Attach IAM role to Amazon EC2 instance using Terraform

November 16, 2021March 14, 2023 ~ sourav kundu ~ 4 Comments

I have a reasonable level of understanding of the relationship between AWS Identity and Access Management (IAM) policy, role, user, and group. I have also implemented the concept of assumed-role and the trusted and trusting account association. You can read more about that at -Creating IAM assume-role relationship between two AWS accounts. So, when I … Continue reading Attach IAM role to Amazon EC2 instance using Terraform

Working with Amazon EC2 user data and Terraform

November 7, 2021March 14, 2023 ~ sourav kundu ~ 5 Comments

User data is a feature that allows customization of Amazon Elastic Compute Cloud (virtual machine) when it is created and (if desired) with each restart after being provisioned.As we all know, Amazon EC2 (virtual machines) is the legacy approach to hosting applications in the world of containers. Last year I attended a webinar sponsored by … Continue reading Working with Amazon EC2 user data and Terraform

Create Amazon EC2 using Terraform

November 1, 2021March 14, 2023 ~ sourav kundu ~ 1 Comment

One of the first components I created on the AWS cloud was an Amazon Elastic Compute Cloud (Amazon EC2) instance by watching hands-on tutorials. Little did I know about the infrastructure bits that went behind that. In this note, I list the AWS infrastructure and the configurations I created to host an Amazon EC2 instance … Continue reading Create Amazon EC2 using Terraform

Strengthen security posture with Terraform and AWS IAM to manage AWS cloud resources

Is Terraform using an AWS IAM administrator user credential to manage AWS resources?

September 26, 2021March 13, 2023 ~ sourav kundu ~ Leave a comment

Terraform uses AWS IAM user credentials to manage resources in the AWS cloud. It does so by utilizing the secret key and access key of the IAM user. Hence, Terraform's ability to manage (create/update/delete) resources depend on the permission associated with the AWS IAM user. When I started working with Terraform to manage resources in … Continue reading Strengthen security posture with Terraform and AWS IAM to manage AWS cloud resources

Terraform remote state file as a data source to support a layered IAC approach

September 14, 2021March 13, 2023 ~ sourav kundu ~ 1 Comment

A few months back, I came across an interesting concept of deploying infrastructure in a layered fashion, and I wish I had the URL saved to refer to it again. Nevertheless, the gist of the idea was that you could build an application product environment by deploying layer after layer of infrastructure. A layer of … Continue reading Terraform remote state file as a data source to support a layered IAC approach

Static analysis with Checkov, Terraform, and Azure Pipelines

August 28, 2021March 13, 2023 ~ sourav kundu ~ Leave a comment

As the name suggests, Static analysis is the ability to scan software code to search and highlight deviations from specified standards. The purpose of static code analysis is to speed up the feedback process of developing software or infrastructure. In general, once code is merged/committed to a repository, failures/defects/bugs are identified during the following stages: … Continue reading Static analysis with Checkov, Terraform, and Azure Pipelines

VPC Peering using Terraform across separate AWS accounts

August 24, 2021March 13, 2023 ~ sourav kundu ~ 1 Comment

A few weeks ago, I created a peering relationship between two Amazon VPCs that belonged to separate AWS accounts using Terraform. This note captures my learning from that exercise. But before I do so, let me briefly give an overview of VPC peering and then walk through the process of creating one. Per AWS, "Amazon … Continue reading VPC Peering using Terraform across separate AWS accounts

Working with Terraform tags

August 3, 2021August 3, 2021 ~ sourav kundu ~ Leave a comment

A few months back, HashiCorp released a new feature in Terraform provider version 3.38.0 where they introduced default tags. Tags have been a helpful feature while working with a cloud provider because it allows one to quickly and (depending on one's tagging strategy) uniquely identify a cloud resource. Terraform, as we know, is an infrastructure … Continue reading Working with Terraform tags

What is terraform import and why you too should know about it

July 31, 2021March 13, 2023 ~ sourav kundu ~ 1 Comment

We want to do it right and do it right the first and every time, whether it is learning to play the guitar or to create software. Or whether it is creating a version-able, re-usable, repeatable, and testable approach to provisioning infrastructure on the cloud. AKA infrastructure as code. And by the way, before you … Continue reading What is terraform import and why you too should know about it

YAML based Azure Pipeline approach for CI/CD of Terraform workspace

July 18, 2021 ~ sourav kundu ~ 3 Comments

This note is a short addition to the last post -CI/CD of Terraform workspace with YAML-based Azure Pipelines. At the end of that article, I mentioned a few alternate routes regarding YAML-based Azure Pipelines, which I will be covering here. So that we are on the same page, I broke down the build pipeline into … Continue reading YAML based Azure Pipeline approach for CI/CD of Terraform workspace