interface with an ip in the subnet that was created in step 4
resource "aws_network_interface" "web-server-nic" {
  subnet_id       = aws_subnet.subnet-1.id
  private_ips     = ["10.0.0.50"]
  security_groups = [aws_security_group.allow_web.id]
}

# 8. Assign an elastic IP to the network interface created in step 7
resource "aws_eip" "one" {
  vpc                       = true
  network_interface         = aws_network_interface.web-server-nic.id
  associate_with_private_ip = "10.0.0.50"
  depends_on                = [aws_internet_gateway.gw]
}

# 9. Create a Ubuntu server and install/enable apache2
resource "aws_instance" "web-server-instance" {
  ami               = "ami-085925f297f89fce1"
  instance_type     = var.ec2_instance_type
  availability_zone = "us-east-1a"
  key_name          = "einsteinish"
  network_interface {
    device_index         = 0
    network_interface_id = aws_network_interface.web-server-nic.id
  }
  user_data = <<-EOF
                #!/bin/bash
                sudo apt update -y
                sudo apt install apache2 -y
                sudo systemctl start apache2
                sudo bash -c 'echo our first web server > /var/www/html/index.html'
                EOF
  tags = {
    Name = var.ec2_instance_name
  }
}

output "my_webserver_public_ip" {
  value = aws_eip.one.public_ip
}

output "my_webserver_private_ip" {
  value = aws_instance.web-server-instance.private_ip
}

output "my_webserver_instance_id" {
  value = aws_instance.web-server-instance.id
}    

providers.tf

provider "aws" {
  region = "us-east-1"
}

variables.tf

variable "subnet_cidr" {
    type = list
    default = ["10.0.0.0/24", "10.0.1.0/24"]
}

variable "ec2_instance_type" {
    type = string
    default = "t2.micro"
}

variable "ec2_instance_name" {
    type = string
    default = "web-server"
}

1. terraform init
   

   Initializing the backend...
   Initializing provider plugins...
   



2. terraform apply
   


3. terraform state list
   

   $ terraform state list
   aws_eip.one
   aws_instance.web-server-instance
   aws_internet_gateway.gw
   aws_network_interface.web-server-nic
   aws_route_table.prod-route-table
   aws_route_table_association.a
   aws_security_group.allow_web
   aws_subnet.subnet-1
   aws_subnet.subnet-2
   aws_vpc.prod-vpc    
   



4. terraform state show
   

   $ terraform state show aws_eip.one 
   resource "aws_eip" "one" {
       associate_with_private_ip = "10.0.0.50"
       association_id            = "eipassoc-0dd0bb9db1ae47090"
       domain                    = "vpc"
       id                        = "eipalloc-083af3a61d30b4a5c"
       network_border_group      = "us-east-1"
       network_interface         = "eni-0cdfe4e326d6a9cb8"
       private_dns               = "ip-10-0-0-50.ec2.internal"
       private_ip                = "10.0.0.50"
       public_dns                = "ec2-107-21-102-150.compute-1.amazonaws.com"
       public_ip                 = "107.21.102.150"
       public_ipv4_pool          = "amazon"
       vpc                       = true
   }
   



5. terraform destroy -target
   To delete a specific resource.

   $ terraform destroy \
   -target aws_instance.web-server-instance \
   --auto-approve
   ws_vpc.prod-vpc: Refreshing state... [id=vpc-049c1374e943a9a98]
   aws_security_group.allow_web: Refreshing state... [id=sg-0d382f2fec57effa3]
   aws_subnet.subnet-1: Refreshing state... [id=subnet-07c5c01b5cc71833c]
   aws_network_interface.web-server-nic: Refreshing state... [id=eni-0cdfe4e326d6a9cb8]
   aws_instance.web-server-instance: Refreshing state... [id=i-054ae5efceb26784c]
   aws_instance.web-server-instance: Destroying... [id=i-054ae5efceb26784c]
   aws_instance.web-server-instance: Still destroying... [id=i-054ae5efceb26784c, 10s elapsed]
   aws_instance.web-server-instance: Still destroying... [id=i-054ae5efceb26784c, 20s elapsed]
   aws_instance.web-server-instance: Still destroying... [id=i-054ae5efceb26784c, 30s elapsed]
   aws_instance.web-server-instance: Destruction complete after 31s
   ╷
   │ Warning: Resource targeting is in effect
   │ 
   │ You are creating a plan with the -target option, which means that the result of
   │ this plan may not represent all of the changes requested by the current
   │ configuration.
   │ 
   │ The -target option is not for routine use, and is provided only for exceptional
   │ situations such as recovering from errors or mistakes, or when Terraform
   │ specifically suggests to use it as part of an error message.
   ╵
   ╷
   │ Warning: Applied changes may be incomplete
   │ 
   │ The plan was created with the -target option in effect, so some changes requested
   │ in the configuration may have been ignored and the output values may not be fully
   │ updated. Run the following command to verify that no other changes are pending:
   │     terraform plan
   │ 
   │ Note that the -target option is not suitable for routine use, and is provided only
   │ for exceptional situations such as recovering from errors or mistakes, or when
   │ Terraform specifically suggests to use it as part of an error message.
   ╵
   
   Destroy complete! Resources: 1 destroyed.
   
   $ terraform destroy -target aws_eip.one
   ...
   Destroy complete! Resources: 1 destroyed.
   



6. terraform destroy
   To destroy everything

   $ terraform destroy
   ...
   Destroy complete! Resources: 8 destroyed.    
   



7. terraform apply -target
   To create a specific resource


8. terraform refresh
   This terraform refresh is always performed before any plan or apply. It updates the state to match the real.

Terraform